Information Technology

In an era of GDPR, FISMA, FERPA and HIPAA, carrying around unencrypted data really isn’t an option for businesses these days. And with working from home having made more progress in the past few months that it was expected to make in the next few years, security is more important than ever.
And Apricorn’s new Aegis Secure Key 3NXC is the perfect solution.
The new Aegis Secure Key 3NXC builds on Apricorn’s Secure Key 3z and Aegis Secure Key 3NX, taking the same proven form-factor and physical keypad, and adding something that users have been asking for — USB-C support.
“Even before the COVID-19 pandemic, remote and mobile working was on the rise, along with the associated risks to data,” said Jon Fielding, Apricorn’s managing director EMEA. “As the global workforce shifted from office to home practically overnight, the demand for our encrypted secure keys skyrocketed, as did the demand for our A-to-C adapters. We accelerated the release of the Aegis Secure Key 3NXC to provide an efficient way of ensuring that employees using MacBooks, iPads and Android devices can securely store and move sensitive data, wherever and however they’re working.”
Must read: Must-have Windows and Mac utilities get new features

Aegis Secure Key 3NXC tech specs:
No software – so there’s nothing to keylog or to hack.
OS agnostic – the device is completely cross platform compatible.
Onboard keypad – all authentication takes place within the device itself.
All data, passwords and encryption keys are 256-bit encrypted at rest.
No host computer is involved in setup, authentication or encryption.
Forced enrollment – no default PINs ensures that data is not put at risk by employees who fail to change a factory set PIN before deployment.
IP-68 rated against water and dust damage.
Separate administrator and user access.
Read-only options that can be enforced by the administrator or set by the user if allowed by policy.
Highly configurable with policy such as time out values, data recovery PINs, and programmable PIN lengths.
Brute force PIN attack protection.
Ability to automatically configure multiple devices remotely using Apricorn’s Aegis Configurator tool.
When I started using Aegis keys with the built-in keypad I’d expected the polymer-coated buttons to be the weak link, but they are exceedingly wear-resistant and do not seem to wear out over time to reveal most commonly used buttons. I have similar drives that have been in regular usage for over a year and the keypad is still like new.
The drive also comes with a silicone sleeve that helps to keep it clean and free from scratches.

Because there are no drivers to install, the drive is totally OS agnostic and perfectly at home on Windows, Linux, Mac, Android, Chrome, iPadOS on the iPad Pro, and embedded systems, as well as other equipment equipped with a powered USB port and storage file system.
In use, the simplicity of the Aegis Secure Key 3NXC really shines. Once you’ve set up a passcode, you can unlock and lock the drive in a matter of seconds.
You can unlock it easily. Not the bad guys.
The drive features built-in brute-force decrypt defense, can be set to read-only mode, and it has unattended auto-lock in case you walk away from it and become distracted.
For that added level of security, there’s also the ability to set a self-destruct PIN to quickly wipe the drive of its contents yet make it seem like it is fully working.
The flash drive’s firmware is also locked to prevent tampering with it, which makes the drive resistant to attacks such as BadUSB.
“USB-C is the first truly universal standard for transferring data between devices, and is set to take over from USB-A as the new standard on computers of the future,” Fielding told ZDNet. “While most computers and laptops still offer both A and C connector ports, the number of manufacturers exclusively committing to type C is growing. We’re developing our products with this next generation of computers in mind – but we will continue to manufacture USB-A compatible devices for those who need them for the foreseeable future.”
This drive is everything I have come to like and expect from Apricorn hardware, now with a USB-C connector, which for me makes it the perfect drive to protect my data.
FIPS 140-2 Level 3 validation for the Aegis Secure Key 3NXC is pending for Q3 2020.
The 3NXC comes in a broader range of capacities, ranging from 4GB to 128GB. This translates into savings for those who don’t need high-capacity storage drives, and prices range from $59 to $179. More

Certo AntiSpy iPhone Spyware Detection

Certo
AntiSpy
is
not
an
app.
Instead,
it
is
a
utility
that
you
download
and
install
on
a
Windows
or
Mac,
and
you
use
that
to
scan
a
backup
of
your
iOS
or
iPadOS
for
subtle
signs
of
intrusion.
… More

More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.
The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company’s staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.
A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.
Besides fake ad blockers, AdGuard said it also found extensions posing as weather forecast widgets and screenshot capture utilities.
However, the vast majority of the malicious extensions (245 out of the 295 extensions) were simplistic utilities that had no other function than to apply a custom background for Chrome’s “new tab” page.

In a technical analysis shared with ZDNet, AdGuard said all extensions loaded malicious code from the fly-analytics.com domain, and then proceeded to quietly inject ads inside Google and Bing search results.
Almost all the 295 extensions were still available on the official Chrome Web Store earlier today, when we received the list from AdGuard.

I honestly tried reporting this to Google using different channels, but weeks passed and they all are still on Chrome Web Store.OK, Google, what one should do to help you remove malware from @googlechrome Web Store? https://t.co/mjE0a100ft
— Andrey Meshkov (@ay_meshkov) August 4, 2020

