mundy.

5000$ e o nimica toata acolo, iar la noi in romania e pomana curata :troll

dute pe hostgator, si scapa de orice griji.

Ma ofer eu, sa-l instalez ?

Vand un cont steam care are Euro Truck Simulator 2 , astept oferte. (de preferat, sa fie paypal) Pret: 5 euro paypal / 25 lei paysafecard si este al vostru

thanks.

Google said Thursday that malware infections on Android devices have been cut in half in the past year following security upgrades for the mobile platform. In a security review for 2014, Google said it made significant strides for the platform long seen as weak on security. Android security engineer Adrian Ludwig said in a blog post that the overall worldwide rate of potentially harmful applications installed dropped by nearly 50 percent between the first quarter and the fourth quarter of the year. Ludwig noted over one billion Android devices in use worldwide have security through Google Play "which conducts 200 million security scans of devices per day" and that fewer than one percent of the devices had potentially harmful apps installed in 2014. For those devices which only use Google Play apps, the rate of potentially malicious apps was less than 0.15 percent, Google said. The report noted that Android got several security upgrades in 2014, including improved encryption and better detection tools for malware. Android has long been seen as vulnerable to malware because it is an open platform and many devices run older versions of the mobile operating system. But Google's report said its review "does not show any evidence of widespread exploitation of Android devices." "We want to ensure that Android is a safe place, and this report has helped us take a look at how we did in the past year, and what we can still improve on," Ludwig said. "In 2015, we have already announced that we are are being even more proactive in reviewing applications for all types of policy violations within Google Play. Outside of Google Play, we have also increased our efforts to enhance protections for specific higher-risk devices and regions." Android is used on around 80 percent of the smartphones globally, but its popularity has also made it a magnet for malware. Sursa: Google Says Android Malware Cut in Half | SecurityWeek.Com

Snapchat, the social network known for its disappearing messages, released its first transparency report Thursday showing hundreds of requests from US and foreign law enforcement agencies. Between November 1 and February 28, Snapchat said it received 375 requests from US law enforcement officials, and produced at least some data in 92 percent of those cases. "While the vast majority of Snapchatters use Snapchat for fun, it's important that law enforcement is able to investigate illegal activity," Snapchat said in a blog post. "We want to be clear that we comply with valid legal requests." The requests were mostly in the form of subpoenas, warrants or court orders, along with a smaller number of emergency requests. Outside the US, Snapchat received 28 requests and produced data in six of those cases. The requests came from Britain, Belgium, France, Canada, Ireland, Hungary and Norway. Snapchat joins other major tech firms that have released similar data including Google, Yahoo, Facebook, Twitter and Microsoft. Like most of its peers, Snapchat said it opposed efforts to give law enforcement special access through "backdoors." "Privacy and security are core values here at Snapchat and we strongly oppose any initiative that would deliberately weaken the security of our systems," the blog posting said. "We're committed to keeping your data secure and we will update this report bi-annually." The report did not include data on US national security requests, which may only be released after a six-month delay. "Even though Snapchat has promoted user privacy and autonomy since its founding, we've only recently been able to systematically track and report requests for user information," the company said. It said it will publish more details in July on government requests and demands to remove content. Snapchat last year reportedly rejected a $3-billion takeover by Facebook and later was valued at some $10 billion following a private equity round of investment. Snapchat has not disclosed key financial information or numbers of users but some analysts say it is used by as many as 100 million people or more. Snapchat rocketed to popularity, especially among teens, after the initial app was released in September 2011. Created by then Stanford University students, the app allows the sending of messages that disappear shortly after being viewed. Sursa: Snapchat Shows Data Requests in Transparency Report | SecurityWeek.Com

