Uninstall QuickTime for Windows

If you are a windows user and have the popular quick time application installed on your machine the time has come to part ways and you should uninstall it. The reason for this is the recent disclosure of two zero-day vulnerabilities that have been discovered in the application. The fact that the application contains a zero-day exploits isn't as bad as the fact that apple won't be releasing a patch to fix the vulnerability. This disclosure means that hackers will be actively targeting windows users looking for the quick time application and if you haven't it uninstalled well then you are vulnerable to an attack. Quick Time for Windows follows other software such as Microsoft Windows XP and Oracle Java 6, which are no longer being updated to fix vulnerabilities. That makes them subject to ever-increasing risk as more and more unpatched vulnerabilities are found and cybercriminals attempt to exploit them. The call for users and companies to uninstall Quick Time has been echoed across the security industry so get yourself over to the control panel > add remove programs > Quick Time> Uninstall. 

Unlock files infected by Petya Ransomware

As many people are well aware ransomware has spread through the internet like a wild bush fire encrypting millions of machines across the world. The good news if any is that researchers have broken the petya strain of this plague. This mean that if your machine has been encrypted by this particular strain then you are in luck, don't pay any money over to these criminals get a tech savvy friend and do the following. Download this tool created by Leostone that  exploits a mistake made by Petya's author in the way that the ransomware encrypts a file on a Windows machine, opening opportunities for the decryption key to be determined. To use the decryption tool you will need to attach the Petya affected drive to another computer and extract specific data from it hence why I said get a tech savvy friend. The data that needs to be extracted is 512-bytes starting at sector 55 (0x37h) with an offset of 0 and the 8 byte nonce from sector 54 (0x36) offset: 33 (0x21). This data then needs to be converted to Base64 encoding and used on the petya pay no ransom site to generate the key.

As luck would have it security researcher Fabian Wosar has developed a "Petya Sector Extractor that can collect the specific data needed to use Leostone's tool. All a user needs to do is load up their hard drive on an uninfected Windows computer and run Wosar's solution.
After copying and pasting the information generated by the Petya Sector Extractor, victims can then use Leostone's tool to generate a decryption key. That key will decrypt the victim's infected files once the hard drive has been once again loaded into the infected computer. If you have been infected by other strains of ransomware check out some of my past posts to check if there is a crack available that you can utilize. Until next time all I can say is "think before you click".

Prepare Against Ransomware

In recent months you may have come across articles depicting the chaos that ransomware is causing to businesses and individuals alike across the globe. You may ask what is ransomware? In short it is a malicious software that encrypts your computer system so you are unable to access your data. The reason for this is that the distributor of this software is a criminal and they want you to pay them a fee to release your files. Now the fact that they are a criminal you should not pay but in some cases such as hospitals and other critical services where not paying may have a worse knock on effect then sometimes business and individuals are left with little choice but to cough up the dough. In recent month's however a number of companies and state bodies have started to crack different strains of ransomware and release the keys so if you get infected have a look to see if your key is out there you might get lucky. For the rest of you I have compiled a list if useful precautions to take.


Backup regularly and keep a recent backup copy off-site. There are dozens of ways other than ransomware that files can suddenly vanish, such as fire, flood, theft, a dropped laptop or even an accidental delete. Encrypt your backup and you won’t have to worry about the backup device falling into the wrong hands.

Don’t enable macros in document attachments received via email. Many ransomware attacks arrive in documents, and rely on persuading you to enable macros (embedded document scripts). Don’t do it: Microsoft deliberately turned off auto-execution of macros by default many years ago as a security measure.

Consider installing the Microsoft Office viewers. These viewer applications let you see what documents look like without opening them in Word or Excel itself. In particular, the viewer software doesn’t support macros at all, so you can’t enable macros by mistake!

Be cautious about unsolicited attachments. Crooks who send malware in documents are relying on the dilemma that you shouldn’t open a document until you are sure it’s one you want, but you can’t tell if it’s one you want until you open it. If in doubt, leave it out.

Don’t give yourself more login power than you need. Most importantly, don’t stay logged in as an administrator any longer than is strictly necessary, and avoid browsing, opening documents or other “regular work” activities while you have administrator rights.

