Avast WEBforum
Other => General Topics => Topic started by: Asyn on November 16, 2010, 02:46:28 PM
-
Kaminsky To Release 'Phreebird' For Easy DNSSEC
http://ba.darkreading.com/authentication/167901072/security/application-security/228200646/index.html
-
Stuxnet has a double payload
http://www.h-online.com/security/news/item/Stuxnet-has-a-double-payload-1137521.html
-
GPUs crack passwords in the cloud
http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/
-
Super-secret debug capabilities of AMD processors
http://www.woodmann.com/collaborative/knowledge/index.php/Super-secret_debug_capabilities_of_AMD_processors_! (http://www.woodmann.com/collaborative/knowledge/index.php/Super-secret_debug_capabilities_of_AMD_processors_!)
http://www.eweekeurope.co.uk/news/amd-denies-cpu-debugger-was-a-secret-13759
-
McAfee Threats Report - Third Quarter 2010
http://www.mcafee.com/us/local_content/reports/q32010_threats_report_en.pdf
-
The enemy in the network card
http://esec-lab.sogeti.com/dotclear/index.php?post%2F2010%2F11%2F21%2FPresentation-at-Hack.lu-%3A-Reversing-the-Broacom-NetExtreme-s-firmware
-
Slow CPU equals malware defense...?
http://www.f-secure.com/weblog/archives/00002067.html
-
European ATM skimmer attacks on the rise
http://krebsonsecurity.com/2010/11/crooks-rock-audio-based-atm-skimmers/
-
Secure Java programming with Fabric
http://www.cs.cornell.edu/projects/fabric/
http://www.cs.cornell.edu/andru/papers/fabric-sosp09.pdf
http://www.news.cornell.edu/stories/Sept10/Fabric.html
-
Chrome to run Flash Player in a sandbox
http://blog.chromium.org/2010/12/rolling-out-sandbox-for-adobe-flash.html
-
Escaping IE Protected Mode
http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftprotectedmodeinternetexplorer_en_xg.pdf
-
An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications
http://cseweb.ucsd.edu/~d1jang/papers/ccs10.pdf
-
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx
-
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx
Pretty interesting information.
Thanks Asyn.
-
Support for WebSockets in Firefox 4 disabled (for now)
http://www.0xdeadbeef.com/weblog/2010/12/disabling-websockets-for-firefox-4/
https://bugzilla.mozilla.org/show_bug.cgi?id=616733
http://www.ietf.org/mail-archive/web/hybi/current/msg04744.html
-
Asyn,
What's the difference between what you're posting in here and what's being posted in the
Security Warnings threat ???
http://forum.avast.com/index.php?topic=52252.0 (http://forum.avast.com/index.php?topic=52252.0)
-
Asyn,
What's the difference between what you're posting in here and what's being posted in the
Security Warnings threat ???
Hi Bob..!
Well, the difference is that I don't post any security warnings here.
Have a nice day,
asyn
-
NIST's search for the super hash – just five candidates left in SHA-3 final
http://www.h-online.com/security/news/item/NIST-s-search-for-the-super-hash-just-five-candidates-left-in-SHA-3-final-1151325.html
-
Operation Payback: protests via mouse click
http://www.h-online.com/security/news/item/Operation-Payback-protests-via-mouse-click-1150790.html
-
Brief Analysis of the Gawker Password Dump
http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_password_dump
-
HeapLocker tool for Windows blocks injected code
http://blog.didierstevens.com/2010/12/06/heaplocker/
http://blog.didierstevens.com/2010/12/14/heaplocker-private-memory-usage-monitoring/
-
FBI back door in IPSec implementation of OpenBSD..??
http://www.h-online.com/open/news/item/FBI-back-door-in-IPSec-implementation-of-OpenBSD-1153297.html
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2
Update: Audits give no indication of back doors
http://www.h-online.com/security/news/item/OpenBSD-audits-give-no-indication-of-back-doors-1158604.html
http://marc.info/?l=openbsd-tech&m=129296046123471&w=2
-
Merry Hacksmas
http://www.h-online.com/security/news/item/Merry-Hacksmas-1159312.html
-
27C3: danger lurks in PDF documents
http://www.h-online.com/security/news/item/27C3-danger-lurks-in-PDF-documents-1162166.html
-
***
SSDs Gaining Ground In Storage, Servers, Laptops
"Solid state drives and Flash memory modules offer multiple-times the performance of traditional spinning hard drives."
http://www.crn.com/news/storage/228800876/ssds-gaining-ground-in-storage-servers-laptops.htm
***
-
Security tool uncovers multiple bugs in every browser
http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
http://en.wikipedia.org/wiki/Fuzz_testing
-
Bypassing Flash’s local-with-filesystem Sandbox
http://xs-sniper.com/blog/2011/01/04/bypassing-flash%E2%80%99s-local-with-filesystem-sandbox/
-
Proof of ownership for IP addresses
http://www.h-online.com/security/news/item/Proof-of-ownership-for-IP-addresses-1164707.html
-
Linux capabilities don't add security
http://forums.grsecurity.net/viewtopic.php?f=7&t=2522
Wiki: https://secure.wikimedia.org/wikipedia/en/wiki/Capability-based_security
Discussion: http://lwn.net/Articles/421671/
Exploit: http://lists.grok.org.uk/pipermail/full-disclosure/2011-January/078350.html
-
Email authentication comes to Google Apps customers
http://googleenterprise.blogspot.com/2011/01/spam-takes-another-hit-email.html
-
Email authentication comes to Google Apps customers
http://googleenterprise.blogspot.com/2011/01/spam-takes-another-hit-email.html
Can you explain how this will effect the average computer user ???
-
Email authentication comes to Google Apps customers
http://googleenterprise.blogspot.com/2011/01/spam-takes-another-hit-email.html
Can you explain how this will effect the average computer user ???
This doesn't affect most of the average (private) computer users..!!
Only interesting for those who use Google Apps... ;)
http://www.google.com/apps/intl/en/business/index.html
http://www.google.com/support/a/bin/answer.py?answer=174124&&hl=en
asyn
-
Waking up the sleeping dragon
http://thesauceofutterpwnage.blogspot.com/2011/01/waking-up-sleeping-dragon.html
http://www.exploit-db.com/exploits/15957/
-
Waking up the sleeping dragon
You are full of happy news. ;)
Maybe you should take a walk outside once in a while ???
-
Adobe plans to make it easier to delete Flash cookies in web browsers
http://blogs.adobe.com/flashplatform/2011/01/on-improving-privacy-managing-local-storage-in-flash-player.html
-
Waking up the sleeping dragon
http://thesauceofutterpwnage.blogspot.com/2011/01/waking-up-sleeping-dragon.html
http://www.exploit-db.com/exploits/15957/
SCADA exploit - the dragon awakes
http://threatpost.com/en_us/blogs/china-cert-we-missed-report-scada-hole-011311
http://thesauceofutterpwnage.blogspot.com/2011/01/wellintech-issues-security-patch-to.html
-
Governmental Cloud in the EU - New Agency Report
http://www.enisa.europa.eu/media/press-releases/governmental-cloud-in-the-eu-new-agency-report
http://www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds/at_download/fullReport
-
Stuxnet not such a masterpiece after all?
http://threatpost.com/en_us/blogs/stuxnet-authors-made-several-basic-errors-011811
http://rdist.root.org/2011/01/17/stuxnet-is-embarrassing-not-amazing/
-
New MS Tool: Attack Surface Analyzer!
http://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx
http://go.microsoft.com/?linkid=9758398
-
New MS Tool: Attack Surface Analyzer!
http://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx
http://go.microsoft.com/?linkid=9758398
Key comment• Supported Operating Systems: Windows 7; Windows Server 2008; Windows Vista
-
The New Trend in "Malware Evolution"
http://blog.seculert.com/2011/01/new-trend-in-malware-evolution.html
-
"Do not track" - Mozilla advocates new data protection standard
http://firstpersoncookie.wordpress.com/2011/01/23/more-choice-and-control-over-online-tracking/
http://www.open-mike.org/entry/thoughts-on-do-not-track
http://ftc.gov/os/2010/12/101201privacyreport.pdf
-
Google releases data protection extension
http://googlepublicpolicy.blogspot.com/2011/01/keep-your-opt-outs.html
https://chrome.google.com/webstore/detail/hhnjdplhmcnkiecampfdgfjilccfpfoe
-
Just so this is understood, It will not stop you from seeing ads.
It simply stops some of the targeted ads.
-
Facebook now SSL-encrypted throughout
http://blog.facebook.com/blog.php?post=486790652130
-
Hotmail offers disposable alias accounts
http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/02/03/hotmail-delivers-aliases-to-help-you-manage-and-secure-your-email-account.aspx
-
Facebook now SSL-encrypted throughout
http://blog.facebook.com/blog.php?post=486790652130
Facebook's crude https workaround
http://www.h-online.com/security/news/item/Facebook-s-crude-https-workaround-1184731.html
-
Safer Internet Day
8 February 2011
http://www.saferinternet.org/web/guest/safer-internet-day
-
One in three computer users within the EU had a malware problem in 2010
http://epp.eurostat.ec.europa.eu/cache/ITY_PUBLIC/4-07022011-AP/EN/4-07022011-AP-EN.PDF
-
Windows Server 2008 R2 and Windows 7 SP1 Releases to Manufacturing Today
http://blogs.technet.com/b/windowsserver/archive/2011/02/09/windows-server-2008-r2-and-windows-7-sp1-releases-to-manufacturing-today.aspx
-
Breaking up the Romance between Malware and Autorun
http://blogs.technet.com/b/mmpc/archive/2011/02/08/breaking-up-the-romance-between-malware-and-autorun.aspx
http://blogs.technet.com/b/msrc/archive/2011/02/08/deeper-insight-into-the-security-advisory-967940-update.aspx
-
Google extends 2-step authentication to all users
http://www.h-online.com/security/news/item/Google-extends-2-step-authentication-to-all-users-1188120.html
-
Google extends 2-step authentication to all users
http://www.h-online.com/security/news/item/Google-extends-2-step-authentication-to-all-users-1188120.html
Key commentThis code is either generated by a smartphone app, or Google sends it to a registered number via an SMS text message. A successful log-in will then require two independent factors: users will need to know their password and have access to the previously registered mobile phone.
-
Intel, Symantec and Vasco propagate single-use passwords
http://www.h-online.com/security/news/item/Intel-Symantec-and-Vasco-propagate-single-use-passwords-1189071.html
http://www.vasco.com/company/press_room/news_archive/2011/news_vascos_digipass_technology_to_be_embedded_into_intel_identity_protection_technology_ipt.aspx
http://ipt.intel.com/Libraries/Documents/Intel_IdentityProtect_techbrief_v5.sflb.ashx
-
Additional Fixes in Microsoft Security Bulletins [Silent Fixes]
http://blogs.technet.com/b/srd/archive/2011/02/14/additional-fixes-in-microsoft-security-bulletins.aspx
-
Oracle releases database firewall
http://www.oracle.com/us/corporate/press/313230?rssid=rss_ocom_pr
White Paper: http://www.oracle.com/us/products/database/bwp-oracle-database-firewall-302484.pdf
-
Windows Security Survival Guide
http://social.technet.microsoft.com/wiki/contents/articles/windows-security-survival-guide.aspx
-
Advancing the Idea of Collective Action to Improve Internet Security and Privacy
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/02/15/advancing-the-idea-of-collective-action-to-improve-internet-security-and-privacy.aspx
-
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx
W3C Team Comment on the "Web Tracking Protection" Submission
http://www.w3.org/Submission/2011/01/Comment/
-
Thunderbolt: Introducing a new way to hack Macs
http://erratasec.blogspot.com/2011/02/thunderbolt-introducing-new-way-to-hack.html
-
Apple invites bug researchers to scrutinize Lion OS
http://www.computerworld.com/s/article/9211599/Apple_invites_bug_researchers_to_scrutinize_Lion_OS
-
The Internet Explorer 6 Countdown
http://ie6countdown.com/
-
Botnets: Measurement, Detection, Disinfection and Defence
http://www.enisa.europa.eu/act/res/botnets/botnets-measurement-detection-disinfection-and-defence
http://www.enisa.europa.eu/act/res/botnets/botnets-measurement-detection-disinfection-and-defence/at_download/fullReport [PDF document, 3974Kb]
-
Pwn2Own 2011: no-one goes after Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-no-one-goes-after-Chrome-1206149.html
-
Pwn2Own 2011: no-one goes after Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-no-one-goes-after-Chrome-1206149.html
I knew there was a reason I liked Chrome. :)
-
Pwn2Own 2011: Day 2 - iPhone and Blackberry hacked
http://www.h-online.com/security/news/item/Pwn2Own-2011-Day-2-iPhone-and-Blackberry-hacked-1206254.html
@Bob: It seems we both like good browsers. ;)
As well as attacks on mobile devices, attacks on Firefox were also on the agenda but the candidates for that competition did not show up, just as no one did on the first day for Chrome.
-
Pwn2Own 2011: Google patches hole in Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-Google-patches-hole-in-Chrome-1207231.html
-
Pwn2Own 2011: Google patches hole in Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-Google-patches-hole-in-Chrome-1207231.html
Interesting article. I'm not too worried about the so called "security breach" in chrome as I am
in the attitude Apple is taking in it's protection for those that own iPhone 3G's.
They appear to think that if you bury your head in the sand, the security problems will go away.
Deleting posts that bring this attitude to peoples attention are simply deleted with an "against policy"
reason.
Bad move Apple. Poor and uncaring customer relations have been the downfall of many a good company. :'(
Just my 2 cents.
-
Credit Card skimming and PIN harvesting in an EMV world
http://dev.inversepath.com/download/emv/emv_2011.pdf
-
Rustock botnet out of action
http://blogs.technet.com/b/microsoft_blog/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx
http://krebsonsecurity.com/2011/03/rustock-botnet-flatlined-spam-volumes-plummet/
-
Revealed: US spy operation that manipulates social media
http://www.guardian.co.uk/technology/2011/mar/17/us-spy-operation-social-networks
-
An I'm supposed to believe the Guardian ??? Why trust them any more the the Government ??? ;D
-
Why trust them any more the the Government ??? ;D
What did the government say..??? ;)
http://www.rawstory.com/rs/2011/02/22/exclusive-militarys-persona-software-cost-millions-used-for-classified-social-media-activities/
-
Vulnerabilities in some SCADA server softwares
http://www.securityfocus.com/archive/1/517080/30/0/threaded
-
Detecting Certificate Authority compromises and web browser collusion
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
-
This issue was reported to us by the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates.
Oh, what a surprise. We've been discussing this a couple of days ago wrt CIS vendor whitelists, haven't we? :D
Comodo vs Mozilla 2008 story (http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/9c0cc829204487bf#) (also here (https://blog.startcom.org/?p=145)).
Oh, and on a preventive note: How to disable the Comodo reseller root certificate in Firefox (http://benjamin.smedbergs.us/blog/2008-12-24/how-to-disable-the-comodo-root-certificate-in-firefox/). (For IE and Chrome, certmgr.msc MMC snap-in is your friend. ;))
-
This issue was reported to us by the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates.
Oh, what a surprise. We've been discussing this a couple of days ago wrt CIS vendor whitelists, haven't we? :D
Yes, you a right, doc..!! It's really a big surprise. ;D
-
Isn't "Trust" what Comodo sells ???
-
Isn't "Trust" what Comodo sells ???
Bad job then. ;D
-
Isn't "Trust" what Comodo sells ???
Let's have some phun: Comodo issues fraudulent certificates (incl. Mozilla) once again (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html) @ Comodo forums. Wondering how long will the thread last. :P ;D
EDIT: Thread moved to Policy Violations forum after banning me (https://forums.comodo.com/forum-policy-violation-board/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70973.0.html) (Requires registation @ Melih's hunted by Iran government forums ;D)
-
Wondering how long will the thread last. :P ;D
I wonder, too. ;)
You may add this, if you like...
SSL meltdown forces browser developers to update
http://www.h-online.com/security/news/item/SSL-meltdown-forces-browser-developers-to-update-1213358.html
-
SSL meltdown forces browser developers to update
http://www.h-online.com/security/news/item/SSL-meltdown-forces-browser-developers-to-update-1213358.html
Thanks. Couldn't agree more with this:
The incident is further proof that the entire concept of SSL and of users' trust in the Certificate Authorities are standing on feet of clay. After all, a certificate is also considered trustworthy even if it is issued by a CA reseller based in a country to which users probably wouldn't even go on holiday for security reasons. And the promised technologies don't even work when a compromised certificate is made public. It is time to come up with a new concept – and "EV-SSL" certificates, at least, should not be a part of it.
-
NP, doc..!!
Now, let's sit and wait for the replies. ;D 8)
-
NP, doc..!!
Now, let's sit and wait for the replies. ;D 8)
Looks like the Comodo morons also issued a fraudulent certificate for login.live.com (Windows Live ID), not just addons.mozilla.org ::)
Microsoft Releases Security Advisory 2524375 (http://blogs.technet.com/b/msrc/archive/2011/03/23/microsoft-releases-security-advisory-2524375.aspx)
Today we're releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users. We are unaware of any active attacks.
Wow, and login.skype.com, login.yahoo.com and www.google.com and mail.google.com - just excellent.
Already got KB2524375 via Windows Update.
-
Ok, guys, now it's official, no sloppy job or anything, instead - Iran has attacked Melih and Comodo!!!! (http://www.melih.com/2011/03/23/).
Who is attacking it?
We believe these are “politically motivated”, “state driven/funded” attacks.
Why do we think these are state driven/funded?
Well, one of the origin of the attack that we experienced is from Iran, what is being obtained would enable the perpetrator to intercept web based email/communication and the only way this could be done is if the perpetrator had access to the Country’s DNS infrastructure (and we believe it might be the case here). Of course this is our interpretation of the situation.
First time we are seeing a “state funded” attack against the “Authentication” infrastructure. The Threat Model is changing and Comodo had already initiated a proposal for new standards in 2010 which would help mitigate some of these attacks. We will make sure to double our efforts in getting industry wide acceptance to these much needed standards so that we can continue to defend our security and freedom.
:o ;D :o ;D :o ;D
P.S. Mozilla Bug 642395 - Deal with bogus certs issued by Comodo partner (https://bugzilla.mozilla.org/show_bug.cgi?id=642395)
-
Let's have some phun: Comodo issues fraudulent certificates (incl. Mozilla) once again (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html) @ Comodo forums. Wondering how long will the thread last. :P ;D
Did not last long:
An Error Has Occurred!
Sorry doktornotor, you are banned from using this forum!
Forum Policy Violation
;D :D ;D :D
P.S. Thread moved here: (requires registration) (https://forums.comodo.com/forum-policy-violation-board/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70973.0.html[/url). Well whatever - here's the sequel for you. Bye bye Comodo. Sincerely yours, Comodo's Hero. :P
-
Let's have some phun: Comodo issues fraudulent certificates (incl. Mozilla) once again (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html) @ Comodo forums. Wondering how long will the thread last. :P ;D
Did not last long:
An Error Has Occurred!
Sorry doktornotor, you are banned from using this forum!
Forum Policy Violation
;D :D ;D :D
P.S. Thread moved here: (requires registration) (https://forums.comodo.com/forum-policy-violation-board/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70973.0.html[/url). Well whatever - here's the sequel for you. Bye bye Comodo. Sincerely yours, Comodo's Hero. :P
Comodo's Melih does not like critics. ;)
-
https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html)
-
https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html)
Haha... Well, as I said on the original thread - their image cannot be harmed much more no matter how much their censored the forums...
Oh, and remember, Iran government is going after them! :o
-
I've started the discussion in a neutral field.
http://www.wilderssecurity.com/showthread.php?p=1847026#post1847026
-
Hi guys, as I don't want this thread to become a discussion thread. ;)
Please post further replies to the Comodo issue here: http://forum.avast.com/index.php?topic=74516.0
Thanks,
asyn
Edit: Or follow Tech's link to WSF... (Thanks Tech..!!)
-
Hi guys, as I don't want this thread to become a discussion thread. ;)
Please post further replies to the Comodo issue here: http://forum.avast.com/index.php?topic=74516.0
Thanks,
asyn
Edit: Or follow Tech's link to WSF... (Thanks Tech..!!)
It would be a lot nicer to do it directly on the Comodo forum (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html). :0
-
It would be a lot nicer to do it directly on the Comodo forum. :0
Bob, please post this in the new topic. Thanks..!! :)
http://forum.avast.com/index.php?topic=74516.0
asyn
@ALL: Please, no more Comodo related discussion here...!!! Thanks..!!
-
Password service (Lastpass) locks out hackers
Password service Lastpass simply blocks the IP addresses of users who test the site's security measures in a move which may very well cause collateral damage.
http://www.h-online.com/security/news/item/Password-service-locks-out-hackers-1214086.html
-
Vulnerabilities in some SCADA server softwares
http://www.securityfocus.com/archive/1/517080/30/0/threaded
SCADA Trojans: Attacking the Grid + 0dayZ!
http://www.reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-01.pdf
-
Microsoft Shuts off HTTPS in Hotmail for Over a Dozen Countries
https://www.eff.org/deeplinks/2011/03/microsoft-shuts-https-hotmail-over-dozen-countries
http://jilliancyork.com/2011/03/25/microsoft-hotmail-no-https-for-arab-iranian-users/
Update: Microsoft: Mystery bug blocks Syrian secure Hotmail
http://www.theregister.co.uk/2011/03/26/microsoft_https_hotmail_syria/
Microsoft is blaming a mystery bug for preventing access to the encrypted version of Hotmail, denying that it deliberately blocked access to the service in Syria.
-
MySQL.com Vulnerable To Blind SQL Injection Vulnerability
http://seclists.org/fulldisclosure/2011/Mar/309
Edit: http://www.h-online.com/security/news/item/MySQL-allegedly-hacked-via-SQL-injection-1216281.html
-
Vulnerabilities in *McAfee.com
http://seclists.org/fulldisclosure/2011/Mar/313
http://news.cnet.com/8301-27080_3-20048135-245.html
-
Critical NASA network vulnerable to attack
http://oig.nasa.gov/audits/reports/FY11/IG-11-017.pdf
-
FBI asks for help cracking a code in unsolved murder case
http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911/cryptanalysis_032911
-
Firefox - Advertisers and Publishers Adopt and Implement Do Not Track
http://blog.mozilla.com/blog/2011/03/30/advertisers-and-publishers-adopt-and-implement-do-not-track/
-
Mozilla begins crackdown on slow starting Firefox add-ons
http://www.h-online.com/security/news/item/Mozilla-begins-crackdown-on-slow-starting-Firefox-add-ons-1220906.html
http://blog.mozilla.com/addons/2011/04/01/improving-add-on-performance/
https://addons.mozilla.org/en-US/firefox/performance/
https://developer.mozilla.org/en/Extensions/Performance_best_practices_in_extensions
-
Google Chrome - Protecting users from malicious downloads
http://googleonlinesecurity.blogspot.com/2011/04/protecting-users-from-malicious.html
-
Google Chrome - Protecting users from malicious downloads
http://googleonlinesecurity.blogspot.com/2011/04/protecting-users-from-malicious.html
"The data produced by our systems and published via the Safe Browsing API is used by Google search and browsers such as Google Chrome, Firefox, and Safari to warn users who may attempt to visit these dangerous webpages. "
-
The Linux Foundation Releases Carrier Grade Linux 5.0 Specification
http://linux-foundation.org/weblogs/press/2011/04/06/the-linux-foundation-releases-carrier-grade-linux-50-specification/
The Linux Foundation’s CGL workgroup has been collaborating on CGL gaps and requirements since 2002, and today’s release of CGL 5.0 covers several specification categories that include Availability, Clustering, Serviceability, Performance, Standards, Hardware, and Security.
-
FSB Backs Away From Gmail Ban
http://www.themoscowtimes.com/mobile/article/434782.html
-
Learning the Importance of WAF Technology – the Hard Way
http://www.barracudalabs.com/wordpress/index.php/2011/04/11/learning-the-importance-of-waf-technology-the-hard-way/
http://hmsec.tumblr.com/
-
DNS hacks with added value
http://www.h-online.com/security/news/item/DNS-hacks-with-added-value-1227656.html
-
Apple Adds Do-Not-Track Tool to New Browser
http://online.wsj.com/article/SB10001424052748703551304576261272308358858.html
The move by the Cupertino, Calif., company leaves Google Inc. as the only major browser provider that hasn't yet committed to supporting a do-no-track capability in its browser, called Chrome.
-
Department of Justice Takes Action to Disable International Botnet
http://newhaven.fbi.gov/dojpressrel/pressrel11/nh041311.htm
With Court Order, FBI Hijacks ‘Coreflood’ Botnet, Sends Kill Signal
http://www.wired.com/threatlevel/2011/04/coreflood/
-
UK: Ministry of Defence fails at redacting nuclear sub secrets
http://www.h-online.com/security/news/item/Ministry-of-Defence-fails-at-redacting-nuclear-sub-secrets-1229523.html
http://www.parliament.uk/deposits/depositedpapers/2011/DEP2011-0648.pdf
http://cryptome.org/0003/mod-nuke-leak.htm
http://www.telegraph.co.uk/news/uknews/defence/8457506/Secrets-put-on-internet-in-Whitehall-blunders.html
-
Whitehats pierce giant hole in Microsoft security shield
http://www.theregister.co.uk/2011/04/18/windows_heap_exploit_shield_pierced/
-
China's Cyber Hackers Target Western Firms
http://news.sky.com/skynews/Home/World-News/Video-Chinas-Cyber-Hackers-Growing-Threat-To-Western-Security-Sky-News-Investigation/Article/201104315974328?lpos=World_News_Right_Promo_Region_1&lid=ARTICLE_15974328_Video%3A_Chinas_Cyber_Hackers_Growing_Threat_To_Western_Security_Sky_News_Investigation
-
Microsoft Safety Scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.
Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
-
Newest Adobe flash 0-day used in new drive-by download variation: drive-by cache
http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html
-
A Security Comparison: Microsoft Office vs. Oracle Openoffice
https://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.html
http://dankaminsky.com/2011/03/11/fuzzmark/
-
"HTTPS Now" campaign launched to protect internet security
http://www.h-online.com/security/news/item/HTTPS-Now-campaign-launched-to-protect-internet-security-1231563.html
http://www.eff.org/press/archives/2011/04/19-0
https://www.httpsnow.org/
-
The interesting part of that article for me was at the very end:
"Facebook's HTTPS workaround was rather crude; if users clicked a link to a Facebook app, the site would ask them if they wanted to switch to a standard HTTP connection as the content they wanted to display could not be displayed using HTTPS. Once users clicked continue, the site completely disabled the HTTPS option under account settings in the background without indicating to users that it would do so."
-
The interesting part of that article for me was at the very end:
"Facebook's HTTPS workaround was rather crude; if users clicked a link to a Facebook app, the site would ask them if they wanted to switch to a standard HTTP connection as the content they wanted to display could not be displayed using HTTPS. Once users clicked continue, the site completely disabled the HTTPS option under account settings in the background without indicating to users that it would do so."
Bob, I already posted that in February. ;)
http://forum.avast.com/index.php?topic=66267.msg594233#msg594233
-
Designing a cluster-based covert channel to evade disk investigation and forensics
http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V8G-51BBKRS-1&_user=10&_coverDate=01%2F31%2F2011&_rdoc=1&_fmt=high&_orig=gateway&_origin=gateway&_sort=d&_docanchor=&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=ee913861b3d05b46b905bd4d52ca9380&searchtype=a
-
NSA CIO Pursues Intelligence-Sharing Architecture
http://www.informationweek.com/news/government/leadership/229401971
-
NSA CIO Pursues Intelligence-Sharing Architecture
http://www.informationweek.com/news/government/leadership/229401971
Times sure change. 30 something years ago one would never have seen any information put out by the media credited to anyone at the NSA. That "anyone" would have been fired. Maybe thrown in jail. Amazing!
By the way, the nickname 30 something years ago was, No Such Agency.
-
Google adds Flash cookie protection to Chrome
http://www.h-online.com/security/news/item/Google-adds-Flash-cookie-protection-to-Chrome-1233706.html
http://blog.chromium.org/2011/04/providing-transparency-and-controls-for.html
-
Amazon's Cloud Crash Disaster Permanently Destroyed Many Customers' Data
http://www.businessinsider.com/amazon-lost-data-2011-4
-
Treacherous metadata in company documents
http://www.h-online.com/security/features/Treacherous-metadata-in-company-documents-1233053.html
https://office.microsoft.com/en-us/excel-help/find-and-remove-metadata-hidden-information-in-your-legal-documents-HA001077646.aspx
-
‘Weyland-Yutani’ Crime Kit Targets Macs for Bots
http://krebsonsecurity.com/2011/05/weyland-yutani-crime-kit-targets-macs-for-bots/
-
The Tor Project plans a Firefox fork
http://www.h-online.com/security/news/item/The-Tor-Project-plans-a-Firefox-fork-1237745.html
https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton
https://www.torproject.org/projects/torbrowser.html.en
-
Amazon's Cloud Crash Disaster Permanently Destroyed Many Customers' Data
http://www.businessinsider.com/amazon-lost-data-2011-4
I had some need to keep myself informed on this issue and I'd like to share one of the better pieces that goes into the technical aspects of this trouble.
http://www.itworld.com/cloud-computing/161203/english-time-how-amazon-let-its-cloud-crash-and-why-it-should-have-known-bett
-
Safer network traffic, but with potential side effects
http://www.h-online.com/security/news/item/Safer-network-traffic-but-with-potential-side-effects-1237238.html
http://ripe62.ripe.net/presentations/29-110502.ripe-bgpsec-policy.pdf
-
I had some need to keep myself informed on this issue and I'd like to share one of the better pieces that goes into the technical aspects of this trouble.
Thanks, ManyQs..!
Interesting read. :)
asyn
-
Mozilla rejects US government request to remove add-on
http://www.h-online.com/security/news/item/Mozilla-rejects-US-government-request-to-remove-add-on-1238743.html
http://lockshot.wordpress.com/2011/05/05/homeland-security-request-to-take-down-mafiaafire-add-on/
-
Mozilla rejects US government request to remove add-on
http://www.h-online.com/security/news/item/Mozilla-rejects-US-government-request-to-remove-add-on-1238743.html
http://lockshot.wordpress.com/2011/05/05/homeland-security-request-to-take-down-mafiaafire-add-on/
Mozilla rejects US government request to remove add-on - because it hasn't received a court order to do so.
-
Mozilla rejects US government request to remove add-on
http://www.h-online.com/security/news/item/Mozilla-rejects-US-government-request-to-remove-add-on-1238743.html
http://lockshot.wordpress.com/2011/05/05/homeland-security-request-to-take-down-mafiaafire-add-on/
Typical. Firefox is officially dead. :'(
It won't be long until DHS shuts the browser down and Mozilla for good. Time to switch to Google Chrome.
DHS is simply stifling free speech and open source in the name of Copyright, ICE, ACTA, and the Trans-Pacific Partnership (TPP).
-
MS Exploitability Index Improvements Now Offer Additional Guidance
http://blogs.technet.com/b/msrc/archive/2011/05/05/exploitability-index-improvements-amp-advance-notification-service-for-may-2011-bulletin-release.aspx
-
A Syrian Man-In-The-Middle Attack against Facebook
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/
-
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi
-
Security distribution BackTrack 5 released
http://www.h-online.com/open/news/item/Security-distribution-BackTrack-5-released-1241332.html
http://www.backtrack-linux.org/backtrack/backtrack-5-release/
-
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi
Khronos respond to WebGL security report
http://www.h-online.com/security/news/item/Khronos-respond-to-WebGL-security-report-1241304.html
http://www.opengl.org/registry/specs/ARB/robustness.txt
-
The RTLO unicode hole - sequence manipulation as an attack vector
http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole/
Vulnerable versions of Windows
This issue is by default apparently only present in Windows Vista and Windows 7. In Windows XP you need to install support for right-to-left languages for this to work.
-
Microsoft Security Intelligence Report (SIR) #10
http://www.microsoft.com/security/sir/default.aspx
http://download.microsoft.com/download/6/0/5/605BE103-9429-4493-898B-E3D50AB68236/Microsoft_Security_Intelligence_Report_volume_10_Key_Findings_Summary_English.pdf
http://download.microsoft.com/download/6/0/5/605BE103-9429-4493-898B-E3D50AB68236/Microsoft_Security_Intelligence_Report_volume_10_Global_Threat_Assessments_English.pdf
-
New version of EMET (2.1) is now available
http://blogs.technet.com/b/srd/archive/2011/05/18/new-version-of-emet-is-now-available.aspx
Download: http://go.microsoft.com/fwlink/?LinkID=200220&clcid=0x409
Forum: http://go.microsoft.com/fwlink/?LinkID=213962&clcid=0x409
-
Click Trajectories: End-to-End Analysis of the Spam Value Chain
http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf
-
Successful timing attacks on elliptic curve cryptography
http://www.h-online.com/security/news/item/Successful-timing-attacks-on-elliptic-curve-cryptography-1247772.html
http://eprint.iacr.org/2011/232.pdf
http://www.kb.cert.org/vuls/id/536044
-
The Failure of Noise-Based Non-Continuous Audio Captchas
http://cdn.ly.tl/publications/decaptcha-audio.pdf
-
Comodogate v2
Continued from: http://forum.avast.com/index.php?topic=52252.msg649567#msg649567
Some details: http://pastebin.com/F5nUf5kr
-
Cookiejacking
https://sites.google.com/site/tentacoloviola/cookiejacking
http://www.reuters.com/article/2011/05/25/us-microsoft-security-idUSTRE74O86F20110525
-
When Angry Birds attack: Android edition
http://blog.duosecurity.com/2011/05/when-angry-birds-attack-android-edition/
-
Web Application Attack and Audit Framework 1.0 arrives
http://www.h-online.com/security/news/item/Web-Application-Attack-and-Audit-Framework-1-0-arrives-1253108.html
http://sourceforge.net/projects/w3af/
http://sourceforge.net/news/?group_id=170274&id=300685
http://w3af.sourceforge.net/videos/video-demos.php
-
The Electronic Frontier Foundation (EFF) Tor Challenge
https://www.eff.org/torchallenge
-
Twitter new follow button clickjacking attack
http://serphacker.com/twitter/twitter-new-follow-button-clickjacking-attack.html
Google plus1 clickjacking attack
http://serphacker.com/clickjacking/google-plus1-clickjacking-attack.html
-
I believe the ClickClear function in Firefox NoScript add-on protects against clickjacking.
-
I believe the ClickClear function in Firefox NoScript add-on protects against clickjacking.
That's right David.
NoScript blocks these attacks.
-
One in four US hackers 'is an FBI informer'
The FBI and US secret service have used the threat of prison to create an army of informers among online criminals
http://www.guardian.co.uk/technology/2011/jun/06/us-hackers-fbi-informer/print
-
Cross-domain WebGL textures disabled in Firefox 5
http://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/
https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures
https://bugzilla.mozilla.org/show_bug.cgi?id=656277
-
Cookiejacking
https://sites.google.com/site/tentacoloviola/cookiejacking
http://www.reuters.com/article/2011/05/25/us-microsoft-security-idUSTRE74O86F20110525
http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx
One of the issues we start to address in this release is “cookiejacking,” which allows an attacker to steal cookies from a user’s computer and access websites the user has logged into.
-
Twitter authorisation misleads users
http://www.h-online.com/security/news/item/Twitter-authorisation-misleads-users-1259205.html
http://lab.thisisroyal.com/twitter/
http://techcrunch.com/2011/06/10/third-party-twitter-apps-can-access-your-private-messages-without-authorization/
-
Nissan LEAF cars leak speed, position, destination to RSS feeds
http://seattlewireless.net/~casey/?p=97
-
Siemens fixes vulnerabilities in automation systems
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=41886031&subtype=133100&caller=view
http://support.automation.siemens.com/dnl/TY/TYzNTUxOQAA_50428932_Akt/Siemens_Security_Advisory_SSA-625789.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-161-01.pdf
-
Bitcoin P2P Currency: The Most Dangerous Project We've Ever Seen
http://launch.is/blog/l019-bitcoin-p2p-currency-the-most-dangerous-project-weve-ev.html
http://launch.is/blog/l020-is-bitcoin-the-wikileaks-of-monetary-policy.html
http://forum.bitcoin.org/index.php?topic=16457.msg214423#msg214423
-
WPScan - WordPress Security Scanner
http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner/
http://code.google.com/p/wpscan/
-
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi
WebGL – More WebGL Security Flaws
http://www.contextis.com/resources/blog/webgl2/
-
NSA allies with Internet carriers to thwart cyber attacks against defense firms
http://www.washingtonpost.com/national/major-internet-service-providers-cooperating-with-nsa-on-monitoring-traffic/2011/06/07/AG2dukXH_story.html
-
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi
WebGL – More WebGL Security Flaws
http://www.contextis.com/resources/blog/webgl2/
WebGL Considered Harmful
http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx
-
Chrome - Trying to end mixed scripting vulnerabilities
http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
-
Metasploit offers bounty for exploits
https://community.rapid7.com/community/metasploit/blog/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks
https://community.rapid7.com/docs/DOC-1467
-
Hackers steal quantum code
http://physicsworld.com/cws/article/news/46305
-
Storing passwords in uncrackable form
http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html
-
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi
WebGL – More WebGL Security Flaws
http://www.contextis.com/resources/blog/webgl2/
WebGL Considered Harmful
http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx
Mozilla rejects Microsoft's WebGL criticism
http://www.h-online.com/security/news/item/Mozilla-rejects-Microsoft-s-WebGL-criticism-1263986.html
http://shaver.off.net/diary/2011/06/17/a-three-dimensional-platform/
Why Microsoft and Internet Explorer need WebGL (and vice-versa)
http://www.realityprime.com/articles/why-microsoft-and-internet-explorer-need-webgl
-
Bitcoin P2P Currency: The Most Dangerous Project We've Ever Seen
http://launch.is/blog/l019-bitcoin-p2p-currency-the-most-dangerous-project-weve-ev.html
http://launch.is/blog/l020-is-bitcoin-the-wikileaks-of-monetary-policy.html
http://forum.bitcoin.org/index.php?topic=16457.msg214423#msg214423
Bitcoin exchange closed after attack
http://www.h-online.com/security/news/item/Bitcoin-exchange-closed-after-attack-1263448.html
-
Metasploit Framework 3.7.2
https://community.rapid7.com/community/metasploit/blog/2011/06/21/metasploit-framework-372-released
https://dev.metasploit.com/redmine/projects/framework/wiki/Release_Notes_372
-
Chrome extension shows up bad JavaScript
http://googleonlinesecurity.blogspot.com/2011/06/introducing-dom-snitch-our-passive-in.html
https://code.google.com/p/domsnitch/
-
Chrome extension shows up bad JavaScript
http://googleonlinesecurity.blogspot.com/2011/06/introducing-dom-snitch-our-passive-in.html
https://code.google.com/p/domsnitch/
I wouldn't exactly run out and get this. It's an experimental Chrome extension designed for developers and testers.
-
Firefox Rapid Release Process
http://mike.kaply.com/2011/06/21/firefox-rapid-release-process/
http://www.glazman.org/weblog/dotclear/index.php?post/2011/06/21/The-faster-release-process-of-Firefox
http://mozilla.github.com/process-releases/draft/development_overview/
-
Firefox Rapid Release Process
http://mike.kaply.com/2011/06/21/firefox-rapid-release-process/
http://www.glazman.org/weblog/dotclear/index.php?post/2011/06/21/The-faster-release-process-of-Firefox
http://mozilla.github.com/process-releases/draft/development_overview/
I see everybody complaining about fast release process of Firefox.
It would be a pain to have it integrated.
If addons developers can't follow the speed, I will be very upset with the lack of support.
For corporate deployments and for users that cannot use Firefox with specific addons, there has to be a stable branch that includes security updates.
-
I see everybody complaining about fast release process of Firefox.
It would be a pain to have it integrated.
If addons developers can't follow the speed, I will be very upset with the lack of support.
For corporate deployments and for users that cannot use Firefox with specific addons, there has to be a stable branch that includes security updates.
As long as they keep the 3.6 branch alive, I've no problem.
Else, it would be a real PITA. :-\
-
Common Weakness Scoring System (CWSS)
http://cwe.mitre.org/cwss/index.html
Common Weakness Risk Analysis Framework (CWRAF)
http://cwe.mitre.org/cwraf/index.html
-
Netragard’s Hacker Interface Device (HID)
http://pentest.snosoft.com/2011/06/24/netragards-hacker-interface-device-hid/
-
2011 CWE/SANS Top 25 Most Dangerous Software Errors
http://cwe.mitre.org/top25/index.html
http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf
-
No more Googling for .co.cc domains
http://www.h-online.com/security/news/item/No-more-Googling-for-co-cc-domains-1274332.html
-
Using Cross-domain images in WebGL and Chrome 13
http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
-
Binary Planting Goes "Any File Type"
http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html
-
On-screen Keyboards Considered Harmful
http://blog.thinkst.com/2011/07/on-screen-keyboards-considered-harmful.html
http://thinkst.com/stuff/ocv/
http://thinkst.com/stuff/ocv/osk-thinkst.pdf
-
Mozilla's BrowserID offered as an alternative to OpenID
http://www.h-online.com/security/news/item/Mozilla-s-BrowserID-offered-as-an-alternative-to-OpenID-1280136.html
http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in
http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid
https://browserid.org/
-
Process Explorer v15.0
http://technet.microsoft.com/en-us/sysinternals/bb896653
-
Analysis of the jailbreakme v3 font exploit
http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit
-
Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries
http://blogs.forbes.com/andygreenberg/2011/07/22/apple-laptops-vulnerable-to-hack-that-kills-or-corrupts-batteries/
-
Nominations for the 2011 Pwnie Awards announced
http://pwnies.com/nominations/
-
Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged
http://www.wired.com/epicenter/2011/07/undeletable-cookie/
http://ssrn.com/abstract=1898390
-
A Security Analysis of Next Generation Web Standards
http://www.enisa.europa.eu/act/application-security/web-security/a-security-analysis-of-next-generation-web-standards/
http://www.enisa.europa.eu/act/application-security/web-security/a-security-analysis-of-next-generation-web-standards/at_download/fullReport
-
Revealed: Operation Shady RAT
http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat
http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
-
Metasploit Framework 4.0 Released
https://community.rapid7.com/community/metasploit/blog/2011/08/01/metasploit-40-released
https://dev.metasploit.com/redmine/projects/framework/wiki/Release_Notes_400
http://www.metasploit.com/download/
-
Volatility 2.0 Released
http://volatility.tumblr.com/
https://www.volatilesystems.com/default/volatility
-
Nominations for the 2011 Pwnie Awards announced
http://pwnies.com/nominations/
The Winners
http://pwnies.com/winners/
-
Microsoft BlueHat Prize
http://www.microsoft.com/security/bluehatprize/
http://www.microsoft.com/security/bluehatprize/rules.aspx
-
When Advanced Persistent Threats Go Mainstream
http://www.rsa.com/innovation/docs/SBIC_RPT_0711.pdf
-
CSI:Internet - Living in SYN
http://www.h-online.com/security/features/CSI-Internet-Living-in-SYN-1288568.html
-
Firefox - Strengthening User Control of Add-ons
https://blog.mozilla.com/addons/2011/08/11/strengthening-user-control-of-add-ons/
-
Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged
http://www.wired.com/epicenter/2011/07/undeletable-cookie/
http://ssrn.com/abstract=1898390
Legal dispute over "eternal" cookies
http://www.h-online.com/security/news/item/Legal-dispute-over-eternal-cookies-1323818.html
-
IT Threat Evolution: Q2 2011
http://www.securelist.com/en/analysis/204792186/IT_Threat_Evolution_Q2_2011
-
Bitcoin mining with Trojan.Badminer
http://www.symantec.com/connect/blogs/bitcoin-mining-trojanbadminer
-
Revealed: Operation Shady RAT
http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat
http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
Shady RAT: Shoddy RAT
http://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/
-
Trends in Circumventing Web-Malware Detection
http://googleonlinesecurity.blogspot.com/2011/08/four-years-of-web-malware.html
http://research.google.com/archive/papers/rajab-2011a.pdf
-
Biclique cryptanalysis of the full AES
https://research.microsoft.com/en-us/projects/cryptanalysis/aes.aspx
https://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf
-
CSI:Internet - Controlled from the beyond
http://www.h-online.com/security/features/CSI-Internet-Controlled-from-the-beyond-1322313.html
-
McAfee Q2 2011 Threats Report
http://www.mcafee.com/us/about/news/2011/q3/20110823-01.aspx
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf
-
Updated SDL Tools Available
http://blogs.msdn.com/b/sdl/archive/2011/08/25/updates-to-sdl-tools-are-now-available.aspx
Threat Modeling Tool v3.1.8: http://go.microsoft.com/?linkid=9706808
MiniFuzz Tool v1.5.5: http://go.microsoft.com/?linkid=9757781
RegExFuzz Tool v1.1.0: http://go.microsoft.com/?linkid=9751929
-
Snort 2.9.1 has been released
http://blog.snort.org/2011/08/snort-291-has-been-released-including.html
http://www.snort.org/snort-downloads/
http://manual.snort.org/
http://www.snort.org/docs
-
Free tool for testing net neutrality (N00ter)
http://www.h-online.com/security/news/item/Free-tool-for-testing-net-neutrality-1335031.html
http://dankaminsky.com/2011/08/05/bo2k11/
-
BackBox Linux 2 released!
http://www.backbox.org/content/backbox-linux-2-released
http://www.backbox.org/content/download
-
So do you need a big backup system...got lots of movie and music files ?....well IBM got what you need ;D
IBM Builds Biggest Data Drive Ever
http://www.technologyreview.com/computing/38440/page1/
-
Shooting the Messenger
http://www.andreas-kurtz.de/2011/09/shooting-messenger.html
-
Mozilla asks all CAs to carry out security audits
http://www.h-online.com/security/news/item/Mozilla-asks-all-CAs-to-carry-out-security-audits-1340351.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/bf2deb09824418fb
-
Mozilla asks all CAs to carry out security audits
http://www.h-online.com/security/news/item/Mozilla-asks-all-CAs-to-carry-out-security-audits-1340351.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/bf2deb09824418fb
Thanks for this information, let's see what will be response of the CAs.
-
Mozilla asks all CAs to carry out security audits
http://www.h-online.com/security/news/item/Mozilla-asks-all-CAs-to-carry-out-security-audits-1340351.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/bf2deb09824418fb
Thanks for this information, let's see what will be response of the CAs.
NP disPlay..!
But more interesting will be, what happens with the ones not replying..!!?? ;)
-
Rent-a-Bot Networks Tied to TDSS Botnet
http://krebsonsecurity.com/2011/09/rent-a-bot-networks-tied-to-tdss-botnet/
http://krebsonsecurity.com/2011/09/whos-behind-the-tdss-botnet/
-
CSI:Internet - A trip into RAM
http://www.h-online.com/security/features/CSI-Internet-A-trip-into-RAM-1339479.html
-
Iran blocks Tor - Tor releases same-day fix
https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix
http://archives.seul.org/tor/talk/Sep-2011/msg00187.html
https://metrics.torproject.org/users.html?graph=direct-users&start=2011-07-01&end=2011-09-16&country=ir&events=on&dpi=72#direct-users
-
Cracking OS X Lion Passwords
http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html
-
Open source tool enables security tests for chip cards
http://www.h-online.com/security/news/item/Open-source-tool-enables-security-tests-for-chip-cards-1344245.html
http://www.degate.org/
http://www.degate.org/documentation/
-
Proposal to Provide an Extended Support Release of Firefox for Managed Deployments
https://groups.google.com/forum/#!topic/mozilla.dev.planning/19O8ODZnmPo (https://groups.google.com/forum/#!topic/mozilla.dev.planning/19O8ODZnmPo)
https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal
-
Microsoft Neutralizes Kelihos Botnet
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx
-
Diebold e-voting systems vulnerable to attack
http://www.h-online.com/security/news/item/Diebold-e-voting-systems-vulnerable-to-attack-1352743.html
http://politics.salon.com/2011/09/27/votinghack/
-
CSI:Internet - Open heart surgery
http://www.h-online.com/security/features/CSI-Internet-Open-heart-surgery-1350313.html
-
Mozilla Firefox and silent updates
http://www.brianbondy.com/blog/id/125/mozilla-firefox-and-silent-updates
-
Reverse Proxy Bypass
http://www.contextis.com/research/blog/reverseproxybypass/
-
0day Full disclosure: American Express
http://qnrq.se/full-disclosure-american-express/
Note: AE already fixed this.
-
ExploitHub Issues Bounty on 12 Client-side Exploits
http://www.nsslabs.com/company/news/press-releases/exploithub-issues-bounty-on-12-client-side-exploits.html
https://www.exploithub.com/request/index/developmentrequests/
-
Secret Orders Target Email
http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html
http://news.cnet.com/8301-31921_3-20117919-281/justice-department-ramps-up-wikileaks-e-mail-probe/
-
German researchers crack RFID cards
http://www.h-online.com/security/news/item/German-researchers-crack-RFID-cards-1359218.html
http://www.emsec.rub.de/media/crypto/veroeffentlichungen/2011/10/10/desfire_2011_extended_1.pdf
-
Microsoft Security Intelligence Report (SIR) #11
http://www.microsoft.com/security/sir/default.aspx
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_English.pdf
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_Worldwide_Threat_Assessment_English.pdf
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_Advanced_Malware_Cleaning_Techniques_for_the_IT_Professional_English.pdf
-
US experts concerned about risk to infrastructure posed by Anonymous
http://www.h-online.com/security/news/item/US-experts-concerned-about-risk-to-infrastructure-posed-by-Anonymous-1363015.html
http://info.publicintelligence.net/NCCIC-AnonymousICS.pdf
-
Rapid7 Launches New Metasploit Community Edition (for Free and Simple Vulnerability Verification)
http://www.rapid7.com/news-events/press-releases/2011/2011-metasploit-community.jsp
https://community.rapid7.com/community/metasploit/blog/2011/10/18/introducing-metasploit-community-edition
http://www.rapid7.com/products/metasploit-community.jsp
-
RUB Researchers break W3C standard
XML Encryption is insecure: Large companies affected
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en
-
Georgia Tech Turns iPhone Into spiPhone
http://www.gatech.edu/newsroom/release.html?nid=71506
-
RUB Researchers break W3C standard
XML Encryption is insecure: Large companies affected
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en
Analysis of Signature Wrapping Attacks and Countermeasures
http://www.nds.rub.de/media/nds/downloads/mjensen/ICWS09.pdf
-
THC SSL DOS
http://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos/
http://www.thc.org/thc-ssl-dos/
-
Microsoft Neutralizes Kelihos Botnet
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx
Microsoft Reaches Settlement with Piatti, dotFREE Group in Kelihos Case
http://blogs.technet.com/b/microsoft_blog/archive/2011/10/26/microsoft-reaches-settlement-with-piatti-dotfree-group-in-kelihos-case.aspx
http://noticeofpleadings.com/images/Botnet_voluntary_dismissal_file-stamped.pdf
-
avast 6, firefox, xp sp2
I have very slow dial up internet and something continues to download.
I put on PCtools 7 firewall, and activity is at Avast!Service.
Is there any way to find out what is downloading??
very frustrating as it makes any other internet even slower.
thanks
-
avast 6, firefox, xp sp2
I have very slow dial up internet and something continues to download.
I put on PCtools 7 firewall, and activity is at Avast!Service.
Is there any way to find out what is downloading??
very frustrating as it makes any other internet even slower.
thanks
you need to start a separate thread about this issue.
-
How secure is HTTPS today? How often is it attacked?
https://www.eff.org/deeplinks/2011/10/how-secure-https-today
https://www.eff.org/files/colour_map_of_CAs.pdf
-
Making UEFI Secure Boot Work With Open Platforms
https://www.linuxfoundation.org/publications/making-uefi-secure-boot-work-with-open-platforms
https://www.linuxfoundation.org/sites/main/files/lf_uefi_secure_boot_open_platforms.pdf
http://blog.canonical.com/2011/10/28/white-paper-secure-boot-impact-on-linux/
http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf
-
Acoustic cryptanalysis
http://tau.ac.il/~tromer/acoustic/
http://www.lsec.be/upload_directories/documents/AdiShamir.pdf
-
Chinese Military Suspected in Hacker Attacks on U.S. Satellites
http://www.bloomberg.com/news/2011-10-27/chinese-military-suspected-in-hacker-attacks-on-u-s-satellites.html
-
Defeating Windows 8 ROP Mitigation
http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/
http://blog.bkis.com/en/rop-chain-for-windows-8/
-
The Nitro Attacks
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf
-
NetMarketShare: XP finally eroded to sub 50 percent level, Chrome closing in on Firefox
http://www.zdnet.com/blog/hardware/netmarketshare-xp-finally-eroded-to-sub-50-percent-level-chrome-closing-in-on-firefox/15959
-
The Socialbot Network: When Bots Socialize for Fame and Money
http://lersse-dl.ece.ubc.ca/record/264/files/ACSAC_2011.pdf?version=1
-
Text-based CAPTCHA Strengths and Weaknesses
http://cdn.ly.tl/publications/text-based-captcha-strengths-and-weaknesses.pdf
-
A Security Analysis of Amazon’s Elastic Compute Cloud Service
http://www.scribd.com/doc/72067914/Secure-Cloud-Long
-
Operation Ghost Click
http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
http://www.fbi.gov/newyork/press-releases/2011/remarks-as-prepared-by-assistant-director-in-charge-janice-k.-fedarcyk-on-major-cyber-investigation
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
-
OAuth 2.0 Playground: Open to Developers
http://googlecode.blogspot.com/2011/11/oauth-20-playground-open-to-developers.html
https://code.google.com/oauthplayground/
-
SCADA & PLC Vulnerabilities in Correctional Facilities
http://dl.packetstormsecurity.net/papers/general/PLC_White_Paper_Newman_Rad_Strauchs_July22_2011_Final.pdf
http://blip.tv/pauldotcom/hacking-prisons-john-strauchs-tiffany-rad-teague-newman-5518125
-
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx
Enjoy!
-
Duqu Detectors
CrySyS Duqu Detector Toolkit: http://www.crysys.hu/duqudetector.html
Duqu Analysis & Detection Tool: http://www.nsslabs.com/blog/2011/11/duqu-analysis-and-detection-tool.html
-
Public Key Pinning Extension for HTTP
http://www.ietf.org/id/draft-evans-palmer-key-pinning-00.txt
-
Invisible YNK, a Code Signing Conundrum
http://blogs.norman.com/2011/malware-detection-team/invisible-ynk-a-code-signing-conundrum
-
Google details location services opt-out for Wi-Fi access point owners
http://www.h-online.com/security/news/item/Google-details-location-services-opt-out-for-Wi-Fi-access-point-owners-1379431.html
http://googlepolicyeurope.blogspot.com/2011/11/greater-choice-for-wireless-access.html
http://maps.google.com/support/bin/answer.py?hl=en&answer=1725632
-
W3C Announces First Draft of Standard for Online Privacy
http://www.w3.org/2011/11/dnt-pr.html.en
http://www.w3.org/TR/2011/WD-tracking-dnt-20111114/
http://www.w3.org/TR/2011/WD-tracking-compliance-20111114/
-
RUB researchers outsmart HDCP
“Man-in-the-Middle” attack: Intel copy protection circumvented
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00386.html.en
-
Preliminary Analysis of Google+'s Privacy
http://arxiv.org/abs/1111.3530
http://arxiv.org/pdf/1111.3530v1 [PDF]
-
Java is the largest malware target according to Microsoft
http://www.h-online.com/security/news/item/Java-is-the-largest-malware-target-according-to-Microsoft-1387528.html
http://blogs.technet.com/b/security/archive/2011/11/28/millions-of-java-exploit-attempts-the-importance-of-keeping-all-software-up-to-date.aspx
http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits/
-
Java is the largest malware target according to Microsoft
http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits/
From KrebsOnSecurityThe exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats.
-
The Spyfiles
http://wikileaks.org/the-spyfiles.html
http://www.washingtonpost.com/world/national-security/trade-in-surveillance-technology-raises-worries/2011/11/22/gIQAFFZOGO_story.html?hpid=z1
-
Windows Defender Offline Beta
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq
http://www.winsupersite.com/article/windows-7/windows-defender-offline-beta-141535
-
DNSCrypt
http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/
http://www.opendns.com/technology/dnscrypt/
-
DNSCrypt
http://www.opendns.com/technology/dnscrypt/
It says it is (mac only at the moment)
-
DNSCrypt
http://www.opendns.com/technology/dnscrypt/
It says it is (mac only at the moment)
Yes, the windows version follows shortly.
We expect a Windows version in the near future.
-
U.S. Homes In on China Spying
http://online.wsj.com/article_email/SB10001424052970204336104577094690893528130-lMyQjAxMTAxMDEwMjExNDIyWj.html
-
IE to Start Automatic Upgrades across Windows XP, Windows Vista, and Windows 7
http://windowsteamblog.com/ie/b/ie/archive/2011/12/15/ie-to-start-automatic-upgrades-across-windows-xp-windows-vista-and-windows-7.aspx
-
IE to Start Automatic Upgrades across Windows XP, Windows Vista, and Windows 7
http://windowsteamblog.com/ie/b/ie/archive/2011/12/15/ie-to-start-automatic-upgrades-across-windows-xp-windows-vista-and-windows-7.aspx
Thanks. Brazil will be in the beginning of the list :)
-
http://forum.avast.com/index.php?topic=19387.msg720292#msg720292 (http://forum.avast.com/index.php?topic=19387.msg720292#msg720292)
-
IE to Start Automatic Upgrades across Windows XP, Windows Vista, and Windows 7
http://windowsteamblog.com/ie/b/ie/archive/2011/12/15/ie-to-start-automatic-upgrades-across-windows-xp-windows-vista-and-windows-7.aspx
Thanks. Brazil will be in the beginning of the list :)
NP Tech..!
@Bob: You were almost 2 hours late. ;) But you're right, that any discussion (if needed) should continue there or in a new topic.
-
Resurrection: sniffing tool Ettercap has returned
http://www.h-online.com/open/news/item/Resurrection-sniffing-tool-Ettercap-has-returned-1397037.html
http://ettercap.sourceforge.net/index.php
-
Protecting your digital identity [Windows 8]
http://blogs.msdn.com/b/b8/archive/2011/12/14/protecting-your-digital-identity.aspx
-
Disorderly conduct: localized malware impersonates the police
http://blogs.technet.com/b/mmpc/archive/2011/12/19/disorderly-conduct-localized-malware-impersonates-the-police.aspx
-
Wi-Fi Protected Setup PIN brute force vulnerability
http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
http://www.kb.cert.org/vuls/id/723755
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
-
Pharma Wars: ‘Google,’ the Cutwail Botmaster
https://krebsonsecurity.com/2012/01/pharma-wars-google-the-cutwail-botmaster/
https://www.m86security.com/labs/spam_statistics.asp
-
EFF Raises Concerns About the New AOL Instant Messenger
https://www.eff.org/deeplinks/2011/12/effs-raises-concerns-about-new-aol-instant-messenger-0
-
28C3: Denial-of-Service attacks on web applications made easy
http://www.h-online.com/security/news/item/28C3-Denial-of-Service-attacks-on-web-applications-made-easy-1401863.html
http://www.nruns.com/_downloads/advisory28122011.pdf
-
Tails 0.10 (The Amnesic Incognito Live System)
http://tails.boum.org/index.en.html
http://tails.boum.org/news/version_0.10/
http://tails.boum.org/download/index.en.html
-
Sykipot variant hijacks DOD and Windows smart cards
http://labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs/
-
SE Android (Security Enhanced Android)
http://selinuxproject.org/page/SEAndroid
http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf
-
The Koobface malware gang - exposed!
http://nakedsecurity.sophos.com/koobface/
-
Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software
http://www.wired.com/threatlevel/2012/01/scada-exploits/
-
The Koobface malware gang - exposed!
http://nakedsecurity.sophos.com/koobface/
Koobface C&C goes silent after alleged controllers exposed
http://www.h-online.com/security/news/item/Koobface-C-C-goes-silent-after-alleged-controllers-exposed-1416869.html
-
The Impact of Mobile Devices on Information Security
http://www.checkpoint.com/press/2012/011812-check-point-businesses-admit-increase-security.html
http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdf
-
Mozilla's BrowserID offered as an alternative to OpenID
http://www.h-online.com/security/news/item/Mozilla-s-BrowserID-offered-as-an-alternative-to-OpenID-1280136.html
http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in
http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid
https://browserid.org/
Mozilla's BrowserID moves forward
http://www.h-online.com/security/news/item/Mozilla-s-BrowserID-moves-forward-1419193.html
-
Microsoft Names New Defendant in Kelihos Case
http://blogs.technet.com/b/microsoft_blog/archive/2012/01/23/microsoft-names-new-defendant-in-kelihos-case.aspx
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-80-54/6180.Kelihos-Botnet-_2D00_-Amended-Complaint.pdf
-
Board Room Spying for Fun and Profit
https://community.rapid7.com/community/solutions/metasploit/blog/2012/01/23/video-conferencing-and-self-selecting-targets
-
A different breed of downloader
http://blogs.technet.com/b/mmpc/archive/2012/01/24/a-different-breed-of-downloader.aspx
-
Hacker's Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets
http://www.forbes.com/sites/andygreenberg/2012/01/30/hackers-demo-shows-how-easily-credit-cards-can-be-read-through-clothes-and-wallets/
-
Kelihos/Hlux botnet returns with new techniques
http://www.securelist.com/en/blog/655/Kelihos_Hlux_botnet_returns_with_new_techniques
-
Trendnet Cameras - I always feel like somebody's watching me.
http://console-cowboys.blogspot.com/2012/01/trendnet-cameras-i-always-feel-like.html
-
Satellite telephony is unsafe
RUB scientists break security standards - Encryption algorithms have security gaps
http://gmr.crypto.rub.de/
http://gmr.crypto.rub.de/paper/paper-1.pdf
-
Iran partially blocks encrypted network traffic
https://blog.torproject.org/blog/iran-partially-blocks-encrypted-network-traffic
https://lists.torproject.org/pipermail/tor-talk/2012-February/023070.html
-
Introducing DNSCrypt (Preview Release)
http://www.opendns.com/technology/dnscrypt?utm_source=n012012&utm_medium=em&utm_campaign=home
-
Android.Bmaster: A Million-Dollar Mobile Botnet
http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobile-botnet
http://www.cs.ncsu.edu/faculty/jiang/RootSmart/
-
RSA keys not as random as they should be
http://www.h-online.com/security/news/item/RSA-keys-not-as-random-as-they-should-be-1435474.html
http://eprint.iacr.org/2012/064.pdf
https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs
-
Mozilla: Remove Trustwave Certificate(s) from trusted root certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=724929
https://wiki.mozilla.org/CA%3ACommunications#February_17.2C_2012
https://bugzilla.mozilla.org/attachment.cgi?id=598527
-
Google Bypassing User Privacy Settings
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx
-
Google Bypassing User Privacy Settings
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx (http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx)
This can also be rephrased as Apple and Microsoft aren't protecting their users privacy. ;D
-
Google Bypassing User Privacy Settings
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx (http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx)
This can also be rephrased as Apple and Microsoft aren't protecting their users privacy. ;D
Well, Rachel Whetstone (Senior Vice President of Communications and Policy, Google) thinks similar... ;D
http://parislemon.com/post/17998654387/google-microsoft-is-full-of-shit
-
No intention to open a discussion in this topic, but to end one...
The article is about 2 different things, depending on how you look at it.
1_ Google said it will follow a certain recognized standard, and it didn't follow that standard. If the standard were to be followed, then no "extra" track down of users would had happened.
2_ For those sites not following that standard (whether they declare it in their privacy policy or not), the user can be tracked down, and certain web browsers will not protect your privacy using their standard methods (while the user thinks it is enough to protect his privacy, but it isn't).
-
1_ Google said it will follow a certain recognized standard, and it didn't follow that standard. If the standard were to be followed, then no "extra" track down of users would had happened.
2_ For those sites not following that standard (whether they declare it in their privacy policy or not), the user can be tracked down, and certain web browsers will not protect your privacy using their standard methods (while the user thinks it is enough to protect his privacy, but it isn't).
1. Which article are you refering to..? (http://support.google.com/accounts/bin/answer.py?hl=en&answer=151657)
2. Well, there's also Firefox... ;)
-
1_ Google said it will follow a certain recognized standard, and it didn't follow that standard. If the standard were to be followed, then no "extra" track down of users would had happened.
2_ For those sites not following that standard (whether they declare it in their privacy policy or not), the user can be tracked down, and certain web browsers will not protect your privacy using their standard methods (while the user thinks it is enough to protect his privacy, but it isn't).
1. Which article are you refering to..? (http://support.google.com/accounts/bin/answer.py?hl=en&answer=151657)
2. Well, there's also Firefox... ;)
1. Both. The final point is not about one company or the other are not exactly telling the truth. Is about sites' "real" privacy policy.
2. Yes, or IE9 (as MS "now" recommends) but the user needs to find the exact add-on to protect his privacy, and then know about all those new "tricks" popping out every day, and keep searching for new solutions... Just as with other security related issues, it never ends and no solution is permanently safe.
-
A look at ASLR in Android Ice Cream Sandwich 4.0
http://blog.duosecurity.com/2012/02/a-look-at-aslr-in-android-ice-cream-sandwich-4-0/
-
ASLR to be mandatory for binary Firefox extensions
http://www.h-online.com/security/news/item/ASLR-to-be-mandatory-for-binary-Firefox-extensions-1443131.html
-
How we broke the NuCaptcha video scheme and what we propose to fix it
http://elie.im/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it/
-
Anonymous Supporters Tricked into Installing Zeus Trojan
http://www.symantec.com/connect/blogs/anonymous-supporters-tricked-installing-zeus-trojan
-
Mozilla introduces Collusion, a new tracking mapper add-on
http://www.h-online.com/security/news/item/Mozilla-introduces-Collusion-a-new-tracking-mapper-add-on-1445357.html
https://www.mozilla.org/en-US/collusion/
https://www.mozilla.org/en-US/collusion/demo/
-
Attacking the Washington, D.C. Internet Voting System
https://jhalderm.com/pub/papers/dcvoting-fc12.pdf
-
Adobe SWF Investigator
http://labs.adobe.com/technologies/swfinvestigator/
-
The Symantec Smartphone Honey Stick Project
http://www.symantec.com/connect/blogs/introducing-symantec-smartphone-honey-stick-project
http://www.symantec.com/content/en/us/about/presskits/b-symantec-smartphone-honey-stick-project.en-us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2012Mar_worldwide_honeystick
-
Framesniffing against SharePoint and LinkedIn
http://www.contextis.com/research/blog/framesniffing/
-
Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan
http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan
-
CyanogenMod 9 to ship without default root access
http://www.h-online.com/security/news/item/CyanogenMod-9-to-ship-without-default-root-access-1474741.html
http://www.cyanogenmod.com/blog/security-and-you
-
Twitter Bots Target Tibetan Protests
http://krebsonsecurity.com/2012/03/twitter-bots-target-tibetan-protests/
-
Firefox To Use Google Secure Search By Default
http://searchengineland.com/firefox-to-use-google-secure-search-by-default-116231
-
2012 Data Breach Investigations Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
-
Firefox 3.6.x approaches end of life
http://www.h-online.com/security/news/item/Firefox-3-6-x-approaches-end-of-life-1479643.html
http://blog.mozilla.com/futurereleases/2012/03/23/upcoming-firefox-support-changes/
http://weblogs.mozillazine.org/asa/archives/2012/03/the-end-of-support-f.html
-
Microsoft and Financial Services Industry Leaders Target Cybercriminal Operations from Zeus Botnets
http://blogs.technet.com/b/microsoft_blog/archive/2012/03/25/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets.aspx
http://www.microsoft.com/presspass/presskits/dcu/
http://www.microsoft.com/Presspass/press/2012/mar12/03-25CybercrimePR.mspx
http://www.zeuslegalnotice.com/images/Complaint_w_Appendices.pdf
https://zeustracker.abuse.ch/statistic.php
https://zeustracker.abuse.ch/monitor.php
-
Mozilla calls for tighter controls on sub-CAs
http://www.h-online.com/security/news/item/Mozilla-calls-for-tighter-controls-on-sub-CAs-1484643.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/d239c42ef880c71a
-
Twitter Bots Target Tibetan Protests
http://krebsonsecurity.com/2012/03/twitter-bots-target-tibetan-protests/
http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/
http://labs.alienvault.com/labs/index.php/2012/targeted-attacks-against-tibet-organizations/
-
Doubts over necessity of SHA-3 cryptography standard
http://www.h-online.com/security/news/item/Doubts-over-necessity-of-SHA-3-cryptography-standard-1498071.html
-
Pastebin to hire staff to tackle hackers' 'sensitive' posts
http://www.bbc.com/news/technology-17544311
http://www.bbc.com/news/technology-17524822
-
Adobe “Malware Classifier” Tool
http://blogs.adobe.com/asset/2012/03/presenting-malware-classifier-tool.html
https://sourceforge.net/adobe/malclassifier
http://sourceforge.net/projects/malclassifier.adobe/files/
-
Mozilla is Blocklisting Older Versions of Java
http://blog.mozilla.com/addons/2012/04/02/blocking-java/
https://addons.mozilla.org/en-US/firefox/blocked/p80
-
Hotel Wifi JavaScript Injection
http://justinsomnia.org/2012/04/hotel-wifi-javascript-injection/
-
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html
-
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html
They are talking of the very same things in the UK, estimated to cost business £2BN to implement the measures. But there are very hostile reactions about it, from the various privacy groups, the public and a lot of opposition in Parliament and the Lords.
-
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html
They are talking of the very same things in the UK, estimated to cost business £2BN to implement the measures. But there are very hostile reactions about it, from the various privacy groups, the public and a lot of opposition in Parliament and the Lords.
Hope it can be stopped in the UK...!! :(
Against the US law we can sign this...
CISPA Petition: https://secure.avaaz.org/en/stop_cispa/
-
Discovering a Major Security Hole in Facebook's Android SDK
http://blog.parse.com/2012/04/10/discovering-a-major-security-hole-in-facebooks-android-sdk/
-
Stuxnet Loaded by Iran Double Agents
http://www.isssource.com/stuxnet-loaded-by-iran-double-agents/
-
Firefox gets click-to-play option for plugins
http://www.h-online.com/security/news/item/Firefox-gets-click-to-play-option-for-plugins-1520514.html
https://msujaws.wordpress.com/2012/04/11/opting-in-to-plugins-in-firefox/
https://wiki.mozilla.org/Opt-in_activation_for_plugins
-
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html
Week of Action On CISPA Preceding "Cybersecurity Week" in the House
https://www.cdt.org/pr_statement/week-action-cispa-preceding-cybersecurity-week-house
Administration pushes against bipartisan House cybersecurity legislation
http://thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa
-
Anonymous deploys Zerobin to create AnonPaste
http://www.h-online.com/security/news/item/Anonymous-deploys-Zerobin-to-create-AnonPaste-1544706.html
-
Adventures with iOS UIWebviews
http://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews/
-
The anatomy of Flashback/Flashfake
http://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1
-
A little strange to see an Asyn and an Asyn.B ???
Confusion Reigns ???
-
A little strange to see an Asyn and an Asyn.B ???
Confusion Reigns ???
Don't worry Bob, the one with the ".B" is just my test account. ;)
Have a nice sunday,
Asyn
-
A little strange to see an Asyn and an Asyn.B ???
Confusion Reigns ???
Don't worry Bob, the one with the ".B" is just my test account. ;)
Have a nice sunday,
Asyn
Testing what.......to see if we get confused?
it worked ;D
-
Testing what.......to see if we get confused?
it worked ;D
Well, not really. ;)
Sorry, that it worked, though.... ;D
-
i thought it was your brother ;D
-
i thought it was your brother ;D
Because of the ".B"..??
Well, no brother here, I'm not t*** i***** ;D
-
i thought it was your brother ;D
Because of the ".B"..??
Well, no brother here, I'm not t*** i***** ;D
My alter ego very seldom makes an appearance....
So what is yours testing ???
-
My alter ego very seldom makes an appearance....
So what is yours testing ???
I'll send you a PM shortly.
We're getting OT here. ;)
-
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html
Week of Action On CISPA Preceding "Cybersecurity Week" in the House
https://www.cdt.org/pr_statement/week-action-cispa-preceding-cybersecurity-week-house
Administration pushes against bipartisan House cybersecurity legislation
http://thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa
Resistance against US cyber security act is growing
http://www.h-online.com/security/news/item/Resistance-against-US-cyber-security-act-is-growing-1557861.html
-
TVs and Blu-ray players vulnerable to DoS attacks
http://www.h-online.com/security/news/item/TVs-and-Blu-ray-players-vulnerable-to-DoS-attacks-1558245.html
http://aluigi.org/adv/samsux_1-adv.txt
-
Microsoft Security Intelligence Report (SIR) #12
http://www.microsoft.com/security/sir/default.aspx
http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_English.pdf
http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_Key_Findings_Summary_English.pdf
http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_Worldwide_Threat_Assessment_English.pdf
-
SSL Pulse - To Make SSL More Secure and Pervasive
https://www.trustworthyinternet.org/blog/2012/4/25/ssl-pulse-to-make-ssl-more-secure-and-pervasive.html
https://www.trustworthyinternet.org/ssl-pulse/
-
The Tor Project's New Tool Aims To Map Out Internet Censorship
http://www.forbes.com/sites/andygreenberg/2012/04/30/the-tor-projects-new-tool-aims-to-map-out-internet-censorship/
http://ooni.nu/
-
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html
Week of Action On CISPA Preceding "Cybersecurity Week" in the House
https://www.cdt.org/pr_statement/week-action-cispa-preceding-cybersecurity-week-house
Administration pushes against bipartisan House cybersecurity legislation
http://thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa
Resistance against US cyber security act is growing
http://www.h-online.com/security/news/item/Resistance-against-US-cyber-security-act-is-growing-1557861.html
Mozilla Slams CISPA, Breaking Silicon Valley's Silence On Cybersecurity Bill
http://www.forbes.com/sites/andygreenberg/2012/05/01/mozilla-slams-cispa-breaking-silicon-valleys-silence-on-cybersecurity-bill/
-
Flash 11.3 to bring protected mode for Firefox
http://www.h-online.com/security/news/item/Flash-11-3-to-bring-protected-mode-for-Firefox-1569608.html
-
OpenX Promises Fix for Rogue Ads Bug
http://krebsonsecurity.com/2012/05/openx-promises-fix-for-rogue-ads-bug/
-
Sigrok: open source framework for logic analysers
http://www.h-online.com/security/news/item/Sigrok-open-source-framework-for-logic-analysers-1567131.html
http://sigrok.org/wiki/Main_Page
-
DNSCrypt for Windows has arrived
http://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://www.opendns.com/technology/dnscrypt/
-
OpenVAS-5 released: New Asset-Management, Delta-Reports and embedded SCAP-Data
http://www.openvas.org/news_archive.html#openvas5
http://www.openvas.org/download.html
-
Fraunhofer SIT Study: On the Security of Cloud Storage Services
Providers don't meet security requirements
http://www.sit.fraunhofer.de/en/cloudstudy.html
http://www.sit.fraunhofer.de/content/dam/sit/en/studies/Cloud-Storage-Security_a4.pdf
http://www.sit.fraunhofer.de/content/dam/sit/en/studies/Addendum.pdf
-
Worth Reading: Confessions of a botnet operator
http://www.h-online.com/security/news/item/Worth-Reading-Confessions-of-a-botnet-operator-1574453.html
-
.secure domains require proof of security
http://www.h-online.com/security/news/item/secure-domains-require-proof-of-security-1577683.html
https://www.artemis.net/who-should-get-secure.html
https://www.artemis.net/ncc-group.html
-
Twitter refines tracking, adds Do Not Track support
http://www.h-online.com/security/news/item/Twitter-refines-tracking-adds-Do-Not-Track-support-1579020.html
-
A closer look into the RSA SecureID software token
http://www.sensepost.com/blog/7045.html
http://arstechnica.com/security/2012/05/rsa-securid-software-token-cloning-attack/
-
Big Brother (SpyEye films you)
https://www.securelist.com/en/blog/208193513/Big_Brother
-
A Tale of Two Pwnies (Part 1)
http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html
-
Off-Path TCP Sequence Number Inference Attack, enabled by Sequence-Number-Checking Firewall Middleboxes
http://web.eecs.umich.edu/~zhiyunq/tcp_sequence_number_inference/
http://web.eecs.umich.edu/~zhiyunq/pub/oakland12_TCP_sequence_number_inference.pdf
http://arstechnica.com/security/2012/05/smartphone-hijacking-on-att-47-other-carriers/
-
McAfee Q1 Threats Report Finds Significant Malware Increase Across All Platforms
http://www.mcafee.com/us/about/news/2012/q2/20120523-01.aspx
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2012.pdf
-
Android Malware Genome Project launched
http://www.h-online.com/security/news/item/Android-Malware-Genome-Project-launched-1583915.html
http://web.ncsu.edu/abstract/technology/wms-android-genome/
http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf
-
The quest to replace passwords
http://www.lightbluetouchpaper.org/2012/05/22/the-quest-to-replace-passwords/
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.html
http://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf
-
Say hello to Tinba: World’s smallest trojan-banker
http://www.csis.dk/en/csis/news/3566/
-
The science of password guessing
http://www.lightbluetouchpaper.org/2012/05/24/the-science-of-password-guessing/
http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-analyzing_70M_anonymized_passwords.pdf
-
Worth Reading: Apple explains iOS security
http://www.h-online.com/security/news/item/Worth-Reading-Apple-explains-iOS-security-1589183.html
http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
-
Do Not Track: It’s the user’s voice that matters
http://blog.mozilla.org/privacy/2012/05/31/do-not-track-its-the-users-voice-that-matters/
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/05/31/advancing-consumer-trust-and-privacy-internet-explorer-in-windows-8.aspx
-
Md5crypt Password scrambler is no longer considered safe by author
http://phk.freebsd.dk/sagas/md5crypt_eol.html?highlight=md5#md5crypt-password-scrambler-is-no-longer-considered-safe-by-author
-
Simple authentication bypass for MySQL root revealed
http://www.h-online.com/security/news/item/Simple-authentication-bypass-for-MySQL-root-revealed-1614990.html
http://seclists.org/oss-sec/2012/q2/493
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
-
Ghost USB honeypot released
http://www.honeynet.org/node/871
https://honeynet.org/hpsoc/slot1
http://code.google.com/p/ghost-usb-honeypot/
-
Malware Hunting with the Sysinternals Tools
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302
http://video.ch9.ms/teched/2012/na/SIA302.mp4
http://video.ch9.ms/teched/2012/na/SIA302.wmv
-
Why Do Nigerian Scammers Say They are From Nigeria?
http://research.microsoft.com/apps/pubs/default.aspx?id=167713
http://research.microsoft.com/pubs/167713/WhyFromNigeria.pdf
-
Bypassing ASLR and DEP on Adobe Reader X
http://esec-lab.sogeti.com/post/Bypassing-ASLR-and-DEP-on-Adobe-Reader-X
-
ACAD/Medre.A – 10000′s Of AutoCAD Files Leaked in Suspected Industrial Espionage
http://www.eset.com/about/blog/blog/article/acadmedre-10000s-of-autocad-files-leaked-in-suspected-industrial-espionage/
-
The page at accounts.google.com says:
This is the story of how one temporarily made $1566.85 an hour with Google’s vulnerability rewards program
http://www.talesofacoldadmin.com/2012/06/18/the-page-at-accounts-google-com-says/
http://www.slideshare.net/goldshlager19/nir-goldshlager-killing-a-bug-bounty-program-twice-hack-in-the-box-2012
-
Operation High Roller: online banking fraud on a grand scale
http://www.h-online.com/security/news/item/Operation-High-Roller-online-banking-fraud-on-a-grand-scale-1626663.html
http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf
-
John the Ripper 1.7.9-jumbo-6
http://www.openwall.com/lists/john-users/2012/06/29/1
http://www.openwall.com/john/
-
Source code for the Zemra crimeware bot released
http://www.h-online.com/security/news/item/Source-code-for-the-Zemra-crimeware-bot-released-1631420.html
http://www.symantec.com/connect/blogs/ddos-attacks-zemra-bot
-
Trojan.Milicenso: Infection through .htaccess Redirection
http://www.symantec.com/connect/blogs/trojanmilicenso-infection-through-htaccess-redirection
http://www.symantec.com/connect/blogs/trojanmilicenso-paper-salesman-s-dream-come-true
-
Operation High Roller: online banking fraud on a grand scale
http://www.h-online.com/security/news/item/Operation-High-Roller-online-banking-fraud-on-a-grand-scale-1626663.html
http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf
“High Roller” online bank robberies reveal security gaps
http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-enisa-201chigh-roller201d-online-bank-robberies-reveal-security-gaps
-
Android Security Overview
http://source.android.com/tech/security/
-
Exploit Mitigations in Android Jelly Bean 4.1
https://blog.duosecurity.com/2012/07/exploit-mitigations-in-android-jelly-bean-4-1/
-
Researchers criticise the iPhone's PIN storing practice
http://www.h-online.com/security/news/item/Researchers-criticise-the-iPhone-s-PIN-storing-practice-1644874.html
http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords-faq.pdf
-
when i updated my license tha is to expire next month i never got my new license/ how do i fiud it so i can insert it
-
when i updated my license tha is to expire next month i never got my new license/ how do i fiud it so i can insert it
Sorry, but you're OT here. ;)
Click this link to open a new topic in the right section: http://forum.avast.com/index.php?action=post;board=2.0
Thanks.
