Should you uninstall Kaspersky software?

Q: Should I uninstall Kaspersky anti-virus from my computer?

A recent Wall Street Journal story about a National Security Agency contractor that had classified documents on his home computer and was allegedly targeted because of his use of Kaspersky Lab anti-virus software has once again put the Russian cybersecurity company in the spotlight.

The theory is that hackers used the file inventory process that Kaspersky anti-virus uses to discover the sensitive files and target the contractor.

Concerned?  See below for suggestions on how to remove Kaspersky from your computer.

Government ban

Software from Kaspersky Lab was removed from the U.S. General Services Administration approved list in July and in September, the Department of Homeland Security ordered federal agencies to stop using any software made by Kaspersky Lab because of concerns about the company’s ties to Russian intelligence.

The founder of the company, Eugene Kaspersky, has long had a cloud of uncertainty over him because of his early ties to the KGB and its replacement, the FSB. As a teenager, he studied cryptography in school and by his mid-20s, he created an anti-virus program to protect his own computer that eventually led to Kaspersky Lab.

This most recent allegation certainly makes using the company’s software even more disconcerting.

Should you remove it?

Despite the company’s repeated denials of any connection to the Russian government, with the plethora of security programs that don’t come with the “Russian baggage,” switching to another program is the safest way to go.

To be realistic, the likelihood that you would somehow become the target of Russian government hackers just because you are using a Kaspersky program is pretty slim, but there’s no reason to take the chance.

Alternative programs

The vast majority of security programs on the market are actually from companies outside of the U.S. For example, popular programs such as AVG & Avast (Czech Republic), Bitdefender (Romania), ESET (Slovakia), F-Secure (Finland), Panda (Spain), Sophos (UK) and Trend Micro (Japan) are all controlled by companies outside the U.S.

Many in the U.S., because of ongoing concerns about the U.S. government’s overreach, have proclaimed their preference to using a program based in another country, especially allies such as Finland, the U.K. and Japan.

Switch to Trend Micro, Security You Can Trust.

Removing Kaspersky Lab products

The standard way of removing programs in Windows is via Start > Control Panel > Add/Remove Programs, or you can use Kaspersky’s removal tools for either Windows or MacOS.

Advanced Windows users may want to take the additional step of manually scanning the registry to a make sure that all Kaspersky-related keys have been removed.

Mac users can also use the free Dr. Cleaner app to ensure that it’s properly removed as simply dragging it to the trash does not properly remove it. Some programs like Trend Micro Worry-Free Business Security can automatically remove other programs, which makes converting a large number of computers more efficient.

Ken Colburn is founder and CEO of Data Doctors Computer Services. Ask any tech question on Facebook or Twitter.

Aut

Read more »

New code injection method avoids malware detection on all versions of Windows

Presented at Black Hat Europe, a new fileless code injection technique has been detailed by security researchers Eugene Kogan and Tal Liberman. Dubbed Process Doppelgänging, commonly available antivirus software is unable to detect processes that have been modified to include malicious code.

The process is very similar to a technique called Process Hollowing, but software companies can already detect and mitigate risks from the older attack method. Process Hollowing occurs when memory of a legitimate program is modified and replaced with user-injected data causing the original process to appear to run normally while executing potentially harmful code.

Unlike the outdated hollowing technique, Process Doppelgänging takes advantage of how Windows loads processes into memory. The mechanism that loads programs was originally designed for Windows XP and has changed little since then.

To attempt the exploit, a normal executable is handed to the NTFS transaction and then overwritten by a malicious file. The NTFS transaction is a sandboxed location that returns only a success or failure result preventing partial operations. A piece of memory in the target file is modified. After modification, the NTFS transaction is intentionally failed so that the original file appears to be unmodified. Finally, the Windows process loader is used to invoke the modified section of memory that was never removed.

The following table shows the antivirus software tested by the researchers that is unable to block the exploit discovered.

