Securitate IT - protectie impotriva ransomware si al virusilor informatici

Microsoft released an out-of-band security update that corrected a faulty patch that left Windows 7 and Windows Server 2008 open to attack.

If you look at the figures , you cannot deny that the eCommerce industry is steadily growing. More and more people are doing their shopping online, not only for products and services geared toward the use of technologies and the Internet, but also for items previously only found in brick and mortar stores—groceries, clothing, and, of course, books. But within the eCommerce market, a submarket is springing to life. Mobile payment, in particular, appears to be making its way to mainstream adoption in certain parts of the globe. So how does it work? And how can we make sure our mobile transactions, just as our other online payments, are secure? Mobile payment methods Mobile payment is a regulated digital transaction that uses mainly smartphone devices to pay for goods and/or services. This kind of undertaking is supported by apps that act as mobile wallets, which are tied to users’ bank accounts. There are many forms of mobile payment in use today. In countries like South Korea, Japan

Atlanta suffers massive ransomware attack

At this very moment, your inbox is teeming with them. Like an annual migration upriver, phishing emails swim their way into the inboxes of all Americans when tax season rolls around. Every January 1 st through April 15 th , cybercriminals blitz the public with their most clever deceits. They pose as someone you know or an institution you use, stating in an official-sounding way that “there’s a problem with your account, just click here to clean it up.” That’s their bait. It’s all decoy.

In January, independent IT-security institute AV-TEST conducted a study of twenty mobile security products for Android. The goal was to test the three main pillars of a strong mobile security solution — malware detection, false positive prevention, and performance impact. Avast Mobile Security was evaluated in the study and aced all categories.

Under Armour is getting kudos for disclosing breach within weeks, but concerns remain over an unknown portion of credentials reportedly stored using the weak SHA-1 hashing function.

TLS stands for “ Transport Layer Security ” and it’s rather important. Why’s that? Oh, I’m glad you asked. Here’s me, yelling my password across the office to you: “PASSWORD!!!” You heard me loud and clear, right? But so did basically anyone else nearby. Now let’s work in a little TLS love and attention, and yell again: “Large pile of nonsense where the password should be!” Wow! What happened? Imagine my endlessly yelled password is available to really clever people, uh, standing outside my window listening in. Imagine someone soundproofed said room to enable continued, secure, password yelling. I can yell “Password!” at you all day long, and all anyone else will hear is garbage. That, in a roundabout “analogy crashing to the ground” sort of way, is TLS. It’s a cryptographic protocol that keeps your communications secure as they make their way from point A to point B. It’s very hard to intercept, listen in, or crack. Here comes TLS 1.3 SSL—Secure Socket Layer—came about in 1995

Advertisement Offers by GamerSuperstar is an extension with a description of "Advertising by GamerSuperstar". When installed, this extension will inject advertisements into web pages that you visit. These advertisements will be underlined keywords, foreign advertisements, or video ads. This article was published first at Remove the Advertisement Offers by GamerSuperstar Adware Extension

MessengerPC is a potentially unwanted program that opens a window that displays the embedded Facebook Messenger site. What it does not tell you, though, is that when the program is executed it unpacks a Node.js application into the %Temp% folder that performs other unauthorized actions such as connecting to remote sites and tracking you via Google Analytics. This article was published first at Remove the MessengerPC PUP

At this very moment, your inbox is teeming with them. Like an annual migration upriver, phishing emails swim their way into the inboxes of all Americans when tax season rolls around. Every January 1 st through April 15 th , cybercriminals blitz the public with their most clever deceits. They pose as someone you know or an institution you use, stating in an official-sounding way that “there’s a problem with your account, just click here to clean it up.” That’s their bait. It’s all decoy.

Drupal developers are urged to patch a bug that allows attackers to take over a site simply by visiting it.

