The Google Forms WordPress plugin through 0.95 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2022-3834

Google provided investigators with location data for more than 5,000 devices as part of the federal investigation into the attack on the US Capitol.

The FBI’s biggest-ever investigation included the biggest-ever haul of phones from controversial geofence warrants, court records show. A filing in the case of one of the January 6 suspects, David Rhine, shows that Google initially identified 5,723 devices as being in or near the US Capitol during the riot. Only around 900 people have so far been charged with offenses relating to the siege.

The filing suggests that dozens of phones that were in airplane mode during the riot, or otherwise out of cell service, were caught up in the trawl. Nor could users erase their digital trails later. In fact, 37 people who attempted to delete their location data following the attacks were singled out by the FBI for greater scrutiny.

Geofence search warrants are intended to locate anyone in a given area using digital services. Because Google’s Location History system is both powerful and widely used, the company is served about 10,000 geofence warrants in the US each year. Location History leverages GPS, Wi-Fi, and Bluetooth signals to pinpoint a phone within a few yards. Although the final location is still subject to some uncertainty, it is usually much more precise than triangulating signals from cell towers. Location History is turned off by default, but around a third of Google users switch it on, enabling services like real-time traffic prediction. 

The geofence warrants served on Google shortly after the riot remained sealed. But lawyers for Rhine, a Washington man accused of various federal crimes on January 6, recently filed a motion to suppress the geofence evidence. The motion, which details the warrant’s process and scale, was first reported by the Empty Wheel blog. 

In a statement, a Google spokesperson defended the company’s handling of geofence warrants.

“We have a rigorous process for geofence warrants that is designed to protect the privacy of our users while supporting the important work of law enforcement,” the company said. “When Google receives legal demands, we examine them closely for legal validity and constitutional concerns, including overbreadth, consistent with developing case law. If a request asks for too much information, we work to narrow it. We routinely push back on overbroad demands, including overbroad geofence demands, and in some cases, we object to producing any information at all.”

Google requires a three-step process for geofence warrants to narrow their scope to only those most likely to be guilty of a crime. In the first and broadest step, the FBI asked Google to identify all devices in a 4-acre area, including the Capitol and its immediate surroundings, between 2 pm and 6:30 pm on January 6. Google initially found 5,653 active devices that “were or could have been” within the geofence at that time. When Google added in data from devices that only connected to its servers later that day, or the next, the number increased to 5,723. (Location History works in airplane mode because phones can continue to receive GPS satellite signals.)

In the second step, the FBI asked Google for a list of devices that were present at the Capitol from 12 pm to 12:15 pm on January 6, and from 9 pm to 9:15 pm. As there were no rioters in the Capitol during those times, these devices likely belonged to congressional members or staff, police, and other people authorized to be there. Over 200 such phones were excluded from the initial list, reducing its total to 5,518. 

For the final step, the government sought subscriber information, including phone numbers, Google accounts, and email addresses, for two groups of users. The first was for devices that appeared to have been entirely within the geofence, to about a 70 percent probability. The second was any devices for which the Location History was deleted between January 6 and January 13. 

From this, in early May 2021, the FBI received identifying details for 1,535 users, as well as detailed maps showing how their phones moved through the Capitol and its grounds. Geofence evidence has so far been cited in over 100 charging documents from January 6. In nearly 50 cases, geofence data seems to have provided the initial identification of suspected rioters. 

Rhine was first flagged to the FBI by tipsters who had heard that he had been inside the Capitol. But investigators only identified him in surveillance footage after they matched it against the precise geofence coordinates of his phone. His lawyer is now trying to get the geofence evidence thrown out on a number of grounds, including that it was overly broad in who it rounded up, and that Rhine had a constitutional expectation of privacy in his Google data. 

“The government enlisted Google to search untold millions of unknown accounts in a massive fishing expedition,” the attorneys wrote. “Just a small amount of Location History can identify individuals … engaged in personal and protected activities (such as exercising their rights under the First Amendment). And as a result, a geofence warrant almost always involves intrusion into constitutionally protected areas.”

If the judge tosses the geofence evidence in the Rhine case, there is a chance that he and other suspects identified using it could walk free. 

Matthew Tokson, a law professor and Fourth Amendment expert at the University of Utah, says there remains a high level of uncertainty around the whole idea of geofence warrants: “Some courts have said they are valid. Some have said they are overbroad and sweep up too many innocent people. We are still in the very early stages of this.”

Despite the unprecedented number of individuals swept up in the January 6 search warrant and some strong arguments from Rhine’s lawyer, Tokson thinks the chance of his motion succeeding is very low. “Unlike a geofence warrant for a bank robbery, the people in this location are all likely to be engaged in at least a low-level criminal trespass and in some cases worse,” he says. “There’s a stronger than usual probable cause argument in favor of the government here.”

Andrew Ferguson, a professor of law at American University, agrees. “And that worries me because the January 6 cases are going to be used to build a doctrine that will essentially enable police to find almost anyone with a cellphone or a smart device in ways that we, as a society, haven’t quite grasped yet,” he says. “That is going to undermine the work of journalists, it’s going to undermine political dissenters, and it's going to harm women who are trying to get abortion services.”

