Techie Feeds

Atomic research institute breached via VPN vulnerability

Malwarebytes - Mon, 06/21/2021 - 13:53

Remember when we told you to patch your VPNs already? I hate to say “I told you so”, but I informed you thusly.

According to South Korean officials a North Korean cyber-espionage group managed to infiltrate the network of South Korea’s state-run nuclear research institute last month.

The crime: time and place

Cybersecurity news hounds The Record report that a spokesperson for the Korea Atomic Energy Research Institute (KAERI) said the intrusion took place last month, on May 14 to be exact, through a vulnerability in a virtual private network (VPN) server. Since its establishment in 1959, KAERI has been the only research institute in Korea dedicated to nuclear energy. Reportedly, thirteen unauthorized IP addresses accessed KAERI’s internal network.

The suspect: Kimsuky

Some of the addresses could be traced back to the APT group called Kimsuky. One of the IP addresses was used in an attack that targeted COVID-19 vaccine developers in South Korea last year.

North Korean cyber-attacks on its southern neighbor are not uncommon. And Kimsuky is the APT that is best known for these attacks. The Kimsuky APT is a North Korean threat actor that has been active since 2012 and targets government entities mainly in South Korea. Recently, we reported about this group using the AppleSeed backdoor against the Ministry of Foreign Affairs of South Korea.

The victim: KAERI

KAERI is a national research institute which was instrumental in developing nuclear technology for power generation and industrial applications. And while North Korea is ahead of South Korea in some nuclear fields—notably nuclear weapons—it is thought to be weaker than its neighbor when it comes to energy generation. As we stated in our earlier report one of the other targets was the nuclear security officer for the International Atomic Energy Agency (IAEA), a UN organization tasked with nuclear regulations and cooperation.

The weapon: a VPN vulnerability

In a statement, KAERI says that an unidentified outsider accessed parts of its system using weaknesses in its virtual private network (VPN). It also states that the attackers’ IP addresses was blocked, and its system upgraded, when it found out about the attack, on May 31.

The name of the VPN vendor is being kept secret. Although we can’t rule out a zero-day, that fact that this wasn’t mentioned, and that the system was updated in response, suggests it wasn’t. It certainly doesn’t need to be, and there are a lot of known vulnerabilities in the running. Many of them are years old, and many are known to be used in the wild. Even though patches are available, the application of these patches has taken some organizations quite some time.

We also wrote recently about vulnerabilities in the Pulse Secure VPN. Pulse issued a final patch on May 3 for  a set of vulnerabilities that were used in the wild.

The NSA also issued an advisory in April about five publicly known vulnerabilities being exploited by the Russian Foreign Intelligence Service (SVR). The CVE numbers used to identify vulnerabilities start with year the CVE was issued. What’s most striking about the NSA’s list is just how old most of the vulnerabilities on it are.

As you can see, most of them are VPNs and other networking-related applications. By design a VPN is remotely accessible, which makes it a target that attackers can reach from anywhere. A VPN or gateway is always a likely target, especially if it has a known vulnerability. And a seasoned APT group, like Kimsuky, will have fewer problems reverse-engineering patches than your everyday cybercriminal.

Patching or lack thereof

The risky strategy of little-to-no-patching stands a good chance of going horribly wrong. A Forbes study of 340 security professionals in 2019 found 27% of organizations worldwide, and 34% in Europe, said they’d experienced breaches due to unpatched vulnerabilities. If an inability to patch promptly is compounded by delays in detecting new systems added to networks, and a lack of regular vulnerability scanning, attackers are left with a lot of room to work with.

Stay safe, everyone!

The post Atomic research institute breached via VPN vulnerability appeared first on Malwarebytes Labs.

Categories: Techie Feeds

A week in security (June 14 – June 20)

Malwarebytes - Mon, 06/21/2021 - 10:02
Last week on Malwarebytes Labs: Other cybersecurity news:

Stay safe, everyone!

The post A week in security (June 14 – June 20) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11

Malwarebytes - Mon, 06/21/2021 - 08:05

Ransomware attacks are on a different scale this year, with major attacks not just dismantling the business and management of Colonial Pipeline in the US, the Health Service Executive in Ireland, and the meatpacker JBS in Australia, but also disrupting people’s access to gasoline, healthcare, COVID-19 vaccinations, and more.

So, what is it going to take to stop these attacks? Brian Honan, CEO of BH Consulting, said that the process will be long and complex, but the end goal in sight should be simple: Put the cybercriminals responsible for these attacks behind bars.

Tune in to learn about how ransomware can dismantle a business, what governments are doing to fight back, and why we need better cooperation within private industry, on the latest episode of Lock and Code, with host David Ruiz.

This video cannot be displayed because your Functional Cookies are currently disabled.

To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu. You can switch the tab back to “Active” or disable by moving the tab to “Inactive.” Click “Save Settings.”

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.

The post Want to stop ransomware attacks? Send the cybercriminals to jail, says Brian Honan: Lock and Code S02E11 appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Two Google plans that could make open source code more secure

Malwarebytes - Fri, 06/18/2021 - 13:41

Recently Google announced that it will fund the further development of Rust. Rust is a low-level programming language that is designed to be more memory secure than other popular programming languages, such as C.

Google has also proposed an end-to-end framework for supply chain integrity which it has dubbed Supply chain Levels for Software Artifacts (SLSA).

Rust in Linux

Google’s investment in Rust will take the form of a contract for Miguel Ojeda, who’s worked on programming language security, to write software in Rust for the Linux kernel. Adding Rust modules to the Linux kernel could improve security for phones, computers and servers, because the Linux kernel is used in all the different Linux distributions, and it is also the core kernel for Android, ChromeOS, and many embedded systems. Android already supports the Rust programming language for developing the OS itself.

Rust is already is a favorite language among programmers and the Rust for Linux community has already started adding support for the language to the Linux kernel build system. Traditionally, kernel programming was largely done in C, which has been around since 1972 and is more prone to some classes of security errors than contemporary programming languages.

The goal of the project is not to replace all the existing Linux code but rather to improve selective and new parts. Josh Aas, who runs ISRG‘s Prossimo project, plans to focus on certain security-critical components and drivers. The Prossimo Project is what Ojeda has been working on.

Memory secure

The density of memory safety bugs in the Linux kernel is already quite low due to high code quality, high standards of code review, and carefully implemented safeguards. However, memory safety bugs do still occur on a regular bases. On Android, vulnerabilities in the kernel are generally considered high-severity because they can result in a security model bypass due to the privileged mode that the kernel runs in.

Secure coding is something that every programmer wants to do, but what really makes the difference is making it easy to accomplish. And that is what Rust has the potential to do.


The goal of SLSA (“Salsa”) is to improve code integrity, particularly open source code, making it more resilient to supply chain attacks. It is inspired by Google’s internal “Binary Authorization for Borg” process which has been in use for the past 8+ years and is mandatory for all of Google’s production workloads.

The SLSA framework will be designed to safeguard source integrity and build integrity. It should provide end-users with the ability to check the provenance of any code they’re installing, so they can tell if it has been tampered with.

SLSA consists of four levels, with SLSA 4 representing the ideal end state. The SLSA level will tell the end-user whether the source, build, provenance, and security aspects meet a certain standard.

Bringing secure code to the end user

Starting with a secure low level programming language and safeguarding that security until it reaches the end user sounds like a very good plan. But it will certainly not be achieved in a short span of time. Google sees adding a second, more memory secure, programming language to the Linux kernel as an opportunity to adopt best practices in terms of documentation and uniformity right away. The contract with Miguel Ojeda has the duration of one year, which certainly will be aimed at tackling the most elementary obstacles on the road to a secure kernel. If they reach the level where it is easier to add Rust elements to the kernel than it is to keep going in C, they will have made an important step.

Since many servers hosting software on the internet are running on Linux, improving the security of the OS of those servers can be a first step in the road to more secure and easy to verify software.

But getting the industry to accept a standard that provides the end-user with some sort of option to compare the security level of software will be an even bigger struggle. Unless some sort of legislation is introduced to enforce and monitor such a standard. But as we have seen in the past with bills trying to regulate the safety of IoT devices, getting governments to agree on the requirements they want vendors to meet, let alone to adapt an entire framework could prove to be a gargantuan task.

It will likely be left to developers who want to do the right thing to adopt the standard. Although many likely will, history suggests we generally get whatever level of security the path of least resistance leads to. That’s why making it easy for kernel developers to use Rust is so important, after all.

The post Two Google plans that could make open source code more secure appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Polazert Trojan using poisoned Google Search results to spread

Malwarebytes - Thu, 06/17/2021 - 18:41

Trojan.Polazert aka SolarMarker has gone back and fine-tuned an old tactic known as SEO-poisoning to plant their Remote Access Trojan (RAT) on as many systems as possible. This RAT runs in memory and is used by attackers to install additional malware on affected systems.


Trojan.Polazert is specifically designed to steal credentials from browsers and provide an attacker with a backdoor that allows them to further compromise infected systems. To achieve this, collected data is sent to a C&C server. To gain persistence on an infected system it adds shortcuts to the Startup folder and changes existing shortcuts.


