Welcome, Guest
You have to register before you can post on our site.

Username
  

Password
  





 
Welcome Guest!
Welcome to the Promo2day Community, where we feature software giveaways, computer discussion, along with a fun, safe atmosphere! If your reading this it means you are not yet registered. You will need to Register before you can make posts, chat or enter the forum giveaways. Be sure to also visit the Help/FAQ page.

  Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam
Posted by: mrtrout - 4 hours ago - Forum: Security News - No Replies

https://www.mcafee.com/blogs/internet-se...58075192=1      Over 10 Million Facebook Users Hacked in Ongoing Phishing Scam       
McAfee

Jul 05, 2022

5 MIN READ


In this digital age, communicating online and through our devices has become the norm. From sharing highlights of last night’s game to sending cute animal videos back and forth, so much of our connectedness happens virtually. It’s become so easy to chat with friends and loved ones through social media that we don’t even have to think about it. We know who’s on the other end of the screen, so why would we worry? We know our friends would never send us a malicious link that would steal our information, so why be cautious? Right?

Not necessarily. Though a message or link may seem like it’s coming from a friend, it’s also possible that it was sent without their knowledge. There are many ways for hackers to scam people very believably. The latest Facebook Messenger hack is just one of many examples.
Facebook Frenemies

According to PIXM, Facebook users have been conned for several months by a phishing scam that tricks them into handing over their account credentials. Users are shown a fake login page that copies Facebook’s user interface, giving it the illusion of being real. When someone enters their credentials, their password and login combo is sent to the hacker who then sends out the same link and fake login to the user’s friends through Facebook Messenger. Any user who clicks the link is asked to fill out their credentials, and the cycle repeats. PIXM estimates that over 10 million Facebook users have been duped by this scam since 2021.

This hacker was able to utilize a technique to evade Facebook’s security checks. When a user clicks on the link in the Messenger app, the browser redirects to a legitimate app deployment service, then redirects again to the actual phishing pages with advertisements and surveys that accrue revenue for the hacker. Using this legitimate service link prevents Facebook from blocking it without blocking other legitimate apps and links as well. Researchers say that even if Facebook managed to block one of these links, several others are created with new unique IDs every day to replace it.

Phishing scams like these are harder to detect due to the realistic-looking interface on the login pages and that these malicious links are seemingly coming from friends and family. However, there are always key things to look out for when faced with phishing scams.
Swim Away From These Phishes

Scams don’t always come from overtly sketchy emails or text messages from strangers. Sometimes they can (unintentionally) come from people we know personally. This isn’t to say that your friends online can’t be trusted! However, it’s important to always be cautious and keep an eye out for any odd behavior to stay on the safe side. Here are some key things to look out for when faced with potential malicious phishing scams:

    Lack of personalization. These types of scams may be coming from online friends you don’t speak to often, if at all. If someone you rarely speak to is sending you links out of the blue, that’s an automatic red flag. But if you’re still unsure or if this is coming from someone you know well, pay close attention to the message, the greeting (if any), and whether it’s personalized or not. If it seems cold or overly general, avoid it!
    Links don’t look quite right. If you’re receiving a link through email, hover over the URL without clicking on it to see the link preview. If it looks suspicious, delete it altogether. For links being sent through social platforms, check to see if the URL matches the content in the message being sent to you or if there is a preview attached. If these things don’t match or aren’t present, it’s best to play it safe and stay away.
    Spelling and tone seem off. If the message you’re receiving is riddled with spelling or grammar mistakes, proceed with caution, especially if it’s unlike your friend to have those types of errors in their messages. In that same vein, if the tone of the message doesn’t match the typical vibe of the person you’re receiving it from, it’s best to ignore it and move on!
    The message is telling you to act. Always be wary of a strange message and link asking you to act. If the message is telling you to download something, don’t click any links or attachments. Simply delete the message and carry on!

When in doubt, just ask! If you’ve received a message and a link from a friend online, simply ask if they meant to send it to you. If they didn’t send it themselves, not only did you dodge a bullet, but your friend is also now aware that they’ve been hacked and can take the necessary precautions to ensure their information is protected. And if they did mean to send it to you, then you can click the link knowing that it’s safe to do so. It’s always best to err on the side of caution when it comes to your online security.

Print this item

  Cloud-based malware is on the rise. How can you secure your business?
Posted by: mrtrout - 4 hours ago - Forum: Security News - No Replies

https://blog.malwarebytes.com/business-2...-business/        Cloud-based malware is on the rise. How can you secure your business?

Posted: July 5, 2022 by Bill Cozens

There’s a lot of reasons to think the cloud is more secure than on-prem servers, from better data durability to more consistent patch management — but even so, there are many threats to cloud security businesses should address. Cloud-based malware is one of them.

Indeed, while cloud environments are generally more resilient to cyberthreats than on-prem infrastructure, malware delivered over the cloud increased by 68% in early 2021 — opening the door for a variety of different cyber attacks. 

But you might be asking yourself: Doesn’t my cloud provider take care of all of that cloud-based malware? Yes and no.

Your cloud provider will protect your cloud infrastructure in some areas, but under the shared responsibility model, your business is responsible for handling many security threats, incidents, responses, and more. That means, in the case of a cloud-based malware attack, you need to have a game plan ready.

In this post, we’ll cover four ways you can help secure your business against cloud-based malware.
What ways can malware enter the cloud?