-
Grum, World's Third-Largest Botnet, Knocked Down
http://blog.fireeye.com/research/2012/07/grum-botnet-no-longer-safe-havens.html
http://blog.fireeye.com/research/2012/07/grum-cncs-just-a-few-more-to-go.html
http://blog.fireeye.com/research/2012/07/killing-the-beast-part-5.html
-
Nominations for Pwnie Awards 2012
http://pwnies.com/nominations/
-
VirusTotal += Behavioural Information
http://blog.virustotal.com/2012/07/virustotal-behavioural-information.html
-
Web Application Attack Report For The Second Quarter of 2012
http://www.firehost.com/company/newsroom/web-application-attack-report-second-quarter-2012
-
My Arduino can beat up your hotel room lock
http://demoseen.com/bhpaper.html
-
From Bahrain With Love: FinFisher’s Spy Kit Exposed?
https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/3/
https://citizenlab.org/wp-content/uploads/2012/07/09-2012-frombahrainwithlove.pdf
-
EFI rootkit for Macs demonstrated
http://www.h-online.com/security/news/item/EFI-rootkit-for-Macs-demonstrated-1655108.html
http://ho.ax/De_Mysteriis_Dom_Jobsivs_Black_Hat_Paper.pdf
-
Technical Analysis of the Top BlueHat Prize Submissions
http://blogs.technet.com/b/srd/archive/2012/07/26/technical-analysis-of-the-top-bluehat-prize-submissions.aspx
-
Attack Surface Analyzer 1.0 Released
http://blogs.msdn.com/b/sdl/archive/2012/08/02/attack-surface-analyzer-1-0-released.aspx
http://www.microsoft.com/en-us/download/details.aspx?id=24487
-
How Apple and Amazon Security Flaws Led to My Epic Hacking
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
-
New Burp Proxy cracks Android SSL
http://www.h-online.com/security/news/item/New-Burp-Proxy-cracks-Android-SSL-1663112.html
http://releases.portswigger.net/2012/08/v1412.html
http://portswigger.net/burp/download.html
-
Locating the Source of Diffusion in Large-Scale Networks
http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf
-
The Mystery of the Encrypted Gauss Payload
http://www.securelist.com/en/blog/208193781/The_Mystery_of_the_Encrypted_Gauss_Payload
-
***
webOS GBU to become quasi-independent cloud and UX company: meet GRAM
If you've been wondering where HP's webOS Global Business Unit was going under the leadership of HP Chief of Staff Martin Risau, you're not alone. For a while now we've been wondering what the next steps would be for the webOS group after finishing out the roadmap to Open webOS 1.0 next month. Coming soon will be a new page in the saga of Palm, with a new rebranding and product focus as GRAM.
Read more at :
http://www.webosnation.com/webos-gbu-become-quasi-independent-company-focused-user-experience-and-cloud-meet-gram
***
-
***
HP Says Its Windows 8 Tablet Will Include 'Unique' Technology
Despite last year's epic failure of the TouchPad, Hewlett-Packard still believes it can knock Apple's iPad off its lofty perch in the enterprise tablet market.
HP has been teasing its forthcoming Windows 8 tablet in television commercials and will have more information to share about the device "pretty soon," said John Solomon, senior vice president of Americas sales for HP's printing and personal systems division, in an interview last week.
"We will be very focused on the commercial tablet opportunity, which is completely under penetrated. And, we have some unique intellectual property that we're going to apply," Solomon told CRN.
Solomon declined to elaborate on the unique technology HP's Windows 8 tablet will contain, but he did paint it as a product that is tailor-made for the channel. Judging from his characterization, it appears that HP will target vertical markets in its initial Windows 8 tablet push.
Read more at :
http://www.crn.com/news/mobility/240005447/hp-says-its-windows-8-tablet-will-include-unique-technology.htm?cid=crnbuzz
***
-
***
Microsoft Visual Studio 2012, .NET 4.5 Released to the Web
Visual Studio 2012 and .NET 4.5 are the tools that form the backbone for developing on Windows 8, and Microsoft has released them more than two months ahead of the Oct. 26 planned release of Windows 8 to give developers a head start on building apps for the platform.
Jason Zander, Microsoft’s vice president of Visual Studio, said MSDN subscribers can download Visual Studio 2012 immediately at the MSDN Subscriber Download Page, and volume licensing customers will be able to download starting Aug. 16 from the Volume Licensing Service Center.
Developers also will be able to find Visual Studio in stores in the next month or so, as well as some availability to purchase it through the Visual Studio product Website in the next few days, Zander said. Moreover, to evaluate the free trial versions or download Microsoft’s free Express products, developers can go to the Visual Studio product Website.
Read more at :
http://www.eweek.com/c/a/Application-Development/Microsoft-Visual-Studio-2012-NET-45-Released-to-the-Web-222177/?kc=EWKNLEDP08172012B
***
-
Microsoft's security software modifies HOSTS file
http://www.h-online.com/security/news/item/Microsoft-s-security-software-modifies-HOSTS-file-1670927.html
-
Me, that is what I hate about MS, its autocratic attitude that it knows best. Yet again Windows Defender sticks it nose in. I was really hacked off when I found that I could only disable this piece of cr4p and not completely uninstall it in win7.
-
autocratic attitude
+1
It's NOT security related.
-
autocratic attitude
+1
It's NOT security related.
Well technically it is security related, as not only can it be used legitimately to block access to sites you don't want to visit and doubleclick would be one of those (that MS removes). It can also be used illegally by redirecting a legit site to a malicious one.
But me, I would rather look after my own security and I don't even use the hosts file for that (AdBlockPlus, RequestPolicy and Firewall rather than the hosts file). It doesn't stop me getting angry about the autocratic attitude and actions though.
-
Me, that is what I hate about MS, its autocratic attitude that it knows best. Yet again Windows Defender sticks it nose in.
Dave, I couldn't agree with you more.
-
FF: Exposing add-on objects to content safely
https://blog.mozilla.org/addons/2012/08/20/exposing-objects-to-content-safely/
-
***
Foxconn improves worker conditions 'ahead of schedule'
Foxconn, Apple's main manufacturer in China, has taken steps to improve working hours and conditions, said the US-based Fair Labor Association (FLA).
Health breaks and measures to guard against repetitive stress injury were some of the changes the FLA found after an inspection.
The report said Foxconn was ahead of schedule in implementing the FLA's recommendations.
Foxconn also produces motherboards for PCs.
Read more at :
http://www.bbc.co.uk/news/business-19340128
***
-
***
Inside Intellectual Ventures, the most hated company in tech
Nathan Myhrvold and other executives at the controversial company say critics simply don't understand what they're doing. CNET went behind the scenes to understand what 40,000 patents and an unapologetic plan to make money from them really means.
To many in the high-tech business, a troll plots his schemes in a white office building on a hill in this leafy suburb of Seattle.
This is the home of Intellectual Ventures, which, depending on whom you ask, is either the biggest, most aggressive patent troll on the planet or a pioneering company that's helping inventors get their fair share.
Read more at :
http://news.cnet.com/8301-13578_3-57496641-38/inside-intellectual-ventures-the-most-hated-company-in-tech/
***
-
Security Analysis and Decryption of Lion Full Disk Encryption
http://eprint.iacr.org/2012/374.pdf
-
this may have been posted already ?
Firefox OS for mobile http://www.mozilla.org/en-US/b2g/
-
Microsoft analyzes over a million PC failures, results shatter enthusiast myths
http://www.extremetech.com/gaming/131739-microsoft-analyzes-over-a-million-pc-failures-results-shatter-enthusiast-myths
-
Java 7 0-Day vulnerability information and mitigation
http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
-
***
Inside Huawei, the Chinese tech giant that's rattling nerves in DC
Chen Lifang is a board member and senior vice president at Huawei, the giant telecommunications gear maker based here. She's digesting news that broke a day earlier that the U.S. House Intelligence Committee has increased the pressure it's putting on the company to disclose details about its ties to the Chinese government. The bombshell came in the form of a letter, released to the media, from the committee's chairman and the ranking Democrat to Huawei founder and Chairman Ren Zhengfei.
Really, the letter was more of an 11-page laundry list of accusations, wrapped around questions about everything from funding the company has allegedly received from the Chinese government to queries about how board members got their posts. In the letter, Congressmen Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.) said they were investigating "the threat posed to our critical infrastructure and counter-intelligence posture by companies with potential ties to the Chinese government."
In June and July, CNET visited Huawei's headquarters here, as well as its giant research and development operation in Shanghai and a research facility in Santa Clara, Calif. Huawei provided an in-depth look a company that's a rare breed -- a Chinese tech giant that's not merely cheap, outsourced manufacturing for Western electronics customers.
Huawei is the second largest telecommunications equipment maker in the world, behind only Sweden's Ericsson. It generated $32 billion in revenue last year, selling its networking technology to such global giants as Vodafone, Bell Canada and Telekom Malaysia, though only smaller U.S. carriers Leap and Clearwire use the company's gear. Huawei's heft has allowed it to pour resources into adjacent markets, such as mobile handset development and data center technology that's already paying off with new customers and billions more in revenue. This (past) winter's Mobile World Congress in Barcelona was something of a coming out party for Huawei's consumer business, where it unveiled what it claims is the world's fastest mobile phone, the Ascend D Quad.
See & read more at :
http://news.cnet.com/8301-1035_3-57484472-94/inside-huawei-the-chinese-tech-giant-thats-rattling-nerves-in-dc/
***
-
Dropbox tests two-factor authentication
http://www.h-online.com/security/news/item/Dropbox-tests-two-factor-authentication-1676276.html
-
***
Motorola will unveil Intel-powered smartphone on September 18th in London
Earlier in the year, Motorola announced a partnership with Intel in which they would utilize their chips for select smartphones. We haven’t heard a peep until now. Motorola is sending out invites for an event in London on September 18th.
See & read more at :
http://www.talkandroid.com/129983-motorola-will-unveil-intel-powered-smartphone-on-september-18th-in-london/
I posted this in Technical as it is unusual for Intel chips to be in smart phones these days ... a technical oddity.
And who owns Motorola these days? It's Google.
***
-
***
AMD Targets Servers, Virtualization With New FirePro GPUs
What AMD is referring to as its most powerful dual- and single-slot server graphics cards to date, the new S9000 and S7000 are said to reduce server power consumption by up to 95 percent at idle, yielding overall data center cost savings and more efficient management for compute-intensive workloads, such as those demanded of computer-aided design (CAD) and media and entertainment apps.
Read more at :
http://www.crn.com/news/components-peripherals/240006416/amd-targets-servers-virtualization-with-new-firepro-gpus.htm?cid=nl_crn
***
-
***
VMware Unveils Bundle For Managing Mobile Desktops, Devices
A day after unveiling a cloud infrastructure bundle, VMware on Tuesday unveiled a bundle that aims to solve thorny IT issues arising from the flooding of personal devices into the workplace.
VMware's Horizon Suite, currently in alpha and slated to enter beta by the end of the year, lets IT departments manage and set policies for the data and apps that end users access from notebooks, tablets and smartphones while they're outside the firewall. Using a Web console, IT managers can build a service catalog for all of its data and applications.
Horizon Suite can now manage Android and iOS apps, and it can also keep personal and corporate apps separated on a device. IT can set policies for corporate data, preventing corporate data from being copied onto the personal side.
Read more at :
http://www.crn.com/news/mobility/240006421/vmworld-vmware-unveils-bundle-for-managing-mobile-desktops-devices.htm?cid=nl_crn
***
-
***
The 30 Hottest Tech Releases In August
Tech Releases Continue To Heat Up
From high-profile releases, including the Samsung Galaxy Note 10.1 and the latest version of Apple's Mac OS X, to more niche plays such as AMD's new FirePro APUs and Toshiba's PX-series SSDs, there was something for everyone.
For solution providers, identifying the potential for new business opportunities that accompany releases can be the key to getting ahead of the curve in various market trends
See & read more at :
http://www.crn.com/slide-shows/channel-programs/240006441/the-30-hottest-tech-releases-in-august.htm?pgno=1
***
-
***
Multi-screen mania: how our devices work together
It turns out that 90 percent of people move between devices to accomplish a task, with virtually all of those people completing their task in one day. The most popular starting point is the smartphone, which is used to gather information, shop online and engage in social networking. In most cases, the tasks are continued on a PC though tablets are also becoming a popular option for continuing social networking and watching videos. Shopping, for example, is a popular task, with 67 percent of respondents moving from screen to screen to complete a purchase.
Read more at :
http://gigaom.com/2012/08/29/multi-screen-mania-how-our-devices-work-together/
***
-
***
The pros and cons of cloud storage
Storage requirements are growing exponentially and, as a result, companies are looking for alternatives to traditional tape-based solutions. The cloud can provide a cost-effective storage alternative, but it may not be the right solution for every case.
Read more at :
http://www.continuitycentral.com/feature0998.html
***
-
***
Most Americans Confused By Cloud Computing According to National Survey
The survey of more than 1,000 American adults was conducted in August 2012 by Wakefield Research and shows that while the cloud is widely used, it is still misunderstood. For example, 51 percent of respondents, including a majority of Millennials, believe stormy weather can interfere with cloud computing. Nearly one third see the cloud as a thing of the future, yet 97 percent are actually using cloud services today via online shopping, banking, social networking and file sharing. Despite this confusion, three in five (59 percent) believe the “workplace of the future” will exist entirely in the cloud, which indicates people feel it’s time to figure out the cloud or risk being left behind in their professional lives.
Read much more at :
http://www.citrix.com/English/NE/news/news.asp?newsID=2328309
***
-
***
HP Targets Apple IT Consumerization With Windows 8 Blitz
Hewlett-Packard (NYSE:HPQ) is poised to mount a massive product and sales offensive around Windows 8 aimed at taking the wind out of rival Apple (NSDQ:AAPL)’s momentum, which is being driven in large part by the consumerization of IT.
This fall, HP will launch a massive product and channel sales offensive around Windows 8 aimed at challenging Apple on a number of fronts, HP Director of Americas Channel Marketing Matt Smith told CRN Tuesday.
Read more at :
http://www.crn.com/news/applications-os/240005925/hp-targets-apple-it-consumerization-with-windows-8-blitz.htm
***
-
***
Amazon refreshes Kindles, including cheaper Fire
Amazon.com Inc. refreshed its Kindle line of gadgets on Thursday. It updated its Kindle Fire tablet computer and announced new stand-alone e-reader models. The Fire will be an effort to take a larger share of a tablet computer market dominated by Apple's iPad. It could help Amazon boost sales of digital goods such as e-books and movies.
Consumer electronics makers are trying to generate interest in their products now, before Apple announces a new iPhone and possibly a mini iPad next week.
Read more at :
http://my.earthlink.net/article/tec?guid=20120906/86c84e1f-75dc-4b0a-bd75-37882cd82e98
***
-
***
Microsoft’s September Patch Tuesday Easy; October, Not So Much
Page 1
September's Microsoft Patch Tuesday preview is shaping up to be a fairly simple one with only two bulletins in a list that is usually much longer. Both are rated as "important" and relate to privilege escalation vulnerabilities, which usually imply that the attacker already has some malware on the system in order to conduct the exploit.
Page 2
While the September Patch Tuesday is being characterized as a "walk in the park," the upcoming October counterpart is likely to be a completely different story.
Read more at :
http://www.crn.com/news/security/240006892/microsoft-8217-s-september-patch-tuesday-easy-october-not-so-much.htm?cid=nl_sec
***
-
***
Microsoft Bing to Google: Our Search Is Better Than Your Search
Microsoft is asking millions of Web searchers to break their longtime Google search habits and give the software giant's Bing search engine a new try in a catchy "Bing It On Challenge" that is aimed at growing Bing's market share in the search wars.
The "Bing It On" campaign was born out of a recent search study commissioned by Microsoft that looked at user opinions on the search engines they were using and the accuracy of the results they were getting, according to a post by Mike Nichols, chief marketing officer for Bing, on the Bing Search Blog.
Read both pages at :
http://www.eweek.com/c/a/Search-Engines/Microsoft-Bing-to-Google-Our-Search-Is-Better-Than-Your-Search-148401/?kc=EWKNLEDP09072012B
( After a year of using both search engines, I have to agree in that Bing gives me results that are more of what I'm looking for with less of the 'crap' results I get in Google which have almost nothing, and in many cases, nothing at all to do with what I'm looking for.)
***
-
***
Lexmark To Lay Off 1,700 & Exits Inkjet Business
Lexmark International plans to lay off 1,700 people and exit the inkjet printer business, part of a major restructuring for the Lexington, Ky.-based company.
The company said it will continue to service and support its existing inkjet customer base.
Read more at :
http://www.crn.com/news/components-peripherals/240006338/lexmark-to-lay-off-1-700-exits-inkjet-business.htm
***
-
( After a year of using both search engines, I have to agree in that Bing gives me results that are more of what I'm looking for with less of the 'crap' results I get in Google which have almost nothing, and in many cases, nothing at all to do with what I'm looking for.)
Totally agree, iv converted myself plus all my friends and family over to Bing these days and it's a much better search engine, i really dont touch anything that google ( not even android devices ) :)
-
According to PCWorld, Google bought VirusTotal. They said that VirusTotal said it will continue to operate independently of Google. According to PC Magazine, VirusTotal announced the purchase in a blog post on Friday. They also said that VirusTotal said that the two companies had been partners for some time.
-
http://www.pcworld.com/article/262047/google_buys_browserbased_malware_scanner_virustotal.html (http://www.pcworld.com/article/262047/google_buys_browserbased_malware_scanner_virustotal.html)
-
GoDaddy suffers major outage (http://www.geek.com/articles/geek-cetera/godaddy-suffers-major-outage-20120910/)
-
***
Intel Dabbles In Science Fiction
Computers that simply do the sames things faster and faster are becoming boring. Been there, done that. But a device that can detect and interpret your emotions? Or intelligently organize a meeting, knowing that one of the participants is jogging at the time? That’s a more interesting proposition. Intel, perhaps surprisingly, is working on both.
Read more at :
http://www.readwriteweb.com/enterprise/2012/09/intel-dabbles-in-science-fiction.php
***
-
***
Public, Private Cloud Markets Set to Soar as Enterprise Adoption Grows
With enterprises continuing to adopt cloud computing, analysts see continued growth in both public and private cloud investment—with worldwide spending on public IT cloud services set to exceed $40 billion in 2012 and reach nearly $100 billion by 2016, according to IDC.
The research firm forecasts that from 2012 to 2016, public IT cloud services will see gains at a compound annual growth rate (CAGR) of 26.4 percent—five times that of the IT industry overall, as companies accelerate their shift to the cloud services model for IT consumption.
Read more at :
http://www.eweek.com/c/a/Cloud-Computing/Public-Private-Cloud-Markets-Set-to-Soar-as-Enterprise-Adoption-Grows-586161/?kc=EWKNLEDP09122012E
***
-
***
GoDaddy: Outage Caused By Network Failure, Not Anonymous Hack
Web hosting and email services company GoDaddy said Tuesday the outage that disrupted its operations for several hours Monday was caused by a networking issue and not by an attack from Anonymous, as the hacker group claimed.
GoDaddy experienced intermittent service interruptions from 10 a.m. PST to 4 p.m. PST Monday, affecting an undetermined number of its 10.5 million customers. Scott Wagner, CEO of GoDaddy, issued a statement Tuesday, denying the outage was caused by an outside attack and apologizing for the event.
"The service outage was not caused by external influences," Wagner said in a statement posted on GoDaddy's website. "It was not a 'hack' and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables."
Wagner said customer data was not at risk. "We have let our customers down and we know it," he said.
Read more at :
http://www.crn.com/news/networking/240007163/godaddy-outage-caused-by-network-failure-not-anonymous-hack.htm?cid=nl_crn&elq=ecadb80cf8844f0a9d2076808386f115&elqCampaignId=
***
-
well, I have to type my message all over again because the verification I typed in didn't work and it deleted my message rather than hold it and ask for another code. Thanks jerks.
This is the worst security company I have dealt with and I will never pay for another round. My avast service was deleted from my computer and it is HELL trying to get it back. I am not a technical user and their system is not user friendly. So I lost my money just like my friend who bought the security system but it would not load and it was impossible to get help from avast. So they just kept her money. No wonder avast has been hacked so many times. Obviously from users they have cheated. Does 'crooked company' ring a bell?
-
Well I guess you haven't come for help or you would have asked.
If you want help - Please start a New Topic of your own here http://forum.avast.com/index.php?board=2.0 (http://forum.avast.com/index.php?board=2.0) (click the New topic button at the top of the page) as this is unrelated and will just confuse the topic and we will try to help.
If it is virus related then start a new topic, here http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) in the viruses and worms forum.
If you are within the first 30 days there is nothing to stop you asking for a refund at sales (at) avast (dot) com. Avast aren't crooks.
-
***
Neither did you tell us where you & your friend got your copies of Avast from.
Did both of you get them from some other site rather than from the official Avast site?
And, as David mentioned above, this is the wrong thread in which to be posting this subject.
***
-
***
GoDaddy Offers Users One-Month Credit Following Outage
Website hoster and email service provider GoDaddy says it will give customers a free month of service following an outage that took the company offline for six hours Monday.
The credit will be applicable for each website owned by a customer, GoDaddy CEO Scott Wagner wrote in a letter to customers.
Wagner also apologized for the outage. "We let you down and we know it. We take our responsibilities -- and the trust you place in us -- very seriously," Wagner wrote in the letter, published by The Los Angeles Times. "I can not express how sorry I am to those of you who were inconvenienced."
Read more at :
http://www.crn.com/news/cloud/240007323/godaddy-offers-users-one-month-credit-following-outage.htm?cid=nl_crn&elq=f5bd5135c38a42468180e88b4c3b98ca&elqCampaignId=1165
***
-
***
Coders Behind the Flame Malware Left Incriminating Clues on Control Servers
The attackers behind the nation-state espionage tool known as Flame accidentally left behind tantalizing clues that provide information about their identities and that suggest the attack began earlier and was more widespread than previously believed.
Researchers have also uncovered evidence that the attackers may have produced at least three other pieces of malware or variants of Flame that are still undiscovered.
The information comes from clues, including four programmers’ nicknames, that the attackers inadvertently left behind on two command-and-control servers they used to communicate with infected machines and steal gigabytes of data from them. The new details about the operation were left behind despite obvious efforts the attackers made to wipe the servers of forensic evidence ......
Read much more at :
http://www.wired.com/threatlevel/2012/09/flame-coders-left-fingerprints
***
-
***
Application Development: Microsoft Visual Studio 2012: 9 Hot New Things for Developers
Microsoft has formally launched its flagship Visual Studio 2012 tools suite and has already announced an update for the product, Visual Studio 2012 Update 1. At a Sept. 12 launch event in Seattle, Microsoft announced VS2012 before an audience of hundreds of developers in person and thousands more via Webcast. Visual Studio 2012 and .NET 4.5 are the tools that form the backbone for developing not only on Windows 8, but all of Microsoft’s platforms, company officials said. Meanwhile, Microsoft will be delivering VS2012 Update 1 by the end of this year as part of a new strategy to update its developer tools on a more rapid cadence, Microsoft said. “Visual Studio 2012 is the best development tool to enable developers to build ‘modern apps’ for connected devices,” Soma Somasegar, corporate vice president of Microsoft’s developer division, said in an interview with eWEEK. VS2012 supports development on Windows 8, Windows Server, Windows Azure and Windows Phone.
See & read more at :
http://www.eweek.com/c/a/Application-Development/Microsoft-Visual-Studio-2012-9-Hot-New-Things-for-Developers-844879/?kc=EWKNLEDP09182012A
***
-
***
Google Apps Dropping Support for Microsoft Internet Explorer 8
Google Apps users who are still using Microsoft's older Internet Explorer 8 (IE8) browser won't be able to continue to use Google services starting Nov. 15 until they upgrade to a newer browser.
Google detailed the move in a Sept. 14 post on the Google Apps Blog as part of its continuing strategy to keep its products up to date and working seamlessly with the latest evolving features in newer Web browsers.
Read more at :
http://www.eweek.com/c/a/Search-Engines/Google-Apps-Dropping-Support-for-Microsoft-Internet-Explorer-8-696356/?kc=EWKNLEDP09182012D
***
-
***
iPhone 5 Lightning Dock Could Drive Medical Devices to Bluetooth
Apple's switch to an 8-pin Lightning dock in the iPhone 5 could push the health care industry toward adopting Bluetooth technology, despite the security risks of wireless technology.
The Apple iPhone 5's smaller dock could lead to a greater transition toward Bluetooth connectivity in medical device peripherals. During Apple’s Sept. 12 announcement, company executives detailed how the new iPhone, iPod Touch and iPod Nano would connect to an eight-pin connector called Lightning instead of a 30-pin connector.
Users of remote medical devices that connect to the iPhone may have to switch to Bluetooth Smart, MobiHealthNews reported. Medical devices that connect to the iPhone include glucometers, heart rate monitors and fitness sensors.
Read more at :
http://www.eweek.com/c/a/Health-Care-IT/iPhone-5-Lightning-Dock-Could-Drive-Medical-Devices-to-Bluetooth-192179/?kc=EWKNLEDP09182012E
***
-
***
Unwired Planet Sues Apple and Google Over Patents
Unwired Planet today announced that it has filed separate lawsuits against Apple and Google for violating its intellectual property. The company alleges that each company is violating 10 patents, for a total of 20 patent complaints.
The lawsuit against Apple names devices such as the iPhone, iPad, and iPod; applications such as iTunes and the App Store; and services such as Siri, Apple Maps, Safari, and iAd. The patents themselves cover a wide range of technologies, including detecting and connecting to wireless data networks, server-based speech recognition, and offering location data to mobile devices, among others.
In its case against Google, Unwired Planet names a large selection of Google services, such as the Google Play Store, Google AdWords, Google Search, Google Maps, Google Wallet, and many others. The patents it accuses Google of violating incude those that cover providing graphical location data to mobile devices, method and apparatus for protecting identities of mobile devices on a wireless network, and the systems and methods necessary to connect devices via NFC. The lawsuits were file in the U.S. District Court for the District of Nevada.
Read more at :
http://www.phonescoop.com/articles/article.php?a=11187
***
-
***
Benchmarking mobile maps
For all the needs that begin with a “where” question, we have developed a compelling suite of applications that delivers the best location-based experiences – helping you to discover the world around you and navigate your life. Not only is this possible because the location business is strategic to Nokia, but because these apps are running on the world’s most advanced location platform.
Unlike our competitors, which are financing their location assets with advertising or licensing mapping content from third parties, we completely own, build and distribute mapping content, platform and apps.
In other words, we truly understand that maps and location-based apps must be accurate, provide the best quality and be accessible basically anywhere. That’s been standard practice at Nokia for the past six years, and we also understand that “pretty” isn’t enough. You expect excellence in your smartphone mapping experience.
See & read much more at :
http://conversations.nokia.com/2012/09/20/benchmarking-mobile-maps/
***
-
***
Phony Facebook application security tests? Say it ain't so, Zuckerberg
How else can we explain the report from the Federal Trade Commission (FTC) this week that disclosed that, for close to a year, Facebook operated a for-profit application security testing service that was little more than a sham: taking money from hopeful application developers with false promises to vet their creations for security holes. Instead, the FTC concluded, the company banked the money and put a "Facebook Verified App" logo next to the application, without bothering to do any additional auditing of the submitted application. The program, the FTC said, was "false and misleading" -- a hollow show that, all the same, netted Facebook between $50,000 and $95,000 for "verifying" 254 applications between May and December, 2009.
Mind you, at the time the Facebook Verified App program was bilking developers with empty promises of security audits, the then-privately-held company had revenues of around $777 million. In other words: the Verified Apps scam was chump change, revenue wise: about 1/100th of a percent of Facebook's overall revenue. It was small, especially compared to the money Facebook was making selling information on its hundreds of millions of users to advertisers and application developers.
Read more at :
http://news.idg.no/cw/art.cfm?id=1CE06AD9-9EA6-16A5-80F24DABA08016D7
***
-
***
5 things you need to know about cloud in Europe
Most of what we hear about cloud computing in Europe tends to fixate on the notion that cloud adoption there lags that in the US by one to three years.
That may be generally true, but it’s still a simplistic analysis. Despite the economic mess over there, IDC predicts a 30 percent compound annual growth rate for cloud deployments between 2011 and 2016 compared to an 18.5 percent CAGR for the US during that period. Not too shabby. (The researcher said it is monitoring economic developments in Western Europe and could adjust its predictions as needed.)
Here’s some of what you need to know about how cloud is rolling out in Europe, gleaned from researchers, vendor executives, and other experts.
Read more at :
http://gigaom.com/cloud/5-things-you-need-to-know-about-cloud-in-europe/
***
-
***
Samsung Unveils 840 Series At Global SSD Summit
Before an audience of about 70 tech media reporters and editors from around the world, Samsung Electronics Company near its headquarters in Seoul, Korea, Monday unveiled the company's latest series of fast-performing, low cost solid-state drives.
The 840 Series of 2.5-inch, 6-Gbps drives includes models for consumers as well as a Pro line for mobile professionals, enthusiasts and other power users seeking a fast-performing SSD at the lowest possible price.
The announcement was part of the Samsung Global SSD Summit, a full-day event held at the Shilla hotel in Seoul, where editors were given a chance to work directly with the company to experience the new drives, which are rated to deliver sustained transactional performance of 100,000 input/output operations per second (IOps) for random transactions.
Read more at :
http://www.crn.com/news/mobility/240007799/samsung-unveils-840-series-at-global-ssd-summit.htm?cid=nl_stor&elqTrack=true
***
-
***
IPv6: What You Need to Know About the Move From IPv4
The Number Resource Organization said the world officially ran out of IPv4 addresses in February 2011, and according to the Internet Society, the reasons for moving to IPv6 vary from community to community. For example, IPv6 will unlock a range of opportunities for network operators in terms of service provision continuity, growth and innovation. In addition, it will result in network management efficiencies and savings. For hardware manufacturers, IPv6 is a key enabler of smart grids, intelligent buildings, sensor networks, and other hardware—and application-dependent innovations.
See & read more at :
http://www.eweek.com/c/a/Enterprise-Networking/IPv6-What-You-Need-to-Know-About-the-Move-From-IPv4-214871/?kc=EWKNLEDP09242012A
***
-
***
Programming, Database Are Top Skills for IT Pros on Wall Street
If you are looking for a job on Wall Street, IT skills are the way to go, particularly programming and database expertise, according to a recent study conducted by a leading career site network for the financial services industry. eFinancialCareers, a global career site network for professionals working in the investment banking, asset management and securities industries, recently released its top 10 skills searches on Wall Street, and programming and databases skills come out on top.
See & read more at :
http://www.eweek.com/developer/slideshows/programming-database-are-top-skills-for-it-pros-on-wall-street/?kc=EWKNLEDP09252012A
***
-
***
5 Ways Cloud Computing is Disrupting Everyone's Job
Ironically, as cloud sweeps through with new ways of running businesses, we’ll be calling it “cloud” less and less. It will simply be the way information is delivered and processed, without the need to think whether it comes from an outside service or from internal systems. Here are five key ways cloud computing is reshaping the way business is conducted:
Read more at :
http://www.forbes.com/sites/joemckendrick/2012/09/25/5-ways-cloud-computing-is-disrupting-everyones-job/
***
-
***
The 10 Most Disruptive Enterprise Tech Companies
Enterprise technology is in the middle of a massive transformation caused by major technological shifts:
- Mobile cell phone networks are getting faster.
- Cloud computing has put unlimited computing power into the hands of everyone at very low costs.
- Software-as-a-service has become a safe and reliable alternative to on-premises software.
- Social networking is changing how companies interact with each other and customers.
- Employees are more tech savvy, bringing their own devices to work and supplementing enterprise software with their own hand-picked cloud-based services.
All of that means that there's an enormous opportunity for tech companies to disrupt the status quo.
See & read much more at :
http://www.businessinsider.com/10-disruptive-enterprise-tech-companies-2012-9?op=1
***
-
***
Hitachi unveils glass slivers that store data forever
TOKYO: As Bob Dylan and the Rolling Stones prove, good music lasts a long time; now Japanese hi-tech giant Hitachi says it can last even longer -- a few hundred million years at least. The company on Monday unveiled a method of storing digital information on slivers of quartz glass that can endure extreme temperatures and hostile conditions without degrading, almost forever.
"The volume of data being created every day is exploding, but in terms of keeping it for later generations, we haven't necessarily improved since the days we inscribed things on stones," Hitachi researcher Kazuyoshi Torii said. "The possibility of losing information may actually have increased," he said, noting the life of digital media currently available -- CDs and hard drives -- is limited to a few decades or a century at most.
Read more at :
http://www.channelnewsasia.com/stories/afp_world_business/view/1227752/1/.html
***
-
A death blow for PPTP
http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html
-
***
AMD Targets Intel's i5 Processors With New Trinity APUs
AMD Thursday lifted the curtain on its latest lineup of accelerated processing units (APUs) for desktops, which the chip maker says are both budget-friendly and capable of outperforming Intel's i5 Core processors.
Pricing details for AMD's new Trinity-based and quad-core A10-5800K and the A8-5600K chips won't be revealed until Oct. 2, which is when they will be available. But Adam Kozak, desktop product marketing manager at AMD, Sunnyvale, Calif., said they will be targeted primarily at system builders within the entry-level or "mainstream" desktop market.
"These A series accelerated processors fit within that mainstream segment where our customers are looking at building systems and are looking to prepare these with graphics cards for $100 or less, all the way down to the free graphics that come inside that accelerated processor."
Read more at :
http://www.crn.com/news/components-peripherals/240008051/amd-targets-intels-i5-processors-with-new-trinity-apus.htm?cid=nl_vi
***
-
***
Intel Readies New 'Clover Trail' Atom Processors For Tablet Blitz
Intel on Thursday revealed new details regarding its upcoming Atom Z2760 processors, code-named "Clover Trail," which are set to usher in the first generation of Intel-powered tablets.
A dual-core chip specifically designed for Windows 8 tablets and convertible notebooks, the Atom Z2760 can reach processing speeds up to 1.8GHz, arm devices with up to 10 hours of HD video playback and support the latest high-speed 4G wireless networks.
Read more at :
http://www.crn.com/news/components-peripherals/240008101/intel-readies-new-clover-trail-atom-processors-for-tablet-blitz.htm?cid=nl_crn&elqTrack=true
***
-
***
New DDR4 Standards Pave Way Toward Faster, More Efficient PCs
JEDEC Solid State Technology Association, the group that spearheads standards development for the microelectronics industry, has unveiled a new set of standards for DDR4, the next-generation DRAM memory that will give way to faster and less power-hungry PCs.
According to JEDEC, the new DDR4 memory will boost the performance of servers, laptops and desktop PCs, allowing for ultra-fast data transfer speeds that weren't possible with existing DRAM technologies like DDR3 and DDR2. Specifically, DDR4 boasts a per-pin data rate of at least 1.6 giga transfers per second -- which was the initial maxed-out speed of DDR3 -- and can reach speeds as high as 3.2 giga transfers per second.
Read more at :
http://www.crn.com/news/components-peripherals/240008092/new-ddr4-standards-pave-way-toward-faster-more-efficient-pcs.htm?cid=nl_crn&elqTrack=true
***
-
How to install silently malicious extensions for Firefox
http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html
-
***
Google House Cleaning Efforts Continue
Among the changes, Google users will no longer be able to select their own images to use as personalized backgrounds on Google.com, and Google Storage in Picasa and Drive will be consolidated.
Google's year-long project to cut out little-used services so the company can focus on its most popular offerings to customers continues with a new round of features that are on the chopping block.
The latest upcoming service cuts includes a myriad of Google ideas that just didn't catch on with enough users, from AdSense for Feeds to Spreadsheet Gadgets to the Places Directory Android app, according to a Sept. 28 post by Yossi Matias, Google's senior engineering director, on the Google Official Blog.
Since June 2011, Google has been paring down services that are not getting enough user traction to make them sustainable.
Read more at :
http://www.eweek.com/search-engines/google-house-cleaning-efforts-continue/?kc=EWKNLEDP10022012E
***
-
***
8 Tech Companies That Had It All And Lost It
Whether it's mobility, networking or traditional desktop PCs, the tech industry moves pretty quickly. So quickly, in fact, that it can be easy for even the biggest tech giants to fall behind, losing market share and risking being nothing more than a chapter in high-tech history.
Over the past 10 years, tech companies big and small have tasted the sweetness of success, only to have it stolen away by some of their biggest competitors. Here is a recap of some the tech industry's most notable -- and most heart-wrenching -- declines.
See and read more at :
http://www.crn.com/slide-shows/mobility/240008012/8-tech-companies-that-had-it-all-and-lost-it.htm
***
-
See and read more at :
http://www.crn.com/slide-shows/mobility/240008012/8-tech-companies-that-had-it-all-and-lost-it.htm
Hall of failure... Or you update and keep yourself up-to-date, or you can follow the same way...
-
***
GoDaddy To Close Cloud Computing Service
GoDaddy plans to close its cloud computing business, telling its SMB customers it will try to integrate the business into other services.
GoDaddy CIO Auguste Goldman issued an email outlining the company's plans:
"We are focused on SMBs and SMBs don't use our Cloud Server product the way we are offering it now," Goldman wrote in the email that GoDaddy provided to CRN Tuesday. "So, in the weeks ahead, it won't be a stand-alone product in and of itself. However, we plan to continue developing cloud technology into our other hosted products.
"We will continue to support existing Cloud Server customers in a variety of ways," Goldman added.
Read more at :
http://www.crn.com/news/cloud/240008343/godaddy-to-close-cloud-computing-service.htm?cid=nl_vi&elqTrack=true
***
-
***
Technically Speaking: What DDR4 Memory Means For Computing
The PC industry hasn't seen an updated memory spec in a while, and it was long past due. That upgrade came last week, as the memory standards group JEDEC revealed that it had published a spec for DDR4 SDRAM, defining "features, functionalities, AC and DC characteristics, packages and ball/signal assignments," that builds on the DDR3 spec, first published in 2007. The DDR4 spec applies to SDRAM devices from 2 GB through 16 GB for x4, x8 and x16 buses. Here's a look at some of the particulars.
See & read more at :
http://www.crn.com/slide-shows/components-peripherals/240008422/technically-speaking-what-ddr4-memory-means-for-computing.htm
***
-
The tale of one thousand and one DSL modems
https://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems
-
***
Qualcomm Joins AMD, ARM, Samsung on HSA Foundation
The group is working toward a single architecture spec for chips that run in heterogeneous environments, which leverage both compute and graphics.
Qualcomm is the latest member of the Heterogeneous System Architecture Foundation, joining the likes of Advanced Micro Devices, ARM and Samsung Electronics in creating a single architecture spec for chips that leverage both compute and graphics capabilities.
Other members of the foundation, which was announced in June, include Texas Instruments, Imagination Technologies and MediaTek.
Read more at :
http://www.eweek.com/mobile/qualcomm-joins-amd-arm-samsung-on-hsa-foundation/?kc=EWKNLEDP10082012E
***
-
Microsoft Security Intelligence Report (SIR) #13
http://www.microsoft.com/security/sir/default.aspx
http://download.microsoft.com/download/C/1/F/C1F6A2B2-F45F-45F7-B788-32D2CCA48D29/Microsoft_Security_Intelligence_Report_Volume_13_English.pdf
http://download.microsoft.com/download/C/1/F/C1F6A2B2-F45F-45F7-B788-32D2CCA48D29/Microsoft_Security_Intelligence_Report_Volume_13_Key_Findings_Summary_English.pdf
http://download.microsoft.com/download/C/1/F/C1F6A2B2-F45F-45F7-B788-32D2CCA48D29/Microsoft_Security_Intelligence_Report_Volume_13_Worldwide_Threat_Assessment_English.pdf
-
***
US regulators move closer to suing Google
Federal regulators are moving closer to suing Google over allegations that the company has abused its dominance of Internet search to stifle competition and drive up online advertising prices, news reports said Friday.
Several news outlets reported that staff members at the Federal Trade Commission are preparing to recommend that the agency file an antitrust lawsuit against the search giant. A majority of the five FTC commissioners would have to approve a suit before legal action could proceed.
Read more at :
http://my.earthlink.net/article/tec?guid=20121012/f300f1f5-6381-4170-864c-8684e8549473
***
-
***
HP Shows Why It Remains No. 1 in the World Workstation Market
Hewlett-Packard's Fort Collins, Colo., facility was built in the mid-'70s when David Packard and Bill Hewlett, both being enthusiastic outdoorsmen, decided they wanted to build a company plant near: a) an excellent engineering school (Colorado State University); and b) one of their favorite hunting, fishing, skiing and vacation places, the Rocky Mountains.
It has since morphed into the workstation headquarters for the company and thus, the world. HP leads the mobile workstation market worldwide with 41.8 percent share and leads the combined workstation category with 46.2 percent share, according to the Q2'12 IDC Worldwide Workstation Tracker released in August.
At the beginning of the 21st century, four major players manufactured high-end computer workstations: Silicon Graphics, Sun, IBM and HP. Today, HP is the only surviving and thriving workstation vendor of those four. This slide show illustrates a tour of the HP facility taken on Oct. 11, 2012.
See & read more at :
http://www.eweek.com/networking/slideshows/hp-shows-why-it-remains-no.-1-in-the-world-workstation-market/?kc=EWKNLEDP10152012A
***
-
***
10 Hot Technical Skills for 2013
Are you looking to possibly switch jobs as 2012 winds down and we enter 2013? Or, are you looking to increase your salary by adding a skill to your resume? Well, CyberCoders has a bead on the 10 hottest tech skills for the coming year. CyberCoders is a worldwide recruiting firm that uses technology and experienced recruiters in its passionate pursuit to match great people with great companies.
See & read more at :
http://www.eweek.com/developer/slideshows/json-html5-ios-10-hot-technical-skills-for-2013/?kc=EWKNLEDP10162012A
***
-
***
IT Horror Story: A World Without COBOL
With Halloween just around the corner, a real-life horror story is all around us, just waiting to be unleashed. We’re referring to our widespread dependence on COBOL, one of our oldest programming languages. Because it was designed to ensure longevity for enterprise applications, COBOL still runs some of the world's most basic and critical applications, but it has been increasingly dismissed as an over-the-hill programming language that today's developers don't want to work with. That presents the possibility that a severe shortage of COBOL programmers could contribute to a doomsday scenario in which many of the critical services we depend on are unavailable. It's the specter of such a disaster that motivated software-maker Micro Focus to develop a visual COBOL tool that lets companies run their COBOL applications on .Net, Java Virtual Machine and the cloud. "COBOL is the most prominent and reliable programming language, designed for today's mission-critical business applications," said Ed Airey, Micro Focus' product manager for COBOL. Here's a look at 12 applications that depend on COBOL—and what might happen in a widespread COBOL crash.
See & read more at :
http://www.baselinemag.com/enterprise-apps/slideshows/it-horror-story-a-world-without-cobol/?kc=EWKNLEDP10182012C
***
-
New IPv6 tools from "The Hacker's Choice"
http://www.h-online.com/security/news/item/New-IPv6-tools-from-The-Hacker-s-Choice-1727876.html
http://www.thc.org/thc-ipv6/README
-
ENISA Annual Incident Report 2011
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports/annual-incident-reports-2011
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports/annual-incident-reports-2011/at_download/fullReport
-
Steam Browser Protocol Insecurity
http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf
-
***
IT Job Market Holds Firm In US
Given what Americans have endured over the last several years, it's safe to say that any news that isn't particularly bad is actually pretty good. Which is probably the best way to interpret the latest IT jobs availability report from Dice.com, an IT employment career site. The overall number of tech positions has inched up ever so slightly from a year ago, which is obviously better than a decline
See & read more at :
http://www.baselinemag.com/careers/slideshows/it-job-market-holds-firm/?kc=EWKNLEDP10222012C
***
-
miniFlame aka SPE: "Elvis and his friends"
http://www.securelist.com/en/blog/763/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends
http://www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends
-
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software.
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
-
***
Smartphones, Tablets, Enterprise Apps Among Top Tech in 2013
Apple, Google and others will battle it out for mobile device market share in 2013, one of Gartner's 10 predicted tech trends for 2013.
Big data, mobile device battles and the rise of the personal cloud were among the top 10 technologies and trends that will be strategic for most organizations in 2013, research firm Gartner announced at the ITxpo in Orlando Oct. 23. Gartner Vice President David Cearley noted that while enterprises may not have to adopt and invest in all of the listed technologies, they should make deliberate decisions about how these trends fit in with the organization’s expected needs in the near future.
Read more at :
http://www.eweek.com/mobile/smartphones-tablets-enterprise-apps-among-top-tech-in-2013-gartner/?kc=EWKNLEDP10252012E
***
-
***
Microsoft Windows 8: 10 Things You Need to Know About the OS
On Oct. 25, Microsoft's Windows 8 operating system finally made its official debut after almost a whole year of different releases, updates and a lot of hype. Beginning Friday, Oct. 26, consumers and businesses worldwide will be able to experience all that Windows 8 has to offer, including a beautiful new user interface and a wide range of applications with the grand opening of the Windows Store. As a result of close work with hardware partners, more than 1,000 certified PCs and tablets, including Microsoft Surface, will be available for the launch of Windows 8—making it one of the largest lineups of PCs ever across the Windows ecosystem.
See & read more at :
http://www.eweek.com/enterprise-apps/slideshows/microsoft-windows-8-10-things-you-need-to-know-about-the-os/?kc=EWKNLEDP10262012A
***
-
***
IT Must Deal With Real-Life Horror Shows
Slashers, ghosts and zombies ... Oh, my! With an onslaught of hackers, meddlesome internal users and malware-laden applications out there, IT departments may feel as if they’re dealing with a real-life horror show every day. So, with tongue-in-cheek, the folks at Bomgar speculated about which fright films would best represent the most common tech problems.
See & read more at :
http://www.baselinemag.com/security/slideshows/it-must-deal-with-real-life-horror-shows/?kc=EWKNLEDP10262012C
***
-
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html
-
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html (http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html)
It's hard to patch a hole when the foundation is so rotten !!!
-
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html (http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html)
It's hard to patch a hole when the foundation is so rotten !!!
+1 it true because it starting to smell like a dead corpse see to many lying around in the compound which is not a great job cleaning it up :-\
Edit: link remove sorry
-
Sorry Speedy but that's not exactly what I was talking about and not something to my liking!!!!! :o
-
Sorry Speedy but that's not exactly what I was talking about and not something to my liking!!!!! :o
Sorry Bob I do understand what you're saying when Java is hard to patch a hole no matter what security companies are involved, when Adam Gowdiak decided to take matters into his own hands by developing a patch for a critical security vulnerability he had discovered in Java. Java starting to smell like a dead corpse see to many lying around in the compound which is not a great job patching up Java, Java will always be a critical security vulnerability.
-
Speedy,
It's the link you posted that I find offensive. :o
-
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html (http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html)
It's hard to patch a hole when the foundation is so rotten !!!
Yes, I strongly recommend to uninstall Java, if not unconditionally needed.
-
***
IBM Researchers Making Carbon Nanotube Production a Reality
Carbon nanotubes, the next big thing when it comes to making faster computer chips, are beginning to leave the realm of fantasy and are starting to approach the possibility of commercial production, according to IBM researchers.
Carbon nanotubes are beginning to head out of the laboratory and into the edges of reality, according to a team of IBM researchers who have been hard at work creating carbon nanotubes that will be the basis for the next generation of computer chips.
The latest breakthrough as scientists continue to refine the handling and construction of the carbon nanotubes is that 10,000 of the tiny structures have been manipulated to fit and operate on a single chip using standard semiconductor processes, according to IBM. This is reportedly the first time that such an accomplishment has been possible.
Read more at :
http://www.eweek.com/it-management/ibm-researchers-making-carbon-nanotube-production-a-reality/
***
-
Scary Logins: Worst Passwords of 2012 — and How to Fix Them
http://www.prweb.com/releases/2012/10/prweb10046001.htm
-
***
Microsoft Sued Over Windows 8 Tiles
Microsoft's new Windows 8 tiling feature is being challenged in a patent-infringement lawsuit filed by a Maine-based company that doesn't sell any products or services.
The lawsuit, filed Oct. 30 by Portland, Maine-based SurfCast, alleges that Microsoft infringes on its U.S. Patent No. 6,724,403 dating back to the 1990s for the "tiling" concepts used in the new Windows 8 operating system that is now being used in PCs, Surface tablets, laptops and smartphones.
"We developed the concept of Tiles in the 1990s, which was ahead of its time," Ovid Santoro, CEO of SurfCast, said in a statement on the company's Website. "Microsoft’s Live Tiles are the centerpiece of Microsoft’s new Operating Systems and are covered by our patent."
Patent-infringement lawsuits, when filed by companies that don't sell their own products or services, typically are referred to as "patent troll" cases involving businesses set up to acquire patents that can later be pursued in legal cases against larger companies with deep pockets.
Read more at :
http://www.eweek.com/enterprise-apps/microsoft-sued-over-windows-8-tiles/
***
-
How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole
http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/
http://www.kb.cert.org/vuls/id/268267
-
***
IBM, Cleveland Clinic Put Watson to Work on Medical Training
IBM's Watson is headed to medical school. IBM and Cleveland Clinic are collaborating to use Watson's deep question-answer technology to help train students on how to come up with proper diagnoses and treatments for patients.
Founded in 1921, Cleveland Clinic is a nonprofit academic medical center that integrates research and education.
Watson's ability to understand natural language and generate hypotheses will help medical professionals make clinical decisions, IBM reported.
IBM researchers and Cleveland clinicians, faculty and medical students will work together to apply Watson's deep question-answer technology to medicine.
Read more at :
http://www.eweek.com/servers/ibm-cleveland-clinic-put-watson-to-work-on-medical-training/
***
-
Demystifying Dot NET Reverse Engineering, Part 1: Big Introduction
http://resources.infosecinstitute.com/demystifying-dot-net-reverse-engineering-part-1-big-introduction/
Demystifying dot NET reverse engineering – PART 2: Introducing Byte Patching
http://resources.infosecinstitute.com/dot-net-reverse-engineering-part-2/
-
State of Secure Boot detailed
http://www.h-online.com/security/news/item/State-of-Secure-Boot-detailed-1741460.html
http://mjg59.dreamwidth.org/18945.html
http://mjg59.dreamwidth.org/19448.html
-
Black Tulip (Report of the investigation into the DigiNotar Certificate Authority breach)
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2012/08/13/black-tulip-update/black-tulip-update.pdf
-
Hi. I need to know how the web shield activer??? my avast indicates service stopped
-
Hi. I need to know how the web shield activer??? my avast indicates service stopped
Please ask here: http://forum.avast.com/index.php?board=2.0
-
***
IT Staff and Leaders at Odds Over Job Performance
There's a considerable difference of opinion between IT professionals and their bosses with respect to employee performance management, according to a recent survey from TEKsystems. Supervisors overlook poor performance for far too long, some IT pros say. And while managers generally do a decent job at clarifying expectations, they fall far short when it comes to evaluating staffers for advancement and aligning individual achievement with company strategies.
See & read more at :
http://www.baselinemag.com/it-management/slideshows/it-staff-and-leaders-at-odds-over-job-performance/?kc=EWKNLEDP11082012C
***
-
Smishing Vulnerability in Multiple Android Platforms
http://www.csc.ncsu.edu/faculty/jiang/smishing.html
-
Firefox to make life harder for HTTPS snoopers
http://www.h-online.com/security/news/item/Firefox-to-make-life-harder-for-HTTPS-snoopers-1746127.html
https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
-
***
Cray Titan Supercomputer Now the World’s Fastest; IBM's Sequoia No. 2
IBM's Sequoia supercomputer in June became the first U.S.-based system to reach No. 1 on the Top500 list of the world's fastest supercomputers. Six months later, the system—at Lawrence Livermore Laboratory—was moved to No. 2, displaced by Cray's huge Titan supercomputer, housed at the Oak Ridge National Laboratory in Tennessee. Titan, a massive XK7 system powered by Opteron processors from Advanced Micro Devices and GPU accelerators from Nvidia, hit a performance of 17.59 petaflops—or quadrillions of calculations per second—outdistancing Sequoia's 16.32 petaflops.
See & read more at :
http://www.eweek.com/servers/slideshows/cray-titan-supercomputer-now-the-worlds-fastest-ibms-sequoia-no.-2?kc=EWKNLEDP11142012A
***
-
This is interesting. Early launch anti-malware. (downloadable ms word file)
http://msdn.microsoft.com/library/windows/hardware/br259096
-
M³AAWG Best Practices for Implementing DKIM To Avoid Key Length Vulnerability
https://www.maawg.org/sites/maawg/files/news/M3AAWG_Key_Implementation_BP-2012-11.pdf
-
A critical Analysis of Dropbox Software Security
http://archive.hack.lu/2012/Dropbox%20security.pdf
-
HTTP Strict Transport Security becomes Internet Standard
http://www.h-online.com/security/news/item/HTTP-Strict-Transport-Security-becomes-Internet-Standard-1754549.html
-
Homeland Security spent $430M on radios its employees don't know how to use
http://arstechnica.com/tech-policy/2012/11/homeland-security-spent-430m-on-radios-its-employees-dont-know-how-to-use/
http://www.oig.dhs.gov/assets/Mgmt/2013/OIG_13-06_Nov12.pdf
-
An Overview of Exploit Packs (Update 17) October 12, 2012
http://contagiodump.blogspot.de/2010/06/overview-of-exploit-packs-update.html
-
Surveillance software: Gamma Group's offshore companies uncovered
http://www.h-online.com/security/news/item/Surveillance-software-Gamma-Group-s-offshore-companies-uncovered-1759834.html
http://www.guardian.co.uk/uk/2012/nov/28/offshore-company-directors-military-intelligence
http://linuxch.org/poc2012/Tora,%20Devirtualizing%20FinSpy.pdf
-
The Email that Hacks You
http://www.acunetix.com/blog/web-security-zone/the-email-that-hacks-you/
-
New DARPA Program Seeks to Reveal Backdoors and Other Hidden Malicious Functionality in Commercial IT Devices
http://www.darpa.mil/NewsEvents/Releases/2012/11/30.aspx
https://www.fbo.gov/utils/view?id=14741b368fcfda0fcf22e361e0b34bd2
-
Windows 8 ASLR Internals
http://blog.ptsecurity.com/2012/12/windows-8-aslr-internals.html
-
Security Threat Report 2013 (Sophos)
http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx
http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf
-
Skynet, a Tor-powered botnet straight from Reddit
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit
-
An Evaluation of the Application ("App") Verification Service in Android 4.2
http://www.cs.ncsu.edu/faculty/jiang/appverify/
-
Internet Explorer Data Leakage
http://spider.io/blog/2012/12/internet-explorer-data-leakage/
http://iedataleak.spider.io/demo
-
An Evaluation of the Application ("App") Verification Service in Android 4.2
http://www.cs.ncsu.edu/faculty/jiang/appverify/
I can only show credits of this research (or, in other words, I can only get interested in the results) if I can see the name of the antimalware x results table.
What I can see is that Google Service is not being able to scan not even half of the malware... Poor.
-
An Evaluation of the Application ("App") Verification Service in Android 4.2
http://www.cs.ncsu.edu/faculty/jiang/appverify/
1. I can only show credits of this research (or, in other words, I can only get interested in the results) if I can see the name of the antimalware x results table.
2. What I can see is that Google Service is not being able to scan not even half of the malware... Poor.
1. Not sure why, as it's not really important for the final verdict, but OK, here you go. ;)
-> In Table 2, we show the comparison with ten representative anti-virus engines from VirusTotal (i.e., Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky, and Kingsoft).
2. It's even worse, as the detection rate is under 25%. :o :(
-
But we can't associate the result with the particular AV engine...
-
But we can't associate the result with the particular AV engine...
Why..?? It's quite obvious that avast! is AV1, isn't it..!?
-
But we can't associate the result with the particular AV engine...
Why..?? It's quite obvious that avast! is AV1, isn't it..!?
avast! is indeed #1 since it also scored 100%
-
Why..?? It's quite obvious that avast! is AV1, isn't it..!?
My fault. It did not see the correlation between the text and the AV1, AV2...
Thanks for pointing me out this :)
-
Why..?? It's quite obvious that avast! is AV1, isn't it..!?
My fault. It did not see the correlation between the text and the AV1, AV2...
Thanks for pointing me out this :)
NP pal. :)
-
More on this subject:
https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/ (https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/)
-
More on this subject:
https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/ (https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/)
Thanks Bob. :)
-
Metasploit Pro 4.5.0 Release
https://community.rapid7.com/docs/DOC-2108
https://community.rapid7.com/community/metasploit/blog/2012/12/07/go-phishing-how-to-manage-phishing-exposure-with-metasploit
https://community.rapid7.com/community/metasploit/blog/2012/12/07/metasploit-hits-1000-exploits
-
How to explain Hash DoS to your parents by using cats
http://www.anchor.com.au/blog/2012/12/how-to-explain-hash-dos-to-your-parents-by-using-cats/
http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/
-
Dirty note on Samsung Smart TV Security
http://grayhash.com/2012/12/20/samsung_smart_tv_security/
-
Dirty note on Samsung Smart TV Security
http://grayhash.com/2012/12/20/samsung_smart_tv_security/
I was pretty slow in getting on-board with smart phones as security was my biggest concern. But now then have many security applications including the avast! Mobile Security app for Android.
My concerns about Smart TV are very much the same as smart phones and possibly worse, how the hell do you clean an infected smart TV. I have a Samsung LED TV and although an earlier version it has the ability to be networked and get Internet, but I rather doubt I would ever connect it.
-
My concerns about Smart TV are very much the same as smart phones and possibly worse, how the hell do you clean an infected smart TV. I have a Samsung LED TV and although an earlier version it has the ability to be networked and get Internet, but I rather doubt I would ever connect it.
Yes, let's better wait until avast! for Smart TV is available. ;)
-
Happy New Year Analysis of CVE-2012-4792
http://blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/
-
UI Redressing Mayhem: Identification Attacks and UI Redressing on Google Chrome
http://blog.nibblesec.org/2012/12/ui-redressing-mayhem-identification.html
-
Nokia phone forcing traffic through proxy
http://gaurangkp.wordpress.com/2012/12/05/nokia-proxy/
Nokia’s MITM on HTTPS traffic from their phone
http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
-
The "Red October" Campaign
An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
-
Watering hole attacks continue (with a twist)
http://blog.avast.com/2013/01/15/watering-hole-attacks-continue-with-a-twist/
-
Mozilla Minion: What, Why, and How
https://wiki.mozilla.org/Security/Projects/Minion
http://yboily.tumblr.com/post/35078757244/minion-what-why-and-how
-
Silent installs of add-ons still possible in Firefox
http://www.h-online.com/open/news/item/Silent-installs-of-add-ons-still-possible-in-Firefox-1787297.html
http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html
-
Silent installs of add-ons still possible in Firefox
http://www.h-online.com/open/news/item/Silent-installs-of-add-ons-still-possible-in-Firefox-1787297.html
http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html
not good at all ... I guess they already know it for ages (Mozilla) ... I'll try to report that anyway.
edit: reported on their user's feedback page as well as on the bug tracker.
-
The "Red October" Campaign
An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
"Red October" - part two, the modules
http://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules
-
Google Declares War on the Password
http://www.wired.com/wiredenterprise/2013/01/google-password/all/
-
Hiding in Plain Sight: The FAKEM Remote Access Trojan
http://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-sight-the-fakem-remote-access-trojan/
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf
-
The "Red October" Campaign
An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
"Red October" - part two, the modules
http://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules
Red October Attackers Shutting Down C&C Infrastructure
http://threatpost.com/en_us/blogs/red-october-attackers-shutting-down-cc-infrastructure-011813
-
Watering hole attacks continue (with a twist)
http://blog.avast.com/2013/01/15/watering-hole-attacks-continue-with-a-twist/
‘Reporters without Borders’ website misused in wateringhole attack
http://blog.avast.com/2013/01/22/reporters-without-borders-website-misused-in-wateringhole-attack/
-
Pwn2Own 2013
http://dvlabs.tippingpoint.com/blog/2013/01/17/pwn2own-2013
-
Megafail
http://fail0verflow.com/blog/2013/megafail.html
-
Attacking the Windows 7/8 Address Space Randomization
http://kingcope.wordpress.com/2013/01/24/attacking-the-windows-78-address-space-randomization/
-
Laser Precision Phishing — Are You on the Bouncer’s List Today?
http://blogs.rsa.com/laser-precision-phishing-are-you-on-the-bouncers-list-today/
-
Memory Errors: The Past, the Present, and the Future
http://www.isg.rhul.ac.uk/sullivan/pubs/tr/technicalreport-ir-cs-73.pdf
-
Security Flaws in Universal Plug and Play: Unplug, Don't Play
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
-
Mozilla pulling plug on auto-running nearly all plugins
http://www.h-online.com/security/news/item/Mozilla-pulling-plug-on-auto-running-nearly-all-plugins-1794162.html
https://blog.mozilla.org/security/2013/01/29/putting-users-in-control-of-plugins/
-
Effect of Grammar on Security of Long Passwords
https://www.cs.cmu.edu/~agrao/paper/Effect_of_Grammar_on_Security_of_Long_Passwords.pdf
-
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
http://www.isg.rhul.ac.uk/tls/
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
-
Packets of Death
http://blog.krisk.org/2013/02/packets-of-death.html
http://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement
http://www.wired.com/wiredenterprise/2013/02/packet-of-death/
http://blog.krisk.org/2013/02/packets-of-death-update.html
-
Malware: Dollar Equals Tilde Square Brackets
http://blog.avast.com/2013/02/14/malware-dollar-equals-tilde-square-brackets/
To deobfuscate the payload, you can use our in-house developed deobfuscator (http://dollar.zikin.cz/)
-
FROST: Forensic Recovery Of Scrambled Telephones
https://www1.informatik.uni-erlangen.de/frost
http://www1.cs.fau.de/filepool/projects/frost/frost.pdf
-
Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit
http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
-
Vulnerabilities served up
http://www.h-online.com/security/news/item/Vulnerabilities-served-up-1810524.html
http://www.theregister.co.uk/2013/02/21/punkspider/
http://punkspider.hyperiongray.com/
-
Bypassing Google’s Two-Factor Authentication
https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/
-
Stuxnet 0.5: The sabotage worm is older than previously thought
http://www.h-online.com/security/news/item/Stuxnet-0-5-The-sabotage-worm-is-older-than-previously-thought-1812496.html
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf
-
Mobile Drive-By Malware example
http://blog.avast.com/2013/03/11/mobile-drive-by-malware-example/
-
Mobile Threat Report Q4 2012
http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q4%202012.pdf
-
Attack of the week: RC4 is kind of broken in TLS
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
-
Analysis of Chinese attack against Korean banks
http://blog.avast.com/2013/03/19/analysis-of-chinese-attack-against-korean-banks/
-
Banker Omnia Vincit – A tale of signed Brazilian bankers
http://blog.avast.com/2013/03/20/banker-omnia-vincit-a-tale-of-signed-brazilian-bankers/
http://files.avast.com/files/viruslab/banker-omnia-vincit.pdf
-
Owning Samsung phones for fun (...but with no profit :-))
http://randomthoughts.greyhats.it/2013/03/owning-samsung-phones-for-fun-but-with.html
-
Hacking the <a> tag in 100 characters
http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
-
Hacking the <a> tag in 100 characters
http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
The NoScript puts a crimp in this little hack, so whilst it shouldn't have to if the browser prevents it, if you aren't already running NoScript then now is the time to start.
-
2012 Law Enforcement Requests Report
http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
http://download.microsoft.com/download/F/3/8/F38AF681-EB3A-4645-A9C4-D4F31B8BA8F2/MSFT_Reporting_Data.pdf
-
Fake Facebook login pages spreading by Facebook applications
http://blog.avast.com/2013/03/25/fake-facebook-login-pages-spreading-by-facebook-applications/
http://www.techgainer.com/what-is-fake-facebook-login-page-and-how-it-is-used-to-hack-facebook-account/
-
(https://blog.avast.com/wp-content/uploads/2013/03/UI-big-smiley.png)
The avast! 8 User Interface: A study of change (https://blog.avast.com/2013/03/28/the-avast-8-user-interface/)
-
Backdoor Uses Evernote as Command-and-Control Server
http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/
-
Security Done Wrong: Leaky FTP Server
http://adamcaudill.com/2013/04/04/security-done-wrong-leaky-ftp-server/
-
Hackersh 0.1 Release Announcement
http://blog.ikotler.org/2013/04/hackersh-01-release-announcement.html
-
Stels Android Trojan Malware Analysis
http://www.secureworks.com/cyber-threat-intelligence/threats/stels-android-trojan-malware-analysis/
PS: We're protected: https://www.virustotal.com/en/file/03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae/analysis/
-
Why we love specifications (not)! Part II
http://blog.avast.com/2013/04/12/why-we-love-specifications-not-part2/
-
Persona Beta 2 launch
https://hacks.mozilla.org/2013/04/persona-beta-2-launch/
http://identity.mozilla.com/post/47541633049/persona-beta-2/
http://blog.mozilla.org/beyond-the-code/2013/04/09/persona-beta2/
-
WordPress Plugin Social Media Widget Hiding Spam – Remove it now
http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html
-
Hijacking airplanes with an Android phone
https://www.net-security.org/secworld.php?id=14733
-
Hijacking airplanes with an Android phone
https://www.net-security.org/secworld.php?id=14733
More here: http://conference.hitb.org/hitbsecconf2013ams/materials/D1T1%20-%20Hugo%20Teso%20-%20Aircraft%20Hacking%20-%20Practical%20Aero%20Series.pdf
-
Cuckoo Sandbox 0.6
http://cuckoosandbox.org/2013-04-15-cuckoo-sandbox-06.html
-
VirusTotal += PCAP Analyzer
http://blog.virustotal.com/2013/04/virustotal-pcap-analyzer.html
-
Serial Offenders: Widespread Flaws in Serial Port Servers
https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-offenders-widespread-flaws-in-serial-port-servers
-
The Mutter Backdoor: Operation Beebus with New Targets
http://www.fireeye.com/blog/technical/malware-research/2013/04/the-mutter-backdoor-operation-beebus-with-new-targets.html
-
State of the Internet Report (Q4 2012)
http://www.akamai.com/dl/akamai/akamai_soti_q412_exec_summary.pdf
-
Mozilla: the Next 15 Years
http://www.h-online.com/open/features/Mozilla-the-Next-15-Years-1837073.html
-
Regents of Louisiana spreading Sirefef malware
http://blog.avast.com/2013/05/03/regents-of-louisiana-spreading-sirefef-malware/
-
Windows 8 at 6 months
http://blogs.windows.com/windows/b/bloggingwindows/archive/2013/05/06/windows-8-at-6-months-q-amp-a-with-tami-reller.aspx
-
"Honeywords" plan to snare password thieves
http://www.h-online.com/security/news/item/Honeywords-plan-to-snare-password-thieves-1858488.html
http://people.csail.mit.edu/rivest/pubs/JR13.pdf
-
Common OAuth issue you can use to take over accounts
http://webstersprodigy.net/2013/05/09/common-oauth-issue-you-can-use-to-take-over-accounts/
-
Untangling the Web: A Guide to Internet Research
http://www.nsa.gov/public_info/_files/Untangling_the_Web.pdf
-
Fraunhofer FOKUS institute releases Fuzzino fuzzing library
http://www.h-online.com/security/news/item/Fraunhofer-FOKUS-institute-releases-Fuzzino-fuzzing-library-1863924.html
-
Firmware Hacking: The Samsung smart TV turn
http://marcoramilli.blogspot.it/2013/05/firmware-hacking-samsung-smart-tv-turn.html
-
Vaccinating systems against VM-aware malware
https://community.rapid7.com/community/infosec/blog/2013/05/13/vaccinating-systems-against-vm-aware-malware
-
Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?
https://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/
-
Grum lives!
http://blog.avast.com/2013/05/22/grum-lives/
-
Exploiting Samsung Galaxy S4 Secure Boot
http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html
-
Blackberry Z10 research primer – An initial analysis (by A. Antukh)
https://www.sec-consult.com/fxdata/seccons/prod/downloads/sec_consult_vulnerability_lab_blackberry_z10_initial_analysis_v10.pdf
-
Analysis of a self-debugging Sirefef cryptor
http://blog.avast.com/2013/05/29/analysis-of-a-self-debugging-sirefef-cryptor/
-
Improving the security of your SSH private key files
http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
-
Would you knowingly trust an irrevocable SSL certificate?
http://news.netcraft.com/archives/2013/05/23/would-you-knowingly-trust-an-irrevocable-ssl-certificate.html
-
(https://www.evernote.com/shard/s20/sh/395df95b-8466-4abf-8fa9-4ddd3ee93fe4/4201d5f307259e50d6b4f3b0aff61498/res/48fe9f7f-0dcc-44db-91ba-7150d0380ee7.jpg?resizeSmall&width=832)
Malware similarity and clustering made easy (http://www.simseer.com/)
-
Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices
http://students.cis.uab.edu/zawoad/paper/asia03-hasan.pdf
-
Sick of Typing Passwords? Get an Electronic Tattoo or Ingest a Pill
By Joanna Stern
May 31, 2013 12:25pm
Cut!
Dugan showed off a small pill. Inside that pill wasn’t medication but a tiny computer chip. “It also has what amounts to an inside-out potato battery. The acids in your stomach serve as an electrolyte and power it up,” she explained.
That creates a signal in your body and your body becomes the password. You can touch your phone, car or door and be “authenticated in.” Sounds crazy, yes, but this is not just “science fiction” Dugan said. Made by Proteus Digital Health, the pill was approved by the FDA in August 2012...
http://abcnews.go.com/blogs/technology/2013/05/sick-of-typing-passwords-get-an-electronic-tattoo-or-ingest-a-pill/
-
Android antivirus apps are less-than-stellar (http://www.tgdaily.com/security-features/71937-report-android-antivirus-apps-are-less-than-stellar)
If you're interested in reading the actual report,
you'll find it at:
http://list.cs.northwestern.edu/mobile/droidchameleon_nu_eecs_13_01.pdf (http://list.cs.northwestern.edu/mobile/droidchameleon_nu_eecs_13_01.pdf)
I wonder how avast! Mobile Security would have been rated in this test ???
-
Yes it does appear to be missing from there
-
Forget .com: Get ready for .google and .apple
By Julianne Pepitone June 3, 2013: 3:57 AM ET
ICANN received 1,930 applications for new top-level domains.
NEW YORK (CNNMoney)
The largest-ever expansion of the Internet's naming system, beyond trusty old .com and .org, is almost here: Hundreds of dot-anything websites are slated to roll out this year, starting as early as this summer.
The list of proposed new domains includes .google, .apple, .nyc and .book. It's the first major expansion in more than a decade, and it's a complicated process -- one that has suffered through both technical delays and critics' concerns...
http://money.cnn.com/2013/06/03/technology/enterprise/icann-domain-expansion/index.html?hpt=hp_t3
-
Social engineering attacks using DRM protected ASF files
http://blog.virustotal.com/2013/06/social-engineering-attacks-using-drm.html
-
Command Prompt - Fix Issues with your Boot Records
By Maximilian on 12/01/2010
If your Windows 7 is having trouble booting properly and Startup Repair didn't fix the problem, it's worth trying the Bootrec.exe tool by running in the Command Prompt. This utility was designed to troubleshoot and repair startup issues in Windows 7.
http://www.7tutorials.com/command-prompt-fix-issues-your-boot-records
-
New safe test suite for checking for proper a/v operation (ATMSO) from PC Mag dot com: http://securitywatch.pcmag.com/security-software/312184-is-your-antivirus-working (http://securitywatch.pcmag.com/security-software/312184-is-your-antivirus-working)
ATMSO website test link: http://www.amtso.org/ (http://www.amtso.org/)
-
For Your Satisfaction – Android:Satfi-A [Trj]
http://blog.avast.com/2013/06/04/for-your-satisfaction/
-
1,462 botnets shut down by Microsoft, FBI and financial sector
http://www.h-online.com/security/news/item/1-462-botnets-shut-down-by-Microsoft-FBI-and-financial-sector-1884174.html
http://www.microsoft.com/en-us/news/Press/2013/Jun13/06-05DCUPR.aspx
-
1,462 botnets shut down by Microsoft, FBI and financial sector
http://www.h-online.com/security/news/item/1-462-botnets-shut-down-by-Microsoft-FBI-and-financial-sector-1884174.html
http://www.microsoft.com/en-us/news/Press/2013/Jun13/06-05DCUPR.aspx
Citadel takedown took down security researchers too
http://www.h-online.com/security/news/item/Citadel-takedown-took-down-security-researchers-too-1887328.html
http://www.abuse.ch/?p=5362
http://nakedsecurity.sophos.com/2013/06/12/microsoft-citadel-takedown/
-
OWASP Top 10 for 2013
https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf
-
Your Facebook connection is now secured! Thank you for your support!
http://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/
-
Your Facebook connection is now secured! Thank you for your support!
http://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/
A variation on an old theme brought up to date a little by saying it is facebook.
This was frequently used to say your email account or bank account was blocked, mainly to try and get your logon details and passwords, etc.
-
Microsoft Security Bounty Programs
http://www.microsoft.com/security/msrc/report/bountyprograms.aspx
http://blogs.technet.com/b/srd/archive/2013/06/17/new-bounty-program-details.aspx
http://www.microsoft.com/security/msrc/report/guidelines.aspx
-
Content Security Policy halts XSS in its tracks
http://www.h-online.com/security/features/Content-Security-Policy-halts-XSS-in-its-tracks-1892346.html
-
Story of the Cutwail/Pushdo hidden C&C server
http://blog.avast.com/2013/06/25/15507/
-
Mixed Content Blocker hits Firefox Beta!
https://blog.mozilla.org/security/2013/06/27/mixed-content-blocker-hits-firefox-beta/
https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
https://quality.mozilla.org/2013/06/mixed-content-blocking-test-day-july-1s
-
Fake Flash Player installer spreads via Twitter and Facebook
http://blog.avast.com/2013/07/03/fake-flash-player-installer/
-
A Penetration Tester's Guide to IPMI and BMCs
https://community.rapid7.com/community/metasploit/blog/2013/06/23/a-penetration-testers-guide-to-ipmi
-
Uncovering Android Master Key That Makes 99% of Devices Vulnerable
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/
-
Anatomy of a browser trick - you've heard of "clickjacking", now meet "keyjacking"...
http://nakedsecurity.sophos.com/2013/06/29/anatomy-of-a-browser-trick-youve-heard-of-clickjacking-now-meet-keyjacking/
-
Hijacking a Facebook Account with SMS
http://blog.fin1te.net/post/53949849983/hijacking-a-facebook-account-with-sms
-
Forensic Analysis of the Tor Browser Bundle on OS X, Linux, and Windows
https://research.torproject.org/techreports/tbb-forensic-analysis-2013-06-28.pdf
-
NSS 3.15.1 brings TLS 1.2 support to Firefox
http://www.h-online.com/security/news/item/NSS-3-15-1-brings-TLS-1-2-support-to-Firefox-1918133.html
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes
-
Use Google as a Proxy Server to Bypass Paywalls, Download Files
http://www.labnol.org/internet/google-proxy-server/28112/
-
Web proxy detection and real IP address disclosure
https://zorrovpn.com/articles/web-proxy-detection
-
Multisystem Trojan Janicab attacks Windows and MacOSX via scripts
http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/
-
Urausy Lockscreen: Your computer will remain locked for 3 days, 11 hours and 20 minutes!
http://blog.avast.com/2013/07/24/urausy-lockscreen-your-computer-will-remain-locked-for-3-days-11-hours-and-20-minutes/
-
Urausy Lockscreen: Your computer will remain locked for 3 days, 11 hours and 20 minutes!
http://blog.avast.com/2013/07/24/urausy-lockscreen-your-computer-will-remain-locked-for-3-days-11-hours-and-20-minutes/ (http://blog.avast.com/2013/07/24/urausy-lockscreen-your-computer-will-remain-locked-for-3-days-11-hours-and-20-minutes/)
I guess you didn't like it here ??? :)
http://forum.avast.com/index.php?topic=52252.msg967901#msg967901 (http://forum.avast.com/index.php?topic=52252.msg967901#msg967901)
-
I guess you didn't like it here ??? :)
http://forum.avast.com/index.php?topic=52252.msg967901#msg967901 (http://forum.avast.com/index.php?topic=52252.msg967901#msg967901)
That's right Bob. It's no security warning (per se), but a technical analysis. ;)
-
Exploit (& Fix) Android "Master Key"
http://www.saurik.com/id/17
-
Advanced Exploitation of Windows Kernel Privilege Escalation (CVE-2013-3660 / MS13-053)
http://www.vupen.com/blog/20130723.Advanced_Exploitation_Windows_Kernel_Win32k_EoP_MS13-053.php
-
How Browsers Store Your Passwords (and Why You Shouldn't Let Them)
http://raidersec.blogspot.in/2013/06/how-browsers-store-your-passwords-and.html
-
Phishing Google Wallet and Paypal by abusing WhatsApp
https://cureblog.de/2013/07/phishing-google-wallet-and-paypal-by-abusing-whatsapp/
-
Malicious Bitcoin Miners target Czech Republic
http://blog.avast.com/2013/08/01/malicious-bitcoin-miners-target-czech-republic/
-
Password Algorithms: Internet Explorer 10 (Windows Vault)
http://insecurety.net/?p=933
-
The Public-Private Surveillance Partnership
http://www.bloomberg.com/news/2013-07-31/the-public-private-surveillance-partnership.html
-
Black-Hat USA 2013 - Archives
https://www.blackhat.com/us-13/archives.html
-
BREACH vulnerability in compressed HTTPS
http://www.kb.cert.org/vuls/id/987798
http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf
https://community.qualys.com/blogs/securitylabs/2013/08/07/defending-against-the-breach-attack
-
How Browsers Store Your Passwords (and Why You Shouldn't Let Them)
http://raidersec.blogspot.in/2013/06/how-browsers-store-your-passwords-and.html
Hmm man that is serious. Thank you for posting this, this is why a firewall with outbound protection is needed, and why not a HIPS, but I know that many hate HIPS because is too intrusive, but for advanced users HIPS become handy(but hey don't judge me is just my opinion).