According to Microsoft Security Intelligence, attackers have started using PDF files full of keywords that have a high SEO ranking, so that their links show up prominently in search results. Once victims have downloaded the PDF file they thought they were looking for, they are prompted to download another document that supposedly contains the information they set out to find. Instead of getting the coveted document they are redirected to through multiple sites to end up at a page where they download the Polazert Trojan.

The attack works by using PDF documents designed to rank on search results. To achieve this, attackers padded these documents with >10 pages of keywords on a wide range of topics, from “insurance form” and “acceptance of contract” to “how to join in SQL” and “math answers”.

— Microsoft Security Intelligence (@MsftSecIntel) June 11, 2021

In the past this threat actor used to flood search results with more than 100,000 websites claiming to offer free office forms and document templates. All with the same end-result, a download of the RAT. The malicious website serves up an executable disguised as a pdf document or a word document.

As you might expect, the attackers used cheap, scalable Cloud hosting like Amazon Web Services (AWS) and Google Sites to host their malicious PDFs.

SEO poisoning

SEO is short for Search Engine Optimization and it is a marketing strategy that is designed to make sure that your web pages are found if people search for certain keywords that are relevant to your business. The ranking of a page in Google’s search results is based on a huge array of factors, but two of the core principles are what the page is about, and the page’s reputation.

A PDF will be stuffed with keywords designed to convince Google its about something very specific that people will be searching for. To target lots of different searches, they’ll need lots of different, narrowly-focussed PDFs.

The reputation of a page is calculated in part by using the number of inbound links pointing to it. Links from pages about the same subject, that themselves have strong reputations, have a greater effect. Typically, threat actors can leverage a large amount of pages to create inbound links.

Lazy crooks that don’t want to put in the work link building, or those that can’t afford to hire someone, or those put off by heavy competition for keywords, may consider buying incoming links from an underground market vendor. These threat actors control a multitude of compromised sites that they can use to post links on. Another method that SEO poisoners may use is to build links is spam forums, with the help of spambots.

What they don’t use, is social media. Contrary to popular belief, posting links on social media like Facebook and Twitter does not help to improve a page’s SEO. The links on social media are “nofollow” links, and Google’s bots will not follow them or add them to the tally of incoming links.

Recognizing this threat

While it is not uncommon to be shown pdf files when you are using search engines, but it is advisable to scrutinize their content. Apart from the first page the stuffed PDF files look empty, but a closer look reveals their content.

The text was hidden by using the same text and background color

It is also worth bearing in mind that aside from being used in SEO poisoning campaigns like this, malicious PDFs can also be used to trigger bugs in reader software, and there are no shortage of bugs.

The first page of the PDF file showcased by Microsoft Security Intelligence offers users a choice of a PDF download or a Word document download, under the heading “Select Download Format”. Or, in other words, would you like your RAT as a PDF or a DOC?

It is certainly feasible that this threat actor will change tactics again, but being aware of their current tactics may help you thwart their next attempt.

Stay safe, everyone!

The post Polazert Trojan using poisoned Google Search results to spread appeared first on Malwarebytes Labs.

Categories: Techie Feeds

The 6 best Chrome extensions for privacy and security

Malwarebytes - Thu, 06/17/2021 - 13:25

While searching for security- and privacy-improving extensions, users may end up installing an extension that is counterproductive to their goals. To help our readers I have compiled a list of Chrome extensions that can actually help you improve your online privacy and security.

Our regular readers have seen me post various warnings about malicious Chrome extensions. The fact that these malicious extensions exist doesn’t mean it’s not safe to install extensions at all. Some extensions will even improve security and privacy. So, for a change, I am going to highlight a few of them, by sharing my personal favourites.

“How come you are focusing on Chrome?” you may ask. Well, Chrome is the most popular browser in the world, by far. It has a market share hovering around 65%. This popularity among users also makes it a popular target for advertisers and malicious actors. I would not dare say that Chrome is less secure than the other popular browsers. All of the modern browsers are highly complex, sophisticated pieces of software that offer a substantial target to attackers, and all of them take security seriously.

Although there certainly are better choices for privacy-oriented users, but that’s another topic for another day.

The 6 best extensions

In my list I have tried to include extensions that complement each other rather than ones that compete against each other by doing the same job. Obviously there will be some overlap, especially where it comes to ad and tracker blocking. Where I have listed that extensions are available for Chrome you will find that they are also available for most Chromium-based browsers like, for example, Vivaldi and Brave. Extensions are listed in no particular order.

Malwarebytes Browser Guard

Works with: Chrome, Edge, and Firefox.

Malwarebytes Browser Guard not only blocks some advertisements and trackers, it also stops in-browser cryptojackers (unwanted cryptocurrency miners), and it also uses an extended version of the Malwarebytes Premium blocklist that will stop malicious sites from loading—including sites that are involved in tech support scams. As a bonus, blocking unwanted content can speed up your browsing up to four times.

HTTPS Everywhere

Works with: Chrome, Edge, Firefox, and Opera. It is already included in Tor.

HTTPS Everywhere ensures that you always connect to sites using secure HTTPS encryption instead of HTTP. It forces sites to use HTTPS if they offer it can block access to sites that don’t. This protects information like logins and personal data when it’s travelling between your computer and the website you’re using.

Many sites on the web now offer HTTPS, but it may not be compulsory, or the default, and your connection can easily be downgraded to HTTP if you click on a link that somebody forgot to add the “s” to. The HTTPS Everywhere extension fixes these problems by rewriting URLs so they always use https://.


Works with: Chrome, Edge, Firefox, and Opera.

The free version of Ghostery blocks the ads and trackers that can follow you around the web, creating a profile of who you are and where you go. The Plus version offers additional application ad blocking.

uBlock Origin

Works with: Chrome, Safari, Opera, and Firefox.

uBlock will block advertisements, including video ads, as well as trackers. It also functions as a pop-up blocker and helps protect against some forms of malware.


Works with: Chrome, Edge, and Firefox.

1Password is a password manager that will create, store, and enter strong passwords for you. Unfortunately the free version of 1Password has a short life span, but the paid version is really worth having, not least because it can import the passwords stored in your browser. The autofill option will save you a lot of time and offers some protection from phishing attacks.


Works with: Chrome, Edge, and Firefox. Some functionality requires the Click&Clean Host.

The Click&Clean extension helps you clean up your private browsing data. Modern browsers try to make browsing as quick and easy as possible, and that means remembering a lot of stuff, including a cache of pages you’ve visited, your search history, data you’ve entered into forms, cookies, and more. Click&Clean gives you an easy way to clear out the bits you don’t want to hold on to.

But I like the so-and-so extension better!

Don’t let me stop you from using the extensions that you are used to. Some of these extensions do have competitors that are just as good and you might like them better. But these are my personal choices and in my experience they work well together.

This is only here to help those looking for new security and privacy related Chrome extensions find something trustworthy. Unfortunately, looking for this type of extensions will sometimes lead to extensions that do the exact opposite of what they promise. For example, we have seen a lot of extensions that promise to perform more secure or privates searches, but all they do is redirect your searches somewhere else, often adding some advertisements as well.

What is the best antivirus extension for Chrome?

This is a question I get asked a lot and the answer is not that simple. Or actually it is. There are no antivirus extensions for Chrome in the traditional sense. Some of the extensions in my list will stop malware from entering your system, but removal and protection are two different things. There are some browser extensions that can remove malicious extensions from the browser they are installed on, but the anti-malware solution you are using should have no problem doing that. In fact, it will very likely do it better. Extensions that claim to clean anything more than the browser are to be distrusted.

Stay safe, everyone!

The post The 6 best Chrome extensions for privacy and security appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Clop stopped? Ransomware gang loses Tesla and other treasures in police raid

Malwarebytes - Wed, 06/16/2021 - 19:36

Ukrainian law enforcement officials announced Wednesday that they had arrested several individuals involved in criminal activity committed by the Clop ransomware gang, a cybercriminal gang that helped popularize the “double extortion” model of not only threatening to encrypt a victim’s files, but also threatening to release confidential data that was stolen in an earlier breach.

According to a press release issued by Ukrainian authorities, law enforcement officials also shut down infrastructure that was used to spread the cybercrime gang’s ransomware, which was first spotted in February of 2019 as a new variant of the Cryptomix family.  

“Together, law enforcement has managed to shut down the infrastructure from which the virus spreads and block channels for legalizing criminally acquired cryptocurrencies,” the press release reportedly said, according to a translation from BleepingComputer. “Law enforcement officers conducted 21 searches in the capital and Kyiv region, in the homes of the defendants, and in their cars.”

Ukrainian law enforcement reportedly said that the Clop ransomware gang has caused roughly $500 million in financial damages, and that the individuals arrested could face up to eight years in prison.

As seen in a video of the arrests, Ukrainian officers were aided by investigators from South Korea. BleepingComputer reported that the arrest effort also included coordination from officials in the United States. In the video, nearly $30,000 are laid out in the floor, in $100 bills, and several cars, including a Mercedes Benz, a Tesla, and a Lexus, are taken away.

The international coordination effort represents at least the second time this year that countries have come together to fight cybercrime. In January, a coalition of countries collaborating through Europol helped take down Emotet by also attacking its infrastructure.

But whereas the Emotet takedown seems to have caused a significant disruption to that cyberthreat, the arrests made against Clop could present a smaller roadblock. That’s because, according to the cybersecurity company Intel 471, none of the actual members of the Clop ransomware gang were caught.

