Search
  • Avantia Threat Update

PROLIFIC RUSSIAN HACKER - NAILED



This Past Week in Cybersecurity: 

Russian Hacker found guilty of Dropbox, Linkdin; Formspring breaches; Beginners guide to Security in Windows 10 - a user friendly interface; Malicious insiders strike gambling with security doesn’t pay off for a gambling app and Major Breaches in PORTUGAL, CANADA; UNITED KINGDOM, INDIA, NEW ZEALAND & UNITED STATES.


Dark Web ID’s Top Dark WebThreats

Top Source Hits: ID Theft Forum

Top Compromise Type: Domain

Top Industry: Hospitality

Top Employee Count: 1-10

________________________________________________________________________

RUSSIAN HACKER FOUND GUILTY OF DROPBOX, LINKDIN AND FORMSPRING BREACHES:

A jury found Russian hacker Yevgeniy Nikulin guilty for breaching the internal networks of LinkedIn, Dropbox, and Formspring back in 2012 and then selling their user databases on the Dark Webb. The jury verdict was passed recently during what was the first trial to be held in California since the onset of the coronavirus (COVID-19) pandemic. According to court documents and evidence presented at the trial, Nikulin hacked all three companies in the spring of 2012. The hacker first breached LinkedIn between March 3 and March 4, 2012, after he infected an employee's laptop with malware that allowed Nikulin to abuse the employee's VPN and access LinkedIn's internal network. From here, the hacker stole roughly 117 million user records, data that included usernames, passwords, and emails. Nikulin then used the LinkedIn data to send spear-phishing emails to employees at other companies, including people working at Dropbox, where he was able to breach an employee account, and then invite himself to a Dropbox folder holding company data.

This intrusion lasted from May 14, 2012, to July 25, 2012, and authorities say Nikulin was able to make off with a trove of information on 68 million Dropbox users, including usernames, emails, and hashed passwords. Nikulin was also able to phish his way into the employee account of a Formspring engineer, from where, between June 13, 2012, and June 29, 2012, he is believed to have gained access to the company's internal user database, consisting of 30 million user details. Nikulin then sold the data on the Dark Web underground hacker market to other cyber-criminals. The data surfaced online in 2015 and 2016, as various data traders put the data for sale on publicly-accessible forums and criminal e-commerce stores. Authorities started an investigation after the three companies filed criminal complaints in California, in 2015. Nikulin was arrested a year later, in October 2016, while vacationing in Prague with his girlfriend. A Radio Free Europe editorial published in 2016 highlighted Nikulin's extravagant lifestyle financed by his hacking activities. This included several luxury cars, expensive watches, and travels around Europe. In an interview with Russia site AutoRambler, Nikulin admitted to owning a Lamborghini Hurricane, a Bentley, a Continental GT, and a Mercedes-Benz G-Class. Despite attempts to fight his extradition in the Czech Republic, the hacker was eventually sent to the US in the summer of 2017, where he was arraigned in front of a judge. Since 2017, the hacker remained incarcerated. During all of this, Nikulin changed lawyers several times, refused to cooperate with the investigation or reach a plea deal, was moved through multiple jails, and was examined by psychologists under the court's order amid concerns for his mental health from the judge after Nikulin refused to talk with councils and appear in front of the court. Nikulin was found to be mentally apt for a trial. The actual trial was initially set for early 2020 but was delayed twice due to the coronavirus pandemic. During the trial, which took place under special circumstances and protective measures, Nikulin pled not guilty. US prosecutors proved their case, but they also tried to pin him to other hacks and criminal conspiracies. The judge supervising the case called the prosecution's efforts into question just days before the trial ended, describing their efforts and evidence as "mumbo jumbo," wondered if the prosecutors were wasting the jury's time, and also asked out loud if the prosecutors had any real evidence against Nikulin besides private messages sent between two nicknames on internet chats. However, despite the judge critiquing the prosecutors for their handling of the case, the jury found Nikulin guilty after only six hours of deliberations. Nikulin's sentencing is scheduled for September 29, 2020.


BEGINNERS GUIDE TO SECURITY ON WINDOWS 10 - USER FRIENDLY INTERFACE

Windows Security is a built-in app available on Windows 10 that provides a user-friendly interface and tools to manage common security features. For example, the experience includes the Microsoft Defender Antivirus, which offers real-time protection for your computer and data against viruses and many other kinds of malware. Also, you can manage the Microsoft Defender Firewall to block intruders from sneaking in. You can monitor the device's performance and health as well as your identity with the account protection settings, and even more advanced features to keep everything a little more secure. In this Windows 10 guide, we'll walk you through the steps to get started and perform everyday tasks with the Windows Security app to keep your system and data safe.

