avast.lt
avast! antivirusinė programa Antivirusinė programa verslui ir namams. Saugus verslas - Endpoint protection, File server and Email server security
12/04/2023
Apie avast nuskaitymus, dėl kurių sulaukiame skundų, kreipinių.
avast parduoda produktus įvairiais (tame tarpe skaitmeniniais ir tiesioginiais) kanalais, taigi jei produktas pirktas ne iš mūsų įmonės, mes galim tik patarti - nukreipti, nurodyti linką, adresą susirašinėjimui ir pan. Gera alternatyva - pirkti avast produktus mūsų įmonėje - nekils nesusipratimų atsiskaitant ar pratęsiant produkto prenumeratą.
Natūralu, kad norint atgaut lėšas reikia kreiptis kontaktais per kuriuos pirkote - ty. ten, kam mokėjote/prenumeravote.
Naudinga žemiau esanti informacija:
Avast pagalba įvairių klausimų sprendimui: https://support.avast.com/en-ww
ir čia: https://support.avast.com/en-ww/contact/paid
https://support.avast.com/en-ww/article/126/
Taip pat siūlome parašyti bankui pretenziją - elektroninėje bankininkystėje paprasta būna numatyta tokia galimybė.
Canceling a subscription via your Avast Account | Official Avast Support Step-by-step instructions to cancel a subscription via your Avast Account.
From small office to global company,
we’ve got you covered
01/11/2021
01/11/2021
What does Apple know about you?
What Is Hacking? What are the three types of hackers?
Depending on their motivations, hackers can be one of three types: black hat, white hat, or grey hat. Let’s take a look at who they are and what distinguishes them from one another.
Black hat hackers
A black hat hacker is the shady cybercriminal described above. They’re the ones cracking through cybersecurity systems to gain unlawful access to a computer or network. If a black hat hacker discovers a security vulnerability, they’ll either exploit it themselves or alert other hackers to the opportunity, typically for a price.
Most of the time, the ultimate goal of a black hat hacker is to make money, whether through direct financial theft, the sale of compromised information, or extortion. But sometimes, they’re simply looking to cause as much chaos as they can.
White hat hackers
White hat hackers are the counterparts to the black hats. They’re just as skilled, but rather than pursuing criminal ends, these kind souls apply their talents toward helping businesses shore up their digital defenses. A white hat hacker will intentionally attempt to crack a system, with permission from its owner, in order to identify weak points to be repaired. This type of work is also known as “ethical hacking.”
Many white hat hackers work in-house at large companies as one part of the organization’s larger cybersecurity strategy. Others offer their services as consultants or contractors, hired to test a company’s security. They may go beyond pe*******on testing — evaluating the strength of a cybersecurity system — to also test employees themselves with phishing campaigns aimed at securing their login credentials.
Grey hat hackers
Between those two sit the grey hat hackers. They’re not quite the paragons of altruism that white hat hackers are, nor are they dedicated to criminal acts. Where white hats obtain permission before probing a system for vulnerabilities, grey hats skip that part and head straight to the hacking.
Some grey hats behave like mercenaries, discovering weaknesses and then approaching the business to offer their services at a fee. Others hack in order to force a reluctant business to take action against a certain vulnerability. A notable instance of grey hat hacking in 2013 resulted in Facebook having to acknowledge and repair a security flaw after it previously ignored the hacker’s warnings.
17/09/2021
The dark web: a primer for the rest of us
Understanding the difference between the public web, the deep web and the dark web.
What is the dark web?
Most of us tend to think about the web as a single destination, available through our browsers on our laptops and phones. But over the years it has evolved into three very different parts: the clear or public web, the private or deep web and the darknet or dark web. In this primer, we explain their differences, what kinds of information can be found in each part, and why you need to protect yourself when you access this content. As you can tell by the fact that we list different terms, there is no hard and fast division among the three pieces. Here is a good explainer published by the FBI back in 2016, which is somewhat outdated but a useful starting point.