Instead, the arrests involved money launderers, Intel 471 said.

“The law enforcement raids in Ukraine associated with CLOP ransomware were limited to the cash-out/money laundering side of CLOP’s business only,” Intel 471 told BleepingComputer. “We do not believe that any core actors behind CLOP were apprehended and we believe they are probably living in Russia.”

The arrests also represent the second time in weeks that authorities have targeted a cybercrime gang by following the money. In early June, the US Department of Justice announced that it had recovered the majority of the ransom payment made by Colonial Pipeline to its attackers, the cybercriminal group called Darkside. By tracking the ransomware payment through the public Bitcoin ledger, the Department of Justice and the FBI managed to retrieve 63.7 bitcoins.

Cryptocurrencies have long been abused to fund cybercrime, and, perhaps with the recent retrieval of Colonial Pipeline’s ransom payment, that intersection will continue to be closely scrutinized. If so, it would fall in line with the Ransomware Task Force’s recommendations made in April, which suggested that governments lean further into regulating cryptocurrency.

While Clop was not particularly active last year—it did not enter our top 10 malware threats for businesses or consumers in 2020—the operators behind the ransomware still found ways to squeeze their victims. Inspired last year by the ransomware group Maze, Clop infiltrated company networks to steal sensitive data and then demanded that those organizations pay a ransom to keep the data secret. But this year, Clop refined that tactic by targeting corporate executives’ machines, hoping that executives would have more access to sensitive files and data. The idea was simple: Better access to sensitive data, better chance that a victim will pay to keep that data from being published.

As of Wednesday afternoon, according to BleepingComputer, Clop’s Tor payment site and data leak site were still operational.

The post Clop stopped? Ransomware gang loses Tesla and other treasures in police raid appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Jail for consultant who scraped colossal trove of Alibaba customer data

Malwarebytes - Wed, 06/16/2021 - 15:31

A billion data points, including the usernames and mobile phone numbers of customers have been siphoned off Alibaba websites by a web crawler. The information has reached us about a week after a court ruling in the case.

The court ruling

A central Chinese court has ruled that an employee of a consultancy firm was guilty of gathering more than a billion data items of Taobao, users since 2019. (Taobao is the consumer-to-consumer platform on Alibaba’s sites.) The court imposed jail terms of more than three years, alongside fines totalling 450,000 yuan (approximately $70,000). Apparently the consultancy firm helped Taobao with merchants on Alibaba’s Taobao online mall. And their employee was using his access to the data to serve other clients.


Alibaba is one of the biggest online marketplaces in the world. Originally started out as a business-to-business (B2B) platform, but with the foundation of Taobao it expanded into the consumer marketplace.

Alibaba’s consumer businesses annual active consumers on its China retail marketplaces reached 811 million for the twelve months that ended March 31, 2021, increasing from 779 million at the last quarter of 2020.

Like its nearest US equivalent, Amazon, the company also runs cloud services, a payment service (Alipay), and is active in digital media. In 2005 it started a close cooperation with Yahoo!

Alibaba statement

None of the customer data was sold and Alibaba’s users didn’t incur financial losses from the episode, the company said in a statement.

“Taobao devotes substantial resources to combat unauthorized scraping on our platform, as data privacy and security is of utmost importance. We have proactively discovered and addressed this unauthorized scraping. We will continue to work with law enforcement to defend and protect the interests of our users and partners.”

Web scraping

Although some media will call this a data leak or breach, web scraping is a different beast altogether. We did not expect to see the scale of Facebook’s data scrape of 533 million users to be “beaten” anytime soon, but a few months later and here we are. In Facebook’s case the scraping was possible because of a vulnerability that Facebook patched in 2019. In Alibaba’s case the scraping was enabled because the employee of the consultancy firm had full access to a part of the online infrastructure.

And while most types of web scrapers are perfectly fine, for example scrapers that help you find the best price for a product, the question is whether it is OK to scrape websites for personal data. While website users may have given consent to use some of their data for marketing purposes, is it fair to expect that they can anticipate how much information about them is available to potential scrapers, or how that data becomes something entirely different when it’s part of a billion-record data set, or when it’s combined with other information about them that makes their personal life pretty much an open book?

Chinese restrictions

The news about this court ruling comes at a keen moment for China as it recently announced it wants to tighten restrictions on the information gathering by internet giants like Alibaba, Tencent, and others. Last March, the Chinese government published new standards for the collection of personal data, specifically defining “necessary” data collection.

Among limitations like stopping app providers from collecting a broad range of data under a bundled consent model, the new data protection rules force Chinese companies to obtain government permission before transferring data outside of the country and grant individuals a right to access personal information held by data processors.

While we applaud these initiatives to protect user data-privacy, in China’s case it feels like a matter of “do as I say, not as I do.”

The post Jail for consultant who scraped colossal trove of Alibaba customer data appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Twitter takes aim at the chaos, clutter and trolls with new feature concepts

Malwarebytes - Wed, 06/16/2021 - 15:02

Twitter is potentially looking to add some new features to combat specific forms of abuse and / or aggravation on the platform. They’re still at the design stage, but they’re asking for feedback and it seems this will happen down the line. With that in mind, let’s take a look at what they’re up to.

Unmention yourself

Unmention yourself

I want to make it easier to untag yourself from a Tweet or conversation you don't want to be involved in.

Just pick “Unmention yourself from this conversation” from the more info menu and the link to your profile will be removed.

— Dominic Camozzi (@_dcrc_) June 14, 2021

This slightly clunky term is based around the Twitter-specific concept of “my mentions”. In other words, your reply tab which is surely filled with wonderful things. On the off chance that it isn’t, this can help. Twitter conversations tend to draw people in like inexorable whirlpools of terror. Perhaps someone you know tagged you into a random conversation because they thought you may be interested. That’s usually fine. It’s not fine when tagging you in is to encourage abuse.

Maybe you commented on a random news story and now everyone’s yelling at you. Perhaps trolls deliberately dropped you into a massive crowd of other trolls who are all also yelling at you. It’s possible you began the conversation yourself, and now everyone in your replies is yelling all day long.

Whatever your pickle, this is the fix. Currently, there is no way to remove yourself from a conversation. “Please untag me”, goes the cry of those in Twitter purgatory. “Oh no, you haven’t untagged me and I’m still being copied in to dozens of awful messages” goes the second cry. “It’s been 8 hours and a thread which was originally about cakes is now something to do with World War 2. Please help” goes the final cry before the phone is hurled out of the window.

When muting isn’t a solution

The current solution to this is the mute option. In theory, you hit the “mute conversation” button and it’s removed from view. It doesn’t matter how many replies it gets, or how many people send you a message: they’re all invisible, forever.

That’s the theory. In practice, the mute option is notoriously buggy. If you have a spider phobia, you can mute the word spider. It doesn’t mean the word won’t randomly break through the mute and show you some sort of horrendous spider content. If you mute a user who annoys you, Twitter may still randomly show you future replies or tweets. Mute a conversation? You can try. If you’re in a very viral conversation (whether you started it or joined later), these too will occasionally break the mute and pop back into your timeline.

Being able to “unmention” yourself, though? This is an additional string in the “please leave me alone” bow. If you’re able to drag yourself out of a thread, it’s possible the conversation will be gone for good. There’s an additional benefit here over muting. When you mute, it’s supposedly gone forever. This isn’t helpful if there are parts of the discussion you may want to revisit at a later date. If they can get this working, it promises to be very useful while avoiding the problem of having your replies tab hammered by unwanted noise.

Unmention individuals


Going further, if someone you don’t follow @ mentions you, you’ll get a special notification. If you unmention yourself from there, the Tweet author will not be able to mention you again.

— Dominic Camozzi (@_dcrc_) June 14, 2021

If you’re fed up with people jumping in to send you nasty messages, you’ll be able to prevent them tagging you in ever again with this proposed feature. The moment they start typing out your username, they’ll be told that [username] can’t be “mentioned” (sent a message). The image shows the potential nasty person sending a message directly, like so:

@[username] did you know that thing you like is actually really awful? You should! And now I’m telling you all about how much I hate it! Hooray!

 It’s not clear if this would work for dropping someone into the middle of a message like:

You know what I hate? Those things that @[username] enjoys. Wow, are those some really terrible things that you like! Wow! Terrible!

Currently, the only option is to block. Blocking stops someone from sending you messages directly, but it doesn’t prevent the “drop someone’s username into the middle of a tweet” activity outlined above. As a result, they can still drive bad traffic to the victim. Stopping people from doing this would be a very useful thing indeed.

Unmention individuals, part 2

This doesn’t seem particularly different from the last option. The only real difference I can see is that you can essentially shut down people’s ability to mention you for 1, 3, or 7 days. A good option for when your replies section is completely out of hand.

Control mass mentions

Getting a little TOO much attention? I want to make it easier to address that in 3 ways.

1️⃣ Get notified when you’re getting a lot of mentions
2️⃣ Review those Tweets
3️⃣ Change settings to stop the situation from escalating further

— Dominic Camozzi (@_dcrc_) June 14, 2021

Twitter was initially designed for letting small groups of friends know what you were up to via mobile. It’s morphed into a discussion platform over the years. On any given day, there’s millions of conversations about any subject you care to mention. The only problem is, it’s frequently unsuited to said conversations taking place because of, among other things, a lack of controls over who’s dropping you in or out of discussions, and an inability to keep your replies free from harm.

