Welcome, Guest
You have to register before you can post on our site.



  [Humble Store] Save up to 80% on Capcom games this weekend!
Posted by: djeans465 - 1 hour ago - Forum: Game Deals - No Replies

[Image: 17f564115b734dc53f5db3b07e30deae66ace392...d13cf823be]

[Humble Store] Save up to 80% on Capcom games this weekend!

Link:  You are not allowed to view links. Register or Login to view.

[Image: 6e0fa8a542605271d248d3866b4a3e07e3a3e157...663c04501f]
[Image: 6a438281badb6c5f8e5082da236bfab08f40eb32...b875814c79]
[Image: 6301077939abed0a152034dee5ebd3bba97b872e...f37476a1d5]
[Image: 045dd2d5a9d1b93799cc2316264fee083ca4cbae...03da5dc603]

Print this item

  Comodo Cybersecurity's First Quarter 2018 Threat Report
Posted by: mrtrout - 1 hour ago - Forum: Security News - No Replies

You are not allowed to view links. Register or Login to view.        Intelligence on Today's Emerging Threats

Comodo Cybersecurity's First Quarter 2018 Threat Report
2017 was a record year for cyber crime. Individuals and organizations saw a boom of as much as four times more new ransomware strains than in 2016. Large corporations felt the impact of the worst data breaches in recent history.

This year, stay ahead of the looming threats in the landscape by reading the latest updates from the Comodo Cybersecurity Threat Labs. Be informed and let no zero-day threat surprise you when you download the Comodo Cybersecurity First Quarter 2018 Threat Report.

Highlights include:

Increase in Cryptominers around the world
Advances in Password Stealers
Ransomware between the past and the future
Geopolitical intelligence

Print this item

  rsa 2018 Usability or Bust: Day Four (comodo cyber security)
Posted by: mrtrout - 1 hour ago - Forum: Security News - No Replies

You are not allowed to view links. Register or Login to view.        Usability or Bust: Day Four
April 20, 2018 | By admin
rsa 2018

Sometimes life just doesn’t make sense. As humans, we are capable of creating and implementing so many remarkable things, and yet we often struggle to make the most basic connections. From the great pyramids of Egypt to the voyage of Apollo 11 to the theory of relativity, mankind has demonstrated the ability to craft innovations that go far beyond the obvious limitations of body and mind. Even more, they have proven their capacity to create solutions for every avenue of life, especially as it pertains to the advancement of their livelihood. But for some reason, organizations around the world are still struggling with many aspects of cybersecurity, from writing bug-free code to establishing effective regulations. True, the rules of cyberspace are different from those of the physical world—and yes, we are currently embroiled in an unprecedented digital revolution… And yes, the nodal nature of a lightning-fast network makes controlling its boundaries difficult, but still. Can’t we make computers easier and safer to use?

VP and Principal Scientist at Comodo Cybersecurity, Dr. Phillip Hallam-Baker, believes we can. This morning, in his RSAC 2018 presentation, Why Did We Make Security So Hard?, he approaches the subject with startling simplicity. Usability. “The only security application we can expect users to use is one that demands nothing from them.” We all know an easier computer interface equates to better cybersecurity, especially for those folks who don’t know the difference between a router and firewall, so perhaps the solution isn’t so elusive after all. Provide people with clear, efficient, and intuitive systems, and they will handle them more appropriately as a result. Of course, educating people is always a smart decision, but the truth is most of the population is far too busy trying to complete their own online work to sit and ponder the security of their network or their email or their social media. They have their own fish to fry, as it were.


As Hallam-Baker reminds us, “secure applications and their features usually don’t get used because they require the user to be thinking about security,” when what they want to be thinking about is buying a microwave on Amazon or meeting their boss’s deadline. So, while technological responses to cybersecurity are obviously critical, understanding the inherent responses of human users is equally as valuable. Why does someone need to go through 17 different steps to enable S/MIME encryption (and click an extra button every time a message is sent) when in theory the process could be completed with far less effort? The point is, they don’t. “We have to strip out all unnecessary steps in securing data and make encryption the default and not the exception.” Combining this simple approach with effective managed security services, like those implemented by Comodo Cybersecurity, is a sure-fire way to create systems that are both safe and highly usable.

