Jump to content

All Activity

This stream auto-updates

  1. Today
  2. LOOKING TO START YOUR OWN BUSINESS OR SELLING EXISTING BUSINESS?
    We are a trusted real estate agent primarily focusing on purchasing and selling Toronto restaurants as well as commercial properties. With years of experience in hospitality, our team of professionals can help build up restaurants from scratch

    Visit us https://restaurantsale.tumblr.com/

  3. Yesterday
  4. Last week
  5. The signs of phishing can be obvious — a mismatch between the sender’s address and that of their supposed company, logical inconsistencies, notifications that appear to come from online services — but spotting a fake isn’t always so easy. One way to make a fake look more convincing is to tamper with the visible field containing the e-mail address. The technique is fairly uncommon in cases of mass phishing, but we see it quite a bit more in targeted messaging. If a message looks real, but you doubt the sender’s authenticity, try digging a little deeper and checking the Received header. This post describes how. Reasons to doubt Any strange request is a clear red flag. For example, an e-mail that asks you to do something outside your work role or perform any nonstandard action warrants a closer look, especially if it claims to be important (personal demand from the CEO!) or urgent (must be paid within two hours!). Those are standard phishing tricks. You should also be wary if you are asked to: Follow a link in the e-mail to an external website that requests your credentials or payment information; Download and open a file (particularly an executable file); Carry out actions related to monetary transfers or access to systems or services. How to find e-mail headers Unfortunately, the visible From field is easy to spoof. The Received header, however, should show the sender’s real domain. You can find this header in any mail client. Here, we’re using Microsoft Outlook as an example because of its widespread use in modern business. The process should not be radically different in another client, however; if you use one you can consult the help documentation or try to find the headers yourself. In Microsoft Outlook: Open the message you want to check; On the File tab, select Properties; In the Properties window that opens, find the Received field in the Internet headers section. Before reaching the recipient, an e-mail can pass through more than one intermediate node, so you may see several Received fields. You’re looking for the lowest one, which contains information about the original sender. It should look something like this: Received header How to check domain from the Received header The easiest way to make use of the Received header is to use our Threat Intelligence Portal. Some of its features are free, meaning you can use them without registering. To check the address, copy it, go to Kaspersky Threat Intelligence Portal, paste it into the search box on the Lookup tab, and click Look up. The portal will return all available information about the domain, its reputation, and WHOIS details. The output should look something like this: Information from Kaspersky Threat Intelligence Portal The very first line will probably display a “Good” verdict or “Uncategorized” sign. That just means our systems haven’t previously seen this domain used for criminal purposes. When preparing a targeted attack, attackers can register a fresh domain or use a breached legitimate domain with a good reputation. Carefully check the organization to which the domain is registered to see if it matches the one that the sender supposedly represents. An employee of a partner company in Switzerland, for example, is unlikely to send an e-mail through an unknown domain registered in Malaysia. Incidentally, it’s a good idea to use our portal to check links in the e-mail as well, if they seem dubious, and use the File Analysis tab to check any message attachments. Kaspersky Threat Intelligence Portal has lots of other useful features, but most are available only to registered users. For more information about the service, see the About the Portal tab. Protection against phishing and malicious e-mails Although checking suspicious e-mails is a good idea, keeping phishing emails from even reaching end users is better. Therefore, we always recommend installing antiphishing solutions at the corporate mail server level. Additionally, a solution with antiphishing protection running on workstations will block redirects through phishing links, in case the e-mail creators fool the recipient. View the full article
  6. CHECK-IN CORNER
    - Wide selection of milk teas, fruit tea, smoothies, slushes.
    - The first Bingsu shop in West End Toronto

