Category: Latest

Ubuntu Budgie 20.04 Review: Smooth, Polished & Plenty of Change

As we promised our readers, we will look at all the important flavours of Ubuntu LTS version 20.04. In this sequel, here’s our take on Ubuntu Budji.

Ubuntu table bus Ubuntu table bus

Ubuntu Budgie is, as the name suggests, the official scent of Ubuntu with Budgie’s office environment. This perfume is a new member of the Ubuntu family. The first launch of Ubuntu Budji took place on 16.04 and was accepted as the official fragrance with the launch on 17.04.

Their goal is to combine the simplicity and elegance of the Budgie interface into a traditional desktop-oriented distribution with a modern paradigm.

Ubuntu 20.04 Verification: What has changed and what hasn’t!

 

Since the release of version 18.04 LTS in Ubuntu Budgie there has been an incredible number of updates and improvements.

  • A new elegant apple menu
  • Standard Buji-based Network Manager Applet
  • New window mixer makes it possible to tile keyboard applications
  • A new tool to move quickly from one office to another
  • Support for 4k licences
  • GNOME firmware and design are new standard applications.
  • Backpacks rebuilt on 20.04.
  • Firefox is the default browser.
  • Suda file and text search is now the default setting.
  • Integration of kidney and leg
  • The applet in the system tray has been deleted due to errors.
  • By default, audible warnings are disabled.
  • Fixed keyboard shortcuts that mysteriously disappear.
  • Improving the lock screen layout
  • The files (Nautilus) have been replaced by files (Nemo) due to public demand.
  • The board dock is now switched at the bottom of the screen, transparent and has bounce animation as standard.
  • The Quick Notes and Hot Corners applets have been ported to Wallis to speed up Python.
  • Celluloid replaces MPV
  • GNOME dependencies updated

Ubuntu Desktop Settings

Ubuntu Budgie now comes with the latest version of the Budgie desktop environment (10.5.1). improvements:

  • New crow department in the Budgie office settings
  • Raven grouping of notifications and possibility to deactivate notifications
  • The to-do list with symbols has been revised
  • Ability to set the number of virtual desktops

Ubuntu Budji comes with a set of Budji-applets and mini-applets. They can be installed via Ubuntu Budgie Welcome.

Ubuntu Budgi Welcome Ubuntu Budgi Welcome

  • WeatherShow – shows the forecast for the next five days and is updated every three hours.
  • Wallstreet – a wallpaper creation tool that allows you to move images from one folder to another
  • Viewing area – switch for compact working space
  • Dropby – use this applet to quickly manage USB flash drives from the panel.
  • Kangaroo – Panel Quick Navigation Folders
  • garbage apple – garbage management
  • Fuzziclock – displays time in a blurry form
  • Workspace Stopwatch – tracks the time spent in each workspace.

A full list of changes and updates can be found on the changes blog.

System requirements

Ubuntu Budji updated the system requirements on April 20:

  • 4 GB or more RAM
  • 64-bit Intel and AMD processors.
  • Starting up the UEFI PC in CSM mode
  • Modern Apple Mac computers with Intel processors

As you can see, Budgie’s not exactly an easy option.

Applications included

Explanation about Ubuntu Budji

The following useful applications are included as standard in Ubuntu Budgie :

  • Patience AisleRiot
  • Gary
  • Loopfinder tool
  • Webcam cheese machine
  • Gnome Drawing
  • GNOME 2048
  • Dwarf Mahjong
  • Gnome mines
  • Dwergsudoku
  • Gthumb
  • LibreOffice
  • Maps
  • Drum machine
  • Tilix
  • Ubuntu Budji Welcome.
  • Evans Document reader
  • Punk
  • Celluloid

Using Ubuntu Budji Rama Using Ubuntu Budji Rama

Equipment

Originally I couldn’t use Ubuntu Budgie in a real environment, so I installed it. It turned out that Ubuntu tried to download Budji through EFI. I contacted the Ubuntu Budgie Forum and found a solution.

After the purple screen saver I had to press ESC and select Legacy. It was then put into operation as usual and installed without any problems. I only met this subject in Ubuntu Budji. I downloaded Ubuntu MATE 20.04 ISO and tried it, but I didn’t have this problem.

Experience with Ubuntu Budji 20.04

Ubuntu Budji 20 04

Apart from a small installation problem, my stay in Ubuntu Budji was very pleasant. The Budgie desktop has come a long way since Ikey made it, and it has become a very mature version. The goal of Ubuntu Budji is to create a traditional desktop-oriented distribution. He does it with kicks. All the changes they constantly make to their product make it even brighter.

All in all, Ubuntu Budji is a very sweet cast. From the standard theme to the wallpaper, it can be said that a lot of effort has been put into making the visual impression very attractive.

Remember that Ubuntu Budgie is not intended for low specification systems. I use it on my Dell Latitude D630 without open applications, it used about 700 MB RAM.

Part of Ubuntu Budgie that I loved more than I wanted was the activation of the Tilix terminal emulator. With Tilix you can add terminal windows on the right side or at the bottom. It has many functions and he loves to use it. I plan to install it on other Linux systems.

Latest reflections on Ubuntu Budji 20.04

Ubuntu Budji is a welcome addition to the litany of official flavours. The candle is very smooth and polished. He’ll get out of the way and let you work.

If you are tired of your current office environment and want to see something new, check this out. If you are satisfied with the current installation, take a look at the Ubuntu Budji Live DVD. Maybe you just like it.

Ubuntu Budji About Ubuntu Budji Oh

Have you ever tried Ubuntu 20.04 Budgie? What was your experience? If not, which version of Ubuntu 20.04 are you currently using?

https://i2.wp.com/itsfoss.com/wp-content/uploads/2020/05/ubuntu-budgie-review.jpg?fit=800%2C450&ssl=1

Do you like what you read? Please share it with others.

Read More

Evolution of IT threat Q1 2020. Statistics and statistics

These statistics are based on the detection rates of Kaspersky products received from users who have agreed to provide statistics.

Quarterly indicators

According to Kaspersky’s safety net,

  • Kaspersky’s solutions blocked 726,536,269 attacks from Internet sources in 203 countries.
  • A total of 442,039,230 unique URLs were found as malicious components of the web antivirus.
  • Malware attempts to steal money through online access to bank accounts were recorded on the computers of 249,748 individual users.
  • The ransom attacks were repelled on the computers of 178,922 individual users.
  • Our antivirus file has detected 164,653,290 unique and potentially unwanted malicious elements.
  • Kaspersky products for detected mobile devices :
    • 1,152,662 malicious installation packages
    • 42,115 Installation kits for mobile banking trojans
    • 4339 Installation kits for mobile Trojan horses with fee

Mobile threats

Quarterly events

The first quarter of 2020 will be dominated by the coronavirus pandemic and its exploitation by cybercriminals. In particular, the developers of the new modification of the Ginp Trojan Bank have renamed the malware Coronavirus Finder and then offered it for 0.75 euros, disguised as an application that should be able to detect people infected with COVID-19. For example, the attackers not only tried to mislead users with hot topics, but also to gain access to their credit card details. And because the Trojan remains on the device after the data has been stolen, attackers can intercept text messages with two-factor authorisation codes and use the stolen data without the victim’s knowledge.

Another interesting discovery this quarter: Cookiethief, a Trojan horse that steals cookies from mobile browsers and the Facebook application. If the attack is successful, the malware will give his agent access to the victim’s account, including the ability to perform various actions on his behalf, such as favors, repetitions, etc. To prevent the service from detecting abnormal activity in the intercepted profile, the Trojan contains a proxy module that allows attackers to issue commands.

The third malware that caught our attention this quarter was Trojan Dropper.AndroidOS.Shopper.a. It is designed to help cybercriminals leave fake notes and increase their Google Play score. The goals of cybercriminals are obvious here: They want to strengthen the changes in their applications, which are published and recommended, and alleviate the vigilance of potential victims. Please note that the Trojan horse uses accessibility services to evaluate requests and write messages to fully check another request: in this case, the official Google Play client.

Mobile threat statistics

In the first. In the third quarter of 2020, Kaspersky’s mobile products and technologies discovered 1,152,662 malicious installation packages, 171,669 more than in the previous quarter.

Malicious installation kits detected, Q1 2019 – Q1 2020 (download)

Since the second quarter of 2019, we have seen a steady increase in the number of mobile threats detected. Although it is still too early to sound the alarm (in 2019 the number of new threats was at its lowest in recent years), this trend is worrying.

Distribution of detected mobile applications according to type

Breakdown of newly discovered mobile communication programmes by type, Q1 2020 and Q4 2019 (download)

Of all the threats identified in the first quarter, half (49.9%) were unsolicited advertising requests, and their share increased by 19 percentage points compared to the previous quarter. Members of the HiddenAd and Ewind family were most often detected, with an overall 40% reduction in all adware threats detected, and the FakeAdBlocker family (12%).

Potentially undesirable applications of RiskTool (28.24%) come second, with the share of this type of threat remaining virtually unchanged. The main contributors are the Smsreg family (49% of all identified threats in this category), Agent (17%) and Dnotua (11%). It should be noted that the number of Smsreg family members found increased by more than 50% in the first quarter.