The judge is likely to rule on Rhine’s motion in December, with his trial scheduled for late January 2023. While that will decide Rhine’s fate, it is unlikely to settle the question of geofence warrants more broadly. “This very likely will be appealed one way or the other,” says Tokson. “It’s going to be a very high-level, high-profile case likely to generate a major precedent out of the appeals court, if not the Supreme Court.”

A Peek Inside the FBI's Unprecedented January 6 Geofence Dragnet

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform.

The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.

The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats.

It's worth noting that various other messaging platforms, such as Signal, Threema, WhatsApp, iMessage, Wire, Tox, and Keybase, already support encryption for messages.

Google, which previously turned on E2EE for one-to-one chats in its RCS-based Messages app for Android, is currently piloting the same option for group chats. Facebook, likewise, began enabling E2EE on Messenger for select users by default this past August.

Musk further touted that new user signups to the social media platform are at an "all-time high," averaging over two million per day in the last seven days as of November 16, up 66% compared to the same week in 2021. Twitter has over 253.8 million monetizable daily active users (mDAU).

The slides also reveal that reported impersonations on the service spiked earlier this month, before and in the wake of the launch of its revamped Twitter Blue subscription.

The new subscription tier is tentatively set to be rolled out as early as December 2, 2022, with a multi-colored verification system that aims to give out gold badges for companies, gray for governments, and blue for individual accounts.

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

Elon Musk Confirms Twitter 2.0 will Bring End-to-End Encryption to Direct Messages

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform.
The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.

The company's plans for

Twitter chief executive Elon Musk confirmed plans for end-to-end encryption (E2EE) for direct messages on the platform.

The feature is part of Musk's vision for Twitter 2.0, which is expected to be what's called an "everything app." Other functionalities include longform tweets and payments, according to a slide deck shared by Musk over the weekend.

The company's plans for encrypted messages first came to light in mid-November 2022, when mobile researcher Jane Manchun Wong spotted source code changes in Twitter's Android app referencing conversation keys for E2EE chats.

It's worth noting that various other messaging platforms, such as Signal, Threema, WhatsApp, iMessage, Wire, Tox, and Keybase, already support encryption for messages.

Google, which already turned on E2EE for one-to-one chats in its RCS-based Messages app for Android, is currently piloting the same option for group chats. Facebook, likewise, began enabling E2EE on Messenger for select users by default this past August.

Musk further touted that new user signups to the social media platform are at an "all-time high," averaging over two million per day in the last seven days as of November 16, up 66% compared to the same week in 2021. Twitter has over 253.8 million monetizable daily active users (mDAU).

The slides also reveal that reported impersonations on the service spiked earlier this month, before and in the wake of the launch of its revamped Twitter Blue subscription.

The new subscription tier is tentatively set to be rolled out as early as December 2, 2022, with a multi-colored verification system that aims to give out gold badges for companies, gray for governments, and blue for individual accounts.

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

By Habiba Rashid
The hackers from Black Reward Team are also claiming to have deleted nearly 250 terabytes of data from the website from its servers and computers.
This is a post from HackRead.com Read the original post: Iran’s Fars News Agency website hacked as part of anti-govt protests

On Friday, 25th November, the hacktivist group by the name of Black Reward attacked the database of the Iranian hardline Fars News Agency, claiming to have deleted nearly 250 terabytes of data from the website from its servers and computers.

The hackers also claimed to have obtained the confidential bulletins and directives sent by the news agency to the office of Supreme Leader Ali Khamenei.

For your information, Fars is the Iranian government-backed news agency managed by the Islamic Revolutionary Guard Corps (IRGC).

According to the message posted by the hacker group, the compromised data also includes recorded calls, information on internal portals related to administrative conversations and news folders, image archives, and financial documents of the news agency. 

**English Translation via Google**

“For years, the wage earners of “Fars Sludge Spreading Company” have been thinking that no one is protecting them and they are going to gas for themselves. But false imagination! Spreading lies, spreading rumors, creating cases against the people of Iran, working and writing, has a heavy penalty; especially when the “truth becomes clear”, the curtains fall and the lowly nature of these wage earners is revealed to everyone.”

“Most of the black deeds letters of each and every official employee and unofficial collaborator of Fars Sludge Company are in our possession today with all the details and we give this warning to other ration eaters of the IRGC and Mullahs that dark and difficult days are waiting for them. We will come to you one by one.”

“We also give this good news to our dear compatriots that all the information of the Fars Sludge Company, including the confidential news bulletins that they sent to the leadership and the IRGC, along with faxes, recorded calls, information on internal portals related to administrative conversations and news folders, image archives.”

“Also, the financial documents have all been downloaded, and we have also removed nearly 250 terabytes of data, or in other words, what is and what is not Fars Sludge Spreading Company from the beginning until now, from all the servers and computers belonging to this collection – For woman, life, freedom for #Mehsa\_Amini.”