One of the main known ways the malware can enter the cloud is through a malware injection attack. In a malware injection attack, a hacker attempts to inject malicious service, code, or even virtual machines into the cloud system.

The two most common malware injection attacks are SQL injection attacks, which target vulnerable SQL servers in the cloud infrastructure, and cross-site scripting attacks, which execute malicious scripts on victim web browsers.  Both attacks can be used to steal data or eavesdrop in the cloud.

Malware can also get into the cloud through file-upload.

Most cloud storage providers today feature file-syncing, which is when files on your local devices are automatically uploaded to the cloud as they’re modified. So, if you download a malicious file on your local device, there’s a route from there to your business’ cloud — where it can access, infect, and encrypt company data.

In fact, malware delivered through cloud storage apps such as Microsoft OneDrive, Google Drive, and Box accounted for 69% of cloud malware downloads in 2021.
Four best practices to prevent cloud-based malware
1. Fix the holes in your cloud security

As we covered in our post on cloud data breaches, there are multiple weak points that hackers use to infiltrate cloud environments — and once they find a way into your cloud, they can drop cloud-based malware such as cryptominers and ransomware.

Fixing the holes in your cloud security should be considered one of your first lines of defense against cloud-based malware. Here are three best practices:

    Have strong identity and access management (IAM) policies: IAM misconfigurations cause 65% of detected cloud data breaches.

    Properly configure your public APIs: Researchers have found that two-thirds of cloud data breaches were caused by misconfigured APIs.

    Set up your cloud storage correctly: This is relevant if your cloud storage is provided as Infrastructure-as-a service (like Google Cloud Storage or Microsoft Azure Cloud Storage). By not correctly setting up your cloud storage, you risk becoming one of many companies who suffer a cloud data breach due to a misconfiguration.

2. Protect your endpoints to detect and remediate malware before it can enter the cloud

Let’s say you’re the average small to mid-sized company with up to 750 total endpoints (including all company servers, employee computers, and mobile devices). Let’s also say that a good chunk of these endpoints are connected to the cloud in some way — via Microsoft OneDrive, for example.

At any time, any one of these hundreds of endpoints can become infected with malware. And if you can’t detect and remediate the malware as soon as an endpoint gets infected, there’s a chance it can sync to OneDrive — where it can infect more files.

This is why endpoint detection and response is a great “second line of defense” against cloud-based malware.

Three features of endpoint detection and response that can can help track and get rid of malware include:

    Suspicious activity monitoring: EDR constantly monitors endpoints, creating a “haystack of data“ that can be analyzed to pinpoint any Indicators of Compromises (IoCs).

    Attack isolation: EDR prevents lateral movement of an attack by allowing isolation of a network segment, of a single device, or of a process on the device. 

    Incident response: EDR can map system changes associated with the malware, thoroughly remove the infection, and return the endpoints to a healthy state.

3. Use a second-opinion cloud storage scanner to detect cloud-based malware

Even if you have fixed all the holes in your cloud security and use a top-notch EDR product, the reality is that malware can still make it through to the cloud — and that’s why regular cloud storage scanning is so important.

No matter what cloud storage service you use you likely store a lot of data: a mid-sized company can easily have over 40TB of data stored in the form of millions of files.

Needless to say, it can be difficult to monitor and control all the activity in and out of cloud storage repositories, making it easy for malware to hide in the noise as it makes its way to the cloud. That’s where cloud storage scanning comes in.

Cloud storage scanning is exactly what it sounds like: it’s a way to scan for malware in cloud storage apps like Box, Google Drive, and OneDrive. And while most cloud storage apps have malware-scanning capabilities, it’s important to have a second-opinion scanner as well.

A second-opinion cloud storage scanner is a great second line of defense for cloud storage because it’s very possible that your main scanner will fail to detect a cloud-based malware infection that your second-opinion one catches.
4. Have a data backup strategy in place

The worst case scenario: You’ve properly configured your cloud, secured all your endpoints, and regularly scan your cloud storage — yet cloud-based malware still manages to slip past your defenses and encrypt all your files.

You should have a data backup strategy in place for exactly this kind of ransomware scenario.

When it comes to ransomware attacks in the cloud — which can cause businesses to lose critical or sensitive data — a data backup strategy is your best chance at recovering the lost files.

There are several important things to consider when implementing a data backup strategy, according to Cybersecurity and Infrastructure Security Agency (CISA) recommendations. In particular, CISA recommends using the 3-2-1 strategy.

The 3-2-1 strategy means that, for every file, keep:

    One on a workstation, stored locally for editing or on a local server, for ease of access.
    One stored on a cloud backup solution.
    One stored on a long-term storage such as a drive array, replicated offsite, or even an old school tape drive.

Prevent cloud-based malware from getting a hold on your organization

Cloud-based malware is one of many threats to cloud security that businesses should address, and since cloud providers operate under a shared responsibility model, you need to have a game plan ready in the case of a cloud-based malware attack. In this article, we outlined how malware can enter the cloud and four things you can do to better secure your business against it.

