Welcome, Guest |
You have to register before you can post on our site.
|
|
|
Welcome Guest!
|
Welcome to the Promo2day Community, where we feature software giveaways, computer discussion, along with a fun, safe atmosphere! If your reading this it means you are not yet registered.
You will need to Register before you can make posts, chat or enter the forum giveaways.
Be sure to also visit the Help/FAQ page.
|
U.S. Secret Service Kickstarts Operation Targeting Gas Station Card Skimmers |
Posted by: mrtrout - 11-26-2018 , 04:19 AM - Forum: Security News
- No Replies
|
|
https://news.softpedia.com/news/u-s-secr...pd_related U.S. Secret Service Kickstarts Operation Targeting Gas Station Card Skimmers
200 skimmers already found after searching 400 as stations
Nov 23, 2018 19:33 GMT · By Sergiu Gatlan · Comment · Share:
Gas station card skimmer
The U.S. Secret Service announced the start of a new operation called "Operation Deep Impact" designed to hunt down and remove credit card skimmers from fuelling station pumps all across the U.S.
"More than 400 gas stations in 16 states have already been searched and nearly 200 skimmers recovered from pumps," says the press release (PDF).
"Secret Service agents, in partnership with fuel companies and law enforcement, will continue to locate and recover illegal credit card skimming devices throughout the holiday."
As detailed by the Secret Service, skimming is a method used by crooks to lift encrypted information from customers with the help of specially crafted electronic devices named skimmers.
The skimmers are designed to be embedded within the body of fuelling pumps, and they steal the data sent by a client's credit card when contacting the bank servers during the payment procedure.
"Operation Deep Impact" already helped customers avoid $6 million in losses
The Secret Service says that gas stations are a top target for bad actors who use skimmers to steal credit cards because of a large number of customers using them and the low risks of being discovered involved in installing the skimmers and recovering them to collect the stolen data.
"An estimated 54 million Americans will travel across town or across the country for Thanksgiving, and while doing so, many will buy gas for their cars," said the Secret Service. "These annual increases in motor travelers on the road during holidays mean bigger paydays for card-skimming financial criminals who target victims at fueling stations."
"Operation Deep Impact" is the fourth such operation conducted by the Secret Service during 2018 and, until now, it is also the most successful with roughly $6 million in losses having been prevented already.
The other three card skimming crackdown operations of the year started right before Independence Day, Memorial Day, and Labor Day, three other holidays when high numbers of customers are impacted by a higher risk of having their cards skimmed while fueling their cars.
Detailed information on how to detect credit card skimmer devices when fueling your car and on what to do if your credit card has been compromised by skimmers is available on U.S. Federal Trade Commision's website.
|
|
|
DoS Vulnerabilities Found in Linux Kernel, Unpatched |
Posted by: mrtrout - 11-26-2018 , 04:15 AM - Forum: Security News
- No Replies
|
|
https://news.softpedia.com/news/dos-vuln...pd_related DoS Vulnerabilities Found in Linux Kernel, Unpatched
Local attacks could trigger DoS state via crafted sys calls
Nov 23, 2018 21:26 GMT · By Sergiu Gatlan · Comment · Share:
Vulnerable Linux distros
Two denial-of-service (DoS) vulnerabilities found in the Linux Kernel by contributor Wanpeng Li could allow local attackers to exploit null pointer deference bugs to trigger DoS conditions.
The first vulnerability, which received the CVE-2018-19406 ID in the Common Vulnerabilities and Exposures database, resides in the kvm_pv_send_ipi function of the Linux kernel, defined in the arch/x86/kvm/lapic.c file.
CVE-2018-19406 affects Linux kernel version up to 4.19.2, and it allows potential attackers with local access to the vulnerable machine to trigger a DoS state using specially crafted system calls that "reach a situation where the apic map is uninitialized."
Moreover, the issue is triggered because the Advanced Programmable Interrupt Controller (APIC) map fails to initialize correctly.
"The reason is that the apic map has not yet been initialized, the testcase triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map is dereferenced," says Li in his advisory.
Public exploit code already available for CVE-2018-19407
The second vulnerability found by Li can also be exploited only by attackers that have physical access to the vulnerable Linux machine.
The issue got assigned the CVE-2018-19407 ID by the CVE database, and it is present in the kvm_pv_send_ipi function kernel function that can be found in the Arch/x86/kvm/lapic.c source code file.
Local attackers can exploit this issue by submitting maliciously crafter system calls to trigger a NULL pointer deference condition because the I/O Advanced Programmable Interrupt Controller (I/O APIC) fails to initialize.
"The reason is that the testcase writes hyperv synic HV_X64_MSR_SINT6 msr and triggers scan ioapic logic to load synic vectors into EOI exit bitmap," according to Li's description of the issue. "However, irqchip is not initialized by this simple testcase, ioapic/apic objects should not be accessed.