Product	Operating System	Result
Windows Defender	Windows 10	Success
AVG Internet Security	Windows 10	Success
Bitdefender	Windows 10	Success
ESET NOD 32	Windows 7 SP1	Success
Symantec Endpoint Protection	Windows 7 SP1	Success
McAfee VSE 8.8 Patch 6	Windows 7 SP1	Success
Kaspersky Endpoint Security 10	Windows 7 SP1	Success
Kasperksy Antivirus 18	Windows 7 SP1	Success
Symantec Endpoint Protection 14	Windows 7 SP1	Success
Panda	Windows 8.1	Success
Avast	Windows 8.1	Success

It should be noted that Windows 10 Fall Creators Update originally appeared to fix the issue since the duo presenting were unable to perform the exploit on the latest version. When attempting the exploit, a stop error otherwise known as the blue screen of death occurs. Not a desirable effect, but better than ending up with an infected machine.

However, later updates apparently allowed for the exploit to work again even on the latest patches of Windows 10. Due to the nature of the exploit, Microsoft will have its work cut out to update a core feature that helps preserve software compatibility. Antivirus vendors should be able to push out updates to detect and prevent Process Doppelgänging within the coming weeks.

via Techspot

Read more »

A Hacker's Tool Kit - Cybercrime is growing ever more pervasive—and costly.

Cybercrime is growing ever more pervasive—and costly. According to researcher Cybersecurity Ventures, the annual cost of cybercrime globally will rise from $3 trillion in 2015 to $6 trillion in 2021. Enabling this boom are thriving marketplaces online, where hackers sell tools and services to criminals. Virtually anything is available for the right price, points out Andrei Barysevich, director of advanced collection (“a fancy name for ‘spy,’ ” he says) at threat intelligence firm Recorded Future. A former consultant for the FBI’s cybercrime team in New York, Barysevich trawled the shadiest corners of the web to compile the cybercrime shopping list above, exclusively for Fortune. In the market for some basic malware? It’ll cost you as little as $1.

Read more »

Here is every patch for KRACK Wi-Fi attack available right now

Monday morning was not a great time to be an IT admin, with the public release of a bug which allowed WPA2 security to be broken.

As reported previously by ZDNet, the bug, dubbed "KRACK" -- which stands for Key Reinstallation Attack -- is at heart a fundamental flaw in the way Wi-Fi Protected Access II (WPA2) operates.

The security protocol, an upgrade from WPA, is used to protect and secure communications between everything from our routers, mobile devices, and Internet of Things (IoT) devices, but there is an issue in the system's four-way handshake which permits devices with a pre-shared password to join a network.

According to security researcher Mathy Vanhoef, who discovered the flaw, threat actors can leverage the vulnerability to decrypt traffic, hijack connections, perform man-in-the-middle attacks (MiTM) and eavesdrop on communication sent from a WPA2-enabled device.

US-CERT has known of the bug for some months and informed vendors ahead of the public disclosure to give them time to prepare patches and prevent the exploit from being utilized in the wild -- of which there are no current reports of this bug being harnessed by cyberattackers.

The bug is present in WPA2's cryptographic nonce and can be utilized to dupe a connected party into reinstalling a key which is already in use. While the nonce is meant to prevent replay attacks, in this case, attackers are then given the opportunity to replay, decrypt, or forge packets.

In general, Windows and newer versions of iOS are unaffected, but the bug can have a serious impact on Android version 6.0 Marshmallow and above.

The attack could also be devastating for IoT devices, as vendors often fail to implement acceptable security standards or update systems in the supply chain, which has already led to millions of vulnerable and unpatched IoT devices being exposed for use by botnets.

The vulnerability does not mean the world of WPA2 has come crumbling down, but it is up to vendors to mitigate the issues this may cause.

In total, 10 CVE numbers have been preserved to describe the vulnerability and its impact, and according to the US Department of Homeland Security (DHS), the main affected vendors are Aruba, Cisco, Espressif Systems, Fortinet, the FreeBSD Project, HostAP, Intel, Juniper Networks, Microchip Technology, Red Hat, Samsung, various units of Toshiba and Ubiquiti Networks.

So who is on top of the game?

Aruba: Aruba has been quick off the mark with a security advisory and patches available for download for ArubaOS, Aruba Instant, Clarity Engine and other software impacted by the bug.

Cisco: The company is currently investigating exactly which products are impacted by KRACK, but says that "multiple Cisco wireless products are affected by these vulnerabilities."

