Creativities.PDF is a powerful software for visual structure modification of PDF documents. It is an all-in-one application for managing and converting PDF files. It includes many functions and features that are required by many users for easy PDF manipulation.

Homepage:

https://www.creativities.de/en/

Download:

https://www.creativities.de/en/CreativitiesPDFSetup.exe

User Interface:

The user interface is very friendly and easy to use. All tools and features are well arranged in the main app window



New Features:

Version 1.2.0:

The new update with version number 1.2.0 extends the OCR functions. Texts in images can now also be recognized and saved.

Version 1.3.0:

Minor bug fixes

Activation:



Features:

Merge files:

Merge multiple files into a single PDF file

Office to PDF:

Convert Word, Excel, and PowerPoint files to PDF

Images to PDF:

Convert images to PDF

Edit structure:

Delete or rotate pages. Save as entire PDF or extract individual pages only.

Export images:

Read out the images integrated in the PDF

Split PDF:

Split a PDF into several individual PDFs

Remove protection:

Remove a set password, encryption and restrictions

Protect with password:

Protect and encrypt a PDF with a password

Compress PDF:

Reduces file size by optimizing fonts, images, and content.

OCR - text recognition:

Convert non-searchable PDFs to searchable PDFs using OCR.

Image OCR:

Recognize and extract text from an image

Read our full detailed review HERE

I would like to thank the Developer for this exclusive giveaway

Giveaway details:

Number of licenses:  10

Validity of license:  Lifetime with updates (not upgrades)

Value of each License: 19.95 Euro

Giveaway duration:  3 weeks

Winner selection:   Wheel of Names

Rules:

You must be a registered Forum member here on Promo2day

Please follow these Simple rules:

Creativities.PDF is a powerful software for visual structure modification of PDF documents. It is an all-in-one application for managing and converting PDF files. It includes many functions and features that are required by many users for easy PDF manipulation. 

Homepage:

https://www.creativities.de/en/

Download:

https://www.creativities.de/en/CreativitiesPDFSetup.exe

User Interface:

The user interface is very friendly and easy to use. The main window includes all the available functions, displayed in well organized manner. Simple click on any feature, you will find a new window pops up.



New Features:



Version 1.2.0:

The new update with version number 1.2.0 extends the OCR functions. Texts in images can now also be recognized and saved.

Version 1.3.0:

Minor bug fixes

Activation:



Features:

Merge files:

Merge multiple files into a single PDF file



Office to PDF:

Convert Word, Excel, and PowerPoint files to PDF



Images to PDF:

Convert images to PDF



Edit structure:

Delete or rotate pages. Save as entire PDF or extract individual pages only.



Preview page:



Export images:

Read out the images integrated in the PDF



Split PDF:

Split a PDF into several individual PDFs



Remove protection:

Remove a set password, encryption and restrictions



Protect with password:

Protect and encrypt a PDF with a password



Compress PDF:

Reduces file size by optimizing fonts, images, and content.



OCR - text recognition:

Convert non-searchable PDFs to searchable PDFs using OCR.



Image OCR:

Recognize and extract text from an image



Developer: Max Lock

After training as an IT specialist at an insurance company, I gained experience in software development at several medium-sized companies. Initially working exclusively in the development of Windows applications, the development of apps for smartphones became another focus of my current work.

The developer is registered in our forum and I would like to personally welcome him

Testing features:

The program is generally easy to use with friendly user interface. The image export feature is very useful as you can export all images in your PDF file to a specified folder. In addition, encryption features are working good and save your time to search and download other software to decrypt some PDF files.
All features tested are working in good 

My suggestions for the software:

1. Built-in reader to be the default PDF application if the user wish
2. PDF content editor is recommended so that I can edit pdf text
3. Split PDF file supports only pages. I tried to split file into 2 or 3 parts but cannot
4. No help files or tutorials although the program is generally easy to use
5. Install directory on my computer is not clear 
6. Full English translation is strongly recommended as some parts of the app and website is still in German language

Conclusion:

The program is a collection of tools that will help you in the management of PDF files in a variety of ways. You can do many jobs such as merge, split, protect, decrypt, compress, edit PDF structure and convert images to PDF files. You can also extract all images in PDF file to outside folder with single mouse click. The program is easy to use with friendly user interface

An old school 3D platformer game set in a super colorful world!

In Woodle Deluxe you'll Explore a total of 8 immersive worlds alongside Woodle, a brave log just born from his father roots, helping him to gather all the magical water drops scattered around the lands in order to bring back balance and becoming the new hero!

Features:

• 8 immersive different worlds to explore
  
• Local Co-op Main Adventure - Play as Woodle Beaver!
  
• New items and clothing to unlock for Woodle
  
• Vast 3D environments presented in smooth 60 fps
  
• Jump, Run and special Attacks are your abilities during the adventure
  
• A new original extra level
  Improvements to the camera movements
  

I can arrange 01 lifetime license of this software! If you are interested in participating here,just replay below (Please See Rules). I will pick 1 (One ) Winner with the help of  Wheel Of Names after 15 Valid entries!

About The Software:
https://www.xyplorer.com/

License Type:
-Single PC/ User,Lifetime License Pro (With all future upgrades!)

Rules:
1.Users with at least 2 meaningful posts and 1 thread (Including Here: Member Introduction) are eligible to participate in the contest!

2.Write in a small sentence " Why do you want to win this software ?"

3.VPN are Not Allowed!

4.Winner must PM Me (ahmed) within 03 days to claim His/Her win after winning announcement ,including His/Her : Full Name,Address (Optional) & Valid Email

Good Luck : )

Researchers have uncovered software flaws and misconfigurations in two of the top five virtual event platforms, including VFairs, which counts among its customers Ford, T-Mobile, IEEE and Pearson. The flaws have since been patched. (VFairs)
 
At a time when most organizations have rushed to take their events virtual, multiple zero-day vulnerabilities found in event platforms frequented by the Fortune 500 offer hackers access to personal and corporate information.
 