-
Your documents are corrupted: From image to an information stealing trojan
http://blog.avast.com/2013/08/12/your-documents-are-corrupted-from-image-to-an-information-stealing-trojan/
-
IT Threat Evolution: Q2 2013
https://www.securelist.com/en/analysis/204792299/IT_Threat_Evolution_Q2_2013
-
Open Source Backdoor – Copyrighted Under GNU GPL
http://blog.sucuri.net/2013/08/open-source-backdoor-copyrighted-under-gnu-gpl.html
-
Hacking Lightbulbs
http://www.dhanjani.com/docs/Hacking%20Lighbulbs%20Hue%20Dhanjani%202013.pdf
-
Software Vulnerability Exploitation Trends
http://www.microsoft.com/en-us/download/details.aspx?id=39680
-
How We Found Every Single Vulnerable Website
http://blog.nerdydata.com/post/57544050832/how-we-found-every-single-vulnerable-website
-
No problem bro – ransom decryption service
http://blog.avast.com/2013/08/20/no-problem-bro-ransom-decryption-service/
-
Remote Code Execution on Wired-side Servers over Unauthenticated Wireless
http://blog.opensecurityresearch.com/2013/08/remote-code-execution-on-wired-side.html
-
Introducing FuzzDB
https://blog.mozilla.org/security/2013/08/16/introducing-fuzzdb/
-
Jekyll on iOS: When Benign Apps Become Evil
https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_wang_2.pdf
-
Nmap 6.40 Released! New scripts, new signatures, better performance!
http://seclists.org/nmap-announce/2013/1
-
Plug-n-Hack
https://blog.mozilla.org/security/2013/08/22/plug-n-hack/
-
The backdoor you didn’t grep
http://rileykidd.com/2013/08/21/the-backdoor-you-didnt-grep/
-
Turbo-charged cracking comes to long passwords
http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/ (http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/)
-
Linux Trojan “Hand of Thief” ungloved
http://blog.avast.com/2013/08/27/linux-trojan-hand-of-thief-ungloved/
-
Looking inside the (Drop)box
https://www.usenix.org/system/files/conference/woot13/woot13-kholia.pdf
-
The Best (and Worst) Browsers to Test With
http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/
-
The Best (and Worst) Browsers to Test With
http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/ (http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/)
Another obvious statistical magic trick. Numbers don't lie it's just how they're applied that
makes the outcome suspect. ;)
-
The Best (and Worst) Browsers to Test With
http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/ (http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/)
Another obvious statistical magic trick. Numbers don't lie it's just how they're applied that
makes the outcome suspect. ;)
As they say - Lies, damn lies & Statistics ;D
-
Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
-
Stealthy Dopant-Level Hardware Trojans
http://people.umass.edu/gbecker/BeckerChes13.pdf
-
Browser fuzzing: introducing bamboo.js
http://0xffe4.org/browser-fuzzing-bamboo/
-
Win32/64:Napolar: New Trojan shines on the cyber crime-scene
http://blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/
-
Analysis of the FBI Tor Malware
http://oweng.myweb.port.ac.uk/fbi-tor-malware-analysis/
-
Masscan: the entire Internet in 3 minutes
http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html#.UkPtz4agadg
-
Grappling with the ZeroAccess Botnet
http://www.symantec.com/connect/blogs/grappling-zeroaccess-botnet
-
Big bang theory of CVE-2012-4792
http://public.avast.com/~chytry/AVAST_vb2013.pdf
-
NSA and GCHQ target Tor network that protects anonymity of web users
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
-
NSA and GCHQ target Tor network that protects anonymity of web users
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption (http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption)
It was only a matter of time. Tor was working too well. :'(
-
Beware of poisoned apples
http://blog.avast.com/2013/10/07/beware-of-poisoned-apples/
-
Beware of poisoned apples
http://blog.avast.com/2013/10/07/beware-of-poisoned-apples/ (http://blog.avast.com/2013/10/07/beware-of-poisoned-apples/)
You're safe from this one if you eat apples like I do but don't use them. :)
-
Blackhole exploit kit author arrested:
http://blog.malwarebytes.org/whats-in-the-news/2013/10/blackhole-exploit-kit-author-reportedly-arrested-changes-already-noticeable/ (http://blog.malwarebytes.org/whats-in-the-news/2013/10/blackhole-exploit-kit-author-reportedly-arrested-changes-already-noticeable/)
Schneier on Security blog re NSA exploit details:
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html (https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html)
and finally:
PureVPN WAS Hacked, But is NOT Closing:
http://www.infosecurity-magazine.com/view/34909/purevpn-was-hacked-but-is-not-closing/ (http://www.infosecurity-magazine.com/view/34909/purevpn-was-hacked-but-is-not-closing/)
-
Piercing Through WhatsApp’s Encryption
https://blog.thijsalkema.de/blog/2013/10/08/piercing-through-whatsapp-s-encryption/
https://blog.thijsalkema.de/blog/2013/10/08/piercing-through-whatsapps-encryption-2/
-
Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions
http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vulnerable-aggressive-adware-threatening-millions.html
-
Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day (Part 1)
http://nakedsecurity.sophos.com/2013/10/11/anatomy-of-an-exploit-ie-zero-day-part-1/
-
Steam UAC bypass via code execution
http://codeinsecurity.wordpress.com/2013/10/11/steam-uac-bypass-via-code-execution/
http://codeinsecurity.wordpress.com/2013/10/11/steam-code-execution-privilege-escalation-to-system/
-
Vulnerabilities Discovered in Global Vessel Tracking Systems
http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-discovered-in-global-vessel-tracking-systems/
-
Win32/KanKan – Chinese drama
http://www.welivesecurity.com/2013/10/11/win32kankan-chinese-drama/
-
Destructive malware "CryptoLocker" on the loose - here's what to do
http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/
-
Destructive malware "CryptoLocker" on the loose - here's what to do
http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/ (http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/)
There isn't anything you can do once you've been infected.
You need to be prepared before the infection happens through regular image backups.
After infection, without the Key or a restore point, you're screwed.....
How is this being detected by avast! ???
-
There isn't anything you can do once you've been infected.
You need to be prepared before the infection happens through regular image backups.
After infection, without the Key or a restore point, you're screwed.....
Yes, you're right Bob, it's really bad malware. :(
-
Does avast detect *all* these nasties? It's a job for full restore...
-
There isn't anything you can do once you've been infected.
You need to be prepared before the infection happens through regular image backups.
After infection, without the Key or a restore point, you're screwed.....
Yes, you're right Bob, it's really bad malware. :(
At least one version disables/encrypts .tib files used by Acronis backup software. Russian roulette, is what it is.
-
Win32:Reveton-XY [Trj] saves hundreds of computers worldwide and cybercriminals know it!!!
http://blog.avast.com/2013/10/22/win32reveton-xy-trj-saves-hundreds-of-computers-worldwide-and-cybercriminals-know-it/
-
Win32:Reveton-XY [Trj] saves hundreds of computers worldwide and cybercriminals know it!!!
http://blog.avast.com/2013/10/22/win32reveton-xy-trj-saves-hundreds-of-computers-worldwide-and-cybercriminals-know-it/ (http://blog.avast.com/2013/10/22/win32reveton-xy-trj-saves-hundreds-of-computers-worldwide-and-cybercriminals-know-it/)
There is a big difference between Reveton and CryptoLocker.
Reveton is relatively simple to prevent and/or recover from.
CryptoLocker without a good Image backup, means the end of all your files.
-
There is a big difference between Reveton and CryptoLocker.
Reveton is relatively simple to prevent and/or recover from.
CryptoLocker without a good Image backup, means the end of all your files.
Yes Bob. That's just a new post in the topic, not related to anything posted before. ;)
-
Why you don't need a firewall
http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153
-
Why you don't need a firewall
http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153 (http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153)
You are free to follow his advice.
I'll continue to use a firewall. :)
-
Excuse me if i don't rush to uninstall my firewall ;)
-
You are free to follow his advice
thanks....just wanted to check first. ;)
however i use win firewall, and router firewall
-
Why you don't need a firewall
http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153
1. I don't agree with Roger.
2. The article is from May 2012... ;)
-
GOTCHA Password Hackers!
http://arxiv.org/abs/1310.1137
http://arxiv.org/pdf/1310.1137v1
-
Google flagged PHP.net as suspicious website
http://blog.avast.com/2013/10/25/google-flagged-php-net-as-suspicious-website/
-
Analysis of a Malware ROP Chain
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
-
Facebook Clickjacking: Will You Like Me?
http://blog.avast.com/2013/10/28/facebook-clickjacking-will-you-like-me/
-
How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
-
How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
Shortly: "Now we know version v7.1a is not backdoored", i.e., you can trust on TrueCrypt encryption.
Sadly, it's becoming incompatible with newer Windows versions. It could work, indeed with Windows 8 and 8.1, but the boot time will be affected.
-
Microsoft Security Intelligence Report (SIR) #15
http://www.microsoft.com/security/sir/default.aspx
-
BadBIOS
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
http://blog.erratasec.com/2013/10/badbios-features-explained.html
http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/
http://nakedsecurity.sophos.com/2013/11/01/the-badbios-virus-that-jumps-airgaps-and-takes-over-your-firmware-whats-the-story/
-
Google Bots Doing SQL Injection Attacks
http://blog.sucuri.net/2013/11/google-bots-doing-sql-injection-attacks.html
-
BadBIOS
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
http://blog.erratasec.com/2013/10/badbios-features-explained.html
http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/
http://nakedsecurity.sophos.com/2013/11/01/the-badbios-virus-that-jumps-airgaps-and-takes-over-your-firmware-whats-the-story/
https://plus.google.com/103470457057356043365/posts/Sm2nkvemuUX
http://www.greebo.net/2013/11/06/stop-just-stop/
-
Top 3 types of hacks against small websites
http://blog.avast.com/2013/11/12/top-3-types-of-hacks-against-small-websites/
-
Malvertising and OpenX servers
http://blog.avast.com/2013/11/14/malvertising-and-openx-servers/
-
Microsoft unveils state-of-the-art Cybercrime Center
http://www.microsoft.com/en-us/news/press/2013/nov13/11-14cybercrimecenterpr.aspx
http://www.microsoft.com/en-us/news/stories/cybercrime/index.html
-
Microsoft unveils state-of-the-art Cybercrime Center
http://www.microsoft.com/en-us/news/press/2013/nov13/11-14cybercrimecenterpr.aspx
http://www.microsoft.com/en-us/news/stories/cybercrime/index.html
They really should be concentrating on making their OSes and browsers less vulnerable to cybercriminals :P
-
Microsoft DCU — Strike Three. Now What?
https://blog.damballa.com/archives/2221
-
Botnet Enlists Firefox Users to Hack Web Sites
http://krebsonsecurity.com/2013/12/botnet-enlists-firefox-users-to-hack-web-sites/
https://addons.mozilla.org/en-US/firefox/blocked/i508
-
Browser Ransomware tricks revealed
http://blog.avast.com/2013/12/11/browser-ransomware-tricks-revealed/
-
Be a real security pro - Keep your private keys private
http://blogs.technet.com/b/mmpc/archive/2013/12/15/be-a-real-security-pro-keep-your-private-keys-private.aspx
-
Microsoft DCU — Strike Three. Now What?
https://blog.damballa.com/archives/2221
ZeroAccess criminals wave white flag: The impact of partnerships on cybercrime
http://blogs.technet.com/b/microsoft_blog/archive/2013/12/19/zeroaccess-criminals-wave-white-flag-the-impact-of-partnerships-on-cybercrime.aspx
-
Exclusive: Secret contract tied NSA and security industry pioneer
http://www.reuters.com/article/2013/12/21/us-usa-security-rsa-idUSBRE9BJ1C220131221
-
Exclusive: Secret contract tied NSA and security industry pioneer
http://www.reuters.com/article/2013/12/21/us-usa-security-rsa-idUSBRE9BJ1C220131221
RSA Response to Media Claims Regarding NSA Relationship
https://blogs.rsa.com/news-media-2/rsa-response/
-
How to disable webcam light on Windows
http://blog.erratasec.com/2013/12/how-to-disable-webcam-light-on-windows.html
-
Practical malleability attack against CBC-Encrypted LUKS partitions
http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/
-
Comparison of Adware in Windows and OS X: Linkular and Genieo
http://blog.avast.com/2014/01/09/comparison-of-adware-in-windows-and-os-x-linkular-and-genieo/
-
WordPress Plugins Exploitation Through the Big Data Prism
https://blogs.akamai.com/2014/01/wordpress-plugins-exploitation-through-the-big-data-prism.html
-
Metasploit Now Supports Malware Analysis via VirusTotal
https://community.rapid7.com/community/metasploit/blog/2014/01/10/metasploit-now-supports-malware-analysis-via-virustotal
-
A Cat and Mouse Game Between Exploits and Antivirus
https://community.rapid7.com/community/metasploit/blog/2014/01/05/a-cat-and-mouse-game-between-exploits-and-antivirus
-
Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 1
http://blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/
-
Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 1
http://blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/
We have had several of these .. SVCHOST malware in the virus forum
-
Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 1
http://blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/
We have had several of these .. SVCHOST malware in the virus forum
Good that the guys at the VL are at it and great that you provide additional info.
Let's see what new insights Part 2 brings...
-
Oldboot: the first bootkit on Android
http://blogs.360.cn/360mobile/2014/01/17/oldboot-the-first-bootkit-on-android/
-
Personal banking apps leak info through phone
http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.html
-
ATMs Face Deadline to Upgrade From Windows XP
http://www.businessweek.com/articles/2014-01-16/atms-face-deadline-to-upgrade-from-windows-xp
-
TrueCrypt Master Key Extraction And Volume Identification
http://volatility-labs.blogspot.de/2014/01/truecrypt-master-key-extraction-and.html
-
Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 2
https://blog.avast.com/2014/01/22/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-2/ (https://blog.avast.com/2014/01/22/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-2/)
-
Spoiled Onions: Exposing Malicious Tor Exit Relays
http://www.cs.kau.se/philwint/spoiled_onions/techreport.pdf
-
XXE in OpenID: one bug to rule them all, or how I found a Remote Code Execution flaw affecting Facebook's servers
http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution
-
blackarchlinux
http://www.blackarch.org/
BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers.
-
Malformed FileZilla FTP client with login stealer
http://blog.avast.com/2014/01/27/malformed-filezilla-ftp-client-with-login-stealer/
-
Show off your security skills: announcing Pwnium 4 targeting Chrome OS
http://blog.chromium.org/2014/01/show-off-your-security-skills.html
-
Angry Birds and 'leaky' phone apps targeted by NSA and GCHQ for user data
http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data?CMP=fb_us
-
Avatar - A free and open-source operating system for the Internet with privacy built-in
http://sneakpeek.avatar.ai/
http://sneakpeek.avatar.ai/technology.html
-
RSA Uncovers New POS Malware Operation Stealing Payment Card & Personal Information
https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/
-
Research buzz: Undercover technology
http://blog.avast.com/2014/02/07/research-buzz-undercover-technology/
-
Snowden Used Low-Cost Tool to Best N.S.A.
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html
-
Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers
http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-Uncovers-The-Mask-One-of-the-Most-Advanced-Global-Cyber-espionage-Operations-to-Date-Due-to-the-Complexity-of-the-Toolset-Used-by-the-Attackers
http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf
-
Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
-
Hackers circulate thousands of FTP credentials, New York Times among those hit
http://www.pcworld.com/article/2098020/hackers-circulate-thousands-of-ftp-credentials-new-york-times-among-those-hit.html
-
Fake Korean bank applications for Android – PT 1
http://blog.avast.com/2014/02/17/fake-korean-bank-applications-for-android-pt-1/
-
Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw
http://arstechnica.com/security/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw/
-
Fake SSL certificates deployed across the internet
http://news.netcraft.com/archives/2014/02/12/fake-ssl-certificates-deployed-across-the-internet.html
-
Bitcrypt broken
http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
-
German Telekom Bug Bounty – 3x Remote Vulnerabilities
http://www.vulnerability-db.com/dev/index.php/2014/02/06/german-telekom-bug-bounty-3x-remote-vulnerabilities/
-
Price and Feature Comparison of Web Application Scanners
http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html
-
New iOS flaw makes devices susceptible to covert keylogging, researchers say
http://arstechnica.com/security/2014/02/new-ios-flaw-makes-devices-susceptible-to-covert-keylogging-researchers-say/
http://www.fireeye.com/blog/technical/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html
-
http://www.bbc.co.uk/news/technology-26352439
'Contagious' wi-fi virus created by Liverpool researchers
-
The Wild Wild Web: YouTube ads serving malware
http://labs.bromium.com/2014/02/21/the-wild-wild-web-youtube-ads-serving-malware/
-
The OpenID Foundation Launches the OpenID Connect Standard
http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/
http://openid.net/connect/faq/
-
Detection and analysis of the Chameleon WiFi access point virus
http://jis.eurasipjournals.com/content/2013/1/2#
http://jis.eurasipjournals.com/content/pdf/1687-417X-2013-2.pdf
-
testssl.sh: Testing TLS/SSL encryption
http://testssl.sh/
http://testssl.sh/CHANGELOG.txt
-
Bypassing EMET 4.1
http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/
http://bromiumlabs.files.wordpress.com/2014/02/bypassing-emet-4-1.pdf
-
Secunia Vulnerability Review 2014
http://secunia.com/vulnerability-review/
-
Dissecting the newest IE10 0-day exploit (CVE-2014-0322)
http://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
-
Uroburos - highly complex espionage software with Russian roots
http://blog.gdatasoftware.com/blog/article/uroburos-highly-complex-espionage-software-with-russian-roots.html
https://www.gdata.de/rdk/dl-en-rp-Uroburos [PDF]
-
Fake Korean bank applications for Android – part 2 (https://blog.avast.com/2014/03/03/fake-korean-bank-applications-for-android-part-2/)
-
VMDE (Virtual Machines Detection Enhanced)
http://www.heise.de/security/downloads/07/1/1/8/3/5/5/9/vmde.pdf
-
Triple Handshakes Considered Harmful
Breaking and Fixing Authentication over TLS
https://secure-resumption.com/
https://secure-resumption.com/tlsauth.pdf
-
Android 64-bit ARM computing is coming:
http://www.networkworld.com/news/2014/030314-linux-group-could-hasten-64-bit-279350.html (http://www.networkworld.com/news/2014/030314-linux-group-could-hasten-64-bit-279350.html)
-
Open Source Cloud Operating System 'OpenStack'
https://www.openstack.org/ (https://www.openstack.org/)
-
Yahoo's Pet Show of Horrors: Leaking a User's Emails Crossdomain
http://blog.saynotolinux.com/2014/03/01/yahoos-pet-show-of-horrors-abusing-a-crossdomain-proxy-to-leak-a-users-email/
-
You Won't Be Needing These Any More: On Removing Unused Certicates From Trust Stores
https://www2.dcsec.uni-hannover.de/files/fc14_unused_cas.pdf
-
Physicist Proposes New Type of Computing Without Transistors
http://gigaom.com/2014/03/10/physicist-proposes-a-new-type-of-computing-at-sxsw-check-out-orbital-computing/ (http://gigaom.com/2014/03/10/physicist-proposes-a-new-type-of-computing-at-sxsw-check-out-orbital-computing/)
-
More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html
-
Fake Korean bank applications for Android – Pt 3 (https://blog.avast.com/2014/03/18/fake-korean-bank-applications-for-android-pt-3/)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1395143424136-78667.png)
-
OPERATION WINDIGO: Malware Used To Attack Over 500,000 Computers Daily After 25,000 UNIX Servers Hijacked By Backdoor Trojan
http://blog.eset.ie/2014/03/18/operation-windigo-malware-used-to-attack-over-500000-computers-daily-after-25000-unix-servers-hijacked-by-backdoor-trojan/
http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
-
Threat Advisory: PHP-CGI At Your Command
http://blog.imperva.com/2014/03/threat-advisory-php-cgi-at-your-command.html
-
Meet Cyclosa, the Gang Behind 2013's Biggest Data Thefts
http://www.symantec.com/connect/blogs/meet-cyclosa-gang-behind-2013s-biggest-data-thefts (http://www.symantec.com/connect/blogs/meet-cyclosa-gang-behind-2013s-biggest-data-thefts)
Hacker identity known/confirmed and history to present day.
-
Researchers' Google Glass Spyware Sees What You See
http://www.forbes.com/sites/andygreenberg/2014/03/18/researchers-google-glass-spyware-sees-what-you-see/
-
Framing Signals — A Return to Portable Shellcode
http://www.cs.vu.nl/~herbertb/papers/srop_sp14.pdf
-
WordPress hosting: Do not try this at home!
http://news.netcraft.com/archives/2014/03/24/wordpress-hosting-do-not-try-this-at-home.html
-
Pretty women. Which one will infect you?
http://blog.avast.com/2014/03/27/pretty-women-which-one-will-infect-you/
-
Pretty women. Which one will infect you?
http://blog.avast.com/2014/03/27/pretty-women-which-one-will-infect-you/ (http://blog.avast.com/2014/03/27/pretty-women-which-one-will-infect-you/)
I got infected by a pretty woman 54 years ago and still haven't been able to get rid of the infection. :)
-
LOL ;D
-
Founders aim to accelerate IoT interoperability
http://www.eetimes.com/document.asp?doc_id=1321667& (http://www.eetimes.com/document.asp?doc_id=1321667&)
-
Why Your Twitter Account May Be More Valuable Than Your Credit Card
http://forums.juniper.net/t5/Security-Mobility-Now/Why-Your-Twitter-Account-May-Be-More-Valuable-Than-Your-Credit/ba-p/234270
-
New Vulnerabilities in Firefox for Android: Overtaking Firefox Profiles
http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/
-
We may have witnessed a NSA "Shotgiant" TAO-like action
http://blog.erratasec.com/2014/03/we-may-have-witnessed-nsa-shotgiant-tao.html
http://www.nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html
-
The Gray-zone of malware detection in Android OS
http://blog.avast.com/2014/03/31/the-gray-zone-of-malware-detection-in-android-os/
-
Email with subject “FW:Bank docs” leads to information theft
http://blog.avast.com/2014/04/01/email-with-subject-fwbank-docs-leads-to-information-theft/
-
U.S. regulators warn banks about rise in cyber-attacks
http://in.reuters.com/article/2014/04/02/banks-fraud-idINDEEA310GT20140402 (http://in.reuters.com/article/2014/04/02/banks-fraud-idINDEEA310GT20140402)
-
NSA sniffing prompts Yahoo encrypt to traffic between its data centers
Users must, however, manually flip the switch for some sites like Yahoo News and Yahoo Sports
http://www.computerworld.com/s/article/9247410/NSA_sniffing_prompts_Yahoo_encrypt_to_traffic_between_its_data_centers (http://www.computerworld.com/s/article/9247410/NSA_sniffing_prompts_Yahoo_encrypt_to_traffic_between_its_data_centers)
-
Oldboot.B: the hiding tricks used by bootkit on Android
http://blogs.360.cn/360mobile/2014/04/02/analysis_of_oldboot_b_en/
-
WinRar File extension spoofing
http://an7isec.blogspot.co.il/2014/03/winrar-file-extension-spoofing-0day.html
-
One of World’s Largest Websites Hacked: Turns Visitors into “DDoS Zombies”
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html
-
One of World’s Largest Websites Hacked: Turns Visitors into “DDoS Zombies”
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html (http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html)
I guess we'll need to wait till they fix the sites problem before we find out if we're a Zombie. :'(
-
I guess we'll need to wait till they fix the sites problem before we find out if we're a Zombie. :'(
What do you mean Bob, can't you reach the site..?
-
I guess we'll need to wait till they fix the sites problem before we find out if we're a Zombie. :'(
What do you mean Bob, can't you reach the site..?
The article states that they can't name the site that was attacked. (Didn't you read the article ??? ) :)
-
The article states that they can't name the site that was attacked. (Didn't you read the article ??? ) :)
I read it, else I wouldn't have posted it. A misunderstanding, thought you couldn't reach the article. :)
-
http://www.iol.co.za/scitech/technology/news/eu-scraps-data-collection-law-1.1673317
EU scraps data collection law
April 9 2014 at 10:18am
By SAPA
Luxembourg - Europe's top court on Tuesday struck down an EU law forcing telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism...............
-
Technical Analysis of CVE-2014-1761 RTF Vulnerability
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Technical-Analysis-of-CVE-2014-1761-RTF-Vulnerability/ba-p/6440048
-
Cuckoo Sandbox 1.1
http://cuckoosandbox.org/2014-04-07-cuckoo-sandbox-11.html
-
How we got read access on Google’s production servers
http://blog.detectify.com/post/82370846588/how-we-got-read-access-on-googles-production-servers
-
iSEC Completes TrueCrypt Audit
https://isecpartners.github.io/news/2014/04/14/iSEC-Completes-Truecrypt-Audit.html
https://opencryptoaudit.org/reports [PDF]
-
iSEC Completes TrueCrypt Audit
https://isecpartners.github.io/news/2014/04/14/iSEC-Completes-Truecrypt-Audit.html
https://opencryptoaudit.org/reports [PDF]
Worth reading... It's a pity that the code "stop" being developed after Windows 7...
-
TOR Bleed
http://www.mulliner.org/blog/blosxom.cgi/security/torbleed.html
https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html
-
Exploiting CSRF under NoScript Conditions
https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript
-
Cracking Cloudflare's heartbleed challenge
https://blog.indutny.com/9.heartbleed
-
A Boring Article About a Check of the OpenSSL Project
http://www.viva64.com/en/b/0250/
-
A Boring Article About a Check of the OpenSSL Project
http://www.viva64.com/en/b/0250/ (http://www.viva64.com/en/b/0250/)
Polonus might find it interesting.... :)
-
Crossdomain.xml Proof of Concept Tool
http://thehackerblog.com/crossdomain-xml-proof-of-concept-tool/
-
Today I purchased Avast Internet Security for my computers. One PC is 14 years old and operates on XP. I needed a cheap solution to the problem of no more security updates for the OS. So I purchased the standard protection 3-pc's for a year and upgraded the one that is for my XP pc. Everything went smoothly for the old XP pc. But when I went to install it on my laptop (Windows 7) Microsoft could not open the license file --- strange I thought --- so I called Avast tech support --- the tech remotely checked out my computer and discovered all these crazy files, errors and just plain CRAP on my computer --- she says "No problem, we have Microsoft experts here that will fix it for a charge." --- WELL they wanted $179.00 for a YEAR or $119.00 for the quick-fix!! HOLY CRAP!!! Not exactly the kind of fix I had in mind LOL -- so I went and searched for a registry & malware cleaner --- FREE --- ran it (ccCleaner) 2X --- went to my 30-day trial installation on my desktop opened it --- went to the license file in my downloads --- right clicked and chose to open in the Avast program --- VIOLA!!! DONE!!! :-D
-
Never trust 3rd party vendors they appear to do minimal work and then find lots of non-existent problems. If you need help ask here it is better and free :)
-
@donnaF something for you ;)
avast FAQ section http://www.avast.com/en-eu/faq.php
how to do stuff, videos http://www.avast.com/en-eu/faq.php?q=video#searchForm
-
Thanks Pondus, but I was all over that yesterday. :o LOL I actually sorted it out on my own and so it is up and running fine. Saved myself some $$ too! --- and that's always a good thing!
:-D onna
-
essexboy thanks for the tip! But the help was AVAST CC tech support not another vendor --- if I understand your statement and there's always the chance that I don't LOL
:-D onna
-
essexboy thanks for the tip! But the help was AVAST CC tech support not another vendor --- if I understand your statement and there's always the chance that I don't LOL
:-D onna
Hopefully not the following:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1398379600789-29158.png)
That's a third party support #. :'(
-
Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation Form New Initiative to Support Critical Open Source Projects
http://www.linuxfoundation.org/news-media/announcements/2014/04/amazon-web-services-cisco-dell-facebook-fujitsu-google-ibm-intel
-
Akamais "State of the Internet"-Report Q4 2013
http://www.akamai.com/dl/akamai/akamai-soti-q413.pdf?WT.mc_id=soti_Q413 [PDF]
-
New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks
http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
-
Exciting Updates to Certificate Verification in Gecko
https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/
-
Tails 1.0 is out
https://tails.boum.org/news/version_1.0/index.en.html
-
Using Facebook Notes to DDoS any website
http://chr13.com/2014/04/20/using-facebook-notes-to-ddos-any-website/
-
Skype and Data Exfiltration
http://www.sans.org/reading-room/whitepapers/covert/skype-data-exfiltration-34560 [PDF]
-
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
-
Hacking the Samsung NX300 'Smart' Camera
http://op-co.de/blog/posts/hacking_the_nx300/
-
An empirical study of passive 802.11 Device Fingerprinting
http://arxiv.org/abs/1404.6457
http://arxiv.org/pdf/1404.6457v1 [PDF]
-
SHA-2: Very cryptographic. So secure. Such growth. Wow.
http://news.netcraft.com/archives/2014/05/05/sha-2-very-cryptographic-so-secure-such-growth-wow.html
-
Browser Ransomware Attacks are Massive in Scale
http://blog.avast.com/2014/05/12/browser-ransomware/
-
SHA-256 certificates are coming
https://www.imperialviolet.org/2014/05/14/sha256.html
-
Introducing Mozilla Winter of Security 2014
https://blog.mozilla.org/security/2014/05/15/introducing-mozilla-winter-of-security-2014/
https://wiki.mozilla.org/Security/Automation/WinterOfSecurity2014
-
What Did Microsoft Just Break with KB2871997 and KB2928120
http://www.pwnag3.com/2014/05/what-did-microsoft-just-break-with.html
-
FBI: International Blackshades Malware Takedown http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/international-blackshades-malware-takedown (http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/international-blackshades-malware-takedown)
Second link to manually see if you are infected: http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/could-your-computer-be-infected-by-blackshades (http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/could-your-computer-be-infected-by-blackshades)
For step one, a faster way to search is to use a wildcard expression, e.g., *.bss, in the Search field.
-
IT threat evolution Q1 2014
http://www.securelist.com/en/analysis/204792332/IT_threat_evolution_Q1_2014
-
iBanking: Exploiting the Full Potential of Android Malware
http://www.symantec.com/connect/blogs/ibanking-exploiting-full-potential-android-malware
-
KrebsonSecurity blog: Blackshades’ Trojan Users Had It Coming http://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/ (http://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/)
Images of posts made by caught users at the end of the blog.
-
Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability (Pwn2Own 2014)
http://www.vupen.com/blog/20140520.Advanced_Exploitation_Firefox_UaF_Pwn2Own_2014.php
-
Microsoft helps FBI in GameOver Zeus botnet cleanup
http://blogs.technet.com/b/microsoft_blog/archive/2014/06/02/microsoft-helps-fbi-in-gameover-zeus-botnet-cleanup.aspx
http://www.crowdstrike.com/blog/gameover/index.html
-
One Token to Rule Them All - The Tale of the Leaked Gmail Addresses
http://www.orenh.com/2014/06/one-token-to-rule-them-all-tale-of.html
-
Black marketed Windows banking & POS Trojan Minerva turns in-the-wild
http://blog.avast.com/2014/06/04/black-marketed-windows-banking-pos-trojan-minerva-turns-in-the-wild/
-
A Measurement Study of Google Play
http://www.cs.columbia.edu/~nieh/pubs/sigmetrics2014_playdrone.pdf
-
Mobile Threat Report (F-Secure) Q1 2014
http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q1_2014.pdf
-
HackingTeam 2.0: The Story Goes Mobile
https://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile
-
2014: The Year Extortion Went Mainstream
http://krebsonsecurity.com/2014/06/2014-the-year-extortion-went-mainstream/
-
Havex Hunts for ICS/SCADA Systems
http://www.f-secure.com/weblog/archives/00002718.html
-
Raising Lazarus - The 20 Year Old Bug that Went to Mars
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
http://blog.securitymouse.com/2014/06/understanding-lz4-memory-corruption.html
http://www.openwall.com/lists/oss-security/2014/06/26/31
-
HackingTeam 2.0: The Story Goes Mobile
https://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile
Police Story: Hacking Team’s Government Surveillance Malware
https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/
-
Dragonfly: Western Energy Companies Under Sabotage Threat
http://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat
-
IBM: Commercial Nanotube Transistors Are Coming Soon
http://www.technologyreview.com/news/528601/ibm-commercial-nanotube-transistors-are-coming-soon/ (http://www.technologyreview.com/news/528601/ibm-commercial-nanotube-transistors-are-coming-soon/)
-
Snake In The Grass: Python-based Malware Used For Targeted Attacks
https://www.bluecoat.com/security-blog/2014-06-10/snake-grass-python-based-malware-used-targeted-attacks
-
RSA Uncovers Boleto Fraud Ring in Brazil
https://blogs.rsa.com/rsa-uncovers-boleto-fraud-ring-brazil/
http://www.emc.com/collateral/white-papers/h13282-report-rsa-discovers-boleto-fraud-ring.pdf
-
Bypassing Windows 8.1 Mitigations using Unsafe COM Objects
http://contextis.co.uk/blog/windows-mitigaton-bypass/
-
Reading the XKeyScore-rules source
http://blog.erratasec.com/2014/07/reading-xkeyscore-rules-source.html
PS: Jamming XKeyScore: http://blog.erratasec.com/2014/07/jamming-xkeyscore_4.html ;)
-
Android Forensics, Part 1: How we recovered (supposedly) erased data
http://blog.avast.com/2014/07/09/android-foreniscs-pt-2-how-we-recovered-erased-data/
-
Taking Down the Lecpetex Botnet
https://www.facebook.com/notes/protect-the-graph/taking-down-the-lecpetex-botnet/1477464749160338
-
Androguard
Reverse engineering, Malware and goodware analysis of Android applications
https://code.google.com/p/androguard/
-
Versatile DDoS Trojan for Linux
https://securelist.com/analysis/publications/64361/versatile-ddos-trojan-for-linux/
-
The Ultra-Simple App That Lets Anyone Encrypt Anything
http://www.wired.com/2014/07/minilock-simple-encryption
-
Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers
http://www.wired.com/2014/07/google-project-zero/
http://googleprojectzero.blogspot.com/2014/07/announcing-project-zero.html
-
Tinybanker Trojan targets banking customers
http://blog.avast.com/2014/07/17/tinybanker-trojan-targets-banking-customers/
-
Viper 1.0
Viper is a binary management and analysis framework dedicated to malware and exploit researchers.
http://viper.li/
http://viper-framework.readthedocs.org/en/latest/
-
AFD.SYS Dangling Pointer Vulnerability
http://www.siberas.de/papers/Pwn2Own_2014_AFD.sys_privilege_escalation.pdf
-
Blind Return Oriented Programming (BROP)
http://www.scs.stanford.edu/brop/
http://www.scs.stanford.edu/brop/bittau-brop.pdf
-
The Web never forgets: Persistent tracking mechanisms in the wild
https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html
https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf
-
Microsoft explains quantum computing in a way we can all understand
http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated (http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated)
STATION Q Where Microsoft does the work of qubit theory and computer science development:
http://www.microsoft.com/en-us/news/stories/stationq/index.html (http://www.microsoft.com/en-us/news/stories/stationq/index.html)
Watch the video embedded here to understand what is being done and what the potentials are: It is a bit of a read.
-
Microsoft explains quantum computing in a way we can all understand
http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated (http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated)
STATION Q Where Microsoft does the work of qubit theory and computer science development:
http://www.microsoft.com/en-us/news/stories/stationq/index.html (http://www.microsoft.com/en-us/news/stories/stationq/index.html)
Watch the video embedded here to understand what is being done and what the potentials are: It is a bit of a read.
Wouldn't it be great if MS got on with what it should be doing, sorting their OS mess out. And explaining that in a language we can all understand ;D
-
Wouldn't it be great if MS got on with what it should be doing, sorting their OS mess out. And explaining that in a language we can all understand ;D
Maybe minimum requirement for W9/10 is a quantum computer. ;D
-
pwn4fun Spring 2014 - Safari - Part I
http://googleprojectzero.blogspot.com/2014/07/pwn4fun-spring-2014-safari-part-i_24.html
-
Silver Bullets and Fairy Tails
http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/
https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/index.en.html
-
Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System
https://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/
-
Malvertisements on DeviantART lead to Optimum Installer
http://stopmalvertising.com/malvertisements/malvertisements-on-deviantart-lead-to-optimum-installer.html (http://stopmalvertising.com/malvertisements/malvertisements-on-deviantart-lead-to-optimum-installer.html)
Project Zero
http://googleprojectzero.blogspot.com/ (http://googleprojectzero.blogspot.com/)
-
Announcing EMET 5.0
http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx
http://www.microsoft.com/en-us/download/details.aspx?id=43714
-
Poweliks: the persistent malware without a file
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
-
Poweliks: the persistent malware without a file
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
There is a registry entry with this that has the malware script crafted into it
HKEY_USERS\S-1-5-21-1264667008-2504301194-1484543345-4784_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\ ----> invisible invalid characters
LocalServer32 subkey has an additional subkey locked by invalid characters, which prevent a whole CLSID key deletion:
We have had one here
-
Poweliks: the persistent malware without a file
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html (https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html)
There is a registry entry with this that has the malware script crafted into it
HKEY_USERS\S-1-5-21-1264667008-2504301194-1484543345-4784_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\ ----> invisible invalid characters
LocalServer32 subkey has an additional subkey locked by invalid characters, which prevent a whole CLSID key deletion:
We have had one here
Detection by avast! ???
-
No apart from blocking it from calling home. I believe the latest TDSSKiller can locate and fix the registry entry
-
No apart from blocking it from calling home. I believe the latest TDSSKiller can locate and fix the registry entry
Seems we've detection now (thanks Pondus): https://forum.avast.com/index.php?msg=1112992
-
WordPress and Drupal Denial Of Service Vulnerability Full Disclosure - Break Security
http://www.breaksec.com/?p=6362
-
How to bypass Zeus Trojan’s self protection mechanism
http://int0xcc.svbtle.com/how-to-bypass-zeus-trojans-self-protection-mechanism
-
BadUSB - On accessories that turn evil
https://srlabs.de/blog/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf
-
Sysmon v1.0
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.
http://technet.microsoft.com/sysinternals/dn798348
http://download.sysinternals.com/files/Sysmon.zip
-
Malicious SHA-1
http://malicioussha1.github.io/
-
Multiple Vulnerabilities in Disqus WordPress Plugin
http://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/
-
Torbundlebrowser.org
The website is an almost perfect copy of the original website, except for the download link, and also the donation one, replaced by a bitcoin address.
http://dustri.org/b/torbundlebrowserorg.html
-
Torbundlebrowser.org
The website is an almost perfect copy of the original website, except for the download link, and also the donation one, replaced by a bitcoin address.
http://dustri.org/b/torbundlebrowserorg.html
This might be a little OT but I had to look really close to see the difference...but it's there.
Subtle but it's there.
-
This might be a little OT but I had to look really close to see the difference...but it's there.
Subtle but it's there.
Well, that's the trick. If you wouldn't have known before, you (probably) might have missed it.
-
NSA/GCHQ: The HACIENDA Program for Internet Colonization
http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-Program-for-Internet-Colonization-2292681.html
-
Black Hat 2014 on YT
https://www.youtube.com/user/BlackHatOfficialYT/feed
-
What's the matter with PGP?
http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html
-
Schrodinger’s Cat Video and the Death of Clear-Text
https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-text/
-
Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs
http://www.tau.ac.il/~tromer/handsoff/
http://www.cs.tau.ac.il/%7Etromer/papers/handsoff-20140731.pdf
-
Microsoft urges customers to uninstall 'Blue Screen of Death' update
http://www.computerworld.com/s/article/9250446/Microsoft_urges_customers_to_uninstall_Blue_Screen_of_Death_update
Uninstall ‘Blue Screen of Death’ error Update: Microsoft to Customers
http://www.wallstreetotc.com/uninstall-blue-screen-of-death-error-update-microsoft-to-customers/27475/
http://www.dslreports.com/forum/r29467120-Microsoft-recommends-removing-update-2982791
-
Reveton ransomware has dangerously evolved
http://blog.avast.com/2014/08/19/reveton-ransomware-has-dangerously-evolved/
-
iSEC Partners Conducts Tor Browser Hardening Study
https://blog.torproject.org/blog/isec-partners-conducts-tor-browser-hardening-study
https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
-
Announcing CERT Tapioca for MITM Analysis
http://www.cert.org/blogs/certcc/post.cfm?EntryID=203
-
Lorem Ipsum: Of Good & Evil, Google & China
https://krebsonsecurity.com/2014/08/lorem-ipsum-of-good-evil-google-china/
-
2014 Business Password Analysis
https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/
-
OpenPhish - Free Phishing Feed
http://www.openphish.com/
-
Self-propagating ransomware written in Windows batch hits Russian-speaking countries
http://blog.avast.com/2014/08/27/self-propagating-ransomware-written-in-windows-batch-hits-russian-speaking-countries/
-
Microsoft urges customers to uninstall 'Blue Screen of Death' update
http://www.computerworld.com/s/article/9250446/Microsoft_urges_customers_to_uninstall_Blue_Screen_of_Death_update
Uninstall ‘Blue Screen of Death’ error Update: Microsoft to Customers
http://www.wallstreetotc.com/uninstall-blue-screen-of-death-error-update-microsoft-to-customers/27475/
http://www.dslreports.com/forum/r29467120-Microsoft-recommends-removing-update-2982791
-> https://technet.microsoft.com/en-us/library/security/ms14-045.aspx
To address known issues with security update 2982791, Microsoft rereleased MS14-045 to replace the 2982791 update with the 2993651 update for all supported releases of Microsoft Windows. Microsoft expired update 2982791 on August 15, 2014. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Microsoft strongly recommends that customers who have not uninstalled the 2982791 update do so prior to applying the 2993651 update.
-
Unofficial Service Pack 4 for Windows Experiece (XP): http://www.ryanvm.net/forum/viewtopic.php?t=10321
Better mitigate away from XP altogether, but something for those that cannot upgrade their old machines for some reason or other.
polonus
-
Unofficial Service Pack 4 for Windows Experiece (XP): http://www.ryanvm.net/forum/viewtopic.php?t=10321 (http://www.ryanvm.net/forum/viewtopic.php?t=10321)
Better mitigate away from XP altogether, but something for those that cannot upgrade their old machines for some reason or other.
polonus
You're not reading your forum. :)
https://forum.avast.com/index.php?topic=19387.msg1120012#msg1120012 (https://forum.avast.com/index.php?topic=19387.msg1120012#msg1120012)
-
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/
-
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/ (http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/)
Nice but how will this directly help the average computer user ???
-
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/ (http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/)
Nice but how will this directly help the average computer user ???
Bob, this thread (basically) isn't conceived for average users. ;)
Anyway, see the section under "Advice" in the linked article.
-
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/ (http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/)
Nice but how will this directly help the average computer user<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
Bob, this thread (basically) isn't conceived for average users.<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
Anyway, see the section under "Advice" in the linked article.
Precisely why I asked this question. :)
Advice:
There is no silver bullet to protect yourself from malvertising.
-
Advice:
There is no silver bullet to protect yourself from malvertising.
You forgot to quote the rest..!! ;)
At a minimum:
- Enable click-to-play in your browser. This prevents 3rd party plugins from executing automatically.
- Keep all plugins running in the browser up-to-date using tools like Secunia PSI.
- Consider turning off unneeded plugins if you don’t use them. For example, Java can be installed without the web-plugin component lowering the risk of exploitation and infection.
-
Announcing Scumblr and Sketchy - Search, Screenshot, and Reclaim the Internet
http://techblog.netflix.com/2014/08/announcing-scumblr-and-sketchy-search.html
-
The poisoned NUL byte, 2014 edition
http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
-
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone. :'(
-
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone. :'(
Well, at least Android is more secure in this field :) Hello iPhone users!
Better is not taking these pictures in any phone: http://blog.avast.com/2014/07/08/tens-of-thousands-of-americans-sell-themselves-online-every-day/
-
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone. <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
Well, at least Android is more secure in this field<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" /> Hello iPhone users!
Better is not taking these pictures in any phone: http://blog.avast.com/2014/07/08/tens-of-thousands-of-americans-sell-themselves-online-every-day/ (http://blog.avast.com/2014/07/08/tens-of-thousands-of-americans-sell-themselves-online-every-day/)
You are correct Lisandro. Some of these poses would have been much more exciting to watch in person. :)
Maybe some day people will realize that anything posted on the net is or, will eventually become everyone's business.
-
Well, at least Android is more secure in this field :) Hello iPhone users!
How would android protect you better when it was a cloud service that was infiltrated "not a phone" plus icloud itself wasn't attacked or corrupted in any way as it was illegally gained passwords that was the issue.
Most celebrities passwords can be worked out just by the amount of information given on Wikipedia... mother - father - favourite pet etc etc.
-
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone. :'(
For me it doesn't matter what OS/phone you use, stick it on the cloud and you risk it being hacked into. If you wouldn't want anyone to see/steal/hack it, then don't upload it in the first place.
-
Tiny Banker Trojan targets customers of major banks worldwide
http://blog.avast.com/2014/09/15/tiny-banker-trojan-targets-customers-of-major-banks-worldwide/
-
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone. :'(
For me it doesn't matter what OS/phone you use, stick it on the cloud and you risk it being hacked into. If you wouldn't want anyone to see/steal/hack it, then don't upload it in the first place.
100% true. Or if you plan to use one don't upload sensitive data ;)
-
Evading anti-virus's script emulator
http://blog.tempest.com.br/breno-cunha/evading-anti-viruss-script-emulator.html
-
Phasing Out Certificates with SHA-1 based Signature Algorithms
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
-
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/
Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
-
First blacklist for Tor domains launched by Kleissner & Associates: http://dev.virustracker.info/lists/tor%20blacklist.txt
Infested macines will no longer communicate with C&C servers.
The Vienna Security Expert, Peter Kleissner, is also the man behind this service: http://www.kleissner.org/virustracker.html
polonus
-
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/
Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
Bashbug (shellshock): What is it? How to Remediate?
http://www.rapid7.com/resources/bashbug.jsp
-
A Decoy Computer Was Set Up Online. See Which Countries Attacked It the Most
http://www.bloomberg.com/news/2014-09-23/a-decoy-computer-was-set-up-online-see-which-countries-attacked-it-the-most.html
-
A Decoy Computer Was Set Up Online. See Which Countries Attacked It the Most
http://www.bloomberg.com/news/2014-09-23/a-decoy-computer-was-set-up-online-see-which-countries-attacked-it-the-most.html
People that live in glass houses (I'm in that glass house), shouldn't throw stones.......
-
People that live in glass houses (I'm in that glass house), shouldn't throw stones.......
Well Bob, as it really isn't your fault, I'd say feel free to throw one... ;D
-
A look into LastPass
http://www.martinvigo.com/a-look-into-lastpass/
-
FinFisher Malware Dropper Analysis
https://www.codeandsec.com/FinFisher-Malware-Dropper-Analysis
-
Malicious iOS Apps
A comparison before and after iOS 8 was released
http://www.andreas-kurtz.de/2014/09/malicious-apps-ios8.html
-
FBI to Open Up Malware Investigator Portal to External Researchers
https://threatpost.com/fbi-to-open-up-malware-investigator-portal-to-external-researchers/108590
http://malwareinvestigator.gov/
-
LibreSSL: More Than 30 Days Later
http://www.openbsd.org/papers/eurobsdcon2014-libressl.html
-
More Mac OS X and iPhone sandbox escapes and kernel bugs
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html
-
ComputerCOP: The Dubious 'Internet Safety Software' That Hundreds of Police Agencies Have Distributed to Families
https://www.eff.org/deeplinks/2014/09/computercop-dangerous-internet-safety-software-hundreds-police-agencies
-
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/
Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
Bashbug (shellshock): What is it? How to Remediate?
http://www.rapid7.com/resources/bashbug.jsp
[FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
http://article.gmane.org/gmane.comp.security.fulldisclosure/1038
-
WPScan Vulnerability Database
https://wpvulndb.com/
-
The Mac.BackDoor.iWorm threat in detail
http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0
iWorm method of infection found!
http://www.thesafemac.com/iworm-method-of-infection-found/
-
Adobe is Spying on Users, Collecting Data on Their eBook Libraries
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/
http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/
-
No news there. It's a given that software vendors track users habits.
Privacy no longer exists on the world wide web and hasn't for quite some time.
-
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket
http://user.informatik.uni-goettingen.de/~krieck/docs/2014-ndss.pdf
-
Why can't Apple decrypt your iPhone?
http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html
A (not so) quick primer on iOS encryption
http://www.darthnull.org/2014/10/06/ios-encryption
-
New Class of Vulnerability in Perl Web Applications
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
-
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/
Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
Bashbug (shellshock): What is it? How to Remediate?
http://www.rapid7.com/resources/bashbug.jsp
[FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
http://article.gmane.org/gmane.comp.security.fulldisclosure/1038
Shellshock
http://www.dwheeler.com/essays/shellshock.html
-
iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign
http://www.isightpartners.com/2014/10/cve-2014-4114/
-
iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign
http://www.isightpartners.com/2014/10/cve-2014-4114/
Listed as Security Update for Windows (OS version) (KB3000869). If you have this successfully installed, then Microsoft has covered it.
If you don't have it, or have had problems getting it to install properly, a link to the fix and file is here: https://technet.microsoft.com/library/security/ms14-060 (https://technet.microsoft.com/library/security/ms14-060) Click the blue url link under Affected Systems for your exact operating system version and you will be taken to a page where you can download the security fix directly. Double-click (with admin permissions) that file to run it and reboot after the fix completes. Exploit has been used for targeted attacks per Asyn's link, but home users should install this update if they have not done so already.
-
This POODLE Bites: Exploiting The SSL 3.0 Fallback
https://www.openssl.org/~bodo/ssl-poodle.pdf
-
This POODLE Bites: Exploiting The SSL 3.0 Fallback
https://www.openssl.org/~bodo/ssl-poodle.pdf
-> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
-> https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
-> https://technet.microsoft.com/library/security/3009008.aspx
-
This POODLE Bites: Exploiting The SSL 3.0 Fallback
https://www.openssl.org/~bodo/ssl-poodle.pdf (https://www.openssl.org/~bodo/ssl-poodle.pdf)
-> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html (http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html)
-> https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ (https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/)
-> https://technet.microsoft.com/library/security/3009008.aspx (https://technet.microsoft.com/library/security/3009008.aspx)
For IE, disable SSL3 in the browser settings under Advanced and scroll down to Security. Save your settings.
Firefox plans to implement changes by version 4 and Chrome may already have made changes with their latest updates.
(Especially if you're using the Developers or beta build of Chrome)
It's important to note that the Websites also need to implement changes on their end for this all to work.
Disabling SSL3 may result in some websites not opening or not opening properly.
If that happens, you need to decide if security is more important than the need to see the website. It is your system that's at risk! (Not mine.)
-
Revealed: how Whisper app tracks ‘anonymous’ users
http://www.theguardian.com/world/2014/oct/16/-sp-revealed-whisper-app-tracking-users
-
Tor Browser 4.0 is released
https://blog.torproject.org/blog/tor-browser-40-released
https://www.torproject.org/download/download-easy.html
-
New FrameworkPOS variant exfiltrates data via DNS requests
https://blog.gdatasoftware.com/blog/article/new-frameworkpos-variant-exfiltrates-data-via-dns-requests.html
-
Apple’s Mac computers can automatically collect your location information
http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/20/apples-mac-computers-can-automatically-collect-your-location-information/
-
Extreme Privilege Escalation On Windows 8/UEFI Systems
https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation.pdf
http://www.kb.cert.org/vuls/id/552286
-
The Case of the Modified Binaries
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
-
Adobe is Spying on Users, Collecting Data on Their eBook Libraries
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/
http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/
Adobe Updates Digital Edition, Stops Sharing User Info With the Internet
http://the-digital-reader.com/2014/10/23/adobe-updates-digital-edition-stops-sharing-user-info-internet/
-
Pony stealer spread vicious malware using email campaign
http://blog.avast.com/2014/10/27/pony-stealer-spread-vicious-malware-using-email-campaign/
-
iCloud Uploads Local Data Outside of iCloud Drive
https://datavibe.net/~sneak/20141023/wtf-icloud/
-
How Verizon’s Advertising Header Works
http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/
-
Why Samsung Knox isn't really a Fort Knox
http://mobilesecurityares.blogspot.co.uk/2014/10/why-samsung-knox-isnt-really-fort-knox.html
-
Mac OS X local privilege escalation (IOBluetoothFamily)
http://randomthoughts.greyhats.it/2014/10/osx-local-privilege-escalation.html
-
Microsoft EMET - Armor against zero-days bypassed again
http://blog.sec-consult.com/2014/10/microsoft-emet-armor-against-zero-days.html
-
A Lesson In Security
http://blog.ircmaxell.com/2014/10/a-lesson-in-security.html
-
Announcing the 2014 Volatility Plugin Contest Results!
http://volatility-labs.blogspot.com/2014/10/announcing-2014-volatility-plugin.html
-
Secure Messaging Scorecard
https://www.eff.org/secure-messaging-scorecard
-
WireLurker: A New Era in OS X and iOS Malware
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
http://www.zdziarski.com/blog/?p=4140
-
When tech support scams meet Ransomlock
A technical-support phone scam uses Trojan.Ransomlock.AM to lock the user’s computer and trick them into calling a technical help phone number to resolve the issue.
http://www.symantec.com/connect/blogs/when-tech-support-scams-meet-ransomlock (http://www.symantec.com/connect/blogs/when-tech-support-scams-meet-ransomlock)
Scroll to the bottom of the page for steps to fix this infection. Note the infectious agent comes with adware and other grayware programs one may install inadvertently via freeware.
-
How I Reverse Engineered Google Docs To Play Back Any Document’s Keystrokes
http://features.jsomers.net/how-i-reverse-engineered-google-docs/
-
WireLurker: A New Era in OS X and iOS Malware
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
http://www.zdziarski.com/blog/?p=4140
WireLurker for Windows
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-windows/
-
The Darkhotel APT - A Story of Unusual Hospitality
http://securelist.com/blog/research/66779/the-darkhotel-apt/
-
Masque Attack: All Your iOS Apps Belong to Us
http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html
-
Batch NFS
http://cr.yp.to/factorization/batchnfs-20141109.pdf
-
BadUSB Exposure
https://opensource.srlabs.de/projects/badusb
-
Bypassing Microsoft’s Patch for the Sandworm Zero Day: a Detailed Look at the Root Cause
http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-sandworm-zero-day-root-cause
-
Interesting article about browser fingerprinting!
https://panopticlick.eff.org/browser-uniqueness.pdf
Article from panopticlick (https://panopticlick.eff.org)
-
Triggering MS14-066
http://blog.beyondtrust.com/triggering-ms14-066
-
On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records
https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545 [PDF]
https://blog.torproject.org/blog/traffic-correlation-using-netflows
-
BitTorrentsync security & privacy analysis – Hackito Session results
http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/
-
BitTorrentsync security & privacy analysis – Hackito Session results
http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/ (http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/)
BitTorrent dismisses Sync security concerns (http://www.pcworld.com/article/2849892/bittorrent-dismisses-security-concerns-raised-about-its-sync-app.html)
-
Let’s Encrypt: Delivering SSL/TLS Everywhere
https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html
https://letsencrypt.org/howitworks/technology/
-
WordPress 3 Persistent Script Injection
http://klikki.fi/adv/wordpress.html
https://wordpress.org/news/2014/11/wordpress-4-0-1/
-
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
-
on Linux, 'less' can probably get you owned
http://seclists.org/fulldisclosure/2014/Nov/74
-
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
-
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
Secret Malware in European Union Attack Linked to U.S. and British Intelligence
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
-
CryptoPHP: Analysis of a hidden threat inside popular content management systems
http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/
http://blog.fox-it.com/2014/11/26/cryptophp-a-week-later-more-than-23-000-sites-affected/
https://foxitsecurity.files.wordpress.com/2014/11/cryptophp-whitepaper-foxsrt-v4.pdf
-
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
Secret Malware in European Union Attack Linked to U.S. and British Intelligence
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
Regin, an old but sophisticated cyber espionage toolkit platform
https://blog.gdatasoftware.com/blog/article/regin-an-old-but-sophisticated-cyber-espionage-toolkit-platform.html
-
Best Web Application Vulnerability Scanners
http://n0where.net/best-web-application-vulnerability-scanners/
-
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
Secret Malware in European Union Attack Linked to U.S. and British Intelligence
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
Regin, an old but sophisticated cyber espionage toolkit platform
https://blog.gdatasoftware.com/blog/article/regin-an-old-but-sophisticated-cyber-espionage-toolkit-platform.html
ReginScanner
https://github.com/Neo23x0/ReginScanner
-
FIN4: Stealing Insider Information for an Advantage in Stock Trading?
https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-fin4.pdf
-
Operation Cleaver
http://www.cylance.com/operation-cleaver/
http://www.cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf
-
Operation Auroragold - How the NSA Hacks Cellphone Networks Worldwide
https://firstlook.org/theintercept/2014/12/04/nsa-auroragold-hack-cellphones/
-
Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals
http://securitee.org/files/seals_ccs2014.pdf
-
The dark side of Apple’s two-factor authentication
http://thenextweb.com/apple/2014/12/08/lost-apple-id-learnt-hard-way-careful-two-factor-authentication/
-
Not out of the woods yet: There are more POODLEs
https://vivaldi.net/blogs/entry/not-out-of-the-woods-yet-there-are-more-poodles
-
The 'Penquin' Turla
https://securelist.com/blog/research/67962/the-penquin-turla-2/
-
Mobile advertising firms spread malware by posing as official Google Play apps
https://blog.avast.com/2014/12/12/mobile-advertising-firms-spread-malware-by-posing-as-official-google-play-apps/
-
The 'Penquin' Turla
https://securelist.com/blog/research/67962/the-penquin-turla-2/
Mysterious Turla Linux Backdoor Also For Solaris?
https://www.f-secure.com/weblog/archives/00002775.html
-
Operation Socialist - The Inside Story of How British Spies Hacked Belgium’s Largest Telco
https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/
-
The FBI Used the Web’s Favorite Hacking Tool to Unmask Tor Users
http://www.wired.com/2014/12/fbi-metasploit-tor/
-
South Korea hit with banking malware using VPN connection
https://blog.avast.com/2014/12/17/south-korea-hit-with-banking-malware-using-vpn-connection/
-
Wiper Malware – A Detection Deep Dive
http://blogs.cisco.com/security/talos/wiper-malware
-
Zero Knowledge Proofs: An illustrated primer
http://blog.cryptographyengineering.com/2014/11/zero-knowledge-proofs-illustrated-primer.html
-
Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals
https://www.fox-it.com/en/press-releases/anunak/
https://www.fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf
-
Thunderstrike
https://trmm.net/Thunderstrike
-
Linux DDoS Trojan hiding itself with an embedded rootkit
https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/
-
Secure Secure Shell
https://stribika.github.io/2015/01/04/secure-secure-shell.html
-
31C3: a new dawn - Videos
http://media.ccc.de/browse/congress/2014/
-
HSTS Super Cookies
http://www.radicalresearch.co.uk/lab/hstssupercookies/
-
New security layer coming to Firefox and Google Chrome browsers based on MAC -mandatory access control.
JS won't share data any longer where data should not be shared, because of inherent insecurity that becomes shared also!
A public draft will be set up for COWL to be generally implemented in adapted browsers within the year.
Read about "A Confinement System for the Web": http://cowl.ws/
Test: http://cowl.ws/examples/checker/
polonus
-
New security layer coming to Firefox and Google Chrome browsers based on MAC -mandatory access control.
JS won't share data any longer where data should not be shared, because of inherent insecurity that becomes shared also!
A public draft will be set up for COWL to be generally implemented in adapted browsers within the year.
Read about "A Confinement System for the Web": http://cowl.ws/ (http://cowl.ws/)
Test: http://cowl.ws/examples/checker/ (http://cowl.ws/examples/checker/)
polonus
All this added protection may be nice but eventually it will bring the internet to it's knees.
Between the scanning of you AV and all the other security programs and browser add-ons,
browsing is getting slower by the day.
It's time to center the attack against the actual source that makes this additional scanning necessary . (Just my 2 cents) :)
-
Lizard Stresser Runs on Hacked Home Routers
http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
-
Inside CryptoWall 2.0 (http://arstechnica.com/information-technology/2015/01/inside-cryptowall-2-0-ransomware-professional-edition/)
Not something you want to run into
-
In a few years AVs will be useless for such malwares and the OS developers need to work hard on security now.
Microsoft is heading in a good direction already.
Theres also a virus for OSX (mostly MacBooks), which you cannot get rid of even by replacing the Harddrive.
-
Skeleton Key Malware Analysis
http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/
-
Fobus, the sneaky little thief that could
https://blog.avast.com/2015/01/15/fobus-the-sneaky-little-thief-that-could/
-
Joe Sandbox for those who want to play http://www.joesecurity.org/
-
The Turn-Verizon Zombie Cookie
http://webpolicy.org/2015/01/14/turn-verizon-zombie-cookie/
-
Meet KeySweeper, the $10 USB charger that steals MS keyboard strokes
http://arstechnica.com/security/2015/01/meet-keysweeper-the-10-usb-charger-that-steals-ms-keyboard-strokes/
-
Cisco Annual Security Report Reveals Widening Gulf Between Perception and Reality of Cybersecurity Readiness
http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1576007
-
Comparing the Regin module 50251 and the "Qwerty" keylogger
https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/
-
Deploying tor relays (Mozilla Polaris Privacy Initiative)
https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/
-
Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
https://lirias.kuleuven.be/bitstream/123456789/471369/3/typos-final.pdf
-
Autoruns v13.0
http://blogs.technet.com/b/sysinternals/archive/2015/01/29/update-autoruns-v13-0.aspx
https://technet.microsoft.com/en-us/sysinternals/bb963902
This major update to Autoruns, an autostart execution point (ASEP) manager, now has integration with Virustotal.com to show the status of entries with respect to scans by over four dozen antimalware engines.
-
RansomWeb: emerging website threat that may outshine DDoS, data theft and defacements?
https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html
-
Beemer, Open Thyself! – Security vulnerabilities in BMW's ConnectedDrive
http://www.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s-ConnectedDrive-2540957.html
-
Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited
https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html
-
MongoDB databases at risk
http://cispa.saarland/wp-content/uploads/2015/02/MongoDB_documentation.pdf
-
Mobile Crypto-Ransomware Simplocker now on Steroids
https://blog.avast.com/2015/02/10/mobile-crypto-ransomware-simplocker-now-on-steroids/
-
Cyber Espionage Campaign Compromises Web Properties to Target US Financial Services and Defense Companies and Chinese Dissidents in Watering Hole Style Attack
http://www.isightpartners.com/2015/02/codoso/
-
Combating Dormant Malware Apps with Harvester
http://sseblog.ec-spride.de/2015/02/introducing-harvester/
http://www.bodden.de/pubs/TUD-CS-2015-0031.pdf
-
MS15-011 & MS15-014: Hardening Group Policy
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
-
Bad Browser Plug-ins Gone Wild: Malvertising, Data Exfiltration, and Malware, Oh my!
http://blogs.cisco.com/security/talos/bad-browser-plug-ins
-
Angry Android hacker hides Xbot malware in popular application icons
https://blog.avast.com/2015/02/17/angry-android-hacker-hides-xbot-malware-in-popular-application-icons/
-
The Great Bank Robbery: the Carbanak APT
https://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/
https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
-
Introducing Extension Signing: A Safer Add-on Experience
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/
https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines
-
Babar: Suspected Nation State Spyware In The Spotlight
http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/
-
The Great SIM Heist - How Spies Stole the Keys to the Encryption Castle
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
-
Malware Is Still Spying On You Even When Your Mobile Is Off
http://now.avg.com/malware-is-still-spying-on-you-after-your-mobile-is-off/
-
Using Google Cloud Platform for Security Scanning
http://googlecloudplatform.blogspot.com/2015/02/using-google-cloud-platform-for.html
https://cloud.google.com/tools/security-scanner/
-
GPG And Me
http://www.thoughtcrime.org/blog/gpg-and-me/
-
Spam Uses Default Passwords to Hack Routers
http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/
http://www.proofpoint.com/us/threat-insight/post/Phish-Pharm
-
Abusing Blu-ray Players Pt. 1 – Sandbox Escapes
https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/
-
The Tricky World of Securing Firmware
https://blogs.intel.com/evangelists/2015/02/20/tricky-world-securing-firmware/
-
Tracking the FREAK Attack
https://freakattack.com/
-
Casper Malware: After Babar and Bunny, Another Espionage Cartoon
http://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon/
-
Cuckoo Sandbox 1.2
http://cuckoosandbox.org/2015-03-04-cuckoo-sandbox-12.html
-
PowerSpy: Location Tracking using Mobile Device Power Analysis
http://arxiv.org/abs/1502.03182
http://arxiv.org/pdf/1502.03182v2 [PDF]
-
Project Zero
News and updates from the Project Zero team at Google
Exploiting the DRAM rowhammer bug to gain kernel privileges
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html (http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html)
-
Proving that Android’s, Java’s and Python’s sorting algorithm is broken (and showing how to fix it)
http://www.envisage-project.eu/proving-android-java-and-python-sorting-algorithm-is-broken-and-how-to-fix-it
-
iSpy: The CIA Campaign to Steal Apple’s Secrets
https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/
-
Inside the EquationDrug Espionage Platform
http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/
-
Talos Discovery Spotlight: Hundreds of Thousands of Google Apps Domains’ Private WHOIS Information Disclosed
http://blogs.cisco.com/security/talos/whoisdisclosure
-
How "../sms" could bypass Authy 2 Factor Authentication
http://sakurity.com/blog/2015/03/15/authy_bypass.html
-
Apple iOS Hardware Assisted Screenlock Bruteforce
http://blog.mdsec.co.uk/2015/03/bruteforcing-ios-screenlock.html
-
Pirate Bay cleverly circumvents UK ISP restrictions:
http://torrentfreak.com/secure-pirate-bay-unblocked-by-most-uk-isps-150316/
pol
-
New OpenSSL vulnerability could facilitate DoS attacks
http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks (http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks)
-
New OpenSSL vulnerability could facilitate DoS attacks
http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks (http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks)
OpenSSL Update available
https://www.openssl.org/news/secadv_20150319.txt
https://www.openssl.org/source/
-
Cisco posts kit to empty houses to dodge NSA chop shops
http://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/
-
FREAK Out on Mobile
https://www.fireeye.com/blog/threat-research/2015/03/freak_out_on_mobile.html
-
How Many Million BIOSes Would you Like to Infect?
http://legbacore.com/Research_files/HowManyMillionBIOSWouldYouLikeToInfect_Full.pdf
-
Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware
http://blogs.cisco.com/security/talos/POSeidon
-
The old is new, again. CVE-2011-2461 is back!
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
-
Stealing Data From Computers Using Heat
http://www.wired.com/2015/03/stealing-data-computers-using-heat/
-
A better debugger? System to find a common programming bug significantly outperforms predecessors
http://www.csail.mit.edu/node/2457
http://dl.acm.org/citation.cfm?id=2694389 [PDF]
-
Breaking SSL with a 13-year-old RC4 Weakness
http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
-
The Palinopsia Bug
https://hsmr.cc/palinopsia/
-
Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS
http://www.isg.rhul.ac.uk/tls/RC4passwords.pdf
-
Opportunistic Encryption For Firefox
http://bitsup.blogspot.com/2015/03/opportunistic-encryption-for-firefox.html
-
Open Crypto Audit Project - Phase II analysis is completed
https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf
-
Google Android Security Report 2014
https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf
-
Liveblog: Malvertising from Google advertisements via possibly compromised reseller
http://blog.fox-it.com/2015/04/07/liveblog-malvertising-from-google-advertisements-via-possibly-compromised-reseller/
-
International police operation targets polymorphic Beebone botnet
https://www.europol.europa.eu/content/international-police-operation-targets-polymorphic-beebone-botnet
https://www.us-cert.gov/ncas/alerts/TA15-098A
-
Hidden backdoor API to root privileges in Apple OS X
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
-
China’s Great Cannon
https://citizenlab.org/2015/04/chinas-great-cannon/
-
APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation
https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html
-
SPEAR - Redirect to SMB
http://blog.cylance.com/redirect-to-smb
-
Simda's Hide and Seek: Grown-up Games
http://securelist.com/blog/69580/simdas-hide-and-seek-grown-up-games/
http://blogs.technet.com/b/mmpc/archive/2015/04/12/microsoft-partners-with-interpol-industry-to-disrupt-global-malware-attack-affecting-more-than-770-000-pcs-in-past-six-months-39-simda-at-39-designed-to-divert-internet-traffic-to-disseminate-other-types-of-malware.aspx
-
The Chronicles of the Hellsing APT: the Empire Strikes Back
http://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/
-
IBM X-Force Exchange
https://exchange.xforce.ibmcloud.com/
-
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
-
Clarification of Tor's involvement with DARPA's Memex
https://lists.torproject.org/pipermail/tor-talk/2015-April/037538.html
-
Analyzing the Magento Vulnerability
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
-
Porn clicker app slipped into Google Play imitating popular Dubsmash app
https://blog.avast.com/2015/04/24/porn-clicker-app-slipped-into-google-play-imitating-popular-dubsmash-app/
-
“No iOS Zone” – A New Vulnerability Allows DoS Attacks on iOS Devices
https://www.skycure.com/blog/ios-shield-allows-dos-attacks-on-ios-devices/
-
Don’t count on people to prevent data breaches
http://www.cio.com/article/2913889/data-breach/don-t-count-on-people-to-prevent-data-breaches.html (http://www.cio.com/article/2913889/data-breach/don-t-count-on-people-to-prevent-data-breaches.html)
-
Malware authors go a step further to access bank accounts
https://blog.avast.com/2015/04/27/malware-authors-go-a-step-further-to-access-bank-accounts/
-
Bugs like this you have never seen ;D
http://www.theverge.com/2015/4/27/8502421/robots-pull-100-times-their-own-weight
-
Analyzing the Magento Vulnerability
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
Magento Shoplift (SUPEE-5344) Exploits in the Wild
https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html
-
Antivirus Company Qihoo Censured for Cheating in Lab Tests
http://www.pcmag.com/article2/0,2817,2483498,00.asp
-
Antivirus Company Qihoo Censured for Cheating in Lab Tests
http://www.pcmag.com/article2/0,2817,2483498,00.asp
I started a topic here: https://forum.avast.com/index.php?topic=170408.0
-
Unboxing Linux/Mumblehard: Muttering spam from your servers
http://www.welivesecurity.com/2015/04/29/unboxing-linuxmumblehard-muttering-spam-servers/
http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
-
Keeping Tabs on WhatsApp's Encryption
http://www.heise.de/ct/artikel/Keeping-Tabs-on-WhatsApp-s-Encryption-2630361.html
-
Announcing Windows Update for Business
http://blogs.windows.com/bloggingwindows/2015/05/04/announcing-windows-update-for-business/
-
Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
http://blogs.cisco.com/security/talos/rombertik
-
New Research: The Ad Injection Economy
http://googleonlinesecurity.blogspot.com/2015/05/new-research-ad-injection-economy.html
https://cdn3.vox-cdn.com/uploads/chorus_asset/file/3673260/ad_injector_paper.0.pdf
-
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html
-
CVE-2014-3440 – Symantec Critical System Protection Remote Code Execution
http://blog.silentsignal.eu/2015/05/07/cve-2014-3440-symantec-critical-system-protection-remote-code-execution/
http://blog.silentsignal.eu/wp-content/uploads/2015/05/S2_SCSP_BulkLog_CVE-2014-3440.txt
-
Create bootable USB sticks the easy way: https://rufus.akeo.ie/
polonus
-
Create bootable USB sticks the easy way: https://rufus.akeo.ie/ (https://rufus.akeo.ie/)
polonus
https://forum.avast.com/index.php?topic=19387.msg952936#msg952936 (https://forum.avast.com/index.php?topic=19387.msg952936#msg952936)
-
Tor Cloud project has been discontinued
https://cloud.torproject.org/
-
Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
https://www.rfc-editor.org/rfc/rfc7525.txt
-
VENOM - Virtualized Environment Neglected Operations Manipulation
http://venom.crowdstrike.com/
-
Encrypto: Encrypt the files you send
http://blog.macpaw.com/post/118774289073/encrypto-encrypt-the-files-you-send
http://macpaw.com/encrypto
-
McAfee Stinger Removed From App Directory Due to Malware-Like Behavior
http://portableapps.com/news/2015-05-08--mcafee-stinger-removed-for-malware-like-behavior
-
Hiding in Plain Sight: FireEye and Microsoft Expose Chinese APT Group’s Obfuscation Tactic
https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html
https://www2.fireeye.com/WEB-2015RPTAPT17.html
-
[SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine
http://seclists.org/fulldisclosure/2015/May/61
http://www.security-explorations.com/en/SE-2014-02-details.html
-
KCodes NetUSB: How a Small Taiwanese Software Company Can Impact the Security of Millions of Devices Worldwide
http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt
-
Tech giants don’t want Obama to give police access to encrypted phone data
http://www.washingtonpost.com/world/national-security/tech-giants-urge-obama-to-resist-backdoors-into-encrypted-communications/2015/05/18/11781b4a-fd69-11e4-833c-a2de05b6b2a4_story.html
-
NSA Planned to Hijack Google App Store to Hack Smartphones
https://firstlook.org/theintercept/2015/05/21/nsa-five-eyes-google-samsung-app-stores-spyware/
-
Ransomware Response Kit
https://bitbucket.org/jadacyrus/ransomwareremovalkit
-
Security Analysis of Android Factory Resets
http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf
-
Measuring and mitigating AS-level adversaries against Tor
http://arxiv.org/abs/1505.05173
http://arxiv.org/pdf/1505.05173v3 [PDF]
-
Meet ‘Tox': Ransomware for the Rest of Us
https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us
-
Moose – the router worm with an appetite for social networks
http://www.welivesecurity.com/2015/05/26/moose-router-worm/
http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf
-
Mozilla - Update on Extension Signing and New Developer Agreement
https://blog.mozilla.org/addons/2015/05/27/update-signing-new-developer-agreement/
https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Agreement
https://wiki.mozilla.org/Addons/Extension_Signing
-
More than fifty vulnerabilities in D-Link NAS and NVR devices
http://www.search-lab.hu/advisories/secadv-20150527
http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf
-
The Empire Strikes Back Apple – how your Mac firmware security is completely broken
https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/
-
Adios, Hola! Or: Why You Should Immediately Uninstall Hola
http://adios-hola.org/
http://adios-hola.org/advisory.txt
-
Hackers Scan All Tor Hidden Services To Find Weaknesses In The 'Dark Web'
http://www.forbes.com/sites/thomasbrewster/2015/06/01/dark-web-vulnerability-scan/
-
Auditing GitHub users’ SSH key quality
https://blog.benjojo.co.uk/post/auditing-github-users-keys
-
This Hacked Kids’ Toy Opens Garage Doors in Seconds
http://www.wired.com/2015/06/hacked-kids-toy-opens-garage-doors-seconds/
-
Let's Encrypt Root and Intermediate Certificates
https://letsencrypt.org/2015/06/04/isrg-ca-certs.html
-
Turn It On (2FA)
https://www.turnon2fa.com/
-
Trend Micro Discovers MalumPoS; Targets Hotels and other US Industries
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-malumpos-targets-hotels-and-other-us-industries/
http://documents.trendmicro.com/images/tex/pdf/MalumPOS%20Technical%20Brief.pdf
-
Brain's reaction to certain words could replace passwords
http://www.eurekalert.org/pub_releases/2015-06/bu-brt060215.php
-
The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns
https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/
https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf
http://blog.crysys.hu/2015/06/duqu-2-0/
http://www.crysys.hu/duqu2/duqu2.pdf
-
Securing access to Wikimedia sites with HTTPS
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
-
FIRST announces availability of new Common Vulnerability Scoring System (CVSS) release
https://www.first.org/newsroom/releases/20150610
https://www.first.org/cvss
-
Windows 10 to offer application developers new malware defenses
http://blogs.technet.com/b/mmpc/archive/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses.aspx
-
The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns
https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/
https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf
http://blog.crysys.hu/2015/06/duqu-2-0/
http://www.crysys.hu/duqu2/duqu2.pdf
The Duqu 2.0 persistence module
https://securelist.com/blog/research/70641/the-duqu-2-0-persistence-module/
-
Let's Encrypt Root and Intermediate Certificates
https://letsencrypt.org/2015/06/04/isrg-ca-certs.html
Let's Encrypt Launch Schedule
https://letsencrypt.org/2015/06/16/lets-encrypt-launch-schedule.html
-
IBM 2015 Cyber Security Intelligence Index
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03073USEN&attachment=SEW03073USEN.PDF
IBM X-Force Threat Intelligence Quarterly, 2Q 2015
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=WGL03076USEN&attachment=WGL03076USEN.PDF
-
Escaping VMware Workstation through COM1
https://docs.google.com/document/d/1sIYgqrytPK-CFWfqDntraA_Fwi2Ov-YBgMtl5hdrYd4/mobilebasic?pli=1
http://www.vmware.com/security/advisories/VMSA-2015-0004.html
-
Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
http://www.tau.ac.il/~tromer/radioexp/index.html
http://www.cs.tau.ac.il/%7Etromer/papers/radioexp.pdf
-
Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign
https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html
-
Introducing s2n, a New Open Source TLS Implementation
https://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a
https://github.com/awslabs/s2n
-
Automatic bug repair
System fixes bugs by importing functionality from other programs — without access to source code
http://newsoffice.mit.edu/2015/automatic-code-bug-repair-0629
-
Automatic bug repair
System fixes bugs by importing functionality from other programs — without access to source code
http://newsoffice.mit.edu/2015/automatic-code-bug-repair-0629 (http://newsoffice.mit.edu/2015/automatic-code-bug-repair-0629)
Sounds like a pipe dream. :)
Unfortunately if this is able to fix things, it's also capable of breaking things.
All depends on who uses it.
-
Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
https://krebsonsecurity.com/2015/07/adobe-to-patch-hacking-teams-flash-zero-day/
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
-
Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications
http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=6
-
Hacking Team [WL]
https://wikileaks.org/hackingteam/emails/
-
Building reliable SMM backdoor for UEFI based platforms
http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html
-
WP-CLI Guide: Connect to WordPress via SSH Intro
https://blog.sucuri.net/2015/07/wp-cli-guide-connect-to-wordpress-via-ssh-intro.html?utm_campaign=WordPress&utm_medium=social&utm_source=googleplus
-
EICAR introduces a Minimum Standard for Anti-Malware Products
http://newsroom.kaspersky.eu/nl/nieuws/detail/article/eicar-introduces-a-minimum-standard-for-anti-malware-products/
-
More than one in 10 American mobile users is the target of mobile malware
https://blog.avast.com/2015/07/15/more-than-one-in-10-american-mobile-users-is-the-target-of-mobile-malware/
http://files.avast.com/files/marketing/security-reports/2015/avast-q1-2015-security-report.pdf
(https://blog.avast.com/wp-content/uploads/2015/07/Avast-Virus-Lab-Blog.jpg)
-
Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/
-
Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/ (http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/)
This simply means that even a New Harddrive isn't going to get rid of your breach. :'(
-
Major Computer Hacking Forum Dismantled
https://www.fbi.gov/pittsburgh/press-releases/2015/major-computer-hacking-forum-dismantled
https://www.europol.europa.eu/content/cybercriminal-darkode-forum-taken-down-through-global-action
-
MMD-0036-2015 - KINS (or ZeusVM) v2.0.0.0 tookit (builder & panel source code) leaked
http://blog.malwaremustdie.org/2015/07/mmd-0036-2015-kins-or-zeusvm-v2000.html
-
OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
-
Android malware Fobus now targeting users in the U.S., Germany and Spain
https://blog.avast.com/2015/07/21/android-malware-fobus-now-targeting-users-in-the-u-s-germany-and-spain/
(https://blog.avast.com/wp-content/uploads/2015/07/fobus_table1.png)
-
OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability
https://www.sektioneins.de/blog/15-07-07-dyld_print_to_file_lpe.html
-
Big Brother(s) Could be Watching You Thanks to Stagefright
https://blog.avast.com/2015/07/29/big-brothers-could-be-watching-you-thanks-to-stagefright/
-
Trend Micro Discovers Vulnerability That Renders Android Devices Silent
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/
-
An Open Letter to Microsoft’s CEO: Don’t Roll Back the Clock on Choice and Control
https://blog.mozilla.org/blog/2015/07/30/an-open-letter-to-microsofts-ceo-dont-roll-back-the-clock-on-choice-and-control/
-
Microsoft Advanced Threat Analytics
http://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/
http://blogs.technet.com/b/ad/archive/2015/07/22/microsoft-advanced-threat-analytics-coming-next-month.aspx
http://download.microsoft.com/download/C/F/6/CF62335F-C46B-4D84-B0C9-363A89B0C5E6/Microsoft_advanced_threat_analytics_datasheet.pdf
-
"...no one can hack my mind": Comparing Expert and Non-Expert Security Practices
https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf
-
Forensiq Projects In-App Ad Fraud Will Surpass $1 Billion In 2015
http://www.prnewswire.com/news-releases/forensiq-projects-in-app-ad-fraud-will-surpass-1-billion-in-2015-300117453.html
http://forensiq.com/mobile-app-fraud-study/
-
One in every 600 websites has .git exposed
http://www.jamiembrown.com/blog/one-in-every-600-websites-has-git-exposed/
-
Researchers Hack Air-Gapped Computer With Simple Cell Phone
http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone/
-
Dell Computer Corporation, Inc. Information for VU#577140
BIOS implementations fail to properly set UEFI write protections after waking from sleep mode
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2890
-
Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned
http://blog.checkpoint.com/2015/08/06/certifigate/
http://www.checkpoint.com/resources/certifigate
-
Announcing Approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, and Revision of the Applicability Clause of FIPS 180-4, Secure Hash Standard
https://www.federalregister.gov/articles/2015/08/05/2015-19181/announcing-approval-of-federal-information-processing-standard-fips-202-sha-3-standard
-
RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0
https://www.trustwave.com/Resources/SpiderLabs-Blog/RIG-Reloaded---Examining-the-Architecture-of-RIG-Exploit-Kit-3-0/
-
WSUSpect - Compromising the Windows Enterprise via Windows Update
https://www.blackhat.com/docs/us-15/materials/us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update-wp.pdf
-
The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf
-
One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status
https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status
-
The Pwnie Awards – 2015 Edition
http://blog.lumension.com/10469/the-pwnie-awards-2015-edition/
-
Stagefright: Mission Accomplished?
http://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/
-
Georgia Tech Finds 11 Security Flaws in Popular Internet Browsers Using New Analysis Method
http://www.news.gatech.edu/2015/08/13/georgia-tech-finds-11-security-flaws-popular-internet-browsers-using-new-analysis-method
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lee.pdf
-
NSA Spying Relies on AT&T’s ‘Extreme Willingness to Help’
https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help
https://www.propublica.org/article/a-trail-of-evidence-leading-to-atts-partnership-with-the-nsa
-
NSA Spying Relies on AT&T’s ‘Extreme Willingness to Help’
https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help (https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help)
https://www.propublica.org/article/a-trail-of-evidence-leading-to-atts-partnership-with-the-nsa (https://www.propublica.org/article/a-trail-of-evidence-leading-to-atts-partnership-with-the-nsa)
Since AT&T now owns Directv, their customers information will probably also be shared just as freely.... :o
-
MediaServer Takes Another Hit with Latest Android Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/mediaserver-takes-another-hit-with-latest-android-vulnerability/
-
P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks
https://www.usenix.org/conference/woot15/workshop-program/presentation/p2p-file-sharing-hell-exploiting-bittorrent
https://www.usenix.org/system/files/conference/woot15/woot15-paper-adamsky.pdf
-
A Little Tale About Website Cross-Contamination
https://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html?utm_campaign=A%20Little%20Tale%20About%20Website%20Cross-Contamination%20Blogpost&utm_medium=social&utm_source=googleplus
WP-CLI Guide: Install WordPress via SSH
https://blog.sucuri.net/2015/08/wp-cli-guide-installing-wordpress.html?utm_campaign=WP-CLI%20Guide%3A%20Install%20WordPress%20via%20SSH%20Blogpost&utm_medium=social&utm_source=googleplus
-
Was the Ashley Madison Database Leaked?
http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/
http://blog.erratasec.com/2015/08/notes-on-ashley-madison-dump.html
https://www.trustedsec.com/august-2015/ashley-madison-database-dumped/
http://www.hydraze.org/2015/08/ashley-madison-full-dump-has-finally-leaked/
-
Was the Ashley Madison Database Leaked?
http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/
http://blog.erratasec.com/2015/08/notes-on-ashley-madison-dump.html
https://www.trustedsec.com/august-2015/ashley-madison-database-dumped/
http://www.hydraze.org/2015/08/ashley-madison-full-dump-has-finally-leaked/
Yes!
https://www.washingtonpost.com/news/the-intersect/wp/2015/08/19/how-to-see-if-you-or-your-spouse-appear-in-the-ashley-madison-leak/?tid=hybrid_collaborative_1_na
-
Security and Hosting Environments
http://perezbox.com/2015/08/security-and-hosting-environments/?utm_campaign=Tony%20Perez%20on%3A%20Security%20and%20Hosting%20Environments&utm_medium=social&utm_source=googleplus
-
Multiple Vulnerabilities in Pocket
https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/
-
Ongoing abuse problems at Nic.at and DENIC
https://www.spamhaus.org/news/article/724/ongoing-abuse-problems-at-nic.at-and-denic
-
How To Create a Website Backup Strategy
https://blog.sucuri.net/2015/04/how-to-create-a-website-backup-strategy.html?utm_campaign=How%20To%20Create%20a%20Website%20Backup%20Strategy%20Blogpost&utm_medium=social&utm_source=googleplus
Virtual Patching for Websites with Sucuri CloudProxy
https://blog.sucuri.net/2013/03/virtual-patching-for-websites-with-sucuri-cloudproxy.html?utm_campaign=What%20is%20virtual%20patching%2C%20and%20how%20we%20use%20it%20with%20our%20WAF%20Blogpost&utm_medium=social&utm_source=googleplus
FunWebProducts UserAgent Bloating Traffic (Note: not sure where to post this.)
https://blog.sucuri.net/2015/08/funwebproducts-useragent-bloating-traffic.html?utm_campaign=FunWebProducts%20UserAgent%20Bloating%20Traffic%20Blogpost&utm_medium=social&utm_source=googleplus
-
New data uncovers the surprising predictability of Android lock patterns
http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/
-
Quicksand’ – A New Enterprise iOS Vulnerability
https://www.appthority.com/enterprise-mobile-threats/2015/08/19/quicksand-a-new-enterprise-ios-vulnerability/
-
Remote Code Execution in Dolphin Browser for Android
http://rotlogix.com/2015/08/22/remote-code-execution-in-dolphin-browser-for-android/
Exploiting the Mercury Browser for Android
http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/
-
Cryptography Today
https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
-
Website Malware – Curious .htaccess Conditional Redirect Case
https://blog.sucuri.net/2014/09/website-malware-curious-htaccess-conditional-redirect-case.html?utm_campaign=Website%20Malware%20%E2%80%93%20Curious%20.htaccess%20Conditional%20Redirect%20Case%20Blogpost&utm_medium=social&utm_source=googleplus
Security and Hosting Environments
http://perezbox.com/2015/08/security-and-hosting-environments/?utm_campaign=Tony%20Perez%20on%3A%20Security%20and%20Hosting%20Environments&utm_medium=social&utm_source=googleplus
-
Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned
http://blog.checkpoint.com/2015/08/06/certifigate/
http://www.checkpoint.com/resources/certifigate
Certifi-gate Found in the Wild on Google Play
New Insights on the Extent, Exploitation, and Mitigation of This New Threat
http://blog.checkpoint.com/2015/08/25/certifigate-statistics-exploitation-mitigation/
-
From an avast news release
https://press.avast.com/avast-builds-threat-detection-based-on-machine-learning-to-protect-users-from-zero-day-attacks-malware-and-privacy-threats
-
From an avast news release
https://press.avast.com/avast-builds-threat-detection-based-on-machine-learning-to-protect-users-from-zero-day-attacks-malware-and-privacy-threats (https://press.avast.com/avast-builds-threat-detection-based-on-machine-learning-to-protect-users-from-zero-day-attacks-malware-and-privacy-threats)
Interesting. Wonder if Intel and AMD are next on the list.