Threats such as the Trojan-Dropper were in third place (9,72%). Although their share has decreased by 7.63 percentage points compared to the previous quarter, droppers remain one of the most common mobile threat classes. The Ingopak became the top family in the first quarter, accounting for 71% of all Trojan and Dropper threats, followed by the Waponor (12%) and the Hqwar (8%), which are far behind.

It should be noted that mobile pipettes are most often used to install financial malware, although some financial threats can spread without their help. The proportion of these self-threatening threats is fairly large: the proportion of Trojan bankers in particular rose by 2.1 percentage points to 3.65% in the first quarter.

Top 20 Mobile malware

Please note that this malware rating does not include potentially dangerous or unwanted programs such as RiskTool or Adware.

  Judgement %*
1 HazardObject.Multi.generic 44.89
2 Trojan.AndroidOS.Boogr.gsh 9.09
3 DangerousObject.AndroidOS.GenericML 7.08
4 Trojan Downloader.AndroidOS.Necro.d 4.52
5 Trojan.AndroidOS.Hiddapp.ch 2.73
6 Trojan Downloader.AndroidOS.Helper.a 2.45
7 Trojan.AndroidOS.Handda.san 2.31
8 Trojan dropper.AndroidOS.Necro.z 2.30
9 Trojan.AndroidOS.Necro.a 2.19
10 Trojan Downloader.AndroidOS.Necro.b 1.94
11 Trojan dropper.AndroidOS.Hqwar.gen 1.82
12 Trojan dropper.AndroidOS.Helper.l 1.50
13 Yields.AndroidOS.Lotoor.be 1.46
14 Trojan dropper.AndroidOS.Lezok.p 1.46
15 Trojan banker.AndroidOS.Rotexy.e 1.43
16 Trojan dropper.AndroidOS.Penguin.e 1.42
17 Trojan SMS.AndroidOS.Prizes.a 1.39
18 Trojan.AndroidOS.Dvmap.a 1.24
19 Trojan.AndroidOS.Agent.rt. 1.21
20 Trojan.AndroidOS.Vdloader.a 1.18

* Percentage of users that are attacked by this malware from all users of Kaspersky mobile products that are attacked.

DangerousObject.Multi.Generic (44.89%), the judgment we use to detect malware detected by cloud computing technologies, was, as always, at the top of our top 20. They are activated when antivirus databases do not yet have data to detect a malicious program, but the cloud in the Kaspersky security network already contains information about the object. This usually detects the latest malware.

Second and third place is taken by Trojan.AndroidOS.Boogr.gsh (9,09%) and DangerousObject.AndroidOS.GenericML (7,08%). These judgments are attributed to files that are recognized as malicious by our machine learning systems.

On the fourth (Trojan Downloader.AndroidOS.Necro.d, 4.52%) and tenth (Trojan Downloader.AndroidOS.Necro.b, 1.94%) place there are representatives of the Necro family, whose main task is to download and install modules from the servers of cyber criminals. The eighth dropper.AndroidOS.Necro.z (2.30%) behaves in the same way and only gets the modules it needs. As for the Trojan horse AndroidOS Necro.a, which came ninth (2.19%), the attackers gave it another task: The Trojan horse passes advertising links and clicks on advertising banners in the victim’s name.

The Trojan horse took fifth place: AndroidOS.Hiddapp.ch (2.73%). Once launched, the malware hides its icon in the application list and keeps running in the background. The payload of the Trojan can be other programs or advertising applications.

Sixth place went to Trojan-Downloader.AndroidOS.Helper.a (2.45%), which normally comes with Trojan-Downloader.AndroidOS.Necro. Helper.a has the ability to download and execute random code from an attacker’s server.

The verdict of Trojan.AndroidOS.Handda.san (2.31%) in seventh place is a group of different Trojan horses that hide their icons, get administrator rights for the device and use packers to escape detection.

Trojan-Banker.AndroidOS.Rotexy.e (1.43%) and Trojan-Dropper.AndroidOS.Penguin.e (1.42%) deserve special mention. The first is the only Banktrojan in the top 20 of the last quarter. The Rotexi family is six years old and its members have the task of stealing bank card data and intercepting two-factor payment authorization messages. The first member of the penguin pipette family, on the other hand, was only discovered in July last year and reached the age of 1 year. In the third quarter of 2020, the popularity of this product is significant.

Geography of mobile threats

Mobile malware detection card, Q1 2020 (download)

Top 10 countries by share of users attacked by mobile threats

  Country* (in English) %**
1 Iran 39.56
2 Algiers 21.44
3 Bangladesh 18.58
4 Nigeria 15.58
5 Lebanon 15.28
6 Tunis 14.94
7 Pakistan 13.99
8 Kuwait 13.91
9 Indonesia 13.81
10 Cuba 13.62

* Excluded from the ranking of the country with relatively few users of Kaspersky mobile products (less than 10,000).
** Percentage of individual users attacked as a percentage of all Kaspersky mobile product users in the country.

In the first. In the third quarter of 2020, Iran was the leader in the share of users attacked (39.56%). Residents of this country were most likely to receive requests for advertising from the Notifyfyer family and requests to clone telegrams. Algeria ranks second (21.44%), where advertising applications were also distributed, but this time it was the HiddenAd and FakeAdBlocker families. Third place went to Bangladesh (18.58%), where half of the top ten mobile threats were adware from the HiddenAd family.

Mobile banking Trojan

In the reporting period, 42,115 Trojan installation packages for mobile banking were discovered. This is the highest value of the past 18 months and more than 2.5 times higher than in the fourth quarter. The first quarter of 2019. The largest contributors to the statistics were the Trojan-Banker.AndroidOS.Agent family (42.79% of all detected installation packages), Trojan-Banker.AndroidOS.Wroba (16.61%) and Trojan-Banker.AndroidOS.Svpeng (13.66%).

Number of Trojan installation kits for mobile banking detected by Kaspersky, Q1 2019 – Q1 2020 (download)

Top 10 mobile banking Trojan horses

  Judgement %*
1 Trojan banker.AndroidOS.Rotexy.e 13.11
2 Trojan banker.AndroidOS.Svpeng.q 10.25
3 Trojan banker.AndroidOS.Asacub.snt 7.64
4 Trojan banker.AndroidOS.Asacub.ce 6.31
5 Trojan banker.AndroidOS.Agent.eq 5.70
6 Trojan banker.AndroidOS.Anubis.san 4.68
7 Trojan banker.AndroidOS.Agent.ep 3.65
8 Trojan Banker.AndroidOS.Asacub.a 3.50
9 Trojan banker.AndroidOS.Asacub.ar 3.00
10 Trojan Banker.AndroidOS.Agent.cf 2.70

* Individual users attacked by this malware as a percentage of all Kaspersky mobile product users attacked by bank threats.

The first and second place in our group of ten were taken by the Trojans, who were aimed at Russian speaking mobile phone users: Trojan Banker.AndroidOS.Rotexy.e (13.11%) and Trojan Banker.AndroidOS.Svpeng.q (10.25%).

Third, fourth, eighth and ninth place in the top ten mobile banking threats was taken by members of the Asakub family. The intruders behind the Trojan have stopped making new samples, but in the first quarter the distribution channels for the Trojan were still active.

Geography of threats to mobile banking, Q1 2020 (download)

Top 10 countries according to the percentage of users attacked by Trojan horses for mobile banking

  Country* (in English) %**
1 Japan 0.57
2 Spain 0.48
3 Italy 0.26
4 Bolivia 0.18
5 Russia 0.17
6 Turkey 0.13
7 Tajikistan 0.13
8 Brazil 0.11
9 Cuba 0.11
10 China 0.10

* Excluded from the ranking of the country with relatively few users of Kaspersky mobile products (less than 10,000).
** Number of individual users attacked by Trojan horses for mobile banking as a percentage of all Kaspersky mobile product users in the country.

In the first quarter of 2020, Japan accounted for the majority of users attacked by mobile bankers (0.57%), the vast majority of whom were Trojan-Banker.AndroidOS.Agent.eq.

Second place is taken by Spain (0.48%), where we discovered malware of the Trojan-Banker.AndroidOS.Cebruser family in more than half of the cases, and another quarter of the detectives belonged to the Trojan-Banker.AndroidOS.Ginp family.

In third place is Italy (0.26%), where, as in Spain, the Trojan-Banker.AndroidOS.Cebruser family is the most widespread, with almost two-thirds of discoveries.

It is interesting to say more about the Sebruser family. Its creators were among the first to use the coronavirus theme to spread malware.

http://31.220.61.170/wp-content/uploads/2020/05/IT-threat-evolution-Q1-2020.-Statistics.png When the Trojan horse is launched, it starts working immediately: It requests access to access services to obtain administrator rights for the device and then tries to obtain card data.

The malware is distributed according to the Malware-as-a-Service model, and the feature set is standard for such threats, but with an interesting detail – the use of a step-by-step activation counter to bypass dynamic scanning tools (sandbox). Cebruser focuses on mobile banking applications in various countries and on popular non-financial applications; the main weapons are phishing windows and the interception of two-factor authentication. In addition, a malicious program can block the screen with a ransom tool and intercept keystrokes on the virtual keyboard.

