Loading...

July 06, 2018

can be the cause of unexplained chest pain (Stress)

Each year, many people seek emergency treatment for unexplained chest pains. A thesis from the Sahlgrenska Academy, University of Gothenburg, Sweden, indicates several common factors among those affected, including stress at work, anxiety,
depression and a sedentary lifestyle.
Chest pain is a common reason for patients to seek emergency treatment. A considerable number of patients are diagnosed with unexplained chest pain, which means that the pain cannot be linked to biomedical factors such as heart disease , or some other illness. The patient group is significant in size, with just over 20,000 patients seeking hospital treatment in 2006, and so far researchers have been unable to identify specific causes for unexplained chest pain.
"Many suffer from recurring bouts of pain over several years, while the healthcare services are unable to find out what's causing it," says Registered nurse Annika Janson Fagring, the author of the thesis.
In her thesis, Annika Janson Fagring describes and analyses symptoms among patients with unexplained chest pain. The results show that most of them are middle-aged, and that over a third of those affected were born outside Sweden. The chest pain had a negative impact on the patients' daily life in the form of tiredness , anxiety and fear of death.
"The main difference between women and men with unexplained chest pain is that men were more likely to perceive their lives and jobs as being stressful, while women tended more to suffer from symptoms of depressions and anxiety," says Annika Janson Fagring.
The patients, both men and women, experienced more symptoms of depression and anxiety, and work-related stress when compared with a reference group of people who were not suffering from heart disease. The male patients were more physically active in their spare time than the female patients, but compared with the reference group, both the men and the women with unexplained chest pain led a more sedentary lifestyle.
The thesis also looks at the development of symptoms and the prognosis for patients with unexplained chest pain over a period of time, compared with patients suffering from angina and patients who had suffered a heart attack . A register study revealed that from 1987 up until 2000, the number of patients with diagnosed unexplained chest pain increased, and then levelled out. The number of patients with angina increased up until 1994 and has since fallen, while the number of patients who have suffered heart attacks has fallen throughout the whole period examined.
There were fewer deaths among patients with unexplained chest pain a year after they became ill, compared with patients that became ill with angina or suffered heart attacks. Deaths among men a year after falling ill with unexplained chest pain were a third higher compared with men in the rest of the population, while women did not display any increased risk of death.
Annika Janson Fagring says that the thesis shows that it is important to improve knowledge and understanding of the symptoms experienced by patients with unexplained chest pain, in order to be able to offer more individualised care.

ch Health Care System

The public health insurance program in France was established in 1945 and its coverage for its affiliates have undergone many changes since then. One of the major changes has resulted in the expansion to all legal residents, under the law of universal coverage called la couverture maladie universelle (universal health coverage). It is based on the principle of solidarity, guarantying financial protection against life´s contingencies for everyone.
Originally, professional activity (being in employment) was the basis of the funding and benefits of the French public health insurance system known as the
Sécurité Sociale (social security). The main fund covers eighty percent of the population. There are two additional funds for the self-employed and agricultural workers.
Reimbursement is regulated through uniform rates. The financing is supported by employers, employee contributions, and personal income taxes. The working population has twenty percent of their gross salary deducted at source to fund the social security system.
The contribution of financing through personal income taxes has gradually increased and its purpose is to make up for the fall in remuneration, reduce price changes on the labor market and allocate the system´s financing among citizens equitably.
Employer and union federations jointly control the funds under the State´s supervision. This involves an intricate collaboration between the various entities of the system.
About seventy five percent of the total health expenditures are covered by the public health insurance system. A part of the balance is paid directly by the patients and the other part by private health insurance companies that are hired individually or in group ( assurance complémentaire or mutuelle, complementary insurance or mutual fund).
The State
The State sees that the whole population has access to care; it dictates the types of care that are reimbursed, and to what degree, and what the role is of the different participating entities.
The State is in charge of protecting patient´s rights, elaborating policies and enforcing them. It is responsible for public safety.
Health authorities plan the size and numbers of hospitals. They decide on the amount and allocation of technical equipment (such as MRI , CT scans…). Through its agencies, the State organizes the supply of specialized wards and secures the provision of care at all times.
In recent years, regional authorities have taken a growing role in policy-making and negotiation.
Hospitals
There are two general categories:
The public sector , which accounts for 65% of hospital beds. Public hospitals are responsible for supplying ongoing care, teaching and training.
Private hospitals are profit oriented. They concentrate on surgical procedures and depend on their fee-for-service for funding.
There is no significant difference in the quality of care between public and private hospitals.
In France, there are 8.4 hospital beds per 1,000 people.
Health Professionals
Health professionals and physicians usually work in both public hospitals and private practices. About 36 percent of physicians work in public hospitals or establishments. They are in essence public servants, and the amount they are paid is determined by the government. However, 56 percent of physicians work in private practices because of the difficult working conditions in hospitals.
Experts set the relative price of procedures that are then negotiated by physicians' unions and public health insurance funds. Around ninety seven percent of practitioners conform to the Tarif de convention (tariff references) which sets prices. Tariff references are the fixed rates to be used by doctors set by the national convention for all health services. Medical practitioners and clinics/hospitals who are not
conventions (complying with the tariff references) have to display their prices.
In some situations, certain medical practitioners (such as surgeons with extra qualifications or experience) can charge more than the Tarif de convention . The extra fee is called a dépassement .
There are 3.37 physicians per 1,000 people.
There was a reform in July of 2005 which put in place a process of coordinated care. The patient first visits his/her médecin traitant (general practitioner). This physician has been previously registered at the caisse d´assurance sociale as the one in charge of the coordination of care for the patient. In case the physician or his substitute is unavailable, the patient can consult another physician and inform his/her
caisse d´assurance - this does not affect his/her entitlement reimbursement. The patient is free to change to another general practitioner but has to report the change.
The médecin correspondant (correspondent doctor) is the physician to whom the patient has been referred and is usually a specialist. With the authorization of the patient, this physician sends the relevant information to the médecin traitant in order to follow up and coordinate care.
Several specialists have direct authorization for passing on information relevant to care, such as
gynecologists , ophthalmologists and psychiatrists.
The service of gynecologists, ophthalmologists and dentists are covered by the State without a referral by a médecin traitant (the patient does not have to go to his/her General Practitioner first).
The patient has to present his card called "Carte Vitale" which transmits all transactions to the caisse d' assurance where he/she is registered. All medical procedures (hospitalization, laboratory tests, x-rays…) have to take place in the locality of his/her caisse d´assurance. However, the patient can buy medicines anywhere in France and have the reimbursement later deposited on his/her bank account, usually within a ten-day-period.
An average of 70 percent of the cost of a visit to a family doctor or specialist is refunded. Reimbursements are on average of: 95 percent for a major surgery, 80 percent for minor surgery, 95 to 100 percent for pregnancy and childbirth, 70 percent for x-rays, routine dental care and nursing care at home. Reimbursements for prescribed medicines depend on the type of medication and range from 15 percent to 65 percent.
The percentage that is to be paid by the patient and not reimbursed by the Sécurité sociale is called ticket modérateur . This fraction varies following each individual´s obligatory regime set by the tariff references allocated to various medical treatments and associated fees encountered.
A patient can receive 100 percent coverage under certain conditions, such as having a chronic or acute medical condition (including cancer , insulin-dependent diabetes, heart disease…), requiring long-term care, having a long-standing condition, requiring a hospital stay of more than 30 days.
Beneficiaries of the RMI ( revenu minimum d´insertion , minimum revenue of introduction) are automatically affiliated to the social security system. They are several requirements to qualify, but essentially every legal resident in France who earn less than a certain amount are entitled to this financial aid. As soon as they are affiliated, they also entitled to the health coverage. Those individuals are entitled to a 100 percent reimbursement of medical and hospital costs.
Complementary Insurance
Since health expenditure is growing in France, there has been ongoing concern about the deficit of the
Sécurité Sociale and governments have been inclined to reduce the degree of reimbursement. As a result, more individuals are turning to l´assurance complémentaire (complementary insurance). This health insurance covers all or part of the costs not reimbursed by the health system.
The complementary insurance offers an extensive range of plans. The patient has to select the one that is best suited to his situation and needs to take into consideration his/her state of health, medical consumption, family, income and place of residence.
Expatriates in France
Since 2007, there have been some changes for EU citizens residing in France, introducing restrictions in their access to the health care system. This affects inactive individuals (not in employment) that do not have a professional activity (not working) or are looking for work, or students. The reason for those limitations is that France has to conform to the European community rules, like the other countries in the community. The new conditions of the right of stay have direct consequences on the social benefits in France.
Right of stay for inactive residence (not in employment) depends on two conditions:
They need to have a reasonable level of income in order not to become a burden for the State.
They need to have health coverage.
The conditions for inactive EU residents already living on France before November 2007 remain the same.
Students and retired people need to have medical coverage. Students usually have medical coverage from their country of origin or through the French Social Security for students; this applies to students under 28 years of age. Retired individuals, in most cases have health insurance from the country where they worked.
If an EU resident becomes sick and does not fulfill those two conditions and has been residing in France for less than three months, this person is entitled to
dispositif soins urgent (emergency care device ). If the person has been residing for more than three months, he/she is entitled to l´Aide Médicale d´Etat (state medical aid).
Inactive EU residents can receive the couverture maladie universelle (universal health coverage) known as CMU if they are legal residents (stable and uninterrupted).
CMU de base (basic CMU)
Basic CMU helps anyone living in France who is not covered by another type of insurance get access to medical care and reimbursement of services and medication. People from all levels of income are entitled to it. The affiliation is not automatic and the person has to apply for it. It covers part of the medical services for the legal resident and the people in his/ her household. It covers typically seventy percent of a doctor's visit.
CMU complémentaire (complementary CMU)
Complementary CMU facilitates access to health care for people with low income residing in France for more than three months, in a stable and uninterrupted manner. These individuals have one hundred percent coverage without advance payment for the health services or medication (they are fully covered, no money upfront needed). The income of the individual´s household must not exceed a maximum amount. The spouse or partner of the individual, as well as the dependents under 25 years of age are also included in this coverage. It is renewable on a yearly basis.
If a person is a foreign national, outside EU member states or Switzerland, he/she must justify their right of residence in France in order to gain right to the State healthcare.
After five years of legal residence all EU nationals gain permanent right of residence and therefore become fully entitled to the CMU.
Any EU expatriate not officially retired (under retirement age), not working, and not having lived in France for more than five years will lose their right to the French state healthcare except for those who have been living in France since before November of 2007.
Life expectancy in France topped 80 years in 2004. The French health care service is certainly costly to maintain, but it remains one of the best in the world, offering a large choice of general practitioners and healthcare specialists.
Written by Stephanie Brunner B.A.
Original article date: 27 June 2004
Article updated: 8 June 2009

