When Your little angel sleeps

cyber as a service

Lately there have been a lot of buzz about cyberbullying in the news. This is something which hasn’t been in the news before, only the last couple of years. Thats quit logic, the new smartphone wave now reaches the 10 year olds, and sometimes even with kids from let say 7 or 8 years old.

Especially kids are very vulnerable to online threats like cyberbullying and other unwanted behaviour. Kids need to learn how to behave online and need to be educated about privacy matters and the harm you can do for their future of their lives and to others. Nothing new so far. But let me tell you a little story about a girl in my son’s class.

ANNE

Lets say here name is Anne. Anne is a 13 year old pretty girl from Rotterdam. She looks older then she actually is.  High grades, good in sports and a fun loving girl to see. She owns a smartphone…..
Before she owned the device Anne had been complaining that everyone else had a smartphone except herself. Her parents finally accepted that their duaghter was growing up and she basically earned the phone due to good grades an good behaviour. Nothing special so far…. Her parents decided to take the step and thoroughly invested some time in making the decision and do what they as parents had to do. They asked themselves a few questions:

What’s the right age?
Do we buy the latest model?
Prepare and sitting down with her?
Do we Set restrictions on the device?
Subscription, minutes, free texting?
Should you get them a dumb/feature phone instead?

All good questions to ask, and they took some time to figure out the best tactics.

STRESS!

All went well for a while, Anne could handle the responsibility and took notice over the wise tips her parent gave her when she finally got the so much wanted Galaxy S series.

Up to one day, when Anne’s mother noticed different behaviour from her daughter.  nervous, frustrated, and constantly checking her smartphone.
Since she had a good relationship with Anne, she decided just to ask if there was anything wrong with her, and if it had anything to do with her owning a smartphone. Anne, denied and just said that she had some trouble concentrating in the classroom since that new kid joined her class.  For Anne’s mother however that answer wasn’t good enough! She decided to take a look at Anne’s phone. When Anne’s mother made that decision to take a sneak look she felt a little ashamed for spying on her daughters smartphone, but she knew it was for good reasons. She simply protected her.

NOT THAT EASY

In the next couple of weeks Anne’s mother had plenty of opurtunities to take a look at Anne’s phone, only she had protected her phone with a pincode and/or facial recognition. Weeks went by and Anne’s mother tried to figure out what Anne’s pincode was. No luck, after a few times of trying she almost gave up on it.  Although Anne’s behaviour with her smartphone wasn’t that nervous or dedicated anymore.

ABRACADABRA

One day  the family came back from a weekend at their summerhouse. After 2 hours of driving, Anne who was sitting in the backseat of the car fel asleep. She had  just unlocked her smartphone with the facial recognition feature. Anne’s mother immediately understood this was her chance to take a look at her daughters smartphone! She asked her husband to stop at a restaurant. She took the phone carefully from Anne’s hand, but the phone was locked already! She then did something very clever, she carefully positioned the phone before her sleeping daughters face and tried to unlock the phone.  It worked! Anne’s father who had been viewing this remarkable behaviour of his wife, was too surprised to say anything. ” I will explain later” she said while driving from the restaurant back home.

15 minutes went by, 25 minutes went by. Then Anne’s father asked his wife what the hell she was doing! She explained, and Anne’s father could understand why his wife wanted to take a look at their daughters Smartphone, although he wasn’t very happy with the situation. A few minutes later she placed the phone on the backseat next to her sleeping daughter. And was quiet, very quiet!

SHAME!

Anne’s mother felt ashamed, how on earth could she betrayed her daughter  this way by spying on her phone! Anne’s smartphone didn’t reveal any behaviour she shouldn’t do online. Anne was the perfect daughter she had  always  been. Why didn’t she trust her? Why was she so curious what was going on? Was it imagination? She had a lot to explain.

 

A LESSON LEARNED

The NSA wants to behave like a parent. They want to be able to defend western territory. They want to know what YOUR kid is doing online, day in day out. They want to know what YOU, reading this blog are are doing day in day out, worldwide. All governments want this. Lets not forget the Google’s and the Facebooks of our time, they also want to know everything about YOU!
And last but not least, maybe even parents want to know everything what their kids are doing online.

There is a little voyeur in everybody….

 

Remo Hardeman
CEO Omerta Information Security

Rotterdam, The Netherlands 31st of May 2015

CISS (cybersecurity it stupid simple)

 

41870204

 

Rotterdam, The Netherlands May 25, 2015

 

Hacked, Hacked, Hacked!