Mobile Return Trojan horses

In the second quarter of 2020, we found 4,339 installation packages of mobile Trojan extortion programs, down 1,067 on the previous quarter.

Number of mobile Trojan installation kits discovered by Kaspersky for redemption, Q1 2019. – Q1 2020 (download)

Top 10 mobile Trojan horses for ransom

  Judgement %*
1 Trojan ransom.AndroidOS.Svpeng.aj 17.08
2 Trojan Ransom.AndroidOS.Kongur.e 12.70
3 Trojans-Ransom.AndroidOS.Small.as 11.41
4 Trojan ransom.AndroidOS.Rkor.k 9.88
5 Trojans-Ransom.AndroidOS.Small.as 7.32
6 Trojan Ransom.AndroidOS.Small.o. 4.79
7 Trojan ransom.AndroidOS.Svpeng.aj 3.62
8 Trojan ransom.AndroidOS.Svpeng.ah 3.55
9 Trojan Ransom.AndroidOS.Kongur.e 3.32
10 Trojan ransom.AndroidOS.Fusob.h 3.17

* Percentage of individual users that are attacked by this malware compared to all users of Kaspersky mobile products that are attacked by blackmail trojans.

In recent quarters, the number of discovered blackmail of Trojan horses has gradually decreased, but we still see many attempts to infect these kinds of threats. The most important contribution to the statistics was made by the Svpeng, Congur and Small Families.

Geography of mobile rescue trojans, Q1 2020 (download)

Top 10 countries with a percentage of users being attacked by Trojans with a mobile phone.

  Country* (in English) %**
1 UNITED STATES 0.26
2 Kazakhstan 0.25
3 Iran 0.16
4 China 0.09
5 Saudi Arabia 0.08
6 Italy 0.03
7 Mexico 0.03
8 Canada 0.03
9 Indonesia 0.03
10 Switzerland 0.03

* Excluded from the ranking of the country with relatively few users of Kaspersky mobile products (less than 10,000).
** Percentage of individual users attacked by mobile ransom trojans as a percentage of all Kaspersky mobile product users in the country.

The most important countries in terms of the number of users attacked by mobile phone ransoms are Syria (0.28%), the United States (0.26%) and Kazakhstan (0.25%).

Attacks against Apple MacOS

In the first. In the second quarter of 2020, we discovered not only new versions of common threats, but also a new family of backdoors, of which Backdoor.OSX.Capip.a was the first member. The working principle of the malware is simple: It calls on C&C to execute a shell script, which is then loaded and executed.

Top 20 Threats to MacOS

  Judgement %*
1 Downloader from troyens.OSX.Shlayer.a 19.27
2 AdWare.OSX.Pirrit.j 10.34
3 AdWare.OSX.Cimpli.k 6.69
4 AdWare.OSX.Ketin.h 6.27
5 AdWare.OSX.Pirrit.aa 5.75
6 AdWare.OSX.Pirrit.o 5.74
7 AdWare.OSX.Pirrit.x 5.18
8 AdWare.OSX.Spc.a 4.56
9 AdWare.OSX.Cimpli.f 4.25
10 AdWare.OSX.Bnodlero.t 4.08
11 AdWare.OSX.Bnodlero.x 3.74
12 Hoax.OSX.SuperClean.gen 3.71
13 AdWare.OSX.Cimpli.h 3.37
14 AdWare.OSX.Pirrit.v 3.30
15 AdWare.OSX.Amc.c 2.98
16 AdWare.OSX.MacSearch.d 2.85
17 RiskTool.OSX.Cones.a 2.84
18 AdWare.OSX.Pirrit.s 2.80
19 AdWare.OSX.Ketin.d 2.76
20 AdWare.OSX.Bnodlero.aq 2.70

* Percentage of individual users that are attacked by this malware from all users of Kaspersky security solutions for the macros that are attacked.

In the first. In the first quarter of 2020, the 20 main threats to the macro have not changed significantly. The advertising Trojan Shlayer.a (19.27%) still ranks first, followed by the items Shlayer downloads itself on the infected system, including many advertising applications of the Pirrit family.

It is interesting to note that the unwanted program Hoax.OSX.SuperClean.gen was on position 12 of the list. Like other programs such as Hoax, it is distributed under the guise of a system-cleaning program and immediately after installation scares the user away from problems that would have been found in the system, such as gigabytes of garbage on the hard disk.

Geography of threats

  Country* (in English) %**
1 Spain 7.14
2 France 6.94
3 Italy 5.94
4 Canada 5.58
5 UNITED STATES 5.49
6 Russia 5.10
7 India 4.88
8 Mexico 4.78
9 Brazil 4.65
10 Belgium 4.65

* Excluded from the country rating with relatively few Kaspersky Security Solutions for Macros users (less than 5,000)
** Unique users who have experienced macro threats as a percentage of all Kaspersky Security Solutions for Macros users in the country.

As in previous quarters, Spain (7.14%), France (6.94%) and Italy (5.94%) were the leaders. The most important factor contributing to the number of discoveries in these countries were the well-known advertising applications of Trojans and Shlayer from the Pirrit family.

IoT attacks

IoT threat statistics

In the first. In the third quarter of 2020, the number of IP addresses trying to attack Kaspersky Telnet’s traps has increased significantly. They accounted for 81.1% of all IP addresses attacked, while SSH traps accounted for almost 19%.

Distribution of services attacked by the number of unique IP addresses of the devices that carried out the attack, 1. quarter of 2020.

The situation was similar to that of the monitoring meetings: Attackers have often checked infected traps via Telnet.

Dissemination of work sessions of cybercriminals with Kaspersky traps, 1. quarter 2020.

Telnet attacks

Geography of IP addresses of devices attacked by Kaspersky Telnet 1 Q1 2020 trap (download)

Top ten countries per location of the devices from which the Kaspersky booby trap attacks were carried out.

Country* (in English) %
China 13.04
Egypt 11.65
Brazil 11.33
Vietnam 7.38
Taiwan 6.18
Russia 4.38
Iran 3.96
India 3.14
Turkey 3.00
UNITED STATES 2.57

China has been a leader in the number of attacking robots for several consecutive quarters: in the first quarter of 2009 the number of robots that attacked China in the third quarter of 2020 was 13.04%. As before, Egypt (11.65%) and Brazil (11.33%) follow.

Attacks against SSH

Geography of IP addresses of devices subject to Kaspersky SSH attacks Q1 2020 (download)

Top ten countries by location of the devices from which the Kaspersky SSH traps were attacked

Country* (in English) %
China 14.87
Vietnam 11.58
UNITED STATES 7.03
Egypt 6.82
Brazil 5.79
Russia 4.66
India 4.16
Germany 3.64
Thailand 3.44
France 2.83

In the first. In the third quarter of 2020, China (14.87%), Vietnam (11.58%) and the United States (7.03%) were among the top three countries in terms of the number of unique IP addresses from which SSH trap attacks were launched.

Threats to honey jars

Judgement %*
Trojan Downloader.Linux.NyaDrop.b 64.35
Backdoor.Linux.Mirai.b 16.75
Backdoor.Linux.Mirai.ba 6.47
The back door. Linux.Gafgyt.a. 4.36
Backdoor.Linux.Gafgyt.bj 1.30
Trojan charger: Shell.Agent.p. 0.68
Backdoor.Linux.Mirai.c 0.64
Backdoor.Linux.Hajime.b 0.46
The back door. Linux.Mirai.h. 0.40
Backdoor.Linux.Gafgyt.av 0.35

* Share of the type of malware in the total amount of malware downloaded after a successful attack on IoT devices.

In the first. In the third quarter of 2020, attackers usually downloaded a minimalistic trojan loader, NyaDrop (64.35%), whose executable file does not exceed 500 KB. Threats from the Mirai family have traditionally prevailed: The members took four places in our top ten. This malware will continue to dominate the world of IoT threats for a long time to come, at least until a more advanced (and publicly available) DDoS bot emerges.

Financial threats

Financial threat statistics

In the first. In the third quarter of 2020, Kaspersky solutions blocked attempts to launch one or more types of malware to steal money from the bank accounts of 249,748 users’ computers.

Number of unique users that have been attacked by financial malware, Q1 2020 (download)

Geography of the attack

In order to assess and compare the risk of bank trojans and ATM and POS malware in different countries, we calculated for each country the percentage of Kaspersky product users facing this threat in the reporting period.

Geography of malware attacks in banks, Q1 2020 (download)

Top 10 countries by proportion of users attacked

  Country* (in English) %**
1 Uzbekistan 10.5
2 Tajikistan 6.9
3 Turkmenistan 5.5
4 Afghanistan 5.1
5 Yemen 3.1
6 Kazakhstan 3.0
7 Guatemala 2.8
8 Syria 2.4
9 Sudan 2.1
10 Kyrgyzstan 2.1

* Exceptions are countries with relatively few users of Kaspersky products (less than 10,000).
** Percentage of individual users whose computers are affected by financial malware among all individual users of Kaspersky products in the country.

