General

People have started to read more about security !

Remember by Free eBook “Improve your security” available for free at https://www.improve-your-security.org ? It looks like I started to get more customers since the Corona Pandemic.     There are almost 1000 readers ! Go ahead and download your copy for free: https://www.improve-your-security.org/download/


How to stay safe when being exclusively online

EN https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_final.pdf DE https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_de.pdf RO https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_ro.pdf More here: https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/make-your-home-cyber-safe-stronghold    Recommendations: Wi-Fi: always change the default router password Install antivirus software on all devices connected to the internet Choose strong and different passwords  for your email and social media accounts Review your apps’ permissions and delete those you don’t use Back up your data and run regular  software updates Secure electronic devices with passwords, PIN or biometric information Review the privacy  settings of your social media accounts Online shopping safety tips Buy from reliable online vendors and check individual ratings Think twice: if an offer sounds too good to be true, it probably is Use credit cards when shopping online for stronger customer protection Check your bank account often for suspicious activity   DO NOT: Reply to suspicious messages or calls Open links and attachments in unsolicited emails and text messages Share your bank card details or personal financial information Buy things online that seem to be sold out everywhere else Send money upfront to someone you don’t know Share news that doesn’t come from official sources Make donations to charities without double-checking their authenticity                              …


Bitcoin scam related to the Corona virus

As I mentioned before, there is a lot going on in the cyberspace related to the Corona virus. Unfortunately, many of the things circulating are scams or information that direct to malware. This is an email circulating currently in massive waves in various languages (here in German):   Hallo Sorin Mustaca Falls Sie es noch nicht gehört haben – Bitcoin wird voraussichtlich vor Ende des Jahres über 100.000 Euro erreichen! Das ist 5mal höher als der Höchststand von 2017. Die Prognosen beruhen auf der Ankündigung großer Unternehmen wie Facebook und Uber, dass sie dieses Jahr in die Krypto-Arena einsteigen werden. Wir bieten Ihnen einen Platz auf unserer privaten Anlageplattform – Sie können Ihr kostenloses Konto sofort registrieren und Ihre Reise noch heute beginnen. Ihre Investitionskosten: 250$ Erstellen Sie ein kostenloses Konto   Freundliche Grüße BTC-Era Unsubscribe   They are requesting me to invest 250$ in BTC with the promise that by the end of the year a BTC will be 100K EUR worth. Stay away from such platforms … 🙂


Defending Against COVID-19 Cyber Scams

I personally did not see a scam like this yet, so I quote here the CISA Newsletter.Source: National Cyber Awareness System:   Defending Against COVID-19 Cyber Scams 03/06/2020 01:53 PM EST Original release date: March 6, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19. CISA encourages individuals to remain vigilant and take the following precautions. Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information. Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information. Review CISA Insights on Risk Management for COVID-19 for…


Products of big security companies flagged as deceptors by Appesteem

Appesteem maintains the Deceptor list, a list of programs who do not respect their requirements. The deceptor list contains most of the time emergent products who want to make $$$ very fast by using some gray-area techniques. I personally have never seen a product of any established company in this list.   To my surprize, while working on the VB Conference paper described in the previous post , I saw two products: Avast Driver Updater since August 5 :   There is a bunch of AV companies already blocking the installer/app from running: Dr.Web ESET K7 Malwarebytes Panda Sophos Trend Micro VirIT Webroot Microsoft      AVG TuneUp Premium since June 4th: There is a bunch of AV companies already blocking the installer/app from running: AegisLab BitDefender Emsisoft GData Ikarus Symantec Microsoft   They are both violating the ACR-004. ACR-004:App offers an ongoing subscription service, but does not offer free fixes for the free scan results shown. For Driver Update utility, it can ask for one time fix payment, but not the term based service payment.   If we see the submission date, it is clear that these are no mistakes: they are business models and the companies are not…


ISO27001 and GDPR

We are talking about Article 32 of GDPR: https://gdpr-info.eu/art-32-gdpr/ It basically says that you should have some measures in place in order to protect customer data by reducing the risk of a customer data to be lost or stolen(through a data breach, through classical theft, losing drives, making information public unintentionally an so on).   Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: the pseudonymisation and encryption of personal data; the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. In assessing the appropriate level of security account shall be…


“UNSUBSCRIBE ME!” or how to subscribe to spam lists

If you got one of these emails, do not click the link in it or the button. It will try to send an email to those email addressed below. Of course, it can’t do that automatically, it will open an email with the subject “Unsubscribe me” and the To field prefilled with those email addresses. You would need to send it. Please don’t send it unless you want to receive even more spam ! Why? Because this way you confirm that you are human and actually read the emails . The domains do not work anymore because they used to be (almost all) registered with No-IP.com.       <div style=”MARGIN-BOTTOM: 30px; FONT-SIZE: 18px; font-weight: bold”>Please confirm your Unsubscribe</div> <div style=”margin-bottom: 20px”>To confirm your Unsubscribe, please <a style=”COLOR: #4cbad7; TEXT-DECORATION: none” href=”mailto:info@dropewell.com,contact@damianthorns.com,contact@contact.damnserver.com,contact@contact.blogsyte.com,support@support.ciscofreak.com, support@sandystorme.com,supports@hokkaido-gas.co.jp,supports@marutaka-pax.co.jp,contacts@fareastcafe.co.jp,contacts@summerface.jp, infos@ticket-reg.com?subject=Unsubscribe me” target=”_blank”> <b>click here</b></a> or on the link below.</div>  


Sign files unattended in batch mode while having an eToken (no password popup!) (updated)

Expanding on answers already in this thread, it is possible to provide the token password using the standard signtool program from microsoft. 1. Export your public certificate to a file from the SafeNet Client  2. Find your private key container name   3. Find your reader name  4. Format it all together The eToken CSP has hidden (or at least not widely advertised) functionality to parse the token password out of the container name. The format is one of the following []=name [reader]=name [{{password}}]=name [reader{{password}}]=name Where: reader is the “Reader name” from the SafeNet Client UI password is your token password name is the “Container name” from the SafeNet Client UI Presumably you must specify the reader name if you have more than one reader connected – as I only have one reader I cannot confirm this. 5. Pass the information to signtool /f certfile.cer /csp “eToken Base Cryptographic Provider” /k “<value from step 4>” any other signtool flags you require Example signtool command as follows signtool sign /f mycert.cer /csp “eToken Base Cryptographic Provider” /k “[{{TokenPasswordHere}}]=KeyContainerNameHere” myfile.exeUpdate:This doesn’t work after updating the key.Check this thread for more details: https://stackoverflow.com/questions/17927895/automate-extended-validation-ev-code-signing


With so many breaches, a new industry appeared…

Every week I hear about a new breach that lost millions or billions of accounts and “somebody” publishes them online. Do not forget to register at https://haveibeenpwned.com/ for real-time notification in case your email appeares somewhere online. Here is a new case of Sextorsion – it gets more technical this time. This is another very good attempt to extort money from unsuspecting and unware people who had their email address and password on some website, which got hacked. We wrote before about sextorsion, even using an old real password of the respective account. However, the fraudsters have taken the extorsion email to a whole new level now. If before the discussion as about some “software” which was downloaded from suspicious websites the receiver of the email visited, now we are talking more seriously. The “spyware software developer” contacted us because he allegedly hacked the Cisco router used to connect to the Internet. There is even a CVE number of the vulnerability: CVE-2018-0296. Now, this might sound very realistic, but even if you would have some knowledge about routers and their security, it is enough just to read the Summary of the exploit: A vulnerability in the web interface of the…



%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close