The moment you do a good Tweet and it goes viral, the platform is essentially unusable for a few days until things calm down. You’re DDoS’ing yourself off Twitter by virtue of being good at it. Even verified accounts, who have additional options regular users don’t have, find it impossible to get around this. The moment dozens, hundreds, or thousands of replies appear all at once? Good luck, see you in three days.

This is similar to the above proposed setting, except it tells you how many times you’ve been mentioned in a short space of time and then allows you to specify who, exactly, can mention you.

Closing thoughts on the proposed changes

As you can see, Twitter is trying to add some nuance to dealing with abuse and clutter generally. My sense here is that some sorely needed flexibility is on the way; we just need to see how long it takes to implement.

There’s still a few areas in all this that don’t seem to be addressed yet.

For example, Twitter allows you to restrict how you can reply to tweets already. For example, I can set it to followers only, or people who I follow back. If someone dislikes your tweet, they’ll bypass restrictions by quote tweeting you. I don’t know if the new additions would prevent that from being possible.

Either way, expect to see more wrinkles ironed out over the coming weeks / months. Let’s see if Twitter can finally plug some of the more creative ways people have of causing chaos on the social media platform.

The post Twitter takes aim at the chaos, clutter and trolls with new feature concepts appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Windows 10 to retire in four years (or 52 Patch Tuesdays, in sysadmin years)

Malwarebytes - Tue, 06/15/2021 - 15:41

Microsoft will terminate support for Windows 10 Home and Pro on 14 October 2025, a decade after the original Windows 10 was brought to market. Although some may claim that a Microsoft document has been “quietly edited” over the weekend to reflect this “sudden change”, this reveal isn’t new. In fact, based on a Wayback Machine screen capture of the same page, Windows Central has pointed out that this reveal has been on the Microsoft page since September 2020.

Nevertheless, this renewed interest on Windows 10 has come almost three weeks after the Microsoft Build 2021 event in late May, where Microsoft CEO Satya Nadella teased of something big in the works: a “next generation of Windows” (Hint: It won’t be called Windows 11). Furthermore, this end-of-life cycle reveal has happened at least a week before a new Windows digital event on 24 June 2021.

And soon we will share one of the most significant updates to Windows of the past decade to unlock greater economic opportunity for developers and creators. I’ve been selfhosting it over the past several months, and I’m incredibly excited about the next generation of Windows. Our promise to you is this: we will create more opportunity for every Windows developer today and welcome every creator who is looking for the most innovative, new, open platform to build and distribute and monetize applications. We look forward to sharing more very soon.

Transcription of Nadella’s keynote, reproduced from Windows Central, during the Build 2021 event

Microsoft hasn’t hinted on when this new OS will be revealed to the public, much less made available in the market, but Nadella admitted that he has been testing it for months. We don’t know what it will contain, but Windows is still the platform of choice for most businesses, and therefore the platform of choice for most malware—including the most dangerous forms, like ransomware—so we’d be surprised if it doesn’t include something designed to tackle that head on.

The company also expects the transition from the would-be-retired Windows 10 to the new desktop OS would take around four years. History suggests that’s optimistic. Windows XP reached the end of its life seven years ago.

This matters, because the end of life means an end of patches, and a progressively worsening security situation for any organisations that don’t migrate in time. The time to start planning is now.

And if there is anything we’ve learned about end-of-life cycles and support, it’s this: Scammers and fraudsters have made it a point to use news like this to lure potential victims into either downloading malware disguised as a legitimate file or to steal pertinent information and credentials. So, while we prepare for this transition, let’s not forget to also keep our eyes open. Stay informed, and stay safe!

The post Windows 10 to retire in four years (or 52 Patch Tuesdays, in sysadmin years) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Patch now! Apple fixes in-the-wild iPhone vulnerabilities

Malwarebytes - Tue, 06/15/2021 - 14:35

Apple has fixed two vulnerabilities in Safari’s WebKit component, announcing it is aware of a report that they may have been actively exploited. Both vulnerabilities could be abused by maliciously crafted web content that could lead to arbitrary code execution: In other words, the bugs let rogue websites do things on your phone without your permission.

Letting users of its products know that vulnerabilities are being actively exploited is a new approach for Apple. It has always been reluctant to provide much context in its security bulletins and only recently started adding information about whether vulnerabilities are being used in the wild.


WebKit is the web browser engine used by Safari, Mail, App Store, and many other apps on macOS, iOS, and Linux. The vulnerable WebKit version is available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). 

This is the 9th actively-exploited zero-day patched by Apple this year. Seven of them were related to WebKit. One was a GateKeeper bypass, and the other a TCC bypass. Gatekeeper is designed to ensure that only trusted software runs on your Mac, and Apple’s TCC  protection is built to safeguard privacy.


Publicly disclosed computer security flaws are listed in the Common Vulnerabilities and Exposures (CVE) database. The two vulnerabilities that were reported to be abused in the wild are:

Both vulnerabilities have been submitted by an anonymous researcher. It is not known whether they were both submitted by the same researcher.

Memory corruption issue

Memory corruption bugs occur when a program’s memory is modified in a way that was not anticipated by the programmers. When used by an attacker, a memory corruption bug can become a serious security vulnerability that might allow an attacker to leak sensitive information or execute arbitrary code. The generic term “memory corruption” is often used to describe the consequences of writing to memory outside the bounds of a buffer, or to memory addresses that are invalid.

Use after free

Use-After-Free (UAF) is a vulnerability related to incorrect use of dynamic memory during program operation. If after freeing a memory location, a program does not clear the pointer to that memory, an attacker can use the error to hack the program. Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.


As is customary, Apple did not provide details on the zero-day attacks, which appear to be aimed at a range of older models of iPhones. It’s remarkable that Apple disclosed that these vulnerabilities are being used in the wild as this has not been its habit until recently.

“For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.”

Waiting to disclose issues until a patch is available certainly makes sense, but keeping under wraps how serious an issue is, is a different case. Whether this new habit of letting customers know that vulnerabilities are actively being abused is here to stay remains unknown, but it brings Apple more inline with industry norms. From our perspective it is progress. Not in the least because it gives users a perspective into the urgency of getting the necessary patches.

Stay safe, everyone!

The post Patch now! Apple fixes in-the-wild iPhone vulnerabilities appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Another one bites the dust: Avaddon ransomware group shuts down operation

Malwarebytes - Mon, 06/14/2021 - 22:51

Are you seeing some pattern here?

In what could be a called “shocking news” on Friday, BleepingComputer revealed that the gang behind the Avaddon ransomware shut down its operations after releasing more than 2,000 decryption keys to the technology news site.

BleepingComputer claimed they received an anonymous tip purporting to be from the FBI, containing a password and a link to a password-protected ZIP file.

These are the three files in the ZIP file. which came directly from the Avaddon ransomware group. They contain the decryption keys, (Source: BleepingComputer)

If you may recall, Avaddon is a big game hunting (BGH), ransomware-as-a-service (RaaS) tool that the US Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) warned organizations about last month.

Malwarebytes detects this ransomware as Ransom.Avaddon.

Avaddon ransomware attack victims

While various sectors in Australia were noted to be particularly targeted, the Avaddon strain has been instrumental in the successful network compromise of the Asian division of the AXA Group, one of the biggest cyber insurance companies in the world. Avaddon threat actors were able to extract information about what appears to be client info: passports, bank account information, ID cards, contracts, fraud-related hospital files, and other medical reports containing sensitive data about patients, and more.

The AXA Group warning, taken from the Avaddon ransomware gang’s official website in the dark web (Source: HackRead)

Coincidentally, this attack came close to a week after the insurance giant announced that it would cease covering customers in France who pay up after being attacked by ransomware. An insurance company refusing to cover for any monetary loss over a cyberattack will no doubt significantly increase the likelihood of victim companies refusing to cough up money to ransomware gangs.

Schepisi Communication, an Australia-based telecom service provider, was also hit by Avaddon last month after its platinum partner, Telstra, fell victim to a ransomware attack by the same group. The criminals claimed to have access to data of a large amount of SIM cards, mobile devices, contracts, and banking information to name a few. When the company refused to pay the demand, their official website was downed by distributed denial of service (DDoS) attacks, taking their website offline for several days.

Screenshot of the downed Schepisi Comminication website after suffering a DDoS attack (Source: HackRead)

Avaddon threat actors are also not one to shy away from going after organizations in the healthcare industry. According a threat report from eSentire, a leading Managed Detection and Response (MDR) service provider, Avaddon has targeted the Capital Medical Center in Washington, Bridgeway Senior Healthcare in New Jersey, and an intensive care online network.

A domino effect? Or a simple coincidence?

After DarkSide called it quits from the pressures of the US government following their attack against Colonial Pipeline, reading about Avaddon—considered to be a “second tier ransomware operator”—would make one think that there is cause for celebration. Indeed, this is a win and something we should be grateful for.

Let us not forget, however, that any time a ransomware gang decides to shut down, more gangs appear (If you’re on Twitter and follow several malware/ransomware hunters, you’ll agree).