"Cisco is aware of the industry-wide vulnerabilities affecting Wi-Fi Protected Access protocol standards," a Cisco spokesperson told ZDNet. "When issues such as this arise, we put the security of our customers first and ensure they have the information they need to best protect their networks. Cisco PSIRT has issued a security advisory to provide relevant detail about the issue, noting which Cisco products may be affected and subsequently may require customer attention.

"Fixes are already available for select Cisco products, and we will continue publishing additional software fixes for affected products as they become available."

In other words, some patches are available, but others are pending the investigation.

Espressif Systems: The Chinese vendor has begun patching its chipsets, namely ESP-IDF and ESP8266 versions, with Arduino ESP32 next on the cards for a fix.

Fortinet: At the time of writing there was no official advisory, but based on Fortinet's support forum, it appears that FortiAP 5.6.1 is no longer vulnerable to most of the CVEs linked to the attack, but the latest branch, 5.4.3, may still be impacted. Firmware updates are expected.

FreeBSD Project: There is no official response at the time of writing.

Intel: Intel has released a security advisory listing updated Wi-Fi drives and patches for affected chipsets, as well as Intel Active Management Technology, which is used by system manufacturers.

Linux: As noted on Charged, a patch is a patch is already available and Debian builds can patch now, while OpenBSD was fixed back in July.

The WiFi Standard: A fix is available for vendors but not directly for end users.

Mikrotik: The vendor has already released patches which fix the vulnerablities.

Google: Google told The Verge that the company is "aware of the issue, and we will be patching any affected devices in the coming weeks."

AVM: This company may not be taking the issue seriously enough, as due to its "limited attack vector," despite being aware of the issue, will not be issuing security fixes "unless necessary."

OpenBSD: Patches are now available.

Microsoft: While Windows machines are generally considered safe, the Redmond giant isn't taking any chances and has released a security fix available through automatic updates.

Netgear: Netgear has released fixes for some router hardware. The full list can be found here.

Ubiquiti Networks: A new firmware release, version 3.9.3.7537, protects users against the attack.

Check back as we update this story.

via zdnet

Read more »

Apple Macs At Risk From ‘Rising’ Malware Attacks

Apple not so safe after all. Rapid rise in malware targeting Mac devices, as Android security problem worsens

Malwarebytes has warned Apple Mac users that the days of their devices being relatively safe from malware are long over.

The security specialist analysed data from millions of its users worldwide and it discovered that Mac and Android ransomware and malware attacks have risen significantly in the past year.

Indeed, Malwarebytes found that more Mac malware had been detected in Q2 2017 than in all of 2016.

Mac Malware

According to the security vendor, the “rapidly rising rates of malware” targetting Mac devices should disperse the popular belief that Macs are impenetrable.

It cited the recent outbreak of the FruitFly surveillance malware as an example.

Fruitfly creates a backdoor that allows attackers to take screen captures and remotely control the Mac system.

“More malware families have emerged in 2017 than in any other previous year – and we’re only in August,” warned Malwarebytes. In fact, more new malware families have appeared this year than in any other previous year in Mac history.

To this end,  Malwarebytes has introduced ‘Malwarebytes for Mac‘, which offers real-time protection for Mac users to automatically block and remove cyber threats, including malware, adware and potentially unwanted programs.

“We carefully designed Malwarebytes for Mac to protect all Mac users from cyber threats and potentially unwanted programs so that they can feel safe and have a Mac that performs like it should,” explained Marcin Kleczynski, CEO, Malwarebytes.

“Antivirus and security awareness is no longer enough defence for Mac users, the growth of Mac malware has made that very clear. We hope that more and more Mac users will come to this realisation  and begin to seek out additional defences.”

Malwarebytes for Mac includes a real-time anti-malware protection scanner that allows for “ultra-fast proactive scanning for malware and spyware in real-time, in addition to flagging potentially unwanted programs and adware.”

And Malwarebytes for Mac can either completely replace an existing antivirus solutions or can run alongside any antivirus program. It also boasts a small system footprint that utilises minimal system resources to ensure that Macs run smoothly.

“Mac threats are not taken seriously enough in the security community today,” added Thomas Reed, Director of Mac and Mobile, Malwarebytes. “Adware and potentially unwanted programs are becoming a major problem for Mac users. Some very popular apps have been known to carry these threats and despite protections in place, the App Store is not immune to these threats.

