After conducting thorough research and deliberation to enhance the usability of XPR network vanity names, we have chosen to completely revamp our current service. As of now, our DNS service enables users to add their .xpr vanity names and establish an A record for website redirection. However, a limitation arises: the vanity names are only accessible locally, restricted to users of our DNS service. Additionally, owning a server is necessary to create a correct A record that will point to your website.
Our new strategy will share similarities with eth.link, which employs a centralized approach for accessing ENS information through DNS and is overseen by Cloudflare. In the case of eth.link, a wildcard DNS record (*.eth.link) is utilized to intercept requests for all ENS domains. Subsequently, Cloudflare workers query an IPFS Gateway using the CID to retrieve webpage content.
Our approach will diverge slightly. We have already published a wildcard DNS record for *.xpr.name and configured Nginx to manage all requests for registered vanity addresses directed to our DNS server.
We decided to buy domain xpr.name and to establish globally accessible vanity names under this domain. This means that whoever owns a name like “proton.xpr” will have the ability to generate “proton.xpr.name” This feature will function through our redirect gateway, directing users to the destination specified by the owner.
The best part about this is that you can make your unique XPR network vanity name and easily point it to any webpage you want. And the cool thing is, you don’t even need to own a website. You could send people to your Twitter or even a chat on Telegram – it’s up to you.
The complete procedure will be quite straightforward. You’ll just have to log with WebAuth using vanity address and establish a destination for the requested page’s redirection. A single click will initiate the creation of this record, enabling your.xpr.name to become operational within a span of 2 minutes.
Romance scams have become an increasingly prevalent form of online deception, preying upon the vulnerability of individuals seeking love and companionship. These scammers masterfully manipulate emotions, first building trust and later exploiting it for personal gain. This article delves into the insidious techniques used by romance scammers, including gaining trust and employing manipulative tactics like sending edited photos of passports and plane tickets.
Gaining Trust: The First Step of Deception
Romance scammers understand that establishing trust is crucial for their nefarious plans to succeed. They commonly create fake profiles on dating websites, social media platforms, or even gaming sites, portraying themselves as attractive, successful, and compassionate individuals. To gain their victims’ trust, they invest time in building an emotional connection, feigning shared interests and life experiences.
These scammers often present themselves as ideal partners, providing emotional support and actively listening to their targets’ problems. They mirror their victims’ feelings, creating a sense of understanding and genuine connection. The aim is to make the victim feel special, cherished, and validated, leading them to believe they have finally found their soulmate.
Love Bombing: Intensifying the Emotional Bond
Once the initial trust is established, scammers employ a technique called “love bombing.” This involves overwhelming the victim with affectionate messages, declarations of love, and grand gestures. The onslaught of attention and affection can be so intense that victims become emotionally dependent on the scammer, further blurring their judgment.
Love bombing is meant to make the victim believe that they have found an extraordinary partner, leading them to ignore potential red flags and suspicions that may arise during the relationship.
The Manipulative Turn: Photoshopped Passports and Plane Tickets
As trust solidifies, the romance scam takes a manipulative turn. Scammers often claim to be traveling or in financial distress, setting the stage for their fraudulent tactics. They may send edited photos of passports, visas, or plane tickets, ostensibly to show their intention of visiting the victim or seeking assistance.
In reality, these documents are usually forged or manipulated to instigate sympathy or elicit financial support. Unsuspecting victims, caught up in the emotional turmoil of the relationship, may willingly offer money to aid their beloved, unaware that they are falling victim to a scam.
Another common technique used by romance scammers involves fabricating emergencies. They might claim to be involved in accidents, facing legal troubles, or needing urgent medical assistance. By creating a sense of urgency, they trigger the victim’s protective instincts and amplify the emotional connection.
Desperate to help the person they believe they love, victims may send money without considering the possibility of fraud. The scammer’s ultimate goal is to exploit the victim’s genuine care and concern for their well-being.
Romance scams are a distressing reality of the digital age, exploiting human emotions for personal gain. By first gaining their victims’ trust and then using manipulative techniques such as sending edited photos of passports or plane tickets, these scammers perpetrate deceit and betrayal. To protect oneself from such scams, it’s essential to stay vigilant, never send money to someone you’ve met online, and report suspicious activities to the relevant authorities. Awareness and caution remain the best defense against falling prey to the art of romance scams.
In our increasingly digital world, the Domain Name System (DNS) plays a vital role in connecting our devices to websites. However, traditional DNS services provided by internet service providers (ISPs) may lack adequate security and protection against various online threats. In this article, we will introduce Xprotect DNS, a user-friendly softwareless solution that offers enhanced security and protection for your online activities.
What are DNS servers and how do they translate IPs to human-readable domains?
When we enter a website’s name (e.g., www.alvosec.com) into our web browser, our device needs to know the corresponding IP address (e.g., 192.168.0.1) to establish a connection. DNS servers act as the internet’s phone book, translating human-readable domain names into IP addresses. They enable our devices to find and access websites by handling this translation process.
