Internet Archives - Page 67 of 82

CISA warns orgs of WatchGuard bug exploited by Russian state hackers

The Cybersecurity and Infrastructure Security Agency (CISA) has ordered federal civilian agencies and urged all US organizations on Monday to patch an actively exploited bug impacting WatchGuard Firebox and XTM firewall appliances.

Sandworm, a Russian-sponsored hacking group, believed to be part of the GRU Russian military intelligence agency, also exploited this high severity privilege escalation flaw (CVE-2022-23176) to build a new botnet dubbed Cyclops Blink out of compromised WatchGuard Small Office/Home Office (SOHO) network devices.

“WatchGuard Firebox and XTM appliances allow a remote attacker with unprivileged credentials to access the system with a privileged management session via exposed management access,” the company explains in a security advisory rating the bug with a critical threat level.

The flaw can only be exploited if they are configured to allow unrestricted management access from the Internet. By default, all WatchGuard appliances are configured for restricted management access.

Federal Civilian Executive Branch Agencies (FCEB) agencies must secure their systems against these security flaws according to November’s binding operational directive (BOD 22-01).

CISA has given them three weeks, until May 2nd, to patch the CVE-2022-23176 flaw added today to its catalog of Known Exploited Vulnerabilities.

Even though this directive only applies to federal agencies, CISA also strongly urged all US organizations to prioritize fixing this actively abused security bug to avoid having their WatchGuard appliances compromised.

Malware hit 1% of WatchGuard firewall appliances

Cyclops Blink, the malware used by the Sandworm state hackers to create their botnet, has been used to target WatchGuard Firebox firewall appliances with CVE-2022-23176 exploits, as well as multiple ASUS router models, since at least June 2019.

It establishes persistence on the device through firmware updates, and it provides its operators with remote access to compromised networks.

It uses the infected devices’ legitimate firmware update channels to maintain access to the compromised devices by injecting malicious code and deploying repacked firmware images.

This malware is also modular, making it simple to upgrade and target new devices and security vulnerabilities, tapping into new pools of exploitable hardware.

WatchGuard issued its own advisory after US and UK cybersecurity and law enforcement agencies linked the malware to the GRU hackers, saying that Cyclops Blink may have hit roughly 1% of all active WatchGuard firewall appliances.

The UK NCSC, FBI, CISA, and NSA joint advisory says organizations should assume all accounts on infected devices as being compromised. Admins should also immediately remove Internet access to the management interface.

Botnet disrupted, malware removed from C2 servers

On Wednesday, US government officials announced the disruption of the Cyclops Blink botnet before being weaponized and used in attacks.

The FBI also removed the malware from Watchguard devices identified as being used as command and control servers, notifying owners of compromised devices in the United States and abroad before cleaning the Cyclops Blink infection.

“I should caution that as we move forward, any Firebox devices that acted as bots, may still remain vulnerable in the future until mitigated by their owners,” FBI Director Chris Wray warned.

“So those owners should still go ahead and adopt Watchguard’s detection and remediation steps as soon as possible.”

WatchGuard has shared instructions on restoring infected Firebox appliances to a clean state and updating them to the latest Fireware OS version to prevent future infections.

US, UK link new Cyclops Blink malware to Russian state hackers

CISA orders agencies to patch actively exploited Sophos firewall bug

CISA warns orgs to patch actively exploited Chrome, Redis bugs

CISA adds 66 vulnerabilities to list of bugs exploited in attacks

CISA adds 15 vulnerabilities to list of flaws exploited in attacks

Source :
https://www.bleepingcomputer.com/news/security/cisa-warns-orgs-of-watchguard-bug-exploited-by-russian-state-hackers/

Cybersecurity Threat Spotlight: HermeticWiper, SDUser, and Xenomorph

This has been a busy month for cyber attackers, and the Cisco Umbrella team – in conjunction with Cisco Talos – has observed several new threats for users to be aware of.

In this month’s edition of the Cybersecurity Threat Spotlight, we discuss a wiper making its way through Ukraine, a dropper targeting India and China, and a newly discovered Trojan targeting EU banks.

Want to see Cisco Umbrella in action? Sign up for a free trial today!

HermeticWiper

Threat Type: Wiper

Attack Chain:

Description: HermeticWiper is a data destructing malware observed in attacks targeting Ukraine. This wiper comes as a small executable with a valid digital signature issued to “Hermetica Digital Ltd.” The malware leverages embedded resources to interact with storage devices present on infected systems. The applicable embedded driver is extracted, loaded into the wiper’s process memory space, decompressed, and written to the disk before the wipe process. The wiper disables the generation of crash dumps and corrupts the first 512 bytes to destroy the MBR of physical drives. For partitions, it disables the Volume Shadow Copy Service and uses different destructive mechanisms on the partitions depending on whether they’re FAT type or NTFS type. The wiper also attempts to corrupt housekeeping files. During the final stage, HermeticWiper waits for all sleeping threads to complete and initiates a reboot to ensure the success of the wiping activity.