Interested in reading about real-life examples of cloud-based malware? Read the case study of how a business used Malwarebytes to help eliminate cloud-based threats.  Download: https://www.malwarebytes.com/resources/f...udy-v1.pdf

Print this item

  CCleaner Free Version v6.01.9825 (20 Jun 2022)
Posted by: tarekma7 - Yesterday, 06:36 AM - Forum: Freeware - No Replies

CCleaner 6.01.9825

v6.01.9825 (20 Jun 2022)

CCleaner 6.01 brings even better cleaning, maintenance, and optimization to your PC. First, our new Performance Optimizer has some improvements to make it easier to use. Second, we've added more free cleaning for a number of popular apps present on the Microsoft Store, including iTunes and Netflix. This cleaning is optional: you can turn it on in Custom Clean. Third, Software Updater can provide updates to an additional 30 apps, taking its coverage to more than 150 popular apps! Finally, thank you to those who reported long loading times for CCleaner, this should be back to normal now in this release.

Helping you to keep your PC running fast and smooth

We’ve rectified the Driver Updater badge counter so it no longer shows the wrong number of drivers to update in some cases
We’ve made many quality-of-life improvements to Performance Optimizer:
We’ve optimized its own performance to use fewer resources
We’ve added a notification for  made it more obvious when an app requires a restart before it can enter or leave Sleep Mode
We’ve made some wording clearer
We’ve fixed some visual bugs
We’ve fixed an issue that occurred when switching from non-admin to admin in Windows
We’ve added better error reporting so our engineers can fix issues more quickly
Expanding our cleaning

We've added cleaning for Microsoft Store installations of:
Amazon Music, iTunes & Spotify
Netflix, Disney+ & VLC Media Player
WhatsApp
Microsoft To Do
Raw Image Extension
Trio Office
Taking the hassle out of PC maintenance

We fixed an issue where CCleaner took a long time to load if you have large driver backup files present
Software Updater now supports an additional 30 applications; including OpenOffice, Plex Media - Player and CPU-Z
Request more apps for Software Updater at ideas.ccleaner.com
Simplifying the app

New caret arrows in Driver Updater show that driver categories can be expanded
The Account menu, where you can manage your license and start a free trial, is now easier to find
Keeping you safe

As part of our continued commitment to security, we’ve made various minor security improvements based on testing (penetration testing, static code analysis)
Updates like these are typical, preventative measures taken by all good software companies
One such example is that we've upgraded the version of OpenSSL we use for secure data transfer to the latest one (1.1.1o)
Note about CCleaner Portable

We have paused releases of CCleaner Portable while we resolve a compatibility issue. We hope to have this resolved soon.


Homepage:  https://www.ccleaner.com/

Download:    https://www.ccleaner.com/ccleaner/builds

Print this item

  Mythic Heroes [Android & iOS]
Posted by: ahmed - Yesterday, 06:03 AM - Forum: Game Giveaway of the Day - No Replies

[Image: vSOtI9F.png]

Summon and forge friendships with your favorite heroes from myth and legend!
Enter the Ascension Realm in the latest idle RPG from IGG: Mythic Heroes. Summon and forge friendships with your favorite heroes from myth and legend including Thor, Loki, Hades, and Artemis! Explore the ancient stories of the world from the depths of Atlantis to the heights of the Kunlun Mountains. Your journey in the Ascension Realm awaits, Summoner!



The gift package worth $150 will include:
- 1 x SSR Custom Voucher
- 10 x Standard Summon Scroll
- 1000 x Diamonds

System Requrements:
Android 5.0 and above; IOS 9.0 and above

Home:
https://www.mythicheroes.com/

License:
For new players only!

GP:
https://game.giveawayoftheday.com/mythic-heroes/

Print this item

  Outlook Email Address Extractor v2.2
Posted by: ahmed - Yesterday, 05:56 AM - Forum: Giveaway of the day - Replies (1)

Outlook Email Address Extractor 2.2:
https://www.giveawayoftheday.com/outlook...extractor/

Registration key:
5CI1XN-088DGV-HMA36N-3C7HET

You have to install and activate it before the Giveaway offer for the software is over.

Terms and conditions:
Please note that the software you download and install during the Giveaway period comes with the following important limitations:

1) No free technical support
2) No free upgrades to future versions
3) Strictly non-commercial usage

Print this item

  AnyRec Video Converter [for PC]
Posted by: ahmed - Yesterday, 05:49 AM - Forum: Giveaway of the day - No Replies

[Image: I5ybD4I.png]

Convert, edit, process, and enhance media files in one stop.
AnyRec Video Converter is an easy-to-use and powerful video converter for Windows 11/10/8/7 users. You can convert popular video and audio files with high quality at 50x faster speed. Moreover, you can get movie maker, video collage maker, video quality enhancer, video compressor, and more within the program.

Key functions and features:
1.Convert 8K/5K/4K/HD video and audio with high quality.
2.50x faster speed with batch conversion support.
3.Create split-screen videos and video slideshows with pre-made themes.
4.Explore 20+ lightweight video editors to make your video better.

