What is Computer Exploit? Tips to Keep You Safe in 2019

A computer exploit usually refers to vulnerability on software through which hackers can gain access to data. Usually, users are not even aware that such vulnerabilities exist and this puts them in a very precarious position. The problem is generally fixed by the developers, and they avail the safer software through updates. It is therefore incumbent upon the user to install updates to their software as soon as they are released.

As a safe measure, avoid downloading attachments from suspicious sources as they might just be what the hackers need to access your data. It is only by being vigilant and staying up to date that you can protect your data from unwanted access. You will also do yourself a great favor by installing a premium anti-virus program on your devices as it will keep the hackers at bay. Be sure to visit www.norton.com/setup for more information on how to go about this.

What is Identity Theft? How to Protect Yourself in 2019

Identity theft is one of the most downplayed yet incredibly risky threats to your data security. As can be inferred from the name, it involves  impersonation. Usually the hacker or criminal will gain your personal data and use it for their own financial gain. They can use your passwords to gain access to your accounts,  and then proceed to make purchases or borrow loans in your name.

Signs that you may be a victim of identity fraud include strange purchases made in your name, inexplicable transactions carried out using your cards or even not getting your bills when you should. Identity theft can indeed have far reaching financial consequences.

To protect yourself, make sure that all your cards and accounts are protected using passwords, preferably different passwords for different accounts. Additionally, steer clear of shady websites, and never give out your passwords or PINs under any circumstances. Ensure that your devices are properly protected from unwanted access using superior quality software. Finally, always carry few cards with you so that you know when one is missing

What is Spoofing? How to Mitigate Under the Radar Threats

Spoofing refers to impersonation by a hacker of another website or device on a network. They will often pick a device or website that you trust, which means that you are more likely to divulge sensitive information without raising an eyebrow. Usually, spoofing involves emails, IPs and DNS.

The only way to spot spoofing is by being very keen. If you get an email from a source you trust, but the email asks for very sensitive information, you need to be very wary before you respond. The same also goes for websites that you trust-if the site starts behaving strangely, then you need to be on your guard. Make use of quality software to protect your information as well.

How to Remove Mobile Malware and Keep Your Device Protected in 2019

Mobile malware can be frustrating to say the least. The virus can be in a file or you might have a whole app corrupted. The tell-tale signs of mobile malware include slow performance and a fast- draining battery. They both occur due to the programs working in the background thus consuming a lot of charge and tying up other processes. You might also notice strange pop- ups in your device and mysterious increase in storage consumption. All of these often point to a device infested with a virus.

To protect yourself, you would be well advised to install high- quality anti- virus software. This will ensure that your phone is protected from malicious software at all times. Additionally, avoid visiting questionable sites and only install applications from reputable sources.

Several Cryptojacking Apps Found on Microsoft Store

Among the latest discoveries of the Symantec are the eight apps on the Microsoft that have been really found to have the capacity to mine the Monero even without the user’s authority or knowledge! The potentially unwanted applications commonly known as the PUAS was discovered on the 17th date of January. These potentially unwanted applications are actually contained in the store that belongs to microsoft and they actually utilize the users CPU power to mine the Cryptocurrency. After being reported to Microsoft, it was actually scrapped from the store.

The applications actually included those which can be used by the computer and also the battery optimization tutorial, the web browsers and the internet search. Others include video viewing and download apps. They are believed to originate from three developers. The developers are the DigiDream, 1Clean and also the Findoo. The 8 applications from these developers were actually found out to contain some characteristics that may really poss risk. Further investigations showed that there are chances that it was developed by the same manufacturer or group

What really makes them popular is the fact that they appear in the top list of the Microsoft store as the free apps. It can also be found through the keyword search.The applications can actually run on the windows 10 such as the windows 10 S mode.

This application will really begin their process when they have been downloaded after which it is launched.They actually fetch a JavaScript that can mine coin actually initiating the application called the GTM in the servers contained in their domain. This process then gets initiated and the mining script starts using the computer’s cycles in the CPU to mine coins for the operators. What really makes these applications questionable is the fact that they appear to have well-defined privacy policies but they actually fail to include the coin mining process on their descriptions.

The records have it that the apps were actually published on 2018 between the months of April and December meaning that it has received a lot of views. These apps have been in the apps store meaning that majority may have downloaded them. The reviews also as per December 2018 showed that it had over 1900 ratings but this really cannot be used to find the right number of the download frequency since it has actually be proven to exist criteria where the ratings are fraudulently inflated. The exact number of users who may have downloaded the app may really not be accurately established.

Mining script

The manifest file where the apps’ domains are hard coded is shown below;

When each app is actually launched, there is really an unauthorized silent visit of the domain where it really triggers the GTM. the GTM is triggered using the GTM keys PRFLJPX which is then distributed in the 8 applications.actualy GTM is really a legitimate tool that makes it possible for the developers to have the Javascript dynamically injected into their applications. Notably, this GTM app has been sometimes abused by the users so as to hide the behaviors that are really malicious and risky! For instance, the link to the JavaScript that’s often stored in the GTM actually doesn’t indicate the function of the code that’s is triggered when its launched. The link is (https://www.googletagmanager.com/gtm.js?id={GTM ID} )

After effective monitoring of all the traffic that is generated from these applications, it was really established to connect to one location that is actually known for its coin mining activities. This remote location is;
http://statdynamic.com/lib/crypta.js

When they have launched the apps it will then access their own GTM and, therefore, activate the mining script. When the crypta.js which is actually an encrypted library was decoded it was actually established to be a version of a coinhive library that actually mines the monero. Many reports have really shown that the coin has have been fraudulently used by tas a crypto jacking agent even without the knowledge of the visitors since its launching date on September 2107!

