The Virus Bulletin Conference 2020 VBLocalhost is live and my video presentation is there

Here is the conference link: https://vblocalhost.com/conference/ You need to register first (free).   Here is my paper: One year later: challenges for young anti-malware products today I have to say that the VB team did a good job with the editing 🙂   I think I was too nice with Defender :))) What do you think ?   Here are some , more or less. funny facts about the session filmed: I did the recording in a one day, just before leaving on vacation. I needed more than 8 hours to do it I filmed myself 10 times, 8 of them from start to end a few times I made mistakes a few times my children made some noises once came the post once the cat started to meow so loud in front of my office door, that I had to stop The 8th attempt was the one you see there and it was taken in two parts.

Read More

Defender Application Control or Defender SmartScreen – what can you do to not be blocked by it

Ever wondered why do you get one of these popups for your Windows program, despite of the fact that it is signed with a standard code signing certificate ? Applications that are signed with a standard code signing certificates need to have a positive reputation in order to pass the Smart Screen filter. Microsoft establishes the reputation of an executable based upon the number of installations world wide of the same application. Since you haven’t published your application as yet (and therefore the reputation hasn’t been established as yet), the Smart Screen will continue to flag the application. If you have a standard code signing certificate, some time will be needed for your application to build trust. Microsoft affirms that an Extended Validation (EV) Code Signing Certificate allows to skip this period of trust building. According to Microsoft, extended validation certificates allow the developer to immediately establish reputation with SmartScreen. Otherwise, for some time, until your application builds trust, the users will see a warning like “Windows Defender Smartscreen prevented an unrecognized app from starting. Running this app might put your PC at risk.”, with the two buttons: “Run anyway” and “Don’t run”. In newer Windows version you see the…


Speaking at the Virus Bulletin Conference 2020: ‘One year later: Challenges for young anti-malware products today’

Source: https://vblocalhost.com/presentations/one-year-later-challenges-for-young-anti-malware-products-today/ A year ago, at VB2019 we presented for the first time an overview of how the anti-malware world looks from the perspective of a young company trying to enter the market: how they try to build products, how they try to enter the market, how they try to convert users, and what challenges they face in these activities. In this new paper we will present an overview of the situation for such a company after one year of experience. We will look at the situation from several angles: that of the consulting company helping them to build the product and enter the market that of working with certification companies regularly, checking the products for detection and performance that of working with Microsoft to make the company compliant and keep them compliant One year later, many still have a hard time understanding that the security market is no longer the Wild Wild West, but we also see that a lot of visible efforts are being made to improve. This means that compliance with ‘clean software’ regulations is becoming an issue. We will present some interesting statistics and compare data from the past with current data. The young companies still…


Facebook advertising at its best

It is known that the Facebook advertising is very aggressive sometimes and that it very often fails. Very often I find strange ads and I click on the details in order to to see why was it displayed to me. If you click on Hide Ad: And then, for example, click on “Irrelevant”:   Then, you can click on “Why did I see this ad?”. I found very strange to see one ad for some kind of sales training and process improving (?!). To my surprise, I’ve seen that the ad was targeting “Star Wars” fans… :))   The other two requirements are always the same: – 18+ – location Germany     So, is this intended and there is actually some study that shows that Star Wars fans are more inclined to buy consulting for improving sales ? What do you think ?    


Aggressive phishing against Strato.de customers

Strato.de (now belonging to 1&1) is one of the biggests hosters in Germany. Since a few weeks we see a lot of emails containing various texts that try to convince the user to login to his strato.de account and perform some actions. Strato published on their blog also a post about these fake emails: https://strato.de/blog/achtung-aktuell-wieder-phishing-mails-im-namen-von-strato-im-umlauf/   Fortunately, the phishing email is very simple and it just hides the target URL with the official strato.de URL. Pretty much all phishing filters detect it and block it.   The subject of the email is very aggressive: Last notification before judicial recovery The email says that the customer has one more day to pay. But now comes the funny part. The email says that the payment should be done via credit card, in order to make it “easy” for the customer. 🙂 To may this even more credible, they write that the introduction of a new payment method costs 1€. After that, they even communicate the name of the company that will try to retrieve the money from the customer: Intrum (www.intrum.de)   The problem I can’t stop to wonder how are the phishers obtaining all domains from Strato. I have all my…


My IT_SecurityNews account nominated for “Best tweeter” account in the European Cybersecurity Blogger Awards

European Cybersecurity Blogger Awards – VOTE FOR YOUR WINNERS: Vote here . Yes, it is a Google Form… but there is no malware or spam 🙂 Don’t forget to vote IT_SecurityNews! The seventh annual European Cybersecurity Blogger Awards sponsored by Qualys and powered by Eskenzi PR, will be bestowed upon the best cybersecurity bloggers, podcasters, Tweeters, Instagrammers and vloggers in a live virtual event on Tuesday 2nd June 2020. Visit IT Security news and the Twitter account.