    CONTACT US: https://checkincorner.ca/

  7. System apps — installed on your smartphone by default and usually nonremovable — tend to stay out of the limelight. But whereas with other apps and services users have at least some choice, in this case tracking and surveillance capabilities are stitched into devices’ very fabric. The above represent some conclusions of a recent joint study by researchers at the University of Edinburgh, UK, and Trinity College Dublin, Ireland. They looked at smartphones from four well-known vendors to find out how much information they transmit. As a reference point, they compared the results with open-source operating systems based on Android, LineageOS and /e/OS. Here’s what they found. Research method For the purity of the experiment, the researchers set a fairly strict operating scenario for the four smartphones, one users are unlikely ever to encounter in real life: They assumed each smartphone would be used for calls and texts only; the researchers did not add any apps; only those installed by the manufacturer remained on the devices. What’s more, the imaginary user responded in the negative to all of the “Do you want to improve the service by forwarding data”–type questions that users typically have to answer the first time they turn on the device. They did not activate any optional services from the manufacturer, such as cloud storage or Find My Device. In other words, they kept the smartphones as private and in as pristine a state as possible throughout the study. The basic “spy-tracking” technology is the same in all such research. The smartphone connects to a Raspberry Pi minicomputer, which acts as a Wi-Fi access point. Software Installed on the Raspberry Pi intercepts and decrypts the data stream from the phone. The data is then re-encrypted and delivered to the recipient — the developer of the phone, app, or operating system. In essence, the authors of the paper performed a (benevolent) man-in-the-middle attack. The scheme used in the study to intercept smartphone-transmitted data. Source The good news is that all transmitted data was encrypted. The industry finally seems to have overcome its plague of devices, programs, and servers communicating in clear text, without any protection. In fact, the researchers spent a lot of time and effort deciphering and analyzing the data to figure out what exactly was being sent. After that, the researchers had relatively smooth sailing. They completely erased the data on each device and performed initial setup. Then, without logging in into a Google account, they left each smartphone on for a few days and monitored the transfer of data from it. Next, they logged in using a Google account, temporarily enabled geolocation, and went into the phone’s settings. At each stage, they monitored what data was sent and where. They tested a total of six smartphones: four with the manufacturer’s firmware and two with the LineageOS and /e/OS open-source versions of Android. Who collects the data? To absolutely no one’s surprise, the researchers found that smartphone makers were the primary collectors. All four devices running the original firmware (and a set of preinstalled programs) forwarded telemetry data, along with persistent identifiers such as the device serial number, to the manufacturer. Here, the authors of the paper delineate standard firmware from the custom builds. For example, LineageOS has an option of sending data to developers (for monitoring programs’ operational stability, for example), but disabling the option stops data transmission. On factory-standard devices, blocking the sending of data during initial setup may indeed reduce the amount of data sent, but it does not rule out data transmission entirely. Next up for receiving data are the developers of preinstalled apps. Here, too, we find an interesting nuance: According to Google’s rules, apps installed from Google Play must use a certain identifier to track user activity — Google’s Advertising ID. If you want, you can change this identifier in the phone’s settings. However, the requirement does not apply to apps the manufacturer preinstalls — which use persistent identifiers to collect a lot of data. For example, a preinstalled social network app sends data about the phone’s owner to its own servers, even if that owner has never opened it. A more interesting example: The system keyboard on one smartphone sent data about which apps were running on the phone. Several devices also came with operator apps that also collected user-related information. Finally, Google system apps warrant a separate mention. The vast majority of phones arrive with Google Play Services and the Google Play Store, and usually YouTube, Gmail, Maps, and a few others already installed. The researchers note that Google apps and services collect far more data than any other preinstalled program. The graph below shows the ratio of data sent to Google (left) and to all other telemetry recipients (right): Amount of data transferred in kilobytes per hour to different recipients of user information. On the average, Google (left) sends dozens of times more data than all other services combined. Source What data gets sent? In this section, the researchers again focus on identifiers. All data has some kind of unique code to identify the sender. Sometimes, it is a one-time code, which for privacy is the correct way to collect the statistics — for example, on the operational stability of the system — developers find useful. But there are also long-term and even persistent identifiers that violate user privacy that are also collected. For example, owners can manually change the abovementioned Google Advertising ID, but very few do so, so we can consider the identifier, which is sent to both Google and the device manufacturers, near persistent. The device serial number, the radio module’s IMEI code, and the SIM card number are persistent identifiers. With the device serial number and the IMEI code, it is possible to identify the user even after a phone number change and complete device reset. The regular transfer of information about device model, display size, and radio module firmware version is less risky in terms of privacy; that data is the same for a large number of owners of the same phone model. But user activity data in certain apps can reveal a lot about owners. Here, the researchers talk about the thin line between data required for app debugging and information that can be used to create a detailed user profile, such as for targeted ads. For example, knowing that an app is eating up battery life can be important for the developer and will ultimately benefit the user. Data on which versions of system programs are installed can determine when to download an update, which is also useful. But whether harvesting information about the exact start and end times of phone calls is worthwhile, or indeed ethical, remains in question. Another type of user data that’s frequently reported is the list of installed apps. That list can say a lot about the user, including, for example, political and religious preferences. Combining user data from different sources Despite their thorough work, the researchers were unable to obtain a complete picture of how various phone and software vendors collect and process user data. They had to make some assumptions. Assumption one: Smartphone manufacturers that collect persistent identifiers can track user activity, even if said user erases all data from the phone and replaces the SIM card. Assumption two: All market participants have the ability to exchange data and, by combining persistent and temporary IDs, plus different types of telemetry, create the fullest possible picture of users’ habits and preferences. How this actually happens — and whether developers actually exchange data, or sell it to third-party aggregators — is beyond the scope of the study. The researchers speculate on the possibility of combining data sets to create a full profile of the smartphone owner (gaid stands for Google Advertising ID). Source Takeaways The nominal winner in terms of privacy turned out to be the phone with the Android variant /e/OS, which uses its own analog of Google Play Services and didn’t transmit any data at all. The other phone with open-source firmware (LineageOS) sent information not to the developers, but to Google, because the latter’s services were installed on that phone. These services are needed for the device to operate properly — some apps and many features simply do not work, or work poorly, without Google Play Services. As for the proprietary firmware of popular manufacturers, there is little to separate them. They all collect a fairly large set of data, citing user care as the reason. They essentially ignore users’ opt-out from collecting and sending “usage data,” the authors note. Only more regulations to ensure greater consumer privacy can change that situation, and for now, only advanced users who can install a nonstandard OS (with restrictions on the use of popular software) can eliminate telemetry completely. As for security, the collection of telemetry data does not appear to pose any direct risks. The situation is radically different from third-tier smartphones, on which malware can be installed directly at the factory. The good news from the study is that data transmission is fairly secure, which at least makes it hard for outsiders to gain access. The researchers did specify one important caveat: They tested European smartphone models with localized software. Elsewhere, depending on laws and privacy regulations, situations may differ. View the full article