Patch early, patch often. Malware that doesn’t come in via document macros often relies on security bugs in popular applications, including Office, your browser, Flash and more. The sooner you patch, the fewer open holes remain for the crooks to exploit.

 UPDATE:
In the past week I came across a case of the .Locky strain of ransomware which seems to be particularly nasty. In researching this strain I came across the below article and it is very much worth a read. You can find the original article here.
-------------------------------------------------------------------------------------------------------------------------

How Just Opening an MS Word Doc Can Hijack Every File On Your System

If you receive a mail masquerading as a company's invoice and containing a Microsoft Word file, think twice before clicking on it.

Doing so could cripple your system and could lead to a catastrophic destruction.
Hackers are believed to be carrying out social engineering hoaxes by adopting eye-catching subjects in the spam emails and compromised websites to lure the victims into installing a deadly ransomware, dubbed "Locky," into their systems.

So if you find .locky extension files on your network shares, Congratulations! You are infected and left with just two solutions: Rebuild your PC from scratch or Pay the ransom.

Locky ransomware is spreading at the rate of 4000 new infections per hour, which means approximately 100,000 new infections per day.

Microsoft MACROS are Back

It is hard to digest the fact that, in this 2016, even a single MS Word document could compromise your system by enabling 'Macros.'

This is where the point to appreciate hacker's sheer brilliance of tactics.

Locky ransomware is being distributed via Microsoft 365 or Outlook in the form of an Invoice email attachment (Word File that embeds vicious macro functions).

The concept of macros dates back to 1990s. You must be familiar with this message: "Warning: This document contains macros."
Now macros are back, as cyber criminals discover a new way to get internet users to open Microsoft Office documents, especially Word files that allow macros to run automatically.

How Does Locky Work?

Once a user opens a malicious Word document, the doc file gets downloaded to its system. However, danger comes in when the user opens the file and found the content scrambled and a popup that states "enable macros".
Here comes the bad part:

• Once the victim enables the macro (malicious), he/she would download an executable from a remote server and run it.
• This executable is nothing but the Locky Ransomware that, when started, will begin to encrypt all the files on your computer as well as network.

Locky ransomware affects nearly all file formats and encrypts all the files and replace the filename with .locky extension.
Once encrypted, the ransomware malware displays a message that instructs infected victims to download TOR and visit the attacker's website for further instructions and payments.
Locky ransomware asks victims to pay between 0.5 and 2 Bitcoins ($208 to $800) in order to get the decryption key.
One of the interesting note on Locky is that it is being translated into many languages, which heighten its attack beyond English boundaries to maximize the digital casualties.

Locky Encrypts Even Your Network-Based Backup Files

The new ransomware also has the capability to encrypt your network-based backup files. So it's time for you to keep you sensitive and important files in a third party storage as a backup plan in order to evade future-ransomware infections.
A researcher named Kevin Beaumont along with Larry Abrahms of BleepingComputer initiallydiscovered the existence of Locky encrypted virus.
To check the impact of Locky, Kevin successfully intercepted the Locky traffic yesterday and realized that the cryptovirus is spreading out rapidly in the wild.

"I estimate by the end of the day well over 100,000 new endpoints will be infected with Locky, making this a genuine major cybersecurity incident — 3 days in, approximately a quarter of Million PCs will be infected," Kevin said in a blog post.

One hour of infection Statistics:

Among the highly impacted countries include Germany, Netherlands, United States, Croatia, Mali, Saudi Arabia, Mexico, Poland, Argentina and Serbia

Protecting Windows 10 (The Basics)

Over the past few months Microsoft have been firing out their new operating system Windows 10 to the world for free. This blog is more aimed at anyone who is just after installing the operating system as chances are if you are a windows user you may have already upgraded or will be doing so in the near future. Like most things that come fresh out of the box to make them work to a level you might expect takes some tweaking. I am going to focus on a few basic steps you should take right away to make your new operating system secure.

1) Run the windows update straight away, I know you may have spend an hour or two installing the dam thing but running windows update will make sure your operating system has the latest patches. To find windows update just click the little search bar at the bottom of your screen and type "windows update" once opened just hit "check for updates" and your done.

