Introducing: Malwarebytes Browser Extension

July 26, 2018 – 6:01 PM

Malwarebytes Browser Extension delivers a safer and faster web browsing experience. It blocks malicious websites and filters out unwanted content (resulting in up to three times faster webpage load times). The filtering is not based on definitions, so the extensions can block previously-unidentified fake tech support scams and their tactics.

What will it do for your browsing experience? It prevents pop-ups, browser hijackers, and browser lockers from harassing you and interrupting your surfing. It also blocks clickbait links and fake news content, stops in-browser cryptocurrency miners, and gives other malicious content the boot. All this while relying on threat behavior patterns rather than on researchers who have to track down, identify the malware, and add it to a database of known threats. (We still need those researchers to make our products better. This is just a different, faster method.)

Speaking of behavior patterns, our browser extension is the first that heuristically identifies and blocks tech support scams‘ browser-locker pages, which scare users into calling fake tech support scammers. So it protects you from unwanted social engineering tactics as well.

Source:
https://blog.malwarebytes.com/malwarebytes-news/betas/2018/07/introducing-malwarebytes-browser-extension/

GDPR/Privacy Emails

May 26, 2018 – 7:58 AM

Tip: Receiving all of these GDPR/Privacy emails is a great opportunity for you to take an inventory of everybody who has your data and/or personal information.

FBI tells router users to reboot now to kill malware infecting 500k devices

May 25, 2018 – 6:22 PM

The FBI is advising users of consumer-grade routers and network-attached storage devices to reboot them as soon as possible to counter Russian-engineered malware that has infected hundreds of thousands devices.

Researchers from Cisco’s Talos security team first disclosed the existence of the malware on Wednesday. The detailed report said the malware infected more than 500,000 devices made by Linksys, Mikrotik, Netgear, QNAP, and TP-Link. Known as VPNFilter, the malware allowed attackers to collect communications, launch attacks on others, and permanently destroy the devices with a single command. The report said the malware was developed by hackers working for an advanced nation, possibly Russia, and advised users of affected router models to perform a factory reset, or at a minimum to reboot.

Later in the day, The Daily Beast reported that VPNFilter was indeed developed by a Russian hacking group, one known by a variety of names, including Sofacy, Fancy Bear, APT 28, and Pawn Storm. The Daily Beast also said the FBI had seized an Internet domain VPNFilter used as a backup means to deliver later stages of the malware to devices that were already infected with the initial stage 1. The seizure meant that the primary and secondary means to deliver stages 2 and 3 had been dismantled, leaving only a third fallback, which relied on attackers sending special packets to each infected device.

Limited persistence

The redundant mechanisms for delivering the later stages address a fundamental shortcoming in VPNFilter—stages 2 and 3 can’t survive a reboot, meaning they are wiped clean as soon as a device is restarted. Instead, only stage 1 remains. Presumably, once an infected device reboots, stage 1 will cause it to reach out to the recently seized ToKnowAll.com address. The FBI’s advice to reboot small office and home office routers and NAS devices capitalizes on this limitation. In a statement published Friday, FBI officials suggested that users of all consumer-grade routers, not just those known to be vulnerable to VPNFilter, protect themselves.

Source:
https://arstechnica.com/information-technology/2018/05/fbi-tells-router-users-to-reboot-now-to-kill-malware-infecting-500k-devices/

The EFAIL vulnerability – why it’s OK to keep on using email

May 15, 2018 – 9:19 PM

This week’s bug of the month is the trendily-named EFAIL.

Like many groovy bugs these days, it’s both a BWAIN (bug with an impressive name) and a BWIVOL (bug with its very own logo, shown in the image at the top of this article).

The name is a pun of sorts on the word “email”, and the bug is caused by a flaw in the specifications set down for two popular standards used for email encryption, namely OpenPGP and S/MIME.

Simply put, the EFAIL vulnerabilities are a pair of security holes that a crook might be able to use to trick recipients of encrypted messages into leaking out some or all of their decrypted content.

Note that this attack only applies if you are using S/MIME or OpenPGP for end-to-end email encryption.

If you aren’t using either of these add-ons in your email client, this vulnerability doesn’t affect you – after all, if the crooks can sniff out your original messages and they’re not encrypted, they’ve got your plaintext already.

Note also that this attack doesn’t work on all messages; it doesn’t work in real time; you need a copy of the original encrypted message; it only works with some email clients; and it pretty much requires both HTML rendering and remote content download turned on in your email client.

Source:
https://nakedsecurity.sophos.com/2018/05/15/the-efail-vulnerability-why-its-ok-to-keep-on-using-email/

Cloudflare’s new DNS service

April 20, 2018 – 6:33 PM

Are you looking for a free way to speed up your internet and gain some extra privacy in the process? Keep reading, because Cloudflare (the Web Performance & Security Company) is offering a free new DNS service. And it helped me improve the speed of my DNS lookups.

What is DNS?

DNS is short for Domain Name System. It is an internet protocol that allows user systems to use domain names/URLs to identify a web server rather than inputting the actual IP address of the server.  For example, the IP address for Malwarebytes.com is 104.72.35.176, but rather than typing that into your browser, you just type ‘malwarebytes.com’ and your system reaches out to a ‘DNS Server’ which has a list of all domain names and their corresponding IP address, delivering that upon request to the user system.  Unfortunately, if a popular DNS server is taken down or in some way disrupted, many users are unable to reach their favorite websites because without the IP address of the web server, your system cannot find the site. When trying to explain the concept of DNS name resolution I think that finding a phone number for a certain person is a good analogy. There are several ways to find a person’s phone number and the same is true for resolving an IP address that belongs to a domain name.

Which DNS servers am I using now?

If you have to ask yourself that question, there’s a big chance that you are using the DNS service provided by your internet provider. And while some of those are quite good, others are deplorable. Those that have looked into changing their DNS servers have probably ended up using Google’s public DNS or if they were also interested in a web-filter they might have ended up using Cisco’s OpenDNS. IMHO those are the two most popular alternatives for the ones provided by ISPs around the globe, but many more are available.

Source:
https://blog.malwarebytes.com/101/how-tos/2018/04/cloudflares-new-dns-service/