https://news.softpedia.com/news/u-s-secr...pd_related      U.S. Secret Service Kickstarts Operation Targeting Gas Station Card Skimmers
200 skimmers already found after searching 400 as stations
Nov 23, 2018 19:33 GMT  ·  By Sergiu Gatlan ·  Comment  ·  Share:                  
Gas station card skimmer
The U.S. Secret Service announced the start of a new operation called "Operation Deep Impact" designed to hunt down and remove credit card skimmers from fuelling station pumps all across the U.S.

"More than 400 gas stations in 16 states have already been searched and nearly 200 skimmers recovered from pumps," says the press release (PDF).

"Secret Service agents, in partnership with fuel companies and law enforcement, will continue to locate and recover illegal credit card skimming devices throughout the holiday."

As detailed by the Secret Service, skimming is a method used by crooks to lift encrypted information from customers with the help of specially crafted electronic devices named skimmers.

The skimmers are designed to be embedded within the body of fuelling pumps, and they steal the data sent by a client's credit card when contacting the bank servers during the payment procedure.

"Operation Deep Impact" already helped customers avoid $6 million in losses
The Secret Service says that gas stations are a top target for bad actors who use skimmers to steal credit cards because of a large number of customers using them and the low risks of being discovered involved in installing the skimmers and recovering them to collect the stolen data.

"An estimated 54 million Americans will travel across town or across the country for Thanksgiving, and while doing so, many will buy gas for their cars," said the Secret Service. "These annual increases in motor travelers on the road during holidays mean bigger paydays for card-skimming financial criminals who target victims at fueling stations."

"Operation Deep Impact" is the fourth such operation conducted by the Secret Service during 2018 and, until now, it is also the most successful with roughly $6 million in losses having been prevented already.

The other three card skimming crackdown operations of the year started right before Independence Day, Memorial Day, and Labor Day, three other holidays when high numbers of customers are impacted by a higher risk of having their cards skimmed while fueling their cars.

Detailed information on how to detect credit card skimmer devices when fueling your car and on what to do if your credit card has been compromised by skimmers is available on U.S. Federal Trade Commision's website.

https://news.softpedia.com/news/dos-vuln...pd_related       DoS Vulnerabilities Found in Linux Kernel, Unpatched

Local attacks could trigger DoS state via crafted sys calls
Nov 23, 2018 21:26 GMT  ·  By Sergiu Gatlan ·  Comment  ·  Share:                  
Vulnerable Linux distros
Two denial-of-service (DoS) vulnerabilities found in the Linux Kernel by contributor Wanpeng Li could allow local attackers to exploit null pointer deference bugs to trigger DoS conditions.

The first vulnerability, which received the CVE-2018-19406 ID in the Common Vulnerabilities and Exposures database, resides in the kvm_pv_send_ipi function of the Linux kernel, defined in the arch/x86/kvm/lapic.c file.

CVE-2018-19406 affects Linux kernel version up to 4.19.2, and it allows potential attackers with local access to the vulnerable machine to trigger a DoS state using specially crafted system calls that "reach a situation where the apic map is uninitialized."

Moreover, the issue is triggered because the Advanced Programmable Interrupt Controller (APIC) map fails to initialize correctly.

"The reason is that the apic map has not yet been initialized, the testcase triggers pv_send_ipi interface by vmcall which results in kvm->arch.apic_map is dereferenced," says Li in his advisory.

Public exploit code already available for CVE-2018-19407
The second vulnerability found by Li can also be exploited only by attackers that have physical access to the vulnerable Linux machine.

The issue got assigned the CVE-2018-19407 ID by the CVE database, and it is present in the kvm_pv_send_ipi function kernel function that can be found in the Arch/x86/kvm/lapic.c source code file.

Local attackers can exploit this issue by submitting maliciously crafter system calls to trigger a NULL pointer deference condition because the I/O Advanced Programmable Interrupt Controller (I/O APIC) fails to initialize.

