Hacker - Banking trojans

Zimperium recently published report about 10 most diffused home banking trojans, on Android OS, affecting more than 600 home banking apps.

This trojans are injected through harmless apps available on google store.

After that these apps are installed on mobile phones, and succesfully infected mobile devices, they show, to end users, similar home banking websites and work to intercept, user, password and one time passwords.

Here they are original articles

https://www.hwupgrade.it/news/sicurezza-software/trojan-bancari-e-emergenza-i-10-piu-diffusi-prendono-di-mira-app-scaricate-un-miliardo-di-volte_107688.html

https://www.forbes.com/sites/daveywinder/2022/04/09/these-6-dangerous-phone-apps-need-to-be-deleted-immediately/

REMARK This is why I still use hardware home banking token :)


<============>

About other Security/Hacker articles please review below blog sections:

https://www.alessandromazzanti.com/search/label/Hacker

https://www.alessandromazzanti.com/search/label/Security

Windows 10 - Windows 10 logs

 STEP 1:

  1. Starting with Windows 10 build 9926, Windows Update logs are no longer saved to "%windir%\Windowsupdate.log".
  2. Windows Update client now uses Event Tracing for Windows (ETW) to generate diagnostic logs saved as .etl files in the "%windir%\Logs\WindowsUpdate" folder. This method improves performance and reduces disk space usage. However, the logs are not immediately readable as written.
  3. After Windows 10 build 9926 logs are here located but no longer readable.
  4. Click Windows key + R to open Run and type Evntvwr.msc -->  Applications and Service Logs\Microsoft\Windows\WindowsUpdateClient


STEP 2:

  1. Click Windows key + R to open Run and excute PowerShell with administrative rights and press Enter.
  2. Enter Get-WindowsUpdateLog into the elevated PowerShell, and press Enter.
  3. When finished running, this will create a WindowsUpdate.log file on your desktop. It will take a moment to finish.

STEP 3:

  1. Click Windows key + R to open Run and type cmd with administrative rights and press Enter.
  2. Type regedit.exe and press Enter.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU


  4. Change the key UseWUServer from 1 to 0
  5. Inside cmd with administrative rights execute below commands:
    1. net stop wuauserv
    2. net start wuauserv
  6. Open windows update:
    1. Run updates and select the option to get updates online.

STEP 4:

  1. Click Windows key + R to open Run and type cmd with administrative rights and press Enter.
  2. Type rsop.msc and press Enter.
  3. Check domain policies applied and verify Windows update section as well.


STEP 5:

Here they are some screenshots on how we could proceed, working on GPOs, changing bandwitch usage












Windows Server - AD cleanup/Removal DC procedure

On AD Microsoft server infrastructure it might happen that a DC death suddenly and there is any possibility to recover it (other than format/delete/wipe it)

In this specific case furthermore, you should cleanup AD metadata (to delete any referring that specific DC).

I am taking note, on blog, procedure (saving some articles that I used, in the past, to find workflow):

Metadata Cleanup Using NTDSUTIL in Windows Server 2008 R2
Clean Up Server Metadata

[Update 2022-08.02]

Security - Shodan

Major person does not have exactly perception about how much could be invasive technology, what it mean internet (World Wide LAN that interconnect all devices through internet) and how much security perception is lower than how much is dangerous.

Other than this aspect I am taking note about Shodan, that is a search engine, for internet-connected devices.

Here it is a presentation. There are other aspects, for which this website can be used but, due to security aspects/concerns, I would prefer to omit them. (to indicate them on blog)

https://help.shodan.io/the-basics/what-is-shodan

<============>

About other Security/Hacker articles please review below blog sections:

https://www.alessandromazzanti.com/search/label/Hacker

https://www.alessandromazzanti.com/search/label/Security