Todays headlines are dominated by yet another breach, day in day out.  Nevertheless the last years we havent seen much change in cybersecurity strategies. But thats about to change, there are quit a few promising new security products on the horizon. If your in Cybersecurity and you follow the news like an professional, you know. If you don’t know, just google for promising cybersecurity products and you will end up in numerous lists, yours to pick one. Check for containerisation, read something about decentralisation and off course keep your eyes always open for Encryption methods, the Math behind it just works! (be aware of a good implementation) But if you havent got the knowledge, or your company simply doesn’t have any funds or budgets available for it, we maybe have a way off stopping at least some crooks.

CISS – cybersecurity it stupid simple

 

Strategy – rethink your architecture
Maybe you are better off with a cloud provider for your services, make them responsible for your data. Do you need those installation files on that old server available just for the ease of use? plenty of examples to give here. But simplifying or revoking some hard- and software will make your life much easier.

strategy
Hardening – Browser – Linux – Windows
Google for “Hardening” and do it for your browsers and OS’ses

Internet security.Laptop and opening safe deposit box's door.

Time management – yes please laugh :-)
If you don’t monitor your stuff and you are not doing any business overnight and you are not an international company over timezones, rethink your online 24 hour footprint. So close down services if you can… Not everybody needs to be online 36 hours per day!

guntime

 

Make your staff aware of incidents, make them part of your problem. SMB’s have the power to have short lines between all departments, use them!

I know, some of these “solutions” are too simple too easy or a little naive. But at least they will be effective! And i will mention it again, there are some very good bloggers on Cybersecurity, very good vendors in Cybersecurity, follow those guys. Eat, speak and sleep Cybersecurity!

I you are still not sure what to do, Hire a professional!

 

Remo hardeman
CEO Omerta Information Security

 

 

 

 

HET IS TRIEST GESTELD MET DE VEILIGHEID VAN NEDERLANDSE WEBWINKELS

OMERTA INFORMATION SECURITY

logo_3D

 

Vandaag werd bekend dat  66% van de honderd grootste Nederlandse webwinkels  de beveiliging van zijn website niet op orde heeft. In 38 procent van de gevallen betreft het een ernstig beveiligingslek. (via nu.nl)

Dit blijkt uit onderzoek van de Consumentenbond in samenwerking met beveiligingsbedrijf Onvio. De webwinkels werden gecheckt op de meest voorkomende beveiligingslekken.

Bij één website, 123tijdschrift.nl, was het mogelijk om via een sql-injectie de gehele klantendatabase in te kijken. Bij een sql-injectie wordt een kwetsbaarheid in de verbinding tussen de website en database misbruikt.

De eigenaar van de webwinkel, Sanoma, heeft het lek inmiddels gedicht. Sanoma is ook uitgever van onder andere NU.nl.

41870204

XSS-lek

Het ernstige beveiligingslek dat bij 38 procent van de webwinkels werd aangetroffen, is een zogeheten cross-site-scripting-lek (XSS). Bij dit probleem verwerkt de website specifieke data, zoals cookies, niet op de juiste manier.

Door een XSS-lek kan een derde kwaadaardige code binnen de website uitvoeren. Een groot deel van de webwinkels is voor deze aanval kwetsbaar, waarmee klantgegevens kunnen worden buitgemaakt.

Zo is het voor een hacker bijvoorbeeld mogelijk om via het XSS-lek een malafide betaalpagina in de website van een webwinkel te integreren. De bezoeker kan vervolgens niet zien dat het om een malafide pagina gaat, omdat de echte url van de website wordt gebruikt.

Sommige webwinkels hebben het XSS-lek binnen een dag gedicht, maar meer dan de helft van de webwinkels reageerde niet op de bevindingen van de Consumentenbond.

Maatregelen

De Consumentenbond raadt consumenten aan om voor verschillende websites andere wachtwoorden te gebruiken. Mocht een webwinkel het slachtoffer zijn van een hack, is het gebruikte wachtwoord niet voor andere diensten, zoals e-mail en internetbankieren, te gebruiken.

Omerta Information Security vindt dat het gebruiken van meerdere wachtwoorden bij verschillende websites niet voldoende is. Heeft u twijfel over de veiligheid bij een webshop waar u wilt bestellen? Neem gerust contact op met Omerta.nl op 010 7600 333

Omerta Websecure Team

websecure.omerta.nl

How to remove CoinVault ransomware and restore your files

Omerta Information Security – Rotterdam, The Netherlands

 

twitter-malware

 

Alex Drozhzhin has written an excellent blog post ( Kaspersky ) on removing Coinvault ransomware.