HermeticWiper Spotlight: Cisco Talos has become aware of a series of wiper attacks going on inside Ukraine. One of the wipers used in these attacks has been dubbed “HermeticWiper.” Deployment of this destructive malware began on February 23, 2022. The malware has two components designed for destruction: one targeting the Master Boot Record (MBR) and another targeting partitions.

Target Geolocations: Ukraine
Target Data: Physical Drivers, Partitions
Target Businesses: Government Sector
Exploits: N/A

Mitre ATT&CK for HermeticWiper

Initial Access:
Valid Accounts

Discovery:
System Information Discovery
File and Directory Discovery

Persistence:
Create or Modify System Process: Windows Service

Execution:
Native API

Evasion:
Modify Registry

Impact:
Disk Wipe: Disk Structure Wipe
Inhibit System Recovery
Service Stop
System Shutdown/Reboot

Privilege Escalation:
Access Token Manipulation

IOCs¹

Hashes:
0385eeab00e946a302b24a91dea4187c1210597b8e17cd9e2230450f5ece21da
1bc44eef75779e3ca1eefb8ff5a64807dbc942b1e4a2672d77b9f6928d292591
2c10b2ec0b995b88c27d141d6f7b14d6b8177c52818687e4ff8e6ecf53adf5bf
3c557727953a8f6b4788984464fb77741b821991acbf5e746aebdd02615b1767

Additional Information
Threat Advisory: Hermetic Wiper

Which Cisco Secure Products Can Block
Cisco Secure Endpoint
Cisco Secure Email
Cisco Secure Firewall/Secure IPS
Cisco Secure Malware Analytics
Cisco Umbrella

SDUser

Threat Type: Dropper

Attack Chain:

Description: SDUser is a VBA-based dropper that is used by Advanced Persistent Threat (APT) groups. The functionality of the payload includes command and control protocol, anti-sandboxing techniques, and a reverse shell mechanism.

SDUser Spotlight: In June 2021, Cisco Talos researchers discovered a malicious Excel spreadsheet that attempted to drop a previously unknown RAT. A month later, they discovered another closely related spreadsheet. These samples were internally referred to as “SDUser” sampled due to the specific PDB string left in the binary payload.

More recent analysis shows similar code being used by two different APT groups: Transparent Tribe, which targets organizations in India, and Donut, which targets organizations in Pakistan and China. These two different threat actors may use code from the same source in their attacks, which means that their attacks would display similarities despite being conducted by different groups. Code reuse, adopting techniques from successful attacks, and deliberate integration of evidence designed to fool analysts can disguise the true perpetrator and lead to these attacks being attributed to different groups.

Target Geolocations: Pakistan, China
Target Data: User Credentials, Browser Data, Sensitive Information
Target Businesses: Any
Exploits: N/A

Mitre ATT&CK for SDUser

Initial Access:
Phishing: Spearphishing Attachment

Discovery:
Peripheral Device Discovery
Query Registry

Execution:
Command and Scripting Interpreter

Evasion:
Obfuscated Files or Information
Virtualization/Sandbox Evasion: System Checks

Command and Control:
Application Layer Protocol
Web Service

IOCs¹

Domains:
microsoft-updates[.]servehttp[.]com
microsoft-patches[.]servehttp[.]com
microsoft-docs[.]myftp[.]org

IPs:
45.153.240[.]66
46.30.188[.]222

Additional Information:
What’s with the shared VBA code between Transparent Tribe and other threat actors?

Which Cisco Secure Products Can Block:
Cisco Secure Endpoint
Cisco Secure Email
Cisco Secure Firewall/Secure IPS
Cisco Secure Malware Analytics
Cisco Umbrella
Cisco Secure Web Appliance

Xenomorph

Threat Type: Mobile Trojan

Attack Chain:

Description: Xenomorph is an Android Banking Trojan. It is capable of stealing credentials via overlay attack, and it uses SMS and notification interception to log and use potential 2FA tokens. Stolen data is sent to the C2 for further exploitation.

Xenomorph Spotlight: Xenomorph was initially discovered in February 2022. It is distributed through the official Google Play Store. It targets users of 56 different European banks and cryptocurrency wallets. Capabilities include – but are not limited to – stealing credentials, SMS and notification interception, excessive logging, and data exfiltration. The core engine is designed as a modular system and still appears to be in the development stage. Malware heavily relies on the overlay attack mechanism to steal personally identifiable information (PII) and other sensitive data. Collected data is exfiltrated to an attacker-controlled server using the open-source project RetroFit2.