  8. Have you read the ecstatic reviews by lucky club members who were given the unique opportunity to celebrate the club's birthday off the beaten track in Cambodia? Can't find the words to describe how interesting our cultural and entertainment program was, from the hot-air balloon rides and zip-lining to individual masterclasses on cooking traditional dishes from Khmer cuisine! Do you agree that anyone can make it onto the list of people invited to the next annual celebration? All it takes is a little hard work over the course of a year. We certainly believe it. To let you in on a secret, we're already deliberating over which country to pick for the next celebration, and the number of interesting destinations to choose from would make your head spin! You asked us to take the level of activity into account in the rating system, which doesn't take a massive amount of work but has benefits for both you and Kaspersky. We've taken your requests on board and... ...we're launching the Kaspersky Brand Ambassadors program! We know that all club members keep a close eye on developments at their favorite company by reading the news, articles, blog posts, etc. Now you can do more than just keep up to date. First and foremost, you can have an influence on how the brand is perceived on social media by becoming a brand ambassador, and secondly, you can earn rewards for this in the form of clubs in the rating system, and thirdly, once you've collected enough clubs, you can travel on an exciting trip to celebrate the club's next birthday! What do you need to do? We'll explain under the following headings: — Aim of the program — The EveryoneSocial platform and what it does — How to work with the platform — How to share posts — How to participate in the program — Why it's worth getting involved in the program today — How many clubs one can get in the rating Aim of the program The aim of the program is to reward club members who want to become brand ambassadors on social media (Facebook, Twitter, LinkedIn and Xing) to share news from and about Kaspersky and help create a positive image of the company by doing so. What's EveryoneSocial? Content sharing is boosted by the EveryoneSocial website. It's a platform where all the information about a company is gathered in one place: the content written by Kaspersky, pieces published by the media about the company and the industry as a whole, and content posted on social media. Every platform member can instantly see all the latest posts in one place when they open the app. You can also manage the sources supplying information so that publications are displayed conveniently, share information at any time via your own social media accounts, and earn rewards for doing so. And now let's look at how EveryoneSocial works and how to participate in the program: How the EveryoneSocial platform works: Why you need to join today The program is limited to 20 club members. What's more, the inexorable countdown to the club's next birthday is already underway, so the arithmetic is simple: start earlier, get more clubs, increase your chances of being invited on a trip. How to participate Club members (that is, those registered at forum.kasperskyclub.ru or kasperskyclub.com), except for the newcomers, can become program participants. To participate in the program, please apply in this thread. If we receive more than 20 applications, preference will be given to those with more subscribers on the above-listed social networks. Due to the limited number of places, the activity of program participants will be analyzed at the end of each calendar month. Participants with 10 shares or fewer per calendar month (the threshold may be revised later) are excluded from the program and another club member will be offered their place. Reward Program performance is determined by summing the number of shares and clicks. Participants can track their results in the Leaderboard section. Each share or click is worth 1 (one) club. Earned clubs are entered into the rating system by the 15th day of the month following the assessment month. Any queries regarding the crediting of clubs can be made within 30 days of updating the club member's rating; after that, the number of clubs credited for the assessment period cannot be recalculated. Note Kaspersky reserves the right, at any time and without prior notice, to terminate the program, to amend these rules, to withhold rewards and to exclude participants from the program in the event of a violation of these rules, cheating (including illegal boosting of shares/clicks) or actions intended to annoy, insult, threaten or harass any other individual. By participating in the program, you accept the rules unconditionally. No discussions are permitted in this thread. Messages not related to applications will be deleted. All questions about the program can be asked in this thread.
  9. To open the 224th episode of the Kaspersky Transatlantic Cable podcast, Ahmed, Dave, and I discuss the targeting of researchers by some state-backed hackers. We first mentioned this story a few months back, but this week we’re rekindling the debate on researchers being targeted after Twitter banned some phishing accounts. From there, we head into our first quiz — spoiler alert, Dave and I fall victim to Ahmed’s trickery. We then welcome Maria Namestnikova, head of GReAT Russia, to discuss how parents can educate their kids on using social media securely. From there, we move on to some REvil weirdness. The gang has seen the keys for its Tor sites stolen and some signs of instability. It’s since gone offline — again! For our third story, we stay with ransomware, for which US financial institutions report having paid about $600 million in the first six months of 2020. Then, it’s on to another quiz. We just can’t get enough. The next item on the docket is a teaser to a podcast coming this weekend with Allison Pytlak of the Women’s International League for Peace and Freedom (WILPF) to discuss the need for more gender diversity in infosec. To close out our podcast, we discuss a Wales school system that is enabling facial recognition for kids buying lunch. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Twitter suspends accounts used to snare security researchers Tips for parents on keeping kids safe online REvil ransomware shuts down again after Tor sites were hijacked US financial institutions report major increase in ransomware payments to cybercriminals Facial recognition used to take payments from schoolchildren View the full article
  10. Social networks becoming a burden? When out-of-control social media taxes your nerves, steals your focus and distracts you from important tasks, it’s time to do a digital detox. Today we will tell you how to get it done in a few easy steps. Step 1. Thin out your feed Unfollow anyone who doesn’t contribute to your experience — a former classmate newly obsessed with Sanskrit, an old hobby group that’s basically just ads now, whatever else you simply don’t want to deal with. If you’re not getting any benefit from the content, you have no need to invite it onto your feed. If an account is one you’d rather not unfollow or unsubscribe from, try muting it instead. Social networks let you hide updates from accounts without unsubscribing. Your friends won’t even know you’ve muted them. Step 2. Centralize communications Social networks are much more than just feeds; they’re also places to stay in touch with friends, relatives, and colleagues. But if you’re talking with people on half a dozen platforms, you may be wasting lots of time checking inboxes — even if no one has written to you. Try deciding with your friends where they should contact you, and centralize your correspondence on one or two platforms. That way you’ll be able to check the others much less often with no fear of missing an important message. Step 3. Clear up your screen Have you ever picked up your phone to check the weather, and then seen the Facebook icon, opened it just for a second, and ended up wasting two hours down a rabbit hole? To keep that from happening, try moving your social media icons out of sight. For example, hide them in a folder or send them back to your third or fourth page of apps — out of sight, out of mind. Step 4. Curate notifications No matter how responsible you may be about avoiding your feed and even keeping certain icons out of sight, if a social network sends a notification about a new post, you can easily, unthinkingly press that sneaky little window and find yourself right back in the thick of things. For help concentrating on what’s important, try disabling unnecessary notifications. To learn how, check out our instructions for iOS, macOS, Windows 10, and Android. Step 5. Configure Screen Time or Digital Wellbeing Seeing