 

In most cases, if you are a victim of ransomware, there’s nothing you can do. Luckily, from time to time police and cybersecurity companies take down command and control servers of ransomware and retrieve information from them. This information is really useful, because it helps to create decryption tools and to recover users’ files. Recently, Dutch cyber-police and Kaspersky Lab created such a solution for CoinVault victims.

How to remove CoinVault ransomware and restore your files

If you want to know more about CoinVault itself, you can read our detailed report at Securelist. If you are interested in exactly how we created a decryption solution, we covered it in a very detailed  blog post. If you are looking for instruction on how to get rid of this ransomware and restore your files, then keep reading below.

Step 1: Are you infected with CoinVault?

First, make sure your files are stolen by CoinVault and not by another ransomware. It’s fairly easy to determine: If you are infected with CoinVault, you will see an image like below:

How to remove CoinVault ransomware and restore your files

Step 2: Get the Bitcoin wallet address

In the bottom right of CoinVault you will see the Bitcoin wallet address (it’s marked with a black circle on the image above). It’s very important for you to copy and save this address!

Step 3: Get the encrypted file list

In the top left corner of the malware window you will see a ‘View encrypted filelist’ button (it’s marked with blue circle on the image above). Click this button and save the output to a file.

Step 4: Remove CoinVault

Go to https://kas.pr/kismd-cvault and download the trial version of Kaspersky Internet Security. Install it and it will remove CoinVault from your system. Be sure to save all information retrieved in steps 2 and 3.

Step 5: Check https://noransom.kaspersky.com

At https://noransom.kaspersky.com you should enter the Bitcoin wallet address from step 2. If your Bitcoin wallet address is known, the IV and Key will appear on the screen. Please note that multiple keys and IVs may appear. In this case save all the keys and IVs to your computer, you will need them later.

How to remove CoinVault ransomware and restore your files

Step 6: Download the decryption tool

Download the decryption tool at https://noransom.kaspersky.com and run it on your computer. If you get an error message, as shown below, go to step 7. If not, skip step 7 and proceed to step 8.

How to remove CoinVault ransomware and restore your files

Step 7: Download and install additional libraries

Go to http://www.microsoft.com/en-us/download/details.aspx?id=40779 and follow the instructions on the website. Then install the software.

Step 8: Start the decryption tool

Start the tool and you will see a screen like below:

How to remove CoinVault ransomware and restore your files

Step 9: Test if the decryption works properly

When running the tool for the first time, we strongly advise you to do a test decryption. Do the following:

  • Click “Select file” button in the “Single File Decryption” box and select one file you want to decrypt;
  • Enter the IV from the webpage into the IV box;
  • Enter the key from the webpage into the key box;
  • Click “Start” button.

Verify whether the newly created file is properly decrypted.

Step 10: Decrypt all files stolen by CoinVault

If everything was okay in step 9, then you can recover all your files at once. To do that select the file list from step 3, enter IV and key and click start. You can select “Overwrite encrypted file with decrypted contents” if you want.

If you received multiple IVs and keys when you entered your Bitcoin wallet address, please be very careful. At the moment we are not 100% sure where the multiple IVs and keys for one Bitcoin wallet come from. In this case, we strongly recommend leaving the “Overwrite encrypted file with decrypted contents” box unticked. If something goes wrong with the decryption you can try another IV+key pair until the file is successfully decrypted.

If you didn’t receive the IV and key at all, you should wait and check https://noransom.kaspersky.com. The investigation is ongoing, and we will add new keys as soon as they are available.

 

Have fun, keep safe and happy browsing!

The Omerta security team

 

 

Viruses, Spyware, Malware, etc. Explained

Omerta Information Security – Rotterdam, The Netherlands

logo_3D

 

 

 

 

 

 

 

 

 

Makeuseoff has a pretty cool article explaining Viruses, Spyware and Malware. If you care about your privacy or security you better read this! Thx to Bryan Clark.

 

When you start to think about all the things that could go wrong when browsing the Internet, the web starts to look like a pretty scary place. Luckily, Internet users as a whole are getting far more savvy, and better at recognizing risky online behavior.

While pages with a dozen download buttons – or auto-checked boxes that tricked us into downloading things we didn’t want – are no longer quite as effective as they once were, that doesn’t mean there aren’t hackers out there right now trying to come up with new methods of deception. In order to protect ourselves from these threats it’s important to understand just what they are, and how they differ.

Let’s dive in.

Understanding Online Security Threats and How They Differ

Malware

may-harm-computer-warning

Malware is short for malicious software. This means that while most of us refer to these threats as viruses, the correct catch-all term should indeed be malware. Malicious software comes in many forms, but malware itself is a general term that could be used to describe any number of things, such as viruses, worms, trojans, spyware, and others. In short, it’s a program or file with bad intentions, the nature of which could encompass just about anything.

