Wednesday, 11 December 2019

Snatch Ransomware Reboots Windows in Safe Mode to Bypass Antivirus

Cybersecurity researchers have spotted a new variant of the Snatch ransomware that first reboots infected Windows computers into Safe Mode and only then encrypts victims' files to avoid antivirus detection.

Unlike traditional malware, the new Snatch ransomware chooses to run in Safe Mode because in the diagnostic mode Windows operating system starts with a minimal set of drivers and services without loading most of the third-party startup programs, including antivirus software.

Snatch has been active since at least the summer of 2018, but SophosLabs researchers spotted the Safe Mode enhancement to this ransomware strain only in recent cyber attacks against various entities they investigated.

"The ransomware, which calls itself Snatch, sets itself up as a service [called SuperBackupMan with the help of Windows registry] that will run during a Safe Mode boot."

"When the computer comes back up after the reboot, this time in Safe Mode, the malware uses the Windows component net.exe to halt the SuperBackupMan service, and then uses the Windows component vssadmin.exe to delete all the Volume Shadow Copies on the system, which prevents forensic recovery of the files encrypted by the ransomware."

What makes Snatch different and dangerous from others is that in addition to ransomware, it's also a data stealer. Snatch includes a sophisticated data-stealing module, allowing attackers to steal vast amounts of information from the target organizations.

Source and more info: Hacker News

Tuesday, 19 November 2019

Microsoft Office 2010 end of support

Office 2010 will reach its end of support on October 13, 2020. If you haven't already begun to upgrade your Office 2010 environment, we recommend you start now.

Also, support for Windows 7 ends on January 14, 2020. Even though Office 2010 is still supported until October, Windows 7 will no longer receive security updates after January 2020, unless you purchase Extended Security Updates (ESU). Without ESU, Windows 7 is vulnerable to security threats. For more information, see the Windows 7 end of support site and Lifecyle FAQ-Extended Security Updates.

What does end of support mean?

Office 2010, like almost all Microsoft products, has a support lifecycle during which we provide bug fixes and security fixes. This lifecycle lasts for a certain number of years from the date of the product's initial release. For Office 2010, the support lifecycle is 10 years. The end of this lifecycle is known as the product's end of support. When Office 2010 reaches its end of support on October 13, 2020, Microsoft will no longer provide the following:

  • Technical support for issues
  • Bug fixes for issues that are discovered
  • Security fixes for vulnerabilities that are discovered
  • Because of the changes listed above, we strongly recommend that you upgrade as soon as possible.

What are my options?

With Office 2010 reaching its end of support, this is a good time to explore your options and prepare an upgrade plan to either of these latest versions of Office:

Office 365 ProPlus, the subscription version of Office that comes with most Office 365 enterprise plans.

Office 2019, which is sold as a one-time purchase and available for one computer per license.

A key difference between Office 365 ProPlus and Office 2019 is that Office 365 ProPlus is updated on a regular basis, as often as monthly, with new features. Office 2019 only has the same features that it had when it was released in October 2018.

source and more reading: Microsoft

Sunday, 27 October 2019

UK businesses are to blocked from using .eu domains?

Deadline of 1 January 2020 scrapped following Commons Brexit vote


Plans to stop UK businesses from owning .eu website domains have been put on hold following this week's Brexit deal vote.

Domain registry manager EURid had previously stated that UK businesses would no longer be able to register for the .eu domain name from the 1 November 2019, should the UK leave without a deal on the 31 October.

It also said that businesses would have until 1 January 2020 to prove they had operations within the EU, and therefore qualify for the .eu domain, otherwise, they would have their domains withdrawn.

Given that the UK government has secured a majority for the second reading of its deal, and that talks suggest the EU will grant an extension to the negotiation period, this has diminished the likelihood of a no-deal scenario on the 31 October.

As a result, EURid has said that its "entire plan" has now been put on hold.

Source and more info: ITPro

What is RAID?

What are the differences between the different RAID levels? Should you use Software RAID or Hardware RAID?

Don’t worry, we’ll keep it simple.

Whether or not you’re looking to set up your own server, optimize the performance of your data storage solution, or just make sure you’re protected as best you can be against data loss, a RAID solution is going to come in handy – and setting one up the right way is essential.

In this quick guide we’re going to cut down on as much of the geek speak as possible, really working to simplify everything you need to know about the different RAID levels, different ways to set up a smart RAID solution, and how to make sure you’re getting the most out of this incredible tool.

What Is RAID, Anyway?

Before we get right into the actual nuts and bolts of finding or setting up a RAID solution, it’s critical that we break down exactly what RAID technology is to begin with.

RAID is a term that stands for Redundant Array of Inexpensive (or Independent) Disks. While that sounds like a pretty geeky acronym for an even geekier system name, the actual technical aspect of a RAID setup is pretty simple and straightforward.

We’re talking about a solution that uses at least two different hard drives, working in concert, to improve the performance and/or the reliability of the system they have been installed into.

The overwhelming majority of RAID setups – especially on the commercial side of things – are going to be for those that want to protect their data and system uptime. With the right RAID solution in place, you could have an entire hard drive fall apart, break down, and stop working completely – and you’d never have to worry about comprising the safety or usefulness of the data on your RAID disk. Furthermore, your dedicated server will remain up and running even when the hard drive fails.

Yes, you’re reading that right. When you have two or more disks set up in a RAID (excluding RAID 0), one of them can fail totally and you’ll still be able to keep chugging along as though nothing happened.

At the same time, different RAID levels and setups are going to influence how, when, and what your hard disks do when there is a failure. You have to be sure you always choose the right RAID setup to maximize the protection and performance boosts you’ll get out of this technology.

Should I Get RAID? Do I Need It?

Hard drives fail. That’s a fact of life and it’s only a matter of time until the hard drives your dedicated server has will fail.

When hard drives fail on a JBOD (“Just a Bunch Of Disks” or NO-RAID) system, the system will experience downtime and data loss. If your business wants to prevent that downtime and data loss, RAID is for you.

Furthermore, if you need better I/O performance, RAID solutions can improve write and read speeds significantly.

At the end of the day, it all comes down to finding the right RAID type for your needs.

Finding The Right RAID Solution For Your Needs

The only way you’ll be able to make the most of this technology is if you find the right RAID solution for you, and you have plenty of options to pick and choose from.

Let’s breakdown the most common – and often leveraged – types below.

RAID 0 (Striping)

RAID 0 is used specifically for those that want to improve the performance of their server solutions but do not care about consequences of losing one of the disks in the array.
This RAID level uses data striping. What this means is that each piece of data is split into segments and these segments are spread across the different disks in the RAID 0 system. With RAID 0, writing and reading happens simultaneously from all the drives in the array so the I/O performance improvement can be very significant.

Because this is such a performance focused solution and not a reliability solution you won’t find any data protection with RAID 0. If a disk in the RAID 0 system fails – the system fails, and all data spread across the disks will be gone.

RAID 1 (Mirroring)

This type of RAID array is commonly referred to as a “disk mirroring” solution. RAID 1 will be implemented with at least two disks (and always with an even number of disks).

With RAID 1 the same data is written on all disks. With RAID 1 you constantly have at least two copies (depending on how many disks you have) of all of your data so should something happen to one of your disks, you’ll have a complete and functional drive to work off of, all thanks to the RAID 1 system.

RAID 1 can also provide I/O performance improvement for read operations. Having the data in two copies means being able to read it simultaneously so the read I/O speed can be up to twice as fast.

RAID 5 (Parity)

RAID 5 is set up on at least three disks that have all of the data saved stripped across them, this gives you “hot swap protection” should a disk go down.

This RAID type uses parity calculation to achieve striping of the data and the ability to recover from a single failed drive.

Think of it this way: If you have a RAID 5 setup in place, one of your hard drives can fall apart at the seams without any issues. You’ll be able to swap the damaged disk out and replace with a brand new one, with the RAID 5 system mirroring your data and rebuilding the system on the fly as necessary.

It’s like a self-healing piece of technology!

RAID 5 also provides up to two times performance improvement for read operations thanks to the striping.

RAID 10 (Mirroring + Striping)

Certainly the most common type of RAID you’ll find in a commercial setting (and a favorite for those running dedicated server systems for clients), RAID 10 balances performance AND data security.

This RAID level essentially combines the features of RAID 1 and RAID 0, making sure data is mirrored and therefore safe (mirroring) while also making sure that the I/O performance of a system is improved thanks to the data being spread across multiple drives and disks (striping).

RAID For SSD Caching

Another option that not all providers can offer you (but we can because we’re absolutely awesome) is to use RAID to create a system which automatically caches your most used data in SSD and saves the less often used in SATA. This caching mechanism constantly proves itself and brings exceptional performance boosts to those who need a lot of storage, with high performance but without the price tag of many high-capacity SSD drives.

Hardware RAID vs Software RAID

A hardware RAID controller costs money but has no overhead on the server. A software RAID is free but does carry some overhead on the server and may be less reliable under certain circumstances.

You see? We told you we’ll keep it simple.

Choosing A RAID Solution For Your Needs

At the end of the day, you need to make sure that you’re getting the most out of a dedicated server – but you also need to make sure that your data is backed up and protected at the same time.

RAID array solutions (like the ones highlighted above) are going to fit the bill perfectly, but only you will know which makes the most sense for you.

Wednesday, 16 October 2019

Windows 7 coming to its death

end-of-life, the legacy OS still holds 27% of the desktop market share

Microsoft made a commitment to provide 10 years of product support for Windows 7 when it was released on October 22nd 2009. In fact, the cut-off date is ever so slightly longer than that, with support for Windows 7 ending on January 14th 2020.

That end of support date might seem like a long way off – close to 500 days, in fact, butt it's "definitely not" too early to start work.

Read more at IT Pro 

Apple iTunes and iCloud for Windows 0-Day Exploited in Ransomware Attacks




A Vulnerability affecting a known component that comes bundled with Apples iTunes has been used by the Cybercriminal group behind BitPayment and iEcrypt to perform ransomware attacks.

The vulnerable component is the Bonjour updater, a component of Itunes that works silently in the background automated various low-level network states, including downloading of new updates related with Apple software.
Uninstalling the iCloud does not solve the problem, since the Bonjour gets installed as a separate program on the system.
The Bonjour component was found vulnerable to the unquoted service path vulnerability, a common software security flaw that occurs when the path of an executable contains spaces in the filename and is not enclosed in quote tags ("").

The unquoted service path vulnerability can be exploited by planting a malicious executable file to the parent path, tricking legitimate and trusted applications into executing malicious programs to maintain persistence and evade detection.
Apple released iCloud for Windows 10.7iCloud for Windows 7.14, and iTunes 12.10.1 for Windows to address the vulnerability and it’s highly recommended to update their software to the latest versions.

Source: Panda Security

Monday, 30 September 2019

Facebook, WhatsApp Will Have to Share Messages With U.K. Police

(Bloomberg) -- Social media platforms based in the U.S. including Facebook and WhatsApp will be forced to share users’ encrypted messages with British police under a new treaty between the two countries, according to a person familiar with the matter.
The accord, which is set to be signed by next month, will compel social media firms to share information to support investigations into individuals suspected of serious criminal offenses including terrorism and pedophilia, the person said.
Priti Patel, the U.K.’s home secretary, has previously warned that Facebook’s plan to enable users to send end-to-end encrypted messages would benefit criminals, and called on social media firms to develop “back doors” to give intelligence agencies access to their messaging platforms.

Source & more info: BNN Bloomberg