Thursday, 15 March 2018

DuckDuckGo Starts Privacy Contest With $ 500,000 Prize Money

Privacy search engine DuckDuckGo has started a contest with which organizations that use privacy can win all sorts of cash prizes. The competition will be held on the crowdfunding platform CrowdRise. The organization that gets the most money between 13 March and 10 April will receive the top prize of 50,000 dollars. A total of 253,000 dollars was reserved for the sixteen best participants.

In addition, there is 247,000 dollars that is distributed through the weekly bonus challenges . A total of 20 organizations participate in the competition, including the Freedom of the Press Foundation, the Tor Project , Let's Encrypt, Tails and Bits of Freedom. Since the start of the game yesterday, a total of $ 4219 in donations has been raised and the Center for Democracy and Technology has topped $ 1130.

Google Removed 3.2 Billion Malicious Ads In 2017

Last year, Google removed more than 3.2 billion malicious ads because they tried to infect Internet users with malware, went to phishing sites, committed advertising fraud, or for other reasons - more than 100 ads removed per second.

For example, 79 million advertisements were removed because they sent internet users to websites with malware. Google removed another 48 million ads because they let users install unwanted software. Furthermore, 66 million "trick-to-click" ads were removed. In addition to advertising, 320,000 of the advertising network were also banned and Google decided to blacklist 90,000 websites and 700,000 mobile apps.

Registry Key No Longer Required For Windows 10 Updates

Users of Windows 10 no longer need a specific registry key to receive security updates, Microsoft announced. The reason for the mandatory registry key was a compatibility problem with various anti-virus products that can provide a blue screen of death (BSOD).

To stop these problems from incompatible anti-virus products, Microsoft security updates from January 3 and beyond were only offered to systems that had a compatible virus scanner. Anti-virus vendors had to confirm to Microsoft that their software was compatible with January and beyond security updates, which was added to the Windows Registry by adding a special registry key. In case the virus scanner did not enter this registry key, users no longer received updates and were vulnerable to attack. When users did not run a virus scanner, Microsoft advised to manually enter the registry key to receive the January and after updates.

Now Microsoft's John Cable reports that there is no longer a check on the compatibility of anti-virus programs. All Windows 10 machines will therefore receive the March security updates as well as the previously released updates for the Spectre and Meltdown attacks, regardless of whether they have the previously required registry key. In the coming weeks, Microsoft will provide more information about the compatibility of anti-virus software on older Windows versions.

Meltdown Update For 32-Bit Versions Windows 7 and 8.1

Microsoft released two months after the unveiling of the Spectre and Meltdown attacks , which should protect users of the 32-bit versions of Windows 7 and Windows 8.1 against Meltdown. In addition, Intel microcode updates for various Intel processors have been rolled out.

At the beginning of January, the software giant already released security updates for the 64-bit versions of Windows. A Meltdown update for the 32-bit versions of Windows 10 followed on 18 January. Microsoft now announced that security updates for the 32-bit versions of Windows 7 and Windows 8.1 have also been made available to protect users from the Meltdown attack.

To be fully protected against Spectre and Meltdown attacks, systems require both software and firmware (microcode) updates, Microsoft said. That is why in early March it started to offer microcode updates from Intel via the Microsoft Update Catalog . Initially, it concerned updates for systems that have a Skylake processor and run the Windows 10 Fall Creators Update. Now, Microsoft has also made updates for Kaby Lake and Coffee Lake processors on the same platform.

Microsoft: Shift From Ransomware To Cryptominers

Millions of computers have come into contact with cryptominers in recent months, while the number of cases of ransomware has declined, according to Microsoft today. From September last year to January of this year, an average of 644,000 unique Windows computers were detected each month and encountered a cryptominer.

This involves malware that can be installed on the computer in various ways and allows the system to mine cryptocurrency. While there is a clear increase in the number of cryptominers, the number of computers encountered by ransomware is decreasing. A possible reason is that cryptominers are now also distributed via exploit kits, as well as via malicious e-mail attachments.