Luckily, malware is exactly what all of the most popular antivirus programs are looking for. Getting affected by malware happens, and it doesn’t have to be catastrophic. Learn the right protocol for dealing with malware, and how to avoid it in the first place for the safest browsing experience.

Viruses

virus-abstract

Viruses consist of malicious code that infects a device after you install a software. Typically this infection happens through USB drives, Internet downloads, or email attachments, but it can happen in numerous other ways as well. It’s important to note that the infection doesn’t actually occur just from having the infected files on your computer. The infection happens once the program runs for the first time, whether through Autorun, a manual install, or an executable file that the user opens.

Once opened – or run – the infection happens. From that point, it can be very difficult to find and rid yourself of the virus due to the nature in which it works. While actual details are virus-specific, they tend to replicate themselves and infect the file system of the device they reside in by spreading from file to file before they are inevitably – and usually unknowingly – passed on to another machine.

Unlike other threats, viruses have no other purpose than attempting to render your computer inoperable. Some of them have been particularly good at it. Most others are quite weak and easy to detect.

Oh, and it should be pointed out – due to popular opinion – that Macs aren’t immune to viruses.

Adware

pop-up-ad-illustration

While relatively benign in most cases, adware might be the most annoying of the threats we’ll talk about today.

Adware is bundled with otherwise legitimate apps or software, which makes initial detection somewhat difficult. A common example is the checkbox at the bottom of a download link (often pre-checked) that asks if we want to “Include X for free” – well, “X” is often the program containing the adware. This isn’t a hard and fast rule, but it’s not uncommon. If you aren’t sure what these additional programs are, or how they function, don’t download them.

Adware infections are also possible through no fault of our own. Recent stories detail at least one major manufacturer including adware – or an adware-like browser hijack – in their computers by default. While Lenovo, and Superfish are the exception, rather than the rule, it’s important to note that these threats happen and often times there isn’t much we can do about it.

Trojans and Backdoors

hacker-access-granted

Trojans were named after the Trojan Horse, which was a giant wooden horse used to conceal Greek soldiers as they entered Troy during the Trojan War. History lesson aside, this is the same way that a trojan damages your computer. It hides malicious code inside a seemingly innocuous program or file in order to gain access to your machine. Once inside, the program installs itself on your device, and communicates with a server in the background without your knowledge. This gives an outside party access to your computer through what’s commonly referred to as a backdoor.

While giving an outside party access to your computer is scary in and of itself, the implications of what they could be doing with this access is even scarier. What complicates matters is the small footprint that these backdoors leave, which keeps the user completely in the dark that any privacy breech is even occurring.

One benefit of a backdoor is the nature in which they operate. Since the hacker must connect to your machine remotely, they won’t be able to do this if you disable the Internet connection while you attempt to locate and remove the malicious code.

Spyware

toolbar-spyware

Spyware is the most common piece of badware on the Internet. While it’s quite deceptive in nature and a major annoyance, most spyware is relatively harmless. Typically, spyware is used to monitor browsing behavior in order to better serve relevant ads. What makes it bad is how these companies go about collecting your data. Rather than relying on tracking pixels – or cookies – like most major companies, spyware acts like more of a trojan in that you install it and it communicates data from your computer back to a server, all while most of us are completely oblivious to its presence in the first place.

Other, more malicious forms of spyware, are far more dangerous. While typical spyware is mostly used for ad-serving purposes, malicious spyware communicates sensitive data back to another user, or a server. This data can include emails, photos, log files, credit card numbers, banking information, and/or online passwords.

Spyware is most often downloaded by the user as part of an add-on to a legitimate download (such as a toolbar) or included as part of a freeware or shareware program.

Scareware and Ransomware

scareware-winpc-defender

Scareware and ransomware differ in their approach, but the end goal for both is to collect money by manipulating the user into believing something that’s often untrue.

Scareware most often takes the form of programs that pop up and tell you that your computer is infected with some sort of malware. When you click to remove the (often) multiple instances of malware, you are forced to pay to purchase the full version before the program can clean your system and rid it of the infections or threats.

Ransomware operates a bit differently in the sense that after the malicious software is installed, it’ll often lock down your system outside of a window that allows you to pay the ransom in order to regain use of it. While ransomware is generally among the easiest threats to remove, it can be quite scary for a non-savvy computer user. As such, many believe that they must give in and pay the ransom in order to regain control of the machine.