A brief history of software vulnerabilities in vehicles

Car Hacking News Timeline 2017-2019 [1] 2019: Hack of an OEM’s automotive cloud via third-party services and tier-1 supplier network 2019: Memory vulnerability at a cloud provider exposed data incl. passwords, API keys, and tokens 2019: A malware infection caused significant production disruption at a car parts manufacturer 2019: Vehicle data exposed during registration allowed for remote denial-of-service attacks on cars 2019: Malware infected the back end, making laptops installed in police cars unusable 2018: An ex-employee breached the company network and downloaded large volumes of personal information 2018: Cloud servers hacked and used for cryptomining 2018: Researchers exploited vulnerabilities of some infotainment systems and gained control of microphones, speakers, and navigation systems 2018: Security issues discovered in 13 car-sharing apps 2018: Researchers demonstrated >10 vulnerabilities in various car models, gaining local and remote access to infotainment, telematics, and CAN buses 2018: EV home chargers could be controlled by accessing the home Wi-Fi network 2017: Rental car companies exposed personal data 2017: Ransomware caused the stop of production across several plants Car Hacking News Timeline 2002-2015 [2] 2015: Researchers remotely sent commands to the CAN bus of a specific car that had an OBD2 dongle installed to control the car’s…


“Your Site Has Been Hacked” ransomware email campaign in the wild

I was actually not expecting this kind of ransomware… I am used by now with “You’re hacked”, “You’re infected”… and others alike , but this one with the website is actually really interesting. What I find very disturbing is the fact that there are 5 transactions. A few were for tests, I think, but there is at least one who paid. They do use the a correct website of mine. PS: Of course that my site hasn’t been hacked :))   Here are some of the headers: Return-Path: <hacker@autoservistoth.cz> Received: from autoservistoth.cz ([213.157.59.58]) by mx.google.com with ESMTP id ce7si16117485edb.534.2020.04.17.03.08.14 for <sorin@mustaca.com>; Fri, 17 Apr 2020 03:08:23 -0700 (PDT) Received-SPF: neutral (google.com: 213.157.59.58 is neither permitted nor denied by best guess record for domain of hacker@autoservistoth.cz) client-ip=213.157.59.58; Authentication-Results: mx.google.com; spf=neutral (google.com: 213.157.59.58 is neither permitted nor denied by best guess record for domain of hacker@autoservistoth.cz) smtp.mailfrom=hacker@autoservistoth.cz X-AntiVirus: Checked by Dr.Web [version: 11.1.11.04270, engine: 11.1.9.04170, virus records: 6152810, updated: 8.05.2017] Return-path: <postmaster@thehomebase.top> From: “Hacker” <hacker@autoservistoth.cz> To: sorin@mustaca.com   For indexing better, this is the body of the email. PLEASE FORWARD THIS EMAIL TO SOMEONE IN YOUR COMPANY WHO IS ALLOWED TO MAKE IMPORTANT DECISIONS! We have hacked your website http://www.xxxxxx.com and extracted…


Hey, UniFi, why Java? Or “The Best way to destroy customer trust”

I am using at home Unifi to extend my WiFi through two access points. I am writing this post as a user who paid good money for these devices and feels betraid and left alone in the dark by Unifi. While installing the Unifi Controller on  new machine, I am prompted to install Java. I am forwarded on this page: https://www.java.com/en/download/win10.jsp     Of course, I know that Oracle changed licensing. Yes, this is supposed to be free for personal use. But I don’t like to support this concept, as I personally think that Java should be free for all. So, I tried to install OpenJDK, which is free to use for everybody: https://jdk.java.net/java-se-ri/14 And here started the problems: there is just a ZIP archive on that website. Sooooo, then I googled which environment variables are installed and I set all of them manually. That is a challenge itself, as the OJDK doesn’t seem to come with the required JAR files. Unfortunately, the Unifi Controller refuses to detect the OpenJDK. Then I started to google again on how to use Unifi with OpenJDK: Here As I was assuming, a lot of people are asking the very same thing. It appears…


CSMS – Cyber Security Management System: New Regulations coming from ISO 21434 and WP.29

A Cyber Security Management System (CSMS) is soon going to become mandatory for all vehicles manufacturers and suppliers. In the automotive industry, we are currently seeing that Cyber Security is already a critical success factor. Starting with July 2024, the type approval of vehicles will only be possible if a certified CSMS is available and Cyber Security is ensured throughout the entire life cycle of the vehicle. UNECE WP.29, an upcoming UN regulation on Cyber Security and the ISO/SAE 21434 standard are expected to make this mandatory from mid 2024.   But what is a Cyber Security Management System ? We have a bit of an idea from WP.29: The vehicle manufacturer shall demonstrate to an Approval Authority or Technical Service that their Cyber Security Management System applies to the following phases: – Development phase; – Production phase; – Post-production phase.   There are some phases missing here, right? What about: Design Architecture Change Management Updates   More details in the next post.


%d bloggers like this:

By continuing to use the site, you agree to the use of cookies and to its Privacy Policy more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close