Researchers at Huntress have uncovered software flaws and misconfigurations in two of the [color=var(--theme-link_a)]top five [color=var(--theme-link_a)]virtual[/color] event platforms: VFairs, which counts among its customers Ford, T-Mobile, IEEE and Pearson, and 6Connex. Among the issues identified are information disclosure or personal identifiable information leakage, direct access to databases and potential remote code execution.
“At this point, we can’t predict whether information was actively stolen or compromised by attackers or unauthorized users,” Huntress Senior Security Researcher John Hammond wrote in a blog [color=var(--theme-link_a)]post[/color] following a webinar aimed at managed service providers that revealed the company’s research.
“But it certainly was possible, and these types of vulnerabilities could very well be present in many other [color=var(--theme-link_a)]online conferencing[/color] platforms,” he wrote, pointing to reports that “a virtual job fair for the intelligence community hosted on the 6Connex platform [last fall] exposed job seekers’ identities and social media profiles.”
 
Huntress reported its findings to VFairs and 6Connex and both platforms have since patched the vulnerabilities.
 
The security firm also found a large small and medium business supply chain breach that disclosed more than 250,000 confidential details on SMB mergers and acquisitions, financing and the like. “A huge amount of sensitive and confidential financing information was leaked from Axial, a platform for buying, selling, advising and financing private companies — all due to neglect of basic security measures,” Hammond wrote, noting that a Twitter thread recounting the breach had been removed and the account banned.[/color]


Source

Sophos has announced that it will provide its Intercept X [color=var(--theme-link_a)]endpoint protection software for [color=var(--theme-link_a)]5G[/color] PCs powered by Qualcomm's Snapdragon compute platforms.[/color]
 
Qualcomm's Snapdragon compute platforms build on smartphone technology to deliver improved performance and efficiency to 4G and 5G equipped [color=var(--theme-link_a)]business laptops.[/color]
 
Through deep learning [color=var(--theme-link_a)]AI and [color=var(--theme-link_a)]anti-ransomware[/color] capabilities, Sophos Intercept X protects advanced computing systems and endpoints and the company expects its software for Snapdragon compute platforms to be available during the second half of this year.[/color]
 
Chief Technology Officer at Sophos, Joe Levy explained in a [color=var(--theme-link_a)]press release how Snapdragon compute platforms provide the performance of a PC along with the benefits of mobile computing devices, saying:[/color]
 
“An always on, always connected, interactive computing environment that combines smartphone and PC technology delivers unique security capabilities and opportunities. Mobile devices historically have experienced far fewer security incidents than PCs powered by traditional architectures. It’s certainly not because they aren’t ubiquitous, but rather because of their modern architecture that offers overall predictability relative to PCs, enabling application vendors to design high-performance and secure software. Snapdragon compute platforms mark a major step forward because they provide all the utility and performance of a PC, but with many of the benefits associated with modern mobile computing devices. Security loves predictability, and Sophos is excited to be a part of securing this next-generation computing platform.”
Securing 5G PCs
[color=var(--theme-link_a)]Sophos Intercept X will also be able to leverage Connected Standby for continuous communication with a fleet of Snapdragon powered PCs. This helps make the work of security teams easier as their investigations will not be impeded by unknowns as data won't be missed due to devices being offline.[/color]
 
The cybersecurity company's endpoint protection software will even use AI acceleration through the [color=var(--theme-link_a)]Qualcomm AI Engine to compile AI-dependent software in real-time on devices with optimizations to run faster and more power efficiently.[/color]
 
At the same time though, Intercept X will be able to harness hardware-level root of trust to ascertain device and cryptographic integrity.
 
Senior Director of product management at Qualcomm Technologies, Migue Nunes praised the company's partnership with Sophos and explained how it will improve security across the board for 5G PCs, saying:
 
“Now, in addition to enabling always on, always connected PC experiences, our 5G-enabled Snapdragon compute platforms bring next-generation security innovation rooted in our advanced AI and 5G connectivity capabilities. By working with Sophos, we are taking on-device security to a new level by enhancing their industry-leading endpoint protection with AI accelerated threat detection on our solutions. We’re excited for Sophos to transform computing with next-generation enterprise-grade security on 5G powered Snapdragon compute platforms.”


Source

The number of cyber-threats identified and blocked by [color=var(--theme-link_a)]Trend Micro rose by 20% in 2020 to more than 62.6 billion.[/color]
 
Averaging out at 119,000 cyber-threats per minute, the huge figure was included in the company's annual roundup, "A Constant State of Flux: Trend Micro 2020 Annual Cybersecurity Report," [color=var(--theme-link_a)]released earlier today.[/color]
 
Email-borne threats such as phishing attacks accounted for 91% of the 62.6 billion threats blocked by Trend Micro last year. Nearly 14 million unique phishing URLs were detected by the company in 2020, with home networks a primary target. 
 
Researchers found cyber-attacks on home networks surged 210% year-on-year in 2020 to just under 2.9 billion, a figure that equates to 15.5% of all homes. The vast majority (73%) of strikes against home networks involved brute-forcing logins to gain control of a smart device or router.
 
The number of newly detected ransomware families increased 34% last year. Researchers noted an increase in the popularity of “double extortion” attacks in which attackers exfiltrate data before encrypting it so they can use the threat of publication to extort money as well as charging for the data's return. Government, banking, manufacturing, and healthcare were the sectors most targeted by ransomware gangs.
 