As long as we continue to treat cybersecurity as just a technical problem, and not a design one, we will continue to fail. But if we can honestly address the results of usability testing—thereby defining the efficacy of our products, applications, websites, software packages, or devices—the goal of improved usability and security is fully attainable. By shifting our focus to the optimization of UI designs, work flows, and user understanding, we can learn more about how people and systems can come together to achieve real progress. The data collected from usability labs can provide engineers with ideas for future innovation that speaks to the need for improved security and human understanding. This effort includes identifying issues with products and paying attention to how users:

Complete specific tasks
Meet usability objectives
Feel about the overall experience
Complete tasks within a set time period
The bottom line is, computers are smart and can do a lot of the heavy lifting for us. So, why make usability hard on the user? Hallam-Baker tells us, “any instructions you can write for the user can be turned into code and executed by the machine,” which makes perfect sense. Handing over the more complex actions to the computer-side of the exchange is a far better option that establishing unrealistic expectations for people who won’t (and often can’t) meet them.

Digital certificates

The hypothesis fleshed out through Hallam-Baker’s presentation asserts that is is possible to solve any security usability issue by introducing an additional layer of PKI. This set of roles, policies, and procedures supports the distribution and identification of public encryption keys and enables users and computers to securely exchange information over networks, thereby identifying the identity of the other part. Without this system, sensitive data could still be encrypted and shared but it could not confirm authorization. Digital certificates sit at the heart of PKI because they are what affirms identify of the certificate subject and binds that identity to the public key. As a solution layer, the Mathematical Mesh is a cloud repository for configuration data. Mesh tools pull configurations from the cloud and makes devices run properly with no user effort. This affects security because it automates the administrative process and implements security with minimal compromise and error. As a security tool, strong end-to-end encryption works internally to enable stronger application management of email, web, and SSH.

While this is not the only solution to the larger question of how to simplify usability, it provides clarity around just how feasible it would be to change the way we think about computers and how we interact with them. Yes, innovating new technology is always going to be an essential part of our digital evolution; however, strange as it sounds—we will likely never reach the stars if we don’t also remember our own limitations.

comodo cyber security

Print this item

  ccleaner attackers entered via teamviewer
Posted by: mrtrout - 2 hours ago - Forum: Security News - Replies (1)

You are not allowed to view links. Register or Login to view.     THREAT RESEARCH
Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer
  Ondrej Vlcek, 17 April 2018
Unrelated to the CCleaner attack, Avast also found ShadowPad samples active in South Korea and Russia, logging a financial transaction

Today, I shared new findings from Avast’s continued investigations of the CCleaner APT (Advanced Persistent Threat) at RSA.

Last September, we disclosed that CCleaner had been targeted by cybercriminals, in order to distribute malware via the CCleaner installation file. The modified installation file was downloaded by 2.27 million CCleaner customers worldwide. Thereafter, our threat intelligence team has been investigating what happened.

Since the update we gave at SAS last month, we have made further discoveries about how the attackers infiltrated the Piriform network and the tactics they used to fly under the radar. As we looked for similarities with other attacks, we also analyzed older versions of ShadowPad, the cyber attack platform we had found on four Piriform computers. Our investigation revealed that ShadowPad had been previously used in South Korea, and in Russia, where attackers intruded a computer, observing a money transfer.

CCleaner attack: How the threat actors got into the Piriform network
To initiate the CCleaner attack, the threat actors first accessed Piriform’s network on March 11, 2017, four months before Avast acquired the company, using TeamViewer on a developer workstation to infiltrate. They successfully gained access with a single sign-in, which means they knew the login credentials. While we don’t know how the attackers got their hands on the credentials, we can only speculate that the threat actors used credentials the Piriform workstation user utilized for another service, which may have been leaked, to access the TeamViewer account.

According to the log files, TeamViewer was accessed at 5 AM local time, when the PC was unattended, but running. The attackers tried to install two malicious dlls, however, the attempts were unsuccessful due to lack of admin rights to the system. On the third try, the attackers succeeded to drop the payload, using VBScript, the scripting language developed by Microsoft.

How attackers tried to get into the 1st computer

The next day, March 12, 2017, the attackers moved laterally onto a second computer, again targeting an unattended computer outside of work hours (4 AM local time). The attackers opened a backdoor through Microsoft’s Remote Desktop Service, delivering a binary and payload to the computer’s registry. The payload delivered was an older version of the second stage malware, which was delivered to 40 CCleaner users.