-
@bob3160: That would be amazing to see. Also automatically generated Dyna-Gen sigs would be great to see.
They said they are working on it a long time ago, i dont know if its still a thing tho.
-
Ins0mnia: Unlimited Background Time and Covert Execution on Non-Jailbroken iOS Devices
https://www.fireeye.com/blog/threat-research/2015/08/ins0mnia_unlimited.html
-
London Calling: Two-Factor Authentication Phishing From Iran
https://citizenlab.org/2015/08/iran_two_factor_phishing/
-
Demystifying File and Folder Permissions
https://blog.sucuri.net/2015/09/demystifying-file-and-folder-permissions.html?utm_campaign=Demystifying%20Folder%20Permissions%20blogpost&utm_medium=social&utm_source=googleplus
-
OWASP Automated Threat Handbook Web Applications
https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
-
Tiny Banker hidden in modified WinObj tool from Sysinternals
https://blog.avast.com/2015/09/03/tiny-banker-hidden-in-modified-winobj-tool-from-sysinternals/
-
(https://blog.malwarebytes.org/wp-content/uploads/2015/08/header.png)
Shopperz - be ware.
https://blog.malwarebytes.org/intelligence/2015/09/shopperz-alters-dnsapi-dll/ (https://blog.malwarebytes.org/intelligence/2015/09/shopperz-alters-dnsapi-dll/)
(Shopperz alters dnsapi.dll)
-
Analyzing Popular Layer 7 Application DDoS Attacks (I was thinking of polonus while reading this.)
https://blog.sucuri.net/2015/09/analyzing-popular-layer-7-application-ddos-attacks.html?utm_campaign=Analyzing%20Popular%20Layer%207%20Application%20DDoS%20Attacks%20Blogpost&utm_medium=social&utm_source=googleplus
-
The Dukes: 7 Years Of Russian Cyber-Espionage
https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
-
Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store
http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/
http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/
http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html
-
Avasts technology
https://www.avast.com/technology
-
BrainTest – A New Level of Sophistication in Mobile Malware
http://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/
-
Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store
http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/
http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/
http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html
More Details on the XcodeGhost Malware and Affected iOS Apps
http://researchcenter.paloaltonetworks.com/2015/09/more-details-on-the-xcodeghost-malware-and-affected-ios-apps/
-
Kaspersky: Mo Unpackers, Mo Problems
http://googleprojectzero.blogspot.com/2015/09/kaspersky-mo-unpackers-mo-problems.html
-
The Deep Sweep (2015) - High-altitude Signal Research
https://criticalengineering.org/projects/deep-sweep/
-
Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store
http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/
http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/
http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html
More Details on the XcodeGhost Malware and Affected iOS Apps
http://researchcenter.paloaltonetworks.com/2015/09/more-details-on-the-xcodeghost-malware-and-affected-ios-apps/
XcodeGhost Q&A
https://www.apple.com/cn/xcodeghost/#english
-
Bidding for Breaches, Redefining Targeted Attacks
http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted-attacks/
-
iOS Security Guide
http://images.apple.com/privacy/docs/iOS_Security_Guide.pdf
-
Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper
http://arstechnica.com/security/2015/09/drop-dead-simple-exploit-completely-bypasses-macs-malware-gatekeeper/
-
FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime
http://eprint.iacr.org/2015/565.pdf
http://research.microsoft.com/en-us/downloads/95a0a698-a4a7-4346-a0eb-d4bd3e7241ce/default.aspx
-
Threat Advisory: XOR DDoS
https://www.stateoftheinternet.com/downloads/pdfs/2015-threat-advisory-xor-ddos-attacks-linux-botnet-malware-removal-ddos-mitigation-yara-snort.pdf
-
YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs
http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/
-
Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone
http://talosintel.com/angler-exposed/
-
[Cryptography] OpenPGP SEIP downgrade attack
http://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html
-
Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence
http://www.volexity.com/blog/?p=179
-
Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA)
http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Labs-Analysis-Webmail-Sever-APT.pdf
-
Authentication Bypass in Netgear WNR1000v4 Router
http://blog.csnc.ch/2015/10/authentication-bypass-in-netgear-wnr1000v4-router/
http://blog.csnc.ch/2015/10/aftermath-of-the-netgear-advisory-disclosure/
http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html
http://www.shellshocklabs.com/2015/09/part-2en-hacking-netgear-jwnr2010v5.html
-
87% of Android devices insecure
http://androidvulnerabilities.org/press/2015-10-08
https://www.cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf
-
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
-
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
This has been going on for absolutely years - I can remember one AV supplier (who will remain nameless) who also is a SSL Certificate Authorisation body.
-
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
This has been going on for absolutely years - I can remember one AV supplier (who will remain nameless) who also is a SSL Certificate Authorisation body.
No need to name them Dave, the pie chart says it all... ;)
-
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html (http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html)
This has been going on for absolutely years - I can remember one AV supplier (who will remain nameless) who also is a SSL Certificate Authorisation body.
No need to name them Dave, the pie chart says it all... ;)
None other than our fire breathing friend, the Comodo Dragon:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1445083825853-88026.png)
-
<snip quotes>
None other than our fire breathing friend, the Comodo Dragon:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1445083825853-88026.png)
Wow (total 76%) I wasn't aware CloudFlare was also the same company, no wonder we are seeing so many CloudFlare invalid or bad SSL certificate or malware alert in the viruses and worms forum.
-
The Hidden Data Economy - The Marketplace for Stolen Digital Information
http://www.mcafee.com/us/resources/reports/rp-hidden-data-economy.pdf
-
The SHAppening: freestart collisions for SHA-1
https://sites.google.com/site/itstheshappening/
https://eprint.iacr.org/2015/967.pdf
-
Massive Magento Guruincsite Infection
https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html
https://blog.malwarebytes.org/exploits-2/2015/10/new-neutrino-ek-campaign-drops-andromeda/
-
Turning a crappy old Windows PC into a full-fledged Chromebook with CloudReady
www.arstechnica.com/gadgets/2015/10/turning-a-crappy-old-windows-pc-into-a-full-fledged-chromebook-with-cloudready/
www.neverware.com/free/#freedetails
-
Researchers find 256 iOS apps that collect users’ personal info
http://arstechnica.com/security/2015/10/researchers-find-256-ios-apps-that-collect-users-personal-info/
https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html
-
Researchers find 256 iOS apps that collect users’ personal info
http://arstechnica.com/security/2015/10/researchers-find-256-ios-apps-that-collect-users-personal-info/ (http://arstechnica.com/security/2015/10/researchers-find-256-ios-apps-that-collect-users-personal-info/)
https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html (https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html)
Why would it be any different in ios than in Chrome or Windows or Linux ??? :)
-
Massive Magento Guruincsite Infection
https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html
https://blog.malwarebytes.org/exploits-2/2015/10/new-neutrino-ek-campaign-drops-andromeda/
-> http://magento.com/security/news/important-security-update
-
New Headaches: How The Pawn Storm Zero-Day Evaded Java’s Click-to-Play Protection
http://blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/
-
Attacking the Network Time Protocol
http://www.cs.bu.edu/~goldbe/NTPattack.html
https://eprint.iacr.org/2015/1020.pdf
-
got HW crypto? On the (in)security of a Self-Encrypting Drive series
https://eprint.iacr.org/2015/1002.pdf
-
1Password Leaks Your Data
http://myers.io/2015/10/22/1password-leaks-your-data/
https://blog.agilebits.com/2015/10/19/when-a-leak-isnt-a-leak/
-
FBI’s Advice on Ransomware? Just Pay The Ransom.
https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/
-
1Password Leaks Your Data
http://myers.io/2015/10/22/1password-leaks-your-data/
https://blog.agilebits.com/2015/10/19/when-a-leak-isnt-a-leak/
Unbelievable! When you're on security, you need to take it seriously.
-
Chinese Taomike Monetization Library Steals SMS Messages
http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-library-steals-sms-messages/
-
Sustaining Digital Certificate Security
https://googleonlinesecurity.blogspot.com/2015/10/sustaining-digital-certificate-security.html
-
Breaches, traders, plain text passwords, ethical disclosure and 000webhost
http://www.troyhunt.com/2015/10/breaches-traders-plain-text-passwords.html
-
Tor Messenger Beta: Chat over Tor, Easily
https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
-
When Organized Crime Applies Academic Results
A Forensic Analysis of an In-Card Listening Device
http://eprint.iacr.org/2015/963.pdf
-
Ransomware Decryptor
October 28 update: ALL Coinvault and Bitcryptor keys (14k+) added to the database
https://noransom.kaspersky.com/
https://noransom.kaspersky.com/static/CoinVaultDecryptor.zip
https://noransom.kaspersky.com/static/CoinVault-decrypt-howto.pdf
-
Setting the Record Straight on Moplus SDK and the Wormhole Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/setting-the-record-straight-on-moplus-sdk-and-the-wormhole-vulnerability/
-
Cryptographic Libraries
The same libraries that secure iOS and OS X are available to third‑party developers to help them build advanced security features.
https://developer.apple.com/cryptography/
-
Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge
http://googleprojectzero.blogspot.com/2015/11/hack-galaxy-hunting-bugs-in-samsung.html
-
DroidJack isn’t the only spying software out there: Avast discovers that OmniRat is currently being used and spread by criminals to gain full remote control of devices.
https://blog.avast.com/2015/11/05/droidjack-isnt-the-only-spying-software-out-there-avast-discovers-that-omnirat-is-currently-being-used-and-spread-by-criminals-to-gain-full-remote-control-of-devices/
-
Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire
https://blog.lookout.com/blog/2015/11/04/trojanized-adware/
-
PuTTY vulnerability vuln-ech-overflow
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
-
Shoddy Programming causes new Ransomware to destroy your Data
http://www.bleepingcomputer.com/news/security/shoddy-programming-causes-new-ransomware-to-destroy-your-data/
-
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
-
The Anatomy of an IoT Hack
https://blog.avast.com/2015/11/11/the-anatomy-of-an-iot-hack/
-
Samsung S6 calls open to man-in-the-middle base station snooping
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1
-
An End-to-End Measurement of Certificate Revocation in the Web’s PKI
https://www.stanford.edu/~aschulm/docs/imc15-revocation.pdf
-
The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)
https://tools.ietf.org/html/rfc7693
https://blake2.net/
https://github.com/BLAKE2/
-
Let’s Encrypt - Public Beta: December 3, 2015
https://letsencrypt.org/2015/11/12/public-beta-timing.html
-
Did the FBI Pay a University to Attack Tor Users?
https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/
-
Hiding in Plain Sight - Advances in Malware Covert Communication Channels
https://www.blackhat.com/eu-15/briefings.html#hiding-in-plain-sight-advances-in-malware-covert-communication-channels
https://www.blackhat.com/docs/eu-15/materials/eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels-wp.pdf
-
Did the FBI Pay a University to Attack Tor Users?
https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/
Did Carnegie Mellon Attack Tor for the FBI?
https://www.schneier.com/blog/archives/2015/11/did_carnegie-me.html
-
VirusTotal += Mac OS X execution
http://blog.virustotal.com/2015/11/virustotal-mac-os-x-execution.html
https://www.virustotal.com/de/documentation/desktop-applications/mac-osx-uploader
-
Nmap 7 Released
https://nmap.org/7/
-
ZIGBEE EXPLOITED - The good, the bad and the ugly
http://cognosec.com/zigbee_exploited_8F_Ca9.pdf
-
Tor 0.2.7.5 is released and stable
https://blog.torproject.org/blog/tor-0275-released-and-stable
-
House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
https://www.kb.cert.org/vuls/id/566724
-
Damballa discovers new toolset linked to Destover - Attacker’s arsenal helps them to broaden attack surface
https://www.damballa.com/damballa-discovers-new-toolset-linked-to-destover-attackers-arsenal-helps-them-to-broaden-attack-surface/
-
Need more RAM ;D
This Is Samsung's Crazy New 128GB RAM http://gizmodo.com/this-is-samsungs-crazy-new-128gb-ddr4-ram-chip-1744776220
-
ARRIS Cable Modem has a Backdoor in the Backdoor
http://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html
-
Trend Micro, NCA Partnership Leads to Arrests and Shutdown of Refud.me and Cryptex Reborn
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-nca-partnership-lead-to-arrests-and-shutdown-of-refud-me-and-cryptex-reborn/
-
Security Advisory: Dell Foundation Services Remote Information Disclosure
http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html
-
(http://www.screencast-o-matic.com/screenshots/u/Lh/1449059101859-57738.png)
-
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html
-
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
-
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.
-
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.
Only way is through "send a comment" which I've done.
Since I've already read enough on this topic, I'll simply not visit the site for now. :)
-
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.
If you look at the original link in Reply #1257, the page (for those that can access it) you will find a chunk of php code. It isn't in a code tag so it can't run, nor it is displayed as an image example of the code.
So it may be this chunk of code that is triggering it, though no problem with firefox and avast for me.
EDIT: added image of page php script.
-
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.
If you look at the original link in Reply #1257, the page (for those that can access it) you will find a chunk of php code. It isn't in a code tag so it can't run, nor it is displayed as an image example of the code.
So it may be this chunk of code that is triggering it, though no problem with firefox and avast for me.
My very simple rule for staying safe or, being cautious:
When visiting any website, if any of the scanners I run send up a flair, don't visit the site.
Exception to this rule:
The website to be visited contains extremely important information that needs to be looked at:
Open a virtual machine and visit the site. (Not on my working computer.)
-
You know us, fools rush in where angels fear to tread ;D
And we do take extra precautions.
-
You know us, fools rush in where angels fear to tread ;D
And we do take extra precautions.
I'm just a foolish old Angel. :) (If you don't believe me, just ask Alice.)
-
Reasons why your home Wi-Fi signal is slow and how to improve it
http://www.pandasecurity.com/mediacenter/tips/slow-down-wifi/
-
Stalking anyone on Telegram
https://oflisback.github.io/telegram-stalking/
-
Security Advisory: Dell Foundation Services Remote Information Disclosure
http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html
Security Advisory: Dell Foundation Services Remote Information Disclosure (II)
http://lizardhq.rum.supply/2015/12/01/dell-foundation-services.2.html
-
Security Advisory: Dell Foundation Services Remote Information Disclosure
http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Security Advisory: Dell Foundation Services Remote Information Disclosure (II)
http://lizardhq.rum.supply/2015/12/01/dell-foundation-services.2.html (http://lizardhq.rum.supply/2015/12/01/dell-foundation-services.2.html)
Same warning on this link as in your last post on this topic. :)
-
Same warning on this link as in your last post on this topic. :)
As said, the site is clean. Everything else, you've to discuss with Bitdefender. ;)
-
Same warning on this link as in your last post on this topic. :)
As said, the site is clean. Everything else, you've to discuss with Bitdefender. ;)
You'll notice there also hasn't been any action by them to make any changes.
-
Same warning on this link as in your last post on this topic. :)
As said, the site is clean. Everything else, you've to discuss with Bitdefender. ;)
You'll notice there also hasn't been any action by them to make any changes.
I can't help you with Bitdefender. I suggest to post/ask at their forum.
-> https://www.virustotal.com/de/url/8c76b84e76b48bd3529dd1279de0520dd4959a343d201b536d8c4ab87d383919/analysis/1449335753/
-
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
-
Let’s Encrypt - Public Beta: December 3, 2015
https://letsencrypt.org/2015/11/12/public-beta-timing.html
Entering Public Beta
https://letsencrypt.org/2015/12/03/entering-public-beta.html
-
High-Profile Mobile Apps At Risk Due to Three-Year-Old Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/high-profile-mobile-apps-at-risk-due-to-three-year-old-vulnerability/
-
A good new initiative from Mozilla's: https://blog.mozilla.org/futurereleases/2015/12/08/announcing-focus-by-firefox-a-content-blocker-for-ios/
polonus
-
Security Alert: Angler Exploit Kit Spreads CryptoWall 4.0 via New Drive-By Campaign
https://heimdalsecurity.com/blog/security-alert-angler-exploit-kit-spreads-cryptowall-4-0-via-new-drive-campaign/
-
ZeroDB, an end-to-end encrypted database, is open source!
http://blog.zerodb.io/zerodb-open-source-announcement/
-
Meet the woman in charge of the FBI’s most controversial high-tech tools
https://www.washingtonpost.com/world/national-security/meet-the-woman-in-charge-of-the-fbis-most-contentious-high-tech-tools/2015/12/08/15adb35e-9860-11e5-8917-653b65c809eb_story.html
-
SHA-1 Deprecation: No Browser Left Behind
https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/
-
WTF-PAD: Toward an Efficient Website Fingerprinting Defense for Tor
http://arxiv.org/abs/1512.00524
http://arxiv.org/pdf/1512.00524v1 (PDF)
-
Retailer’s apps reveal your Christmas list to the public
https://blog.avast.com/2015/12/15/retailers-apps-reveal-my-christmas-list-to-the-public/
-
FireEye Exploitation: Project Zero’s Vulnerability of the Beast
http://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html
-
Back to 28: Grub2 Authentication 0-Day
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
-
Exploit upgrade for Microsoft Word Intruder crimeware kit
https://nakedsecurity.sophos.com/2015/12/14/exploit-upgrade-for-microsoft-word-intruder-crimeware-kit/
https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-microsoft-word-intruder-revealed.pdf
-
It's Still the Data, Stupid!
https://blog.shodan.io/its-still-the-data-stupid/
-
Stingrays- A Secret Catalogue of Government Gear for Spying on Your Cellphone
https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/
-
Instagram's Million Dollar Bug
http://www.exfiltrated.com/research-Instagram-RCE.php
-
Oracle Agrees to Settle FTC Charges It Deceived Consumers About Java Software Updates
https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java
-
AP Investigation: U.S. power grid vulnerable to foreign hacks
http://lasvegassun.com/news/2015/dec/21/ap-investigation-us-power-grid-vulnerable-to-forei/
-
Cock.li e-mail server seized by German authorities, admin announces
http://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-seized-by-german-authorities-admin-announces/
-
The DNSSEC Root Signing Ceremony
https://www.cloudflare.com/dnssec/root-signing-ceremony/
-
Top 50 Products By Total Number Of "Distinct" Vulnerabilities in 2015
http://www.cvedetails.com/top-50-products.php?year=2015
-
Top 50 Products By Total Number Of "Distinct" Vulnerabilities in 2015
http://www.cvedetails.com/top-50-products.php?year=2015
And look who is in the top? Surprise? Apple... And in the second place? Surprise? Apple...
-
Meet Ransom32: The first JavaScript ransomware
http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/
-
Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/
http://arstechnica.com/information-technology/2015/12/microsoft-may-have-your-encryption-key-heres-how-to-take-it-back/
-
BlackEnergy trojan strikes again: Attacks Ukrainian electric power industry
http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/
-
The Tor Project Is Starting a Bug Bounty Program
http://motherboard.vice.com/read/the-tor-project-is-starting-a-bug-bounty-program
-
New privacy friendly searchengine: https://oscobo.co.uk/
Oscoba shows some ads, but not user profile related.
polonus
-
You’re watching TV – Is it also watching you?
http://blog.checkpoint.com/2016/01/07/youre-watching-tv-is-it-also-watching-you/
http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf
-
You’re watching TV – Is it also watching you?
http://blog.checkpoint.com/2016/01/07/youre-watching-tv-is-it-also-watching-you/
http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf
This is something that has concerned me from the first day of so called Smart TVs - without protection there is no way I would connect my TV to the internet.
-
Dear DavidR,
Surveillance has become the business model everywhere, whether we like it or not. Seems the sheeple is being herded that way.
That is the world we came to live in. And there is no one that checks the designers of this world.
There is a lot in the Internet of Things that came to spy on the owners - thermostats, household gadgets, and they talk about you behind your back.
Read how cleverly they do it. But what do you expect as they can read your lips from the vibration of your window pane.
Good we aren't always aware this is going on everywhere all of the time. Read: http://motherboard.vice.com/en_ca/read/the-internet-of-things-that-talk-about-you-behind-your-back
Oh and they know where you are now: http://freemeteo.nl/weer/?language=dutch&country=netherlands
Damian
-
Yes I don't want my fridge connected to the internet either, if I ever get a smart fridge that is ;D
-
Understanding risks and avoiding FUD
https://unmitigatedrisk.com/?p=552
-
Hi DavidR,
Probably you haven't already installed some of the smart apps? For every modern fridge there is one to warn when you have run out of strawberries or whipped cream! Re: https://play.google.com/store/apps/details?id=\
What is the E-Smart Refrigerator App?
- The E-Smart Refrigerator App allows you to control your XXXXX Refrigerator remotely from your smart phone at home.
- The E-Smart Refrigerator App allows you to check your refrigerator power consumption (in this month and last month 삭제) from your smart phone at home.
- In order to run Smart Grid (Demand Response) function, you need to register the service with your electricity provider company that has EMS(Energy Management System) supporting the SEP(Smart Energy profile).
■ Supported Smart Phone Models:
- Galaxy S4, Galaxy Note 3
(Other models are not guaranteed that they will operate normally.)
- Supported OS : Android 4.0 ~ Android 4.3
Very likely bob3160 has it long time installed ;D
Damian
-
Hi DavidR,
Probably you haven't already installed some of the smart apps? For every modern fridge there is one to warn when you have run out of strawberries or whipped cream! Re: https://play.google.com/store/apps/details?id=\
What is the E-Smart Refrigerator App?
- The E-Smart Refrigerator App allows you to control your XXXXX Refrigerator remotely from your smart phone at home.
- The E-Smart Refrigerator App allows you to check your refrigerator power consumption (in this month and last month 삭제) from your smart phone at home.
- In order to run Smart Grid (Demand Response) function, you need to register the service with your electricity provider company that has EMS(Energy Management System) supporting the SEP(Smart Energy profile).
■ Supported Smart Phone Models:
- Galaxy S4, Galaxy Note 3
(Other models are not guaranteed that they will operate normally.)
- Supported OS : Android 4.0 ~ Android 4.3
Very likely bob3160 has it long time installed ;D
Damian
It's when your fridge starts to send you texts/email to get some milk, etc. whilst you are out. Hell if your are using your mobile phones speech tool, Siri, Cortana or Google's voice option, who knows when it detects you are in a supermarket and it blurts out "don't forget the eggs, etc. etc. your name".
I'm in no rush to get a fridge that's smarter than its user ;D
-
[Mozilla Firefox] Man-in-the-Middle Interfering with Increased Security
https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/
-
Bug Affecting Intel Skylake Processors Can Freeze Computers Running Complex Workloads
http://www.lifehacker.com.au/2016/01/bug-affecting-intel-skylake-processors-can-freeze-computers-running-complex-workloads/
-
Drupal - Insecure Update Process
http://blog.ioactive.com/2016/01/drupal-insecure-update-process.html
-
International action against DD4BC cybercriminal group
https://www.europol.europa.eu/content/international-action-against-dd4bc-cybercriminal-group
-
Clickjacking Campaign Plays on European Cookie Law
https://blog.malwarebytes.org/fraud-scam/2016/01/clickjacking-campaign-plays-on-european-cookie-law/
-
OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
http://undeadly.org/cgi?action=article&sid=20160114142733
https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
-
The world’s biggest SSD has arrived
http://www.extremetech.com/computing/221303-the-worlds-biggest-ssd-has-arrived-at-13tb
http://www.fixstars.com/en/ssd/features/
-
Apple’s ‘Targeted’ Gatekeeper Bypass Patch Leaves OS X Users Exposed
https://threatpost.com/apples-targeted-gatekeeper-bypass-patch-leaves-os-x-users-exposed/115887/
-
Windows 10 Embracing Silicon Innovation
https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/
-
Yahoo Mail stored XSS
https://klikki.fi/adv/yahoo.html
-
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
-
Chrome extension empties your Steam inventory
http://bartblaze.blogspot.hr/2016/01/chrome-extension-empties-your-steam.html
-
The former CEO of Mozilla is launching a web browser that blocks all ads by default
www.businessinsider.com/former-mozilla-ceo-brendan-eich-launches-ad-blocking-web-browser-brave-2016-1?r=UK&IR=T
-
The former CEO of Mozilla is launching a web browser that blocks all ads by default
www.businessinsider.com/former-mozilla-ceo-brendan-eich-launches-ad-blocking-web-browser-brave-2016-1?r=UK&IR=T
Replacing adverts — with adverts
"We need to clean the swimming pool," Brendan Eich says. "Chlorinate the pool. Only by doing that can we build a better ad model for publishers as well as users."
This is the more radical aspect of Brave — re-inserting new adverts. The browser will detect where adverts should go and fill them with new programmatic advertising. Eich says that by doing so, they can offer a better deal to publishers than currently exists by cutting out the adtech middle-men.
Publishers will get around 55% of revenues. 15% will go to Brave. 15% will go to the partner that supplies the ads. And, interestingly, 10-15% goes directly to the user.
It "won't be huge," Eich says, but this will let users automatically make micro-payments to publishers they like. Brave will then block all the adverts on the sites that they choose to pay for.
The adverts that Brave display will be based on tags generated from the user's web browsing history (although this history won't be shared with advertisers). This is, arguably, somewhat invasive — although users can customise their tags and add and remove them as they wish.
-
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
Regarding Android: https://plus.google.com/u/0/+AdrianLudwig/posts/KxHcLPgSPoY
-
Project to add any searchengine to your browser: http://mycroftproject.com/search-engines.html
So if you wanna have Disconnect add it this way etc. :http://mycroftproject.com/search-engines.html?name=Disconnect
polonus
-
Insecure by design: protocols for encrypted phone calls
https://www.benthamsgaze.org/2016/01/19/insecure-by-design-protocols-for-encrypted-phone-calls/
-
Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices
http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt
-
Putting the spotlight on firmware malware
http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html
-
Hot or Not? The Benefits and Risks of iOS Remote Hot Patching
https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html
-
Intel SGX Explained
http://eprint.iacr.org/2016/086
http://eprint.iacr.org/2016/086.pdf
-
Tor hidden service operators: your default Apache install is probably vulnerable
https://wireflaw.net/blog/apache-hidden-service-vuln.html
-
Reconciling Perspectives: New Report Reframes Encryption Debate
https://cyber.law.harvard.edu/node/99280
https://cyber.law.harvard.edu/pubrelease/dont-panic/
https://cyber.law.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf
-
TeslaCrypt 3.0 Released with Modified Algorithm and .XXX, .TTT, and .MICRO File Extensions
http://www.bleepingcomputer.com/news/security/teslacrypt-3-0-released-with-new-encryption-algorithm-and-xxx-file-extensions/
-
The Malware Museum
https://archive.org/details/malwaremuseum
-
No More Deceptive Download Buttons
https://googleonlinesecurity.blogspot.com/2016/02/no-more-deceptive-download-buttons.html
-
Your Number26 Mastercard knows what you did last summer…
https://metabubble.net/payment-cards-bank-accounts/your-number26-mastercard-knows-what-you-did-last-summer/
-
T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques
http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
-
There's a lot of vulnerable OS X applications out there
https://vulnsec.com/2016/osx-apps-vulnerabilities/
http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/
-
Russian Hackers Moved Ruble Rate With Malware, Group-IB Says
http://www.bloomberg.com/news/articles/2016-02-08/russian-hackers-moved-currency-rate-with-malware-group-ib-says
http://www.group-ib.ru/brochures/Group-IB-Corkow-Report-EN.pdf
-
Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage
https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/
-
There's a lot of vulnerable OS X applications out there
https://vulnsec.com/2016/osx-apps-vulnerabilities/
http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/
Apologies! Sky Kinda Falling + Protecting Yourself From Sparklegate
https://www.taoeffect.com/blog/2016/02/apologies-sky-kinda-falling-protecting-yourself-from-sparklegate/
-
Security Alert: Mazar BOT Spotted in Active Attacks – the Android Malware That Can Erase Your Phone
https://heimdalsecurity.com/blog/security-alert-mazar-bot-active-attacks-android-malware/
-
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
-
Fake SUPEE-5344 Patch Steals Payment Details
https://blog.sucuri.net/2016/02/fake-supee-5344-patch-steals-payment-details.html
-
Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review
http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/
-
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Locky: JavaScript Deobfuscation
https://isc.sans.edu/diary/Locky/20749
-
MouseJack - Injecting Keystrokes into Wireless Mice
https://www.bastille.net/technical-details
https://www.bastille.net/affected-devices
-
Android Malware About to Get Worse: GM Bot Source Code Leaked
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
-
Android trump card: Acecard
https://blog.kaspersky.com/acecard-android-trojan/11368/
-
Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html
-
Porn clicker trojans at Google Play: An analysis
http://www.welivesecurity.com/2016/02/24/porn-clicker-trojans-google-play-analysis/
http://www.welivesecurity.com/2016/02/23/appendix-porn-clicker-trojans-at-google-play/
-
HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer
https://objective-see.com/blog/blog_0x0D.html
-
CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
https://ssrg.nicta.com.au/projects/TS/cachebleed/
https://ssrg.nicta.com.au/projects/TS/cachebleed/cachebleed.pdf
-
HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer
https://objective-see.com/blog/blog_0x0D.html
The Italian morons are back! What are they up to this time?
https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/
-
The DROWN Attack
https://drownattack.com/
https://drownattack.com/top-sites.html
https://test.drownattack.com/
https://drownattack.com/drown-attack-paper.pdf
-
The Attacker's Dictionary
https://community.rapid7.com/community/infosec/blog/2016/03/01/the-attackers-dictionary
-
ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
https://eprint.iacr.org/2016/129
https://eprint.iacr.org/2016/129.pdf
-
New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/
-
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Locky: JavaScript Deobfuscation
https://isc.sans.edu/diary/Locky/20749
A closer look at the Locky ransomware
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
-
New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/
KeRanger Is Actually A Rewrite of Linux.Encoder
https://labs.bitdefender.com/2016/03/keranger-is-actually-a-rewrite-of-linux-encoder/
-
[SE-2012-01] Broken security fix in Oracle Java SE 7/8/9
http://seclists.org/fulldisclosure/2016/Mar/31
http://www.security-explorations.com/materials/SE-2012-01-ORACLE-14.pdf
-
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
https://github.com/firmadyne/firmadyne/blob/master/paper/paper.pdf
FIRMADYNE: https://github.com/firmadyne/firmadyne
-
Angler Takes Malvertising to New Heights
https://www.trustwave.com/Resources/SpiderLabs-Blog/Angler-Takes-Malvertising-to-New-Heights/
-
AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device
http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/
-
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Locky: JavaScript Deobfuscation
https://isc.sans.edu/diary/Locky/20749
A closer look at the Locky ransomware
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
Locky’s JavaScript downloader
https://blog.avast.com/lockys-javascript-downloader
-
Metaphor - A (real) reallife Stagefright exploit
https://www.exploit-db.com/docs/39527.pdf
-
TeslaCrypt 4.0 Released with Bug Fixes and Stops Adding Extensions
http://www.bleepingcomputer.com/news/security/teslacrypt-4-0-released-with-bug-fixes-and-stops-adding-extensions/
-
Attack of the Week: Apple iMessage
http://blog.cryptographyengineering.com/2016/03/attack-of-week-apple-imessage.html
-
Comodo Antivirus Forwards Emulated API calls to the Real API during scans
https://bugs.chromium.org/p/project-zero/issues/detail?id=769
-
Certificate Transparency for Untrusted CAs
https://security.googleblog.com/2016/03/certificate-transparency-for-untrusted.html
-
Infoblox DNS Threat Index Report - Q4 2015
https://www.infoblox.com/dns-threat-index
https://www.infoblox.com/sites/infobloxcom/files/resources/infoblox-white-paper-dns-threat-index-q4-2015-report.pdf
-
Threat Alert: “PowerWare,” New Ransomware Written in PowerShell, Targets Organizations via Microsoft Word
https://www.carbonblack.com/2016/03/25/threat-alert-powerware-new-ransomware-written-in-powershell-targets-organizations-via-microsoft-word/
-
Thank You for Hacking iPhone, Now Tell Apple How You Did It
http://www.bloomberg.com/news/articles/2016-03-23/thank-you-for-hacking-iphone-now-tell-apple-how-you-did-it
-
Thank You for Hacking iPhone, Now Tell Apple How You Did It
http://www.bloomberg.com/news/articles/2016-03-23/thank-you-for-hacking-iphone-now-tell-apple-how-you-did-it (http://www.bloomberg.com/news/articles/2016-03-23/thank-you-for-hacking-iphone-now-tell-apple-how-you-did-it)
Using virtualization to bypass something destructive has long been a proven method to use on something like this.
Why did it take so long to finally realize this and, why can't they do it themselves ???
-
Evolution of SamSa Malware Suggests New Ransomware Tactics In Play
http://researchcenter.paloaltonetworks.com/2016/03/evolution-of-samsa-malware-suggests-new-ransomware-tactics-in-play/
https://blogs.technet.microsoft.com/mmpc/2016/03/17/no-mas-samas-whats-in-this-ransomwares-modus-operandi/
http://blog.talosintel.com/2016/03/samsam-ransomware.html
http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf
-
WordPress and Joomla websites get hacked with fake jQuery
https://blog.avast.com/wordpress-and-joomla-users-get-hacked-be-aware-of-fake-jquery
-
Have you disabled Flash yet?
https://business.f-secure.com/have-you-disabled-flash-yet/
-
Ransomware Petya - a technical review
https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-review
-
Apple's fruitless rootless security broken by code that fits in a tweet
http://www.theregister.co.uk/2016/03/30/apple_os_x_rootless/
-
SideStepper: Bypassing the iOS Gatekeeper to Attack iPhone and iPad Devices
http://blog.checkpoint.com/2016/03/31/sidestepper/
-
WhatsApp's Signal Protocol integration is now complete
https://whispersystems.org/blog/whatsapp-complete/
https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
-
WhatsApp's Signal Protocol integration is now complete
https://whispersystems.org/blog/whatsapp-complete/ (https://whispersystems.org/blog/whatsapp-complete/)
https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf (https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf)
https://blog.avast.com/what-whatsapps-new-end-to-end-encryption-means-for-you
-
Andromeda under the microscope
https://blog.avast.com/andromeda-under-the-microscope
-
CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities
http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf
-
Users Really Do Plug in USB Drives They Find
https://zakird.com/papers/usb.pdf
-
Users Really Do Plug in USB Drives They Find
https://zakird.com/papers/usb.pdf (https://zakird.com/papers/usb.pdf)
(http://screencast-o-matic.com/screenshots/u/Lh/1460292881692-2072.png)
-
Ransomware Petya - a technical review
https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-review
Petya Ransomware's Encryption Defeated and Password Generator Released
http://www.bleepingcomputer.com/news/security/petya-ransomwares-encryption-defeated-and-password-generator-released/
-
Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/
-
Mozilla explores radically different browser as Firefox leaks share
http://www.computerworld.com/article/3055945/web-browsers/mozilla-explores-radically-different-browser-as-firefox-leaks-share.html
-
ID Ransomware
Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.
https://id-ransomware.malwarehunterteam.com/
-
New Threat Can Auto-Brick Apple Devices
http://krebsonsecurity.com/2016/04/new-threat-can-auto-brick-apple-devices/
-
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services
http://www.cs.cornell.edu/~shmat/shmat_urls.pdf
-
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services
http://www.cs.cornell.edu/~shmat/shmat_urls.pdf (http://www.cs.cornell.edu/~shmat/shmat_urls.pdf)
Maybe people should learn to use Google's shortening service. They check for malicious code before shortening.
https://goo.gl/
-
Internet Security Threat Report (Volume 21, April 2016)
https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
-
Weekend Workshop: How to auto tweet your ISP when your Internet slows down
http://www.digitaltrends.com/cool-tech/how-to-build-broadband-speed-monitor/
http://makezine.com/projects/send-ticket-isp-when-your-internet-drops/
-
Retefe is back in town
https://isc.sans.edu/diary/Retefe+is+back+in+town/20957
-
Inside Nuclear’s Core: Analyzing the Nuclear Exploit Kit Infrastructure
http://blog.checkpoint.com/2016/04/20/inside-nuclears-core-analyzing-the-nuclear-exploit-kit-infrastructure/
http://blog.checkpoint.com/wp-content/uploads/2016/04/Inside-Nuclear-1-2.pdf
-
How I Hacked Facebook, and Found Someone's Backdoor Script
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
-
The Impact of a Ransomware Infection
https://blog.rootshell.be/2016/04/18/impact-ransomware-infection/
-
Apple ImageIO Denial of Service
https://www.landaire.net/blog/apple-imageio-denial-of-service/
-
Empty DDoS Threats: Meet the Armada Collective
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
-
Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
-
How to unlock a .crypt file
https://blog.kaspersky.com/cryptxxx-ransomware/11939/
-
Slack bot token leakage exposing business critical information
https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
-
Former Tor developer created malware for the FBI to hack Tor users
http://www.dailydot.com/politics/government-contractor-tor-malware/
-
Digging deep for PLATINUM
https://blogs.technet.microsoft.com/mmpc/2016/04/26/digging-deep-for-platinum/
-
Australian Craig Wright claims to be Bitcoin creator
http://www.bbc.com/news/technology-36168863
http://www.economist.com/news/briefings/21698061-craig-steven-wright-claims-be-satoshi-nakamoto-bitcoin
-
New fresh phishing campaign hits Facebook
https://blog.avast.com/new-fresh-phishing-campaign-hits-facebook
-
Decrypted: Alpha Ransomware accepts iTunes Gift Cards as Payment
http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-accepts-itunes-gift-cards-as-payment/
-
Android Banker Trojan preys on credit card information
https://blog.avast.com/android-banker-trojan-preys-on-credit-card-information
-
Mobile Malware Competition Rises in Underground Markets
https://securityintelligence.com/mobile-malware-competition-rises-in-underground-markets/
-
Malware and non-malware ways for ATM jackpotting - Extended cut
https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
-
Hold Security Recovers 272 Million Stolen Credentials From A Collector
http://holdsecurity.com/news/the_collector_breach/
http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
-
An Introduction to AlphaLocker
https://blog.cylance.com/an-introduction-to-alphalocker
-
Andromeda distributors craft new strategies for attacks
https://blog.avast.com/andromeda-distributors-craft-new-strategies-for-attacks
-
Hacking Wordpress via XSS (Plugin: Event-Registration)
https://www.codemetrix.net/security/2016/04/25/hacking-wordpress-via-xss-event-registration.html
http://seclists.org/bugtraq/2016/May/34
-
Crooks Go Deep With ‘Deep Insert’ Skimmers
http://krebsonsecurity.com/2016/05/crooks-go-deep-with-deep-insert-skimmers/
-
Multiple 7-Zip Vulnerabilities Discovered by Talos
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
-
CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
-
Software security suffers as upstarts lose access to virus data
http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4
-
Mozilla - Advance Disclosure Needed to Keep Users Secure
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
-
Mozilla - Advance Disclosure Needed to Keep Users Secure
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
I wasn't sure where this was going to lead from the blog title URL.
However, I found it to be very interesting and makes you wonder why this kind of disclosure (best practice) wasn't already the norm.
-
As long as the government wants to exploit the vulnerability itself, they wouldn't want to have it fixed regardless of how many people are put at risk.
-
As long as the government wants to exploit the vulnerability itself, they wouldn't want to have it fixed regardless of how many people are put at risk.
Sad but true.
-
Let's Analyze: Dridex
http://www.malwaretech.com/2016/03/lets-analyze-dridex-part-1.html
http://www.malwaretech.com/2016/04/lets-analyze-dridex-part-2.html
http://www.malwaretech.com/2016/05/lets-analyze-dridex-part-3.html
-
Jigsaw Ransomware becomes CryptoHitman with Porno Extension
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-becomes-cryptohitman-with-porno-extension/
-
CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
Update: CryptXXX solved again
https://blog.kaspersky.com/cryptxxx-decryption-20/12091/
-
TeslaCrypt shuts down and Releases Master Decryption Key
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
-
Mozilla - Advance Disclosure Needed to Keep Users Secure
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
FBI Doesn’t Have to Give Mozilla Details on Bug It Used to Bust a Child Porn Ring
http://europe.newsweek.com/fbi-doesnt-have-give-mozilla-details-bug-it-used-bust-child-porn-ring-461325
-
Lawsuit claims Facebook illegally scanned private messages
http://www.theverge.com/2016/5/19/11712804/facebook-private-message-scanning-privacy-lawsuit
-
How I Could Compromise 4% (Locked) Instagram Accounts
https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/
-
Two Attacks for The Price Of One: Weaponized Document Delivers Ransomware and Potential DDoS Attack
https://www.invincea.com/2016/05/two-attacks-for-the-price-of-one-weaponized-document-delivers-ransomware-and-potential-ddos-attack/
-
Opera Software sold to Chinese Consortium :'(
http://e24.no/boers-og-finans/opera-software/opera-bekrefter-budrykter-kineserne-fikk-over-90-prosent-aksept/23692851
-
2016 Underground Hacker Marketplace Report
https://www.secureworks.com/resources/rp-2016-underground-hacker-marketplace-report
-
Link (.lnk) to Ransom
https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/
-
Microsoft Password Guidance
http://research.microsoft.com/pubs/265143/Microsoft_Password_Guidance.pdf
-
Phishing Activity Trends Report, 1st Quarter 2016
http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf
-
Don't panic, says Blue Coat, we're not using CA cert to snoop on you
http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
http://blogs.msmvps.com/alunj/2016/05/26/untrusting-the-blue-coat-intermediate-ca-from-windows/
https://blog.filippo.io/untrusting-an-intermediate-ca-on-os-x/
-
Tor Browser 6.0 is released
https://blog.torproject.org/blog/tor-browser-60-released
-
How LinkedIn’s password sloppiness hurts us all
http://arstechnica.com/security/2016/06/how-linkedins-password-sloppiness-hurts-us-all/
-
TeamViewer - Statement on Service Outage
https://www.teamviewer.com/en/company/press/statement-on-service-outage/
-
Out-of-Box Exploitation: A Security Analysis of OEM Updaters
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
https://duo.com/assets/pdf/out-of-box-exploitation_oem-updaters.pdf
-
Android -- (In-) Security of Security Applications
https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf
-
TeamViewer - Statement on Service Outage
https://www.teamviewer.com/en/company/press/statement-on-service-outage/
TeamViewer Launches Trusted Devices and Data Integrity
http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/
-
One of the World's Largest Botnets Has Vanished
http://motherboard.vice.com/read/one-of-the-worlds-largest-botnets-has-vanished
-
Reviewing Microsoft's Automatic Insertion of Telemetry into C++ Binaries
https://www.infoq.com/news/2016/06/visual-cpp-telemetry
-
Tails 2.4 is out
https://tails.boum.org/news/version_2.4/index.en.html
-
Mozilla - Help Make Open Source Secure
https://blog.mozilla.org/blog/2016/06/09/help-make-open-source-secure/
-
Symantec to buy Blue Coat for $4.7 billion to boost enterprise unit
http://www.reuters.com/article/us-bluecoat-m-a-symantec-idUSKCN0YZ0BM
-
Symantec to buy Blue Coat for $4.7 billion to boost enterprise unit
http://www.reuters.com/article/us-bluecoat-m-a-symantec-idUSKCN0YZ0BM
More here: http://investor.symantec.com/About/Investors/press-releases/press-release-details/2016/Symantec-to-Acquire-Blue-Coat-and-Define-the-Future-of-Cybersecurity/default.aspx
-
Akamai - DDoS and Web Applications Attack (Q1 2016)
https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/akamai-q1-2016-state-of-the-internet-security-report-infographic.pdf
-
Intel & ME, and why we should get rid of ME
http://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me
-
FLocker Mobile Ransomware Crosses to Smart TV
http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/
-
ATM Insert Skimmers In Action
https://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/
-
Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging
http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/
-
Checked C
http://research.microsoft.com/en-us/projects/checkedc/
-
Intel release new technology specifications to protect against ROP attacks
https://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/
-
Ransomware attack study
http://www.professionalsecurity.co.uk/news/case-studies/ransomware-attack-study/
-
The new RAA Ransomware is created entirely using Javascript
http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/
-
The Poisoned Archives
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
-
The Poisoned Archives
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
Interesting, though what is also interesting is that a firefox add-on WorldIP reports that site as DNS-Spoofing.
-
...though what is also interesting is that a firefox add-on WorldIP reports that site as DNS-Spoofing.
Hi Dave, that's a reputable site, see: http://www.talosintel.com/about/
No idea what you add-on is complaining about, sorry... :-\
-
...though what is also interesting is that a firefox add-on WorldIP reports that site as DNS-Spoofing.
Hi Dave, that's a reputable site, see: http://www.talosintel.com/about/
No idea what you add-on is complaining about, sorry... :-\
I don't doubt it is legit, but there are many sites that really do go in for this kind of anonymity whilst the above link doesn't throw up the warning, the blog does. What seems to be the problem is the DNS server doesn't match the domain or somthing like that.
-
If you think it's an issue, I'd suggest to report it: http://www.talosintel.com/contact/
-
Retefe banking Trojan targets UK banking customers
https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers
-
Necurs Botnet Returns With Updated Locky Ransomware In Tow
https://www.proofpoint.com/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
-
Nuclear, Angler Exploit Kit Activity Has Disappeared
https://threatpost.com/nuclear-angler-exploit-kit-activity-has-disappeared/118842/
-
A Bug in Chrome Makes It Easy to Pirate Movies
https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/
-
Doh! New "Bart" Ransomware from Threat Actors Spreading Dridex and Locky
https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threat-Actors-Spreading-Dridex-and-Locky
-
Zimbra Ransomware written in Python targets Zimbra Mail Store
http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/
-
[Tor] - Selfrando: Q and A with Georg Koppen
https://blog.torproject.org/blog/selfrando-q-and-georg-koppen
https://github.com/immunant/selfrando
https://people.torproject.org/~gk/misc/Selfrando-Tor-Browser.pdf
-
Internet speed test in google and bing
http://www.theverge.com/2016/6/28/12055442/google-search-internet-speed-test-netflix-fast-ookla
Bing
https://www.bing.com/search?q=internet+speed+test&go=Submit&qs=n&form=QBLH&pq=internet+speed+test&sc=9-19&sp=-1&sk=&cvid=ECA52EBBF6DD4AF58D2A5F4068AD3C75
-
Internet speed test in google and bing
http://www.theverge.com/2016/6/28/12055442/google-search-internet-speed-test-netflix-fast-ookla (http://www.theverge.com/2016/6/28/12055442/google-search-internet-speed-test-netflix-fast-ookla)
Bing
https://www.bing.com/search?q=internet+speed+test&go=Submit&qs=n&form=QBLH&pq=internet+speed+test&sc=9-19&sp=-1&sk=&cvid=ECA52EBBF6DD4AF58D2A5F4068AD3C75 (https://www.bing.com/search?q=internet+speed+test&go=Submit&qs=n&form=QBLH&pq=internet+speed+test&sc=9-19&sp=-1&sk=&cvid=ECA52EBBF6DD4AF58D2A5F4068AD3C75)
It works in Bing not in Google:
(http://screencast-o-matic.com/screenshots/u/Lh/1467377726029-23005.png) (https://www.youtube.com/watch?v=eEYFyoYhxU0)
https://www.youtube.com/watch?v=eEYFyoYhxU0
-
StartEncrypt considered harmful today
https://www.computest.nl/blog/startencrypt-considered-harmful-today/
-
hashcat v3.00
https://hashcat.net/forum/thread-5559.html
-
Don’t pay the Ransom! AVG releases six free decryption tools to retrieve your files
http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
-
Akamai: global average connection speed up 12 percent, bye bye IPv4
https://techcrunch.com/2016/06/28/akamai-global-average-connection-speed-up-12-percent-bye-bye-ipv4/
-
From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign
http://blog.checkpoint.com/2016/07/01/from-hummingbad-to-worse-new-in-depth-details-and-analysis-of-the-hummingbad-andriod-malware-campaign/
http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
-
New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns
https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/
https://labs.bitdefender.com/wp-content/uploads/2016/07/Backdoor-MAC-Eleanor_final.pdf
-
New OSX/Keydnap malware is hungry for credentials
http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/
-
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
-
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
-
Want to build your own computer ;D
Man Builds Giant 16-Bit 'Megaprocessor' in His Living Room
http://www.popularmechanics.com/technology/design/a21670/man-builds-giant-16-bit-megaprocessor/
http://www.bbc.com/news/technology-36711989
-
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
Agreed Dave, I also wouldn't recommend Lenovo, atm.
-
DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found
https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app
-
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html (http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html)
Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
Agreed Dave, I also wouldn't recommend Lenovo, atm.
Im certainly not planning to throw mine away.....
-
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html (http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html)
Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
Agreed Dave, I also wouldn't recommend Lenovo, atm.
Im certainly not planning to throw mine away.....
Same here, my lenovo yoga 500 work like a dream ;)
-
Come on guys, nobody said to throw it away. ::) ;)
Still, you should monitor your systems carefully, imo.
-
Tools deliver false promises to YouTubers and Gamers
https://blog.avast.com/tools-deliver-false-promises-to-youtubers
-
Experimenting with Post-Quantum Cryptography
https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
-
When Paying Out Doesn't Pay Off
http://blog.talosintel.com/2016/07/ranscam.html
-
When Paying Out Doesn't Pay Off
http://blog.talosintel.com/2016/07/ranscam.html
I have always been of the opinion that payment is no guarantee that the crooks will honour any promise to decrypt/restore files when you pay.
As mentioned a robust backup and recovery strategy is required.
-
When Paying Out Doesn't Pay Off
http://blog.talosintel.com/2016/07/ranscam.html (http://blog.talosintel.com/2016/07/ranscam.html)
I have always been of the opinion that payment is no guarantee that the crooks will honour any promise to decrypt/restore files when you pay.
As mentioned a robust backup and recovery strategy is required.
Repairing for a disaster needs to be done before the disaster happens. What David does, certainly qualifies as preparing for that disaster.
It is something I stress repeatedly at every presentation. :)
-
CryptXXX providing free keys for .Crypz and .Cryp1 Versions
http://www.bleepingcomputer.com/news/security/cryptxxx-providing-free-keys-for-crypz-and-cryp1-versions/
-
Retefe banking Trojan targets UK banking customers
https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers
The evolution of the Retefe banking Trojan
https://blog.avast.com/the-evolution-of-the-retefe-banking-trojan
-
How “The Internet’s Biggest Blind Spot” lead to a 15 year old security vulnerability
https://medium.com/we-build-vend/how-the-internets-biggest-blind-spot-lead-to-a-15-year-old-security-vulnerability-a2a6f6218a71
https://httpoxy.org/
-
Reducing Adobe Flash Usage in Firefox
https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
-
Trend Micro Ransomware File Decryptor Updated
http://blog.trendmicro.com/trend-micro-ransomware-file-decryptor-updated/
-
Bart’s Shenanigans Are No Match for AVG
http://now.avg.com/barts-shenanigans-are-no-match-for-avg/
-
The No More Ransom Project
https://www.nomoreransom.org/
-
Lowering memory usage in Opera and Blink with Heap compaction
https://www.opera.com/blogs/desktop/2016/07/memory-usage-opera-heap-compaction/
-
Keys to Chimera ransomware leaked
https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/
-
OPNsense 16.7 released
https://forum.opnsense.org/index.php?topic=3428.0
-
OPNsense 16.7 released
https://forum.opnsense.org/index.php?topic=3428.0
Error: SEC_ERROR_OCSP_SERVER_ERROR
Am I alone? Can't connect...
-
No problem here connecting.
-
No problem here connecting.
Sorry, it was a temporary glitch from my side.
-
Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection
https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html
-
WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted
http://www.zdziarski.com/blog/?p=6143
-
Driver Signing changes in Windows 10, version 1607
https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/
-
This is what Apple should tell you when you lose your iPhone
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82
-
This is what Apple should tell you when you lose your iPhone
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82
Very interesting and devious.
-
Pwnie Awards 2016
http://pwnies.com/winners/
-
What are malicious USB keys and how to create a realistic one?
https://www.elie.net/blog/security/what-are-malicious-usb-keys-and-how-to-create-a-realistic-one
-
ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms
https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/
-
Secure Golden Key Boot: (MS16-094 / CVE-2016-3287, and MS16-100 / CVE-2016-3320)
https://rol.im/securegoldenkeyboot/
-
Study Highlights Serious Security Threat to Many Internet Users
https://ucrtoday.ucr.edu/39030
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
-
Study Highlights Serious Security Threat to Many Internet Users
https://ucrtoday.ucr.edu/39030 (https://ucrtoday.ucr.edu/39030)
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf (http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf)
This pretty much destroys the belief that using Linux keeps you safe.
-
Fine new technology, USB firewall: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/tian
Innovation and thinking outside the trodden path is the way forward for us all.
Great developers do it.
Knowledge means power, but unique talent is more powerful yet!
polonus
-
RC4 is now disabled in Microsoft Edge and Internet Explorer 11
https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/
-
PokemonGo Ransomware installs Backdoor Account and Spreads to other Drives
http://www.bleepingcomputer.com/news/security/pokemongo-ransomware-installs-backdoor-accounts-and-spreads-to-other-drives/
-
Further simplifying servicing models for Windows 7 and Windows 8.1
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
-
Intel will provide early access to fast Optane SSDs via the cloud
http://www.cio.com/article/3108182/intel-will-provide-early-access-to-fast-optane-ssds-via-the-cloud.html (http://www.cio.com/article/3108182/intel-will-provide-early-access-to-fast-optane-ssds-via-the-cloud.html)
-
Development version of the Hitler-Ransomware Discovered
http://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/
-
Cerber Ransomware Developers make changes that defeat Check Point's Decryption Service
http://www.bleepingcomputer.com/news/security/cerber-ransomware-developers-make-changes-that-defeat-check-points-decryption-service/
-
Google is killing off Chrome apps on Windows, macOS, and Linux
http://www.neowin.net/news/google-is-killing-off-chrome-apps-on-windows-macos-and-linux
-
Microsoft broke millions of webcams with the Windows 10 Anniversary Update
http://www.theverge.com/2016/8/19/12562780/microsoft-windows-10-anniversary-update-webcam-freezing
-
Microsoft broke millions of webcams with the Windows 10 Anniversary Update
http://www.theverge.com/2016/8/19/12562780/microsoft-windows-10-anniversary-update-webcam-freezing (http://www.theverge.com/2016/8/19/12562780/microsoft-windows-10-anniversary-update-webcam-freezing)
Temporary workaround: https://twitter.com/WithinRafael/status/766698660608348161
-
RCE in Teamspeak 3 server
http://seclists.org/fulldisclosure/2016/Aug/61
-
Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
https://www.fireeye.com/blog/threat-research/2016/08/locky_ransomwaredis.html
-
The NSA Leak Is Real, Snowden Documents Confirm
https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/
-
Equation Group's BENIGNCERTAIN tool - a remote exploit to extract Cisco VPN private keys
https://musalbas.com/2016/08/18/equation-group-benigncertain.html
-
NSA-linked Cisco exploit poses bigger threat than previously thought
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/
-
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
https://sweet32.info/
-
Sophisticated, persistent mobile attack against high-value targets on iOS
https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
-
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
https://sweet32.info/
Attack of the week: 64-bit ciphers in TLS
http://blog.cryptographyengineering.com/2016/08/attack-of-week-64-bit-ciphers-in-tls.html
-
Fantom Ransomware Encrypts your Files while pretending to be Windows Update
http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
-
Keeper: Trusted UI is injected into untrusted webpage
https://bugs.chromium.org/p/project-zero/issues/detail?id=917
https://blog.keepersecurity.com/2016/08/28/security-update-for-keeper-browser-extension/
-
Observatory by Mozilla
https://observatory.mozilla.org
https://observatory.mozilla.org/faq.html
https://github.com/mozilla/http-observatory
-
FBI says foreign hackers penetrated state election systems
https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html
-
Hidden Voice Commands
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_carlini.pdf
-
The story of how WoSign gave me an SSL certificate for GitHub.com
https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com
-
USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB
http://cyber.bgu.ac.il/t/USBee.pdf
-
Kali Linux 2016.2 Release
https://www.kali.org/news/kali-linux-20162-release/
-
Banking Trojan, Gugi, evolves to bypass Android 6 protection
https://securelist.com/blog/mobile/75971/banking-trojan-gugi-evolves-to-bypass-android-6-protection/
-
Zepto ransomware now introduces new features to better encrypt your files
https://blog.avast.com/zepto-ransomware-now-introduces-new-features-to-better-encrypt-your-files
-
Bilal Bot: That Time a Malware Developer Asked Me to Correct a Security Blog
https://securityintelligence.com/bilal-bot-that-time-a-malware-developer-asked-me-to-correct-a-security-blog/
-
Snagging creds from locked machines
https://room362.com/post/2016/snagging-creds-from-locked-machines/
-
Linux/Mirai ELF, when malware is recycled could be still dangerous
http://securityaffairs.co/wordpress/50929/malware/linux-mirai-elf.html
-
Wireshark 2.2.0
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
-
MySQL Exploit Remote Root-Code Execution Privesc CVE-2016-6662
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
-
Announcing the Project Zero Prize
https://googleprojectzero.blogspot.com/2016/09/announcing-project-zero-prize.html
-
Locky ransomware goes on Autopilot
https://blog.avira.com/locky-ransomware-goes-autopilot/
-
More Safe Browsing Help for Webmasters
https://security.googleblog.com/2016/09/more-safe-browsing-help-for-webmasters.html
-
Someone Is Learning How to Take Down the Internet
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
-
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms
https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf
-
Important changes to Chrome Web Store
http://blog.chromium.org/2016/08/from-chrome-apps-to-web.html (http://blog.chromium.org/2016/08/from-chrome-apps-to-web.html)
-
Inside Petya and Mischa Ransomware
https://blog.avast.com/inside-petya-and-mischa-ransomware
-
Stampado: Taking Ransomware Scumbaggery to the Next Level
http://www.bleepingcomputer.com/news/security/stampado-taking-ransomware-scumbaggery-to-the-next-level/
https://decrypter.emsisoft.com/stampado
-
Update on add-on pinning vulnerability
https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/
-
Facebook Page Takeover – Zero Day Vulnerability
http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
-
Future Attack Scenarios Against Authentication Systems, Communicating with ATMS
https://securelist.com/files/2016/09/16_09_en.pdf
-
Inside Petya and Mischa Ransomware
https://blog.avast.com/inside-petya-and-mischa-ransomware
Ransomware doesn't sell itself: Marketing malware on the darknet
https://blog.avast.com/ransomware-doesnt-sell-itself-marketing-malware-on-the-darknet
-
Exclusive: Probe of leaked U.S. NSA hacking tools examines operative's 'mistake'
http://www.reuters.com/article/us-cyber-nsa-tools-idUSKCN11S2MF
-
iOS 10: Security Weakness Discovered, Backup Passwords Much Easier to Break
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/
-
The banker that can steal anything
https://securelist.com/blog/mobile/76101/the-banker-that-can-steal-anything/
-
InfoArmor: Yahoo Data Breach Investigation
https://www.infoarmor.com/infoarmor-yahoo-data-breach-investigation/
-
The coming storm that is IoT:
Source Code for IoT Botnet ‘Mirai’ Released
https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ (https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/)
-
Apple Logs Your iMessage Contacts — and May Share Them With Police
https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/
-
Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
-
Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT (http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT)
I'm glad that someone looked at all the Spam I received at my yahoo junk-mail account. :)
If you don't use your account, delete it: https://login.yahoo.com/?.done=https%3a%2f%2fedit.yahoo.com%2fconfig%2fdelete_user%3f.scrumb%3d0 (https://login.yahoo.com/?.done=https%3a%2f%2fedit.yahoo.com%2fconfig%2fdelete_user%3f.scrumb%3d0)
If you actually use your Yahoo account, transfer to one of the others and then delete your account.
-
DressCode and its Potential Impact for Enterprises
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/
-
Cerber Ransomware switches to a Random Extension and Ends Database Processes
http://www.bleepingcomputer.com/news/security/cerber-ransomware-switches-to-a-random-extension-and-ends-database-processes/
-
Hacked Steam accounts spreading Remote Access Trojan
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
-
Free OS X Security Tools
https://objective-see.com/products.html
-
Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products
https://downloads.cloudsecurityalliance.org/assets/research/internet-of-things/future-proofing-the-connected-world.pdf
-
Vladimir Putin embedded in uTorrent binary
https://blog.avast.com/vladimir-putin-embedded-in-utorrent-binary
-
The DXXD Ransomware displays Legal Notice before Users Login
http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
-
Zero-Day Alert: Email Security Platform (Dell SonicWALL)
https://www.digitaldefense.com/blog-zero-day-vulnerabilities-email-platform/
-
FTC Charges Tech Support Companies With Using Deceptive Pop-Up Ads to Scare Consumers Into Purchasing Unneeded Services
https://www.ftc.gov/news-events/press-releases/2016/10/ftc-charges-tech-support-companies-using-deceptive-pop-ads-scare
-
A kilobit hidden SNFS discrete logarithm computation
http://eprint.iacr.org/2016/961
http://eprint.iacr.org/2016/961.pdf
-
Modern Business Solutions Stumbles Over A Modern Business Problem – 58M Records Dumped From An Unsecured Database
https://www.riskbasedsecurity.com/2016/10/modern-business-solutions-stumbles-over-a-modern-business-problem-58m-records-dumped-from-an-unsecured-database/
-
Android Banking Trojan Asks for Selfie With Your ID
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-asks-for-selfie-with-your-id/
-
Malware posing as Dual Instance app steals users’ Twitter credentials
https://blog.avast.com/malware-posing-as-dual-instance-app-steals-users-twitter-credentials
-
EvilTwin's Exotic Ransomware targets Executable Files
http://www.bleepingcomputer.com/news/security/eviltwins-exotic-ransomware-targets-executable-files/
-
DDoS on Dyn Impacts Twitter, Spotify, Reddit
https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/
-
Magento Credit Card Swiper Exports to Image
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
-
dr0wned - Cyber-Physical Attack with Additive Manufacturing
https://arxiv.org/abs/1609.00133
https://arxiv.org/pdf/1609.00133v1 [PDF]
-
Radioactive Mouse States the Obvious
https://www.syss.de/en/pentest-blog/article/2016/10/04/radioactive-mouse-states-the-obvious-1/
-
Hucky Ransomware: A Hungarian Locky Wannabe
https://blog.avast.com/hucky-ransomware-a-hungarian-locky-wannabe
-
Distrusting New WoSign and StartCom Certificates
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
-
Testing MBRFilter against Ransomware that modify the Master Boot Record
http://www.bleepingcomputer.com/news/security/testing-mbrfilter-against-ransomware-that-modify-the-master-boot-record/
https://github.com/vrtadmin/MBRFilter
-
AtomBombing: A Code Injection that Bypasses Current Security Solutions
http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions
https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows/
-
In-Dev Ransomware forces you do to Survey before unlocking Computer
http://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/
-
task_t considered harmful
https://googleprojectzero.blogspot.com/2016/10/taskt-considered-harmful.html
-
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide
https://blog.avast.com/android-trojan-gm-bot-is-evolving-and-targeting-more-than-50-banks-worldwide
-
Battery Status readout as a privacy risk
https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/
http://lukaszolejnik.com/battery.pdf
https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
-
Tech support scammers abuse bug in HTML5 to freeze computers
https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2016/11/tech-support-scammers-abuse-bug-in-html5-feature-to-freeze-computers/
-
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html
-
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html
Well that's a good and prompt response - if only they would start working through other dubious add-ons.
-
Malvertising on Google AdWords Targeting MacOS Users
https://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users
-
Vulnerability Spotlight: Remotely Exploitable Bugs in Memcached Identified and Patched
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
-
Investigation of regular high load on unused machines every 7 hours
https://blog.avast.com/investigation-of-regular-high-load-on-unused-machines-every-7-hours
-
iOS WebView auto dialer bug
https://www.mulliner.org/blog/blosxom.cgi/security/ios_webview_auto_dialer.html
-
Google Pixel pwned in 60 seconds - Chinese teams kill Safari, laugh at four-second Flash hack
http://www.theregister.co.uk/2016/11/11/google_pixel_pwned_in_60_seconds
-
Live HTTP Headers (and other Chrome extensions) distributing adware
https://cwhite.me/live-http-headers-is-now-an-adware-distributor/
-
CVE-2016-4484: Cryptsetup Initrd root Shell
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
-
Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles
https://www.proofpoint.com/us/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles
-
Your Android could be sending messages to China
https://blog.avast.com/your-android-could-be-sending-messages-to-china
-
Your Android could be sending messages to China
https://blog.avast.com/your-android-could-be-sending-messages-to-china
Strangely enough, I have always been wary of Chinese products and that only strengthened after the Lenovo issue. I did however take a punt on the Huawei Nexus 6P by a "Chinese telecommunications company that has been manufacturing mobile phones since 1997."
Nice to see that avast has this covered.
-
iPhone User? Your Calls Go to iCloud
https://blog.elcomsoft.com/2016/11/iphone-user-your-calls-go-to-icloud/
-
[0day] [PoC] Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html
-
3 million Android phones vulnerable due to pre-installed rootkit
https://blog.avast.com/3-million-android-phones-vulnerable-due-to-pre-installed-rootkit
http://blog.anubisnetworks.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack
-
Locky Ransomware now using the Aesir Extension for Encrypted Files
http://www.bleepingcomputer.com/news/security/locky-ransomware-now-using-the-aesir-extension-for-encrypted-files/
-
Nemucod downloader spreading via Facebook
https://bartblaze.blogspot.com/2016/11/nemucod-downloader-spreading-via.html
-
Android Banking Malware Masquerading as Email App Targets German Banks
https://blog.fortinet.com/2016/11/18/android-banking-malware-masquerading-as-email-app-targets-german-banks
-
Locky Ransomware now using the Aesir Extension for Encrypted Files
http://www.bleepingcomputer.com/news/security/locky-ransomware-now-using-the-aesir-extension-for-encrypted-files/
What I would give to get my hands on the creators of Locky! Many lost nights restoring customers from backups.
BTW - Love the Avatar of Mr. Incredible
-
What I would give to get my hands on the creators of Locky!
You're not alone pal. ;)
-
You Can Now Rent a Mirai Botnet of 400,000 Bots
http://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/
-
Here’s a secret: ɢoogle.com is not google.com
http://www.analyticsedge.com/2016/11/heres-a-secret-%C9%A2oogle-com-is-not-google-com/
http://help.analyticsedge.com/spam-filter/definitive-guide-to-removing-google-analytics-spam/
-
Google warns journalists and professors: Your account is under attack
http://arstechnica.com/security/2016/11/google-warns-journalists-and-professors-your-account-is-under-attack/
-
Locky Ransomware putting us to sleep with the ZZZZZ Extension
http://www.bleepingcomputer.com/news/security/locky-ransomware-putting-us-to-sleep-with-the-zzzzz-extension/
-
An in-depth look at the technology behind CyberCapture
https://blog.avast.com/an-in-depth-look-at-the-technology-behind-cybercapture
-
More Than 1 Million Google Accounts Breached by Gooligan
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Gooligan Checker: https://gooligan.checkpoint.com/
-
Avast Releases Four Free Ransomware Decryptors (https://blog.avast.com/avast-releases-four-free-ransomware-decryptors)
(https://blog.avast.com/hs-fs/hubfs/Ransomware_Decryptor_tools/RansomwareDecryptorTools.png?t=1480613137926&width=600&height=313&name=RansomwareDecryptorTools.png)
-
Analysis of multiple vulnerabilities in AirDroid
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
-
Every Windows 10 in-place Upgrade is a SEVERE Security risk
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
-
USB Killer, yours for $50, lets you easily fry almost every device
http://arstechnica.com/gadgets/2016/12/usb-killer-fries-devices/
war ... huh, what is it good fore?
USB Type-C cable so bad it fries Google engineer’s Chromebook Pixel
http://arstechnica.com/gadgets/2016/02/google-engineer-finds-usb-type-c-cable-thats-so-bad-it-fried-his-chromebook-pixel/
-
SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
-
Announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software
https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
https://github.com/google/oss-fuzz
-
Send Files Between Devices Without Uploading to an Intermediary With Takeafile
http://lifehacker.com/send-files-between-devices-without-uploading-to-an-inte-1789753970
-
CVE-2016-8655 Linux af_packet.c race condition (local root)
http://seclists.org/oss-sec/2016/q4/607
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
https://www.ubuntu.com/usn/usn-3151-1/
-
Backdoor in Sony IPELA Engine IP Cameras
http://blog.sec-consult.com/2016/12/backdoor-in-sony-ipela-engine-ip-cameras.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
-
Roundcube 1.2.2: Command Execution via Email
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
-
Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads
http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/
-
New Scheme: Spread Popcorn Time Ransomware, get chance of free Decryption Key
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
-
State of the Web Report 2016
https://www.menlosecurity.com/state-of-the-web-ig-lp-2016
-
No More Ransom: new partners, new decryption tools, new languages to better fight ransomware
https://www.europol.europa.eu/newsroom/news/no-more-ransom-new-partners-new-decryption-tools-new-languages-to-better-fight-ransomware
-
No More Ransom: new partners, new decryption tools, new languages to better fight ransomware
https://www.europol.europa.eu/newsroom/news/no-more-ransom-new-partners-new-decryption-tools-new-languages-to-better-fight-ransomware (https://www.europol.europa.eu/newsroom/news/no-more-ransom-new-partners-new-decryption-tools-new-languages-to-better-fight-ransomware)
A better mousetrap has always resulted in smarter mice. :)
-
Do they make Also in Polish?
-
Do they make Also in Polish?
https://forum.avast.com/index.php?board=50.0
-
macOS FileVault2 Password Retrieval
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
-
Reliably compromising Ubuntu desktops by attacking the crash reporter
https://donncha.is/2016/12/compromising-ubuntu-desktop/
-
Project Wycheproof
https://security.googleblog.com/2016/12/project-wycheproof.html
https://github.com/google/wycheproof
-
Methbot
http://www.whiteops.com/methbot
http://w-ops.com/methbot_wp
-
Announcing Request for Nominations for Public-Key Post-Quantum Cryptographic Algorithms
https://www.federalregister.gov/documents/2016/12/20/2016-30615/announcing-request-for-nominations-for-public-key-post-quantum-cryptographic-algorithms
https://www.gpo.gov/fdsys/pkg/FR-2016-12-20/pdf/2016-30615.pdf
-
Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware
https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/
-
Top 50 Products By Total Number Of "Distinct" Vulnerabilities in 2016
http://www.cvedetails.com/top-50-products.php?year=2016
-
Avast cyber security predictions for 2017
https://blog.avast.com/avast-cyber-security-predictions-for-2017
-
FireCrypt Ransomware Comes With a DDoS Component
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
-
Tech support scam page triggers denial-of-service attack on Macs
https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
-
MongoDB Apocalypse: Professional Ransomware Group Gets Involved, Infections Reach 28K Servers
https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-professional-ransomware-group-gets-involved-infections-reach-28k-servers/
-
Browser Autofill Phishing
https://github.com/anttiviljami/browser-autofill-phishing
-
Misconfigured server reveals Cerber ransomware targets users in Europe and North America
https://blog.avast.com/misconfigured-server-reveals-cerber-ransomware-targets-users-in-europe-and-north-america
-
WhatsApp vulnerability allows snooping on encrypted messages
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://tobi.rocks/2017/01/whatsapp-vulnerability-bug-or-backdoor/
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
-
(Cross-)Browser Fingerprinting via OS and Hardware Level Features
https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
-
CryptoSearch Finds Files Encrypted by Ransomware, Moves Them to New Location
https://www.bleepingcomputer.com/news/security/cryptosearch-finds-files-encrypted-by-ransomware-moves-them-to-new-location/
https://download.bleepingcomputer.com/demonslay335/CryptoSearch.zip
-
Who is Anna-Senpai, the Mirai Worm Author?
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
-
Already on probation, Symantec issues more illegit HTTPS certificates
http://arstechnica.com/security/2017/01/already-on-probation-symantec-issues-more-illegit-https-certificates/
https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg05455.html
-
Re-Hacking The Samsung Smartcam
https://blog.exploitee.rs/2017/re-hacking-the-samsung-smartcam/
-
Meet TorWorld, an Upcoming Tor-as-a-Service Portal
https://www.bleepingcomputer.com/news/security/meet-torworld-an-upcoming-tor-as-a-service-portal/
https://torworld.org/
-
VirLocker’s comeback; including recovery instructions
https://blog.malwarebytes.com/threat-analysis/2017/01/virlockers-comeback-including-recovery-instructions/
-
Cyber Grand Shellphish
http://phrack.org/papers/cyber_grand_shellphish.html
-
Saga 2.0 comes with IP Generation Algorithm (IPGA)
https://www.govcert.admin.ch/blog/27/saga-2.0-comes-with-ip-generation-algorithm-ipga
-
Content Injection Vulnerability in WordPress
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
-
Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite
https://motherboard.vice.com/en_us/article/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite
-
Watch Your Computer Go Bonkers with Cancer Trollware
https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/
-
Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support
https://www.bleepingcomputer.com/news/security/spora-ransomware-sets-itself-apart-with-top-notch-pr-customer-support/
-
Vizio smart TVs tracked viewers around the clock without consent
https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/
-
Vizio smart TVs tracked viewers around the clock without consent
https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/ (https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/)
Maybe it was a good thing that a lightning strike killed the one I owned. :)
-
Vizio smart TVs tracked viewers around the clock without consent
https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/ (https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/)
Maybe it was a good thing that a lightning strike killed the one I owned. :)
Wow, quite interesting Bob, "heavenly power" used for anti-tracking... ;)
-
iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
https://iranthreats.github.io/resources/macdownloader-macos-malware/
-
Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection
https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html
-
Erebus Ransomware Utilizes a UAC Bypass and Request a $90 Ransom Payment
https://www.bleepingcomputer.com/news/security/erebus-ransomware-utilizes-a-uac-bypass-and-request-a-90-ransom-payment/
-
Fileless attacks against enterprise networks
https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/
-
New Attack, Old Tricks (analyzing a malicious document with a mac-specific payload)
https://objective-see.com/blog/blog_0x17.html
-
New ASLR-busting JavaScript is about to make drive-by exploits much nastier
https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/
https://www.vusec.net/projects/anc/
-
New Xagent Mac Malware Linked with the APT28
https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
-
CryptoMix: Avast adds a new free decryption tool to its collection
https://blog.avast.com/cryptomix-avast-adds-a-new-free-decryption-tool-to-its-collection
-
New crypto-ransomware hits macOS
http://www.welivesecurity.com/2017/02/22/new-crypto-ransomware-hits-macos/
-
SHAttered - We have broken SHA-1 in practice
https://shattered.it/
https://shattered.it/static/shattered.pdf
-
SHAttered - We have broken SHA-1 in practice
https://shattered.it/ (https://shattered.it/)
https://shattered.it/static/shattered.pdf (https://shattered.it/static/shattered.pdf)
This reminds me of the Cancer warnings against using sugar. They fed a rat the equivalent of a bath tub
full of sugar daily and the rat developed cancer. Sugar must therefore be a cancer causing agent.
Sugar is now considered safer than it's first released replacement.
-
SMTP over XXE − how to send emails using Java's XML parser
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
-
Advisory: Java/Python FTP Injections Allow for Firewall Bypass
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
-
Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037
-
Decrypting after a Findzip ransomware infection
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
-
Nextcloud releases security scanner to help protect private clouds
https://nextcloud.com/blog/nextcloud-releases-security-scanner-to-help-protect-private-clouds/
https://scan.nextcloud.com/
-
Spammergate: The Fall of an Empire
https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-though-bad-backups.html
-
Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
-
The Skinner adware rears its ugly head on Google Play
http://blog.checkpoint.com/2017/03/08/skinner-adware-rears-ugly-head-google-play/
-
Content-Type: Malicious - New Apache Struts2 0-day Under Attack
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
https://cwiki.apache.org/confluence/display/WW/S2-045
-
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf
-
Decrypting after a Findzip ransomware infection
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
Mac FindZip ransomware decryption tool unzips your encrypted files
https://blog.avast.com/mac-findzip-ransomware-decryption-tool-helps-you-unzip-your-encrypted-files
-
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
-
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
Big this month, considering the pulling of last months update. Still haven't received mine yet, but I'm in no rush.
Looking at the list, it doesn't seem that Microsoft has learnt anything, same issues time and time again, 'Remote Code Execution,' 'Elevation of Privileges, 'Information Disclosure,' etc. etc.
-
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
Big this month, considering the pulling of last months update....
Yep, let's call it double-trouble. ;)
-
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx (https://technet.microsoft.com/library/security/ms17-mar.aspx)
Big this month, considering the pulling of last months update....
Yep, let's call it double-trouble. ;)
The update this month also took almost as much time as a new install.
-
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
Looking at the list, it doesn't seem that Microsoft has learnt anything, same issues time and time again, 'Remote Code Execution,' 'Elevation of Privileges, 'Information Disclosure,' etc. etc.