While a 17% fall in detections of business email compromise (BEC) attacks was recorded, the number of vulnerabilities published by the Zero Day Initiative (ZDI) increased 40% year-on-year. Among the flaws exploited by criminals are some dating back to 2005. 
 
“In 2020, businesses faced unprecedented threat volumes hitting their extended infrastructure, including the networks of home workers," said Jon Clay, director of global threat communications for Trend Micro. 
 
"Familiar tactics such as phishing, brute forcing and vulnerability exploitation are still favored as the primary means of compromise, which should help when developing defenses.” 
 
Clay added that a year into the global health pandemic, organizations around the world should be aware of its impact on cybersecurity risk.
 
“Global organizations have now had time to understand the operational and cyber risk impact of the pandemic," said Clay.
 
"The new year is a chance to adjust and improve with comprehensive cloud-based security to protect distributed staff and systems.”


Source

Hackers are said to have broken into the networks of U.S. space agency NASA and the Federal Aviation Administration as part of a wider espionage campaign targeting U.S. government agencies and private companies.
 
The two agencies were [color=var(--theme-link_a)]named by the Washington Post on Tuesday, hours ahead of a Senate Intelligence Committee hearing tasked with investigating the widespread cyberattack, which the previous Trump administration said [color=var(--theme-link_a)]was “likely Russian in origin.”[/color][/color]
 
A spokesperson for NASA did not dispute the report but declined to comment citing an “ongoing investigation.” A spokesperson for the FAA did not respond to a request for comment.
 
It’s believed NASA and the FAA are the two remaining unnamed agencies of the nine government agencies confirmed to have been breached by the attack. The other seven include the Departments of Commerce, Energy, Homeland Security, Justice and State, the Treasury and the National Institutes of Health, though it’s not believed the attackers breached their classified networks.
 
FireEye, Microsoft and Malwarebytes were among a number of cybersecurity companies also breached as part of the attacks.
 
The Biden administration is reportedly preparing sanctions against Russia, in large part because of the hacking campaign, the Post also reported.
 
The attacks were [color=var(--theme-link_a)]discovered last year after FireEye raised the alarm about the hacking campaign after its own network was breached. Each victim was a customer of the U.S. software firm SolarWinds, whose network management tools are used across the federal government and Fortune 500 companies. The hackers broke into SolarWinds’ network, planted a backdoor in its software and pushed the backdoor to customer networks with a tainted software update.[/color]
 
It wasn’t the only way in. The hackers are also said to have targeted other companies by breaking into other devices and appliances on their victims’ networks, as well as [color=var(--theme-link_a)]targeting Microsoft vendors to breach other customers’ networks.[/color]
 
Last week, Anne Neuberger, the [color=var(--theme-link_a)]former NSA cybersecurity director who last month was elevated to the White House’s National Security Council to serve as the deputy national security adviser for cyber and emerging technology, said that the attack took “months to plan and execute,” and will “take us some time to uncover this layer by layer.”[/color]


Source

A newly discovered threat group is targeting the International Air Transport Association (IATA) members, airlines and refugees to Canada. Shown here, a regional jet from Russian airline NordStar, a IATA member. (IATA)
 
MalwareBytes reports a newly discovered threat group targeting the International Air Transport Association (IATA) members, [color=var(--theme-link_a)]airlines and refugees to Canada.
 
The group, nicknamed LazyScripter, uses an uncommon amount of publicly available tools in its efforts.
“What was interesting about this actor is how much it is really relying on open source and commercially available toolset to operate,” Hossein Jazi, senior threat intelligence analyst at MalwareBytes, told SC Media.
 
LazyScriptor was first discovered in December, but appears to have been active since 2018. It uses .pdf files linking to malware stored on GitHub, bespoke loader programs to open a variety of well-known commodity malware.
 
Between 2018 and 2019, the group installed Powershell Empire on victims using a loader MalwareBytes is calling Emploader. Recently it switched to Octopus and Koadic installed with a loader Malwarebytes is calling Kocktopus.
 
The group used job and IATA related lures, as well as fake updates; immigration, tourism and visa related documents; and COVID-19 information to infect victims.
“In terms of attribution. It’s hard to really attribute this group to any known groups,” said Jazi. “We did a comparison; while we found some similarities between this actor and actors such as MuddyWater, OilRig, and APT 28, there are big differences” as well.
 
The connections to OilRig and APT 28 are largely in their use of similar commodity malware, which is not a strong connection. While Muddywater is the most similar, it is historically more adept at targeting victims, and uses custom tools LazyScripter has yet to utilize. OilRig and MuddyWater are both suspected to be Iranian groups while APT 28 is believed to be Russian.
 
A list of indicators of compromise is available on the MalwareBytes website. But Jazi also said relevant defenders should be on the lookout for GitHub traffic.[/color]


Source

Canadian airplane manufacturer Bombardier has disclosed today a security breach after some of its data was published on a dark web portal operated by the Clop ransomware gang.
"An initial investigation revealed that an unauthorized party accessed and extracted data by exploiting a vulnerability affecting a third-party file-transfer application, which was running on purpose-built servers isolated from the main Bombardier IT network," the company said in a [color=var(--theme-link_a)]press release today.[/color]
 
While the company did not specifically name the appliance, they are most likely referring to Accellion FTA, a web server that can be used by companies to host and share large files that can't be sent via email to customers and employees.
 
In December 2020, a hacking group discovered a zero-day in the FTA software and began attacking companies worldwide. Attackers took over systems, installed a web shell, and then stole sensitive data.
 
In a [color=var(--theme-link_a)]press release yesterday, Accellion said that 300 of its customers were running FTA servers, 100 got attacked, and that data was stolen from around 25.[/color]
 
The attackers then attempted to extort the hacked companies, asking for ransom payments, or they'd make the stolen data public, [color=var(--theme-link_a)]according to security firm FireEye.[/color]
 
Starting earlier this month, data from some old FTA customers began appearing on a "leak site" hosted on the dark web, where the Clop ransomware gang would usually shame the companies who refused to pay its decryption fees.
 