relationships between adult children and parents

The majority of parents and adult children experience some tension and aggravation with one another, a new study suggests.
But parents generally are more bothered by the tensions - and the older the child, the greater the bother.
"The parent-child relationship is one of the longest lasting social ties human beings establish," said Kira Birditt, lead author of the study and a researcher at the University of Michigan Institute for Social Research (ISR). "This tie is often highly positive and supportive but it also commonly includes feelings of irritation, tension and ambivalence."
The study will be featured in an upcoming issue of the journal Psychology and Aging.
For the study, supported by a grant from the National Institutes of Health, Birditt and colleagues at Purdue and Pennsylvania State universities analyzed data on 474 parents and adult children who were at least 22 years old. The adult children lived within 50 miles of their parents. African Americans made up one-third of the sample and the rest were European Americans.
The researchers asked about tensions related to a variety of topics, including personality differences, past relationship problems, children's finances, housekeeping habits, lifestyles, and how often they contacted each other.
Parents and adult children in the same families had different perceptions of tension intensity, with parents generally reporting more intense tensions than children did particularly regarding issues having to do with the children's lifestyle or behavior (finances, housekeeping). According to Birditt, tensions may be more upsetting to parents than to children because parents have more invested in the relationship. Parents are also concerned with launching their children into successful adulthood.
Both mothers and fathers reported more tension in their relationships with daughters than with sons. Daughters generally have closer relationships with parents that involve more contact which may provide more opportunities for tensions in the parent-daughter tie.
Both adult sons and adult daughters reported more tension with their mothers than with their fathers, particularly about personality differences and unsolicited advice. "It may be that children feel their mothers make more demands for closeness," Birditt said, "or that they are generally more intrusive than fathers."
Birditt found it surprising that parental perceptions of tension increased with the adult children's age, particularly about topics having to do with how they interact (e.g., personality differences). "Middle-aged children may be less invested in the parent-child tie than young adult children because they're more likely to have formed their own families and experience multiple role demands," Birditt said. And as parents age and come to want or need more from their relationship with adult children, adult children may pull away, creating greater relationship tensions.
Although most parents and adult children experience at least a little tension, Birditt found that some topics were more harmful than others to parent-child relationships.
"Relationship problems like basic personality differences and parents providing unsolicited advice tend to cause more problems," Birditt said. "It may be that these kinds of tensions are longer-term, and reflect deep-seated conflicts that you just can't escape, whereas conflicts about lifestyles, education or finances can sort of be put off to the side if you make an effort."
In related, unpublished research, Birditt analyzed the strategies parents and adult children used to cope with relationship tensions. The good news is that both parents and children were most likely to deal with problems constructively by trying to accommodate each other's wishes when problems came up, working to find solutions to problems, and trying to accept and understand the other's point of view.
The more intense the tension level, though, the less likely parents and children were to use constructive strategies and the more likely they were to try avoiding the issues or use destructive strategies such as yelling or arguing. And according to Birditt, that is bad news. Avoidance and destructive strategies are associated with poorer quality relationships overall.
"The old adage, 'If you can't say something nice, don't say anything at all,' isn't good advice for parents and adult children," she said. "Avoidance doesn't work as a strategy for dealing with conflicts. It appears to make things worse."