Either that or someone keeps figuring out ways to circumvent Microsoft fixes. Any way you look at Microsoft can't get a handle on it.
-
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
Looking at the list, it doesn't seem that Microsoft has learnt anything, same issues time and time again, 'Remote Code Execution,' 'Elevation of Privileges, 'Information Disclosure,' etc. etc.
Either that or someone keeps figuring out ways to circumvent Microsoft fixes. Any way you look at Microsoft can't get a handle on it.
You would like to hope that MS would actually be testing for these vulnerabilities when the elements are designed.
-
Taking Stock: Estimating Vulnerability Rediscovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758
-
Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!
https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/
-
Zero Days, Thousands of Nights - The Life and Times of Zero-Day Vulnerabilities and Their Exploits
http://www.rand.org/pubs/research_reports/RR1751.html
http://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf
-
Detecting and eliminating Chamois, a fraud botnet on Android
https://security.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html
-
Virtual machine escape fetches $105,000 at Pwn2Own hacking contest
https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
-
DoubleAgent: Taking Full Control Over Your Antivirus
http://cybellum.com/doubleagent-taking-full-control-antivirus/
http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/
PS: https://forum.avast.com/index.php?topic=199290.0 (Forum discussion)
-
Necurs Diversifies Its Portfolio
http://blog.talosintelligence.com/2017/03/necurs-diversifies.html
-
Diverse protections for a diverse ecosystem: Android Security 2016 Year in Review
https://security.googleblog.com/2017/03/diverse-protections-for-diverse.html
https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf
-
Dark Matter
https://wikileaks.org/vault7/darkmatter/
-
In case E.T. need to phone home ;)
The Moon could have its own mobile data network as soon as next year
http://www.wired.co.uk/article/moon-mobile-data-2018
-
In case E.T. need to phone home ;)
The Moon could have its own mobile data network as soon as next year
http://www.wired.co.uk/article/moon-mobile-data-2018
Great the moon will have better communications than many villages on this world.
-
Adware Replaces Phone Numbers for Security Firms Returned in Search Results
https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/
-
Number of internet facing vulnerable IIS 6.0 to CVE-2017–7269
https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812
https://github.com/edwardz246003/IIS_exploit
-
Skype Malvertising Campaign Pushes Fake Flash Player
https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
-
Avast joins No More Ransom project as associate partner
https://blog.avast.com/avast-joins-no-more-ransom-project-as-associate-partner
https://www.nomoreransom.org
-
Mobile spyware uses sandbox to avoid antivirus detections
https://blog.avast.com/mobile-spyware-uses-sandbox-to-avoid-antivirus-detections
-
Worried about ransomware or nuclear war, you may store your backup here
http://www.livescience.com/58497-second-doomsday-vault-opens-for-data.html?utm_medium=syndication&utm_source=zergnet
-
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks
https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf
-
Pegasus for Android - Technical Analysis and Findings of Chrysaor
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
-
Longhorn: Tools used by cyberespionage group linked to Vault 7
https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7
-
Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day
https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day
-
MS - April 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99
https://portal.msrc.microsoft.com/en-us/security-guidance
-
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer
-
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
-
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.
-
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.
I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
-
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer (https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer)
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.
I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
I've just added my 2 cents. :)
-
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer (https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer)
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.
I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
I've just added my 2 cents. :)
Yes, totally agreed.
I think they may be considering their position, possibly not about a return of the avast remote assistance tool, but to allow comments on the blog ;)
-
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer (https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer)
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.
I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
I've just added my 2 cents. :)
Yes, totally agreed.
I think they may be considering their position, possibly not about a return of the avast remote assistance tool, but to allow comments on the blog ;)
I've regularly, and for quite some time, commented on the Avast Blog. :)
-
Microsoft has now started to block Windows 7/8.1 updates on PCs with recent processors
https://www.onmsft.com/news/microsoft-has-now-started-to-block-windows-78-1-updates-on-pcs-with-recent-processors
-
About TeamViewer, I beg to disagree. It was a feature used by less than 1% of the users (most only ourselves and advanced users).
If we keep, or add, features that have security issues in other 3rd party apps, we'll see Avast being everything but a security app.
I know you'll be angry with me, but when people talk about "bloatware" and "keep only in security field" we clap-clap them...
Remote Assistance is not security in 1st place. It's convenient, it could be there, but it was gone and technical team needs to be focused :)
-
About TeamViewer, I beg to disagree. It was a feature used by less than 1% of the users (most only ourselves and advanced users).
If we keep, or add, features that have security issues in other 3rd party apps, we'll see Avast being everything but a security app.
I know you'll be angry with me, but when people talk about "bloatware" and "keep only in security field" we clap-clap them...
Remote Assistance is not security in 1st place. It's convenient, it could be there, but it was gone and technical team needs to be focused :)
1. Does it really matter if it is only used by a small percentage, it was essentially a unique feature to avast, not it isn't there what other unique feature is there to have people choose/switch to avast. I have no idea how much of an overhead it was, but I can't imagine it being massive.
2. You talk of bloat, well avast is still full of it, components that I will never use and that is why so many people get rid of the cr4p using a custom install or the minimum install. Fortunately people can uninstall or not install components they don't need or want, the same would be true for the avast remote assistance function.
People are more worried about components that are installed against their wishes (even though the EULA may cover that), just cast your mind back to when the safezone browser was introduced. Also all of the in your face ads for other avast products. These I would say are much well received than the avast remote assistance function.
So you think it is OK that avast removed this function, in light of the blog article about the team viewer vulnerability/exploit. If that were me I certainly wouldn't have released a blog article that highlighted the lack a remote assistance function that was driving avast users to team viewer and leaving them potentially vulnerable to exploit.
-
About TeamViewer, I beg to disagree. It was a feature used by less than 1% of the users (most only ourselves and advanced users).
If we keep, or add, features that have security issues in other 3rd party apps, we'll see Avast being everything but a security app.
I know you'll be angry with me, but when people talk about "bloatware" and "keep only in security field" we clap-clap them...
Remote Assistance is not security in 1st place. It's convenient, it could be there, but it was gone and technical team needs to be focused :)
Sorry Lisandro, I totally disagree with your opinion on this topic.
Securing your computer via remote assistance to make it safe, is certainly security related.
If everything was purely based on the number of users, lots of useful programs wouldn't exist.
I'm all for eliminating bloatware but this isn't one of the items that belongs in that category.
-
Sorry Lisandro, I totally disagree with your opinion on this topic.
No need to be sorry Bob. We just disagree :)
I'm all for eliminating bloatware but this isn't one of the items that belongs in that category.
I did not say (neither think) that this feature is bloatware. I've put the word into quotes. I just think that is not a popular and imho it's not security related. It's convenient only.
-
Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers
https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
-
Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
https://www.xudongz.com/blog/2017/idn-phishing/
https://www.reddit.com/r/netsec/comments/65csdk/phishing_with_unicode_domains/
-
Statement concerning the arrest of Dmitry Bogatov
https://www.debian.org/News/2017/20170417
Statement regarding Dmitry Bogatov
https://blog.torproject.org/blog/statement-regarding-dmitry-bogatov
-
No password, phone sign in for Microsoft accounts!
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
-
Abusing NVIDIA's node.js to bypass application whitelisting
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
-
Android Spyware SMSVova posing as system update on Play Store
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
-
Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique
https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
http://blog.binaryedge.io/2017/04/21/doublepulsar/
https://arstechnica.com/security/2017/04/10000-windows-computers-may-be-infected-by-advanced-nsa-backdoor/
https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
-
Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique
https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
http://blog.binaryedge.io/2017/04/21/doublepulsar/
https://arstechnica.com/security/2017/04/10000-windows-computers-may-be-infected-by-advanced-nsa-backdoor/
https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NSA backdoor detected on >55,000 Windows boxes can now be remotely removed
https://arstechnica.com/security/2017/04/nsa-backdoor-detected-on-55000-windows-boxes-can-now-be-remotely-removed/
https://github.com/countercept/doublepulsar-detection-script
-
New update options for Windows 10, version 1703
https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/
-
New update options for Windows 10, version 1703
https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/
I can't recall where I read it, but aren't you required to make changes to your privacy settings before installing the Creators Update ?
I can't see why it would be necessary to change privacy settings to receive updates.
-
New update options for Windows 10, version 1703
https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/ (https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/)
I can't recall where I read it, but aren't you required to make changes to your privacy settings before installing the Creators Update ?
I can't see why it would be necessary to change privacy settings to receive updates.
No. What you probably read was that this version has more settings under privacy than prior versions.
(It still doesn't change the fact that there is no privacy.....)
-
OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
-
Verizon’s 2017 Data Breach Investigations Report
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_execsummary_en_xg.pdf
-
Remote security exploit in all 2008+ Intel platforms
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr
PS: Thanks to Dwarden for the links..!!
-
Privacy Threats through Ultrasonic Side Channels on Mobile Devices
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
-
Why the Next 10 Days Are Critical to the Internet’s Future
Net neutrality is in jeopardy again. We need another grassroots movement
https://blog.mozilla.org/blog/2017/05/08/next-10-days-critical-internets-future/
https://advocacy.mozilla.org/en-US/net-neutrality
-
MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252
https://technet.microsoft.com/library/security/4022344.aspx
-
Keylogger in Hewlett-Packard Audio Driver
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
-
Multiple Vulnerabilities in ASUS Routers
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/
-
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
-
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
-
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
-
<snip quotes>
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
A very interesting article.
-
Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
https://technet.microsoft.com/en-us/library/security/4010323
-
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
-
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
WannaCry update: The worst ransomware outbreak in history
https://blog.avast.com/wannacry-update-the-worst-ransomware-outbreak-in-history
-
Keylogger in Hewlett-Packard Audio Driver
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
HPSBGN03558 rev.7 - Conexant HD Audio Driver Local Debug Log
https://support.hp.com/us-en/document/c05519670
-
Meet Adylkuzz: cryptocurrency mining malware spreading using the same exploit as WannaCry
https://blog.avast.com/meet-adylkuzz-cryptocurrency-mining-malware-spreading-using-the-same-exploit-as-wannacry
-
Researcher is able to decrypt the files under XP :
http://mashable.com/2017/05/18/wannacry-wannakey-decrypted-ransomware/?utm_campaign=Mash-Prod-RSS-Feedburner-All-Partial&utm_cid=Mash-Prod-RSS-Feedburner-All-Partial#KMqYt0c_SmqB
https://github.com/aguinet/wannakey
-
Stealing Windows Credentials Using Google Chrome
http://defensecode.com/news_article.php?id=21
-
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
WannaCry update: The worst ransomware outbreak in history
https://blog.avast.com/wannacry-update-the-worst-ransomware-outbreak-in-history
Avast Wi-Fi Inspector can tell you if your PC is vulnerable to WannaCry
https://blog.avast.com/avast-wi-fi-inspector-can-tell-you-if-your-pc-is-vulnerable-to-wannacry
https://help.avast.com/en/av_free/17/hns/hns-doublepulsar-infection.html
-
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two
https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/
-
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two
https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/
Don't you just love the so called security services, that leave the rest of the worlds computer users at risk of their so called security tools.
-
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two
https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/
Don't you just love the so called security services, that leave the rest of the worlds computer users at risk of their so called security tools.
NSA officials worried about the day its potent hacking tool would get loose. Then it did.
https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html
-
*bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
-
Porting Windows Dynamic Link Libraries to Linux
https://github.com/taviso/loadlibrary
-
Cloak & Dagger
http://cloak-and-dagger.org/
http://cs.ucsb.edu/~yanick/publications/2017_oakland_cloakanddagger.pdf
-
Avast releases decryptor tool for AES_NI ransomware
https://blog.avast.com/avast-releases-decryptor-tool-for-aes_ni-ransomware
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently only affects commercial systems.
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently only affects commercial systems.
Also see Reply #1744. Cheers.
-
Avast releases decryption tool for XData ransomware
https://blog.avast.com/avast-releases-decryption-tool-for-xdata-ransomware
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf (https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf)
More information from Intel:
https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/ (https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/)
Both links gotten from original link posted above. If you've already read these then not aware of new news and I'd suggest contacting Intel directly. Running the tool Intel provides should help.
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf (https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf)
More information from Intel:
https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/ (https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/)
Both links gotten from original link posted above. If you've already read these then not aware of new news and I'd suggest contacting Intel directly. Running the tool Intel provides should help.
ok so is there a patch or something to fix the issues?
-
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted: Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf (https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf)
More information from Intel:
https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/ (https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/)
Both links gotten from original link posted above. If you've already read these then not aware of new news and I'd suggest contacting Intel directly. Running the tool Intel provides should help.
ok so is there a patch or something to fix the issues?
I've actually run the Intel tool and it found system as 'Unknown' and stated the vulnerable software was not running. so there was nothing to be done further.
Intel should be able to point you to a patch or fix if you need it, but must run the tool to find out first.
-
Introducing the Intel Compute Card
https://www.youtube.com/watch?v=Wv8ETAA1_6Y&feature=youtu.be
-
Microsoft’s Looking to Reboot Mobile with New Software and Hardware
https://www.thurrott.com/mobile/117153/microsofts-looking-reboot-mobile-new-software-hardware
Canceled Microsoft Lumia 960 flagship smartphone makes appearance
http://www.phonearena.com/news/Canceled-Microsoft-Lumia-960-flagship-smartphone-makes-appearance_id94644
-
Tainted Leaks: Disinformation and Phishing With a Russian Nexus
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
-
Pandemic
https://wikileaks.org/vault7/releases/#Pandemic
-
WannaCry: Two Weeks and 16 Million Averted Ransoms Later
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
-
Microsoft Office bug nags you with a pop-up every hour
https://www.engadget.com/2017/05/30/microsoft-office-pop-up-bug/
-
FIREBALL – The Chinese Malware of 250 Million Computers Infected
http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/
-
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
-
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
Top Secret eh, so top secret it has been leaked ???
Perhaps N 'Security' A doesn't mean secret.
-
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
Top Secret eh, so top secret it has been leaked ???
Perhaps N 'Security' A doesn't mean secret.
How The Intercept Outed Reality Winner
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
-
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
Top Secret eh, so top secret it has been leaked ???
Perhaps N 'Security' A doesn't mean secret.
How The Intercept Outed Reality Winner
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
Ha, Ha, dumb and dumber.
That ink dots identity/tagging process has been around for absolutely years, so much so it would appear that people have forgotten or weren't computer users when it first surfaced. It used to only be on high end Laser Printers.
-
That ink dots identity/tagging process has been around for absolutely years, so much so it would appear that people have forgotten or weren't computer users when it first surfaced. It used to only be on high end Laser Printers.
Yep, for the interested ones: https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
-
That ink dots identity/tagging process has been around for absolutely years, so much so it would appear that people have forgotten or weren't computer users when it first surfaced. It used to only be on high end Laser Printers.
Yep, for the interested ones: https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
Certainly an interesting read, with virtually all colour laserjet printers printing them. Even better only two notable companies not printing them, OkiData and Samsung. I had been looking at getting a laser printer some time ago when they were pretty expensive and I was looking at the Oki laser printers as they were competitively priced. At that time I wasn't aware that they didn't print the tagging/tracking dots.
-
WannaCry mistakes that can help you restore files after infection
https://securelist.com/78609/wannacry-mistakes-that-can-help-you-restore-files-after-infection/
-
WannaCry WannaBe targeting Android smartphones
https://blog.avast.com/wannacry-wannabe-targeting-android-smartphones
-
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft
https://blog.kaspersky.com/microsoft-european-trial/16976/
-
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft (https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft)
https://blog.kaspersky.com/microsoft-european-trial/16976/ (https://blog.kaspersky.com/microsoft-european-trial/16976/)
I'm sure all other AV companies are hoping Kaspersky Labs wins this suit. :)
-
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/
-
Dvmap: the first Android malware with code injection
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
-
Of Cameras & Compromise: How IoT Could Dull Your Competitive Edge
https://business.f-secure.com/foscam_cameras_and_compromise
https://img.en25.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf
-
PLATINUM continues to evolve, find ways to maintain invisibility
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
-
CertLock Trojan Blocks Security Programs by Disallowing Their Certificates
https://www.bleepingcomputer.com/news/security/certlock-trojan-blocks-security-programs-by-disallowing-their-certificates/
-
SambaCry is coming
https://securelist.com/sambacry-is-coming/78674/
-
Microsoft Security Update Summary (Replaces old Microsoft Security Updates): https://technet.microsoft.com/en-us/security/bulletins.aspx (https://technet.microsoft.com/en-us/security/bulletins.aspx)
https://portal.msrc.microsoft.com/en-us/security-guidance/summary (https://portal.msrc.microsoft.com/en-us/security-guidance/summary)
-
Microsoft Security Update Summary (Replaces old Microsoft Security Updates): https://technet.microsoft.com/en-us/security/bulletins.aspx (https://technet.microsoft.com/en-us/security/bulletins.aspx)
https://portal.msrc.microsoft.com/en-us/security-guidance/summary (https://portal.msrc.microsoft.com/en-us/security-guidance/summary)
June 2017 security update release
Microsoft releases additional updates for older platforms to protect against potential nation-state activity
https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
-
Avast releases free decryption tool for EncrypTile ransomware
https://blog.avast.com/avast-releases-free-decryption-tool-for-encryptile-ransomware
-
How AI outsmarts cybercriminals
https://blog.avast.com/how-ai-works-outsmart-cybercriminals-online-security-best-malware-protection
https://www.avast.com/nextgen
-
Cherry Blossom
https://wikileaks.org/vault7/releases/#Cherry%20Blossom
-
Decrypted: Kaspersky Releases Decryptor for the Jaff Ransomware
https://www.bleepingcomputer.com/news/security/decrypted-kaspersky-releases-decryptor-for-the-jaff-ransomware/
-
The Stack Clash
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1be7107fbe18eed3e319a6c3e83c78254b693acb
-
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft (https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft)
https://blog.kaspersky.com/microsoft-european-trial/16976/ (https://blog.kaspersky.com/microsoft-european-trial/16976/)
I'm sure all other AV companies are hoping Kaspersky Labs wins this suit. :)
Microsoft admits it disables anti-virus software in response to Kaspersky's EU complaint
https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response
https://blogs.technet.microsoft.com/mmpc/2017/06/20/partnering-with-the-av-ecosystem-to-protect-our-windows-10-customers/
-
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft (https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft)
https://blog.kaspersky.com/microsoft-european-trial/16976/ (https://blog.kaspersky.com/microsoft-european-trial/16976/)
I'm sure all other AV companies are hoping Kaspersky Labs wins this suit. :)
Microsoft admits it disables anti-virus software in response to Kaspersky's EU complaint
https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response (https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response)
https://blogs.technet.microsoft.com/mmpc/2017/06/20/partnering-with-the-av-ecosystem-to-protect-our-windows-10-customers/ (https://blogs.technet.microsoft.com/mmpc/2017/06/20/partnering-with-the-av-ecosystem-to-protect-our-windows-10-customers/)
After reading MS explanation, I think the wise move was to disable something not compatible.
It's certainly better than allowing the incompatibility and crashing the system.
(This also means that MS should be held accountable if they don't allow enough time to work out compatibility problems before pushing out their update.)
-
The OpenVPN post-audit bug bonanza
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
-
Player 1 Limps Back Into the Ring - Hello again, Locky!
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
-
Microsoft says 'no known ransomware' runs on Windows 10 S -- so we tried to hack it
http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/
-
Microsoft says 'no known ransomware' runs on Windows 10 S -- so we tried to hack it
http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/
I think the magic words are no known ransomware, perhaps unknown ransomware runs on windows 10.
-
Brutal Kangaroo
https://wikileaks.org/vault7/#Brutal%20Kangaroo
-
GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking
https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/
-
Microsoft Security Advisory 4033453
Vulnerability in Azure AD Connect Could Allow Elevation of Privilege
https://technet.microsoft.com/library/security/4033453.aspx
-
:( help I downloaded avast VPN line on another phone and don't have that phone anymore and had bought the yearly subscription and I cannot figure out how to get my avast VPN line account on my new phone working...it says the subscription is compatible with up to 5 devices. Please someone help me retrieve this so I'm not out the money and have to pay again. I do love this app.
-
:( help I downloaded avast VPN line on another phone and don't have that phone anymore and had bought the yearly subscription and I cannot figure out how to get my avast VPN line account on my new phone working...it says the subscription is compatible with up to 5 devices. Please someone help me retrieve this so I'm not out the money and have to pay again. I do love this app.
-> https://forum.avast.com/index.php?board=80.0
-
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/
-
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b (https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b)
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/ (https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/)
This should actually be labeled as "targeted cyber war"
-
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b (https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b)
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/ (https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/)
This should actually be labeled as "targeted cyber war"
Things we have learned about Petna, the Petya-based malware
https://blog.avast.com/things-we-have-learned-about-petna-the-petya-based-malware
(https://blog.avast.com/hs-fs/hubfs/petna_map_June_30.png?t=1498844320267&width=680&height=417)
-
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/
No, not really. People jump to conclusions. I won`t judge the motivations (PR?).
https://blog.avast.com/things-we-have-learned-about-petna-the-petya-based-malware
-
Sliding right into disaster: Left-to-right sliding windows leak
https://eprint.iacr.org/2017/627
https://eprint.iacr.org/2017/627.pdf
-
Wildcard Certificates Coming January 2018
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
-
EU Prepares "Right to Repair" Legislation to Fight Short Product Lifespans
https://www.bleepingcomputer.com/news/government/eu-prepares-right-to-repair-legislation-to-fight-short-product-lifespans/
-
EU Prepares "Right to Repair" Legislation to Fight Short Product Lifespans
https://www.bleepingcomputer.com/news/government/eu-prepares-right-to-repair-legislation-to-fight-short-product-lifespans/
This area is one I really want to be sorted A.S.P.
For example, many devices today come with built-in LEDs that once they go out they cannot be replaced, or with soldered-in batteries that once they degrade, the user is forced to buy a new product altogether, or keep the device always plugged in.
For all of my old mobile phones, even before they became smart phones, they all had removable batteries once I had a battery older than a year old I used to get a new battery and alternate them. With my first smart phone Samsung Galaxy Nexus, a great phone but I would generally have to charge it every night so batteries don't last particularly long, so replacement batteries were great. I had that smart phone for 4 years before it died.
Now my Google Nexus 6P has a hard wired battery, but it is quite large capacity and lasts well over a day before it needs charging. But I feel that before my contract ends I'm likely to need to replace the battery (sending it of for replacement.
This really is madness, just imagine if all of those bonfires with the Samsung Galaxy Note 7, this could have saved Samsung $billions, just by having a replacement battery. I was seriously considering this phablet until the bonfires started up.
-
EU Prepares "Right to Repair" Legislation to Fight Short Product Lifespans
https://www.bleepingcomputer.com/news/government/eu-prepares-right-to-repair-legislation-to-fight-short-product-lifespans/
Great news, this is long overdue..!!
@Dave: Guess after the Brexit, the UK needs to do it on their own. :-\
-
Author of Original Petya Ransomware Publishes Master Decryption Key
https://www.bleepingcomputer.com/news/security/author-of-original-petya-ransomware-publishes-master-decryption-key/
-
Scientists Develop First Battery-Free Phone
https://www.bleepingcomputer.com/news/technology/scientists-develop-first-battery-free-phone/
-
Scientists Develop First Battery-Free Phone
https://www.bleepingcomputer.com/news/technology/scientists-develop-first-battery-free-phone/
Still a very long time this actually makes it to manufacture in current smart phone as they will much more than this prototype can provide.
-
Why Is the "Advanced Attributes" Button Sometimes Replaced By an "Archive" Checkbox?
https://www.howtogeek.com/315266/why-is-the-advanced-attributes-button-sometimes-replaced-by-an-archive-checkbox/
(https://www.howtogeek.com/wp-content/uploads/2017/07/advanced-button-sometimes-replaced-by-an-archive-checkbox-00.png)
-
The July 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/7/11/the-july-2017-security-update-review
-
The July 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/7/11/the-july-2017-security-update-review
http://blog.trendmicro.com/trendlabs-security-intelligence/july-patch-tuesday-addresses-critical-vulnerability-in-microsoft-hololens/
-
Intel Sued for Allegedly Defective, Exploding Phones
https://www.extremetech.com/g00/mobile/250798-intel-sued-qbex-brazil-allegedly-defective-exploding-smartphones
-
Cybercrime tactics and techniques Q2 2017
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
-
Scammer Uses Fake Tor Browser to Lure Victims to Supposed Dark Web Marketplace
https://www.bleepingcomputer.com/news/security/scammer-uses-fake-tor-browser-to-lure-victims-to-supposed-dark-web-marketplace/
-
Don’t get hooked by today’s phishing scams: What we can learn from the Gmail hack
https://blog.avast.com/dont-get-hooked-todays-phishing-scams-what-can-learn-from-gmail-hack (https://blog.avast.com/dont-get-hooked-todays-phishing-scams-what-can-learn-from-gmail-hack)
-
Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud
https://motherboard.vice.com/en_us/article/evdbdz/why-security-experts-are-pissed-that-1password-is-pushing-users-to-the-cloud
-
How 5G Works
http://electronics.howstuffworks.com/5g.htm
-
Hey guys this app is really helpful but can i ask why this app does not autorun after restarting my phone. I try experimenting about your app by restarting my phone then messaging it with lock command but i only receive text message and it does not work even i use the in app command . I need to open it first to apply its anti thief program . I worrying what if my phone got low battery then someone stole it. And i message it so if the thief open it , it will run the program ?
-
Hey guys this app is really helpful but can i ask why this app does not autorun after restarting my phone. I try experimenting about your app by restarting my phone then messaging it with lock command but i only receive text message and it does not work even i use the in app command . I need to open it first to apply its anti thief program . I worrying what if my phone got low battery then someone stole it. And i message it so if the thief open it , it will run the program ?
Please start your own topic in the following section:
https://forum.avast.com/index.php?board=66.0
-
Spyware targets Iranian Android users by abusing messaging app Telegram’s Bot API
https://blog.avast.com/spyware-targets-iranian-android-users-by-abusing-messaging-app-telegram-bot-api
-
Facebook users pwnd by phone with account recovery vulnerability
https://www.theregister.co.uk/2017/07/17/facebook_login_security/
https://medium.com/@jkmartindale/i-kinda-hacked-a-few-facebook-accounts-using-a-vulnerability-they-wont-fix-2f5669794f79
-
Linux Users Urged to Update as a New Threat Exploits SambaCry
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
-
Devil's Ivy: Flaw in Widely Used Third-party Code Impacts Millions
http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
http://blog.senr.io/devilsivy.html
-
Putin’s Hackers Now Under Attack — From Microsoft
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network
-
Putin’s Hackers Now Under Attack — From Microsoft
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network
You would think that letting this information leak out, is just asking for retaliatory action, best just to keep quiet and get on with it.
-
Putin’s Hackers Now Under Attack — From Microsoft
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network (http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network)
You would think that letting this information leak out, is just asking for retaliatory action, best just to keep quiet and get on with it.
Maybe they should have watched this first ???
https://youtu.be/Dvj0v0W6yjk
-
AlphaBay, the Largest Online 'Dark Market,' Shut Down
https://www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down
Underground Hansa Market taken over and shut down
https://www.politie.nl/en/news/2017/july/20/underground-hansa-market-taken-over-and-shut-down.html
-
Remote Code Execution In Source Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
-
Adobe will kill flash
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html
https://www.theverge.com/2017/7/25/16026236/adobe-flash-end-of-support-2020
-
Bye, bye Petya! Decryptor for old versions released.
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
-
Microsoft Windows Bounty Program Terms
https://technet.microsoft.com/en-us/security/mt493440
-
THE ADVENTURES OF AV AND THE LEAKY SANDBOX
https://www.blackhat.com/docs/us-17/thursday/us-17-Kotler-The-Adventures-Of-Av-And-The-Leaky-Sandbox-wp.pdf
https://github.com/SafeBreach-Labs/spacebin
-
Dark web doesn't exist, says Tor's Dingledine. And folks use network for privacy, not crime
Cofounder brings us up to date on network status
https://www.theregister.co.uk/2017/07/29/tor_dark_web/
-
VPN's under attack. First China now Russia:
(http://screencast-o-matic.com/screenshots/u/Lh/1501518420467-76160.png)
https://www.pcmag.com/news/355286/president-putin-bans-vpns-in-russia?utm_source=email&utm_campaign=whatsnewnow&utm_medium=title (https://www.pcmag.com/news/355286/president-putin-bans-vpns-in-russia?utm_source=email&utm_campaign=whatsnewnow&utm_medium=title)
-
We'll Pay You to #HackTor
https://blog.torproject.org/blog/we-will-pay-you-to-hack-tor-bug-bounty
https://hackerone.com/torproject
-
Our Copyfish extension was stolen and adware-infested
https://a9t9.com/blog/chrome-extension-adware/
-
2013, 2014, 2015, 2016, 2017 NSA collects MS error reports!
https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html
polonus
-
2013, 2014, 2015, 2016, 2017 NSA collects MS error reports!
https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html
Quite interesting, thanks for sharing it. :)
-
2013, 2014, 2015, 2016, 2017 NSA collects MS error reports!
https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html (https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html)
polonus
I'm quite sure the NSA isn't alone in these collection for infection practices. :)
I'm also certain that this isn't only done for MS errors and vulnerabilities.
-
Hi bob3160,
MS should get their error reports from end-users full encrypted,
so neither NSA nor others, you may point out here, should get their hands on the data.
On to-day's Internet infrastructure, where trust more and more starts to become a rare thing from the past.
we can no longer do without full strength e2ee. Too many data-breaches and revelations to the contrary.
polonus
-
Hacked in Translation – “Director’s Cut” – Full Technical Details
https://blog.checkpoint.com/2017/07/08/hacked-translation-directors-cut-full-technical-details/
-
A tool I would not advise to check: https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/
Seems an excellent source for malcreants to create their own known pwned passwords library for log-in-scraping ::) :o
polonus
-
So why post it and make it easier for the average user to find ???
-
(http://screencast-o-matic.com/screenshots/u/Lh/1501796532193-35683.png)
https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con
-
A new era in mobile banking Trojans
Svpeng turns keylogger and steals everything through accessibility services
https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/
-
(http://screencast-o-matic.com/screenshots/u/Lh/1501796532193-35683.png)
https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con (https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con)
The sub heading on this should have been:
Hero today, Gone0 tomorrow.
-
The sub heading on this should have been: Hero today, Gone0 tomorrow.
Side note: In dubio pro reo. ;)
-
The sub heading on this should have been: Hero today, Gone0 tomorrow.
Side note: In dubio pro reo. ;)
I pretty much agree 'doubt for the accused' or innocent until proven guilty. Having read the article and it would appear that in the USA the left hand doesn't know what the right hand is doing. With either secrecy over who made the arrest or where he is even being held.
This guy by all accounts was also working (from home in the UK) for an American security firm.
-
Announcing Snyk for Gradle, Scala and Python
https://snyk.io/blog/snyk-for-gradle-scala-python
-
Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
-
The August 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review
-
Privacy group accuses Hotspot Shield of snooping on web traffic
http://www.zdnet.com/article/privacy-group-accuses-hotspot-shield-of-snooping-on-web-traffic/
-
A reply from Microsoft on its continued commitment to work with the Security partners.
https://blogs.windows.com/windowsexperience/2017/08/09/evolving-windows-approach-av-thanks-partner-feedback/
-
A reply from Microsoft on its continued commitment to work with the Security partners.
https://blogs.windows.com/windowsexperience/2017/08/09/evolving-windows-approach-av-thanks-partner-feedback/
That is certainly a step in the right direction, we have to wait to see how it will actually work out.
-
Current state of malicious Powershell script blocking
https://www.mrg-effitas.com/current-state-of-malicious-powershell-script-blocking/
Note: A great result for Avast/AVG..!! 8)
-
Microsoft to remove WoSign and StartCom certificates in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
-
WTF is Mughthesec!? - poking on a piece of undetected adware
https://objective-see.com/blog/blog_0x20.html
-
SonicSpy: Over a thousand spyware apps discovered, some in Google Play
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
-
Mozilla Will Kill Legacy Firefox Add-Ons in Exactly Three Months
https://www.bleepingcomputer.com/news/software/mozilla-will-kill-legacy-firefox-add-ons-in-exactly-three-months/
-
Mozilla Will Kill Legacy Firefox Add-Ons in Exactly Three Months
https://www.bleepingcomputer.com/news/software/mozilla-will-kill-legacy-firefox-add-ons-in-exactly-three-months/
This is definitely going to be fun (NOT) for Firefox users. I don't know about 80% of existing add-ons not being compatible with the new WebExtensions API, only one of my add-ons is compatible with the new WebExtensions API.
I too can also see this as a potentially massive exit for many firefox users as the add-ons were a very big draw. As we get closer to the date and Mozilla see if developers have converted to the new WebExtensions I wonder if this too will be pushed back.
In the past when Mozilla insisted on signed add-ons and that deadline kept getting pushed back as progress from developers was poor.
-
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.
-
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.
Yes, but isn't a little earlier than that it also drops support for XP OS.
Looks like I will probably be dropping back to the ESR build on my other two systems until this mess is sorted out.
-
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.
1. Yes, but isn't a little earlier than that it also drops support for XP OS.
2. Looks like I will probably be dropping back to the ESR build on my other two systems until this mess is sorted out.
1. Nope, the 52.x branch of FF ESR will still be supported for XP/Vista.
2. If so, consider: https://www.ghacks.net/2017/08/02/you-cannot-downgrade-firefox-55-profiles/
-
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.
1. Yes, but isn't a little earlier than that it also drops support for XP OS.
2. Looks like I will probably be dropping back to the ESR build on my other two systems until this mess is sorted out.
1. Nope, the 52.x branch of FF ESR will still be supported for XP/Vista.
2. If so, consider: https://www.ghacks.net/2017/08/02/you-cannot-downgrade-firefox-55-profiles/
2. I'm assuming a clean install of the ESR version, not using an existing profile would work; I had seen this not using FF55 profile in earlier versions.
-
I'm assuming a clean install of the ESR version, not using an existing profile would work; I had seen this not using FF55 profile in earlier versions.
Yep, should work. Cheers.
-
Wonder if ESR is really getting everything (security wise).
https://www.komando.com/happening-now/413693/update-firefox-now-critical-security-flaws-leave-you-vulnerable-to-hacks
-
Wonder if ESR is really getting everything (security wise).
Sure, see: https://www.mozilla.org/en-US/security/advisories/
-
Plenty of Phishing
https://blog.avast.com/plenty-of-phishing
-
unCaptcha: A Low-Resource Defeat of reCaptcha’s Audio Challenge
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
-
Shattered Trust: When Replacement Smartphone Components Attack
https://www.usenix.org/system/files/conference/woot17/woot17-paper-shwartz.pdf
-
Get Rich or Die Trying: A Case Study on the Real Identity behind a Wave of Cyber Attacks on Energy, Mining and Infrastructure Companies
https://blog.checkpoint.com/2017/08/15/get-rich-die-trying-case-study-real-identity-behind-wave-cyberattacks-energy-mining-infrastructure-companies/
-
Busting Myths in Foxit Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
-
ShadowPad in corporate networks
https://securelist.com/shadowpad-in-corporate-networks/81432/
https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf
-
Ransomware Targeting WordPress – An Emerging Threat
https://www.wordfence.com/blog/2017/08/ransomware-wordpress/
-
Veracode Survey Research Identifies Cybersecurity Skills Gap Causes and Cures
https://www.veracode.com/blog/security-news/veracode-survey-research-identifies-cybersecurity-skills-gap-causes-and-cures
-
SyncCrypt Ransomware Hides Inside JPG Files, Appends .KK Extension
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
-
SyncCrypt Ransomware Hides Inside JPG Files, Appends .KK Extension
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/ (https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/)
Have you reported this to Avast ???
-
SyncCrypt Ransomware Hides Inside JPG Files, Appends .KK Extension
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/ (https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/)
Have you reported this to Avast ???
Hi Bob, no, Avast/AVG already detects it, see: https://www.virustotal.com/#/file/877488d8f43548c6e3016abd33e2d593a44d450f1910084733b3f369cbdcae85/detection
-
Thanks, good to know. I asked since the article stated that only one AV detected it and it wasn't Avast.
Things change very quickly in this business. :)
-
Thanks, good to know. I asked since the article stated that only one AV detected it and it wasn't Avast.
Things change very quickly in this business. :)
You're welcome. :)
-
Microsoft Security Intelligence Report Volume 22 is now available
https://blogs.microsoft.com/microsoftsecure/2017/08/17/microsoft-security-intelligence-report-volume-22-is-now-available/
https://www.microsoft.com/en-us/security/intelligence-report
-
Reverse Engineering x86 Processor Microcode
http://syssec.rub.de/media/emma/veroeffentlichungen/2017/08/16/usenix17-microcode.pdf
-
New multi platform malware/adware spreading via Facebook Messenger
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
-
Global Measurement of DNS Manipulation
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-pearce.pdf
-
Igexin advertising network put user privacy at risk
https://blog.lookout.com/igexin-malicious-sdk
-
Defray - New Ransomware Targeting Education and Healthcare Verticals
https://www.proofpoint.com/us/threat-insight/post/defray-new-ransomware-targeting-education-and-healthcare-verticals
-
Disabling Intel ME 11 via undocumented mode
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
-
Why The Internet Is About To Change For The Worse
http://www.cracked.com/blog/why-your-favorite-sites-are-suddenly-asking-money/
-
Why The Internet Is About To Change For The Worse
http://www.cracked.com/blog/why-your-favorite-sites-are-suddenly-asking-money/ (http://www.cracked.com/blog/why-your-favorite-sites-are-suddenly-asking-money/)
Now you know why Avast keeps pushing their upgrade requests. :)
-
From Onliner Spambot to millions of email's lists and credentials
https://benkowlab.blogspot.com/2017/08/from-onliner-spambot-to-millions-of.html
-
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
https://isc.sans.edu/diary/22776
-
Documentation and Analysis of the Linux Random Number Generator (August 2017)
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
-
SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
-
Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lauinger.pdf
-
320 Million Hashes Exposed
http://cynosureprime.blogspot.com/2017/08/320-million-hashes-exposed.html
-
Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims
https://www.bleepingcomputer.com/news/security/massive-wave-of-mongodb-ransom-attacks-makes-26-000-new-victims/
-
PlatPal: Detecting Malicious Documents with Platform Diversity
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-xu-meng.pdf
-
BootStomp: On the Security of Bootloaders in Mobile Devices
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-redini.pdf
-
Bug in Windows Kernel Could Prevent Security Software From Identifying Malware
https://www.bleepingcomputer.com/news/security/bug-in-windows-kernel-could-prevent-security-software-from-identifying-malware/
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
-
CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin
https://www.imperva.com/blog/2017/09/cve-2017-9805-analysis-of-apache-struts-rce-vulnerability-in-rest-plugin/
-
The September 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/9/12/the-september-2017-security-update-review
-
Chrome’s Plan to Distrust Symantec Certificates
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
-
BlueBorne
The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
-
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
-
Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites
https://www.wordfence.com/blog/2017/09/display-widgets-malware/
https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/
-
Ayuda! (Help!) Equifax Has My Data!
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
-
Kromtech Discovers Massive ElasticSearch Infected Malware Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
-
Cryptocurrency web mining: In union there is profit
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
-
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
https://www.bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed
-
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
-
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
-
High Sierra’s ‘Secure Kernel Extension Loading’ is Broken
https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/
-
New FinFisher surveillance campaigns: Are internet providers involved?
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/
-
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
-
iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices
http://blog.trendmicro.com/trendlabs-security-intelligence/ixintpwn-yjsnpi-abuses-ioss-config-profile-can-crash-devices/
-
Dear Asyn and others that follow this thread,
In the light of the recent attacks against CCleaner with redirection to controlled C2 servers by sophisticated state hackers, known as Group 72, we should also consider the following insights:
The recent actions againgst Asian C2 servers: https://tweakers.net/nieuws/123911/interpol-en-beveiligingsbedrijven-identificeren-8800-c2-servers-in-zuidoost-azie.html (translate to English using Google translate).
Because of collision issues we can no longer profoundly trust MD5 or SHA1 hashes. NIST recently removed a weakened NSA-algorithm
and NSA has difficulty getting two new weakened distrusted algoritms approved: http://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV
But then after the Snowden reports, who can trust a "burglar that sells locks"?
Another issue: Dual EC DRBG is a "cryptographically secure pseudorandom number generator", something that generatess streeams of bits, that are quasi-random, and one cannot tell the difference with real randomness. As such a tool in that is not an encryption algorithm, but it should have a place inside the crytographer's toolchest. Well this one should be quarantained, as it does more wrong than it is worthless as such.
And despite of that RSA Security (the firm by that name*) has Dual EC DRBG installed as per default, while there are much better choices available. Is not that a coincidence? Why anyone should ever now believe NIT anymore?
Wanna have a go at it: download LCPT_gcc.cc program from directory: wuala.com/FreemoveQuantumExchange/Aspects/Randomness/Theory/Berlekamp-Massey
source code is there as well.
When you start to test files s01.dat and s.02.dat using the LCPT_gcc.cc program, it appears complexity halts at 19937
and does not go further, which is the complexity of a Mersenne-Twister. Whenever using Mersenne
to be found inside mentioned directory generate pseudo-random files and test those you will find the compexity is 4*19937.
This is why per output (of 32bits) 4 bits are being sampled. In the same way one can test the output of the Microsoft PRNG,
see that same dir. One would find similar results.
Now we see why with CCleaner the 32-bit versions were compromised. We know the trick now that the l33t hacker(s) used.
Is it not kind of weird that security organizations and state agents wanna undermine everyone's security with this kind of nonsense/crap?
So you can create backdoors when you alone own the secret key. Sort of similar to a normal public key scheme.
polonus (volunteer website security analyst and website error-hunter).
P.S. It should be a concern that the Microsoft Windows certificate store (you find it inside the registry) identifies certifivcates 'uniquely" on basis of their SHA1 hash - collision can not be avoided under all circumstances. SHA1 is unsafe
-
(snip) SHA1 is unsafe
It's been unsafe for a very long time: https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
-
Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection
https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/
-
Optionsbleed - HTTP OPTIONS method can leak Apache's server memory
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
-
Go spy, GO! Popular app with 200M+ users crosses the red line
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
-
What a wrong update could have as a result, Dutch posters making posts in Swedish via MS Outlook: https://www.security.nl/posting/531515/Ansikte+id+p%C3%A5+din+smartphone+%C3%A4r+a%3A
Funny if the Microsoft Update Release Management was not that tragically wrong. :o
polonus
-
Ransomware or Wiper? RedBoot Encrypts Files but also Modifies Partition Table
https://www.bleepingcomputer.com/news/security/ransomware-or-wiper-redboot-encrypts-files-but-also-modifies-partition-table/
-
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Additional information regarding the recent CCleaner APT security incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
-
CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
-
ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
-
Illusion Gap – Antivirus Bypass Part 1
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
-
Broadening HSTS to secure more of the Web
https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html
-
PrivateBin
PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data
https://privatebin.info/
-
Internet Explorer bug leaks whatever you type in the address bar
https://arstechnica.com/information-technology/2017/09/bug-in-fully-patched-internet-explorer-leaks-text-in-address-bar/
http://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
-
Fake Plugins, Fake Security
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
-
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Additional information regarding the recent CCleaner APT security incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
Inside the CCleaner Backdoor Attack
https://threatpost.com/inside-the-ccleaner-backdoor-attack/128283/
-
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://github.com/google/security-research-pocs/tree/master/vulnerabilities/dnsmasq
-
New macOS High Sierra vulnerability exposes the password of an encrypted APFS container
https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
-
The October 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/10/10/the-october-2017-security-update-review
-
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets
https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html
-
System Shock: How A Cloud Leak Exposed Accenture's Business
https://www.upguard.com/breaches/cloud-leak-accenture
http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/
-
System Shock: How A Cloud Leak Exposed Accenture's Business
https://www.upguard.com/breaches/cloud-leak-accenture (https://www.upguard.com/breaches/cloud-leak-accenture)
http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/ (http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/)
Downplaying a Hack only makes the company look more guilt once all the facts are released.
When will companies learn ??? The sooner you reveal the truth, the better off you'll be in the long run.
-
Equifax website borked again, this time to redirect to fake Flash update
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/
-
Ladies and Gentlemen, prepare your CPU—web browser mining is coming
https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming
-
Ladies and Gentlemen, prepare your CPU—web browser mining is coming
https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming (https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming)
It's actually only gotten more sophisticated. :)
-
The Ransomware Economy
How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rate of More Than 2,500% Per Year
https://www.carbonblack.com/wp-content/uploads/2017/10/Carbon-Black-Ransomware-Economy-Report-101117.pdf
-
DoubleLocker: Innovative Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
-
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
https://www.krackattacks.com/
https://papers.mathyvanhoef.com/ccs2017.pdf
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
-
A cleaner, safer web with Chrome Cleanup
https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/
-
ROCA: Vulnerable RSA generation (CVE-2017-15361)
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://keychest.net/roca
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-background
-
State Of Software Security 2017
https://www.veracode.com/state-of-software-security-report
-
Leaked: Facebook security boss says its corporate network is run "like a college campus"
http://www.zdnet.com/article/leaked-audio-facebook-security-boss-says-network-is-like-a-college-campus/
-
A New IoT Botnet Storm is Coming
https://research.checkpoint.com/new-iot-botnet-storm-coming/
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
-
LokiBot - the first hybrid Android malware
https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html
-
DUHK Attack Exposes Gaps in FIPS Certification
https://threatpost.com/duhk-attack-exposes-gaps-in-fips-certification/128582/
https://duhkattack.com/
https://duhkattack.com/paper.pdf
-
Unofficial patch against the DDE feature in MS Office:
https://0patch.blogspot.nl/2017/10/0patching-office-dde-ddeauto.html
As Microsoft will not come up with a patch soon, ACROS came up with this "micropatch"
polonus
-
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
-
A suspicious adblocker puts iOS users’ privacy at risk
https://blog.adguard.com/en/adblockprime_notsafe/
-
Threat Spotlight: Follow the Bad Rabbit
http://blog.talosintelligence.com/2017/10/bad-rabbit.html
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
https://securelist.com/bad-rabbit-ransomware/82851/
http://blog.trendmicro.com/trendlabs-security-intelligence/bad-rabbit-ransomware-spreads-via-network-hits-ukraine-russia/
https://blog.avast.com/its-rabbit-season-badrabbit-ransomware-infects-airports-and-subways
-
Disclosure: WordPress WPDB SQL Injection - Background
https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-background.html
https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
-
A New IoT Botnet Storm is Coming
https://research.checkpoint.com/new-iot-botnet-storm-coming/
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
IoTroop Botnet: The Full Investigation
https://research.checkpoint.com/iotroop-botnet-full-investigation/
-
Junkware Removal Tool to be discontinued
Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.
https://www.malwarebytes.com/junkwareremovaltool/
https://forums.malwarebytes.com/topic/213402-junkware-removal-tool-to-be-discontinued/
-
Junkware Removal Tool to be discontinued
Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.
https://www.malwarebytes.com/junkwareremovaltool/ (https://www.malwarebytes.com/junkwareremovaltool/)
https://forums.malwarebytes.com/topic/213402-junkware-removal-tool-to-be-discontinued/ (https://forums.malwarebytes.com/topic/213402-junkware-removal-tool-to-be-discontinued/)
One less tool in the battle against the bad guys. :(
-
Cryptocurrency mining malware sneaks onto Google Play
https://blog.avast.com/cryptocurrency-mining-malware-sneaks-onto-google-play
-
Stuxnet-style code signing is more widespread than anyone thought
https://arstechnica.com/information-technology/2017/11/evasive-code-signed-malware-flourished-before-stuxnet-and-still-does/
http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
-
Standardizing Bad Cryptographic Practice
https://eprint.iacr.org/2017/828.pdf
-
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/
-
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/ (https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/)
So why is Avast Online Security App giving that website a green light ???
(http://screencast-o-matic.com/screenshots/u/Lh/1510318347916-97317.png)
-
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/ (https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/)
So why is Avast Online Security App giving that website a green light ???
The guys from VL are at it already. :)
-
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/ (https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/)
So why is Avast Online Security App giving that website a green light ???
The guys from VL are at it already. :)
Yes quick response after I reported it on the slack channel. :)
-
It didn't take Avast very long to Correct this incorrect rating either.
(http://screencast-o-matic.com/screenshots/u/Lh/1510320477773-5722.png)
-
It didn't take Avast very long to Correct this incorrect rating either.
Yep, good job and fast reaction. 8)
-
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
https://www.appthority.com/mobile-threat-center/blog/eavesdropper-mobile-vulnerability-exposing-millions-conversations/
https://www.appthority.com/mobile-threat-center/blog/eavesdropper-vulnerability-extends-amazon-cloud-storage-data/
-
Data breaches, phishing, or malware? Understanding the risks of stolen credentials
https://research.google.com/pubs/archive/46437.pdf
-
Face ID beaten by mask, not an effective security measure
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
-
The November 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/11/14/the-november-2017-security-update-review
-
Trump administration releases rules on disclosing security flaws.
https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF (https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF)
-
BlueBorne
The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
BlueBorne Cyber Threat Impacts Amazon Echo and Google Home
https://www.armis.com/blueborne-cyber-threat-impacts-amazon-echo-google-home/
-
Introducing security alerts on GitHub
https://github.com/blog/2470-introducing-security-alerts-on-github
https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
-
Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive
https://www.upguard.com/breaches/cloud-leak-centcom
-
Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive
https://www.upguard.com/breaches/cloud-leak-centcom (https://www.upguard.com/breaches/cloud-leak-centcom)
The question still remains if this "misconfiguration" was an oversight or a deliberate act. ???
-
Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers
https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers
-
NoScript 10.1.1 Quantum Powerball Finish... and Rebooting
https://hackademix.net/2017/11/21/noscript-1011-quantum-powerball-finish-and-rebooting/
-
Uber Paid Hackers to Delete Stolen Data on 57 Million People
https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
-
qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/
-
No boundaries: Exfiltration of personal data by session-replay scripts
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/
https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html
-
Massive Email Campaign Spreads Scarab Ransomware
https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware
https://labsblog.f-secure.com/2017/11/23/necurs-business-is-booming-in-a-new-partnership-with-scarab-ransomware/
-
OSX.Proton spreading through fake Symantec blog
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/osx-proton-spreading-through-fake-symantec-blog/
-
Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online
https://www.upguard.com/breaches/cloud-leak-inscom
-
Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online
https://www.upguard.com/breaches/cloud-leak-inscom (https://www.upguard.com/breaches/cloud-leak-inscom)
"If the right hand doesn't know what the left hand is doing . . . "
That's been going on in Government all over the world since ancient history.
-
Terror exploit kit goes HTTPS all the way
https://blog.malwarebytes.com/threat-analysis/2017/11/terror-exploit-kit-goes-https-all-the-way/
-
Reducing Chrome crashes caused by third-party software
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html
Discussion: https://forum.avast.com/index.php?topic=211404.0
-
Mailsploit
https://www.mailsploit.com
https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk/htmlview?sle=true
-
Hacked Password Service Leakbase Goes Dark
https://krebsonsecurity.com/2017/12/hacked-password-service-leakbase-goes-dark/
-
Virtual Keyboard Developer Leaked 31 Million of Client Records
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
-
A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
https://info.phishlabs.com/blog/quarter-phishing-attacks-hosted-https-domains
-
StorageCrypt Ransomware Infecting NAS Devices Using SambaCry
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
-
how do i delete trash file
-
how do i delete trash file
Please start your own topic and describe you problem.
-
HP keylogger
https://zwclose.github.io/HP-keylogger/
https://support.hp.com/us-en/document/c05827409
-
The December 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/12/12/the-december-2017-security-update-review
-
Avast open-sources its machine-code decompiler (https://blog.avast.com/avast-open-sources-its-machine-code-decompiler)
(http://screencast-o-matic.com/screenshots/u/Lh/1513172232100-93060.png)
-
Group-IB uncovered hacker group, attacking dozens of banks in the US, Russia and the UK
https://www.group-ib.com/media/group-ib-moneytaker/
-
Palo Alto Networks firewalls remote root code execution
http://seclists.org/fulldisclosure/2017/Dec/38
https://securityadvisories.paloaltonetworks.com/Home/Detail/102
-
keeper: privileged ui injected into pages (again)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481
-
Jack of all trades
https://securelist.com/jack-of-all-trades/83470/
-
New version of mobile malware Catelites possibly linked to Cron cyber gang
https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang
https://cdn2.hubspot.net/hubfs/486579/Catelites%20Bot%20Targetted%20Banking%20Apps.pdf
-
PC Trends Report: Top 7 facts about PCs in 2017
https://blog.avast.com/pc-trends-report-top-7-facts-about-pcs-in-2017
https://press.avast.com/hubfs/media-materials/kits/PC-trends-report-Q3-2017/avast_q3_2017_pc_trends_report.pdf
-
The Market for Stolen Account Credentials
https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/
-
Pentest-Report Enigmail by Cure53
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
-
New .DOC GlobeImposter Ransomware Variant Malspam Campaign Underway
https://www.bleepingcomputer.com/news/security/new-doc-globeimposter-ransomware-variant-malspam-campaign-underway/
-
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Edit: Links added.
-
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Reactions and Infos
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.amd.com/en/corporate/speculative-execution
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
-
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Reactions and Infos
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.amd.com/en/corporate/speculative-execution
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
-
Multiple vulnerabilities in the online services of (GPS) location tracking devices
https://0x0.li/trackmageddon/
https://0x0.li/trackmageddon/0x0-20171222-gpsui.net.html
https://0x0.li/trackmageddon/0x0-20180102-gpsgate.html
-
Multiple reports of blue screens (BSODs) 0X000000C4 when installing the January Win7 Monthly Rollup KB 4056894
https://www.askwoody.com/2018/multiple-reports-of-blue-screens-bsods-0x000000c4-when-installing-the-january-win7-monthly-rollup-kb-4056894/
-
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Reactions and Infos
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.amd.com/en/corporate/speculative-execution
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
Meltdown and Spectre: Yes, your device is likely vulnerable
https://blog.avast.com/meltdown-and-spectre-yes-your-device-is-likely-vulnerable
-
Facebook Bug Could Have Let Advertisers Get Your Phone Number
https://www.wired.com/story/facebook-bug-could-let-advertisers-see-your-phone-number/
https://mislove.org/publications/PII-Oakland.pdf
-
The January 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review
-
2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure
https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996
-
Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/
https://business.f-secure.com/intel-amt-security-issue
-
Malicious Chrome Extensions Enable Criminals to Impact Over Half a Million Users and Global Businesses
https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses
-
Downloaders on Google Play spreading malware to steal Facebook login details
https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-facebook-login-details
-
EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World
https://www.eff.org/press/releases/eff-and-lookout-uncover-new-malware-espionage-campaign-infecting-thousands-around
https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news
https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
-
Art of Steal: Satori Variant is Robbing ETH BitCoin by Replacing Wallet Address
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
-
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
-
Dell Advising All Customers To Not Install Spectre BIOS Updates
https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/
HP Reissuing BIOS Updates After Buggy Intel Meltdown and Spectre Updates
https://www.bleepingcomputer.com/news/hardware/hp-reissuing-bios-updates-after-buggy-intel-meltdown-and-spectre-updates/
-
New Hide ‘N Seek IoT Botnet using custom-built Peer-to-Peer communication spotted in the wild
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
-
Large Scale Monero Cryptocurrency Mining Operation using XMRig
https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cryptocurrency-mining-operation-using-xmrig/
-
IBM Future of Identity Study: Millennials Poised to Disrupt Authentication Landscape
https://www.prnewswire.com/news-releases/ibm-future-of-identity-study-millennials-poised-to-disrupt-authentication-landscape-300589262.html
-
Malvertising Campaign Abuses Google’s DoubleClick to Deliver Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
-
(https://screencast-o-matic.com/screenshots/u/Lh/1517344240255-2440.png)
https://blog.avast.com/looking-ahead-9-threat-trends-in-2018
-
First ‘Jackpotting’ Attacks Hit U.S. ATMs
https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/
-
Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/
https://documents.trendmicro.com/assets/pdf/appendix-droidclub.pdf
-
Botnet at large: Avast blocks Smominru miner
https://blog.avast.com/botnet-at-large-avast-blocks-smominru-miner
http://www.zdnet.com/article/a-giant-botnet-is-forcing-windows-servers-to-mine-cryptocurrency
https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators
-
Intel-SA-00088 for Intel® NUC, Intel® Compute Stick, and Intel® Compute Card
https://www.intel.com/content/www/us/en/support/articles/000026620/mini-pcs.html
-
Grammarly: auth tokens are accessible to all websites
https://bugs.chromium.org/p/project-zero/issues/detail?id=1527
-
Analyzing OSX/CreativeUpdater › a macOS cryptominer, distributed via macupdate.com
https://objective-see.com/blog/blog_0x29.html
-
Microsoft Anti Ransomware bypass (not a vulnerability for Microsoft)
http://www.securitybydefault.com/2018/01/microsoft-anti-ransomware-bypass-not.html
-
UDPoS - Exfiltrating Credit Card Data via DNS
https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-dns
-
The essential guide to ransomware and how to protect yourself
https://blog.avast.com/what-is-ransomware
-
Microcode Revision Guidance
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf
-
You can resurrect any deleted GitHub account name. And this is why we have trust issues
https://www.theregister.co.uk/2018/02/10/github_account_name_reuse/
-
Ransomware: New free decryption key can save files locked with Cryakl
http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/
-
Zero-day vulnerability in Telegram
https://securelist.com/zero-day-vulnerability-in-telegram/83800/
-
The February 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/2/13/the-february-2018-security-update-review
-
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
http://seclists.org/fulldisclosure/2018/Feb/33
-
The essential guide to VPNs: What they are and how they work
https://blog.avast.com/vpn-essential-guide
-
Spectre Mitigations in Microsoft's C/C++ Compiler
https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html
-
COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style
http://blog.talosintelligence.com/2018/02/coinhoarder.html
-
Mac Privacy: Sandboxed Mac apps can record your screen at any time without you knowing
https://krausefx.com/blog/mac-privacy-sandboxed-mac-apps-can-take-screenshots
-
The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries
https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/
-
Microsoft Edge: ACG bypass using UnmapViewOfFile
https://bugs.chromium.org/p/project-zero/issues/detail?id=1435
-
New Satori Botnet Variant Enslaves Thousands of Dasan WiFi Routers
https://blog.radware.com/security/2018/02/new-satori-botnet-variant-enslaves-thousands-dasan-wifi-routers/
-
Lessons from the Cryptojacking Attack at Tesla
https://blog.redlock.io/cryptojacking-tesla
-
Avast tracks down Tempting Cedar Spyware
https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware (https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware)
-
Tearing Apart the Undetected (OSX)Coldroot RAT
https://digitasecurity.com/blog/2018/02/19/coldroot/
-
Retpoline: A Branch Target Injection Mitigation
https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Branch-Target-Injection-Mitigation.pdf
-
Jenkins Miner: One of the Biggest Mining Operations Ever Discovered
https://research.checkpoint.com/jenkins-miner-one-biggest-mining-operations-ever-discovered/
-
Signal Foundation
https://signal.org/blog/signal-foundation/
https://signalfoundation.org/
-
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060
-
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
-
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
Hi Bob, I always post the title as is. Cheers
-
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
Hi Bob, I always post the title as is. Cheers
All I did was clarify the post. :)
-
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
Hi Bob, I always post the title as is. Cheers
All I did was clarify the post. :)
Got it, no worries. :)
-
OMG: Mirai-based Bot Turns IoT Devices into Proxy Servers
https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
-
SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution
https://arxiv.org/pdf/1802.09085v2.pdf
-
The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned
https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/
-
The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned
https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/
I think Governments need to start hiring some of these hackers that walk though their so called defences. A point in question one with Autism has finally combated extradition for hacking US Government sites. He wasn't the first Autistic person to have done the same blowing holes in US Government sites and also beating extradition.
I think that they should be more proactive when identifying a hacker, to ask how it was done and fire those responsible for security of said sites.
-
Folks with Autism usually excel at something. :)
-
Folks with Autism usually excel at something. :)
Absolutely and there have been several cases of them getting around site security, more from being inquisitive, very tenacious and not malicious.
-
Doctor Web: over 40 models of Android devices delivered already infected from the manufacturers
https://news.drweb.com/show/?lng=en&i=11749&c=5
-
Doctor Web: over 40 models of Android devices delivered already infected from the manufacturers
https://news.drweb.com/show/?lng=en&i=11749&c=5
Never heard of any of those 40 Android devices before, it doesn't appear to include any of the major brands. Thought it does say that this is not a comprehensive list.
-
LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE
http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_02A-3_Hussain_paper.pdf
-
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/
-
As a long time user of Ccleaner, I'm very happy that the product is now part of Avast Software.
Here is why:
https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities
-
Dark Web Market Price Index (Feb 2018 - US Edition)
https://www.top10vpn.com/privacy-central/privacy/dark-web-market-price-index-feb-2018-us/
https://www.top10vpn.com/wp-content/uploads/2018/02/Dark-Web-Market-Price-Index-Feb-2018.pdf
-
OlympicDestroyer is here to trick the industry
https://securelist.com/olympicdestroyer-is-here-to-trick-the-industry/84295/
-
BAD TRAFFIC: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/
https://github.com/citizenlab/badtraffic
-
TLS 1.3 and Proxies
https://www.imperialviolet.org/2018/03/10/tls13.html
-
Greedy cybercriminals host malware on GitHub
https://blog.avast.com/greedy-cybercriminals-host-malware-on-github
-
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review
-
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review (https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review)
I was delayed yesterday after my presentation.
I had been asked to hook up to their wifi and after the presentation, I was greeted with the
notification not to shut down the computer till the update completed. :)
Love this new update feature in Windows 10. :(
-
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review (https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review)
I was delayed yesterday after my presentation.
I had been asked to hook up to their wifi and after the presentation, I was greeted with the
notification not to shut down the computer till the update completed. :)
Love this new update feature in Windows 10. :(
I do hate this authoritarian approach to windows updates by MS.
First off I did the this is a metered connection, delaying my updates until I chose to do it. Now that options is ignored, but the one thing that does seem to still have an effect is setting the Active Hours so it is way outside of any possible conflict with work.
Windows Update > Update settings > Change active hours - mine is set at 14:00 to 22:00 (Maximum 18 hours). Or you could try the Restart options > Schedule a time - I have this turned off.
I don't know if that first option could have helped you in conjunction with the second option.
-
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review (https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review)
I was delayed yesterday after my presentation.
I had been asked to hook up to their wifi and after the presentation, I was greeted with the
notification not to shut down the computer till the update completed. :)
Love this new update feature in Windows 10. :(
I do hate this authoritarian approach to windows updates by MS.
First off I did the this is a metered connection, delaying my updates until I chose to do it. Now that options is ignored, but the one thing that does seem to still have an effect is setting the Active Hours so it is way outside of any possible conflict with work.
Windows Update > Update settings > Change active hours - mine is set at 14:00 to 22:00 (Maximum 18 hours). Or you could try the Restart options > Schedule a time - I have this turned off.
I don't know if that first option could have helped you in conjunction with the second option.
I very seldom connect to Wifi at a club. I don't need it for my presentation.
This was a rare exception and just happened to be at a time when there was an update available.
It only took an extra 10 minutes so it was manageable.
-
A raft of flaws in AMD chips makes bad hacks much, much worse
https://arstechnica.com/information-technology/2018/03/a-raft-of-flaws-in-amd-chips-make-bad-hacks-much-much-worse/
-
Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/13/poisoned-peer-to-peer-app-kicked-off-dofoil-coin-miner-outbreak/
-
Microsoft wants to force Windows 10 Mail users to use Edge for email links
https://www.theverge.com/2018/3/16/17130566/microsoft-windows-10-mail-edge-default-links
-
Not my experience. Outlook.com works without problems in Chrome.
Cortana is using Google to do my bidding. :)
-
ACME v2 and Wildcard Certificate Support is Live
https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
-
The Crypto Miners Fight For CPU Cycles
https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/
-
Guest Accounts Gain Full Access on Chrome RDP
https://research.checkpoint.com/guest-accounts-gain-full-access-chrome-rdp/
-
Master password in Firefox or Thunderbird? Do not bother!
https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother
-
Advancing Security at the Silicon Level
https://newsroom.intel.com/editorials/advancing-security-silicon-level/
-
A raft of flaws in AMD chips makes bad hacks much, much worse
https://arstechnica.com/information-technology/2018/03/a-raft-of-flaws-in-amd-chips-make-bad-hacks-much-much-worse/
Initial AMD Technical Assessment of CTS Labs Research
https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research
-
Protecting Against HSTS Abuse
https://webkit.org/blog/8146/protecting-against-hsts-abuse/
-
Protecting Security Researchers
https://blogs.dropbox.com/tech/2018/03/protecting-security-researchers/
-
Total Meltdown?
https://blog.frizk.net/2018/03/total-meltdown.html
-
Total Meltdown?
https://blog.frizk.net/2018/03/total-meltdown.html (https://blog.frizk.net/2018/03/total-meltdown.html)
Sometimes the cure is worse than the disease.
The latest patch has already fixed this vulnerability. If you installed it, you're safe
-
Who and What Is Coinhive?
https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/
-
SamSam group deletes Atlanta's contact portal after the address goes public
https://www.csoonline.com/article/3266364/security/samsam-group-deletes-atlantas-contact-portal-after-the-address-goes-public.html
-
Protecting users from extension cryptojacking
https://blog.chromium.org/2018/04/protecting-users-from-extension-cryptojacking.html
-
Chrome Is Scanning Files on Your Computer, and People Are Freaking Out
https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool
-
Compromised Magento Sites Delivering Malware
https://www.flashpoint-intel.com/blog/compromised-magento-sites-delivering-malware/
-
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services
https://www.digitalshadows.com/blog-and-research/when-sharing-is-not-caring-over-1-5-billion-files-exposed-through-misconfigured-services/
-
Intel® Remote Keyboard Unauthenticated Keystroke Injection
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr
Intel has issued a Product Discontinuation notice for Intel® Remote Keyboard and recommends that users of the Intel® Remote Keyboard uninstall it at their earliest convenience.
-
Microcode Revision Guidance - April 2018
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
-
Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client
https://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi
-
The April 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/4/10/the-april-2018-security-update-review
-
There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems
https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/
-
How Android Phones Hide Missed Security Updates From You
https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you/
-
Smartphone Security: You'll Never Guess Who Just Messaged You
http://jordansmith.io/address-book-contact-security/
-
The dots do matter: how to scam a Gmail user
https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html
-
The dots do matter: how to scam a Gmail user
https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html
This was also a common tactic by spammers (and probably still is) get a gmail account and use multiple combinations of that address using the dots in the address for different accounts.
-
Minecraft players exposed to malicious code in modified “skins”
https://blog.avast.com/minecraft-players-exposed-to-malicious-code-in-modified-skins
-
Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer
https://blog.avast.com/update-ccleaner-attackers-entered-via-teamviewer
-
Uncovering Drupalgeddon 2
https://research.checkpoint.com/uncovering-drupalgeddon-2/
-
Deleted Facebook Cybercrime Groups Had 300,000 Members
https://krebsonsecurity.com/2018/04/deleted-facebook-cybercrime-groups-had-300000-members/
-
Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
https://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-xiaoba-repurposed-as-file-infector-and-cryptocurrency-miner/
-
iOS Trustjacking – A Dangerous New iOS Vulnerability
https://www.symantec.com/blogs/feature-stories/ios-trustjacking-dangerous-new-ios-vulnerability
-
No boundaries for Facebook data: third-party trackers abuse Facebook Login
https://freedom-to-tinker.com/2018/04/18/no-boundaries-for-facebook-data-third-party-trackers-abuse-facebook-login/
-
2018 Data Breach Investigations Report
http://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf
-
The Cat-and-Mouse Game Between Apple and the Manufacturer of an iPhone Unlocking Tool
https://motherboard.vice.com/amp/en_us/article/ne95pg/apple-iphone-unlocking-tool-graykey-cat-and-mouse-game
-
Framework for Improving Critical Infrastructure Cybersecurity
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
-
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/
-
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/
Not shown in this blog entry, the spamming of forums with support scam telephone numbers/links, etc.
-
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/
Not shown in this blog entry, the spamming of forums with support scam telephone numbers/links, etc.
That's right Dave. Also worth mentioning, most big(ger) IT companies are targeted.
-
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/
Not shown in this blog entry, the spamming of forums with support scam telephone numbers/links, etc.
That's right Dave. Also worth mentioning, most big(ger) IT companies are targeted.
Yes more customers, means more potential targets, added to that, spam a support site and you are fishing in the right pond. A target rich environment, people seeking help, support.
-
World’s biggest marketplace selling internet paralysing DDoS attacks taken down
https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-biggest-marketplace-selling-internet-paralysing-ddos-attacks-taken-down
-
New Crossrider variant installs configuration profiles on Macs
https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/
-
A New Phishing Kit on the Dark Net
https://research.checkpoint.com/a-phishing-kit-investigative-report/
-
SEC hands down $35 million fine in Yahoo hack
http://money.cnn.com/2018/04/24/technology/yahoo-altaba-hack-sec-fine/index.html
-
Dear Canada: Accessing Publicly Available Information on the Internet Is Not a Crime
https://www.eff.org/deeplinks/2018/04/dear-canada-accessing-publicly-available-information-internet-not-crime
-
Dear Canada: Accessing Publicly Available Information on the Internet Is Not a Crime
https://www.eff.org/deeplinks/2018/04/dear-canada-accessing-publicly-available-information-internet-not-crime (https://www.eff.org/deeplinks/2018/04/dear-canada-accessing-publicly-available-information-internet-not-crime)
If searching the internet were illegal than most of the world would now be behind bars. :(
-
Google Maps open redirect flaw abused by scammers
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
-
SiliVaccine: Inside North Korea’s Anti-Virus
https://research.checkpoint.com/silivaccine-a-look-inside-north-koreas-anti-virus/
-
Botception with Necurs: Botnet distributes script with bot capabilities
https://blog.avast.com/botception-with-necurs-botnet-distributes-script-with-bot-capabilities-avast-threat-labs
-
MassMiner Malware Targeting Web Servers
https://www.alienvault.com/blogs/labs-research/massminer-malware-targeting-web-servers
-
Large cryptojacking campaign targeting vulnerable Drupal websites
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
-
The May 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/5/8/the-may-2018-security-update-review
-
Telegram: Cyber Crime’s Channel of Choice
https://research.checkpoint.com/telegram-cyber-crimes-channel-choice/
-
Remote Code Execution Vulnerability on LG Smartphones
https://research.checkpoint.com/lg-keyboard-vulnerabilities/ (https://research.checkpoint.com/lg-keyboard-vulnerabilities/)
LG has issued two security patches on May 8th, 2018.
-
Net Neutrality now has a specific death date – June 11, 2018
https://www.androidauthority.com/net-neutrality-death-date-864283/
-
Net Neutrality now has a specific death date – June 11, 2018
https://www.androidauthority.com/net-neutrality-death-date-864283/ (https://www.androidauthority.com/net-neutrality-death-date-864283/)
That's one month after the date when Amazon Prime starts to raise it's annual fee. :)
-
Hardware debug exception documentation may result in unexpected behavior
https://www.kb.cert.org/vuls/id/631579
https://everdox.net/popss.pdf
-
New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds
https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/
-
Thousands of Companies Are Still Downloading the Vulnerability That Wrecked Equifax
http://fortune.com/2018/05/07/security-equifax-vulnerability-download/
-
I put a trial from the playstore and i decided to buy b4 end of trial. I got an email saying my credit card will be deductef tonight ehich it was. But i dont know how to put pro on my phone. I csnt even follow this forum please help me get to right forum.
-
I put a trial from the playstore and i decided to buy b4 end of trial. I got an email saying my credit card will be deductef tonight ehich it was. But i dont know how to put pro on my phone. I csnt even follow this forum please help me get to right forum.
-> https://forum.avast.com/index.php?board=66.0
-
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
-
Human rights under surveillance - Digital threats against human rights defenders in Pakistan
https://www.amnesty.org/download/Documents/ASA3383662018ENGLISH.PDF
-
Hacking iLO — take a moment to secure your servers
https://blog.avast.com/secure-your-servers-from-ransomware
-
Nethammer: Inducing Rowhammer Faults through Network Requests
https://arxiv.org/pdf/1805.04956.pdf
-
Throwhammer: Rowhammer Attacks over the Network and Defenses
https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
-
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
EFail and Thunderbird, What You Need To Know
https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/
-
Addressing New Research for Side-Channel Analysis - Details and Mitigation Information for Variant 4
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
-
Analysis and mitigation of speculative store bypass (CVE-2018-3639)
https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/
-
New Mac cryptominer uses XMRig
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
-
Android devices ship with pre-installed malware
https://blog.avast.com/android-devices-ship-with-pre-installed-malware
-
Spectre continues: Did we all trade speed for security?
https://blog.avast.com/spectre-continues-did-we-all-trade-speed-for-security-avast
-
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
-
Brain Food botnet gives website operators heartburn
https://www.proofpoint.com/us/threat-insight/post/brain-food-botnet-gives-website-operators-heartburn
-
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
-
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
Can Wi-Fi Inspector detect this router infection? Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?
-
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
Can Wi-Fi Inspector detect this router infection? Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?
Hello,
We were considering whether to add a detection for the VPNFilter exploit, but at this point we are leaning towards NO.
The reasons being:
- It is targeted mostly towards corporate networks (not Wi-Fi Inspectors focus)
- It is not that wide spread
- It is one of the more sophisticated and harder to detect exploits (more development time needed)
Added up, it would not be worth to invest the time into this, when we can add several other detections, that we think will benefit our users more.
Filip
-
Filip, thanks for your reply.
Many brands/models of home routers are vulnerable. If these routers become compromised, it is possible that they could be used for DDos attacks? At any rate, it seems that the compromised routers is used to steal data traveling thru them.
-
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
EFail and Thunderbird, What You Need To Know
https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/
In Apple Mail, There’s No Protecting PGP-Encrypted Messages
https://theintercept.com/2018/05/25/in-apple-mail-theres-no-protecting-pgp-encrypted-messages/
-
Z-Shave. Exploiting Z-Wave downgrade attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
-
Frag Grenade! A Remote Code Execution Vulnerability in the Steam Client
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
-
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
Did you reboot your router yet? Make sure to do so and soon.
https://blog.avast.com/dont-forget-to-reboot-your-router
-
Side-channel attacking browsers through CSS3 features
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
-
Research shows 75% of ‘open’ Redis servers infected
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
-
Fighting malware with machine learning
https://blog.avast.com/fighting-malware-with-machine-learning
(https://blog.avast.com/hs-fs/hubfs/avast-evogens-all.png?t=1527864105461&width=800)
-
Large cryptojacking campaign targeting vulnerable Drupal websites
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Over 100,000 Drupal websites vulnerable to Drupalgeddon 2 (CVE-2018-7600)
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
-
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
https://res.cloudinary.com/snyk/image/upload/v1528192501/zip-slip-vulnerability/technical-whitepaper.pdf
-
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
Did you reboot your router yet? Make sure to do so and soon.
https://blog.avast.com/dont-forget-to-reboot-your-router
VPNFilter Update - VPNFilter exploits endpoints, targets new devices
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
-
Major Vulnerabilities in Foscam Cameras
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
-
CryptoCurrency Miner Plays Hide-and-seek with Popular Games and Tools
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
-
The June 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/6/12/the-june-2018-security-update-review
-
Trik Spam Botnet Leaks 43 Million Email Addresses
https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/
-
I can be Apple, and so can you - A Public Disclosure of Issues Around Third Party Code Signing Checks
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
https://arstechnica.com/information-technology/2018/06/simple-technique-bypassed-macos-signature-checks-by-third-party-tools/
-
Improving extension transparency for users
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
-
Cryptojacking invades cloud. How modern containerization trend is exploited by attackers
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
-
Launching VirusTotal Monitor, a service to mitigate false positives
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
-
Google’s Newest Feature: Find My Home
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
-
Google’s Newest Feature: Find My Home
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
I haven't got a single IoT product in my home, for the most part I don't think they are serving any function that I want or need. But security has also been one of my concerns, hell I won't even have a Smart TV connected to the internet as none of them really have any specific (installable or built in) protection.
-
Google’s Newest Feature: Find My Home
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
I haven't got a single IoT product in my home, for the most part I don't think they are serving any function that I want or need. But security has also been one of my concerns, hell I won't even have a Smart TV connected to the internet as none of them really have any specific (installable or built in) protection.
Side note: When Young first reached out to Google in May about his findings, the company replied by closing his bug report with a “Status: Won’t Fix (Intended Behavior)” message. But after being contacted by KrebsOnSecurity, Google changed its tune, saying it planned to ship an update to address the privacy leak in both devices. Currently, that update is slated to be released in mid-July 2018. (https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/)
-
Windows warning: US exposes North Korea government's Typeframe malware
https://www.zdnet.com/article/windows-warning-us-exposes-north-korea-governments-typeframe-malware/ (https://www.zdnet.com/article/windows-warning-us-exposes-north-korea-governments-typeframe-malware/)
-
Olympic Destroyer is still alive
https://securelist.com/olympic-destroyer-is-still-alive/86169/
-
True Story: The Case of a Hacked Baby Monitor (Gwelltimes P2P Cloud)
https://www.sec-consult.com/en/blog/2018/06/true-story-the-case-of-a-hacked-baby-monitor-gwelltimes-p2p-cloud/
-
Cache Me Outside › apple's 'quicklook' cache may leak encrypted data
https://objective-see.com/blog/blog_0x30.html
-
IBM, Symantec, McAfee Touted for Proactive Security
https://www.channelpartnersonline.com/2018/07/05/ibm-symantec-mcafee-touted-for-proactive-security/ (https://www.channelpartnersonline.com/2018/07/05/ibm-symantec-mcafee-touted-for-proactive-security/)
-
The July 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/7/10/the-july-2018-security-update-review
-
Speculative Buffer Overflows: Attacks and Defenses
https://people.csail.mit.edu/vlk/spectre11.pdf
-
Intel Analysis of Speculative Execution Side Channels (Revision 4.0 - July 2018)
https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf
-
oo7: Low-overhead Defense against Spectre Attacks via Binary Analysis
https://arxiv.org/pdf/1807.05843.pdf
-
Malwarebytes - Cybercrime Tactics and Techniques: Q2 2018
https://resources.malwarebytes.com/files/2018/07/Malwarebytes_Cybercrime-Tactics-and-Techniques-Q2-2018.pdf
-
Microsoft Identity Bounty Program
https://www.microsoft.com/en-us/msrc/bounty-microsoft-identity
-
Mozilla - ASan Nightly Project
https://developer.mozilla.org/en-US/docs/Mozilla/Testing/ASan_Nightly_Project
-
Spectre Returns! Speculation Attacks using the Return Stack Buffer
https://arxiv.org/pdf/1807.07940.pdf
-
ret2spec: Speculative Execution Using Return Stack Buffers
https://christian-rossow.de/publications/ret2spec-ccs2018.pdf
-
LifeLock Bug Exposed Millions of Customer Email Addresses
https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/
-
LifeLock Bug Exposed Millions of Customer Email Addresses
https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/ (https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/)
Avast got burned when they acquired Piriform because of a flaw in Ccleaner's coding.
Now Symantec gets burned because of a flaw in web coding in Life Lock which they acquired.
These things can happen to any company. It's always the individual customer that's at risk.
-
The gist I get is that LifeLock says it is about security and protecting its consumers against fraud when the article by Krebsonsecurity says the issue is a basic programming error done for convenience, not security, so a subscriber can unsubscribe more easily. LifeLock should never have set it up this way because this was an easy way to commit fraud against known customers.
-
The gist I get is that LifeLock says it is about security and protecting its consumers against fraud when the article by Krebsonsecurity says the issue is a basic programming error done for convenience, not security, so a subscriber can unsubscribe more easily. LifeLock should never have set it up this way because this was an easy way to commit fraud against known customers.
Symantec owns LifeLock. So this is now their problem.
-
Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html
-
NetSpectre: Read Arbitrary Memory over Network
https://misc0110.net/web/files/netspectre.pdf
-
The SIM Hijackers
https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
-
"Big Star Labs" spyware campaign affects over 11,000,000 people
https://adguard.com/en/blog/big-star-labs-spyware/
-
SamSam: The (Almost) Six Million Dollar Ransomware
https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf
-
Telegram’s New Passport Service is Vulnerable to Brute Force Attacks
https://virgilsecurity.com/telegram-passport-vulnerability/
-
Computer Virus Cripples IPhone Chipmaker TSMC Plants
https://www.bloomberg.com/news/articles/2018-08-04/tsmc-takes-emergency-steps-as-operations-hit-by-computer-virus
-
An open letter to Microsoft management re: Windows updating
https://www.computerworld.com/article/3293440/microsoft-windows/an-open-letter-to-microsoft-management-re-windows-updating.html
-
Mozilla's new DNS resolution is dangerous
https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/
-
Mozilla's new DNS resolution is dangerous
No it isn't, and the article is seriously misleading its readers:
Mozilla wants to override any configured DNS server with Cloudflare
No they don't: the TRR is fully user-configurable. Mozilla is running a limited Opt-in shield study to test their DoH/TRR implementation.
See https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/ (https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/)
-
Mozilla's new DNS resolution is dangerous
No it isn't, and the article is seriously misleading its readers:
Mozilla wants to override any configured DNS server with Cloudflare
No they don't: the TRR is fully user-configurable. Mozilla is running a limited Opt-in shield study to test their DoH/TRR implementation.
See https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/ (https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/)
Ongoing discussion here: https://news.ycombinator.com/item?id=17690534
-
Thanks for the link, Asyn. I shall read it carefully :)
I've been following developments (and comments) closely on Mozilla and the /r/Firefox subreddit.
-
You're welcome Alan.
-
FakesApp: A Vulnerability in WhatsApp
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
-
Winners of the 2018 Pwnie Awards
https://pwnies.com/winners/
-
Is the Mafia Taking Over Cybercrime?
http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime-wp.pdf
-
Hacker Finds Hidden 'God Mode' on Old x86 CPUs
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
-
Hacking a Brand New Mac Remotely, Right Out of the Box
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
-
Hacking the Amazon Echo
https://blog.avast.com/hacking-the-amazon-echo-avast
https://techcrunch.com/2018/08/13/security-researchers-found-a-way-to-hack-into-the-amazon-echo/
-
FBI Warns of ‘Unlimited’ ATM Cashout Blitz
https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/ (https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/)
-
The August 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/8/14/the-august-2018-security-update-review
-
Hacking the Amazon Echo
https://blog.avast.com/hacking-the-amazon-echo-avast (https://blog.avast.com/hacking-the-amazon-echo-avast)
https://techcrunch.com/2018/08/13/security-researchers-found-a-way-to-hack-into-the-amazon-echo/ (https://techcrunch.com/2018/08/13/security-researchers-found-a-way-to-hack-into-the-amazon-echo/)
When this was still viable, The hacker actually had to break into my home and replace my Echo with the hacked Echo
in order for this to work. Theoretically doable but highly unlikely. Since it's already fixed via an update, this was an interesting exercise. :)
-
Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
https://foreshadowattack.eu/
https://foreshadowattack.eu/foreshadow.pdf
https://foreshadowattack.eu/foreshadow-NG.pdf
-
Access all areas - Ways your smart home can be hacked
https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes
-
AP Exclusive: Google tracks your movements, like it or not
https://apnews.com/828aefab64d4411bac257a07c1af0ecb
-
Let's Encrypt Root Trusted By All Major Root Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
-
Faxploit: Breaking the Unthinkable
https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/
-
Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
https://foreshadowattack.eu/
https://foreshadowattack.eu/foreshadow.pdf
https://foreshadowattack.eu/foreshadow-NG.pdf
Q3 2018 Speculative Execution Side Channel Update
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html
-
The Essential Guide for Mac Security
https://blog.avast.com/essential-guide-to-mac-security
-
USBHarpoon
https://vincentyiu.co.uk/usbharpoon/
-
We are taking new steps against broadening threats to democracy
https://blogs.microsoft.com/on-the-issues/2018/08/20/we-are-taking-new-steps-against-broadening-threats-to-democracy/
-
Picking Apart Remcos Botnet-In-A-Box
https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html
-
OpenSSH – users enumeration – CVE-2018-15473
https://sekurak.pl/openssh-users-enumeration-cve-2018-15473/
-
Update on the Distrust of Symantec TLS Certificates
https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/
https://support.apple.com/en-us/HT208860
-
CrowdStrike donates Falcon MalQuery for rapid YARA hunts to the HA Community
https://hybrid-analysis.blogspot.com/2018/08/crowdstrike-donates-falcon-malquery-for.html
-
ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem
https://atcommands.org/
https://atcommands.org/sec18-tian.pdf
-
Increasing mobile threat intelligence with apklab.io
https://blog.avast.com/mobile-threat-intelligence-with-apklab.io
-
GandCrab 4 Ransomware Now Infects Via Software Cracks
https://sensorstechforum.com/gandcrab-4-ransomware-now-infects-via-cracks/
-
Intel® Safety Critical Project for Linux OS
https://clearlinux.org/safe/
-
SonarSnoop: Active Acoustic Side-Channel Attacks
https://arxiv.org/pdf/1808.10250v1.pdf
-
The Data Breach Survival Guide
https://blog.avast.com/data-breach-survival-guide
-
Remote Mac Exploitation Via Custom URL Schemes
https://objective-see.com/blog/blog_0x38.html
-
MagentoCore skimmer most aggressive to date
https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/
-
Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware
https://www.fireeye.com/blog/threat-research/2018/09/fallout-exploit-kit-used-in-malvertising-campaign-to-deliver-gandcrab-ransomware.html
-
Web-based Threats-2018 Q2: U.S. Remains #1 in Malicious Web Addresses, China Falls from #2 to #7
https://researchcenter.paloaltonetworks.com/2018/09/unit42-web-based-threats-2018-q2-u-s-remains-1-malicious-web-addresses-china-falls-2-7/
-
Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
-
Tech support scammers find a home on Microsoft TechNet pages
https://www.zdnet.com/article/tech-support-scammers-find-a-on-microsoft-technet-pages/
-
The September 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review
-
PowerShell Obfuscation Ups the Ante on Antivirus
https://threatpost.com/powershell-obfuscation-ups-the-ante-on-antivirus/137403/
https://threatvector.cylance.com/en_us/home/unpacking-a-packer-powershell-obfuscation-using-securestring.html
-
Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims
https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
-
Kodi add-ons launch cryptomining campaign
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
-
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/
-
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/ (https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/)
I'd like to know how the infector got onto their servers?
-
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/ (https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/)
I'd like to know how the infector got onto their servers?
Yes Bob, that would be interesting to know, unfortunately their statement is quite vague.
"A malicious file was uploaded to the SUPERAntiSpyware download server as a result of an attempted attack on the server," SuperAntiSpyware told BleepingComputer. "The malicious file was discovered and removed from the server within several hours of the attempt. The server has since been thoroughly scanned and the vulnerability has been corrected."
-
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/ (https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/)
I'd like to know how the infector got onto their servers?
Yes Bob, that would be interesting to know, unfortunately their statement is quite vague.
"A malicious file was uploaded to the SUPERAntiSpyware download server as a result of an attempted attack on the server," SuperAntiSpyware told BleepingComputer. "The malicious file was discovered and removed from the server within several hours of the attempt. The server has since been thoroughly scanned and the vulnerability has been corrected."
Another good reason to use Malwarebytes if you want a second opinion in addition to Avast.
-
Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
https://securingtomorrow.mcafee.com/mcafee-labs/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns/
-
Fbot, A Satori Related Botnet Using Block-chain DNS System
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
-
NSA EternalBlue exploits live on with an endless infection loop
https://blog.avira.com/nsa-eternalblue-exploits-live-on-with-an-endless-infection-loop/
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
-
NSA EternalBlue exploits live on with an endless infection loop
https://blog.avira.com/nsa-eternalblue-exploits-live-on-with-an-endless-infection-loop/ (https://blog.avira.com/nsa-eternalblue-exploits-live-on-with-an-endless-infection-loop/)
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ (https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/)
https://forum.avast.com/index.php?topic=52252.msg1430410#msg1430410
-
ZDI-CAN-6135: A Remote Code Execution Vulnerability in the Microsoft Windows Jet Database Engine
https://www.zerodayinitiative.com/blog/2018/9/20/zdi-can-6135-a-remote-code-execution-vulnerability-in-the-microsoft-windows-jet-database-engine
-
Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
-
Another Victim of the Magecart Assault Emerges: Newegg
https://www.riskiq.com/blog/labs/magecart-newegg/
https://www.volexity.com/blog/2018/09/19/magecart-strikes-again-newegg/
-
GandCrab V5 Released With Random Extensions and New HTML Ransom Note
https://www.bleepingcomputer.com/news/security/gandcrab-v5-released-with-random-extensions-and-new-html-ransom-note/
-
In Quiet Change, Google Now Automatically Logging Users Into Chrome
https://www.darkreading.com/vulnerabilities---threats/in-quiet-change-google-now-automatically-logging-users-into-chrome/d/d-id/1332882?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
-
In Quiet Change, Google Now Automatically Logging Users Into Chromehttps://www.darkreading.com/vulnerabilities---threats/in-quiet-change-google-now-automatically-logging-users-into-chrome/d/d-id/1332882?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple (https://www.darkreading.com/vulnerabilities---threats/in-quiet-change-google-now-automatically-logging-users-into-chrome/d/d-id/1332882?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple)
Easy enough to fix if it's not something that makes your life easier:
https://www.askvg.com/fix-google-chrome-automatically-signs-into-browser-when-you-log-into-gmail-or-other-google-services/ (https://www.askvg.com/fix-google-chrome-automatically-signs-into-browser-when-you-log-into-gmail-or-other-google-services/)
-
Firefox Monitor
https://monitor.firefox.com/
-
Firefox Monitor
https://monitor.firefox.com/
Personally I never use things like this as I'm just to trusting (NOT), I don't give out any information (or drop my defences) for anyone to run a supposed security/compromise check.
Sign up for Firefox Monitor. You’ll get a full report on your compromised accounts and notifications any time your accounts appear in new data breaches.
I don't know how this falls in line with their comment "Your email will not be stored." (presumably just for that check). However, if you sign up it and others you use/used would have to be stored.
-
1. Personally I never use things like this as I'm just to trusting (NOT), I don't give out any information (or drop my defences) for anyone to run a supposed security/compromise check.
Sign up for Firefox Monitor. You’ll get a full report on your compromised accounts and notifications any time your accounts appear in new data breaches.
2. I don't know how this falls in line with their comment "Your email will not be stored." (presumably just for that check). However, if you sign up it and others you use/used would have to be stored.
1. Me neither, but FFM is certainly one of the few trustworthy services, imo.
2. Correct. :)
-
I don't know how this falls in line with their comment "Your email will not be stored."
No email address is transferred. To quote Mozilla:
When a user submits their email address to Firefox Monitor, it hashes the plaintext value and sends the first 6 characters to the HIBP API.
-
I don't know how this falls in line with their comment "Your email will not be stored."
No email address is transferred. To quote Mozilla:
When a user submits their email address to Firefox Monitor, it hashes the plaintext value and sends the first 6 characters to the HIBP API.
Thanks for that, it could be useful if they either stated that (or gave a link) on the same page as they say your email won't be stored.
Mine you those like myself, who question statements like that, are less likely to need the service. Those that believe just because they say it (and it is written down) is so may be their target audience.
-
...could be useful if they either stated that...
Take a look here: https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/ (https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/)
-
...could be useful if they either stated that...
Take a look here: https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/ (https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/)
I will have a look at it later, just about to go out.
It isn't so much that it isn't there, just that people would have to go digging for it and many won't.
-
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
-
Torii botnet - Not another Mirai variant
https://blog.avast.com/new-torii-botnet-threat-research
-
Facebook Is Giving Advertisers Access to Your Shadow Contact Information
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
https://mislove.org/publications/PII-PETS.pdf
-
VPNFilter III: More Tools for the Swiss Army Knife of Malware
https://blog.talosintelligence.com/2018/09/vpnfilter-part-3.html
-
5 out of 6 routers at risk
https://blog.avast.com/wi-fi-routers-at-risk
http://www.theamericanconsumer.org/wp-content/uploads/2018/09/FINAL-Wi-Fi-Router-Vulnerabilities.pdf
-
Ransomware attacks via RDP choke SMBs
https://blog.avast.com/ransomware-attacks-via-rdp
https://www.ic3.gov/media/2018/180927.aspx
-
70+ different types of home routers (all together 100,000+) are being hijacked by GhostDNS
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
-
Hackers Are Holding High Profile Instagram Accounts Hostage
https://motherboard.vice.com/en_us/article/d3jdbk/hackers-high-profile-instagram-accounts-hostage-ransom-bitcoin
https://blog.avast.com/instagram-accounts-frozen-with-ransomware
-
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
-
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies)
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond (https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond)
-
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies)
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond (https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond)
Whilst I haven't finished reading the first article yet - I'm finding it hard going as it is white text on a black background (for me certainly) and after a while my eyes just lose focus. However, it is certainly playing to peoples worst fears Government Cyber Hacking (and more in this case), Foreign and Domestic, etc. etc.
I'm not sure how they can rebut this if said doctored chip sets are present. It seems to be trying to keep their feet out of the fire or be help accountable. I think there will be a long life to this issue and concerns about hardware modification at source.
This reminds me about CPUs coming out from the factories all ready infected with malware (a few years ago), seems this is the next logical step hacking the hardware.
-
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
The Big Hack: The Software Side of China’s Supply Chain Attack
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-the-software-side-of-china-s-supply-chain-attack
-
Malware Has a New Way to Hide on Your Mac
https://www.wired.com/story/mac-malware-hide-code-signing/
-
The October 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/10/9/the-october-2018-security-update-review
-
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
The Big Hack: The Software Side of China’s Supply Chain Attack
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-the-software-side-of-china-s-supply-chain-attack
New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom
https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
-
The Sony Smart TV Exploit: An Inside View of Hijacking Your Living Room
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
-
Microsoft Edge Remote Code Execution
https://leucosite.com/Microsoft-Edge-RCE/
https://www.zerodayinitiative.com/advisories/ZDI-18-1136/
-
Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
https://www.bleepingcomputer.com/news/security/largest-cyber-attack-against-iceland-driven-by-complex-phishing-scheme/
-
New Sextortion Scam Pretends to Come from Your Hacked Email Account
https://www.bleepingcomputer.com/news/security/new-sextortion-scam-pretends-to-come-from-your-hacked-email-account/
-
Fake Flash Updaters Push Cryptocurrency Miners
https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/
-
Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks
https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/
-
Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html
-
MikroTik mayhem: Cryptomining campaign abusing routers
https://blog.avast.com/mikrotik-routers-targeted-by-cryptomining-campaign-avast
-
Tracking Users across the Web via TLS Session Resumption
https://arxiv.org/pdf/1810.07304.pdf
-
Having The Security Rug Pulled Out From Under You
https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html
-
Inside the industry of cybercrime
https://blog.avast.com/evolution-of-cybercrime
-
Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
-
Latest Firefox Rolls Out Enhanced Tracking Protection
https://blog.mozilla.org/blog/2018/10/23/latest-firefox-rolls-out-enhanced-tracking-protection/
https://blog.mozilla.org/futurereleases/2018/10/23/the-path-to-enhanced-tracking-protection/
-
TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html
-
Seven new Mirai variants and the aspiring cybercriminal behind them
https://blog.avast.com/hacker-creates-seven-new-variants-of-the-mirai-botnet
-
Multiple 0days used by Magecart
https://gwillem.gitlab.io/2018/10/23/magecart-extension-0days/
-
Malware Distributors Adopt DKIM to Bypass Mail Filters
https://www.bleepingcomputer.com/news/security/malware-distributors-adopt-dkim-to-bypass-mail-filters/
-
DDoS-for-Hire Service Powered by Bushido Botnet
https://www.fortinet.com/blog/threat-research/ddos-for-hire-service-powered-by-bushido-botnet-.html
-
Windows 10 Bug Allowed UWP Apps Full Access to File System
https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-apps-full-access-to-file-system/
-
Anatomy of a sextortion scam
https://blog.talosintelligence.com/2018/10/anatomy-of-sextortion-scam.html
-
Quarterly Incident Response Threat Report
https://www.carbonblack.com/quarterly-incident-response-threat-report/november-2018/
-
BleedingBit
https://armis.com/bleedingbit/
-
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys
https://arstechnica.com/information-technology/2018/11/intel-cpus-fall-to-new-hyperthreading-exploit-that-pilfers-crypto-keys/
-
New Microsoft Edge Browser Zero-Day RCE Exploit in the Works
https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-zero-day-rce-exploit-in-the-works/
-
Further protections from harmful ad experiences on the web
https://blog.chromium.org/2018/11/further-protections-from-harmful-ad.html
-
VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available
https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/
https://github.com/MorteNoir1/virtualbox_e1000_0day
-
New American Cybercommand Initiative on VT: ;)
https://www.cybercom.mil/Media/News/News-Display/Article/1681533/new-cnmf-initiative-shares-malware-samples-with-cybersecurity-industry/
Next to already existing FBI efforts: https://malwareinvestigator.gov/
Good they are supporting av-industry this way,
polonus
-
Microsoft is Porting Sysinternals Tools to Linux - ProcDump Released
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-porting-sysinternals-tools-to-linux-procdump-released/
https://github.com/microsoft/procdump-for-linux
-
BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers
http://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers-to-email-spammers-en/
-
Cryptocurrency-mining Malware Targets Linux Systems, Uses Rootkit for Stealth
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
-
Avast Hack Check
https://www.avast.com/hackcheck
https://www.avast.com/hackcheck/leaks
-
Advances in visual phishing detection
https://blog.avast.com/avast-improves-phishing-detection-avast
-
Intel Microcode Boot Loader
https://www.ngohq.com/intel-microcode-boot-loader.html
-
The November 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/11/13/the-november-2018-security-update-review
-
Spectre, Meltdown researchers unveil 7 more speculative execution attacks
https://arstechnica.com/gadgets/2018/11/spectre-meltdown-researchers-unveil-7-more-speculative-execution-attacks/
https://arxiv.org/pdf/1811.05441
-
Spectre, Meltdown researchers unveil 7 more speculative execution attacks
https://arstechnica.com/gadgets/2018/11/spectre-meltdown-researchers-unveil-7-more-speculative-execution-attacks/ (https://arstechnica.com/gadgets/2018/11/spectre-meltdown-researchers-unveil-7-more-speculative-execution-attacks/)
https://arxiv.org/pdf/1811.05441 (https://arxiv.org/pdf/1811.05441)
According to Intel, this will solve the Meltdown and Spectre insecurities.
(https://screencast-o-matic.com/screenshots/u/Lh/1542284717722-63338.png)
-
According to Intel, this will solve the Meltdown and Spectre insecurities.
Just marketing. Take a guess how long it would take to get everyone updated. ;)
-
According to Intel, this will solve the Meltdown and Spectre insecurities.
Just marketing. Take a guess how long it would take to get everyone updated. ;)
Or how much Intel will make out of said updates ;)
Perhaps it is about time these companies had to pay users for their failings :P
-
It's a pity, but it won't happen.
-
Firefox Monitor Launches in 26 Languages and Adds New Desktop Browser Feature
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites/
-
Firefox Monitor Launches in 26 Languages and Adds New Desktop Browser Feature
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/ (https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/)
https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites/ (https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites/)
The next question is, How many of you who have used an email address for any lenght of time,
haven't had your email address exposed on a site that was hacked?
(That unfortunately includes this site if you've been here since before 5-26-2014.)
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
-
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
Afaik, such a function is included in Avast Passwords Premium.
-
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
Afaik, such a function is included in Avast Passwords Premium.
Thanks, but even in the beta I only use the free version. :)
-
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
Afaik, such a function is included in Avast Passwords Premium.
Thanks, but even in the beta I only use the free version. :)
Guess, you'd get a license for free, but it's up to you... ;)
-
It would hurt my image as the Avast be Free spokesperson. :)
(https://screencast-o-matic.com/screenshots/u/Lh/1542407979553-45871.png)
-
Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends
https://www.imperva.com/blog/facebook-privacy-bug/
-
Hacking Gmail’s UX With From Fields
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f
-
Scammers Use Facebook Sharer Page to Push Tech Support Scams
https://www.bleepingcomputer.com/news/security/scammers-use-facebook-sharer-page-to-push-tech-support-scams/
-
ATM Logic Attacks: Scenarios 2018
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
-
A leaky database of SMS text messages exposed password resets and two-factor codes
https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/
-
Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
https://blog.talosintelligence.com/2018/11/tplinkr600.html
-
Web skimmers compete in Umbro Brasil hack
https://blog.malwarebytes.com/threat-analysis/2018/11/web-skimmers-compete-umbro-brasil-hack/
-
Amazon Data Leak Exposes Email Addresses Right Before Black Friday
https://www.bleepingcomputer.com/news/security/amazon-data-leak-exposes-email-addresses-right-before-black-friday/
-
The Rotexy mobile Trojan – banker and ransomware
https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/
-
USPS Site Exposed Data on 60 Million Users
https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/
-
Aurora / Zorro Ransomware Actively Being Distributed
https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/
-
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All
https://www.vusec.net/projects/eccploit/
http://cs.vu.nl/~lcr220/ecc/ecc-rh-paper-sp2019-cr.pdf
-
Half of all Phishing Sites Now Have the Padlock
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
-
Industry collaboration leads to takedown of the “3ve” ad fraud operation (https://security.googleblog.com/2018/11/industry-collaboration-leads-to.html)
-
Dell Systems Hacked to Steal Customer Information
https://www.bleepingcomputer.com/news/security/dell-systems-hacked-to-steal-customer-information/
-
AutoCAD Malware - Computer Aided Theft
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
-
KingMiner: The New and Improved CryptoJacker
https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/
-
Mozilla to Provide MSI Installers Starting with Firefox 65
https://www.bleepingcomputer.com/news/software/mozilla-to-provide-msi-installers-starting-with-firefox-65/
https://support.mozilla.org/en-US/kb/firefox-customization-msi-installers
-
Let’s play Hide ’N Seek with a botnet.
https://blog.avast.com/hide-n-seek-botnet-continues
-
SNDBOX - an AI Powered Malware Analysis Site is Launched
https://www.bleepingcomputer.com/news/security/sndbox-an-ai-powered-malware-analysis-site-is-launched/
https://www.sndbox.com/
-
New Report: Unknown Data Scraper Breach
https://blog.hackenproof.com/industry-news/new-report-unknown-data-scraper-breach/
-
Sextortion with a side of ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
-
Botnet of Infected WordPress Sites Attacking WordPress Sites
https://www.wordfence.com/blog/2018/12/wordpress-botnet-attacking-wordpress/
-
The Ransomware Doctor Without a Cure
https://research.checkpoint.com/the-ransomware-doctor-without-a-cure/
-
Sophisticated Android clickfraud apps pose as iPhone apps and devices
https://news.sophos.com/en-us/2018/12/06/android-clickfraud-fake-iphone/
-
The Dark Side of the ForSSHe // A landscape of OpenSSH backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
-
The December 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/12/11/the-december-2018-security-update-review
-
Android Trojan steals money from PayPal accounts even with 2FA on
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
-
‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf
-
Avast failed on all 4 WinXP machines this morning 12-13-18 !
So far only attempted to restart the UI service but keep getting error message !
Set Terminal server to Automatic start and verified Background Intelligent Transfer Services was set to Automatic start .
Will attempt to reinstall program next :(
Running Avast on one Win 7 machine with no issues this morning !
-
@ tmoroney
Please start your own new topic in the Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier forum https://forum.avast.com/index.php?board=2.0 (https://forum.avast.com/index.php?board=2.0). That is for specific problems with avast antivirus for windows. This topic in the 'General Forum' about technical issues unrelated to Avast.
On that new topic give details of the avast version and build number (use the about avast option in the tray icon) you have installed on these XP machines.
-
New Bomb Threat Email Scam Campaign Demanding $20K in Bitcoin
https://www.bleepingcomputer.com/news/security/new-bomb-threat-email-scam-campaign-demanding-20k-in-bitcoin/
-
NUClear explotion
https://embedi.org/blog/nuclear-explotion/
-
123456 Is the Most Used Password for the 5th Year in a Row
https://www.bleepingcomputer.com/news/security/123456-is-the-most-used-password-for-the-5th-year-in-a-row/
https://www.prweb.com/releases/bad_password_habits_die_hard_shows_splashdata_s_8th_annual_worst_passwords_list/prweb15987071.htm
-
How to Decrypt HiddenTear Ransomware with HT Brute Forcer
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
-
Magellan
https://blade.tencent.com/magellan/index_en.html
-
Connecting the dots between recently active cryptominers
https://blog.talosintelligence.com/2018/12/cryptomining-campaigns-2018.html
-
Top 10 Biggest Data Breaches in 2018
https://blog.avast.com/biggest-data-breaches
-
Cartoon chaos on Facebook
https://blog.avast.com/facebook-users-share-cartoon-malware
https://malfind.com/index.php/2018/12/21/how-i-accidentaly-found-clickjacking-in-facebook/
-
Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries
https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/
https://www.reuters.com/article/us-china-cyber-hpe-ibm-exclusive-idUSKCN1OJ2OY
-
Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries
https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/
https://www.reuters.com/article/us-china-cyber-hpe-ibm-exclusive-idUSKCN1OJ2OY
This is very big, but what are we to actually do about punishing those responsible. I guess this is is going to go the way of HUAWEI being denied 5G infrastructure contracts in several countries.
-
New Tech Support Scam Causes Chrome Browser to Use 100% of the CPU
https://www.bleepingcomputer.com/news/security/new-tech-support-scam-causes-chrome-browser-to-use-100-percent-of-the-cpu/
-
State of Software Security Report (SOSS) 2018
https://www.veracode.com/state-of-software-security-report
-
JungleSec Ransomware Infects Victims Through IPMI Remote Consoles
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
-
The EU Opens Bug Hunting Season in 2019 for 15 Open-Source Projects It Uses
https://www.bleepingcomputer.com/news/security/the-eu-opens-bug-hunting-season-in-2019-for-15-open-source-projects-it-uses/
https://juliareda.eu/2018/12/eu-fossa-bug-bounties/
-
Phishing template uses fake fonts to decode content and evade detection
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
-
How to Decrypt the Aurora Ransomware with AuroraDecrypter
https://www.bleepingcomputer.com/news/security/how-to-decrypt-the-aurora-ransomware-with-auroradecrypter/
-
Vidar and GandCrab: stealer and ransomware combo observed in the wild
https://blog.malwarebytes.com/threat-analysis/2019/01/vidar-gandcrab-stealer-and-ransomware-combo-observed-in-the-wild/
-
2019 predictions: The internet of (vulnerable) things
https://blog.avast.com/iot-predictions
https://cdn2.hubspot.net/hubfs/486579/Avast%20Threat%20Landscape%20Report%202019.pdf
-
The January 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/1/8/the-january-2019-security-update-review
-
Surprise! Your phone data is for sale
https://blog.avast.com/phone-location-data-to-aggregators
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile
-
The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/
-
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
https://arxiv.org/pdf/1901.00846.pdf
-
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/
-
Mozilla to Disable Flash Plugin by Default in Firefox 69
https://www.bleepingcomputer.com/news/software/mozilla-to-disable-flash-plugin-by-default-in-firefox-69/
-
Metasploit Framework 5.0 Released!
https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released/
-
How I Hacked Play-with-Docker and Remotely Ran Code on the Host
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
-
Distribution of malicious JAR appended to MSI files signed by third parties
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html
-
The 773 Million Record "Collection #1" Data Breach
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
Avast Hack-Check: https://www.avast.com/hackcheck
-
The 773 Million Record "Collection #1" Data Breach
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/
Avast Hack-Check: https://www.avast.com/hackcheck
773M Password ‘Megabreach’ is Years Old
https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/
-
DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
-
Microsoft Azure DevOps Bounty Program
https://www.microsoft.com/en-us/msrc/bounty-azure-devops
-
5 software facts you didn’t know: Avast PC Report (Part 1)
https://blog.avast.com/pc-report-2019-shows-users-fail-to-update-avast
https://cdn2.hubspot.net/hubfs/486579/Avast_PC_Trends_Report_2019.pdf
-
How to takedown 100,000 malware sites
https://abuse.ch/blog/how-to-takedown-100000-malware-sites/
https://urlhaus.abuse.ch/statistics/reactiontime/
-
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/
-
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???
-
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???
Hmm... working here ???
-
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???
Hmm... working here ???
Also working here.
-
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???
Hmm... working here ???
Also working here.
(https://screencast-o-matic.com/screenshots/u/Lh/1548341983720-79075.png)
The culprit appears to be the Avast secureLine. Once I turn it off, problem solved.
(Not good since I'm on open wifi at a hotel.)
-
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???
Hmm... working here ???
Also working here.
(https://screencast-o-matic.com/screenshots/u/Lh/1548341983720-79075.png)
The culprit appears to be the Avast secureLine. Once I turn it off, problem solved.
(Not good since I'm on open wifi at a hotel.)
Yep, working here also.... ???
-
Are any of you using SecureLine while you're visiting the site ???
-
Are any of you using SecureLine while you're visiting the site ???
Yes.
-
Are any of you using SecureLine while you're visiting the site ???
Yes.
Miami ???
Right now the site is down. :)
-
Site is back up.
If I use MIami, I can't get on that website.
I changed it to another connection I was able to reach the site with SecureLine.
Bleeping Computer is probably blocking the IP
-
Just visited again, using New York. OK.
-
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
-
Cisco AMP tracks new campaign that delivers Ursnif
https://blog.talosintelligence.com/2019/01/amp-tracks-ursnif.html
-
Confiant & Malwarebytes Uncover Steganography Based Ad Payload That Drops Shlayer Trojan On Mac Users
https://blog.confiant.com/confiant-malwarebytes-uncover-steganography-based-ad-payload-that-drops-shlayer-trojan-on-mac-cd31e885c202
-
Hackers Targeting Cisco RV320/RV325 Routers Using New Exploits
https://www.bleepingcomputer.com/news/security/hackers-targeting-cisco-rv320-rv325-routers-using-new-exploits/
-
AZORult: Now, as A Signed “Google Update”
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
-
5 software facts you didn’t know: Avast PC Report (Part 1)
https://blog.avast.com/pc-report-2019-shows-users-fail-to-update-avast
https://cdn2.hubspot.net/hubfs/486579/Avast_PC_Trends_Report_2019.pdf
5 hardware facts you didn’t know — The Avast PC Report, part 2
https://blog.avast.com/pc-report-2019-reveals-hardware-trends
-
DNS flag day 2019
https://dnsflagday.net/
-
“Love you” malspam gets a makeover for massive Japan-targeted campaign
https://www.welivesecurity.com/2019/01/30/love-you-malspam-makeover-massive-japan-targeted-campaign/
-
Ethical Hacker Exposes Magyar Telekom Vulnerabilities, Faces 8 Years in Jail
https://www.bleepingcomputer.com/news/security/ethical-hacker-exposes-magyar-telekom-vulnerabilities-faces-8-years-in-jail/
-
Facebook pays teens to install VPN that spies on them
https://techcrunch.com/2019/01/29/facebook-project-atlas/
-
YouTube Impersonation Scams Offering Fake Rewards are Running Wild
https://www.riskiq.com/blog/labs/youtube-impersonation-scams/
-
Sextortion Scam Stating Xvideos Was Hacked to Record You Through Webcam
https://www.bleepingcomputer.com/news/security/sextortion-scam-stating-xvideos-was-hacked-to-record-you-through-webcam/
-
SpeakUp: A New Undetected Backdoor Linux Trojan
https://research.checkpoint.com/speakup-a-new-undetected-backdoor-linux-trojan/
-
ExileRAT shares C2 with LuckyCat, targets Tibet
https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html
-
Reverse RDP Attack: Code Execution on RDP Clients
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
-
Phishing Attacks Against Facebook/Google via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
-
Phishing Attacks Against Facebook/Google via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html (https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html)
The average person looking at this headline will assume that there's a vulnerability in Google Translate.
That certainly isn't the case but, it makes for good headlines.
-
Many popular iPhone apps secretly record your screen without asking
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
-
IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
https://securityintelligence.com/icedid-operators-using-atsengine-injection-panel-to-hit-e-commerce-sites/
-
Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/linux-coin-miner-copied-scripts-from-korkerds-removes-all-other-malware-and-miners/
-
Sorry, Adobe Reader, We're Not Letting You Phone Home Without User's Consent (0day)
https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html
https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html
-
QNAP NAS user? You'd better check your hosts file for mystery anti-antivirus entries
https://www.theregister.co.uk/2019/02/11/qnap_hosts_file_issues/
-
The February 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/2/12/the-february-2019-security-update-review
-
Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
-
Emotet: A Small Change in Tactics Leads to a Spike in Attacks
https://www.menlosecurity.com/blog/emotet-a-small-change-in-tactics-leads-to-a-spike-in-attacks
-
Increasing mobile threat intelligence with apklab.io
https://blog.avast.com/mobile-threat-intelligence-with-apklab.io
https://apklab.io/
(https://blog.avast.com/hs-fs/hubfs/apklab-io-2.png?width=400)
-
Spoofing in the reeds with Rietspoof
https://blog.avast.com/rietspoof-malware-increases-activity (https://blog.avast.com/rietspoof-malware-increases-activity)
-
Several Cryptojacking Apps Found on Microsoft Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
-
Try Picture in Picture mode for Firefox in Nightly
https://techdows.com/2019/02/picture-in-picture-for-firefox-is-here-to-try-in-nightly.html
-
Spectre is here to stay - An analysis of side-channels and speculative execution
https://arxiv.org/pdf/1902.05178.pdf
-
Is anyone avaliable from Avast to discuss IOC's related to the Rietspoof blog?
https://blog.avast.com/rietspoof-malware-increases-activity
-
Is anyone avaliable from Avast to discuss IOC's related to the Rietspoof blog?
https://blog.avast.com/rietspoof-malware-increases-activity
My first thought would have been no (certainly not in the forums), but the very last paragraph is fairly clear.
We are not sharing IoCs publicly, but, if you are able to prove to Avast that you are an anti-malware analyst or researcher, we will make the IoCs available to you. In this case feel free to contact us.
Having highlighted what is probably the most important wording. I think it could only be through direct contact with Avast and then only for those proven anti-malware analyst or researcher background.
-
Windows 7 users: You need SHA-2 support or no Windows updates after July 2019
Microsoft will begin rolling out SHA-2 standalone updates for Windows 7 and Windows Server 2008 in March in preparation for its July 16 implementation deadline.
https://www.zdnet.com/article/windows-7-users-you-need-sha-2-support-or-no-windows-updates-after-july-2019/ (https://www.zdnet.com/article/windows-7-users-you-need-sha-2-support-or-no-windows-updates-after-july-2019/)
-
Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability
https://blog.trendmicro.com/trendlabs-security-intelligence/monero-miner-malware-uses-radmin-mimikatz-to-infect-propagate-via-vulnerability/
-
North Korea Turns Against New Targets?!
https://research.checkpoint.com/north-korea-turns-against-russian-targets/
-
Threats to users of adult websites in 2018
https://securelist.com/threats-to-users-of-adult-websites-in-2018/89634/
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/02/21120154/Threats_to_users_of_adult_websites_2018.pdf
-
Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
-
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
-
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else
-
Internet infrastructure under attack
https://blog.avast.com/icann-warns-domain-name-system-under-attack
https://www.icann.org/news/announcement-2019-02-22-en
https://www.icann.org/news/announcement-2019-02-15-en
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/
-
A Peek into BRONZE UNION’s Toolbox
https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox
-
Magecart Group 4: Never Gone, Always Advancing
https://www.riskiq.com/blog/labs/magecart-group-4-always-advancing/
-
ExSpectre: Hiding Malware in Speculative Execution
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_02B-5_Wampler_paper.pdf
-
Op 'Sharpshooter' Connected to North Korea's Lazarus Group
https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazarus-group/
-
"Encryption everywhere", really a good advice:
https://www.privacytools.io/ (sources: Glenn Greenwald et.al.)
New law that may come to the Netherlands, (people who know how to access a system may be ordered to share their knowledge, however, this doesn't apply to the suspect itself or family members.)
Who finally gonna speak up for me?
polonus
-
Microsoft Sees 250% Phishing Increase, Malware Decline by 34%
https://www.bleepingcomputer.com/news/security/microsoft-sees-250-percent-phishing-increase-malware-decline-by-34-percent/
-
SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks
https://arxiv.org/pdf/1903.00446.pdf
-
The Return of the Equation Editor Exploit – DIFAT Overflow
https://www.mimecast.com/blog/2019/03/the-return-of-the-equation-editor-exploit--difat-overflow/
-
UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/upnp-enabled-connected-devices-in-home-unpatched-known-vulnerabilities/
-
800+ Million Emails Leaked Online by Email Verification Service
https://securitydiscovery.com/800-million-emails-leaked-online-by-email-verification-service/
https://www.wired.com/story/email-marketing-company-809-million-records-exposed-online/
-
Financial Cyberthreats in 2018
https://securelist.com/financial-cyberthreats-in-2018/89788/
-
Exploitation of a Vanilla Buffer Overflow in the o2 HomeBox 6441 Router - A Step by Step Abuse Guide
https://nsideattacklogic-tech.blogspot.com/2019/03/exploitation-of-vanilla-buffer-overflow.html
-
New "Final Warning" Sextortion Emails State Adult Sites Infected You
https://www.bleepingcomputer.com/news/security/new-final-warning-sextortion-emails-state-adult-sites-infected-you/
-
The March 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/3/12/the-march-2019-security-update-review
-
New mining worm PsMiner uses multiple high-risk vulnerabilities to spread
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
-
‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
https://www.flashpoint-intel.com/blog/dmsniff-pos-malware-actively-leveraged-target-medium-sized-businesses/
-
Over 100 Exploits Found for 19-Year Old WinRAR RCE Bug
https://www.bleepingcomputer.com/news/security/over-100-exploits-found-for-19-year-old-winrar-rce-bug/
-
New Ursnif Variant Targets Japan Packed with New Features
https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features
-
Spam Warns about Boeing 737 Max Crashes While Pushing Malware
https://www.bleepingcomputer.com/news/security/spam-warns-about-boeing-737-max-crashes-while-pushing-malware/
-
New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
-
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
https://www.recordedfuture.com/top-vulnerabilities-2018/
https://go.recordedfuture.com/hubfs/reports/cta-2019-0319.pdf
-
Attacking the internal network from the public Internet using a browser as a proxy
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
https://www.forcepoint.com/sites/default/files/resources/files/report-attacking-internal-network-en_0.pdf
-
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
-
Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019
https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/
Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/
-
Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019
https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/ (https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/)
Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/ (https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/)
Does this indicate that it's time to start using Chrome ???
-
Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019
https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/ (https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/)
Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/ (https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/)
Does this indicate that it's time to start using Chrome ???
Hi Bob, not at all, but do as you like. The only Chromium based browser I use is ASB. ;)
-
Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/
And Mozilla fixed & released the fixes for Firefox on the same day ;)
-
FIN7 Revisited: Inside Astra Panel and SQLRat Malware
https://www.flashpoint-intel.com/blog/fin7-revisited:-inside-astra-panel-and-sqlrat-malware/
-
VirusTotal Goes Retro with New ASCII Site for Older Browsers
https://www.bleepingcomputer.com/news/technology/virustotal-goes-retro-with-new-ascii-site-for-older-browsers/
-
AZORult++: Rewriting history
https://securelist.com/azorult-analysis-history/89922/
-
New steps to protect customers from hacking
https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/
-
Asus was warned of hacking risks months ago, thanks to leaky passwords
https://techcrunch.com/2019/03/27/asus-hacking-risk/
-
Asus was warned of hacking risks months ago, thanks to leaky passwords
https://techcrunch.com/2019/03/27/asus-hacking-risk/
Unleash The Hash - ShadowHammer MAC Address List
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/list.txt
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/extended_list.txt
-
Zero-Day TP-Link SR20 Router Vulnerability Disclosed by Google Dev
https://www.bleepingcomputer.com/news/security/zero-day-tp-link-sr20-router-vulnerability-disclosed-by-google-dev/
-
Ironically, Phishing Kit Hosted on Nigerian Government Site
https://www.bleepingcomputer.com/news/security/ironically-phishing-kit-hosted-on-nigerian-government-site/
-
Ironically, Phishing Kit Hosted on Nigerian Government Site
https://www.bleepingcomputer.com/news/security/ironically-phishing-kit-hosted-on-nigerian-government-site/ (https://www.bleepingcomputer.com/news/security/ironically-phishing-kit-hosted-on-nigerian-government-site/)
The perfect place for hosting that Malware. The Nigerian Scam is still very much alive.
-
Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
-
When big fish get caught with big bait
https://blog.avast.com/millions-of-attacks-on-fake-iot-devices
-
Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
https://www.upguard.com/breaches/facebook-user-data-leak
-
Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
https://www.upguard.com/breaches/facebook-user-data-leak (https://www.upguard.com/breaches/facebook-user-data-leak)
https://blog.avast.com/540m-facebook-records-exposed-on-amazon-servers (https://blog.avast.com/540m-facebook-records-exposed-on-amazon-servers)
-
Fake Nike deal spreading on Facebook
https://blog.avast.com/how-to-identify-an-online-scam
-
Abuse of hidden “well-known” directory in HTTPS sites
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites
-
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html
-
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html
I'm totally amazed at what goes on on these so called social networks. I have thought them suspect from day one and haven't signed up to a single social networking site.
-
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html (https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html)
I'm totally amazed at what goes on on these so called social networks. I have thought them suspect from day one and haven't signed up to a single social networking site.
You're a member of the Evangelists' Corner Café so you at least subscribe to one of these social networks. :) :) :)
-
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html (https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html)
I'm totally amazed at what goes on on these so called social networks. I have thought them suspect from day one and haven't signed up to a single social networking site.
You're a member of the Evangelists' Corner Café so you at least subscribe to one of these social networks. :) :) :)
Definitely not in the same league as these rogues. The other slightly different aspect, you can't just join ;)
-
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html (https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html)
I'm totally amazed at what goes on on these so called social networks. I have thought them suspect from day one and haven't signed up to a single social networking site.
You're a member of the Evangelists' Corner Café so you at least subscribe to one of these social networks. :) :) :)
Definitely not in the same league as these rogues. The other slightly different aspect, you can't just join ;)
Not any more. There was a time when posting enough nonsense earned you that right. :)
We also need to realize that even the most careful person can have their information hacked simply by belonging
to a site or forum at the wrong time. If the site or forum are hacked, many times so is the information of those that belong to that forum.
We've all gone through that.
-
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
-
Big change in the plague of Blackmail, Sextortion Scam attempts
https://myonlinesecurity.co.uk/big-change-in-the-plague-of-blackmail-sextortion-scam-attempts/
-
Mobile Malware Analysis : Tricks used in Anubis
https://eybisi.run/Mobile-Malware-Analysis-Tricks-used-in-Anubis/
-
Tech support scams: Tips to protect yourself
https://blog.avast.com/tech-support-scams
-
The April 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/4/9/the-april-2019-security-update-review
-
Another Taj Mahal (between Tokyo and Yokohama)
https://www.kaspersky.com/blog/taj-mahal-apt/26370/
https://securelist.com/project-tajmahal/90240/
-
DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
-
Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/
-
Sextortion profits decline despite higher volume, new techniques
https://blog.talosintelligence.com/2019/04/sextortion-update.html
-
Microsoft: Hackers compromised support agent’s credentials to access customer email accounts
https://techcrunch.com/2019/04/13/microsoft-support-agent-email-hack/
-
Adblock Plus filter lists may execute arbitrary code in web pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
-
Reverse-engineering Broadcom wireless chipsets
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
-
Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent
https://www.businessinsider.sg/facebook-uploaded-1-5-million-users-email-contacts-without-permission-2019-4
https://blog.avast.com/facebook-imports-info-without-user-consent-avast
-
DNS Hijacking Abuses Trust In Core Internet Service
https://blog.talosintelligence.com/2019/04/seaturtle.html
-
New INPIVX Service May Change the Ransomware Game
https://www.bleepingcomputer.com/news/security/new-inpivx-service-may-change-the-ransomware-game/
-
DNSpionage brings out the Karkoff
https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html
-
Operation ShadowHammer: a high-profile supply chain attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
-
Active Exploitation of Confluence Vulnerability CVE-2019-3396 Dropping Gandcrab Ransomware
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
-
Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware
-
Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers
https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-adds-new-evasion-technique-and-uses-connected-devices-as-proxy-cc-servers/
-
The Economy of Credential Stuffing Attacks
https://www.recordedfuture.com/credential-stuffing-attacks/
https://go.recordedfuture.com/hubfs/reports/cta-2019-0425.pdf
-
Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
-
Buhtrap backdoor and ransomware distributed via major advertising platform
https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/
-
P2P Weakness Exposes Millions of IoT Devices
https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
-
Not all Roads Lead to Magento: All Payment Platforms are Targets for Magecart
https://www.riskiq.com/blog/labs/magecart-beyond-magento/
-
Double blow to dark web marketplaces
https://www.europol.europa.eu/newsroom/news/double-blow-to-dark-web-marketplaces
https://www.justice.gov/opa/pr/three-germans-who-allegedly-operated-dark-web-marketplace-over-1-million-users-face-us
-
Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit
-
Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/
-
North Korean Tunneling Tool: ELECTRICFISH
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
-
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/
-
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports. (Gossip.)
-
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports. (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
-
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports. (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies (https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies)
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.
-
Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Only a handful major AV companies in the US, so take your best guess. ;)
Anyway, as we're running Avast (non US), there's nothing to worry about.
-
Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud
https://www.intezer.com/blog-technical-analysis-cryptocurrency-mining-war-on-the-cloud/
-
Blocking Hyperlink Auditing Tracking Pings with Extensions
https://www.bleepingcomputer.com/news/security/blocking-hyperlink-auditing-tracking-pings-with-extensions/
-
Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists
https://www.nytimes.com/2019/05/13/technology/nso-group-whatsapp-spying.html
-
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports. (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies (https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies)
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/
-
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports. (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies (https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies)
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/ (https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/)
Thanks for the link. The opriginal post stated that it effected 3 US security Companies.
Now the statement is 3 companies with offices in the US. Big difference since many Security companies have offices in the US.
-
ZombieLoad: Cross Privilege-Boundary Data Leakage
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
https://zombieloadattack.com/
https://cpu.fail/
-
RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs
https://mdsattacks.com/
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
https://zombieloadattack.com/#attack
-
RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs
https://mdsattacks.com/ (https://mdsattacks.com/)
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html (https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html)
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf (https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf)
https://zombieloadattack.com/#attack (https://zombieloadattack.com/#attack)
So according to the tool offered here, https://mdsattacks.com/ (https://mdsattacks.com/) my system is vulnerable.
(https://screencast-o-matic.com/screenshots/u/Lh/1557921874568-73818.png)
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???
-
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
-
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html)
Since it's their chip, income and reputation, I'll be just a bit sceptical with anything they have to say till verifies by a third independent source.
-
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html)
Since it's their chip, income and reputation, I'll be just a bit sceptical with anything they have to say till verifies by a third independent source.
Hi Bob, agreed. Here's an overview of the currently available updates/fixes. Hope it helps. (German site)
https://www.heise.de/ct/artikel/Updates-gegen-die-Intel-Prozessorluecken-ZombieLoad-Co-4422413.html
-
May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability
https://blog.trendmicro.com/trendlabs-security-intelligence/mays-patch-tuesday-include-fixes-for-wormable-flaw-in-windows-xp-zero-day-vulnerability/
===================================================
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification.
=======================================================
-
The May 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/5/14/the-may-2019-security-update-review
-
RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs
https://mdsattacks.com/
https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html
https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf
https://zombieloadattack.com/#attack
This option is available for macOS Mojave, High Sierra, and Sierra after installing security updates.
https://support.apple.com/en-us/HT210108
-
Bots Tampering with TLS to Avoid Detection
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
-
Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
-
The Trade Secret - Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
-
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
-
JSWorm 2.0 Ransomware Decryptor Gets Your Files Back For Free
https://www.bleepingcomputer.com/news/security/jsworm-20-ransomware-decryptor-gets-your-files-back-for-free/
-
A journey to Zebrocy land
https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/
-
Sorpresa! JasperLoader targets Italy with a new bag of tricks
https://blog.talosintelligence.com/2019/05/sorpresa-jasperloader.html
-
Hack for Hire: Exploring the Emerging Market for Account Hijacking
https://www.sysnet.ucsd.edu/~voelker/pubs/hackforhire-www19.pdf
-
Abusing Code Signing for Profit
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
-
HawkEye Malware Operators Renew Attacks on Business Users
https://securityintelligence.com/hawkeye-malware-operators-renew-attacks-on-business-users/
-
The Nansh0u Campaign – Hackers Arsenal Grows Stronger
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
-
Xulu: Cryptojacking Leveraging Shodan, Tor, and Malicious Docker Container
https://www.alibabacloud.com/blog/xulu-cryptojacking-leveraging-shodan-tor-and-malicious-docker-container_594869
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
-
Justice Dept. Explores Google Antitrust Case
https://www.nytimes.com/2019/05/31/business/google-antitrust-justice-department.html
-
Justice Dept. Explores Google Antitrust Case
https://www.nytimes.com/2019/05/31/business/google-antitrust-justice-department.html (https://www.nytimes.com/2019/05/31/business/google-antitrust-justice-department.html)
It always amazes me when an inefficient Government agency investigates a successful business.
-
Microsoft Azure Being Used to Host Malware and C2 Servers
https://www.bleepingcomputer.com/news/security/microsoft-azure-being-used-to-host-malware-and-c2-servers/
-
BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
https://blog.trendmicro.com/trendlabs-security-intelligence/blacksquid-slithers-into-servers-and-drives-with-8-notorious-exploits-to-drop-xmrig-miner/
-
It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign
https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html
-
GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/
-
Russia Says it Will Soon Begin Blocking Major VPNs
https://torrentfreak.com/russia-says-it-will-soon-begin-blocking-major-vpns/
https://openvpn.net/response-to-russia-content-censorship/
https://blog.hidemyass.com/en/hidemyass-is-pulling-out-of-russia
-
Large European Routing Leak Sends Traffic Through China Telecom
https://blogs.oracle.com/internetintelligence/large-european-routing-leak-sends-traffic-through-china-telecom
-
MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/
https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf
-
The June 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/6/11/the-june-2019-security-update-review
-
RAMBleed - Reading Bits in Memory Without Accessing Them
https://rambleed.com/
https://rambleed.com/docs/20190603-rambleed-web.pdf
-
Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/
-
Houdini Worm Transformed in New Phishing Attack
https://cofense.com/houdini-worm-transformed-new-phishing-attack/
-
Good riddance, GandCrab! We’re still fixing the mess you left behind.
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
-
Malware sidesteps Google permissions policy with new 2FA bypass technique
https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/
-
Cryptomining Dropper and Cronjob Creator
https://blog.sucuri.net/2019/06/cryptomining-dropper-and-cronjob-creator.html
-
LoudMiner: Cross-platform mining in cracked VST software
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
-
How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105
https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105
-
Fresh “video games” site welcomes new users with Steam phish
https://blog.malwarebytes.com/social-engineering/2019/06/fresh-video-games-site-welcomes-new-users-with-steam-phish/
-
We scanned the world of IoT – it’s not what you think it is
https://blog.avast.com/new-research-reveals-world-iot-world
https://press.avast.com/hubfs/stanford_avast_state_of_iot.pdf
-
This is Your President Speaking: Spoofing Alerts in 4G LTE Networks
https://dl.acm.org/ft_gateway.cfm?id=3326082
-
LokiBot & NanoCore being distributed via ISO disk image files
https://www.netskope.com/blog/lokibot-nanocore-iso-disk-image-files
-
New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/
-
Exploit Using Microsoft Excel Power Query for Remote DDE Execution Discovered
https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/
-
Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution
https://medium.com/@reegun/nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-80c9df51cf12
-
Under the Radar – Phishing Using QR Codes to Evade URL Analysis
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
-
SKS Keyserver Network Under Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
-
RATs and stealers rush through “Heaven’s Gate” with new loader
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html
-
Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus
https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html
-
Superhuman is Spying on You
https://mikeindustries.com/blog/archive/2019/06/superhuman-is-spying-on-you
-
An Analysis of Godlua Backdoor
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
-
Sodin ransomware exploits Windows vulnerability and processor architecture
https://securelist.com/sodin-ransomware/91473/
-
Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/
https://documents.trendmicro.com/assets/Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf
https://documents.trendmicro.com/assets/Appendix-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf
-
Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack
https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
-
Logitech keyboards and mice vulnerable to extensive cyber attacks
https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html
-
Logitech keyboards and mice vulnerable to extensive cyber attacks
https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html
Very interesting, god knows how many Logitech devices are in circulation. I have three Logitech mice and had been considering a duo keyboard/mouse combination.
-
The July 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/7/9/the-july-2019-security-update-review
-
The eCh0raix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
-
Google employees are eavesdropping, even in your living room, VRT NWS has discovered
https://www.vrt.be/vrtnws/en/2019/07/10/google-employees-are-eavesdropping-even-in-flemish-living-rooms/
-
Agent Smith: A New Species of Mobile Malware
https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-malware/
-
Router Exploit Kits: An overview of RouterCSRF attacks and DNS hijacking in Brazil
https://decoded.avast.io/threatintel/router-exploit-kits-an-overview-of-routercsrf-attacks-and-dns-hijacking-in-brazil/
-
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/
-
Meet Extenbro, a new DNS-changer Trojan protecting adware
https://blog.malwarebytes.com/trojans/2019/07/extenbro-a-new-dns-changer-trojan-protecting-adware/
-
Hong Kong Based Malvertiser Brokers Traffic To Fake Antivirus Scams — Over 100 Million Ads Compromised In 2019 So Far
https://blog.confiant.com/hong-kong-based-malvertiser-brokers-traffic-to-fake-antivirus-scams-over-100-million-ads-300e251eff06
-
My browser, the spy: How extensions slurped up browsing histories from 4M users
https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/
https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/
https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/
-
The PGP Problem
https://latacora.singles/2019/07/16/the-pgp-problem.html
-
Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed
https://www.bleepingcomputer.com/news/security/russian-fsb-intel-agency-contractor-hacked-secret-projects-exposed/
-
LooCipher Ransomware Decryptor Gets Your Files Back for Free
https://www.bleepingcomputer.com/news/security/loocipher-ransomware-decryptor-gets-your-files-back-for-free/
-
Deep Dive into Guildma Malware
https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/
-
Deep Dive into Guildma Malware
https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/
WOW, set aside some time, 59 min read, I'm not a speed reader and trying to understand what you read may take longer :)
-
Fake Google Domains Used in Evasive Magento Skimmer
https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html
-
No More Ransom Success Story: Saves $108+ Million in Ransomware Payments
https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story-saves-108-million-in-ransomware-payments/
-
No More Ransom Success Story: Saves $108+ Million in Ransomware Payments
https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story-saves-108-million-in-ransomware-payments/ (https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story-saves-108-million-in-ransomware-payments/)
Emsisoft is by far the greatest contributor and Avast is the second largest contributor.
-
Join the world’s top minds in artificial intelligence at the Cybersecurity & AI conference
https://blog.avast.com/come-to-the-cybersec-ai-prague-conference
https://www.cybersecprague.ai/
-
A connection between the Sodinokibi and GandCrab ransomware families?
https://www.tesorion.nl/aconnection-between-the-sodinokibi-and-gandcrab-ransomware-families/
-
Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds
https://www.forbes.com/sites/thomasbrewster/2019/07/29/exclusive-hackers-can-break-your-credit-cards-30-contactless-limit/
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
-
DealPly Revisited: Leveraging Reputation Services To Remain Under The Radar
https://blog.ensilo.com/leveraging-reputation-services
-
LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks
-
Android ransomware is back
https://www.welivesecurity.com/2019/07/29/android-ransomware-back/
-
GermanWiper ransomware hits Germany hard, destroys files, asks for ransom
https://www.zdnet.com/article/germanwiper-ransomware-hits-germany-hard-destroys-files-asks-for-ransom/
https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html
-
ECh0raix Ransomware Decryptor Restores QNAP Files For Free
https://www.bleepingcomputer.com/ransomware/decryptor/ech0raix-ransomware-decryptor-restores-qnap-files-for-free/
-
CRITICAL SWAPGS ATTACK - New Side-Channel Attack Bypasses Spectre and Meltdown Defenses
https://www.bitdefender.com/business/swapgs-attack.html
-
Clipsa – Multipurpose password stealer
https://decoded.avast.io/janrubin/clipsa-multipurpose-password-stealer/
-
CRITICAL SWAPGS ATTACK - New Side-Channel Attack Bypasses Spectre and Meltdown Defenses
https://www.bitdefender.com/business/swapgs-attack.html
More information on SWAPGS and Speculative only Segment Loads
https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125
-
CRITICAL SWAPGS ATTACK - New Side-Channel Attack Bypasses Spectre and Meltdown Defenses
https://www.bitdefender.com/business/swapgs-attack.html (https://www.bitdefender.com/business/swapgs-attack.html)
More information on SWAPGS and Speculative only Segment Loads
https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads (https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125)
From all that I've read, this isn't something the average user should ever have to worry about.
-
Malware tools on the shelf
https://blog.avast.com/a-case-study-in-the-ease-of-cybercrime
https://decoded.avast.io/ondrejmokos/f-scrack-mimikatz-a-bundle-of-tools/
-
APT41: A Dual Espionage and Cyber Crime Operation
https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
http://content.fireeye.com/apt41/rpt-apt41
-
Steam Windows Client Local Privilege Escalation 0day
https://amonitoring.ru/article/steamclient-0day/
-
Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS
https://www.proofpoint.com/us/threat-insight/post/phishing-actor-using-xor-obfuscation-graduates-enterprise-cloud-storage-aws
-
Screwed Drivers – Signed, Sealed, Delivered
https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/
-
Recent Cloud Atlas activity
https://securelist.com/recent-cloud-atlas-activity/92016/
-
What all the stuff in email headers means—and how to sniff out spoofing
https://arstechnica.com/information-technology/2019/08/ars-forensic-files-how-to-parse-through-e-mail-headers-and-spot-obfuscation/?utm_source=share&utm_medium=ios_app
-
When indexing goes wrong: how Google Search recovered from indexing issues & lessons learned since.
https://webmasters.googleblog.com/2019/08/when-indexing-goes-wrong-how-google.html
-
The August 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/8/13/the-august-2019-security-update-review
-
Down the Rabbit-Hole...
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html
-
Chrome and Firefox Changes Spark the End of EV Certificates
https://www.bleepingcomputer.com/news/software/chrome-and-firefox-changes-spark-the-end-of-ev-certificates/
-
From email to phone number, a new OSINT approach
https://www.martinvigo.com/email2phonenumber/
-
KNOB Attack - Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security
https://knobattack.com/
-
Cross-Router Covert Channels
https://www.usenix.org/system/files/woot19-paper_ovadia.pdf
-
Steam Windows Client Local Privilege Escalation 0day
https://amonitoring.ru/article/steamclient-0day/
One more Steam Windows Client Local Privilege Escalation 0day
https://amonitoring.ru/article/onemore_steam_eop_0day/
-
Protecting our Users in Kazakhstan
https://blog.mozilla.org/security/2019/08/21/protecting-our-users-in-kazakhstan/
https://security.googleblog.com/2019/08/protecting-chrome-users-in-kazakhstan.html
-
First‑of‑its‑kind spyware sneaks into Google Play
https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/
-
10 things you need to know about the Facebook Messenger surveillance issue
https://blog.avast.com/facebook-transcribing-raises-concerns
-
Device fingerprinting and the surveillance economy
https://blog.avast.com/fingerprinting-and-the-surveillance-economy
-
PrivEsc in Lenovo Solution Centre, 10 minutes later
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
-
Putting an end to Retadup
A malicious worm that infected hundreds of thousands.
https://blog.avast.com/avast-works-with-france-and-us-to-stop-cryptomining-avast (https://blog.avast.com/avast-works-with-france-and-us-to-stop-cryptomining-avast)
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/ (https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/)
https://www.zdnet.com/article/avast-and-french-police-take-over-malware-botnet-and-disinfect-850000-computers/#ftag=RSSbaffb68 (https://www.zdnet.com/article/avast-and-french-police-take-over-malware-botnet-and-disinfect-850000-computers/#ftag=RSSbaffb68)
-
An advertising dropper in Google Play
https://securelist.com/dropper-in-google-play/92496/
-
Dutch regulator sees potential privacy breach in Microsoft Windows
https://www.reuters.com/article/us-microsoft-privacy/dutch-regulator-sees-potential-privacy-breach-in-microsoft-windows-idUSKCN1VH18T
-
Dutch regulator sees potential privacy breach in Microsoft Windows
https://www.reuters.com/article/us-microsoft-privacy/dutch-regulator-sees-potential-privacy-breach-in-microsoft-windows-idUSKCN1VH18T (https://www.reuters.com/article/us-microsoft-privacy/dutch-regulator-sees-potential-privacy-breach-in-microsoft-windows-idUSKCN1VH18T)
Since in the US we don't have a right to privacy, any improvement Microsoft makes will be a bonus for us.
-
A very deep dive into iOS Exploit chains found in the wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
-
Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway
https://cofense.com/trickbot-using-google-docs-trick-proofpoints-gateway/
-
What’s new in this year’s Almanaq?
https://decoded.avast.io/romanalinkeova/whats-new-in-this-years-almanaq/
-
Threat Actor behind Astaroth is now using Cloudflare Workers to bypass your Security Solutions
https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
-
Today’s Firefox Blocks Third-Party Tracking Cookies and Cryptomining by Default
https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-cryptomining-by-default/
-
A huge database of Facebook users’ phone numbers found online
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
-
Avast discovers widespread security flaws in GPS child trackers
https://blog.avast.com/unsecure-child-trackers
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/
-
Critical flaw found in many Android smartphones
https://blog.avast.com/fake-provisioning-alerts-on-androids
https://www.zdnet.com/article/samsung-huawei-lg-and-sony-phones-vulnerable-to-rogue-provisioning-messages/
https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/
-
Exploit Sellers Say There are More iPhone Hacks on the Market Than They’ve Ever Seen
https://www.vice.com/en_us/article/7x584y/exploit-sellers-say-there-are-more-iphone-hacks-on-the-market-than-theyve-ever-seen
-
A huge database of Facebook users’ phone numbers found online
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
Facebook user phone numbers still online
https://www.cnet.com/news/facebook-user-phone-numbers-still-online/
-
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
-
Flashlight apps on Google Play request up to 77 permissions each, Avast finds
https://blog.avast.com/flashlight-apps-on-google-play-request-up-to-77-permissions-avast-finds
https://decoded.avast.io/luiscorrons/flashlight-apps-on-google-play-request-up-to-77-permissions/
-
The September 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/9/10/the-september-2019-security-update-review
-
The September 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/9/10/the-september-2019-security-update-review
Thanks for the reminder.
I had three updates awaiting action when I checked.
Quite a big one for Win10 1903 Cumulative Update (KB4515384) this time around, even on a relatively fast connection it took a while to download and then install.
-
Intel server-grade CPUs impacted by new NetCAT attack
https://www.zdnet.com/article/intel-server-grade-cpus-impacted-by-new-netcat-attack/
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html
-
Simjacker – Next Generation Spying Over Mobile
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
-
The tangle of WiryJMPer’s obfuscation
https://decoded.avast.io/adolfstreda/the-tangle-of-wiryjmpers-obfuscation/
-
Database leaks data on most of Ecuador's citizens, including 6.7 million children
https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
-
Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek.
https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet
-
Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek.
https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet (https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet)
Another headline that's a bit misleading. Any one can take a peek only how to do that peeking isn't really made available.
-
Ok Google! Please reveal everyone’s public calendar.
https://medium.com/@logicbomb_1/ok-google-please-reveal-everyones-public-calendar-27523206f9ac
-
An Update on Our App Developer Investigation
https://newsroom.fb.com/news/2019/09/an-update-on-our-app-developer-investigation/
-
Disclosing new data to our archive of information operations
https://blog.twitter.com/en_us/topics/company/2019/info-ops-disclosure-data-september-2019.html
-
Beware of Google Alert Links Leading to Malware and Scams
https://www.bleepingcomputer.com/news/security/beware-of-google-alert-links-leading-to-malware-and-scams/
-
Ransomware: two pieces of good news - Decryptors released for Yatron and FortuneCrypt ransomware
https://securelist.com/ransomware-two-pieces-of-good-news/93355/
-
Emsisoft releases free decryptor for WannaCryFake ransomware
https://blog.emsisoft.com/en/34156/emsisoft-releases-free-decryptor-for-wannacryfake-ransomware/
-
The Global Disinformation Order 2019 Global Inventory of Organised Social Media Manipulation
https://comprop.oii.ox.ac.uk/wp-content/uploads/sites/93/2019/09/CyberTroop-Report19.pdf
-
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html
-
Bulletproof Hosting Service in Former NATO Bunker Goes Down
https://www.bleepingcomputer.com/news/security/bulletproof-hosting-service-in-former-nato-bunker-goes-down/
-
PDFex: Major Security Flaws in PDF Encryption
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
https://www.pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf
-
PDFex: Major Security Flaws in PDF Encryption
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html (https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html)
https://www.pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf (https://www.pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf)
It's a well known fact that PDF file types are the most attacked file types.
Unfortunately, most people also use PDF file types.
-
Pulling back the curtain on a banking botnet
https://blog.avast.com/avast-researcher-helps-expose-banking-botnet-geost
http://public.avast.com/research/VB2019-Garcia-etal.pdf
-
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars/
-
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec
-
New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
https://blog.trendmicro.com/trendlabs-security-intelligence/new-fileless-botnet-novter-distributed-by-kovcoreg-malvertising-campaign/
https://documents.trendmicro.com/assets/Tech-Brief-New-Fileless-Botnet-Novter-Distributed-by-KovCoreG-Malvertising-Campaign.pdf
-
The Eye on the Nile
https://research.checkpoint.com/the-eye-on-the-nile/
-
Emsisoft Decryptor for HildaCrypt
https://www.emsisoft.com/ransomware-decryption-tools/hildacrypt
-
Emsisoft Decryptor for Muhstik
https://www.emsisoft.com/ransomware-decryption-tools/muhstik
-
The October Security Update Review
https://www.zerodayinitiative.com/blog/2019/10/8/the-october-security-update-review
-
SafeBreach Discovers New Critical Vulnerability In HP Touchpoint Analytics
https://safebreach.com/Post/SafeBreach-Discovers-New-Critical-Vulnerability-In-HP-Touchpoint-Analytics
https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333
-
Apple Zero-Day Exploited in New BitPaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
-
DNS-over-HTTPS causes more problems than it solves, experts say
https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/
-
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
-
Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF
https://blog.talosintelligence.com/2019/10/vuln-spotlight-Nitro-PDF-RCE-bugs-sept-19.html
-
OnionShare 2 now enables users to put anonymous websites online.
Websites that cannot be censored.
https://blog.torproject.org/new-version-onionshare-makes-it-easy-anyone-publish-anonymous-uncensorable-websites-0
Not encouraging anyone to do this, but good to know about it,
as there are 'certain parties' that frown upon the use of tor and related services to say the least.
polonus
-
Analysis-Report “Study the Great Nation” 08.-09.2019
https://cure53.de/analysis_report_sgn.pdf
-
OSX/Shlayer new Shurprise.. unveiling OSX/Tarmac
https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887
-
Malicious Payloads - Hiding Beneath the WAV
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
-
Cryptocurrency Miners Now Using Evasive Tactics to Exploit Airport Resources
https://www.cyberbit.com/blog/endpoint-security/cryptocurrency-miners-exploit-airport-resources/
-
Operation Ghost: The Dukes aren’t back – they never left
https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf
-
Fake UpdraftPlus Plugins
https://blog.sucuri.net/2019/10/fake-updraftplus-plugins.html
-
Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping
https://srlabs.de/bites/smart-spies/
-
Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping
https://srlabs.de/bites/smart-spies/
Ha and they are only getting wise to this, what the hell took so long.
Recently in the papers, it suggested would you be required to warn visitors that you have one of these devices as they constantly monitor. Just turn the damn things off.
-
Avast fights off cyber-espionage attempt, Abiss
https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss (https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss)
-
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK
-
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK (https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK)
Does it really matter which bad actor is doing the hacking? :)
-
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK (https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK)
Does it really matter which bad actor is doing the hacking? :)
That would rather depend on who was doing the hacking and why ;)
-
Emsisoft releases new decryptor for STOP Djvu ransomware
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu
-
EXCLUSIVE – Last Punched Tape Crypto Key Rolls off the NSA’s Machines
https://www.cbronline.com/news/nsa-punched-tape-keys
-
Phishing attack targeting United Nations and humanitarian organizations discovered by Lookout Phishing AI
https://blog.lookout.com/lookout-phishing-ai-discovers-phishing-attack-targeting-humanitarian-organizations
-
Tracking down the developer of Android adware affecting millions of users
https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/
-
Cash App Scams: Giveaway Offers Ensnare Instagram Users, While YouTube Videos Promise Easy Money
https://www.tenable.com/blog/cash-app-scams-giveaway-offers-ensnare-instagram-users-while-youtube-videos-promise-easy-money
-
New cyberattacks targeting sporting and anti-doping organizations
https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/
-
Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
-
Speaking Truth to Power: Reflections on My Career at Microsoft
https://onezero.medium.com/speaking-truth-to-power-reflections-on-a-career-at-microsoft-90f80a449e36
-
Office 365 Users Targeted by Voicemail Scam Pages
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/office-365-users-targeted-by-voicemail-scam-pages/
-
MESSAGETAP: Who’s Reading Your Text Messages?
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
-
Emsisoft Decryptor for Paradise
https://www.emsisoft.com/ransomware-decryption-tools/paradise
https://decrypter.emsisoft.com/howtos/emsisoft_howto_paradise.pdf
-
Exclusive: U.S. opens national security investigation into TikTok - sources
https://www.reuters.com/article/us-tiktok-cfius-exclusive/exclusive-u-s-opens-national-security-investigation-into-tiktok-sources-idUSKBN1XB4IL
-
BlueKeep (CVE 2019-0708) exploitation spotted in the wild
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
-
Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems
https://lightcommands.com/
https://lightcommands.com/20191104-Light-Commands.pdf
-
Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems
https://lightcommands.com/ (https://lightcommands.com/)
https://lightcommands.com/20191104-Light-Commands.pdf (https://lightcommands.com/20191104-Light-Commands.pdf)
There is obviously a lot more to this than simply shining a laser light at the device.
Keeping the device out of line of sight at this point is the best defense.
Living in the boonies is another. :)
-
BlueKeep (CVE 2019-0708) exploitation spotted in the wild
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
The much-publicized BlueKeep threat has finally emerged – why should you care?
https://blog.avast.com/what-is-bluekeep
-
DarkUniverse – the mysterious APT framework #27
https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
-
BlueKeep (CVE 2019-0708) exploitation spotted in the wild
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
The much-publicized BlueKeep threat has finally emerged – why should you care?
https://blog.avast.com/what-is-bluekeep
Microsoft works with researchers to detect and protect against new RDP exploits
https://www.microsoft.com/security/blog/2019/11/07/the-new-cve-2019-0708-rdp-exploit-attacks-explained/
-
Titanium: the Platinum group strikes again
https://securelist.com/titanium-the-platinum-group-strikes-again/94961/
-
How adversaries use politics for compromise
https://blog.talosintelligence.com/2019/11/political-malware.html
-
How adversaries use politics for compromise
https://blog.talosintelligence.com/2019/11/political-malware.html (https://blog.talosintelligence.com/2019/11/political-malware.html)
Fake News in any form isn't any good.
As shown here, some for of fake news can even affect your security.
-
Rajarshi Gupta - Using Real AI to Protect Real Users (435M of Them) (https://www.youtube.com/embed/iRbRjePGmyA?rel=0&controls=1&showinfo=0" frameborder="0" allowfullscreen)
-
Rajarshi Gupta - Using Real AI to Protect Real Users (435M of Them) (https://www.youtube.com/embed/iRbRjePGmyA?rel=0&controls=1&showinfo=0" frameborder="0" allowfullscreen)
Very interesting :)
-
The November 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/11/12/the-november-2019-security-update-review
-
IPAS: November 2019 Intel Platform Update (IPU)
https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
-
TPM-Fail: TPM meets Timing and Lattice Attacks
http://tpm.fail/
http://tpm.fail/tpmfail.pdf
-
TA2101 plays government imposter to distribute malware to German, Italian, and US organizations
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us
-
IPAS: November 2019 Intel Platform Update (IPU)
https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago
https://www.nytimes.com/2019/11/12/technology/intel-chip-fix.html
-
Reminder: Malware Can Exploit Improper Configurations
https://www.us-cert.gov/ncas/current-activity/2019/11/15/reminder-malware-can-exploit-improper-configurations
-
APWG: Two-Thirds of all Phishing Sites Used SSL protection in Q3
https://info.phishlabs.com/blog/apwg-two-thirds-phishing-sites-ssl-https
-
Thousands of hacked Disney+ accounts are already for sale on hacking forums
https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/
-
Intel to remove old drivers and BIOS updates from its site by the end of the week
https://www.zdnet.com/article/intel-to-remove-old-drivers-and-bios-updates-from-its-site-by-the-end-of-the-week/
-
ACBackdoor: Analysis of a New Multiplatform Backdoor
https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/
-
Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/
-
The awaiting Roboto Botnet
https://blog.netlab.360.com/the-awaiting-roboto-botnet-en/
-
Facebook and Google’s pervasive surveillance poses an unprecedented danger to human rights
https://www.amnesty.org/en/press-releases/2019/11/google-facebook-surveillance-privacy/
https://www.amnesty.org/download/Documents/POL3014042019ENGLISH.PDF
-
Mispadu: Advertisement for a discounted Unhappy Meal
https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/
-
VNC vulnerability research
https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/
-
Trickbot Updates Password Grabber Module
https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/
-
Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
-
Ginp - A malware patchwork borrowing from Anubis
https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html
-
Insights from one year of tracking a polymorphic threat
https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/
-
Snapshot: Top 25 Most Dangerous Software Errors
https://www.dhs.gov/science-and-technology/news/2019/11/26/snapshot-top-25-most-dangerous-software-errors
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
-
Advanced Hacking Groups Keep Showing Up, Old Ones Evolve
https://www.bleepingcomputer.com/news/security/advanced-hacking-groups-keep-showing-up-old-ones-evolve/
-
International crackdown on RAT spyware which takes total control of victims’ PCs
https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spyware-which-takes-total-control-of-victims%E2%80%99-pcs
-
A decade of hacking: The most notable cyber-security events of the 2010s
https://www.zdnet.com/article/a-decade-of-hacking-the-most-notable-cyber-security-events-of-the-2010s/
-
New Chrome Password Stealer Sends Stolen Data to a MongoDB Database
https://www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/
-
The StrandHogg vulnerability
https://promon.co/security-news/strandhogg/
-
Spear phishing campaigns—they’re sharper than you think
https://www.microsoft.com/security/blog/2019/12/02/spear-phishing-campaigns-sharper-than-you-think/
-
30 506 internet domain names shut down for intellectual property infringement
https://www.europol.europa.eu/newsroom/news/30-506-internet-domain-names-shut-down-for-intellectual-property-infringement
-
Lazarus Group Goes 'Fileless'
https://objective-see.com/blog/blog_0x51.html
-
Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance
https://www.eff.org/wp/behind-the-one-way-mirror
-
GhostDNS Exploit Kit Strikes Back
https://decoded.avast.io/simonamusilova/ghostdns-exploit-kit-strikes-back/
-
Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
-
How Social Media Companies are Failing to Combat Inauthentic Behaviour Online
https://www.stratcomcoe.org/how-social-media-companies-are-failing-combat-inauthentic-behaviour-online
-
Snatch ransomware reboots PCs into Safe Mode to bypass protection
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
-
The December 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/12/10/the-december-2019-security-update-review
-
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
-
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
https://www.microsoft.com/security/blog/2019/12/12/multi-stage-downloader-trojan-sload-abuses-bits-almost-exclusively-for-malicious-activities/
-
Inside the Podcast that Hacks Ring Camera Owners Live on Air
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast
https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/
-
Inside the Podcast that Hacks Ring Camera Owners Live on Air
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast (https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast)
https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/ (https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/)
Secure your device by using 2 factor ID.
-
It’s called “F-You Money” for a reason: Why ISOC sold .ORG to VCs
https://easydns.com/blog/2019/12/06/its-called-f-you-money-for-a-reason-why-isoc-sold-org-to-vcs/
https://www.accessnow.org/why-us-congress-should-investigate-sale-of-org/
-
Intel Rapid Storage Technology Service - DLL Preloading and Potential Abuses CVE-2019-14568
https://safebreach.com/Post/Intel-Rapid-Storage-Technology-Service-DLL-Preloading-and-Potential-Abuses-CVE-2019-14568
-
Intel Rapid Storage Technology Service - DLL Preloading and Potential Abuses CVE-2019-14568
https://safebreach.com/Post/Intel-Rapid-Storage-Technology-Service-DLL-Preloading-and-Potential-Abuses-CVE-2019-14568 (https://safebreach.com/Post/Intel-Rapid-Storage-Technology-Service-DLL-Preloading-and-Potential-Abuses-CVE-2019-14568)
If this affects you, as it did me, download the update from here.
https://downloadcenter.intel.com/download/29094/Intel-Rapid-Storage-Technology-Intel-RST-User-Interface-and-Driver?product=55005
-
Mac threat detections on the rise in 2019
https://blog.malwarebytes.com/mac/2019/12/mac-threat-detections-on-the-rise-in-2019/
-
Dacls, the Dual platform RAT
https://blog.netlab.360.com/dacls-the-dual-platform-rat-en/
-
ConnectWise Control Abused Again to Deliver Zeppelin Ransomware
https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware
https://threatvector.cylance.com/en_us/home/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe.html
-
Inside the Podcast that Hacks Ring Camera Owners Live on Air
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast (https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast)
https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/ (https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/)
Secure your device by using 2 factor ID.
A Data Leak Exposed The Personal Information Of Over 3,000 Ring Users
https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users
https://techcrunch.com/2019/12/19/ring-doorbell-passwords-exposed/
-
It’s time to disconnect RDP from the internet
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
-
Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
(https://screencast-o-matic.com/screenshots/u/Lh/1577193779881-29257.png)
Not worth my time or information.
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.
-
New disclosures to our archive of state-backed information operations
https://blog.twitter.com/en_us/topics/company/2019/new-disclosures-to-our-archive-of-state-backed-information-operations.html
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.
Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.
Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
Since I am in the US, they want me to sign -in and hopefully subscribe. (Not going to happen. )
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.
Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
Since I am in the US, they want me to sign -in and hopefully subscribe. (Not going to happen. )
Even stranger, I would hve thought they would have been blocking content to those outside of the US or pushing a subscription.
-
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.
Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
Since I am in the US, they want me to sign -in and hopefully subscribe. (Not going to happen. )
If so, you should be able to circumvent it with ASL or HMA. ;)
-
Operation Wocao - Shining a light on one of China’s hidden hacking groups
https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf
-
The 12 weirdest cybersecurity stories of 2019
https://blog.avast.com/weirdest-cybersecurity-stories-of-2019
-
U.S. Navy bans TikTok from government-issued mobile devices
https://www.reuters.com/article/us-usa-tiktok-navy/u-s-navy-bans-tiktok-from-government-issued-mobile-devices-idUSKBN1YO2HU
-
One Nation, Tracked
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
-
Mozi, Another Botnet Using DHT
https://blog.netlab.360.com/mozi-another-botnet-using-dht/
-
Introducing BIOLOAD: FIN7 BOOSTWRITE’s Lost Twin
https://www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html
-
JackHammer: Efficient Rowhammer onHeterogeneous FPGA-CPU Platforms
https://arxiv.org/pdf/1912.11523.pdf
-
Google to end 'Double Irish, Dutch sandwich' tax scheme
https://www.reuters.com/article/us-google-taxes-netherlands/google-to-end-double-irish-dutch-tax-scheme-filing-idUSKBN1YZ10Z
-
Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools
https://www.bleepingcomputer.com/news/security/clop-ransomware-now-kills-windows-10-apps-and-3rd-party-tools/
-
Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation
-
Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining
https://labs.bitdefender.com/2020/01/hold-my-beer-mirai-spinoff-named-liquorbot-incorporates-cryptomining/
-
INTERPOL-led action takes aim at cryptojacking in Southeast Asia
https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-led-action-takes-aim-at-cryptojacking-in-Southeast-Asia
https://blog.trendmicro.com/interpol-collaboration-reduces-cryptojacking-by-78/
-
SHA-1 is a Shambles
https://sha-mbles.github.io/
https://eprint.iacr.org/2020/014.pdf
-
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
-
The Y2K bug is back, causing headaches for developers again
https://www.zdnet.com/article/the-y2k-bug-is-back-causing-headaches-for-developers-again/
-
United States government-funded phones come pre-installed with unremovable malware
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
-
PHA Family Highlights: Bread (and Friends)
https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html
-
The January 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/1/14/the-january-2020-security-update-review
-
IPAS: Security Advisories for January 2020
https://blogs.intel.com/technology/2020/01/ipas-security-advisories-for-january-2020-2/
-
Microsoft's Chain of Fools
https://blog.lessonslearned.org/chain-of-fools/
https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/
-
Critical Auth Bypass Vulnerability In InfiniteWP Client And WP Time Capsule
https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/
-
Microsoft's Chain of Fools
https://blog.lessonslearned.org/chain-of-fools/
https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/
Answers to 5 key questions about highly publicized NSA-Microsoft story
https://blog.avast.com/five-key-things-to-know-about-nsa-microsoft-issue
-
404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html
-
Fleeceware apps persist on the Play Store
https://news.sophos.com/en-us/2020/01/14/fleeceware-apps-persist-on-the-play-store/
-
Uncle Sam compensates you for data leaks (yeah, right)
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
-
Uncle Sam compensates you for data leaks (yeah, right)
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/ (https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/)
Not much different from most of these types of scams.
Offer something for little or nothing and watch the fish (succors) take the bait.
