Experts have found the most vulnerable places in Runet – Disposable mail news

Personal accounts of Runet users in various services, including Internet banks, turned out to be the worst protected from hackers. This is the opinion of Positive Technologies specialists.
After analyzing 38 websites of various organizations, including IT companies, government agencies, financial and telecommunications organizations, Positive Technologies employees concluded that nine out of ten web applications in Runet are vulnerable to hacker attacks.

Despite the fact that the situation has improved compared to the previous year, half of the sites contain “high-level” vulnerabilities. In 2019, there were 22 vulnerabilities per application, which is one and a half times lower than in 2018. According to Positive Technologies, the probability that data will leak from applications to the network is 68%, unauthorized access is possible in 39% of cases and authentication system weaknesses were found in 45%.

Also, hackers often hack applications in the banking sector. The protection of apps of credit organizations works only in 40% of cases.

According to experts, this is due to the fact that the dynamics of the main updates of the program is quite high. He noted that the system does not have time to “undergo full training” and automatic configuration.

Applications of government agencies turned out to be the most vulnerable to hacker attacks. Experts stressed that funding for this sector was low. At first, the tenders were won by those who requested the lowest price. And then expenses were reduced even more — by hiring students, for example.
Experts noted that it is quite difficult to protect web applications. Sometimes systems are used in monitoring mode, and real people monitor this. They have to determine whether the attack occurs or not.

“A 24-hour web service requires at least four operators, and this is from five million rubles a year ($78,700),” said Rustem Khairetdinov, vice president of InfoWatch Group. There is no way to hire such a staff of specialists in small companies and regional government agencies.

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Clop Ransomware Upgraded, Now can Terminate 663 Windows Processes – Disposable mail news

In February 2019, Michael Gillespie from MalwareHunter Team founded Clop ransomware that has been evolving to reach its full potential and now a variant of the same can terminate a total of 663 Windows processes.

While it was first discovered, it did not demonstrate any unique quality which made it stand out amid other ransomware variants, it was merely another likewise addition in the ransomware ecosystem like others that existed since 2017. However, it has continued to take various forms since its discovery and is emerging with all new and integrated process killer that affects several processes of Windows 10 apps, office applications, programming IDEs, languages and text editors.

As per the sources, it was noted in March 2019, that the attackers behind Clop Ransomware started to target entire networks instead of individual systems, they changed the ransom note to imply the same. The same year also witnessed a sudden disruption in the services of Clop Ransomware wherein they abruptly changed and disabled services for Microsoft SQL Server, MySQL, Microsoft Exchange, BackupExec and other enterprise software.

In 2019, while warning the organizations and businesses regarding app-killing malware, the Federal Bureau of Investigation (FBI) reported that the ransomware threat now is even amplified as the attackers are continually upgrading themselves, they have devised ways to bypass detection and be more effective in their operations. Organizations are being warned by investigative agencies to keep abreast of such potential threats and build a security net to guard their systems.

While commenting on the matter, Abrams, editor-in-chief for Bleeping Computer said, “It is not known why some of these processes are terminated,” Bleeping Computer editor-in-chief, Abrams, said, “especially ones like Calculator, Snagit, and SecureCRT, but it’s possible they want to encrypt configuration files used by some of these tools.”

Meanwhile, in a conversation with SC Media UK, Javvad Malik, security awareness advocate at KnowBe4, told “Clop is a variant of the CryptoMix ransomware family, but has been evolving rapidly in the last year to disable an increasingly large number of windows processes,”

“The main goal of Clop is to encrypt all files in an enterprise and request a payment to receive a decryptor to decrypt all the affected files,” read the McAfee report in August.

“To achieve this, we observed some new techniques being used by the author that we have not seen before. Clearly, over the last few months, we have seen more innovative techniques appearing in ransomware.”

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

9 biggest web security news of 2018 – 10 minute mail

The year started off with a bang as the research of Meltdown and Spectre rendered almost all computing devices to be vulnerable. As the year moved on Facebook, Magecart and 2FA alternatives also were also part of security discussions. Here are our top 9 picks for biggest web security news of 2018:

Image for top security news for 2018

1. Meltdown and Spectre

Meltdown and Spectre are collectively 3 critical vulnerabilities had anyone with a computer made since 1995 on their feet. Meltdown (CVE-2017-5754) is a hardware vulnerability found to attack general memory data security and the name was given due to the ability of the attack to “melt” security boundaries. Spectre (CVE-2017-5753 and CVE-2017-5715) is reported to affect every single computer device, as it’s been verified that they affect Intel, AMD, and ARM processors. Their exploitation allows hackers to access passwords stored in a password manager or browser, personal photos, emails, private messages and even business-critical documents.

2. Facebook – “View As” feature

Facebook has been in the public eyes on several big occasions this year including the Cambridge Analytica scandal and Mark Zuckerberg’s testimony in front of the US Congress about data privacy. The year wouldn’t be complete without a hacker attack. Late September, 50 million people were automatically logged out of their Facebook accounts due to a hacker attack via the “View As” feature. The hackers began by exploiting the video uploading feature and eventually chained this together with a weakness in the “View As” feature. During this process a user token was generated when it wasn’t intended to happen for the one subject to “view as” and this appeared in the HTML code. From there the hackers gained access to the user account and automated their attack which eventually resulted in an activity spike to catch Facebook’s attention and take action in time. In total, there were 3 bugs that the malicious actors were able to chain together to gain access to user tokens. When Facebook was aware of this, it forced log out to reset tokens for 50 million users and an additional 40 million who were potentially affected. Whilst Facebook’s logging and monitoring practices were able to act fast and alert users well, the company seems to not want to take more security risks as there are plans to add a cybersecurity company to their group.