Extensions started being pulled down from the store after we reached out to Google’s Web Store team and after AdGuard published a blog post detailing their findings.
The same blog post also details additional bad practices on the Chrome Web Store, such as store moderators allowing a large number of copycat extensions to clone popular add-ons, capitalize on their brands, reach millions of users, while also containing malicious code that performs ad fraud or cookie stuffing.
The full list of 295 ad-injecting extensions is available below, at the end of this article.
When Google removes an extension from the Chrome Web Store for malicious activity, the extension is also disabled in users’ browsers and marked as “malware” in Chrome’s Extension section.
Users still have to manually uninstall it from their browsers.
Format: [extension ID] [extension name]
flbcjbhgomclbhlchggbmnpekhfeacim, “ScreenShot & Screen Capture Elite”
aadmpgppfacognoeobmheghfiibdplcf, “Kawaii Wallpaper HD Custom New Tab”
abgfholnofpihncfdmombecmohpkojdb, “Shadow Of The Tomb Raider Wallpaper New Tab”
aciloeifdphkogbpagikkpiecbjkmedn, “Kpop SHINee Wallpapers HD New Tab”
acmgemnaochmalgkipbamjddcplkdmjm, “Tokyo Ghoul Wallpaper HD Custom New Tab”
addpbbembilhmnkjpenjgcgmihlcofja, “Mega Man Wallpaper HD Custom New Tab”
adfjcmhegakkhojnallobfjbhenbkopj, “Weather forecast for Chrome™”
aeklcpmgaadjpglhjmcidlekijpnmdhc, “Kpop Blackpink Wallpaper HD Custom New Tab”
afifalglopajkmdkgnphpfkmgpgdngfj, “Kpop Red Velvet HD NewTab Themes”
agldjlpmeladgadoikdbndmeljpmnajl, “Tumblr Wallpapers Wallpaper HD Custom New Tab”
ahmmgfhcokekfofjdndgmkffifklogbo, “season 6 fortnite HD Wallpapers NewTab”
aippaajbmefpjeajhgaahmicdpgepnnm, “Unicorn Wallpaper HD Custom New Tab”
akdpobnbjepjbnjklkkbdafemhnbfldj, “My Hero Academia Wallpaper HD Custom New Tab”
akhiflcfcbnheaofcaflofbmnkmjlnno, “Cs Go Wallpaper HD Custom New Tab”
aklklkifmplgnobmieahildcfbleamdb, “Super Junior Wallpapers Eunhyuk”
alppaffmlaefpmopolgpkgmncopkbbep, “Boku No Hero Academia Wallpaper HD New Tab”
amdnpfcpjglkdfcigaccfgmlmdepdpeo, “D.Gray-man Backgrounds New Tab”
aomepndmhbbklcjcknnhdabaaofahjcj, “Super Cars – Sports Cars Wallpaper HD New Tab”
badbchbijjjadlpjkkhmefaghggjjeha, “Lil Pump HD New Tab”
bbbdfjdplonnggfjjbjhggobffkggnkm, “3D Wallpaper HD Custom New Tab”
bbdldenhkjcoikalkfkgolomdpnncofc, “Snowman & Gingerbread New Tab Constellations”
bcdjcbgogdomoebdcbniaifnacjbglil, “Gucci Tab Themes HD Bape”
bcepmajicjlaoleoljbpaemkfghohmib, “Bulldogs Tab”
bdbablmeheiahecklheciomhmkplcoml, “Kobe Bryant – Black Mamba New Tab Themes HD”
bfeecodfffgkdedfhmgbfindokikafid, “GTA 5 Grand Theft Auto”
bhifimmocncplbnikchffepggmofkake, “Bangtan Boys Wallpaper HD Custom New Tab”
blipiofdiknkllpajgepiiigfmfgnfep, “Aquarium Live Wallpaper HD Custom New Tab”
bmagbmnmkaknlnoohbmobfmlgndijecb, “RM & Jin Tab Wallpapers”
bnecbeikepeloplclngelcgmgdnafhlp, “Akame Ga Kill Wallpapers HD”
bpnmalopmgpilaoikaeafokedkkonhea, “Sports Cars”
cbncogjaakomibjcgdkpdjmlhfcjfojc, “Moving Wallpapers Wallpapers”
ccgmdfdcnpcfmpceggggmnhbolkhlffi, “Christmas Tree Lights NewTab Emoji”
ccmnnlcciddhkdllgfmkojmmmpahdhlp, “Jungkook HD Tab Backgrounds”
cdpmhflbdaoifgkmlhpfkbfgcifchgpn, “CS GO Themes NewTab”
cepgcjakdboolfkcbihdokfjjkeaddin, “One Direction 1D HD NewTab”
cfadfngejcdogjkkdohpkgeodjooogip, “My Hero Academia Wallpaper HD Custom New Tab”
cgdmknakejoaompdmdeddpgmjffnniab, “Suga”
cgodgjmdljiecnbcgdampafcmlgmfmid, “Puppies Wallpaper HD Custom New Tab”
cibigjhoekijbagpgcgpgimebaiocdgm, “Gta V Wallpaper HD Custom New Tab”
cjbdbomgdbdgdlainhobpjnfkoidcond, “Lamborghini Live Wallpaper HD Custom New Tab”
clndgmolhlkchkbiinamamnbibkakiml, “Tokyo Ghoul Wallpaper HD Custom New Tab”
cmbfgkkjfkmmhalhebnhmanbenfghkcm, “Galaxy Wallpaper HD Custom New Tab”
cncepimkmnhgbjmbcgoomegdkdhplihm, “Stargate SG-1 Tab Wallpapers HD”
cnfbbaddndiehkmhdmmngecaofaojaeo, “Rogue One – Star Wars Wallpaper HD New Tab”
codilkcdacpeklilmgjknekfpminaieo, “Bugatti Vs Lamborghini Wallpaper HD New Tab”
dakenmmdlklnjdpdfmdjccpeapmijaad, “Galaxy Space Wallpaper HD Custom New Tab”
dapecdhpbakbfcoijjpdfoffnajhifej, “Avengers Endgame”
dckadbanpeemhkphnnllamgolhbbbebi, “Spiderman HD NewTab Comics”
ddodaoihhhohncjalnjgmgnlfhgckgdj, “Glitter Wallpaper HD Custom New Tab”
dhbhgfiodedkhgocailljbhcfjhplibb, “Super Cars Wallpaper HD Custom New Tab”
dhcnonhheahlocjbbpkbammanpenpfop, “Naruto Wallpaper HD Custom New Tab”
dhgmdjkeagnhamkedcejighocjkkijli, “Cats & Dogs Wallpapers & Cats & Dogs Games”
dinlhhblgeikohhbfkcoeggglbjlanhg, “Riverdale Tab Themes”
djjdjlbigcdjlghdioabbkjhdelmdhai, “Kawaii Wallpaper HD Custom New Tab”
dkcppkdodfegjkeefohjancleioblabi, “Stephen Curry NewTab Wallpapers”
dkfbfgncahnfghoemhmmlfefhpolihom, “Naruto Wallpaper HD Custom New Tab”
dmklpmfpkokephcjdmocddkhilglgajl, “Witcher Backgrounds HD Tab”
dnimnhhaiphlclcocakkfgnnekoggjpl, “Planet Earth Nature Space Art Wallpaper Tab”
doecpeonnonddhfpabfgblijljennlcj, “Galaxy Space Wallpaper HD Custom New Tab”
dofbgmolpdoknlknfjddecnahgjpinpb, “Beagle Wallpapers New Tab”
dppogkehbpnikehcmadgkbimjnmhdnlo, “Blue Exorcist Wallpapers NewTab”
eapceolnilleaiiaapgionibccekkeom, “Boku No Hero Academia Wallpaper HD New Tab”
ecaejcfpngljeinjmahknbemhnddiioe, “Sicario Day Of The Soldado Themes NewTab”
ecgafllkghmmbnhacnpcobibalonhkkj, “StarCraft Themes NewTab”
edfmeionipdoohiagoaefljjhififgnl, “Nike Themes”
edgbooeklapanaclbchdiaekalebmfgb, “Jesus New Tab”
edohegfjelahakooigmnmkmjofcjgofe, “Sword Art Online Wallpaper HD Custom New Tab”
eeeiekjkpbneogggaajnjldadjmclhlo, “Bts Suga”
eejkpejdfojkbklnlnpgpojoidojbhnh, “Hot Rod Wallpapers – Classic Cars Themes”
efckalhlcogbdbfopffmbacghfoelaia, “Anime Wallpaper HD Custom New Tab”
efnaoofiidefjeefpnheopknaciohldg, “Zelda Wallpaper HD Custom New Tab”
egdpmjnldpefdaiekiapjkanabfiaodp, “Anime Wallpaper HD Custom New Tab”
egicjjdcjhfdnejimnhngogjmoajffpm, “Video Downloader and MP3 converter Pro”
ejcefeinlmdmpnohebfckmodhdkhlgmk, “Danganronpa Wallpapers”
ejighbgeedkpcambhfkohdalcgckdein, “Adblocker for YouTube – Youtube Adblocker”
empoeejllbcgpkmghimibnapemegnihf, “Cristiano Ronaldo Wallpapers”
enlaekiichndcbohopenblignipkjaoa, “Auto Replay for YouTube”
enmomapaolnpbaenhilkjhmobpggjcpm, “Anime Wallpaper HD Custom New Tab”
eohabjkmhajbeaejogdikpgapkeigdki, “Bangtan Boys Wallpaper HD Custom New Tab”
eoijplcnfnjgofchhdkkhpfcjkcefgkb, “Minecraft Wallpaper HD Custom New Tab”
facihnceaoboeoembnbmdlecmkpioacc, “Ferrari Wallpaper HD Custom New Tab”
fagaafjhdmoagacggplmbpganjfjjpcf, “Detective Pikachu Wallpaper HD Custom New Tab”
fanonokndfeibplocpeipgfbopkigcce, “Sword Art Online Wallpaper HD Custom New Tab”
faokbgedcfhnfecloigcihpplicdnann, “Japan NewTab”
fcdopghpidfdeglcheccmehiaedgpmkm, “Wreck It Ralph 2 New Tab Themes HD Moana”
fdacngbbemokpkmdkdefkoodndakgejc, “Neon Wolf NewTab”
fdfffeipjpofnkmdkadjcjohdfoeblhk, “Zombies Wallpaper HD Custom New Tab”
ffhamkjhfajcjlnobkogimnhiagohgfg, “Freddy fnaf New Tab Backgrounds”
fjnbjacfigdidgeeommhbdhnojamhpfg, “Boku No Hero Academia Wallpaper HD New Tab”
fjohhelccbogecmolmjemopgackpnmpg, “Portal Wallpapers & Portal Games”
flagaiaajbikpfnnkodcphdcmgefmbcl, “Aquarium Live Wallpaper HD Custom New Tab”
flgfngbiaanimkhjkojnmilfalidpign, “Chicago Cubs Wallpapers Cubs World”
fmngfipkcebejdconcibohjjgfmokhpa, “Spiderman – Into The Spider Verse Themes Man”
fnblapfcdifokdbkpcbhpkajlkgmcjii, “Motivational Quotes Wallpaper HD New Tab”
