This is a problem you might get while starting a particular program on your Windows computer.
System Error
The code execution cannot proceed because MSVCP140.dll was not found. Reinstalling the program may fix the problem.
This error occurs with the program which is dependent on the MSVCP DLL libraries. MSVCP means Microsoft Visual C++ Redistributable package. It contains different DLL files and if those DLL files are missing then the dependent program will throw this kind of error. In this tutorial you will find different ways to fix MSVCP related DLL errors. It is not only for the MSVCP140.dll but all kinds of MSVCP related DLL errors.
macOS Big Sur and Catalina are massively alerting users to malware on their computers by recurrently displaying “… will damage your computer” pop-up dialogs.
In cybersecurity, the line between a real heads-up and a false positive is blurred. Sometimes the latter is an upshot of over-protection on a service provider’s end, and it can as well be a shortcoming of malware detection algorithms. One way or another, the user is on the receiving end of incessant warnings that make the computing experience go down the drain.
In recent havoc that broke out in the Mac territory, numerous users found themselves in a situation where their machines keep displaying alerts that say, “[App Name] will damage your computer. You should move it to the Trash”. The fact that these pop-ups come in insanely large numbers makes some users think that this is a macOS bug. However, that’s a misconception – and here is why.
The incredibly annoying “… will damage your computer” alerts are triggered because macOS has started ringing the alarm bells in response to real malware activity on specific computers in late February 2021. Notice the vanilla-looking application name in quotes (StandardBoostd) on the screenshot above. This is one of the multiple strains of malicious code invoking an abnormally aggressive reaction of the operating system. Some of the other common samples mentioned in these pop-ups warnings at this point are as follows:
ConfigTyped
DominantPartitiond
ElementaryTyped
ManagerAnalogd
OperativeMachined
ProtocolStatus
TrustedAnalogd
This is far from being a complete list of unwanted apps that have ended up in the spotlight of macOS Gatekeeper, a feature that checks code for notarization issues and known signs of malicious behavior. What most of them have in common is the affiliation with an adware family called AdLoad, which cashes in on freeware bundles to infect Macs on a large scale.
The most rational theory about what’s happening is that Apple’s protection mechanisms have been recently improved, and AdLoad spin-offs along with a few other adware lineages are now easily detectable. These enhancements may have arrived with macOS Big Sur and macOS Catalina feature updates, or the Cupertino company could have quietly rolled out a series of tweaks to Gatekeeper logic beyond the regular update schedule.
That’s good news for the Mac user community, but with the caveat that the “… will damage your computer” alerts are splashing up non-stop without providing any effective methods to apply a permanent fix. Although most of these dialogs include a “Move to Trash” button, it doesn’t do what it says. As a result, users are stuck between a rock and a hard place. On the one hand, they are bombarded by nuisance pop-ups from macOS. On the other, they are faced with stubborn adware that resists commonplace removal.
It appears that the only workaround is to go the extra mile checking a handful of folders for sketchy files and deleting them, or outsourcing this tedious work to a trusted Mac antimalware tool. Hopefully, Apple will be combining its threat detection refinements with hands-on cleaning methods further down to minimize users’ frustration when outbreaks like this occur.
With ransomware in general plummeting so far in 2018, GandCrab is one of the few strains that stay afloat and keep evolving. This infection was apparently coined by skilled cybercrooks as it exhibits a rock-sold crypto functionality, clever distribution and enviable durability in the face of the law enforcement’s efforts to counter the plague. Although it has gone through C2 server takedown by the police earlier this year, it revived with yet more vicious, well-orchestrated attacks.
Security researchers spotted a brand new variant of this ransomware in early May. It has reached version 3, and the changes aren’t isolated to the number alone. GandCrab v3 goes equipped with a desktop wallpaper replacement feature similar to how the nasty Locky and Cerber used to instill fear to its victims. The way it handles hostage files, though, remains unaltered – each one is still appended with the .CRAB extension. The ransom note continues to be a document named CRAB-DECRYPT.txt.
The overhauled culprit boasts multi-vector propagation. One of the payload delivery techniques comes down to malspam, where would-be preys receive emails masqueraded as customer support notifications from a bank. These phishing emails contain a ZIP archive attachment that, when unpacked, fires up a VBS downloader behind the scenes. This entity is the one liable for installing GandCrab v3 onto a target host. Another mechanism of infection is based on the Magnitude exploit kit. In this case, all it takes to get contaminated is visit a hacked website with toxic scripts surreptitiously running on it.
