Category Archives: How To

Instagram Web | Instagram Download for PC | How to run it?

How to download and use the web version of Instagram on PC

Instagram one of the world’s most leading social networking App is now available for pc (Instagram web). If you are on social media then the chances are high about your visit to this app at least once in your life. This app is loved by millions with over 700 million active users around the world. People use this app because of its simplicity and ease of use. Many leading business corporations or even startups use this platform to showcase their services and products.

It has also been called as the second home for new models as they post their beautiful pictures here and get viral. There are tons of example out there such as Doctor Mike who got viral on Instagram and claimed the title of Hottest Doctor on the planet. It is considered as the most used social networking app just after Facebook and WhatsApp. In 2012 it was sold to Facebook for $1Billion and it has been installed 1 billion times on Google Play store alone as well.

By this, you can easily judge its popularity. Now all of you must be using this amazing app on your smartphones which can be difficult sometimes in the office. So in this article, we are providing you with the best ways to use Instagram just right on your PC screens or laptops.

How to use Instagram on pc?

There are basically two ways to use Instagram on a pc or laptop. The first and most basic way to use Instagram is by using its official website or downloading an Instagram app for windows. If you are not interested in these ways then you have an option of using third party software or android emulator called Bluestacks.

Using the Instagram website (Instagram web).

Instagram Web | Instagram Download for PC |How to run it?

 

First: Type https://www.instagram.com/ on your favorite search engine and press enter.

Instagram Web | Instagram Download for PC |How to run it?

Second: Then you will be automatically addressed to the official website of Instagram where you can log in with your account and start using Instagram.

Cons: This method will not allow you to post on Instagram.

Using Instagram APP

Instagram Web | Instagram Download for PC |How to run it?

  1. Download the Instagram app. Open Start by clicking the Windows logo in the bottom-left corner of the screen, then do the following:
  • Type in store
  • Click Microsoft Store
  • Click the “Search” text box.
  • Type in Instagram
  • Click Instagram in the drop-down menu.

Instagram Web | Instagram Download for PC |How to run it?

Instagram Web | Instagram Download for PC |How to run it?

After downloading this you will be easily able to use it on your pc.

Cons: This app still has several bugs and does not work properly.

Using BlueStacks

Instagram Web | Instagram Download for PC |How to run it?

BlueStack is an android emulator which can be used to access all your favorite apps on pc.

  1. Just Open the BlueStacks website. Go to https://www.bluestacks.com/ in your web browser. This will open the site from which you can download the BlueStacks player.
  2. Click Download BLUESTACKS. It’s a green button in the middle of the page.
  3. Then Install BlueStacks. To do so, double-click the BlueStacks EXE file, then do the following:
    • Click Yes and then
    • Click Install now and
    • Wait for BlueStacks to install.
  4. Once the software is installed you can search it on the taskbar.
    Instagram Web | Instagram Download for PC |How to run it?
  5. Open the BlueStacks Download and install Instagram in order to use it.Instagram Web | Instagram Download for PC |How to run it?

Also Read:

So these were some methods of using Instagram on PC (Instagram web). If you have any better option let us know in the comment section below.

The post Instagram Web | Instagram Download for PC | How to run it? appeared first on TechWorm.

Cyberwarzone: 4 steps to fix: Unable to locate package virtualbox-guest-x11 (2018)

You won’t believe how quickly this issue can be fixed. You just need to add one line to your /etc/apt/sources.list file. You need to add this line to /etc/apt/sources.list: deb http://http.kali.org/kali kali-rolling main contrib non-free You can edit the file by using the following steps nano /etc/apt/sources.list + enter add the line (deb http://http.kali.org/kali kali-rolling […]

Source



Cyberwarzone

Fortnite For Android Smartphones | APK Download | How to run it

Here’s how you can download Fortnite for Android smartphones

In this beautiful era of PUBG, another amazing game called Fortnite made an entry in the android market. Unlike Apple, which only allows apps to be downloaded from its own Appstore, Google’s platform is more open. After April, Fortnite raised an urge among Android users and the reason is that it was only available for iOS users before. But if we look upon the rumors of past few weeks then it was clearly hinted, that the game will soon be enjoyed by Android users too. And surprisingly at Samsung Galaxy Unpacked Event in NewYork, Epic Games CEO Tim Sweeney himself announced that the popular battle royale title is available in beta version for Galaxy phones. Owners of the S7 / S7 Edge, S8 / S8+, S9 / S9+, Note 8, Note 9, Tab S3, Tab S4 can download Fortnite from the Samsung Game Launcher app. This announcement made all Samsung users on a cloud nine. But that exclusiveness lasted no longer.

How to get Fortnite for android | Fortnite APK Download

Now the twist is this, the game is available for other Android users, but not on play store. You have to download an APK version of this game. The APK and installer, available on APKMirror, appear to be accessible from smartphones sold by brands other than Samsung. The ability to install the game on non-Galaxy smartphones was first reported by Android Police. There are many other ways on the internet which you can explore.

Another way to get access to this game is by is by enrolling for the Fortnite beta using a Samsung Galaxy smartphone in a hope that you are fast-tracked through the process. This waitlist has seemingly been kept in place to avoid the initial rush and eventual meltdowns. The game is expected to be opened up for more users in the days and weeks to come.

Compatible Devices

Fortnite For Android Smartphones | APK Download | How to run it

Fortnite Android Beta compatible devices list

  • Samsung Galaxy: S7 / S7 Edge, S8 / S8+, S9 / S9+, Note 8, Note 9, Tab S3, Tab S4
  • Google: Pixel / Pixel XL, Pixel 2 / Pixel 2 XL
  • Asus: ROG Phone, Zenfone 4 Pro, 5Z, V
  • Essential: PH-1
  • Huawei: Honor 10, Honor Play, Mate 10 / Pro, Mate RS, Nova 3, P20 / Pro, V10
  • LG: G5, G6, G7 ThinQ, V20, V30 / V30+
  • Nokia: 8
  • OnePlus: 5 / 5T, 6
  • Razer: Phone
  • Xiaomi: Blackshark, Mi 5 / 5S / 5S Plus, 6 / 6 Plus, Mi 8 / 8 Explorer / 8SE, Mi Mix, Mi Mix 2, Mi Mix 2S, Mi Note 2
  • ZTE: Axon 7 / 7s, Axon M, Nubia / Z17 / Z17s, Nubia Z11

Also ReadDon’t Download Fake Fortnite APKs, As It Can Lead To Malware

The post Fortnite For Android Smartphones | APK Download | How to run it appeared first on TechWorm.

Cyberwarzone: How to install VirtualBox Guest Additions on Kali Linux (2018 version – working)

If you are having trouble to install VirtualBox Guest Additions on Kali Linux, then you might want to try these 4 direct steps which will install the VirtualBox Guest Additions for you on Kali Linux. apt update & apt -y dist-upgrade reboot apt -y install virtualbox-guest-x11 reboot Installation on older versions apt-get update && apt-get […]

Source



Cyberwarzone

Legal Sites to Practice Hacking Skills

Like they say; “practice makes perfect”. After completing a bunch of hacking and pentesting tutorials, the next step should be

Legal Sites to Practice Hacking Skills on Latest Hacking News.

How to fix Windows 10 taskbar not working?

Has your Windows 10 taskbar stopped working? How to fix it

While Microsoft has been working on Windows 10, this taskbar was offered with plenty of attention and indeed it appeared to be the humblest one in the whole lot. Of course, the taskbar involved some really new options that were too useful to the users, but along with that, it also brought in some errors that were frustrating. With these new options, the mistakes were consequently brought into the fold.

Before we move on to guide you regarding the prospects of fixing the common issues of the taskbar and how you can help your taskbar work again, it is essential that you learn about the features and all other important things that are new to this Windows 10 taskbar. Undoubtedly, it has got some awesome functionality but at the same time, it also includes some downside as well.

With the advent of Windows 10, there are certainly some modifications to the taskbar. Before we proceed further in this piece of article, I would like to guide you so that you gain the clue to what has really got changed. After you will be aware of the new modifications, we will move on to offer you with some straightforward fixes in order to help you fix some of the most common issues that have been plaguing the taskbar.

How to fix issues of the Windows 10 taskbar not working?

A lot of people have already reported that the Windows 10 taskbar not working, this issue has been reported repeatedly by users on the Microsoft forums as well as on the Reddit. If you too are facing the same problem, here I will help you get it fixed. This guide will definitely help you resolve things at ease.

1. Restart Windows Explorer

After you make a fresh restart of the Windows Explorer, the functionality of the taskbar will surely be restored. It is considered one of the simplest solutions and you do not require being techy enough to do with this process.

Here is how you do it:-

• Step 1 – Press the Ctrl + Shift + Esc keys altogether. This will open the task manager before you
• Step 2 – Select the Processes tab and then select the Windows Explorer
• Step 3 – Next, click on the Restart

2. Download Windows 10 drivers

In certain cases, it has been found out that if you have got any incompatible or outdated device drivers within your system, you may face this issue, wherein, Windows 10 taskbar might not be working in your hand. If it does not respond, you must download the proper Windows 10 drivers for your system in order to solve your problem with the taskbar.

