security

security September 24, 2020

Defender Application Control or Defender SmartScreen – what can you do to not be blocked by it

Ever wondered why do you get one of these popups for your Windows program, despite of the fact that it is signed with a standard code signing certificate ? Applications that are signed with a standard code signing certificates need to have a positive reputation in order to pass the Smart Screen filter. Microsoft establishes the reputation of an executable based upon the number of installations world wide of the same application. Since you haven’t published your application as yet (and therefore the reputation hasn’t been established as yet), the Smart Screen will continue to flag the application. If you have a standard code signing certificate, some time will be needed for your application to build trust. Microsoft affirms that an Extended Validation (EV) Code Signing Certificate allows to skip this period of trust building. According to Microsoft, extended validation certificates allow the developer to immediately establish reputation with SmartScreen. Otherwise, for some time, until your application builds trust, the users will see a warning like “Windows Defender Smartscreen prevented an unrecognized app from starting. Running this app might put your PC at risk.”, with the two buttons: “Run anyway” and “Don’t run”. In newer Windows version you see the…

Read More

News, security May 11, 2020

My IT_SecurityNews account nominated for “Best tweeter” account in the European Cybersecurity Blogger Awards

European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS: Vote here . Yes, it is a Google Form… but there is no malware or spam 🙂 Don’t forget to vote IT_SecurityNews! The seventh annual European Cybersecurity Blogger Awards sponsored by Qualys and powered by Eskenzi PR, will be bestowed upon the best cybersecurity bloggers, podcasters, Tweeters, Instagrammers and vloggers in a live virtual event on Tuesday 2nd June 2020. Visit IT Security news and the Twitter account.

automotive, News, security April 22, 2020

A brief history of software vulnerabilities in vehicles

Car Hacking News Timeline 2017-2019 [1] 2019: Hack of an OEM’s automotive cloud via third-party services and tier-1 supplier network 2019: Memory vulnerability at a cloud provider exposed data incl. passwords, API keys, and tokens 2019: A malware infection caused significant production disruption at a car parts manufacturer 2019: Vehicle data exposed during registration allowed for remote denial-of-service attacks on cars 2019: Malware infected the back end, making laptops installed in police cars unusable 2018: An ex-employee breached the company network and downloaded large volumes of personal information 2018: Cloud servers hacked and used for cryptomining 2018: Researchers exploited vulnerabilities of some infotainment systems and gained control of microphones, speakers, and navigation systems 2018: Security issues discovered in 13 car-sharing apps 2018: Researchers demonstrated >10 vulnerabilities in various car models, gaining local and remote access to infotainment, telematics, and CAN buses 2018: EV home chargers could be controlled by accessing the home Wi-Fi network 2017: Rental car companies exposed personal data 2017: Ransomware caused the stop of production across several plants Car Hacking News Timeline 2002-2015 [2] 2015: Researchers remotely sent commands to the CAN bus of a specific car that had an OBD2 dongle installed to control the car’s…

News, Phishing, security October 12, 2018

Targeted phishing on customers of Strato.de

My domain mustaca.com is hosted at Strato.de. I received several such emails, showing that somebody really scrapes the next for finding targets of various ISPs. Lieber Kunde, Wir informieren Sie, dass die Domain mustaca.com ausläuft. Wie kann man sich erneuern ? Der Erneuerungs Vorgang ist schnell und einfach: bestellen Sie einfach online und bezahlen Sie dafür. https://rechnung.strato.de Um die Bestellübersicht und den Betrag, den Sie bezahlen möchten, zu sehen, können Sie sich von dieser Seite erneuern. Was passiert, wenn ich mich nicht erneuere ? Im Falle einer Nichterneuerung werden die Dienste am Tag nach dem Ablauf deaktiviert und die Domain wird nicht mehr sichtbar. Herzliche Grüße STRATO AG Pascalstrae 10 10587 Berlin ———————————————————————— Vorsitzender des Aufsichtsrates: René Obermann Vorstand: Dr. Christian Being (Vorsitz), Christoph Steffens, René Wienholtz Amtsgericht Berlin-Charlottenburg HRB 79450 And this is how the page looks like:

News, security February 27, 2018

Microsoft takes on Potentially Unwanted Applications

Starting March 1, 2018, Windows Defender Antivirus and other Microsoft security products will classify programs that display coercive messages as unwanted software, which will be detected and removed. If you’re a software developer and want to validate the detection of your programs, visit the Windows Defender Security Intelligence portal.   Unwanted software Identifying and analyzing unwanted software is a complex challenge. New forms of unwanted software are constantly under development. The same technology that can make software unwanted also appears in software that you want to keep and use (such as antivirus or antimalware software). It’s not always possible to automatically determine whether a program is something you want to keep or something you want to remove.   Evaluation criteria Microsoft researchers use the following categories to determine whether to add a program to the definition library, and what classification type, risk level, and recommendation to give it: Unwanted behavior: The software runs unwanted processes or programs on your PC, does not display adequate disclosures about its behavior or obtain adequate consent, prevents you from controlling its actions while it runs on your computer, prevents you from uninstalling or removing the program, prevents you from viewing or modifying browser features or settings, makes misleading or inaccurate claims…