Healthy And Young Looking Skin

Skin experts say that the best way to keep your skin healthy and looking young is to protect it from the sun and not smoke: and after that, taking care with how you wash, moisturize your skin and shave also help.
According to a British Association of Dermatologists survey carried out in 2008, many Britons are unaware that sun protection can keep the skin looking younger, believing instead that applying a daily moisturizer, eating a healthy diet, drinking plenty of water and having facial massages will suffice.
The Sun Awareness campaign officer at the Association, Maria Tabou, told the press at the time that such measures will have "nowhere near the anti-ageing impact of sun protection".
Not only does exposure to UV increase a person's risk of skin cancer, it also affects the elastin in the skin, which leads to wrinkles and sun-induced skin ageing such as leatheriness and blotchy pigmentation.
Featured below are 5 tips for healthy skin...
Tip #1 for healthy skin: Sun protection
Ensure you protect your skin from the sun to maintain healthy skin
According to the Mayo Clinic in Rochester, Minnesota, USA, a non-profit organization with an international reputation, most of the changes seen in ageing skin are actually "caused by a lifetime of sun exposure".
To protect yourself from the sun, they advise the following three methods (with maximum protection coming from using all three).
Avoid the sun during high intensity hours : the sun's rays do the most damage between 10 am and 4 pm, so limit the time you spend outside during this period.
Wear protective clothing : wear long sleeved shirts, long trousers or pants and a hat with a wide brim. Remember that tight woven fabric (eg denim) offers better protection than loosely woven fabrics like knits.
Use sunscreen : go for a broad spectrum sunscreen with an SPF (sun protection factor) higher than 15 and apply generously about 20 minutes before you go out and then every two hours. You will need to apply more frequently if you go in the water or sweat a lot.
Tip #2 for healthy skin: Don't smoke (and watch the alcohol)
Research shows that smoking alone ages skin. In a study published in the Archives of Dermatology in 2007, researchers at the University of Michigan, Ann Arbour, in the US, described how they examined the upper inner arms of smokers and non-smokers aged from 22 to 91 and found that after taking into account age and other variables, the number of packs of cigarettes that the smokers smoked per day was significantly linked to skin ageing. They looked at the skin on the upper inner arms to minimize the influence of sun exposure.
Indy Rihal from the British Skin Foundation told NHS Choices that smoking reduces the skin's natural elasticity by promoting the breakdown of collagen and also reducing the amount that is produced.
Collagen, a protein that helps skin strength, gradually degrades with age, leading to wrinkles. Smoking causes this to happen sooner and also causes the tiny blood vessels in the skin to tighten, which reduces the amount of oxygen and nutrients that the skin cells receive, which also reduces elasticity and accelerates ageing.
The Mayo Clinic also suggest that exposure to heat from burning cigarettes damages facial skin and that certain smoking behaviours contribute to wrinkles, because of the repetitive facial expressions that smokers make, such as pursing the lips on inhaling and squinting their eyes to keep the smoke out.
Drinking alcohol can make your body and skin dehydrated, leaving the skin looking old and tired. So if you are drinking alcohol drink plenty of water and stick to sensible amounts. Have a non-alcoholic drink like soda water or watery fruit juice in between the alcoholic ones to help your body rehydrate.
Tip #3 for healthy skin: Clean your skin regularly and apply moisturizer
A British Skin Foundation survey published in January 2008 found that an astonishing 50 per cent of people who wear make up in the UK are damaging their skin by not removing make up before they go to bed.
The reasons for not cleansing the skin of make up before going to bed were also revealing in that most people were too tired to take it off, suggesting they were not getting good quality sleep which also affects skin health. A significant proportion also said they had had too much to drink or simply couldn't be bothered.
Cleansing is an important part of skin care because it removes dirt and bacteria ; and the key is to do it gently.
Use warm rather than hot water and limit the time you spend in the bath or shower to 15 minutes or less as too much time in hot water strips oils from your skin.
Moisturizing protects the skin from drying and acts as a protective layer for the skin
Also, use mild rather than strong soaps and avoid irritating additives such as perfumes and dyes, especially if you have sensitive skin.
When removing make up take care with the delicate skin around the eyes, and if you use waterproof make up you may need an oil-based product to make sure you get it all off.
When you have finished try to pat your skin dry so some moisture stays on it.
Moisturizing is important because it protects the skin from the weather and from drying up and looking dull. It helps your skin maintain its natural moisture levels too, say the Mayo Clinic experts, because it seals in the water already in the skin or slowly release water into the skin.
You may be surprised to know that according to the British Skin Foundation the price of a moisturizer is not a measure of how good it is: cheaper ones can be just as effective.
If you have dry skin avoid alcohol-based products and if you have oily skin avoid oil-based products (use water-based instead).
Some people with oily skin don't need moisturizer: if your skin feels tight 20 minutes after bathing, then you probably do.
Tip #4 for healthy skin: Get enough quality sleep
Focus on quality sleep to keep your skin looking young and healthy
Sleep is essential for healthy skin . Not enough quality sleep will make your skin look tired and older, especially with bags under your eyes. Poor quality sleep can become a vicious cycle because lack of sleep makes you irritable, anxious and depressed, and that makes it harder to get good sleep.
Make sure you have plenty of physical exercise as this reduces stress and creates a healthy tiredness that helps sleep. Yoga and swimming are also good ways to improve sleep.
Aerobic exercise increases the oxygen circulating in your body which helps the skin stay vibrant and healthy.
Here are some more tips for getting a good night's sleep
Try to keep to a regular routine at bedtime.
Have a warm bath to relax you.
Learn how to put aside the "worry list" that is in your head: write it down, keep a pencil and pad of paper by your bed.
Get a relaxation tape: don't watch TV late at night or in bed as this can stimulate rather than relax you.
Avoid eating a heavy meal late at night. Try to eat your last food for the day 2 to 3 hours before bedtime.
Drink plenty of water during the day rather than toward bedtime.
If you wake in the night get up and do something distracting until you are sleepy again rather than toss and turn and worry in bed.
Keep your bedroom cool, dark and quiet. It should be a haven of peace and not a den of noise and stimulation.
Keep an eye mask and ear plugs handy.
Avoid stimulants like caffeine and nicotine in the evenings: drink camomile tea rather than cocoa to induce sleep at bedtime (but not too much or you will be up in the night for the toilet).
Tip #5 for healthy skin: Shave with care
People shave to make their skin smooth and hairless, but this can irritate the skin, especially if it is thin, dry and sensitive.
For a smooth shave the Mayo Clinic experts advise that you shave after a warm bath or shower (or press a warm wet cloth on your skin) to soften the hair, don't shave dry skin, use a clean, sharp razor, and shave in the direction of hair growth.
Make sure you rinse well afterwards with warm water to remove soap and dead cells.
If your skin is irritated after shaving don't use an alcohol based lotion even if it feels cool, it will make the irritation worse because it dries the skin out.

Virus Decides If Your Computer Good for Mining or Ransomware

Security researchers have discovered an interesting piece of malware that infects systems with either a cryptocurrency miner or ransomware , depending upon their configurations to decide which of the two schemes could be more profitable.
While ransomware is a type of malware that locks your computer and prevents you from accessing the encrypted data until you pay a ransom to get the decryption key required to decrypt your files ,
cryptocurrency miners utilize infected system ' s CPU power to mine digital currencies .
Both ransomware and cryptocurrency mining-based attacks have been the top threats so far this year and share many similarities such as both are non - sophisticated attacks , carried out for money against non - targeted users , and involve digital currency .

