Jump to content

mundy.

Active Members
  • Posts

    212
  • Joined

  • Last visited

Everything posted by mundy.

  1. Radware, a provider of application delivery DDoS attack protection solutions, this week unveiled its latest attack mitigation platform designed to help carriers and cloud providers protect against high volume DDoS attacks. According to Radware, its new attack mitigation platform provides up to 300Gbps of mitigation capacity and can help protect against volumetric DDoS attacks such as UDP reflection attacks, fragmented and out-of-state floods. Radware’s DefensePro x4420 has the ability to handle 230 million packets per second of attack traffic and was designed for multi-tenant environments with the ability to support up-to 1,000 active policies, separate processing capabilities and customized management & reporting per tenant, the company said. “Cyber-attacks have evolved and reached a tipping point in terms of quantity, length, complexity and targets,” says Carl Herberger, vice president of security solutions for Radware. “In 2014, one in seven cyber-attacks were larger than 10Gbps and we’ve seen attacks 100+Gbps in size. The attack landscape is changing and cyber-attackers are getting more and more aggressive with their tactics. It’s not uncommon for mobile carriers and cloud providers to experience extra-large attacks.” “Soon enough, DDoS attacks will eventually reach the 1Tbs level, placing manufacturers in a frenzy to keep up with future volumetric cyberattacks,” Dan Thormodsgaard, vice president of solutions architecture for FishNet Security, said in a statement. More information on the platform is available online. Sursa: securityweek.com
  2. Point-of-sale (PoS) malware has become one of the chief weapons used by attackers to steal credit and debit card data, and now researchers at Trend Micro say they have found yet another threat to add to the list of tools in criminals' toolboxes. The malware is dubbed PwnPOS, and has managed to stay under the radar despite being active since at least 2013. According to Trend Micro, it has been spotted targeting small-to-midsized businesses (SMBs) in Japan, Australia, India, Canada, Germany, Romania and the United States. Trend Micro Threat Analyst Jay Yaneza called PwnPOS an example of malware that's been "able to fly under the radar all these years due to its simple but thoughtful construction." "Technically, there are two components of PwnPOS: 1) the RAM scraper binary, and 2) the binary responsible for data exfiltration," he explained in a blog post. "While the RAM scraper component remains constant, the data exfiltration component has seen several changes – implying that there are two, and possibly distinct, authors. The RAM scraper goes through a process’ memory and dumps the data to the file and the binary uses SMTP for data exfiltration." The malware targets devices running 32-bit versions of Windows XP and Windows 7. One of the keys to the malware's stealth appears to be its ability to remove and add itself from a list of services on the PoS device. "Most incident response and malware-related tools attempt to enumerate auto-run, auto-start or items that have an entry within the services applet in attempt to detect malicious files," Yaneza blogged. "Thus, having parameters that add and remove itself from the list of services allows the attacker to “remain persistent” on the target POS machine when needed, while allowing the malicious file to appear benign as it waits within the %SYSTEM$ directory for the next time it is invoked." PwnPOS enumerates all running processes and searches for card information. Afterward, the stolen data is dumped into a file and ultimately emailed to "a pre-defined mail account via SMTP with SSL and authentication," the researcher blogged. Cybercriminals have increasingly been turning to ready-to-use point-of-sale malware kits. According to security firm Crowdstrike, such kits can cost from as little as tens of dollars to thousands depending upon their complexity. Sursa: securityweek.com
  3. Nu, nu sunt, insa i-am testat eu
  4. Researchers at security firms ESET and Cyphort continue to analyze the malware families believed to have been developed by a French intelligence agency. The latest threat uncovered by experts has been dubbed “Casper.” In March 2014, the French publication LeMonde published some slides from Canada's Communications Security Establishment (CSE) describing “Operation Snowglobe,” a campaign discovered by the agency in 2009. Additional slides were made available by the German publication Der Spiegel in January 2015. The presentation revealed details on a piece of malware named Babar, which appeared to be the work of a French intelligence agency. Based on the information from the slides, researchers first uncovered a piece of spyware, dubbed “EvilBunny,” which they believe is linked to Operation Snowglobe. Last month, G DATA and Cyphort published the details of a threat which they believe is Babar, the malware described in the CSE slides. Now, they have come across Casper, which also appears to have been developed by the same authors. Casper and the links to other cartoon malware families The new threat has been dubbed Casper because its dropper implant is a file named Casper_DLL.dll. The name could stem from the animated cartoon series “Casper the Friendly Ghost.” According to ESET and Cyphort, Casper appears to be a reconnaissance tool designed to harvest information on the infected system, including OS version and system