“For example, the recent Proton Remote Access Trojan that plagued Mac users fooled many experienced, security-minded people who became infected. This perpetuates a crucial lesson that, despite what many Mac users think, they are not safe even if they are careful about what they download.

“Being security-savvy is no longer enough, all Mac users need dedicated protection against malware, adware and potentially unwanted programs.”

Android Security

There was equally grim news for those in the Android community, as ransomware here increased more than 100 percent between Q1 and Q2 2017. Indeed, Malwarebytes data showed that incidences of Android malware increased more than five percent since the start of the year.

And to make matters worse, incidents of Android ransomware increased 138 percent in Q2 2017 (April to May) over Q1 (January to March) 2017. Malwarebytes found that Jisut, SLocker and Koler ransomware collectively accounted for nearly 95 percent of these detections.

And although Android ransomware is growing at this rapid pace, Trojans and potentially unwanted programs still remain the biggest headaches for Android users.

Android Trojans accounted for more than 48 percent of all Android malware detections in the first half of 2017 and potentially unwanted programs accounted for 47 percent of all detections.

via silicon

Read more »

Protect your PC: Ransomware attack increases by two fold in 2017

For various PC problems, we recommend to use this tool.

This tool will repair common computer errors, protect you from file loss, malware, hardware failure and optimize your PC for maximum performance. Quickly fix PC issues and prevent others from happening with this software:

1. Download now(100% safe download).
2. Click “Start Scan” to find Windows issues that could be causing PC problems.
3. Click “Repair All” to fix all issues (requires upgrade).

Ransomware is undoubtedly getting a lot of attention these days especially after wide spread WannaCry episode. For the uninitiated, the ransomware is a piece of code that encrypts the files on your computer and demands a ransom to give away the decryption code. Yes, we have seen a variety of Ransomware plaguing the machines and invariably organisations and enterprises figure out on the top of the list.

As per a mid-year cyber attack, trends report from security analyst company CheckPoint the percentage of ransomware has doubled in the first half of this year as opposed to 2016. Furthermore, the report finds that 23.5 percent of the organisations were affected by the RoughTed malvertising campaign while 19.7 percent of the organisations were affected by the Fireball malware during the same time frame.

The report further sheds light on how the attackers are devising new methods to exploit Microsoft Office, in fact, we recently reported on how attackers were using PowerPoint files to gain access to the machine. The attackers are also introducing new methods to offload the malware and this will not require the user to open a backdoor for the attackers. The ransomware is also being disguised such that the anti virus/malware protection suite find it difficult to detect.

RECOMMENDED: Click here to fix common PC issues and speed up your system

The report also mentions the cascading effects of “nation-state level malware” which is usually aimed for the masses and it can virtually hunt anyone instead of specified targets. Such attacks can be prevented by using the available solutions like network micro-segmentation, threat emulation and endpoint security. In fact, it is for this very reason that security solutions from company’s like BitDefender include ransomware protection.

The worst part, however, is that the Mobile malware developers are also actively developing malware. They usually use these malicious codes to control any activity on the device and also create a one-stop attack in order to fraud, steal information and also disrupt apps. The graph above represents the percentage of enterprises/organisations that were affected by the malware.

RELATED STORIES YOU NEED TO CHECK OUT:

• Windows 10 virus removal tools to vanquish malware for good
• Protect your PC from ransomware and malware with Windows Defender’s new Controlled Folder Access
• 5 best malware tracker maps to see security attacks happen in real-time

Read more »

500 Android apps blocked from Play Store due to malware

Through the use of an advertising software development kit contained in 500 apps on the Google Play Store, cybercriminals were able to spy on users and even infect their mobile devices with malware. 

That's according to security firm Lookout , which discovered that the Android apps in question all had the lgexin ad SDK built into them which gave unauthorised third parties access to user devices.  The apps themselves also managed to be downloaded over 100 million times from the Google Play Store as many of them fell into popular categories such as weather, health and fitness, travel and games. 

However, the app developers were likely not responsible for the malware added by the cybercriminals and this is not the first time that hackers have used an SDK to deliver a malicious payload.    

