Quote:Two factor authentication (2FA) is a method widely used by the financial institutions worldwide to keep their customers’ money safe: you know, those short 4-6-digit codes you receive from your bank that you have to input to approve a transaction. Usually, banks send those one-time passwords in SMS text messages. Unfortunately, SMS is one of the weakest ways to implement 2FA, as text messages can be intercepted. And that is what has just happened in the UK.

How can the criminals get your text messages? Well, there are different ways, and one of the most extravagant is exploiting a security flaw in SS7, a protocol used by telecommunications companies to coordinate how they route texts and calls (you can read more about it in this post). SS7 network does not care who sent the request. So, if malefactors manage to access it, the network will follow their commands to route text messages or calls, as if those commands were legitimate.

Quote:Blocking websites puts everyone's internet freedom at risk:

As of June 11, 2018, net neutrality rules in the USA expired, with new regulations taking effect that gave Internet Service Providers (ISPs) broad new powers over how consumers could access the Internet. In essence, net neutrality was the law that prevented ISPs, for example large cable and telephone companies, from blocking, throttling the loading speed of or discriminating against any form of legal content on the Internet.

As with any argument there are two sides to the story. Those in favour of net neutrality believe in the principle that the Internet should be equally available to everyone. ISPs should not be allowed to block, slow down, or charge extra for access to certain websites or services. Those who are against net neutrality believe that eliminating net neutrality will free up more financial resources for ISPs to invest in improving Internet access in poorly served areas, for example. 

Blocking access to VPNs:

Net neutrality took a blow recently as Reliance Jio, the third largest mobile carrier in India, was reported to be blocking access to several proxy and VPN sites that allow users to anonymously browse the web and sidestep internet service providers’ content restrictions online. Jio, which claims to have 250 million subscribers and offers some of the cheapest data plans in the world, is clearly in violation of net neutrality principles that state that ISPs should treat all online traffic equally. The Indian government approved these principles only last August. Such drastic action by the Indian government is a clear violation against net neutrality, and kick in the teeth to all those who condemn any kind of censorship. 

Quote:A trustworthy virtual private network (VPN) is a good way to keep your internet usage secure and private whether at home or on public Wi-Fi. But just how private is your activity over a VPN? In other words, how do you know if the VPN is doing its job or if you’re unwittingly leaking information to prying eyes?

To find out, you first need to know what your computer looks like to the internet without a VPN running. Start by searching for what is my IP on Google. At the top of the search results, Google will report back your current public Internet Protocol (IP) address. That’s a good place to start, but there is more to your internet connection and its potential for leaks.


Your public IP address is one way private information can leak over a VPN, but you can also leak information via Domain Name System (DNS) queries, WebRTC, torrents, and geolocation. To see what you look like in your default state, visit IPLeak.net. This website checks all the previously mentioned methods for leaking data. Take note of all the data you see on this page so you can compare it to your VPN’s.

Quote:Some top VPN choices:

Many VPN services these days do a good job of preventing the various data leaks that could reveal your identity, and our top-rated VPN services should all work well. Still, if you’d like some specific advice, here are four VPNs that do a good job of protecting against data leaks on both Windows and Android. In most cases, you shouldn’t have to make any settings adjustments to the VPN, but if there are any notable settings to be aware of we will note them here.

About:
Exclusive offer from Giveaway of the Day and MyPlayCity! No third-party advertising and browser add-ons!

Build an empire out of its grass hut roots! Take the role of a 300-year old emperor cursed to live without his true love until he appeases his god for a grievous offense. Gather resources, research new tools and build bigger and better accommodations as you care for your people and attract new citizens to your fold. Featuring outstanding graphics and a breathtaking score, Settlement: Colossus is a thrilling Hidden Object game!



GP:
https://game.giveawayoftheday.com/settlement-colossus/#
OR
Direct:
https://game.giveawayoftheday.com/downlo...d7dae5f6b6

System Requirements:
Windows XP/ Vista/ 7/ 8/ 10; CPU: 1.0 GHz; RAM: 128 MB; DirectX: 9.1; Hard Drive: 570 MB

The Art of Fight | 4vs4 Fast-Paced FPS

http://ipic.su/img/img7/fs/2019-02-02_09...090481.jpg

The Art of Fight is the fastest-paced multiplayer shooter in VR.It uses a game-changing locomotion method that avoids motion sickness allowing unparalleled 4v4 competitive battles online or against configurable bots.

https://store.steampowered.com/app/53127...Paced_FPS/

Nord VPN - nowhere easier

Quote:A typical computer user may find it difficult to choose and use a VPN. Meanwhile, contrary to the opinion of many people, security on the Internet does not necessarily have to be difficult and require technical knowledge. The NordVPN service is simple and intuitive, like making your morning coffee.