architecture, default Web browser, running processes, installed applications, apps that run on startup, and country and organization details. Researchers have determined that Casper uses an interesting technique to evade detection by security solutions. The espionage tool checks to see which antivirus is running on the infected system. A different strategy, which defines how the malware behaves, is available for four different antiviruses. If no antivirus is found, or if there is no specific strategy for the installed security software, a default strategy is applied. Experts discovered several similarities between Casper, Babar, EvilBunny and NBOT, a threat that also seems to be linked to the cartoon malware families. The list of similarities includes enumeration of installed security solutions through Windows Management Instrumentation (WMI), a hashing algorithm used for hiding calls to API functions, unhandled exception filters, payload deployment through remote thread injection, embedded and encrypted configuration in XML format, and proxy bypass code. Casper attacks in Syria Unlike Babar and EvilBunny, Casper appears to be a newer family that has been used in attacks as recently as April 2014. An operation involving the threat was spotted by Kaspersky in mid-April 2014. At the time, researchers noticed that jpic.gov.sy, a complaint website set up in 2011 by the Syrian Ministry of Justice, had been leveraged in a watering hole attack that involved an Adobe Flash Player zero-day exploit (CVE-2014-0515). Kaspersky researchers could not identify the payload that had been served, but ESET, Cyphort, G DATA and the Computer Incident Response Center in Luxembourg (CIRCL) determined recently that it was likely Casper. “According to our telemetry data, all the people targeted during this operation were located in Syria. These targets may have been the visitors of the jpic.gov.sy website — Syrian citizens who want to file a complaint. In this case they could have been redirected to the exploits from a legitimate page of this website,” ESET researcher Joan Calvet noted in a blog post. “But we were actually unable to determine if this were indeed the case. In other words, it is just as likely that the targets have been redirected to the exploits from another location, for example from a hacked legitimate website or from a link in an email. What is known for sure is that the exploits, the Casper binaries and the C&C component were all hosted on this website’s server,” Calvet added. Attribution and motivation One possibility is that the attackers used the Syrian server for storage. They might have wanted to be able to access the data from within Syria, or they might have wanted to throw off investigators and make them believe the Syrian government was behind the attack. Cyphort researcher Marion Marschalek noted that while the source code base suggests that the same authors are behind Casper, EvilBunny, Babar and NBOT, it doesn’t necessarily mean that all of the attacks involving these malware families were carried out by the same actor. “Taking into account that the geographical area targeted by Casper is of high political interest for many parties and that the malware’s intention is clearly the preparation of a more targeted attack we expect the nature of the attack to be of political rather than criminal intent,” Marschalek said in a blog post. “The considerably high amount of resources spent on development and distribution of the malware support this theory. Development of targeted malware with a level of sophistication shown by Casper requires a skilled team of developers; also the use of 0-day exploits in the distribution process leaves the conclusion the operators were very well funded,” Marschalek added. In the case of Casper, ESET noted that there is no evidence linking the malware to French intelligence. The theory that a French intelligence agency is behind the cartoon malware families is mainly supported by evidence presented by CSE for Babar. The presumption that the French government is involved is based on the list of targets, the countries where the attack infrastructure was hosted, the fact that “Babar the Elephant” is a fictional character from a French children’s book, a nickname used by one of the malware developers (titi), and some language and regional settings. Other cartoon malware families Kaspersky has also been monitoring this advanced threat actor, which it has dubbed “Animal Farm.” According to the security firm, the group uses a total of six major malware families. In addition to Casper, Bunny, Babar and NBOT, Kaspersky has observed Dino, a full-featured espionage platform, and Tafacalou (also known as TFC and Transporter), a validator-style Trojan. Kaspersky has also identified a link to France. Experts believe the name Tafacalou, which is used internally by the threat actor, could stem from "Ta Fa Calou," which means "so it's getting hot" in Occitan, a language spoken in southern France, Monaco, and some parts of Spain and Italy. *Updated with information from Kaspersky on the Animal Farm APT Sursa: securityweek.com
  5. Multumesc de stire, inca un motiv in plus sa renunt definitiv la clientul lor de tot r*hatul.
  6. Imi place design-ul, succes cu radioul.
  7. Eu am pus mana pe calculator prima data in 2004
  8. Daca a folosit backdoor , posibil sa fi bagat vreun key prin el, nu recomand.
  9. @Nytro, am incercat eu pe propriul meu forum acel link de mai sus postat de catre tine, imi apare pagina alba.
  10. mundy.

