Editorials and informational articles

What you need to do if your email gets hacked

In this article I will provide you a small list of things you need to do if you email address gets hacked.

If you get notified your address has been used to send malicious mails or to spam social media pages, most probably your email account got hacked.
Also, use the online checker to see if your mail address has been part of any security breach and compromised this way.

Notify your contacts that your mail address has been compromised:

You need to alert your contacts that your email address has been compromised and that they should not click on malicious links.

Reset your password:

The first thing you need to do if your email has been hacked is to change your password. Either use a random generated password, or create a strong one by following this guide.

Enable 2-step verification:

If your email service has this feature, you should enable the 2-step verification and use your phone to receive the secret code.

Check your email settings:

Check your email settings and look up for suspicious forward rules and other dubious changes.

Scan your devices with a security software:

Scan your devices with an antimalware and antivirus software.

Reset your password again, after your clear your devices from malware:

If your systems are infected, reset the password again, after your have cleaned everything up.

Prevent this things for happening again:

Next, you need to prevent this kind of things from happening again by changing your online behavior. Do not click the links from phishing emails and try to expose yourself less on social networks.

Buy a good antivirus software:

Protect your devices with a paid, good antivirus software

Editorials and informational articles

How To Delete Your Internet Footprint Stored By Google

In this article I will provide you a guide that will help you delete the history of your Google activities. As you may know, the Google Account is logging every move you make on the internet.

Google records everything you searched on the internet, all the addresses you’ve ever typed in Chrome, the videos you’ve seen on YouTube, the news you’ve read through Google News or the destinations you’ve visited via Google Maps. This information is mostly collected and used to provide personalized ads and the content suggested in Google News, YouTube and other services.

Fortunately, due to the GDPR – General Data Protection Regulation that has been already applied in Europe, Google offers you an efficient mechanism to remove much of the information that the US company has about you.

If you want to know how to delete your business history from Google, the first step is to access and sign in with your username and password. Click on the three upper dash letters and choose “Delete Activity By”.

Click Today and opt for Always. Click the Delete button and confirm the process by clicking Ok. You may need to press “Delete” once again.

Editorials and informational articles

Three reasons why I use Brave Browser for Android

YouTube in the background + Adblocker + Chrome + Lion Icon + Android = Brave Browser.

While I am an old Mozilla and FOSS software fan, I never enjoyed their browser on my Android device, so I used Opera a period and then Chrome. Since I have received the Android 8.0 Oreo upgrade on my Nexus 5x, I was not able to use the Suamp music player anymore and so, I needed to look for an alternative that permitted me to minimize the app I used for listening music on YouTube.

The quest has ended when i stumbled upon Brave Browser, a free Chromium-based, cross-platform browser that uses a lion on its icon.

I like Brave Browser for three reasons:

  • it allows you to minimize the browser or to close the screen and to still listen to music on YouTube or other streaming services – this has to be enabled from Settings -> Site Settings -> Media -> video in background – enable.
  • it has an integrated adblocking module – malwaretising is replaced with Brave ads, but the browser splits the money received from ads with the developers, the site the ad is displayed, the sponsors and the users, which can donate the money to their favorite bloggers or youtubers.
  • it uses the Chrome engine, which is the best browser engine for Android (personal opinion)

Besides this, the browser has a HTTPS everywhere module integrated, which switches to the HTTPS versions of the sites, if they are available.

I am using the Brave Browser on both my Nexus 5x and my Samsung J5 and it works like a charm. I have decided to test it after reading this article on KnowYourMobile. The browser can be downloaded for free for Windows, Mac OS X and Linux from the official site and is available of Google Play Store and Apple iTunes, for mobile devices.

Editorials and informational articles Security solutions and antivirus software

The Ultimate Guide For Protecting Yourself From Malicious CPU Minigolf Websites

Lately, the crypto currency mining has risen a lot. Many malicious sites have started using the CPU to mine for Monero bitcoin, similar to what PirateBay did until they were caught. Also, the Trend Micro team has discovered Digmine, a crypto malware that spreads through Facebook Messenger and infects the systems with Monero miners.

The virus spreads via Facebook Messenger, when the malicious videos are opened in the Chrome browser, allowing the hackers to access the infected account and spread the malware to other friends from the list.

The Opera developers have already added a NoCoin feature starting with Opera 50, which blocks all the malicious CPU miners.

Instructions for protecting yourself against CPU minors:

Add an anti-mining extension:

To protect your computer against this type of threats, you should use one of the anti-mining extensions available for either Chrome or Firefox. The software works like an adblocker software, but prevents only the malicious sites from mining.

Anti-mining extensions for Firefox: MiningBlocking, NoCoin, AntiMiner, CoinBlock and others.

Anti-mining extensions for Chrome: NoCoin, MinorBlock, AntiMiner and others.