Target Geolocations: EU
Target Data: User Credentials, Browser Data, Sensitive Information
Target Businesses: Any
Exploits: N/A

Mitre ATT&CK for Xenomorph

Initial Access:
Deliver Malicious App via Authorized App Store

Execution:
Native Code

Evasion:
Masquerading as Legitimate Application

Credential Access:
Capture SMS Messages
Input Capture

Command and Control:
Standard Application Layer Protocol

Exfiltration:
Data Encryption
Standard Application Layer Protocol

IOCs¹

Domains:
simpleyo5[.]tk
simpleyo5[.]cf
art12sec[.]ga
kart12sec[.]gq
homeandofficedeal[.]com

Additional Information:
Xenomorph: A newly hatched Banking Trojan

Which Cisco Secure Products Can Block
Cisco Secure Firewall/Secure IPS
Cisco Secure Malware Analytics
Cisco Umbrella
Cisco Secure Web Appliance

Source :
https://umbrella.cisco.com/blog/cybersecurity-threat-spotlight-hermeticwiper-sduser-xenomorph

How to Completely Uninstall Apps on Mac

Most people don’t realize it, but when you uninstall apps on Mac, they almost always leave behind what is commonly referred to as “leftovers”. These leftovers are files that were required by the app or program to function when it was installed, but now it’s been removed, they are merely taking up valuable storage space on your Mac. Over time, as you use your Mac and install and uninstall various apps, these leftovers can really begin to pile up — eventually significantly slowing down your Mac.

Fortunately, there are several ways that you can remove these leftovers during the uninstallation process, and in this article, we will show you three of them. They vary slightly in complexity, but if you’re looking for the absolute easiest way possible, you’ll want to skip to number 2!

1. Uninstall programs using Finder

This method is one that most people are completely comfortable using, but with a slight twist.

1. Open Finder and select Applications.

2. Locate the app you want to delete and right-click on it. Select Move to Trash.

3. Open Trash by clicking on its icon on the Dock. Select Empty.

4. Now here’s how to delete the leftovers. In Finder, select Go > Go to Folder.

5. Type “/Library/” in the search box and select Go.

6. Type the removed app’s name into the search box. Right-click on any of its associated files and select Move to Trash. After you’ve removed all the leftover files, empty the Trash folder once again.

2. Automatically remove apps using Cleaner One Pro (the easy way!)

One of the great features of Cleaner One Pro is its ability to completely remove apps, including any leftovers, with the click of a button. It really couldn’t be any easier!

1. Open Cleaner One Pro and select System Optimizer.

2. Select App Manager > Scan.

3. Hit the checkbox to the left of the app you wish to completely remove. Verify that all the checkboxes next to the app’s associated files are selected and click on Remove.

Compared to the other options that are available for completely removing apps (like the two mentioned in this article), there is no more straightforward method than using Cleaner One Pro . To read more about Cleaner One Pro and all its other excellent features, click here.

3. Delete apps using Terminal

For most people, this method will be overly technical and come with too much risk, but it does work.

1. Open Terminal and type mdfind -name “application name” and press Enter. For example, if you wanted to remove Google Chrome, you would type mdfind -name “google chrome”.

2. This will return all files associated with the name of the app, but it doesn’t mean you should delete them all. If you are using this method of uninstallation, you should have a pretty good idea of what you’re looking for, but in general, you should be searching for .app files, .plist files, settings and preferences, caches, and other accessory files.

3. Once you have located the files you wish to remove, you can do so using the rm command by typing “sudo rm -rif ~” + the directory and file name. For example, “sudo rm -rif ~/Library/Managed Installs/icons/GoogleChrome.png”. Please note, the rn command is irreversible, so please exercise caution.

Consistency is key

Whichever method you opt to use, you’ll be doing your Mac a big favor in the long run. By removing all the associated files every time you remove an app, your Mac isn’t going to eventually get bogged down by them. Trust us, after your Mac is still running super quick in years to come, you’ll be glad you took our advice!

Source :
https://news.trendmicro.com/2021/09/03/how-to-completely-uninstall-apps-on-mac/

Fix the ‘This PC can’t run Windows 11’ Error: How to enable TPM and Secure Boot

Tried to upgrade your PC to Windows 11, but run into the dreaded ‘This PC can’t run Windows 11’ error message? Don’t give up, it could be because your system doesn’t have two security settings turned on: Secure Boot and TPM 2.0.

