# Improbus > CyberSecurity Specialists --- ## Pages - [Access Denied](https://improbus.com/products/access-denied/): Improbus provide Access Denied landing pages. If you do not want to give some users, networks, IP-addresses, MAC-addresses or other... - [Preparedness Exercises](https://improbus.com/services/preparedness-exercises/): Preparedness and Readiness Exercises Preparing for cybersecurity threats is essential in today’s digital age. Here are some of the topics... - [Improbus AS](https://improbus.com/about/improbus-as/): Improbus AS is a joint stock company («aksjeselskap», «AS») registered with Brønnøysund Register Centre (Brønnøysundregistrene) in Norway, with organization number... - [Improbus (FLI)](https://improbus.com/about/improbus-fli/): Improbus (FLI) is an organization («forening/lag/innretning», «FLI») registered with Brønnøysund Register Centre (Brønnøysundregistrene) in Norway, with organization number NO 994... - [Organization](https://improbus.com/about/organization/): Improbus consists of 2 independent entities registered at The Brønnøysund Register Centre («Brønnøysundregistrene») in Norway: Improbus AS Improbus (FLI) Domain... - [Digital Forensics](https://improbus.com/services/digital-forensics/): Digital Forensics Services Digital Forensics is the process of investigating and analyzing digital devices, networks, and systems to collect and... - [Incident Response](https://improbus.com/services/incident-response/): Incident Response & Management IR / IM – Services: Examples of IR areas in which our team (CSIRT) provide help: - [Snail Mail](https://improbus.com/contact/snail-mail/): Companies, especially those working with security services, are often targets for mail theft, fraud, and attempted security breaches. We strive... - [Domain Name Protection](https://improbus.com/products/domain-name-protection/): Improbus provide Domain Name Protection. If you do not want to build a web site or present a simple web... - [Resources](https://improbus.com/resources/): Good tools are half the work. Old proverb We have compiled shortlists of some of the systems, tools and other... - [Bootable images](https://improbus.com/resources/bootable-images/): BSD-base Linux-base Windows-base - [Tools and applications for BSD / Linux / *nix](https://improbus.com/resources/tools-and-applications-for-bsd-linux-nix/): Information Gathering ace-voip Amap APT2 arp-scan Automater bing-ip2hosts braa CaseFile CDPSnarf cisco-torch copy-router-config DMitry dnmap dnsenum dnsmap DNSRecon dnstracer dnswalk... - [Tools and applications for Windows](https://improbus.com/resources/tools-and-applications-for-windows/): BCD-MBR Tools BootIce EasyBCD Hard Disk Tools – Data Recovery CheckDisk GUI Lazesoft Data Recovery Puran Data Recovery Puran File... - [Rates](https://improbus.com/rates/): Sequere pecuniam “Follow the money” Rates – NOK Rate (NOK) Description (Level) 1250 Junior Advisor / Consultant 1500 Advisor /... - [Enterprise](https://improbus.com/services/enterprise/): Enterprise Services Enterprise Data Center Operation and Maintenance. Enterprise Communication Platform Operation. - [Counseling](https://improbus.com/services/counseling/): Counseling Services Counseling to Law Firms. Counseling to Law Enforcement Agencies. Counseling to the Courts (Expert Witness). Evidence Securement, Collection... - [Documents](https://improbus.com/documents/): Please click the appropriate link(s) from the sub-menu to find relevant documents (i. e. procurement, purchasing, data processing agreement, GDPR,... - [Contracts and agreements](https://improbus.com/documents/contracts-and-agreements/): General information Below, you will find files related to each of The State Standard Agreements (SSA) in Norwegian (Bokmål) and... - [SSA](https://improbus.com/documents/ssa/): The State Standard Agreements Improbus use The State Standard Agreements (SSA), which are contract templates for the purchase of IT... - [About](https://improbus.com/about/): Improbus is a modern and efficient organization with an extensive network of international contacts. We possess a breadth of expertise... - [Products](https://improbus.com/products/): List of some of our legacy products which are still active / in use today. For more information about these... - [Services](https://improbus.com/services/): Hinc robur et securitas “Herefore strength and safety” Improbus provides general consultancy services within several technology fields. Below, we have... - [Consultancy](https://improbus.com/services/consultancy/): Consultancy Services Data Recovery Services. Security Audit Services. Information Security Services. Personal Security / Privacy Services. Communications Security Services. Firewall... - [IMPROBUS](https://improbus.com/): Security is always excessiveuntil it’s not enough. Robbie Sinclair Got a security problem? Suspect embezzlement, corruption, or fraud? Are you... - [Privacy Policy](https://improbus.com/privacy-policy/): Who we are Our website address is https://improbus. com/. What personal data we collect and why we collect it Comments... - [Contact](https://improbus.com/contact/): If you know what you’re looking for,you’ve already found it. RoboDoc If you want to contact us, please do not... - [Immediate action agreements and conclusive actions](https://improbus.com/documents/immediate-action-agreements-and-conclusive-actions/): In certain situations, work must be started before the client and supplier enter into a written contract. This applies particularly... - [Consent Disclaimer](https://improbus.com/consent-disclaimer/): No form of consent shall be deemed to have been granted by Improbus AS or any of its subsidiaries unless... --- ## Posts - [The ICRC issues "Rules of engagement" to hacktivists after chaos](https://improbus.com/2023/10/04/the-icrc-issues-rules-of-engagement-to-hacktivists-after-chaos/): The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers... - [5 effective technical cybersecurity measures](https://improbus.com/2023/01/01/5-effective-technical-cybersecurity-measures/): The most common attacks are carried out with malicious software targeting employees' computers and by guessing simple passwords. - [Improbus help businesses conduct secure voting, polls, and surveys](https://improbus.com/2020/11/22/improbus-help-businesses-conduct-secure-voting-polls-and-surveys/): Improbus help businesses conduct secure voting, polls, and surveys - [Additional measures implemented due to the COVID-19 pandemic](https://improbus.com/2020/03/25/additional-measures-implemented-due-to-the-covid-19-pandemic/): Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has... - [Security Breach Disrupts Fintech Firm Finastra](https://improbus.com/2020/03/20/security-breach-disrupts-fintech-firm-finastra/): Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key... - [Zyxel Flaw Powers New Mirai IoT Botnet Strain](https://improbus.com/2020/03/20/zyxel-flaw-powers-new-mirai-iot-botnet-strain/): In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the... - [Successful recovery of stolen domain names](https://improbus.com/2020/03/20/successful-recovery-of-stolen-domain-names/): Improbus facilitated today the safe return and recovery of stolen domain names. Two competing companies were domain name holders of... - [Live Coronavirus Map Used to Spread Malware](https://improbus.com/2020/03/12/live-coronavirus-map-used-to-spread-malware/): Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the... - [Microsoft Patch Tuesday, March 2020 Edition](https://improbus.com/2020/03/11/microsoft-patch-tuesday-march-2020-edition/): Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated... - [Measures implemented due to the COVID-19 pandemic](https://improbus.com/2020/03/08/measures-implemented-due-to-the-covid-19-pandemic/): Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has... - [Man convicted of "extensive data breach"](https://improbus.com/2020/03/02/man-convicted-of-extensive-data-breach/): Man convicted of “extensive data breach” in Bergen District Court Article from Digi / BT / NTB A 30-year-old man... - [FCC Proposes to Fine Wireless Carriers $200M for Selling Customer Location Data](https://improbus.com/2020/02/28/fcc-proposes-to-fine-wireless-carriers-200m-for-selling-customer-location-data/): The U. S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest... - [Zyxel 0day Affects its Firewall Products, Too](https://improbus.com/2020/02/26/zyxel-0day-affects-its-firewall-products-too/): On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage... - [Improbus acquires ICEC](https://improbus.com/2019/01/01/improbus-acquires-icec/): Improbus has acquired ICEC; International Center for Emergency Communication. As of today, 01. 01. 2019, both companies will act as... - [How PhotoDNA for Video is being used to fight online child exploitation](https://improbus.com/2018/09/12/how-photodna-for-video-is-being-used-to-fight-online-child-exploitation/): In the past, when someone tipped off the Internet Watch Foundation’s (IWF) criminal content reporting hotline to an online video... - [PhotoDNA scans images for child abuse](https://improbus.com/2009/12/18/photodna-scans-images-for-child-abuse/): Internet service providers may have better success at scanning their networks to actively seek out illicit images of child abuse,... --- # # Detailed Content ## Pages - Published: 2024-05-12 - Modified: 2024-05-12 - URL: https://improbus.com/products/access-denied/ Improbus provide Access Denied landing pages. If you do not want to give some users, networks, IP-addresses, MAC-addresses or other identificators access to your web content, you can establish an external Access Denied page. This way, you can let possible visitors know that the web resource they are trying to access, is denied, while offloading unwanted traffic and without disturbing other, relevant website statistics. --- - Published: 2023-08-30 - Modified: 2023-08-30 - URL: https://improbus.com/services/preparedness-exercises/ Preparedness and Readiness Exercises Preparing for cybersecurity threats is essential in today's digital age. Here are some of the topics we address in our preparedness exercises for our customers: Understand Your Assets: Identify and document all your digital assets and data. You can't protect what you don't know you have. Risk Assessment: Regularly conduct risk assessments to identify potential vulnerabilities and threats. This should involve both internal and external factors. Incident Response Plan: Develop a well-defined incident response plan that outlines roles, responsibilities, and steps to take in the event of a cybersecurity incident. Test this plan regularly through simulations. Employee Training: Train your employees on cybersecurity best practices. Human error is a significant factor in many cyber incidents. Regular Updates and Patch Management: Ensure that all software, hardware, and firmware are kept up to date with security patches. Vulnerabilities are often exploited in outdated systems. Network Security: Implement strong network security measures, including firewalls, intrusion detection systems, and encryption protocols. Data Protection: Use encryption and access controls to protect sensitive data. Data should be classified according to its sensitivity, and access should be restricted accordingly. Third-Party Risk Management: Assess the security practices of third-party vendors and partners, as they can be a weak link in your cybersecurity chain. Continuous Monitoring: Implement continuous monitoring of your network and systems for signs of suspicious or unauthorized activity. Early detection is crucial. Backup and Disaster Recovery: Regularly back up your data and systems, and test your disaster recovery plan to ensure business continuity in case of a cyber incident. Legal and Compliance Considerations: Stay informed about relevant laws and regulations in your industry and region, such as GDPR or HIPAA, and ensure your cybersecurity practices comply with these requirements. Communication and Public Relations: Develop a communication plan for addressing the public and media in the event of a cybersecurity breach. How you respond can greatly impact your reputation. Cybersecurity Awareness Culture: Foster a culture of cybersecurity awareness within your organization. Everyone should be vigilant and report suspicious activity promptly. Threat Intelligence: Stay updated on the latest cyber threats and trends. Understanding the current threat landscape can help you adapt your defenses. Testing and Simulation: Regularly conduct cybersecurity exercises and simulations, such as penetration testing and phishing drills, to evaluate your organization's readiness and response capabilities. Documentation, Documentation, Documentation: Keep detailed records of cybersecurity incidents, responses, and lessons learned. This documentation can be invaluable for future prevention and improvement. Budget and Resource Allocation: Allocate sufficient resources and budget for cybersecurity. Cutting corners in this area can lead to vulnerabilities. Adaptability and Flexibility: Recognize that cybersecurity is an ongoing process. Threats evolve, and your defenses must evolve with them. Collaboration: Foster collaboration with other organizations and cybersecurity experts. Sharing information and experiences can enhance your preparedness. Ethical Considerations: Always prioritize ethical behavior in your cybersecurity efforts. Be transparent, respect privacy, and act responsibly in all your cybersecurity actions. Remember that cybersecurity is not a one-time effort but an ongoing commitment to protect your digital assets and the trust of your stakeholders. Regularly reassess your strategies and adapt to the changing threat landscape. --- - Published: 2023-04-20 - Modified: 2023-04-20 - URL: https://improbus.com/about/improbus-as/ Improbus AS is a joint stock company («aksjeselskap», «AS») registered with Brønnøysund Register Centre (Brønnøysundregistrene) in Norway, with organization number NO 911 688 689 MVA. Improbus AS is an entity that provides commercial advisory services for public and private customers, while Improbus (FLI) is a non-governmental, non-profit organization that provides assistance to ideal associations, teams, facilities, and other non-profit organizations. --- - Published: 2023-04-20 - Modified: 2023-04-20 - URL: https://improbus.com/about/improbus-fli/ Improbus (FLI) is an organization («forening/lag/innretning», «FLI») registered with Brønnøysund Register Centre (Brønnøysundregistrene) in Norway, with organization number NO 994 799 142. Improbus (FLI) is a non-governmental, non-profit organization that provides assistance to ideal associations, teams, facilities, and other non-profit organizations, while Improbus AS is an entity that provides commercial advisory services for public and private customers. --- - Published: 2023-04-20 - Modified: 2024-01-15 - URL: https://improbus.com/about/organization/ Improbus consists of 2 independent entities registered at The Brønnøysund Register Centre («Brønnøysundregistrene») in Norway: Improbus AS Joint stock company. «Strictly business» (Provides assistance to companies and organizations only - NO private individuals). Organization number: NO 911 688 689 MVA. Improbus (FLI) Non-Profit Organization (NPO). Non-Governmental Organization (NGO). «Strictly non-profit» (Provides assistance to non-profit and humanitarian organizations only - NO companies or commercial enterprises, NOR private individuals). Organization number: NO 994 799 142. Domain names Domain nameUsageimprobus. comMostly commercial use, Improbus AS. Main site. improbus. orgMostly non-profit use, Improbus (FLI). Subdomains. improbus. netShared use for all Improbus resources and entities. improbus. infoReserved for informational purposes. Currently redirected. improbus. bizReserved for commercial purposes. Currently redirected to our main site at improbus. com. improbus. TLDOther, valid domain names; gTLDs, sTLDs, and ccTLDs are redirected to our main site at improbus. com. Please note: Always be skeptical and aware of potential scams. Refer to our main site at improbus. com for information and inquiries, and don't hesitate to contact us if you have any questions. --- - Published: 2023-04-06 - Modified: 2023-05-14 - URL: https://improbus.com/services/digital-forensics/ Digital Forensics Services Digital Forensics is the process of investigating and analyzing digital devices, networks, and systems to collect and preserve evidence related to cyber incidents or crimes. Improbus uses a combination of techniques, tools, and procedures to identify, contain, and remediate security incidents, including malware infections, data breaches, and insider threats. «Digital Forensics and Incident Response» is often abbreviated DFIR. The ultimate goal of DFIR is to uncover the root cause of the incident, minimize the impact on the organization, and prevent similar incidents from happening in the future. Examples of DFIR processes: Evidence Collection: Collecting digital evidence is a critical step in any DFIR investigation. It involves identifying and preserving digital data related to the incident, such as log files, network traffic, system images, and other artifacts. Analysis: Once the evidence is collected, the analysis process begins. This involves examining the data to determine what happened, how it happened, and who was involved. DFIR analysts use a variety of tools and techniques, including forensic analysis, malware analysis, and network analysis, to identify the root cause of the incident. Containment: Once the incident is understood, the next step is to contain it to prevent further damage. This involves isolating affected systems, blocking network traffic, and disabling accounts or services that may be compromised. Remediation: Finally, the DFIR team must take steps to remediate the incident and restore affected systems to their pre-incident state. This may involve patching vulnerabilities, removing malware, or restoring data from backups. These processes are not always linear, and they often overlap or occur simultaneously. However, they provide a structured framework for responding to security incidents and conducting effective DFIR investigations. --- - Published: 2022-07-13 - Modified: 2023-05-14 - URL: https://improbus.com/services/incident-response/ Incident Response & Management IR / IM - Services: Immediate response to a security incident, e. g. response following a cyberattack or information security breach. Limit attack damages, lower costs, and saves time after a security breach (or hacking attempts). Communication; internal (company / employee information), as well as external communication (press releases, partner orientation, etc). Examples of IR areas in which our team (CSIRT) provide help: Preparation. Identification. Containment. Eradication. Recovery. Education and future planning. --- - Published: 2022-01-30 - Modified: 2023-04-20 - URL: https://improbus.com/contact/contact-form/ Your name Your email-address Your phone-number Subject Your message (optional) --- - Published: 2020-06-25 - Modified: 2024-02-27 - URL: https://improbus.com/contact/snail-mail/ Companies, especially those working with security services, are often targets for mail theft, fraud, and attempted security breaches. We strive to use secure electronic communication and avoid using snail mail unless absolutely necessary. If communicating via electronic means does not meet your needs and you still want to send us snail mail - let us know in advance via email, telegram, or contact form, and we will send you instructions on how to proceed. When we have to, we use recommended, certified, or registered mail, i. e. ; restricted delivery with authentication, authorization, ID and signature. Important: Please be aware that if you decide to send regular mail with or without prior notice, you should consider the shipment lost if confirmation of receipt is not received. --- - Published: 2020-03-29 - Modified: 2020-04-16 - URL: https://improbus.com/products/domain-name-protection/ Improbus provide Domain Name Protection. If you do not want to build a web site or present a simple web page of any kind, but still want to register, secure and/or use a domain name (for other purposes, e. g. email only), you can redirect any web traffic to one of our “landing pages”. This way, you can let possible visitors know that the domain name is in fact registered and working - just not used for common web services. --- - Published: 2020-03-25 - Modified: 2020-04-16 - URL: https://improbus.com/resources/ Good tools are half the work. Old proverb We have compiled shortlists of some of the systems, tools and other resources we use. Although sharing is caring: For safety reasons, proprietary, self-developed and self-made tools are not listed here. Please check the “Resources”-submenus for more information: Bootable imagesTools and applications for BSD / Linux / *nixTools and applications for Windows --- - Published: 2020-03-25 - Modified: 2024-12-18 - URL: https://improbus.com/resources/bootable-images/ BSD-base FreeBSD TrueNAS pfSense Linux-base CloneZilla Kali Linux CAINE Windows-base Hiren's BootCD --- - Published: 2020-03-25 - Modified: 2020-04-16 - URL: https://improbus.com/resources/tools-and-applications-for-bsd-linux-nix/ Information Gathering ace-voipAmapAPT2arp-scanAutomaterbing-ip2hostsbraaCaseFileCDPSnarfcisco-torchcopy-router-configDMitrydnmapdnsenumdnsmapDNSRecondnstracerdnswalkDotDotPwnenum4linuxenumIAXEyeWitnessFaradayFierceFirewalkfragroutefragrouterGhost PhisherGoLismerogoofilehping3ident-user-enumInSpyInTraceiSMTPlbdMaltego TeethmasscanMetagoofilMirandanbtscan-unixwizNiktoNmapntopOSRFrameworkp0fParseroRecon-ngSETSMBMapsmtp-user-enumsnmp-checkSPARTAsslcauditSSLsplitsslstripSSLyzeSublist3rTHC-IPV6theHarvesterTLSSLedtwofiUnicornscanURLCrazyWiresharkWOL-EXplico Vulnerability Analysis BBQSQLBEDcisco-auditing-toolcisco-global-exploitercisco-ocscisco-torchcopy-router-configDoonaDotDotPwnHexorBasejSQL InjectionLynisNmapohrwurmopenvasOscannerPowerfuzzersfuzzSidGuesserSIPArmyKnifesqlmapSqlninjasqlsusTHC-IPV6tnscmd10gunix-privesc-checkYersinia Exploitation Tools ArmitageBackdoor FactoryBeEFcisco-auditing-toolcisco-global-exploitercisco-ocscisco-torchCommixcrackleexploitdbjboss-autopwnLinux Exploit SuggesterMaltego TeethMetasploit FrameworkMSFPCRouterSploitSETShellNoobsqlmapTHC-IPV6Yersinia Wireless Attacks Airbase-ngAircrack-ngAirdecap-ng and Airdecloak-ngAireplay-ngairgraph-ngAirmon-ngAirodump-ngairodump-ng-oui-updateAirolib-ngAirserv-ngAirtun-ngAsleapBesside-ngBluelogBlueMahoBluepotBlueRangerBluesnarferBullycoWPAttycrackleeapmd5passEasside-ngFern Wifi CrackerFreeRADIUS-WPEGhost PhisherGISKismetGqrxgr-scanhostapd-wpeivstoolskalibrate-rtlKillerBeeKismetmakeivs-ngmdk3mfcukmfocmftermMultimon-NGPacketforge-ngPixieWPSPyritReaverredfangRTLSDR ScannerSpooftoophTkiptun-ngWesside-ngWifi HoneywifiphisherWifitapWifitewpaclean Forensics Tools Binwalkbulk-extractorCapstonechntpwCuckoodc3ddddrescueDFFdiStorm3DumpzillaextundeleteForemostGalletaGuymageriPhone Backup Analyzerp0fpdf-parserpdfidpdgmailpeepdfRegRipperVolatilityXplico Web Applications apache-usersArachniBBQSQLBlindElephantBurp SuiteCutyCaptDAVTestdeblazeDIRBDirBusterfimapFunkLoadGobusterGrabberhURLjboss-autopwnjoomscanjSQL InjectionMaltego TeethNiktoPadBusterParosParseroplecostPowerfuzzerProxyStrikeRecon-ngSkipfishsqlmapSqlninjasqlsusua-testerUniscanw3afWebScarabWebshagWebSlayerWebSploitWfuzzWhatWebWPScanXSSerzaproxy Stress Testing DHCPigFunkLoadiaxfloodInundatorinvitefloodipv6-toolkitmdk3ReaverrtpfloodSlowHTTPTestt50TermineterTHC-IPV6THC-SSL-DOS Sniffing & Spoofing bettercapBurp SuiteDNSCheffikedhamster-sidejackHexInjectiaxfloodinvitefloodiSMTPisr-evilgrademitmproxyohrwurmprotos-siprebindresponderrtpbreakrtpinsertsoundrtpmixsoundsctpscanSIPArmyKnifeSIPpSIPViciousSniffJokeSSLsplitsslstripTHC-IPV6VoIPHopperWebScarabWifi HoneyWiresharkxspyYersiniazaproxy Password Attacks BruteSprayBurp SuiteCeWLchntpwcisco-auditing-toolCmosPwdcreddumpcrowbarcrunchfindmyhashgpp-decrypthash-identifierHashcatHexorBaseTHC-HydraJohn the RipperJohnnykeimpxMaltego TeethMaskprocessormultiforcerNcrackoclgausscrackophcrackPACKpatatorphrasendrescherpolenumRainbowCrackrcracki-mtRSManglerSecListsSQLdictStatsprocessorTHC-pptp-bruterTrueCrackWebScarabwordlistszaproxy Maintaining Access CryptCatCymothoadbddns2tcpHTTPTunnelIntersectNishangpolenumPowerSploitpwnatRidEnumsbdshellterU3-PwnWebshellsWeevelyWinexe Hardware Hacking android-sdkapktoolArduinodex2jarSakis3Gsmali Reverse Engineering apktooldex2jardiStorm3edb-debuggerjadjavasnoopJD-GUIOllyDbgsmaliValgrindYARA Reporting Tools CaseFilecherrytreeCutyCaptdos2unixDradisMagicTreeMetagoofilNipper-ngpipalRDPY --- - Published: 2020-03-25 - Modified: 2020-03-25 - URL: https://improbus.com/resources/tools-and-applications-for-windows/ BCD-MBR Tools BootIceEasyBCD Hard Disk Tools – Data Recovery CheckDisk GUILazesoft Data RecoveryPuran Data RecoveryPuran File RecoveryRecuvaRuntime GetDataBack for FATRuntime GetDataBack for NTFSRuntime