"The reason is that the testcase writes hyperv synic HV_X64_MSR_SINT6 msr and triggers scan ioapic logic to load synic vectors into EOI exit bitmap," according to Li's description of the issue. "However, irqchip is not initialized by this simple testcase, ioapic/apic objects should not be accessed.

Although public exploit code is already available for the CVE-2018-19407 security bug, there is no known way to mitigate the issue.

https://news.softpedia.com/news/new-cryp...3958.shtml         New Crypto-Miner Attacks Linux Machines, Kills Other Miners and Anti-Malware

Self-propagates to other network devices using SSH
Nov 23, 2018 21:44 GMT  ·  By Sergiu Gatlan        The Russian Dr.Web anti-malware maker discovered a new Linux threat embodied by a Trojan designed to work as a crypto-miner and as a dropper for some other nasty malware payloads such as DDoS backdoors and rootkits.

The new Trojan strain named Linux.BtcMine.174 by the Dr.Web team is a heavy 1,000-line shell script which comes with multiple modules that it will download and write to any folder with write permissions on the infiltrated Linux box.

Once it has managed to dump the extra malware payloads on the compromised machine, Linux.BtcMine.174 will use the nohup POSIX utility to launch itself as a daemon, redirecting its output to a nohup.out file to make detection more difficult.

After installing itself as a service, the Trojan downloads a Linux.BackDoor.Gates.9 Trojan payload that makes it possible for its masters to control the compromised machine and use it to execute DDoS attacks.

Because after compromising its Linux targets the Trojan is running under the privileges of the current user, almost never an administrator account, Linux.BtcMine.174 uses exploits such as Linux.Exploit.CVE-2016-5195 (known as DirtyCow) and Linux.Exploit.CVE-2013-2094 to escalate its privileges and completely take over the Linux machine.

As soon as it gets root privileges on the infected device, starts hunting for any AntiMalware solutions, killing their processes when found and going even further by completely uninstalling them using a package manager.

Linux.BtcMine.174 also steals root passwords and auto-propagates itself via SSH
The Trojan will also hunt down any crypto miners it can find running on the machine, terminating their processes on sight to avoid sharing the system's computing resources. Once it's done "cleaning" the device of any mining competitors, Linux.BtcMine.174 will download a Monero (XMR) mining script and start working.

After the mining process has started, the malware will make sure that it keeps going at all times, checking its heartbeat every few minutes in an infinite loop and restarting it whenever needed.

To make things even worse for its victims, the Trojan will also add itself to the machine's Autorun and download a rootkit capable of hiding files anywhere on the system and, more importantly, stealing "user-entered passwords for the su command."

During the final stage of the infection process, the Linux.BtcMine.174 Trojan starts looking around for all the hosts available on the network that the compromised machine's owner has connected to in the past using SSH and tries connecting to and infect each of them.

More details regarding the inner workings of the new Trojan strain targeting Linux systems are available in Dr.Web's virus database, while a full list of all found indicators of compromise is ready for access on GitHub.

FlipHTML5 is a digital publishing software that helps you make your content catch the eyes of readers by turning PDF/images into page flip book-like content in minutes. Its powerful desktop software and Online Editor enable users to enrich PDF magazines or brochures with audio, video, animation and image. The layout is designed beautifully and can help you create personal homepages and bookcases. This helps others learn about you and your digital publications.











Website: http://fliphtml5.com





I have 12 gift card exchange codes that can be used for a full Year of FLIP HTML5 Platinum Plan to giveaway. If your interested just follow the rules below to be entered in this giveaway. The winners will be selected December 08, 2018 by Random.org



RULES:  
              
To have a chance on a gift card exchange code just follow these Simple rules:


1. Share this Giveaway on Facebook, Twitter or G+. Copy and Post the share link with your comment below. 

2. If you don't have account on Facebook and Twitter, You can also share on any other forum and put the links also.

3. Subscribe to our newsletter RSS FeedBurner and get all the latest giveaways and contests delivered to you by email.

Upcoming Promotion
Cyber Monday Bonanza!
Happy Cyber Monday! We're kicking off the holiday season with a fabulous deal on BC.
Take 25% off during our biggest sale of the year!
ONE DAY ONLY!  Monday, November 26th, 2018.
Applies to any Beyond Compare purchase; new licenses and upgrades.
Check back any time after midnight Sunday night (US Central Time)!




https://www.scootersoftware.com/vbulleti...le-Details

Quote:VPNs aren’t understood nearly as well as they should be, given the growing prevalence of cybersecurity threats and massive corporate data breaches. There are certain VPN myths that are far too common, which is why I’d like to set the record straight!

1. Why should I pay for a VPN? I’ll just get a free one!
If Google’s growing data empire and the huge Cambridge Analytica scandal at Facebook haven’t given you a clue, let me spell it out for you: when a for-profit company provides you with a service for free, that’s because they are using you to make money. You are the product, not the customer. Don’t forget this rule if you’re weighing the benefits of a free VPN vs. a paid one. How a free VPN makes money depends on their sense of ethics, but none of the potential solutions bode well for your online security. The most common methods involve carefully logging your traffic and then injecting ads into whatever you do online or simply selling that data to third parties. Less scrupulous free VPNs have even sold their users’ bandwidth to corporations and hackers or used their access to deliver malware. Free VPNs also usually offer fewer features and don’t work as well as premium VPNs do. They usually support less staff and can’t release frequent updates to stay on top of the latest cybersecurity trends. Premium paid VPNs answer to customers, not advertisers, so they have a stronger motivation to deliver a product that works.

2. A VPN will make my internet too slow to use
It’s true that a VPN can slow down your internet speed, but it doesn’t have to. The severity of the slowdown also depends on the settings you choose and on your VPN speed, but it will usually be too small to notice if you’re just browsing online. It’s natural for a VPN to reduce the speed of your internet access by some small amount, since your traffic has to be encrypted and then decrypted before it gets anywhere. Another source of additional latency will be the server your traffic has to visit to be decrypted, but depending on the country you choose, you may not notice any difference at all. If you proxy your traffic through a country on the other side of the world, your latency will definitely take a hit. If you select your own country, however, the slowdown will probably barely be noticeable. There are also a few scenarios in which you might experience a speedup. To throttle data, ISPs have to see your actual traffic, which they can’t do when it’s encrypted. If they’re prevented from throttling, that means higher internet speeds for you. In rare cases, your VPN might actually take your traffic on a more efficient route than your ISP would – especially if your ISP is sending your traffic somewhere it shouldn’t be sending it.

Quote:Letting your browser store your passwords is convenient, but what happens if they fall into the wrong hands? Almost all browsers and devices can be hacked, which is why you should learn how to delete your passwords should the need arise.

Quote:SecureAPlus is a PC security solution that’s guaranteed to protect you from all of today’s digital threats, such as malware and viruses. Download it for free today at www.SecureAPlus.com

Not just an Anti-Virus: The powerful Application Whitelisting technology ensures that only applications that you trust are run by your computer. All malicious attacks that slip by unwary users are always detected and initially blocked. It puts you, not anyone else, in control.

More than 10 Anti-Viruses: Combining the power of more than 10 industry standard commercial Anti-Viruses, rest assured that you have a comprehensive virus and malware library that boasts one of the highest detection rates possible.

It’s surprisingly fast and light too. By leveraging the power of the cloud, it barely uses your local hardware, so you can save it for more important things like work or play

"Backup and rip any DVDs to MP4, H.264, MPEG, etc for playback on iPhone, iPad and Android devices.
Only 5 minutes to digitize the DVD. 1:1 backup your disc to Mac computer. "

Black Friday Giveaway : limited version (comparaison on the same page)

500 free licenses/day. Valid till December 10.

https://www.macxdvd.com/giveaway/giveawa...drp1811#vp

Virus Total OK : https://www.virustotal.com/fr/file/49069...543150055/

https://www.webroot.com/us/en/home/promotions/deals

Quote:CYBER MONDAY ONLINE DEALS!