How to adjust notifications for Windows Security

Before you dive into this guide, you need to understand the difference between "Microsoft Defender Antivirus" and "Windows Security." Windows Security is the application that provides a unified experience to view status and manages security features, such as antivirus, firewall, performance, and other security features. On the other hand, Microsoft Defender Antivirus is the default anti-malware engine that offers real-time protection against may forms of malware, including viruses, spyware, ransomware, and hackers. Installing a third-party antivirus will disable the Microsoft Defender Antivirus automatically, but it'll not affect the functionality of Windows Security. In the same way, disabling Microsoft Defender Antivirus or Microsoft Defender Firewall won't disable Windows Security.

How to navigate Windows Security

Windows Security is a straightforward application. You can open it from the Start menu or double-clicking the shield icon from the notification area in the taskbar. Windows Security home - Source: Windows Central: In the Home page, you can view the security status of the different protection features available by default on Windows 10. You can also see alerts of any action that needs to be taken to keep your computer secure. The shield icon in the notification area can also alert you when an action needs to be taken. If there is more than one alert, only the most severe warning will appear. Also, if you right-click the app icon, you'll have access to actions, such as quick scan, download updates, adjust notifications, and access the dashboard. Windows Security icon in the taskbar - Source: Windows Central

Windows Security includes seven areas of protection that you can manage and monitor:

Virus & threat protection – houses the Microsoft Defender Antivirus settings. It allows you to monitor the malware protection, scan the device for threats, launch an offline scan, and set up the advanced anti-ransomware feature.

Account protection – allows you to see how to protect your identity on Windows 10.

Firewall & network protection – lets you monitor network connections, and you can configure various Microsoft Defender Firewall settings.

App & browser control – helps you protect your device and data from malicious code hidden on apps, files, and websites.

Device security – provides hardware-level security features, such as Core isolation and Security processor, to protect your computer from certain attacks.

Device performance & health – display the health and performance report of your computer.

Family options – offers easy access to manage your devices and kids' online experience using a Microsoft account.

How to scan computer for malware using Microsoft Defender Antivirus:

Windows 10 automatically updates and scans the device for malware regularly, but you can perform different scans manually.

Quick virus scan: A quick scan happens fast, and it only scans the parts of the system where malware is known to hide. To start a virus scan with Microsoft Defender, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Click the Quick scan button.

Microsoft Defender Antivirus quick scan - Source: Windows Central

Once you complete the steps, under the Current threats section, you'll see any detected threats, as well as the time it took to complete the scan and the number of scanned files. If you suspect that a virus is still on your computer, you should try to perform a full scan.

Full virus scan: A full virus scan takes longer, but it makes sure to check every file, folder, and application. To start a full virus scan with Microsoft Defender, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Current threats" section, click the Scan options link.

Microsoft Defender scan options - Source: Windows Central

Select the Full scan option. Microsoft Defender Antivirus full scan option

Source: Windows Central - Click the Scan now button.

After you complete the steps, you can continue using the device, while the antivirus will perform a full scan to detect any potential malware.

Custom virus scan - If you only want to scan a particular folder or location, the Windows 10 antivirus includes an option to complete a custom scan.

To perform a custom virus scan, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Current threats" section, click the Scan options link.

Microsoft Defender scan options - Source: Windows Central

Select the Custom scan option. Microsoft Defender Antivirus custom scan option

Source: Windows Central

Click the Scan now button.

Select the location to be scanned.

Click the Select Folder button.

Alternatively, you can just right-click a drive, folder, or file and select the Scan with Microsoft Defender option from the context menu to perform a custom scan.

Offline virus scan: Sometimes if you're dealing with a tough virus or another type of malware, the antivirus may not be able to remove it while Windows 10 is running. If this is the case, you can use Microsoft Defender to perform an offline scan. When using this feature, the computer will restart automatically in the recovery environment, and it'll perform a full scan before Windows 10 starts.

To start an offline virus scan, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Current threats" section, click the Scan options link.

Microsoft Defender scan options - Source: Windows Central

Select the Microsoft Defender Offline scan option.

Microsoft Defender Offline Scan Option - Source: Windows Central

Click the Scan now button.

Click the Scan button.

Once you complete the steps, the device will restart and boot into a standalone version of the Microsoft Defender Antivirus, and it'll scan the entire machine. If malicious code is detected, it'll be removed or quarantined automatically.