GetDataBack SimpleRuntime NAS Data RecoveryRuntime RAID ReconstructorRuntime RAID Recovery for Windows Hard Disk Tools – Defrag Defraggler Hard Disk Tools – Diagnostic GSmartControlHDDScanHDTuneWD Data Lifeguard Diagnostics Hard Disk Tools – Disk Explorer Runtime Captain NemoRuntime DiskExplorer for FATRuntime DiskExplorer for LinuxRuntime DiskExplorer for NTFS Hard Disk Tools – Imaging Acronis TrueImageAOMEI BackupperLazesoft Disk Image & CloneMacrium Reflect PERuntime DriveImage XML Hard Disk Tools – Partition Tools AOMEI Partition AssistantMacrorit Partition Extender Hard Disk Tools – Security HDD Low Level Format Tool Windows Recovery Lazesoft Windows Recovery Other Tools FSViewerFree OfficeSumatra PDF7-ZipExamDiff ProHxDNotepad++WinMerge Removable Drive Tools CDBurnerXPRufus Security – AntiVirus ESET Online ScannerMalwarebytes Anti-Malware Security – KeyFinders ProduKeyShowKeyPlus Security – Passwords Lazesoft Password RecoveryNT Password Edit System Tools CPU-ZGPU-ZHWInfoSpeccyTechBench ISO DownloaderWinNTSetupAttribute ChangerCCleanerChange Keyboard LayoutDependency WalkerRegistry BackupRegshotSysInternals SuiteWindows PowerShell Network Aero AdminTeamviewerAcrylic Wi-Fi HomeChromeMozilla FirefoxPENetwork --- - Published: 2020-03-17 - Modified: 2024-01-15 - URL: https://improbus.com/rates/ Sequere pecuniam“Follow the money” Rates - NOK Rate (NOK)Description (Level)1250Junior Advisor / Consultant1500Advisor / Consultant2000Senior Advisor / Consultant2500Principal Advisor / Consultant5000Expert Advisor / Consultant Rates - EUR Rate (EUR)Description (Level)125Junior Advisor / Consultant150Advisor / Consultant200Senior Advisor / Consultant250Principal Advisor / Consultant500Expert Advisor / Consultant Rates - USD Rate (USD)Description (Level)125Junior Advisor / Consultant150Advisor / Consultant200Senior Advisor / Consultant250Principal Advisor / Consultant500Expert Advisor / Consultant Overtime / Availability Fees Overtime (percent)Description (Type)0 %Overtime; during (ordinary) business hours (08:00-16:00) on weekdays. 50 %Overtime; after 17:00 on weekdays. 100 %Overtime; after 20:00 on weekdays, and during daytime on weekends. 200 %Overtime; weekend (nights), during daytime on public holidays, etc. 400 %Emergency assignments, DFIR (w/o prior agreement), public holidays (nights), inconvenient working hours, etc. Terms and additional information The rates above apply unless otherwise contractually agreed or otherwise agreed upon in writing, per individual assignment. Certain types of assignments must be handled outside normal working hours. In such cases, special rates may apply for the respective tasks and/or assignments, as stated above. For assignments that are facilitated as a result of “conclusive action” (i. e. without pre-existing SLA or contract, etc. ), the above rates apply until a written agreement is signed. For assignments that are handled on an ongoing basis / e. g. “ad hoc”, a contract, framework agreement, or “hour bank”-agreement applies at all times unless otherwise stated in the assignment confirmation from Improbus. Improbus has a lien in all goods, services, intellectual property, physical as well as intangible until everything outstanding is paid in full. Improbus reserves the right to sell or transfer claims to third parties for debt collection and recovery. The base rates are based on NOK (Norwegian Kroner). Rates in EUR and USD do not reflect current exchange rates against NOK. Charged time is calculated per started or consumed hour. Special rates apply to non-profit organizations. To check whether your organization is eligible for special rates and regulations or not, please contact us. --- - Published: 2020-03-05 - Modified: 2020-04-16 - URL: https://improbus.com/services/enterprise/ Enterprise Services Enterprise Data Center Operation and Maintenance. Enterprise Communication Platform Operation. --- - Published: 2020-03-05 - Modified: 2020-04-16 - URL: https://improbus.com/services/counseling/ Counseling Services Counseling to Law Firms. Counseling to Law Enforcement Agencies. Counseling to the Courts (Expert Witness). Evidence Securement, Collection & Retrieval. Documentation & Reporting. --- - Published: 2020-03-05 - Modified: 2023-09-18 - URL: https://improbus.com/documents/ Please click the appropriate link(s) from the sub-menu to find relevant documents (i. e. procurement, purchasing, data processing agreement, GDPR, etc. ). The original documents are available on The Norwegian Agency for Public and Financial Management (DFØ) webpages. Please note that even though the agreement web pages are written in Norwegian, most agreements have file downloads available in English in addition to Norwegian Bokmål and Norwegian Nynorsk. --- - Published: 2020-03-05 - Modified: 2020-09-05 - URL: https://improbus.com/documents/contracts-and-agreements/ General information Below, you will find files related to each of The State Standard Agreements (SSA) in Norwegian (Bokmål) and English. For validity reasons, the original (Norwegian) agreement names are retained. English agreement names The Ongoing Purchases of Services Agreement (SSA-L). The Assistance Agreements (SSA-B and SSA-B simplified). The Operational Services Agreement (SSA-D). The Purchase Agreement (SSA-K). The Research and Development Agreement (SSA-O). The Framework Agreement (SSA-R). The Agile Software Development Agreement (SSA-S). The Development and Customisation Agreement (SSA-T). The Maintenance Agreement (SSA-V). The Data Processing Agreement and Checklist. The Ongoing Purchases of Services Agreement (SSA-L) Avtale om løpende tjenestekjøp (SSA-L) ssa-l_bilag_2018. pdfDownload ssa-l_bilag_2018. docxDownload ssa-l_bilag_2018_english. pdfDownload ssa-l_bilag_2018_english. docxDownload ssa-l_endringslogg_2015-2018. 12. pdfDownload ssa-l_endringslogg_2015-2018. 12. docxDownload ssa-l_generell_avtaletekst. pdfDownload ssa-l_generell_avtaletekst. docxDownload ssa-l_generell_avtaletekst_english. pdfDownload ssa-l_generell_avtaletekst_english. docxDownload The Assistance Agreements (SSA-B and SSA-B simplified) Bistandsavtalene (SSA-B og SSA-B enkel) ssa-b_2015_eng. pdfDownload ssa-b_2015_eng. docxDownload ssa-b_appendices_2013_2015_eng. pdfDownload ssa-b_appendices_2013_2015_eng. docxDownload ssa-b_bilag_v2013-2015. pdfDownload ssa-b_bilag_v2013-2015. docxDownload ssa-b_enkel_2015-bok. pdfDownload ssa-b_enkel_2015-bok. docxDownload ssa-b_generell_avtaletekst_2015. pdfDownload ssa-b_generell_avtaletekst_2015. docxDownload ssa-b_simplified_2015_eng. pdfDownload ssa-b_simplified_2015_eng. docxDownload The Operational Services Agreement (SSA-D) Driftsavtalen (SSA-D) ssa-d_appendices_2015_eng. pdfDownload ssa-d_appendices_2015_eng. docxDownload ssa-d_bilag_2018_bok. pdfDownload ssa-d_bilag_2018_bok. docxDownload ssa-d_endringslogg_2015-2018. 12. pdfDownload ssa-d_endringslogg_2015-2018. 12. docxDownload ssa-d_endringsoversikt_ssa-d_-_2015. pdfDownload ssa-d_endringsoversikt_ssa-d_-_2015. docxDownload ssa-d_generell_avtaletekst_2018-english. pdfDownload ssa-d_generell_avtaletekst_2018-english. docxDownload ssa-d_generell_avtaletekst_2018_bok. pdfDownload ssa-d_generell_avtaletekst_2018_bok. docxDownload The Purchase Agreement (SSA-K) Kjøpsavtalen (SSA-K) ssa-k_2015_eng. pdfDownload ssa-k_2015_eng. docxDownload ssa-k_appendices_2015_eng. pdfDownload ssa-k_appendices_2015_eng. docxDownload ssa-k_appendices_2018_eng. pdfDownload ssa-k_appendices_2018_eng. docxDownload ssa-k_bilag_2018_bok. pdfDownload ssa-k_bilag_2018_bok. docxDownload ssa-k_endringslogg_2015-2018. 12. pdfDownload ssa-k_endringslogg_2015-2018. 12. docxDownload ssa-k_endringsoversikt_ssa-k_-_2015. pdfDownload ssa-k_endringsoversikt_ssa-k_-_2015. docxDownload ssa-k_generell_avtaletekst_2018-bok. pdfDownload ssa-k_generell_avtaletekst_2018-bok. docxDownload ssa-k_generell_avtaletekst_2018-engelsk_2018. 12. pdfDownload ssa-k_generell_avtaletekst_2018-engelsk_2018. 12. docxDownload The Research and Development Agreement (SSA-O) Oppdragsavtalen (SSA-O) ssa-o_appendices_2013_2015_eng. pdfDownload ssa-o_appendices_2013_2015_eng. docxDownload ssa-o_bilag_2018_bok. pdfDownload ssa-o_bilag_2018_bok. docxDownload ssa-o_endringslogg_2015-2018. 12. pdfDownload ssa-o_endringslogg_2015-2018. 12. docxDownload ssa-o_generell_avtaletekst_2018-english. pdfDownload ssa-o_generell_avtaletekst_2018-english. docxDownload ssa-o_generell_avtaletekst_2018_bok. pdfDownload ssa-o_generell_avtaletekst_2018_bok. docxDownload The Framework Agreement (SSA-R) Rammeavtalen (SSA-R) ssa-r_2015_eng. pdfDownload ssa-r_2015_eng. docxDownload ssa-r_appendices_2015_eng. pdfDownload ssa-r_appendices_2015_eng. docxDownload ssa-r_bilag_2018_bok. pdfDownload ssa-r_bilag_2018_bok. docxDownload ssa-r_generell_avtaletekst_2015_1. pdfDownload ssa-r_generell_avtaletekst_2015_1. docxDownload The Agile Software Development Agreement (SSA-S) Smidigavtalen (SSA-S) ssa-s_appendices_2015_eng_0. pdfDownload ssa-s_appendices_2015_eng_0. docxDownload ssa-s_bilag_2018_bok. pdfDownload ssa-s_bilag_2018_bok. docxDownload ssa-s_endringslogg_2015-2018. 12. pdfDownload ssa-s_endringslogg_2015-2018. 12. docxDownload ssa-s_generell_avtaletekst_2018-english_0. pdfDownload ssa-s_generell_avtaletekst_2018-english_0. docxDownload ssa-s_generell_avtaletekst_2018_bok. pdfDownload ssa-s_generell_avtaletekst_2018_bok. docxDownload ssa-s_veiledning_til_avtalen_2015_0. pdfDownload ssa-s_veiledning_til_avtalen_2015_0. docxDownload The Development and Customisation Agreement (SSA-T) Utviklings- og tilpasningsavtalen (SSA-T) ssa-t_appendices_2015_eng. pdfDownload ssa-t_appendices_2015_eng. docxDownload ssa-t_bilag_2018_bok. pdfDownload ssa-t_bilag_2018_bok. docxDownload ssa-t_endringslogg_2015-2018. 12. pdfDownload ssa-t_endringslogg_2015-2018. 12. docxDownload ssa-t_endringsoversikt_ssa-t_-_2015. pdfDownload ssa-t_endringsoversikt_ssa-t_-_2015. docxDownload ssa-t_generell-avtaletekst-2018-bok. pdfDownload ssa-t_generell-avtaletekst-2018-bok. docxDownload ssa-t_generell_avtaletekst_2018-english. pdfDownload ssa-t_generell_avtaletekst_2018-english. docxDownload The Maintenance Agreement (SSA-V) Vedlikeholdsavtalen (SSA-V) ssa-v_appendices_2015_eng. pdfDownload ssa-v_appendices_2015_eng. docxDownload ssa-v_bilag_2018_bok. pdfDownload ssa-v_bilag_2018_bok. docxDownload ssa-v_endringslogg_2015-2018. 12_0. pdfDownload ssa-v_endringslogg_2015-2018. 12_0. docxDownload ssa-v_generell_avtaletekst_2018-english. pdfDownload ssa-v_generell_avtaletekst_2018-english. docxDownload ssa-v_generell_avtaletekst_2018_bok. pdfDownload ssa-v_generell_avtaletekst_2018_bok. docxDownload ssa-v_endringsoversikt_ssa-v_-_2015. pdfDownload ssa-v_endringsoversikt_ssa-v_-_2015. docxDownload The Data Processing Agreement and Checklist (Norwegian only) Databehandleravtale og sjekkliste (Kun på norsk) databehandleravtale_2020. pdfDownload databehandleravtale_2020. docxDownload databehandleravtale_bilag_2020. pdfDownload databehandleravtale_bilag_2020. docxDownload databehandleravtale_sjekkliste_databehandleravtale_gdpr. pdfDownload databehandleravtale_sjekkliste_databehandleravtale_gdpr. docxDownload Original Documents The original documents are available on The Norwegian Digitalisation Agency's webpages. --- - Published: 2020-03-05 - Modified: 2020-04-16 - URL: https://improbus.com/documents/ssa/ The State Standard Agreements Improbus use The State Standard Agreements (SSA), which are contract templates for the purchase of IT and consulting services. The agreements consist of general contract text with appendices. You will find a link to all the agreements in Norwegian (Bokmål) and English, using the respective sub-menus under 'Documents'. The following agreements and contracts are available The Ongoing Purchases of Services Agreement (SSA-L). The Assistance Agreements (SSA-B and SSA-B simplified). The Operational Services Agreement (SSA-D). The Purchase Agreement (SSA-K). The Research and Development Agreement (SSA-O). The Framework Agreement (SSA-R). The Agile Software Development Agreement (SSA-S). The Development and Customisation Agreement (SSA-T). The Maintenance Agreement (SSA-V). The Data Processing Agreement and Checklist. --- - Published: 2020-03-02 - Modified: 2023-04-20 - URL: https://improbus.com/about/ Improbus is a modern and efficient organization with an extensive network of international contacts. We possess a breadth of expertise within most security fields and focus on information-, communication- and cyber-security. We also have expertise and partners within a variety of specialized fields, including