Although public exploit code is already available for the CVE-2018-19407 security bug, there is no known way to mitigate the issue.
|
|
|
New Crypto-Miner Attacks Linux Machines, Kills Other Miners and Anti-Malware |
Posted by: mrtrout - 11-26-2018 , 04:02 AM - Forum: Security News
- No Replies
|
|
https://news.softpedia.com/news/new-cryp...3958.shtml New Crypto-Miner Attacks Linux Machines, Kills Other Miners and Anti-Malware
Self-propagates to other network devices using SSH
Nov 23, 2018 21:44 GMT · By Sergiu Gatlan The Russian Dr.Web anti-malware maker discovered a new Linux threat embodied by a Trojan designed to work as a crypto-miner and as a dropper for some other nasty malware payloads such as DDoS backdoors and rootkits.
The new Trojan strain named Linux.BtcMine.174 by the Dr.Web team is a heavy 1,000-line shell script which comes with multiple modules that it will download and write to any folder with write permissions on the infiltrated Linux box.
Once it has managed to dump the extra malware payloads on the compromised machine, Linux.BtcMine.174 will use the nohup POSIX utility to launch itself as a daemon, redirecting its output to a nohup.out file to make detection more difficult.
After installing itself as a service, the Trojan downloads a Linux.BackDoor.Gates.9 Trojan payload that makes it possible for its masters to control the compromised machine and use it to execute DDoS attacks.
Because after compromising its Linux targets the Trojan is running under the privileges of the current user, almost never an administrator account, Linux.BtcMine.174 uses exploits such as Linux.Exploit.CVE-2016-5195 (known as DirtyCow) and Linux.Exploit.CVE-2013-2094 to escalate its privileges and completely take over the Linux machine.
As soon as it gets root privileges on the infected device, starts hunting for any AntiMalware solutions, killing their processes when found and going even further by completely uninstalling them using a package manager.
Linux.BtcMine.174 also steals root passwords and auto-propagates itself via SSH
The Trojan will also hunt down any crypto miners it can find running on the machine, terminating their processes on sight to avoid sharing the system's computing resources. Once it's done "cleaning" the device of any mining competitors, Linux.BtcMine.174 will download a Monero (XMR) mining script and start working.
After the mining process has started, the malware will make sure that it keeps going at all times, checking its heartbeat every few minutes in an infinite loop and restarting it whenever needed.
To make things even worse for its victims, the Trojan will also add itself to the machine's Autorun and download a rootkit capable of hiding files anywhere on the system and, more importantly, stealing "user-entered passwords for the su command."
During the final stage of the infection process, the Linux.BtcMine.174 Trojan starts looking around for all the hosts available on the network that the compromised machine's owner has connected to in the past using SSH and tries connecting to and infect each of them.
More details regarding the inner workings of the new Trojan strain targeting Linux systems are available in Dr.Web's virus database, while a full list of all found indicators of compromise is ready for access on GitHub.
|
|
|
6 common VPN myths debunked |
Posted by: tarekma7 - 11-25-2018 , 06:31 PM - Forum: Guides, Tips & Tricks
- No Replies
|
|
Quote:VPNs aren’t understood nearly as well as they should be, given the growing prevalence of cybersecurity threats and massive corporate data breaches. There are certain VPN myths that are far too common, which is why I’d like to set the record straight!
1. Why should I pay for a VPN? I’ll just get a free one!
If Google’s growing data empire and the huge Cambridge Analytica scandal at Facebook haven’t given you a clue, let me spell it out for you: when a for-profit company provides you with a service for free, that’s because they are using you to make money. You are the product, not the customer. Don’t forget this rule if you’re weighing the benefits of a free VPN vs. a paid one. How a free VPN makes money depends on their sense of ethics, but none of the potential solutions bode well for your online security. The most common methods involve carefully logging your traffic and then injecting ads into whatever you do online or simply selling that data to third parties. Less scrupulous free VPNs have even sold their users’ bandwidth to corporations and hackers or used their access to deliver malware. Free VPNs also usually offer fewer features and don’t work as well as premium VPNs do. They usually support less staff and can’t release frequent updates to stay on top of the latest cybersecurity trends. Premium paid VPNs answer to customers, not advertisers, so they have a stronger motivation to deliver a product that works.
2. A VPN will make my internet too slow to use
It’s true that a VPN can slow down your internet speed, but it doesn’t have to. The severity of the slowdown also depends on the settings you choose and on your VPN speed, but it will usually be too small to notice if you’re just browsing online. It’s natural for a VPN to reduce the speed of your internet access by some small amount, since your traffic has to be encrypted and then decrypted before it gets anywhere. Another source of additional latency will be the server your traffic has to visit to be decrypted, but depending on the country you choose, you may not notice any difference at all. If you proxy your traffic through a country on the other side of the world, your latency will definitely take a hit. If you select your own country, however, the slowdown will probably barely be noticeable. There are also a few scenarios in which you might experience a speedup. To throttle data, ISPs have to see your actual traffic, which they can’t do when it’s encrypted. If they’re prevented from throttling, that means higher internet speeds for you. In rare cases, your VPN might actually take your traffic on a more efficient route than your ISP would – especially if your ISP is sending your traffic somewhere it shouldn’t be sending it.