Trend Micro Windows 11 Upgrade Helper checks eight aspects of your computer, and perhaps most crucially, which TPM version it is running. Windows 11 requires TPM 2.0, so if your PC is not currently running or is not capable of running TPM 2.0, Windows 11 Upgrade Helper will let you know.Get Windows 11 Upgrade Helper

What are TPM and Secure Boot?

Trusted Platform Module (TPM) is a technology designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant. Malicious software isn’t able to tamper with the security functions of the TPM, either.

Secure Boot is a feature from the latest Unified Extensible Firmware Interface (UEFI). It offers another layer of protection against potential malware infections. It can detect when boot loaders or key operating system files are being tampered with by malware and actively block them before they can infect the system. Both TPM and Secure Boot offer unique ways of strengthening the protection of Windows 11.

Is my device capable of TPM 2.0 and Secure Boot?

To check if your device has Secure Boot, you can follow these steps:
1. In the Windows search box, type “System Information” and open the System Information app.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

2. Select System Summary, and in the panel on the right side, look for “Secure Boot State”.

3. The value indicates the status of Secure Boot. “On” means it is turned on, “Off” means it is disabled, and “Unsupported” means your hardware does not support Secure Boot.

To check if your device has TPM, follow the steps below:

1. In the Windows search box, type “tpm.msc” and click Open.

2. Under Status, if you see “The TPM is ready for use”, you know that the TPM is present and available. If you see the message “Compatible TPM cannot be found”, it means that either your computer cannot find the TPM or that it has been disabled in the BIOS or UEFI.

You can also check if your device is using TPM 2.0 through Device Manager. Here’s how to do so:

1. Right-click on the Windows Start menu icon located in the lower left of your screen, then select Device Manager.

2. Select Security Devices from the list and it will show you what TPM chip you have. If it says Trusted Platform Module 2.0, you are good to go.

How to enable TPM and Secure Boot

To enable TPM and Secure Boot, you need to restart your computer to access the BIOS settings. After restarting, at the boot screen, press your computer’s BIOS access key. The most common BIOS access keys are DEL and F2. Here’s a reference for popular PC and motherboard brands and their BIOS access keys:

In the example below, we show you how to enable TPM on an ASUS TUF Gaming Z490-PLUS [WI-FI] motherboard, but the instructions will almost certainly differ depending on which brand of PC or motherboard you have.

1. At the UEFI BIOS Utility screen, press F7 to access Advanced Mode.

2. Click the “Advanced” tab and select “PCH-FW Configuration”.

3. Alongside “TPM Device Selection”, select “Enable Firmware TPM”.

To enable Secure Boot, in the “Boot” tab, follow the steps below:

1. Select “Secure Boot”.

2. Select “OS Type” and beside it, select “Windows UEFI Mode”.

3. Go to the “Exit” tab to save the changes and restart the computer. TPM and Secure Boot will be enabled after the restart.

What can I do if I don’t have a TPM chip?

Your device may have a TPM chip, but you need to update your BIOS to have access to it. Please contact your PC or motherboard manufacturer to learn more about how to enable TPM on your device.

You could also buy a TPM module online, but you must know which TPM module is compatible with your motherboard. You also need to install the module onto the motherboard, which might not be an easy task — especially if you don’t have any experience in working with motherboards. If you would like to go down this route, we advise that you contact a technician or take it to a local PC repair shop.

Alternatively, you could upgrade to a new computer.

What’s the most convenient way to check if I can upgrade to Windows 11?

There are tools created that can help you assess if your computer is ready for Windows 11. One of those tools is Trend Micro Windows 11 Upgrade Helper .

Trend Micro Windows 11 Upgrade Helper can check if your computer meets all the requirements for Windows 11. You can talk to Premium Support Service if you need assistance in making your computer Windows 11 ready, too.Get Windows 11 Upgrade Helper

Source :
https://news.trendmicro.com/2021/10/04/fix-the-this-pc-cant-run-windows-11-error-how-to-enable-tpm-and-secure-boot/

How to Clear Browsing History on Safari on iPhone & Mac

Your browsing history is a vital piece of information that can define your personality, your drives, and your likes and dislikes. That’s why third parties love to collect this information for targeted advertising and, sometimes, malicious activities.

To prevent others from collecting your browsing history, make it a habit to delete it now and then. Here’s some simple steps on how to delete browsing history on your Safari browser.

For Mac

1. Open your Safari App and click History on the top menu options.
2. Click Clear History. A pop-up menu will appear and you can choose how far back you want to clear your browsing history.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

You can also clear specific safari browsing history:

In Safari, press Command-Yor select History > Show All History.
From the long list, click once on a history item to select it.
Right-click to bring up a menu, then choose Delete.

Manually clearing search and browsing history from your safari can be tedious. However, there is also an automatic solution you can try: Antivirus One , from Trend Micro.

The privacy cleaner feature in Antivirus One can help you clean sensitive browsing information to protect your privacy. Here, you can select Safari and then click the “Clean” button to remove all browsing info in a few seconds.

For iPhone

1. Go to Settings and click Safari.

2. Tap “Clear History and Website Data”.

This will remove history, cookies, and browsing data from Safari.

If this article has been of use and/or interest to you, please do SHARE with friends and family — and remember to give Antivirus One a go.Get Antivirus One

Source :
https://news.trendmicro.com/2021/11/10/how-to-clear-browsing-history-on-safari-on-iphone-mac/

How to Remove Bing on Chrome, Firefox, and Edge

Users have been complaining that the search engine, Bing, loads as the default instead of Google. Annoying, but don’t fret! We’ve put together a simple guide on how to get rid of Bing and restore your preferred search engine.

On Google Chrome

1. Open Google Chrome and click the 3-dots menu.
2. Select More Tools, then choose Extensions.

3. Remove any Bing Extensions you see.
4. Go back to the Menu, then select Settings.

5. Look for Search Engine and click it.

6. On the right side, choose your preferred Search Engine (Google, Yahoo, DuckDuckGo or Ecosia).
7. Restart Google Chrome. If it still uses Bing as your search engine, we suggest resetting or reinstalling Chrome.

On Mozilla Firefox

1. Open Mozilla Firefox and click the hamburger menu (3 horizontal lines).
2. Select Add-ons and themes.

3. Choose Extensions on the left side, then remove any Bing extensions you see.

4. Go back to the Menu, then select Settings.
5. On the left side, click Search and look for the Default Search Engine section on the right side.

6. Choose your preferred Search Engine (Google, Amazon.com, DuckDuckGo or Wikipedia).
7. Restart Firefox. If it still uses Bing as your search engine, we suggest resetting or reinstalling Firefox.

On Microsoft Edge

1. Open Microsoft Edge.
2. Click the 3-dots menu on the upper right corner, then select Settings.

3. Select View Advance Settings and click the Change search engine button.

4. Choose your preferred Search Engine then click the Set as default button.

We hope this short guide has helped you get things back to normal! If you’ve found it a useful article, please do SHARE with friends and family.

Source :
https://news.trendmicro.com/2021/11/17/how-to-remove-bing-on-chrome-firefox-and-edge/

Top 10 Most Used Search Engines & Tips for Browsing

In the modern world, searching for information is simple. There’s no need to go from one library to another, flipping through numerous pages, or checking the table of contents before you get to what you’re looking for. Simply typing words on the internet will give you limitless results — all you need to do is narrow them down.

What is a Search Engine?

If you need to find something, like a website or page that contains your needed information, you’ll need to go and visit a search engine page to query keywords.

A search engine is a program or application that checks, hunts, and searches the web for sites based on keywords. It uses these keywords and returns pages that are connected to what you have typed.

Search engines use web crawlers or web spiders to catalog the World Wide Web. These crawling bots are used for indexing contents. They will scan, check, assess and inspect site pages and their information across the web.

Notable Search Engines and Their Brief Histories

Archie — During the 1990s, the very first search engine arrived, named Archie. Its purpose was to search FTP sites to create indexes of files that are downloadable.

Veronica and Jughead — Created around 1992/93, they both searched file names and titles in Gopher index systems.

Infoseek — In 1994, Webmasters would submit and provide a page in real-time with this program.

Yahoo Search — Also created in 1994, it created a collection of favorable web pages with description of each website.

Looksmart, Excite and AltaVista — These search engines were created in 1995 and tried to compete with Yahoo.

Backrub — Created around 1996, Google’s initial project, Backrub, was a search engine that utilized backlinks for searches. It ranked pages depending on citations from other sites.

Ask Jeeves — Started in 1996, this search engine used human editors that tried to match search queries.

Google — Officially launched in 1998.

MSN Search — Relied on three different search engines: Looksmart, Overture and Inktomi.

Snap — A somewhat complex search engine, released in 2005, that shows search volumes, revenues and advertisers.

Bing — Rebranded name for MSN/Live Search.

Schema.Org — In 2011, Microsoft, Google and Yahoo collaborated to create Schema.org to create structured internet data.

Top 10 Most Used Search Engines

The following list contains the top ten from across the world:

1. Google:“Just google it” is a ubiquitous expression nowadays. Google is the most popular across all search engines — even more than all others combined. According to statistics, around 78% of desktops and laptops uses Google.

2. Yahoo: In the past, Yahoo had competed with Google. But as the years went on, Yahoo users had declined significantly. Now it is mostly used as a backup search engine in case the dominant one is down.

3. Bing: Microsoft Bing (or just Bing) is owned by Microsoft. Its origin came from MSN Search and Windows Live Search. This search engine is proud of its ‘decision’ engine which provides suggestions on the sides.

4. AOL Search: Known before as American Online Search. This search engine is used mostly by older people accustomed to AOL.

5. Duck Duck Go: Some say that Duck Duck Go is for and by Hipsters. But the main reason users choose this search engine is that it does not track search history and avoids spammy websites.

6. Baidu: This search engine is the 3^rd largest out there. Baidu dominates the Chinese market and is the first choice in China. This engine has a sophisticated online censorship system since there’s many restrictions in its operating region.

7. Yandex: If Baidu has China as its market, then Yandex has the Russian market.

8. Ask: Its origin is the older “Ask Jeeves”. Since it could not compete with Google, it’s now powered by Google — if you can’t beat ‘em, join ‘em!

9. Naver: South Korea is another huge tech and communications market with its own search engine, Naver.

10.Seznam: The search engine popular in the Czech Republic and C. Europe.

And some honorable mentions:

Ecosia — Donates surplus income to organizations that plant trees.
Dogpile — Shows results from the top 3 search engines (Google, Bing and Baidu).
Gigablast — An open-source search engine.
Qwant — A popular, EU-based search engine.

Tips For Using Search Engines

Search engines are brilliant tools to immediately get the information we want. However, since search engines generally do not have much security capability, you should invest in a security product to provide and efficient browsing.

1. Install the Maximum Security tool bar to prevent you from visiting malicious websites.

You can install the Trend Micro Maximum Security toolbar service, which warns you of security risks relevant to the websites you visit.

When you search online, it monitors and rates websites in search engines such as Google, Bing, Baidu, and Yahoo. The Trend Micro Toolbar provides Page Ratings that show if the page is safe, suspicious, dangerous, trusted or untested.

A Mac User? No problem. Trend Micro Antivirus for Mac has the same toolbar feature to protect your online activity.

2. Install AdBlock One to stop annoying ads.

In addition, be sure to also use AdBlock One for Safari. This app stops annoying online ads from bothering you and helps load web pages faster — a significant boost in securing and improving your digital life.

Without AdBlock One

With AdBlock One

Get AdBlock OneIt’s free

If you’ve found this article an interesting and/or useful read, please do SHARE with family and friends.

Source :
https://news.trendmicro.com/2021/11/25/top-10-most-used-search-engines-tips-for-browsing/

How to Free Up Memory on Mac

If your Mac frequently performs slowly or freezing all the time, you see a “Your system has run out of application memory” message or occasionally seeing the dreadful spinning beach ball, chances of these can be signs that your memory, or RAM, is being used to the max.

What is RAM on Mac?

Random Access Memory (RAM) is a computer’s temporary data storage device. It stores the information the computer is actively using so that it can be accessed quickly. The more running programs your computer has, the more it uses memory to perform properly. It’s essential for your computer to work properly.

It is different from the internal storage on your Mac. You keep all your files in internal storage but you can’t choose what to save in your RAM as your computer needs flexibility in moving files in or out of that memory all the time.

It works similarly like when you are working in an office. The bigger the office the more people can do different tasks simultaneously. Like in a computer, the more RAM you have the more process your computer can handle at once.

When you launch a program, your computer gathers the program’s files from the hard drive. Once the files are retrieved, the computer needs a working area to process the data and allow you to interact with it. This is your RAM. Your computer places your program’s files in RAM temporarily while you are working with them so that your computer can access that information faster and efficiently.

Why it is necessary to Add more RAM

By default, most Macs were shipped with around 8GB of RAM. Old files and cluttered caches can reduce your Mac’s available RAM and cause your system to slow down. Some applications require a lot of RAM to work efficiently, such as video editing apps and 3D design software.

Adding more RAM is one of the easiest, most cost-effective ways to improve the performance of your MAC, primarily because most computers are shipped with a minimal amount of memory.

Free up Memory with System Activity Monitor

If installing more RAM isn’t an option, you can start looking at the Activity Monitor to show how much memory is being used – that will help you identify if an app is using up more than it should be.

Activity Monitor comes with your Mac. You can find it in Utilities, or start typing Activity Monitor into Spotlight. If you select the Memory tab, this shows a list of all the active apps and processes on your Mac and how much memory each of them is using.

You should see a Memory Pressure chart and the breakdown of how your memory is being used.

The most important thing to look at is the Memory Pressure chart, which shows up in green, yellow, or red based on whether your Mac needs more RAM or not. If it is all green, it means your RAM is still efficient. Yellow means your Mac might be needing an upgrade, and red means your Mac definitely needs that added RAM.

When you find the suspect app to be using resources even though you weren’t using them, select it and click on Information (i).

This will show more information about the process including the memory it used. If you want to close this app, you can just click on Quit. Then it will ask if you are sure to quit this process. You can choose Quit or Force Quit. Force Quite is useful for frozen apps.

Note: If you are not familiar with the process, it’s better not to close as it may be required by your Mac.

Reduce Memory Usage on Mac

We now know the fix we can do when our Mac is running out of memory. It is still better if we can prevent it from happening especially if we only have limited options to upgrade our Mac’s memory.

There are a few things you can do to maximize what is available. This may also help speed up your Mac.

1. Make your Desktop Clean all the time.

Cluttered documents, images, and different types of files are worth cleaning or at least sorting them to a different folder/location. The macOS is designed to manage your Desktop icon as an active window. The more icons the more memory will be used.

2. Manage Memory Usage in Finder

The Finder application is designed by default to show all files available on the system. Try changing the default display of Finder to not show All My Files.

Open Finder and click on Finder > Preferences
Under General choose a folder to be shown when you open a new Finder window.

3. Close Unwanted Finder Windows or merge them.

Each Finder window can have an impact on RAM usage. You can close them all at once by using the keyboard shortcut, pressing Command + Option + W, or merging all the Finder windows together.

In the Finder, click on Window > Merge All Windows.

4. Disable Items that launches at Start up

Check if there are apps set to run during start-up or after you log in on your Mac as most of these might not be really essential for your everyday use of your computer.

How to stop apps from starting automatically:

Open System Preferences > Click on Users & Groups.
Click on your User name on the sidebar on the left if that’s not already selected.
Click on Login Items.
Select an app in the list that you don’t want to run during startup and click on the (-) button.

5. Close web browser tabs

It’s best practice to keep minimal open browser tabs at the same time as recent macOS will see the websites open in Safari listed as a separate process in Activity Monitor. It would also be best to close Safari or the browser you use from time to time.

6. Delete browser extensions

Browser extensions are tools for quick access to features while surfing the internet. But sometimes they just consume more memory. Check your browsers for unwanted browser extensions you don’t really need.

7. Free up more disk space on your Mac

You may also need to clear some space on your Mac from time to time. The recommendation is to keep 20% of your drive space free. You could delete large unused files, old downloads, and old apps. Large unused files can be installer packages you used a long time ago that you already forgot. You can also look for duplicate files or similar photos.

Best App to Free up RAM and Optimize memory usage on Mac

Cleaner One Pro is an all-in-one disk cleaning app with an easy-to-use interface so you can effortlessly visualize, manage and free up your storage space to keep your Mac optimized for the best performance.

Its key features include:

Quick Optimizer – Quick Optimizer monitors your CPU Usage, Network Usage and Memory Usage, while scanning and deleting Junk Files in just one click.
Junk Files – Remove temporary files and hidden hidden leftover files in one click.
Similar Photos – Offer an abundance of useful features to get rid of similar looking images.
Big Files – Filter and manage large files on your disk and free up more storage space.
Disk Map – Analyze your storage usage in a visual and interactive map.
Duplicate Files – Retrieve and delete duplicate files.
App Manager – View and manage apps by name, size or date. Remove unwanted apps and associated files. Batch remove multiple apps.
Startup Manager – Easily manage startup apps and services. Speed up boot time and enhance the performance.

Cleaner One Pro is available from Apple’s App Store and the Trend Micro website. Download and claim your free trial today!

You may check our article about Cleaner one Pro for more information:

Source :
https://news.trendmicro.com/2022/03/17/how-to-free-up-memory-on-mac/

Urgent Update Released for Zero-Day Chrome & Edge Vulnerability

Updates for both Google Chrome and Microsoft Edge have been released which address the critical CVE-2022-1096 zero-day exploit. If you use either of these web browsers, you should install the update immediately.

What we know so far

The high severity vulnerability — referred to as CVE-2022-1096 — stems from a newly-discovered “type confusion” issue with V8, Google’s open-source JavaScript engine that powers both Google Chrome and Microsoft Edge. The vulnerability, which affects Windows, Mac, and Linux, could allow hackers to hijack people’s web browsers and embed malicious code.

Although it didn’t elaborate, in a short blog post addressing the issue, Google stated that a known exploit currently exists in the wild, although it is not clear how many people have already been affected or how damaging this exploit is.

The vulnerability also affects Microsoft’s Chromium-based web browser Edge in the same way.