However, Fars News has denied the extent of the hack as described by the hackers. They described the hackers as only being able to destroy the information and news from Friday and reiterated that other information and databases of the news agency had not been breached. 

This is not all. The hackers also published a video apparently showing a journalist from the agency engaged in an indecent sexual act at the agency’s office. The alleged security camera footage has gone viral on Iranian social media. 

The video was posted from the news agency’s manager Habib Torkashvand’s Twitter account which was hacked by the Black Reward group. It was captioned:

“These are the freeloaders of Fars! At the beginning of every week, after coming to the office, they must check who has been at their desk the day before and jerked off!”

Fars News denied that the footage belonged to them but some of the users on Twitter have identified the person in the video to be one of the economic editors of the website. 

Furthermore, this is not the first time Black Reward has attacked the state or the agencies supporting it. As reported by Hackread.com earlier in October, the group claimed to have hacked the email system of Iran’s Nuclear Power Production and Development company and threatened to release its documents if the government did not halt its clampdown on protestors. They said the total data obtained was 50 GB in size. 

However, after the 24-hour deadline passed and the government’s offensive against the protestors did not stop, Black Reward published a trove of documents from Iran’s nuclear program. 

In the past weeks, the group also hacked the emails of managers and employees of Press TV state channel and the employees of Al-Zahra University in Tehran as well as the Legal Medicine Organisation of the country, urging them to support the protests happening in the country.

In mid-September when anti-regime protests began, Black Reward along with the group called Tepandegan, sent millions of texts inviting people to participate in protest rallies. 

Black Reward group’s hack comes just days after an Iranian hacker group by the name of Moses Staff, posted previously unseen footage of a deadly bombing in Jerusalem on Wednesday morning. The footage was obtained from a surveillance camera used by a major Israeli security organization.

1.  Hackers turn to Signal, Telegram and Dark Web to assist Iranians
2.  Anonymous Hits Iranian State Sites, Hacks Over 300 CCTV Cameras
3.  Iran State-Run TV’s Live Transmission Hacked by Edalate Ali Hackers

I am a cyber security writer and one of my favourite games is Minecraft. I also really like obscure cat memes and during my free time, if I'm not found hanging around in Discord voice channels with my friends, I'm probably cycling and taking pictures of random cats on the street.

Iran’s Fars News Agency website hacked as part of anti-govt protests

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it.

**Why is everyone scared of Emotet?**

Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. The victim can be anyone from corporate to private users exposed to spam email campaigns.

The botnet distributes through phishing containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL downloads and then loads into memory.

It searches for email addresses and steals them for spam campaigns. Moreover, the botnet drops additional payloads, such as Cobalt Strike or other attacks that lead to ransomware.

The polymorphic nature of Emotet, along with the many modules it includes, makes the malware challenging to identify. The Emotet team constantly changes its tactics, techniques, and procedures to ensure that the existing detection rules cannot be applied. As part of its strategy to stay invisible in the infected system, the malicious software downloads extra payloads using multiple steps.

And the results of Emotet behavior are devastating for cybersecurity specialists: the malware is nearly impossible to remove. It spreads quickly, generates faulty indicators, and adapts according to attackers' needs.

**How has Emotet upgraded over the years?**

Emotet is an advanced and constantly changing modular botnet. The malware started its journey as a simple banking trojan in 2014. But since then, it has acquired a bunch of different features, modules, and campaigns:

*   2014\. Money transfer, mail spam, DDoS, and address book stealing modules.
*   2015\. Evasion functionality.
*   2016\. Mail spam, RIG 4.0 exploit kit, delivery of other trojans.
*   2017\. A spreader and address book stealer module.
*   2021\. XLS malicious templates, uses MSHTA, dropped by Cobalt Strike.
*   2022\. Some features remained the same, but this year also brought several updates.

This tendency proves that Emotet isn't going anywhere despite frequent "vacations" and even the official shutdown. The malware evolves fast and adapts to everything.

**What features has a new Emotet 2022 version acquired?**

After almost half a year of a break, the Emotet botnet returned even stronger. Here is what you need to know about a new 2022 version:

*   It drops IcedID, a modular banking trojan.
*   The malware loads XMRig, a miner that steals wallet data.
*   The trojan has binary changes.
*   Emotet bypasses detection using a 64-bit code base.
*   A new version uses new commands:

Invoke rundll32.exe with a random named DLL and the export PluginInit

*   Emotet's goal is to get credentials from Google Chrome and other browsers.
*   It's also targeted to make use of the SMB protocol to collect company data
*   Like six months ago, the botnet uses XLS malicious lures, but it adopted a new one this time:

The Emotet's Excel lure

**How to detect Emotet?**

The main Emotet challenge is to detect it in the system quickly and accurately. Besides that, a malware analyst should understand the botnet's behavior to prevent future attacks and avoid possible losses.

With its long story of development, Emotet stepped up in the anti-evasion strategy. Through the evolution of the process execution chain and malware activity inside the infected system changes, the malware has modified detection techniques drastically.