Data from geo-spatial data company [color=var(--theme-link_a)]Fugro, tech firm [color=var(--theme-link_a)]Danaher[/color], Singapore's largest telco [color=var(--theme-link_a)]Singtel[/color], and US law firm [color=var(--theme-link_a)]Jones Day[/color] was published on the site so far.[/color]
 
Today, Bombardier's name was added to the list, which prompted the airplane maker to go public with its security breach.
 
Data shared on the site included design documents for various Bombardier airplanes and plane parts. No personal data was shared, but the airplane maker is most likely livid that some of its private intellectual property is now being offered as a free download on the dark web.
 
FireEye said in a report today that the FTA hacking campaign and the subsequent extortion efforts are carried out by a major cybercrime group which the company is tracking as FIN11, a group that has had its fingers in various forms of cybercrime operations for the past years.


Source

New research has uncovered a significant increase in QuickBooks file data theft using social engineering tricks to deliver malware and exploit the accounting software.
"A majority of the time, the attack involves basic malware that is often signed, making it hard to detect using antivirus or other threat detection software," researchers from ThreatLocker said in an analysis shared today with The Hacker News.
 
QuickBooks is an accounting software package developed and marketed by Intuit.
 
The spear-phishing attacks take the form of a PowerShell command that's capable of running inside of the email, the researchers said, adding, a second attack vector involves decoy documents sent via email messages that, when opened, runs a macro to download malicious code which uploads QuickBooks files to an attacker-controlled server.
 
Alternatively, bad actors have also been spotted running a PowerShell command called [color=var(--theme-link_a)]Invoke-WebRequests on target systems to upload relevant data to the Internet without the need for downloading specialized malware.[/color]
"When a user has access to the Quickbooks database, a piece of malware or weaponized PowerShell is capable of reading the user's file from the file server regardless of whether they are an administrator or not," the researchers said.
 
Furthermore, the attack surface increases exponentially in the event QuickBooks file permissions are set to the "[color=var(--theme-link_a)]Everyone" group, as an attacker can target any individual in the company, as opposed to a specific person with the right privileges.[/color]
 
That's not all. Besides selling the stolen data on the dark web, the researchers say they found instances where the operators behind the attacks resorted to bait-and-switch tactics to lure customers into making fraudulent bank transfers by posing as suppliers or partners.
 
Advising users to remain vigilant of these attacks, ThreatLocker recommends that file permissions are not set to the "Everyone" group to limit exposure.
"If you are using a Database Server Manager, be sure to check the permissions after running a database repair and confirm they are locked down," the researchers said.


Source

In 2019, Firefox was equipped with [color=var(--theme-link_a)]Enhanced Tracking Protection by default, blocking known trackers, third-party tracking cookies and cryptomining scripts. Social media trackers and tracking content in private Windows [color=var(--theme-link_a)]were added[/color] to that list a few months later. In August 2020, Firefox received a new protection feature to [color=var(--theme-link_a)]hamper redirect tracking[/color]. Last month, Firefox [color=var(--theme-link_a)]received protection[/color] against cache-based tracking “supercookies”.[/color]
 
On Tuesday, Mozilla [color=var(--theme-link_a)]released Firefox 86, and with it yet another new anti-tracking feature build into the browser’s Enhanced Tracking Protection (ETP): Total Cookie Protection.[/color]
“Total Cookie Protection confines cookies to the site where they were created, which prevents tracking companies from using these cookies to track your browsing from site to site,” Mozillans Tim Huang, Johann Hofmann and Arthur Edelstein [color=var(--theme-link_a)]explained.[/color]
 
There are exceptions to that rule, though: cross-site cookies needed for non-tracking purposes (e.g., for single sign-on purposes). “Only when Total Cookie Protection detects that you intend to use a provider, will it give that provider permission to use a cross-site cookie specifically for the site you’re currently visiting,” they noted.
 
Since its inception, the Chromium-based Brave browser introduced privacy/anti-tracking features such as a system for [color=var(--theme-link_a)]hiding privacy-harming page elements and third-party tracking ads, [color=var(--theme-link_a)]browser fingerprint randomization[/color], default removal of common tracking parameters from URLs, protection against query parameter tracking, [color=var(--theme-link_a)]temporary removal of Google’s Reporting API[/color], [color=var(--theme-link_a)]CNAME-based adblocking[/color], etc.[/color]
 
Safari has its Intelligent Tracking Prevention feature that employs anti-fingerprinting protection (it presents a simplified version of the user’s system configuration to websites) and now effectively [color=var(--theme-link_a)]blocks all third-party cookies by default.[/color]
 
In early 2020, Google [color=var(--theme-link_a)]laid out a roadmap for making third party cookies obsolete by 2022, and works on creating alternative technologies/standards that will permit ad personalization without affecting user privacy.[/color]
CNAME cloaking dangers
[color=var(--theme-link_a)]According to researchers Yana Dimova, Gunes Acar, Lukasz Olejnik, Wouter Joosen, and Tom Van Goethem, CNAME cloaking is a tracking evasion scheme that is not new but is rapidly gaining in popularity.[/color]
 
The scheme takes advantage of a CNAME record on a subdomain.
“The tracker is injected in the first-party context, the context of the visited website. A website example.com is embedding the content of the form xxx.example.com. But in reality, this subdomain xxx.example.com is an alias for the tracker domain, the yyy.tracker.com, a separate domain hosted at a third-party server,” Lukasz Olejnik [color=var(--theme-link_a)]explained.[/color]
“This scheme works thanks to a DNS delegation. Most often it is a DNS CNAME record. The tracker technically is hosted in a subdomain of the visited website.”
 