Worms

dual-monitor-crash

Worms are by far the most damaging form of malware. While a virus attacks one computer and relies on a user to share infected files in order for it to spread, a worm exploits security loopholes in a network and can potentially bring the whole thing to its knees in a matter of minutes.

Networks with security vulnerabilities are targeted by introducing the worm into the network and allowing it to pass (often unnoticed) from computer to computer. As it passes from one device to another, the infection spreads until each machine is infected – or – the worm is isolated by removing the infected machines from the network.

Unnamed Exploits, Security Flaws and Vulnerabilities

No matter how competent the developer, every program has security flaws and vulnerabilities. These security flaws allow hackers to exploit them in order to gain access to the program, alter it in some way, or inject their own code (often malware) within it.

If you were ever wondering why programs had so many security updates, it’s because of the constant cat and mouse being played between developers and hackers. The developer attempts to find, and patch, these holes before they’re exploited, while the hacker attempts to exploit security flaws before they’re discovered and patched by a developer.

The only way to stay even remotely safe from these exploits is to keep your operating system and each of your programs up-to-date by installing updates as they become available.

Staying Safe Online

computer-keyboard

If you’re using the web, there’s no foolproof method to avoid all online threats, but there are certainly things you can do to make yourself safer.

Some of these are:

  • Keep your operating system and each of your programs up-to-date by downloading updates as they become available.
  • Install a good antivirus program and keep the virus definitions up-to-date.
  • Utilize a firewall that monitors both inbound and outbound traffic. Keep an eye on the flow of this traffic to help to detect the presence of threats that may be communicating with outside servers.
  • Avoid unsafe downloads from unknown and untrusted sources.
  • Use your antivirus program, or a malware detection program to scan suspicious links before opening them.
  • Avoid pirated software.

Again, if you spend any portion of your time on the web, it’s unlikely that you can completely protect yourself from all the badware out there. While infections and exploits can – and do –  happen to anyone, I don’t think any of us would argue that we could stay a little safer with subtle changes in our browsing or computer use habits.

What are you doing to keep yourself safe from threats and exploits online? Are there any specific programs or apps that you use for online security? Please help keep the rest of us safer online by sharing any tips you have in the comments below!

We are constantly searching for great articles online, If you have any suggestions, please feel free to contact us by email       info   @   omertasecurity  .   com

Keep you all posted!

Omerta Information Security Team

 

 

Malware, ransomware and removal tips: Remove PacMan Ransomware

Omerta Information Security – Rotterdam, The Netherlands

 

41870204

 

Yellow nightmare

 

Ransomware is pretty popular these days, University’s and schools are getting ransomed, several local governments in the netherlands where doomed. This is getting pretty annoying!
Latest tip for removing ransomware is about the Pacman ransomware, here is how you do it. ( with thx from the boys from pcthreatsecurity.com )

 

pacman

 

Remove PacMan Ransomware: Easy Steps to Remove PacMan Ransomware Spyware and Adware from Windows PC

PacMan Ransomware

PacMan Ransomware is a nasty malware ransomware infection that gets intruded in the compromised System through phishing techniques such as spam emails, bundling and so on. On infection, this vermin will lock the computer screen and will ask to pay some amount to unlock and decrypt the files. User are offered a 24 hours time to make the payment however the performance of PC still remains the same even after the money is paid.

The main aim of PacMan Ransomware is to cheat and misguide the innocent users for money. Important settings and features such as default browser, homepage, search engine etc gets totally ruined. At the beginning, this vermin might even do a fake scanning whose reports say that System has been infected with several malware infections. Users will be forced and misguided to buy the offered programs which are actually useless and has nothing to do with the actual performance of PC. Hence it is strictly advised to get rid of PacMan Ransomware at the quickest.

“Delete PacMan Ransomware Instantly to Avoid any serious damages on infected computer. Click on Download button to Scan and find out infectious files”

Infected Symptoms of PacMan Ransomware

Presence of PacMan Ransomware on Windows system arise lots of annoying problems for users. It is very necessary to instant detect for the infected program and eliminate it. But most of the users fails to know that Windows computer has injected by any harmful parasite that can lead to big issues if remains for longer time. Below are some of the common symptoms that you have to face because of installed PacMan Ransomware threat:

  • Frequently you have to face annoying error messages on display screen
  • Computer crashes repeatedly with automatic restart process
  • Many of the programs and application automatically disappears
  • You will see many of the strange icons that you have never installed
  • It gets difficult to access drives or any storage devices
  • Some of the security websites are not allowed to open
  • You will not be able to print any document with infected computer
  • People in your chat list get messages containing harmful virus without your permission
  • It is not possible to update any anti-virus program
  • And many others

How to Remove PacMan Ransomware Instantly from Windows System? 

