• Privacy criticism hits OSX Yosemite over Location data and Safari Search Results being submitted to apple

    Posted on by admin Comment

    apple rainbow logo

    Apple has fixed a huge number of security vulnerabilities in OS X and iTunes and, at the same time, is being hit with criticisms about privacy issues in the new version of OS X.

    The latest version of the operating system, known as Yosemite, sends location information to Apple by default via the Spotlight search feature, something that has angered users and privacy advocates. Yosemite was released to users on Oct. 17 and within hours users began reporting that highly specific location data was being sent from their machines back to Apple. The feature that enables this data collection and transmission is Spotlight, a powerful search function in OS X that in Yosemite now has the ability to return search results not just from the user’s Mac, but also from iTunes, the App Store and the Web.

    APPLE COLLECTS USERS’ DATA AND FORWARDS IT TO MICROSOFT AS WELL

    On one hand, where Apple decided to enable hard drive encryption by default, despite the FBI requests not to do so. But on the other, the company is itself putting its users’ privacy on risk. The same data Apple collects from the users’ searched term on Spotlight will also be forwarded to Microsoft’s Bing search engine as Apple freely admits in its terms of service.

     

    When a user has location services on her Mac enabled, some of the data from searches, including location information, is sent to Apple.

    “When you use Spotlight, your search queries, the Spotlight Suggestions you select, and related usage data will be sent to Apple. Search results found on your Mac will not be sent. If you have Location Services on your Mac turned on, when you make a search query to Spotlight the location of your Mac at that time will be sent to Apple. Searches for common words and phrases will be forwarded from Apple to Microsoft’s Bing search engine. These searches are not stored by Microsoft. Location, search queries, and usage information sent to Apple will be used by Apple only to make Spotlight Suggestions more relevant and to improve other Apple products and services,” the disclaimer in Yosemite says.

    HOW TO PROTECT YOURSELF

    Users can turn off Spotlight Suggestions and Bing Web searches in System Preferences which are enabled by default, noted the company.

    A developer has created a Python script which you can  Download The Script  from our site to prevent Apple from collecting data, so you can switch off the Spotlight search by going through step-by-step instructions for doing it.

    Disable “Spotlight Suggestions” and “Bing Web Searches” in System Preferences > Spotlight > Search Results.

    Safari also has a “Spotlight Suggestions” setting that is separate from Spotlight’s “Spotlight Suggestions.” This uses the same mechanism as Spotlight, and if left enabled, Safari will send a copy of all search queries to Apple.

    You’d be forgiven for thinking that you’d already disabled “Spotlight Suggestions,” but you’ll also need to uncheck “Include Spotlight Suggestions” in Safari > Preferences > Search.

    “Yosemite Spotlight’s default sending of precise location and search terms is probably the worst example of ‘privacy by design’ I’ve seen yet.

    On the security side of things, Yosemite includes fixes for dozens of vulnerabilities, several of which can result in remote code execution. Yosemite includes a patch for the Bash Shellshock vulnerability as well as fixes for flaws in a number of components, such as the app sandbox, IOKit, the OS X kernel and many others. One of the more serious issues fixed in this release is a problem with the 802.1x implementation that could allow an attacker to get the user’s credentials.

    “An attacker could have impersonated a WiFi access point, offered to authenticate with LEAP, broken the MS-CHAPv1 hash, and used the derived credentials to authenticate to the intended access point even if that access point supported stronger authentication methods. This issue was addressed by disabling LEAP by default,” Apple said in its advisory. 

    There’s also a fix for a vulnerability in the way that OS X handled altered apps.

    “Apps signed on OS X prior to OS X Mavericks 10.9 or apps using custom resource rules, may have been susceptible to tampering that would not have invalidated the signature. On systems set to allow only apps from the Mac App Store and identified developers, a downloaded modified app could have been allowed to run as though it were legitimate. This issue was addressed by ignoring signatures of bundles with resource envelopes that omit resources that may influence execution,” the advisory says.

    In the new version of iTunes, Apple has fixed a bug that could allow an attacker with man-in-the-middle position to crash iTunes or execute arbitrary code. The release of iTunes 12.01 also includes patches for dozens of memory corruption vulnerabilities in WebKit.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw

    Posted on by admin Comment
    Microsoft Patches 3 Zero-day Vulnerabilities actively being Exploited in the Wild

    As part of monthly patch update, Microsoft released eight security bulletins on Tuesday that address dozens of vulnerabilities including a zero-day flaw reportedly being exploited by Russian hackers to target NATO computers and a pair of zero-day Windows vulnerabilities that attackers have been exploiting to penetrate major corporations’ networks.

    Just a day before yesterday, our team reported you about a Zero-day vulnerability discovered by the cyber intelligence firm iSight Partners affecting all supported versions of Microsoft Windows and is being exploited in a five-year old cyber-espionage campaign against the Ukrainian government and U.S organisations.