Top 10 malware families for banks

 

  Name Reviews %*
1 Emotet Backdoor.Win32.Emotet 21.3
2 Zbot Trojan.Win32.Zbot 20.8
3 CliptoShuffler Trojan banker.Win32.CliptoShuffler 17.2
4 RTM Trojan banker.Win32.RTM 12.3
5 Zero Virus.Win32.Nimnul 3.6
6 Griffins Trojan.Win32.Trickster 3.6
7 Neuret Trojan.Win32.Neurevt 3.3
8 The eye of the spy Trojan spy.Win32.SpyEye 2.3
9 Danabot Trojan banker.Win32.Danabot 2.0
10 Nymaim Trojan.Win32.Nymaim 1.9

** Percentage of users attacked by this malware family as a percentage of all users attacked by financial malware.

Repurchase programmes

Quarterly indicators

Attacks on municipal and community organisations and networks have not been facilitated. Given the profitability they represent for cybercriminals, there is no reason to continue this trend for several years.

More and more ransom programs are starting to complete the coding of the data theft. To date, this tactic has been adopted by Redemption Family distributors such as Maze, REvil/Sodinokibi, DoppelPaymer and JSWorm/Nemty/Nefilim. If the victim refuses to pay the ransom for the decryption (e.g. because the data have been restored from the backup), the attackers threaten to disclose the stolen confidential information. These threats are sometimes futile, but not always: The perpetrators of various blackmail programmes have set up sites that effectively publish data from victim organisations.

Number of new changes

In the first. In the third quarter of 2020, we discovered five new ransom families and 5,225 new modifications to these malicious programs.

Number of newly detected recall actions, Q1 2019 – Q1 2020 (download)

Number of users attacked by extortion Trojan horses

In the first. In the first quarter of 2020, Kaspersky’s products and technologies protected 178,922 users from redemption.

Number of unique users who have been attacked by free Trojan horses, Q1 2020 (download)

Geography of the attack

Geography of Trojan horse ransom, T1 2020 (download)

Top 10 countries attacked by rogue Trojans

  Country* (in English) %**
1 Bangladesh 6.64
2 Uzbekistan 1.98
3 Mozambique 1.77
4 Ethiopia 1.67
5 Nepal 1.34
6 Afghanistan 1.31
7 Egypt 1.21
8 Ghana 0.83
9 Azerbaijan 0.81
10 Serbia 0.74

* Countries with relatively few Kaspersky users (less than 50,000) are excluded.
** Percentage of unique users whose computers have been attacked by blackmail trojans among all unique users of Kaspersky products in the country.

The 10 most common ransoms Trojan Family

  Name Reviews %*
1 WannaCry Trojan ransom.Win32.Wanna 19.03  
2 (common stop) Trojan ransom.Win32.Gen 16.71  
3 (common stop) Trojan ransom.Win32.Phny 16.22  
4 Gent-Krabbe Trojan ransom.Win32.GandCrypt 7.73  
5 Stop Trojan ransom.Win32.Stop 6.62  
6 (common stop) Trojan ransom.Win32.encryptor 4.28  
7 (common stop) Trojan ransom.Win32.Crypren 4.15  
8 PolyRance/Virl curl Virus.Win32.PolyRansom,

Purchase of Trojan horses.Win32.PolyRansom

2.96  
9 Crisis / Dharma Trojan ransom.Win32.Crusis 2.02  
10 (common stop) Trojan ransom.Win32.generic 1.56  
           

* Number of Kaspersky users attacked for ransom by the Trojan family as a percentage of the total number of users attacked for ransom by Trojan horses.

Minors

Number of new changes

In the first. In the third quarter of 2020 Kaspersky Solutions discovered 192,036 new modifications by miners.

Number of new minor changes, Q1 2020 (download)

Number of users that have been attacked by minors

In the first quarter, we discovered underage attacks on the computers of 518,857 individual users of Kaspersky Lab products worldwide.

Number of individual users who have been attacked by minors, Q1 2020 (download)

Geography of the attack

Geography of mine attacks, Q1 2020 (download)

The 10 countries attacked by miners

  Country* (in English) %**
1 Afghanistan 6.72
2 Ethiopia 4.90
3 Tanzania 3.26
4 Sri Lanka 3.22
5 Uzbekistan 3.10
6 Rwanda 2.56
7 Vietnam 2.54
8 Kazakhstan 2.45
9 Mozambique 1.96
10 Pakistan 1.67

* Countries with relatively few users of Kaspersky products (less than 50,000) are excluded.
** Individual users whose computers have been attacked by minors as a percentage of all individual users of Kaspersky products in the country.

Vulnerable applications used by cyber criminals inCyber attacks

We have already established that Microsoft Office’s vulnerabilities are the most common. The first quarter of 2020 was no exception: the share of exploits of these vulnerabilities increased to 74.83%. The most common vulnerability in Microsoft Office was CVE-2017-11882, related to a stack overflow error in the Comparison Editor section. The CVE-2017-8570, which is used to embed a malicious script in an OLE object within an Office document, is a heavyweight. A number of other vulnerabilities, such as CVE-2018-0802 and CVE-2017-8759, were also popular with attackers. In the absence of security updates for Microsoft Office, these vulnerabilities are successfully exploited and the user’s system is infected.

Secondly, exploits for vulnerabilities in the web browser (11.06%). In the first quarter, attackers attacked several browsers, including Microsoft Internet Explorer, Google Chrome and Mozilla Firefox. In addition, some vulnerabilities in the APT attacks have been exploited, for example B. CVE-2020-0674, which relates to the incorrect handling of in-memory objects in the outdated version of the JScript scripting engine in Internet Explorer, leading to code execution. Another example is the previously identified CVE-2019-17026, a datatype displacement vulnerability in Mozilla Firefox’s JIT compiler, which also leads to code execution remotely. If an attack is successful, both browsers lead to a malware infection. The researchers also discovered a targeted attack on Google Chrome using the RCE CVE-2020-6418 vulnerability in the JavaScript engine; in addition, the dangerous RCE CVE-2020-0767 vulnerability was discovered in the part of the ChakraCore scripting engine used by Microsoft Edge. Despite the fact that modern browsers have their own protection mechanisms, cybercriminals are constantly finding ways to circumvent them, very often through chains of exploitation. It is therefore very important to always keep the operating system and software up-to-date.

Subdivision of explosive devices used in attacks by type of application under attack, Q1 2020 (download)

This quarter a wide range of critical vulnerabilities in operating systems and their components have been discovered.

  • CVE-2020-0601 is a vulnerability that uses an error in the main cryptographic library of Windows, a certificate validation algorithm that uses elliptical curves. This vulnerability allows the use of false certificates recognised as legitimate by the system.
  • CVE-2020-0729 is a Windows LNK file processing problem that allows remote code execution if the user opens a malicious shortcut.
  • CVE-2020-0688 is the result of a standard configuration error in Microsoft Exchange Server, where the same cryptographic keys are used to sign and encrypt serialized ASP.NET ViewState data so that attackers can execute their code on the server side with system privileges.

Various network attacks on system services and network protocols are more popular than ever with attackers. We continue to seek to exploit SME vulnerabilities with EternalBlue, EternalRomance and similar exploitation kits. In the first. In the fourth quarter of 2020, a new CVE-2020-0796 (SMBGhost) vulnerability in the SMBv3 network protocol was discovered. It leads to remote code execution, so that an attacker does not even need to know the username/password combination (because the error occurs before the authentication phase), but it is only present in Windows 10. Remote Desktop Gateway has two critical vulnerabilities (CVE-2020-0609 and CVE-2020-0610) that allow an unauthorized user to remotely execute code on the target system. In addition, more attempts were made to find Remote Desktop Services and Microsoft SQL Server passwords using the SMB protocol.

Web traps

The statistics in this section are based on a web-based antivirus that protects users when downloading malicious objects from malicious/infected web pages. Malicious websites are specifically created by cybercriminals and can infect web resources with user-generated content (e.g. forums) and endanger legitimate sources.

Countries that are the source of attacks on the web: Top 10

The following statistics show the distribution of sources of Internet attacks blocked by Kaspersky products per country on user computers (exploit redirects websites, exploit and other malware sites, bot services, etc.). Each individual host can be the source of one or more attacks on the web.

To determine the geographical source of attacks on the web, domain names are mapped to their actual domain IP addresses and then the geographical location of a particular IP address (GEOIP) is determined.

In the first. In the third quarter of 2020, Kaspersky’s decisions defeated 726,536,269 Internet resource attacks in 203 countries. 442,039,230 unique URLs were detected as malicious components of a web antivirus.

Country breakdown of the sources of web traps, quarter 2020 (download)

Countries where users are most at risk of online infection

In order to assess the risk of online infection for users in different countries, we calculated for each country the percentage of Kaspersky users whose computers were equipped with web antivirus software during the quarter. The data obtained gives an idea of the aggressive environment in which computers operate in different countries.

This assessment only covers malware attacks classified as malware; it does not include web-based antivirus detection of potentially dangerous or unwanted programs such as RiskTool or Adware.

  Country* (in English) % of users attacked**
1 Bulgaria 13.89
2 Tunis 13.63
3 Algiers 13.15
4 Libya 12.05
5 Bangladesh 9.79
6 Greece 9.66
7 Latvia 9.64
8 Somalia 9.20
9 Philippines 9.11
10 Morocco 9.10
11 Albania 9.09
12 Taiwan, China Province 9.04
13 Mongolia 9.02
14 Nepal 8.69
15 Indonesia 8.62
16 Egypt 8.61
17 Georgia 8.47
18 France 8.44
19 Palestine 8.34
20 Qatar 8.30

* Countries with relatively few Kaspersky users (less than 10,000) are excluded.
** Percentage of unique users affected by malware attacks from all unique users of Kaspersky products in the country.