fpdjcfokkeooncckcolkmmppebjnfhgh, “Kimetsu No Yaiba Wallpaper HD Custom New Tab”
fphafkamioonlcelldogidajbcmmicco, “Galaxy Wallpaper HD Custom New Tab”
fpjbgjpkfcanmdgjpmnnmoekkaahmafg, “Chevrolet Corvette Backgrounds”
fplmpcijomgjmfbjcidbgpjdmhmamlkf, “Thanos Marvel Wallpaper HD Custom New Tab”
gdacidkmmbdpkedejaljplnfhjidomio, “Tokyo Ghoul Wallpaper HD Custom New Tab”
gdoomgeeelkgcmmoibloelbodkpggdle, “Roblox Wallpaper HD Custom New Tab”
geoolholooeeblajdjffdmknpecbkmah, “Pink Wallpaper HD Custom New Tab”
ghfgeefhkkoajgmnopaldgcagohakhmg, “Despicable Me 3 Wallpaper HD Custom New Tab”
ghhanhhegklhcoffmgkdbiekfhmbfbnc, “Supercars Mustang-Lambo-Bugatti-Nissan Tab”
gjkigcdoljdojaaomnadffdhggoobdpc, “Fortnite Live NewTab”
gkjkhpbembbjogoiejpkehohclfoljbp, “Swag HD Tab Wallpapers”
glibnbcgclecomknccifdaglefljfoej, “Nba Youngboy Wallpaper HD Custom New Tab”
gllogphgdmclhfledlcgmdolngohamcl, “Horse Wallpaper HD Custom New Tab”
haagbldencigkgikfekmoaaofambnafp, “Fire Horse Wallpaper HD Custom New Tab”
haglbigaalkckkedjamjibfnklbbodck, “Puppies Wallpaper HD Custom New Tab”
hcgepcgbgnleafnfcepjbekchbdmekfa, “J Hope & V Bts Vhope HD NewTab”
hdbchphkjjidcfidaelcpmonodhhaahp, “Pokemon Go Wallpaper HD Custom New Tab”
hdljgflalglmllbagpacjmkdiggliidk, “Dark Souls Themes NewTab HD”
hdpnlijiblkmokbjljbahhgkpokgpkli, “Fortnite Live Wallpapers New Tab”
heaphjoejcpdagahbnkkloiaicpadomp, “Blade Runner 2049 Wallpaper HD Custom New Tab”
hjfmdhbmpagpfheceengkakdmpncmlif, “Christmas Tree – Rose Gold Themes Frozen”
hjkjkmkoklbhjhlddialffkchddlncjb, “Unicorns Wallpaper HD Custom New Tab”
hjoihkjijjbkiglgeghbokincmidfped, “Harry Potter Wallpaper HD Custom New Tab”
hncokbmdmbmmlkjhoagcpokehopdikhc, “Star Wars Wallpaper HD Custom New Tab”
hnhpnbajfmmopedidmiablkcdnlegkmd, “Sports Cars – Super Cars Wallpaper HD New Tab”
homdfmaeflodjknffbnhagmlhmgmbjac, “Unicorns Wallpaper HD Custom New Tab”
iccagibmclklcmiejfddepgffgkhnnib, “Dragon Ball Z Wallpaper HD Custom New Tab”
idkllmolbaiailjfidkjcidapkddidbg, “Marble Wallpaper HD Custom New Tab”
ifbffcgakkboaffkidggpcjolehhhbfd, “Naruto Wallpaper HD Custom New Tab”
ifdebecchhapkfdbcbhpmjonmbpfpnck, “Roblox Wallpaper HD Custom New Tab”
igbcfkjflkgamnoikcpiljglnmjnkjac, “Bts Wallpaper HD Custom New Tab”
iiblgogamkmdfojoclpdhainbndfpcci, “Motivational Quotes Wallpaper HD New Tab”
inkankpmoblmficechfgfinajifbfkdn, “Fortnite Season 7 Wallpaper HD Custom New Tab”
ioejcipbmdjinhfciojiacdjolkabkmn, “Lamborghini Wallpaper HD Custom New Tab”
iojhbljpppeociniiemjfelmdcgikmep, “BTS Members Themes NewTab”
ipgnnndhgeaclopjgiihppbbfnmkmjcm, “Neon Genesis Evangelion NewTab”
jckaglinbbflgcklfgacjdmgpnccmdng, “Horse Backgrounds HD”
jfocahgaekfaemhfcfefcodphgpinnch, “Fortnite Omega Wallpaper HD Custom New Tab”
jgbkgjepkeklblmlhnpjmnbinmifjenc, “Forntine Skin Wallpaper HD Custom New Tab”
jlbebokeclkofhchdepbojfhmocdlhfl, “Marble Wallpaper HD Custom New Tab”
jlbhkoohfmnikpalgglhpadlbeiobkaa, “Sports Cars – Super Cars Wallpaper HD New Tab”
jmlbnlcodmikhdpbjjdemgaebjgmpooa, “Hetalia Backgrounds HD Tab”
jnmckphflgdpioinbjaeckdajkbgcfgg, “Minecraft Wallpaper HD Custom New Tab”
kcjahchbheejjpdpohgfkaoknhcdjjnh, “Santa Claus Wallpapers & Santa Claus Games”
kdihodbgfndblemlklkllhfjhiidbgih, “Fortnite Wallpaper HD Custom New Tab”
kefmhdhaebhmdeaabcgoaegmgodncebc, “Just Cause 4 Themes New Tab Avalanche”
kicmnilchjfefpceoaiopdpbpkicgjjm, “Galaxy Wallpaper HD Custom New Tab”
kigiheamdfmilbhkfdploghfnndcgkko, “Pokemon Wallpaper HD Custom New Tab”
kjgceeikbnmddoaggelkkpljdabhghkc, “Pokemon Backgrounds HD”
kkeojhapoadcdlmkjlakdbhfkldbbmgi, “Hypebeast Wallpapers HD New Tab”
klblfmpeelmpnadjahhdakiomhaepogb, “Photography Wallpaper HD Custom New Tab”
kmfiklhdkhidbmofjbgmpeaogglkndpe, “Super Junior Wallpapers & Super Junior Games”
knacgnmpceaffedmgegknkfcnejjhdpp, “Logan (Wolverine) Wallpaper HD Custom New Tab”
kppjffaccdlhfeleafnohmfkgimdjmgg, “Darling In The Franxx New Tab HD”
lbbegfjhlhpikmhbdcfcoadegdldmaen, “Snow Man Wallpapers & Snow Man Games”
lbjgbekokephmmfllmpglefmoaihklpn, “Made In Abyss Wallpaper HD Custom New Tab”
lblnngjkgcpplmddebmefokmccpflhip, “Athletes Motivational Quotes Backgrounds”
lcdabcbanafchdlcbdjgngcplnkijala, “Naruto Wallpaper HD Custom New Tab”
lcgjhoonomcmjpbnijfohbdhhjmhjlal, “Minecraft Wallpaper HD Custom New Tab”
ldkienofjncecbbnmhpngiiidekfcdoe, “Bulldogs Themes”
lemhpidjofhodofghkakoglahdafpcbe, “Harry Potter Wallpaper HD Custom New Tab”
lgekbdjboenacbkiabfkkcpjgacmjcdg, “Pokemon Go Wallpaper HD Custom New Tab”
lggmpibegkcnfogpophgnchognofcdgo, “Neon wolf Backgrounds HD”
ljppknljdefmnkckkdjaokhlncbiehgo, “Roblox Wallpaper HD Custom New Tab”
lkdahidfbdadmblpkopllegopldfbhge, “Space Wallpaper HD Custom New Tab”
llngndcpphncgeledehpklbeheadnoan, “3D Wallpaper HD Custom New Tab”
lmmdoemglmnjenhfcjkhgpkgiedcejmn, “Bangtan Boys Wallpaper HD Custom New Tab”
lniooknjghghdjoehegcoinmbhdbhcck, “Superheroes Wallpaper HD Custom New Tab”
makliapgjjpdkkaikobcmdhkfbfcoafk, “3D Wallpaper HD Custom New Tab”
maohnjppabopdhfkholcdkpehdojnpoc, “Aquarium Live Wallpaper HD Custom New Tab”
mcadalidfbmnponoamfdjlahdeheommb, “Roblox And Minecraft Wallpaper HD New Tab”
mcafdholbcjhepgnpfdogaiagjmlfcon, “Sword Art Online Wallpaper HD Custom New Tab”
meioomnaphfjchjidcfnbadkbaaoanok, “Bears Wallpaper HD Custom New Tab”
mjbmelinkhpkmbjnocdklkjpiilpikba, “Fortnite Wallpaper HD Custom New Tab”
mkghdamdheccacmkmnchkaoljoflpoek, “Black Clover Wallpaper HD Custom New Tab”
mkjcnnfcmmniieaidfadidepdgfppfdj, “Star Wars Wallpaper HD Custom New Tab”
mmhaojkmpbmgbkojlagnhmjlfmnaglla, “Doctor Who Wallpaper HD Custom New Tab”
mmlhchoolkdnmnddgmoohigffekjnofo, “Namjin Bts Wallpaper HD Custom New Tab”
mmmapklofkmbcahafjmiogdbmpagimlp, “Hypebeast Dope Supreme Wallpaper HD New Tab”
mngcfgonjbdbdbifcbhmdiddloganbcc, “Fireplace Live Wallpaper HD Custom New Tab”
mnnpffgmgkbdllleeihdgfgleomdhacm, “Satsuriku No Tenshi Wallpaper HD New Tab”
moalaminambcgbljenplldelnhnaikke, “Rocket League Wallpaper HD Custom New Tab”
moljhdcbomchgdffhddpicbokacnbjoj, “Moana Wallpaper HD Custom New Tab”
mpdpjfobafahmgicjmpnfklbphhlacel, “Alfa Romeo Wallpaper HD Custom New Tab”
mpfleoaldoclbjhfkgbmnelkkbolbegl, “Lion Wallpaper HD Custom New Tab”
nafbodmhgaabbfchodpkmpnibgjmeeei, “Super Cars – Sports Cars Wallpaper HD New Tab”
naofchadlleomaipaienfedidkiodamo, “Red Dead Redemption Wallpaper HD New Tab”
nbbeiofjfjmnicfhkfbjdggbclmbaioc, “League Of Legends (Lol) Wallpaper HD New Tab”
nbblafbmmogmlhejjondcclcgbkdmjln, “Dinosaurs Wallpaper HD Custom New Tab”
nbekcbebginchflfegofcjjmojpppnad, “Lilo And Stitch Wallpaper HD Custom New Tab”
nbhjdcacphemibgeamjkmeknfeffgngk, “Ugandan Knuckles Wallpaper HD Custom New Tab”
nchffcpkbehklpbdodlakgdbnkdcnpbi, “Hedgehog Wallpaper HD Custom New Tab”
nckldhnoondmiheikhblobkgcfchcbld, “Blade Runner 2049 Wallpaper HD Custom New Tab”
ncnonnloajjbpdpgnelmlbflmbhlilid, “Vkook Kim Wallpaper HD Custom New Tab”
ncpjlhellnlcjnjmablbaingipdemidh, “Bears Wallpaper HD Custom New Tab”
ndchgkeilnpiefnoagcbnlellpcfmjic, “Death Note Wallpaper HD Custom New Tab”
ndeejbgcbhehjpjmngniokeleedmjmap, “Daredevil Wallpaper HD Custom New Tab”
ndihciopmidkbamcfgpdmojcpalolfgo, “Gucci Wallpaper HD Custom New Tab”
neafafemicnbclhpojeoiemihogeejhl, “Jisung Stray Kids Wallpaper HD Custom New Tab”
nekimocmhfdimckbgchifahcgafhnagb, “Kill La Kill Wallpaper HD Custom New Tab”
nenaiblmmandfgaiifppcegejpinkebl, “One Direction Wallpaper HD Custom New Tab”
neplbnhjlkmpekfcjibdidioejnhejfl, “Chicago Bulls Wallpaper HD Custom New Tab”
