• Tag Archives computer repair
  • Spoofed FedEx and USPS Kovter and Locky sites Ransomeware Malware Keeps Spreading

    www.ccrepairservices.com
    Locky Ransomeware New CPRS CCRS Computer Repair Miami Fort Lauderdale Website

    Following on from these  [ FEDEX ] [ USPS ]  posts describing the Spoofed FedEx and USPS ( and other delivery services from time to time) I will endeavour to keep up to date with a list of current sites involved in the spreading of this malware. I will also show the command used that day to obtain the malware. I will add each days new sites to the lists, but please remember that old sites are reused daily until taken down by their hosts.  All the sites used in this malware spreading campaign are hacked / compromised sites.

     

    The script tries the first in the list & then moves down until it gets a reply from the server. You never see the first downloaded file ( counter.js by searching on your computer, that is run directly from temp internet files ) Counter.js then downloads  a different variant of counter.js which in turn downloads 01 first, then 02, then 03 until you get to 05. If any site doesn’t have the file, then it moves to the next site in the list for that particular file. Each site on the list has a full set of the files. but it is rare for the site delivering counter.js to actually download from itself, normally that downloads from a different site on the list. All the files ( apart from the original counter.js) pretend to be png ( image files). They are actually all renamed .exe files or a renamed php script listing the files to be encrypted. Counter.js contains the list of sites to download from, which includes many of the sites listed in the original WSF, JS, VBS or other scripting file and normally one or 2 extra ones. to get the second counter.js you need to change the &r=01 at the end of the url to &m=01 ( or 02-05). This second counter.js contains additional sites to download from which frequently includes sites from the previous days lists that are not already included in the WSF or first counter.js.

    I only accidentally  found out about the second /3rd /4th /5th  counter.js when I made a mistake in manually decoding the original wsf file ( and the original counter.js) and mistyped/ miscopied  the &r= and used &m= instead. Obviously it is a belt and braces approach to making sure the actual malware gets downloaded to a victim’s computer when urls or sites are known about and blocked by an antivirus or web filter service.

    25 December 2016:  ( Payload Security report  )

    3spension.com
    minebleue.com
    chaitanyaimpex.org
    break-first.com
    grancaffe.net
    www.meizumalaysia.com
    dreamoutloudcenter.org
    megrelis-avocat.com

    /counter/?a=1DtntZgmur6occ1CY29PJzvAzLsjCXMuyD&m=9488599&i=e5J5zaa6WhR1MYhBZ8L8Rmw2RWRVmbtna9Y_vLRIrGW2mVxU7SBYLhBH9Gj5Mr942yUp7kFWRWAOGtmJ5aqexWRDrTq_rGixe_a-gmVCMQ

    /counter/?i=e5J5zaa6WhR1MYhBZ8L8Rmw2RWRVmbtna9Y_vLRIrGW2mVxU7SBYLhBH9Gj5Mr942yUp7kFWRWAOGtmJ5aqexWRDrTq_rGixe_a-gmVCMQ&a=1DtntZgmur6occ1CY29PJzvAzLsjCXMuyD&r=01

    27 December2016:  ( Payload Security report  )

    lacasadeicuochi.it
    boardedhallgreen.com
    www.memoodgetactive.det.nsw.edu.au
    rebecook.fr
    peachaid.com
    kidsgalaxy.fr
    baltasmenulis.lt
    artss.org

    /counter/?a=1HHDb3PbzDuGitWA7eW5oQFLzRjd1VzqhJ&m=3254807&i=Y5rzyqa6RhRlpx-dpPoqiXX2fW4GipPhNOTHtfBNJDBj6eEd6iZ3Yj9wAD7akn77R5LBqqvQvXIlyx_kYmBdyl0Bi12Qqds7  

    /counter/?i=Y5rzyqa6RhRlpx-dpPoqiXX2fW4GipPhNOTHtfBNJDBj6eEd6iZ3Yj9wAD7akn77R5LBqqvQvXIlyx_kYmBdyl0Bi12Qqds7&a=1HHDb3PbzDuGitWA7eW5oQFLzRjd1VzqhJ&r=01

    28 December 2016:  ( Payload Security report  )

    thanepoliceschool.com
    chimie.iset-liege.be
    partnersforcleanstreams.org

    /counter/?a=1N1rEZQQ9Z3Ju6jggwn7hFU1jXytBTcK7r&m=8429816&i=LXEfbBQo_qDv_k77jrIae7y_BHSSQ_IZeneRTOoRmdDa4RlnJqaUKIl03HhN683DsUx-hkDi_OiCy0bOPjhZTiYm8RSQDBkfCerE