To mark this process, you need to use Driver Talent, which is regarded as the safest and fastest way through which the users can choose to update drivers

Step 1 -Identify the outdated drivers

In order to move ahead into the process, you need to identify the incompatible drivers at first. Click on the Scan button and Driver Talent will be identifying the corrupt, broken and incompatible drivers.

Step 2 -Download and update Windows 10 Drivers

Click on the Update button. This will download and install the proper Windows 10 drivers for your computer automatically.

Step 3 – Reboot your computer system

To make sure that all the driver updates take effect, reboot your unit.

3. Use Windows PowerShell

In order to fix the Windows 10 taskbar not working issue, you need to follow the steps mentioned below to use Windows PowerShell. Here are the steps as follows:-

  • Choose Command Prompt by right-clicking on the Start menu
  • Type PowerShell and then press the Enter button

Either type or copy and paste the following command in the PowerShell window:-

Get-AppXPackage-AllUsers | Foreach {Add-AppxPackage – DisableDevelopmentMode -Register”$($_.InstallLocation)/AppXManifest.xml”}

Now, press the Enter button.

  • Close the PowerShell Window.
  • Navigate to C:/Users/name/AppData/Local/
  • Delete the folder – TitleDataLayer.

4. Creating a New User account

If you have already tried out all the above-mentioned procedures but could not find any of them working out successfully, try out this option and hope it will work out! Now, it is certain that your Windows 10 taskbar not working problem may have an issue with your administrator credentials and you can resolve it by creating a new user account.

Here are the steps that you need to follow:-

  1. In order to open up Settings, press the Windows + I button
  2. Go to the Accounts and then choose the Family & Other Users option from there
  3. Go to the Other Users option and then select Add someone else to this PC option under it.
  4. Now, select the option – I don’t have this person’s sign-in info
  5. Next, select the option – Add a user without a Microsoft account
  6. When you are done with the above steps, create the user and select the Next button to move ahead
  7. Create the New account as an administrator account
  8. Select the New user account that you have created from the Other Users and then select the option, Change Account type
  9. Choose Administrator
  10. Click on OK button

5. Fix your issues with the Start button

It is important to mention here, for we are talking about the troubles of the taskbar as a whole.
The Start menu seems to make a return in the Microsoft version, Windows 10 and it is presently regarded as the main way through which the users can get all their things done in their latest OS. However, unfortunately, this Windows 10 Start menu is facing some real troubles as reported by a lot of users.

Microsoft has been trying hard to iron out all these problems and along with that, it could be seen that the whole of the taskbar as well as the search button seems to undergo a freeze, at times! Experts often say that all these problems are caused due to the bug but it may also occur when Windows updates are being installed into the system. However, there is no guaranteed fix to any of these issues, yet there are definitely some tricks that could be tried out by the users in order to get the taskbar function once again just like it has been doing before!

At first, I would ask you to undergo a thorough checking process to ensure repairing the corrupt files.

Windows files are often seen to be corrupt and this tends to wreak all sorts of havoc on your PC or laptop, leading to gift you with a stuck Start button. Therefore, you must check and repair the corrupt files and see if your system starts functioning smoothly like before.

Step 1 – Launch the task manager

You may select the Task manager by simply right-clicking the taskbar, but since it is not working, you can press Ctrl + Alt + Del keys altogether on the keyboard.

Step 2 – Run new task option

Click on the More details option that is present in the Task manager and goes to the File menu. From there, select the Run new task option.

Step 3 – Run Windows PowerShell

Type PowerShell in the Run new task dialogue box

Now, there will be an option that says, Create this task with administrative privileges, simply click on it and click on the OK button.

Step 4 – Run the System file checker

Press the Return key after typing scan now / Sfc into the window. This scanning process may require a little bit of time and it will feedback with any of three results. They are as follows:-

1. Windows resource protection found corrupt files and repaired them
2. Windows could not find any integrity violations
3. Windows Resource Protection found corrupt files but was unable to fix all or some of them

In the last case, you need to either copy or type DISM /Online /Cleanup-Image /RestoreHealth. Type this in the PowerShell window and then press the Return key. This may require some time since the system will be downloading the files from Windows update and then replace the corrupt files one by one.

This process is expected to troubleshoot your problem and your taskbar along with the Start menu shall be functioning properly. Since Start menu was an important segment of the taskbar, it was important to mention the ways through which you can fix the same.

However, if the above-mentioned process does not work, here I am mentioning some other ways through which you can fix your problem with the Start menu:-

6. Reinstall the Windows apps

When the Windows PowerShell window opens, copy and paste or type:

PSC:\Windows\system32> prompt.
Get-AppXPackage – AllUsers |Foreach {Add-AppxPackage -DisableDevelopmentMode –
Register
“$($_.InstallLocation)\AppXMan

Keep on waiting till the app downloads and the install process is seen to be completed. If you see any red text on the screen and restart Windows, do ignore them.

7. Refresh your PC

windows 10 refresh pc

This would be your last resort. If none of the above-mentioned processes, you may choose to refresh your Windows 10 installation. This will certainly not affect your documents in any way!

All these information might help you fix your issue at ease. The steps are easy and simple and this whole piece will surely help you fix the problem and avail working smoothly.

The post How to fix Windows 10 taskbar not working? appeared first on TechWorm.

Wifi password hacking: Easily Hack WiFi Password Using New WPA/WPA2 flaw

Learn how to hack Wi-Fi password of modern routers

Wifi password hacking has become popular as people are always in search of the free internet. But due to the advancement of technology, cracking passwords have become a difficult task to do. The reason is due to the implementation of WPA/WPA2 (wifi protected access) protocols. They made modern routers more secure and less prone to hacking.

Luckily security researchers have revealed a new way to hack these modern wi-fi routers. This new hack was got accidentally discovered by Jens Steube (lead developer in popular password-cracking tool Hashcat) while he was analyzing the newly-launched WPA3 protocol. According to him, this hack will explicitly work against WPA/WPA2 wireless network protocols with Pairwise Master Key Identifier (PMKID)-based roaming features enabled. This hack will surely allow attackers (aka.Hackers) to recover the Pre-shared Key (PSK) login passwords.

Also Read– How To Hack Wi-Fi Password Without Cracking By Using Wifiphisher

Disclaimer: All content in this article are intended for security research purpose only. Techworm does not support the use of any tool to indulge in unethical practices.

How to Hack WiFi Password Using PMKID

How to Hack wifi Password of routers using WPA/WPA2

4-Way Handshake based PMKID stands for pairwise key management protocol. According to Steube (security researcher), previous wifi attacking methods requires someone to log into the network so that attackers can capture EAPOL (Extensible Authentication Protocol (EAP) over LAN ) which is a network authentication protocol used in IEEE 802.1X. whereas new hack doesn’t require a user to be on a target network in order to capture credentials. Following are the steps to perform this wifi hack:-

Step-1: A hacker can use a tool such as hcxpcaptool to request the PMKID from the targeted access point and dump the received frame to a file.

$ ./hcxdumptool -o test.pcapng -i wlp39s0f3u4u5 –enable_status

Step-2: Using the hcxpcaptool , the output (in pcapng format) of the frame can be converted into a hash format accepted by Hashcat like this.

$ ./hcxpcaptool -z test.16800 test.pcapng

Step-3:  Now you can use this password cracking tool to obtain the WPA PSK (Pre-Shared Key) password and Boom you did it!

$ ./hashcat -m 16800 test.16800 -a 3 -w 3 ‘?l?l?l?l?l?lt!’

That’s the password of your targeted wireless network which may take time to crack depending on its size or length complexity.

Now we are not sure about which vendors this technique will work. But Steube said it will work against all 802.11i/p/q/r networks with roaming functions enabled (most modern routers). So users are highly advised to protect their WiFi networks with a secure password such as making the use of numbers, characters and some special characters as they are difficult to crack. At last, we want to admit that this hack won’t work against next-gen WPA3 simply because of the new harder to break protocol.

Also Read: 10 Best Wi-Fi Hacking Tools Of 2018

The post Wifi password hacking: Easily Hack WiFi Password Using New WPA/WPA2 flaw appeared first on TechWorm.

Android 9.0 Pie is here: How to get it and what’s new

It’s official: Android P is Android 9 Pie and it is rolling out on Google Pixel devices

The wait is finally over! Google has officially rolled out the stable version of Android 9.0 for smartphones. The next version of Android operating system is called Android 9 Pie and is now available on Google’s own Pixel Android phones via over-the-air (OTA) updates. These are Pixel, Pixel XL, Pixel 2, and Pixel 2 XL smartphones.

“The latest release of Android is here! And it comes with a heaping helping of artificial intelligence baked in to make your phone smarter, simpler and more tailored to you. Today we’re officially introducing Android 9 Pie,” Sameer Samat, VP of product management, Android & Google Play wrote in the official blog that announced availability of the Android 9 P .

Besides the Pixel phones, the Android 9 Pie will also be soon available on phones that were part of the Android P beta program. Google said “Devices that participated in the Beta program from Sony Mobile, Xiaomi, HMD Global, Oppo, Vivo, OnePlus, and Essential, as well as all qualifying Android One devices, will receive this update by the end of this fall! We are also working with many other partners to launch or upgrade devices to Android 9 this year.”

