People have started to read more about security !

Remember by Free eBook “Improve your security” available for free at https://www.improve-your-security.org ? It looks like I started to get more customers since the Corona Pandemic.     There are almost 1000 readers ! Go ahead and download your copy for free: https://www.improve-your-security.org/download/


How to stay safe when being exclusively online

EN https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_final.pdf DE https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_de.pdf RO https://www.europol.europa.eu/sites/default/files/documents/safe-at-home_ro.pdf More here: https://www.europol.europa.eu/activities-services/public-awareness-and-prevention-guides/make-your-home-cyber-safe-stronghold    Recommendations: Wi-Fi: always change the default router password Install antivirus software on all devices connected to the internet Choose strong and different passwords  for your email and social media accounts Review your apps’ permissions and delete those you don’t use Back up your data and run regular  software updates Secure electronic devices with passwords, PIN or biometric information Review the privacy  settings of your social media accounts Online shopping safety tips Buy from reliable online vendors and check individual ratings Think twice: if an offer sounds too good to be true, it probably is Use credit cards when shopping online for stronger customer protection Check your bank account often for suspicious activity   DO NOT: Reply to suspicious messages or calls Open links and attachments in unsolicited emails and text messages Share your bank card details or personal financial information Buy things online that seem to be sold out everywhere else Send money upfront to someone you don’t know Share news that doesn’t come from official sources Make donations to charities without double-checking their authenticity                              …


Nigerian Scam ? No, COVID-19 scam, from China

I sometimes can’t stop to ask myself if the scammers are actually human beings with feelings of loss and tragedy and if they have the same concerns as the normal citizens. I guess they are not, because otherwise you can’t explain this:   Hello friend, I intend to give out some portion of my wealth as a free-will Financial donation to you for the ongoing COVID-19 that was cause by China because am a good citizen of china. Respond to partake. Regards Wang Jianlin CEO: Wanda Group And they even write the name of the virus wrong in the subject : CONVID instead of COVID The email contains also some tracking pixel in the HTML content, pointing to tracking.net.


Bitcoin scam related to the Corona virus

As I mentioned before, there is a lot going on in the cyberspace related to the Corona virus. Unfortunately, many of the things circulating are scams or information that direct to malware. This is an email circulating currently in massive waves in various languages (here in German):   Hallo Sorin Mustaca Falls Sie es noch nicht gehört haben – Bitcoin wird voraussichtlich vor Ende des Jahres über 100.000 Euro erreichen! Das ist 5mal höher als der Höchststand von 2017. Die Prognosen beruhen auf der Ankündigung großer Unternehmen wie Facebook und Uber, dass sie dieses Jahr in die Krypto-Arena einsteigen werden. Wir bieten Ihnen einen Platz auf unserer privaten Anlageplattform – Sie können Ihr kostenloses Konto sofort registrieren und Ihre Reise noch heute beginnen. Ihre Investitionskosten: 250$ Erstellen Sie ein kostenloses Konto   Freundliche Grüße BTC-Era Unsubscribe   They are requesting me to invest 250$ in BTC with the promise that by the end of the year a BTC will be 100K EUR worth. Stay away from such platforms … 🙂


Defending Against COVID-19 Cyber Scams

I personally did not see a scam like this yet, so I quote here the CISA Newsletter.Source: National Cyber Awareness System:   Defending Against COVID-19 Cyber Scams 03/06/2020 01:53 PM EST Original release date: March 6, 2020 The Cybersecurity and Infrastructure Security Agency (CISA) warns individuals to remain vigilant for scams related to Coronavirus Disease 2019 (COVID-19). Cyber actors may send emails with malicious attachments or links to fraudulent websites to trick victims into revealing sensitive information or donating to fraudulent charities or causes. Exercise caution in handling any email with a COVID-19-related subject line, attachment, or hyperlink, and be wary of social media pleas, texts, or calls related to COVID-19. CISA encourages individuals to remain vigilant and take the following precautions. Avoid clicking on links in unsolicited emails and be wary of email attachments. See Using Caution with Email Attachments and Avoiding Social Engineering and Phishing Scams for more information. Use trusted sources—such as legitimate, government websites—for up-to-date, fact-based information about COVID-19. Do not reveal personal or financial information in email, and do not respond to email solicitations for this information. Verify a charity’s authenticity before making donations. Review the Federal Trade Commission’s page on Charity Scams for more information. Review CISA Insights on Risk Management for COVID-19 for…


“Ha‌sta‌xla‌lyvi‌sta‌” says a “ha‌cke‌r” who tries to blackmail me using an obfuscated mail

We’ve seen millions of emails with blackmailing texts containing some username/email address and a password harvested from some hacked website. This one would be just another one, except that the text is obfuscated 🙂 It looks interesting but it is tiresome to try to read it. And why the effort, in the end ? Below is the email. This son of a b** who sent the email took good care to not obfuscate the BTC wallet. Unfortunately, somebody actually paid on 27.2.2020, but I am not sure if this is a victim or not. Here is the relevant part of the header of the email: Received: from asobkjzvu.com ([197.159.64.4]) by mx.google.com with SMTP id d3si5673968oia.236.2020.03.02.07.13.09 for <sorin@mustaca.com>; Mon, 02 Mar 2020 07:13:21 -0800 (PST) Received-SPF: neutral (google.com: 197.159.64.4 is neither permitted nor denied by best guess record for domain of sitjpemaj@asobkjzvu.com) client-ip=197.159.64.4; Authentication-Results: mx.google.com; spf=neutral (google.com: 197.159.64.4 is neither permitted nor denied by best guess record for domain of sitjpemaj@asobkjzvu.com) smtp.mailfrom=sitjpemaj@asobkjzvu.com X-K: live Received: from unknown (15.218.224.6) by qrx.quickslick.com with NNFMP; Mon, 02 Mar 2020 10:11:17 -0500 Received: from unknown (HELO smtp18.yenddx.com) (Mon, 02 Mar 2020 09:53:27 -0500) by relay.2yahoo.com with NNFMP; Mon, 02 Mar 2020 09:53:27 -0500 Received: from…