    /counter/?i=LXEfbBQo_qDv_k77jrIae7y_BHSSQ_IZeneRTOoRmdDa4RlnJqaUKIl03HhN683DsUx-hkDi_OiCy0bOPjhZTiYm8RSQDBkfCerE&a=1N1rEZQQ9Z3Ju6jggwn7hFU1jXytBTcK7r&r=01

    29 December 2016:  ( payload Security report)

    cobycaresfoundation.org
    dev.zodia-q.com
    shark1.idhost.kz
    italysfinestdesign.it
    salutgaudi.com
    zodia-q.com

    /counter/?a=13h8Y8z3WfiDFYG7jEWgsqZmPL94z22ca1&m=2365622&i=a5P5yqa6RhR1p80JYSnJbDP0I9KOXtIPtIhrFT4SHyIIqBAg-BghzAkZFkHS2tXw5C3mJYnrwuc1MpOfvGWZGd_STcfaml86P_kj5gA

    /counter/?i=a5P5yqa6RhR1p80JYSnJbDP0I9KOXtIPtIhrFT4SHyIIqBAg-BghzAkZFkHS2tXw5C3mJYnrwuc1MpOfvGWZGd_STcfaml86P_kj5gA&a=13h8Y8z3WfiDFYG7jEWgsqZmPL94z22ca1&r=01

    2nd version today ( Payload Security Report )

    /counter/?=&i=a5P71qa6RhRlpLdtPLsJBpD0aKRuq7EtvIQrHyyE-zmVoG37HDoS-OmdfAXYY-Y0RtEcCwavHQyucNU4JL_PpGxvv0l-mxt00fo&a=16TqYh72RpopqiWR97WGMNtTGTazWFYBg1&r=01

    /counter/?a=16TqYh72RpopqiWR97WGMNtTGTazWFYBg1&m=4831333&i=a5P71qa6RhRlpLdtPLsJBpD0aKRuq7EtvIQrHyyE-zmVoG37HDoS-OmdfAXYY-Y0RtEcCwavHQyucNU4JL_PpGxvv0l-mxt00fo

    31 December 2016: ( Payload Security Report)

    www.iblasoni.com
    aventurarealestatedirectory.com
    www.apogeoform.net
    oytunidil.com
    ocentsinus.com
    sonja.ostrovanka.cz
    instalaciondeairesplit.com

    /counter/?a=1J9cj5Z7UvwkR9Tp1qywXBq994MFZ6dCLn&i=Y5p7yaa6RhRlPVwtx_0twhfOcSziOus6gsFi-6WQ9cGftnod2TtjVWJvU-_2nroNgi-lT8j6sF6rzL02lqFLiuQ20RDPqOBkTCSmGjp6NQ
    /counter/?i=Y5p7yaa6RhRlPVwtx_0twhfOcSziOus6gsFi-6WQ9cGftnod2TtjVWJvU-_2nroNgi-lT8j6sF6rzL02lqFLiuQ20RDPqOBkTCSmGjp6NQ&a=1J9cj5Z7UvwkR9Tp1qywXBq994MFZ6dCLn&r=01

    31 December 2016: update 2 ( Payload Security)

    spiritdoula.net
    www.yabaojiuhe.com
    windycrestrental.com
    maggieellisbusinessconsulting.com
    pn-group.com
    inflation.us

    /counter/?a=16ehyeR9Nhrtgk4z2BrKZVJcKTFYe9Z1Ap&i=Y5r71qa6RhRlpLdvFNp4Tyf0O3puCoDDA0TLPwt-ZnjyqdV140NpvPnVGT2KeqxNu7AHi0Gk1WT6yYGkb0YxpcGpOaMzrto7
    /counter/?i=Y5r71qa6RhRlpLdvFNp4Tyf0O3puCoDDA0TLPwt-ZnjyqdV140NpvPnVGT2KeqxNu7AHi0Gk1WT6yYGkb0YxpcGpOaMzrto7&a=16ehyeR9Nhrtgk4z2BrKZVJcKTFYe9Z1Ap&r=0


  • Mobile banking trojan now has encryption and is targeting over 2000 apps

    Security experts at Kaspersky Lab have discovered a modification of the mobile banking Trojan, Faketoken, which can encrypt user data. Kaspersky Lab has detected several thousand Faketoken installation packages capable of encrypting data, the earliest of which dates back to July 2016.