Researchers at Malwarebytes have identified an attack campaign believed to be exploiting a vulnerability in a WordPress plugin. During the past few days, Malwarebytes detected multiple WordPress sites injected with a malicious iframe. The iframe redirects victims to a phony version of The Pirate Bay site. Once there, victims are served the Nuclear exploit kit via a drive-by download attack. "This exploit kit targets most browser plugins but it focuses in particular on the Flash Player which was affected by no less than three zero days in the span of a month," said Jerome Segura, senior security researcher at Malwarebytes Labs. According to Segura, Malwarebytes does not have the exact numbers of how many sites are impacted. However, he said the attack appears to be a specific or targeted campaign. As of this afternoon, the phony site is still up. "And I can add something that I didn't mention originally, in that the site does not index real torrent results but rather pushes a program, maybe to collect affiliate kickbacks," he said. "We believe it has to do with a WordPress plugin rather than the CMS itself," Segura noted. "We have seen similar attacks in recent months taking advantage of the RevSlider Plugin and this could be linked to it." "Once the vulnerability has been exploited, the bad guys usually upload backdoors and shells designed to not only maintain control of the compromised website but also alter its core files, such as injecting iframes," he added. WordPress is one of the most popular - and most targeted - content management systems. In the case of the RevSlider attack, more than 100,000 WordPress websites were found to have been compromised. Segura suggested anyone running WordPress make sure their site and plugins are fully patched, and recommended people not log into their site from unsecure access points such as public Wi-Fis. The attack is ongoing, Segura said. Sursa: Cloned Pirate Bay Site Serving Malware | SecurityWeek.Com

IBM has unearthed evidence of an international cybercrime operation that has plundered more than $1 million from the corporate accounts of U.S. businesses. IBM has dubbed the operation 'The Dyre Wolf' after the Dyre malware at the center of the scheme. In October, US-CERT warned the malware was being used in spear-phishing campaigns to steal money from victims. In the campaign uncovered by IBM, attackers often used phony invoices laced with malware to snare their victims. While the file inside the attached zip file has an embedded PDF icon, it is actually an EXE or SCR file. Once opened, the victim is served the Upatre malware, which in turn downloads Dyre. "Once Dyre is loaded, Upatre removes itself as everything going forward is the result of the extensive functionality of Dyre itself," IBM noted in its report. "The password-stealing function of Dyre is the focus of this campaign, and ultimately what's used to directly transfer the money from the victim’s account. Dyre’s set up, much like Upatre’s, requires a number of steps to remain stealthy which helps it to spread itself to additional victims." Dyre also hooks into the victim's browsers (Internet Explorer, Chrome and Firefox) in order to steal credentials the user enters when they visit any of the targeted bank sites. In some cases, possibly due to the use of two-factor authentication, an extra dose of social engineering is used. "Once the infected victim tries to log in to one of the hundreds of bank websites for which Dyre is programmed to monitor, a new screen will appear instead of the corporate banking site," blogged John Kuhn, senior threat researcher at IBM. "The page will explain the site is experiencing issues and that the victim should call the number provided to get help logging in." According to IBM, when the victims call the number, they are greeted by a person with an American accent who states he works with the affected bank. After a brief conversation, the individual prompts the person to give their username and password and appears to verify it several times. The person may also ask for a token code, and ask to speak with a co-worker with similar access to the account and get information from them as well. "One of the many interesting things with this campaign is that the attackers are bold enough to use the same phone number for each website and know when victims will call and which bank to answer as," Kuhn blogged. This all results in successfully duping their victims into providing their company’s banking credentials, he added. After stealing the credentials, the attacker logs into the account and transfers large sums of money to various offshore accounts, IBM notes in its report. There have been reports of amounts ranging from $500,000 to $1 million USD being stolen via multiple, smaller transactions. As if that were not enough, the victim may also be hit with a distributed denial-of-service attack to cover the attacker's tracks. "The DDoS itself appears to be volumetric in nature," according to IBM's report. "Using reflection attacks with NTP and DNS, the Dyre Wolf operators are able to overwhelm any resource downstream. While they may have the potential to attack any external point in a business's network, the incidents we are tracking appear to focus on the company's website." Back in October, IBM's Trusteer team tracked a spike in the infection rate of Dyre, which is now believed by the firm to be in direct relationship with the development advancements within the Dyre project. In its current form, the malware appears to be owned and operated by a closed cyber-gang based in Eastern Europe, though the malware code itself could be operated by several connected teams attacking different geographies, IBM reported. "The sophistication and the level of deception that Dyre is now using is unprecedented when it comes to banking trojans," Kuhn told SecurityWeek. "The social engineering to defeat two-factor authentication shows the level of dedication and persistence to obtain their goal. Covering their tracks by initiating the denial-of-service attacks demonstrates how far they will go to ensure that the illicit transfer of money is hidden for as long as possible. The Dyre Wolf campaign is well funded, sophisticated and methodical in the theft off large sums of money." *This story was updated with additional information about the attack. Sursa: IBM: Cyber-gang Uses Dyre Malware to Loot Corporate Bank Accounts | SecurityWeek.Com

Il incerc acum sa vad daca e bun de ceva.

faceti lucruri legale pe ele, un prieten de-al meu a patit-o.