exactly how many hours a day you waste roaming social networks and messaging apps can be sobering. Apps to help with self-control are easy to find, but you don’t need to download anything for a view into your digital habits: Open your smartphone’s settings and enable Screen Time (in iOS) or Digital Wellbeing (in Android). Put the widget with the statistics in a place where you’ll always see it. And if seeing statistics isn’t enough, configure the app to let you open the social network only at certain times or for a limited amount of time. Step 6. Take a break Whenever you start something new, the most important — and hardest — thing is to establish new habits. Try spending a couple of weeks avoiding the apps that consume most of your time — when you reach for one out of habit, you can try imagining you’ve gone on a hike and don’t have an Internet connection. Better yet, actually get away from the Internet if you can. Cut off the flow of information so you can reset and no longer feel like you’re missing out. Step 7. Delete the app or your profile This step is optional; the suggestions above may have helped you attain the digital freedom you’re looking for, but if not, consider the drastic measure of removing the app from your phone or even deleting your account altogether. Don’t worry — you don’t have to lose your posts, messages, or photos. Almost every social network lets you keep all of your data even if you deactivate your profile. We’ve posted instructions on how to do this for Facebook, Instagram, Snapchat, and Twitter. Step 8. Keep an eye on yourself Having freed yourself from today’s social media overload, take a sec to congratulate yourself — but keep an eye on yourself as well. It’s entirely possible your brain will try to return to old habits. If in a couple of months you find yourself online at 3 a.m. debating the pressing issues in some stranger’s post comments, just go back and repeat these simple steps. View the full article
  11. Exactly five years ago, in October 2016, our solutions first encountered a Trojan named Trickbot (aka TrickLoader or Trickster). Found mostly on home computers back then, its primary task was to steal login credentials for online banking services. In recent years, however, its creators have actively transformed the banking Trojan into a multifunctional modular tool. What’s more, Trickbot is now popular with cybercriminal groups as a delivery vehicle for injecting third-party malware into corporate infrastructure. News outlets recently reported that Trickbot’s authors have hooked up with various new partners to use the malware to infect corporate infrastructure with all kinds of additional threats, such as the Conti ransomware. Such repurposing could pose an additional danger to employees of corporate security operation centers and other cybersec experts. Some security solutions still recognize Trickbot as a banking Trojan, as per its original specialty. Therefore, infosec officers who detect it might view it as a random home-user threat that accidentally slipped into the corporate network. In fact, its presence there could indicate something far more serious — a ransomware injection attempt or even part of a targeted cyberespionage operation. Our experts were able to download modules of the Trojan from one of its C&C servers and analyze them thoroughly. What Trickbot can do now The modern Trickbot’s main objective is to penetrate and spread on local networks. Its operators can then use it for various tasks — from reselling access to the corporate infrastructure to third-party attackers, to stealing sensitive data. Here’s what the malware can now do: Harvest usernames, password hashes and other information useful for lateral movement in the network from Active Directory and the registry; Intercept web traffic on the infected computer; Provide remote device control via the VNC protocol; Steal cookies from browsers; Extract login credentials from the registry, the databases of various applications and configuration files, as well as steal private keys, SSL certificates and data files for cryptocurrency wallets; Intercept autofill data from browsers and information that users input into forms on web-sites; Scan files on FTP and SFTP servers; Embed malicious scripts in web pages; Redirect browser traffic through a local proxy; Hijack APIs responsible for certificate chain verification so as to spoof the verification results; Collect Outlook profile credentials, intercept e-mails in Outlook and send spam through it; Search for the OWA service and brute-force it; Gain low-level access to hardware; Provide access to the computer at the hardware level; Scan domains for vulnerabilities; Find addresses of SQL servers and execute search queries on them; Spread through the EternalRomance and EternalBlue exploits; Create VPN connections. A detailed description of the modules and indicators of compromise can be found in our Securelist post. How to guard against the Trickbot Trojan The statistics show that the majority of Trickbot detections this year were registered in the US, Australia, China, Mexico and France. This does not mean, however, that other regions are safe, especially considering the readiness of its creators to collaborate with other cybercriminals. To prevent your company from falling victim to this Trojan, we recommend that you equip all Internet-facing devices with a high-quality security solution. In addition, it’s a good idea to use cyberthreat monitoring services to detect suspicious activity in the company’s infrastructure. View the full article
  12. Earlier
  13. Often, employees of security operation centers and information security departments turn to Kaspersky specialists for expert help. We analyzed the most common reasons for such requests and created a specialized service that helps customers to ask a question directly to an expert in the area they need. Why you might need expert help The threat of cyberattacks is growing all the time as cybercriminals find ever more ways to achieve their goals, discovering new hardware and software vulnerabilities in applications, servers, VPN gateways, and operating systems and immediately weaponizing them. Hundreds of thousands of new malware samples emerge every day, and a wide variety of organizations, including major corporations and even government agencies, fall prey to ransomware attacks. In addition, new sophisticated threat and APT campaigns are also unearthed regularly. In this setting, threat intelligence (TI) plays a vital role. Only with timely information about attackers’ tools and tactics is it possible to build an adequate protection system, and, in the event of an incident, to conduct an effective investigation, detect intruders in the network, send them packing, and determine the primary attack vector to prevent a repeat attack. Applying TI in a given organization requires having a qualified in-house specialist who can use TI provider data in practice. That expert thus becomes the most valuable asset in any threat investigation. That said, hiring, training and keeping cybersecurity analysts is expensive, and not every company can afford to maintain a team of experts. Frequently asked questions Several departments at Kaspersky help clients deal with cyberincidents. Briefly, they are the Global Research & Analysis Team (GReAT), the Global Emergency Response Team (GERT), and the Kaspersky Threat Research Team. In all, we have brought together more than 250 world-class analysts and experts. The teams regularly receive lots of client requests regarding cyberthreats. Having analyzed the recent requests, we identified the following categories. Analysis of malware or suspicious software A scenario we encounter pretty frequently involves the triggering of detection logic in endpoint security or threat hunting rules. The company’s security service or SOC investigates the alert, finds a malicious or suspicious object but lacks the resources to conduct a detailed study. The company then asks our experts to determine the functionality of the detected object, how dangerous it is, and how to make sure the incident is resolved after its removal. If our experts can quickly identify what the client sent (we have a gigantic knowledge base of typical attacker tools and more than a billion unique malware samples), they answer immediately. Otherwise, our analysts need to investigate, and in complex cases, that can take a while. Additional information about indicators of compromise Most companies use a variety of sources for indicators of compromise (IoCs). The value of IoCs lies largely in the availability of context — that is, additional information about the indicator and its significance. That context is not always available, however. So, having detected a certain IoC in, say, the SIEM system, SOC analysts might see the presence of a trigger and realize an incident is possible but lack the information to investigate further. In such cases, they can send a request to us to provide information about the detected IoC, and in many cases such IoCs turn out to be interesting. For example, we once received an IP address that was found in a company’s traffic feed (i.e., accessed from the corporate