The public web is the web that most of us are very familiar with: the sites that are run by the major dot com businesses, the SaaS sites that provide our software for running common office applications and email, and so forth. This is the data that freely flows between our computers every day. These sites are searched and recognized by Google and other search engines. If you have a web security tool, this is the part of the web that is their focus. Most of the security products give the other parts of the web short attention, if at all.
But when we move to the private web, we come to a part of the online world that isn’t easily indexed by the search engines or covered by security tools. This includes private Intranets, instant messaging (IM) services, chat rooms, discussion forums and private databases that are behind various firewalls or that have no public Internet footprint. Until a few years ago, most hackers didn’t focus on using these areas to gain footholds into business networks but that has changed. As IM usage has taken off (with Microsoft Teams, Slack and other services), adversaries have created tools that can leverage the lack of much built-in security across these services. This makes IM a prime target of opportunity for phishing-like attacks in particular. As an example of the increasing threats that can be found coming from private web sources, just look at the number of Slack add-on security tools.
Finally, there is the dark web. This portion of the online world is much more difficult to get our hands around. Like the private web, these sites take pains to not appear on search indexes, mainly because some of them offer illegal goods and services, including drugs, stolen data (such as credit card numbers) and hacking tools. Not all its content is illegal, but there is a lot that could be questionable.
Examples of this dark web content includes:
Places where you can hire hackers to break into networks
Drugs and other illegal items
Lists of username/password pairs taken from data breaches
Tutorials on how to use computing tools, especially those that relate to hacking, malware writing, exploitation and code cracking
Financial data on companies that could be available from a public site or data breaches.
Compromised sites and suspicious domains for sale
Source codes of “undetectable” malware that are for sale
Directories of command and control servers for hire for launching DDoS and other attacks
URLs of malware file-sharing sites
Censored content of all kinds
To access the dark web usually requires a special browser called Tor. Most estimates peg its popularity to about five percent of the total Internet content and traffic. They use the naming conventions of .onion domains instead of .com or .net. For example, this link will take you to a list of hard-to-find printed books. Even Facebook has its own presence on the dark web. Why would legitimate businesses have these sites? They can be used to help their developers understand how to use them, and how to protect their data. You’ll notice that these sites have very convoluted domain names: their owners want to make it harder to track and find them, unlike the public web where your brand name is often synonymous with your domain name.
Most of the denizens of the dark web are scammers and swindlers, looking to separate you from your money and your data. These scammers are constantly on the move, trying to stay ahead of law enforcement and vigilantes who are trying to expose their scams. The dark web sites themselves are also on the move as they can be common targets on denial of service attacks. This means that a lot of material is outdated. And as you might expect, the coins of this realm are cryptocurrencies such as bitcoin that make it hard to know exactly whom you are doing business with.
Why does the dark web matter to ordinary web users?
Let’s look at two different perspectives for why ordinary web users should care about the dark web. There is the interest for cybersecurity professionals, who have three basic concerns: first, it is useful to know if your business brand has been mentioned there. This could harm your reputation or confuse your potential customers with someone who is trying to sell fake goods and services. It could also indicate that some data has been leaked from your company.
A second reason is that these dark web mentions could be examples of an early threat warning before malware is detonated across the public web. Because there are so many threat actors that operate on the dark web, you can find out what they are planning and what malware they are testing before the attacks are seen anywhere else.
Finally, the dark web is getting darker. It is increasingly occupied by professional criminals and not just script kiddies or society misfits. The exploits are getting more sophisticated and malware obfuscation tools and techniques are being increasingly seen and traded.
But even if you aren’t a cyber professional, you should still be concerned about the dark web, because your private data could exist on one or more of the stolen credential databases that are being traded online.
What can you do about it?
There are a variety of information sources that can be used to investigate whether your private data has found its way to the dark web. Troy Hunt’s HaveIbeenPwned.com keeps track of millions of logins across years of collecting them from various breaches. It is a good first place to start and you can set it to notify you when your email account has been found in a new collection.