And because most anti-tracking works on the principle of filter lists, the CNAME cloaking scheme effectively renders most browsers’ anti-tracking defenses ineffective, he notes.
“As of today, from the major web browser vendors only Firefox offers defenses. Since uBlock version 1.25 under Firefox, the extension dynamically resolves hosts and sanitizes such requests if a match is found. Such a measure does not work under Chrome because this web browser does not offer a way for extensions to dynamically resolve hostnames.”
 
What’s more, CNAME cloaking leads to session fixation and persistent cross-site scripting vulnerabilities, potentially opening users and publishers to attack, as well as massive cookie leaks.
“In 95% of cases of websites using this technique, we found cookies leaking to external tracker servers in an unsanctioned manner, invisible to the user. In some cases, we confirm that the leaked cookies contain private/sensitive data. All these likely trigger the violation of data protection regimes such as the GDPR, or maybe even the CCPA,” Olejnik concluded.


Source

Together with the Linux Foundation, Google announced today that they would fund two Linux kernel developers' efforts as full-time maintainers exclusively focused on improving Linux security.
 
"While there are thousands of Linux kernel developers, all of whom take security into consideration as the due course of their work, this contribution from Google to underwrite two full-time Linux security maintainers signals the importance of security in the ongoing sustainability of open-source software," the Linux Foundation said in a statement released today.
 
Gustavo Silva and Nathan Chancellor, the two kernel developers funded through this initiative will exclusively focus on Linux kernel security development.
 
Chancellor will triage and fix bugs in Clang/LLVM compilers. Silva will turn the elimination of several classes of buffer overflows into his full-time Linux development work.
 
"Additionally, [Silva] is actively focusing on fixing bugs before they hit the mainline, while also proactively developing defense mechanisms that cut off whole classes of vulnerabilities," the Linux Foundation added.
 
"He is consistently one of the top five most active kernel developers since 2017" and he "has impacted 27 different stable trees, going all the way down to Linux v3.16."
 
This initiative comes after the release of the [color=var(--theme-link_a)]2020 FOSS Contributor Survey, authored by the Laboratory for Innovation Science at Harvard (LISH) and Open Source Security Foundation (OpenSSF).[/color]
 
The survey found that open-source software security requires more work due to its role as "a critical part of the modern economy."
 
Over 20,000 Linux contributors have made more than [color=var(--theme-link_a)]one million commits since August 2020, with Linux kernel devs always considering code security.[/color]
 
Despite this, Google's underwriting of two full-time Linux security maintainers further highlights the importance of security in open-source software.
 
"Ensuring the security of the Linux kernel is extremely important as it’s a critical part of modern computing and infrastructure. It requires us all to assist in any way we can to ensure that it is sustainably secure," Linux Foundation's Director of Open Source Supply Chain Security David A. Wheeler [color=var(--theme-link_a)]said.[/color]
 
"We extend a special thanks to Google for underwriting Gustavo and Nathan’s Linux kernel security development work along with a thank you to all the maintainers, developers and organizations who have made the Linux kernel a collaborative global success."


Source

As businesses continue to move more of their workloads to the [color=var(--theme-link_a)]cloud, cybercriminals are increasingly using cloud apps to deliver [color=var(--theme-link_a)]malware[/color] in an effort to evade legacy security defenses, according to new research from Netskope.[/color]
 
To compile the February 2021 edition of its [color=var(--theme-link_a)]Cloud and Threat Report, the firm used anonymized data from millions of its users collected from the Netskope Security Cloud platform over the course of last year.[/color]
 
During the shift to [color=var(--theme-link_a)]working from home during the pandemic in 2020, the number of cloud apps in use per organization increased by 20 percent. According to the report, organizations with 500 to 2,000 employees now use 664 distinct cloud apps on average each month. However, of these apps, nearly half have a “Poor” rating in Netskope's Cloud Confidence Index which is used to determine a cloud service's enterprise readiness.[/color]
 
Threat research director at Netskope, Ray Canzanese provided further insight on why cybercriminals are now targeting cloud apps in a [color=var(--theme-link_a)]press release, saying:[/color]
 
"Cybercriminals increasingly abuse the most trusted and popular cloud apps, especially for cloud phishing and cloud malware delivery. Enterprises using the cloud need to quickly modernize and extend their security architectures to understand data content and context for apps, cloud services, and web user activity."
Rise in cloud-based attacks
Netskope's research found that 61 percent of all malware is now delivered using [color=var(--theme-link_a)]cloud apps which is up from 48 percent year-over-year.[/color]
 
At the same time though, the popularity of cloud apps in the enterprise has made them a target for [color=var(--theme-link_a)]phishing attacks as well with cloud services now being the target of one in three (36%) phishing campaigns. However, while the majority of phishing lures are still hosted on traditional websites, attackers are increasingly using cloud apps in order to gain footholds in organizations.[/color]
 
The report also found that the volume of malicious [color=var(--theme-link_a)]Microsoft Office documents has increased by 58 percent as cybercriminals are now using malicious Office documents as Trojans to deliver next stage payloads such as [color=var(--theme-link_a)]ransomware[/color] and backdoors. In fact, malicious Office documents represent 27 percent of all the malware downloads detected and blocked by the Netskope Security Cloud.[/color]
 
Finally, the amount of sensitive data stored in personal apps is growing as work and home life continue to blend as a result of remote working. Netskope found that 83 percent of users access personal app instances on their corporate devices and this greatly increases the likelihood of data being mishandled or leaked online.
 
While the cloud is convenient, organizations need to be aware of the risks and dangers increased cloud usage poses to both their businesses and their employees.