It is also a known fact that ransomware actors have the habit of rebranding under the guise of shutting down—or to simply avoid US sanctions—so it won’t be far off to think that this is all a ruse. And speaking of sanctions, as of this writing, there is nothing that links Avaddon’s demise to the increased attention the US government has given ransomware groups lately. It’s likely then that this is all just part of the normal flow of events when groups give up from time to time. That said, this could be one of those wait-and-see scenarios.

Nonetheless, we welcome any ransomware gang quitting as good news. But perhaps, at the same time, we’re also left wondering: Is there a quiet chaos going on right now within and among the underground ransomware gangs? Will they start dropping like flies? Will we be left with our old, insecure ways if or when ransomware attacks do plummet?

Well, let’s wait and see.

The post Another one bites the dust: Avaddon ransomware group shuts down operation appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Working from home? You’re probably being spied on

Malwarebytes - Mon, 06/14/2021 - 17:58

One year ago, as countless employees settled into new routines for working from home (WFH), a Reddit user shared a video online of a strange contraption: A wire coat hanger bent out of shape, one side gripping an external USB mouse, the other side latched onto an oscillating fan. As the fan swished left and then right, so, too, did the USB mouse.

What was the point? The device, the Reddit user suggested, was a low-tech defense against workplace surveillance.

WFH Tip #2: How to always appear online,” read the video’s title.

This laughable attempt to subvert digital workplace monitoring was a bit of a joke, but the video spotlighted an unfortunate reality facing WFH employees today. Rather than being trusted to accomplish their jobs out of physical view, a startling number of employees are being tracked and measured through privacy-invasive software which can surveil their web browsing habits, track their app usage, monitor their screen time—periodically capturing screen images—and even transcribe their phone calls.

The fascination with digital workplace surveillance software—sometimes called “bossware”—is increasing, according to a recent survey funded by ExpressVPN, in collaboration with Pollfish. Of the 2,000 employers surveyed, 57 percent “implemented employee monitoring software in the past six months.” Of those that had not deployed such software, 59 percent said they were “very or somewhat likely” to do so in the future.

But employers should caution themselves against likely pushback, as employees in the survey repeatedly expressed contempt for the tools and the behavior it enabled.

“It’s micro-management,” said one anonymous survey respondent, according to the key highlight report from ExpressVPN. “As long as my productivity is acceptable and my work is getting done, it shouldn’t matter how I pass the time while waiting for an active job to pick up.”

Employers can’t feign ignorance about this, either. According to the the ExpressVPN survey, while 78 percent of employers admitted to using employee monitoring software to track their employees, even more—83 percent—believe there are “ethical concerns” with that type of software.

The pandemic’s productivity panic

In the first months of the COVID-19 pandemic, as thousands of companies shifted to WFH models, a certain panic arose regarding potential, lowered productivity. The combination of removing workers from a potentially collaborative in-office environment, expecting them to simultaneously tackle childcare and work, and hoping they can manage the stress of a global pandemic, often led corporate leaders to believe that their employees’ productivity would slow to a crawl.

Those concerns, it appears, led to increased demand for digital workplace surveillance software.

According to reporting from Wired in October of last year:

“As working from home has flourished, so too has employee monitoring software. Programs such as Time Doctor, ActivTrak, Teramind and the dystopian-sounding StaffCop have all seen huge upticks in demand. Remote teams are now watched through their webcams via always-on video services like Sneek. In the office-free world, bosses can now clandestinely scan screenshots, login times and keystrokes at will to ensure their workforce is keeping its focus and productivity.”

The sentiments of employers captured in the ExpressVPN survey sound similar. As the survey authors wrote, “the biggest driver behind employers’ growing interest in surveillance is their uncertainty and unease about the status of their company and whether employees are doing what needs to be done to maintain overall business performance.”

That showed up in the data with the following numbers:

  • 74 percent of employers said “remote work makes them feel a lack of control over their business”
  • 57 percent “don’t trust their employees to work without in-person supervision”
  • 59 percent “don’t trust their employees to work without digital supervision”

Considering this broad, shared concern in potentially lowered activity, then, it is quite strange that survey after survey after survey have shown there is little truth to it.

When Microsoft commissioned KRC Research, Boston Consulting Group, and the Wharton School of the University of Pennsylvania to survey 9,000 respondents across Europe last August who started working in more hybrid and remote models, 39 percent said they felt equally productive, 34 percent said they felt somewhat more productive, and 10 percent said they felt significantly more productive.

When Mercer surveyed 800 employers last year, 94 percent said “productivity has remained the same or improved since employees began working remotely.”

And when Malwarebytes Labs asked 200 managers, directors, and C-suite executives in IT and cybersecurity roles across the United States about their biggest struggles with shifting to a WFH model, only 2.5 percent said they experienced “significantly lower” productivity.

The data is not there, but that does not seem to matter for the managers who are making the decision to surveil their employees. Instead, the decisions seem to be carried on intangible unease. In fact, according to the ExpressVPN survey, 69 percent of employers said they “feel uneasy about remote work because they can’t observe employees in person”

Well, what are the employees feeling?

Employee pushback

When employees know they are being surveilled, they do not just dislike it. They consider it damaging to their relationship with the employers.

  • 43 percent of employees said the use of these tools “is a violation of trust”
  • 28 percent said it “makes them feel unappreciated”
  • 26 percent said it “makes them feel resentment”

Further, 59 percent of employees reported feeling “stress and/or anxiety about their employer surveilling their online activity.” The reasons for that stress vary—from 41 percent wondering “whether they’re being watched” to 36 percent feeling “pressure to work longer hours in general. But, critically, 20 percent of employees said they “feel dehumanized as a result of workplace surveillance.”

These are heavy terms, and employers should recognize that when their employees begin to feel like this, they have a strong chance of losing them. According to the survey results, 54 percent of employees said “they’d be likely to quit if their employer and/or boss implement surveillance measures.”

But for the employees who will not quit, the picture is not any brighter. Instead, employers will likely find themselves fighting against employees who are subversively rolling out anti-surveillance measures that they either look up online or devise themselves (need we remember the Reddit user’s renegade partnership between their home fan and their USB mouse?). According to the survey, 31 percent of employees who know they are surveilled said they use “anti-surveillance software,” and 25 percent “researched hacks to fake online activity.”

Surprisingly, almost half of surveilled employees—49 percent—said they “pretended to be online while actually doing non-work activities.”

This is the pushback that employers can expect for voluntarily wrecking their employees’ trust. Remember, many employees reported feeling resentment about being surveilled. It stands to reason that an employee who resents their employer will have little qualms about tricking them, wasting their time, and half-assing it until they can find a new job.

After all, what’s the point of putting in professional work if you won’t be treated like a professional? The popularity on Reddit alone isn’t worth it.

The post Working from home? You’re probably being spied on appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to delete your Instagram account

Malwarebytes - Mon, 06/14/2021 - 11:14

Although sharing your day’s highlights in snapshots and videos on Instagram can be entertaining, some people claim to feel happier after deleting their accounts. Consuming media tailor-made to make other people’s lifestyles appear alluring can be addictive for some and induce anxiety in others. Not only do people delete Instagram for their wellbeing, but they remove it for privacy concerns. Hackers, scammers, and stalkers can use the photo and video sharing social networking platform to target others, and Instagram is part of Facebook’s advertising panopticon.

For any of these reasons, a number of Instagram users decide to take a break from the platform at some point, either temporarily or permanently. If you do, remember that you will lose the following data permanently when you delete your Instagram account:

  • Profile
  • Photos
  • Videos
  • Comments
  • Likes
  • Followers

You can sign up with the same username again after deleting your Instagram account. However, this won’t be possible if someone else has created an account with the same username. Hypothetically, someone could impersonate you after you leave by creating an account with the same username. That’s why you may want to disable your account rather than delete it.

How do I disable my Instagram account temporarily?

To hide your account, profile, photos, comments, and likes, you can opt to disable your Instagram account instead of erasing it. Disabling it is easy and requires a web browser on a computer, tablet, or mobile phone. Unfortunately, you can’t use an Instagram app to disable Instagram.

  1. Log into your Instagram account from a web browser.
  2. Click your profile picture on the top right of the screen.
  3. Click Profile followed by Edit Profile.
  4. Find Temporarily disable my account on the bottom right after scrolling down.
  5. Pick an option from the drop-down menu that says Why are you disabling your account?
  6. Enter your password.
  7. Hit Temporarily Disable Account to hide your account until you’re ready to reactivate it.
How to download your Instagram data on a Computer, Android, or iPhone

You may want to back up your pictures, videos, and posts from Instagram before deleting your account. Once you delete your account, your media is irrecoverable. Here is how to get a copy of everything you’ve shared on Instagram:

  1. Click or tap your profile picture and then find Settings.
  2. Click Privacy and Security on a computer or tap Security on Android or iPhone.
  3. Click Request Download on a computer or tap Download Data on your mobile device.
  4. Enter your email address, Instagram account password and use the Request Download option.
  5. Wait for an email from Instagram titled Your Instagram Data. Instagram says that it can take up to 48 hours to send the email.
  6. Use the link in the email to download your data.
  7. You can contact Instagram directly if you’ve lost your username or password and need access to your data.
How do I delete my Instagram account on a computer?