For example, in 2018, it was possible to detect this banker by looking at the name of the process – it was one of these:

> eventswrap, implrandom, turnedavatar, soundser, archivesymbol, wabmetagen, msrasteps, secmsi, crsdcard, narrowpurchase, smxsel, watchvsgd, mfidlisvc, searchatsd, lpiograd, noticesman, appxmware, sansidaho

Later, in the first quarter of 2020, Emotet started to create specific key into the registry - it writes into the key HKEY\_CURRENT\_USER\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER value with the length 8 symbols (letters and characters).

Of course, Suricata rules always identify this malware, but detection systems often continue beyond the first wave because rules need to update.

Another way to detect this banker was its malicious documents - crooks use specific templates and lures, even with grammatical errors in them. One of the most reliable ways to detect Emotet is by the YARA rules.

To overcome malware's anti-evasion techniques and capture the botnet – use a malware sandbox as the most convenient tool for this goal. In ANY.RUN, you can not only detect, monitor, and analyze malicious objects but also get already extracted configurations from the sample.

There are some features that you use just for Emotet analysis:

*   reveal C2 links of a malicious sample with the FakeNet
*   use Suricata and YARA rulesets to successfully identify the botnet
*   Get data about C2 servers, keys, and strings extracted from the sample's memory dump
*   gather fresh malware's IOCs

The tool helps to perform successful investigations quickly and precisely, so malware analysts can save valuable time.

ANY.RUN sandbox has prepared incredible deals for **Black Friday 2022**! Now is the best time to boost your malware analysis and save some money! Check out special offers for their premium plans but for a limited time – from 22-29 November, 2022.

Emotet has not demonstrated full functionality and consistent follow-on payload delivery. Use modern tools like ANY.RUN online malware sandbox to improve your cybersecurity and detect this botnet effectively. Stay safe and good threat hunting!

Found this article interesting? Follow us on Twitter __ and LinkedIn to read more exclusive content we post.

All You Need to Know About Emotet in 2022

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it.
Why is everyone scared of Emotet?
Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication.

For 6 months, the infamous Emotet botnet has shown almost no activity, and now it's distributing malicious spam. Let's dive into details and discuss all you need to know about the notorious malware to combat it.

**Why is everyone scared of Emotet?**

Emotet is by far one of the most dangerous trojans ever created. The malware became a very destructive program as it grew in scale and sophistication. The victim can be anyone from corporate to private users exposed to spam email campaigns.

The botnet distributes through phishing containing malicious Excel or Word documents. When users open these documents and enable macros, the Emotet DLL downloads and then loads into memory.

It searches for email addresses and steals them for spam campaigns. Moreover, the botnet drops additional payloads, such as Cobalt Strike or other attacks that lead to ransomware.

The polymorphic nature of Emotet, along with the many modules it includes, makes the malware challenging to identify. The Emotet team constantly changes its tactics, techniques, and procedures to ensure that the existing detection rules cannot be applied. As part of its strategy to stay invisible in the infected system, the malicious software downloads extra payloads using multiple steps.

And the results of Emotet behavior are devastating for cybersecurity specialists: the malware is nearly impossible to remove. It spreads quickly, generates faulty indicators, and adapts according to attackers' needs.

**How has Emotet upgraded over the years?**

Emotet is an advanced and constantly changing modular botnet. The malware started its journey as a simple banking trojan in 2014. But since then, it has acquired a bunch of different features, modules, and campaigns:

*   2014\. Money transfer, mail spam, DDoS, and address book stealing modules.
*   2015\. Evasion functionality.
*   2016\. Mail spam, RIG 4.0 exploit kit, delivery of other trojans.
*   2017\. A spreader and address book stealer module.
*   2021\. XLS malicious templates, uses MSHTA, dropped by Cobalt Strike.
*   2022\. Some features remained the same, but this year also brought several updates.

This tendency proves that Emotet isn't going anywhere despite frequent "vacations" and even the official shutdown. The malware evolves fast and adapts to everything.

**What features has a new Emotet 2022 version acquired?**

After almost half a year of a break, the Emotet botnet returned even stronger. Here is what you need to know about a new 2022 version:

*   It drops IcedID, a modular banking trojan.
*   The malware loads XMRig, a miner that steals wallet data.
*   The trojan has binary changes.
*   Emotet bypasses detection using a 64-bit code base.
*   A new version uses new commands:

Invoke rundll32.exe with a random named DLL and the export PluginInit

*   Emotet's goal is to get credentials from Google Chrome and other browsers.
*   It's also targeted to make use of the SMB protocol to collect company data
*   Like six months ago, the botnet uses XLS malicious lures, but it adopted a new one this time:

The Emotet's Excel lure

**How to detect Emotet?**

The main Emotet challenge is to detect it in the system quickly and accurately. Besides that, a malware analyst should understand the botnet's behavior to prevent future attacks and avoid possible losses.

With its long story of development, Emotet stepped up in the anti-evasion strategy. Through the evolution of the process execution chain and malware activity inside the infected system changes, the malware has modified detection techniques drastically.