"It is unlikely that cyber criminals will completely abandon ransomware in the short term, but the increase in trojanised cryptominers shows that attackers are exploring the possibilities of illegally earning money with this newer method," said Eric Avena of Microsoft. Because cyber criminals now choose more for cryptominers, this malware will also take over the behavior of already known threats, according to Avena. As an example, he points to the NeksMiner, who places a copy of himself in shared network folders and on USB sticks to propagate further, like all kinds of other malware.

Mozilla Is Considering Blocking In-Page Pop-Ups In Firefox

Mozilla is collecting a dataset of in-page pop-ups in order to automatically block them in Firefox. In-page pop-ups are pop-ups that show pages at different times, such as when loading the website, scrolling, inactivity or opening a tab.

Experiments are now being done with a pop-up blocker to close these pop-ups automatically. For this Mozilla is working on a collection of such pop-ups. Internet users can report this via this page . The dataset is only needed to train the pop-up blocker. The plan is to be able to block them automatically without having a complete blocklist. Whether the feature also comes is still unclear. Firefox developer Ehsan Akhgari says on Twitter that Mozilla is exploring it as a possible Firefox feature.

Wednesday, 14 March 2018

Researchers Let Malware Send Data Via Loudspeakers

Researchers at Ben-Gurion University have developed malware that can steal data from systems that are not connected to the internet via passive loudspeakers. Because of the risk of attacks, it is a lot of advice to not connect computers with confidential data to the internet.

This is also called an air gap. An offline computer can still be infected, for example via USB sticks or a malicious employee. In order to steal data from an infected offline computer, Ben-Gurion University researchers have developed various methods in the past, such as the use of speakers , air conditioning , sound from the hard disk , fans , radio waves , infrared cameras , scanners , heat emitted. , usb radiation , mobile phones , hard drive lights and router lights to return the data directly to the attacker or via an infected computer or smartphone connected to the Internet.

The researchers are now demonstrating a new method called Mosquito ( pdf ) in which "speaker-to-speaker" communication is used to steal data from a computer that is not connected to the internet. The scenario that the researchers sketch consists of a room with two computers, one of which is and one is not connected to the internet. Both computers are infected with malware and have passive speakers or headphones. The malware then exploits a feature of the audio chip that changes the connected speakers of output device into an input device (microphone).

Malware on one computer can then transmit information via the speakers and the use of ultrasonic waves that are collected by the speakers of the other computer, which have in fact become a microphone. In this way it is possible to send data at a speed of 10 - 166 bits / sec at a distance of 9 meters between the computers. If headphones are used instead of loudspeakers, a distance of 3 meters is possible.

The researchers state that in heavily guarded settings it is common to ban both active and passive loudspeakers, in order to create an air gap. Less stringent rules prohibit the use of microphones, but allow the use of "one-way" speakers. In many cases, the policy and security measures do not apply to modern headphones, which are basically non-powered and unenhanced loudspeakers. Mosquito could be effective in these situations.

To prevent such attacks, organizations can take various measures, such as prohibiting the use of speakers, headphones or earphones, using active speakers, disabling the audio codec in the bios, detecting ultrasonic transmissions, and using low-pass filters.

Mozilla: Many Popular Websites With Symantec Certificates

There are still many popular websites with Symantec certificates that will soon no longer be trusted by Firefox and will cause an error message, as Mozilla has warned. It is about 1 percent of the Top 1 million most popular websites on the internet, which amounts to about 10,000 sites.

These websites use a tls certificate issued by Symantec to encrypt traffic to and from their visitors. Due to various incidents with tls certificates issued by Symantec, browser developers have decided to cancel the trust in Symantec certificates. This will take place in phases, with all Symantec certificates issued before 1 July 2016 no longer being trusted.

Google will implement this measure next month with the launch of Chrome 66. Mozilla will follow Firefox 9 on May 9. With the launch of Firefox 63 in October this year, trust in all Symantec certificates will be canceled regardless of issue date. Users who receive a certificate warning when visiting a website can ignore them and still reach the website, Mozilla explains, but security experts advise internet users never to ignore such warnings and not to visit the website in question. Distributed Malware That Steals Bitcoins

The popular download site has been distributing malware for years that bitcoins from internet users have been stolen, anti-virus company ESET says today. The malware was hidden in bombarded applications called Disk Imager, Code :: Blocks and MinGW-w64.