nepnhilmahdmejhghfbjhhabaioioeel, “Ant Man & The Wasp Wallpaper HD New Tab”
nfanjklinojeimbhmfliomdihldjhfpm, “Jimin & Jungkook Wallpaper HD Custom New Tab”
nfebelgoldoapjgfkekcmbddpljakakp, “Danganronpa V3 Maki Wallpaper HD New Tab”
nfhbpopnbgigkljgmelpfncnghjpdopf, “Ad-block for YouTube – Youtube Ad-blocker Pro”
nfpnclghflfcgkgdjcbpoljlafndbomk, “Seattle Seahawks Wallpaper HD Custom New Tab”
ngaccohdjpkgnghichikgcpfagnoeeim, “Adidas Wallpaper HD Custom New Tab”
ngajighkghnbfnleddljedblnjaggebo, “Real Madrid Wallpaper HD Custom New Tab”
ngchnhjdpgpkapghgpncmommhelegfbh, “Kpop Nu Est Wallpaper HD Custom New Tab”
ngeofnobniohmdmdkliflkeppfgbjpgn, “Satsuriku No Tenshi Wallpaper HD New Tab”
nglggaejaflihehbajhppedepephbfae, “Kingdom Hearts 3 Wallpaper HD Custom New Tab”
nhnemamgicdjigoedllaicngcfihkmhf, “Voltron Wallpaper HD Custom New Tab”
nhneoegahiihkkgdindfdnobhhhlpfnm, “One Piece Anime Wallpaper HD Custom New Tab”
njablodeioakdgahodegclphmnbaphin, “Fruits Basket Wallpaper HD Custom New Tab”
njdegihoinoiplfpbcckmjahlnpeipii, “Godzilla Wallpaper HD Custom New Tab”
njliieipbkencklladfemkkipmfcjiom, “Dope Wallpaper HD Custom New Tab”
nklckhbegicdajpehmmpbnpelkdjmdoc, “Ikon Wallpaper HD Custom New Tab”
nkopnpaipcceikcmfcjlacgkjoglodag, “Devil May Cry Wallpaper HD Custom New Tab”
nldffbaphciaaophmdnikgkengbmigli, “Final Fantasy Wallpaper HD Custom New Tab”
nmkfcjaghjoedelgkomoifnpdejjpcbj, “Heart Wallpaper HD Custom New Tab”
nmlmdkblidkckbhidgfgghajlkgjijkp, “Hawaii Wallpaper HD Custom New Tab”
nnceiipjfkdobpenbmnajbkdfiklajgl, “Puppies Wallpaper HD Custom New Tab”
noiinnecebffnjggilfhailhhgdilbld, “One Direction – 1D Wallpaper HD New Tab”
nojmjafalbmmoohpmjphalepmfnmhfao, “Vmin Bts Wallpaper HD Custom New Tab”
npcndkopgafkjggoledlgfblodppnckj, “Kill La Kill Wallpaper HD Custom New Tab”
nphiadicgehlpbniemnkhinphngoeaeg, “Red Dead Redemption Wallpaper HD New Tab”
oaihijkoodmmaibfhojdinffpinmhdji, “Attack On Titan Wallpaper HD Custom New Tab”
oanlnaeipdakcmafockfiekhdklfidjb, “Chicago Bulls Wallpaper HD Custom New Tab”
oanplobhgngkpkpeihcdojkongpiheci, “Destiny 2 Wallpaper HD Custom New Tab”
obahibdkmhmnenkcdpakilchcppihopl, “Clash Royale Wallpaper HD Custom New Tab”
obgdpcjbebcaphmigjhogcikejnlbjgl, “Deadpool Wallpaper HD Custom New Tab”
ocfpmgbbkjeblbhdehminjdjffhcidbi, “Dank Memes Wallpaper HD Custom New Tab”
ocgfhclcahimdhfjgmakmfdnhomofljo, “Bts Wallpaper HD Custom New Tab”
ocponkhpfikgnggeflddgkfcmhjejedo, “Chevrolet Corvette Wallpaper HD New Tab”
odoenahafpbigcelejhbkkhnjfleanok, “Lamborghini Super Cars Wallpaper HD New Tab”
oehamnhnpejphgpkgnenefolepinadjj, “Fortnite Drift Wallpaper HD Custom New Tab”
oejbnchocabaoicconfnbjghebmbfemc, “Rocky Paw Mighty Pups Wallpaper HD New Tab”
oejmcobpfiiladgbfpknibppfnekbolo, “Yeezy Wallpaper HD Custom New Tab”
oemkcngaaomgokaclafmkcgcpbfelmnb, “Wild Animals 3D Neon Wallpaper HD New Tab”
ofbfieekadnmifbaoigkcffobkkjblep, “Cherry Blossom Wallpaper HD Custom New Tab”
ofgihclaiecmjbfjnajjimdbjnbiimkk, “Audi R8 Wallpaper HD Custom New Tab”
ofkjndegefemablfmefngnpchlhapdmi, “Art Wallpaper HD Custom New Tab”
ofockibbbgfclddbpbhhohdldgkomhgm, “Custom Super Cars Wallpaper HD Custom New Tab”
ogegpnamjdpcadpldhijjlhkicgbnkjj, “Louis Vuitton Wallpaper HD Custom New Tab”
ogiaghccmoklogdlbchapejmjnnlichn, “Japan Wallpaper HD Custom New Tab”
ohjoklkmollkbcibgddolpmpgaoophfl, “One Direction Wallpaper HD Custom New Tab”
ohobkendnpiijpeiaimjbannfcmhaogi, “Deathstroke Wallpaper HD Custom New Tab”
ohoingjkmkkoffkdmbpipdncbkhaaefd, “Dachshund Wallpaper HD Custom New Tab”
oihecidjnjpjfeefkambkjgebbmpahgn, “Dc Comics Shazam Wallpaper HD Custom New Tab”
oilikkahlcnchaipbojfgejapechblbl, “Santa Claus Christmas Wallpaper HD New Tab”
ojfjgkolegfhneacbgcjaoajfgcfoapf, “Halloween Wallpaper HD Custom New Tab”
ojhlagjgjbjfgllocdhlpnkbdlcipnmo, “Cars”
ojmpgbcmiimbkmjfgmcneplkneleehcc, “God Of War 2018 Wallpaper HD Custom New Tab”
ojnlggfhmoioajgmnelfdpjojaeknjog, “The Incredibles 2 Wallpaper HD Custom New Tab”
okgnpdnekilbcgcfeheanbpbhnhmopfc, “Yeezy Wallpaper HD Custom New Tab”
okjdiicjoeloipmgdopdmhpebnnfadih, “Sao Alicization Wallpaper HD Custom New Tab”
okphhehkikoonipdjmhglcmlgccjcblp, “Los Angeles Lakers Wallpaper HD New Tab”
olochidfgadpdbdmdfbhgimiffnllaij, “Dragon Ball Super Wallpaper HD Custom New Tab”
ombenndgcnmcnfohnbbjcmbmfmpefojc, “Panda Wallpaper HD Custom New Tab”
omclahaofiigfggelbcleagcphjhabmp, “Fallout 76 Wallpaper HD Custom New Tab”
onjjlcdmafgcjdbhmlnpmheobbfeilah, “Lego Wallpaper HD Custom New Tab”
onnmfhejbikffoenamcfglpjnmmbkdeg, “Daredevil Wallpaper HD Custom New Tab”
oonheecobachpkogdjjnemiipogpgnmg, “The Vampire Diaries Wallpaper HD New Tab”
opbobdfddmiemhekjiglckcenhpfdbjm, “Hulk Wallpaper HD Custom New Tab”
opjpfngjbdmgkilopbnapbkbngedcpmj, “Bap Kpop Wallpaper HD Custom New Tab”
oplhjpchbbngmpgcpjcbijhfehbhodgi, “Rwby Wallpaper HD Custom New Tab”
oppbpkjmehgijcpeddkpbadoidfpcblg, “Live Christmas Snowfall Wallpaper HD New Tab”
paddichbcfehpelokpidnagccddbpkin, “Tesla Wallpaper HD Custom New Tab”
pajbempmgmalnfpbnpclkelnhfccikal, “Bts Bangtan Boys Wallpaper HD Custom New Tab”
pboddlnfegdnifbhepjegnokocjpadpd, “Kawaii Wallpaper HD Custom New Tab”
pcbpmbmpjjibcmodpaomahiokikjomgc, “Boston Terrier Wallpaper HD Custom New Tab”
pcembleiffdccjkcebaodmhgkopipdan, “Ultra Instinct Goku Wallpaper HD New Tab”
pcgcmplcfdfkkkmaggghdghnlddkpbbo, “DBS and Dragon Ball Super”
pdhibfagbndnidgfjkhdhlfibdoofbji, “Bmw Wallpaper HD Custom New Tab”
pdloaiifhmlbhhppajjmfpijopfeenoo, “Bentley Wallpaper HD Custom New Tab”
pehnljkefahmlhifockljagcfcpljclc, “Gothic Wallpaper HD Custom New Tab”
pelnnoacfeaanpmnmacjjnnpgfggekig, “V & Jimin Wallpaper HD Custom New Tab”
pfekelemlpmelhipncgddloaflehglmb, “Tiger Wallpaper HD Custom New Tab”
pfepcffcdodcancalckiencamnonoebl, “Momo Twice Wallpaper HD Custom New Tab”
pfpgpbfndacjjjdlgefggndhionakfmb, “Lilo And Stitch Wallpaper HD Custom New Tab”
pghkmhmjldklacabcgkaaboikfaaogmi, “Kpop Big Bang Wallpaper HD Custom New Tab”
pgilbgknfcnjjblfnjojmcpkggipblci, “Clash Of Clans Wallpaper HD Custom New Tab”
pgleokbigapafgjodffamlhdkhiagdgb, “Bmw Wallpaper HD Custom New Tab”
phkafpikdokjpogdhjpkcgfjpfgnlgeo, “Hulk Wallpaper HD Custom New Tab”
phmogllmicehmpglfobbihoelfidjnpd, “Carolina Panthers Wallpaper HD Custom New Tab”
pihogmfmhefemijkgmbimkngninbkkce, “J-Hope Wallpaper HD Custom New Tab”
pilmbpeapchjcnldfomimmcfoigoenoc, “Emoji Unicorn Wallpaper HD Custom New Tab”
pinfndnjmdocmimbeonilpahdaldopjc, “Assassination Classroom Wallpaper HD New Tab”
pinkcaefpkjpljfflabpkcgbkpbomdfk, “Forest Wallpaper HD Custom New Tab”
pjabdohmcokffcednbgpeoifpdbfgfbj, “Cool Fortnite Wallpaper HD Custom New Tab”
pjjmcpmjocebmjmhdclbiheoideefiad, “Harry Potter Wallpaper HD Custom New Tab”
plcdglhlbmlnfoghfhmbhehapfadedod, “Code Geass Wallpaper HD Custom New Tab”
pmdakkjbaeioodmomlmnklahihodjcjk, “Kpop Red Velvet Wallpaper HD Custom New Tab”
pmnpldnflfopbhndkjndecojdpgecckf, “Mac Wallpaper HD Custom New Tab”
pnamonkagicmlnalnlcdaoeenhlgdklf, “Fortnite Skull Trooper Wallpaper HD New Tab”
poeokidblnamjkagggonidcigafaobki, “Kakashi Hatake Wallpaper HD Custom New Tab”
pofffhlknjbjolmfoeagdmbbdbjjmeki, “Bts Wallpaper HD Custom New Tab”
polgnkadhhhmlahkhhbicledbpklnake, “James Harden Wallpaper HD Custom New Tab”
ppicajcmopaimnnikbafgknffbdmomfk, “Muscle Cars Wallpaper HD Custom New Tab”
ppmbiomgjfenipmnjiiaemcaboaeljil, “Forntine Battle Ground Wallpaper HD New Tab” More