What you need to do

You can stay protected from this vulnerability by ensuring your web browser is updated to the latest version. For Google Chrome, this is version 99.0.4844.84 and for Microsoft Edge, it is version 99.0.1150.55.

To check if you have the latest version installed, within one of the web browsers, click the three vertical dots in the top right-hand corner > Settings > About Chrome/About Microsoft Edge. If you don’t already have the latest version installed, you will be presented with the option to download and install it.

How to help the online community

Due to Google remaining tight-lipped about the severity of the known exploit, the level of harm it could cause to potential victims is as yet unclear. To limit the fallout, we all need to do our part in spreading the word — especially when considering how easy it is to install the latest update and guarantee protection. If you found this article helpful and you would like to see that others are protected, please consider sharing this post.

Source :
https://news.trendmicro.com/2022/03/30/urgent-update-chrome-edge-zero-day/

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on “evidence of active exploitation.”

The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed “Spring4Shell”, impacts Spring model–view–controller (MVC) and Spring WebFlux applications running on Java Development Kit 9 and later.

“Exploitation requires an endpoint with DataBinder enabled (e.g., a POST request that decodes data from the request body automatically) and depends heavily on the servlet container for the application,” Praetorian researchers Anthony Weems and Dallas Kaman noted last week.

Although exact details of in-the-wild abuse remain unclear, information security company SecurityScorecard said “active scanning for this vulnerability has been observed coming from the usual suspects like Russian and Chinese IP space.”

Similar scanning activities have been spotted by Akamai and Palo Alto Networks’ Unit42, with the attempts leading to the deployment of a web shell for backdoor access and to execute arbitrary commands on the server with the goal of delivering other malware or spreading within the target network.

“During the first four days after the vulnerability outbreak, 16% of the organizations worldwide were impacted by exploitation attempts,” Check Point Research said, adding it detected 37,000 Spring4Shell-related attacks over the weekend.

Microsoft 365 Defender Threat Intelligence Team also chimed in, stating it has been “tracking a low volume of exploit attempts across our cloud services for Spring Cloud and Spring Core vulnerabilities.”

According to statistics released by Sonatype, potentially vulnerable versions of the Spring Framework account for 81% of the total downloads from Maven Central repository since the issue came to light on March 31.

Cisco, which is actively investigating its line-up to determine which of them may be impacted by the vulnerability, confirmed that three of its products are affected –

Cisco Crosswork Optimization Engine
Cisco Crosswork Zero Touch Provisioning (ZTP), and
Cisco Edge Intelligence

VMware, for its part, also has deemed three of its products as vulnerable, offering patches and workarounds where applicable –

VMware Tanzu Application Service for VMs
VMware Tanzu Operations Manager, and
VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)

“A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system,” VMware said in the advisory.

Also added by CISA to the catalog are two zero-day flaws patched by Apple last week (CVE-2022-22674 and CVE-2022-22675) and a critical shortcoming in D-Link routers (CVE-2021-45382) that has been actively weaponized by the Beastmode Mirai-based DDoS campaign.

Pursuant to the Binding Operational Directive (BOD) issued by CISA in November 2021, Federal Civilian Executive Branch (FCEB) agencies are required to remediate the identified vulnerabilities by April 25, 2022.

Source :
https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html

Malware hit 1% of WatchGuard firewall appliances

Botnet disrupted, malware removed from C2 servers

Related Articles:

HermeticWiper

SDUser

Xenomorph

1. Uninstall programs using Finder

2. Automatically remove apps using Cleaner One Pro (the easy way!)

3. Delete apps using Terminal

Consistency is key

What are TPM and Secure Boot?

Is my device capable of TPM 2.0 and Secure Boot?

How to enable TPM and Secure Boot

What can I do if I don’t have a TPM chip?

What’s the most convenient way to check if I can upgrade to Windows 11?

For Mac

For iPhone

On Google Chrome

On Mozilla Firefox

On Microsoft Edge

What is a Search Engine?

Notable Search Engines and Their Brief Histories

Top 10 Most Used Search Engines

Tips For Using Search Engines

1. Install the Maximum Security tool bar to prevent you from visiting malicious websites.

2. Install AdBlock One to stop annoying ads.

What is RAM on Mac?

Why it is necessary to Add more RAM

Free up Memory with System Activity Monitor

Reduce Memory Usage on Mac

1. Make your Desktop Clean all the time.

2. Manage Memory Usage in Finder

3. Close Unwanted Finder Windows or merge them.

4. Disable Items that launches at Start up

5. Close web browser tabs

6. Delete browser extensions

7. Free up more disk space on your Mac

Best App to Free up RAM and Optimize memory usage on Mac

What we know so far

What you need to do

How to help the online community