    Researchers at FireEye found two zero-day flaws, used in separate, unrelated attacks involving exploitation of Windows kernel, just a day after iSight partners disclosed zero-day in Windows. The pair of zero-day vulnerabilities could allow an attacker to access a victim’s entire system.

     

    According to the researchers at FireEye, the two of three so-called zero-day flaws are being actively exploited in the wild by hackers and are being used as “part of limited, targeted attacks against some major corporations.”

    Microsoft updates for the month of October 2014 Patch Tuesday address several vulnerabilities in all currently supported versions of Windows, Internet Explorer, Office, Sharepoint Server and the .Net framework. Three of the bulletins are marked “critical” and rest are “important” in severity. Systems administrators are recommended to apply the patches immediately for the critical updates.

    The zero-day flaw (CVE-2014-4114) discovered by iSight partners in all supported versions of Microsoft Windows and Windows Server 2008 and 2012 that is being exploited in the “Sandworm” cyberattack, are patched as part of MS14-060. Microsoft rated Bulletin MS14-060 as important rather than critical because it requires a user to open a Microsoft Office file to initiate the remote code execution.

    The vulnerability [exists in Windows OLE] could allow remote code execution if a user opens a Microsoft Office file that contains a specially crafted OLE object,” Microsoft warned in its bulletin. “An attacker who successfully exploited this vulnerability could run arbitrary code in the context of the current user.” (OLE is Microsoft technology for creating complex documents that contain a combination of text, sound, video and other elements.)

    However, the two zero-days discovered by FireEye are patched as part of MS14-058 and are marked critical. They are designated CVE-2014-4148 and CVE-2014-4113.

    We have no evidence of these exploits being used by the same actors. Instead, we have only observed each exploit being used separately, in unrelated attacks,” FireEye explained.

    CVE-2014-4148 exploits a vulnerability in TrueType Font (TTF) processing. TTF processing is performed in kernel mode as part of the GDI and has been the source of critical vulnerabilities in the past as well.

    The vulnerability affects Windows 8.1/Windows Server 2012 R2, Windows 8/Windows Server 2012, Windows 7/Windows Server 2008 R2 (Service Pack 0 and 1) and Windows XP Service Pack 3. It affects both 32-bit and 64-bit versions of the Operating System, but the attacks have only been observed against 32-bit systems.

    However, CVE-2014-4113 is a local Elevation of Privilege (EoP) vulnerability that affects all versions of Windows including Windows 7, Vista, XP, Windows 2000, Windows Server 2003/R2, Windows Server 2008/R2, Windows 8.x and Windows Server 2012/R2.

    Out of remaining bulletins, two are rated critical, both address remote code execution vulnerability in Internet Explorer and Microsoft .NET Framework respectively. Remaining bulletins are rated important in severity, include elevation of privilege bugs, Security Feature Bypass, and a remote code execution flaw.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • Nearly 7 Million Dropbox accounts Allegdely Hacked

    Posted on by admin Comment

    Internet users have faced a number of major privacy breaches in last two months. Major in the list are The Fappening, The Snappening and now the latest privacy breach in Dropbox security has gained everybody’s attention across the world.

    Dropbox, the popular online locker service, appears to have been hacked by an unnamed hacker group. It is still unclear how the account details of so many users were accessed and, indeed, if they are actually legitimate or not. However, the group claims to have accessed details from nearly 7 million individual accounts and are threatening to release users’ photos, videos and other files.

    HACKERS CLAIMED TO RELEASE 7 MILLION USERS’ PERSONAL DATA

    A thread surfaced on Reddit today that include links to files containing hundreds of usernames and passwords for Dropbox accounts in plain text. Also a series of posts with hundreds of alleged usernames and passwords for Dropbox accounts have been made to Pastebin, an anonymous information-sharing site.

    Hackers have already leaked about 400 accounts by posting login credentials, all starting with the letter B, and labelled it as a “first teaser…just to get things going“. The perpetrators are also promising to release more more password details if they’re paid a Bitcoin ransom.

    More Bitcoin = more accounts published on Pastebin. As more BTC is donated, More pastebin pastes will appear.”

    The security breach in Dropbox would definitely have bothered its millions of users and since passwords are involved in this incident, so it has more frightening consequences on its users. Reddit users have tested some of the leaked username and password combinations and confirmed that at least some of them work.

    DROPBOX DENIED THE HACK – THIRD PARTY IS RESPONSIBLE

    However, Dropbox has denied it has been hacked, saying the passwords were stolen apparently from third-party services that users allowed to access their accounts. In a statement to The Next Web, Dropbox said:

    Dropbox has not been hacked. These usernames and passwords were unfortunately stolen from other services and used in attempts to log in to Dropbox accounts. We’d previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have expired as well.”