System Requirements:
Windows 7/ 8/ 8.1/ 10/ 11; 1GHz Intel/AMD CPU or above; Blue1GB or more of RAM; BlueIntel or AMD processor, 2 GHz or faster

Homepage:
https://anyrec.io/video-converter/

Giveaway Version:
1.0.12

License type:
1 year license for 1 PC

GP:
https://www.giveawayoftheday.com/anyrec-...converter/

Register:
https://www.anyrec.io/gotd/video-converter/

Terms and conditions:
Please note that the software you download and install during the Giveaway period comes with the following important limitations:

1) No free technical support
2) No free upgrades to future versions
3) Strictly non-commercial usage

Print this item

  AstraLocker ransomware shuts down and releases decryptors
Posted by: mrtrout - Yesterday, 03:28 AM - Forum: Security News - No Replies

https://www.bleepingcomputer.com/news/se...ecryptors/      AstraLocker ransomware shuts down and releases decryptors
By Sergiu Gatlan

    July 4, 2022 02:15 PM        The threat actor behind the lesser-known AstraLocker ransomware told BleepingComputer they're shutting down the operation and plan to switch to cryptojacking.

The ransomware's developer submitted a ZIP archive with AstraLocker decryptors to the VirusTotal malware analysis platform.

BleepingComputer downloaded the archive and confirmed that the decryptors are legitimate and working after testing one of them against files encrypted in a recent AstroLocker campaign.

While we only tested one decryptor that successfully decrypted files locked in one campaign, other decryptors in the archive are likely designed to decrypt files encrypted in previous campaigns. "It was fun, and fun things always end sometime. I'm closing the operation, decryptors are in zip files, clean. I will come back," AstraLocker's developer said. "I'm done with ransomware for now. I'm going in cryptojaking lol."

While the developer did not reveal the reason behind the AstraLocker shutdown, it’s likely due to the sudden publicity brought by recent reports that would land the operation in law enforcement’s crosshairs. A universal decryptor for AstraLocker ransomware is currently in the works, to be released in the future by Emsisoft, a software company known for helping ransomware victims with data decryption.

While it doesn't happen as often as we'd like, other ransomware groups have released decryption keys and decryptors to BleepingComputer and security researchers as a gesture of goodwill when shutting down or releasing new versions.

The list of decryption tools released in the past includes Avaddon, Ragnarok, SynAck, TeslaCrypt, Crysis, AES-NI, Shade, FilesLocker, Ziggy, and FonixLocker.
AstraLocker ransomware background

As threat intelligence firm ReversingLabs recently revealed, AstraLocker used a somewhat unorthodox method of encrypting its victims' devices compared to other ransomware strains.

Instead of first compromising the device (either by hacking it or buying access from other threat actors), AstraLocker's operator would directly deploy the payloads from email attachments using malicious Microsoft Word documents.

The lures used in AstroLocker attacks are documents hiding an OLE object with the ransomware payload that will get deployed after the target clicks Run in the warning dialog displayed when opening the document. Before encrypting files on the now-compromised device, the ransomware will check if it's running in a virtual machine, kill processes and stop backup and AV services that would hinder the encryption process.

Based on ReversingLabs' analysis, AstraLocker is based on the leaked Babuk Locker (Babyk) ransomware source code, a buggy but still dangerous strain that exited the space in September 2021.

Additionally, one of the Monero wallet addresses in AstraLocker's ransom note was also linked to the operators of Chaos ransomware.

Print this item

  Abelssoft RegistryCleaner 2022 [for PC]
Posted by: ahmed - 07-04-2022 , 04:44 AM - Forum: External Giveaways/Freebies - No Replies

[Image: 600a86dc70c7d04-EN-Scanning-finished.png]

Abelssoft RegistryCleaner gives your Windows Registry a boost. The registry is Windows’ central database. Unfortunately, many programs and tools constantly and automatically add new entries to them.As time goes on, the registry becomes bloated and desolate, causing the system to slow down or even fail. In short, Windows takes longer to read out important information if the registry isn’t cleaned up regularly.RegistryCleaner from Abelssoft is a modern registry defragmenter with a good reputation that puts things back in order. Registry Cleaner makes a copy of everything you delete as a safety measure.If a mistake was made or an important entry was deleted by accident, the backup can be brought back by clicking the “Restore” button. With this tool, a scan can be set to run automatically once a month, so that the registry is always kept clean.

Abelssoft RegistryCleaner Features:
  • Improves the stability and responsiveness of Windows.
  • Speeds up your registry -Scan the registry, fix errors, and get rid of memory waste automatically once a month, if you want.
  • Errors can be found and fixed with the Registry Scan. Your system will get faster and more stable again.
  • SmartClean feature just gets rid of junk entries and fixes them. No changes are made to your working entries.
  • With RegistryCleaner, your computer will run more smoothly and error-free. Your system will get faster and more stable again.
  • Can create a backup of your registry for extra safety.
  • Reduces the size of the Registry on disc.
  • Access time optimization.
  • All versions of Windows are compatible, including Windows 11, Windows 10, Windows 8.1, Windows 8, and Windows 7.
Homepage:
https://www.abelssoft.de/en/windows/syst...ry-cleaner

System Requirements:
Windows 11, Windows 10, Windows 8.1, Windows 8, Windows 7

Giveaway

Print this item

  MediaTube 2.9.9.4 (0307) Freeware Released
Posted by: mrtrout - 07-04-2022 , 12:52 AM - Forum: Freeware - No Replies

https://www.mediahuman.com/mtube/8/      mTube

Version: 2.9.9.4 Updated on July 3, 2022 Price: Free        If you like to watch videos from YouTube but you are bored with ads and comments, then mTube is a great solution that will make watching YouTube more comfortable. mTube allows you to conveniently and easily watch videos from YouTube, find your desired video using a built-in search. Or just open the URL.