However, Essential phone has already started receiving Android Pie.”We’re proud to bring Android 9 Pie to Essential Phone the same day it’s released! Check your phone now for the update,” Essential tweeted out from its official twitter account.

Coming to Android 9 Pie, the new OS “harnesses the power of artificial intelligence to give you more from your phone. Now it’s smarter, faster and adapts as you use it,” says Google.

Features like Adaptive Battery and Adaptive Brightness uses machine learning to prioritize system resources for the apps, which means these will give your phone greater longevity and your phone’s screen will also adjust better to surrounding conditions. Further, new features like App Actions predicts what you’re about to do, so that you get to your next task more quickly.

Also, Google has replaced the traditional three-button navigation bar with a new gesture-based system in Android 9 Pie. It is a new gesture-based system that’s similar to what Apple uses on the iPhone X. You can simply switch between apps and get to what you need more naturally by using gestures.

Another feature ‘Slices’ brings relevant parts of your favorite apps to the surface. For instance, you can see real-time pricing and driver ETAs from services like Uber or Lyft when you are searching for a ride. However, Slices will not be available until the Fall for non-beta users.

However, another notable feature of Google’s IO presentation about Android P was a broad feature called “Digital Wellbeing.” This feature includes ‘Do Not Disturb’ mode that blocks both sound and notifications, while ‘Wind Down’ mode will set a daily schedule to get your phone ready for bed and even turn fade your screen to gray to avoid any disturbance. Also, included in Digital Wellbeing is ‘App dashboard’ that shows users how much time they spend on apps through visual graphs and pie charts, whereas ‘App Timers’ will allow users to set time limits on apps and when that time is up, the app is paused for the rest of the day.

However, these Digital Wellbeing features will be offered as a beta for Pixel users. These features will roll out only this fall for non-beta users. The signup for the beta is here.

“We’ve built Android 9 to learn from you — and work better for you — the more you use it. From predicting your next task so you can jump right into the action you want to take, to prioritizing battery power for the apps you use most, to helping you disconnect from your phone at the end of the day, Android 9 adapts to your life and the ways you like to use your phone,” said Samat.

Those who own the Google Pixel, Pixel XL, Pixel 2, Pixel 2 XL and Essential Phone can upgrade their devices to Android P by going to Settings > System > System Update and tapping on ‘download and install’

Also read:  Android phones cannot have more than 2 notches on display, says Google

The post Android 9.0 Pie is here: How to get it and what’s new appeared first on TechWorm.

20+ Security Forums for Free Malware Removal Help

Malware can hide in places you probably haven’t though about them before, If you’ve been affected by malware, it’s important to know where you can ask for help.  We recommend checking out (and bookmark) this useful list of security forums that will provide guides and step-by-step instructions to solve your malware issues.

Don’t be so sure and believe that “this can’t happen to me”, especially today when we are dealing with malware as a business (MaaS) that it’s alive and growing day by day.

We think that one of the easiest and cheapest ways to address your malware problems is on a security forum. That’s the place where other people have encountered the same problem as yours and found a solution.

But with so many security forums out there, which one should you choose?

We have organized a list of security malware forums below, places where you can find professional insights and assistance when in trouble.

The security forums from this list can help you on a variety of topics, from best practices, how-to articles, step-by-step guides to security news and friendly advice. So, feel free to bookmark the article and use it accordingly.

1. Major Geeks

Major Geeks is the place where you find not just a good malware section in the support forum, but also lots of useful reviews for beginners to improve the computer performance.

2. MalwareHelp.org

This security website provides step-by-step instructions on removing malware, security news, including plenty of useful articles and free utilities that can help to remove malicious software from the system.

3. TechSupport Forum

A very well organized forum that addresses many online security issues, from spyware, malware, Windows problems, networking to hardware related subjects. Their technical articles are a good source of information to stay up-to-date and learn more about technology.

4. What the Tech?

This forum defines itself as a community of volunteers who provide IT knowledge and answer to various technical questions. The Spyware/ Malware/ Virus Removal section contains instructions to provide solutions to common spyware/ malware infections. Only trained people are allowed to offer help with infection removal processes.

5. Geeks To Go!

The team behind this forum say it is a helpful hub, where you can find answers and free support for your malware and technical questions, including malware removal, how-to guides, and tutorials.

6. Malware removal

This forum defines itself as providing 100% free of charge malware removal help from well-trained helpers and security experts to people with infected systems, so they have a clean and safe computer. A malware library of tips and tricks is available.

8. Sensors Tech Forum

This is the forum where you can find solutions to your PC issues and educate yourself about malware, so you learn how to remove it or prevent from getting infected in the first place.

9. DSLReports.com

DSLReports is an online location where you can find security news, technical information and reviews on software. Their forum on security and privacy addresses technical issues and malware removal tools.

10. Bleeping Computer

Bleeping Computer is one of the best security forums online and we recognize it as a source of inspiration for all of us, whether we talk about security news or forum. It defines itself as a community that provides free original content and tutorials that anyone can understand.

11. Malware Tips

MalwareTips forum is an online community where you can find security news, how-to articles and guides, troubleshooting, technical and malware advice. It’s the place where you can also find plenty of useful resources, reviews and many more.

You’ll get all the assistance you need to clean infected PCs and avoid getting infected with malware.

12. Computer Hope Forum

Here’s another security forum that includes a good spyware/ malware removal section and plenty of others places where you can find advice related to computer software, from anti-spyware tools, scanners to antivirus and Trojan protection utilities.

13. Malwarebytes

The Malwarebytes forum, from the renowned security provider, comes with a malware removal section and an FAQ area that you can use. It also offers a Tools section and a general computer support area, where you can find self-help articles and general computer help.

14. TechSpot

Virus and Malware Removal forum from TechSpot, the PC technology publication, comes with product guides, software recommendations and technical advice on software issues and malware problems. If you are encountering a malware issue, make sure you check out this forum and get help.

15. Cyber Tech Help

Here’s a helpful community in which you’ll find free assistance and guidance when they are dealing with a technical problem or a malware is reaching your device. At the same time, it is a great place to look for tutorials and news articles.

16. Spybot Forum

Here are useful malware and rootkit removal tools that provides free help and analysis in case you’ve been infected with malware. If you access their forum, you will find a team of authorized volunteer analysts who can assist and offer guidance with malware removal.

17. Tech Support Guy

Need help to remove your malware infection? We recommend to check out this malware forum and ask for help, whenever you have a technical problem. There’s a group of volunteers who are experts in Windows, Mac, Linux, and more, offering you free technical support and hardware issues, including malware removal.

18. Technet Forum

This forum belongs to Microsoft provides antimalware and antispyware support to users, and it’s a great place to discuss with the community about any technical issue you may encounter.

19. BestTechie

The BestTechie Malware Removal forum is the place where you can receive malware removal assistance, find self-help guides and learn how to clean the toughest malware from the system.

20. Techie7

Techie7 is a security forum that provides free resources and support to advanced users and beginners alike on a variety of computer issues, from malware and spyware to the Windows operating system.

21. TechRepublic Forum

We advise you have a look at this friendly community of IT experts that can help with any of your malware questions, from learning how to detect, fix or remove all types of malicious threats. A good place to seek recommendations and ask malware related matters.

22. MalwareTips Forum

Here is another security forum in which you can share your cyber security knowledge and get in touch with people from this field, as well as to discuss and find out useful guides on how to remove malware, the latest cyber security news and many more.

23. Gladiator Security Forum

An extensive forum where you can find answers and solutions to many security-related issues, from news and alerts to data breaches, online threats or info about security software products. For a fast solution, you can address your issue to a special malware help area or you can receive advice on what security software to use.

24.LandzDown Forum

The forums from LandzDown have the purpose to help users get their computers “cleaned up” from malware or any other forms of malicious software, like spyware, rootkits or adware. At the same time, they don’t forget to have a bit of fun, so you will find the “Jokes” section, including general software news and many more.

25. SpywareInfo

This forum comes in handy with to main security sections offered to its readers and users. You can access the “Malware removal” part to find information on how you can get rid of rootkits, spyware and other types of malware. Or, you can check out a program or software to make sure it’s not dangerous for your system from the Spywatch section.

26. Wilders Security Forums

Wilders Security Forums cover a wide array of topics, from spyware, malware, and privacy issues to antivirus software, backup options, firewalls and virtualization.

Conclusion

Keeping your online assets safe from cybercriminals requires constant attention and continuous learning.

All these forums that address online security are free and easy to use by anyone and we recommend you check them out at any time you are encountering a problem.

How do you keep safe from malware? What malware forums would you recommend?

This list isn’t complete, and we’ll continue to constantly keep it up to date. If you have any recommendations or know other security forums that should be on this list, please let us know.

This article was initially written by Andra Zaharia in March 2015 and updated by Ioana Rijnetu in August 2018

The post 20+ Security Forums for Free Malware Removal Help appeared first on Heimdal Security Blog.

How to Hire a Node.js Developer

Need a Node.js developer, but don’t know what to look for? Keep reading to learn how to hire the best developers for your team!

What is Node.js?

Node.js is a Javascript framework that is made on Chrome’s Javascript engine. Node uses a nonblocking, event-driven I/O model that makes it efficient and lightweight. And we’re here today to help you get a Node.js developer to help you complete your project.