    The incident came just few days after the Snappening incident in which the personal images of as much as 100,000 Snapchat users were leaked online, which was the result of a security breach in the its third-party app.

    Snapchat has denied that its service or server was ever compromised, but the servers of a third-party app designed to save Snapchat photos, which became the target for hackers to obtain personal photographs.

    DROPBOX – “HOSTILE TO PRIVACY” SAYS SNOWDEN
    Dropbox was in the news earlier this week when, in a recent interview with The Guardian, NSA whistleblower Edward Snowden called Dropbox a “targeted, wannabe PRISM partner” that is “very hostile to privacy” — referring to its ability to access your data itself, which is yet another security consideration when it comes to web services.Snowden suggested web users to stop using Dropbox and warned them that the cloud storage service does not safeguard users’ privacy because it holds encryption keys and can therefore be forced by governments to hand over the personal data they store on its servers. He suggested people to use an alternative cloud storage provider that do not store any encryption keys, so that the users’ data cannot be read by anyone.

    USERS ARE ADVISED TO CHANGE PASSWORDS

    Until the full scope of the problem is known, it’s probably worthwhile changing your password. But whether the attack is confirmed or not, it’s a good idea to change your password just to be on a safer side — especially for those users who use same password for multiple services.

    Users are also recommended to turn on two-factor authentication, which Dropbox now supports and install a time-based, one-time password app on a mobile device.

    Update: Dropbox has issued a statement on its blog further clarifying that the Dropbox passwords were stolen from “unrelated services.”

    The usernames and passwords…were stolen from unrelated services, not Dropbox,” the company said in a blog post. “Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place that detect suspicious login activity and we automatically reset passwords when it happens.”

    Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.”

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • ONE MILLION people already running Windows 10

    Posted on by admin Comment

     

    Microsoft announced early this week that they have released a Technical Preview of Windows 10. This sounds awesome. Because I always loved the moment when new OS release comes from Microsoft. People were expecting Windows 9 after the previous 8.1 but it was quite surprising that Microsoft Skipped 9 and released Windows 10.

    Microsoft has revealed that a million people have signed up for the Windows Insider Program it is using to offer early access to Windows 10 for those willing to test the operating system’s early iterations.

    Of those crash test dummies, Redmond says 36 per cent are running the OS in a virtual machine.That leaves about 650,000 people running Windows 10 on bare metal.

    Microsoft says

    “Insiders” have delivered “over 200,000” pieces of feedback. If the list of most-requested features Microsoft has presumably allowed to reach Paul Thurrott’s Supersite for Windows is any guide, feedback is not coming from sysadmins: most requests concern minor UI tweaks and aesthetics, although “Make it easier to use a local account” is the third-most-requested new feature.

     

    SNEAKPEAK

    Well if you are not familiar with previous release then Download Windows 8.1 ISO first. Then you can have better picture what changes Microsoft brought in this Metro Style User Interface. There was large community which was preferring Windows 7 on these new Metro Interface operating Systems. That’s why Microsoft had to take a new step. This time they created a Mix of Windows 7 and Windows 8 to create the New Windows 10.

    Windows 10 Download ISO 64 bit Free

    Features of Windows 10 Technical Preview

    Below are some noticeable improvements which you’ll get after Windows 10 Download ISO 32 Bit 64 Bit.

    • New Cleaned Start Menu.
    • Mix of Windows 7 Menu and Windows 8 Metro Interface.
    • Virtual Desktops Feature.
    • Task View Option with Arrays of Virtual Desktops.
    • Dynamically Resizing of Windows Apps.
    • Huge Search Improvements.

    More Features can be seen when you Download Windows 10 ISO.

    Windows 10 Download ISO 32 Bit 64 Bit

    Windows 10 Technical Specs

    • Software Full Name: Windows 10 Technical Preview 32 Bit 64 Bit English
    • Setup File Name: WindowsTechnicalPreview-x86-EN-US.iso (32 Bit), WindowsTechnicalPreview-x64-EN-US.iso (64 Bit)
    • Full Setup Size: 2.93 GB (32 Bit), 3.81 GB (64 Bit)
    • Setup Type: Offline Installer / Full Standalone Setup:
    • Compatibility Architecture: 32 Bit (x86) / 64 Bit (x64)
    • Latest Version Release Added On: 2nd Oct 2014
    • License: Free
    • Developers: Microsoft

    Minimum System Requirements for Windows 10

    Before you start Windows 10 Download ISO 32 Bit 64 Bit, Make sure you PC meets minimum system requirements.