privacy, security November 27, 2017

Chrome will distrust SSL certificates generated by Symantec

I reviewed the headers of my IT Security News website https://www.itsecuritynews.info/ in order to add HSTS. This is what I can see in the headers.   The certificate used to load https://www.itsecuritynews.info/ uses an SSL certificate that will be distrusted in an upcoming release of Chrome. Once distrusted, users will be prevented from loading this resource. See https://g.co/chrome/symantecpkicerts for more information.   Source: https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html Checking the article, I see some disturbing news:   Information For Site Operators Starting with Chrome 66, Chrome will remove trust in Symantec-issued certificates issued prior to June 1, 2016. Chrome 66 is currently scheduled to be released to Chrome Beta users on March 15, 2018 and to Chrome Stable users around April 17, 2018. If you are a site operator with a certificate issued by a Symantec CA prior to June 1, 2016, then prior to the release of Chrome 66, you will need to replace the existing certificate with a new certificate from any Certificate Authority trusted by Chrome. Additionally, by December 1, 2017, Symantec will transition issuance and operation of publicly-trusted certificates to DigiCert infrastructure, and certificates issued from the old Symantec infrastructure after this date will not be trusted in Chrome.     Strato…

security, Spam & Phishing October 27, 2017

Targeted Phishing against Strato.de

We have ta lot of phishing attempts in German against Strato.de:   Subject: Wir haben ein Abrechnungsproblem festgestellt. Sehr geehrter Kunde, Wir haben ein Abrechnungsproblem festgestellt. Diese Art von Fehlern zeigt normalerweise an, dass die Kreditkarte abgelaufen ist oder Ihre Rechnungsadresse ist ungültig. Klicken Sie auf den folgenden Link, um Ihre Informationen zu aktualisieren: https://www.strato.de/apps/CustomerService#/skl Herzliche Grüße ___________________________ Kundenbetreuung Strato S.p.A. www.strato.de ___________________________   Subject:Du hast eine Schuld von 5,00 € Strato Kundendienst BP 438 – 75366 Berlin CEDEX 08 Germaney Sehr geehrter Kunde, Du hast eine Schuld von 5,00 € Ein Betrag von 5,00 € ist für die Erneuerung Ihrer Dienstleistungen fällig. Informationen : Um die Unterbrechung Ihrer Strato-Dienste zu vermeiden, möchten wir Sie bitten, Ihre Situation so schnell wie möglich zu regeln und Ihre Zahlung per Kreditkarte 24/7 zu tätigen. Greifen Sie auf Ihr Zahlungsformular zu. Herzliche Grüße ___________________________ Kundenbetreuung Strato S.p.A. www.strato.de ___________________________     They are using shorteners at http://t.co  

automotive, News, security October 26, 2017

Cybersecurity Engineering in the Automotive industry

A lot is happening in the Automotive industry these days. It has to do with connectivity, autonomous driving, autonomous parking, and so on. All these have one thing in common: they are producing extremely large amounts of data which needs to be processed in the backend by very powerful computers. When we talk connectivity, we MUST talk about cybersecurity.   This is why the Automotive industry has started to take this very seriously: We have the  ISO/SAE AWI 21434 : Road Vehicles — Cybersecurity engineering which is in the preparation stage We have the European Automobile Manufacturers’ Association (ACEA) who have released the “Principles of Automobile Cybersecurity“ ACEA represents currently the 15 Europe-based car, van, truck and bus manufacturers (Source): BMW Group, DAF Trucks, Daimler, Fiat Chrysler Automobiles, Ford of Europe, Hyundai Motor Europe, Iveco, Jaguar Land Rover, Opel Group, PSA Group, Renault Group, Toyota Motor Europe, Volkswagen Group, Volvo Cars, and Volvo Group ACEA and its members have identified a set of six key principles to enhance the protection of connected and automated vehicles against cyber threats. 1. Cultivating a cybersecurity culture 2. Adopting a cybersecurity life cycle for vehicle development 3. Assessing security functions through testing phases: self-auditing & testing 4. Managing a…

antivirus, security, Spam & Phishing August 18, 2017

Targeted Malware on the rise

  Ever wondered what a “spear phishing” is ? Or a “targeted malware” ? See below: It is an email targeted to a member of an organization, which is made to look as legitimate as possible. The difference between normal phishing and malware emails and a targeted one is that the contents of the emails are referring to locations or persons of the organization being targeted. In this case, Avira: as you can see below, there are apparent links to internal locations. Of course, they are all fake (like in phishing). In reality, they point to malicious documents and locations which have nothing to do with the company.   The interesting part here is that the email is made to look as if I send the first email and this “Cameron” is replying to my email. This is social engineering to its best. Avira will block the content as W2000M/Dldr.Agent.CG and the URLs.  

security August 14, 2017

Experiment started: HTTPS for ITSecurityNews.info

The Internet is telling everyone to switch to HTTPS for various reasons: better security better SEO from the search engines (read: Google) others While I agree with most of the reasons, I think that it is not really necessary for a read-only news portal to have HTTPS. It is no secret transferred, no login, nothing… Just text and links. And Ads… 🙂 So, my hosting provider Strato is giving me a free SSL certificate. After a long thinking and testing, I activated it for ItSecurityNews.info. From now on, you’ll be redirected to the HTTPS://ItSecurityNews.info even if you just type ItSecurityNews.info or http://www.ItSecurityNews.info   Let’s see how much visitors this brings … or takes.

%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close