For example, in 2018, it was possible to detect this banker by looking at the name of the process – it was one of these:

> eventswrap, implrandom, turnedavatar, soundser, archivesymbol, wabmetagen, msrasteps, secmsi, crsdcard, narrowpurchase, smxsel, watchvsgd, mfidlisvc, searchatsd, lpiograd, noticesman, appxmware, sansidaho

Later, in the first quarter of 2020, Emotet started to create specific key into the registry - it writes into the key HKEY\_CURRENT\_USER\\SOFTWARE\\MICROSOFT\\WINDOWS\\CURRENTVERSION\\EXPLORER value with the length 8 symbols (letters and characters).

Of course, Suricata rules always identify this malware, but detection systems often continue beyond the first wave because rules need to update.

Another way to detect this banker was its malicious documents - crooks use specific templates and lures, even with grammatical errors in them. One of the most reliable ways to detect Emotet is by the YARA rules.

To overcome malware's anti-evasion techniques and capture the botnet – use a malware sandbox as the most convenient tool for this goal. In ANY.RUN, you can not only detect, monitor, and analyze malicious objects but also get already extracted configurations from the sample.

There are some features that you use just for Emotet analysis:

*   reveal C2 links of a malicious sample with the FakeNet
*   use Suricata and YARA rulesets to successfully identify the botnet
*   Get data about C2 servers, keys, and strings extracted from the sample's memory dump
*   gather fresh malware's IOCs

The tool helps to perform successful investigations quickly and precisely, so malware analysts can save valuable time.

ANY.RUN sandbox has prepared incredible deals for **Black Friday 2022**! Now is the best time to boost your malware analysis and save some money! Check out special offers for their premium plans but for a limited time – from 22-29 November, 2022.

Emotet has not demonstrated full functionality and consistent follow-on payload delivery. Use modern tools like ANY.RUN online malware sandbox to improve your cybersecurity and detect this botnet effectively. Stay safe and good threat hunting!

Found this article interesting? Follow THN on Facebook, Twitter __ and LinkedIn to read more exclusive content we post.

By Owais Sultan
This article will explain to you how to create ISO files from discs while mentioning 3 top ISO creators which are easy to understand and use;
This is a post from HackRead.com Read the original post: How to Create ISO Files from Discs – 3 Best Ways

An ISO file is a disk image of an optical disc. It is a single file that contains all the data from a CD, DVD, or Blu-ray disc. The data is stored in an uncompressed format. ISO files are used to create exact copies of optical discs. They are also used to distribute large amounts of data over the internet.

It is not difficult to answer this question “how to create ISO files from discs.” Numerous freeware tools help to create an ISO file from a DVD or disc. Using them will help you to back up DVDs, BDs, and CDs to your hard drive.

It is the best strategy to create and save ISO backups for your essential program installation. In addition, unlimited online backup services allow for a near-perfect disk backup plan.

A key feature of ISO images is that they are independent and perfectly demonstrate disk data. As they are the sole files, saving and managing them is easier than copying folders and files directly onto a disk.

Windows do not have a default system to make ISO image files, so you have to download a program/tool that does that. Luckily, numerous free tools are available to create ISO images easily, and some of them are given below;

**How to Create ISO Files from Discs – Best Methods**

**Method 1: DVDFab DVD Copy**

Compatibility: Windows, Mac

This top-list DVD copy software is the most prevailing program to compress any DVD and lossless backup. It restores a DVD to a blank disc while offering six different copy mode options. 

This free ISO creator lets users save their DVDs in ISO image format. It comes with a free trial for 30 days.

**Features **

*   It is the best ISO creator and DVD burner, which supports users to copy a DVD to their hard drive in ISO image format. You can also mount or burn a DVD, ISO file, or folder to any blank disc.
*   A DVD copy is also the best program to compress DVD-9 to DVD-5.
*   Moreover, it can copy DVD-9 to DVD-9, DVD-5 to DVD-5, and DVD-5 to DVD-9.
*   It is a free DVD burner that can read all DVDs without caring about their scratches and copy them in the same original quality.

**Method 2: ISO Workshop**

It is a freeware ISO creation desktop program for Windows computers. It will help you to make, copy, and burn ISO files and perform other operations related to ISO files.

ISO Workshop’s GUI will be attractive to users as it is clear and straightforward. It works best for Windows NT over 7 versions. The EXE file size for installation is lightweight at approximately 4 MB, making it a tool that can be used easily.

Its “extraction feature” will help you to extract the ISO content quickly. When you choose an ISO file from your system, it will automatically upload its content. It is best to convert multiple disk images to the ISO file format. It supports PDI, DMG, GI, B5I, ISO, CDI, MDF, IMG, BIN, NRG, and B6i formats. 

Upload the disk file and pull out the content to the required place to backup files. Tap on the top-right button to burn the ISO file. 

**Method 3: ISODisk**

ISODisk is freeware ISO-creating software. It supports making virtual CD/DVD drivers for over 20 drives. It also helps to make and mount an ISO image. Moreover, it offers direct access to ISO image files. 

It can automatically create an ISO image from CD/DVD-ROM. You can easily access the contents of a folder with Windows Explorer after making it a virtual disk.