    • Processor: 1 GHz
    • Memory (RAM): 1 GB (For 32 Bit), 2 GB (For 64 Bit)
    • Space: 16 GB Free Hard Disk Space

    Microsoft’s not saying when the feedback will result in a new release of of the OS, or when it will go on sale. ®


    📂This entry was posted in Computer News 📎and tagged

  • Snapchat Hacker Threatens to Leaked thousands of Nude Celebriti Images

    Posted on by admin Comment

     

    The waves of celebrities nude photos have not yet stopped completely, and a new privacy threat has emerged exposing tens of thousands of private photographs and videos of innocent users are circulating over the Internet.

    The personal image that are believed to be sent through Snapchat — the ephemeral messaging service that allows users to send pictures that should disappear after a few seconds — has been floating on the image based 4chan’s notorious /b/ board since last night. The incident was result of a security breach in an unofficial third-party app for Snapchat.

    Earlier this week, an anonymous 4chan user claimed to have obtained images on Snapchat and then the user warned of releasing thousands of nude videos and images sent using Snapchat soon in an event dubbed ‘The Snappening’.

    Previously, It was believed that the official SnapChat mobile app or its servers had been hacked by the hackers, and the third-party Snapchat client app has been collecting every photo and video file sent through the messaging service for years, giving hackers access to a 13GB private Snapchat files.

    But Snapchat has denied that its service was ever compromised. Earlier today, Snapchat issued a statement about the “Snappening” and blamed its consumers for using unofficial and unauthorized third-party apps.

    “We can confirm that Snapchat’s servers were never breached and were not the source of these leaks,’ a Snapchat representative said in a statement. “Snapchatters were victimised by their use of third-party apps to send and receive Snaps, a practice that we expressly prohibit in our Terms of Use precisely because they compromise our users’ security. We vigilantly monitor the App Store and Google Play for illegal third-party apps and have succeeded in getting many of these removed.“

    The most worrying part for the users is that Snapchat was right. The personal data is supposed to be obtained from a website called SnapSaved.com — an external app used by a number of Snapchatters in order to save Snapchat photos without the sender knowing — which has been inactive for the past few months and is apparently independent of the official Snapchat service.

    However, Business Insider has pointed to SnapSaved.com, a site which is no longer functional, and the SnapSave app as potential sources of the leak. Meanwhile, an assortment of photos has been traced back to SnapchatLeaked.com — site also posted personal and nude photos of Snapchat users, indicating that the photos could have been circulating for months.

    “The Snappening” is named in reference to the recent celebrity nude photos leak that was called “The Fappening.” The incident comes just weeks after thousands of celebrity nude images were leaked online through 4chan website, following a hack of Apple’s iCloud.

    Snapchat was first hacked in December 2013 when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass The most worrying part for the users is that Snapchat was right. The personal data is supposed to be obtained from a website called SnapSaved.com — an external app used by a number of Snapchatters in order to save Snapchat photos without the sender knowing — which has been inactive for the past few months and is apparently independent of the official Snapchat service.

    However, Business Insider has pointed to SnapSaved.com, a site which is no longer functional, and the SnapSave app as potential sources of the leak. Meanwhile, an assortment of photos has been traced back to SnapchatLeaked.com — site also posted personal and nude photos of Snapchat users, indicating that the photos could have been circulating for months.

    “The Snappening” is named in reference to the recent celebrity nude photos leak that was called “The Fappening.” The incident comes just weeks after thousands of celebrity nude images were leaked online through 4chan website, following a hack of Apple’s iCloud.

    Snapchat was first hacked in December 2013 when 4.6 million Snapchat users were exposed in a database breach. Later, the denial-of-service attack and CAPTCHA Security bypass vulnerabilities were discovered by the researchers at the beginning of this year.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • TripAdvisor’s Viator Hit by Massive 1.4 Million Payment Card Data Breach

    Posted on by admin Comment


    TripAdvisor’s Viator Hit by Massive 1.4 million Payment Card Data Breach
    TripAdvisor has reportedly been hit by a massive data breach at its Online travel booking and review website Viator, that may have exposed payment card details and account credentials of its customers, affecting an estimated 1.4 million of its customers.

    The San Francisco-based Viator, acquired by TripAdvisor – the world’s largest travel site – for £122 million (US$ 200 million) back in July, admitted late on Friday that the intruders have hacked into some of its customers’ payment card accounts and made unauthorized charges.

    The data breach was discovered in the bookings made through Viator’s websites and mobile offerings that could potentially affect payment card data.

    Viator said that the company has hired forensic experts to figure out the extent of the breach. Meanwhile, the company has begun notifying its affected customers about the security breach as said by the travel outfit in a press release.

    “On September 2, we were informed by our payment card service provider that unauthorized charges occurred on a number of our customers’ credit cards,” Viator wrote. “We have hired forensic experts, notified law enforcement and we have been working diligently and comprehensively to investigate the incident, identify how our systems may have been impacted, and secure our systems.”