    No ads
    Without Flash
    Built-in search
    Displays related


Download mTube.exe  Download:  https://www.mediahuman.com/files/mTube.exe
size: 28.07 Mb
This app used to be called MediaTube, but then we got a request from the owner of that brand and renamed it.
System Requirements:

    Internet connection
    Windows 11, Windows 10, Windows 8, Windows 7
    macOS 12.0 (Monterey), macOS 11.0 (Big Sur), macOS 10.15 (Catalina), macOS 10.14 (Mojave), macOS 10.13 (High Sierra), macOS 10.12 (Sierra), OS X 10.11 (El Capitan), OS X 10.10 (Yosemite)
    About 80 Mb of free hard drive space     Digital Signature  MediaHuman  ( Vyacheslav Anatolievich Parygin IP )              MediaTube 2.9.9.4 (0307) Freeware  Is   100% Scanned Malware Free & Clean With Bitdefender Total Security  For  Worm, Adware, Spyware,  Virus, Bots,  Ransomware,  Rootkit,  Trojan horse,  Trojan droppers,  Trojan downloaders,  Trojan spies,  Banking Trojans, Backdoor Trojans, PUP malware,  Fileless malware,

Print this item

  Messed up situation
Posted by: Mike - 07-03-2022 , 11:37 PM - Forum: Photo Albums, Images, & Videos - No Replies

Whole Situation Messed Up: Dude Kills His Wife For Cheating Then Confesses On Social Media Before Turning Himself In!


https://worldstarhiphop.com/videos/wshh6...himself-in

Print this item

  Auslogics BoostSpeed 13 is coming soon! 50% Early Bird discount
Posted by: mrtrout - 07-03-2022 , 11:14 PM - Forum: Hot Deals & Discounts - No Replies

https://www.auslogics.com/en/cpages/boos...s13_button       
BoostSpeed 13
NEW
All-in-one PC optimization kit is getting a major upgrade: grab your Early Bird half off deal
Be among the first to try the new and improved Auslogics BoostSpeed 13        Sign up for BoostSpeed 13 release alert
We will send you an alert once version 13 is released and give you a unique
50% Early Bird discount

What’s new?
Full Windows 11 Support NEW FEATURE
Microsoft’s brand-new OS comes with new features that may be loved or hated by users worldwide. BoostSpeed 13 helps you manage Windows 11, remove or disable unwanted features, customize appearance and behavior, and run regular maintenance to keep the system in top shape.
Cool Dark Skin NEW FEATURE
Don’t like looking at a bright screen at night? Give your eyes a break by enabling the new dark theme for BoostSpeed’s interface. As a bonus, it may help extend battery life on laptops with OLED screens.
Custom Dashboard NEW FEATURE
Add any tools you want to have at hand straight to BoostSpeed’s main screen, group them as needed, and save time whenever you want to run your favorites. Customizing the dashboard is now as easy as checking a box.
Switch Modes with a Click NEW FEATURE
You can easily switch between Office, Game, Economy or Normal modes, or set up your own Custom mode to get your system optimized in real time for whatever you plan to do on your computer. BoostSpeed 13 makes it a lot easier!
Your SSD Gets Special Attention ENHANCED
Run accurate diagnostics and instantly optimize your SSD with special algorithms that have been enhanced in BoostSpeed version 13 to be even more effective and take better care of SSD drives.
Cat Mode Enhanced IMPROVED
The damage your pet can do to your computer or your data should not be underestimated, as cats are notorious for changing OS settings, sending weird messages, deleting files or rearranging icons. The enhanced Cat Mode feature protects your PC from your pet’s paws when you step away.

Print this item

  Maastricht University gets partial ransom back after ransomware attack in 2019
Posted by: mrtrout - 07-03-2022 , 09:56 PM - Forum: Security News - No Replies

https://borncity.com/win/2022/07/03/uni-...019-zurck/      Maastricht University gets partial ransom back after ransomware attack in 2019
Posted on 2022-07-03 by guenni

Sicherheit (Pexels, allgemeine Nutzung)[German]Partial success for Maastricht University, following a ransomware attack in 2019. Investigators have managed to seize part of the Bitcoin ransom payments. Due to price increases, this amount is now worth more than the entire ransom at the time. The university plans to put the amount into a fund for students. Here is some information about an incident that is ending with a profit for the university.

The ransomware infection

The University (UM) of the Dutch city of Maastricht fell victim to a ransomware attack on Dec. 23, 2019, according to my research (see Ransomware infects Maastricht University). All computer systems have been shut down for the moment. Of course, it was super fitting that December 24 was Christmas Eve, because the administrators had focused on Christmas and the students were probably also mostly on Christmas vacation.

As a result of the ransomware infection, all IT systems had to be taken offline. The latest statement from the university, dated January 27, 2020, says that students can copy, print and scan again with internal systems. In February 2020, it was revealed (see this Reuters article) that the university had paid 200,000 euros in ransom in the form of 30 Bitcoins. 
Trail of the bitcoins traced

As part of the investigation into the cyberattack, Dutch police came across a bank account (specifically, it was a crypto-wallet) that belonged to a money launderer in Ukraine, as can be read here. A relatively small part of the ransom – around 40,000 euros in bitcoin – had been deposited in this account. Dutch prosecutors were able to seize the account in 2020 and found a number of different cryptocurrencies as assets.