READ THE FULL ARTICLE HERE
|
|
|
SecureAPlus Freemium Giveaway - 18 month licenses |
Posted by: Mike - 11-25-2018 , 04:08 PM - Forum: Personal Giveaways
- Replies (6)
|
|
Quote:SecureAPlus is a PC security solution that’s guaranteed to protect you from all of today’s digital threats, such as malware and viruses. Download it for free today at www.SecureAPlus.com
Not just an Anti-Virus: The powerful Application Whitelisting technology ensures that only applications that you trust are run by your computer. All malicious attacks that slip by unwary users are always detected and initially blocked. It puts you, not anyone else, in control.
More than 10 Anti-Viruses: Combining the power of more than 10 industry standard commercial Anti-Viruses, rest assured that you have a comprehensive virus and malware library that boasts one of the highest detection rates possible.
It’s surprisingly fast and light too. By leveraging the power of the cloud, it barely uses your local hardware, so you can save it for more important things like work or play
I have 5 SecureAPlus Freemium license codes each good for 18 months for this giveaway. I will give these away to the first 5 members that will use them. Just reply below in this thread.
|
|
|
Panda Cyber Monday Deals |
Posted by: Mike - 11-25-2018 , 01:29 PM - Forum: Hot Deals & Discounts
- No Replies
|
|
Quote:CYBER MONDAY ONLINE DEALS!
It’s time to get the best online deals this Cyber Monday! We’re glad to present to you our offers for this special day! New customers can get our best antivirus protection for 60% off to live their digital lives more safely. Panda protects you at all times, everywhere, and on any device, by taking advantage of the benefits offered by cloud security. Enjoy the key features and improvements of our antivirus protection: central management systems, additional anti-theft capabilities, and additional privacy protection for Android devices with App Lock, etc. These unique features have greatly improved user experience. But we haven’t forgotten our existing customers! Today only, you can renew your antivirus protection and save up to 60%!
Visit Here
|
|
|
DVD Fab Cyber Monday up to 80% OFF on Selected Products |
Posted by: Mike - 11-25-2018 , 12:45 PM - Forum: Hot Deals & Discounts
- No Replies
|
|
Quote:
The craziest Monday of the year
Are you still lulled in the scent of the Black Fridays? You do not, for the Cyber Monday is even crazier, with the best offers for you:
• 10% discount on renewal orders
• 30% discount on the All-In-One Lifetime Gift - 20-in-1 bundle plus 4TB WD My Passport portable drive (only 10 available), and € 25 Amazon gift card and a 5-computer license as gift.
• 40% discount on BD / UHD / video / playback products
• 50% off DVD products
• 80% discount on YouTube to MP3
Win a $ 199 Razer Huntsman Elite Keyboard
In this round of our Happy Monkey competition, there is next to a DVDFab software product,a DF. To win long sleeve hoodie, and a store voucher, a $ 199 Razer Huntsman Elite Mechanical Keyboard ... Do not miss the chance!
https://www.dvdfab.cn/promotion.htm
|
|
|
'Yellow vests' set the guillotine: |
Posted by: Bjyda - 11-25-2018 , 12:43 PM - Forum: Off Topic Chat
- No Replies
|
|
Home Events 'Yellow vests' set the guillotine: 'Macron does not want to give up, so we decided to judge him in an old fashioned way'
EVENTS 'Yellow vests' set the guillotine: 'Macron does not want to give up, so we decided to judge him in an old fashioned way.' Lis 25, 2018, 11: 265720
- Macron does not want to give up, so we decided to judge him in an old fashioned way. Perhaps this is a mean one, but it is difficult to remain calm in relation to the people who despise us - the setting of the guillotine created by the protesters against President Macron's policy was explained by Laurent from Le Puy-en-Velay in the Auvergne-Rhone-Alpes region, in the department of Upper Loire .
He admits in a conversation with the regional portal lacommere43.fr that the 'yellow vests' standing next to the guillotine appreciate the support received by truck drivers and drivers.
- For 10 cars, drivers 8 or 9 encourage us. Some give us money to provide us with coffee or something to eat.
Guillotines also appeared in several other places.
- When the French want to remind those in power, that they are their representatives, not the masters ... they have a few powerful symbols - writes a woman who shows the execution tool supposed to be in Paris.
During the French Revolution, the guillotine was refined and used on a large scale as a standard tool for executing executions throughout France. In this way, the guillotine became a symbol of terror from the French Revolution. The name of the guillotine comes from the name of the originator of the device, a deputy to the National Assembly from Paris and the surgeon Joseph Ignace Guillotina. The last execution in the history of the guillotine took place in France on September 10, 1977, when the Tunisian immigrant Hamida Djandoubi was executed for the murder of the Frenchwoman.
For : lacommere43.fr
|
|
|
|