Log into your Instagram account. Follow this link to get to the Delete your account page. Pick from one of the listed reasons explaining why you want to delete your account. Re-enter your password and delete your account for good.

How do I delete my Instagram account on my iPhone or Android device?

Deleting an Instagram account through a mobile app isn’t possible. You may find it easier to delete it on a computer and remove the mobile app. You can use the following steps, but they eventually lead you to a hyperlink on a web browser.

  1. Start the Instagram app on your phone.
  2. Tap the Profile icon.
  3. Go to the Profile page and tap Settings.
  4. Scroll down to Help Center and tap Basics.
  5. Hit Getting Started and then scroll through the options until you find Delete Your Account
  6. Select How do I delete my account and follow the hyperlink to your web browser.
  7. You may need to enter your Instagram password and choose a reason for deleting your account.
  8. Hit Permanently deactivate my account and then tap OK.
  9. Uninstall Instagram from your iPhone.
How do I make my Instagram account more secure?

While many users are concerned about scams on Instagram, or the threat of having their accounts hacked—they also don’t want to delete or deactivate their accounts. Thankfully, there is a compromise. Here are some measures that may help you improve your security and privacy on Instagram:

  • Set a long, unique password.
  • Enable two-factor authentication by clicking Security > Two-Factor Authentication > Get Started.
  • Consider making your account private, so that only approved followers can see it. You can do this in your privacy settings by clicking Settings > Privacy > Account Privacy and toggling Private account.
  • You may also want to visit the Comments or Story option under Settings > Privacy to manage how followers interact with your posts.
  • Check the Add Automatically option under Privacy > Tags to stop tagged photos from being added to your profile.
  • Check the authenticity of the accounts you follow by hitting the three-dot menu on a profile and selecting About this Account. Watch out for red flags like frequent username changes and more.
  • Don’t hesitate to block, mute, restrict, or remove followers that affect your peace of mind or try to breach your account security.
  • Use good antivirus/anti-malware software on whatever device you use to access your Instagram account. In case you accidentally click on something malicious, you’ll have protection for your computer, tablet, or mobile device.

The post How to delete your Instagram account appeared first on Malwarebytes Labs.

Categories: Techie Feeds

A week in security (June 7 – June 13)

Malwarebytes - Mon, 06/14/2021 - 10:41
Last week on Malwarebytes Labs: Other cybersecurity news

Stay safe, everyone!

The post A week in security (June 7 – June 13) appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to deactivate or delete your Facebook account

Malwarebytes - Fri, 06/11/2021 - 15:51

People worldwide use Facebook to connect with friends and family, and to engage in pointless debates with strangers over moderately amusing cat videos. But while some feel that the social media platform is an essential part of life, others find the data scandals and privacy issues disconcerting. For those who wish to take a break from Facebook either temporarily or permanently, instructions for deleting or deactivating your account are below.

Deleting your Facebook account How to delete your Facebook account from a browser

Removing Facebook for good is easier than you think. Follow this link to the page that allows you to end your account permanently. Click Delete Account, enter your password, and your account is gone forever. But before you do, consider downloading a copy of the information you have stored on Facebook, including photos, videos, and more. Here is an official guide from Facebook that can help.

How to delete your Facebook account from the iPhone app
  1. Start the Facebook app on your iPhone.
  2. Tap the three-lined icon (hamburger menu).
  3. Tap Settings & Privacy.
  4. Tap Settings.
  5. Tap Account Ownership and Control.
  6. Tap Deactivation and Deletion.
  7. Tap Delete Account.
  8. Delete your Facebook app for good measure.
How to delete your Facebook account from the Android app
  1. Start the Facebook app on your Android device.
  2. Tap the three-lined icon (hamburger menu).
  3. Tap Settings & Privacy.
  4. Tap Settings.
  5. Tap Account Ownership and Control.
  6. Tap Deactivation and Deletion.
  7. Tap Delete Account.
  8. Delete your Facebook app for good measure.
The cons of deleting your Facebook account

Deleting your Facebook account can certainly feel liberating. You don’t have to worry about managing your privacy or consuming seemingly endless social media content. But rather than a permanent deletion, some people prefer to take a break from Facebook by deactivating their account for the following reasons:

  • You won’t be able to access Facebook again unless you create a new account.
  • It’s impossible to use Messenger without a Facebook account.
  • Some accounts that you entered through Facebook Login may malfunction. You may need to contact those apps and websites or create new accounts.
  • You’ll permanently lose your data unless you download a copy
  • You’ll lose your app purchases, achievements, and more related to your Facebook login on Oculus.  
Can you undelete Facebook if you change your mind?

Facebook says that it needs up to 90 days from the start of the deletion request to remove everything you’ve posted permanently. It may even keep some data in backup storage for legal issues as part of its data policy. It also offers a 30-day grace period after you erase your account. Here is how to cancel your account deletion within 30 days:

  1. Log in to your Facebook account.
  2. Hit Cancel Deletion.
Deactivating your Facebook account

Deactivating your Facebook is a temporary measure. After you deactivate your account, your Facebook page, including your intro, photos, friends, and posts, is hidden. No one can send you friend requests either. However, your messages are still visible to their recipients. Here are some advantages of deactivating your Facebook instead of deleting it:

  • Your photos, videos, and posts are hidden but not permanently deleted.
  • Facebook Messenger is still fully accessible.
  • You can still access accounts through Facebook Login.
  • You can reactivate Facebook whenever you please by logging in.
How to deactivate your Facebook account from a browser

The same link that allows you to erase your account also allows you to deactivate your account. Hit Deactivate Account and then enter your password to lose access to Facebook temporarily. Alternatively, you can use the following steps:

  1. Select Settings & Privacy from the drop-down menu on the top right.
  2. Click Settings.
  3. Click Your Facebook Information.
  4. Click Deactivation and Deletion.
  5. Select Deactivate Account and hit Continue to Account Deactivation.
  6. Enter your password and deactivate your account.
How to deactivate your Facebook account from the iPhone app
  1. Start the Facebook app on your iPhone.
  2. Tap the three-lined icon (hamburger menu).
  3. Tap Settings & Privacy.
  4. Tap Settings.
  5. Tap Account Ownership and Control.
  6. Tap Deactivation and Deletion.
  7. Tap Deactivate account.
How to deactivate your Facebook account from the Android app
  1. Start the Facebook app on your Android device.
  2. Tap the three-lined icon (hamburger menu).
  3. Tap Settings & Privacy.
  4. Tap Settings.
  5. Tap Account Ownership and Control.
  6. Tap Deactivation and Deletion.
  7. Tap Deactivate Account.
Tips for using Facebook safely

We understand that some users don’t want to deactivate or delete Facebook, but still have safety concerns. There are steps you can take to better manage your privacy and security on Facebook. Here are some tips that may help:

  • Set a long, unique password for your Facebook account. You can use a trusted password manager to make the task easier.
  • Avoid oversharing information on Facebook. Threat actors can use it for social engineering.
  • Be careful when accepting friend requests. Limit posts to trusted friends and not the public.
  • Limit the audience of old posts on your Timeline by clicking General > Privacy > Your Activity > Limit Past Posts.  
  • Stop Facebook from using your data to show you tailored ads by clicking General > Ads > Ad Settings.
  • Manage third-party apps that have access to your data by clicking General > Apps and Websites.
  • Beware of social media scams and be careful which links you click on Facebook or in Messenger.

The post How to deactivate or delete your Facebook account appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Cloud vs on premise: 3 reasons the Cloud is winning

Malwarebytes - Fri, 06/11/2021 - 15:26

Thanks to the vast rollout of COVID-19 vaccines to millions of people in the US and Europe, some of us are finally seeing some semblance of a return to normalcy. And organizations, who have experienced first-hand the struggle to stay afloat during months of struggle, are expecting to transition back to how things were.

For some, a life back to normal means employees commuting back to workplaces. Empty cubicles will slowly start filling up again. And face-to-face meetings, either a big group in a conference room or a small one in a coffee shop, will be A Thing once again.

But what about those employees who prefer to work from home, or at least to have the option? And what of businesses happy to be liberated from the constraints of physical workspaces? It seems there are many of both.

The normal we knew of may no longer fit the kind of normal organizations have adjusted for. Remote working during the pandemic has made leadership roles in organizations understand that connectivity—making company data and resources available for all employees who need them, no matter where they are, while keeping that data as secure as possible—is what they and every business really need.

The Cloud, in other words.

Cloud adoption

“Cloud” is a term used to describe a vast network of remote servers located around the world linked together to form a contiguous platform for computer services that can be subdivided and scaled with ease. It has been around for nearly two decades, and organizations adapting a Cloud strategy have been on the uptick, pre-pandemic. And the lockdowns and (some imposed) mandatory work from home (WFH) measures during the pandemic have only accelerated Cloud adoption even further.

It is noted that enterprises are the big spenders on Cloud computing. Yet, many have yet to embrace the Cloud—particularly those in the SMB sector. According to the Small & Medium Business Trend Report from Salesforce, “digital forward SMBs”—or SMBs that have invested in technology, including the cloud, to drive customer interaction and growth—were better equipped to handle the pandemic.

Half and half: While almost half of SMBs in the paper reported digitizing their operations, almost half of them are still behind. (Source: Salesforce)

If you’re still on the fence about whether you should move your data and operations to the Cloud, or you’re locked in the “on-premise versus Cloud” debate on which one is better, we have identified below the three main reasons why organizations, regardless of size, are migrating to the Cloud.