However , since locking a computer for ransom doesn ' t always guarantee a payback in case victims have nothing essential to losing , in past months cybercriminals have shifted more towards fraudulent cryptocurrency mining as a method of extracting money using victims ' computers .
Researchers at Russian security firm Kaspersky Labs have discovered a new variant of Rakhni ransomware family, which has now been upgraded to include cryptocurrency mining capability as well .
Written in Delphi programming language , the Rakhni malware is being spread using spear -phishing emails with an MS word file in the attachment , which if opened , prompts the victim to save the document and enable editing.
The document includes a PDF icon, which if clicked , launches a malicious executable on the victim' s computer and immediately displays a fake error message box upon execution , tricking victims into thinking that a system file required to open the document is missing .
How Malware Decides What To Do
However , in the background , the malware then performs many anti- VM and anti - sandbox checks to decide if it could infect the system without being caught . If all conditions are met, the malware then performs more checks to decide the final infection payload , i. e . , ransomware or miner .
1 . ) Installs Ransomware —if the target system has a ' Bitcoin' folder in the AppData section .
Before encrypting files with the RSA - 1024 encryption algorithm, the malware terminates all processes that match a predefined list of popular applications and then displays a ransom note via a text file.
2 . ) Installs cryptocurrency miner —if ' Bitcoin' folder doesn ' t exist and the machine has more than two logical processors .
If the system gets infected with a cryptocurrency miner, it uses MinerGate utility to mine Monero ( XMR ) , Monero Original ( XMO ) and Dashcoin ( DSH ) cryptocurrencies in the background .
Besides this, the malware uses CertMgr. exe utility to install fake root certificates that claim to have been issued by Microsoft Corporation and Adobe Systems Incorporated in an attempt to disguise the miner as a trusted process.
3 . ) Activates worm component —if there ' s no ' Bitcoin' folder and just one logical processor .
This component helps the malware to copy itself to all the computers located in the local network using shared resources.
" For each computer listed in the file the Trojan checks if the folder Users is shared and, if so , the malware copies itself to the folder \AppData \Roaming\Microsoft\Windows \Start Menu\Programs \Startup of each accessible user , " the researchers note.
Regardless of which infection is chosen , the malware performs a check if one of the listed antivirus processes is launched . If no AV process is found in the system , the malware will run several cmd commands in an attempt to disable Windows Defender.
What ' s more ? There ' s A Spyware Feature As Well
" Another interesting fact is that the malware also has some spyware functionality – its messages include a list of running processes and an attachment with a screenshot, " the researchers say .
This malware variant is targeting users primarily in Russia ( 95 . 5 % ) , while a small number of infection has been noticed in Kazakhstan ( 1 . 36 % ) , Ukraine ( 0 . 57 % ) , Germany ( 0 . 49 % ) , and India ( 0 . 41 % ) as well .
The best way to prevent yourself from being a victim of such attacks in the first place is never to open suspicious files and links provided in an email. Also, always keep a good backup routine and updated anti- virus software in place.

Ex - NSO Employee Caught Selling Stolen Phone Hacking

A former employee of one of the world' s most powerful hacking companies NSO Group has been arrested and charged with stealing phone hacking tools from the company and trying to sell it for $ 50 million on the Darknet secretly .
Israeli hacking firm NSO Group is mostly known for selling high - tech malware capable of remotely cracking into Apple ' s iPhones and Google ' s Android devices to intelligence apparatuses , militaries, and law enforcement around the world.


However , the phone hacking company has recently become the victim of an insider breach attack carried out by a 38 - year- old former NSO employee , who stole the source code for the company' s most powerful spyware called
Pegasus and tried to sell it for $ 50 million on the dark web in various cryptocurrencies , including Monero and Zcash , Israeli media reported .
That ' s much higher than the actual NSO Group ' s price tag for Pegasus , which reportedly sells for under $ 1 million per deployment.
If you remember , Pegasus is the same spyware that was used to target human rights activist
Ahmed Mansoor in the United Arab Emirates in mid- 2016 .
Pegasus can hack mobile phones remotely , allowing an attacker to access an incredible amount of data on a target victim, including text messages, calendar entries , emails, WhatsApp messages, user ' s location , microphone , and camera—all without the victim' s knowledge .
According to an indictment filed by Israel ' s attorney general , which does not name the employee , the accused worked in NSO' s quality assurance department , and upon realizing that he was going to lose his job , he copied top - secret code from NSO' s networks to an external hard drive after disabling McAfee security software on his PC.

Following his dismissal on April 29 , the accused contacted an unidentified individual on the darknet , representing himself as a member of a hacking crew who had successfully broken into NSO computers and attempted to sell the hard drive containing the spyware code for $ 50 million .
Ironically, the buyer himself in turn informed the company about their leaked hacking tools and the sale on the dark web .
NSO Group said the company quickly identified the breach and unnamed suspect and contacted the authorities , adding that no material had been shared with any third - party and that no customer data or information was compromised .
The suspect was arrested on June 5 , and the stolen property was secured. He was then charged with an attempt to sell security tools without an appropriate license , employee theft , and attempt to harm property in a manner that could hurt state security .
With 500 employees and valued at $ 900 million , NSO Group has been in a deal worth $ 1 billion with US - based software company Verint Systems who' s willing to merge its security division with NSO, revealed in May this year .

samples in the wild are " hijacked " versions of the original malware

It turns out that most samples of the LokiBot malware being distributed in the wild are modified versions of the original sample, a security researcher has learned .
Targeting users since 2015 , LokiBot is a password and cryptocoin - wallet stealer that can harvest credentials from a variety of popular web browsers , FTP , poker and email clients , as well as IT administration tools such as PuTTY .
The original LokiBot malware was developed and sold by online alias " lokistov , " a. k . a . " Carter , " on multiple underground hacking forums for up to $ 300 , but later some other hackers on the dark web also started selling same malware for a lesser price ( as low as $ 80 ) .

It was believed that the source code for LokiBot was leaked which might have allowed others to compile their own versions of the stealer.
However , a researcher who goes by alias " d 00 rt " on Twitter found that someone made little changes ( patching ) in the original LokiBot sample , without having access to its source code , which let other hackers define their own custom domains for receiving the stolen data .
Hackers Are Actively Spreading " Hijacked " Versions of LokiBot
The researcher found that the C&C server location of the malware , where the stolen data should be sent , has been stored at five places in the program—four of them are encrypted using Triple DES algorithm and one using a simple XOR cipher .
The malware has a function , called " Decrypt 3 DESstring, " that it uses to decrypt all the encrypted strings and get the URL of the command - and- control server .
The researcher analyzed the new LokiBot samples and compared them with the old original sample , and found that Decrypt 3 DESstring function in new samples has been modified in a way that it always return value from the XOR- protected string , instead of Triple DES strings .
" The 3 DES protected URLs are always the same in the all of the LokiBot samples of this [ new ] version , " the researcher said .
" In addition, those URLs are never used . Decrypt 3 DESstring returns a 3 DES decrypted buffer . This should be the ideal behavior of this function , but as was described before, each time Decrypt 3 DESstring is called, it returns a decrypted url with XOR or encrypted url with XOR. "
These changes allowed anyone with a new sample of LokiBot to edit the program , using a simple HEX editor , and add their own custom URLs for receiving the stolen data .
However , it is not clear why the original malware author also stored the same C&C server URL in a string encrypted by the less secure XOR cipher , even when it was unnecessary .
A lot of different LokiBot samples currently distributed in the wild and available for sale on the underground market at a very low price have also been patched in the same way by several hackers .
Meanwhile , the original author of LokiBot has already launched its new version 2 . 0 and selling it online on many forums.
The decryption function was also being used to get registry values required for making the malware persistent on a system , but since after patching the decryption function only returns a URL , the new LokiBot samples fails to restart after the device reboots.
To know more technical details about the new samples , you can head on to the research paper [ PDF ] published by the researchers on GitHub .