These statistics are based on the detection rates returned by the Web Antivirus module and received from Kaspersky product users who have agreed to provide the statistics.

On average, 6.56% of Internet users’ computers worldwide have been attacked by at least one class of malware.

Geography of malicious internet attacks, Q1 2020 (download)

Local threats

In this section we analyze the statistical data obtained using the OA and OCP modules in Kaspersky products. Malicious programs that are detected directly on the user’s computer or on removable media attached to the computer (flash drives, camera memory cards, telephones, external hard drives) or that were originally introduced into the computer in an unknown form (e.g. programs in complex installation programs, encrypted files, etc.) are not considered malware.

In the first. In the first quarter of 2020, our antivirus registry registered 164,653,290 malicious and potentially unwanted items.

Countries where users were most at risk of local contamination

For each country, we calculated the percentage of Kaspersky product users on whose computer file antivirus was launched during the reference period. These statistics show the degree of pollution of personal computers in different countries.

Please note that this assessment only covers malware attacks classified as malware; it does not include file-based antivirus triggers in response to potentially dangerous or unwanted programs such as RiskTool or Adware.

  Country* (in English) % of users attacked**
1 Afghanistan 52.20
2 Tajikistan 47.14
3 Uzbekistan 45.16
4 Ethiopia 45.06
5 Myanmar 43.14
6 Bangladesh 42.14
7 Kyrgyzstan 41.52
8 Yemen 40.88
9 China 40.67
10 Benin 40.21
11 Mongolia 39.58
12 Algiers 39.55
13 Laos 39.21
14 Burkina Faso 39.09
15 Malawi 38.42
16 Sudan 38.34
17 Rwanda 37.84
18 Iraq 37.82
19 Vietnam 37.42
20 Mauritania 37.26

* Countries with relatively few Kaspersky users (less than 10,000) are excluded.
** Unique users on whose computers local malware threats are blocked, as a percentage of all unique users of Kaspersky products in the country.

Geography of local infection testing, Q1 2020 (download)

In total, 19.16% of user computers worldwide faced at least one local malware class threat in the first quarter.latest malware threats 2020,2020 threat reports,advanced persistent threat statistics,ransomware trends 2020,malware trends 2020,threat report format,2019 internet security threat report pdf,cyber threat landscape 2018

Read More

Apple’s “MagicPairing” for AirPods – the magic isn’t perfect yet – the Naked Security

Some technologies evoke reactions of love or hate.

Bluetooth seems to be out of place, because many of us love the and that hate it.

It’s incredibly handy when it works well, but at other times you wonder why you didn’t use a simple old-fashioned cable – for example, when the keyboard stops typing in the middle of an important message, or when the headphones need to be reconnected.

Bluetooth also has its share of security issues, especially as one end of a Bluetooth connection is often a low-cost, low-power, low-budget device with limited budget or computing power available for cryptography and security.

As you can imagine, strong encryption is important for a device like a wireless headset that can eventually send and receive a full recording of all your phone calls, zoom meetings and online chats.

Otherwise, anyone who can listen to your Bluetooth signals (or place an unauthorized Bluetooth receiver in the closet or under the table to record your data later) can listen to your work and private life.

 

Read More

Set up your own CentOS VPN server

This tutorial shows you how to configure your own WireGuard VPN server under CentOS. WireGuard is specially developed for the Linux kernel. It runs in the Linux kernel and creates a fast, modern and secure VPN tunnel.

VPN WireGuardFeatures

  • Lightweight and ultra fast, it takes OpenVPN out of the water.
  • Cross platform. WireGuard can run on Linux, BSD, MacOS, Windows, Android, iOS and OpenWRT.
  • User authentication is done by exchanging public keys similar to SSH keys.
  • It assigns static tunnel IP addresses to VPN customers. Some people may not like it, but in some cases it can be useful.
  • Mobile devices can switch seamlessly from Wi-Fi to the mobile network without losing contact.
  • The goal is to replace OpenVPN and IPSec in most applications.

Requirements

This manual assumes that the CentOS operating system runs on both the VPN server and the VPN client.

Step 1: Installing WireGuard on CentOS Server and Desktop.

Connect to your CentOS server and execute the following commands to install WireGuard.

centres 8

for the installation of an eLrepo unlocking system – for the installation of kilometre-long safety cables -s

centres 7

sudo yum install epel-release https://www.elrepo.org/elrepo-release-7.el7.elrepo.noarch.rpm
sudo yum install yum-plugin-elrepo
sudo yum install kmod-wiregard cable tool -y

Then use the same commands to install WireGuard on the local CentOS computer (VPN client).

Step 2: Public/Private Key pair generation

Server

Create a directory for WireGuard.

sudo mkdir /etc/ wired protection/

Run the following command on the CentOS server to create a public/private key pair stored in /etc/wireguard/.

wg genkey | sudo tee /etc/wireguard/server_private.key | wg pubkey | sudo tee /etc/wireguard/server_public.key

Private key for the status of the Centos-wireguard VPN server generator.

Client

Create a directory for WireGuard.

sudo mkdir /etc/ wired protection/

Run the following command to create a public/private key pair on the local CentOS computer (VPN client)

wg genkey | sudo tee /etc/wireguard/client_private.key | wg pubkey | sudo tee /etc/wireguard/client_public.key

Step 3: WireGuardCreating a configuration file

Server

Use a command line text editor such as Nano to create a WireGuard configuration file on a CentOS server. wg0 is the name of the network interface.

install sudo dnf nanosudo nano /etc/wireguard/wg0.conf

Copy the following text and paste it into a configuration file You must use your own private server key and the client’s public key.

Interface] Address = 10.10.10.1/24
SaveConfig = true
PrivateKey = kLmHUf4LNmxtz1uA3riC7MMXzwBFjJrSWE/Lb4p+4Ec =
ListenPort = 51820

Peer] PublicKey = 75VNV7HqFh+3QIT5OHZkcjWfbjx8tc6Ck62gZJT/KRA=
AllowedIPs = 10.10.10.2/32

Centos-wireguard VPN server configuration file .

True:

  • Address : Enter the private IP address of the VPN server. Here I use a 10.10.0.0/24 network range. 10.10.10.1 is the private IP address of the VPN server.
  • SaveConfig : The configuration must be saved during shutdown using the current status of the interface.
  • Private: The VPN server’s private key, which can be found in the /etc/wireguard/server_private.key file on the server.
  • Listen, Port: The WireGuard VPN server listens on the default UDP port 51820.
  • PublicKey: The public key of the VPN client, which can be found in the /etc/wireguard/client_public.key file on the client computer.
  • Tolerable: The IP addresses the VPN customer can use. In this example, the customer can only use the IP address 10.10.10.2 in the VPN tunnel.

Save the file and close it. (To save the file in the NANO editor, press Ctrl+O and then press Enter to confirm. Press Ctrl+X to exit)

Change the file resolution mode so that only the root user can read the files.

sudo chmod 600 /etc/ wired protection/ -R

Client

Use a command line text editor such as Nano to create a WireGuard configuration file on your local CentOS computer. wg-client0 is the name of the network interface.

sudo nano /etc/wireguard/wg-client0.conf

Copy the following text and paste it into a configuration file You must use your own client key and the public key of the server.

Interface] Address = 10.10.10.2/24
DNS = 10.10.10.1
Private key = cOFA+x5UvHF+a3xJ6andLatG+DoE3I5PhMgKrMKKKKUyXI=.

Pear] PublicKey = vxyo4l4I3jWK+KZquNIDJF/hzQq29DOIxSUOrfNZZCs=
Allowed IPs = 0,0,0/0
Endpoint = 12,34,56,78:51820

True:

  • Address : Enter the private IP address of the VPN customer.
  • DNA: Specify 10.10.10.1 (VPN server) as DNS server. It is configured with the resolvconf command.
  • Private: The client’s private key, which can be found in /etc/wireguard/client_private.key on the client’s computer.
  • PublicKey: The public server key, which is in the file /etc/wireguard/server_public.key on the server.
  • Permitted IP addresses: 0.0.0.0/0 represents the entire Internet, i.e. all traffic to the Internet must be routed via the VPN.
  • It comes down to it: Public IP address and port number of the VPN server. Replace 12.34.56.78 with the actual public IP address of your server.

Save the file and close it.

Change the file mode so that only the main user can read files.

sudo chmod 600 /etc/ wired protection/ -R

Step 4: Activate IP forwarding on server

To enable the VPN server to send packets between VPN clients and the Internet, we need to enable IP forwarding. Edit the sysctl.conf file.

sudo nano /etc/sysctl.conf

Add the following line at the end of this file.

net.ipv4.ip_forward = 1

Save the file and close it. Then apply the changes using the command below. The -p option unloads the sysctl parameters from /etc/sysctl.conf. This team will save our changes when the system reboots.

sudo sysctl -p

Step 5: ConfiguringIP masking on server

Run the following command to enable masking of IP addresses in the server firewall.

sudo firewall-cmd –zone=permanent –add-masquerade
sudo systemctl reboot firewall

So you can hide your VPN network from the outside world. For example, the Internet can only see the IP of your VPN server, but not the IP of your VPN client, just like your home router hides your own home network.