network). Among the things hosted at the address was a software management server called Cobalt Strike, a powerful remote administration tool (or, simply, a backdoor), that all sorts of cybercriminals use. Its detection almost certainly means the company is already under attack (real or training). Our experts provided additional information about the tool and recommended initiating incident response (IR) immediately to neutralize the threat and determine the root cause of the compromise. Request for data on tactics, techniques, and procedures IoCs are by no means all a company needs to stop an attack or investigate an incident. Once the cybercriminal group behind the attack has been determined, SOC analysts typically require data on the group’s tactics, techniques, and procedures (TTPs); they need detailed descriptions of the group’s modus operandi to help determine where and how the attackers could have penetrated the infrastructure, the information on methods attackers typically use to become entrenched in the network, as well as on how they exfiltrate data. We provide this information as part of our Threat Intelligence Reporting service. Cybercriminals’ methods, even within the same group, can be very diverse, and describing all possible details is not feasible, even in a highly detailed report. Therefore, TI clients who use our APT and crimeware threat reports sometimes request additional information from us about a particular aspect of an attack technique in a specific context of relevance to the client. We have been providing those sorts of answers, and many others, through special services or within the limited framework of technical support. However, observing a rise in the number of requests and understanding the value of our research units’ expertise and knowledge, we decided to launch a dedicated service called Kaspersky Ask the Analyst, offering quick access to our expert advice through a single point of entry. Kaspersky Ask the Analyst Our new service enables clients’ representatives (primarily SOC analysts and infosec employees) to get advice from Kaspersky experts, thereby slashing their investigation costs. We understand the importance of timely threat information; therefore, we have an SLA in place for all types of requests. With Kaspersky Ask the Analyst, infosec specialists can: Receive additional data from Kaspersky Threat Intelligence reports, including extended IoC and analytics context from GReAT and the Kaspersky Threat Research Team. Depending on your precise situation, they will discuss any connections between the indicators detected at your company with the activity described in the reports; Get a detailed analysis of the behavior of the identified samples, determine their purpose, and get recommendations for mitigating the consequences of the attack. The Kaspersky Global Emergency Response Team’s incident response experts will help with the task; Obtain a description of a specific malware family (for example, a particular piece of ransomware) and advice on protecting against it, plus additional context for specific IoCs (hashes, URLs, IP addresses) to help prioritize alerts or incidents involving them. Kaspersky Threat Research experts provide this information; Receive a description of specific vulnerabilities and their severity levels, as well as information about how Kaspersky products guard against exploitation. Kaspersky Threat Research experts likewise provide this data; Request an individual investigation (search) of dark web data. This will provide valuable information about relevant threats, which in turn suggests effective measures for preventing or mitigating cyberattacks. Kaspersky Security Services experts carry out the investigation. You’ll find more information about these services on our website. View the full article
  14. A recent review of five entry-level mobile phones retailing for about $10–$20 examined their security in detail. Commonly referred to as “feature phones” or “granny phones” — and often procured for elderly relatives either unwilling or unable to get used to smartphones — such phones can also be “just in case” spares. Some people also believe they are safer than Android-powered smartphones. Well, the reviewer refuted that last bit. He discovered hidden functions in four out of the five phones: Two transmit data at first power up (leaking the new owner’s personal information), and the other two not only leak private data, but can also subscribe the user to paid content by secretly communicating over the Internet with a command server. Infected granny phones The study author offers information about the methods used to analyze these simple devices’ firmware, the technicalities of which may be interesting to those willing to repeat the same analysis. However, let’s get straight to the findings. Out of the five phones, two send the user’s data somewhere the first time they’re powered on. To whom the data goes — manufacturer, distributor, firmware developer, or somebody else — is not clear. Neither is it clear how the data may be used. It could be assumed that such data might be useful to monitor sales or control the distribution of batches of products in different countries. To be clear, it doesn’t sound very dangerous; and after all, every smartphone transmits some telemetry data. Remember, however, that all major smartphone manufacturers at least try to anonymize the data they collect, and its destination is usually more or less clear. In this case, however, nothing is known about who is collecting owners’ sensitive information without their consent. For example, one of the phones transmits not only its serial number, country of activation, firmware info, and language, but also the base station identifier, handy for establishing the user’s approximate location. Moreover, the server collecting the data has no protection whatsoever, so the information is basically up for grabs. One more subtlety: The transmission takes place over the Internet. To be clear, a feature phone user may not even be aware that the device can go online. So, apart from anything else, the covert actions may result in surprise mobile traffic charges. Another phone from the review group, apart from leaking user data, was programmed to steal money from its owner. According to firmware analysis, the phone contacted the command server over the Internet and executed its instructions, including sending hidden text messages to paid numbers. The next phone model had even more advanced malicious functionality. According to one actual phone user, a total stranger used the phone number to sign up for Telegram. How could that have happened? Signing up for almost any messaging app means providing a phone number to which a confirmation code is sent by SMS. It seems, however, the phone can intercept this message and forward the confirmation code to a C&C server, all the while concealing the activity from the owner. Whereas the previous examples involved little more than unforeseen expense, this scenario threatens real legal problems, for example should the account be used for any criminal activities. What should I do now that I know push-button phones are unsafe? The difference between modern low-end phones and their counterparts of 10 years ago is that now, even dirt-cheap circuitry can include Internet access. Even with an otherwise clean device, this may prove an unpleasant discovery: a phone chosen specifically for its inability to connect to the Internet goes online anyway. Earlier, the same researcher analyzed another push-button phone. Although he found no malicious functionality, the device had a menu of paid subscriptions for horoscopes and demo games, the full versions of which the user could unlock — and pay for — with a text. In other words, your elderly relative or child could press the wrong button on a phone purchased specifically for its lack of Internet and apps and end up paying for the mistake. What makes this “infected” mobiles story important is that it’s often the manufacturer or a dealer back in China adding the “extra features,” so local distributors may not even be aware of the problem. Another complicating factor is that push-button phones come in small batches in a multitude of different models, and it is hard to tell a normal phone from a compromised one, unless one can thoroughly investigate firmware. Clearly, not all distributors can afford adequate firmware control. It might be easier just to buy a smartphone. Of course, that depends on budget, and unfortunately, cheaper smartphones may have similar malware issues. But if you can afford one — even a very simple one — from a major manufacturer, it could prove a safer choice, especially if your reason for choosing a push-button device is that you’re looking for something simple, reliable, and free of hidden functions. You can mitigate Android risks with a reliable antivirus app; feature phones offer no such control. As for elderly relatives, if they’re used to answering calls by opening their flip phone, adapting to a touch screen may prove next to impossible, but upgrading is worth a try in our opinion. Plenty of older folks have switched to smartphones easily enough and can now happily experience the wide world of mobile computing. View the full article
