Saturday, 19 March 2016

                                            MAC OS RANSOMWARE
On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware “KeRanger.” The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.
Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site (hxxps://download.transmissionbt.com/files/Transmission-2.90[.]dmg) Transmission is an open source project. It’s possible that Transmission’s official website was compromised and the files were replaced by re-compiled malicious versions, but we can’t confirm how this infection occurred.
fig1
Figure 1 KeRanger hosted in Transmission’s official website
The KeRanger application was signed with a valid Mac app development certificate; therefore, it was able to bypass Apple’s Gatekeeper protection. If a user installs the infected apps, an embedded executable file is run on the system. KeRanger then waits for for three days before connecting with command and control (C2) servers over the Tor anonymizer network. The malware then begins encrypting certain types of document and data files on the system. After completing the encryption process, KeRanger demands that victims pay one bitcoin (about $400) to a specific address to retrieve their files. Additionally, KeRanger appears to still be under active development and it seems the malware is also attempting to encrypt Time Machine backup files to prevent victims from recovering their back-up data.
Palo Alto Networks reported the ransomware issue to the Transmission Project and to Apple on March 4. Apple has since revoked the abused certificate and updated XProtect antivirus signature, and Transmission Project has removed the malicious installers from its website. Palo Alto Networks has also updated URL filtering and Threat Prevention to stop KeRanger from impacting systems.
Posted by at No comments:

Wednesday, 16 March 2016

          HOW TO SPEED UP YOUR INTERNET CONNECTION VIA DNS HACK

There are many ways to get a faster internet speed in Microsoft Windows. Today, I am going to show you a simple DNS hack that can speed up your Web Browsing  dramatically. First, I need to remind you an obvious thing that happens with most of us when we are using a slow internet connection. The only thing we blame is our Internet Service Provider (ISP) for slow internet connection, but this isn’t the only case all the time. Sometimes, the problem lie with our DNS (Domain Name System). So, first let me explain you something about DNS before telling you the method to get a faster internet speed.
What is DNS?

DNS means Domain Name System (Service/Server) is something that converts your domain names into IP addresses.

The domain names are usually alphabetic for us to remember easily, but in actuality the Internet works on IP addresses. The DNS converts the domain name into its corresponding IP address, each time it is used as such. The DNS has a network of its own i.e. one DNS server can ask other DNS servers about translating a specific domain name to its corresponding IP address till it gets the correct result.

Take darkseals.blogspot.com for example the ip address maybe 109.12.231.12

Computers and other devices make use of IP address to route the traffic and it is very much similar to dialing a phone number. DNS acts as an intelligent operator that bypasses the infinite address book of IP addresses. Your DNS manages this huge task.
How an Alternative DNS Service Will Speed Up Your Browsing?

As I mentioned earlier, your tortoise internet speed isn’t always your Internet Service Provider’s fault, instead it may be your DNS’s fault. So why not use an alternative DNS service? As the present web pages continue to become more and more complex by inculcating innumerable things, so clients go for multiple DNS lookups for rendering one single web page. With the continuous growth in web, the existing DNS infrastructure is under more load each day.

Now I’ll tell you to use a free public DNS service that will tell your computer to use that service instead of using your ISP prescribed service and will help you to get a faster internet speed

Recommended for you: How To Make Mozilla Firefox Faster For Web Browsing
How To Speed Up Web Browsing Using DNS Hack?

To get a faster internet speed, I’ll tell you about free OpenDNS service. OpenDNS is one of the most popular free DNS services that was started to provide an alternative method to those who were discontented with their existing DNS.

By following these simple steps, you can tell your computer to use OpenDNS’s DNS servers instead of the ones your service provider automatically uses:

Step 1:

To get a faster internet speed using OpenDNS, first open Control panel.

Step 2:

Go to Network and Internet options.network-and-internet

Step 3:

Now click on Network and Sharing Center.

network-and-sharing-center

Step 4:

Click on your Internet Connection and then click on Properties.

internet-connection

Step 5:
Posted by at 1 comment:

Saturday, 12 March 2016

            THE HACK THE PENTAGON CHALLENGE

The US government’s Department of Defence has announced that it’s inviting hackers to test the department’s cybersecurity as a part of a new pilot program. Hack the Pentagon is the first cyber security bug bounty program in the history of federal government.
As a part of this program, the government will allow qualified cyber security experts to conduct vulnerability analysis of the department’s websites. The government mentions that the program is modeled similarly to that of the nation’s biggest companies to enhance the level of network security.
During the first iteration, the government plans to subject only a selected set of public service to hacking attempts and avoid exposing more sensitive web pages like department’s critical, mission-facing systems.

Who will be allowed to participate in Hack the Pentagon?

Prior to the participation in the pilot program, the hackers need to register and submit to a background check. Once vetted, the hackers will be allowed to hack the specified services under a controlled and limited duration program. The announcement mentions that participants could be eligible for recognition and rewards.
“I am always challenging our people to think outside the five-sided box that is the Pentagon,” said Secretary of Defense Ash Carter.  “Inviting responsible hackers to test our cyber security certainly meets that test.  I am confident this innovative initiative will strengthen our digital defenses and ultimately enhance our national security.”
This program is an initiative of the US Department of Defense’s new division Defense Digital Service (DDS) that’s led by former Microsoft executive Chris Lynch. Mr. Lynch says that he’s using his industry contacts to invite security experts and coders to participate.
It should be noted that during the past years bug bounty programs have become a norm for the tech companies as it allows the tech companies to fix their security loopholes and services before hackers get a chance.
Hack the Pentagon pilot program will go live next month and we’ll be sharing the participation rules and requirement in the upcoming weeks.
Posted by at No comments:

     MICROSOFT NOW PUTS WINDOWS 10 UPDATES IN INTERNET EXPOLER
Microsoft is adding a new weapon to its aggressive Windows 10 push—or at least it appears that it is.
Earlier in the week, Microsoft added what sounds a lot like an advertisement for Windows 10 to its Patch Tuesday release for Internet Explorer, bundling it in with a critical security patch. The new update affects only Windows 7 and 8.1 PCs and brings an upgrade prompt to Internet Explorer 11.
In its description of update KB3146449, Microsoft says it “adds functionality to Internet Explorer 11 on some computers that lets users learn about Windows 10 or start an upgrade to Windows 10.” Or as we common folk call it, an ad.
As Woody Leonhard at InfoWorld first reported, this update will supposedly put a blue banner on the IE11 new tab page that says, “Microsoft recommends upgrading to Windows 10.” ExtremeTech points out this is not the same as the blue banner that pops up when you visit sites like MSN.com recommending an upgrade to Windows 10.
It also appears this ad can’t be stopped by rolling back the update, as it’s built right into KB3139929, a critical security update for IE11.
The impact on you at home: So far neither Leonhard nor ExtremeTech were able to get the supposed blue banners to show up in IE11 in testing. It may be that Microsoft hasn’t yet activated the banner ads, or that the company had second thoughts about the strategy. Either way, packaging Windows 10 upgrade prompts in a security update is a terrible idea and a breach of user trust.
The update went out to all PCs as part of the Patch Tuesday updates, but only non-domain joined PCs—such as home users and small businesses—will see the ads. PCs that are managed by an IT department will not see the new update prompts. At least not yet.
Posted by at No comments:
Subscribe to: Posts (Atom)