Hai salut.

Yoast has released a new version of its popular Google Analytics plugin for WordPress to address a persistent cross-site scripting (XSS) vulnerability that could have been exploited to execute arbitrary code. Google Analytics by Yoast has been downloaded nearly 7 million times. The application allows WordPress administrators to monitor website traffic by connecting the plugin to their Google Analytics account. The vulnerability was identified by Jouko Pynnonen, the CEO of Finland-based IT company Klikki Oy. Earlier this month, the expert reported identifying several vulnerabilities in the WPML premium WordPress plugin. According to the researcher, an attacker can leverage a flaw in Google Analytics by Yoast to store arbitrary code in a targeted administrator’s WordPress dashboard. The code is executed as soon as the administrator opens the plugin’s settings panel. The attack involves two security bugs. First, there is an access control flaw that allows an unauthenticated attacker to connect the plugin installed on the targeted website to his own Google Analytics account by overwriting existing OAuth2 credentials. The second stage of the attack relies on the fact that the plugin renders an HTML dropdown menu based on data from Google Analytics. Because this data is not sanitized, an attacker can enter malicious code in the Google Analytics account and it gets executed when the targeted administrator views the plugin’s settings panel. “Under default WordPress configuration, a malicious user can exploit this flaw to execute arbitrary server-side PHP code via the plugin or theme editors,” Pynnonen said in an advisory. “Alternatively the attacker could change the administrator’s password, create new administrator accounts, or do whatever else the currently logged-in administrator can do on the target site.” The security issues have been addressed with the release of Google Analytics by Yoast version 5.3.3. The update also fixes a flaw that allowed administrators to launch XSS attacks against other administrators. This vulnerability was publicly disclosed back in February by Kaustubh G. Padwad and Rohit Kumar. This isn’t the first time someone finds a vulnerability in a plugin from Yoast. Last week, UK-based researcher Ryan Dewhurst uncovered a blind SQL injection vulnerability in WordPress SEO by Yoast. Sursa: securityweek.com

UK-based Darktrace, a cyber security startup that leverages machine learning and mathematics to detect threats, announced this week that it has raised $18 million i funding. Founded in 2013 by senior members of the UK' GCHQ and other intelligence agencies, DarkTrace is headquartered in Cambridge, UK with offices in London, Milan, New York, Paris, San Francisco, Singapore and Washington D.C. The funding came from investors including Invoke Capital, Talis Capital, Hoxton Ventures and private individuals, with the latest funding round valuing the company at $80 million. Darktrace LogoThe company said that its “Enterprise Immune System” technology detects previously unknown threats using machine learning and mathematics developed at the University of Cambridge. In more detail, the explains on its website that the Darktrace platform “models patterns of life for each user and machine” to detect normal and abnormal behaviors as they emerge, without already knowing what it is looking for, and calculate the probability of threat based on the detection of behavioral anomalies. In addition to the funding, the company announced that it has opened an Asia Pacific office in Singapore. Sanjay Aurora, who has more than 25 years' experience leading enterprise software firms, will oversee the expansion process in the Asia Pacific region, Darktrace said. Aurora is joined by John Muser, formerly of IBM Security, heading up Australia and New Zealand, and Stanley Hsu, formerly of McAfee. "Darktrace is growing at a phenomenal rate. It has been barely a year since we deployed to our first customer and now we have deployments at 75 companies and relationships with 50 partners across America, UK, continental Europe and theMiddle East," said Darktrace CEO Nicole Eagan. "Our headcount has tripled over the past year and expansion into Asia is a natural next step." British telecommunications services giant BT announced this month that it was integrating Darktrace's platform, which will be added to BT's security portfolio and be available as both part of an integrated cyber security offering or as a point solution within BT's Assure portfolio of managed security services. BT also said that it would integrate Darktrace into its own enterprise security defenses to protect internal assets. Sursa: securityweek.com

Interesanta faza asta.

numai marlani, sper sa dati toti in cancer oameni facuti pentru lapte si corn.

cine ma poate imprumuta ? am nevoie urgenta acum, duminica dau withdraw la bitcoin si va dau inapoi prin btc. email: wirto.games2@yahoo.com multumesc din suflet celui care ma ajuta

Eu am intrat fara referal, hai mersi.

iar ei la randul lor, vand reclama cu traficu` asta asa de bogat.

mersi mult.