NordVPN offers the most secure, fast, easy and reliable VPN service for all major operating systems - Windows, macOS, Android and iOS. In addition, with one NordVPN account, you can simultaneously protect up to 6 devices.

Each of the applications includes all the necessary configurations, so any user can download, configure and enable the protection of their Internet traffic in just a few minutes.

NordVPN Internet Improvements
With NordVPN, you can connect to any country or any server around the world with just a few mouse clicks. Simply select the country you like and our unique algorithm will automatically direct your Internet traffic to the server that best suits your needs. Of course, advanced users can choose a specific server from the Servers tab, based on the download time and distance to the selected server, to ensure the maximum speed of the VPN connection.

In addition, our unique SmartPlay feature is now automatically built into all of our servers, so you can enjoy the freedom to access over 400 streaming services without additional effort. Its goal is to provide the best video streaming to your individual needs.

In addition, the settings menu provides many options for easy customization to suit your preferences. For example, you can switch between TCP and UDP ports to use the OpenVPN protocol, use special masking servers for countries that restrict the use of VPN, install the application to automatically start and connect to your favorite server, configure the automatic functions of the Kill Switch and CyberSec, or set custom DNS- servers - and all this with minimal effort.

In addition, regardless of the platform used, the DNS protection feature is enabled by default, which prevents accidental disclosure of your personal data.


Key features of NordVPN services

• 790 servers in 57 countries of the world (updated weekly)
  
• No records
  
• Up to 6 simultaneous connections
  
• Automatic Kill Switch
  
• Ultra Secure Encryption (OpenVPN, SSTP, PPTP, L2TP / IPsec and IKEv2 / IPsec protocols)
  
• Compatible with most operating systems, including Windows, Mac OS X, iOS, Android and Linux
  
• Support for P2P file sharing networks
  
• Double data encryption for increased anonymity
  
• Onion Routing Tor via VPN Server
  
• Unlimited speed
  
• User support 24/7
  
• Major credit cards are accepted, as well as payments via PayPal, Paysera, Webmoney and Bitcoin
  
• Dedicated IP addresses on a separate request.
  
• Free secure bonuses (encrypted chat, secret notes and proxy server selection)
  
• 30 day money back guarantee
  
  

1. You must be registered before posting this post.
   
2. Answer here what VPN you use and what is most important to you in the VPN.
   

As always we have our monthly VPN giveaway for you guys. If you do decide to enter then you will be in with the chance of winning three free months of our premium “VPN + Smart DNS” package. The giveaway will run until the 7th of February and there will be five lucky winners chosen so you most certainly have a good chance of winning.
Like this image on Facebook

between 1st and 7th of February
and win 3 months of VPN + Smart DNS package!


https://www.facebook.com/cactusvpn/photo...=1&theater

Quote: Google Takes Its First Steps Toward Killing the URL
 
 
In September, members of Google's Chrome security team put forth a radical proposal: Kill off URLs as we know them. The researchers aren't actually advocating a change to the web's underlying infrastructure. They do, though, want to rework how browsers convey what website you're looking at, so that you don't have to contend with increasingly long and unintelligible URLs—and the fraud that has sprung up around them. In a talk at the Bay Area Enigma security conference on Tuesday, Chrome usable security lead Emily Stark is wading into the controversy, detailing Google's first steps toward more robust website identity.
Stark emphasizes that Google isn't trying to induce chaos by eliminating URLs. Rather, it wants to make it harder for hackers to capitalize on user confusion about the identity of a website. Currently, the endless haze of complicated URLs gives attackers cover for effective scams. They can create a malicious link that seems to lead to a legitimate site, but actually automatically redirects victims to a phishing page. Or they can design malicious pages with URLs that look similar to real ones, hoping victims won't notice that they're on G00gle rather than Google. With so many URL shenanigans to combat, the Chrome team is already at work on two projects aimed at bringing users some clarity.
"What we’re really talking about is changing the way site identity is presented," Stark told WIRED. "People should know easily what site they’re on, and they shouldn’t be confused into thinking they’re on another site. It shouldn’t take advanced knowledge of how the internet works to figure that out."