    Disguised as various programs and games, including Adobe Flash Player, the modified Trojan can also steal credentials from more than 2000 Android financial applications.

    To date, the modified Faketoken has claimed over 16,000 victims in 27 countries, with the most located in Russia, Ukraine, Germany and Thailand.

    The newly added data-encryption capability is unusual in that most mobile ransomware focuses on blocking the device rather than the data, which is generally backed-up to the cloud.

    In Faketoken’s case, the data – including documents and media files such as pictures and videos – is encrypted using AES symmetric encryption which can, in some cases, be decrypted by the victim without paying a ransom.

    During the initial infection process, the Trojan demands administrator rights, permission to overlay other apps or to be a default SMS application – often leaving users with little or no choice but to comply. Among other things, these rights enable Faketoken to steal data: both directly, like contacts and files, and indirectly, through phishing pages.

    The Trojan is designed for data theft on an international scale. Once all the necessary rights are in place, it downloads a database from its command and control server containing phrases in 77 languages for different device localisations.

    These are used to create phishing messages to seize passwords from users’ Gmail accounts. The Trojan can also overlay the Google Play Store, presenting a phishing page to steal credit card details.

    In fact, the Trojan can download a long list of applications for attack and even an HTML template page to generate phishing pages for the relevant apps. Kaspersky Lab researchers uncovered a list of 2249 financial applications.

    Intriguingly, the modified Faketoken also tries to replace application shortcuts for social media networks, instant messengers and browsers with its own versions. The reason for this is unclear as the substitute icons lead to the same legitimate applications.

    “The latest modification of the Faketoken mobile banking Trojan is interesting in that some of the new features appear to provide limited additional benefit for the attackers. That doesn’t mean we shouldn’t take them seriously. They may represent the groundwork for future developments, or reveal the ongoing innovation of an ever-evolving and successful malware family. In exposing the threat, we can neutralise it, and help to keep people, their devices and their data safe,” says Roman Unuchek, senior malware analyst at Kaspersky Lab.


  • Android Trojan Switcher Infects Routers via DNS Hijacking – Android Trojan Switcher Infects Routers via DNS Hijacking

    A new Android Trojan uses a victims’ devices to infect WiFi routers and funnel any users of the network to malicious sites. The malware doesn’t target users directly – instead its goal is to facilitate further attacks by turning victims into accomplices.

     

    Researchers at Kaspersky Lab, who discovered the malware and dubbed it Switcher Trojan, claim they’ve seen two versions of the malware. Attackers have used both iterations to commandeer 1,280 wireless networks, most of them in China, according to Nikita Buchka, a mobile security expert with the firm.

    One version of the malware mimics a mobile client for the Chinese search engine Baidu. Another passes itself off as a version of an app used for locating and sharing WiFi login information. Once a victim has downloaded one of the versions, it gets to work attacking the router.

    The malware does so by carrying out a brute-force password guessing attack on the router’s admin web interface. Once in, Switcher swaps out the addresses of the router’s DNS servers for a rogue server controlled by the attackers along with a second DNS, in case the rogue one goes down.

    This makes it so queries from devices on the network are re-routed to the servers of the attacker, something that can open victims to redirection, phishing, malware and adware attacks.

    “The ability of the Switcher Trojan to hijack [DNS] gives the attackers almost complete control over network activity which uses the name-resolving system, such as internet traffic,” Kaspersky Lab said Wednesday, “The approach works because wireless routers generally reconfigure the DNS settings of all devices on the network to their own – thereby forcing everyone to use the same rogue DNS.”

    The creators of the Trojan were a little sloppy when it came to crafting parts of its command and control website however; they left a table complete with internal infection statistics publicly viewable. According to Buchka, who has reviewed the site, the attackers boast to have infiltrated 1,280 WiFi networks over the last several weeks.

    In a Securelist post on the malware posted Wednesday Buchka cautioned users to review their routers’ DNS settings for the following rogue servers: 101.200.147.153, 112.33.13.11, and 120.76.249.59. He also took the opportunity to encourage users – although for many it goes without saying – to verify that they’ve changed their routers’ default login and passwords.

    Several weeks ago a handful of router users in Germany fell victim when a variant of Mirai, the nasty malware that’s become synonymous with internet of things vulnerabilities, took hold of their devices. While those routers didn’t suffer from a hardcoded username/password vulnerability, they did have port 7547, usually used by internet service providers to remotely manage the device, open.