It’s time to get the best online deals this Cyber Monday! We’re glad to present to you our offers for this special day! New customers can get our best antivirus protection for 60% off to live their digital lives more safely. Panda protects you at all times, everywhere, and on any device, by taking advantage of the benefits offered by cloud security. Enjoy the key features and improvements of our antivirus protection: central management systems, additional anti-theft capabilities, and additional privacy protection for Android devices with App Lock, etc. These unique features have greatly improved user experience. But we haven’t forgotten our existing customers! Today only, you can renew your antivirus protection and save up to 60%!

Revo Unistaller Pro 4 US $14.99
Revo Uninstaller Pro 4 Portable US $19.99




https://www.revouninstaller.com/newslett...riday.html

Quote:

The craziest Monday of the year

Are you still lulled in the scent of the Black Fridays? You do not, for the Cyber Monday is even crazier, with the best offers for you: 

• 10% discount on renewal orders 
• 30% discount on the All-In-One Lifetime Gift - 20-in-1 bundle plus 4TB WD My Passport portable drive (only 10 available), and € 25 Amazon gift card and a 5-computer license as gift. 
• 40% discount on BD / UHD / video / playback products 
• 50% off DVD products 
• 80% discount on YouTube to MP3 

Home Events 'Yellow vests' set the guillotine: 'Macron does not want to give up, so we decided to judge him in an old fashioned way'

EVENTS 'Yellow vests' set the guillotine: 'Macron does not want to give up, so we decided to judge him in an old fashioned way.' Lis 25, 2018, 11: 265720
- Macron does not want to give up, so we decided to judge him in an old fashioned way. Perhaps this is a mean one, but it is difficult to remain calm in relation to the people who despise us - the setting of the guillotine created by the protesters against President Macron's policy was explained by Laurent from Le Puy-en-Velay in the Auvergne-Rhone-Alpes region, in the department of Upper Loire .
He admits in a conversation with the regional portal lacommere43.fr that the 'yellow vests' standing next to the guillotine appreciate the support received by truck drivers and drivers.

- For 10 cars, drivers 8 or 9 encourage us. Some give us money to provide us with coffee or something to eat.

Guillotines also appeared in several other places.

- When the French want to remind those in power, that they are their representatives, not the masters ... they have a few powerful symbols - writes a woman who shows the execution tool supposed to be in Paris.

During the French Revolution, the guillotine was refined and used on a large scale as a standard tool for executing executions throughout France. In this way, the guillotine became a symbol of terror from the French Revolution. The name of the guillotine comes from the name of the originator of the device, a deputy to the National Assembly from Paris and the surgeon Joseph Ignace Guillotina. The last execution in the history of the guillotine took place in France on September 10, 1977, when the Tunisian immigrant Hamida Djandoubi was executed for the murder of the Frenchwoman.

For :  lacommere43.fr

Enjoy 5 years of PureVPN for just $1.32/month. Ends in 24 hours.

PureVPN is hugely popular VPN brand, which is hailed as the best VPN service by several publications.

https://www.purevpn.com/vpn-deals/cybermonday

Christmas Songs on Steel with Black Rifle Coffee Company

Exclusive offer from Giveaway of the Day and MyPlayCity! No third-party advertising and browser add-ons!

Snark Busters: All Revved Up tells the incredible story of Jack Blair, a world famous racecar driver who puts his career on hold to catch the Snark. Join Jack as he jumps between the real world and the inverted realms inside of mirrors in an attempt to catch his quarry. Solve whimsical puzzles, explore worlds of exquisite detail, and keep your eyes peeled for hundreds of cleverly Hidden Objects!


https://game.giveawayoftheday.com/snark-...-revved-up

Malwarebytes is offering a free 90-day trial of Malwarebytes Premium on any Android device. Here

ZenMate Ultimate AND McAfee Total Protection this Cyber Monday at over 80% off!