  15. During the latest Patch Tuesday, Microsoft closed a total of 71 vulnerabilities. The most dangerous of them is CVE-2021-40449, a use-after-free vulnerability in the Win32k driver that cybercriminals are already exploiting. In addition to that, Microsoft closed three serious vulnerabilities already known to the public. For now, Microsoft experts consider their probability of exploitation as “less likely.” However, security experts are actively discussing those vulnerabilities, and proofs-of-concept are available on the Internet — and therefore, someone may try to use one. Microsoft Windows kernel vulnerability CVE-2021-41335, the most dangerous of those three vulnerabilities, rates a 7.8 on the CVSS scale. Contained in the Microsoft Windows kernel, it allows for the privilege escalation of a potentially malicious process. Bypassing Windows AppContainer The second vulnerability, CVE-2021-41338, involves bypassing the restrictions of the Windows AppContainer environment, which protects applications and processes. If certain conditions are met, an unauthorized person can exploit it thanks to default Windows Filtering Platform rules. As a result, it can lead to privilege escalation. Members of Google Project Zero discovered the vulnerability in July and reported it to Microsoft, giving the company a 90-day deadline to fix it and ultimately publishing proof of concept in the public domain. The vulnerability has a CVSS rating of 5.5. Windows DNS Server vulnerability Vulnerability CVE-2021-40469 applies only to Microsoft Windows machines running as DNS servers. However, all current server versions of the operating system, starting with Server 2008 and up to the recently released Server 2022, are vulnerable. CVE-2021-40469 allows remote code execution on the server and has a rating of 7.2 on the CVSS scale. How to protect your company The results of our Incident Response Analyst Report 2021, which our Incident Response colleagues produced, indicate that vulnerabilities remain popular initial attack vectors. Moreover, the vulnerabilities aren’t necessarily the most recent — the main threat here is not zero-day vulnerabilities, but delays in the installation of updates in general. Therefore, we always recommend installing updates on all connected devices as soon as possible. Updating is especially important for critical applications such as operating systems, browsers, and security solutions. To protect your company from attacks using yet-unknown vulnerabilities, use security solutions with proactive protection technologies that can detect zero-day exploits. View the full article
  16. We kick off the Transatlantic Cable podcast this week with the recent Twitch data breach. Details are still scarce, but the topic is on the collective lips of the infosec community. From there, Jeff, Ahmed, and Dave move on to Facebook’s decision to crack down on its marketplace sales of Amazonian rainforest plots. How that will work in practice remains to be seen. Moving on, we talk about Google’s recent decision to send out authenticator keys to more than 10,000 people it identified as hacking risks. Our final story involves the FBI, submarine plans, and cryptocurrency. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Twitch gets gutted: All source code leaked Facebook to act on illegal sale of Amazon rainforest Google gives security keys to 10,000 high-risk users US nuke sub plans leaked on SD card hidden in peanut butter sandwich, claims FBI View the full article
  17. Our Behavioral Detection Engine and Exploit Prevention technologies recently detected the exploitation of a vulnerability in the Win32k kernel driver, leading to an investigation of the entire cybercriminal operation behind the exploitation. We reported the vulnerability (CVE-2021-40449) to Microsoft, and the company patched it in a regular update released on October 12. Therefore, as usual after Patch Tuesday, we recommend updating Microsoft Windows as soon as possible. What CVE-2021-40449 was used for CVE-2021-40449 is a use-after-free vulnerability in the NtGdiResetDC function of the Win32k driver. A detailed technical description is available in our Securelist post, but, in short, the vulnerability can lead to leakage of kernel module addresses in the computer’s memory. Cybercriminals then use the leak to elevate the privileges of another malicious process. Through privilege escalation, attackers were able to download and launch MysterySnail, a Remote Access Trojan (RAT) that gives attackers access to the victim’s system. What MysterySnail does The Trojan begins by gathering information about the infected system and sends it to the C&C server. Then, through MysterySnail, the attackers can issue various commands. For example, they can create, read, or delete a specific file; create or delete a process; get a directory list; or open a proxy channel and send data through it. MysterySnail’s other features include the ability to view the list of connected drives, to monitor the connection of external drives in the background, and more. The Trojan can also launch the cmd.exe interactive shell (by copying the cmd.exe file to a temporary folder under a different name). Attacks through CVE-2021-40449 The exploit for this vulnerability covers a string of operating systems in the Microsoft Windows family: Vista, 7, 8, 8.1, Server 2008, Server 2008 R2, Server 2012, Server 2012 R2, Windows 10 (build 14393), Server 2016 (build 14393), 10 (build 17763), and Server 2019 (build 17763). According to our experts, the exploit exists specifically to escalate privileges on server versions of the OS. After detecting the threat, our experts established that the exploit and the MysterySnail malware it loads into the system have seen wide use in espionage operations against IT companies, diplomatic organizations, and companies working for the defense industry. Thanks to the Kaspersky Threat Attribution Engine, our experts were able to find similarities in the code and functionality of MysterySnail and malware used by the IronHusky group. Moreover, a Chinese-language APT group used some of the MysterySnail’s C&C server addresses in 2012. For more information about the attack, including a detailed description of the exploit and indicators of compromise, see our Securelist post. How to stay safe Start by installing the latest patches from Microsoft, and avoid being hit by future zero-day vulnerabilities by installing robust security solutions that proactively detect and stop exploitation of vulnerabilities on all computers with Internet access. Behavioral Detection Engine and Exploit Prevention technologies, such as those in Kaspersky Endpoint Security for Business, detected CVE-2021-40449. View the full article
  18. The Kaspersky Club runs a bonus program to collect and exchange points for licenses or souvenirs. Earn points for your activity in the club, which you can collect and exchange in the store to receive licenses for Kaspersky products and exclusive souvenirs with the company's logo and free delivery! Who can take part in the bonus program? How many points are awarded for what? How long does it take for points to be received? What can points be deducted for? Where can I see the number of accumulated points and do they have an expiry date? Are there discounts for the store and if so how can I receive them? What can you do if you really want a license or souvenir but don't have enough points? Where can I find more details about the souvenir's specifications? How can I complete an order and check if it's been placed correctly? Where can I check the status of my order? How much does delivery cost and which regions and countries can souvenirs be delivered to? Are there any delivery restrictions? Is there a minimum order for delivery? In what cases might a souvenir be replaced or not sent at all? What are the delivery times? What should you do when you receive your order and what if it arrives damaged? Can you pay for an order using the clubs accumulated as part of the rating system for motivating club members? Final provisions