cryptography, physical security, bodyguard services, legal services, private investigation, forensics, and more. We currently work mostly with digital forensics and incident response (DFIR), evidence securement, information gathering, documentation, and reporting in connection with financial crime and corruption, as well as teaching and consulting in this field. Improbus takes on governmental, corporate, NFPs/NPOs/NGOs, and private clients. All client relationships are confidential. Do you want to know more? Please contact us. --- - Published: 2020-03-02 - Modified: 2020-04-16 - URL: https://improbus.com/products/ List of some of our legacy products which are still active / in use today. For more information about these products please contact us. IMPROBUS FW FreeBSD-based firewall. Designed to provide secure access for branch offices, secure remote management services and open the possibility for outsourcing of firewall management, operation and maintenance. IMPROBUS PXY Customized proxy. Possibility for real-time web-washing; removes banners, commercials, pop-ups and other annoying and unwanted data. Can limit access to only allowing job-related content / webpages. Support for ordinary, reverse and transparent proxying. IMPROBUS VPN Customized, proprietary VPN-solution, with heavy encryption (8192 bits+). Handles IPv4 and IPv6-based protocols. IMPROBUS PXY Customized proxy. Possibility for real-time web-washing; removes banners, commercials, pop-ups and other annoying and unwanted data. Can limit access to only allowing job-related content / webpages. Support for ordinary, reverse and transparent proxying. IMPROBUS VPN Customized, proprietary VPN-solution, with heavy encryption (8192 bits+). Handles IPv4 and IPv6-based protocols. IMPROBUS IDS Intrusion detection system based on FreeBSD. Created to detect security-related network-traffic anomalies, without being discovered by a network-device or a gateway. IMPROBUS MX Complex Mail eXchanger. Provides rapid and precise mail delivery; supports several delivery methods, extensive logging and statistics, and powerful, fast and effective spam & virus elimination. --- - Published: 2020-03-02 - Modified: 2020-04-16 - URL: https://improbus.com/services/ Hinc robur et securitas“Herefore strength and safety” Improbus provides general consultancy services within several technology fields. Below, we have mentioned some of our areas of expertise. The list is not extensive, nor complete in any way. If you want to find out whether we can provide services for your specific needs or not, please do not hesitate to contact us. Counseling Counseling to Law Firms. Counseling to Law Enforcement Agencies. Counseling to the Courts (Expert Witness). Evidence Securement, Collection & Retrieval. Documentation & Reporting. Consultancy Data Recovery Services. Security Audit Services. Information Security Services. Personal Security / Privacy Services. Communications Security Services. Firewall / Intrusion Detection / Intrusion Prevention Services. Mail / MX / Spam Prevention Services. Search Engine Optimization. Enterprise Services Enterprise Data Center Operation and Maintenance. Enterprise Communication Platform Operation. --- - Published: 2020-03-02 - Modified: 2020-04-16 - URL: https://improbus.com/services/consultancy/ Consultancy Services Data Recovery Services. Security Audit Services. Information Security Services. Personal Security / Privacy Services. Communications Security Services. Firewall / Intrusion Detection / Intrusion Prevention Services. Mail / MX / Spam Prevention Services. Search Engine Optimization. --- - Published: 2020-02-29 - Modified: 2024-02-26 - URL: https://improbus.com/ Security is always excessiveuntil it's not enough. Robbie Sinclair Got a security problem? Suspect embezzlement, corruption, or fraud? Are you worried that your organization, employees, network, telecom, or computer systems might be compromised in any way? Are you experiencing some kind of IT-related incident; unexplainable system behavior, security breach, ransomware, or similar? Are you concerned about potential legal ramifications stemming from an incident or situation involving your organization? We know security. We understand telecom and computer systems. We gather and organize information, analyze data, identify intricate patterns, interpret the output, and present the results to you. We understand you. We understand your business. We have the knowledge, resources, andnetwork to alleviate your challenges. We can help. CONTACT US --- - Published: 2020-02-29 - Modified: 2024-12-18 - URL: https://improbus.com/privacy-policy/ Who we are Our website address is https://improbus. com/. What personal data we collect and why we collect it Comments When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic. com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment. Media If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website. Cookies If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year. If you visit our login page, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser. When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select "Remember Me", your login will persist for two weeks. If you log out of your account, the login cookies will be removed. If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day. Embedded content from other websites Articles on this site may include embedded content (e. g. videos, images, articles, etc. ). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracking your interaction with the embedded content if you have an account and are logged in to that website. How long we retain your data If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognize and approve any follow-up comments automatically instead of holding them in a moderation queue. For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information. What rights you have over your data If you have an account on this site or have left comments, you can request to receive an exported file of the personal data we hold about you, including any data you have provided to us. You can also request that we erase any personal data we hold about you. This does not include any data we are obliged to keep for administrative, legal, or security purposes. Where we send your data Visitor comments may be checked through an automated spam detection service. Compliance We strive to maintain the highest level of compliance with recommendations, standards, regulations and legislation that apply within our fields of expertise. Although not all regulations apply to companies like ours, we still comply with relevant and current criteria from the following regulations: General Data Protection Regulation (GDPR): Regulation (EU) 2016/679. NIS Directive (Directive on Security of Network and Information Systems): Directive (EU) 2016/1148. NIS2 Directive: Directive (EU) 2022/2555. EU Cybersecurity Act: Regulation (EU) 2019/881. Cyber Resilience Act: Regulation (EU) 2024/2847. Digital Operational Resilience Act (DORA): Regulation (EU) 2022/2554. eIDAS Regulation: Regulation (EU) No 910/2014. Payment Services Directive 2 (PSD2): Directive (EU) 2015/2366. Digital Services Act (DSA): Regulation (EU) 2022/2065. Digital Markets Act (DMA): Regulation (EU) 2022/1925. Data Governance Act: Regulation (EU) 2022/868. Data Act: Proposal (EU), entered into force on 11th of January 2024, and will apply from September 2025. Contact information For our contact information, please click the contact link in the menu. --- - Published: 2020-02-29 - Modified: 2024-02-26 - URL: https://improbus.com/contact/ If you know what you're looking for,you've already found it. RoboDoc If you want to contact us, please do not hesitate to send us an email, Telegram / IM / SMS / iMessage, or give us a call. Improbus - General inquiries:Email: contact@improbus. comPhone: +47 - 94 10 20 30Telegram: @impsec (preferred) Improbus - Other inquiries:Email - Data Protection Officer: dpo@improbus. comEmail - Billing: billing@improbus. comEmail - Collections: collections@improbus. com We also facilitate connections with law firms and provide technological expertise concerning legal matters. We prefer electronic communication and can provide PGP/GPG keys upon request. If you are unable to contact us via Telegram, email, or phone, you can send us a message using our online contact form, by clicking the link below. CONTACT FORM --- - Published: 2019-01-07 - Modified: 2023-05-27 - URL: https://improbus.com/documents/immediate-action-agreements-and-conclusive-actions/ In certain situations, work must be started before the client and supplier enter into a written contract. This applies particularly to cases where time is of the essence («immediate action agreements») or where scope or assignment descriptions are unclear at the time of commencement. In cases of incident management or certain advisory services that lack prior contracts, such as contingency agreements, incident response retainers, or similar; conclusive conduct will be perceived as an acceptance of the terms, conditions, and rates stated on our home page. In the lack of a prior written agreement, conclusive actions apply. A conclusive action refers to a legal principle that allows parties to infer the existence of an agreement based on the conduct or actions of the parties involved, even in the absence of a formal written or explicit agreement. It is also known as «conclusive evidence of an agreement» or «conclusive conduct». Further reading When an agreement is missing or not properly documented, the courts may rely on the concept of conclusive action to determine the existence and terms of the agreement. The principle suggests that if the parties' conduct or actions demonstrate a consistent pattern of behavior that implies mutual understanding and agreement, it can be treated as conclusive evidence of their intentions. For example, suppose two parties have consistently engaged in business transactions, exchanging goods or services and making payments according to a certain pattern over an extended period. In that case, the courts may infer the existence of an agreement, even if there is no formal written contract. Conclusive actions can include: Conduct and behavior: The consistent behavior and conduct of the parties involved, such as regular performance of obligations, payments, or other actions in line with a specific arrangement, can be considered conclusive evidence of an agreement. Industry norms and practices: If customary practices or industry norms govern a particular type of agreement, the parties’ adherence to these practices can be seen as conclusive evidence of their agreement to be bound by those norms. Previous course of dealing: If the parties have a history of past transactions or interactions that indicate a consistent pattern of behavior, the courts may consider it as conclusive evidence of an agreement between them. It's important to note that conclusive action is a legal principle that varies across jurisdictions, and its application depends on the specific circumstances and evidence presented in each case. Consulting with a legal professional familiar with the laws of the relevant jurisdiction is crucial when dealing with missing agreements or disputes related to the existence of an agreement, verbal, written, or other. Hordaland district court, Norway is the company's governing law and jurisdiction. --- - Published: 2018-12-12 - Modified: 2025-06-10 - URL: https://improbus.com/consent-disclaimer/ No form of consent shall be deemed to have been granted by Improbus AS or any of its subsidiaries unless explicitly confirmed in writing by an authorized signatory of the company. Under no circumstances shall opt-out consent, implied consent, or silent consent be considered valid, binding, or enforceable against the company. --- --- ## Posts - Published: 2023-10-04 - Modified: 2023-10-04 - URL: https://improbus.com/2023/10/04/the-icrc-issues-rules-of-engagement-to-hacktivists-after-chaos/ - Categories: Communication, CyberSecurity, Media, News, Safety, Security - Tags: CyberSecurity, ICRC, IHL, IHR, Media, Red Cross, RedCross The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts. The International Committee of the Red Cross (ICRC) has, for the first time, published rules of engagement for civilian hackers involved in conflicts. The organisation warns unprecedented numbers of people are joining patriotic cyber-gangs since the Ukraine invasion. The eight rules include bans on attacks on hospitals, hacking tools that