Lookout researchers offered further details on why the developers were likely unaware that their apps contained malware at all, saying: 

“It is likely many app developers were not aware of the personal information that could be exfiltrated from their customers' devices as a result of embedding Igexin's ad SDK. It required  deep analysis of the apps' and ad SDK's behavior by our researchers to make this discovery. Not only is the functionality not immediately obvious, it could be altered at any time on the remote server.” 

In an attempt to prevent apps from being able to deliver malware to mobile devices, Google recently introduced Google Play Protect which will be built into the latest version of its mobile OS, Android O. 

Lookout has informed Google of its discover and all of the affected apps have now been removed from the Play Store. 

Image Credit: Andriano.cz / Shutterstock via itproportal

Read more »

How To Protect Android Banking Apps From Malware

The recent case of WannaCry ransomware reminded us to be cautious of the growing malware menace that ended up infecting thousands of systems around the globe. Regardless, the scale of the ransomware attack may give rise to other malware attacks such as Android malware invasions.

The latest smartphone statistics from Gartner are not surprising as they reveal the soaring popularity of Android smartphones around the globe. According to the survey, over 350 million smartphones sold in Q4 2016 were running an Android operating system. The ever-increasing popularity and most probably the open-source nature of the OS is perhaps what attracts cybercriminals to make relentless efforts to hack into the device and salvage the personal data of users.

Cybercriminals use specialized malware to carry out the hacks and achieve their ulterior motives. Australia, where cybercrimes like data and identity theft are common, and in fact, on the rise, is also not safe from the invasion of Android malware.

Cyberattackers Use Malware to Steal Banking Details

Last year, cybersecurity researchers at ESET came across a malware, aka Android/Spy.Agent.SI, which could put millions of Australian customers’ bank account details at serious risk. The malware could copy popular banking apps from different countries such as CommonWealth Bank, NAB and ANZ banks in Australia. As a result, the malware would show an overlay screen on the infected apps, showing fake username and password fields for snatching these sensitive details.

The malware was so potent that it could circumvent the two-factor authentication security of the app, thereby revealing the details to the hackers. Later the same year, security researchers at Kaspersky Lab also discovered a similar but modified Trojan malware that could bypass the Android 6’s security features. As a result, the hacker could be able to steal the bank account details of the online banking app users.

Fast forward to 2017, a small group of Russian hackers used a malware to dupe Russian bank users, stealing over $800,000. The hackers deceived the unsuspecting users by showing them fake banking apps that were plagued with the malware that would steal their money.

How to Protect Android From Malware

Be it a ransomware attack or a malware attack, these cyber threats aren’t going to go away anytime soon. Fortunately, there are ways we can prevent these attacks and the ensuing calamities.

1. Install Latest Security Patch: More often than not, attackers carry out successful hacks by exploiting security vulnerabilities in the system software, and Android is no exception. By exploiting a security hole in your Android, a hacker or snooper can inject a malware or any other malicious tool that could result in GPS hijacking, data theft, and identity theft, to name a few. Therefore, it is imperative to install security patches as soon as they are released by the vendor.

2. Avoid Pirated Apps: There are many Android users who readily root their devices so they can have more control on the OS. In fact, in most cases, users end up rooting their devices so they could install a new version of the OS that is not officially available for the specific device. Keep in mind that APK files are easily hacked. Any individual with the wrong intention of stealing your personal data can install a malware into the APK and leak your data without your knowledge. The best way to prevent such malware is by avoiding pirated apps altogether.

3. Checkout Permissions: Before you download an app from Google Play Store, you may have noticed that the Play Store asks for certain permissions. It is important that you read the permissions thoroughly to ensure that the app isn’t asking for any unnecessary permissions. For instance, a recipe app would not require permission for your GPS. If it does, it is most likely an unreliable app. In such situations, avoid downloading the app and report it as well.

4. Use Security Tools: Be it a computer or an Android device, installing the right security tool can help users avert the calamity caused by cyberattacks. Especially, if you are a savvy online banking app user, it is important that you use some kind of security tool, or best yet encryption tool. With encryption in place, you can have a safe environment to make online transactions.

Digital privacy and security are getting weaker with every passing year. As more and more cyberattacks continuously invade different sectors, it won’t be too long before cybercriminals freely roam the digital space. However, by implementing the security tips mentioned above, not only can you protect your device but also take a firm stand against the rising plague of cyberthreats.

via LTP

Read more »