Source

The Russian hacking group Turla is deploying an IronPython-based malware loader called "IronNetInjector" as part of a new campaign, Palo Alto's [color=var(--theme-link_a)]Unit42 reports.[/color]
 
Unit42 researchers report that the new loader delivers ComRAT, a remote access Trojan, by exploiting IronPython’s ability to use .NET framework APIs directly as well as Python libraries.
"IronNetInjector is made of an IronPython script that contains a .NET injector and one or more payloads," the report notes. "When an IronPython script is run, the .NET injector gets loaded, which in turn injects the payload(s) into its own or a remote process."
 
The latest loader comes with capabilities to obfuscate malware codes and encrypt and decrypt NET injector and payloads, according to the researchers.
Loader Infrastructure
Unit42 researchers identified two IronNetInjector variants compiled in 2018 and 2019. Both use full-blown portable executable injection toolsets, deployed for injecting and running codes inside another process memory.
 
While the 2018 loader was written in a much more specific manner, the researchers note the 2019 version is generically written and comes with capabilities to inject .NET assemblies into unmanaged processes.
 
IronNetInjector begins its function when the open-source Python programming language IronPython script is running. The malicious code is then loaded in the embedded .NET injector, which then decodes and decrypts the ComRAT Trojan.
 
Once the ComRAT is decrypted, the .NET injector takes control over the further execution, such as obfuscation and encryption, according to the report.
"The .NET injectors and bootstrappers contain clean code and meaningful function/method/variable names, and they use detailed log/error messages. Only the initial IronPython scripts are obfuscated to prevent easy detection," the researchers note.
 
Roger Grimes, defense evangelist at security firm KnowBe4, say that because the .NET framework is not compatible with non-Windows users, the impact of the tools is likely to be very low.
"On Microsoft Windows computers, it becomes yet another potential method among the myriad of options to possibly bypass or confuse anti-malware prevention and detection software," Grimes says.
 
To defend Windows users, security researchers will have to parse to detect any suspicious activities, Grimes says.
"Anti-malware software has to be aware of this new malware injection technique and be able to handle and parse it in a way to distinguish between legitimate and malicious uses. Out of the over 100 malware programs out, there is some percentage of them that will not be upgraded to detect this sort of technique, and so it helps malware developers," Grimes says.
Past Activities
Turla, which is also known as Belugasturgeon, Ouroboros, Snake, Venomous Bear and Waterbug, is reported to be part of Russia’s FSB (formerly KGB) and has carried out a series of operations targeting government and military agencies in at least 35 countries since 2008 (see: [color=var(--theme-link_a)]Russian Hackers Revamp Malware, Target Governments: Report).[/color]
 
The advanced persistent threat group has deployed a large malware arsenal that security researchers have documented over the past several years. The group's hacking tools include ComRAT network exfiltration malware and the HyperStack backdoor used to manipulate Windows APIs for persistence (see: [color=var(--theme-link_a)]Updated Malware Tied to Russian Hackers).[/color]
 
It is also not the first time the group has used legitimate tools and services as part of its malicious infrastructure.
 
In December 2020, security firm ESET uncovered a cyberespionage campaign by Turla that deployed a backdoor called "Crutch" that used Dropbox resources to help gather stolen data (see: [color=var(--theme-link_a)]Russian Hacking Group's Backdoor Uses Dropbox).[/color]


Source

A critical-severity buffer-overflow flaw that affects IBM Integration Designer could allow remote attackers to execute code.

 
IBM has patched a critical buffer-overflow error that affects Big Blue’s Integration Designer toolset, which helps enterprises create business processes that integrate ap
 
The flaw (CVE-2020-27221) has a CVSS base score of 9.8 out of 10, making it critical in severity. It stems from an issue in versions 7 and 8 of Java Runtime Environment (JRE), which is used by IBM Integration Designer toolset.
 
JRE is a software layer that runs on top of a computer’s operating system (OS), and enables Java to run seamlessly on any system regardless of its OS.
What is a Buffer-Overflow Flaw?
The flaw is a stack-based buffer-overflow error. This is a class of vulnerability where the region of a process’ memory that’s used to store dynamic variables (the heap) can be overwhelmed.
“By sending an overly long string, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash,” according to IBM’s Monday [color=var(--theme-link_a)]security advisory.
 
The error exists when the virtual machine (VM) or Java Native Interface converts characters from UTF-8 to platform encoding. Java Native Interface is a programming framework that enables Java code running in a Java VM to call native applications and libraries written in other languages.
 
IBM didn’t provide further information about what type of privileges an attacker would need, where they would need to send the string or the initial attack vector.
IBM Integration Designer Affected
Specifically, CVE-2020-27221 exists in Eclipse OpenJ9, a high-performance, scalable, Java VM implementation that is fully compliant with JRE.
“Contributed to the Eclipse foundation by IBM, the OpenJ9 JVM underpins the IBM SDK, Java Technology Edition, which is a core component of many IBM Enterprise software products,” [color=var(--theme-link_a)]according to IBM[/color].
 
IBM Integration Designer versions 8.5.7, 19.0.0.2, 20.0.0.1 and 20.0.0.2, which use JRE versions 7 and 8, are affected. The vulnerability was first reported on Dec. 16 via the [color=var(--theme-link_a)]Eclipse Foundation[/color], which is a global community of Eclipse open source software development members. A fix can be found here for [color=var(--theme-link_a)]each affected version[/color] of IBM Integration Designer.
 