Negotiations over the return of the funds from this account dragged on. Dutch authorities have now been able to return the partial ransom to the university after more than two years of negotiations. However, the value of the bitcoin in the Ukrainian account has increased from 40,000 euros at the time to 500,000 euros.

Maastricht University ICT Director Michiel Borgers commented, "This money will not go into a general fund, but into a fund that helps financially struggling students." So now the university has gotten back twice the amount that was paid as a ransom. Could have turned out differently. Currently, the prosecutors are also trying to arrest those behind the attack – but this is likely to be rather difficult.

Print this item

  HP Print and Scan Doctor (formerly HP Scan Diagnostic Utility) 5.6.6.001 Freeware
Posted by: mrtrout - 07-03-2022 , 01:46 AM - Forum: Freeware - No Replies

https://support.hp.com/us-en/help/printscandoctor      HP Print and Scan Doctor for Windows

Fix printing and scanning problems with HP Print and Scan Doctor, a free tool for Windows.       

        Windows: Download HP Print and Scan Doctor.
        Mac: Use Diagnose & Fix through HP Smart. Learn more here
    Run HPPSdr.exe from the download location on your computer.
    Once HP Print and Scan Doctor is open, click Start, and then choose your printer.
        If your printer is not listed, turn it on and click Retry.
        If there is a connection problem, follow the instructions in the tool.
    Depending on the problem, click either Fix Printing or Fix Scanning.
    Test results are displayed with icons

checkmarkA checkmark means your printer passed.
wrenchA wrench means a problem was found and fixed.
exclamation An exclamation mark means a test failed and was skipped.
cross An X means the printer has a problem. Follow the instructions to fix it.


    HP Print and Scan Doctor shortcut is installed on your desktop
Download  HP Print and Scan Doctor :https://ftp.ext.hp.com/pub/printers/hppsdr/patche/HPPSdr.exe                        HP Print and Scan Doctor (formerly HP Scan Diagnostic Utility) 5.6.6.001  Freeware   Is     100% Scanned Malware Free & Clean With Bitdefender Total Security  For  Worm, Adware, Spyware,  Virus, Bots,  Ransomware,  Rootkit,  Trojan horse,  Trojan droppers,  Trojan downloaders,  Trojan spies,  Banking Trojans, Backdoor Trojans, PUP malware,  Fileless malware,

Print this item

  Samsung SSD Integrated Installer 1.0 FREEWARE
Posted by: mrtrout - 07-03-2022 , 12:01 AM - Forum: Freeware - No Replies

https://semiconductor.samsung.com/consum...ort/tools/        Samsung SSD Integrated Software Installer

    Magician & Data Migration Software Installer for Consumer SSD (1)

The Samsung SSD Integrated Installer is a program that allows SSD Magician Software and Data Migration tool to be installed at once without any separate installation.

SSD Integrated Software Installer
Version 1.0 | 230MB DOWNLOAD
https://semiconductor.samsung.com/resour...taller.zip          Digital Signature ( Clonix Co., Ltd )  Samsung SSD Integrated Installer 1.0  FREEWARE  Is  100% Scanned Malware Free & Clean With Bitdefender Total Security  For  Worm, Adware, Spyware,  Virus, Bots,  Ransomware,  Rootkit,  Trojan horse,  Trojan droppers,  Trojan downloaders,  Trojan spies,  Banking Trojans, Backdoor Trojans, PUP malware,  Fileless malware,

Print this item

  Ultimate Puzzles Dinosaurs [PC Game]
Posted by: ahmed - 07-02-2022 , 03:33 AM - Forum: Game Giveaway of the Day - No Replies

[Image: bb2aa6772a63b503f946bf3c168a6699.png]

A brand new puzzle game about different dinosaurs.
Ultimate Puzzles Dinosaurs is a brand new puzzle game about different dinosaurs.Each puzzle is 4x4 in size, but the complication is that the puzzles need to be rotated in the right direction.

Homepage:
https://uniden.itch.io/ultimate-puzzles-dinosaurs

GP:
https://game.giveawayoftheday.com/ultima...dinosaurs/

Print this item

  Lyrics Finder 1.5.6 Build 0207 Freeware Released
Posted by: mrtrout - 07-02-2022 , 02:08 AM - Forum: Freeware - No Replies

https://www.mediahuman.com/lyrics-finder/      Lyrics Finder

Version: 1.5.6 Updated on July 2, 2022 Price: Free          MediaHuman Lyrics Finder is a free software application, which can help you find and add missing lyrics (song text) to all songs in your music library. It's a safe operation because the app doesn't overwrite lyrics you've already had.

Very easy to use: simply drag&drop some tracks from your favorite music player (e.g. iTunes) and MediaHuman Lyrics Finder will do the rest.

MediaHuman Lyrics Finder will give you access to over a million different lyrics collected from various sources on the Internet.