spread uncontrollably and threats that engender terror among civilians. But some cyber-gangs have told BBC News they plan to ignore them. Spreading globally The ICRC, responsible for overseeing and monitoring the rules of war, is sending the new rules to hacking groups particularly involved in the Ukraine war. It is also warning hackers their actions can endanger lives, including their own if deemed to make them a legitimate military target. Patriotic hacking has risen over the past decade. The ICRC statement highlights pro-Syrian cyber-attacks on Western news media in 2013. But the worrying trend, accelerated by the Russia-Ukraine conflict, is now spreading globally, ICRC legal adviser Dr Tilman Rodenhäuser says. "Some experts consider civilian hacking activity as 'cyber-vigilantism' and argue that their operations are technically not sophisticated and unlikely to cause significant effects," he says. "However, some of the groups we're seeing on both sides are large and these 'armies' have disrupted... banks, companies, pharmacies, hospitals, railway networks and civilian government services. " Based on international humanitarian law, the rules are: Do not direct cyber-attacks against civilian objects. Do not use malware or other tools or techniques that spread automatically and damage military objectives and civilian objects indiscriminately. When planning a cyber-attack against a military objective, do everything feasible to avoid or minimise the effects your operation may have on civilians. Do not conduct any cyber-operation against medical and humanitarian facilities. Do not conduct any cyber-attack against objects indispensable to the survival of the population or that can release dangerous forces. Do not make threats of violence to spread terror among the civilian population. Do not incite violations of international humanitarian law. Comply with these rules even if the enemy does not. The ICRC is also imploring governments to restrain hacking and enforce existing laws. The Ukraine conflict has blurred the boundaries between civilian and military hacking, with civilian groups such as the IT Army of Ukraine being set up and encouraged by the government to attack Russian targets. The IT Army of Ukraine, which has 160,000 members on its Telegram channel, also targets public services such as railway systems and banks. Its spokesman told BBC News it had not decided whether to implement the ICRC rules. The group has already banned attacks on healthcare targets - but said the wider civilian impact was unavoidable. "Adhering to the rules can place one party at a disadvantage," the spokesman added. Large groups in Russia have similarly attacked Ukraine and allied countries - including disruptive but temporary attacks, such as knocking websites offline, on hospitals. BBC Contact Killnet's leader, "Killmilk", plans to ignore the rules. "Why should I listen to the Red Cross? " a representative of Killnet, which has 90,000 supporters on its Telegram channel, asked BBC News. Pro-Russian groups are accused of working directly for, or in conjunction, with the Kremlin. But Killnet strongly denies this. Meanwhile, a representative of Anonymous Sudan, which in recent months has begun attacking technology companies and government services it says are critical of Sudan or Islam, told BBC News the new rules were "not viable and that breaking them for the group's cause is unavoidable". And a high-profile member of the Anonymous collective told BBC News it had "always operated based on several principles, including rules cited by the ICRC" but had now lost faith in the organisation and would not be following its new rules. Source: BBC News. Recommended reading: ICRC on CyberWarfare and International Humanitarian Law (IHL). --- - Published: 2023-01-01 - Modified: 2023-05-26 - URL: https://improbus.com/2023/01/01/5-effective-technical-cybersecurity-measures/ - Categories: Communication, Information, Security, Technology - Tags: Communication, CyberSecurity, Information, Prevention, Security, Technology The most common attacks are carried out with malicious software targeting employees' computers and by guessing simple passwords. The most common attacks are carried out with malicious software targeting employees' computers and by guessing simple passwords. Most of these attacks can be technically stopped, even if employees were to click on malicious software. Here are five effective technical measures system owners should use to protect their systems against internet-related data attacks: Install security updates as soon as possible, possibly as an automatic (but monitored) process. Do not grant administrator or power-user privileges to end-users. Do not permit the use of weak passwords, and enforce the use of multifactor or passwordless authentication methods where possible. Remove technical debt; phase out older ICT products. Only permit the use and installation of software approved by the organization or device vendor. --- - Published: 2020-11-22 - Modified: 2020-11-22 - URL: https://improbus.com/2020/11/22/improbus-help-businesses-conduct-secure-voting-polls-and-surveys/ - Categories: Communication, Information, Security - Tags: Businesses, Credible, Efficient, Improbus, Organizations, Polls, Secure, Surveys, Trustworthy, Voting Improbus help businesses conduct secure voting, polls, and surveys In connection with state COVID-19 restrictions, many general meetings and board meetings must be held digitally to reduce the risk of infection. For many businesses, this poses challenges, particularly related to the correct conduct of surveys, polls, and voting. Improbus has, on behalf of clients, built a system for efficient, secure, and anonymous conduct of surveys, polls and, voting, with credible results. --- - Published: 2020-03-25 - Modified: 2020-03-26 - URL: https://improbus.com/2020/03/25/additional-measures-implemented-due-to-the-covid-19-pandemic/ - Categories: Health, News, Safety, Security - Tags: Corona, Coronavirus, COVID-19, COVID19, Disease, HDIR, Helsedir, Helsedirektoratet, Improbus, Pandemic, Quarantine, Safety, SARS, SARS-CoV-2, Security, Virus, WHO Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has suspended all travel activity until further notice. The travel- and meeting-restrictions were originally scheduled to apply from 2020-03-13 to 2020-03-26, but the Norwegian government has now extended this ban to apply until 2020-04-16. None of Improbus's employees are infected by the Coronavirus (SARS-CoV-2). Nevertheless, we continue to comply with advice from both the WHO and the Norwegian authorities. All scheduled meetings will be held as planned - but electronically - via instant messaging Telegram (chat) or encrypted VoIP. For urgent questions or emergencies, Improbus technicians will remain available via SMS and phone at +47-94102030. Non-urgent and non-sensitive matters should be communicated using email. Electronic communication using Telegram is preferred. For more information about the Coronavirus (SARS-CoV-2) and the Coronavirus Disease 2019 (COVID-19), please see WHO's webpages (English), Helsenorge (Norwegian), or the Norwegian Government's homepage (“Regjeringen”) in Norwegian or English. --- - Published: 2020-03-20 - Modified: 2020-09-05 - URL: https://improbus.com/2020/03/20/security-breach-disrupts-fintech-firm-finastra/ - Categories: Media, Syndicated - Tags: Ako, Breach, Coronavirus, COVID-19, Disruption, DoppelPaymer, Finastra, Fintech, KrebsOnSecurity, London, Maze, PwndLocker, RansomWare, REvil, Ryuk, SecurityBreach, Sodinokibi, UK, Virus Finastra, a company that provides a range of technology solutions to banks worldwide, said today it was shutting down key systems in response to a security breach discovered this morning. The company’s public statement and notice to customers does not mention the cause of the outage, but their response so far is straight out of the playbook for dealing with ransomware attacks. London-based Finastra has offices in 42 countries and reported more than $2 billion in revenues last year. The company employs more than 10,000 people and has over 9,000 customers across 130 countries — including nearly all of the top 50 banks globally. Earlier today, sources at two different U. S. financial institutions forwarded a notice they received from Finastra saying the outage was expected to disrupt certain services, particularly for clients in North America. “We wish to inform our valued customers that we are investigating a potential security breach. At 3:00 a. m. EST on March 20, 2020, we were alerted to anomalous activity on our network which risked the integrity of our data-centers,” reads the notice. “As such, and to protect our customers, we have taken quick and strict remedial action to contain and isolate the incident, while we investigate further. ” Update, 22:21 CET: Finastra has acknowledged that it is battling ransomware. “At this time, we strongly believe that the incident was the result of a ransomware attack and do not have any evidence that customer or employee data was accessed or exfiltrated, nor do we believe our clients’ networks were impacted,” the company said in a revised statement. The statement continues: “Our approach has been to temporarily disconnect from the internet the affected servers, both in the USA and elsewhere, while we work closely with our cybersecurity experts to inspect and ensure the integrity of each server in turn. Using this ‘isolation, investigation and containment’ approach will allow us to bring the servers back online as quickly as possible, with minimum disruption to service, however we are anticipating some disruption to certain services, particularly in North America, whilst we undertake this task. Our priority is ensuring the integrity of the servers before we bring them back online and protecting our customers and their data at this time. ” Finastra also acknowledged an incident via a notice on its Web site that offers somewhat less information and refers to the incident merely as the detection of anomalous activity. “The Finastra risk and security services team has detected anomalous activity on our systems,” wrote Tom Kilroy, Finastra’s chief operating officer. “In order to safeguard our customers and employees, we have made the decision to take a number of our servers offline while we investigate. This, of course, has an impact on some of our customers and we are in touch directly with those who may be affected. ” Once considered by many to be isolated extortion attacks, ransomware infestations have become de facto data breaches for victim companies. That’s because some of the more active ransomware gangs have taken to downloading reams of data from targets before launching the ransomware inside their systems. Some or all of this data is then published on victim-shaming sites set up by the ransomware gangs as a way to strongarm victim companies into paying up. One reader on Twitter told KrebsOnSecurity they’d heard Finastra had sent thousands of employees home today as a result of the security breach. Finastra told this author the company closed select offices in Canada and Paddington, London today where employees were unable to access the servers which they took offline. “The majority of the Company’s employees are already working from home,” a statement shared by Finastra reads. “This is determined by Finastra’s response to COVID-19 and not related in any way to this incident. ” Interestingly, several ransomware gangs have apparently stated that they are observing a kind of moratorium on attacking hospitals and other healthcare centers while the COVID-19/Coronavirus epidemic rages on. Bleeping Computer’s Lawrence Abrams said he recently reached out to the operators of the Maze, DoppelPaymer, Ryuk, Sodinokibi/REvil, PwndLocker, and Ako Ransomware infections to ask if they would continue targeting health and medical organizations during the outbreak. Abrams said several of those gangs told him they would indeed stop attacking healthcare providers for the time being. One gang even used its victim-shaming Web site to post a “press release” on Mar. 18 stated that “due to situation with incoming global economy crisis and virus pandemic” it would be offering discounts to victims of their ransomware. “We also stop all activity versus all kinds of medical organizations until the stabilization of the situation with virus,” reads the release from the Maze ransomware gang. Source: KrebsOnSecurity. --- - Published: 2020-03-20 - Modified: 2022-10-14 - URL: https://improbus.com/2020/03/20/zyxel-flaw-powers-new-mirai-iot-botnet-strain/ - Categories: Media, Security, Syndicated - Tags: DDoS, DoS, IoT, KrebsOnSecurity, Malware, Mirai, Mukashi, NAS, VPN, ZyXEL In February, hardware maker Zyxel fixed a zero-day vulnerability in its routers and VPN firewall products after KrebsOnSecurity told the company the flaw was being abused by attackers to break into devices. This week, security researchers said they spotted that same vulnerability being exploited by a new variant of Mirai, a malware strain that targets vulnerable Internet of Things (IoT) devices for use in large-scale attacks and as proxies for other cybercrime activity. Security experts at Palo Alto Networks said Thursday their sensors detected the new Mirai variant — dubbed Mukashi — on Mar. 12. The new Mirai strain targets CVE-2020-9054, a critical flaw that exists in many VPN firewalls and network attached storage (NAS) devices made by Taiwanese vendor Zyxel Communication Corp. , which boasts some 100 million devices deployed worldwide. Like other Mirai variants, Mukashi constantly scans the Internet for vulnerable IoT devices like security cameras and digital video recorders (DVRs), looking for a range of machines protected only by factory-default credentials or commonly-picked passwords. Palo Alto said IoT systems infected by Mukashi then report back to a control server, which can be used to disseminate new instructions — such as downloading additional software or launching distributed denial of service (DDoS) attacks. Zyxel issued a patch for the flaw on Feb. 24, but the update did not fix the problem on many older Zyxel devices which are no longer being supported by the company. For those devices, Zyxel’s advice was not to leave them connected to the Internet. A joint advisory on CVE-2020-9054 from the U. S. Department of Homeland Security and the CERT Coordination Center rates this vulnerability at a “10” — the most severe kind of flaw. The DHS/CERT advisory also includes sample code to test if a Zyxel product is vulnerable to the flaw. My advice? If you can’t patch it, pitch it, as Mukashi is not the only thing interested in this Zyxel bug: Recent activity suggests attackers known for deploying ransomware have been actively working to test it for use against targets. Source: KrebsOnSecurity. --- - Published: 2020-03-20 - Modified: 2020-03-26 - URL: https://improbus.com/2020/03/20/successful-recovery-of-stolen-domain-names/ - Categories: News, Security - Tags: AUTH, AUTHINFO, DNS, Domain, Hijacking, Names, Theft, TLD, Transfer Improbus facilitated today the safe return and recovery of stolen domain names. Two competing companies were domain name holders of domain names associated with each other's businesses. In connection with maintenance on the domain name services on behalf of Company A, it was discovered that one of the domain names had been illegally transferred from ISP A to ISP B, then deleted by the registry and re-registered by the registrar within milliseconds. This action led to the unauthorized and illegal transfer of domain name ownership from Company A to Company B. The domain name hijacking and subsequent domain name theft were made possible by means of ID theft. Information on the method used was obtained and extensively documented by Improbus, and the persons and companies involved were confronted. Instead of a judicial process, an amicable agreement was entered into between the parties - after mediation by Improbus: Assuming that Company B transfer domain names that were affiliated and associated with Company A - Company A would in return refrain from reporting criminal offenses (i. e. , theft of domain names) to the police, as well as permit the legal transfer one of its domain names to Company B. In this way, the normal situation was restored in an efficient, peaceful and amicable manner - without involving the prosecution authorities or the justice system. Improbus' handling of the incident led to a happy outcome for both parties. --- - Published: 2020-03-12 - Modified: 2020-03-21 - URL: https://improbus.com/2020/03/12/live-coronavirus-map-used-to-spread-malware/ - Categories: Media, Syndicated - Tags: Coronavirus, COVID-19, CyberCrooks, Fear, KrebsOnSecurity, Malware, Pandemic Cybercriminals constantly latch on to news items that captivate the public’s attention, but usually they do so by sensationalizing the topic or spreading misinformation about it. Recently, however, cybercrooks have started disseminating real-time, accurate information about global infection rates tied to the Coronavirus/COVID-19 pandemic in a bid to infect computers with malicious software. In one scheme, an interactive dashboard of Coronavirus infections and deaths produced by Johns Hopkins University is being used in malicious Web sites (and possibly spam emails) to spread password-stealing malware. Late last month, a member of several Russian language cybercrime forums began selling a digital Coronavirus infection kit that uses the Hopkins interactive map as part of a Java-based malware deployment scheme.  The kit costs $200 if the buyer already has a Java code signing certificate, and $700 if the buyer wishes to just use the seller’s certificate. “It loads fully working online map of Corona Virus infected areas and other data,” the seller explains. “Map is resizable, interactive, and has real time data from World Health Organization and other sources. Users will think that PreLoader is actually a map, so they will open it and will spread it to their friends and it goes viral! ” The sales thread claims the customer’s payload can be bundled with the Java-based map into a filename that most Webmail providers allow in sent messages. The seller claims in a demonstration video that Gmail also allows it, but the video shows Gmail still warns recipients that downloading the specific file type in question (obscured in the video) can be harmful. The seller says the user/victim has to have Java installed for the map and exploit to work, but that it will work even on fully patched versions of Java. “Loader loads . jar files which has real working interactive Coronavirus realtime data map and a payload (can be a separate loader),” the seller said in the video. “Loader can predownload only map and payload will be loaded after the map is launched to show map faster to users. Or vice versa payload can be predownloaded and launched first. ” It’s unclear how many takers this seller has had, but earlier this week security experts began warning of new malicious Web sites being stood up that used interactive versions of the same map to distract visitors while the sites tried to foist the password-stealing AZORult malware. As long as this pandemic remains front-page news, malware purveyors will continue to use it as lures to snare the unwary. Keep your guard up, and avoid opening attachments sent unbidden in emails — even if they appear to come from someone you know. A tip of the hat to @holdsecurity for a heads up about this malware offering. Source: KrebsOnSecurity. --- - Published: 2020-03-11 - Modified: 2020-03-21 - URL: https://improbus.com/2020/03/11/microsoft-patch-tuesday-march-2020-edition/ - Categories: Media, Syndicated Microsoft Corp. today released updates to plug more than 100 security holes in its various Windows operating systems and associated software. If you (ab)use Windows, please take a moment to read this post, backup your system(s), and patch your PCs. All told, this patch batch addresses at least 115 security flaws. Twenty-six of those earned Microsoft’s most-dire “critical” rating, meaning malware or miscreants could exploit them to gain complete, remote control over vulnerable computers without any help from users. Given the sheer number of fixes, mercifully there are no zero-day bugs to address, nor were any of them detailed publicly prior to today. Also, there were no security patches released by Adobe today. But there are a few eyebrow-raising Windows vulnerabilities worthy of attention. Recorded Future warns exploit code is now available for one of the critical bugs Redmond patched last month in Microsoft Exchange (CVE-2020-0688), and that nation state actors have been observed abusing the exploit for targeted attacks. One flaw fixed this month in Microsoft Word (CVE-2020-0852) could be exploited to execute malicious code on a Windows system just by getting the user to load an email containing a booby-trapped document in the Microsoft Outlook preview pane. CVE-2020-0852 is one just four remote execution flaws Microsoft patched this month in versions of Word. One somewhat ironic weakness fixed today (CVE-2020-0872) resides in a new component Microsoft debuted this year called Application Inspector, a source code analyzer designed to help Windows developers identify “interesting” or risky features in open source software (such as the use of cryptography, connections made to a remote entity, etc). Microsoft said this flaw can be exploited if a user runs Application Inspector on a hacked or booby-trapped program. Whoops. Animesh Jain from security vendor Qualys says this patch should be prioritized, despite being labeled as less severe (“important” versus “critical”) by Microsoft. For enterprises, Qualys recommends prioritizing the patching of desktop endpoints over servers this month, noting that most of the other critical bugs patched today are prevalent on workstation-type devices. Those include a number of flaws that can be exploited simply by convincing a Windows user to browse to a malicious or hacked Web site. While many of the vulnerabilities fixed in today’s patch batch affect Windows 7 operating systems, this OS is no longer being supported with security updates (unless you’re an enterprise taking advantage of Microsoft’s paid extended security updates program, which is available to Windows 7 Professional and Windows 7 enterprise users). If you rely on Windows 7 for day-to-day use, it’s probably time to think about upgrading to something newer. That might be a computer with Windows 10. Or maybe you have always wanted that shiny MacOS computer. If cost is a primary motivator and the user you have in mind doesn’t do much with the system other than browsing the Web, perhaps a Chromebook or an older machine with a recent version of Linux is the answer (Ubuntu may be easiest for non-Linux natives). Whichever system you choose, it’s important to pick one that fits the owner’s needs and provides security updates on an ongoing basis. Keep in mind that while staying up-to-date on Windows patches is a must, it’s important to make sure you’re updating only after you’ve backed up your important data and files. A reliable backup means you’re not losing your mind when the odd buggy patch causes problems booting the system. So do yourself a favor and backup your files before installing any patches. Windows 10 even has some built-in tools to help you do that, either on a per-file/folder basis or by making a complete and bootable copy of your hard drive all at once. As always, if you experience glitches or problems installing any of these patches this month, please consider leaving a comment about it below; there’s a better-than-even chance other readers have experienced the same and may chime in here with some helpful tips. Also, keep an eye on the AskWoody blog from Woody Leonhard, who keeps a close eye on buggy Microsoft updates each month. Update, 7:50 p. m. : Microsoft has released an advisory about a remote code execution vulnerability in the way that the Microsoft Server Message Block 3. 1. 