Forum post sharing link to the list of Pulse Secure VPN server usernames and passwords
Image: Bank Security (supplied)
A hacker has published today a list of plaintext usernames and passwords, along with IP addresses for more than 900 Pulse Secure VPN enterprise servers.
ZDNet, which obtained a copy of this list with the help of threat intelligence firm KELA, verified its authenticity with multiple sources in the cyber-security community.
According to a review, the list includes:
IP addresses of Pulse Secure VPN servers
Pulse Secure VPN server firmware version
SSH keys for each server
A list of all local users and their password hashes
Admin account details
Last VPN logins (including usernames and cleartext passwords)
VPN session cookies

Image: ZDNet
Bank Security, a threat intelligence analyst specialized in financial crime and the one who spotted the list earlier today and shared it with ZDNet, made an interesting observation about the list and its content.
The security researcher noted that all the Pulse Secure VPN servers included in the list were running a firmware version vulnerable to the CVE-2019-11510 vulnerability.

Bank Security believes that the hacker who compiled this list scanned the entire internet IPv4 address space for Pulse Secure VPN servers, used an exploit for the CVE-2019-11510 vulnerability to gain access to systems, dump server details (including usernames and passwords), and then collected all the information in one central repository.
Based on timestamps in the list (a collection of folders), the dates of the scans, or the date the list was compiled, appear to between June 24 and July 8, 2020.