1. Cost efficiency

Setting up servers and making sure that they are physically secure, have uninterrupted power and air conditioning, and are loaded with properly licensed, patched and updated software is no small task. There are high, upfront fees, a multitude of things can go wrong, and it is hard to scale. And the lifetime costs aren’t small either: From electricity bills and maintenance, to that dreaded “end of life” for both hardware and software. When it comes to this kind of computing infrastructure, economies of scale matter, and almost no business can compete with the scale of Cloud providers like Google, Microsoft and Amazon.

Suffice to say, many organizations are opting not to worry about servers and server rooms at all, and instead choosing to pay for what they use by using Cloud infrastructure like AWS, or Cloud services, like Office 365.

2. Security and compliance

Cloud service providers, especially the big-named ones like Amazon and Microsoft, boast of having excellent and powerful security in place by default. And Cloud service providers have made it a point to make their security as robust as possible, relieving businesses of many of the basics they struggle with, such as backups, single sign-on, encryption, firewall configuration, and consistent security updates—you name it. The Cloud doesn’t mean you can forget about security, but it can make it much easier to do the right thing.

The same robustness can be said about the physical security of their servers. It would be extremely hard for intruders to physically break into servers that house an organization’s precious data. Cloud providers keep data safe from physical destruction by keeping it in multiple places, and keep it safe from theft by investing in layers of physical security, like fences, guards, surveillance cameras, and biometric access systems.

Security in the Cloud also reduces the attack surface for insider threats because employees and contractors cannot go in and out of rooms they’re not supposed to go to.

When it comes to disasters—and by this, we mean natural and local ones—locations of on-premise servers are expected to withstand whatever nature can throw at it, may these be floods, earthquakes, tornadoes, and even your random lava spill. However, many on-premise operators don’t have the redundancies they need, seeing them as not cost efficient. On the other hand, redundancy is built into a Cloud or hybrid configuration.

Lastly, we’d like to mention that many Cloud providers comply with various security, privacy, and data protection regulations. In the US, we have the Payment Card Industry Data Security Standard (PCI DSS), the Health Insurance Portability and Accountability Act (HIPAA), and Federal Information Security Management Act (FISMA) among others. Other countries have their own standards that a Cloud provider complies to as well.

The security advantage of Cloud services was graphically illustrated in March this year, after Microsoft released patches for four zero-days being exploited by a group dubbed Hafnium. The patches were quickly reverse engineered by multiple criminal groups and automated attacks began soon after. The attacks turned unpatched Exchange servers into backdoors that could be used to steal data or launch ransomware inside company networks. IT teams dropped everything to find and patch their vulnerable servers, Microsoft released a flurry of tools to help, and the FBI even took the highly unusual step of remotely cleaning up some of the compromised servers.

What was notable about the incident is that it affected on-premise servers with Exchange, but not not the Cloud version. The “patch gap”, the often months-long gap between a patch being made available and it being used—the gap that criminals were so ruthlessly exploiting—simply didn’t exist in the Cloud.

3. Flexibility

The Cloud allows enormous flexibility, whether you’re adapting quickly to good news or bad. Famously, the Cloud allows services to scale up extremely quickly, avoiding many of the technical problems that can come from growing too fast or becoming suddenly popular.

It can also help when businesses are faced with a sudden, unexpected and challenging situation, as many were in April 2020 as COVID spread around the world. Dyer Brown, a Boston-based architectural firm, is an SMB that adopted the Cloud prior to 2020 and was able to successfully and fully shift their entire workforce to remote work. Employees were able to access important files wherever they were, thus, productivity and collaboration weren’t sacrificed. This flexibility afforded by the Cloud not only made it possible for their 50 employees to work offsite but also take care of sick family members, home school kids, and focus on their health more.

It has also been made apparent that flexibility with work schedule due to working remotely has become a make-or-break factor for employees on whether they should stick with their current company or move to a new one. Some even welcome pay cuts in exchange for working from home.

This is something organizational leaders will need to consider seriously.

The post Cloud vs on premise: 3 reasons the Cloud is winning appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How a Resident Evil image leaked in a ransomware attack ended up in the middle of $12m copyright claim

Malwarebytes - Thu, 06/10/2021 - 17:43

Back in November, gaming giant Capcom suffered a ransomware attack. In its press notification, it mentioned the various types of data potentially grabbed by their attackers. Things took an ominous turn when they refused to pay the ransom, and the group behind the attack said that was the wrong move. Capcom had the chance to “save data from leakage”; they did not take it. Sure enough, a whole collection of files were leaked soon after.

The threat of data drops from scorned ransomware groups is now a common extortion tactic. What we couldn’t have predicted here, is one of the ramifications of said drop. Time to wind things forward to June 2021 and a date with a lawsuit. The twist? The lawsuit isn’t aimed at the ransomware authors, but the compromised company.

Of data drops and research collections

I used to work in and around game / movie development a long time ago. We were incredibly low budget, and did very low budget things. An invaluable source of help at the time were resource guides and collections. Essentially: Big books filled with work compiled by visual artists, composers, designers, whoever. If you were lucky, the book came with a CD loaded with material from the book. Even luckier? You could use the contents for your own work for free. If the project was commercial, you’d typically pay a license fee of some kind.

There were also companies which curated content from multiple artists, and made sure all the licensing behind the scenes was watertight. Where this often went wrong was if the disc went walkabout away from the book.

Organisations would end up with discs lying around in desks, with nobody sure of the source / who had paid for licensing. If someone ripped disc contents, you’d then end up with self-burnt CDs lying around the place which appeared to be in-house creations. You have to be incredibly careful where resource materials are concerned.

If you’re wondering how this ties into the ransomware attack, I’m about to fill in the blanks.

The unintended consequence of a data leak

An artist in this case is seeking $12m in damages from Capcom, claiming Capcom used their imagery from a resource book / CD in a number of its video game titles. This has all come about off the back of the data leak from the ransomware hack. At least one of the images from the stolen and leaked files shares the same file name as what appears to be an identical image from the book’s CD-ROM.

The Juracek Vs Capcom document can be seen here, along with multiple examples of images potentially making their way into games. Sadly, it doesn’t go into detail on the most fascinating part…whether or not the artist became aware as a result of the data breach and subsequent leak. Most reports simply say the artist is using the breach as part of their evidence. There’s also the question of how they became aware of the images in the dump in the first place.

If I had to guess, incredibly knowledgeable fans saw the high resolution images, wondered where they came from, and perhaps got in touch with the creator. This isn’t an unusual thing to happen. Back in the mid 90s I tracked down the music composer for a AAA game series on Japanese language message boards, in order to tell them how cool their music is. It’s a lot easier to do things like this these days which may be a blessing or a curse, or perhaps a bit of both.

However you stack it up, it promises to be a fascinating day in court. This story raises some other issues, too.

Turning a negative into a positive

Some ransomware groups have tried to mix it up a bit in the realm of PR. They present themselves as Robin Hood style renegades, robbing the rich to give to the poor…or, more specifically, giving to charities. An interesting tactic, except charities face all sorts of problems if they’re gifted ill-gotten gains. As mentioned elsewhere, there’s every possibility the “we’re being helpful, honest” approach is merely a ruse to keep up the pretence of respectability. Here, though, we run into a bit of a problem.

The artist in question has made what they feel to be a valid complaint, and are having their day in court as a result. Being able to tie specific file names from their CD-ROM to named files in Capcom folders off the back of the hack? That probably strengthens their case quite a bit.

Put simply, these ransomware authors…and anyone else, for that matter…can now point to this story as evidence that they did in fact “help” someone in indirect fashion.

New frontiers in the ransomware world

The fallout from the attack could prompt a new ransomware tactic. It’s not a stretch to think breachers will go looking for copyright / related violations. After all, some ransomware groups have already shown an interest in how they can weaponize the data they’ve stolen, beyond simply leaking it.

With so many ways to tie found materials to the original source online, they may view this as an easy PR win. On top of all the other issues with ransomware, we probably don’t need its authors yelling “Look! We’re helping!” every time a new leak hits. When a creator is potentially $12 million out of pocket, it becomes increasingly tricky to argue against it.

Sure, this is still potentially another way for people who don’t actually care about helping people to act as if they do. But if the end result is the same and someone does benefit, it doesn’t really matter a whole lot. As far as the ransomware authors are concerned, they’ll have a collection of individuals telling everyone how cool they are.

It’s to be hoped we don’t end up fighting a PR war on top of the technical battle already raging across networks everywhere. I’m not sure I agree that “any publicity is good publicity”, but good publicity certainly is. So in case anyone is tempted to offer ransomware operators the benefit of the doubt, let’s not forget they’re same organised crime gangs that think little of attacking hospitals.

The post How a Resident Evil image leaked in a ransomware attack ended up in the middle of $12m copyright claim appeared first on Malwarebytes Labs.

Categories: Techie Feeds

Russia accused of hacking Dutch police during MH17 investigation

Malwarebytes - Thu, 06/10/2021 - 14:19

Journalists at the Dutch newspaper “De Volkskrant” have reported that the country’s intelligence service, AIVD, discovered in 2017 that Russian hackers had broken into Dutch police systems. The De Volkskrant report is based on knowledge from anonymous sources. The reason behind this act of espionage is thought to be the ongoing MH17 investigation.