Lateral movement to second computer on March 12

Two days later, the attackers went back to the first computer, also infecting it with the older version of the second stage malware.

moving-back-to-1st-computer-1The attackers moved back to the first computer, infecting it with older version 
of the second stage malware

After several weeks of apparent inactivity, the next stage of the payload was delivered to the first infected computer. We believe that the threat actors prepared the malicious binaries during the period of inactivity. The attackers applied several techniques to infiltrate other computers in the internal network, including using passwords gathered by the keylogger, and logging in with administrative privileges through the Windows Remote Desktop application. The payload delivered was the infamous ShadowPad, which we believe was intended as the third stage of the CCleaner attack. It was delivered as a mscoree.dll library to four computers in the Piriform network, including a build server, masking as a .NET runtime library to go unnoticed. This library, which was stored on the disk, had a time stamp on it, revealing that the version of ShadowPad we found was compiled on April 4, 2017. This was just eight days before it was installed on the Piriform computers, meaning it was customized for the attack, which we also described in earlier blog posts in March and September.

The attackers were in the Piriform network five months before they snuck the malicious payload into the CCleaner build. Avast acquired Piriform on July 18, 2017 and the first CCleaner build with the malicious payload appeared on August 2, 2017. It’s interesting it took them so long before they initiated their attack on CCleaner users.

ShadowPad active in South Korea and Russia
After analyzing the ShadowPad executable from the Piriform network, we looked for similar files on VirusTotal. We found two samples, one that appeared in South Korea and the other in Russia.

The sample that was uploaded to VirusTotal from South Korea was uploaded on December 27, 2017. It was created to communicate with CnC servers hosted by Konkuk University in South Korea, probably on a hacked PC. Based on how the sample was uploaded and the information included, we think a user uploaded it to VirusTotal, rather than a security company.



left: decrypted configuration of the virus showing the IP address used in the attack; image credit: Avast
right: Images from Internet search engine Shodan.io, showing the services available on the CnC server’s IP address; image credit: Shodan

The second ShadowPad executable we found on VirusTotal targeted a computer in Russia that was operated by an organization involved with the distribution of public budgets. One submission was uploaded with a file name and the second submission was uploaded to VirusTotal from China. The first file was submitted on November 3, 2017, and the second three days later on November 6, 2017.  

In the second submission, we found a 7ZIP file that contained further files, including the previous submission, along with an encrypted log from the keylogger module. We decrypted the log file and found keypresses in various processes, such as from Microsoft Word, Firefox, Windows Explorer, and КриптоПро CSP (CryptoPro CSP). The most interesting were logs from Firefox, where the user completed financial transactions. We also found a contract, which is also public record, and names of employees involved in these processes.

An interesting takeaway from the analysis of the ShadowPad version from Russia was that ShadowPad hasn’t always been modular. In the version from Russia, all modules were bundled in one executable, rather than separately stored in the Windows registry, as was the case with the version used for the Piriform attack. The bundled version gave us insights into a more thorough range of modules the attackers programmed. The attackers didn’t even bother to download some of them to the Piriform network; only three of the plugins that were used in the attack in Russia were also used for the Piriform attack.

ShadowPad-modules-in-RussiaShadowPad modules used in the Russian attack

The oldest malicious executable used in the Russian attack was built in 2014, which means the group behind it might have been spying for years. The specific payment information we found traced by the key logger is public record, however it is likely that the attackers also accessed sensitive information.

Cybersecurity needs to become a core part of M&A due diligence
The examples of ShadowPad in South Korea and Russia re-emphasize that ShadowPad has been active for a long time, and it is frightening to see how ShadowPad can spy on institutions and organizations so thoroughly.

In terms of CCleaner, up to 2.27 million CCleaner consumers and businesses downloaded the infected CCleaner product. The attackers then installed the malicious second stage on just 40 PCs operated by high-tech and telecommunications companies. We don’t have proof that a possible third stage with ShadowPad was distributed via CCleaner to any of the 40 PCs.

For Avast, there are two key takeaways from the CCleaner attack. First, M&A due diligence has to go beyond just legal and financial matters. Companies need to strongly focus on cybersecurity, and for us this has now become one of the key areas that require attention during an acquisition process. Second, the supply chain hasn’t been a key priority for businesses, but this needs to change. Attackers will always try to find the weakest link, and if a product is downloaded by millions of users it is an attractive target for them. Companies need to increase their attention and investment in keeping the supply chain secure.

Print this item

  Zoner Photo Studio introducing monthly payments
Posted by: Mike - 2 hours ago - Forum: Software Discussion - No Replies

Quote:Dear friends, dear photographers,
We now have the pleasure of presenting you with a major new feature for Zoner Photo Studio subscriptions. You can newly divide up your yearly subscription into low regular monthly payments.
The way it works is simple:
  1. In the order form, you select monthly payments instead of yearly

  2. You make your first payment immediately via card or PayPal

  3. We deduct all further payments automatically, on the same day of the month each time

  4. You can end your subscription at the end of any yearly license period
The regular price for monthly payments is $4.99. Starting out with Zoner Photo Studio is easier than ever, so get right to it!