After the scan, the device will restart into Windows 10, and you can then view a report in the Windows Security app.

How to view protection history using Microsoft Defender Antivirus

Microsoft Defender Antivirus also includes an area that you can view the latest protection actions and recommendations. To view protection history, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Click the Protection history option.

Microsoft Defender Antivirus Protection History - Source: Windows Central

Click the "Filters" drop-down menu and select the history you want to review, including:

Recommendations.

Quarantined items.

Cleaned items.

Blocked actions.

Severity.

Microsoft Defender protection history

Source: Windows Central - After you complete the steps, you'll get a report with items that have been removed, cleaned, or are still waiting for action.

How to temporarily disable Microsoft Defender Antivirus

It's not recommended to use a device without malware protection, but sometimes the antivirus can be the reason you can't install an app or software update. If this is the case, you can disable the antivirus temporarily to complete the software installation.To disable Microsoft Defender Antivirus, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Virus & threat protection settings" section, click the Manage settings option.

Virus & threat protection settings option - Source: Windows Central

Turn off the Real-time protection toggle switch.

Disable Microsoft Defender Antivirus

Source: Windows Central

Once you complete the steps, you can perform tasks that may conflict with the antivirus. If you don't re-enable the antivirus, it'll restart automatically the next time you reboot your computer.

If you have a good reason, you can disable Windows Defender Antivirus permanently using these advanced instructions.

How to enable anti-ransomware using Microsoft Defender Antivirus

Microsoft Defender Antivirus includes a feature known as Controlled folder access, and it's designed to monitor and protect your data against ransomware attacks and unwanted changes from malicious programs. Since it's an advanced feature, and it can cause false-positives, Controlled folder access is an opt-in feature, which means that you need to enable manually using the Windows Security app.To enable Controlled folder access on Windows 10, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Virus & threat protection settings" section, click the Manage settings option.

Virus & threat protection settings option

Source: Windows Central

Quick tip: You can also access the settings by clicking the Manage ransomware protection option at the bottom of the page.

Under the "Controlled folder access" section, click the Managed Controlled folder access option.

Manage Controlled Folder Access

Source: Windows Central

Turn on the Controlled folder access toggle switch.

Enable Controlled folder access on Microsoft Defender

Source: Windows Central

Click the Block history option to access the "Protection history" page to view blocked folder access.

(Optional) Click the Protected folders option to add (or remove) additional protected folders.

(Optional) Click the Allow an app through Controlled folder access option to allow apps you trust to make changes on the protected folders.

After you complete the steps, the security feature will enable and monitor apps trying to make changes to files in the protected folders. If the app is flag as malicious or unknown, Controlled folder access will block the attempt, and you'll receive an alert of the activity.

How to exclude scan locations using Microsoft Defender Antivirus

If you have a folder with files you don't want to scan for viruses, then the anti-malware feature includes adding or removing scanning locations.

To prevent the antivirus from scanning specific folders, use these steps:

Open Windows Security.

Click on Virus & threat protection.

Under the "Virus & threat protection settings" section, click the Manage settings option.

Virus & threat protection settings option

Source: Windows Central

Under the "Exclusions" section, click the Add or remove exclusions option.

Exclude folder locations on Microsoft Defender Antivirus

Source: Windows Central

Click the Add an exclusion button.

Microsoft Defender Exclusion

Source: Windows Central

Select the kind of exclusion you want to configure. For example, Folder, but you can select one of the following:

File.

Folder.

File type.

Process.

Select the folder location.

Click the Select Folder button.

Once you complete the steps, the antivirus will not scan the location you specified. You may need to repeat the steps to add more exclusions.

How to check account protection using Windows Security

The account protection feature available with Windows Security is designed to monitor and notify you of any problems with your account and signings to best protect your identity on Windows 10.

To check the account protection on Windows 10, use these steps:

Open Windows Security.

Click on Account protection.

Confirm that Microsoft account, Windows Hello, and Dynamic lock have a green mark indicating that everything is working correctly.

Windows Security Account Protection

Source: Windows Central

If one of the account security items require your attention, you'll see an alert to take action to remedy the problem. For example, if you're using a password to sign in, the account protection system will recommend to set up the account with one of the available Windows Hello authentication methods, such as fingerprint, face, or PIN.

How to manage network security with Microsoft Defender Firewall

The app also includes an area to monitor and manage the Microsoft Defender Firewall settings.

View firewall status

To access the firewall settings with Windows Security, use these steps:

Open Windows Security.

