Hacker - Banking trojans

Zimperium recently published report about 10 most diffused home banking trojans, on Android OS, affecting more than 600 home banking apps.

This trojans are injected through harmless apps available on google store.

After that these apps are installed on mobile phones, and succesfully infected mobile devices, they show, to end users, similar home banking websites and work to intercept, user, password and one time passwords.

Here they are original articles

https://www.hwupgrade.it/news/sicurezza-software/trojan-bancari-e-emergenza-i-10-piu-diffusi-prendono-di-mira-app-scaricate-un-miliardo-di-volte_107688.html

https://www.forbes.com/sites/daveywinder/2022/04/09/these-6-dangerous-phone-apps-need-to-be-deleted-immediately/

REMARK This is why I still use hardware home banking token :)


<============>

About other Security/Hacker articles please review below blog sections:

https://www.alessandromazzanti.com/search/label/Hacker

https://www.alessandromazzanti.com/search/label/Security

Windows 10 - Windows 10 logs

 STEP 1:

  1. Starting with Windows 10 build 9926, Windows Update logs are no longer saved to "%windir%\Windowsupdate.log".
  2. Windows Update client now uses Event Tracing for Windows (ETW) to generate diagnostic logs saved as .etl files in the "%windir%\Logs\WindowsUpdate" folder. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written.
  3. After Windows 10 build 9926 logs are here located but no longer readable.
  4. Click Windows key + R to open Run and type Evntvwr.msc -->  Applications and Service Logs\Microsoft\Windows\WindowsUpdateClient


STEP 2:

  1. Click Windows key + R to open Run and excute PowerShell with administrative rights and press Enter.
  2. Enter Get-WindowsUpdateLog into the elevated PowerShell, and press Enter.
  3. When finished running, this will create a WindowsUpdate.log file on your desktop. It will take a moment to finish.

STEP 3:

  1. Click Windows key + R to open Run and type cmd with administrative rights and press Enter.
  2. Type regedit.exe and press Enter.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU


  4. Change the key UseWUServer from 1 to 0
  5. Inside cmd with administrative rights execute below commands:
    1. net stop wuauserv
    2. net start wuauserv
  6. Open windows update:
    1. Run updates and select the option to get updates online.

STEP 4:

  1. Click Windows key + R to open Run and type cmd with administrative rights and press Enter.
  2. Type rsop.msc and press Enter.
  3. Check domain policies applied and verify Windows update section as well.


STEP 5:

Here they are some screenshots on how we could proceed, working on GPOs, changing bandwitch usage












Windows Server - AD cleanup/Removal DC procedure

On AD Microsoft server infrastructure it might happen that a DC death suddenly and there is any possibility to recover it (other than format/delete/wipe it)

In this specific case furthermore, you should cleanup AD metadata (to delete any referring that specific DC).

I am taking note, on blog, procedure (saving some articles that I used, in the past, to find workflow):

Metadata Cleanup Using NTDSUTIL in Windows Server 2008 R2
Clean Up Server Metadata

[Update 2022-08.02]

Security - Shodan

Major person does not have exactly perception about how much could be invasive technology, what it mean internet (World Wide LAN that interconnect all devices through internet) and how much security perception is lower than how much is dangerous.

Other than this aspect I am taking note about Shodan, that is a search engine, for internet-connected devices.

Here it is a presentation. There are other aspects, for which this website can be used but, due to security aspects/concerns, I would prefer to omit them. (to indicate them on blog)

https://help.shodan.io/the-basics/what-is-shodan

<============>

About other Security/Hacker articles please review below blog sections:

https://www.alessandromazzanti.com/search/label/Hacker

https://www.alessandromazzanti.com/search/label/Security

Extra IT - Family mediator mention/Mediatrice Familiare menzione #FRANCESCA #FABBRI

Mediation, as a constructive life approach, means to solve conflicts, finding a fair agreement (acceptable for both parts), having first objective to preserve children (in family mediation case) and focus on their supreme good. 

Afterward, another family mediation objective is focusing on shared parenting.

Parents agrees, and are helped (working on themselves and on their behavior), maintaining good communication, helping each other and good relations. 