The above-mentioned desktop background can be sort of an issue to the attackers. Due to a bug in this routine, the ransomware may lock the user’s screen altogether instead of simply displaying the alert. This may prevent victims from even getting to the point where they learn the ransom demands and possibly decide to pay up. By the way, the extortionists instruct those infected to visit a dedicated payment page via Tor Browser. The size of the ransom indicated on that page is 800 USD, and it’s payable in Dash or Bitcoin cryptocurrency.
Overall, this update of the notorious GandCrab pest has introduced hardly anything revolutionary. However, it is still an extremely dangerous blackmail malware that cannot be decrypted without submitting the ransom.
North Korean government-backed adversaries have executed a series of attacks against high-profile international banks, pilfering millions via fraud schemes.
BeagleBoyz hacking group targeting banks worldwide
A cybercriminal syndicate from North Korea codenamed BeagleBoyz is busy leveraging offensive remote access tools (RATs) and social engineering to steal funds from major financial institutions around the world. In light of this discovery, a number of U.S. Government agencies are alerting banks to the menace.
In a joint advisory issued on August 26, 2020, officials state that the hacking crew is pulling off bank heists over the Internet to fund the totalitarian regime. The threat actors are zeroing in on banks based in well over 30 countries. These shenanigans are reportedly aimed at draining victims’ accounts of a whopping $2 billion.
The startling details were exposed in the aftermath of an ongoing investigation conducted by the FBI, the U.S. Cyber Command, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of the Treasury.
According to these findings, North Korean state-funded actors have been initiating illegal international money transfers and ATM cash-outs in multiple countries. For instance, just one of these schemes resulted in fraudulent cash withdrawals from ATMs owned by financial entities in dozens of countries, including the U.S.
As if these swindles weren’t enough, BeagleBoyz has been carrying out SWIFT frauds on a large scale, as was the case with the notorious Bangladesh bank heist of 2016 that entailed roughly $80 million in losses. By the way, the attempted amount was about $1 billion. The silver lining in this incident was that the Federal Reserve Bank of New York halted the remaining transfers due to suspicious payment instructions that came from the Bank of Bangladesh.
The BeagleBoyz hacking group is believed to be a branch of the Reconnaissance General Bureau of the North Korean government. Its operations are tracked back to 2014, resulting in hundreds of millions in losses. It is closely tied with the infamous Lazarus Group and APT38, to name a few. This organized cybercrime entity was behind several heists targeting cryptocurrency trading firms and the 2018 fraudulent ATM cash-outs exploiting the FASTCash platform.
DoubleLocker is the first Android ransomware that utilizes the Accessibility Service. Malware may encrypt user data; it can also lock the device.
DoubleLocker is built on the basis of a famous bank Trojan called Svpeng. DoubleLocker uses Svpeng’s code parts to encrypt and lock files but cannot collect user’s bank data and delete accounts.
DoubleLocker can change the device PIN and block the access for the victim. It also encrypts all data. This combination of Android malware features is seen for the first time.
Given the origin of the Svpeng bank malware, DoubleLocker could be turned into what we call ransomware. The malware acts in two stages – it tries to delete the bank or PayPal account and then blocks the data and device to demand a ransom. We found a test version of this ransomware in May 2017.
DoubleLocker is distributed in a very simple way. Like its ancestor the Svpeng banking Trojan, it pretends to be an Adobe Flash Player being pushed on hacked websites.
Once activated, the malware suggests allowing a special feature called Google Play Service. Having received the necessary permissions, the malware uses them to put its hands on administrator rights and becomes the sole launcher app – all without the user’s approval.
Self-promotion as a default launcher increases the persistence of the malware. When the person pushes the Home button, the ransomware is being re-activated and the device gets locked again.
Once launched on the device, DoubleLocker uses several strong arguments to force the user to pay the ransom.
First of all, DoubleLocker changes the device PIN and prevents the user to operate it. A new PIN is selected from a random value. The PIN is not going to be stored on the device. Crooks do send anywhere outside either. So the victim and security professionals cannot recover it. But after receiving the payment, an attacker can remotely reset the PIN and unlock the device.
Secondly, DoubleLocker encrypts all files located on the device’s primary storage. It makes use of the strong AES encryption algorithm and adds the strange .cryeye file extension.
The ransom amount is 0.0130 Bitcoins. The ransom note emphasizes that victims should send the payment within 24 hours. If they fail to do so, the data will remain encrypted forever.
The sole way to remove the DoubleLocker is to reset the device to the factory settings. Encrypted files cannot be restored.
For prevention, we recommend that you protect your Android-based devices with high-quality security products and make backups on a regular basis.