So let’s get started!

Why use Node.js?

A myriad of companies is hiring node.js developers now. Node is a powerful tool but is a difficult beast to tame. Some companies have failed because they were unable to decide if Node.js is suited towards their idea.

Before hiring a developer, ask yourself “Why am I using Node.js?”. If you have to make a CRUD application, then you should hire a Rails or Django developer, because they have more documentation and a larger community.

Node DevOps and Deployment

Node can be hard to deploy. There’s no official document on how to deploy it, as a lot of node operations have different requirements.

When looking for node.js developers, make sure that they are a DevOp (developer involved in operations). This will increase the chances that they know how to work under pressure and complete projects on time.

Does your developer know what to do during a crash? How will they handle the load balancing? Do they know how to scale applications across multiple servers? These are the questions you need to ask your candidate before hiring them for the job.

Data

Data is king in the world of coding.

Node.js applications have a lot of database options, and you have to make sure that your candidate is familiar with them. Do you need a NoSQL or relational interface? Which implementation do you plan on using?

There isn’t a correct answer to this, but there are a ton of wrong answers. Just make sure that your node.js developers know the data options that are available. They should have in-depth opinions about data and the knowledge the support them.

Security

Security is important when it comes to creating Node.js application. And your developers need to be well versed in it. Do they know how to mitigate an SSJSi attack? If not, you have to send them back to do their homework.

Open Source

Now that you know that Node.js is the right language for your app, do you know what you’re looking for? When looking for a candidate, make sure that they have an open source portfolio. This means you can look through their GitHub profile.

Hopefully, the candidate has multiple Node.js projects under their belt. Ideally, these projects are well maintained.

The best developers will contribute patches and bug fixes to other node.js projects. This shows that they have a good sense of community, which is important for a great employee. By doing this, you’ll be able to.

Conclusion

We believe that hiring node.js developers is an in-depth process. To get the best developers, you have to check for their talents and see if they are suited for your company. By doing this, you’ll increase their productivity and help them complete your app on time.

Sources:

  1. https://codeburst.io/getting-started-with-node-js-a-beginners-guide-b03e25bca71b
  2. https://www.gun.io/blog/6-tips-for-hiring-a-node-js-developer
  3. https://artjoker.net/blog/how-to-hire-the-best-nodejs-developer/

The post How to Hire a Node.js Developer appeared first on TechWorm.

YouTube is rolling out the ‘dark mode’ theme for Android devices

Android users can now use YouTube’s ‘dark mode’ theme on their devices

We had reported last year that Google-owned YouTube, the most popular video streaming website, is testing a new ‘dark mode’ feature that is expected to cause less strain to the user’s eyes while watching YouTube videos at night time or dimly-lit environments. While Google brought the dark theme for desktop users late last year and later on for iOS users earlier this year, Android users still had to wait to receive this update.

Looks like the wait is finally over for at least some Android users, who reported that the dark theme was mysteriously applied when they opened the official YouTube app on Android. The app also served a pop-up at the bottom of the screen informing that this feature is available now. The dark mode comes with a toggle that allows the user to switch off the mode and revert to the light theme, if they wish to.

Although Google has not officially announced the feature, this mode is now available for Android. The dark theme basically reverses the color of the YouTube app UI (user interface) by replacing the white background with black. Apparently, the color isn’t really black but it is more like a dark grey.

It appears that the roll out of the dark mode theme on Android devices is happening in phases and the remaining Android users should see the change on their devices in the coming days or weeks.

Check out how you can enable YouTube dark mode on your Android device:

Step 1: First, launch the YouTube application.

Step 2: Then, tap on your profile icon that appears on the right top corner.

Step 3: Go to Settings > General.

Step 4: Tap on the toggle for “Dark theme” to enable it.

Step 5: Tap on the back button, the theme is automatically saved.

The post YouTube is rolling out the ‘dark mode’ theme for Android devices appeared first on TechWorm.

Guest Posting: A Give-and-Take Thing

The digital marketing realm is one that’s extremely rich and full of methods to help you not only get by, but to also succeed. And of this plethora of tools and methods, one that’s often underestimated is the method of guest posting. Guest posting, as I honestly believe, is one of the most powerful tools at your disposal to help attract and retain a loyal audience. Apart from that, you also get to forge partnerships with other website owners to create a mutually beneficial system. Of course, I’m going to discuss this with you in detail, but first let’s dive into what guest posting actually is.

What is it?

Guest posting is defined as the act of writing or publishing an article on another person’s website. This may seem like a strange concept upon first impression, however, it’s actually an incredibly effective way of increasing traffic.

Every website needs good content, especially since new SEO prioritizes relevance in order to help make user experience better. Two factors that Hummingbird, Google’s indexing algorithm, takes into consideration are the average time spent on your website and your bounce rate.

Good content helps captivate your visitors and it also encourages them to not only stay on your site longer, but to also explore your site for more content. Now, this is where guest posting comes in.

How does it benefit my site?

Well, first you and the host blogger need to come to an agreement wherein the host blogger is required to include a link to your blog somewhere within the article. As time goes by, these links from blogs are going to increase your own blog’s value as far as search engines are concerned, which also means that your blog becomes easier to find.

Next, you are able to interact with new people. You’re essentially building a network with each guest posting partner you find. Once you gain a multitude of guest posting partners, you could potentially increase traffic to your site exponentially. That’s why it’s imperative that you are able to consistently give them quality content. You are dealing with other people, and in a sense they become your clients — your content is what gets published on their website, which means that their reputation is as much a concern as that of your own.

And finally, while it’s the most apparent, it’s also the most important benefit to guest posting — your blog basically gets an extended reach. Your exposure is greatly increased, sometimes even without the help of a search engine.

What are my responsibilities?

Now, of course, just because your content has been published elsewhere doesn’t mean you won’t be held accountable for it. It goes without saying that your content has to be of good quality. But there are more aspects to manage after your content is published, such as responding to comments and promoting the post on social media. And lastly, never forget to thank the host blogger for publishing the content and providing a backlink to your blog.

The post Guest Posting: A Give-and-Take Thing appeared first on TechWorm.

The ABCs of Detecting and Preventing Phishing

Have you ever considered that you could be a target for phishing attacks?

It’s not a new issue, but it’s a rising threat. Phishing attackers have been constantly growing and improving their techniques. Let’s see how you can actually start preventing phishing, since cybercriminal strategies became so convincing that you can barely distinguish them from harmless communications.

And all it takes to fall into their trap is a fraction of a second.

Perhaps the most dangerous reaction to this concern was: “Ehhh, so what? It don’t think it can happen to me. And I don’t have important stuff anyway”.

Actually, they can harm you a lot if you’re not paying attention.

They can: withdraw money, make purchases, steal your identity and open credit card accounts in your name, or further trade those information about you and much more.

The latest Kaspersky report shows that, in 2017, Facebook was one of the top 3 most exploited company names.

Telegram, a popular messaging platform, was so frequently a target of phishing attempts that there is now an anti-phishing bot that attempts to protect user accounts.

Just look at what types of seemingly-innocent messages actually hide dangerous attempts to hijack your data.

phishing scenarios emotional motivators

Source

And the context is ripe for phishing attacks to happen, especially on an enterprise level. According to Allen Paller, the director of research at the SANS Institute 95% of all attacks on enterprise networks are the result of successful spear phishing.

Even worse, research suggests that, in the event of a security breach, 60% of customers will think about moving and 30% actually follow up on that thought.

For regular users, the threat of identity fraud always looms and is usually preceded by a phishing attack. According to a report that tracked identity fraud incidence rate since 2003, in just 2016 the number of cases rose by sixteen percent. Regular users exposed to phishing had to pay an average of $263 out of pocket costs. Together, all the users who were affected by phishing that year had to spend 20.7 million hours to deal with the consequences of account takeovers.

Phishing

Keep reading if you want to avoid getting caught in their net, as we’ll cover the ABCs of phishing: what it is, what you can do to detect and prevent any attacks and what measures to take if you think you got caught in the phishing net.

 

WHAT IS PHISHING?

Phishing is the name given to cybercriminals’ attempts to lure you into giving them sensitive information or money.

The word “phishing” is similar to “fishing” because of the analogy of using bait to attempt to trap victims.

By sensitive information we mean anything that ranges from your social security number to passwords, bank account number, credit card details, PIN number, home address, social media account, birthday, mother’s maiden name and so on.

This information can be used for financial damages, identity theft, to gain unlawful access to different accounts, for blackmail etc.

No phishing

 

HOW DOES PHISHING WORK?

Attackers use different methods of deception as phishing strategies.

They will create fake messages and websites, that imitate the original ones. With their help, they will try to lure you into handing over your personal information. They will either ask you to reply to them, follow a link included in the message or download an attachment.

The communication appears to be initiated by a legitimate person or company. Famous phishing attacks imitate messages from financial institutions, government agencies (ex: IRS), online retailers and services (ex: Amazon, eBay, PayPal), social networks (ex: Facebook), or even from a friend or colleague.

In order to make phishing look genuine, attackers include photos and information from the original website.

They may even redirect you to the company’s website and collect the data through a false pop-up window. Or it can happen the other way around: they first request your personal data, then redirect you to the real website.