Step 6: Install the DNS resolver on server

Since we specify the VPN server as the DNS server for the client, we need to run a DNS resolver on the VPN server. We can install the bind9 DNS server.

sudo dnf installation bracket

Start BIND 9 sec :

sudo systemctl first name

And enable automatic start during download:

sudo systemctl enable with a name

You can check its status:

System status by name

Taking samples:

name.service – Berkeley Internet Name Domain (DNS)
Loaded: loaded (/usr/lib/system/named.service; enabled; vendor default: disabled>
Active: active (running) from Sun 2020-05-17 11:07:34 EDT; before process 9s
: 7203 ExecStop=/bin/sh -c /usr/sbin/rndc stop > /dev/null 2>&1 | /bin/kill -TE>
process : 7218 ExecStart=/usr/sbin/name -u named -c ${NAMEDCONF} $OPTIONS (code=finished,>
Process : 7215 ExecStartPre=/bin/bash -c if [! $DISABLE_ZONE_CHECKING == yes ] ; the >
Main PIN: 7220 (called)
tasks : 4 (Limit: 5045)
memory : 55.5M
CGroup: /system.slice/named.service
└─7220 /usr/sbin/named -u named -c /etc/named.conf -4

Here’s a hint: If the above command is not executed immediately, press Q.

Edit the main configuration file BIND /etc/named.conf.

sudo nano /etc/named.conf

In the Options section you will find the following two lines.

Monitor port 53 { 127.0.0.1; } ;
Monitor-v6 Port 53 { ::1; } ;

It allows the nominal listeners to listen only to the rooms. If you want to allow customers in the same network to query domain names, please comment on these two lines. (add double slashes at the beginning of each line).

// listen to port 53 { 127.0.0.1; } ;
// listen to port 53 { ::1; } ;

Find the next line.

… . . . . .a request for an assignment. . . ;

Add a network range of 10.10.10.0/24 for VPN clients to send DNS queries. Note that you must close each network zone with a semicolon.

allow-query { localhost; 10.10.10.0/24; } ;

Save the file and close it. Restart BIND9 to allow the changes to take effect.

sudo systemctl Reboot with the name

You must then run the following command to have VPN clients connect to port 53.

sudo firewall-cmd –zone=public –permanent –adder-rich-rule=’rule accept family=ipv4-source address=10.10.0/24”.

Step 7: Open the WireGuard port in the firewall

To open the UDP port 51820 on the server, execute the following command.

sudo firewall-cmd –permanent –add-port=51820/udp
sudo systemctl reboot firewall

Step 8: Start wiring

Server

To start WireGuard, execute the following command on the server.

sudo wg-quick up /etc/wireguard/wg0.conf

To stop him, run.

sudo wg-quick down /etc/wireguard/wg0.conf

You can also use the Systemd service to run WireGuard.

sudo systemctl start [protected by email]

If the startup fails, check the log to find out what’s wrong.

sudo journalctl -eu [Protected by e-mail]

Activate Autorun during system startup with the following command.

Enable sudo systemctl [E-mail security].

Check the status with the following command. The status must be active (off).

systemctl [E-mail Security] Status

The WireGuard server is now ready to accept client connections.

Client

Start WireGuard.

sudo systemctl start [protected by email]

If the startup fails, check the log to find out what’s wrong.

sudo journalctl -eu [Protected by e-mail]

Turn on the Autorun during system startup.

Enable sudo systemctl [E-mail security].

Check his condition:

systemctl [E-mail Security] Status

Now go to this website: http://icanhazip.com/ to check your public IP address. If all went well, it should display the public IP address of your VPN server instead of the public IP address of your client computer.

Policy Settlement

By default, all traffic on the VPN client is routed via the VPN server. Sometimes it is sufficient to route a certain type of traffic, depending on the transport layer protocol and the port of destination. This is called policy delivery.

Policy routing is configured on the client computer and we need to stop the VPN connection first.

sudo systemctl stop [protected by email]

Then edit the customer’s configuration file.

sudo nano /etc/wireguard/wg-client0.conf

For example, if you add the following 3 lines to the [interface] section, WireGuard will create a routing table named 1234 and add an ip line to the routing table. In this example, the traffic is routed by the VPN server only if TCP is used as the transport layer protocol and the destination port is 25, i.e. if the client computer is sending e-mail.

Table = 1234
PostUp = Add ip line ipproto tcp dport 25 add table 1234
PreDown = Delete ip line ipproto tcp dport 25 remove table 1234

Political routing arranged by Centos.

Save the file and close it. Then restart the WireGuard client.

sudo systemctl start [protected by email]

VPNDeath switch

By default, your computer accesses the Internet via a standard gateway if the VPN connection is interrupted. You may want to enable a kill switch feature that prevents unencrypted packets from circulating on nonWireGuard interfaces.

Modify the customer’s configuration file.

sudo nano /etc/wireguard/wg-client0.conf

Add the following two lines in the [Interface] section.

PostUp = iptables -I OUTPUT! -o %i -m mark ! –mark $(wg show %i fwmark) -m addrtype ! –dst-type Local -j REACT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! –mark $(wg show %i fwmark) -m addrtype ! –dst type LOCAL -j REJECT

Here we go:

Interface] Address = 10.10.10.2/24
DNS = 10.10.10.1
Private key = cOFA+x5UvHF+a3xJ6andLatG+DoE3I5PhMgKrMKKKUyXI =
PostUp = iptables -I OUTPUT! -o %i -m character ! –mark $(wg show %i fwmark) -m addrtype ! –dst-type LOCAL -j REJECT
PreDown = iptables -D OUTPUT ! -o %i -m mark ! –mark $(wg show %i fwmark) -m addrtype ! –dst type LOCAL -j REACTION

Pear] PublicKey = RaoAdsIEwgV9DHNSubxWVG+nZ1GP/c3OU6A/efBJ0I =
AllowedIPs = 0,0,0/0
Endpoint = 12,34,56,78:51820

Save the file and close it. Then restart the WireGuard client.

sudo systemctl reboot [protected by email]

Packaging

Let’s go, let’s go, let’s go, let’s go! I hope this guide has helped you install and configure WireGuard under CentOS. As always, if you find this message useful, subscribe to our free newsletter for more tips and tricks.

Evaluate this training manual.

On second thought: 0 Average : 0]install wireguard centos 7,wireguard vs openvpn,wireguard demo server,wireguard server gui,wireguard debian,wireguard docs,unable to locate package wireguard,wireguard alpine

Read More

KDE Plasma 5.19 It’s coming soon, this is what’s new

http://31.220.61.170/wp-content/uploads/2020/05/KDE-Plasma-5.19-Arrives-Soon-This-is-Whats-New.jpg

When the new version of KDE-Plasma 5.19 is released at the beginning of June, it will be released with a modest number of changes.

As the beta version of the construction is available for public testing, I have decided to summarize the main features and major improvements that KDE plasma 5.19 should bring. So those of you who are surfing the plasma wave will have a much better idea of what to expect if you can switch to the plasma wave.

This list is only half complete because development is not yet complete. If there are any notable changes or improvements of which you are aware, but which I have overlooked in this list, please let me know in the comment section at the end of the list, and I will add them!

Plasma KDE 5.19

New Features

Developers working on KDE Plasma 5.19 say: …the focus is on making plasma more consistent by customizing and unifying the design of widgets and desktop elements in this cycle by adding additional configuration options.

This really means that Plasma 5.19 does not make many changes to the tent poles (i.e. changes that cannot be overlooked). Instead, the version introduces smaller and less obvious qualitative changes that together make the plasmadesktop more user-friendly.

For example, the practical Info Center application now has a more visual meaning for the rest of the plasma desktop. As an added bonus, the tool can transfer more information about the basic system, including graphical hardware capabilities.

http://31.220.61.170/wp-content/uploads/2020/05/1589845480_509_KDE-Plasma-5.19-Arrives-Soon-This-is-Whats-New.jpg KDE information centre Tool (sic)

Major improvements have also been made in the form of applets and notifications in the system tray, a task that has taken a long time. Part of the collaborative work on standardizing the applets in the Plasma 5.19 system tray features significantly improved audio widgets and more exciting playback of toast media.

Pending major changes, new user account avatars with photos will appear on the user account settings page for Plasma 5.20.

There are also a number of new system monitoring widgets (or Plasmaids in KDE language) for monitoring CPU, RAM and network utilization, which are ideal for monitoring system resources.

http://31.220.61.170/wp-content/uploads/2020/05/1589845480_767_KDE-Plasma-5.19-Arrives-Soon-This-is-Whats-New.jpg Updated desktop widgets

Among the (many) settings on the page are information about the aspect ratio for each available screen resolution, control over the speed of the plasma animation, more granular file indexing and the possibility to adjust the speed of the mouse/touchpad for Plasma on Wayland.

Regarding the Wayland theme, users of 2-in-1 convertible devices will be pleased to know that KDE plasma supports 5.19 screen rotation for Wayland tablets.