Every device already uses DNS from the internet provider
By default, when we connect to the internet, our devices automatically use the DNS servers provided by our internet service provider (ISP). These servers facilitate the translation process mentioned earlier. However, relying solely on ISP DNS servers can have limitations in terms of security and protection.
Visit this website to check what are your DNS servers: www.ipleak.net
The lack of security and protection provided by ISP DNS servers
Unfortunately, ISP DNS servers often prioritize speed and efficiency over security measures. As a result, they may not provide adequate protection against phishing, scams, malware-infected websites, and other online threats. This leaves users vulnerable to various risks while browsing the internet.
Xprotect DNS: A softwareless solution for enhanced security and ease of use
Xprotect offers a compelling alternative to traditional DNS services. It is a softwareless solution, meaning you don’t need to install any additional software on your device. This makes it incredibly easy to use across different platforms, such as computers, smartphones, and tablets.
Protection against malicious websites, phishing, and scams – especially for Web3
Xprotect DNS goes beyond basic DNS services by providing enhanced protection against malicious websites, phishing attempts, and scams. It uses advanced security measures to detect and block access to these harmful online destinations. This is particularly important as we transition into the Web3 era, where decentralized applications and cryptocurrencies require heightened security.
Blocking ads, NRD domains, ransomware, and adult content
In addition to protecting against malicious websites, Xprotect DNS offers several other advantages. It can block intrusive ads, preventing unwanted distractions and potentially malicious content. It also helps to safeguard against NRD domains (newly registered domains), which are often used by cybercriminals to launch attacks. Furthermore, Xprotect DNS helps in blocking ransomware threats and restricting access to adult content, ensuring a safer browsing experience.
Why DNS protection is important and its advantages over software solutions
DNS protection is crucial because it acts as the first line of defense against online threats. By using Xprotect DNS, you benefit from enhanced security without the need for additional software installations. Unlike software-based solutions, Xprotect DNS works at the network level, providing protection to all devices connected to the network. This means you are protected across different devices without having to individually set up and maintain separate security software.
The CPU governor is a crucial component that regulates the CPU’s frequency and power usage. By default, Linux servers often use the “ondemand” governor, which dynamically adjusts the CPU frequency based on system load. However, for maximum performance, switching to the “performance” governor is recommended.
To check your current CPU governor, use the following command:
sudo apt-get install cpufrequtils
Then run:
cpufreq-info
This command will display information about the current CPU frequency scaling settings. Look for the “governor” section to identify the current governor.
To set the CPU governor to “performance,” execute the following command:
sudo cpufreq-set -r -g performance
This command ensures that all CPU cores are set to the “performance” governor, optimizing the server for maximum processing power.
If this doesn’t work for you, you can try this command:
echo ‘performance’ | sudo tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
Monitoring CPU Clock Speed:
To monitor the current CPU clock speed in real-time, you can use the following command:
watch -n 0.4 “grep -E ‘^cpu MHz’ /proc/cpuinfo”
This command uses the watch utility to continuously display the CPU clock speed, updating every 0.4 seconds. It provides valuable insights into how the CPU frequency changes under different workloads.
Disabling Multiple Cores:
In specific scenarios, you might want to disable all but one processor core to dedicate resources to a particular task. To achieve this, you can use the following steps:
Identify the number of available CPU cores:
lscpu
Look for the “Core(s) per socket” entry to determine the number of cores per CPU socket.
Disable additional cores, leave only one core:
for cpu in /sys/devices/system/cpu/cpu[1-9]*; do echo 0 | sudo tee “$cpu/online”; done
To make sure that after reboot, your governor stays in perfromance mode you will need to create reboot cronjob:
sudo crontab -e
Then add the following content:
@reboot echo ‘performance’ | tee /sys/devices/system/cpu/cpu*/cpufreq/scaling_governor
Save and exit (press CTRL+X, then Y, then ENTER).
Keep in mind that you need to leave at least one core for the best performance. Use htop command to see how many cores are working.
Kaspersky analysts have issued a warning about a surge of trojanized Tor Browser installers that are infecting users in Russia and Eastern Europe with clipboard-hijacking malware. This type of malware steals cryptocurrency transactions from infected users. Although this attack is not new or innovative, it remains effective and widespread, affecting many users globally.
While these malicious Tor installers target users in countries around the world, Kaspersky highlights that most of the attacks are aimed at Russia and Eastern Europe. Kaspersky believes that this is due to the ban of the Tor Project’s website in Russia at the end of 2021, which was confirmed by the Tor Project itself.
According to the Tor Project, Russia was the second-largest country in terms of the number of Tor users in 2021, accounting for over 300,000 daily users or 15% of all Tor users.