Add the NoCoin list to your current adblocking software:

You can add the NoCoin list to AdBlocker Plus, AdGuard, uBlock and other adblocking services. The easiest way to do that is to access FilterLists, scroll till you find NoCoin and press the Add button to implement the list.

To manually add the NoCoin list in uBlock, you need to access the Dashboard from the addon menu, go to the 3rd-party filters and add the below link:

To add the NoCoin list in Adblock Plus, you need to access Options, go to Add your own list and add the below link:

To add the NoCoin list in AdGuard, you need to access Options, go to User Filter and add the content of the file in the field (the content of the file, not the link):

Restrict the access from the hosts file:

You need to add in the C:\Windows\System32\drivers\etc\hosts file the below line:

Power users can create  custon DNS or adblocker by using a Linux system (or a Raspberry Pi), to add in a list all the sites you don’t want to get resolved and set the device as DNS server.

It is enough to use only one of the methods above to protect yourself from malicious mining.

Editorials and informational articles Security solutions and antivirus software

OSArmor Is An Anti Exploit Free Software That Blocks Malicious Processes From Running

As you may know, OSArmor is a free anti exploit software that stays in the Windows Tray and protects the computer against auto executable scripts. The software has been designed by the NoVirus Thanks and is officially supported on Windows 7, Windows 8.1 and Windows 10.

Main features:

  • Block execution of pif, com and double file extensions.
  • Block USB spreading malware.
  • Prevent “important” system modifications via bcedit.exe.
  • Block direct execution of scripts and exe files from archives.
  • Prevent regsrv32 from executing remote scripts and /i: parameter.
  • Block processes executed from wscript.exe, cscript.exe, mshta.exe and wmic.exe.
  • Block executionpolicy bypass and windowstyle hidden in PowerShell.
  • Block remote URL downloads from the command line.
  • Block direct execution of JavaScript and VBscript code.
  • Limit Windows Screensaver files to Windows folder.
  • Block execution of schtasks.exe.

After the application has been installed, the configuration parameters can be modified via File -> Open Configurator. If you ask me, the default settings are enough for regular users. For extra security, the software can block running apps from Local AppData, Roaming AppData, Common AppData, but I do not recommend this setting for regular users, do to the fact that it may break some programs.

Also, it can be configured to block apps created by NirSofer, VNC software and LogMeIn, software which is commonly used by IT support specialists.

Tjhe interface is simple and clean and displays the number of blocked processes, the last blocked process and the date and time when the process was blocked. If you need to perform troubleshooting, you can read the logs.

When this article was written, the latest version available was OSArmor 1.3. The software can be downloaded for free from here.

I have toyed a little with OSArmor and decided to keep it installed on the system.

OSArmor Is An Anti Exploit Free Software That Blocks Malicious Processes From Running

OSArmor Is An Anti Exploit Free Software That Blocks Malicious Processes From Running

OSArmor Is An Anti Exploit Free Software That Blocks Malicious Processes From Running

OSArmor Is An Anti Exploit Free Software That Blocks Malicious Processes From Running

Editorials and informational articles Security solutions and antivirus software

Opera 50 NoCoin Feature Will Prevent Malicious Sites From Performing CPU Bitcoin Mining

Starting with Opera 50 stable, the Chromium based internet browser will receive two awesome changes: enhanced VPN service, which will be using the Opera data centers instead of the SurfEasy LLC ones used in the present and a new function called NoCoin, designed to block websites from performing CPU mining while you navigate on the internet.

The revised VPN function:

Starting with the new VPN function, Canada, US, Germany, Netherlands and Singapore will be replaced with Europe, America and Asia. Despite this, the functionality will remain the same.

If you don’t know this yet, the VPN feature can be enabled by going to the Settings menu (ALT + P) -> Privacy and Security – Enable VPN.

NoCoin – the anti mining service:

The NoCoin feature forbids the websites to perform malicious CPU mining while you navigate on the internet. For this to work, you need to also enable the built-in Opera adblocker and along with it, the NoCoin gets also activated (but can be disabled by user, if needed).

Basically, the NoCoin feature is just a list of malicious websites that get blocked by the adblocker.

So, if you want to enable both the built-in adblocker and NoCoin, you need to go to the Settings Menu (ALT + P) -> Block Ads.

Funcționalitatea antibitcoin nu permite siteurilor infectate sa mineze monede virtuale și să folosească putere de procesare în plus, in timpul navigării pe internet. Funcția este foarte bună și cred că va fi repede adoptată de celelalte browsere. Pentru ca noua funcție să funcționeze (și să apară în opțiuni), e nevoie să se activeze și mecanismul integrat adblocker.

The NoCoin function will be included in the stable version of Opera 50, but it is already present in both Opera 50 Beta and Opera 51 Dev.

For more information, see this article from the official Opera Blog.

Like usual, Opera is the browser that implements new features the fastest. The NoCoin feature should be adopted quickly to by the other internet browsers as well.