The step by step guide of the effective and powerful Spyhunter application helps you easily detect and remove ec.jcoffer.com pop-up popup from Windows system. It make use of sophisticated and advance programming logic that helps users to get rid out of the problem without any effort.

Step 1: At first Download PacMan Ransomware Removal Tool

Step 2: After successful installation, you need to launch the software and click on “Scan Computer Now” button

Step 3: In this step, you will view list of infected file in thumbnail format and can also delete all the threats in simple mouse click

Step 4: Spyhunter Software offers you to scan registry, cookies, files and memory

Step 5: “System Guard” feature of the Software helps you to protect from future malware attack and run time protection

Step 6: You can also make use of “Scan Scheduler” feature that will help you automatically scan on daily, weekly or monthly as per your choice.

“Delete PacMan Ransomware Instantly to Avoid any serious damages on infected computer. Click on Download button to Scan and find out infectious files”

 

How to Delete PacMan Ransomware using Manual Procedure? 

Method for removal of PacMan Ransomware proves risky in many of the situation. It process is very cumbersome and requires lots of technical knowledge to complete the entire process successfully. A minor change in system files and registry entries can tend to big issues such as deletion of important files, system crashes and many others. If you are novice then it is suggested to avoid going through the manual process for safe and effective PC running.

Step 1: Continuously press F8 button to start computer in Safe Mode

F8 button

Step 2: Now Select “Safe Mode with Networking using down arrow key

Safe-Mode-with-Networking

Step 3: Press Ctrl+Alt+Del to start Windows task manager and delete PacMan Ransomware related process

windowstaskmanager

Step 4: Next type regedit in run Windows

run-regedit3

Step 5: Eliminate all the registry entries related with the process

registory Editor

Step 6: In final step search for all the PacMan Ransomware associated files and remove them permanently

Note: Before going through manual removal guidelines, make sure that you can handle any problematic situation to avoid any data loss or computer damage issues. You can easily get rid of ec.jcoffer.com pop-up popup using expert’s recommended Spyhunter removal tool that will perform all the tasks in quick time and without your any effort.

“Delete PacMan Ransomware Instantly to Avoid any serious damages on infected computer. Click on Download button to Scan and find out infectious files”

 

Succes!

Keep up all posted,

 

Omerta Information Security Team

 

 

Damn good tool by Dvasive– John McAfee

Omerta Information Security – Rotterdam, The Netherlands

 

41870204

 

For the lovers and the Haters, but seriously this is the pretty cool to have tool!

 

dvasive

 

Stop Being Spied On!

Everyday more and more invasive apps are being released. These invasive apps want to silently turn on your microphone to record your voice as well as turn on your camera to video record your activities.
D-Vasive operates in a unique way, allowing you complete control in managing your internal hardware. So that way, when a potential malicious application tries to open your Camera, Mic, Bluetooth or WiFi and spy on you, D-Vasive lets you know, and lets you completely lock them down.

 

NOTIFICATION

Alerts when your Camera, Mic, Bluetooth or WiFi are activated by another app. Flag various services to receive visual and audio alerts when apps attempt to access them.

SECURITY

Lock your Camera, Mic, Bluetooth and WiFi so nothing can access them. With a touch, instantly disable all of the above hardware devices that might otherwise compromise your privacy!

APP SCAN

Scan and list installed and system (pre-installed) apps on your phones, showing you what permissions each app requires and how they affect the security of your privacy.

PROXIMITY

Click the notification and D-Vasive runs a Proximity Scanner, notifying you which app is accessing your Camera, Mic, Bluetooth and WiFi.

Try it before you buy it and get in control!

If you want to scare the sh*t out of somebody download the app in de Google play store for your android device. Have some fun, and you’ll see how often your camera or microphone is opened even if you closed all the programs. The program will give you a pop-up and alarm you when the Mic or camera is opened without permission.
try it out on Dvasive.com for PC or Android, oh almost forgot….and all have greetings from Uncle John!
CAqjTuLUUAAi9p0.png-large

 

Malware, ransomware and removal tips: Removal, detection and Prevention

Omerta Information Security – Rotterdam, The Netherlands

 

rkth

 

We found a great page on neweggbusines.com about removal,detection and prevention.

 

Research shows that encounters with ransomware—a type of malware that locks out users form a computer or mobile phone it infects and demands a ransom paid to the creator—is on the rise, especially in the U.S.  One example is when hackers infected a Detroit municipal database last year, demanding thousands of dollars in Bitcoins for the City to regain access. Here we’ll show you how to prevent and detect a ransomware attack, and actions you can take if you think you have been infected.