Other times, they tell you that you have been targeted by a scam and that you urgently need to update your information in order to keep your account safe. That’s how millions of Walmart consumers were tricked in 2013.

All these gimmicks will minimize the chances for you to realise what happened.

Here’s an example of Standard Bank phishing from 2010, via McAfee:

Standard Bank phishing example

Phishing has become a way to spread malware. The attackers will deliver malicious content through the attachments or links they trick you into clicking on. The malicious code will take over a person’s computer in order to spread the infection.

Although phishing is mostly transmitted via email, it can also work through other mediums. In the past years, cyber attackers moved their focus on phishing attacks done through instant messaging services, SMS, social media networks, direct messages in games and many others.

 

WHY DOES IT WORK?

Phishing is popular among cyber attackers because it is easier to trick someone into clicking on links or downloading attachments than trying to break into their system defenses.

It works because they appeal to emotions. It promises great deals or alerts you that there may be a problem with an account.

It’s also so effective because more than 50% of users use the same passwords for different accounts. This makes it easy for the cyber criminals to gain access to them.

 

PHISHING EFFECTS

Phishing damages can range from loss of access to different accountsbanking, email, social media profiles, online retailers, to identity theft, blackmail and many more.

Just to name a few of them:

  • financial loss
  • data loss
  • accounts loss
  • ransom asked in exchange for regaining access to your data
  • blacklisting from institutions
  • malware or viruses infections into a PC or network
  • illegal use of personal data
  • illegal use of social security number
  • creation of fake accounts in your name
  • ruining your credit score
  • losing your job, if you happen to be phished via your work email address and give out essential company details as a consequence

 

A LITTLE BIT OF HISTORY

The first phishing records date back to the beginning of 1996, when cyber scammers were trying to lure AOL (America Online) customers into a trap and get access to their accounts and billing information.

Cyber scammers would contact users through the AOL instant messaging and email system and pose as AOL employees. Needless to say that it was pretty effective, especially since phishing was virtually unknown at the time.

You can find out more about the first records of phishing here.

 

TYPES OF PHISHING

 

1. SPEAR PHISHING

Spear phishing is an email directed at specific individuals or companies. It is highly effective and very well planned.

The attackers will take their time and gather all the available information about their target before the attack: personal history, interests, activities, details about colleagues and any other details they can find. These are used in order to create a highly personalized and believable email.

It’s a technique that works because the phishing email appears to be from someone you know and requires urgent action. Maybe it will even make reference to a mutual friend or a recent purchase you’ve made. The attacker takes advantage of the fact that people are inclined to act before they double-check it. They also leverage your trust in companies, organizations and people.

Spear phishing requires higher efforts, but its success rates are also higher. It’s currently the most successful phishing technique, accounting for 95% of attacks.

And all this just by gathering publicly available information that we freely share on our social media accounts and blogs. It’s one of the main reasons why we should think twice before divulging any more personal information online. Even if all your privacy measures are in check, you can never know whose friend account may have been compromised.

 

2. WHALING

Whaling phishing is the term used for attacks directed at high profile targets within companies, such as upper management or senior executives.

These are tailored to appear as critical business email, sent from a legitimate business authority, that concern the whole company.

Here are a few examples: legal subpoenas, managerial issues, consumer complaints.

Needless to say that return on investment for attackers is very high in this case. And, contrary to what you’d think, these types of targets are not always as security savvy or protected as they should be.

 

3. CLONE PHISHING

Clone phishing uses legitimate, previously delivered emails.

The cyber attackers will use original emails to create a cloned or almost identical version. Clone phishing emails may claim to be a resend of the original or an updated version of it. Only this time, the attachment or link is replaced with a malicious version. It appears to come from the original sender and uses a fake reply-to address.

This phishing strategy works because it exploits the trust created from the original mail.

 

HOTTEST PHISHING TRENDS:

 

1. CLOUD PHISHING

Cloud phishing attacks also had a boost in the past year, because of the increasing usage of cloud storage technology.

This is usually distributed via email or social media, as a message sent by compromised friends accounts or on behalf of a cloud service provider. It will invite users to download a document uploaded to a popular cloud service. When the victim clicks on the link, malicious software will be downloaded.

The stolen information can be used for extortion, sold to third parties or used in targeted attacks.

Here’s an example of cloud phishing using Dropbox brand, via Kaspersky:

Dropbox phishing

 

2. GOVERNMENT PHISHING

Be vigilant when it comes to communications that claim to be from law enforcement agencies, such as the IRS, FBI or any other entity.

The most fraudulent attempts in the past years were created to mimic IRS communication, in an attempt to steal your financial information.

You should know that government agencies don’t initiate contact with taxpayers via email, especially to request personal or financial information.

You should read these actionable advices provided by the IRS.

Also keep an eye out for insurance offers, as this was one of the hottest topics for spamming and phishing in 2015.

 

3. SOCIAL MEDIA PHISHING

Phishing on social media networks isn’t novelty, but it will probably never get old. Phishers create websites that look identical to Facebook or LinkedIn or any other social media websites, using similar URLs and emails, in an attempt to steal login information.

Phishers will ask you to reset your password. If you click on the link, you’ll be redirected to a page that looks identical to Facebook and asks you to enter your login information.

The attackers can then use this to access your account and send messages to friends, to further spread the illegitimate sites.

Other times, they can make money by exploiting the personal information they’ve obtained, either by selling them to third parties or by blackmailing.

Read this warning note from Facebook to see how this phishing category may look like.

Facebook phishing

 

HOW TO START PREVENTING PHISHING

 

1. SENDER DETAILS

First thing to check: the sender’s email address.

Look at the email header. Does the sender’s email address match the name and the domain?

Spoofing the display name of an email, in order to appear to be from a brand, is one of the most basics phishing tactics.

Here’s an example: an email from Amazon that comes from “noreply@amazon.com” is legitimate. But an email that appears to be from someone at Amazon but was sent from a different domain, like the email in the picture below, is most certainly not from Amazon.

Phishing example - Amazon Prime (22-12-2015)

Compare the headers from a known valid message from a given source with those on a suspect message.

If they don’t match, don’t click on anything, don’t download any attachment.

For experts: You can also analyze the email header and track IP using this tool.

If you are using Gmail, you can turn on the authentication icon for verified senders. This way, you will see a key icon next to authenticated messages from trusted senders, such as Google Wallet, eBay or PayPal. Unfortunately, only few domains are currently supported by this program, but hopefully it will extend in the future.

Another verification method available for Gmail users:

Check whether the email was authenticated by the sending domain. Open the message and click on the drop-down arrow below the sender’s name. Make sure the domain you see next to the ‘mailed-by’ or ‘signed-by’ lines matches the sender’s email address.

Find out more about it here. It will look like this:

Sent by & Signed by - Amazon & Gmail authentication example (22-12-2015)

The second thing to check: the address the email was sent to.

Look at TO and CC fields. If the email was sent to old or wrong addresses, it may indicate it was sent to old lists or randomly generated emails.

 

2. MESSAGE CONTENT

Clue number one: They ask you to send them or verify personal information via email.

Or they are asking for information which the supposed sender should already have.

Here is a recent example of phishing using the brand DHL (screenshot via Comodo):

DHL Shipment phishing 2015

Clue number two: They are likely to play on your emotions or urgency.

As a general rule, be suspicious of any mail that has urgent requests (e.g. “respond in two days otherwise you will lose this deal”), exciting or upsetting news, offers, gift deals or coupons (especially around major holidays or events, such as Black Friday or Christmas).

Clue number three: They claim there was some sort of problem with your recent purchase or delivery and ask you to resend personal information or just click on a link to resolve it.

Banks or legitimate e-Commerce representatives will never ask you to do that, as it’s not a secure method to transmit such information.

Here’s an example of PayPal phishing:

PayPal Phishing Example 2015

Clue number four: They claim to be from a law enforcement agency.

They never use email as a form of contact.

Clue number five: They ask you to call a number and give your personal details over the phone.

If this is the case, search for the official correspondence from the company and use the phone number provided them to verify if this is true.

 

3. MESSAGE FORM

First rule: Beware of bogus or misleading links.

Hover your mouse over the links in the email message in order to check them BEFORE clicking on them.

The URLs may look valid at a first glance, but use a variation in spelling or a different domain ( .net instead of .com, for example). Thanks to the new generic topic-level domains that were introduced in 2014, spammers and phishers gained new tools for their campaigns.

Other phishing scams use JavaScript to place a picture of a legit URL over a browser’s address bar. The URL revealed when hovering with your mouse over a link can also be changed using Java.

Second rule: Look out for IP addresses links or URL shorteners.

They can take a long URL, shorten it using services such as bit.ly, and redirect it to the intended destination. It’s hard to find out what’s on the other end of that link, so you might be falling into a trap. Better be safe than sorry.

It’s not unusual for the domain to be deliberately distorted in the email, by adding extra spaces or characters, together with instructions on how to use it (“Remove all the extra characters / spaces and copy to the address bar”).

Useful tools:
Check a redirect with this Redirect Checker from Internet Officer, to see where it’s leading to.

Or screenshot the page remotely using Browser Shots.

Third rule: Beware of typos or spelling mistakes.