Image: ZDNet
ZDNet has also reached out to Bad Packets, a US-based threat intelligence company that has been scanning the internet for vulnerable Pulse Secure VPN servers since August 2019, when the CVE-2019-11510 vulnerability was made public.
“Of the 913 unique IP addresses found in that dump, 677 were detected by Bad Packets CTI scans to be vulnerable to CVE-2019-11510 when the exploit was made public last year,” Bad Packets co-founder and chief research officer, told ZDNet today.
From the list, it appears that the 677 companies didn’t patch since Bad Packets’ first scan last year, and the June 2020 scans carried out by the hacker.
Even if those companies patch their Pulse Secure servers, they also need to change passwords to avoid hackers abusing the leaked credentials to take over devices and then spread to their internal networks.
This is very important, as Pulse Secure VPN servers are usually employed as access gateways into corporate networks so staff can connect remotely to internal apps from across the internet. These types of devices, if compromised, can allow hackers easy access to a company’s entire internal network — hence the reason why APTs and ransomware gangs have targeted these systems in the past.
List shared on forum frequented by ransomware gangs
Making matters worse, the list has been shared on a hacker forum that is frequented by multiple ransomware gangs. For example, the REvil (Sodinokibi), NetWalker, Lockbit, Avaddon, Makop, and Exorcist ransomware gangs have threads on the same forum, and use it to recruit members (developers) and affiliates (customers).
Many of these gangs perform intrusions into corporate networks by leveraging network edge devices like Pulse Secure VPN servers, and then deploy their ransomware payload and demand huge ransom demands.
The publication of this list as a free download is a literal DEFCON 1 danger level for any company that has failed to patch its Pulse Secure VPN over the past year, as some of the ransomware gangs active on this forum are very likely to use the list for future attacks.
As Bank Security told ZDNet, companies have to patch their Pulse Secure VPNs and change passwords with the utmost urgency.
***The Pulse Secure VPN dump has been advertised as a 1,800 list of vulnerable servers, but our checks found only 900, so we used an appropriate article title, despite the first image in this article. More