3. Marriott – 500 million users had data stolen.. Hackers had access since 2014

Going down as one of the largest data breaches to happen so far, 500 million Starwood guests had their personal details such as names, addresses, passport information and emails compromised to malicious hackers. Reports state hackers were in the system back in 2014 which happened before Marriott acquired the Starwood Hotel brand in 2016, and this has angered many security experts and people in general knowing that SPG aware of the issue and it was failed to be addressed during the acquisition. The personal information taken was encrypted however given 4 years time, one could be certain that the hackers were able to decrypt the details. It’s not certain whether Marriott was aware of this or not but we can expect cybersecurity to be taken more seriously in future business acquisitions.

  4. Another year of leaky S3 buckets, which led to AWS finally changing the privacy settings for bucket configurations

As in 2017, this year saw several high-profile companies fall victim to customer data leak to cloud storage, especially S3 bucket, misconfigurations including FedEx and GoDaddy. These are often the fault of the company due to AWS S3 bucket misconfigurations but we even saw a case where an AWS employee made the mistake of S3 bucket misconfiguration for GoDaddy. The consequence: public exposure of highly sensitive information including GoDaddy’s hosting infrastructure, operating system, workload and more which gave out a lot of competitive intelligence. This finally prompted AWS to make changes to the bucket settings and make it easier for users to block public access to buckets.

5. Implementation of GDPR and Google and Facebook slapped with fines

2018 also was the year for GDPR to come into play and this has all sorts of professionals scrambling to make sure their practices are compliant, lawyers were banking in on new business, some opportunists upgraded their careers to becoming a DPO and end users were bombarded with emails regarding GDPR, all before May 25th. There was no grace period to GDPR enforcement as Google and Facebook were given fines immediately. Not only did GDPR get ordinary people to start thinking a bit more on the privacy of their personal details, but it has challenged companies to work more proactively with security.

6. Magecart and third-party javascript

Magecart, an online criminal hacker group, has been using cross-site scripting (XSS) tactics to injection malicious code into different online credit card forms. By doing so they’ve been able to steal sensitive information including, yes of course, credit card details and personal names. This method is used widely and companies compromised by this attack are many and include British Airways and Inbenta, a 3rd party javascript used by Ticketmaster. This serves as a good reminder to always check web applications for XSS and especially third-party software as Magecart does not show signs of stopping.

7. SMS 2FA not secure

Reddit was hacked in June and their employee accounts were compromised despite having 2FA via SMS enabled. As their report explains, the attacker was able to intercept SMS messages containing the access code and use this to log into the employee accounts. This prompted a great discussion on what kind of 2FA is needed. Reddit themselves suggest using a token-based 2FA as well as ensuring passwords are complicated. You can find these tips and more in our tips for secure remote work.

8. Drupalgeddon

There was a remote code execution found in Drupal, and this critical vulnerability was aptly named Drupalgeddon v2.0. This affects versions between 6 and 8, and if exploited the bad actor would have access to all non-public data and also have the ability to modify or delete items. According to official notes, updating Drupal along will not remove backdoors or fix compromised sites. Therefore anyone affected would have to update right away but also run their own security checks to remediate the issue.

9. Stop playing security whack-a-mole

Parisa Tabriz, Director of Engineering at Google, opened up this year’s Black Hat USA calling on everyone to implement long-term defensive security. Rather than playing what she called security whack-a-mole and tackling security issues as they come up, there needs to be more strategic and proactive action to ensure security in a company. She cited the Google Project Zero as one way they’ve used offensive security examples to improve defensive security tactics, leading to more transparency and collaboration to make end users safer. Companies should build ongoing security processes and invest in training, build up security champions and develop a security culture in the organization. Some argue it needs to be thought of earlier in the development cycle, given more support for the adoption of DevSecOps.

What can we expect next year? We asked our security researcher and technical content writer, Linus Särud:

In 2019, we can expect more cloud-related issues on the rise as well as misconfigurations with third-party providers. They may not necessarily be from S3 bucket leaks due to the changes, but could be of similar nature.

Serverless, microservices and API are the “new thing” and we can expect acceleration in migration over to these services. As a consequence we anticipate more SSRF attacks. When companies go serverless and the traditional RCE is no longer possible, SSRF takes its place. It can be used to request internal servers and steal tokens or credentials used for cloud configurations. Early 2018, Google was vulnerable against this. Here is another write-up on how SSRF can be a problem when running on Amazon, causing the cloud to rain credentials.

Lastly, we expect more subdomain takeovers to occur and while this has been hyped for long there will be a lot to be discovered in this area. On the positive side, we anticipate more awareness of cloud security risks and the continued rise of devsecops where security is considered earlier in the development cycle and companies apply proactive defence instead of reactive measures, enabled by more automation and testing. There will more open discussions about personal data management because of the GDPR, NIS directive and other security regulations. People will start to think differently about the security of personal information, in a more protective way, which is a good thing!

Here’s to an even more secure 2019! Is your team equipped with all the tools to make 2019 a secure year for your teams? You can automate some of your security checks using Disposable mail. Ready to give us a try? Sign up for a free trial.

Temp Mails ( is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.