This used to be the norm, but it’s no longer an imperative.

Fourth rule: Beware of amateurish looking designs.

This means: images that don’t match the background or look formatted to fit the style of the email. Stock photos. Photos or logos uploaded at low resolution or bad quality.

Fifth rule: Beware of missing signatures.

Lack of details about the sender or how to contact the company points into phishing direction. A legitimate company will always provide such information.

 

4. ATTACHMENTS

Look out for attachments.

They can attach other types of files, such as PDF or DOC, that contain links. Or they can hide malware. Other times, they can cause your browser to crash while installing malware.

A Kaspersky Labs reports shows that in Q3 of 2015 there’s been an increase in phishing using attachments, a trend that doesn’t seem to want to go away.

“A particular feature was a new trick used in phishing emails – in order to bypass spam filters they placed the text of the email and fraudulent link in an attached PDF document rather than in the message body.”

 

5. EXTERNAL LINKS / WEBSITES

Let’s assume that you already clicked on a link from a suspicious email.

Is the domain correct? Don’t forget that the link may look identical, but use a variation in spelling or domain.

Before submitting any information on that website, make sure that you are on a secure website connection. You can easily check that by looking at the link: does it start with “https” or “http”? The extra “s” will mean that the website has SSL. SSL is short for Secure Sockets Layer and is a method to ensure that the data sent and received is encrypted. More legit and safe websites will have a valid SSL certificate installed.

Another way to check that is to look on the left of the web address: is there an icon of a closed padlock? Or is the address highlighted in green? This will indicate that you are visiting an encrypted site and the transferred data is safe. Fortunately, from now on, Google Chrome will mark sites without http as insecure, so it should be easy for you to spot them.

google chrome connection not secure phishing prevention

HELPFUL TOOLS

Use browsers that offer built-in phishing protection.

In general, there are two ways to detect phishing websites: heuristics and blacklists.

A heuristic method analyzes patterns in URL, words in web pages and servers in order to classify the site and warn the user.

Google and Microsoft operate blacklists. Google integrated them with Firefox and Chrome, so a warning message will appear before entering a phishing website. Microsoft is integrated with Internet Explorer and Edge.

You can also install browser add-ons and extensions designed to block phishing attempts. Read more tips on this subject on Tech Support Alert.

Other useful tools:

Check and Secure browser & plugin

Browser & Plugin-Check by Check & Secure. This scans your browser and all the installed plugins, to see if they are up to date.

“83% of all malware infections could have been avoided, if the browser plugins had been updated in the first place.”

Cyscon PhishKiller

 

BASIC ONLINE SECURITY

IN ORDER TO KEEP YOUR PC SAFE:

Be aware that cyber attackers are one step ahead of the defenders. That means that you cannot always be 100% protected against them, not even with all the email filtering systems or anti-virus software.

Of course, this doesn’t mean that you want to make their jobs easier, so taking these steps will go a long way in preventing phishing.

Keep your software updated as well. If you use a free tool that offers automatic and silent software updates, you can eliminate up to 85% of security holes in your system.

Install a reliable antivirus. It should include real-time scanning and automatic update of virus database.

Choose an antivirus that scores high on phishing protection tests. More tips on this you can read in our guide.

You should also create a separate email account that you only use to subscribe to newsletters, forums, online retailers, social media accounts or other public Internet services. Keep your personal email account as private as possible. This will help reduce the amount of spam and phishing attempts you receive.

Also, beware not to click on the Unsubscribe button or follow instructions for unsubscribing. Many spammers and phishers use these in order to find out if your email is valid.

 

BASIC SAFE PASSWORDS MANAGEMENT RULES

Phishing is very effective because more than 50% of users use the same passwords for different credentials. This makes it easy for the cyber criminals to gain access to other accounts.

It’s important to use different passwords for your accounts. The same way you don’t use only one key for your house and your car, you shouldn’t use the same password more than once. This simple preventing phishing technique won’t let cyber attackers get into your other accounts.

If available, activate two-factor authentication. This way, you’ll receive a unique one time code on your phone every time you want to log in from a different device. It will add a second layer of protection, that’s much more difficult to breach by cyber attackers.

For more actionable tips on this subject, check out our password security guide.

How Tough is Your Password Security

 

FINANCIAL SECURITY STEPS

Periodically review your bank account activity (daily, if possible), to check all the transactions.

If you don’t recognize any of the transactions, regardless the amount, contact your bank straight away.

Turn on text messages notifications for all card transactions.

It will alert you in real time if an online transaction exceeds the limit that you set (make sure you set it to the minimum available).

Also enable two-steps approval for transactions, so that you will have to use your mobile phone number.

Put a security freeze on your credit report.

In case of identity theft, it will prevent any openings of new accounts in your name. However, you will have to lift it every time you want to apply for a loan or rent a new place.

And lastly but not least important: try to use a separate card, dedicated only to digital transactions.

Transfer money on it every time you plan to buy something. In the rest of the time, leave only a small amount of money on it.

Credit cards

 

IF STILL UNSURE WHETHER IT’S PHISHING OR NOT

What steps to take:

Try to always directly type the web address of the site you want to access in your browser, instead of clicking on links from emails or social media networks.

Directly contact the company or organization from which the message appears to be sent. Grab the phone or forward them the phishy email. Search for prior communications with them, such as post mail, and use the contact information provided there. Don’t use the contact information provided in the email.

You can also improve your phishing detection skills by taking these quizzes gathered by Capterra on their blog. They also have plenty of phishing emails examples.

Phishing_Login

 

WHAT TO DO IF YOU THINK YOU WERE PHISHED

If you have a hunch that something is wrong, immediately contact your bank or credit card institution and close the accounts you believe they may have been compromised.

Change the passwords used for those accounts and then also change the passwords used for the emails linked to them.

WHERE TO REPORT PHISHING ATTACKS

Forward the message to the last known good address of the sender.

There are several places where you can submit phishing attacks or websites:

If it appears to be from IRS, you can forward it to phishing@irs.gov
Or to the Federal Trade Commission at spam@uce.gov
At US Cert: phishing-report@us-cert.gov
At The Anti-Phishing Working Group: reportphishing@apwg.org

Submit a suspected website using the phish site reporting service, PhishTank.

If you are using Gmail, in the drop down menu at every email there is a Report Phishing button.

Report Phishing at Gmail example

If you aren’t using Gmail, you can complete this form.

 

Conclusion

One last advice: for preventing phishing, always trust your gut. It may not be the most scientific approach, but, ultimately, you should just listen to what your intuition tells you. If something feels wrong, even if you cannot specifically explain why, or if it’s too good to be true, it’s better to stay away from it.

 

This article was originally published in December 2015 by Cristina Chipurici and was last updated with current information on July 7, 2018.

The easy way to protect yourself against malware
Here's 1 month of Heimdal PRO, on the house!
Use it to: Block malicious websites and servers from infecting your PC Auto-update your software and close security gaps Keep your financial and other confidential details safe

EASY AND RELIABLE. WORKS WITH ANY ANTIVIRUS.

Try Heimdal PRO

The post The ABCs of Detecting and Preventing Phishing appeared first on Heimdal Security Blog.

Make Money as a Hacker – Highest Paying Bug Bounty Programs

Bug bounty programs are usually organized by software companies or websites, where developers get rewarded for finding bugs; in the

Make Money as a Hacker – Highest Paying Bug Bounty Programs on Latest Hacking News.

Ethical hacking: Penetration Testing Overview of Methodologies Utilized

Penetration testing deals with legitimate attacks on a computer system so as to assess the level of security the system

Ethical hacking: Penetration Testing Overview of Methodologies Utilized on Latest Hacking News.

Why Malware as a Business is on the Rise

The alarming growth of malware attacks in the last years should concern each of us, but what is more important, should make us AWARE of the risks and consequences. Taking action and preventing these malicious activities operated by cybercriminals has to be a top priority IF we want to stay safe online.

The reality is that cyber attackers now use different strains of malware, much more sophisticated and agile that prove to be effective and successful, challenging us to build a stronger defense against them.

Malware evolves at a rapid pace because of advanced malware mastering the art of evasion. Thus, traditional antivirus engines find it difficult to detect attacks in the first stages. Malware is getting bigger and bigger. It fuels growth, innovation and encourages malicious actors to easily reach their goals.

In this article, we’ll have an in-depth analysis of malware and learn: where it hides, what are the most dangerous malware attacks so far, why malware a profitable business for cybercriminals and offer actionable security tips to help you better prevent these attacks and keep yourself (and your digital assets) safe.

Why malware attacks keep happening?

In the context of this ever-changing threat landscape that never ceases to challenge everyone from home users, organizations to security researchers and communities, this question makes a good point.

It’s simple. Malware still works, and humans have their contribution to helping attackers succeed with their malicious plans.

True fact: Throughout our old habits that seem to die hard (not updating our software frequently, or reusing the same password for various online accounts), we maintain security holes that malicious actors are exploiting and fueling this growing malware business.

According to a report from Trustwave security company, 22 percent of respondents (security respondents) said that “preventing malware, including ransomware, was their biggest security threat and obligation for 2018”, while the second biggest pressure was identifying vulnerabilities (17%) and the third one (13%) was preventing social engineering and phishing attacks.