This is a monthly payment for a yearly license. Your order creates a one-year obligation (12 payments). 

Want to know exactly how subscriptions work? You are not allowed to view links. Register or Login to view.

Print this item

  RoboForm Everywhere - 1 license (1-year)
Posted by: Mike - 2 hours ago - Forum: Personal Giveaways - No Replies

[Image: GKjoRNQ.png]

Normally $19.95/year, RoboForm Everywhere offers syncing across all devices, cloud backup, web access, premium email and phone support, and the ability to securely share logins with other RoboForm users.

Below are some of the great new features in RoboForm 8:
Provide RoboForm with the recipient’s email and share selected passwords safely and easily. Updates are synced to all users and access can be revoked at any time.

Use our Security Center to see how strong your passwords are and whether you use the same password on more than one site.

Select a trusted contact to securely obtain access to your RoboForm Data in the event of death, incapacitation, or simply as a method of account recovery.

I received a free license that I won't be using so I'm giving it away. This license key can only be redeemed for new Everywhere subscriptions and cannot be applied as renewal credit to an existing Everywhere subscription. The license key must be activated no later than April 30, 2018. Once activated, your key is unique to you and it will provide you with one year of service, starting on the date of activation. This offer cannot be applied as renewal credit to an existing RoboForm Everywhere subscription.


1 x RoboForm Everywhere (1-year)

If you would like to be entered in this giveaway then just leave a comment below.

I will randomize and pick 1 winner once giveaway has ended on April 24, 2018.

Print this item

  DUST STORM IN IRAN | Apr 16, 2018 ( Natural Disasters)
Posted by: mrtrout - 4 hours ago - Forum: Off Topic Chat - No Replies

You are not allowed to view links. Register or Login to view.       DUST STORM IN IRAN | Apr 16, 2018       
Natural Disasters
Published on Apr 17, 2018
Subscribe for more videos.
News & Politics
Standard YouTube License

Print this item

  [Tip] How to Export (Backup) Saved Website Passwords in Google Chrome
Posted by: tarekma7 - 6 hours ago - Forum: Guides, Tips & Tricks - No Replies

[Image: Export_Backup_Saved_Website_Passwords_Google_Chrome.png]

Quote:If you are a Google Chrome web browser user and want to take a backup of your saved passwords, here is a good news for you. Google Chrome 66 and later versions now allow users to export i.e. take a backup of saved passwords into a .CSV file.

When you login to a website such as Gmail, Outlook, Facebook, Twitter, etc or login to an online forum, Google Chrome asks you to save the credentials. You can use this feature to automatically save a particular website account credentials (username and password) in Chrome so that the browser can auto-fill the credentials next time you visit the same website. It helps users in automatically login to websites and forums without any need of entering usernames, email IDs and passwords every time.

Sometimes you may want to take a backup of all saved passwords in Chrome for future use. That's why Google has added a new feature to Chrome web browser to export saved passwords.

If you are using Google Chrome and have saved website passwords and now you want to take a backup of those passwords, following steps will help you:

1. Open Google Chrome and click on the 3-dots icon present at the end of the toolbar.

2. Now click on Settings option present in the main menu.

3. It'll open Chrome Settings page. Scroll down to bottom and click on Advanced link.

4. It'll show advanced settings. Again scroll down a little and under "Passwords and forms" section, click on Manage Passwords option.

5. It'll open the password manager page which will show a list of all saved passwords. You'll see a 3-dots icon present next to "Saved passwords" label.

Click on the 3-dots icon and then click on "Export passwords..." option.

6. Chrome will show you a warning message that "Your passwords will be visible to anyone who can see the exported file." Click on "EXPORT PASSWORD..." button.

7. For security purposes, Chrome will ask for your Windows user account password so that no other person can export your saved passwords.

Enter your Windows password in the security window and click on OK button.

8. Now the Save As window will appear on screen asking for the file name and location to save the passwords file. By default the file name is set to "Chrome Passwords.csv" but you can use any other desired name.

Select the desired drive and folder to save the file and click on Save button.

That's it. It'll export all saved passwords and will save then in a .CSV file which can be opened in Microsoft Excel or other software programs.

The .CSV file contains a list of all saved passwords in following format:

PS: Remember the passwords in .CSV file are saved in plain text so everyone can read the password. So keep the file in a safe place.