Omu` a intrebat daca l-a folosit cineva, chiar nimeni nu l-a testat ?

Dragut site, sper ca lumea sa se foloseasca de el cu capul

MyBB’s official Twitter profile and a staff member’s accounts were hijacked in late January. The developers of the popular open source forum software have now provided details on the incident. According to the MyBB team, someone gained unauthorized access to the community forum account and the personal website of a staff member. The password for the @mybB Twitter account was stored in plaintext in one of the threads, allowing the attacker to take over the organization’s social media account. The hacker used the hijacked Twitter account to post offensive messages, MyBB staff IP addresses, and installation statistics. The attacker also claimed to have gained access to information on unpatched SQL injection and cross-site scripting (XSS) vulnerabilities affecting the forum software. “Within two hours, we had isolated the breach and banned the staff member’s account to prevent any further purusing of private data,” MyBB wrote in a blog post on Monday. MyBB pointed out that the staff member whose account had been compromised did not have access to the Admin Control Panel, so the hacker couldn’t have gained access to private user data. The developers say there is no evidence to suggest that other information has been compromised. The attacker changed the Twitter account’s password and email address to prevent MyBB staff from recovering it. The developers regained access to the profile after contacting Twitter, which locked out the hacker during its investigation. A few days ago, someone posted screenshots of what seemed to be the MyBB 2.0 GitHub repository on a forum. The poster offered to sell the MyBB 2.0 source code for an unspecified amount of Bitcoins. It appears that the staff member whose account was compromised used the same password for GitHub and he didn’t have two-factor authentication enabled. However, MyBB said the hacked GitHub account didn’t store anything of value. “The code the user had was simply the initial commit of Laravel into the repository, none of the actual 2.0 code was present,” MyBB noted. MyBB 2.0, a complete rewrite of the software, is currently under development and in pre-alpha. “At MyBB we have a strong commitment to security. All staff with ACP access use a secret PIN, a form of 2FA. We release patches to any serious issues usually within hours of them being reported. We have Two Factor Authentication enabled on our staff email accounts and Github, and are actively working on getting 2FA for our other development tools,” MyBB said. Sursa: securityweek.com

Elastica, a San Jose, Calif.-based provider of cloud application security solutions, today announced that it has closed a series B funding round with an investment of $30 million. Through what the company calls its CloudSOC platform, Elastica helps companies leverage cloud applications and services in a secure and compliant fashion with no on-site software or hardware required. Various “Elastica Security Apps” running on the CloudSOC platform deliver different solutions, including auditing of shadow IT, real-time detection of intrusions and threats, protection against intrusions and compliance violations, and investigation of historical account activity for post-incident analysis. “The Elastica CloudSOC platform harnesses advanced data science and machine learning to deliver granular visibility of real-time traffic, advanced anomaly detection to identify threats and real-time content classification,” the company explained. “Granular policies can be created and enforced in real time to prevent data breaches, compliance violations and exposure of sensitive data." With more than 130 employees, the company currently has more than 275 enterprise clients and offices in APAC, EMEA and Canada. According to the company, it will use the investment to further fuel its global expansion, channel sales, engineering, marketing and research teams. Third Point Ventures led the round, with participation from Mayfield Fund and Pelion Venture Partners. Robert Schwartz from Third Point Ventures has also joined the Elastica board. "Elastica is the kind of company we like to invest in -- one that is rapidly becoming a category leader," said Schwartz. "Elastica has very strong momentum as it fundamentally changes the way the enterprise makes usage of cloud apps secure. The company's innovative solutions, strong management and deep bench of data scientists and researchers have enabled a new category of security for cloud apps that traditional security solutions cannot bridge." Sursa: securityweek.com

si eu, un trial ar fi de minune, macar 1-2 zile si tot e ceva.