1 (SMBv3) protocol handles certain requests. Critical SMB (Windows file-sharing) flaws are dangerous because they are typically “wormable,” in that they can spread rapidly to vulnerable systems across an internal network with little to no human interaction. “To exploit the vulnerability against an SMB Server, an unauthenticated attacker could send a specially crafted packet to a targeted SMBv3 Server,” Microsoft warned. “To exploit the vulnerability against an SMB Client, an unauthenticated attacker would need to configure a malicious SMBv3 Server and convince a user to connect to it. ” Microsoft’s advisory says the flaw is neither publicly disclosed nor exploited at the moment. It includes a workaround to mitigate the flaw in file-sharing servers, but says the workaround does not prevent the exploitation of clients. Source: KrebsOnSecurity. --- - Published: 2020-03-08 - Modified: 2020-03-26 - URL: https://improbus.com/2020/03/08/measures-implemented-due-to-the-covid-19-pandemic/ - Categories: Health, News, Safety, Security - Tags: Corona, Coronavirus, COVID-19, COVID19, Disease, HDIR, Helsedir, Helsedirektoratet, Improbus, Pandemic, Quarantine, Safety, SARS, SARS-CoV-2, Security, Virus, WHO Due to the Coronavirus Disease 2019 (COVID-19) pandemic and the following travel restrictions enforced by the Norwegian authorities; Improbus has suspended all travel activity until further notice. None of Improbus's employees are infected by the Coronavirus (SARS-CoV-2). Nevertheless, we comply with advice from both the WHO and the Norwegian authorities, which recommend reduced travel- and face-to-face meeting-activities. However; all scheduled meetings will be held as planned - but electronically - via instant messaging Telegram (chat) or encrypted VoIP. For urgent questions or emergencies, Improbus technicians will remain available via SMS and phone at +47-94102030. Non-urgent and non-sensitive matters should be communicated using email. Electronic communication using Telegram is preferred. For more information about the Coronavirus (SARS-CoV-2) and the Coronavirus Disease 2019 (COVID-19), please see WHO's webpages (English) or Helsenorge (Norwegian). --- - Published: 2020-03-02 - Modified: 2020-03-26 - URL: https://improbus.com/2020/03/02/man-convicted-of-extensive-data-breach/ - Categories: Media, News, Security - Tags: Bergen, Bergen District Court, Court, Justice, Norway, Norwegian Public Roads Administration, SVV, VD, Vegdirektoratet, Veidirektoratet Man convicted of "extensive data breach" in Bergen District Court Article from Digi / BT / NTB A 30-year-old man in Bergen District Court has been sentenced to 14 days suspended prison for data breach by the Norwegian Public Roads Administration. The man says he wanted to develop an app. In addition to the conditional prison sentence, the foreign man living in Bergen is sentenced to give up two hard drives and one SSD disk, writes Bergens Tidende. The defendant wanted to develop an app that would allow contact with the owner of a motor vehicle without exchanging personal information, according to the judgment. The man extracted information about Norwegian car owners from the Roads Administration's website, but this went beyond what the Norwegian Public Roads Administration intended to offer of information through the service. Therefore, he is convicted of violation of section 207 of the Penal Code for burglary in computer systems. The defendant understood that this was not how the service should be used, the court believes. But the court also states that the information he obtained was legally obtained through a request for access. The man's defender, attorney Alexander Gonzalo Sele, says he and the client will go through the verdict and consider whether to appeal. - We believe the judgment raises fundamental questions about what can be characterized as a data breach. He has retrieved information that was publicly available and that one could also find using a regular telephone directory, Sele says, pointing out that the client did not get any sensitive information. © NTB Source: digi. no (Article in Norwegian) Improbus' comments The verdict (case number TBERG-2019-141281) is available online, in Norwegian (check Google Translate for an OK English translation). According to the accusation (and verdict), the accused accessed publicly available web resources served by the Norwegian Public Roads Administration. The accused then opened several browser tabs, and changed the individual URLs slightly, to see if the different http requests yielded individual, but still relevant results. The accused allegedly then proceeded to collect the output of the respective web outputs provided by the site; storing them in a local database; one record for each http request. Bergen District Court has ruled that even though the information gained and stored was already publicly available, nor did any damage or presented the server with a significant load of any kind - the action is still to be perceived as illegal. Since the information from the Norwegian Public Roads Administration's web site already was publicly available, it is obvious to think that this system behavior was intentional. It is obvious to Improbus that what has been explained as misuse of a minor design flaw, has not been misused for evil purposes at all, but rather as a means for retrieving public data in an efficient, easy and convenient way. If the data had been private or sensitive, the situation would have been quite different - maybe not technically or juridically, but at least ethically and morally. It is sad to see that neither the courts nor the police able to keep up with current knowledge about the common usage of information systems. If this really is a criminal act, it is nonetheless a victimless one. --- - Published: 2020-02-28 - Modified: 2020-03-21 - URL: https://improbus.com/2020/02/28/fcc-proposes-to-fine-wireless-carriers-200m-for-selling-customer-location-data/ - Categories: Media, Syndicated - Tags: AT&T, Carrier, Carriers, Commission, Communications, Customer, Data, FCC, Federal, Fine, Location, LocationData, T-Mobile, Verizon, Wireless The U. S. Federal Communications Commission (FCC) today proposed fines of more than $200 million against the nation’s four largest wireless carriers for selling access to their customers’ location information without taking adequate precautions to prevent unauthorized access to that data. While the fines would be among the largest the FCC has ever levied, critics say the penalties don’t go far enough to deter wireless carriers from continuing to sell customer location data. The FCC proposed fining T-Mobile $91 million; AT&T faces more than $57 million in fines; Verizon is looking at more than $48 million in penalties; and the FCC said Sprint should pay more than $12 million. An FCC statement (PDF) said “the size of the proposed fines for the four wireless carriers differs based on the length of time each carrier apparently continued to sell access to its customer location information without reasonable safeguards and the number of entities to which each carrier continued to sell such access. ” The fines are only “proposed” at this point because the carriers still have an opportunity to respond to the commission and contest the figures. The Wall Street Journal first reported earlier this week that the FCC was considering the fines. The commission said it took action in response to a May 2018 story broken by The New York Times, which exposed how a company called Securus Technologies had been selling location data on customers of virtually any major mobile provider to law enforcement officials. That same month, KrebsOnSecurity broke the news that LocationSmart — a data aggregation firm working with the major wireless carriers — had a free, unsecured demo of its service online that anyone could abuse to find the near-exact location of virtually any mobile phone in North America. In response, the carriers promised to “wind down” location data sharing agreements with third-party companies. But in 2019, Joseph Cox at Vice. com showed that little had changed, detailing how he was able to locate a test phone after paying $300 to a bounty hunter who simply bought the data through a little-known third-party service. Gigi Sohn is a fellow at the Georgetown Law Institute for Technology Law and Policy and a former senior adviser to former FCC Chair Tom Wheeler in 2015. Sohn said this debacle underscores the importance of having strong consumer privacy protections. “The importance of having rules that protect consumers before they are harmed cannot be overstated,” Sohn said. “In 2016, the Wheeler FCC adopted rules that would have prevented most mobile phone users from suffering this gross violation of privacy and security. But Chairman Pai and his friends in Congress eliminated those rules, because allegedly the burden on mobile wireless providers and their fixed broadband brethren would be too great. Clearly, they did not think for one minute about the harm that could befall consumers in the absence of strong privacy protections. ” Sen. Ron Wyden (D-Ore. ), a longtime critic of the FCC’s inaction on wireless location data sharing, likewise called for more stringent consumer privacy laws, calling the proposed punishment “comically inadequate fines that won’t stop phone companies from abusing Americans’ privacy the next time they can make a quick buck. ” “Time and again, from Facebook to Equifax, massive companies take reckless disregard for Americans’ personal information, knowing they can write off comparatively tiny fines as the cost of doing business,” Wyden said in a written statement. “The only way to truly protect Americans’ personal information is to pass strong privacy legislation like my Mind Your Own Business Act to put teeth into privacy laws and hold CEOs personally responsible for lying about protecting Americans’ privacy. ” Source: KrebsOnSecurity. --- - Published: 2020-02-26 - Modified: 2020-03-21 - URL: https://improbus.com/2020/02/26/zyxel-0day-affects-its-firewall-products-too/ - Categories: Media, Syndicated - Tags: FirmWare, KrebsOnSecurity, NAS, RansomWare, Vulnerabilities, ZyXEL On Monday, networking hardware maker Zyxel released security updates to plug a critical security hole in its network attached storage (NAS) devices that is being actively exploited by crooks who specialize in deploying ransomware. Today, Zyxel acknowledged the same flaw is present in many of its firewall products. This week’s story on the Zyxel patch was prompted by the discovery that exploit code for attacking the flaw was being sold in the cybercrime underground for $20,000. Alex Holden, the security expert who first spotted the code for sale, said at the time the vulnerability was so “stupid” and easy to exploit that he wouldn’t be surprised to find other Zyxel products were similarly affected. Now it appears Holden’s hunch was dead-on. “We’ve now completed the investigation of all Zyxel products and found that firewall products running specific firmware versions are also vulnerable,” Zyxel wrote in an email to KrebsOnSecurity. “Hotfixes have been released immediately, and the standard firmware patches will be released in March. ” The updated security advisory from Zyxel states the exploit works against its UTM, ATP, and VPN firewalls running firmware version ZLD V4. 35 Patch 0 through ZLD V4. 35 Patch 2, and that those with firmware versions before ZLD V4. 35 Patch 0 are not affected. Zyxel’s new advisory suggests that some affected firewall product won’t be getting hotfixes or patches for this flaw, noting that the affected products listed in the advisory are only those which are “within their warranty support period. ” Indeed, while the exploit also works against more than a dozen of Zyxel’s NAS product lines, the company only released updates for NAS products that were newer than 2016. Its advice for those still using those unsupported NAS devices? “Do not leave the product directly exposed to the internet. If possible, connect it to a security router or firewall for additional protection. ” Hopefully, your vulnerable, unsupported Zyxel NAS isn’t being protected by a vulnerable, unsupported Zyxel firewall product. CERT’s advisory on the flaw rate this vulnerability at a “10” — its most severe. My advice? If you can’t patch it, pitch it. The zero-day sales thread first flagged by Holden also hinted at the presence of post-authentication exploits in many Zyxel products, but the company did not address those claims in its security advisories. Recent activity suggests that attackers known for deploying ransomware have been actively working to test the zero-day for use against targets. Holden said the exploit is now being used by a group of bad guys who are seeking to fold the exploit into Emotet, a powerful malware tool typically disseminated via spam that is frequently used to seed a target with malcode which holds the victim’s files for ransom. “To me, a 0day exploit in Zyxel is not as scary as who bought it,” he said. “The Emotet guys have been historically targeting PCs, laptops and servers, but their venture now into IoT devices is very disturbing. ” Source: KrebsOnSecurity. --- - Published: 2019-01-01 - Modified: 2020-03-26 - URL: https://improbus.com/2019/01/01/improbus-acquires-icec/ - Categories: News - Tags: Acquisition, Center, Communication, Disaster Recovery, Emergency, Emergency Services, ICEC, Improbus, International, International Center for Emergency Communication, Merger, PPDR, Public, Public Protection, Safety, Security Improbus has acquired ICEC; International Center for Emergency Communication. As of today, 01. 