    The behavior of Switcher is somewhat similar to that of DNSChanger, malware that’s been repurposed as an exploit kit as of late. A recent campaign observed by Proofpoint was targeting wireless routers and changing DNS entries in order to steal traffic. In that instance routers made by D-Link, Netgear, Pirelli and Comtrend were vulnerable. According to Buchka, the hardcoded names of input fields and the structures of the HTML documents that the Switcher Trojan tries to access suggests it may work only on web interfaces of TP-LINK Wi-Fi routers.


  • Complete Computer Repair VS Geek Squad Prices and Service

    BEST SERVICE AND PRICE VS GEEK SQUAD

    Complete Computer Repair Services BEATS The Geek Squad Prices

    Complete Computer Repair VS Best Buy Geek Squad Services

    • Virus Removal Geek Squad takes 3 to 7 days – WE TAKE TWO HOURS
    • Laptop Screen Repair Geek Squad takes 5 to 10 days – WE TAKE TWENTY MINUTES
    • Computer or Laptop Motherboard Repair Geek Squad takes 10 to 15 days – WE TAKE A TWO HOURS
    • Hard Drive Replacement Geek Squad takes 3 to 7 days – WE TAKE FIFTEEN MINUTES

    Geek Squad Charges for In home Service $125 Plus WE DONT CHARGE

    IT NETWORK SERVICES NOT OFFER BY GEEK SQUAD
    Troubleshoot and resolve ongoing T1/DSL problems
    Network cabling and Server Setup
    VPN / Proxy setup
    IT Network Engineers and Analyst’s
    Client/Server Setup Un-managed Switch
    Onsite Hardware repair
    Onsite Desktop / Laptop repair Soldering Repairs
    Windows Or OS X VMware setup and Maintenance
    Microsoft Windows and Macintosh OS X Servers

    CALL TODAY 754-234-5598

    Fort Lauderdale Computer Repair, Apple Mac Repair Same Day, PC Repair for Dell, Acer, Asus, Compaq, Sony, Toshiba, Lenovo, IBM MSI, Vizio, Emachines, HP, Gateway, Fujitsu, Samsung and more.

    THE GEEK SQUAD CAN’T BEAT OUR REPAIR PRICES OR SERVICE



  • Upgrade Your Computer or Laptop Hard drive to SSD for Significant Computer Performance Gains

    LAPTOP SSD HARD DRIVE UPGRADES Fort Lauderdale, Miami and  Boca Raton

    IMAC SSD Hard Drive Upgrade, Macbook Pro  SSD  Upgrade, Laptop SSD upgrade, Desktop Hard drive upgrade to SSD or Solid State Drive Upgrades

    Want to make one of the biggest performance and speed boosts to your laptop for only a couple hundred dollars? Switching to an SSD or Solid State Drive can deliver an instant increase in speed to your slow computers and also increases life expectancy of your laptop and drive itself.

    Hard Disk Drives have been in use for decades, and the technological breakthroughs each year have helped this technology grow from storing a few hundred Kilobytes to several Terabytes between the 1970s through today. HDDs work by spinning platters at 5400, 7200, sometimes even 10,000rpm. But movement begets wear, wear will eventually degrades the performance, and before too long, the drive will stop operating entirely.

     No Loss of data or programs we transfer all settings.Same day service Call 754-234-5598


  • Microsoft continues its legacy of spying on its windows users! Windows 10 Privacy Spy destroyer

    DISTROY WINDOWS 10 SPYING – Privacy Concerns

    Microsoft Windows 10 Software

    As we all know since windows 7 Microsoft has altered its operating system to be more user friendly and at the same time collect more user data on its customers, When windows 8 was launched , there were big changes including location platform and many more but now with the new Windows 10 release there are endless limitations on the collection of data being sent to Microsoft.

    Some group has released a piece of software which eliminates all apps, and blocks the data from being sent to Microsoft. I will not comment much on the software but see below what it does block.

    Also a new app by the name of DoNotSpy10 has been created by a German developer pXc-coding.

    Destroy Windows 10 Spying is an app that can block anonymous data being sent, remove apps that can’t be removed the standard way and more. I liked that it can remove some of the Windows default programs that can’t be removed under Apps & Features, an annoyance I immediately discovered since I prefer to “slim” down windows.

    I should note that there are still a few steps to complete, you’ll still need to go online to Microsoft’s site and opt out of the company’s invasive advertising tracking features when using DoNotSpy10 or other piece of software.