Secure VPN Services ? Get a Lifetime Subscriptio

PRIVACY – a bit of an Internet buzzword nowadays , because the business model of the Internet has now shifted towards data collection .
Today , most users surf the web unaware of the fact that websites and online services collect their personal information , including search histories , location , and buying habits and make millions by sharing your data with advertisers and marketers .
If this is not enough , then there are governments across the world conducting mass surveillance , and hackers and cyber criminals who can easily steal sensitive data from the ill- equipped networks, websites , and PCs .
So , what ' s the solution and how can you protect your privacy, defend against government surveillance and prevent malware attacks ?
No matter which Internet connection you are using to go online , one of the most efficient solutions to maximize your privacy is to use a secure VPN service.
In this article , we have introduced two popular VPN services , TigerVPN and VPNSecure , which help you in many ways . But before talking about them, let' s dig deeper into what is a VPN , importance of VPN and why you should use one .
What is a VPN & Why You Should Use It ?
A VPN , or Virtual Private Network , is nothing but an encrypted tunnel between you and the Internet .
Once you connect directly to your VPN service, every Internet browsing activity of yours will go through the VPNs servers and blocks third parties , including government and your ISP , from snooping on your connection .
Secure and Encrypted Web Browsing :
VPNs enhance online security by keeping your data secured and encrypted.
Online Anonymity: VPNs help you browse the Internet in complete anonymity so that no one can track the origin of your Internet connection back to you .
Prevent Data & Identity Theft : VPNs encrypt all data transferred between your computer and the Internet , allowing you to keep your sensitive information safe from prying eyes and significantly reducing the risk of security breaches and cyber attacks .
Unblock Websites & Bypass Internet Restrictions : VPN essentially hides your IP address, so your visits to any restricted sites do not register with the third - party , including your government or ISP, trying to block you , ensuring you enjoy the online freedom of speech .
Hide Your Browsing History From ISP :
VPNs stop your ISP from logging your web visit , as the spying ISP will not be able to see what you are visiting on the Internet .
Multiple Device Supported: Many VPN services usually support multiple devices and work on all operating systems, such as Windows , Mac , Linux, Android, and iOS . With multiple device support , you can set up your PC, work computer and smartphone to access one VPN at the same time .
Get Best VPN Service — Lifetime Subscription
Dozens of companies today sell VPN services , and you can find plenty of reviews that can help you choose one .
But make sure to look for a VPN service that includes a large number of servers distributed worldwide , type of encryption , their privacy policies, speed and price .
If you are looking for an excellent and secure VPN service to start with , below we have introduced two best deals from THN Store , offering popular VPNs at highly discounted prices with lifetime access.
VPNSecure : Lifetime Subscription
If you ' re searching for an affordable and cross -platform VPN service without any bandwidth limits , VPNSecure is the one you can trust on .
This premium VPN service is compatible with all operating systems, easy to use and setup offers lightning - fast connection and provides ultimate safeguards against hackers and cyber- thieves .
With strict no - log record policy, VPNSecure has many servers located in more than 46 countries and counting .
The VPNSecure Lifetime Subscription is available for just $ 19 . 99 at THN Deals Store —isn ' t this excellent deal , a one- time flat fee for a lifetime VPN subscription .
TigerVPN: Lifetime Subscription
TigerVPN comes with a right mix of security , usability, and features , and supports Windows , Mac , Android , and iOS . It provides military grade encryption to make sure your entire communication on the Internet is end- to - end secure and protected.
The service doesn ’ t allow anyone , including your ISP or the government , to monitor , target or even sell your internet activity. With TigerVPN , you can enjoy the benefits of unlocking geo - restrictions from content providers like Netflix , Youtube , and many others with unlimited access to 15 VPN nodes across 11 countries .
The TigerVPN Lifetime Subscription is also available for just $ 25 . 99 at THN Deals Store —that ' s 95 % off on its real value .
So , what you are waiting for ? Grab your VPN Now !

July 04, 2018

URL Shortener Abused to Secretly Mine Cryptocurrency Using Hacked Sites


Security researchers have been warning about a new malicious campaign that leverages an alternative scheme to mine cryptocurrencies without directly injecting the infamous CoinHive JavaScript into thousands of hacked websites .
Coinhive is a popular browser - based service that offers website owners to embed JavaScript code that utilizes their website visitors ' CPUs power in order to mine the Monero cryptocurrency for monetization.
However , since its inception , mid - 2017 , cybercriminals have been abusing the service to illegally make money by injecting their own version of CoinHive JavaScript code to a large number of hacked websites , eventually tricking their millions of visitors into unknowingly mine Monero coins .

Since a lot of web application security firms and antivirus companies have now updated their products to detect unauthorized injection of CoinHive JavaScript , cybercriminals have now started abusing a different service from CoinHive to achieve the same .
Hackers Injecting Coinhive Short URLs into Hacked Sites
Apart from the embeddable JavaScript miner, CoinHive also has a " URL shortener " service that allows users to create a short link for any URL with a delay so that it can mine monero cryptocurrency for a moment before the user is redirected to the original URL .
According to security researchers at
Malwarebytes , a large number of legitimate websites have been hacked to load short URLs unknowingly , generated using CoinHive , inside a hidden HTML iFrame in an attempt to force visitors' browsers into mining cryptocurrencies for attackers .
" In the past weeks, our crawlers have catalogued several hundred sites using a variety of CMS all injected with the same obfuscated code that uses Coinhive' s shortlink to perform silent drive - by mining, " Malwarebytes said .
This unauthorized browser - based mining scheme that works without directly injecting CoinHive ' s JavaScript was initially detected by researchers at
Sucuri in late May .
Malwarebytes researchers believe that the hacked websites they discovered are part of the same ongoing malicious campaign uncovered by Sucuri researchers .
According to the researchers , hackers add an obfuscated javascript code into hacked websites , which dynamically injects an invisible iframe ( 1 × 1 pixel) into the webpage as soon as it is loaded on the visitor ' s web browser .
Since the URL shortener loads using the hidden iFrame is invisible , noticing it on a web page will be quite difficult . The infected webpage then automatically starts mining until the Coinhive short - link service redirects the user to the original URL .
However , since the short - link redirection time is adjustable via Coinhive' s settings ( using the hash value ) , attackers force visitors ’ web browsers to mine cryptocurrency continuously for a longer period.
" Indeed, while Coinhive' s default setting is set to 1024 hashes, this one requires 3 , 712 , 000 before loading the destination URL , " said Jérôme Segura , a security researcher at Malwarebytes .
Moreover, once the required number of hashes have been achieved, the link behind the short -URLs further redirects the user back to the same page in an attempt to start the mining process once again , where the site visitor would trick into thinking that the web page has only been refreshed .
Crooks Also Attempts to Turns Your PC into Crypto- Mining Slave
Besides the hidden iFrame , researchers have found that cybercriminals are also injecting hyperlinks to other hacked websites in order to trick victims into downloading malicious cryptocurrency mining malware for desktops disguises as legitimate versions of the software .
" In this campaign, we see infrastructure used to push an XMRig miner onto users by tricking them into downloading files they were searching for online , " researchers said .
" In the meantime, hacked servers are instructed to download and run a Linux miner , generating profits for the perpetrators but incurring costs for their owners . "
The best way to protect yourself from the illegal in- browser cryptocurrency mining is to use a browser extension , like minerBlock and No Coin, that are specifically designed to block popular mining services from utilizing your computer resources.

Cheat Hijacks Gamers’ PCs to Intercept HTTPS Traffic

If you are looking for Fortnite v - bucks generator , aimbot or any other game cheats—then beware —you might end up installing malware on your PC!
Web - based game - streaming platform Rainway is reporting that tens of thousands of Fortnite players have inadvertently infected their systems with a piece of malware that hijacks their encrypted HTTPS web sessions to inject fraudulent ads into every website they visit.