The miners’ activation source code was also investigated and it was actually established that the miner was actually working with the key da8c1ffb984d0c24acc5f8b966d6f218fc3ca6bda661 which is actually a defined wallet for the coin hive.

The apps are actually categorized under the progressive web applications which are often installed as the part of the Windows 10 apps that will actually run independently from the browser in a window that’s really a standalone type.

Shared domain name servers the master servers for each an every app was actually found from the apps’ network traffic. It was actually established through a “who is” a query that all these servers do really have a likely common origin. This really proved the allegation that the apps might have been really having the same origin or they were actually born from the same manufacturer. They may have really been published by the same manufacturer who may have only varied the names!

After the reports were made to the Microsoft and also the google about the misbehavior of his apps, the Microsoft has really taken action and they have removed the applications from the store. The action has also been taken towards the mining JavaScript and has been actually removed from the google tag manager.

Mitigation’s

These are the precautions you should really take to stay safe from the online threats;

  •  Start by updating your software
  • Always cease from downloading the apps from the unrecognized sources
  • Ensure that the apps that you install are from the trusted suppliers
  • Be keen on the permissions that your app will always request you
  • Always be concerned with the CPU and the memory of your device
  • Ensure that a safety app is installed. You can really pick the norton.com/setup from the link; www.norton.com/setup or even the Symantec endpoint protection for the best security of your device.
  • Ensure you make the frequent backups of the data that you really think is important

For security

Ensure that you choose the Symantec and also the Norton.com /setup since their products and the apps are really the best following their best abilities to detect the Javascript cryptocurrency miner and the apps that may be unsuitable such as the

  • PUA downloader
  • Miner .jswebcoin

Build a Blockchain PoC Application using Hyperledger Fabric

This piece of experience written by Don li in creating a blockchain PoC application for land and title recording on blockchain leveraging Hyperledger Fabric (HF) blockchain platform. It may benefit those who just got started on HF or intend to learn it and for those who are already experienced in HF it may offer another equally viable option.

See what he saying about it.

[”

Let us first set up our goal and then see how we can achieve it.

Here our goal is to create a web application for recording house transactions (buying and selling houses) on a small permissioned blockchain and for being able to search for them. And we’ve decided to use Hyperledger Fabric platform to do the job.

At the end of the day, we want this application look like below (with terse explanation unless self explanatory).

Our first screen is the web application’s Login page with background of Hyperledger Fabric api service debugging output:

The following screen is the web application’s Login page (continued). Login uses two factor authentication process.

The following screen is the application’s main screen, which lists two core functions of “add transaction” and “search for them”. “]

For more visit medium for better reading

How to get HTTPS working on your local development environment in less then 10 minutes

This information shared by Daksh on Medium about the https installation on local development environment.

See what he is saying:

[“   Almost any website you visit today is protected by HTTPS. If yours isn’t yet, it should be. Securing your server with HTTPS also means that you can’t send requests to this server from one that isn’t protected by HTTPS. This poses a problem for developers who use a local development environment because all of them run on http://localhost out-of-the-box.

At the startup I’m a part of, we decided to secure our AWS Elastic Load Balancer endpoints with HTTPS as part of a move to enhance security. I ran into a situation where my local development environment’s requests to the server started getting rejected.

A quick Google search later, I found several articles like thisthis or this onewith detailed instructions on how I could implement HTTPS on localhost. None of these instructions seemed to work even after I followed them religiously. Chrome always threw a NET::ERR_CERT_COMMON_NAME_INVALID error at me.

The problem

All the detailed instructions I had found were correct for the time they were written. Not anymore.

After a ton of Googling, I discovered that the reason for my local certificate getting rejected was that Chrome had deprecated support for commonName matching in certificates, in effect, requiring a subjectAltName since January 2017. “]

Check Medium for more detail

Norton 22.17 for Windows is now available!

Norton Security 22.17.0.183 update is now available via LiveUpdate. As with our previous updates, this version is being released in a phased manner. This update is available in all supported languages. To download it, simply run LiveUpdate through Norton user interface.

This update is available for the following Norton products:

  • Norton Security
  • Norton Internet Security
  • Norton 360
  • Norton Antivirus
  • Norton Security Online

To verify you have the update for Norton Security 22.17.0.183, launch the Main User Interface, click on Help, and select About.

For More Visit : norton.com

Norton Password Manager 6.3 for iOS has been released!

Norton Password Manager 6.3 is released for iOS users. This release  is being done in a phased manner.

Some Frequently Asked questions:

1. What is the version number of this build?

Norton Password Manager 6.3.44 for iOS

2. How can I receive this update?

You can receive the update through Auto Update or by visiting the App Store.

Go to Settings -> Help -> About to verify if you have received the update. Or visit the App Store (link is external) to download directly. Continue reading “Norton Password Manager 6.3 for iOS has been released!”