5333 private links
Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries.
“Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not ‘the norm.’”
First 500 characters of the BNT162b2 mRNA. Source: World Health Organization
The BNT162b2 mRNA vaccine has this digital code at its heart. It is 4284 characters long, so it would fit in a bunch of tweets. At the very beginning of the vaccine production process, someone uploaded this code to a DNA printer (yes), which then converted the bytes on disk to actual DNA molecules.
Out of such a machine come tiny amounts of DNA, which after a lot of biological and chemical processing end up as RNA (more about which later) in the vaccine vial. A 30 microgram dose turns out to actually contain 30 micrograms of RNA. In addition, there is a clever lipid (fatty) packaging system that gets the mRNA into our cells.
RNA is the volatile ‘working memory’ version of DNA. DNA is like the flash drive storage of biology. DNA is very durable, internally redundant and very reliable. But much like computers do not execute code directly from a flash drive, before something happens, code gets copied to a faster, more versatile yet far more fragile system.
For computers, this is RAM, for biology it is RNA. The resemblance is striking. Unlike flash memory, RAM degrades very quickly unless lovingly tended to. The reason the Pfizer/BioNTech mRNA vaccine must be stored in the deepest of deep freezers is the same: RNA is a fragile flower.
Each RNA character weighs on the order of 0.53·10⁻²¹ grams, meaning there are around 6·10¹⁶ characters in a single 30 microgram vaccine dose. Expressed in bytes, this is around 14 petabytes, although it must be said this consists of around 13,000 billion repetitions of the same 4284 characters. The actual informational content of the vaccine is just over a kilobyte. SARS-CoV-2 itself weighs in at around 7.5 kilobytes.
Ransomware is becoming the number one threat to data, which makes it essential to ensure that bad actors don’t encrypt your backup data along with your primary data when they execute ransomware attacks. If they succeed at that, you will have no choice but to pay the ransom, and that will encourage them to try it again.
The key to not having to pay ransom is having the backups to restore systems that ransomware has encrypted. And the key to protecting those backups from ransomware is to put as many barriers as you can between production systems and backup systems. Whatever you do, make sure that the only copy of your backups is not simply sitting in a directory on a Windows server in the same data center you are trying to protect.
For now, though, responders emphasize that companies and other organizations can still protect themselves. They can make ransomware less lucrative for attackers by focusing on basic security protections and tightening their defenses in fundamental ways. This not only makes it more difficult for attackers to find vulnerable targets in the first place; it can make it less likely that victims will actually need to pay a ransom to restore their services if they do get hit.
“Organizations need to get the basics right, that is absolutely critical,” Emsisoft's Callow says. “In the past, companies could often get away with having somewhat weak security, but now they can’t. They'll pay the price literally and figuratively.”
US Cyber Command has uploaded North Korean malware samples to the VirusTotal aggregation repository, adding to the malware samples it uploaded in February. //
It's interesting to see the US government take a more aggressive stance on foreign malware. Making samples public, so all the antivirus companies can add them to their scanning systems, is a big deal -- and probably required some complicated declassification maneuvering.Me, I like reading the codenames.
While the technical definitions for computer virus, worm, and malware might have a little overlap, it’s generally accepted that the first type of computer “virus” occurred in 1971 on ARPANET, the scientific/military network that preceded the modern internet. Creeper was an experimental self-replicating program that infected DEC computers across the network.
Written by Bob Thomas at BBN Technologies, Creeper propagated itself throughout ARPANET by exploiting a vulnerability in DEC PDP-10 computers running the TENEX operating system. The worm wasn’t malicious and, upon gaining access to a machine and replicating itself, broadcast “I’m the creeper, catch me if you can!” on the terminal screen. The first virus removal program, dubbed The Reaper, soon followed, designed to ferret out Creeper infections and tidy up.
Hospitals that have been hit by a data breach or ransomware attack can expect to see an increase in the death rate among heart patients in the following months or years because of cybersecurity remediation efforts, a new study posits. Health industry experts say the findings should prompt a larger review of how security — or the lack thereof — may be impacting patient outcomes.
Backdoors snuck into 12 OSS packages were downloaded hundreds of thousands of times. //
The only recourse once a server installs a backdoored app is to perform a complete rebuild, a task so onerous it’s sure to be skipped by many of the 100,000 or more systems that received one of the maliciously tampered packages discovered this week.
“Without a clean reinstall of the OS and application, along with key and credential rotation, there is a significant risk that the system will remain compromised,” Kenn White, director of the Open Crypto Audit Project, told Ars. “I've declined more than one engagement because the operators believed they could manually inspect the system via, for example, file differences, and make a valid assessment themselves. That's naive, to say the least.”
Tamper Protection blocks attempts to modify Windows Defender Antivirus settings through the registry. To help ensure that Tamper Protection doesn’t interfere with third-party security products or enterprise installation scripts that modify these settings, go to Windows Security and update security intelligence to version 1.287.60.0 or later. Once you’ve made this update, Tamper Protection will continue to protect your registry settings and will log attempts to modify them without returning errors.
If the Tamper Protection setting is On, you won't be able to turn off the Windows Defender Antivirus service by using the DisableAntiSpyware group policy key.
How to Confirm Exploit Protection is Enabled
This feature is automatically enabled for all Windows 10 PCs. However, it can also be switched to “Audit mode”, allowing system administrators to monitor a log of what Exploit Protection would have done to confirm it won’t cause any problems before enabling it on critical PCs.
To confirm that this feature is enabled, you can open the Windows Defender Security Center. Open your Start menu, search for Windows Defender, and click the Windows Defender Security Center shortcut.