Another vulnerability (CVE-2020-14782) was fixed, stemming from the JRE implementation in IBM Integration Designer. This “unspecified” vulnerability existed in Java SE and was related to the Libraries component. However, [color=var(--theme-link_a)]according to IBM[/color] it had “no confidentiality impact, low integrity impact and no availability impact.”
IBM Planning Analytics Workspace High-Severity Flaws
IBM also patched a slew of high-severity flaws in its IBM Planning Analytics Workspace; a web-based interface for IBM Planning Analytics that provides an interface to create and analyze content. The flaws exist specifically in Release 61 of the Local v2.0 for Planning Analytics Workspace.
 
Three vulnerabilities exist in Node.js, an open-source, cross-platform JavaScript runtime environment for developing server-side and networking applications, which is used in IBM Planning Analytics. These flaws include a denial-of-service vulnerability ([color=var(--theme-link_a)]CVE-2020-8251[/color]); an  HTTP request-smuggling glitch ([color=var(--theme-link_a)]CVE-2020-8201[/color]); and a buffer-overflow error ([color=var(--theme-link_a)]CVE-2020-8252[/color]).
 
Another flaw ([color=var(--theme-link_a)]CVE-2020-25649[/color]) exists in the FasterXML Jackson Databind, used to convert JSON to and from Plain Old Java Object (POJO) using property accessor or using annotations.
 
The flaw “could provide weaker than expected security, caused by not having entity expansion secured properly,” according to IBM. “A remote attacker could exploit this vulnerability to launch XML external entity (XXE) attacks to have impact over data integrity.”
IBM Continues Security-Flaw Fix Campaign
IBM previously issued various fixes for vulnerabilities, including [color=var(--theme-link_a)]ones in Spectrum Protect Plus in September[/color]. This is Big Blue’s security tool that’s found under the umbrella of its Spectrum data storage software branding. The flaws could be exploited by remote attackers to execute code on vulnerable systems.
 
In August, a shared-memory flaw was discovered in [color=var(--theme-link_a)]IBM’s next-gen data-management software[/color] that researchers said could lead to other threats — as demonstrated by a new proof-of-concept exploit for the bug.
 
And in April, four serious security vulnerabilities in [color=var(--theme-link_a)]the IBM Data Risk Manager[/color] (IDRM) were identified that can lead to unauthenticated remote code execution (RCE) as root in vulnerable versions, according to analysis – and a proof-of-concept exploit is available.[/color]

Source

Lack of strong security policies put many schools at risk of compromise, disrupted services, and collateral damage.
 
Institutions of higher education continue to have problematic password policies, lack multifactor authentication (MFA), and have a plethora of open ports — despite suffering dozens of ransomware attacks and targeting by attackers focused on stealing student information and university research, according to a new study published Tuesday.
 
An analysis by cybersecurity services firm BlueVoyant of publicly reported cybersecurity incidents involving higher education found that over the past two years, about 9% of the passwords on a common list used by attackers matched those used in combination with a university-assigned e-mail address. Meanwhile, about two-thirds of universities had no DNS-based e-mail security protocols in place, and 38% of all universities had at least one open database port.
 
While universities have traditionally seen the same types of attacks that other organizations do — and perhaps more nation-state espionage attacks because of their research, especially those institutions focused on COVID-19 — their openness and vulnerability puts them at greater risk, says Austin Berglas, former head of cyber at the FBI's New York office and global head of professional services at BlueVoyant.
"The risks that we outline are not impossible to remediate," he says. "However, especially in COVID times when you have an already-understaffed and underfunded IT team whose primary focus is to make sure that everyone has a working laptop and camera for remote learning ... it is daunting."
 
Because educational institutions are focused on access to learning and freedom to exchange knowledge, security is often a difficult prospect. In the US, almost every student — 97% — used their own laptop for at least one course and 89% used their own smartphones, according to [color=var(--theme-link_a)]an October 2019 survey conducted by the EDUCAUSE Center for Analysis and Research. A [color=var(--theme-link_a)]UK study[/color] found similar usage, with 93% of students using their own laptops and 83% using their own smartphones.[/color]
 
The combination of students using personal systems with the difficulty in enforcing security policies undermines many of the potential protections. When online textbook service Chegg suffered a compromise in April 2018, about an eighth of the 40 million subscribers affected by the breach used their university e-mail addresses as passwords, [color=var(--theme-link_a)]the BlueVoyant report states.[/color]
 
Those credentials, combined with password reuse and [color=var(--theme-link_a)]weak security policies, make such breaches a significant threat, says Berglas.[/color]
 
Looking at a subset of 30 public universities, BlueVoyant's analysis found an "across-the-board lack of basic e-mail security and a lack of multifactor authentication," he says. "This makes phishing, for example, a huge vulnerability."
 
Passwords continue to be a large issue, especially because MFA has not made significant inroads at schools. 
 
BlueVoyant collected billions of credentials from publicly available username and password lists, so-called "combolists," and compared those credentials to a list of 14.3 million popular passwords — the RockYou.txt file. Of the credentials that used an e-mail address from a .edu domain as a username, about 9% had passwords on the RockYou.txt list, the company found.
 
The problem extends beyond just gaining access to student e-mail messages, says Berglas.
"There is a massive amount of password reuse going on," he says. "Students and staff use their .edu accounts not just for school stuff, they use it for everything. And they often hang onto them long after they graduate. And so we see the reuse of those passwords be really critical with credential-stuffing attacks and brute-force attacks, and with allowing the bad guys to utilize those credentials for multiple other accounts."
 
Such weaknesses make attacks easier for the top higher-education attacker — ransomware gangs. With most schools offering virtual learning during the spring semester, they are [color=var(--theme-link_a)]particularly vulnerable to the operational disruption used by ransomware attackers to ensure payment, Berglas says.[/color]
"When they had on-site learning prior to the pandemic, if a school got hit with ransomware, maybe they could make the business decision to not pay the ransom because they could fall back to old-school learning," Berglas says. "But when 100% of your students are remote learning, and then you get hit with ransomware and the network goes down, it is forcing the hands of these universities to pay the ransom."
 