According to a blog published by Rainway CEO Andrew Sampson, the company began receiving hundreds of thousands of error reports from its server logs last week , and after investigating , the team found that the systems of their users were attempting to connect with various ad platforms .
Since Rainway system only allows whitelisted domains to load content, all ads - related requests got rejected , resulting in triggering an error every time the users ' systems try to connect with a third - party server .
It turns out that the malicious adware attacking Rainway users had one thing in common —all of them were playing Fortnite .
The investigation revealed that affected users had installed fake Fortnite hack tools, advertised through YouTube videos , which claimed to allow players to generate free V - Bucks , in addition to a classic aimbot.
However , such Fortnite patches available on the Internet are nothing but malware that has been designed to install a root certificate on the infected computer , allowing attackers to modify all network traffic using a man - in- the - middle attack , even if the web session is encrypted.
In this particular malicious campaign, the attackers have been leveraging the popularity of the Fortnite game to spread adware that alters the pages of a web request to serve its own ads .
Fortnite Cheat Malware Infected Over 78, 000 Users
The Rainway team then informed the company hosting the malware , and it was immediately removed. It also sent out alerts notifying all infected Rainway users of the malware , which had already been downloaded 78 , 000 times before it was taken down.
Rainway also warned gamers not to fall for hack tools or game cheats like the one it found .
However , it should be noted that only Windows PC users were affected by this particular piece of adware, which means you are safe if you play Fortnite on Mac or iOS devices. But beware , as you never know what ' s in the future .
Given Fortnite ' s current popularity and craziness across the globe , Malware writers and scammers have been exploiting demand of users for popular games.
Last month , we reported how hackers and spammers were leveraging the popularity of Fortnite to distribute malicious versions of Fortnite for Android to smartphone users through YouTube videos which have been viewed millions of times .
The best way to prevent yourself from such malware is hell easy —just don ' t download any game content that doesn ' t come from the developer .
Don ' t fall for any game cheats, hack tools or patches, and always stay away from YouTube videos promoting malware masquerading as a Fortnite download , cheats, and hacks . To get more in- game currency , play and win them .

July 03, 2018

Attack Explained —Exploiting RowHammer On Android Again!

A team of security researchers has discovered a new set of techniques that could allow hackers to bypass all kind of present mitigations put in place to prevent DMA - based Rowhammer attacks against Android devices .
Dubbed RAMpage, the new technique ( CVE- 2018 - 9442 ) could re- enable an unprivileged Android app running on the victim ' s device to take advantage from the previously disclosed Drammer attack , a variant of DRAM Rowhammer hardware vulnerability for Android devices , in an attempt to gain root privileges on the target device .
You might have already read a few articles about RAMpage on the Internet or even the research paper, but if you are still unable to understand—
what the heck is RAMpage—we have briefed the research in language everyone can understand.
Before jumping directly on the details of RAMpage, it is important for you to understand what is RowHammer vulnerability , how it can be exploited using Drammer attack to hack Android devices and what mitigations Google introduced to prevent Drammer .
What is DRAM Rowhammer Vulnerability ?
Known since 2012 , Rowhammer bug is a hardware reliability issue with new generation DRAM ( dynamic random access memory ) chips in which repeatedly and rapidly accessing ( hammering ) a row of memory can cause bit flips in adjacent rows , i. e . , changing their bit values from 0 to 1 or 1 to 0 .
In 2015 , security researchers from Google Project Zero successfully demonstrated ways to deterministically exploit this hardware issue to achieve privilege escalation on the vulnerable computers ( Windows and Linux) .
Besides this Google researchers also introduced double- sided Rowhammer attack that increases the chance of getting bit flips in a row by hammering both of its neighbors.
Triggering the Rowhammer bug is simple , but its successful exploitation is difficult , as most bits in the memory are irrelevant for an attacker and flipping them could result in memory corruption .
Hammering, i. e . , aggressively reading /writing data from /to the DRAM, at random memory locations is not sufficient to bit flip a targeted memory page ( likely used by a high privileged or system application ) .
For successful exploitation of Rowhammer , an attacker must be able to trick the system in a way that it lands the targeted memory page into the row ( vulnerable to Rowhammer ) adjacent to the attacker - owned row in the physical memory of DRAM.
In our previous articles , we have also covered other Rowhammer attacks , which includes :
GLitch : This technique leverages embedded graphics processing units ( GPUs) to carry out Rowhammer attacks against Android devices .
Throwhammer: The first network- based remote Rowhammer attack that involves the exploitation of a known vulnerability in DRAM through network cards using remote direct memory access ( RDMA) channels .
Nethammer: Another network- based remote Rowhammer technique that can be used to attack systems using uncached memory or flush instruction while processing the network requests .
What is Drammer Attack ?
Discovered two years ago , Drammer was the first practical Rowhammer - based attack that targets DRAM chips on the Android devices, which could be exploited by a malicious app without requiring any permission or software vulnerability .
Drammer attack relies on DMA ( direct memory access) buffers, which are provided by Android ' s main memory manager called ION .
Since DMA allows apps to directly access the memory without going through any CPU cache, it makes repeated access ( hammering ) to a specific row of memory more efficient .
ION organizes its memory pools in several in-kernel heaps , one of which , kmalloc heap , was designed to allocate physically contiguous memory, which enabled attackers to easily determine how virtual addresses were mapped to physical addresses .
These two properties of ION memory manager —direct access and contiguous memory allocations—were the key behind the success of Drammer attack .
How Google Mitigated the Drammer - like DMA based Rowhammer Attacks?
In 2016 , after the details of the Drammer attack went public , Google pushed an update for Android devices that disabled one of the ION' s component ( kmalloc heap ) responsible for contiguous memory allocations , in an attempt to mitigate the risk of ' deterministic' exploitation of the Rowhammer vulnerability .
After disabling the contiguous heap , now the apps and system processes running on your Android devices rely on other in- kernel heaps left available in the ION memory manager , such as the system heap , which are designed to allocate memory at random physical locations on the DRAM.
Besides non - contiguous memory allocations , the system heap also separates kernel memory and user memory by allocating them to lowmem and highmem zones , respectively , for further security .
What is RAMpage Attack and How It Could Let Attackers Bypass Rowhammer Mitigations ?
The above- explained mitigation technique introduced by Google effectively disabled an attacker from performing the double- sided Rowhammer attack .
However , a team of security researchers has now claimed to discover four new rowhammer attack variants that could allow a malicious application installed on the targeted device to gain root access and steal sensitive data from other apps while bypassing all current mitigations in place.
In its research paper [ PDF ] , the group explains that their first RAMpage variant ( r 0 ) is " a reliable Drammer implementation that shows how disabling contiguous memory allocations does not prevent Rowhammer - based privilege escalation attacks . "
Researchers explain three following steps to achieve Drammer - like exploitation using RAMpage r 0 variant:
1 . ) Exhausting the system heap —Researchers found that if an application intentionally drains all ION' s internal pools , the buddy allocator , another memory allocation algorithm , takes charge of the allocation process as a fallback .
Since the primary purpose of buddy allocator is to minimize memory fragmentation, it eventually offers contiguous page allocations.
To increase the possibility of the exploitation, an attacker can further also bypass the zone separation mechanism used by the system heap . To forcefully land its memory page into lowmem allocations, where pages of kernel reside , the attacker continually allocates memory until no highmem is left.
" Once this is the case , the kernel serves subsequent requests from lowmem, allowing us to find bit flips in physical memory that may later hold a page table . " researchers said .
2 . ) Shrinking the cache pool —Further , using Flip Feng Shui exploitation vector, attackers can trick the kernel into storing a page table in the vulnerable page .
" This step is to release physical memory of the system heap pools back to the kernel , " which " indirectly forces the ION subsystem to release its preallocated cached memory , including the row with the vulnerable page , " the researchers explained .
3 . ) Rooting a mobile device —Implementing above two steps , tricks the operating system into landing targeted memory page very adjacent to the attacker - owned page , and then all the attacker needs to do is implementing the remaining steps of DMA - based rowhammer attack to find exploitable chunks and develop a root exploit .
" We were successful in mounting our proof of concept against an LG G 4 running the latest version of Android ( 7 . 1 . 1 . at the time of our experiments ) , " researchers said .
" If your system is affected , our proof - of -concept exploit can take full control over your device and access anything on it . This may include passwords and sensitive data stored on the system . "
The other three variants of RAMpage attack , listed below , also allows attackers to bypass defense solutions that only protect specific parts of system memory, but they are less practical and more research requires to develop a working exploit for them.
ION - to - ION ( Varint r 1 )
CMA - to - CMA attack ( Varint r 2 )
CMA - to - system attack ( Varint r 3 )
GuardION —A Solution to Mitigate All DMA - based Rowhammer Attacks
In their paper , researchers have discussed all current mitigation techniques that are ineffective in preventing against the RAMpage variants of DMA - based rowhammer attacks and has also introduced a new solution, called GuardION , along with its code in the open source .
GuardION is a software - based defense that prevents rowhammer attacks by isolating the DMA buffers with guard rows .
GuardION code needs to be installed as a patch for the Android operating system that modifies ION memory manager in a way that it isolates such sensitive buffers by injecting blank rows ( as a guard ) , one in the left and one in the right , making it physically more than one row away from the aggressor rows .
" GuardION provides an isolation primitive that makes it impossible for attackers to use uncached DMA allocations to flip bits in memory that is in use by the kernel or any userland app , " researchers said .
" GuardION protects all known Rowhammer attack vectors, and, to the best of our knowledge , no existing technique can bypass it . "
It should be noted that installing the GuardION patch could slightly impact the performance of your device , as the process of creating guard rows consumes memory of your device ’ DRAM.
According to researchers , all Android- based devices shipped since 2012 may be affected by rampage attack .
Answering the question , " Has rampage been abused in the wild ?" the researcher said , " We don ' t know. " and when asked , " Can I detect if someone has exploited rampage against me ?", they answered " Probably not . The exploitation does not leave any traces in traditional log files . "
In my opinion , if you install apps only from the trust sources, you should not be worried about the RAMpage attacks .
Since researchers have already shared their findings with Google , I believe the company would not allow such malicious apps on its Google Play Store .