Read More...https://www.wired.com/story/google-chrom...rst-steps/

Quote:The Siri Shortcuts that Apple introduced in iOS 12 can be abused by attackers for malicious purposes, IBM’s security researchers have discovered.
Siri Shortcuts, meant to provide users with faster access to applications and features, automate common tasks and can either be enabled by third-party developers in their apps or custom-designed by users who download the shortcuts app from the App Store.
Once up and running on a user’s device, the application can perform complex tasks, which presents potential security risks, John Kuhn, senior threat researcher at IBM Managed Security Services, explains in a blog post.
Siri Shortcuts can facilitate a broad range of interactions between users and their devices, either directly from the lock screen or through existing apps. What’s more, users can share these Shortcuts from the app itself via iCloud.
Developers can create Shortcuts and present them to users from within their apps, and the shortcuts can appear on the lock screen or in ‘search’, based on time, location and context.
According to IBM’s security researchers, Shortcuts could be created for malicious purposes, such as scareware, a pseudo-ransom attack in which cybercriminals scare victims into paying by leading them to believe that their data has been compromised.
“Using native shortcut functionality, a script could be created to speak the ransom demands to the device’s owner by using Siri’s voice,” Kuhn says.
An attacker could automate data collection from the device (current physical address, IP address, contents of the clipboard, stored pictures/videos, contact information and more), and then have the data displayed to the user to convince them that the attacker can use the data.

About:
To Do List Organizer is an easy-to-use tool helping you to keep all your daily tasks clean and organized. Smooth and structured program interface makes it easy to change the status of your tasks when they are pending or complete. You can also integrate it with other tools.

The business license allows using the tool at the company level for commercial purposes.

Home:
https://bytescout.com/products/enduser/m...iness.html

System Requirements:
Windows XP/ Vista/ 7/ 8/ 10

GP:
https://www.giveawayoftheday.com/do-to-l...e-win-mac/#
OR
Direct:
https://www.giveawayoftheday.com/downloa...ff6d41c391

Mega Bundle - 600 Logo Templates


Get 600 Logo Templates that work in adobe Photoshop and Illustrator for just $18, saving you 99%!
This bundle includes all my logo templates created by VPcreativeshop in the last year.
Value of this bundle is over $6000. Now you can get this collection for $18, saving you 99%!

FORMATS

• .psd
  
  
• .ai ( Illustrator CS )
  
  
• .eps ( Illustrator CS )
  
  
• .asl ( Photoshop styles )
  
  
• .txt ( help file with links to download the fonts )
  
  
• IN THE BUNDLE YOU WILL FIND
  
  
• 10 Vintage Logo Templates
  
  
• 20 Boutique Logo Templates
  
  
• 20 Minimal elegance Logo Templates
  
  
• 30 Art Deco Logo Templates
  
  
• 40 SV Boutique Logo Templates
  
  
• 30 Elegant Emblems
  
  
• 40 SV Minimal Logo Templates
  
  
• 30 Luxury Logo Templates
  
  
• 40 SV Mosaic Logo Templates
  
  
• 30 Mandala Logo Templates
  
  
• 116 Animal Logo Templates
  
  
• 30 Minimal Badges
  
  
• 30 Minimal Logo Templates
  
  
• 30 Vintage Elegance Logo Templates
  
  
• 26 A-Z Art Deco Logo Templates
  
  
• 26 A-Z Geometric Logo Templates
  
  
• 26 A-Z Minimal Elegance Logo Templates
  
  
• 26 A-Z SV Logo Templates
  

• 300 DPI
  
  
• Fully Editable
  
  
• Vector
  
  
• CMYK
  
  
• Layered
  
  
• Organised
  
  
• Free Fonts Used
  
  
• Photoshop and Illustrator
  
  
• Easy to use
  

Ascomp's BackUp Maker Professional Edition 10 licenses

Quote:It may happen that important data will be irretrievably lost. This should not always be a user error or malware. At some point, even hard drives will fail, and there may be numerous other hardware defects, which then cause supergrain without warning.