Download LyricsFinder.exe  Download: https://www.mediahuman.com/files/LyricsFinder.exe
size: 21.33 Mb       
System Requirements:

    Internet connection
    Windows 11, Windows 10, Windows 8, Windows 7, Windows Vista, Windows 2003, Windows XP for PC systems (32bit/64bit)
    macOS 11.0 (Big Sur), macOS 10.15 (Catalina), macOS 10.14 (Mojave), macOS 10.13 (High Sierra), macOS 10.12 (Sierra), OS X 10.11 (El Capitan), OS X 10.10 (Yosemite), OS X 10.9 (Mavericks), OS X 10.8 (Mountain Lion), Mac OS X 10.7 (Lion), Mac OS X 10.6 (Snow Leopard)
    Ubuntu Linux 16.04+
    About 50 Mb of free hard drive space      Digital Signature ( MediaHuman ( Vyacheslav Anatolievich Parygin IP )            Lyrics Finder 1.5.6 Build 0207  Freeware  Is  100% Scanned Malware Free & Clean With Bitdefender Total Security  For  Worm, Adware, Spyware,  Virus, Bots,  Ransomware,  Rootkit,  Trojan horse,  Trojan droppers,  Trojan downloaders,  Trojan spies,  Banking Trojans, Backdoor Trojans, PUP malware,  Fileless malware,

Print this item

  IObit Uninstaller 11.5.0.4 Freeware Released
Posted by: mrtrout - 07-02-2022 , 12:31 AM - Forum: Freeware - No Replies

https://www.majorgeeks.com/files/details...aller.html    IObit Uninstaller 11.5.0.4  Freeware    Version History for IObit Uninstaller:
+ Optimized Bundleware to detect more bundleware more accurately
+ Enhanced Software Health to detect and fix more software issues
+ Optimized Install Monitor for more comprehensive and accurate monitoring
+ Fixed all known bugs                  https://www.iobit.com/en/advanceduninsta...=870&__c=1    IObit Uninstaller 11 Free

Completely Uninstall Unwanted Software, Windows Apps & Browser Plug-ins        Supports Windows 11/10/8.1/8/7/Vista/XP        IObit Uninstaller 11 Free
Download:  https://cdn.iobit.com/dl/iobituninstaller.exe         Digital Signature ( IObit CO., LTD )                                              IObit Uninstaller 11.5.0.4  Freeware  Is   100% Scanned Malware Free & Clean With Bitdefender Total Security  For  Worm, Adware, Spyware,  Virus, Bots,  Ransomware,  Rootkit,  Trojan horse,  Trojan droppers,  Trojan downloaders,  Trojan spies,  Banking Trojans, Backdoor Trojans, PUP malware,  Fileless malware,

Print this item

  AIMP 5.03 Build 2394 FREEWARE & Portable AIMP 5.03 Build 2394 FREEWARE
Posted by: mrtrout - 06-30-2022 , 10:09 PM - Forum: Freeware - No Replies

https://www.aimp.ru/?do=changelog    Change Log » AIMP for Windows    AIMP v5.03, build 2394 (30.06.2022)
General: visual appearance of settings window has been updated

Tags: encoding detection algorithm has been improved


Fixed: skin engine - window border flicks on activate/deactivate the window if the "allow per pixel semitransparency" is switched off (regression)

Fixed: smart-playlists - null-values of data-time fields are stored to configuration file incorrectly

Fixed: plugins - API - album art providers that does not supports for "unknown" interface cannot be registered in repository        AIMP v5.03, build 2394
Release date: 30.06.2022
Target OS: Windows 7-Windows 11      64-bit - AIMP.ru
Plugins from previous versions will not work
SHA256: 2d18cab438e4bf54fb72dbd1476d8ef4bbdb2ce748bf5cbe27af77ba17273486    Download:      https://aimp.ru/files/windows/builds/aim...94_w64.exe                  64-bit (No Installer) - AIMP.ru
Plugins from previous versions will not work
It may not import some settings from previous versions
SHA256: 57051524772b77ce7d490cdecfe96bd5298d3b0c409c3e8b27508891956ac15e    Download:      https://aimp.ru/files/windows/builds/aim...taller.zip                                                       Digital Signature ( IP Izmaylov Andreevich )    AIMP 5.03 Build 2394 FREEWARE  &  Portable AIMP 5.03 Build 2394 FREEWARE   Were  100% Scanned Malware Free & Clean With Avast! Free Edition 22.6.7355 For  Worm, Adware, Spyware,  Virus, Bots,  Ransomware,  Rootkit,  Trojan horse,  Trojan droppers,  Trojan downloaders,  Trojan spies,  Banking Trojans, Backdoor Trojans, PUP malware,  Fileless malware,

Print this item

  IObit 6 Apps Gift Pack (92% OFF)
Posted by: Daniel_R - 06-30-2022 , 07:26 AM - Forum: Hot Deals & Discounts - No Replies

Get the Complete Gift Pack including 6 IObit Products at $27.99

Use Coupon: G5BCDG6K to get an additional $3.99 OFF

Included Products:

  1. Advanced SystemCare Pro | 3 PCs – 1 Year
  2. Smart Defrag PRO | 3 PCs – 1 Year
  3. Driver Booster | 3 PCs – 1 Year
  4. IObit Uninstaller PRO | 3 PCs – 1 Year
  5. Malware Fighter Pro | 3 PCs – 1 Year
  6. Software Updater Pro | 3 PCs – 1 Year



Offer Link:
https://www.dealarious.com/coupon/iobit-...ack-3-pcs/

Print this item

  Malware-as-a-service is spreading among teens
Posted by: mrtrout - 06-30-2022 , 03:31 AM - Forum: Security News - No Replies

https://blog.avast.com/discord-minors-ra...0133018592      Malware-as-a-service is spreading among teens
EMMA MCGOWAN  28 JUN 2022      The Lunar malware builders aren’t unique: There are many varieties of “grabber builders” available online.