Free Malware Removal Tool is a potentially unwanted program that states can detected malware and protect you using real time protection. While it may be able to scan and protect you from some malware, when testing it only detected one item, which was that Internet Explorer was restricted. When testing Internet Explorer, though, it had absolutely no problem launching. This article was published first at Remove the Free Malware Removal Tool PUP

By now it’s obvious that data security technology and protocols haven’t kept pace with the needs of consumers. Even as more people trust their most sensitive personal information to online apps and services, databases are routinely exposed. In 2017 alone, we learned about massive data breaches from major organizations like Equifax, Uber, and Verizon. In other words: We’re in the midst of a data breach epidemic. How bad is it? To help better understand the leaky state of data, TruthFinder created this infographic based on data from the Identity Theft Center . In 2005, there were 157 publicly-reported data breaches of sensitive information. By 2017, that number increased tenfold to 1,579 data breaches. The severity of breaches is increasing, too. The first breach that leaked over 1 million credit card numbers occurred in 2005, but now we hear about breaches that expose tens or hundreds of millions of records every few months. Check out TruthFinder’s infographic below. It provide

In the past, we used to have a blog series on exploit kits where we would periodically check in on the main players in the market. In March 2017, we wrote the Winter 2017 review, before exploit kit activity dropped down to a whisper. We’ve since discontinued our blog series, for lack of developments. A year later, however, exploit kits are showing signs of life. An uptick in campaigns and the sharpshooter-like targeting of a single country make exploits once again worth writing about. Overview RIG EK still remains the most common exploit kit used by different actors in a diverse set of malvertising campaigns. We haven’t observed Terror EK since Fall 2017 , but another older kit has made a comeback. And even though it remains largely unsophisticated, GrandSoft EK has maintained its activity. While we aren’t seeing Sundown EK anymore, a spin-off named GreenFlash Sundown was the first (and only so far) to leverage a new Flash Player zero-day and distribute ransomware. Magnitude EK i

In January, independent IT-security institute AV-TEST conducted a study of twenty mobile security products for Android. The goal was to test the three main pillars of a strong mobile security solution — malware detection, false positive prevention, and performance impact. Avast Mobile Security was evaluated in the study and aced all categories.

A lot of people (including us!) will tell you that you need to get a VPN (Virtual Private Network) to ensure your privacy and security when surfing the web. A VPN like Avast SecureLine creates an encrypted connection between you and a VPN server, which prevents others from seeing what you do online and from where you do it.

ISTR 23, 2017년 정보 보안 주요 사건들을 새로운 각도로 조명 Read More

Publish to Facebook:  No This is the first part of a four-part series covering twelve fundamentals for choosing a managed PKI solution, and questions to ask in the buying process. The purpose of this blog is to make you aware that not all Managed PKI providers are the same. In fact, there are some pretty significant differences between DigiCert’s offerings relative to the competition that you wouldn’t see by comparing data sheets. DigiCert’s key advantage is that the Symantec Managed PKI was designed as a service from the ground up as opposed to the competition, that have built their service from legacy on premise software. While the data sheets might look similar, over the next few weeks, we will highlight some of the fundamental advantages of Symantec Managed PKI. When it comes to Public Key Infrastructure (PKI), organizations have two deployment options: 1) they can opt for an in-house on-premise solution, or 2) a cloud-based service like Symantec Managed PKI*. There are man

Cisco releases 22 patches as part of its semiannual Cisco IOS and IOS XE software security advisory.

Researcher finds Microsoft’s January Patch Tuesday release included a fix for the Intel Meltdown bug, however the update opened up a new vulnerability.

This guest post is written by Vishal Thakur, CSIRT/Salesforce. For more on Vishal, read his bio at the end of the blog. QuantLoader is a Trojan downloader that has been available for sale on underground forums for quite some time now. It has been used in campaigns serving a range of malware, including ransomware, Banking Trojans, and RATs. The campaign that we are going to analyze is serving a BackDoor. In this post, we’ll take both a high-level look at the campaign flow, as well as a deep dive into how the malware executes, with a focus on the networking functions. We’ll dig into the binary to analyze how the malware executes and how it connects back to the C2. We’ll also analyze some interesting calls the malware makes, like calling and executing the netsh command to change local firewall rules. The latest version of QuantLoader is being served through a phishing campaign using some interesting techniques. The campaign starts with a phishing email that comes with a link serving th