Identifying ransomware

Not all ransomware locks down your system or encrypts your files. Rather, hackers hope to trick users into paying ransoms by stating they have been viewing illicit content, or illegally obtaining copyrighted information. Sometimes the message bears a phony stamp of a law enforcement agency.

FBI warning

More serious variants of ransom may encrypt victims’ files. These are certainly less discreet than a fake warning from law enforcement. “Ransomware isn’t going to have tell-tale giveaways,” says Tyler Moffitt, senior threat research analyst at Webroot. “It isn’t trying to hide—it will make itself known as soon as it’s done encrypting your files or locking your device. Its purpose is to make itself and its actions known to you as quickly and as effectively as possible.”

“The only real protection users have are up to date antivirus and a good backup solution.”

Ransomware can gain access into a computer or mobile phone’s system when the user mistakenly downloads it, thinking it is valid file. Some hackers hide files on torrent sites. Other times they may appear as phony software update pop-ups, as is the case with a common variant affecting mobile phones called ScarePackage, which poses as an Adobe Flash update. Like nearly all malware, ransomware finds its way into a computer system through the user.

Ransomware removal 

Unknown

Once ransomware locks a mobile phone or computer, it is very difficult to regain access. “You are forced to deal with the malware by either paying them or dealing with the loss of your files if you decide to just wipe the device,” Moffitt says. “Since most users have a strong attachment to their computer and files the ransom payment is in a good position to be strongly considered.”

It’s a sticky situation that is further exacerbated by ransomware price schemes that start relatively low (sometimes around $200, Moffitt says) and can double as each day passes.

This might be a stressful situation, but do not pay the fine. Remove your Ethernet cable to protect other devices on your network.  If you have a malware removal program, start Windows in safe mode and run a scan.  If you do not have one, or are locked out of Windows and cannot install one, follow these steps:

  1. Download antimalware software to a different computer and create a CD, DVD, or USB flash drive for it.
  2. Insert the flash drive or CD in the infected computer and start your PC in safe mode. Run your antimalware software in offline mode.
  3. Follow the onscreen prompts to clean your PC.

If these steps do not work, you will need to wipe your computer and restore your PC from a backup.

Ransomware prevention

As with preventing any sort of malware, a common sense approach works best. First and foremost, back up your files.  Make sure you are using a supported operating system (read: not Windows XP) and you keep all your software up to date.

Keep you all posted!

Omerta Information Security team

Malware, ransomware and removal tips: RSA 2048 Ransomware

Omerta Information Security – Rotterdam, The Netherlands

 

twitter-malware

 

Nothing as annoying as a pc with non removable pop ups or even worser, Ransomware that hijacks your computer by encrypting files. There are numerous examples of Malware  all with different purposes. One more effective or dangerous than the other, but you can be sure that the hackers are trying to let you pay for your files or trying to fool you buying fake antivirus software.

Today we found a post from antivirus gateway.com with a very good explanation of:

How to Effectively Remove Ransomware RSA-2048?(Browser Hijacker Removal Guide)

Are you annoyed by numerous pop-up ads from Ransomware RSA-2048? Have you tried several ways to remove this adware from your computer but all in vain? Are you still looking for an effective solution to solve this problem? If so, read this post and you will get useful removal guides to effectively remove Ransomware RSA-2048 from your computer.

What is Ransomware RSA-2048?

Ransomware RSA-2048 is what’s known as a “rogue antivirus” tool, which has been designed with the sole intention of trying to scam you into buying false products online. This is essentially a virus which will install itself on your PC, and then proceed to heckle you into purchasing the full version of the software. Although this virus is extremely annoying, it’s also potentially damaging to your computer as well, as it will often install a series of “key logger” programs onto your PC which will log your details and Internet activity. Complete removal of this software is paramount if you want to maintain security and the integrity of your system.

Ransomware RSA-2048 is known as a dangerous Trojan virus. Classified as the most destructive group in the computer virus family Win64/zaccess.fo, Trojan virus is one kind of stubborn and nasty virus that can bring fatal damage to your computer. Just like the ZeroAccess rootkit virus, this virus spreads fast through the Internet lately. Win64 ZAccess.a Virus is designed and created by dangerous hackers and become a crime tool by which the hackers can make money or achieve their evil motivation. This destructive virus can sneak into your computer and hides there when you visit illegal websites such as pornographic or violent sites, a behavior of downloading free software or attachment from spam emails may lead to the infection as well. This malicious virus acts rather trickily inside your computer and it’s so stubborn that most of the antivirus can found it out by scanning but none of them are able to have it removed from your system completely.