The company advised universities to adopt long passwords and implement MFA across all sensitive accounts, including e-mail access. To enforce these requirements, the organizations should monitor authentication attempts for anomalous activity and lock accounts that have nontypical behavior. In addition, password strength should be checked using blacklists, strength tests, or machine-learning algorithms designed to spot weak passwords.


Source

The operators behind the Minebridge remote-access Trojan have updated the malware, which is targeting security researchers using a malicious payload disguised in an attached resume document, according to the security firm Zscaler.

The newly discovered version of the RAT is embedded in macro-based Word document file. When a recipient clicks on the malicious link, Minebridge buries itself into the remote desktop software TeamViewer, which enables the hackers to deploy more malware or spy on the victim's device.

"We have recently observed other instances of threat actors targeting security researchers with social engineering techniques. The use of social engineering tactics targeting security teams appears to be on an upward trend," Zscaler notes.

Zscaler researchers also observed updated tactics, techniques and procedures since the last instance of the malware the security firm observed in March 2020.

FireEye researchers first observed this malware targeting U.S. financial firms in January 2020. At that time, the operators were planting the Minebridge backdoor into corporate networks to deliver other malware and allow attackers to map the infrastructure, FireEye said (see: Financial Firms Targeted With New Type of Backdoor: Report).

Attack Analysis
Zscaler researchers’ analyzed a phishing campaign targeting security researchers with messages that appeared to come from someone with threat intelligence analyst experience looking for a job, according to the report. The malicious payload was disguised in an attached resume document.

When a recipient clicks on the malicious link, macros are enabled and display a message, "File successfully converted from PDF". Then a decoy document resembling the job resume is displayed.

The macro code uses a basic string obfuscation, constructs a command line and then executes it using Windows Management Instrumentation, which leverages the Windows utility finger.exe to download encoded content from the IP addresses.

"The encoded content is decoded using the legitimate Windows utility certutil.exe and executed," the researchers note. The usage of finger.exe to download the encoded content from the command and control server is one of the major TTP changes by this hacking group.

"We see an increase in usage of living-off-the-land binaries by the threat actor to download, decode, and execute the content in this new instance," the Zscaler researchers note.

Minebridge then executes a self-extracting archive, which, when executed, drops the legitimate TeamViewer binaries, DLLs and some document files.

"Execution flow starts with the binary called defrender.exe, which is masked to appear as a Windows Defender binary," the researchers note.

The Zscaler researchers found the binary defrender.exe is a legitimate TeamViewer application, version 11.2.2150.0, which is vulnerable to DLL side loading due to vague DLL references in the application’s library manifest. Researchers say that upon execution, it loads the msi.dll binary present in the same directory, which performs further malicious activity in the system.

Earlier, FireEye found that the malware was written in C++ programming language and that it implants itself within Microsoft TeamView, remote desktop software that allows an outside party to connect to a Windows device. Once installed, the backdoor attempts to connect to a command-and-control server controlled by the attackers.

If successfully installed, the malware gives the attackers capabilities such as "executing payloads, downloading arbitrary files, self-deletion and updating, process listing, shutting down and rebooting the system, executing arbitrary shell commands, process elevation, turning on/off TeamViewer's microphone and gathering system [User Access Control] information," FireEye researchers reported.

Threat Attribution
Zscaler says it has moderate confidence that the attack was carried out by TA505, an advanced persistent threat group threat group that has been active since at least 2014.

"The job resume theme and C&C infrastructure used in this new instance is consistent and in line with these former attacks. Due to the low volume of samples we identified for this new attack, we attribute it to the same threat actor with a moderate confidence level," Zscaler says.

The FireEye researchers also found that Minebridge uses a loader call Minedoor, which is associated with TA505. TA505 had previously used Minedoor to deliver backdoor malware called Friendspeak.


Source

The collection of puzzles in the Ultimate Puzzles series.
Ultimate Puzzles Animals 2 is the collection of puzzles in the Ultimate Puzzles series. Choose the animal you like and put it forward. Each puzzle is 4x4 in size, but the complication is that the puzzles need to be rotated in the right direction.



Homepage:
https://uniden.itch.io/ultimate-puzzle-animals

GP:
https://game.giveawayoftheday.com/ultima...animals-2/

READY FOR THE WORLDS FASTEST VPN?

BLAZING FAST SPEEDS
HideAway has been engineered from the ground up to be as fast as possible. In many cases your internet speed will get faster as HideAway has been optimized with many clever techniques to get the most speed out of your connection. Check out the speed tests on the right - HideAway absolutely blitzes other well known VPNs in speed comparisons.

In real world tests, HideAway is on average 3-7 times faster than OpenVPN and 2-5 times faster than Wireguard.

HideAway adapts to the latest technology. Now days web browsers are using faster protocls like QUIC to get the most speed out of web browsing and HideAway automatically uses it where as other VPNs can't.

FAST SERVERS
We only use fast servers based on major internet backbones. But we can get away with using cheap cloud servers without seeing any reduction in speed and then pass the cost savings on to you. If other VPNs try and use inexpensive cloud servers, it really shows with a reduction in speed. In fact, HideAway is so efficient, when a HideAway server is running at full bandwidth capacity it only uses 10% of one cpu.

FAST ENCRYPTION
HideAway uses the same encryption that Google Services use on mobile, so it's been engineered for speed and security. It runs at extremely high speeds and ensures confidentiality, integrity, and authenticity. You can read more info in the FAQ's.



Product page: https://www.firetrust.com/products/hidea...imited-vpn





I am needing a good informative review for Hideaway VPN. The reviewer will get a (3 year ) license as a reward for doing the review. If interested in doing a review please reply below.