    It’s your own fault if you don’t know that Windows 10 is spying on you. That’s what people always say when users fail to read through a company’s terms of service document, right?

    Well, here is Microsoft’s 12,000-word service agreement. Some of it is probably in English. We’re pretty sure it says you can’t steal Windows or use Windows to send spam, and also that Microsoft retains the right to take possession of your first-born child if it so chooses. And that’s only one of several documents you’ll have to read through.

    Actually, here’s one excerpt from Microsoft’s privacy statement that everyone can understand:

    Finally, we will access, disclose and preserve personal data, including your content (such as the content of your emails, other private communications or files in private folders), when we have a good faith belief that doing so is necessary to: 1.comply with applicable law or respond to valid legal process, including from law enforcement or other government agencies; 2.protect our customers, for example to prevent spam or attempts to defraud users of the services, or to help prevent the loss of life or serious injury of anyone; 3.operate and maintain the security of our services, including to prevent or stop an attack on our computer systems or networks; or 4.protect the rights or property of Microsoft, including enforcing the terms governing the use of the services – however, if we receive information indicating that someone is using our services to traffic in stolen intellectual or physical property of Microsoft, we will not inspect a customer’s private content ourselves, but we may refer the matter to law enforcement.

    If that sentence sent shivers down your spine, don’t worry. As invasive as it is, Microsoft does allow Windows 10 users to opt out of all of the features that might be considered invasions of privacy.
    Some of the domains we know send anonymous information back to Microsoft include:
    vortex.data.microsoft.com
    vortex-win.data.microsoft.com
    telecommand.telemetry.microsoft.com
    telecommand.telemetry.microsoft.com.nsatc.net
    oca.telemetry.microsoft.com
    oca.telemetry.microsoft.com.nsatc.net
    sqm.telemetry.microsoft.com
    sqm.telemetry.microsoft.com.nsatc.net
    watson.telemetry.microsoft.com
    watson.telemetry.microsoft.com.nsatc.net
    redir.metaservices.microsoft.com
    choice.microsoft.com
    choice.microsoft.com.nsatc.net
    df.telemetry.microsoft.com
    reports.wes.df.telemetry.microsoft.com
    wes.df.telemetry.microsoft.com
    services.wes.df.telemetry.microsoft.com
    sqm.df.telemetry.microsoft.com
    telemetry.microsoft.com
    watson.ppe.telemetry.microsoft.com
    telemetry.appex.bing.net
    telemetry.urs.microsoft.com
    telemetry.appex.bing.net:443
    settings-sandbox.data.microsoft.com
    vortex-sandbox.data.microsoft.com
    survey.watson.microsoft.com
    watson.live.com
    watson.microsoft.com
    statsfe2.ws.microsoft.com
    corpext.msitadfs.glbdns2.microsoft.com
    compatexchange.cloudapp.net
    cs1.wpc.v0cdn.net
    a-0001.a-msedge.net
    statsfe2.update.microsoft.com.akadns.net
    sls.update.microsoft.com.akadns.net
    fe2.update.microsoft.com.akadns.net
    diagnostics.support.microsoft.com
    corp.sts.microsoft.com
    statsfe1.ws.microsoft.com
    pre.footprintpredict.com
    i1.services.social.microsoft.com
    i1.services.social.microsoft.com.nsatc.net
    feedback.windows.com
    feedback.microsoft-hohm.com

    feedback.search.microsoft.com
    rad.msn.com
    preview.msn.com
    ad.doubleclick.net
    ads.msn.com
    ads1.msads.net
    ads1.msn.com
    a.ads1.msn.com
    a.ads2.msn.com
    adnexus.net
    adnxs.com
    az361816.vo.msecnd.net
    az512334.vo.msecnd.net

    www.CCREPAIRSERVICES.COM

    Local and Online PC Computer Repair Tel. 754-234-5598

    FAST SAME DAY COMPUTER REPAIR, VIRUS REMOVAL, CRYTOWALL FILE RECOVERY AND LAPTOP SCREEN REPAIR SERVICE


  • Malicious Ads on Yahoo, AOL, Match.com, Trigger CryptoWall Infections

    cryptowall

    Attackers have been leveraging the FlashPack Exploit Kit to peddle the CryptoWall 2.0 ransomware on unsuspecting visitors to sites such as Yahoo, The Atlantic and AOL. Researchers believe that for about a month the malvertising campaign hit up to 3 million visitors and netted the attackers $25,000 daily.