The recently revealed BootHole security problem with GRUB2 and Secure Boot can, theoretically, be used to attack Linux systems. In practice, the only vulnerable Linux systems are those that have already been successfully breached by an attacker. So, despite all the publicity BootHole got, it really wasn’t that big a problem. Still, almost all enterprise Linux distributors released patches. Unfortunately, for several of them, including Red Hat, the fix proved worse than the security hole. Users found their newly “repaired” systems wouldn’t boot. Now, the fixes to these fixes are out.

Open Source

Red Hat jumped on the problem immediately. Peter Allor, director of Red Hat’s Product Security Incident Response Team, told me: 

Red Hat has been made aware of a potential issue with the fix for CVE-2020-10713, also known as BootHole, whereby some Red Hat Enterprise Linux 7 and Red Hat Enterprise Linux 8 systems may not successfully reboot after the remediation is applied, requiring manual intervention to fix. We are currently investigating this issue and will provide more information as it becomes available.

Unfortunately, the fix took several days instead of hours to pull together. Now, though, the fix is ready for deployment on Red Hat Enterprise Linux (RHEL) 7.8 and 8.2. While the solution hasn’t been confirmed yet for RHEL 7.9 and 8.1 Extended Update Support (EUS), it should work on them as well.
The repair consists of updated shim packages. A shim in this context is a UEFI (Unified Extensible Firmware Interface) Secure Boot certificate. It’s signed by the Linux distributor, which is implicitly trusted by being embedded in the Microsoft signed shim loader. Microsoft’s UEFI Secure Boot is used because almost all computers come preloaded with Microsoft Secure Boot keys.
These updated shim packages are available now. You can use them with the previously released grub2, fwupd, and fwupdate packages. To perform the fix, you’ll need to reboot using the RHEL DVD in Troubleshooting mode. Once booted, you enter the chroot container, and replace the faulty shim package with the repaired version.

With the RHEL clone operating system CentOS, you fix it with a similar method. Be sure to read the CentOS BootHole repair bug report all the way to the end. Instead of reverting to an old booting shim, as described in the report’s beginning, you’ll be upgrading to shim-x64-15-15.el8_2.x86_64.rpm (EL8) or respectively shim-x64-15-8.el7_8.x86_64.rpm (EL7) (or newer) as described in the report’s final note.
Red Hat staffers told me that the unbootable system issue never hit Fedora, Red Hat’s community Linux distribution. Fedora programmers are currently working on delivering the broad fix for BootHole in the near future. “That said, given the very narrow attack surface of BootHole (already requiring access, etc.) it’s viewed as a serious but not overly critical issue.”
Canonical, Ubuntu Linux’s parent company, reports that it’s seen very few instances of systems not booting with their BootHole patch. In the event, you do run into one, Canonical suggests, downgrading grub2/grub2-signed from another Ubuntu session. With a local machine, you do with a bootable Ubuntu Live DVD or USB stick. On the cloud, you do it from a separate instance on the same cloud availability-zone. Either way, you use the same final steps. That is,  mount the root volume/device from the affected system into the live/separate cloud instance, chroot into it, and use apt to downgrade grub2/grub2-signed/.
As for Debian Linux, the corrected BootHole fix comes in the latest Debian 10 “Buster” release: Debian 10.5. 
If your Linux distro of choice doesn’t have a fix yet, I have a suggestion. Wait. Don’t patch your system until you know that the real repair has been made. Usually, I’m all about patching security bugs as soon as possible. This is an exception. BootHole is not really a serious problem, but not being able to run your system because of a botched patch is as bad as it gets. Wait. The real fixes are out there and will be coming to your distribution in good time. 
Related Stories: More

Image: Mozilla

With the release of Firefox 79 last week, Mozilla silently added a new feature to Enhanced Tracking Protection (ETP) — Firefox’s internal component that blocks invasive user-tracking techniques.
According to Mozilla, Firefox 79 can now block a new technique called “redirect tracking.”
Online advertisers and web analytics companies have recently begun adopting this new technique after Firefox, Chrome, Brave, and other browsers have recently included privacy protections inside their code to block user tracking and user fingerprinting scripts.
More specifically, this technique was developed to circumvent browsers that prevent advertisers from using third-party cookies to track users.
Third-party cookies allowed an advertiser to drop a cookie file inside the user’s browser from its allocated ad slot. As the user navigated across the web, the advertiser would read the user’s local cookie from within ad slots on different sites — allowing the advertiser to track the user’s movements across the web.