At the front of the application, Dolphin (KDE File Manager) allows you to quickly move or copy files from one panel to another in split view mode, while Okular (KDE File Manager) allows you to zoom in to over 1600%!

New background images have also been recorded. It’s called flow. It was originally developed for KDE plasma 5.16. You can download images in resolutions up to 5K directly from the KDE Phabricator.

Plasma production 5.19

KDE Plasma 5.19 will be available in source code directly on the KDE website as soon as it is released in early June (an earlier version of this post said next week; my mistake).

KDE Neon, currently released on Ubuntu 20.04 LTS, will probably complete the release for its users as soon as possible.

The Kubuntu Backports PPA has probably planned a release as well. This allows Ubuntu 20.04 LTS users to upgrade to Plasma 5.19. Please note that although this is possible, users should only upgrade if KDE Plasma 5.19 does not provide long-term support and is not supported by the same current support as Plasma 5.18 LTS.kde plasma 5.18 fedora,kde plasma download,kde neon,kubuntu,kde plasma 6,kde plasma latest version,plasma os,kubuntu plasma

Read More

How to check what graphics card you have on Linux

Whether it’s Nvidia, Radeon or Intel, they can all have problems with Linux. If you are about to solve your graphics problem, you first need to know which graphics card is in your system.

Linux has several commands to check hardware information. You can use it to check which graphics card (also called video card) you have. Let me show you some commands to get information about GPUs in Linux

Checking graphics card information on the Linux Command Line

Checking GPU information on the Linux command line

Use the lspci command to search for graphics card.

The lspci command displays information about instruments connected via PCI buses (connections to peripherals). This command essentially gives you detailed information about all the devices in your system – from keyboard and mouse to sound, network and graphics cards.

By default you have a huge list of these devices. So you have to filter the output for the graphics card with the command grep this way:

lspci | grep VGA

It should contain a line of information about your graphics card:

protected email]:~$ lspci | grep VGA
00:02.0 VGA compatible controller : Intel Corporation HD Graphics 620 (Edition 02)

As you can see, my system is equipped with an Intel HD 620 graphics card.

Get detailed information about the graphics card using the lshw command in Linux.

The lspci team is good enough to see what graphics card you have, but they don’t tell you much. You can use the lshw command to get more information about this.

You may need to install lshw on Fedora, Manjaro and some other distributions not related to Ubuntu.

This team assumes you have root privileges. You should indicate that you are looking for information about the video card (graphics card) in this way:

sudo lshw -C video

And as you can see in the output below, this command gives additional information about the graphics card, such as clock speed, width, drivers, etc..

[protected email]:~$ sudo lshw -C video
[sudo] Password for abhishek :
* Display description
: Product with
VGA compatible controller: Manufacturer of HD Graphics 620
: Physical Identification of Intel : Two buses: [Protected Email]:00:02.0 version: 02 Width: 64 bit hour : 33 MHz
Characteristics: pciexpress msi pm vga_controller bus_master cap_list rom
Configuration: driver=i915 latency=0
Means: irq:139 Memory:

Bonus Tips: Control of graphics card information

Not that you have to use the command line to find the details of the graphics card under Linux. Most Linux distributions (or even better, desktop environments) provide the necessary information in the configuration application.

For example, if you are using the GNOME Desktop environment, you can check the details by going to the About Settings section. This is what it looks like in Ubuntu on April 20th:

Checking Ubuntu GPU graphics card information Checking graphics card information

I hope you find this brief advice useful. You can also use the same commands to find information about the network adapter and processor in Linux.

If you have any questions or suggestions, you can write a comment.

https://i0.wp.com/itsfoss.com/wp-content/uploads/2020/03/check-gpu-info-linux.jpg?fit=800%2C450&ssl=1

Do you like what you read? Please share it with others.how to check which gpu is being used linux,linux get gpu info,linux check gpu usage,ubuntu check graphics card memory,command to check graphics card in ubuntu,check gpu memory linux,linux check gpu driver,check gpu health linux

Read More

Python Pause For User Input – Linux Tip

input() method is used in python 3 for data intake from the user. Sometimes, it requires waiting or pause the input task for a specific period of time for programming purposes. For example, if there is an infinite loop in the script that will terminate based on specific user input, then it will wait for the input from the user in each iteration of the loop. Time module contains sleep() method that can be used to wait a certain period of time in python before taking input. Python contains many other modules to terminate the script based on any key press or pause the execution of the script. How python pause for input can be applied in python script is shown in this article.

Pause the script for user input to terminate:

If you want to wait for the user to press any key before terminating the script then you can call input() method with a message at the end of the script. The following script shows how you can pause the termination of the script and wait for the user’s input. The input() method will take string data and store in the variable, name. If the variable is not empty then a welcome message will print otherwise an error message will print. Next, an instruction message will print to inform the user to press any key. A termination message will print when the user will press any key.

#!/usr/bin/env python3

# Take an user input
name = input(“What is your name? “)
# Check the input value

if(name != “”):
# Print welcome message if the value is not empty
print(“Hello %s, welcome to our site” %name )
else:
# Print empty message
print(“The name can’t be empty.”)

# Wait for the user input to terminate the program
input(“Press any key to terminate the program”)
# Print bye message
print(“See you later.”)

Output:

After executing the script, it waits for a string input. Here, ‘Fahmida’ is typed as a string value. A welcome message is printed with the value and waited for any keypress. A bye message is printed after pressing any key.

http://31.220.61.170/wp-content/uploads/2020/05/Python-Pause-For-User-Input-–-Linux-Hint.jpg

Pause the input for a certain period of time

sleep() method can be used to pause the user input for a certain period of time. In the following script, a simple addition task is given for the user. sleep() method is used here to wait for the user for 5 seconds before typing the answer. Next, if the condition is used to check the answer is correct or incorrect.

#!/usr/bin/env python3

# Import time module
import time

# Print the message
print (“Solve the problem to prove that you are a human being.”)

# Print the question
print(“What the sum of 10 and 40? “)

# Print wait message
print(“Waiting for five seconds for calculating …”)
# Wait for 2 seconds
time.sleep(5)

# Take input from the user
answer = input(“Your answer: “)

# Check the answer
if(int(answer) == 50):
print(“Your answer is correct. Well done.”)
else:

print(“You have failed to prove.”)

Output:

A question will print after running the script and inform the user to wait for 5 seconds to find out the answer. Here, the script is executed two times with a correct answer and an incorrect answer.

http://31.220.61.170/wp-content/uploads/2020/05/1589341133_20_Python-Pause-For-User-Input-–-Linux-Hint.jpg

Pause the script using the input to display the instruction messages

Sometimes it is required to pause the script multiple times using input() method for different purposes. The process of providing information to the user by using multiple messages is shown in the following script. The steps to run any python script are shown here by using multiple input() method. The user has to press any key to show the next steps. The first input() method is used to start showing the message and the last input() method is used to show the termination message.

#!/usr/bin/env python3

# Print the starting message
print(“The steps to run a python script:”)
# Wait for any keypress
input(“Press any key to continue”)
# Wait for any keypress
input(“Write the script in any editor.”)
# Wait for any keypress
input(“Open the terminal by pressing Alt+Ctrl+T.”)
# Wait for any keypress
input(“Type: ‘python scriptname.py’.”)
# Wait for any keypress
input(“You will get your output if the script is error-free.”)
# Wait for any keypress
input(“Press any key to terminate.”)
# Print the termination message
print(“nGood Bye.”)

Output:

The following output will appear after running the script. The user has to press any key five times to complete the execution of the script.

http://31.220.61.170/wp-content/uploads/2020/05/1589341133_67_Python-Pause-For-User-Input-–-Linux-Hint.jpg

Pause the script for the particular input value

If you want to run some scripts continuously until the user press any specific key then you have to define that script inside any infinite loop. This task is shown in this example. Here, an infinite while loop is declared and is expected to take two numbers and print the summation of those numbers in each iteration. At the end of the loop, it will wait for the user to press ‘y’ to continue the loop and repeat the script again.

#!/usr/bin/env python3

# Define a infinite loop
while(True):

# Take two integer numbers
x = int(input(“Enter a number: “))
y = int(input(“Enter a number: “))

# Add two numbers
result = x + y
# Print the summation result
print(“The sum of %d and %d is : %d” %(x, y, result))

# Wait for the user input to continue or terminate the loop
ans = input(“Do you want do again? (y/n)”)
# Terminate the script if the input value is ‘n’
if (ans.lower() == ‘n’):
break

Output:

The script inside the while loop is executed two times here. The first time, after calculating the summation, ‘y’ is pressed and the script of the loop is repeated again. When the user pressed ‘n’ then the loop is terminated.

http://31.220.61.170/wp-content/uploads/2020/05/1589341134_459_Python-Pause-For-User-Input-–-Linux-Hint.jpg

Conclusion:

Pause for the user input is a very common requirement of any programming language. Different purposes of pause for the input are shown in this article by using very simple python examples. I hope, this article will help the reader to know the uses of pause for the input and apply it in the script when requires.bash wait for input yes/no,bash wait for input before continue,bash press enter to continue,expect wait for user input,bash not waiting for user input,zsh script wait for input,makefile wait for user input,bash wait for any input

Read More

Microsoft Patch on Tuesday, May 2020 Edition

Today, Microsoft released software updates to fix at least 111 security holes in Windows and Windows programs. So far, none of the vulnerabilities have been reported as public or detailed, but as always, if you are using Windows on one of your computers, it is time to prepare for the redistribution of the patches.

is the third month in a row that Microsoft is urging the company to fix more than 110 security holes in its operating system and related software. At least 16 bugs are marked as critical, meaning that non-He can be used to install malware or to remotely control vulnerable systems with little or no help from users.