    According to experts at Proofpoint, a firm that primarily specializes in email security, the exploit kit targeted a vulnerability in Adobe Flash via users’ browsers to install the ransomware on users’ machines.

    Malvertising is an attack that happens when attackers embed malicious code – in this case code that led to the latest iteration of CryptoWall – into otherwise legitimate ads to spread malware via drive-by downloads. Users can often be infected without even clicking on anything.

    CryptoWall, which takes users’ files, encrypts them with rigid RSA-2048 encryption, then asks for a fee to decrypt them, made a killing earlier this summer. In August it was reported that the ransomware made more than $1.1 million for its creators in just six months.

    Similar to Critoni/Onion, a ransomware dug up in July, CryptoWall 2.0 downloads a TOR client on the victim’s machine, connects to a command and control server and demands users send Bitcoin – $500 worth – to decrypt their files. Since the campaign lasted about a month, from Sept. 18 to this past Saturday, researchers are estimating that 40 of the campaign’s Bitcoin addresses collected at least 65 BTC each, a number that roughly translates to $25,000 a day.

    cryptowall1

    Proofpoint claims that high ranking sites such as AOL, The Atlantic, Match.com and several Yahoo subdomains such as their Sports, Fantasy Sports and Finance sites, were spotted serving up the tainted ads. Other sites lesser known in the U.S. such as Australia’s Sydney Morning Herald, The Age, and the Brisbane Times, were reportedly also doling out the ads.

    While the campaign started a month ago the firm claims things didn’t start to ramp up until recently.

    “After crossing a threshold level, it became possible to associate the disparate instances with a single campaign impacting numerous, high-traffic sites,” Wayne Huang, the company’s VP of Engineering, said of the campaign.

    The firm claims it worked quickly to notify those involved in the campaign, including the ad providers, and as of this week, believes the situation has been nullified.

    Last month researchers with Barracuda Labs found a CryptoWall variant with certificate signed by Comodo being distributed through ads on a handful of different websites. None of those sites were nearly as trafficked as those spotted by this most recent campaign however. The Alexa rankings for Yahoo (4), AOL (37), Match (203), and The Atlantic (386) place them within the top 500 of the internet’s most popular sites, something that likely upped the campaign’s exposure level.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw

    Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild

    As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations’ networks.

    Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations.

    Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim’s entire system.

     

    According to the researchers at FireEye, the two of three so-called zero-day flaws are being actively exploited in the wild by hackers and are being used as “part of limited, targeted attacks against some major corporations.”

    Microsoft updates for the month of October 2014 Patch Tuesday address several vulnerabilities in all currently supported versions of Windows, Internet Explorer, Office, Sharepoint Server and the .Net framework. Three of the bulletins are marked “critical” and rest are “important” in severity. Systems administrators are recommended to apply the patches immediately for the critical updates.

    The zero-day flaw (CVE-2014-4114) discovered by iSight partners in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the “Sandworm” cyberattack, are patched as part of MS14-060. Microsoft rated Bulletin MS14-060 as important rather than critical because it requires a user to open a Microsoft Office file to initiate the remote code execution.

    The vulnerability [exists in Windows OLE] could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object,” Microsoft warned in its bulletin. “An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.” (OLE is Microsoft technology for creating complex documents that contain a combination of text, sound, video and other elements.)

    However, the two zero-days discovered by FireEye are patched as part of MS14-058 and are marked critical. They are designated CVE-2014-4148 and CVE-2014-4113.

    We have no evidence of these exploits being used by the same actors. Instead, we have only observed each exploit being used separately, in unrelated attacks,” FireEye explained.

    CVE-2014-4148 exploits a vulnerability in TrueType Font (TTF) processing. TTF processing is performed in kernel mode as part of the GDI and has been the source of critical vulnerabilities in the past as well.

    The vulnerability affects Windows 8.1/Windows Server 2012 R2, Windows 8/Windows Server 2012, Windows 7/Windows Server 2008 R2 (Service Pack 0 and 1) and Windows XP Service Pack 3. It affects both 32-bit and 64-bit versions of the Operating System, but the attacks have only been observed against 32-bit systems.

    However, CVE-2014-4113 is a local Elevation of Privilege (EoP) vulnerability that affects all versions of Windows including Windows 7, Vista, XP, Windows 2000, Windows Server 2003/R2, Windows Server 2008/R2, Windows 8.x and Windows Server 2012/R2.

