Free Tools To Secure Windows Against Malware

June 6, 2015 – 2:24 PM

Everyone wants a secure operating system. No one likes to have a computer infected with malware that slows down the PC, destroys files or steals sensitive information. Often, that operating system isn’t very secure by default. If it’s also a highly popular OS, such as Windows, then more tools are needed to enhance its security, simply because its default defenses will be targeted and bypassed by more attackers.

There’s no security magic bullet, but using multiple layers of security can drastically lower the chance that your system will become infected by malware or be attacked by malicious hackers.

Some security tools are free, some are easy to use and others are so complex that a normal PC user couldn’t possibly figure them out. What most PC users want is for their system to be protected “automatically” with minimal effort on their part. They don’t want to tinker too much with complicated programs, and they would prefer not to pay too much extra to secure their computers.

I often help friends and family — usually, people who aren’t very technical — set up their new PCs and Windows installations. They always seem to ask me to “install an antivirus” as well. They know that there needs to be some “extra” protection on their PC to truly keep them safe, but they don’t really understand what exactly is needed to achieve that. Therefore, they ask for a program that everyone knows protects PCs against “bad stuff” — an antivirus.

What they really mean, though, is that they want their PCs to be safe, regardless of which app or tool achieves that, as long as they don’t have to bother with it after everything is set up. As such, I’ve looked for tools that offer as much protection as possible that are accessible by the vast majority of people. (It helps that the tools I’ve chosen are also free.)

In fact, most of the tools I’m going to mention require only slight or no tinkering at all after installation, or are very easy to use even by nontechnical users.

Source:
http://www.tomshardware.com/reviews/free-windows-security-anti-malware-tools,4149.html

How to turn on two-factor authentication on over 100 popular online services

June 4, 2015 – 4:31 AM

TeleSign launched Turn It On, a new campaign featuring a guide to two-factor authentication and providing step-by-step instructions for turning on 2FA for over a 100 popular social networking, banking, cloud computing and other online services that offer the 2FA option.

“The number one tip most experts give for increasing account security and stopping the fallout from data breaches is to turn on two-factor authentication,” said Steve Jillings, CEO of TeleSign. “Yet our research shows that the majority of consumers (61 percent) do not know what two-factor authentication is, even though it’s available on almost every account, free to the consumer and just waiting to be turned on.”

In an effort to bridge the gap between consumer concern and an effective and readily available security measure, TeleSign has launched the Turn It On campaign.

Source:
http://www.net-security.org/secworld.php?id=18466

New exploit leaves most Macs vulnerable to permanent backdooring

June 2, 2015 – 4:31 AM

Macs older than a year are vulnerable to exploits that remotely overwrite the firmware that boots up the machine, a feat that allows attackers to control vulnerable devices from the very first instruction.

The attack, according to a blog post published Friday by well-known OS X security researcher Pedro Vilaca, affects Macs shipped prior to the middle of 2014 that are allowed to go into sleep mode. He found a way to reflash a Mac’s BIOS using functionality contained in userland, which is the part of an operating system where installed applications and drivers are executed. By exploiting vulnerabilities such as those regularly found in Safari and other Web browsers, attackers can install malicious firmware that survives hard drive reformatting and reinstallation of the operating system.

The attack is more serious than the Thunderstrike proof-of-concept exploit that came to light late last year. While both exploits give attackers the same persistent and low-level control of a Mac, the new attack doesn’t require even brief physical access as Thunderstrike did. That means attackers half-way around the world may remotely exploit it.

“BIOS should not be updated from userland and they have certain protections that try to mitigate against this,” Vilaca wrote in an e-mail to Ars. “If BIOS are writable from userland then a rootkit can be installed into the BIOS. BIOS rootkits are more powerful than normal rootkits because they work at a lower level and can survive any machine reinstall and also BIOS updates.”

Source:
http://arstechnica.com/security/2015/06/new-remote-exploit-leaves-most-macs-vulnerable-to-permanent-backdooring/

New Stegosploit Tool Hides Malware Inside Internet Images For Instant Drive-by Pwning

June 1, 2015 – 4:36 AM

Go online for five minutes. Visit a few webpages. How many pictures do you see?

With the media rich nature of the web, chances are your answer is in the hundreds. It is in this space the future of malicious cyber attacks could be embedded. In a presentation at Hack In The Box in Amsterdam, Net Square security researcher Saumil Shah demonstrated an updated method of his digital steganography project, Stegosploit, which involves embedding executable JavaScript code within an image to trigger a drive by download.

In plain speak, this means virtually any picture you view on the web, even without clicking on it or downloading it, could potentially contain malware. Upon viewing the image, the hidden program would automatically load on your computer or mobile device without your consent. That malicious software could then do a variety of nasty things from taking control of your device to stealing data, photos, login credentials, sensitive personal and financial information and more. The best part of all, antivirus and malware detection scanners are not, at this time, equipped to detect these kinds of attacks, rendering your safety net completely useless.

While using steganography to convey hidden messages is nothing new, the attack method Shah has developed is, and in his opinion, could be the future of online attacks.

Source:
http://www.idigitaltimes.com/hacking-pictures-new-stegosploit-tool-hides-malware-inside-internet-images-instant-444768

Beware: Hola VPN turns your PC into an exit node and sells your traffic

May 28, 2015 – 4:35 AM

Hola is a popular virtual private network (VPN) provider that is available for various web browsers including Google Chrome, Mozilla Firefox and Internet Explorer, as well as desktop and mobile operating systems.

It is free to use and if you check ratings and users on Chrome’s Web Store alone, you will notice that it is used by more than 7.1 million Chrome users currently.

Hola uses a sophisticated system to offer its services for free. Instead of routing users solely (or at all) through company servers and raking up huge bandwidth bills in the process, it is utilizing user devices as endpoints.

This means basically that any user device that Hola is running on acts as an endpoint. An endpoint is a node that is communicating directly with a target website or service that Hola users access when the service is enabled.

Source:
http://www.ghacks.net/2015/05/28/beware-hola-vpn-turns-your-pc-into-an-exit-node-and-sells-your-traffic/