    “While our investigation is ongoing, we are in the process of notifying approximately 1.4 million Viator customers, who had some form of information potentially affected by the compromise.”

    During investigation it found that the cybercriminals have broken into its internal databases and accessed the payment card data – including encrypted credit or debit card number, card expiration date, name, billing address and email address – of approximately 880,000 customers, and possibly their Viator account information that includes email address, encrypted password and Viator ‘nickname.’

    Additionally, the intruders may have also accessed the Viator account information, including email addresses and encrypted passwords, of over 560,000 Viator customers.

    According to the company, Debit-card PIN numbers were not included in the breach because Viator does not store them. The travel advisor said that they believe that the CVV number, the security numbers printed on the back of the customer’s credit card, were also not stolen in the breach.

    For those who are affected by the breach in United States, Viator is offering them identity protection and credit card monitoring services for free and and the company is also investigating the possibility of offering similar services to customers outside the country.

    Meanwhile, the company has warned its affected customers to regularly monitor their card activity and report any fraudulent charges to their card company. “Customers will not be responsible for fraudulent charges to their accounts if they are reported in a timely manner,” Viator said.

    Viator also recommends its users to change their password for the site, as well as all other websites that uses the same credentials.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News Virus Threats 📎and tagged

  • Keylogger Optimized with AutoIT Infected Thousands of Computers

    Posted on by admin Comment

    A new surge of malware has been discovered which goes on to infect hundreds of thousands of computers worldwide and allegedly steals users’ social and banking site credentials.

     

    Few days back, a list of 5 million combinations of Gmail addresses and passwords were leaked online. The search engine giant, Google said that Gmail credentials didn’t come from the security breaches of its system, rather the credentials had been stolen by phishing campaigns and unauthorized access to user accounts.

     

    Just now, we come across another similar incident where cyber criminals are using a malware which has already compromised thousands of Windows users worldwide in an effort to steal their Social Media account, Online account and Banking account Credentials.

     

    A Greek Security Researcher recently discovered a malware sample via a spam campaign (caught in a corporate honeypot), targeting large number of computers users rapidly. He investigated and posted a detailed technical analyses of the malware on his blog.

     

    After reverse engineer the malware sample file, he found that the cybercriminals are using a combination of software AutoIT (Automate day-to-day tasks on computers) and a “commercial” Keylogger named “Limitless Keylogger” to make it FUD i.e. Fully Undetectable from static analysis.

     

    Keylogger is a critical type of software program for cyber criminals, which records every input typed into the keyboard and easily detects passwords for users’ Email accounts, Social Media accounts and Online Bank accounts.

     

    This malicious application captures every keystrokes users press and send them to a specified email address linked to the cyber criminal. More interestingly, the malware uses AutoIT in order to evade detection by Antivirus programs.

     

    Limitless Keylogger Optimized with AutoIT Infected thousands of Computers

     

    The malware distributed in the spam campaign comes as a WinRAR SFX executable file with a custom icon which drops 4 malicious files onto the victim’s computers with hidden and system attributes.

     

    The Malware archive includes:

     

    • AutoIT script ‘update.exe’ of 331MB
    • Python script to “deobfuscate” AutoIT script
    • oziryzkvvcpm.AWX – Settings for AutoIT script
    • sgym.VQA – Another Encrypted malware/Payload Binary
    Initially the obfuscated AutoIT Script is of size 331MB, because it contains lots of garbage content, but after deobfuscate process it becomes only 55kbyte in size with clean malicious code.

     

    Researcher found lot of functions and various functionalities in the malware code those allow the malicious software to protect itself from detection.

     

    On Further reserve engineering, he found that the malware sends the collected keystroke data to the cybercriminal via SMTP email server. So he sniffed the whole conversation of malware SMTP traffic and discovered that the keylogger was sending all keystrokes of the user, screenshots, recovery data (saved passwords from several applications/browsers) to an email ID – “ontherun4sales@yandex.ru”.

     

    He also extracted the hardcoded SMTP email ID username and passwords of the respective Yandex mail address from the malware source code.
    Limitless Keylogger Optimized with AutoIT Infected thousands of Computers
    Researcher told SecNews, “The detection was accomplished in the past few days and found that the malware was being Greek is targeting users (minimum numerical cases).
    Possibly some Indonesian hackers might have used the malicious software available on the Russian hacking forum sites” they said. “and the targets are well known companies from retail industry,oil,airlines etc
    At last, the researcher also disclosed some online FTP servers using Google hacks, where the data has been uploaded by the different variants of the Limitless Logger by various hacking groups.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News Virus Threats 📎and tagged

  • Cell phone Users can be Secretly tracked Across the globe thanks to SS7 Tracking System