Paul Edmunds, Head of Technology at the National Crime Agency’s National Cyber Crime Unit (NCCU) states that:

 It’s really important to understand the impact that malware has. It’s a massive criminal enabler that underlines most cybercrime. It’s an infrastructure that’s used for compromising devices to conduct most of the prominent attacks that you see.

The evolution of malware

Before we understand its impact, let’s take a few steps back and have a look at how malware evolved lately to become such a serious and threatening business to everyone.

The malware market evolved from something that was tested and probably used for fun, – with hackers creating programs to see how they can gain access to unauthorized places and then focusing on money and going for stealing personal data – into a more targeted attack vector.

Did we ask for malware? No, but there’s a big business out there and we are all responsible in a way or another for making it alive and growing.

According to Cisco 2018 Annual Cybersecurity Report, the evolution of malware was “one of the most important developments in the attack landscape in 2017”. “Malware is becoming more vicious. And it’s harder to combat. We now face everything from network-based ransomware worms to devastating wiper malware.”

This graphic from AV-Test shows the growth of total malware over the last five years:

Here's how malware evolved

Source: AV-TEST.org

Also, did you know that “in the second half of 2017 on average 795 new malware specimen were discovered per hour i.e. 13 per minute.”?

Source: Gdatasoftware.com

Regardless of the smartphone landscape, mobile malware is one of the fastest types of malware, targeting more and more Android users. In the first quarter of 2018, the G DATA security experts detected “an average of 9,411 new malware every day for the popular Android operating system”. This means: A new malware appearing every 10 seconds.

The rise of ransomware attacks

Perhaps a clear evolution of malware economy has seen last year with the two massive and devastating cyber attacks: WannaCry and (non)Petya.

The first one was called by Europol an attack of “an unprecedented level” that took down entire networks and caused business disruption across 150 countries and infecting more than 200,000 computers. Not to mention about the financial damage caused, because many companies and public institutions have had their computers and data encrypted, and the only way to get it back was to pay a ransom.

If during the WannaCry ransomware, cyber criminals used the EternalBlue method, with (non)Petya ransomware outbreak, – that also spread fast and had self-replicating abilities. -, they changed the type of malware from ransomware to wiper. How is this different? The purpose of a wiper is to destroy and damage, while ransomware is mainly focused on making money.

In 2018, malware is even more agile, and Gandcrab ransomware is a great example. It is a fast-growing malware that’s been used and spread in waves of spam campaigns. While it reached the version 4 already, this piece of malware was initially distributed via exploit kits which abuses software vulnerabilities found in systems.


Here’s what you need to know about the growth of malware as a business.
Click To Tweet


The newest version 4 of this malware family includes “different encryption algorithms, a new .KRAB extension, new ransom note name, and a new TOR payment site”. So far, Gandcrab is one of the most prevalent and biggest ransomware attacks in 2018. Here’s a more in-depth and technical analysis of how Gandcrab ransomware evolved if you want to dive into this topic.

If you’ve been hit by any of these ransomware attacks or others, we strongly advise you NOT to pay the ransom to get your data back. Instead, check out this list of decryption tools to unlock your data for free.

5 key places where malware can hide

Malware authors often look out for new techniques to hide their malicious files which often go unnoticed by antivirus software or threat intelligence analysis.

Here are the most common places where malware can hide:

  • Email attachments – Most of the security alerts we’ve written talk about malware being delivered via emails to potentially infect victims’ computers. Sadly, many people still download, open, click and enable malicious attachments to run on their computers. Here the example of a variant of Trickbot malware in which cybercriminals lure victims into clicking on a malicious word document attached in the email.
  • Links sent via email – Another common place where malware can hide is a link received via email which is more tempting for users to simply click it than downloading an attachment. This mindless clicking behavior is known and exploited by cybercriminals.
  • Traffic redirect – Another place that malicious actors exploit to hide malware is in the Internet traffic(especially in the browser). As we spend most of the time reading online, browsing blogs or buying on the Internet, it’s easy to become a target. Traffic redirect may be invisible for the unskilled users, so they land on sites where malware is hidden in the code of the page or on the ads listed on the site.
  • Software updates – Probably the story of compromised versions of CCleaner software apps is the best example here. Hackers spread hidden malware in the version 5.33 of the CCleaner software which has been downloaded by more than two million users. Full story here.
  • Hidden and infected mobile apps – Given the rise of mobile apps, we’re likely to download and install all kind of apps on our device, without taking any caution. Here’s an example of malware threat known as hidden administrator app that targets Android users. It is an infected app that installs itself with administrator privileges and takes control of your mobile device.

If you want to find out more about how and where cybercriminals hide their malicious code in files, links, apps we use on a daily basis, read this guide.

Why Malware is a profitable business for malicious authors

Just like any other business, the purpose of malware authors is to turn it into a big and profitable business of millions (or even billions of dollars). To do that, it’s important for them to know and ask for the right price.

Making money from malware has proved to be a winning option for cybercriminals. Usually, they choose rich and developed countries, target large and successful organizations, from where they can extort a lot of money and access their valuable data.

As the number of ransomware attacks continue to grow exponentially, its authors will keep making a lot of money, because most of the victims choose to pay the ransom.

According to the Telstra Security Report, more than half of businesses who were victims of a ransomware attack have paid the ransom and they would do it again. “Some 60 percent of ransomware victims in New Zealand and 55 percent in Indonesia paid the ransom, making it the highest for Asia. In Europe, 41 percent of respondent ransomware victims paid up.”

On top of that, another research conducted by Cybersecurity Ventures estimates that ransomware damages will cost the world more than $8 billion in 2018 and they will reach $11.5 billion annually by 2019.

The attackers behind Wanna cry ransomware may have caused global panic among users and organizations, but what about its financial costs? In total, it has been estimated that they made $143,000 in Bitcoin of this massive attack.

The Gandcrab ransomware that continues to evolve and quickly being spread into various spam campaigns “has infected over 50,000 victims and claimed an estimated $300-600K in ransom payments”, according to Check Point Research. In the figure below, you can see the attack by geographic location of a target.

Source: Checkpoint.com

The success of Bitcoin cryptocurrency and its price reaching a historic $20K at the end of 2017 influenced the rise of cryptojacking malware attacks.

New findings from Check Point research stated that “the number of global organizations affected by crypto-mining malware more than doubled from the second half of 2017 to the first six months of this year, with cybercriminals making an estimated $2.5 billion over the past six months.”

The research also discovered that hackers are now targeting cloud services because most businesses store their sensitive data there. And there are more cyber security threats that should concern us and determine to implement solid prevention and security measures.

All these examples from above show that malware business is still growing, by switching from a macroeconomic level to microeconomic level. The malware market, like any other, offers a wide range of products to fit users’ diverse needs. You can find APTs, ransomware, banking trojans, cryptojacking, data breach, online scams, malware families with as many names as you can possibly wish for. Just like when you go to the supermarket and you have a plethora of vegetables and fruits to choose from.

Today’s malware is more targeted, but not necessarily more sophisticated. They still exploit software vulnerabilities found in devices, and that’s not something too complicated about it. Today malicious actors are both agile and creative and try techniques that still work. Today next-gen malware attacks have the ability to evade detection and bypass antivirus programs users install on their computers to keep their data safe.

Security measures to apply against malware attacks

We might not have asked for a malware market, but we are still serving it through unpatched software, by not backing up data, not getting enough education and knowledge of cyber security and many more.

Time to act is right NOW!

Malware threats are wide spreading and difficult to combat, so, once again, we emphasize that prevention is the best strategy to stay safe online.

Make sure you don’t fall victim to malware and follow these cyber security measures:

  • Always keep your software patched and up to date, including the operating system and every application you’re using on a daily basis;
  • Keep a backup with all your important data on external sources like a hard drive or in the cloud (Google Drive, Dropbox, etc.). This guide shows you how to do it;
  • Once again, we urge you: Do NOT OPEN emails or click on suspicious files/attachments. Be very cautious!
  • Remember to set strong and unique passwords with the help of a password management system. This security guide comes in handy.
  • Use a reliable antivirus program as a basic protection for your device, but also consider including a proactive cyber security solution as a second layer of defense for maximum protection.
  • Always secure your browsing while navigating the Internet and click on websites that include only HTTPS certificate;
  • Teach yourself (and master basic cyber security) to easily spot online threats delivered via emails, social engineering attacks or any other method attackers may use.
  • We remind you that security is not just about using a solution or another, it’s also about improving our online habits and being proactive every day.

Will malware as a business continue to grow? I think it will, as long as was – and still is – heavily sustained by ransoms paid by victims who want immediate access to their valuable data. It will continue to grow as long as we don’t apply basic security measures that can make us less vulnerable to these attacks.

This article was initally written by our CEO, Morten Kjaersgaard, in 2015, but refreshed and improved by Ioana Rijnetu in July 2018.

The post Why Malware as a Business is on the Rise appeared first on Heimdal Security Blog.

How to Secure your PC after a Fresh Windows Installation [Updated 2018]

 

You chose to install Windows operating system on your computer or, maybe, for various technical reasons, you had to reinstall it. No matter your reasons, it’s important to keep in mind various security layers after this procedure, so your computer is safe from threats.