You are not allowed to view links. Register or Login to view.

Print this item

  Google Makes Safe Browsing Enabled by Default in Android Apps
Posted by: tarekma7 - 7 hours ago - Forum: Phones & Tablets News - No Replies

Quote:WebView 66 now featuring default browsing protection

Google has announced that all Android apps featuring WebView would come with Safe Browsing enabled by default to provide additional protection to users.

The company integrated Safe Browsing in WebView back in December, but this week, Google said that this feature would be enabled by default with the release of version 66.

Basically, what Safe Browsing does is add another security layer for users browsing the web, either from a browser or from an app, on mobile and desktop. Safe Browsing checks websites for malicious content, and if any linked is flagged, it warns users before pages are loaded.

The warning message looks similar to the one in the picture attached to the article and gives users the option to close the website and report details of possible security incidents to Google for further inspection. They can also continue loading the website should they want to.

Protecting more than 3 billion devices
Originally available in Google Chrome on both PCs and mobile devices, Safe Browsing is now making its way to all Android apps which can load websites.

“Developers of Android apps using WebView no longer have to make any changes to benefit from this protection. Safe Browsing in WebView has been available since Android 8.0 (API level 26), using the same underlying technology as Chrome on Android. When Safe Browsing is triggered, the app will present a warning and receive a network error. Apps built for API level 27 and above can customize this behavior with new APIs for Safe Browsing,” Nate Fischer, Software Engineer at Google, explains.

Google announced in the fall of 2017 that Safe Browsing was protecting approximately 3 billion devices worldwide, explaining that its adoption increased significantly in the last couple of years. The mobile version of Safe Browsing made its debut in Chrome in late 2015, while the iOS launch happened in iOS 10 in September 2016.

You are not allowed to view links. Register or Login to view.

Print this item

  Data Firm Left Profiles of 48 Million Users on a Publicly Accessible AWS Server
Posted by: tarekma7 - 7 hours ago - Forum: Security News - No Replies

[Image: LocalBlox.png]

Quote:LocalBlox, a company that scrapes data from public web profiles, has left the details of over 48 million users on a publicly accessible Amazon Web Services (AWS) S3 bucket, according to an UpGuard security researcher who discovered the data on February 28, this year.

The company secured the server on the same day, after the researcher contacted the firm.

"The bucket contained one 151.3 GB compressed file, which, when decompressed, revealed a 1.2 TB ndjson (newline-delineated json) file," UpGuard said yesterday in a report summarizing its findings.

Based on the exposed file's name —final_people_data_2017_5_26_48m.json— this appears to be a backup of the LocalBlox database made on May 26, 2017.

Data collected from Facebook, LinkedIn, Twitter profiles
LocalBlox claims on its website that it is capable of offering a "true 360 degree people view" by "marry[ing] work-life and personal-life individual data to generate combined intelligence."

UpGuard, who spent the past few weeks analyzing the data, says the LocalBlox archive it found contained data scraped from public profiles on sites like Facebook, LinkedIn, Twitter, and real estate site Zillow.

The JSON-formatted file contained names, physical addresses, dates of birth, (LinkedIn) job history, Twitter handles, and in some cases IP and email addresses.

Facebook profile data was also included, and based on the format of the data, UpGuard suggests this data might have been collected using the social network's search feature that allows users to find profiles based on an email address, a feature that Facebook has recently discontinued in the light of the Cambridge Analytica scandal.

LocalBlox appears to have used this feature to identify user profiles and then collected the details available in users' public profile. Collected details varied and could include names, pictures, skills, current job, companies (employer), family details, and other.

Data collected by scraping public profiles
This incident is technically a data leak, but is not, as well. LocalBlox suffered a breach by leaving the file on a misconfigured AWS server, but the exposed data was already known information.

All the data appears to have been collected by scrapping the respective sites' HTML code, rather than using APIs, which are locked down under strict legal terms that prevent mass scraping.

Facebook, Twitter, and LinkedIn also contain language in their public sites' terms of service that prevent the scraping of public pages. But in recent years, US courts have sided with data scraping firms in lawsuits filed by social networks, suggesting that data published in public profiles does not fall under copyright or privacy protection laws.

Following the intense media coverage of the Cambridge Analytica scandal and the subsequent consequences of third-party firms collecting data on social networking users without authorization, LocalBlox did not appear to take the publishing of the UpGuard report lightly.

In a phone call with a ZDNet reporter, chief technical officer Ashfaq Rahman claimed UpGuard "hacked" into its S3 bucket, said that most of the data was "fabricated" and used for internal testing only, and that nobody but the UpGuard researcher accessed it.