Sometimes when you’re doing research, you stumble across something unexpected. That’s what happened to the Avast team when they were investigating ransomware. They found something that seemed like regular ransomware, but there were a few weird things that caught their eye. The first: The requested ransom fee was only $25.

Upon further investigation, the team found that this malware was encrypting files and renaming them with the extension “.LUNAR.” They also found other malware in the family, but instead of ransomware they were information stealers and crypto miners.

The team was confused — this malware family wasn’t in the vein of the usual stuff they come across. Why was someone taking the time to create and spread something that had such a low profit possibility? And why the variety?

They kept digging and found a Discord server dedicated to a “Lunar” malware family, which they quickly determined was a “malware-as-a-service” product. Malware-as-a-service is a recent trend that allows people to hack other people without any programming or technical skills. It’s basically plug-and-play hacking for whomever is interested, only requiring users to determine details like a custom icon or a binary to be used as a carrier for the malicious code.

The creator of the malware was selling it on the Discord server, taking suggestions from clients, and even hosting giveaways. Community members were sharing plugins with each other or sometimes just hanging out to chat. And as the Avast team spent more time in the community, observing their behavior and vocabulary, they realized something surprising: most of the members were minors between the ages of 11 and 16.

“We presume that this is exactly the reason why the author of Lunar, known on Discord as Nex, advertises low prices (5-25 EUR) for access to their malware builder,” Avast malware researcher Jan Holman  says. “This hypothesis is also supported by a fact that a lot of the malware’s functionality, and definitely most of the plugins submitted by other members of the community, are aimed at annoying victims rather than causing actual harm.”

They also realized that, while the Lunar malware builder included options like password and information stealing, crypto mining, and ransomware, that wasn’t what they primarily advertised. Instead, they focused on features like stealing gaming accounts, deleting Fortnite or Minecraft folders, or repeatedly opening a web browser with Pornhub.

In other words: Pranks that teenagers might be interested in.

How does malware-as-a-service work?
The Lunar malware builders aren’t unique: There are many varieties of “grabber builders” available online. They’re usually short-lived malware campaigns based on a source code from GitHub or even some other builder, rebranded with a new logo and name, and sometimes slightly tweaked or modified with new functionality.

While they vary somewhat in the functionality they offer, the functionality they deliver, and the obfuscation used, they’re all fundamentally the same. They have similar .NET-based GUIs with slightly different layouts, color pallets, names, and logos. Still, they offer the same primary function: generating custom malware samples by checking a few checkboxes and filling a few form fields.

The Avast team has seen many similar builders to Lunar, such as Itr0ublveTSC, Mercurial, Snatch, HideGrabber, PirateStealer, AsteroidLLC, Stely, Viny, Rift, etc. These builders share some code and have a similar modus operandi. The other builders also have similar groups and communities online.

Discord confirmed they take action to address these types of communities, and has banned the servers associated with Avast’s findings.

Malware as community?
Once the teens have the malware-as-builder, they have to figure out how to deploy it, a task in which the community often assists. They might disguise the malware as cracked games or game hacks or make them inconspicuous by using icons and filenames of legitimate game executables. Sometimes they even bundle them with actual benign binaries, essentially sneaking the malicious code onto a victim’s device in disguise.

They also lure victims through things like “bait” videos on YouTube, encouraging people to download the desired media. Once the attacker has the video set up, they post it in the Discord server and all of the other community members go to comment on it, providing social validation for potential victims. They even go so far as to “warn” victims that their antivirus might block it and give instructions on how to let the file slip through by allowing exceptions.

“We strongly caution against downloading cracked software and game cheats and especially against ignoring antivirus warnings and creating exceptions for such programs,” Avast malware researcher Jan Holman says. “If your AV program flags a keygen or a cracked game as malware, chances are it really does contain malware. It is not the AV's job to care about the legality of your software.”

But while there seems to be community support, there’s also plenty of conflict. The Avast team observed infighting, instability, potential bullying, and members stealing each others’ code and selling it themselves. These communities tend to flare up and die down quickly, as builders become bored or the negativity of the group becomes too much.

When it comes to actual threats, the impact of this group is relatively low. The Avast team didn’t plan on spending much time at all on it, but they chose to share their findings specifically because the people involved — both perpetrators and victims — are primarily minors.

That’s very clear from the conversations, which include open banter about age, comments like “I don’t want to use my mom's paypal,” and conversations about taking over a teacher’s device during class. Discord shared with Avast that they advise parents to help tailor the child’s settings to prevent them from receiving messages from strangers. More safety tips for parents can be found on the Discord blog.    “These communities may seem attractive to kids as hacking is seen as cool and malware builders provide a cheap and easy opportunity to ‘hack’ someone and to brag about it to peers,” Holman says. “They can also offer a chance to learn a bit of programming; the community is somewhat helpful in that area. However, these acts are still illegal and deserve to be noted.”

The Threat Labs team also points out that the operational security in these groups was poor, with social media accounts easily accessible or personal information directly shared in the chat. And finally, while the actions taken by the perpetrators could be viewed as childish pranks, they could also put their victims — and their victims’ parents, if they share devices — in real danger, potentially exposing their sensitive data to professional cybercriminals.

Following the discovery and analysis of the server by Avast Threat Labs, researchers notified Discord who later took the server offline.

Print this item