A little background: on July 17, 2014, Malaysia Airlines Flight 17 (MH17) was shot from the sky on its way from Amsterdam to Kuala Lumpur above the Ukraine. The plane was hit by a surface-to-air missile, and as a result, all 298 people on board were killed, the majority of them Dutch.

At that time, there was a revolt of pro-Russian militants against the Ukrainian government which is thought to have been backed by Russia. Russian denied any direct involvement at the time but later admitted to having military intelligence officers in the country. Both the Ukrainian military and the separatists denied responsibility for the MH17 incident.

A large disinformation campaign was launched to obscure who was responsible.

The discovery

The Dutch police only became aware it had been breached after a tip off from AIVD, and the discovery caused a major panic, according to the newspaper. Whether and which data was stolen, is not clear, insiders told the Volkskrant. Understandably, the police network is a huge one and spread out across the country. Apparently the point of first entry was a server of the Police Academy. After discovery, the decision was made that putting a stop to the intrusion as quickly as possible was more important than figuring out what the intruders were after.

So, at this point it is unsure what the exact information was the intruders were after and even whether they were successful in finding that information. According to the Volkskrant, due to a lack of monitoring and logging, the AIVD and Dutch Police have very little knowledge of what the hackers did inside the police network. “There were a lot of question marks,” the newspaper’s source said. “How long had they been inside? Was this the first time? Had they already siphoned off data? That wasn’t clear.”

Dutch police

The Dutch police took the lead in the investigation of the MH17 incident. The Joint Investigation Team (JIT), a special team set up to investigate the MH17 incident, comprises officials from the Dutch Public Prosecution Service and the Dutch police, along with police and criminal justice authorities from Australia, Belgium, Malaysia and Ukraine. On July 5, 2017 the JIT countries decided that the prosecution of those responsible for downing flight MH17 would be conducted in the Netherlands.

The timing of the attack against the police could be coincidental, but it is notable that the attack took place in that same month.

Information feeds disinformation

One possible motive for the attack is disinformation. The best lies are based on truth after all. Reportedly, the Dutch justice department and the Dutch police were targeted with phishing emails and cars filled with listening equipment were found in the vicinity of the “Landelijk Parket”, which is the part of the justice department that deals with both national and international organized crimes. Knowing which facts were already known could be instrumental in building believable lies without revealing new facts.


We have reported before about the Russian disinformation campaigns regarding this incident. More recently, in November of 2020, Bellingcat, which has been instrumental in retrieving information about the attack on flight MH17, published evidence that Bonanza Media, a self-styled independent investigative platform, is in fact a special disinformation project working in coordination with Russia’s military intelligence. The open-source intelligence outfit asserts that:

While we have not yet established conclusively whether the Russia’s military intelligence agency, best known as the GRU, was behind the initial launch and funding of the Bonanza Media project, we have established that shortly after it was launched, senior members of the GRU entered into direct and regular communication with the project leader

It is no coincidence that one of the main forces behind Bonanza is Dutch as well. Together with former Russia Today journalist Yana Yerlashova, Bonanza was set up by blogger and journalist Max van der Werff.

Eliot Higgins, the founder and executive director of Bellingcat has called out what he says are Russian lies, and the interplay between the official Russian position and the disinformation propagated by so-called MH17 “Truthers”, in his recent tweets about the on-going MH17 court hearings.

This video is now being shown in court, showing the Buk traveling south out of Snizhne towards the eventual launch site. The MH17 truthers have repeatedly tried to claim this is fake footage, and Russia has even claimed this was uploaded the day before MH17 was shot down.

— Eliot Higgins (@EliotHiggins) June 10, 2021 Cozy Bear

Top suspect of the attack on the Dutch police is APT29 (Cozy Bear), a well-known hacking group that the White House linked earlier this year to the Russian Foreign Intelligence Service, also known as the SVR. They are also suspected to be behind the SolarWinds attack and other international espionage cases.


Both the Dutch police and the AIVD did not provide comments on the publication by the Volkskrant, but we do know that the AIVD is closely monitoring a reorganization to improve the security of the Dutch police’s networks.

The international court in The Hague is in the middle of the MH17 trials and Russia’s interference is unlikely to do their case any good, but of course they will deny every involvement.

The post Russia accused of hacking Dutch police during MH17 investigation appeared first on Malwarebytes Labs.

Categories: Techie Feeds

How to clear cookies

Malwarebytes - Wed, 06/09/2021 - 16:27

Until the information age, cookies were only known as a tasty but unhealthy snack that some people enjoyed, and others avoided. HTTP cookies, also known as computer, browser, or Internet cookies, are similarly divisive. Although some people like the more personalized browsing experience created by cookies, others have privacy concerns.

Cookies are small pieces of information that websites can store in your browser. A website can check that information each time you interact with it, and that allows it to tell you apart from everyone else. Without cookies you would never be able to log in to a website or store items in a shopping cart.

However, that ability to tell you apart from everyone else is also what makes cookies extremely useful for cross-site tracking and advertising. Thankfully, privacy-conscious users can disrupt that tracking easily, because blocking or clearing cookies is easy. Although there are plenty of tools that can help manage your cookies, if you need to, you can easily clear the decks directly in your browser. Here’s how:

Clearing cookies on a desktop computer

The following instructions will guide you through clearing cookies on the most popular desktop and mobile browsers (as of June 2021).

How to clear cookies in Chrome on Windows
  1. Start Google Chrome.
  2. Click the vertical three-dots icon on the top right-hand corner and then select History—alternatively, press Ctrl+H in Chrome. 
  3. Click Clear browsing data.
  4. Select Cookies and other site data.
  5. Select All time in the Time range dropdown menu.
  6. Click Clear data to clear cookies in Google Chrome.
  7. Click Block all cookies in Cookies and other site data to turn off cookies permanently.
How to clear cookies in Firefox on Windows
  1. Start Firefox.
  2. Click the three-lined icon (hamburger menu) on the top right-hand corner and select Options next to the gear icon.
  3. Click Privacy & Security and then Cookies and Site Data.
  4. Select Cookies and Site Data.
  5. Select Cached Web Content.
  6. Hit Clear to clear cookies in Firefox.
  7. You can also click Strict in Privacy & Security to Block most cookies, but this may cause websites to malfunction in Firefox.
How to clear cookies in Edge on Windows
  1. Start Microsoft Edge
  2. Click the horizontal three-dots icon on the top right-hand corner and select Settings next to the gear icon.
  3. Click Privacy, search, and services.
  4. Click Choose what to clear under Clear browsing data.
  5. Select Browsing history, Download history, Cookies and other site data, and Cached images and files.
  6. Hit Clear now to clear cookies in Microsoft Edge.
  7. Click Block third-party cookies in Cookies and site preferences to block third-party cookies permanently.
How to clear cookies in Opera on Windows
  1. Start Opera.
  2. Click Settings on the top left-hand corner.
  3. Click Advanced and then Privacy & Security.
  4. Click Clear browsing data. Alternatively, please Ctrl+Shift+Del to open your Clear browsing data options faster.
  5. Select Cookies and site data.
  6. Hit Clear data to clear cookies in Opera.
  7. Click Cookies and site data under Site Settings to find options to block all third-party cookies permanently.
How to clear cookies in Safari on macOS
  1. Start Safari on your Mac.
  2. Select Preferences and then click on Privacy.
  3. Find Cookies and website data and hit Manage Website Data.
  4. Press Remove All and Done to clear cookies in Safari.
  5. Click Block all cookies under Manage Website Data and tick Prevent cross-site tracking to turn off cookies permanently.
Clearing cookies on a mobile device How to clear cookies in Chrome for Android
  1. Start the Chrome app.
  2. Click the vertical three-dots icon on the top right-hand corner and then select History.
  3. Click Clear browsing data…
  4. Select All time in the Time range drop-down menu.
  5. Click clear data to clear cookies in Chrome on an Android device.
How to clear cookies in Firefox for Android
  1. Start the Firefox app.
  2. Click the three-dot icon in the corner and hit Privacy.
  3. Click Delete browsing data.  
  4. Select Cookies and click Clear Data.
  5. Alternatively, click Clear private data on exit to clear cookies in Firefox on an Android device
  6. Click Disabled in Cookies to turn off cookies permanently.
How to clear cookies in Safari for iOS
  1. Click Settings on your iOS device.
  2. Find Safari.
  3. Click Clear History and Website Data to clear your cookies and history in iOS.
  4. Alternatively, click Settings, Safari, Advanced, Website Data, and then hit Remove All Website Data to clear cookies in iOS but keep your history.
  5. Click Block All Cookies in Safari to turn off cookies permanently.
How to clear cookies in Firefox for iOS
  1. Start the Firefox app.
  2. Click the three-lined icon (hamburger menu) on the lower-right corner.
  3. Hit Settings.
  4. Select Data Management.
  5. Click Clear Private Data to clear cookies in Firefox on iOS.
  6. Click Cookies in Data Management to turn off cookies permanently.

The post How to clear cookies appeared first on Malwarebytes Labs.

Categories: Techie Feeds


Subscribe to Furiously Eclectic People aggregator - Techie Feeds