Here’s a quick tip on using Mencoder profiles that serve as shortcuts for all of your favorite settings. This can save you a lot of time, especially when your encoding syntax is lengthy and difficult to remember.
Profiles are stored in the mencoder.conf file located in the appropriate place for your operating system. For Linux users, you can create a personalized file in your own home directory, ~/.mplayer/mencoder.conf.
Here’s the syntax you might use on a single-pass XviD project without using profiles.
If you would like to add chapters to your video files, such as XviD, x264, OGG, etc., simply use the Matroska multimedia container format.
For those of you that have never created Matroska files, visit the Matroska website to find the right software for your platform. If you’re using Ubuntu Linux, install the mkvtoolnix package from the repositories. It contains all the tools you need to start working with MKV files.
sudo apt-get-install mkvtoolnix
The easiest method of creating your chapter definitions is with any text editor, using the following format. Feel free to change the name and time values accordingly. Save the file anywhere you can remember, e.g. chapter.txt.
If you want to create a chapter file from an existing DVD, dvdxchap is a great tool for the job if you’re using Linux. It’s part of the ogmtools package. For more info, check out the OGMtools project web site.
Installation and three examples of how to use the tool are below.
mkvmerge is the only tool you need to create an MKV file. In the following examples, your source video file is called video.avi, and your destination file is video.mkv.
A simplified version of the mkvmerge syntax is as follows.
I typically like to set my default language to English, and also turn off header compression for all tracks since some players don’t play nicely with compression enabled. The syntax and example output is displayed below.
mkvmerge video.avi --default-language eng
--compression -1:none --chapters chapter.txt -o video.mkv
mkvmerge v4.2.0 ('No Talking') built on Jul 28 2010 16:47:39
'video.avi': Using the AVI demultiplexer. Opening file. This may take some time depending on the file's size.
'video.avi' track 0: Using the MPEG-4 part 2 video output module.
'video.avi' track 1: Using the MPEG audio output module.
The file 'video.mkv' has been opened for writing.
'video.avi' track 0: Extracted the aspect ratio information from the MPEG4 layer 2 video data and set the display dimensions to 712/416.
Progress: 100%
The cue entries (the index) are being written...
Muxing took 30 seconds.
That’s really all there is to it. Now any media player that supports MKV chapters will allow you to navigate them. My favorites are VLC, Mplayer, and my Western Digital media player, the WD TV Live Plus.
Verify the contents of your MKV using mkvmerge or mkvinfo.
mkvmerge -i video.mkv
File 'video.mkv': container: Matroska
Track ID 1: video (V_MS/VFW/FOURCC, XVID)
Track ID 2: audio (A_MPEG/L3)
Chapters: 13 entries
A while back, I wanted to find a tool that would go through my entire collection of MP3’s and remove all the extra ID3 tags I didn’t want. For example, when I purchase music from Amazon, Rhapsody, and other online music stores, there are a number of tags in the files that track things like the purchase date and sales transaction ID’s. I also like to get rid of annoying comments and other hidden tags that most editors won’t even show you.
In my search for a tool, I came across this very useful post outlining a similar project. In the authors quest to do the same thing, he came up with a shell script that searches for all MP3 files, and removes tags that are not in his list of “good” tags. I usually don’t like to rehash the work someone else has done, but since I use his script so often, I thought it would be useful to repost it with only minor modifications.
Prerequisite: Install eyeD3
The script requires the eyeD3 tag editor to parse and manipulate the tag data. So be sure to install eyeD3, which should be available in your favorite Linux repository.
sudo apt-get install eyed3
Save and Modify Script
Save the following script as strip-tags.sh somewhere in your executable path.
#!/bin/bash
# Script name: strip-tags.sh
# Original Author: Ian of DarkStarShout Blog
# Site: http://darkstarshout.blogspot.com/
# Options slightly modified to liking of SavvyAdmin.com
oktags="TALB APIC TCON TPE1 TPE2 TPE3 TIT2 TRCK TYER TCOM TPOS"
indexfile=`mktemp`
#Determine tags present:
find . -iname "*.mp3" -exec eyeD3 --no-color -v {} ; > $indexfile
tagspresent=`sort -u $indexfile | awk -F): '/^<.*$/ {print $1}'
| uniq | awk -F)> '{print $1}' | awk -F( '{print $(NF)}'
| awk 'BEGIN {ORS=" "} {print $0}'`
rm $indexfile
#Determine tags to strip:
tostrip=`echo -n $tagspresent $oktags $oktags
| awk 'BEGIN {RS=" "; ORS="n"} {print $0}' | sort | uniq -u
| awk 'BEGIN {ORS=" "} {print $0}'`
#Confirm action:
echo
echo The following tags have been found in the mp3s:
echo $tagspresent
echo These tags are to be stripped:
echo $tostrip
echo
echo -n Press enter to confirm, or Ctrl+C to cancel...
read dummy
#Strip 'em
stripstring=`echo $tostrip
| awk 'BEGIN {FS="n"; RS=" "} {print "--set-text-frame=" $1 ": "}'`
# First pass copies any v1.x tags to v2.3 and strips unwanted tag data.
# Second pass removes v1.x tags, since I don't like to use them.
# Without --no-tagging-time-frame, a new unwanted tag is added. :-)
find . -iname "*.mp3"
-exec eyeD3 --to-v2.3 --no-tagging-time-frame $stripstring {} ;
-exec eyeD3 --remove-v1 --no-tagging-time-frame {} ;
echo "Script complete!"
To run the script, just execute it from the top level parent directory.
cd ~/Music/
strip-tags.sh
I really didn’t change a whole lot from the original, only making slight tweaks to eyeD3 options. For example, I removed colors from the eyeD3 output when creating the first list of tags, and added a line to remove v1.x ID3 tags since I don’t like to keep them around.
Be sure to edit the list of good tags identified by the “okaytags” variable. My preferred list includes the following:
TALB - Album/Movie/Show title APIC - Attached picture (Album Art) TCON - Content type (Genre) TPE1 - Lead performer(s)/Soloist(s) TPE2 - Band/orchestra/accompaniment TPE3 - Conductor/performer refinement TIT2 - Title/songname/content description TRCK - Track number/Position in set TYER - Year TCOM - Composer TPOS - Part of a set
There’s a number of reasons why someone would want to gain unauthorized access to your network’s voice VLAN, and as you can guess, none of them are any good. By strategically replaying CDP packets used by Cisco VoIP phones, and configuring your computer’s NIC to use 802.1q tagged packets, you can gain full network access on a Cisco switch port configured with a Voice VLAN. Yes… even those protected by 802.1x authentication. In the following how-to, we’ll demonstrate how exploit this behavior using Linux and freely available open source software.
Prerequisites
First, install two packages from your repositories. The vlan package adds a kernel module required for 802.1q VLAN tagging and the vconfig tool used to configure VLAN sub-interfaces. tcpreplayis a packet injection utility that we will use to replay CDP packets into the network from a pcap file.
The second command loads the 8021q kernel module. If you want the module loaded at boot-up, remember to add it to /etc/modules or the appropriate file for your GNU/Linux distribution.
Discover Voice-enabled Switch Port Information
Plug into the switched network, bypassing the VoIP phone, and perform a packet capture to inspect the switches CDP announcements. If the switch port is configured with a Voice VLAN, the configured VLAN identifier will be advertised. From our output below, the switch says we are plugged into port number FastEthernet0/24 and the Voice VLAN number is 64.
Plug the Cisco VoIP phone back into the switch port and wait for it to come back online. Plug your laptop back into the data port of the phone in your typical daisy-chain topology. Use tcpdump again to capture a single CDP packet, saving it to a capture file. If you’re plugged into the phone, the only CDP packets you should see are those sent by the phone. These CDP packets should be neatly constructed with all of the appropriate voice VLAN values. From the switches perspective (and network administrators monitoring CDP tables), it will look exactly as if a phone is connected to the port, down to the phone model and serial number. ?
The following tcpdump filter looks for the CDP destination MAC address, stops after one packet, and saves it to a file called cdp-packet.cap. You will use this CDP packet capture file in your replay attack.
sudo tcpdump -s 0 -w cdp-packet.cap -c 1 -ni eth0 ether host 01:00:0c:cc:cc:cc
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
1 packets captured
1 packets received by filter
0 packets dropped by kernel
Verify the CDP packet details by reading the capture file with tcpdump. The following shows that everything is in order, including the VoIP VLAN Request for VLAN 64, which highlighted below.
You’ll want to unplug the phone from the switch and plug your computer into the switch port directly. Using the tcpreplay command, you can read and inject the contents of the packet capture file from the previous step, effectively spoofing the Cisco VoIP phone. When the switch receives this packet, the voice VLAN will be available to use.
Once the Voice VLAN is enabled, you will only have a limited amount of time to use it. A typical Cisco phone will send a CDP packet every 60 seconds, so you can simulate this behavior by running your command in a timed loop. I prefer to use the watch command, and leave it running in a terminal until it’s no longer needed. Using the command below, the CDP packet will be replayed every 60 seconds.