This standalone program does not require any installation of additional software. Its simple functionality makes it best for beginners. There is a well-managed functions tab with its user guide.

The home dashboard puts all functions within reach. So it is fast to mount or create ISO files from CD-ROMs within 2-3 clicks. Besides being beginner-friendly, it offers advanced functions to the experts. But you cannot use it to compress or encode ISO files. 

The software installation will require you to have; windows computer, 64 MB memory, and 10 MD storage space.

Here is how to create ISO from DVD using DVD Copy software;

**How to use DVDFab DVD Copy?**

*   Install DVDFab 12, and select the required Copy option. Insert the DVD which you want to back up. You can also navigate it using the “Add button.” 

*   You can use the “Drag and Drop” if your required file is ISO. 
*   After choosing the copy mode, select the required output DVD size. It is also possible to set the volume label and other copy choices. 

*   At last, choose the final directory and click “Start Button” to start the DVD copy process. 

**FAQ****Can I mine the ISO file from the disc?**

Third-party software helps to create an ISO file from the physical disc. There are multiple ISO creators in the market. However, you must be very picky as most contain the virus. So we will recommend a DVD copy, ISO workshop, and ISO disk. A DVD copy is greater than others as it can work on any device and offer multiple other features than creating ISO files. 

**How much time is required to create an ISO image file?**

It is very easy to create an ISO image file using any third-party software; however, it may take 50-60 minutes. The time may vary according to the disc size and your device performance. 

**Conclusion**

All ISO creator tools mentioned in the list are freeware. They will never charge you if you use them for making disk backups, copying disks, or sharing them on any platform. However, you must ensure you downloaded them from a trustworthy or official website to avoid viruses. 

1.  Stellar Converter for OST for OST to PST Conversion
2.  The new Wondershare PDFelement with added features
3.  6 Best Ways to Make a Collaborative PowerPoint Presentation
4.  5 PDF Tricks You Should Know To Improve Document Productivity
5.  Google software shows how to remove watermarks from Stock photos

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

How to Create ISO Files from Discs – 3 Best Ways

By Owais Sultan
A parental control app is an effective software that can help parents stay on guard, prevent, and react timely to online and offline dangers.
This is a post from HackRead.com Read the original post: Top 6 Cell Phone Tracker Apps for Parental Control

Do you have difficulty knowing what your kids are up to when you’re not around? Do you want to ensure they’re not getting into trouble or spending excess time on their phones?

If so, then you need a cell phone tracker app. We have your back covered and have handpicked the 6 best free and paid tools for Android and iOS devices to quench your concerns. Forewarned is forearmed.

**Why Would You Need to Resort to a Cell Phone Tracker App?**

Whether a paid or free parental control app, effective software can help parents stay on guard, prevent, and timely react to the following online and offline dangers:

1.  Sexual predators that target kids online or in the real world
2.  Involvement in cyberbullying, either as victims or perpetrators
3.  Exchanging inappropriate photos or videos with others
4.  Communicating with strangers that try to lure children into meeting in person
5.  Risk of kidnap or trafficking if they spend excess time alone or unsupervised
6.  Access to inappropriate websites
7.  Kids spend excess time on phones and inadequate time doing homework or interacting with the family

The market is riddled with cell phone tracking apps, making picking the right one challenging. This article lists the most prominent and handy solutions for parents.

Did you know around 2100 children go missing in the US daily? Kids are usually easy to find when parents provide relevant information about them. Resorting to the right prevention measures can help parents ensure their kids’ safety. 

**6 Advanced Cell Phone Tracker Apps for Parental Control**

A family tracking app enables parents and guardians to monitor their children when they are not around. Therefore, if you are unsure whether your kids are where they claim to be or are lying, the app can help you know the truth. Here are some of the top-notch tracker apps to help monitor their whereabouts and not only.

**Keep Your Kids Safe with the uMobix Parental Control App**

uMobix is the best parental control app today. It allows real-time tracking of daily progress on their mobile phone or tablet. With this phone monitoring app, users are enabled to capture browser history, see screengrabs, and supervise over 30 apps, including Facebook, WhatsApp, Instagram, TikTok, Telegram, and Snapchat.

This phone tracking app has advanced monitoring features, including a GPS tracker, outgoing, incoming, and missed call records, mic and camera access, text message history, deleted call history, message, and contacts. Also, this monitoring app can capture keystrokes to see what your loved ones are up to.

Additionally, uMobix allows you to remotely pull videos and photos from the target phone and store them on your device. Its advanced GPS tracking feature lets you know the real-time location of the required gadget. Thus, your kid can’t lie about their location anymore if you use this app to track them without knowing.

**How to Use uMobix to Track Your Kid’s Location**

Since uMobix has a demo version, it is possible to use it as a free app to view your child’s phone. The 1-day trial offer allows users to start monitoring for $1. For the extended version, follow these steps to watch your kids with uMobix.