  19. A new page in the Kaspersky Club's history is being written as you read these lines. A lot has changed over the years since the project began: an entire generation of club members has grown up, new traditions have been born, they've multiplied, and the world of IT security has come so far… Active participation in our project is aimed at, among other things, the exciting chance to be invited to one of the club's memorable birthday parties. We've been to a lot of destinations — Iceland, Cambodia, Turkey, Armenia, and a whole host of Russian cities — to celebrate each anniversary of our favorite project's creation. The responsibility of deciding who gets invited was a heavy burden that the club's board members shouldered for many years. A few months in advance of the big day, the project's main managing and advisory body would already have begun painstakingly weighing up the contribution made by each forum member who showed their worth over the past year. Not only was it difficult to recall and count every club member's activity, but their contributions also had to be ranked somehow in order of importance. Nevertheless, this system for evaluating each member's contribution to decide who gets invited on the trip was fine-tuned over the years to make it as objective as possible. Yet it still had one key flaw — it lacked transparency. Some club members who wasn't invited complained because they didn't understand why a certain Mr. Smith had received an invitation when they didn't. Apart from that, according to the established practice we evaluated only users within the club when deciding who will make the list, taking into account the contests and quizzes they organized, help offered to other users to solve various problems, and useful comments in topics and blogs, etc. But the number of projects which benefit Kaspersky has grown over the last few years. That's why from now on the selection process to draw up the guest list will take into account activity both inside and outside the club, including in the following programs: — Content Creator subprogram — Beta Testing of Kaspersky Products and Services program — Kaspersky Brand Ambassadors program How can you make it onto the guest list to celebrate the biggest and most important event in the club life? The rating system for motivating Kaspersky club members (further referred to as the rating system) will be used to draft the guest list for the trip, which counts the points club members earn in the programs listed above. In order to avoid confusion with the existing points system, the new points will be called "clubs" — the name of the club's internal currency which received the most votes in the competition to pick a name. Note: the rating system being introduced will not implement a formal approach to club members, doesn't change the original idea of the community, and doesn't aim to formalize relations between the forum members and Kaspersky. The rating system is designed to motivate club members to display activity. For example, it aims to motivate forum members who didn't see a point in helping other users to solve problems related to Kaspersky products and services before (those who considered this to be the role of official Kaspersky Technical Support), or those who didn't think they were capable of becoming beta testers. The new system lets these members know that all of these contributions are valued by the company, and they don't go unnoticed or unrewarded. The rating system allows each club member including newcomers to independently evaluate their own capabilities to find how exactly they can be useful and what they can receive in return. The rating of club members will be calculated by a tallying commission comprised of forum members based on the results of participation in the programs listed above. The list of achievements and number of clubs awarded for them are presented in the tables below. Content Creator subprogram According to the rules of the program Kaspersky Products Consultant program Product segment Number of cases solved per month Number of clubs Per case solved One-off bonus For personal (home) users 1-100 5 101-200 10 201 and above 15 500 For corporate users 1-10 25 11-50 50 51 and above 75 Note: clubs for participation in a program will not be awarded if at the end of the reporting month the member in accordance with the established procedure has chosen an alternative form of reward listed as an option in the program rules. Beta Testing of Kaspersky Products and Services program Achievement Number of clubs Beta testing and getting into the Top 50 ranked by the number of issues detected 1500 Issues detected 1st priority (for each) 750 2nd priority (for each) 500 3rd priority (for each) 250 4th priority (for each) 100 Kaspersky Brand Ambassadors program Achievement Number of clubs Share 1 Click 1 This isn't an exhaustive list of all the activity types that will be awarded clubs. The club admins can and will reward participants additionally for special achievements at their discretion. The process for calculating club member ratings is shown in the table below. Program Sources of data necessary to calculate and award clubs Frequency of rating updates Content Creator subprogram Data from the participants who sent links to their published content in accordance with the established procedure Generally once a month but at least once every quarter Beta Testing of Kaspersky Products and Services Data from those responsible for organizing and conducting beta testing Upon completion of beta testing Kaspersky Brand Ambassadors Data from those responsible for calculating the results of program participants Once a month Based on the current data from the rating system, club admin can compose a guest list for another event, fully or partially resetting the rating of members who've taken part in the event or without resetting it. The latest rating of members is generally published once a month following the calculation month, and is posted in a dedicated topic. The club admin sets the deadline for calculating and publishing the rating of members before the guest list is drafted for the trip to celebrate the club's birthday or for other events. Any questions related to the allocation of clubs are accepted within 30 days from the moment the current member rating is published. Any requests to reconsider clubs allocation after this period will be ignored. The club admin's achievements are evaluated according to a different set of criteria set by Kaspersky. Admin ratings aren't published, but they're taken into account when the guest list is being drawn up. A limited number of places to be filled is set by the club admin to invite members to the club's birthday celebrations in descending order according to their rating based on the total amount of club scores they accumulated over the period taken into account for the calculation (i. e. between the club's last birthday celebration and the next one). The minimum amount of clubs needed to make it onto the guest list for the trip is 2000. In cases when several members has earned the same amount of clubs and are competing for a place in the list, the final decision is taken by the club admin. The club admin has the discretion to offer all or individual members alternative ways to spend their clubs. A list of these offers is posted in a dedicated topic, with the corresponding number of clubs to be subtracted from a member's rating if they choose to take up one of these offers, as well as the conditions of receiving such an offer. The rating of all club members is reset back to zero once a year after each of the club's birthday trips. Members who were invited on the trip but were unable to attend for a valid reason (due to illness, a business trip, or other unforeseeable circumstances) may be offered valuable gifts as a compensation at the discretion of the club admin, a list of which is posted in a dedicated forum topic. Members who agree to exchange their invitation on the trip for a gift will have their rating fully reset back to zero, regardless of how many clubs the gift is valued at. If a member has turned down their invitation to go on the trip and also turns down the gifts they've been offered, 50% of the clubs they accumulated will be carried over into the next calculation period. In this case, only the clubs accumulated over the period between the club's last birthday celebration and the next one are wiped, i. e. there is no repeat subtraction of previously accumulated clubs (for the previous calculation periods). At the club admin's discretion, clubs can be carried over into the next calculation period in full for all or individual members. Clubs can not be used as points awarded for participating in the program to collect and exchange points for licenses or souvenirs. It is not permitted to convert clubs into points or vice versa. Club admin reserves the right to terminate the entire rating system at any time with no prior notice, as well as make changes to its rules, refuse to award clubs to a member or exclude them from the rating system should it come to light that they've broken these rules, participated unfairly in the rating system, or taken actions with the related intent of bullying, insulting, threatening or bothering any other individual. By participating in the rating system, you consent unconditionally to abide by its rules. You can discuss the rating system in a related topic.
  20. Now a Day, our devices like Laptop, Mobile, IoT, and other smart appliances are effected by millions of cyber threats. How we can protect our these devices from millions of cyber threats around the world?
  21. Dr. Anosh Ahmed says philanthropy unites individuals to help causes greater than themselves. It is not entirely obvious that charity helps the beneficiary, yet additionally gives the provider profound life fulfillment. 
    There is a monetary justification for corporate charity, however, it is additionally an interaction that assists individuals with feeling good in their choices and activities, which is a profound piece of their physiology. At the point when individuals who volunteer in philanthropy make a positive commitment to their local area, it diminishes the different burdens they experience in their everyday lives.