-
Answers to key questions on massive Telnet IoT data leak
https://blog.avast.com/qa-on-big-telnet-iot-data-leak
-
Evil Markets | Selling Access To Breached MSPs To Low-Level Criminals
https://www.sentinelone.com/blog/evil-markets-selling-access-to-breached-msps-to-low-level-criminals-2/
-
Threat Spotlight: Conversation Hijacking
https://blog.barracuda.com/2020/01/16/threat-spotlight-conversation-hijacking/
-
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html
-
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html
All those people with social network/media accounts are finding out (if they didn't know already) what you put online isn't private.
-
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html (https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html)
All those people with social network/media accounts are finding out (if they didn't know already) what you put online isn't private.
I'll take that comment one step further.
Anyone that's online and thinks they still have any privacy are mistaken.
That's especially true if you live in the US.
-
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html (https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html)
All those people with social network/media accounts are finding out (if they didn't know already) what you put online isn't private.
I'll take that comment one step further.
Anyone that's online and thinks they still have any privacy are mistaken.
That's especially true if you live in the US.
A step further, if you haven't been a bad boy (or girl) the police wouldn't be looking for you.
But then again we do still hear about miscarriages of justice.
-
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
-
AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964
-
Shlayer Trojan attacks one in ten macOS users
https://securelist.com/shlayer-for-macos/95724/
-
CacheOut - Leaking Data on Intel CPUs via Cache Evictions
https://cacheoutattack.com/
https://cacheoutattack.com/CacheOut.pdf
https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
-
RDP to RCE: When Fragmentation Goes Wrong
https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/
-
New 'I Got Phished' Service Alerts Companies of Phished Employees
https://www.bleepingcomputer.com/news/security/new-i-got-phished-service-alerts-companies-of-phished-employees/
https://igotphished.abuse.ch/
-
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
https://blog.morphisec.com/trickbot-uses-a-new-windows-10-uac-bypass
-
WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
https://blog.malwarebytes.com/threat-analysis/2020/01/woof-locker-stealthy-browser-locker-tech-support-scam/
-
The Adware Families That Changed the Antivirus Industry
https://www.bleepingcomputer.com/news/security/the-adware-families-that-changed-the-antivirus-industry/
-
Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access
https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/
-
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
-
Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses (CVE-2019-19705)
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
-
Living off another land: Ransomware borrows vulnerable driver to remove security software
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
-
Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
-
Emotet can spread to poorly secured Wi-Fi networks and computers on them
https://www.helpnetsecurity.com/2020/02/06/emotet-spread-wi-fi-networks/
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
-
Grave Vulnerabilities Discovered in Yealink‘s VoIP Services
https://www.heise.de/ct/artikel/Grave-Vulnerabilities-Discovered-in-Yealink-s-VoIP-Services-4654617.html
-
The February 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/2/11/the-february-2020-security-update-review
-
The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb
https://blog.checkpoint.com/2020/02/05/the-dark-side-of-smart-lighting-check-point-research-shows-how-business-and-home-networks-can-be-hacked-from-a-lightbulb/
-
IBM X-Force: Stolen Credentials and Vulnerabilities Weaponized Against Businesses in 2019
https://newsroom.ibm.com/2020-02-11-IBM-X-Force-Stolen-Credentials-and-Vulnerabilities-Weaponized-Against-Businesses-in-2019
-
'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws
https://www.vice.com/en_us/article/akw7mp/sloppy-mobile-voting-app-used-in-four-states-has-elementary-security-flaws
http://news.mit.edu/2020/voting-voatz-app-hack-issues-0213
https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf
-
Removing Coordinated Inauthentic Behavior From Russia, Iran, Vietnam and Myanmar
https://about.fb.com/news/2020/02/removing-coordinated-inauthentic-behavior/
-
SweynTooth Bug Collection Affects Hundreds of Bluetooth Products
https://www.bleepingcomputer.com/news/security/sweyntooth-bug-collection-affects-hundreds-of-bluetooth-products/
-
Mitigations are attack surface, too
https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html
-
North Korean Malicious Cyber Activity
https://www.us-cert.gov/northkorea
-
Malwarebytes 2020 State of Malware Report
https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf
-
Google pulls 500 malicious Chrome extensions after researcher tip-off
https://nakedsecurity.sophos.com/2020/02/17/google-pulls-500-malicious-chrome-extensions-after-researcher-tip-off/
https://duo.com/labs/research/crxcavator-malvertising-2020
-
PHP’s Labyrinth - Weaponized WordPress Themes & Plugins
https://blog.prevailion.com/2020/02/phps-labyrinth-weaponized-wordpress.html
-
Lookout Phishing AI provides an inside look into a phishing campaign targeting mobile banking users
https://blog.lookout.com/lookout-phishing-ai-reveals-mobile-banking-phishing-campaign
-
Hamas Android Malware On IDF Soldiers - This is How it Happened
https://research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/
-
Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
-
Multi-Perspective Validation Improves Domain Validation Security
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
-
IMP4GT: IMPersonation Attacks in 4G NeTworks
https://imp4gt-attacks.net/
https://imp4gt-attacks.net/media/imp4gt_camera_ready.pdf
-
Fox Kitten – Widespread Iranian Espionage-Offensive Campaign
https://www.clearskysec.com/fox-kitten/
https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf
-
Precise Location Information Leaking Through System Pasteboard
https://www.mysk.blog/2020/02/24/precise-location-information-leaking-through-system-pasteboard/
-
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
-
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
-
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
-
Raccoon: The Story of a Typical Infostealer
https://www.cyberark.com/threat-research-blog/raccoon-the-story-of-a-typical-infostealer/
-
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
They could warn you if your hardware needs updating.
-
Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server
https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/
-
CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys
https://www.zerodayinitiative.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys
-
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
They could warn you if your hardware needs updating.
Hmmm, maybe via WFI, but that would be something for the devs to answer/decide.
-
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
They could warn you if your hardware needs updating.
Hmmm, maybe via WFI, but that would be something for the devs to answer/decide.
I wanted the developers to answer. That's why I posted the question.
-
New Cyber Attack Campaign Leverages the COVID-19 Infodemic
https://blog.yoroi.company/research/new-cyber-attack-campaign-leverages-the-covid-19-infodemic/
-
2020 - Year of the RAT
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html
-
Ransomware Attackers Use Your Cloud Backups Against You
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
-
FBI lists cybercrime trends of 2019
https://blog.avast.com/ic3-2019-internet-crime-report-hot-topics-avast
https://pdf.ic3.gov/2019_IC3Report.pdf
-
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
https://blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows
-
Ghostcat - A high-risk file read/include vulnerability in Tomcat
https://www.chaitin.cn/en/ghostcat
-
Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
-
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html
-
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html
I don't know how much confidence I would have in this information coming out of China. There have been many instances of the reverse being reported.
-
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html (http://blogs.360.cn/post/APT-C-39_CIA_EN.html)
I don't know how much confidence I would have in this information coming out of China. There have been many instances of the reverse being reported.
When it comes to government spying, I would always suspect that the message would be slanted. It all depends on who's government is doing the spying.
-
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html (http://blogs.360.cn/post/APT-C-39_CIA_EN.html)
I don't know how much confidence I would have in this information coming out of China. There have been many instances of the reverse being reported.
When it comes to government spying, I would always suspect that the message would be slanted. It all depends on who's government is doing the spying.
Let's put it this way, the efforts are certainly bidirectional.
-
Mailto Ransomware under the skin of explorer.exe
https://blogs.quickheal.com/mailto-ransomware-hiding-under-explorer-exe/
-
670+ Subdomains of Microsoft are Vulnerable to Takeover (Lead to Account Takeover)
https://vullnerability.com/blog/microsoft-subdomain-account-takeover
-
The March 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/3/10/the-march-2020-security-update-review
-
New action to disrupt world’s largest online criminal network
https://blogs.microsoft.com/on-the-issues/2020/03/10/necurs-botnet-cyber-crime-disrupt/
-
Human-operated ransomware attacks: A preventable disaster
https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/
-
2020 Unit 42 IoT Threat Report
https://unit42.paloaltonetworks.com/iot-threat-report-2020/
-
Mokes and Buerak distributed under the guise of security certificates
https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/
-
Intel x86 Root of Trust: loss of trust
http://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
-
LVI - Hijacking Transient Execution with Load Value Injection
https://lviattack.eu/
https://lviattack.eu/lvi.pdf
-
TRRespass: Exploiting the Many Sides ofTarget Row Refresh
https://download.vusec.net/papers/trrespass_sp20.pdf
-
Tracking Turla: New backdoor delivered via Armenian watering holes
https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/
-
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
-
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
-
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Hi Bob, no idea, the link works fine here.
-
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Hi Bob, no idea, the link works fine here.
It apparently leads to Google Docs which doesn't open here.
Maybe a permission problem?
-
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Hi Bob, no idea, the link works fine here.
It apparently leads to Google Docs which doesn't open here.
Maybe a permission problem?
If you're interested in the paper, I can share it via Slack. Let me know...
-
That would work. (I really don't know if it's of interest till I see it.)
-
That would work. (I really don't know if it's of interest till I see it.)
Done. :)
-
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Works for me in the latest Firefox version, it opens in a new tab and is viewed as a PDF not as a download link. So it may depend on your browser settings for pdf files.
-
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Works for me in the latest Firefox version, it opens in a new tab and is viewed as a PDF not as a download link. So it may depend on your browser settings for pdf files.
Mine normally open without a problem directly in Chrome.
Asyn made it available to me via Slack. :) Thanks
-
The SIM highjackers: how criminals are stealing millions by highjacking phone numbers
https://www.europol.europa.eu/newsroom/news/sim-highjackers-how-criminals-are-stealing-millions-highjacking-phone-numbers
-
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings
-
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings (https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings)
I use ZOOM which encrypts everything. Each conference (presentation) has it's own unique invitation code.
-
APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
-
OWASP API Security Project
https://owasp.org/www-project-api-security/
-
Google Play Store Played Again – Tekya Clicker Hides in 24 Children’s Games and 32 Utility Apps
https://research.checkpoint.com/2020/google-play-store-played-again-tekya-clicker-hides-in-24-childrens-games-and-32-utility-apps/
-
They Come in the Night: Ransomware Deployment Trends
https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
-
WildPressure targets industrial-related entities in the Middle East
https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/
-
Hackers breach FSB contractor and leak details about IoT hacking project
https://www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/
-
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
-
New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer
https://labs.bitdefender.com/2020/03/new-router-dns-hijacking-attacks-abuse-bitbucket-to-host-infostealer/
-
COVID-19 Impact: Cyber Criminals Target Zoom Domains
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
https://blog.checkpoint.com/2020/03/26/whos-zooming-who-guidelines-on-how-to-use-zoom-safely/
https://www.bleepingcomputer.com/news/security/hackers-take-advantage-of-zooms-popularity-to-push-malware/
-
Identifying vulnerabilities and protecting you from phishing
https://blog.google/technology/safety-security/threat-analysis-group/identifying-vulnerabilities-and-protecting-you-phishing/amp/
-
CoViper locking down computers during lockdown
https://decoded.avast.io/janrubin/coviper-locking-down-computers-during-lockdown/
-
Would You Exchange Your Security for a Gift Card?
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
-
Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
-
The Vollgar Campaign: MS-SQL Servers Under Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
-
Automatic Uncovering of Hidden Behaviors FromInput Validation in Mobile Apps
https://panda.moyix.net/~moyix/papers/inputscope_oakland20.pdf
-
Webcam Hacking - The story of how I gained unauthorized Camera access on iOS and macOS
https://www.ryanpickren.com/webcam-hacking
-
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
-
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/ (https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/)
It would be nice when posting this type of information, that it be clearly marked
This Installer does not come directly from ZOOM.
Misleading headlines are worse than no news.
-
Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team
https://www.microsoft.com/security/blog/2020/04/02/full-operational-shutdown-another-cybercrime-case-microsoft-detection-and-response-team/
https://www.microsoft.com/security/blog/wp-content/uploads/2020/04/Case-study_Full-Operational-Shutdown.pdf
-
Microsoft Buys Corp.com So Bad Guys Can’t
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
-
New dark_nexus IoT Botnet Puts Others to Shame
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
-
Fingerprint cloning: Myth or reality?
https://blog.talosintelligence.com/2020/04/fingerprint-research.html
-
The April 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/4/14/the-april-2020-security-update-review
-
Intel Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2020/04/14/intel-releases-security-updates
-
Cloudflare drops Google's reCAPTCHA due to privacy concerns
https://www.bleepingcomputer.com/news/technology/cloudflare-drops-googles-recaptcha-due-to-privacy-concerns/
https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/
-
Zoom Endpoint-Security Considerations
https://dev.io/posts/zoomzoo/
-
Analysis of a WordPress Credit Card Swiper
https://blog.sucuri.net/2020/04/analysis-of-a-wordpress-credit-card-swiper.html
-
Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
-
Law enforcement and Microsoft come together to bust a major malware attack
https://news.microsoft.com/apac/features/law-enforcement-and-microsoft-come-together-to-bust-a-major-malware-attack-in-taiwan/
-
Announcing the Results of the 1.1.1.1 Public DNS Resolver Privacy Examination
https://blog.cloudflare.com/announcing-the-results-of-the-1-1-1-1-public-dns-resolver-privacy-examination/
https://www.cloudflare.com/resources/assets/slt3lc6tev37/5xlHCvvNBrvrIoWbuk1vTy/e1058b0d366adf4e983aef99a6ed2a1f/Cloudflare_1.1.1.1_Public_Resolver_Report_-_03302020__2_.pdf
-
New AgentTesla variant steals WiFi credentials
https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
-
Deserialization Attacks in .Net Games
https://www.modzero.com/modlog/archives/2020/04/17/deserialization_attacks_in__net_games/index.html
-
"I'll ask your body": SMBGhost pre-auth RCE abusing Direct Memory Access structs
https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
-
You’ve Got (0-click) Mail!
https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/
-
Exploiting (Almost) Every Antivirus Software
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
-
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
-
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
-
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
Yes, but unfortunately the basic problem persists...
The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.
-
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html (https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html)
From reading this article it would appear MS has already implemented a fix:
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
Yes, but unfortunately the basic problem persists...
The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.
This also doesn't mention the fact that Microsoft is very busy changing the whole way Windows will be updated in the future.
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
-
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
-
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
-
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
Well, if so, you should know that your comment "headline sensationalized to grab attention" is totally wrong.
-
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
You're entitled to your opinion.
Well, if so, you should know that your comment "headline sensationalized to grab attention" is totally wrong.
-
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
Yes, but unfortunately the basic problem persists...
The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.
Well that for me just confirms what I said, how can the problem still exist if the CVE-2020-0981 (that they have mentioned twice now) was released in the April 2020 updates.
MS issued a fix(CVE-2020-0981) and your additional comments just conforms this (Forshaw reported this and confirms the same (CVE-2020-0981) fix. This is just sort of recycling old news, so that exploit shouldn't be possible if said browser sandboxes that use the win10 sandbox token/s.
As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
-
As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
There's also macOS/Linux/Android/iOS or even Win7/8/8.1 (if you prefer MS).
-
Shade Ransomware shuts down, releases 750K decryption keys
https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/
-
As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
There's also macOS/Linux/Android/iOS or even Win7/8/8.1 (if you prefer MS).
For me that is crazy, switching OS for a browser related issue, changing your whole way of working. Not to mention it would probably require a complete reinstall on your system, even if you tried using a Virtual OS on that system. But that also be vulnerable to the Host system vulnerabilities (I've never installed a virtual OS).
The Mac OS isn't without its issues as has been recently under the spotlight. As for falling back to an older windows OS, who is to say that the same vulnerability isn't in that old code also.
And finally, this issue has had this vulnerability closed, with older OSes about to reach end of life/support (Win7) they aren't normally going to receive these patches.
-
1. For me that is crazy, switching OS for a browser related issue, changing your whole way of working. Not to mention it would probably require a complete reinstall on your system, even if you tried using a Virtual OS on that system. But that also be vulnerable to the Host system vulnerabilities (I've never installed a virtual OS).
2. The Mac OS isn't without its issues as has been recently under the spotlight. As for falling back to an older windows OS, who is to say that the same vulnerability isn't in that old code also.
3. And finally, this issue has had this vulnerability closed, with older OSes about to reach end of life/support (Win7) they aren't normally going to receive these patches.
OK, this is my last reply regarding this issue, as I'm not planning to turn this into a discusson thread. ;)
1. Agreed Dave, and I doubt many (if any) will switch OS because of that.
2. I won't comment on macOS, but regarding Windows only W10 is affected.
3. No patches needed for older Win OS.
-
1. For me that is crazy, switching OS for a browser related issue, changing your whole way of working. Not to mention it would probably require a complete reinstall on your system, even if you tried using a Virtual OS on that system. But that also be vulnerable to the Host system vulnerabilities (I've never installed a virtual OS).
2. The Mac OS isn't without its issues as has been recently under the spotlight. As for falling back to an older windows OS, who is to say that the same vulnerability isn't in that old code also.
3. And finally, this issue has had this vulnerability closed, with older OSes about to reach end of life/support (Win7) they aren't normally going to receive these patches.
OK, this is my last reply regarding this issue, as I'm not planning to turn this into a discusson thread. ;)
1. Agreed Dave, and I doubt many (if any) will switch OS because of that.
2. I won't comment on macOS, but regarding Windows only W10 is affected.
3. No patches needed for older Win OS.
Discussions is what makes this forum what it is. These TWEET like posts are what are misleading.
-
Discussions is what makes this forum what it is.
Feel free to start a new topic for (further) discussion.
-
Tag Barnakle: The Malvertiser That Hacks Revive Ad Servers, Redirects Victims To Malware
https://blog.confiant.com/tag-barnakle-the-malvertiser-that-hacks-revive-ad-servers-redirects-victims-to-malware-50cdc57435b1
-
Studying How Cybercriminals Prey on the COVID-19 Pandemic
https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/
-
Hiding in plain sight: PhantomLance walks into a market
https://securelist.com/apt-phantomlance/96772/
-
30,000 Percent Increase in COVID-19-Themed Attacks
https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks
-
30,000 Percent Increase in COVID-19-Themed Attacks
https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks (https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks)
Did anyone really expect anything less?
-
30,000 Percent Increase in COVID-19-Themed Attacks
https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks (https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks)
Did anyone really expect anything less?
Yep.
I expected 29,474 percent.
-
Lucy’s Back: Ransomware Goes Mobile
https://research.checkpoint.com/2020/lucys-back-ransomware-goes-mobile/
-
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
-
The 2020 URL Querystring Data Leaks — Millions of User Emails Leaking from Popular Websites to Advertising & Analytics Companies
https://medium.com/@thezedwards/the-2020-url-querystring-data-leaks-millions-of-user-emails-leaking-from-popular-websites-to-39a09d2303d2
-
Victory! ICANN Rejects .ORG Sale to Private Equity Firm Ethos Capital
https://www.eff.org/deeplinks/2020/04/victory-icann-rejects-org-sale-private-equity-firm-ethos-capital
https://www.icann.org/news/blog/icann-board-withholds-consent-for-a-change-of-control-of-the-public-interest-registry-pir
-
Remembering the ILOVEYOU virus twenty years later
https://blog.avast.com/security-experts-give-thoughts-on-iloveyou-virus-20-years-later-avast
-
Fuzzing ImageIO
https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html
-
EventBot: A New Mobile Banking Trojan is Born
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born
-
EventBot: A New Mobile Banking Trojan is Born
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born (https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born)
https://youtu.be/z9Nx9_v8wyU
-
First seen in the wild – Malware uses Corporate MDM as attack vector
https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/
-
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/
-
“Psychic Paper” - These aren’t the droids you’re looking for
https://siguza.github.io/psychicpaper/
-
Nearly a Million WP Sites Targeted in Large-Scale Attacks
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/
-
The May 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/5/12/the-may-2020-security-update-review
-
Tales From the Trenches; a Lockbit Ransomware Story
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/
-
Naikon APT: Cyber Espionage Reloaded
https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/
-
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia/
-
Changes in REvil ransomware version 2.2
https://blog.intel471.com/2020/05/04/changes-in-revil-ransomware-version-2-2/
-
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
-
Thunderspy - When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
https://thunderspy.io/
https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf
-
Top 10 Routinely Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
https://www.us-cert.gov/sites/default/files/publications/AA20-133A_Top_10_Routinely_Exploited_Vulnerabilities_S508C.pdf
-
COMpfun authors spoof visa application with HTTP status-based Trojan
https://securelist.com/compfun-http-status-based-trojan/96874/
-
ATT&CKing ProLock Ransomware
https://www.group-ib.com/blog/prolock
-
GhostDNS Source Code Leaked
https://decoded.avast.io/simonamusilova/ghostdns-source-code-leaked/
-
Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
-
WordPress Malware Collects Sensitive WooCommerce Data
https://blog.sucuri.net/2020/05/wordpress-malware-collects-sensitive-woocommerce-data.html
-
RATicate: an attacker’s waves of information-stealing malware
https://news.sophos.com/en-us/2020/05/14/raticate/
-
Ragnar Locker ransomware deploys virtual machine to dodge security
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ (https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/)
Using a virtual machine to bypass computer security. Sneaky.
-
QNodeService: Node.js Trojan Spread via Covid-19 Lure
https://blog.trendmicro.com/trendlabs-security-intelligence/qnodeservice-node-js-trojan-spread-via-covid-19-lure/
-
European supercomputers hacked in mysterious cyberattacks
https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/
https://atdotde.blogspot.com/2020/05/high-performance-hackers.html
-
European supercomputers hacked in mysterious cyberattacks
https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/ (https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/)
https://atdotde.blogspot.com/2020/05/high-performance-hackers.html (https://atdotde.blogspot.com/2020/05/high-performance-hackers.html)
Sounds like Super Computers forgot about needing Super Protection.:)
-
European supercomputers hacked in mysterious cyberattacks
https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/ (https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/)
https://atdotde.blogspot.com/2020/05/high-performance-hackers.html (https://atdotde.blogspot.com/2020/05/high-performance-hackers.html)
Sounds like Super Computers forgot about needing Super Protection.:)
Well said Bob. 8)
-
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
-
No “Game over” for the Winnti Group
https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
-
ZLoader Loads Again: New ZLoader Variant Returns
https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns
-
No “Game over” for the Winnti Group
https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ (https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/)
So it looks like the group responsible for the attack on Ccleaner some years ago,
is still active. That's not good news.
-
StrandHogg 2.0 - The ‘evil twin’
https://promon.co/strandhogg-2-0/
-
What is port scanning and why is eBay doing it on my computer?
https://blog.avast.com/why-is-ebay-port-scanning-my-computer-avast
https://nullsweep.com/why-is-this-website-port-scanning-me/
-
The Evolution of APT15’s Codebase 2020
https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/
-
What is port scanning and why is eBay doing it on my computer?
https://blog.avast.com/why-is-ebay-port-scanning-my-computer-avast
https://nullsweep.com/why-is-this-website-port-scanning-me/
List of well-known web sites that port scan their visitors
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
https://docs.google.com/spreadsheets/d/1Nu4lpyZ5PQUIpiLJBddXnr67t5-1y0u40dzyzSYj1gc/edit#gid=0
-
From Agent.BTZ to ComRAT v4: A ten‑year journey
https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/
https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
-
Netgear Nighthawk Firmware Update Vulnerability
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
-
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
https://www.nebelwelt.net/files/20SEC3.pdf
-
High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites
https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/
-
Introducing Blue Mockingbird
https://redcanary.com/blog/blue-mockingbird-cryptominer/
-
The Octopus Scanner Malware: Attacking the open source supply chain
https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
-
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module
https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/
-
Malvertising, Site Compromise, And A Status Report On Drive-by Downloads
https://blog.confiant.com/malvertising-site-compromise-and-a-status-report-on-drive-by-downloads-c127e16e57d7
-
Valak: More than Meets the Eye
https://www.cybereason.com/blog/valak-more-than-meets-the-eye
-
What is port scanning and why is eBay doing it on my computer?
https://blog.avast.com/why-is-ebay-port-scanning-my-computer-avast
https://nullsweep.com/why-is-this-website-port-scanning-me/
List of well-known web sites that port scan their visitors
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
https://docs.google.com/spreadsheets/d/1Nu4lpyZ5PQUIpiLJBddXnr67t5-1y0u40dzyzSYj1gc/edit#gid=0
uBlock Origin ad blocker now blocks port scans on most sites
https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/
-
Steganography in targeted attacks on industrial enterprises
https://ics-cert.kaspersky.com/reports/2020/05/28/steganography-in-targeted-attacks-on-industrial-enterprises/
-
Threat Spotlight: Tycoon Ransomware Targets Education and Software Sectors
https://blogs.blackberry.com/en/2020/06/threat-spotlight-tycoon-ransomware-targets-education-and-software-sectors
-
Ransomware gangs team up to form extortion cartel
https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/
https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/
-
Scammers are optimizing SEO results to lure victims
https://blog.avast.com/scammers-using-seo-to-lure-victims-avast
-
The June 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/6/9/the-june-2020-security-update-review
-
Cycldek: Bridging the (air) gap
https://securelist.com/cycldek-bridging-the-air-gap/97157/
-
Stealthworker: Golang-based brute force malware still an active threat
https://blogs.akamai.com/sitr/2020/06/stealthworker-golang-based-brute-force-malware-still-an-active-threat.html
-
REvil Ransomware Gang Starts Auctioning Victim Data
https://krebsonsecurity.com/2020/06/revil-ransomware-gang-starts-auctioning-victim-data/
-
TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new
-
Phorphiex/Trik Botnet Delivers Avaddon Ransomware
https://appriver.com/resources/blog/june-2020/phorphiextrik-botnet-delivers-avaddon-ransomware
-
CallStranger (CVE-2020-12695)
Data Exfiltration & Reflected Amplified TCP DDOS & Port Scan via UPnP SUBSCRIBE Callback
https://callstranger.com/
https://github.com/yunuscadirci/CallStranger
-
Gamaredon group grows its game
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
-
The Impending Doom of Expiring Root CAs and Legacy Clients
https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
-
New Ransomware-as-a-Service Tool ‘Thanos’ Shows Connections to ‘Hakbit’
https://www.recordedfuture.com/thanos-ransomware-builder/
https://go.recordedfuture.com/hubfs/reports/cta-2020-0610.pdf
-
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/
-
Valak Malware and the Connection to Gozi Loader ConfCrew
https://labs.sentinelone.com/valak-malware-and-the-connection-to-gozi-loader-confcrew/
-
The secret life of GPS trackers (2/2)
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/
-
The secret life of GPS trackers (2/2)
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/ (https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/)
Thanks Martin for another great piece of research.
I also remember how Martin Hron showed off the dangers of unsecured smart devices.
https://youtu.be/U9a31iUk-Dw (https://youtu.be/U9a31iUk-Dw)
-
Unsecured databases attacked 18 times per day by hackers
https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/
-
Lamphone - Real-Time Passive Sound Recovery from Light Bulb Vibrations
https://www.nassiben.com/lamphone
https://eprint.iacr.org/2020/708.pdf
-
Vulnerability Analysis of 2500 Docker Hub Images
https://arxiv.org/pdf/2006.02932.pdf
-
Ripple20 - 19 Zero-Day Vulnerabilities Amplified by the Supply Chain
https://www.jsof-tech.com/ripple20/
-
HiddenAds campaign on Play Store with 15M+ downloads discovered by Avast
https://blog.avast.com/avast-discovers-47-android-adware-apps-avast
https://decoded.avast.io/jakubvavra/hiddenads-up-to-no-good-again-and-spreading-via-android-gaming-apps/
-
CrystalBit / Apple Double DLL Hijack -- From fraudulent software bundle downloads to an evasive miner raging campaign
https://blog.morphisec.com/crystalbit-apple-double-dll-hijack
-
Qbot Banking Trojan Still Up to Its Old Tricks
https://www.f5.com/labs/articles/threat-intelligence/qbot-banking-trojan-still-up-to-its-old-tricks
-
Digging up InvisiMole’s hidden arsenal
https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/
-
Hiding In Plain Sight
https://blog.huntresslabs.com/hiding-in-plain-sight-556469e0a4e
-
Oracle’s BlueKai tracks you across the web. That data spilled online - Billions of records exposed.
https://techcrunch.com/2020/06/19/oracle-bluekai-web-tracking/
-
Exfiltrating User’s Private Data Using Google Analytics to Bypass CSP
https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
-
Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos
-
Inside a TrickBot Cobalt Strike Attack Server
https://labs.sentinelone.com/inside-a-trickbot-cobaltstrike-attack-server/
-
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
-
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
-
Ripple20 - 19 Zero-Day Vulnerabilities Amplified by the Supply Chain
https://www.jsof-tech.com/ripple20/
List of Ripple20 vulnerability advisories, patches, and updates
https://www.bleepingcomputer.com/news/security/list-of-ripple20-vulnerability-advisories-patches-and-updates/
-
Defending Exchange servers under attack
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
-
Hijacking DLLs in Windows
https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
-
WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
-
Home Router Security Report 2020
https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
-
Living Off Windows Land – A New Native File “downldr”
https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/
-
Alina Point of Sale Malware Still Lurking in DNS
https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/
-
Try2Cry: Ransomware tries to worm
https://www.gdatasoftware.com/blog/2020/07/36200-ransomware-tries-to-worm
-
Mobile APT Surveillance Campaigns Targeting Uyghurs
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
-
North Korean hackers are skimming US and European shoppers
https://sansec.io/research/north-korea-magecart
-
TAU Threat Discovery: Conti Ransomware
https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/
-
More evil: A deep look at Evilnum and its toolset
https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
-
New Joker variant hits Google Play with an old trick
https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/
-
The July 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/7/14/the-july-2020-security-update-review
-
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
https://www.advanced-intel.com/post/the-dark-web-of-intrigue-how-revil-used-the-underground-ecosystem-to-form-an-extortion-cartel
-
Police Surveilled George Floyd Protests With Help From Twitter-Affiliated Startup Dataminr
https://theintercept.com/2020/07/09/twitter-dataminr-police-spy-surveillance-black-lives-matter-protests/
-
GoldenSpy Chapter 4: GoldenHelper Malware Embedded in Official Golden Tax Software
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
-
Police Surveilled George Floyd Protests With Help From Twitter-Affiliated Startup Dataminr
https://theintercept.com/2020/07/09/twitter-dataminr-police-spy-surveillance-black-lives-matter-protests/
Thank you, Asyn, for the repost :)
-
It’s baaaack: Public cyber enemy Emotet has returned
https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/
-
TrickBot Group Launches Test Module Alerting on Fraud Activity
https://www.advanced-intel.com/post/trickbot-group-launches-test-module-alerting-on-fraud-activity
-
Welcome Chat as a secure messaging app? Nothing could be further from the truth
https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
-
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
-
BlackRock - the Trojan that wanted to get them all
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
-
New Research Exposes Iranian Threat Group Operations
https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/
-
Worm War: The Botnet Battle for IoT Territory
https://documents.trendmicro.com/assets/white_papers/wp-worm-war-the-botnet-battle-for-iot-territory.pdf
-
The Microsoft Police State: Mass Surveillance, Facial Recognition, and the Azure Cloud
https://theintercept.com/2020/07/14/microsoft-police-state-mass-surveillance-facial-recognition/
-
The Microsoft Police State: Mass Surveillance, Facial Recognition, and the Azure Cloud
https://theintercept.com/2020/07/14/microsoft-police-state-mass-surveillance-facial-recognition/
Big brother is alive and well ;)
I can't remember the name but several years ago there was a futuristic TV program (and a man's fight against it) involving a system able to monitor people, phone calls and electronic activity to find and identify individuals.
-
How scammers are hiding their phishing trips in public clouds
https://blog.checkpoint.com/2020/07/21/how-scammers-are-hiding-their-phishing-trips-in-public-clouds/
-
Shadow Attacks: Hiding and Replacing Content in Signed PDFs (July 2020)
https://pdf-insecurity.org/index.html
https://pdf-insecurity.org/signature-shadow/evaluation_2020.html
https://pdf-insecurity.org/download/report-pdf-signatures-2020-03-02.pdf
-
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
-
A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs
https://www.zdnet.com/article/a-vigilante-is-sabotaging-the-emotet-botnet-by-replacing-malware-payloads-with-gifs
-
Prometei botnet and its quest for Monero
https://blog.talosintelligence.com/2020/07/prometei-botnet-and-its-quest-for-monero.html
-
Ensiko: A Webshell With Ransomware Capabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshell-with-ransomware-capabilities/
-
Lazarus on the hunt for big game
https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
-
Watch Your Containers: Doki Infecting Docker Servers in the Cloud
https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
-
Telling China’s Story: The Chinese Communist Party’s Campaign to Shape Global Narratives
https://fsi-live.s3.us-west-1.amazonaws.com/s3fs-public/sio-china_story_white_paper-final.pdf
-
CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data
https://medium.com/@mattshockl/cve-2020-9934-bypassing-the-os-x-transparency-consent-and-control-tcc-framework-for-4e14806f1de8
-
UAC bypass via dll hijacking and mock directories
http://daniels-it-blog.blogspot.com/2020/07/uac-bypass-via-dll-hijacking-and-mock.html
-
Take a “NetWalk” on the Wild Side
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side
-
Malware Analysis Report (AR20-216A)
MAR-10292089-1.v1 – Chinese Remote Access Trojan: TAIDOOR
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a
-
WastedLocker’s techniques point to a familiar heritage
https://news.sophos.com/en-us/2020/08/04/wastedlocker-techniques-point-to-a-familiar-heritage/
-
What to do about the BootHole vulnerability
https://blog.avast.com/an-overview-of-the-boothole-vulnerability-avast
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
-
What to do about the BootHole vulnerability
https://blog.avast.com/an-overview-of-the-boothole-vulnerability-avast (https://blog.avast.com/an-overview-of-the-boothole-vulnerability-avast)
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ (https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/)
There's nothing to do till sometime next year.
-
The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks
https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks/
-
The August 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/8/11/the-august-2020-security-update-review
-
Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
-
Rogue Automation - Vulnerable and Malicious Code in Industrial Programming
https://documents.trendmicro.com/assets/white_papers/wp-rogue-automation-vulnerable-and-malicious-code-in-industrial-programming.pdf
-
Thoughts on the Clean Network program
https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152
https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/
-
Thoughts on the Clean Network program
https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152 (https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152)
https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/ (https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/)
I guess it all depends on your stance on how secure your data is when it travels via the China internet highway.
-
Thoughts on the Clean Network program
https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152 (https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152)
https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/ (https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/)
I guess it all depends on your stance on how secure your data is when it travels via the China internet highway.
For me when Governments get involved with technical security solutions I fear all is already lost.
If the UK Government is anything to go by, their competency with information technology projects doesn't bode well.
Often what is promised:
According to the brief, the program’s aim is “guarding our citizens’ privacy and our companies’ most sensitive information”.
Comes with underlying/hidden issues as this article suggests.
-
Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
-
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/
-
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?
-
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?
Microsoft it would appear (just can't kill it, too much history) :D
-
Agent Tesla | Old RAT Uses New Tricks to Stay on Top
https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/
-
Color by numbers: inside a Dharma ransomware-as-a-service attack
https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-ransomware-as-a-service-attack/
-
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?
Microsoft it would appear (just can't kill it, too much history) :D
Latest info: https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge
-
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?
Microsoft it would appear (just can't kill it, too much history) :D
Latest info: https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge (https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge)
I turned off IE11 some months back. Luckily I'm not running any software that depended on IE11.
additional information, https://www.askvg.com/microsoft-to-retire-internet-explorer-and-legacy-microsoft-edge-web-browsers-soon/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+AskVG+%28AskVG%29 (https://www.askvg.com/microsoft-to-retire-internet-explorer-and-legacy-microsoft-edge-web-browsers-soon/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+AskVG+%28AskVG%29)
-
Exposing and Circumventing China's Censorship of ESNI
https://geneva.cs.umd.edu/posts/china-censors-esni/esni/
-
Mekotio: These aren’t the security updates you’re looking for…
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
-
Russian GRU 85th GTsSS Deploys Previously Undisclosed DrovorubMalware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
-
Call Me Maybe: Eavesdropping Encrypted LTE Calls With ReVoLTE
https://revolte-attack.net/
https://revolte-attack.net/media/revolte_camera_ready.pdf
https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte/
-
GlueBall: The story of CVE-2020–1464
https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
-
Facebook Braces Itself for Trump to Cast Doubt on Election Results
https://www.nytimes.com/2020/08/21/technology/facebook-trump-election.html
-
Facebook Braces Itself for Trump to Cast Doubt on Election Results
https://www.nytimes.com/2020/08/21/technology/facebook-trump-election.html (https://www.nytimes.com/2020/08/21/technology/facebook-trump-election.html)
Technical or political?
-
HTML smuggling explained
https://outflank.nl/blog/2018/08/14/html-smuggling-explained/
-
Lucifer’s Spawn
https://www.netscout.com/blog/asert/lucifers-spawn
-
Malware Analysis Report (AR20-232A)
MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
-
New Vulnerability Could Put IoT Devices at Risk
https://securityintelligence.com/posts/new-vulnerability-could-put-iot-devices-at-risk/
-
Flaws in DVB-T2 set-top boxes exposed
https://decoded.avast.io/vladislaviliushin/flaws-in-dvb-t2-set-top-boxes-exposed/
-
FritzFrog: A New Generation of Peer-to-Peer Botnets
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
-
The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
-
2020 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html
-
Mailto: Me Your Secrets.
On Bugs and Features in Email End-to-End Encryption
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
-
Lazarus Group Campaign Targeting The Cryptocurrency Vertical
https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report.pdf
-
Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties
https://abss.me/posts/fcm-takeover/
-
Remembering hardware and cyberattacks from the 1980s
https://blog.avast.com/best-hardware-80s-avast
-
An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods
https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
-
Lemon_Duck cryptominer targets cloud apps & Linux
https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
-
Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html
-
FritzFrog: A New Generation of Peer-to-Peer Botnets
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Beware of FritzFrog, a nasty piece of malware
https://blog.avast.com/beware-of-fritzfrog-malware-avast
-
In the wild QNAP NAS attacks
https://blog.netlab.360.com/in-the-wild-qnap-nas-attacks-en/
-
KryptoCibule: The multitasking multicurrency cryptostealer
https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/
-
Who Is PIONEER KITTEN?
https://www.crowdstrike.com/blog/who-is-pioneer-kitten/
-
The September 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/9/8/the-september-2020-security-update-review
-
700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
-
Hiding In Plain Sight
https://blog.huntresslabs.com/hiding-in-plain-sight-556469e0a4e
Hiding in Plain Sight || Part 2
https://blog.huntresslabs.com/hiding-in-plain-sight-part-2-dfec817c036f
-
TERRACOTTA Android Malware: A Technical Study
https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study
-
How Facebook and Other Sites Manipulate Your Privacy Choices
https://www.wired.com/story/facebook-social-media-privacy-dark-patterns/
-
Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
https://unit42.paloaltonetworks.com/thanos-ransomware/
-
Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
-
Who is calling? CDRThief targets Linux VoIP softswitches
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
-
Lock Like a Pro: Dive in Recent ProLock's
https://www.group-ib.com/blog/prolock_evolution
-
Complex obfuscation? Meh… (1/2)
https://decoded.avast.io/janrubin/complex-obfuscation-meh/
-
700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
Attackers Fight for Control of Sites Targeted in File Manager Vulnerability
https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/
-
Testing IP Camera Account Security
https://decoded.avast.io/markozbirka/testing-ip-camera-account-security/
-
New cyberattacks targeting U.S. elections
https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/
-
New cyberattacks targeting U.S. elections
https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ (https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/)
Equal opportunity attackers.
-
Blox Tales #15: Credential Phishing Attack Performs Real-Time Active Directory (AD) Authentication
https://www.armorblox.com/blog/blox-tales-credential-phishing-attack-performs-real-time-active-directory-authentication/
-
Not for higher education: cybercriminals target academic & research institutions across the world
https://blog.checkpoint.com/2020/09/15/not-for-higher-education-cybercriminals-target-academic-research-institutions-across-the-world/
-
UEFI Secure Boot Customization
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
-
Maze attackers adopt Ragnar Locker virtual machine technique
https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/
-
Mobile (Private) Contact Discovery
https://contact-discovery.github.io/
https://www.heise.de/downloads/18/2/9/7/0/4/5/9/preprint.pdf
-
Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
-
The Fresh Smell of ransomed coffee
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/
-
The Fresh Smell of ransomed coffee
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/
I got a feeling of deja-vu when checking this out. I'm sure we have had a very similar article about this more than a year ago. Which basically smart devices aren't to smart. But surely the hacker would have to be in close proximity to do this surely.
I would suggest that Avast also look at so called Smart Meters, reporting your energy use. They could well have the same insecurity issue, though don't have the same display for the user in the same way as the Coffee machine, but there is a user display to show energy use.
-
The Fresh Smell of ransomed coffee
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/
1. I got a feeling of deja-vu when checking this out. I'm sure we have had a very similar article about this more than a year ago. Which basically smart devices aren't to smart. But surely the hacker would have to be in close proximity to do this surely.
2. I would suggest that Avast also look at so called Smart Meters, reporting your energy use. They could well have the same insecurity issue, though don't have the same display for the user in the same way as the Coffee machine, but there is a user display to show energy use.
1. That's right Dave, seems Martin loves to hack coffee machines. ;D
2. Agreed, that would be quite interesting. The security of Smart Meters is an ongoing discussion here.
-
Attackers are abusing Google’s App Engine to circumvent Enterprise Security Solutions…Again!
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
-
Attackers are abusing Google’s App Engine to circumvent Enterprise Security Solutions…Again!
<snip url>
I'm not sure that this article doesn't go into too much detail as to become a training exercise for wannabe malware script kids.
-
APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/
-
#Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
-
The Initial Access Broker’s Toolbox – Remote Monitoring and Management
https://ke-la.com/the-initial-access-brokers-toolbox-remote-monitoring-and-management/
-
Big Game Hunting: Now in Russia
https://www.group-ib.com/blog/oldgremlin
-
Does custom firmware jeopardize the security of gaming consoles?
https://decoded.avast.io/vladislaviliushin/does-custom-firmware-jeopardize-the-security-of-gaming-consoles/
-
Microsoft Security — detecting empires in the cloud
https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/
-
ThunderX ransomware: analysis and a free decryptor!
https://www.tesorion.nl/en/thunderx-ransomware-analysis-and-a-free-decryptor/
-
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
-
APT‑C‑23 group evolves its Android spyware
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/
-
Evasive URLs in Spam: Part 2
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-urls-in-spam-part-2/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-urls-in-spam/
-
MosaicRegressor: Lurking in the Shadows of UEFI
https://securelist.com/mosaicregressor/98849/
-
Black-T: New Cryptojacking Variant from TeamTnT
https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/
-
Global Surges in Ransomware Attacks
https://blog.checkpoint.com/2020/10/06/study-global-rise-in-ransomware-attacks/
-
Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
-
New pastebin-like service used in multiple malware campaigns
https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns
-
Release the Kraken: Fileless injection into Windows Error Reporting service
https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/
-
Crouching T2, Hidden Danger
https://ironpeak.be/blog/crouching-t2-hidden-danger/
-
The October 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/10/13/the-october-2020-security-update-review
-
Somewhere over the RAINBOW(MIX)
https://www.whiteops.com/blog/somewhere-over-the-rainbowmix
-
FakeMBAM: Backdoor delivered through software updates
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
-
Attacks Aimed at Disrupting the Trickbot Botnet
https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/trickbot-botnet-ransomware-disruption
https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/
-
We Hacked Apple for 3 Months: Here’s What We Found
https://samcurry.net/hacking-apple/
-
Code execution via the Windows Update client (wuauclt)
https://dtm.uk/wuauclt/
-
Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux
https://news.sophos.com/en-us/2020/10/13/top-reason-to-apply-october-2020s-microsoft-patches-ping-of-death-redux/
-
US indicts Russian GRU 'Sandworm' hackers for NotPetya, worldwide attacks
https://www.bleepingcomputer.com/news/security/us-indicts-russian-gru-sandworm-hackers-for-notpetya-worldwide-attacks/
-
Attacks Aimed at Disrupting the Trickbot Botnet
https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/trickbot-botnet-ransomware-disruption
https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/
An update on disruption of Trickbot
https://blogs.microsoft.com/on-the-issues/2020/10/20/trickbot-ransomware-disruption-update/
-
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
https://www.advanced-intel.com/post/front-door-into-bazarbackdoor-stealthy-cybercrime-weapon
-
Plug'nPwn - Connect to Jailbreak
https://blog.t8012.dev/plug-n-pwn/
-
Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
-
Are You Still Running End-of-Life Windows Servers?
https://blog.rapid7.com/2020/10/19/are-you-still-running-end-of-life-windows-servers/
-
LockBit uses automated attack tools to identify tasty targets
https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/
-
Data exfiltration via IPv6
https://blog.avast.com/data-exfiltration-via-ipv6-avast
-
Maze ransomware is shutting down its cybercrime operation
https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/
-
Apple notarizes new Mac malware… again
https://www.intego.com/mac-security-blog/apple-notarizes-new-mac-malware-again/
-
New RAT malware gets commands via Discord, has ransomware feature
https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/
-
Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity
-
Maze ransomware is shutting down its cybercrime operation
https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/
Maze ransomware shuts down operations, denies creating cartel
https://www.bleepingcomputer.com/news/security/maze-ransomware-shuts-down-operations-denies-creating-cartel/
-
Malware Analysis Report (AR20-303A) - MAR-10310246-2.v1 – PowerShell Script: ComRAT
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a
-
In a first, researchers extract secret key used to encrypt Intel CPU code
https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/
-
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
https://unit42.paloaltonetworks.com/domain-parking/
-
New RegretLocker ransomware targets Windows virtual machines
https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/
-
QBot Trojan delivered via malspam campaign exploiting US election uncertainties
https://blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/
-
Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
https://isc.sans.edu/diary/26752
-
Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
https://blogs.juniper.net/en-us/threat-research/gitpaste-12
-
The November 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/11/10/the-november-2020-security-update-review
-
Ransomware Alert: Pay2Key
https://research.checkpoint.com/2020/ransomware-alert-pay2key/
-
RansomEXX Trojan attacks Linux systems
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
-
Complex obfuscation? Meh… (1/2)
https://decoded.avast.io/janrubin/complex-obfuscation-meh/
Password stealer in Delphi? Meh… (2/2)
https://decoded.avast.io/janrubin/meh-2-2/
-
Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-
-
PLATYPUS - With Great Power comes Great Leakage
https://platypusattack.com/
https://platypusattack.com/platypus.pdf
-
2020 State of Encrypted Attacks
https://www.zscaler.com/resources/industry-reports/state-of-encrypted-attacks.pdf
-
Vulnerability Descriptions in the New Version of the Security Update Guide
https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/
-
Ransomware Group Turns to Facebook Ads
https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/
-
IPAS: Security Advisories for November 2020
https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/
-
Meet Muhstik – IoT Botnet Infecting Cloud Servers
https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/
-
Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
https://www.welivesecurity.com/2020/11/12/hungry-data-modpipe-backdoor-hits-pos-software-hospitality-sector/
-
The CostaRicto Campaign: Cyber-Espionage Outsourced
https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced
-
Ransomware-as-a-service: The pandemic within a pandemic
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
-
DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
https://dl.acm.org/doi/pdf/10.1145/3372297.3417280
-
Here Comes TroubleGrabber: Stealing Credentials Through Discord
https://www.netskope.com/blog/here-comes-troublegrabber-stealing-credentials-through-discord
-
Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn
https://arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/
-
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage
-
OK Google, Build Me a Phishing Campaign
https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign/
-
The history of cybersecurity
https://blog.avast.com/history-of-cybersecurity-avast
-
Zooming into Darknet Threats Targeting Japanese Organizations
https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/
-
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/
-
Enter WAPDropper – An Android Malware Subscribing Victims To Premium Services By Telecom Companies
https://research.checkpoint.com/2020/enter-wapdropper-subscribe-users-to-premium-services-by-telecom-companies/
-
Tried and True Hacker Technique: DOS Obfuscation
https://blog.huntresslabs.com/tried-and-true-hacker-technique-dos-obfuscation-400b57cd7dd
-
Apple security hampers detection of unwanted programs
https://blog.malwarebytes.com/mac/2020/11/apple-security-hampers-detection-of-unwanted-programs/
-
Genesis Marketplace, a Digital Fingerprint Darknet Store
https://www.f5.com/labs/articles/threat-intelligence/genesis-marketplace--a-digital-fingerprint-darknet-store
-
German users targeted with Gootkit banker or REvil ransomware
https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/
-
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale
https://arxiv.org/pdf/2009.04344.pdf
-
Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/
-
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware
-
DarkIRC bot exploits recent Oracle WebLogic vulnerability
https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
-
Turla Crutch: Keeping the “back door” open
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
-
The December 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/12/8/the-december-2020-security-update-review
-
APT Group Targeting Governmental Agencies in East Asia
https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/
-
IceRat evades antivirus by running PHP on Java VM
https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
-
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit
https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/
https://eclypsium.com/wp-content/uploads/2020/12/TrickBot-Now-Offers-TrickBoot-Persist-Brick-Profit.pdf
-
What did DeathStalker hide between two ferns?
https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/
-
IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain
https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/
-
AMNESIA:33 – Forescout Research Labs Finds 33 New Vulnerabilities in Open Source TCP/IP Stacks
https://www.forescout.com/company/blog/amnesia33-forescout-research-labs-finds-33-new-vulnerabilities-in-open-source-tcp-ip-stacks/
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
-
Persistent parasite in EOL Magento 2 stores wakes at Black Friday
https://sansec.io/research/magento-2-persistent-parasite
-
PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers
https://www.guardicore.com/labs/please-read-me-opportunistic-ransomware-devastating-mysql-servers/
-
Partnership Executive Interview Series - Avast and Shadowserver
https://youtu.be/RZfPTfFTeSQ (https://youtu.be/RZfPTfFTeSQ)
The cat was certainly the star of the show.
-
Qakbot Upgrades to Stealthier Persistence Method
https://www.binarydefense.com/qakbot-upgrades-to-stealthier-persistence-method/
-
Partnership Executive Interview Series - Avast and Shadowserver
https://youtu.be/RZfPTfFTeSQ (https://youtu.be/RZfPTfFTeSQ)
The cat was certainly the star of the show.
Thanks for sharing Bob, interesting interview.
PS: You're right about the cat..!! ;D 8)
-
Partnership Executive Interview Series - Avast and Shadowserver
https://youtu.be/RZfPTfFTeSQ (https://youtu.be/RZfPTfFTeSQ)
The cat was certainly the star of the show.
Thanks for sharing Bob, interesting interview.
PS: You're right about the cat..!! ;D 8)
Many strange things happen when using Zoom to do interviews or webinars.
I should know. I've seen some strange and sometimes not so pleasent things in the past 9 month.
-
A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy
https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
-
MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
https://blogs.blackberry.com/en/2020/12/mountlocker-ransomware-as-a-service-offers-double-extortion-capabilities-to-affiliates
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
-
Taking Action Against Hackers in Bangladesh and Vietnam
https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/
-
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
-
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign
https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf
-
PyMICROPSIA: New Information-Stealing Trojan from AridViper
https://unit42.paloaltonetworks.com/pymicropsia/
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
-
Pwine Award Winners 2020
https://pwnies.com/winners/
-
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
https://news.sophos.com/en-us/2020/12/16/systembc/
-
2 New RubyGems laced with cryptocurrency stealing malware taken down
https://blog.sonatype.com/rubygems-laced-with-bitcoin-stealing-malware
-
Pay2Kitten – Fox Kitten 2
https://www.clearskysec.com/pay2kitten/
https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
-
IBM Trusteer Exposes Massive Fraud Operation Facilitated by Evil Mobile Emulator Farms
https://securityintelligence.com/posts/massive-fraud-operation-evil-mobile-emulator-farms/
-
Everything but the kitchen sink: more attacks from the Gitpaste-12 worm
https://blogs.juniper.net/en-us/threat-research/everything-but-the-kitchen-sink-more-attacks-from-the-gitpaste-12-worm
-
Social Media Manipulation Report 2020
https://stratcomcoe.org/social-media-manipulation-report-2020
-
Domestic IoT Nightmares: Smart Doorbells
https://research.nccgroup.com/2020/12/18/domestic-iot-nightmares-smart-doorbells/
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
-
Lazarus covets COVID-19-related intelligence
https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/
-
Amazon Gift Card Offer Serves Up Dridex Banking Trojan
https://www.cybereason.com/blog/amazon-gift-card-offer-serves-up-dridex-banking-trojan
-
CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
https://www.crowdstrike.com/blog/crowdstrike-launches-free-tool-to-identify-and-help-mitigate-risks-in-azure-active-directory/
-
Multi-platform skimmer hits Shopify, Bigcommerce and others
https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
-
Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
-
APT27 Turns to Ransomware
https://medium.com/proferosec-osm/apt27-turns-to-ransomware-77aaba41ef1e
https://shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf
-
Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
-
Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again
https://blog.checkpoint.com/2021/01/05/attacks-targeting-healthcare-organizations-spike-globally-as-covid-19-cases-rise-again/
-
Undocumented user account in Zyxel products (CVE-2020-29583)
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
-
Babuk Ransomware
http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/
-
Malware using new Ezuri memory loader
https://cybersecurity.att.com/blogs/labs-research/malware-using-new-ezuri-memory-loader
-
The January 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/1/12/the-january-2021-security-update-review
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
Sunburst backdoor – code overlaps with Kazuar
https://securelist.com/sunburst-backdoor-kazuar/99981/
-
Intel adds hardware-based ransomware detection to 11th gen CPUs
https://www.bleepingcomputer.com/news/security/intel-adds-hardware-based-ransomware-detection-to-11th-gen-cpus/
https://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/vpro-platform-proactive-device-protection-against-modern-threats-solution-brief.pdf
-
FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
-
DarkSide ransomware decryptor recovers victims' files for free
https://www.bleepingcomputer.com/news/security/darkside-ransomware-decryptor-recovers-victims-files-for-free/
https://labs.bitdefender.com/2021/01/darkside-ransomware-decryption-tool/
-
Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API
https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/
-
Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API
https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/ (https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/)
Maybe we need to teach this to the customers that are having problems getting past the Avast captcha? :)
-
Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API
https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/ (https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/)
Maybe we need to teach this to the customers that are having problems getting past the Avast captcha? :)
;D 8)
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
Sunburst backdoor – code overlaps with Kazuar
https://securelist.com/sunburst-backdoor-kazuar/99981/
SUNSPOT: An Implant in the Build Process
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
-
December 2020 Coordinated Inauthentic Behavior Report
https://about.fb.com/news/2021/01/december-2020-coordinated-inauthentic-behavior-report/
-
December 2020 Coordinated Inauthentic Behavior Report
https://about.fb.com/news/2021/01/december-2020-coordinated-inauthentic-behavior-report/ (https://about.fb.com/news/2021/01/december-2020-coordinated-inauthentic-behavior-report/)
For a minute, I thought this was going to be about politics. ;D
-
Avast Hacker Archives Episode 1: Joe FitzPatrick
https://blog.avast.com/avast-hacker-archives-episode-1-joe-fitzpatrick-avast
-
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
-
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ (https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/)
According to Malwarebytes, "Our software remains safe to use."
-
Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
-
Classiscam expands to Europe: Russian-speaking scammers lure Europeans to pages mimicking classifieds
https://www.group-ib.com/media/classiscam-in-europe/
-
FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
-
The State of State Machines
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
-
The State of State Machines
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html (https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html)
All the discovered vulnerabilities have been fixed but this attack platforms needs constant scrutiny.
-
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
Sunburst backdoor – code overlaps with Kazuar
https://securelist.com/sunburst-backdoor-kazuar/99981/
SUNSPOT: An Implant in the Build Process
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
Raindrop: New Malware Discovered in SolarWinds Investigation
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware
-
DNSpooq: Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq
https://www.jsof-tech.com/disclosures/dnspooq/
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq-Technical-WP.pdf
-
CVE-2020-9971 Abusing XPC Service mechanism to elevate privilege in macOS/iOS
https://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/
-
World’s most dangerous malware EMOTET disrupted through global action
https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action
https://www.politie.nl/themas/controleer-of-mijn-inloggegevens-zijn-gestolen.html#english
-
DNSpooq: Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq
https://www.jsof-tech.com/disclosures/dnspooq/
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq-Technical-WP.pdf
List of DNSpooq vulnerability advisories, patches, and updates
https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/
-
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
-
Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight
https://blog.checkpoint.com/2021/01/21/cyber-criminals-leave-stolen-phishing-credentials-in-plain-sight/
-
New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
-
TeamTNT delivers malware with new detection evasion tool
https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool
-
New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
ZINC attacks against security researchers
https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
-
Avast Hacker Archives Episode 2: Katie Moussouris
https://blog.avast.com/avast-hacker-archives-episode-2-katie-moussouris-avast
-
Avast Hacker Archives Episode 2: Katie Moussouris
https://blog.avast.com/avast-hacker-archives-episode-2-katie-moussouris-avast (https://blog.avast.com/avast-hacker-archives-episode-2-katie-moussouris-avast)
An excellent way to spend 40 minutes. :)
-
‘Lebanese Cedar’ APT
https://www.clearskysec.com/cedar/
https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf
-
New Fonix ransomware decryptor can recover victim's files for free
https://www.bleepingcomputer.com/news/security/new-fonix-ransomware-decryptor-can-recover-victims-files-for-free/
-
Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/
-
World’s most dangerous malware EMOTET disrupted through global action
https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action
https://www.politie.nl/themas/controleer-of-mijn-inloggegevens-zijn-gestolen.html#english
Cleaning up after Emotet: the law enforcement file
https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/
-
Vovalex is likely the first ransomware written in D
https://www.bleepingcomputer.com/news/security/vovalex-is-likely-the-first-ransomware-written-in-d/
-
Pro-Ocean: Rocke Group’s New Cryptojacking Malware
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
-
Operation NightScout: Supply‑chain attack targets online gaming in Asia
https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/
-
Understanding the circle of digital certificate trust
https://blog.avast.com/understanding-digital-certificates-avast
https://www.zdnet.com/article/google-bans-another-misbehaving-ca-from-chrome/
-
Emsisoft releases new decryptor for Ziggy ransomware
https://blog.emsisoft.com/en/37722/emsisoft-releases-new-decryptor-for-ziggy-ransomware/
https://www.emsisoft.com/ransomware-decryption-tools/ziggy
-
Avast joins the Coalition Against Stalkerware
https://blog.avast.com/coalition-against-stalkerware-avast
https://stopstalkerware.org/
-
Barcode Scanner app on Google Play infects 10 million users with one update
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
-
The February 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/2/9/the-february-2022-security-update-review
-
Trickbot masrv Module
https://www.kryptoslogic.com/blog/2021/02/trickbot-masrv-module/
-
Kobalos – A complex Linux threat to high performance computing infrastructure
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
-
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
-
Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
-
Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands
https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020
-
Abusing Google Chrome extension syncing for data exfiltration and C&C
https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
-
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
-
New phishing attack uses Morse code to hide malicious URLs
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
-
Launching OSV - Better vulnerability triage for open source
https://opensource.googleblog.com/2021/02/launching-osv-better-vulnerability.html
-
SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments
https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/
-
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/
-
Here's part three of this fascinating series.
Avast Hacker Archives Episode 3: Chris Roberts
https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast (https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast)
-
Here's part three of this fascinating series.
Avast Hacker Archives Episode 3: Chris Roberts
https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074
Bob your link is messed up, this just throws you into a Post window loop for THIS topic..
-
Here's part three of this fascinating series.
Avast Hacker Archives Episode 3: Chris Roberts
https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074 (https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074)
Bob your link is messed up, this just throws you into a Post window loop for THIS topic..
Appologies, I've corrected the post to reflect the correct link which is,
https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast
-
Here's part three of this fascinating series.
Avast Hacker Archives Episode 3: Chris Roberts
https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074 (https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074)
Bob your link is messed up, this just throws you into a Post window loop for THIS topic..
Appologies, I've corrected the post to reflect the correct link which is,
https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast
No problem, working fine now.
-
NUMBER:JACK – Forescout Research Labs Finds Nine ISN Generation Vulnerabilities Affecting TCP/IP Stacks
https://www.forescout.com/company/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks/
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
-
CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender
https://labs.sentinelone.com/cve-2021-24092-12-years-in-hiding-a-privilege-escalation-vulnerability-in-windows-defender/
-
TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus
https://www.bleepingcomputer.com/news/security/trickbots-bazarbackdoor-malware-is-now-coded-in-nim-to-evade-antivirus/
-
Web shell attacks continue to rise
https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/
-
Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
-
The Long Hack: How China Exploited a U.S. Tech Supplier
https://www.bloomberg.com/features/2021-supermicro/
-
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
-
MassLogger v3: a .NET stealer with serious obfuscation
https://decoded.avast.io/anhho/masslogger-v3-a-net-stealer-with-serious-obfuscation/
-
When cybercrime went from fun to financially driven
https://blog.avast.com/fun-to-financially-driven-cybercrime-avast
-
Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
-
Microsoft Internal Solorigate Investigation – Final Update
https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/
https://www.microsoft.com/security/blog/2021/01/19/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate/
-
Microsoft Internal Solorigate Investigation – Final Update
https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ (https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/)
https://www.microsoft.com/security/blog/2021/01/19/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate/ (https://www.microsoft.com/security/blog/2021/01/19/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate/)
Pretty sad to think we've come to a state where you trust no one. :'(
-
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-055a
-
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security
https://www.politico.eu/article/data-at-risk-amazon-security-threat/
-
Arm'd & Dangerous - malicious code, now native on apple silicon
https://objective-see.com/blog/blog_0x62.html
-
'Spy pixels in emails have become endemic'
https://www.bbc.com/news/technology-56071437
-
Alert (AA21-048A) - AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
https://us-cert.cisa.gov/ncas/alerts/aa21-048a
-
Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack
https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
-
Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack
https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/ (https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/)
Since I neither use IE or Adobe Reader I guess this isn't something for me to worry about.
"This zero-day is a new vulnerability which caused by win32k callback, it could be used to escape the sandbox of Microsoft IE browser
or Adobe Reader on the lasted Windows 10 version."
-
New Phishing Attack Identified: Malformed URL Prefixes
https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
-
Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight
https://redcanary.com/blog/clipping-silver-sparrows-wings/
-
The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
https://research.checkpoint.com/2021/the-story-of-jian/
-
Is Your Browser Extension a Botnet Backdoor?
https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/
-
Vietnamese Activists Targeted by Notorious Hacking Group
https://www.amnestyusa.org/reports/vietnamese-activists-targeted-by-notorious-hacking-group/
https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf
-
Securing a shifting landscape: Corporate perceptions of nation-state cyber-threats
https://cybertechaccord.org/uploads/prod/2021/02/eiu-cybersecurity-tech-accord-report.pdf
-
What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses
https://www.theregister.com/2021/02/24/dns_cname_tracking/
https://arxiv.org/pdf/2102.09301.pdf
-
LazyScripter: From Empire to double RAT
https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf
-
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/
-
Lazarus targets defense industry with ThreatNeedle
https://ics-cert.kaspersky.com/reports/2021/02/25/lazarus-targets-defense-industry-with-threatneedle/
https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Lazarus-targets-defense-industry-with-Threatneedle-En.pdf
-
Ryuk Ransomware
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf
-
What are these suspicious Google GVT1.com URLs?
https://www.bleepingcomputer.com/news/security/what-are-these-suspicious-google-gvt1com-urls/
-
TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global
-
Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties
https://blog.sonatype.com/malicious-dependency-confusion-copycats-exfiltrate-bash-history-and-etc-shadow-files
-
“Gootloader” expands its payload delivery options
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
-
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
-
The March 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/3/9/the-march-2021-security-update-review
-
16Shop Targets Cash App with Latest Phishing Kit
https://www.zerofox.com/blog/16shop-cash-app-phishing-kit/
-
Cybercriminals Adapt to Bypass 3D Secure
https://geminiadvisory.io/cybercriminals-bypass-3ds/
-
What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses
https://www.theregister.com/2021/02/24/dns_cname_tracking/
https://arxiv.org/pdf/2102.09301.pdf
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/
-
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
-
A Basic Timeline of the Exchange Mass-Hack
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
-
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html
-
Bitsquatting Windows.com
https://remyhax.xyz/posts/bitsquatting-windows/
-
The Compact Campaign
https://www.wmcglobal.com/blog/the-compact-campaign
-
Ransomware is a multi-billion industry and it keeps growing
https://www.bleepingcomputer.com/news/security/ransomware-is-a-multi-billion-industry-and-it-keeps-growing/
-
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
-
A Basic Timeline of the Exchange Mass-Hack
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
The Microsoft Exchange hacks: How they started and where we are
https://www.bleepingcomputer.com/news/security/the-microsoft-exchange-hacks-how-they-started-and-where-we-are/
-
SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group
-
Hidden menace: Peeling back the secrets of OnionCrypter
https://decoded.avast.io/jakubkaloc/onion-crypter/
-
Video: Avast Hacker Archives Episode 4: Troy Hunt
https://blog.avast.com/avast-hacker-archives-episode-4-troy-hunt-avast
-
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
https://www.cybereason.com/blog/cybereason-exposes-malware-targeting-us-taxpayers
-
Azure LoLBins: Protecting against the dual use of virtual machine extensions
https://www.microsoft.com/security/blog/2021/03/09/azure-lolbins-protecting-against-the-dual-use-of-virtual-machine-extensions/
-
A Spectre proof-of-concept for a Spectre-proof web
https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
-
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
https://www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/
-
New Mirai Variant Targeting Network Security Devices
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
-
New Old Bugs in the Linux Kernel
https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
-
Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft
https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-theft
-
Alert (AA21-077A) - Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
https://us-cert.cisa.gov/ncas/alerts/aa21-077a
-
New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
-
The rise of ransomware as a service
https://blog.avast.com/ransomware-as-a-service-avast
-
In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
-
Purple Fox Rootkit Now Propagates as a Worm
https://www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/
-
New Advanced Android Malware Posing as “System Update”
https://blog.zimperium.com/new-advanced-android-malware-posing-as-system-update/
-
Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
-
BazarCall malware uses malicious call centers to infect victims
https://www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/
-
20 Million Miners: Finding Malicious Cryptojacking Images in Docker Hub
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
-
Android sends 20x more data to Google than iOS sends to Apple, study says
https://arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
-
Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools
https://blog.talosintelligence.com/2021/03/cheating-cheater-how-adversaries-are.html
-
Fake jQuery files infect WordPress sites with malware
https://www.bleepingcomputer.com/news/security/fake-jquery-files-infect-wordpress-sites-with-malware/
-
I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
-
GitHub investigating crypto-mining campaign abusing its server infrastructure
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
-
EtterSilent: the underground’s new favorite maldoc builder
https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
-
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks
https://ics-cert.kaspersky.com/reports/2021/04/07/vulnerability-in-fortigate-vpn-servers-is-exploited-in-cring-ransomware-attacks/
-
Investigating a unique “form” of email delivery for IcedID malware
https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/
-
Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments
https://us-cert.cisa.gov/ncas/current-activity/2021/04/08/using-aviary-to-analyze-post-compromise-threat-activity
-
What goes around comes around: hackers leak other hackers’ data online
https://www.group-ib.com/media/swarmshop-breach/
-
The April 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/4/13/the-april-2021-security-update-review
-
Gamifying machine learning for stronger security and AI models
https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models/
-
HTML Lego: Hidden Phishing at Free JavaScript Site
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/
-
US government confirms Russian SVR behind the SolarWinds hack
https://www.bleepingcomputer.com/news/security/us-government-confirms-russian-svr-behind-the-solarwinds-hack/
https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/
-
HackBoss: A cryptocurrency-stealing malware distributed through Telegram
https://decoded.avast.io/romanalinkeova/hackboss-a-cryptocurrency-stealing-malware-distributed-through-telegram/
-
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
https://www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/
-
Google’s Secret ‘Project Bernanke’ Revealed in Texas Antitrust Case
https://www.wsj.com/articles/googles-secret-project-bernanke-revealed-in-texas-antitrust-case-11618097760
-
NAME:WRECK DNS vulnerabilities affect over 100 million devices
https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/
-
Google Alerts continues to be a hotbed of scams and malware
https://www.bleepingcomputer.com/news/security/google-alerts-continues-to-be-a-hotbed-of-scams-and-malware/
-
Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt
-
Allow arbitrary URLs, expect arbitrary code execution
https://positive.security/blog/url-open-rce
-
Can you spot a deceptive installer?
https://blog.avast.com/deceptive-installers-tips-avast
-
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021
-
A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
https://securityandtechnology.org/ransomwaretaskforce/report/
https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf
-
Why Google Should Stop Logging Contact-Tracing Data
https://blog.appcensus.io/2021/04/27/why-google-should-stop-logging-contact-tracing-data/
-
RotaJakiro: A long live secret backdoor with 0 VT detection
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
-
New Nebulae Backdoor Linked with the NAIKON Group
https://labs.bitdefender.com/2021/04/new-nebulae-backdoor-linked-with-the-naikon-group/
https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf
-
“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks
https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/
-
The UNC2529 Triple Double: A Trifecta Phishing Campaign
https://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html
-
Pingback: Backdoor At The End Of The ICMP Tunnel
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
-
tsuNAME - Vulnerability that can be used to DDoS DNS
https://tsuname.io/
-
Operation TunnelSnake
https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
-
The May 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/5/11/the-may-2021-security-update-review
-
Security probe of Qualcomm MSM data services
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
-
FragAttacks (fragmentation and aggregation attacks)
https://www.fragattacks.com/
-
FragAttacks (fragmentation and aggregation attacks)
https://www.fragattacks.com/ (https://www.fragattacks.com/)
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/14/21/15/crh2roVfwXF/preview.jpg)
-
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
-
Business email compromise campaign targets wide range of orgs with gift card scam
https://www.microsoft.com/security/blog/2021/05/06/business-email-compromise-campaign-targets-wide-range-of-orgs-with-gift-card-scam/
-
Connecting the Bots - Hancitor fuels Cuba Ransomware Operations
https://blog.group-ib.com/hancitor-cuba-ransomware
-
Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
https://fingerprintjs.com/blog/external-protocol-flooding/
-
Findings from Verizon's latest data breach report
https://blog.avast.com/2021-verizon-data-breach-report-avast
-
Meet Lorenz — A new ransomware gang targeting the enterprise
https://www.bleepingcomputer.com/news/security/meet-lorenz-a-new-ransomware-gang-targeting-the-enterprise/
-
Don't fall for these search engine scams
https://blog.avast.com/dont-fall-for-search-engine-scams
-
Threat Actors Use MSBuild to Deliver RATs Filelessly
https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
-
Cortex Xpanse Researchers Identify Missing Metric for a Modern SOC
https://www.paloaltonetworks.com/blog/2021/05/rsac-attack-surface-management/
https://start.paloaltonetworks.com/asm-report
-
SimuLand: Understand adversary tradecraft and improve detection strategies
https://www.microsoft.com/security/blog/2021/05/20/simuland-understand-adversary-tradecraft-and-improve-detection-strategies/
-
Misconfiguration of third party cloud services exposed data of over 100 million users
https://blog.checkpoint.com/2021/05/20/misconfiguration-of-third-party-cloud-services-exposed-data-of-over-100-million-users/
-
Not good news for Apple users on the M1 chip devices.
Summary
A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly
exchange data between them, without using memory, sockets, files, or any other normal operating system features.
This works between processes running as different users and under different privilege levels,
creating a covert channel for surreptitious data exchange.
The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.
https://m1racles.com/ (https://m1racles.com/)
-
Bizarro banking Trojan expands its attacks to Europe
https://securelist.com/bizarro-banking-trojan-expands-its-attacks-to-europe/102258/
-
Attributing CryptoCore Attacks Against Crypto Exchanges to LAZARUS (North Korea)
https://www.clearskysec.com/cryptocore-lazarus-attribution/
https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf
-
Try This One Weird Trick Russian Hackers Hate
https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/
-
Pwned Passwords, Open Source in the .NET Foundation and Working with the FBI
https://www.troyhunt.com/pwned-passwords-open-source-in-the-dot-net-foundation-and-working-with-the-fbi/
-
BazaFlix: BazaLoader Fakes Movie Streaming Service
https://www.proofpoint.com/us/blog/threat-insight/bazaflix-bazaloader-fakes-movie-streaming-service
-
Introducing Half-Double: New hammering technique for DRAM Rowhammer bug
https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html
-
Another Nobelium Cyberattack
https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
-
A new ransomware enters the fray: Epsilon Red
https://news.sophos.com/en-us/2021/05/28/epsilonred/
-
Another Nobelium Cyberattack
https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
Breaking down NOBELIUM’s latest early-stage toolset
https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
-
A not so Fancy game. Exploring the new “SkinnyBoy” Bear’s backdoor
https://cluster25.io/2021/06/03/a-not-so-fancy-game-apt28-skinnyboy/
https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf
-
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html
-
The June 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/6/8/the-june-2021-security-update-review
-
Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
https://unit42.paloaltonetworks.com/siloscape/
-
PuzzleMaker attacks with Chrome zero-day exploit chain
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
-
800 criminals arrested in biggest ever law enforcement operation against encrypted communication
https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication
-
800 criminals arrested in biggest ever law enforcement operation against encrypted communication
https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication (https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication)
https://youtu.be/ic8FYwEyGUA
-
ALPACA Attack
https://alpaca-attack.com/
https://alpaca-attack.com/ALPACA.pdf
-
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/06/13/12/30/cr1IlvVhRUJ/preview.jpg)
https://windowsreport.com/windows-defender-vs-avast/ (https://windowsreport.com/windows-defender-vs-avast/)
-
Gelsemium: When threat actors go gardening
https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/
-
Avaddon ransomware shuts down and releases decryption keys
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/
http://www.emsisoft.com/ransomware-decryption-tools/avaddon
-
Avaddon ransomware shuts down and releases decryption keys
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/ (https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/)
http://www.emsisoft.com/ransomware-decryption-tools/avaddon (http://www.emsisoft.com/ransomware-decryption-tools/avaddon)
It's nice to see and read about some good news for a change. :)
-
Avaddon ransomware shuts down and releases decryption keys
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/ (https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/)
http://www.emsisoft.com/ransomware-decryption-tools/avaddon (http://www.emsisoft.com/ransomware-decryption-tools/avaddon)
It's nice to see and read about some good news for a change. :)
The really good news would be that the money was returned and they had been locked up for their crimes.
-
2021 CISO REPORT
https://www.dynatrace.com/info/cloud-application-security-ciso-research-1/
https://assets.dynatrace.com/en/docs/report/2021-global-ciso-report.pdf
-
Nameless malware that stole 1.2 TB of private data
https://nordlocker.com/malware-analysis/
-
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
-
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
-
Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
https://fingerprintjs.com/blog/external-protocol-flooding/
-
Millions of Connected Cameras Open to Eavesdropping
https://threatpost.com/millions-connected-cameras-eavesdropping/166950/
https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
-
Vigilante malware rats out software pirates while blocking ThePirateBay
https://news.sophos.com/en-us/2021/06/17/vigilante-antipiracy-malware/
-
Fake DarkSide Campaign Targets Energy and Food Sectors
https://www.trendmicro.com/en_us/research/21/f/fake-darkside-campaign-targets-energy-and-food-sectors.html
-
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/
-
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/ (https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/)
Is Russia afraid of possible Chinees spying?
-
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/ (https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/)
Is Russia afraid of possible Chinees spying?
I think more like they want to know what their citizens are up to ;)
-
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/ (https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/)
Is Russia afraid of possible Chinees spying?
I think more like they want to know what their citizens are up to ;)
Or both.... ;)
-
Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models via Dell Remote OS Recovery and Firmware Update Capabilities
https://eclypsium.com/2021/06/24/biosdisconnect/
https://eclypsium.com/wp-content/uploads/2021/06/Eclypsium-Discovers-Multiple-Vulnerabilities-Affecting-129-Dell-Models-via-Dell-Remote-OS-Recovery-and-Firmware-Update-Capabilities.pdf
-
Video: Avast Hacker Archives Episode 7: Philip Zimmermann
https://blog.avast.com/avast-hacker-archives-episode-7-philip-zimmermann-avast
-
Sonatype Catches New PyPI Cryptomining Malware
https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection
-
Mysterious ransomware payment traced to a sensual massage site
https://www.bleepingcomputer.com/news/security/mysterious-ransomware-payment-traced-to-a-sensual-massage-site/
https://shared-public-reports.s3.eu-west-1.amazonaws.com/Secrets_behind_the_mysterious_ever101_ransomware.pdf
-
PYSA Loves ChaChi: a New GoLang RAT
https://blogs.blackberry.com/en/2021/06/pysa-loves-chachi-a-new-golang-rat
-
Linux marketplaces vulnerable to RCE and supply chain attacks
https://positive.security/blog/hacking-linux-marketplaces
-
Investigating tech support fraud
https://blog.avast.com/tech-support-fraud-avast
-
Investigating tech support fraud
https://blog.avast.com/tech-support-fraud-avast
Ha, a good start would to be tough on Tech Support spammers :P
-
Investigating tech support fraud
https://blog.avast.com/tech-support-fraud-avast
Ha, a good start would to be tough on Tech Support spammers :P
+++1 8)
-
Yet Another Archive Format Smuggling Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/another-archive-format-smuggling-malware/
-
New Nobelium activity
https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/
-
New Nobelium activity
https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/ (https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/)
Simple protection is to use two factor authentication.
-
Microsoft signed a malicious Netfilter rootkit
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
-
REvil ransomware's new Linux encryptor targets ESXi virtual machines
https://www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/
-
What I did when an email tried to blackmail me
https://blog.avast.com/digging-into-sextortion-emails-avast
-
NFC Flaws Let Researchers Hack ATMs by Waving a Phone
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
-
Lorenz ransomware: analysis and a free decryptor
https://www.tesorion.nl/en/posts/lorenz-ransomware-analysis-and-a-free-decryptor/
-
CVE-2018-18472: Western Digital My Book Live Mass Exploitation
https://censys.io/blog/cve-2018-18472-western-digital-my-book-live-mass-exploitation/
-
Cobalt Strike Usage Explodes Among Cybercrooks
https://threatpost.com/cobalt-strike-cybercrooks/167368/
-
CISA releases new ransomware self-assessment security audit tool
https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/
-
Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
-
Diavol - A New Ransomware Used By Wizard Spider?
https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider
-
Avast researchers fight malware by processing machine data with next-gen machine learning
https://blog.avast.com/processing-machine-data-with-machine-learning-avast
https://arxiv.org/pdf/2105.09107.pdf
-
Avast researchers fight malware by processing machine data with next-gen machine learning
https://blog.avast.com/processing-machine-data-with-machine-learning-avast
https://arxiv.org/pdf/2105.09107.pdf
I just wonder how this new machine learning improves detection and yet doesn't see an increase FPs
Whilst I don't think this would impact so much on the Web Shied (EDIT- having read further, it seems it does), we do appear to be seeing a slight increase in 'possible' FPs in the forums.
-
Avast researchers fight malware by processing machine data with next-gen machine learning
https://blog.avast.com/processing-machine-data-with-machine-learning-avast
https://arxiv.org/pdf/2105.09107.pdf
I just wonder how this new machine learning improves detection and yet doesn't see an increase FPs
Whilst I don't think this would impact so much on the Web Shied (EDIT- having read further, it seems it does), we do appear to be seeing a slight increase in 'possible' FPs in the forums.
Hi Dave, guess it still needs some fine-tuning. ;)
-
NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign
https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/
https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
-
Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/
-
Lookout Unearths Android Crypto Mining Scams
https://blog.lookout.com/lookout-unearths-android-crypto-mining-scams
-
The July 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/7/13/the-july-2021-security-update-review
-
Enhancing threat intelligence using new STIX and TAXII standards
https://blog.avast.com/explaining-stix-and-taxii-standards-avast
-
US warns of action against ransomware gangs if Russia refuses
https://www.bleepingcomputer.com/news/security/us-warns-of-action-against-ransomware-gangs-if-russia-refuses/
-
Mozilla Investigation: YouTube Algorithm Recommends Videos that Violate the Platform’s Very Own Policies
https://foundation.mozilla.org/en/blog/mozilla-investigation-youtube-algorithm-recommends-videos-that-violate-the-platforms-very-own-policies/
https://foundation.mozilla.org/en/campaigns/regrets-reporter/findings/
https://assets.mofoprod.net/network/documents/Mozilla_YouTube_Regrets_Report.pdf
-
REvil: Ransomware gang websites disappear from internet
https://www.bbc.co.uk/news/technology-57826851 (https://www.bbc.co.uk/news/technology-57826851)
-
BIOPASS RAT: New Malware Sniffs Victims via Live Streaming
https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
-
Immediate action required to avoid Ransomware pandemic - INTERPOL
https://www.interpol.int/News-and-Events/News/2021/Immediate-action-required-to-avoid-Ransomware-pandemic-INTERPOL
-
Immediate action required to avoid Ransomware pandemic - INTERPOL
https://www.interpol.int/News-and-Events/News/2021/Immediate-action-required-to-avoid-Ransomware-pandemic-INTERPOL
Interesting, ha, when Brexit was first muted, cooperation between the EU and UK security agencies this was the first EU threat, the disruption of this security cooperation.