Avast’s BreachGuard is another tool that can alert you if your information is involved in a breach. It scans the dark web daily looking for your information and alerts you if it is found. It also contains tips on how to keep yourself protected and ways to find out if your information is out there. Information on the Avast BreachGuard product can be found here.
How to protect your personal data online
Given that a lot of dark web content has to do with your credentials, a good place to start thinking about how to protect yourself from ending up on these databases is to strengthen your login authentication. The first thing to do is to eliminate your own password reuse. Yes, it is convenient to have the same password for multiple sites, but, that is giving criminals an easy way to compromise your identity. There are a couple of tools that can be useful here, including a password manager (such as Lastpass and 1Password) and a smartphone authentication app (such as Google Authenticator and Authy).
Second is to minimize your data footprint. Here are a few examples of how to do this:
Do you really need to provide your birthday to anyone on social media? Sure, it is nice to get e-greetings at that time of year, but this just makes it easier for hackers to masquerade as you. Your real-life friends will know your birthday, let’s just leave it at that. If you must provide a date, use something that is obviously false like January 1 or April 1.
Don’t fill out every field in a form that requests private information. For example, do you really need every airline and travel site to have your passport number on file?
Think about using a payment processor that can anonymize your credit card data. Services such as Google and Apple Pay can make it harder to intercept your data when checking out at an ecommerce site, for example.
As you can see, protecting your data from reaching the dark web isn’t a simple process, and will require a series of careful steps.
31/08/2021
Plus, zero-click spyware attack and the digital guide to breaking up
Apple’s Tim Cook, Microsoft’s Satya Nadella, and Amazon’s Andy Jassy are among a group of tech CEOs that were called to a White House meeting Wednesday by President Joe Biden. The point of the gathering was to discuss efforts by private companies to improve cybersecurity following a year of increased ransomware and other cyberattacks, according to Bloomberg. The list of invitees also included tech, energy, water, and banking companies.
“Cybersecurity should be a top priority, and the president knows it,” commented Avast Security Evangelist Luis Corrons. “His administration’s already started talking with Russia's government, and now he’s meeting with some of the main American companies. Neither Biden nor Microsoft, Google, IBM or Apple CEOs are security experts, but they do have the power to set in motion their companies’ resources to work towards improving cybersecurity.” A senior official familiar with the event told Bloomberg the meeting will most likely address the need for better supply chain security, coming just a month after the massive SolarWinds supply chain attack. For more, see Ars Technica.
Microsoft Exchange attacks are back
Echoing a wave of cyberattacks earlier this year, a surge in attacks on Microsoft Exchange servers has been detected, and the U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an urgent bulletin to remind organizations to patch their systems against these attacks. In March, hundreds of thousands of Microsoft Exchange servers, hosting both business and personal accounts, were targeted by Chinese nation-state group Hafnium. The attacks this round differ from the Hafnium attacks in that they target a different vulnerability – Microsoft’s ProxyShell. All businesses, including SMBs, are advised to protect their systems. For more, see CyberScoop.
Massive IoT botnet infects routers, repeaters
A DDoS botnet gang has infected hundreds of thousands of IoT devices, including network gateways, routers, and repeaters, manufactured by at least 65 different vendors. The vulnerability is in the software development kit (SDK) that ships with RealTek Chipsets, which are basic system-on-chip (SoC) boards around which device-makers can build their firmware. Over 200 device models are vulnerable, with the most common being the Netis E1+ extender, the Edimax N150 and N300 Wi-Fi routers, and the Repotec RP-WR5444 router. For more on this story, see The Record.
Consumer Reports publishes digital guide to breaking up
In an effort to ease the heartache of an ended relationship, Consumer Reports has published A Digital Guide to Breaking Up. Subtitled “How to Reclaim Your Online Accounts After a Relationship Ends,” the guide offers advice on how to keep your social media feed free of painful memories and how to sever any shared accounts cleanly and quietly. The first task is to make a thorough list of shared accounts, as long-term relationships may have led to more shared accounts than one might immediately remember. Other helpful tips cover how to change your password for services such as Amazon Prime Video, Apple TV, and HBO Max. If the relationship was abusive, Avast has seven tips to help ensure you are not being tracked by your ex.
Activist’s iPhone hacked with zero-click attack
Internet watchdog group Citizen Lab, based at the University of Toronto, reported that it identified nine Bahraini activists whose iPhones were hacked, some using zero-click iMessage exploits, with Pegasus spyware between June 2020 and February 2021. Citizen Lab feels confident the Bahrain government is behind at least some of the attacks. The targeted journalists include members of the center-left political group Waad, the political opposition group Al Wefaq, and the Bahrain Center for Human Rights. The zero-click attack requires no action on the part of the victim, and completely circumvents Apple’s BlastDoor security. Citizen Lab has dubbed the attack FORCEDENTRY.
27/07/2021
What are FragAttacks? A new series of attacks against almost every Wi-Fi router has been posted called FragAttacks. Anyone who can receive radio signals from your router or Wi-Fi hotspot can use these vulnerabilities and steal data from your devices. The issue is the design of the Wi-Fi protocols themselves, along with programming errors to certain Wi-Fi devices. Some products have multiple issues and a dozen different CVEs have been posted that document them.
The vulnerabilities were discovered by Mathy Vanhoef, who will be back teaching in the fall at KU Leuven University in Belgium and has worked with a team at New York University in Abu Dhabi. The group tested more than 75 different devices and discovered flaws in Wi-Fi protocols going back to the turn of the millennium. He will present papers at various information security conferences this summer. (His presentation at USENIX is already available.)
Vanhoef isn’t new to Wi-Fi exploits: he discovered the Krack attack back in 2017. This uncovered a problem with the WPA2 protocols, which is one of the reasons why you should no longer use them.
The good news is that the protocol design flaws aren’t easy to take advantage of and there hasn’t been any evidence that any attacker has actually exploited these flaws — at least, not yet. The bad news is that the programming errors are almost trivial to exploit. Lifehacker says that the vulnerabilities are “thankfully obscure enough and require just enough of a physical presence that you should be fine as long as you’re staying on top of your security and updates — which you should be doing anyway.”
In this screencast demo, you can see how the researchers clone the wireless access point to operate on a different channel (one that they can use to record network traffic and take control over an outdated Windows 7 machine). It relies on some very careful elements, such as using a malicious source of DNS, packet injections and firewall bypasses.
As mentioned earlier, it's unlikely that FragAttacks are something that you'll need to worry about. Certainly, you should consider protecting your data by improving website security to always use HTTPS to encrypt all traffic. Many mobile web apps are now using this by default, which means that mobile users can’t be compromised by FragAttacks. You should pay careful attention to logins to websites to ensure they take place over encrypted connections.
Second, use this as a reminder that you need to update your Wi-Fi and broadband firmware regularly. Check to see if your vendor has announced fixes. The researchers have worked on a coordinated disclosure with many of the leading Wi-Fi vendors and organizations over the past nine months to try to get these fixed.
FragAttacks: Demonstration of Flaws in WPA2/3 This is not a "hacking" tutorial but a demonstration about academic IT security research. Made by Mathy Vanhoef of New York University and KU Leuven. The too...
Should you care that these much-loved food delivery apps gather the data that they do?
Even if you weren’t super into takeout before the pandemic, chances are you’ve upped your delivery in the past year. I get it! Cooking gets tedious and boring and we’ve all needed to — literally — spice up our lives while homebound. I know that in my household, takeout has become a much more regular occurrence than I’d probably occur.
But whatever. We all deserve to give ourselves and others some grace right now. But should we be giving food delivery apps grace, too? For this week’s What Does the Internet Know About Me?, I’m going to take a look at DoorDash and GrubHub/Seamless, two of the bigger food delivery app services here in the US. (GrubHub owns Seamless, so I’m batching them together.) I already know that they know I love Chinese food. Let’s see what else they’ve got.
What does DoorDash track? What does GrubHub track?