    Cmd.fm

    flappy la putere )
  11. Frumos, bafta la cat mai multe.
  12. Encrypted communications solutions provider Silent Circle said on Thursday that it has agreed to buy out a joint venture that it has with Geeksphone, giving Silent Circle a 100 percent ownership stake in SGP Technologies and full ownership of the privacy and security focused “Blackphone”. SGP Technologies was formed specifically to create the Blackphone, a smartphone that aims to protect users against snooping governments, industry rivals and hackers. The news comes shortly after the January appointment of F. William "Bill" Conner as Silent Circle's President and Chief Executive Officer and a member of the Board. Conner previously served as Entrust President and CEO and President of Nortel. Silent Circle was co-founded by Mike Janke, former Navy SEAL and security expert; PGP creator Phil Zimmermann; and Jon Callas, creator of Apple's whole disk encryption and co-founder of PGP Corporation. Silent Circle Logo "Silent Circle has brought tremendous disruption to the mobile industry and created an integrated suite of secure enterprise communication products that are challenging the status quo," said Janke, who serves as Executive Chairman of the Silent Circle Board. "This first stage of growth has enabled us to raise approximately $50m to accelerate our continued rapid expansion and fuel our second stage of growth." "As the nature and volume of data breaches increase, institutional trust is eroding," said Conner. "There are companies that have been hacked and there are those that don't know about it yet, which means that security in the traditional sense has failed us. With the number of employees connecting to an enterprise's network using their own devices rapidly rising, organizations need a different solution. In short, in a post-Sony and Gemalto world, security breaches have been made both enterprise and personal so it's no longer an issue affecting just the boardroom," said. " In a statement, Conner said the company would introduce new devices, software and services as part of an “enterprise privacy ecosystem” built from a fundamentally different mobile architecture. In May 2014, Silent Circle announced that it had raised $30 Million in funding and had decided to move its global headquarters from the Caribbean island of Nevis to Switzerland. In 2013 Silent Circle shut down its encrypted email service to avoid becoming a target after the US government subpoenaed the records of a similar secure e-mail provider called Lavabit. Source: securityweek.com
  13. Highly aggressive adware has been found hidden in ten Android applications hosted on Google Play, Bitdefender reported. Adware is highly common on both desktop PCs and smartphones. However, the threats discovered by the security firm stand out not just because they are aggressive, but also because they employ clever tricks to stay hidden on the infected device. Once installed, the apps redirect victims to a webpage, hosted at mobilsitelerim.com/anasayfa, which serves ads designed to trick users into installing other pieces of adware disguised as system or performace updates, or get them to sign up for premium services. The displayed ads differ depending on the user’s location, Bitdefender said. “Although they’re not malicious per se, by broadcasting sensitive user information to third parties, they resemble aggressive adware found on desktop PCs. The resulting barrage of pop-ups, redirects and ads irks users and seriously damages both the user experience and the performance of Android devices,” Bitdefender security researcher Liviu Arsene explained in a blog post. After the adware (Android.Trojan.HiddenApp.E) is installed on the device, the redirections occur whenever the victim tries to access a website via the stock Android browser, Chrome, Firefox, and even Facebook. “After the apps are installed, the redirects occur as soon as you open any of the mentioned browsers. Regardless of what URL you’re trying to visit, you’re redirected to ad-displaying websites. The next redirect is performed after 60 seconds have elapsed,” Arsene told SecurityWeek via email. The applications had been uploaded to Google Play with names such as “What is my ip.” Researchers found the apps under two developer accounts, but the same individual might be behind both of them. In order to avoid raising suspicion, the applications only require two permissions on installation (Network Communication and System Tools). While users might figure out which of the apps they installed cause the annoying redirections, removing them could prove difficult. That’s because the applications are installed with the name “System Manager,” instead of the one used to advertise them on Google Play. The search giant appears to have removed most of the apps from Google Play after being alerted by Bitdefender, but some of the shady programs can still be found on third-party app markets. Experts believe the adware made it past Google’s vetting process because the URL that is used to redirect users doesn’t actually serve any malicious APKs. Source: securityweek.com
  14. A testat cineva ? Sunt functionale macar majoritatea ? Nu am descarcat inca origin, si de asta intreb.
  15. Daca mai ai , ma poti ajuta si pe mine cu un cont? PM ME, mersi frumos.
  16. Fix asta voiam si eu sa spun, dar bine ca ai spus-o tu
  17. Multumesc, dar folosesc deja bitdefender internet security
  18. Chiar ca is fake-uri, m-am jucat eu putin cu ele
  19. Am folosit si 8.1, am fost foarte multumit de el, mergea parfum, insa am trecut inapoi pe 7 deoarece nu imi placea meniul ala de la start(metro). Multumesc, raman pe 7 pana la urma Sper ca windows 10 sa fie mult mai bine optimizat, nu paleta ca 8.1
  20. 4 GB RAM Procesor: AMD Athlon 64 Dual Core Processor 5000+ 2.61 ghz Placa video: nvidia geforce 9500gt
×
×
  • Create New...