Popular Online Survey Software , Suffers Data Breach

Typeform, the popular Spanish- based online data collection company specializes in form building and online surveys for businesses worldwide , has today disclosed that the company has suffered a data breach that exposed partial data of its some users .
The company identified the breach on June 27 th , and then quickly performed a full forensic investigation of the incident to identify the source of the breach .
According to the company , some unknown attackers managed to gain unauthorized access to its servers and downloaded a partial data backups for surveys conducted before May 3 rd 2018 .
Typeform confirmed that it patched the issue within just half an hour after identifying the intrusion , and emailed all the affected users , warning them to watch out for potential phishing scams , or spam emails .

The company did not disclose any details about the vulnerability that was exploited by hackers to gain access to its servers , though it assured its users that no payment card details or password information for the website had been exposed in the breach .
Also, if customers collected payments via Typeform' s Stripe integration, all of their audience' s payment details are safe .
One of its customers, Monzo , a digital mobile - only bank that had used Typeform ' s service to collect survey results in the past , also conducted an initial investigation of the incident and confirmed that " some personal data of about 20 , 000 people are likely to have been included in the breach . "
" For the vast majority of people , this was just their email address. For a much smaller proportion of others, this may have included other data like their Twitter username or postcode . We ’ ve published a full breakdown at the bottom of this post, " Monzo CEO Tom Blomfield wrote on its website.
Monzo is also sending out emails to its users affected by the data breach , informing that the breach likely included their email addresses and that the incident has not affected their user ’ s Monzo accounts and their money is safe .
Popular sportswear company Adidas on Thursday also confirmed a potential data breach that affected millions of its U . S . customers, who may have compromised their usernames , password hashes and contact information .
Yesterday , Global entertainment ticketing service Ticketmaster also admitted that the company has suffered a security breach that exposed some of their customers personal and payment information to unknown hackers .

Uncover New Attacks Against LTE Network Protocol

If your mobile carrier offers LTE , also known as the 4 G network, you need to beware as your network communication can be hijacked remotely.
A team of researchers has discovered some critical weaknesses in the ubiquitous LTE mobile device standard that could allow sophisticated hackers to spy on users ' cellular networks, modify the contents of their communications , and even can re - route them to malicious or phishing websites .
LTE , or Long Term Evolution , is the latest mobile telephony standard used by billions of people designed to bring many security improvements over the predecessor standard known as Global System for Mobile ( GSM ) communications .

However , multiple security flaws have been discovered over the past few years , allowing attackers to intercept user ' s communications , spy on user phone calls and text messages , send fake emergency alerts , spoof location of the device and knock devices entirely offline.
4 G LTE Network Vulnerabilities
Now , security researchers from Ruhr- Universität Bochum and New York University Abu Dhabi have developed three novel attacks against LTE technology that allowed them to map users ' identity , fingerprint the websites they visit and redirect them to malicious websites by tampering with DNS lookups .
All three attacks , explained by researchers on a dedicated website, abuse the data link layer , also known as Layer Two , of the ubiquitous LTE network.
The data link layer lies on top of the physical channel , which maintains the wireless communication between the users and the network. It is responsible for organizing how multiple users access resources on the network, helping to correct transmission errors, and protecting data through encryption .
Out of three, identity mapping and website fingerprinting developed by the researchers are passive attacks , in which a spy listens to what data is passing between base stations and end users over the airwaves from the target' s phone.
However , the third , DNS spoofing attack , dubbed " aLTEr " by the team , is an active attack , which allows an attacker to perform man - in- the- middle attacks to intercept communications and redirect the victim to a malicious website using DNS spoofing attacks .
What is aLTEr Attack ?
Since the data link layer of the LTE network is encrypted with AES- CTR but not integrity -protected, an attacker can modify the bits even within an encrypted data packet , which later decrypts to a related plaintext.
" The aLTEr attack exploits the fact that LTE user data is encrypted in counter mode ( AES - CTR ) but not integrity protected , which allows us to modify the message payload : the encryption algorithm is malleable , and an adversary can modify a ciphertext into another ciphertext which later decrypts to a related plaintext, " the researchers said in their paper.