No one should wait for a catastrophe, especially when it comes to business data. Of course, backing up your own data and always having a backup in case of an emergency also allows private users to sleep well.

Fuses can be created using BackUp Maker of the German company Ascomp in a really simple and fast way and, of course, restored. For purely personal purposes, the program is even available for free. However, then you need to live with the display of information windows and may not make a backup copy of the business data.

If you want to use BackUp Maker completely, you need the Professional Edition, and we are distributing this option 10x. In the Pro version, all updates for the main and auxiliary versions, including the technical support of the product, will be available for 24 months free of charge. And even then you get the benefit of cheaper updates.

A brief overview of some of the features of BackUp Maker:

• Backup format PkZip 4.5 for archives larger than 4 GB
  
• Password protection for backups
  
• Backup Encryption
  
• Burner driver is not required for burning to CD / DVD
  
• All important DVD formats, including Blu-Ray
  
• Download via secure FTPS connection in passive mode
  
• Canceled resume backup
  
• Backup to internal and external USB devices
  
• Back up files online
  
• Backups can be broken into pieces of the right size.
  
• Full and partial backup of even modified files and on demand in combination
  

         backup archive

• You can create multiple backups
  
• Backup at arbitrarily defined intervals or fixed time

ESET NOD32 Internet Security 

Quote:ESET NOD32 Internet Security is a new approach to integrated computer security.

The intelligent system constantly reports potential attacks and malicious programs that could harm the computer.

ESET NOD32 Internet Security - a comprehensive anti-virus solution that combines maximum protection and minimal impact on the system. Advanced technologies use intelligent methods to prevent attacks by viruses, trojans, spyware, worms, adware, rootkits and other types of threats, while not reducing system performance and not interrupting work.

Features and benefits of ESET NOD32 Internet Security
Redesigned interface

User interface version 10 has been significantly reworked and simplified, which was the result of usability testing. All text elements and notifications have been updated, and the interface has received support for languages from right-to-left, in particular Hebrew and Arabic. Online help is integrated into ESET NOD32 Internet Security and offers dynamically updated content.

Antivirus and antispyware protection

Proactive detection and cleaning of known and unknown viruses, worms, Trojans and rootkits. Advanced heuristic detection detects never-before-found malware, protecting against unknown threats and neutralizing potential risk. Web and phishing protection monitors the interaction between browsers and remote servers (including SSL). Email protection provides control over the POP3 (S) and IMAP (S) transport protocols.

Regular updates

Regular updates to the virus database and software modules are the best way to guarantee the maximum level of computer security.

ESET LiveGrid (cloud reputation system)

The user can check the reputation of processes and files directly from ESET NOD32 Internet Security.

Device control

Automatic scanning of USB flash drives, memory cards, CDs and DVDs. Lock removable drives depending on content type, manufacturer, size, and other attributes.

HIPS function

You can define in detail the behavior of the system: set the rules for the registry, active processes and programs, and customize your security strategy.

Game Mode

Postpone pop-up alerts, updates and other system actions to use the maximum amount of resources during games and other full-screen activity.

Quote:Protection against threats - all applications, files, folders and SD cards, as well as hidden files and processes are constantly checked for the presence of infected files.

Anti-spam module - allows you to identify reliable contacts through custom black and white lists, or simply block unknown numbers.
Call Pickup — blocks incoming and outgoing calls from unwanted numbers, which is especially important for parents, who have thus been able to monitor calls from the children's phone.
Security audit - conducts diagnostics of all important functions of the phone, including the battery status, free disk space, running processes, Bluetooth and device visibility, thereby allowing you to take the necessary security measures in time.
Reliable and flexible protection. Designed specifically for mobile operating systems, ESET Mobile Security runs smoothly in the background and provides reliable protection for all information that is stored or available on the phone, without affecting the speed of the mobile device.
Anti-theft. The ability to activate remote blocking on your device using any mobile phone. Then locate your phone on the map. To prevent unauthorized use of personal information, send a remote wipe command to delete all data stored on a lost mobile device.
SIM matching. Create a list of trusted SIM cards. In case of unauthorized replacement of a SIM card, contacts that will be designated as a trusted friend will receive an SMS warning that an unknown SIM card is inserted into the user's phone, as well as complete information on it, including the phone number, IMSI and IMEI codes.