However, by focusing only on the seriousness of Microsoft’s evaluations, the seriousness of the shortcomings addressed this month can be obscured. Todd Schell, senior product manager at security vendor Ivanti, notes that when looking at the usability rating associated with each patch – the extent to which Microsoft believes that each patch can and will be used for malicious purposes – it makes sense to pay equal attention to vulnerabilities that Microsoft has identified with a lower severity, namely Important.

Almost all of this month’s non-critical flaws were considered important by Microsoft.

What is interesting and often overlooked is that only seven out of ten [castles] with a higher operating risk are considered significant, according to Shell. Critical vulnerabilities are often perceived as the most disturbing, but many of these vulnerabilities are classified as important or critical.

For example, Tenable’s Satnam Narang discovered that two remote code execution vulnerabilities in Microsoft Color Management (CVE-2020-1117) and Windows Media Foundation (CVE-2020-1126) can be exploited by asking a user to open a malicious attachment or open a website that contains code designed to exploit vulnerabilities. However, Microsoft believes that these vulnerabilities are less comparable on the basis of their exploitability index.

However, the three weaknesses in the prerogatives most likely to occur have also been addressed, Naranga said. These include a number of significant defects in Win32k (CVE-2020-1054, CVE-2020-1143) and a defect in the graphics component of Windows (CVE-2020-1135). Vulnerabilities Privilege escalation is exploited by attackers after they have gained access to the system to execute code on high privilege target systems. There are at least 56 such corrections in the May issue.

Shell says if your company’s patch prioritisation plan this month focuses on vendor severity or even CVSS scores above a certain level, you may need to reassess your performance.

He advises you to refer to other risk parameters, such as public disclosure, exploitation (of course) and Microsoft-specific exploitability assessment to extend your prioritisation process.

As usual, Adobe has released updates for some of its products every Tuesday of the month. The update for Adobe Acrobat and Adobe Reader includes two dozen critical and important vulnerabilities. There are no security patches for the Adobe Flash Player released this month.

I just want to remind you that although many of the vulnerabilities fixed in the current Microsoft patch package affect the Windows 7 operating system – including the three zero-day bugs – this operating system is no longer supported by security updates (unless you are an organization using the paid Microsoft Advanced Security Update Program, which is available to Windows 7 Professional and Windows 7 Enterprise users).

If you depend on Windows 7 for your daily work, it’s time to think about something new. That something could be a PC with Windows 10. Or maybe you’ve always wanted that brilliant MacOS computer.

If cost is the main motivating factor and the user, you mean, doesn’t do much with the system except surf the web, maybe Chromebook or an old machine with a newer version of Linux is the answer (Ubuntu may be easier for non-Linux residents). Whichever system you choose, it is important to choose one that meets the owner’s needs and ensures that the security system is constantly updated.

Remember, when updating a Windows patch, make sure it is not updated before you have backed up important data and files. Reliable backup means you won’t lose your head if a strange patch doesn’t cause system boot problems.

Be sure to back up your files before installing patches. Windows 10 even has built-in tools to help you do this, either individually for each file/folder, or by making a full boot copy of your hard drive at once.

And if you want to make sure that Windows is configured to pause updates so that you can back up your files and/or system before the operating system decides to restart and apply patches according to your own schedule, read this manual.

As always, if you had any glitches or problems installing any of these patches this month, you may want to consider leaving a comment below; other readers may have experienced the same thing and give some useful tips here. Also keep an eye on Woody Leonhard’s AskWoody blog, which tracks bug-based Microsoft updates every month.

Further lecture :

SANS Internet Attack Center based on vulnerability and severity

Directory of Microsoft security updates

Computer sleep in May 2020. Tuesday Patch

*** It’s the Krebs on Security network of union bloggers, written by BrianKrebs. The original message can be found at the following address: https://krebsonsecurity.com/2020/05/microsoft-patch-tuesday-may-2020-edition/.january 2020 microsoft patch tuesday,critical microsoft updates,microsoft security patches february 2020,microsoft patch schedule,microsoft patch process,microsoft security patch news,feb security patch 2020,microsoft security patch download

Read More

Vcrypt ransomware brings a friend to do the encryption, Naked Security.

Here’s a ransom story with a difference.

The example we looked at in this article is detected by Sophos products such as Troj/Ransom-FXO, but you will also hear that it is called Vcrypt in honor of the file extension used by the malware.

Of course, none of these nicknames describes themselves as they do – they call themselves video_driver.exe, which sounds harmless and claims to be such a video driver:

http://31.220.61.170/wp-content/uploads/2020/05/Vcrypt-ransomware-brings-along-a-buddy-to-do-the-encryption.png

The bad news is that whoever wrote this malware decided it was doubly destructive: Encrypt files on C drive: with the secret decryption key, but delete files from all other drives, scan all letters from A: to Z: except C:, give commands to delete all files and folders it can find.

The good news is that the Ransom FXO programmer didn’t worry much about the encryption and used a tightly encrypted cryptographic key that can be easily extracted from a malicious file.

Actually, this is good news, because there’s no way to cash in a secret key.

It is unusual that the perpetrator of this attack didn’t use Tor or the black web to set up a shopping site where you could see how much it would cost and where to send the Bitcoins.

…they used a regular free hosting website, which has now removed the offensive content, so you couldn’t agree on a password even if you wanted to.

 

Read More

New in 2020-5: ‘Local only,’ ‘local + remote’ or ‘remote only’ security management

How will you manage your protection? You have a choice!

The Emsisoft Cloud Console has come a long way since its introduction last year. Over the past eight months, we have further improved the functionality of our flexible remote management tool by introducing useful new features that reduce traffic for security updates, workspace checks and one-click locks on all your devices.

Although the online console is mainly used by people looking for an efficient way to manage multiple devices, it has also proven to be a good choice for users of a single device. For example, the ability to back up your settings allows you to easily migrate to new hardware as needed, and the cloud log files allow you to perform forensic emergency analysis – even if the device crashes or the operating system is damaged.

In our latest update we continued to use the flexibility of the Emsisoft Cloud Console and introduced three new security management modes.

http://31.220.61.170/wp-content/uploads/2020/05/New-in-2020.5- 'local only' - 'remote local' - or 'remote.png'.

New ways to manage workplace safety

Tip: If your Emsisoft security is not remotely managed yet, you can configure your workplace today. This is part of your license and is provided at no extra cost.
Here are the step-by-step instructions.

New safety control modes

  1. Local only: If you prefer to leave all security settings only on the local computer and want to limit communication with the Emsisoft servers as much as possible, use only the local management mode. License information is always stored in the console workspace, but no settings or logs are stored online. As usual, the software remains connected to the Emsisoft servers for online updates and online malware checks.
  2. Local + remote: Is a state controlled by a cloud console where settings can be changed both locally and online using a security policy This is the ideal configuration for most home and small business users. Any changes to the secure computer do not affect the centralised management policy. This guarantees maximum flexibility and responsibility.
  3. Remote only: For large organizations that do not want their users to have local access to the security settings. The user interface for local protection is greatly reduced and only shows what is needed. Network security administrators can monitor all activities from the cloud console’s central control panel.

http://31.220.61.170/wp-content/uploads/2020/05/1588615004_510_New-in-2020.5- 'local only' - 'remote local' - or 'remote.png'.

Minimalist user interface in remote management

How to change the safety controller

If you are already using the cloud console’s workspace, simply go to the Settings section of the main menu and select a different control mode from above. Note that switching to local mode only will erase all device information stored in your workspace.

For users who still need to set up a workspace for their cloud console, select your preferred mode in the first step of the Workspace Settings section.

All improvements from 2020.5 in brief

Emsisoft Anti-Malware

  • New security management modes for local only, local + remote and remote only.
  • Clean excess settings.
  • A few minor changes and corrections.

MyEmsisoft console/clouds

  • New security management modes for local only, local + remote and remote only.
  • New time zone selector in the user account profile.
  • Improved remote deployment in Active Directory environments.
  • Clean excess settings.
  • A few minor changes and corrections.

Emsisoft emergency kit

  • Clean excess settings.

EmsisoftCommand line scanner

  • Clean excess settings.

How do I get the new version of?

As always, as long as automatic updates are enabled in the program, you will automatically receive the latest version during regular scheduled updates, which are carried out every hour by default.

Pay attention to the users of the company: If you choose to receive delayed updates in the update settings for your customers, they will receive a new version of the software no sooner than 30 days after the regular availability of Stable. This gives you time to run internal compatibility tests before the new version is automatically distributed to your customers.

I wish you a good day and a good defense!emsisoft internet security 12,emsisoft phone number,where is emsisoft located,emsisoft anti ransomware,www emsisoft com en,emilsoft,emsisoft anti malware download,emsisoft removal tool

Read More