    Posted on by admin Comment
    Since we are living in an era of Mass surveillance conducted by Government as well as private sector industries, and with the boom in surveillance technology, we should be much worried about our privacy.
    According to the companies that create surveillance solutions for law enforcement and intelligence agencies, the surveillance tools are only for governments. But, reality is much more disappointing. These surveillance industries are so poorly regulated and exceedingly secretive that their tools can easily make their way into the hands of repressive organizations.
    Private surveillance vendors sell surveillance tools to governments around the world, that allows cellular networks to collect records about users in an effort to offer substantial cellular service to the agencies. Wherever the user is, it pinpoint the target’s location to keep every track of users who own a cellphone — here or abroad.
    We ourselves give them an open invitation as we all have sensors in our pockets that track our every move wherever we go.
    WHAT WENT WRONG
    The tracking technology takes advantage of the SS7, a global network, which is unfortunately vulnerable.
    SS7 or Signaling System Number 7 is a protocol suite used by most telecommunications operators throughout the world to communicate with one another when directing calls, texts and Internet data. It allows cell phone carriers to collect location information from cell phone towers and share it with each other. A United States carrier will find its customer, no matter if he or she travels to any other country.
    The Washington Post published an awesome article on surveillance technology that can track cell phone users anywhere in the world. Surveillance vendors also now have access to SS7, so that their customers can home in on somebody’ locations as precisely as within a couple of city blocks (or in rural areas, a couple of miles).
    These systems are so effective that it can even detect how fast a person on a city street is walking, or the speed a person’s car is traveling!

    The system was built decades ago, when only a few large carriers controlled the bulk of global phone traffic. Now thousands of companies use SS7 to provide services to billions of phones and other mobile devices, security experts say,” explains the post.

    All of these companies have access to the network and can send queries to other companies on the SS7 system, making the entire network more vulnerable to exploitation. Any one of these companies could share its access with others, including makers of surveillance systems.

    SS7 TRACKING SYSTEM PAIRED UP WITH ‘CATCHERS’
    It is believe that dozens of countries have bought or leased this surveillance technology in the last few years. Having a close look at such tools, it has been discovered that some of the companies that sell SS7 tracking system are advising their customers to pair them with “IMSI catchers” or StingRays.
    StingRays are common surveillance devices that allow law enforcement to mimic a cell phone tower, and track users position who connect to it, and sometimes even intercept calls and Internet traffic, send fake texts, install spyware on a phone, and determine precise locations.

    What’s interesting about this story is not that the cell phone system can track your location worldwide,” said Bruce Schneier, a senior security researcher. “That makes sense; the system has to know where you are. What’s interesting about this story is that anyone can do it.”

    Privacy advocates are not only worried by governments getting their hands on these systems, but also about hackers and criminal gangs using it.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged

  • New file-encrypting ransomware called CryptoGraphic Locker

    Posted on by admin Comment

    A new file-encrypting ransomware was discovered today by BartBlaze called CryptoGraphic Locker. Just like other encrypting ransomware, this infection will scan your your data files and encrypt them so that they are unusable. The infection will then display a ransom note that requires you to purchase the decryption key in order to decrypt your files. The initial cost to purchase the key is .2 BTC, or approximately $100 USD, which makes this one of the cheaper ransoms that we have seen in a long time. Though the ransom starts out small, there is a 24 hour timer built into the application that will increase the ransom amount each time it hits 0.

    Computer Virus Removal in Fort Lauderdale
    Cryptographic Locker

    When you are infected with CryptoGraphic Locker, the application will configure itself to start when you login to Windows. It will then scan your drives for data files and create new encrypted copies using AES encryption and then delete the old ones. These new files will be renamed to have the extension .clf. A list of all encrypted files will be stored in the %Temp%\CryptoLockerFileList.txt file. The data files that CryptoGraphic Locker targets are:

    .odt,.ods,.odp,.odm,.odc,.odb,.doc,.docx,.docm,.wps,.xls,.xlsx,.xlsm,.xlsb,.xlk,.ppt,.pptx,.pptm,.mdb,.accdb,.pst,.dwg,.dxf,.dxg,.wpd,.rtf,.wb2,.mdf,.dbf,.psd,.pdd,.pdf,.eps,.ai,.indd,.cdr,.dng,.3fr,.arw,.srf,.sr2,.mp3,.bay,.crw,.cr2,.dcr,.kdc,.erf,.mef,.mrw,.nef,.nrw,.orf,.raf,.raw,.rwl,.rw2,.r3d,.ptx,.pef,.srw,.x3f,.lnk,.der,.cer,.crt,.pem,.pfx,.p12,.p7b,.p7c,.jpg,.png,.jfif,.jpeg,.gif,.bmp,.exif,.txt

    When the infection has finished encrypting your data it will display a ransom screen that explains how you can pay the ransom and decrypt your files. Unlike other file-encrypting ransomware that have been released lately, instead of using a decryption site, the malware application itself allows you to make payments, receive your decryption keys, enter your key to decrypt files, etc. While the infection is running it will also terminate the following applications if they are started or are running: Process Hacker, MalwareBytes, Spyhunter, Msconfig, Task Manager, Registry Editor, System Restore, or Process Explorer.