Hello to everyone

I want to announce a new contest here!
WinX MediaTrans Contest [5 License Key] 1 Year



Best iTunes Alternative for Windows

The only stand-alone iPhone manager that lets you flexibly control iOS files without installing iTunes and its components. MediaTrans connects your PC with iPhone, iPad or iPod, enabling direct two-way transfer as simple as copy-and-paste.

• Selectively sync files or in bulk – no data erasing.
  
• Back up iPhone photos/videos to PC – encrypt easily.
  
• Manage, edit, add, delete and export – more familiar.
  
• Move non-iTunes music to your iPhone. Make ringtone.
  
• Auto rotate. Export voice memos. Manage books, etc.
  

Easily Download Online Videos from Plentiful Sites

This powerful and productive video downloader can download and save videos from various websites. You can also download online videos that are streamed by HTTP, FTP, RTMP and other multimedia transferring protocols. You are also allowed to download multiple videos in parallel which helps you save much time.
https://www.apowersoft.com/video-download-capture.html

Giveaway: link









less than 24 hours left

Note:

1. Free item does not support FREE lifetime upgrades and lifetime customer service.
   
2. If you do not receive the registration code, please check your Spam mailbox.
   

The US Department of Justice announced today an effort to take down Joanap, a botnet built and operated by North Korea's elite hacker units.
 
Efforts to disrupt the botnet have been underway for several months already, based on a court order and search warrant that the DOJ obtained in October 2018.
 
Based on these court documents, the FBI's Los Angeles Field Office and the US Air Force Office of Special Investigations (AFOSI) have been operating servers mimicking infected computers part of the botnet, and silently mapping other infected hosts.
 
This was possible because of the way the Joanap botnet was built, relying on a peer-to-peer (P2P) communications system where infected hosts relay commands introduced in the botnet's network from one to another, instead of reporting to one central command-and-control server.
 
Now, after months of mapping fellow infected hosts, the DOJ says it plans to notify victims, directly and through their internet service providers, in an effort to have these systems disinfected, and indirectly disrupt one of North Korea's oldest cyber-weapons.
 
The DOJ's effort today is a natural step in its process of countering the North Korean cyber threat after last fall US authorities charged a man they believed was part of North Korea's hacking units.
 
The Joanap botnet is one of the tools North Korean hackers used many times in the past, which made it a prime target for the DOJ's takedown efforts.
 
 
According to a Department of Homeland Security alert published in May 2018, and according to reports from cyber-security vendors, the Joanap botnet has been around since 2009, and has been built using a combination of two malware strains.
 
The first is the Brambul malware, a SMB worm that spreads from Windows PC to other Windows PCs by brute-forcing Server Message Block (SMB) services running on remote computers using a list of common passwords.
 
Once on an infected host, the Brambul worm downloads another malware strain, the Joanapbackdoor, and then moves on to scan for other computes to infect.
 
The Joanap backdoor trojan can download, upload, or execute files, manage local processes, and start a proxy to relay malicious traffic through the infected host.
 
The Joanap botnet is the network of computers infected with this very potent and feature-rich backdoor.
 
"Through this operation, we are working to eradicate the threat that North Korea state hackers pose to the confidentiality, integrity, and availability of data," said Assistant Attorney General for National Security John Demers. "This operation is another example of the Justice Department's efforts to use every tool at our disposal to disrupt national security threat actors."

Source :  https://www.zdnet.com/article/doj-moves-...e-hackers/

The Department of Home Affairs has been told law enforcement and national security agencies are already using the Act as the department continues to 'support' its implementation.
 

 
The Department of Home Affairs (DHA) has used its submission to the Parliamentary Joint Committee on Intelligence and Security's (PJCIS) Inquiry into Australia's encryption laws to discuss how it implemented, or agreed to at least in part, all 17 recommendations made in December, prior to the Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 being pushed through Parliament.
It also used its submission [PDF] to disclose that it had "been advised" that federal law enforcement and national security have already begun using the powers contained within.
 
Australia now has world-first encryption laws. This guide explains what the laws can do, what they cannot do, and how Australia ended up here.
 