Love that does no longer exists between parents, is preserved versus children, and parents work closely to maintain vice versa good behavior/fair, helping each others and having good relations.

Family mediation permit to outcome previous target (stipulating a written agreement too)

Consider that any war or hate attitude, as general concept, is negative versus any person (there are several medicine/philosophical/religious confirms that, in any case, I omit to indicate in this article). 

This is more negative specifically versus ex-wife/ex-husband.

Be aware that, children's face has 50 % similarity to both parents. 

If you hate ex-wife/ex-husband it means that you are hating children's half. (so this is terrible!)

Due to this reasons, achieve separation, through familiy mediatior, it permit to avoid/limit previous risk (if ex-wife/ex-husband declare war, each other, through lawyer, previous risk is decisevely higher) and, in any case, signing a written agreement protects all parts (and children at first)

So, considering 28/7/22 importance date, for me (anniversary date) I would like to share, and strongly endorse, Dott.ssa Francesca Fabbri

Fabbri's professionalism, and correcteness, was the key to sucessfully achieve an excellent result. (in my case)

These are references (in case they would be useful for someone)

 https://www.misericordia.firenze.it/Documents/Fabbri%20profilo%20professionale.pdf

https://it.linkedin.com/in/francesca-fabbri-988a7120

<================>

La mediazione, come approccio costruttivo alla vita (sia in ambito familiare che in tutti gli altri ambiti), significa risolvere i conflitti, trovando un accordo equo, (quindi accettabile per entrambe le parti). 

Nel caso della mediazione familiare significa avere come primo obiettivo il preservare i figli focalizzando sul loro bene supremo. 

Successivamente, un altro obiettivo, anch'esso importante, della mediazione familiare, è concentrarsi sulla genitorialità condivisa.

I genitori si impegnano e, allo stesso tempo, vengono aiutati, (mettendosi in gioco e lavorando su se stessi) a mantenere buoni rapporti, aiutandosi a vicenda e mantenendo una buona, e rispettosa, comunicazione.

L'amore infatti, che non esiste più tra i genitori, deve essere preservato rispetto ai figli. 

Per questo motivo i genitori lavorano a stretto contatto, con la mediatrice, per mantenere, viceversa (come gia' detto prima), un buona relazione, avere un buon dialogo (rispettoso) ed aiutandosi a vicenda. (ed alla fine stipulando un accordo )

E' giusto rimarcare che, qualsiasi forma di guerra o di odio, come concetto generale, è negativo nei confronti di qualsiasi persona (non sto qui a dare spiegazioni filosofiche/teologiche/mediche che avvalorano il concetto). 

L'odio e' ancora più negativo quando questo coinvolge l'ex moglie/ex marito.

Infatti il viso del figlio ha il 50% di somiglianza del padre e della madre. Se l'ex moglie/ex marito odia l'altro genitore significa che odia la metà del figlio. (e questo può essere altamente pericoloso)

Proprio per questo rischio, che aumenterebbe considerevolmente, se le parti si affidassero ad una guerra reciproca, fatta con avvocati, questo percorso, tramite mediazione familiare, permette di ottenere la separazione limitando fortemente (se non rimuovendo) il precedente rischio. 

E comunque, essendo un accordo scritto, e depositato in tribunale, garantisce tutte le parti, affinché' sia rispettato (figli in primis e per il loro superiore bene)

Quindi, visto che 28/7/2022, era una data di anniversario importante, ci tengo a condividere, e allo stesso tempo raccomandare fortemente, la mediatrice familiare Dott.ssa Francesca Fabbri. (La sua professionalità ha permesso, nel mio caso, di ottenere risultati eccellenti)

Questi sono riferimenti (nel caso potessero essere utili a qualcuno)

https://www.misericordia.firenze.it/Documents/Fabbri%20profilo%20professionale.pdf

https://it.linkedin.com/in/francesca-fabbri-988a7120

Mobile - How to reset lan settings

 Here they are offial apple article that explain on how to reset iphone lan settings

https://support.apple.com/it-it/guide/iphone/iphea1c2fe48/ios

Security - 6 Security Tips

Person majority does not have exactly perception about how much it could be invasive technology, what it really means internet (*) and how much security perception is lower than how much it is dangerous and appliable to normal life activities.

Due to this reasons I am focusing, with this article, on some interesting aspects.

Consider that, in this article, there is a specific topic that explain effects that technology abuse might affects teenagers (italian language)

(*) World Wide WEB means that all devices are interconnected each other, through internet, it implies that all world devices are, theoretically, reachable from any users and from location. Security concerns should easily realized :-)

1) PASSWORD SHARING

This website permits to create weblinks containing PrivateText & Passwords (that could be securely shared with remote users).

https://privnote.com/

To strengten security there are furthers settings that we strongly suggest to use.

  • Password could be shown only "one time" (or extended up to 30 days deprecated)
  • You can add email address having real time notification (when weblink was effectively read)
  • You can create master password, about web link, that you should communicate, to end user, using different communication ways (SMS, by phone, by voice etc. etc.)

2) HAVE YOU POWNED

Here it is an old article that explains how to verify if, your email account, was  affected in any data breach (occurred on any websites where you registered)


3) VERIFY FILES/WEBLINKS/EMAIL/DOCUMENTS ON ALL ANTIVIRUS VENDORS

During these years I often had necessity to check files/emails/URLs understanding if they had any sort of infection (that was not yet discovered from latter antivirus definitions)

To get this result often I connect through this website that queries all majority AV versions and relative latter definitions.



4) PROXY BROWSER ON LINE

After virustotal checks if weblink is fine but you suspect that it could be a phishing targeted attack you might open weblink through a specific website (registration is for free for basic settings) and you might verify real contents and requests (withouth any risk on you pc/device):


5) PASSWORD TOOLS

Here they are some password tools from old blog article



6) HOW TO VIEW RDP HISTORY SCREENSHOTS

How to view RDP activities done on any Server/client


6.BIS) CYBERBULLISMO

Here it is an optional article that explain technology abuses that could occur on teenagers and persons (italian language only)



<============>

About other Security/Hacker articles please review below blog sections, there are several other aspects that are important to take awareness

https://www.alessandromazzanti.com/search/label/Hacker

https://www.alessandromazzanti.com/search/label/Security


Extra IT - Leave a Legacy

I am sharing a video that I received last year.

I think that message, intrisically contained, should be, by default, included in all our DNA/"Firmware" (for each human person).

The questions are, which memories and legacies you will leave, in any place, with each person with whom you interacted, during all your life? 

https://resources.franklincovey.com/the-8th-habit/leave-a-legacy

Live, Love, Learn

Leave a legacy

Life is short

So...

Live

Love

Learn

Leave a Legacy

LIVE

What makes life worth living

What's missing

LOVE

How do I know..

How do I show love?

LEARN

Where are the answers?

What do I need to learn? to unlearn?

LEAVE A LEGACY

How will I be remembered?

What do I dream of?

What is my fire within?

To live

To love

To learn

To leave a legacy

Life is short

So?

Extra IT - Horse country Resort

Recently we had opportunity to have holidays at following Village Resort (located in Italy-Sardegna).

https://www.horsecountry.it/
https://www.instagram.com/horsecountryresort
https://www.facebook.com/HorseCountryResortCongressSPA/

Considering quotations, quite cheap compared to similar offers, the services provided was excellents. (and we were satisfied)

Internal restaurant, beach restaurant,  3 bars (one of them beach located), horse riding school, SPA wellness center, internal shop, western-style saloon (with relative country music shows), pizzeria, two swimming pools, services offered on the beach (*), soccer field, tennis court, table tennis, karaoke events etc. etc.

Last, but not least, the animation was one of the keys due to our resort permanence (and satifaction): professional, pleasant and funny (it is completely suitable for this kind of locations).

I must endorse villlage animation manager (Gennaro) that was able to coordinate and create an excellent animation team. Another endorsement must be given to both kids mini club girls (Marika and Giada) that has an unique kids positive approach. Latter mention must be given to one animation guy (Francesco)

 I share this information in case it would be useful for someone (and to contradict, partially, "fake news / negative feedbacks" that you might find surfing on web)

 (*) apart sea quality concerns, however well-known and indicated in several web reviews (be aware that, for those who, like us, had a car, it was not absolutely a problem)

<=============>

Ho avuto modo di soggiornare, recentemente, presso la seguente struttura.

https://www.horsecountry.it/

https://www.instagram.com/horsecountryresort

https://www.facebook.com/HorseCountryResortCongressSPA/

Considerando il prezzo, piu' che ragionevole, i servizi forniti sono ottimi. (rimanendone soddisfatti)

La ristorazione, il ristorante sulla spiaggia, i tre bar ( di cui uno sullo spiaggia)  il maneggio, il centro benessere SPA, il negozio interno, il saloon tipo western (con relativa musica country), pizzeria, le due piscine, il servizio spiaggia (*), campo calcetto/tennis, ping pong, serate karaoke etc. etc.

Ultimo, ma non ultimo, l'animazione, professionale, piacevole e non invadente, sono il giusto completamente (se non la vera ciliegina sulla torta). 

E' doveroso menzionare la bravura e professionalità del capo animazione (Gennaro) che e' stato in grado di coordinare e creare un eccellente team di animazione. Un'altra menzione e' doverosa per entrambe le due ragazze (Marika e Giada) del mini club ( per i piu' piccoli) che hanno un approccio, verso i bambini/e, unico e positivo allo stesso tempo (da segnalare anche la baby dance serale), Ultima segnalazione, positiva,  verso una persona dell'animazione (Francesco)

Condivido l'informazione nel caso torni utile a qualcuno (e per contraddire, in parte, le "fake news/feedbacks" che girano sulla struttura). E' giusto menzionare anche uno dei vari animatori (Francesco) con cui sono entrato in sintonia

(*) a parte qualche concerns relativi al mare, comunque ben noti ed indicati nelle varie recensioni che girano su internet, per chi, come noi, aveva la macchina, non era assolutamente un problema

Tutorial - PFX to PEM certificate exporting procedure #HOW TO

If you have necessity to transform .PFX certificate to .PEM files you have to follow a specific procedure:

Consider that PFX file is a certificate, in PKCS#12 format, it contains SSL certificate (public keys) and corresponding private keys.
Be aware that a PEM file is a text file, containing one or more items, in Base64 ASCII encoding, each with plain-text headers and footers (e.g. -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----)

Here they are steps that you should take place

  1. Install OpenSSL
    https://slproweb.com/products/Win32OpenSSL.html

  2. Copy .pfx files in same folder where OpenSSL.exe is located

  3. First case: To convert a PFX file to a PEM file that contains both the certificate and private key:

    Launch below commands:
    openssl pkcs12 -in original_certificate.pfx -nocerts -out Exported_certificate_private_key-encrypted.key

    (you will be prompted to insert original password and new one)

    openssl pkcs12 -in original_certificate.pfx -clcerts -nokeys -out Exported_certificate_private_key-encrypted.crt

  4. Second case: How to convert PFX file to PEM file (that contains both certificate and private key):
    openssl pkcs12 -in original_certificate.pfx -out Exported_certificate.pem -nodes

    (you will be prompted to insert original password and new one)
[Original articles]



Mobile - Iphone how to force brute restart

I am taking note about a very simple topic related on how to hard reboot Iphones devices.

Here it is relative link

https://support.apple.com/it-it/guide/iphone/iph8903c3ee6/ios

Scripting - Enumerate file extension, count them and indicate total size

If you have necessity to analyze single folder (and relatives subfolders), identifying all files extensions, count files numbers and indicate total size this script will assist you on this requirement

$directory = "D:\foo"

#Get all items

Get-ChildItem -Path $directory -Recurse |

#Get only files

Where-Object { !$_.PSIsContainer } |

#Group by extension

Group-Object Extension |

#Get data

Select-Object @{n="Extension";e={$_.Name -replace '^\.'}}, @{n="Size (MB)";e={[math]::Round((($_.Group | Measure-Object Length -Sum).Sum / 1MB), 2)}}, Count

https://stackoverflow.com/questions/22616634/determine-recursively-both-count-and-sum-of-all-extensions-in-a-folder