In aLTEr attack , an attacker pretends to be a real cell tower to the victim , while at the same time also pretending to be the victim to the real network, and then intercepts the communications between the victim and the real network.
How aLTEr Attack Targets 4 G LTE Networks ?
As a proof - of - concept demonstration , the team showed how an active attacker could redirect DNS ( domain name system ) requests and then perform a DNS spoofing attack , causing the victim mobile device to use a malicious DNS server that eventually redirects the victim to a malicious site masquerading as Hotmail .
The researcher performed the aLTEr attack within a commercial network and commercial phone within their lab environment. To prevent unintended inference with the real network, the team used a shielding box to stabilize the radio layer.
Also, they set up two servers , their DNS server , and an HTTP server , to simulate how an attacker can redirect network connections . You can see the video demonstration to watch the aLTEr attack in action .
The attack is dangerous , but it is difficult to perform in real - world scenarios . It also requires equipment ( USRP ) , about $ 4 , 000 worth , to operate —something similar to IMSI catchers,
Stingray, or DRTbox —and usually works within a 1 - mile radius of the attacker .
However , for an intelligence agency or well -resourced , skilled attacker , abusing the attack is not trivial.
LTE Vulnerabilities Also Impact Forthcoming 5 G Standard
The above attacks are not restricted to only 4 G .
Forthcoming 5 G networks may also be vulnerable to these attacks , as the team said that although 5 G supports authenticated encryption , the feature is not mandatory, which likely means most carriers do not intend to implement it , potentially making 5 G vulnerable as well .
" The use of authenticated encryption would prevent the aLTEr attack , which can be achieved through the addition of message authentication codes to user plane packets , " the researchers said .
" However , the current 5 G specification does not require this security feature as mandatory, but leaves it as an optional configuration parameter . "
What' s Worse ? LTE Network Flaws Can ' t be Patched Straightaway
Since the attacks work by abusing an inherent design flaw of the LTE network, it cannot be patched , as it would require overhauling the entire LTE protocol .
As part of its responsible disclosure, the team of four researchers —David Rupprecht , Katharina Kohls, Thorsten Holz, and Christina Pöpper—notified both the GSM Association and the 3 GPP ( 3 rd Generation Partnership Project, along with other telephone companies , before going public with their findings.
In response to the attacks , the 3 GPP group , which develops standards for the telecommunications industry , said that an update to the 5 G specification might be complicated because carriers like Verizon and AT&T have already started implementing the 5 G protocol .
How Can You Protect Against LTE Network Attacks?
The simplest way to protect yourself from such LTE network attacks is to always look out for the secure HTTPS domain on your address bar.
The team suggests two exemplary countermeasures for all carriers :
1 . ) Update the specification : All carriers should band together to fix this issue by updating the specification to use an encryption protocol with authentication like AES- GCM or ChaCha 20 -Poly 1305 .
However , the researchers believe this is likely not feasible in practice, as the implementation of all devices must be changed to do this, which will lead to a high financial and organizational effort , and most carriers will not bother to do that .
2 . ) Correct HTTPS configuration : Another solution would be for all websites to adopt the HTTP Strict Transport Security ( HSTS ) policy , which would act as an additional layer of protection , helping prevent the redirection of users to a malicious website.
Besides the dedicated website , the team has also published a research paper [ PDF ] with all the technical details about the aLTEr attack . Full technical details of the attacks are due to be presented during the 2019 IEEE Symposium on Security and Privacy next May.

Facebook Admits Sharing Users ' Data With 61 Tech

Facebook has admitted that the company gave dozens of tech companies and app developers special access to its users ' data after publicly saying it had restricted outside companies to access such data back in 2015 .
It ' s an unusual clear view of how the largest social networking site manages your personal information .
During the Cambridge Analytica scandal revealed March this year, Facebook stated that it already cut off third - party access to its users ' data and their friends in May 2015 only .
However , in a 747 - page long document [ PDF ] delivered to Congress late Friday , the social networking giant admitted that it continued
sharing data with 61 hardware and software makers , as well as app developers after 2015 as well .
The disclosure comes in response to hundreds of questions posed to Facebook CEO Mark Zuckerberg by members of Congress in April about its company ' s practices with data of its billions of users .
The Washington Post reported that the company submitted the documents , representing Facebook ' s most granular explanation of exemption, within hours of a Friday night deadline .
Among other things, the documents revealed that Facebook granted a " one - time " six - month extension to 61 companies including AOL, Nike , United Parcel Service and dating app Hinge to come into compliance with Facebook ' s new privacy policy on user data .
Besides this, there are at least five other companies that theoretically may have accessed limited friends ’ data , as a result of API access that they were granted as part of a Facebook beta test , the social media added .
The documents also acknowledged that Facebook partnered with 52 domestic and international companies, including U . S . tech giants Apple , Microsoft, Spotify , Amazon , Sony, Acer, China-based Huawei and Alibaba , and device - makers Samsung and BlackBerry .
The social network shared information about its users with these companies to help them create their own versions of Facebook or Facebook features for their devices , well of course , " under the terms and policies they provide to their users . "
" We engaged companies to build integrations for a variety of devices , operating systems, and other products where we and our partners wanted to offer people a way to receive Facebook or Facebook experiences , " the document reads . " These integrations were built by our partners , for our users , but approved by Facebook . "
However , Facebook also said the company has already discontinued 38 of these 52 partnerships and is going to end its partnership with an additional seven by the end of this July and another one by the end of this October .
Whereas, partnerships with three companies will continue, which includes Apple , Amazon , and Tobii , an accessibility app that enables people with ALS to access Facebook , with whom the company has agreements that extend beyond October 2018 .
The document comes months after it revealed that personal data of 87 million Facebook users were harvested by Cambridge Analytica , a political consultancy firm , who reportedly helped Donald Trump win the US presidency in 2016 .
The revelation led to public outcry for lawmakers to hold the social network accountable for its data - management practices , raising questions about whether Facebook can be trusted to protect the personal data of its 2 billion users .
Facebook ' s admission to the extensions , as Post noted , is " the fullest to date regarding reports that Facebook [ had continued sharing] user data with some companies for years . "
Just three days ago, we covered a separate incident , wherein a popular third - party quiz app that runs on Facebook app platform exposed data of up to 120 million Facebook users to hackers .


Exploits Found After Someone Uploaded ' Unarmed ' PoC to VirusTotal

Security researchers at Microsoft have unveiled details of two critical and important zero - day vulnerabilities that had recently been discovered after someone uploaded a malicious PDF file to VirusTotal , and get patched before being used in the wild .
In late March , researchers at ESET found a malicious PDF file on VirusTotal , which they shared with the security team at Microsoft " as a potential exploit for an unknown Windows kernel vulnerability . "
After analyzing the malicious PDF file , the Microsoft team found that the same file includes two different zero - day exploits —one for Adobe Acrobat and Reader , and the other targeting Microsoft Windows .


Since the patches for both the vulnerabilities were released in the second week of May, Microsoft released details of both the vulnerabilities today , after giving users enough time to update their vulnerable operating systems and Adobe software .
According to the researchers , the malicious PDF including both the zero - days exploit was in the early development stage , " given the fact that the PDF itself did not deliver a malicious payload and appeared to be proof - of - concept ( PoC ) code . "
It seems someone who could have combined both the zero - days to build an extremely powerful cyber weapon had unintentionally and mistakenly lost the game by uploading his /her under - development exploit to VirusTotal .
The zero - day vulnerabilities in question are a remote code execution flaw in Adobe Acrobat and Reader ( CVE- 2018 - 4990 ) and a privilege escalation bug in Microsoft Windows ( CVE- 2018 - 8120 ) .
" The first exploit attacks the Adobe JavaScript engine to run shellcode in the context of that module , " Matt Oh, Security Engineer at Windows Defender ATP Research , says .
" The second exploit , which does not affect modern platforms like Windows 10 , allows the shellcode to escape Adobe Reader sandbox and run with elevated privileges from Windows kernel memory . "
The Adobe Acrobat and Reader exploit was incorporated in a PDF document as a maliciously crafted JPEG 2000 image containing the JavaScript exploit code , which triggers a double-free vulnerability in the software to run shellcode.
Leveraging shellcode execution from the first vulnerability , the attacker uses the second Windows kernel exploit to break the Adobe Reader sandbox and run it with elevated privileges .
Since this malicious PDF sample was under development at the time of detection , it apparently included a simple PoC payload that dropped an empty vbs file in the Startup folder .
" Initially , ESET researchers discovered the PDF sample when it was uploaded to a public repository of malicious samples , " ESET researchers concluded .
" The sample does not contain a final payload , which may suggest that it was caught during its early development stages. Even though the sample does not contain a real malicious final payload, the author ( s ) demonstrated a high level of skills in vulnerability discovery and exploit writing. "
Microsoft and Adobe have since released corresponding security updates for both the vulnerabilities in May . For more technical details of the exploits , you can head on to Microsoft and
ESET blogs.