    Out of remaining bulletins, two are rated critical, both address remote code execution vulnerability in Internet Explorer and Microsoft .NET Framework respectively. Remaining bulletins are rated important in severity, include elevation of privilege bugs, Security Feature Bypass, and a remote code execution flaw.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • Nearly 7 Million Dropbox accounts Allegdely Hacked

    Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world.

    Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.

    HACKERS CLAIMED TO RELEASE 7 MILLION USERS’ PERSONAL DATA

    A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site.

    Hackers have already leaked about 400 accounts by posting login credentials, all starting with the letter B, and labelled it as a “first teaser…just to get things going“. The perpetrators are also promising to release more more password details if they’re paid a Bitcoin ransom.

    More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear.”

    The security breach in Dropbox would definitely have bothered its millions of users and since passwords are involved in this incident, so it has more frightening consequences on its users. Reddit users have tested some of the leaked username and password combinations and confirmed that at least some of them work.

    DROPBOX DENIED THE HACK – THIRD PARTY IS RESPONSIBLE

    However, Dropbox has denied it has been hacked, saying the passwords were stolen apparently from third-party services that users allowed to access their accounts. In a statement to The Next Web, Dropbox said:

    Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well.”

    The incident came just few days after the Snappening incident in which the personal images of as much as 100,000 Snapchat users were leaked online, which was the result of a security breach in the its third-party app.

    Snapchat has denied that its service or server was ever compromised, but the servers of a third-party app designed to save Snapchat photos, which became the target for hackers to obtain personal photographs.

    DROPBOX – “HOSTILE TO PRIVACY” SAYS SNOWDEN
    Dropbox was in the news earlier this week when, in a recent interview with The Guardian, NSA whistleblower Edward Snowden called Dropbox a “targeted, wannabe PRISM partner” that is “very hostile to privacy” — referring to its ability to access your data itself, which is yet another security consideration when it comes to web services.Snowden suggested web users to stop using Dropbox and warned them that the cloud storage service does not safeguard users’ privacy because it holds encryption keys and can therefore be forced by governments to hand over the personal data they store on its servers. He suggested people to use an alternative cloud storage provider that do not store any encryption keys, so that the users’ data cannot be read by anyone.

    USERS ARE ADVISED TO CHANGE PASSWORDS

    Until the full scope of the problem is known, it’s probably worthwhile changing your password. But whether the attack is confirmed or not, it’s a good idea to change your password just to be on a safer side — especially for those users who use same password for multiple services.

    Users are also recommended to turn on two-factor authentication, which Dropbox now supports and install a time-based, one-time password app on a mobile device.

    Update: Dropbox has issued a statement on its blog further clarifying that the Dropbox passwords were stolen from “unrelated services.”

    The usernames and passwords…were stolen from unrelated services, not Dropbox,” the company said in a blog post. “Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens.”

    Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


  • ONE MILLION people already running Windows 10

     

    Microsoft announced early this week that they have released a Technical Preview of Windows 10. This sounds awesome. Because I always loved the moment when new OS release comes from Microsoft. People were expecting Windows 9 after the previous 8.1 but it was quite surprising that Microsoft Skipped 9 and released Windows 10.

    Microsoft has revealed that a million people have signed up for the Windows Insider Program it is using to offer early access to Windows 10 for those willing to test the operating system’s early iterations.

    Of those crash test dummies, Redmond says 36 per cent are running the OS in a virtual machine.That leaves about 650,000 people running Windows 10 on bare metal.

    Microsoft says

    “Insiders” have delivered “over 200,000” pieces of feedback. If the list of most-requested features Microsoft has presumably allowed to reach Paul Thurrott’s Supersite for Windows is any guide, feedback is not coming from sysadmins: most requests concern minor UI tweaks and aesthetics, although “Make it easier to use a local account” is the third-most-requested new feature.

     

    SNEAKPEAK

    Well if you are not familiar with previous release then Download Windows 8.1 ISO first. Then you can have better picture what changes Microsoft brought in this Metro Style User Interface. There was large community which was preferring Windows 7 on these new Metro Interface operating Systems. That’s why Microsoft had to take a new step. This time they created a Mix of Windows 7 and Windows 8 to create the New Windows 10.

    Windows 10 Download ISO 64 bit Free

    Features of Windows 10 Technical Preview

    Below are some noticeable improvements which you’ll get after Windows 10 Download ISO 32 Bit 64 Bit.