You are not allowed to view links. Register or Login to view.

Print this item

  Minecraft & CS:GO Ransomware Strive For Media Attention
Posted by: tarekma7 - 7 hours ago - Forum: Security News - No Replies

[Image: mc-ransomware-new.jpg]

Quote:When ransomware developers achieve huge media buzz like we saw with the PUBG Ransomware, it is not surprising to see other developers creating copycats. This is the case with two new in-development ransomware programs, if we can even call them that, for both Minecraft and Counter-Strike: Global Offensive (CS: GO).

Discovered by MalwareHunterTeam, neither of these programs actually encrypt any files on the computer. Instead they just display a Window that waits for a particular game related program to launch. Due to their limited functionality, I wouldn't even call them ransomware if it wasn't for the title that they used in the Window.

MC Ransomware

The first one is MC Ransomware, which we expect will force a user to play Minecraft in order to decrypt their files if encryption functionality is ever added. MalwareHunterTeam found 11 different samples of this infection, but when I checked them, the differences were minor between the first and latest one where they fixed a bug in the process detection routine.

Right now it just sits there waiting for someone to run an executable that is not MinecraftLauncher and that contains the string "Minecraft" in it. Once a program that contains the string is executed, the status text will change to "Playing minecraft". Like the PUBG Ransomware, you can name any executable as minecraft.exe and it will trigger the detection.

Read the full article You are not allowed to view links. Register or Login to view.

Print this item

  Microsoft Ports Anti-Phishing Technology to Google Chrome Extension
Posted by: tarekma7 - 7 hours ago - Forum: Security News - No Replies

[Image: Windows-Defender-Chrome-Extension.png]

Quote:Microsoft has released a Chrome extension named "Windows Defender Browser Protection" that ports Windows Defender's —and inherently Edge's— anti-phishing technology to Google Chrome.

The extension works by showing bright red-colored pages whenever users are tricked into accessing malicious links.

The warnings are eerily similar to the ones that Chrome natively shows via the Safe Browsing API, but are powered by Microsoft's database of malicious links —also known as the SmartScreen API.

[Image: Windows-Defender-Chrome-Extension-SmartScreen-API.png]

Chrome users should be genuinely happy that they can now use both APIs for detecting phishing and malware-hosting URLs. The SmartScreen API isn't as known as Google's more famous Safe Browsing API, but works in the same way, and possibly even better.

An NSS Labs benchmark revealed that Edge (with its SmartScreen API) caught 99 percent of all phishing URLs thrown at it during a test last year, while Chrome only detected 87 percent of the malicious links users accessed.

Read the Full Article:   You are not allowed to view links. Register or Login to view. 

Print this item

  Microsoft Outlook flaw let hackers steal your Windows password
Posted by: tarekma7 - 7 hours ago - Forum: Security News - No Replies

Quote:[Image: Microsoft-Outlook.png]

A vulnerability has been detected in Microsoft Outlook that risks users credentials being hacked by attackers. Discovered by Will Dormann of the CERT Coordination Center (CERT/CC), the vulnerability allows hackers to steal user’s Windows password just by having the target preview an email with a Rich Text Format (RTF) attachment that contained a remotely hosted OLE object.

The bug has already been patched by Microsoft as part of its April Patch, almost a year after it was first identified.

The Microsoft Outlook flaw
Explaining the vulnerability Dormann wrote,

Outlook blocks remote web content due to the privacy risk of web bugs. But with a rich text email, the OLE object is loaded with no user interaction. Let’s look at the traffic in Wireshark to see what exactly is being leaked as the result of this automatic remote object loading.

Here we can see than an SMB connection is being automatically negotiated. The only action that triggers this negotiation is Outlook previewing an email that is sent to it.

The Microsoft Outlook vulnerability can leak even Windows login credentials letting attackers take full control over the PC. As Microsoft Outlook automatically renders OLE content, it will initiate an automatic authentication with the attacker’s controlled remote server over SMB protocol using single sign-on (SSO), handing over the victim’s username and NTLMv2 hashed version of the password, potentially allowing the attacker to gain access to the victim’s system.

This may lead to the following credentials getting leaked (refer above screenshot),

IP address
Domain name
User name
Host name
SMB session key
Impact of the OLE Web Bug
This bug can hit victims in following two ways,

Windows crash

As Outlook can be compromised to initiate an SMB connection to an arbitrary host. Upon connecting to a malicious SMB server, Windows may crash. An example of this incident can be explained as below,

A rich text email in Outlook is made to point to an SMB server that exploits this vulnerability
Once Outlook previews such an email message, Windows will crash with a Blue Screen of Death (BSOD)
Every time Outlook is launched after encountering such a scenario, Windows will BSOD crash again because Outlook remembers the last email message that was open

Collecting Password hashes

As per Dormann’s research, the vulnerability is capable of leaking more than just the IP address of the victim.

Any passwords that are words (like “test”) or patterns (like “asdf”) are much easier to crack than randomly-generated passwords, since most cracking tools have rules to check for such things. Moreover, the hackers may have access to high-end GPUs, allowing them to crack common passwords with ease.

Microsoft issues half-hearted fix
Although Microsoft issued a much-delayed fix that prevents Outlook from automatically initiating SMB connections when an RTF email is previewed, Dormann says that it is not a complete full proof solution. He mentions,

“It is important to realize that even with this patch, a user is still a single click away from falling victim to the types of attacks described above. For example, if an email message has a UNC-style link that begins with “\\”, clicking the link initiates an SMB connection to the specified server.

How to avoid this vulnerability

Install Microsoft update CVE-2018-0950 if you haven’t
Block inbound and outbound SMB connections at your network border.
Block NTLM Single Sign-on (SSO) authentication, as specified in Microsoft Security Advisory ADV170014.
Ensure that your Windows login has a sufficiently complex password so that it is resistant to cracking. For better passwords you may do the following,
Use a password manager to help generate complex random passwords.
Use longer passphrases (with mixed-case letters, numbers and symbols) instead of passwords.
Stay safe!

You are not allowed to view links. Register or Login to view.

Print this item

  9 Educational Tools to Transform Your Class Into A Paperless Classroom
Posted by: tarekma7 - 7 hours ago - Forum: Software Discussion - No Replies

Quote:With the proliferation of web technologies and mobile apps, the concept of a paperless digital classroom becomes more relevant than any time before. At the core of this concept is the integration of educational technology in your dialy instruction in such a way that goes beyong the substitutive level (the first level in SAMR model), meaning you only use technology to substitute the tasks you would normally use in a traditional way, to a more transoformative and creative level where you get to tap into new learning/teaching possibilites  and redefine the way you teach. The purpose is not to use technology for the sake of technology but rather to create and open new unchartered educational territories and help students explore learning from different perspectives. To do this you need to be familiar with the theoretical background underlying the paperless classroom concept and also be equipped with the proper tools and apps to assist you in realizing it in your own teaching situation. Today’s post addresses the second requirement. It features some of our favourite web tools and apps teachers can use to tranfsorm their class into a paperless learning space. Some of the things you can do with these resources include:
Create, distribute and receive assignments
Collect and provide timely feedback
Take notes, annotate PDFs and share instructions
Communicate with parents and keep them informed of classroom learning
Create and share digital learning PDFs
Initiate formative assessments through quizzes, polls and exit tickets
Track grades, record attendance, create seating charts
Signing and sharing documents electronically

1. Google Drive:

Google Drive is absolutely one of the indispensable tools in the digital classroom. It provides teachers with a variety of educational tools and features to help them create , store and share different forms of documents, spreadsheets, slides and drawings. It also provides collaborative features that enhance team work and collaboration. Google Drive is also available for different devices  and works seamlessly across various platforms. Alternatives to Drive can be Dropbox, Evernote,

2. Showbie:

‘Showbie is a free educational app for teachers and students that makes creating and completing assignments, providing assessments, and storing grades easy. Some of its features include:
Share work from thousands of compatible iPad apps in a few taps
Use the pen tool and pin text notes directly on any PDF or image
Quickly distribute instructions and materials to your whole class
Chat privately with individual students to provide timely feedback
Record voice notes for verbal feedback or language exercises
Quickly review and assess batches of student work and provide rich, valuable feedback
Add student work to individual digital portfolios, or enable students to curate their own portfolios
Invite parents to view their student’s work and keep them informed of classroom activity
Can be used with any classroom subject
Available in 13 languages.’

Read the full article You are not allowed to view links. Register or Login to view.

Print this item

  Solved - The Application Has Failed to Start Because Its Side By Side Configuration I
Posted by: tarekma7 - 8 hours ago - Forum: General PC Help - No Replies

Print this item

  Dunning Kruger Effect in Cybersecurity | Risk Assessment
Posted by: tarekma7 - 8 hours ago - Forum: Video Reviews - No Replies

Print this item

  Ashampoo Music Studio 7 for 9.99$
Posted by: tarekma7 - 8 hours ago - Forum: Hot Deals & Discounts - No Replies

You are not allowed to view links. Register or Login to view.

Print this item

  Softorbits 70% Discount
Posted by: tarekma7 - 8 hours ago - Forum: Hot Deals & Discounts - No Replies

Use the following code:

You are not allowed to view links. Register or Login to view.

Print this item

  7 Cool Tricks You Can Do With A VPN
Posted by: tarekma7 - 8 hours ago - Forum: Guides, Tips & Tricks - No Replies

A VPN (Virtual Private Network) keeps you anonymous online, and that’s reason enough to use one. But there are other cool ways that a VPN can improve your life too.

Here’s how a VPN works: It encrypts your internet connection, and then routes it through a server in another location. It’s like an internet tunnel. Because your connection is encrypted, anyone who intercepts your data can’t read it. Because your connection goes through a server, no one can see where you are in the world. You have a fake IP address, and it looks like you’re browsing from the location of the server.

It might sound a bit technical but it's easy to use, and the perks are great. Here are seven cool tricks you can do with a VPN:

1. Stream more stuff:

Ever logged in to Netflix in a different country while you're on vacation? You get completely different content. There are all kinds of boring licensing reasons why this is, but it sucks. Some streaming service are only available in a particular country, such as BBC iPlayer. You can beat this system with a VPN and access whatever you want.

The website knows where you are from your IP address. You just need to switch on your VPN and choose a server in the right country. The website will see your fake IP address and thinks you’re in that country. Stream away!

2. Speed up your connection:

If you’ve heard of net neutrality, you’ll know it’s now legal for your internet service provider (ISP) to throttle your connection or block sites. That’s not fair. They can slow down your internet if they think you’re using too much bandwidth.

Well, not if you’re using a VPN they can’t. When your connection is encrypted, not even your ISP can see what you’re doing. If they can’t see what you’re doing, they can’t restrict it. Victory for the little guys.

3. Protect yourself on public Wi-Fi:

You probably use public Wi-Fi all the time. From airports to coffee shops, we love to jump on free bandwidth. The problem is that these connections often have little or no security. It’s super easy for a hacker on the same network to intercept your internet traffic. If you’re shopping or banking online then suddenly they’ve got your financial details.

With a VPN your data is strongly encrypted before it leaves your phone or computer. Jonny Hacker can still pull it out of the air, but he won't be able to read it. Problem solved.

4. Save money:

Did you know that online prices for hotels, flights, and loads of other things vary depending on which country you’re in? Crazy isn’t it?

Switch on your VPN. The website will think you’re somewhere else in the world, and suddenly you’ve got a better price. It’s called geo-spoofing, and it works great.

5. Use P2P securely:

Downloading stuff peer to peer (P2P) can be great, but there are also several risks. People you’re sharing with can see your IP address and work out where you are. Cyber-criminals can target you. Your ISP can get upset and restrict your bandwidth.

Just fire up your VPN. No one can see where you are or what you’re doing. You can upload and download to your heart’s content.

6. Browse in peace:

Even if you’re not doing anything nefarious, you may want to do things online that wouldn’t exactly make your mom proud. At least 49% of the world’s population knows what I’m talking about.

You think incognito mode it going to save you? No chance. It might hide the evidence on your computer, but your ISP and other sites are still happily logging your activity.

A VPN gives you the privacy and security you need. No one can monitor you. The best VPN providers don’t even keep logs themselves, so there’s no evidence anywhere.

7. Communicate online better:

Maybe Skype is blocked in the country you’re in. Maybe VOIP calls are cheaper if they’re to a local number. Maybe you don’t want anyone to hack into your conversation and eavesdrop.

You can avoid all these issues by encrypting your connection and faking your location. In other words, the VPN special.

Sounds great! Which VPN do I get?

There are hundreds of providers out there. Any VPN does the basics, some are a lot better than others. The worst ones might drop out suddenly, leaving you unprotected. They might limit your bandwidth or downloads. They might keep logs of your online activity to track you.

There are some excellent providers out there too.

Print this item

  XVA Assistant 0.8.2018.0409 for Windows
Posted by: Jeanjean - 8 hours ago - Forum: Freeware - No Replies

"XVA Assistant allows you to access and manage your desktop by turning it to a smartphone-like workspace. It comes with a stylish user interface and features easy-to-understand functions."

Download on Softpedia : You are not allowed to view links. Register or Login to view.

Test VirusTotal : You are not allowed to view links. Register or Login to view.

Print this item