1.  Register by selecting a subscription plan and complete the purchase to receive detailed instructions.
2.  Access the target phone to install uMobix by following the instructions provided in the user account. The process differs for Android and iOS but is straightforward in both cases.
3.  Navigate to your account to receive real-time data about the required phone activity. The GPS location tab can identify your child’s whereabouts anytime.
4.  Cocospy – Multifunctional Parental Control App for Android and iOS

Cocospy is also among the best phone tracking apps. It makes it possible to supervise locations, calls, messages, and app usage. Also, this tracking software enables you to take a sneak peek at the saved contacts. Installing software is straightforward, after which it is possible to track all outgoing and incoming calls, received and sent messages, browser activity, and social media interactions, including iMessages. 

Some social media platforms to monitor Cocospy include Facebook Messenger, Snapchat, Instagram, WhatsApp, Snapchat, and Viber. The app can detect a SIM card change and check the device’s IMEI number.

You may want to know how to supervise a kid’s iPhone with Cocospy. Well, the process is also straightforward. Just sign up with an email ID, then verify your iCloud account. Add the target’s iCloud details and disable two-factor authentication. After that, monitor the device’s activity and location by logging into your Cocospy account.

Cocospy runs in stealth mode, meaning they won’t detect that you’re monitoring them. Also, it manages your kid’s screen time to ensure they spend only a little time on their device. Thus, it allows you to safeguard their health and keep them safe.

**Spyic – Top-Rated Parental Control App for Real-Time Monitoring**

Spyic is a surefire phone location tracking app that can spot your loved one’s whereabouts without their knowledge. It’s a widely used tool providing tracking solutions for iPhones and Android phones. Also, this web application is easy to use from a browser, meaning you don’t have to download anything.

The software has numerous features that make it ideal for location tracking. It’s a hidden family tracking app with a feature-packed online dashboard. For instance, Spyic is there for you to locate a phone’s location without installing an additional app. Access this feature by logging in to your Spyic account via a web browser.

Additionally, Spyic uses unique security protocols to ensure that nobody else can view data about the target device. It shares the target phone’s location coordinates directly with you, and its servers don’t store anything.

Using this app to pin down somebody’s location assures you that they won’t know you’re doing it. Thus, you may monitor their movements, the areas they previously visited, and check-ins. 

**Google Family Link Free Phone Tracker**

As the name suggests, Google Family Link is a family locator that enables you to keep loved ones safer online. Families have unique relationships regarding technology. Therefore, this device and location tracking app provide greater flexibility to allow users to select the right balance for their families. Also, this application helps you create healthy online habits for your family members.

**Find My Kids – Child Locator**

Find My Kids is a location tracker for ensuring child’s safety. It helps you keep in touch with children when they are not nearby or fail to respond to your calls. This GPS phone tracker allows parents to pin down their kids on Google Maps and see their movement history.

Another benefit is the opportunity to find out the apps your children use, including social media platforms and their interactions with them. The time tracking capability helps you know the duration your kids use their devices and the apps they use the most. The family chat feature may make this app unique. It lets you chat with the kids and use funny stickers to enhance the fun. 

This parental control app for free use makes it possible to keep track of your loved ones with minimum expenses, though its functionality is somehow limited compared to tracking apps outlined above. The app is available for Android and iOS users.

**Life360**

The last app on our list is Life360. It’s a well-known app in the US, offering only limited functionality outside the country. Here’s what the app can do for you: 

1.  The app allows you to plan routes and schedules with your family members. 
2.  You can request or send real-time locations. 
3.  You can set up smart notifications for when someone reaches a particular destination or leaves it. You also get alerts if someone’s phone battery is running dry. 

You’ll need Life360 installed on the target iPhone to get it to track the device’s location. You’ll also need permission from the target device, which may or may not be possible.

**Is it Legal to Supervise Your Child’s Device?**

It is legal for parents and guardians to supervise their children’s devices as long as they are minors. Provided the child is under 18 (pay attention that every state has a different age of being an adult), a US parent or guardian can monitor how they use their mobile phone or tablet. That means the parent can use a cell phone tracker to observe their whereabouts and interactions with other people.

The Children’s Online Privacy Protection Act gives parents control over the information that children can access online. This rule protects kids under 13 while considering the internet’s dynamic nature. Also, it applies to online service providers and commercial website operators. When it comes to monitoring an adult person, written consent is required.

**What Should I Look for in a Parental Control App?**

The following tips should help you choose an app to track cell phones.

*   Privacy: You don’t want to expose your loved one’s privacy to the wrong people. Therefore, pick an app that allows for secure and safe parental control.
*   Transparency: The top phone tracking apps are transparent in their operations. They ensure that users know what they can do and how they help them enhance their kids’ safety.
*   Network security: A good tracker app keeps a child safe from illicit content, cyberbullying, and other online crimes.
*   Activities: The primary phone tracker work is to check out the activities the target person does on their device. And this entails all the actions an individual can perform on their device. Therefore, go for an app that can track your phone when lost, monitor social media and online activities, and do everything your kid can do on their phone. Also, it should let you monitor websites and app usage.
*   Friendly interface: An ideal parental control application is easy to use and navigate.
*   Compatibility: Choose an app compatible with the phone required, whether iPhone or Android. Some apps require only the phone number only to track a mobile device.

**Keep Your Kids Safe with the Right Monitoring Software**

Although some make use of a free phone tracker to keep track of loved ones, premium applications are better due to extended functionality and glitch-free operation. That’s because they have more practical features and functionalities. Also, consider customer support, price, and user reviews. Ideally, take your time understanding how the phone tracker app you want to use works to pick one that suits your needs.

1.  What is a parental control app and what are your options
2.  Croatian Police arrests minor over A1 Telecom ransom demand
3.  9 risky apps that you need to monitor on your kids’ smartphone
4.  Germany bans kids’ smartwatches, asks parents to destroy them
5.  Medical Software Firm exposes vulnerable children’s sensitive data

Top 6 Cell Phone Tracker Apps for Parental Control

Badaso version 2.6.3 allows an unauthenticated remote attacker to execute arbitrary code remotely on the server. This is possible because the application does not properly validate the data uploaded by users.

**The API & platform builder, build your apps 10x faster, even more.**

It's open source & 100% free !

Try live demo

     

**Why badaso ?**

*   **100% FREE** - No need for extra thinking about finance to adopt badaso
*   **Modern PWA Dashboard** - Fast and SPA based on Vue.js with PWA technology
*   **Native installation** - Lazy to open the browser? Install badaso on Windows, Linux, MacOS, Android & iOS
*   **Working offline** - No more f\*cked with a bad internet connection, badaso can running offline
*   **Headless** - Badaso use JWT authentication & authorization as default
*   **Seamless integration** - Badaso use Rest API & GraphQL, no need to develop API for your mobile & IoT
*   **Modern design** - Keep your system design amazing and up to date
*   **Secure** - Build based on laravel make it secure as laravel
*   **Modular** - Install custom library in seconds like your other laravel projects
*   **Scalable** - Like your other laravel projects
*   **Easy maintenance** - Like your other laravel projects
*   **Long time support** - Great choice for your long-term project, maintain by uasoft

**Badaso features**

*   **Advanced CRUD generator** - Build your application faster and be more productive
*   **API generator** - Integrate your application (mobile, desktop, even IoT) through Rest API & GraphQL
*   **User management** - Manage your application user
*   **Role management** - Your application user can have a different role
*   **Permission management** - Each role has different access permission
*   **Menu management** - Manage your application menu so easy and faster
*   **Database management** - Handle your database migration via application
*   **Activity logging** - Keep your system safe, know who makes the trouble
*   **Log UI viewer** - No need to open your server to check the log, just stay focused on your application
*   **Daily database backup** - Keep your valuable database safety
*   **Media manager** - Manage your local & cloud media via application
*   Many more!

**Live demo**

Click here for live demo (some error may happen because random test by a lot of random people)

The live demo will reset every 1 hour

**Getting started (installation, how to use & more)**

You can see official badaso documentation.

**Support Badaso**

To keep badaso up to date and support this awesome long-term project you also can donate to badaso.

We appreciate it so much and will keep badaso up to update and support your awesome long-term projects!

*   Become a backer/sponsors on OpenCollective
*   Become a sponsor via github
*   One-time donation via Paypal
*   Direct (contact hello@uatech.co.id)

Good financial support will make badaso keep up to date and keep support your awesome long-term projects!

Thanks to all backers & sponsors!

**Sponsors****Contributing**

Thank you for considering contributing to badaso !

Please read our contributing guideline before submitting a Pull Request to the project.

Thanks to all contributors!

For documentation repo contributing click here.

**Community support**

For general help using badaso, please refer to the official badaso documentation.

For additional help, you can use one of these channels to ask a question:

*   Github discussion (Questions and Discussions)
*   Github issues (Bug reports, Contributions)
*   Facebook groups (Discussion for active facebook users)
*   Telegram groups (Discussion for active telegram users)
*   Youtube tutorial (For visual learner)

**Credits**

Thanks to these awesome projects that make badaso awesome :

*   laravel/laravel (Framework)
*   vuejs/vue (Javascript framework)
*   lusaxweb/vuesax (Vue component)
*   spatie/laravel-backup (automation production database & application backup)
*   spatie/laravel-activitylog (logging dashboard activity)
*   spatie/flysystem-dropbox (dropbox cloud storage integration)
*   nao-pon/flysystem-google-drive (google drive cloud storage integration)
*   league/flysystem-aws-s3-v3 (aws S3 cloud storage integration)
*   guzzlehttp/guzzle (advanced http request)
*   webpatser/laravel-uuid (uuid provider)
*   lcobucci/jwt (JWT provider)
*   tymon/jwt-auth (JWT auth provider)
*   arcanedev/log-viewer (application logging GUI)
*   the-control-group/voyager (reference)
*   UniSharp/laravel-filemanager (file manager)
*   Contact us for credit here.

All financial support that badaso gets will also shared to project above to support the ecosystem and make badaso keep up to date and keep your awesome long-term projects running.

**License**

See the LICENSE file for licensing information.

Tag

#google