2) System restore is turned off by default in Windows 10 so you might want to turn this on. Microsoft have renamed this function as "system protection" so to turn this on head back down to the little search bar and type "This PC" when the logo appears right click on it and select "Properties" click on "system protection" then click "Configure" and turn system protection on.

3) Check your Windows 10 privacy setting by default everything and I mean everything in here is turned on. To get here you go to START > Settings> Privacy spend a bit of time looking over this and make sure you are happy with it.

4) Make sure that all of your applications are updated in an earlier post I mentioned that Secunia PSI was a good application to check this.

5) Make sure you have your anti-virus turned on if you don't have an anti-virus Windows has a build in AV called Windows Defender. You can find Defender by going to the search bar and typing "Windows Defender".

Protecting against phishing

Phishing (pronounced fishing) scams are among the most prevalent forms of cybercrime, targeting unsuspecting victims. Although phishing is widespread, it is possible to identify and prevent. Apart from ensuring you install security software, the best way to combat scams is to educate yourself to what these scams are and how to identify them. I found the below video from Meridian Banking that explains phishing very well, and even though its aimed at Meridian customers you should get the idea.

Now that you have an idea of what phishing is and what forms it can take lets go through some addition steps you can take to protect yourself. 

1) Be wary of emails asking for confidential information - especially information of a financial nature. Legitimate organisations never look for this information over email or the phone, if you get such a call or an email you should contact that organisation independently using know contact information from previous correspondence such as a statement or contract.

2) Make sure you when signing up to a new website's that you read there privacy policy. The majority of commercial websites have a privacy policy, which is usually accessible at the foot of the page. In this policy look for the website's policy on whether it will or will not sell its mailing list. If the site in question does sell its mailing list see do they have a policy that allows you to sign up and opt out of this feature if not you might want to consider do you really need to join the site in question. The majority of spam and potentially dangerous phishing emails you receive come from sites you have signed up to that have sold your mailing information to another company or companies.

3) Make sure you maintain effective software to combat phishing. Most Internet Security suites automatically detect and block fake websites. Some will also authenticate major banking and shopping sites. I have also stated in another blog how you can add security plugins to your browser that will help identify dodgy sites and links.

4) Never use links in an email to connect to a website unless you are absolutely sure they are authentic. It is very easy to add a fake link or hyperlink text that will bring you to a fake site or similar looking website. To avoid this open a new browsers and type in the url subtle differences could bring you to a fake site (eg) ww.aib.ie is the AIB banking site what if the link you received was www.aibbank.ie would you know the difference?

5) Never submit confidential information via forms embedded within email messages. This is not a secure practice and all reputable companies know this. If the form is part of a phishing attack the senders are often able to track all information entered.

6) Think twice about opening attachments from senders you are not familiar with eg. getting an email off an unknown address with an attachment labelled as "invoice". If you are not expecting an invoice and you don't recognize the sender chances are the attachment is carrying a malicious payload delete it!

7) I will end with my pet hate, clicking articles on social media that are clearly made up just so you will click on them. eg  BREAKING NEWS: Pamela Anderson shoots president Obama over views on healthcare! This is clearly a bullshit article don't click on it, you can be guaranteed you are entering a world of spam and malware.

I recently came across a bluebird care campaign surrounding cybercrime and the elderly. As part of that campaign they had an infograph that I think is a super informative and can be viewed by clicking here.

Securing your laptop

For most people laptops are a normal part of their daily lives, however how much thought do people actually put into how secure these devices are? We use laptops for work, banking, our personal data photographs etc so why don't we spend more time securing the devices that we spend so much of our lives on? The main reason is probably effort, it just takes to much effort to worry about all that crap. Whats the worst thing that could happen anyway? I suppose worst case scenario is identity theft followed by all your bank accounts reset to zero and an email to everyone in your contacts of that inappropriate picture you took on a late Saturday night and forgot to erase. But lets not think about what could happen as I am going to give you a list of 5 things you can do to hopefully prevent some of the above.