As browsers now prevent advertisers from dropping this cookie, some ad tech companies came up with the bright idea of redirecting users (who interact with their ads) to one of their domains, read the cookie file, and then redirect the user to their destination effectively creating their own first-party (tracking) cookies instead of relying on third-party cookies created on other sites.
Firefox to clear cookies for ad tech companies each day
Mozilla says that going forward, it plans to clear first-party cookies every 24 hours for all known advertisers as a way to prevent redirect tracking. This way, even if advertisers employ redirect tracking, users will have a brand new identity each day, preventing companies from linking previous activity to a unique user profile.
The browser maker said this new protection is included in Enhanced Tracking Protection 2.0, the next iteration of its ETP feature. While currently only active for Firefox 79 users, Mozilla said ETP 2.0 would eventually roll out to all users within the next few weeks.
However, Mozilla says that blocking redirect tracking won’t be active for all known ad tech companies.
“Sometimes trackers do more than just track; trackers may also offer services you engage with, such as a search engine or social network,” Mozilla said, hinting at companies like Google, Microsoft, Facebook, or Twitter.
“If Firefox cleared cookies for these services we’d end up logging you out of your email or social network every day,” it said.
For these sites, Mozilla said it would clear cookies every 45 days.
Additional details about redirect tracking are available on the MDN developer network. More

Image: ZDNet

Special feature

Cyberwar and the Future of Cybersecurity
Today’s security threats have expanded in scope and seriousness. There can now be millions — or even billions — of dollars at risk when information security isn’t handled properly.
Read More

An Iranian hacking group known as Oilrig has become the first publicly known threat actor to incorporate the DNS-over-HTTPS (DoH) protocol in its attacks.
Speaking in a webinar last week, Vincente Diaz, a malware analyst for antivirus maker Kaspersky, said the change happened in May this year when Oilrig added a new tool to its hacking arsenal.
According to Diaz, Oilrig operators began using a new utility called DNSExfiltrator as part of their intrusions into hacked networks.
DNSExfiltrator is an open-source project available on GitHub that creates covert communication channels by funneling data and hiding it inside non-standard protocols.
As its name hints, the tool can transfer data between two points using classic DNS requests, but it can also use the newer DoH protocol.

Diaz said Oilrig, also known as APT34, has been using DNSExfiltrator to move data laterally across internal networks, and then exfiltrate it to an outside point.
Oilrig is most likely using DoH as an exfiltration channel to avoid having its activities detected or monitored while moving stolen data.
This is because the DoH protocol is currently an ideal exfiltration channel for two primary reasons. First, it’s a new protocol that not all security products are capable of monitoring. Second, it’s encrypted by default, while DNS is cleartext.
Oilrig has a history with DNS exfiltration channels
The fact that Oilrig was one of the first APTs (Advanced Persistent Threats — a term used to describe government-backed hacking groups) to deploy DoH is also not a surprise.
Historically, the group has dabbled with DNS-based exfiltration techniques. Before adopting the open-source DNSExfiltrator toolkit in May, the group had been using a custom-built tool named DNSpionage since at least 2018, per reports by Talos, NSFOCUS, and Palo Alto Networks.
In the May campaign, Kaspersky said Oilrig exfiltrated data via DoH to COVID-19-related domains.
During the same month, Reuters independently reported about a spear-phishing campaign orchestrated by unidentified Iranian hackers, who targeted the staff pharma giant Gilead, which at the time announced it began working on a treatment for the COVID-19 virus. It is, however, unclear if these are the same incidents.
Previous reporting has linked most Iranian APTs as working as members or working as contractors for the Islamic Revolutionary Guard Corps, Iran’s top military entity.
But while Oilrig is the first publicly reported APT to use DoH, it is now the first malware operation to do so, in general. Godlua, a Lua-based Linux malware strain was the first to deploy DoH as part of its DDoS botnet in July 2019, according to a report from Netlab, a network threat hunting unit of Chinese cyber-security giant Qihoo 360. More

Microsoft has revealed it has awarded security researchers $13.7m for reporting bugs in Microsoft software since July last year. 
Microsoft’s bug bounties are one of the largest source of financial awards for researchers probing software for flaws and, importantly, reporting them to the relevant vendor rather than selling them to cybercriminals via underground markets or exploit brokers who distribute them to government agencies. 

Windows 10

The Redmond company has 15 bug-bounty programs through which researchers netted $13.7m between July 1, 2019 and June 30, 2020. That figure is triple the $4.4m it awarded in the same period the previous year. 
“The researchers who devote time to uncovering and reporting security issues before adversaries can exploit them have earned our collective respect and gratitude,” said members of the Microsoft Security Response Center in a blogpost. 
Flaws reported to Microsoft and other vendors via bug bounties can help reduce the number of so-called zero-day exploits that attackers can use to compromise systems before a vendor supplies a security patch to block them. Providing patches to users also helps protect systems from attacks after the vulnerability has been disclosed.  

Microsoft’s total annual bug-bounty payouts are now much larger than Google’s awards for security flaws in its software, which totaled $6.5m in calendar year 2019. That figure was double the previous year’s payouts from the ad and search giant, which called it a “record-breaking year”. 
Microsoft’s larger expenditure on bug-bounty payouts could be justified, according to new data released by Google’s bug hunting squad, Google Project Zero or GPZ. 
GPZ this week revealed that there have been 11 zero-day vulnerabilities exploited in the wild in the first half of the year. The discovery of these exploits is rare: Microsoft patched 115 vulnerabilities in March alone. But Microsoft software made up four of the 11 exploits that Google discovered were being used in the wild in 2020. 
The Microsoft flaws included the bug in Internet Explorer, CVE-2020-0674, that Microsoft patched in February. Then there were three more Windows memory-corruption bugs that were exploited before Microsoft’s patches released this year. 
In 2019, according to GPZ statistics, 11 of the 20 zero-days under attack that year affected Microsoft products, which was much higher than exploited zero-days from any other vendor, including Google. 
However, Google noted that there was detection bias towards Microsoft because there are more security tools specialized in detecting Windows bugs.
Microsoft says the higher total payouts this year is because it launched six new bounty programs and two new research grants. These attracted over 1,000 eligible reports from over 300 researchers. 
Microsoft also suggests COVID-19 social distancing prompted an uptick in security research activity. 
“Across all 15 of our bounty programs we saw strong researcher engagement and higher report volume during the first several months of the pandemic,” Microsoft said. 
The Microsoft bounties that Microsoft launched during the period included: 
Microsoft Dynamics 365 Bounty Program, launched July 2019
Azure Security Lab, launched August 2019
Microsoft Edge on Chromium Bounty Program, launched August 2019
Election Guard Bounty Program, launched October 2019
Xbox Bounty Program, launched January 2020
Azure Sphere Security Research Challenge, launched May 2020 More