Click on Firewall & network protection.

On the page, you can view at a glance in which network profile the firewall is currently enabled and protecting you from unauthorized access. The one marked as "active" is the network profile currently in use.

Firewall & network protection

Source: Windows Central

The page also includes various options to adjust firewall settings to allow apps through the firewall and advanced settings. However, these settings are links to change configurations from the Control Panel.

Enable or disable firewall

To enable or disable the Microsoft Defender Firewall, use these steps:

Open Windows Security.

Click on Firewall & network protection.

Click the active firewall. For example, Private network.

Microsoft Defender Firewall private network

Source: Windows Central

Turn on or off the Microsoft Defender Firewall toggle switch to enable or disable the security feature.

Enable or disable Microsoft Defender Firewall

Source: Windows Central

(Optional) Check the Blocks all incoming connections, including those in the list of allowed apps option to quickly block incoming connections.

After you complete the steps, the firewall protection will disable on your computer.

If you're disabling the firewall to test an application, remember to enable it again after the test. If the problem was the firewall, it's best to create a firewall rule instead of disabling the security feature completely.

How to protect device against malicious code using Windows Security

The "App & browser control" page is the place to configure app protection and online security settings that can help you protect your computer against sites, apps, and files that may contain malicious code.

The default settings are the recommended configuration you should be using, but you can always change them if you have a specific reason.

Reputation-base protection

To protect the device using reputation-based protection, use these steps:

Open Windows Security.

Click on App & browser control.

Under the "Reputation-based protection" section, click the Turn on button.

Click the Reputation-based protection settings option.

Reputation-based protection settings

Source: Windows Central

Turn on or off the protection options according to your preferences:

Check apps and files – offers protection against unrecognized apps and files from the internet.

SmartScreen for Microsoft Edge – protects device from malicious downloads and websites.

Potentially unwanted app blocking – blocks low-reputation apps that can be responsible for unexpected behaviors.

SmartScreen for Microsoft Store apps – checks web content that Microsoft Store apps use.

Windows Security reputation-based protection

Source: Windows Central

Quick note: Windows 10 includes the optimal settings for this feature, but you can always enable or disable the features depending on your preferences.

Once you complete the steps, Microsoft Defender Antivirus will protect your device from unwanted apps, files, and websites.

Isolation browsing

Isolation browsing is a feature available on Windows 10 Pro, Education, and Enterprise, which has been designed to isolate Microsoft Edge at the hardware level to protect the device and data from malware and zero-day attacks.

If the option is available, you can access the Microsoft Defender Application Guard settings, using these steps:

Open Windows Security.

Click on App & browser control.

Click the Change Application Guard settings option.

Change Application Guard settings

Source: Windows Central

Quick tip: This option is only available if the feature is already installed on Windows 10.

Torn on the feature that you want to enable during an Application Guard session, including:

Save data.

Copy and paste.

Print files.

Camera and microphone.

Advanced graphics.

Application Guard Settings on Windows Security

Source: Windows Central

(Optional) Click the Uninstall Microsoft Defender Application Guard option to disable the feature.

If you're using a supported version of Windows 10, you'll only be able to access the settings if the "Microsoft Defender Application Guard" component is enabled through the "Turn Windows Features on or off" experience.

Once you complete the steps, you can start a new security browsing session opening the Chromium version of Microsoft Edge, click the main menu (three-dotted) button, and select the New Application Guard window option.

Exploit protection

Exploit protection is an advanced feature that can help mitigate malware and vulnerabilities without having to wait for a malware or system update.

Windows 10 includes the most optimal settings for Exploit protection, and you shouldn't be making any changes to these settings unless you know what you're doing.

To customize the Exploit protection settings, use these steps:

Open Windows Security.

Click on App & browser control.

Click the Exploit protection settings option.

Exploit protection settings option

Source: Windows Central

Click the System settings tab.

Exploit Protection System Settings

Source: Windows Central

Configure the settings with your desire preferences.

Click the Program settings tab.

Exploit Protection Program Settings

Source: Windows Central

Configure the settings with your desire preferences.

Once you complete the steps, Exploit protection will run on the device according to your settings.

How to enable core isolation using Windows Security

Core isolation is a virtualization technology that adds an extra layer of security against sophisticated attacks. The feature you can configure will depend on the device capability. However, you'll usually find the memory integrity feature, which has been designed to minimize the chances of malware injection into memory.

Typically, you don't need to worry about the feature, but you can turn it on using these steps:

Open Windows Security.

Click on Device security.

Click the Core isolation details option.

<