"The department has also been advised by Commonwealth law enforcement and national security agencies that the powers in the Act have been used to support their work," Home Affairs said, noting in the same paragraph that it was working closely with these agencies to facilitate the implementation of the Act.
Under the new laws, Australian government agencies will be able to issue three kinds of notices:

• Technical Assistance Notices (TAN), which are compulsory notices for a communication provider to use an interception capability they already have;
  
• Technical Capability Notices (TCN), which are compulsory notices for a communication provider to build a new interception capability, so that it can meet subsequent Technical Assistance Notices; and
  
• Technical Assistance Requests (TAR), which are voluntary requests to use existing capabilities, but have been described by experts as the most dangerous of all.
  
  

The Law Enforcement Conduct Commission (LECC) has asked for inclusion to the list of organisations able to access encrypted communications under Australia's new laws, unsure of the rationale behind its exclusion.
 
The LECC was established in 2017 to investigate, and oversee, law enforcement misconduct in New South Wales. The NSW Police Force is the largest in the country, with 20,725 members.
 
In its submission [PDF] to the Parliamentary Joint Committee on Intelligence and Security's (PJCIS) Inquiry into Australia's encryption laws, the LECC said it relies significantly on telecommunications interception warrants to investigate serious offences allegedly committed by NSW Police Force officers.
 
It said that last year, 93 percent of IP communications intercepted by virtue of LECC warrants were encrypted. It also said its digital forensics capability is hindered by the use of encryption to secure devices and digital storage.
 
"The legislative access to 'designated communications providers' provided within Schedule 1 of the Act would assist the LECC's investigation of serious offences," it wrote.
 
Schedule 1 of Telecommunications and Other Legislation Amendment (Assistance and Access) Act 2018 allows police to investigate "prescribed offences", which includes all offences that attract a penalty of at least three years imprisonment.
 
The LECC has argued the rationale provided for its exclusion is insufficient.

Source :  https://www.zdnet.com/article/nsw-police...nications/

The Cobalt hacking group has been using Google App Engine to distribute malware through PDF decoy documents. The group targeted more than 20 other government and financial institutions worldwide.
 
Cobalt crime gang is a Russian hacking crew that has been active since at least 2016, it targeted banks worldwide, the group leveraged spear-phishing emails to compromise target systems, spoofed emails from financial institutions or a financial supplier/partner.
 
In August, security experts from Netscout’s ASERT uncovered a campaign carried out by the group that targeted the NS Bank in Russia and Carpatica/Patria in Romania.
 
Recently that hacking crew leveraged URL redirection in PDF decoy documents to deliver malicious payloads to the victims. Threat actors used HTTPS URLs to point to Google App Engine, with this technique attackers attempt to trick the victim into believing they are accessing a resource from Google.
 
Attackers used specially crafted PDF documents created with the Adobe Acrobat 18.0 that contained the malicious URLs in a compressed form.
 
“Most of the PDF’s we observed were created using Adobe Acrobat 18.0. They contained the malicious URL in a compressed form in the PDF stream using Flat Decode (Filter/FlateDecode).” reads the analysis published by Netskope.

For : http://www.cyberdefensemagazine.com/coba...t-attacks/

European aerospace corporation Airbus disclosed today a security breach that impacted its commercial aircraft manufacturing business.
 
The company said the security breach "resulted in unauthorised access to data."
 
According to a press release published earlier today, Airbus said that "some personal data was accessed," but "mostly professional contact and IT identification details of some Airbus employees in Europe."
 
The aircraft manufacturer is currently investigating to understand if the intruders targeted and accessed employee and other specific data on purpose, or if this was an opportunistic attack.
 
Airbus said its security team had taken the appropriate measures to strengthen its security defenses. Airbus experts are also looking into the cause and origin of the hack.
 
The company said that despite the security breach, there was no impact on its commercial operations, with its manufacturing plants continuing to operate as normal.
 
An Airbus spokesperson did not respond to a request for additional information from ZDNet before this article's publication.
 
 
The company also said it notified the relevant authorities, according to existing GDPR (General Data Protection Regulation) rules, and also notified all employees who may have had their data exposed in the breach.
Airbus stock was up following the announcement.
 
Last year in March, Airbus rival Boeing was hit by a rogue strain of the WannaCry ransomware, but said the malware infection didn't impact its production capabilities.

For : https://www.zdnet.com/article/airbus-dat...in-europe/