    Last, but not least, the infection will also change your Windows desktop background to the background below. Suprisingly, it uses the CryptoLocker name in the wallpaper instead of the CryptoGraphic Locker name that it uses in the application window.

    wallpaper.jpg

    At this time the Command & Control servers are down, so there is no way to pay the ransom. There is, though, some good news for those who are infected. This ransomware does not delete files using a secure deletion method and does not wipe your system restore points. Therefore you can use a file recovery tool to undelete your files or a program like Shadow Explorer to restore your files from Shadow Volume Copies. Information on how to restore your files from Shadow Volume Copies can be found in the CryptoLocker guide.

    Thanks to BartBlaze, Decrypterfixer, and Cody Johnston for providing info on this malware.

    File additions and registry changes are:

    %Temp%\CryptoLockerFileList.txt
%Temp%\wallpaper.jpg
<Path to Dropper>\<random.exe

HKCU\Control Panel\Desktop\Wallpaper	"C:\Users\User\AppData\Local\Temp\wallpaper.jpg"(old value="")
HKCU\Control Panel\Desktop\WallpaperStyle	"1"(old value="10")
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\CLock

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable

    Greased Lightbox

    +

    Loading image

    Click anywhere to cancel

    Image unavailable


    📂This entry was posted in Virus Threats 📎and tagged

  • Rise in Anti-Child Porn Spam Protection Ransomware infections

    Posted on by admin Comment

    This ransomware pretends to be from a legitimate government organization that states that the infected computer is sending out SPAM that contains links to child pornography sites. The ransom program then states that in order protect yourself, and others, it has encrypted your data using Advanced Encryption Standards, or AES, encryption. Just like the Malware Protection and the ACCDFISA Protection Program variants, these files are not actually encrypted but are password protected RAR files.

    sl.png

    ScreenLocker window for ACCDFISA v2.0, There are actually a few different versions of this. ACCDFISA v2.0 HTML file, These can be worded slightly different, and can have different emails to message the virus creator.

    There seems to be either a leak of the ACCDFISA v2.0 source, or the creator is mixing up the layout of Ransom Note, Screen Locker, and even the internal code. So far I have found 3 different version of ACCDFISA v2.0 with different contact emails, Ransom Notes, Code, and what is worse is even the method of delivery. The previous ACCDFISA v2.0 mostly only affected servers with RDP enabled with weak security. But the last 2 victims I have been messaging had neither a server or RDP enabled, and claimed to have gotten it either by email or a malicious or hacked site. This makes this older modified infection another top placer for worst encrypting infections because the key is unrecoverable, Restore Points are wiped, the computer is locked down, services are mangled, free space and deleted files are wiped with SDelete, and of course files are encrypted with WinRar SFX AES exe’s.

    For informational purposes, the 2 virus creator emails I have found with these variants are brhelpinfo@gmail.com and Dextreme88@gmail.com.

    When first run, this program will scan your computer for data files and convert them to password protected RAR .exe files. These password protected data files will be named in a format similar to test.txt(!! to decrypt email id <id> to <Email>@gmail.com !!).exe. It will then use Sysinternal’s SDelete to delete the original files in such a way that they cannot be undeleted using file recovery tools. It will also set a Windows Registry Run entry to start c:\<Random Number>\svchost.exe when your computer starts. This program is launched immediately when you logon and blocks access to your Windows environment. If you boot your computer using SafeMode, Windows Recovery disk, or another offline recovery CD, you can delete or rename the c:\<Random Number>\svchost.exe file in order to regain access to your Windows Desktop. This “lockout” screen will also prompt you to send the hackers the ransom in order to get a passcode for the system lockout screen and for your password protected files.

    This variant took 3 hours to completely finish on my VM. I was able to access the key file, and decrypt nearly all files and back them up before shutdown. So if you are lucky enough to see this happening, you should immediately backup the key file on the desktop / in the ProgramData folder.

    Sadly, just like the past variants, files cannot be decrypted either without the key, or a backup. If you are reading this infection free I have one question, Have you backed up today?. If not, you better get to it as these types of computer infections are on the rise and definitely here to stay!