01. 2019, both companies will act as one. The companies believe that their product portfolios complement each other, especially in the areas of emergency communication, security, training, and education. Most ICEC products and services will be fully incorporated into the Improbus product portfolio within a month, while specialized courses or custom services will remain under the ICEC brand. For more information, please contact Improbus via Telegram (chat) or email. --- - Published: 2018-09-12 - Modified: 2020-03-21 - URL: https://improbus.com/2018/09/12/how-photodna-for-video-is-being-used-to-fight-online-child-exploitation/ - Categories: Media, Security - Tags: Child, Crime, CyberCrime, Images, MDCU, Microsoft, NCMEC, PhotoDNA, Protection, Video In the past, when someone tipped off the Internet Watch Foundation’s (IWF) criminal content reporting hotline to an online video they thought included child sexual abuse material, an analyst at the U. K. nonprofit often had to watch or fast forward through the entire video to investigate it. Because people sharing videos of child sexual abuse often embed this illegal content in an otherwise innocuous superhero flick, cartoon or home movie, it could take 30 minutes or several hours to find the content in question and determine whether the video should be taken down and reported to law enforcement. Last year, IWF, a global watchdog organization, started leveraging PhotoDNA — a tool originally developed by Microsoft in 2009 for still images — to identify videos that have been flagged as child sexual abuse material. Now it often takes only a minute or two for an analyst to find illegal content. Microsoft Cybercrime Center. Photo: Benjamin Benschneider. Microsoft is now making PhotoDNA for Video available for free, and any organization worldwide interested in using the technology can visit the Microsoft PhotoDNA website to find out more, or to contact the team. “It’s made a huge difference for us. Until we had PhotoDNA for Video, we would have to sit there and load a video into a media player and really just watch it until we found something, which is extremely time-consuming,” says Fred Langford, deputy chief executive of IWF, which collaborates with sexual abuse reporting hotlines in 45 countries around the world. “This means we can identify and disrupt online sexual abuse and help victims much faster,” says Langford. “We don’t want this illegal content shared on our products and services. And we want to put the PhotoDNA tool in as many hands as possible to help stop re-victimization. ”Courtney Gregoire, Microsoft Digital Crimes Unit PhotoDNA for Video builds on the same technology employed by PhotoDNA, a tool Microsoft developed with Dartmouth College that is now used by over 200 organizations around the world to curb sexual exploitation of children. Microsoft leverages PhotoDNA to protect its customers from inadvertently being exposed to child exploitation content, helping to provide a safe experience for them online. PhotoDNA has also enabled content providers to remove millions of illegal photographs from the internet; helped convict child sexual predators; and, in some cases, helped law enforcement rescue potential victims before they were physically harmed. In the meantime, though, the volume of child sexual exploitation material being shared in videos instead of still images has ballooned. The number of suspected videos reported to the CyberTipline managed by the National Center for Missing and Exploited Children (NCMEC) in the United States increased tenfold from 312,000 in 2015 to 3. 5 million in 2017. As required by federal law, Microsoft reports all instances of known child sexual abuse material to NCMEC. Microsoft has long been committed to protecting its customers from illegal content on its products and services, and applying technology the company already created to combating this growth in illegal videos was a logical next step. “Child exploitation video content is a crime scene. After exploring the development of new technology and testing other tools, we determined that the existing, widely used PhotoDNA technology could also be used to effectively address video,” says Courtney Gregoire, Assistant General Counsel with Microsoft’s Digital Crimes Unit. “We don’t want this illegal content shared on our products and services. And we want to put the PhotoDNA tool in as many hands as possible to help stop the re-victimization of children that occurs every time a video appears again online. ” A recent survey of survivors of child sexual abuse from the Canadian Centre for Child Protection found that the online sharing of images and videos documenting crimes committed against them intensified feelings of shame, humiliation, vulnerability and powerlessness. As one survivor was quoted in the report: “The abuse stops and at some point also the fear for abuse; the fear for the material never ends. ” The original PhotoDNA helps put a stop to this online recirculation by creating a “hash” or digital signature of an image: converting it into a black-and-white format, dividing it into squares and quantifying that shading. It does not employ facial recognition technology, nor can it identify a person or object in the image. It compares an image’s hash against a database of images that watchdog organizations and companies have already identified as illegal. IWF, which has been compiling a reference database of PhotoDNA signatures, now has 300,000 hashes of known child sexual exploitation materials. PhotoDNA for Video breaks down a video into key frames and essentially creates hashes for those screenshots. In the same way that PhotoDNA can match an image that has been altered to avoid detection, PhotoDNA for Video can find child sexual exploitation content that’s been edited or spliced into a video that might otherwise appear harmless. “When people embed illegal videos in other videos or try to hide them in other ways, PhotoDNA for Video can still find it. It only takes a hash from a single frame to create a match,” says Katrina Lyon-Smith, senior technical program manager who has implemented the use of PhotoDNA for Video on Microsoft’s own services. PhotoDNA for Video is one of many technologies used by Microsoft to protect customers online. Photo: Benjamin Benschneider. Organizations that are already using an on-premise version of PhotoDNA to remove illegal images will be able to seamlessly add the capability to identify videos. Microsoft is also looking for partners to test the video technique on its PhotoDNA Cloud Service. Automated tools like PhotoDNA have made a huge difference in the fight against online child exploitation, particularly for smaller companies that otherwise wouldn’t have the capacity or know how to find illegal content on their apps and websites, says Cecelia Gregson, a senior King County prosecutor and attorney for the Washington Internet Crimes Against Children Task Force. Gregson estimates that 90 percent of the cases she investigates now come from CyberTipline reports submitted by companies using PhotoDNA to keep their platforms clean. Under federal law, all internet and email service providers are required to report knowledge of child pornography to NCMEC. “It’s made a huge difference... We can identify and disrupt online sexual abuse and help victims much faster. ”Fred Langford, Internet Watch Foundation “This is not about looking at someone’s online shopping patterns or uploaded family photos. We are seeking files depicting the sexual abuse of children,” says Gregson. “We are concerned with protecting child victims, and about making sure the places you go online and your children go online are not riddled with images of child abuse and exploitation. The technology can also help us identify child sexual predators whose collections of images can cause further psychological, emotional and mental trauma to their victims. ” Since PhotoDNA and other tools became widely available, the number of reports to NCMEC’s CyberTipline has grown from 1 million in 2014 to 10 million in 2017, says John Shehan, vice president for NCMEC’s exploited children division. “These technologies allow companies, especially the hosting providers, to identify and remove child sexual content more quickly,” says Shehan. “That’s a huge public benefit. ” Learn how to detect, remove and report child sexual abuse materials with PhotoDNA for video, or contact photodnarequests@microsoft. com. Follow @MSFTissues on Twitter. Source: Microsoft. --- - Published: 2009-12-18 - Modified: 2020-03-21 - URL: https://improbus.com/2009/12/18/photodna-scans-images-for-child-abuse/ - Categories: Media, Security - Tags: Child, Crime, Images, Microsoft, NCMEC, PhotoDNA, Protection, SecurityFocus Internet service providers may have better success at scanning their networks to actively seek out illicit images of child abuse, thanks to technology donated by Microsoft and Dartmouth College. On Wednesday, the software giant and the well-known college announced that they had developed a software program to match modified images to the original by using a form of robust hashing that can ignore certain types of changes, such as resizing, cropping and the inclusion of text. The team donated the program, dubbed PhotoDNA, to the National Center for Missing and Exploited Children. The NCMEC will make the program available to ISPs to detect the "worst of the worst" in child pornography -- those images that show pre-pubescent children being sexually abused, said Ernie Allen, CEO and president of the NCMEC. The intent is to "use the technology very narrowly and very specifically," Allen said. The agreement follows a number of other successful initiative in fighting child abuse online. In June 2008, three ISPs signed an agreement with the New York State Attorney General's office to police their networks for child pornography and donate money to the state and the NCMEC to fund investigations. In 2007, MySpace agreed with the attorneys general of more than 40 states to turn over information regarding sex offenders on its network. While law enforcement has successfully prosecuted hundreds of cases of possession and distribution of illicit images, a small number of cases have underscored overzealous prosecutions. In one case, a Massachusetts government agency fired and reported one of its workers for having child pornography on his laptop, but a later investigation showed that the lack of functioning antivirus software resulted in his laptop being compromised and subsequently filled with illicit images. Microsoft has already tested the software on its networks and plans to roll out the tool to scan public sources for images for child pornography, said Brad Smith, senior vice president and general counsel at the software giant. "It is not enough to catch the perpetrators, we have to stop the images to prevent the subjects from being a victim again," Smith said. While Microsoft will scan public sources for matches to a small database of the worst abuse images, the software giant will not scan private data nor communications, Smith said. ISPs, the government and privacy advocates should discuss the legal and policy issues of such scanning, he said. Child pornography is a major priority of law enforcement and the detection of images of abuse has grown significantly, according to the NCMEC. Since 2003, the organization has viewed and analyzed 30 million images classified as child pornography, the group claims. Allen predict that the group will deal with another 9 million in 2010. Much of the increase in child pornography is due to the Internet's ability to allow communities to form among traders of child pornography, he said. "They (the criminals) no longer view themselves as aberrant," Allen said. "We made enormous progress on the commercial side ... but it has migrated to the noncommercial side. " In the latest announcement, a large scale test of the PhotoDNA tool found that less than one false positive occurred in every billion images scanned, said Hany Farid, a professor of computer science at Dartmouth and co-developer of PhotoDNA. In addition, the software recognizes about 98 percent of images derived from those in its database. "We tested it over billions and billions of images," he said. "We tried very hard to make it very efficient ... and to minimize the false alarm rate. " Source: SecurityFocus. --- ---