1) Patch your operating system/ applications

This one is pretty straight forward, Microsoft and Apple both send out regular patches for their operating systems you should take the time to install these and keep your operating system up to date. Most attackers will try and exploit weaknesses in an operating system so by keeping your system patched you are staying a step ahead of at least some attacks.

For information on how to do this on Windows click here

And for apple click here


Once you have your operating system all patched your focus should turn to your applications as the same applies here. A handy tool that I use for this is the free software vulnerability scanner Secunia PSI that can be downloaded here. I don't believe that this works with mac but the link above on apple explains how you can keep all of your iOS applications updated. You should also install an anti-virus software AVG is a good free one for malware you can also install malware bytes this is free for a trial period which should be long enough to get rid of any nasty malware on your system.

2) Create a backup

This is very important and with the flurry of ransomware attacks happening at the moment it may also save you losing a week or twos wages to get your data back. Creating a backup in Windows is actually pretty straight forward.

go to Control Panel - Backup and Restore - Create a system image

Once you get here you need to plug in a hard drive or multiple cds/dvds for your machine to backup to. It takes about 2 hours depending on your system but might save you a major headache long term!

Apple has a number of backup options that can be found here. 

3) Encrypt your hard drive

This is important it also takes a bit of time so do it last thing in the evening as it does effect the performance of your machine whilst running. Remember encrypting your hard drive will keep your data safe if your machine is ever lost or stolen. Windows uses BitLocker to encrypt drives and can be turned on by going to the search bar at the bottom of your screen and typing in "Manage Bitlocker"

this will open up the Bitlocker manager here you can turn bit locker on. If you get an error message about TPM you will need to do the following before you proceed:

1) Log on to Windows 10 computer with the account that has administrative privileges.

2) Click Start and at the bottom of the menu in search box type GPEDIT.MSC command and press enter key.

3) On the opened Local Group Policy Editor snap-in from the left pane expand Computer Configuration > Administrative Templates > Windows Components > Bit Locker Drive Encryption and from the expanded list click to select Operating System Devices.

4) From the right pane double-click “Require additional authentication” at startup.

5) On the opened box click to select Enabled radio button and ensure that under Options section Allow Bit Locker without a compatible TPM checkbox is checked.

6) Once done, click Ok button to allow the changes to take effect and close Local Group Policy Editor snap-in.

Once this is done return to the Bitlocker manager and turn Bitlocker on, it is very important that you keep the recovery password you are given in a safe place as you will need this if you ever forget your password.

Apple uses FileVault to do this and the instruction to do this can be found here.

4) Invest in a VPN

I know I have said this before but I can not stress it enough if you want to keep your online data away from prying eyes and protect yourself whilst using wireless networks a VPN is a must have!! There are tons of premium VPNs on the market so do some home work and find one that suits your budget and expectations. Like I said before I use AirVPN I haven't had any issues with it yet other than a few lingerings DNS issues that may be linked more so to Windows 10 than the VPN. My plan costs €30 for six months and I have unlimited bandwidth, but like I said do your own research and pick a VPN that suits your needs. Stay away from free services unless you really trust to provider even then be wary.

5) Lock-down Windows 10 

Microsoft has more or less given anyone who wants Windows 10 the operating system for free. Now when large multi-nations start giving their products away for free its only natural to ask why. I don't have the answer on this just yet but I am guessing it has something to do with the large amount of access and data their new operating system gives them if a load of options are not turned off. After researching Windows 10 I have altered my privacy settings from on to off as I do not want to share my location, microphone, camera or calendar with Microsoft or any third party applications. The fact that all of these settings are turned on by default is a bit worrying as many non-tech users are unknowingly sharing all of their private information with both Microsoft and third party applications. To turn all of these setting to off navigate to the bottom right of your screen and click on the notification manager. This is the little box that looks like a chat icon. From here select the all settings tab, you can now navigate to privacy and choose what setting you want turned on or off. I recommended turning everything off unless you rely on an application that requires some of these features left on. And next time you get something for free maybe consider what the motive is for such a generous giveaway in an age where data is the new gold.

If you want to read a bit more about Windows 10 and get more indepth advice on how to lock down certain features I suggest reading: How to secure Windows 10: The paranoid's guide