Interview in sputniknews.com: Experte zu Handy-Hacks: So kann man sich schützen

Experte zu Handy-Hacks: So kann man sich schützen TECHNIK 14:04 04.02.2020Zum Kurzlink Von Bolle Selke Die USA hacken das Handy von Bundeskanzlerin Angela Merkel und Saudi-Arabien das von Amazon-Chef Jeff Bezos? Müssen sich also nur Prominente Sorgen um ihr Smartphone machen? Nein, sagt der IT-Experte Sorin Mustaca im Interview und erklärt, wie man sich schützen kann. Read here the original: https://de.sputniknews.com/technik/20200204326418590-handy-hacks-schutz/ Die USA hacken das Handy von Bundeskanzlerin Angela Merkel und Saudi-Arabien das von Amazon-Chef Jeff Bezos? Müssen sich also nur Prominente Sorgen um ihr Smartphone machen? Nein, sagt der IT-Experte Sorin Mustaca im Interview und erklärt, wie man sich schützen kann. – Herr Mustaca, dass sich Leute wie Jeff Bezos oder Angela Merkel Sorgen um die Sicherheit ihrer Handykommunikation machen müssen ist logisch, aber muss man sich auch als Privatperson darüber Gedanken machen? – „Ich denke schon. Das Geld oder die Vorteile, die man von einer Privatperson bekommt, sind genauso gut, wie die von anderen Quellen. Man darf nicht vergessen, dass jeder von uns ein duales Leben hat: als Privatperson und als Geschäftsperson – egal ob als Angestellter oder Selbstständiger. Ein Lebensteil beeinflusst den anderen, das ist immer so. Die Informationen, die jemand über unser Privatleben hat, beeinflussen daher auch das Geschäftsleben.“ – Immer wieder gibt…


Malicious emails sent in German on behalf of the Post

German users are receiving a lot of such spams these days: It is about a package which allegedly it has its transport costs not paid. (2 €). The user is invited to visit a page where he can be pay this. Verfolgen Sie Ihr Paket: DE3428632-19 STATUS: BEARBEITUNG – VERTEILERZENTRUM BERLIN – Transportkosten VON 2,00 € wurden nicht bezahlt LIEFERUNG ERFOLGT NACH BEZAHLUNG LIEFERKOSTEN BEZAHLEN Useless to say, this is not the usual way to deal with packages, so those which sent the spam have no idea how things work. The link goes to a page delivering a malicious payload.   This is how the email looks like:   Observe the blue marked items. The spammers are either lacking skills, or they think that the users are idiots, or are themselves idiots. The body of the email is one single line of Base64 encoded text. It appears to be sent from an AWS account.     Received: from domain.com (ec2-52-193-124-80.us-west-1.compute.amazonaws.com [35.181.165.41]) by mx.google.com with ESMTP id d8si40042704pgv.61.2019.07.23.01.00.43 for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from smtp.J51G83V9.org (enr2-mrelay-01.ad4123fb38497b9631680eea23dbd0b2.org. ) by mx.google.com with ESMTP id t6si5997511qvm.25.2019.02.12.06.38.06 for ; Fri, 24 Jan 2020 12:43:25 -0500 (EST) Received: from pdr8-services-05v.prod.J51G83V9.org (HELO…


Products of big security companies flagged as deceptors by Appesteem

Appesteem maintains the Deceptor list, a list of programs who do not respect their requirements. The deceptor list contains most of the time emergent products who want to make $$$ very fast by using some gray-area techniques. I personally have never seen a product of any established company in this list.   To my surprize, while working on the VB Conference paper described in the previous post , I saw two products: Avast Driver Updater since August 5 :   There is a bunch of AV companies already blocking the installer/app from running: Dr.Web ESET K7 Malwarebytes Panda Sophos Trend Micro VirIT Webroot Microsoft      AVG TuneUp Premium since June 4th: There is a bunch of AV companies already blocking the installer/app from running: AegisLab BitDefender Emsisoft GData Ikarus Symantec Microsoft   They are both violating the ACR-004. ACR-004:App offers an ongoing subscription service, but does not offer free fixes for the free scan results shown. For Driver Update utility, it can ask for one time fix payment, but not the term based service payment.   If we see the submission date, it is clear that these are no mistakes: they are business models and the companies are not…


My presentation “Challenges for young anti-malware products today” accepted at the Virus Bulletin 2019 Conference in London

I am happy to inform everybody that my presentation “Challenges for young anti-malware products today” was accepted at the Virus Bulletin 2019 Conference in London. This is the abstract: “There are two categories of anti-malware vendors: Established anti-malware vendors, who are preoccupied with getting the best scores in detection tests and capturing more market share. Emerging anti-malware vendors, who are trying to understand what they need to do in order to enter the market. This paper is about the second category of companies: those who are trying to enter the market either because they have identified a small market segment which they think they can serve, or simply because they’ve heard they can make some easy money. None of these emergent companies actually know what it takes to make a ‘real’ anti-virus product. They try to enter the market by creating some software that detects malware using a third-party scanning engine and soon realize that things are much more complicated than estimated: they face a multitude of problems they don’t understand and realize that there are more who want to see them fail than who are able and willing to help them. In this paper I will discuss some of…


%d bloggers like this: