Posted on

Metadefender Endpoint: Windows PC security scanner

Opswat Metadefender Endpoint is a free security scanner for computer systems running Microsoft’s Windows operating system.

The program checks settings, installed programs and security, and computes a score based on that. It furthermore provides you with options to remove potentially unwanted programs from the computer system.

You need to fill out a form on the Opswat website before downloads for Windows or Mac OS X become available. The information is not verified though, and download links are provided right after you enter the information and submit the form.

Note: The program will submit a report to the Opswat website. There you find listed information on critical issues, other issues, and information.

Metadefender Endpoint

metadefender endpoint

The application runs a scan automatically when it starts. It reveals the security score and the removable applications on the first page that you see when it is done scanning the system.

The score ranges from 0 to 100 points, and is based on points that Opswat Metadefender Endpoint  gives to each item it scans.

A click on the score opens these individual scores. The items it scans are: firewall, hard disk encryption, patch management, backup, public file sharing, antivirus, and anti-phishing.

security score

The scores are color coded to indicate perfect, medium and low scores. As you can see on the screenshot above, items are weighted differently.

Antivirus and anti-phishing make up 50 percent of the maximum score, while firewall and patch management only 15 percent.

You may click on any item to find out more about the score. The program lists applications that it detected, as well as information on what it discovered during the scan.

Not all scores may make sense. The system I tested Metadefender Endpoint on got a 10 out of 20 score in the backup category. The reason for that was that the program failed to score Veeam Endpoint Backup. It only scored Windows File History, something that was not used all that much on the particular device in the past.

The antivirus category had similar issues. It only detected Windows Defender, but not Malwarebytes Anti-Malware, or any of the other security programs installed on the device.

metedafender endpoint score

Move the mouse cursor over the information icon next to each item on the details page to display information on that particular item.

Some entries hold multiple programs that Metadefender Endpoint found during its security scan. The anti-phishing category for instance lists web browsers that are available on the system.

It is interesting to note that some score worse than others. Vivaldi, Google Chrome, Microsoft Edge and Opera for instance are listed with a score of 5 of 20, while Firefox and Internet Explorer with a score of 20 of 20.

Chrome’s and Edge’s phishing protections were turned off, that explained the scores, but the program failed to identify Vivaldi’s and Opera’s protective features properly.

You can right-click on the program icon and select "critical device issues to fix" to load the public page on the Opswat website that highlights the security issues that the program recommends to address first.

This includes issues that may not be mentioned in the program interface. It highlighted for instance that no lock screen timeout was set on that page.

App Remover

The App Remover section lists programs that are potentially unwanted. This includes high profile programs such as Google Drive, CCleaner, Google Chrome, Mozilla Firefox, or Windows Firewall Control.

It is interesting to note that qBittorrent, CCleaner and Google Drive were listed under potentially unwanted applications. I’m not sure how that classification came to be, but it is probably fair to say that most users would not classify those programs this way.

Closing Words

Metadefender Endpoint may point you in the right direction when it comes to security issues on your computer system. May, because it may also fail to identify a setup which may result in lower scores.

It is therefore advised to check all low score areas to make sure the program did not miss a solution installed on the system. (via Windows Club)

Now You: Which security programs or categories do you consider most important?

Ghacks needs you. You can find out how to support us here or support the site directly by becoming a Patreon. Thank you for being a Ghacks reader.

The post Metadefender Endpoint: Windows PC security scanner appeared first on gHacks Technology News.

via https://ift.tt/2lyy5Hw

Posted on

Ransomware Hijacks Hotel Smart Keys to Lock Guests Out of their Rooms

What’s the worst that could happen when a Ransomware hits a Hotel?

Recently, hundreds of guests of a luxurious hotel in Austria were locked in or out of their rooms when ransomware hit the hotel’s IT system, and the hotel had no choice left except paying the attackers.

Today, we are living in a digital age that is creating a digital headache for people and organizations around the world with cyber attacks and data breaches on the rise.

Ransomware

is one of them.

The threat has been around for a few years, but during 2016, it has turned into a noxious game of Hackers to get paid effortlessly by targeting hospitals, Universities, private businesses and even police departments and making hundreds of millions of dollars.

Now, the

Romantik Seehotel Jäegerwirt 4-Star Superior Hotel

has admitted it paid €1,500 (£1,275/$1,600) in Bitcoin ransom to cybercriminals who managed to break into their network and hack their electronic key card system that prevented its guests from entering or leaving their rooms.

The luxury hotel with a beautiful lakeside setting on the Alpine Turracher Hoehe Pass in Austria, like several other hotels in the industry, has a modern IT system that includes key cards for its hotel doors, which could not be programmed.

Also Read: This Tool Detects Never-Seen-Before Ransomware Before It Encrypts Your Data

According to the hotel management, the hotel has been hit multiple times by hackers, but this time they managed to take down the entire key system, preventing its guests to getting in or going out of their rooms,

reported

The Local.

Besides gaining control of the electronic key system, the hackers even gained control over the general computer system, shutting down all hotel computers, including the reservation system and the cash desk system.

Once the hotel made the payment, the system was completely restored that allowed the hotel staff to gain access to the network and hotel guests to enter and exit their rooms.

What’s interesting? Even after the hotel fulfilled the hackers demand, the hackers left a backdoor to the hotel system in an attempt to conduct another cyber attack later.

Fortunately, the security standards of the hotel had been improved by its IT department, and critical networks had been separated to thwart the attack, giving attackers no chance to harm the hotel again.

Furious hotel managers decided to go public with the incident to warn others about the dangers of cyber attack, with Managing Director Christoph Brandstaetter said:

“The house was totally booked with 180 guests; we had no other choice. Neither police nor insurance helps you in this case. 

The restoration of our system after the first attack in summer has cost us several thousand Euros. We did not get any money from the insurance so far because none of those to blame could be found. 

Every euro that is paid to blackmailers hurts us. We know that other colleagues have been attacked, who have done similarly.”

The Ransomware had stolen the nights of many businesses and organizations, as they would often be blamed to fight up to this nasty threat.

Ransomware criminals often demand the ransom in Bitcoin (BTC) for the surety of not getting caught, as Bitcoin transactions are non-trackable due to its decentralized nature.

The frequent payment to Ransomware encourages criminals to stash the cash and develop a more enticing framework for the next target. So, instead of paying or encouraging this scheme, keep your software and systems updated and avoid clicking suspicious links.

via https://ift.tt/2kfD6Xj

Posted on

Check If Your Netgear Router is also Vulnerable to this Password Bypass Flaw

Again bad news for consumers with Netgear routers: Netgear routers hit by another serious security vulnerability, but this time more than two dozens router models are affected.

Security researchers from Trustwave are warning of a new authentication vulnerability in at least 31 models of Netgear models that potentially affects over one million Netgear customers.

The new vulnerability,

discovered

by Trustwave’s SpiderLabs researcher Simon Kenin, can allow remote hackers to obtain the admin password for the Netgear router through a flaw in the password recovery process.

Kenin discovered the flaw (

CVE-2017-5521

) when he was trying to access the management page of his Netgear router but had forgotten its password.

Exploiting the Bug to Take Full Access on Affected Routers

So, the researcher started looking for ways to hack his own router and found a couple of exploits from 2014 that he leveraged to discover this flaw which allowed him to query routers and retrieve their login credentials easily, giving him full access to the device.

But Kenin said the newly discovered flaw could be remotely exploited only if the router’s remote management option is enabled.

While the router vendor claims the remote management option is turned off on its routers by default, according to the researcher, there are “hundreds of thousands, if not over a million” routers left remotely accessible.

“The vulnerability can be used by a remote attacker if remote administration is set to be internet facing. By default this is not turned on,” Kenin said. “However, anyone with physical access to a network with a vulnerable router can exploit it locally. This would include public Wi-Fi spaces like cafés and libraries using the vulnerable equipment.”

If exploited by bad actors, the vulnerability that completely bypasses any password on a Netgear router could give hackers complete control of the affected router, including the ability to change its configuration, turn it into botnets or even upload entirely new firmware.

After trying out his flaw on a range of Netgear routers, Kenin was surprised to know that more than ten thousand vulnerable devices used the flawed firmware and can be accessed remotely.

He has also released an 

exploit code

 for testing purpose, written in Python.

List of Vulnerable NETGEAR Router Models

The SpiderLabs researcher stressed that the vulnerability is very serious as it affects a large number of Netgear router models. Here’s a list of affected Netgear routers:

  • R8500
  • R8300
  • R7000
  • R6400
  • R7300DST
  • R7100LG
  • R6300v2
  • WNDR3400v3
  • WNR3500Lv2
  • R6250
  • R6700
  • R6900
  • R8000
  • R7900
  • WNDR4500v2
  • R6200v2
  • WNDR3400v2
  • D6220
  • D6400
  • C6300 (firmware released to ISPs)

Update the Firmware of your NETGEAR Router Now!

Kenin notified Netgear of the flaw, and the company confirmed the issue affects a large number of its products.

Netgear has

released

firmware updates for all of its affected routers, and users are strongly advised to upgrade their devices.

This is the second time in around two months when researchers have discovered flaws in Netgear routers. Just last month, the US-CERT advised users to

stop using Netgear’s R7000 and R6400

routers due to a serious bug that permitted command injection.

However, in an effort to make its product safe, Netgear recently partnered up with Bugcrowd to launch a

bug bounty program

that can earn researchers cash rewards of up to $15,000 for finding and responsibly reporting flaws in its hardware, APIs, and the mobile apps.

via https://ift.tt/2jOSCso

Posted on

PCI SSC publishes best practices for securing e-commerce

Exponential online sales growth paired with the EMV chip migration in the US makes e-commerce payment security for merchants more important than ever before. As EMV chip technology continues to reduce face-to-face credit card fraud, the shift to e-commerce security becomes increasingly important to businesses large and small.

securing e-commerce

Best practices for securing e-commerce

To help merchants shore up their e-commerce platforms, the PCI Security Standards Council released Best Practices for Securing E-commerce. The information supplement will educate merchants on accepting payments securely online and is an update to existing guidance previously published in 2013.

Educating merchants

Securing the e-commerce environment continues to be critically important. A recent survey found that 66% of consumers claim they won’t purchase from an organization that has been breached.

The Best Practices for Securing E-commerce information supplement includes practical recommendations and case studies to help merchants identify the best solution for their specific cardholder data environment.

Guidance for third party e-commerce service providers

In addition to educating merchants, this latest resource from the Council also provides guidance for third party e-commerce service providers and assessors that support the ongoing security of e-commerce environments.

Following industry recommendations, in December 2015 the Council announced that all organizations that accept payment cards must use TLS 1.1 encryption or higher by June 2018. SSL/TLS encrypts a channel between two endpoints (for example, between a web browser and web server) to provide privacy and reliability of data transmitted over the communications channel.

To underline the importance of using an encrypted channel, Google announced that beginning in January 2017, the Chrome browser will warn users when a website doesn’t use HTTPS.

As there is still confusion in the industry regarding encryption and certificate selection, a large portion of the e-commerce supplement is dedicated to explaining SSL/TLS, with guidance on how to select a certificate authority, an outline of the different types of certificates and a list of potentials questions merchants can ask service providers regarding digital certificates and encryption.

“Our community of members boasts a wealth of payment security knowledge to protect e-commerce transactions all over the world,” said Troy Leach, Chief Technology Officer for the Council. “This information supplement is a testament to their collaboration and willingness to share their experience with others and provides easy to understand examples of e-commerce scenarios along with best practices to secure cardholder data and meet PCI DSS requirements. Their engagement on Council efforts like this paper, the Small Merchant Task Force, and other resource guides help educate merchants on how to make better business decisions to secure cardholder data. Our aim is to make cardholder data more secure in the most sensible way possible.”

via https://ift.tt/2kTUBxo

Posted on

Google Adds Security Key Enforcement to G Suite Apps, Hosted S/MIME to Gmail

Google on Wednesday pumped more life into the use of physical keys as a second form of authentication when it added Security Key enforcement support to G Suite.

Admins inside enterprises managing deployments of the suite of cloud-based productivity apps, formerly known as Google Apps, can now enable two-step verification using Security Keys as a second factor.

Related Posts

February 1, 2017 , 3:08 pm

February 1, 2017 , 2:50 pm

February 1, 2017 , 9:40 am

Security Keys are physical USB tokens that can be configured to cryptographically verify a user at login.

Google also announced the availability of a hosted S/MIME service extending encryption capabilities on Gmail beyond TLS.

“TLS only guarantees to the sender’s service that the first hop transmission is encrypted and to the recipient that the last hop was encrypted. But in practice, emails often take many hops (through forwarders, mailing lists, relays, appliances, etc),” Google said. “With hosted S/MIME, the message itself is encrypted. This facilitates secure transit all the way down to the recipient’s mailbox.”

Google said the availability of S/MIME adds account-level signature authentication, which is unlike DKIM, which provides only domain-based authentication.

“This means that email receivers can ensure that incoming email is actually from the sending account, not just a matching domain, and that the message has not been tampered with after it was sent,” Google said.

On both fronts, Google is providing users additional identity verification and authentication. With Security Keys, which Google has supported since 2014, Google is positioning this support as enhanced protection against phishing.

“Instead of entering a unique code as a second factor at sign-in, Security Keys send us cryptographic proof that users are on a legitimate Google site and that they have their Security Keys with them,” said Christiaan Brand and Guemmy Kim of the Google Account Security team. “Since most hijackers are remote, their efforts are thwarted because they cannot get physical possession of the Security Key.”

Google also announced that this protection can extend to mobile devices (Android and iOS) since the Security Keys also support Bluetooth Low Energy and pair with devices over the BLE protocol.

“BLE Security Keys, which work on both Android and iOS, improve upon the usability of other form factors,” Brand and Kim said.

Yesterday’s announcement was a complement to a larger rollout on Monday of enterprise controls to G Suite, Google said.

In addition to Security Key enforcement, G Suite also supports data loss prevention technology in Google Drive. Admins can use it to add security controls to sensitive data and manage content as it’s stored and how it’s shared. It can also be configured to protect scanned documents via OCR and enforce data protection and sharing policies on that front.

Facebook, last week, announced that it had added support for physical keys for account security as a second form of authentication.

“Most people get their security code for login approvals from a text message (SMS) or by using the Facebook app to generate the code directly on their phone. These options work pretty well for most people and in most circumstances, but SMS isn’t always reliable and having a phone back-up available may not work well for everyone,” said Facebook security engineer Brad Hill.

Google, Facebook and other technology providers have for years supported second factors of authentication, usually via SMS or email messages that prompt users to enter a PIN in addition to their passwords. Google said additional protection is coming soon for personal accounts, which builds off its partnerships with FIDO Alliance; the FIDO Universal Second Factor authentication has been used internally on Google physical keys, the company said.

via https://ift.tt/2l0SPGP

Posted on

1 Billion Mobile Apps Exposed To Account Hijacking Through OAuth 2.0 Flaw

Threatpost, the security news service of Kaspersky Lab, is reporting a new exploit which allows hijacking of third-party apps that support single sign-on from Google or Facebook (and support the OAuth 2.0 protocol). msm1267 quotes their article:
Three Chinese University of Hong Kong researchers presented at Black Hat EU last week a paper called "Signing into One Billion Mobile LApp Accounts Effortlessly with OAuth 2.0"… The researchers examined 600 top U.S. and Chinese mobile apps that use OAuth 2.0 APIs from Facebook, Google and Sina — which operates Weibo in China — and support single sign-on for third-party apps. The researchers found that 41.2% of the apps they tested were vulnerable to their attack… None of the apps were named in the paper, but some have been downloaded hundreds of millions of times and can be exploited for anything from free phone calls to fraudulent purchases. "The researchers said the apps they tested had been downloaded more than 2.4 billion times in aggregate."



Share on Google+

Read more of this story at Slashdot.

via https://ift.tt/2fIjK8N

Posted on

Hundreds Of Operations Canceled After Malware Hacks Hospitals Systems

Computer viruses do not discriminate.

They are not just hacking your email and online banking accounts anymore.

Computer viruses do not distinguish between a personal computer or a hospital machine delivering therapy to patients — and the results could prove deadly.

Cyber attacks on hospitals have emerged as a significant cyber security risk in 2016, which not only threaten highly sensitive information but also potentially harm the very lives of those being protected.

In the latest incident, hundreds of planned operations, outpatient appointments, and diagnostic procedures have been canceled at multiple hospitals in Lincolnshire, England, after a "major" computer virus compromised the National Health Service (NHS) network on Sunday.

In a bright-red alert warning labeled "Major incident" on its website, the Northern Lincolnshire and Goole NHS Foundation Trust (NLAG) said its systems in Scunthorpe and Grimsby were infected with a virus on October 30.

The incident forced the trust to shut down all the major systems within its shared IT network in order to "isolate and destroy" the virus and cancel surgeries.

"We have taken the decision, following expert advice, to shut down the majority of our systems so we can isolate and destroy it," the NHS wrote on its website. "All planned operations, outpatient appointments and diagnostic procedures have been canceled for Wednesday, Nov. 2 with a small number of exceptions."

Some patients, including major trauma patients and high-risk women in labor, were diverted to neighbouring hospitals.

Although the majority of systems are now back and working, the NHS Trust has not provided any specific information about the sort of virus or malware or if it managed to breach any defense.

The incident took place after the U.S. and Canada issued a joint cyber alert, warning hospitals and other organizations against a surge in extortion attacks that

infect computers with Ransomware

that encrypts data and demand money for it to be unlocked.

Although it is unclear at the moment, the virus could likely be a ransomware that has previously

targeted hospitals

and healthcare facilities.

Life Threatening Cyber-Attacks

With the rise in

Ransomware threat

, we have seen an enormous growth in the malware businesses.

The countless transactions of Bitcoins into the dark web have energized the Ransomware authors to distribute and adopt new infection methods for the higher successful rate.

Today, Ransomware have been a soft target for both Corporates as well as Hospitals.

Since earlier this year, over a dozen hospitals have been targeted by ransomware, enforcing them to pay the ransom amount as per the demand by freezing the central medical systems.

Technological advancement in the medical arena has digitalized patients data in the form of Electronic Medical Record (EMR) in order to save them into the hospital’s central database.

Since the delay in patients treatment by temporary locking down their details could even result in the patient’s death, the attackers seek 100 percent guarantee ransom by infecting hospitals with Ransomware.

Due to this reason, in most of the cases, hospitals generally agrees to pay the ransom amount to the attackers.

Earlier this year, the Los Angeles-based Presbyterian

Medical Center paid $17,000

in Bitcoins to cyber crooks in order to restore access to its electronic medical systems, after a ransomware virus hit the hospital.

Also back in April, the MedStar Health chain that runs a number of hospitals in the Baltimore and Washington area, was attacked with

Samsam ransomware

(or Samas) that encrypted sensitive data at the hospitals.

Followingly, many more hospitals, including Methodist Hospital in Henderson and Kentucky, Desert Valley Hospital in California and Chino Valley Medical Center, have been infected with Ransomware.

via https://ift.tt/2eXHg3c

Posted on

Three hospitals in England cancel operations over computer virus

Planned operations and outpatient appointments have been cancelled at three hospitals in northeastern England after a computer virus infected a health service network, the National Health Service Trust said.

In a post on its website, the Northern Lincolnshire and Goole NHS Foundation Trust called the attack a "major incident" and said it had cancelled all planned operations, outpatient appointments and diagnostic procedures for Wednesday.

via https://ift.tt/2f7Xnvz

Posted on

Indian teen arrested in US for cyber attack choking 911 lines

An Indian-origin teenager has been arrested in the US for carrying out a cyber-attack that swamped Arizona’s emergency services with several bogus calls, an incident he claimed was a non-harmful joke gone wrong. Meetkumar Hiteshbhai Desai was taken into custody after the Surprise Police Department, Arizona, notified the Sheriff’s Office of more than 100 hang-up 911 calls.

via https://ift.tt/2fBBvth

Posted on

Infernal Twin Updated 2.6.11 – Automated Wireless Hacking Suite

Infernal Twin is an automated wireless hacking suite written in Python which automates many of the repetitive tasks involved in security testing for wifi networks.

Infernal Twin - Automated Wireless Hacking Suite

Originally created to automate the Evil Twin attack, it has grown much beyond that into a comprehensive suite including various wireless attack vectors.

An evil twin attack is when a hacker sets its service identifier (SSID) to be the same as an access point at the local hotspot or corporate wireless network. The hacker disrupts or disables the legitimate AP by disconnecting it, directing a denial of service against it, or creating RF interference around it.

Users lose their connections to the legitimate AP and re-connect to the “evil twin,” allowing the hacker to intercept all the traffic to that device.

Features

  • WPA2 hacking
  • WEP Hacking
  • WPA2 Enterprise hacking
  • Wireless Social Engineering
  • SSL Strip
  • Report Generation
  • Note Taking
  • Data saved in Database
  • Network mapping
  • MiTM
  • Probe Request

Latest Changes

  • Added Log retrieval button for various attack results.
  • Added BeeF XSS framework Integration
  • Added HTTP Traffic View within tool
  • Improved Infenral Wireless Attack
  • Visual View of some of the panel improved
  • Improved Basic Authentication during Social engineering assessment over wireless network

You can download Infernal Twin here:

infernal-2.6.11.zip

Or read more here.

via https://ift.tt/2f9dBoH