The infected version of Disk Imager has been available on since May 2016 and was downloaded over 4500 times during that time. Code :: Blocks has been on since June 2016 and was removed from the website last year by Cnet, owner of However, the program had already been downloaded 104,000 times. The number of downloads of MinGW-64, which was also on the website since 2016, amounted to just under 500.

The malware in the three programs was developed to steal bitcoins. Bitcoin users who want to make a payment or transfer money to another wallet often copy the wallet address of the beneficiary and then paste it into a field on the transaction page. At that moment the wallet address is in the clipboard of the computer.

The malware monitors the clipboard on infected computers and when it sees that a user is copying a wallet address, it changes this address. If the user then wants to paste the wallet address onto the transaction page, he will paste the custom wallet address and transfer money to the wrong party. The bitcoin address that the malware uses would have received a total of 8.8 bitcoin, which is currently 62,000 euros. After being informed, Cnet has removed the infected programs. It is not the first time that is in the news due to malware being offered.

Dofoil Malware (Smoke Loader): Infected MediaGet Update After Recent Cryptominer Outbreak

An infected update for the torrent client MediaGet is responsible for the large cryptominer outbreak that Microsoft warned last week. The software giant quickly discovered 400,000 cases of Dofoil malware on computers, which eventually downloaded the cryptominer.

Following screenshot is Dofoil Malware Timeline:

The cryptominer uses the computational power of the infected computers to mine cryptocurrencies. In particular computers in Russia, Turkey and Ukraine were affected by the malware. Dofoil, also known as Smoke Loader, normally spreads via infected e-mail attachments and exploit kits. Striking in the outbreak last week was that most infected files came from a process called mediaget.exe. MediaGet is a program to download torrents. In this case, the malware was not downloaded via infected torrents, but from the program itself.

Further research showed that it was a carefully planned attack, according to Microsoft . The attackers distributed an infected user update from February 12 to February 19 this year via the MediaGet update servers. This update installed a backed up version of the torrent client. From March 1 to March 6, this backdoor was then used to install malware among users. Microsoft says it has shared information with the MediaGet developers, but they have not yet reported the incident on their website.

Privacy OS Tails Introduces Screen Lock

A new version of the privacy-oriented operating system Tails has been released that now also offers users the possibility to lock their screen. When users have set an administrator password, they can unlock the screen.

Otherwise, a separate password can be set for the first time the screen is locked. Furthermore, Tails 3.6 contains various upgrades, security updates and other adjustments. Tails stands for The Amnesic Incognito Live System and is a fully Linux-based operating system that contains all kinds of tools to anonymously use the internet. It can be used from a DVD or USB stick and is recommended by various civil rights movements and privacy experts. Some 22,000 people use Tails every day.

Monday, 12 March 2018

Android Manufacturer: Included Malware Is False Alarm

The Chinese manufacturer of Android devices Leagoo has removed to anti-virus company Doctor Web, which claimed that the manufacturer supplied devices with malware. The virus fighter claimed that it had found the Triada Trojan in the firmware of more than 40 models , including that of Leagoo.

The malware, which can download and execute additional malware and apps, without users knowing this, turned out to be present in a custom Android system library. This system library is used by all Android apps, which means that the malicious code is present in the memory of all running apps. According to Doctor Web, the malware was added at the request of a Leagoo partner and the manufacturer made this request.

Leagoo says in a statement that it is a false alarm. "The problem with the" virus warning "on Leagoo phones is mainly caused by differences in the virus detection of Chinese and foreign anti-virus software", according to the manufacturer. Leagoo states that all phones are scanned for malware by "top Chinese anti-virus software" to ensure that all devices are virus-free. In the future, Leagoo will also use "foreign algorithms" during scanning to prevent new virus warnings.