Malicious Tor Browser installers
The Tor Browser is a specialized web browser that provides users with anonymity by concealing their IP address and encrypting their web traffic. Additionally, Tor can be used to access onion domains, also known as the “dark web,” which cannot be indexed by regular search engines or accessed through standard browsers.
Cryptocurrency holders may use Tor to transact with cryptocurrencies anonymously or to access illegal dark web market services that only accept payments in cryptocurrency.
To deceive users, Trojanized Tor installations are often marketed as “security-enhanced” versions of the official Tor Project vendor or distributed in countries where Tor is banned, making it difficult to download the official version.
Kaspersky has found that these installers include a standard version of the Tor browser, which is often outdated, and an additional executable hidden inside a password-protected RAR archive set to extract automatically on the user’s system. Furthermore, the installers have localized names such as ‘torbrowser_ru.exe’ and offer language packs for users to choose from.
The malware is extracted from the archive in the background and executed as a new process while also being registered on the system autostart, while the standard Tor browser is launched in the foreground. The malware also employs a uTorrent icon to conceal itself on the compromised system.
Source: Kaspersky
The victim downloads Tor Browser from an unofficial source and opens it as torbrowser.exe. However, the installer lacks a digital signature and is merely a RAR SFX (self-extracting executable) archive that contains three files:
The legitimate torbrowser.exe installer with a genuine digital signature from the Tor Project.
A command-line RAR extraction tool with a randomized name.
A password-protected RAR archive with a random password.
Clipboard-injector malware
Due to the complexity of cryptocurrency addresses, it’s common practice to copy and paste them instead of manually typing them out. The malware uses regular expressions to scan the clipboard for recognizable crypto wallet addresses and replaces them with associated cryptocurrency addresses that belong to the attackers. As a result, when the user pastes the address, the attacker’s address is pasted instead, enabling them to steal the sent transaction.
Source: Kaspersky
Hexdump of the malware data with regular expressions and replacement wallet IDs
We identified the following regular expressions inside the sample.
To protect against malware, only download software from trusted sources. If you accidentally download a rogue file, use antivirus software or VirusTotal to check for malicious intent. Malware will eventually be discovered. To check if your system is compromised, use a Notepad trick by copying and pasting a specific Bitcoin address. If the address changes, your system may be compromised, and you should scan it for malware. If your system is compromised, rebuild it to ensure no hidden backdoors remain.
Source: Kaspersky
Keep yourself protected and prevent criminals from accessing your coins.
Computer hacker in hooded shirt typing software algorithms and stealing data from computer network on laptop.
Lazarus, a notorious hacking group, has launched a new campaign called “Operation DreamJob,” targeting Linux users with malware for the first time. This recent attack was detected by ESET’s researchers and confirms with a high degree of certainty that Lazarus was responsible for the recent supply-chain attack on VoIP provider 3CX.
Operation DreamJob is a social engineering attack that tricks software and DeFi platform employees with fake job offers on LinkedIn or other social media platforms. When victims download the malicious file, disguised as a job offer document, malware is dropped onto their computer.
In the case discovered by ESET, Lazarus used a spearphishing or direct message approach to distribute a ZIP archive named “HSBC job offer.pdf.zip” that contained a Go-written Linux binary. The malware used a Unicode character in the file name to appear as a PDF, with the apparent dot character in the filename represented by the U+2024 Unicode character. This trick is an attempt to deceive the file manager into treating the file as an executable instead of a PDF. Consequently, when a user clicks on the file, the malware launches and displays a decoy PDF while simultaneously downloading a second-stage malware payload from a private repository hosted on the OpenDrive cloud service.
We’ve written simple bash script that can detect if a filename contains the leader dot U+2024.
#!/bin/bash for file in *; do if [[ “$file” =~ “․” ]]; then echo “Found leader dot in filename: $file” echo “Hex value of leader dot: $(echo -n “․” | od -t x1)” echo “Position of leader dot in filename: $(expr index “$file” “․”)” fi done
This script uses a regular expression to check if the filename contains the U+2024 character, and if it does, it will print details about the character, including its hexadecimal value and its position in the filename.
The decoy PDF displayed to the target (ESET)
The second-stage payload is a C++ backdoor called “SimplexTea,” which is dropped at “~/.config/guiconfigd. SimplexTea.” Additionally, OdicLoader modifies the user’s ~/.bash_profile to ensure that SimplexTea is launched with Bash, and its output is muted whenever the user starts a new shell session.
SimplexTea is a backdoor designed for Linux and coded in C++. The names of the classes bear a strong resemblance to the function names that were uncovered in a file named sysnetd. This file was uploaded to VirusTotal from Romania and can be identified by its SHA-1 hash value of F6760FB1F8B019AF2304EA6410001B63A1809F1D. Due to the similarities between the class and function names of SimplexTea and sysnetd, it is speculated that SimplexTea is a newer iteration of sysnetd and has been rewritten from C to C++.