Both delivery services collect a couple of obvious things that are necessary for them to, you know, bring food to my house. They know my name, my email address, phone number, address, and information about my payment method (i.e. credit card info or PayPal).
DoorDash specifically says in their Privacy Policy that they know the items I’ve purchased and when, any special instructions, and the payment method used, but GrubHub doesn’t mention that in theirs. It seems odd — they kind of have to know that information to get me my food, right? — but I’m not sure there’s a strong conclusion to draw from that omission. They do mention, however, that they also know of any communications with them directly or with their “Delivery Partners.”
On the technical side, DoorDash is definitely watching me. They “use cookies, web beacons, pixels, session replay/screen capture, and similar technologies to collect information and personalize [my] experience with [their] Services.” They also use “session replay technology” to “collect real-time” information about how I interact with the app, including how I scroll it. They’re careful to note that they don’t record keystroke data.
If I access their service through a website instead of my phone (which isn’t a thing I do) or the app on my phone, they also “collect information to better understand customer traffic patterns and Site usage.” That includes the website I visited before visiting their site or app, which parts of the site or app I visited and how much time I spent there.
If I log in with a third party account, like Facebook, DoorDash will exchange information with that service too. They would also access my phone’s phone book for referrals, if I let them. (Which I don’t.) Finally, they track me across different devices “to better tailor content and features” and provide a “seamless experience.”
And speaking of seamless! (See what I did there?) In addition to the obvious stuff listed above, GrubHub/Seamless tracks transaction info, any communications done in-app or via phone or mail, location information, information about my device(s) and software, and analytics info, including through third party services like Google Analytics.
But perhaps the creepiest thing that Seamless/GrubHub does is track the exact location of your phone. From their Privacy Policy:
“If you have previously opted into Grubhub’s collection and use of location-based information through our mobile application, we may collect and store the precise location of your device when the app is running in the foreground or background of your device.”
Yikes. That means that if you don’t opt out of location tracking on your phone, they potentially know where you are at all times.
What do DoorDash and GrubHub do with my data?
Both DoorDash and GrubHub need some — to be fair, kind of a lot — of the data they collect in order to tell me what restaurants are nearby and then to deliver my food when I order it. They also have a legitimate interest in learning my likes and recommending similar restaurants in the future. Realistically, the nature of the business of a food delivery app means that they’re going to have to collect a lot of data about me.
However, I do think they step a bit over the line with the technical information they collect. I can see the business argument for it — I’m sure there’s a justification for why they need to know where I am at all times — but I just don’t think it’s valid. I don’t think they need to track as much of the technical information about me as they do, and I don’t like the ways they use it outside of getting food from local businesses to my house. Namely: third-party advertising. And they’re pretty broad about that. From GrubHub’s Privacy Policy:
“We work with third-party Ad Networks and Advertising Partners to deliver advertising and personalized content to you on our Platform and Services, on other sites and services you may use, and across other devices you may use. These parties may collect information directly from your browser or device when you visit the Platform through cookies or other tracking technologies. This collected information is used to provide and inform targeted advertising, as well as to provide advertising-related services such as reporting, attribution, analytics and market research.”
And while GrubHub doesn’t give instructions on how to opt out of data collection for third party advertising, DoorDash, on the other hand, does so directly in their Privacy Policy. That’s a point in their favor from me.
Should I care that food delivery apps gather so much data?
I’m bummed out by this investigation because, like all millennials, I like the convenience of ordering on an app — and not having to talk to a person on the phone. (Although honestly, as I’ve gotten older, the talking on the phone thing is less of an issue.) But the many, many ways GrubHub and DoorDash track me definitely has me concerned. Is it worth that much data being sucked up about me just for a slightly easier ordering experience?
Add on the fact that it became very clear during the pandemic just how big of a cut these food delivery apps take — and how shady some of their business practices are — and I think I might go back to ordering on the phone.
That, or I’ll make my partner order using apps on his phone. Then it’s his info being collected, not mine. (Kidding. Or am I?)
What do security cameras know about you? Are you being watched? Find out what data security cameras in your neighborhood collect about you and what they do with it.
When we talk about “surveillance culture” or the “surveillance economy” in the tech world, we’re usually talking about digital surveillance. Tracking on social media. Cookies across the web. Data brokers creating “shadow profiles.” But this week on What Does the Internet Know About Me?, I want to take a closer look at what happens when old school video surveillance crosses wires with new school digital surveillance.
You’re probably aware of the fact that some of your neighbors have home surveillance cameras and systems. That’s nothing new, right? I’m pretty sure my parents even got one after our home was burglarized in the ‘90s.
But the difference between those early home surveillance systems and the ones out there today is the fact that they’re hooked up to the internet. So let’s take a look at what security cameras in my neighborhood know about me.
What types of surveillance can you expect in your neighborhood?
Obviously every neighborhood is different and is going to have varying levels of surveillance. For example, if you live in public housing you can probably expect that your building has some level of security system that’s monitored by the government agency that lets your building. On the other hand, if you live in a neighborhood that’s primarily single family homes, you’re more likely to be watched by a variety of different private home security systems. And if you have shops in your neighborhood, you might also be surveilled by closed-circuit television (CCTV) cameras or other private security systems. Each of these presents a different potential privacy issue.
“The kind of internet-enabled video surveillance which is prevalent now can have increased privacy risks over more traditional CCTV approaches, because it is more widely adopted by private citizens and thus may appear in new contexts: Where you previously expected to be surveilled in a shop, do you now have to expect it in or outside your friends' homes?” Avast Chief Privacy Officer Shane McNamee says. “They’re also often set up in a way that involves the recordings being transmitted to and stored by third parties, on their servers, unlike traditional CCTV setups which normally stored recordings locally and for a limited time.”
If we’re looking just at private homes, the top 10 home security brands are:
Nest camera
Arlo
Google Nest
Amason Ring
Blink xt2 (blink for home)
Logitech
Reolink Argus 2
Netatmo Welcome
Vantrue N2 Pro
Canary Flex
YI Home Camera
And if we’re looking at businesses, the top five security camera brands for small businesses are, according to Google:
Arlo
Swann
Reolink
Panasonic
D-Link Vigilance
Google Nest
What data is collected about me by neighborhood security cameras? Where does it go?
Each brand collects different levels of data and does different things with them, so it’s going to be pretty difficult to figure out what exactly is being collected stored in any given neighborhood. For example, some of the popular home surveillance systems are owned by companies that are known to suck up data. (Ring, which is owned by Amazon, is the most obvious and well-known example of this.) Others don’t. It’s really going to vary from company to company.
All of the companies collect personal info about the owner of the device, both in order to provide the services they paid for and, in some cases, to put into their pool of data about users. They all also record and store video and audio recordings for a set amount of time, based on the owner’s preference.
In other words: It’s kind of impossible to know exactly what’s being recorded and stored about me by my neighbors’ security cameras. Additionally, homeowners now post videos of package thieves and attempted home entry to hyperlocal social media sites like Nextdoor, sharing that information to an even broader audience than ever before. And when and if Amazon and other surveillance companies start incorporating facial recognition software into their products, the privacy implications will be massive.
If you live in the EU or the UK, another consideration is that cameras surveilling public spaces — i.e. anything beyond the homeowner’s property — might be subject to the GDPR. That means you might have rights to access and even delete that data. You can learn more about how GDPR applies to neighborhood surveillance here.
While most What Does the Internet Know About Me? posts end with me saying whether or not a product is worth the privacy tradeoffs, unfortunately I can’t do that here. None of us are in charge of what our neighbors record on or in front of their property — or what they do with those recordings.
What you can do, however, is to start or continue advocating for better privacy regulation across the board, both digital and in person. Let your politicians know that this is an issue you care about and are willing to go to bat for. It’s the only way this type of thing is going to change.
Click here to claim your Sponsored Listing.
Category
Contact the business
Telephone
Website
Address
Vilnius
15/09/2025