In order for you to access the voice VLAN, you must add a sub-interface for eth0 using the vconfig command. The following example uses vconfig to add a sub-interface that tags packets to access VLAN 64. The sub-interface will be named eth0.64 as shown below.
sudo vconfig add eth0 64
Added VLAN with VID == 64 to IF -:eth0:-
At this point you can access the VLAN in any fashion you see fit. For example, you can obtain an IP address via DHCP and test communication by pinging your default gateway as shown below.
sudo dhclient3 eth0.64
Listening on LPF/eth0.64/00:26:b9:bc:5b:68
Sending on LPF/eth0.64/00:26:b9:bc:5b:68
Sending on Socket/fallback
DHCPDISCOVER on eth0.64 to 255.255.255.255 port 67 interval 3
DHCPOFFER of 10.1.64.11 from 10.1.64.5
DHCPREQUEST of 10.1.64.11 on eth0.64 to 255.255.255.255 port 67
DHCPACK of 10.1.64.11 from 10.1.64.5
bound to 10.1.64.11 -- renewal in 35707 seconds.
ping -c 4 10.1.64.1
PING 10.1.64.1 (10.1.64.1) 56(84) bytes of data.
64 bytes from 10.1.64.1: icmp_seq=1 ttl=64 time=2.88 ms
64 bytes from 10.1.64.1: icmp_seq=2 ttl=64 time=2.85 ms
64 bytes from 10.1.64.1: icmp_seq=3 ttl=64 time=2.84 ms
64 bytes from 10.1.64.1: icmp_seq=4 ttl=64 time=2.30 ms
--- 10.1.64.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 2.303/2.721/2.888/0.244 ms
However, for network administrators that wish to limit the threat associated to unauthorized voice VLAN access, consider the following recommendations.
1. Enable security features that prevent layer-2/3 man-in-the-middle and other nefarious attacks. DHCP Snooping, Dynamic ARP Inspection, Port-Security, and IP Source Guard will help in keeping attackers from intercepting voice traffic, and a number of other threats associated with layer-2/3 spoofing.
2. Add VLAN access lists and Layer-3 boundary ACL’s limiting clients on the Voice VLAN to access only resources required for VoIP functionality. By limiting voice VLAN communication to the minimum required protocols and port numbers, you will greatly reduce the attack surface for the rest of your network.
3. Apply QoS policies that limit the effects of attempted Denial of Service attacks against the VoIP infrastructure. Auto QoS and even simple Storm Control features can help limit traffic, and actively notify administrators of abnormal traffic patterns.
4. Protect your IP telephony system at the application layer by requiring VoIP phone authentication and encryption.
There are some really cool projects dedicated to exploiting this vulnerability and similar weaknesses by other manufacturers. One such tool called VoIP Hopper completely automates the above process. It even comes with it’s own built-in DHCP client, and is kind enough to automatically generate pre-constructed CDP packets for you.
I hope you have found this tutorial useful. Feel free to add comments, suggestions, or drop me an email for confidential questions!
If you have a source video file encoded with an AC3 Dolby Digital audio stream, you can extract the audio in it’s native format using FFMpeg.
The following example shows how to identify the available audio streams of the file video.avi. Just use ffmpeg without any output options, and you can see there are two streams (0.0 and 0.1), the second is AC3 audio.
ffmpeg -i video.avi
Input #0, avi, from 'video.avi':
Duration: 01:17:57.64, start: 0.000000, bitrate: 1587 kb/s
Stream #0.0: Video: mpeg4, yuv420p, 672x576 (snipped for brevity)
Stream #0.1: Audio: ac3, 48000 Hz, 5.1, s16, 448 kb/s
At least one output file must be specified
The following command will extract the AC3 audio stream to a file called audio.ac3.
Be the First to Comment 
The overhauled culprit boasts multi-vector propagation. One of the payload delivery techniques comes down to malspam, where would-be preys receive emails masqueraded as customer support notifications from a bank. These phishing emails contain a ZIP archive attachment that, when unpacked, fires up a VBS downloader behind the scenes. This entity is the one liable for installing GandCrab v3 onto a target host. Another mechanism of infection is based on the Magnitude exploit kit. In this case, all it takes to get contaminated is visit a hacked website with toxic scripts surreptitiously running on it.
Given the origin of the Svpeng bank malware, DoubleLocker could be turned into what we call ransomware. The malware acts in two stages – it tries to delete the bank or PayPal account and then blocks the data and device to demand a ransom. We found a test version of this ransomware in May 2017.