Opera 50 NoCoin Feature Will Prevent Malicious Sites From Performing CPU Bitcoin Mining

Opera 50 NoCoin Feature Will Prevent Malicious Sites From Performing CPU Bitcoin Mining


Editorials and informational articles Security solutions and antivirus software

After few months Locky ransomware reappeared

According to a Malwarebytes article, after it went dark for months, Locky ransomware returned with two new ‘flavors’. The new versions use new command and control servers. They also use two new affiliate IDs: AffillD3 and AffillD5.

The way that the ransomware is spreading has not changed much. It still uses phishing e-mails that contains malicious code into MS Office files or archived attachments.

Back in 2016, Locky ransomware was in top 3 along with Cryptowall and Cerber. It came back in 2017 but a little more quitter. On August the 9th it reappeared using a new ransomware note and the extension .diablo6 for encrypted files. After another week, a second version appeared using the .Lukitus extension for encrypted files.

Locky ransomware has its base code based on the banking trojan Dridex and it is associated with Necrus malware as distribution botnet. The Dridex trojan seems to be behind the theft of approximately 20 million punds from UK bank accounts. It was then reorganized for ransomware instead of stealing authentication data from online bank account platforms.

Stay alert when opening attachments that come from unknown sources and also a antivirus or antimalware solution is always welcomed. Better safe than sorry! is a phrase we use. 

Editorials and informational articles

PlayStation Plus prices are changing from 31st of August

PlayStation Plus prices are changing starting 31st of August.

If you have a PlayStation console there’s something you should know, in case you did not received an e-mail recently. The PS Plus subscription prices will get higher. The official e-mail sounds like this:

We will alter the price of a PlayStation®Plus membership at 00:01 BST on 31 August 2017. As you are an existing member, this means that all recurring subscription fees payable by you on or after 31 August 2017 will be charged at the new price. Up until 31 August 2017, you may purchase a PlayStation®Plus subscription at the current price, which will then be added (or “stacked on”) to your current membership period.

First I thought that it is just a marketing strategy so that the PS Plus subscriptions for 365 days would get higher numbers, but if that was the case, the e-mail would have said that the prices might be altered. That’s seems not to be the case, so the e-mail is for real and the prices will change.

playstation plus prices are changing

The thing is that the prices are going up globally, so if you don’t have a PS Plus subscription, it might be prudent to grab a renewal or a subscription for 365 days, before 31st of August.

More information about the subject can be found here and for the UK users, here.

Editorials and informational articles

Fruitfly malware went undetected for years

A new Mac malware has passed undetected for years allowing its operator to spy on its victims. The Fruitfly malware has been patched in January 2017, but Patrick Wardle, scientist researcher at security firm Synack has discovered another version of the malware out in the open. Patrick was formerly a NSA hacker.

This new version could gain control of the victim’s computer, take screenshots of their screen, take webcam photos and more. So far it has been known that Fruitfly has infected nearly 400 victims, but the number can be bigger. Most of the victims are in the United States.

Wardle has stated for ZDNed that “it’s not the most sophisticated Mac malware“. He also continued in another article from ArsTechnica stating “I don’t know if it’s just some bored person or someone with perverse goals […] If some bored teenager is spying on me, that would still be very emotionally traumatic. If it’s turning on the webcam, that’s for perverse reasons“.

After the discovery made by Wardle, he reported everything to the law enforcement officials. Also all domains know to be associated with the malware are no longer available. That should essentially neutralize the threat.

As you might all guess, the Apple representatives did not respond to an e-mail seeking comment for this article.

The interesting thing is that even though the malware is not that sophisticated, it managed to stay under the radar for so long. Compairing with the new Mac malware that appeared recently, Fruitfly malware was easily detectable. Given the facts, none managed to find it until recently.

According to a McAfee study, the infections of Mac operating systems is increasing and by the end of the year we’re expecting for the numbers to grow.

fruitfly malware

Credits for photo, Patrick Wardle.

Editorials and informational articles Tutorials and how to guides

Perceptual Ad Blocker blocks ads by graphic elements, not by code

A few guys from Princeton and Stanford universities have worked together and create Perceptual Ad Blocker, a different piece of adblocking software, that detects ads by the graphical elements, the content dimensions and the sponsored words. The software does not hide the ads completely, but covers them and displays the “This is an ad” text.

As you may know, the classical adblocking software analyzes the source code of pages to identify the ads, while Perceptual Ad blocker does things in a different way. It has been initially released to block the annoying Facebook Ads, after the website has started to integrate the ads in the content better and better, and the classical ad blockers could not block them.

Another good thing about Perceptual Adblock is that it is not discovered by the websites, being an ideal solution for that kind of websites that do not offer the content if you do not whitelist them in your adblocker. It has been tested on 50 websites that usually detect adblockers, but it has been invisible.

For now, Perceptual Ad Blocker is just a proof of concept, available only for Google Chrome, as an extension. For more information, see this thread on the MMO-Champion forum.