    Dr Anosh Ahmed.jpg

  22. GANESH CORPORATION

    Ganesh Corporation Is A Leading Manufacturer And Exporter Organization In India Since 2014. We are the Manufacturer of HDPE CARBOYS & DRUM CONTAINERS. We are Manufacturing a Wide Range of Square Mouser, Full open Top, Jerry Can, Rocket, Narrow Mouth, Wide Mouth, Large Quantity Carboys, HDPE 50 Liter Drum. We provide high Quality & wide range at an affordable price.

    Our HDPE Plastic Drums, Barrels, Containers, etc. products:

    Square Mouser,

    Full open Top,

    Jerry Can,

    Rocket,

    Narrow Mouth,

    Wide Mouth,

    Large Quantity Carboys,

    HDPE 50 Liter Drum

     

  23. Apple plans to use its new CSAM Detection system to monitor users and identify those who store child pornography on their devices. In early August 2021, Apple unveiled its new system for identifying photos containing images of child abuse. Although Apple’s motives — combating the dissemination of child pornography — seem indisputably well-intentioned, the announcement immediately came under fire. Apple has long cultivated an image of itself as a device maker that cares about user privacy. New features anticipated for iOS 15 and iPadOS 15 have already dealt a serious blow to that reputation, but the company is not backing down. Here’s what happened and how it will affect average users of iPhones and iPads. Read more...
  24. Scammers are distributing malware and adware made to look like Windows 11. Microsoft hasn’t yet released Windows 11, but the new operating system is already available for download and preview. Cybercriminals, of course, are exploiting that, slipping malware to users who think they’re downloading Microsoft’s new operating system. Read more...
  25. We explain why secret chats in Telegram are a must, and how to configure security and privacy. Facebook’s WhatsApp recently updated its privacy policy, causing many disgruntled users to switch to rival messengers, among them Telegram. Thanks largely to this exodus, Telegram added 25 million new users in just a few days, pushing its user base over the 500 million mark. That makes this the perfect time to talk about Telegram’s security and privacy. Read more...
  26. What to do if you receive a notification about a suspicious login to your Facebook or Instagram account. A notification pops up on your smartphone screen: “We detected an unusual login attempt from Rio de Janeiro, Brazil.” Whether the login attempt occurs where you live, halfway around the world, on the kind of phone you use, or from a device you’ve never heard of, what’s really going on here is an attempt to make you panic. Don’t panic. Either someone’s been busted trying to log in to your account or not, and freaking out will not help. To help you remain calm and survive the incident with minimal losses, we are arming you with knowledge of what it might be and what to do. Read more...
  27. Prioritize updating the apps that keep your devices and personal data safe from cyberattacks. Rest assured, there is no global conspiracy to bug you with update notifications. As you may have noticed, unpatched software enables a large proportion of cyberattacks, which is why developers are constantly fixing vulnerabilities in their programs, and why you’re constantly getting alerts about updates. Update the software, patch the vulnerabilities, foil the crooks. To learn more about the situation, we investigated user attitudes about updates in two dozen countries. It turned out that every other person we surveyed is inclined to click “Remind me later.” That being the case, here’s a handy list of the five most important types of software to update — the ones worth tearing yourself away from work or play. Read more...
  28. These seven tips will help you get maximum gaming performance from your PC while retaining a high level of protection. Losing a multiplayer match because your computer suddenly froze for 50 milliseconds can be bitter. The good news is that you can prevent this mishap in the vast majority of cases. In this post we focus on the software-related problems and solutions that are most common for modern gamers. These seven tips will help you minimize performance-related defeats. Read mode...
  1. Load more activity
×
×
  • Create New...