-
Trickbot updates its VNC module for high-value targets
https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/
-
Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
-
Video: Avast Hacker Archives Episode 8: Dave Aitel
https://blog.avast.com/avast-hacker-archives-episode-8-dave-aitel-avast
-
Nested Archives Help to Evade SEGs and Deliver BazarBackdoor
https://cofense.com/blog/nested-files-evade-segs/
-
How we protect users from 0-day attacks
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
-
LuminousMoth APT: Sweeping attacks for the chosen few
https://securelist.com/apt-luminousmoth/103332/
-
June 2021’s Most Wanted Malware: Trickbot Remains on Top
https://blog.checkpoint.com/2021/07/13/june-2021s-most-wanted-malware-trickbot-remains-on-top/
-
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/
-
US govt offers $10 million reward for tips on nation-state hackers
https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-reward-for-tips-on-nation-state-hackers/
-
Remote code execution in cdnjs of Cloudflare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
-
Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
-
Forensic Methodology Report: How to catch NSO Group’s Pegasus
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
-
Forensic Methodology Report: How to catch NSO Group’s Pegasus
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Understanding the Pegasus project
https://blog.avast.com/pegasus-and-spyware-avast
-
US govt offers $10 million reward for tips on nation-state hackers
https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-reward-for-tips-on-nation-state-hackers/ (https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-reward-for-tips-on-nation-state-hackers/)
Does that include hacking by the NSO? (Pegasus)
-
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
-
New MosaicLoader malware targets software pirates via online ads
https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/
-
Groundhog day: NPM package caught stealing browser passwords
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
-
Top prevalent malware with a thousand campaigns migrates to macOS
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
-
Forensic Methodology Report: How to catch NSO Group’s Pegasus
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Understanding the Pegasus project
https://blog.avast.com/pegasus-and-spyware-avast
A case against security nihilism
https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/
-
2021 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
-
Threat Spotlight: Unpatched software vulnerabilities
https://blog.barracuda.com/2021/07/21/threat-spotlight-unpatched-software-vulnerabilities/
-
Updated XCSSET Malware Targets Telegram, Other Apps
https://www.trendmicro.com/en_us/research/21/g/updated-xcsset-malware-targets-telegram--other-apps.html
-
LockBit ransomware now encrypts Windows domains using group policies
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/
-
New Attacks on Kubernetes via Misconfigured Argo Workflows
https://www.intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows/
-
Unhacked: 121 tools against ransomware on a single website
https://www.europol.europa.eu/newsroom/news/unhacked-121-tools-against-ransomware-single-website
-
Unhacked: 121 tools against ransomware on a single website
https://www.europol.europa.eu/newsroom/news/unhacked-121-tools-against-ransomware-single-website (https://www.europol.europa.eu/newsroom/news/unhacked-121-tools-against-ransomware-single-website)
You still need this site to do the heavy lifting.
https://www.nomoreransom.org/en/index.html
-
DoppelPaymer Continues to Cause Grief Through Rebranding
https://www.zscaler.com/blogs/security-research/doppelpaymer-continues-cause-grief-through-rebranding
-
Critical 9.9 Vulnerability In Hyper-V Allowed Attackers To Exploit Azure
https://www.guardicore.com/labs/critical-vulnerability-in-hyper-v-allowed-attackers-to-exploit-azure/
-
Alert (AA21-209A) - Top Routinely Exploited Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
-
Kernel Pwning with eBPF: a Love Story
https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story
-
JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code
https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/
-
Vultur, with a V for VNC
https://www.threatfabric.com/blogs/vultur-v-for-vnc.html
-
BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
https://www.recordedfuture.com/blackmatter-ransomware-successor-darkside-revil/
-
Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
-
Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain
https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
-
The August 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review
-
Prometheus TDS - The key to success for Campo Loader
https://blog.group-ib.com/prometheus-tds
-
Pwnie Award Winners 2021
https://pwnies.com/winners/
-
Reproducing The ProxyShell Pwn2Own Exploit
https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
-
Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild
https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild
-
FlyTrap Android Malware Compromises Thousands of Facebook Accounts
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
-
Kaseya's universal REvil decryption key leaked on a hacking forum
https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/
-
New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/
-
Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect
https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/
-
Attackers use Morse code, other encryption methods in evasive phishing campaign
https://www.microsoft.com/security/blog/2021/08/12/attackers-use-morse-code-other-encryption-methods-in-evasive-phishing-campaign/
-
Machine learning explainability: Spotlight on machine data
https://blog.avast.com/machine-learning-explainability-avast
-
Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
-
Video: Avast Hacker Archives Episode 9: Heather Adkins
https://blog.avast.com/avast-hacker-archives-episode-9-heather-adkins-avast
-
Vice Society Leverages PrintNightmare In Ransomware Attacks
https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
-
SynAck ransomware gang releases decryption keys for old victims
https://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/
https://www.emsisoft.com/ransomware-decryption-tools/synack
-
New Iranian Espionage Campaign By “Siamesekitten” – Lyceum
https://www.clearskysec.com/siamesekitten/
https://www.clearskysec.com/wp-content/uploads/2021/08/Siamesekitten.pdf
-
Malware campaign uses clever 'captcha' to bypass browser warning
https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/
-
Malware campaign uses clever 'captcha' to bypass browser warning
https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/ (https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/)
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/24/12/34/crjZl4Vj9HM/preview.jpg)
https://youtu.be/D78e5zO3fQw (https://youtu.be/D78e5zO3fQw)
-
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
-
Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/
-
Threat Spotlight: Ransomware trends
https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/
-
LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockfile-ransomware-new-petitpotam-windows
-
Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported
https://blog.cloudflare.com/cloudflare-thwarts-17-2m-rps-ddos-attack-the-largest-ever-reported/
-
Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
-
Triada Trojan in WhatsApp mod
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
-
Ragnarok ransomware releases master decryptor after shutdown
https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/
-
FTC bans stalkerware maker Spyfone from surveillance business
https://www.bleepingcomputer.com/news/security/ftc-bans-stalkerware-maker-spyfone-from-surveillance-business/
-
FTC bans stalkerware maker Spyfone from surveillance business
https://www.bleepingcomputer.com/news/security/ftc-bans-stalkerware-maker-spyfone-from-surveillance-business/ (https://www.bleepingcomputer.com/news/security/ftc-bans-stalkerware-maker-spyfone-from-surveillance-business/)
FTC issues first ban ever on a stalkerware company
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/02/13/39/crQnIgVQOwH/preview.jpg)
https://youtu.be/f7iJanYIn_o (https://youtu.be/f7iJanYIn_o)
The first meaningful ban against a company that made it's money by spying on others.
-
FIN8 Threat Actor Spotted Once Again with New "Sardonic" Backdoor
https://www.bitdefender.com/blog/labs/fin8-threat-actor-spotted-once-again-with-new-sardonic-backdoor/
https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf
-
FBI shares technical details for Hive ransomware
https://www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/
-
BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://asset-group.github.io/disclosures/braktooth/
-
How MarkMonitor left >60,000 domains for the taking
https://ian.sh/markmonitor
-
QakBot technical analysis
https://securelist.com/qakbot-technical-analysis/103931/
-
Babuk ransomware's full source code leaked on hacker forum
https://www.bleepingcomputer.com/news/security/babuk-ransomwares-full-source-code-leaked-on-hacker-forum/
-
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
-
Avast joins the Tracking-free Ads Coalition
https://blog.avast.com/avast-joins-tracking-free-ads-coalition-avast
-
Avast joins the Tracking-free Ads Coalition
https://blog.avast.com/avast-joins-tracking-free-ads-coalition-avast
A step in the right direction :)
-
FBI: Spike in sextortion attacks cost victims $8 million this year
https://www.bleepingcomputer.com/news/security/fbi-spike-in-sextortion-attacks-cost-victims-8-million-this-year/
-
Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor
-
High-profile Western media outlets repeatedly infiltrated by pro-Kremlin trolls
https://www.cardiff.ac.uk/news/view/2547048-high-profile-western-media-outlets-repeatedly-infiltrated-by-pro-kremlin-trolls
-
New Chainsaw tool helps IR teams analyze Windows event logs
https://www.bleepingcomputer.com/news/security/new-chainsaw-tool-helps-ir-teams-analyze-windows-event-logs/
-
Fighting Misinformation with AI
https://cybersecai.com/fighting-misinformation-with-ai/
-
Fighting Misinformation with AI
https://cybersecai.com/fighting-misinformation-with-ai/ (https://cybersecai.com/fighting-misinformation-with-ai/)
There is probably more disinformation on the Web than actual information.
If you add the amount of disinformation currently being spread by the news organizations
and political parties, it's a wonder that anyone actually gets factual information.
-
The September 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb
-
Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings
https://www.advintel.io/post/groove-vs-babuk-groove-ransom-manifesto-ramp-underground-platform-secret-inner-workings
-
Video: Avast Hacker Archives Episode 10: Keren Elazari
https://blog.avast.com/avast-hacker-archives-episode-10-keren-elazari-avast
-
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
-
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
https://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html
-
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/
-
Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
-
FBI: $113 million lost to online romance scams this year
https://www.bleepingcomputer.com/news/security/fbi-113-million-lost-to-online-romance-scams-this-year/
-
FBI: $113 million lost to online romance scams this year
https://www.bleepingcomputer.com/news/security/fbi-113-million-lost-to-online-romance-scams-this-year/
Oh that reminds me, time to check my Gmail spam folder for scammers hopping to find some gullible person.
-
No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
-
Free REvil ransomware master decrypter released for past victims
https://www.bleepingcomputer.com/news/security/free-revil-ransomware-master-decrypter-released-for-past-victims/
-
Introducing a new schema to track ransomware vulnerabilities
https://blog.avast.com/documenting-vulnerabilities-abused-by-ransomware-gangs-avast
-
Chainalysis in Action: OFAC Sanctions Russian Cryptocurrency OTC Suex that Received Over $160 million from Ransomware Attackers, Scammers, and Darknet Markets
https://blog.chainalysis.com/reports/ofac-sanction-suex-september-2021
-
TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines
https://blog.talosintelligence.com/2021/09/tinyturla.html
-
Mama Always Told Me Not to Trust Strangers without Certificates
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
-
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/
-
FamousSparrow: A suspicious hotel guest
https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/
-
EU officially blames Russia for 'Ghostwriter' hacking activities
https://www.bleepingcomputer.com/news/security/eu-officially-blames-russia-for-ghostwriter-hacking-activities/
-
Financially motivated actor breaks certificate parsing to avoid detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
-
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
-
Microsoft WPBT flaw lets hackers install rootkits on Windows devices
https://www.bleepingcomputer.com/news/security/microsoft-wpbt-flaw-lets-hackers-install-rootkits-on-windows-devices/
-
BloodyStealer and gaming assets for sale
https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/
-
FinSpy: unseen findings
https://securelist.com/finspy-unseen-findings/104322/
-
Apple Pay with VISA lets hackers force payments on locked iPhones
https://www.bleepingcomputer.com/news/security/apple-pay-with-visa-lets-hackers-force-payments-on-locked-iphones/
https://practical_emv.gitlab.io/assets/practical_emv_rp.pdf
-
GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally
https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
-
DarkHalo after SolarWinds: the Tomiris connection
https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/
-
A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html
-
US unites 30 countries to disrupt global ransomware attacks
https://www.bleepingcomputer.com/news/security/us-unites-30-countries-to-disrupt-global-ransomware-attacks/
-
GhostEmperor: From ProxyLogon to kernel mode
https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf
-
A New variant of Hydra Banking Trojan Targeting European Banking Users
https://blog.cyble.com/2021/09/30/a-new-variant-of-hydra-banking-trojan-targeting-european-banking-users/
-
RansomEXX, Fixing Corrupted Ransom
https://medium.com/proferosec-osm/ransomexx-fixing-corrupted-ransom-8e379bcaf701
-
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
-
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/ (https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/)
Sounds to me like a self inflicted wound.
-
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/
-
UEFI threats moving to the ESP: Introducing ESPecter bootkit
https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/
-
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
-
The King is Dead, Long Live MyKings! (Part 1 of 2)
https://decoded.avast.io/janrubin/the-king-is-dead-long-live-mykings/
-
The October 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/10/12/the-october-2021-security-update-review
-
Study reveals Android phones constantly snoop on their users
https://www.bleepingcomputer.com/news/security/study-reveals-android-phones-constantly-snoop-on-their-users/
https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
-
Vidar Stealer Abuses Mastadon Social Network
https://blog.cyberint.com/vidar-stealer-abuses-mastadon-social-network
-
FontOnLake: Previously unknown malware family targeting Linux
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
https://www.welivesecurity.com/wp-content/uploads/2021/10/eset_fontonlake.pdf
-
Togo: Prominent activist targeted with Indian-made spyware linked to notorious hacker group
https://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/
https://www.amnesty.org/en/wp-content/uploads/2021/10/AFR5747562021ENGLISH.pdf
-
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/
-
Actors Target Huawei Cloud Using Upgraded Linux Malware
https://www.trendmicro.com/en_us/research/21/j/actors-target-huawei-cloud-using-upgraded-linux-malware-.html
-
MysterySnail attacks with Windows zero-day
https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/
-
Is it malware or clean? Well, it depends on a plethora of diverse features.
https://blog.avast.com/learning-framework-for-detection-of-novel-malware-avast
-
Necro Python Botnet Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
-
Countering threats from Iran
https://blog.google/threat-analysis-group/countering-threats-iran/
-
New Yanluowang ransomware used in targeted attacks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-targeted-ransomware
-
Governments worldwide to crack down on ransomware payment channels
https://www.bleepingcomputer.com/news/security/governments-worldwide-to-crack-down-on-ransomware-payment-channels/
-
Harvester: Nation-State-Backed Group Uses New Toolset to Target Victims in South Asia
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia
-
Over 25% of Malicious JavaScript Is Being Obfuscated
https://www.akamai.com/blog/security/over-25-percent-of-malicious-javascript-is-being-obfuscated
-
BlackByte ransomware decryptor released to recover files for free
https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-decryptor-released-to-recover-files-for-free/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-2-code-obfuscation-analysis/
-
LightBasin: A Roaming Threat to Telecommunications Companies
https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
-
Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree
https://www.sentinelone.com/labs/karma-ransomware-an-emerging-threat-with-a-hint-of-nemty-pedigree/
-
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
-
UltimaSMS: A widespread premium SMS scam on the Google Play Store
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
https://raw.githubusercontent.com/avast/ioc/master/UltimaSMS/UltimaSMS_IOC_19-10-2021.pdf
-
Phishing campaign targets YouTube creators with cookie theft malware
https://blog.google/threat-analysis-group/phishing-campaign-targets-youtube-creators-cookie-theft-malware/
-
New Gummy Browsers attack lets hackers spoof tracking profiles
https://www.bleepingcomputer.com/news/security/new-gummy-browsers-attack-lets-hackers-spoof-tracking-profiles/
http://arxiv.org/pdf/2110.10129.pdf
-
PurpleFox Adds New Backdoor That Uses WebSockets
https://www.trendmicro.com/en_us/research/21/j/purplefox-adds-new-backdoor-that-uses-websockets.html
-
Babuk ransomware decryptor released to recover files for free
https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/
https://files.avast.com/files/decryptor/avast_decryptor_babuk.exe
Free decryptor released for Atom Silo and LockFile ransomware
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-atom-silo-and-lockfile-ransomware/
https://files.avast.com/files/decryptor/avast_decryptor_atomsilo.exe
-
Microsoft: WizardUpdate Mac malware adds new evasion tactics
https://www.bleepingcomputer.com/news/security/microsoft-wizardupdate-mac-malware-adds-new-evasion-tactics/
-
Babuk ransomware decryptor released to recover files for free
https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/
https://files.avast.com/files/decryptor/avast_decryptor_babuk.exe
Free decryptor released for Atom Silo and LockFile ransomware
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-atom-silo-and-lockfile-ransomware/
https://files.avast.com/files/decryptor/avast_decryptor_atomsilo.exe
Avast releases decryptor for AtomSilo and LockFile ransomware
https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/
-
Russian-speaking cybercrime evolution: What changed from 2016 to 2021
https://securelist.com/russian-speaking-cybercrime-evolution-2016-2021/104656/
-
UDP RAT Malware Being Distributed via Webhards
https://asec.ahnlab.com/en/27555/
-
FTC: ISPs collect and monetize far more user data than you’d think
https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/
https://www.ftc.gov/news-events/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect
-
FTC: ISPs collect and monetize far more user data than you’d think
https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/ (https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/)
https://www.ftc.gov/news-events/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect (https://www.ftc.gov/news-events/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect)
Talk and discussion about a problem is cheap and seems to go on forever.
Action and a solution is always hard to achieve and usually only happens after some catastrophe.
-
New activity from Russian actor Nobelium
https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium/
-
Hitting the BlackMatter gang where it hurts: In the wallet
https://blog.emsisoft.com/en/39181/on-the-matter-of-blackmatter/
-
Threat Advisory: Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
-
Spammers use Squirrelwaffle malware to drop Cobalt Strike
https://www.bleepingcomputer.com/news/security/spammers-use-squirrelwaffle-malware-to-drop-cobalt-strike/
-
Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise
https://blog.sonatype.com/fake-npm-roblox-api-package-installs-ransomware-spooky-surprise
-
North Korean state hackers start targeting the IT supply chain
https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/
-
North Korean state hackers start targeting the IT supply chain
https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/ (https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/)
Why not, the supply chain is in such perfect shape, something need to disrupt it. (Being sarcastic)
-
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
-
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ (https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/)
Which has already been fixed provided your OS is up to date. :)
-
Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
-
Holy SEO Poisoning
https://www.menlosecurity.com/blog/holy-seo-poisoning/
-
THREAT ANALYSIS REPORT: Snake Infostealer Malware
https://www.cybereason.com/blog/threat-analysis-report-snake-infostealer-malware
-
Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse
https://www.theregister.com/2021/10/18/microsoft_malware_brand
-
Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse
https://www.theregister.com/2021/10/18/microsoft_malware_brand (https://www.theregister.com/2021/10/18/microsoft_malware_brand)
So where is law enforcement in all of this? Don't they also have a responsibility?
-
Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers
https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-in-fake-minecraft-alt-list-brings-destruction
-
Protect your business from password sprays with Microsoft DART recommendations
https://www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/
-
Trojan Source Attacks
https://trojansource.codes/
https://trojansource.codes/trojan-source.pdf
-
The November 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/11/9/the-november-2021-security-update-review
-
Mekotio Banker Returns with Improved Stealth and Ancient Encryption
https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/
-
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
-
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
-
Microsoft, Cloudflare, and Google emerge as the most spam-friendly Internet Service Providers
https://atlasvpn.com/blog/microsoft-cloudflare-and-google-emerge-as-the-most-spam-friendly-internet-service-providers
-
Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html
-
Who are latest targets of cyber group Lyceum?
https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns
-
Who are latest targets of cyber group Lyceum?
https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns
Presumably there is an equal and measured action against national threat actors.
-
Gravity RAT Malware Returns as A Chat Application
https://blog.cyble.com/2021/11/11/gravity-rat-malware-returns-as-a-chat-application/
-
Microsoft will now snitch on you at work like never before
https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/
-
Microsoft will now snitch on you at work like never before
https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/ (https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/)
Amazing how headlines always attempt ot mislead.
Does anyone really assume that when they work for someone else that the employer
doesn't have a right to know what you're doing on behalf of the employer's company?
How many insider hacks have just been in the news?
-
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
-
Threat Spotlight: Bait attacks
https://blog.barracuda.com/2021/11/10/threat-spotlight-bait-attacks/
-
THREAT ANALYSIS REPORT: From Shathak Emails to the Conti Ransomware
https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware
-
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
-
DirtyMoe: Deployment
https://decoded.avast.io/martinchlumecky/dirtymoe-4/
https://decoded.avast.io/martinchlumecky/dirtymoe-3/
https://decoded.avast.io/martinchlumecky/dirtymoe-rootkit-driver/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
-
Avast Threat Labs releases Q3 2021 Threat Report
https://blog.avast.com/avast-threat-labs-q3-report-avast
https://decoded.avast.io/threatresearch/avast-q321-threat-report/
-
The Invisible JavaScript Backdoor
https://certitude.consulting/blog/en/invisible-backdoor/
-
BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
https://news.sophos.com/en-us/2021/11/11/bazarloader-call-me-back-attack-abuses-windows-10-apps-mechanism/
-
AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
-
AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits (https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits)
The important thing to notice is that Avast is one of the 6 Security companies that
detects this vulnerability.
-
QAKBOT Loader Returns With New Techniques and Tools
https://www.trendmicro.com/en_us/research/21/k/qakbot-loader-returns-with-new-techniques-and-tools.html
-
A Peek into Top-Level Domains and Cybercrime
https://unit42.paloaltonetworks.com/top-level-domains-cybercrime/
-
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/
-
BrazKing Android Malware Upgraded and Targeting Brazilian Banks
https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
-
Blacksmith
https://comsec.ethz.ch/research/dram/blacksmith/
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
-
Uncovering MosesStaff techniques: Ideology over Money
https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/
-
Guess who’s back
https://cyber.wtf/2021/11/15/guess-whos-back/
-
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/
-
Linux malware agent hits eCommerce sites
https://sansec.io/research/ecommerce-malware-linux-avp
-
New ransomware actor uses password-protected archives to bypass encryption protection
https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/
-
New ransomware actor uses password-protected archives to bypass encryption protection
https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/ (https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/)
What's not explained is how the payload got to the system in the first place. Unless I missed that?
-
Seeing Red
https://www.domaintools.com/resources/blog/seeing-red?
-
Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals
https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals
https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf
-
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
-
Threat actors find and compromise exposed services in 24 hours
https://www.bleepingcomputer.com/news/security/threat-actors-find-and-compromise-exposed-services-in-24-hours/
-
You Overtrust Your Printer
https://arxiv.org/pdf/2111.10645.pdf
-
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/
-
Looking for vulnerabilities in MediaTek audio DSP
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
-
CronRAT malware hides behind February 31st
https://sansec.io/research/cronrat
-
Babadeda Crypter targeting crypto, NFT, and DeFi communities
https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
-
TrickBot phishing checks screen resolution to evade researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
-
ScarCruft surveilling North Korean defectors and human rights activists
https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
-
Doctor Web discovered vulnerabilities in children’s smart watches
https://news.drweb.com/show/?i=14350&lng=en
-
The King is Dead, Long Live MyKings! (Part 1 of 2)
https://decoded.avast.io/janrubin/the-king-is-dead-long-live-mykings/
CoinHelper hides in repackaged installers of software, Windows 11, games, and antivirus
https://blog.avast.com/coinhelper-research-avast
https://decoded.avast.io/janrubin/toss-a-coin-to-your-helper/
-
Deceive the Heavens to Cross the sea
https://threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html
-
Russian internet watchdog announces ban of six more VPN products
https://www.bleepingcomputer.com/news/legal/russian-internet-watchdog-announces-ban-of-six-more-vpn-products/
-
Yanluowang: Further Insights on New Ransomware Threat
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-ransomware-attacks-continue
-
Banking Trojan Targets Banking Users in Malaysia
https://blog.cyble.com/2021/12/01/banking-trojan-targets-banking-users-in-malaysia/
-
ProxyShell exploitation leads to BlackByte ransomware
https://redcanary.com/blog/blackbyte-ransomware/
-
Nine WiFi routers used by millions were vulnerable to 226 flaws
https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/
https://www.iot-inspector.com/blog/router-security-check-2021/
-
Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread
-
Top 2021 threats include ransomware, pandemic-related scams, and fleeceware
https://blog.avast.com/2021-year-in-review-avast
-
Malicious Excel XLL add-ins push RedLine password-stealing malware
https://www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/
-
Top 2021 threats include ransomware, pandemic-related scams, and fleeceware
https://blog.avast.com/2021-year-in-review-avast (https://blog.avast.com/2021-year-in-review-avast)
Avast - 2021 Year in Review
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/07/17/28/crlibuV2ox3/preview.jpg)
https://youtu.be/VImww4Hf7Zo (https://youtu.be/VImww4Hf7Zo)
A look back by Avast at the threat landscape of 2021
Credits for this article go to Grace Macej.
https://blog.avast.com/author/grace-macej
-
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/
-
Tor’s main site blocked in Russia as censorship widens
https://www.bleepingcomputer.com/news/security/tor-s-main-site-blocked-in-russia-as-censorship-widens/
https://blog.torproject.org/tor-censorship-in-russia/
-
NginRAT parasite targets Nginx
https://sansec.io/research/nginrat
-
Mobile banking fraud: BRATA strikes again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
-
14 new attacks on web browsers detected
https://news.rub.de/english/press-releases/2021-12-02-it-security-14-new-attacks-web-browsers-detected
https://xsinator.com/
https://xsinator.com/paper.pdf
-
Is “KAX17” performing de-anonymization Attacks against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
-
Suspected Russian Activity Targeting Government and Business Entities Around the Globe
https://www.mandiant.com/resources/russian-targeting-gov-business
-
Protecting people from recent cyberattacks
https://blogs.microsoft.com/on-the-issues/2021/12/06/cyberattacks-nickel-dcu-china/
-
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
-
Mirai-based Botnet - Moobot Targets Hikvision Vulnerability
https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability
-
Disrupting the Glupteba operation
https://blog.google/threat-analysis-group/disrupting-glupteba-operation/
-
New Cerber ransomware targets Confluence and GitLab servers
https://www.bleepingcomputer.com/news/security/new-cerber-ransomware-targets-confluence-and-gitlab-servers/
-
Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild
https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild
-
The December 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/12/14/the-december-2021-security-update-review
-
USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/
-
STOP Ransomware vaccine released to block encryption
https://www.bleepingcomputer.com/news/security/stop-ransomware-vaccine-released-to-block-encryption/
https://github.com/struppigel/STOP-DJVU-Ransomware-Vaccine
-
USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/ (https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/)
It's important to point out the following:
Vendors have released security updates to address these vulnerabilities.
Some of these are automatically applied while others require customer actions.
At this time, SentinelLabs has not discovered evidence of in-the-wild abuse.
The headline alone isn't always the best news source and can quite often be misleading.
-
WooCommerce Credit Card Swiper Injected Into Random Plugin Files
https://blog.sucuri.net/2021/12/woocommerce-credit-card-swiper-injected-into-random-plugin-files.html
-
ALPHV BlackCat - This year's most sophisticated ransomware
https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated-ransomware/
-
MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability
https://www.fortinet.com/blog/threat-research/manga-aka-dark-mirai-based-campaign-targets-new-tp-link-router-rce-vulnerability
-
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
-
When Honey Bees Become Murder Hornets
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
https://eclypsium.com/wp-content/uploads/2021/12/When_Honey_Bees_Become_Murder_Hornets.pdf
-
Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
-
Karakurt rises from its lair
https://www.accenture.com/us-en/blogs/cyber-defense/karakurt-threat-mitigation
-
Avast Finds Backdoor on US Government Commission Network
https://decoded.avast.io/threatintel/avast-finds-backdoor-on-us-government-commission-network/
-
TinyNuke Banking Malware Targets French Entities
https://www.proofpoint.com/us/blog/threat-insight/tinynuke-banking-malware-targets-french-entities
-
A closer look at Qakbot’s latest building blocks (and how to knock them down)
https://www.microsoft.com/security/blog/2021/12/09/a-closer-look-at-qakbots-latest-building-blocks-and-how-to-knock-them-down/
-
Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant
https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
-
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/
https://arxiv.org/pdf/2112.05719.pdf
-
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/ (https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/)
https://arxiv.org/pdf/2112.05719.pdf (https://arxiv.org/pdf/2112.05719.pdf)
Also covered here, https://youtu.be/AKUHgwwPi3I
-
Driver-Based Attacks: Past and Present
https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
-
Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-campaign-telecoms-asia-middle-east
-
Catching malware red-handed: Behavioral threat fingerprinting
https://blog.avast.com/behavioral-threat-fingerprinting-avast
-
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/
-
Magecart Skimmers Are Alive and Well – Constant Vigilance Is Required
https://www.akamai.com/blog/security/magecart-skimmers-are-alive-and-well-constant-vigilance-is-required
-
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
https://blogs.juniper.net/en-us/threat-research/log4j-vulnerability-attackers-shift-focus-from-ldap-to-rmi
-
Large-scale phishing study shows who bites the bait more often
https://www.bleepingcomputer.com/news/security/large-scale-phishing-study-shows-who-bites-the-bait-more-often/
http://arxiv.org/pdf/2112.07498.pdf
-
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
-
DarkWatchman: A new evolution in fileless techniques.
https://www.prevailion.com/darkwatchman-new-fileness-techniques/
-
How does your location affect your online privacy?
https://blog.avast.com/location-and-online-privacy-avast
-
Phorpiex botnet returns with new tricks making it harder to disrupt
https://www.bleepingcomputer.com/news/security/phorpiex-botnet-returns-with-new-tricks-making-it-harder-to-disrupt/
-
Understanding the Impact of Apache Log4j Vulnerability
https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html
-
Countering disinformation requires a more coordinated approach.
https://blog.avast.com/countering-disinformation-report-avast
-
Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
-
For you only: scammers invent new targeted tools to amplify fraud schemes
https://www.group-ib.com/media/target-links-2021/
-
Honeypot experiment reveals what hackers want from IoT devices
https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/
https://arxiv.org/pdf/2112.10974.pdf
-
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
https://blog.wiz.io/azure-app-service-source-code-leak/
-
MS Teams: 1 feature, 4 vulnerabilities
https://positive.security/blog/ms-teams-1-feature-4-vulns
-
Malicious App Targets Major Brazilian Bank Itaú Unibanco
https://blog.cyble.com/2021/12/23/malicious-app-targets-major-brazilian-bank-itau-unibanco/
-
Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
-
Elastic Security uncovers BLISTER malware campaign
https://www.elastic.co/de/blog/elastic-security-uncovers-blister-malware-campaign
-
Avos Locker remotely accesses boxes, even running in Safe Mode
https://news.sophos.com/en-us/2021/12/22/avos-locker-remotely-accesses-boxes-even-running-in-safe-mode/
-
New Rook Ransomware Feeds Off the Code of Babuk
https://www.sentinelone.com/labs/new-rook-ransomware-feeds-off-the-code-of-babuk/
-
Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included
https://asec.ahnlab.com/en/29885/
-
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/
-
New ways to phish found by academic researchers
https://blog.avast.com/discovering-new-ways-to-phish-avast
https://catching-transparent-phish.github.io/catching_transparent_phish.pdf
-
Firmware attack can drop persistent malware in hidden SSD area
https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/
-
Malicious Telegram Installer Drops Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
-
A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
-
Night Sky is the latest ransomware targeting corporate networks
https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/
-
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
-
Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”
https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/
-
FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond
https://www.f5.com/labs/articles/threat-intelligence/flubots-authors-employ-creative-and-sophisticated-techniques-to-achieve-their-goals-in-version-50-and-beyond
-
Elephant Beetle: Uncovering an Organized Financial-Theft Operation
https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation
-
Google Docs commenting feature exploited for spear-phishing
https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/
-
Google Docs commenting feature exploited for spear-phishing
https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/ (https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/)
Any comments I receive are checked. Any comments that contain links of any kind are deleted.
-
Patchwork APT caught in its own web
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
-
Patchwork APT caught in its own web
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ (https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/)
Sounds like they got bitten by a RAT. :)
-
Patchwork APT caught in its own web
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ (https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/)
Sounds like they got bitten by a RAT. :)
Yep. 8)
-
The January 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/1/11/the-january-2022-security-update-review
-
Trojanized dnSpy app drops malware cocktail on researchers, devs
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
-
New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
-
COVID Omicron Variant Lure Used to Distribute RedLine Stealer
https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer
-
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/
-
Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
https://www.cyberark.com/resources/threat-research-blog/dont-trust-this-title-abusing-terminal-emulators-with-ansi-escape-characters
-
Exploit Kits vs. Google Chrome
https://decoded.avast.io/janvojtesek/exploit-kits-vs-google-chrome/
-
Using machine learning for the fast verification of contested antivirus decisions
https://blog.avast.com/machine-learning-for-contested-antivirus-decisions-avast
-
New SysJoker Backdoor Targets Windows, Linux, and macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
-
New SysJoker Backdoor Targets Windows, Linux, and macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/ (https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/)
Avast has your back on this one. :)
-
Researchers develop CAPTCHA solver to aid dark web research
https://www.bleepingcomputer.com/news/security/researchers-develop-captcha-solver-to-aid-dark-web-research/
-
Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome
https://asec.ahnlab.com/en/30645/
-
TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang
https://www.crowdstrike.com/blog/tellyouthepass-ransomware-analysis-reveals-modern-reinterpretation-using-golang/
-
Abusing Microsoft Office Using Malicious Web Archive Files
https://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files
-
The BlueNoroff cryptocurrency hunt is still on
https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/
-
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent
https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/
-
found this on malwaretips (Im not a forum member there just saw this)
MoonBounce: the dark side of UEFI firmware
forum thread
https://malwaretips.com/threads/moonbounce-the-dark-side-of-uefi-firmware.112056/
source article link
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
-
Destructive malware targeting Ukrainian organizations
https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
-
DHL Replaces Microsoft as Most Imitated Brand in Phishing Attempts in Q4 2021
https://blog.checkpoint.com/2022/01/17/dhl-replaces-microsoft-as-most-imitated-brand-in-phishing-attempts-in-q4-2021/
-
Exploiting IndexedDB API information leaks in Safari 15
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
-
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html
-
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
https://www.bitdefender.com/blog/labs/poking-holes-in-crypto-wallets-a-short-analysis-of-bhunt-stealer/
-
Why you shouldn’t set these 25 Windows policies
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
-
Fresh Phish: Phishers Lure Victims with Fake Invites to Bid on Nonexistent Federal Projects
https://www.inky.com/blog/fresh-phish-phishers-lure-victims-with-fake-invites-to-bid-on-nonexistent-federal-projects
-
Dare to dream: A new way to advertise online
https://blog.avast.com/a-new-way-to-advertise-online-avast
-
Dare to dream: A new way to advertise online
https://blog.avast.com/a-new-way-to-advertise-online-avast (https://blog.avast.com/a-new-way-to-advertise-online-avast)
A great idea but currently only an idea.
https://techcrunch.com/2022/01/20/meps-vote-to-limit-tracking/?utm_source=join1440&utm_medium=email
-
Dare to dream: A new way to advertise online
https://blog.avast.com/a-new-way-to-advertise-online-avast
Avast is starting to use old methods, e.g. seeing lots of TV Adverts for avast One recently in the UK ;)
-
seeing lots of TV Adverts for avast One recently in the UK ;)
And almost hourly radio ads!
-
seeing lots of TV Adverts for avast One recently in the UK ;)
And almost hourly radio ads!
Not heard, mind you it is a very rare occasion I even listen to Radio programs.
-
Nothing in the US.
-
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
https://securelist.com/hunt-for-corporate-credentials-on-ics-networks/105545/
-
Web Skimming Attacks Using Google Tag Manager
https://decoded.avast.io/pavlinakopecka/web-skimming-attacks-using-google-tag-manager/
-
AccessPress Themes Hit With Targeted Supply Chain Attack
https://blog.sucuri.net/2022/01/accesspress-themes-hit-with-targeted-supply-chain-attack.html
-
Ransomware gangs increase efforts to enlist insiders for attacks
https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/
-
Chasing Chaes Kill Chain
https://decoded.avast.io/anhho/chasing-chaes-kill-chain/
-
Malicious PowerPoint files used to push remote access trojans
https://www.bleepingcomputer.com/news/security/malicious-powerpoint-files-used-to-push-remote-access-trojans/
-
How BRATA is monitoring your bank account
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
-
New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key
https://www.bleepingcomputer.com/news/security/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key/
-
Financially Motivated Mobile Scamware Exceeds 100M Installations
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/
-
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
-
TrickBot Bolsters Layered Defenses to Prevent Injection Research
https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/
-
Watering hole deploys new macOS malware, DazzleSpy, in Asia
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
-
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html
-
How to protect your network from a future attack
https://blog.avast.com/protecting-networks-from-future-attacks-avast
-
North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/
-
Over 20,000 data center management systems exposed to hackers
https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/
-
Avast Threat Labs releases Q4 2021 Threat Report
https://blog.avast.com/q4-2021-threat-report-avast
https://decoded.avast.io/threatresearch/avast-q4-21-threat-report/
-
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
-
Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
-
Researchers use GPU fingerprinting to track users online
https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/
https://arxiv.org/pdf/2201.09956.pdf
-
OiVaVoii – An Active Malicious Hybrid Cloud Threats Campaign
https://www.proofpoint.com/us/blog/cloud-security/oivavoii-active-malicious-hybrid-cloud-threats-campaign
-
277,000 routers exposed to Eternal Silence attacks via UPnP
https://www.bleepingcomputer.com/news/security/277-000-routers-exposed-to-eternal-silence-attacks-via-upnp/
-
Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html
-
Achieve better patch compliance with Update Connectivity data
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356
-
How attackers got access to the systems of the National Games of China
https://blog.avast.com/national-games-of-china-systems-attack-analysis-avast
https://decoded.avast.io/janneduchal/analysis-of-attack-against-national-games-of-china-systems/
-
Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
-
PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage
https://www.cybereason.com/blog/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage
-
Mars Stealer: Oski refactoring
https://3xp0rt.com/posts/mars-stealer
-
An In-Depth Look at the 23 High-Impact Vulnerabilities
https://www.binarly.io/posts/An_In_Depth_Look_at_the_23_High_Impact_Vulnerabilities/
-
Decrypted: TargetCompany Ransomware
https://decoded.avast.io/threatresearch/decrypted-targetcompany-ransomware/
-
Malicious CSV text files used to install BazarBackdoor malware
https://www.bleepingcomputer.com/news/security/malicious-csv-text-files-used-to-install-bazarbackdoor-malware/
-
The February 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/2/8/the-february-2022-security-update-review
-
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
https://www.mandiant.com/resources/seo-poisoning-batloader-atera
-
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
https://www.mandiant.com/resources/seo-poisoning-batloader-atera (https://www.mandiant.com/resources/seo-poisoning-batloader-atera)
I'm not sure I understand the headline?
How is this related to Zoom ?
-
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
-
MFA PSA, Oh My!
https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my
-
Cyber Signals: Defending against cyber threats with the latest research, insights, and trends
https://www.microsoft.com/security/blog/2022/02/03/cyber-signals-defending-against-cyber-threats-with-the-latest-research-insights-and-trends/
-
Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks
-
ACTINIUM targets Ukrainian organizations
https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
-
FBI shares Lockbit ransomware technical details, defense tips
https://www.bleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tips/
-
Sugar Ransomware, a new RaaS
https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb
-
Qbot Likes to Move It, Move It
https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/
-
Roaming Mantis reaches Europe
https://securelist.com/roaming-mantis-reaches-europe/105596/
-
Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage
-
Partners-in-crime: Medusa and Cabassous attack banks side-by-side
https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous.html
-
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
https://asec.ahnlab.com/en/31089/
-
Ransomware dev releases Egregor, Maze master decryption keys
https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/
https://www.emsisoft.com/ransomware-decryption-tools/maze-sekhmet-egregor
-
Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/
-
ModifiedElephant APT and a Decade of Fabricating Evidence
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
-
FritzFrog: P2P Botnet Hops Back on the Scene
https://www.akamai.com/blog/security/fritzfrog-p2p
-
A walk through Project Zero metrics
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
-
Never, Ever, Ever Use Pixelation for Redacting Text
https://bishopfox.com/blog/unredacter-tool-never-pixelation
-
Hackers Attach Malicious .exe Files to Teams Conversations
https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
-
Meet Kraken: A New Golang Botnet in Development
https://www.zerofox.com/blog/meet-kraken-a-new-golang-botnet-in-development/
-
Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon
https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/
-
New data-wiping malware used in destructive attacks on Ukraine
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
-
The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works
https://www.advintel.io/post/the-trickbot-saga-s-finale-has-aired-but-a-spinoff-is-already-in-the-works
-
Modified CryptBot Infostealer Being Distributed
https://asec.ahnlab.com/en/31802/
-
Xenomorph: A newly hatched Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
-
Steal Credentials & Bypass 2FA Using noVNC
https://mrd0x.com/bypass-2fa-using-novnc/
-
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
-
Ukraine recruits "IT Army" to hack Russian entities, lists 31 targets
https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/
-
2022 State of the Phish Report Explores Increasingly Active Threat Landscape, Importance of People-Centric Security
https://www.proofpoint.com/us/blog/security-awareness-training/2022-state-phish-explores-increasingly-active-threat-landscape
-
New Sandworm malware Cyclops Blink replaces VPNFilter
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
-
Dridex bots deliver Entropy ransomware in recent attacks
https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/
-
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
-
DeadBolt ransomware now targets ASUSTOR devices, asks 50 BTC for master key
https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/
-
Password analysis - Analysis of 2.5b+ passwords in terms of letter frequency by top-level-domain
https://comedyhacker.com/pwanalysis/
-
Alert (AA22-055A ) - Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
-
(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
https://www.mandiant.com/resources/unc2596-cuba-ransomware
-
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails
-
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
-
Help for Ukraine: Free decryptor for HermeticRansom ransomware
https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/
-
2022 may be the year cybercrime returns its focus to consumers
https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/
-
TeaBot is now spreading across the globe
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
-
Experts urge EU not to force insecure certificates in web browsers
https://www.bleepingcomputer.com/news/security/experts-urge-eu-not-to-force-insecure-certificates-in-web-browsers/
https://www.eff.org/press/releases/cybersecurity-experts-urge-eu-lawmakers-fix-website-authentication-proposal-puts
-
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
-
Meet The Secretive Surveillance Wizards Helping The FBI And ICE Wiretap Facebook And Google Users
https://www.forbes.com/sites/thomasbrewster/2022/02/23/meet-the-secretive-surveillance-wizards-helping-the-fbi-and-ice-wiretap-facebook-and-google-users/
-
Jester Stealer: An Emerging Info Stealer
https://blog.cyble.com/2022/02/24/jester-stealer-an-emerging-info-stealer/
-
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
-
Dozens of COVID passport apps put user's privacy at risk
https://www.bleepingcomputer.com/news/security/dozens-of-covid-passport-apps-put-users-privacy-at-risk/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-passport-risks
-
Dozens of COVID passport apps put user's privacy at risk
https://www.bleepingcomputer.com/news/security/dozens-of-covid-passport-apps-put-users-privacy-at-risk/ (https://www.bleepingcomputer.com/news/security/dozens-of-covid-passport-apps-put-users-privacy-at-risk/)
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-passport-risks (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-passport-risks)
A simple cure for this problem is to do away with those unnecessary passports. :)
-
TCP Middlebox Reflection: Coming to a DDoS Near You
https://www.akamai.com/blog/security/tcp-middlebox-reflection
-
Why the World Must Resist Calls to Undermine the Internet
https://www.internetsociety.org/blog/2022/03/why-the-world-must-resist-calls-to-undermine-the-internet/
-
The March 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/3/8/the-march-2022-security-update-review
-
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
-
Decrypted: Prometheus Ransomware
https://decoded.avast.io/threatresearch/decrypted-prometheus-ransomware/
-
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine
https://www.bitdefender.com/blog/hotforsecurity/bitdefender-labs-sees-increased-malicious-and-scam-activity-exploiting-the-war-in-ukraine
-
Raccoon Stealer: “Trash panda” abuses Telegram
https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/
-
Social media phishing attacks are at an all time high
https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/
-
The Dirty Pipe Vulnerability
https://dirtypipe.cm4all.com/
-
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
-
Emotet growing slowly but steadily since November resurgence
https://www.bleepingcomputer.com/news/security/emotet-growing-slowly-but-steadily-since-november-resurgence/
-
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
-
An update on the threat landscape
https://blog.google/threat-analysis-group/update-threat-landscape-ukraine/
-
Nearly 30% of critical WordPress plugin bugs don't get a patch
https://www.bleepingcomputer.com/news/security/nearly-30-percent-of-critical-wordpress-plugin-bugs-dont-get-a-patch/
-
Fake antivirus updates used to deploy Cobalt Strike in Ukraine
https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/
-
Pre-war spike in phishing attacks targeting infrastructure in Ukraine
https://blog.avast.com/phishing-attacks-in-ukraine
-
The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)
https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
-
Hackers fork open-source reverse tunneling tool for persistence
https://www.bleepingcomputer.com/news/security/hackers-fork-open-source-reverse-tunneling-tool-for-persistence/
-
Increase In Malware Sightings on GoDaddy Managed Hosting
https://www.wordfence.com/blog/2022/03/increase-in-malware-sightings-on-godaddy-managed-hosting/
-
Branch History Injection - On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
https://www.vusec.net/projects/bhi-spectre-bhb/
-
2021 mobile security: Android more vulnerabilities, iOS more zero-days
https://www.bleepingcomputer.com/news/security/2021-mobile-security-android-more-vulnerabilities-ios-more-zero-days/
-
BazarLoader Actors Initiate Contact via Website Contact Forms
https://abnormalsecurity.com/blog/bazarloader-contact-form
-
New CaddyWiper data wiping malware hits Ukrainian networks
https://www.bleepingcomputer.com/news/security/new-caddywiper-data-wiping-malware-hits-ukrainian-networks/
-
AbereBot Returns as Escobar
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
-
DirtyMoe: Worming Modules
https://decoded.avast.io/martinchlumecky/dirtymoe-5/
-
Dozens of ransomware variants used in 722 attacks over 3 months
https://www.bleepingcomputer.com/news/security/dozens-of-ransomware-variants-used-in-722-attacks-over-3-months/
-
Infostealer Being Distributed via YouTube
https://asec.ahnlab.com/en/32499/
-
Mēris and TrickBot standing on the shoulders of giants
https://decoded.avast.io/martinhron/meris-and-trickbot-standing-on-the-shoulders-of-giants/
-
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
-
Free decryptor released for TrickBot gang's Diavol ransomware
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-trickbot-gangs-diavol-ransomware/
https://www.emsisoft.com/ransomware-decryption-tools/howtos/emsisoft_howto_diavol.pdf
-
What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see
https://www.prevailion.com/what-wicked-webs-we-unweave/
-
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
-
Have Your Cake and Eat it Too? An Overview of UNC2891
https://www.mandiant.com/resources/unc2891-overview
-
Operation Dragon Castling: APT group targeting betting companies
https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/
-
Exposing initial access broker with ties to Conti
https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
-
Cyclops Blink Sets Sights on Asus Routers
https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html
-
Spyware dubbed Facestealer infects 100,000+ Google Play users
https://blog.pradeo.com/spyware-facestealer-google-play
-
Password stealer disguised as private Fortnite server spreading via Discord
https://blog.avast.com/password-stealer-disguised-as-fortnite-server-spreading-on-discord
-
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/
-
BitRAT Disguised as Windows Product Key Verification Tool Being Distributed
https://asec.ahnlab.com/en/32781/
-
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
-
New blocks emerge in Russia amid war in Ukraine: An OONI network measurement analysis
https://ooni.org/post/2022-russia-blocks-amid-ru-ua-conflict/
-
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
-
Mustang Panda’s Hodur: Old tricks, new Korplug variant
https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/
-
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
-
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
Did anyone understand what this was all about ???
-
Distribution of ClipBanker Disguised as Malware Creation Tool
https://asec.ahnlab.com/en/32825/
-
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/
-
Countering threats from North Korea
https://blog.google/threat-analysis-group/countering-threats-north-korea/
-
Creepy Spyware Company Goes Broke
https://gizmodo.com/finfisher-claims-insolvency-amid-german-gov-investigat-1848713428
-
Phishing-kit market: what’s inside “off-the-shelf” phishing packages
https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/
-
New JSSLoader Trojan Delivered Through XLL Files
https://blog.morphisec.com/new-jssloader-trojan-delivered-through-xll-files
-
Windows Subsystem for Linux (WSL): Threats Still Lurk Below the (Sub)Surface
https://blog.lumen.com/windows-subsystem-for-linux-wsl-threats/
-
URL rendering trick enabled WhatsApp, Signal, iMessage phishing
https://www.bleepingcomputer.com/news/security/url-rendering-trick-enabled-whatsapp-signal-imessage-phishing/
-
Muhstik Gang targets Redis Servers
https://blogs.juniper.net/en-us/security/muhstik-gang-targets-redis-servers
-
Europol dismantles massive call center investment scam operation
https://www.bleepingcomputer.com/news/security/europol-dismantles-massive-call-center-investment-scam-operation/
https://www.europol.europa.eu/media-press/newsroom/news/latvia-and-lithuania-detain-108-over-multi-million-euro-call-centre-scam
-
SunCrypt Ransomware Gains New Capabilities in 2022
https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
-
New Conversation Hijacking Campaign Delivering IcedID
https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/
-
Tracking cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/
-
Exclusive Threat Research: Mars (Stealer) Attacks!
https://blog.morphisec.com/threat-research-mars-stealer
-
Calendly actively abused in Microsoft credentials phishing
https://www.bleepingcomputer.com/news/security/calendly-actively-abused-in-microsoft-credentials-phishing/
-
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
-
Verblecon: Sophisticated New Loader Used in Low-level Attacks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord
-
New spear phishing campaign targets Russian dissidents
https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
-
Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
https://www.sentinelone.com/blog/hive-ransomware-deploys-novel-ipfuscation-technique/
-
Lazarus Trojanized DeFi app for delivering malware
https://securelist.com/lazarus-trojanized-defi-app/106195/
-
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
-
AcidRain | A Modem Wiper Rains Down on Europe
https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
-
Fresh TOTOLINK Vulnerabilities Picked Up by Beastmode Mirai Campaign
https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign
-
Deep Dive Analysis – Borat RAT
https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat/
-
Global Operation Disrupts Business Email Compromise Schemes
FBI, International Partners Carried Out Operation Eagle Sweep to Combat Financially Devastating Crime
https://www.fbi.gov/news/stories/coordinated-operation-disrupts-global-bec-schemes-033022
-
US disrupts Russian Cyclops Blink botnet before being used in attacks
https://www.bleepingcomputer.com/news/security/us-disrupts-russian-cyclops-blink-botnet-before-being-used-in-attacks/
-
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
-
Germany takes down Hydra, world's largest darknet market
https://www.bleepingcomputer.com/news/legal/germany-takes-down-hydra-worlds-largest-darknet-market/
-
New malware targets serverless AWS Lambda with cryptominers
https://www.bleepingcomputer.com/news/security/new-malware-targets-serverless-aws-lambda-with-cryptominers/
-
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/
-
Parrot TDS takes over web servers and threatens millions
https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/
-
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/
-
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html
-
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/ (https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/)
The article really isn't very clear as to whose VLC installation is effected. or,
is the infection related to VLC servers?
-
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/ (https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/)
The article really isn't very clear as to whose VLC installation is effected. or, is the infection related to VLC servers?
More here: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
-
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/ (https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/)
The article really isn't very clear as to whose VLC installation is effected. or, is the infection related to VLC servers?
According to that, the average person isn't a target.
More here: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks)
-
Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
-
Android apps with 45 million installs used data harvesting SDK
https://www.bleepingcomputer.com/news/security/android-apps-with-45-million-installs-used-data-harvesting-sdk/
http://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
-
FFDroider Stealer Targeting Social Media Platform Users
https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
-
Disrupting cyberattacks targeting Ukraine
https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/
-
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/
-
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
-
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html
-
The April 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/4/11/the-april-2022-security-update-review
-
New Meta information stealer distributed in malspam campaign
https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/
-
Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
-
Qbot malware switches to new Windows Installer infection vector
https://www.bleepingcomputer.com/news/security/qbot-malware-switches-to-new-windows-installer-infection-vector/
-
Tarrask malware uses scheduled tasks for defense evasion
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/
-
Attackers linger on government agency computers before deploying Lockbit ransomware
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/
-
RaidForums hacking forum seized by police, owner arrested
https://www.bleepingcomputer.com/news/security/raidforums-hacking-forum-seized-by-police-owner-arrested/
https://www.justice.gov/opa/pr/united-states-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator
https://www.europol.europa.eu/media-press/newsroom/news/one-of-world%E2%80%99s-biggest-hacker-forums-taken-down
-
Malware Campaigns Targeting African Banking Sector
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector
-
Fakecalls: a talking Trojan
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/
-
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/
-
Enemybot: A Look into Keksec's Latest DDoS Botnet
https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet
-
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
-
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/
https://wiscprivacy.com/papers/vca_mute.pdf
-
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/ (https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/)
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/ (https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/)
https://wiscprivacy.com/papers/vca_mute.pdf (https://wiscprivacy.com/papers/vca_mute.pdf)
I use a USB connected mic. If I'm that paranoid and don't think turning off the mike is actually turning off the mike, simply unplug the usb line from the mic.
-
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/
https://wiscprivacy.com/papers/vca_mute.pdf
I think people need to start looking at internet of things tools, smart TVs, devices, etc. that use voice commands. As they are awaiting (read listening) for your commands.
-
Old Gremlins, new methods
https://blog.group-ib.com/oldgremlin_comeback
-
Zloader 2: The Silent Night
https://decoded.avast.io/vladimirmartyanov/zloader-the-silent-night/
-
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
-
How to recover files encrypted by Yanlouwang
https://securelist.com/how-to-recover-files-encrypted-by-yanlouwang/106332/
-
Newly found zero-click iPhone exploit used in NSO spyware attacks
https://www.bleepingcomputer.com/news/security/newly-found-zero-click-iphone-exploit-used-in-nso-spyware-attacks/
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/
-
Your iOS app may still be covertly tracking you, despite what Apple says
https://arstechnica.com/information-technology/2022/04/a-year-after-apple-enforces-app-tracking-policy-covert-ios-tracking-remains/
https://arxiv.org/pdf/2204.03556.pdf
-
Emotet botnet switches to 64-bit modules, increases activity
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/
-
New BotenaGo Variant Discovered by Nozomi Networks Labs
https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/
https://www.virustotal.com/gui/file/fdbd955959a8f42450af5ac2bf93efba180f4cbae64dd4dd852f65c2e2057f56?nocache=1
-
Social Networks Most Likely to be Imitated by Criminal Groups, with LinkedIn Now Accounting for Half of all Phishing Attempts Worldwide
https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/
-
Warez users fell for Certishell
https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/
-
Pwn2Own Miami 2022 Results
https://www.zerodayinitiative.com/blog/2022/4/14/pwn2own-miami-2022-results
-
When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
-
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/
https://wiscprivacy.com/papers/vca_mute.pdf
I think people need to start looking at internet of things tools, smart TVs, devices, etc. that use voice commands. As they are awaiting (read listening) for your commands.
Real-time voice concealment algorithm blocks microphone spying
https://www.bleepingcomputer.com/news/security/real-time-voice-concealment-algorithm-blocks-microphone-spying/
https://www.engineering.columbia.edu/news/block-smartphone-microphone-speech-recognition-spying
https://arxiv.org/pdf/2112.07076.pdf
-
CVE-2022-21449: Psychic Signatures in Java
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
-
Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine
-
Russia’s War in Ukraine Has Complicated the Means Through Which Cybercriminals Launder Funds. Here’s How They’re Adapting
https://www.flashpoint-intel.com/blog/russias-ukraine-war-is-complicating-cybercriminal-money-laundering/
-
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/
-
Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before
https://www.mandiant.com/resources/zero-days-exploited-2021
-
LemonDuck Targets Docker for Cryptomining Operations
https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/
-
Quantum Ransomware
https://thedfirreport.com/2022/04/25/quantum-ransomware/
-
Prynt Stealer Spotted In the Wild
https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/
-
Browser-in-the-browser attack: a new phishing technique
https://www.kaspersky.com/blog/browser-in-the-browser-attack/44163/
-
Emotet malware now installs via PowerShell in Windows shortcut files
https://www.bleepingcomputer.com/news/security/emotet-malware-now-installs-via-powershell-in-windows-shortcut-files/
-
How Emotet flooded Japanese inboxes
https://blog.avast.com/emotet-botnet-japan
-
Remote Code Execution via VirusTotal Platform
https://www.cysrc.com/blog/virus-total-blog/
-
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
-
EmoCheck now detects new 64-bit versions of Emotet malware
https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/
-
New Black Basta ransomware springs into action with a dozen breaches
https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/
-
New Core Impact Backdoor Delivered Via VMWare Vulnerability
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
-
Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document
https://www.vice.com/en/article/akvmke/facebook-doesnt-know-what-it-does-with-your-data-or-where-it-goes
-
New Black Basta ransomware springs into action with a dozen breaches
https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/ (https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/)
Breaking Security News Flash - Black Basta -Ransomware Gang
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/30/14/22/c3fv23VYCty/preview.jpg)
https://youtu.be/omRohBCJePM
New or maybe just re-branded. They steal and encrypt your data.
If you don't pay, they leak your data.
See BleepingComputer for the full story. https://bit.ly/3s3ZIvP
-
The hybrid war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
https://aka.ms/ukrainespecialreport
-
The ink-stained trail of GOLDBACKDOOR
https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf
-
Alert (AA22-117A) - 2021 Top Routinely Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/alerts/aa22-117a
-
REvil ransomware returns: New malware sample confirms gang is back
https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/
-
REvil ransomware returns: New malware sample confirms gang is back
https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/ (https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/)
You can't keep a good man down.... (OOPS)
-
RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign
https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/
https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf
-
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
-
This isn't Optimus Prime's Bumblebee but it's Still Transforming
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
-
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
https://blog.aquasec.com/npm-package-planting
-
Facing reality? Law enforcement and the challenge of deepfakes
https://www.europol.europa.eu/publications-events/publications/facing-reality-law-enforcement-and-challenge-of-deepfakes
https://www.europol.europa.eu/cms/sites/default/files/documents/Europol_Innovation_Lab_Facing_Reality_Law_Enforcement_And_The_Challenge_Of_Deepfakes.pdf
-
Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
-
India Orders VPN Companies to Collect and Hand Over User Data
https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data/
-
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
-
Conti, REvil, LockBit ransomware bugs exploited to block encryption
https://www.bleepingcomputer.com/news/security/conti-revil-lockbit-ransomware-bugs-exploited-to-block-encryption/
-
Avast Q1/2022 Threat Report
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/
-
Augury - Using Data Memory-Dependent Prefetchers to Leak Data at Rest
https://www.prefetchers.info/
https://www.prefetchers.info/augury.pdf
-
Avast Q1/2022 Threat Report
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/ (https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/)
Thanks for sharing.
-
Update on cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/
-
UNC3524: Eye Spy on Your Email
https://www.mandiant.com/resources/unc3524-eye-spy-email
-
The Hermit Kingdom’s Ransomware play
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html
-
Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
-
India Orders VPN Companies to Collect and Hand Over User Data
https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data/
VPN Providers Threaten to Quit India Over New Data Law
https://www.wired.com/story/india-vpn-data-law/
-
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
https://www.cybereason.com/blog/operation-cuckoobees-cybereason-uncovers-massive-chinese-intellectual-property-theft-operation
-
TLStorm 2 – NanoSSL TLS library misuse leads to vulnerabilities in common switches
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
-
How your location is being tracked — and what to do about it
https://blog.avast.com/en/secure-browser/how-your-location-is-being-tracked-and-what-to-do-about-it
-
Raspberry Robin gets the worm early
https://redcanary.com/blog/raspberry-robin/
-
Which phishing scams are trending in 2022?
https://blog.avast.com/trending-phishing-scams-2022
-
The May 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/5/10/the-may-2022-security-update-review
-
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
https://www.trendmicro.com/en_us/research/22/e/netdooka-framework-distributed-via-privateloader-ppi.html
-
Mobile subscription Trojans and their little tricks
https://securelist.com/mobile-subscription-trojans-and-their-tricks/106412/
-
UK govt releases free tool to check for email cybersecurity risks
https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/
-
UK govt releases free tool to check for email cybersecurity risks
https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/ (https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/)
This is restricted to Business in the UK.
-
Bitter APT adds Bangladesh to their targets
https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html
-
Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques
https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques
-
New IceApple exploit toolset deployed on Microsoft Exchange servers
https://www.bleepingcomputer.com/news/security/new-iceapple-exploit-toolset-deployed-on-microsoft-exchange-servers/
https://www.crowdstrike.com/resources/white-papers/falcon-overwatch-proactive-threat-hunting-unearths-iceapple-post-exploitation-framework/
-
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html
Avast responded to our notification with this statement:
"We can confirm the vulnerability in an old version of our driver aswArPot.sys, which we fixed in our Avast 21.5 released in June 2021. We also worked closely with Microsoft, so they released a block in the Windows operating system (10 and 11), so the old version of the Avast driver can't be loaded to memory.
The below example shows that the blocking works (output from the "sc start" command):
(SC) StartService FAILED 1275:
This driver has been blocked from loading
The update from Microsoft for the Windows operating system was published in February as an optional update, and in Microsoft's security release in April, so fully updated machines running Windows 10 and 11 are not vulnerable to this kind of attack.
All consumer and business antivirus versions of Avast and AVG detect and block this AvosLocker ransomware variant, so our users are protected from this attack vector.
For users of third-party antivirus software, to stay protected against this vulnerability, we recommend users to update their Windows operating system with the latest security updates, and to use a fully updated antivirus program."
-
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html (https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html)
Avast responded to our notification with this statement:
"We can confirm the vulnerability in an old version of our driver aswArPot.sys, which we fixed in our Avast 21.5 released in June 2021. We also worked closely with Microsoft, so they released a block in the Windows operating system (10 and 11), so the old version of the Avast driver can't be loaded to memory.
The below example shows that the blocking works (output from the "sc start" command):
(SC) StartService FAILED 1275:
This driver has been blocked from loading
The update from Microsoft for the Windows operating system was published in February as an optional update, and in Microsoft's security release in April, so fully updated machines running Windows 10 and 11 are not vulnerable to this kind of attack.
All consumer and business antivirus versions of Avast and AVG detect and block this AvosLocker ransomware variant, so our users are protected from this attack vector.
For users of third-party antivirus software, to stay protected against this vulnerability, we recommend users to update their Windows operating system with the latest security updates, and to use a fully updated antivirus program."
Anyone running Antivirus that by now would be almost 1 year out of date,
isn't really interested in protection.
I don't see the sense in publishing an article about a vulnerability that was fixed 11 month's ago?
-
A new secret stash for “fileless” malware
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
-
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits
https://www.bleepingcomputer.com/news/security/microsoft-sysrv-botnet-targets-windows-linux-servers-with-new-exploits/
-
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits
https://www.bleepingcomputer.com/news/security/microsoft-sysrv-botnet-targets-windows-linux-servers-with-new-exploits/ (https://www.bleepingcomputer.com/news/security/microsoft-sysrv-botnet-targets-windows-linux-servers-with-new-exploits/)
If your system is up to date, this isn't anything to worry about. These exploits have all be addressed but,
your system needs to be kept up to date.
-
Please Confirm You Received Our APT
https://www.fortinet.com/blog/threat-research/please-confirm-you-received-our-apt
-
Please Confirm You Received Our APT
https://www.fortinet.com/blog/threat-research/please-confirm-you-received-our-apt
For me the email subject, would have me suspicious right from the start.
I confirm nothing, and the Subject having Fw: (forward) in the subject would also have alarm bells ringing. Lets say someone did seek confirmation of receipt the email would hardly have been forwarded. Little things like this should have people suspicious and on their guard.
I also use MailWasherPRO as my first level of check, I don't download email directly. This marks obvious spam and it doesn't download all of the email just a small part (user configurable) and you can set it to be viewed in plain text. This allows you to look at it and the email and headers without triggering any html content (web-beacons/images/tracking, etc.).
The program does flag obvious spam, using various sources and allows you to change/mark emails as spam/clean. Emails marked as Spam are deleted from the email server, for the remainder it calls your email program and the ones you wanted/flagged as good can be downloaded.
-
Researchers find 134 flaws in the way Word, PDFs, handle scripts
https://www.theregister.com/2022/05/13/cooperative_mutation_flaw_finder/
https://huhong789.github.io/papers/xu:cooper.pdf
-
BPFDoor — an active Chinese global surveillance tool
https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
-
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/
-
HTML attachments in phishing e-mails
https://securelist.com/html-attachments-in-phishing-e-mails/106481/
-
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
https://homes.esat.kuleuven.be/~asenol/leaky-forms/leaky-forms-usenix-sec22.pdf
-
Alert (AA22-137A) - Weak Security Controls and Practices Routinely Exploited for Initial Access
https://www.cisa.gov/uscert/ncas/alerts/aa22-137a
-
Do you want 30 BTC? Nothing is easier (or cheaper) in this phishing campaign...
https://isc.sans.edu/forums/diary/Do+you+want+30+BTC+Nothing+is+easier+or+cheaper+in+this+phishing+campaign/28662/
-
Conti ransomware shuts down operation, rebrands into smaller units
https://www.bleepingcomputer.com/news/security/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units/
-
Foreign Antivirus Software Banned In Russia
Source: https://www.heise.de/news/Putin-Mehr-Cyberattacken-gegen-Russland-beklagt-7102261.html
Excerpt from German article translated with www.DeepL.com/Translator (free version)
Due to a persistent threat situation, Putin ordered to implement a new security strategy in the IT sector by 2025. He said that in order to digitize the economy, the risks associated with the use of foreign software and technology must be reduced to a minimum. The use of foreign antivirus programs would be banned from 2025, the Russian president said.
The latter can be understood as a reaction to the banning of Kaspersky's Russian antivirus software in Western countries. In Germany, the Federal Office for Information Security (BSI) had warned against Kaspersky antivirus software because there was no longer any confidence in its reliability in light of the war against Ukraine. German companies should replace the software with alternative products, the BSI advised.
Kaspersky criticized the warning as politically motivated and not based on technical concerns. A legal appeal filed by Kaspersky against the warning recently finally failed in court. In the USA, the FCC classified Kaspersky Antivirus as a risk to national security.
-
Is there an AV product that will protect us from Politics?
-
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
-
Pwn2Own Vancouver 2022 - The Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results
-
Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped)
https://asec.ahnlab.com/en/34461/
-
Ransomware gangs rely more on weaponizing vulnerabilities
https://www.bleepingcomputer.com/news/security/ransomware-gangs-rely-more-on-weaponizing-vulnerabilities/
-
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html
-
Russian hackers perform reconnaissance against Austria, Estonia
https://www.bleepingcomputer.com/news/security/russian-hackers-perform-reconnaissance-against-austria-estonia/
https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/
-
Why You Should Stop Using Nulled WordPress Plugins and Themes
https://kinsta.com/blog/nulled-wordpress-plugins-themes/
-
New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
-
New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux (https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux)
The good news is that both Avast and AVG detect this and protect us from this infection.
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/25/12/52/c3hTlsVrJ5j/preview.jpg)
-
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/
-
Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon
-
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/ (https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/)
FTC fines Twitter $150M for using 2FA info
for targeted advertising
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/26/12/02/c3hOlnVr79w/preview.jpg)
https://youtu.be/1bQVsUtFcb8 (https://youtu.be/1bQVsUtFcb8)
Twitter asked over 140 million users for this information to protect their accounts starting in 2013, but it failed to inform them that the data would also be used to allow advertisers to target them with ads. Read the whole story at BleepingComputer.
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/
-
Microsoft research reveals the changing face of skimming
https://blog.avast.com/microsoft-research-skimming
https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/
-
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/
For this gross breach of trust - using what is meant to be a security function to trach a user - even worse when it is also a "direct violation of the FTC Act." I think $150m is a let off, I just wonder if the EU could/would also fine them as well.
I have never trusted social networking from day one and wouldn't trust them as far as I can throw them, hard when it isn't a physical thing. I still haven't signed up to any social networking services.
-
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/ (https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/)
For this gross breach of trust - using what is meant to be a security function to trach a user - even worse when it is also a "direct violation of the FTC Act." I think $150m is a let off, I just wonder if the EU could/would also fine them as well.
I have never trusted social networking from day one and wouldn't trust them as far as I can throw them, hard when it isn't a physical thing. I still haven't signed up to any social networking services.
They are a tool and for our (Meadow Lake Parks Area Assn.) non-profit, it's a way to communicate with our members and keep them updated with our ongoing activities. Trust is a totally different thing.
-
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/ (https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/)
For this gross breach of trust - using what is meant to be a security function to trach a user - even worse when it is also a "direct violation of the FTC Act." I think $150m is a let off, I just wonder if the EU could/would also fine them as well.
I have never trusted social networking from day one and wouldn't trust them as far as I can throw them, hard when it isn't a physical thing. I still haven't signed up to any social networking services.
They are a tool and for our (Meadow Lake Parks Area Assn.) non-profit, it's a way to communicate with our members and keep them updated with our ongoing activities. Trust is a totally different thing.
My concerns are with the big players in social networking (not local not for profit organisations) as the drive for making money seems to override everything else.
-
PDF Malware Is Not Yet Dead
https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/
-
The New RansomHouse on The Block
https://cyberint.com/blog/research/ransomhouse/
-
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables
https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk
-
Android apps with millions of downloads exposed to high-severity vulnerabilities
https://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
-
Unknown APT group has targeted Russia repeatedly since Ukraine invasion
https://blog.malwarebytes.com/malwarebytes-news/2022/05/unknown-apt-group-has-targeted-russia-repeatedly-since-ukraine-invasion/
-
New Research Paper: Pre-hijacking Attacks on Web User Accounts
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
https://arxiv.org/abs/2205.10174
-
ERMAC Back In Action - Latest Version of Android Banking Trojan Targets over 400 Applications
https://blog.cyble.com/2022/05/25/ermac-back-in-action/
-
Key takeaways from Verizon's 2022 data breach report
https://blog.avast.com/verizon-2022-data-breach-report
-
Clop ransomware gang is back, hits 21 victims in a single month
https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-is-back-hits-21-victims-in-a-single-month/
-
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
-
New Windows Subsystem for Linux malware steals browser auth cookies
https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e (https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e)
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/ (https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/)
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug (https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug)
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ (https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/)
Defender has been updated to protect against this vulnerability. Has Avast done the same?
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e (https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e)
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/ (https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/)
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug (https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug)
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ (https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/)
Defender has been updated to protect against this vulnerability. Has Avast done the same?
Hi Bob, yes: https://www.virustotal.com/gui/file/4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784?nocache=1
-
Thanks Asyn, I should have thought of that. (Old age?)
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
-
Mobile trojan detections rise as malware distribution level declines
https://www.bleepingcomputer.com/news/security/mobile-trojan-detections-rise-as-malware-distribution-level-declines/
-
Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun
https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
Outbreak of Follina in Australia
https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/
-
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
-
Over 3.6 million exposed MySQL servers on IPv4 and IPv6
https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/
-
FluBot Android malware operation shutdown by law enforcement
https://www.bleepingcomputer.com/news/security/flubot-android-malware-operation-shutdown-by-law-enforcement/
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones
-
ChromeLoader: a pushy malvertiser
https://redcanary.com/blog/chromeloader/
-
Ransomware attacks need less than four days to encrypt systems
https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/
-
Runescape phish claims your email has been changed
https://blog.malwarebytes.com/scams/2022/05/runescape-phish-claims-your-email-has-been-changed/
-
Chinese LuoYu hackers deploy cyber-espionage malware via app updates
https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/
-
XLoader Botnet: Find Me If You Can
https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/
-
Microsoft disrupts Bohrium hackers’ spear-phishing operation
https://www.bleepingcomputer.com/news/security/microsoft-disrupts-bohrium-hackers-spear-phishing-operation/
-
SideWinder.AntiBot.Script
https://blog.group-ib.com/sidewinder-antibot
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
Outbreak of Follina in Australia
https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/
Windows zero-day exploited in US local govt phishing attacks
https://www.bleepingcomputer.com/news/security/windows-zero-day-exploited-in-us-local-govt-phishing-attacks/
-
Tales From the Honeypot: WatchDog Evolves With a New Multi-Stage Cryptojacking Attack
https://www.cadosecurity.com/tales-from-the-honeypot-watchdog-evolves-with-a-new-multi-stage-cryptojacking-attack/
-
Apple blocked 1.6 millions apps from defrauding users in 2021
https://www.bleepingcomputer.com/news/security/apple-blocked-16-millions-apps-from-defrauding-users-in-2021/
https://www.apple.com/newsroom/2022/06/app-store-stopped-nearly-one-point-five-billion-in-fraudulent-transactions-in-2021/
-
Crypto stealing campaign spread via fake cracked software
https://blog.avast.com/fakecrack-campaign
-
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions
-
Decrypted: TaRRaK Ransomware
https://decoded.avast.io/threatresearch/decrypted-tarrak-ransomware/
-
Evasive phishing mixes reverse tunnels and URL shortening services
https://www.bleepingcomputer.com/news/security/evasive-phishing-mixes-reverse-tunnels-and-url-shortening-services/
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
-
Horde Webmail - Remote Code Execution via Email
https://blog.sonarsource.com/horde-webmail-rce-via-email/
-
Shining the Light on Black Basta
https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/
-
Ransomware gangs now give victims time to save their reputation
https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-give-victims-time-to-save-their-reputation/
-
SVCReady: A New Loader Gets Ready
https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/
-
Ransomware gangs now give victims time to save their reputation
https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-give-victims-time-to-save-their-reputation/
Why they make this seem like an altruistic action saving their reputation (doing them a favour), when it is just another money grubbing action so they have a better chance of getting paid!
-
Hacking Some More Secure USB Flash Drives (Part I)
https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
-
Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
-
Phishing tactics: how a threat actor stole 1M credentials in 4 months
https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
-
Roblox Game Pass store used to sell ransomware decryptor
https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/
-
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
https://www.trendmicro.com/en_us/research/22/f/cuba-ransomware-group-s-new-variant-found-using-optimized-infect.html
-
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat
https://www.intezer.com/blog/research/new-linux-threat-symbiote/
-
Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/
-
PACMAN - Attacking ARM Pointer Authentication with Speculative Execution
https://pacmanattack.com/
https://pacmanattack.com/paper.pdf
-
Linux Threat Hunting – ‘Syslogk’ – a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
-
Lyceum .NET DNS Backdoor
https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor
-
Crypto-Miners Leveraging Atlassian Zero-Day Vulnerability
https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
-
WiFi probing exposes smartphone users to tracking, info leaks
https://www.bleepingcomputer.com/news/security/wifi-probing-exposes-smartphone-users-to-tracking-info-leaks/
https://arxiv.org/pdf/2206.03745.pdf
-
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
Outbreak of Follina in Australia
https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/
Windows zero-day exploited in US local govt phishing attacks
https://www.bleepingcomputer.com/news/security/windows-zero-day-exploited-in-us-local-govt-phishing-attacks/
Microsoft patches actively exploited Follina Windows zero-day
https://www.bleepingcomputer.com/news/security/microsoft-patches-actively-exploited-follina-windows-zero-day/
-
The June 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/6/14/the-june-2022-security-update-review
-
Exposing HelloXD Ransomware and x4k
https://unit42.paloaltonetworks.com/helloxd-ransomware/
-
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html
https://jacobsschool.ucsd.edu/news/release/3461
https://cseweb.ucsd.edu/~schulman/docs/oakland22-bletracking.pdf
-
GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
https://unit42.paloaltonetworks.com/pingpull-gallium/
-
How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase
https://blog.confiant.com/how-seaflower-%E8%97%8F%E6%B5%B7%E8%8A%B1-installs-backdoors-in-ios-android-web3-wallets-to-steal-your-seed-phrase-d25f0ccdffce
-
Microsoft’s Vulnerability Practices Put Customers At Risk
https://www.linkedin.com/pulse/microsofts-vulnerability-practices-put-customers-risk-amit-yoran/
-
Hertzbleed Attack
https://www.hertzbleed.com/
https://www.hertzbleed.com/hertzbleed.pdf
-
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike
https://www.bleepingcomputer.com/news/security/hackers-exploit-three-year-old-telerik-flaws-to-deploy-cobalt-strike/
-
The many lives of BlackCat ransomware
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
-
Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams
https://www.interpol.int/News-and-Events/News/2022/Hundreds-arrested-and-millions-seized-in-global-INTERPOL-operation-against-social-engineering-scams
-
Microsoft Office 365 feature can help cloud ransomware attacks
https://www.bleepingcomputer.com/news/security/microsoft-office-365-feature-can-help-cloud-ransomware-attacks/
-
Russian disinformation spreading across the globe
https://blog.avast.com/russia-ukraine-disinformation
-
Russian disinformation spreading across the globe
https://blog.avast.com/russia-ukraine-disinformation
Interesting read.
-
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
-
Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”
https://www.akamai.com/blog/security/new-p2p-botnet-panchan
-
Russian RSocks botnet disrupted after hacking millions of devices
https://www.bleepingcomputer.com/news/security/russian-rsocks-botnet-disrupted-after-hacking-millions-of-devices/
https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation
-
F5 Labs Investigates MaliBot
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
-
Do free countries have more digital wellbeing?
https://blog.avast.com/digital-wellbeing-report
-
Google Chrome extensions can be fingerprinted to track you online
https://www.bleepingcomputer.com/news/security/google-chrome-extensions-can-be-fingerprinted-to-track-you-online/
-
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
-
New DFSCoerce NTLM Relay attack allows Windows domain takeover
https://www.bleepingcomputer.com/news/microsoft/new-dfscoerce-ntlm-relay-attack-allows-windows-domain-takeover/
-
BRATA is evolving into an Advanced Persistent Threat
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat
-
NSA shares tips on securing Windows devices with PowerShell
https://www.bleepingcomputer.com/news/security/nsa-shares-tips-on-securing-windows-devices-with-powershell/
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
-
Russian RSocks botnet disrupted after hacking millions of devices
https://www.bleepingcomputer.com/news/security/russian-rsocks-botnet-disrupted-after-hacking-millions-of-devices/
https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation
RSocks criminal botnet taken down
https://blog.avast.com/rsocks-criminal-botnet
-
Does Acrobat Reader Unload Injection of Security Products?
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products
Avast Dev-Info: Definitely not blocking scanning, they are blocking only some user-mode hooking by preventing injection of aswHook.dll. Only behavior shield depends on this functionality and only marginally.
-
APT ToddyCat
https://securelist.com/toddycat/106799/
-
Defending Ukraine: Early Lessons from the Cyber War
https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
-
Spyware vendor targets users in Italy and Kazakhstan
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
-
MEGA: Malleable Encryption Goes Awry
https://mega-awry.io/
https://mega-awry.io/pdf/mega-malleable-encryption-goes-awry.pdf
-
Hacking into the worldwide Jacuzzi SmartTub network
https://eaton-works.com/2022/06/20/hacking-into-the-worldwide-jacuzzi-smarttub-network/
-
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
-
Dark Web Price Index 2022
https://www.privacyaffairs.com/dark-web-price-index-2022/
-
Hacking Some More Secure USB Flash Drives (Part II)
https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/
-
The Call Is Coming from Inside the House: CrowdStrike Identifies Novel Exploit in VOIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
-
Python packages upload your AWS keys, env vars, secrets to the web
https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
-
Malware-as-a-service is spreading among teens
https://blog.avast.com/discord-minors-ransomware
-
Malware-as-a-service is spreading among teens
https://blog.avast.com/discord-minors-ransomware (https://blog.avast.com/discord-minors-ransomware)
Malware-as-a-service is spreading among teens
(https://i.imgur.com/wrotHWZm.jpg) (https://i.imgur.com/wrotHWZ.png)
https://youtu.be/k4Ds2nVcqZs
As the Avast team spent more time in the community, observing their behavior and vocabulary,
they realized something surprising: most of the members were minors between the ages of 11 and 16.
To read more on this topic please see the full article by Emma McGowan at the link listed: https://bit.ly/3A9cEFD (https://bit.ly/3A9cEFD)
If you have children or grandchildren, please keep an eye on their online activity and always
guide them in the right direction.
-
LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
https://asec.ahnlab.com/en/35822/
-
Clever phishing method bypasses MFA using Microsoft WebView2 apps
https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/
-
Attacks on industrial control systems using ShadowPad
https://ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/
https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Attacks-on-industrial-control-systems-using-ShadowPad-En.pdf
-
Exposed Kubernetes clusters
https://blog.cyble.com/2022/06/27/exposed-kubernetes-clusters/
-
Malware-as-a-service is spreading among teens
https://blog.avast.com/discord-minors-ransomware (https://blog.avast.com/discord-minors-ransomware)
Malware-as-a-service is spreading among teens
https://youtu.be/k4Ds2nVcqZs
As the Avast team spent more time in the community, observing their behavior and vocabulary,
they realized something surprising: most of the members were minors between the ages of 11 and 16.
To read more on this topic please see the full article by Emma McGowan at the link listed: https://bit.ly/3A9cEFD (https://bit.ly/3A9cEFD)
If you have children or grandchildren, please keep an eye on their online activity and always
guide them in the right direction.
Minors Use Discord Servers to Earn Extra Pocket Money Through Spreading Malware
https://press.avast.com/minors-use-discord-servers-to-earn-extra-pocket-money-through-spreading-malware
-
Revive: from spyware to Android banking trojan
https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
-
MITRE shares this year's list of most dangerous software bugs
https://www.bleepingcomputer.com/news/security/mitre-shares-this-years-list-of-most-dangerous-software-bugs/
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
-
Return of the Evilnum APT with updated TTPs and new targets
https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets
-
ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
-
New ‘Lightning Framework’ Linux malware installs rootkits, backdoors
https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/ (https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/)