How to secure your PC after a fresh Windows installation

After finishing the Windows installation, whether it’s Windows 7, 10 or another operating system, we encourage you to follow these security measures below to enhance protection:

1. Keep your Windows operating system up to date

Probably the most important step to do is checking for the latest security updates and patches available for your Windows operating system.

To get the security updates automatically, go to “Control Panel” and check if your automatic updating system is enabled or follow these steps:

  1. Access the search box in your Windows operating system, type Windows Update.
  2. Select Advanced options.
  3. Click on Automatically download updates in case it is not already selected/turned on.

After checking for available updates for your Windows operating system, keep the automatic update turned on in order to download and install the important updates that can help protect your PC against new viruses or next-generation malware.

Always remember to keep your OS up to date with the latest security available. Software patching remains an essential key to improve online safety and security experts make a good case of emphasizing its importance. Cybercriminals still try to benefit from security holes found in users’ systems and PCs. That’s one of the reasons why cyber attacks still work and they make a lot of money of it.

 2. Update your software

You don’t have to update only the Windows operating system, but your software as well. Therefore, make sure all the latest updates and security patches for your main programs and apps are installed.

Needless to say that most popular pieces of software (such as Java, Adobe Flash, Adobe Shockwave, Adobe Acrobat Reader), especially the outdated ones, are always under threat from malicious actors who exploit them to get easier access to your sensitive data.

Since these pieces of software are always under threat from criminal minds, don’t just rely on your memory to manually update every program or application you have installed.

A better option would be to start using a dedicated cyber security solution for you and keep your software program up to date.

3. Create a restore point

If you already installed the security updates for Windows OS, the next step recommended is to create a restore point in Windows.

You can do this by clicking on the Start button, then select Control Panel -> System and Maintenance (or System and Security) -> System. Then select System protection and click the Create button.

After installing Windows, you can create the Restore Point and name it Clean installation, and continue installing drivers and applications.

If one of the drivers causes issues on the system, you can always go back to the Clean installation restore point.

system_restore

 4. Install a traditional antivirus product

When you consider installing an antivirus program on your PC, make sure you use one from a legitimate company, because there can be fake software programs out there. It is important to have a reliable security solution on your system, which should include real-time scanning, automatic update, and a firewall.

To find the best antivirus that suits your needs, read this ultimate guide that will teach you more about antiviruses, its main features and what should you look for.

If you choose to install a security product that doesn’t have a firewall, make sure you have turned on the Windows firewall.

To turn it on, go to Control Panel, select System and Security, then Windows Defender Firewall and turn it on or off.


Super useful guide on how to secure your PC after a fresh Windows installation:
Click To Tweet


5. Install a proactive security solution for multi-layered protection

On our blog, we explained on many occasions why traditional antivirus is no longer the go-to solution, simply because it cannot keep up with the rise of new and advanced online threats. Financial malware especially is created to steal sensitive data and confidential information and it uses sophisticated methods to do so.

Next-gen malware usually has the ability to evade detection and bypass antivirus software that users have installed on their PCs to keep their data safe. We recommend reading these 12 examples of spam campaigns behind the scenes indicating a low detection rate for AV engines during the first stages of a cyber attack.

With the help of a proactive cybersecurity solution, you get the best protection against financial and data-stealing malware, such as Zeus or Cryptolocker.

To improve the financial control of your online banking account, you can always set banking alerts to track your account activity and apply these simple and effective financial protection tips.

 

6. Back up your system

You updated the operating system and your system applications, you have installed additional security products for your system safe and even created a Clean installation restore point for your Windows.

The steps above are meant to keep you safe from malicious software and online threats, but you may still encounter hardware issues that could endanger your private information.

To make sure your data stays safe, you should be using a twofold strategy, which should include combining an external hard drive usage with an online backup service.

We need to emphasize the importance of having a backup solution which provides stability (look for a big company name), it’s easy to use (so you won’t have a headache backing up from files), allows you to synchronize your files with the online backup servers and provides some sort of security, such as encryption capabilities.

Online Backup

Our guide on how to do a data backup includes more information on most popular backup solutions available and what the best ways to keep your data safe are.

At the same time, you could simply use your Windows Backup system. To set it up, access your Windows Control Panel and then click Backup and Restore to access the location. From this place, you can set an automatic backup, create a schedule and even choose a network location for your backup files.

7. Use a standard user account

Windows provides a certain level of rights and privileges depending on what kind of user account you have. You may use a standard user account or an administrator user account.

To secure your PC, it is recommended to have a standard account to prevent users from making changes that affect everyone who uses the computer, such as deleting important Windows files necessary for the system.

With a Standard user account, you have limited rights and cannot do things like changing system settings, or installing new software apps, hardware or changing the username and passwords. Here’s why you should use an account like this one and how to create it.

If you want to install an application or make security changes, remember that you will need an administrator account.

We also recommend that you set a strong password for your Windows user account.

Use this security guide that will help you set unique and strong passwords and manage them like an expert.

Top Security Tip:
Using a standard account ensures that a piece of malware which infects a limited-user account won’t do much damage as one infecting an administrator account.

Windows account

8. Keep your User Account Control enabled

User Account Control (UAC) is an essential security feature of Windows that prevents unauthorized changes to the operating system. Many users have the tendency to disable it after installing/reinstalling the Windows operating system.

We don’t recommend to turn it off. Instead of disabling the UAC, you can decrease the intensity level using a slider in the Control Panel.

UAC monitors what changes are going to be made to your computer. When important changes appear, such as installing a program or removing an application, the UAC pops up asking for an administrator-level permission.

In case your user account is infected with malware, UAC helps you by keeping suspicious programs and activities from making changes to the system.

 

UAC

 

9. Secure your web browser before going online

Here’s another thing to do after installing Windows: pay attention to browser security. Since our web browser is the main tool used to access the Internet, it is important to keep it safe before going online.

The vulnerabilities in your web browser are like open door invitations to cybercriminals who find creative ways to harvest your most important data. For example, if you are using Adobe Flash, be aware of its security flaws and how it can expose you to attacks.

To stay safe while accessing various web pages, follow these steps:

  1. Choose the latest version for your browser.
  2. Keep it updated.
  3. Choose a private browsing session when you access a website you are not sure about. Choosing this mode will prevent authentication credentials (or cookies) from being stored and steal by attackers.
  4. Since data-stealing malware spreads through malicious code embedded in pop-up windows even in legitimate websites, make sure your web browser can block pop-ups:

And there’s, even more, you can do. Use these step-by-step instructions to enjoy the best secure browsing.


On my next Windows install, I’ll follow these security tips to improve my data safety:
Click To Tweet


10. Use an encryption software tool for your hard drive

Even if you set a password to your Windows account, malicious actors can still get unauthorized access to your private files and documents. They can do this by simply booting into their own operating system – Linux, for example – from a special disc or USB flash drive.

A solution for this case is to encrypt your hard drive and protect all your sensitive files. It is recommended to use this level of security if you have a laptop, which can be very easily stolen. The same thing applies to a computer.

A free encryption tool you can use is BitLocker, which is available on the latest Windows operating systems and you can enable it at any moment. Even after you have enabled the BitLocker protection, you won’t notice any difference because you don’t have to insert anything else but your normal Windows user account password. The benefits of using this encryption tool:

  • It encrypts your entire drive, which makes it impossible for malicious actors stealing your laptop to remove the hard drive and read your files.
  • It’s also a great encryption software if it happens to lose your PC/laptop or get it stolen.
  • Easy to use and already integrated into your Windows OS, so there’s no need to add another encryption software.

If you’d rather want to use another solution, here’s a full list of encryption software tools you can choose to protect your data.

 11. Be careful online and don’t click on suspicious links

To make sure you won’t be infected by clicking on dangerous links, hover the mouse over the link to see if you are directed to a legitimate location. If you were supposed to reach your favorite news website, such as “www.cnn.com”, but the link indicates “hfieo88.net“, then you probably shouldn’t access it. Chances are you’ll be infected with malware and cybercriminals steal your sensitive data.

It’s worth trying shortening services, such as goo.gl or tinyurl. But in some cases, an unknown link may send you to a malicious site that can install malware on the system.

So, how can you know where you’ll arrive if you click it?

To make sure you are going to the right direction, use a free tool such as Redirect Detective that will allow you to see the complete path of a redirected link. Another tool which can provide very helpful in checking suspicious links is the reliable URL checker, VirusTotal.

For more information on how to maximize your financial data protection, check out this article.

 Conclusion

It’s not just about staying safe. 

This guide above is meant to keep you safe online. But, at the same time, following these security measures mean that you also set up your system to work smoothly for online browsing and financial operations, activities you do every day.

Since there are many other solutions to protect a system after a Windows installation, we would like to know your opinion on this.

How do you increase your security after a Windows installation?
Do you have a particular routine?
We’d love to add your tips to the list, so share them in the comments below.

Spend time with your family, not updating their apps!
Let Heimdal FREE Silently and automatically update software Close security gaps Reinforce your antivirus of choice

INSTALL IT, FORGET IT AND BE PROTECTED

Download Heimdal FREE

The post How to Secure your PC after a Fresh Windows Installation [Updated 2018] appeared first on Heimdal Security Blog.