End Step 1:Remove the add-ons or extensions related to the browser hijacker form your browser
Instructions for Google Chrome:
Open Google Chrome. Click the Three-bars icon on top-right of the browser and select tools from the list, click on the Extensions on the left side of the window. Locate the extension related to the browser hijacker, select it and click on trash icon. Restart the browser to complete the procedure.
remove-add-ons-chrome(1)
Instructions for Mozilla Firefox:
Start Firefox and click on the Firefox button from the top menu. Click on Add-ons to open the configuration window. Click Extensions on the left side of this window. Now find out Ransomware RSA-2048?and other unwanted or unknown extensions from the list. Remove them from the browser and restart the browser to complete the process.
Firefox-add-ons1
Instructions for Internet Explorer:
Start Internet Explorer, click Tools (or gear icon on IE 9), select Manage Add-ons. Find out add-on entries related to the browser hijacker and remove them from the browser. Restart IE to finish the procedure.
IE-Manage-Add-on

How to Remove Ransomware RSA-2048 Virus from Your Computer?

If you are professional in computer knowledge and skill, and you still have a lot of time, you can take this manual way to clean this nasty Ransomware RSA-2048 from your computer. The manual way to delete Ransomware RSA-2048, now follow it.

Step 1 : Find Ctrl, Alt, and Delete these 3 keys and then press them together to open task manager to end the process related to this Trojan, the name of the process of it is random.


Step 2 : Try to find Folder Options in Control Panel, select the View tab, and then tick Show hidden files and folders and non-tick Hide protected operating system files (Recommended) and then click OK.


Step 3 : Open Registry entries. Search malicious files and registry entries related to Trustedupdate.com and then remove all of them.

Delete Ransomware RSA-2048 with SpyHunter

No doubt that manual removal is a quite dangerous and cumbersome task that is not for each one. Not only you need to edit the files, folders and registry entries related to the Trojan, but also you have to be cautious to avoid further man-made damage to your system. To safely and?effectively delete Ransomware RSA-2048, it is recommended to download SpyHunter on your PC. It can free scan your whole system and remove the threat automatically with a few steps.
Step 1: follow the below installation instructions to?download SpyHunter?on your computer.


Step 2: After finishing the installation, run it to perform a full scan of your whole computer to search for the adware.
scan
Step 3: Then check the scan result and click on Remove button to delete the adware rapidly.
s
Step 4: Restart your computer to apply all changes.

 

Have a another look at antivirus gateway.com for more excellent help if you have any other virus here you can find more information and blogs about removing various malware.

 

Have a great malware free day!

Omerta Information Security team

TCP STEALTH, additional security for the internet

41870204

 

 

Internet-Draft TCP Stealth January 2015.

 

Since the complete integrity of the internet infrastructure cannot be assumed, it follows that adversaries may be able to observe all traffic of an Internet host and perform man-in-the-middle attacks on traffic originating from specific clients. Furthermore, on the server side, an adversary looking for exploitable systems should be expected to have the ability to perform extensive port scans for TCP servers. To help address this problem, we propose to standardize TCP Stealth, a stealthy port-knocking variant where an authenticator is embedded in the TCP SQN number.

 

 

TCP Stealth enables authorized clients to perform a standard TCP handshake with the server, while obscuring the existence of the server from port scanners. The basic idea is to transmit an authorization token derived from a shared secret instead of a random value for the initial TCP SQN number in the TCP SYN packet. The token demonstrates to the server that the client is authorized and may furthermore protect the integrity of the beginning of the TCP payload to prevent man-in-the-middle attacks. If the token is incorrect, the operating system pretends that the port is closed. Thus, the TCP server is hidden from port scanners and the TCP traffic has no anomalies compared to a normal TCP handshake.

 

 

The TCP MD5 Signature Option defined in RFC 2385 defines a similar mechanism, except that RFC 2385 does not work in the presence of NATs (RFC 1631) and visibly changes the TCP wire protocol, and can thus be easily detected. While TCP Stealth does not change the TCP wire protocol, the specific method for calculating the authorization token must be consistent across Internet hosts and their TCP/IP implementations to ensure interoperability. By embedding the port knocking logic into the TCP/ IP implementation of an operating system, we minimize the possibility of detecting hidden services via timing attacks, and avoid the pitfalls of applications trying to re-implement TCP in user-space. Implementors MUST make sure that the response to a connection request with wrong ISN value does not differ in any way from the response to a connection request to a closed port. read further : http://www.ietf.org/id/draft-kirsch-ietf-tcp-stealth-01.txt

Remo Hardeman
CEO Omerta Information Security