    The files that this infection creates when it is installed are:

    File List:

    c:\<Random>\svchost.exe – ScreenLocker / Decrypter

    c:\<Random>\howtodecryptaesfiles.htm – RansomNote that all RansomNotes lnk’s point to

    c:\ProgramData\fdst<Random>\lsassw86s.exe Encrypter / Main dropper

    c:\ProgramData\<Random>\<Random>.dll – Different Numbers and Hashes used by the infection / Also where Temp Key is kept, But removed after completion

    c:\ProgramData\<Random>\<Random>.DLLS List of files to be infected by WinRar

    c:\ProgramData\<Random>\svchost.exe – WinRar CUI renamed

    c:\ProgramData\<Random>\svchost.exe – Sdelete Renamed

    c:\ProgramData\svcfnmainstvestvs\stppthmainfv.dll List of Numbers used by the infection

    c:\ProgramData\svtstcrs\stppthmainfv.dll List of Numbers used by the infection

    c:\Windows\System32\backgrounds2.bmp Renamed ScreenLocker / Decrypter, Used to replace the one in ProgramData if deleted

    c:\Windows\System32\lsassw86s.exe Renamed Encrypter / Main dropper, Used to replace the one in ProgramData if deleted

    c:\Windows\System32\scsvserv.exe Used to complete mangle / disable services to further lock down computer

    c:\Windows\System32\lsassvrtdbks.exe Assists with encryption

    c:\Windows\System32\session455.txt Temp Storage used with .BAT file to logoff user account

    c:\Windows\System32\decryptaesfiles.html Used to copy to ProgramData

    c:\Windows\System32\Sdelete.dll Used to copy Sdelete to ProgramData

    c:\Windows\System32\kblockdll.dll Used to Lock desktop

    c:\Windows\System32\btlogoffusrsmtv.bat Used to log user off

    c:\Windows\System32\default2.sfx Used with winrar to encrypt files

    c:\Windows\System32\cfwin32.dll WinRar CUI renamed

    %Desktop%\<Random>.Txt – Also contains Decrypt Key, But removed after completion

    Registry List:

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe – Launches ScreenLocker

    HKCU\Software\Microsoft\Windows\CurrentVersion\Run C:\<Random>\svchost.exe – Launches ScreenLocker

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run C:\ProgramData\<Random>\svchost.exe – Launches ScreenLocker

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Virus Threats 📎and tagged

  • Microsoft throws old versions of Internet Explorer under the bus

    Posted on by admin Comment

    Come 2016, if you’re not up to date you’re on your own – enjoy your security bugs

    Microsoft has confirmed that it’s ending support for old versions of Internet Explorer, and it’s giving you just shy of 18 months to get up to date.

    Roger Capriotti, director of the IE team, blogged on Thursday that beginning on January 12, 2016, only the most recent version of IE on any supported version of Windows will continue to receive technical support and security updates.

    As of today, that means IE9 on Windows Vista SP2 and Windows Server 2008 SP2, IE10 on Windows Server 2012, and IE11 on any later version of Windows (including Windows Server 2012 R2).

    In fact, the only reason IE9 is still being supported on Vista is because no later versions will run on that little-loved OS. IE9 never won high marks from web devs, and Google, for one, has already discontinued support for it in Gmail and Google Apps.

    “For customers not yet running the latest browser available for your operating system, we encourage you to upgrade and stay up-to-date for a faster, more secure browsing experience,” Capriotti wrote.

    Microsoft is a late convert to web-standards religion, having spent the better part of 20 years releasing browsers that rendered sites in ways that were incompatible with rivals like Firefox, Chrome, and Safari.

    These days, the software giant markets standards compliance as a key feature of IE11, and it has even gone as far as to claim it’s had to build workarounds into its browser to support websites that are coded using the competition’s nonstandard features.

    Redmond even seems to want to atone for its own past bad behavior. It’s now encouraging commercial customers who have built their bespoke web apps for older, patently terrible versions of IE to upgrade to IE11 and use its “Enterprise Mode” to maintain backward compatibility with those standards-shirking browsers.

    Enterprise Mode, which Microsoft shipped with the Windows 8.1 Update and as a standalone patch in April, makes IE11 behave like IE8, even going as far as to announce the old version to websites and ActiveX controls that have been hard-coded for specific browser releases.

    Concurrent with its announcement of the end of support for old IE versions, Microsoft said on Thursday that it will continue to support Enterprise Mode through the full lifecycle of whichever OS IE11 is running on – meaning it will be supported on Windows 7 through January 14, 2020, for example.

    As Microsoft points out, however, most consumers won’t have to worry about much of this – at least until their version of Windows reaches the end of its lifecycle – because they get the latest version of IE installed automatically as a function of Windows Automatic Updates.

    Please Visit our Computer News Website and Blog

    for latest computer repair and online news.

    Local and Online Virus removal and computer repairs anytime, anywhere

    Fort Lauderdale, Miami, Boca Raton, Boynton Beach and all South Florida


    📂This entry was posted in Computer News 📎and tagged