    • New Cleaned Start Menu.
    • Mix of Windows 7 Menu and Windows 8 Metro Interface.
    • Virtual Desktops Feature.
    • Task View Option with Arrays of Virtual Desktops.
    • Dynamically Resizing of Windows Apps.
    • Huge Search Improvements.

    More Features can be seen when you Download Windows 10 ISO.

    Windows 10 Download ISO 32 Bit 64 Bit

    Windows 10 Technical Specs

    • Software Full Name: Windows 10 Technical Preview 32 Bit 64 Bit English
    • Setup File Name: WindowsTechnicalPreview-x86-EN-US.iso (32 Bit), WindowsTechnicalPreview-x64-EN-US.iso (64 Bit)
    • Full Setup Size: 2.93 GB (32 Bit), 3.81 GB (64 Bit)
    • Setup Type: Offline Installer / Full Standalone Setup:
    • Compatibility Architecture: 32 Bit (x86) / 64 Bit (x64)
    • Latest Version Release Added On: 2nd Oct 2014
    • License: Free
    • Developers: Microsoft

    Minimum System Requirements for Windows 10

    Before you start Windows 10 Download ISO 32 Bit 64 Bit, Make sure you PC meets minimum system requirements.

    • Processor: 1 GHz
    • Memory (RAM): 1 GB (For 32 Bit), 2 GB (For 64 Bit)
    • Space: 16 GB Free Hard Disk Space

    Microsoft’s not saying when the feedback will result in a new release of of the OS, or when it will go on sale. ®


  • Snapchat Hacker Threatens to Leaked thousands of Nude Celebriti Images

     

    The waves of celebrities nude photos have not yet stopped completely, and a new privacy threat has emerged exposing tens of thousands of private photographs and videos of innocent users are circulating over the Internet.

    The personal image that are believed to be sent through Snapchat — the ephemeral messaging service that allows users to send pictures that should disappear after a few seconds — has been floating on the image based 4chan’s notorious /b/ board since last night. The incident was result of a security breach in an unofficial third-party app for Snapchat.

    Earlier this week, an anonymous 4chan user claimed to have obtained images on Snapchat and then the user warned of releasing thousands of nude videos and images sent using Snapchat soon in an event dubbed ‘The Snappening’.

    Previously, It was believed that the official SnapChat mobile app or its servers had been hacked by the hackers, and the third-party Snapchat client app has been collecting every photo and video file sent through the messaging service for years, giving hackers access to a 13GB private Snapchat files.

    But Snapchat has denied that its service was ever compromised. Earlier today, Snapchat issued a statement about the “Snappening” and blamed its consumers for using unofficial and unauthorized third-party apps.

    “We can confirm that Snapchat’s servers were never breached and were not the source of these leaks,’ a Snapchat representative said in a statement. “Snapchatters were victimised by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.“

    The most worrying part for the users is that Snapchat was right. The personal data is supposed to be obtained from a website called SnapSaved.com — an external app used by a number of Snapchatters in order to save Snapchat photos without the sender knowing — which has been inactive for the past few months and is apparently independent of the official Snapchat service.

    However, Business Insider has pointed to SnapSaved.com, a site which is no longer functional, and the SnapSave app as potential sources of the leak. Meanwhile, an assortment of photos has been traced back to SnapchatLeaked.com — site also posted personal and nude photos of Snapchat users, indicating that the photos could have been circulating for months.

    “The Snappening” is named in reference to the recent celebrity nude photos leak that was called “The Fappening.” The incident comes just weeks after thousands of celebrity nude images were leaked online through 4chan website, following a hack of Apple’s iCloud.

    Snapchat was first hacked in December 2013 when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass The most worrying part for the users is that Snapchat was right. The personal data is supposed to be obtained from a website called SnapSaved.com — an external app used by a number of Snapchatters in order to save Snapchat photos without the sender knowing — which has been inactive for the past few months and is apparently independent of the official Snapchat service.

    However, Business Insider has pointed to SnapSaved.com, a site which is no longer functional, and the SnapSave app as potential sources of the leak. Meanwhile, an assortment of photos has been traced back to SnapchatLeaked.com — site also posted personal and nude photos of Snapchat users, indicating that the photos could have been circulating for months.

    “The Snappening” is named in reference to the recent celebrity nude photos leak that was called “The Fappening.” The incident comes just weeks after thousands of celebrity nude images were leaked online through 4chan website, following a hack of Apple’s iCloud.

    Snapchat was first hacked in December 2013 when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass vulnerabilities were discovered by the researchers at the beginning of this year.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida