Avast WEBforum

Other => General Topics => Topic started by: Asyn on November 16, 2010, 02:46:28 PM

Title: Technical
Post by: Asyn on November 16, 2010, 02:46:28 PM
Kaminsky To Release 'Phreebird' For Easy DNSSEC
http://ba.darkreading.com/authentication/167901072/security/application-security/228200646/index.html
Title: Re: Technical
Post by: Asyn on November 19, 2010, 09:43:37 PM
Stuxnet has a double payload
http://www.h-online.com/security/news/item/Stuxnet-has-a-double-payload-1137521.html
Title: Re: Technical
Post by: Asyn on November 19, 2010, 10:03:31 PM
GPUs crack passwords in the cloud
http://stacksmashing.net/2010/11/15/cracking-in-the-cloud-amazons-new-ec2-gpu-instances/
Title: Re: Technical
Post by: Asyn on November 20, 2010, 05:24:27 PM
Super-secret debug capabilities of AMD processors
http://www.woodmann.com/collaborative/knowledge/index.php/Super-secret_debug_capabilities_of_AMD_processors_! (http://www.woodmann.com/collaborative/knowledge/index.php/Super-secret_debug_capabilities_of_AMD_processors_!)
http://www.eweekeurope.co.uk/news/amd-denies-cpu-debugger-was-a-secret-13759
Title: Re: Technical
Post by: Asyn on November 21, 2010, 01:15:12 PM
McAfee Threats Report - Third Quarter 2010
http://www.mcafee.com/us/local_content/reports/q32010_threats_report_en.pdf
Title: Re: Technical
Post by: Asyn on November 24, 2010, 04:50:28 PM
The enemy in the network card
http://esec-lab.sogeti.com/dotclear/index.php?post%2F2010%2F11%2F21%2FPresentation-at-Hack.lu-%3A-Reversing-the-Broacom-NetExtreme-s-firmware
Title: Re: Technical
Post by: Asyn on November 25, 2010, 03:02:05 PM
Slow CPU equals malware defense...?
http://www.f-secure.com/weblog/archives/00002067.html
Title: Re: Technical
Post by: Asyn on November 25, 2010, 10:45:02 PM
European ATM skimmer attacks on the rise
http://krebsonsecurity.com/2010/11/crooks-rock-audio-based-atm-skimmers/
Title: Re: Technical
Post by: Asyn on November 27, 2010, 09:10:57 AM
Secure Java programming with Fabric
http://www.cs.cornell.edu/projects/fabric/
http://www.cs.cornell.edu/andru/papers/fabric-sosp09.pdf
http://www.news.cornell.edu/stories/Sept10/Fabric.html
Title: Re: Technical
Post by: Asyn on December 03, 2010, 07:54:10 AM
Chrome to run Flash Player in a sandbox
http://blog.chromium.org/2010/12/rolling-out-sandbox-for-adobe-flash.html
Title: Re: Technical
Post by: Asyn on December 04, 2010, 04:08:49 PM
Escaping IE Protected Mode
http://www.verizonbusiness.com/resources/whitepapers/wp_escapingmicrosoftprotectedmodeinternetexplorer_en_xg.pdf
Title: Re: Technical
Post by: Asyn on December 05, 2010, 09:07:57 PM
An Empirical Study of Privacy-Violating Information Flows in JavaScript Web Applications
http://cseweb.ucsd.edu/~d1jang/papers/ccs10.pdf
Title: Re: Technical
Post by: Asyn on December 08, 2010, 02:47:17 PM
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx
Title: Re: Technical
Post by: disPlay on December 08, 2010, 04:33:03 PM
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx


Pretty interesting information.

Thanks Asyn.
Title: Re: Technical
Post by: Asyn on December 09, 2010, 12:56:29 PM
Support for WebSockets in Firefox 4 disabled (for now)
http://www.0xdeadbeef.com/weblog/2010/12/disabling-websockets-for-firefox-4/
https://bugzilla.mozilla.org/show_bug.cgi?id=616733
http://www.ietf.org/mail-archive/web/hybi/current/msg04744.html
Title: Re: Technical
Post by: bob3160 on December 09, 2010, 10:22:20 PM
Asyn,
What's the difference between what you're posting in here and what's being posted in the
Security Warnings threat ???
http://forum.avast.com/index.php?topic=52252.0 (http://forum.avast.com/index.php?topic=52252.0)
Title: Re: Technical
Post by: Asyn on December 10, 2010, 08:17:21 AM
Asyn,
What's the difference between what you're posting in here and what's being posted in the
Security Warnings threat ???

Hi Bob..!
Well, the difference is that I don't post any security warnings here.
Have a nice day,
asyn
Title: Re: Technical
Post by: Asyn on December 11, 2010, 08:55:40 AM
NIST's search for the super hash – just five candidates left in SHA-3 final
http://www.h-online.com/security/news/item/NIST-s-search-for-the-super-hash-just-five-candidates-left-in-SHA-3-final-1151325.html
Title: Re: Technical
Post by: Asyn on December 12, 2010, 08:16:25 PM
Operation Payback: protests via mouse click
http://www.h-online.com/security/news/item/Operation-Payback-protests-via-mouse-click-1150790.html
Title: Re: Technical
Post by: Asyn on December 16, 2010, 08:47:53 AM
Brief Analysis of the Gawker Password Dump
http://www.duosecurity.com/blog/entry/brief_analysis_of_the_gawker_password_dump
Title: Re: Technical
Post by: Asyn on December 16, 2010, 11:36:03 PM
HeapLocker tool for Windows blocks injected code
http://blog.didierstevens.com/2010/12/06/heaplocker/
http://blog.didierstevens.com/2010/12/14/heaplocker-private-memory-usage-monitoring/
Title: Re: Technical
Post by: Asyn on December 18, 2010, 09:51:02 AM
FBI back door in IPSec implementation of OpenBSD..??
http://www.h-online.com/open/news/item/FBI-back-door-in-IPSec-implementation-of-OpenBSD-1153297.html
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

Update: Audits give no indication of back doors
http://www.h-online.com/security/news/item/OpenBSD-audits-give-no-indication-of-back-doors-1158604.html
http://marc.info/?l=openbsd-tech&m=129296046123471&w=2
Title: Re: Technical
Post by: Asyn on December 27, 2010, 05:31:51 PM
Merry Hacksmas
http://www.h-online.com/security/news/item/Merry-Hacksmas-1159312.html
Title: Re: Technical
Post by: Asyn on December 31, 2010, 04:45:52 PM
27C3: danger lurks in PDF documents
http://www.h-online.com/security/news/item/27C3-danger-lurks-in-PDF-documents-1162166.html
Title: Re: Technical
Post by: CharleyO on January 01, 2011, 09:56:38 AM
***

SSDs Gaining Ground In Storage, Servers, Laptops

"Solid state drives and Flash memory modules offer multiple-times the performance of traditional spinning hard drives."

http://www.crn.com/news/storage/228800876/ssds-gaining-ground-in-storage-servers-laptops.htm


***
Title: Re: Technical
Post by: Asyn on January 05, 2011, 10:05:26 AM
Security tool uncovers multiple bugs in every browser
http://lcamtuf.blogspot.com/2011/01/announcing-crossfuzz-potential-0-day-in.html
http://en.wikipedia.org/wiki/Fuzz_testing
Title: Re: Technical
Post by: Asyn on January 06, 2011, 08:29:29 PM
Bypassing Flash’s local-with-filesystem Sandbox
http://xs-sniper.com/blog/2011/01/04/bypassing-flash%E2%80%99s-local-with-filesystem-sandbox/
Title: Re: Technical
Post by: Asyn on January 07, 2011, 11:18:23 PM
Proof of ownership for IP addresses
http://www.h-online.com/security/news/item/Proof-of-ownership-for-IP-addresses-1164707.html
Title: Re: Technical
Post by: Asyn on January 08, 2011, 07:42:19 PM
Linux capabilities don't add security
http://forums.grsecurity.net/viewtopic.php?f=7&t=2522
Wiki: https://secure.wikimedia.org/wikipedia/en/wiki/Capability-based_security
Discussion: http://lwn.net/Articles/421671/
Exploit: http://lists.grok.org.uk/pipermail/full-disclosure/2011-January/078350.html
Title: Re: Technical
Post by: Asyn on January 11, 2011, 10:01:56 AM
Email authentication comes to Google Apps customers
http://googleenterprise.blogspot.com/2011/01/spam-takes-another-hit-email.html
Title: Re: Technical
Post by: bob3160 on January 11, 2011, 01:58:03 PM
Email authentication comes to Google Apps customers
http://googleenterprise.blogspot.com/2011/01/spam-takes-another-hit-email.html

Can you explain how this will effect the average computer user ???
Title: Re: Technical
Post by: Asyn on January 11, 2011, 02:15:47 PM
Email authentication comes to Google Apps customers
http://googleenterprise.blogspot.com/2011/01/spam-takes-another-hit-email.html

Can you explain how this will effect the average computer user ???

This doesn't affect most of the average (private) computer users..!!
Only interesting for those who use Google Apps... ;)
http://www.google.com/apps/intl/en/business/index.html
http://www.google.com/support/a/bin/answer.py?answer=174124&&hl=en
asyn
Title: Re: Technical
Post by: Asyn on January 12, 2011, 04:26:33 PM
Waking up the sleeping dragon
http://thesauceofutterpwnage.blogspot.com/2011/01/waking-up-sleeping-dragon.html
http://www.exploit-db.com/exploits/15957/
Title: Re: Technical
Post by: YoKenny on January 12, 2011, 09:24:17 PM
Waking up the sleeping dragon
You are full of happy news. ;)

Maybe you should take a walk outside once in a while ???
 
Title: Re: Technical
Post by: Asyn on January 14, 2011, 11:39:17 AM
Adobe plans to make it easier to delete Flash cookies in web browsers
http://blogs.adobe.com/flashplatform/2011/01/on-improving-privacy-managing-local-storage-in-flash-player.html
Title: Re: Technical
Post by: Asyn on January 14, 2011, 11:16:03 PM
Waking up the sleeping dragon
http://thesauceofutterpwnage.blogspot.com/2011/01/waking-up-sleeping-dragon.html
http://www.exploit-db.com/exploits/15957/

SCADA exploit - the dragon awakes
http://threatpost.com/en_us/blogs/china-cert-we-missed-report-scada-hole-011311
http://thesauceofutterpwnage.blogspot.com/2011/01/wellintech-issues-security-patch-to.html
Title: Re: Technical
Post by: Asyn on January 19, 2011, 01:18:24 PM
Governmental Cloud in the EU - New Agency Report
http://www.enisa.europa.eu/media/press-releases/governmental-cloud-in-the-eu-new-agency-report
http://www.enisa.europa.eu/act/rm/emerging-and-future-risk/deliverables/security-and-resilience-in-governmental-clouds/at_download/fullReport
Title: Re: Technical
Post by: Asyn on January 20, 2011, 09:10:02 AM
Stuxnet not such a masterpiece after all?
http://threatpost.com/en_us/blogs/stuxnet-authors-made-several-basic-errors-011811
http://rdist.root.org/2011/01/17/stuxnet-is-embarrassing-not-amazing/
Title: Re: Technical
Post by: Asyn on January 20, 2011, 11:23:39 AM
New MS Tool: Attack Surface Analyzer!
http://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx
http://go.microsoft.com/?linkid=9758398
Title: Re: Technical
Post by: YoKenny on January 20, 2011, 02:34:35 PM
New MS Tool: Attack Surface Analyzer!
http://blogs.msdn.com/b/sdl/archive/2011/01/17/announcing-attack-surface-analyzer.aspx
http://go.microsoft.com/?linkid=9758398
Key comment
Quote
Supported Operating Systems: Windows 7; Windows Server 2008; Windows Vista
Title: Re: Technical
Post by: Asyn on January 21, 2011, 01:56:53 PM
The New Trend in "Malware Evolution"
http://blog.seculert.com/2011/01/new-trend-in-malware-evolution.html
Title: Re: Technical
Post by: Asyn on January 25, 2011, 02:48:07 PM
"Do not track" - Mozilla advocates new data protection standard
http://firstpersoncookie.wordpress.com/2011/01/23/more-choice-and-control-over-online-tracking/
http://www.open-mike.org/entry/thoughts-on-do-not-track
http://ftc.gov/os/2010/12/101201privacyreport.pdf
Title: Re: Technical
Post by: Asyn on January 25, 2011, 09:50:04 PM
Google releases data protection extension
http://googlepublicpolicy.blogspot.com/2011/01/keep-your-opt-outs.html
https://chrome.google.com/webstore/detail/hhnjdplhmcnkiecampfdgfjilccfpfoe
Title: Re: Technical
Post by: bob3160 on January 25, 2011, 11:55:48 PM
Just so this is understood, It will not stop you from seeing ads.
It simply stops some of the targeted ads.
Title: Re: Technical
Post by: Asyn on January 27, 2011, 01:22:26 PM
Facebook now SSL-encrypted throughout
http://blog.facebook.com/blog.php?post=486790652130
Title: Re: Technical
Post by: Asyn on February 06, 2011, 05:03:56 PM
Hotmail offers disposable alias accounts
http://windowsteamblog.com/windows_live/b/windowslive/archive/2011/02/03/hotmail-delivers-aliases-to-help-you-manage-and-secure-your-email-account.aspx
Title: Re: Technical
Post by: Asyn on February 08, 2011, 02:10:24 AM
Facebook now SSL-encrypted throughout
http://blog.facebook.com/blog.php?post=486790652130

Facebook's crude https workaround
http://www.h-online.com/security/news/item/Facebook-s-crude-https-workaround-1184731.html
Title: Re: Technical
Post by: YoKenny on February 08, 2011, 01:28:33 PM
Safer Internet Day
8 February 2011

http://www.saferinternet.org/web/guest/safer-internet-day
Title: Re: Technical
Post by: Asyn on February 08, 2011, 04:24:11 PM
One in three computer users within the EU had a malware problem in 2010
http://epp.eurostat.ec.europa.eu/cache/ITY_PUBLIC/4-07022011-AP/EN/4-07022011-AP-EN.PDF
Title: Re: Technical
Post by: Asyn on February 10, 2011, 12:21:12 PM
Windows Server 2008 R2 and Windows 7 SP1 Releases to Manufacturing Today
http://blogs.technet.com/b/windowsserver/archive/2011/02/09/windows-server-2008-r2-and-windows-7-sp1-releases-to-manufacturing-today.aspx
Title: Re: Technical
Post by: Asyn on February 10, 2011, 03:40:51 PM
Breaking up the Romance between Malware and Autorun
http://blogs.technet.com/b/mmpc/archive/2011/02/08/breaking-up-the-romance-between-malware-and-autorun.aspx
http://blogs.technet.com/b/msrc/archive/2011/02/08/deeper-insight-into-the-security-advisory-967940-update.aspx
Title: Re: Technical
Post by: osants911 on February 12, 2011, 10:47:04 AM
Google extends 2-step authentication to all users

http://www.h-online.com/security/news/item/Google-extends-2-step-authentication-to-all-users-1188120.html
Title: Re: Technical
Post by: YoKenny on February 12, 2011, 03:07:07 PM
Google extends 2-step authentication to all users

http://www.h-online.com/security/news/item/Google-extends-2-step-authentication-to-all-users-1188120.html
Key comment
Quote
This code is either generated by a smartphone app, or Google sends it to a registered number via an SMS text message. A successful log-in will then require two independent factors: users will need to know their password and have access to the previously registered mobile phone.
Title: Re: Technical
Post by: Asyn on February 14, 2011, 11:26:08 AM
Intel, Symantec and Vasco propagate single-use passwords
http://www.h-online.com/security/news/item/Intel-Symantec-and-Vasco-propagate-single-use-passwords-1189071.html
http://www.vasco.com/company/press_room/news_archive/2011/news_vascos_digipass_technology_to_be_embedded_into_intel_identity_protection_technology_ipt.aspx
http://ipt.intel.com/Libraries/Documents/Intel_IdentityProtect_techbrief_v5.sflb.ashx
Title: Re: Technical
Post by: Asyn on February 15, 2011, 04:52:21 PM
Additional Fixes in Microsoft Security Bulletins [Silent Fixes]
http://blogs.technet.com/b/srd/archive/2011/02/14/additional-fixes-in-microsoft-security-bulletins.aspx
Title: Re: Technical
Post by: Asyn on February 16, 2011, 10:20:55 AM
Oracle releases database firewall
http://www.oracle.com/us/corporate/press/313230?rssid=rss_ocom_pr
White Paper: http://www.oracle.com/us/products/database/bwp-oracle-database-firewall-302484.pdf
Title: Re: Technical
Post by: Asyn on February 17, 2011, 09:47:29 AM
Windows Security Survival Guide
http://social.technet.microsoft.com/wiki/contents/articles/windows-security-survival-guide.aspx
Title: Re: Technical
Post by: Asyn on February 18, 2011, 12:27:08 PM
Advancing the Idea of Collective Action to Improve Internet Security and Privacy
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2011/02/15/advancing-the-idea-of-collective-action-to-improve-internet-security-and-privacy.aspx
Title: Re: Technical
Post by: Asyn on February 25, 2011, 01:53:04 PM
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx

W3C Team Comment on the "Web Tracking Protection" Submission
http://www.w3.org/Submission/2011/01/Comment/
Title: Re: Technical
Post by: Asyn on February 26, 2011, 10:26:38 AM
Thunderbolt: Introducing a new way to hack Macs
http://erratasec.blogspot.com/2011/02/thunderbolt-introducing-new-way-to-hack.html
Title: Re: Technical
Post by: Asyn on March 01, 2011, 01:20:19 PM
Apple invites bug researchers to scrutinize Lion OS
http://www.computerworld.com/s/article/9211599/Apple_invites_bug_researchers_to_scrutinize_Lion_OS
Title: Re: Technical
Post by: Asyn on March 06, 2011, 09:28:42 AM
The Internet Explorer 6 Countdown
http://ie6countdown.com/
Title: Re: Technical
Post by: Asyn on March 10, 2011, 02:59:49 PM
Botnets: Measurement, Detection, Disinfection and Defence
http://www.enisa.europa.eu/act/res/botnets/botnets-measurement-detection-disinfection-and-defence
http://www.enisa.europa.eu/act/res/botnets/botnets-measurement-detection-disinfection-and-defence/at_download/fullReport [PDF document, 3974Kb]
Title: Re: Technical
Post by: Asyn on March 11, 2011, 01:54:06 PM
Pwn2Own 2011: no-one goes after Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-no-one-goes-after-Chrome-1206149.html
Title: Re: Technical
Post by: bob3160 on March 11, 2011, 02:05:52 PM
Pwn2Own 2011: no-one goes after Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-no-one-goes-after-Chrome-1206149.html

I knew there was a reason I liked Chrome. :)
Title: Re: Technical
Post by: Asyn on March 11, 2011, 02:10:25 PM
Pwn2Own 2011: Day 2 - iPhone and Blackberry hacked
http://www.h-online.com/security/news/item/Pwn2Own-2011-Day-2-iPhone-and-Blackberry-hacked-1206254.html

@Bob: It seems we both like good browsers. ;)

Quote
As well as attacks on mobile devices, attacks on Firefox were also on the agenda but the candidates for that competition did not show up, just as no one did on the first day for Chrome.
Title: Re: Technical
Post by: Asyn on March 14, 2011, 01:00:34 PM
Pwn2Own 2011: Google patches hole in Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-Google-patches-hole-in-Chrome-1207231.html
Title: Re: Technical
Post by: bob3160 on March 14, 2011, 01:14:35 PM
Pwn2Own 2011: Google patches hole in Chrome
http://www.h-online.com/security/news/item/Pwn2Own-2011-Google-patches-hole-in-Chrome-1207231.html

Interesting article. I'm not too worried about the so called "security breach" in chrome as I am
in the attitude Apple is taking in it's protection for those that own iPhone 3G's.
They appear to think that if you bury your head in the sand, the security problems will go away.
Deleting posts that bring this attitude to peoples attention are simply deleted with an "against policy"
reason.
Bad move Apple. Poor and uncaring customer relations have been the downfall of many a good company.  :'(
Just my 2 cents.
Title: Re: Technical
Post by: Asyn on March 16, 2011, 03:31:19 PM
Credit Card skimming and PIN harvesting in an EMV world
http://dev.inversepath.com/download/emv/emv_2011.pdf
Title: Re: Technical
Post by: Asyn on March 18, 2011, 09:31:48 PM
Rustock botnet out of action
http://blogs.technet.com/b/microsoft_blog/archive/2011/03/17/taking-down-botnets-microsoft-and-the-rustock-botnet.aspx
http://krebsonsecurity.com/2011/03/rustock-botnet-flatlined-spam-volumes-plummet/
Title: Re: Technical
Post by: Asyn on March 19, 2011, 08:26:38 AM
Revealed: US spy operation that manipulates social media
http://www.guardian.co.uk/technology/2011/mar/17/us-spy-operation-social-networks
Title: Re: Technical
Post by: bob3160 on March 19, 2011, 06:15:45 PM
An I'm supposed to believe the Guardian ??? Why trust them any more the the Government ???  ;D
Title: Re: Technical
Post by: Asyn on March 19, 2011, 06:21:51 PM
Why trust them any more the the Government ???  ;D

What did the government say..??? ;)
http://www.rawstory.com/rs/2011/02/22/exclusive-militarys-persona-software-cost-millions-used-for-classified-social-media-activities/
Title: Re: Technical
Post by: Asyn on March 22, 2011, 11:54:03 AM
Vulnerabilities in some SCADA server softwares
http://www.securityfocus.com/archive/1/517080/30/0/threaded
Title: Re: Technical
Post by: Asyn on March 23, 2011, 12:54:23 PM
Detecting Certificate Authority compromises and web browser collusion
https://blog.torproject.org/blog/detecting-certificate-authority-compromises-and-web-browser-collusion
http://blog.mozilla.com/security/2011/03/22/firefox-blocking-fraudulent-certificates/
Title: Re: Technical
Post by: doktornotor on March 23, 2011, 01:20:27 PM
Quote
This issue was reported to us by the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates.

Oh, what a surprise. We've been discussing this a couple of days ago wrt CIS vendor whitelists, haven't we?  :D

Comodo vs Mozilla 2008 story (http://groups.google.com/group/mozilla.dev.tech.crypto/browse_thread/thread/9c0cc829204487bf#) (also here (https://blog.startcom.org/?p=145)).

Oh, and on a preventive note: How to disable the Comodo reseller root certificate in Firefox (http://benjamin.smedbergs.us/blog/2008-12-24/how-to-disable-the-comodo-root-certificate-in-firefox/). (For IE and Chrome, certmgr.msc MMC snap-in is your friend.  ;))
Title: Re: Technical
Post by: Asyn on March 23, 2011, 01:31:41 PM
Quote
This issue was reported to us by the Comodo Group, Inc., the certificate authority responsible for issuing the fraudulent certificates.

Oh, what a surprise. We've been discussing this a couple of days ago wrt CIS vendor whitelists, haven't we?  :D

Yes, you a right, doc..!! It's really a big surprise. ;D
Title: Re: Technical
Post by: bob3160 on March 23, 2011, 01:56:48 PM
Isn't "Trust" what Comodo sells ???
Title: Re: Technical
Post by: Asyn on March 23, 2011, 02:00:09 PM
Isn't "Trust" what Comodo sells ???

Bad job then. ;D
Title: Re: Technical
Post by: doktornotor on March 23, 2011, 03:38:17 PM
Isn't "Trust" what Comodo sells ???

Let's have some phun: Comodo issues fraudulent certificates (incl. Mozilla) once again (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html) @ Comodo forums. Wondering how long will the thread last.  :P ;D

EDIT: Thread moved to Policy Violations forum after banning me (https://forums.comodo.com/forum-policy-violation-board/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70973.0.html) (Requires registation @ Melih's hunted by Iran government forums ;D)
Title: Re: Technical
Post by: Asyn on March 23, 2011, 03:44:47 PM
Wondering how long will the thread last.  :P ;D

I wonder, too. ;)
You may add this, if you like...

SSL meltdown forces browser developers to update
http://www.h-online.com/security/news/item/SSL-meltdown-forces-browser-developers-to-update-1213358.html
Title: Re: Technical
Post by: doktornotor on March 23, 2011, 03:51:41 PM
SSL meltdown forces browser developers to update
http://www.h-online.com/security/news/item/SSL-meltdown-forces-browser-developers-to-update-1213358.html

Thanks. Couldn't agree more with this:

Quote
The incident is further proof that the entire concept of SSL and of users' trust in the Certificate Authorities are standing on feet of clay. After all, a certificate is also considered trustworthy even if it is issued by a CA reseller based in a country to which users probably wouldn't even go on holiday for security reasons. And the promised technologies don't even work when a compromised certificate is made public. It is time to come up with a new concept – and "EV-SSL" certificates, at least, should not be a part of it.
Title: Re: Technical
Post by: Asyn on March 23, 2011, 03:55:22 PM
NP, doc..!!
Now, let's sit and wait for the replies. ;D 8)
Title: Re: Technical
Post by: doktornotor on March 23, 2011, 06:30:55 PM
NP, doc..!!
Now, let's sit and wait for the replies. ;D 8)

Looks like the Comodo morons also issued a fraudulent certificate for login.live.com (Windows Live ID), not just addons.mozilla.org  ::)

Microsoft Releases Security Advisory 2524375 (http://blogs.technet.com/b/msrc/archive/2011/03/23/microsoft-releases-security-advisory-2524375.aspx)

Quote
Today we're releasing Security Advisory 2524375, to address nine fraudulent digital certificates issued by Comodo Group Inc, a root certificate authority. Comodo has since revoked the digital certificates. This is not a Microsoft security vulnerability; however, one of the certificates potentially affects Windows Live ID users via login.live.com. These certificates may be used to spoof content, perform phishing attacks, or perform man-in-the-middle attacks against end users. We are unaware of any active attacks.

Wow, and login.skype.com, login.yahoo.com and www.google.com and mail.google.com - just excellent.

Already got KB2524375 via Windows Update.
Title: Re: Technical
Post by: doktornotor on March 23, 2011, 08:15:10 PM
Ok, guys, now it's official, no sloppy job or anything, instead - Iran has attacked Melih and Comodo!!!! (http://www.melih.com/2011/03/23/).

Quote
Who is attacking it?
We believe these are “politically motivated”, “state driven/funded” attacks.

Why do we think these are state driven/funded?
Well, one of the origin of the attack that we experienced is from Iran, what is being obtained would enable the perpetrator to intercept web based email/communication and the only way this could be done is if the perpetrator had access to the Country’s DNS infrastructure (and we believe it might be the case here). Of course this is our interpretation of the situation.

First time we are seeing a “state funded” attack against the “Authentication” infrastructure. The Threat Model is changing and Comodo had already initiated a proposal for new standards in 2010 which would help mitigate some of these attacks. We will make sure to double our efforts in getting industry wide acceptance to these much needed standards so that we can continue to defend our security and freedom.

 :o ;D :o ;D :o ;D

P.S. Mozilla Bug 642395 - Deal with bogus certs issued by Comodo partner (https://bugzilla.mozilla.org/show_bug.cgi?id=642395)
Title: Re: Technical
Post by: doktornotor on March 23, 2011, 09:01:12 PM
Let's have some phun: Comodo issues fraudulent certificates (incl. Mozilla) once again (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html) @ Comodo forums. Wondering how long will the thread last.  :P ;D

Did not last long:

Quote
An Error Has Occurred!
Sorry doktornotor, you are banned from using this forum!
Forum Policy Violation

;D :D ;D :D

P.S. Thread moved  here: (requires registration) (https://forums.comodo.com/forum-policy-violation-board/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70973.0.html[/url). Well whatever - here's the sequel for you. Bye bye Comodo. Sincerely yours, Comodo's Hero.  :P

Title: Re: Technical
Post by: YoKenny on March 23, 2011, 09:09:01 PM
Let's have some phun: Comodo issues fraudulent certificates (incl. Mozilla) once again (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html) @ Comodo forums. Wondering how long will the thread last.  :P ;D

Did not last long:

Quote
An Error Has Occurred!
Sorry doktornotor, you are banned from using this forum!
Forum Policy Violation

;D :D ;D :D

P.S. Thread moved  here: (requires registration) (https://forums.comodo.com/forum-policy-violation-board/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70973.0.html[/url). Well whatever - here's the sequel for you. Bye bye Comodo. Sincerely yours, Comodo's Hero.  :P

Comodo's Melih does not like critics.  ;)

Title: Re: Technical
Post by: bob3160 on March 23, 2011, 09:29:29 PM
https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html)
Title: Re: Technical
Post by: doktornotor on March 23, 2011, 09:45:34 PM
https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-google-microsoft-mozilla-skype-yahoo-certificates-t70990.0.html)

Haha... Well, as I said on the original thread - their image cannot be harmed much more no matter how much their censored the forums...

Oh, and remember, Iran government is going after them!  :o
Title: Re: Technical
Post by: Lisandro on March 23, 2011, 10:23:36 PM
I've started the discussion in a neutral field.
http://www.wilderssecurity.com/showthread.php?p=1847026#post1847026
Title: Re: Technical
Post by: Asyn on March 23, 2011, 10:36:25 PM
Hi guys, as I don't want this thread to become a discussion thread. ;)
Please post further replies to the Comodo issue here: http://forum.avast.com/index.php?topic=74516.0
Thanks,
asyn

Edit: Or follow Tech's link to WSF... (Thanks Tech..!!)
Title: Re: Technical
Post by: bob3160 on March 24, 2011, 12:15:05 AM
Hi guys, as I don't want this thread to become a discussion thread. ;)
Please post further replies to the Comodo issue here: http://forum.avast.com/index.php?topic=74516.0
Thanks,
asyn

Edit: Or follow Tech's link to WSF... (Thanks Tech..!!)


It would be a lot nicer to do it directly on the Comodo forum (https://forums.comodo.com/ssl-certificate/comodo-issues-fraudulent-certificates-incl-mozilla-once-again-t70973.0.html). :0
Title: Re: Technical
Post by: Asyn on March 24, 2011, 12:21:19 AM
It would be a lot nicer to do it directly on the Comodo forum. :0

Bob, please post this in the new topic. Thanks..!! :)
http://forum.avast.com/index.php?topic=74516.0
asyn

@ALL: Please, no more Comodo related discussion here...!!! Thanks..!!
Title: Re: Technical
Post by: Asyn on March 24, 2011, 01:47:05 PM
Password service (Lastpass) locks out hackers
Password service Lastpass simply blocks the IP addresses of users who test the site's security measures in a move which may very well cause collateral damage.
http://www.h-online.com/security/news/item/Password-service-locks-out-hackers-1214086.html
Title: Re: Technical
Post by: Asyn on March 25, 2011, 11:40:20 PM
Vulnerabilities in some SCADA server softwares
http://www.securityfocus.com/archive/1/517080/30/0/threaded

SCADA Trojans: Attacking the Grid + 0dayZ!
http://www.reversemode.com/index.php?option=com_content&task=view&id=72&Itemid=1
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-080-01.pdf
Title: Re: Technical
Post by: Asyn on March 26, 2011, 04:52:56 PM
Microsoft Shuts off HTTPS in Hotmail for Over a Dozen Countries
https://www.eff.org/deeplinks/2011/03/microsoft-shuts-https-hotmail-over-dozen-countries
http://jilliancyork.com/2011/03/25/microsoft-hotmail-no-https-for-arab-iranian-users/

Update: Microsoft: Mystery bug blocks Syrian secure Hotmail
http://www.theregister.co.uk/2011/03/26/microsoft_https_hotmail_syria/

Quote
Microsoft is blaming a mystery bug for preventing access to the encrypted version of Hotmail, denying that it deliberately blocked access to the service in Syria.
Title: Re: Technical
Post by: Asyn on March 28, 2011, 12:01:36 PM
MySQL.com Vulnerable To Blind SQL Injection Vulnerability
http://seclists.org/fulldisclosure/2011/Mar/309

Edit: http://www.h-online.com/security/news/item/MySQL-allegedly-hacked-via-SQL-injection-1216281.html
Title: Re: Technical
Post by: Asyn on March 29, 2011, 12:45:48 PM
Vulnerabilities in *McAfee.com
http://seclists.org/fulldisclosure/2011/Mar/313
http://news.cnet.com/8301-27080_3-20048135-245.html
Title: Re: Technical
Post by: Asyn on March 30, 2011, 02:19:16 PM
Critical NASA network vulnerable to attack
http://oig.nasa.gov/audits/reports/FY11/IG-11-017.pdf
Title: Re: Technical
Post by: Asyn on April 01, 2011, 01:40:19 PM
FBI asks for help cracking a code in unsolved murder case
http://www.fbi.gov/news/stories/2011/march/cryptanalysis_032911/cryptanalysis_032911
Title: Re: Technical
Post by: Asyn on April 01, 2011, 02:25:06 PM
Firefox - Advertisers and Publishers Adopt and Implement Do Not Track
http://blog.mozilla.com/blog/2011/03/30/advertisers-and-publishers-adopt-and-implement-do-not-track/
Title: Re: Technical
Post by: Asyn on April 04, 2011, 12:32:31 PM
Mozilla begins crackdown on slow starting Firefox add-ons
http://www.h-online.com/security/news/item/Mozilla-begins-crackdown-on-slow-starting-Firefox-add-ons-1220906.html
http://blog.mozilla.com/addons/2011/04/01/improving-add-on-performance/
https://addons.mozilla.org/en-US/firefox/performance/
https://developer.mozilla.org/en/Extensions/Performance_best_practices_in_extensions
Title: Re: Technical
Post by: Asyn on April 06, 2011, 10:53:24 AM
Google Chrome - Protecting users from malicious downloads
http://googleonlinesecurity.blogspot.com/2011/04/protecting-users-from-malicious.html
Title: Re: Technical
Post by: bob3160 on April 06, 2011, 03:50:48 PM
Google Chrome - Protecting users from malicious downloads
http://googleonlinesecurity.blogspot.com/2011/04/protecting-users-from-malicious.html

"The data produced by our systems and published via the Safe Browsing API is used by Google search and browsers such as Google Chrome, Firefox, and Safari to warn users who may attempt to visit these dangerous webpages. "
Title: Re: Technical
Post by: Asyn on April 08, 2011, 05:01:32 PM
The Linux Foundation Releases Carrier Grade Linux 5.0 Specification
http://linux-foundation.org/weblogs/press/2011/04/06/the-linux-foundation-releases-carrier-grade-linux-50-specification/

Quote
The Linux Foundation’s CGL workgroup has been collaborating on CGL gaps and requirements since 2002, and today’s release of CGL 5.0 covers several specification categories that include Availability, Clustering, Serviceability, Performance, Standards, Hardware, and Security.
Title: Re: Technical
Post by: Asyn on April 12, 2011, 09:22:19 AM
FSB Backs Away From Gmail Ban
http://www.themoscowtimes.com/mobile/article/434782.html
Title: Re: Technical
Post by: Asyn on April 12, 2011, 03:04:06 PM
Learning the Importance of WAF Technology – the Hard Way
http://www.barracudalabs.com/wordpress/index.php/2011/04/11/learning-the-importance-of-waf-technology-the-hard-way/
http://hmsec.tumblr.com/
Title: Re: Technical
Post by: Asyn on April 14, 2011, 11:06:13 AM
DNS hacks with added value
http://www.h-online.com/security/news/item/DNS-hacks-with-added-value-1227656.html
Title: Re: Technical
Post by: Asyn on April 14, 2011, 12:10:00 PM
Apple Adds Do-Not-Track Tool to New Browser
http://online.wsj.com/article/SB10001424052748703551304576261272308358858.html

Quote
The move by the Cupertino, Calif., company leaves Google Inc. as the only major browser provider that hasn't yet committed to supporting a do-no-track capability in its browser, called Chrome.
Title: Re: Technical
Post by: Asyn on April 14, 2011, 05:15:50 PM
Department of Justice Takes Action to Disable International Botnet
http://newhaven.fbi.gov/dojpressrel/pressrel11/nh041311.htm

With Court Order, FBI Hijacks ‘Coreflood’ Botnet, Sends Kill Signal
http://www.wired.com/threatlevel/2011/04/coreflood/
Title: Re: Technical
Post by: Asyn on April 18, 2011, 04:07:42 PM
UK: Ministry of Defence fails at redacting nuclear sub secrets
http://www.h-online.com/security/news/item/Ministry-of-Defence-fails-at-redacting-nuclear-sub-secrets-1229523.html
http://www.parliament.uk/deposits/depositedpapers/2011/DEP2011-0648.pdf
http://cryptome.org/0003/mod-nuke-leak.htm
http://www.telegraph.co.uk/news/uknews/defence/8457506/Secrets-put-on-internet-in-Whitehall-blunders.html
Title: Re: Technical
Post by: Asyn on April 19, 2011, 01:31:35 PM
Whitehats pierce giant hole in Microsoft security shield
http://www.theregister.co.uk/2011/04/18/windows_heap_exploit_shield_pierced/
Title: Re: Technical
Post by: YoKenny on April 19, 2011, 08:42:38 PM
China's Cyber Hackers Target Western Firms
http://news.sky.com/skynews/Home/World-News/Video-Chinas-Cyber-Hackers-Growing-Threat-To-Western-Security-Sky-News-Investigation/Article/201104315974328?lpos=World_News_Right_Promo_Region_1&lid=ARTICLE_15974328_Video%3A_Chinas_Cyber_Hackers_Growing_Threat_To_Western_Security_Sky_News_Investigation
Title: Re: Technical
Post by: Asyn on April 19, 2011, 11:06:34 PM
Microsoft Safety Scanner
http://www.microsoft.com/security/scanner/en-us/default.aspx

Quote
The Microsoft Safety Scanner is a free downloadable security tool that provides on-demand scanning and helps remove viruses, spyware, and other malicious software. It works with your existing antivirus software.

Note: The Microsoft Safety Scanner expires 10 days after being downloaded. To rerun a scan with the latest anti-malware definitions, download and run the Microsoft Safety Scanner again.
Title: Re: Technical
Post by: Asyn on April 20, 2011, 08:38:11 AM
Newest Adobe flash 0-day used in new drive-by download variation: drive-by cache
http://blog.armorize.com/2011/04/newest-adobe-flash-0-day-used-in-new.html
Title: Re: Technical
Post by: Asyn on April 20, 2011, 06:05:26 PM
A Security Comparison: Microsoft Office vs. Oracle Openoffice
https://www.cert.org/blogs/certcc/2011/04/office_shootout_microsoft_offi.html
http://dankaminsky.com/2011/03/11/fuzzmark/
Title: Re: Technical
Post by: Asyn on April 21, 2011, 11:44:18 AM
"HTTPS Now" campaign launched to protect internet security
http://www.h-online.com/security/news/item/HTTPS-Now-campaign-launched-to-protect-internet-security-1231563.html
http://www.eff.org/press/archives/2011/04/19-0
https://www.httpsnow.org/
Title: Re: Technical
Post by: bob3160 on April 21, 2011, 05:00:05 PM
The interesting part of that article for me was at the very end:
"Facebook's HTTPS workaround was rather crude; if users clicked a link to a Facebook app, the site would ask them if they wanted to switch to a standard HTTP connection as the content they wanted to display could not be displayed using HTTPS. Once users clicked continue, the site completely disabled the HTTPS option under account settings in the background without indicating to users that it would do so."
Title: Re: Technical
Post by: Asyn on April 21, 2011, 07:44:05 PM
The interesting part of that article for me was at the very end:
"Facebook's HTTPS workaround was rather crude; if users clicked a link to a Facebook app, the site would ask them if they wanted to switch to a standard HTTP connection as the content they wanted to display could not be displayed using HTTPS. Once users clicked continue, the site completely disabled the HTTPS option under account settings in the background without indicating to users that it would do so."

Bob, I already posted that in February. ;)
http://forum.avast.com/index.php?topic=66267.msg594233#msg594233
Title: Re: Technical
Post by: Asyn on April 26, 2011, 12:55:58 PM
Designing a cluster-based covert channel to evade disk investigation and forensics
http://www.sciencedirect.com/science?_ob=ArticleURL&_udi=B6V8G-51BBKRS-1&_user=10&_coverDate=01%2F31%2F2011&_rdoc=1&_fmt=high&_orig=gateway&_origin=gateway&_sort=d&_docanchor=&view=c&_acct=C000050221&_version=1&_urlVersion=0&_userid=10&md5=ee913861b3d05b46b905bd4d52ca9380&searchtype=a
Title: Re: Technical
Post by: Asyn on April 27, 2011, 09:56:37 AM
NSA CIO Pursues Intelligence-Sharing Architecture
http://www.informationweek.com/news/government/leadership/229401971
Title: Re: Technical
Post by: ManyQs on April 27, 2011, 10:15:18 AM
NSA CIO Pursues Intelligence-Sharing Architecture
http://www.informationweek.com/news/government/leadership/229401971

Times sure change. 30 something years ago one would never have seen any information put out by the media credited to anyone at the NSA. That "anyone" would have been fired. Maybe thrown in jail. Amazing!

By the way, the nickname 30 something years ago was, No Such Agency.
Title: Re: Technical
Post by: Asyn on April 27, 2011, 05:54:21 PM
Google adds Flash cookie protection to Chrome
http://www.h-online.com/security/news/item/Google-adds-Flash-cookie-protection-to-Chrome-1233706.html
http://blog.chromium.org/2011/04/providing-transparency-and-controls-for.html
Title: Re: Technical
Post by: Asyn on April 29, 2011, 08:13:04 AM
Amazon's Cloud Crash Disaster Permanently Destroyed Many Customers' Data
http://www.businessinsider.com/amazon-lost-data-2011-4
Title: Re: Technical
Post by: Asyn on April 29, 2011, 04:51:33 PM
Treacherous metadata in company documents
http://www.h-online.com/security/features/Treacherous-metadata-in-company-documents-1233053.html
https://office.microsoft.com/en-us/excel-help/find-and-remove-metadata-hidden-information-in-your-legal-documents-HA001077646.aspx
Title: Re: Technical
Post by: Asyn on May 04, 2011, 08:20:59 AM
‘Weyland-Yutani’ Crime Kit Targets Macs for Bots
http://krebsonsecurity.com/2011/05/weyland-yutani-crime-kit-targets-macs-for-bots/
Title: Re: Technical
Post by: Asyn on May 04, 2011, 08:52:18 PM
The Tor Project plans a Firefox fork
http://www.h-online.com/security/news/item/The-Tor-Project-plans-a-Firefox-fork-1237745.html
https://blog.torproject.org/blog/toggle-or-not-toggle-end-torbutton
https://www.torproject.org/projects/torbrowser.html.en
Title: Re: Technical
Post by: ManyQs on May 04, 2011, 11:38:01 PM
Amazon's Cloud Crash Disaster Permanently Destroyed Many Customers' Data
http://www.businessinsider.com/amazon-lost-data-2011-4

I had some need to keep myself informed on this issue and I'd like to share one of the better pieces that goes into the technical aspects of this trouble.

http://www.itworld.com/cloud-computing/161203/english-time-how-amazon-let-its-cloud-crash-and-why-it-should-have-known-bett
Title: Re: Technical
Post by: Asyn on May 05, 2011, 07:45:36 AM
Safer network traffic, but with potential side effects
http://www.h-online.com/security/news/item/Safer-network-traffic-but-with-potential-side-effects-1237238.html
http://ripe62.ripe.net/presentations/29-110502.ripe-bgpsec-policy.pdf
Title: Re: Technical
Post by: Asyn on May 05, 2011, 09:28:41 AM
I had some need to keep myself informed on this issue and I'd like to share one of the better pieces that goes into the technical aspects of this trouble.

Thanks, ManyQs..!
Interesting read. :)
asyn
Title: Re: Technical
Post by: Asyn on May 06, 2011, 12:17:38 PM
Mozilla rejects US government request to remove add-on
http://www.h-online.com/security/news/item/Mozilla-rejects-US-government-request-to-remove-add-on-1238743.html
http://lockshot.wordpress.com/2011/05/05/homeland-security-request-to-take-down-mafiaafire-add-on/
Title: Re: Technical
Post by: bob3160 on May 06, 2011, 04:39:18 PM
Mozilla rejects US government request to remove add-on
http://www.h-online.com/security/news/item/Mozilla-rejects-US-government-request-to-remove-add-on-1238743.html
http://lockshot.wordpress.com/2011/05/05/homeland-security-request-to-take-down-mafiaafire-add-on/

Mozilla rejects US government request to remove add-on - because it hasn't received a court order to do so.
Title: Re: Technical
Post by: Jtaylor83 on May 06, 2011, 07:38:11 PM
Mozilla rejects US government request to remove add-on
http://www.h-online.com/security/news/item/Mozilla-rejects-US-government-request-to-remove-add-on-1238743.html
http://lockshot.wordpress.com/2011/05/05/homeland-security-request-to-take-down-mafiaafire-add-on/


Typical. Firefox is officially dead. :'(

It won't be long until DHS shuts the browser down and Mozilla for good. Time to switch to Google Chrome.

DHS is simply stifling free speech and open source in the name of Copyright, ICE, ACTA, and the Trans-Pacific Partnership (TPP).
Title: Re: Technical
Post by: Asyn on May 07, 2011, 05:15:16 PM
MS Exploitability Index Improvements Now Offer Additional Guidance
http://blogs.technet.com/b/msrc/archive/2011/05/05/exploitability-index-improvements-amp-advance-notification-service-for-may-2011-bulletin-release.aspx
Title: Re: Technical
Post by: Asyn on May 07, 2011, 06:43:53 PM
A Syrian Man-In-The-Middle Attack against Facebook
https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook
http://advocacy.globalvoicesonline.org/2011/05/05/did-syria-replace-facebooks-security-certificate-with-a-forged-one/
Title: Re: Technical
Post by: Asyn on May 10, 2011, 01:25:19 PM
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi
Title: Re: Technical
Post by: Asyn on May 12, 2011, 09:36:18 AM
Security distribution BackTrack 5 released
http://www.h-online.com/open/news/item/Security-distribution-BackTrack-5-released-1241332.html
http://www.backtrack-linux.org/backtrack/backtrack-5-release/
Title: Re: Technical
Post by: Asyn on May 13, 2011, 09:35:48 AM
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi

Khronos respond to WebGL security report
http://www.h-online.com/security/news/item/Khronos-respond-to-WebGL-security-report-1241304.html
http://www.opengl.org/registry/specs/ARB/robustness.txt
Title: Re: Technical
Post by: Asyn on May 13, 2011, 10:31:49 AM
The RTLO unicode hole - sequence manipulation as an attack vector
http://norman.com/security_center/security_center_archive/2011/rtlo_unicode_hole/

Quote
Vulnerable versions of Windows

This issue is by default apparently only present in Windows Vista and Windows 7. In Windows XP you need to install support for right-to-left languages for this to work.
Title: Re: Technical
Post by: Asyn on May 17, 2011, 03:14:07 PM
Microsoft Security Intelligence Report (SIR) #10
http://www.microsoft.com/security/sir/default.aspx
http://download.microsoft.com/download/6/0/5/605BE103-9429-4493-898B-E3D50AB68236/Microsoft_Security_Intelligence_Report_volume_10_Key_Findings_Summary_English.pdf
http://download.microsoft.com/download/6/0/5/605BE103-9429-4493-898B-E3D50AB68236/Microsoft_Security_Intelligence_Report_volume_10_Global_Threat_Assessments_English.pdf
Title: Re: Technical
Post by: Asyn on May 19, 2011, 12:35:24 PM
New version of EMET (2.1) is now available
http://blogs.technet.com/b/srd/archive/2011/05/18/new-version-of-emet-is-now-available.aspx
Download: http://go.microsoft.com/fwlink/?LinkID=200220&clcid=0x409
Forum: http://go.microsoft.com/fwlink/?LinkID=213962&clcid=0x409
Title: Re: Technical
Post by: Asyn on May 22, 2011, 01:54:10 PM
Click Trajectories: End-to-End Analysis of the Spam Value Chain
http://cseweb.ucsd.edu/~savage/papers/Oakland11.pdf
Title: Re: Technical
Post by: Asyn on May 24, 2011, 09:36:42 AM
Successful timing attacks on elliptic curve cryptography
http://www.h-online.com/security/news/item/Successful-timing-attacks-on-elliptic-curve-cryptography-1247772.html
http://eprint.iacr.org/2011/232.pdf
http://www.kb.cert.org/vuls/id/536044
Title: Re: Technical
Post by: Asyn on May 24, 2011, 01:00:33 PM
The Failure of Noise-Based Non-Continuous Audio Captchas
http://cdn.ly.tl/publications/decaptcha-audio.pdf
Title: Re: Technical
Post by: Asyn on May 26, 2011, 04:04:04 PM
Comodogate v2
Continued from: http://forum.avast.com/index.php?topic=52252.msg649567#msg649567
Some details: http://pastebin.com/F5nUf5kr
Title: Re: Technical
Post by: Asyn on May 26, 2011, 05:01:38 PM
Cookiejacking
https://sites.google.com/site/tentacoloviola/cookiejacking
http://www.reuters.com/article/2011/05/25/us-microsoft-security-idUSTRE74O86F20110525
Title: Re: Technical
Post by: Asyn on May 27, 2011, 11:33:09 AM
When Angry Birds attack: Android edition
http://blog.duosecurity.com/2011/05/when-angry-birds-attack-android-edition/
Title: Re: Technical
Post by: Asyn on June 01, 2011, 11:15:26 AM
Web Application Attack and Audit Framework 1.0 arrives
http://www.h-online.com/security/news/item/Web-Application-Attack-and-Audit-Framework-1-0-arrives-1253108.html
http://sourceforge.net/projects/w3af/
http://sourceforge.net/news/?group_id=170274&id=300685
http://w3af.sourceforge.net/videos/video-demos.php
Title: Re: Technical
Post by: Asyn on June 04, 2011, 09:32:35 AM
The Electronic Frontier Foundation (EFF) Tor Challenge
https://www.eff.org/torchallenge
Title: Re: Technical
Post by: Asyn on June 05, 2011, 12:35:29 PM
Twitter new follow button clickjacking attack
http://serphacker.com/twitter/twitter-new-follow-button-clickjacking-attack.html

Google plus1 clickjacking attack
http://serphacker.com/clickjacking/google-plus1-clickjacking-attack.html
Title: Re: Technical
Post by: DavidR on June 05, 2011, 03:03:19 PM
I believe the ClickClear function in Firefox NoScript add-on protects against clickjacking.
Title: Re: Technical
Post by: Asyn on June 06, 2011, 09:58:58 AM
I believe the ClickClear function in Firefox NoScript add-on protects against clickjacking.

That's right David.
NoScript blocks these attacks.
Title: Re: Technical
Post by: Asyn on June 08, 2011, 12:33:55 PM
One in four US hackers 'is an FBI informer'
The FBI and US secret service have used the threat of prison to create an army of informers among online criminals
http://www.guardian.co.uk/technology/2011/jun/06/us-hackers-fbi-informer/print
Title: Re: Technical
Post by: Asyn on June 10, 2011, 10:38:45 AM
Cross-domain WebGL textures disabled in Firefox 5
http://hacks.mozilla.org/2011/06/cross-domain-webgl-textures-disabled-in-firefox-5/
https://developer.mozilla.org/en/WebGL/Cross-Domain_Textures
https://bugzilla.mozilla.org/show_bug.cgi?id=656277
Title: Re: Technical
Post by: Asyn on June 10, 2011, 02:14:48 PM
Cookiejacking
https://sites.google.com/site/tentacoloviola/cookiejacking
http://www.reuters.com/article/2011/05/25/us-microsoft-security-idUSTRE74O86F20110525

http://blogs.technet.com/b/msrc/archive/2011/06/09/june-advance-notification-service-and-10-immutable-laws-revisited.aspx

Quote
One of the issues we start to address in this release is “cookiejacking,” which allows an attacker to steal cookies from a user’s computer and access websites the user has logged into.
Title: Re: Technical
Post by: Asyn on June 12, 2011, 10:01:21 AM
Twitter authorisation misleads users
http://www.h-online.com/security/news/item/Twitter-authorisation-misleads-users-1259205.html
http://lab.thisisroyal.com/twitter/
http://techcrunch.com/2011/06/10/third-party-twitter-apps-can-access-your-private-messages-without-authorization/
Title: Re: Technical
Post by: Asyn on June 14, 2011, 04:16:55 PM
Nissan LEAF cars leak speed, position, destination to RSS feeds
http://seattlewireless.net/~casey/?p=97
Title: Re: Technical
Post by: Asyn on June 15, 2011, 12:40:29 PM
Siemens fixes vulnerabilities in automation systems
http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=41886031&subtype=133100&caller=view
http://support.automation.siemens.com/dnl/TY/TYzNTUxOQAA_50428932_Akt/Siemens_Security_Advisory_SSA-625789.pdf
http://www.us-cert.gov/control_systems/pdf/ICS-ALERT-11-161-01.pdf
Title: Re: Technical
Post by: Asyn on June 16, 2011, 11:55:37 AM
Bitcoin P2P Currency: The Most Dangerous Project We've Ever Seen
http://launch.is/blog/l019-bitcoin-p2p-currency-the-most-dangerous-project-weve-ev.html
http://launch.is/blog/l020-is-bitcoin-the-wikileaks-of-monetary-policy.html
http://forum.bitcoin.org/index.php?topic=16457.msg214423#msg214423
Title: Re: Technical
Post by: Asyn on June 16, 2011, 11:12:02 PM
WPScan - WordPress Security Scanner
http://www.ethicalhack3r.co.uk/security/introducing-wpscan-wordpress-security-scanner/
http://code.google.com/p/wpscan/
Title: Re: Technical
Post by: Asyn on June 17, 2011, 10:13:29 AM
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi

WebGL – More WebGL Security Flaws
http://www.contextis.com/resources/blog/webgl2/
Title: Re: Technical
Post by: Asyn on June 18, 2011, 08:55:29 AM
NSA allies with Internet carriers to thwart cyber attacks against defense firms
http://www.washingtonpost.com/national/major-internet-service-providers-cooperating-with-nsa-on-monitoring-traffic/2011/06/07/AG2dukXH_story.html
Title: Re: Technical
Post by: Asyn on June 18, 2011, 10:43:58 AM
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi

WebGL – More WebGL Security Flaws
http://www.contextis.com/resources/blog/webgl2/

WebGL Considered Harmful
http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx
Title: Re: Technical
Post by: Asyn on June 18, 2011, 04:55:12 PM
Chrome - Trying to end mixed scripting vulnerabilities
http://googleonlinesecurity.blogspot.com/2011/06/trying-to-end-mixed-scripting.html
Title: Re: Technical
Post by: Asyn on June 19, 2011, 11:57:36 AM
Metasploit offers bounty for exploits
https://community.rapid7.com/community/metasploit/blog/2011/06/14/metasploit-exploit-bounty-30-exploits-500000-in-5-weeks
https://community.rapid7.com/docs/DOC-1467
Title: Re: Technical
Post by: Asyn on June 19, 2011, 02:48:37 PM
Hackers steal quantum code
http://physicsworld.com/cws/article/news/46305
Title: Re: Technical
Post by: Asyn on June 20, 2011, 12:43:15 PM
Storing passwords in uncrackable form
http://www.h-online.com/security/features/Storing-passwords-in-uncrackable-form-1255576.html
Title: Re: Technical
Post by: Asyn on June 21, 2011, 10:18:31 AM
WebGL - A New Dimension for Browser Exploitation
http://www.contextis.com/resources/blog/webgl/
http://www.contextis.com/resources/blog/webgl/poc/index.html
http://www.contextis.com/resources/blog/webgl/webgl.avi

WebGL – More WebGL Security Flaws
http://www.contextis.com/resources/blog/webgl2/

WebGL Considered Harmful
http://blogs.technet.com/b/srd/archive/2011/06/16/webgl-considered-harmful.aspx

Mozilla rejects Microsoft's WebGL criticism
http://www.h-online.com/security/news/item/Mozilla-rejects-Microsoft-s-WebGL-criticism-1263986.html
http://shaver.off.net/diary/2011/06/17/a-three-dimensional-platform/

Why Microsoft and Internet Explorer need WebGL (and vice-versa)
http://www.realityprime.com/articles/why-microsoft-and-internet-explorer-need-webgl
Title: Re: Technical
Post by: Asyn on June 21, 2011, 01:05:47 PM
Bitcoin P2P Currency: The Most Dangerous Project We've Ever Seen
http://launch.is/blog/l019-bitcoin-p2p-currency-the-most-dangerous-project-weve-ev.html
http://launch.is/blog/l020-is-bitcoin-the-wikileaks-of-monetary-policy.html
http://forum.bitcoin.org/index.php?topic=16457.msg214423#msg214423

Bitcoin exchange closed after attack
http://www.h-online.com/security/news/item/Bitcoin-exchange-closed-after-attack-1263448.html
Title: Re: Technical
Post by: Asyn on June 23, 2011, 09:39:14 AM
Metasploit Framework 3.7.2
https://community.rapid7.com/community/metasploit/blog/2011/06/21/metasploit-framework-372-released
https://dev.metasploit.com/redmine/projects/framework/wiki/Release_Notes_372
Title: Re: Technical
Post by: Asyn on June 23, 2011, 01:54:21 PM
Chrome extension shows up bad JavaScript
http://googleonlinesecurity.blogspot.com/2011/06/introducing-dom-snitch-our-passive-in.html
https://code.google.com/p/domsnitch/
Title: Re: Technical
Post by: bob3160 on June 24, 2011, 01:32:31 PM
Chrome extension shows up bad JavaScript
http://googleonlinesecurity.blogspot.com/2011/06/introducing-dom-snitch-our-passive-in.html
https://code.google.com/p/domsnitch/
I wouldn't exactly run out and get this. It's an experimental Chrome extension designed for developers and testers.
Title: Re: Technical
Post by: Asyn on June 25, 2011, 06:21:17 PM
Firefox Rapid Release Process
http://mike.kaply.com/2011/06/21/firefox-rapid-release-process/
http://www.glazman.org/weblog/dotclear/index.php?post/2011/06/21/The-faster-release-process-of-Firefox
http://mozilla.github.com/process-releases/draft/development_overview/
Title: Re: Technical
Post by: Lisandro on June 25, 2011, 07:48:49 PM
Firefox Rapid Release Process
http://mike.kaply.com/2011/06/21/firefox-rapid-release-process/
http://www.glazman.org/weblog/dotclear/index.php?post/2011/06/21/The-faster-release-process-of-Firefox
http://mozilla.github.com/process-releases/draft/development_overview/
I see everybody complaining about fast release process of Firefox.
It would be a pain to have it integrated.
If addons developers can't follow the speed, I will be very upset with the lack of support.
For corporate deployments and for users that cannot use Firefox with specific addons, there has to be a stable branch that includes security updates.
Title: Re: Technical
Post by: Asyn on June 25, 2011, 07:57:30 PM
I see everybody complaining about fast release process of Firefox.
It would be a pain to have it integrated.
If addons developers can't follow the speed, I will be very upset with the lack of support.
For corporate deployments and for users that cannot use Firefox with specific addons, there has to be a stable branch that includes security updates.

As long as they keep the 3.6 branch alive, I've no problem.
Else, it would be a real PITA. :-\
Title: Re: Technical
Post by: Asyn on June 28, 2011, 12:06:20 PM
Common Weakness Scoring System (CWSS)
http://cwe.mitre.org/cwss/index.html

Common Weakness Risk Analysis Framework (CWRAF)
http://cwe.mitre.org/cwraf/index.html
Title: Re: Technical
Post by: Asyn on June 30, 2011, 09:28:41 AM
Netragard’s Hacker Interface Device (HID)
http://pentest.snosoft.com/2011/06/24/netragards-hacker-interface-device-hid/
Title: Re: Technical
Post by: Asyn on June 30, 2011, 08:08:19 PM
2011 CWE/SANS Top 25 Most Dangerous Software Errors
http://cwe.mitre.org/top25/index.html
http://cwe.mitre.org/top25/archive/2011/2011_cwe_sans_top25.pdf
Title: Re: Technical
Post by: Asyn on July 06, 2011, 03:52:04 PM
No more Googling for .co.cc domains
http://www.h-online.com/security/news/item/No-more-Googling-for-co-cc-domains-1274332.html
Title: Re: Technical
Post by: Asyn on July 07, 2011, 03:43:46 PM
Using Cross-domain images in WebGL and Chrome 13
http://blog.chromium.org/2011/07/using-cross-domain-images-in-webgl-and.html
Title: Re: Technical
Post by: Asyn on July 11, 2011, 06:55:11 PM
Binary Planting Goes "Any File Type"
http://blog.acrossecurity.com/2011/07/binary-planting-goes-any-file-type.html
Title: Re: Technical
Post by: Asyn on July 13, 2011, 10:17:02 AM
On-screen Keyboards Considered Harmful
http://blog.thinkst.com/2011/07/on-screen-keyboards-considered-harmful.html
http://thinkst.com/stuff/ocv/
http://thinkst.com/stuff/ocv/osk-thinkst.pdf
Title: Re: Technical
Post by: Asyn on July 17, 2011, 01:23:35 PM
Mozilla's BrowserID offered as an alternative to OpenID
http://www.h-online.com/security/news/item/Mozilla-s-BrowserID-offered-as-an-alternative-to-OpenID-1280136.html
http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in
http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid
https://browserid.org/
Title: Re: Technical
Post by: Asyn on July 19, 2011, 11:58:55 AM
Process Explorer v15.0
http://technet.microsoft.com/en-us/sysinternals/bb896653
Title: Re: Technical
Post by: Asyn on July 20, 2011, 01:04:23 AM
Analysis of the jailbreakme v3 font exploit
http://esec-lab.sogeti.com/post/Analysis-of-the-jailbreakme-v3-font-exploit
Title: Re: Technical
Post by: Asyn on July 24, 2011, 07:16:12 PM
Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries
http://blogs.forbes.com/andygreenberg/2011/07/22/apple-laptops-vulnerable-to-hack-that-kills-or-corrupts-batteries/
Title: Re: Technical
Post by: Asyn on July 26, 2011, 01:15:42 PM
Nominations for the 2011 Pwnie Awards announced
http://pwnies.com/nominations/
Title: Re: Technical
Post by: Asyn on July 31, 2011, 02:12:48 PM
Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged
http://www.wired.com/epicenter/2011/07/undeletable-cookie/
http://ssrn.com/abstract=1898390
Title: Re: Technical
Post by: Asyn on August 02, 2011, 11:11:04 AM
A Security Analysis of Next Generation Web Standards
http://www.enisa.europa.eu/act/application-security/web-security/a-security-analysis-of-next-generation-web-standards/
http://www.enisa.europa.eu/act/application-security/web-security/a-security-analysis-of-next-generation-web-standards/at_download/fullReport
Title: Re: Technical
Post by: Asyn on August 03, 2011, 01:01:08 PM
Revealed: Operation Shady RAT
http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat
http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf
Title: Re: Technical
Post by: Asyn on August 04, 2011, 11:32:28 AM
Metasploit Framework 4.0 Released
https://community.rapid7.com/community/metasploit/blog/2011/08/01/metasploit-40-released
https://dev.metasploit.com/redmine/projects/framework/wiki/Release_Notes_400
http://www.metasploit.com/download/
Title: Re: Technical
Post by: Asyn on August 05, 2011, 04:54:32 PM
Volatility 2.0 Released
http://volatility.tumblr.com/
https://www.volatilesystems.com/default/volatility
Title: Re: Technical
Post by: Asyn on August 06, 2011, 10:00:28 AM
Nominations for the 2011 Pwnie Awards announced
http://pwnies.com/nominations/

The Winners
http://pwnies.com/winners/
Title: Re: Technical
Post by: Asyn on August 08, 2011, 11:40:16 AM
Microsoft BlueHat Prize
http://www.microsoft.com/security/bluehatprize/
http://www.microsoft.com/security/bluehatprize/rules.aspx
Title: Re: Technical
Post by: Asyn on August 09, 2011, 12:01:45 AM
When Advanced Persistent Threats Go Mainstream
http://www.rsa.com/innovation/docs/SBIC_RPT_0711.pdf
Title: Re: Technical
Post by: Asyn on August 13, 2011, 05:18:51 PM
CSI:Internet - Living in SYN
http://www.h-online.com/security/features/CSI-Internet-Living-in-SYN-1288568.html
Title: Re: Technical
Post by: Asyn on August 15, 2011, 01:28:11 PM
Firefox - Strengthening User Control of Add-ons
https://blog.mozilla.com/addons/2011/08/11/strengthening-user-control-of-add-ons/
Title: Re: Technical
Post by: Asyn on August 17, 2011, 09:36:46 AM
Researchers Expose Cunning Online Tracking Service That Can’t Be Dodged
http://www.wired.com/epicenter/2011/07/undeletable-cookie/
http://ssrn.com/abstract=1898390

Legal dispute over "eternal" cookies
http://www.h-online.com/security/news/item/Legal-dispute-over-eternal-cookies-1323818.html
Title: Re: Technical
Post by: Asyn on August 17, 2011, 12:24:43 PM
IT Threat Evolution: Q2 2011
http://www.securelist.com/en/analysis/204792186/IT_Threat_Evolution_Q2_2011
Title: Re: Technical
Post by: Asyn on August 18, 2011, 12:06:29 PM
Bitcoin mining with Trojan.Badminer
http://www.symantec.com/connect/blogs/bitcoin-mining-trojanbadminer
Title: Re: Technical
Post by: Asyn on August 19, 2011, 10:23:44 AM
Revealed: Operation Shady RAT
http://blogs.mcafee.com/mcafee-labs/revealed-operation-shady-rat
http://www.mcafee.com/us/resources/white-papers/wp-operation-shady-rat.pdf

Shady RAT: Shoddy RAT
http://eugene.kaspersky.com/2011/08/18/shady-rat-shoddy-rat/
Title: Re: Technical
Post by: Asyn on August 20, 2011, 08:51:13 AM
Trends in Circumventing Web-Malware Detection
http://googleonlinesecurity.blogspot.com/2011/08/four-years-of-web-malware.html
http://research.google.com/archive/papers/rajab-2011a.pdf
Title: Re: Technical
Post by: Asyn on August 20, 2011, 07:37:48 PM
Biclique cryptanalysis of the full AES
https://research.microsoft.com/en-us/projects/cryptanalysis/aes.aspx
https://research.microsoft.com/en-us/projects/cryptanalysis/aesbc.pdf
Title: Re: Technical
Post by: Asyn on August 22, 2011, 10:07:06 AM
CSI:Internet - Controlled from the beyond
http://www.h-online.com/security/features/CSI-Internet-Controlled-from-the-beyond-1322313.html
Title: Re: Technical
Post by: Asyn on August 25, 2011, 02:53:04 PM
McAfee Q2 2011 Threats Report
http://www.mcafee.com/us/about/news/2011/q3/20110823-01.aspx
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q2-2011.pdf
Title: Re: Technical
Post by: Asyn on August 27, 2011, 09:44:14 PM
Updated SDL Tools Available
http://blogs.msdn.com/b/sdl/archive/2011/08/25/updates-to-sdl-tools-are-now-available.aspx

Threat Modeling Tool v3.1.8: http://go.microsoft.com/?linkid=9706808
MiniFuzz Tool v1.5.5: http://go.microsoft.com/?linkid=9757781
RegExFuzz Tool v1.1.0: http://go.microsoft.com/?linkid=9751929
Title: Re: Technical
Post by: Asyn on September 03, 2011, 09:11:33 PM
Snort 2.9.1 has been released
http://blog.snort.org/2011/08/snort-291-has-been-released-including.html
http://www.snort.org/snort-downloads/
http://manual.snort.org/
http://www.snort.org/docs
Title: Re: Technical
Post by: Asyn on September 05, 2011, 09:05:54 AM
Free tool for testing net neutrality (N00ter)
http://www.h-online.com/security/news/item/Free-tool-for-testing-net-neutrality-1335031.html
http://dankaminsky.com/2011/08/05/bo2k11/
Title: Re: Technical
Post by: Asyn on September 06, 2011, 09:30:25 AM
BackBox Linux 2 released!
http://www.backbox.org/content/backbox-linux-2-released
http://www.backbox.org/content/download
Title: Re: Technical
Post by: Pondus on September 06, 2011, 12:29:58 PM
So do you need a big backup system...got lots of movie and music files  ?....well IBM got what you need   ;D

IBM Builds Biggest Data Drive Ever
http://www.technologyreview.com/computing/38440/page1/
Title: Re: Technical
Post by: Asyn on September 08, 2011, 01:58:00 PM
Shooting the Messenger
http://www.andreas-kurtz.de/2011/09/shooting-messenger.html
Title: Re: Technical
Post by: Asyn on September 10, 2011, 12:09:15 AM
Mozilla asks all CAs to carry out security audits
http://www.h-online.com/security/news/item/Mozilla-asks-all-CAs-to-carry-out-security-audits-1340351.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/bf2deb09824418fb
Title: Re: Technical
Post by: disPlay on September 10, 2011, 02:04:47 AM
Mozilla asks all CAs to carry out security audits
http://www.h-online.com/security/news/item/Mozilla-asks-all-CAs-to-carry-out-security-audits-1340351.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/bf2deb09824418fb

Thanks for this information, let's see what will be response of the CAs.
Title: Re: Technical
Post by: Asyn on September 10, 2011, 05:48:45 PM
Mozilla asks all CAs to carry out security audits
http://www.h-online.com/security/news/item/Mozilla-asks-all-CAs-to-carry-out-security-audits-1340351.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/bf2deb09824418fb

Thanks for this information, let's see what will be response of the CAs.

NP disPlay..!
But more interesting will be, what happens with the ones not replying..!!?? ;)
Title: Re: Technical
Post by: Asyn on September 14, 2011, 10:35:37 AM
Rent-a-Bot Networks Tied to TDSS Botnet
http://krebsonsecurity.com/2011/09/rent-a-bot-networks-tied-to-tdss-botnet/
http://krebsonsecurity.com/2011/09/whos-behind-the-tdss-botnet/
Title: Re: Technical
Post by: Asyn on September 15, 2011, 09:47:20 AM
CSI:Internet - A trip into RAM
http://www.h-online.com/security/features/CSI-Internet-A-trip-into-RAM-1339479.html
Title: Re: Technical
Post by: Asyn on September 16, 2011, 11:20:32 PM
Iran blocks Tor - Tor releases same-day fix
https://blog.torproject.org/blog/iran-blocks-tor-tor-releases-same-day-fix
http://archives.seul.org/tor/talk/Sep-2011/msg00187.html
https://metrics.torproject.org/users.html?graph=direct-users&start=2011-07-01&end=2011-09-16&country=ir&events=on&dpi=72#direct-users
Title: Re: Technical
Post by: Asyn on September 19, 2011, 01:47:58 PM
Cracking OS X Lion Passwords
http://www.defenceindepth.net/2011/09/cracking-os-x-lion-passwords.html
Title: Re: Technical
Post by: Asyn on September 20, 2011, 01:40:19 PM
Open source tool enables security tests for chip cards
http://www.h-online.com/security/news/item/Open-source-tool-enables-security-tests-for-chip-cards-1344245.html
http://www.degate.org/
http://www.degate.org/documentation/
Title: Re: Technical
Post by: Asyn on September 26, 2011, 08:43:03 AM
Proposal to Provide an Extended Support Release of Firefox for Managed Deployments
https://groups.google.com/forum/#!topic/mozilla.dev.planning/19O8ODZnmPo (https://groups.google.com/forum/#!topic/mozilla.dev.planning/19O8ODZnmPo)
https://wiki.mozilla.org/Enterprise/Firefox/ExtendedSupport:Proposal
Title: Re: Technical
Post by: Asyn on September 28, 2011, 05:00:07 PM
Microsoft Neutralizes Kelihos Botnet
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx
Title: Re: Technical
Post by: Asyn on October 01, 2011, 05:29:55 PM
Diebold e-voting systems vulnerable to attack
http://www.h-online.com/security/news/item/Diebold-e-voting-systems-vulnerable-to-attack-1352743.html
http://politics.salon.com/2011/09/27/votinghack/
Title: Re: Technical
Post by: Asyn on October 03, 2011, 10:59:21 PM
CSI:Internet - Open heart surgery
http://www.h-online.com/security/features/CSI-Internet-Open-heart-surgery-1350313.html
Title: Re: Technical
Post by: Asyn on October 04, 2011, 07:02:42 PM
Mozilla Firefox and silent updates
http://www.brianbondy.com/blog/id/125/mozilla-firefox-and-silent-updates
Title: Re: Technical
Post by: Asyn on October 06, 2011, 01:41:52 PM
Reverse Proxy Bypass
http://www.contextis.com/research/blog/reverseproxybypass/
Title: Re: Technical
Post by: Asyn on October 07, 2011, 01:47:23 PM
0day Full disclosure: American Express
http://qnrq.se/full-disclosure-american-express/

Note: AE already fixed this.
Title: Re: Technical
Post by: Asyn on October 08, 2011, 04:43:06 PM
ExploitHub Issues Bounty on 12 Client-side Exploits
http://www.nsslabs.com/company/news/press-releases/exploithub-issues-bounty-on-12-client-side-exploits.html
https://www.exploithub.com/request/index/developmentrequests/
Title: Re: Technical
Post by: Asyn on October 11, 2011, 08:45:31 AM
Secret Orders Target Email
http://online.wsj.com/article/SB10001424052970203476804576613284007315072.html
http://news.cnet.com/8301-31921_3-20117919-281/justice-department-ramps-up-wikileaks-e-mail-probe/
Title: Re: Technical
Post by: Asyn on October 11, 2011, 05:50:42 PM
German researchers crack RFID cards
http://www.h-online.com/security/news/item/German-researchers-crack-RFID-cards-1359218.html
http://www.emsec.rub.de/media/crypto/veroeffentlichungen/2011/10/10/desfire_2011_extended_1.pdf
Title: Re: Technical
Post by: Asyn on October 13, 2011, 08:33:54 AM
Microsoft Security Intelligence Report (SIR) #11
http://www.microsoft.com/security/sir/default.aspx
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_English.pdf
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_Worldwide_Threat_Assessment_English.pdf
http://download.microsoft.com/download/0/3/3/0331766E-3FC4-44E5-B1CA-2BDEB58211B8/Microsoft_Security_Intelligence_Report_volume_11_Advanced_Malware_Cleaning_Techniques_for_the_IT_Professional_English.pdf
Title: Re: Technical
Post by: Asyn on October 19, 2011, 10:00:30 AM
US experts concerned about risk to infrastructure posed by Anonymous
http://www.h-online.com/security/news/item/US-experts-concerned-about-risk-to-infrastructure-posed-by-Anonymous-1363015.html
http://info.publicintelligence.net/NCCIC-AnonymousICS.pdf
Title: Re: Technical
Post by: Asyn on October 19, 2011, 12:20:21 PM
Rapid7 Launches New Metasploit Community Edition (for Free and Simple Vulnerability Verification)
http://www.rapid7.com/news-events/press-releases/2011/2011-metasploit-community.jsp
https://community.rapid7.com/community/metasploit/blog/2011/10/18/introducing-metasploit-community-edition
http://www.rapid7.com/products/metasploit-community.jsp
Title: Re: Technical
Post by: Asyn on October 20, 2011, 12:56:03 PM
RUB Researchers break W3C standard
XML Encryption is insecure: Large companies affected
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en
Title: Re: Technical
Post by: Asyn on October 21, 2011, 10:35:56 AM
Georgia Tech Turns iPhone Into spiPhone
http://www.gatech.edu/newsroom/release.html?nid=71506
Title: Re: Technical
Post by: Asyn on October 25, 2011, 06:28:11 PM
RUB Researchers break W3C standard
XML Encryption is insecure: Large companies affected
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00330.html.en

Analysis of Signature Wrapping Attacks and Countermeasures
http://www.nds.rub.de/media/nds/downloads/mjensen/ICWS09.pdf
Title: Re: Technical
Post by: Asyn on October 26, 2011, 11:05:52 PM
THC SSL DOS
http://thehackerschoice.wordpress.com/2011/10/24/thc-ssl-dos/
http://www.thc.org/thc-ssl-dos/
Title: Re: Technical
Post by: Asyn on October 27, 2011, 02:23:56 PM
Microsoft Neutralizes Kelihos Botnet
http://blogs.technet.com/b/microsoft_blog/archive/2011/09/27/microsoft-neutralizes-kelihos-botnet-names-defendant-in-case.aspx

Microsoft Reaches Settlement with Piatti, dotFREE Group in Kelihos Case
http://blogs.technet.com/b/microsoft_blog/archive/2011/10/26/microsoft-reaches-settlement-with-piatti-dotfree-group-in-kelihos-case.aspx
http://noticeofpleadings.com/images/Botnet_voluntary_dismissal_file-stamped.pdf
Title: Re: Technical - silent updates?
Post by: cliff2 on October 28, 2011, 02:18:14 AM
avast 6, firefox, xp sp2
I have very slow dial up internet and something continues to download.

I put on PCtools 7 firewall, and activity is at Avast!Service.

Is there any way to find out what is downloading??

very frustrating as it makes any other internet even slower.

thanks
Title: Re: Technical - silent updates?
Post by: alpha1 on October 28, 2011, 09:58:13 AM
avast 6, firefox, xp sp2
I have very slow dial up internet and something continues to download.

I put on PCtools 7 firewall, and activity is at Avast!Service.

Is there any way to find out what is downloading??

very frustrating as it makes any other internet even slower.

thanks

you need to start a separate thread about this issue.
Title: Re: Technical
Post by: Asyn on October 28, 2011, 11:24:25 AM
How secure is HTTPS today? How often is it attacked?
https://www.eff.org/deeplinks/2011/10/how-secure-https-today
https://www.eff.org/files/colour_map_of_CAs.pdf
Title: Re: Technical
Post by: Asyn on October 29, 2011, 08:45:25 PM
Making UEFI Secure Boot Work With Open Platforms
https://www.linuxfoundation.org/publications/making-uefi-secure-boot-work-with-open-platforms
https://www.linuxfoundation.org/sites/main/files/lf_uefi_secure_boot_open_platforms.pdf
http://blog.canonical.com/2011/10/28/white-paper-secure-boot-impact-on-linux/
http://ozlabs.org/docs/uefi-secure-boot-impact-on-linux.pdf
Title: Re: Technical
Post by: Asyn on October 30, 2011, 10:04:28 AM
Acoustic cryptanalysis
http://tau.ac.il/~tromer/acoustic/
http://www.lsec.be/upload_directories/documents/AdiShamir.pdf
Title: Re: Technical
Post by: Asyn on October 31, 2011, 02:36:23 PM
Chinese Military Suspected in Hacker Attacks on U.S. Satellites
http://www.bloomberg.com/news/2011-10-27/chinese-military-suspected-in-hacker-attacks-on-u-s-satellites.html
Title: Re: Technical
Post by: Asyn on November 01, 2011, 11:29:12 AM
Defeating Windows 8 ROP Mitigation
http://vulnfactory.org/blog/2011/09/21/defeating-windows-8-rop-mitigation/
http://blog.bkis.com/en/rop-chain-for-windows-8/
Title: Re: Technical
Post by: Asyn on November 01, 2011, 05:39:29 PM
The Nitro Attacks
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/the_nitro_attacks.pdf
Title: Re: Technical
Post by: alpha1 on November 01, 2011, 09:50:23 PM
NetMarketShare: XP finally eroded to sub 50 percent level, Chrome closing in on Firefox
http://www.zdnet.com/blog/hardware/netmarketshare-xp-finally-eroded-to-sub-50-percent-level-chrome-closing-in-on-firefox/15959
Title: Re: Technical
Post by: Asyn on November 03, 2011, 12:45:35 PM
The Socialbot Network: When Bots Socialize for Fame and Money
http://lersse-dl.ece.ubc.ca/record/264/files/ACSAC_2011.pdf?version=1
Title: Re: Technical
Post by: Asyn on November 04, 2011, 04:14:40 PM
Text-based CAPTCHA Strengths and Weaknesses
http://cdn.ly.tl/publications/text-based-captcha-strengths-and-weaknesses.pdf
Title: Re: Technical
Post by: Asyn on November 10, 2011, 03:48:11 PM
A Security Analysis of Amazon’s Elastic Compute Cloud Service
http://www.scribd.com/doc/72067914/Secure-Cloud-Long
Title: Re: Technical
Post by: Asyn on November 10, 2011, 10:05:19 PM
Operation Ghost Click
http://www.fbi.gov/news/stories/2011/november/malware_110911/malware_110911
http://www.fbi.gov/newyork/press-releases/2011/remarks-as-prepared-by-assistant-director-in-charge-janice-k.-fedarcyk-on-major-cyber-investigation
http://www.fbi.gov/news/stories/2011/november/malware_110911/DNS-changer-malware.pdf
Title: Re: Technical
Post by: Asyn on November 12, 2011, 06:28:49 PM
OAuth 2.0 Playground: Open to Developers
http://googlecode.blogspot.com/2011/11/oauth-20-playground-open-to-developers.html
https://code.google.com/oauthplayground/
Title: Re: Technical
Post by: Asyn on November 13, 2011, 01:31:15 PM
SCADA & PLC Vulnerabilities in Correctional Facilities
http://dl.packetstormsecurity.net/papers/general/PLC_White_Paper_Newman_Rad_Strauchs_July22_2011_Final.pdf
http://blip.tv/pauldotcom/hacking-prisons-john-strauchs-tiffany-rad-teague-newman-5518125
Title: Re: Technical
Post by: jadinolf on November 14, 2011, 02:47:04 AM
IE9 and Privacy: Introducing Tracking Protection
http://blogs.msdn.com/b/ie/archive/2010/12/07/ie9-and-privacy-introducing-tracking-protection-v8.aspx


Enjoy!
Title: Re: Technical
Post by: Asyn on November 14, 2011, 01:33:27 PM
Duqu Detectors
CrySyS Duqu Detector Toolkit: http://www.crysys.hu/duqudetector.html
Duqu Analysis & Detection Tool: http://www.nsslabs.com/blog/2011/11/duqu-analysis-and-detection-tool.html
Title: Re: Technical
Post by: Asyn on November 16, 2011, 05:34:22 PM
Public Key Pinning Extension for HTTP
http://www.ietf.org/id/draft-evans-palmer-key-pinning-00.txt
Title: Re: Technical
Post by: Asyn on November 18, 2011, 12:22:48 PM
Invisible YNK, a Code Signing Conundrum
http://blogs.norman.com/2011/malware-detection-team/invisible-ynk-a-code-signing-conundrum
Title: Re: Technical
Post by: Asyn on November 19, 2011, 06:06:30 PM
Google details location services opt-out for Wi-Fi access point owners
http://www.h-online.com/security/news/item/Google-details-location-services-opt-out-for-Wi-Fi-access-point-owners-1379431.html
http://googlepolicyeurope.blogspot.com/2011/11/greater-choice-for-wireless-access.html
http://maps.google.com/support/bin/answer.py?hl=en&answer=1725632
Title: Re: Technical
Post by: Asyn on November 20, 2011, 10:52:01 AM
W3C Announces First Draft of Standard for Online Privacy
http://www.w3.org/2011/11/dnt-pr.html.en
http://www.w3.org/TR/2011/WD-tracking-dnt-20111114/
http://www.w3.org/TR/2011/WD-tracking-compliance-20111114/
Title: Re: Technical
Post by: Asyn on November 27, 2011, 12:57:19 AM
RUB researchers outsmart HDCP
“Man-in-the-Middle” attack: Intel copy protection circumvented
http://aktuell.ruhr-uni-bochum.de/pm2011/pm00386.html.en
Title: Re: Technical
Post by: Asyn on November 28, 2011, 01:29:51 PM
Preliminary Analysis of Google+'s Privacy
http://arxiv.org/abs/1111.3530
http://arxiv.org/pdf/1111.3530v1 [PDF]
Title: Re: Technical
Post by: Asyn on November 30, 2011, 05:32:33 PM
Java is the largest malware target according to Microsoft
http://www.h-online.com/security/news/item/Java-is-the-largest-malware-target-according-to-Microsoft-1387528.html
http://blogs.technet.com/b/security/archive/2011/11/28/millions-of-java-exploit-attempts-the-importance-of-keeping-all-software-up-to-date.aspx
http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits/
Title: Re: Technical
Post by: YoKenny on November 30, 2011, 10:31:02 PM
Java is the largest malware target according to Microsoft
http://krebsonsecurity.com/2011/11/new-java-attack-rolled-into-exploit-kits/
From KrebsOnSecurity
Quote
The exploit attacks a vulnerability that exists in Oracle Java SE JDK and JRE 7 and 6 Update 27 and earlier. If you are using Java 6 Update 29, or Java 7 Update 1, then you have the latest version that is patched against this and 19 other security threats.
Title: Re: Technical
Post by: Asyn on December 02, 2011, 01:25:44 PM
The Spyfiles
http://wikileaks.org/the-spyfiles.html
http://www.washingtonpost.com/world/national-security/trade-in-surveillance-technology-raises-worries/2011/11/22/gIQAFFZOGO_story.html?hpid=z1
Title: Re: Technical
Post by: Asyn on December 10, 2011, 08:38:44 AM
Windows Defender Offline Beta
http://windows.microsoft.com/en-US/windows/what-is-windows-defender-offline
http://windows.microsoft.com/en-US/windows/windows-defender-offline-faq
http://www.winsupersite.com/article/windows-7/windows-defender-offline-beta-141535
Title: Re: Technical
Post by: Asyn on December 10, 2011, 05:38:15 PM
DNSCrypt
http://blog.opendns.com/2011/12/06/dnscrypt-%E2%80%93-critical-fundamental-and-about-time/
http://www.opendns.com/technology/dnscrypt/
Title: Re: Technical
Post by: YoKenny on December 10, 2011, 06:59:13 PM
DNSCrypt
http://www.opendns.com/technology/dnscrypt/
It says it is  (mac only at the moment)
Title: Re: Technical
Post by: Asyn on December 10, 2011, 07:06:26 PM
DNSCrypt
http://www.opendns.com/technology/dnscrypt/
It says it is  (mac only at the moment)

Yes, the windows version follows shortly.

Quote
We expect a Windows version in the near future.
Title: Re: Technical
Post by: Asyn on December 13, 2011, 12:34:38 PM
U.S. Homes In on China Spying
http://online.wsj.com/article_email/SB10001424052970204336104577094690893528130-lMyQjAxMTAxMDEwMjExNDIyWj.html
Title: Re: Technical
Post by: Asyn on December 16, 2011, 01:37:31 PM
IE to Start Automatic Upgrades across Windows XP, Windows Vista, and Windows 7
http://windowsteamblog.com/ie/b/ie/archive/2011/12/15/ie-to-start-automatic-upgrades-across-windows-xp-windows-vista-and-windows-7.aspx
Title: Re: Technical
Post by: Lisandro on December 17, 2011, 06:28:07 PM
IE to Start Automatic Upgrades across Windows XP, Windows Vista, and Windows 7
http://windowsteamblog.com/ie/b/ie/archive/2011/12/15/ie-to-start-automatic-upgrades-across-windows-xp-windows-vista-and-windows-7.aspx
Thanks. Brazil will be in the beginning of the list :)
Title: Re: Technical
Post by: bob3160 on December 17, 2011, 06:30:45 PM
http://forum.avast.com/index.php?topic=19387.msg720292#msg720292 (http://forum.avast.com/index.php?topic=19387.msg720292#msg720292)
Title: Re: Technical
Post by: Asyn on December 17, 2011, 06:36:23 PM
IE to Start Automatic Upgrades across Windows XP, Windows Vista, and Windows 7
http://windowsteamblog.com/ie/b/ie/archive/2011/12/15/ie-to-start-automatic-upgrades-across-windows-xp-windows-vista-and-windows-7.aspx
Thanks. Brazil will be in the beginning of the list :)

NP Tech..!

@Bob: You were almost 2 hours late. ;) But you're right, that any discussion (if needed) should continue there or in a new topic.
Title: Re: Technical
Post by: Asyn on December 17, 2011, 08:52:53 PM
Resurrection: sniffing tool Ettercap has returned
http://www.h-online.com/open/news/item/Resurrection-sniffing-tool-Ettercap-has-returned-1397037.html
http://ettercap.sourceforge.net/index.php
Title: Re: Technical
Post by: Asyn on December 18, 2011, 09:07:55 AM
Protecting your digital identity [Windows 8]
http://blogs.msdn.com/b/b8/archive/2011/12/14/protecting-your-digital-identity.aspx
Title: Re: Technical
Post by: Asyn on December 21, 2011, 08:17:17 AM
Disorderly conduct: localized malware impersonates the police
http://blogs.technet.com/b/mmpc/archive/2011/12/19/disorderly-conduct-localized-malware-impersonates-the-police.aspx
Title: Re: Technical
Post by: Asyn on January 03, 2012, 08:06:25 PM
Wi-Fi Protected Setup PIN brute force vulnerability
http://sviehb.wordpress.com/2011/12/27/wi-fi-protected-setup-pin-brute-force-vulnerability/
http://www.kb.cert.org/vuls/id/723755
http://sviehb.files.wordpress.com/2011/12/viehboeck_wps.pdf
Title: Re: Technical
Post by: Asyn on January 03, 2012, 10:39:28 PM
Pharma Wars: ‘Google,’ the Cutwail Botmaster
https://krebsonsecurity.com/2012/01/pharma-wars-google-the-cutwail-botmaster/
https://www.m86security.com/labs/spam_statistics.asp
Title: Re: Technical
Post by: Asyn on January 05, 2012, 08:59:20 AM
EFF Raises Concerns About the New AOL Instant Messenger
https://www.eff.org/deeplinks/2011/12/effs-raises-concerns-about-new-aol-instant-messenger-0
Title: Re: Technical
Post by: Asyn on January 06, 2012, 10:59:24 AM
28C3: Denial-of-Service attacks on web applications made easy
http://www.h-online.com/security/news/item/28C3-Denial-of-Service-attacks-on-web-applications-made-easy-1401863.html
http://www.nruns.com/_downloads/advisory28122011.pdf
Title: Re: Technical
Post by: Asyn on January 10, 2012, 09:41:18 AM
Tails 0.10 (The Amnesic Incognito Live System)
http://tails.boum.org/index.en.html
http://tails.boum.org/news/version_0.10/
http://tails.boum.org/download/index.en.html
Title: Re: Technical
Post by: Asyn on January 17, 2012, 10:30:37 AM
Sykipot variant hijacks DOD and Windows smart cards
http://labs.alienvault.com/labs/index.php/2012/when-the-apt-owns-your-smart-cards-and-certs/
Title: Re: Technical
Post by: Asyn on January 17, 2012, 03:14:40 PM
SE Android (Security Enhanced Android)
http://selinuxproject.org/page/SEAndroid
http://selinuxproject.org/~jmorris/lss2011_slides/caseforseandroid.pdf
Title: Re: Technical
Post by: Asyn on January 17, 2012, 06:11:02 PM
The Koobface malware gang - exposed!
http://nakedsecurity.sophos.com/koobface/
Title: Re: Technical
Post by: Asyn on January 22, 2012, 10:12:05 AM
Hoping to Teach a Lesson, Researchers Release Exploits for Critical Infrastructure Software
http://www.wired.com/threatlevel/2012/01/scada-exploits/
Title: Re: Technical
Post by: Asyn on January 22, 2012, 03:09:47 PM
The Koobface malware gang - exposed!
http://nakedsecurity.sophos.com/koobface/

Koobface C&C goes silent after alleged controllers exposed
http://www.h-online.com/security/news/item/Koobface-C-C-goes-silent-after-alleged-controllers-exposed-1416869.html
Title: Re: Technical
Post by: Asyn on January 22, 2012, 04:09:07 PM
The Impact of Mobile Devices on Information Security
http://www.checkpoint.com/press/2012/011812-check-point-businesses-admit-increase-security.html
http://www.checkpoint.com/downloads/products/check-point-mobile-security-survey-report.pdf
Title: Re: Technical
Post by: Asyn on January 24, 2012, 10:02:34 AM
Mozilla's BrowserID offered as an alternative to OpenID
http://www.h-online.com/security/news/item/Mozilla-s-BrowserID-offered-as-an-alternative-to-OpenID-1280136.html
http://identity.mozilla.com/post/7616727542/introducing-browserid-a-better-way-to-sign-in
http://identity.mozilla.com/post/7669886219/how-browserid-differs-from-openid
https://browserid.org/

Mozilla's BrowserID moves forward
http://www.h-online.com/security/news/item/Mozilla-s-BrowserID-moves-forward-1419193.html
Title: Re: Technical
Post by: Asyn on January 24, 2012, 01:14:26 PM
Microsoft Names New Defendant in Kelihos Case
http://blogs.technet.com/b/microsoft_blog/archive/2012/01/23/microsoft-names-new-defendant-in-kelihos-case.aspx
http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-80-54/6180.Kelihos-Botnet-_2D00_-Amended-Complaint.pdf
Title: Re: Technical
Post by: Asyn on January 25, 2012, 10:50:53 AM
Board Room Spying for Fun and Profit
https://community.rapid7.com/community/solutions/metasploit/blog/2012/01/23/video-conferencing-and-self-selecting-targets
Title: Re: Technical
Post by: Asyn on January 28, 2012, 08:03:05 AM
A different breed of downloader
http://blogs.technet.com/b/mmpc/archive/2012/01/24/a-different-breed-of-downloader.aspx
Title: Re: Technical
Post by: Asyn on February 01, 2012, 08:13:36 AM
Hacker's Demo Shows How Easily Credit Cards Can Be Read Through Clothes And Wallets
http://www.forbes.com/sites/andygreenberg/2012/01/30/hackers-demo-shows-how-easily-credit-cards-can-be-read-through-clothes-and-wallets/
Title: Re: Technical
Post by: Asyn on February 02, 2012, 02:08:00 PM
Kelihos/Hlux botnet returns with new techniques
http://www.securelist.com/en/blog/655/Kelihos_Hlux_botnet_returns_with_new_techniques
Title: Re: Technical
Post by: Asyn on February 07, 2012, 08:21:39 AM
Trendnet Cameras - I always feel like somebody's watching me.
http://console-cowboys.blogspot.com/2012/01/trendnet-cameras-i-always-feel-like.html
Title: Re: Technical
Post by: Asyn on February 11, 2012, 09:34:25 AM
Satellite telephony is unsafe
RUB scientists break security standards - Encryption algorithms have security gaps
http://gmr.crypto.rub.de/
http://gmr.crypto.rub.de/paper/paper-1.pdf
Title: Re: Technical
Post by: Asyn on February 12, 2012, 10:00:22 AM
Iran partially blocks encrypted network traffic
https://blog.torproject.org/blog/iran-partially-blocks-encrypted-network-traffic
https://lists.torproject.org/pipermail/tor-talk/2012-February/023070.html
Title: Re: Technical
Post by: Pondus on February 13, 2012, 12:16:24 AM
Introducing DNSCrypt (Preview Release)
http://www.opendns.com/technology/dnscrypt?utm_source=n012012&utm_medium=em&utm_campaign=home
Title: Re: Technical
Post by: Asyn on February 14, 2012, 07:31:32 AM
Android.Bmaster: A Million-Dollar Mobile Botnet
http://www.symantec.com/connect/blogs/androidbmaster-million-dollar-mobile-botnet
http://www.cs.ncsu.edu/faculty/jiang/RootSmart/
Title: Re: Technical
Post by: Asyn on February 17, 2012, 11:00:53 AM
RSA keys not as random as they should be
http://www.h-online.com/security/news/item/RSA-keys-not-as-random-as-they-should-be-1435474.html
http://eprint.iacr.org/2012/064.pdf
https://freedom-to-tinker.com/blog/nadiah/new-research-theres-no-need-panic-over-factorable-keys-just-mind-your-ps-and-qs
Title: Re: Technical
Post by: Asyn on February 19, 2012, 01:32:00 PM
Mozilla: Remove Trustwave Certificate(s) from trusted root certificates
https://bugzilla.mozilla.org/show_bug.cgi?id=724929
https://wiki.mozilla.org/CA%3ACommunications#February_17.2C_2012
https://bugzilla.mozilla.org/attachment.cgi?id=598527
Title: Re: Technical
Post by: Asyn on February 21, 2012, 01:34:33 PM
Google Bypassing User Privacy Settings
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx
Title: Re: Technical
Post by: bob3160 on February 21, 2012, 01:50:38 PM
Google Bypassing User Privacy Settings
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx (http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx)
This can also be rephrased as Apple and Microsoft aren't protecting their users privacy.  ;D
Title: Re: Technical
Post by: Asyn on February 22, 2012, 06:51:35 AM
Google Bypassing User Privacy Settings
http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx (http://blogs.msdn.com/b/ie/archive/2012/02/20/google-bypassing-user-privacy-settings.aspx)
This can also be rephrased as Apple and Microsoft aren't protecting their users privacy.  ;D

Well, Rachel Whetstone (Senior Vice President of Communications and Policy, Google) thinks similar... ;D
http://parislemon.com/post/17998654387/google-microsoft-is-full-of-shit
Title: Re: Technical
Post by: ady4um on February 22, 2012, 11:14:11 AM
No intention to open a discussion in this topic, but to end one...

The article is about 2 different things, depending on how you look at it.

1_ Google said it will follow a certain recognized standard, and it didn't follow that standard. If the standard were to be followed, then no "extra" track down of users would had happened.

2_ For those sites not following that standard (whether they declare it in their privacy policy or not), the user can be tracked down, and certain web browsers will not protect your privacy using their standard methods (while the user thinks it is enough to protect his privacy, but it isn't).
Title: Re: Technical
Post by: Asyn on February 22, 2012, 11:22:58 AM
1_ Google said it will follow a certain recognized standard, and it didn't follow that standard. If the standard were to be followed, then no "extra" track down of users would had happened.

2_ For those sites not following that standard (whether they declare it in their privacy policy or not), the user can be tracked down, and certain web browsers will not protect your privacy using their standard methods (while the user thinks it is enough to protect his privacy, but it isn't).

1. Which article are you refering to..? (http://support.google.com/accounts/bin/answer.py?hl=en&answer=151657)
2. Well, there's also Firefox... ;)
Title: Re: Technical
Post by: ady4um on February 22, 2012, 01:16:29 PM
1_ Google said it will follow a certain recognized standard, and it didn't follow that standard. If the standard were to be followed, then no "extra" track down of users would had happened.

2_ For those sites not following that standard (whether they declare it in their privacy policy or not), the user can be tracked down, and certain web browsers will not protect your privacy using their standard methods (while the user thinks it is enough to protect his privacy, but it isn't).

1. Which article are you refering to..? (http://support.google.com/accounts/bin/answer.py?hl=en&answer=151657)
2. Well, there's also Firefox... ;)

1. Both. The final point is not about one company or the other are not exactly telling the truth. Is about sites' "real" privacy policy.
2. Yes, or IE9 (as MS "now" recommends) but the user needs to find the exact add-on to protect his privacy, and then know about all those new "tricks" popping out every day, and keep searching for new solutions... Just as with other security related issues, it never ends and no solution is permanently safe.
Title: Re: Technical
Post by: Asyn on February 23, 2012, 06:59:30 AM
A look at ASLR in Android Ice Cream Sandwich 4.0
http://blog.duosecurity.com/2012/02/a-look-at-aslr-in-android-ice-cream-sandwich-4-0/
Title: Re: Technical
Post by: Asyn on February 27, 2012, 12:23:19 PM
ASLR to be mandatory for binary Firefox extensions
http://www.h-online.com/security/news/item/ASLR-to-be-mandatory-for-binary-Firefox-extensions-1443131.html
Title: Re: Technical
Post by: Asyn on March 03, 2012, 04:22:20 PM
How we broke the NuCaptcha video scheme and what we propose to fix it
http://elie.im/blog/security/how-we-broke-the-nucaptcha-video-scheme-and-what-we-propose-to-fix-it/
Title: Re: Technical
Post by: Asyn on March 06, 2012, 07:55:45 AM
Anonymous Supporters Tricked into Installing Zeus Trojan
http://www.symantec.com/connect/blogs/anonymous-supporters-tricked-installing-zeus-trojan
Title: Re: Technical
Post by: Asyn on March 07, 2012, 12:44:58 PM
Mozilla introduces Collusion, a new tracking mapper add-on
http://www.h-online.com/security/news/item/Mozilla-introduces-Collusion-a-new-tracking-mapper-add-on-1445357.html
https://www.mozilla.org/en-US/collusion/
https://www.mozilla.org/en-US/collusion/demo/
Title: Re: Technical
Post by: Asyn on March 07, 2012, 02:51:48 PM
Attacking the Washington, D.C. Internet Voting System
https://jhalderm.com/pub/papers/dcvoting-fc12.pdf
Title: Re: Technical
Post by: Asyn on March 08, 2012, 04:33:03 PM
Adobe SWF Investigator
http://labs.adobe.com/technologies/swfinvestigator/
Title: Re: Technical
Post by: Asyn on March 12, 2012, 01:38:44 PM
The Symantec Smartphone Honey Stick Project
http://www.symantec.com/connect/blogs/introducing-symantec-smartphone-honey-stick-project
http://www.symantec.com/content/en/us/about/presskits/b-symantec-smartphone-honey-stick-project.en-us.pdf?om_ext_cid=biz_socmed_twitter_facebook_marketwire_linkedin_2012Mar_worldwide_honeystick
Title: Re: Technical
Post by: Asyn on March 14, 2012, 04:41:20 PM
Framesniffing against SharePoint and LinkedIn
http://www.contextis.com/research/blog/framesniffing/
Title: Re: Technical
Post by: Asyn on March 16, 2012, 02:09:32 PM
Android Malware Pairs Man-in-the-Middle With Remote-Controlled Banking Trojan
http://blogs.mcafee.com/mcafee-labs/android-malware-pairs-man-in-the-middle-with-remote-controlled-banking-trojan
Title: Re: Technical
Post by: Asyn on March 19, 2012, 01:35:15 PM
CyanogenMod 9 to ship without default root access
http://www.h-online.com/security/news/item/CyanogenMod-9-to-ship-without-default-root-access-1474741.html
http://www.cyanogenmod.com/blog/security-and-you
Title: Re: Technical
Post by: Asyn on March 20, 2012, 12:52:26 PM
Twitter Bots Target Tibetan Protests
http://krebsonsecurity.com/2012/03/twitter-bots-target-tibetan-protests/
Title: Re: Technical
Post by: Asyn on March 22, 2012, 03:10:33 PM
Firefox To Use Google Secure Search By Default
http://searchengineland.com/firefox-to-use-google-secure-search-by-default-116231
Title: Re: Technical
Post by: Asyn on March 23, 2012, 06:02:20 AM
2012 Data Breach Investigations Report
http://www.verizonbusiness.com/resources/reports/rp_data-breach-investigations-report-2012_en_xg.pdf
Title: Re: Technical
Post by: Asyn on March 26, 2012, 12:59:00 PM
Firefox 3.6.x approaches end of life
http://www.h-online.com/security/news/item/Firefox-3-6-x-approaches-end-of-life-1479643.html
http://blog.mozilla.com/futurereleases/2012/03/23/upcoming-firefox-support-changes/
http://weblogs.mozillazine.org/asa/archives/2012/03/the-end-of-support-f.html
Title: Re: Technical
Post by: Asyn on March 27, 2012, 09:11:30 AM
Microsoft and Financial Services Industry Leaders Target Cybercriminal Operations from Zeus Botnets
http://blogs.technet.com/b/microsoft_blog/archive/2012/03/25/microsoft-and-financial-services-industry-leaders-target-cybercriminal-operations-from-zeus-botnets.aspx
http://www.microsoft.com/presspass/presskits/dcu/
http://www.microsoft.com/Presspass/press/2012/mar12/03-25CybercrimePR.mspx
http://www.zeuslegalnotice.com/images/Complaint_w_Appendices.pdf
https://zeustracker.abuse.ch/statistic.php
https://zeustracker.abuse.ch/monitor.php
Title: Re: Technical
Post by: Asyn on March 28, 2012, 03:50:22 PM
Mozilla calls for tighter controls on sub-CAs
http://www.h-online.com/security/news/item/Mozilla-calls-for-tighter-controls-on-sub-CAs-1484643.html
https://groups.google.com/group/mozilla.dev.security.policy/browse_thread/thread/d239c42ef880c71a
Title: Re: Technical
Post by: Asyn on March 30, 2012, 07:51:38 AM
Twitter Bots Target Tibetan Protests
http://krebsonsecurity.com/2012/03/twitter-bots-target-tibetan-protests/

http://labs.alienvault.com/labs/index.php/2012/alienvault-research-used-as-lure-in-targeted-attacks/
http://labs.alienvault.com/labs/index.php/2012/targeted-attacks-against-tibet-organizations/
Title: Re: Technical
Post by: Asyn on March 31, 2012, 10:34:16 AM
Doubts over necessity of SHA-3 cryptography standard
http://www.h-online.com/security/news/item/Doubts-over-necessity-of-SHA-3-cryptography-standard-1498071.html
Title: Re: Technical
Post by: Asyn on April 03, 2012, 09:36:52 AM
Pastebin to hire staff to tackle hackers' 'sensitive' posts
http://www.bbc.com/news/technology-17544311
http://www.bbc.com/news/technology-17524822
Title: Re: Technical
Post by: Asyn on April 04, 2012, 04:41:13 PM
Adobe “Malware Classifier” Tool
http://blogs.adobe.com/asset/2012/03/presenting-malware-classifier-tool.html
https://sourceforge.net/adobe/malclassifier
http://sourceforge.net/projects/malclassifier.adobe/files/
Title: Re: Technical
Post by: Asyn on April 05, 2012, 07:38:53 AM
Mozilla is Blocklisting Older Versions of Java
http://blog.mozilla.com/addons/2012/04/02/blocking-java/
https://addons.mozilla.org/en-US/firefox/blocked/p80
Title: Re: Technical
Post by: Asyn on April 10, 2012, 07:17:32 AM
Hotel Wifi JavaScript Injection
http://justinsomnia.org/2012/04/hotel-wifi-javascript-injection/
Title: Re: Technical
Post by: Asyn on April 11, 2012, 09:55:42 AM
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html
Title: Re: Technical
Post by: DavidR on April 11, 2012, 12:33:03 PM
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html

They are talking of the very same things in the UK, estimated to cost business £2BN to implement the measures. But there are very hostile reactions about it, from the various privacy groups, the public and a lot of opposition in Parliament and the Lords.
Title: Re: Technical
Post by: Asyn on April 12, 2012, 05:33:27 AM
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html

They are talking of the very same things in the UK, estimated to cost business £2BN to implement the measures. But there are very hostile reactions about it, from the various privacy groups, the public and a lot of opposition in Parliament and the Lords.

Hope it can be stopped in the UK...!! :(
Against the US law we can sign this...

CISPA Petition: https://secure.avaaz.org/en/stop_cispa/
Title: Re: Technical
Post by: Asyn on April 13, 2012, 08:30:24 AM
Discovering a Major Security Hole in Facebook's Android SDK
http://blog.parse.com/2012/04/10/discovering-a-major-security-hole-in-facebooks-android-sdk/
Title: Re: Technical
Post by: Asyn on April 14, 2012, 08:52:17 AM
Stuxnet Loaded by Iran Double Agents
http://www.isssource.com/stuxnet-loaded-by-iran-double-agents/
Title: Re: Technical
Post by: Asyn on April 14, 2012, 06:15:13 PM
Firefox gets click-to-play option for plugins
http://www.h-online.com/security/news/item/Firefox-gets-click-to-play-option-for-plugins-1520514.html
https://msujaws.wordpress.com/2012/04/11/opting-in-to-plugins-in-firefox/
https://wiki.mozilla.org/Opt-in_activation_for_plugins
Title: Re: Technical
Post by: Asyn on April 18, 2012, 06:22:51 PM
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html

Week of Action On CISPA Preceding "Cybersecurity Week" in the House
https://www.cdt.org/pr_statement/week-action-cispa-preceding-cybersecurity-week-house

Administration pushes against bipartisan House cybersecurity legislation
http://thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa
Title: Re: Technical
Post by: Asyn on April 20, 2012, 06:16:30 PM
Anonymous deploys Zerobin to create AnonPaste
http://www.h-online.com/security/news/item/Anonymous-deploys-Zerobin-to-create-AnonPaste-1544706.html
Title: Re: Technical
Post by: Asyn on April 22, 2012, 10:12:20 AM
Adventures with iOS UIWebviews
http://labs.mwrinfosecurity.com/blog/2012/04/16/adventures-with-ios-uiwebviews/
Title: Re: Technical
Post by: Asyn.B on April 22, 2012, 03:05:28 PM
The anatomy of Flashback/Flashfake
http://www.securelist.com/en/analysis/204792227/The_anatomy_of_Flashfake_Part_1
Title: Re: Technical
Post by: bob3160 on April 22, 2012, 03:39:54 PM
A little strange to see an Asyn  and an Asyn.B ???



Confusion Reigns ???
Title: Re: Technical
Post by: Asyn.B on April 22, 2012, 03:41:56 PM
A little strange to see an Asyn  and an Asyn.B ???
Confusion Reigns ???

Don't worry Bob, the one with the ".B" is just my test account. ;)
Have a nice sunday,
Asyn
Title: Re: Technical
Post by: Pondus on April 22, 2012, 03:58:20 PM
A little strange to see an Asyn  and an Asyn.B ???
Confusion Reigns ???

Don't worry Bob, the one with the ".B" is just my test account. ;)
Have a nice sunday,
Asyn
Testing what.......to see if we get confused?

 it worked   ;D

Title: Re: Technical
Post by: Asyn.B on April 22, 2012, 04:09:28 PM
Testing what.......to see if we get confused?

 it worked   ;D

Well, not really. ;)
Sorry, that it worked, though.... ;D
Title: Re: Technical
Post by: Pondus on April 22, 2012, 04:14:08 PM
i thought it was your brother   ;D
Title: Re: Technical
Post by: Asyn.B on April 22, 2012, 04:38:21 PM
i thought it was your brother   ;D

Because of the ".B"..??
Well, no brother here, I'm not t*** i***** ;D
Title: Re: Technical
Post by: bob10000 on April 22, 2012, 05:02:50 PM
i thought it was your brother   ;D

Because of the ".B"..??
Well, no brother here, I'm not t*** i***** ;D
My alter ego very seldom makes an appearance....
So what is yours testing ???
Title: Re: Technical
Post by: Asyn.B on April 22, 2012, 05:19:34 PM
My alter ego very seldom makes an appearance....
So what is yours testing ???

I'll send you a PM shortly.
We're getting OT here. ;)
Title: Re: Technical
Post by: Asyn on April 25, 2012, 09:42:36 AM
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html

Week of Action On CISPA Preceding "Cybersecurity Week" in the House
https://www.cdt.org/pr_statement/week-action-cispa-preceding-cybersecurity-week-house

Administration pushes against bipartisan House cybersecurity legislation
http://thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa

Resistance against US cyber security act is growing
http://www.h-online.com/security/news/item/Resistance-against-US-cyber-security-act-is-growing-1557861.html
Title: Re: Technical
Post by: Asyn on April 29, 2012, 09:52:47 AM
TVs and Blu-ray players vulnerable to DoS attacks
http://www.h-online.com/security/news/item/TVs-and-Blu-ray-players-vulnerable-to-DoS-attacks-1558245.html
http://aluigi.org/adv/samsux_1-adv.txt
Title: Re: Technical
Post by: Asyn on April 30, 2012, 10:46:20 AM
Microsoft Security Intelligence Report (SIR) #12
http://www.microsoft.com/security/sir/default.aspx
http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_English.pdf
http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_Key_Findings_Summary_English.pdf
http://download.microsoft.com/download/C/9/A/C9A544AD-4150-43D3-80F7-4F1641EF910A/Microsoft_Security_Intelligence_Report_Volume_12_Worldwide_Threat_Assessment_English.pdf
Title: Re: Technical
Post by: Asyn on May 05, 2012, 05:41:40 PM
SSL Pulse - To Make SSL More Secure and Pervasive
https://www.trustworthyinternet.org/blog/2012/4/25/ssl-pulse-to-make-ssl-more-secure-and-pervasive.html
https://www.trustworthyinternet.org/ssl-pulse/
Title: Re: Technical
Post by: Asyn on May 06, 2012, 08:47:29 AM
The Tor Project's New Tool Aims To Map Out Internet Censorship
http://www.forbes.com/sites/andygreenberg/2012/04/30/the-tor-projects-new-tool-aims-to-map-out-internet-censorship/
http://ooni.nu/
Title: Re: Technical
Post by: Asyn on May 06, 2012, 12:00:33 PM
Draconian cyber security bill could lead to Internet surveillance and censorship
http://en.rsf.org/etats-unis-draconian-cyber-security-bill-06-04-2012,42283.html

Week of Action On CISPA Preceding "Cybersecurity Week" in the House
https://www.cdt.org/pr_statement/week-action-cispa-preceding-cybersecurity-week-house

Administration pushes against bipartisan House cybersecurity legislation
http://thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa

Resistance against US cyber security act is growing
http://www.h-online.com/security/news/item/Resistance-against-US-cyber-security-act-is-growing-1557861.html

Mozilla Slams CISPA, Breaking Silicon Valley's Silence On Cybersecurity Bill
http://www.forbes.com/sites/andygreenberg/2012/05/01/mozilla-slams-cispa-breaking-silicon-valleys-silence-on-cybersecurity-bill/
Title: Re: Technical
Post by: Asyn on May 08, 2012, 08:06:05 AM
Flash 11.3 to bring protected mode for Firefox
http://www.h-online.com/security/news/item/Flash-11-3-to-bring-protected-mode-for-Firefox-1569608.html
Title: Re: Technical
Post by: Asyn on May 08, 2012, 11:19:51 AM
OpenX Promises Fix for Rogue Ads Bug
http://krebsonsecurity.com/2012/05/openx-promises-fix-for-rogue-ads-bug/
Title: Re: Technical
Post by: Asyn on May 09, 2012, 07:09:06 AM
Sigrok: open source framework for logic analysers
http://www.h-online.com/security/news/item/Sigrok-open-source-framework-for-logic-analysers-1567131.html
http://sigrok.org/wiki/Main_Page
Title: Re: Technical
Post by: Asyn on May 13, 2012, 08:23:26 AM
DNSCrypt for Windows has arrived
http://blog.opendns.com/2012/05/08/dnscrypt-for-windows-has-arrived/
http://www.opendns.com/technology/dnscrypt/
Title: Re: Technical
Post by: Asyn on May 14, 2012, 01:43:26 PM
OpenVAS-5 released: New Asset-Management, Delta-Reports and embedded SCAP-Data
http://www.openvas.org/news_archive.html#openvas5
http://www.openvas.org/download.html
Title: Re: Technical
Post by: Asyn on May 18, 2012, 06:17:34 AM
Fraunhofer SIT Study: On the Security of Cloud Storage Services
Providers don't meet security requirements
http://www.sit.fraunhofer.de/en/cloudstudy.html
http://www.sit.fraunhofer.de/content/dam/sit/en/studies/Cloud-Storage-Security_a4.pdf
http://www.sit.fraunhofer.de/content/dam/sit/en/studies/Addendum.pdf
Title: Re: Technical
Post by: Asyn on May 19, 2012, 09:09:07 AM
Worth Reading: Confessions of a botnet operator
http://www.h-online.com/security/news/item/Worth-Reading-Confessions-of-a-botnet-operator-1574453.html
Title: Re: Technical
Post by: Asyn on May 19, 2012, 05:30:15 PM
.secure domains require proof of security
http://www.h-online.com/security/news/item/secure-domains-require-proof-of-security-1577683.html
https://www.artemis.net/who-should-get-secure.html
https://www.artemis.net/ncc-group.html
Title: Re: Technical
Post by: Asyn on May 22, 2012, 05:57:33 PM
Twitter refines tracking, adds Do Not Track support
http://www.h-online.com/security/news/item/Twitter-refines-tracking-adds-Do-Not-Track-support-1579020.html
Title: Re: Technical
Post by: Asyn on May 23, 2012, 11:09:21 AM
A closer look into the RSA SecureID software token
http://www.sensepost.com/blog/7045.html
http://arstechnica.com/security/2012/05/rsa-securid-software-token-cloning-attack/
Title: Re: Technical
Post by: Asyn on May 24, 2012, 09:42:24 AM
Big Brother (SpyEye films you)
https://www.securelist.com/en/blog/208193513/Big_Brother
Title: Re: Technical
Post by: Asyn on May 25, 2012, 10:22:52 AM
A Tale of Two Pwnies (Part 1)
http://blog.chromium.org/2012/05/tale-of-two-pwnies-part-1.html
Title: Re: Technical
Post by: Asyn on May 26, 2012, 08:46:31 PM
Off-Path TCP Sequence Number Inference Attack, enabled by Sequence-Number-Checking Firewall Middleboxes
http://web.eecs.umich.edu/~zhiyunq/tcp_sequence_number_inference/
http://web.eecs.umich.edu/~zhiyunq/pub/oakland12_TCP_sequence_number_inference.pdf
http://arstechnica.com/security/2012/05/smartphone-hijacking-on-att-47-other-carriers/
Title: Re: Technical
Post by: Asyn on May 27, 2012, 02:21:13 PM
McAfee Q1 Threats Report Finds Significant Malware Increase Across All Platforms
http://www.mcafee.com/us/about/news/2012/q2/20120523-01.aspx
http://www.mcafee.com/us/resources/reports/rp-quarterly-threat-q1-2012.pdf
Title: Re: Technical
Post by: Asyn on May 27, 2012, 10:01:32 PM
Android Malware Genome Project launched
http://www.h-online.com/security/news/item/Android-Malware-Genome-Project-launched-1583915.html
http://web.ncsu.edu/abstract/technology/wms-android-genome/
http://www.csc.ncsu.edu/faculty/jiang/pubs/OAKLAND12.pdf
Title: Re: Technical
Post by: Asyn on May 28, 2012, 10:36:07 AM
The quest to replace passwords
http://www.lightbluetouchpaper.org/2012/05/22/the-quest-to-replace-passwords/
http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-817.html
http://www.cl.cam.ac.uk/~fms27/papers/2012-BonneauHerOorSta-password--oakland.pdf
Title: Re: Technical
Post by: Asyn on June 01, 2012, 02:29:12 PM
Say hello to Tinba: World’s smallest trojan-banker
http://www.csis.dk/en/csis/news/3566/
Title: Re: Technical
Post by: Asyn on June 02, 2012, 05:52:39 PM
The science of password guessing
http://www.lightbluetouchpaper.org/2012/05/24/the-science-of-password-guessing/
http://www.cl.cam.ac.uk/~jcb82/doc/B12-IEEESP-analyzing_70M_anonymized_passwords.pdf
Title: Re: Technical
Post by: Asyn on June 03, 2012, 11:53:57 AM
Worth Reading: Apple explains iOS security
http://www.h-online.com/security/news/item/Worth-Reading-Apple-explains-iOS-security-1589183.html
http://images.apple.com/ipad/business/docs/iOS_Security_May12.pdf
Title: Re: Technical
Post by: Asyn on June 04, 2012, 12:15:16 PM
Do Not Track: It’s the user’s voice that matters
http://blog.mozilla.org/privacy/2012/05/31/do-not-track-its-the-users-voice-that-matters/
http://blogs.technet.com/b/microsoft_on_the_issues/archive/2012/05/31/advancing-consumer-trust-and-privacy-internet-explorer-in-windows-8.aspx
Title: Re: Technical
Post by: Asyn on June 09, 2012, 06:46:31 PM
Md5crypt Password scrambler is no longer considered safe by author
http://phk.freebsd.dk/sagas/md5crypt_eol.html?highlight=md5#md5crypt-password-scrambler-is-no-longer-considered-safe-by-author
Title: Re: Technical
Post by: Asyn on June 11, 2012, 11:40:00 AM
Simple authentication bypass for MySQL root revealed
http://www.h-online.com/security/news/item/Simple-authentication-bypass-for-MySQL-root-revealed-1614990.html
http://seclists.org/oss-sec/2012/q2/493
https://community.rapid7.com/community/metasploit/blog/2012/06/11/cve-2012-2122-a-tragically-comedic-security-flaw-in-mysql
Title: Re: Technical
Post by: Asyn on June 15, 2012, 09:05:08 AM
Ghost USB honeypot released
http://www.honeynet.org/node/871
https://honeynet.org/hpsoc/slot1
http://code.google.com/p/ghost-usb-honeypot/
Title: Re: Technical
Post by: Asyn on June 17, 2012, 08:13:05 AM
Malware Hunting with the Sysinternals Tools
http://channel9.msdn.com/Events/TechEd/NorthAmerica/2012/SIA302
http://video.ch9.ms/teched/2012/na/SIA302.mp4
http://video.ch9.ms/teched/2012/na/SIA302.wmv
Title: Re: Technical
Post by: Asyn on June 23, 2012, 09:57:04 AM
Why Do Nigerian Scammers Say They are From Nigeria?
http://research.microsoft.com/apps/pubs/default.aspx?id=167713
http://research.microsoft.com/pubs/167713/WhyFromNigeria.pdf
Title: Re: Technical
Post by: Asyn on June 25, 2012, 04:42:00 PM
Bypassing ASLR and DEP on Adobe Reader X
http://esec-lab.sogeti.com/post/Bypassing-ASLR-and-DEP-on-Adobe-Reader-X
Title: Re: Technical
Post by: Asyn on June 28, 2012, 08:34:17 AM
ACAD/Medre.A – 10000′s Of AutoCAD Files Leaked in Suspected Industrial Espionage
http://www.eset.com/about/blog/blog/article/acadmedre-10000s-of-autocad-files-leaked-in-suspected-industrial-espionage/
Title: Re: Technical
Post by: Asyn on June 28, 2012, 03:59:21 PM
The page at accounts.google.com says:
This is the story of how one temporarily made $1566.85 an hour with Google’s vulnerability rewards program
http://www.talesofacoldadmin.com/2012/06/18/the-page-at-accounts-google-com-says/
http://www.slideshare.net/goldshlager19/nir-goldshlager-killing-a-bug-bounty-program-twice-hack-in-the-box-2012
Title: Re: Technical
Post by: Asyn on July 01, 2012, 01:42:15 PM
Operation High Roller: online banking fraud on a grand scale
http://www.h-online.com/security/news/item/Operation-High-Roller-online-banking-fraud-on-a-grand-scale-1626663.html
http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf
Title: Re: Technical
Post by: Asyn on July 04, 2012, 12:12:08 PM
John the Ripper 1.7.9-jumbo-6
http://www.openwall.com/lists/john-users/2012/06/29/1
http://www.openwall.com/john/
Title: Re: Technical
Post by: Asyn on July 07, 2012, 07:17:04 PM
Source code for the Zemra crimeware bot released
http://www.h-online.com/security/news/item/Source-code-for-the-Zemra-crimeware-bot-released-1631420.html
http://www.symantec.com/connect/blogs/ddos-attacks-zemra-bot
Title: Re: Technical
Post by: Asyn on July 08, 2012, 01:06:10 PM
Trojan.Milicenso: Infection through .htaccess Redirection
http://www.symantec.com/connect/blogs/trojanmilicenso-infection-through-htaccess-redirection
http://www.symantec.com/connect/blogs/trojanmilicenso-paper-salesman-s-dream-come-true
Title: Re: Technical
Post by: Asyn on July 10, 2012, 10:08:33 AM
Operation High Roller: online banking fraud on a grand scale
http://www.h-online.com/security/news/item/Operation-High-Roller-online-banking-fraud-on-a-grand-scale-1626663.html
http://www.mcafee.com/us/resources/reports/rp-operation-high-roller.pdf

“High Roller” online bank robberies reveal security gaps
http://www.enisa.europa.eu/media/press-releases/eu-cyber-security-agency-enisa-201chigh-roller201d-online-bank-robberies-reveal-security-gaps
Title: Re: Technical
Post by: Asyn on July 18, 2012, 12:18:45 PM
Android Security Overview
http://source.android.com/tech/security/
Title: Re: Technical
Post by: Asyn on July 20, 2012, 12:31:08 PM
Exploit Mitigations in Android Jelly Bean 4.1
https://blog.duosecurity.com/2012/07/exploit-mitigations-in-android-jelly-bean-4-1/
Title: Re: Technical
Post by: Asyn on July 21, 2012, 05:59:21 PM
Researchers criticise the iPhone's PIN storing practice
http://www.h-online.com/security/news/item/Researchers-criticise-the-iPhone-s-PIN-storing-practice-1644874.html
http://sit.sit.fraunhofer.de/studies/en/sc-iphone-passwords-faq.pdf
Title: Re: Technical
Post by: pamelaoakes on July 21, 2012, 06:23:43 PM
when i updated my license tha is to expire next month i never got my new license/ how do i  fiud it so i can insert it
Title: Re: Technical
Post by: Asyn on July 21, 2012, 06:28:28 PM
when i updated my license tha is to expire next month i never got my new license/ how do i  fiud it so i can insert it

Sorry, but you're OT here. ;)
Click this link to open a new topic in the right section: http://forum.avast.com/index.php?action=post;board=2.0
Thanks.
Title: Re: Technical
Post by: Asyn on July 22, 2012, 10:31:27 AM
Grum, World's Third-Largest Botnet, Knocked Down
http://blog.fireeye.com/research/2012/07/grum-botnet-no-longer-safe-havens.html
http://blog.fireeye.com/research/2012/07/grum-cncs-just-a-few-more-to-go.html
http://blog.fireeye.com/research/2012/07/killing-the-beast-part-5.html
Title: Re: Technical
Post by: Asyn on July 23, 2012, 11:01:59 AM
Nominations for Pwnie Awards 2012
http://pwnies.com/nominations/
Title: Re: Technical
Post by: Asyn on July 25, 2012, 09:38:35 AM
VirusTotal += Behavioural Information
http://blog.virustotal.com/2012/07/virustotal-behavioural-information.html
Title: Re: Technical
Post by: Asyn on July 28, 2012, 10:01:06 PM
Web Application Attack Report For The Second Quarter of 2012
http://www.firehost.com/company/newsroom/web-application-attack-report-second-quarter-2012
Title: Re: Technical
Post by: Asyn on August 01, 2012, 01:51:40 PM
My Arduino can beat up your hotel room lock
http://demoseen.com/bhpaper.html
Title: Re: Technical
Post by: Asyn on August 02, 2012, 11:51:39 AM
From Bahrain With Love: FinFisher’s Spy Kit Exposed?
https://citizenlab.org/2012/07/from-bahrain-with-love-finfishers-spy-kit-exposed/3/
https://citizenlab.org/wp-content/uploads/2012/07/09-2012-frombahrainwithlove.pdf
Title: Re: Technical
Post by: Asyn on August 05, 2012, 02:31:58 PM
EFI rootkit for Macs demonstrated
http://www.h-online.com/security/news/item/EFI-rootkit-for-Macs-demonstrated-1655108.html
http://ho.ax/De_Mysteriis_Dom_Jobsivs_Black_Hat_Paper.pdf
Title: Re: Technical
Post by: Asyn on August 06, 2012, 08:35:03 AM
Technical Analysis of the Top BlueHat Prize Submissions
http://blogs.technet.com/b/srd/archive/2012/07/26/technical-analysis-of-the-top-bluehat-prize-submissions.aspx
Title: Re: Technical
Post by: Asyn on August 11, 2012, 08:07:05 PM
Attack Surface Analyzer 1.0 Released
http://blogs.msdn.com/b/sdl/archive/2012/08/02/attack-surface-analyzer-1-0-released.aspx
http://www.microsoft.com/en-us/download/details.aspx?id=24487
Title: Re: Technical
Post by: Asyn on August 12, 2012, 02:36:12 PM
How Apple and Amazon Security Flaws Led to My Epic Hacking
http://www.wired.com/gadgetlab/2012/08/apple-amazon-mat-honan-hacking/all/
Title: Re: Technical
Post by: Asyn on August 13, 2012, 05:55:55 PM
New Burp Proxy cracks Android SSL
http://www.h-online.com/security/news/item/New-Burp-Proxy-cracks-Android-SSL-1663112.html
http://releases.portswigger.net/2012/08/v1412.html
http://portswigger.net/burp/download.html
Title: Re: Technical
Post by: Asyn on August 14, 2012, 12:35:09 PM
Locating the Source of Diffusion in Large-Scale Networks
http://www.pedropinto.org.s3.amazonaws.com/publications/locating_source_diffusion_networks.pdf
Title: Re: Technical
Post by: Asyn on August 15, 2012, 11:59:38 AM
The Mystery of the Encrypted Gauss Payload
http://www.securelist.com/en/blog/208193781/The_Mystery_of_the_Encrypted_Gauss_Payload
Title: Re: Technical
Post by: CharleyO on August 16, 2012, 08:33:48 PM
***

webOS GBU to become quasi-independent cloud and UX company: meet GRAM

Quote
If you've been wondering where HP's webOS Global Business Unit was going under the leadership of HP Chief of Staff Martin Risau, you're not alone. For a while now we've been wondering what the next steps would be for the webOS group after finishing out the roadmap to Open webOS 1.0 next month. Coming soon will be a new page in the saga of Palm, with a new rebranding and product focus as GRAM.


Read more at :
http://www.webosnation.com/webos-gbu-become-quasi-independent-company-focused-user-experience-and-cloud-meet-gram


***
Title: Re: Technical
Post by: CharleyO on August 16, 2012, 09:13:36 PM
***

HP Says Its Windows 8 Tablet Will Include 'Unique' Technology

Quote
Despite last year's epic failure of the TouchPad, Hewlett-Packard still believes it can knock Apple's iPad off its lofty perch in the enterprise tablet market.

 HP has been teasing its forthcoming Windows 8 tablet in television commercials and will have more information to share about the device "pretty soon," said John Solomon, senior vice president of Americas sales for HP's printing and personal systems division, in an interview last week.

 "We will be very focused on the commercial tablet opportunity, which is completely under penetrated. And, we have some unique intellectual property that we're going to apply," Solomon told CRN.

Solomon declined to elaborate on the unique technology HP's Windows 8 tablet will contain, but he did paint it as a product that is tailor-made for the channel. Judging from his characterization, it appears that HP will target vertical markets in its initial Windows 8 tablet push.


Read more at :
http://www.crn.com/news/mobility/240005447/hp-says-its-windows-8-tablet-will-include-unique-technology.htm?cid=crnbuzz


***
Title: Re: Technical
Post by: CharleyO on August 17, 2012, 09:27:17 PM
***

Microsoft Visual Studio 2012, .NET 4.5 Released to the Web

Quote
Visual Studio 2012 and .NET 4.5 are the tools that form the backbone for developing on Windows 8, and Microsoft has released them more than two months ahead of the Oct. 26 planned release of Windows 8 to give developers a head start on building apps for the platform.

Jason Zander, Microsoft’s vice president of Visual Studio, said MSDN subscribers can download Visual Studio 2012 immediately at the MSDN Subscriber Download Page, and volume licensing customers will be able to download starting Aug. 16 from the Volume Licensing Service Center.

Developers also will be able to find Visual Studio in stores in the next month or so, as well as some availability to purchase it through the Visual Studio product Website in the next few days, Zander said. Moreover, to evaluate the free trial versions or download Microsoft’s free Express products, developers can go to the Visual Studio product Website.


Read more at :
http://www.eweek.com/c/a/Application-Development/Microsoft-Visual-Studio-2012-NET-45-Released-to-the-Web-222177/?kc=EWKNLEDP08172012B


***
Title: Re: Technical
Post by: Asyn on August 21, 2012, 02:45:15 PM
Microsoft's security software modifies HOSTS file
http://www.h-online.com/security/news/item/Microsoft-s-security-software-modifies-HOSTS-file-1670927.html
Title: Re: Technical
Post by: DavidR on August 21, 2012, 03:26:15 PM
Me, that is what I hate about MS, its autocratic attitude that it knows best. Yet again Windows Defender sticks it nose in. I was really hacked off when I found that I could only disable this piece of cr4p and not completely uninstall it in win7.
Title: Re: Technical
Post by: Lisandro on August 21, 2012, 04:02:47 PM
autocratic attitude
+1
It's NOT security related.
Title: Re: Technical
Post by: DavidR on August 21, 2012, 04:12:57 PM
autocratic attitude
+1
It's NOT security related.

Well technically it is security related, as not only can it be used legitimately to block access to sites you don't want to visit and doubleclick would be one of those (that MS removes). It can also be used illegally by redirecting a legit site to a malicious one.

But me, I would rather look after my own security and I don't even use the hosts file for that (AdBlockPlus, RequestPolicy and Firewall rather than the hosts file). It doesn't stop me getting angry about the autocratic attitude and actions though.
Title: Re: Technical
Post by: Asyn on August 22, 2012, 07:50:41 AM
Me, that is what I hate about MS, its autocratic attitude that it knows best. Yet again Windows Defender sticks it nose in.

Dave, I couldn't agree with you more.
Title: Re: Technical
Post by: Asyn on August 22, 2012, 01:39:10 PM
FF: Exposing add-on objects to content safely
https://blog.mozilla.org/addons/2012/08/20/exposing-objects-to-content-safely/
Title: Re: Technical
Post by: CharleyO on August 23, 2012, 04:49:41 AM
***

Foxconn improves worker conditions 'ahead of schedule'

Quote
Foxconn, Apple's main manufacturer in China, has taken steps to improve working hours and conditions, said the US-based Fair Labor Association (FLA).

Health breaks and measures to guard against repetitive stress injury were some of the changes the FLA found after an inspection.

The report said Foxconn was ahead of schedule in implementing the FLA's recommendations.


Foxconn also produces motherboards for PCs.

Read more at :
http://www.bbc.co.uk/news/business-19340128


***
Title: Re: Technical
Post by: CharleyO on August 24, 2012, 03:47:49 AM
***

Inside Intellectual Ventures, the most hated company in tech

Quote
Nathan Myhrvold and other executives at the controversial company say critics simply don't understand what they're doing. CNET went behind the scenes to understand what 40,000 patents and an unapologetic plan to make money from them really means.

To many in the high-tech business, a troll plots his schemes in a white office building on a hill in this leafy suburb of Seattle.

This is the home of Intellectual Ventures, which, depending on whom you ask, is either the biggest, most aggressive patent troll on the planet or a pioneering company that's helping inventors get their fair share.


Read more at :
http://news.cnet.com/8301-13578_3-57496641-38/inside-intellectual-ventures-the-most-hated-company-in-tech/


***
Title: Re: Technical
Post by: Asyn on August 26, 2012, 10:09:42 AM
Security Analysis and Decryption of Lion Full Disk Encryption
http://eprint.iacr.org/2012/374.pdf
Title: Re: Technical
Post by: Pondus on August 26, 2012, 09:11:19 PM
this may have been posted already ?

Firefox OS for mobile    http://www.mozilla.org/en-US/b2g/
Title: Re: Technical
Post by: Pondus on August 26, 2012, 09:13:25 PM
Microsoft analyzes over a million PC failures, results shatter enthusiast myths
http://www.extremetech.com/gaming/131739-microsoft-analyzes-over-a-million-pc-failures-results-shatter-enthusiast-myths
Title: Re: Technical
Post by: Asyn on August 27, 2012, 01:27:21 PM
Java 7 0-Day vulnerability information and mitigation
http://www.deependresearch.org/2012/08/java-7-0-day-vulnerability-information.html
Title: Re: Technical
Post by: CharleyO on August 28, 2012, 01:58:17 AM
***

Inside Huawei, the Chinese tech giant that's rattling nerves in DC

Quote
Chen Lifang is a board member and senior vice president at Huawei, the giant telecommunications gear maker based here. She's digesting news that broke a day earlier that the U.S. House Intelligence Committee has increased the pressure it's putting on the company to disclose details about its ties to the Chinese government. The bombshell came in the form of a letter, released to the media, from the committee's chairman and the ranking Democrat to Huawei founder and Chairman Ren Zhengfei.

Really, the letter was more of an 11-page laundry list of accusations, wrapped around questions about everything from funding the company has allegedly received from the Chinese government to queries about how board members got their posts. In the letter, Congressmen Mike Rogers (R-Mich.) and C.A. Dutch Ruppersberger (D-Md.) said they were investigating "the threat posed to our critical infrastructure and counter-intelligence posture by companies with potential ties to the Chinese government."

In June and July, CNET visited Huawei's headquarters here, as well as its giant research and development operation in Shanghai and a research facility in Santa Clara, Calif. Huawei provided an in-depth look a company that's a rare breed -- a Chinese tech giant that's not merely cheap, outsourced manufacturing for Western electronics customers.

 Huawei is the second largest telecommunications equipment maker in the world, behind only Sweden's Ericsson. It generated $32 billion in revenue last year, selling its networking technology to such global giants as Vodafone, Bell Canada and Telekom Malaysia, though only smaller U.S. carriers Leap and Clearwire use the company's gear. Huawei's heft has allowed it to pour resources into adjacent markets, such as mobile handset development and data center technology that's already paying off with new customers and billions more in revenue. This (past) winter's Mobile World Congress in Barcelona was something of a coming out party for Huawei's consumer business, where it unveiled what it claims is the world's fastest mobile phone, the Ascend D Quad.


See & read more at :
http://news.cnet.com/8301-1035_3-57484472-94/inside-huawei-the-chinese-tech-giant-thats-rattling-nerves-in-dc/


***
Title: Re: Technical
Post by: Asyn on August 28, 2012, 09:57:53 AM
Dropbox tests two-factor authentication
http://www.h-online.com/security/news/item/Dropbox-tests-two-factor-authentication-1676276.html
Title: Re: Technical
Post by: CharleyO on August 30, 2012, 02:42:04 AM
***

Motorola will unveil Intel-powered smartphone on September 18th in London

Quote
Earlier in the year, Motorola announced a partnership with Intel in which they would utilize their chips for select smartphones. We haven’t heard a peep until now. Motorola is sending out invites for an event in London on September 18th.


See & read more at :
http://www.talkandroid.com/129983-motorola-will-unveil-intel-powered-smartphone-on-september-18th-in-london/

I posted this in Technical as it is unusual for Intel chips to be in smart phones these days ... a technical oddity.
And who owns Motorola these days? It's Google.


***
Title: Re: Technical
Post by: CharleyO on August 30, 2012, 02:58:44 AM
***

AMD Targets Servers, Virtualization With New FirePro GPUs

Quote
What AMD is referring to as its most powerful dual- and single-slot server graphics cards to date, the new S9000 and S7000 are said to reduce server power consumption by up to 95 percent at idle, yielding overall data center cost savings and more efficient management for compute-intensive workloads, such as those demanded of computer-aided design (CAD) and media and entertainment apps.


Read more at :
http://www.crn.com/news/components-peripherals/240006416/amd-targets-servers-virtualization-with-new-firepro-gpus.htm?cid=nl_crn


***
Title: Re: Technical
Post by: CharleyO on August 30, 2012, 03:07:08 AM
***

VMware Unveils Bundle For Managing Mobile Desktops, Devices

Quote
A day after unveiling a cloud infrastructure bundle, VMware on Tuesday unveiled a bundle that aims to solve thorny IT issues arising from the flooding of personal devices into the workplace.

 VMware's Horizon Suite, currently in alpha and slated to enter beta by the end of the year, lets IT departments manage and set policies for the data and apps that end users access from notebooks, tablets and smartphones while they're outside the firewall. Using a Web console, IT managers can build a service catalog for all of its data and applications.

Horizon Suite can now manage Android and iOS apps, and it can also keep personal and corporate apps separated on a device. IT can set policies for corporate data, preventing corporate data from being copied onto the personal side.


Read more at :
http://www.crn.com/news/mobility/240006421/vmworld-vmware-unveils-bundle-for-managing-mobile-desktops-devices.htm?cid=nl_crn


***
Title: Re: Technical
Post by: CharleyO on August 30, 2012, 08:38:28 PM
***

The 30 Hottest Tech Releases In August

Tech Releases Continue To Heat Up

Quote
From high-profile releases, including the Samsung Galaxy Note 10.1 and the latest version of Apple's Mac OS X, to more niche plays such as AMD's new FirePro APUs and Toshiba's PX-series SSDs, there was something for everyone.

 For solution providers, identifying the potential for new business opportunities that accompany releases can be the key to getting ahead of the curve in various market trends


See & read more at :
http://www.crn.com/slide-shows/channel-programs/240006441/the-30-hottest-tech-releases-in-august.htm?pgno=1


***
Title: Re: Technical
Post by: CharleyO on August 31, 2012, 06:07:56 PM
***

Multi-screen mania: how our devices work together

Quote
It turns out that 90 percent of people move between devices to accomplish a task, with virtually all of those people completing their task in one day. The most popular starting point is the smartphone, which is used to gather information, shop online and engage in social networking. In most cases, the tasks are continued on a PC though tablets are also becoming a popular option for continuing social networking and watching videos. Shopping, for example, is a popular task, with 67 percent of respondents moving from screen to screen to complete a purchase.


Read more at :
http://gigaom.com/2012/08/29/multi-screen-mania-how-our-devices-work-together/


***
Title: Re: Technical
Post by: CharleyO on August 31, 2012, 09:36:46 PM
***

The pros and cons of cloud storage

Quote
Storage requirements are growing exponentially and, as a result, companies are looking for alternatives to traditional tape-based solutions. The cloud can provide a cost-effective storage alternative, but it may not be the right solution for every case.


Read more at :
http://www.continuitycentral.com/feature0998.html


***
Title: Re: Technical
Post by: CharleyO on August 31, 2012, 09:52:22 PM
***

Most Americans Confused By Cloud Computing According to National Survey

Quote
The survey of more than 1,000 American adults was conducted in August 2012 by Wakefield Research and shows that while the cloud is widely used, it is still misunderstood. For example, 51 percent of respondents, including a majority of Millennials, believe stormy weather can interfere with cloud computing. Nearly one third see the cloud as a thing of the future, yet 97 percent are actually using cloud services today via online shopping, banking, social networking and file sharing. Despite this confusion, three in five (59 percent) believe the “workplace of the future” will exist entirely in the cloud, which indicates people feel it’s time to figure out the cloud or risk being left behind in their professional lives.


Read much more at :
http://www.citrix.com/English/NE/news/news.asp?newsID=2328309


***
Title: Re: Technical
Post by: CharleyO on September 01, 2012, 07:25:01 PM
***

HP Targets Apple IT Consumerization With Windows 8 Blitz

Quote
Hewlett-Packard (NYSE:HPQ) is poised to mount a massive product and sales offensive around Windows 8 aimed at taking the wind out of rival Apple (NSDQ:AAPL)’s momentum, which is being driven in large part by the consumerization of IT.

 This fall, HP will launch a massive product and channel sales offensive around Windows 8 aimed at challenging Apple on a number of fronts, HP Director of Americas Channel Marketing Matt Smith told CRN Tuesday.


Read more at :
http://www.crn.com/news/applications-os/240005925/hp-targets-apple-it-consumerization-with-windows-8-blitz.htm


***
Title: Re: Technical
Post by: CharleyO on September 07, 2012, 12:26:24 AM
***

Amazon refreshes Kindles, including cheaper Fire

Quote
Amazon.com Inc. refreshed its Kindle line of gadgets on Thursday. It updated its Kindle Fire tablet computer and announced new stand-alone e-reader models. The Fire will be an effort to take a larger share of a tablet computer market dominated by Apple's iPad. It could help Amazon boost sales of digital goods such as e-books and movies.

Consumer electronics makers are trying to generate interest in their products now, before Apple announces a new iPhone and possibly a mini iPad next week.


Read more at :
http://my.earthlink.net/article/tec?guid=20120906/86c84e1f-75dc-4b0a-bd75-37882cd82e98


***
Title: Re: Technical
Post by: CharleyO on September 07, 2012, 09:40:07 PM
***

Microsoft’s September Patch Tuesday Easy; October, Not So Much

Quote
Page 1
September's Microsoft Patch Tuesday preview is shaping up to be a fairly simple one with only two bulletins in a list that is usually much longer. Both are rated as "important" and relate to privilege escalation vulnerabilities, which usually imply that the attacker already has some malware on the system in order to conduct the exploit.

Page 2
While the September Patch Tuesday is being characterized as a "walk in the park," the upcoming October counterpart is likely to be a completely different story.


Read more at :
http://www.crn.com/news/security/240006892/microsoft-8217-s-september-patch-tuesday-easy-october-not-so-much.htm?cid=nl_sec


***
Title: Re: Technical
Post by: CharleyO on September 07, 2012, 10:07:14 PM
***

Microsoft Bing to Google: Our Search Is Better Than Your Search

Quote
Microsoft is asking millions of Web searchers to break their longtime Google search habits and give the software giant's Bing search engine a new try in a catchy "Bing It On Challenge" that is aimed at growing Bing's market share in the search wars.

The "Bing It On" campaign was born out of a recent search study commissioned by Microsoft that looked at user opinions on the search engines they were using and the accuracy of the results they were getting, according to a post by Mike Nichols, chief marketing officer for Bing, on the Bing Search Blog.


Read both pages at :
http://www.eweek.com/c/a/Search-Engines/Microsoft-Bing-to-Google-Our-Search-Is-Better-Than-Your-Search-148401/?kc=EWKNLEDP09072012B

( After a year of using both search engines, I have to agree in that Bing gives me results that are more of what I'm looking for with less of the 'crap' results I get in Google which have almost nothing, and in many cases, nothing  at all to do with what I'm looking for.)


***
Title: Re: Technical
Post by: CharleyO on September 09, 2012, 01:38:08 AM
***

Lexmark To Lay Off 1,700 & Exits Inkjet Business

Quote
Lexmark International plans to lay off 1,700 people and exit the inkjet printer business, part of a major restructuring for the Lexington, Ky.-based company.

 The company said it will continue to service and support its existing inkjet customer base.


Read more at :
http://www.crn.com/news/components-peripherals/240006338/lexmark-to-lay-off-1-700-exits-inkjet-business.htm


***
Title: Re: Technical
Post by: CraigB on September 09, 2012, 08:46:05 AM

( After a year of using both search engines, I have to agree in that Bing gives me results that are more of what I'm looking for with less of the 'crap' results I get in Google which have almost nothing, and in many cases, nothing  at all to do with what I'm looking for.)

Totally agree, iv converted myself plus all my friends and family over to Bing these days and it's a much better search engine, i really dont touch anything that google ( not even android devices ) :)
Title: Re: Technical
Post by: Jesant13 on September 10, 2012, 01:15:14 AM
According to PCWorld, Google bought VirusTotal. They said that VirusTotal said it will continue to operate independently of Google. According to PC Magazine, VirusTotal announced the purchase in a blog post on Friday. They also said that VirusTotal said that the two companies had been partners for some time.
Title: Re: Technical
Post by: bob3160 on September 10, 2012, 01:32:15 AM
http://www.pcworld.com/article/262047/google_buys_browserbased_malware_scanner_virustotal.html (http://www.pcworld.com/article/262047/google_buys_browserbased_malware_scanner_virustotal.html)
Title: Re: Technical
Post by: bob3160 on September 10, 2012, 09:52:05 PM
GoDaddy suffers major outage (http://www.geek.com/articles/geek-cetera/godaddy-suffers-major-outage-20120910/)
Title: Re: Technical
Post by: CharleyO on September 12, 2012, 02:25:57 AM
***

Intel Dabbles In Science Fiction

Quote
Computers that simply do the sames things faster and faster are becoming boring. Been there, done that. But a device that can detect and interpret your emotions? Or intelligently organize a meeting, knowing that one of the participants is jogging at the time? That’s a more interesting proposition. Intel, perhaps surprisingly, is working on both.


Read more at :
http://www.readwriteweb.com/enterprise/2012/09/intel-dabbles-in-science-fiction.php


***
Title: Re: Technical
Post by: CharleyO on September 12, 2012, 08:14:39 PM
***

Public, Private Cloud Markets Set to Soar as Enterprise Adoption Grows


Quote
With enterprises continuing to adopt cloud computing, analysts see continued growth in both public and private cloud investment—with worldwide spending on public IT cloud services set to exceed $40 billion in 2012 and reach nearly $100 billion by 2016, according to IDC.

The research firm forecasts that from 2012 to 2016, public IT cloud services will see gains at a compound annual growth rate (CAGR) of 26.4 percent—five times that of the IT industry overall, as companies accelerate their shift to the cloud services model for IT consumption.


Read more at :
http://www.eweek.com/c/a/Cloud-Computing/Public-Private-Cloud-Markets-Set-to-Soar-as-Enterprise-Adoption-Grows-586161/?kc=EWKNLEDP09122012E


***
Title: Re: Technical
Post by: CharleyO on September 12, 2012, 08:44:18 PM
***

GoDaddy: Outage Caused By Network Failure, Not Anonymous Hack

Quote
Web hosting and email services company GoDaddy said Tuesday the outage that disrupted its operations for several hours Monday was caused by a networking issue and not by an attack from Anonymous, as the hacker group claimed.

 GoDaddy experienced intermittent service interruptions from 10 a.m. PST to 4 p.m. PST Monday, affecting an undetermined number of its 10.5 million customers.  Scott Wagner, CEO of GoDaddy, issued a statement Tuesday, denying the outage was caused by an outside attack and apologizing for the event.

"The service outage was not caused by external influences," Wagner said in a statement posted on GoDaddy's website. "It was not a 'hack' and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables."

 Wagner said customer data was not at risk. "We have let our customers down and we know it," he said.


Read more at :
http://www.crn.com/news/networking/240007163/godaddy-outage-caused-by-network-failure-not-anonymous-hack.htm?cid=nl_crn&elq=ecadb80cf8844f0a9d2076808386f115&elqCampaignId=


***
Title: Re: Technical
Post by: wayneking on September 13, 2012, 04:41:35 PM
well, I have to type my message all over again because the verification I typed in didn't work and it deleted my message rather than hold it and ask for another code. Thanks jerks.

This is the worst security company I have dealt with and I will never pay for another round. My avast service was deleted from my computer and it is HELL trying to get it back. I am not a technical user and their system is not user friendly. So I lost my money just like my friend who bought the security system but it would not load and it was impossible to get help from avast. So they just kept her money. No wonder avast has been hacked so many times. Obviously from users they have cheated. Does 'crooked company' ring a bell?
Title: Re: Technical
Post by: DavidR on September 13, 2012, 04:54:20 PM
Well I guess you haven't come for help or you would have asked.

If you want help - Please start a New Topic of your own here http://forum.avast.com/index.php?board=2.0 (http://forum.avast.com/index.php?board=2.0) (click the New topic button at the top of the page) as this is unrelated and will just confuse the topic and we will try to help.

If it is virus related then start a new topic, here http://forum.avast.com/index.php?board=4.0 (http://forum.avast.com/index.php?board=4.0) in the viruses and worms forum.

If you are within the first 30 days there is nothing to stop you asking for a refund at sales (at) avast (dot) com. Avast aren't crooks.
Title: Re: Technical
Post by: CharleyO on September 14, 2012, 12:39:12 AM
***

Neither did you tell us where you & your friend got your copies of Avast from.

Did both of you get them from some other site rather than from the official Avast site?

And, as David mentioned above, this is the wrong thread in which to be posting this subject.


***
Title: Re: Technical
Post by: CharleyO on September 14, 2012, 09:44:13 PM
***

GoDaddy Offers Users One-Month Credit Following Outage


Quote
Website hoster and email service provider GoDaddy says it will give customers a free month of service following an outage that took the company offline for six hours Monday.

 The credit will be applicable for each website owned by a customer, GoDaddy CEO Scott Wagner wrote in a letter to customers.

 Wagner also apologized for the outage. "We let you down and we know it. We take our responsibilities -- and the trust you place in us -- very seriously," Wagner wrote in the letter, published by The Los Angeles Times. "I can not express how sorry I am to those of you who were inconvenienced."


Read more at :
http://www.crn.com/news/cloud/240007323/godaddy-offers-users-one-month-credit-following-outage.htm?cid=nl_crn&elq=f5bd5135c38a42468180e88b4c3b98ca&elqCampaignId=1165


***
Title: Re: Technical
Post by: CharleyO on September 18, 2012, 02:10:59 AM
***

Coders Behind the Flame Malware Left Incriminating Clues on Control Servers


Quote
The attackers behind the nation-state espionage tool known as Flame accidentally left behind tantalizing clues that provide information about their identities and that suggest the attack began earlier and was more widespread than previously believed.

Researchers have also uncovered evidence that the attackers may have produced at least three other pieces of malware or variants of Flame that are still undiscovered.

The information comes from clues, including four programmers’ nicknames, that the attackers inadvertently left behind on two command-and-control servers they used to communicate with infected machines and steal gigabytes of data from them. The new details about the operation were left behind despite obvious efforts the attackers made to wipe the servers of forensic evidence ......


Read much more at :
http://www.wired.com/threatlevel/2012/09/flame-coders-left-fingerprints


***
Title: Re: Technical
Post by: CharleyO on September 18, 2012, 10:58:48 PM
***

Application Development: Microsoft Visual Studio 2012: 9 Hot New Things for Developers


Quote
Microsoft has formally launched its flagship Visual Studio 2012 tools suite and has already announced an update for the product, Visual Studio 2012 Update 1. At a Sept. 12 launch event in Seattle, Microsoft announced VS2012 before an audience of hundreds of developers in person and thousands more via Webcast. Visual Studio 2012 and .NET 4.5 are the tools that form the backbone for developing not only on Windows 8, but all of Microsoft’s platforms, company officials said. Meanwhile, Microsoft will be delivering VS2012 Update 1 by the end of this year as part of a new strategy to update its developer tools on a more rapid cadence, Microsoft said. “Visual Studio 2012 is the best development tool to enable developers to build ‘modern apps’ for connected devices,” Soma Somasegar, corporate vice president of Microsoft’s developer division, said in an interview with eWEEK. VS2012 supports development on Windows 8, Windows Server, Windows Azure and Windows Phone.


See & read more at :
http://www.eweek.com/c/a/Application-Development/Microsoft-Visual-Studio-2012-9-Hot-New-Things-for-Developers-844879/?kc=EWKNLEDP09182012A


***
Title: Re: Technical
Post by: CharleyO on September 18, 2012, 11:13:21 PM
***

Google Apps Dropping Support for Microsoft Internet Explorer 8


Quote
Google Apps users who are still using Microsoft's older Internet Explorer 8 (IE8) browser won't be able to continue to use Google services starting Nov. 15 until they upgrade to a newer browser.

Google detailed the move in a Sept. 14 post on the Google Apps Blog as part of its continuing strategy to keep its products up to date and working seamlessly with the latest evolving features in newer Web browsers.


Read more at :
http://www.eweek.com/c/a/Search-Engines/Google-Apps-Dropping-Support-for-Microsoft-Internet-Explorer-8-696356/?kc=EWKNLEDP09182012D


***
Title: Re: Technical
Post by: CharleyO on September 18, 2012, 11:19:20 PM
***

iPhone 5 Lightning Dock Could Drive Medical Devices to Bluetooth


Quote
Apple's switch to an 8-pin Lightning dock in the iPhone 5 could push the health care industry toward adopting Bluetooth technology, despite the security risks of wireless technology.

The Apple iPhone 5's smaller dock could lead to a greater transition toward Bluetooth connectivity in medical device peripherals. During Apple’s Sept. 12 announcement, company executives detailed how the new iPhone, iPod Touch and iPod Nano would connect to an eight-pin connector called Lightning instead of a 30-pin connector.

Users of remote medical devices that connect to the iPhone may have to switch to Bluetooth Smart, MobiHealthNews reported. Medical devices that connect to the iPhone include glucometers, heart rate monitors and fitness sensors.


Read more at :
http://www.eweek.com/c/a/Health-Care-IT/iPhone-5-Lightning-Dock-Could-Drive-Medical-Devices-to-Bluetooth-192179/?kc=EWKNLEDP09182012E


***
Title: Re: Technical
Post by: CharleyO on September 22, 2012, 12:12:08 AM
***

Unwired Planet Sues Apple and Google Over Patents


Quote
Unwired Planet today announced that it has filed separate lawsuits against Apple and Google for violating its intellectual property. The company alleges that each company is violating 10 patents, for a total of 20 patent complaints.

The lawsuit against Apple names devices such as the iPhone, iPad, and iPod; applications such as iTunes and the App Store; and services such as Siri, Apple Maps, Safari, and iAd. The patents themselves cover a wide range of technologies, including detecting and connecting to wireless data networks, server-based speech recognition, and offering location data to mobile devices, among others.

In its case against Google, Unwired Planet names a large selection of Google services, such as the Google Play Store, Google AdWords, Google Search, Google Maps, Google Wallet, and many others. The patents it accuses Google of violating incude those that cover providing graphical location data to mobile devices, method and apparatus for protecting identities of mobile devices on a wireless network, and the systems and methods necessary to connect devices via NFC. The lawsuits were file in the U.S. District Court for the District of Nevada.


Read more at :
http://www.phonescoop.com/articles/article.php?a=11187


***
Title: Re: Technical
Post by: CharleyO on September 22, 2012, 12:30:21 AM
***

Benchmarking mobile maps


Quote
For all the needs that begin with a “where” question, we have developed a compelling suite of applications that delivers the best location-based experiences – helping you to discover the world around you and navigate your life. Not only is this possible because the location business is strategic to Nokia, but because these apps are running on the world’s most advanced location platform.

Unlike our competitors, which are financing their location assets  with advertising or licensing mapping content from third parties, we completely own, build and distribute mapping content, platform and apps.

In other words, we truly understand that maps and location-based apps must be accurate, provide the best quality and be accessible basically anywhere. That’s been standard practice at Nokia for the past six years, and we also understand that “pretty” isn’t enough. You expect excellence in your smartphone mapping experience.


See & read much more at :
http://conversations.nokia.com/2012/09/20/benchmarking-mobile-maps/


***
Title: Re: Technical
Post by: CharleyO on September 22, 2012, 12:53:33 AM
***

Phony Facebook application security tests? Say it ain't so, Zuckerberg


Quote
How else can we explain the report from the Federal Trade Commission (FTC) this week that disclosed that, for close to a year, Facebook operated a for-profit application security testing service that was little more than a sham: taking money from hopeful application developers with false promises to vet their creations for security holes. Instead, the FTC concluded, the company banked the money and put a "Facebook Verified App" logo next to the application, without bothering to do any additional auditing of the submitted application. The program, the FTC said, was "false and misleading" -- a hollow show that, all the same, netted Facebook between $50,000 and $95,000 for "verifying" 254 applications between May and December, 2009.

Mind you, at the time the Facebook Verified App program was bilking developers with empty promises of security audits, the then-privately-held company had revenues of around $777 million. In other words: the Verified Apps scam was chump change, revenue wise: about 1/100th of a percent of Facebook's overall revenue. It was small, especially compared to the money Facebook was making selling information on its hundreds of millions of users to advertisers and application developers.


Read more at :
http://news.idg.no/cw/art.cfm?id=1CE06AD9-9EA6-16A5-80F24DABA08016D7


***
Title: Re: Technical
Post by: CharleyO on September 22, 2012, 01:48:23 AM
***

5 things you need to know about cloud in Europe


Quote
Most of what we hear about cloud computing in Europe tends to fixate on the notion that cloud adoption there lags that in the US by one to three years.

That may be generally true, but it’s still a simplistic analysis. Despite the economic mess over there, IDC predicts a 30 percent compound annual growth rate for cloud deployments between 2011 and 2016 compared to an 18.5 percent CAGR for the US during that period. Not too shabby. (The researcher said it is monitoring economic developments in Western Europe  and could adjust its predictions as needed.)

Here’s some of what you need to know about how cloud is rolling out in Europe, gleaned from researchers, vendor executives, and other experts.


Read more at :
http://gigaom.com/cloud/5-things-you-need-to-know-about-cloud-in-europe/


***
Title: Re: Technical
Post by: CharleyO on September 25, 2012, 02:15:44 AM
***

Samsung Unveils 840 Series At Global SSD Summit


Quote
Before an audience of about 70 tech media reporters and editors from around the world, Samsung Electronics Company near its headquarters in Seoul, Korea, Monday unveiled the company's latest series of fast-performing, low cost solid-state drives.

The 840 Series of 2.5-inch, 6-Gbps drives includes models for consumers as well as a Pro line for mobile professionals, enthusiasts and other power users seeking a fast-performing SSD at the lowest possible price.

 The announcement was part of the Samsung Global SSD Summit, a full-day event held at the Shilla hotel in Seoul, where editors were given a chance to work directly with the company to experience the new drives, which are rated to deliver sustained transactional performance of 100,000 input/output operations per second (IOps) for random transactions.


Read more at :
http://www.crn.com/news/mobility/240007799/samsung-unveils-840-series-at-global-ssd-summit.htm?cid=nl_stor&elqTrack=true


***
Title: Re: Technical
Post by: CharleyO on September 25, 2012, 04:27:02 AM
***

IPv6: What You Need to Know About the Move From IPv4


Quote
The Number Resource Organization said the world officially ran out of IPv4 addresses in February 2011, and according to the Internet Society, the reasons for moving to IPv6 vary from community to community. For example, IPv6 will unlock a range of opportunities for network operators in terms of service provision continuity, growth and innovation. In addition, it will result in network management efficiencies and savings. For hardware manufacturers, IPv6 is a key enabler of smart grids, intelligent buildings, sensor networks, and other hardware—and application-dependent innovations.


See & read more at :
http://www.eweek.com/c/a/Enterprise-Networking/IPv6-What-You-Need-to-Know-About-the-Move-From-IPv4-214871/?kc=EWKNLEDP09242012A


***
Title: Re: Technical
Post by: CharleyO on September 26, 2012, 02:25:35 AM
***

Programming, Database Are Top Skills for IT Pros on Wall Street


Quote
If you are looking for a job on Wall Street, IT skills are the way to go, particularly programming and database expertise, according to a recent study conducted by a leading career site network for the financial services industry. eFinancialCareers, a global career site network for professionals working in the investment banking, asset management and securities industries, recently released its top 10 skills searches on Wall Street, and programming and databases skills come out on top.


See & read more at :
http://www.eweek.com/developer/slideshows/programming-database-are-top-skills-for-it-pros-on-wall-street/?kc=EWKNLEDP09252012A


***
Title: Re: Technical
Post by: CharleyO on September 26, 2012, 09:08:11 PM
***

5 Ways Cloud Computing is Disrupting Everyone's Job


Quote
Ironically, as cloud sweeps through with new ways of running businesses, we’ll be calling it “cloud” less and less. It will simply be the way information is delivered and processed, without the need to think whether it comes from an outside service or from internal systems.  Here are five key ways cloud computing is reshaping the way business is conducted:


Read more at :
http://www.forbes.com/sites/joemckendrick/2012/09/25/5-ways-cloud-computing-is-disrupting-everyones-job/


***
Title: Re: Technical
Post by: CharleyO on September 26, 2012, 09:32:43 PM
***

The 10 Most Disruptive Enterprise Tech Companies


Quote
Enterprise technology is in the middle of a massive transformation caused by major technological shifts:

- Mobile cell phone networks are getting faster.
- Cloud computing has put unlimited computing power into the hands of everyone at very low costs.
- Software-as-a-service has become a safe and reliable alternative to on-premises software.
- Social networking is changing how companies interact with each other and customers.
- Employees are more tech savvy, bringing their own devices to work and supplementing enterprise software with their own hand-picked cloud-based services.

All of that means that there's an enormous opportunity for tech companies to disrupt the status quo.


See & read much more at :
http://www.businessinsider.com/10-disruptive-enterprise-tech-companies-2012-9?op=1


***
Title: Re: Technical
Post by: CharleyO on September 26, 2012, 09:42:03 PM
***

Hitachi unveils glass slivers that store data forever


Quote
TOKYO: As Bob Dylan and the Rolling Stones prove, good music lasts a long time; now Japanese hi-tech giant Hitachi says it can last even longer -- a few hundred million years at least. The company on Monday unveiled a method of storing digital information on slivers of quartz glass that can endure extreme temperatures and hostile conditions without degrading, almost forever.

"The volume of data being created every day is exploding, but in terms of keeping it for later generations, we haven't necessarily improved since the days we inscribed things on stones," Hitachi researcher Kazuyoshi Torii said. "The possibility of losing information may actually have increased," he said, noting the life of digital media currently available -- CDs and hard drives -- is limited to a few decades or a century at most.


Read more at :
http://www.channelnewsasia.com/stories/afp_world_business/view/1227752/1/.html


***
Title: Re: Technical
Post by: Asyn on September 27, 2012, 10:39:52 AM
A death blow for PPTP
http://www.h-online.com/security/features/A-death-blow-for-PPTP-1716768.html
Title: Re: Technical
Post by: CharleyO on September 28, 2012, 07:31:33 AM
***

AMD Targets Intel's i5 Processors With New Trinity APUs


Quote

AMD Thursday lifted the curtain on its latest lineup of accelerated processing units (APUs) for desktops, which the chip maker says are both budget-friendly and capable of outperforming Intel's i5 Core processors.

 Pricing details for AMD's new Trinity-based and quad-core A10-5800K and the A8-5600K chips won't be revealed until Oct. 2, which is when they will be available. But Adam Kozak, desktop product marketing manager at AMD, Sunnyvale, Calif., said they will be targeted primarily at system builders within the entry-level or "mainstream" desktop market.

 "These A series accelerated processors fit within that mainstream segment where our customers are looking at building systems and are looking to prepare these with graphics cards for $100 or less, all the way down to the free graphics that come inside that accelerated processor."


Read more at :
http://www.crn.com/news/components-peripherals/240008051/amd-targets-intels-i5-processors-with-new-trinity-apus.htm?cid=nl_vi


***
Title: Re: Technical
Post by: CharleyO on September 29, 2012, 06:27:31 AM
***

Intel Readies New 'Clover Trail' Atom Processors For Tablet Blitz


Quote

Intel on Thursday revealed new details regarding its upcoming Atom Z2760 processors, code-named "Clover Trail," which are set to usher in the first generation of Intel-powered tablets.

 A dual-core chip specifically designed for Windows 8 tablets and convertible notebooks, the Atom Z2760 can reach processing speeds up to 1.8GHz, arm devices with up to 10 hours of HD video playback and support the latest high-speed 4G wireless networks.


Read more at :
http://www.crn.com/news/components-peripherals/240008101/intel-readies-new-clover-trail-atom-processors-for-tablet-blitz.htm?cid=nl_crn&elqTrack=true


***
Title: Re: Technical
Post by: CharleyO on September 29, 2012, 06:34:43 AM
***

New DDR4 Standards Pave Way Toward Faster, More Efficient PCs


Quote
JEDEC Solid State Technology Association, the group that spearheads standards development for the microelectronics industry, has unveiled a new set of standards for DDR4, the next-generation DRAM memory that will give way to faster and less power-hungry PCs.

 According to JEDEC, the new DDR4 memory will boost the performance of servers, laptops and desktop PCs, allowing for ultra-fast data transfer speeds that weren't possible with existing DRAM technologies like DDR3 and DDR2. Specifically, DDR4 boasts a per-pin data rate of at least 1.6 giga transfers per second -- which was the initial maxed-out speed of DDR3 -- and can reach speeds as high as 3.2 giga transfers per second.

Read more at :
http://www.crn.com/news/components-peripherals/240008092/new-ddr4-standards-pave-way-toward-faster-more-efficient-pcs.htm?cid=nl_crn&elqTrack=true


***
Title: Re: Technical
Post by: Asyn on September 29, 2012, 08:51:06 AM
How to install silently malicious extensions for Firefox
http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html
Title: Re: Technical
Post by: CharleyO on October 03, 2012, 04:42:08 AM
***

Google House Cleaning Efforts Continue

Among the changes, Google users will no longer be able to select their own images to use as personalized backgrounds on Google.com, and Google Storage in Picasa and Drive will be consolidated.


Quote

Google's year-long project to cut out little-used services so the company can focus on its most popular offerings to customers continues with a new round of features that are on the chopping block.

The latest upcoming service cuts includes a myriad of Google ideas that just didn't catch on with enough users, from AdSense for Feeds to Spreadsheet Gadgets to the Places Directory Android app, according to a Sept. 28 post by Yossi Matias, Google's senior engineering director, on the Google Official Blog.

Since June 2011, Google has been paring down services that are not getting enough user traction to make them sustainable.


Read more at :
http://www.eweek.com/search-engines/google-house-cleaning-efforts-continue/?kc=EWKNLEDP10022012E


***
Title: Re: Technical
Post by: CharleyO on October 03, 2012, 07:30:30 AM
***

8 Tech Companies That Had It All And Lost It


Quote
Whether it's mobility, networking or traditional desktop PCs, the tech industry moves pretty quickly. So quickly, in fact, that it can be easy for even the biggest tech giants to fall behind, losing market share and risking being nothing more than a chapter in high-tech history.

Over the past 10 years, tech companies big and small have tasted the sweetness of success, only to have it stolen away by some of their biggest competitors. Here is a recap of some the tech industry's most notable -- and most heart-wrenching -- declines.


See and read more at :
http://www.crn.com/slide-shows/mobility/240008012/8-tech-companies-that-had-it-all-and-lost-it.htm


***
Title: Re: Technical
Post by: Lisandro on October 03, 2012, 02:14:09 PM
See and read more at :
http://www.crn.com/slide-shows/mobility/240008012/8-tech-companies-that-had-it-all-and-lost-it.htm
Hall of failure... Or you update and keep yourself up-to-date, or you can follow the same way...
Title: Re: Technical
Post by: CharleyO on October 03, 2012, 10:35:24 PM
***

GoDaddy To Close Cloud Computing Service


Quote

GoDaddy plans to close its cloud computing business, telling its SMB customers it will try to integrate the business into other services.

 GoDaddy CIO Auguste Goldman issued an email outlining the company's plans:

 "We are focused on SMBs and SMBs don't use our Cloud Server product the way we are offering it now," Goldman wrote in the email that GoDaddy provided to CRN Tuesday. "So, in the weeks ahead, it won't be a stand-alone product in and of itself. However, we plan to continue developing cloud technology into our other hosted products.

 "We will continue to support existing Cloud Server customers in a variety of ways," Goldman added.


Read more at :
http://www.crn.com/news/cloud/240008343/godaddy-to-close-cloud-computing-service.htm?cid=nl_vi&elqTrack=true


***
Title: Re: Technical
Post by: CharleyO on October 05, 2012, 09:42:48 AM
***

Technically Speaking: What DDR4 Memory Means For Computing


Quote

The PC industry hasn't seen an updated memory spec in a while, and it was long past due. That upgrade came last week, as the memory standards group JEDEC revealed that it had published a spec for DDR4 SDRAM, defining "features, functionalities, AC and DC characteristics, packages and ball/signal assignments," that builds on the DDR3 spec, first published in 2007. The DDR4 spec applies to SDRAM devices from 2 GB through 16 GB for x4, x8 and x16 buses. Here's a look at some of the particulars.


See & read more at :
http://www.crn.com/slide-shows/components-peripherals/240008422/technically-speaking-what-ddr4-memory-means-for-computing.htm


***
Title: Re: Technical
Post by: Asyn on October 05, 2012, 06:26:35 PM
The tale of one thousand and one DSL modems
https://www.securelist.com/en/blog/208193852/The_tale_of_one_thousand_and_one_DSL_modems
Title: Re: Technical
Post by: CharleyO on October 10, 2012, 05:07:11 AM
***

Qualcomm Joins AMD, ARM, Samsung on HSA Foundation


Quote

The group is working toward a single architecture spec for chips that run in heterogeneous environments, which leverage both compute and graphics.

Qualcomm is the latest member of the Heterogeneous System Architecture Foundation, joining the likes of Advanced Micro Devices, ARM and Samsung Electronics in creating a single architecture spec for chips that leverage both compute and graphics capabilities.
Other members of the foundation, which was announced in June, include Texas Instruments, Imagination Technologies and MediaTek.


Read more at :
http://www.eweek.com/mobile/qualcomm-joins-amd-arm-samsung-on-hsa-foundation/?kc=EWKNLEDP10082012E


***
Title: Re: Technical
Post by: Asyn on October 11, 2012, 09:34:02 AM
Microsoft Security Intelligence Report (SIR) #13
http://www.microsoft.com/security/sir/default.aspx

http://download.microsoft.com/download/C/1/F/C1F6A2B2-F45F-45F7-B788-32D2CCA48D29/Microsoft_Security_Intelligence_Report_Volume_13_English.pdf
http://download.microsoft.com/download/C/1/F/C1F6A2B2-F45F-45F7-B788-32D2CCA48D29/Microsoft_Security_Intelligence_Report_Volume_13_Key_Findings_Summary_English.pdf
http://download.microsoft.com/download/C/1/F/C1F6A2B2-F45F-45F7-B788-32D2CCA48D29/Microsoft_Security_Intelligence_Report_Volume_13_Worldwide_Threat_Assessment_English.pdf
Title: Re: Technical
Post by: CharleyO on October 13, 2012, 10:06:37 PM
***

US regulators move closer to suing Google


Quote
Federal regulators are moving closer to suing Google over allegations that the company has abused its dominance of Internet search to stifle competition and drive up online advertising prices, news reports said Friday.

Several news outlets reported that staff members at the Federal Trade Commission are preparing to recommend that the agency file an antitrust lawsuit against the search giant. A majority of the five FTC commissioners would have to approve a suit before legal action could proceed.


Read more at :
http://my.earthlink.net/article/tec?guid=20121012/f300f1f5-6381-4170-864c-8684e8549473


***
Title: Re: Technical
Post by: CharleyO on October 16, 2012, 10:49:25 PM
***

HP Shows Why It Remains No. 1 in the World Workstation Market


Quote

Hewlett-Packard's Fort Collins, Colo., facility was built in the mid-'70s when David Packard and Bill Hewlett, both being enthusiastic outdoorsmen, decided they wanted to build a company plant near: a) an excellent engineering school (Colorado State University); and b) one of their favorite hunting, fishing, skiing and vacation places, the Rocky Mountains.

 It has since morphed into the workstation headquarters for the company and thus, the world. HP leads the mobile workstation market worldwide with 41.8 percent share and leads the combined workstation category with 46.2 percent share, according to the Q2'12 IDC Worldwide Workstation Tracker released in August.

At the beginning of the 21st century, four major players manufactured high-end computer workstations: Silicon Graphics, Sun, IBM and HP. Today, HP is the only surviving and thriving workstation vendor of those four. This slide show illustrates a tour of the HP facility taken on Oct. 11, 2012.


See & read more at :
http://www.eweek.com/networking/slideshows/hp-shows-why-it-remains-no.-1-in-the-world-workstation-market/?kc=EWKNLEDP10152012A


***
Title: Re: Technical
Post by: CharleyO on October 16, 2012, 11:30:16 PM
***

10 Hot Technical Skills for 2013


Quote

Are you looking to possibly switch jobs as 2012 winds down and we enter 2013? Or, are you looking to increase your salary by adding a skill to your resume? Well, CyberCoders has a bead on the 10 hottest tech skills for the coming year. CyberCoders is a worldwide recruiting firm that uses technology and experienced recruiters in its passionate pursuit to match great people with great companies.


See & read more at :
http://www.eweek.com/developer/slideshows/json-html5-ios-10-hot-technical-skills-for-2013/?kc=EWKNLEDP10162012A


***
Title: Re: Technical
Post by: CharleyO on October 18, 2012, 08:04:38 PM
***

IT Horror Story: A World Without COBOL


Quote

With Halloween just around the corner, a real-life horror story is all around us, just waiting to be unleashed. We’re referring to our widespread dependence on COBOL, one of our oldest programming languages. Because it was designed to ensure longevity for enterprise applications, COBOL still runs some of the world's most basic and critical applications, but it has been increasingly dismissed as an over-the-hill programming language that today's developers don't want to work with. That presents the possibility that a severe shortage of COBOL programmers could contribute to a doomsday scenario in which many of the critical services we depend on are unavailable. It's the specter of such a disaster that motivated software-maker Micro Focus to develop a visual COBOL tool that lets companies run their COBOL applications on .Net, Java Virtual Machine and the cloud. "COBOL is the most prominent and reliable programming language, designed for today's mission-critical business applications," said Ed Airey, Micro Focus' product manager for COBOL. Here's a look at 12 applications that depend on COBOL—and what might happen in a widespread COBOL crash.


See & read more at :
http://www.baselinemag.com/enterprise-apps/slideshows/it-horror-story-a-world-without-cobol/?kc=EWKNLEDP10182012C


***
Title: Re: Technical
Post by: Asyn on October 20, 2012, 09:36:06 PM
New IPv6 tools from "The Hacker's Choice"
http://www.h-online.com/security/news/item/New-IPv6-tools-from-The-Hacker-s-Choice-1727876.html
http://www.thc.org/thc-ipv6/README
Title: Re: Technical
Post by: Asyn on October 21, 2012, 12:06:45 PM
ENISA Annual Incident Report 2011
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports/annual-incident-reports-2011
http://www.enisa.europa.eu/activities/Resilience-and-CIIP/Incidents-reporting/annual-reports/annual-incident-reports-2011/at_download/fullReport
Title: Re: Technical
Post by: Asyn on October 22, 2012, 09:58:27 AM
Steam Browser Protocol Insecurity
http://revuln.com/files/ReVuln_Steam_Browser_Protocol_Insecurity.pdf
Title: Re: Technical
Post by: CharleyO on October 23, 2012, 07:19:11 AM
***

IT Job Market Holds Firm In US


Quote

Given what Americans have endured over the last several years, it's safe to say that any news that isn't particularly bad is actually pretty good. Which is probably the best way to interpret the latest IT jobs availability report from Dice.com, an IT employment career site. The overall number of tech positions has inched up ever so slightly from a year ago, which is obviously better than a decline


See & read more at :
http://www.baselinemag.com/careers/slideshows/it-job-market-holds-firm/?kc=EWKNLEDP10222012C


***
Title: Re: Technical
Post by: Asyn on October 24, 2012, 11:55:10 PM
miniFlame aka SPE: "Elvis and his friends"
http://www.securelist.com/en/blog/763/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends
http://www.securelist.com/en/analysis/204792247/miniFlame_aka_SPE_Elvis_and_his_friends
Title: Re: Technical
Post by: Asyn on October 25, 2012, 05:55:55 PM
The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software.
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
Title: Re: Technical
Post by: CharleyO on October 25, 2012, 08:07:14 PM
***

Smartphones, Tablets, Enterprise Apps Among Top Tech in 2013

Apple, Google and others will battle it out for mobile device market share in 2013, one of Gartner's 10 predicted tech trends for 2013.


Quote

Big data, mobile device battles and the rise of the personal cloud were among the top 10 technologies and trends that will be strategic for most organizations in 2013, research firm Gartner announced  at the ITxpo in Orlando Oct. 23. Gartner Vice President David Cearley noted that while enterprises may not have to adopt and invest in all of the listed technologies, they should make deliberate decisions about how these trends fit in with the organization’s expected needs in the near future.


Read more at :
http://www.eweek.com/mobile/smartphones-tablets-enterprise-apps-among-top-tech-in-2013-gartner/?kc=EWKNLEDP10252012E


***
Title: Re: Technical
Post by: CharleyO on October 27, 2012, 06:41:42 AM
***

Microsoft Windows 8: 10 Things You Need to Know About the OS


Quote

On Oct. 25, Microsoft's Windows 8 operating system finally made its official debut after almost a whole year of different releases, updates and a lot of hype. Beginning Friday, Oct. 26, consumers and businesses worldwide will be able to experience all that Windows 8 has to offer, including a beautiful new user interface and a wide range of applications with the grand opening of the Windows Store. As a result of close work with hardware partners, more than 1,000 certified PCs and tablets, including Microsoft Surface, will be available for the launch of Windows 8—making it one of the largest lineups of PCs ever across the Windows ecosystem.


See & read more at :
http://www.eweek.com/enterprise-apps/slideshows/microsoft-windows-8-10-things-you-need-to-know-about-the-os/?kc=EWKNLEDP10262012A


***
Title: Re: Technical
Post by: CharleyO on October 27, 2012, 07:00:41 AM
***

IT Must Deal With Real-Life Horror Shows


Quote

Slashers, ghosts and zombies ... Oh, my! With an onslaught of hackers, meddlesome internal users and malware-laden applications out there, IT departments may feel as if they’re dealing with a real-life horror show every day. So, with tongue-in-cheek, the folks at Bomgar speculated about which fright films would best represent the most common tech problems.


See & read more at :
http://www.baselinemag.com/security/slideshows/it-must-deal-with-real-life-horror-shows/?kc=EWKNLEDP10262012C


***
Title: Re: Technical
Post by: Asyn on October 28, 2012, 11:47:38 AM
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html
Title: Re: Technical
Post by: bob3160 on October 28, 2012, 02:03:18 PM
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html (http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html)
It's hard to patch a hole when the foundation is so rotten !!!
Title: Re: Technical
Post by: SpeedyPC on October 28, 2012, 02:07:46 PM
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html (http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html)
It's hard to patch a hole when the foundation is so rotten !!!

+1 it true because it starting to smell like a dead corpse see to many lying around in the compound which is not a great job cleaning it up :-\

Edit: link remove sorry
Title: Re: Technical
Post by: bob3160 on October 28, 2012, 02:38:23 PM
Sorry Speedy but that's not exactly what I was talking about and not something to my liking!!!!!  :o
Title: Re: Technical
Post by: SpeedyPC on October 28, 2012, 02:59:36 PM
Sorry Speedy but that's not exactly what I was talking about and not something to my liking!!!!!  :o

Sorry Bob I do understand what you're saying when Java is hard to patch a hole no matter what security companies are involved, when Adam Gowdiak decided to take matters into his own hands by developing a patch for a critical security vulnerability he had discovered in Java. Java starting to smell like a dead corpse see to many lying around in the compound which is not a great job patching up Java, Java will always be a critical security vulnerability.
Title: Re: Technical
Post by: bob3160 on October 28, 2012, 03:01:27 PM
Speedy,
It's the link you posted that I find offensive. :o
Title: Re: Technical
Post by: Asyn on October 29, 2012, 08:38:04 AM
Security researcher experiments with patching Java
http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html (http://www.h-online.com/security/news/item/Security-researcher-experiments-with-patching-Java-1735346.html)
It's hard to patch a hole when the foundation is so rotten !!!

Yes, I strongly recommend to uninstall Java, if not unconditionally needed.
Title: Re: Technical
Post by: CharleyO on October 30, 2012, 06:31:20 AM
***

IBM Researchers Making Carbon Nanotube Production a Reality


Carbon nanotubes, the next big thing when it comes to making faster computer chips, are beginning to leave the realm of fantasy and are starting to approach the possibility of commercial production, according to IBM researchers.


Quote

Carbon nanotubes are beginning to head out of the laboratory and into the edges of reality, according to a team of IBM researchers who have been hard at work creating carbon nanotubes that will be the basis for the next generation of computer chips.

The latest breakthrough as scientists continue to refine the handling and construction of the carbon nanotubes is that 10,000 of the tiny structures have been manipulated to fit and operate on a single chip using standard semiconductor processes, according to IBM. This is reportedly the first time that such an accomplishment has been possible.


Read more at :
http://www.eweek.com/it-management/ibm-researchers-making-carbon-nanotube-production-a-reality/


***
Title: Re: Technical
Post by: Asyn on October 31, 2012, 08:53:39 AM
Scary Logins: Worst Passwords of 2012 — and How to Fix Them
http://www.prweb.com/releases/2012/10/prweb10046001.htm
Title: Re: Technical
Post by: CharleyO on November 01, 2012, 06:55:27 AM
***

Microsoft Sued Over Windows 8 Tiles

Microsoft's new Windows 8 tiling feature is being challenged in a patent-infringement lawsuit filed by a Maine-based company that doesn't sell any products or services.

Quote
The lawsuit, filed Oct. 30 by Portland, Maine-based SurfCast, alleges that Microsoft infringes on its U.S. Patent No. 6,724,403 dating back to the 1990s for the "tiling" concepts used in the new Windows 8 operating system that is now being used in PCs, Surface tablets, laptops and smartphones.

"We developed the concept of Tiles in the 1990s, which was ahead of its time," Ovid Santoro, CEO of SurfCast, said in a statement on the company's Website. "Microsoft’s Live Tiles are the centerpiece of Microsoft’s new Operating Systems and are covered by our patent."

Patent-infringement lawsuits, when filed by companies that don't sell their own products or services, typically are referred to as "patent troll" cases involving businesses set up to acquire patents that can later be pursued in legal cases against larger companies with deep pockets.


Read more at :
http://www.eweek.com/enterprise-apps/microsoft-sued-over-windows-8-tiles/


***
Title: Re: Technical
Post by: Asyn on November 01, 2012, 11:10:09 AM
How a Google Headhunter’s E-Mail Unraveled a Massive Net Security Hole
http://www.wired.com/threatlevel/2012/10/dkim-vulnerability-widespread/all/
http://www.kb.cert.org/vuls/id/268267
Title: Re: Technical
Post by: CharleyO on November 03, 2012, 05:46:12 AM
***

  IBM, Cleveland Clinic Put Watson to Work on Medical Training


Quote

IBM's Watson is headed to medical school. IBM and Cleveland Clinic are collaborating to use Watson's deep question-answer technology to help train students on how to come up with proper diagnoses and treatments for patients.

Founded in 1921, Cleveland Clinic is a nonprofit academic medical center that integrates research and education.

Watson's ability to understand natural language and generate hypotheses will help medical professionals make clinical decisions, IBM reported.

IBM researchers and Cleveland clinicians, faculty and medical students will work together to apply Watson's deep question-answer technology to medicine.


Read more at :
http://www.eweek.com/servers/ibm-cleveland-clinic-put-watson-to-work-on-medical-training/


***
Title: Re: Technical
Post by: Asyn on November 03, 2012, 06:06:51 PM
Demystifying Dot NET Reverse Engineering, Part 1: Big Introduction
http://resources.infosecinstitute.com/demystifying-dot-net-reverse-engineering-part-1-big-introduction/

Demystifying dot NET reverse engineering – PART 2: Introducing Byte Patching
http://resources.infosecinstitute.com/dot-net-reverse-engineering-part-2/
Title: Re: Technical
Post by: Asyn on November 05, 2012, 09:55:07 AM
State of Secure Boot detailed
http://www.h-online.com/security/news/item/State-of-Secure-Boot-detailed-1741460.html
http://mjg59.dreamwidth.org/18945.html
http://mjg59.dreamwidth.org/19448.html
Title: Re: Technical
Post by: Asyn on November 06, 2012, 09:25:16 AM
Black Tulip (Report of the investigation into the DigiNotar Certificate Authority breach)
http://www.rijksoverheid.nl/bestanden/documenten-en-publicaties/rapporten/2012/08/13/black-tulip-update/black-tulip-update.pdf
Title: Re: Technical
Post by: jalzuma15 on November 07, 2012, 11:54:09 PM
Hi. I need to know how the web shield activer??? my avast indicates service stopped
Title: Re: Technical
Post by: Asyn on November 08, 2012, 05:46:53 AM
Hi. I need to know how the web shield activer??? my avast indicates service stopped

Please ask here: http://forum.avast.com/index.php?board=2.0
Title: Re: Technical
Post by: CharleyO on November 08, 2012, 08:40:41 PM
***

IT Staff and Leaders at Odds Over Job Performance

Quote
There's a considerable difference of opinion between IT professionals and their bosses with respect to employee performance management, according to a recent survey from TEKsystems. Supervisors overlook poor performance for far too long, some IT pros say. And while managers generally do a decent job at clarifying expectations, they fall far short when it comes to evaluating staffers for advancement and aligning individual achievement with company strategies.


See & read more at :
http://www.baselinemag.com/it-management/slideshows/it-staff-and-leaders-at-odds-over-job-performance/?kc=EWKNLEDP11082012C


***
Title: Re: Technical
Post by: Asyn on November 15, 2012, 12:00:46 PM
Smishing Vulnerability in Multiple Android Platforms
http://www.csc.ncsu.edu/faculty/jiang/smishing.html
Title: Re: Technical
Post by: Asyn on November 15, 2012, 03:39:40 PM
Firefox to make life harder for HTTPS snoopers
http://www.h-online.com/security/news/item/Firefox-to-make-life-harder-for-HTTPS-snoopers-1746127.html
https://blog.mozilla.org/security/2012/11/01/preloading-hsts/
Title: Re: Technical
Post by: CharleyO on November 17, 2012, 06:47:45 AM
***

Cray Titan Supercomputer Now the World’s Fastest; IBM's Sequoia No. 2

Quote
IBM's Sequoia supercomputer in June became the first U.S.-based system to reach No. 1 on the Top500 list of the world's fastest supercomputers. Six months later, the system—at Lawrence Livermore Laboratory—was moved to No. 2, displaced by Cray's huge Titan supercomputer, housed at the Oak Ridge National Laboratory in Tennessee. Titan, a massive XK7 system powered by Opteron processors from Advanced Micro Devices and GPU accelerators from Nvidia, hit a performance of 17.59 petaflops—or quadrillions of calculations per second—outdistancing Sequoia's 16.32 petaflops.


See & read more at :
http://www.eweek.com/servers/slideshows/cray-titan-supercomputer-now-the-worlds-fastest-ibms-sequoia-no.-2?kc=EWKNLEDP11142012A


***
Title: Re: Technical
Post by: Charyb-0 on November 18, 2012, 04:22:12 AM
This is interesting. Early launch anti-malware. (downloadable ms word file)

http://msdn.microsoft.com/library/windows/hardware/br259096
Title: Re: Technical
Post by: Asyn on November 18, 2012, 02:09:44 PM
M³AAWG Best Practices for Implementing DKIM To Avoid Key Length Vulnerability
https://www.maawg.org/sites/maawg/files/news/M3AAWG_Key_Implementation_BP-2012-11.pdf
Title: Re: Technical
Post by: Asyn on November 19, 2012, 12:32:11 PM
A critical Analysis of Dropbox Software Security
http://archive.hack.lu/2012/Dropbox%20security.pdf
Title: Re: Technical
Post by: Asyn on November 23, 2012, 10:37:48 AM
HTTP Strict Transport Security becomes Internet Standard
http://www.h-online.com/security/news/item/HTTP-Strict-Transport-Security-becomes-Internet-Standard-1754549.html
Title: Re: Technical
Post by: Asyn on November 26, 2012, 10:02:58 AM
Homeland Security spent $430M on radios its employees don't know how to use
http://arstechnica.com/tech-policy/2012/11/homeland-security-spent-430m-on-radios-its-employees-dont-know-how-to-use/
http://www.oig.dhs.gov/assets/Mgmt/2013/OIG_13-06_Nov12.pdf
Title: Re: Technical
Post by: Asyn on November 29, 2012, 09:37:40 AM
An Overview of Exploit Packs (Update 17) October 12, 2012
http://contagiodump.blogspot.de/2010/06/overview-of-exploit-packs-update.html
Title: Re: Technical
Post by: Asyn on December 02, 2012, 02:08:29 PM
Surveillance software: Gamma Group's offshore companies uncovered
http://www.h-online.com/security/news/item/Surveillance-software-Gamma-Group-s-offshore-companies-uncovered-1759834.html
http://www.guardian.co.uk/uk/2012/nov/28/offshore-company-directors-military-intelligence
http://linuxch.org/poc2012/Tora,%20Devirtualizing%20FinSpy.pdf
Title: Re: Technical
Post by: Asyn on December 04, 2012, 01:03:15 PM
The Email that Hacks You
http://www.acunetix.com/blog/web-security-zone/the-email-that-hacks-you/
Title: Re: Technical
Post by: Asyn on December 05, 2012, 08:28:28 AM
New DARPA Program Seeks to Reveal Backdoors and Other Hidden Malicious Functionality in Commercial IT Devices
http://www.darpa.mil/NewsEvents/Releases/2012/11/30.aspx
https://www.fbo.gov/utils/view?id=14741b368fcfda0fcf22e361e0b34bd2
Title: Re: Technical
Post by: Asyn on December 08, 2012, 07:48:25 AM
Windows 8 ASLR Internals
http://blog.ptsecurity.com/2012/12/windows-8-aslr-internals.html
Title: Re: Technical
Post by: Asyn on December 10, 2012, 08:44:45 AM
Security Threat Report 2013 (Sophos)
http://www.sophos.com/en-us/security-news-trends/reports/security-threat-report.aspx
http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf
Title: Re: Technical
Post by: Asyn on December 12, 2012, 02:53:25 PM
Skynet, a Tor-powered botnet straight from Reddit
https://community.rapid7.com/community/infosec/blog/2012/12/06/skynet-a-tor-powered-botnet-straight-from-reddit
Title: Re: Technical
Post by: Asyn on December 13, 2012, 05:51:22 AM
An Evaluation of the Application ("App") Verification Service in Android 4.2
http://www.cs.ncsu.edu/faculty/jiang/appverify/
Title: Re: Technical
Post by: Asyn on December 13, 2012, 11:51:32 AM
Internet Explorer Data Leakage
http://spider.io/blog/2012/12/internet-explorer-data-leakage/
http://iedataleak.spider.io/demo
Title: Re: Technical
Post by: Lisandro on December 13, 2012, 12:12:11 PM
An Evaluation of the Application ("App") Verification Service in Android 4.2
http://www.cs.ncsu.edu/faculty/jiang/appverify/
I can only show credits of this research (or, in other words, I can only get interested in the results) if I can see the name of the antimalware x results table.
What I can see is that Google Service is not being able to scan not even half of the malware... Poor.
Title: Re: Technical
Post by: Asyn on December 13, 2012, 12:37:39 PM
An Evaluation of the Application ("App") Verification Service in Android 4.2
http://www.cs.ncsu.edu/faculty/jiang/appverify/
1. I can only show credits of this research (or, in other words, I can only get interested in the results) if I can see the name of the antimalware x results table.
2. What I can see is that Google Service is not being able to scan not even half of the malware... Poor.

1. Not sure why, as it's not really important for the final verdict, but OK, here you go. ;)
-> In Table 2, we show the comparison with ten representative anti-virus engines from VirusTotal (i.e., Avast, AVG, TrendMicro, Symantec, BitDefender, ClamAV, F-Secure, Fortinet, Kaspersky, and Kingsoft).
2. It's even worse, as the detection rate is under 25%. :o :(
Title: Re: Technical
Post by: Lisandro on December 13, 2012, 12:40:21 PM
But we can't associate the result with the particular AV engine...
Title: Re: Technical
Post by: Asyn on December 13, 2012, 12:48:09 PM
But we can't associate the result with the particular AV engine...

Why..?? It's quite obvious that avast! is AV1, isn't it..!?
Title: Re: Technical
Post by: bob3160 on December 13, 2012, 12:54:43 PM
But we can't associate the result with the particular AV engine...

Why..?? It's quite obvious that avast! is AV1, isn't it..!?
avast! is indeed #1 since it also scored 100%
Title: Re: Technical
Post by: Lisandro on December 13, 2012, 12:58:45 PM
Why..?? It's quite obvious that avast! is AV1, isn't it..!?
My fault. It did not see the correlation between the text and the AV1, AV2...
Thanks for pointing me out this :)
Title: Re: Technical
Post by: Asyn on December 13, 2012, 12:59:53 PM
Why..?? It's quite obvious that avast! is AV1, isn't it..!?
My fault. It did not see the correlation between the text and the AV1, AV2...
Thanks for pointing me out this :)

NP pal. :)
Title: Re: Technical
Post by: bob3160 on December 13, 2012, 01:14:07 PM
More on this subject:
https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/ (https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/)
Title: Re: Technical
Post by: Asyn on December 14, 2012, 08:05:48 AM
More on this subject:
https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/ (https://blog.avast.com/2012/12/13/is-google-protecting-me-after-all/)

Thanks Bob. :)
Title: Re: Technical
Post by: Asyn on December 16, 2012, 03:22:50 PM
Metasploit Pro 4.5.0 Release
https://community.rapid7.com/docs/DOC-2108
https://community.rapid7.com/community/metasploit/blog/2012/12/07/go-phishing-how-to-manage-phishing-exposure-with-metasploit
https://community.rapid7.com/community/metasploit/blog/2012/12/07/metasploit-hits-1000-exploits
Title: Re: Technical
Post by: Asyn on December 22, 2012, 06:23:01 PM
How to explain Hash DoS to your parents by using cats
http://www.anchor.com.au/blog/2012/12/how-to-explain-hash-dos-to-your-parents-by-using-cats/
http://crypto.junod.info/2012/12/13/hash-dos-and-btrfs/
Title: Re: Technical
Post by: Asyn on December 23, 2012, 02:47:22 PM
Dirty note on Samsung Smart TV Security
http://grayhash.com/2012/12/20/samsung_smart_tv_security/
Title: Re: Technical
Post by: DavidR on December 23, 2012, 04:17:26 PM
Dirty note on Samsung Smart TV Security
http://grayhash.com/2012/12/20/samsung_smart_tv_security/

I was pretty slow in getting on-board with smart phones as security was my biggest concern. But now then have many security applications including the avast! Mobile Security app for Android.

My concerns about Smart TV are very much the same as smart phones and possibly worse, how the hell do you clean an infected smart TV. I have a Samsung LED TV and although an earlier version it has the ability to be networked and get Internet, but I rather doubt I would ever connect it.
Title: Re: Technical
Post by: Asyn on December 23, 2012, 04:48:40 PM
My concerns about Smart TV are very much the same as smart phones and possibly worse, how the hell do you clean an infected smart TV. I have a Samsung LED TV and although an earlier version it has the ability to be networked and get Internet, but I rather doubt I would ever connect it.

Yes, let's better wait until avast! for Smart TV is available. ;)
Title: Re: Technical
Post by: Asyn on January 05, 2013, 06:16:48 PM
Happy New Year Analysis of CVE-2012-4792
http://blog.exodusintel.com/2013/01/02/happy-new-year-analysis-of-cve-2012-4792/
Title: Re: Technical
Post by: Asyn on January 08, 2013, 09:22:23 AM
UI Redressing Mayhem: Identification Attacks and UI Redressing on Google Chrome
http://blog.nibblesec.org/2012/12/ui-redressing-mayhem-identification.html
Title: Re: Technical
Post by: Asyn on January 11, 2013, 01:44:04 PM
Nokia phone forcing traffic through proxy
http://gaurangkp.wordpress.com/2012/12/05/nokia-proxy/

Nokia’s MITM on HTTPS traffic from their phone
http://gaurangkp.wordpress.com/2013/01/09/nokia-https-mitm/
Title: Re: Technical
Post by: Asyn on January 15, 2013, 01:45:44 PM
The "Red October" Campaign
An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation
Title: Re: Technical
Post by: Asyn on January 16, 2013, 11:21:28 AM
Watering hole attacks continue (with a twist)
http://blog.avast.com/2013/01/15/watering-hole-attacks-continue-with-a-twist/
Title: Re: Technical
Post by: Asyn on January 18, 2013, 09:29:48 AM
Mozilla Minion: What, Why, and How
https://wiki.mozilla.org/Security/Projects/Minion
http://yboily.tumblr.com/post/35078757244/minion-what-why-and-how
Title: Re: Technical
Post by: Asyn on January 19, 2013, 11:14:29 AM
Silent installs of add-ons still possible in Firefox
http://www.h-online.com/open/news/item/Silent-installs-of-add-ons-still-possible-in-Firefox-1787297.html
http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html
Title: Re: Technical
Post by: Hermite15 on January 19, 2013, 02:12:45 PM
Silent installs of add-ons still possible in Firefox
http://www.h-online.com/open/news/item/Silent-installs-of-add-ons-still-possible-in-Firefox-1787297.html
http://research.zscaler.com/2012/09/how-to-install-silently-malicious.html

not good at all ... I guess they already know it for ages (Mozilla) ... I'll try to report that anyway.

edit: reported on their user's feedback page as well as on the bug tracker.
Title: Re: Technical
Post by: Asyn on January 19, 2013, 05:34:48 PM
The "Red October" Campaign
An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation


"Red October" - part two, the modules
http://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules
Title: Re: Technical
Post by: Asyn on January 21, 2013, 11:53:57 AM
Google Declares War on the Password
http://www.wired.com/wiredenterprise/2013/01/google-password/all/
Title: Re: Technical
Post by: Asyn on January 21, 2013, 01:42:01 PM
Hiding in Plain Sight: The FAKEM Remote Access Trojan
http://blog.trendmicro.com/trendlabs-security-intelligence/hiding-in-plain-sight-the-fakem-remote-access-trojan/
http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-fakem-rat.pdf
Title: Re: Technical
Post by: Asyn on January 22, 2013, 08:55:32 AM
The "Red October" Campaign
An Advanced Cyber Espionage Network Targeting Diplomatic and Government Agencies
http://www.securelist.com/en/blog/785/The_Red_October_Campaign_An_Advanced_Cyber_Espionage_Network_Targeting_Diplomatic_and_Government_Agencies
http://www.securelist.com/en/analysis/204792262/Red_October_Diplomatic_Cyber_Attacks_Investigation


"Red October" - part two, the modules
http://www.securelist.com/en/blog/208194091/Red_October_part_two_the_modules

Red October Attackers Shutting Down C&C Infrastructure
http://threatpost.com/en_us/blogs/red-october-attackers-shutting-down-cc-infrastructure-011813
Title: Re: Technical
Post by: Asyn on January 23, 2013, 10:14:03 AM
Watering hole attacks continue (with a twist)
http://blog.avast.com/2013/01/15/watering-hole-attacks-continue-with-a-twist/

‘Reporters without Borders’ website misused in wateringhole attack
http://blog.avast.com/2013/01/22/reporters-without-borders-website-misused-in-wateringhole-attack/
Title: Re: Technical
Post by: Asyn on January 23, 2013, 11:35:44 PM
Pwn2Own 2013
http://dvlabs.tippingpoint.com/blog/2013/01/17/pwn2own-2013
Title: Re: Technical
Post by: Asyn on January 24, 2013, 01:02:17 PM
Megafail
http://fail0verflow.com/blog/2013/megafail.html
Title: Re: Technical
Post by: Asyn on January 25, 2013, 09:20:08 AM
Attacking the Windows 7/8 Address Space Randomization
http://kingcope.wordpress.com/2013/01/24/attacking-the-windows-78-address-space-randomization/
Title: Re: Technical
Post by: Asyn on January 27, 2013, 09:34:06 AM
Laser Precision Phishing — Are You on the Bouncer’s List Today?
http://blogs.rsa.com/laser-precision-phishing-are-you-on-the-bouncers-list-today/
Title: Re: Technical
Post by: Asyn on January 28, 2013, 01:42:28 PM
Memory Errors: The Past, the Present, and the Future
http://www.isg.rhul.ac.uk/sullivan/pubs/tr/technicalreport-ir-cs-73.pdf
Title: Re: Technical
Post by: Asyn on January 31, 2013, 02:46:40 PM
Security Flaws in Universal Plug and Play: Unplug, Don't Play
https://community.rapid7.com/community/infosec/blog/2013/01/29/security-flaws-in-universal-plug-and-play-unplug-dont-play
https://community.rapid7.com/servlet/JiveServlet/download/2150-1-16596/SecurityFlawsUPnP.pdf
Title: Re: Technical
Post by: Asyn on February 02, 2013, 05:14:19 PM
Mozilla pulling plug on auto-running nearly all plugins
http://www.h-online.com/security/news/item/Mozilla-pulling-plug-on-auto-running-nearly-all-plugins-1794162.html
https://blog.mozilla.org/security/2013/01/29/putting-users-in-control-of-plugins/
Title: Re: Technical
Post by: Asyn on February 04, 2013, 03:37:16 PM
Effect of Grammar on Security of Long Passwords
https://www.cs.cmu.edu/~agrao/paper/Effect_of_Grammar_on_Security_of_Long_Passwords.pdf
Title: Re: Technical
Post by: Asyn on February 06, 2013, 10:06:16 AM
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols
http://www.isg.rhul.ac.uk/tls/
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Title: Re: Technical
Post by: Asyn on February 11, 2013, 01:18:20 PM
Packets of Death
http://blog.krisk.org/2013/02/packets-of-death.html
http://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement
http://www.wired.com/wiredenterprise/2013/02/packet-of-death/
http://blog.krisk.org/2013/02/packets-of-death-update.html
Title: Re: Technical
Post by: Asyn on February 15, 2013, 08:52:12 AM
Malware: Dollar Equals Tilde Square Brackets
http://blog.avast.com/2013/02/14/malware-dollar-equals-tilde-square-brackets/

Quote
To deobfuscate the payload, you can use our in-house developed deobfuscator (http://dollar.zikin.cz/)
Title: Re: Technical
Post by: Asyn on February 16, 2013, 09:47:50 AM
FROST: Forensic Recovery Of Scrambled Telephones
https://www1.informatik.uni-erlangen.de/frost
http://www1.cs.fau.de/filepool/projects/frost/frost.pdf
Title: Re: Technical
Post by: Asyn on February 24, 2013, 01:12:31 PM
Digging Into the Sandbox-Escape Technique of the Recent PDF Exploit
http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit
Title: Re: Technical
Post by: Asyn on February 26, 2013, 07:41:46 AM
Vulnerabilities served up
http://www.h-online.com/security/news/item/Vulnerabilities-served-up-1810524.html
http://www.theregister.co.uk/2013/02/21/punkspider/
http://punkspider.hyperiongray.com/
Title: Re: Technical
Post by: Asyn on February 27, 2013, 12:10:34 PM
Bypassing Google’s Two-Factor Authentication
https://blog.duosecurity.com/2013/02/bypassing-googles-two-factor-authentication/
Title: Re: Technical
Post by: Asyn on March 06, 2013, 10:21:29 AM
Stuxnet 0.5: The sabotage worm is older than previously thought
http://www.h-online.com/security/news/item/Stuxnet-0-5-The-sabotage-worm-is-older-than-previously-thought-1812496.html
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/stuxnet_0_5_the_missing_link.pdf
Title: Re: Technical
Post by: Asyn on March 14, 2013, 07:43:34 AM
Mobile Drive-By Malware example
http://blog.avast.com/2013/03/11/mobile-drive-by-malware-example/
Title: Re: Technical
Post by: Asyn on March 16, 2013, 08:02:03 PM
Mobile Threat Report Q4 2012
http://www.f-secure.com/static/doc/labs_global/Research/Mobile%20Threat%20Report%20Q4%202012.pdf
Title: Re: Technical
Post by: Asyn on March 17, 2013, 10:42:12 AM
Attack of the week: RC4 is kind of broken in TLS
http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html
Title: Re: Technical
Post by: Asyn on March 19, 2013, 10:38:41 AM
Analysis of Chinese attack against Korean banks
http://blog.avast.com/2013/03/19/analysis-of-chinese-attack-against-korean-banks/
Title: Re: Technical
Post by: Asyn on March 20, 2013, 01:23:25 PM
Banker Omnia Vincit – A tale of signed Brazilian bankers
http://blog.avast.com/2013/03/20/banker-omnia-vincit-a-tale-of-signed-brazilian-bankers/
http://files.avast.com/files/viruslab/banker-omnia-vincit.pdf
Title: Re: Technical
Post by: Asyn on March 22, 2013, 09:30:06 AM
Owning Samsung phones for fun (...but with no profit :-))
http://randomthoughts.greyhats.it/2013/03/owning-samsung-phones-for-fun-but-with.html
Title: Re: Technical
Post by: Asyn on March 23, 2013, 10:21:00 PM
Hacking the <a> tag in 100 characters
http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html
Title: Re: Technical
Post by: DavidR on March 23, 2013, 10:30:50 PM
Hacking the <a> tag in 100 characters
http://bilaw.al/2013/03/17/hacking-the-a-tag-in-100-characters.html

The NoScript puts a crimp in this little hack, so whilst it shouldn't have to if the browser prevents it, if you aren't already running NoScript then now is the time to start.
Title: Re: Technical
Post by: Asyn on March 24, 2013, 03:10:12 PM
2012 Law Enforcement Requests Report
http://www.microsoft.com/about/corporatecitizenship/en-us/reporting/transparency/
http://download.microsoft.com/download/F/3/8/F38AF681-EB3A-4645-A9C4-D4F31B8BA8F2/MSFT_Reporting_Data.pdf
Title: Re: Technical
Post by: Asyn on March 27, 2013, 06:42:39 AM
Fake Facebook login pages spreading by Facebook applications
http://blog.avast.com/2013/03/25/fake-facebook-login-pages-spreading-by-facebook-applications/
http://www.techgainer.com/what-is-fake-facebook-login-page-and-how-it-is-used-to-hack-facebook-account/
Title: Re: Technical
Post by: bob3160 on March 28, 2013, 01:25:10 PM

(https://blog.avast.com/wp-content/uploads/2013/03/UI-big-smiley.png)
The avast! 8 User Interface: A study of change (https://blog.avast.com/2013/03/28/the-avast-8-user-interface/)
Title: Re: Technical
Post by: Asyn on April 06, 2013, 08:08:51 PM
Backdoor Uses Evernote as Command-and-Control Server
http://blog.trendmicro.com/trendlabs-security-intelligence/backdoor-uses-evernote-as-command-and-control-server/
Title: Re: Technical
Post by: Asyn on April 07, 2013, 12:59:37 AM
Security Done Wrong: Leaky FTP Server
http://adamcaudill.com/2013/04/04/security-done-wrong-leaky-ftp-server/
Title: Re: Technical
Post by: Asyn on April 07, 2013, 04:45:58 PM
Hackersh 0.1 Release Announcement
http://blog.ikotler.org/2013/04/hackersh-01-release-announcement.html
Title: Re: Technical
Post by: Asyn on April 09, 2013, 08:56:42 AM
Stels Android Trojan Malware Analysis
http://www.secureworks.com/cyber-threat-intelligence/threats/stels-android-trojan-malware-analysis/

PS: We're protected: https://www.virustotal.com/en/file/03c1b44c94c86c3137862c20f9f745e0f89ce2cdb778dc6466a06a65b7a591ae/analysis/
Title: Re: Technical
Post by: Asyn on April 13, 2013, 10:21:44 AM
Why we love specifications (not)! Part II
http://blog.avast.com/2013/04/12/why-we-love-specifications-not-part2/
Title: Re: Technical
Post by: Asyn on April 13, 2013, 06:56:10 PM
Persona Beta 2 launch
https://hacks.mozilla.org/2013/04/persona-beta-2-launch/
http://identity.mozilla.com/post/47541633049/persona-beta-2/
http://blog.mozilla.org/beyond-the-code/2013/04/09/persona-beta2/
Title: Re: Technical
Post by: Asyn on April 14, 2013, 10:59:24 AM
WordPress Plugin Social Media Widget Hiding Spam – Remove it now
http://blog.sucuri.net/2013/04/wordpress-plugin-social-media-widget.html
Title: Re: Technical
Post by: CraigB on April 14, 2013, 07:38:09 PM
Hijacking airplanes with an Android phone

https://www.net-security.org/secworld.php?id=14733
Title: Re: Technical
Post by: Asyn on April 15, 2013, 10:34:18 AM
Hijacking airplanes with an Android phone
https://www.net-security.org/secworld.php?id=14733

More here: http://conference.hitb.org/hitbsecconf2013ams/materials/D1T1%20-%20Hugo%20Teso%20-%20Aircraft%20Hacking%20-%20Practical%20Aero%20Series.pdf
Title: Re: Technical
Post by: Asyn on April 20, 2013, 04:52:16 PM
Cuckoo Sandbox 0.6
http://cuckoosandbox.org/2013-04-15-cuckoo-sandbox-06.html
Title: Re: Technical
Post by: Asyn on April 24, 2013, 01:53:06 PM
VirusTotal += PCAP Analyzer
http://blog.virustotal.com/2013/04/virustotal-pcap-analyzer.html
Title: Re: Technical
Post by: Asyn on April 26, 2013, 09:48:17 AM
Serial Offenders: Widespread Flaws in Serial Port Servers
https://community.rapid7.com/community/metasploit/blog/2013/04/23/serial-offenders-widespread-flaws-in-serial-port-servers
Title: Re: Technical
Post by: Asyn on April 27, 2013, 10:17:01 AM
The Mutter Backdoor: Operation Beebus with New Targets
http://www.fireeye.com/blog/technical/malware-research/2013/04/the-mutter-backdoor-operation-beebus-with-new-targets.html
Title: Re: Technical
Post by: Asyn on April 28, 2013, 01:28:21 PM
State of the Internet Report (Q4 2012)
http://www.akamai.com/dl/akamai/akamai_soti_q412_exec_summary.pdf
Title: Re: Technical
Post by: Asyn on April 30, 2013, 09:30:01 AM
Mozilla: the Next 15 Years
http://www.h-online.com/open/features/Mozilla-the-Next-15-Years-1837073.html
Title: Re: Technical
Post by: Asyn on May 04, 2013, 05:42:46 PM
Regents of Louisiana spreading Sirefef malware
http://blog.avast.com/2013/05/03/regents-of-louisiana-spreading-sirefef-malware/
Title: Re: Technical
Post by: CraigB on May 07, 2013, 08:21:52 PM
Windows 8 at 6 months
http://blogs.windows.com/windows/b/bloggingwindows/archive/2013/05/06/windows-8-at-6-months-q-amp-a-with-tami-reller.aspx
Title: Re: Technical
Post by: Asyn on May 09, 2013, 08:11:43 AM
"Honeywords" plan to snare password thieves
http://www.h-online.com/security/news/item/Honeywords-plan-to-snare-password-thieves-1858488.html
http://people.csail.mit.edu/rivest/pubs/JR13.pdf
Title: Re: Technical
Post by: Asyn on May 11, 2013, 09:57:19 AM
Common OAuth issue you can use to take over accounts
http://webstersprodigy.net/2013/05/09/common-oauth-issue-you-can-use-to-take-over-accounts/
Title: Re: Technical
Post by: Asyn on May 12, 2013, 10:13:39 AM
Untangling the Web: A Guide to Internet Research
http://www.nsa.gov/public_info/_files/Untangling_the_Web.pdf
Title: Re: Technical
Post by: Asyn on May 16, 2013, 11:43:32 AM
Fraunhofer FOKUS institute releases Fuzzino fuzzing library
http://www.h-online.com/security/news/item/Fraunhofer-FOKUS-institute-releases-Fuzzino-fuzzing-library-1863924.html
Title: Re: Technical
Post by: Asyn on May 19, 2013, 09:43:37 AM
Firmware Hacking: The Samsung smart TV turn
http://marcoramilli.blogspot.it/2013/05/firmware-hacking-samsung-smart-tv-turn.html
Title: Re: Technical
Post by: Asyn on May 20, 2013, 08:25:07 AM
Vaccinating systems against VM-aware malware
https://community.rapid7.com/community/infosec/blog/2013/05/13/vaccinating-systems-against-vm-aware-malware
Title: Re: Technical
Post by: Asyn on May 24, 2013, 11:32:10 AM
Ragebooter: ‘Legit’ DDoS Service, or Fed Backdoor?
https://krebsonsecurity.com/2013/05/ragebooter-legit-ddos-service-or-fed-backdoor/
Title: Re: Technical
Post by: Asyn on May 25, 2013, 10:43:08 AM
Grum lives!
http://blog.avast.com/2013/05/22/grum-lives/
Title: Re: Technical
Post by: Asyn on May 26, 2013, 01:26:07 PM
Exploiting Samsung Galaxy S4 Secure Boot
http://blog.azimuthsecurity.com/2013/05/exploiting-samsung-galaxy-s4-secure-boot.html
Title: Re: Technical
Post by: Asyn on May 28, 2013, 10:10:02 AM
Blackberry Z10 research primer – An initial analysis (by A. Antukh)
https://www.sec-consult.com/fxdata/seccons/prod/downloads/sec_consult_vulnerability_lab_blackberry_z10_initial_analysis_v10.pdf
Title: Re: Technical
Post by: Asyn on May 29, 2013, 11:03:49 AM
Analysis of a self-debugging Sirefef cryptor
http://blog.avast.com/2013/05/29/analysis-of-a-self-debugging-sirefef-cryptor/
Title: Re: Technical
Post by: Asyn on May 30, 2013, 02:11:23 PM
Improving the security of your SSH private key files
http://martin.kleppmann.com/2013/05/24/improving-security-of-ssh-private-keys.html
Title: Re: Technical
Post by: Asyn on May 31, 2013, 10:46:31 AM
Would you knowingly trust an irrevocable SSL certificate?
http://news.netcraft.com/archives/2013/05/23/would-you-knowingly-trust-an-irrevocable-ssl-certificate.html
Title: Re: Technical
Post by: bob3160 on June 01, 2013, 03:17:47 PM

(https://www.evernote.com/shard/s20/sh/395df95b-8466-4abf-8fa9-4ddd3ee93fe4/4201d5f307259e50d6b4f3b0aff61498/res/48fe9f7f-0dcc-44db-91ba-7150d0380ee7.jpg?resizeSmall&width=832)
Malware similarity and clustering made easy (http://www.simseer.com/)
Title: Re: Technical
Post by: Asyn on June 02, 2013, 12:39:03 PM
Sensing-Enabled Channels for Hard-to-Detect Command and Control of Mobile Devices
http://students.cis.uab.edu/zawoad/paper/asia03-hasan.pdf
Title: Re: Technical
Post by: Johnny4745 on June 02, 2013, 05:13:08 PM
Sick of Typing Passwords? Get an Electronic Tattoo or Ingest a Pill

By Joanna Stern
May 31, 2013 12:25pm

Cut!

Dugan showed off a small pill. Inside that pill wasn’t medication but a tiny computer chip. “It also has what amounts to an inside-out potato battery. The acids in your stomach serve as an electrolyte and power it up,” she explained.

That creates a signal in your body and your body becomes the password. You can touch your phone, car or door and be “authenticated in.” Sounds crazy, yes, but this is not just “science fiction” Dugan said. Made by Proteus Digital Health, the pill was approved by the FDA in August 2012...

http://abcnews.go.com/blogs/technology/2013/05/sick-of-typing-passwords-get-an-electronic-tattoo-or-ingest-a-pill/
Title: Re: Technical
Post by: bob3160 on June 03, 2013, 02:56:25 PM
Android antivirus apps are less-than-stellar (http://www.tgdaily.com/security-features/71937-report-android-antivirus-apps-are-less-than-stellar)
If you're interested in reading the actual report,
you'll find it at:
http://list.cs.northwestern.edu/mobile/droidchameleon_nu_eecs_13_01.pdf (http://list.cs.northwestern.edu/mobile/droidchameleon_nu_eecs_13_01.pdf)


I wonder how avast! Mobile Security would have been rated in this test ???

Title: Re: Technical
Post by: essexboy on June 03, 2013, 03:32:25 PM
Yes it does appear to be missing from there
Title: Re: Technical
Post by: Johnny4745 on June 03, 2013, 10:37:45 PM
Forget .com: Get ready for .google and .apple

By Julianne Pepitone June 3, 2013: 3:57 AM ET

ICANN received 1,930 applications for new top-level domains.
NEW YORK (CNNMoney)
The largest-ever expansion of the Internet's naming system, beyond trusty old .com and .org, is almost here: Hundreds of dot-anything websites are slated to roll out this year, starting as early as this summer.

The list of proposed new domains includes .google, .apple, .nyc and .book. It's the first major expansion in more than a decade, and it's a complicated process -- one that has suffered through both technical delays and critics' concerns...

http://money.cnn.com/2013/06/03/technology/enterprise/icann-domain-expansion/index.html?hpt=hp_t3
Title: Re: Technical
Post by: Asyn on June 04, 2013, 01:29:31 PM
Social engineering attacks using DRM protected ASF files
http://blog.virustotal.com/2013/06/social-engineering-attacks-using-drm.html
Title: Re: Technical
Post by: Johnny4745 on June 04, 2013, 09:23:51 PM
Command Prompt - Fix Issues with your Boot Records

By Maximilian on 12/01/2010

If your Windows 7 is having trouble booting properly and Startup Repair didn't fix the problem, it's worth trying the Bootrec.exe tool by running in the Command Prompt. This utility was designed to troubleshoot and repair startup issues in Windows 7.

http://www.7tutorials.com/command-prompt-fix-issues-your-boot-records
Title: Re: Technical
Post by: mchain on June 05, 2013, 08:07:55 AM
New safe test suite for checking for proper a/v operation (ATMSO) from PC Mag dot com:  http://securitywatch.pcmag.com/security-software/312184-is-your-antivirus-working (http://securitywatch.pcmag.com/security-software/312184-is-your-antivirus-working)

ATMSO website test link:  http://www.amtso.org/ (http://www.amtso.org/)
Title: Re: Technical
Post by: Asyn on June 05, 2013, 07:24:55 PM
For Your Satisfaction – Android:Satfi-A [Trj]
http://blog.avast.com/2013/06/04/for-your-satisfaction/
Title: Re: Technical
Post by: Asyn on June 07, 2013, 11:33:45 AM
1,462 botnets shut down by Microsoft, FBI and financial sector
http://www.h-online.com/security/news/item/1-462-botnets-shut-down-by-Microsoft-FBI-and-financial-sector-1884174.html
http://www.microsoft.com/en-us/news/Press/2013/Jun13/06-05DCUPR.aspx
Title: Re: Technical
Post by: Asyn on June 12, 2013, 06:03:59 PM
1,462 botnets shut down by Microsoft, FBI and financial sector
http://www.h-online.com/security/news/item/1-462-botnets-shut-down-by-Microsoft-FBI-and-financial-sector-1884174.html
http://www.microsoft.com/en-us/news/Press/2013/Jun13/06-05DCUPR.aspx

Citadel takedown took down security researchers too
http://www.h-online.com/security/news/item/Citadel-takedown-took-down-security-researchers-too-1887328.html
http://www.abuse.ch/?p=5362
http://nakedsecurity.sophos.com/2013/06/12/microsoft-citadel-takedown/
Title: Re: Technical
Post by: Asyn on June 14, 2013, 12:09:47 PM
OWASP Top 10 for 2013
https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013.pdf
Title: Re: Technical
Post by: Asyn on June 19, 2013, 11:24:11 AM
Your Facebook connection is now secured! Thank you for your support!
http://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/
Title: Re: Technical
Post by: DavidR on June 19, 2013, 02:50:32 PM
Your Facebook connection is now secured! Thank you for your support!
http://blog.avast.com/2013/06/18/your-facebook-connection-is-now-secured/

A variation on an old theme brought up to date a little by saying it is facebook.

This was frequently used to say your email account or bank account was blocked, mainly to try and get your logon details and passwords, etc.
Title: Re: Technical
Post by: Asyn on June 20, 2013, 12:12:32 PM
Microsoft Security Bounty Programs
http://www.microsoft.com/security/msrc/report/bountyprograms.aspx
http://blogs.technet.com/b/srd/archive/2013/06/17/new-bounty-program-details.aspx
http://www.microsoft.com/security/msrc/report/guidelines.aspx
Title: Re: Technical
Post by: Asyn on June 23, 2013, 10:02:27 AM
Content Security Policy halts XSS in its tracks
http://www.h-online.com/security/features/Content-Security-Policy-halts-XSS-in-its-tracks-1892346.html
Title: Re: Technical
Post by: Asyn on June 26, 2013, 10:01:03 AM
Story of the Cutwail/Pushdo hidden C&C server
http://blog.avast.com/2013/06/25/15507/
Title: Re: Technical
Post by: Asyn on June 29, 2013, 08:22:29 PM
Mixed Content Blocker hits Firefox Beta!
https://blog.mozilla.org/security/2013/06/27/mixed-content-blocker-hits-firefox-beta/
https://blog.mozilla.org/tanvi/2013/04/10/mixed-content-blocking-enabled-in-firefox-23/
https://quality.mozilla.org/2013/06/mixed-content-blocking-test-day-july-1s
Title: Re: Technical
Post by: Asyn on July 04, 2013, 11:28:11 AM
Fake Flash Player installer spreads via Twitter and Facebook
http://blog.avast.com/2013/07/03/fake-flash-player-installer/
Title: Re: Technical
Post by: Asyn on July 05, 2013, 11:36:30 AM
A Penetration Tester's Guide to IPMI and BMCs
https://community.rapid7.com/community/metasploit/blog/2013/06/23/a-penetration-testers-guide-to-ipmi
Title: Re: Technical
Post by: Asyn on July 08, 2013, 10:33:52 AM
Uncovering Android Master Key That Makes 99% of Devices Vulnerable
http://bluebox.com/corporate-blog/bluebox-uncovers-android-master-key/
Title: Re: Technical
Post by: Asyn on July 09, 2013, 11:42:52 AM
Anatomy of a browser trick - you've heard of "clickjacking", now meet "keyjacking"...
http://nakedsecurity.sophos.com/2013/06/29/anatomy-of-a-browser-trick-youve-heard-of-clickjacking-now-meet-keyjacking/
Title: Re: Technical
Post by: Asyn on July 10, 2013, 12:13:45 PM
Hijacking a Facebook Account with SMS
http://blog.fin1te.net/post/53949849983/hijacking-a-facebook-account-with-sms
Title: Re: Technical
Post by: Asyn on July 12, 2013, 03:49:34 PM
Forensic Analysis of the Tor Browser Bundle on OS X, Linux, and Windows
https://research.torproject.org/techreports/tbb-forensic-analysis-2013-06-28.pdf
Title: Re: Technical
Post by: Asyn on July 18, 2013, 10:24:50 AM
NSS 3.15.1 brings TLS 1.2 support to Firefox
http://www.h-online.com/security/news/item/NSS-3-15-1-brings-TLS-1-2-support-to-Firefox-1918133.html
https://developer.mozilla.org/en-US/docs/NSS/NSS_3.15.1_release_notes
Title: Re: Technical
Post by: Asyn on July 20, 2013, 09:27:00 AM
Use Google as a Proxy Server to Bypass Paywalls, Download Files
http://www.labnol.org/internet/google-proxy-server/28112/
Title: Re: Technical
Post by: Asyn on July 22, 2013, 12:14:37 PM
Web proxy detection and real IP address disclosure
https://zorrovpn.com/articles/web-proxy-detection
Title: Re: Technical
Post by: Asyn on July 23, 2013, 08:27:33 AM
Multisystem Trojan Janicab attacks Windows and MacOSX via scripts
http://blog.avast.com/2013/07/22/multisystem-trojan-janicab-attacks-windows-and-macosx-via-scripts/
Title: Re: Technical
Post by: Asyn on July 25, 2013, 11:37:51 AM
Urausy Lockscreen: Your computer will remain locked for 3 days, 11 hours and 20 minutes!
http://blog.avast.com/2013/07/24/urausy-lockscreen-your-computer-will-remain-locked-for-3-days-11-hours-and-20-minutes/
Title: Re: Technical
Post by: bob3160 on July 25, 2013, 01:46:31 PM
Urausy Lockscreen: Your computer will remain locked for 3 days, 11 hours and 20 minutes!
http://blog.avast.com/2013/07/24/urausy-lockscreen-your-computer-will-remain-locked-for-3-days-11-hours-and-20-minutes/ (http://blog.avast.com/2013/07/24/urausy-lockscreen-your-computer-will-remain-locked-for-3-days-11-hours-and-20-minutes/)
I guess you didn't like it here ???  :)
http://forum.avast.com/index.php?topic=52252.msg967901#msg967901 (http://forum.avast.com/index.php?topic=52252.msg967901#msg967901)
Title: Re: Technical
Post by: Asyn on July 25, 2013, 02:36:24 PM
I guess you didn't like it here ???  :)
http://forum.avast.com/index.php?topic=52252.msg967901#msg967901 (http://forum.avast.com/index.php?topic=52252.msg967901#msg967901)

That's right Bob. It's no security warning (per se), but a technical analysis. ;)
Title: Re: Technical
Post by: Asyn on July 26, 2013, 02:18:08 PM
Exploit (& Fix) Android "Master Key"
http://www.saurik.com/id/17
Title: Re: Technical
Post by: Asyn on July 27, 2013, 07:15:19 PM
Advanced Exploitation of Windows Kernel Privilege Escalation (CVE-2013-3660 / MS13-053)
http://www.vupen.com/blog/20130723.Advanced_Exploitation_Windows_Kernel_Win32k_EoP_MS13-053.php
Title: Re: Technical
Post by: Asyn on July 30, 2013, 04:41:21 PM
How Browsers Store Your Passwords (and Why You Shouldn't Let Them)
http://raidersec.blogspot.in/2013/06/how-browsers-store-your-passwords-and.html
Title: Re: Technical
Post by: Asyn on July 31, 2013, 11:11:51 AM
Phishing Google Wallet and Paypal by abusing WhatsApp
https://cureblog.de/2013/07/phishing-google-wallet-and-paypal-by-abusing-whatsapp/
Title: Re: Technical
Post by: Asyn on August 03, 2013, 08:25:44 AM
Malicious Bitcoin Miners target Czech Republic
http://blog.avast.com/2013/08/01/malicious-bitcoin-miners-target-czech-republic/
Title: Re: Technical
Post by: Asyn on August 03, 2013, 05:04:31 PM
Password Algorithms: Internet Explorer 10 (Windows Vault)
http://insecurety.net/?p=933
Title: Re: Technical
Post by: Asyn on August 08, 2013, 11:11:22 AM
The Public-Private Surveillance Partnership
http://www.bloomberg.com/news/2013-07-31/the-public-private-surveillance-partnership.html
Title: Re: Technical
Post by: Asyn on August 09, 2013, 11:58:17 AM
Black-Hat USA 2013 - Archives
https://www.blackhat.com/us-13/archives.html
Title: Re: Technical
Post by: Asyn on August 11, 2013, 09:42:25 AM
BREACH vulnerability in compressed HTTPS
http://www.kb.cert.org/vuls/id/987798
http://breachattack.com/resources/BREACH%20-%20SSL,%20gone%20in%2030%20seconds.pdf
https://community.qualys.com/blogs/securitylabs/2013/08/07/defending-against-the-breach-attack
Title: Re: Technical
Post by: thug4real on August 11, 2013, 10:31:33 AM
How Browsers Store Your Passwords (and Why You Shouldn't Let Them)
http://raidersec.blogspot.in/2013/06/how-browsers-store-your-passwords-and.html
Hmm man that is serious. Thank you for posting this, this is why a firewall with outbound protection is needed, and why not a HIPS, but I know that many hate HIPS because is too intrusive, but for advanced users HIPS become handy(but hey don't judge me is just my opinion).
Title: Re: Technical
Post by: Asyn on August 13, 2013, 08:07:23 AM
Your documents are corrupted: From image to an information stealing trojan
http://blog.avast.com/2013/08/12/your-documents-are-corrupted-from-image-to-an-information-stealing-trojan/
Title: Re: Technical
Post by: Asyn on August 16, 2013, 11:38:12 AM
IT Threat Evolution: Q2 2013
https://www.securelist.com/en/analysis/204792299/IT_Threat_Evolution_Q2_2013
Title: Re: Technical
Post by: Asyn on August 17, 2013, 08:59:56 PM
Open Source Backdoor – Copyrighted Under GNU GPL
http://blog.sucuri.net/2013/08/open-source-backdoor-copyrighted-under-gnu-gpl.html
Title: Re: Technical
Post by: Asyn on August 18, 2013, 01:51:18 PM
Hacking Lightbulbs
http://www.dhanjani.com/docs/Hacking%20Lighbulbs%20Hue%20Dhanjani%202013.pdf
Title: Re: Technical
Post by: Asyn on August 19, 2013, 09:33:14 AM
Software Vulnerability Exploitation Trends
http://www.microsoft.com/en-us/download/details.aspx?id=39680
Title: Re: Technical
Post by: Asyn on August 20, 2013, 10:16:10 AM
How We Found Every Single Vulnerable Website
http://blog.nerdydata.com/post/57544050832/how-we-found-every-single-vulnerable-website
Title: Re: Technical
Post by: Asyn on August 21, 2013, 08:50:29 AM
No problem bro – ransom decryption service
http://blog.avast.com/2013/08/20/no-problem-bro-ransom-decryption-service/
Title: Re: Technical
Post by: Asyn on August 22, 2013, 08:15:53 AM
Remote Code Execution on Wired-side Servers over Unauthenticated Wireless
http://blog.opensecurityresearch.com/2013/08/remote-code-execution-on-wired-side.html
Title: Re: Technical
Post by: Asyn on August 23, 2013, 08:53:09 AM
Introducing FuzzDB
https://blog.mozilla.org/security/2013/08/16/introducing-fuzzdb/
Title: Re: Technical
Post by: Asyn on August 24, 2013, 04:54:50 PM
Jekyll on iOS: When Benign Apps Become Evil
https://www.usenix.org/system/files/conference/usenixsecurity13/sec13-paper_wang_2.pdf
Title: Re: Technical
Post by: Asyn on August 24, 2013, 09:26:12 PM
Nmap 6.40 Released! New scripts, new signatures, better performance!
http://seclists.org/nmap-announce/2013/1
Title: Re: Technical
Post by: Asyn on August 25, 2013, 01:41:26 PM
Plug-n-Hack
https://blog.mozilla.org/security/2013/08/22/plug-n-hack/
Title: Re: Technical
Post by: Asyn on August 26, 2013, 10:56:00 AM
The backdoor you didn’t grep
http://rileykidd.com/2013/08/21/the-backdoor-you-didnt-grep/
Title: Re: Technical
Post by: bob3160 on August 27, 2013, 01:38:47 PM
Turbo-charged cracking comes to long passwords
http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/ (http://arstechnica.com/security/2013/08/thereisnofatebutwhatwemake-turbo-charged-cracking-comes-to-long-passwords/)
Title: Re: Technical
Post by: Asyn on August 28, 2013, 10:25:00 AM
Linux Trojan “Hand of Thief” ungloved
http://blog.avast.com/2013/08/27/linux-trojan-hand-of-thief-ungloved/
Title: Re: Technical
Post by: Asyn on September 01, 2013, 09:01:33 AM
Looking inside the (Drop)box
https://www.usenix.org/system/files/conference/woot13/woot13-kholia.pdf
Title: Re: Technical
Post by: Asyn on September 04, 2013, 01:11:23 PM
The Best (and Worst) Browsers to Test With
http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/
Title: Re: Technical
Post by: bob3160 on September 04, 2013, 02:44:18 PM
The Best (and Worst) Browsers to Test With
http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/ (http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/)
Another obvious statistical magic trick. Numbers don't lie it's just how they're applied that
makes the outcome suspect.  ;)
Title: Re: Technical
Post by: DavidR on September 04, 2013, 03:17:31 PM
The Best (and Worst) Browsers to Test With
http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/ (http://sauceio.com/index.php/2013/08/the-surprising-worst-browser-the-reboot/)
Another obvious statistical magic trick. Numbers don't lie it's just how they're applied that
makes the outcome suspect.  ;)

As they say - Lies, damn lies & Statistics ;D
Title: Re: Technical
Post by: Asyn on September 05, 2013, 10:53:33 AM
Users Get Routed: Traffic Correlation on Tor by Realistic Adversaries
http://www.ohmygodel.com/publications/usersrouted-ccs13.pdf
Title: Re: Technical
Post by: Asyn on September 22, 2013, 04:18:20 PM
Stealthy Dopant-Level Hardware Trojans
http://people.umass.edu/gbecker/BeckerChes13.pdf
Title: Re: Technical
Post by: Asyn on September 25, 2013, 11:34:05 AM
Browser fuzzing: introducing bamboo.js
http://0xffe4.org/browser-fuzzing-bamboo/
Title: Re: Technical
Post by: Asyn on September 25, 2013, 06:23:31 PM
Win32/64:Napolar: New Trojan shines on the cyber crime-scene
http://blog.avast.com/2013/09/25/win3264napolar-new-trojan-shines-on-the-cyber-crime-scene/
Title: Re: Technical
Post by: Asyn on September 28, 2013, 05:56:05 PM
Analysis of the FBI Tor Malware
http://oweng.myweb.port.ac.uk/fbi-tor-malware-analysis/
Title: Re: Technical
Post by: Asyn on September 30, 2013, 12:24:39 PM
Masscan: the entire Internet in 3 minutes
http://blog.erratasec.com/2013/09/masscan-entire-internet-in-3-minutes.html#.UkPtz4agadg
Title: Re: Technical
Post by: Asyn on October 01, 2013, 01:54:39 PM
Grappling with the ZeroAccess Botnet
http://www.symantec.com/connect/blogs/grappling-zeroaccess-botnet
Title: Re: Technical
Post by: Asyn on October 03, 2013, 11:26:19 AM
Big bang theory of CVE-2012-4792
http://public.avast.com/~chytry/AVAST_vb2013.pdf
Title: Re: Technical
Post by: Asyn on October 05, 2013, 06:57:48 PM
NSA and GCHQ target Tor network that protects anonymity of web users
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption
Title: Re: Technical
Post by: bob3160 on October 06, 2013, 05:26:57 PM
NSA and GCHQ target Tor network that protects anonymity of web users
http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption (http://www.theguardian.com/world/2013/oct/04/nsa-gchq-attack-tor-network-encryption)
It was only a matter of time. Tor was working too well.  :'(
Title: Re: Technical
Post by: Asyn on October 07, 2013, 04:21:16 PM
Beware of poisoned apples
http://blog.avast.com/2013/10/07/beware-of-poisoned-apples/
Title: Re: Technical
Post by: bob3160 on October 07, 2013, 04:37:52 PM
Beware of poisoned apples
http://blog.avast.com/2013/10/07/beware-of-poisoned-apples/ (http://blog.avast.com/2013/10/07/beware-of-poisoned-apples/)
You're safe from this one if you eat apples like I do but don't use them. :)
Title: Re: Technical
Post by: mchain on October 08, 2013, 06:49:05 AM
Blackhole exploit kit author arrested:
http://blog.malwarebytes.org/whats-in-the-news/2013/10/blackhole-exploit-kit-author-reportedly-arrested-changes-already-noticeable/ (http://blog.malwarebytes.org/whats-in-the-news/2013/10/blackhole-exploit-kit-author-reportedly-arrested-changes-already-noticeable/)

Schneier on Security blog re NSA exploit details:
https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html (https://www.schneier.com/blog/archives/2013/10/how_the_nsa_att.html)

and finally:

PureVPN WAS Hacked, But is NOT Closing:
http://www.infosecurity-magazine.com/view/34909/purevpn-was-hacked-but-is-not-closing/ (http://www.infosecurity-magazine.com/view/34909/purevpn-was-hacked-but-is-not-closing/)
Title: Re: Technical
Post by: Asyn on October 10, 2013, 09:47:59 AM
Piercing Through WhatsApp’s Encryption
https://blog.thijsalkema.de/blog/2013/10/08/piercing-through-whatsapp-s-encryption/
https://blog.thijsalkema.de/blog/2013/10/08/piercing-through-whatsapps-encryption-2/
Title: Re: Technical
Post by: Asyn on October 11, 2013, 02:05:46 PM
Ad Vulna: A Vulnaggressive (Vulnerable & Aggressive) Adware Threatening Millions
http://www.fireeye.com/blog/technical/2013/10/ad-vulna-a-vulnaggressive-vulnerable-aggressive-adware-threatening-millions.html
Title: Re: Technical
Post by: Asyn on October 12, 2013, 06:52:44 PM
Anatomy of an exploit - inside the CVE-2013-3893 Internet Explorer zero-day (Part 1)
http://nakedsecurity.sophos.com/2013/10/11/anatomy-of-an-exploit-ie-zero-day-part-1/
Title: Re: Technical
Post by: Asyn on October 15, 2013, 12:19:35 PM
Steam UAC bypass via code execution
http://codeinsecurity.wordpress.com/2013/10/11/steam-uac-bypass-via-code-execution/
http://codeinsecurity.wordpress.com/2013/10/11/steam-code-execution-privilege-escalation-to-system/
Title: Re: Technical
Post by: Asyn on October 17, 2013, 09:41:46 AM
Vulnerabilities Discovered in Global Vessel Tracking Systems
http://blog.trendmicro.com/trendlabs-security-intelligence/vulnerabilities-discovered-in-global-vessel-tracking-systems/
Title: Re: Technical
Post by: Asyn on October 19, 2013, 10:28:51 AM
Win32/KanKan – Chinese drama
http://www.welivesecurity.com/2013/10/11/win32kankan-chinese-drama/
Title: Re: Technical
Post by: Asyn on October 20, 2013, 09:57:54 AM
Destructive malware "CryptoLocker" on the loose - here's what to do
http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/
Title: Re: Technical
Post by: bob3160 on October 20, 2013, 04:41:39 PM
Destructive malware "CryptoLocker" on the loose - here's what to do
http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/ (http://nakedsecurity.sophos.com/2013/10/12/destructive-malware-cryptolocker-on-the-loose/)
There isn't anything you can do once you've been infected.
You need to be prepared before the infection happens through regular image backups.
After infection, without the Key or a restore point, you're screwed..... 


How is this being detected by avast! ???
Title: Re: Technical
Post by: Asyn on October 21, 2013, 12:40:10 PM
There isn't anything you can do once you've been infected.
You need to be prepared before the infection happens through regular image backups.
After infection, without the Key or a restore point, you're screwed..... 

Yes, you're right Bob, it's really bad malware. :(
Title: Re: Technical
Post by: Lisandro on October 22, 2013, 02:03:59 AM
Does avast detect *all* these nasties? It's a job for full restore...
Title: Re: Technical
Post by: mchain on October 22, 2013, 06:15:42 AM
There isn't anything you can do once you've been infected.
You need to be prepared before the infection happens through regular image backups.
After infection, without the Key or a restore point, you're screwed..... 

Yes, you're right Bob, it's really bad malware. :(
At least one version disables/encrypts .tib files used by Acronis backup software.  Russian roulette, is what it is.
Title: Re: Technical
Post by: Asyn on October 22, 2013, 11:58:51 AM
Win32:Reveton-XY [Trj] saves hundreds of computers worldwide and cybercriminals know it!!!
http://blog.avast.com/2013/10/22/win32reveton-xy-trj-saves-hundreds-of-computers-worldwide-and-cybercriminals-know-it/
Title: Re: Technical
Post by: bob3160 on October 22, 2013, 01:51:36 PM
Win32:Reveton-XY [Trj] saves hundreds of computers worldwide and cybercriminals know it!!!
http://blog.avast.com/2013/10/22/win32reveton-xy-trj-saves-hundreds-of-computers-worldwide-and-cybercriminals-know-it/ (http://blog.avast.com/2013/10/22/win32reveton-xy-trj-saves-hundreds-of-computers-worldwide-and-cybercriminals-know-it/)
There is a big difference between Reveton and CryptoLocker.
Reveton is relatively simple to prevent and/or recover from.
CryptoLocker without a good Image backup, means the end of all your files.
Title: Re: Technical
Post by: Asyn on October 22, 2013, 02:05:26 PM
There is a big difference between Reveton and CryptoLocker.
Reveton is relatively simple to prevent and/or recover from.
CryptoLocker without a good Image backup, means the end of all your files.

Yes Bob. That's just a new post in the topic, not related to anything posted before. ;)
Title: Re: Technical
Post by: Pondus on October 23, 2013, 01:10:20 AM
Why you don't need a firewall
http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153

Title: Re: Technical
Post by: bob3160 on October 23, 2013, 01:17:58 AM
Why you don't need a firewall
http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153 (http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153)
You are free to follow his advice.
I'll continue to use a firewall. :)
Title: Re: Technical
Post by: DavidR on October 23, 2013, 01:21:46 AM
Excuse me if i don't rush to uninstall my firewall ;)
Title: Re: Technical
Post by: Pondus on October 23, 2013, 01:36:43 AM
Quote
You are free to follow his advice
thanks....just wanted to check first.   ;)

however i use win firewall, and router firewall

Title: Re: Technical
Post by: Asyn on October 23, 2013, 07:56:34 AM
Why you don't need a firewall
http://www.infoworld.com/d/security/why-you-dont-need-firewall-193153

1. I don't agree with Roger.
2. The article is from May 2012... ;)
Title: Re: Technical
Post by: Asyn on October 23, 2013, 12:13:08 PM
GOTCHA Password Hackers!
http://arxiv.org/abs/1310.1137
http://arxiv.org/pdf/1310.1137v1
Title: Re: Technical
Post by: Asyn on October 25, 2013, 10:47:32 AM
Google flagged PHP.net as suspicious website
http://blog.avast.com/2013/10/25/google-flagged-php-net-as-suspicious-website/
Title: Re: Technical
Post by: Asyn on October 27, 2013, 08:45:27 AM
Analysis of a Malware ROP Chain
http://blog.opensecurityresearch.com/2013/10/analysis-of-malware-rop-chain.html
Title: Re: Technical
Post by: Asyn on October 28, 2013, 09:01:31 AM
Facebook Clickjacking: Will You Like Me?
http://blog.avast.com/2013/10/28/facebook-clickjacking-will-you-like-me/
Title: Re: Technical
Post by: Asyn on October 29, 2013, 10:24:08 AM
How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
Title: Re: Technical
Post by: Lisandro on October 29, 2013, 01:43:58 PM
How I compiled TrueCrypt 7.1a for Win32 and matched the official binaries
https://madiba.encs.concordia.ca/~x_decarn/truecrypt-binaries-analysis/
Shortly: "Now we know version v7.1a is not backdoored", i.e., you can trust on TrueCrypt encryption.
Sadly, it's becoming incompatible with newer Windows versions. It could work, indeed with Windows 8 and 8.1, but the boot time will be affected.
Title: Re: Technical
Post by: Asyn on October 31, 2013, 10:25:18 AM
Microsoft Security Intelligence Report (SIR) #15
http://www.microsoft.com/security/sir/default.aspx
Title: Re: Technical
Post by: Asyn on November 03, 2013, 12:13:07 PM
BadBIOS
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
http://blog.erratasec.com/2013/10/badbios-features-explained.html
http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/
http://nakedsecurity.sophos.com/2013/11/01/the-badbios-virus-that-jumps-airgaps-and-takes-over-your-firmware-whats-the-story/
Title: Re: Technical
Post by: Asyn on November 09, 2013, 07:11:24 AM
Google Bots Doing SQL Injection Attacks
http://blog.sucuri.net/2013/11/google-bots-doing-sql-injection-attacks.html
Title: Re: Technical
Post by: Asyn on November 11, 2013, 09:51:15 AM
BadBIOS
http://arstechnica.com/security/2013/10/meet-badbios-the-mysterious-mac-and-pc-malware-that-jumps-airgaps/
http://blog.erratasec.com/2013/10/badbios-features-explained.html
http://www.rootwyrm.com/2013/11/the-badbios-analysis-is-wrong/
http://nakedsecurity.sophos.com/2013/11/01/the-badbios-virus-that-jumps-airgaps-and-takes-over-your-firmware-whats-the-story/

https://plus.google.com/103470457057356043365/posts/Sm2nkvemuUX
http://www.greebo.net/2013/11/06/stop-just-stop/
Title: Re: Technical
Post by: Asyn on November 13, 2013, 07:14:29 AM
Top 3 types of hacks against small websites
http://blog.avast.com/2013/11/12/top-3-types-of-hacks-against-small-websites/
Title: Re: Technical
Post by: Asyn on November 15, 2013, 08:21:05 AM
Malvertising and OpenX servers
http://blog.avast.com/2013/11/14/malvertising-and-openx-servers/
Title: Re: Technical
Post by: Asyn on November 17, 2013, 06:29:05 AM
Microsoft unveils state-of-the-art Cybercrime Center
http://www.microsoft.com/en-us/news/press/2013/nov13/11-14cybercrimecenterpr.aspx
http://www.microsoft.com/en-us/news/stories/cybercrime/index.html
Title: Re: Technical
Post by: DavidR on November 17, 2013, 12:57:28 PM
Microsoft unveils state-of-the-art Cybercrime Center
http://www.microsoft.com/en-us/news/press/2013/nov13/11-14cybercrimecenterpr.aspx
http://www.microsoft.com/en-us/news/stories/cybercrime/index.html

They really should be concentrating on making their OSes and browsers less vulnerable to cybercriminals :P
Title: Re: Technical
Post by: Asyn on December 16, 2013, 03:53:11 PM
Microsoft DCU — Strike Three. Now What?
https://blog.damballa.com/archives/2221
Title: Re: Technical
Post by: Asyn on December 17, 2013, 12:19:04 PM
Botnet Enlists Firefox Users to Hack Web Sites
http://krebsonsecurity.com/2013/12/botnet-enlists-firefox-users-to-hack-web-sites/
https://addons.mozilla.org/en-US/firefox/blocked/i508
Title: Re: Technical
Post by: Asyn on December 18, 2013, 10:45:36 AM
Browser Ransomware tricks revealed
http://blog.avast.com/2013/12/11/browser-ransomware-tricks-revealed/
Title: Re: Technical
Post by: Asyn on December 20, 2013, 09:19:40 AM
Be a real security pro - Keep your private keys private
http://blogs.technet.com/b/mmpc/archive/2013/12/15/be-a-real-security-pro-keep-your-private-keys-private.aspx
Title: Re: Technical
Post by: Asyn on December 21, 2013, 08:21:07 AM
Microsoft DCU — Strike Three. Now What?
https://blog.damballa.com/archives/2221

ZeroAccess criminals wave white flag: The impact of partnerships on cybercrime
http://blogs.technet.com/b/microsoft_blog/archive/2013/12/19/zeroaccess-criminals-wave-white-flag-the-impact-of-partnerships-on-cybercrime.aspx
Title: Re: Technical
Post by: Asyn on December 21, 2013, 06:20:41 PM
Exclusive: Secret contract tied NSA and security industry pioneer
http://www.reuters.com/article/2013/12/21/us-usa-security-rsa-idUSBRE9BJ1C220131221
Title: Re: Technical
Post by: Asyn on December 23, 2013, 12:11:54 PM
Exclusive: Secret contract tied NSA and security industry pioneer
http://www.reuters.com/article/2013/12/21/us-usa-security-rsa-idUSBRE9BJ1C220131221

RSA Response to Media Claims Regarding NSA Relationship
https://blogs.rsa.com/news-media-2/rsa-response/
Title: Re: Technical
Post by: Asyn on December 26, 2013, 08:44:23 AM
How to disable webcam light on Windows
http://blog.erratasec.com/2013/12/how-to-disable-webcam-light-on-windows.html
Title: Re: Technical
Post by: Asyn on December 27, 2013, 12:48:10 PM
Practical malleability attack against CBC-Encrypted LUKS partitions
http://www.jakoblell.com/blog/2013/12/22/practical-malleability-attack-against-cbc-encrypted-luks-partitions/
Title: Re: Technical
Post by: Asyn on January 09, 2014, 07:37:05 AM
Comparison of Adware in Windows and OS X: Linkular and Genieo
http://blog.avast.com/2014/01/09/comparison-of-adware-in-windows-and-os-x-linkular-and-genieo/
Title: Re: Technical
Post by: Asyn on January 10, 2014, 10:19:35 AM
WordPress Plugins Exploitation Through the Big Data Prism
https://blogs.akamai.com/2014/01/wordpress-plugins-exploitation-through-the-big-data-prism.html
Title: Re: Technical
Post by: Asyn on January 12, 2014, 07:59:34 AM
Metasploit Now Supports Malware Analysis via VirusTotal
https://community.rapid7.com/community/metasploit/blog/2014/01/10/metasploit-now-supports-malware-analysis-via-virustotal
Title: Re: Technical
Post by: Asyn on January 13, 2014, 08:15:17 AM
A Cat and Mouse Game Between Exploits and Antivirus
https://community.rapid7.com/community/metasploit/blog/2014/01/05/a-cat-and-mouse-game-between-exploits-and-antivirus
Title: Re: Technical
Post by: Asyn on January 16, 2014, 08:01:12 AM
Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 1
http://blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/
Title: Re: Technical
Post by: essexboy on January 16, 2014, 03:02:38 PM
Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 1
http://blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/
We have had several of these .. SVCHOST malware in the virus forum
Title: Re: Technical
Post by: Asyn on January 18, 2014, 05:16:03 PM
Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 1
http://blog.avast.com/2014/01/15/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-1/
We have had several of these .. SVCHOST malware in the virus forum

Good that the guys at the VL are at it and great that you provide additional info.
Let's see what new insights Part 2 brings...
Title: Re: Technical
Post by: Asyn on January 18, 2014, 06:33:41 PM
Oldboot: the first bootkit on Android
http://blogs.360.cn/360mobile/2014/01/17/oldboot-the-first-bootkit-on-android/
Title: Re: Technical
Post by: Asyn on January 19, 2014, 11:52:41 AM
Personal banking apps leak info through phone
http://blog.ioactive.com/2014/01/personal-banking-apps-leak-info-through.html
Title: Re: Technical
Post by: Asyn on January 19, 2014, 04:49:21 PM
ATMs Face Deadline to Upgrade From Windows XP
http://www.businessweek.com/articles/2014-01-16/atms-face-deadline-to-upgrade-from-windows-xp
Title: Re: Technical
Post by: Asyn on January 20, 2014, 10:57:35 AM
TrueCrypt Master Key Extraction And Volume Identification
http://volatility-labs.blogspot.de/2014/01/truecrypt-master-key-extraction-and.html
Title: Re: Technical
Post by: bob3160 on January 22, 2014, 02:37:33 PM

Win32/64:Blackbeard & Pigeon: Stealthiness techniques in 64-bit Windows, Part 2
https://blog.avast.com/2014/01/22/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-2/ (https://blog.avast.com/2014/01/22/win3264blackbeard-pigeon-stealthiness-techniques-in-64-bit-windows-part-2/)

Title: Re: Technical
Post by: Asyn on January 24, 2014, 01:03:41 PM
Spoiled Onions: Exposing Malicious Tor Exit Relays
http://www.cs.kau.se/philwint/spoiled_onions/techreport.pdf
Title: Re: Technical
Post by: Asyn on January 26, 2014, 11:23:08 AM
XXE in OpenID: one bug to rule them all, or how I found a Remote Code Execution flaw affecting Facebook's servers
http://www.ubercomp.com/posts/2014-01-16_facebook_remote_code_execution
Title: Re: Technical
Post by: Asyn on January 27, 2014, 09:51:23 AM
blackarchlinux
http://www.blackarch.org/

BlackArch Linux is an Arch-based GNU/Linux distribution for pentesters and security researchers.
Title: Re: Technical
Post by: Asyn on January 27, 2014, 04:29:03 PM
Malformed FileZilla FTP client with login stealer
http://blog.avast.com/2014/01/27/malformed-filezilla-ftp-client-with-login-stealer/
Title: Re: Technical
Post by: Asyn on January 28, 2014, 11:03:14 AM
Show off your security skills: announcing Pwnium 4 targeting Chrome OS
http://blog.chromium.org/2014/01/show-off-your-security-skills.html
Title: Re: Technical
Post by: Asyn on January 30, 2014, 07:38:15 AM
Angry Birds and 'leaky' phone apps targeted by NSA and GCHQ for user data
http://www.theguardian.com/world/2014/jan/27/nsa-gchq-smartphone-app-angry-birds-personal-data?CMP=fb_us
Title: Re: Technical
Post by: Asyn on January 31, 2014, 12:26:48 PM
Avatar - A free and open-source operating system for the Internet with privacy built-in
http://sneakpeek.avatar.ai/
http://sneakpeek.avatar.ai/technology.html
Title: Re: Technical
Post by: Asyn on February 01, 2014, 05:38:46 PM
RSA Uncovers New POS Malware Operation Stealing Payment Card & Personal Information
https://blogs.rsa.com/rsa-uncovers-new-pos-malware-operation-stealing-payment-card-personal-information/
Title: Re: Technical
Post by: Asyn on February 09, 2014, 09:07:02 AM
Research buzz: Undercover technology
http://blog.avast.com/2014/02/07/research-buzz-undercover-technology/
Title: Re: Technical
Post by: Asyn on February 09, 2014, 04:06:07 PM
Snowden Used Low-Cost Tool to Best N.S.A.
http://www.nytimes.com/2014/02/09/us/snowden-used-low-cost-tool-to-best-nsa.html
Title: Re: Technical
Post by: Asyn on February 11, 2014, 10:44:46 AM
Kaspersky Lab Uncovers “The Mask”: One of the Most Advanced Global Cyber-espionage Operations to Date Due to the Complexity of the Toolset Used by the Attackers
http://www.kaspersky.com/about/news/virus/2014/Kaspersky-Lab-Uncovers-The-Mask-One-of-the-Most-Advanced-Global-Cyber-espionage-Operations-to-Date-Due-to-the-Complexity-of-the-Toolset-Used-by-the-Attackers
http://www.securelist.com/en/downloads/vlpdfs/unveilingthemask_v1.0.pdf
Title: Re: Technical
Post by: Asyn on February 14, 2014, 11:34:51 AM
Operation SnowMan: DeputyDog Actor Compromises US Veterans of Foreign Wars Website
http://www.fireeye.com/blog/uncategorized/2014/02/operation-snowman-deputydog-actor-compromises-us-veterans-of-foreign-wars-website.html
Title: Re: Technical
Post by: Asyn on February 15, 2014, 05:50:59 PM
Hackers circulate thousands of FTP credentials, New York Times among those hit
http://www.pcworld.com/article/2098020/hackers-circulate-thousands-of-ftp-credentials-new-york-times-among-those-hit.html
Title: Re: Technical
Post by: Asyn on February 17, 2014, 12:48:19 PM
Fake Korean bank applications for Android – PT 1
http://blog.avast.com/2014/02/17/fake-korean-bank-applications-for-android-pt-1/
Title: Re: Technical
Post by: Asyn on February 20, 2014, 06:40:54 AM
Dear Asus router user: You’ve been pwned, thanks to easily exploited flaw
http://arstechnica.com/security/2014/02/dear-asus-router-user-youve-been-pwned-thanks-to-easily-exploited-flaw/
Title: Re: Technical
Post by: Asyn on February 21, 2014, 01:28:46 PM
Fake SSL certificates deployed across the internet
http://news.netcraft.com/archives/2014/02/12/fake-ssl-certificates-deployed-across-the-internet.html
Title: Re: Technical
Post by: Asyn on February 22, 2014, 07:51:44 AM
Bitcrypt broken
http://blog.cassidiancybersecurity.com/post/2014/02/Bitcrypt-broken
Title: Re: Technical
Post by: Asyn on February 23, 2014, 01:06:07 PM
German Telekom Bug Bounty – 3x Remote Vulnerabilities
http://www.vulnerability-db.com/dev/index.php/2014/02/06/german-telekom-bug-bounty-3x-remote-vulnerabilities/
Title: Re: Technical
Post by: Asyn on February 24, 2014, 12:28:15 PM
Price and Feature Comparison of Web Application Scanners
http://www.sectoolmarket.com/price-and-feature-comparison-of-web-application-scanners-unified-list.html
Title: Re: Technical
Post by: Asyn on February 26, 2014, 07:10:09 AM
New iOS flaw makes devices susceptible to covert keylogging, researchers say
http://arstechnica.com/security/2014/02/new-ios-flaw-makes-devices-susceptible-to-covert-keylogging-researchers-say/
http://www.fireeye.com/blog/technical/2014/02/background-monitoring-on-non-jailbroken-ios-7-devices-and-a-mitigation.html
Title: Re: Technical
Post by: AdrianH on February 26, 2014, 02:46:49 PM
http://www.bbc.co.uk/news/technology-26352439

'Contagious' wi-fi virus created by Liverpool researchers
Title: Re: Technical
Post by: Asyn on February 27, 2014, 08:23:40 AM
The Wild Wild Web: YouTube ads serving malware
http://labs.bromium.com/2014/02/21/the-wild-wild-web-youtube-ads-serving-malware/
Title: Re: Technical
Post by: Asyn on February 28, 2014, 06:03:22 AM
The OpenID Foundation Launches the OpenID Connect Standard
http://openid.net/2014/02/26/the-openid-foundation-launches-the-openid-connect-standard/
http://openid.net/connect/faq/
Title: Re: Technical
Post by: Asyn on March 01, 2014, 07:39:27 AM
Detection and analysis of the Chameleon WiFi access point virus
http://jis.eurasipjournals.com/content/2013/1/2#
http://jis.eurasipjournals.com/content/pdf/1687-417X-2013-2.pdf
Title: Re: Technical
Post by: Asyn on March 01, 2014, 05:26:33 PM
testssl.sh: Testing TLS/SSL encryption
http://testssl.sh/
http://testssl.sh/CHANGELOG.txt
Title: Re: Technical
Post by: Asyn on March 01, 2014, 07:32:11 PM
Bypassing EMET 4.1
http://labs.bromium.com/2014/02/24/bypassing-emet-4-1/
http://bromiumlabs.files.wordpress.com/2014/02/bypassing-emet-4-1.pdf
Title: Re: Technical
Post by: Asyn on March 02, 2014, 07:45:21 AM
Secunia Vulnerability Review 2014
http://secunia.com/vulnerability-review/
Title: Re: Technical
Post by: Asyn on March 03, 2014, 08:16:07 AM
Dissecting the newest IE10 0-day exploit (CVE-2014-0322)
http://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/
Title: Re: Technical
Post by: Asyn on March 03, 2014, 03:06:04 PM
Uroburos - highly complex espionage software with Russian roots
http://blog.gdatasoftware.com/blog/article/uroburos-highly-complex-espionage-software-with-russian-roots.html
https://www.gdata.de/rdk/dl-en-rp-Uroburos [PDF]
Title: Re: Technical
Post by: bob3160 on March 03, 2014, 07:27:53 PM
Fake Korean bank applications for Android – part 2 (https://blog.avast.com/2014/03/03/fake-korean-bank-applications-for-android-part-2/)
Title: Re: Technical
Post by: Asyn on March 04, 2014, 08:02:59 AM
VMDE (Virtual Machines Detection Enhanced)
http://www.heise.de/security/downloads/07/1/1/8/3/5/5/9/vmde.pdf
Title: Re: Technical
Post by: Asyn on March 05, 2014, 07:02:30 AM
Triple Handshakes Considered Harmful
Breaking and Fixing Authentication over TLS
https://secure-resumption.com/
https://secure-resumption.com/tlsauth.pdf
Title: Re: Technical
Post by: mchain on March 05, 2014, 09:22:48 PM
Android 64-bit ARM computing is coming:
http://www.networkworld.com/news/2014/030314-linux-group-could-hasten-64-bit-279350.html (http://www.networkworld.com/news/2014/030314-linux-group-could-hasten-64-bit-279350.html)
Title: Re: Technical
Post by: mchain on March 05, 2014, 11:00:22 PM
Open Source Cloud Operating System 'OpenStack'
https://www.openstack.org/ (https://www.openstack.org/)
Title: Re: Technical
Post by: Asyn on March 09, 2014, 08:59:59 AM
Yahoo's Pet Show of Horrors: Leaking a User's Emails Crossdomain
http://blog.saynotolinux.com/2014/03/01/yahoos-pet-show-of-horrors-abusing-a-crossdomain-proxy-to-leak-a-users-email/
Title: Re: Technical
Post by: Asyn on March 11, 2014, 11:46:44 AM
You Won't Be Needing These Any More: On Removing Unused Certi cates From Trust Stores
https://www2.dcsec.uni-hannover.de/files/fc14_unused_cas.pdf
Title: Re: Technical
Post by: mchain on March 12, 2014, 08:20:43 PM
Physicist Proposes New Type of Computing Without Transistors
http://gigaom.com/2014/03/10/physicist-proposes-a-new-type-of-computing-at-sxsw-check-out-orbital-computing/ (http://gigaom.com/2014/03/10/physicist-proposes-a-new-type-of-computing-at-sxsw-check-out-orbital-computing/)
Title: Re: Technical
Post by: Asyn on March 15, 2014, 04:58:17 PM
More Than 162,000 WordPress Sites Used for Distributed Denial of Service Attack
http://blog.sucuri.net/2014/03/more-than-162000-wordpress-sites-used-for-distributed-denial-of-service-attack.html
Title: Re: Technical
Post by: bob3160 on March 18, 2014, 12:50:42 PM
Fake Korean bank applications for Android – Pt 3 (https://blog.avast.com/2014/03/18/fake-korean-bank-applications-for-android-pt-3/)
(http://www.screencast-o-matic.com/screenshots/u/Lh/1395143424136-78667.png)
Title: Re: Technical
Post by: Asyn on March 19, 2014, 08:11:21 AM
OPERATION WINDIGO: Malware Used To Attack Over 500,000 Computers Daily After 25,000 UNIX Servers Hijacked By Backdoor Trojan
http://blog.eset.ie/2014/03/18/operation-windigo-malware-used-to-attack-over-500000-computers-daily-after-25000-unix-servers-hijacked-by-backdoor-trojan/
http://www.welivesecurity.com/wp-content/uploads/2014/03/operation_windigo.pdf
Title: Re: Technical
Post by: Asyn on March 20, 2014, 04:08:58 PM
Threat Advisory: PHP-CGI At Your Command
http://blog.imperva.com/2014/03/threat-advisory-php-cgi-at-your-command.html
Title: Re: Technical
Post by: mchain on March 21, 2014, 06:59:18 AM
Meet Cyclosa, the Gang Behind 2013's Biggest Data Thefts
http://www.symantec.com/connect/blogs/meet-cyclosa-gang-behind-2013s-biggest-data-thefts (http://www.symantec.com/connect/blogs/meet-cyclosa-gang-behind-2013s-biggest-data-thefts)
Hacker identity known/confirmed and history to present day.
Title: Re: Technical
Post by: Asyn on March 22, 2014, 08:48:41 AM
Researchers' Google Glass Spyware Sees What You See
http://www.forbes.com/sites/andygreenberg/2014/03/18/researchers-google-glass-spyware-sees-what-you-see/
Title: Re: Technical
Post by: Asyn on March 24, 2014, 09:17:21 AM
Framing Signals — A Return to Portable Shellcode
http://www.cs.vu.nl/~herbertb/papers/srop_sp14.pdf
Title: Re: Technical
Post by: Asyn on March 26, 2014, 08:09:52 AM
WordPress hosting: Do not try this at home!
http://news.netcraft.com/archives/2014/03/24/wordpress-hosting-do-not-try-this-at-home.html
Title: Re: Technical
Post by: Asyn on March 27, 2014, 07:40:02 AM
Pretty women. Which one will infect you?
http://blog.avast.com/2014/03/27/pretty-women-which-one-will-infect-you/
Title: Re: Technical
Post by: bob3160 on March 27, 2014, 01:32:33 PM
Pretty women. Which one will infect you?
http://blog.avast.com/2014/03/27/pretty-women-which-one-will-infect-you/ (http://blog.avast.com/2014/03/27/pretty-women-which-one-will-infect-you/)
I got infected by a pretty woman 54 years ago and still haven't been able to get rid of the infection. :)
Title: Re: Technical
Post by: Secondmineboy on March 27, 2014, 01:35:13 PM
LOL ;D
Title: Re: Technical
Post by: mchain on March 28, 2014, 04:56:03 PM
Founders aim to accelerate IoT interoperability
http://www.eetimes.com/document.asp?doc_id=1321667& (http://www.eetimes.com/document.asp?doc_id=1321667&)
Title: Re: Technical
Post by: Asyn on March 29, 2014, 06:03:27 PM
Why Your Twitter Account May Be More Valuable Than Your Credit Card
http://forums.juniper.net/t5/Security-Mobility-Now/Why-Your-Twitter-Account-May-Be-More-Valuable-Than-Your-Credit/ba-p/234270
Title: Re: Technical
Post by: Asyn on March 30, 2014, 09:33:34 AM
New Vulnerabilities in Firefox for Android: Overtaking Firefox Profiles
http://securityintelligence.com/vulnerabilities-firefox-android-overtaking-firefox-profiles/
Title: Re: Technical
Post by: Asyn on March 31, 2014, 10:13:31 AM
We may have witnessed a NSA "Shotgiant" TAO-like action
http://blog.erratasec.com/2014/03/we-may-have-witnessed-nsa-shotgiant-tao.html
http://www.nytimes.com/2014/03/23/world/asia/nsa-breached-chinese-servers-seen-as-spy-peril.html
Title: Re: Technical
Post by: Asyn on April 01, 2014, 06:30:51 AM
The Gray-zone of malware detection in Android OS
http://blog.avast.com/2014/03/31/the-gray-zone-of-malware-detection-in-android-os/
Title: Re: Technical
Post by: Asyn on April 02, 2014, 07:57:23 AM
Email with subject “FW:Bank docs” leads to information theft
http://blog.avast.com/2014/04/01/email-with-subject-fwbank-docs-leads-to-information-theft/
Title: Re: Technical
Post by: mchain on April 03, 2014, 07:37:48 PM
U.S. regulators warn banks about rise in cyber-attacks
http://in.reuters.com/article/2014/04/02/banks-fraud-idINDEEA310GT20140402 (http://in.reuters.com/article/2014/04/02/banks-fraud-idINDEEA310GT20140402)
Title: Re: Technical
Post by: mchain on April 03, 2014, 07:40:13 PM
NSA sniffing prompts Yahoo encrypt to traffic between its data centers
Users must, however, manually flip the switch for some sites like Yahoo News and Yahoo Sports
http://www.computerworld.com/s/article/9247410/NSA_sniffing_prompts_Yahoo_encrypt_to_traffic_between_its_data_centers (http://www.computerworld.com/s/article/9247410/NSA_sniffing_prompts_Yahoo_encrypt_to_traffic_between_its_data_centers)
Title: Re: Technical
Post by: Asyn on April 05, 2014, 08:06:03 AM
Oldboot.B: the hiding tricks used by bootkit on Android
http://blogs.360.cn/360mobile/2014/04/02/analysis_of_oldboot_b_en/
Title: Re: Technical
Post by: Asyn on April 06, 2014, 09:06:47 AM
WinRar File extension spoofing
http://an7isec.blogspot.co.il/2014/03/winrar-file-extension-spoofing-0day.html
Title: Re: Technical
Post by: Asyn on April 07, 2014, 05:00:22 PM
One of World’s Largest Websites Hacked: Turns Visitors into “DDoS Zombies”
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html
Title: Re: Technical
Post by: bob3160 on April 07, 2014, 05:02:39 PM
One of World’s Largest Websites Hacked: Turns Visitors into “DDoS Zombies”
http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html (http://www.incapsula.com/blog/world-largest-site-xss-ddos-zombies.html)
I guess we'll need to wait till they fix the sites problem before we find out if we're a Zombie.  :'(
Title: Re: Technical
Post by: Asyn on April 07, 2014, 05:11:44 PM
I guess we'll need to wait till they fix the sites problem before we find out if we're a Zombie.  :'(

What do you mean Bob, can't you reach the site..?
Title: Re: Technical
Post by: bob3160 on April 07, 2014, 08:21:36 PM
I guess we'll need to wait till they fix the sites problem before we find out if we're a Zombie.  :'(

What do you mean Bob, can't you reach the site..?
The article states that they can't name the site that was attacked. (Didn't you read the article ??? )  :)
Title: Re: Technical
Post by: Asyn on April 07, 2014, 09:02:22 PM
The article states that they can't name the site that was attacked. (Didn't you read the article ??? )  :)

I read it, else I wouldn't have posted it. A misunderstanding, thought you couldn't reach the article. :)
Title: Re: Technical
Post by: AdrianH on April 09, 2014, 12:45:38 PM
http://www.iol.co.za/scitech/technology/news/eu-scraps-data-collection-law-1.1673317

EU scraps data collection law

 April 9 2014 at 10:18am
 By SAPA

Quote
Luxembourg - Europe's top court on Tuesday struck down an EU law forcing telecoms operators to store private phone and email data for up to two years, judging it too invasive, despite its usefulness in combating terrorism...............
Title: Re: Technical
Post by: Asyn on April 12, 2014, 09:02:12 AM
Technical Analysis of CVE-2014-1761 RTF Vulnerability
http://h30499.www3.hp.com/t5/HP-Security-Research-Blog/Technical-Analysis-of-CVE-2014-1761-RTF-Vulnerability/ba-p/6440048
Title: Re: Technical
Post by: Asyn on April 12, 2014, 10:01:41 PM
Cuckoo Sandbox 1.1
http://cuckoosandbox.org/2014-04-07-cuckoo-sandbox-11.html
Title: Re: Technical
Post by: Asyn on April 13, 2014, 11:51:38 AM
How we got read access on Google’s production servers
http://blog.detectify.com/post/82370846588/how-we-got-read-access-on-googles-production-servers
Title: Re: Technical
Post by: Asyn on April 16, 2014, 08:48:31 AM
iSEC Completes TrueCrypt Audit
https://isecpartners.github.io/news/2014/04/14/iSEC-Completes-Truecrypt-Audit.html
https://opencryptoaudit.org/reports [PDF]
Title: Re: Technical
Post by: Lisandro on April 18, 2014, 03:53:42 AM
iSEC Completes TrueCrypt Audit
https://isecpartners.github.io/news/2014/04/14/iSEC-Completes-Truecrypt-Audit.html
https://opencryptoaudit.org/reports [PDF]
Worth reading... It's a pity that the code "stop" being developed after Windows 7...
Title: Re: Technical
Post by: Asyn on April 18, 2014, 08:04:15 AM
TOR Bleed
http://www.mulliner.org/blog/blosxom.cgi/security/torbleed.html
https://lists.torproject.org/pipermail/tor-relays/2014-April/004336.html
Title: Re: Technical
Post by: Asyn on April 19, 2014, 08:11:16 AM
Exploiting CSRF under NoScript Conditions
https://community.rapid7.com/community/metasploit/blog/2014/04/15/exploiting-csrf-without-javascript
Title: Re: Technical
Post by: Asyn on April 19, 2014, 08:18:19 PM
Cracking Cloudflare's heartbleed challenge
https://blog.indutny.com/9.heartbleed
Title: Re: Technical
Post by: Asyn on April 20, 2014, 08:07:48 AM
A Boring Article About a Check of the OpenSSL Project
http://www.viva64.com/en/b/0250/
Title: Re: Technical
Post by: bob3160 on April 20, 2014, 03:29:26 PM
A Boring Article About a Check of the OpenSSL Project
http://www.viva64.com/en/b/0250/ (http://www.viva64.com/en/b/0250/)
Polonus might find it interesting.... :)
Title: Re: Technical
Post by: Asyn on April 21, 2014, 08:04:33 AM
Crossdomain.xml Proof of Concept Tool
http://thehackerblog.com/crossdomain-xml-proof-of-concept-tool/
Title: Re: Technical
Post by: donnaF on April 23, 2014, 11:10:37 PM
Today I purchased Avast Internet Security for my computers. One PC is 14 years old and operates on XP. I needed a cheap solution to the problem of no more security updates for the OS. So I purchased the standard protection 3-pc's for a year and upgraded the one that is for my XP pc. Everything went smoothly for the old XP pc. But when I went to install it on my laptop (Windows 7) Microsoft could not open the license file --- strange I thought --- so I called Avast tech support --- the tech remotely checked out my computer and discovered all these crazy files, errors and just plain CRAP on my computer --- she says "No problem, we have Microsoft experts here that will fix it for a charge." --- WELL they wanted $179.00 for a YEAR or $119.00 for the quick-fix!! HOLY CRAP!!! Not exactly the kind of fix I had in mind LOL -- so I went and searched for a registry & malware cleaner --- FREE --- ran it (ccCleaner) 2X --- went to my 30-day trial installation on my desktop opened it --- went to the license file in my downloads --- right clicked and chose to open in the Avast program --- VIOLA!!! DONE!!! :-D
Title: Re: Technical
Post by: essexboy on April 23, 2014, 11:18:59 PM
Never trust 3rd party vendors they appear to do minimal work and then find lots of non-existent problems.  If you need help ask here it is better and free :)
Title: Re: Technical
Post by: Pondus on April 23, 2014, 11:22:23 PM
@donnaF    something for you   ;)

avast FAQ section  http://www.avast.com/en-eu/faq.php

how to do stuff, videos  http://www.avast.com/en-eu/faq.php?q=video#searchForm

Title: Re: Technical
Post by: donnaF on April 25, 2014, 12:33:09 AM
Thanks Pondus, but I was all over that yesterday.  :o LOL  I actually sorted it out on my own and so it is up and running fine. Saved myself some $$ too! --- and that's always a good thing!

:-D onna
Title: Re: Technical
Post by: donnaF on April 25, 2014, 12:41:56 AM
essexboy thanks for the tip! But the help was AVAST CC tech support not another vendor --- if I understand your statement and there's always the chance that I don't LOL

:-D onna
Title: Re: Technical
Post by: bob3160 on April 25, 2014, 12:47:48 AM
essexboy thanks for the tip! But the help was AVAST CC tech support not another vendor --- if I understand your statement and there's always the chance that I don't LOL

:-D onna
Hopefully not the following:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1398379600789-29158.png)
That's a third party support #.  :'(
Title: Re: Technical
Post by: Asyn on April 25, 2014, 08:21:48 AM
Amazon Web Services, Cisco, Dell, Facebook, Fujitsu, Google, IBM, Intel, Microsoft, NetApp, Rackspace, VMware and The Linux Foundation Form New Initiative to Support Critical Open Source Projects
http://www.linuxfoundation.org/news-media/announcements/2014/04/amazon-web-services-cisco-dell-facebook-fujitsu-google-ibm-intel
Title: Re: Technical
Post by: Asyn on April 27, 2014, 08:16:27 AM
Akamais "State of the Internet"-Report Q4 2013
http://www.akamai.com/dl/akamai/akamai-soti-q413.pdf?WT.mc_id=soti_Q413 [PDF]
Title: Re: Technical
Post by: Asyn on April 27, 2014, 12:01:10 PM
New Zero-Day Exploit targeting Internet Explorer Versions 9 through 11 Identified in Targeted Attacks
http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html
Title: Re: Technical
Post by: Asyn on April 28, 2014, 09:06:54 AM
Exciting Updates to Certificate Verification in Gecko
https://blog.mozilla.org/security/2014/04/24/exciting-updates-to-certificate-verification-in-gecko/
Title: Re: Technical
Post by: Asyn on May 02, 2014, 07:33:46 AM
Tails 1.0 is out
https://tails.boum.org/news/version_1.0/index.en.html
Title: Re: Technical
Post by: Asyn on May 03, 2014, 07:40:47 AM
Using Facebook Notes to DDoS any website
http://chr13.com/2014/04/20/using-facebook-notes-to-ddos-any-website/
Title: Re: Technical
Post by: Asyn on May 04, 2014, 06:34:09 AM
Skype and Data Exfiltration
http://www.sans.org/reading-room/whitepapers/covert/skype-data-exfiltration-34560 [PDF]
Title: Re: Technical
Post by: Asyn on May 08, 2014, 07:20:53 AM
Using Frankencerts for Automated Adversarial Testing of Certificate Validation in SSL/TLS Implementations
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf
Title: Re: Technical
Post by: Asyn on May 09, 2014, 10:16:11 AM
Hacking the Samsung NX300 'Smart' Camera
http://op-co.de/blog/posts/hacking_the_nx300/
Title: Re: Technical
Post by: Asyn on May 11, 2014, 08:43:08 AM
An empirical study of passive 802.11 Device Fingerprinting
http://arxiv.org/abs/1404.6457
http://arxiv.org/pdf/1404.6457v1 [PDF]
Title: Re: Technical
Post by: Asyn on May 12, 2014, 07:40:22 AM
SHA-2: Very cryptographic. So secure. Such growth. Wow.
http://news.netcraft.com/archives/2014/05/05/sha-2-very-cryptographic-so-secure-such-growth-wow.html
Title: Re: Technical
Post by: Asyn on May 13, 2014, 05:56:48 AM
Browser Ransomware Attacks are Massive in Scale
http://blog.avast.com/2014/05/12/browser-ransomware/
Title: Re: Technical
Post by: Asyn on May 17, 2014, 04:30:17 PM
SHA-256 certificates are coming
https://www.imperialviolet.org/2014/05/14/sha256.html
Title: Re: Technical
Post by: Asyn on May 18, 2014, 08:08:33 AM
Introducing Mozilla Winter of Security 2014
https://blog.mozilla.org/security/2014/05/15/introducing-mozilla-winter-of-security-2014/
https://wiki.mozilla.org/Security/Automation/WinterOfSecurity2014
Title: Re: Technical
Post by: Asyn on May 19, 2014, 06:08:01 AM
What Did Microsoft Just Break with KB2871997 and KB2928120
http://www.pwnag3.com/2014/05/what-did-microsoft-just-break-with.html
Title: Re: Technical
Post by: mchain on May 20, 2014, 04:37:50 AM
FBI:  International Blackshades Malware Takedown  http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/international-blackshades-malware-takedown (http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/international-blackshades-malware-takedown)

Second link to manually see if you are infected:  http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/could-your-computer-be-infected-by-blackshades (http://www.fbi.gov/news/stories/2014/may/international-blackshades-malware-takedown/could-your-computer-be-infected-by-blackshades)

For step one, a faster way to search is to use a wildcard expression, e.g., *.bss, in the Search field.
Title: Re: Technical
Post by: Asyn on May 20, 2014, 07:08:49 AM
IT threat evolution Q1 2014
http://www.securelist.com/en/analysis/204792332/IT_threat_evolution_Q1_2014
Title: Re: Technical
Post by: Asyn on May 22, 2014, 07:59:25 AM
iBanking: Exploiting the Full Potential of Android Malware
http://www.symantec.com/connect/blogs/ibanking-exploiting-full-potential-android-malware
Title: Re: Technical
Post by: mchain on May 22, 2014, 10:26:38 AM
KrebsonSecurity blog:  Blackshades’ Trojan Users Had It Coming  http://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/ (http://krebsonsecurity.com/2014/05/blackshades-trojan-users-had-it-coming/)

Images of posts made by caught users at the end of the blog.
Title: Re: Technical
Post by: Asyn on May 24, 2014, 08:19:22 AM
Advanced Exploitation of Mozilla Firefox Use-After-Free Vulnerability (Pwn2Own 2014)
http://www.vupen.com/blog/20140520.Advanced_Exploitation_Firefox_UaF_Pwn2Own_2014.php
Title: Re: Technical
Post by: Asyn on June 14, 2014, 10:14:52 PM
Microsoft helps FBI in GameOver Zeus botnet cleanup
http://blogs.technet.com/b/microsoft_blog/archive/2014/06/02/microsoft-helps-fbi-in-gameover-zeus-botnet-cleanup.aspx
http://www.crowdstrike.com/blog/gameover/index.html
Title: Re: Technical
Post by: Asyn on June 16, 2014, 08:37:52 AM
One Token to Rule Them All - The Tale of the Leaked Gmail Addresses
http://www.orenh.com/2014/06/one-token-to-rule-them-all-tale-of.html
Title: Re: Technical
Post by: Asyn on June 16, 2014, 02:16:57 PM
Black marketed Windows banking & POS Trojan Minerva turns in-the-wild
http://blog.avast.com/2014/06/04/black-marketed-windows-banking-pos-trojan-minerva-turns-in-the-wild/
Title: Re: Technical
Post by: Asyn on June 20, 2014, 09:33:03 AM
A Measurement Study of Google Play
http://www.cs.columbia.edu/~nieh/pubs/sigmetrics2014_playdrone.pdf
Title: Re: Technical
Post by: Asyn on June 22, 2014, 11:56:19 AM
Mobile Threat Report (F-Secure) Q1 2014
http://www.f-secure.com/static/doc/labs_global/Research/Mobile_Threat_Report_Q1_2014.pdf
Title: Re: Technical
Post by: Asyn on June 25, 2014, 09:42:24 AM
HackingTeam 2.0: The Story Goes Mobile
https://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile
Title: Re: Technical
Post by: Asyn on June 28, 2014, 08:09:10 AM
2014: The Year Extortion Went Mainstream
http://krebsonsecurity.com/2014/06/2014-the-year-extortion-went-mainstream/
Title: Re: Technical
Post by: Asyn on June 29, 2014, 10:47:47 AM
Havex Hunts for ICS/SCADA Systems
http://www.f-secure.com/weblog/archives/00002718.html
Title: Re: Technical
Post by: Asyn on June 29, 2014, 12:10:59 PM
Raising Lazarus - The 20 Year Old Bug that Went to Mars
http://blog.securitymouse.com/2014/06/raising-lazarus-20-year-old-bug-that.html
http://blog.securitymouse.com/2014/06/understanding-lz4-memory-corruption.html
http://www.openwall.com/lists/oss-security/2014/06/26/31
Title: Re: Technical
Post by: Asyn on June 30, 2014, 03:59:14 PM
HackingTeam 2.0: The Story Goes Mobile
https://www.securelist.com/en/blog/8231/HackingTeam_2_0_The_Story_Goes_Mobile
Police Story: Hacking Team’s Government Surveillance Malware
https://citizenlab.org/2014/06/backdoor-hacking-teams-tradecraft-android-implant/
Title: Re: Technical
Post by: Asyn on July 01, 2014, 03:36:03 PM
Dragonfly: Western Energy Companies Under Sabotage Threat
http://www.symantec.com/connect/blogs/dragonfly-western-energy-companies-under-sabotage-threat
Title: Re: Technical
Post by: mchain on July 02, 2014, 07:56:23 PM
IBM: Commercial Nanotube Transistors Are Coming Soon
http://www.technologyreview.com/news/528601/ibm-commercial-nanotube-transistors-are-coming-soon/ (http://www.technologyreview.com/news/528601/ibm-commercial-nanotube-transistors-are-coming-soon/)
Title: Re: Technical
Post by: Asyn on July 05, 2014, 08:07:30 AM
Snake In The Grass: Python-based Malware Used For Targeted Attacks
https://www.bluecoat.com/security-blog/2014-06-10/snake-grass-python-based-malware-used-targeted-attacks
Title: Re: Technical
Post by: Asyn on July 05, 2014, 06:50:38 PM
RSA Uncovers Boleto Fraud Ring in Brazil
https://blogs.rsa.com/rsa-uncovers-boleto-fraud-ring-brazil/
http://www.emc.com/collateral/white-papers/h13282-report-rsa-discovers-boleto-fraud-ring.pdf
Title: Re: Technical
Post by: Asyn on July 06, 2014, 08:59:05 AM
Bypassing Windows 8.1 Mitigations using Unsafe COM Objects
http://contextis.co.uk/blog/windows-mitigaton-bypass/
Title: Re: Technical
Post by: Asyn on July 07, 2014, 08:01:20 AM
Reading the XKeyScore-rules source
http://blog.erratasec.com/2014/07/reading-xkeyscore-rules-source.html

PS: Jamming XKeyScore: http://blog.erratasec.com/2014/07/jamming-xkeyscore_4.html ;)
Title: Re: Technical
Post by: Asyn on July 10, 2014, 06:48:40 AM
Android Forensics, Part 1: How we recovered (supposedly) erased data
http://blog.avast.com/2014/07/09/android-foreniscs-pt-2-how-we-recovered-erased-data/
Title: Re: Technical
Post by: Asyn on July 10, 2014, 03:27:48 PM
Taking Down the Lecpetex Botnet
https://www.facebook.com/notes/protect-the-graph/taking-down-the-lecpetex-botnet/1477464749160338
Title: Re: Technical
Post by: Asyn on July 12, 2014, 05:18:04 PM
Androguard
Reverse engineering, Malware and goodware analysis of Android applications
https://code.google.com/p/androguard/
Title: Re: Technical
Post by: Asyn on July 13, 2014, 08:32:19 AM
Versatile DDoS Trojan for Linux
https://securelist.com/analysis/publications/64361/versatile-ddos-trojan-for-linux/
Title: Re: Technical
Post by: Asyn on July 14, 2014, 08:28:43 AM
The Ultra-Simple App That Lets Anyone Encrypt Anything
http://www.wired.com/2014/07/minilock-simple-encryption
Title: Re: Technical
Post by: Asyn on July 16, 2014, 09:13:46 AM
Meet ‘Project Zero,’ Google’s Secret Team of Bug-Hunting Hackers
http://www.wired.com/2014/07/google-project-zero/
http://googleprojectzero.blogspot.com/2014/07/announcing-project-zero.html
Title: Re: Technical
Post by: Asyn on July 18, 2014, 07:18:37 AM
Tinybanker Trojan targets banking customers
http://blog.avast.com/2014/07/17/tinybanker-trojan-targets-banking-customers/
Title: Re: Technical
Post by: Asyn on July 20, 2014, 08:33:50 AM
Viper 1.0
Viper is a binary management and analysis framework dedicated to malware and exploit researchers.
http://viper.li/
http://viper-framework.readthedocs.org/en/latest/
Title: Re: Technical
Post by: Asyn on July 21, 2014, 10:56:56 AM
AFD.SYS Dangling Pointer Vulnerability
http://www.siberas.de/papers/Pwn2Own_2014_AFD.sys_privilege_escalation.pdf
Title: Re: Technical
Post by: Asyn on July 22, 2014, 09:10:57 AM
Blind Return Oriented Programming (BROP)
http://www.scs.stanford.edu/brop/
http://www.scs.stanford.edu/brop/bittau-brop.pdf
Title: Re: Technical
Post by: Asyn on July 23, 2014, 07:31:41 AM
The Web never forgets: Persistent tracking mechanisms in the wild
https://securehomes.esat.kuleuven.be/~gacar/persistent/index.html
https://securehomes.esat.kuleuven.be/~gacar/persistent/the_web_never_forgets.pdf
Title: Re: Technical
Post by: mchain on July 25, 2014, 08:00:46 AM
Microsoft explains quantum computing in a way we can all understand
http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated (http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated)
STATION Q  Where Microsoft does the work of qubit theory and computer science development:
http://www.microsoft.com/en-us/news/stories/stationq/index.html (http://www.microsoft.com/en-us/news/stories/stationq/index.html)
Watch the video embedded here to understand what is being done and what the potentials are:  It is a bit of a read.
Title: Re: Technical
Post by: DavidR on July 25, 2014, 12:11:03 PM
Microsoft explains quantum computing in a way we can all understand
http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated (http://www.engadget.com/2014/07/24/microsoft-explains-quantum-computing-in-a-way-we-can-all-underst/?ncid=rss_truncated)
STATION Q  Where Microsoft does the work of qubit theory and computer science development:
http://www.microsoft.com/en-us/news/stories/stationq/index.html (http://www.microsoft.com/en-us/news/stories/stationq/index.html)
Watch the video embedded here to understand what is being done and what the potentials are:  It is a bit of a read.

Wouldn't it be great if MS got on with what it should be doing, sorting their OS mess out. And explaining that in a language we can all understand ;D
Title: Re: Technical
Post by: Asyn on July 26, 2014, 08:06:09 AM
Wouldn't it be great if MS got on with what it should be doing, sorting their OS mess out. And explaining that in a language we can all understand ;D
Maybe minimum requirement for W9/10 is a quantum computer. ;D
Title: Re: Technical
Post by: Asyn on July 27, 2014, 07:30:52 AM
pwn4fun Spring 2014 - Safari - Part I
http://googleprojectzero.blogspot.com/2014/07/pwn4fun-spring-2014-safari-part-i_24.html
Title: Re: Technical
Post by: Asyn on July 28, 2014, 03:12:28 PM
Silver Bullets and Fairy Tails
http://blog.exodusintel.com/2014/07/23/silverbullets_and_fairytails/
https://tails.boum.org/security/Security_hole_in_I2P_0.9.13/index.en.html
Title: Re: Technical
Post by: Asyn on July 29, 2014, 12:22:45 PM
Hackers Plundered Israeli Defense Firms that Built ‘Iron Dome’ Missile Defense System
https://krebsonsecurity.com/2014/07/hackers-plundered-israeli-defense-firms-that-built-iron-dome-missile-defense-system/
Title: Re: Technical
Post by: mchain on August 01, 2014, 08:20:14 AM
Malvertisements on DeviantART lead to Optimum Installer
http://stopmalvertising.com/malvertisements/malvertisements-on-deviantart-lead-to-optimum-installer.html (http://stopmalvertising.com/malvertisements/malvertisements-on-deviantart-lead-to-optimum-installer.html)
Project Zero
http://googleprojectzero.blogspot.com/ (http://googleprojectzero.blogspot.com/)
Title: Re: Technical
Post by: Asyn on August 02, 2014, 07:18:40 AM
Announcing EMET 5.0
http://blogs.technet.com/b/srd/archive/2014/07/31/announcing-emet-v5.aspx
http://www.microsoft.com/en-us/download/details.aspx?id=43714
Title: Re: Technical
Post by: Asyn on August 03, 2014, 10:50:17 AM
Poweliks: the persistent malware without a file
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
Title: Re: Technical
Post by: essexboy on August 03, 2014, 11:54:27 AM
Poweliks: the persistent malware without a file
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html
There is a registry entry with this that has the malware script crafted into it
Quote
HKEY_USERS\S-1-5-21-1264667008-2504301194-1484543345-4784_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\ ----> invisible invalid characters
 LocalServer32 subkey has an additional subkey locked by invalid characters, which prevent a whole CLSID key deletion:

We have had one here
Title: Re: Technical
Post by: bob3160 on August 03, 2014, 12:12:44 PM
Poweliks: the persistent malware without a file
https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html (https://blog.gdatasoftware.com/blog/article/poweliks-the-persistent-malware-without-a-file.html)
There is a registry entry with this that has the malware script crafted into it
Quote
HKEY_USERS\S-1-5-21-1264667008-2504301194-1484543345-4784_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32\ ----> invisible invalid characters
 LocalServer32 subkey has an additional subkey locked by invalid characters, which prevent a whole CLSID key deletion:

We have had one here
Detection by avast! ???

Title: Re: Technical
Post by: essexboy on August 03, 2014, 12:16:56 PM
No apart from blocking it from calling home.  I believe the latest TDSSKiller can locate and fix the registry entry 
Title: Re: Technical
Post by: Asyn on August 05, 2014, 11:15:53 AM
No apart from blocking it from calling home.  I believe the latest TDSSKiller can locate and fix the registry entry
Seems we've detection now (thanks Pondus): https://forum.avast.com/index.php?msg=1112992
Title: Re: Technical
Post by: Asyn on August 07, 2014, 12:56:25 PM
WordPress and Drupal Denial Of Service Vulnerability Full Disclosure - Break Security
http://www.breaksec.com/?p=6362
Title: Re: Technical
Post by: Asyn on August 09, 2014, 06:36:04 AM
How to bypass Zeus Trojan’s self protection mechanism
http://int0xcc.svbtle.com/how-to-bypass-zeus-trojans-self-protection-mechanism
Title: Re: Technical
Post by: Asyn on August 09, 2014, 04:56:28 PM
BadUSB - On accessories that turn evil
https://srlabs.de/blog/wp-content/uploads/2014/07/SRLabs-BadUSB-BlackHat-v1.pdf
Title: Re: Technical
Post by: Asyn on August 10, 2014, 08:53:34 AM
Sysmon v1.0
System Monitor (Sysmon) is a Windows system service and device driver that, once installed on a system, remains resident across system reboots to monitor and log system activity to the Windows event log.
http://technet.microsoft.com/sysinternals/dn798348
http://download.sysinternals.com/files/Sysmon.zip
Title: Re: Technical
Post by: Asyn on August 11, 2014, 09:03:06 AM
Malicious SHA-1
http://malicioussha1.github.io/
Title: Re: Technical
Post by: Asyn on August 14, 2014, 07:46:01 AM
Multiple Vulnerabilities in Disqus WordPress Plugin
http://www.nikcub.com/posts/multiple-vulnerabilities-in-disqus-wordpress-plugin/
Title: Re: Technical
Post by: Asyn on August 14, 2014, 02:21:11 PM
Torbundlebrowser.org
The website is an almost perfect copy of the original website, except for the download link, and also the donation one, replaced by a bitcoin address.
http://dustri.org/b/torbundlebrowserorg.html
Title: Re: Technical
Post by: Para-Noid on August 14, 2014, 02:48:52 PM
Torbundlebrowser.org
The website is an almost perfect copy of the original website, except for the download link, and also the donation one, replaced by a bitcoin address.
http://dustri.org/b/torbundlebrowserorg.html

This might be a little OT but I had to look really close to see the difference...but it's there.
Subtle but it's there.
Title: Re: Technical
Post by: Asyn on August 15, 2014, 10:51:29 AM
This might be a little OT but I had to look really close to see the difference...but it's there.
Subtle but it's there.
Well, that's the trick. If you wouldn't have known before, you (probably) might have missed it.
Title: Re: Technical
Post by: Asyn on August 16, 2014, 09:07:45 AM
NSA/GCHQ: The HACIENDA Program for Internet Colonization
http://www.heise.de/ct/artikel/NSA-GCHQ-The-HACIENDA-Program-for-Internet-Colonization-2292681.html
Title: Re: Technical
Post by: Asyn on August 16, 2014, 10:08:45 PM
Black Hat 2014 on YT
https://www.youtube.com/user/BlackHatOfficialYT/feed
Title: Re: Technical
Post by: Asyn on August 17, 2014, 10:11:07 AM
What's the matter with PGP?
http://blog.cryptographyengineering.com/2014/08/whats-matter-with-pgp.html
Title: Re: Technical
Post by: Asyn on August 18, 2014, 08:10:26 AM
Schrodinger’s Cat Video and the Death of Clear-Text
https://citizenlab.org/2014/08/cat-video-and-the-death-of-clear-text/
Title: Re: Technical
Post by: Asyn on August 19, 2014, 08:01:02 AM
Get Your Hands Off My Laptop: Physical Side-Channel Key-Extraction Attacks On PCs
http://www.tau.ac.il/~tromer/handsoff/
http://www.cs.tau.ac.il/%7Etromer/papers/handsoff-20140731.pdf
Title: Re: Technical
Post by: Pondus on August 19, 2014, 06:09:08 PM
Microsoft urges customers to uninstall 'Blue Screen of Death' update
http://www.computerworld.com/s/article/9250446/Microsoft_urges_customers_to_uninstall_Blue_Screen_of_Death_update

Uninstall ‘Blue Screen of Death’ error Update: Microsoft to Customers
http://www.wallstreetotc.com/uninstall-blue-screen-of-death-error-update-microsoft-to-customers/27475/

http://www.dslreports.com/forum/r29467120-Microsoft-recommends-removing-update-2982791

Title: Re: Technical
Post by: Asyn on August 20, 2014, 06:24:12 AM
Reveton ransomware has dangerously evolved
http://blog.avast.com/2014/08/19/reveton-ransomware-has-dangerously-evolved/
Title: Re: Technical
Post by: Asyn on August 22, 2014, 06:45:14 AM
iSEC Partners Conducts Tor Browser Hardening Study
https://blog.torproject.org/blog/isec-partners-conducts-tor-browser-hardening-study
https://github.com/iSECPartners/publications/tree/master/reports/Tor%20Browser%20Bundle
Title: Re: Technical
Post by: Asyn on August 23, 2014, 05:05:14 PM
Announcing CERT Tapioca for MITM Analysis
http://www.cert.org/blogs/certcc/post.cfm?EntryID=203
Title: Re: Technical
Post by: Asyn on August 24, 2014, 10:44:14 AM
Lorem Ipsum: Of Good & Evil, Google & China
https://krebsonsecurity.com/2014/08/lorem-ipsum-of-good-evil-google-china/
Title: Re: Technical
Post by: Asyn on August 25, 2014, 06:34:44 AM
2014 Business Password Analysis
https://gsr.trustwave.com/topics/business-password-analysis/2014-business-password-analysis/
Title: Re: Technical
Post by: Asyn on August 26, 2014, 07:46:56 AM
OpenPhish - Free Phishing Feed
http://www.openphish.com/
Title: Re: Technical
Post by: Asyn on August 28, 2014, 07:24:38 AM
Self-propagating ransomware written in Windows batch hits Russian-speaking countries
http://blog.avast.com/2014/08/27/self-propagating-ransomware-written-in-windows-batch-hits-russian-speaking-countries/
Title: Re: Technical
Post by: Asyn on August 29, 2014, 08:55:37 AM
Microsoft urges customers to uninstall 'Blue Screen of Death' update
http://www.computerworld.com/s/article/9250446/Microsoft_urges_customers_to_uninstall_Blue_Screen_of_Death_update

Uninstall ‘Blue Screen of Death’ error Update: Microsoft to Customers
http://www.wallstreetotc.com/uninstall-blue-screen-of-death-error-update-microsoft-to-customers/27475/

http://www.dslreports.com/forum/r29467120-Microsoft-recommends-removing-update-2982791
-> https://technet.microsoft.com/en-us/library/security/ms14-045.aspx

To address known issues with security update 2982791, Microsoft rereleased MS14-045 to replace the 2982791 update with the 2993651 update for all supported releases of Microsoft Windows. Microsoft expired update 2982791 on August 15, 2014. All customers should apply the 2993651 update, which replaces the expired 2982791 update. Microsoft strongly recommends that customers who have not uninstalled the 2982791 update do so prior to applying the 2993651 update.
Title: Re: Technical
Post by: polonus on August 29, 2014, 12:40:42 PM
Unofficial Service Pack 4 for Windows Experiece (XP): http://www.ryanvm.net/forum/viewtopic.php?t=10321
Better mitigate away from XP altogether, but something for those that cannot upgrade their old machines for some reason or other.

polonus
Title: Re: Technical
Post by: bob3160 on August 29, 2014, 02:15:11 PM
Unofficial Service Pack 4 for Windows Experiece (XP): http://www.ryanvm.net/forum/viewtopic.php?t=10321 (http://www.ryanvm.net/forum/viewtopic.php?t=10321)
Better mitigate away from XP altogether, but something for those that cannot upgrade their old machines for some reason or other.

polonus
You're not reading your forum. :)
https://forum.avast.com/index.php?topic=19387.msg1120012#msg1120012 (https://forum.avast.com/index.php?topic=19387.msg1120012#msg1120012)
Title: Re: Technical
Post by: Asyn on August 30, 2014, 09:26:25 AM
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/
Title: Re: Technical
Post by: bob3160 on August 30, 2014, 04:46:31 PM
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/ (http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/)
Nice but how will this directly help the average computer user ???
Title: Re: Technical
Post by: Asyn on August 30, 2014, 05:06:24 PM
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/ (http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/)
Nice but how will this directly help the average computer user ???
Bob, this thread (basically) isn't conceived for average users. ;)
Anyway, see the section under "Advice" in the linked article.
Title: Re: Technical
Post by: bob3160 on August 30, 2014, 05:33:03 PM
Malvertising: Not all Java from java.com is legitimate
http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/ (http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/)
Nice but how will this directly help the average computer user<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
Bob, this thread (basically) isn't conceived for average users.<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
Anyway, see the section under "Advice" in the linked article.
Precisely why I asked this question. :)

Advice:
There is no silver bullet to protect yourself from malvertising.
Title: Re: Technical
Post by: Asyn on August 30, 2014, 05:39:49 PM
Advice:
There is no silver bullet to protect yourself from malvertising.
You forgot to quote the rest..!! ;)

At a minimum:
- Enable click-to-play in your browser. This prevents 3rd party plugins from executing automatically.
- Keep all plugins running in the browser up-to-date using tools like Secunia PSI.
- Consider turning off unneeded plugins if you don’t use them. For example, Java can be installed without the web-plugin component lowering the risk of exploitation and infection.
Title: Re: Technical
Post by: Asyn on August 31, 2014, 09:45:28 AM
Announcing Scumblr and Sketchy - Search, Screenshot, and Reclaim the Internet
http://techblog.netflix.com/2014/08/announcing-scumblr-and-sketchy-search.html
Title: Re: Technical
Post by: Asyn on September 01, 2014, 09:31:13 AM
The poisoned NUL byte, 2014 edition
http://googleprojectzero.blogspot.com/2014/08/the-poisoned-nul-byte-2014-edition.html
Title: Re: Technical
Post by: bob3160 on September 05, 2014, 02:09:40 PM
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone.  :'(
Title: Re: Technical
Post by: Lisandro on September 05, 2014, 03:19:55 PM
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone.  :'(
Well, at least Android is more secure in this field :) Hello iPhone users!
Better is not taking these pictures in any phone: http://blog.avast.com/2014/07/08/tens-of-thousands-of-americans-sell-themselves-online-every-day/
Title: Re: Technical
Post by: bob3160 on September 05, 2014, 04:12:03 PM
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone. <$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" />
Well, at least Android is more secure in this field<$1alt="" title="" onresizestart="return false;" id="smiley__$2" style="padding: 0 3px 0 3px;" /> Hello iPhone users!
Better is not taking these pictures in any phone: http://blog.avast.com/2014/07/08/tens-of-thousands-of-americans-sell-themselves-online-every-day/ (http://blog.avast.com/2014/07/08/tens-of-thousands-of-americans-sell-themselves-online-every-day/)
You are correct Lisandro. Some of these poses would have been much more exciting to watch in person. :)
Maybe some day people will realize that anything posted on the net is or, will eventually become everyone's business.
Title: Re: Technical
Post by: CraigB on September 05, 2014, 04:34:50 PM
Well, at least Android is more secure in this field :) Hello iPhone users!
How would android protect you better when it was a cloud service that was infiltrated "not a phone" plus icloud itself wasn't attacked or corrupted in any way as it was illegally gained passwords that was the issue.

Most celebrities passwords can be worked out just by the amount of information given on Wikipedia... mother - father - favourite pet etc etc.
Title: Re: Technical
Post by: DavidR on September 05, 2014, 05:05:00 PM
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone.  :'(

For me it doesn't matter what OS/phone you use, stick it on the cloud and you risk it being hacked into. If you wouldn't want anyone to see/steal/hack it, then don't upload it in the first place.
Title: Re: Technical
Post by: Asyn on September 21, 2014, 11:07:57 AM
Tiny Banker Trojan targets customers of major banks worldwide
http://blog.avast.com/2014/09/15/tiny-banker-trojan-targets-customers-of-major-banks-worldwide/
Title: Re: Technical
Post by: REDACTED on September 21, 2014, 12:54:05 PM
The Police Tool That Pervs Use to Steal Nude Pics From Apple’s iCloud (http://www.wired.com/2014/09/eppb-icloud/)
Right now, those affected wish they had decided to use an Android Phone.  :'(

For me it doesn't matter what OS/phone you use, stick it on the cloud and you risk it being hacked into. If you wouldn't want anyone to see/steal/hack it, then don't upload it in the first place.
100% true. Or if you plan to use one don't upload sensitive data ;)
Title: Re: Technical
Post by: Asyn on September 22, 2014, 10:32:33 AM
Evading anti-virus's script emulator
http://blog.tempest.com.br/breno-cunha/evading-anti-viruss-script-emulator.html
Title: Re: Technical
Post by: Asyn on September 24, 2014, 11:08:19 AM
Phasing Out Certificates with SHA-1 based Signature Algorithms
https://blog.mozilla.org/security/2014/09/23/phasing-out-certificates-with-sha-1-based-signature-algorithms/
Title: Re: Technical
Post by: Asyn on September 26, 2014, 07:06:27 AM
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/

Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
Title: Re: Technical
Post by: polonus on September 26, 2014, 12:15:13 PM
First blacklist for Tor domains launched by Kleissner & Associates: http://dev.virustracker.info/lists/tor%20blacklist.txt
Infested macines will no longer communicate with C&C servers.
The Vienna Security Expert, Peter Kleissner, is also the man behind this service: http://www.kleissner.org/virustracker.html

polonus
Title: Re: Technical
Post by: Asyn on September 27, 2014, 06:05:25 AM
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/

Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
Bashbug (shellshock): What is it? How to Remediate?
http://www.rapid7.com/resources/bashbug.jsp
Title: Re: Technical
Post by: Asyn on September 27, 2014, 09:54:22 AM
A Decoy Computer Was Set Up Online. See Which Countries Attacked It the Most
http://www.bloomberg.com/news/2014-09-23/a-decoy-computer-was-set-up-online-see-which-countries-attacked-it-the-most.html
Title: Re: Technical
Post by: bob3160 on September 27, 2014, 02:44:41 PM
A Decoy Computer Was Set Up Online. See Which Countries Attacked It the Most
http://www.bloomberg.com/news/2014-09-23/a-decoy-computer-was-set-up-online-see-which-countries-attacked-it-the-most.html
People that live in glass houses (I'm in that glass house), shouldn't throw stones.......
Title: Re: Technical
Post by: Asyn on September 27, 2014, 05:16:46 PM
People that live in glass houses (I'm in that glass house), shouldn't throw stones.......
Well Bob, as it really isn't your fault, I'd say feel free to throw one... ;D
Title: Re: Technical
Post by: Asyn on September 28, 2014, 06:39:01 AM
A look into LastPass
http://www.martinvigo.com/a-look-into-lastpass/
Title: Re: Technical
Post by: Asyn on September 29, 2014, 07:09:16 AM
FinFisher Malware Dropper Analysis
https://www.codeandsec.com/FinFisher-Malware-Dropper-Analysis
Title: Re: Technical
Post by: Asyn on September 30, 2014, 08:39:58 AM
Malicious iOS Apps
A comparison before and after iOS 8 was released
http://www.andreas-kurtz.de/2014/09/malicious-apps-ios8.html
Title: Re: Technical
Post by: Asyn on October 01, 2014, 07:03:15 AM
FBI to Open Up Malware Investigator Portal to External Researchers
https://threatpost.com/fbi-to-open-up-malware-investigator-portal-to-external-researchers/108590
http://malwareinvestigator.gov/
Title: Re: Technical
Post by: Asyn on October 02, 2014, 07:05:43 AM
LibreSSL: More Than 30 Days Later
http://www.openbsd.org/papers/eurobsdcon2014-libressl.html
Title: Re: Technical
Post by: Asyn on October 03, 2014, 07:36:40 PM
More Mac OS X and iPhone sandbox escapes and kernel bugs
http://googleprojectzero.blogspot.com/2014/10/more-mac-os-x-and-iphone-sandbox.html
Title: Re: Technical
Post by: Asyn on October 04, 2014, 08:02:00 AM
ComputerCOP: The Dubious 'Internet Safety Software' That Hundreds of Police Agencies Have Distributed to Families
https://www.eff.org/deeplinks/2014/09/computercop-dangerous-internet-safety-software-hundreds-police-agencies
Title: Re: Technical
Post by: Asyn on October 05, 2014, 10:53:20 AM
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/

Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
Bashbug (shellshock): What is it? How to Remediate?
http://www.rapid7.com/resources/bashbug.jsp
[FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
http://article.gmane.org/gmane.comp.security.fulldisclosure/1038
Title: Re: Technical
Post by: Asyn on October 06, 2014, 06:53:13 AM
WPScan Vulnerability Database
https://wpvulndb.com/
Title: Re: Technical
Post by: Asyn on October 07, 2014, 07:06:45 AM
The Mac.BackDoor.iWorm threat in detail
http://news.drweb.com/show/?i=5977&c=5&lng=en&p=0

iWorm method of infection found!
http://www.thesafemac.com/iworm-method-of-infection-found/
Title: Re: Technical
Post by: Asyn on October 08, 2014, 06:43:46 AM
Adobe is Spying on Users, Collecting Data on Their eBook Libraries
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/
http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/
Title: Re: Technical
Post by: Para-Noid on October 08, 2014, 03:13:35 PM
No news there. It's a given that software vendors track users habits.
Privacy no longer exists on the world wide web and hasn't for quite some time.
Title: Re: Technical
Post by: Asyn on October 10, 2014, 03:53:36 PM
DREBIN: Effective and Explainable Detection of Android Malware in Your Pocket
http://user.informatik.uni-goettingen.de/~krieck/docs/2014-ndss.pdf
Title: Re: Technical
Post by: Asyn on October 11, 2014, 09:38:21 AM
Why can't Apple decrypt your iPhone?
http://blog.cryptographyengineering.com/2014/10/why-cant-apple-decrypt-your-iphone.html

A (not so) quick primer on iOS encryption
http://www.darthnull.org/2014/10/06/ios-encryption
Title: Re: Technical
Post by: Asyn on October 12, 2014, 06:37:18 AM
New Class of Vulnerability in Perl Web Applications
http://blog.gerv.net/2014/10/new-class-of-vulnerability-in-perl-web-applications/
Title: Re: Technical
Post by: Asyn on October 13, 2014, 06:16:33 AM
What is the Bash bug, and how do I prevent my systems from being Shellshocked?
http://blog.avast.com/2014/09/26/what-is-the-bash-bug-and-how-do-i-prevent-my-systems-from-being-shellshocked/

Bash 'shellshock' bug is wormable
http://blog.erratasec.com/2014/09/bash-shellshock-bug-is-wormable.html
Bashbug (shellshock): What is it? How to Remediate?
http://www.rapid7.com/resources/bashbug.jsp
[FD] the other bash RCEs (CVE-2014-6277 and CVE-2014-6278)
http://article.gmane.org/gmane.comp.security.fulldisclosure/1038
Shellshock
http://www.dwheeler.com/essays/shellshock.html
Title: Re: Technical
Post by: Asyn on October 15, 2014, 07:44:51 AM
iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign
http://www.isightpartners.com/2014/10/cve-2014-4114/
Title: Re: Technical
Post by: mchain on October 15, 2014, 11:05:05 AM
iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian cyber-espionage campaign
http://www.isightpartners.com/2014/10/cve-2014-4114/
Listed as Security Update for Windows (OS version) (KB3000869).  If you have this successfully installed, then Microsoft has covered it.

If you don't have it, or have had problems getting it to install properly, a link to the fix and file is here:  https://technet.microsoft.com/library/security/ms14-060 (https://technet.microsoft.com/library/security/ms14-060)  Click the blue url link under Affected Systems for your exact operating system version and you will be taken to a page where you can download the security fix directly.  Double-click (with admin permissions) that file to run it and reboot after the fix completes.  Exploit has been used for targeted attacks per Asyn's link, but home users should install this update if they have not done so already.
Title: Re: Technical
Post by: Asyn on October 15, 2014, 01:40:27 PM
This POODLE Bites: Exploiting The SSL 3.0 Fallback
https://www.openssl.org/~bodo/ssl-poodle.pdf
Title: Re: Technical
Post by: Asyn on October 16, 2014, 07:32:42 AM
This POODLE Bites: Exploiting The SSL 3.0 Fallback
https://www.openssl.org/~bodo/ssl-poodle.pdf
-> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
-> https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
-> https://technet.microsoft.com/library/security/3009008.aspx
Title: Re: Technical
Post by: bob3160 on October 16, 2014, 03:31:38 PM
This POODLE Bites: Exploiting The SSL 3.0 Fallback
https://www.openssl.org/~bodo/ssl-poodle.pdf (https://www.openssl.org/~bodo/ssl-poodle.pdf)
-> http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html (http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html)
-> https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ (https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/)
-> https://technet.microsoft.com/library/security/3009008.aspx (https://technet.microsoft.com/library/security/3009008.aspx)
For IE, disable SSL3 in the browser settings under Advanced and scroll down to Security. Save your settings.
Firefox plans to implement changes by version 4 and Chrome may already have made changes with their latest updates.
(Especially if you're using the Developers or beta build of Chrome)
It's important to note that the Websites also need to implement changes on their end for this all to work.
Disabling SSL3 may result in some websites not opening or not opening properly.
If that happens, you need to decide if security is more important than the need to see the website. It is your system that's at risk! (Not mine.)
Title: Re: Technical
Post by: Asyn on October 18, 2014, 09:44:33 PM
Revealed: how Whisper app tracks ‘anonymous’ users
http://www.theguardian.com/world/2014/oct/16/-sp-revealed-whisper-app-tracking-users
Title: Re: Technical
Post by: Asyn on October 19, 2014, 09:35:30 AM
Tor Browser 4.0 is released
https://blog.torproject.org/blog/tor-browser-40-released
https://www.torproject.org/download/download-easy.html
Title: Re: Technical
Post by: Asyn on October 20, 2014, 07:50:29 AM
New FrameworkPOS variant exfiltrates data via DNS requests
https://blog.gdatasoftware.com/blog/article/new-frameworkpos-variant-exfiltrates-data-via-dns-requests.html
Title: Re: Technical
Post by: Asyn on October 21, 2014, 01:56:53 PM
Apple’s Mac computers can automatically collect your location information
http://www.washingtonpost.com/blogs/the-switch/wp/2014/10/20/apples-mac-computers-can-automatically-collect-your-location-information/
Title: Re: Technical
Post by: Asyn on October 23, 2014, 12:23:23 PM
Extreme Privilege Escalation On Windows 8/UEFI Systems
https://www.mitre.org/sites/default/files/publications/14-2221-extreme-escalation.pdf
http://www.kb.cert.org/vuls/id/552286
Title: Re: Technical
Post by: Asyn on October 25, 2014, 06:37:40 PM
The Case of the Modified Binaries
http://www.leviathansecurity.com/blog/the-case-of-the-modified-binaries/
Title: Re: Technical
Post by: Asyn on October 27, 2014, 02:02:24 PM
Adobe is Spying on Users, Collecting Data on Their eBook Libraries
http://the-digital-reader.com/2014/10/06/adobe-spying-users-collecting-data-ebook-libraries/
http://arstechnica.com/security/2014/10/adobes-e-book-reader-sends-your-reading-logs-back-to-adobe-in-plain-text/
Adobe Updates Digital Edition, Stops Sharing User Info With the Internet
http://the-digital-reader.com/2014/10/23/adobe-updates-digital-edition-stops-sharing-user-info-internet/
Title: Re: Technical
Post by: Asyn on October 28, 2014, 07:00:40 AM
Pony stealer spread vicious malware using email campaign
http://blog.avast.com/2014/10/27/pony-stealer-spread-vicious-malware-using-email-campaign/
Title: Re: Technical
Post by: Asyn on October 29, 2014, 07:02:42 AM
iCloud Uploads Local Data Outside of iCloud Drive
https://datavibe.net/~sneak/20141023/wtf-icloud/
Title: Re: Technical
Post by: Asyn on October 30, 2014, 07:34:33 AM
How Verizon’s Advertising Header Works
http://webpolicy.org/2014/10/24/how-verizons-advertising-header-works/
Title: Re: Technical
Post by: Asyn on November 01, 2014, 07:38:21 AM
Why Samsung Knox isn't really a Fort Knox
http://mobilesecurityares.blogspot.co.uk/2014/10/why-samsung-knox-isnt-really-fort-knox.html
Title: Re: Technical
Post by: Asyn on November 02, 2014, 09:06:56 AM
Mac OS X local privilege escalation (IOBluetoothFamily)
http://randomthoughts.greyhats.it/2014/10/osx-local-privilege-escalation.html
Title: Re: Technical
Post by: Asyn on November 03, 2014, 06:03:40 AM
Microsoft EMET - Armor against zero-days bypassed again
http://blog.sec-consult.com/2014/10/microsoft-emet-armor-against-zero-days.html
Title: Re: Technical
Post by: Asyn on November 04, 2014, 07:59:22 AM
A Lesson In Security
http://blog.ircmaxell.com/2014/10/a-lesson-in-security.html
Title: Re: Technical
Post by: Asyn on November 05, 2014, 07:47:24 AM
Announcing the 2014 Volatility Plugin Contest Results!
http://volatility-labs.blogspot.com/2014/10/announcing-2014-volatility-plugin.html
Title: Re: Technical
Post by: Asyn on November 07, 2014, 06:43:04 AM
Secure Messaging Scorecard
https://www.eff.org/secure-messaging-scorecard
Title: Re: Technical
Post by: Asyn on November 08, 2014, 05:10:52 AM
WireLurker: A New Era in OS X and iOS Malware
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
http://www.zdziarski.com/blog/?p=4140
Title: Re: Technical
Post by: mchain on November 08, 2014, 08:24:52 AM
When tech support scams meet Ransomlock
A technical-support phone scam uses Trojan.Ransomlock.AM to lock the user’s computer and trick them into calling a technical help phone number to resolve the issue.

http://www.symantec.com/connect/blogs/when-tech-support-scams-meet-ransomlock (http://www.symantec.com/connect/blogs/when-tech-support-scams-meet-ransomlock)
Scroll to the bottom of the page for steps to fix this infection.  Note the infectious agent comes with adware and other grayware programs one may install inadvertently via freeware.
Title: Re: Technical
Post by: Asyn on November 09, 2014, 08:53:44 AM
How I Reverse Engineered Google Docs To Play Back Any Document’s Keystrokes
http://features.jsomers.net/how-i-reverse-engineered-google-docs/
Title: Re: Technical
Post by: Asyn on November 10, 2014, 06:17:02 AM
WireLurker: A New Era in OS X and iOS Malware
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-new-era-os-x-ios-malware/
http://www.zdziarski.com/blog/?p=4140

WireLurker for Windows
http://researchcenter.paloaltonetworks.com/2014/11/wirelurker-windows/
Title: Re: Technical
Post by: Asyn on November 11, 2014, 08:23:13 AM
The Darkhotel APT - A Story of Unusual Hospitality
http://securelist.com/blog/research/66779/the-darkhotel-apt/
Title: Re: Technical
Post by: Asyn on November 12, 2014, 06:01:32 AM
Masque Attack: All Your iOS Apps Belong to Us
http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html
Title: Re: Technical
Post by: Asyn on November 13, 2014, 07:05:48 AM
Batch NFS
http://cr.yp.to/factorization/batchnfs-20141109.pdf
Title: Re: Technical
Post by: Asyn on November 14, 2014, 07:04:00 AM
BadUSB Exposure
https://opensource.srlabs.de/projects/badusb
Title: Re: Technical
Post by: Asyn on November 15, 2014, 06:46:08 AM
Bypassing Microsoft’s Patch for the Sandworm Zero Day: a Detailed Look at the Root Cause
http://blogs.mcafee.com/mcafee-labs/bypassing-microsofts-patch-sandworm-zero-day-root-cause
Title: Re: Technical
Post by: Para-Noid on November 17, 2014, 07:24:44 PM
Interesting article about browser fingerprinting!

https://panopticlick.eff.org/browser-uniqueness.pdf

Article from panopticlick (https://panopticlick.eff.org)
Title: Re: Technical
Post by: Asyn on November 19, 2014, 06:09:02 AM
Triggering MS14-066
http://blog.beyondtrust.com/triggering-ms14-066
Title: Re: Technical
Post by: Asyn on November 20, 2014, 06:59:24 AM
On the Effectiveness of Traffic Analysis Against Anonymity Networks Using Flow Records
https://mice.cs.columbia.edu/getTechreport.php?techreportID=1545 [PDF]
https://blog.torproject.org/blog/traffic-correlation-using-netflows
Title: Re: Technical
Post by: Asyn on November 21, 2014, 07:36:59 AM
BitTorrentsync security & privacy analysis – Hackito Session results
http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/
Title: Re: Technical
Post by: bob3160 on November 21, 2014, 09:51:25 AM
BitTorrentsync security & privacy analysis – Hackito Session results
http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/ (http://2014.hackitoergosum.org/bittorrentsync-security-privacy-analysis-hackito-session-results/)
BitTorrent dismisses Sync security concerns (http://www.pcworld.com/article/2849892/bittorrent-dismisses-security-concerns-raised-about-its-sync-app.html)
Title: Re: Technical
Post by: Asyn on November 22, 2014, 05:40:26 PM
Let’s Encrypt: Delivering SSL/TLS Everywhere
https://letsencrypt.org/2014/11/18/announcing-lets-encrypt.html
https://letsencrypt.org/howitworks/technology/
Title: Re: Technical
Post by: Asyn on November 23, 2014, 08:18:35 AM
WordPress 3 Persistent Script Injection
http://klikki.fi/adv/wordpress.html
https://wordpress.org/news/2014/11/wordpress-4-0-1/
Title: Re: Technical
Post by: Asyn on November 24, 2014, 11:43:32 AM
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Title: Re: Technical
Post by: Asyn on November 25, 2014, 12:03:03 PM
on Linux, 'less' can probably get you owned
http://seclists.org/fulldisclosure/2014/Nov/74
Title: Re: Technical
Post by: Asyn on November 26, 2014, 07:07:18 AM
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
Title: Re: Technical
Post by: Asyn on November 28, 2014, 08:35:42 AM
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
Secret Malware in European Union Attack Linked to U.S. and British Intelligence
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
Title: Re: Technical
Post by: Asyn on November 29, 2014, 06:06:17 AM
CryptoPHP: Analysis of a hidden threat inside popular content management systems
http://blog.fox-it.com/2014/11/18/cryptophp-analysis-of-a-hidden-threat-inside-popular-content-management-systems/
http://blog.fox-it.com/2014/11/26/cryptophp-a-week-later-more-than-23-000-sites-affected/
https://foxitsecurity.files.wordpress.com/2014/11/cryptophp-whitepaper-foxsrt-v4.pdf
Title: Re: Technical
Post by: Asyn on November 29, 2014, 04:41:53 PM
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
Secret Malware in European Union Attack Linked to U.S. and British Intelligence
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
Regin, an old but sophisticated cyber espionage toolkit platform
https://blog.gdatasoftware.com/blog/article/regin-an-old-but-sophisticated-cyber-espionage-toolkit-platform.html
Title: Re: Technical
Post by: Asyn on November 30, 2014, 06:45:32 AM
Best Web Application Vulnerability Scanners
http://n0where.net/best-web-application-vulnerability-scanners/
Title: Re: Technical
Post by: Asyn on December 01, 2014, 09:34:02 AM
Regin: Top-tier espionage tool enables stealthy surveillance
http://www.symantec.com/connect/blogs/regin-top-tier-espionage-tool-enables-stealthy-surveillance
http://www.symantec.com/content/en/us/enterprise/media/security_response/whitepapers/regin-analysis.pdf
Regin: Nation-state ownage of GSM networks
https://securelist.com/blog/research/67741/regin-nation-state-ownage-of-gsm-networks/
https://securelist.com/files/2014/11/Kaspersky_Lab_whitepaper_Regin_platform_eng.pdf
Secret Malware in European Union Attack Linked to U.S. and British Intelligence
https://firstlook.org/theintercept/2014/11/24/secret-regin-malware-belgacom-nsa-gchq/
Regin, an old but sophisticated cyber espionage toolkit platform
https://blog.gdatasoftware.com/blog/article/regin-an-old-but-sophisticated-cyber-espionage-toolkit-platform.html
ReginScanner
https://github.com/Neo23x0/ReginScanner
Title: Re: Technical
Post by: Asyn on December 03, 2014, 06:39:38 AM
FIN4: Stealing Insider Information for an Advantage in Stock Trading?
https://www.fireeye.com/blog/threat-research/2014/11/fin4_stealing_insid.html
https://www.fireeye.com/content/dam/fireeye-www/global/en/current-threats/pdfs/rpt-fin4.pdf
Title: Re: Technical
Post by: Asyn on December 04, 2014, 02:59:09 PM
Operation Cleaver
http://www.cylance.com/operation-cleaver/
http://www.cylance.com/assets/Cleaver/Cylance_Operation_Cleaver_Report.pdf
Title: Re: Technical
Post by: Asyn on December 06, 2014, 06:25:32 AM
Operation Auroragold - How the NSA Hacks Cellphone Networks Worldwide
https://firstlook.org/theintercept/2014/12/04/nsa-auroragold-hack-cellphones/
Title: Re: Technical
Post by: Asyn on December 09, 2014, 07:17:41 AM
Clubbing Seals: Exploring the Ecosystem of Third-party Security Seals
http://securitee.org/files/seals_ccs2014.pdf
Title: Re: Technical
Post by: Asyn on December 10, 2014, 06:52:06 AM
The dark side of Apple’s two-factor authentication
http://thenextweb.com/apple/2014/12/08/lost-apple-id-learnt-hard-way-careful-two-factor-authentication/
Title: Re: Technical
Post by: Asyn on December 11, 2014, 09:35:37 AM
Not out of the woods yet: There are more POODLEs
https://vivaldi.net/blogs/entry/not-out-of-the-woods-yet-there-are-more-poodles
Title: Re: Technical
Post by: Asyn on December 12, 2014, 05:55:27 AM
The 'Penquin' Turla
https://securelist.com/blog/research/67962/the-penquin-turla-2/
Title: Re: Technical
Post by: Asyn on December 12, 2014, 02:00:29 PM
Mobile advertising firms spread malware by posing as official Google Play apps
https://blog.avast.com/2014/12/12/mobile-advertising-firms-spread-malware-by-posing-as-official-google-play-apps/
Title: Re: Technical
Post by: Asyn on December 13, 2014, 06:11:44 AM
The 'Penquin' Turla
https://securelist.com/blog/research/67962/the-penquin-turla-2/
Mysterious Turla Linux Backdoor Also For Solaris?
https://www.f-secure.com/weblog/archives/00002775.html
Title: Re: Technical
Post by: Asyn on December 15, 2014, 06:29:27 AM
Operation Socialist - The Inside Story of How British Spies Hacked Belgium’s Largest Telco
https://firstlook.org/theintercept/2014/12/13/belgacom-hack-gchq-inside-story/
Title: Re: Technical
Post by: Asyn on December 17, 2014, 08:25:38 AM
The FBI Used the Web’s Favorite Hacking Tool to Unmask Tor Users
http://www.wired.com/2014/12/fbi-metasploit-tor/
Title: Re: Technical
Post by: Asyn on December 18, 2014, 05:57:54 AM
South Korea hit with banking malware using VPN connection
https://blog.avast.com/2014/12/17/south-korea-hit-with-banking-malware-using-vpn-connection/
Title: Re: Technical
Post by: Asyn on December 21, 2014, 09:20:32 AM
Wiper Malware – A Detection Deep Dive
http://blogs.cisco.com/security/talos/wiper-malware
Title: Re: Technical
Post by: Asyn on December 22, 2014, 06:54:35 AM
Zero Knowledge Proofs: An illustrated primer
http://blog.cryptographyengineering.com/2014/11/zero-knowledge-proofs-illustrated-primer.html
Title: Re: Technical
Post by: Asyn on December 23, 2014, 07:23:18 AM
Tens of millions of dollars, credit cards and intellectual property stolen by a new group of cyber criminals
https://www.fox-it.com/en/press-releases/anunak/
https://www.fox-it.com/en/files/2014/12/Anunak_APT-against-financial-institutions2.pdf
Title: Re: Technical
Post by: Asyn on December 28, 2014, 08:49:53 AM
Thunderstrike
https://trmm.net/Thunderstrike
Title: Re: Technical
Post by: Asyn on January 07, 2015, 06:15:53 AM
Linux DDoS Trojan hiding itself with an embedded rootkit
https://blog.avast.com/2015/01/06/linux-ddos-trojan-hiding-itself-with-an-embedded-rootkit/
Title: Re: Technical
Post by: Asyn on January 08, 2015, 06:42:22 AM
Secure Secure Shell
https://stribika.github.io/2015/01/04/secure-secure-shell.html
Title: Re: Technical
Post by: Asyn on January 09, 2015, 06:02:13 AM
31C3: a new dawn - Videos
http://media.ccc.de/browse/congress/2014/
Title: Re: Technical
Post by: Asyn on January 11, 2015, 08:01:34 AM
HSTS Super Cookies
http://www.radicalresearch.co.uk/lab/hstssupercookies/
Title: Re: Technical
Post by: polonus on January 11, 2015, 06:08:27 PM
New security layer coming to Firefox and Google Chrome browsers based on MAC -mandatory access control.
JS won't share data any longer where data should not be shared, because of inherent insecurity that becomes shared also!
A public draft will be set up for COWL to be generally implemented in adapted browsers within the year.
Read about "A Confinement System for the Web": http://cowl.ws/
Test: http://cowl.ws/examples/checker/

polonus
Title: Re: Technical
Post by: bob3160 on January 11, 2015, 06:20:37 PM
New security layer coming to Firefox and Google Chrome browsers based on MAC -mandatory access control.
JS won't share data any longer where data should not be shared, because of inherent insecurity that becomes shared also!
A public draft will be set up for COWL to be generally implemented in adapted browsers within the year.
Read about "A Confinement System for the Web": http://cowl.ws/ (http://cowl.ws/)
Test: http://cowl.ws/examples/checker/ (http://cowl.ws/examples/checker/)

polonus
All this added protection may be nice but eventually it will bring the internet to it's knees.
Between the scanning of you AV and all the other security programs and browser add-ons,
browsing is getting slower by the day.
It's time to center the attack against the actual source that makes this additional scanning necessary .  (Just my 2 cents) :)
Title: Re: Technical
Post by: Asyn on January 12, 2015, 08:48:54 AM
Lizard Stresser Runs on Hacked Home Routers
http://krebsonsecurity.com/2015/01/lizard-stresser-runs-on-hacked-home-routers/
Title: Re: Technical
Post by: bob3160 on January 12, 2015, 06:00:05 PM
Inside CryptoWall 2.0 (http://arstechnica.com/information-technology/2015/01/inside-cryptowall-2-0-ransomware-professional-edition/)
Not something you want to run into


Title: Re: Technical
Post by: Secondmineboy on January 12, 2015, 06:01:49 PM
In a few years AVs will be useless for such malwares and the OS developers need to work hard on security now.

Microsoft is heading in a good direction already.

Theres also a virus for OSX (mostly MacBooks), which you cannot get rid of even by replacing the Harddrive.
Title: Re: Technical
Post by: Asyn on January 14, 2015, 05:42:23 AM
Skeleton Key Malware Analysis
http://www.secureworks.com/cyber-threat-intelligence/threats/skeleton-key-malware-analysis/
Title: Re: Technical
Post by: Asyn on January 16, 2015, 08:00:49 AM
Fobus, the sneaky little thief that could
https://blog.avast.com/2015/01/15/fobus-the-sneaky-little-thief-that-could/
Title: Re: Technical
Post by: Pondus on January 16, 2015, 12:36:26 PM
Joe Sandbox  for those who want to play  http://www.joesecurity.org/

Title: Re: Technical
Post by: Asyn on January 17, 2015, 06:45:20 AM
The Turn-Verizon Zombie Cookie
http://webpolicy.org/2015/01/14/turn-verizon-zombie-cookie/
Title: Re: Technical
Post by: Asyn on January 18, 2015, 06:36:18 AM
Meet KeySweeper, the $10 USB charger that steals MS keyboard strokes
http://arstechnica.com/security/2015/01/meet-keysweeper-the-10-usb-charger-that-steals-ms-keyboard-strokes/
Title: Re: Technical
Post by: Asyn on January 22, 2015, 06:32:52 AM
Cisco Annual Security Report Reveals Widening Gulf Between Perception and Reality of Cybersecurity Readiness
http://newsroom.cisco.com/press-release-content?type=webcontent&articleId=1576007
Title: Re: Technical
Post by: Asyn on January 28, 2015, 08:03:53 AM
Comparing the Regin module 50251 and the "Qwerty" keylogger
https://securelist.com/blog/research/68525/comparing-the-regin-module-50251-and-the-qwerty-keylogger/
Title: Re: Technical
Post by: Asyn on January 30, 2015, 06:28:16 AM
Deploying tor relays (Mozilla Polaris Privacy Initiative)
https://blog.mozilla.org/it/2015/01/28/deploying-tor-relays/
Title: Re: Technical
Post by: Asyn on February 01, 2015, 10:43:58 AM
Seven Months’ Worth of Mistakes: A Longitudinal Study of Typosquatting Abuse
https://lirias.kuleuven.be/bitstream/123456789/471369/3/typos-final.pdf
Title: Re: Technical
Post by: Asyn on February 03, 2015, 07:20:53 AM
Autoruns v13.0
http://blogs.technet.com/b/sysinternals/archive/2015/01/29/update-autoruns-v13-0.aspx
https://technet.microsoft.com/en-us/sysinternals/bb963902

This major update to Autoruns, an autostart execution point (ASEP) manager, now has integration with Virustotal.com to show the status of entries with respect to scans by over four dozen antimalware engines.
Title: Re: Technical
Post by: Asyn on February 04, 2015, 06:50:20 AM
RansomWeb: emerging website threat that may outshine DDoS, data theft and defacements?
https://www.htbridge.com/blog/ransomweb_emerging_website_threat.html
Title: Re: Technical
Post by: Asyn on February 07, 2015, 10:23:29 AM
Beemer, Open Thyself! – Security vulnerabilities in BMW's ConnectedDrive
http://www.heise.de/ct/artikel/Beemer-Open-Thyself-Security-vulnerabilities-in-BMW-s-ConnectedDrive-2540957.html
Title: Re: Technical
Post by: Asyn on February 08, 2015, 08:21:09 AM
Anatomy of a Brute Force Campaign: The Story of Hee Thai Limited
https://www.fireeye.com/blog/threat-research/2015/02/anatomy_of_a_brutef.html
Title: Re: Technical
Post by: Asyn on February 10, 2015, 11:39:08 AM
MongoDB databases at risk
http://cispa.saarland/wp-content/uploads/2015/02/MongoDB_documentation.pdf
Title: Re: Technical
Post by: Asyn on February 11, 2015, 08:57:34 AM
Mobile Crypto-Ransomware Simplocker now on Steroids
https://blog.avast.com/2015/02/10/mobile-crypto-ransomware-simplocker-now-on-steroids/
Title: Re: Technical
Post by: Asyn on February 11, 2015, 03:07:55 PM
Cyber Espionage Campaign Compromises Web Properties to Target US Financial Services and Defense Companies and Chinese Dissidents in Watering Hole Style Attack
http://www.isightpartners.com/2015/02/codoso/
Title: Re: Technical
Post by: Asyn on February 15, 2015, 11:18:42 AM
Combating Dormant Malware Apps with Harvester
http://sseblog.ec-spride.de/2015/02/introducing-harvester/
http://www.bodden.de/pubs/TUD-CS-2015-0031.pdf
Title: Re: Technical
Post by: Asyn on February 16, 2015, 09:38:47 AM
MS15-011 & MS15-014: Hardening Group Policy
http://blogs.technet.com/b/srd/archive/2015/02/10/ms15-011-amp-ms15-014-hardening-group-policy.aspx
Title: Re: Technical
Post by: Asyn on February 17, 2015, 11:12:26 AM
Bad Browser Plug-ins Gone Wild: Malvertising, Data Exfiltration, and Malware, Oh my!
http://blogs.cisco.com/security/talos/bad-browser-plug-ins
Title: Re: Technical
Post by: Asyn on February 18, 2015, 07:49:13 AM
Angry Android hacker hides Xbot malware in popular application icons
https://blog.avast.com/2015/02/17/angry-android-hacker-hides-xbot-malware-in-popular-application-icons/
Title: Re: Technical
Post by: Asyn on February 18, 2015, 12:19:12 PM
The Great Bank Robbery: the Carbanak APT
https://securelist.com/blog/research/68732/the-great-bank-robbery-the-carbanak-apt/
https://securelist.com/files/2015/02/Carbanak_APT_eng.pdf
Title: Re: Technical
Post by: Asyn on February 19, 2015, 07:01:12 AM
Introducing Extension Signing: A Safer Add-on Experience
https://blog.mozilla.org/addons/2015/02/10/extension-signing-safer-experience/
https://developer.mozilla.org/en-US/Add-ons/Add-on_guidelines
Title: Re: Technical
Post by: Asyn on February 20, 2015, 06:22:30 AM
Babar: Suspected Nation State Spyware In The Spotlight
http://www.cyphort.com/babar-suspected-nation-state-spyware-spotlight/
Title: Re: Technical
Post by: Asyn on February 21, 2015, 09:05:33 AM
The Great SIM Heist - How Spies Stole the Keys to the Encryption Castle
https://firstlook.org/theintercept/2015/02/19/great-sim-heist/
Title: Re: Technical
Post by: Asyn on February 22, 2015, 08:20:18 AM
Malware Is Still Spying On You Even When Your Mobile Is Off
http://now.avg.com/malware-is-still-spying-on-you-after-your-mobile-is-off/
Title: Re: Technical
Post by: Asyn on February 23, 2015, 07:57:12 AM
Using Google Cloud Platform for Security Scanning
http://googlecloudplatform.blogspot.com/2015/02/using-google-cloud-platform-for.html
https://cloud.google.com/tools/security-scanner/
Title: Re: Technical
Post by: Asyn on February 26, 2015, 09:37:56 AM
GPG And Me
http://www.thoughtcrime.org/blog/gpg-and-me/
Title: Re: Technical
Post by: Asyn on March 01, 2015, 09:46:25 AM
Spam Uses Default Passwords to Hack Routers
http://krebsonsecurity.com/2015/02/spam-uses-default-passwords-to-hack-routers/
http://www.proofpoint.com/us/threat-insight/post/Phish-Pharm
Title: Re: Technical
Post by: Asyn on March 03, 2015, 01:55:47 PM
Abusing Blu-ray Players Pt. 1 – Sandbox Escapes
https://www.nccgroup.com/en/blog/2015/02/abusing-blu-ray-players-pt-1-sandbox-escapes/
Title: Re: Technical
Post by: Asyn on March 04, 2015, 08:44:03 AM
The Tricky World of Securing Firmware
https://blogs.intel.com/evangelists/2015/02/20/tricky-world-securing-firmware/
Title: Re: Technical
Post by: Asyn on March 05, 2015, 08:12:48 AM
Tracking the FREAK Attack
https://freakattack.com/
Title: Re: Technical
Post by: Asyn on March 06, 2015, 09:35:32 AM
Casper Malware: After Babar and Bunny, Another Espionage Cartoon
http://www.welivesecurity.com/2015/03/05/casper-malware-babar-bunny-another-espionage-cartoon/
Title: Re: Technical
Post by: Asyn on March 08, 2015, 09:12:16 AM
Cuckoo Sandbox 1.2
http://cuckoosandbox.org/2015-03-04-cuckoo-sandbox-12.html
Title: Re: Technical
Post by: Asyn on March 09, 2015, 10:00:27 AM
PowerSpy: Location Tracking using Mobile Device Power Analysis
http://arxiv.org/abs/1502.03182
http://arxiv.org/pdf/1502.03182v2 [PDF]
Title: Re: Technical
Post by: mchain on March 10, 2015, 07:27:08 AM
Project Zero
News and updates from the Project Zero team at Google

Exploiting the DRAM rowhammer bug to gain kernel privileges
http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html (http://googleprojectzero.blogspot.com/2015/03/exploiting-dram-rowhammer-bug-to-gain.html)
Title: Re: Technical
Post by: Asyn on March 11, 2015, 10:51:45 AM
Proving that Android’s, Java’s and Python’s sorting algorithm is broken (and showing how to fix it)
http://www.envisage-project.eu/proving-android-java-and-python-sorting-algorithm-is-broken-and-how-to-fix-it
Title: Re: Technical
Post by: Asyn on March 12, 2015, 09:19:16 AM
iSpy: The CIA Campaign to Steal Apple’s Secrets
https://firstlook.org/theintercept/2015/03/10/ispy-cia-campaign-steal-apples-secrets/
Title: Re: Technical
Post by: Asyn on March 14, 2015, 06:51:40 PM
Inside the EquationDrug Espionage Platform
http://securelist.com/blog/research/69203/inside-the-equationdrug-espionage-platform/
Title: Re: Technical
Post by: Asyn on March 16, 2015, 08:03:31 AM
Talos Discovery Spotlight: Hundreds of Thousands of Google Apps Domains’ Private WHOIS Information Disclosed
http://blogs.cisco.com/security/talos/whoisdisclosure
Title: Re: Technical
Post by: Asyn on March 18, 2015, 08:01:04 AM
How "../sms" could bypass Authy 2 Factor Authentication
http://sakurity.com/blog/2015/03/15/authy_bypass.html
Title: Re: Technical
Post by: Asyn on March 19, 2015, 09:01:56 AM
Apple iOS Hardware Assisted Screenlock Bruteforce
http://blog.mdsec.co.uk/2015/03/bruteforcing-ios-screenlock.html
Title: Re: Technical
Post by: polonus on March 19, 2015, 03:30:34 PM
Pirate Bay cleverly circumvents UK ISP restrictions:
http://torrentfreak.com/secure-pirate-bay-unblocked-by-most-uk-isps-150316/

pol
Title: Re: Technical
Post by: mchain on March 20, 2015, 06:01:46 AM
New OpenSSL vulnerability could facilitate DoS attacks
http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks (http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks)
Title: Re: Technical
Post by: Asyn on March 20, 2015, 08:39:07 AM
New OpenSSL vulnerability could facilitate DoS attacks
http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks (http://www.symantec.com/connect/blogs/new-openssl-vulnerability-could-facilitate-dos-attacks)
OpenSSL Update available
https://www.openssl.org/news/secadv_20150319.txt
https://www.openssl.org/source/
Title: Re: Technical
Post by: Asyn on March 23, 2015, 08:50:52 AM
Cisco posts kit to empty houses to dodge NSA chop shops
http://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/
Title: Re: Technical
Post by: Asyn on March 23, 2015, 08:55:35 AM
FREAK Out on Mobile
https://www.fireeye.com/blog/threat-research/2015/03/freak_out_on_mobile.html
Title: Re: Technical
Post by: Asyn on March 25, 2015, 07:52:18 AM
How Many Million BIOSes Would you Like to Infect?
http://legbacore.com/Research_files/HowManyMillionBIOSWouldYouLikeToInfect_Full.pdf
Title: Re: Technical
Post by: Asyn on March 26, 2015, 07:26:26 AM
Threat Spotlight: PoSeidon, A Deep Dive Into Point of Sale Malware
http://blogs.cisco.com/security/talos/POSeidon
Title: Re: Technical
Post by: Asyn on March 27, 2015, 07:11:52 AM
The old is new, again. CVE-2011-2461 is back!
http://blog.nibblesec.org/2015/03/the-old-is-new-again-cve-2011-2461-is.html
Title: Re: Technical
Post by: Asyn on March 28, 2015, 11:10:57 AM
Stealing Data From Computers Using Heat
http://www.wired.com/2015/03/stealing-data-computers-using-heat/
Title: Re: Technical
Post by: Asyn on March 28, 2015, 04:52:44 PM
A better debugger? System to find a common programming bug significantly outperforms predecessors
http://www.csail.mit.edu/node/2457
http://dl.acm.org/citation.cfm?id=2694389 [PDF]
Title: Re: Technical
Post by: Asyn on March 29, 2015, 10:15:27 AM
Breaking SSL with a 13-year-old RC4 Weakness
http://www.imperva.com/docs/HII_Attacking_SSL_when_using_RC4.pdf
Title: Re: Technical
Post by: Asyn on March 30, 2015, 05:57:10 AM
The Palinopsia Bug
https://hsmr.cc/palinopsia/
Title: Re: Technical
Post by: Asyn on March 31, 2015, 09:38:31 AM
Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS
http://www.isg.rhul.ac.uk/tls/RC4passwords.pdf
Title: Re: Technical
Post by: Asyn on April 02, 2015, 08:03:43 AM
Opportunistic Encryption For Firefox
http://bitsup.blogspot.com/2015/03/opportunistic-encryption-for-firefox.html
Title: Re: Technical
Post by: Asyn on April 04, 2015, 09:09:48 AM
Open Crypto Audit Project - Phase II analysis is completed
https://opencryptoaudit.org/reports/TrueCrypt_Phase_II_NCC_OCAP_final.pdf
Title: Re: Technical
Post by: Asyn on April 07, 2015, 03:42:14 PM
Google Android Security Report 2014
https://static.googleusercontent.com/media/source.android.com/en/us/devices/tech/security/reports/Google_Android_Security_2014_Report_Final.pdf
Title: Re: Technical
Post by: Asyn on April 08, 2015, 11:20:50 AM
Liveblog: Malvertising from Google advertisements via possibly compromised reseller
http://blog.fox-it.com/2015/04/07/liveblog-malvertising-from-google-advertisements-via-possibly-compromised-reseller/
Title: Re: Technical
Post by: Asyn on April 10, 2015, 08:04:57 AM
International police operation targets polymorphic Beebone botnet
https://www.europol.europa.eu/content/international-police-operation-targets-polymorphic-beebone-botnet
https://www.us-cert.gov/ncas/alerts/TA15-098A
Title: Re: Technical
Post by: Asyn on April 11, 2015, 05:22:49 PM
Hidden backdoor API to root privileges in Apple OS X
https://truesecdev.wordpress.com/2015/04/09/hidden-backdoor-api-to-root-privileges-in-apple-os-x/
Title: Re: Technical
Post by: Asyn on April 13, 2015, 11:55:34 AM
China’s Great Cannon
https://citizenlab.org/2015/04/chinas-great-cannon/
Title: Re: Technical
Post by: Asyn on April 14, 2015, 08:42:58 AM
APT 30 and the Mechanics of a Long-Running Cyber Espionage Operation
https://www.fireeye.com/blog/threat-research/2015/04/apt_30_and_the_mecha.html
Title: Re: Technical
Post by: Asyn on April 15, 2015, 08:35:34 AM
SPEAR - Redirect to SMB
http://blog.cylance.com/redirect-to-smb
Title: Re: Technical
Post by: Asyn on April 16, 2015, 10:14:35 AM
Simda's Hide and Seek: Grown-up Games
http://securelist.com/blog/69580/simdas-hide-and-seek-grown-up-games/
http://blogs.technet.com/b/mmpc/archive/2015/04/12/microsoft-partners-with-interpol-industry-to-disrupt-global-malware-attack-affecting-more-than-770-000-pcs-in-past-six-months-39-simda-at-39-designed-to-divert-internet-traffic-to-disseminate-other-types-of-malware.aspx
Title: Re: Technical
Post by: Asyn on April 17, 2015, 09:06:32 AM
The Chronicles of the Hellsing APT: the Empire Strikes Back
http://securelist.com/analysis/publications/69567/the-chronicles-of-the-hellsing-apt-the-empire-strikes-back/
Title: Re: Technical
Post by: Asyn on April 19, 2015, 10:30:02 AM
IBM X-Force Exchange
https://exchange.xforce.ibmcloud.com/
Title: Re: Technical
Post by: Asyn on April 21, 2015, 08:47:12 AM
Operation RussianDoll: Adobe & Windows Zero-Day Exploits Likely Leveraged by Russia’s APT28 in Highly-Targeted Attack
https://www.fireeye.com/blog/threat-research/2015/04/probable_apt28_useo.html
Title: Re: Technical
Post by: Asyn on April 22, 2015, 10:20:30 AM
Clarification of Tor's involvement with DARPA's Memex
https://lists.torproject.org/pipermail/tor-talk/2015-April/037538.html
Title: Re: Technical
Post by: Asyn on April 23, 2015, 06:55:30 AM
Analyzing the Magento Vulnerability
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
Title: Re: Technical
Post by: Asyn on April 25, 2015, 06:16:55 AM
Porn clicker app slipped into Google Play imitating popular Dubsmash app
https://blog.avast.com/2015/04/24/porn-clicker-app-slipped-into-google-play-imitating-popular-dubsmash-app/
Title: Re: Technical
Post by: Asyn on April 27, 2015, 08:09:47 AM
“No iOS Zone” – A New Vulnerability Allows DoS Attacks on iOS Devices
https://www.skycure.com/blog/ios-shield-allows-dos-attacks-on-ios-devices/
Title: Re: Technical
Post by: mchain on April 28, 2015, 01:14:27 AM
Don’t count on people to prevent data breaches
http://www.cio.com/article/2913889/data-breach/don-t-count-on-people-to-prevent-data-breaches.html (http://www.cio.com/article/2913889/data-breach/don-t-count-on-people-to-prevent-data-breaches.html)
Title: Re: Technical
Post by: Asyn on April 28, 2015, 07:05:44 AM
Malware authors go a step further to access bank accounts
https://blog.avast.com/2015/04/27/malware-authors-go-a-step-further-to-access-bank-accounts/
Title: Re: Technical
Post by: Pondus on April 28, 2015, 07:46:32 PM
Bugs like this you have never seen   ;D
http://www.theverge.com/2015/4/27/8502421/robots-pull-100-times-their-own-weight

Title: Re: Technical
Post by: Asyn on April 30, 2015, 07:17:28 AM
Analyzing the Magento Vulnerability
http://blog.checkpoint.com/2015/04/20/analyzing-magento-vulnerability/
Magento Shoplift (SUPEE-5344) Exploits in the Wild
https://blog.sucuri.net/2015/04/magento-shoplift-supee-5344-exploits-in-the-wild.html
Title: Re: Technical
Post by: Cast on May 01, 2015, 07:56:53 AM
Antivirus Company Qihoo Censured for Cheating in Lab Tests
http://www.pcmag.com/article2/0,2817,2483498,00.asp
Title: Re: Technical
Post by: Asyn on May 01, 2015, 08:06:31 AM
Antivirus Company Qihoo Censured for Cheating in Lab Tests
http://www.pcmag.com/article2/0,2817,2483498,00.asp
I started a topic here: https://forum.avast.com/index.php?topic=170408.0
Title: Re: Technical
Post by: Asyn on May 01, 2015, 01:48:02 PM
Unboxing Linux/Mumblehard: Muttering spam from your servers
http://www.welivesecurity.com/2015/04/29/unboxing-linuxmumblehard-muttering-spam-servers/
http://www.welivesecurity.com/wp-content/uploads/2015/04/mumblehard.pdf
Title: Re: Technical
Post by: Asyn on May 03, 2015, 08:10:45 AM
Keeping Tabs on WhatsApp's Encryption
http://www.heise.de/ct/artikel/Keeping-Tabs-on-WhatsApp-s-Encryption-2630361.html
Title: Re: Technical
Post by: Asyn on May 05, 2015, 12:20:15 PM
Announcing Windows Update for Business
http://blogs.windows.com/bloggingwindows/2015/05/04/announcing-windows-update-for-business/
Title: Re: Technical
Post by: Asyn on May 06, 2015, 07:12:03 AM
Threat Spotlight: Rombertik – Gazing Past the Smoke, Mirrors, and Trapdoors
http://blogs.cisco.com/security/talos/rombertik
Title: Re: Technical
Post by: Asyn on May 07, 2015, 08:23:47 AM
New Research: The Ad Injection Economy
http://googleonlinesecurity.blogspot.com/2015/05/new-research-ad-injection-economy.html
https://cdn3.vox-cdn.com/uploads/chorus_asset/file/3673260/ad_injector_paper.0.pdf
Title: Re: Technical
Post by: Asyn on May 08, 2015, 09:09:25 AM
JetPack and TwentyFifteen Vulnerable to DOM-based XSS
https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html
Title: Re: Technical
Post by: Asyn on May 10, 2015, 01:00:57 PM
CVE-2014-3440 – Symantec Critical System Protection Remote Code Execution
http://blog.silentsignal.eu/2015/05/07/cve-2014-3440-symantec-critical-system-protection-remote-code-execution/
http://blog.silentsignal.eu/wp-content/uploads/2015/05/S2_SCSP_BulkLog_CVE-2014-3440.txt
Title: Re: Technical
Post by: polonus on May 11, 2015, 12:32:51 AM
Create bootable USB sticks the easy way: https://rufus.akeo.ie/

polonus
Title: Re: Technical
Post by: bob3160 on May 11, 2015, 04:05:05 PM
Create bootable USB sticks the easy way: https://rufus.akeo.ie/ (https://rufus.akeo.ie/)

polonus
https://forum.avast.com/index.php?topic=19387.msg952936#msg952936 (https://forum.avast.com/index.php?topic=19387.msg952936#msg952936)
Title: Re: Technical
Post by: Asyn on May 12, 2015, 09:57:14 AM
Tor Cloud project has been discontinued
https://cloud.torproject.org/
Title: Re: Technical
Post by: Asyn on May 13, 2015, 09:58:43 AM
Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
https://www.rfc-editor.org/rfc/rfc7525.txt
Title: Re: Technical
Post by: Asyn on May 14, 2015, 10:25:56 AM
VENOM - Virtualized Environment Neglected Operations Manipulation
http://venom.crowdstrike.com/
Title: Re: Technical
Post by: Asyn on May 16, 2015, 09:57:38 AM
Encrypto: Encrypt the files you send
http://blog.macpaw.com/post/118774289073/encrypto-encrypt-the-files-you-send
http://macpaw.com/encrypto
Title: Re: Technical
Post by: Asyn on May 18, 2015, 09:42:30 AM
McAfee Stinger Removed From App Directory Due to Malware-Like Behavior
http://portableapps.com/news/2015-05-08--mcafee-stinger-removed-for-malware-like-behavior
Title: Re: Technical
Post by: Asyn on May 19, 2015, 08:50:38 AM
Hiding in Plain Sight: FireEye and Microsoft Expose Chinese APT Group’s Obfuscation Tactic
https://www.fireeye.com/blog/threat-research/2015/05/hiding_in_plain_sigh.html
https://www2.fireeye.com/WEB-2015RPTAPT17.html
Title: Re: Technical
Post by: Asyn on May 20, 2015, 11:15:05 AM
[SE-2014-02] Unconfirmed / unpatched vulnerabilities in Google App Engine
http://seclists.org/fulldisclosure/2015/May/61
http://www.security-explorations.com/en/SE-2014-02-details.html
Title: Re: Technical
Post by: Asyn on May 21, 2015, 09:51:28 AM
KCodes NetUSB: How a Small Taiwanese Software Company Can Impact the Security of Millions of Devices Worldwide
http://blog.sec-consult.com/2015/05/kcodes-netusb-how-small-taiwanese.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20150519-0_KCodes_NetUSB_Kernel_Stack_Buffer_Overflow_v10.txt
Title: Re: Technical
Post by: Asyn on May 22, 2015, 08:05:12 AM
Tech giants don’t want Obama to give police access to encrypted phone data
http://www.washingtonpost.com/world/national-security/tech-giants-urge-obama-to-resist-backdoors-into-encrypted-communications/2015/05/18/11781b4a-fd69-11e4-833c-a2de05b6b2a4_story.html
Title: Re: Technical
Post by: Asyn on May 23, 2015, 07:59:50 AM
NSA Planned to Hijack Google App Store to Hack Smartphones
https://firstlook.org/theintercept/2015/05/21/nsa-five-eyes-google-samsung-app-stores-spyware/
Title: Re: Technical
Post by: Asyn on May 24, 2015, 10:40:22 AM
Ransomware Response Kit
https://bitbucket.org/jadacyrus/ransomwareremovalkit
Title: Re: Technical
Post by: Asyn on May 25, 2015, 11:04:30 AM
Security Analysis of Android Factory Resets
http://www.cl.cam.ac.uk/~rja14/Papers/fr_most15.pdf
Title: Re: Technical
Post by: Asyn on May 27, 2015, 08:38:27 AM
Measuring and mitigating AS-level adversaries against Tor
http://arxiv.org/abs/1505.05173
http://arxiv.org/pdf/1505.05173v3 [PDF]
Title: Re: Technical
Post by: Asyn on May 28, 2015, 09:16:22 AM
Meet ‘Tox': Ransomware for the Rest of Us
https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us
Title: Re: Technical
Post by: Asyn on May 29, 2015, 08:32:07 AM
Moose – the router worm with an appetite for social networks
http://www.welivesecurity.com/2015/05/26/moose-router-worm/
http://www.welivesecurity.com/wp-content/uploads/2015/05/Dissecting-LinuxMoose.pdf
Title: Re: Technical
Post by: Asyn on May 31, 2015, 10:05:38 AM
Mozilla - Update on Extension Signing and New Developer Agreement
https://blog.mozilla.org/addons/2015/05/27/update-signing-new-developer-agreement/
https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Agreement
https://wiki.mozilla.org/Addons/Extension_Signing
Title: Re: Technical
Post by: Asyn on June 01, 2015, 10:21:55 AM
More than fifty vulnerabilities in D-Link NAS and NVR devices
http://www.search-lab.hu/advisories/secadv-20150527
http://www.search-lab.hu/media/D-Link_Security_advisory_3_0_public.pdf
Title: Re: Technical
Post by: Asyn on June 02, 2015, 08:00:43 AM
The Empire Strikes Back Apple – how your Mac firmware security is completely broken
https://reverse.put.as/2015/05/29/the-empire-strikes-back-apple-how-your-mac-firmware-security-is-completely-broken/
Title: Re: Technical
Post by: Asyn on June 03, 2015, 09:17:49 AM
Adios, Hola! Or: Why You Should Immediately Uninstall Hola
http://adios-hola.org/
http://adios-hola.org/advisory.txt
Title: Re: Technical
Post by: Asyn on June 04, 2015, 07:53:23 AM
Hackers Scan All Tor Hidden Services To Find Weaknesses In The 'Dark Web'
http://www.forbes.com/sites/thomasbrewster/2015/06/01/dark-web-vulnerability-scan/
Title: Re: Technical
Post by: Asyn on June 05, 2015, 07:18:11 AM
Auditing GitHub users’ SSH key quality
https://blog.benjojo.co.uk/post/auditing-github-users-keys
Title: Re: Technical
Post by: Asyn on June 06, 2015, 04:51:41 PM
This Hacked Kids’ Toy Opens Garage Doors in Seconds
http://www.wired.com/2015/06/hacked-kids-toy-opens-garage-doors-seconds/
Title: Re: Technical
Post by: Asyn on June 07, 2015, 09:30:59 AM
Let's Encrypt Root and Intermediate Certificates
https://letsencrypt.org/2015/06/04/isrg-ca-certs.html
Title: Re: Technical
Post by: Asyn on June 08, 2015, 10:37:58 AM
Turn It On (2FA)
https://www.turnon2fa.com/
Title: Re: Technical
Post by: Asyn on June 09, 2015, 07:55:33 AM
Trend Micro Discovers MalumPoS; Targets Hotels and other US Industries
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-malumpos-targets-hotels-and-other-us-industries/
http://documents.trendmicro.com/images/tex/pdf/MalumPOS%20Technical%20Brief.pdf
Title: Re: Technical
Post by: Asyn on June 10, 2015, 08:57:16 AM
Brain's reaction to certain words could replace passwords
http://www.eurekalert.org/pub_releases/2015-06/bu-brt060215.php
Title: Re: Technical
Post by: Asyn on June 11, 2015, 08:21:09 AM
The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns
https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/
https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf
http://blog.crysys.hu/2015/06/duqu-2-0/
http://www.crysys.hu/duqu2/duqu2.pdf
Title: Re: Technical
Post by: Asyn on June 14, 2015, 08:02:12 AM
Securing access to Wikimedia sites with HTTPS
https://blog.wikimedia.org/2015/06/12/securing-wikimedia-sites-with-https/
Title: Re: Technical
Post by: Asyn on June 21, 2015, 10:23:07 AM
FIRST announces availability of new Common Vulnerability Scoring System (CVSS) release
https://www.first.org/newsroom/releases/20150610
https://www.first.org/cvss
Title: Re: Technical
Post by: Asyn on June 21, 2015, 10:25:40 AM
Windows 10 to offer application developers new malware defenses
http://blogs.technet.com/b/mmpc/archive/2015/06/09/windows-10-to-offer-application-developers-new-malware-defenses.aspx
Title: Re: Technical
Post by: Asyn on June 22, 2015, 09:31:05 AM
The Mystery of Duqu 2.0: a sophisticated cyberespionage actor returns
https://securelist.com/blog/research/70504/the-mystery-of-duqu-2-0-a-sophisticated-cyberespionage-actor-returns/
https://securelist.com/files/2015/06/The_Mystery_of_Duqu_2_0_a_sophisticated_cyberespionage_actor_returns.pdf
http://blog.crysys.hu/2015/06/duqu-2-0/
http://www.crysys.hu/duqu2/duqu2.pdf
The Duqu 2.0 persistence module
https://securelist.com/blog/research/70641/the-duqu-2-0-persistence-module/
Title: Re: Technical
Post by: Asyn on June 23, 2015, 02:00:49 PM
Let's Encrypt Root and Intermediate Certificates
https://letsencrypt.org/2015/06/04/isrg-ca-certs.html
Let's Encrypt Launch Schedule
https://letsencrypt.org/2015/06/16/lets-encrypt-launch-schedule.html
Title: Re: Technical
Post by: Asyn on June 24, 2015, 10:16:07 AM
IBM 2015 Cyber Security Intelligence Index
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW03073USEN&attachment=SEW03073USEN.PDF

IBM X-Force Threat Intelligence Quarterly, 2Q 2015
http://www-01.ibm.com/common/ssi/cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=WGL03076USEN&attachment=WGL03076USEN.PDF
Title: Re: Technical
Post by: Asyn on June 25, 2015, 03:00:19 PM
Escaping VMware Workstation through COM1
https://docs.google.com/document/d/1sIYgqrytPK-CFWfqDntraA_Fwi2Ov-YBgMtl5hdrYd4/mobilebasic?pli=1
http://www.vmware.com/security/advisories/VMSA-2015-0004.html
Title: Re: Technical
Post by: Asyn on June 26, 2015, 09:43:59 AM
Stealing Keys from PCs using a Radio: Cheap Electromagnetic Attacks on Windowed Exponentiation
http://www.tau.ac.il/~tromer/radioexp/index.html
http://www.cs.tau.ac.il/%7Etromer/papers/radioexp.pdf
Title: Re: Technical
Post by: Asyn on July 01, 2015, 08:14:07 AM
Operation Clandestine Wolf – Adobe Flash Zero-Day in APT3 Phishing Campaign
https://www.fireeye.com/blog/threat-research/2015/06/operation-clandestine-wolf-adobe-flash-zero-day.html
Title: Re: Technical
Post by: Asyn on July 02, 2015, 12:32:32 PM
Introducing s2n, a New Open Source TLS Implementation
https://blogs.aws.amazon.com/security/post/TxCKZM94ST1S6Y/Introducing-s2n-a
https://github.com/awslabs/s2n
Title: Re: Technical
Post by: Asyn on July 05, 2015, 10:15:27 AM
Automatic bug repair
System fixes bugs by importing functionality from other programs — without access to source code
http://newsoffice.mit.edu/2015/automatic-code-bug-repair-0629
Title: Re: Technical
Post by: bob3160 on July 05, 2015, 02:39:55 PM
Automatic bug repair
System fixes bugs by importing functionality from other programs — without access to source code
http://newsoffice.mit.edu/2015/automatic-code-bug-repair-0629 (http://newsoffice.mit.edu/2015/automatic-code-bug-repair-0629)
Sounds like a pipe dream. :)
Unfortunately if this is able to fix things, it's also capable of breaking things.
All depends on who uses it.
Title: Re: Technical
Post by: Asyn on July 09, 2015, 09:40:11 AM
Unpatched Flash Player Flaw, More POCs Found in Hacking Team Leak
http://blog.trendmicro.com/trendlabs-security-intelligence/unpatched-flash-player-flaws-more-pocs-found-in-hacking-team-leak/
https://krebsonsecurity.com/2015/07/adobe-to-patch-hacking-teams-flash-zero-day/
https://helpx.adobe.com/security/products/flash-player/apsb15-16.html
Title: Re: Technical
Post by: Asyn on July 11, 2015, 07:15:08 PM
Keys Under Doormats: Mandating insecurity by requiring government access to all data and communications
http://dspace.mit.edu/bitstream/handle/1721.1/97690/MIT-CSAIL-TR-2015-026.pdf?sequence=6
Title: Re: Technical
Post by: Asyn on July 13, 2015, 03:23:41 PM
Hacking Team [WL]
https://wikileaks.org/hackingteam/emails/
Title: Re: Technical
Post by: Asyn on July 14, 2015, 03:31:12 PM
Building reliable SMM backdoor for UEFI based platforms
http://blog.cr4.sh/2015/07/building-reliable-smm-backdoor-for-uefi.html
Title: Re: Technical
Post by: Para-Noid on July 14, 2015, 11:15:58 PM
WP-CLI Guide: Connect to WordPress via SSH Intro

https://blog.sucuri.net/2015/07/wp-cli-guide-connect-to-wordpress-via-ssh-intro.html?utm_campaign=WordPress&utm_medium=social&utm_source=googleplus
Title: Re: Technical
Post by: Asyn on July 15, 2015, 12:23:15 PM
EICAR introduces a Minimum Standard for Anti-Malware Products
http://newsroom.kaspersky.eu/nl/nieuws/detail/article/eicar-introduces-a-minimum-standard-for-anti-malware-products/
Title: Re: Technical
Post by: Asyn on July 16, 2015, 07:56:13 AM
More than one in 10 American mobile users is the target of mobile malware
https://blog.avast.com/2015/07/15/more-than-one-in-10-american-mobile-users-is-the-target-of-mobile-malware/
http://files.avast.com/files/marketing/security-reports/2015/avast-q1-2015-security-report.pdf

(https://blog.avast.com/wp-content/uploads/2015/07/Avast-Virus-Lab-Blog.jpg)
Title: Re: Technical
Post by: Asyn on July 17, 2015, 01:43:14 PM
Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/
Title: Re: Technical
Post by: bob3160 on July 17, 2015, 03:50:41 PM
Hacking Team Uses UEFI BIOS Rootkit to Keep RCS 9 Agent in Target Systems
http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/ (http://blog.trendmicro.com/trendlabs-security-intelligence/hacking-team-uses-uefi-bios-rootkit-to-keep-rcs-9-agent-in-target-systems/)
This simply means that even a New Harddrive isn't going to get rid of your breach.  :'(
Title: Re: Technical
Post by: Asyn on July 19, 2015, 09:49:49 AM
Major Computer Hacking Forum Dismantled
https://www.fbi.gov/pittsburgh/press-releases/2015/major-computer-hacking-forum-dismantled
https://www.europol.europa.eu/content/cybercriminal-darkode-forum-taken-down-through-global-action
Title: Re: Technical
Post by: Asyn on July 20, 2015, 12:32:18 PM
MMD-0036-2015 - KINS (or ZeusVM) v2.0.0.0 tookit (builder & panel source code) leaked
http://blog.malwaremustdie.org/2015/07/mmd-0036-2015-kins-or-zeusvm-v2000.html
Title: Re: Technical
Post by: Asyn on July 21, 2015, 01:08:51 PM
OpenSSH keyboard-interactive authentication brute force vulnerability (MaxAuthTries bypass)
https://kingcope.wordpress.com/2015/07/16/openssh-keyboard-interactive-authentication-brute-force-vulnerability-maxauthtries-bypass/
Title: Re: Technical
Post by: Asyn on July 22, 2015, 07:04:58 AM
Android malware Fobus now targeting users in the U.S., Germany and Spain
https://blog.avast.com/2015/07/21/android-malware-fobus-now-targeting-users-in-the-u-s-germany-and-spain/

(https://blog.avast.com/wp-content/uploads/2015/07/fobus_table1.png)
Title: Re: Technical
Post by: Asyn on July 23, 2015, 12:16:35 PM
OS X 10.10 DYLD_PRINT_TO_FILE Local Privilege Escalation Vulnerability
https://www.sektioneins.de/blog/15-07-07-dyld_print_to_file_lpe.html
Title: Re: Technical
Post by: Asyn on July 29, 2015, 06:51:52 PM
Big Brother(s) Could be Watching You Thanks to Stagefright
https://blog.avast.com/2015/07/29/big-brothers-could-be-watching-you-thanks-to-stagefright/
Title: Re: Technical
Post by: Asyn on July 30, 2015, 12:04:12 PM
Trend Micro Discovers Vulnerability That Renders Android Devices Silent
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-discovers-vulnerability-that-renders-android-devices-silent/
Title: Re: Technical
Post by: Asyn on July 31, 2015, 12:38:27 PM
An Open Letter to Microsoft’s CEO: Don’t Roll Back the Clock on Choice and Control
https://blog.mozilla.org/blog/2015/07/30/an-open-letter-to-microsofts-ceo-dont-roll-back-the-clock-on-choice-and-control/
Title: Re: Technical
Post by: Asyn on August 03, 2015, 09:48:57 AM
Microsoft Advanced Threat Analytics
http://www.microsoft.com/en-us/server-cloud/products/advanced-threat-analytics/
http://blogs.technet.com/b/ad/archive/2015/07/22/microsoft-advanced-threat-analytics-coming-next-month.aspx
http://download.microsoft.com/download/C/F/6/CF62335F-C46B-4D84-B0C9-363A89B0C5E6/Microsoft_advanced_threat_analytics_datasheet.pdf
Title: Re: Technical
Post by: Asyn on August 03, 2015, 10:36:36 AM
"...no one can hack my mind": Comparing Expert and Non-Expert Security Practices
https://www.usenix.org/system/files/conference/soups2015/soups15-paper-ion.pdf
Title: Re: Technical
Post by: Asyn on August 04, 2015, 11:29:50 AM
Forensiq Projects In-App Ad Fraud Will Surpass $1 Billion In 2015
http://www.prnewswire.com/news-releases/forensiq-projects-in-app-ad-fraud-will-surpass-1-billion-in-2015-300117453.html
http://forensiq.com/mobile-app-fraud-study/
Title: Re: Technical
Post by: Asyn on August 04, 2015, 11:36:07 AM
One in every 600 websites has .git exposed
http://www.jamiembrown.com/blog/one-in-every-600-websites-has-git-exposed/
Title: Re: Technical
Post by: Asyn on August 05, 2015, 12:39:39 PM
Researchers Hack Air-Gapped Computer With Simple Cell Phone
http://www.wired.com/2015/07/researchers-hack-air-gapped-computer-simple-cell-phone/
Title: Re: Technical
Post by: Asyn on August 06, 2015, 11:19:21 AM
Dell Computer Corporation, Inc. Information for VU#577140
BIOS implementations fail to properly set UEFI write protections after waking from sleep mode
http://www.kb.cert.org/vuls/id/BLUU-9XXQ9L
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-2890
Title: Re: Technical
Post by: Asyn on August 07, 2015, 01:16:51 PM
Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned
http://blog.checkpoint.com/2015/08/06/certifigate/
http://www.checkpoint.com/resources/certifigate
Title: Re: Technical
Post by: Asyn on August 08, 2015, 06:43:41 PM
Announcing Approval of Federal Information Processing Standard (FIPS) 202, SHA-3 Standard: Permutation-Based Hash and Extendable-Output Functions, and Revision of the Applicability Clause of FIPS 180-4, Secure Hash Standard
https://www.federalregister.gov/articles/2015/08/05/2015-19181/announcing-approval-of-federal-information-processing-standard-fips-202-sha-3-standard
Title: Re: Technical
Post by: Asyn on August 09, 2015, 10:07:12 AM
RIG Reloaded - Examining the Architecture of RIG Exploit Kit 3.0
https://www.trustwave.com/Resources/SpiderLabs-Blog/RIG-Reloaded---Examining-the-Architecture-of-RIG-Exploit-Kit-3-0/
Title: Re: Technical
Post by: Asyn on August 11, 2015, 08:45:11 AM
WSUSpect - Compromising the Windows Enterprise via Windows Update
https://www.blackhat.com/docs/us-15/materials/us-15-Stone-WSUSpect-Compromising-Windows-Enterprise-Via-Windows-Update-wp.pdf
Title: Re: Technical
Post by: Asyn on August 12, 2015, 08:20:04 AM
The Memory Sinkhole - Unleashing an x86 Design Flaw Allowing Universal Privilege Escalation
https://www.blackhat.com/docs/us-15/materials/us-15-Domas-The-Memory-Sinkhole-Unleashing-An-x86-Design-Flaw-Allowing-Universal-Privilege-Escalation-wp.pdf
Title: Re: Technical
Post by: Asyn on August 13, 2015, 08:04:05 AM
One Class to Rule Them All: New Android Serialization Vulnerability Gives Underprivileged Apps Super Status
https://securityintelligence.com/one-class-to-rule-them-all-new-android-serialization-vulnerability-gives-underprivileged-apps-super-status
Title: Re: Technical
Post by: Asyn on August 14, 2015, 10:40:32 AM
The Pwnie Awards – 2015 Edition
http://blog.lumension.com/10469/the-pwnie-awards-2015-edition/
Title: Re: Technical
Post by: Asyn on August 15, 2015, 10:52:37 AM
Stagefright: Mission Accomplished?
http://blog.exodusintel.com/2015/08/13/stagefright-mission-accomplished/
Title: Re: Technical
Post by: Asyn on August 16, 2015, 07:59:41 AM
Georgia Tech Finds 11 Security Flaws in Popular Internet Browsers Using New Analysis Method
http://www.news.gatech.edu/2015/08/13/georgia-tech-finds-11-security-flaws-popular-internet-browsers-using-new-analysis-method
https://www.usenix.org/system/files/conference/usenixsecurity15/sec15-paper-lee.pdf
Title: Re: Technical
Post by: Asyn on August 18, 2015, 09:35:08 AM
NSA Spying Relies on AT&T’s ‘Extreme Willingness to Help’
https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help
https://www.propublica.org/article/a-trail-of-evidence-leading-to-atts-partnership-with-the-nsa
Title: Re: Technical
Post by: bob3160 on August 18, 2015, 05:26:35 PM
NSA Spying Relies on AT&T’s ‘Extreme Willingness to Help’
https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help (https://www.propublica.org/article/nsa-spying-relies-on-atts-extreme-willingness-to-help)
https://www.propublica.org/article/a-trail-of-evidence-leading-to-atts-partnership-with-the-nsa (https://www.propublica.org/article/a-trail-of-evidence-leading-to-atts-partnership-with-the-nsa)
Since AT&T now owns Directv, their customers information will probably also be shared just as freely....  :o
Title: Re: Technical
Post by: Asyn on August 19, 2015, 07:55:38 AM
MediaServer Takes Another Hit with Latest Android Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/mediaserver-takes-another-hit-with-latest-android-vulnerability/
Title: Re: Technical
Post by: Asyn on August 20, 2015, 01:44:26 PM
P2P File-Sharing in Hell: Exploiting BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks
https://www.usenix.org/conference/woot15/workshop-program/presentation/p2p-file-sharing-hell-exploiting-bittorrent
https://www.usenix.org/system/files/conference/woot15/woot15-paper-adamsky.pdf
Title: Re: Technical
Post by: Para-Noid on August 20, 2015, 08:14:06 PM
A Little Tale About Website Cross-Contamination

https://blog.sucuri.net/2012/03/a-little-tale-about-website-cross-contamination.html?utm_campaign=A%20Little%20Tale%20About%20Website%20Cross-Contamination%20Blogpost&utm_medium=social&utm_source=googleplus

WP-CLI Guide: Install WordPress via SSH

https://blog.sucuri.net/2015/08/wp-cli-guide-installing-wordpress.html?utm_campaign=WP-CLI%20Guide%3A%20Install%20WordPress%20via%20SSH%20Blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Technical
Post by: Asyn on August 21, 2015, 12:45:19 PM
Was the Ashley Madison Database Leaked?
http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/
http://blog.erratasec.com/2015/08/notes-on-ashley-madison-dump.html
https://www.trustedsec.com/august-2015/ashley-madison-database-dumped/
http://www.hydraze.org/2015/08/ashley-madison-full-dump-has-finally-leaked/
Title: Re: Technical
Post by: Para-Noid on August 22, 2015, 06:13:08 PM
Was the Ashley Madison Database Leaked?
http://krebsonsecurity.com/2015/08/was-the-ashley-madison-database-leaked/
http://blog.erratasec.com/2015/08/notes-on-ashley-madison-dump.html
https://www.trustedsec.com/august-2015/ashley-madison-database-dumped/
http://www.hydraze.org/2015/08/ashley-madison-full-dump-has-finally-leaked/

Yes!

https://www.washingtonpost.com/news/the-intersect/wp/2015/08/19/how-to-see-if-you-or-your-spouse-appear-in-the-ashley-madison-leak/?tid=hybrid_collaborative_1_na
Title: Re: Technical
Post by: Para-Noid on August 22, 2015, 06:13:59 PM
Security and Hosting Environments

http://perezbox.com/2015/08/security-and-hosting-environments/?utm_campaign=Tony%20Perez%20on%3A%20Security%20and%20Hosting%20Environments&utm_medium=social&utm_source=googleplus
Title: Re: Technical
Post by: Asyn on August 24, 2015, 12:07:04 PM
Multiple Vulnerabilities in Pocket
https://www.gnu.gl/blog/Posts/multiple-vulnerabilities-in-pocket/
Title: Re: Technical
Post by: Asyn on August 25, 2015, 10:54:23 AM
Ongoing abuse problems at Nic.at and DENIC
https://www.spamhaus.org/news/article/724/ongoing-abuse-problems-at-nic.at-and-denic
Title: Re: Technical
Post by: Para-Noid on August 25, 2015, 09:41:36 PM
How To Create a Website Backup Strategy

https://blog.sucuri.net/2015/04/how-to-create-a-website-backup-strategy.html?utm_campaign=How%20To%20Create%20a%20Website%20Backup%20Strategy%20Blogpost&utm_medium=social&utm_source=googleplus

Virtual Patching for Websites with Sucuri CloudProxy

https://blog.sucuri.net/2013/03/virtual-patching-for-websites-with-sucuri-cloudproxy.html?utm_campaign=What%20is%20virtual%20patching%2C%20and%20how%20we%20use%20it%20with%20our%20WAF%20Blogpost&utm_medium=social&utm_source=googleplus

FunWebProducts UserAgent Bloating Traffic  (Note: not sure where to post this.)

https://blog.sucuri.net/2015/08/funwebproducts-useragent-bloating-traffic.html?utm_campaign=FunWebProducts%20UserAgent%20Bloating%20Traffic%20Blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Technical
Post by: Asyn on August 26, 2015, 07:40:34 AM
New data uncovers the surprising predictability of Android lock patterns
http://arstechnica.com/security/2015/08/new-data-uncovers-the-surprising-predictability-of-android-lock-patterns/
Title: Re: Technical
Post by: Asyn on August 27, 2015, 09:58:45 AM
Quicksand’ – A New Enterprise iOS Vulnerability
https://www.appthority.com/enterprise-mobile-threats/2015/08/19/quicksand-a-new-enterprise-ios-vulnerability/
Title: Re: Technical
Post by: Asyn on August 27, 2015, 10:03:21 AM
Remote Code Execution in Dolphin Browser for Android
http://rotlogix.com/2015/08/22/remote-code-execution-in-dolphin-browser-for-android/

Exploiting the Mercury Browser for Android
http://rotlogix.com/2015/08/23/exploiting-the-mercury-browser-for-android/
Title: Re: Technical
Post by: Asyn on August 28, 2015, 11:58:46 AM
Cryptography Today
https://www.nsa.gov/ia/programs/suiteb_cryptography/index.shtml
Title: Re: Technical
Post by: Para-Noid on August 28, 2015, 04:22:54 PM
Website Malware – Curious .htaccess Conditional Redirect Case

https://blog.sucuri.net/2014/09/website-malware-curious-htaccess-conditional-redirect-case.html?utm_campaign=Website%20Malware%20%E2%80%93%20Curious%20.htaccess%20Conditional%20Redirect%20Case%20Blogpost&utm_medium=social&utm_source=googleplus

Security and Hosting Environments

http://perezbox.com/2015/08/security-and-hosting-environments/?utm_campaign=Tony%20Perez%20on%3A%20Security%20and%20Hosting%20Environments&utm_medium=social&utm_source=googleplus
Title: Re: Technical
Post by: Asyn on August 29, 2015, 05:06:58 PM
Certifi-gate: Hundreds of Millions of Android Devices Could Be Pwned
http://blog.checkpoint.com/2015/08/06/certifigate/
http://www.checkpoint.com/resources/certifigate
Certifi-gate Found in the Wild on Google Play
New Insights on the Extent, Exploitation, and Mitigation of This New Threat
http://blog.checkpoint.com/2015/08/25/certifigate-statistics-exploitation-mitigation/
Title: Re: Technical
Post by: Para-Noid on September 01, 2015, 04:11:43 PM
From an avast news release

https://press.avast.com/avast-builds-threat-detection-based-on-machine-learning-to-protect-users-from-zero-day-attacks-malware-and-privacy-threats
Title: Re: Technical
Post by: bob3160 on September 01, 2015, 05:43:52 PM
From an avast news release

https://press.avast.com/avast-builds-threat-detection-based-on-machine-learning-to-protect-users-from-zero-day-attacks-malware-and-privacy-threats (https://press.avast.com/avast-builds-threat-detection-based-on-machine-learning-to-protect-users-from-zero-day-attacks-malware-and-privacy-threats)
Interesting. Wonder if Intel and AMD are next on the list.
Title: Re: Technical
Post by: Secondmineboy on September 01, 2015, 05:53:19 PM
@bob3160: That would be amazing to see. Also automatically generated Dyna-Gen sigs would be great to see.

They said they are working on it a long time ago, i dont know if its still a thing tho.
Title: Re: Technical
Post by: Asyn on September 02, 2015, 09:28:39 AM
Ins0mnia: Unlimited Background Time and Covert Execution on Non-Jailbroken iOS Devices
https://www.fireeye.com/blog/threat-research/2015/08/ins0mnia_unlimited.html
Title: Re: Technical
Post by: Asyn on September 02, 2015, 09:31:22 AM
London Calling: Two-Factor Authentication Phishing From Iran
https://citizenlab.org/2015/08/iran_two_factor_phishing/
Title: Re: Technical
Post by: Para-Noid on September 02, 2015, 07:29:50 PM
Demystifying File and Folder Permissions

https://blog.sucuri.net/2015/09/demystifying-file-and-folder-permissions.html?utm_campaign=Demystifying%20Folder%20Permissions%20blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Technical
Post by: Asyn on September 03, 2015, 09:18:55 AM
OWASP Automated Threat Handbook Web Applications
https://www.owasp.org/images/3/33/Automated-threat-handbook.pdf
Title: Re: Technical
Post by: Asyn on September 04, 2015, 06:15:37 AM
Tiny Banker hidden in modified WinObj tool from Sysinternals
https://blog.avast.com/2015/09/03/tiny-banker-hidden-in-modified-winobj-tool-from-sysinternals/
Title: Re: Technical
Post by: bob3160 on September 04, 2015, 04:14:11 PM

(https://blog.malwarebytes.org/wp-content/uploads/2015/08/header.png)
Shopperz - be ware.
https://blog.malwarebytes.org/intelligence/2015/09/shopperz-alters-dnsapi-dll/ (https://blog.malwarebytes.org/intelligence/2015/09/shopperz-alters-dnsapi-dll/)
(Shopperz alters dnsapi.dll)
Title: Re: Technical
Post by: Para-Noid on September 04, 2015, 08:55:10 PM
Analyzing Popular Layer 7 Application DDoS Attacks  (I was thinking of polonus while reading this.)

https://blog.sucuri.net/2015/09/analyzing-popular-layer-7-application-ddos-attacks.html?utm_campaign=Analyzing%20Popular%20Layer%207%20Application%20DDoS%20Attacks%20Blogpost&utm_medium=social&utm_source=googleplus
Title: Re: Technical
Post by: Asyn on September 21, 2015, 08:13:04 AM
The Dukes: 7 Years Of Russian Cyber-Espionage
https://labsblog.f-secure.com/2015/09/17/the-dukes-7-years-of-russian-cyber-espionage/
https://www.f-secure.com/documents/996508/1030745/dukes_whitepaper.pdf
Title: Re: Technical
Post by: Asyn on September 22, 2015, 09:30:15 AM
Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store
http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/
http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/
http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html
Title: Re: Technical
Post by: Secondmineboy on September 22, 2015, 04:58:02 PM
Avasts technology

https://www.avast.com/technology
Title: Re: Technical
Post by: Asyn on September 23, 2015, 09:18:16 AM
BrainTest – A New Level of Sophistication in Mobile Malware
http://blog.checkpoint.com/2015/09/21/braintest-a-new-level-of-sophistication-in-mobile-malware/
Title: Re: Technical
Post by: Asyn on September 23, 2015, 09:29:05 AM
Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store
http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/
http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/
http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html
More Details on the XcodeGhost Malware and Affected iOS Apps
http://researchcenter.paloaltonetworks.com/2015/09/more-details-on-the-xcodeghost-malware-and-affected-ios-apps/
Title: Re: Technical
Post by: Asyn on September 24, 2015, 08:02:20 AM
Kaspersky: Mo Unpackers, Mo Problems
http://googleprojectzero.blogspot.com/2015/09/kaspersky-mo-unpackers-mo-problems.html
Title: Re: Technical
Post by: Asyn on September 25, 2015, 12:32:08 PM
The Deep Sweep (2015) - High-altitude Signal Research
https://criticalengineering.org/projects/deep-sweep/
Title: Re: Technical
Post by: Asyn on September 26, 2015, 08:55:40 AM
Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store
http://researchcenter.paloaltonetworks.com/2015/09/novel-malware-xcodeghost-modifies-xcode-infects-apple-ios-apps-and-hits-app-store/
http://researchcenter.paloaltonetworks.com/2015/09/malware-xcodeghost-infects-39-ios-apps-including-wechat-affecting-hundreds-of-millions-of-users/
http://researchcenter.paloaltonetworks.com/2015/09/update-xcodeghost-attacker-can-phish-passwords-and-open-urls-though-infected-apps/
http://www.nytimes.com/2015/09/21/business/apple-confirms-discovery-of-malicious-code-in-some-app-store-products.html
More Details on the XcodeGhost Malware and Affected iOS Apps
http://researchcenter.paloaltonetworks.com/2015/09/more-details-on-the-xcodeghost-malware-and-affected-ios-apps/
XcodeGhost Q&A
https://www.apple.com/cn/xcodeghost/#english
Title: Re: Technical
Post by: Asyn on September 27, 2015, 09:53:37 AM
Bidding for Breaches, Redefining Targeted Attacks
http://krebsonsecurity.com/2015/09/bidding-for-breaches-redefining-targeted-attacks/
Title: Re: Technical
Post by: Asyn on September 30, 2015, 09:38:46 AM
iOS Security Guide
http://images.apple.com/privacy/docs/iOS_Security_Guide.pdf
Title: Re: Technical
Post by: Asyn on October 02, 2015, 10:18:03 AM
Drop-dead simple exploit completely bypasses Mac’s malware Gatekeeper
http://arstechnica.com/security/2015/09/drop-dead-simple-exploit-completely-bypasses-macs-malware-gatekeeper/
Title: Re: Technical
Post by: Asyn on October 03, 2015, 04:51:12 PM
FourQ: four-dimensional decompositions on a Q-curve over the Mersenne prime
http://eprint.iacr.org/2015/565.pdf
http://research.microsoft.com/en-us/downloads/95a0a698-a4a7-4346-a0eb-d4bd3e7241ce/default.aspx
Title: Re: Technical
Post by: Asyn on October 05, 2015, 12:51:03 PM
Threat Advisory: XOR DDoS
https://www.stateoftheinternet.com/downloads/pdfs/2015-threat-advisory-xor-ddos-attacks-linux-botnet-malware-removal-ddos-mitigation-yara-snort.pdf
Title: Re: Technical
Post by: Asyn on October 06, 2015, 12:04:07 PM
YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs
http://researchcenter.paloaltonetworks.com/2015/10/yispecter-first-ios-malware-attacks-non-jailbroken-ios-devices-by-abusing-private-apis/
Title: Re: Technical
Post by: Asyn on October 07, 2015, 05:15:12 PM
Threat Spotlight: Cisco Talos Thwarts Access to Massive International Exploit Kit Generating $60M Annually From Ransomware Alone
http://talosintel.com/angler-exposed/
Title: Re: Technical
Post by: Asyn on October 08, 2015, 10:12:59 AM
[Cryptography] OpenPGP SEIP downgrade attack
http://www.metzdowd.com/pipermail/cryptography/2015-October/026685.html
Title: Re: Technical
Post by: Asyn on October 10, 2015, 06:24:22 PM
Virtual Private Keylogging: Cisco Web VPNs Leveraged for Access and Persistence
http://www.volexity.com/blog/?p=179
Title: Re: Technical
Post by: Asyn on October 11, 2015, 11:06:28 AM
Webmail Server APT: A New Persistent Attack Methodology Targeting Microsoft Outlook Web Application (OWA)
http://go.cybereason.com/rs/996-YZT-709/images/Cybereason-Labs-Analysis-Webmail-Sever-APT.pdf
Title: Re: Technical
Post by: Asyn on October 12, 2015, 02:48:24 PM
Authentication Bypass in Netgear WNR1000v4 Router
http://blog.csnc.ch/2015/10/authentication-bypass-in-netgear-wnr1000v4-router/
http://blog.csnc.ch/2015/10/aftermath-of-the-netgear-advisory-disclosure/
http://www.shellshocklabs.com/2015/09/part-1en-hacking-netgear-jwnr2010v5.html
http://www.shellshocklabs.com/2015/09/part-2en-hacking-netgear-jwnr2010v5.html
Title: Re: Technical
Post by: Asyn on October 15, 2015, 10:28:28 AM
87% of Android devices insecure
http://androidvulnerabilities.org/press/2015-10-08
https://www.cl.cam.ac.uk/~drt24/papers/spsm-scoring.pdf
Title: Re: Technical
Post by: Asyn on October 16, 2015, 12:12:57 PM
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
Title: Re: Technical
Post by: DavidR on October 16, 2015, 04:03:12 PM
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html

This has been going on for absolutely years - I can remember one AV supplier (who will remain nameless) who also is a SSL Certificate Authorisation body.
Title: Re: Technical
Post by: Asyn on October 17, 2015, 08:47:39 AM
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html
This has been going on for absolutely years - I can remember one AV supplier (who will remain nameless) who also is a SSL Certificate Authorisation body.
No need to name them Dave, the pie chart says it all... ;)
Title: Re: Technical
Post by: bob3160 on October 17, 2015, 02:11:16 PM
Certificate authorities issue SSL certificates to fraudsters
http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html (http://news.netcraft.com/archives/2015/10/12/certificate-authorities-issue-hundreds-of-deceptive-ssl-certificates-to-fraudsters.html)
This has been going on for absolutely years - I can remember one AV supplier (who will remain nameless) who also is a SSL Certificate Authorisation body.
No need to name them Dave, the pie chart says it all... ;)
None other than our fire  breathing friend, the Comodo Dragon:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1445083825853-88026.png)

Title: Re: Technical
Post by: DavidR on October 17, 2015, 03:40:00 PM
<snip quotes>
None other than our fire  breathing friend, the Comodo Dragon:
(http://www.screencast-o-matic.com/screenshots/u/Lh/1445083825853-88026.png)


Wow (total 76%) I wasn't aware CloudFlare was also the same company, no wonder we are seeing so many CloudFlare invalid or bad SSL certificate or malware alert in the viruses and worms forum.
Title: Re: Technical
Post by: Asyn on October 17, 2015, 07:01:24 PM
The Hidden Data Economy - The Marketplace for Stolen Digital Information
http://www.mcafee.com/us/resources/reports/rp-hidden-data-economy.pdf
Title: Re: Technical
Post by: Asyn on October 18, 2015, 09:47:14 AM
The SHAppening: freestart collisions for SHA-1
https://sites.google.com/site/itstheshappening/
https://eprint.iacr.org/2015/967.pdf
Title: Re: Technical
Post by: Asyn on October 20, 2015, 10:13:55 AM
Massive Magento Guruincsite Infection
https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html
https://blog.malwarebytes.org/exploits-2/2015/10/new-neutrino-ek-campaign-drops-andromeda/
Title: Re: Technical
Post by: Pondus on October 20, 2015, 06:39:13 PM
Turning a crappy old Windows PC into a full-fledged Chromebook with CloudReady
www.arstechnica.com/gadgets/2015/10/turning-a-crappy-old-windows-pc-into-a-full-fledged-chromebook-with-cloudready/

www.neverware.com/free/#freedetails

Title: Re: Technical
Post by: Asyn on October 21, 2015, 08:25:51 AM
Researchers find 256 iOS apps that collect users’ personal info
http://arstechnica.com/security/2015/10/researchers-find-256-ios-apps-that-collect-users-personal-info/
https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html
Title: Re: Technical
Post by: bob3160 on October 21, 2015, 01:30:02 PM
Researchers find 256 iOS apps that collect users’ personal info
http://arstechnica.com/security/2015/10/researchers-find-256-ios-apps-that-collect-users-personal-info/ (http://arstechnica.com/security/2015/10/researchers-find-256-ios-apps-that-collect-users-personal-info/)
https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html (https://sourcedna.com/blog/20151018/ios-apps-using-private-apis.html)
Why would it be any different in ios than in Chrome or Windows or Linux ??? :)
Title: Re: Technical
Post by: Asyn on October 22, 2015, 07:20:45 AM
Massive Magento Guruincsite Infection
https://blog.sucuri.net/2015/10/massive-magento-guruincsite-infection.html
https://blog.malwarebytes.org/exploits-2/2015/10/new-neutrino-ek-campaign-drops-andromeda/
-> http://magento.com/security/news/important-security-update
Title: Re: Technical
Post by: Asyn on October 22, 2015, 07:22:02 AM
New Headaches: How The Pawn Storm Zero-Day Evaded Java’s Click-to-Play Protection
http://blog.trendmicro.com/trendlabs-security-intelligence/new-headaches-how-the-pawn-storm-zero-day-evaded-javas-click-to-play-protection/
Title: Re: Technical
Post by: Asyn on October 24, 2015, 05:19:22 PM
Attacking the Network Time Protocol
http://www.cs.bu.edu/~goldbe/NTPattack.html
https://eprint.iacr.org/2015/1020.pdf
Title: Re: Technical
Post by: Asyn on October 26, 2015, 08:59:55 AM
got HW crypto? On the (in)security of a Self-Encrypting Drive series
https://eprint.iacr.org/2015/1002.pdf
Title: Re: Technical
Post by: Asyn on October 27, 2015, 09:52:59 AM
1Password Leaks Your Data
http://myers.io/2015/10/22/1password-leaks-your-data/
https://blog.agilebits.com/2015/10/19/when-a-leak-isnt-a-leak/
Title: Re: Technical
Post by: Asyn on October 28, 2015, 11:19:16 AM
FBI’s Advice on Ransomware? Just Pay The Ransom.
https://securityledger.com/2015/10/fbis-advice-on-cryptolocker-just-pay-the-ransom/
Title: Re: Technical
Post by: Lisandro on October 28, 2015, 01:07:59 PM
1Password Leaks Your Data
http://myers.io/2015/10/22/1password-leaks-your-data/
https://blog.agilebits.com/2015/10/19/when-a-leak-isnt-a-leak/
Unbelievable! When you're on security, you need to take it seriously.
Title: Re: Technical
Post by: Asyn on October 29, 2015, 08:21:03 AM
Chinese Taomike Monetization Library Steals SMS Messages
http://researchcenter.paloaltonetworks.com/2015/10/chinese-taomike-monetization-library-steals-sms-messages/
Title: Re: Technical
Post by: Asyn on October 30, 2015, 09:45:01 AM
Sustaining Digital Certificate Security
https://googleonlinesecurity.blogspot.com/2015/10/sustaining-digital-certificate-security.html
Title: Re: Technical
Post by: Asyn on October 31, 2015, 04:56:07 PM
Breaches, traders, plain text passwords, ethical disclosure and 000webhost
http://www.troyhunt.com/2015/10/breaches-traders-plain-text-passwords.html
Title: Re: Technical
Post by: Asyn on November 01, 2015, 08:25:15 AM
Tor Messenger Beta: Chat over Tor, Easily
https://blog.torproject.org/blog/tor-messenger-beta-chat-over-tor-easily
Title: Re: Technical
Post by: Asyn on November 02, 2015, 10:50:58 AM
When Organized Crime Applies Academic Results
A Forensic Analysis of an In-Card Listening Device
http://eprint.iacr.org/2015/963.pdf
Title: Re: Technical
Post by: Asyn on November 03, 2015, 09:32:27 AM
Ransomware Decryptor
October 28 update: ALL Coinvault and Bitcryptor keys (14k+) added to the database
https://noransom.kaspersky.com/
https://noransom.kaspersky.com/static/CoinVaultDecryptor.zip
https://noransom.kaspersky.com/static/CoinVault-decrypt-howto.pdf
Title: Re: Technical
Post by: Asyn on November 03, 2015, 03:42:46 PM
Setting the Record Straight on Moplus SDK and the Wormhole Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/setting-the-record-straight-on-moplus-sdk-and-the-wormhole-vulnerability/
Title: Re: Technical
Post by: Asyn on November 04, 2015, 10:56:13 AM
Cryptographic Libraries
The same libraries that secure iOS and OS X are available to third‑party developers to help them build advanced security features.
https://developer.apple.com/cryptography/
Title: Re: Technical
Post by: Asyn on November 05, 2015, 11:12:25 AM
Hack The Galaxy: Hunting Bugs in the Samsung Galaxy S6 Edge
http://googleprojectzero.blogspot.com/2015/11/hack-galaxy-hunting-bugs-in-samsung.html
Title: Re: Technical
Post by: Asyn on November 06, 2015, 07:13:52 AM
DroidJack isn’t the only spying software out there: Avast discovers that OmniRat is currently being used and spread by criminals to gain full remote control of devices.
https://blog.avast.com/2015/11/05/droidjack-isnt-the-only-spying-software-out-there-avast-discovers-that-omnirat-is-currently-being-used-and-spread-by-criminals-to-gain-full-remote-control-of-devices/
Title: Re: Technical
Post by: Asyn on November 07, 2015, 12:14:11 PM
Lookout discovers new trojanized adware; 20K popular apps caught in the crossfire
https://blog.lookout.com/blog/2015/11/04/trojanized-adware/
Title: Re: Technical
Post by: Asyn on November 09, 2015, 01:48:40 PM
PuTTY vulnerability vuln-ech-overflow
http://www.chiark.greenend.org.uk/~sgtatham/putty/wishlist/vuln-ech-overflow.html
http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html
http://www.chiark.greenend.org.uk/~sgtatham/putty/changes.html
Title: Re: Technical
Post by: Asyn on November 10, 2015, 10:09:10 AM
Shoddy Programming causes new Ransomware to destroy your Data
http://www.bleepingcomputer.com/news/security/shoddy-programming-causes-new-ransomware-to-destroy-your-data/
Title: Re: Technical
Post by: Asyn on November 11, 2015, 02:57:31 PM
What Do WebLogic, WebSphere, JBoss, Jenkins, OpenNMS, and Your Application Have in Common? This Vulnerability.
http://foxglovesecurity.com/2015/11/06/what-do-weblogic-websphere-jboss-jenkins-opennms-and-your-application-have-in-common-this-vulnerability/
Title: Re: Technical
Post by: Asyn on November 12, 2015, 07:06:02 AM
The Anatomy of an IoT Hack
https://blog.avast.com/2015/11/11/the-anatomy-of-an-iot-hack/
Title: Re: Technical
Post by: Asyn on November 13, 2015, 12:56:36 PM
Samsung S6 calls open to man-in-the-middle base station snooping
http://www.theregister.co.uk/2015/11/12/mobile_pwn2own1
Title: Re: Technical
Post by: Asyn on November 14, 2015, 10:20:45 AM
An End-to-End Measurement of Certificate Revocation in the Web’s PKI
https://www.stanford.edu/~aschulm/docs/imc15-revocation.pdf
Title: Re: Technical
Post by: Asyn on November 15, 2015, 02:56:04 PM
The BLAKE2 Cryptographic Hash and Message Authentication Code (MAC)
https://tools.ietf.org/html/rfc7693
https://blake2.net/
https://github.com/BLAKE2/
Title: Re: Technical
Post by: Asyn on November 17, 2015, 10:45:14 AM
Let’s Encrypt - Public Beta: December 3, 2015
https://letsencrypt.org/2015/11/12/public-beta-timing.html
Title: Re: Technical
Post by: Asyn on November 19, 2015, 08:07:14 AM
Did the FBI Pay a University to Attack Tor Users?
https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/
Title: Re: Technical
Post by: Asyn on November 20, 2015, 09:57:56 AM
Hiding in Plain Sight - Advances in Malware Covert Communication Channels
https://www.blackhat.com/eu-15/briefings.html#hiding-in-plain-sight-advances-in-malware-covert-communication-channels
https://www.blackhat.com/docs/eu-15/materials/eu-15-Bureau-Hiding-In-Plain-Sight-Advances-In-Malware-Covert-Communication-Channels-wp.pdf
Title: Re: Technical
Post by: Asyn on November 21, 2015, 05:05:32 PM
Did the FBI Pay a University to Attack Tor Users?
https://blog.torproject.org/blog/did-fbi-pay-university-attack-tor-users
https://freedom-to-tinker.com/blog/felten/why-were-cert-researchers-attacking-tor/
Did Carnegie Mellon Attack Tor for the FBI?
https://www.schneier.com/blog/archives/2015/11/did_carnegie-me.html
Title: Re: Technical
Post by: Asyn on November 22, 2015, 10:36:03 AM
VirusTotal += Mac OS X execution
http://blog.virustotal.com/2015/11/virustotal-mac-os-x-execution.html
https://www.virustotal.com/de/documentation/desktop-applications/mac-osx-uploader
Title: Re: Technical
Post by: Asyn on November 24, 2015, 10:19:18 AM
Nmap 7 Released
https://nmap.org/7/
Title: Re: Technical
Post by: Asyn on November 25, 2015, 10:27:57 AM
ZIGBEE EXPLOITED - The good, the bad and the ugly
http://cognosec.com/zigbee_exploited_8F_Ca9.pdf
Title: Re: Technical
Post by: Asyn on November 25, 2015, 12:06:30 PM
Tor 0.2.7.5 is released and stable
https://blog.torproject.org/blog/tor-0275-released-and-stable
Title: Re: Technical
Post by: Asyn on November 28, 2015, 10:34:53 AM
House of Keys: Industry-Wide HTTPS Certificate and SSH Key Reuse Endangers Millions of Devices Worldwide
http://blog.sec-consult.com/2015/11/house-of-keys-industry-wide-https.html
https://www.kb.cert.org/vuls/id/566724
Title: Re: Technical
Post by: Asyn on November 29, 2015, 10:22:22 AM
Damballa discovers new toolset linked to Destover - Attacker’s arsenal helps them to broaden attack surface
https://www.damballa.com/damballa-discovers-new-toolset-linked-to-destover-attackers-arsenal-helps-them-to-broaden-attack-surface/
Title: Re: Technical
Post by: Pondus on November 29, 2015, 03:45:33 PM
Need more RAM     ;D

This Is Samsung's Crazy New 128GB RAM     http://gizmodo.com/this-is-samsungs-crazy-new-128gb-ddr4-ram-chip-1744776220



Title: Re: Technical
Post by: Asyn on November 30, 2015, 12:24:41 PM
ARRIS Cable Modem has a Backdoor in the Backdoor
http://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html
Title: Re: Technical
Post by: Asyn on December 01, 2015, 08:07:04 AM
Trend Micro, NCA Partnership Leads to Arrests and Shutdown of Refud.me and Cryptex Reborn
http://blog.trendmicro.com/trendlabs-security-intelligence/trend-micro-nca-partnership-lead-to-arrests-and-shutdown-of-refud-me-and-cryptex-reborn/
Title: Re: Technical
Post by: Asyn on December 02, 2015, 09:01:56 AM
Security Advisory: Dell Foundation Services Remote Information Disclosure
http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html
Title: Re: Technical
Post by: bob3160 on December 02, 2015, 01:25:38 PM
(http://www.screencast-o-matic.com/screenshots/u/Lh/1449059101859-57738.png)
Title: Re: Technical
Post by: Asyn on December 02, 2015, 01:45:27 PM
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html
Title: Re: Technical
Post by: bob3160 on December 02, 2015, 01:50:59 PM
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Title: Re: Technical
Post by: Asyn on December 02, 2015, 01:51:50 PM
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.
Title: Re: Technical
Post by: bob3160 on December 02, 2015, 01:57:06 PM
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.
Only way is through "send a comment" which I've done.
Since I've already read enough on this topic, I'll simply not visit the site for now. :)
Title: Re: Technical
Post by: DavidR on December 02, 2015, 03:09:41 PM
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.

If you look at the original link in Reply #1257, the page (for those that can access it) you will find a chunk of php code. It isn't in a code tag so it can't run, nor it is displayed as an image example of the code.

So it may be this chunk of code that is triggering it, though no problem with firefox and avast for me.

EDIT: added image of page php script.
Title: Re: Technical
Post by: bob3160 on December 02, 2015, 03:17:25 PM
Hi Bob, not sure what triggered it for you, the site should be clean.
-> https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (https://sitecheck.sucuri.net/results/lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Bit Defender's Traffic Light
Report is as FP to them.

If you look at the original link in Reply #1257, the page (for those that can access it) you will find a chunk of php code. It isn't in a code tag so it can't run, nor it is displayed as an image example of the code.

So it may be this chunk of code that is triggering it, though no problem with firefox and avast for me.
My very simple rule for staying safe or, being cautious:
When visiting any website, if any of the scanners I run send up a flair, don't visit the site.
Exception to this rule:
The website to be visited contains extremely important information that needs to be looked at:
Open a virtual machine and visit the site.  (Not on my working computer.)
Title: Re: Technical
Post by: DavidR on December 02, 2015, 03:23:17 PM
You know us, fools rush in where angels fear to tread ;D

And we do take extra precautions.
Title: Re: Technical
Post by: bob3160 on December 02, 2015, 03:25:46 PM
You know us, fools rush in where angels fear to tread ;D

And we do take extra precautions.
I'm just a foolish old Angel. :) (If you don't believe me, just ask Alice.)
Title: Re: Technical
Post by: Pondus on December 02, 2015, 06:58:17 PM
Reasons why your home Wi-Fi signal is slow and how to improve it
http://www.pandasecurity.com/mediacenter/tips/slow-down-wifi/

Title: Re: Technical
Post by: Asyn on December 03, 2015, 07:31:21 AM
Stalking anyone on Telegram
https://oflisback.github.io/telegram-stalking/
Title: Re: Technical
Post by: Asyn on December 04, 2015, 10:20:05 AM
Security Advisory: Dell Foundation Services Remote Information Disclosure
http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html
Security Advisory: Dell Foundation Services Remote Information Disclosure (II)
http://lizardhq.rum.supply/2015/12/01/dell-foundation-services.2.html
Title: Re: Technical
Post by: bob3160 on December 04, 2015, 01:23:10 PM
Security Advisory: Dell Foundation Services Remote Information Disclosure
http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html (http://lizardhq.rum.supply/2015/11/25/dell-foundation-services.html)
Security Advisory: Dell Foundation Services Remote Information Disclosure (II)
http://lizardhq.rum.supply/2015/12/01/dell-foundation-services.2.html (http://lizardhq.rum.supply/2015/12/01/dell-foundation-services.2.html)
Same warning on this link as in your last post on this topic. :)
Title: Re: Technical
Post by: Asyn on December 05, 2015, 07:16:42 AM
Same warning on this link as in your last post on this topic. :)
As said, the site is clean. Everything else, you've to discuss with Bitdefender. ;)
Title: Re: Technical
Post by: bob3160 on December 05, 2015, 02:14:11 PM
Same warning on this link as in your last post on this topic. :)
As said, the site is clean. Everything else, you've to discuss with Bitdefender. ;)
You'll notice there also hasn't been any action by them to make any changes.
Title: Re: Technical
Post by: Asyn on December 05, 2015, 06:20:49 PM
Same warning on this link as in your last post on this topic. :)
As said, the site is clean. Everything else, you've to discuss with Bitdefender. ;)
You'll notice there also hasn't been any action by them to make any changes.
I can't help you with Bitdefender. I suggest to post/ask at their forum.
-> https://www.virustotal.com/de/url/8c76b84e76b48bd3529dd1279de0520dd4959a343d201b536d8c4ab87d383919/analysis/1449335753/
Title: Re: Technical
Post by: Asyn on December 06, 2015, 08:28:31 AM
China-based Cyber Threat Group Uses Dropbox for Malware Communications and Targets Hong Kong Media Outlets
https://www.fireeye.com/blog/threat-research/2015/11/china-based-threat.html
Title: Re: Technical
Post by: Asyn on December 07, 2015, 11:26:32 AM
Let’s Encrypt - Public Beta: December 3, 2015
https://letsencrypt.org/2015/11/12/public-beta-timing.html
Entering Public Beta
https://letsencrypt.org/2015/12/03/entering-public-beta.html
Title: Re: Technical
Post by: Asyn on December 08, 2015, 12:56:53 PM
High-Profile Mobile Apps At Risk Due to Three-Year-Old Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/high-profile-mobile-apps-at-risk-due-to-three-year-old-vulnerability/
Title: Re: Technical
Post by: polonus on December 08, 2015, 04:34:26 PM
A good new initiative from Mozilla's: https://blog.mozilla.org/futurereleases/2015/12/08/announcing-focus-by-firefox-a-content-blocker-for-ios/

polonus
Title: Re: Technical
Post by: Asyn on December 09, 2015, 09:10:57 AM
Security Alert: Angler Exploit Kit Spreads CryptoWall 4.0 via New Drive-By Campaign
https://heimdalsecurity.com/blog/security-alert-angler-exploit-kit-spreads-cryptowall-4-0-via-new-drive-campaign/
Title: Re: Technical
Post by: Asyn on December 10, 2015, 07:41:20 AM
ZeroDB, an end-to-end encrypted database, is open source!
http://blog.zerodb.io/zerodb-open-source-announcement/
Title: Re: Technical
Post by: Asyn on December 12, 2015, 10:21:29 AM
Meet the woman in charge of the FBI’s most controversial high-tech tools
https://www.washingtonpost.com/world/national-security/meet-the-woman-in-charge-of-the-fbis-most-contentious-high-tech-tools/2015/12/08/15adb35e-9860-11e5-8917-653b65c809eb_story.html
Title: Re: Technical
Post by: Asyn on December 13, 2015, 08:45:02 AM
SHA-1 Deprecation: No Browser Left Behind
https://blog.cloudflare.com/sha-1-deprecation-no-browser-left-behind/
Title: Re: Technical
Post by: Asyn on December 15, 2015, 08:21:43 AM
WTF-PAD: Toward an Efficient Website Fingerprinting Defense for Tor
http://arxiv.org/abs/1512.00524
http://arxiv.org/pdf/1512.00524v1 (PDF)
Title: Re: Technical
Post by: Asyn on December 16, 2015, 06:05:17 AM
Retailer’s apps reveal your Christmas list to the public
https://blog.avast.com/2015/12/15/retailers-apps-reveal-my-christmas-list-to-the-public/
Title: Re: Technical
Post by: Asyn on December 17, 2015, 09:40:21 AM
FireEye Exploitation: Project Zero’s Vulnerability of the Beast
http://googleprojectzero.blogspot.com/2015/12/fireeye-exploitation-project-zeros.html
Title: Re: Technical
Post by: Asyn on December 18, 2015, 05:06:20 PM
Back to 28: Grub2 Authentication 0-Day
http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html
Title: Re: Technical
Post by: Asyn on December 19, 2015, 09:27:07 AM
Exploit upgrade for Microsoft Word Intruder crimeware kit
https://nakedsecurity.sophos.com/2015/12/14/exploit-upgrade-for-microsoft-word-intruder-crimeware-kit/
https://www.sophos.com/en-us/medialibrary/PDFs/technical%20papers/sophos-microsoft-word-intruder-revealed.pdf
Title: Re: Technical
Post by: Asyn on December 20, 2015, 11:42:47 AM
It's Still the Data, Stupid!
https://blog.shodan.io/its-still-the-data-stupid/
Title: Re: Technical
Post by: Asyn on December 21, 2015, 07:02:16 AM
Stingrays- A Secret Catalogue of Government Gear for Spying on Your Cellphone
https://theintercept.com/2015/12/17/a-secret-catalogue-of-government-gear-for-spying-on-your-cellphone/
Title: Re: Technical
Post by: Asyn on December 22, 2015, 08:17:57 AM
Instagram's Million Dollar Bug
http://www.exfiltrated.com/research-Instagram-RCE.php
Title: Re: Technical
Post by: Asyn on December 23, 2015, 08:15:14 AM
Oracle Agrees to Settle FTC Charges It Deceived Consumers About Java Software Updates
https://www.ftc.gov/news-events/press-releases/2015/12/oracle-agrees-settle-ftc-charges-it-deceived-consumers-about-java
Title: Re: Technical
Post by: Asyn on December 24, 2015, 10:50:47 AM
AP Investigation: U.S. power grid vulnerable to foreign hacks
http://lasvegassun.com/news/2015/dec/21/ap-investigation-us-power-grid-vulnerable-to-forei/
Title: Re: Technical
Post by: Asyn on December 26, 2015, 09:11:02 AM
Cock.li e-mail server seized by German authorities, admin announces
http://arstechnica.com/tech-policy/2015/12/cock-li-e-mail-server-seized-by-german-authorities-admin-announces/
Title: Re: Technical
Post by: Asyn on January 04, 2016, 12:07:02 AM
The DNSSEC Root Signing Ceremony
https://www.cloudflare.com/dnssec/root-signing-ceremony/
Title: Re: Technical
Post by: Asyn on January 04, 2016, 09:51:30 AM
Top 50 Products By Total Number Of "Distinct" Vulnerabilities in 2015
http://www.cvedetails.com/top-50-products.php?year=2015
Title: Re: Technical
Post by: Lisandro on January 04, 2016, 11:33:34 AM
Top 50 Products By Total Number Of "Distinct" Vulnerabilities in 2015
http://www.cvedetails.com/top-50-products.php?year=2015
And look who is in the top? Surprise? Apple... And in the second place? Surprise? Apple...
Title: Re: Technical
Post by: Asyn on January 05, 2016, 10:20:22 AM
Meet Ransom32: The first JavaScript ransomware
http://blog.emsisoft.com/2016/01/01/meet-ransom32-the-first-javascript-ransomware/
Title: Re: Technical
Post by: Asyn on January 06, 2016, 08:15:16 AM
Recently Bought a Windows Computer? Microsoft Probably Has Your Encryption Key
https://theintercept.com/2015/12/28/recently-bought-a-windows-computer-microsoft-probably-has-your-encryption-key/
http://arstechnica.com/information-technology/2015/12/microsoft-may-have-your-encryption-key-heres-how-to-take-it-back/
Title: Re: Technical
Post by: Asyn on January 07, 2016, 08:20:25 AM
BlackEnergy trojan strikes again: Attacks Ukrainian electric power industry
http://www.welivesecurity.com/2016/01/04/blackenergy-trojan-strikes-again-attacks-ukrainian-electric-power-industry/
Title: Re: Technical
Post by: Asyn on January 08, 2016, 11:31:42 AM
The Tor Project Is Starting a Bug Bounty Program
http://motherboard.vice.com/read/the-tor-project-is-starting-a-bug-bounty-program
Title: Re: Technical
Post by: polonus on January 08, 2016, 11:40:15 AM
New privacy friendly searchengine: https://oscobo.co.uk/
Oscoba shows some ads, but not user profile related.

polonus
Title: Re: Technical
Post by: Asyn on January 09, 2016, 09:35:32 AM
You’re watching TV – Is it also watching you?
http://blog.checkpoint.com/2016/01/07/youre-watching-tv-is-it-also-watching-you/
http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf
Title: Re: Technical
Post by: DavidR on January 09, 2016, 02:51:45 PM
You’re watching TV – Is it also watching you?
http://blog.checkpoint.com/2016/01/07/youre-watching-tv-is-it-also-watching-you/
http://blog.checkpoint.com/wp-content/uploads/2015/12/EZCast_Report_Check_Point.pdf

This is something that has concerned me from the first day of so called Smart TVs - without protection there is no way I would connect my TV to the internet.
Title: Re: Technical
Post by: polonus on January 09, 2016, 04:40:50 PM
Dear DavidR,

Surveillance has become the business model everywhere, whether we like it or not. Seems the sheeple is being herded that way.
That is the world we came to live in. And there is no one that checks the designers of this world.
There is a lot in the Internet of Things that came to spy on the owners - thermostats, household gadgets, and they talk about you behind your back.
Read how cleverly they do it. But what do you expect as they can read your lips from the vibration of your window pane.
Good we aren't always aware this is going on everywhere all of the time. Read: http://motherboard.vice.com/en_ca/read/the-internet-of-things-that-talk-about-you-behind-your-back
Oh and they know where you are now: http://freemeteo.nl/weer/?language=dutch&country=netherlands

Damian
Title: Re: Technical
Post by: DavidR on January 09, 2016, 05:15:53 PM
Yes I don't want my fridge connected to the internet either, if I ever get a smart fridge that is ;D
Title: Re: Technical
Post by: Asyn on January 10, 2016, 08:35:54 AM
Understanding risks and avoiding FUD
https://unmitigatedrisk.com/?p=552
Title: Re: Technical
Post by: polonus on January 10, 2016, 05:17:48 PM
Hi DavidR,

Probably you haven't already installed some of the smart apps? For every modern fridge there is one to warn when you have run out of strawberries or whipped cream! Re: https://play.google.com/store/apps/details?id=\
What is the E-Smart Refrigerator App?
- The E-Smart Refrigerator App allows you to control your XXXXX Refrigerator remotely from your smart phone at home.
- The E-Smart Refrigerator App allows you to check your refrigerator power consumption (in this month and last month 삭제) from your smart phone at home.
- In order to run Smart Grid (Demand Response) function, you need to register the service with your electricity provider company that has EMS(Energy Management System) supporting the SEP(Smart Energy profile).
■ Supported Smart Phone Models:
- Galaxy S4, Galaxy Note 3
(Other models are not guaranteed that they will operate normally.)
- Supported OS : Android 4.0 ~ Android 4.3
Very likely bob3160 has it long time installed  ;D

Damian
Title: Re: Technical
Post by: DavidR on January 10, 2016, 05:31:42 PM
Hi DavidR,

Probably you haven't already installed some of the smart apps? For every modern fridge there is one to warn when you have run out of strawberries or whipped cream! Re: https://play.google.com/store/apps/details?id=\
What is the E-Smart Refrigerator App?
- The E-Smart Refrigerator App allows you to control your XXXXX Refrigerator remotely from your smart phone at home.
- The E-Smart Refrigerator App allows you to check your refrigerator power consumption (in this month and last month 삭제) from your smart phone at home.
- In order to run Smart Grid (Demand Response) function, you need to register the service with your electricity provider company that has EMS(Energy Management System) supporting the SEP(Smart Energy profile).
■ Supported Smart Phone Models:
- Galaxy S4, Galaxy Note 3
(Other models are not guaranteed that they will operate normally.)
- Supported OS : Android 4.0 ~ Android 4.3
Very likely bob3160 has it long time installed  ;D

Damian


It's when your fridge starts to send you texts/email to get some milk, etc. whilst you are out. Hell if your are using your mobile phones speech tool, Siri, Cortana or Google's voice option, who knows when it detects you are in a supermarket and it blurts out "don't forget the eggs, etc. etc. your name".

I'm in no rush to get a fridge that's smarter than its user ;D
Title: Re: Technical
Post by: Asyn on January 11, 2016, 09:49:10 AM
[Mozilla Firefox] Man-in-the-Middle Interfering with Increased Security
https://blog.mozilla.org/security/2016/01/06/man-in-the-middle-interfering-with-increased-security/
Title: Re: Technical
Post by: Pondus on January 11, 2016, 09:28:04 PM
Bug Affecting Intel Skylake Processors Can Freeze Computers Running Complex Workloads
http://www.lifehacker.com.au/2016/01/bug-affecting-intel-skylake-processors-can-freeze-computers-running-complex-workloads/


Title: Re: Technical
Post by: Asyn on January 12, 2016, 09:59:52 AM
Drupal - Insecure Update Process
http://blog.ioactive.com/2016/01/drupal-insecure-update-process.html
Title: Re: Technical
Post by: Asyn on January 13, 2016, 10:32:34 AM
International action against DD4BC cybercriminal group
https://www.europol.europa.eu/content/international-action-against-dd4bc-cybercriminal-group
Title: Re: Technical
Post by: Asyn on January 14, 2016, 07:37:44 AM
Clickjacking Campaign Plays on European Cookie Law
https://blog.malwarebytes.org/fraud-scam/2016/01/clickjacking-campaign-plays-on-european-cookie-law/
Title: Re: Technical
Post by: Asyn on January 15, 2016, 08:19:26 AM
OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778
http://undeadly.org/cgi?action=article&sid=20160114142733
https://www.qualys.com/2016/01/14/cve-2016-0777-cve-2016-0778/openssh-cve-2016-0777-cve-2016-0778.txt
Title: Re: Technical
Post by: Pondus on January 15, 2016, 05:19:57 PM
The world’s biggest SSD has arrived
http://www.extremetech.com/computing/221303-the-worlds-biggest-ssd-has-arrived-at-13tb
http://www.fixstars.com/en/ssd/features/

Title: Re: Technical
Post by: Asyn on January 18, 2016, 08:36:35 AM
Apple’s ‘Targeted’ Gatekeeper Bypass Patch Leaves OS X Users Exposed
https://threatpost.com/apples-targeted-gatekeeper-bypass-patch-leaves-os-x-users-exposed/115887/
Title: Re: Technical
Post by: Pondus on January 18, 2016, 09:50:15 PM
Windows 10 Embracing Silicon Innovation
https://blogs.windows.com/windowsexperience/2016/01/15/windows-10-embracing-silicon-innovation/

Title: Re: Technical
Post by: Asyn on January 19, 2016, 12:13:00 PM
Yahoo Mail stored XSS
https://klikki.fi/adv/yahoo.html
Title: Re: Technical
Post by: Asyn on January 20, 2016, 08:11:26 AM
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
Title: Re: Technical
Post by: Asyn on January 21, 2016, 11:22:59 AM
Chrome extension empties your Steam inventory
http://bartblaze.blogspot.hr/2016/01/chrome-extension-empties-your-steam.html
Title: Re: Technical
Post by: Pondus on January 21, 2016, 06:49:04 PM
The former CEO of Mozilla is launching a web browser that blocks all ads by default
www.businessinsider.com/former-mozilla-ceo-brendan-eich-launches-ad-blocking-web-browser-brave-2016-1?r=UK&IR=T


Title: Re: Technical
Post by: Asyn on January 22, 2016, 06:06:17 AM
The former CEO of Mozilla is launching a web browser that blocks all ads by default
www.businessinsider.com/former-mozilla-ceo-brendan-eich-launches-ad-blocking-web-browser-brave-2016-1?r=UK&IR=T

Quote
Replacing adverts — with adverts

"We need to clean the swimming pool," Brendan Eich says. "Chlorinate the pool. Only by doing that can we build a better ad model for publishers as well as users."

This is the more radical aspect of Brave — re-inserting new adverts. The browser will detect where adverts should go and fill them with new programmatic advertising. Eich says that by doing so, they can offer a better deal to publishers than currently exists by cutting out the adtech middle-men.

Publishers will get around 55% of revenues. 15% will go to Brave. 15% will go to the partner that supplies the ads. And, interestingly, 10-15% goes directly to the user.

It "won't be huge," Eich says, but this will let users automatically make micro-payments to publishers they like. Brave will then block all the adverts on the sites that they choose to pay for.

The adverts that Brave display will be based on tags generated from the user's web browsing history (although this history won't be shared with advertisers). This is, arguably, somewhat invasive — although users can customise their tags and add and remove them as they wish.
Title: Re: Technical
Post by: Asyn on January 23, 2016, 09:59:05 AM
Analysis and Exploitation of a Linux Kernel Vulnerability (CVE-2016-0728)
http://perception-point.io/2016/01/14/analysis-and-exploitation-of-a-linux-kernel-vulnerability-cve-2016-0728/
Regarding Android: https://plus.google.com/u/0/+AdrianLudwig/posts/KxHcLPgSPoY
Title: Re: Technical
Post by: polonus on January 23, 2016, 07:06:57 PM
Project to add any searchengine to your browser: http://mycroftproject.com/search-engines.html
So if you wanna have Disconnect add it this way etc. :http://mycroftproject.com/search-engines.html?name=Disconnect

polonus
Title: Re: Technical
Post by: Asyn on January 24, 2016, 08:03:57 AM
Insecure by design: protocols for encrypted phone calls
https://www.benthamsgaze.org/2016/01/19/insecure-by-design-protocols-for-encrypted-phone-calls/
Title: Re: Technical
Post by: Asyn on January 25, 2016, 01:43:15 PM
Deliberately hidden backdoor account in several AMX (HARMAN Professional) devices
http://blog.sec-consult.com/2016/01/deliberately-hidden-backdoor-account-in.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20160121-0_AMX_Deliberately_hidden_backdoor_account_v10.txt
Title: Re: Technical
Post by: Asyn on January 29, 2016, 08:04:44 AM
Putting the spotlight on firmware malware
http://blog.virustotal.com/2016/01/putting-spotlight-on-firmware-malware_27.html
Title: Re: Technical
Post by: Asyn on January 31, 2016, 01:01:33 PM
Hot or Not? The Benefits and Risks of iOS Remote Hot Patching
https://www.fireeye.com/blog/threat-research/2016/01/hot_or_not_the_bene.html
Title: Re: Technical
Post by: Asyn on February 02, 2016, 07:21:27 AM
Intel SGX Explained
http://eprint.iacr.org/2016/086
http://eprint.iacr.org/2016/086.pdf
Title: Re: Technical
Post by: Asyn on February 03, 2016, 07:54:33 AM
Tor hidden service operators: your default Apache install is probably vulnerable
https://wireflaw.net/blog/apache-hidden-service-vuln.html
Title: Re: Technical
Post by: Asyn on February 04, 2016, 01:25:02 PM
Reconciling Perspectives: New Report Reframes Encryption Debate
https://cyber.law.harvard.edu/node/99280
https://cyber.law.harvard.edu/pubrelease/dont-panic/
https://cyber.law.harvard.edu/pubrelease/dont-panic/Dont_Panic_Making_Progress_on_Going_Dark_Debate.pdf
Title: Re: Technical
Post by: Asyn on February 05, 2016, 01:46:42 PM
TeslaCrypt 3.0 Released with Modified Algorithm and .XXX, .TTT, and .MICRO File Extensions
http://www.bleepingcomputer.com/news/security/teslacrypt-3-0-released-with-new-encryption-algorithm-and-xxx-file-extensions/
Title: Re: Technical
Post by: Asyn on February 07, 2016, 12:16:19 PM
The Malware Museum
https://archive.org/details/malwaremuseum
Title: Re: Technical
Post by: Asyn on February 09, 2016, 01:39:21 PM
No More Deceptive Download Buttons
https://googleonlinesecurity.blogspot.com/2016/02/no-more-deceptive-download-buttons.html
Title: Re: Technical
Post by: Asyn on February 11, 2016, 08:20:22 AM
Your Number26 Mastercard knows what you did last summer…
https://metabubble.net/payment-cards-bank-accounts/your-number26-mastercard-knows-what-you-did-last-summer/
Title: Re: Technical
Post by: Asyn on February 12, 2016, 08:22:20 AM
T9000: Advanced Modular Backdoor Uses Complex Anti-Analysis Techniques
http://researchcenter.paloaltonetworks.com/2016/02/t9000-advanced-modular-backdoor-uses-complex-anti-analysis-techniques/
Title: Re: Technical
Post by: Asyn on February 14, 2016, 07:04:47 AM
There's a lot of vulnerable OS X applications out there
https://vulnsec.com/2016/osx-apps-vulnerabilities/
http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/
Title: Re: Technical
Post by: Asyn on February 15, 2016, 09:56:00 AM
Russian Hackers Moved Ruble Rate With Malware, Group-IB Says
http://www.bloomberg.com/news/articles/2016-02-08/russian-hackers-moved-currency-rate-with-malware-group-ib-says
http://www.group-ib.ru/brochures/Group-IB-Corkow-Report-EN.pdf
Title: Re: Technical
Post by: Asyn on February 16, 2016, 08:23:03 AM
Poseidon Group: a Targeted Attack Boutique specializing in global cyber-espionage
https://securelist.com/blog/research/73673/poseidon-group-a-targeted-attack-boutique-specializing-in-global-cyber-espionage/
Title: Re: Technical
Post by: Asyn on February 17, 2016, 08:40:58 AM
There's a lot of vulnerable OS X applications out there
https://vulnsec.com/2016/osx-apps-vulnerabilities/
http://arstechnica.com/security/2016/02/huge-number-of-mac-apps-vulnerable-to-hijacking-and-a-fix-is-elusive/
Apologies! Sky Kinda Falling + Protecting Yourself From Sparklegate
https://www.taoeffect.com/blog/2016/02/apologies-sky-kinda-falling-protecting-yourself-from-sparklegate/
Title: Re: Technical
Post by: Asyn on February 18, 2016, 08:05:39 AM
Security Alert: Mazar BOT Spotted in Active Attacks – the Android Malware That Can Erase Your Phone
https://heimdalsecurity.com/blog/security-alert-mazar-bot-active-attacks-android-malware/
Title: Re: Technical
Post by: Asyn on February 19, 2016, 09:07:59 AM
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Title: Re: Technical
Post by: Asyn on February 21, 2016, 09:10:01 AM
Fake SUPEE-5344 Patch Steals Payment Details
https://blog.sucuri.net/2016/02/fake-supee-5344-patch-steals-payment-details.html
Title: Re: Technical
Post by: Asyn on February 23, 2016, 08:29:24 AM
Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review
http://researchcenter.paloaltonetworks.com/2016/02/pirated-ios-app-stores-client-successfully-evaded-apple-ios-code-review/
Title: Re: Technical
Post by: Asyn on February 24, 2016, 08:34:20 AM
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Locky: JavaScript Deobfuscation
https://isc.sans.edu/diary/Locky/20749
Title: Re: Technical
Post by: Asyn on February 25, 2016, 10:18:23 AM
MouseJack - Injecting Keystrokes into Wireless Mice
https://www.bastille.net/technical-details
https://www.bastille.net/affected-devices
Title: Re: Technical
Post by: Asyn on February 26, 2016, 08:44:02 AM
Android Malware About to Get Worse: GM Bot Source Code Leaked
https://securityintelligence.com/android-malware-about-to-get-worse-gm-bot-source-code-leaked/
Title: Re: Technical
Post by: Asyn on February 27, 2016, 08:31:04 AM
Android trump card: Acecard
https://blog.kaspersky.com/acecard-android-trojan/11368/
Title: Re: Technical
Post by: Asyn on February 28, 2016, 11:21:01 AM
Controlling vehicle features of Nissan LEAFs across the globe via vulnerable APIs
http://www.troyhunt.com/2016/02/controlling-vehicle-features-of-nissan.html
Title: Re: Technical
Post by: Asyn on March 01, 2016, 09:23:20 AM
Porn clicker trojans at Google Play: An analysis
http://www.welivesecurity.com/2016/02/24/porn-clicker-trojans-google-play-analysis/
http://www.welivesecurity.com/2016/02/23/appendix-porn-clicker-trojans-at-google-play/
Title: Re: Technical
Post by: Asyn on March 02, 2016, 09:05:33 AM
HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer
https://objective-see.com/blog/blog_0x0D.html
Title: Re: Technical
Post by: Asyn on March 03, 2016, 11:59:34 AM
CacheBleed: A Timing Attack on OpenSSL Constant Time RSA
https://ssrg.nicta.com.au/projects/TS/cachebleed/
https://ssrg.nicta.com.au/projects/TS/cachebleed/cachebleed.pdf
Title: Re: Technical
Post by: Asyn on March 04, 2016, 09:30:25 AM
HackingTeam Reborn; A Brief Analysis of an RCS Implant Installer
https://objective-see.com/blog/blog_0x0D.html
The Italian morons are back! What are they up to this time?
https://reverse.put.as/2016/02/29/the-italian-morons-are-back-what-are-they-up-to-this-time/
Title: Re: Technical
Post by: Asyn on March 05, 2016, 08:27:46 AM
The DROWN Attack
https://drownattack.com/
https://drownattack.com/top-sites.html
https://test.drownattack.com/
https://drownattack.com/drown-attack-paper.pdf
Title: Re: Technical
Post by: Asyn on March 06, 2016, 08:26:10 AM
The Attacker's Dictionary
https://community.rapid7.com/community/infosec/blog/2016/03/01/the-attackers-dictionary
Title: Re: Technical
Post by: Asyn on March 07, 2016, 08:13:27 AM
ECDH Key-Extraction via Low-Bandwidth Electromagnetic Attacks on PCs
https://eprint.iacr.org/2016/129
https://eprint.iacr.org/2016/129.pdf
Title: Re: Technical
Post by: Asyn on March 08, 2016, 07:48:08 AM
New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/
Title: Re: Technical
Post by: Asyn on March 11, 2016, 06:49:06 AM
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Locky: JavaScript Deobfuscation
https://isc.sans.edu/diary/Locky/20749
A closer look at the Locky ransomware
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
Title: Re: Technical
Post by: Asyn on March 13, 2016, 09:55:48 AM
New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer
http://researchcenter.paloaltonetworks.com/2016/03/new-os-x-ransomware-keranger-infected-transmission-bittorrent-client-installer/
KeRanger Is Actually A Rewrite of Linux.Encoder
https://labs.bitdefender.com/2016/03/keranger-is-actually-a-rewrite-of-linux-encoder/
Title: Re: Technical
Post by: Asyn on March 14, 2016, 12:03:26 PM
[SE-2012-01] Broken security fix in Oracle Java SE 7/8/9
http://seclists.org/fulldisclosure/2016/Mar/31
http://www.security-explorations.com/materials/SE-2012-01-ORACLE-14.pdf
Title: Re: Technical
Post by: Asyn on March 15, 2016, 09:40:24 AM
Towards Automated Dynamic Analysis for Linux-based Embedded Firmware
https://github.com/firmadyne/firmadyne/blob/master/paper/paper.pdf
FIRMADYNE: https://github.com/firmadyne/firmadyne
Title: Re: Technical
Post by: Asyn on March 17, 2016, 09:22:17 AM
Angler Takes Malvertising to New Heights
https://www.trustwave.com/Resources/SpiderLabs-Blog/Angler-Takes-Malvertising-to-New-Heights/
Title: Re: Technical
Post by: Asyn on March 19, 2016, 10:58:02 AM
AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device
http://researchcenter.paloaltonetworks.com/2016/03/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device/
Title: Re: Technical
Post by: Asyn on March 20, 2016, 09:46:00 AM
The Locky Ransomware Encrypts Local Files and Unmapped Network Shares
http://www.bleepingcomputer.com/news/security/the-locky-ransomware-encrypts-local-files-and-unmapped-network-shares/
Locky: JavaScript Deobfuscation
https://isc.sans.edu/diary/Locky/20749
A closer look at the Locky ransomware
https://blog.avast.com/a-closer-look-at-the-locky-ransomware
Locky’s JavaScript downloader
https://blog.avast.com/lockys-javascript-downloader
Title: Re: Technical
Post by: Asyn on March 21, 2016, 08:17:48 AM
Metaphor - A (real) real­life Stagefright exploit
https://www.exploit-db.com/docs/39527.pdf
Title: Re: Technical
Post by: Asyn on March 22, 2016, 08:38:58 AM
TeslaCrypt 4.0 Released with Bug Fixes and Stops Adding Extensions
http://www.bleepingcomputer.com/news/security/teslacrypt-4-0-released-with-bug-fixes-and-stops-adding-extensions/
Title: Re: Technical
Post by: Asyn on March 23, 2016, 07:10:36 AM
Attack of the Week: Apple iMessage
http://blog.cryptographyengineering.com/2016/03/attack-of-week-apple-imessage.html
Title: Re: Technical
Post by: Asyn on March 24, 2016, 10:08:11 AM
Comodo Antivirus Forwards Emulated API calls to the Real API during scans
https://bugs.chromium.org/p/project-zero/issues/detail?id=769
Title: Re: Technical
Post by: Asyn on March 25, 2016, 10:38:27 AM
Certificate Transparency for Untrusted CAs
https://security.googleblog.com/2016/03/certificate-transparency-for-untrusted.html
Title: Re: Technical
Post by: Asyn on March 26, 2016, 04:47:02 PM
Infoblox DNS Threat Index Report - Q4 2015
https://www.infoblox.com/dns-threat-index
https://www.infoblox.com/sites/infobloxcom/files/resources/infoblox-white-paper-dns-threat-index-q4-2015-report.pdf
Title: Re: Technical
Post by: Asyn on March 27, 2016, 10:05:42 AM
Threat Alert: “PowerWare,” New Ransomware Written in PowerShell, Targets Organizations via Microsoft Word
https://www.carbonblack.com/2016/03/25/threat-alert-powerware-new-ransomware-written-in-powershell-targets-organizations-via-microsoft-word/
Title: Re: Technical
Post by: Asyn on March 28, 2016, 09:00:12 AM
Thank You for Hacking iPhone, Now Tell Apple How You Did It
http://www.bloomberg.com/news/articles/2016-03-23/thank-you-for-hacking-iphone-now-tell-apple-how-you-did-it
Title: Re: Technical
Post by: bob3160 on March 28, 2016, 03:14:38 PM
Thank You for Hacking iPhone, Now Tell Apple How You Did It
http://www.bloomberg.com/news/articles/2016-03-23/thank-you-for-hacking-iphone-now-tell-apple-how-you-did-it (http://www.bloomberg.com/news/articles/2016-03-23/thank-you-for-hacking-iphone-now-tell-apple-how-you-did-it)
Using virtualization to bypass something destructive has long been a proven method to use on something like this.
Why did it take so long to finally realize this and, why can't they do it themselves ??? 
Title: Re: Technical
Post by: Asyn on March 30, 2016, 08:26:17 AM
Evolution of SamSa Malware Suggests New Ransomware Tactics In Play
http://researchcenter.paloaltonetworks.com/2016/03/evolution-of-samsa-malware-suggests-new-ransomware-tactics-in-play/
https://blogs.technet.microsoft.com/mmpc/2016/03/17/no-mas-samas-whats-in-this-ransomwares-modus-operandi/
http://blog.talosintel.com/2016/03/samsam-ransomware.html
http://www.intelsecurity.com/advanced-threat-research/content/Analysis_SamSa_Ransomware.pdf
Title: Re: Technical
Post by: Asyn on March 31, 2016, 08:06:05 AM
WordPress and Joomla websites get hacked with fake jQuery
https://blog.avast.com/wordpress-and-joomla-users-get-hacked-be-aware-of-fake-jquery
Title: Re: Technical
Post by: Asyn on April 01, 2016, 09:46:01 AM
Have you disabled Flash yet?
https://business.f-secure.com/have-you-disabled-flash-yet/
Title: Re: Technical
Post by: Asyn on April 02, 2016, 09:45:58 AM
Ransomware Petya - a technical review
https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-review
Title: Re: Technical
Post by: Asyn on April 03, 2016, 09:18:55 AM
Apple's fruitless rootless security broken by code that fits in a tweet
http://www.theregister.co.uk/2016/03/30/apple_os_x_rootless/
Title: Re: Technical
Post by: Asyn on April 04, 2016, 10:34:34 AM
SideStepper: Bypassing the iOS Gatekeeper to Attack iPhone and iPad Devices
http://blog.checkpoint.com/2016/03/31/sidestepper/
Title: Re: Technical
Post by: Asyn on April 06, 2016, 07:30:40 AM
WhatsApp's Signal Protocol integration is now complete
https://whispersystems.org/blog/whatsapp-complete/
https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf
Title: Re: Technical
Post by: bob3160 on April 06, 2016, 07:21:22 PM
WhatsApp's Signal Protocol integration is now complete
https://whispersystems.org/blog/whatsapp-complete/ (https://whispersystems.org/blog/whatsapp-complete/)
https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf (https://www.whatsapp.com/security/WhatsApp-Security-Whitepaper.pdf)
https://blog.avast.com/what-whatsapps-new-end-to-end-encryption-means-for-you
Title: Re: Technical
Post by: Asyn on April 07, 2016, 07:56:29 AM
Andromeda under the microscope
https://blog.avast.com/andromeda-under-the-microscope
Title: Re: Technical
Post by: Asyn on April 08, 2016, 09:26:31 AM
CrossFire: An Analysis of Firefox Extension-Reuse Vulnerabilities
http://www.buyukkayhan.com/publications/ndss2016crossfire.pdf
Title: Re: Technical
Post by: Asyn on April 10, 2016, 10:24:58 AM
Users Really Do Plug in USB Drives They Find
https://zakird.com/papers/usb.pdf
Title: Re: Technical
Post by: bob3160 on April 10, 2016, 02:53:48 PM
Users Really Do Plug in USB Drives They Find
https://zakird.com/papers/usb.pdf (https://zakird.com/papers/usb.pdf)
(http://screencast-o-matic.com/screenshots/u/Lh/1460292881692-2072.png)
Title: Re: Technical
Post by: Asyn on April 12, 2016, 07:19:43 AM
Ransomware Petya - a technical review
https://blog.gdatasoftware.com/2016/03/28226-ransomware-petya-a-technical-review
Petya Ransomware's Encryption Defeated and Password Generator Released
http://www.bleepingcomputer.com/news/security/petya-ransomwares-encryption-defeated-and-password-generator-released/
Title: Re: Technical
Post by: Asyn on April 14, 2016, 09:43:02 AM
Jigsaw Ransomware Decrypted: Will delete your files until you pay the Ransom
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-decrypted-will-delete-your-files-until-you-pay-the-ransom/
Title: Re: Technical
Post by: Pondus on April 14, 2016, 10:00:04 PM
Mozilla explores radically different browser as Firefox leaks share
http://www.computerworld.com/article/3055945/web-browsers/mozilla-explores-radically-different-browser-as-firefox-leaks-share.html

Title: Re: Technical
Post by: Asyn on April 15, 2016, 08:26:48 AM
ID Ransomware
Upload a ransom note and/or sample encrypted file to identify the ransomware that has encrypted your data.
https://id-ransomware.malwarehunterteam.com/
Title: Re: Technical
Post by: Asyn on April 16, 2016, 08:04:54 AM
New Threat Can Auto-Brick Apple Devices
http://krebsonsecurity.com/2016/04/new-threat-can-auto-brick-apple-devices/
Title: Re: Technical
Post by: Asyn on April 17, 2016, 09:23:43 AM
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services
http://www.cs.cornell.edu/~shmat/shmat_urls.pdf
Title: Re: Technical
Post by: bob3160 on April 17, 2016, 04:16:55 PM
Gone in Six Characters: Short URLs Considered Harmful for Cloud Services
http://www.cs.cornell.edu/~shmat/shmat_urls.pdf (http://www.cs.cornell.edu/~shmat/shmat_urls.pdf)
Maybe people should learn to use Google's shortening service. They check for malicious code before shortening.
https://goo.gl/
Title: Re: Technical
Post by: Asyn on April 18, 2016, 12:06:21 PM
Internet Security Threat Report (Volume 21, April 2016)
https://www.symantec.com/content/dam/symantec/docs/reports/istr-21-2016-en.pdf
Title: Re: Technical
Post by: Pondus on April 18, 2016, 06:59:36 PM
Weekend Workshop: How to auto tweet your ISP when your Internet slows down
http://www.digitaltrends.com/cool-tech/how-to-build-broadband-speed-monitor/

http://makezine.com/projects/send-ticket-isp-when-your-internet-drops/

Title: Re: Technical
Post by: Asyn on April 19, 2016, 02:02:34 PM
Retefe is back in town
https://isc.sans.edu/diary/Retefe+is+back+in+town/20957
Title: Re: Technical
Post by: Asyn on April 23, 2016, 08:16:14 AM
Inside Nuclear’s Core: Analyzing the Nuclear Exploit Kit Infrastructure
http://blog.checkpoint.com/2016/04/20/inside-nuclears-core-analyzing-the-nuclear-exploit-kit-infrastructure/
http://blog.checkpoint.com/wp-content/uploads/2016/04/Inside-Nuclear-1-2.pdf
Title: Re: Technical
Post by: Asyn on April 24, 2016, 11:46:05 AM
How I Hacked Facebook, and Found Someone's Backdoor Script
http://devco.re/blog/2016/04/21/how-I-hacked-facebook-and-found-someones-backdoor-script-eng-ver/
Title: Re: Technical
Post by: Asyn on April 25, 2016, 08:45:21 AM
The Impact of a Ransomware Infection
https://blog.rootshell.be/2016/04/18/impact-ransomware-infection/
Title: Re: Technical
Post by: Asyn on April 26, 2016, 11:32:42 AM
Apple ImageIO Denial of Service
https://www.landaire.net/blog/apple-imageio-denial-of-service/
Title: Re: Technical
Post by: Asyn on April 27, 2016, 10:55:57 AM
Empty DDoS Threats: Meet the Armada Collective
https://blog.cloudflare.com/empty-ddos-threats-meet-the-armada-collective/
Title: Re: Technical
Post by: Asyn on April 28, 2016, 10:10:30 AM
Towelroot and Leaked Hacking Team Exploits Used to Deliver “Dogspectus” Ransomware to Android Devices
https://www.bluecoat.com/security-blog/2016-04-25/android-exploit-delivers-dogspectus-ransomware
Title: Re: Technical
Post by: Asyn on April 29, 2016, 10:38:46 AM
How to unlock a .crypt file
https://blog.kaspersky.com/cryptxxx-ransomware/11939/
Title: Re: Technical
Post by: Asyn on April 30, 2016, 04:56:12 PM
Slack bot token leakage exposing business critical information
https://labs.detectify.com/2016/04/28/slack-bot-token-leakage-exposing-business-critical-information/
Title: Re: Technical
Post by: Asyn on May 01, 2016, 09:54:56 AM
Former Tor developer created malware for the FBI to hack Tor users
http://www.dailydot.com/politics/government-contractor-tor-malware/
Title: Re: Technical
Post by: Asyn on May 02, 2016, 10:24:50 AM
Digging deep for PLATINUM
https://blogs.technet.microsoft.com/mmpc/2016/04/26/digging-deep-for-platinum/
Title: Re: Technical
Post by: Asyn on May 03, 2016, 10:10:10 AM
Australian Craig Wright claims to be Bitcoin creator
http://www.bbc.com/news/technology-36168863
http://www.economist.com/news/briefings/21698061-craig-steven-wright-claims-be-satoshi-nakamoto-bitcoin
Title: Re: Technical
Post by: Asyn on May 04, 2016, 07:01:25 AM
New fresh phishing campaign hits Facebook
https://blog.avast.com/new-fresh-phishing-campaign-hits-facebook
Title: Re: Technical
Post by: Asyn on May 05, 2016, 09:17:20 AM
Decrypted: Alpha Ransomware accepts iTunes Gift Cards as Payment
http://www.bleepingcomputer.com/news/security/decrypted-alpha-ransomware-accepts-itunes-gift-cards-as-payment/
Title: Re: Technical
Post by: Asyn on May 06, 2016, 08:03:54 AM
Android Banker Trojan preys on credit card information
https://blog.avast.com/android-banker-trojan-preys-on-credit-card-information
Title: Re: Technical
Post by: Asyn on May 06, 2016, 06:59:46 PM
Mobile Malware Competition Rises in Underground Markets
https://securityintelligence.com/mobile-malware-competition-rises-in-underground-markets/
Title: Re: Technical
Post by: Asyn on May 07, 2016, 10:08:04 AM
Malware and non-malware ways for ATM jackpotting - Extended cut
https://securelist.com/analysis/publications/74533/malware-and-non-malware-ways-for-atm-jackpotting-extended-cut/
Title: Re: Technical
Post by: Asyn on May 09, 2016, 08:53:34 AM
Hold Security Recovers 272 Million Stolen Credentials From A Collector
http://holdsecurity.com/news/the_collector_breach/
http://www.reuters.com/article/us-cyber-passwords-idUSKCN0XV1I6
Title: Re: Technical
Post by: Asyn on May 10, 2016, 10:52:36 AM
An Introduction to AlphaLocker
https://blog.cylance.com/an-introduction-to-alphalocker
Title: Re: Technical
Post by: Asyn on May 11, 2016, 07:56:20 AM
Andromeda distributors craft new strategies for attacks
https://blog.avast.com/andromeda-distributors-craft-new-strategies-for-attacks
Title: Re: Technical
Post by: Asyn on May 12, 2016, 10:59:07 AM
Hacking Wordpress via XSS (Plugin: Event-Registration)
https://www.codemetrix.net/security/2016/04/25/hacking-wordpress-via-xss-event-registration.html
http://seclists.org/bugtraq/2016/May/34
Title: Re: Technical
Post by: Asyn on May 12, 2016, 12:03:47 PM
Crooks Go Deep With ‘Deep Insert’ Skimmers
http://krebsonsecurity.com/2016/05/crooks-go-deep-with-deep-insert-skimmers/
Title: Re: Technical
Post by: Asyn on May 12, 2016, 02:24:04 PM
Multiple 7-Zip Vulnerabilities Discovered by Talos
http://blog.talosintel.com/2016/05/multiple-7-zip-vulnerabilities.html
Title: Re: Technical
Post by: Asyn on May 13, 2016, 12:39:07 PM
CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
Title: Re: Technical
Post by: Asyn on May 14, 2016, 06:12:22 PM
Software security suffers as upstarts lose access to virus data
http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4
Title: Re: Technical
Post by: Asyn on May 15, 2016, 11:01:19 AM
Mozilla - Advance Disclosure Needed to Keep Users Secure
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
Title: Re: Technical
Post by: DavidR on May 15, 2016, 04:35:11 PM
Mozilla - Advance Disclosure Needed to Keep Users Secure
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/

I wasn't sure where this was going to lead from the blog title URL.

However, I found it to be very interesting and makes you wonder why this kind of disclosure (best practice) wasn't already the norm.
Title: Re: Technical
Post by: Gopher John on May 15, 2016, 05:24:05 PM
As long as the government wants to exploit the vulnerability itself, they wouldn't want to have it fixed regardless of how many people are put at risk.
Title: Re: Technical
Post by: Asyn on May 16, 2016, 10:10:44 AM
As long as the government wants to exploit the vulnerability itself, they wouldn't want to have it fixed regardless of how many people are put at risk.
Sad but true.
Title: Re: Technical
Post by: Asyn on May 16, 2016, 11:20:27 AM
Let's Analyze: Dridex
http://www.malwaretech.com/2016/03/lets-analyze-dridex-part-1.html
http://www.malwaretech.com/2016/04/lets-analyze-dridex-part-2.html
http://www.malwaretech.com/2016/05/lets-analyze-dridex-part-3.html
Title: Re: Technical
Post by: Asyn on May 17, 2016, 11:18:32 AM
Jigsaw Ransomware becomes CryptoHitman with Porno Extension
http://www.bleepingcomputer.com/news/security/jigsaw-ransomware-becomes-cryptohitman-with-porno-extension/
Title: Re: Technical
Post by: Asyn on May 18, 2016, 09:45:16 AM
CryptXXX 2.0: Ransomware Authors Strike Back Against Free Decryption Tool
https://www.proofpoint.com/us/threat-insight/post/cryptxxx2-ransomware-authors-strike-back-against-free-decryption-tool
Update: CryptXXX solved again
https://blog.kaspersky.com/cryptxxx-decryption-20/12091/
Title: Re: Technical
Post by: Asyn on May 20, 2016, 08:39:20 AM
TeslaCrypt shuts down and Releases Master Decryption Key
http://www.bleepingcomputer.com/news/security/teslacrypt-shuts-down-and-releases-master-decryption-key/
Title: Re: Technical
Post by: Asyn on May 21, 2016, 09:06:27 AM
Mozilla - Advance Disclosure Needed to Keep Users Secure
https://blog.mozilla.org/blog/2016/05/11/advanced-disclosure-needed-to-keep-users-secure/
FBI Doesn’t Have to Give Mozilla Details on Bug It Used to Bust a Child Porn Ring
http://europe.newsweek.com/fbi-doesnt-have-give-mozilla-details-bug-it-used-bust-child-porn-ring-461325
Title: Re: Technical
Post by: Asyn on May 22, 2016, 11:58:28 AM
Lawsuit claims Facebook illegally scanned private messages
http://www.theverge.com/2016/5/19/11712804/facebook-private-message-scanning-privacy-lawsuit
Title: Re: Technical
Post by: Asyn on May 23, 2016, 12:10:57 PM
How I Could Compromise 4% (Locked) Instagram Accounts
https://www.arneswinnen.net/2016/03/how-i-could-compromise-4-locked-instagram-accounts/
Title: Re: Technical
Post by: Asyn on May 25, 2016, 08:12:02 AM
Two Attacks for The Price Of One: Weaponized Document Delivers Ransomware and Potential DDoS Attack
https://www.invincea.com/2016/05/two-attacks-for-the-price-of-one-weaponized-document-delivers-ransomware-and-potential-ddos-attack/
Title: Re: Technical
Post by: Pondus on May 25, 2016, 09:40:01 AM
Opera Software sold to Chinese Consortium    :'(
http://e24.no/boers-og-finans/opera-software/opera-bekrefter-budrykter-kineserne-fikk-over-90-prosent-aksept/23692851


Title: Re: Technical
Post by: Asyn on May 27, 2016, 08:32:30 AM
2016 Underground Hacker Marketplace Report
https://www.secureworks.com/resources/rp-2016-underground-hacker-marketplace-report
Title: Re: Technical
Post by: Asyn on May 28, 2016, 10:20:38 AM
Link (.lnk) to Ransom
https://blogs.technet.microsoft.com/mmpc/2016/05/26/link-lnk-to-ransom/
Title: Re: Technical
Post by: Asyn on May 29, 2016, 09:44:31 AM
Microsoft Password Guidance
http://research.microsoft.com/pubs/265143/Microsoft_Password_Guidance.pdf
Title: Re: Technical
Post by: Asyn on May 30, 2016, 08:03:26 AM
Phishing Activity Trends Report, 1st Quarter 2016
http://docs.apwg.org/reports/apwg_trends_report_q1_2016.pdf
Title: Re: Technical
Post by: Asyn on May 31, 2016, 07:44:03 AM
Don't panic, says Blue Coat, we're not using CA cert to snoop on you
http://www.theregister.co.uk/2016/05/27/blue_coat_ca_certs/
http://blogs.msmvps.com/alunj/2016/05/26/untrusting-the-blue-coat-intermediate-ca-from-windows/
https://blog.filippo.io/untrusting-an-intermediate-ca-on-os-x/
Title: Re: Technical
Post by: Asyn on June 01, 2016, 10:38:34 AM
Tor Browser 6.0 is released
https://blog.torproject.org/blog/tor-browser-60-released
Title: Re: Technical
Post by: Asyn on June 02, 2016, 08:57:13 AM
How LinkedIn’s password sloppiness hurts us all
http://arstechnica.com/security/2016/06/how-linkedins-password-sloppiness-hurts-us-all/
Title: Re: Technical
Post by: Asyn on June 03, 2016, 10:14:19 AM
TeamViewer - Statement on Service Outage
https://www.teamviewer.com/en/company/press/statement-on-service-outage/
Title: Re: Technical
Post by: Asyn on June 04, 2016, 05:52:48 PM
Out-of-Box Exploitation: A Security Analysis of OEM Updaters
https://duo.com/blog/out-of-box-exploitation-a-security-analysis-of-oem-updaters
https://duo.com/assets/pdf/out-of-box-exploitation_oem-updaters.pdf
Title: Re: Technical
Post by: Asyn on June 05, 2016, 09:20:27 AM
Android -- (In-) Security of Security Applications
https://www.sit.fraunhofer.de/fileadmin/dokumente/Presse/teamsik_advisories_AV.pdf
Title: Re: Technical
Post by: Asyn on June 07, 2016, 04:25:05 PM
TeamViewer - Statement on Service Outage
https://www.teamviewer.com/en/company/press/statement-on-service-outage/
TeamViewer Launches Trusted Devices and Data Integrity
http://www.teamviewer.com/en/company/press/teamviewer-launches-trusted-devices-and-data-integrity/
Title: Re: Technical
Post by: Asyn on June 11, 2016, 08:46:28 AM
One of the World's Largest Botnets Has Vanished
http://motherboard.vice.com/read/one-of-the-worlds-largest-botnets-has-vanished
Title: Re: Technical
Post by: Asyn on June 12, 2016, 12:32:38 PM
Reviewing Microsoft's Automatic Insertion of Telemetry into C++ Binaries
https://www.infoq.com/news/2016/06/visual-cpp-telemetry
Title: Re: Technical
Post by: Asyn on June 12, 2016, 03:12:57 PM
Tails 2.4 is out
https://tails.boum.org/news/version_2.4/index.en.html
Title: Re: Technical
Post by: Asyn on June 13, 2016, 09:18:16 AM
Mozilla - Help Make Open Source Secure
https://blog.mozilla.org/blog/2016/06/09/help-make-open-source-secure/
Title: Re: Technical
Post by: REDACTED on June 13, 2016, 01:00:22 PM
Symantec to buy Blue Coat for $4.7 billion to boost enterprise unit

http://www.reuters.com/article/us-bluecoat-m-a-symantec-idUSKCN0YZ0BM
Title: Re: Technical
Post by: Asyn on June 13, 2016, 02:48:55 PM
Symantec to buy Blue Coat for $4.7 billion to boost enterprise unit
http://www.reuters.com/article/us-bluecoat-m-a-symantec-idUSKCN0YZ0BM
More here: http://investor.symantec.com/About/Investors/press-releases/press-release-details/2016/Symantec-to-Acquire-Blue-Coat-and-Define-the-Future-of-Cybersecurity/default.aspx
Title: Re: Technical
Post by: Asyn on June 13, 2016, 03:28:31 PM
Akamai - DDoS and Web Applications Attack (Q1 2016)
https://www.akamai.com/uk/en/multimedia/documents/state-of-the-internet/akamai-q1-2016-state-of-the-internet-security-report-infographic.pdf
Title: Re: Technical
Post by: Asyn on June 14, 2016, 08:44:07 AM
Intel & ME, and why we should get rid of ME
http://www.fsf.org/blogs/licensing/intel-me-and-why-we-should-get-rid-of-me
Title: Re: Technical
Post by: Asyn on June 15, 2016, 08:53:24 AM
FLocker Mobile Ransomware Crosses to Smart TV
http://blog.trendmicro.com/trendlabs-security-intelligence/flocker-ransomware-crosses-smart-tv/
Title: Re: Technical
Post by: Asyn on June 16, 2016, 11:56:28 AM
ATM Insert Skimmers In Action
https://krebsonsecurity.com/2016/06/atm-insert-skimmers-in-action/
Title: Re: Technical
Post by: Asyn on June 17, 2016, 11:30:51 AM
Unsupported TeamViewer Versions Exploited For Backdoors, Keylogging
http://blog.trendmicro.com/trendlabs-security-intelligence/unsupported-teamviewer-versions-exploited-backdoors-keylogging/
Title: Re: Technical
Post by: Asyn on June 18, 2016, 04:40:00 PM
Checked C
http://research.microsoft.com/en-us/projects/checkedc/
Title: Re: Technical
Post by: Asyn on June 19, 2016, 12:32:46 PM
Intel release new technology specifications to protect against ROP attacks
https://blogs.intel.com/evangelists/2016/06/09/intel-release-new-technology-specifications-protect-rop-attacks/
Title: Re: Technical
Post by: Asyn on June 20, 2016, 10:31:57 AM
Ransomware attack study
http://www.professionalsecurity.co.uk/news/case-studies/ransomware-attack-study/
Title: Re: Technical
Post by: Asyn on June 21, 2016, 10:36:11 AM
The new RAA Ransomware is created entirely using Javascript
http://www.bleepingcomputer.com/news/security/the-new-raa-ransomware-is-created-entirely-using-javascript/
Title: Re: Technical
Post by: Asyn on June 23, 2016, 03:46:39 PM
The Poisoned Archives
http://blog.talosintel.com/2016/06/the-poisoned-archives.html
Title: Re: Technical
Post by: DavidR on June 23, 2016, 05:22:03 PM
The Poisoned Archives
http://blog.talosintel.com/2016/06/the-poisoned-archives.html

Interesting, though what is also interesting is that a firefox add-on WorldIP reports that site as DNS-Spoofing.
Title: Re: Technical
Post by: Asyn on June 23, 2016, 08:02:23 PM
...though what is also interesting is that a firefox add-on WorldIP reports that site as DNS-Spoofing.
Hi Dave, that's a reputable site, see: http://www.talosintel.com/about/
No idea what you add-on is complaining about, sorry... :-\
Title: Re: Technical
Post by: DavidR on June 23, 2016, 08:30:32 PM
...though what is also interesting is that a firefox add-on WorldIP reports that site as DNS-Spoofing.
Hi Dave, that's a reputable site, see: http://www.talosintel.com/about/
No idea what you add-on is complaining about, sorry... :-\

I don't doubt it is legit, but there are many sites that really do go in for this kind of anonymity whilst the above link doesn't throw up the warning, the blog does. What seems to be the problem is the DNS server doesn't match the domain or somthing like that.
Title: Re: Technical
Post by: Asyn on June 23, 2016, 08:58:23 PM
If you think it's an issue, I'd suggest to report it: http://www.talosintel.com/contact/
Title: Re: Technical
Post by: Asyn on June 24, 2016, 06:51:57 AM
Retefe banking Trojan targets UK banking customers
https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers
Title: Re: Technical
Post by: Asyn on June 25, 2016, 08:58:18 AM
Necurs Botnet Returns With Updated Locky Ransomware In Tow
https://www.proofpoint.com/threat-insight/post/necurs-botnet-returns-with-updated-locky-ransomware-in-tow
Title: Re: Technical
Post by: Asyn on June 26, 2016, 11:42:53 AM
Nuclear, Angler Exploit Kit Activity Has Disappeared
https://threatpost.com/nuclear-angler-exploit-kit-activity-has-disappeared/118842/
Title: Re: Technical
Post by: Asyn on June 28, 2016, 08:56:07 AM
A Bug in Chrome Makes It Easy to Pirate Movies
https://www.wired.com/2016/06/bug-chrome-makes-easy-pirate-movies/
Title: Re: Technical
Post by: Asyn on June 29, 2016, 08:01:07 AM
Doh! New "Bart" Ransomware from Threat Actors Spreading Dridex and Locky
https://www.proofpoint.com/us/threat-insight/post/New-Bart-Ransomware-from-Threat-Actors-Spreading-Dridex-and-Locky
Title: Re: Technical
Post by: Asyn on June 30, 2016, 10:13:02 AM
Zimbra Ransomware written in Python targets Zimbra Mail Store
http://www.bleepingcomputer.com/news/security/zimbra-ransomware-written-in-python-targets-zimbra-mail-store/
Title: Re: Technical
Post by: Asyn on July 01, 2016, 09:34:10 AM
[Tor] - Selfrando: Q and A with Georg Koppen
https://blog.torproject.org/blog/selfrando-q-and-georg-koppen
https://github.com/immunant/selfrando
https://people.torproject.org/~gk/misc/Selfrando-Tor-Browser.pdf
Title: Re: Technical
Post by: Pondus on July 01, 2016, 12:10:14 PM
Internet speed test in google and bing
http://www.theverge.com/2016/6/28/12055442/google-search-internet-speed-test-netflix-fast-ookla


Bing
https://www.bing.com/search?q=internet+speed+test&go=Submit&qs=n&form=QBLH&pq=internet+speed+test&sc=9-19&sp=-1&sk=&cvid=ECA52EBBF6DD4AF58D2A5F4068AD3C75

Title: Re: Technical
Post by: bob3160 on July 01, 2016, 02:57:00 PM
Internet speed test in google and bing
http://www.theverge.com/2016/6/28/12055442/google-search-internet-speed-test-netflix-fast-ookla (http://www.theverge.com/2016/6/28/12055442/google-search-internet-speed-test-netflix-fast-ookla)


Bing
https://www.bing.com/search?q=internet+speed+test&go=Submit&qs=n&form=QBLH&pq=internet+speed+test&sc=9-19&sp=-1&sk=&cvid=ECA52EBBF6DD4AF58D2A5F4068AD3C75 (https://www.bing.com/search?q=internet+speed+test&go=Submit&qs=n&form=QBLH&pq=internet+speed+test&sc=9-19&sp=-1&sk=&cvid=ECA52EBBF6DD4AF58D2A5F4068AD3C75)
It works in Bing not in Google:
(http://screencast-o-matic.com/screenshots/u/Lh/1467377726029-23005.png) (https://www.youtube.com/watch?v=eEYFyoYhxU0)
https://www.youtube.com/watch?v=eEYFyoYhxU0
Title: Re: Technical
Post by: Asyn on July 02, 2016, 07:23:49 AM
StartEncrypt considered harmful today
https://www.computest.nl/blog/startencrypt-considered-harmful-today/
Title: Re: Technical
Post by: Asyn on July 03, 2016, 10:18:00 AM
hashcat v3.00
https://hashcat.net/forum/thread-5559.html
Title: Re: Technical
Post by: Asyn on July 04, 2016, 11:11:22 AM
Don’t pay the Ransom! AVG releases six free decryption tools to retrieve your files
http://now.avg.com/dont-pay-the-ransom-avg-releases-six-free-decryption-tools-to-retrieve-your-files/
Title: Re: Technical
Post by: Pondus on July 04, 2016, 11:33:21 PM
Quote
Akamai: global average connection speed up 12 percent, bye bye IPv4
https://techcrunch.com/2016/06/28/akamai-global-average-connection-speed-up-12-percent-bye-bye-ipv4/

Title: Re: Technical
Post by: Asyn on July 06, 2016, 08:14:57 AM
From HummingBad to Worse: New In-Depth Details and Analysis of the HummingBad Android Malware Campaign
http://blog.checkpoint.com/2016/07/01/from-hummingbad-to-worse-new-in-depth-details-and-analysis-of-the-hummingbad-andriod-malware-campaign/
http://blog.checkpoint.com/wp-content/uploads/2016/07/HummingBad-Research-report_FINAL-62916.pdf
Title: Re: Technical
Post by: Asyn on July 08, 2016, 07:52:27 AM
New Backdoor Allows Full Access to Mac Systems, Bitdefender Warns
https://labs.bitdefender.com/2016/07/new-mac-backdoor-nukes-os-x-systems/
https://labs.bitdefender.com/wp-content/uploads/2016/07/Backdoor-MAC-Eleanor_final.pdf
Title: Re: Technical
Post by: Asyn on July 09, 2016, 04:14:35 PM
New OSX/Keydnap malware is hungry for credentials
http://www.welivesecurity.com/2016/07/06/new-osxkeydnap-malware-hungry-credentials/
Title: Re: Technical
Post by: Asyn on July 10, 2016, 10:46:34 AM
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Title: Re: Technical
Post by: DavidR on July 10, 2016, 03:29:14 PM
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html

Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
Title: Re: Technical
Post by: Pondus on July 11, 2016, 11:07:52 AM
Want to build your own computer   ;D

Man Builds Giant 16-Bit 'Megaprocessor' in His Living Room
http://www.popularmechanics.com/technology/design/a21670/man-builds-giant-16-bit-megaprocessor/
http://www.bbc.com/news/technology-36711989

Title: Re: Technical
Post by: Asyn on July 11, 2016, 11:22:28 AM
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html
Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
Agreed Dave, I also wouldn't recommend Lenovo, atm.
Title: Re: Technical
Post by: Asyn on July 11, 2016, 12:01:36 PM
DroidJack Uses Side-Load…It's Super Effective! Backdoored Pokemon GO Android App Found
https://www.proofpoint.com/us/threat-insight/post/droidjack-uses-side-load-backdoored-pokemon-go-android-app
Title: Re: Technical
Post by: bob3160 on July 11, 2016, 02:12:24 PM
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html (http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html)
Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
Agreed Dave, I also wouldn't recommend Lenovo, atm.
Im certainly not planning to throw mine away.....
Title: Re: Technical
Post by: Pondus on July 11, 2016, 02:18:37 PM
Exploring and exploiting Lenovo firmware secrets
http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html (http://blog.cr4.sh/2016/06/exploring-and-exploiting-lenovo.html)
Lenovo having a real hard time with one thing or another, the last two spyware incidents took Lenovo of my system replacement list. Looks like more work required to get their house in order before people are going to trust their system with their own data.
Agreed Dave, I also wouldn't recommend Lenovo, atm.
Im certainly not planning to throw mine away.....
Same here, my lenovo yoga 500 work like a dream    ;)


Title: Re: Technical
Post by: Asyn on July 11, 2016, 02:23:22 PM
Come on guys, nobody said to throw it away. ::) ;)
Still, you should monitor your systems carefully, imo.
Title: Re: Technical
Post by: Asyn on July 12, 2016, 07:29:14 AM
Tools deliver false promises to YouTubers and Gamers
https://blog.avast.com/tools-deliver-false-promises-to-youtubers
Title: Re: Technical
Post by: Asyn on July 12, 2016, 01:13:35 PM
Experimenting with Post-Quantum Cryptography
https://security.googleblog.com/2016/07/experimenting-with-post-quantum.html
Title: Re: Technical
Post by: Asyn on July 13, 2016, 10:58:21 AM
When Paying Out Doesn't Pay Off
http://blog.talosintel.com/2016/07/ranscam.html
Title: Re: Technical
Post by: DavidR on July 13, 2016, 03:03:03 PM
When Paying Out Doesn't Pay Off
http://blog.talosintel.com/2016/07/ranscam.html

I have always been of the opinion that payment is no guarantee that the crooks will honour any promise to decrypt/restore files when you pay.

As mentioned a robust backup and recovery strategy is required.
Title: Re: Technical
Post by: bob3160 on July 14, 2016, 12:00:47 AM
When Paying Out Doesn't Pay Off
http://blog.talosintel.com/2016/07/ranscam.html (http://blog.talosintel.com/2016/07/ranscam.html)

I have always been of the opinion that payment is no guarantee that the crooks will honour any promise to decrypt/restore files when you pay.

As mentioned a robust backup and recovery strategy is required.
Repairing for a disaster needs to be done before the disaster happens. What David does, certainly qualifies as preparing for that disaster.
It is something I stress repeatedly at every presentation. :)
Title: Re: Technical
Post by: Asyn on July 17, 2016, 01:00:33 PM
CryptXXX providing free keys for .Crypz and .Cryp1 Versions
http://www.bleepingcomputer.com/news/security/cryptxxx-providing-free-keys-for-crypz-and-cryp1-versions/
Title: Re: Technical
Post by: Asyn on July 19, 2016, 10:40:44 AM
Retefe banking Trojan targets UK banking customers
https://blog.avast.com/retefe-banking-trojan-targets-uk-banking-customers
The evolution of the Retefe banking Trojan
https://blog.avast.com/the-evolution-of-the-retefe-banking-trojan
Title: Re: Technical
Post by: Asyn on July 20, 2016, 10:59:47 AM
How “The Internet’s Biggest Blind Spot” lead to a 15 year old security vulnerability
https://medium.com/we-build-vend/how-the-internets-biggest-blind-spot-lead-to-a-15-year-old-security-vulnerability-a2a6f6218a71
https://httpoxy.org/
Title: Re: Technical
Post by: Asyn on July 22, 2016, 12:34:40 PM
Reducing Adobe Flash Usage in Firefox
https://blog.mozilla.org/futurereleases/2016/07/20/reducing-adobe-flash-usage-in-firefox/
Title: Re: Technical
Post by: Asyn on July 24, 2016, 08:03:00 AM
Trend Micro Ransomware File Decryptor Updated
http://blog.trendmicro.com/trend-micro-ransomware-file-decryptor-updated/
Title: Re: Technical
Post by: Asyn on July 25, 2016, 12:20:35 PM
Bart’s Shenanigans Are No Match for AVG
http://now.avg.com/barts-shenanigans-are-no-match-for-avg/
Title: Re: Technical
Post by: Asyn on July 27, 2016, 11:11:49 AM
The No More Ransom Project
https://www.nomoreransom.org/
Title: Re: Technical
Post by: Pondus on July 27, 2016, 11:34:02 PM
Lowering memory usage in Opera and Blink with Heap compaction
https://www.opera.com/blogs/desktop/2016/07/memory-usage-opera-heap-compaction/


Title: Re: Technical
Post by: Asyn on July 28, 2016, 08:17:49 AM
Keys to Chimera ransomware leaked
https://blog.malwarebytes.com/cybercrime/2016/07/keys-to-chimera-ransomware-leaked/
Title: Re: Technical
Post by: Asyn on July 30, 2016, 09:38:05 PM
OPNsense 16.7 released
https://forum.opnsense.org/index.php?topic=3428.0
Title: Re: Technical
Post by: Lisandro on July 30, 2016, 11:30:26 PM
OPNsense 16.7 released
https://forum.opnsense.org/index.php?topic=3428.0
Error: SEC_ERROR_OCSP_SERVER_ERROR
Am I alone? Can't connect...
Title: Re: Technical
Post by: bob3160 on July 30, 2016, 11:51:18 PM
No problem here connecting.
Title: Re: Technical
Post by: Lisandro on July 31, 2016, 12:59:10 AM
No problem here connecting.
Sorry, it was a temporary glitch from my side.
Title: Re: Technical
Post by: Asyn on July 31, 2016, 11:50:42 AM
Keeping Positive – Obtaining Arbitrary Wildcard SSL Certificates from Comodo via Dangling Markup Injection
https://thehackerblog.com/keeping-positive-obtaining-arbitrary-wildcard-ssl-certificates-from-comodo-via-dangling-markup-injection/index.html
Title: Re: Technical
Post by: Asyn on August 01, 2016, 10:39:39 AM
WhatsApp Forensic Artifacts: Chats Aren’t Being Deleted
http://www.zdziarski.com/blog/?p=6143
Title: Re: Technical
Post by: Asyn on August 03, 2016, 09:33:29 AM
Driver Signing changes in Windows 10, version 1607
https://blogs.msdn.microsoft.com/windows_hardware_certification/2016/07/26/driver-signing-changes-in-windows-10-version-1607/
Title: Re: Technical
Post by: Asyn on August 05, 2016, 01:52:30 PM
This is what Apple should tell you when you lose your iPhone
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82
Title: Re: Technical
Post by: DavidR on August 05, 2016, 04:34:12 PM
This is what Apple should tell you when you lose your iPhone
https://hackernoon.com/this-is-what-apple-should-tell-you-when-you-lose-your-iphone-8f07cf73cf82

Very interesting and devious.
Title: Re: Technical
Post by: Asyn on August 06, 2016, 07:32:15 AM
Pwnie Awards 2016
http://pwnies.com/winners/
Title: Re: Technical
Post by: Asyn on August 07, 2016, 09:39:56 AM
What are malicious USB keys and how to create a realistic one?
https://www.elie.net/blog/security/what-are-malicious-usb-keys-and-how-to-create-a-realistic-one
Title: Re: Technical
Post by: Asyn on August 10, 2016, 06:50:16 AM
ProjectSauron: top level cyber-espionage platform covertly extracts encrypted government comms
https://securelist.com/analysis/publications/75533/faq-the-projectsauron-apt/
Title: Re: Technical
Post by: Asyn on August 11, 2016, 10:22:11 AM
Secure Golden Key Boot: (MS16-094 / CVE-2016-3287, and MS16-100 / CVE-2016-3320)
https://rol.im/securegoldenkeyboot/
Title: Re: Technical
Post by: Asyn on August 12, 2016, 09:48:39 AM
Study Highlights Serious Security Threat to Many Internet Users
https://ucrtoday.ucr.edu/39030
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf
Title: Re: Technical
Post by: bob3160 on August 12, 2016, 03:00:13 PM
Study Highlights Serious Security Threat to Many Internet Users
https://ucrtoday.ucr.edu/39030 (https://ucrtoday.ucr.edu/39030)
http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf (http://www.cs.ucr.edu/~zhiyunq/pub/sec16_TCP_pure_offpath.pdf)
This pretty much destroys the belief that using Linux keeps you safe.
Title: Re: Technical
Post by: polonus on August 12, 2016, 11:27:16 PM
Fine new technology, USB firewall: https://www.usenix.org/conference/usenixsecurity16/technical-sessions/presentation/tian

Innovation and thinking outside the trodden path is the way forward for us all.
Great developers do it.
Knowledge means power, but unique talent is more powerful yet!

polonus
Title: Re: Technical
Post by: Asyn on August 14, 2016, 09:52:14 AM
RC4 is now disabled in Microsoft Edge and Internet Explorer 11
https://blogs.windows.com/msedgedev/2016/08/09/rc4-now-deprecated/
Title: Re: Technical
Post by: Asyn on August 16, 2016, 11:43:20 AM
PokemonGo Ransomware installs Backdoor Account and Spreads to other Drives
http://www.bleepingcomputer.com/news/security/pokemongo-ransomware-installs-backdoor-accounts-and-spreads-to-other-drives/
Title: Re: Technical
Post by: Asyn on August 17, 2016, 12:54:47 PM
Further simplifying servicing models for Windows 7 and Windows 8.1
https://blogs.technet.microsoft.com/windowsitpro/2016/08/15/further-simplifying-servicing-model-for-windows-7-and-windows-8-1/
Title: Re: Technical
Post by: mchain on August 17, 2016, 10:04:36 PM
Intel will provide early access to fast Optane SSDs via the cloud
http://www.cio.com/article/3108182/intel-will-provide-early-access-to-fast-optane-ssds-via-the-cloud.html (http://www.cio.com/article/3108182/intel-will-provide-early-access-to-fast-optane-ssds-via-the-cloud.html)
Title: Re: Technical
Post by: Asyn on August 19, 2016, 11:10:21 AM
Development version of the Hitler-Ransomware Discovered
http://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/
Title: Re: Technical
Post by: Asyn on August 20, 2016, 08:29:00 AM
Cerber Ransomware Developers make changes that defeat Check Point's Decryption Service
http://www.bleepingcomputer.com/news/security/cerber-ransomware-developers-make-changes-that-defeat-check-points-decryption-service/
Title: Re: Technical
Post by: Pondus on August 20, 2016, 09:51:13 PM
Google is killing off Chrome apps on Windows, macOS, and Linux
http://www.neowin.net/news/google-is-killing-off-chrome-apps-on-windows-macos-and-linux


Title: Re: Technical
Post by: Pondus on August 20, 2016, 09:53:54 PM
Microsoft broke millions of webcams with the Windows 10 Anniversary Update
http://www.theverge.com/2016/8/19/12562780/microsoft-windows-10-anniversary-update-webcam-freezing

Title: Re: Technical
Post by: bob3160 on August 20, 2016, 10:17:32 PM
Microsoft broke millions of webcams with the Windows 10 Anniversary Update
http://www.theverge.com/2016/8/19/12562780/microsoft-windows-10-anniversary-update-webcam-freezing (http://www.theverge.com/2016/8/19/12562780/microsoft-windows-10-anniversary-update-webcam-freezing)
Temporary workaround: https://twitter.com/WithinRafael/status/766698660608348161
Title: Re: Technical
Post by: Asyn on August 21, 2016, 11:05:54 AM
RCE in Teamspeak 3 server
http://seclists.org/fulldisclosure/2016/Aug/61
Title: Re: Technical
Post by: Asyn on August 22, 2016, 07:37:44 AM
Locky Ransomware Distributed Via DOCM Attachments in Latest Email Campaigns
https://www.fireeye.com/blog/threat-research/2016/08/locky_ransomwaredis.html
Title: Re: Technical
Post by: Asyn on August 23, 2016, 08:24:07 AM
The NSA Leak Is Real, Snowden Documents Confirm
https://theintercept.com/2016/08/19/the-nsa-was-hacked-snowden-documents-confirm/
Title: Re: Technical
Post by: Asyn on August 24, 2016, 07:37:47 AM
Equation Group's BENIGNCERTAIN tool - a remote exploit to extract Cisco VPN private keys
https://musalbas.com/2016/08/18/equation-group-benigncertain.html
Title: Re: Technical
Post by: Asyn on August 25, 2016, 09:17:21 AM
NSA-linked Cisco exploit poses bigger threat than previously thought
http://arstechnica.com/security/2016/08/nsa-linked-cisco-exploit-poses-bigger-threat-than-previously-thought/
Title: Re: Technical
Post by: Asyn on August 27, 2016, 10:27:40 AM
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
https://sweet32.info/
Title: Re: Technical
Post by: Asyn on August 27, 2016, 05:53:21 PM
Sophisticated, persistent mobile attack against high-value targets on iOS
https://blog.lookout.com/blog/2016/08/25/trident-pegasus/
Title: Re: Technical
Post by: Asyn on August 28, 2016, 11:35:48 AM
Sweet32: Birthday attacks on 64-bit block ciphers in TLS and OpenVPN
https://sweet32.info/
Attack of the week: 64-bit ciphers in TLS
http://blog.cryptographyengineering.com/2016/08/attack-of-week-64-bit-ciphers-in-tls.html
Title: Re: Technical
Post by: Asyn on August 29, 2016, 10:18:29 AM
Fantom Ransomware Encrypts your Files while pretending to be Windows Update
http://www.bleepingcomputer.com/news/security/fantom-ransomware-encrypts-your-files-while-pretending-to-be-windows-update/
Title: Re: Technical
Post by: Asyn on August 30, 2016, 10:15:51 AM
Keeper: Trusted UI is injected into untrusted webpage
https://bugs.chromium.org/p/project-zero/issues/detail?id=917
https://blog.keepersecurity.com/2016/08/28/security-update-for-keeper-browser-extension/
Title: Re: Technical
Post by: Asyn on August 31, 2016, 11:22:30 AM
Observatory by Mozilla
https://observatory.mozilla.org
https://observatory.mozilla.org/faq.html
https://github.com/mozilla/http-observatory
Title: Re: Technical
Post by: Asyn on September 02, 2016, 08:31:51 AM
FBI says foreign hackers penetrated state election systems
https://www.yahoo.com/news/fbi-says-foreign-hackers-penetrated-000000175.html
Title: Re: Technical
Post by: Asyn on September 03, 2016, 03:49:38 PM
Hidden Voice Commands
https://www.usenix.org/system/files/conference/usenixsecurity16/sec16_paper_carlini.pdf
Title: Re: Technical
Post by: Asyn on September 04, 2016, 08:26:59 AM
The story of how WoSign gave me an SSL certificate for GitHub.com
https://www.schrauger.com/the-story-of-how-wosign-gave-me-an-ssl-certificate-for-github-com
Title: Re: Technical
Post by: Asyn on September 05, 2016, 09:46:01 AM
USBee: Air-Gap Covert-Channel via Electromagnetic Emission from USB
http://cyber.bgu.ac.il/t/USBee.pdf
Title: Re: Technical
Post by: Asyn on September 06, 2016, 10:03:41 AM
Kali Linux 2016.2 Release
https://www.kali.org/news/kali-linux-20162-release/
Title: Re: Technical
Post by: Asyn on September 08, 2016, 08:11:51 AM
Banking Trojan, Gugi, evolves to bypass Android 6 protection
https://securelist.com/blog/mobile/75971/banking-trojan-gugi-evolves-to-bypass-android-6-protection/
Title: Re: Technical
Post by: Asyn on September 09, 2016, 07:22:46 AM
Zepto ransomware now introduces new features to better encrypt your files
https://blog.avast.com/zepto-ransomware-now-introduces-new-features-to-better-encrypt-your-files
Title: Re: Technical
Post by: Asyn on September 10, 2016, 08:42:28 AM
Bilal Bot: That Time a Malware Developer Asked Me to Correct a Security Blog
https://securityintelligence.com/bilal-bot-that-time-a-malware-developer-asked-me-to-correct-a-security-blog/
Title: Re: Technical
Post by: Asyn on September 11, 2016, 08:50:28 AM
Snagging creds from locked machines
https://room362.com/post/2016/snagging-creds-from-locked-machines/
Title: Re: Technical
Post by: Asyn on September 12, 2016, 05:33:27 AM
Linux/Mirai ELF, when malware is recycled could be still dangerous
http://securityaffairs.co/wordpress/50929/malware/linux-mirai-elf.html
Title: Re: Technical
Post by: Asyn on September 13, 2016, 09:00:00 AM
Wireshark 2.2.0
https://www.wireshark.org/docs/relnotes/wireshark-2.2.0.html
Title: Re: Technical
Post by: Asyn on September 14, 2016, 08:59:11 AM
MySQL Exploit Remote Root-Code Execution Privesc CVE-2016-6662
http://legalhackers.com/advisories/MySQL-Exploit-Remote-Root-Code-Execution-Privesc-CVE-2016-6662.html
Title: Re: Technical
Post by: Asyn on September 16, 2016, 08:36:02 AM
Announcing the Project Zero Prize
https://googleprojectzero.blogspot.com/2016/09/announcing-project-zero-prize.html
Title: Re: Technical
Post by: Asyn on September 17, 2016, 04:01:01 PM
Locky ransomware goes on Autopilot
https://blog.avira.com/locky-ransomware-goes-autopilot/
Title: Re: Technical
Post by: Asyn on September 18, 2016, 08:13:12 AM
More Safe Browsing Help for Webmasters
https://security.googleblog.com/2016/09/more-safe-browsing-help-for-webmasters.html
Title: Re: Technical
Post by: Asyn on September 19, 2016, 10:38:20 AM
Someone Is Learning How to Take Down the Internet
https://www.schneier.com/blog/archives/2016/09/someone_is_lear.html
Title: Re: Technical
Post by: Asyn on September 20, 2016, 09:12:50 AM
Twice the Bits, Twice the Trouble: Vulnerabilities Induced by Migrating to 64-Bit Platforms
https://www.tu-braunschweig.de/Medien-DB/sec/pubs/2016-ccs.pdf
Title: Re: Technical
Post by: REDACTED on September 20, 2016, 12:41:03 PM
Important changes to Chrome Web Store

http://blog.chromium.org/2016/08/from-chrome-apps-to-web.html (http://blog.chromium.org/2016/08/from-chrome-apps-to-web.html)
Title: Re: Technical
Post by: Asyn on September 21, 2016, 08:05:10 AM
Inside Petya and Mischa Ransomware
https://blog.avast.com/inside-petya-and-mischa-ransomware
Title: Re: Technical
Post by: Asyn on September 21, 2016, 10:05:38 AM
Stampado: Taking Ransomware Scumbaggery to the Next Level
http://www.bleepingcomputer.com/news/security/stampado-taking-ransomware-scumbaggery-to-the-next-level/
https://decrypter.emsisoft.com/stampado
Title: Re: Technical
Post by: Asyn on September 21, 2016, 01:15:23 PM
Update on add-on pinning vulnerability
https://blog.mozilla.org/security/2016/09/16/update-on-add-on-pinning-vulnerability/
Title: Re: Technical
Post by: Asyn on September 22, 2016, 10:28:42 AM
Facebook Page Takeover – Zero Day Vulnerability
http://arunsureshkumar.me/index.php/2016/09/16/facebook-page-takeover-zero-day-vulnerability/
Title: Re: Technical
Post by: Asyn on September 23, 2016, 09:55:43 AM
Future Attack Scenarios Against Authentication Systems, Communicating with ATMS
https://securelist.com/files/2016/09/16_09_en.pdf
Title: Re: Technical
Post by: Asyn on September 24, 2016, 08:07:14 AM
Inside Petya and Mischa Ransomware
https://blog.avast.com/inside-petya-and-mischa-ransomware
Ransomware doesn't sell itself: Marketing malware on the darknet
https://blog.avast.com/ransomware-doesnt-sell-itself-marketing-malware-on-the-darknet
Title: Re: Technical
Post by: Asyn on September 25, 2016, 10:54:39 AM
Exclusive: Probe of leaked U.S. NSA hacking tools examines operative's 'mistake'
http://www.reuters.com/article/us-cyber-nsa-tools-idUSKCN11S2MF
Title: Re: Technical
Post by: Asyn on September 26, 2016, 04:44:37 PM
iOS 10: Security Weakness Discovered, Backup Passwords Much Easier to Break
http://blog.elcomsoft.com/2016/09/ios-10-security-weakness-discovered-backup-passwords-much-easier-to-break/
Title: Re: Technical
Post by: Asyn on September 29, 2016, 08:28:55 AM
The banker that can steal anything
https://securelist.com/blog/mobile/76101/the-banker-that-can-steal-anything/
Title: Re: Technical
Post by: Asyn on October 02, 2016, 08:17:39 AM
InfoArmor: Yahoo Data Breach Investigation
https://www.infoarmor.com/infoarmor-yahoo-data-breach-investigation/
Title: Re: Technical
Post by: mchain on October 02, 2016, 08:28:22 AM
The coming storm that is IoT:
Source Code for IoT Botnet ‘Mirai’ Released
https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/ (https://krebsonsecurity.com/2016/10/source-code-for-iot-botnet-mirai-released/)
Title: Re: Technical
Post by: Asyn on October 03, 2016, 09:03:07 AM
Apple Logs Your iMessage Contacts — and May Share Them With Police
https://theintercept.com/2016/09/28/apple-logs-your-imessage-contacts-and-may-share-them-with-police/
Title: Re: Technical
Post by: Asyn on October 05, 2016, 09:38:48 AM
Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT
Title: Re: Technical
Post by: bob3160 on October 05, 2016, 02:26:36 PM
Exclusive: Yahoo secretly scanned customer emails for U.S. intelligence - sources
http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT (http://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSKCN1241YT)
I'm glad that someone looked at all the Spam I received at my yahoo junk-mail account. :)
If you don't use your account, delete it: https://login.yahoo.com/?.done=https%3a%2f%2fedit.yahoo.com%2fconfig%2fdelete_user%3f.scrumb%3d0 (https://login.yahoo.com/?.done=https%3a%2f%2fedit.yahoo.com%2fconfig%2fdelete_user%3f.scrumb%3d0)
If you actually use your Yahoo account, transfer to one of the others and then delete your account.
Title: Re: Technical
Post by: Asyn on October 06, 2016, 08:07:12 AM
DressCode and its Potential Impact for Enterprises
http://blog.trendmicro.com/trendlabs-security-intelligence/dresscode-potential-impact-enterprises/
Title: Re: Technical
Post by: Asyn on October 07, 2016, 08:13:49 AM
Cerber Ransomware switches to a Random Extension and Ends Database Processes
http://www.bleepingcomputer.com/news/security/cerber-ransomware-switches-to-a-random-extension-and-ends-database-processes/
Title: Re: Technical
Post by: Asyn on October 08, 2016, 08:52:29 AM
Hacked Steam accounts spreading Remote Access Trojan
http://www.bleepingcomputer.com/news/security/hacked-steam-accounts-spreading-remote-access-trojan/
Title: Re: Technical
Post by: Asyn on October 09, 2016, 08:28:41 AM
Free OS X Security Tools
https://objective-see.com/products.html
Title: Re: Technical
Post by: Asyn on October 10, 2016, 01:02:52 PM
Future-proofing the Connected World: 13 Steps to Developing Secure IoT Products
https://downloads.cloudsecurityalliance.org/assets/research/internet-of-things/future-proofing-the-connected-world.pdf
Title: Re: Technical
Post by: Asyn on October 12, 2016, 06:56:59 AM
Vladimir Putin embedded in uTorrent binary
https://blog.avast.com/vladimir-putin-embedded-in-utorrent-binary
Title: Re: Technical
Post by: Asyn on October 13, 2016, 08:42:33 AM
The DXXD Ransomware displays Legal Notice before Users Login
http://www.bleepingcomputer.com/news/security/the-dxxd-ransomware-displays-legal-notice-before-users-login/
Title: Re: Technical
Post by: Asyn on October 14, 2016, 09:20:24 AM
Zero-Day Alert: Email Security Platform (Dell SonicWALL)
https://www.digitaldefense.com/blog-zero-day-vulnerabilities-email-platform/
Title: Re: Technical
Post by: Asyn on October 15, 2016, 09:47:46 AM
FTC Charges Tech Support Companies With Using Deceptive Pop-Up Ads to Scare Consumers Into Purchasing Unneeded Services
https://www.ftc.gov/news-events/press-releases/2016/10/ftc-charges-tech-support-companies-using-deceptive-pop-ads-scare
Title: Re: Technical
Post by: Asyn on October 16, 2016, 09:06:27 AM
A kilobit hidden SNFS discrete logarithm computation
http://eprint.iacr.org/2016/961
http://eprint.iacr.org/2016/961.pdf
Title: Re: Technical
Post by: Asyn on October 17, 2016, 10:16:21 AM
Modern Business Solutions Stumbles Over A Modern Business Problem – 58M Records Dumped From An Unsecured Database
https://www.riskbasedsecurity.com/2016/10/modern-business-solutions-stumbles-over-a-modern-business-problem-58m-records-dumped-from-an-unsecured-database/
Title: Re: Technical
Post by: Asyn on October 18, 2016, 09:22:02 AM
Android Banking Trojan Asks for Selfie With Your ID
https://blogs.mcafee.com/mcafee-labs/android-banking-trojan-asks-for-selfie-with-your-id/
Title: Re: Technical
Post by: Asyn on October 20, 2016, 07:35:22 AM
Malware posing as Dual Instance app steals users’ Twitter credentials
https://blog.avast.com/malware-posing-as-dual-instance-app-steals-users-twitter-credentials
Title: Re: Technical
Post by: Asyn on October 21, 2016, 08:48:31 AM
EvilTwin's Exotic Ransomware targets Executable Files
http://www.bleepingcomputer.com/news/security/eviltwins-exotic-ransomware-targets-executable-files/
Title: Re: Technical
Post by: Asyn on October 22, 2016, 08:34:29 AM
DDoS on Dyn Impacts Twitter, Spotify, Reddit
https://krebsonsecurity.com/2016/10/ddos-on-dyn-impacts-twitter-spotify-reddit/
Title: Re: Technical
Post by: Asyn on October 23, 2016, 11:01:56 AM
Magento Credit Card Swiper Exports to Image
https://blog.sucuri.net/2016/10/magento-credit-card-swiper-exports-image.html
Title: Re: Technical
Post by: Asyn on October 24, 2016, 12:44:25 PM
dr0wned - Cyber-Physical Attack with Additive Manufacturing
https://arxiv.org/abs/1609.00133
https://arxiv.org/pdf/1609.00133v1 [PDF]
Title: Re: Technical
Post by: Asyn on October 25, 2016, 10:18:54 AM
Radioactive Mouse States the Obvious
https://www.syss.de/en/pentest-blog/article/2016/10/04/radioactive-mouse-states-the-obvious-1/
Title: Re: Technical
Post by: Asyn on October 26, 2016, 07:27:07 AM
Hucky Ransomware: A Hungarian Locky Wannabe
https://blog.avast.com/hucky-ransomware-a-hungarian-locky-wannabe
Title: Re: Technical
Post by: Asyn on October 27, 2016, 09:26:12 AM
Distrusting New WoSign and StartCom Certificates
https://blog.mozilla.org/security/2016/10/24/distrusting-new-wosign-and-startcom-certificates/
Title: Re: Technical
Post by: Asyn on October 28, 2016, 10:53:08 AM
Testing MBRFilter against Ransomware that modify the Master Boot Record
http://www.bleepingcomputer.com/news/security/testing-mbrfilter-against-ransomware-that-modify-the-master-boot-record/
https://github.com/vrtadmin/MBRFilter
Title: Re: Technical
Post by: Asyn on October 29, 2016, 08:26:37 AM
AtomBombing: A Code Injection that Bypasses Current Security Solutions
http://blog.ensilo.com/atombombing-a-code-injection-that-bypasses-current-security-solutions
https://breakingmalware.com/injection-techniques/atombombing-brand-new-code-injection-for-windows/
Title: Re: Technical
Post by: Asyn on October 30, 2016, 08:39:10 AM
In-Dev Ransomware forces you do to Survey before unlocking Computer
http://www.bleepingcomputer.com/news/security/in-dev-ransomware-forces-you-do-to-survey-before-unlocking-computer/
Title: Re: Technical
Post by: Asyn on October 31, 2016, 08:19:12 AM
task_t considered harmful
https://googleprojectzero.blogspot.com/2016/10/taskt-considered-harmful.html
Title: Re: Technical
Post by: Asyn on November 01, 2016, 07:45:11 AM
Android Trojan GM Bot is evolving and targeting more than 50 banks worldwide
https://blog.avast.com/android-trojan-gm-bot-is-evolving-and-targeting-more-than-50-banks-worldwide
Title: Re: Technical
Post by: Asyn on November 02, 2016, 08:27:40 AM
Battery Status readout as a privacy risk
https://blog.lukaszolejnik.com/battery-status-readout-as-a-privacy-risk/
http://lukaszolejnik.com/battery.pdf
https://www.fxsitecompat.com/en-CA/docs/2016/battery-status-api-has-been-removed/
Title: Re: Technical
Post by: Asyn on November 04, 2016, 09:21:45 AM
Tech support scammers abuse bug in HTML5 to freeze computers
https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2016/11/tech-support-scammers-abuse-bug-in-html5-feature-to-freeze-computers/
Title: Re: Technical
Post by: Asyn on November 04, 2016, 01:17:09 PM
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html
Title: Re: Technical
Post by: DavidR on November 04, 2016, 04:07:19 PM
Web of Trust (WOT) Add-on taken down by Google and Mozilla after reports of selling Users browsing history
http://techdows.com/2016/11/web-of-trust-add-on-removed.html

Well that's a good and prompt response - if only they would start working through other dubious add-ons.
Title: Re: Technical
Post by: Asyn on November 05, 2016, 07:23:40 PM
Malvertising on Google AdWords Targeting MacOS Users
https://blog.cylance.com/malvertising-on-google-adwords-targeting-macos-users
Title: Re: Technical
Post by: Asyn on November 07, 2016, 10:01:53 AM
Vulnerability Spotlight: Remotely Exploitable Bugs in Memcached Identified and Patched
http://blog.talosintel.com/2016/10/memcached-vulnerabilities.html
Title: Re: Technical
Post by: Asyn on November 09, 2016, 10:24:40 AM
Investigation of regular high load on unused machines every 7 hours
https://blog.avast.com/investigation-of-regular-high-load-on-unused-machines-every-7-hours
Title: Re: Technical
Post by: Asyn on November 10, 2016, 08:24:39 AM
iOS WebView auto dialer bug
https://www.mulliner.org/blog/blosxom.cgi/security/ios_webview_auto_dialer.html
Title: Re: Technical
Post by: Asyn on November 13, 2016, 09:36:19 AM
Google Pixel pwned in 60 seconds - Chinese teams kill Safari, laugh at four-second Flash hack
http://www.theregister.co.uk/2016/11/11/google_pixel_pwned_in_60_seconds
Title: Re: Technical
Post by: Asyn on November 15, 2016, 12:53:59 PM
Live HTTP Headers (and other Chrome extensions) distributing adware
https://cwhite.me/live-http-headers-is-now-an-adware-distributor/
Title: Re: Technical
Post by: Asyn on November 16, 2016, 09:08:03 AM
CVE-2016-4484: Cryptsetup Initrd root Shell
http://hmarco.org/bugs/CVE-2016-4484/CVE-2016-4484_cryptsetup_initrd_shell.html
Title: Re: Technical
Post by: Asyn on November 18, 2016, 06:37:18 AM
Ransoc Desktop Locking Ransomware Ransacks Local Files and Social Media Profiles
https://www.proofpoint.com/us/threat-insight/post/ransoc-desktop-locking-ransomware-ransacks-local-files-social-media-profiles
Title: Re: Technical
Post by: Asyn on November 19, 2016, 06:09:47 AM
Your Android could be sending messages to China
https://blog.avast.com/your-android-could-be-sending-messages-to-china
Title: Re: Technical
Post by: DavidR on November 19, 2016, 03:56:35 PM
Your Android could be sending messages to China
https://blog.avast.com/your-android-could-be-sending-messages-to-china

Strangely enough, I have always been wary of Chinese products and that only strengthened after the Lenovo issue. I did however take a punt on the Huawei Nexus 6P by a "Chinese telecommunications company that has been manufacturing mobile phones since 1997."

Nice to see that avast has this covered.
Title: Re: Technical
Post by: Asyn on November 20, 2016, 06:50:37 AM
iPhone User? Your Calls Go to iCloud
https://blog.elcomsoft.com/2016/11/iphone-user-your-calls-go-to-icloud/
Title: Re: Technical
Post by: Asyn on November 21, 2016, 08:45:45 AM
[0day] [PoC] Risky design decisions in Google Chrome and Fedora desktop enable drive-by downloads
https://scarybeastsecurity.blogspot.com/2016/11/0day-poc-risky-design-decisions-in.html
Title: Re: Technical
Post by: Asyn on November 22, 2016, 07:22:18 AM
3 million Android phones vulnerable due to pre-installed rootkit
https://blog.avast.com/3-million-android-phones-vulnerable-due-to-pre-installed-rootkit
http://blog.anubisnetworks.com/blog/ragentek-android-ota-update-mechanism-vulnerable-to-mitm-attack
Title: Re: Technical
Post by: Asyn on November 23, 2016, 08:32:07 AM
Locky Ransomware now using the Aesir Extension for Encrypted Files
http://www.bleepingcomputer.com/news/security/locky-ransomware-now-using-the-aesir-extension-for-encrypted-files/
Title: Re: Technical
Post by: Asyn on November 24, 2016, 07:26:51 AM
Nemucod downloader spreading via Facebook
https://bartblaze.blogspot.com/2016/11/nemucod-downloader-spreading-via.html
Title: Re: Technical
Post by: Asyn on November 25, 2016, 08:58:41 AM
Android Banking Malware Masquerading as Email App Targets German Banks
https://blog.fortinet.com/2016/11/18/android-banking-malware-masquerading-as-email-app-targets-german-banks
Title: Re: Technical
Post by: .: Mac :. on November 25, 2016, 10:55:47 PM
Locky Ransomware now using the Aesir Extension for Encrypted Files
http://www.bleepingcomputer.com/news/security/locky-ransomware-now-using-the-aesir-extension-for-encrypted-files/

What I would give to get my hands on the creators of Locky! Many lost nights restoring customers from backups.

BTW - Love the Avatar of Mr. Incredible

Title: Re: Technical
Post by: Asyn on November 26, 2016, 09:54:45 AM
What I would give to get my hands on the creators of Locky!
You're not alone pal. ;)
Title: Re: Technical
Post by: Asyn on November 26, 2016, 09:55:50 AM
You Can Now Rent a Mirai Botnet of 400,000 Bots
http://www.bleepingcomputer.com/news/security/you-can-now-rent-a-mirai-botnet-of-400-000-bots/
Title: Re: Technical
Post by: Asyn on November 27, 2016, 08:32:58 AM
Here’s a secret: ɢoogle.com is not google.com
http://www.analyticsedge.com/2016/11/heres-a-secret-%C9%A2oogle-com-is-not-google-com/
http://help.analyticsedge.com/spam-filter/definitive-guide-to-removing-google-analytics-spam/
Title: Re: Technical
Post by: Asyn on November 28, 2016, 10:46:46 AM
Google warns journalists and professors: Your account is under attack
http://arstechnica.com/security/2016/11/google-warns-journalists-and-professors-your-account-is-under-attack/
Title: Re: Technical
Post by: Asyn on November 29, 2016, 08:00:01 AM
Locky Ransomware putting us to sleep with the ZZZZZ Extension
http://www.bleepingcomputer.com/news/security/locky-ransomware-putting-us-to-sleep-with-the-zzzzz-extension/
Title: Re: Technical
Post by: Asyn on November 30, 2016, 06:45:23 AM
An in-depth look at the technology behind CyberCapture
https://blog.avast.com/an-in-depth-look-at-the-technology-behind-cybercapture
Title: Re: Technical
Post by: Asyn on December 01, 2016, 07:49:21 AM
More Than 1 Million Google Accounts Breached by Gooligan
http://blog.checkpoint.com/2016/11/30/1-million-google-accounts-breached-gooligan/
Gooligan Checker: https://gooligan.checkpoint.com/
Title: Re: Technical
Post by: bob3160 on December 01, 2016, 09:33:50 PM
Avast Releases Four Free Ransomware Decryptors (https://blog.avast.com/avast-releases-four-free-ransomware-decryptors)
(https://blog.avast.com/hs-fs/hubfs/Ransomware_Decryptor_tools/RansomwareDecryptorTools.png?t=1480613137926&width=600&height=313&name=RansomwareDecryptorTools.png)
Title: Re: Technical
Post by: Asyn on December 03, 2016, 10:09:03 AM
Analysis of multiple vulnerabilities in AirDroid
https://blog.zimperium.com/analysis-of-multiple-vulnerabilities-in-airdroid/
Title: Re: Technical
Post by: Asyn on December 04, 2016, 09:15:22 AM
Every Windows 10 in-place Upgrade is a SEVERE Security risk
http://blog.win-fu.com/2016/11/every-windows-10-in-place-upgrade-is.html
Title: Re: Technical
Post by: Pondus on December 04, 2016, 10:18:57 AM
USB Killer, yours for $50, lets you easily fry almost every device
http://arstechnica.com/gadgets/2016/12/usb-killer-fries-devices/

war ... huh, what is it good fore?



USB Type-C cable so bad it fries Google engineer’s Chromebook Pixel
http://arstechnica.com/gadgets/2016/02/google-engineer-finds-usb-type-c-cable-thats-so-bad-it-fried-his-chromebook-pixel/



Title: Re: Technical
Post by: Asyn on December 05, 2016, 12:41:59 PM
SAMRi10 - Hardening SAM Remote Access in Windows 10/Server 2016
https://gallery.technet.microsoft.com/SAMRi10-Hardening-Remote-48d94b5b
Title: Re: Technical
Post by: Asyn on December 06, 2016, 08:28:33 AM
Announcing OSS-Fuzz: Continuous Fuzzing for Open Source Software
https://testing.googleblog.com/2016/12/announcing-oss-fuzz-continuous-fuzzing.html
https://github.com/google/oss-fuzz
Title: Re: Technical
Post by: Pondus on December 07, 2016, 10:14:53 PM
Send Files Between Devices Without Uploading to an Intermediary With Takeafile
http://lifehacker.com/send-files-between-devices-without-uploading-to-an-inte-1789753970

Title: Re: Technical
Post by: Asyn on December 08, 2016, 09:40:09 AM
CVE-2016-8655 Linux af_packet.c race condition (local root)
http://seclists.org/oss-sec/2016/q4/607
https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c
https://www.ubuntu.com/usn/usn-3151-1/
Title: Re: Technical
Post by: Asyn on December 09, 2016, 09:13:53 AM
Backdoor in Sony IPELA Engine IP Cameras
http://blog.sec-consult.com/2016/12/backdoor-in-sony-ipela-engine-ip-cameras.html
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20161206-0_Sony_IPELA_Engine_IP_Cameras_Backdoors_v10.txt
Title: Re: Technical
Post by: Asyn on December 10, 2016, 07:05:12 AM
Roundcube 1.2.2: Command Execution via Email
https://blog.ripstech.com/2016/roundcube-command-execution-via-email/
Title: Re: Technical
Post by: Asyn on December 11, 2016, 07:13:44 AM
Readers of popular websites targeted by stealthy Stegano exploit kit hiding in pixels of malicious ads
http://www.welivesecurity.com/2016/12/06/readers-popular-websites-targeted-stealthy-stegano-exploit-kit-hiding-pixels-malicious-ads/
Title: Re: Technical
Post by: Asyn on December 13, 2016, 08:11:22 AM
New Scheme: Spread Popcorn Time Ransomware, get chance of free Decryption Key
https://www.bleepingcomputer.com/news/security/new-scheme-spread-popcorn-time-ransomware-get-chance-of-free-decryption-key/
Title: Re: Technical
Post by: Asyn on December 14, 2016, 11:06:17 AM
State of the Web Report 2016
https://www.menlosecurity.com/state-of-the-web-ig-lp-2016
Title: Re: Technical
Post by: Asyn on December 16, 2016, 12:11:28 PM
No More Ransom: new partners, new decryption tools, new languages to better fight ransomware
https://www.europol.europa.eu/newsroom/news/no-more-ransom-new-partners-new-decryption-tools-new-languages-to-better-fight-ransomware
Title: Re: Technical
Post by: bob3160 on December 16, 2016, 12:35:06 PM
No More Ransom: new partners, new decryption tools, new languages to better fight ransomware
https://www.europol.europa.eu/newsroom/news/no-more-ransom-new-partners-new-decryption-tools-new-languages-to-better-fight-ransomware (https://www.europol.europa.eu/newsroom/news/no-more-ransom-new-partners-new-decryption-tools-new-languages-to-better-fight-ransomware)
A better mousetrap has always resulted in smarter mice. :)
Title: Re: Technical
Post by: REDACTED on December 16, 2016, 08:59:04 PM
Do they make Also in Polish?
Title: Re: Technical
Post by: bob3160 on December 16, 2016, 09:14:30 PM
Do they make Also in Polish?
https://forum.avast.com/index.php?board=50.0
Title: Re: Technical
Post by: Asyn on December 17, 2016, 07:55:09 AM
macOS FileVault2 Password Retrieval
http://blog.frizk.net/2016/12/filevault-password-retrieval.html
Title: Re: Technical
Post by: Asyn on December 19, 2016, 07:44:42 AM
Reliably compromising Ubuntu desktops by attacking the crash reporter
https://donncha.is/2016/12/compromising-ubuntu-desktop/
Title: Re: Technical
Post by: Asyn on December 21, 2016, 09:03:17 AM
Project Wycheproof
https://security.googleblog.com/2016/12/project-wycheproof.html
https://github.com/google/wycheproof
Title: Re: Technical
Post by: Asyn on December 22, 2016, 11:53:29 AM
Methbot
http://www.whiteops.com/methbot
http://w-ops.com/methbot_wp
Title: Re: Technical
Post by: Asyn on December 27, 2016, 09:26:15 AM
Announcing Request for Nominations for Public-Key Post-Quantum Cryptographic Algorithms
https://www.federalregister.gov/documents/2016/12/20/2016-30615/announcing-request-for-nominations-for-public-key-post-quantum-cryptographic-algorithms
https://www.gpo.gov/fdsys/pkg/FR-2016-12-20/pdf/2016-30615.pdf
Title: Re: Technical
Post by: Asyn on January 03, 2017, 11:45:18 AM
Koolova Ransomware Decrypts for Free if you Read Two Articles about Ransomware
https://www.bleepingcomputer.com/news/security/koolova-ransomware-decrypts-for-free-if-you-read-two-articles-about-ransomware/
Title: Re: Technical
Post by: Asyn on January 04, 2017, 02:43:45 PM
Top 50 Products By Total Number Of "Distinct" Vulnerabilities in 2016
http://www.cvedetails.com/top-50-products.php?year=2016
Title: Re: Technical
Post by: Asyn on January 05, 2017, 09:36:00 AM
Avast cyber security predictions for 2017
https://blog.avast.com/avast-cyber-security-predictions-for-2017
Title: Re: Technical
Post by: Asyn on January 06, 2017, 10:50:21 AM
FireCrypt Ransomware Comes With a DDoS Component
https://www.bleepingcomputer.com/news/security/firecrypt-ransomware-comes-with-a-ddos-component/
Title: Re: Technical
Post by: Asyn on January 08, 2017, 08:01:44 AM
Tech support scam page triggers denial-of-service attack on Macs
https://blog.malwarebytes.com/101/mac-the-basics/2017/01/tech-support-scam-page-attempts-denial-of-service-via-mail-app/
Title: Re: Technical
Post by: Asyn on January 11, 2017, 09:20:14 AM
MongoDB Apocalypse: Professional Ransomware Group Gets Involved, Infections Reach 28K Servers
https://www.bleepingcomputer.com/news/security/mongodb-apocalypse-professional-ransomware-group-gets-involved-infections-reach-28k-servers/
Title: Re: Technical
Post by: Asyn on January 12, 2017, 09:08:16 AM
Browser Autofill Phishing
https://github.com/anttiviljami/browser-autofill-phishing
Title: Re: Technical
Post by: Asyn on January 14, 2017, 07:41:33 AM
Misconfigured server reveals Cerber ransomware targets users in Europe and North America
https://blog.avast.com/misconfigured-server-reveals-cerber-ransomware-targets-users-in-europe-and-north-america
Title: Re: Technical
Post by: Asyn on January 17, 2017, 11:01:29 AM
WhatsApp vulnerability allows snooping on encrypted messages
https://www.theguardian.com/technology/2017/jan/13/whatsapp-backdoor-allows-snooping-on-encrypted-messages
https://tobi.rocks/2017/01/whatsapp-vulnerability-bug-or-backdoor/
https://whispersystems.org/blog/there-is-no-whatsapp-backdoor/
Title: Re: Technical
Post by: Asyn on January 18, 2017, 08:39:38 AM
(Cross-)Browser Fingerprinting via OS and Hardware Level Features
https://drive.google.com/file/d/0B4s900Byvv1ibW5uc1NiU2g3R3c/view
Title: Re: Technical
Post by: Asyn on January 19, 2017, 09:18:05 AM
CryptoSearch Finds Files Encrypted by Ransomware, Moves Them to New Location
https://www.bleepingcomputer.com/news/security/cryptosearch-finds-files-encrypted-by-ransomware-moves-them-to-new-location/
https://download.bleepingcomputer.com/demonslay335/CryptoSearch.zip
Title: Re: Technical
Post by: Asyn on January 20, 2017, 05:50:36 AM
Who is Anna-Senpai, the Mirai Worm Author?
https://krebsonsecurity.com/2017/01/who-is-anna-senpai-the-mirai-worm-author/
Title: Re: Technical
Post by: Asyn on January 22, 2017, 08:11:47 AM
Already on probation, Symantec issues more illegit HTTPS certificates
http://arstechnica.com/security/2017/01/already-on-probation-symantec-issues-more-illegit-https-certificates/
https://www.mail-archive.com/dev-security-policy@lists.mozilla.org/msg05455.html
Title: Re: Technical
Post by: Asyn on January 23, 2017, 07:12:02 AM
Re-Hacking The Samsung Smartcam
https://blog.exploitee.rs/2017/re-hacking-the-samsung-smartcam/
Title: Re: Technical
Post by: Asyn on January 27, 2017, 06:19:07 PM
Meet TorWorld, an Upcoming Tor-as-a-Service Portal
https://www.bleepingcomputer.com/news/security/meet-torworld-an-upcoming-tor-as-a-service-portal/
https://torworld.org/
Title: Re: Technical
Post by: Asyn on January 28, 2017, 03:22:04 PM
VirLocker’s comeback; including recovery instructions
https://blog.malwarebytes.com/threat-analysis/2017/01/virlockers-comeback-including-recovery-instructions/
Title: Re: Technical
Post by: Asyn on January 29, 2017, 01:26:54 PM
Cyber Grand Shellphish
http://phrack.org/papers/cyber_grand_shellphish.html
Title: Re: Technical
Post by: Asyn on January 31, 2017, 11:17:29 AM
Saga 2.0 comes with IP Generation Algorithm (IPGA)
https://www.govcert.admin.ch/blog/27/saga-2.0-comes-with-ip-generation-algorithm-ipga
Title: Re: Technical
Post by: Asyn on February 02, 2017, 05:02:37 PM
Content Injection Vulnerability in WordPress
https://blog.sucuri.net/2017/02/content-injection-vulnerability-wordpress-rest-api.html
Title: Re: Technical
Post by: Asyn on February 06, 2017, 03:52:35 PM
Hacker Dumps iOS Cracking Tools Allegedly Stolen from Cellebrite
https://motherboard.vice.com/en_us/article/hacker-dumps-ios-cracking-tools-allegedly-stolen-from-cellebrite
Title: Re: Technical
Post by: Asyn on February 07, 2017, 02:22:37 PM
Watch Your Computer Go Bonkers with Cancer Trollware
https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/
Title: Re: Technical
Post by: Asyn on February 08, 2017, 09:53:34 AM
Spora Ransomware Sets Itself Apart with Top-Notch PR, Customer Support
https://www.bleepingcomputer.com/news/security/spora-ransomware-sets-itself-apart-with-top-notch-pr-customer-support/
Title: Re: Technical
Post by: Asyn on February 09, 2017, 12:59:20 PM
Vizio smart TVs tracked viewers around the clock without consent
https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/
Title: Re: Technical
Post by: bob3160 on February 09, 2017, 02:42:34 PM
Vizio smart TVs tracked viewers around the clock without consent
https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/ (https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/)
Maybe it was a good thing that a lightning strike killed the one I owned. :)
Title: Re: Technical
Post by: Asyn on February 09, 2017, 03:00:43 PM
Vizio smart TVs tracked viewers around the clock without consent
https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/ (https://arstechnica.com/tech-policy/2017/02/vizio-smart-tvs-tracked-viewers-around-the-clock-without-consent/)
Maybe it was a good thing that a lightning strike killed the one I owned. :)
Wow, quite interesting Bob, "heavenly power" used for anti-tracking... ;)
Title: Re: Technical
Post by: Asyn on February 11, 2017, 09:16:28 AM
iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader)
https://iranthreats.github.io/resources/macdownloader-macos-malware/
Title: Re: Technical
Post by: Asyn on February 11, 2017, 11:07:22 PM
Lifting the (Hyper) Visor: Bypassing Samsung’s Real-Time Kernel Protection
https://googleprojectzero.blogspot.com/2017/02/lifting-hyper-visor-bypassing-samsungs.html
Title: Re: Technical
Post by: Asyn on February 12, 2017, 12:14:04 PM
Erebus Ransomware Utilizes a UAC Bypass and Request a $90 Ransom Payment
https://www.bleepingcomputer.com/news/security/erebus-ransomware-utilizes-a-uac-bypass-and-request-a-90-ransom-payment/
Title: Re: Technical
Post by: Asyn on February 14, 2017, 10:12:35 AM
Fileless attacks against enterprise networks
https://securelist.com/blog/research/77403/fileless-attacks-against-enterprise-networks/
Title: Re: Technical
Post by: Asyn on February 15, 2017, 09:15:29 AM
New Attack, Old Tricks (analyzing a malicious document with a mac-specific payload)
https://objective-see.com/blog/blog_0x17.html
Title: Re: Technical
Post by: Asyn on February 16, 2017, 11:05:58 AM
New ASLR-busting JavaScript is about to make drive-by exploits much nastier
https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/
https://www.vusec.net/projects/anc/
Title: Re: Technical
Post by: Asyn on February 17, 2017, 09:39:01 AM
New Xagent Mac Malware Linked with the APT28
https://labs.bitdefender.com/2017/02/new-xagent-mac-malware-linked-with-the-apt28/
Title: Re: Technical
Post by: Asyn on February 22, 2017, 10:41:13 AM
CryptoMix: Avast adds a new free decryption tool to its collection
https://blog.avast.com/cryptomix-avast-adds-a-new-free-decryption-tool-to-its-collection
Title: Re: Technical
Post by: Asyn on February 24, 2017, 07:58:26 AM
New crypto-ransomware hits macOS
http://www.welivesecurity.com/2017/02/22/new-crypto-ransomware-hits-macos/
Title: Re: Technical
Post by: Asyn on February 25, 2017, 07:23:10 PM
SHAttered - We have broken SHA-1 in practice
https://shattered.it/
https://shattered.it/static/shattered.pdf
Title: Re: Technical
Post by: bob3160 on February 25, 2017, 07:30:50 PM
SHAttered - We have broken SHA-1 in practice
https://shattered.it/ (https://shattered.it/)
https://shattered.it/static/shattered.pdf (https://shattered.it/static/shattered.pdf)
This reminds me of the Cancer warnings against using sugar. They fed a rat the equivalent of a bath tub
full of sugar daily and the rat developed cancer. Sugar must therefore be a cancer causing agent.
Sugar is now considered safer than it's first released replacement.
Title: Re: Technical
Post by: Asyn on February 26, 2017, 12:30:39 PM
SMTP over XXE − how to send emails using Java's XML parser
https://shiftordie.de/blog/2017/02/18/smtp-over-xxe/
Title: Re: Technical
Post by: Asyn on February 27, 2017, 07:59:56 AM
Advisory: Java/Python FTP Injections Allow for Firewall Bypass
http://blog.blindspotsecurity.com/2017/02/advisory-javapython-ftp-injections.html
Title: Re: Technical
Post by: Asyn on February 28, 2017, 06:42:52 AM
Microsoft Edge and IE: Type confusion in HandleColumnBreakOnColumnSpanningElement
https://bugs.chromium.org/p/project-zero/issues/detail?id=1011
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-0037
Title: Re: Technical
Post by: Asyn on March 03, 2017, 10:37:13 AM
Decrypting after a Findzip ransomware infection
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
Title: Re: Technical
Post by: Asyn on March 07, 2017, 11:10:14 AM
Nextcloud releases security scanner to help protect private clouds
https://nextcloud.com/blog/nextcloud-releases-security-scanner-to-help-protect-private-clouds/
https://scan.nextcloud.com/
Title: Re: Technical
Post by: Asyn on March 08, 2017, 09:21:29 AM
Spammergate: The Fall of an Empire
https://mackeeper.com/blog/post/339-spammergate-the-fall-of-an-empire
http://www.csoonline.com/article/3176433/security/spammers-expose-their-entire-operation-though-bad-backups.html
Title: Re: Technical
Post by: Asyn on March 10, 2017, 09:48:30 AM
Multiple vulnerabilities found in Wireless IP Camera (P2P) WIFICAM cameras and vulnerabilities in custom http server
https://pierrekim.github.io/blog/2017-03-08-camera-goahead-0day.html
Title: Re: Technical
Post by: Asyn on March 11, 2017, 04:43:50 PM
The Skinner adware rears its ugly head on Google Play
http://blog.checkpoint.com/2017/03/08/skinner-adware-rears-ugly-head-google-play/
Title: Re: Technical
Post by: Asyn on March 12, 2017, 11:02:47 AM
Content-Type: Malicious - New Apache Struts2 0-day Under Attack
http://blog.talosintelligence.com/2017/03/apache-0-day-exploited.html
https://cwiki.apache.org/confluence/display/WW/S2-045
Title: Re: Technical
Post by: Asyn on March 13, 2017, 12:32:43 PM
Thou Shalt Not Depend on Me: Analysing the Use of Outdated JavaScript Libraries on the Web
http://www.ccs.neu.edu/home/arshad/publications/ndss2017jslibs.pdf
Title: Re: Technical
Post by: Asyn on March 14, 2017, 10:32:32 AM
Decrypting after a Findzip ransomware infection
https://blog.malwarebytes.com/cybercrime/2017/02/decrypting-after-a-findzip-ransomware-infection/
Mac FindZip ransomware decryption tool unzips your encrypted files
https://blog.avast.com/mac-findzip-ransomware-decryption-tool-helps-you-unzip-your-encrypted-files
Title: Re: Technical
Post by: Asyn on March 15, 2017, 10:55:24 AM
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
Title: Re: Technical
Post by: DavidR on March 15, 2017, 11:32:56 AM
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx

Big this month, considering the pulling of last months update. Still haven't received mine yet, but I'm in no rush.

Looking at the list, it doesn't seem that Microsoft has learnt anything, same issues time and time again, 'Remote Code Execution,' 'Elevation of Privileges,  'Information Disclosure,' etc. etc.
Title: Re: Technical
Post by: Asyn on March 15, 2017, 12:22:03 PM
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx
Big this month, considering the pulling of last months update....
Yep, let's call it double-trouble. ;)
Title: Re: Technical
Post by: bob3160 on March 15, 2017, 02:42:41 PM
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx (https://technet.microsoft.com/library/security/ms17-mar.aspx)
Big this month, considering the pulling of last months update....
Yep, let's call it double-trouble. ;)
The update this month also took almost as much time as a new install.
Title: Re: Technical
Post by: Para-Noid on March 15, 2017, 02:48:59 PM
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx

Looking at the list, it doesn't seem that Microsoft has learnt anything, same issues time and time again, 'Remote Code Execution,' 'Elevation of Privileges,  'Information Disclosure,' etc. etc.

Either that or someone keeps figuring out ways to circumvent Microsoft fixes. Any way you look at Microsoft can't get a handle on it.
Title: Re: Technical
Post by: DavidR on March 15, 2017, 03:47:44 PM
Microsoft Security Bulletin Summary for March 2017
https://technet.microsoft.com/library/security/ms17-mar.aspx

Looking at the list, it doesn't seem that Microsoft has learnt anything, same issues time and time again, 'Remote Code Execution,' 'Elevation of Privileges,  'Information Disclosure,' etc. etc.

Either that or someone keeps figuring out ways to circumvent Microsoft fixes. Any way you look at Microsoft can't get a handle on it.

You would like to hope that MS would actually be testing for these vulnerabilities when the elements are designed.
Title: Re: Technical
Post by: Asyn on March 16, 2017, 09:37:06 AM
Taking Stock: Estimating Vulnerability Rediscovery
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2928758
Title: Re: Technical
Post by: Asyn on March 17, 2017, 02:30:43 PM
Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!
https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/
Title: Re: Technical
Post by: Asyn on March 18, 2017, 08:22:57 PM
Zero Days, Thousands of Nights - The Life and Times of Zero-Day Vulnerabilities and Their Exploits
http://www.rand.org/pubs/research_reports/RR1751.html
http://www.rand.org/content/dam/rand/pubs/research_reports/RR1700/RR1751/RAND_RR1751.pdf
Title: Re: Technical
Post by: Asyn on March 20, 2017, 01:44:43 PM
Detecting and eliminating Chamois, a fraud botnet on Android
https://security.googleblog.com/2017/03/detecting-and-eliminating-chamois-fraud.html
Title: Re: Technical
Post by: Asyn on March 21, 2017, 10:42:57 AM
Virtual machine escape fetches $105,000 at Pwn2Own hacking contest
https://arstechnica.com/security/2017/03/hack-that-escapes-vm-by-exploiting-edge-browser-fetches-105000-at-pwn2own/
Title: Re: Technical
Post by: Asyn on March 22, 2017, 11:10:14 AM
DoubleAgent: Taking Full Control Over Your Antivirus
http://cybellum.com/doubleagent-taking-full-control-antivirus/
http://cybellum.com/doubleagentzero-day-code-injection-and-persistence-technique/

PS: https://forum.avast.com/index.php?topic=199290.0 (Forum discussion)
Title: Re: Technical
Post by: Asyn on March 23, 2017, 12:38:06 PM
Necurs Diversifies Its Portfolio
http://blog.talosintelligence.com/2017/03/necurs-diversifies.html
Title: Re: Technical
Post by: Asyn on March 24, 2017, 02:13:06 PM
Diverse protections for a diverse ecosystem: Android Security 2016 Year in Review
https://security.googleblog.com/2017/03/diverse-protections-for-diverse.html
https://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf
Title: Re: Technical
Post by: Asyn on March 26, 2017, 01:50:01 PM
Dark Matter
https://wikileaks.org/vault7/darkmatter/
Title: Re: Technical
Post by: Pondus on March 27, 2017, 02:27:45 PM
In case E.T. need to phone home   ;)

The Moon could have its own mobile data network as soon as next year
http://www.wired.co.uk/article/moon-mobile-data-2018


Title: Re: Technical
Post by: DavidR on March 27, 2017, 03:52:52 PM
In case E.T. need to phone home   ;)

The Moon could have its own mobile data network as soon as next year
http://www.wired.co.uk/article/moon-mobile-data-2018

Great the moon will have better communications than many villages on this world.
Title: Re: Technical
Post by: Asyn on March 30, 2017, 10:27:30 AM
Adware Replaces Phone Numbers for Security Firms Returned in Search Results
https://www.bleepingcomputer.com/news/security/adware-replaces-phone-numbers-for-security-firms-returned-in-search-results/
Title: Re: Technical
Post by: Asyn on April 02, 2017, 02:43:57 PM
Number of internet facing vulnerable IIS 6.0 to CVE-2017–7269
https://medium.com/@iraklis/number-of-internet-facing-vulnerable-iis-6-0-to-cve-2017-7269-8bd153ef5812
https://github.com/edwardz246003/IIS_exploit
Title: Re: Technical
Post by: Asyn on April 04, 2017, 10:18:24 AM
Skype Malvertising Campaign Pushes Fake Flash Player
https://www.bleepingcomputer.com/news/security/skype-malvertising-campaign-pushes-fake-flash-player/
Title: Re: Technical
Post by: Asyn on April 05, 2017, 07:12:47 AM
Avast joins No More Ransom project as associate partner
https://blog.avast.com/avast-joins-no-more-ransom-project-as-associate-partner
https://www.nomoreransom.org
Title: Re: Technical
Post by: Asyn on April 06, 2017, 07:03:29 AM
Mobile spyware uses sandbox to  avoid antivirus detections
https://blog.avast.com/mobile-spyware-uses-sandbox-to-avoid-antivirus-detections
Title: Re: Technical
Post by: Pondus on April 06, 2017, 04:45:46 PM
Worried about ransomware or nuclear war, you may store your backup here
http://www.livescience.com/58497-second-doomsday-vault-opens-for-data.html?utm_medium=syndication&utm_source=zergnet


Title: Re: Technical
Post by: Asyn on April 07, 2017, 08:36:43 AM
Automatically Inferring Malware Signatures for Anti-Virus Assisted Attacks
https://www.sec.cs.tu-bs.de/pubs/2017-asiaccs.pdf
Title: Re: Technical
Post by: Asyn on April 08, 2017, 04:35:33 PM
Pegasus for Android - Technical Analysis and Findings of Chrysaor
https://info.lookout.com/rs/051-ESQ-475/images/lookout-pegasus-android-technical-analysis.pdf
Title: Re: Technical
Post by: Asyn on April 11, 2017, 10:49:09 AM
Longhorn: Tools used by cyberespionage group linked to Vault 7
https://www.symantec.com/connect/blogs/longhorn-tools-used-cyberespionage-group-linked-vault-7
Title: Re: Technical
Post by: Asyn on April 12, 2017, 09:14:32 AM
Dridex Campaigns Hitting Millions of Recipients Using Unpatched Microsoft Zero-Day
https://www.proofpoint.com/us/threat-insight/post/dridex-campaigns-millions-recipients-unpatched-microsoft-zero-day
Title: Re: Technical
Post by: Asyn on April 13, 2017, 10:48:41 AM
MS - April 2017 Security Updates
https://portal.msrc.microsoft.com/en-us/security-guidance/releasenotedetail/42b8fa28-9d09-e711-80d9-000d3a32fc99
https://portal.msrc.microsoft.com/en-us/security-guidance
Title: Re: Technical
Post by: Asyn on April 14, 2017, 06:43:55 AM
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer
Title: Re: Technical
Post by: DavidR on April 14, 2017, 09:43:58 AM
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer

Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Title: Re: Technical
Post by: Asyn on April 14, 2017, 11:43:42 AM
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.
Title: Re: Technical
Post by: DavidR on April 14, 2017, 12:01:46 PM
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.

I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
Title: Re: Technical
Post by: bob3160 on April 14, 2017, 02:56:18 PM
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer (https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer)
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.

I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
I've just added my 2 cents. :)
Title: Re: Technical
Post by: DavidR on April 14, 2017, 03:53:46 PM
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer (https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer)
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.

I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
I've just added my 2 cents. :)

Yes, totally agreed.

I think they may be considering their position, possibly not about a return of the avast remote assistance tool, but to allow comments on the blog ;)
Title: Re: Technical
Post by: bob3160 on April 14, 2017, 03:56:19 PM
A deeper look into malware abusing TeamViewer
https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer (https://blog.avast.com/a-deeper-look-into-malware-abusing-teamviewer)
Ha, is this not a good reason to bring back the Avast Remote Assistance function ???
Absolutely, I still wonder why it got removed in the first place. It was quite handy, imo.

I have just posted a comment in the blog and show the potential error in removing avast's own remote assistance. This move essentially pushed some avast users to team viewer.
I've just added my 2 cents. :)

Yes, totally agreed.

I think they may be considering their position, possibly not about a return of the avast remote assistance tool, but to allow comments on the blog ;)
I've regularly, and for quite some time, commented on the Avast Blog. :)
Title: Re: Technical
Post by: Secondmineboy on April 14, 2017, 04:10:32 PM
Microsoft has now started to block Windows 7/8.1 updates on PCs with recent processors

https://www.onmsft.com/news/microsoft-has-now-started-to-block-windows-78-1-updates-on-pcs-with-recent-processors
Title: Re: Technical
Post by: Lisandro on April 15, 2017, 01:20:33 PM
About TeamViewer, I beg to disagree. It was a feature used by less than 1% of the users (most only ourselves and advanced users).
If we keep, or add, features that have security issues in other 3rd party apps, we'll see Avast being everything but a security app.

I know you'll be angry with me, but when people talk about "bloatware" and "keep only in security field" we clap-clap them...
Remote Assistance is not security in 1st place. It's convenient, it could be there, but it was gone and technical team needs to be focused :)
Title: Re: Technical
Post by: DavidR on April 15, 2017, 02:48:01 PM
About TeamViewer, I beg to disagree. It was a feature used by less than 1% of the users (most only ourselves and advanced users).
If we keep, or add, features that have security issues in other 3rd party apps, we'll see Avast being everything but a security app.

I know you'll be angry with me, but when people talk about "bloatware" and "keep only in security field" we clap-clap them...
Remote Assistance is not security in 1st place. It's convenient, it could be there, but it was gone and technical team needs to be focused :)

1.  Does it really matter if it is only used by a small percentage, it was essentially a unique feature to avast, not it isn't there what other unique feature is there to have people choose/switch to avast. I have no idea how much of an overhead it was, but I can't imagine it being massive.

2.  You talk of bloat, well avast is still full of it, components that I will never use and that is why so many people get rid of the cr4p using a custom install or the minimum install. Fortunately people can uninstall or not install components they don't need or want, the same would be true for the avast remote assistance function.

People are more worried about components that are installed against their wishes (even though the EULA may cover that), just cast your mind back to when the safezone browser was introduced. Also all of the in your face ads for other avast products. These I would say are much well received than the avast remote assistance function.

So you think it is OK that avast removed this function, in light of the blog article about the team viewer vulnerability/exploit. If that were me I certainly wouldn't have released a blog article that highlighted the lack a remote assistance function that was driving avast users to team viewer and leaving them potentially vulnerable to exploit.
Title: Re: Technical
Post by: bob3160 on April 15, 2017, 04:09:29 PM
About TeamViewer, I beg to disagree. It was a feature used by less than 1% of the users (most only ourselves and advanced users).
If we keep, or add, features that have security issues in other 3rd party apps, we'll see Avast being everything but a security app.

I know you'll be angry with me, but when people talk about "bloatware" and "keep only in security field" we clap-clap them...
Remote Assistance is not security in 1st place. It's convenient, it could be there, but it was gone and technical team needs to be focused :)
Sorry Lisandro, I totally disagree with your opinion on this topic.
Securing your computer via remote assistance to make it safe, is certainly security related.
If everything was purely based on the number of users, lots of useful programs wouldn't exist.
I'm all for eliminating bloatware but this isn't one of the items that belongs in that category.
Title: Re: Technical
Post by: Lisandro on April 15, 2017, 05:10:11 PM
Sorry Lisandro, I totally disagree with your opinion on this topic.
No need to be sorry Bob. We just disagree :)

I'm all for eliminating bloatware but this isn't one of the items that belongs in that category.
I did not say (neither think) that this feature is bloatware. I've put the word into quotes. I just think that is not a popular and imho it's not security related. It's convenient only.
Title: Re: Technical
Post by: Asyn on April 16, 2017, 10:18:03 AM
Mysterious Microsoft patch killed 0days released by NSA-leaking Shadow Brokers
https://arstechnica.com/security/2017/04/purported-shadow-brokers-0days-were-in-fact-killed-by-mysterious-patch/
https://blogs.technet.microsoft.com/msrc/2017/04/14/protecting-customers-and-evaluating-risk/
Title: Re: Technical
Post by: Asyn on April 18, 2017, 09:46:47 AM
Chrome and Firefox Phishing Attack Uses Domains Identical to Known Safe Sites
https://www.wordfence.com/blog/2017/04/chrome-firefox-unicode-phishing/
https://www.xudongz.com/blog/2017/idn-phishing/
https://www.reddit.com/r/netsec/comments/65csdk/phishing_with_unicode_domains/
Title: Re: Technical
Post by: Asyn on April 19, 2017, 08:31:58 AM
Statement concerning the arrest of Dmitry Bogatov
https://www.debian.org/News/2017/20170417

Statement regarding Dmitry Bogatov
https://blog.torproject.org/blog/statement-regarding-dmitry-bogatov
Title: Re: Technical
Post by: Asyn on April 20, 2017, 12:24:06 PM
No password, phone sign in for Microsoft accounts!
https://blogs.technet.microsoft.com/enterprisemobility/2017/04/18/no-password-phone-sign-in-for-microsoft-accounts/
Title: Re: Technical
Post by: Asyn on April 22, 2017, 04:14:32 PM
Abusing NVIDIA's node.js to bypass application whitelisting
http://blog.sec-consult.com/2017/04/application-whitelisting-application.html
Title: Re: Technical
Post by: Asyn on April 23, 2017, 10:50:01 AM
Android Spyware SMSVova posing as system update on Play Store
https://www.zscaler.com/blogs/research/android-spyware-smsvova-posing-system-update-play-store
Title: Re: Technical
Post by: Asyn on April 25, 2017, 08:29:25 AM
Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique
https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
http://blog.binaryedge.io/2017/04/21/doublepulsar/
https://arstechnica.com/security/2017/04/10000-windows-computers-may-be-infected-by-advanced-nsa-backdoor/
https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
Title: Re: Technical
Post by: Asyn on April 26, 2017, 12:39:21 PM
Analyzing the DOUBLEPULSAR Kernel DLL Injection Technique
https://countercept.com/our-thinking/analyzing-the-doublepulsar-kernel-dll-injection-technique/
http://blog.binaryedge.io/2017/04/21/doublepulsar/
https://arstechnica.com/security/2017/04/10000-windows-computers-may-be-infected-by-advanced-nsa-backdoor/
https://www.theregister.co.uk/2017/04/21/windows_hacked_nsa_shadow_brokers/
NSA backdoor detected on >55,000 Windows boxes can now be remotely removed
https://arstechnica.com/security/2017/04/nsa-backdoor-detected-on-55000-windows-boxes-can-now-be-remotely-removed/
https://github.com/countercept/doublepulsar-detection-script
Title: Re: Technical
Post by: Asyn on April 28, 2017, 10:18:25 AM
New update options for Windows 10, version 1703
https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/
Title: Re: Technical
Post by: DavidR on April 28, 2017, 11:46:45 AM
New update options for Windows 10, version 1703
https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/

I can't recall where I read it, but aren't you required to make changes to your privacy settings before installing the Creators Update ?

I can't see why it would be necessary to change privacy settings to receive updates.
Title: Re: Technical
Post by: bob3160 on April 28, 2017, 03:47:43 PM
New update options for Windows 10, version 1703
https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/ (https://blogs.technet.microsoft.com/windowsitpro/2017/04/24/new-update-options-for-windows-10-1703/)

I can't recall where I read it, but aren't you required to make changes to your privacy settings before installing the Creators Update ?

I can't see why it would be necessary to change privacy settings to receive updates.
No. What you probably read was that this version has more settings under privacy than prior versions.
(It still doesn't change the fact that there is no privacy.....)
Title: Re: Technical
Post by: Asyn on April 29, 2017, 08:55:53 AM
OSX Malware is Catching Up, and it wants to Read Your HTTPS Traffic
http://blog.checkpoint.com/2017/04/27/osx-malware-catching-wants-read-https-traffic/
Title: Re: Technical
Post by: Asyn on April 30, 2017, 11:22:32 AM
Verizon’s 2017 Data Breach Investigations Report
http://www.verizonenterprise.com/verizon-insights-lab/dbir/2017/
http://www.verizonenterprise.com/resources/reports/rp_DBIR_2017_Report_execsummary_en_xg.pdf
Title: Re: Technical
Post by: Asyn on May 02, 2017, 11:34:19 AM
Remote security exploit in all 2008+ Intel platforms
https://semiaccurate.com/2017/05/01/remote-security-exploit-2008-intel-platforms/
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00075&languageid=en-fr

PS: Thanks to Dwarden for the links..!!
Title: Re: Technical
Post by: Asyn on May 06, 2017, 09:24:02 PM
Privacy Threats through Ultrasonic Side Channels on Mobile Devices
http://christian.wressnegger.info/content/projects/sidechannels/2017-eurosp.pdf
Title: Re: Technical
Post by: Asyn on May 09, 2017, 11:14:33 AM
Why the Next 10 Days Are Critical to the Internet’s Future
Net neutrality is in jeopardy again. We need another grassroots movement
https://blog.mozilla.org/blog/2017/05/08/next-10-days-critical-internets-future/
https://advocacy.mozilla.org/en-US/net-neutrality
Title: Re: Technical
Post by: Asyn on May 09, 2017, 11:43:36 AM
MsMpEng: Remotely Exploitable Type Confusion in Windows 8, 8.1, 10, Windows Server, SCEP, Microsoft Security Essentials, and more.
https://bugs.chromium.org/p/project-zero/issues/detail?id=1252
https://technet.microsoft.com/library/security/4022344.aspx
Title: Re: Technical
Post by: Asyn on May 11, 2017, 11:57:41 AM
Keylogger in Hewlett-Packard Audio Driver
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
Title: Re: Technical
Post by: Asyn on May 12, 2017, 08:38:09 AM
Multiple Vulnerabilities in ASUS Routers
https://wwws.nightwatchcybersecurity.com/2017/05/09/multiple-vulnerabilities-in-asus-routers/
Title: Re: Technical
Post by: Asyn on May 13, 2017, 06:04:45 AM
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Title: Re: Technical
Post by: Asyn on May 13, 2017, 04:30:15 PM
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
Title: Re: Technical
Post by: Asyn on May 14, 2017, 10:05:17 AM
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
Title: Re: Technical
Post by: DavidR on May 14, 2017, 10:17:07 AM
<snip quotes>
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html

A very interesting article.
Title: Re: Technical
Post by: Asyn on May 15, 2017, 10:33:06 AM
Deprecation of SHA-1 for SSL/TLS Certificates in Microsoft Edge and Internet Explorer 11
https://technet.microsoft.com/en-us/library/security/4010323
Title: Re: Technical
Post by: Asyn on May 16, 2017, 06:45:37 AM
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
Title: Re: Technical
Post by: Asyn on May 17, 2017, 06:15:23 AM
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
WannaCry update: The worst ransomware outbreak in history
https://blog.avast.com/wannacry-update-the-worst-ransomware-outbreak-in-history
Title: Re: Technical
Post by: Asyn on May 18, 2017, 08:01:03 AM
Keylogger in Hewlett-Packard Audio Driver
https://www.modzero.ch/modlog/archives/2017/05/11/en_keylogger_in_hewlett-packard_audio_driver/index.html
https://www.modzero.ch/advisories/MZ-17-01-Conexant-Keylogger.txt
HPSBGN03558 rev.7 - Conexant HD Audio Driver Local Debug Log
https://support.hp.com/us-en/document/c05519670
Title: Re: Technical
Post by: Asyn on May 19, 2017, 07:19:37 AM
Meet Adylkuzz: cryptocurrency mining malware spreading using the same exploit as WannaCry
https://blog.avast.com/meet-adylkuzz-cryptocurrency-mining-malware-spreading-using-the-same-exploit-as-wannacry
Title: Re: Technical
Post by: Eddy on May 19, 2017, 07:43:40 AM
Researcher is able to decrypt the files under XP :
http://mashable.com/2017/05/18/wannacry-wannakey-decrypted-ransomware/?utm_campaign=Mash-Prod-RSS-Feedburner-All-Partial&utm_cid=Mash-Prod-RSS-Feedburner-All-Partial#KMqYt0c_SmqB

https://github.com/aguinet/wannakey
Title: Re: Technical
Post by: Asyn on May 20, 2017, 09:17:11 AM
Stealing Windows Credentials Using Google Chrome
http://defensecode.com/news_article.php?id=21
Title: Re: Technical
Post by: Asyn on May 21, 2017, 10:28:23 AM
Ransomware that infected Telefonica and NHS hospitals is spreading aggressively, with over 50,000 attacks so far, today
https://blog.avast.com/ransomware-that-infected-telefonica-and-nhs-hospitals-is-spreading-aggressively-with-over-50000-attacks-so-far-today
Customer Guidance for WannaCrypt attacks
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/
How to Accidentally Stop a Global Cyber Attacks
https://www.malwaretech.com/2017/05/how-to-accidentally-stop-a-global-cyber-attacks.html
The need for urgent collective action to keep people safe online: Lessons from last week’s cyberattack
https://blogs.microsoft.com/on-the-issues/2017/05/14/need-urgent-collective-action-keep-people-safe-online-lessons-last-weeks-cyberattack/
WannaCry update: The worst ransomware outbreak in history
https://blog.avast.com/wannacry-update-the-worst-ransomware-outbreak-in-history
Avast Wi-Fi Inspector can tell you if your PC is vulnerable to WannaCry
https://blog.avast.com/avast-wi-fi-inspector-can-tell-you-if-your-pc-is-vulnerable-to-wannacry
https://help.avast.com/en/av_free/17/hns/hns-doublepulsar-infection.html
Title: Re: Technical
Post by: Asyn on May 21, 2017, 02:19:49 PM
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two
https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/
Title: Re: Technical
Post by: DavidR on May 21, 2017, 03:44:40 PM
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two
https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/

Don't you just love the so called security services, that leave the rest of the worlds computer users at risk of their so called security tools.
Title: Re: Technical
Post by: Asyn on May 23, 2017, 11:35:52 AM
New SMB Worm Uses Seven NSA Hacking Tools. WannaCry Used Just Two
https://www.bleepingcomputer.com/news/security/new-smb-worm-uses-seven-nsa-hacking-tools-wannacry-used-just-two/
Don't you just love the so called security services, that leave the rest of the worlds computer users at risk of their so called security tools.
NSA officials worried about the day its potent hacking tool would get loose. Then it did.
https://www.washingtonpost.com/business/technology/nsa-officials-worried-about-the-day-its-potent-hacking-tool-would-get-loose-then-it-did/2017/05/16/50670b16-3978-11e7-a058-ddbb23c75d82_story.html
Title: Re: Technical
Post by: Asyn on May 24, 2017, 07:25:57 AM
*bleed continues: 18 byte file, $14k bounty, for leaking private Yahoo! Mail images
https://scarybeastsecurity.blogspot.com/2017/05/bleed-continues-18-byte-file-14k-bounty.html
Title: Re: Technical
Post by: Asyn on May 26, 2017, 08:01:16 AM
Porting Windows Dynamic Link Libraries to Linux
https://github.com/taviso/loadlibrary
Title: Re: Technical
Post by: Asyn on May 27, 2017, 09:29:31 AM
Cloak & Dagger
http://cloak-and-dagger.org/
http://cs.ucsb.edu/~yanick/publications/2017_oakland_cloakanddagger.pdf
Title: Re: Technical
Post by: Asyn on May 30, 2017, 06:06:27 AM
Avast releases decryptor tool for AES_NI ransomware
https://blog.avast.com/avast-releases-decryptor-tool-for-aes_ni-ransomware
Title: Re: Technical
Post by: mchain on May 30, 2017, 10:27:36 PM
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted:  Apparently only affects commercial systems.
Title: Re: Technical
Post by: Asyn on May 31, 2017, 07:03:30 AM
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted:  Apparently only affects commercial systems.
Also see Reply #1744. Cheers.
Title: Re: Technical
Post by: Be Secure on May 31, 2017, 05:53:10 PM
Avast releases decryption tool for XData ransomware
https://blog.avast.com/avast-releases-decryption-tool-for-xdata-ransomware
Title: Re: Technical
Post by: Lotan on May 31, 2017, 07:50:58 PM
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted:  Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
Title: Re: Technical
Post by: mchain on May 31, 2017, 08:12:23 PM
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted:  Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf (https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf)
More information  from Intel:
https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/ (https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/)
Both links gotten from original link posted above.  If you've already read these then not aware of new news and I'd suggest contacting Intel directly.  Running the tool Intel provides should help.
Title: Re: Technical
Post by: Lotan on May 31, 2017, 10:24:27 PM
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted:  Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf (https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf)
More information  from Intel:
https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/ (https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/)
Both links gotten from original link posted above.  If you've already read these then not aware of new news and I'd suggest contacting Intel directly.  Running the tool Intel provides should help.
ok so is there a patch or something to fix the issues?
Title: Re: Technical
Post by: mchain on June 01, 2017, 01:31:09 AM
Intel chip flaw allows hackers to hijack thousands of PCs
http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/ (http://www.telegraph.co.uk/technology/2017/05/08/intel-chip-flaw-allows-hackers-hijack-thousands-pcs/)
Dated May 8th, somehow not noted:  Apparently only affects commercial systems.
any info what proccessors are at risk? and is there a solution without buying a new CPU?
https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf (https://www.embedi.com/files/white-papers/Silent-Bob-is-Silent.pdf)
More information  from Intel:
https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/ (https://newsroom.intel.com/news/important-security-information-intel-manageability-firmware/)
Both links gotten from original link posted above.  If you've already read these then not aware of new news and I'd suggest contacting Intel directly.  Running the tool Intel provides should help.
ok so is there a patch or something to fix the issues?
I've actually run the Intel tool and it found system as 'Unknown' and stated the vulnerable software was not running. so there was nothing to be done further. 

Intel should be able to point you to a patch or fix if you need it, but must run the tool to find out first.
Title: Re: Technical
Post by: Pondus on June 01, 2017, 04:47:42 PM
Introducing the Intel Compute Card
https://www.youtube.com/watch?v=Wv8ETAA1_6Y&feature=youtu.be

Title: Re: Technical
Post by: Pondus on June 01, 2017, 04:50:10 PM
Microsoft’s Looking to Reboot Mobile with New Software and Hardware
https://www.thurrott.com/mobile/117153/microsofts-looking-reboot-mobile-new-software-hardware


Canceled Microsoft Lumia 960 flagship smartphone makes appearance
http://www.phonearena.com/news/Canceled-Microsoft-Lumia-960-flagship-smartphone-makes-appearance_id94644


Title: Re: Technical
Post by: Asyn on June 02, 2017, 06:21:26 AM
Tainted Leaks: Disinformation and Phishing With a Russian Nexus
https://citizenlab.org/2017/05/tainted-leaks-disinformation-phish/
Title: Re: Technical
Post by: Asyn on June 03, 2017, 08:59:51 AM
Pandemic
https://wikileaks.org/vault7/releases/#Pandemic
Title: Re: Technical
Post by: Asyn on June 04, 2017, 10:58:32 AM
WannaCry: Two Weeks and 16 Million Averted Ransoms Later
https://blog.kryptoslogic.com/malware/2017/05/29/two-weeks-later.html
Title: Re: Technical
Post by: Pondus on June 04, 2017, 12:00:25 PM
Microsoft Office bug nags you with a pop-up every hour
https://www.engadget.com/2017/05/30/microsoft-office-pop-up-bug/


Title: Re: Technical
Post by: Asyn on June 05, 2017, 08:46:00 AM
FIREBALL – The Chinese Malware of 250 Million Computers Infected
http://blog.checkpoint.com/2017/06/01/fireball-chinese-malware-250-million-infection/
Title: Re: Technical
Post by: Asyn on June 06, 2017, 09:23:39 AM
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
Title: Re: Technical
Post by: DavidR on June 06, 2017, 09:59:03 AM
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/

Top Secret eh, so top secret it has been leaked ???
Perhaps N 'Security' A doesn't mean secret.
Title: Re: Technical
Post by: Asyn on June 06, 2017, 11:38:41 AM
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
Top Secret eh, so top secret it has been leaked ???
Perhaps N 'Security' A doesn't mean secret.
How The Intercept Outed Reality Winner
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html
Title: Re: Technical
Post by: DavidR on June 06, 2017, 11:51:59 AM
Top-Secret NSA Report Details Russian Hacking Effort Days Before 2016 Election
https://theintercept.com/2017/06/05/top-secret-nsa-report-details-russian-hacking-effort-days-before-2016-election/
Top Secret eh, so top secret it has been leaked ???
Perhaps N 'Security' A doesn't mean secret.
How The Intercept Outed Reality Winner
http://blog.erratasec.com/2017/06/how-intercept-outed-reality-winner.html

Ha, Ha, dumb and dumber.
That ink dots identity/tagging process has been around for absolutely years, so much so it would appear that people have forgotten or weren't computer users when it first surfaced. It used to only be on high end Laser Printers.
Title: Re: Technical
Post by: Asyn on June 06, 2017, 12:25:37 PM
That ink dots identity/tagging process has been around for absolutely years, so much so it would appear that people have forgotten or weren't computer users when it first surfaced. It used to only be on high end Laser Printers.
Yep, for the interested ones: https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots
Title: Re: Technical
Post by: DavidR on June 06, 2017, 12:50:44 PM
That ink dots identity/tagging process has been around for absolutely years, so much so it would appear that people have forgotten or weren't computer users when it first surfaced. It used to only be on high end Laser Printers.
Yep, for the interested ones: https://www.eff.org/pages/list-printers-which-do-or-do-not-display-tracking-dots

Certainly an interesting read, with virtually all colour laserjet printers printing them. Even better only two notable companies not printing them, OkiData and Samsung. I had been looking at getting a laser printer some time ago when they were pretty expensive and I was looking at the Oki laser printers as they were competitively priced. At that time I wasn't aware that they didn't print the tagging/tracking dots.
Title: Re: Technical
Post by: Asyn on June 07, 2017, 06:25:22 AM
WannaCry mistakes that can help you restore files after infection
https://securelist.com/78609/wannacry-mistakes-that-can-help-you-restore-files-after-infection/
Title: Re: Technical
Post by: Asyn on June 08, 2017, 06:53:49 AM
WannaCry WannaBe targeting Android smartphones
https://blog.avast.com/wannacry-wannabe-targeting-android-smartphones
Title: Re: Technical
Post by: Asyn on June 08, 2017, 11:23:26 AM
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft
https://blog.kaspersky.com/microsoft-european-trial/16976/
Title: Re: Technical
Post by: bob3160 on June 08, 2017, 03:12:21 PM
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft (https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft)
https://blog.kaspersky.com/microsoft-european-trial/16976/ (https://blog.kaspersky.com/microsoft-european-trial/16976/)
I'm sure all other AV companies are hoping Kaspersky Labs wins this suit. :)
Title: Re: Technical
Post by: Asyn on June 09, 2017, 07:52:23 AM
Turla’s watering hole campaign: An updated Firefox extension abusing Instagram
https://www.welivesecurity.com/2017/06/06/turlas-watering-hole-campaign-updated-firefox-extension-abusing-instagram/
Title: Re: Technical
Post by: Asyn on June 10, 2017, 06:08:47 AM
Dvmap: the first Android malware with code injection
https://securelist.com/78648/dvmap-the-first-android-malware-with-code-injection/
Title: Re: Technical
Post by: Asyn on June 10, 2017, 06:56:36 PM
Of Cameras & Compromise: How IoT Could Dull Your Competitive Edge
https://business.f-secure.com/foscam_cameras_and_compromise
https://img.en25.com/Web/FSecure/%7B43df9e0d-20a8-404a-86d0-70dcca00b6e5%7D_vulnerabilities-in-foscam-IP-cameras_report.pdf
Title: Re: Technical
Post by: Asyn on June 11, 2017, 11:36:02 AM
PLATINUM continues to evolve, find ways to maintain invisibility
https://blogs.technet.microsoft.com/mmpc/2017/06/07/platinum-continues-to-evolve-find-ways-to-maintain-invisibility/
Title: Re: Technical
Post by: Asyn on June 12, 2017, 08:46:07 AM
CertLock Trojan Blocks Security Programs by Disallowing Their Certificates
https://www.bleepingcomputer.com/news/security/certlock-trojan-blocks-security-programs-by-disallowing-their-certificates/
Title: Re: Technical
Post by: Asyn on June 13, 2017, 11:20:22 AM
SambaCry is coming
https://securelist.com/sambacry-is-coming/78674/
Title: Re: Technical
Post by: mchain on June 13, 2017, 07:28:06 PM
Microsoft Security Update Summary  (Replaces old Microsoft Security Updates):  https://technet.microsoft.com/en-us/security/bulletins.aspx (https://technet.microsoft.com/en-us/security/bulletins.aspx)
https://portal.msrc.microsoft.com/en-us/security-guidance/summary (https://portal.msrc.microsoft.com/en-us/security-guidance/summary)
Title: Re: Technical
Post by: Asyn on June 14, 2017, 08:58:45 AM
Microsoft Security Update Summary  (Replaces old Microsoft Security Updates):  https://technet.microsoft.com/en-us/security/bulletins.aspx (https://technet.microsoft.com/en-us/security/bulletins.aspx)
https://portal.msrc.microsoft.com/en-us/security-guidance/summary (https://portal.msrc.microsoft.com/en-us/security-guidance/summary)
June 2017 security update release
Microsoft releases additional updates for older platforms to protect against potential nation-state activity

https://blogs.technet.microsoft.com/msrc/2017/06/13/june-2017-security-update-release/
Title: Re: Technical
Post by: Asyn on June 15, 2017, 09:20:48 AM
Avast releases free decryption tool for EncrypTile ransomware
https://blog.avast.com/avast-releases-free-decryption-tool-for-encryptile-ransomware
Title: Re: Technical
Post by: Asyn on June 16, 2017, 07:31:54 AM
How AI outsmarts cybercriminals
https://blog.avast.com/how-ai-works-outsmart-cybercriminals-online-security-best-malware-protection
https://www.avast.com/nextgen
Title: Re: Technical
Post by: Asyn on June 17, 2017, 08:29:02 AM
Cherry Blossom
https://wikileaks.org/vault7/releases/#Cherry%20Blossom
Title: Re: Technical
Post by: Asyn on June 20, 2017, 08:04:10 AM
Decrypted: Kaspersky Releases Decryptor for the Jaff Ransomware
https://www.bleepingcomputer.com/news/security/decrypted-kaspersky-releases-decryptor-for-the-jaff-ransomware/
Title: Re: Technical
Post by: Asyn on June 20, 2017, 03:12:35 PM
The Stack Clash
https://blog.qualys.com/securitylabs/2017/06/19/the-stack-clash
https://www.qualys.com/2017/06/19/stack-clash/stack-clash.txt
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=1be7107fbe18eed3e319a6c3e83c78254b693acb
Title: Re: Technical
Post by: Asyn on June 22, 2017, 11:02:18 AM
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft (https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft)
https://blog.kaspersky.com/microsoft-european-trial/16976/ (https://blog.kaspersky.com/microsoft-european-trial/16976/)
I'm sure all other AV companies are hoping Kaspersky Labs wins this suit. :)
Microsoft admits it disables anti-virus software in response to Kaspersky's EU complaint
https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response
https://blogs.technet.microsoft.com/mmpc/2017/06/20/partnering-with-the-av-ecosystem-to-protect-our-windows-10-customers/
Title: Re: Technical
Post by: bob3160 on June 22, 2017, 03:31:28 PM
Kaspersky Lab Files Claim with European Regulators Seeking Antitrust Investigation of Microsoft
https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft (https://www.kaspersky.com/about/press-releases/2017_kaspersky-lab-files-claim-with-european-regulators-seeking-antitrust-investigation-of-microsoft)
https://blog.kaspersky.com/microsoft-european-trial/16976/ (https://blog.kaspersky.com/microsoft-european-trial/16976/)
I'm sure all other AV companies are hoping Kaspersky Labs wins this suit. :)
Microsoft admits it disables anti-virus software in response to Kaspersky's EU complaint
https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response (https://www.theverge.com/2017/6/20/15836208/microsoft-kaspersky-eu-anti-virus-complaint-response)
https://blogs.technet.microsoft.com/mmpc/2017/06/20/partnering-with-the-av-ecosystem-to-protect-our-windows-10-customers/ (https://blogs.technet.microsoft.com/mmpc/2017/06/20/partnering-with-the-av-ecosystem-to-protect-our-windows-10-customers/)
After reading MS explanation, I think the wise move was to disable something not compatible.
It's certainly better than allowing the incompatibility and crashing the system.
(This also means that MS should be held accountable if they don't allow enough time to work out compatibility problems before pushing out their update.)

Title: Re: Technical
Post by: Asyn on June 23, 2017, 10:35:07 AM
The OpenVPN post-audit bug bonanza
https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/
Title: Re: Technical
Post by: Asyn on June 24, 2017, 10:41:00 AM
Player 1 Limps Back Into the Ring - Hello again, Locky!
http://blog.talosintelligence.com/2017/06/necurs-locky-campaign.html
Title: Re: Technical
Post by: Asyn on June 24, 2017, 04:47:49 PM
Microsoft says 'no known ransomware' runs on Windows 10 S -- so we tried to hack it
http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/
Title: Re: Technical
Post by: DavidR on June 24, 2017, 05:50:30 PM
Microsoft says 'no known ransomware' runs on Windows 10 S -- so we tried to hack it
http://www.zdnet.com/article/microsoft-no-known-ransomware-windows-we-tried-to-hack-it/

I think the magic words are no known ransomware, perhaps unknown ransomware runs on windows 10.
Title: Re: Technical
Post by: Asyn on June 25, 2017, 08:24:58 AM
Brutal Kangaroo
https://wikileaks.org/vault7/#Brutal%20Kangaroo
Title: Re: Technical
Post by: Asyn on June 26, 2017, 02:35:44 PM
GhostHook – Bypassing PatchGuard with Processor Trace Based Hooking
https://www.cyberark.com/threat-research-blog/ghosthook-bypassing-patchguard-processor-trace-based-hooking/
Title: Re: Technical
Post by: Asyn on June 29, 2017, 02:34:54 PM
Microsoft Security Advisory 4033453
Vulnerability in Azure AD Connect Could Allow Elevation of Privilege
https://technet.microsoft.com/library/security/4033453.aspx
Title: Re: I NEED HELP WITH AVAST VPN LINE ASAP PLEASE!!
Post by: REDACTED on June 29, 2017, 03:25:13 PM
 :( help I downloaded avast VPN line on another phone and don't have that phone anymore and had bought the yearly subscription and I cannot figure out how to get my avast VPN line account on my new phone working...it says the subscription is compatible with up to 5 devices. Please someone help me retrieve this so I'm not out the money and have to pay again. I do love this app.
Title: Re: I NEED HELP WITH AVAST VPN LINE ASAP PLEASE!!
Post by: Asyn on June 29, 2017, 03:53:44 PM
:( help I downloaded avast VPN line on another phone and don't have that phone anymore and had bought the yearly subscription and I cannot figure out how to get my avast VPN line account on my new phone working...it says the subscription is compatible with up to 5 devices. Please someone help me retrieve this so I'm not out the money and have to pay again. I do love this app.
-> https://forum.avast.com/index.php?board=80.0
Title: Re: Technical
Post by: Asyn on June 30, 2017, 09:24:56 AM
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/
Title: Re: Technical
Post by: bob3160 on June 30, 2017, 02:51:28 PM
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b (https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b)
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/ (https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/)
This should actually be labeled as "targeted cyber war"
Title: Re: Technical
Post by: Asyn on July 01, 2017, 08:47:43 AM
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b (https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b)
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/ (https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/)
This should actually be labeled as "targeted cyber war"
Things we have learned about Petna, the Petya-based malware
https://blog.avast.com/things-we-have-learned-about-petna-the-petya-based-malware

(https://blog.avast.com/hs-fs/hubfs/petna_map_June_30.png?t=1498844320267&width=680&height=417)
Title: Re: Technical
Post by: Lisandro on July 04, 2017, 08:45:26 PM
Petya.2017 is a wiper not a ransomware
https://blog.comae.io/petya-2017-is-a-wiper-not-a-ransomware-9ea1d8961d3b
https://securelist.com/expetrpetyanotpetya-is-a-wiper-not-ransomware/78902/
No, not really. People jump to conclusions. I won`t judge the motivations (PR?).
https://blog.avast.com/things-we-have-learned-about-petna-the-petya-based-malware
Title: Re: Technical
Post by: Asyn on July 05, 2017, 09:39:50 AM
Sliding right into disaster: Left-to-right sliding windows leak
https://eprint.iacr.org/2017/627
https://eprint.iacr.org/2017/627.pdf
Title: Re: Technical
Post by: Asyn on July 08, 2017, 03:34:58 PM
Wildcard Certificates Coming January 2018
https://letsencrypt.org/2017/07/06/wildcard-certificates-coming-jan-2018.html
Title: Re: Technical
Post by: ehmen on July 09, 2017, 07:46:57 PM
EU Prepares "Right to Repair" Legislation to Fight Short Product Lifespans
https://www.bleepingcomputer.com/news/government/eu-prepares-right-to-repair-legislation-to-fight-short-product-lifespans/
Title: Re: Technical
Post by: DavidR on July 09, 2017, 08:10:31 PM
EU Prepares "Right to Repair" Legislation to Fight Short Product Lifespans
https://www.bleepingcomputer.com/news/government/eu-prepares-right-to-repair-legislation-to-fight-short-product-lifespans/

This area is one I really want to be sorted A.S.P.

Quote from: xtract from article
For example, many devices today come with built-in LEDs that once they go out they cannot be replaced, or with soldered-in batteries that once they degrade, the user is forced to buy a new product altogether, or keep the device always plugged in.

For all of my old mobile phones, even before they became smart phones, they all had removable batteries once I had a battery older than a year old I used to get a new battery and alternate them. With my first smart phone Samsung Galaxy Nexus, a great phone but I would generally have to charge it every night so batteries don't last particularly long, so replacement batteries were great. I had that smart phone for 4 years before it died.

Now my Google Nexus 6P has a hard wired battery, but it is quite large capacity and lasts well over a day before it needs charging. But I feel that before my contract ends I'm likely to need to replace the battery (sending it of for replacement.

This really is madness, just imagine if all of those bonfires with the Samsung Galaxy Note 7, this could have saved Samsung $billions, just by having a replacement battery. I was seriously considering this phablet until the bonfires started up.
Title: Re: Technical
Post by: Asyn on July 10, 2017, 09:36:00 AM
EU Prepares "Right to Repair" Legislation to Fight Short Product Lifespans
https://www.bleepingcomputer.com/news/government/eu-prepares-right-to-repair-legislation-to-fight-short-product-lifespans/
Great news, this is long overdue..!!

@Dave: Guess after the Brexit, the UK needs to do it on their own. :-\
Title: Re: Technical
Post by: Asyn on July 11, 2017, 07:46:09 AM
Author of Original Petya Ransomware Publishes Master Decryption Key
https://www.bleepingcomputer.com/news/security/author-of-original-petya-ransomware-publishes-master-decryption-key/
Title: Re: Technical
Post by: ehmen on July 11, 2017, 08:16:12 PM
Scientists Develop First Battery-Free Phone

https://www.bleepingcomputer.com/news/technology/scientists-develop-first-battery-free-phone/
Title: Re: Technical
Post by: DavidR on July 11, 2017, 08:25:41 PM
Scientists Develop First Battery-Free Phone

https://www.bleepingcomputer.com/news/technology/scientists-develop-first-battery-free-phone/

Still a very long time this actually makes it to manufacture in current smart phone as they will much more than this prototype can provide.
Title: Re: Technical
Post by: ehmen on July 11, 2017, 09:04:18 PM
Why Is the "Advanced Attributes" Button Sometimes Replaced By an "Archive" Checkbox?

https://www.howtogeek.com/315266/why-is-the-advanced-attributes-button-sometimes-replaced-by-an-archive-checkbox/

(https://www.howtogeek.com/wp-content/uploads/2017/07/advanced-button-sometimes-replaced-by-an-archive-checkbox-00.png)
Title: Re: Technical
Post by: Asyn on July 12, 2017, 11:47:07 AM
The July 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/7/11/the-july-2017-security-update-review
Title: Re: Technical
Post by: Pondus on July 12, 2017, 12:39:38 PM
The July 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/7/11/the-july-2017-security-update-review
http://blog.trendmicro.com/trendlabs-security-intelligence/july-patch-tuesday-addresses-critical-vulnerability-in-microsoft-hololens/

Title: Re: Technical
Post by: ehmen on July 13, 2017, 12:44:00 AM
Intel Sued for Allegedly Defective, Exploding Phones

https://www.extremetech.com/g00/mobile/250798-intel-sued-qbex-brazil-allegedly-defective-exploding-smartphones
Title: Re: Technical
Post by: Asyn on July 13, 2017, 10:53:13 AM
Cybercrime tactics and techniques Q2 2017
https://www.malwarebytes.com/pdf/white-papers/CybercrimeTacticsAndTechniques-Q2-2017.pdf
Title: Re: Technical
Post by: Asyn on July 14, 2017, 11:52:30 PM
Scammer Uses Fake Tor Browser to Lure Victims to Supposed Dark Web Marketplace
https://www.bleepingcomputer.com/news/security/scammer-uses-fake-tor-browser-to-lure-victims-to-supposed-dark-web-marketplace/
Title: Re: Technical
Post by: mchain on July 15, 2017, 06:38:44 PM
Don’t get hooked by today’s phishing scams: What we can learn from the Gmail hack
https://blog.avast.com/dont-get-hooked-todays-phishing-scams-what-can-learn-from-gmail-hack (https://blog.avast.com/dont-get-hooked-todays-phishing-scams-what-can-learn-from-gmail-hack)
Title: Re: Technical
Post by: Asyn on July 16, 2017, 05:37:52 PM
Why Security Experts Are Pissed That ‘1Password’ Is Pushing Users to the Cloud
https://motherboard.vice.com/en_us/article/evdbdz/why-security-experts-are-pissed-that-1password-is-pushing-users-to-the-cloud
Title: Re: Technical
Post by: ehmen on July 16, 2017, 11:35:22 PM
How 5G Works

http://electronics.howstuffworks.com/5g.htm
Title: Re: Technical
Post by: REDACTED on July 17, 2017, 02:37:29 PM
Hey guys this app is really helpful but can i ask why this app does not autorun after restarting my phone. I try experimenting about your app by restarting my phone then messaging it with lock command but i only receive text message and it does not work even i use the in app command  . I need to open it first to apply its anti thief program . I worrying what if my phone got low battery then someone stole it. And i message it so if the thief open it , it will run the program ?
Title: Re: Technical
Post by: bob3160 on July 17, 2017, 09:01:13 PM
Hey guys this app is really helpful but can i ask why this app does not autorun after restarting my phone. I try experimenting about your app by restarting my phone then messaging it with lock command but i only receive text message and it does not work even i use the in app command  . I need to open it first to apply its anti thief program . I worrying what if my phone got low battery then someone stole it. And i message it so if the thief open it , it will run the program ?
Please start your own topic in the following section:
https://forum.avast.com/index.php?board=66.0


Title: Re: Technical
Post by: bob3160 on July 17, 2017, 09:03:03 PM
Spyware targets Iranian Android users by abusing messaging app Telegram’s Bot API


https://blog.avast.com/spyware-targets-iranian-android-users-by-abusing-messaging-app-telegram-bot-api
Title: Re: Technical
Post by: Asyn on July 18, 2017, 08:17:22 AM
Facebook users pwnd by phone with account recovery vulnerability
https://www.theregister.co.uk/2017/07/17/facebook_login_security/
https://medium.com/@jkmartindale/i-kinda-hacked-a-few-facebook-accounts-using-a-vulnerability-they-wont-fix-2f5669794f79
Title: Re: Technical
Post by: Asyn on July 20, 2017, 10:37:32 AM
Linux Users Urged to Update as a New Threat Exploits SambaCry
http://blog.trendmicro.com/trendlabs-security-intelligence/linux-users-urged-update-new-threat-exploits-sambacry/
Title: Re: Technical
Post by: Asyn on July 21, 2017, 03:47:06 PM
Devil's Ivy: Flaw in Widely Used Third-party Code Impacts Millions
http://blog.senr.io/blog/devils-ivy-flaw-in-widely-used-third-party-code-impacts-millions
http://blog.senr.io/devilsivy.html
Title: Re: Technical
Post by: Asyn on July 22, 2017, 06:23:26 PM
Putin’s Hackers Now Under Attack — From Microsoft
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network
Title: Re: Technical
Post by: DavidR on July 22, 2017, 06:51:34 PM
Putin’s Hackers Now Under Attack — From Microsoft
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network

You would think that letting this information leak out, is just asking for retaliatory action, best just to keep quiet and get on with it.
Title: Re: Technical
Post by: bob3160 on July 22, 2017, 10:09:02 PM
Putin’s Hackers Now Under Attack — From Microsoft
http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network (http://www.thedailybeast.com/microsoft-pushes-to-take-over-russian-spies-network)

You would think that letting this information leak out, is just asking for retaliatory action, best just to keep quiet and get on with it.
Maybe they should have watched this first ???
https://youtu.be/Dvj0v0W6yjk
Title: Re: Technical
Post by: Asyn on July 23, 2017, 01:54:21 PM
AlphaBay, the Largest Online 'Dark Market,' Shut Down
https://www.justice.gov/opa/pr/alphabay-largest-online-dark-market-shut-down

Underground Hansa Market taken over and shut down
https://www.politie.nl/en/news/2017/july/20/underground-hansa-market-taken-over-and-shut-down.html
Title: Re: Technical
Post by: Asyn on July 25, 2017, 01:20:05 PM
Remote Code Execution In Source Games
https://oneupsecurity.com/research/remote-code-execution-in-source-games
Title: Re: Technical
Post by: Pondus on July 26, 2017, 06:36:54 PM
Adobe will kill flash
https://blogs.adobe.com/conversations/2017/07/adobe-flash-update.html

https://www.theverge.com/2017/7/25/16026236/adobe-flash-end-of-support-2020

Title: Re: Technical
Post by: Asyn on July 27, 2017, 09:56:03 AM
Bye, bye Petya! Decryptor for old versions released.
https://blog.malwarebytes.com/malwarebytes-news/2017/07/bye-bye-petya-decryptor-old-versions-released/
Title: Re: Technical
Post by: Asyn on July 29, 2017, 09:22:46 PM
Microsoft Windows Bounty Program Terms
https://technet.microsoft.com/en-us/security/mt493440
Title: Re: Technical
Post by: Asyn on July 30, 2017, 11:46:11 AM
THE ADVENTURES OF AV AND THE LEAKY SANDBOX
https://www.blackhat.com/docs/us-17/thursday/us-17-Kotler-The-Adventures-Of-Av-And-The-Leaky-Sandbox-wp.pdf
https://github.com/SafeBreach-Labs/spacebin
Title: Re: Technical
Post by: Asyn on July 31, 2017, 12:04:21 PM
Dark web doesn't exist, says Tor's Dingledine. And folks use network for privacy, not crime
Cofounder brings us up to date on network status
https://www.theregister.co.uk/2017/07/29/tor_dark_web/
Title: Re: Technical
Post by: bob3160 on July 31, 2017, 06:27:32 PM
VPN's under attack. First China now Russia:
(http://screencast-o-matic.com/screenshots/u/Lh/1501518420467-76160.png)
https://www.pcmag.com/news/355286/president-putin-bans-vpns-in-russia?utm_source=email&utm_campaign=whatsnewnow&utm_medium=title (https://www.pcmag.com/news/355286/president-putin-bans-vpns-in-russia?utm_source=email&utm_campaign=whatsnewnow&utm_medium=title)
Title: Re: Technical
Post by: Asyn on August 01, 2017, 10:42:59 AM
We'll Pay You to #HackTor
https://blog.torproject.org/blog/we-will-pay-you-to-hack-tor-bug-bounty
https://hackerone.com/torproject
Title: Re: Technical
Post by: Asyn on August 02, 2017, 06:58:31 AM
Our Copyfish extension was stolen and adware-infested
https://a9t9.com/blog/chrome-extension-adware/
Title: Re: Technical
Post by: polonus on August 02, 2017, 10:29:16 AM
2013, 2014, 2015, 2016, 2017 NSA collects MS error reports!

https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html

polonus
Title: Re: Technical
Post by: Asyn on August 02, 2017, 11:04:52 AM
2013, 2014, 2015, 2016, 2017 NSA collects MS error reports!
https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html
Quite interesting, thanks for sharing it. :)
Title: Re: Technical
Post by: bob3160 on August 02, 2017, 04:20:30 PM
2013, 2014, 2015, 2016, 2017 NSA collects MS error reports!

https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html (https://www.schneier.com/blog/archives/2017/08/nsa_collects_ms.html)

polonus
I'm quite sure the NSA isn't alone in these collection for infection practices. :)
I'm also certain that this isn't only done for MS errors and vulnerabilities.
Title: Re: Technical
Post by: polonus on August 02, 2017, 10:08:15 PM
Hi bob3160,

MS should get their error reports from end-users full encrypted,
so neither NSA nor others, you may point out here, should get their hands on the data.

On to-day's Internet infrastructure, where trust more and more starts to become a rare thing from the past.
we can no longer do without full strength e2ee. Too many data-breaches and revelations to the contrary.

polonus
Title: Re: Technical
Post by: Asyn on August 03, 2017, 06:25:27 AM
Hacked in Translation – “Director’s Cut” – Full Technical Details
https://blog.checkpoint.com/2017/07/08/hacked-translation-directors-cut-full-technical-details/
Title: Re: Technical
Post by: polonus on August 03, 2017, 09:31:42 PM
A tool I would not advise to check: https://www.troyhunt.com/introducing-306-million-freely-downloadable-pwned-passwords/

Seems an excellent source for malcreants to create their own known pwned passwords library for log-in-scraping  ::) :o

polonus
Title: Re: Technical
Post by: bob3160 on August 03, 2017, 09:34:44 PM
So why post it and make it easier for the average user to find ???
Title: Re: Technical
Post by: bob3160 on August 03, 2017, 11:44:32 PM
(http://screencast-o-matic.com/screenshots/u/Lh/1501796532193-35683.png)
https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con
Title: Re: Technical
Post by: Asyn on August 04, 2017, 08:48:05 AM
A new era in mobile banking Trojans
Svpeng turns keylogger and steals everything through accessibility services
https://securelist.com/a-new-era-in-mobile-banking-trojans/79198/
Title: Re: Technical
Post by: bob3160 on August 04, 2017, 03:12:12 PM
(http://screencast-o-matic.com/screenshots/u/Lh/1501796532193-35683.png)
https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con (https://motherboard.vice.com/en_us/article/ywp8k5/researcher-who-stopped-wannacry-ransomware-detained-in-us-after-def-con)
The sub heading on this should have been:
Hero today, Gone0 tomorrow.
Title: Re: Technical
Post by: Asyn on August 04, 2017, 04:27:59 PM
The sub heading on this should have been: Hero today, Gone0 tomorrow.
Side note: In dubio pro reo. ;)
Title: Re: Technical
Post by: DavidR on August 04, 2017, 06:01:51 PM
The sub heading on this should have been: Hero today, Gone0 tomorrow.
Side note: In dubio pro reo. ;)

I pretty much agree 'doubt for the accused' or innocent until proven guilty. Having read the article and it would appear that in  the USA the left hand doesn't know what the right hand is doing. With either secrecy over who made the arrest or where he is even being held.

This guy by all accounts was also working (from home in the UK) for an American security firm.
Title: Re: Technical
Post by: Asyn on August 06, 2017, 08:17:16 AM
Announcing Snyk for Gradle, Scala and Python
https://snyk.io/blog/snyk-for-gradle-scala-python
Title: Re: Technical
Post by: Asyn on August 07, 2017, 07:07:14 AM
Cerber Ransomware Evolves Again, Now Steals From Bitcoin Wallets
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-ransomware-evolves-now-steals-bitcoin-wallets/
Title: Re: Technical
Post by: Asyn on August 09, 2017, 10:47:57 AM
The August 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/8/8/the-august-2017-security-update-review
Title: Re: Technical
Post by: Asyn on August 10, 2017, 08:38:51 AM
Privacy group accuses Hotspot Shield of snooping on web traffic
http://www.zdnet.com/article/privacy-group-accuses-hotspot-shield-of-snooping-on-web-traffic/
Title: Re: Technical
Post by: bob3160 on August 10, 2017, 12:33:21 PM
A reply from Microsoft on its continued commitment to work with the Security partners.
https://blogs.windows.com/windowsexperience/2017/08/09/evolving-windows-approach-av-thanks-partner-feedback/
Title: Re: Technical
Post by: DavidR on August 10, 2017, 03:30:22 PM
A reply from Microsoft on its continued commitment to work with the Security partners.
https://blogs.windows.com/windowsexperience/2017/08/09/evolving-windows-approach-av-thanks-partner-feedback/

That is certainly a step in the right direction, we have to wait to see how it will actually work out.
Title: Re: Technical
Post by: Asyn on August 11, 2017, 08:03:09 AM
Current state of malicious Powershell script blocking
https://www.mrg-effitas.com/current-state-of-malicious-powershell-script-blocking/

Note: A great result for Avast/AVG..!! 8)
Title: Re: Technical
Post by: Asyn on August 12, 2017, 07:06:27 AM
Microsoft to remove WoSign and StartCom certificates in Windows 10
https://blogs.technet.microsoft.com/mmpc/2017/08/08/microsoft-to-remove-wosign-and-startcom-certificates-in-windows-10/
Title: Re: Technical
Post by: Asyn on August 13, 2017, 10:29:38 AM
WTF is Mughthesec!? - poking on a piece of undetected adware
https://objective-see.com/blog/blog_0x20.html
Title: Re: Technical
Post by: Asyn on August 14, 2017, 06:43:33 AM
SonicSpy: Over a thousand spyware apps discovered, some in Google Play
https://blog.lookout.com/sonicspy-spyware-threat-technical-research
Title: Re: Technical
Post by: ehmen on August 15, 2017, 01:27:11 AM
Mozilla Will Kill Legacy Firefox Add-Ons in Exactly Three Months

https://www.bleepingcomputer.com/news/software/mozilla-will-kill-legacy-firefox-add-ons-in-exactly-three-months/
Title: Re: Technical
Post by: DavidR on August 15, 2017, 10:07:41 AM
Mozilla Will Kill Legacy Firefox Add-Ons in Exactly Three Months

https://www.bleepingcomputer.com/news/software/mozilla-will-kill-legacy-firefox-add-ons-in-exactly-three-months/

This is definitely going to be fun (NOT) for Firefox users. I don't know about 80% of existing add-ons not being compatible with the new WebExtensions API, only one of my add-ons is compatible with the new WebExtensions API.

I too can also see this as a potentially massive exit for many firefox users as the add-ons were a very big draw.  As we get closer to the date and Mozilla see if developers have converted to the new WebExtensions I wonder if this too will be pushed back. 

In the past when Mozilla insisted on signed add-ons and that deadline kept getting pushed back as progress from developers was poor.
Title: Re: Technical
Post by: Asyn on August 15, 2017, 10:22:20 AM
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.
Title: Re: Technical
Post by: DavidR on August 15, 2017, 11:08:34 AM
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.

Yes, but isn't a little earlier than that it also drops support for XP OS.

Looks like I will probably be dropping back to the ESR build on my other two systems until this mess is sorted out.
Title: Re: Technical
Post by: Asyn on August 15, 2017, 11:20:54 AM
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.
1. Yes, but isn't a little earlier than that it also drops support for XP OS.
2. Looks like I will probably be dropping back to the ESR build on my other two systems until this mess is sorted out.
1. Nope, the 52.x branch of FF ESR will still be supported for XP/Vista.
2. If so, consider: https://www.ghacks.net/2017/08/02/you-cannot-downgrade-firefox-55-profiles/
Title: Re: Technical
Post by: DavidR on August 15, 2017, 12:02:53 PM
Hi Dave, the good thing is, that with FF ESR we're good to go until July 2018.
1. Yes, but isn't a little earlier than that it also drops support for XP OS.
2. Looks like I will probably be dropping back to the ESR build on my other two systems until this mess is sorted out.
1. Nope, the 52.x branch of FF ESR will still be supported for XP/Vista.
2. If so, consider: https://www.ghacks.net/2017/08/02/you-cannot-downgrade-firefox-55-profiles/

2.  I'm assuming a clean install of the ESR version, not using an existing profile would work; I had seen this not using FF55 profile in earlier versions.
Title: Re: Technical
Post by: Asyn on August 15, 2017, 12:08:58 PM
I'm assuming a clean install of the ESR version, not using an existing profile would work; I had seen this not using FF55 profile in earlier versions.
Yep, should work. Cheers.
Title: Re: Technical
Post by: ehmen on August 15, 2017, 08:29:02 PM
Wonder if ESR is really getting everything (security wise).
https://www.komando.com/happening-now/413693/update-firefox-now-critical-security-flaws-leave-you-vulnerable-to-hacks
Title: Re: Technical
Post by: Asyn on August 16, 2017, 06:29:10 AM
Wonder if ESR is really getting everything (security wise).
Sure, see: https://www.mozilla.org/en-US/security/advisories/
Title: Re: Technical
Post by: Asyn on August 16, 2017, 01:18:54 PM
Plenty of Phishing
https://blog.avast.com/plenty-of-phishing
Title: Re: Technical
Post by: Asyn on August 17, 2017, 06:55:17 AM
unCaptcha: A Low-Resource Defeat of reCaptcha’s Audio Challenge
http://uncaptcha.cs.umd.edu/papers/uncaptcha_woot17.pdf
Title: Re: Technical
Post by: Asyn on August 18, 2017, 07:07:45 AM
Shattered Trust: When Replacement Smartphone Components Attack
https://www.usenix.org/system/files/conference/woot17/woot17-paper-shwartz.pdf
Title: Re: Technical
Post by: Asyn on August 18, 2017, 11:42:58 AM
Get Rich or Die Trying: A Case Study on the Real Identity behind a Wave of Cyber Attacks on Energy, Mining and Infrastructure Companies
https://blog.checkpoint.com/2017/08/15/get-rich-die-trying-case-study-real-identity-behind-wave-cyberattacks-energy-mining-infrastructure-companies/
Title: Re: Technical
Post by: Asyn on August 19, 2017, 08:15:18 AM
Busting Myths in Foxit Reader
https://www.thezdi.com/blog/2017/8/17/busting-myths-in-foxit-reader
Title: Re: Technical
Post by: Asyn on August 19, 2017, 04:56:28 PM
ShadowPad in corporate networks
https://securelist.com/shadowpad-in-corporate-networks/81432/
https://cdn.securelist.com/files/2017/08/ShadowPad_technical_description_PDF.pdf
Title: Re: Technical
Post by: Asyn on August 20, 2017, 10:47:37 AM
Ransomware Targeting WordPress – An Emerging Threat
https://www.wordfence.com/blog/2017/08/ransomware-wordpress/
Title: Re: Technical
Post by: Asyn on August 21, 2017, 10:22:54 AM
Veracode Survey Research Identifies Cybersecurity Skills Gap Causes and Cures
https://www.veracode.com/blog/security-news/veracode-survey-research-identifies-cybersecurity-skills-gap-causes-and-cures
Title: Re: Technical
Post by: Asyn on August 22, 2017, 06:07:26 AM
SyncCrypt Ransomware Hides Inside JPG Files, Appends .KK Extension
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/
Title: Re: Technical
Post by: bob3160 on August 22, 2017, 11:30:25 AM
SyncCrypt Ransomware Hides Inside JPG Files, Appends .KK Extension
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/ (https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/)
Have you reported this to Avast ???
Title: Re: Technical
Post by: Asyn on August 22, 2017, 11:42:46 AM
SyncCrypt Ransomware Hides Inside JPG Files, Appends .KK Extension
https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/ (https://www.bleepingcomputer.com/news/security/synccrypt-ransomware-hides-inside-jpg-files-appends-kk-extension/)
Have you reported this to Avast ???
Hi Bob, no, Avast/AVG already detects it, see: https://www.virustotal.com/#/file/877488d8f43548c6e3016abd33e2d593a44d450f1910084733b3f369cbdcae85/detection
Title: Re: Technical
Post by: bob3160 on August 22, 2017, 11:44:50 AM
Thanks, good to know. I asked since the article stated that only one AV detected it and it wasn't Avast.
Things change very quickly in this business. :)
Title: Re: Technical
Post by: Asyn on August 22, 2017, 11:46:09 AM
Thanks, good to know. I asked since the article stated that only one AV detected it and it wasn't Avast.
Things change very quickly in this business. :)
You're welcome. :)
Title: Re: Technical
Post by: Asyn on August 23, 2017, 08:14:29 AM
Microsoft Security Intelligence Report Volume 22 is now available
https://blogs.microsoft.com/microsoftsecure/2017/08/17/microsoft-security-intelligence-report-volume-22-is-now-available/
https://www.microsoft.com/en-us/security/intelligence-report
Title: Re: Technical
Post by: Asyn on August 24, 2017, 10:28:04 AM
Reverse Engineering x86 Processor Microcode
http://syssec.rub.de/media/emma/veroeffentlichungen/2017/08/16/usenix17-microcode.pdf
Title: Re: Technical
Post by: Asyn on August 25, 2017, 08:30:03 AM
New multi platform malware/adware spreading via Facebook Messenger
https://securelist.com/new-multi-platform-malwareadware-spreading-via-facebook-messenger/81590/
Title: Re: Technical
Post by: Asyn on August 26, 2017, 07:43:15 AM
Global Measurement of DNS Manipulation
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-pearce.pdf
Title: Re: Technical
Post by: Asyn on August 28, 2017, 09:23:56 AM
Igexin advertising network put user privacy at risk
https://blog.lookout.com/igexin-malicious-sdk
Title: Re: Technical
Post by: Asyn on August 29, 2017, 09:52:55 AM
Defray - New Ransomware Targeting Education and Healthcare Verticals
https://www.proofpoint.com/us/threat-insight/post/defray-new-ransomware-targeting-education-and-healthcare-verticals
Title: Re: Technical
Post by: Asyn on August 30, 2017, 07:03:58 AM
Disabling Intel ME 11 via undocumented mode
http://blog.ptsecurity.com/2017/08/disabling-intel-me.html
Title: Re: Technical
Post by: ehmen on August 31, 2017, 04:30:14 AM
Why The Internet Is About To Change For The Worse

http://www.cracked.com/blog/why-your-favorite-sites-are-suddenly-asking-money/
Title: Re: Technical
Post by: bob3160 on August 31, 2017, 12:40:32 PM
Why The Internet Is About To Change For The Worse

http://www.cracked.com/blog/why-your-favorite-sites-are-suddenly-asking-money/ (http://www.cracked.com/blog/why-your-favorite-sites-are-suddenly-asking-money/)
Now you know why Avast keeps pushing their upgrade requests. :)
Title: Re: Technical
Post by: Asyn on September 01, 2017, 09:30:25 AM
From Onliner Spambot to millions of email's lists and credentials
https://benkowlab.blogspot.com/2017/08/from-onliner-spambot-to-millions-of.html
Title: Re: Technical
Post by: Asyn on September 02, 2017, 08:55:16 PM
Malspam pushing Locky ransomware tries HoeflerText notifications for Chrome and FireFox
https://isc.sans.edu/diary/22776
Title: Re: Technical
Post by: Asyn on September 03, 2017, 11:05:20 AM
Documentation and Analysis of the Linux Random Number Generator (August 2017)
https://www.bsi.bund.de/SharedDocs/Downloads/DE/BSI/Publikationen/Studien/LinuxRNG/LinuxRNG_EN.pdf?__blob=publicationFile&v=5
Title: Re: Technical
Post by: Asyn on September 04, 2017, 12:14:45 PM
SPEAKE(a)R: Turn Speakers to Microphones for Fun and Profit
https://www.usenix.org/system/files/conference/woot17/woot17-paper-guri.pdf
Title: Re: Technical
Post by: Asyn on September 05, 2017, 11:21:59 AM
Game of Registrars: An Empirical Analysis of Post-Expiration Domain Name Takeovers
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-lauinger.pdf
Title: Re: Technical
Post by: Asyn on September 06, 2017, 12:46:51 PM
320 Million Hashes Exposed
http://cynosureprime.blogspot.com/2017/08/320-million-hashes-exposed.html
Title: Re: Technical
Post by: Asyn on September 07, 2017, 08:37:09 AM
Massive Wave of MongoDB Ransom Attacks Makes 26,000 New Victims
https://www.bleepingcomputer.com/news/security/massive-wave-of-mongodb-ransom-attacks-makes-26-000-new-victims/
Title: Re: Technical
Post by: Asyn on September 08, 2017, 09:07:06 AM
PlatPal: Detecting Malicious Documents with Platform Diversity
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-xu-meng.pdf
Title: Re: Technical
Post by: Asyn on September 09, 2017, 09:18:02 AM
BootStomp: On the Security of Bootloaders in Mobile Devices
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-redini.pdf
Title: Re: Technical
Post by: Asyn on September 10, 2017, 08:10:02 AM
Bug in Windows Kernel Could Prevent Security Software From Identifying Malware
https://www.bleepingcomputer.com/news/security/bug-in-windows-kernel-could-prevent-security-software-from-identifying-malware/
https://breakingmalware.com/documentation/windows-pssetloadimagenotifyroutine-callbacks-good-bad-unclear-part-1/
Title: Re: Technical
Post by: Asyn on September 12, 2017, 12:53:16 PM
CVE-2017-9805: Analysis of Apache Struts RCE Vulnerability in REST Plugin
https://www.imperva.com/blog/2017/09/cve-2017-9805-analysis-of-apache-struts-rce-vulnerability-in-rest-plugin/
Title: Re: Technical
Post by: Asyn on September 13, 2017, 08:01:20 AM
The September 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/9/12/the-september-2017-security-update-review
Title: Re: Technical
Post by: Asyn on September 14, 2017, 07:14:18 AM
Chrome’s Plan to Distrust Symantec Certificates
https://security.googleblog.com/2017/09/chromes-plan-to-distrust-symantec.html
Title: Re: Technical
Post by: Asyn on September 14, 2017, 11:00:36 AM
BlueBorne
The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
Title: Re: Technical
Post by: Asyn on September 15, 2017, 08:55:59 AM
FireEye Uncovers CVE-2017-8759: Zero-Day Used in the Wild to Distribute FINSPY
https://www.fireeye.com/blog/threat-research/2017/09/zero-day-used-to-distribute-finspy.html
Title: Re: Technical
Post by: Asyn on September 16, 2017, 07:23:13 AM
Display Widgets Plugin Includes Malicious Code to Publish Spam on WP Sites
https://www.wordfence.com/blog/2017/09/display-widgets-malware/
https://www.wordfence.com/blog/2017/09/man-behind-plugin-spam-mason-soiza/
Title: Re: Technical
Post by: Asyn on September 16, 2017, 06:12:33 PM
Ayuda! (Help!) Equifax Has My Data!
https://krebsonsecurity.com/2017/09/ayuda-help-equifax-has-my-data/
Title: Re: Technical
Post by: Asyn on September 17, 2017, 08:08:13 AM
Kromtech Discovers Massive ElasticSearch Infected Malware Botnet
https://mackeepersecurity.com/post/kromtech-discovers-massive-elasticsearch-infected-malware-botnet
Title: Re: Technical
Post by: Asyn on September 18, 2017, 11:36:56 AM
Cryptocurrency web mining: In union there is profit
https://www.welivesecurity.com/2017/09/14/cryptocurrency-web-mining-union-profit/
Title: Re: Technical
Post by: Asyn on September 19, 2017, 11:02:59 AM
Equifax Suffered a Hack Almost Five Months Earlier Than the Date It Disclosed
https://www.bloomberg.com/news/articles/2017-09-18/equifax-is-said-to-suffer-a-hack-earlier-than-the-date-disclosed
Title: Re: Technical
Post by: Asyn on September 20, 2017, 06:56:54 AM
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Title: Re: Technical
Post by: Asyn on September 21, 2017, 06:47:30 AM
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Title: Re: Technical
Post by: Asyn on September 21, 2017, 11:35:26 AM
High Sierra’s ‘Secure Kernel Extension Loading’ is Broken
https://www.synack.com/2017/09/08/high-sierras-secure-kernel-extension-loading-is-broken/
Title: Re: Technical
Post by: Asyn on September 22, 2017, 07:12:33 AM
New FinFisher surveillance campaigns: Are internet providers involved?
https://www.welivesecurity.com/2017/09/21/new-finfisher-surveillance-campaigns/
Title: Re: Technical
Post by: Asyn on September 22, 2017, 08:45:31 AM
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Title: Re: Technical
Post by: Asyn on September 23, 2017, 09:07:21 AM
iXintpwn/YJSNPI Abuses iOS’s Config Profile, can Crash Devices
http://blog.trendmicro.com/trendlabs-security-intelligence/ixintpwn-yjsnpi-abuses-ioss-config-profile-can-crash-devices/
Title: Re: Technical
Post by: polonus on September 23, 2017, 10:59:49 AM
Dear Asyn and others that follow this thread,

In the light of the recent attacks against CCleaner with redirection to controlled C2 servers by sophisticated state hackers, known as Group 72, we should also consider the following insights:

The recent actions againgst Asian C2 servers: https://tweakers.net/nieuws/123911/interpol-en-beveiligingsbedrijven-identificeren-8800-c2-servers-in-zuidoost-azie.html  (translate to English using Google translate).

Because of collision issues we can no longer profoundly trust MD5 or SHA1 hashes. NIST recently removed a weakened NSA-algorithm
and NSA has difficulty getting two new weakened  distrusted algoritms approved: http://www.reuters.com/article/us-cyber-standards-insight/distrustful-u-s-allies-force-spy-agency-to-back-down-in-encryption-fight-idUSKCN1BW0GV

But then after the Snowden reports, who can trust a "burglar that sells locks"?

Another issue: Dual EC DRBG is a "cryptographically secure pseudorandom number generator", something that generatess streeams of bits, that are quasi-random, and one cannot tell the difference with real randomness. As such a tool in that is not an encryption algorithm, but it should have a place inside the crytographer's toolchest. Well this one should be quarantained, as it does more wrong than it is worthless as such.

And despite of that RSA Security (the firm by that name*) has Dual EC DRBG installed as per default, while there are much better choices available. Is not that a coincidence? Why anyone should ever now believe NIT  anymore?

Wanna have a go at it: download LCPT_gcc.cc program from directory: wuala.com/FreemoveQuantumExchange/Aspects/Randomness/Theory/Berlekamp-Massey
source code is there as well.

When you start to test files s01.dat and s.02.dat using the LCPT_gcc.cc program, it appears complexity halts at 19937
and does not go further, which is the complexity of a Mersenne-Twister. Whenever using Mersenne
to be found inside mentioned directory generate pseudo-random files and test those you will find the compexity is 4*19937.
This is why per output (of 32bits) 4 bits are being sampled. In the same way one can test the output of the Microsoft PRNG,
see that same dir. One would find similar results.

Now we see why with CCleaner the 32-bit versions were compromised. We know the trick now that the l33t hacker(s) used.

Is it not kind of weird that security organizations and state agents wanna undermine everyone's security with this kind of nonsense/crap?

So you can create backdoors when you alone own the secret key. Sort of similar to a normal public key scheme.

polonus (volunteer website security analyst and website error-hunter).

P.S. It should be a concern that the Microsoft Windows certificate store (you find it inside the registry) identifies certifivcates 'uniquely" on basis of their SHA1 hash - collision can not be avoided under all circumstances. SHA1 is unsafe
Title: Re: Technical
Post by: bob3160 on September 23, 2017, 05:15:27 PM
(snip) SHA1 is unsafe
It's been unsafe for a very long time: https://blog.qualys.com/ssllabs/2014/09/09/sha1-deprecation-what-you-need-to-know
Title: Re: Technical
Post by: Asyn on September 24, 2017, 11:39:18 AM
Joomla! 3.7.5 - Takeover in 20 Seconds with LDAP Injection
https://blog.ripstech.com/2017/joomla-takeover-in-20-seconds-with-ldap-injection-cve-2017-14596/
Title: Re: Technical
Post by: Asyn on September 25, 2017, 09:58:23 AM
Optionsbleed - HTTP OPTIONS method can leak Apache's server memory
https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html
Title: Re: Technical
Post by: Asyn on September 25, 2017, 11:41:04 AM
Go spy, GO! Popular app with 200M+ users crosses the red line
https://blog.adguard.com/en/go-spy-go-popular-android-keyboard-from-china-crosses-the-red-line/
Title: Re: Technical
Post by: polonus on September 25, 2017, 01:00:44 PM
What a wrong update could have as a result, Dutch posters making posts in Swedish via MS Outlook: https://www.security.nl/posting/531515/Ansikte+id+p%C3%A5+din+smartphone+%C3%A4r+a%3A

Funny if the Microsoft Update Release Management was not that tragically wrong.  :o

polonus
Title: Re: Technical
Post by: Asyn on September 26, 2017, 06:55:23 AM
Ransomware or Wiper? RedBoot Encrypts Files but also Modifies Partition Table
https://www.bleepingcomputer.com/news/security/ransomware-or-wiper-redboot-encrypts-files-but-also-modifies-partition-table/
Title: Re: Technical
Post by: Asyn on September 27, 2017, 06:12:56 AM
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Additional information regarding the recent CCleaner APT security incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
Title: Re: Technical
Post by: Asyn on September 27, 2017, 08:54:04 AM
CLKSCREW: Exposing the Perils of Security-Oblivious Energy Management
https://www.usenix.org/system/files/conference/usenixsecurity17/sec17-tang.pdf
Title: Re: Technical
Post by: Asyn on September 28, 2017, 08:30:30 AM
ZNIU: First Android Malware to Exploit Dirty COW Vulnerability
http://blog.trendmicro.com/trendlabs-security-intelligence/zniu-first-android-malware-exploit-dirty-cow-vulnerability/
Title: Re: Technical
Post by: Asyn on September 29, 2017, 09:12:47 AM
Illusion Gap – Antivirus Bypass Part 1
https://www.cyberark.com/threat-research-blog/illusion-gap-antivirus-bypass-part-1/
Title: Re: Technical
Post by: Asyn on September 30, 2017, 10:49:48 AM
Broadening HSTS to secure more of the Web
https://security.googleblog.com/2017/09/broadening-hsts-to-secure-more-of-web.html
Title: Re: Technical
Post by: Asyn on October 02, 2017, 09:23:07 AM
PrivateBin
PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data
https://privatebin.info/
Title: Re: Technical
Post by: Asyn on October 03, 2017, 06:32:33 AM
Internet Explorer bug leaks whatever you type in the address bar
https://arstechnica.com/information-technology/2017/09/bug-in-fully-patched-internet-explorer-leaks-text-in-address-bar/
http://www.brokenbrowser.com/revealing-the-content-of-the-address-bar-ie/
Title: Re: Technical
Post by: Asyn on October 04, 2017, 09:17:26 AM
Fake Plugins, Fake Security
https://blog.sucuri.net/2017/09/fake-plugins-fake-security.html
Title: Re: Technical
Post by: Asyn on October 06, 2017, 06:58:00 AM
Morphisec Discovers CCleaner Backdoor Saving Millions of Avast Users
http://blog.morphisec.com/morphisec-discovers-ccleaner-backdoor
Progress on CCleaner Investigation
https://blog.avast.com/progress-on-ccleaner-investigation
http://blog.talosintelligence.com/2017/09/ccleaner-c2-concern.html
Avast Threat Labs analysis of CCleaner incident
https://blog.avast.com/avast-threat-labs-analysis-of-ccleaner-incident
Additional information regarding the recent CCleaner APT security incident
https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident
Inside the CCleaner Backdoor Attack
https://threatpost.com/inside-the-ccleaner-backdoor-attack/128283/
Title: Re: Technical
Post by: Asyn on October 08, 2017, 10:07:15 AM
Behind the Masq: Yet more DNS, and DHCP, vulnerabilities
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://github.com/google/security-research-pocs/tree/master/vulnerabilities/dnsmasq
Title: Re: Technical
Post by: Asyn on October 09, 2017, 06:56:37 AM
New macOS High Sierra vulnerability exposes the password of an encrypted APFS container
https://hackernoon.com/new-macos-high-sierra-vulnerability-exposes-the-password-of-an-encrypted-apfs-container-b4f2f5326e79
Title: Re: Technical
Post by: Asyn on October 11, 2017, 08:29:39 AM
The October 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/10/10/the-october-2017-security-update-review
Title: Re: Technical
Post by: Asyn on October 11, 2017, 11:12:17 AM
How Israel Caught Russian Hackers Scouring the World for U.S. Secrets
https://www.nytimes.com/2017/10/10/technology/kaspersky-lab-israel-russia-hacking.html
Title: Re: Technical
Post by: Asyn on October 12, 2017, 07:07:27 AM
System Shock: How A Cloud Leak Exposed Accenture's Business
https://www.upguard.com/breaches/cloud-leak-accenture
http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/
Title: Re: Technical
Post by: bob3160 on October 12, 2017, 06:05:32 PM
System Shock: How A Cloud Leak Exposed Accenture's Business
https://www.upguard.com/breaches/cloud-leak-accenture (https://www.upguard.com/breaches/cloud-leak-accenture)
http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/ (http://www.zdnet.com/article/accenture-left-a-huge-trove-of-client-passwords-on-exposed-servers/)
Downplaying a Hack only makes the company look more guilt once all the facts are released.
When will companies learn ??? The sooner you reveal the truth, the better off you'll be in the long run.

Title: Re: Technical
Post by: Asyn on October 14, 2017, 09:28:02 AM
Equifax website borked again, this time to redirect to fake Flash update
https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/
Title: Re: Technical
Post by: Asyn on October 15, 2017, 07:14:01 AM
Ladies and Gentlemen, prepare your CPU—web browser mining is coming
https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming
Title: Re: Technical
Post by: bob3160 on October 15, 2017, 01:51:14 PM
Ladies and Gentlemen, prepare your CPU—web browser mining is coming
https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming (https://blog.avast.com/ladies-and-gentlemen-prepare-your-cpu-web-browser-mining-is-coming)
It's actually only gotten more sophisticated. :)
Title: Re: Technical
Post by: Asyn on October 16, 2017, 06:00:51 AM
The Ransomware Economy
How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rate of More Than 2,500% Per Year
https://www.carbonblack.com/wp-content/uploads/2017/10/Carbon-Black-Ransomware-Economy-Report-101117.pdf
Title: Re: Technical
Post by: Asyn on October 17, 2017, 05:56:57 AM
DoubleLocker: Innovative Android Ransomware
https://www.welivesecurity.com/2017/10/13/doublelocker-innovative-android-malware/
Title: Re: Technical
Post by: Asyn on October 18, 2017, 08:28:41 AM
Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2
https://www.krackattacks.com/
https://papers.mathyvanhoef.com/ccs2017.pdf
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
Title: Re: Technical
Post by: Pondus on October 18, 2017, 08:36:18 AM
A cleaner, safer web with Chrome Cleanup
https://www.blog.google/products/chrome/cleaner-safer-web-chrome-cleanup/


Title: Re: Technical
Post by: Asyn on October 19, 2017, 08:37:20 AM
ROCA: Vulnerable RSA generation (CVE-2017-15361)
https://crocs.fi.muni.cz/public/papers/rsa_ccs17
https://keychest.net/roca
https://www.infineon.com/cms/en/product/promopages/tpm-update/?redirId=59160
https://www.infineon.com/cms/en/product/promopages/rsa-update/rsa-background
Title: Re: Technical
Post by: Asyn on October 20, 2017, 10:01:09 AM
State Of Software Security 2017
https://www.veracode.com/state-of-software-security-report
Title: Re: Technical
Post by: Asyn on October 21, 2017, 07:43:54 AM
Leaked: Facebook security boss says its corporate network is run "like a college campus"
http://www.zdnet.com/article/leaked-audio-facebook-security-boss-says-network-is-like-a-college-campus/
Title: Re: Technical
Post by: Asyn on October 23, 2017, 09:37:01 AM
A New IoT Botnet Storm is Coming
https://research.checkpoint.com/new-iot-botnet-storm-coming/
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
Title: Re: Technical
Post by: Asyn on October 25, 2017, 05:27:02 AM
LokiBot - the first hybrid Android malware
https://clientsidedetection.com/lokibot___the_first_hybrid_android_malware.html
Title: Re: Technical
Post by: Asyn on October 25, 2017, 05:56:03 PM
DUHK Attack Exposes Gaps in FIPS Certification
https://threatpost.com/duhk-attack-exposes-gaps-in-fips-certification/128582/
https://duhkattack.com/
https://duhkattack.com/paper.pdf
Title: Re: Technical
Post by: polonus on October 25, 2017, 11:54:11 PM
Unofficial patch against the DDE feature in MS Office:

https://0patch.blogspot.nl/2017/10/0patching-office-dde-ddeauto.html

As Microsoft will not come up with a patch soon, ACROS came up with this "micropatch"

polonus
Title: Re: Technical
Post by: Asyn on October 27, 2017, 06:59:37 AM
“Cyber Conflict” Decoy Document Used In Real Cyber Conflict
http://blog.talosintelligence.com/2017/10/cyber-conflict-decoy-document.html
Title: Re: Technical
Post by: REDACTED on October 27, 2017, 03:44:33 PM
A suspicious adblocker puts iOS users’ privacy at risk

https://blog.adguard.com/en/adblockprime_notsafe/
Title: Re: Technical
Post by: Asyn on October 31, 2017, 07:47:30 AM
Threat Spotlight: Follow the Bad Rabbit
http://blog.talosintelligence.com/2017/10/bad-rabbit.html
https://www.welivesecurity.com/2017/10/24/kiev-metro-hit-new-variant-infamous-diskcoder-ransomware/
https://securelist.com/bad-rabbit-ransomware/82851/
http://blog.trendmicro.com/trendlabs-security-intelligence/bad-rabbit-ransomware-spreads-via-network-hits-ukraine-russia/
https://blog.avast.com/its-rabbit-season-badrabbit-ransomware-infects-airports-and-subways
Title: Re: Technical
Post by: Asyn on November 02, 2017, 10:27:15 AM
Disclosure: WordPress WPDB SQL Injection - Background
https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-background.html
https://blog.ircmaxell.com/2017/10/disclosure-wordpress-wpdb-sql-injection-technical.html
https://wordpress.org/news/2017/10/wordpress-4-8-3-security-release/
Title: Re: Technical
Post by: Asyn on November 03, 2017, 09:48:27 AM
A New IoT Botnet Storm is Coming
https://research.checkpoint.com/new-iot-botnet-storm-coming/
http://blog.netlab.360.com/iot_reaper-a-rappid-spreading-new-iot-botnet-en/
IoTroop Botnet: The Full Investigation
https://research.checkpoint.com/iotroop-botnet-full-investigation/
Title: Re: Technical
Post by: Asyn on November 04, 2017, 06:14:57 AM
Junkware Removal Tool to be discontinued
Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.
https://www.malwarebytes.com/junkwareremovaltool/
https://forums.malwarebytes.com/topic/213402-junkware-removal-tool-to-be-discontinued/
Title: Re: Technical
Post by: bob3160 on November 04, 2017, 02:08:51 PM
Junkware Removal Tool to be discontinued
Malwarebytes will continue to provide service and support for JRT until End of Life (EOL) on April 26, 2018.
https://www.malwarebytes.com/junkwareremovaltool/ (https://www.malwarebytes.com/junkwareremovaltool/)
https://forums.malwarebytes.com/topic/213402-junkware-removal-tool-to-be-discontinued/ (https://forums.malwarebytes.com/topic/213402-junkware-removal-tool-to-be-discontinued/)
One less tool in the battle against the bad guys.  :(
Title: Re: Technical
Post by: Asyn on November 06, 2017, 06:11:48 AM
Cryptocurrency mining malware sneaks onto Google Play
https://blog.avast.com/cryptocurrency-mining-malware-sneaks-onto-google-play
Title: Re: Technical
Post by: Asyn on November 07, 2017, 05:50:36 AM
Stuxnet-style code signing is more widespread than anyone thought
https://arstechnica.com/information-technology/2017/11/evasive-code-signed-malware-flourished-before-stuxnet-and-still-does/
http://www.umiacs.umd.edu/~tdumitra/papers/CCS-2017.pdf
Title: Re: Technical
Post by: Asyn on November 09, 2017, 09:38:10 AM
Standardizing Bad Cryptographic Practice
https://eprint.iacr.org/2017/828.pdf
Title: Re: Technical
Post by: Asyn on November 10, 2017, 01:49:31 PM
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/
Title: Re: Technical
Post by: bob3160 on November 10, 2017, 01:54:47 PM
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/ (https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/)
So why is Avast Online Security App giving that website a green light ???
(http://screencast-o-matic.com/screenshots/u/Lh/1510318347916-97317.png)

Title: Re: Technical
Post by: Asyn on November 10, 2017, 02:14:27 PM
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/ (https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/)
So why is Avast Online Security App giving that website a green light ???
The guys from VL are at it already. :)
Title: Re: Technical
Post by: bob3160 on November 10, 2017, 02:17:19 PM
Windows Movie Maker Scam spreads massively due to high Google ranking
https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/ (https://www.welivesecurity.com/2017/11/09/eset-detected-windows-movie-maker-scam-2017/)
So why is Avast Online Security App giving that website a green light ???
The guys from VL are at it already. :)
Yes quick response after I reported it on the slack channel. :)
Title: Re: Technical
Post by: bob3160 on November 10, 2017, 02:25:01 PM
It didn't take Avast very long to Correct this incorrect rating either.
(http://screencast-o-matic.com/screenshots/u/Lh/1510320477773-5722.png)
Title: Re: Technical
Post by: Asyn on November 10, 2017, 02:28:22 PM
It didn't take Avast very long to Correct this incorrect rating either.
Yep, good job and fast reaction. 8)
Title: Re: Technical
Post by: Asyn on November 11, 2017, 10:23:08 AM
Eavesdropper: The Mobile Vulnerability Exposing Millions of Conversations
https://www.appthority.com/mobile-threat-center/blog/eavesdropper-mobile-vulnerability-exposing-millions-conversations/
https://www.appthority.com/mobile-threat-center/blog/eavesdropper-vulnerability-extends-amazon-cloud-storage-data/
Title: Re: Technical
Post by: Asyn on November 13, 2017, 05:16:42 AM
Data breaches, phishing, or malware? Understanding the risks of stolen credentials
https://research.google.com/pubs/archive/46437.pdf
Title: Re: Technical
Post by: Asyn on November 14, 2017, 08:39:41 AM
Face ID beaten by mask, not an effective security measure
http://www.bkav.com/d/top-news/-/view_content/content/103968/face-id-beaten-by-mask-not-an-effective-security-measure
Title: Re: Technical
Post by: Asyn on November 15, 2017, 08:48:35 AM
The November 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/11/14/the-november-2017-security-update-review
Title: Re: Technical
Post by: bob3160 on November 15, 2017, 10:27:03 PM
Trump administration releases rules on disclosing security flaws.
https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF (https://www.whitehouse.gov/sites/whitehouse.gov/files/images/External%20-%20Unclassified%20VEP%20Charter%20FINAL.PDF)
Title: Re: Technical
Post by: Asyn on November 18, 2017, 07:15:21 AM
BlueBorne
The dangers of Bluetooth implementations: Unveiling zero day vulnerabilities and security flaws in modern Bluetooth stacks
http://go.armis.com/hubfs/BlueBorne%20Technical%20White%20Paper.pdf
BlueBorne Cyber Threat Impacts Amazon Echo and Google Home
https://www.armis.com/blueborne-cyber-threat-impacts-amazon-echo-google-home/
Title: Re: Technical
Post by: Asyn on November 19, 2017, 11:57:04 AM
Introducing security alerts on GitHub
https://github.com/blog/2470-introducing-security-alerts-on-github
https://help.github.com/articles/about-security-alerts-for-vulnerable-dependencies/
Title: Re: Technical
Post by: Asyn on November 19, 2017, 04:08:57 PM
Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive
https://www.upguard.com/breaches/cloud-leak-centcom
Title: Re: Technical
Post by: bob3160 on November 19, 2017, 04:39:42 PM
Dark Cloud: Inside The Pentagon's Leaked Internet Surveillance Archive
https://www.upguard.com/breaches/cloud-leak-centcom (https://www.upguard.com/breaches/cloud-leak-centcom)
The question still remains if this "misconfiguration" was an oversight or a deliberate act. ???
Title: Re: Technical
Post by: Asyn on November 21, 2017, 04:47:38 AM
Mobile banking Trojan sneaks into Google Play targeting Wells Fargo, Chase and Citibank customers
https://blog.avast.com/mobile-banking-trojan-sneaks-into-google-play-targeting-wells-fargo-chase-and-citibank-customers
Title: Re: Technical
Post by: Asyn on November 21, 2017, 06:55:08 AM
NoScript 10.1.1 Quantum Powerball Finish... and Rebooting
https://hackademix.net/2017/11/21/noscript-1011-quantum-powerball-finish-and-rebooting/
Title: Re: Technical
Post by: Asyn on November 23, 2017, 05:23:53 AM
Uber Paid Hackers to Delete Stolen Data on 57 Million People
https://www.bloomberg.com/news/articles/2017-11-21/uber-concealed-cyberattack-that-exposed-57-million-people-s-data
Title: Re: Technical
Post by: Asyn on November 24, 2017, 06:12:24 AM
qkG Filecoder: Self-Replicating, Document-Encrypting Ransomware
http://blog.trendmicro.com/trendlabs-security-intelligence/qkg-filecoder-self-replicating-document-encrypting-ransomware/
Title: Re: Technical
Post by: Asyn on November 25, 2017, 09:13:51 AM
No boundaries: Exfiltration of personal data by session-replay scripts
https://freedom-to-tinker.com/2017/11/15/no-boundaries-exfiltration-of-personal-data-by-session-replay-scripts/
https://webtransparency.cs.princeton.edu/no_boundaries/session_replay_sites.html
Title: Re: Technical
Post by: Asyn on November 26, 2017, 09:48:14 AM
Massive Email Campaign Spreads Scarab Ransomware
https://blogs.forcepoint.com/security-labs/massive-email-campaign-spreads-scarab-ransomware
https://labsblog.f-secure.com/2017/11/23/necurs-business-is-booming-in-a-new-partnership-with-scarab-ransomware/
Title: Re: Technical
Post by: Asyn on November 28, 2017, 10:13:43 AM
OSX.Proton spreading through fake Symantec blog
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/osx-proton-spreading-through-fake-symantec-blog/
Title: Re: Technical
Post by: Asyn on November 30, 2017, 08:03:02 AM
Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online
https://www.upguard.com/breaches/cloud-leak-inscom
Title: Re: Technical
Post by: bob3160 on November 30, 2017, 01:55:16 PM
Black Box, Red Disk: How Top Secret NSA and Army Data Leaked Online
https://www.upguard.com/breaches/cloud-leak-inscom (https://www.upguard.com/breaches/cloud-leak-inscom)
"If the right hand doesn't know what the left hand is doing . . . "
That's been going on in Government all over the world since ancient history.
Title: Re: Technical
Post by: Asyn on December 01, 2017, 06:10:51 AM
Terror exploit kit goes HTTPS all the way
https://blog.malwarebytes.com/threat-analysis/2017/11/terror-exploit-kit-goes-https-all-the-way/
Title: Re: Technical
Post by: Asyn on December 03, 2017, 11:56:16 AM
Reducing Chrome crashes caused by third-party software
https://blog.chromium.org/2017/11/reducing-chrome-crashes-caused-by-third.html

Discussion: https://forum.avast.com/index.php?topic=211404.0
Title: Re: Technical
Post by: Asyn on December 06, 2017, 06:09:45 AM
Mailsploit
https://www.mailsploit.com
https://docs.google.com/spreadsheets/d/1jkb_ZybbAoUA43K902lL-sB7c1HMQ78-fhQ8nowJCQk/htmlview?sle=true
Title: Re: Technical
Post by: Asyn on December 06, 2017, 11:04:15 AM
Hacked Password Service Leakbase Goes Dark
https://krebsonsecurity.com/2017/12/hacked-password-service-leakbase-goes-dark/
Title: Re: Technical
Post by: Asyn on December 07, 2017, 06:30:07 AM
Virtual Keyboard Developer Leaked 31 Million of Client Records
https://mackeepersecurity.com/post/virtual-keyboard-developer-leaked-31-million-of-client-records
Title: Re: Technical
Post by: Asyn on December 08, 2017, 09:28:39 AM
A Quarter of Phishing Attacks are Now Hosted on HTTPS Domains: Why?
https://info.phishlabs.com/blog/quarter-phishing-attacks-hosted-https-domains
Title: Re: Technical
Post by: Asyn on December 09, 2017, 07:58:18 AM
StorageCrypt Ransomware Infecting NAS Devices Using SambaCry
https://www.bleepingcomputer.com/news/security/storagecrypt-ransomware-infecting-nas-devices-using-sambacry/
Title: Re: Technical
Post by: REDACTED on December 10, 2017, 10:02:58 PM
how do i delete trash file
Title: Re: Technical
Post by: bob3160 on December 10, 2017, 10:04:21 PM
how do i delete trash file
Please start your own topic and describe you problem.
Title: Re: Technical
Post by: Asyn on December 12, 2017, 06:11:33 AM
HP keylogger
https://zwclose.github.io/HP-keylogger/
https://support.hp.com/us-en/document/c05827409
Title: Re: Technical
Post by: Asyn on December 13, 2017, 06:45:56 AM
The December 2017 Security Update Review
https://www.zerodayinitiative.com/blog/2017/12/12/the-december-2017-security-update-review
Title: Re: Technical
Post by: bob3160 on December 13, 2017, 02:37:36 PM
Avast open-sources its machine-code decompiler (https://blog.avast.com/avast-open-sources-its-machine-code-decompiler)
(http://screencast-o-matic.com/screenshots/u/Lh/1513172232100-93060.png)
Title: Re: Technical
Post by: Asyn on December 15, 2017, 05:36:33 AM
Group-IB uncovered hacker group, attacking dozens of banks in the US, Russia and the UK
https://www.group-ib.com/media/group-ib-moneytaker/
Title: Re: Technical
Post by: Asyn on December 18, 2017, 09:22:07 AM
Palo Alto Networks firewalls remote root code execution
http://seclists.org/fulldisclosure/2017/Dec/38
https://securityadvisories.paloaltonetworks.com/Home/Detail/102
Title: Re: Technical
Post by: Asyn on December 19, 2017, 05:23:33 AM
keeper: privileged ui injected into pages (again)
https://bugs.chromium.org/p/project-zero/issues/detail?id=1481
Title: Re: Technical
Post by: Asyn on December 19, 2017, 12:27:41 PM
Jack of all trades
https://securelist.com/jack-of-all-trades/83470/
Title: Re: Technical
Post by: Asyn on December 21, 2017, 07:11:28 AM
New version of mobile malware Catelites possibly linked to Cron cyber gang
https://blog.avast.com/new-version-of-mobile-malware-catelites-possibly-linked-to-cron-cyber-gang
https://cdn2.hubspot.net/hubfs/486579/Catelites%20Bot%20Targetted%20Banking%20Apps.pdf
Title: Re: Technical
Post by: Asyn on December 22, 2017, 06:25:55 AM
PC Trends Report: Top 7 facts about PCs in 2017
https://blog.avast.com/pc-trends-report-top-7-facts-about-pcs-in-2017
https://press.avast.com/hubfs/media-materials/kits/PC-trends-report-Q3-2017/avast_q3_2017_pc_trends_report.pdf
Title: Re: Technical
Post by: Asyn on December 23, 2017, 04:49:32 AM
The Market for Stolen Account Credentials
https://krebsonsecurity.com/2017/12/the-market-for-stolen-account-credentials/
Title: Re: Technical
Post by: Asyn on December 24, 2017, 11:30:01 AM
Pentest-Report Enigmail by Cure53
https://enigmail.net/download/other/Enigmail%20Pentest%20Report%20by%20Cure53%20-%20Excerpt.pdf
Title: Re: Technical
Post by: Asyn on December 25, 2017, 06:19:15 AM
New .DOC GlobeImposter Ransomware Variant Malspam Campaign Underway
https://www.bleepingcomputer.com/news/security/new-doc-globeimposter-ransomware-variant-malspam-campaign-underway/
Title: Re: Technical
Post by: Asyn on January 04, 2018, 06:09:11 AM
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html

Edit: Links added.

Title: Re: Technical
Post by: Asyn on January 04, 2018, 12:00:28 PM
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
http://blog.cyberus-technology.de/posts/2018-01-03-meltdown.html
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Reactions and Infos
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.amd.com/en/corporate/speculative-execution
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
Title: Re: Technical
Post by: Asyn on January 05, 2018, 07:17:02 AM
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Reactions and Infos
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.amd.com/en/corporate/speculative-execution
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
Title: Re: Technical
Post by: Asyn on January 06, 2018, 04:54:26 PM
Multiple vulnerabilities in the online services of (GPS) location tracking devices
https://0x0.li/trackmageddon/
https://0x0.li/trackmageddon/0x0-20171222-gpsui.net.html
https://0x0.li/trackmageddon/0x0-20180102-gpsgate.html
Title: Re: Technical
Post by: abruptum on January 06, 2018, 07:06:56 PM
Multiple reports of blue screens (BSODs) 0X000000C4 when installing the January Win7 Monthly Rollup KB 4056894

  https://www.askwoody.com/2018/multiple-reports-of-blue-screens-bsods-0x000000c4-when-installing-the-january-win7-monthly-rollup-kb-4056894/
Title: Re: Technical
Post by: Asyn on January 07, 2018, 11:10:38 AM
Almost All CPUs Since 1995 Vulnerable To "Meltdown" And "Spectre" Flaws
https://www.bleepingcomputer.com/news/security/google-almost-all-cpus-since-1995-vulnerable-to-meltdown-and-spectre-flaws/
https://meltdownattack.com/
https://meltdownattack.com/meltdown.pdf
https://spectreattack.com/spectre.pdf
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html
Reactions and Infos
https://newsroom.intel.com/news/intel-responds-to-security-research-findings/
https://www.amd.com/en/corporate/speculative-execution
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html
http://appleinsider.com/articles/18/01/03/apple-has-already-partially-implemented-fix-in-macos-for-kpti-intel-cpu-security-flaw
https://support.microsoft.com/en-us/help/4072699/important-information-regarding-the-windows-security-updates-released
List of Meltdown and Spectre Vulnerability Advisories, Patches, & Updates
https://www.bleepingcomputer.com/news/security/list-of-meltdown-and-spectre-vulnerability-advisories-patches-and-updates/
Meltdown and Spectre: Yes, your device is likely vulnerable
https://blog.avast.com/meltdown-and-spectre-yes-your-device-is-likely-vulnerable
Title: Re: Technical
Post by: Asyn on January 08, 2018, 07:31:00 AM
Facebook Bug Could Have Let Advertisers Get Your Phone Number
https://www.wired.com/story/facebook-bug-could-let-advertisers-see-your-phone-number/
https://mislove.org/publications/PII-Oakland.pdf
Title: Re: Technical
Post by: Asyn on January 10, 2018, 08:19:56 AM
The January 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/1/9/the-january-2018-security-update-review
Title: Re: Technical
Post by: Asyn on January 11, 2018, 01:13:46 PM
2018.01.09 Issue with TLS-SNI-01 and Shared Hosting Infrastructure
https://community.letsencrypt.org/t/2018-01-09-issue-with-tls-sni-01-and-shared-hosting-infrastructure/49996
Title: Re: Technical
Post by: Asyn on January 14, 2018, 07:57:32 AM
Intel AMT Security Issue Lets Attackers Bypass Login Credentials in Corporate Laptops
https://press.f-secure.com/2018/01/12/intel-amt-security-issue-lets-attackers-bypass-login-credentials-in-corporate-laptops/
https://business.f-secure.com/intel-amt-security-issue
Title: Re: Technical
Post by: Asyn on January 17, 2018, 06:09:04 AM
Malicious Chrome Extensions Enable Criminals to Impact Over Half a Million Users and Global Businesses
https://www.icebrg.io/blog/malicious-chrome-extensions-enable-criminals-to-impact-over-half-a-million-users-and-global-businesses
Title: Re: Technical
Post by: Asyn on January 19, 2018, 06:21:03 AM
Downloaders on Google Play spreading malware to steal Facebook login details
https://blog.avast.com/downloaders-on-google-play-spreading-malware-to-steal-facebook-login-details
Title: Re: Technical
Post by: Asyn on January 20, 2018, 05:41:15 AM
EFF and Lookout Uncover New Malware Espionage Campaign Infecting Thousands Around the World
https://www.eff.org/press/releases/eff-and-lookout-uncover-new-malware-espionage-campaign-infecting-thousands-around
https://www.eff.org/deeplinks/2018/01/dark-caracal-good-news-and-bad-news
https://info.lookout.com/rs/051-ESQ-475/images/Lookout_Dark-Caracal_srr_20180118_us_v.1.0.pdf
Title: Re: Technical
Post by: Asyn on January 22, 2018, 12:04:40 PM
Art of Steal: Satori Variant is Robbing ETH BitCoin by Replacing Wallet Address
http://blog.netlab.360.com/art-of-steal-satori-variant-is-robbing-eth-bitcoin-by-replacing-wallet-address-en/
Title: Re: Technical
Post by: Asyn on January 23, 2018, 06:53:09 AM
Root Cause of Reboot Issue Identified; Updated Guidance for Customers and Partners
https://newsroom.intel.com/news/root-cause-of-reboot-issue-identified-updated-guidance-for-customers-and-partners/
Title: Re: Technical
Post by: Asyn on January 25, 2018, 06:21:12 AM
Dell Advising All Customers To Not Install Spectre BIOS Updates
https://www.bleepingcomputer.com/news/security/dell-advising-all-customers-to-not-install-spectre-bios-updates/

HP Reissuing BIOS Updates After Buggy Intel Meltdown and Spectre Updates
https://www.bleepingcomputer.com/news/hardware/hp-reissuing-bios-updates-after-buggy-intel-meltdown-and-spectre-updates/
Title: Re: Technical
Post by: Asyn on January 26, 2018, 06:08:16 AM
New Hide ‘N Seek IoT Botnet using custom-built Peer-to-Peer communication spotted in the wild
https://labs.bitdefender.com/2018/01/new-hide-n-seek-iot-botnet-using-custom-built-peer-to-peer-communication-spotted-in-the-wild/
Title: Re: Technical
Post by: Asyn on January 27, 2018, 06:13:35 AM
Large Scale Monero Cryptocurrency Mining Operation using XMRig
https://researchcenter.paloaltonetworks.com/2018/01/unit42-large-scale-monero-cryptocurrency-mining-operation-using-xmrig/
Title: Re: Technical
Post by: Asyn on January 29, 2018, 12:16:16 PM
IBM Future of Identity Study: Millennials Poised to Disrupt Authentication Landscape
https://www.prnewswire.com/news-releases/ibm-future-of-identity-study-millennials-poised-to-disrupt-authentication-landscape-300589262.html
Title: Re: Technical
Post by: Asyn on January 30, 2018, 07:20:31 AM
Malvertising Campaign Abuses Google’s DoubleClick to Deliver Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/malvertising-campaign-abuses-googles-doubleclick-to-deliver-cryptocurrency-miners/
Title: Re: Technical
Post by: bob3160 on January 30, 2018, 09:31:10 PM

(https://screencast-o-matic.com/screenshots/u/Lh/1517344240255-2440.png)
https://blog.avast.com/looking-ahead-9-threat-trends-in-2018
Title: Re: Technical
Post by: Asyn on February 01, 2018, 06:45:10 AM
First ‘Jackpotting’ Attacks Hit U.S. ATMs
https://krebsonsecurity.com/2018/01/first-jackpotting-attacks-hit-u-s-atms/
Title: Re: Technical
Post by: Asyn on February 03, 2018, 09:06:54 AM
Malicious Chrome Extensions Found in Chrome Web Store, Form Droidclub Botnet
https://blog.trendmicro.com/trendlabs-security-intelligence/malicious-chrome-extensions-found-chrome-web-store-form-droidclub-botnet/
https://documents.trendmicro.com/assets/pdf/appendix-droidclub.pdf
Title: Re: Technical
Post by: Asyn on February 04, 2018, 09:26:07 AM
Botnet at large: Avast blocks Smominru miner
https://blog.avast.com/botnet-at-large-avast-blocks-smominru-miner
http://www.zdnet.com/article/a-giant-botnet-is-forcing-windows-servers-to-mine-cryptocurrency
https://www.proofpoint.com/us/threat-insight/post/smominru-monero-mining-botnet-making-millions-operators
Title: Re: Technical
Post by: Asyn on February 05, 2018, 03:24:39 PM
Intel-SA-00088 for Intel® NUC, Intel® Compute Stick, and Intel® Compute Card
https://www.intel.com/content/www/us/en/support/articles/000026620/mini-pcs.html
Title: Re: Technical
Post by: Asyn on February 06, 2018, 12:23:56 PM
Grammarly: auth tokens are accessible to all websites
https://bugs.chromium.org/p/project-zero/issues/detail?id=1527
Title: Re: Technical
Post by: Asyn on February 07, 2018, 07:57:15 AM
Analyzing OSX/CreativeUpdater › a macOS cryptominer, distributed via macupdate.com
https://objective-see.com/blog/blog_0x29.html
Title: Re: Technical
Post by: Asyn on February 08, 2018, 06:10:21 AM
Microsoft Anti Ransomware bypass (not a vulnerability for Microsoft)
http://www.securitybydefault.com/2018/01/microsoft-anti-ransomware-bypass-not.html
Title: Re: Technical
Post by: Asyn on February 08, 2018, 06:09:53 PM
UDPoS - Exfiltrating Credit Card Data via DNS
https://blogs.forcepoint.com/security-labs/udpos-exfiltrating-credit-card-data-dns
Title: Re: Technical
Post by: Asyn on February 09, 2018, 07:14:15 AM
The essential guide to ransomware and how to protect yourself
https://blog.avast.com/what-is-ransomware
Title: Re: Technical
Post by: Asyn on February 10, 2018, 09:39:56 AM
Microcode Revision Guidance
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf
Title: Re: Technical
Post by: Asyn on February 12, 2018, 08:14:01 AM
You can resurrect any deleted GitHub account name. And this is why we have trust issues
https://www.theregister.co.uk/2018/02/10/github_account_name_reuse/
Title: Re: Technical
Post by: Asyn on February 13, 2018, 08:38:05 AM
Ransomware: New free decryption key can save files locked with Cryakl
http://www.zdnet.com/article/cryakl-ransomware-decryption-keys-now-available-for-free/
Title: Re: Technical
Post by: Asyn on February 14, 2018, 06:26:14 AM
Zero-day vulnerability in Telegram
https://securelist.com/zero-day-vulnerability-in-telegram/83800/
Title: Re: Technical
Post by: Asyn on February 14, 2018, 10:57:41 AM
The February 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/2/13/the-february-2018-security-update-review
Title: Re: Technical
Post by: Asyn on February 15, 2018, 07:37:57 AM
Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM
http://seclists.org/fulldisclosure/2018/Feb/33
Title: Re: Technical
Post by: Asyn on February 16, 2018, 05:51:27 AM
The essential guide to VPNs: What they are and how they work
https://blog.avast.com/vpn-essential-guide
Title: Re: Technical
Post by: Asyn on February 16, 2018, 12:07:41 PM
Spectre Mitigations in Microsoft's C/C++ Compiler
https://www.paulkocher.com/doc/MicrosoftCompilerSpectreMitigation.html
Title: Re: Technical
Post by: Asyn on February 17, 2018, 07:00:20 AM
COINHOARDER: Tracking a Ukrainian Bitcoin Phishing Ring DNS Style
http://blog.talosintelligence.com/2018/02/coinhoarder.html
Title: Re: Technical
Post by: Asyn on February 18, 2018, 10:14:10 AM
Mac Privacy: Sandboxed Mac apps can record your screen at any time without you knowing
https://krausefx.com/blog/mac-privacy-sandboxed-mac-apps-can-take-screenshots
Title: Re: Technical
Post by: Asyn on February 19, 2018, 06:23:56 AM
The JavaScript Supply Chain Paradox: SRI, CSP and Trust in Third Party Libraries
https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/
Title: Re: Technical
Post by: Asyn on February 20, 2018, 06:44:36 AM
Microsoft Edge: ACG bypass using UnmapViewOfFile
https://bugs.chromium.org/p/project-zero/issues/detail?id=1435
Title: Re: Technical
Post by: Asyn on February 21, 2018, 10:08:26 AM
New Satori Botnet Variant Enslaves Thousands of Dasan WiFi Routers
https://blog.radware.com/security/2018/02/new-satori-botnet-variant-enslaves-thousands-dasan-wifi-routers/
Title: Re: Technical
Post by: Asyn on February 21, 2018, 02:09:35 PM
Lessons from the Cryptojacking Attack at Tesla
https://blog.redlock.io/cryptojacking-tesla
Title: Re: Technical
Post by: bob3160 on February 21, 2018, 02:47:07 PM

Avast tracks down Tempting Cedar Spyware
https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware (https://blog.avast.com/avast-tracks-down-tempting-cedar-spyware)
Title: Re: Technical
Post by: Asyn on February 22, 2018, 06:21:45 AM
Tearing Apart the Undetected (OSX)Coldroot RAT
https://digitasecurity.com/blog/2018/02/19/coldroot/
Title: Re: Technical
Post by: Asyn on February 23, 2018, 06:54:10 AM
Retpoline: A Branch Target Injection Mitigation
https://software.intel.com/sites/default/files/managed/1d/46/Retpoline-A-Branch-Target-Injection-Mitigation.pdf
Title: Re: Technical
Post by: Asyn on February 24, 2018, 06:33:17 PM
Jenkins Miner: One of the Biggest Mining Operations Ever Discovered
https://research.checkpoint.com/jenkins-miner-one-biggest-mining-operations-ever-discovered/
Title: Re: Technical
Post by: Asyn on February 26, 2018, 09:08:46 AM
Signal Foundation
https://signal.org/blog/signal-foundation/
https://signalfoundation.org/
Title: Re: Technical
Post by: Asyn on February 27, 2018, 08:48:20 AM
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060
Title: Re: Technical
Post by: bob3160 on February 27, 2018, 02:53:28 PM
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
Title: Re: Technical
Post by: Asyn on February 27, 2018, 05:06:41 PM
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
Hi Bob, I always post the title as is. Cheers
Title: Re: Technical
Post by: bob3160 on February 27, 2018, 05:10:55 PM
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
Hi Bob, I always post the title as is. Cheers
All I did was clarify the post. :)
Title: Re: Technical
Post by: Asyn on February 27, 2018, 05:20:45 PM
Apple moves to store iCloud keys in China, raising human rights fears
https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060 (https://www.reuters.com/article/us-china-apple-icloud-insight/apple-moves-to-store-icloud-keys-in-china-raising-human-rights-fears-idUSKCN1G8060)
That title is a bit misleading since the keys talked about relate only to Chinese users.
Hi Bob, I always post the title as is. Cheers
All I did was clarify the post. :)
Got it, no worries. :)
Title: Re: Technical
Post by: Asyn on March 01, 2018, 06:23:40 AM
OMG: Mirai-based Bot Turns IoT Devices into Proxy Servers
https://www.fortinet.com/blog/threat-research/omg--mirai-based-bot-turns-iot-devices-into-proxy-servers.html
Title: Re: Technical
Post by: Asyn on March 02, 2018, 10:35:17 AM
SgxPectre Attacks: Leaking Enclave Secrets via Speculative Execution
https://arxiv.org/pdf/1802.09085v2.pdf
Title: Re: Technical
Post by: Asyn on March 03, 2018, 05:19:41 PM
The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned
https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/
Title: Re: Technical
Post by: DavidR on March 03, 2018, 07:00:39 PM
The UK and Australian Governments Are Now Monitoring Their Gov Domains on Have I Been Pwned
https://www.troyhunt.com/the-uk-and-australian-governments-are-now-monitoring-their-gov-domains-on-have-i-been-pwned/

I think Governments need to start hiring some of these hackers that walk though their so called defences.  A point in question one with Autism has finally combated extradition for hacking US Government sites.  He wasn't the first Autistic person to have done the same blowing holes in US Government sites and also beating extradition.

I think that they should be more proactive when identifying a hacker, to ask how it was done and fire those responsible for security of said sites.
Title: Re: Technical
Post by: bob3160 on March 04, 2018, 12:02:30 AM
Folks with Autism usually excel at something. :)
Title: Re: Technical
Post by: DavidR on March 04, 2018, 12:17:51 AM
Folks with Autism usually excel at something. :)

Absolutely and there have been several cases of them getting around site security, more from being inquisitive, very tenacious and not malicious.
Title: Re: Technical
Post by: Asyn on March 05, 2018, 11:16:18 AM
Doctor Web: over 40 models of Android devices delivered already infected from the manufacturers
https://news.drweb.com/show/?lng=en&i=11749&c=5
Title: Re: Technical
Post by: DavidR on March 05, 2018, 11:36:17 AM
Doctor Web: over 40 models of Android devices delivered already infected from the manufacturers
https://news.drweb.com/show/?lng=en&i=11749&c=5

Never heard of any of those 40 Android devices before, it doesn't appear to include any of the major brands.  Thought it does say that this is not a comprehensive list.
Title: Re: Technical
Post by: Asyn on March 06, 2018, 11:47:22 AM
LTEInspector: A Systematic Approach for Adversarial Testing of 4G LTE
http://wp.internetsociety.org/ndss/wp-content/uploads/sites/25/2018/02/ndss2018_02A-3_Hussain_paper.pdf
Title: Re: Technical
Post by: Asyn on March 08, 2018, 06:30:41 AM
FinFisher exposed: A researcher’s tale of defeating traps, tricks, and complex virtual machines
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/01/finfisher-exposed-a-researchers-tale-of-defeating-traps-tricks-and-complex-virtual-machines/
Title: Re: Technical
Post by: bob3160 on March 08, 2018, 07:19:47 PM
As a long time user of Ccleaner, I'm very happy that the product is now part of Avast Software.
Here is why:
https://blog.avast.com/new-investigations-in-ccleaner-incident-point-to-a-possible-third-stage-that-had-keylogger-capacities
Title: Re: Technical
Post by: Asyn on March 10, 2018, 05:47:43 AM
Dark Web Market Price Index (Feb 2018 - US Edition)
https://www.top10vpn.com/privacy-central/privacy/dark-web-market-price-index-feb-2018-us/
https://www.top10vpn.com/wp-content/uploads/2018/02/Dark-Web-Market-Price-Index-Feb-2018.pdf
Title: Re: Technical
Post by: Asyn on March 11, 2018, 03:12:02 PM
OlympicDestroyer is here to trick the industry
https://securelist.com/olympicdestroyer-is-here-to-trick-the-industry/84295/
Title: Re: Technical
Post by: Asyn on March 12, 2018, 06:20:15 AM
BAD TRAFFIC: Sandvine’s PacketLogic Devices Used to Deploy Government Spyware in Turkey and Redirect Egyptian Users to Affiliate Ads?
https://citizenlab.ca/2018/03/bad-traffic-sandvines-packetlogic-devices-deploy-government-spyware-turkey-syria/
https://github.com/citizenlab/badtraffic
Title: Re: Technical
Post by: Asyn on March 13, 2018, 09:03:01 AM
TLS 1.3 and Proxies
https://www.imperialviolet.org/2018/03/10/tls13.html
Title: Re: Technical
Post by: Asyn on March 14, 2018, 06:35:15 AM
Greedy cybercriminals host malware on GitHub
https://blog.avast.com/greedy-cybercriminals-host-malware-on-github
Title: Re: Technical
Post by: Asyn on March 14, 2018, 06:52:29 AM
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review
Title: Re: Technical
Post by: bob3160 on March 14, 2018, 06:32:07 PM
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review (https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review)
I was delayed yesterday after my presentation.
I had been asked to hook up to their wifi and after the presentation, I was greeted with the
notification not to shut down the computer till the update completed. :)
Love this new update feature in Windows 10.  :(
Title: Re: Technical
Post by: DavidR on March 14, 2018, 07:29:47 PM
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review (https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review)
I was delayed yesterday after my presentation.
I had been asked to hook up to their wifi and after the presentation, I was greeted with the
notification not to shut down the computer till the update completed. :)
Love this new update feature in Windows 10.  :(

I do hate this authoritarian approach to windows updates by MS.

First off I did the this is a metered connection, delaying my updates until I chose to do it.  Now that options is ignored, but the one thing that does seem to still have an effect is setting the Active Hours so it is way outside of any possible conflict with work.

Windows Update > Update settings > Change active hours - mine is set at 14:00 to 22:00 (Maximum 18 hours).  Or you could try the Restart options > Schedule a time - I have this turned off.

I don't know if that first option could have helped you in conjunction with the second option.
Title: Re: Technical
Post by: bob3160 on March 14, 2018, 08:57:24 PM
The March 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review (https://www.zerodayinitiative.com/blog/2018/3/13/the-march-2018-security-update-review)
I was delayed yesterday after my presentation.
I had been asked to hook up to their wifi and after the presentation, I was greeted with the
notification not to shut down the computer till the update completed. :)
Love this new update feature in Windows 10.  :(

I do hate this authoritarian approach to windows updates by MS.

First off I did the this is a metered connection, delaying my updates until I chose to do it.  Now that options is ignored, but the one thing that does seem to still have an effect is setting the Active Hours so it is way outside of any possible conflict with work.

Windows Update > Update settings > Change active hours - mine is set at 14:00 to 22:00 (Maximum 18 hours).  Or you could try the Restart options > Schedule a time - I have this turned off.

I don't know if that first option could have helped you in conjunction with the second option.
I very seldom connect to Wifi at a club. I don't need it for my presentation.
This was a rare exception and just happened to be at a time when there was an update available.
It only took an extra 10 minutes so it was manageable.
Title: Re: Technical
Post by: Asyn on March 15, 2018, 06:58:26 AM
A raft of flaws in AMD chips makes bad hacks much, much worse
https://arstechnica.com/information-technology/2018/03/a-raft-of-flaws-in-amd-chips-make-bad-hacks-much-much-worse/
Title: Re: Technical
Post by: Asyn on March 16, 2018, 06:39:39 AM
Poisoned peer-to-peer app kicked off Dofoil coin miner outbreak
https://cloudblogs.microsoft.com/microsoftsecure/2018/03/13/poisoned-peer-to-peer-app-kicked-off-dofoil-coin-miner-outbreak/
Title: Re: Technical
Post by: Secondmineboy on March 16, 2018, 09:35:12 PM
Microsoft wants to force Windows 10 Mail users to use Edge for email links

https://www.theverge.com/2018/3/16/17130566/microsoft-windows-10-mail-edge-default-links
Title: Re: Technical
Post by: bob3160 on March 16, 2018, 10:33:13 PM
Not my experience. Outlook.com works without problems in Chrome.
Cortana is using Google to do my bidding. :)
Title: Re: Technical
Post by: Asyn on March 17, 2018, 05:44:57 AM
ACME v2 and Wildcard Certificate Support is Live
https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579
https://community.letsencrypt.org/t/acme-v2-production-environment-wildcards/55578
Title: Re: Technical
Post by: Asyn on March 18, 2018, 11:18:38 AM
The Crypto Miners Fight For CPU Cycles
https://isc.sans.edu/forums/diary/The+Crypto+Miners+Fight+For+CPU+Cycles/23407/
Title: Re: Technical
Post by: Asyn on March 19, 2018, 08:42:22 AM
Guest Accounts Gain Full Access on Chrome RDP
https://research.checkpoint.com/guest-accounts-gain-full-access-chrome-rdp/
Title: Re: Technical
Post by: Asyn on March 20, 2018, 06:03:13 AM
Master password in Firefox or Thunderbird? Do not bother!
https://palant.de/2018/03/10/master-password-in-firefox-or-thunderbird-do-not-bother
Title: Re: Technical
Post by: Asyn on March 20, 2018, 01:38:08 PM
Advancing Security at the Silicon Level
https://newsroom.intel.com/editorials/advancing-security-silicon-level/
Title: Re: Technical
Post by: Asyn on March 21, 2018, 11:45:52 AM
A raft of flaws in AMD chips makes bad hacks much, much worse
https://arstechnica.com/information-technology/2018/03/a-raft-of-flaws-in-amd-chips-make-bad-hacks-much-much-worse/
Initial AMD Technical Assessment of CTS Labs Research
https://community.amd.com/community/amd-corporate/blog/2018/03/20/initial-amd-technical-assessment-of-cts-labs-research
Title: Re: Technical
Post by: Asyn on March 22, 2018, 10:11:31 AM
Protecting Against HSTS Abuse
https://webkit.org/blog/8146/protecting-against-hsts-abuse/
Title: Re: Technical
Post by: Asyn on March 24, 2018, 08:44:32 PM
Protecting Security Researchers
https://blogs.dropbox.com/tech/2018/03/protecting-security-researchers/
Title: Re: Technical
Post by: Asyn on March 29, 2018, 07:37:15 AM
Total Meltdown?
https://blog.frizk.net/2018/03/total-meltdown.html
Title: Re: Technical
Post by: bob3160 on March 29, 2018, 01:27:29 PM
Total Meltdown?
https://blog.frizk.net/2018/03/total-meltdown.html (https://blog.frizk.net/2018/03/total-meltdown.html)
Sometimes the cure is worse than the disease.
The latest patch has already fixed this vulnerability. If you installed it, you're safe
Title: Re: Technical
Post by: Asyn on March 30, 2018, 08:50:23 AM
Who and What Is Coinhive?
https://krebsonsecurity.com/2018/03/who-and-what-is-coinhive/
Title: Re: Technical
Post by: Asyn on April 01, 2018, 12:13:57 PM
SamSam group deletes Atlanta's contact portal after the address goes public
https://www.csoonline.com/article/3266364/security/samsam-group-deletes-atlantas-contact-portal-after-the-address-goes-public.html
Title: Re: Technical
Post by: Asyn on April 04, 2018, 08:51:39 AM
Protecting users from extension cryptojacking
https://blog.chromium.org/2018/04/protecting-users-from-extension-cryptojacking.html
Title: Re: Technical
Post by: Asyn on April 05, 2018, 08:48:32 AM
Chrome Is Scanning Files on Your Computer, and People Are Freaking Out
https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool
Title: Re: Technical
Post by: Asyn on April 06, 2018, 07:57:16 AM
Compromised Magento Sites Delivering Malware
https://www.flashpoint-intel.com/blog/compromised-magento-sites-delivering-malware/
Title: Re: Technical
Post by: Asyn on April 07, 2018, 05:55:56 PM
When Sharing Is Not Caring: Over 1.5 Billion Files Exposed Through Misconfigured Services
https://www.digitalshadows.com/blog-and-research/when-sharing-is-not-caring-over-1-5-billion-files-exposed-through-misconfigured-services/
Title: Re: Technical
Post by: Asyn on April 08, 2018, 10:11:59 AM
Intel® Remote Keyboard Unauthenticated Keystroke Injection
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00122&languageid=en-fr

Intel has issued a Product Discontinuation notice for Intel® Remote Keyboard and recommends that users of the Intel® Remote Keyboard uninstall it at their earliest convenience.
Title: Re: Technical
Post by: Asyn on April 09, 2018, 07:57:38 AM
Microcode Revision Guidance - April 2018
https://newsroom.intel.com/wp-content/uploads/sites/11/2018/04/microcode-update-guidance.pdf
Title: Re: Technical
Post by: Asyn on April 10, 2018, 06:17:40 AM
Critical Infrastructure at Risk: Advanced Actors Target Smart Install Client
https://blog.talosintelligence.com/2018/04/critical-infrastructure-at-risk.html
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180409-smi
Title: Re: Technical
Post by: Asyn on April 11, 2018, 09:39:44 AM
The April 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/4/10/the-april-2018-security-update-review
Title: Re: Technical
Post by: Asyn on April 12, 2018, 12:06:01 PM
There's Life in the Old Dog Yet: Tearing New Holes into Intel/iPhone Cellular Modems
https://comsecuris.com/blog/posts/theres_life_in_the_old_dog_yet_tearing_new_holes_into_inteliphone_cellular_modems/
Title: Re: Technical
Post by: Asyn on April 14, 2018, 06:49:19 AM
How Android Phones Hide Missed Security Updates From You
https://www.wired.com/story/android-phones-hide-missed-security-updates-from-you/
Title: Re: Technical
Post by: Asyn on April 16, 2018, 06:57:25 AM
Smartphone Security: You'll Never Guess Who Just Messaged You
http://jordansmith.io/address-book-contact-security/
Title: Re: Technical
Post by: Asyn on April 17, 2018, 08:04:21 AM
The dots do matter: how to scam a Gmail user
https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html
Title: Re: Technical
Post by: DavidR on April 17, 2018, 10:10:16 AM
The dots do matter: how to scam a Gmail user
https://jameshfisher.com/2018/04/07/the-dots-do-matter-how-to-scam-a-gmail-user.html

This was also a common tactic by spammers (and probably still is) get a gmail account and use multiple combinations of that address using the dots in the address for different accounts.
Title: Re: Technical
Post by: Asyn on April 18, 2018, 06:26:19 AM
Minecraft players exposed to malicious code in modified “skins”
https://blog.avast.com/minecraft-players-exposed-to-malicious-code-in-modified-skins
Title: Re: Technical
Post by: Asyn on April 18, 2018, 06:28:54 AM
Recent findings from CCleaner APT investigation reveal that attackers entered the Piriform network via TeamViewer
https://blog.avast.com/update-ccleaner-attackers-entered-via-teamviewer
Title: Re: Technical
Post by: Asyn on April 18, 2018, 06:31:21 AM
Uncovering Drupalgeddon 2
https://research.checkpoint.com/uncovering-drupalgeddon-2/
Title: Re: Technical
Post by: Asyn on April 19, 2018, 06:50:19 AM
Deleted Facebook Cybercrime Groups Had 300,000 Members
https://krebsonsecurity.com/2018/04/deleted-facebook-cybercrime-groups-had-300000-members/
Title: Re: Technical
Post by: Asyn on April 20, 2018, 06:10:22 AM
Ransomware XIAOBA Repurposed as File Infector and Cryptocurrency Miner
https://blog.trendmicro.com/trendlabs-security-intelligence/ransomware-xiaoba-repurposed-as-file-infector-and-cryptocurrency-miner/
Title: Re: Technical
Post by: Asyn on April 21, 2018, 09:43:43 AM
iOS Trustjacking – A Dangerous New iOS Vulnerability
https://www.symantec.com/blogs/feature-stories/ios-trustjacking-dangerous-new-ios-vulnerability
Title: Re: Technical
Post by: Asyn on April 21, 2018, 04:56:20 PM
No boundaries for Facebook data: third-party trackers abuse Facebook Login
https://freedom-to-tinker.com/2018/04/18/no-boundaries-for-facebook-data-third-party-trackers-abuse-facebook-login/
Title: Re: Technical
Post by: Asyn on April 22, 2018, 09:37:53 AM
2018 Data Breach Investigations Report
http://www.verizonenterprise.com/resources/reports/rp_DBIR_2018_Report_en_xg.pdf
Title: Re: Technical
Post by: Asyn on April 23, 2018, 08:31:58 AM
The Cat-and-Mouse Game Between Apple and the Manufacturer of an iPhone Unlocking Tool
https://motherboard.vice.com/amp/en_us/article/ne95pg/apple-iphone-unlocking-tool-graykey-cat-and-mouse-game
Title: Re: Technical
Post by: Asyn on April 24, 2018, 08:35:58 AM
Framework for Improving Critical Infrastructure Cybersecurity
https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.CSWP.04162018.pdf
Title: Re: Technical
Post by: Asyn on April 25, 2018, 08:02:19 AM
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/
Title: Re: Technical
Post by: DavidR on April 25, 2018, 09:59:27 AM
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/

Not shown in this blog entry, the spamming of forums with support scam telephone numbers/links, etc.
Title: Re: Technical
Post by: Asyn on April 25, 2018, 10:50:58 AM
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/
Not shown in this blog entry, the spamming of forums with support scam telephone numbers/links, etc.
That's right Dave. Also worth mentioning, most big(ger) IT companies are targeted.
Title: Re: Technical
Post by: DavidR on April 25, 2018, 12:05:21 PM
Teaming up in the war on tech support scams
https://cloudblogs.microsoft.com/microsoftsecure/2018/04/20/teaming-up-in-the-war-on-tech-support-scams/
Not shown in this blog entry, the spamming of forums with support scam telephone numbers/links, etc.
That's right Dave. Also worth mentioning, most big(ger) IT companies are targeted.

Yes more customers, means more potential targets, added to that, spam a support site and you are fishing in the right pond.  A target rich environment, people seeking help, support.
Title: Re: Technical
Post by: Asyn on April 26, 2018, 06:43:40 AM
World’s biggest marketplace selling internet paralysing DDoS attacks taken down
https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-biggest-marketplace-selling-internet-paralysing-ddos-attacks-taken-down
Title: Re: Technical
Post by: Asyn on April 27, 2018, 06:29:05 AM
New Crossrider variant installs configuration profiles on Macs
https://blog.malwarebytes.com/threat-analysis/2018/04/new-crossrider-variant-installs-configuration-profiles-on-macs/
Title: Re: Technical
Post by: Asyn on April 28, 2018, 06:52:30 AM
A New Phishing Kit on the Dark Net
https://research.checkpoint.com/a-phishing-kit-investigative-report/
Title: Re: Technical
Post by: Asyn on April 29, 2018, 11:24:54 AM
SEC hands down $35 million fine in Yahoo hack
http://money.cnn.com/2018/04/24/technology/yahoo-altaba-hack-sec-fine/index.html
Title: Re: Technical
Post by: Asyn on April 30, 2018, 09:53:53 AM
Dear Canada: Accessing Publicly Available Information on the Internet Is Not a Crime
https://www.eff.org/deeplinks/2018/04/dear-canada-accessing-publicly-available-information-internet-not-crime
Title: Re: Technical
Post by: bob3160 on April 30, 2018, 01:31:20 PM
Dear Canada: Accessing Publicly Available Information on the Internet Is Not a Crime
https://www.eff.org/deeplinks/2018/04/dear-canada-accessing-publicly-available-information-internet-not-crime (https://www.eff.org/deeplinks/2018/04/dear-canada-accessing-publicly-available-information-internet-not-crime)
If searching the internet were illegal than most of the world would now be behind bars.  :( 
Title: Re: Technical
Post by: Asyn on May 03, 2018, 06:10:44 AM
Google Maps open redirect flaw abused by scammers
https://nakedsecurity.sophos.com/2018/05/01/google-maps-open-redirect-flaw-abused-by-spammers/
Title: Re: Technical
Post by: Asyn on May 04, 2018, 06:50:26 AM
SiliVaccine: Inside North Korea’s Anti-Virus
https://research.checkpoint.com/silivaccine-a-look-inside-north-koreas-anti-virus/
Title: Re: Technical
Post by: Asyn on May 05, 2018, 09:23:20 AM
Botception with Necurs: Botnet distributes script with bot capabilities
https://blog.avast.com/botception-with-necurs-botnet-distributes-script-with-bot-capabilities-avast-threat-labs
Title: Re: Technical
Post by: Asyn on May 08, 2018, 08:27:47 AM
MassMiner Malware Targeting Web Servers
https://www.alienvault.com/blogs/labs-research/massminer-malware-targeting-web-servers
Title: Re: Technical
Post by: Asyn on May 09, 2018, 07:44:39 AM
Large cryptojacking campaign targeting vulnerable Drupal websites
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Title: Re: Technical
Post by: Asyn on May 09, 2018, 12:10:29 PM
The May 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/5/8/the-may-2018-security-update-review
Title: Re: Technical
Post by: Asyn on May 10, 2018, 09:37:01 AM
Telegram: Cyber Crime’s Channel of Choice
https://research.checkpoint.com/telegram-cyber-crimes-channel-choice/
Title: Re: Technical
Post by: mchain on May 10, 2018, 05:07:23 PM
Remote Code Execution Vulnerability on LG Smartphones
https://research.checkpoint.com/lg-keyboard-vulnerabilities/ (https://research.checkpoint.com/lg-keyboard-vulnerabilities/)
LG has issued two security patches on May 8th, 2018.
Title: Re: Technical
Post by: Secondmineboy on May 10, 2018, 09:07:17 PM
Net Neutrality now has a specific death date – June 11, 2018

https://www.androidauthority.com/net-neutrality-death-date-864283/
Title: Re: Technical
Post by: bob3160 on May 11, 2018, 12:05:33 AM
Net Neutrality now has a specific death date – June 11, 2018

https://www.androidauthority.com/net-neutrality-death-date-864283/ (https://www.androidauthority.com/net-neutrality-death-date-864283/)
That's one month after the date when Amazon Prime starts to raise it's annual fee. :)
Title: Re: Technical
Post by: Asyn on May 11, 2018, 12:31:49 PM
Hardware debug exception documentation may result in unexpected behavior
https://www.kb.cert.org/vuls/id/631579
https://everdox.net/popss.pdf
Title: Re: Technical
Post by: Asyn on May 12, 2018, 06:46:33 AM
New Hacking Tool Lets Users Access a Bunch of DVRs and Their Video Feeds
https://www.bleepingcomputer.com/news/security/new-hacking-tool-lets-users-access-a-bunch-of-dvrs-and-their-video-feeds/
Title: Re: Technical
Post by: Asyn on May 13, 2018, 06:57:22 AM
Thousands of Companies Are Still Downloading the Vulnerability That Wrecked Equifax
http://fortune.com/2018/05/07/security-equifax-vulnerability-download/
Title: Re: Technical
Post by: REDACTED on May 14, 2018, 12:53:02 PM
I put a trial from the playstore and i decided to buy b4 end of trial. I got an email saying my credit card will be deductef tonight ehich it was. But i dont know how to put pro on my phone. I csnt even follow this forum please help me get to right forum.
 
Title: Re: Technical
Post by: Asyn on May 14, 2018, 12:54:29 PM
I put a trial from the playstore and i decided to buy b4 end of trial. I got an email saying my credit card will be deductef tonight ehich it was. But i dont know how to put pro on my phone. I csnt even follow this forum please help me get to right forum.
-> https://forum.avast.com/index.php?board=66.0
Title: Re: Technical
Post by: Asyn on May 15, 2018, 06:43:42 AM
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
Title: Re: Technical
Post by: Asyn on May 16, 2018, 06:38:12 AM
Human rights under surveillance - Digital threats against human rights defenders in Pakistan
https://www.amnesty.org/download/Documents/ASA3383662018ENGLISH.PDF
Title: Re: Technical
Post by: Asyn on May 17, 2018, 06:12:15 AM
Hacking iLO — take a moment to secure your servers
https://blog.avast.com/secure-your-servers-from-ransomware
Title: Re: Technical
Post by: Asyn on May 19, 2018, 07:15:56 AM
Nethammer: Inducing Rowhammer Faults through Network Requests
https://arxiv.org/pdf/1805.04956.pdf
Title: Re: Technical
Post by: Asyn on May 20, 2018, 02:44:51 PM
Throwhammer: Rowhammer Attacks over the Network and Defenses
https://www.cs.vu.nl/~herbertb/download/papers/throwhammer_atc18.pdf
Title: Re: Technical
Post by: Asyn on May 21, 2018, 07:58:45 AM
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
EFail and Thunderbird, What You Need To Know
https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/
Title: Re: Technical
Post by: Asyn on May 22, 2018, 07:23:38 AM
Addressing New Research for Side-Channel Analysis - Details and Mitigation Information for Variant 4
https://newsroom.intel.com/editorials/addressing-new-research-for-side-channel-analysis/
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00115.html
Title: Re: Technical
Post by: Asyn on May 23, 2018, 12:44:38 PM
Analysis and mitigation of speculative store bypass (CVE-2018-3639)
https://blogs.technet.microsoft.com/srd/2018/05/21/analysis-and-mitigation-of-speculative-store-bypass-cve-2018-3639/
Title: Re: Technical
Post by: Asyn on May 24, 2018, 11:44:11 AM
New Mac cryptominer uses XMRig
https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2018/05/new-mac-cryptominer-uses-xmrig/
Title: Re: Technical
Post by: Asyn on May 25, 2018, 06:55:41 AM
Android devices ship with pre-installed malware
https://blog.avast.com/android-devices-ship-with-pre-installed-malware
Title: Re: Technical
Post by: Asyn on May 25, 2018, 08:00:50 AM
Spectre continues: Did we all trade speed for security?
https://blog.avast.com/spectre-continues-did-we-all-trade-speed-for-security-avast
Title: Re: Technical
Post by: Asyn on May 26, 2018, 06:46:23 AM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Title: Re: Technical
Post by: Asyn on May 27, 2018, 09:17:15 AM
Brain Food botnet gives website operators heartburn
https://www.proofpoint.com/us/threat-insight/post/brain-food-botnet-gives-website-operators-heartburn
Title: Re: Technical
Post by: Asyn on May 28, 2018, 06:18:50 AM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
Title: Re: Technical
Post by: Gopher John on May 28, 2018, 02:28:15 PM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Can Wi-Fi Inspector detect this router infection?  Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?
Title: Re: Technical
Post by: Filip Braun on May 28, 2018, 04:33:05 PM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx

Can Wi-Fi Inspector detect this router infection?  Since rebooting the router can at least temporarily disrupt the connection to the botnet, is there anything that could be detected?

Hello,
We were considering whether to add a detection for the VPNFilter exploit, but at this point we are leaning towards NO.
The reasons being:
- It is targeted mostly towards corporate networks (not Wi-Fi Inspectors focus)
- It is not that wide spread
- It is one of the more sophisticated and harder to detect exploits (more development time needed)
Added up, it would not be worth to invest the time into this, when we can add several other detections, that we think will benefit our users more.

Filip
Title: Re: Technical
Post by: Gopher John on May 28, 2018, 06:33:26 PM
Filip, thanks for your reply.

Many brands/models of home routers are vulnerable. If these routers become compromised, it is possible that they could be used for DDos attacks?  At any rate, it seems that the compromised routers is used to steal data traveling thru them.
Title: Re: Technical
Post by: Asyn on May 29, 2018, 12:43:33 PM
EFAIL describes vulnerabilities in the end-to-end encryption technologies OpenPGP and S/MIME that leak the plaintext of encrypted emails
https://efail.de/
https://efail.de/efail-attack-paper.pdf
EFail and Thunderbird, What You Need To Know
https://blog.mozilla.org/thunderbird/2018/05/efail-and-thunderbird/
In Apple Mail, There’s No Protecting PGP-Encrypted Messages
https://theintercept.com/2018/05/25/in-apple-mail-theres-no-protecting-pgp-encrypted-messages/
Title: Re: Technical
Post by: Asyn on May 30, 2018, 11:25:55 AM
Z-Shave. Exploiting Z-Wave downgrade attacks
https://www.pentestpartners.com/security-blog/z-shave-exploiting-z-wave-downgrade-attacks/
Title: Re: Technical
Post by: Asyn on May 31, 2018, 03:36:51 PM
Frag Grenade! A Remote Code Execution Vulnerability in the Steam Client
https://www.contextis.com/blog/frag-grenade-a-remote-code-execution-vulnerability-in-the-steam-client
Title: Re: Technical
Post by: Asyn on June 01, 2018, 07:33:05 AM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
Did you reboot your router yet? Make sure to do so and soon.
https://blog.avast.com/dont-forget-to-reboot-your-router
Title: Re: Technical
Post by: Asyn on June 03, 2018, 11:22:28 AM
Side-channel attacking browsers through CSS3 features
https://www.evonide.com/side-channel-attacking-browsers-through-css3-features/
Title: Re: Technical
Post by: Asyn on June 04, 2018, 12:19:07 PM
Research shows 75% of ‘open’ Redis servers infected
https://www.incapsula.com/blog/report-75-of-open-redis-servers-are-infected.html
Title: Re: Technical
Post by: Asyn on June 05, 2018, 06:47:44 AM
Fighting malware with machine learning
https://blog.avast.com/fighting-malware-with-machine-learning

(https://blog.avast.com/hs-fs/hubfs/avast-evogens-all.png?t=1527864105461&width=800)
Title: Re: Technical
Post by: Asyn on June 06, 2018, 06:54:53 AM
Large cryptojacking campaign targeting vulnerable Drupal websites
https://badpackets.net/large-cryptojacking-campaign-targeting-vulnerable-drupal-websites/
Over 100,000 Drupal websites vulnerable to Drupalgeddon 2 (CVE-2018-7600)
https://badpackets.net/over-100000-drupal-websites-vulnerable-to-drupalgeddon-2-cve-2018-7600/
Title: Re: Technical
Post by: Asyn on June 07, 2018, 06:19:42 AM
Zip Slip Vulnerability
https://snyk.io/research/zip-slip-vulnerability
https://res.cloudinary.com/snyk/image/upload/v1528192501/zip-slip-vulnerability/technical-whitepaper.pdf
Title: Re: Technical
Post by: Asyn on June 08, 2018, 06:22:30 AM
New VPNFilter malware targets at least 500K networking devices worldwide
https://blog.talosintelligence.com/2018/05/VPNFilter.html
https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
https://www.thedailybeast.com/exclusive-fbi-seizes-control-of-russian-botnet
https://www.justice.gov/opa/pr/justice-department-announces-actions-disrupt-advanced-persistent-threat-28-botnet-infected
Foreign Cyber Actors Target Home and Office Routers and Networked Devices Worldwide
https://www.ic3.gov/media/2018/180525.aspx
Did you reboot your router yet? Make sure to do so and soon.
https://blog.avast.com/dont-forget-to-reboot-your-router
VPNFilter Update - VPNFilter exploits endpoints, targets new devices
https://blog.talosintelligence.com/2018/06/vpnfilter-update.html
Title: Re: Technical
Post by: Asyn on June 09, 2018, 07:25:59 PM
Major Vulnerabilities in Foscam Cameras
https://blog.vdoo.com/2018/06/06/vdoo-has-found-major-vulnerabilities-in-foscam-cameras/
Title: Re: Technical
Post by: Asyn on June 13, 2018, 05:49:40 AM
CryptoCurrency Miner Plays Hide-and-seek with Popular Games and Tools
https://www.bleepingcomputer.com/news/security/cryptocurrency-miner-plays-hide-and-seek-with-popular-games-and-tools/
Title: Re: Technical
Post by: Asyn on June 13, 2018, 08:00:09 AM
The June 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/6/12/the-june-2018-security-update-review
Title: Re: Technical
Post by: Asyn on June 14, 2018, 06:31:45 AM
Trik Spam Botnet Leaks 43 Million Email Addresses
https://www.bleepingcomputer.com/news/security/trik-spam-botnet-leaks-43-million-email-addresses/
Title: Re: Technical
Post by: Asyn on June 14, 2018, 09:54:23 AM
I can be Apple, and so can you - A Public Disclosure of Issues Around Third Party Code Signing Checks
https://www.okta.com/security-blog/2018/06/issues-around-third-party-apple-code-signing-checks/
https://arstechnica.com/information-technology/2018/06/simple-technique-bypassed-macos-signature-checks-by-third-party-tools/
Title: Re: Technical
Post by: Asyn on June 15, 2018, 07:52:07 AM
Improving extension transparency for users
https://blog.chromium.org/2018/06/improving-extension-transparency-for.html
Title: Re: Technical
Post by: Asyn on June 16, 2018, 06:59:44 AM
Cryptojacking invades cloud. How modern containerization trend is exploited by attackers
https://kromtech.com/blog/security-center/cryptojacking-invades-cloud-how-modern-containerization-trend-is-exploited-by-attackers
Title: Re: Technical
Post by: Asyn on June 20, 2018, 06:17:45 AM
Launching VirusTotal Monitor, a service to mitigate false positives
http://blog.virustotal.com/2018/06/vtmonitor-to-mitigate-false-positives.html
Title: Re: Technical
Post by: Asyn on June 21, 2018, 05:39:06 AM
Google’s Newest Feature: Find My Home
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
Title: Re: Technical
Post by: DavidR on June 21, 2018, 10:11:29 AM
Google’s Newest Feature: Find My Home
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home

I haven't got a single IoT product in my home, for the most part I don't think they are serving any function that I want or need.  But security has also been one of my concerns, hell I won't even have a Smart TV connected to the internet as none of them really have any specific (installable or built in) protection.
Title: Re: Technical
Post by: Asyn on June 21, 2018, 12:36:46 PM
Google’s Newest Feature: Find My Home
https://www.tripwire.com/state-of-security/vert/googles-newest-feature-find-my-home
I haven't got a single IoT product in my home, for the most part I don't think they are serving any function that I want or need.  But security has also been one of my concerns, hell I won't even have a Smart TV connected to the internet as none of them really have any specific (installable or built in) protection.
Side note: When Young first reached out to Google in May about his findings, the company replied by closing his bug report with a “Status: Won’t Fix (Intended Behavior)” message. But after being contacted by KrebsOnSecurity, Google changed its tune, saying it planned to ship an update to address the privacy leak in both devices. Currently, that update is slated to be released in mid-July 2018. (https://krebsonsecurity.com/2018/06/google-to-fix-location-data-leak-in-google-home-chromecast/)
Title: Re: Technical
Post by: mchain on June 21, 2018, 06:42:07 PM
Windows warning: US exposes North Korea government's Typeframe malware
https://www.zdnet.com/article/windows-warning-us-exposes-north-korea-governments-typeframe-malware/ (https://www.zdnet.com/article/windows-warning-us-exposes-north-korea-governments-typeframe-malware/)
Title: Re: Technical
Post by: Asyn on June 22, 2018, 07:57:36 AM
Olympic Destroyer is still alive
https://securelist.com/olympic-destroyer-is-still-alive/86169/
Title: Re: Technical
Post by: Asyn on June 23, 2018, 07:15:05 AM
True Story: The Case of a Hacked Baby Monitor (Gwelltimes P2P Cloud)
https://www.sec-consult.com/en/blog/2018/06/true-story-the-case-of-a-hacked-baby-monitor-gwelltimes-p2p-cloud/
Title: Re: Technical
Post by: Asyn on June 24, 2018, 06:51:25 AM
Cache Me Outside › apple's 'quicklook' cache may leak encrypted data
https://objective-see.com/blog/blog_0x30.html
Title: Re: Technical
Post by: mchain on July 06, 2018, 08:40:48 PM
IBM, Symantec, McAfee Touted for Proactive Security
https://www.channelpartnersonline.com/2018/07/05/ibm-symantec-mcafee-touted-for-proactive-security/ (https://www.channelpartnersonline.com/2018/07/05/ibm-symantec-mcafee-touted-for-proactive-security/)
Title: Re: Technical
Post by: Asyn on July 14, 2018, 11:47:08 PM
The July 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/7/10/the-july-2018-security-update-review
Title: Re: Technical
Post by: Asyn on July 15, 2018, 11:25:32 AM
Speculative Buffer Overflows: Attacks and Defenses
https://people.csail.mit.edu/vlk/spectre11.pdf
Title: Re: Technical
Post by: Asyn on July 16, 2018, 07:30:28 AM
Intel Analysis of Speculative Execution Side Channels (Revision 4.0 - July 2018)
https://software.intel.com/sites/default/files/managed/b9/f9/336983-Intel-Analysis-of-Speculative-Execution-Side-Channels-White-Paper.pdf
Title: Re: Technical
Post by: Asyn on July 18, 2018, 07:48:56 AM
oo7: Low-overhead Defense against Spectre Attacks via Binary Analysis
https://arxiv.org/pdf/1807.05843.pdf
Title: Re: Technical
Post by: Asyn on July 19, 2018, 06:17:34 AM
Malwarebytes - Cybercrime Tactics and Techniques: Q2 2018
https://resources.malwarebytes.com/files/2018/07/Malwarebytes_Cybercrime-Tactics-and-Techniques-Q2-2018.pdf
Title: Re: Technical
Post by: Asyn on July 22, 2018, 11:41:34 AM
Microsoft Identity Bounty Program
https://www.microsoft.com/en-us/msrc/bounty-microsoft-identity
Title: Re: Technical
Post by: Asyn on July 24, 2018, 09:18:47 AM
Mozilla - ASan Nightly Project
https://developer.mozilla.org/en-US/docs/Mozilla/Testing/ASan_Nightly_Project
Title: Re: Technical
Post by: Asyn on July 25, 2018, 06:18:35 AM
Spectre Returns! Speculation Attacks using the Return Stack Buffer
https://arxiv.org/pdf/1807.07940.pdf
Title: Re: Technical
Post by: Asyn on July 26, 2018, 06:33:41 AM
ret2spec: Speculative Execution Using Return Stack Buffers
https://christian-rossow.de/publications/ret2spec-ccs2018.pdf
Title: Re: Technical
Post by: Asyn on July 27, 2018, 11:34:15 AM
LifeLock Bug Exposed Millions of Customer Email Addresses
https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/
Title: Re: Technical
Post by: bob3160 on July 27, 2018, 02:58:49 PM
LifeLock Bug Exposed Millions of Customer Email Addresses
https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/ (https://krebsonsecurity.com/2018/07/lifelock-bug-exposed-millions-of-customer-email-addresses/)
Avast got burned when they acquired Piriform because of a flaw in Ccleaner's coding.
Now Symantec gets burned because of a flaw in web coding in Life Lock which they acquired.
These things can happen to any company. It's always the individual customer that's at risk.
Title: Re: Technical
Post by: mchain on July 27, 2018, 04:00:08 PM
The gist I get is that LifeLock says it is about security and protecting its consumers against fraud when the article by Krebsonsecurity says the issue is a basic programming error done for convenience, not security, so a subscriber can unsubscribe more easily.  LifeLock should never have set it up this way because this was an easy way to commit fraud against known customers.

 
Title: Re: Technical
Post by: bob3160 on July 27, 2018, 05:48:53 PM
The gist I get is that LifeLock says it is about security and protecting its consumers against fraud when the article by Krebsonsecurity says the issue is a basic programming error done for convenience, not security, so a subscriber can unsubscribe more easily.  LifeLock should never have set it up this way because this was an easy way to commit fraud against known customers.

 
Symantec owns LifeLock. So this is now their problem.
Title: Re: Technical
Post by: Asyn on July 28, 2018, 07:37:44 AM
Vulnerability Spotlight: Multiple Vulnerabilities in Samsung SmartThings Hub
https://blog.talosintelligence.com/2018/07/samsung-smartthings-vulns.html
Title: Re: Technical
Post by: Asyn on July 29, 2018, 10:10:07 AM
NetSpectre: Read Arbitrary Memory over Network
https://misc0110.net/web/files/netspectre.pdf
Title: Re: Technical
Post by: Asyn on July 30, 2018, 06:42:13 AM
The SIM Hijackers
https://motherboard.vice.com/en_us/article/vbqax3/hackers-sim-swapping-steal-phone-numbers-instagram-bitcoin
Title: Re: Technical
Post by: Asyn on August 01, 2018, 06:21:22 AM
"Big Star Labs" spyware campaign affects over 11,000,000 people
https://adguard.com/en/blog/big-star-labs-spyware/
Title: Re: Technical
Post by: Asyn on August 02, 2018, 06:28:10 AM
SamSam: The (Almost) Six Million Dollar Ransomware
https://www.sophos.com/en-us/medialibrary/PDFs/technical-papers/SamSam-The-Almost-Six-Million-Dollar-Ransomware.pdf
Title: Re: Technical
Post by: Asyn on August 03, 2018, 06:38:19 AM
Telegram’s New Passport Service is Vulnerable to Brute Force Attacks
https://virgilsecurity.com/telegram-passport-vulnerability/
Title: Re: Technical
Post by: Asyn on August 05, 2018, 06:58:26 PM
Computer Virus Cripples IPhone Chipmaker TSMC Plants
https://www.bloomberg.com/news/articles/2018-08-04/tsmc-takes-emergency-steps-as-operations-hit-by-computer-virus
Title: Re: Technical
Post by: Asyn on August 06, 2018, 09:24:42 AM
An open letter to Microsoft management re: Windows updating
https://www.computerworld.com/article/3293440/microsoft-windows/an-open-letter-to-microsoft-management-re-windows-updating.html
Title: Re: Technical
Post by: Asyn on August 07, 2018, 08:18:22 AM
Mozilla's new DNS resolution is dangerous
https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-new-dns-resolution-is-dangerous/
Title: Re: Technical
Post by: alanb on August 07, 2018, 03:55:25 PM
Quote
Mozilla's new DNS resolution is dangerous

No it isn't, and the article is seriously misleading its readers:

Quote
Mozilla wants to override any configured DNS server with Cloudflare

No they don't: the TRR is fully user-configurable. Mozilla is running a limited Opt-in shield study to test their DoH/TRR implementation.

See  https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/ (https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/)
Title: Re: Technical
Post by: Asyn on August 08, 2018, 07:51:44 AM
Quote
Mozilla's new DNS resolution is dangerous
No it isn't, and the article is seriously misleading its readers:
Quote
Mozilla wants to override any configured DNS server with Cloudflare
No they don't: the TRR is fully user-configurable. Mozilla is running a limited Opt-in shield study to test their DoH/TRR implementation.
See  https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/ (https://blog.nightly.mozilla.org/2018/06/01/improving-dns-privacy-in-firefox/)
Ongoing discussion here: https://news.ycombinator.com/item?id=17690534
Title: Re: Technical
Post by: alanb on August 08, 2018, 01:46:42 PM
Thanks for the link, Asyn.  I shall read it carefully   :)

I've been following developments (and comments) closely on Mozilla and the /r/Firefox subreddit.
Title: Re: Technical
Post by: Asyn on August 08, 2018, 04:14:53 PM
You're welcome Alan.
Title: Re: Technical
Post by: Asyn on August 09, 2018, 06:35:32 AM
FakesApp: A Vulnerability in WhatsApp
https://research.checkpoint.com/fakesapp-a-vulnerability-in-whatsapp/
Title: Re: Technical
Post by: Asyn on August 10, 2018, 06:11:01 AM
Winners of the 2018 Pwnie Awards
https://pwnies.com/winners/
Title: Re: Technical
Post by: Asyn on August 11, 2018, 07:50:09 AM
Is the Mafia Taking Over Cybercrime?
http://i.blackhat.com/us-18/Wed-August-8/us-18-Lusthaus-Is-The-Mafia-Taking-Over-Cybercrime-wp.pdf
Title: Re: Technical
Post by: Asyn on August 12, 2018, 07:02:44 AM
Hacker Finds Hidden 'God Mode' on Old x86 CPUs
https://www.tomshardware.com/news/x86-hidden-god-mode,37582.html
Title: Re: Technical
Post by: Asyn on August 13, 2018, 07:03:16 AM
Hacking a Brand New Mac Remotely, Right Out of the Box
https://www.wired.com/story/mac-remote-hack-wifi-enterprise/
Title: Re: Technical
Post by: Asyn on August 15, 2018, 07:24:41 AM
Hacking the Amazon Echo
https://blog.avast.com/hacking-the-amazon-echo-avast
https://techcrunch.com/2018/08/13/security-researchers-found-a-way-to-hack-into-the-amazon-echo/
Title: Re: Technical
Post by: mchain on August 15, 2018, 08:16:54 AM
FBI Warns of ‘Unlimited’ ATM Cashout Blitz
https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/ (https://krebsonsecurity.com/2018/08/fbi-warns-of-unlimited-atm-cashout-blitz/)
Title: Re: Technical
Post by: Asyn on August 15, 2018, 11:19:28 AM
The August 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/8/14/the-august-2018-security-update-review
Title: Re: Technical
Post by: bob3160 on August 15, 2018, 02:08:47 PM
Hacking the Amazon Echo
https://blog.avast.com/hacking-the-amazon-echo-avast (https://blog.avast.com/hacking-the-amazon-echo-avast)
https://techcrunch.com/2018/08/13/security-researchers-found-a-way-to-hack-into-the-amazon-echo/ (https://techcrunch.com/2018/08/13/security-researchers-found-a-way-to-hack-into-the-amazon-echo/)
When this was still viable, The hacker actually had to break into my home and replace my Echo with the hacked Echo
in order for this to work. Theoretically doable but highly unlikely. Since it's already fixed via an update, this was an interesting exercise. :)   
Title: Re: Technical
Post by: Asyn on August 16, 2018, 06:40:52 AM
Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
https://foreshadowattack.eu/
https://foreshadowattack.eu/foreshadow.pdf
https://foreshadowattack.eu/foreshadow-NG.pdf
Title: Re: Technical
Post by: Asyn on August 17, 2018, 07:28:05 AM
Access all areas - Ways your smart home can be hacked
https://blog.avast.com/mqtt-vulnerabilities-hacking-smart-homes
Title: Re: Technical
Post by: Asyn on August 18, 2018, 07:23:40 AM
AP Exclusive: Google tracks your movements, like it or not
https://apnews.com/828aefab64d4411bac257a07c1af0ecb
Title: Re: Technical
Post by: Asyn on August 18, 2018, 07:47:44 PM
Let's Encrypt Root Trusted By All Major Root Programs
https://letsencrypt.org/2018/08/06/trusted-by-all-major-root-programs.html
Title: Re: Technical
Post by: Asyn on August 19, 2018, 10:56:42 AM
Faxploit: Breaking the Unthinkable
https://blog.checkpoint.com/2018/08/12/faxploit-hp-printer-fax-exploit/
https://research.checkpoint.com/sending-fax-back-to-the-dark-ages/
Title: Re: Technical
Post by: Asyn on August 20, 2018, 08:45:46 AM
Foreshadow - Breaking the Virtual Memory Abstraction with Transient Out-of-Order Execution
https://foreshadowattack.eu/
https://foreshadowattack.eu/foreshadow.pdf
https://foreshadowattack.eu/foreshadow-NG.pdf
Q3 2018 Speculative Execution Side Channel Update
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00161.html
https://software.intel.com/security-software-guidance/software-guidance/l1-terminal-fault
https://www.kernel.org/doc/html/latest/admin-guide/l1tf.html
Title: Re: Technical
Post by: Asyn on August 21, 2018, 06:12:59 AM
The Essential Guide for Mac Security
https://blog.avast.com/essential-guide-to-mac-security
Title: Re: Technical
Post by: Asyn on August 22, 2018, 08:48:31 AM
USBHarpoon
https://vincentyiu.co.uk/usbharpoon/
Title: Re: Technical
Post by: Asyn on August 23, 2018, 08:52:18 AM
We are taking new steps against broadening threats to democracy
https://blogs.microsoft.com/on-the-issues/2018/08/20/we-are-taking-new-steps-against-broadening-threats-to-democracy/
Title: Re: Technical
Post by: Asyn on August 24, 2018, 06:27:24 AM
Picking Apart Remcos Botnet-In-A-Box
https://blog.talosintelligence.com/2018/08/picking-apart-remcos.html
Title: Re: Technical
Post by: Asyn on August 26, 2018, 03:27:45 PM
OpenSSH – users enumeration – CVE-2018-15473
https://sekurak.pl/openssh-users-enumeration-cve-2018-15473/
Title: Re: Technical
Post by: Asyn on August 27, 2018, 11:58:45 AM
Update on the Distrust of Symantec TLS Certificates
https://blog.mozilla.org/security/2018/07/30/update-on-the-distrust-of-symantec-tls-certificates/
https://support.apple.com/en-us/HT208860
Title: Re: Technical
Post by: Asyn on August 28, 2018, 10:11:22 AM
CrowdStrike donates Falcon MalQuery for rapid YARA hunts to the HA Community
https://hybrid-analysis.blogspot.com/2018/08/crowdstrike-donates-falcon-malquery-for.html
Title: Re: Technical
Post by: Asyn on August 29, 2018, 05:34:15 AM
ATtention Spanned: Comprehensive Vulnerability Analysis of AT Commands Within the Android Ecosystem
https://atcommands.org/
https://atcommands.org/sec18-tian.pdf
Title: Re: Technical
Post by: Asyn on August 30, 2018, 06:30:31 AM
Increasing mobile threat intelligence with apklab.io
https://blog.avast.com/mobile-threat-intelligence-with-apklab.io
Title: Re: Technical
Post by: Asyn on August 30, 2018, 11:33:02 AM
GandCrab 4 Ransomware Now Infects Via Software Cracks
https://sensorstechforum.com/gandcrab-4-ransomware-now-infects-via-cracks/
Title: Re: Technical
Post by: Asyn on August 31, 2018, 10:55:35 AM
Intel® Safety Critical Project for Linux OS
https://clearlinux.org/safe/
Title: Re: Technical
Post by: Asyn on September 03, 2018, 12:38:48 PM
SonarSnoop: Active Acoustic Side-Channel Attacks
https://arxiv.org/pdf/1808.10250v1.pdf
Title: Re: Technical
Post by: Asyn on September 04, 2018, 05:45:02 AM
The Data Breach Survival Guide
https://blog.avast.com/data-breach-survival-guide
Title: Re: Technical
Post by: Asyn on September 05, 2018, 07:14:34 AM
Remote Mac Exploitation Via Custom URL Schemes
https://objective-see.com/blog/blog_0x38.html
Title: Re: Technical
Post by: Asyn on September 06, 2018, 07:35:09 AM
MagentoCore skimmer most aggressive to date
https://gwillem.gitlab.io/2018/08/30/magentocore.net_skimmer_most_aggressive_to_date/
Title: Re: Technical
Post by: Asyn on September 07, 2018, 11:43:17 AM
Fallout Exploit Kit Used in Malvertising Campaign to Deliver GandCrab Ransomware
https://www.fireeye.com/blog/threat-research/2018/09/fallout-exploit-kit-used-in-malvertising-campaign-to-deliver-gandcrab-ransomware.html
Title: Re: Technical
Post by: Asyn on September 10, 2018, 10:56:20 AM
Web-based Threats-2018 Q2: U.S. Remains #1 in Malicious Web Addresses, China Falls from #2 to #7
https://researchcenter.paloaltonetworks.com/2018/09/unit42-web-based-threats-2018-q2-u-s-remains-1-malicious-web-addresses-china-falls-2-7/
Title: Re: Technical
Post by: Asyn on September 11, 2018, 07:25:46 AM
Vulnerability Spotlight: CVE-2018-3952 / CVE-2018-4010 - Multi-provider VPN Client Privilege Escalation Vulnerabilities
https://blog.talosintelligence.com/2018/09/vulnerability-spotlight-Multi-provider-VPN-Client-Privilege-Escalation.html
Title: Re: Technical
Post by: Asyn on September 12, 2018, 05:55:51 AM
Tech support scammers find a home on Microsoft TechNet pages
https://www.zdnet.com/article/tech-support-scammers-find-a-on-microsoft-technet-pages/
Title: Re: Technical
Post by: Asyn on September 12, 2018, 08:20:55 AM
The September 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/9/11/the-september-2018-security-update-review
Title: Re: Technical
Post by: Asyn on September 13, 2018, 09:12:16 AM
PowerShell Obfuscation Ups the Ante on Antivirus
https://threatpost.com/powershell-obfuscation-ups-the-ante-on-antivirus/137403/
https://threatvector.cylance.com/en_us/home/unpacking-a-packer-powershell-obfuscation-using-securestring.html
Title: Re: Technical
Post by: Asyn on September 14, 2018, 06:48:09 AM
Inside the Magecart Breach of British Airways: How 22 Lines of Code Claimed 380,000 Victims
https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
Title: Re: Technical
Post by: Asyn on September 15, 2018, 06:54:48 AM
Kodi add-ons launch cryptomining campaign
https://www.welivesecurity.com/2018/09/13/kodi-add-ons-launch-cryptomining-campaign/
Title: Re: Technical
Post by: Asyn on September 17, 2018, 05:50:25 AM
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/
Title: Re: Technical
Post by: bob3160 on September 17, 2018, 02:51:14 PM
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/ (https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/)
I'd like to know how the infector got onto their servers?
Title: Re: Technical
Post by: Asyn on September 18, 2018, 12:44:16 PM
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/ (https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/)
I'd like to know how the infector got onto their servers?
Yes Bob, that would be interesting to know, unfortunately their statement is quite vague.

"A malicious file was uploaded to the SUPERAntiSpyware download server as a result of an attempted attack on the server," SuperAntiSpyware told BleepingComputer. "The malicious file was discovered and removed from the server within several hours of the attempt. The server has since been thoroughly scanned and the vulnerability has been corrected."
Title: Re: Technical
Post by: bob3160 on September 18, 2018, 01:40:00 PM
Kraken Cryptor Ransomware Masquerading as SuperAntiSpyware Security Program
https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/ (https://www.bleepingcomputer.com/news/security/kraken-cryptor-ransomware-masquerading-as-superantispyware-security-program/)
I'd like to know how the infector got onto their servers?
Yes Bob, that would be interesting to know, unfortunately their statement is quite vague.

"A malicious file was uploaded to the SUPERAntiSpyware download server as a result of an attempted attack on the server," SuperAntiSpyware told BleepingComputer. "The malicious file was discovered and removed from the server within several hours of the attempt. The server has since been thoroughly scanned and the vulnerability has been corrected."
Another good reason to use Malwarebytes if you want a second opinion in addition to Avast.
Title: Re: Technical
Post by: Asyn on September 19, 2018, 06:32:50 AM
Political Figures Differ Online: Names of Trump, Obama, Merkel Attached to Ransomware Campaigns
https://securingtomorrow.mcafee.com/mcafee-labs/political-figures-differ-online-names-of-trump-obama-merkel-attached-to-ransomware-campaigns/
Title: Re: Technical
Post by: Asyn on September 20, 2018, 10:26:18 AM
Fbot, A Satori Related Botnet Using Block-chain DNS System
https://blog.netlab.360.com/threat-alert-a-new-worm-fbot-cleaning-adbminer-is-using-a-blockchain-based-dns-en/
Title: Re: Technical
Post by: Asyn on September 21, 2018, 09:48:13 AM
NSA EternalBlue exploits live on with an endless infection loop
https://blog.avira.com/nsa-eternalblue-exploits-live-on-with-an-endless-infection-loop/
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/
Title: Re: Technical
Post by: bob3160 on September 21, 2018, 02:57:39 PM
NSA EternalBlue exploits live on with an endless infection loop
https://blog.avira.com/nsa-eternalblue-exploits-live-on-with-an-endless-infection-loop/ (https://blog.avira.com/nsa-eternalblue-exploits-live-on-with-an-endless-infection-loop/)
https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/ (https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/)
https://forum.avast.com/index.php?topic=52252.msg1430410#msg1430410
Title: Re: Technical
Post by: Asyn on September 22, 2018, 06:52:09 AM
ZDI-CAN-6135: A Remote Code Execution Vulnerability in the Microsoft Windows Jet Database Engine
https://www.zerodayinitiative.com/blog/2018/9/20/zdi-can-6135-a-remote-code-execution-vulnerability-in-the-microsoft-windows-jet-database-engine
Title: Re: Technical
Post by: Asyn on September 23, 2018, 09:08:27 AM
Xbash Combines Botnet, Ransomware, Coinmining in Worm that Targets Linux and Windows
https://researchcenter.paloaltonetworks.com/2018/09/unit42-xbash-combines-botnet-ransomware-coinmining-worm-targets-linux-windows/
Title: Re: Technical
Post by: Asyn on September 24, 2018, 01:33:01 PM
Another Victim of the Magecart Assault Emerges: Newegg
https://www.riskiq.com/blog/labs/magecart-newegg/
https://www.volexity.com/blog/2018/09/19/magecart-strikes-again-newegg/
Title: Re: Technical
Post by: Asyn on September 25, 2018, 10:38:17 AM
GandCrab V5 Released With Random Extensions and New HTML Ransom Note
https://www.bleepingcomputer.com/news/security/gandcrab-v5-released-with-random-extensions-and-new-html-ransom-note/
Title: Re: Technical
Post by: billygoat59 on September 25, 2018, 04:09:02 PM
In Quiet Change, Google Now Automatically Logging Users Into Chrome

https://www.darkreading.com/vulnerabilities---threats/in-quiet-change-google-now-automatically-logging-users-into-chrome/d/d-id/1332882?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple
Title: Re: Technical
Post by: bob3160 on September 25, 2018, 04:52:41 PM
In Quiet Change, Google Now Automatically Logging Users Into Chromehttps://www.darkreading.com/vulnerabilities---threats/in-quiet-change-google-now-automatically-logging-users-into-chrome/d/d-id/1332882?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple (https://www.darkreading.com/vulnerabilities---threats/in-quiet-change-google-now-automatically-logging-users-into-chrome/d/d-id/1332882?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple)
Easy enough to fix if it's not something that makes your life easier:
https://www.askvg.com/fix-google-chrome-automatically-signs-into-browser-when-you-log-into-gmail-or-other-google-services/ (https://www.askvg.com/fix-google-chrome-automatically-signs-into-browser-when-you-log-into-gmail-or-other-google-services/)
Title: Re: Technical
Post by: Asyn on September 27, 2018, 09:10:43 AM
Firefox Monitor
https://monitor.firefox.com/
Title: Re: Technical
Post by: DavidR on September 27, 2018, 10:06:48 AM
Firefox Monitor
https://monitor.firefox.com/

Personally I never use things like this as I'm just to trusting (NOT), I don't give out any information (or drop my defences) for anyone to run a supposed security/compromise check.   

Quote from: extract of link
Sign up for Firefox Monitor. You’ll get a full report on your compromised accounts and notifications any time your accounts appear in new data breaches.

I don't know how this falls in line with their comment "Your email will not be stored." (presumably just for that check).  However, if you sign up it and others you use/used would have to be stored.
Title: Re: Technical
Post by: Asyn on September 27, 2018, 11:09:35 AM
1. Personally I never use things like this as I'm just to trusting (NOT), I don't give out any information (or drop my defences) for anyone to run a supposed security/compromise check.   

Quote from: extract of link
Sign up for Firefox Monitor. You’ll get a full report on your compromised accounts and notifications any time your accounts appear in new data breaches.
2. I don't know how this falls in line with their comment "Your email will not be stored." (presumably just for that check).  However, if you sign up it and others you use/used would have to be stored.
1. Me neither, but FFM is certainly one of the few trustworthy services, imo.
2. Correct. :)
Title: Re: Technical
Post by: alanb on September 27, 2018, 03:38:29 PM
Quote
I don't know how this falls in line with their comment "Your email will not be stored."

No email address is transferred.  To quote Mozilla:
Quote
When a user submits their email address to Firefox Monitor, it hashes the plaintext value and sends the first 6 characters to the HIBP API.

Title: Re: Technical
Post by: DavidR on September 27, 2018, 05:01:12 PM
Quote
I don't know how this falls in line with their comment "Your email will not be stored."

No email address is transferred.  To quote Mozilla:
Quote
When a user submits their email address to Firefox Monitor, it hashes the plaintext value and sends the first 6 characters to the HIBP API.

Thanks for that, it could be useful if they either stated that (or gave a link) on the same page as they say your email won't be stored.

Mine you those like myself, who question statements like that, are less likely to need the service. Those that believe just because they say it (and it is written down) is so may be their target audience.
Title: Re: Technical
Post by: alanb on September 27, 2018, 05:17:44 PM
Quote
...could be useful if they either stated that...

Take a look here:  https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/ (https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/)
Title: Re: Technical
Post by: DavidR on September 27, 2018, 06:44:16 PM
Quote
...could be useful if they either stated that...

Take a look here:  https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/ (https://blog.mozilla.org/security/2018/06/25/scanning-breached-accounts-k-anonymity/)

I will have a look at it later, just about to go out.

It isn't so much that it isn't there, just that people would have to go digging for it and many won't.
Title: Re: Technical
Post by: Asyn on September 28, 2018, 07:47:36 AM
LoJax: First UEFI rootkit found in the wild, courtesy of the Sednit group
https://www.welivesecurity.com/2018/09/27/lojax-first-uefi-rootkit-found-wild-courtesy-sednit-group/
https://www.welivesecurity.com/wp-content/uploads/2018/09/ESET-LoJax.pdf
Title: Re: Technical
Post by: Asyn on September 29, 2018, 06:54:31 AM
Torii botnet - Not another Mirai variant
https://blog.avast.com/new-torii-botnet-threat-research
Title: Re: Technical
Post by: Asyn on September 30, 2018, 08:06:21 AM
Facebook Is Giving Advertisers Access to Your Shadow Contact Information
https://gizmodo.com/facebook-is-giving-advertisers-access-to-your-shadow-co-1828476051
https://mislove.org/publications/PII-PETS.pdf
Title: Re: Technical
Post by: Asyn on October 01, 2018, 06:11:51 AM
VPNFilter III: More Tools for the Swiss Army Knife of Malware
https://blog.talosintelligence.com/2018/09/vpnfilter-part-3.html
Title: Re: Technical
Post by: Asyn on October 02, 2018, 07:33:28 AM
5 out of 6 routers at risk
https://blog.avast.com/wi-fi-routers-at-risk
http://www.theamericanconsumer.org/wp-content/uploads/2018/09/FINAL-Wi-Fi-Router-Vulnerabilities.pdf
Title: Re: Technical
Post by: Asyn on October 03, 2018, 07:30:43 AM
Ransomware attacks via RDP choke SMBs
https://blog.avast.com/ransomware-attacks-via-rdp
https://www.ic3.gov/media/2018/180927.aspx
Title: Re: Technical
Post by: Asyn on October 03, 2018, 09:29:57 AM
70+ different types of home routers (all together 100,000+) are being hijacked by GhostDNS
https://blog.netlab.360.com/70-different-types-of-home-routers-all-together-100000-are-being-hijacked-by-ghostdns-en/
Title: Re: Technical
Post by: Asyn on October 04, 2018, 06:17:24 AM
Hackers Are Holding High Profile Instagram Accounts Hostage
https://motherboard.vice.com/en_us/article/d3jdbk/hackers-high-profile-instagram-accounts-hostage-ransom-bitcoin
https://blog.avast.com/instagram-accounts-frozen-with-ransomware
Title: Re: Technical
Post by: Asyn on October 05, 2018, 06:17:53 AM
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
Title: Re: Technical
Post by: bob3160 on October 05, 2018, 02:01:52 PM
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies)
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond (https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond)
Title: Re: Technical
Post by: DavidR on October 05, 2018, 05:08:22 PM
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies (https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies)
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond (https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond)

Whilst I haven't finished reading the first article yet - I'm finding it hard going as it is white text on a black background (for me certainly) and after a while my eyes just lose focus.  However, it is certainly playing to peoples worst fears Government Cyber Hacking (and more in this case), Foreign and Domestic, etc. etc.

I'm not sure how they can rebut this if said doctored chip sets are present.  It seems to be trying to keep their feet out of the fire or be help accountable.  I think there will be a long life to this issue and concerns about hardware modification at source.

This reminds me about CPUs coming out from the factories all ready infected with malware (a few years ago), seems this is the next logical step hacking the hardware.
Title: Re: Technical
Post by: Asyn on October 06, 2018, 06:50:28 PM
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
The Big Hack: The Software Side of China’s Supply Chain Attack
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-the-software-side-of-china-s-supply-chain-attack
Title: Re: Technical
Post by: Asyn on October 09, 2018, 08:50:49 AM
Malware Has a New Way to Hide on Your Mac
https://www.wired.com/story/mac-malware-hide-code-signing/
Title: Re: Technical
Post by: Asyn on October 10, 2018, 07:52:58 AM
The October 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/10/9/the-october-2018-security-update-review
Title: Re: Technical
Post by: Asyn on October 11, 2018, 07:01:43 AM
The Big Hack: How China Used a Tiny Chip to Infiltrate U.S. Companies
https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies
The rebuttal from Amazon, Apple, Supermicro, and the Chinese Government
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-amazon-apple-supermicro-and-beijing-respond
The Big Hack: The Software Side of China’s Supply Chain Attack
https://www.bloomberg.com/news/articles/2018-10-04/the-big-hack-the-software-side-of-china-s-supply-chain-attack
New Evidence of Hacked Supermicro Hardware Found in U.S. Telecom
https://www.bloomberg.com/news/articles/2018-10-09/new-evidence-of-hacked-supermicro-hardware-found-in-u-s-telecom
Title: Re: Technical
Post by: Asyn on October 12, 2018, 06:46:32 AM
The Sony Smart TV Exploit: An Inside View of Hijacking Your Living Room
https://www.fortinet.com/blog/threat-research/sony-smart-tv-exploit-inside-view-hijacking-your-living-room.html
Title: Re: Technical
Post by: Asyn on October 13, 2018, 09:31:48 AM
Microsoft Edge Remote Code Execution
https://leucosite.com/Microsoft-Edge-RCE/
https://www.zerodayinitiative.com/advisories/ZDI-18-1136/
Title: Re: Technical
Post by: Asyn on October 14, 2018, 08:52:18 AM
Largest Cyber Attack Against Iceland Driven by Complex Phishing Scheme
https://www.bleepingcomputer.com/news/security/largest-cyber-attack-against-iceland-driven-by-complex-phishing-scheme/
Title: Re: Technical
Post by: Asyn on October 15, 2018, 02:33:00 PM
New Sextortion Scam Pretends to Come from Your Hacked Email Account
https://www.bleepingcomputer.com/news/security/new-sextortion-scam-pretends-to-come-from-your-hacked-email-account/
Title: Re: Technical
Post by: Asyn on October 16, 2018, 06:21:13 AM
Fake Flash Updaters Push Cryptocurrency Miners
https://researchcenter.paloaltonetworks.com/2018/10/unit42-fake-flash-updaters-push-cryptocurrency-miners/
Title: Re: Technical
Post by: Asyn on October 17, 2018, 07:40:27 AM
Around 62 percent of all Internet sites will run an unsupported PHP version in 10 weeks
https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/
Title: Re: Technical
Post by: Asyn on October 18, 2018, 07:08:02 AM
Old dog, new tricks - Analysing new RTF-based campaign distributing Agent Tesla, Loki with PyREbox
https://blog.talosintelligence.com/2018/10/old-dog-new-tricks-analysing-new-rtf_15.html
Title: Re: Technical
Post by: Asyn on October 19, 2018, 08:03:36 AM
MikroTik mayhem: Cryptomining campaign abusing routers
https://blog.avast.com/mikrotik-routers-targeted-by-cryptomining-campaign-avast
Title: Re: Technical
Post by: Asyn on October 20, 2018, 08:05:16 AM
Tracking Users across the Web via TLS Session Resumption
https://arxiv.org/pdf/1810.07304.pdf
Title: Re: Technical
Post by: Asyn on October 21, 2018, 09:49:59 AM
Having The Security Rug Pulled Out From Under You
https://blogs.akamai.com/sitr/2018/10/having-the-security-rug-pulled-out-from-under-you.html
Title: Re: Technical
Post by: Asyn on October 22, 2018, 08:49:29 AM
Inside the industry of cybercrime
https://blog.avast.com/evolution-of-cybercrime
Title: Re: Technical
Post by: Asyn on October 23, 2018, 08:06:37 AM
Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability
https://www.talosintelligence.com/reports/TALOS-2018-0684
Title: Re: Technical
Post by: Asyn on October 24, 2018, 06:09:24 AM
Latest Firefox Rolls Out Enhanced Tracking Protection
https://blog.mozilla.org/blog/2018/10/23/latest-firefox-rolls-out-enhanced-tracking-protection/
https://blog.mozilla.org/futurereleases/2018/10/23/the-path-to-enhanced-tracking-protection/
Title: Re: Technical
Post by: Asyn on October 25, 2018, 06:14:08 AM
TRITON Attribution: Russian Government-Owned Lab Most Likely Built Custom Intrusion Tools for TRITON Attackers
https://www.fireeye.com/blog/threat-research/2018/10/triton-attribution-russian-government-owned-lab-most-likely-built-tools.html
Title: Re: Technical
Post by: Asyn on October 26, 2018, 08:02:38 AM
Seven new Mirai variants and the aspiring cybercriminal behind them
https://blog.avast.com/hacker-creates-seven-new-variants-of-the-mirai-botnet
Title: Re: Technical
Post by: Asyn on October 27, 2018, 06:11:19 AM
Multiple 0days used by Magecart
https://gwillem.gitlab.io/2018/10/23/magecart-extension-0days/
Title: Re: Technical
Post by: Asyn on October 28, 2018, 07:53:46 AM
Malware Distributors Adopt DKIM to Bypass Mail Filters
https://www.bleepingcomputer.com/news/security/malware-distributors-adopt-dkim-to-bypass-mail-filters/
Title: Re: Technical
Post by: Asyn on October 30, 2018, 07:07:07 AM
DDoS-for-Hire Service Powered by Bushido Botnet
https://www.fortinet.com/blog/threat-research/ddos-for-hire-service-powered-by-bushido-botnet-.html
Title: Re: Technical
Post by: Asyn on November 01, 2018, 08:51:28 AM
Windows 10 Bug Allowed UWP Apps Full Access to File System
https://www.bleepingcomputer.com/news/security/windows-10-bug-allowed-uwp-apps-full-access-to-file-system/
Title: Re: Technical
Post by: Asyn on November 02, 2018, 07:43:04 AM
Anatomy of a sextortion scam
https://blog.talosintelligence.com/2018/10/anatomy-of-sextortion-scam.html
Title: Re: Technical
Post by: Asyn on November 03, 2018, 06:02:21 AM
Quarterly Incident Response Threat Report
https://www.carbonblack.com/quarterly-incident-response-threat-report/november-2018/
Title: Re: Technical
Post by: Asyn on November 04, 2018, 07:42:13 AM
BleedingBit
https://armis.com/bleedingbit/
Title: Re: Technical
Post by: Asyn on November 05, 2018, 06:51:41 AM
Intel CPUs fall to new hyperthreading exploit that pilfers crypto keys
https://arstechnica.com/information-technology/2018/11/intel-cpus-fall-to-new-hyperthreading-exploit-that-pilfers-crypto-keys/
Title: Re: Technical
Post by: Asyn on November 06, 2018, 06:18:55 AM
New Microsoft Edge Browser Zero-Day RCE Exploit in the Works
https://www.bleepingcomputer.com/news/security/new-microsoft-edge-browser-zero-day-rce-exploit-in-the-works/
Title: Re: Technical
Post by: Asyn on November 07, 2018, 06:59:55 AM
Further protections from harmful ad experiences on the web
https://blog.chromium.org/2018/11/further-protections-from-harmful-ad.html
Title: Re: Technical
Post by: Asyn on November 08, 2018, 07:51:19 AM
VirtualBox Zero-Day Vulnerability Details and Exploit Are Publicly Available
https://www.bleepingcomputer.com/news/security/virtualbox-zero-day-vulnerability-details-and-exploit-are-publicly-available/
https://github.com/MorteNoir1/virtualbox_e1000_0day
Title: Re: Technical
Post by: polonus on November 09, 2018, 12:53:25 AM
New American Cybercommand Initiative on VT: ;)
https://www.cybercom.mil/Media/News/News-Display/Article/1681533/new-cnmf-initiative-shares-malware-samples-with-cybersecurity-industry/
Next to already existing FBI efforts: https://malwareinvestigator.gov/
Good they are supporting av-industry this way,

polonus
Title: Re: Technical
Post by: Asyn on November 09, 2018, 07:54:00 AM
Microsoft is Porting Sysinternals Tools to Linux - ProcDump Released
https://www.bleepingcomputer.com/news/microsoft/microsoft-is-porting-sysinternals-tools-to-linux-procdump-released/
https://github.com/microsoft/procdump-for-linux
Title: Re: Technical
Post by: Asyn on November 10, 2018, 06:48:48 AM
BCMPUPnP_Hunter: A 100k Botnet Turns Home Routers to Email Spammers
http://blog.netlab.360.com/bcmpupnp_hunter-a-100k-botnet-turns-home-routers-to-email-spammers-en/
Title: Re: Technical
Post by: Asyn on November 11, 2018, 06:45:01 AM
Cryptocurrency-mining Malware Targets Linux Systems, Uses Rootkit for Stealth
https://www.trendmicro.com/vinfo/us/security/news/cybercrime-and-digital-threats/cryptocurrency-mining-malware-targets-linux-systems-uses-rootkit-for-stealth
Title: Re: Technical
Post by: Asyn on November 12, 2018, 07:07:04 AM
Avast Hack Check
https://www.avast.com/hackcheck
https://www.avast.com/hackcheck/leaks
Title: Re: Technical
Post by: Asyn on November 13, 2018, 05:56:10 AM
Advances in visual phishing detection
https://blog.avast.com/avast-improves-phishing-detection-avast
Title: Re: Technical
Post by: Asyn on November 14, 2018, 06:41:33 AM
Intel Microcode Boot Loader
https://www.ngohq.com/intel-microcode-boot-loader.html
Title: Re: Technical
Post by: Asyn on November 14, 2018, 11:19:40 AM
The November 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/11/13/the-november-2018-security-update-review
Title: Re: Technical
Post by: Asyn on November 15, 2018, 06:22:31 AM
Spectre, Meltdown researchers unveil 7 more speculative execution attacks
https://arstechnica.com/gadgets/2018/11/spectre-meltdown-researchers-unveil-7-more-speculative-execution-attacks/
https://arxiv.org/pdf/1811.05441
Title: Re: Technical
Post by: bob3160 on November 15, 2018, 01:26:32 PM
Spectre, Meltdown researchers unveil 7 more speculative execution attacks
https://arstechnica.com/gadgets/2018/11/spectre-meltdown-researchers-unveil-7-more-speculative-execution-attacks/ (https://arstechnica.com/gadgets/2018/11/spectre-meltdown-researchers-unveil-7-more-speculative-execution-attacks/)
https://arxiv.org/pdf/1811.05441 (https://arxiv.org/pdf/1811.05441)
According to Intel, this will solve the Meltdown and Spectre insecurities.
(https://screencast-o-matic.com/screenshots/u/Lh/1542284717722-63338.png)
Title: Re: Technical
Post by: Asyn on November 15, 2018, 02:18:22 PM
According to Intel, this will solve the Meltdown and Spectre insecurities.
Just marketing. Take a guess how long it would take to get everyone updated. ;)
Title: Re: Technical
Post by: DavidR on November 15, 2018, 02:54:50 PM
According to Intel, this will solve the Meltdown and Spectre insecurities.
Just marketing. Take a guess how long it would take to get everyone updated. ;)

Or how much Intel will make out of said updates ;)
Perhaps it is about time these companies had to pay users for their failings  :P
Title: Re: Technical
Post by: =Snake= on November 15, 2018, 09:36:21 PM
It's a pity, but it won't happen.
Title: Re: Technical
Post by: Asyn on November 16, 2018, 09:55:55 AM
Firefox Monitor Launches in 26 Languages and Adds New Desktop Browser Feature
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/
https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites/
Title: Re: Technical
Post by: bob3160 on November 16, 2018, 11:36:22 AM
Firefox Monitor Launches in 26 Languages and Adds New Desktop Browser Feature
https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/ (https://blog.mozilla.org/blog/2018/11/14/firefox-monitor-launches-in-26-languages-and-adds-new-desktop-browser-feature/)
https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites/ (https://blog.mozilla.org/security/2018/11/14/when-does-firefox-alert-for-breached-sites/)
The next question is, How many of you who have used an email address for any lenght of time,
haven't had your email address exposed on a site that was hacked?
(That unfortunately includes this site if you've been here since before 5-26-2014.)
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
Title: Re: Technical
Post by: Asyn on November 16, 2018, 11:57:22 AM
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
Afaik, such a function is included in Avast Passwords Premium.
Title: Re: Technical
Post by: bob3160 on November 16, 2018, 12:10:09 PM
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
Afaik, such a function is included in Avast Passwords Premium.
Thanks, but even in the beta I only use the free version. :)
Title: Re: Technical
Post by: Asyn on November 16, 2018, 12:59:36 PM
What I'd like to find is a service that can tell me if the email address is currently being used in anything malicious.
Afaik, such a function is included in Avast Passwords Premium.
Thanks, but even in the beta I only use the free version. :)
Guess, you'd get a license for free, but it's up to you... ;)
Title: Re: Technical
Post by: bob3160 on November 16, 2018, 11:42:31 PM
It would hurt my image as the Avast be Free spokesperson. :)
(https://screencast-o-matic.com/screenshots/u/Lh/1542407979553-45871.png)
Title: Re: Technical
Post by: Asyn on November 17, 2018, 07:15:49 AM
Patched Facebook Vulnerability Could Have Exposed Private Information About You and Your Friends
https://www.imperva.com/blog/facebook-privacy-bug/
Title: Re: Technical
Post by: Asyn on November 18, 2018, 10:43:37 AM
Hacking Gmail’s UX With From Fields
https://blog.cotten.io/hacking-gmail-with-weird-from-fields-d6494254722f
Title: Re: Technical
Post by: Asyn on November 19, 2018, 08:43:13 AM
Scammers Use Facebook Sharer Page to Push Tech Support Scams
https://www.bleepingcomputer.com/news/security/scammers-use-facebook-sharer-page-to-push-tech-support-scams/
Title: Re: Technical
Post by: Asyn on November 20, 2018, 09:33:50 AM
ATM Logic Attacks: Scenarios 2018
https://www.ptsecurity.com/upload/corporate/ww-en/analytics/ATM-Vulnerabilities-2018-eng.pdf
Title: Re: Technical
Post by: Asyn on November 20, 2018, 11:27:41 AM
A leaky database of SMS text messages exposed password resets and two-factor codes
https://techcrunch.com/2018/11/15/millions-sms-text-messages-leaked-two-factor-codes/
Title: Re: Technical
Post by: Asyn on November 21, 2018, 07:16:46 AM
Vulnerability Spotlight: Multiple remote vulnerabilities in TP-Link TL-R600VPN
https://blog.talosintelligence.com/2018/11/tplinkr600.html
Title: Re: Technical
Post by: Asyn on November 21, 2018, 01:17:33 PM
Web skimmers compete in Umbro Brasil hack
https://blog.malwarebytes.com/threat-analysis/2018/11/web-skimmers-compete-umbro-brasil-hack/
Title: Re: Technical
Post by: Asyn on November 22, 2018, 09:02:27 AM
Amazon Data Leak Exposes Email Addresses Right Before Black Friday
https://www.bleepingcomputer.com/news/security/amazon-data-leak-exposes-email-addresses-right-before-black-friday/
Title: Re: Technical
Post by: Asyn on November 23, 2018, 08:28:34 AM
The Rotexy mobile Trojan – banker and ransomware
https://securelist.com/the-rotexy-mobile-trojan-banker-and-ransomware/88893/
Title: Re: Technical
Post by: Asyn on November 23, 2018, 09:49:36 AM
USPS Site Exposed Data on 60 Million Users
https://krebsonsecurity.com/2018/11/usps-site-exposed-data-on-60-million-users/
Title: Re: Technical
Post by: Asyn on November 24, 2018, 05:21:21 PM
Aurora / Zorro Ransomware Actively Being Distributed
https://www.bleepingcomputer.com/news/security/aurora-zorro-ransomware-actively-being-distributed/
Title: Re: Technical
Post by: Asyn on November 27, 2018, 08:17:27 AM
ECCploit: ECC Memory Vulnerable to Rowhammer Attacks After All
https://www.vusec.net/projects/eccploit/
http://cs.vu.nl/~lcr220/ecc/ecc-rh-paper-sp2019-cr.pdf
Title: Re: Technical
Post by: Asyn on November 28, 2018, 05:20:15 AM
Half of all Phishing Sites Now Have the Padlock
https://krebsonsecurity.com/2018/11/half-of-all-phishing-sites-now-have-the-padlock/
Title: Re: Technical
Post by: bob3160 on November 28, 2018, 02:41:16 PM
Industry collaboration leads to takedown of the “3ve” ad fraud operation (https://security.googleblog.com/2018/11/industry-collaboration-leads-to.html)
Title: Re: Technical
Post by: Asyn on November 29, 2018, 10:25:11 AM
Dell Systems Hacked to Steal Customer Information
https://www.bleepingcomputer.com/news/security/dell-systems-hacked-to-steal-customer-information/
Title: Re: Technical
Post by: Asyn on December 01, 2018, 05:49:44 AM
AutoCAD Malware - Computer Aided Theft
https://www.forcepoint.com/blog/security-labs/autocad-malware-computer-aided-theft
Title: Re: Technical
Post by: Asyn on December 02, 2018, 02:57:11 PM
KingMiner: The New and Improved CryptoJacker
https://research.checkpoint.com/kingminer-the-new-and-improved-cryptojacker/
Title: Re: Technical
Post by: Asyn on December 04, 2018, 10:51:54 AM
Mozilla to Provide MSI Installers Starting with Firefox 65
https://www.bleepingcomputer.com/news/software/mozilla-to-provide-msi-installers-starting-with-firefox-65/
https://support.mozilla.org/en-US/kb/firefox-customization-msi-installers
Title: Re: Technical
Post by: Asyn on December 05, 2018, 07:05:00 AM
Let’s play Hide ’N Seek with a botnet.
https://blog.avast.com/hide-n-seek-botnet-continues
Title: Re: Technical
Post by: Asyn on December 06, 2018, 06:18:59 AM
SNDBOX - an AI Powered Malware Analysis Site is Launched
https://www.bleepingcomputer.com/news/security/sndbox-an-ai-powered-malware-analysis-site-is-launched/
https://www.sndbox.com/
Title: Re: Technical
Post by: Asyn on December 07, 2018, 08:55:08 AM
New Report: Unknown Data Scraper Breach
https://blog.hackenproof.com/industry-news/new-report-unknown-data-scraper-breach/
Title: Re: Technical
Post by: Asyn on December 09, 2018, 09:56:12 AM
Sextortion with a side of ransomware
https://www.proofpoint.com/us/threat-insight/post/sextortion-side-ransomware
Title: Re: Technical
Post by: Asyn on December 10, 2018, 05:48:53 AM
Botnet of Infected WordPress Sites Attacking WordPress Sites
https://www.wordfence.com/blog/2018/12/wordpress-botnet-attacking-wordpress/
Title: Re: Technical
Post by: Asyn on December 10, 2018, 02:42:53 PM
The Ransomware Doctor Without a Cure
https://research.checkpoint.com/the-ransomware-doctor-without-a-cure/
Title: Re: Technical
Post by: Asyn on December 11, 2018, 08:08:08 AM
Sophisticated Android clickfraud apps pose as iPhone apps and devices
https://news.sophos.com/en-us/2018/12/06/android-clickfraud-fake-iphone/
Title: Re: Technical
Post by: Asyn on December 12, 2018, 06:36:15 AM
The Dark Side of the ForSSHe // A landscape of OpenSSH backdoors
https://www.welivesecurity.com/wp-content/uploads/2018/12/ESET-The_Dark_Side_of_the_ForSSHe.pdf
Title: Re: Technical
Post by: Asyn on December 12, 2018, 09:56:21 AM
The December 2018 Security Update Review
https://www.zerodayinitiative.com/blog/2018/12/11/the-december-2018-security-update-review
Title: Re: Technical
Post by: Asyn on December 13, 2018, 10:01:14 AM
Android Trojan steals money from PayPal accounts even with 2FA on
https://www.welivesecurity.com/2018/12/11/android-trojan-steals-money-paypal-accounts-2fa/
Title: Re: Technical
Post by: Asyn on December 13, 2018, 10:02:30 AM
‘Operation Sharpshooter’ Targets Global Defense, Critical Infrastructure
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/operation-sharpshooter-targets-global-defense-critical-infrastructure/
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-operation-sharpshooter.pdf
Title: Re: Technical
Post by: tmoroney on December 13, 2018, 08:45:25 PM
Avast failed on all 4 WinXP machines this morning 12-13-18 !

So far only attempted to restart the UI service but keep getting error message !
Set Terminal server to Automatic start and verified Background Intelligent Transfer Services was set to Automatic start .
Will attempt to reinstall program next :(

Running Avast on one Win 7 machine with no issues this morning !
Title: Re: Technical
Post by: DavidR on December 13, 2018, 11:25:50 PM
@ tmoroney
Please start your own new topic in the Avast Free Antivirus / Pro Antivirus / Internet Security/ Premier forum https://forum.avast.com/index.php?board=2.0 (https://forum.avast.com/index.php?board=2.0).  That is for specific problems with avast antivirus for windows.  This topic in the 'General Forum' about technical issues unrelated to Avast.

On that new topic give details of the avast version and build number (use the about avast option in the tray icon) you have installed on these XP machines.
Title: Re: Technical
Post by: Asyn on December 14, 2018, 10:19:47 AM
New Bomb Threat Email Scam Campaign Demanding $20K in Bitcoin
https://www.bleepingcomputer.com/news/security/new-bomb-threat-email-scam-campaign-demanding-20k-in-bitcoin/
Title: Re: Technical
Post by: Asyn on December 15, 2018, 06:33:57 AM
NUClear explotion
https://embedi.org/blog/nuclear-explotion/
Title: Re: Technical
Post by: Asyn on December 15, 2018, 07:00:38 PM
123456 Is the Most Used Password for the 5th Year in a Row
https://www.bleepingcomputer.com/news/security/123456-is-the-most-used-password-for-the-5th-year-in-a-row/
https://www.prweb.com/releases/bad_password_habits_die_hard_shows_splashdata_s_8th_annual_worst_passwords_list/prweb15987071.htm
Title: Re: Technical
Post by: Asyn on December 17, 2018, 07:14:43 AM
How to Decrypt HiddenTear Ransomware with HT Brute Forcer
https://www.bleepingcomputer.com/ransomware/decryptor/how-to-decrypt-hiddentear-ransomware-with-ht-brute-forcer/
Title: Re: Technical
Post by: Asyn on December 18, 2018, 06:35:55 AM
Magellan
https://blade.tencent.com/magellan/index_en.html
Title: Re: Technical
Post by: Asyn on December 19, 2018, 12:15:09 PM
Connecting the dots between recently active cryptominers
https://blog.talosintelligence.com/2018/12/cryptomining-campaigns-2018.html
Title: Re: Technical
Post by: Asyn on December 21, 2018, 05:00:17 AM
Top 10 Biggest Data Breaches in 2018
https://blog.avast.com/biggest-data-breaches
Title: Re: Technical
Post by: Asyn on December 22, 2018, 06:27:04 AM
Cartoon chaos on Facebook
https://blog.avast.com/facebook-users-share-cartoon-malware
https://malfind.com/index.php/2018/12/21/how-i-accidentaly-found-clickjacking-in-facebook/
Title: Re: Technical
Post by: Asyn on December 23, 2018, 09:06:24 AM
Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries
https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/
https://www.reuters.com/article/us-china-cyber-hpe-ibm-exclusive-idUSKCN1OJ2OY
Title: Re: Technical
Post by: DavidR on December 23, 2018, 10:51:47 AM
Historic APT10 Cyber Espionage Group Breached Systems in Over 12 Countries
https://www.bleepingcomputer.com/news/security/historic-apt10-cyber-espionage-group-breached-systems-in-over-12-countries/
https://www.reuters.com/article/us-china-cyber-hpe-ibm-exclusive-idUSKCN1OJ2OY

This is very big, but what are we to actually do about punishing those responsible.  I guess this is is going to go the way of HUAWEI being denied 5G infrastructure contracts in several countries.
Title: Re: Technical
Post by: Asyn on December 24, 2018, 06:43:10 AM
New Tech Support Scam Causes Chrome Browser to Use 100% of the CPU
https://www.bleepingcomputer.com/news/security/new-tech-support-scam-causes-chrome-browser-to-use-100-percent-of-the-cpu/
Title: Re: Technical
Post by: Asyn on December 25, 2018, 07:21:27 AM
State of Software Security Report (SOSS) 2018
https://www.veracode.com/state-of-software-security-report
Title: Re: Technical
Post by: Asyn on December 27, 2018, 05:34:40 AM
JungleSec Ransomware Infects Victims Through IPMI Remote Consoles
https://www.bleepingcomputer.com/news/security/junglesec-ransomware-infects-victims-through-ipmi-remote-consoles/
Title: Re: Technical
Post by: Asyn on January 02, 2019, 10:44:55 PM
The EU Opens Bug Hunting Season in 2019 for 15 Open-Source Projects It Uses
https://www.bleepingcomputer.com/news/security/the-eu-opens-bug-hunting-season-in-2019-for-15-open-source-projects-it-uses/
https://juliareda.eu/2018/12/eu-fossa-bug-bounties/
Title: Re: Technical
Post by: Asyn on January 04, 2019, 01:03:58 PM
Phishing template uses fake fonts to decode content and evade detection
https://www.proofpoint.com/us/threat-insight/post/phishing-template-uses-fake-fonts-decode-content-and-evade-detection
Title: Re: Technical
Post by: Asyn on January 06, 2019, 11:07:04 AM
How to Decrypt the Aurora Ransomware with AuroraDecrypter
https://www.bleepingcomputer.com/news/security/how-to-decrypt-the-aurora-ransomware-with-auroradecrypter/
Title: Re: Technical
Post by: Asyn on January 08, 2019, 10:05:37 AM
Vidar and GandCrab: stealer and ransomware combo observed in the wild
https://blog.malwarebytes.com/threat-analysis/2019/01/vidar-gandcrab-stealer-and-ransomware-combo-observed-in-the-wild/
Title: Re: Technical
Post by: Asyn on January 09, 2019, 06:07:54 AM
2019 predictions: The internet of (vulnerable) things
https://blog.avast.com/iot-predictions
https://cdn2.hubspot.net/hubfs/486579/Avast%20Threat%20Landscape%20Report%202019.pdf
Title: Re: Technical
Post by: Asyn on January 09, 2019, 01:39:50 PM
The January 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/1/8/the-january-2019-security-update-review
Title: Re: Technical
Post by: Asyn on January 10, 2019, 06:56:26 AM
Surprise! Your phone data is for sale
https://blog.avast.com/phone-location-data-to-aggregators
https://motherboard.vice.com/en_us/article/nepxbz/i-gave-a-bounty-hunter-300-dollars-located-phone-microbilt-zumigo-tmobile
Title: Re: Technical
Post by: Asyn on January 11, 2019, 02:39:35 PM
The State of Web Application Vulnerabilities in 2018
https://www.imperva.com/blog/the-state-of-web-application-vulnerabilities-in-2018/
Title: Re: Technical
Post by: Asyn on January 12, 2019, 07:44:28 AM
A First Look at the Crypto-Mining Malware Ecosystem: A Decade of Unrestricted Wealth
https://arxiv.org/pdf/1901.00846.pdf
Title: Re: Technical
Post by: Asyn on January 13, 2019, 11:49:05 AM
Big Game Hunting with Ryuk: Another Lucrative Targeted Ransomware
https://www.crowdstrike.com/blog/big-game-hunting-with-ryuk-another-lucrative-targeted-ransomware/
Title: Re: Technical
Post by: Asyn on January 14, 2019, 10:43:36 AM
Mozilla to Disable Flash Plugin by Default in Firefox 69
https://www.bleepingcomputer.com/news/software/mozilla-to-disable-flash-plugin-by-default-in-firefox-69/
Title: Re: Technical
Post by: Asyn on January 15, 2019, 11:13:26 AM
Metasploit Framework 5.0 Released!
https://blog.rapid7.com/2019/01/10/metasploit-framework-5-0-released/
Title: Re: Technical
Post by: Asyn on January 16, 2019, 06:36:37 AM
How I Hacked Play-with-Docker and Remotely Ran Code on the Host
https://www.cyberark.com/threat-research-blog/how-i-hacked-play-with-docker-and-remotely-ran-code-on-the-host/
Title: Re: Technical
Post by: Asyn on January 17, 2019, 07:32:15 AM
Distribution of malicious JAR appended to MSI files signed by third parties
https://blog.virustotal.com/2019/01/distribution-of-malicious-jar-appended.html
Title: Re: Technical
Post by: Asyn on January 18, 2019, 07:01:38 AM
The 773 Million Record "Collection #1" Data Breach
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Avast Hack-Check: https://www.avast.com/hackcheck
Title: Re: Technical
Post by: Asyn on January 20, 2019, 11:23:39 AM
The 773 Million Record "Collection #1" Data Breach
https://www.troyhunt.com/the-773-million-record-collection-1-data-reach/

Avast Hack-Check: https://www.avast.com/hackcheck
773M Password ‘Megabreach’ is Years Old
https://krebsonsecurity.com/2019/01/773m-password-megabreach-is-years-old/
Title: Re: Technical
Post by: Asyn on January 21, 2019, 08:27:43 AM
DarkHydrus delivers new Trojan that can use Google Drive for C2 communications
https://unit42.paloaltonetworks.com/darkhydrus-delivers-new-trojan-that-can-use-google-drive-for-c2-communications/
Title: Re: Technical
Post by: Asyn on January 22, 2019, 09:37:39 AM
Microsoft Azure DevOps Bounty Program
https://www.microsoft.com/en-us/msrc/bounty-azure-devops
Title: Re: Technical
Post by: Asyn on January 23, 2019, 05:52:46 AM
5 software facts you didn’t know: Avast PC Report (Part 1)
https://blog.avast.com/pc-report-2019-shows-users-fail-to-update-avast
https://cdn2.hubspot.net/hubfs/486579/Avast_PC_Trends_Report_2019.pdf
Title: Re: Technical
Post by: Asyn on January 23, 2019, 10:37:10 AM
How to takedown 100,000 malware sites
https://abuse.ch/blog/how-to-takedown-100000-malware-sites/
https://urlhaus.abuse.ch/statistics/reactiontime/
Title: Re: Technical
Post by: Asyn on January 24, 2019, 01:16:01 PM
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/
Title: Re: Technical
Post by: bob3160 on January 24, 2019, 01:20:02 PM
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???
Title: Re: Technical
Post by: alanb on January 24, 2019, 02:19:09 PM
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???

Hmm... working here ???
Title: Re: Technical
Post by: DavidR on January 24, 2019, 03:50:35 PM
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???

Hmm... working here ???

Also working here.
Title: Re: Technical
Post by: bob3160 on January 24, 2019, 04:06:52 PM
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???

Hmm... working here ???

Also working here.
(https://screencast-o-matic.com/screenshots/u/Lh/1548341983720-79075.png)
The culprit appears to be the Avast secureLine. Once I turn it off, problem solved.
(Not good since I'm on open wifi at a hotel.)


Title: Re: Technical
Post by: mchain on January 24, 2019, 08:08:22 PM
DHS Issues Emergency Directive to Prevent DNS Hijacking Attacks
https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/ (https://www.bleepingcomputer.com/news/security/dhs-issues-emergency-directive-to-prevent-dns-hijacking-attacks/)
I can't access the link ???

Hmm... working here ???

Also working here.
(https://screencast-o-matic.com/screenshots/u/Lh/1548341983720-79075.png)
The culprit appears to be the Avast secureLine. Once I turn it off, problem solved.
(Not good since I'm on open wifi at a hotel.)
Yep, working here also....   ???
Title: Re: Technical
Post by: bob3160 on January 24, 2019, 08:28:35 PM
Are any of you using SecureLine while you're visiting the site ???
Title: Re: Technical
Post by: mchain on January 24, 2019, 08:29:17 PM
Are any of you using SecureLine while you're visiting the site ???
Yes.
Title: Re: Technical
Post by: bob3160 on January 24, 2019, 08:31:15 PM
Are any of you using SecureLine while you're visiting the site ???
Yes.
Miami ???
Right now the site is down. :)
Title: Re: Technical
Post by: bob3160 on January 24, 2019, 08:39:44 PM
Site is back up.
If I use MIami, I can't get on that website.
I changed it to another connection I was able to reach the site with SecureLine.
Bleeping Computer is probably blocking the IP
Title: Re: Technical
Post by: mchain on January 24, 2019, 08:40:19 PM
Just visited again, using New York.  OK.
Title: Re: Technical
Post by: Asyn on January 25, 2019, 07:54:20 AM
Remotely compromise devices by using bugs in Marvell Avastar Wi-Fi: from zero knowledge to zero-click RCE
https://embedi.org/blog/remotely-compromise-devices-by-using-bugs-in-marvell-avastar-wi-fi-from-zero-knowledge-to-zero-click-rce/
Title: Re: Technical
Post by: Asyn on January 26, 2019, 06:24:20 PM
Cisco AMP tracks new campaign that delivers Ursnif
https://blog.talosintelligence.com/2019/01/amp-tracks-ursnif.html
Title: Re: Technical
Post by: Asyn on January 27, 2019, 09:41:02 AM
Confiant & Malwarebytes Uncover Steganography Based Ad Payload That Drops Shlayer Trojan On Mac Users
https://blog.confiant.com/confiant-malwarebytes-uncover-steganography-based-ad-payload-that-drops-shlayer-trojan-on-mac-cd31e885c202
Title: Re: Technical
Post by: Asyn on January 28, 2019, 09:36:15 AM
Hackers Targeting Cisco RV320/RV325 Routers Using New Exploits
https://www.bleepingcomputer.com/news/security/hackers-targeting-cisco-rv320-rv325-routers-using-new-exploits/
Title: Re: Technical
Post by: Asyn on January 29, 2019, 08:48:34 AM
AZORult: Now, as A Signed “Google Update”
https://blog.minerva-labs.com/azorult-now-as-a-signed-google-update
Title: Re: Technical
Post by: Asyn on January 30, 2019, 09:29:17 AM
5 software facts you didn’t know: Avast PC Report (Part 1)
https://blog.avast.com/pc-report-2019-shows-users-fail-to-update-avast
https://cdn2.hubspot.net/hubfs/486579/Avast_PC_Trends_Report_2019.pdf
5 hardware facts you didn’t know — The Avast PC Report, part 2
https://blog.avast.com/pc-report-2019-reveals-hardware-trends
Title: Re: Technical
Post by: Asyn on January 30, 2019, 04:06:22 PM
DNS flag day 2019
https://dnsflagday.net/
Title: Re: Technical
Post by: Asyn on January 31, 2019, 11:37:09 AM
“Love you” malspam gets a makeover for massive Japan-targeted campaign
https://www.welivesecurity.com/2019/01/30/love-you-malspam-makeover-massive-japan-targeted-campaign/
Title: Re: Technical
Post by: Asyn on February 01, 2019, 09:30:27 AM
Ethical Hacker Exposes Magyar Telekom Vulnerabilities, Faces 8 Years in Jail
https://www.bleepingcomputer.com/news/security/ethical-hacker-exposes-magyar-telekom-vulnerabilities-faces-8-years-in-jail/
Title: Re: Technical
Post by: Asyn on February 02, 2019, 07:55:18 AM
Facebook pays teens to install VPN that spies on them
https://techcrunch.com/2019/01/29/facebook-project-atlas/
Title: Re: Technical
Post by: Asyn on February 03, 2019, 08:04:43 AM
YouTube Impersonation Scams Offering Fake Rewards are Running Wild
https://www.riskiq.com/blog/labs/youtube-impersonation-scams/
Title: Re: Technical
Post by: Asyn on February 04, 2019, 07:17:54 AM
Sextortion Scam Stating Xvideos Was Hacked to Record You Through Webcam
https://www.bleepingcomputer.com/news/security/sextortion-scam-stating-xvideos-was-hacked-to-record-you-through-webcam/
Title: Re: Technical
Post by: Asyn on February 05, 2019, 08:27:07 AM
SpeakUp: A New Undetected Backdoor Linux Trojan
https://research.checkpoint.com/speakup-a-new-undetected-backdoor-linux-trojan/
Title: Re: Technical
Post by: Asyn on February 06, 2019, 09:39:28 AM
ExileRAT shares C2 with LuckyCat, targets Tibet
https://blog.talosintelligence.com/2019/02/exilerat-shares-c2-with-luckycat.html
Title: Re: Technical
Post by: Asyn on February 07, 2019, 11:05:08 AM
Reverse RDP Attack: Code Execution on RDP Clients
https://research.checkpoint.com/reverse-rdp-attack-code-execution-on-rdp-clients/
Title: Re: Technical
Post by: Asyn on February 08, 2019, 11:04:06 AM
Phishing Attacks Against Facebook/Google via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html
Title: Re: Technical
Post by: bob3160 on February 08, 2019, 01:30:35 PM
Phishing Attacks Against Facebook/Google via Google Translate
https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html (https://blogs.akamai.com/sitr/2019/02/phishing-attacks-against-facebook-google-via-google-translate.html)
The average person looking at this headline will assume that there's a vulnerability in Google Translate.
That certainly isn't the case but, it makes for good headlines.
Title: Re: Technical
Post by: Asyn on February 09, 2019, 05:58:12 PM
Many popular iPhone apps secretly record your screen without asking
https://techcrunch.com/2019/02/06/iphone-session-replay-screenshots/
Title: Re: Technical
Post by: Asyn on February 10, 2019, 11:02:36 AM
IcedID Operators Using ATSEngine Injection Panel to Hit E-Commerce Sites
https://securityintelligence.com/icedid-operators-using-atsengine-injection-panel-to-hit-e-commerce-sites/
Title: Re: Technical
Post by: Asyn on February 11, 2019, 10:44:32 AM
Linux Coin Miner Copied Scripts From KORKERDS, Removes All Other Malware and Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/linux-coin-miner-copied-scripts-from-korkerds-removes-all-other-malware-and-miners/
Title: Re: Technical
Post by: Asyn on February 12, 2019, 08:28:35 AM
Sorry, Adobe Reader, We're Not Letting You Phone Home Without User's Consent (0day)
https://blog.0patch.com/2019/02/sorry-adobe-reader-were-not-letting-you.html
https://insert-script.blogspot.com/2019/01/adobe-reader-pdf-callback-via-xslt.html
Title: Re: Technical
Post by: Asyn on February 13, 2019, 10:34:25 AM
QNAP NAS user? You'd better check your hosts file for mystery anti-antivirus entries
https://www.theregister.co.uk/2019/02/11/qnap_hosts_file_issues/
Title: Re: Technical
Post by: Asyn on February 13, 2019, 10:36:34 AM
The February 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/2/12/the-february-2019-security-update-review
Title: Re: Technical
Post by: Asyn on February 14, 2019, 06:48:31 AM
Astaroth Malware Uses Legitimate OS and Antivirus Processes to Steal Passwords and Personal Data
https://www.cybereason.com/blog/information-stealing-malware-targeting-brazil-full-research
Title: Re: Technical
Post by: Asyn on February 15, 2019, 10:52:38 AM
Emotet: A Small Change in Tactics Leads to a Spike in Attacks
https://www.menlosecurity.com/blog/emotet-a-small-change-in-tactics-leads-to-a-spike-in-attacks
Title: Re: Technical
Post by: Asyn on February 16, 2019, 08:48:12 AM
Increasing mobile threat intelligence with apklab.io
https://blog.avast.com/mobile-threat-intelligence-with-apklab.io
https://apklab.io/

(https://blog.avast.com/hs-fs/hubfs/apklab-io-2.png?width=400)
Title: Re: Technical
Post by: Be Secure on February 16, 2019, 03:20:20 PM
Spoofing in the reeds with Rietspoof
https://blog.avast.com/rietspoof-malware-increases-activity (https://blog.avast.com/rietspoof-malware-increases-activity)
Title: Re: Technical
Post by: Asyn on February 17, 2019, 11:40:10 AM
Several Cryptojacking Apps Found on Microsoft Store
https://www.symantec.com/blogs/threat-intelligence/cryptojacking-apps-microsoft-store
Title: Re: Technical
Post by: Asyn on February 18, 2019, 11:25:10 AM
Try Picture in Picture mode for Firefox in Nightly
https://techdows.com/2019/02/picture-in-picture-for-firefox-is-here-to-try-in-nightly.html
Title: Re: Technical
Post by: Asyn on February 19, 2019, 09:29:45 AM
Spectre is here to stay - An analysis of side-channels and speculative execution
https://arxiv.org/pdf/1902.05178.pdf
Title: Re: Technical
Post by: Brownies6 on February 19, 2019, 05:22:09 PM
Is anyone avaliable from Avast to discuss IOC's related to the Rietspoof blog?

https://blog.avast.com/rietspoof-malware-increases-activity
Title: Re: Technical
Post by: DavidR on February 19, 2019, 08:00:56 PM
Is anyone avaliable from Avast to discuss IOC's related to the Rietspoof blog?

https://blog.avast.com/rietspoof-malware-increases-activity

My first thought would have been no (certainly not in the forums), but the very last paragraph is fairly clear.

Quote from: Extract from Avast blog link.
We are not sharing IoCs publicly, but, if you are able to prove to Avast that you are an anti-malware analyst or researcher, we will make the IoCs available to you. In this case feel free to contact us.

Having highlighted what is probably the most important wording.  I think it could only be through direct contact with Avast and then only for those proven anti-malware analyst or researcher background.
Title: Re: Technical
Post by: BlackRockShooter on February 20, 2019, 04:43:24 AM
Windows 7 users: You need SHA-2 support or no Windows updates after July 2019
Microsoft will begin rolling out SHA-2 standalone updates for Windows 7 and Windows Server 2008 in March in preparation for its July 16 implementation deadline.

https://www.zdnet.com/article/windows-7-users-you-need-sha-2-support-or-no-windows-updates-after-july-2019/ (https://www.zdnet.com/article/windows-7-users-you-need-sha-2-support-or-no-windows-updates-after-july-2019/)
Title: Re: Technical
Post by: Asyn on February 21, 2019, 07:29:50 AM
Monero Miner-Malware Uses RADMIN, MIMIKATZ to Infect, Propagate via Vulnerability
https://blog.trendmicro.com/trendlabs-security-intelligence/monero-miner-malware-uses-radmin-mimikatz-to-infect-propagate-via-vulnerability/
Title: Re: Technical
Post by: Asyn on February 22, 2019, 11:10:46 AM
North Korea Turns Against New Targets?!
https://research.checkpoint.com/north-korea-turns-against-russian-targets/
Title: Re: Technical
Post by: Asyn on February 23, 2019, 07:06:01 AM
Threats to users of adult websites in 2018
https://securelist.com/threats-to-users-of-adult-websites-in-2018/89634/
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2019/02/21120154/Threats_to_users_of_adult_websites_2018.pdf
Title: Re: Technical
Post by: Asyn on February 24, 2019, 10:43:58 AM
Fake Jobs: Campaigns Delivering More_eggs Backdoor via Fake Job Offers
https://www.proofpoint.com/us/threat-insight/post/fake-jobs-campaigns-delivering-moreeggs-backdoor-fake-job-offers
Title: Re: Technical
Post by: Asyn on February 25, 2019, 11:26:49 AM
B0r0nt0K Ransomware Wants $75,000 Ransom, Infects Linux Servers
https://www.bleepingcomputer.com/news/security/b0r0nt0k-ransomware-wants-75-000-ransom-infects-linux-servers/
Title: Re: Technical
Post by: Asyn on February 26, 2019, 08:01:06 AM
CyberSecurity Firm Darkmatter Request to be Trusted Root CA Raises Concerns
https://www.bleepingcomputer.com/news/security/cybersecurity-firm-darkmatter-request-to-be-trusted-root-ca-raises-concerns/
https://www.eff.org/deeplinks/2019/02/cyber-mercenary-groups-shouldnt-be-trusted-your-browser-or-anywhere-else
Title: Re: Technical
Post by: Asyn on February 27, 2019, 06:08:23 AM
Internet infrastructure under attack
https://blog.avast.com/icann-warns-domain-name-system-under-attack
https://www.icann.org/news/announcement-2019-02-22-en
https://www.icann.org/news/announcement-2019-02-15-en
https://krebsonsecurity.com/2019/02/a-deep-dive-on-the-recent-widespread-dns-hijacking-attacks/
Title: Re: Technical
Post by: Asyn on February 28, 2019, 08:52:28 AM
A Peek into BRONZE UNION’s Toolbox
https://www.secureworks.com/research/a-peek-into-bronze-unions-toolbox
Title: Re: Technical
Post by: Asyn on March 01, 2019, 12:26:11 PM
Magecart Group 4: Never Gone, Always Advancing
https://www.riskiq.com/blog/labs/magecart-group-4-always-advancing/
Title: Re: Technical
Post by: Asyn on March 03, 2019, 09:47:47 AM
ExSpectre: Hiding Malware in Speculative Execution
https://www.ndss-symposium.org/wp-content/uploads/2019/02/ndss2019_02B-5_Wampler_paper.pdf
Title: Re: Technical
Post by: Asyn on March 04, 2019, 12:42:15 PM
Op 'Sharpshooter' Connected to North Korea's Lazarus Group
https://www.bleepingcomputer.com/news/security/op-sharpshooter-connected-to-north-koreas-lazarus-group/
Title: Re: Technical
Post by: polonus on March 04, 2019, 11:21:43 PM
"Encryption everywhere", really a good advice:
https://www.privacytools.io/  (sources: Glenn Greenwald et.al.)

New law that may come to the Netherlands, (people who know how to access a system may be ordered to share their knowledge, however, this doesn't apply to the suspect itself or family members.)

Who finally gonna speak up for me?

polonus
Title: Re: Technical
Post by: Asyn on March 05, 2019, 11:16:35 AM
Microsoft Sees 250% Phishing Increase, Malware Decline by 34%
https://www.bleepingcomputer.com/news/security/microsoft-sees-250-percent-phishing-increase-malware-decline-by-34-percent/
Title: Re: Technical
Post by: Asyn on March 06, 2019, 06:16:40 AM
SPOILER: Speculative Load Hazards Boost Rowhammer and Cache Attacks
https://arxiv.org/pdf/1903.00446.pdf
Title: Re: Technical
Post by: Asyn on March 07, 2019, 09:51:13 AM
The Return of the Equation Editor Exploit – DIFAT Overflow
https://www.mimecast.com/blog/2019/03/the-return-of-the-equation-editor-exploit--difat-overflow/
Title: Re: Technical
Post by: Asyn on March 08, 2019, 09:39:22 AM
UPnP-enabled Connected Devices in the Home and Unpatched Known Vulnerabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/upnp-enabled-connected-devices-in-home-unpatched-known-vulnerabilities/
Title: Re: Technical
Post by: Asyn on March 09, 2019, 07:50:23 AM
800+ Million Emails Leaked Online by Email Verification Service
https://securitydiscovery.com/800-million-emails-leaked-online-by-email-verification-service/
https://www.wired.com/story/email-marketing-company-809-million-records-exposed-online/
Title: Re: Technical
Post by: Asyn on March 10, 2019, 10:27:53 AM
Financial Cyberthreats in 2018
https://securelist.com/financial-cyberthreats-in-2018/89788/
Title: Re: Technical
Post by: Asyn on March 11, 2019, 11:53:37 AM
Exploitation of a Vanilla Buffer Overflow in the o2 HomeBox 6441 Router - A Step by Step Abuse Guide
https://nsideattacklogic-tech.blogspot.com/2019/03/exploitation-of-vanilla-buffer-overflow.html
Title: Re: Technical
Post by: Asyn on March 12, 2019, 08:11:19 AM
New "Final Warning" Sextortion Emails State Adult Sites Infected You
https://www.bleepingcomputer.com/news/security/new-final-warning-sextortion-emails-state-adult-sites-infected-you/
Title: Re: Technical
Post by: Asyn on March 13, 2019, 09:09:24 AM
The March 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/3/12/the-march-2019-security-update-review
Title: Re: Technical
Post by: Asyn on March 14, 2019, 06:54:07 AM
New mining worm PsMiner uses multiple high-risk vulnerabilities to spread
https://blog.360totalsecurity.com/en/new-mining-worm-psminer-uses-multiple-high-risk-vulnerabilities-to-spread/
Title: Re: Technical
Post by: Asyn on March 15, 2019, 10:32:51 AM
‘DMSniff’ POS Malware Actively Leveraged to Target Small-, Medium-Sized Businesses
https://www.flashpoint-intel.com/blog/dmsniff-pos-malware-actively-leveraged-target-medium-sized-businesses/
Title: Re: Technical
Post by: Asyn on March 16, 2019, 09:08:49 AM
Over 100 Exploits Found for 19-Year Old WinRAR RCE Bug
https://www.bleepingcomputer.com/news/security/over-100-exploits-found-for-19-year-old-winrar-rce-bug/
Title: Re: Technical
Post by: Asyn on March 17, 2019, 02:19:25 PM
New Ursnif Variant Targets Japan Packed with New Features
https://www.cybereason.com/blog/new-ursnif-variant-targets-japan-packed-with-new-features
Title: Re: Technical
Post by: Asyn on March 18, 2019, 12:03:35 PM
Spam Warns about Boeing 737 Max Crashes While Pushing Malware
https://www.bleepingcomputer.com/news/security/spam-warns-about-boeing-737-max-crashes-while-pushing-malware/
Title: Re: Technical
Post by: Asyn on March 19, 2019, 07:04:36 AM
New Mirai Variant Targets Enterprise Wireless Presentation & Display Systems
https://unit42.paloaltonetworks.com/new-mirai-variant-targets-enterprise-wireless-presentation-display-systems/
Title: Re: Technical
Post by: Asyn on March 20, 2019, 09:01:57 AM
Microsoft Targeted by 8 of 10 Top Vulnerabilities in 2018
https://www.recordedfuture.com/top-vulnerabilities-2018/
https://go.recordedfuture.com/hubfs/reports/cta-2019-0319.pdf
Title: Re: Technical
Post by: Asyn on March 21, 2019, 10:13:34 AM
Attacking the internal network from the public Internet using a browser as a proxy
https://www.forcepoint.com/blog/security-labs/attacking-internal-network-public-internet-using-browser-proxy
https://www.forcepoint.com/sites/default/files/resources/files/report-attacking-internal-network-en_0.pdf
Title: Re: Technical
Post by: Asyn on March 22, 2019, 06:52:51 AM
Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
https://krebsonsecurity.com/2019/03/facebook-stored-hundreds-of-millions-of-user-passwords-in-plain-text-for-years/
Title: Re: Technical
Post by: Asyn on March 23, 2019, 09:10:38 AM
Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019
https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/

Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/
Title: Re: Technical
Post by: bob3160 on March 23, 2019, 01:40:26 PM
Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019
https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/ (https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/)

Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/ (https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/)
Does this indicate that it's time to start using Chrome ???
Title: Re: Technical
Post by: Asyn on March 23, 2019, 04:44:07 PM
Safari, Virtualbox, VMware Get Hacked During First Day of Pwn2Own 2019
https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/ (https://www.bleepingcomputer.com/news/security/safari-virtualbox-vmware-get-hacked-during-first-day-of-pwn2own-2019/)

Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/ (https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/)
Does this indicate that it's time to start using Chrome ???
Hi Bob, not at all, but do as you like. The only Chromium based browser I use is ASB. ;)
Title: Re: Technical
Post by: alanb on March 23, 2019, 06:09:21 PM
Quote
Mozilla Firefox and Microsoft Edge Hacked on Second Day of Pwn2Own
https://www.bleepingcomputer.com/news/security/mozilla-firefox-and-microsoft-edge-hacked-on-second-day-of-pwn2own/

And Mozilla fixed & released the fixes for Firefox on the same day  ;)
Title: Re: Technical
Post by: Asyn on March 24, 2019, 12:47:17 PM
FIN7 Revisited: Inside Astra Panel and SQLRat Malware
https://www.flashpoint-intel.com/blog/fin7-revisited:-inside-astra-panel-and-sqlrat-malware/
Title: Re: Technical
Post by: Asyn on March 25, 2019, 02:48:40 PM
VirusTotal Goes Retro with New ASCII Site for Older Browsers
https://www.bleepingcomputer.com/news/technology/virustotal-goes-retro-with-new-ascii-site-for-older-browsers/
Title: Re: Technical
Post by: Asyn on March 26, 2019, 09:18:16 AM
AZORult++: Rewriting history
https://securelist.com/azorult-analysis-history/89922/
Title: Re: Technical
Post by: Asyn on March 28, 2019, 01:23:44 PM
New steps to protect customers from hacking
https://blogs.microsoft.com/on-the-issues/2019/03/27/new-steps-to-protect-customers-from-hacking/
Title: Re: Technical
Post by: Asyn on March 29, 2019, 08:24:29 AM
Asus was warned of hacking risks months ago, thanks to leaky passwords
https://techcrunch.com/2019/03/27/asus-hacking-risk/
Title: Re: Technical
Post by: Asyn on March 30, 2019, 04:55:54 PM
Asus was warned of hacking risks months ago, thanks to leaky passwords
https://techcrunch.com/2019/03/27/asus-hacking-risk/
Unleash The Hash - ShadowHammer MAC Address List
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/list.txt
https://skylightcyber.com/2019/03/28/unleash-the-hash-shadowhammer-mac-list/extended_list.txt
Title: Re: Technical
Post by: Asyn on March 31, 2019, 03:22:27 PM
Zero-Day TP-Link SR20 Router Vulnerability Disclosed by Google Dev
https://www.bleepingcomputer.com/news/security/zero-day-tp-link-sr20-router-vulnerability-disclosed-by-google-dev/
Title: Re: Technical
Post by: Asyn on April 01, 2019, 11:12:50 AM
Ironically, Phishing Kit Hosted on Nigerian Government Site
https://www.bleepingcomputer.com/news/security/ironically-phishing-kit-hosted-on-nigerian-government-site/
Title: Re: Technical
Post by: bob3160 on April 01, 2019, 02:34:54 PM
Ironically, Phishing Kit Hosted on Nigerian Government Site
https://www.bleepingcomputer.com/news/security/ironically-phishing-kit-hosted-on-nigerian-government-site/ (https://www.bleepingcomputer.com/news/security/ironically-phishing-kit-hosted-on-nigerian-government-site/)
The perfect place for hosting that Malware. The Nigerian Scam is still very much alive.
Title: Re: Technical
Post by: Asyn on April 02, 2019, 02:19:03 PM
Unpatched Zero-Days in Microsoft Edge and IE Browsers Disclosed Publicly
https://thehackernews.com/2019/03/microsoft-edge-ie-zero-days.html
Title: Re: Technical
Post by: Asyn on April 03, 2019, 09:54:54 AM
When big fish get caught with big bait
https://blog.avast.com/millions-of-attacks-on-fake-iot-devices
Title: Re: Technical
Post by: Asyn on April 04, 2019, 10:39:06 AM
Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
https://www.upguard.com/breaches/facebook-user-data-leak
Title: Re: Technical
Post by: bob3160 on April 04, 2019, 02:06:28 PM
Losing Face: Two More Cases of Third-Party Facebook App Data Exposure
https://www.upguard.com/breaches/facebook-user-data-leak (https://www.upguard.com/breaches/facebook-user-data-leak)
https://blog.avast.com/540m-facebook-records-exposed-on-amazon-servers (https://blog.avast.com/540m-facebook-records-exposed-on-amazon-servers)
Title: Re: Technical
Post by: Asyn on April 05, 2019, 07:50:26 AM
Fake Nike deal spreading on Facebook
https://blog.avast.com/how-to-identify-an-online-scam
Title: Re: Technical
Post by: Asyn on April 06, 2019, 09:16:33 AM
Abuse of hidden “well-known” directory in HTTPS sites
https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites
Title: Re: Technical
Post by: Asyn on April 06, 2019, 08:51:40 PM
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html
Title: Re: Technical
Post by: DavidR on April 06, 2019, 10:31:08 PM
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html

I'm totally amazed at what goes on on these so called social networks.  I have thought them suspect from day one and haven't signed up to a single social networking site.
Title: Re: Technical
Post by: bob3160 on April 06, 2019, 10:34:04 PM
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html (https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html)

I'm totally amazed at what goes on on these so called social networks.  I have thought them suspect from day one and haven't signed up to a single social networking site.
You're a member of the Evangelists' Corner Café so you at least subscribe to one of these social networks. :) :) :)
Title: Re: Technical
Post by: DavidR on April 06, 2019, 10:42:40 PM
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html (https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html)

I'm totally amazed at what goes on on these so called social networks.  I have thought them suspect from day one and haven't signed up to a single social networking site.
You're a member of the Evangelists' Corner Café so you at least subscribe to one of these social networks. :) :) :)

Definitely not in the same league as these rogues.  The other slightly different aspect, you can't just join ;)
Title: Re: Technical
Post by: bob3160 on April 06, 2019, 10:49:50 PM
Hiding in Plain Sight
https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html (https://blog.talosintelligence.com/2019/04/hiding-in-plain-sight.html)

I'm totally amazed at what goes on on these so called social networks.  I have thought them suspect from day one and haven't signed up to a single social networking site.
You're a member of the Evangelists' Corner Café so you at least subscribe to one of these social networks. :) :) :)

Definitely not in the same league as these rogues.  The other slightly different aspect, you can't just join ;)
Not any more. There was a time when posting enough nonsense earned you that right. :)
We also need to realize that even the most careful person can have their information hacked simply by belonging
to a site or forum at the wrong time. If the site or forum are hacked, many times so is the information of those that belong to that forum.
We've all gone through that.
Title: Re: Technical
Post by: Asyn on April 07, 2019, 11:36:23 AM
Pick-Six: Intercepting a FIN6 Intrusion, an Actor Recently Tied to Ryuk and LockerGoga Ransomware
https://www.fireeye.com/blog/threat-research/2019/04/pick-six-intercepting-a-fin6-intrusion.html
Title: Re: Technical
Post by: Asyn on April 08, 2019, 01:16:38 PM
Big change in the plague of Blackmail, Sextortion Scam attempts
https://myonlinesecurity.co.uk/big-change-in-the-plague-of-blackmail-sextortion-scam-attempts/
Title: Re: Technical
Post by: Asyn on April 09, 2019, 08:13:58 AM
Mobile Malware Analysis : Tricks used in Anubis
https://eybisi.run/Mobile-Malware-Analysis-Tricks-used-in-Anubis/
Title: Re: Technical
Post by: Asyn on April 10, 2019, 08:34:44 AM
Tech support scams: Tips to protect yourself
https://blog.avast.com/tech-support-scams
Title: Re: Technical
Post by: Asyn on April 10, 2019, 12:12:22 PM
The April 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/4/9/the-april-2019-security-update-review
Title: Re: Technical
Post by: Asyn on April 11, 2019, 07:42:07 AM
Another Taj Mahal (between Tokyo and Yokohama)
https://www.kaspersky.com/blog/taj-mahal-apt/26370/
https://securelist.com/project-tajmahal/90240/
Title: Re: Technical
Post by: Asyn on April 11, 2019, 02:31:13 PM
DACL Permissions Overwrite Privilege Escalation (CVE-2019-0841)
https://krbtgt.pw/dacl-permissions-overwrite-privilege-escalation-cve-2019-0841/
Title: Re: Technical
Post by: Asyn on April 12, 2019, 11:20:46 AM
Analysis of a targeted attack exploiting the WinRAR CVE-2018-20250 vulnerability
https://www.microsoft.com/security/blog/2019/04/10/analysis-of-a-targeted-attack-exploiting-the-winrar-cve-2018-20250-vulnerability/
Title: Re: Technical
Post by: Asyn on April 13, 2019, 07:10:34 PM
Sextortion profits decline despite higher volume, new techniques
https://blog.talosintelligence.com/2019/04/sextortion-update.html
Title: Re: Technical
Post by: Asyn on April 15, 2019, 06:29:54 AM
Microsoft: Hackers compromised support agent’s credentials to access customer email accounts
https://techcrunch.com/2019/04/13/microsoft-support-agent-email-hack/
Title: Re: Technical
Post by: Asyn on April 17, 2019, 11:07:08 AM
Adblock Plus filter lists may execute arbitrary code in web pages
https://armin.dev/blog/2019/04/adblock-plus-code-injection/
Title: Re: Technical
Post by: Asyn on April 18, 2019, 09:16:51 AM
Reverse-engineering Broadcom wireless chipsets
https://blog.quarkslab.com/reverse-engineering-broadcom-wireless-chipsets.html
Title: Re: Technical
Post by: Asyn on April 19, 2019, 07:35:16 AM
Facebook says it ‘unintentionally uploaded’ 1.5 million people’s email contacts without their consent
https://www.businessinsider.sg/facebook-uploaded-1-5-million-users-email-contacts-without-permission-2019-4
https://blog.avast.com/facebook-imports-info-without-user-consent-avast
Title: Re: Technical
Post by: Asyn on April 20, 2019, 09:31:35 AM
DNS Hijacking Abuses Trust In Core Internet Service
https://blog.talosintelligence.com/2019/04/seaturtle.html
Title: Re: Technical
Post by: Asyn on April 21, 2019, 08:27:22 AM
New INPIVX Service May Change the Ransomware Game
https://www.bleepingcomputer.com/news/security/new-inpivx-service-may-change-the-ransomware-game/
Title: Re: Technical
Post by: Asyn on April 24, 2019, 08:50:12 AM
DNSpionage brings out the Karkoff
https://blog.talosintelligence.com/2019/04/dnspionage-brings-out-karkoff.html
Title: Re: Technical
Post by: Asyn on April 25, 2019, 08:23:57 AM
Operation ShadowHammer: a high-profile supply chain attack
https://securelist.com/operation-shadowhammer-a-high-profile-supply-chain-attack/90380/
Title: Re: Technical
Post by: Asyn on April 26, 2019, 07:09:33 AM
Active Exploitation of Confluence Vulnerability CVE-2019-3396 Dropping Gandcrab Ransomware
https://blog.alertlogic.com/active-exploitation-of-confluence-vulnerability-cve-2019-3396-dropping-gandcrab-ransomware/
Title: Re: Technical
Post by: Asyn on April 27, 2019, 09:02:23 AM
Threat Actor TA505 Targets Financial Enterprises Using LOLBins and a New Backdoor Malware
https://www.cybereason.com/blog/threat-actor-ta505-targets-financial-enterprises-using-lolbins-and-a-new-backdoor-malware
Title: Re: Technical
Post by: Asyn on April 28, 2019, 09:46:39 AM
Emotet Adds New Evasion Technique and Uses Connected Devices as Proxy C&C Servers
https://blog.trendmicro.com/trendlabs-security-intelligence/emotet-adds-new-evasion-technique-and-uses-connected-devices-as-proxy-cc-servers/
Title: Re: Technical
Post by: Asyn on April 29, 2019, 12:40:54 PM
The Economy of Credential Stuffing Attacks
https://www.recordedfuture.com/credential-stuffing-attacks/
https://go.recordedfuture.com/hubfs/reports/cta-2019-0425.pdf
Title: Re: Technical
Post by: Asyn on April 30, 2019, 08:44:26 AM
Tech Support Scam Employs New Trick by Using Iframe to Freeze Browsers
https://blog.trendmicro.com/trendlabs-security-intelligence/tech-support-scam-employs-new-trick-by-using-iframe-to-freeze-browsers/
Title: Re: Technical
Post by: Asyn on May 01, 2019, 10:45:35 AM
Buhtrap backdoor and ransomware distributed via major advertising platform
https://www.welivesecurity.com/2019/04/30/buhtrap-backdoor-ransomware-advertising-platform/
Title: Re: Technical
Post by: Asyn on May 02, 2019, 07:18:07 AM
P2P Weakness Exposes Millions of IoT Devices
https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
Title: Re: Technical
Post by: Asyn on May 03, 2019, 07:33:47 AM
Not all Roads Lead to Magento: All Payment Platforms are Targets for Magecart
https://www.riskiq.com/blog/labs/magecart-beyond-magento/
Title: Re: Technical
Post by: Asyn on May 05, 2019, 10:34:35 AM
Double blow to dark web marketplaces
https://www.europol.europa.eu/newsroom/news/double-blow-to-dark-web-marketplaces
https://www.justice.gov/opa/pr/three-germans-who-allegedly-operated-dark-web-marketplace-over-1-million-users-face-us
Title: Re: Technical
Post by: Asyn on May 07, 2019, 11:25:49 AM
Buckeye: Espionage Outfit Used Equation Group Tools Prior to Shadow Brokers Leak
https://www.symantec.com/blogs/threat-intelligence/buckeye-windows-zero-day-exploit
Title: Re: Technical
Post by: Asyn on May 09, 2019, 08:16:08 AM
Dharma Ransomware Uses AV Tool to Distract from Malicious Activities
https://blog.trendmicro.com/trendlabs-security-intelligence/dharma-ransomware-uses-av-tool-to-distract-from-malicious-activities/
Title: Re: Technical
Post by: Asyn on May 10, 2019, 07:30:38 AM
North Korean Tunneling Tool: ELECTRICFISH
https://www.us-cert.gov/ncas/analysis-reports/AR19-129A
Title: Re: Technical
Post by: Asyn on May 11, 2019, 08:30:39 AM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/
Title: Re: Technical
Post by: bob3160 on May 11, 2019, 02:33:57 PM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports.  (Gossip.)
Title: Re: Technical
Post by: Asyn on May 11, 2019, 09:03:01 PM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports.  (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies
Title: Re: Technical
Post by: bob3160 on May 11, 2019, 09:45:31 PM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports.  (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies (https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies)
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Title: Re: Technical
Post by: Asyn on May 11, 2019, 10:13:08 PM
Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Only a handful major AV companies in the US, so take your best guess. ;)
Anyway, as we're running Avast (non US), there's nothing to worry about.
Title: Re: Technical
Post by: Asyn on May 12, 2019, 03:11:13 PM
Technical Analysis: Pacha Group Competing against Rocke Group for Cryptocurrency Mining Foothold on the Cloud
https://www.intezer.com/blog-technical-analysis-cryptocurrency-mining-war-on-the-cloud/
Title: Re: Technical
Post by: Asyn on May 13, 2019, 07:44:12 AM
Blocking Hyperlink Auditing Tracking Pings with Extensions
https://www.bleepingcomputer.com/news/security/blocking-hyperlink-auditing-tracking-pings-with-extensions/
Title: Re: Technical
Post by: Asyn on May 14, 2019, 07:29:37 AM
Israeli Firm Tied to Tool That Uses WhatsApp Flaw to Spy on Activists
https://www.nytimes.com/2019/05/13/technology/nso-group-whatsapp-spying.html
Title: Re: Technical
Post by: Asyn on May 14, 2019, 11:12:13 AM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports.  (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies (https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies)
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/
Title: Re: Technical
Post by: bob3160 on May 14, 2019, 03:06:02 PM
Hackers breached 3 US antivirus companies, researchers reveal
https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/ (https://arstechnica.com/information-technology/2019/05/hackers-breached-3-us-antivirus-companies-researchers-reveal/)
I hate vague reports.  (Gossip.)
More details here: https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies (https://www.advanced-intel.com/blog/top-tier-russian-hacking-collective-claims-breaches-of-three-major-anti-virus-companies)
Same information just posted on a different platform. Still no particulars. 3 Major American AV companies doesn't really give any specifics.
Fxmsp Chat Logs Reveal the Hacked Antivirus Vendors, AVs Respond
https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/ (https://www.bleepingcomputer.com/news/security/fxmsp-chat-logs-reveal-the-hacked-antivirus-vendors-avs-respond/)
Thanks for the link. The opriginal post stated that it effected 3 US security Companies.
Now the statement is 3 companies with offices in the US. Big difference since many Security companies have offices in the US.
Title: Re: Technical
Post by: Asyn on May 15, 2019, 07:53:36 AM
ZombieLoad: Cross Privilege-Boundary Data Leakage
https://www.cyberus-technology.de/posts/2019-05-14-zombieload.html
https://zombieloadattack.com/
https://cpu.fail/
Title: Re: Technical
Post by: Pondus on May 15, 2019, 01:17:49 PM
RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs

https://mdsattacks.com/

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

https://zombieloadattack.com/#attack

Title: Re: Technical
Post by: bob3160 on May 15, 2019, 02:06:53 PM
RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs

https://mdsattacks.com/ (https://mdsattacks.com/)

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html (https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html)

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf (https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf)

https://zombieloadattack.com/#attack (https://zombieloadattack.com/#attack)
So according to the tool offered here, https://mdsattacks.com/ (https://mdsattacks.com/) my system is vulnerable.
(https://screencast-o-matic.com/screenshots/u/Lh/1557921874568-73818.png)
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???



Title: Re: Technical
Post by: Asyn on May 15, 2019, 02:36:03 PM
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html
Title: Re: Technical
Post by: bob3160 on May 15, 2019, 02:45:20 PM
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html)
Since it's their chip, income and reputation, I'll be just a bit sceptical with anything they have to say till verifies by a third independent source.
Title: Re: Technical
Post by: Asyn on May 15, 2019, 03:29:19 PM
So the next logical question is how dangerous is this for the average user and,
probably more important, when will there be an actual fix outside of purchasing AMD ???
According to Intel, medium to low, see: https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html (https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00233.html)
Since it's their chip, income and reputation, I'll be just a bit sceptical with anything they have to say till verifies by a third independent source.
Hi Bob, agreed. Here's an overview of the currently available updates/fixes. Hope it helps. (German site)
https://www.heise.de/ct/artikel/Updates-gegen-die-Intel-Prozessorluecken-ZombieLoad-Co-4422413.html
Title: Re: Technical
Post by: Pondus on May 16, 2019, 07:13:38 AM
May’s Patch Tuesday Include Fixes for ‘Wormable’ Flaw in Windows XP, Zero-Day Vulnerability
https://blog.trendmicro.com/trendlabs-security-intelligence/mays-patch-tuesday-include-fixes-for-wormable-flaw-in-windows-xp-zero-day-vulnerability/

===================================================
Microsoft’s May security release includes updates for 80 vulnerabilities for a number of Microsoft products, including a security update for unsupported operating systems such as Windows XP and Server 2003 not included in the mainstream customer support notification.
=======================================================


Title: Re: Technical
Post by: Asyn on May 16, 2019, 07:58:25 AM
The May 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/5/14/the-may-2019-security-update-review
Title: Re: Technical
Post by: Pondus on May 16, 2019, 07:54:37 PM
RIDL and Fallout: MDS attacks
Attacks on the newly-disclosed "MDS" hardware vulnerabilities in Intel CPUs

https://mdsattacks.com/

https://www.intel.com/content/www/us/en/architecture-and-technology/mds.html

https://www.intel.com/content/dam/www/public/us/en/documents/corporate-information/SA00233-microcode-update-guidance_05132019.pdf

https://zombieloadattack.com/#attack
This option is available for macOS Mojave, High Sierra, and Sierra after installing security updates.

https://support.apple.com/en-us/HT210108

Title: Re: Technical
Post by: Asyn on May 17, 2019, 09:22:46 AM
Bots Tampering with TLS to Avoid Detection
https://blogs.akamai.com/sitr/2019/05/bots-tampering-with-tls-to-avoid-detection.html
Title: Re: Technical
Post by: Asyn on May 18, 2019, 04:26:13 PM
Plead malware distributed via MitM attacks at router level, misusing ASUS WebStorage
https://www.welivesecurity.com/2019/05/14/plead-malware-mitm-asus-webstorage/
Title: Re: Technical
Post by: Asyn on May 19, 2019, 10:45:38 AM
The Trade Secret - Firms That Promised High-Tech Ransomware Solutions Almost Always Just Pay the Hackers
https://features.propublica.org/ransomware/ransomware-attack-data-recovery-firms-paying-hackers/
Title: Re: Technical
Post by: Asyn on May 21, 2019, 08:00:56 AM
Recent MuddyWater-associated BlackWater campaign shows signs of new anti-detection techniques
https://blog.talosintelligence.com/2019/05/recent-muddywater-associated-blackwater.html
Title: Re: Technical
Post by: Asyn on May 22, 2019, 07:51:13 AM
JSWorm 2.0 Ransomware Decryptor Gets Your Files Back For Free
https://www.bleepingcomputer.com/news/security/jsworm-20-ransomware-decryptor-gets-your-files-back-for-free/
Title: Re: Technical
Post by: Asyn on May 23, 2019, 10:03:44 AM
A journey to Zebrocy land
https://www.welivesecurity.com/2019/05/22/journey-zebrocy-land/
Title: Re: Technical
Post by: Asyn on May 24, 2019, 08:42:30 AM
Sorpresa! JasperLoader targets Italy with a new bag of tricks
https://blog.talosintelligence.com/2019/05/sorpresa-jasperloader.html
Title: Re: Technical
Post by: Asyn on May 26, 2019, 07:56:33 AM
Hack for Hire: Exploring the Emerging Market for Account Hijacking
https://www.sysnet.ucsd.edu/~voelker/pubs/hackforhire-www19.pdf
Title: Re: Technical
Post by: Asyn on May 27, 2019, 09:08:23 AM
Abusing Code Signing for Profit
https://medium.com/@chroniclesec/abusing-code-signing-for-profit-ef80a37b50f4
Title: Re: Technical
Post by: Asyn on May 28, 2019, 12:08:15 PM
HawkEye Malware Operators Renew Attacks on Business Users
https://securityintelligence.com/hawkeye-malware-operators-renew-attacks-on-business-users/
Title: Re: Technical
Post by: Asyn on May 30, 2019, 08:32:25 AM
The Nansh0u Campaign – Hackers Arsenal Grows Stronger
https://www.guardicore.com/2019/05/nansh0u-campaign-hackers-arsenal-grows-stronger/
Title: Re: Technical
Post by: Asyn on May 31, 2019, 12:51:47 PM
Xulu: Cryptojacking Leveraging Shodan, Tor, and Malicious Docker Container
https://www.alibabacloud.com/blog/xulu-cryptojacking-leveraging-shodan-tor-and-malicious-docker-container_594869
https://blog.trendmicro.com/trendlabs-security-intelligence/infected-cryptocurrency-mining-containers-target-docker-hosts-with-exposed-apis-use-shodan-to-find-additional-victims/
Title: Re: Technical
Post by: Asyn on June 01, 2019, 04:41:08 PM
Justice Dept. Explores Google Antitrust Case
https://www.nytimes.com/2019/05/31/business/google-antitrust-justice-department.html
Title: Re: Technical
Post by: bob3160 on June 01, 2019, 04:55:57 PM
Justice Dept. Explores Google Antitrust Case
https://www.nytimes.com/2019/05/31/business/google-antitrust-justice-department.html (https://www.nytimes.com/2019/05/31/business/google-antitrust-justice-department.html)
It always amazes me when an inefficient Government agency investigates a successful business.
Title: Re: Technical
Post by: Asyn on June 02, 2019, 11:26:20 AM
Microsoft Azure Being Used to Host Malware and C2 Servers
https://www.bleepingcomputer.com/news/security/microsoft-azure-being-used-to-host-malware-and-c2-servers/
Title: Re: Technical
Post by: Asyn on June 04, 2019, 08:56:38 AM
BlackSquid Slithers Into Servers and Drives With 8 Notorious Exploits to Drop XMRig Miner
https://blog.trendmicro.com/trendlabs-security-intelligence/blacksquid-slithers-into-servers-and-drives-with-8-notorious-exploits-to-drop-xmrig-miner/
Title: Re: Technical
Post by: Asyn on June 05, 2019, 09:24:17 AM
It's alive: Threat actors cobble together open-source pieces into monstrous Frankenstein campaign
https://blog.talosintelligence.com/2019/06/frankenstein-campaign.html
Title: Re: Technical
Post by: Asyn on June 07, 2019, 11:17:43 AM
GoldBrute Botnet Brute Forcing 1.5 Million RDP Servers
https://isc.sans.edu/forums/diary/GoldBrute+Botnet+Brute+Forcing+15+Million+RDP+Servers/25002/
Title: Re: Technical
Post by: Asyn on June 08, 2019, 10:53:02 AM
Russia Says it Will Soon Begin Blocking Major VPNs
https://torrentfreak.com/russia-says-it-will-soon-begin-blocking-major-vpns/
https://openvpn.net/response-to-russia-content-censorship/
https://blog.hidemyass.com/en/hidemyass-is-pulling-out-of-russia
Title: Re: Technical
Post by: Asyn on June 09, 2019, 09:44:13 AM
Large European Routing Leak Sends Traffic Through China Telecom
https://blogs.oracle.com/internetintelligence/large-european-routing-leak-sends-traffic-through-china-telecom
Title: Re: Technical
Post by: Asyn on June 11, 2019, 08:29:11 AM
MuddyWater Resurfaces, Uses Multi-Stage Backdoor POWERSTATS V3 and New Post-Exploitation Tools
https://blog.trendmicro.com/trendlabs-security-intelligence/muddywater-resurfaces-uses-multi-stage-backdoor-powerstats-v3-and-new-post-exploitation-tools/
https://documents.trendmicro.com/assets/white_papers/wp_new_muddywater_findings_uncovered.pdf
Title: Re: Technical
Post by: Asyn on June 12, 2019, 09:18:58 AM
The June 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/6/11/the-june-2019-security-update-review
Title: Re: Technical
Post by: Asyn on June 13, 2019, 07:15:06 AM
RAMBleed - Reading Bits in Memory Without Accessing Them
https://rambleed.com/
https://rambleed.com/docs/20190603-rambleed-web.pdf
Title: Re: Technical
Post by: Asyn on June 14, 2019, 11:39:24 AM
Advanced Targeted Attack Tools Found Being Used to Distribute Cryptocurrency Miners
https://blog.trendmicro.com/trendlabs-security-intelligence/advanced-targeted-attack-tools-used-to-distribute-cryptocurrency-miners/
Title: Re: Technical
Post by: Asyn on June 15, 2019, 07:07:44 AM
Houdini Worm Transformed in New Phishing Attack
https://cofense.com/houdini-worm-transformed-new-phishing-attack/
Title: Re: Technical
Post by: Asyn on June 18, 2019, 03:24:36 PM
Good riddance, GandCrab! We’re still fixing the mess you left behind.
https://labs.bitdefender.com/2019/06/good-riddance-gandcrab-were-still-fixing-the-mess-you-left-behind/
Title: Re: Technical
Post by: Asyn on June 19, 2019, 09:01:42 AM
Malware sidesteps Google permissions policy with new 2FA bypass technique
https://www.welivesecurity.com/2019/06/17/malware-google-permissions-2fa-bypass/
Title: Re: Technical
Post by: Asyn on June 20, 2019, 10:15:13 AM
Cryptomining Dropper and Cronjob Creator
https://blog.sucuri.net/2019/06/cryptomining-dropper-and-cronjob-creator.html
Title: Re: Technical
Post by: Asyn on June 22, 2019, 08:14:48 AM
LoudMiner: Cross-platform mining in cracked VST software
https://www.welivesecurity.com/2019/06/20/loudminer-mining-cracked-vst-software/
Title: Re: Technical
Post by: Asyn on June 22, 2019, 05:24:43 PM
How I Hacked the Microsoft Outlook Android App and Found CVE-2019-1105
https://www.f5.com/labs/articles/threat-intelligence/how-i-hacked-the-microsoft-outlook-android-app-and-found-cve-2019-1105
Title: Re: Technical
Post by: Asyn on June 23, 2019, 03:44:58 PM
Fresh “video games” site welcomes new users with Steam phish
https://blog.malwarebytes.com/social-engineering/2019/06/fresh-video-games-site-welcomes-new-users-with-steam-phish/
Title: Re: Technical
Post by: Asyn on June 24, 2019, 06:37:29 AM
We scanned the world of IoT – it’s not what you think it is
https://blog.avast.com/new-research-reveals-world-iot-world
https://press.avast.com/hubfs/stanford_avast_state_of_iot.pdf
Title: Re: Technical
Post by: Asyn on June 25, 2019, 09:55:52 AM
This is Your President Speaking: Spoofing Alerts in 4G LTE Networks
https://dl.acm.org/ft_gateway.cfm?id=3326082
Title: Re: Technical
Post by: Asyn on June 26, 2019, 08:33:31 AM
LokiBot & NanoCore being distributed via ISO disk image files
https://www.netskope.com/blog/lokibot-nanocore-iso-disk-image-files
Title: Re: Technical
Post by: Asyn on June 27, 2019, 03:12:58 PM
New Silex malware is bricking IoT devices, has scary plans
https://www.zdnet.com/article/new-silex-malware-is-bricking-iot-devices-has-scary-plans/
Title: Re: Technical
Post by: Asyn on June 28, 2019, 05:42:20 AM
Exploit Using Microsoft Excel Power Query for Remote DDE Execution Discovered
https://www.mimecast.com/blog/2019/06/exploit-using-microsoft-excel-power-query-for-remote-dde-execution-discovered/
Title: Re: Technical
Post by: Asyn on June 29, 2019, 08:09:36 AM
Nuget/Squirrel uncontrolled endpoints leads to arbitrary code execution
https://medium.com/@reegun/nuget-squirrel-uncontrolled-endpoints-leads-to-arbitrary-code-execution-80c9df51cf12
Title: Re: Technical
Post by: Asyn on June 30, 2019, 08:09:25 AM
Under the Radar – Phishing Using QR Codes to Evade URL Analysis
https://cofense.com/radar-phishing-using-qr-codes-evade-url-analysis/
Title: Re: Technical
Post by: Asyn on July 01, 2019, 04:15:56 PM
SKS Keyserver Network Under Attack
https://gist.github.com/rjhansen/67ab921ffb4084c865b3618d6955275f
Title: Re: Technical
Post by: Asyn on July 02, 2019, 08:22:37 AM
RATs and stealers rush through “Heaven’s Gate” with new loader
https://blog.talosintelligence.com/2019/07/rats-and-stealers-rush-through-heavens.html
Title: Re: Technical
Post by: Asyn on July 03, 2019, 06:58:03 AM
Threat Spotlight: Ratsnif - New Network Vermin from OceanLotus
https://threatvector.cylance.com/en_us/home/threat-spotlight-ratsnif-new-network-vermin-from-oceanlotus.html
Title: Re: Technical
Post by: Asyn on July 04, 2019, 04:41:35 PM
Superhuman is Spying on You
https://mikeindustries.com/blog/archive/2019/06/superhuman-is-spying-on-you
Title: Re: Technical
Post by: Asyn on July 05, 2019, 07:17:56 AM
An Analysis of Godlua Backdoor
https://blog.netlab.360.com/an-analysis-of-godlua-backdoor-en/
Title: Re: Technical
Post by: Asyn on July 05, 2019, 02:26:47 PM
Sodin ransomware exploits Windows vulnerability and processor architecture
https://securelist.com/sodin-ransomware/91473/
Title: Re: Technical
Post by: Asyn on July 06, 2019, 08:19:13 AM
Latest Spam Campaigns from TA505 Now Using New Malware Tools Gelup and FlowerPippi
https://blog.trendmicro.com/trendlabs-security-intelligence/latest-spam-campaigns-from-ta505-now-using-new-malware-tools-gelup-and-flowerpippi/
https://documents.trendmicro.com/assets/Tech-Brief-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf
https://documents.trendmicro.com/assets/Appendix-Latest-Spam-Campaigns-from-TA505-Now-Using-New-Malware-Tools-Gelup-and-FlowerPippi.pdf
Title: Re: Technical
Post by: Asyn on July 09, 2019, 08:28:37 AM
Dismantling a fileless campaign: Microsoft Defender ATP next-gen protection exposes Astaroth attack
https://www.microsoft.com/security/blog/2019/07/08/dismantling-a-fileless-campaign-microsoft-defender-atp-next-gen-protection-exposes-astaroth-attack/
Title: Re: Technical
Post by: Asyn on July 10, 2019, 07:06:59 AM
Logitech keyboards and mice vulnerable to extensive cyber attacks
https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html
Title: Re: Technical
Post by: DavidR on July 10, 2019, 10:38:55 AM
Logitech keyboards and mice vulnerable to extensive cyber attacks
https://www.heise.de/ct/artikel/Logitech-keyboards-and-mice-vulnerable-to-extensive-cyber-attacks-4464533.html

Very interesting, god knows how many Logitech devices are in circulation.  I have three Logitech mice and had been considering a duo keyboard/mouse combination.
Title: Re: Technical
Post by: Asyn on July 10, 2019, 01:13:32 PM
The July 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/7/9/the-july-2019-security-update-review
Title: Re: Technical
Post by: Asyn on July 11, 2019, 06:57:48 AM
The eCh0raix Ransomware
https://www.anomali.com/blog/the-ech0raix-ransomware
Title: Re: Technical
Post by: Asyn on July 12, 2019, 01:46:58 PM
Google employees are eavesdropping, even in your living room, VRT NWS has discovered
https://www.vrt.be/vrtnws/en/2019/07/10/google-employees-are-eavesdropping-even-in-flemish-living-rooms/
Title: Re: Technical
Post by: Asyn on July 13, 2019, 06:14:44 AM
Agent Smith: A New Species of Mobile Malware
https://research.checkpoint.com/agent-smith-a-new-species-of-mobile-malware/
Title: Re: Technical
Post by: Asyn on July 14, 2019, 07:07:04 AM
Router Exploit Kits: An overview of RouterCSRF attacks and DNS hijacking in Brazil
https://decoded.avast.io/threatintel/router-exploit-kits-an-overview-of-routercsrf-attacks-and-dns-hijacking-in-brazil/
Title: Re: Technical
Post by: Asyn on July 16, 2019, 10:22:14 AM
BitPaymer Source Code Fork: Meet DoppelPaymer Ransomware and Dridex 2.0
https://www.crowdstrike.com/blog/doppelpaymer-ransomware-and-dridex-2/
Title: Re: Technical
Post by: Asyn on July 17, 2019, 07:54:17 AM
Meet Extenbro, a new DNS-changer Trojan protecting adware
https://blog.malwarebytes.com/trojans/2019/07/extenbro-a-new-dns-changer-trojan-protecting-adware/
Title: Re: Technical
Post by: Asyn on July 18, 2019, 09:34:54 AM
Hong Kong Based Malvertiser Brokers Traffic To Fake Antivirus Scams — Over 100 Million Ads Compromised In 2019 So Far
https://blog.confiant.com/hong-kong-based-malvertiser-brokers-traffic-to-fake-antivirus-scams-over-100-million-ads-300e251eff06
Title: Re: Technical
Post by: Asyn on July 20, 2019, 07:58:57 AM
My browser, the spy: How extensions slurped up browsing histories from 4M users
https://arstechnica.com/information-technology/2019/07/dataspii-inside-the-debacle-that-dished-private-data-from-apple-tesla-blue-origin-and-4m-people/
https://arstechnica.com/information-technology/2019/07/dataspii-technical-deep-dive/
https://securitywithsam.com/2019/07/dataspii-leak-via-browser-extensions/
Title: Re: Technical
Post by: Asyn on July 21, 2019, 09:24:48 AM
The PGP Problem
https://latacora.singles/2019/07/16/the-pgp-problem.html
Title: Re: Technical
Post by: Asyn on July 22, 2019, 08:56:01 AM
Russian FSB Intel Agency Contractor Hacked, Secret Projects Exposed
https://www.bleepingcomputer.com/news/security/russian-fsb-intel-agency-contractor-hacked-secret-projects-exposed/
Title: Re: Technical
Post by: Asyn on July 24, 2019, 08:56:49 AM
LooCipher Ransomware Decryptor Gets Your Files Back for Free
https://www.bleepingcomputer.com/news/security/loocipher-ransomware-decryptor-gets-your-files-back-for-free/
Title: Re: Technical
Post by: Asyn on July 27, 2019, 06:58:51 AM
Deep Dive into Guildma Malware
https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/
Title: Re: Technical
Post by: DavidR on July 27, 2019, 10:13:59 AM
Deep Dive into Guildma Malware
https://decoded.avast.io/threatintel/deep-dive-into-guildma-malware/

WOW, set aside some time, 59 min read, I'm not a speed reader and trying to understand what you read may take longer :)
Title: Re: Technical
Post by: Asyn on July 28, 2019, 10:52:05 AM
Fake Google Domains Used in Evasive Magento Skimmer
https://blog.sucuri.net/2019/07/fake-google-domains-used-in-evasive-magento-skimmer.html
Title: Re: Technical
Post by: Asyn on July 29, 2019, 08:33:00 PM
No More Ransom Success Story: Saves $108+ Million in Ransomware Payments
https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story-saves-108-million-in-ransomware-payments/
Title: Re: Technical
Post by: bob3160 on July 29, 2019, 10:32:04 PM
No More Ransom Success Story: Saves $108+ Million in Ransomware Payments
https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story-saves-108-million-in-ransomware-payments/ (https://www.bleepingcomputer.com/news/security/no-more-ransom-success-story-saves-108-million-in-ransomware-payments/)
Emsisoft is by far the greatest contributor and Avast is the second largest contributor.
Title: Re: Technical
Post by: Asyn on July 30, 2019, 08:47:50 AM
Join the world’s top minds in artificial intelligence at the Cybersecurity & AI conference
https://blog.avast.com/come-to-the-cybersec-ai-prague-conference
https://www.cybersecprague.ai/
Title: Re: Technical
Post by: Asyn on July 31, 2019, 05:40:03 AM
A connection between the Sodinokibi and GandCrab ransomware families?
https://www.tesorion.nl/aconnection-between-the-sodinokibi-and-gandcrab-ransomware-families/
Title: Re: Technical
Post by: Asyn on July 31, 2019, 09:19:20 PM
Exclusive: Hack Breaks Your Visa Card’s Contactless Limit For Big Frauds
https://www.forbes.com/sites/thomasbrewster/2019/07/29/exclusive-hackers-can-break-your-credit-cards-30-contactless-limit/
https://www.ptsecurity.com/ww-en/about/news/visa-card-vulnerability-can-bypass-contactless-limits/
Title: Re: Technical
Post by: Asyn on August 01, 2019, 09:46:39 PM
DealPly Revisited: Leveraging Reputation Services To Remain Under The Radar
https://blog.ensilo.com/leveraging-reputation-services
Title: Re: Technical
Post by: Asyn on August 02, 2019, 09:58:20 PM
LookBack Malware Targets the United States Utilities Sector with Phishing Attacks Impersonating Engineering Licensing Boards
https://www.proofpoint.com/us/threat-insight/post/lookback-malware-targets-united-states-utilities-sector-phishing-attacks
Title: Re: Technical
Post by: Asyn on August 03, 2019, 09:33:35 AM
Android ransomware is back
https://www.welivesecurity.com/2019/07/29/android-ransomware-back/
Title: Re: Technical
Post by: Asyn on August 04, 2019, 07:10:48 AM
GermanWiper ransomware hits Germany hard, destroys files, asks for ransom
https://www.zdnet.com/article/germanwiper-ransomware-hits-germany-hard-destroys-files-asks-for-ransom/
https://dissectingmalwa.re/tfw-ransomware-is-only-your-side-hustle.html
Title: Re: Technical
Post by: Asyn on August 06, 2019, 09:19:11 AM
ECh0raix Ransomware Decryptor Restores QNAP Files For Free
https://www.bleepingcomputer.com/ransomware/decryptor/ech0raix-ransomware-decryptor-restores-qnap-files-for-free/
Title: Re: Technical
Post by: Asyn on August 07, 2019, 08:37:14 AM
CRITICAL SWAPGS ATTACK - New Side-Channel Attack Bypasses Spectre and Meltdown Defenses
https://www.bitdefender.com/business/swapgs-attack.html
Title: Re: Technical
Post by: Asyn on August 07, 2019, 11:59:44 AM
Clipsa – Multipurpose password stealer
https://decoded.avast.io/janrubin/clipsa-multipurpose-password-stealer/
Title: Re: Technical
Post by: Asyn on August 08, 2019, 05:48:35 AM
CRITICAL SWAPGS ATTACK - New Side-Channel Attack Bypasses Spectre and Meltdown Defenses
https://www.bitdefender.com/business/swapgs-attack.html
More information on SWAPGS and Speculative only Segment Loads
https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125
Title: Re: Technical
Post by: bob3160 on August 08, 2019, 01:33:13 PM
CRITICAL SWAPGS ATTACK - New Side-Channel Attack Bypasses Spectre and Meltdown Defenses
https://www.bitdefender.com/business/swapgs-attack.html (https://www.bitdefender.com/business/swapgs-attack.html)
More information on SWAPGS and Speculative only Segment Loads
https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads (https://software.intel.com/security-software-guidance/insights/more-information-swapgs-and-speculative-only-segment-loads)
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2019-1125)
From all that I've read, this isn't something the average user should ever have to worry about.
Title: Re: Technical
Post by: Asyn on August 08, 2019, 08:07:15 PM
Malware tools on the shelf
https://blog.avast.com/a-case-study-in-the-ease-of-cybercrime
https://decoded.avast.io/ondrejmokos/f-scrack-mimikatz-a-bundle-of-tools/
Title: Re: Technical
Post by: Asyn on August 09, 2019, 07:31:04 PM
APT41: A Dual Espionage and Cyber Crime Operation
https://www.fireeye.com/blog/threat-research/2019/08/apt41-dual-espionage-and-cyber-crime-operation.html
http://content.fireeye.com/apt41/rpt-apt41
Title: Re: Technical
Post by: Asyn on August 10, 2019, 06:08:45 PM
Steam Windows Client Local Privilege Escalation 0day
https://amonitoring.ru/article/steamclient-0day/
Title: Re: Technical
Post by: Asyn on August 11, 2019, 09:30:31 AM
Phishing Actor Using XOR Obfuscation Graduates to Enterprise Cloud Storage on AWS
https://www.proofpoint.com/us/threat-insight/post/phishing-actor-using-xor-obfuscation-graduates-enterprise-cloud-storage-aws
Title: Re: Technical
Post by: Asyn on August 12, 2019, 09:06:51 PM
Screwed Drivers – Signed, Sealed, Delivered
https://eclypsium.com/2019/08/10/screwed-drivers-signed-sealed-delivered/
Title: Re: Technical
Post by: Asyn on August 13, 2019, 10:32:14 AM
Recent Cloud Atlas activity
https://securelist.com/recent-cloud-atlas-activity/92016/
Title: Re: Technical
Post by: Pondus on August 13, 2019, 10:53:52 AM
What all the stuff in email headers means—and how to sniff out spoofing
https://arstechnica.com/information-technology/2019/08/ars-forensic-files-how-to-parse-through-e-mail-headers-and-spot-obfuscation/?utm_source=share&utm_medium=ios_app



Title: Re: Technical
Post by: Asyn on August 13, 2019, 02:19:05 PM
When indexing goes wrong: how Google Search recovered from indexing issues & lessons learned since.
https://webmasters.googleblog.com/2019/08/when-indexing-goes-wrong-how-google.html
Title: Re: Technical
Post by: Asyn on August 14, 2019, 09:32:30 AM
The August 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/8/13/the-august-2019-security-update-review
Title: Re: Technical
Post by: Asyn on August 15, 2019, 06:25:21 AM
Down the Rabbit-Hole...
https://googleprojectzero.blogspot.com/2019/08/down-rabbit-hole.html
Title: Re: Technical
Post by: Asyn on August 16, 2019, 03:46:50 PM
Chrome and Firefox Changes Spark the End of EV Certificates
https://www.bleepingcomputer.com/news/software/chrome-and-firefox-changes-spark-the-end-of-ev-certificates/
Title: Re: Technical
Post by: Asyn on August 18, 2019, 07:23:33 AM
From email to phone number, a new OSINT approach
https://www.martinvigo.com/email2phonenumber/
Title: Re: Technical
Post by: Asyn on August 20, 2019, 08:10:03 AM
KNOB Attack - Key Negotiation of Bluetooth Attack: Breaking Bluetooth Security
https://knobattack.com/
Title: Re: Technical
Post by: Asyn on August 21, 2019, 08:42:58 AM
Cross-Router Covert Channels
https://www.usenix.org/system/files/woot19-paper_ovadia.pdf
Title: Re: Technical
Post by: Asyn on August 22, 2019, 01:52:26 PM
Steam Windows Client Local Privilege Escalation 0day
https://amonitoring.ru/article/steamclient-0day/
One more Steam Windows Client Local Privilege Escalation 0day
https://amonitoring.ru/article/onemore_steam_eop_0day/
Title: Re: Technical
Post by: Asyn on August 23, 2019, 06:18:23 AM
Protecting our Users in Kazakhstan
https://blog.mozilla.org/security/2019/08/21/protecting-our-users-in-kazakhstan/
https://security.googleblog.com/2019/08/protecting-chrome-users-in-kazakhstan.html
Title: Re: Technical
Post by: Asyn on August 23, 2019, 01:01:45 PM
First‑of‑its‑kind spyware sneaks into Google Play
https://www.welivesecurity.com/2019/08/22/first-spyware-android-ahmyth-google-play/
Title: Re: Technical
Post by: Asyn on August 25, 2019, 07:41:21 AM
10 things you need to know about the Facebook Messenger surveillance issue
https://blog.avast.com/facebook-transcribing-raises-concerns
Title: Re: Technical
Post by: Asyn on August 26, 2019, 10:27:57 AM
Device fingerprinting and the surveillance economy
https://blog.avast.com/fingerprinting-and-the-surveillance-economy
Title: Re: Technical
Post by: Asyn on August 27, 2019, 05:58:14 AM
PrivEsc in Lenovo Solution Centre, 10 minutes later
https://www.pentestpartners.com/security-blog/privesc-in-lenovo-solution-centre-10-minutes-later/
Title: Re: Technical
Post by: bob3160 on August 28, 2019, 02:09:53 PM
Putting an end to Retadup
A malicious worm that infected hundreds of thousands.
https://blog.avast.com/avast-works-with-france-and-us-to-stop-cryptomining-avast (https://blog.avast.com/avast-works-with-france-and-us-to-stop-cryptomining-avast)
https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/ (https://decoded.avast.io/janvojtesek/putting-an-end-to-retadup-a-malicious-worm-that-infected-hundreds-of-thousands/)
https://www.zdnet.com/article/avast-and-french-police-take-over-malware-botnet-and-disinfect-850000-computers/#ftag=RSSbaffb68 (https://www.zdnet.com/article/avast-and-french-police-take-over-malware-botnet-and-disinfect-850000-computers/#ftag=RSSbaffb68)
Title: Re: Technical
Post by: Asyn on August 28, 2019, 09:00:28 PM
An advertising dropper in Google Play
https://securelist.com/dropper-in-google-play/92496/
Title: Re: Technical
Post by: Asyn on August 29, 2019, 01:10:39 PM
Dutch regulator sees potential privacy breach in Microsoft Windows
https://www.reuters.com/article/us-microsoft-privacy/dutch-regulator-sees-potential-privacy-breach-in-microsoft-windows-idUSKCN1VH18T
Title: Re: Technical
Post by: bob3160 on August 29, 2019, 02:25:59 PM
Dutch regulator sees potential privacy breach in Microsoft Windows
https://www.reuters.com/article/us-microsoft-privacy/dutch-regulator-sees-potential-privacy-breach-in-microsoft-windows-idUSKCN1VH18T (https://www.reuters.com/article/us-microsoft-privacy/dutch-regulator-sees-potential-privacy-breach-in-microsoft-windows-idUSKCN1VH18T)
Since in the US we don't have a right to privacy, any improvement Microsoft makes will be a bonus for us.
Title: Re: Technical
Post by: Asyn on September 01, 2019, 08:22:36 AM
A very deep dive into iOS Exploit chains found in the wild
https://googleprojectzero.blogspot.com/2019/08/a-very-deep-dive-into-ios-exploit.html
Title: Re: Technical
Post by: Asyn on September 02, 2019, 08:33:20 AM
Trickbot Is Using Google Docs to Trick Proofpoint’s Gateway
https://cofense.com/trickbot-using-google-docs-trick-proofpoints-gateway/
Title: Re: Technical
Post by: Asyn on September 03, 2019, 08:47:23 AM
What’s new in this year’s Almanaq?
https://decoded.avast.io/romanalinkeova/whats-new-in-this-years-almanaq/
Title: Re: Technical
Post by: Asyn on September 03, 2019, 12:46:12 PM
Threat Actor behind Astaroth is now using Cloudflare Workers to bypass your Security Solutions
https://medium.com/@marcelx/threat-actor-behind-astaroth-is-now-using-cloudflare-workers-to-bypass-your-security-solutions-2c658d08f4c
Title: Re: Technical
Post by: Asyn on September 03, 2019, 05:36:38 PM
Today’s Firefox Blocks Third-Party Tracking Cookies and Cryptomining by Default
https://blog.mozilla.org/blog/2019/09/03/todays-firefox-blocks-third-party-tracking-cookies-and-cryptomining-by-default/
Title: Re: Technical
Post by: Asyn on September 05, 2019, 10:25:21 AM
A huge database of Facebook users’ phone numbers found online
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
Title: Re: Technical
Post by: Asyn on September 06, 2019, 02:22:11 PM
Avast discovers widespread security flaws in GPS child trackers
https://blog.avast.com/unsecure-child-trackers
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers/
Title: Re: Technical
Post by: Asyn on September 07, 2019, 06:59:17 AM
Critical flaw found in many Android smartphones
https://blog.avast.com/fake-provisioning-alerts-on-androids
https://www.zdnet.com/article/samsung-huawei-lg-and-sony-phones-vulnerable-to-rogue-provisioning-messages/
https://research.checkpoint.com/advanced-sms-phishing-attacks-against-modern-android-based-smartphones/
Title: Re: Technical
Post by: Asyn on September 07, 2019, 07:25:00 AM
Exploit Sellers Say There are More iPhone Hacks on the Market Than They’ve Ever Seen
https://www.vice.com/en_us/article/7x584y/exploit-sellers-say-there-are-more-iphone-hacks-on-the-market-than-theyve-ever-seen
Title: Re: Technical
Post by: Asyn on September 08, 2019, 10:20:31 AM
A huge database of Facebook users’ phone numbers found online
https://techcrunch.com/2019/09/04/facebook-phone-numbers-exposed/
Facebook user phone numbers still online
https://www.cnet.com/news/facebook-user-phone-numbers-still-online/
Title: Re: Technical
Post by: Asyn on September 09, 2019, 09:29:25 AM
Initial Metasploit Exploit Module for BlueKeep (CVE-2019-0708)
https://blog.rapid7.com/2019/09/06/initial-metasploit-exploit-module-for-bluekeep-cve-2019-0708/
Title: Re: Technical
Post by: Asyn on September 10, 2019, 11:10:19 AM
Flashlight apps on Google Play request up to 77 permissions each, Avast finds
https://blog.avast.com/flashlight-apps-on-google-play-request-up-to-77-permissions-avast-finds
https://decoded.avast.io/luiscorrons/flashlight-apps-on-google-play-request-up-to-77-permissions/
Title: Re: Technical
Post by: Asyn on September 11, 2019, 09:54:13 AM
The September 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/9/10/the-september-2019-security-update-review
Title: Re: Technical
Post by: DavidR on September 11, 2019, 07:49:07 PM
The September 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/9/10/the-september-2019-security-update-review

Thanks for the reminder.
I had three updates awaiting action when I checked.

Quite a big one for Win10 1903 Cumulative Update (KB4515384) this time around, even on a relatively fast connection it took a while to download and then install.
Title: Re: Technical
Post by: Asyn on September 12, 2019, 12:04:27 PM
Intel server-grade CPUs impacted by new NetCAT attack
https://www.zdnet.com/article/intel-server-grade-cpus-impacted-by-new-netcat-attack/
https://www.vusec.net/projects/netcat/
https://www.cs.vu.nl/~herbertb/download/papers/netcat_sp20.pdf
https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00290.html
Title: Re: Technical
Post by: Asyn on September 14, 2019, 11:20:09 AM
Simjacker – Next Generation Spying Over Mobile
https://www.adaptivemobile.com/blog/simjacker-next-generation-spying-over-mobile
Title: Re: Technical
Post by: Asyn on September 15, 2019, 11:59:38 AM
The tangle of WiryJMPer’s obfuscation
https://decoded.avast.io/adolfstreda/the-tangle-of-wiryjmpers-obfuscation/
Title: Re: Technical
Post by: Asyn on September 17, 2019, 12:29:37 PM
Database leaks data on most of Ecuador's citizens, including 6.7 million children
https://www.zdnet.com/article/database-leaks-data-on-most-of-ecuadors-citizens-including-6-7-million-children/
Title: Re: Technical
Post by: Asyn on September 18, 2019, 11:59:58 AM
Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek.
https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet
Title: Re: Technical
Post by: bob3160 on September 18, 2019, 02:22:46 PM
Millions of Americans’ Medical Images and Data Are Available on the Internet. Anyone Can Take a Peek.
https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet (https://www.propublica.org/article/millions-of-americans-medical-images-and-data-are-available-on-the-internet)
Another headline that's a bit misleading. Any one can take a peek only how to do that peeking isn't really made available.

Title: Re: Technical
Post by: Asyn on September 19, 2019, 09:41:52 AM
Ok Google! Please reveal everyone’s public calendar.
https://medium.com/@logicbomb_1/ok-google-please-reveal-everyones-public-calendar-27523206f9ac
Title: Re: Technical
Post by: Asyn on September 21, 2019, 05:06:27 PM
An Update on Our App Developer Investigation
https://newsroom.fb.com/news/2019/09/an-update-on-our-app-developer-investigation/
Title: Re: Technical
Post by: Asyn on September 22, 2019, 12:15:58 PM
Disclosing new data to our archive of information operations
https://blog.twitter.com/en_us/topics/company/2019/info-ops-disclosure-data-september-2019.html
Title: Re: Technical
Post by: Asyn on September 24, 2019, 08:39:42 AM
Beware of Google Alert Links Leading to Malware and Scams
https://www.bleepingcomputer.com/news/security/beware-of-google-alert-links-leading-to-malware-and-scams/
Title: Re: Technical
Post by: Asyn on September 26, 2019, 10:07:18 AM
Ransomware: two pieces of good news - Decryptors released for Yatron and FortuneCrypt ransomware
https://securelist.com/ransomware-two-pieces-of-good-news/93355/
Title: Re: Technical
Post by: Asyn on September 26, 2019, 11:47:29 AM
Emsisoft releases free decryptor for WannaCryFake ransomware
https://blog.emsisoft.com/en/34156/emsisoft-releases-free-decryptor-for-wannacryfake-ransomware/
Title: Re: Technical
Post by: Asyn on September 27, 2019, 08:38:23 PM
The Global Disinformation Order 2019 Global Inventory of Organised Social Media Manipulation
https://comprop.oii.ox.ac.uk/wp-content/uploads/sites/93/2019/09/CyberTroop-Report19.pdf
Title: Re: Technical
Post by: Asyn on September 29, 2019, 08:54:37 AM
Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html
Title: Re: Technical
Post by: Asyn on September 30, 2019, 11:59:44 AM
Bulletproof Hosting Service in Former NATO Bunker Goes Down
https://www.bleepingcomputer.com/news/security/bulletproof-hosting-service-in-former-nato-bunker-goes-down/
Title: Re: Technical
Post by: Asyn on October 02, 2019, 07:02:16 AM
PDFex: Major Security Flaws in PDF Encryption
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html
https://www.pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf
Title: Re: Technical
Post by: bob3160 on October 02, 2019, 12:48:23 PM
PDFex: Major Security Flaws in PDF Encryption
https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html (https://web-in-security.blogspot.com/2019/09/pdfex-major-security-flaws-in-pdf.html)
https://www.pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf (https://www.pdf-insecurity.org/download/paper-pdf_encryption-ccs2019.pdf)
It's a well known fact that PDF file types are the most attacked file types.
Unfortunately, most people also use PDF file types.


Title: Re: Technical
Post by: Asyn on October 03, 2019, 09:20:19 AM
Pulling back the curtain on a banking botnet
https://blog.avast.com/avast-researcher-helps-expose-banking-botnet-geost
http://public.avast.com/research/VB2019-Garcia-etal.pdf
Title: Re: Technical
Post by: Asyn on October 04, 2019, 03:16:06 PM
McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – What The Code Tells Us
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-what-the-code-tells-us/

McAfee ATR Analyzes Sodinokibi aka REvil Ransomware-as-a-Service – The All-Stars
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/mcafee-atr-analyzes-sodinokibi-aka-revil-ransomware-as-a-service-the-all-stars/
Title: Re: Technical
Post by: Asyn on October 05, 2019, 07:49:54 AM
Researchers Say They Uncovered Uzbekistan Hacking Operations Due to Spectacularly Bad OPSEC
https://www.vice.com/en_us/article/3kx5y3/uzbekistan-hacking-operations-uncovered-due-to-spectacularly-bad-opsec
Title: Re: Technical
Post by: Asyn on October 05, 2019, 02:44:23 PM
New Fileless Botnet Novter Distributed by KovCoreG Malvertising Campaign
https://blog.trendmicro.com/trendlabs-security-intelligence/new-fileless-botnet-novter-distributed-by-kovcoreg-malvertising-campaign/
https://documents.trendmicro.com/assets/Tech-Brief-New-Fileless-Botnet-Novter-Distributed-by-KovCoreG-Malvertising-Campaign.pdf
Title: Re: Technical
Post by: Asyn on October 06, 2019, 08:08:41 AM
The Eye on the Nile
https://research.checkpoint.com/the-eye-on-the-nile/
Title: Re: Technical
Post by: Asyn on October 07, 2019, 08:38:55 AM
Emsisoft Decryptor for HildaCrypt
https://www.emsisoft.com/ransomware-decryption-tools/hildacrypt
Title: Re: Technical
Post by: Asyn on October 08, 2019, 08:48:29 AM
Emsisoft Decryptor for Muhstik
https://www.emsisoft.com/ransomware-decryption-tools/muhstik
Title: Re: Technical
Post by: Asyn on October 09, 2019, 06:57:03 AM
The October Security Update Review
https://www.zerodayinitiative.com/blog/2019/10/8/the-october-security-update-review
Title: Re: Technical
Post by: Asyn on October 11, 2019, 07:41:24 AM
SafeBreach Discovers New Critical Vulnerability In HP Touchpoint Analytics
https://safebreach.com/Post/SafeBreach-Discovers-New-Critical-Vulnerability-In-HP-Touchpoint-Analytics
https://safebreach.com/Post/HP-Touchpoint-Analytics-DLL-Search-Order-Hijacking-Potential-Abuses-CVE-2019-6333
Title: Re: Technical
Post by: Asyn on October 12, 2019, 06:41:06 AM
Apple Zero-Day Exploited in New BitPaymer Campaign
https://blog.morphisec.com/apple-zero-day-exploited-in-bitpaymer-campaign
Title: Re: Technical
Post by: Asyn on October 13, 2019, 11:12:26 AM
DNS-over-HTTPS causes more problems than it solves, experts say
https://www.zdnet.com/article/dns-over-https-causes-more-problems-than-it-solves-experts-say/
Title: Re: Technical
Post by: Asyn on October 14, 2019, 09:47:30 AM
Watching You Watch: The Tracking Ecosystem of Over-the-Top TV Streaming Devices
https://www.princeton.edu/~pmittal/publications/tv-tracking-ccs19.pdf
Title: Re: Technical
Post by: Asyn on October 15, 2019, 07:50:15 AM
Vulnerability Spotlight: Multiple remote code execution bugs in NitroPDF
https://blog.talosintelligence.com/2019/10/vuln-spotlight-Nitro-PDF-RCE-bugs-sept-19.html
Title: Re: Technical
Post by: polonus on October 15, 2019, 11:05:42 AM
OnionShare 2 now enables users to put anonymous websites online.
Websites that cannot be censored.
https://blog.torproject.org/new-version-onionshare-makes-it-easy-anyone-publish-anonymous-uncensorable-websites-0

Not encouraging anyone to do this, but good to know about it,
as there are 'certain parties' that frown upon the use of tor and related services to say the least.

polonus
Title: Re: Technical
Post by: Asyn on October 16, 2019, 07:46:04 AM
Analysis-Report “Study the Great Nation” 08.-09.2019
https://cure53.de/analysis_report_sgn.pdf
Title: Re: Technical
Post by: Asyn on October 17, 2019, 09:27:38 AM
OSX/Shlayer new Shurprise.. unveiling OSX/Tarmac
https://blog.confiant.com/osx-shlayer-new-shurprise-unveiling-osx-tarmac-f965a32de887
Title: Re: Technical
Post by: Asyn on October 17, 2019, 11:58:20 AM
Malicious Payloads - Hiding Beneath the WAV
https://threatvector.cylance.com/en_us/home/malicious-payloads-hiding-beneath-the-wav.html
Title: Re: Technical
Post by: Asyn on October 18, 2019, 08:35:33 AM
Cryptocurrency Miners Now Using Evasive Tactics to Exploit Airport Resources
https://www.cyberbit.com/blog/endpoint-security/cryptocurrency-miners-exploit-airport-resources/
Title: Re: Technical
Post by: Asyn on October 19, 2019, 08:58:07 AM
Operation Ghost: The Dukes aren’t back – they never left
https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/
https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf
Title: Re: Technical
Post by: Asyn on October 20, 2019, 01:02:02 PM
Fake UpdraftPlus Plugins
https://blog.sucuri.net/2019/10/fake-updraftplus-plugins.html
Title: Re: Technical
Post by: Asyn on October 21, 2019, 09:23:38 AM
Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping
https://srlabs.de/bites/smart-spies/
Title: Re: Technical
Post by: DavidR on October 21, 2019, 11:02:46 AM
Smart Spies: Alexa and Google Home expose users to vishing and eavesdropping
https://srlabs.de/bites/smart-spies/

Ha and they are only getting wise to this, what the hell took so long.

Recently in the papers, it suggested would you be required to warn visitors that you have one of these devices as they constantly monitor.  Just turn the damn things off.
Title: Re: Technical
Post by: bob3160 on October 21, 2019, 02:05:05 PM
Avast fights off cyber-espionage attempt, Abiss
https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss (https://blog.avast.com/ccleaner-fights-off-cyberespionage-attempt-abiss)
Title: Re: Technical
Post by: Asyn on October 22, 2019, 07:22:48 AM
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK
Title: Re: Technical
Post by: bob3160 on October 22, 2019, 03:56:02 PM
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK (https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK)
Does it really matter which bad actor is doing the hacking? :)
Title: Re: Technical
Post by: DavidR on October 22, 2019, 07:40:44 PM
Hacking the hackers: Russian group hijacked Iranian spying operation, officials say
https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK (https://www.reuters.com/article/us-russia-cyber/hacking-the-hackers-russian-group-hijacked-iranian-spying-operation-officials-say-idUSKBN1X00AK)
Does it really matter which bad actor is doing the hacking? :)

That would rather depend on who was doing the hacking and why ;)
Title: Re: Technical
Post by: Asyn on October 23, 2019, 11:12:57 AM
Emsisoft releases new decryptor for STOP Djvu ransomware
https://blog.emsisoft.com/en/34375/emsisoft-releases-new-decryptor-for-stop-djvu-ransomware/
https://www.emsisoft.com/ransomware-decryption-tools/stop-djvu
Title: Re: Technical
Post by: Asyn on October 24, 2019, 08:33:49 AM
EXCLUSIVE – Last Punched Tape Crypto Key Rolls off the NSA’s Machines
https://www.cbronline.com/news/nsa-punched-tape-keys
Title: Re: Technical
Post by: Asyn on October 26, 2019, 06:58:55 AM
Phishing attack targeting United Nations and humanitarian organizations discovered by Lookout Phishing AI
https://blog.lookout.com/lookout-phishing-ai-discovers-phishing-attack-targeting-humanitarian-organizations
Title: Re: Technical
Post by: Asyn on October 27, 2019, 09:22:44 AM
Tracking down the developer of Android adware affecting millions of users
https://www.welivesecurity.com/2019/10/24/tracking-down-developer-android-adware/
Title: Re: Technical
Post by: Asyn on October 28, 2019, 07:41:11 AM
Cash App Scams: Giveaway Offers Ensnare Instagram Users, While YouTube Videos Promise Easy Money
https://www.tenable.com/blog/cash-app-scams-giveaway-offers-ensnare-instagram-users-while-youtube-videos-promise-easy-money
Title: Re: Technical
Post by: Asyn on October 29, 2019, 09:52:01 AM
New cyberattacks targeting sporting and anti-doping organizations
https://blogs.microsoft.com/on-the-issues/2019/10/28/cyberattacks-sporting-anti-doping/
Title: Re: Technical
Post by: Asyn on October 30, 2019, 08:17:58 AM
Xhelper: Persistent Android dropper app infects 45K devices in past 6 months
https://www.symantec.com/blogs/threat-intelligence/xhelper-android-malware
Title: Re: Technical
Post by: Asyn on October 30, 2019, 08:41:29 AM
Speaking Truth to Power: Reflections on My Career at Microsoft
https://onezero.medium.com/speaking-truth-to-power-reflections-on-a-career-at-microsoft-90f80a449e36
Title: Re: Technical
Post by: Asyn on October 31, 2019, 07:38:24 AM
Office 365 Users Targeted by Voicemail Scam Pages
https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/office-365-users-targeted-by-voicemail-scam-pages/
Title: Re: Technical
Post by: Asyn on November 01, 2019, 08:47:37 AM
MESSAGETAP: Who’s Reading Your Text Messages?
https://www.fireeye.com/blog/threat-research/2019/10/messagetap-who-is-reading-your-text-messages.html
Title: Re: Technical
Post by: Asyn on November 02, 2019, 05:34:02 PM
Emsisoft Decryptor for Paradise
https://www.emsisoft.com/ransomware-decryption-tools/paradise
https://decrypter.emsisoft.com/howtos/emsisoft_howto_paradise.pdf
Title: Re: Technical
Post by: Asyn on November 03, 2019, 08:40:32 AM
Exclusive: U.S. opens national security investigation into TikTok - sources
https://www.reuters.com/article/us-tiktok-cfius-exclusive/exclusive-u-s-opens-national-security-investigation-into-tiktok-sources-idUSKBN1XB4IL
Title: Re: Technical
Post by: Asyn on November 04, 2019, 08:02:54 AM
BlueKeep (CVE 2019-0708) exploitation spotted in the wild
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
Title: Re: Technical
Post by: Asyn on November 05, 2019, 10:46:28 AM
Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems
https://lightcommands.com/
https://lightcommands.com/20191104-Light-Commands.pdf
Title: Re: Technical
Post by: bob3160 on November 05, 2019, 03:33:28 PM
Light Commands: Laser-Based Audio Injection Attacks on Voice-Controllable Systems
https://lightcommands.com/ (https://lightcommands.com/)
https://lightcommands.com/20191104-Light-Commands.pdf (https://lightcommands.com/20191104-Light-Commands.pdf)
There is obviously a lot more to this than simply shining a laser light at the device.
Keeping the device out of line of sight at this point is the best defense.
Living in the boonies is another. :)


Title: Re: Technical
Post by: Asyn on November 06, 2019, 06:55:13 AM
BlueKeep (CVE 2019-0708) exploitation spotted in the wild
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
The much-publicized BlueKeep threat has finally emerged – why should you care?
https://blog.avast.com/what-is-bluekeep
Title: Re: Technical
Post by: Asyn on November 07, 2019, 08:11:32 AM
DarkUniverse – the mysterious APT framework #27
https://securelist.com/darkuniverse-the-mysterious-apt-framework-27/94897/
Title: Re: Technical
Post by: Asyn on November 08, 2019, 09:53:43 AM
BlueKeep (CVE 2019-0708) exploitation spotted in the wild
https://www.kryptoslogic.com/blog/2019/11/bluekeep-cve-2019-0708-exploitation-spotted-in-the-wild/
The much-publicized BlueKeep threat has finally emerged – why should you care?
https://blog.avast.com/what-is-bluekeep
Microsoft works with researchers to detect and protect against new RDP exploits
https://www.microsoft.com/security/blog/2019/11/07/the-new-cve-2019-0708-rdp-exploit-attacks-explained/
Title: Re: Technical
Post by: Asyn on November 09, 2019, 08:01:00 AM
Titanium: the Platinum group strikes again
https://securelist.com/titanium-the-platinum-group-strikes-again/94961/
Title: Re: Technical
Post by: Asyn on November 10, 2019, 08:31:56 AM
How adversaries use politics for compromise
https://blog.talosintelligence.com/2019/11/political-malware.html
Title: Re: Technical
Post by: bob3160 on November 10, 2019, 11:45:54 AM
How adversaries use politics for compromise
https://blog.talosintelligence.com/2019/11/political-malware.html (https://blog.talosintelligence.com/2019/11/political-malware.html)
Fake News in any form isn't any good.
As shown here, some for of fake news can even affect your security.
Title: Re: Technical
Post by: Asyn on November 12, 2019, 12:04:04 PM
Rajarshi Gupta -  Using Real AI to Protect Real Users (435M of Them) (https://www.youtube.com/embed/iRbRjePGmyA?rel=0&amp;controls=1&amp;showinfo=0" frameborder="0" allowfullscreen)
Title: Re: Technical
Post by: DavidR on November 12, 2019, 01:01:45 PM
Rajarshi Gupta -  Using Real AI to Protect Real Users (435M of Them) (https://www.youtube.com/embed/iRbRjePGmyA?rel=0&amp;controls=1&amp;showinfo=0" frameborder="0" allowfullscreen)

Very interesting :)
Title: Re: Technical
Post by: Asyn on November 13, 2019, 07:15:36 AM
The November 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/11/12/the-november-2019-security-update-review
Title: Re: Technical
Post by: Asyn on November 13, 2019, 02:05:56 PM
IPAS: November 2019 Intel Platform Update (IPU)
https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
Title: Re: Technical
Post by: Asyn on November 14, 2019, 06:32:59 AM
TPM-Fail: TPM meets Timing and Lattice Attacks
http://tpm.fail/
http://tpm.fail/tpmfail.pdf
Title: Re: Technical
Post by: Asyn on November 15, 2019, 08:54:13 AM
TA2101 plays government imposter to distribute malware to German, Italian, and US organizations
https://www.proofpoint.com/us/threat-insight/post/ta2101-plays-government-imposter-distribute-malware-german-italian-and-us
Title: Re: Technical
Post by: Asyn on November 15, 2019, 11:45:44 AM
IPAS: November 2019 Intel Platform Update (IPU)
https://blogs.intel.com/technology/2019/11/ipas-november-2019-intel-platform-update-ipu/
Intel Fixes a Security Flaw It Said Was Repaired 6 Months Ago
https://www.nytimes.com/2019/11/12/technology/intel-chip-fix.html
Title: Re: Technical
Post by: Asyn on November 16, 2019, 07:58:49 AM
Reminder: Malware Can Exploit Improper Configurations
https://www.us-cert.gov/ncas/current-activity/2019/11/15/reminder-malware-can-exploit-improper-configurations
Title: Re: Technical
Post by: Asyn on November 17, 2019, 09:02:31 AM
APWG: Two-Thirds of all Phishing Sites Used SSL protection in Q3
https://info.phishlabs.com/blog/apwg-two-thirds-phishing-sites-ssl-https
Title: Re: Technical
Post by: Asyn on November 18, 2019, 08:22:23 AM
Thousands of hacked Disney+ accounts are already for sale on hacking forums
https://www.zdnet.com/article/thousands-of-hacked-disney-accounts-are-already-for-sale-on-hacking-forums/
Title: Re: Technical
Post by: Asyn on November 19, 2019, 01:12:03 PM
Intel to remove old drivers and BIOS updates from its site by the end of the week
https://www.zdnet.com/article/intel-to-remove-old-drivers-and-bios-updates-from-its-site-by-the-end-of-the-week/
Title: Re: Technical
Post by: Asyn on November 20, 2019, 06:23:40 AM
ACBackdoor: Analysis of a New Multiplatform Backdoor
https://www.intezer.com/blog-acbackdoor-analysis-of-a-new-multiplatform-backdoor/
Title: Re: Technical
Post by: Asyn on November 20, 2019, 12:29:27 PM
Fake Windows Update Spam Leads to Cyborg Ransomware and Its Builder
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/fake-windows-update-spam-leads-to-cyborg-ransomware-and-its-builder/
Title: Re: Technical
Post by: Asyn on November 21, 2019, 08:37:09 AM
The awaiting Roboto Botnet
https://blog.netlab.360.com/the-awaiting-roboto-botnet-en/
Title: Re: Technical
Post by: Asyn on November 22, 2019, 06:36:47 AM
Facebook and Google’s pervasive surveillance poses an unprecedented danger to human rights
https://www.amnesty.org/en/press-releases/2019/11/google-facebook-surveillance-privacy/
https://www.amnesty.org/download/Documents/POL3014042019ENGLISH.PDF
Title: Re: Technical
Post by: Asyn on November 22, 2019, 11:14:11 AM
Mispadu: Advertisement for a discounted Unhappy Meal
https://www.welivesecurity.com/2019/11/19/mispadu-advertisement-discounted-unhappy-meal/
Title: Re: Technical
Post by: Asyn on November 23, 2019, 06:55:18 AM
VNC vulnerability research
https://ics-cert.kaspersky.com/reports/2019/11/22/vnc-vulnerability-research/
Title: Re: Technical
Post by: Asyn on November 24, 2019, 07:07:24 AM
Trickbot Updates Password Grabber Module
https://unit42.paloaltonetworks.com/trickbot-updates-password-grabber-module/
Title: Re: Technical
Post by: Asyn on November 25, 2019, 11:58:07 AM
Registers as “Default Print Monitor”, but is a malicious downloader. Meet DePriMon
https://www.welivesecurity.com/2019/11/21/deprimon-default-print-monitor-malicious-downloader/
Title: Re: Technical
Post by: Asyn on November 26, 2019, 06:14:12 AM
Ginp - A malware patchwork borrowing from Anubis
https://www.threatfabric.com/blogs/ginp_a_malware_patchwork_borrowing_from_anubis.html
Title: Re: Technical
Post by: Asyn on November 27, 2019, 07:13:50 AM
Insights from one year of tracking a polymorphic threat
https://www.microsoft.com/security/blog/2019/11/26/insights-from-one-year-of-tracking-a-polymorphic-threat/
Title: Re: Technical
Post by: Asyn on November 28, 2019, 06:41:44 AM
Snapshot: Top 25 Most Dangerous Software Errors
https://www.dhs.gov/science-and-technology/news/2019/11/26/snapshot-top-25-most-dangerous-software-errors
https://cwe.mitre.org/top25/archive/2019/2019_cwe_top25.html
Title: Re: Technical
Post by: Asyn on November 29, 2019, 07:42:55 AM
Advanced Hacking Groups Keep Showing Up, Old Ones Evolve
https://www.bleepingcomputer.com/news/security/advanced-hacking-groups-keep-showing-up-old-ones-evolve/
Title: Re: Technical
Post by: Asyn on November 30, 2019, 10:39:45 AM
International crackdown on RAT spyware which takes total control of victims’ PCs
https://www.europol.europa.eu/newsroom/news/international-crackdown-rat-spyware-which-takes-total-control-of-victims%E2%80%99-pcs
Title: Re: Technical
Post by: Asyn on December 01, 2019, 10:25:34 AM
A decade of hacking: The most notable cyber-security events of the 2010s
https://www.zdnet.com/article/a-decade-of-hacking-the-most-notable-cyber-security-events-of-the-2010s/
Title: Re: Technical
Post by: Asyn on December 02, 2019, 01:36:18 PM
New Chrome Password Stealer Sends Stolen Data to a MongoDB Database
https://www.bleepingcomputer.com/news/security/new-chrome-password-stealer-sends-stolen-data-to-a-mongodb-database/
Title: Re: Technical
Post by: Asyn on December 03, 2019, 07:22:30 AM
The StrandHogg vulnerability
https://promon.co/security-news/strandhogg/
Title: Re: Technical
Post by: Asyn on December 03, 2019, 12:43:11 PM
Spear phishing campaigns—they’re sharper than you think
https://www.microsoft.com/security/blog/2019/12/02/spear-phishing-campaigns-sharper-than-you-think/
Title: Re: Technical
Post by: Asyn on December 04, 2019, 09:40:38 AM
30 506 internet domain names shut down for intellectual property infringement
https://www.europol.europa.eu/newsroom/news/30-506-internet-domain-names-shut-down-for-intellectual-property-infringement
Title: Re: Technical
Post by: Asyn on December 05, 2019, 07:19:22 AM
Lazarus Group Goes 'Fileless'
https://objective-see.com/blog/blog_0x51.html
Title: Re: Technical
Post by: Asyn on December 06, 2019, 07:51:39 AM
Behind the One-Way Mirror: A Deep Dive Into the Technology of Corporate Surveillance
https://www.eff.org/wp/behind-the-one-way-mirror
Title: Re: Technical
Post by: Asyn on December 06, 2019, 11:10:16 AM
GhostDNS Exploit Kit Strikes Back
https://decoded.avast.io/simonamusilova/ghostdns-exploit-kit-strikes-back/
Title: Re: Technical
Post by: Asyn on December 07, 2019, 06:02:31 AM
Breaking the Rules: A Tough Outlook for Home Page Attacks (CVE-2017-11774)
https://www.fireeye.com/blog/threat-research/2019/12/breaking-the-rules-tough-outlook-for-home-page-attacks.html
Title: Re: Technical
Post by: Asyn on December 08, 2019, 10:30:48 AM
How Social Media Companies are Failing to Combat Inauthentic Behaviour Online
https://www.stratcomcoe.org/how-social-media-companies-are-failing-combat-inauthentic-behaviour-online
Title: Re: Technical
Post by: Asyn on December 10, 2019, 06:37:56 AM
Snatch ransomware reboots PCs into Safe Mode to bypass protection
https://news.sophos.com/en-us/2019/12/09/snatch-ransomware-reboots-pcs-into-safe-mode-to-bypass-protection/
Title: Re: Technical
Post by: Asyn on December 11, 2019, 04:46:56 AM
The December 2019 Security Update Review
https://www.zerodayinitiative.com/blog/2019/12/10/the-december-2019-security-update-review
Title: Re: Technical
Post by: Asyn on December 12, 2019, 08:38:28 AM
Windows 0-day exploit CVE-2019-1458 used in Operation WizardOpium
https://securelist.com/windows-0-day-exploit-cve-2019-1458-used-in-operation-wizardopium/95432/
Title: Re: Technical
Post by: Asyn on December 13, 2019, 07:29:59 AM
Multi-stage downloader Trojan sLoad abuses BITS almost exclusively for malicious activities
https://www.microsoft.com/security/blog/2019/12/12/multi-stage-downloader-trojan-sload-abuses-bits-almost-exclusively-for-malicious-activities/
Title: Re: Technical
Post by: Asyn on December 14, 2019, 07:59:28 AM
Inside the Podcast that Hacks Ring Camera Owners Live on Air
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast
https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/
Title: Re: Technical
Post by: bob3160 on December 14, 2019, 03:16:13 PM
Inside the Podcast that Hacks Ring Camera Owners Live on Air
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast (https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast)
https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/ (https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/)
Secure your device by using 2 factor ID.
Title: Re: Technical
Post by: Asyn on December 16, 2019, 07:36:01 AM
It’s called “F-You Money” for a reason: Why ISOC sold .ORG to VCs
https://easydns.com/blog/2019/12/06/its-called-f-you-money-for-a-reason-why-isoc-sold-org-to-vcs/
https://www.accessnow.org/why-us-congress-should-investigate-sale-of-org/
Title: Re: Technical
Post by: Asyn on December 17, 2019, 07:23:08 AM
Intel Rapid Storage Technology Service - DLL Preloading and Potential Abuses CVE-2019-14568
https://safebreach.com/Post/Intel-Rapid-Storage-Technology-Service-DLL-Preloading-and-Potential-Abuses-CVE-2019-14568
Title: Re: Technical
Post by: bob3160 on December 17, 2019, 09:54:48 PM
Intel Rapid Storage Technology Service - DLL Preloading and Potential Abuses CVE-2019-14568
https://safebreach.com/Post/Intel-Rapid-Storage-Technology-Service-DLL-Preloading-and-Potential-Abuses-CVE-2019-14568 (https://safebreach.com/Post/Intel-Rapid-Storage-Technology-Service-DLL-Preloading-and-Potential-Abuses-CVE-2019-14568)
If this affects you, as it did me, download the update from here.
https://downloadcenter.intel.com/download/29094/Intel-Rapid-Storage-Technology-Intel-RST-User-Interface-and-Driver?product=55005

Title: Re: Technical
Post by: Asyn on December 18, 2019, 07:51:05 AM
Mac threat detections on the rise in 2019
https://blog.malwarebytes.com/mac/2019/12/mac-threat-detections-on-the-rise-in-2019/
Title: Re: Technical
Post by: Asyn on December 19, 2019, 07:15:15 AM
Dacls, the Dual platform RAT
https://blog.netlab.360.com/dacls-the-dual-platform-rat-en/
Title: Re: Technical
Post by: Asyn on December 20, 2019, 01:53:53 PM
ConnectWise Control Abused Again to Deliver Zeppelin Ransomware
https://blog.morphisec.com/connectwise-control-abused-again-to-deliver-zeppelin-ransomware
https://threatvector.cylance.com/en_us/home/zeppelin-russian-ransomware-targets-high-profile-users-in-the-us-and-europe.html
Title: Re: Technical
Post by: Asyn on December 21, 2019, 06:52:24 AM
Inside the Podcast that Hacks Ring Camera Owners Live on Air
https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast (https://www.vice.com/en_us/article/z3bbq4/podcast-livestreams-hacked-ring-cameras-nulledcast)
https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/ (https://www.bleepingcomputer.com/news/security/attackers-terrify-homeowners-after-hacking-ring-devices/)
Secure your device by using 2 factor ID.
A Data Leak Exposed The Personal Information Of Over 3,000 Ring Users
https://www.buzzfeednews.com/article/carolinehaskins1/data-leak-exposes-personal-data-over-3000-ring-camera-users
https://techcrunch.com/2019/12/19/ring-doorbell-passwords-exposed/
Title: Re: Technical
Post by: Asyn on December 22, 2019, 08:14:41 AM
It’s time to disconnect RDP from the internet
https://www.welivesecurity.com/2019/12/17/bluekeep-time-disconnect-rdp-internet/
Title: Re: Technical
Post by: Asyn on December 23, 2019, 09:11:23 AM
Rancor: Cyber Espionage Group Uses New Custom Malware to Attack Southeast Asia
https://unit42.paloaltonetworks.com/rancor-cyber-espionage-group-uses-new-custom-malware-to-attack-southeast-asia/
Title: Re: Technical
Post by: Asyn on December 24, 2019, 06:38:16 AM
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html
Title: Re: Technical
Post by: bob3160 on December 24, 2019, 02:24:00 PM
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
(https://screencast-o-matic.com/screenshots/u/Lh/1577193779881-29257.png)
Not worth my time or information.
Title: Re: Technical
Post by: Asyn on December 25, 2019, 07:46:48 AM
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.
Title: Re: Technical
Post by: Asyn on December 25, 2019, 08:17:49 AM
New disclosures to our archive of state-backed information operations
https://blog.twitter.com/en_us/topics/company/2019/new-disclosures-to-our-archive-of-state-backed-information-operations.html
Title: Re: Technical
Post by: DavidR on December 25, 2019, 10:07:55 AM
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.

Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
Title: Re: Technical
Post by: bob3160 on December 25, 2019, 04:08:51 PM
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.

Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
Since I am in the US, they want me to sign -in and hopefully subscribe. (Not going to happen. )
Title: Re: Technical
Post by: DavidR on December 25, 2019, 04:21:12 PM
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.

Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
Since I am in the US, they want me to sign -in and hopefully subscribe. (Not going to happen. )

Even stranger, I would hve thought they would have been blocking content to those outside of the US or pushing a subscription.
Title: Re: Technical
Post by: Asyn on December 25, 2019, 04:46:48 PM
It Seemed Like a Popular Chat App. It’s Secretly a Spy Tool.
https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html (https://www.nytimes.com/2019/12/22/us/politics/totok-app-uae.html)
[...]
Not worth my time or information.
Well, that's strange Bob, I can access the article without any registration/subscription.
Same experience, no problem accessing the article, strange since both Asyn and I aren't in the USA and you are.
Since I am in the US, they want me to sign -in and hopefully subscribe. (Not going to happen. )
If so, you should be able to circumvent it with ASL or HMA. ;)
Title: Re: Technical
Post by: Asyn on December 26, 2019, 08:31:47 AM
Operation Wocao - Shining a light on one of China’s hidden hacking groups
https://resources.fox-it.com/rs/170-CAK-271/images/201912_Report_Operation_Wocao.pdf
Title: Re: Technical
Post by: Asyn on December 27, 2019, 05:42:53 AM
The 12 weirdest cybersecurity stories of 2019
https://blog.avast.com/weirdest-cybersecurity-stories-of-2019
Title: Re: Technical
Post by: Asyn on December 28, 2019, 06:07:16 AM
U.S. Navy bans TikTok from government-issued mobile devices
https://www.reuters.com/article/us-usa-tiktok-navy/u-s-navy-bans-tiktok-from-government-issued-mobile-devices-idUSKBN1YO2HU
Title: Re: Technical
Post by: Asyn on December 29, 2019, 08:59:43 AM
One Nation, Tracked
https://www.nytimes.com/interactive/2019/12/19/opinion/location-tracking-cell-phone.html
Title: Re: Technical
Post by: Asyn on December 30, 2019, 11:27:16 AM
Mozi, Another Botnet Using DHT
https://blog.netlab.360.com/mozi-another-botnet-using-dht/
Title: Re: Technical
Post by: Asyn on December 31, 2019, 07:27:39 AM
Introducing BIOLOAD: FIN7 BOOSTWRITE’s Lost Twin
https://www.fortinet.com/blog/threat-research/bioload-fin7-boostwrite-lost-twin.html
Title: Re: Technical
Post by: Asyn on January 01, 2020, 08:44:28 AM
JackHammer: Efficient Rowhammer onHeterogeneous FPGA-CPU Platforms
https://arxiv.org/pdf/1912.11523.pdf
Title: Re: Technical
Post by: Asyn on January 03, 2020, 09:48:19 AM
Google to end 'Double Irish, Dutch sandwich' tax scheme
https://www.reuters.com/article/us-google-taxes-netherlands/google-to-end-double-irish-dutch-tax-scheme-filing-idUSKBN1YZ10Z
Title: Re: Technical
Post by: Asyn on January 04, 2020, 11:04:26 AM
Clop Ransomware Now Kills Windows 10 Apps and 3rd Party Tools
https://www.bleepingcomputer.com/news/security/clop-ransomware-now-kills-windows-10-apps-and-3rd-party-tools/
Title: Re: Technical
Post by: Asyn on January 06, 2020, 06:58:30 AM
Fresh Cambridge Analytica leak ‘shows global manipulation is out of control’
https://www.theguardian.com/uk-news/2020/jan/04/cambridge-analytica-data-leak-global-election-manipulation
Title: Re: Technical
Post by: Asyn on January 08, 2020, 07:06:54 AM
Hold My Beer Mirai – Spinoff Named ‘LiquorBot’ Incorporates Cryptomining
https://labs.bitdefender.com/2020/01/hold-my-beer-mirai-spinoff-named-liquorbot-incorporates-cryptomining/
Title: Re: Technical
Post by: Asyn on January 09, 2020, 07:57:23 AM
INTERPOL-led action takes aim at cryptojacking in Southeast Asia
https://www.interpol.int/en/News-and-Events/News/2020/INTERPOL-led-action-takes-aim-at-cryptojacking-in-Southeast-Asia
https://blog.trendmicro.com/interpol-collaboration-reduces-cryptojacking-by-78/
Title: Re: Technical
Post by: Asyn on January 10, 2020, 07:16:10 AM
SHA-1 is a Shambles
https://sha-mbles.github.io/
https://eprint.iacr.org/2020/014.pdf
Title: Re: Technical
Post by: Asyn on January 11, 2020, 08:44:08 AM
Top-Tier Russian Organized Cybercrime Group Unveils Fileless Stealthy “PowerTrick” Backdoor for High-Value Targets
https://labs.sentinelone.com/top-tier-russian-organized-cybercrime-group-unveils-fileless-stealthy-powertrick-backdoor-for-high-value-targets/
Title: Re: Technical
Post by: Asyn on January 12, 2020, 08:11:01 AM
The Y2K bug is back, causing headaches for developers again
https://www.zdnet.com/article/the-y2k-bug-is-back-causing-headaches-for-developers-again/
Title: Re: Technical
Post by: Asyn on January 13, 2020, 05:35:34 AM
United States government-funded phones come pre-installed with unremovable malware
https://blog.malwarebytes.com/android/2020/01/united-states-government-funded-phones-come-pre-installed-with-unremovable-malware/
Title: Re: Technical
Post by: Asyn on January 14, 2020, 06:59:13 AM
PHA Family Highlights: Bread (and Friends)
https://security.googleblog.com/2020/01/pha-family-highlights-bread-and-friends.html
Title: Re: Technical
Post by: Asyn on January 15, 2020, 07:32:36 AM
The January 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/1/14/the-january-2020-security-update-review
Title: Re: Technical
Post by: Asyn on January 16, 2020, 08:16:39 AM
IPAS: Security Advisories for January 2020
https://blogs.intel.com/technology/2020/01/ipas-security-advisories-for-january-2020-2/
Title: Re: Technical
Post by: Asyn on January 17, 2020, 07:00:42 AM
Microsoft's Chain of Fools
https://blog.lessonslearned.org/chain-of-fools/
https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/
Title: Re: Technical
Post by: Asyn on January 18, 2020, 10:22:15 AM
Critical Auth Bypass Vulnerability In InfiniteWP Client And WP Time Capsule
https://www.webarxsecurity.com/vulnerability-infinitewp-client-wp-time-capsule/
Title: Re: Technical
Post by: Asyn on January 19, 2020, 07:37:07 AM
Microsoft's Chain of Fools
https://blog.lessonslearned.org/chain-of-fools/
https://research.kudelskisecurity.com/2020/01/15/cve-2020-0601-the-chainoffools-attack-explained-with-poc/
Answers to 5 key questions about highly publicized NSA-Microsoft story
https://blog.avast.com/five-key-things-to-know-about-nsa-microsoft-issue
Title: Re: Technical
Post by: Asyn on January 20, 2020, 03:56:09 PM
404 Exploit Not Found: Vigilante Deploying Mitigation for Citrix NetScaler Vulnerability While Maintaining Backdoor
https://www.fireeye.com/blog/threat-research/2020/01/vigilante-deploying-mitigation-for-citrix-netscaler-vulnerability-while-maintaining-backdoor.html
Title: Re: Technical
Post by: Asyn on January 21, 2020, 06:24:53 AM
Fleeceware apps persist on the Play Store
https://news.sophos.com/en-us/2020/01/14/fleeceware-apps-persist-on-the-play-store/
Title: Re: Technical
Post by: Asyn on January 22, 2020, 05:51:49 AM
Uncle Sam compensates you for data leaks (yeah, right)
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/
Title: Re: Technical
Post by: bob3160 on January 22, 2020, 12:04:16 PM
Uncle Sam compensates you for data leaks (yeah, right)
https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/ (https://www.kaspersky.com/blog/data-leak-compensation-scam/32057/)
Not much different from most of these types of scams.
Offer something for little or nothing and watch the fish (succors) take the bait.
Title: Re: Technical
Post by: Asyn on January 23, 2020, 06:50:43 AM
Answers to key questions on massive Telnet IoT data leak
https://blog.avast.com/qa-on-big-telnet-iot-data-leak
Title: Re: Technical
Post by: Asyn on January 23, 2020, 11:21:01 AM
Evil Markets | Selling Access To Breached MSPs To Low-Level Criminals
https://www.sentinelone.com/blog/evil-markets-selling-access-to-breached-msps-to-low-level-criminals-2/
Title: Re: Technical
Post by: Asyn on January 24, 2020, 08:29:07 AM
Threat Spotlight: Conversation Hijacking
https://blog.barracuda.com/2020/01/16/threat-spotlight-conversation-hijacking/
Title: Re: Technical
Post by: Asyn on January 25, 2020, 06:51:25 AM
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html
Title: Re: Technical
Post by: DavidR on January 25, 2020, 10:17:26 AM
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html

All those people with social network/media accounts are finding out (if they didn't know already) what you put online isn't private.
Title: Re: Technical
Post by: bob3160 on January 25, 2020, 12:02:24 PM
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html (https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html)

All those people with social network/media accounts are finding out (if they didn't know already) what you put online isn't private.
I'll take that comment one step further.
Anyone that's online and thinks they still have any privacy are mistaken.
That's especially true if you live in the US.

Title: Re: Technical
Post by: DavidR on January 25, 2020, 05:13:07 PM
The Secretive Company That Might End Privacy as We Know It
https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html (https://www.nytimes.com/2020/01/18/technology/clearview-privacy-facial-recognition.html)

All those people with social network/media accounts are finding out (if they didn't know already) what you put online isn't private.
I'll take that comment one step further.
Anyone that's online and thinks they still have any privacy are mistaken.
That's especially true if you live in the US.

A step further, if you haven't been a bad boy (or girl) the police wouldn't be looking for you.

But then again we do still hear about miscarriages of justice.
Title: Re: Technical
Post by: Asyn on January 26, 2020, 07:58:13 AM
EFS Ransomware
https://safebreach.com/Post/EFS-Ransomware
Title: Re: Technical
Post by: Asyn on January 27, 2020, 12:19:49 PM
AMD ATI Radeon ATIDXX64.DLL shader functionality VTABLE remote code execution vulnerability
https://talosintelligence.com/vulnerability_reports/TALOS-2019-0964
Title: Re: Technical
Post by: Asyn on January 28, 2020, 06:47:58 AM
Shlayer Trojan attacks one in ten macOS users
https://securelist.com/shlayer-for-macos/95724/
Title: Re: Technical
Post by: Asyn on January 29, 2020, 07:02:02 AM
CacheOut - Leaking Data on Intel CPUs via Cache Evictions
https://cacheoutattack.com/
https://cacheoutattack.com/CacheOut.pdf
https://software.intel.com/security-software-guidance/software-guidance/l1d-eviction-sampling
Title: Re: Technical
Post by: Asyn on January 30, 2020, 10:26:09 AM
RDP to RCE: When Fragmentation Goes Wrong
https://www.kryptoslogic.com/blog/2020/01/rdp-to-rce-when-fragmentation-goes-wrong/
Title: Re: Technical
Post by: Asyn on January 31, 2020, 07:45:12 PM
New 'I Got Phished' Service Alerts Companies of Phished Employees
https://www.bleepingcomputer.com/news/security/new-i-got-phished-service-alerts-companies-of-phished-employees/
https://igotphished.abuse.ch/
Title: Re: Technical
Post by: Asyn on February 02, 2020, 08:00:52 AM
Trickbot Trojan Leveraging a New Windows 10 UAC Bypass
https://blog.morphisec.com/trickbot-uses-a-new-windows-10-uac-bypass
Title: Re: Technical
Post by: Asyn on February 03, 2020, 06:56:14 AM
WOOF locker: Unmasking the browser locker behind a stealthy tech support scam operation
https://blog.malwarebytes.com/threat-analysis/2020/01/woof-locker-stealthy-browser-locker-tech-support-scam/
Title: Re: Technical
Post by: Asyn on February 04, 2020, 08:03:31 AM
The Adware Families That Changed the Antivirus Industry
https://www.bleepingcomputer.com/news/security/the-adware-families-that-changed-the-antivirus-industry/
Title: Re: Technical
Post by: Asyn on February 05, 2020, 07:01:51 AM
Critical Security Flaw Found in WhatsApp Desktop Platform Allowing Cybercriminals Read From The File System Access
https://www.perimeterx.com/tech-blog/2020/whatsapp-fs-read-vuln-disclosure/
Title: Re: Technical
Post by: Asyn on February 06, 2020, 07:04:55 AM
The Hole in the Bucket: Attackers Abuse Bitbucket to Deliver an Arsenal of Malware
https://www.cybereason.com/blog/the-hole-in-the-bucket-attackers-abuse-bitbucket-to-deliver-an-arsenal-of-malware
Title: Re: Technical
Post by: Asyn on February 07, 2020, 05:39:32 AM
Realtek HD Audio Driver Package - DLL Preloading and Potential Abuses (CVE-2019-19705)
https://safebreach.com/Post/Realtek-HD-Audio-Driver-Package-DLL-Preloading-and-Potential-Abuses-CVE-2019-19705
Title: Re: Technical
Post by: Asyn on February 08, 2020, 08:45:51 AM
Living off another land: Ransomware borrows vulnerable driver to remove security software
https://news.sophos.com/en-us/2020/02/06/living-off-another-land-ransomware-borrows-vulnerable-driver-to-remove-security-software/
Title: Re: Technical
Post by: Asyn on February 09, 2020, 08:10:54 AM
Infostealer, Keylogger, and Ransomware in One: Anubis Targets More than 250 Android Applications
https://cofense.com/infostealer-keylogger-ransomware-one-anubis-targets-250-android-applications/
Title: Re: Technical
Post by: Asyn on February 10, 2020, 07:27:36 AM
Emotet can spread to poorly secured Wi-Fi networks and computers on them
https://www.helpnetsecurity.com/2020/02/06/emotet-spread-wi-fi-networks/
https://www.binarydefense.com/emotet-evolves-with-new-wi-fi-spreader/
Title: Re: Technical
Post by: Asyn on February 11, 2020, 07:03:38 AM
Grave Vulnerabilities Discovered in Yealink‘s VoIP Services
https://www.heise.de/ct/artikel/Grave-Vulnerabilities-Discovered-in-Yealink-s-VoIP-Services-4654617.html
Title: Re: Technical
Post by: Asyn on February 12, 2020, 07:22:39 AM
The February 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/2/11/the-february-2020-security-update-review
Title: Re: Technical
Post by: Asyn on February 13, 2020, 06:00:50 AM
The Dark Side of Smart Lighting: Check Point Research Shows How Business and Home Networks Can Be Hacked from a Lightbulb
https://blog.checkpoint.com/2020/02/05/the-dark-side-of-smart-lighting-check-point-research-shows-how-business-and-home-networks-can-be-hacked-from-a-lightbulb/
Title: Re: Technical
Post by: Asyn on February 14, 2020, 06:22:12 AM
IBM X-Force: Stolen Credentials and Vulnerabilities Weaponized Against Businesses in 2019
https://newsroom.ibm.com/2020-02-11-IBM-X-Force-Stolen-Credentials-and-Vulnerabilities-Weaponized-Against-Businesses-in-2019
Title: Re: Technical
Post by: Asyn on February 14, 2020, 12:29:53 PM
'Sloppy' Mobile Voting App Used in Four States Has 'Elementary' Security Flaws
https://www.vice.com/en_us/article/akw7mp/sloppy-mobile-voting-app-used-in-four-states-has-elementary-security-flaws
http://news.mit.edu/2020/voting-voatz-app-hack-issues-0213
https://internetpolicy.mit.edu/wp-content/uploads/2020/02/SecurityAnalysisOfVoatz_Public.pdf
Title: Re: Technical
Post by: Asyn on February 15, 2020, 06:28:18 AM
Removing Coordinated Inauthentic Behavior From Russia, Iran, Vietnam and Myanmar
https://about.fb.com/news/2020/02/removing-coordinated-inauthentic-behavior/
Title: Re: Technical
Post by: Asyn on February 16, 2020, 07:51:13 AM
SweynTooth Bug Collection Affects Hundreds of Bluetooth Products
https://www.bleepingcomputer.com/news/security/sweyntooth-bug-collection-affects-hundreds-of-bluetooth-products/
Title: Re: Technical
Post by: Asyn on February 17, 2020, 05:44:40 AM
Mitigations are attack surface, too
https://googleprojectzero.blogspot.com/2020/02/mitigations-are-attack-surface-too.html
Title: Re: Technical
Post by: Asyn on February 18, 2020, 06:36:31 AM
North Korean Malicious Cyber Activity
https://www.us-cert.gov/northkorea
Title: Re: Technical
Post by: Asyn on February 19, 2020, 06:25:08 AM
Malwarebytes 2020 State of  Malware Report
https://resources.malwarebytes.com/files/2020/02/2020_State-of-Malware-Report.pdf
Title: Re: Technical
Post by: Asyn on February 19, 2020, 08:34:47 AM
Google pulls 500 malicious Chrome extensions after researcher tip-off
https://nakedsecurity.sophos.com/2020/02/17/google-pulls-500-malicious-chrome-extensions-after-researcher-tip-off/
https://duo.com/labs/research/crxcavator-malvertising-2020
Title: Re: Technical
Post by: Asyn on February 20, 2020, 07:34:32 AM
PHP’s Labyrinth - Weaponized WordPress Themes & Plugins
https://blog.prevailion.com/2020/02/phps-labyrinth-weaponized-wordpress.html
Title: Re: Technical
Post by: Asyn on February 21, 2020, 07:37:24 AM
Lookout Phishing AI provides an inside look into a phishing campaign targeting mobile banking users
https://blog.lookout.com/lookout-phishing-ai-reveals-mobile-banking-phishing-campaign
Title: Re: Technical
Post by: Asyn on February 22, 2020, 07:16:37 AM
Hamas Android Malware On IDF Soldiers - This is How it Happened
https://research.checkpoint.com/2020/hamas-android-malware-on-idf-soldiers-this-is-how-it-happened/
Title: Re: Technical
Post by: Asyn on February 23, 2020, 06:42:42 AM
Perilous Peripherals: The Hidden Dangers Inside Windows & Linux Computers
https://eclypsium.com/2020/2/18/unsigned-peripheral-firmware/
Title: Re: Technical
Post by: Asyn on February 24, 2020, 06:00:35 AM
Multi-Perspective Validation Improves Domain Validation Security
https://letsencrypt.org/2020/02/19/multi-perspective-validation.html
Title: Re: Technical
Post by: Asyn on February 25, 2020, 07:52:02 AM
IMP4GT: IMPersonation Attacks in 4G NeTworks
https://imp4gt-attacks.net/
https://imp4gt-attacks.net/media/imp4gt_camera_ready.pdf
Title: Re: Technical
Post by: Asyn on February 26, 2020, 07:39:03 AM
Fox Kitten – Widespread Iranian Espionage-Offensive Campaign
https://www.clearskysec.com/fox-kitten/
https://www.clearskysec.com/wp-content/uploads/2020/02/ClearSky-Fox-Kitten-Campaign.pdf
Title: Re: Technical
Post by: Asyn on February 27, 2020, 08:21:29 AM
Precise Location Information Leaking Through System Pasteboard
https://www.mysk.blog/2020/02/24/precise-location-information-leaking-through-system-pasteboard/
Title: Re: Technical
Post by: Asyn on February 28, 2020, 07:31:29 AM
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf
Title: Re: Technical
Post by: bob3160 on February 28, 2020, 02:05:22 PM
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Title: Re: Technical
Post by: Asyn on February 29, 2020, 06:54:06 AM
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
Title: Re: Technical
Post by: Asyn on February 29, 2020, 06:57:36 AM
Raccoon: The Story of a Typical Infostealer
https://www.cyberark.com/threat-research-blog/raccoon-the-story-of-a-typical-infostealer/
Title: Re: Technical
Post by: bob3160 on February 29, 2020, 04:30:24 PM
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
They could warn you if your hardware needs updating.
Title: Re: Technical
Post by: Asyn on March 01, 2020, 07:50:32 AM
Fraudsters cloak credit card skimmer with fake content delivery network, ngrok server
https://blog.malwarebytes.com/threat-analysis/2020/02/fraudsters-cloak-credit-card-skimmer-with-fake-content-delivery-network-ngrok-server/
Title: Re: Technical
Post by: Asyn on March 02, 2020, 08:25:01 AM
CVE-2020-0688: Remote Code Execution on Microsoft Exchange Server Through Fixed Cryptographic Keys
https://www.zerodayinitiative.com/blog/2020/2/24/cve-2020-0688-remote-code-execution-on-microsoft-exchange-server-through-fixed-cryptographic-keys
Title: Re: Technical
Post by: Asyn on March 02, 2020, 10:48:37 AM
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
They could warn you if your hardware needs updating.
Hmmm, maybe via WFI, but that would be something for the devs to answer/decide.
Title: Re: Technical
Post by: bob3160 on March 02, 2020, 02:01:01 PM
Kr00k - A serious vulnerability deep inside Wi-Fi encryption
https://www.eset.com/int/kr00k/ (https://www.eset.com/int/kr00k/)
https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf (https://www.welivesecurity.com/wp-content/uploads/2020/02/ESET_Kr00k.pdf)
So does this effect Avast users? Are we protected? If not, when?
Nothing much an AV can do here, you need to patch your devices (software or firmware updates).
They could warn you if your hardware needs updating.
Hmmm, maybe via WFI, but that would be something for the devs to answer/decide.
I wanted the developers to answer. That's why I posted the question.
Title: Re: Technical
Post by: Asyn on March 03, 2020, 06:51:25 AM
New Cyber Attack Campaign Leverages the COVID-19 Infodemic
https://blog.yoroi.company/research/new-cyber-attack-campaign-leverages-the-covid-19-infodemic/
Title: Re: Technical
Post by: Asyn on March 04, 2020, 08:11:01 AM
2020 - Year of the RAT
https://www.threatfabric.com/blogs/2020_year_of_the_rat.html
Title: Re: Technical
Post by: Asyn on March 04, 2020, 10:16:58 AM
Ransomware Attackers Use Your Cloud Backups Against You
https://www.bleepingcomputer.com/news/security/ransomware-attackers-use-your-cloud-backups-against-you/
Title: Re: Technical
Post by: Asyn on March 05, 2020, 06:36:00 AM
FBI lists cybercrime trends of 2019
https://blog.avast.com/ic3-2019-internet-crime-report-hot-topics-avast
https://pdf.ic3.gov/2019_IC3Report.pdf
Title: Re: Technical
Post by: Asyn on March 05, 2020, 10:58:27 AM
Trickbot Delivery Method Gets a New Upgrade Focusing on Windows 10
https://blog.morphisec.com/trickbot-delivery-method-gets-a-new-upgrade-focusing-on-windows
Title: Re: Technical
Post by: Asyn on March 06, 2020, 06:47:21 AM
Ghostcat - A high-risk file read/include vulnerability in Tomcat
https://www.chaitin.cn/en/ghostcat
Title: Re: Technical
Post by: Asyn on March 07, 2020, 07:35:52 AM
Emoji to Zero-Day: Latin Homoglyphs in Domains and Subdomains
https://www.soluble.ai/blog/public-disclosure-emoji-to-zero-day
Title: Re: Technical
Post by: Asyn on March 08, 2020, 10:21:47 AM
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html
Title: Re: Technical
Post by: DavidR on March 08, 2020, 11:18:44 AM
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html

I don't know how much confidence I would have in this information coming out of China.  There have been many instances of the reverse being reported.
Title: Re: Technical
Post by: bob3160 on March 08, 2020, 01:36:03 PM
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html (http://blogs.360.cn/post/APT-C-39_CIA_EN.html)

I don't know how much confidence I would have in this information coming out of China.  There have been many instances of the reverse being reported.
When it comes to government spying, I would always suspect that the message would be slanted. It all depends on who's government is doing the spying.
Title: Re: Technical
Post by: Asyn on March 08, 2020, 02:31:46 PM
The CIA Hacking Group (APT-C-39) Conducts Cyber-Espionage Operation on China's Critical Industries for 11 Years
http://blogs.360.cn/post/APT-C-39_CIA_EN.html (http://blogs.360.cn/post/APT-C-39_CIA_EN.html)
I don't know how much confidence I would have in this information coming out of China.  There have been many instances of the reverse being reported.
When it comes to government spying, I would always suspect that the message would be slanted. It all depends on who's government is doing the spying.
Let's put it this way, the efforts are certainly bidirectional.
Title: Re: Technical
Post by: Asyn on March 09, 2020, 10:20:53 AM
Mailto Ransomware under the skin of explorer.exe
https://blogs.quickheal.com/mailto-ransomware-hiding-under-explorer-exe/
Title: Re: Technical
Post by: Asyn on March 10, 2020, 10:02:20 AM
670+ Subdomains of Microsoft are Vulnerable to Takeover (Lead to Account Takeover)
https://vullnerability.com/blog/microsoft-subdomain-account-takeover
Title: Re: Technical
Post by: Asyn on March 11, 2020, 09:15:37 AM
The March 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/3/10/the-march-2020-security-update-review
Title: Re: Technical
Post by: Asyn on March 11, 2020, 01:41:05 PM
New action to disrupt world’s largest online criminal network
https://blogs.microsoft.com/on-the-issues/2020/03/10/necurs-botnet-cyber-crime-disrupt/
Title: Re: Technical
Post by: Asyn on March 12, 2020, 08:14:30 AM
Human-operated ransomware attacks: A preventable disaster
https://www.microsoft.com/security/blog/2020/03/05/human-operated-ransomware-attacks-a-preventable-disaster/
Title: Re: Technical
Post by: Asyn on March 13, 2020, 07:53:07 AM
2020 Unit 42 IoT Threat Report
https://unit42.paloaltonetworks.com/iot-threat-report-2020/
Title: Re: Technical
Post by: Asyn on March 14, 2020, 09:08:27 AM
Mokes and Buerak distributed under the guise of security certificates
https://securelist.com/mokes-and-buerak-distributed-under-the-guise-of-security-certificates/96324/
Title: Re: Technical
Post by: Asyn on March 15, 2020, 09:44:30 AM
Intel x86 Root of Trust: loss of trust
http://blog.ptsecurity.com/2020/03/intelx86-root-of-trust-loss-of-trust.html
Title: Re: Technical
Post by: Asyn on March 16, 2020, 07:21:32 AM
LVI - Hijacking Transient Execution with Load Value Injection
https://lviattack.eu/
https://lviattack.eu/lvi.pdf
Title: Re: Technical
Post by: Asyn on March 17, 2020, 06:34:05 AM
TRRespass: Exploiting the Many Sides ofTarget Row Refresh
https://download.vusec.net/papers/trrespass_sp20.pdf
Title: Re: Technical
Post by: Asyn on March 18, 2020, 09:28:21 AM
Tracking Turla: New backdoor delivered via Armenian watering holes
https://www.welivesecurity.com/2020/03/12/tracking-turla-new-backdoor-armenian-watering-holes/
Title: Re: Technical
Post by: Asyn on March 19, 2020, 09:47:52 AM
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf
Title: Re: Technical
Post by: bob3160 on March 19, 2020, 12:04:20 PM
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Title: Re: Technical
Post by: Asyn on March 19, 2020, 12:16:52 PM
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Hi Bob, no idea, the link works fine here.
Title: Re: Technical
Post by: bob3160 on March 19, 2020, 12:52:38 PM
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Hi Bob, no idea, the link works fine here.
It apparently leads to Google Docs which doesn't open here.
Maybe a permission problem?
Title: Re: Technical
Post by: Asyn on March 19, 2020, 01:06:23 PM
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?
Hi Bob, no idea, the link works fine here.
It apparently leads to Google Docs which doesn't open here.
Maybe a permission problem?
If you're interested in the paper, I can share it via Slack. Let me know...
Title: Re: Technical
Post by: bob3160 on March 19, 2020, 01:09:11 PM
That would work. (I really don't know if it's of interest till I see it.)
Title: Re: Technical
Post by: Asyn on March 19, 2020, 01:21:33 PM
That would work. (I really don't know if it's of interest till I see it.)
Done. :)
Title: Re: Technical
Post by: DavidR on March 19, 2020, 02:03:49 PM
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?

Works for me in the latest Firefox version, it opens in a new tab and is viewed as a PDF not as a download link.  So it may depend on your browser settings for pdf files.
Title: Re: Technical
Post by: bob3160 on March 19, 2020, 02:34:28 PM
Web Browser Privacy: What Do Browsers Say When They Phone Home?
https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf (https://www.scss.tcd.ie/Doug.Leith/pubs/browser_privacy.pdf)
That link doesn't work for me?

Works for me in the latest Firefox version, it opens in a new tab and is viewed as a PDF not as a download link.  So it may depend on your browser settings for pdf files.
Mine normally open without a problem directly in Chrome.
Asyn made it available to me via Slack. :) Thanks
Title: Re: Technical
Post by: Asyn on March 20, 2020, 07:28:56 AM
The SIM highjackers: how criminals are stealing millions by highjacking phone numbers
https://www.europol.europa.eu/newsroom/news/sim-highjackers-how-criminals-are-stealing-millions-highjacking-phone-numbers
Title: Re: Technical
Post by: Asyn on March 21, 2020, 07:56:35 AM
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings
Title: Re: Technical
Post by: bob3160 on March 21, 2020, 02:45:42 PM
Preventing Eavesdropping and Protecting Privacy on Virtual Meetings
https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings (https://www.nist.gov/blogs/cybersecurity-insights/preventing-eavesdropping-and-protecting-privacy-virtual-meetings)
I use ZOOM which encrypts everything. Each conference (presentation) has it's own unique invitation code.
Title: Re: Technical
Post by: Asyn on March 22, 2020, 07:52:53 AM
APT36 jumps on the coronavirus bandwagon, delivers Crimson RAT
https://blog.malwarebytes.com/threat-analysis/2020/03/apt36-jumps-on-the-coronavirus-bandwagon-delivers-crimson-rat/
Title: Re: Technical
Post by: Asyn on March 23, 2020, 10:28:17 AM
OWASP API Security Project
https://owasp.org/www-project-api-security/
Title: Re: Technical
Post by: Asyn on March 26, 2020, 07:31:23 AM
Google Play Store Played Again – Tekya Clicker Hides in 24 Children’s Games and 32 Utility Apps
https://research.checkpoint.com/2020/google-play-store-played-again-tekya-clicker-hides-in-24-childrens-games-and-32-utility-apps/
Title: Re: Technical
Post by: Asyn on March 27, 2020, 08:53:18 AM
They Come in the Night: Ransomware Deployment Trends
https://www.fireeye.com/blog/threat-research/2020/03/they-come-in-the-night-ransomware-deployment-trends.html
Title: Re: Technical
Post by: Asyn on March 28, 2020, 10:20:24 AM
WildPressure targets industrial-related entities in the Middle East
https://securelist.com/wildpressure-targets-industrial-in-the-middle-east/96360/
Title: Re: Technical
Post by: Asyn on March 29, 2020, 08:49:33 AM
Hackers breach FSB contractor and leak details about IoT hacking project
https://www.zdnet.com/article/hackers-breach-fsb-contractor-and-leak-details-about-iot-hacking-project/
Title: Re: Technical
Post by: Asyn on March 30, 2020, 06:18:35 AM
This Is Not a Test: APT41 Initiates Global Intrusion Campaign Using Multiple Exploits
https://www.fireeye.com/blog/threat-research/2020/03/apt41-initiates-global-intrusion-campaign-using-multiple-exploits.html
Title: Re: Technical
Post by: Asyn on March 31, 2020, 08:09:44 AM
New Router DNS Hijacking Attacks Abuse Bitbucket to Host Infostealer
https://labs.bitdefender.com/2020/03/new-router-dns-hijacking-attacks-abuse-bitbucket-to-host-infostealer/
Title: Re: Technical
Post by: Asyn on April 01, 2020, 08:36:20 AM
COVID-19 Impact: Cyber Criminals Target Zoom Domains
https://blog.checkpoint.com/2020/03/30/covid-19-impact-cyber-criminals-target-zoom-domains/
https://blog.checkpoint.com/2020/03/26/whos-zooming-who-guidelines-on-how-to-use-zoom-safely/
https://www.bleepingcomputer.com/news/security/hackers-take-advantage-of-zooms-popularity-to-push-malware/
Title: Re: Technical
Post by: Asyn on April 02, 2020, 08:55:45 AM
Identifying vulnerabilities and protecting you from phishing
https://blog.google/technology/safety-security/threat-analysis-group/identifying-vulnerabilities-and-protecting-you-phishing/amp/
Title: Re: Technical
Post by: Asyn on April 03, 2020, 07:42:55 AM
CoViper locking down computers during lockdown
https://decoded.avast.io/janrubin/coviper-locking-down-computers-during-lockdown/
Title: Re: Technical
Post by: Asyn on April 04, 2020, 10:27:10 AM
Would You Exchange Your Security for a Gift Card?
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/would-you-exchange-your-security-for-a-gift-card/
Title: Re: Technical
Post by: Asyn on April 05, 2020, 09:21:09 AM
Move Fast & Roll Your Own Crypto: A Quick Look at the Confidentiality of Zoom Meetings
https://citizenlab.ca/2020/04/move-fast-roll-your-own-crypto-a-quick-look-at-the-confidentiality-of-zoom-meetings/
Title: Re: Technical
Post by: Asyn on April 06, 2020, 08:30:00 AM
The Vollgar Campaign: MS-SQL Servers Under Attack
https://www.guardicore.com/2020/04/vollgar-ms-sql-servers-under-attack/
Title: Re: Technical
Post by: Asyn on April 07, 2020, 06:28:22 AM
Automatic Uncovering of Hidden Behaviors FromInput Validation in Mobile Apps
https://panda.moyix.net/~moyix/papers/inputscope_oakland20.pdf
Title: Re: Technical
Post by: Asyn on April 08, 2020, 11:05:21 AM
Webcam Hacking - The story of how I gained unauthorized Camera access on iOS and macOS
https://www.ryanpickren.com/webcam-hacking
Title: Re: Technical
Post by: Asyn on April 09, 2020, 09:49:52 AM
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/
Title: Re: Technical
Post by: bob3160 on April 09, 2020, 02:53:15 PM
Zoomed In: A Look into a Coinminer Bundled with Zoom Installer
https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/ (https://blog.trendmicro.com/trendlabs-security-intelligence/zoomed-in-a-look-into-a-coinminer-bundled-with-zoom-installer/)
It would be nice when posting this type of information, that it be clearly marked
This Installer does not come directly from ZOOM.
Misleading headlines are worse than no news.
Title: Re: Technical
Post by: Asyn on April 10, 2020, 09:48:46 AM
Full Operational Shutdown—another cybercrime case from the Microsoft Detection and Response Team
https://www.microsoft.com/security/blog/2020/04/02/full-operational-shutdown-another-cybercrime-case-microsoft-detection-and-response-team/
https://www.microsoft.com/security/blog/wp-content/uploads/2020/04/Case-study_Full-Operational-Shutdown.pdf
Title: Re: Technical
Post by: Asyn on April 11, 2020, 06:52:56 AM
Microsoft Buys Corp.com So Bad Guys Can’t
https://krebsonsecurity.com/2020/04/microsoft-buys-corp-com-so-bad-guys-cant/
Title: Re: Technical
Post by: Asyn on April 12, 2020, 08:31:23 AM
New dark_nexus IoT Botnet Puts Others to Shame
https://www.bitdefender.com/files/News/CaseStudies/study/319/Bitdefender-PR-Whitepaper-DarkNexus-creat4349-en-EN-interactive.pdf
Title: Re: Technical
Post by: Asyn on April 13, 2020, 07:20:57 AM
Fingerprint cloning: Myth or reality?
https://blog.talosintelligence.com/2020/04/fingerprint-research.html
Title: Re: Technical
Post by: Asyn on April 15, 2020, 08:03:48 AM
The April 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/4/14/the-april-2020-security-update-review
Title: Re: Technical
Post by: Asyn on April 16, 2020, 06:44:13 AM
Intel Releases Security Updates
https://www.us-cert.gov/ncas/current-activity/2020/04/14/intel-releases-security-updates
Title: Re: Technical
Post by: Asyn on April 17, 2020, 11:15:13 AM
Cloudflare drops Google's reCAPTCHA due to privacy concerns
https://www.bleepingcomputer.com/news/technology/cloudflare-drops-googles-recaptcha-due-to-privacy-concerns/
https://blog.cloudflare.com/moving-from-recaptcha-to-hcaptcha/
Title: Re: Technical
Post by: Asyn on April 17, 2020, 03:56:05 PM
Zoom Endpoint-Security Considerations
https://dev.io/posts/zoomzoo/
Title: Re: Technical
Post by: Asyn on April 18, 2020, 08:21:33 AM
Analysis of a WordPress Credit Card Swiper
https://blog.sucuri.net/2020/04/analysis-of-a-wordpress-credit-card-swiper.html
Title: Re: Technical
Post by: Asyn on April 19, 2020, 08:41:02 AM
Discovering Fake Browser Extensions That Target Users of Ledger, Trezor, MEW, Metamask, and More
https://medium.com/mycrypto/discovering-fake-browser-extensions-that-target-users-of-ledger-trezor-mew-metamask-and-more-e281a2b80ff9
Title: Re: Technical
Post by: Asyn on April 20, 2020, 06:28:28 AM
Law enforcement and Microsoft come together to bust a major malware attack
https://news.microsoft.com/apac/features/law-enforcement-and-microsoft-come-together-to-bust-a-major-malware-attack-in-taiwan/
Title: Re: Technical
Post by: Asyn on April 21, 2020, 06:44:34 AM
Announcing the Results of the 1.1.1.1 Public DNS Resolver Privacy Examination
https://blog.cloudflare.com/announcing-the-results-of-the-1-1-1-1-public-dns-resolver-privacy-examination/
https://www.cloudflare.com/resources/assets/slt3lc6tev37/5xlHCvvNBrvrIoWbuk1vTy/e1058b0d366adf4e983aef99a6ed2a1f/Cloudflare_1.1.1.1_Public_Resolver_Report_-_03302020__2_.pdf
Title: Re: Technical
Post by: Asyn on April 22, 2020, 08:00:35 AM
New AgentTesla variant steals WiFi credentials
https://blog.malwarebytes.com/threat-analysis/2020/04/new-agenttesla-variant-steals-wifi-credentials/
Title: Re: Technical
Post by: Asyn on April 23, 2020, 08:31:43 AM
Deserialization Attacks in .Net Games
https://www.modzero.com/modlog/archives/2020/04/17/deserialization_attacks_in__net_games/index.html
Title: Re: Technical
Post by: Asyn on April 24, 2020, 10:53:22 AM
"I'll ask your body": SMBGhost pre-auth RCE abusing Direct Memory Access structs
https://ricercasecurity.blogspot.com/2020/04/ill-ask-your-body-smbghost-pre-auth-rce.html
Title: Re: Technical
Post by: Asyn on April 25, 2020, 07:15:12 AM
You’ve Got (0-click) Mail!
https://blog.zecops.com/vulnerabilities/youve-got-0-click-mail/
Title: Re: Technical
Post by: Asyn on April 26, 2020, 07:50:43 AM
Exploiting (Almost) Every Antivirus Software
https://www.rack911labs.com/research/exploiting-almost-every-antivirus-software/
Title: Re: Technical
Post by: Asyn on April 27, 2020, 06:44:37 AM
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
Title: Re: Technical
Post by: DavidR on April 27, 2020, 11:07:45 AM
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html

From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
Title: Re: Technical
Post by: Asyn on April 27, 2020, 11:47:55 AM
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
Yes, but unfortunately the basic problem persists...

The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.
Title: Re: Technical
Post by: bob3160 on April 27, 2020, 02:07:42 PM
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html (https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html)
From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
Yes, but unfortunately the basic problem persists...

The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.
This also doesn't mention the fact that Microsoft is very busy changing the whole way Windows will be updated in the future.
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO



Title: Re: Technical
Post by: Asyn on April 27, 2020, 02:19:15 PM
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Title: Re: Technical
Post by: bob3160 on April 27, 2020, 02:40:40 PM
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
Title: Re: Technical
Post by: Asyn on April 27, 2020, 02:50:17 PM
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
Well, if so, you should know that your comment "headline sensationalized to grab attention" is totally wrong.
Title: Re: Technical
Post by: bob3160 on April 27, 2020, 03:18:24 PM
Another headline sensationalized to grab attention. Unfortunately, most people never read anything but the  misleading headlines.
I wish that at least on this forum, we do a better job than just forward those misleading headlines.
It's better not to post than to pass along things that give the wrong or only partial information. IMHO
Sorry Bob, but did you read (and understand) the Project Zero article..!?
Yes Asyn, I don't just read headlines. :)
You're entitled to your opinion.
Well, if so, you should know that your comment "headline sensationalized to grab attention" is totally wrong.
Title: Re: Technical
Post by: DavidR on April 27, 2020, 04:06:46 PM
You Won't Believe what this One Line Change Did to the Chrome Sandbox
https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
From reading this article it would appear MS has already implemented a fix:
Quote from: Extract from article
This vulnerability was fixed in April 2020 as CVE-2020-0981.
https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981 (https://portal.msrc.microsoft.com/en-us/security-guidance/advisory/CVE-2020-0981)
Yes, but unfortunately the basic problem persists...

The good news is Forshaw alerted Microsoft to the problem and the company issued a patch (CVE-2020-0981) to fix it. That said, the fundamental flaw Forshaw identified remains: the security of Google Chrome on Windows 10 depends on Microsoft and that cannot be changed. It's important to point out that other Chromium-based browsers suffer the same risk (Opera, Brave, Microsoft's new Edge browser), and that means you may tempted to quit Windows 10 if you are more wedded to your browser than your operating system.

Well that for me just confirms what I said, how can the problem still exist if the CVE-2020-0981 (that they have mentioned twice now) was released in the April 2020 updates. 

MS issued a fix(CVE-2020-0981) and your additional comments just conforms this (Forshaw reported this and confirms the same (CVE-2020-0981) fix. This is just sort of recycling old news, so that exploit shouldn't be possible if said browser sandboxes that use the win10 sandbox token/s. 

As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
Title: Re: Technical
Post by: Asyn on April 28, 2020, 06:54:13 AM
As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
There's also macOS/Linux/Android/iOS or even Win7/8/8.1 (if you prefer MS).
Title: Re: Technical
Post by: Asyn on April 28, 2020, 06:56:04 AM
Shade Ransomware shuts down, releases 750K decryption keys
https://www.bleepingcomputer.com/news/security/shade-ransomware-shuts-down-releases-750k-decryption-keys/
Title: Re: Technical
Post by: DavidR on April 28, 2020, 11:42:00 AM
As for their comment "if you are tempted to quit windows10," what the hell are they suggesting as a replacement, nothing it would seem.
There's also macOS/Linux/Android/iOS or even Win7/8/8.1 (if you prefer MS).

For me that is crazy, switching OS for a browser related issue, changing your whole way of working.  Not to mention it would probably require a complete reinstall on your system, even if you tried using a Virtual OS on that system.  But that also be vulnerable to the Host system vulnerabilities (I've never installed a virtual OS).

The Mac OS isn't without its issues as has been recently under the spotlight.  As for falling back to an older windows OS, who is to say that the same vulnerability isn't in that old code also.

And finally, this issue has had this vulnerability closed, with older OSes about to reach end of life/support (Win7) they aren't normally going to receive these patches.
Title: Re: Technical
Post by: Asyn on April 28, 2020, 11:59:42 AM
1. For me that is crazy, switching OS for a browser related issue, changing your whole way of working.  Not to mention it would probably require a complete reinstall on your system, even if you tried using a Virtual OS on that system.  But that also be vulnerable to the Host system vulnerabilities (I've never installed a virtual OS).
2. The Mac OS isn't without its issues as has been recently under the spotlight.  As for falling back to an older windows OS, who is to say that the same vulnerability isn't in that old code also.
3. And finally, this issue has had this vulnerability closed, with older OSes about to reach end of life/support (Win7) they aren't normally going to receive these patches.
OK, this is my last reply regarding this issue, as I'm not planning to turn this into a discusson thread. ;)

1. Agreed Dave, and I doubt many (if any) will switch OS because of that.
2. I won't comment on macOS, but regarding Windows only W10 is affected.
3. No patches needed for older Win OS.
Title: Re: Technical
Post by: bob3160 on April 28, 2020, 02:04:42 PM
1. For me that is crazy, switching OS for a browser related issue, changing your whole way of working.  Not to mention it would probably require a complete reinstall on your system, even if you tried using a Virtual OS on that system.  But that also be vulnerable to the Host system vulnerabilities (I've never installed a virtual OS).
2. The Mac OS isn't without its issues as has been recently under the spotlight.  As for falling back to an older windows OS, who is to say that the same vulnerability isn't in that old code also.
3. And finally, this issue has had this vulnerability closed, with older OSes about to reach end of life/support (Win7) they aren't normally going to receive these patches.
OK, this is my last reply regarding this issue, as I'm not planning to turn this into a discusson thread. ;)

1. Agreed Dave, and I doubt many (if any) will switch OS because of that.
2. I won't comment on macOS, but regarding Windows only W10 is affected.
3. No patches needed for older Win OS.
Discussions is what makes this forum what it is. These TWEET like posts are what are misleading.

Title: Re: Technical
Post by: Asyn on April 28, 2020, 02:11:20 PM
Discussions is what makes this forum what it is.
Feel free to start a new topic for (further) discussion.
Title: Re: Technical
Post by: Asyn on April 29, 2020, 07:14:08 AM
Tag Barnakle: The Malvertiser That Hacks Revive Ad Servers, Redirects Victims To Malware
https://blog.confiant.com/tag-barnakle-the-malvertiser-that-hacks-revive-ad-servers-redirects-victims-to-malware-50cdc57435b1
Title: Re: Technical
Post by: Asyn on April 30, 2020, 07:24:38 AM
Studying How Cybercriminals Prey on the COVID-19 Pandemic
https://unit42.paloaltonetworks.com/how-cybercriminals-prey-on-the-covid-19-pandemic/
Title: Re: Technical
Post by: Asyn on May 01, 2020, 09:37:28 AM
Hiding in plain sight: PhantomLance walks into a market
https://securelist.com/apt-phantomlance/96772/
Title: Re: Technical
Post by: Asyn on May 02, 2020, 08:06:40 AM
30,000 Percent Increase in COVID-19-Themed Attacks
https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks
Title: Re: Technical
Post by: bob3160 on May 02, 2020, 02:02:18 PM
30,000 Percent Increase in COVID-19-Themed Attacks
https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks (https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks)
Did anyone really expect anything less?
Title: Re: Technical
Post by: alanb on May 02, 2020, 07:16:17 PM
30,000 Percent Increase in COVID-19-Themed Attacks
https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks (https://www.zscaler.com/blogs/research/30000-percent-increase-covid-19-themed-attacks)
Did anyone really expect anything less?

Yep.
I expected 29,474 percent.
Title: Re: Technical
Post by: Asyn on May 03, 2020, 07:03:44 AM
Lucy’s Back: Ransomware Goes Mobile
https://research.checkpoint.com/2020/lucys-back-ransomware-goes-mobile/
Title: Re: Technical
Post by: Asyn on May 04, 2020, 08:08:39 AM
Ransomware groups continue to target healthcare, critical services; here’s how to reduce risk
https://www.microsoft.com/security/blog/2020/04/28/ransomware-groups-continue-to-target-healthcare-critical-services-heres-how-to-reduce-risk/
Title: Re: Technical
Post by: Asyn on May 05, 2020, 07:19:28 AM
The 2020 URL Querystring Data Leaks — Millions of User Emails Leaking from Popular Websites to Advertising & Analytics Companies
https://medium.com/@thezedwards/the-2020-url-querystring-data-leaks-millions-of-user-emails-leaking-from-popular-websites-to-39a09d2303d2
Title: Re: Technical
Post by: Asyn on May 05, 2020, 03:32:58 PM
Victory! ICANN Rejects .ORG Sale to Private Equity Firm Ethos Capital
https://www.eff.org/deeplinks/2020/04/victory-icann-rejects-org-sale-private-equity-firm-ethos-capital
https://www.icann.org/news/blog/icann-board-withholds-consent-for-a-change-of-control-of-the-public-interest-registry-pir
Title: Re: Technical
Post by: Asyn on May 06, 2020, 06:47:36 AM
Remembering the ILOVEYOU virus twenty years later
https://blog.avast.com/security-experts-give-thoughts-on-iloveyou-virus-20-years-later-avast
Title: Re: Technical
Post by: Asyn on May 07, 2020, 06:46:54 AM
Fuzzing ImageIO
https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html
Title: Re: Technical
Post by: Asyn on May 08, 2020, 06:55:17 AM
EventBot: A New Mobile Banking Trojan is Born
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born
Title: Re: Technical
Post by: bob3160 on May 08, 2020, 12:59:21 PM
EventBot: A New Mobile Banking Trojan is Born
https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born (https://www.cybereason.com/blog/eventbot-a-new-mobile-banking-trojan-is-born)
https://youtu.be/z9Nx9_v8wyU
Title: Re: Technical
Post by: Asyn on May 09, 2020, 05:59:14 AM
First seen in the wild – Malware uses Corporate MDM as attack vector
https://research.checkpoint.com/2020/mobile-as-attack-vector-using-mdm/
Title: Re: Technical
Post by: Asyn on May 10, 2020, 07:24:19 AM
Exclusive: Warning Over Chinese Mobile Giant Xiaomi Recording Millions Of People’s ‘Private’ Web And Phone Use
https://www.forbes.com/sites/thomasbrewster/2020/04/30/exclusive-warning-over-chinese-mobile-giant-xiaomi-recording-millions-of-peoples-private-web-and-phone-use/
Title: Re: Technical
Post by: Asyn on May 11, 2020, 06:30:16 AM
“Psychic Paper” - These aren’t the droids you’re looking for
https://siguza.github.io/psychicpaper/
Title: Re: Technical
Post by: Asyn on May 12, 2020, 08:52:15 AM
Nearly a Million WP Sites Targeted in Large-Scale Attacks
https://www.wordfence.com/blog/2020/05/nearly-a-million-wp-sites-targeted-in-large-scale-attacks/
Title: Re: Technical
Post by: Asyn on May 13, 2020, 07:31:03 AM
The May 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/5/12/the-may-2020-security-update-review
Title: Re: Technical
Post by: Asyn on May 13, 2020, 12:53:18 PM
Tales From the Trenches; a Lockbit Ransomware Story
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/tales-from-the-trenches-a-lockbit-ransomware-story/
Title: Re: Technical
Post by: Asyn on May 14, 2020, 06:32:15 AM
Naikon APT: Cyber Espionage Reloaded
https://research.checkpoint.com/2020/naikon-apt-cyber-espionage-reloaded/
Title: Re: Technical
Post by: Asyn on May 15, 2020, 07:26:28 AM
APT Group Planted Backdoors Targeting High Profile Networks in Central Asia
https://decoded.avast.io/luigicamastra/apt-group-planted-backdoors-targeting-high-profile-networks-in-central-asia/
Title: Re: Technical
Post by: Asyn on May 15, 2020, 10:14:49 AM
Changes in REvil ransomware version 2.2
https://blog.intel471.com/2020/05/04/changes-in-revil-ransomware-version-2-2/
Title: Re: Technical
Post by: Asyn on May 16, 2020, 08:31:15 AM
New Mac variant of Lazarus Dacls RAT distributed via Trojanized 2FA app
https://blog.malwarebytes.com/threat-analysis/2020/05/new-mac-variant-of-lazarus-dacls-rat-distributed-via-trojanized-2fa-app/
Title: Re: Technical
Post by: Asyn on May 17, 2020, 07:30:03 AM
Thunderspy - When Lightning Strikes Thrice: Breaking Thunderbolt 3 Security
https://thunderspy.io/
https://thunderspy.io/assets/reports/breaking-thunderbolt-security-bjorn-ruytenberg-20200417.pdf
Title: Re: Technical
Post by: Asyn on May 18, 2020, 06:31:10 AM
Top 10 Routinely Exploited Vulnerabilities
https://www.us-cert.gov/ncas/alerts/aa20-133a
https://www.us-cert.gov/sites/default/files/publications/AA20-133A_Top_10_Routinely_Exploited_Vulnerabilities_S508C.pdf
Title: Re: Technical
Post by: Asyn on May 19, 2020, 09:18:17 AM
COMpfun authors spoof visa application with HTTP status-based Trojan
https://securelist.com/compfun-http-status-based-trojan/96874/
Title: Re: Technical
Post by: Asyn on May 20, 2020, 06:22:10 AM
ATT&CKing ProLock Ransomware
https://www.group-ib.com/blog/prolock
Title: Re: Technical
Post by: Asyn on May 21, 2020, 06:38:55 AM
GhostDNS Source Code Leaked
https://decoded.avast.io/simonamusilova/ghostdns-source-code-leaked/
Title: Re: Technical
Post by: Asyn on May 22, 2020, 07:58:51 AM
Ramsay: A cyber‑espionage toolkit tailored for air‑gapped networks
https://www.welivesecurity.com/2020/05/13/ramsay-cyberespionage-toolkit-airgapped-networks/
Title: Re: Technical
Post by: Asyn on May 23, 2020, 07:27:29 AM
WordPress Malware Collects Sensitive WooCommerce Data
https://blog.sucuri.net/2020/05/wordpress-malware-collects-sensitive-woocommerce-data.html
Title: Re: Technical
Post by: Asyn on May 23, 2020, 01:04:32 PM
RATicate: an attacker’s waves of information-stealing malware
https://news.sophos.com/en-us/2020/05/14/raticate/
Title: Re: Technical
Post by: bob3160 on May 23, 2020, 03:28:42 PM
Ragnar Locker ransomware deploys virtual machine to dodge security
https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/ (https://news.sophos.com/en-us/2020/05/21/ragnar-locker-ransomware-deploys-virtual-machine-to-dodge-security/)
Using a virtual machine to bypass computer security. Sneaky.
Title: Re: Technical
Post by: Asyn on May 24, 2020, 08:10:26 AM
QNodeService: Node.js Trojan Spread via Covid-19 Lure
https://blog.trendmicro.com/trendlabs-security-intelligence/qnodeservice-node-js-trojan-spread-via-covid-19-lure/
Title: Re: Technical
Post by: Asyn on May 25, 2020, 07:55:55 AM
European supercomputers hacked in mysterious cyberattacks
https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/
https://atdotde.blogspot.com/2020/05/high-performance-hackers.html
Title: Re: Technical
Post by: bob3160 on May 25, 2020, 01:52:27 PM
European supercomputers hacked in mysterious cyberattacks
https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/ (https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/)
https://atdotde.blogspot.com/2020/05/high-performance-hackers.html (https://atdotde.blogspot.com/2020/05/high-performance-hackers.html)
Sounds like Super Computers forgot about needing Super Protection.:)
Title: Re: Technical
Post by: Asyn on May 25, 2020, 02:53:37 PM
European supercomputers hacked in mysterious cyberattacks
https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/ (https://www.bleepingcomputer.com/news/security/european-supercomputers-hacked-in-mysterious-cyberattacks/)
https://atdotde.blogspot.com/2020/05/high-performance-hackers.html (https://atdotde.blogspot.com/2020/05/high-performance-hackers.html)
Sounds like Super Computers forgot about needing Super Protection.:)
Well said Bob. 8)
Title: Re: Technical
Post by: Asyn on May 26, 2020, 07:32:48 AM
BIAS: Bluetooth Impersonation AttackS
https://francozappa.github.io/about-bias/
https://francozappa.github.io/about-bias/publication/antonioli-20-bias/antonioli-20-bias.pdf
Title: Re: Technical
Post by: Asyn on May 27, 2020, 08:44:55 AM
No “Game over” for the Winnti Group
https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/
Title: Re: Technical
Post by: Asyn on May 28, 2020, 07:16:17 AM
ZLoader Loads Again: New ZLoader Variant Returns
https://www.proofpoint.com/us/blog/threat-insight/zloader-loads-again-new-zloader-variant-returns
Title: Re: Technical
Post by: bob3160 on May 28, 2020, 02:24:38 PM
No “Game over” for the Winnti Group
https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/ (https://www.welivesecurity.com/2020/05/21/no-game-over-winnti-group/)
So it looks like the group responsible for the attack on Ccleaner some years ago,
is still active. That's not good news.
Title: Re: Technical
Post by: Asyn on May 29, 2020, 07:22:01 AM
StrandHogg 2.0 - The ‘evil twin’
https://promon.co/strandhogg-2-0/
Title: Re: Technical
Post by: Asyn on May 30, 2020, 07:19:52 AM
What is port scanning and why is eBay doing it on my computer?
https://blog.avast.com/why-is-ebay-port-scanning-my-computer-avast
https://nullsweep.com/why-is-this-website-port-scanning-me/
Title: Re: Technical
Post by: Asyn on May 31, 2020, 08:48:43 AM
The Evolution of APT15’s Codebase 2020
https://www.intezer.com/blog/research/the-evolution-of-apt15s-codebase-2020/
Title: Re: Technical
Post by: Asyn on May 31, 2020, 11:56:48 AM
What is port scanning and why is eBay doing it on my computer?
https://blog.avast.com/why-is-ebay-port-scanning-my-computer-avast
https://nullsweep.com/why-is-this-website-port-scanning-me/
List of well-known web sites that port scan their visitors
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
https://docs.google.com/spreadsheets/d/1Nu4lpyZ5PQUIpiLJBddXnr67t5-1y0u40dzyzSYj1gc/edit#gid=0
Title: Re: Technical
Post by: Asyn on June 01, 2020, 08:10:37 AM
From Agent.BTZ to ComRAT v4: A ten‑year journey
https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/
https://www.welivesecurity.com/wp-content/uploads/2020/05/ESET_Turla_ComRAT.pdf
Title: Re: Technical
Post by: Asyn on June 02, 2020, 06:15:45 AM
Netgear Nighthawk Firmware Update Vulnerability
https://iot-lab-fh-ooe.github.io/netgear_update_vulnerability/
Title: Re: Technical
Post by: Asyn on June 02, 2020, 11:46:57 AM
USBFuzz: A Framework for Fuzzing USB Drivers by Device Emulation
https://www.nebelwelt.net/files/20SEC3.pdf
Title: Re: Technical
Post by: Asyn on June 03, 2020, 07:32:44 AM
High Severity Vulnerabilities in PageLayer Plugin Affect Over 200,000 WordPress Sites
https://www.wordfence.com/blog/2020/05/high-severity-vulnerabilities-in-pagelayer-plugin-affect-over-200000-wordpress-sites/
Title: Re: Technical
Post by: Asyn on June 04, 2020, 06:54:03 AM
Introducing Blue Mockingbird
https://redcanary.com/blog/blue-mockingbird-cryptominer/
Title: Re: Technical
Post by: Asyn on June 05, 2020, 07:04:59 AM
The Octopus Scanner Malware: Attacking the open source supply chain
https://securitylab.github.com/research/octopus-scanner-malware-open-source-supply-chain
Title: Re: Technical
Post by: Asyn on June 05, 2020, 01:33:38 PM
Goodbye Mworm, Hello Nworm: TrickBot Updates Propagation Module
https://unit42.paloaltonetworks.com/goodbye-mworm-hello-nworm-trickbot-updates-propagation-module/
Title: Re: Technical
Post by: Asyn on June 06, 2020, 08:28:22 AM
Malvertising, Site Compromise, And A Status Report On Drive-by Downloads
https://blog.confiant.com/malvertising-site-compromise-and-a-status-report-on-drive-by-downloads-c127e16e57d7
Title: Re: Technical
Post by: Asyn on June 07, 2020, 08:05:04 AM
Valak: More than Meets the Eye
https://www.cybereason.com/blog/valak-more-than-meets-the-eye
Title: Re: Technical
Post by: Asyn on June 08, 2020, 06:43:28 AM
What is port scanning and why is eBay doing it on my computer?
https://blog.avast.com/why-is-ebay-port-scanning-my-computer-avast
https://nullsweep.com/why-is-this-website-port-scanning-me/
List of well-known web sites that port scan their visitors
https://www.bleepingcomputer.com/news/security/list-of-well-known-web-sites-that-port-scan-their-visitors/
https://docs.google.com/spreadsheets/d/1Nu4lpyZ5PQUIpiLJBddXnr67t5-1y0u40dzyzSYj1gc/edit#gid=0
uBlock Origin ad blocker now blocks port scans on most sites
https://www.bleepingcomputer.com/news/security/ublock-origin-ad-blocker-now-blocks-port-scans-on-most-sites/
Title: Re: Technical
Post by: Asyn on June 08, 2020, 07:29:40 AM
Steganography in targeted attacks on industrial enterprises
https://ics-cert.kaspersky.com/reports/2020/05/28/steganography-in-targeted-attacks-on-industrial-enterprises/
Title: Re: Technical
Post by: Asyn on June 09, 2020, 07:19:13 AM
Threat Spotlight: Tycoon Ransomware Targets Education and Software Sectors
https://blogs.blackberry.com/en/2020/06/threat-spotlight-tycoon-ransomware-targets-education-and-software-sectors
Title: Re: Technical
Post by: Asyn on June 09, 2020, 12:01:01 PM
Ransomware gangs team up to form extortion cartel
https://www.bleepingcomputer.com/news/security/ransomware-gangs-team-up-to-form-extortion-cartel/
https://www.bleepingcomputer.com/news/security/maze-ransomware-adds-ragnar-locker-to-its-extortion-cartel/
Title: Re: Technical
Post by: Asyn on June 10, 2020, 07:24:17 AM
Scammers are optimizing SEO results to lure victims
https://blog.avast.com/scammers-using-seo-to-lure-victims-avast
Title: Re: Technical
Post by: Asyn on June 10, 2020, 10:16:06 AM
The June 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/6/9/the-june-2020-security-update-review
Title: Re: Technical
Post by: Asyn on June 11, 2020, 07:48:22 AM
Cycldek: Bridging the (air) gap
https://securelist.com/cycldek-bridging-the-air-gap/97157/
Title: Re: Technical
Post by: Asyn on June 12, 2020, 06:46:02 AM
Stealthworker: Golang-based brute force malware still an active threat
https://blogs.akamai.com/sitr/2020/06/stealthworker-golang-based-brute-force-malware-still-an-active-threat.html
Title: Re: Technical
Post by: Asyn on June 12, 2020, 11:44:28 AM
REvil Ransomware Gang Starts Auctioning Victim Data
https://krebsonsecurity.com/2020/06/revil-ransomware-gang-starts-auctioning-victim-data/
Title: Re: Technical
Post by: Asyn on June 13, 2020, 08:52:42 AM
TA410: The Group Behind LookBack Attacks Against U.S. Utilities Sector Returns with New Malware
https://www.proofpoint.com/us/blog/threat-insight/ta410-group-behind-lookback-attacks-against-us-utilities-sector-returns-new
Title: Re: Technical
Post by: Asyn on June 14, 2020, 07:58:00 AM
Phorphiex/Trik Botnet Delivers Avaddon Ransomware
https://appriver.com/resources/blog/june-2020/phorphiextrik-botnet-delivers-avaddon-ransomware
Title: Re: Technical
Post by: Asyn on June 14, 2020, 01:03:22 PM
CallStranger (CVE-2020-12695)
Data Exfiltration & Reflected Amplified TCP DDOS & Port Scan via UPnP SUBSCRIBE Callback
https://callstranger.com/
https://github.com/yunuscadirci/CallStranger
Title: Re: Technical
Post by: Asyn on June 15, 2020, 10:57:22 AM
Gamaredon group grows its game
https://www.welivesecurity.com/2020/06/11/gamaredon-group-grows-its-game/
Title: Re: Technical
Post by: Asyn on June 16, 2020, 07:55:56 AM
The Impending Doom of Expiring Root CAs and Legacy Clients
https://scotthelme.co.uk/impending-doom-root-ca-expiring-legacy-clients/
Title: Re: Technical
Post by: Asyn on June 17, 2020, 09:15:56 AM
New Ransomware-as-a-Service Tool ‘Thanos’ Shows Connections to ‘Hakbit’
https://www.recordedfuture.com/thanos-ransomware-builder/
https://go.recordedfuture.com/hubfs/reports/cta-2020-0610.pdf
Title: Re: Technical
Post by: Asyn on June 17, 2020, 03:42:07 PM
SMBleedingGhost Writeup: Chaining SMBleed (CVE-2020-1206) with SMBGhost
https://blog.zecops.com/vulnerabilities/smbleedingghost-writeup-chaining-smbleed-cve-2020-1206-with-smbghost/
Title: Re: Technical
Post by: Asyn on June 18, 2020, 12:45:05 PM
Valak Malware and the Connection to Gozi Loader ConfCrew
https://labs.sentinelone.com/valak-malware-and-the-connection-to-gozi-loader-confcrew/
Title: Re: Technical
Post by: Asyn on June 19, 2020, 06:58:13 AM
The secret life of GPS trackers (2/2)
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/
Title: Re: Technical
Post by: bob3160 on June 19, 2020, 01:53:56 PM
The secret life of GPS trackers (2/2)
https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/ (https://decoded.avast.io/martinhron/the-secret-life-of-gps-trackers-2-2/)
Thanks Martin for another great piece of research.
I also remember how Martin Hron showed off the dangers of unsecured smart devices.
https://youtu.be/U9a31iUk-Dw (https://youtu.be/U9a31iUk-Dw)
Title: Re: Technical
Post by: Asyn on June 20, 2020, 07:41:38 AM
Unsecured databases attacked 18 times per day by hackers
https://www.comparitech.com/blog/information-security/unsecured-database-honeypot/
Title: Re: Technical
Post by: Asyn on June 21, 2020, 08:00:03 AM
Lamphone - Real-Time Passive Sound Recovery from Light Bulb Vibrations
https://www.nassiben.com/lamphone
https://eprint.iacr.org/2020/708.pdf
Title: Re: Technical
Post by: Asyn on June 22, 2020, 07:04:59 AM
Vulnerability Analysis of 2500 Docker Hub Images
https://arxiv.org/pdf/2006.02932.pdf
Title: Re: Technical
Post by: Asyn on June 23, 2020, 07:32:38 AM
Ripple20 - 19 Zero-Day Vulnerabilities Amplified by the Supply Chain
https://www.jsof-tech.com/ripple20/
Title: Re: Technical
Post by: Asyn on June 24, 2020, 07:25:12 AM
HiddenAds campaign on Play Store with 15M+ downloads discovered by Avast
https://blog.avast.com/avast-discovers-47-android-adware-apps-avast
https://decoded.avast.io/jakubvavra/hiddenads-up-to-no-good-again-and-spreading-via-android-gaming-apps/
Title: Re: Technical
Post by: Asyn on June 24, 2020, 11:47:07 AM
CrystalBit / Apple Double DLL Hijack -- From fraudulent software bundle downloads to an evasive miner raging campaign
https://blog.morphisec.com/crystalbit-apple-double-dll-hijack
Title: Re: Technical
Post by: Asyn on June 25, 2020, 07:16:44 AM
Qbot Banking Trojan Still Up to Its Old Tricks
https://www.f5.com/labs/articles/threat-intelligence/qbot-banking-trojan-still-up-to-its-old-tricks
Title: Re: Technical
Post by: Asyn on June 25, 2020, 04:48:18 PM
Digging up InvisiMole’s hidden arsenal
https://www.welivesecurity.com/2020/06/18/digging-up-invisimole-hidden-arsenal/
Title: Re: Technical
Post by: Asyn on June 26, 2020, 08:21:34 AM
Hiding In Plain Sight
https://blog.huntresslabs.com/hiding-in-plain-sight-556469e0a4e
Title: Re: Technical
Post by: Asyn on June 26, 2020, 02:40:38 PM
Oracle’s BlueKai tracks you across the web. That data spilled online - Billions of records exposed.
https://techcrunch.com/2020/06/19/oracle-bluekai-web-tracking/
Title: Re: Technical
Post by: Asyn on June 27, 2020, 08:17:00 AM
Exfiltrating User’s Private Data Using Google Analytics to Bypass CSP
https://www.perimeterx.com/tech-blog/2020/bypassing-csp-exflitrate-data/
Title: Re: Technical
Post by: Asyn on June 28, 2020, 07:55:45 AM
Sodinokibi: Ransomware Attackers also Scanning for PoS Software, Leveraging Cobalt Strike
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/sodinokibi-ransomware-cobalt-strike-pos
Title: Re: Technical
Post by: Asyn on June 29, 2020, 08:29:53 AM
Inside a TrickBot Cobalt Strike Attack Server
https://labs.sentinelone.com/inside-a-trickbot-cobaltstrike-attack-server/
Title: Re: Technical
Post by: Asyn on June 30, 2020, 08:37:41 AM
Web skimmer hides within EXIF metadata, exfiltrates credit cards via image files
https://blog.malwarebytes.com/threat-analysis/2020/06/web-skimmer-hides-within-exif-metadata-exfiltrates-credit-cards-via-image-files/
Title: Re: Technical
Post by: Asyn on July 01, 2020, 06:18:22 AM
Lucifer: New Cryptojacking and DDoS Hybrid Malware Exploiting High and Critical Vulnerabilities to Infect Windows Devices
https://unit42.paloaltonetworks.com/lucifer-new-cryptojacking-and-ddos-hybrid-malware/
Title: Re: Technical
Post by: Asyn on July 03, 2020, 08:12:21 AM
Ripple20 - 19 Zero-Day Vulnerabilities Amplified by the Supply Chain
https://www.jsof-tech.com/ripple20/
List of Ripple20 vulnerability advisories, patches, and updates
https://www.bleepingcomputer.com/news/security/list-of-ripple20-vulnerability-advisories-patches-and-updates/
Title: Re: Technical
Post by: Asyn on July 03, 2020, 02:25:34 PM
Defending Exchange servers under attack
https://www.microsoft.com/security/blog/2020/06/24/defending-exchange-servers-under-attack/
Title: Re: Technical
Post by: Asyn on July 04, 2020, 10:20:26 AM
Hijacking DLLs in Windows
https://www.wietzebeukema.nl/blog/hijacking-dlls-in-windows
Title: Re: Technical
Post by: Asyn on July 05, 2020, 09:53:48 AM
WastedLocker: Symantec Identifies Wave of Attacks Against U.S. Organizations
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/wastedlocker-ransomware-us
Title: Re: Technical
Post by: Asyn on July 06, 2020, 09:27:45 AM
Home Router Security Report 2020
https://www.fkie.fraunhofer.de/content/dam/fkie/de/documents/HomeRouter/HomeRouterSecurity_2020_Bericht.pdf
Title: Re: Technical
Post by: Asyn on July 07, 2020, 07:15:47 AM
Living Off Windows Land – A New Native File “downldr”
https://labs.sentinelone.com/living-off-windows-land-a-new-native-file-downldr/
Title: Re: Technical
Post by: Asyn on July 08, 2020, 12:19:16 PM
Alina Point of Sale Malware Still Lurking in DNS
https://blog.centurylink.com/alina-point-of-sale-malware-still-lurking-in-dns/
Title: Re: Technical
Post by: Asyn on July 09, 2020, 07:19:04 AM
Try2Cry: Ransomware tries to worm
https://www.gdatasoftware.com/blog/2020/07/36200-ransomware-tries-to-worm
Title: Re: Technical
Post by: Asyn on July 10, 2020, 07:34:37 AM
Mobile APT Surveillance Campaigns Targeting Uyghurs
https://www.lookout.com/documents/threat-reports/us/lookout-uyghur-malware-tr-us.pdf
Title: Re: Technical
Post by: Asyn on July 11, 2020, 06:18:00 AM
North Korean hackers are skimming US and European shoppers
https://sansec.io/research/north-korea-magecart
Title: Re: Technical
Post by: Asyn on July 12, 2020, 07:59:19 AM
TAU Threat Discovery: Conti Ransomware
https://www.carbonblack.com/blog/tau-threat-discovery-conti-ransomware/
Title: Re: Technical
Post by: Asyn on July 13, 2020, 10:24:12 AM
More evil: A deep look at Evilnum and its toolset
https://www.welivesecurity.com/2020/07/09/more-evil-deep-look-evilnum-toolset/
Title: Re: Technical
Post by: Asyn on July 14, 2020, 07:00:26 AM
New Joker variant hits Google Play with an old trick
https://research.checkpoint.com/2020/new-joker-variant-hits-google-play-with-an-old-trick/
Title: Re: Technical
Post by: Asyn on July 15, 2020, 09:05:46 AM
The July 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/7/14/the-july-2020-security-update-review
Title: Re: Technical
Post by: Asyn on July 16, 2020, 09:46:48 AM
The Dark Web of Intrigue: How REvil Used the Underground Ecosystem to Form an Extortion Cartel
https://www.advanced-intel.com/post/the-dark-web-of-intrigue-how-revil-used-the-underground-ecosystem-to-form-an-extortion-cartel
Title: Re: Technical
Post by: Asyn on July 17, 2020, 07:23:36 AM
Police Surveilled George Floyd Protests With Help From Twitter-Affiliated Startup Dataminr
https://theintercept.com/2020/07/09/twitter-dataminr-police-spy-surveillance-black-lives-matter-protests/
Title: Re: Technical
Post by: Asyn on July 18, 2020, 07:21:27 AM
GoldenSpy Chapter 4: GoldenHelper Malware Embedded in Official Golden Tax Software
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/goldenspy-chapter-4-goldenhelper-malware-embedded-in-official-golden-tax-software/
Title: Re: Technical
Post by: merckxist on July 18, 2020, 06:21:50 PM
Police Surveilled George Floyd Protests With Help From Twitter-Affiliated Startup Dataminr
https://theintercept.com/2020/07/09/twitter-dataminr-police-spy-surveillance-black-lives-matter-protests/
Thank you, Asyn, for the repost :)
Title: Re: Technical
Post by: Asyn on July 19, 2020, 07:06:39 AM
It’s baaaack: Public cyber enemy Emotet has returned
https://blog.malwarebytes.com/trojans/2020/07/long-dreaded-emotet-has-returned/
Title: Re: Technical
Post by: Asyn on July 20, 2020, 09:36:33 AM
TrickBot Group Launches Test Module Alerting on Fraud Activity
https://www.advanced-intel.com/post/trickbot-group-launches-test-module-alerting-on-fraud-activity
Title: Re: Technical
Post by: Asyn on July 21, 2020, 06:59:32 AM
Welcome Chat as a secure messaging app? Nothing could be further from the truth
https://www.welivesecurity.com/2020/07/14/welcome-chat-secure-messaging-app-nothing-further-truth/
Title: Re: Technical
Post by: Asyn on July 22, 2020, 08:14:24 AM
SIGRed – Resolving Your Way into Domain Admin: Exploiting a 17 Year-old Bug in Windows DNS Servers
https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin-exploiting-a-17-year-old-bug-in-windows-dns-servers/
Title: Re: Technical
Post by: Asyn on July 23, 2020, 06:52:36 AM
BlackRock - the Trojan that wanted to get them all
https://www.threatfabric.com/blogs/blackrock_the_trojan_that_wanted_to_get_them_all.html
Title: Re: Technical
Post by: Asyn on July 24, 2020, 05:22:34 PM
New Research Exposes Iranian Threat Group Operations
https://securityintelligence.com/posts/new-research-exposes-iranian-threat-group-operations/
Title: Re: Technical
Post by: Asyn on July 25, 2020, 06:15:23 PM
Worm War: The Botnet Battle for IoT Territory
https://documents.trendmicro.com/assets/white_papers/wp-worm-war-the-botnet-battle-for-iot-territory.pdf
Title: Re: Technical
Post by: Asyn on July 26, 2020, 04:00:28 PM
The Microsoft Police State: Mass Surveillance, Facial Recognition, and the Azure Cloud
https://theintercept.com/2020/07/14/microsoft-police-state-mass-surveillance-facial-recognition/
Title: Re: Technical
Post by: DavidR on July 26, 2020, 04:54:52 PM
The Microsoft Police State: Mass Surveillance, Facial Recognition, and the Azure Cloud
https://theintercept.com/2020/07/14/microsoft-police-state-mass-surveillance-facial-recognition/

Big brother is alive and well ;)

I can't remember the name but several years ago there was a futuristic TV program (and a man's fight against it) involving a system able to monitor people, phone calls and electronic activity to find and identify individuals.
Title: Re: Technical
Post by: Asyn on July 27, 2020, 01:57:11 PM
How scammers are hiding their phishing trips in public clouds
https://blog.checkpoint.com/2020/07/21/how-scammers-are-hiding-their-phishing-trips-in-public-clouds/
Title: Re: Technical
Post by: Asyn on July 28, 2020, 11:20:59 AM
Shadow Attacks: Hiding and Replacing Content in Signed PDFs (July 2020)
https://pdf-insecurity.org/index.html
https://pdf-insecurity.org/signature-shadow/evaluation_2020.html
https://pdf-insecurity.org/download/report-pdf-signatures-2020-03-02.pdf
Title: Re: Technical
Post by: Asyn on July 29, 2020, 10:03:21 AM
SharePoint and Pwn :: Remote Code Execution Against SharePoint Server Abusing DataSet
https://srcincite.io/blog/2020/07/20/sharepoint-and-pwn-remote-code-execution-against-sharepoint-server-abusing-dataset.html
Title: Re: Technical
Post by: Asyn on July 30, 2020, 09:34:01 AM
A vigilante is sabotaging the Emotet botnet by replacing malware payloads with GIFs
https://www.zdnet.com/article/a-vigilante-is-sabotaging-the-emotet-botnet-by-replacing-malware-payloads-with-gifs
Title: Re: Technical
Post by: Asyn on July 30, 2020, 03:15:56 PM
Prometei botnet and its quest for Monero
https://blog.talosintelligence.com/2020/07/prometei-botnet-and-its-quest-for-monero.html
Title: Re: Technical
Post by: Asyn on July 31, 2020, 02:42:28 PM
Ensiko: A Webshell With Ransomware Capabilities
https://blog.trendmicro.com/trendlabs-security-intelligence/ensiko-a-webshell-with-ransomware-capabilities/
Title: Re: Technical
Post by: Asyn on August 02, 2020, 09:29:40 AM
Lazarus on the hunt for big game
https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/
Title: Re: Technical
Post by: Asyn on August 03, 2020, 10:11:29 AM
Watch Your Containers: Doki Infecting Docker Servers in the Cloud
https://www.intezer.com/container-security/watch-your-containers-doki-infecting-docker-servers-in-the-cloud/
Title: Re: Technical
Post by: Asyn on August 04, 2020, 09:10:42 AM
Telling China’s Story: The Chinese Communist Party’s Campaign to Shape Global Narratives
https://fsi-live.s3.us-west-1.amazonaws.com/s3fs-public/sio-china_story_white_paper-final.pdf
Title: Re: Technical
Post by: Asyn on August 05, 2020, 08:36:48 AM
CVE-2020–9934: Bypassing the macOS Transparency, Consent, and Control (TCC) Framework for unauthorized access to sensitive user data
https://medium.com/@mattshockl/cve-2020-9934-bypassing-the-os-x-transparency-consent-and-control-tcc-framework-for-4e14806f1de8
Title: Re: Technical
Post by: Asyn on August 06, 2020, 07:05:23 AM
UAC bypass via dll hijacking and mock directories
http://daniels-it-blog.blogspot.com/2020/07/uac-bypass-via-dll-hijacking-and-mock.html
Title: Re: Technical
Post by: Asyn on August 07, 2020, 08:04:03 AM
Take a “NetWalk” on the Wild Side
https://www.mcafee.com/blogs/other-blogs/mcafee-labs/take-a-netwalk-on-the-wild-side
Title: Re: Technical
Post by: Asyn on August 08, 2020, 04:29:53 PM
Malware Analysis Report (AR20-216A)
MAR-10292089-1.v1 – Chinese Remote Access Trojan: TAIDOOR
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-216a
Title: Re: Technical
Post by: Asyn on August 09, 2020, 10:47:05 AM
WastedLocker’s techniques point to a familiar heritage
https://news.sophos.com/en-us/2020/08/04/wastedlocker-techniques-point-to-a-familiar-heritage/
Title: Re: Technical
Post by: Asyn on August 10, 2020, 08:40:25 AM
What to do about the BootHole vulnerability
https://blog.avast.com/an-overview-of-the-boothole-vulnerability-avast
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/
Title: Re: Technical
Post by: bob3160 on August 10, 2020, 01:31:18 PM
What to do about the BootHole vulnerability
https://blog.avast.com/an-overview-of-the-boothole-vulnerability-avast (https://blog.avast.com/an-overview-of-the-boothole-vulnerability-avast)
https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/ (https://eclypsium.com/2020/07/29/theres-a-hole-in-the-boot/)
There's nothing to do till sometime next year.
Title: Re: Technical
Post by: Asyn on August 11, 2020, 07:06:15 AM
The Official Facebook Chat Plugin Created Vector for Social Engineering Attacks
https://www.wordfence.com/blog/2020/08/the-official-facebook-chat-plugin-created-vector-for-social-engineering-attacks/
Title: Re: Technical
Post by: Asyn on August 12, 2020, 05:52:37 AM
The August 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/8/11/the-august-2020-security-update-review
Title: Re: Technical
Post by: Asyn on August 13, 2020, 07:47:29 AM
Beyond KrØØk: Even more Wi‑Fi chips vulnerable to eavesdropping
https://www.welivesecurity.com/2020/08/06/beyond-kr00k-even-more-wifi-chips-vulnerable-eavesdropping/
Title: Re: Technical
Post by: Asyn on August 13, 2020, 02:58:23 PM
Rogue Automation - Vulnerable and Malicious Code in Industrial Programming
https://documents.trendmicro.com/assets/white_papers/wp-rogue-automation-vulnerable-and-malicious-code-in-industrial-programming.pdf
Title: Re: Technical
Post by: Asyn on August 14, 2020, 07:37:35 AM
Thoughts on the Clean Network program
https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152
https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/
Title: Re: Technical
Post by: bob3160 on August 14, 2020, 02:40:34 PM
Thoughts on the Clean Network program
https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152 (https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152)
https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/ (https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/)
I guess it all depends on your stance on how secure your data is when it travels via the China internet highway.
Title: Re: Technical
Post by: DavidR on August 14, 2020, 08:15:51 PM
Thoughts on the Clean Network program
https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152 (https://medium.com/@ted.ietf/thoughts-on-the-clean-network-program-5f1c43764152)
https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/ (https://www.internetsociety.org/news/statements/2020/internet-society-statement-on-u-s-clean-network-program/)
I guess it all depends on your stance on how secure your data is when it travels via the China internet highway.

For me when Governments get involved with technical security solutions I fear all is already lost.

If the UK Government is anything to go by, their competency with information technology projects doesn't bode well.

Often what is promised:
Quote from: extract from article
According to the brief, the program’s aim is “guarding our citizens’ privacy and our companies’ most sensitive information”.

Comes with underlying/hidden issues as this article suggests.
Title: Re: Technical
Post by: Asyn on August 15, 2020, 07:07:18 AM
Windows Print Spooler Patch Bypass Re-Enables Persistent Backdoor
https://www.zerodayinitiative.com/blog/2020/8/11/windows-print-spooler-patch-bypass-re-enables-persistent-backdoor
Title: Re: Technical
Post by: Asyn on August 16, 2020, 07:34:44 AM
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/
Title: Re: Technical
Post by: bob3160 on August 16, 2020, 02:46:50 PM
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?
Title: Re: Technical
Post by: DavidR on August 16, 2020, 06:15:53 PM
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?

Microsoft it would appear (just can't kill it, too much history) :D
Title: Re: Technical
Post by: Asyn on August 17, 2020, 09:58:06 AM
Agent Tesla | Old RAT Uses New Tricks to Stay on Top
https://labs.sentinelone.com/agent-tesla-old-rat-uses-new-tricks-to-stay-on-top/
Title: Re: Technical
Post by: Asyn on August 18, 2020, 09:25:17 AM
Color by numbers: inside a Dharma ransomware-as-a-service attack
https://news.sophos.com/en-us/2020/08/12/color-by-numbers-inside-a-dharma-ransomware-as-a-service-attack/
Title: Re: Technical
Post by: Asyn on August 18, 2020, 03:00:14 PM
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?
Microsoft it would appear (just can't kill it, too much history) :D
Latest info: https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge
Title: Re: Technical
Post by: bob3160 on August 18, 2020, 04:06:20 PM
Internet Explorer and Windows zero-day exploits used in Operation PowerFall
https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/ (https://securelist.com/ie-and-windows-zero-day-operation-powerfall/97976/)
Is any one really still using IE11 ?
Microsoft it would appear (just can't kill it, too much history) :D
Latest info: https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge (https://docs.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge)
I turned off IE11 some months back. Luckily I'm not running any software that depended on IE11.
additional information, https://www.askvg.com/microsoft-to-retire-internet-explorer-and-legacy-microsoft-edge-web-browsers-soon/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+AskVG+%28AskVG%29 (https://www.askvg.com/microsoft-to-retire-internet-explorer-and-legacy-microsoft-edge-web-browsers-soon/?utm_source=feedburner&utm_medium=email&utm_campaign=Feed%3A+AskVG+%28AskVG%29)
Title: Re: Technical
Post by: Asyn on August 19, 2020, 06:52:35 AM
Exposing and Circumventing China's Censorship of ESNI
https://geneva.cs.umd.edu/posts/china-censors-esni/esni/
Title: Re: Technical
Post by: Asyn on August 20, 2020, 09:36:09 AM
Mekotio: These aren’t the security updates you’re looking for…
https://www.welivesecurity.com/2020/08/13/mekotio-these-arent-the-security-updates-youre-looking-for/
Title: Re: Technical
Post by: Asyn on August 21, 2020, 08:11:57 AM
Russian GRU 85th GTsSS Deploys Previously Undisclosed DrovorubMalware
https://media.defense.gov/2020/Aug/13/2002476465/-1/-1/0/CSA_DROVORUB_RUSSIAN_GRU_MALWARE_AUG_2020.PDF
Title: Re: Technical
Post by: Asyn on August 21, 2020, 03:15:16 PM
Call Me Maybe: Ea­ves­drop­ping En­cryp­ted LTE Calls With Re­VoL­TE
https://revolte-attack.net/
https://revolte-attack.net/media/revolte_camera_ready.pdf
https://blog.cryptographyengineering.com/2020/08/12/attack-of-the-week-voice-calls-in-lte/
Title: Re: Technical
Post by: Asyn on August 22, 2020, 08:16:16 AM
GlueBall: The story of CVE-2020–1464
https://medium.com/@TalBeerySec/glueball-the-story-of-cve-2020-1464-50091a1f98bd
Title: Re: Technical
Post by: Asyn on August 22, 2020, 08:05:37 PM
Facebook Braces Itself for Trump to Cast Doubt on Election Results
https://www.nytimes.com/2020/08/21/technology/facebook-trump-election.html
Title: Re: Technical
Post by: bob3160 on August 22, 2020, 09:30:42 PM
Facebook Braces Itself for Trump to Cast Doubt on Election Results
https://www.nytimes.com/2020/08/21/technology/facebook-trump-election.html (https://www.nytimes.com/2020/08/21/technology/facebook-trump-election.html)
Technical or political?
Title: Re: Technical
Post by: Asyn on August 23, 2020, 10:06:43 AM
HTML smuggling explained
https://outflank.nl/blog/2018/08/14/html-smuggling-explained/
Title: Re: Technical
Post by: Asyn on August 24, 2020, 07:29:16 AM
Lucifer’s Spawn
https://www.netscout.com/blog/asert/lucifers-spawn
Title: Re: Technical
Post by: Asyn on August 25, 2020, 08:29:24 AM
Malware Analysis Report (AR20-232A)
MAR-10295134-1.v1 – North Korean Remote Access Trojan: BLINDINGCAN
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-232a
Title: Re: Technical
Post by: Asyn on August 26, 2020, 06:19:37 AM
New Vulnerability Could Put IoT Devices at Risk
https://securityintelligence.com/posts/new-vulnerability-could-put-iot-devices-at-risk/
Title: Re: Technical
Post by: Asyn on August 27, 2020, 07:06:31 AM
Flaws in DVB-T2 set-top boxes exposed
https://decoded.avast.io/vladislaviliushin/flaws-in-dvb-t2-set-top-boxes-exposed/
Title: Re: Technical
Post by: Asyn on August 28, 2020, 01:44:22 PM
FritzFrog: A New Generation of Peer-to-Peer Botnets
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Title: Re: Technical
Post by: Asyn on August 29, 2020, 06:15:56 AM
The Confused Mailman: Sending SPF and DMARC passing mail as any Gmail or G Suite customer
https://ezh.es/blog/2020/08/the-confused-mailman-sending-spf-and-dmarc-passing-mail-as-any-gmail-or-g-suite-customer/
Title: Re: Technical
Post by: Asyn on August 30, 2020, 08:51:39 AM
2020 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2020/2020_cwe_top25.html
Title: Re: Technical
Post by: Asyn on August 31, 2020, 07:20:40 AM
Mailto: Me Your Secrets.
On Bugs and Features in Email End-to-End Encryption
https://www.nds.ruhr-uni-bochum.de/media/nds/veroeffentlichungen/2020/08/15/mailto-paper.pdf
Title: Re: Technical
Post by: Asyn on September 01, 2020, 08:26:12 AM
Lazarus Group Campaign Targeting The Cryptocurrency Vertical
https://labs.f-secure.com/assets/BlogFiles/f-secureLABS-tlp-white-lazarus-threat-intel-report.pdf
Title: Re: Technical
Post by: Asyn on September 01, 2020, 07:42:17 PM
Firebase Cloud Messaging Service Takeover: A small research that led to 30k$+ in bounties
https://abss.me/posts/fcm-takeover/
Title: Re: Technical
Post by: Asyn on September 02, 2020, 08:53:05 AM
Remembering hardware and cyberattacks from the 1980s
https://blog.avast.com/best-hardware-80s-avast
Title: Re: Technical
Post by: Asyn on September 03, 2020, 07:12:40 AM
An Old Bot’s Nasty New Tricks: Exploring Qbot’s Latest Attack Methods
https://research.checkpoint.com/2020/exploring-qbots-latest-attack-methods/
Title: Re: Technical
Post by: Asyn on September 04, 2020, 08:05:35 AM
Lemon_Duck cryptominer targets cloud apps & Linux
https://news.sophos.com/en-us/2020/08/25/lemon_duck-cryptominer-targets-cloud-apps-linux/
Title: Re: Technical
Post by: Asyn on September 05, 2020, 07:06:32 AM
Apple Approved Malware
https://objective-see.com/blog/blog_0x4E.html
Title: Re: Technical
Post by: Asyn on September 05, 2020, 05:05:23 PM
FritzFrog: A New Generation of Peer-to-Peer Botnets
https://www.guardicore.com/2020/08/fritzfrog-p2p-botnet-infects-ssh-servers/
Beware of FritzFrog, a nasty piece of malware
https://blog.avast.com/beware-of-fritzfrog-malware-avast
Title: Re: Technical
Post by: Asyn on September 06, 2020, 08:45:14 AM
In the wild QNAP NAS attacks
https://blog.netlab.360.com/in-the-wild-qnap-nas-attacks-en/
Title: Re: Technical
Post by: Asyn on September 07, 2020, 07:13:28 AM
KryptoCibule: The multitasking multicurrency cryptostealer
https://www.welivesecurity.com/2020/09/02/kryptocibule-multitasking-multicurrency-cryptostealer/
Title: Re: Technical
Post by: Asyn on September 08, 2020, 07:32:10 AM
Who Is PIONEER KITTEN?
https://www.crowdstrike.com/blog/who-is-pioneer-kitten/
Title: Re: Technical
Post by: Asyn on September 09, 2020, 09:08:20 AM
The September 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/9/8/the-september-2020-security-update-review
Title: Re: Technical
Post by: Asyn on September 10, 2020, 08:28:52 AM
700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
Title: Re: Technical
Post by: Asyn on September 11, 2020, 07:19:38 AM
Hiding In Plain Sight
https://blog.huntresslabs.com/hiding-in-plain-sight-556469e0a4e
Hiding in Plain Sight || Part 2
https://blog.huntresslabs.com/hiding-in-plain-sight-part-2-dfec817c036f
Title: Re: Technical
Post by: Asyn on September 12, 2020, 07:58:02 AM
TERRACOTTA Android Malware: A Technical Study
https://www.whiteops.com/blog/terracotta-android-malware-a-technical-study
Title: Re: Technical
Post by: Asyn on September 13, 2020, 08:21:11 AM
How Facebook and Other Sites Manipulate Your Privacy Choices
https://www.wired.com/story/facebook-social-media-privacy-dark-patterns/
Title: Re: Technical
Post by: Asyn on September 14, 2020, 06:49:33 AM
Thanos Ransomware: Destructive Variant Targeting State-Run Organizations in the Middle East and North Africa
https://unit42.paloaltonetworks.com/thanos-ransomware/
Title: Re: Technical
Post by: Asyn on September 15, 2020, 07:31:37 AM
Attackers Abusing Legitimate Cloud Monitoring Tools to Conduct Cyber Attacks
https://www.intezer.com/blog/cloud-workload-protection/attackers-abusing-legitimate-cloud-monitoring-tools-to-conduct-cyber-attacks/
Title: Re: Technical
Post by: Asyn on September 16, 2020, 07:51:50 AM
Who is calling? CDRThief targets Linux VoIP softswitches
https://www.welivesecurity.com/2020/09/10/who-callin-cdrthief-linux-voip-softswitches/
Title: Re: Technical
Post by: Asyn on September 17, 2020, 09:24:54 AM
Lock Like a Pro: Dive in Recent ProLock's
https://www.group-ib.com/blog/prolock_evolution
Title: Re: Technical
Post by: Asyn on September 18, 2020, 06:41:45 AM
Complex obfuscation? Meh… (1/2)
https://decoded.avast.io/janrubin/complex-obfuscation-meh/
Title: Re: Technical
Post by: Asyn on September 19, 2020, 07:11:06 AM
700,000 WordPress Users Affected by Zero-Day Vulnerability in File Manager Plugin
https://www.wordfence.com/blog/2020/09/700000-wordpress-users-affected-by-zero-day-vulnerability-in-file-manager-plugin/
Attackers Fight for Control of Sites Targeted in File Manager Vulnerability
https://www.wordfence.com/blog/2020/09/attackers-fight-for-control-of-sites-targeted-in-file-manager-vulnerability/
Title: Re: Technical
Post by: Asyn on September 19, 2020, 07:14:41 AM
Testing IP Camera Account Security
https://decoded.avast.io/markozbirka/testing-ip-camera-account-security/
Title: Re: Technical
Post by: Asyn on September 20, 2020, 10:56:05 AM
New cyberattacks targeting U.S. elections
https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/
Title: Re: Technical
Post by: bob3160 on September 20, 2020, 01:38:24 PM
New cyberattacks targeting U.S. elections
https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/ (https://blogs.microsoft.com/on-the-issues/2020/09/10/cyberattacks-us-elections-trump-biden/)
Equal opportunity attackers.
Title: Re: Technical
Post by: Asyn on September 20, 2020, 06:53:59 PM
Blox Tales #15: Credential Phishing Attack Performs Real-Time Active Directory (AD) Authentication
https://www.armorblox.com/blog/blox-tales-credential-phishing-attack-performs-real-time-active-directory-authentication/
Title: Re: Technical
Post by: Asyn on September 21, 2020, 09:45:44 AM
Not for higher education: cybercriminals target academic & research institutions across the world
https://blog.checkpoint.com/2020/09/15/not-for-higher-education-cybercriminals-target-academic-research-institutions-across-the-world/
Title: Re: Technical
Post by: Asyn on September 22, 2020, 08:43:32 AM
UEFI Secure Boot Customization
https://media.defense.gov/2020/Sep/15/2002497594/-1/-1/0/CTR-UEFI-SECURE-BOOT-CUSTOMIZATION-20200915.PDF
Title: Re: Technical
Post by: Asyn on September 23, 2020, 09:07:38 AM
Maze attackers adopt Ragnar Locker virtual machine technique
https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/
Title: Re: Technical
Post by: Asyn on September 24, 2020, 07:45:19 AM
Mobile (Private) Contact Discovery
https://contact-discovery.github.io/
https://www.heise.de/downloads/18/2/9/7/0/4/5/9/preprint.pdf
Title: Re: Technical
Post by: Asyn on September 25, 2020, 09:40:12 AM
Backdoors and other vulnerabilities in HiSilicon based hardware video encoders
https://kojenov.com/2020-09-15-hisilicon-encoder-vulnerabilities/
Title: Re: Technical
Post by: Asyn on September 26, 2020, 07:52:11 AM
The Fresh Smell of ransomed coffee
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/
Title: Re: Technical
Post by: DavidR on September 26, 2020, 11:25:34 AM
The Fresh Smell of ransomed coffee
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/

I got a feeling of deja-vu when checking this out.  I'm sure we have had a very similar article about this more than a year ago. Which basically smart devices aren't to smart.  But surely the hacker would have to be in close proximity to do this surely.

I would suggest that Avast also look at so called Smart Meters, reporting your energy use.  They could well have the same insecurity issue,  though don't have the same display for the user in the same way as the Coffee machine, but there is a user display to show energy use.
Title: Re: Technical
Post by: Asyn on September 26, 2020, 02:38:06 PM
The Fresh Smell of ransomed coffee
https://decoded.avast.io/martinhron/the-fresh-smell-of-ransomed-coffee/
1. I got a feeling of deja-vu when checking this out. I'm sure we have had a very similar article about this more than a year ago. Which basically smart devices aren't to smart.  But surely the hacker would have to be in close proximity to do this surely.

2. I would suggest that Avast also look at so called Smart Meters, reporting your energy use.  They could well have the same insecurity issue,  though don't have the same display for the user in the same way as the Coffee machine, but there is a user display to show energy use.
1. That's right Dave, seems Martin loves to hack coffee machines. ;D
2. Agreed, that would be quite interesting. The security of Smart Meters is an ongoing discussion here.
Title: Re: Technical
Post by: Asyn on September 27, 2020, 08:04:53 AM
Attackers are abusing Google’s App Engine to circumvent Enterprise Security Solutions…Again!
https://medium.com/@marcelx/attackers-are-abusing-googles-app-engine-to-circumvent-enterprise-security-solutions-again-eda8345d531d
Title: Re: Technical
Post by: DavidR on September 27, 2020, 12:05:37 PM
Attackers are abusing Google’s App Engine to circumvent Enterprise Security Solutions…Again!
<snip url>

I'm not sure that this article doesn't go into too much detail as to become a training exercise for wannabe malware script kids.
Title: Re: Technical
Post by: Asyn on September 28, 2020, 08:48:13 AM
APT28 Delivers Zebrocy Malware Campaign using NATO Theme as Lure
https://quointelligence.eu/2020/09/apt28-zebrocy-malware-campaign-nato-theme/
Title: Re: Technical
Post by: Asyn on September 29, 2020, 08:57:24 AM
#Instagram_RCE: Code Execution Vulnerability in Instagram App for Android and iOS
https://research.checkpoint.com/2020/instagram_rce-code-execution-vulnerability-in-instagram-app-for-android-and-ios/
Title: Re: Technical
Post by: Asyn on September 30, 2020, 08:31:20 AM
The Initial Access Broker’s Toolbox – Remote Monitoring and Management
https://ke-la.com/the-initial-access-brokers-toolbox-remote-monitoring-and-management/
Title: Re: Technical
Post by: Asyn on October 01, 2020, 09:24:43 AM
Big Game Hunting: Now in Russia
https://www.group-ib.com/blog/oldgremlin
Title: Re: Technical
Post by: Asyn on October 02, 2020, 08:43:03 AM
Does custom firmware jeopardize the security of gaming consoles?
https://decoded.avast.io/vladislaviliushin/does-custom-firmware-jeopardize-the-security-of-gaming-consoles/
Title: Re: Technical
Post by: Asyn on October 03, 2020, 07:48:42 AM
Microsoft Security — detecting empires in the cloud
https://www.microsoft.com/security/blog/2020/09/24/gadolinium-detecting-empires-cloud/
Title: Re: Technical
Post by: Asyn on October 04, 2020, 08:53:21 AM
ThunderX ransomware: analysis and a free decryptor!
https://www.tesorion.nl/en/thunderx-ransomware-analysis-and-a-free-decryptor/
Title: Re: Technical
Post by: Asyn on October 05, 2020, 08:18:00 AM
German-made FinSpy spyware found in Egypt, and Mac and Linux versions revealed
https://www.amnesty.org/en/latest/research/2020/09/german-made-finspy-spyware-found-in-egypt-and-mac-and-linux-versions-revealed/
Title: Re: Technical
Post by: Asyn on October 06, 2020, 09:01:15 AM
APT‑C‑23 group evolves its Android spyware
https://www.welivesecurity.com/2020/09/30/aptc23-group-evolves-its-android-spyware/
Title: Re: Technical
Post by: Asyn on October 07, 2020, 07:53:28 AM
Evasive URLs in Spam: Part 2
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-urls-in-spam-part-2/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/evasive-urls-in-spam/
Title: Re: Technical
Post by: Asyn on October 08, 2020, 08:17:09 AM
MosaicRegressor: Lurking in the Shadows of UEFI
https://securelist.com/mosaicregressor/98849/
Title: Re: Technical
Post by: Asyn on October 09, 2020, 08:00:16 AM
Black-T: New Cryptojacking Variant from TeamTnT
https://unit42.paloaltonetworks.com/black-t-cryptojacking-variant/
Title: Re: Technical
Post by: Asyn on October 10, 2020, 08:15:17 AM
Global Surges in Ransomware Attacks
https://blog.checkpoint.com/2020/10/06/study-global-rise-in-ransomware-attacks/
Title: Re: Technical
Post by: Asyn on October 11, 2020, 09:34:21 AM
Anti-Virus Vulnerabilities: Who’s Guarding the Watch Tower?
https://www.cyberark.com/resources/threat-research-blog/anti-virus-vulnerabilities-who-s-guarding-the-watch-tower
Title: Re: Technical
Post by: Asyn on October 12, 2020, 09:39:30 AM
New pastebin-like service used in multiple malware campaigns
https://blogs.juniper.net/en-us/threat-research/new-pastebin-like-service-used-in-multiple-malware-campaigns
Title: Re: Technical
Post by: Asyn on October 13, 2020, 08:45:35 AM
Release the Kraken: Fileless injection into Windows Error Reporting service
https://blog.malwarebytes.com/malwarebytes-news/2020/10/kraken-attack-abuses-wer-service/
Title: Re: Technical
Post by: Asyn on October 14, 2020, 08:43:45 AM
Crouching T2, Hidden Danger
https://ironpeak.be/blog/crouching-t2-hidden-danger/
Title: Re: Technical
Post by: Asyn on October 14, 2020, 10:54:32 AM
The October 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/10/13/the-october-2020-security-update-review
Title: Re: Technical
Post by: Asyn on October 15, 2020, 07:46:19 AM
Somewhere over the RAINBOW(MIX)
https://www.whiteops.com/blog/somewhere-over-the-rainbowmix
Title: Re: Technical
Post by: Asyn on October 15, 2020, 10:13:09 AM
FakeMBAM: Backdoor delivered through software updates
https://decoded.avast.io/janvojtesek/fakembam-backdoor-delivered-through-software-updates/
Title: Re: Technical
Post by: Asyn on October 16, 2020, 08:55:04 AM
Attacks Aimed at Disrupting the Trickbot Botnet
https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/trickbot-botnet-ransomware-disruption
https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/
Title: Re: Technical
Post by: Asyn on October 17, 2020, 07:54:53 AM
We Hacked Apple for 3 Months: Here’s What We Found
https://samcurry.net/hacking-apple/
Title: Re: Technical
Post by: Asyn on October 18, 2020, 10:14:07 AM
Code execution via the Windows Update client (wuauclt)
https://dtm.uk/wuauclt/
Title: Re: Technical
Post by: Asyn on October 19, 2020, 07:39:34 AM
Top reason to apply October, 2020’s Microsoft patches: Ping of Death Redux
https://news.sophos.com/en-us/2020/10/13/top-reason-to-apply-october-2020s-microsoft-patches-ping-of-death-redux/
Title: Re: Technical
Post by: Asyn on October 20, 2020, 12:11:01 PM
US indicts Russian GRU 'Sandworm' hackers for NotPetya, worldwide attacks
https://www.bleepingcomputer.com/news/security/us-indicts-russian-gru-sandworm-hackers-for-notpetya-worldwide-attacks/
Title: Re: Technical
Post by: Asyn on October 21, 2020, 11:39:26 AM
Attacks Aimed at Disrupting the Trickbot Botnet
https://krebsonsecurity.com/2020/10/attacks-aimed-at-disrupting-the-trickbot-botnet/
https://blogs.microsoft.com/on-the-issues/2020/10/12/trickbot-ransomware-cyberthreat-us-elections/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/trickbot-botnet-ransomware-disruption
https://www.welivesecurity.com/2020/10/12/eset-takes-part-global-operation-disrupt-trickbot/
An update on disruption of Trickbot
https://blogs.microsoft.com/on-the-issues/2020/10/20/trickbot-ransomware-disruption-update/
Title: Re: Technical
Post by: Asyn on October 22, 2020, 08:28:04 AM
"Front Door" into BazarBackdoor: Stealthy Cybercrime Weapon
https://www.advanced-intel.com/post/front-door-into-bazarbackdoor-stealthy-cybercrime-weapon
Title: Re: Technical
Post by: Asyn on October 23, 2020, 09:19:21 AM
Plug'nPwn - Connect to Jailbreak
https://blog.t8012.dev/plug-n-pwn/
Title: Re: Technical
Post by: Asyn on October 24, 2020, 03:32:10 PM
Multiple Address Bar Spoofing Vulnerabilities In Mobile Browsers
https://www.rafaybaloch.com/2020/10/multiple-address-bar-spoofing-vulnerabilities.html
Title: Re: Technical
Post by: Asyn on October 25, 2020, 07:44:10 AM
Are You Still Running End-of-Life Windows Servers?
https://blog.rapid7.com/2020/10/19/are-you-still-running-end-of-life-windows-servers/
Title: Re: Technical
Post by: Asyn on October 27, 2020, 08:06:35 AM
LockBit uses automated attack tools to identify tasty targets
https://news.sophos.com/en-us/2020/10/21/lockbit-attackers-uses-automated-attack-tools-to-identify-tasty-targets/
Title: Re: Technical
Post by: Asyn on October 28, 2020, 08:15:04 AM
Data exfiltration via IPv6
https://blog.avast.com/data-exfiltration-via-ipv6-avast
Title: Re: Technical
Post by: Asyn on October 29, 2020, 08:56:45 AM
Maze ransomware is shutting down its cybercrime operation
https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/
Title: Re: Technical
Post by: Asyn on October 30, 2020, 09:11:54 AM
Apple notarizes new Mac malware… again
https://www.intego.com/mac-security-blog/apple-notarizes-new-mac-malware-again/
Title: Re: Technical
Post by: Asyn on November 01, 2020, 08:57:09 AM
New RAT malware gets commands via Discord, has ransomware feature
https://www.bleepingcomputer.com/news/security/new-rat-malware-gets-commands-via-discord-has-ransomware-feature/
Title: Re: Technical
Post by: Asyn on November 02, 2020, 07:37:27 AM
Turla uses HyperStack, Carbon, and Kazuar to compromise government entity
https://www.accenture.com/us-en/blogs/cyber-defense/turla-belugasturgeon-compromises-government-entity
Title: Re: Technical
Post by: Asyn on November 03, 2020, 10:08:23 AM
Maze ransomware is shutting down its cybercrime operation
https://www.bleepingcomputer.com/news/security/maze-ransomware-is-shutting-down-its-cybercrime-operation/
Maze ransomware shuts down operations, denies creating cartel
https://www.bleepingcomputer.com/news/security/maze-ransomware-shuts-down-operations-denies-creating-cartel/
Title: Re: Technical
Post by: Asyn on November 04, 2020, 11:41:25 AM
Malware Analysis Report (AR20-303A) - MAR-10310246-2.v1 – PowerShell Script: ComRAT
https://us-cert.cisa.gov/ncas/analysis-reports/ar20-303a
Title: Re: Technical
Post by: Asyn on November 05, 2020, 10:39:00 AM
In a first, researchers extract secret key used to encrypt Intel CPU code
https://arstechnica.com/gadgets/2020/10/in-a-first-researchers-extract-secret-key-used-to-encrypt-intel-cpu-code/
Title: Re: Technical
Post by: Asyn on November 06, 2020, 08:11:31 AM
Domain Parking: A Gateway to Attackers Spreading Emotet and Impersonating McAfee
https://unit42.paloaltonetworks.com/domain-parking/
Title: Re: Technical
Post by: Asyn on November 07, 2020, 10:52:03 AM
New RegretLocker ransomware targets Windows virtual machines
https://www.bleepingcomputer.com/news/security/new-regretlocker-ransomware-targets-windows-virtual-machines/
Title: Re: Technical
Post by: Asyn on November 08, 2020, 08:09:38 AM
QBot Trojan delivered via malspam campaign exploiting US election uncertainties
https://blog.malwarebytes.com/cybercrime/2020/11/qbot-delivered-via-malspam-campaign-exploiting-us-election-uncertainties/
Title: Re: Technical
Post by: Asyn on November 09, 2020, 09:14:52 AM
Attackers Exploiting WebLogic Servers via CVE-2020-14882 to install Cobalt Strike
https://isc.sans.edu/diary/26752
Title: Re: Technical
Post by: Asyn on November 10, 2020, 01:58:53 PM
Gitpaste-12: a new worming botnet with reverse shell capability spreading via GitHub and Pastebin
https://blogs.juniper.net/en-us/threat-research/gitpaste-12
Title: Re: Technical
Post by: Asyn on November 11, 2020, 10:21:47 AM
The November 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/11/10/the-november-2020-security-update-review
Title: Re: Technical
Post by: Asyn on November 11, 2020, 03:11:31 PM
Ransomware Alert: Pay2Key
https://research.checkpoint.com/2020/ransomware-alert-pay2key/
Title: Re: Technical
Post by: Asyn on November 12, 2020, 09:03:10 AM
RansomEXX Trojan attacks Linux systems
https://securelist.com/ransomexx-trojan-attacks-linux-systems/99279/
Title: Re: Technical
Post by: Asyn on November 13, 2020, 07:49:57 AM
Complex obfuscation? Meh… (1/2)
https://decoded.avast.io/janrubin/complex-obfuscation-meh/
Password stealer in Delphi? Meh… (2/2)
https://decoded.avast.io/janrubin/meh-2-2/
Title: Re: Technical
Post by: Asyn on November 13, 2020, 11:09:16 AM
Discord.dll: successor to npm “fallguys” malware went undetected for 5 months
https://blog.sonatype.com/discord.dll-successor-to-npm-fallguys-
Title: Re: Technical
Post by: Asyn on November 14, 2020, 09:53:37 AM
PLATYPUS - With Great Power comes Great Leakage
https://platypusattack.com/
https://platypusattack.com/platypus.pdf
Title: Re: Technical
Post by: Asyn on November 15, 2020, 07:37:25 AM
2020 State of Encrypted Attacks
https://www.zscaler.com/resources/industry-reports/state-of-encrypted-attacks.pdf
Title: Re: Technical
Post by: Asyn on November 16, 2020, 09:17:11 AM
Vulnerability Descriptions in the New Version of the Security Update Guide
https://msrc-blog.microsoft.com/2020/11/09/vulnerability-descriptions-in-the-new-version-of-the-security-update-guide/
Title: Re: Technical
Post by: Asyn on November 17, 2020, 08:40:46 AM
Ransomware Group Turns to Facebook Ads
https://krebsonsecurity.com/2020/11/ransomware-group-turns-to-facebook-ads/
Title: Re: Technical
Post by: Asyn on November 17, 2020, 03:15:59 PM
IPAS: Security Advisories for November 2020
https://blogs.intel.com/technology/2020/11/ipas-security-advisories-for-november-2020/
Title: Re: Technical
Post by: Asyn on November 18, 2020, 09:15:54 AM
Meet Muhstik – IoT Botnet Infecting Cloud Servers
https://www.lacework.com/meet-muhstik-iot-botnet-infecting-cloud-servers/
Title: Re: Technical
Post by: Asyn on November 19, 2020, 10:10:07 AM
Hungry for data, ModPipe backdoor hits POS software used in hospitality sector
https://www.welivesecurity.com/2020/11/12/hungry-data-modpipe-backdoor-hits-pos-software-hospitality-sector/
Title: Re: Technical
Post by: Asyn on November 20, 2020, 08:44:47 AM
The CostaRicto Campaign: Cyber-Espionage Outsourced
https://blogs.blackberry.com/en/2020/11/the-costaricto-campaign-cyber-espionage-outsourced
Title: Re: Technical
Post by: Asyn on November 21, 2020, 08:51:40 AM
Ransomware-as-a-service: The pandemic within a pandemic
https://public.intel471.com/blog/ransomware-as-a-service-2020-ryuk-maze-revil-egregor-doppelpaymer/
Title: Re: Technical
Post by: Asyn on November 22, 2020, 08:04:23 AM
DNS Cache Poisoning Attack Reloaded: Revolutions with Side Channels
https://dl.acm.org/doi/pdf/10.1145/3372297.3417280
Title: Re: Technical
Post by: Asyn on November 23, 2020, 10:32:44 AM
Here Comes TroubleGrabber: Stealing Credentials Through Discord
https://www.netskope.com/blog/here-comes-troublegrabber-stealing-credentials-through-discord
Title: Re: Technical
Post by: Asyn on November 24, 2020, 08:00:27 AM
Abusive add-ons aren’t just a Chrome and Firefox problem. Now it’s Edge’s turn
https://arstechnica.com/gadgets/2020/11/fraudulent-add-ons-infiltrate-the-official-microsoft-edge-store/
Title: Re: Technical
Post by: Asyn on November 25, 2020, 08:03:45 AM
Japan-Linked Organizations Targeted in Long-Running and Sophisticated Attack Campaign
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-japan-espionage
Title: Re: Technical
Post by: Asyn on November 26, 2020, 09:17:24 AM
OK Google, Build Me a Phishing Campaign
https://www.armorblox.com/blog/ok-google-build-me-a-phishing-campaign/
Title: Re: Technical
Post by: Asyn on November 27, 2020, 08:11:51 AM
The history of cybersecurity
https://blog.avast.com/history-of-cybersecurity-avast
Title: Re: Technical
Post by: Asyn on November 28, 2020, 07:47:55 AM
Zooming into Darknet Threats Targeting Japanese Organizations
https://ke-la.com/zooming-into-darknet-threats-targeting-jp-orgs-kela/
Title: Re: Technical
Post by: Asyn on November 29, 2020, 08:11:07 AM
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
https://krebsonsecurity.com/2020/11/godaddy-employees-used-in-attacks-on-multiple-cryptocurrency-services/
Title: Re: Technical
Post by: Asyn on November 30, 2020, 11:56:08 AM
Enter WAPDropper – An Android Malware Subscribing Victims To Premium Services By Telecom Companies
https://research.checkpoint.com/2020/enter-wapdropper-subscribe-users-to-premium-services-by-telecom-companies/
Title: Re: Technical
Post by: Asyn on December 01, 2020, 08:35:11 AM
Tried and True Hacker Technique: DOS Obfuscation
https://blog.huntresslabs.com/tried-and-true-hacker-technique-dos-obfuscation-400b57cd7dd
Title: Re: Technical
Post by: Asyn on December 02, 2020, 12:18:34 PM
Apple security hampers detection of unwanted programs
https://blog.malwarebytes.com/mac/2020/11/apple-security-hampers-detection-of-unwanted-programs/
Title: Re: Technical
Post by: Asyn on December 03, 2020, 08:38:03 AM
Genesis Marketplace, a Digital Fingerprint Darknet Store
https://www.f5.com/labs/articles/threat-intelligence/genesis-marketplace--a-digital-fingerprint-darknet-store
Title: Re: Technical
Post by: Asyn on December 04, 2020, 07:38:53 AM
German users targeted with Gootkit banker or REvil ransomware
https://blog.malwarebytes.com/threat-analysis/2020/11/german-users-targeted-with-gootkit-banker-or-revil-ransomware/
Title: Re: Technical
Post by: Asyn on December 04, 2020, 05:44:54 PM
Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale
https://arxiv.org/pdf/2009.04344.pdf
Title: Re: Technical
Post by: Asyn on December 05, 2020, 08:37:30 AM
Threat actor leverages coin miner techniques to stay under the radar – here’s how to spot them
https://www.microsoft.com/security/blog/2020/11/30/threat-actor-leverages-coin-miner-techniques-to-stay-under-the-radar-heres-how-to-spot-them/
Title: Re: Technical
Post by: Asyn on December 06, 2020, 08:06:06 AM
There’s a RAT in my code: new npm malware with Bladabindi trojan spotted
https://blog.sonatype.com/bladabindi-njrat-rat-in-jdb.js-npm-malware
Title: Re: Technical
Post by: Asyn on December 07, 2020, 08:01:43 AM
DarkIRC bot exploits recent Oracle WebLogic vulnerability
https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability
Title: Re: Technical
Post by: Asyn on December 08, 2020, 08:38:50 AM
Turla Crutch: Keeping the “back door” open
https://www.welivesecurity.com/2020/12/02/turla-crutch-keeping-back-door-open/
Title: Re: Technical
Post by: Asyn on December 09, 2020, 07:22:15 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Title: Re: Technical
Post by: Asyn on December 09, 2020, 10:51:12 AM
The December 2020 Security Update Review
https://www.zerodayinitiative.com/blog/2020/12/8/the-december-2020-security-update-review
Title: Re: Technical
Post by: Asyn on December 10, 2020, 08:48:03 AM
APT Group Targeting Governmental Agencies in East Asia
https://decoded.avast.io/luigicamastra/apt-group-targeting-governmental-agencies-in-east-asia/
Title: Re: Technical
Post by: Asyn on December 10, 2020, 11:38:22 AM
IceRat evades antivirus by running PHP on Java VM
https://www.gdatasoftware.com/blog/icerat-evades-antivirus-by-using-jphp
Title: Re: Technical
Post by: Asyn on December 11, 2020, 11:01:23 AM
TrickBot Now Offers ‘TrickBoot’: Persist, Brick, Profit
https://eclypsium.com/2020/12/03/trickbot-now-offers-trickboot-persist-brick-profit/
https://eclypsium.com/wp-content/uploads/2020/12/TrickBot-Now-Offers-TrickBoot-Persist-Brick-Profit.pdf
Title: Re: Technical
Post by: Asyn on December 11, 2020, 02:35:42 PM
What did DeathStalker hide between two ferns?
https://securelist.com/what-did-deathstalker-hide-between-two-ferns/99616/
Title: Re: Technical
Post by: Asyn on December 12, 2020, 08:36:12 AM
IBM Uncovers Global Phishing Campaign Targeting the COVID-19 Vaccine Cold Chain
https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/
Title: Re: Technical
Post by: Asyn on December 13, 2020, 08:17:11 AM
AMNESIA:33 – Forescout Research Labs Finds 33 New Vulnerabilities in Open Source TCP/IP Stacks
https://www.forescout.com/company/blog/amnesia33-forescout-research-labs-finds-33-new-vulnerabilities-in-open-source-tcp-ip-stacks/
https://www.forescout.com/company/resources/amnesia33-how-tcp-ip-stacks-breed-critical-vulnerabilities-in-iot-ot-and-it-devices/
Title: Re: Technical
Post by: Asyn on December 14, 2020, 10:16:47 AM
Persistent parasite in EOL Magento 2 stores wakes at Black Friday
https://sansec.io/research/magento-2-persistent-parasite
Title: Re: Technical
Post by: Asyn on December 15, 2020, 10:00:07 AM
PLEASE_READ_ME: The Opportunistic Ransomware Devastating MySQL Servers
https://www.guardicore.com/labs/please-read-me-opportunistic-ransomware-devastating-mysql-servers/
Title: Re: Technical
Post by: bob3160 on December 15, 2020, 10:06:21 PM
Partnership Executive Interview Series - Avast and Shadowserver
https://youtu.be/RZfPTfFTeSQ (https://youtu.be/RZfPTfFTeSQ)
The cat was certainly the star of the show.
Title: Re: Technical
Post by: Asyn on December 16, 2020, 08:19:02 AM
Qakbot Upgrades to Stealthier Persistence Method
https://www.binarydefense.com/qakbot-upgrades-to-stealthier-persistence-method/
Title: Re: Technical
Post by: Asyn on December 16, 2020, 11:56:38 AM
Partnership Executive Interview Series - Avast and Shadowserver
https://youtu.be/RZfPTfFTeSQ (https://youtu.be/RZfPTfFTeSQ)
The cat was certainly the star of the show.
Thanks for sharing Bob, interesting interview.

PS: You're right about the cat..!! ;D 8)
Title: Re: Technical
Post by: bob3160 on December 16, 2020, 03:33:09 PM
Partnership Executive Interview Series - Avast and Shadowserver
https://youtu.be/RZfPTfFTeSQ (https://youtu.be/RZfPTfFTeSQ)
The cat was certainly the star of the show.
Thanks for sharing Bob, interesting interview.

PS: You're right about the cat..!! ;D 8)
Many strange things happen when using Zoom to do interviews or webinars.
I should know. I've seen some strange and sometimes not so pleasent things in the past 9 month.
Title: Re: Technical
Post by: Asyn on December 17, 2020, 08:36:46 AM
A Zebra in Gopher's Clothing: Russian APT Uses COVID-19 Lures to Deliver Zebrocy
https://www.intezer.com/blog/research/russian-apt-uses-covid-19-lures-to-deliver-zebrocy/
Title: Re: Technical
Post by: Asyn on December 17, 2020, 01:44:46 PM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Title: Re: Technical
Post by: Asyn on December 18, 2020, 09:14:12 AM
MountLocker Ransomware-as-a-Service Offers Double Extortion Capabilities to Affiliates
https://blogs.blackberry.com/en/2020/12/mountlocker-ransomware-as-a-service-offers-double-extortion-capabilities-to-affiliates
Title: Re: Technical
Post by: Asyn on December 18, 2020, 11:32:07 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Title: Re: Technical
Post by: Asyn on December 18, 2020, 05:31:00 PM
Taking Action Against Hackers in Bangladesh and Vietnam
https://about.fb.com/news/2020/12/taking-action-against-hackers-in-bangladesh-and-vietnam/
Title: Re: Technical
Post by: Asyn on December 19, 2020, 10:10:31 AM
Widespread malware campaign seeks to silently inject ads into search results, affects multiple browsers
https://www.microsoft.com/security/blog/2020/12/10/widespread-malware-campaign-seeks-to-silently-inject-ads-into-search-results-affects-multiple-browsers/
Title: Re: Technical
Post by: Asyn on December 19, 2020, 12:47:48 PM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
Title: Re: Technical
Post by: Asyn on December 20, 2020, 08:07:03 AM
MOLERATS IN THE CLOUD: New Malware Arsenal Abuses Cloud Platforms in Middle East Espionage Campaign
https://www.cybereason.com/hubfs/dam/collateral/reports/Molerats-in-the-Cloud-New-Malware-Arsenal-Abuses-Cloud-Platforms-in-Middle-East-Espionage-Campaign.pdf
Title: Re: Technical
Post by: Asyn on December 21, 2020, 10:46:18 AM
PyMICROPSIA: New Information-Stealing Trojan from AridViper
https://unit42.paloaltonetworks.com/pymicropsia/
Title: Re: Technical
Post by: Asyn on December 22, 2020, 09:43:16 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
Title: Re: Technical
Post by: Asyn on December 23, 2020, 08:08:21 AM
Pwine Award Winners 2020
https://pwnies.com/winners/
Title: Re: Technical
Post by: Asyn on December 23, 2020, 11:33:05 AM
Ransomware operators use SystemBC RAT as off-the-shelf Tor backdoor
https://news.sophos.com/en-us/2020/12/16/systembc/
Title: Re: Technical
Post by: Asyn on December 24, 2020, 09:39:18 AM
2 New RubyGems laced with cryptocurrency stealing malware taken down
https://blog.sonatype.com/rubygems-laced-with-bitcoin-stealing-malware
Title: Re: Technical
Post by: Asyn on December 25, 2020, 05:59:28 AM
Pay2Kitten – Fox Kitten 2
https://www.clearskysec.com/pay2kitten/
https://www.clearskysec.com/wp-content/uploads/2020/12/Pay2Kitten.pdf
Title: Re: Technical
Post by: Asyn on December 26, 2020, 08:26:21 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
Title: Re: Technical
Post by: Asyn on December 27, 2020, 08:42:17 AM
IBM Trusteer Exposes Massive Fraud Operation Facilitated by Evil Mobile Emulator Farms
https://securityintelligence.com/posts/massive-fraud-operation-evil-mobile-emulator-farms/
Title: Re: Technical
Post by: Asyn on December 28, 2020, 06:59:17 AM
Everything but the kitchen sink: more attacks from the Gitpaste-12 worm
https://blogs.juniper.net/en-us/threat-research/everything-but-the-kitchen-sink-more-attacks-from-the-gitpaste-12-worm
Title: Re: Technical
Post by: Asyn on December 29, 2020, 09:43:07 AM
Social Media Manipulation Report 2020
https://stratcomcoe.org/social-media-manipulation-report-2020
Title: Re: Technical
Post by: Asyn on December 30, 2020, 06:34:10 AM
Domestic IoT Nightmares: Smart Doorbells
https://research.nccgroup.com/2020/12/18/domestic-iot-nightmares-smart-doorbells/
Title: Re: Technical
Post by: Asyn on December 31, 2020, 09:33:45 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Title: Re: Technical
Post by: Asyn on January 01, 2021, 08:20:47 AM
Lazarus covets COVID-19-related intelligence
https://securelist.com/lazarus-covets-covid-19-related-intelligence/99906/
Title: Re: Technical
Post by: Asyn on January 02, 2021, 06:02:36 AM
Amazon Gift Card Offer Serves Up Dridex Banking Trojan
https://www.cybereason.com/blog/amazon-gift-card-offer-serves-up-dridex-banking-trojan
Title: Re: Technical
Post by: Asyn on January 03, 2021, 07:08:55 AM
CrowdStrike Launches Free Tool to Identify and Help Mitigate Risks in Azure Active Directory
https://www.crowdstrike.com/blog/crowdstrike-launches-free-tool-to-identify-and-help-mitigate-risks-in-azure-active-directory/
Title: Re: Technical
Post by: Asyn on January 04, 2021, 07:18:38 AM
Multi-platform skimmer hits Shopify, Bigcommerce and others
https://sansec.io/research/skimmer-dynamic-exfiltration-shopify-bigcommerce
Title: Re: Technical
Post by: Asyn on January 05, 2021, 10:53:27 AM
Early Bird Catches the Worm: New Golang Worm Drops XMRig Miner on Servers
https://www.intezer.com/blog/research/new-golang-worm-drops-xmrig-miner-on-servers/
Title: Re: Technical
Post by: Asyn on January 06, 2021, 08:16:38 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
Title: Re: Technical
Post by: Asyn on January 07, 2021, 09:47:45 AM
APT27 Turns to Ransomware
https://medium.com/proferosec-osm/apt27-turns-to-ransomware-77aaba41ef1e
https://shared-public-reports.s3-eu-west-1.amazonaws.com/APT27+turns+to+ransomware.pdf
Title: Re: Technical
Post by: Asyn on January 08, 2021, 08:37:36 AM
Operation ElectroRAT: Attacker Creates Fake Companies to Drain Your Crypto Wallets
https://www.intezer.com/blog/research/operation-ElectroRAT-attacker-creates-fake-companies-to-drain-your-crypto-wallets/
Title: Re: Technical
Post by: Asyn on January 09, 2021, 07:18:40 AM
Attacks targeting healthcare organizations spike globally as COVID-19 cases rise again
https://blog.checkpoint.com/2021/01/05/attacks-targeting-healthcare-organizations-spike-globally-as-covid-19-cases-rise-again/
Title: Re: Technical
Post by: Asyn on January 10, 2021, 07:48:46 AM
Undocumented user account in Zyxel products (CVE-2020-29583)
https://www.eyecontrol.nl/blog/undocumented-user-account-in-zyxel-products.html
Title: Re: Technical
Post by: Asyn on January 11, 2021, 11:38:50 AM
Babuk Ransomware
http://chuongdong.com/reverse%20engineering/2021/01/03/BabukRansomware/
Title: Re: Technical
Post by: Asyn on January 12, 2021, 11:24:31 AM
Malware using new Ezuri memory loader
https://cybersecurity.att.com/blogs/labs-research/malware-using-new-ezuri-memory-loader
Title: Re: Technical
Post by: Asyn on January 13, 2021, 10:16:48 AM
The January 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/1/12/the-january-2021-security-update-review
Title: Re: Technical
Post by: Asyn on January 13, 2021, 02:24:14 PM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
Sunburst backdoor – code overlaps with Kazuar
https://securelist.com/sunburst-backdoor-kazuar/99981/
Title: Re: Technical
Post by: Asyn on January 14, 2021, 08:10:14 AM
Intel adds hardware-based ransomware detection to 11th gen CPUs
https://www.bleepingcomputer.com/news/security/intel-adds-hardware-based-ransomware-detection-to-11th-gen-cpus/
https://www.intel.com/content/dam/www/public/us/en/documents/solution-briefs/vpro-platform-proactive-device-protection-against-modern-threats-solution-brief.pdf
Title: Re: Technical
Post by: Asyn on January 15, 2021, 09:06:59 AM
FADE DEAD | Adventures in Reversing Malicious Run-Only AppleScripts
https://labs.sentinelone.com/fade-dead-adventures-in-reversing-malicious-run-only-applescripts/
Title: Re: Technical
Post by: Asyn on January 16, 2021, 09:51:32 AM
DarkSide ransomware decryptor recovers victims' files for free
https://www.bleepingcomputer.com/news/security/darkside-ransomware-decryptor-recovers-victims-files-for-free/
https://labs.bitdefender.com/2021/01/darkside-ransomware-decryption-tool/
Title: Re: Technical
Post by: Asyn on January 17, 2021, 09:52:44 AM
Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API
https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/
Title: Re: Technical
Post by: bob3160 on January 17, 2021, 04:13:55 PM
Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API
https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/ (https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/)
Maybe we need to teach this to the customers that are having problems getting past the Avast captcha? :)

Title: Re: Technical
Post by: Asyn on January 18, 2021, 05:50:50 AM
Breaking the Google Audio reCAPTCHA with Google's own Speech to Text API
https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/ (https://incolumitas.com/2021/01/02/breaking-audio-recaptcha-with-googles-own-speech-to-text-api/)
Maybe we need to teach this to the customers that are having problems getting past the Avast captcha? :)
;D 8)
Title: Re: Technical
Post by: Asyn on January 18, 2021, 08:27:20 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
Sunburst backdoor – code overlaps with Kazuar
https://securelist.com/sunburst-backdoor-kazuar/99981/
SUNSPOT: An Implant in the Build Process
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
Title: Re: Technical
Post by: Asyn on January 19, 2021, 08:27:28 AM
December 2020 Coordinated Inauthentic Behavior Report
https://about.fb.com/news/2021/01/december-2020-coordinated-inauthentic-behavior-report/
Title: Re: Technical
Post by: bob3160 on January 19, 2021, 01:34:18 PM
December 2020 Coordinated Inauthentic Behavior Report
https://about.fb.com/news/2021/01/december-2020-coordinated-inauthentic-behavior-report/ (https://about.fb.com/news/2021/01/december-2020-coordinated-inauthentic-behavior-report/)
For a minute, I thought this was going to be about politics.  ;D
Title: Re: Technical
Post by: bob3160 on January 19, 2021, 02:15:24 PM

Avast Hacker Archives Episode 1: Joe FitzPatrick
https://blog.avast.com/avast-hacker-archives-episode-1-joe-fitzpatrick-avast
Title: Re: Technical
Post by: Asyn on January 20, 2021, 08:22:45 AM
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/
Title: Re: Technical
Post by: bob3160 on January 20, 2021, 02:58:22 PM
Malwarebytes targeted by Nation State Actor implicated in SolarWinds breach. Evidence suggests abuse of privileged access to Microsoft Office 365 and Azure environments
https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/ (https://blog.malwarebytes.com/malwarebytes-news/2021/01/malwarebytes-targeted-by-nation-state-actor-implicated-in-solarwinds-breach-evidence-suggests-abuse-of-privileged-access-to-microsoft-office-365-and-azure-environments/)
According to Malwarebytes, "Our software remains safe to use."
Title: Re: Technical
Post by: Asyn on January 21, 2021, 10:01:34 AM
Introducing the In-the-Wild Series
https://googleprojectzero.blogspot.com/2021/01/introducing-in-wild-series.html
Title: Re: Technical
Post by: Asyn on January 22, 2021, 08:15:24 AM
Classiscam expands to Europe: Russian-speaking scammers lure Europeans to pages mimicking classifieds
https://www.group-ib.com/media/classiscam-in-europe/
Title: Re: Technical
Post by: Asyn on January 23, 2021, 10:33:23 AM
FreakOut – Leveraging Newest Vulnerabilities for creating a Botnet
https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/
Title: Re: Technical
Post by: Asyn on January 24, 2021, 07:55:30 AM
The State of State Machines
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html
Title: Re: Technical
Post by: bob3160 on January 24, 2021, 03:06:31 PM
The State of State Machines
https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html (https://googleprojectzero.blogspot.com/2021/01/the-state-of-state-machines.html)
All the discovered vulnerabilities have been fixed but this attack platforms needs constant scrutiny.
Title: Re: Technical
Post by: Asyn on January 25, 2021, 10:16:36 AM
Unauthorized Access of FireEye Red Team Tools
https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html
https://github.com/fireeye/red_team_tool_countermeasures
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor
https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’
https://krebsonsecurity.com/2020/12/malicious-domain-in-solarwinds-hack-turned-into-killswitch/
Dark Halo Leverages SolarWinds Compromise to Breach Organizations
https://www.volexity.com/blog/2020/12/14/dark-halo-leverages-solarwinds-compromise-to-breach-organizations/
SUPERNOVA SolarWinds .NET Webshell Analysis
https://www.guidepointsecurity.com/supernova-solarwinds-net-webshell-analysis/
https://unit42.paloaltonetworks.com/solarstorm-supernova/
A moment of reckoning: the need for a strong and global cybersecurity response
https://blogs.microsoft.com/on-the-issues/2020/12/17/cyberattacks-cybersecurity-solarwinds-fireeye/
The SolarWinds Orion SUNBURST supply-chain Attack
https://blog.truesec.com/2020/12/17/the-solarwinds-orion-sunburst-supply-chain-attack/
Microsoft Internal Solorigate Investigation Update
https://msrc-blog.microsoft.com/2020/12/31/microsoft-internal-solorigate-investigation-update/
Sunburst backdoor – code overlaps with Kazuar
https://securelist.com/sunburst-backdoor-kazuar/99981/
SUNSPOT: An Implant in the Build Process
https://www.crowdstrike.com/blog/sunspot-malware-technical-analysis/
Raindrop: New Malware Discovered in SolarWinds Investigation
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/solarwinds-raindrop-malware
Title: Re: Technical
Post by: Asyn on January 26, 2021, 09:11:57 AM
DNSpooq: Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq
https://www.jsof-tech.com/disclosures/dnspooq/
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq-Technical-WP.pdf
Title: Re: Technical
Post by: Asyn on January 27, 2021, 07:54:16 AM
CVE-2020-9971 Abusing XPC Service mechanism to elevate privilege in macOS/iOS
https://xlab.tencent.com/en/2021/01/11/cve-2020-9971-abusing-xpc-service-to-elevate-privilege/
Title: Re: Technical
Post by: Asyn on January 27, 2021, 03:07:38 PM
World’s most dangerous malware EMOTET disrupted through global action
https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action
https://www.politie.nl/themas/controleer-of-mijn-inloggegevens-zijn-gestolen.html#english
Title: Re: Technical
Post by: Asyn on January 28, 2021, 08:59:57 AM
DNSpooq: Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq
https://www.jsof-tech.com/disclosures/dnspooq/
https://www.jsof-tech.com/wp-content/uploads/2021/01/DNSpooq-Technical-WP.pdf
List of DNSpooq vulnerability advisories, patches, and updates
https://www.bleepingcomputer.com/news/security/list-of-dnspooq-vulnerability-advisories-patches-and-updates/
Title: Re: Technical
Post by: Asyn on January 29, 2021, 09:10:56 AM
Deep dive into the Solorigate second-stage activation: From SUNBURST to TEARDROP and Raindrop
https://www.microsoft.com/security/blog/2021/01/20/deep-dive-into-the-solorigate-second-stage-activation-from-sunburst-to-teardrop-and-raindrop/
Title: Re: Technical
Post by: Asyn on January 30, 2021, 07:59:55 AM
Cyber Criminals Leave Stolen Phishing Credentials in Plain Sight
https://blog.checkpoint.com/2021/01/21/cyber-criminals-leave-stolen-phishing-credentials-in-plain-sight/
Title: Re: Technical
Post by: Asyn on January 31, 2021, 07:40:21 AM
New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
Title: Re: Technical
Post by: Asyn on February 01, 2021, 09:03:19 AM
TeamTNT delivers malware with new detection evasion tool
https://cybersecurity.att.com/blogs/labs-research/teamtnt-delivers-malware-with-new-detection-evasion-tool
Title: Re: Technical
Post by: Asyn on February 02, 2021, 09:27:10 AM
New campaign targeting security researchers
https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/
ZINC attacks against security researchers
https://www.microsoft.com/security/blog/2021/01/28/zinc-attacks-against-security-researchers/
Title: Re: Technical
Post by: Asyn on February 02, 2021, 01:42:51 PM
Avast Hacker Archives Episode 2: Katie Moussouris
https://blog.avast.com/avast-hacker-archives-episode-2-katie-moussouris-avast
Title: Re: Technical
Post by: bob3160 on February 02, 2021, 04:48:48 PM
Avast Hacker Archives Episode 2: Katie Moussouris
https://blog.avast.com/avast-hacker-archives-episode-2-katie-moussouris-avast (https://blog.avast.com/avast-hacker-archives-episode-2-katie-moussouris-avast)
An excellent way to spend 40 minutes. :)
Title: Re: Technical
Post by: Asyn on February 03, 2021, 08:31:20 AM
‘Lebanese Cedar’ APT
https://www.clearskysec.com/cedar/
https://www.clearskysec.com/wp-content/uploads/2021/01/Lebanese-Cedar-APT.pdf
Title: Re: Technical
Post by: Asyn on February 04, 2021, 09:57:26 AM
New Fonix ransomware decryptor can recover victim's files for free
https://www.bleepingcomputer.com/news/security/new-fonix-ransomware-decryptor-can-recover-victims-files-for-free/
Title: Re: Technical
Post by: Asyn on February 04, 2021, 12:06:14 PM
Backdoored Browser Extensions Hid Malicious Traffic in Analytics Requests
https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/
Title: Re: Technical
Post by: Asyn on February 05, 2021, 01:07:31 PM
World’s most dangerous malware EMOTET disrupted through global action
https://www.europol.europa.eu/newsroom/news/world%E2%80%99s-most-dangerous-malware-emotet-disrupted-through-global-action
https://www.politie.nl/themas/controleer-of-mijn-inloggegevens-zijn-gestolen.html#english
Cleaning up after Emotet: the law enforcement file
https://blog.malwarebytes.com/threat-analysis/2021/01/cleaning-up-after-emotet-the-law-enforcement-file/
Title: Re: Technical
Post by: Asyn on February 06, 2021, 09:02:35 AM
Vovalex is likely the first ransomware written in D
https://www.bleepingcomputer.com/news/security/vovalex-is-likely-the-first-ransomware-written-in-d/
Title: Re: Technical
Post by: Asyn on February 07, 2021, 09:46:14 AM
Pro-Ocean: Rocke Group’s New Cryptojacking Malware
https://unit42.paloaltonetworks.com/pro-ocean-rocke-groups-new-cryptojacking-malware/
Title: Re: Technical
Post by: Asyn on February 08, 2021, 06:45:58 AM
Operation NightScout: Supply‑chain attack targets online gaming in Asia
https://www.welivesecurity.com/2021/02/01/operation-nightscout-supply-chain-attack-online-gaming-asia/
Title: Re: Technical
Post by: Asyn on February 08, 2021, 01:01:06 PM
Understanding the circle of digital certificate trust
https://blog.avast.com/understanding-digital-certificates-avast
https://www.zdnet.com/article/google-bans-another-misbehaving-ca-from-chrome/
Title: Re: Technical
Post by: Asyn on February 09, 2021, 08:10:48 AM
Emsisoft releases new decryptor for Ziggy ransomware
https://blog.emsisoft.com/en/37722/emsisoft-releases-new-decryptor-for-ziggy-ransomware/
https://www.emsisoft.com/ransomware-decryption-tools/ziggy
Title: Re: Technical
Post by: Asyn on February 09, 2021, 09:07:37 AM
Avast joins the Coalition Against Stalkerware
https://blog.avast.com/coalition-against-stalkerware-avast
https://stopstalkerware.org/
Title: Re: Technical
Post by: Asyn on February 10, 2021, 12:37:54 PM
Barcode Scanner app on Google Play infects 10 million users with one update
https://blog.malwarebytes.com/android/2021/02/barcode-scanner-app-on-google-play-infects-10-million-users-with-one-update/
Title: Re: Technical
Post by: Asyn on February 10, 2021, 01:05:52 PM
The February 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/2/9/the-february-2022-security-update-review
Title: Re: Technical
Post by: Asyn on February 11, 2021, 08:19:44 AM
Trickbot masrv Module
https://www.kryptoslogic.com/blog/2021/02/trickbot-masrv-module/
Title: Re: Technical
Post by: Asyn on February 11, 2021, 03:07:22 PM
Kobalos – A complex Linux threat to high performance computing infrastructure
https://www.welivesecurity.com/2021/02/02/kobalos-complex-linux-threat-high-performance-computing-infrastructure/
Title: Re: Technical
Post by: Asyn on February 11, 2021, 06:51:02 PM
CVE-2021-3156: Heap-Based Buffer Overflow in Sudo (Baron Samedit)
https://blog.qualys.com/vulnerabilities-research/2021/01/26/cve-2021-3156-heap-based-buffer-overflow-in-sudo-baron-samedit
Title: Re: Technical
Post by: Asyn on February 12, 2021, 09:34:29 AM
Full System Control with New SolarWinds Orion-based and Serv-U FTP Vulnerabilities
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/full-system-control-with-new-solarwinds-orion-based-and-serv-u-ftp-vulnerabilities/
Title: Re: Technical
Post by: Asyn on February 12, 2021, 12:55:02 PM
Ransomware Payments Fall as Fewer Companies Pay Data Exfiltration Extortion Demands
https://www.coveware.com/blog/ransomware-marketplace-report-q4-2020
Title: Re: Technical
Post by: Asyn on February 13, 2021, 09:26:22 AM
Abusing Google Chrome extension syncing for data exfiltration and C&C
https://isc.sans.edu/forums/diary/Abusing+Google+Chrome+extension+syncing+for+data+exfiltration+and+CC/27066/
Title: Re: Technical
Post by: Asyn on February 13, 2021, 07:53:44 PM
Dependency Confusion: How I Hacked Into Apple, Microsoft and Dozens of Other Companies
https://medium.com/@alex.birsan/dependency-confusion-4a5d60fec610
https://azure.microsoft.com/mediahandler/files/resourcefiles/3-ways-to-mitigate-risk-using-private-package-feeds/3%20Ways%20to%20Mitigate%20Risk%20When%20Using%20Private%20Package%20Feeds%20-%20v1.0.pdf
Title: Re: Technical
Post by: Asyn on February 14, 2021, 10:20:00 AM
New phishing attack uses Morse code to hide malicious URLs
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Title: Re: Technical
Post by: Asyn on February 15, 2021, 09:28:51 AM
Launching OSV - Better vulnerability triage for open source
https://opensource.googleblog.com/2021/02/launching-osv-better-vulnerability.html
Title: Re: Technical
Post by: Asyn on February 16, 2021, 09:36:07 AM
SolarWinds: How Russian spies hacked the Justice, State, Treasury, Energy and Commerce Departments
https://www.cbsnews.com/news/solarwinds-hack-russia-cyberattack-60-minutes-2021-02-14/
Title: Re: Technical
Post by: Asyn on February 17, 2021, 09:35:03 AM
BendyBear: Novel Chinese Shellcode Linked With Cyber Espionage Group BlackTech
https://unit42.paloaltonetworks.com/bendybear-shellcode-blacktech/
Title: Re: Technical
Post by: bob3160 on February 17, 2021, 01:20:27 PM
Here's part three of this fascinating series.

Avast Hacker Archives Episode 3: Chris Roberts
https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast (https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast)
Title: Re: Technical
Post by: DavidR on February 17, 2021, 05:17:22 PM
Here's part three of this fascinating series.

Avast Hacker Archives Episode 3: Chris Roberts
https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074

Bob your link is messed up, this just throws you into a Post window loop for THIS topic..
Title: Re: Technical
Post by: bob3160 on February 17, 2021, 06:19:32 PM
Here's part three of this fascinating series.

Avast Hacker Archives Episode 3: Chris Roberts
https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074 (https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074)

Bob your link is messed up, this just throws you into a Post window loop for THIS topic..
Appologies, I've corrected the post to reflect the correct link which is,
https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast
Title: Re: Technical
Post by: DavidR on February 17, 2021, 06:23:16 PM
Here's part three of this fascinating series.

Avast Hacker Archives Episode 3: Chris Roberts
https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074 (https://forum.avast.com/index.php?action=post;topic=66267.3300;last_msg=1585074)

Bob your link is messed up, this just throws you into a Post window loop for THIS topic..
Appologies, I've corrected the post to reflect the correct link which is,
https://blog.avast.com/avast-hacker-archives-episode-3-chris-roberts-avast

No problem, working fine now.
Title: Re: Technical
Post by: Asyn on February 18, 2021, 09:05:13 AM
NUMBER:JACK – Forescout Research Labs Finds Nine ISN Generation Vulnerabilities Affecting TCP/IP Stacks
https://www.forescout.com/company/blog/numberjack-forescout-research-labs-finds-nine-isn-generation-vulnerabilities-affecting-tcpip-stacks/
https://www.forescout.com/company/resources/numberjack-weak-isn-generation-in-embedded-tcpip-stacks/
Title: Re: Technical
Post by: Asyn on February 18, 2021, 05:30:22 PM
CVE-2021-24092: 12 Years in Hiding – A Privilege Escalation Vulnerability in Windows Defender
https://labs.sentinelone.com/cve-2021-24092-12-years-in-hiding-a-privilege-escalation-vulnerability-in-windows-defender/
Title: Re: Technical
Post by: Asyn on February 19, 2021, 09:40:51 AM
TrickBot's BazarBackdoor malware is now coded in Nim to evade antivirus
https://www.bleepingcomputer.com/news/security/trickbots-bazarbackdoor-malware-is-now-coded-in-nim-to-evade-antivirus/
Title: Re: Technical
Post by: Asyn on February 20, 2021, 09:41:32 AM
Web shell attacks continue to rise
https://www.microsoft.com/security/blog/2021/02/11/web-shell-attacks-continue-to-rise/
Title: Re: Technical
Post by: Asyn on February 21, 2021, 08:36:42 AM
Lookout Discovers Novel Confucius APT Android Spyware Linked to India-Pakistan Conflict
https://blog.lookout.com/lookout-discovers-novel-confucius-apt-android-spyware-linked-to-india-pakistan-conflict
Title: Re: Technical
Post by: Asyn on February 22, 2021, 07:48:07 AM
The Long Hack: How China Exploited a U.S. Tech Supplier
https://www.bloomberg.com/features/2021-supermicro/
Title: Re: Technical
Post by: Asyn on February 23, 2021, 08:25:11 AM
SHAREit Flaw Could Lead to Remote Code Execution
https://www.trendmicro.com/en_us/research/21/b/shareit-flaw-could-lead-to-remote-code-execution.html
Title: Re: Technical
Post by: Asyn on February 23, 2021, 08:35:24 AM
MassLogger v3: a .NET stealer with serious obfuscation
https://decoded.avast.io/anhho/masslogger-v3-a-net-stealer-with-serious-obfuscation/
Title: Re: Technical
Post by: Asyn on February 23, 2021, 04:07:10 PM
When cybercrime went from fun to financially driven
https://blog.avast.com/fun-to-financially-driven-cybercrime-avast
Title: Re: Technical
Post by: Asyn on February 24, 2021, 08:32:51 AM
Malvertiser “ScamClub” Bypasses Iframe Sandboxing With postMessage() Shenanigans [CVE-2021–1801]
https://blog.confiant.com/malvertiser-scamclub-bypasses-iframe-sandboxing-with-postmessage-shenanigans-cve-2021-1801-1c998378bfba
Title: Re: Technical
Post by: Asyn on February 24, 2021, 10:49:31 AM
Microsoft Internal Solorigate Investigation – Final Update
https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/
https://www.microsoft.com/security/blog/2021/01/19/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate/
Title: Re: Technical
Post by: bob3160 on February 24, 2021, 01:56:21 PM
Microsoft Internal Solorigate Investigation – Final Update
https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/ (https://msrc-blog.microsoft.com/2021/02/18/microsoft-internal-solorigate-investigation-final-update/)
https://www.microsoft.com/security/blog/2021/01/19/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate/ (https://www.microsoft.com/security/blog/2021/01/19/using-zero-trust-principles-to-protect-against-sophisticated-attacks-like-solorigate/)
Pretty sad to think we've come to a state where you trust no one.  :'(
Title: Re: Technical
Post by: Asyn on February 25, 2021, 08:01:20 AM
Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
https://www.fireeye.com/blog/threat-research/2021/02/accellion-fta-exploited-for-data-theft-and-extortion.html
https://us-cert.cisa.gov/ncas/analysis-reports/ar21-055a
Title: Re: Technical
Post by: Asyn on February 26, 2021, 07:31:33 AM
‘Millions of people’s data is at risk’ — Amazon insiders sound alarm over security
https://www.politico.eu/article/data-at-risk-amazon-security-threat/
Title: Re: Technical
Post by: Asyn on February 26, 2021, 10:16:48 AM
Arm'd & Dangerous - malicious code, now native on apple silicon
https://objective-see.com/blog/blog_0x62.html
Title: Re: Technical
Post by: Asyn on February 27, 2021, 08:18:06 AM
'Spy pixels in emails have become endemic'
https://www.bbc.com/news/technology-56071437
Title: Re: Technical
Post by: Asyn on February 28, 2021, 09:16:06 AM
Alert (AA21-048A) - AppleJeus: Analysis of North Korea’s Cryptocurrency Malware
https://us-cert.cisa.gov/ncas/alerts/aa21-048a
Title: Re: Technical
Post by: Asyn on February 28, 2021, 04:28:01 PM
Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack
https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/
Title: Re: Technical
Post by: bob3160 on February 28, 2021, 04:33:27 PM
Windows kernel zero-day exploit (CVE-2021-1732) is used by BITTER APT in targeted attack
https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/ (https://ti.dbappsecurity.com.cn/blog/index.php/2021/02/10/windows-kernel-zero-day-exploit-is-used-by-bitter-apt-in-targeted-attack/)
Since I neither use IE or Adobe Reader I guess this isn't something for me to worry about.
"This zero-day is a new vulnerability which caused by win32k callback, it could be used to escape the sandbox of Microsoft IE browser
or Adobe Reader on the lasted Windows 10 version."


Title: Re: Technical
Post by: Asyn on March 01, 2021, 08:29:58 AM
New Phishing Attack Identified: Malformed URL Prefixes
https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/
Title: Re: Technical
Post by: Asyn on March 01, 2021, 12:58:47 PM
Clipping Silver Sparrow’s wings: Outing macOS malware before it takes flight
https://redcanary.com/blog/clipping-silver-sparrows-wings/
Title: Re: Technical
Post by: Asyn on March 02, 2021, 09:33:27 AM
The Story of Jian – How APT31 Stole and Used an Unknown Equation Group 0-Day
https://research.checkpoint.com/2021/the-story-of-jian/
Title: Re: Technical
Post by: Asyn on March 02, 2021, 01:12:44 PM
Is Your Browser Extension a Botnet Backdoor?
https://krebsonsecurity.com/2021/03/is-your-browser-extension-a-botnet-backdoor/
Title: Re: Technical
Post by: Asyn on March 03, 2021, 09:36:10 AM
Vietnamese Activists Targeted by Notorious Hacking Group
https://www.amnestyusa.org/reports/vietnamese-activists-targeted-by-notorious-hacking-group/
https://www.amnestyusa.org/wp-content/uploads/2021/02/Click-and-Bait_Vietnamese-Human-Rights-Defenders-Targeted-with-Spyware-Attacks.pdf
Title: Re: Technical
Post by: Asyn on March 03, 2021, 01:34:15 PM
Securing a shifting landscape: Corporate perceptions of nation-state cyber-threats
https://cybertechaccord.org/uploads/prod/2021/02/eiu-cybersecurity-tech-accord-report.pdf
Title: Re: Technical
Post by: Asyn on March 04, 2021, 09:08:28 AM
What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses
https://www.theregister.com/2021/02/24/dns_cname_tracking/
https://arxiv.org/pdf/2102.09301.pdf
Title: Re: Technical
Post by: Asyn on March 05, 2021, 10:28:30 AM
LazyScripter: From Empire to double RAT
https://resources.malwarebytes.com/files/2021/02/LazyScripter.pdf
Title: Re: Technical
Post by: Asyn on March 05, 2021, 01:57:36 PM
Microsoft open sources CodeQL queries used to hunt for Solorigate activity
https://www.microsoft.com/security/blog/2021/02/25/microsoft-open-sources-codeql-queries-used-to-hunt-for-solorigate-activity/
Title: Re: Technical
Post by: Asyn on March 06, 2021, 11:49:31 AM
Lazarus targets defense industry with ThreatNeedle
https://ics-cert.kaspersky.com/reports/2021/02/25/lazarus-targets-defense-industry-with-threatneedle/
https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Lazarus-targets-defense-industry-with-Threatneedle-En.pdf
Title: Re: Technical
Post by: Asyn on March 06, 2021, 01:31:19 PM
Ryuk Ransomware
https://www.cert.ssi.gouv.fr/uploads/CERTFR-2021-CTI-006.pdf
Title: Re: Technical
Post by: Asyn on March 06, 2021, 03:19:51 PM
What are these suspicious Google GVT1.com URLs?
https://www.bleepingcomputer.com/news/security/what-are-these-suspicious-google-gvt1com-urls/
Title: Re: Technical
Post by: Asyn on March 07, 2021, 08:07:59 AM
TA413 Leverages New FriarFox Browser Extension to Target the Gmail Accounts of Global Tibetan Organizations
https://www.proofpoint.com/us/blog/threat-insight/ta413-leverages-new-friarfox-browser-extension-target-gmail-accounts-global
Title: Re: Technical
Post by: Asyn on March 08, 2021, 07:22:50 AM
Newly Identified Dependency Confusion Packages Target Amazon, Zillow, and Slack; Go Beyond Just Bug Bounties
https://blog.sonatype.com/malicious-dependency-confusion-copycats-exfiltrate-bash-history-and-etc-shadow-files
Title: Re: Technical
Post by: Asyn on March 08, 2021, 10:27:03 AM
“Gootloader” expands its payload delivery options
https://news.sophos.com/en-us/2021/03/01/gootloader-expands-its-payload-delivery-options/
Title: Re: Technical
Post by: Asyn on March 11, 2021, 01:50:46 PM
HAFNIUM targeting Exchange Servers with 0-day exploits
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Title: Re: Technical
Post by: Asyn on March 11, 2021, 01:52:57 PM
The March 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/3/9/the-march-2021-security-update-review
Title: Re: Technical
Post by: Asyn on March 11, 2021, 04:30:10 PM
16Shop Targets Cash App with Latest Phishing Kit
https://www.zerofox.com/blog/16shop-cash-app-phishing-kit/
Title: Re: Technical
Post by: Asyn on March 12, 2021, 09:54:20 AM
Cybercriminals Adapt to Bypass 3D Secure
https://geminiadvisory.io/cybercriminals-bypass-3ds/
Title: Re: Technical
Post by: Asyn on March 12, 2021, 04:24:44 PM
What's CNAME of your game? This DNS-based tracking defies your browser privacy defenses
https://www.theregister.com/2021/02/24/dns_cname_tracking/
https://arxiv.org/pdf/2102.09301.pdf
Large-scale Analysis of DNS-based Tracking Evasion - broad data leaks included?
https://blog.lukaszolejnik.com/large-scale-analysis-of-dns-based-tracking-evasion-broad-data-leaks-included/
Title: Re: Technical
Post by: Asyn on March 13, 2021, 10:19:49 AM
GoldMax, GoldFinder, and Sibot: Analyzing NOBELIUM’s layered persistence
https://www.microsoft.com/security/blog/2021/03/04/goldmax-goldfinder-sibot-analyzing-nobelium-malware/
Title: Re: Technical
Post by: Asyn on March 13, 2021, 02:39:45 PM
A Basic Timeline of the Exchange Mass-Hack
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
Title: Re: Technical
Post by: Asyn on March 14, 2021, 08:04:16 AM
New SUNSHUTTLE Second-Stage Backdoor Uncovered Targeting U.S.-Based Entity; Possible Connection to UNC2452
https://www.fireeye.com/blog/threat-research/2021/03/sunshuttle-second-stage-backdoor-targeting-us-based-entity.html
Title: Re: Technical
Post by: Asyn on March 15, 2021, 06:47:42 AM
Bitsquatting Windows.com
https://remyhax.xyz/posts/bitsquatting-windows/
Title: Re: Technical
Post by: Asyn on March 16, 2021, 07:28:47 AM
The Compact Campaign
https://www.wmcglobal.com/blog/the-compact-campaign
Title: Re: Technical
Post by: Asyn on March 16, 2021, 11:09:05 AM
Ransomware is a multi-billion industry and it keeps growing
https://www.bleepingcomputer.com/news/security/ransomware-is-a-multi-billion-industry-and-it-keeps-growing/
Title: Re: Technical
Post by: Asyn on March 17, 2021, 07:33:01 AM
Magento 2 PHP Credit Card Skimmer Saves to JPG
https://blog.sucuri.net/2021/03/magento-2-php-credit-card-skimmer-saves-to-jpg.html
Title: Re: Technical
Post by: Asyn on March 17, 2021, 07:34:26 AM
A Basic Timeline of the Exchange Mass-Hack
https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/
The Microsoft Exchange hacks: How they started and where we are
https://www.bleepingcomputer.com/news/security/the-microsoft-exchange-hacks-how-they-started-and-where-we-are/
Title: Re: Technical
Post by: Asyn on March 18, 2021, 08:07:22 AM
SUPERNOVA Web Shell Deployment Linked to SPIRAL Threat Group
https://www.secureworks.com/blog/supernova-web-shell-deployment-linked-to-spiral-threat-group
Title: Re: Technical
Post by: Asyn on March 18, 2021, 08:08:04 AM
Hidden menace: Peeling back the secrets of OnionCrypter
https://decoded.avast.io/jakubkaloc/onion-crypter/
Title: Re: Technical
Post by: Asyn on March 19, 2021, 06:12:05 AM
Video: Avast Hacker Archives Episode 4: Troy Hunt
https://blog.avast.com/avast-hacker-archives-episode-4-troy-hunt-avast
Title: Re: Technical
Post by: Asyn on March 19, 2021, 11:42:48 AM
Cybereason Exposes Campaign Targeting US Taxpayers with NetWire and Remcos Malware
https://www.cybereason.com/blog/cybereason-exposes-malware-targeting-us-taxpayers
Title: Re: Technical
Post by: Asyn on March 20, 2021, 09:24:57 AM
Azure LoLBins: Protecting against the dual use of virtual machine extensions
https://www.microsoft.com/security/blog/2021/03/09/azure-lolbins-protecting-against-the-dual-use-of-virtual-machine-extensions/
Title: Re: Technical
Post by: Asyn on March 21, 2021, 06:57:38 AM
A Spectre proof-of-concept for a Spectre-proof web
https://security.googleblog.com/2021/03/a-spectre-proof-of-concept-for-spectre.html
Title: Re: Technical
Post by: Asyn on March 21, 2021, 05:08:15 PM
New Linux Backdoor RedXOR Likely Operated by Chinese Nation-State Actor
https://www.intezer.com/blog/malware-analysis/new-linux-backdoor-redxor-likely-operated-by-chinese-nation-state-actor/
Title: Re: Technical
Post by: Asyn on March 22, 2021, 08:10:12 AM
New Mirai Variant Targeting Network Security Devices
https://unit42.paloaltonetworks.com/mirai-variant-iot-vulnerabilities/
Title: Re: Technical
Post by: Asyn on March 22, 2021, 03:14:21 PM
New Old Bugs in the Linux Kernel
https://blog.grimm-co.com/2021/03/new-old-bugs-in-linux-kernel.html
Title: Re: Technical
Post by: Asyn on March 23, 2021, 08:37:51 AM
Now You See It, Now You Don’t: CopperStealer Performs Widespread Theft
https://www.proofpoint.com/us/blog/threat-insight/now-you-see-it-now-you-dont-copperstealer-performs-widespread-theft
Title: Re: Technical
Post by: Asyn on March 24, 2021, 06:18:20 AM
Alert (AA21-077A) - Detecting Post-Compromise Threat Activity Using the CHIRP IOC Detection Tool
https://us-cert.cisa.gov/ncas/alerts/aa21-077a
Title: Re: Technical
Post by: Asyn on March 25, 2021, 08:08:44 AM
New macOS malware XcodeSpy Targets Xcode Developers with EggShell Backdoor
https://labs.sentinelone.com/new-macos-malware-xcodespy-targets-xcode-developers-with-eggshell-backdoor/
Title: Re: Technical
Post by: Asyn on March 27, 2021, 09:19:46 AM
The rise of ransomware as a service
https://blog.avast.com/ransomware-as-a-service-avast
Title: Re: Technical
Post by: Asyn on March 27, 2021, 11:56:32 AM
In-the-Wild Series: October 2020 0-day discovery
https://googleprojectzero.blogspot.com/2021/03/in-wild-series-october-2020-0-day.html
Title: Re: Technical
Post by: Asyn on March 29, 2021, 11:24:07 AM
Purple Fox Rootkit Now Propagates as a Worm
https://www.guardicore.com/labs/purple-fox-rootkit-now-propagates-as-a-worm/
Title: Re: Technical
Post by: Asyn on March 30, 2021, 09:31:44 AM
New Advanced Android Malware Posing as “System Update”
https://blog.zimperium.com/new-advanced-android-malware-posing-as-system-update/
Title: Re: Technical
Post by: Asyn on March 31, 2021, 07:49:01 AM
Universal “netmask” npm package, used by 270,000+ projects, vulnerable to octal input data: server-side request forgery, remote file inclusion, local file inclusion, and more (CVE-2021-28918)
https://sick.codes/universal-netmask-npm-package-used-by-270000-projects-vulnerable-to-octal-input-data-server-side-request-forgery-remote-file-inclusion-local-file-inclusion-and-more-cve-2021-28918/
Title: Re: Technical
Post by: Asyn on April 01, 2021, 09:42:12 AM
BazarCall malware uses malicious call centers to infect victims
https://www.bleepingcomputer.com/news/security/bazarcall-malware-uses-malicious-call-centers-to-infect-victims/
Title: Re: Technical
Post by: Asyn on April 02, 2021, 10:25:34 AM
20 Million Miners: Finding Malicious Cryptojacking Images in Docker Hub
https://unit42.paloaltonetworks.com/malicious-cryptojacking-images/
Title: Re: Technical
Post by: Asyn on April 03, 2021, 09:56:54 AM
Android sends 20x more data to Google than iOS sends to Apple, study says
https://arstechnica.com/gadgets/2021/03/android-sends-20x-more-data-to-google-than-ios-sends-to-apple-study-says/
https://www.scss.tcd.ie/doug.leith/apple_google.pdf
Title: Re: Technical
Post by: Asyn on April 04, 2021, 07:42:25 AM
Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools
https://blog.talosintelligence.com/2021/03/cheating-cheater-how-adversaries-are.html
Title: Re: Technical
Post by: Asyn on April 05, 2021, 08:37:06 AM
Fake jQuery files infect WordPress sites with malware
https://www.bleepingcomputer.com/news/security/fake-jquery-files-infect-wordpress-sites-with-malware/
Title: Re: Technical
Post by: Asyn on April 06, 2021, 07:11:14 AM
I Now Own the Coinhive Domain. Here's How I'm Fighting Cryptojacking and Doing Good Things with Content Security Policies.
https://www.troyhunt.com/i-now-own-the-coinhive-domain-heres-how-im-fighting-cryptojacking-and-doing-good-things-with-content-security-policies/
Title: Re: Technical
Post by: Asyn on April 07, 2021, 10:51:27 AM
GitHub investigating crypto-mining campaign abusing its server infrastructure
https://therecord.media/github-investigating-crypto-mining-campaign-abusing-its-server-infrastructure/
Title: Re: Technical
Post by: Asyn on April 08, 2021, 08:21:54 AM
EtterSilent: the underground’s new favorite maldoc builder
https://intel471.com/blog/ettersilent-maldoc-builder-macro-trickbot-qbot/
Title: Re: Technical
Post by: Asyn on April 10, 2021, 09:32:39 AM
Vulnerability in FortiGate VPN servers is exploited in Cring ransomware attacks
https://ics-cert.kaspersky.com/reports/2021/04/07/vulnerability-in-fortigate-vpn-servers-is-exploited-in-cring-ransomware-attacks/
Title: Re: Technical
Post by: Asyn on April 11, 2021, 07:43:37 AM
Investigating a unique “form” of email delivery for IcedID malware
https://www.microsoft.com/security/blog/2021/04/09/investigating-a-unique-form-of-email-delivery-for-icedid-malware/
Title: Re: Technical
Post by: Asyn on April 12, 2021, 06:41:46 AM
Using Aviary to Analyze Post-Compromise Threat Activity in M365 Environments
https://us-cert.cisa.gov/ncas/current-activity/2021/04/08/using-aviary-to-analyze-post-compromise-threat-activity
Title: Re: Technical
Post by: Asyn on April 13, 2021, 09:38:34 AM
What goes around comes around: hackers leak other hackers’ data online
https://www.group-ib.com/media/swarmshop-breach/
Title: Re: Technical
Post by: Asyn on April 14, 2021, 07:47:48 AM
The April 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/4/13/the-april-2021-security-update-review
Title: Re: Technical
Post by: Asyn on April 14, 2021, 03:14:08 PM
Gamifying machine learning for stronger security and AI models
https://www.microsoft.com/security/blog/2021/04/08/gamifying-machine-learning-for-stronger-security-and-ai-models/
Title: Re: Technical
Post by: Asyn on April 15, 2021, 08:33:38 AM
HTML Lego: Hidden Phishing at Free JavaScript Site
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/html-lego-hidden-phishing-at-free-javascript-site/
Title: Re: Technical
Post by: Asyn on April 16, 2021, 07:39:37 AM
US government confirms Russian SVR behind the SolarWinds hack
https://www.bleepingcomputer.com/news/security/us-government-confirms-russian-svr-behind-the-solarwinds-hack/
https://www.whitehouse.gov/briefing-room/statements-releases/2021/04/15/fact-sheet-imposing-costs-for-harmful-foreign-activities-by-the-russian-government/
Title: Re: Technical
Post by: Asyn on April 16, 2021, 03:08:00 PM
HackBoss: A cryptocurrency-stealing malware distributed through Telegram
https://decoded.avast.io/romanalinkeova/hackboss-a-cryptocurrency-stealing-malware-distributed-through-telegram/
Title: Re: Technical
Post by: Asyn on April 17, 2021, 09:01:39 AM
(Are you) afreight of the dark? Watch out for Vyveva, new Lazarus backdoor
https://www.welivesecurity.com/2021/04/08/are-you-afreight-dark-watch-out-vyveva-new-lazarus-backdoor/
Title: Re: Technical
Post by: Asyn on April 18, 2021, 09:46:18 AM
Google’s Secret ‘Project Bernanke’ Revealed in Texas Antitrust Case
https://www.wsj.com/articles/googles-secret-project-bernanke-revealed-in-texas-antitrust-case-11618097760
Title: Re: Technical
Post by: Asyn on April 19, 2021, 07:59:09 AM
NAME:WRECK DNS vulnerabilities affect over 100 million devices
https://www.bleepingcomputer.com/news/security/name-wreck-dns-vulnerabilities-affect-over-100-million-devices/
Title: Re: Technical
Post by: Asyn on April 20, 2021, 08:49:17 AM
Google Alerts continues to be a hotbed of scams and malware
https://www.bleepingcomputer.com/news/security/google-alerts-continues-to-be-a-hotbed-of-scams-and-malware/
Title: Re: Technical
Post by: Asyn on April 21, 2021, 08:18:52 AM
Damaging Linux & Mac Malware Bundled within Browserify npm Brandjack Attempt
https://blog.sonatype.com/damaging-linux-mac-malware-bundled-within-browserify-npm-brandjack-attempt
Title: Re: Technical
Post by: Asyn on April 23, 2021, 10:34:39 AM
Allow arbitrary URLs, expect arbitrary code execution
https://positive.security/blog/url-open-rce
Title: Re: Technical
Post by: Asyn on April 27, 2021, 03:22:12 PM
Can you spot a deceptive installer?
https://blog.avast.com/deceptive-installers-tips-avast
Title: Re: Technical
Post by: Asyn on April 29, 2021, 12:09:00 PM
Adversary Dossier: Ryuk Ransomware Anatomy of an Attack in 2021
https://www.advanced-intel.com/post/adversary-dossier-ryuk-ransomware-anatomy-of-an-attack-in-2021
Title: Re: Technical
Post by: Asyn on May 03, 2021, 09:44:57 AM
A Comprehensive Framework for Action: Key Recommendations from the Ransomware Task Force
https://securityandtechnology.org/ransomwaretaskforce/report/
https://securityandtechnology.org/wp-content/uploads/2021/04/IST-Ransomware-Task-Force-Report.pdf
Title: Re: Technical
Post by: Asyn on May 04, 2021, 11:43:41 AM
Why Google Should Stop Logging Contact-Tracing Data
https://blog.appcensus.io/2021/04/27/why-google-should-stop-logging-contact-tracing-data/
Title: Re: Technical
Post by: Asyn on May 05, 2021, 11:48:39 AM
RotaJakiro: A long live secret backdoor with 0 VT detection
https://blog.netlab.360.com/stealth_rotajakiro_backdoor_en/
Title: Re: Technical
Post by: Asyn on May 06, 2021, 10:27:18 AM
New Nebulae Backdoor Linked with the NAIKON Group
https://labs.bitdefender.com/2021/04/new-nebulae-backdoor-linked-with-the-naikon-group/
https://www.bitdefender.com/files/News/CaseStudies/study/396/Bitdefender-PR-Whitepaper-NAIKON-creat5397-en-EN.pdf
Title: Re: Technical
Post by: Asyn on May 07, 2021, 10:47:50 AM
“BadAlloc” – Memory allocation vulnerabilities could affect wide range of IoT and OT devices in industrial, medical, and enterprise networks
https://msrc-blog.microsoft.com/2021/04/29/badalloc-memory-allocation-vulnerabilities-could-affect-wide-range-of-iot-and-ot-devices-in-industrial-medical-and-enterprise-networks/
Title: Re: Technical
Post by: Asyn on May 08, 2021, 12:42:05 PM
The UNC2529 Triple Double: A Trifecta Phishing Campaign
https://www.fireeye.com/blog/threat-research/2021/05/unc2529-triple-double-trifecta-phishing-campaign.html
Title: Re: Technical
Post by: Asyn on May 09, 2021, 09:31:21 AM
Pingback: Backdoor At The End Of The ICMP Tunnel
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/backdoor-at-the-end-of-the-icmp-tunnel/
Title: Re: Technical
Post by: Asyn on May 10, 2021, 11:03:15 AM
tsuNAME - Vulnerability that can be used to DDoS DNS
https://tsuname.io/
Title: Re: Technical
Post by: Asyn on May 11, 2021, 10:21:09 AM
Operation TunnelSnake
https://securelist.com/operation-tunnelsnake-and-moriya-rootkit/101831/
Title: Re: Technical
Post by: Asyn on May 12, 2021, 10:59:13 AM
The May 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/5/11/the-may-2021-security-update-review
Title: Re: Technical
Post by: Asyn on May 13, 2021, 06:57:11 PM
Security probe of Qualcomm MSM data services
https://research.checkpoint.com/2021/security-probe-of-qualcomm-msm/
Title: Re: Technical
Post by: Asyn on May 14, 2021, 10:24:21 AM
FragAttacks (fragmentation and aggregation attacks)
https://www.fragattacks.com/
Title: Re: Technical
Post by: bob3160 on May 14, 2021, 11:16:39 PM
FragAttacks (fragmentation and aggregation attacks)
https://www.fragattacks.com/ (https://www.fragattacks.com/)
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/05/14/21/15/crh2roVfwXF/preview.jpg)

Title: Re: Technical
Post by: Asyn on May 15, 2021, 12:08:29 PM
Revealing the ‘Snip3’ Crypter, a Highly Evasive RAT Loader
https://blog.morphisec.com/revealing-the-snip3-crypter-a-highly-evasive-rat-loader
Title: Re: Technical
Post by: Asyn on May 16, 2021, 10:56:04 AM
Business email compromise campaign targets wide range of orgs with gift card scam
https://www.microsoft.com/security/blog/2021/05/06/business-email-compromise-campaign-targets-wide-range-of-orgs-with-gift-card-scam/
Title: Re: Technical
Post by: Asyn on May 18, 2021, 10:10:06 AM
Connecting the Bots - Hancitor fuels Cuba Ransomware Operations
https://blog.group-ib.com/hancitor-cuba-ransomware
Title: Re: Technical
Post by: Asyn on May 19, 2021, 11:59:29 AM
Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
https://fingerprintjs.com/blog/external-protocol-flooding/
Title: Re: Technical
Post by: Asyn on May 20, 2021, 10:35:39 AM
Findings from Verizon's latest data breach report
https://blog.avast.com/2021-verizon-data-breach-report-avast
Title: Re: Technical
Post by: Asyn on May 21, 2021, 07:11:30 PM
Meet Lorenz — A new ransomware gang targeting the enterprise
https://www.bleepingcomputer.com/news/security/meet-lorenz-a-new-ransomware-gang-targeting-the-enterprise/
Title: Re: Technical
Post by: Asyn on May 23, 2021, 04:33:28 PM
Don't fall for these search engine scams
https://blog.avast.com/dont-fall-for-search-engine-scams
Title: Re: Technical
Post by: Asyn on May 24, 2021, 11:43:00 AM
Threat Actors Use MSBuild to Deliver RATs Filelessly
https://www.anomali.com/blog/threat-actors-use-msbuild-to-deliver-rats-filelessly
Title: Re: Technical
Post by: Asyn on May 26, 2021, 10:14:40 AM
Cortex Xpanse Researchers Identify Missing Metric for a Modern SOC
https://www.paloaltonetworks.com/blog/2021/05/rsac-attack-surface-management/
https://start.paloaltonetworks.com/asm-report
Title: Re: Technical
Post by: Asyn on May 27, 2021, 11:49:19 AM
SimuLand: Understand adversary tradecraft and improve detection strategies
https://www.microsoft.com/security/blog/2021/05/20/simuland-understand-adversary-tradecraft-and-improve-detection-strategies/
Title: Re: Technical
Post by: Asyn on May 28, 2021, 09:42:31 AM
Misconfiguration of third party cloud services exposed data of over 100 million users
https://blog.checkpoint.com/2021/05/20/misconfiguration-of-third-party-cloud-services-exposed-data-of-over-100-million-users/
Title: Re: Technical
Post by: bob3160 on May 28, 2021, 03:26:53 PM
Not good news for Apple users on the M1 chip devices.

Summary
A flaw in the design of the Apple Silicon “M1” chip allows any two applications running under an OS to covertly
exchange data between them, without using memory, sockets, files, or any other normal operating system features.
This works between processes running as different users and under different privilege levels,
creating a covert channel for surreptitious data exchange.

The vulnerability is baked into Apple Silicon chips, and cannot be fixed without a new silicon revision.
https://m1racles.com/ (https://m1racles.com/)
Title: Re: Technical
Post by: Asyn on May 29, 2021, 10:03:01 AM
Bizarro banking Trojan expands its attacks to Europe
https://securelist.com/bizarro-banking-trojan-expands-its-attacks-to-europe/102258/
Title: Re: Technical
Post by: Asyn on May 30, 2021, 09:17:43 AM
Attributing CryptoCore Attacks Against Crypto Exchanges to LAZARUS (North Korea)
https://www.clearskysec.com/cryptocore-lazarus-attribution/
https://www.clearskysec.com/wp-content/uploads/2021/05/CryptoCore-Lazarus-Clearsky.pdf
Title: Re: Technical
Post by: Asyn on May 31, 2021, 09:28:15 AM
Try This One Weird Trick Russian Hackers Hate
https://krebsonsecurity.com/2021/05/try-this-one-weird-trick-russian-hackers-hate/
Title: Re: Technical
Post by: Asyn on June 01, 2021, 10:35:34 AM
Pwned Passwords, Open Source in the .NET Foundation and Working with the FBI
https://www.troyhunt.com/pwned-passwords-open-source-in-the-dot-net-foundation-and-working-with-the-fbi/
Title: Re: Technical
Post by: Asyn on June 02, 2021, 03:27:35 PM
BazaFlix: BazaLoader Fakes Movie Streaming Service
https://www.proofpoint.com/us/blog/threat-insight/bazaflix-bazaloader-fakes-movie-streaming-service
Title: Re: Technical
Post by: Asyn on June 03, 2021, 10:33:44 AM
Introducing Half-Double: New hammering technique for DRAM Rowhammer bug
https://security.googleblog.com/2021/05/introducing-half-double-new-hammering.html
Title: Re: Technical
Post by: Asyn on June 04, 2021, 10:43:33 AM
Another Nobelium Cyberattack
https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
Title: Re: Technical
Post by: Asyn on June 05, 2021, 12:32:01 PM
A new ransomware enters the fray: Epsilon Red
https://news.sophos.com/en-us/2021/05/28/epsilonred/
Title: Re: Technical
Post by: Asyn on June 06, 2021, 10:40:07 AM
Another Nobelium Cyberattack
https://blogs.microsoft.com/on-the-issues/2021/05/27/nobelium-cyberattack-nativezone-solarwinds/
https://www.microsoft.com/security/blog/2021/05/27/new-sophisticated-email-based-attack-from-nobelium/
Breaking down NOBELIUM’s latest early-stage toolset
https://www.microsoft.com/security/blog/2021/05/28/breaking-down-nobeliums-latest-early-stage-toolset/
Title: Re: Technical
Post by: Asyn on June 07, 2021, 09:06:43 AM
A not so Fancy game. Exploring the new “SkinnyBoy” Bear’s backdoor
https://cluster25.io/2021/06/03/a-not-so-fancy-game-apt28-skinnyboy/
https://cluster25.io/wp-content/uploads/2021/05/2021-05_FancyBear.pdf
Title: Re: Technical
Post by: Asyn on June 08, 2021, 10:11:04 AM
Necro Python bot adds new exploits and Tezos mining to its bag of tricks
https://blog.talosintelligence.com/2021/06/necro-python-bot-adds-new-tricks.html
Title: Re: Technical
Post by: Asyn on June 09, 2021, 10:35:48 AM
The June 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/6/8/the-june-2021-security-update-review
Title: Re: Technical
Post by: Asyn on June 10, 2021, 09:19:01 AM
Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments
https://unit42.paloaltonetworks.com/siloscape/
Title: Re: Technical
Post by: Asyn on June 11, 2021, 10:09:35 AM
PuzzleMaker attacks with Chrome zero-day exploit chain
https://securelist.com/puzzlemaker-chrome-zero-day-exploit-chain/102771/
Title: Re: Technical
Post by: Asyn on June 12, 2021, 10:24:54 AM
800 criminals arrested in biggest ever law enforcement operation against encrypted communication
https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication
Title: Re: Technical
Post by: bob3160 on June 12, 2021, 05:32:08 PM
800 criminals arrested in biggest ever law enforcement operation against encrypted communication
https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication (https://www.europol.europa.eu/newsroom/news/800-criminals-arrested-in-biggest-ever-law-enforcement-operation-against-encrypted-communication)
https://youtu.be/ic8FYwEyGUA
Title: Re: Technical
Post by: Asyn on June 13, 2021, 09:10:49 AM
ALPACA Attack
https://alpaca-attack.com/
https://alpaca-attack.com/ALPACA.pdf
Title: Re: Technical
Post by: bob3160 on June 13, 2021, 02:31:29 PM
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/06/13/12/30/cr1IlvVhRUJ/preview.jpg)
https://windowsreport.com/windows-defender-vs-avast/ (https://windowsreport.com/windows-defender-vs-avast/)
Title: Re: Technical
Post by: Asyn on June 14, 2021, 09:16:12 AM
Gelsemium: When threat actors go gardening
https://www.welivesecurity.com/2021/06/09/gelsemium-when-threat-actors-go-gardening/
Title: Re: Technical
Post by: Asyn on June 15, 2021, 10:31:25 AM
Avaddon ransomware shuts down and releases decryption keys
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/
http://www.emsisoft.com/ransomware-decryption-tools/avaddon
Title: Re: Technical
Post by: bob3160 on June 15, 2021, 02:53:03 PM
Avaddon ransomware shuts down and releases decryption keys
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/ (https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/)
http://www.emsisoft.com/ransomware-decryption-tools/avaddon (http://www.emsisoft.com/ransomware-decryption-tools/avaddon)
It's nice to see and read about some good news for a change. :)
Title: Re: Technical
Post by: DavidR on June 15, 2021, 05:51:43 PM
Avaddon ransomware shuts down and releases decryption keys
https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/ (https://www.bleepingcomputer.com/news/security/avaddon-ransomware-shuts-down-and-releases-decryption-keys/)
http://www.emsisoft.com/ransomware-decryption-tools/avaddon (http://www.emsisoft.com/ransomware-decryption-tools/avaddon)
It's nice to see and read about some good news for a change. :)

The really good news would be that the money was returned  and they had been locked up for their crimes.
Title: Re: Technical
Post by: Asyn on June 16, 2021, 10:24:30 AM
2021 CISO REPORT
https://www.dynatrace.com/info/cloud-application-security-ciso-research-1/
https://assets.dynatrace.com/en/docs/report/2021-global-ciso-report.pdf
Title: Re: Technical
Post by: Asyn on June 17, 2021, 12:41:47 PM
Nameless malware that stole 1.2 TB of private data
https://nordlocker.com/malware-analysis/
Title: Re: Technical
Post by: Asyn on June 18, 2021, 10:45:09 AM
Privilege escalation with polkit: How to get root on Linux with a seven-year-old bug
https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/
Title: Re: Technical
Post by: Asyn on June 19, 2021, 02:08:44 PM
Behind the scenes of business email compromise: Using cross-domain threat data to disrupt a large BEC campaign
https://www.microsoft.com/security/blog/2021/06/14/behind-the-scenes-of-business-email-compromise-using-cross-domain-threat-data-to-disrupt-a-large-bec-infrastructure/
Title: Re: Technical
Post by: Asyn on June 20, 2021, 09:55:50 AM
Exploiting custom protocol handlers for cross-browser tracking in Tor, Safari, Chrome and Firefox
https://fingerprintjs.com/blog/external-protocol-flooding/
Title: Re: Technical
Post by: Asyn on June 21, 2021, 09:12:13 AM
Millions of Connected Cameras Open to Eavesdropping
https://threatpost.com/millions-connected-cameras-eavesdropping/166950/
https://www.nozominetworks.com/blog/new-iot-security-risk-throughtek-p2p-supply-chain-vulnerability/
Title: Re: Technical
Post by: Asyn on June 22, 2021, 12:44:46 PM
Vigilante malware rats out software pirates while blocking ThePirateBay
https://news.sophos.com/en-us/2021/06/17/vigilante-antipiracy-malware/
Title: Re: Technical
Post by: Asyn on June 23, 2021, 12:20:04 PM
Fake DarkSide Campaign Targets Energy and Food Sectors
https://www.trendmicro.com/en_us/research/21/f/fake-darkside-campaign-targets-energy-and-food-sectors.html
Title: Re: Technical
Post by: Asyn on June 24, 2021, 10:23:56 AM
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/
Title: Re: Technical
Post by: bob3160 on June 24, 2021, 02:20:53 PM
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/ (https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/)
Is Russia afraid of possible Chinees spying?
Title: Re: Technical
Post by: DavidR on June 24, 2021, 04:32:41 PM
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/ (https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/)
Is Russia afraid of possible Chinees spying?

I think more like they want to know what their citizens are up to ;)
Title: Re: Technical
Post by: schmidthouse on June 24, 2021, 07:10:17 PM
Russia bans Opera VPN and VyprVPN, classifies them as threats
https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/ (https://www.bleepingcomputer.com/news/security/russia-bans-opera-vpn-and-vyprvpn-classifies-them-as-threats/)
Is Russia afraid of possible Chinees spying?

I think more like they want to know what their citizens are up to ;)

Or both.... ;)
Title: Re: Technical
Post by: Asyn on June 25, 2021, 11:31:12 AM
Eclypsium Discovers Multiple Vulnerabilities Affecting 129 Dell Models via Dell Remote OS Recovery and Firmware Update Capabilities
https://eclypsium.com/2021/06/24/biosdisconnect/
https://eclypsium.com/wp-content/uploads/2021/06/Eclypsium-Discovers-Multiple-Vulnerabilities-Affecting-129-Dell-Models-via-Dell-Remote-OS-Recovery-and-Firmware-Update-Capabilities.pdf
Title: Re: Technical
Post by: Asyn on June 26, 2021, 10:20:02 AM
Video: Avast Hacker Archives Episode 7: Philip Zimmermann
https://blog.avast.com/avast-hacker-archives-episode-7-philip-zimmermann-avast
Title: Re: Technical
Post by: Asyn on June 27, 2021, 10:08:58 AM
Sonatype Catches New PyPI Cryptomining Malware
https://blog.sonatype.com/sonatype-catches-new-pypi-cryptomining-malware-via-automated-detection
Title: Re: Technical
Post by: Asyn on June 28, 2021, 09:55:57 AM
Mysterious ransomware payment traced to a sensual massage site
https://www.bleepingcomputer.com/news/security/mysterious-ransomware-payment-traced-to-a-sensual-massage-site/
https://shared-public-reports.s3.eu-west-1.amazonaws.com/Secrets_behind_the_mysterious_ever101_ransomware.pdf
Title: Re: Technical
Post by: Asyn on June 29, 2021, 10:31:26 AM
PYSA Loves ChaChi: a New GoLang RAT
https://blogs.blackberry.com/en/2021/06/pysa-loves-chachi-a-new-golang-rat
Title: Re: Technical
Post by: Asyn on June 30, 2021, 12:43:46 PM
Linux marketplaces vulnerable to RCE and supply chain attacks
https://positive.security/blog/hacking-linux-marketplaces
Title: Re: Technical
Post by: Asyn on July 01, 2021, 11:07:29 AM
Investigating tech support fraud
https://blog.avast.com/tech-support-fraud-avast
Title: Re: Technical
Post by: DavidR on July 01, 2021, 12:02:49 PM
Investigating tech support fraud
https://blog.avast.com/tech-support-fraud-avast

Ha, a good start would to be tough on Tech Support spammers  :P
Title: Re: Technical
Post by: Asyn on July 01, 2021, 01:28:02 PM
Investigating tech support fraud
https://blog.avast.com/tech-support-fraud-avast
Ha, a good start would to be tough on Tech Support spammers  :P
+++1 8)
Title: Re: Technical
Post by: Asyn on July 02, 2021, 12:24:35 PM
Yet Another Archive Format Smuggling Malware
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/another-archive-format-smuggling-malware/
Title: Re: Technical
Post by: Asyn on July 03, 2021, 12:23:49 PM
New Nobelium activity
https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/
Title: Re: Technical
Post by: bob3160 on July 03, 2021, 03:06:41 PM
New Nobelium activity
https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/ (https://msrc-blog.microsoft.com/2021/06/25/new-nobelium-activity/)
Simple protection is to use two factor authentication.
Title: Re: Technical
Post by: Asyn on July 04, 2021, 11:20:07 AM
Microsoft signed a malicious Netfilter rootkit
https://www.gdatasoftware.com/blog/microsoft-signed-a-malicious-netfilter-rootkit
Title: Re: Technical
Post by: Asyn on July 05, 2021, 09:26:19 AM
REvil ransomware's new Linux encryptor targets ESXi virtual machines
https://www.bleepingcomputer.com/news/security/revil-ransomwares-new-linux-encryptor-targets-esxi-virtual-machines/
Title: Re: Technical
Post by: Asyn on July 05, 2021, 12:11:45 PM
What I did when an email tried to blackmail me
https://blog.avast.com/digging-into-sextortion-emails-avast
Title: Re: Technical
Post by: Asyn on July 06, 2021, 09:08:08 AM
NFC Flaws Let Researchers Hack ATMs by Waving a Phone
https://www.wired.com/story/atm-hack-nfc-bugs-point-of-sale/
Title: Re: Technical
Post by: Asyn on July 07, 2021, 11:53:48 AM
Lorenz ransomware: analysis and a free decryptor
https://www.tesorion.nl/en/posts/lorenz-ransomware-analysis-and-a-free-decryptor/
Title: Re: Technical
Post by: Asyn on July 08, 2021, 10:12:45 AM
CVE-2018-18472: Western Digital My Book Live Mass Exploitation
https://censys.io/blog/cve-2018-18472-western-digital-my-book-live-mass-exploitation/
Title: Re: Technical
Post by: Asyn on July 09, 2021, 09:33:52 AM
Cobalt Strike Usage Explodes Among Cybercrooks
https://threatpost.com/cobalt-strike-cybercrooks/167368/
Title: Re: Technical
Post by: Asyn on July 10, 2021, 12:12:11 PM
CISA releases new ransomware self-assessment security audit tool
https://www.bleepingcomputer.com/news/security/cisa-releases-new-ransomware-self-assessment-security-audit-tool/
Title: Re: Technical
Post by: Asyn on July 10, 2021, 04:12:28 PM
Microsoft finds new NETGEAR firmware vulnerabilities that could lead to identity theft and full system compromise
https://www.microsoft.com/security/blog/2021/06/30/microsoft-finds-new-netgear-firmware-vulnerabilities-that-could-lead-to-identity-theft-and-full-system-compromise/
Title: Re: Technical
Post by: Asyn on July 11, 2021, 10:17:04 AM
Diavol - A New Ransomware Used By Wizard Spider?
https://www.fortinet.com/blog/threat-research/diavol-new-ransomware-used-by-wizard-spider
Title: Re: Technical
Post by: Asyn on July 11, 2021, 01:10:20 PM
Avast researchers fight malware by processing machine data with next-gen machine learning
https://blog.avast.com/processing-machine-data-with-machine-learning-avast
https://arxiv.org/pdf/2105.09107.pdf
Title: Re: Technical
Post by: DavidR on July 11, 2021, 01:52:04 PM
Avast researchers fight malware by processing machine data with next-gen machine learning
https://blog.avast.com/processing-machine-data-with-machine-learning-avast
https://arxiv.org/pdf/2105.09107.pdf

I just wonder how this new machine learning improves detection and yet doesn't see an increase FPs

Whilst I don't think this would impact so much on the Web Shied (EDIT- having read further, it seems it does), we do appear to be seeing a slight increase in 'possible' FPs in the forums.
Title: Re: Technical
Post by: Asyn on July 11, 2021, 02:39:08 PM
Avast researchers fight malware by processing machine data with next-gen machine learning
https://blog.avast.com/processing-machine-data-with-machine-learning-avast
https://arxiv.org/pdf/2105.09107.pdf
I just wonder how this new machine learning improves detection and yet doesn't see an increase FPs

Whilst I don't think this would impact so much on the Web Shied (EDIT- having read further, it seems it does), we do appear to be seeing a slight increase in 'possible' FPs in the forums.
Hi Dave, guess it still needs some fine-tuning. ;)
Title: Re: Technical
Post by: Asyn on July 12, 2021, 09:51:50 AM
NSA, Partners Release Cybersecurity Advisory on Brute Force Global Cyber Campaign
https://www.nsa.gov/news-features/press-room/Article/2677750/nsa-partners-release-cybersecurity-advisory-on-brute-force-global-cyber-campaign/
https://media.defense.gov/2021/Jul/01/2002753896/-1/-1/1/CSA_GRU_GLOBAL_BRUTE_FORCE_CAMPAIGN_UOO158036-21.PDF
Title: Re: Technical
Post by: Asyn on July 13, 2021, 11:26:16 AM
Independence Day: REvil uses supply chain exploit to attack hundreds of businesses
https://news.sophos.com/en-us/2021/07/04/independence-day-revil-uses-supply-chain-exploit-to-attack-hundreds-of-businesses/
Title: Re: Technical
Post by: Asyn on July 14, 2021, 11:46:44 AM
Lookout Unearths Android Crypto Mining Scams
https://blog.lookout.com/lookout-unearths-android-crypto-mining-scams
Title: Re: Technical
Post by: Asyn on July 14, 2021, 12:31:18 PM
The July 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/7/13/the-july-2021-security-update-review
Title: Re: Technical
Post by: Asyn on July 15, 2021, 09:22:49 AM
Enhancing threat intelligence using new STIX and TAXII standards
https://blog.avast.com/explaining-stix-and-taxii-standards-avast
Title: Re: Technical
Post by: Asyn on July 15, 2021, 11:08:59 AM
US warns of action against ransomware gangs if Russia refuses
https://www.bleepingcomputer.com/news/security/us-warns-of-action-against-ransomware-gangs-if-russia-refuses/
Title: Re: Technical
Post by: Asyn on July 15, 2021, 05:24:06 PM
Mozilla Investigation: YouTube Algorithm Recommends Videos that Violate the Platform’s Very Own Policies
https://foundation.mozilla.org/en/blog/mozilla-investigation-youtube-algorithm-recommends-videos-that-violate-the-platforms-very-own-policies/
https://foundation.mozilla.org/en/campaigns/regrets-reporter/findings/
https://assets.mofoprod.net/network/documents/Mozilla_YouTube_Regrets_Report.pdf
Title: Re: Technical
Post by: alanb on July 15, 2021, 05:25:11 PM
REvil: Ransomware gang websites disappear from internet

https://www.bbc.co.uk/news/technology-57826851 (https://www.bbc.co.uk/news/technology-57826851)
Title: Re: Technical
Post by: Asyn on July 16, 2021, 09:51:40 AM
BIOPASS RAT: New Malware Sniffs Victims via Live Streaming
https://www.trendmicro.com/en_us/research/21/g/biopass-rat-new-malware-sniffs-victims-via-live-streaming.html
Title: Re: Technical
Post by: Asyn on July 17, 2021, 12:33:33 PM
Immediate action required to avoid Ransomware pandemic - INTERPOL
https://www.interpol.int/News-and-Events/News/2021/Immediate-action-required-to-avoid-Ransomware-pandemic-INTERPOL
Title: Re: Technical
Post by: DavidR on July 17, 2021, 03:45:28 PM
Immediate action required to avoid Ransomware pandemic - INTERPOL
https://www.interpol.int/News-and-Events/News/2021/Immediate-action-required-to-avoid-Ransomware-pandemic-INTERPOL

Interesting, ha, when Brexit was first muted, cooperation between the EU and UK security agencies this was the first EU threat, the disruption of this security cooperation.
Title: Re: Technical
Post by: Asyn on July 18, 2021, 10:49:29 AM
Trickbot updates its VNC module for high-value targets
https://www.bleepingcomputer.com/news/security/trickbot-updates-its-vnc-module-for-high-value-targets/
Title: Re: Technical
Post by: Asyn on July 19, 2021, 01:14:45 PM
Microsoft discovers threat actor targeting SolarWinds Serv-U software with 0-day exploit
https://www.microsoft.com/security/blog/2021/07/13/microsoft-discovers-threat-actor-targeting-solarwinds-serv-u-software-with-0-day-exploit/
Title: Re: Technical
Post by: Asyn on July 19, 2021, 05:45:02 PM
Video: Avast Hacker Archives Episode 8: Dave Aitel
https://blog.avast.com/avast-hacker-archives-episode-8-dave-aitel-avast
Title: Re: Technical
Post by: Asyn on July 20, 2021, 11:57:01 AM
Nested Archives Help to Evade SEGs and Deliver BazarBackdoor
https://cofense.com/blog/nested-files-evade-segs/
Title: Re: Technical
Post by: Asyn on July 21, 2021, 11:36:27 AM
How we protect users from 0-day attacks
https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/
Title: Re: Technical
Post by: Asyn on July 21, 2021, 03:43:57 PM
LuminousMoth APT: Sweeping attacks for the chosen few
https://securelist.com/apt-luminousmoth/103332/
Title: Re: Technical
Post by: Asyn on July 22, 2021, 09:36:54 AM
June 2021’s Most Wanted Malware: Trickbot Remains on Top
https://blog.checkpoint.com/2021/07/13/june-2021s-most-wanted-malware-trickbot-remains-on-top/
Title: Re: Technical
Post by: Asyn on July 22, 2021, 01:27:04 PM
Protecting customers from a private-sector offensive actor using 0-day exploits and DevilsTongue malware
https://www.microsoft.com/security/blog/2021/07/15/protecting-customers-from-a-private-sector-offensive-actor-using-0-day-exploits-and-devilstongue-malware/
Title: Re: Technical
Post by: Asyn on July 23, 2021, 09:46:16 AM
US govt offers $10 million reward for tips on nation-state hackers
https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-reward-for-tips-on-nation-state-hackers/
Title: Re: Technical
Post by: Asyn on July 23, 2021, 03:08:26 PM
Remote code execution in cdnjs of Cloudflare
https://blog.ryotak.me/post/cdnjs-remote-code-execution-en/
Title: Re: Technical
Post by: Asyn on July 24, 2021, 01:55:56 PM
Meet WiFiDemon – iOS WiFi RCE 0-Day Vulnerability, and a Zero-Click Vulnerability That Was Silently Patched
https://blog.zecops.com/research/meet-wifidemon-ios-wifi-rce-0-day-vulnerability-and-a-zero-click-vulnerability-that-was-silently-patched/
Title: Re: Technical
Post by: Asyn on July 24, 2021, 05:17:58 PM
Forensic Methodology Report: How to catch NSO Group’s Pegasus
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Title: Re: Technical
Post by: Asyn on July 25, 2021, 08:44:42 AM
Forensic Methodology Report: How to catch NSO Group’s Pegasus
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Understanding the Pegasus project
https://blog.avast.com/pegasus-and-spyware-avast
Title: Re: Technical
Post by: bob3160 on July 25, 2021, 04:04:34 PM
US govt offers $10 million reward for tips on nation-state hackers
https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-reward-for-tips-on-nation-state-hackers/ (https://www.bleepingcomputer.com/news/security/us-govt-offers-10-million-reward-for-tips-on-nation-state-hackers/)
Does that include hacking by the NSO? (Pegasus)
Title: Re: Technical
Post by: Asyn on July 26, 2021, 10:00:09 AM
Sequoia: A Local Privilege Escalation Vulnerability in Linux’s Filesystem Layer (CVE-2021-33909)
https://blog.qualys.com/vulnerabilities-threat-research/2021/07/20/sequoia-a-local-privilege-escalation-vulnerability-in-linuxs-filesystem-layer-cve-2021-33909
Title: Re: Technical
Post by: Asyn on July 27, 2021, 10:04:04 AM
New MosaicLoader malware targets software pirates via online ads
https://www.bleepingcomputer.com/news/security/new-mosaicloader-malware-targets-software-pirates-via-online-ads/
Title: Re: Technical
Post by: Asyn on July 27, 2021, 12:21:54 PM
Groundhog day: NPM package caught stealing browser passwords
https://blog.secure.software/groundhog-day-npm-package-caught-stealing-browser-passwords
Title: Re: Technical
Post by: Asyn on July 28, 2021, 08:57:38 AM
Top prevalent malware with a thousand campaigns migrates to macOS
https://research.checkpoint.com/2021/top-prevalent-malware-with-a-thousand-campaigns-migrates-to-macos/
Title: Re: Technical
Post by: Asyn on July 29, 2021, 09:56:35 AM
Forensic Methodology Report: How to catch NSO Group’s Pegasus
https://www.amnesty.org/en/latest/research/2021/07/forensic-methodology-report-how-to-catch-nso-groups-pegasus/
Understanding the Pegasus project
https://blog.avast.com/pegasus-and-spyware-avast
A case against security nihilism
https://blog.cryptographyengineering.com/2021/07/20/a-case-against-security-nihilism/
Title: Re: Technical
Post by: Asyn on July 30, 2021, 11:21:24 AM
2021 CWE Top 25 Most Dangerous Software Weaknesses
https://cwe.mitre.org/top25/archive/2021/2021_cwe_top25.html
Title: Re: Technical
Post by: Asyn on July 31, 2021, 11:03:45 AM
Threat Spotlight: Unpatched software vulnerabilities
https://blog.barracuda.com/2021/07/21/threat-spotlight-unpatched-software-vulnerabilities/
Title: Re: Technical
Post by: Asyn on August 01, 2021, 11:01:13 AM
Updated XCSSET Malware Targets Telegram, Other Apps
https://www.trendmicro.com/en_us/research/21/g/updated-xcsset-malware-targets-telegram--other-apps.html
Title: Re: Technical
Post by: Asyn on August 01, 2021, 03:13:02 PM
LockBit ransomware now encrypts Windows domains using group policies
https://www.bleepingcomputer.com/news/security/lockbit-ransomware-now-encrypts-windows-domains-using-group-policies/
Title: Re: Technical
Post by: Asyn on August 02, 2021, 10:33:06 AM
New Attacks on Kubernetes via Misconfigured Argo Workflows
https://www.intezer.com/blog/container-security/new-attacks-on-kubernetes-via-misconfigured-argo-workflows/
Title: Re: Technical
Post by: Asyn on August 02, 2021, 01:29:01 PM
Unhacked: 121 tools against ransomware on a single website
https://www.europol.europa.eu/newsroom/news/unhacked-121-tools-against-ransomware-single-website
Title: Re: Technical
Post by: bob3160 on August 02, 2021, 02:11:47 PM
Unhacked: 121 tools against ransomware on a single website
https://www.europol.europa.eu/newsroom/news/unhacked-121-tools-against-ransomware-single-website (https://www.europol.europa.eu/newsroom/news/unhacked-121-tools-against-ransomware-single-website)
You still need this site to do the heavy lifting.
https://www.nomoreransom.org/en/index.html
Title: Re: Technical
Post by: Asyn on August 03, 2021, 11:36:02 AM
DoppelPaymer Continues to Cause Grief Through Rebranding
https://www.zscaler.com/blogs/security-research/doppelpaymer-continues-cause-grief-through-rebranding
Title: Re: Technical
Post by: Asyn on August 04, 2021, 11:18:40 AM
Critical 9.9 Vulnerability In Hyper-V Allowed Attackers To Exploit Azure
https://www.guardicore.com/labs/critical-vulnerability-in-hyper-v-allowed-attackers-to-exploit-azure/
Title: Re: Technical
Post by: Asyn on August 05, 2021, 09:11:47 AM
Alert (AA21-209A) - Top Routinely Exploited Vulnerabilities
https://us-cert.cisa.gov/ncas/alerts/aa21-209a
Title: Re: Technical
Post by: Asyn on August 06, 2021, 10:14:02 AM
Kernel Pwning with eBPF: a Love Story
https://www.graplsecurity.com/post/kernel-pwning-with-ebpf-a-love-story
Title: Re: Technical
Post by: Asyn on August 07, 2021, 12:12:17 PM
JFrog Detects Malicious PyPI Packages Stealing Credit Cards and Injecting Code
https://jfrog.com/blog/malicious-pypi-packages-stealing-credit-cards-injecting-code/
Title: Re: Technical
Post by: Asyn on August 08, 2021, 09:10:03 AM
Vultur, with a V for VNC
https://www.threatfabric.com/blogs/vultur-v-for-vnc.html
Title: Re: Technical
Post by: Asyn on August 09, 2021, 10:03:10 AM
BlackMatter Ransomware Emerges As Successor to DarkSide, REvil
https://www.recordedfuture.com/blackmatter-ransomware-successor-darkside-revil/
Title: Re: Technical
Post by: Asyn on August 10, 2021, 09:04:04 AM
Hotcobalt – New Cobalt Strike DoS Vulnerability That Lets You Halt Operations
https://labs.sentinelone.com/hotcobalt-new-cobalt-strike-dos-vulnerability-that-lets-you-halt-operations/
Title: Re: Technical
Post by: Asyn on August 11, 2021, 11:15:13 AM
Black Hat 2021: DNS loophole makes nation-state level spying as easy as registering a domain
https://www.wiz.io/blog/black-hat-2021-dns-loophole-makes-nation-state-level-spying-as-easy-as-registering-a-domain
Title: Re: Technical
Post by: Asyn on August 12, 2021, 09:14:48 AM
The August 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/8/10/the-august-2021-security-update-review
Title: Re: Technical
Post by: Asyn on August 12, 2021, 01:18:04 PM
Prometheus TDS - The key to success for Campo Loader
https://blog.group-ib.com/prometheus-tds
Title: Re: Technical
Post by: Asyn on August 13, 2021, 10:21:30 AM
Pwnie Award Winners 2021
https://pwnies.com/winners/
Title: Re: Technical
Post by: Asyn on August 13, 2021, 03:16:18 PM
Reproducing The ProxyShell Pwn2Own Exploit
https://peterjson.medium.com/reproducing-the-proxyshell-pwn2own-exploit-49743a4ea9a1
Title: Re: Technical
Post by: Asyn on August 14, 2021, 12:58:52 PM
Freshly Disclosed Vulnerability CVE-2021-20090 Exploited in the Wild
https://blogs.juniper.net/en-us/security/freshly-disclosed-vulnerability-cve-2021-20090-exploited-in-the-wild
Title: Re: Technical
Post by: Asyn on August 15, 2021, 09:41:42 AM
FlyTrap Android Malware Compromises Thousands of Facebook Accounts
https://blog.zimperium.com/flytrap-android-malware-compromises-thousands-of-facebook-accounts/
Title: Re: Technical
Post by: Asyn on August 16, 2021, 09:17:16 AM
Kaseya's universal REvil decryption key leaked on a hacking forum
https://www.bleepingcomputer.com/news/security/kaseyas-universal-revil-decryption-key-leaked-on-a-hacking-forum/
Title: Re: Technical
Post by: Asyn on August 17, 2021, 10:38:05 AM
New eCh0raix Ransomware Variant Targets QNAP and Synology Network-Attached Storage Devices
https://unit42.paloaltonetworks.com/ech0raix-ransomware-soho/
Title: Re: Technical
Post by: Asyn on August 18, 2021, 10:29:10 AM
Massive New AdLoad Campaign Goes Entirely Undetected By Apple’s XProtect
https://labs.sentinelone.com/massive-new-adload-campaign-goes-entirely-undetected-by-apples-xprotect/
Title: Re: Technical
Post by: Asyn on August 19, 2021, 09:43:35 AM
Attackers use Morse code, other encryption methods in evasive phishing campaign
https://www.microsoft.com/security/blog/2021/08/12/attackers-use-morse-code-other-encryption-methods-in-evasive-phishing-campaign/
Title: Re: Technical
Post by: Asyn on August 20, 2021, 11:18:30 AM
Machine learning explainability: Spotlight on machine data
https://blog.avast.com/machine-learning-explainability-avast
Title: Re: Technical
Post by: Asyn on August 20, 2021, 04:00:45 PM
Teaching an Old Dog New Tricks: 2017 Magniber Ransomware Uses PrintNightmare Vulnerability to Infect Victims in South Korea
https://www.crowdstrike.com/blog/magniber-ransomware-caught-using-printnightmare-vulnerability/
Title: Re: Technical
Post by: Asyn on August 21, 2021, 12:23:39 PM
Video: Avast Hacker Archives Episode 9: Heather Adkins
https://blog.avast.com/avast-hacker-archives-episode-9-heather-adkins-avast
Title: Re: Technical
Post by: Asyn on August 21, 2021, 02:34:29 PM
Vice Society Leverages PrintNightmare In Ransomware Attacks
https://blog.talosintelligence.com/2021/08/vice-society-ransomware-printnightmare.html
Title: Re: Technical
Post by: Asyn on August 22, 2021, 10:54:45 AM
SynAck ransomware gang releases decryption keys for old victims
https://therecord.media/synack-ransomware-gang-releases-decryption-keys-for-old-victims/
https://www.emsisoft.com/ransomware-decryption-tools/synack
Title: Re: Technical
Post by: Asyn on August 23, 2021, 10:40:18 AM
New Iranian Espionage Campaign By “Siamesekitten” – Lyceum
https://www.clearskysec.com/siamesekitten/
https://www.clearskysec.com/wp-content/uploads/2021/08/Siamesekitten.pdf
Title: Re: Technical
Post by: Asyn on August 24, 2021, 12:34:51 PM
Malware campaign uses clever 'captcha' to bypass browser warning
https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/
Title: Re: Technical
Post by: bob3160 on August 24, 2021, 02:35:27 PM
Malware campaign uses clever 'captcha' to bypass browser warning
https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/ (https://www.bleepingcomputer.com/news/security/malware-campaign-uses-clever-captcha-to-bypass-browser-warning/)
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/08/24/12/34/crjZl4Vj9HM/preview.jpg)
https://youtu.be/D78e5zO3fQw (https://youtu.be/D78e5zO3fQw)
Title: Re: Technical
Post by: Asyn on August 25, 2021, 12:04:02 PM
Mandiant Discloses Critical Vulnerability Affecting Millions of IoT Devices
https://www.fireeye.com/blog/threat-research/2021/08/mandiant-discloses-critical-vulnerability-affecting-iot-devices.html
Title: Re: Technical
Post by: Asyn on August 26, 2021, 12:16:38 PM
Analysis of Diavol Ransomware Reveals Possible Link to TrickBot Gang
https://securityintelligence.com/posts/analysis-of-diavol-ransomware-link-trickbot-gang/
Title: Re: Technical
Post by: Asyn on August 27, 2021, 10:51:45 AM
Threat Spotlight: Ransomware trends
https://blog.barracuda.com/2021/08/12/threat-spotlight-ransomware-trends/
Title: Re: Technical
Post by: Asyn on August 28, 2021, 12:32:47 PM
LockFile: Ransomware Uses PetitPotam Exploit to Compromise Windows Domain Controllers
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/lockfile-ransomware-new-petitpotam-windows
Title: Re: Technical
Post by: Asyn on August 29, 2021, 10:53:37 AM
Cloudflare thwarts 17.2M rps DDoS attack — the largest ever reported
https://blog.cloudflare.com/cloudflare-thwarts-17-2m-rps-ddos-attack-the-largest-ever-reported/
Title: Re: Technical
Post by: Asyn on August 30, 2021, 10:24:24 AM
Advisory: Multiple Issues in Realtek SDK Affects Hundreds of Thousands of Devices Down the Supply Chain
https://www.iot-inspector.com/blog/advisory-multiple-issues-realtek-sdk-iot-supply-chain/
Title: Re: Technical
Post by: Asyn on August 31, 2021, 09:50:49 AM
Triada Trojan in WhatsApp mod
https://securelist.com/triada-trojan-in-whatsapp-mod/103679/
Title: Re: Technical
Post by: Asyn on September 01, 2021, 09:52:07 AM
Ragnarok ransomware releases master decryptor after shutdown
https://www.bleepingcomputer.com/news/security/ragnarok-ransomware-releases-master-decryptor-after-shutdown/
Title: Re: Technical
Post by: Asyn on September 02, 2021, 09:11:19 AM
FTC bans stalkerware maker Spyfone from surveillance business
https://www.bleepingcomputer.com/news/security/ftc-bans-stalkerware-maker-spyfone-from-surveillance-business/
Title: Re: Technical
Post by: bob3160 on September 02, 2021, 03:42:12 PM
FTC bans stalkerware maker Spyfone from surveillance business
https://www.bleepingcomputer.com/news/security/ftc-bans-stalkerware-maker-spyfone-from-surveillance-business/ (https://www.bleepingcomputer.com/news/security/ftc-bans-stalkerware-maker-spyfone-from-surveillance-business/)

FTC issues first ban ever on a stalkerware company
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/09/02/13/39/crQnIgVQOwH/preview.jpg)
https://youtu.be/f7iJanYIn_o (https://youtu.be/f7iJanYIn_o)
The first meaningful ban against a company that made it's money by spying on others.
Title: Re: Technical
Post by: Asyn on September 03, 2021, 10:36:42 AM
FIN8 Threat Actor Spotted Once Again with New "Sardonic" Backdoor
https://www.bitdefender.com/blog/labs/fin8-threat-actor-spotted-once-again-with-new-sardonic-backdoor/
https://www.bitdefender.com/files/News/CaseStudies/study/401/Bitdefender-PR-Whitepaper-FIN8-creat5619-en-EN.pdf
Title: Re: Technical
Post by: Asyn on September 04, 2021, 01:25:43 PM
FBI shares technical details for Hive ransomware
https://www.bleepingcomputer.com/news/security/fbi-shares-technical-details-for-hive-ransomware/
Title: Re: Technical
Post by: Asyn on September 05, 2021, 10:04:35 AM
BRAKTOOTH: Causing Havoc on Bluetooth Link Manager
https://asset-group.github.io/disclosures/braktooth/
Title: Re: Technical
Post by: Asyn on September 06, 2021, 11:09:48 AM
How MarkMonitor left >60,000 domains for the taking
https://ian.sh/markmonitor
Title: Re: Technical
Post by: Asyn on September 07, 2021, 09:51:02 AM
QakBot technical analysis
https://securelist.com/qakbot-technical-analysis/103931/
Title: Re: Technical
Post by: Asyn on September 08, 2021, 10:20:06 AM
Babuk ransomware's full source code leaked on hacker forum
https://www.bleepingcomputer.com/news/security/babuk-ransomwares-full-source-code-leaked-on-hacker-forum/
Title: Re: Technical
Post by: Asyn on September 09, 2021, 10:53:17 AM
Conti affiliates use ProxyShell Exchange exploit in ransomware attacks
https://news.sophos.com/en-us/2021/09/03/conti-affiliates-use-proxyshell-exchange-exploit-in-ransomware-attacks/
Title: Re: Technical
Post by: Asyn on September 09, 2021, 12:29:11 PM
Avast joins the Tracking-free Ads Coalition
https://blog.avast.com/avast-joins-tracking-free-ads-coalition-avast
Title: Re: Technical
Post by: DavidR on September 09, 2021, 03:58:33 PM
Avast joins the Tracking-free Ads Coalition
https://blog.avast.com/avast-joins-tracking-free-ads-coalition-avast

A step in the right direction :)
Title: Re: Technical
Post by: Asyn on September 10, 2021, 11:34:23 AM
FBI: Spike in sextortion attacks cost victims $8 million this year
https://www.bleepingcomputer.com/news/security/fbi-spike-in-sextortion-attacks-cost-victims-8-million-this-year/
Title: Re: Technical
Post by: Asyn on September 11, 2021, 10:20:50 AM
Cybercrime Group FIN7 Using Windows 11 Alpha-Themed Docs to Drop Javascript Backdoor
https://www.anomali.com/blog/cybercrime-group-fin7-using-windows-11-alpha-themed-docs-to-drop-javascript-backdoor
Title: Re: Technical
Post by: Asyn on September 12, 2021, 11:42:20 AM
High-profile Western media outlets repeatedly infiltrated by pro-Kremlin trolls
https://www.cardiff.ac.uk/news/view/2547048-high-profile-western-media-outlets-repeatedly-infiltrated-by-pro-kremlin-trolls
Title: Re: Technical
Post by: Asyn on September 13, 2021, 10:11:41 AM
New Chainsaw tool helps IR teams analyze Windows event logs
https://www.bleepingcomputer.com/news/security/new-chainsaw-tool-helps-ir-teams-analyze-windows-event-logs/
Title: Re: Technical
Post by: Asyn on September 14, 2021, 11:26:52 AM
Fighting Misinformation with AI
https://cybersecai.com/fighting-misinformation-with-ai/
Title: Re: Technical
Post by: bob3160 on September 14, 2021, 12:57:14 PM
Fighting Misinformation with AI
https://cybersecai.com/fighting-misinformation-with-ai/ (https://cybersecai.com/fighting-misinformation-with-ai/)
There is probably more disinformation on the Web than actual information.
If you add the amount of disinformation currently being spread by the news organizations
and political parties, it's a wonder that anyone actually gets factual information.
Title: Re: Technical
Post by: Asyn on September 15, 2021, 12:27:53 PM
The September 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/9/14/the-september-2021-security-update-review-kpgpb
Title: Re: Technical
Post by: Asyn on September 15, 2021, 02:09:57 PM
Groove VS Babuk; Groove Ransom Manifesto & RAMP Underground Platform Secret Inner Workings
https://www.advintel.io/post/groove-vs-babuk-groove-ransom-manifesto-ramp-underground-platform-secret-inner-workings
Title: Re: Technical
Post by: Asyn on September 16, 2021, 09:30:02 AM
Video: Avast Hacker Archives Episode 10: Keren Elazari
https://blog.avast.com/avast-hacker-archives-episode-10-keren-elazari-avast
Title: Re: Technical
Post by: Asyn on September 16, 2021, 12:36:40 PM
GitHub security update: Vulnerabilities in tar and @npmcli/arborist
https://github.blog/2021-09-08-github-security-update-vulnerabilities-tar-npmcli-arborist/
Title: Re: Technical
Post by: Asyn on September 17, 2021, 12:03:16 PM
Remote Code Execution 0-Day (CVE-2021-40444) Hits Windows, Triggered Via Office Docs
https://www.trendmicro.com/en_us/research/21/i/remote-code-execution-zero-day--cve-2021-40444--hits-windows--tr.html
Title: Re: Technical
Post by: Asyn on September 18, 2021, 01:38:56 PM
Vermilion Strike: Linux and Windows Re-implementation of Cobalt Strike
https://www.intezer.com/blog/malware-analysis/vermilionstrike-reimplementation-cobaltstrike/
Title: Re: Technical
Post by: Asyn on September 19, 2021, 11:46:20 AM
Hide and Seek | New Zloader Infection Chain Comes With Improved Stealth and Evasion Mechanisms
https://www.sentinelone.com/labs/hide-and-seek-new-zloader-infection-chain-comes-with-improved-stealth-and-evasion-mechanisms/
Title: Re: Technical
Post by: Asyn on September 20, 2021, 12:25:35 PM
FBI: $113 million lost to online romance scams this year
https://www.bleepingcomputer.com/news/security/fbi-113-million-lost-to-online-romance-scams-this-year/
Title: Re: Technical
Post by: DavidR on September 20, 2021, 07:12:50 PM
FBI: $113 million lost to online romance scams this year
https://www.bleepingcomputer.com/news/security/fbi-113-million-lost-to-online-romance-scams-this-year/

Oh that reminds me, time to check my Gmail spam folder for scammers hopping to find some gullible person.
Title: Re: Technical
Post by: Asyn on September 21, 2021, 01:05:10 PM
No Longer Just Theory: Black Lotus Labs Uncovers Linux Executables Deployed as Stealth Windows Loaders
https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/
Title: Re: Technical
Post by: Asyn on September 22, 2021, 10:49:32 AM
Free REvil ransomware master decrypter released for past victims
https://www.bleepingcomputer.com/news/security/free-revil-ransomware-master-decrypter-released-for-past-victims/
Title: Re: Technical
Post by: bob3160 on September 22, 2021, 03:01:11 PM

Introducing a new schema to track ransomware vulnerabilities
https://blog.avast.com/documenting-vulnerabilities-abused-by-ransomware-gangs-avast
Title: Re: Technical
Post by: Asyn on September 23, 2021, 10:45:45 AM
Chainalysis in Action: OFAC Sanctions Russian Cryptocurrency OTC Suex that Received Over $160 million from Ransomware Attackers, Scammers, and Darknet Markets
https://blog.chainalysis.com/reports/ofac-sanction-suex-september-2021
Title: Re: Technical
Post by: Asyn on September 24, 2021, 11:16:13 AM
TinyTurla - Turla deploys new malware to keep a secret backdoor on victim machines
https://blog.talosintelligence.com/2021/09/tinyturla.html
Title: Re: Technical
Post by: Asyn on September 25, 2021, 10:21:08 AM
Mama Always Told Me Not to Trust Strangers without Certificates
https://blog.grimm-co.com/2021/09/mama-always-told-me-not-to-trust.html
Title: Re: Technical
Post by: Asyn on September 26, 2021, 11:29:04 AM
Catching the big fish: Analyzing a large-scale phishing-as-a-service operation
https://www.microsoft.com/security/blog/2021/09/21/catching-the-big-fish-analyzing-a-large-scale-phishing-as-a-service-operation/
Title: Re: Technical
Post by: Asyn on September 27, 2021, 10:14:18 AM
FamousSparrow: A suspicious hotel guest
https://www.welivesecurity.com/2021/09/23/famoussparrow-suspicious-hotel-guest/
Title: Re: Technical
Post by: Asyn on September 28, 2021, 11:30:31 AM
EU officially blames Russia for 'Ghostwriter' hacking activities
https://www.bleepingcomputer.com/news/security/eu-officially-blames-russia-for-ghostwriter-hacking-activities/
Title: Re: Technical
Post by: Asyn on September 29, 2021, 09:16:14 AM
Financially motivated actor breaks certificate parsing to avoid detection
https://blog.google/threat-analysis-group/financially-motivated-actor-breaks-certificate-parsing-avoid-detection/
Title: Re: Technical
Post by: Asyn on September 30, 2021, 09:20:54 AM
FoggyWeb: Targeted NOBELIUM malware leads to persistent backdoor
https://www.microsoft.com/security/blog/2021/09/27/foggyweb-targeted-nobelium-malware-leads-to-persistent-backdoor/
Title: Re: Technical
Post by: Asyn on October 01, 2021, 10:14:32 AM
Microsoft WPBT flaw lets hackers install rootkits on Windows devices
https://www.bleepingcomputer.com/news/security/microsoft-wpbt-flaw-lets-hackers-install-rootkits-on-windows-devices/
Title: Re: Technical
Post by: Asyn on October 01, 2021, 05:04:56 PM
BloodyStealer and gaming assets for sale
https://securelist.com/bloodystealer-and-gaming-assets-for-sale/104319/
Title: Re: Technical
Post by: Asyn on October 02, 2021, 01:55:32 PM
FinSpy: unseen findings
https://securelist.com/finspy-unseen-findings/104322/
Title: Re: Technical
Post by: Asyn on October 03, 2021, 10:12:45 AM
Apple Pay with VISA lets hackers force payments on locked iPhones
https://www.bleepingcomputer.com/news/security/apple-pay-with-visa-lets-hackers-force-payments-on-locked-iphones/
https://practical_emv.gitlab.io/assets/practical_emv_rp.pdf
Title: Re: Technical
Post by: Asyn on October 04, 2021, 09:49:13 AM
GriftHorse Android Trojan Steals Millions from Over 10 Million Victims Globally
https://blog.zimperium.com/grifthorse-android-trojan-steals-millions-from-over-10-million-victims-globally/
Title: Re: Technical
Post by: Asyn on October 05, 2021, 10:11:05 AM
DarkHalo after SolarWinds: the Tomiris connection
https://securelist.com/darkhalo-after-solarwinds-the-tomiris-connection/104311/
Title: Re: Technical
Post by: Asyn on October 06, 2021, 10:08:39 AM
A wolf in sheep's clothing: Actors spread malware by leveraging trust in Amnesty International and fear of Pegasus
https://blog.talosintelligence.com/2021/09/fakeantipegasusamnesty.html
Title: Re: Technical
Post by: Asyn on October 06, 2021, 02:27:32 PM
US unites 30 countries to disrupt global ransomware attacks
https://www.bleepingcomputer.com/news/security/us-unites-30-countries-to-disrupt-global-ransomware-attacks/
Title: Re: Technical
Post by: Asyn on October 07, 2021, 10:14:25 AM
GhostEmperor: From ProxyLogon to kernel mode
https://securelist.com/ghostemperor-from-proxylogon-to-kernel-mode/104407/
https://media.kasperskycontenthub.com/wp-content/uploads/sites/43/2021/09/30094337/GhostEmperor_technical-details_PDF_eng.pdf
Title: Re: Technical
Post by: Asyn on October 08, 2021, 09:43:28 AM
A New variant of Hydra Banking Trojan Targeting European Banking Users
https://blog.cyble.com/2021/09/30/a-new-variant-of-hydra-banking-trojan-targeting-european-banking-users/
Title: Re: Technical
Post by: Asyn on October 08, 2021, 04:57:34 PM
RansomEXX, Fixing Corrupted Ransom
https://medium.com/proferosec-osm/ransomexx-fixing-corrupted-ransom-8e379bcaf701
Title: Re: Technical
Post by: Asyn on October 09, 2021, 09:52:26 AM
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/
Title: Re: Technical
Post by: bob3160 on October 09, 2021, 01:43:27 PM
Misconfigured Airflows Leak Thousands of Credentials from Popular Services
https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/ (https://www.intezer.com/blog/cloud-security/misconfigured-airflows-leak-credentials/)
Sounds to me like a self inflicted wound.
Title: Re: Technical
Post by: Asyn on October 10, 2021, 09:40:43 AM
Atom Silo ransomware actors use Confluence exploit, DLL side-load for stealthy attack
https://news.sophos.com/en-us/2021/10/04/atom-silo-ransomware-actors-use-confluence-exploit-dll-side-load-for-stealthy-attack/
Title: Re: Technical
Post by: Asyn on October 11, 2021, 08:46:40 AM
UEFI threats moving to the ESP: Introducing ESPecter bootkit
https://www.welivesecurity.com/2021/10/05/uefi-threats-moving-esp-introducing-especter-bootkit/
Title: Re: Technical
Post by: Asyn on October 12, 2021, 10:29:20 AM
FIN12: The Prolific Ransomware Intrusion Threat Actor That Has Aggressively Pursued Healthcare Targets
https://www.mandiant.com/resources/fin12-ransomware-intrusion-actor-pursuing-healthcare-targets
Title: Re: Technical
Post by: Asyn on October 12, 2021, 03:11:35 PM
The King is Dead, Long Live MyKings! (Part 1 of 2)
https://decoded.avast.io/janrubin/the-king-is-dead-long-live-mykings/
Title: Re: Technical
Post by: Asyn on October 13, 2021, 10:48:32 AM
The October 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/10/12/the-october-2021-security-update-review
Title: Re: Technical
Post by: Asyn on October 13, 2021, 12:28:50 PM
Study reveals Android phones constantly snoop on their users
https://www.bleepingcomputer.com/news/security/study-reveals-android-phones-constantly-snoop-on-their-users/
https://www.scss.tcd.ie/Doug.Leith/Android_privacy_report.pdf
Title: Re: Technical
Post by: Asyn on October 14, 2021, 09:41:51 AM
Vidar Stealer Abuses Mastadon Social Network
https://blog.cyberint.com/vidar-stealer-abuses-mastadon-social-network
Title: Re: Technical
Post by: Asyn on October 15, 2021, 09:35:07 AM
FontOnLake: Previously unknown malware family targeting Linux
https://www.welivesecurity.com/2021/10/07/fontonlake-previously-unknown-malware-family-targeting-linux/
https://www.welivesecurity.com/wp-content/uploads/2021/10/eset_fontonlake.pdf
Title: Re: Technical
Post by: Asyn on October 15, 2021, 01:00:55 PM
Togo: Prominent activist targeted with Indian-made spyware linked to notorious hacker group
https://www.amnesty.org/en/latest/news/2021/10/togo-activist-targeted-with-spyware-by-notorious-hacker-group/
https://www.amnesty.org/en/wp-content/uploads/2021/10/AFR5747562021ENGLISH.pdf
Title: Re: Technical
Post by: Asyn on October 16, 2021, 01:07:21 PM
Iran-linked DEV-0343 targeting defense, GIS, and maritime sectors
https://www.microsoft.com/security/blog/2021/10/11/iran-linked-dev-0343-targeting-defense-gis-and-maritime-sectors/
Title: Re: Technical
Post by: Asyn on October 17, 2021, 10:41:29 AM
Actors Target Huawei Cloud Using Upgraded Linux Malware
https://www.trendmicro.com/en_us/research/21/j/actors-target-huawei-cloud-using-upgraded-linux-malware-.html
Title: Re: Technical
Post by: Asyn on October 18, 2021, 11:49:35 AM
MysterySnail attacks with Windows zero-day
https://securelist.com/mysterysnail-attacks-with-windows-zero-day/104509/
Title: Re: Technical
Post by: bob3160 on October 18, 2021, 02:15:21 PM
Is it malware or clean? Well, it depends on a plethora of diverse features.
https://blog.avast.com/learning-framework-for-detection-of-novel-malware-avast

Title: Re: Technical
Post by: Asyn on October 19, 2021, 08:57:41 AM
Necro Python Botnet Goes After Vulnerable VisualTools DVR
https://blogs.juniper.net/en-us/threat-research/necro-python-botnet-goes-after-vulnerable-visualtools-dvr
Title: Re: Technical
Post by: Asyn on October 20, 2021, 09:53:10 AM
Countering threats from Iran
https://blog.google/threat-analysis-group/countering-threats-iran/
Title: Re: Technical
Post by: Asyn on October 20, 2021, 03:25:03 PM
New Yanluowang ransomware used in targeted attacks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-targeted-ransomware
Title: Re: Technical
Post by: Asyn on October 21, 2021, 09:34:13 AM
Governments worldwide to crack down on ransomware payment channels
https://www.bleepingcomputer.com/news/security/governments-worldwide-to-crack-down-on-ransomware-payment-channels/
Title: Re: Technical
Post by: Asyn on October 21, 2021, 02:17:58 PM
Harvester: Nation-State-Backed Group Uses New Toolset to Target Victims in South Asia
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/harvester-new-apt-attacks-asia
Title: Re: Technical
Post by: Asyn on October 22, 2021, 10:36:59 AM
Over 25% of Malicious JavaScript Is Being Obfuscated
https://www.akamai.com/blog/security/over-25-percent-of-malicious-javascript-is-being-obfuscated
Title: Re: Technical
Post by: Asyn on October 22, 2021, 02:10:29 PM
BlackByte ransomware decryptor released to recover files for free
https://www.bleepingcomputer.com/news/security/blackbyte-ransomware-decryptor-released-to-recover-files-for-free/

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-1-in-depth-analysis/
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/blackbyte-ransomware-pt-2-code-obfuscation-analysis/
Title: Re: Technical
Post by: Asyn on October 23, 2021, 11:29:08 AM
LightBasin: A Roaming Threat to Telecommunications Companies
https://www.crowdstrike.com/blog/an-analysis-of-lightbasin-telecommunications-attacks/
Title: Re: Technical
Post by: Asyn on October 24, 2021, 11:21:06 AM
Karma Ransomware | An Emerging Threat With A Hint of Nemty Pedigree
https://www.sentinelone.com/labs/karma-ransomware-an-emerging-threat-with-a-hint-of-nemty-pedigree/
Title: Re: Technical
Post by: Asyn on October 25, 2021, 01:04:45 PM
Malicious campaign uses a barrage of commodity RATs to target Afghanistan and India
https://blog.talosintelligence.com/2021/10/crimeware-targets-afghanistan-india.html
Title: Re: Technical
Post by: Asyn on October 26, 2021, 10:22:10 AM
UltimaSMS: A widespread premium SMS scam on the Google Play Store
https://blog.avast.com/premium-sms-scam-apps-on-play-store-avast
https://raw.githubusercontent.com/avast/ioc/master/UltimaSMS/UltimaSMS_IOC_19-10-2021.pdf
Title: Re: Technical
Post by: Asyn on October 26, 2021, 03:36:40 PM
Phishing campaign targets YouTube creators with cookie theft malware
https://blog.google/threat-analysis-group/phishing-campaign-targets-youtube-creators-cookie-theft-malware/
Title: Re: Technical
Post by: Asyn on October 27, 2021, 10:19:44 AM
New Gummy Browsers attack lets hackers spoof tracking profiles
https://www.bleepingcomputer.com/news/security/new-gummy-browsers-attack-lets-hackers-spoof-tracking-profiles/
http://arxiv.org/pdf/2110.10129.pdf
Title: Re: Technical
Post by: Asyn on October 27, 2021, 03:06:51 PM
PurpleFox Adds New Backdoor That Uses WebSockets
https://www.trendmicro.com/en_us/research/21/j/purplefox-adds-new-backdoor-that-uses-websockets.html
Title: Re: Technical
Post by: Asyn on October 28, 2021, 10:09:01 AM
Babuk ransomware decryptor released to recover files for free
https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/
https://files.avast.com/files/decryptor/avast_decryptor_babuk.exe

Free decryptor released for Atom Silo and LockFile ransomware
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-atom-silo-and-lockfile-ransomware/
https://files.avast.com/files/decryptor/avast_decryptor_atomsilo.exe
Title: Re: Technical
Post by: Asyn on October 28, 2021, 03:18:04 PM
Microsoft: WizardUpdate Mac malware adds new evasion tactics
https://www.bleepingcomputer.com/news/security/microsoft-wizardupdate-mac-malware-adds-new-evasion-tactics/
Title: Re: Technical
Post by: Asyn on October 28, 2021, 03:20:13 PM
Babuk ransomware decryptor released to recover files for free
https://www.bleepingcomputer.com/news/security/babuk-ransomware-decryptor-released-to-recover-files-for-free/
https://files.avast.com/files/decryptor/avast_decryptor_babuk.exe

Free decryptor released for Atom Silo and LockFile ransomware
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-atom-silo-and-lockfile-ransomware/
https://files.avast.com/files/decryptor/avast_decryptor_atomsilo.exe
Avast releases decryptor for AtomSilo and LockFile ransomware
https://decoded.avast.io/threatintel/decryptor-for-atomsilo-and-lockfile-ransomware/
Title: Re: Technical
Post by: Asyn on October 29, 2021, 10:04:18 AM
Russian-speaking cybercrime evolution: What changed from 2016 to 2021
https://securelist.com/russian-speaking-cybercrime-evolution-2016-2021/104656/
Title: Re: Technical
Post by: Asyn on October 30, 2021, 09:35:36 AM
UDP RAT Malware Being Distributed via Webhards
https://asec.ahnlab.com/en/27555/
Title: Re: Technical
Post by: Asyn on October 30, 2021, 03:47:21 PM
FTC: ISPs collect and monetize far more user data than you’d think
https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/
https://www.ftc.gov/news-events/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect
Title: Re: Technical
Post by: bob3160 on October 30, 2021, 06:25:41 PM
FTC: ISPs collect and monetize far more user data than you’d think
https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/ (https://www.bleepingcomputer.com/news/security/ftc-isps-collect-and-monetize-far-more-user-data-than-you-d-think/)
https://www.ftc.gov/news-events/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect (https://www.ftc.gov/news-events/press-releases/2021/10/ftc-staff-report-finds-many-internet-service-providers-collect)
Talk and discussion about a problem is cheap and seems to go on forever.
Action and a solution is always hard to achieve and usually only happens after some catastrophe. 
Title: Re: Technical
Post by: Asyn on October 31, 2021, 09:44:14 AM
New activity from Russian actor Nobelium
https://blogs.microsoft.com/on-the-issues/2021/10/24/new-activity-from-russian-actor-nobelium/
Title: Re: Technical
Post by: Asyn on October 31, 2021, 01:23:15 PM
Hitting the BlackMatter gang where it hurts: In the wallet
https://blog.emsisoft.com/en/39181/on-the-matter-of-blackmatter/
Title: Re: Technical
Post by: Asyn on November 01, 2021, 12:33:45 PM
Threat Advisory: Hackers Are Exploiting a Vulnerability in Popular Billing Software to Deploy Ransomware
https://www.huntress.com/blog/threat-advisory-hackers-are-exploiting-a-vulnerability-in-popular-billing-software-to-deploy-ransomware
Title: Re: Technical
Post by: Asyn on November 01, 2021, 04:35:53 PM
Spammers use Squirrelwaffle malware to drop Cobalt Strike
https://www.bleepingcomputer.com/news/security/spammers-use-squirrelwaffle-malware-to-drop-cobalt-strike/
Title: Re: Technical
Post by: Asyn on November 02, 2021, 09:48:38 AM
Fake npm Roblox API Package Installs Ransomware and has a Spooky Surprise
https://blog.sonatype.com/fake-npm-roblox-api-package-installs-ransomware-spooky-surprise
Title: Re: Technical
Post by: Asyn on November 03, 2021, 09:56:50 AM
North Korean state hackers start targeting the IT supply chain
https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/
Title: Re: Technical
Post by: bob3160 on November 03, 2021, 12:36:29 PM
North Korean state hackers start targeting the IT supply chain
https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/ (https://www.bleepingcomputer.com/news/security/north-korean-state-hackers-start-targeting-the-it-supply-chain/)
Why not, the supply chain is in such perfect shape, something need to disrupt it. (Being sarcastic)
Title: Re: Technical
Post by: Asyn on November 04, 2021, 09:34:35 AM
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/
Title: Re: Technical
Post by: bob3160 on November 04, 2021, 02:48:01 PM
Microsoft finds new macOS vulnerability, Shrootless, that could bypass System Integrity Protection
https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/ (https://www.microsoft.com/security/blog/2021/10/28/microsoft-finds-new-macos-vulnerability-shrootless-that-could-bypass-system-integrity-protection/)
Which has already been fixed provided your OS is up to date. :)
Title: Re: Technical
Post by: Asyn on November 05, 2021, 01:02:55 PM
Rooting Malware Makes a Comeback: Lookout Discovers Global Campaign
https://blog.lookout.com/lookout-discovers-global-rooting-malware-campaign
Title: Re: Technical
Post by: Asyn on November 06, 2021, 09:17:53 AM
Holy SEO Poisoning
https://www.menlosecurity.com/blog/holy-seo-poisoning/
Title: Re: Technical
Post by: Asyn on November 07, 2021, 10:18:50 AM
THREAT ANALYSIS REPORT: Snake Infostealer Malware
https://www.cybereason.com/blog/threat-analysis-report-snake-infostealer-malware
Title: Re: Technical
Post by: Asyn on November 07, 2021, 01:26:26 PM
Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse
https://www.theregister.com/2021/10/18/microsoft_malware_brand
Title: Re: Technical
Post by: bob3160 on November 07, 2021, 01:57:39 PM
Microsoft called out as big malware hoster – thanks to OneDrive and Office 365 abuse
https://www.theregister.com/2021/10/18/microsoft_malware_brand (https://www.theregister.com/2021/10/18/microsoft_malware_brand)
So where is law enforcement in all of this? Don't they also have a responsibility?
Title: Re: Technical
Post by: Asyn on November 08, 2021, 11:19:51 AM
Chaos Ransomware Variant in Fake Minecraft Alt List Brings Destruction to Japanese Gamers
https://www.fortinet.com/blog/threat-research/chaos-ransomware-variant-in-fake-minecraft-alt-list-brings-destruction
Title: Re: Technical
Post by: Asyn on November 08, 2021, 04:05:03 PM
Protect your business from password sprays with Microsoft DART recommendations
https://www.microsoft.com/security/blog/2021/10/26/protect-your-business-from-password-sprays-with-microsoft-dart-recommendations/
Title: Re: Technical
Post by: Asyn on November 09, 2021, 10:35:42 AM
Trojan Source Attacks
https://trojansource.codes/
https://trojansource.codes/trojan-source.pdf
Title: Re: Technical
Post by: Asyn on November 10, 2021, 10:38:14 AM
The November 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/11/9/the-november-2021-security-update-review
Title: Re: Technical
Post by: Asyn on November 10, 2021, 03:16:23 PM
Mekotio Banker Returns with Improved Stealth and Ancient Encryption
https://research.checkpoint.com/2021/mekotio-banker-returns-with-improved-stealth-and-ancient-encryption/
Title: Re: Technical
Post by: Asyn on November 11, 2021, 10:49:43 AM
Microsoft Exchange vulnerabilities exploited once again for ransomware, this time with Babuk
https://blog.talosintelligence.com/2021/11/babuk-exploits-exchange.html
Title: Re: Technical
Post by: Asyn on November 11, 2021, 03:56:06 PM
Targeted Attack Campaign Against ManageEngine ADSelfService Plus Delivers Godzilla Webshells, NGLite Trojan and KdcSponge Stealer
https://unit42.paloaltonetworks.com/manageengine-godzilla-nglite-kdcsponge/
Title: Re: Technical
Post by: Asyn on November 12, 2021, 11:11:05 AM
Microsoft, Cloudflare, and Google emerge as the most spam-friendly Internet Service Providers
https://atlasvpn.com/blog/microsoft-cloudflare-and-google-emerge-as-the-most-spam-friendly-internet-service-providers
Title: Re: Technical
Post by: Asyn on November 13, 2021, 10:05:45 AM
Compromised Docker Hub Accounts Abused for Cryptomining Linked to TeamTNT
https://www.trendmicro.com/en_us/research/21/k/compromised-docker-hub-accounts-abused-for-cryptomining-linked-t.html
Title: Re: Technical
Post by: Asyn on November 13, 2021, 03:14:56 PM
Who are latest targets of cyber group Lyceum?
https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns
Title: Re: Technical
Post by: DavidR on November 13, 2021, 05:37:22 PM
Who are latest targets of cyber group Lyceum?
https://www.accenture.com/us-en/blogs/cyber-defense/iran-based-lyceum-campaigns

Presumably there is an equal and measured action against national threat actors.
Title: Re: Technical
Post by: Asyn on November 14, 2021, 09:59:49 AM
Gravity RAT Malware Returns as A Chat Application
https://blog.cyble.com/2021/11/11/gravity-rat-malware-returns-as-a-chat-application/
Title: Re: Technical
Post by: Asyn on November 14, 2021, 11:53:49 AM
Microsoft will now snitch on you at work like never before
https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/
Title: Re: Technical
Post by: bob3160 on November 14, 2021, 01:07:16 PM
Microsoft will now snitch on you at work like never before
https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/ (https://www.zdnet.com/article/microsoft-will-now-snitch-on-you-at-work-like-never-before/)
Amazing how headlines always attempt ot mislead.
Does anyone really assume that when they work for someone else that the employer
doesn't have a right to know what you're doing on behalf of the employer's company?
How many insider hacks have just been in the news?
Title: Re: Technical
Post by: Asyn on November 14, 2021, 04:39:02 PM
TA505 exploits SolarWinds Serv-U vulnerability (CVE-2021-35211) for initial access
https://research.nccgroup.com/2021/11/08/ta505-exploits-solarwinds-serv-u-vulnerability-cve-2021-35211-for-initial-access/
Title: Re: Technical
Post by: Asyn on November 15, 2021, 09:50:05 AM
Threat Spotlight: Bait attacks
https://blog.barracuda.com/2021/11/10/threat-spotlight-bait-attacks/
Title: Re: Technical
Post by: Asyn on November 15, 2021, 12:36:44 PM
THREAT ANALYSIS REPORT: From Shathak Emails to the Conti Ransomware
https://www.cybereason.com/blog/threat-analysis-report-from-shatak-emails-to-the-conti-ransomware
Title: Re: Technical
Post by: Asyn on November 16, 2021, 09:37:04 AM
PhoneSpy: The App-Based Cyberattack Snooping South Korean Citizens
https://blog.zimperium.com/phonespy-the-app-based-cyberattack-snooping-south-korean-citizens/
Title: Re: Technical
Post by: Asyn on November 16, 2021, 11:11:59 AM
DirtyMoe: Deployment
https://decoded.avast.io/martinchlumecky/dirtymoe-4/

https://decoded.avast.io/martinchlumecky/dirtymoe-3/
https://decoded.avast.io/martinchlumecky/dirtymoe-rootkit-driver/
https://decoded.avast.io/martinchlumecky/dirtymoe-1/
Title: Re: Technical
Post by: Asyn on November 16, 2021, 03:08:03 PM
Avast Threat Labs releases Q3 2021 Threat Report
https://blog.avast.com/avast-threat-labs-q3-report-avast
https://decoded.avast.io/threatresearch/avast-q321-threat-report/
Title: Re: Technical
Post by: Asyn on November 17, 2021, 10:26:38 AM
The Invisible JavaScript Backdoor
https://certitude.consulting/blog/en/invisible-backdoor/
Title: Re: Technical
Post by: Asyn on November 17, 2021, 04:20:09 PM
BazarLoader ‘call me back’ attack abuses Windows 10 Apps mechanism
https://news.sophos.com/en-us/2021/11/11/bazarloader-call-me-back-attack-abuses-windows-10-apps-mechanism/
Title: Re: Technical
Post by: Asyn on November 18, 2021, 09:35:21 AM
AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits
Title: Re: Technical
Post by: bob3160 on November 18, 2021, 01:47:14 PM
AT&T Alien Labs finds new Golang malware (BotenaGo) targeting millions of routers and IoT devices with more than 30 exploits
https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits (https://cybersecurity.att.com/blogs/labs-research/att-alien-labs-finds-new-golang-malwarebotenago-targeting-millions-of-routers-and-iot-devices-with-more-than-30-exploits)
The important thing to notice is that Avast is one of the 6 Security companies that
detects this vulnerability.
Title: Re: Technical
Post by: Asyn on November 19, 2021, 09:38:53 AM
QAKBOT Loader Returns With New Techniques and Tools
https://www.trendmicro.com/en_us/research/21/k/qakbot-loader-returns-with-new-techniques-and-tools.html
Title: Re: Technical
Post by: Asyn on November 19, 2021, 11:25:15 AM
A Peek into Top-Level Domains and Cybercrime
https://unit42.paloaltonetworks.com/top-level-domains-cybercrime/
Title: Re: Technical
Post by: Asyn on November 20, 2021, 09:46:31 AM
HTML smuggling surges: Highly evasive loader technique increasingly used in banking malware, targeted attacks
https://www.microsoft.com/security/blog/2021/11/11/html-smuggling-surges-highly-evasive-loader-technique-increasingly-used-in-banking-malware-targeted-attacks/
Title: Re: Technical
Post by: Asyn on November 20, 2021, 12:59:19 PM
BrazKing Android Malware Upgraded and Targeting Brazilian Banks
https://securityintelligence.com/posts/brazking-android-malware-upgraded-targeting-brazilian-banks/
Title: Re: Technical
Post by: Asyn on November 21, 2021, 10:03:05 AM
Blacksmith
https://comsec.ethz.ch/research/dram/blacksmith/
https://comsec.ethz.ch/wp-content/files/blacksmith_sp22.pdf
Title: Re: Technical
Post by: Asyn on November 21, 2021, 10:58:48 AM
Uncovering MosesStaff techniques: Ideology over Money
https://research.checkpoint.com/2021/mosesstaff-targeting-israeli-companies/
Title: Re: Technical
Post by: Asyn on November 22, 2021, 10:26:24 AM
Guess who’s back
https://cyber.wtf/2021/11/15/guess-whos-back/
Title: Re: Technical
Post by: Asyn on November 22, 2021, 12:20:34 PM
Evolving trends in Iranian threat actor activity – MSTIC presentation at CyberWarCon 2021
https://www.microsoft.com/security/blog/2021/11/16/evolving-trends-in-iranian-threat-actor-activity-mstic-presentation-at-cyberwarcon-2021/
Title: Re: Technical
Post by: Asyn on November 23, 2021, 09:48:59 AM
Linux malware agent hits eCommerce sites
https://sansec.io/research/ecommerce-malware-linux-avp
Title: Re: Technical
Post by: Asyn on November 23, 2021, 02:25:01 PM
New ransomware actor uses password-protected archives to bypass encryption protection
https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/
Title: Re: Technical
Post by: bob3160 on November 23, 2021, 03:15:38 PM
New ransomware actor uses password-protected archives to bypass encryption protection
https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/ (https://news.sophos.com/en-us/2021/11/18/new-ransomware-actor-uses-password-protected-archives-to-bypass-encryption-protection/)
What's not explained is how the payload got to the system in the first place. Unless I missed that?
Title: Re: Technical
Post by: Asyn on November 24, 2021, 10:58:33 AM
Seeing Red
https://www.domaintools.com/resources/blog/seeing-red?
Title: Re: Technical
Post by: Asyn on November 24, 2021, 05:21:28 PM
Triple Threat: North Korea-Aligned TA406 Scams, Spies, and Steals
https://www.proofpoint.com/us/blog/threat-insight/triple-threat-north-korea-aligned-ta406-scams-spies-and-steals
https://www.proofpoint.com/sites/default/files/threat-reports/pfpt-us-tr-threat-insight-paper-triple-threat-N-Korea-aligned-TA406-steals-scams-spies.pdf
Title: Re: Technical
Post by: Asyn on November 25, 2021, 09:35:06 AM
Squirrelwaffle Exploits ProxyShell and ProxyLogon to Hijack Email Chains
https://www.trendmicro.com/en_us/research/21/k/Squirrelwaffle-Exploits-ProxyShell-and-ProxyLogon-to-Hijack-Email-Chains.html
Title: Re: Technical
Post by: Asyn on November 25, 2021, 04:49:50 PM
Threat actors find and compromise exposed services in 24 hours
https://www.bleepingcomputer.com/news/security/threat-actors-find-and-compromise-exposed-services-in-24-hours/
Title: Re: Technical
Post by: Asyn on November 26, 2021, 09:54:12 AM
You Overtrust Your Printer
https://arxiv.org/pdf/2111.10645.pdf
Title: Re: Technical
Post by: Asyn on November 27, 2021, 10:26:33 AM
RATDispenser: Stealthy JavaScript Loader Dispensing RATs into the Wild
https://threatresearch.ext.hp.com/javascript-malware-dispensing-rats-into-the-wild/
Title: Re: Technical
Post by: Asyn on November 28, 2021, 09:54:06 AM
Looking for vulnerabilities in MediaTek audio DSP
https://research.checkpoint.com/2021/looking-for-vulnerabilities-in-mediatek-audio-dsp/
Title: Re: Technical
Post by: Asyn on November 29, 2021, 10:35:59 AM
CronRAT malware hides behind February 31st
https://sansec.io/research/cronrat
Title: Re: Technical
Post by: Asyn on November 30, 2021, 09:38:30 AM
Babadeda Crypter targeting crypto, NFT, and DeFi communities
https://blog.morphisec.com/the-babadeda-crypter-targeting-crypto-nft-defi-communities
Title: Re: Technical
Post by: Asyn on December 01, 2021, 10:27:20 AM
TrickBot phishing checks screen resolution to evade researchers
https://www.bleepingcomputer.com/news/security/trickbot-phishing-checks-screen-resolution-to-evade-researchers/
Title: Re: Technical
Post by: Asyn on December 02, 2021, 09:42:29 AM
ScarCruft surveilling North Korean defectors and human rights activists
https://securelist.com/scarcruft-surveilling-north-korean-defectors-and-human-rights-activists/105074/
Title: Re: Technical
Post by: Asyn on December 03, 2021, 09:52:19 AM
Doctor Web discovered vulnerabilities in children’s smart watches
https://news.drweb.com/show/?i=14350&lng=en
Title: Re: Technical
Post by: Asyn on December 03, 2021, 11:57:03 AM
The King is Dead, Long Live MyKings! (Part 1 of 2)
https://decoded.avast.io/janrubin/the-king-is-dead-long-live-mykings/
CoinHelper hides in repackaged installers of software, Windows 11, games, and antivirus
https://blog.avast.com/coinhelper-research-avast
https://decoded.avast.io/janrubin/toss-a-coin-to-your-helper/
Title: Re: Technical
Post by: Asyn on December 04, 2021, 10:24:14 AM
Deceive the Heavens to Cross the sea
https://threatfabric.com/blogs/deceive-the-heavens-to-cross-the-sea.html
Title: Re: Technical
Post by: Asyn on December 04, 2021, 06:10:54 PM
Russian internet watchdog announces ban of six more VPN products
https://www.bleepingcomputer.com/news/legal/russian-internet-watchdog-announces-ban-of-six-more-vpn-products/
Title: Re: Technical
Post by: Asyn on December 05, 2021, 10:45:35 AM
Yanluowang: Further Insights on New Ransomware Threat
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/yanluowang-ransomware-attacks-continue
Title: Re: Technical
Post by: Asyn on December 05, 2021, 02:05:04 PM
Banking Trojan Targets Banking Users in Malaysia
https://blog.cyble.com/2021/12/01/banking-trojan-targets-banking-users-in-malaysia/
Title: Re: Technical
Post by: Asyn on December 06, 2021, 09:19:18 AM
ProxyShell exploitation leads to BlackByte ransomware
https://redcanary.com/blog/blackbyte-ransomware/
Title: Re: Technical
Post by: Asyn on December 06, 2021, 01:01:56 PM
Nine WiFi routers used by millions were vulnerable to 226 flaws
https://www.bleepingcomputer.com/news/security/nine-wifi-routers-used-by-millions-were-vulnerable-to-226-flaws/
https://www.iot-inspector.com/blog/router-security-check-2021/
Title: Re: Technical
Post by: Asyn on December 07, 2021, 09:48:56 AM
Injection is the New Black: Novel RTF Template Inject Technique Poised for Widespread Adoption Beyond APT Actors
https://www.proofpoint.com/us/blog/threat-insight/injection-new-black-novel-rtf-template-inject-technique-poised-widespread
Title: Re: Technical
Post by: Asyn on December 07, 2021, 02:39:53 PM
Top 2021 threats include ransomware, pandemic-related scams, and fleeceware
https://blog.avast.com/2021-year-in-review-avast
Title: Re: Technical
Post by: Asyn on December 07, 2021, 03:50:19 PM
Malicious Excel XLL add-ins push RedLine password-stealing malware
https://www.bleepingcomputer.com/news/security/malicious-excel-xll-add-ins-push-redline-password-stealing-malware/
Title: Re: Technical
Post by: bob3160 on December 07, 2021, 06:34:33 PM
Top 2021 threats include ransomware, pandemic-related scams, and fleeceware
https://blog.avast.com/2021-year-in-review-avast (https://blog.avast.com/2021-year-in-review-avast)
Avast - 2021 Year in Review
(https://d1ka0itfguscri.cloudfront.net/Lh/2021/12/07/17/28/crlibuV2ox3/preview.jpg)
https://youtu.be/VImww4Hf7Zo (https://youtu.be/VImww4Hf7Zo)
A look back by Avast at the threat landscape of 2021
Credits for this article go to Grace Macej.
https://blog.avast.com/author/grace-macej
Title: Re: Technical
Post by: Asyn on December 08, 2021, 10:47:10 AM
APT Expands Attack on ManageEngine With Active Campaign Against ServiceDesk Plus
https://unit42.paloaltonetworks.com/tiltedtemple-manageengine-servicedesk-plus/
Title: Re: Technical
Post by: Asyn on December 09, 2021, 09:21:15 AM
Tor’s main site blocked in Russia as censorship widens
https://www.bleepingcomputer.com/news/security/tor-s-main-site-blocked-in-russia-as-censorship-widens/
https://blog.torproject.org/tor-censorship-in-russia/
Title: Re: Technical
Post by: Asyn on December 09, 2021, 05:11:26 PM
NginRAT parasite targets Nginx
https://sansec.io/research/nginrat
Title: Re: Technical
Post by: Asyn on December 10, 2021, 10:11:56 AM
Mobile banking fraud: BRATA strikes again
https://www.cleafy.com/cleafy-labs/mobile-banking-fraud-brata-strikes-again
Title: Re: Technical
Post by: Asyn on December 10, 2021, 11:36:23 AM
14 new attacks on web browsers detected
https://news.rub.de/english/press-releases/2021-12-02-it-security-14-new-attacks-web-browsers-detected
https://xsinator.com/
https://xsinator.com/paper.pdf
Title: Re: Technical
Post by: Asyn on December 11, 2021, 01:26:28 PM
Is “KAX17” performing de-anonymization Attacks against Tor Users?
https://nusenu.medium.com/is-kax17-performing-de-anonymization-attacks-against-tor-users-42e566defce8
Title: Re: Technical
Post by: Asyn on December 11, 2021, 05:43:58 PM
Suspected Russian Activity Targeting Government and Business Entities Around the Globe
https://www.mandiant.com/resources/russian-targeting-gov-business
Title: Re: Technical
Post by: Asyn on December 12, 2021, 10:28:06 AM
Protecting people from recent cyberattacks
https://blogs.microsoft.com/on-the-issues/2021/12/06/cyberattacks-nickel-dcu-china/
Title: Re: Technical
Post by: Asyn on December 13, 2021, 11:00:24 AM
Windows 10 RCE: The exploit is in the link
https://positive.security/blog/ms-officecmd-rce
Title: Re: Technical
Post by: Asyn on December 13, 2021, 01:50:53 PM
Mirai-based Botnet - Moobot Targets Hikvision Vulnerability
https://www.fortinet.com/blog/threat-research/mirai-based-botnet-moobot-targets-hikvision-vulnerability
Title: Re: Technical
Post by: Asyn on December 14, 2021, 09:40:41 AM
Disrupting the Glupteba operation
https://blog.google/threat-analysis-group/disrupting-glupteba-operation/
Title: Re: Technical
Post by: Asyn on December 14, 2021, 02:32:51 PM
New Cerber ransomware targets Confluence and GitLab servers
https://www.bleepingcomputer.com/news/security/new-cerber-ransomware-targets-confluence-and-gitlab-servers/
Title: Re: Technical
Post by: Asyn on December 15, 2021, 09:37:01 AM
Technical Advisory: Zero-day critical vulnerability in Log4j2 exploited in the wild
https://businessinsights.bitdefender.com/technical-advisory-zero-day-critical-vulnerability-in-log4j2-exploited-in-the-wild
Title: Re: Technical
Post by: Asyn on December 15, 2021, 10:25:56 AM
The December 2021 Security Update Review
https://www.zerodayinitiative.com/blog/2021/12/14/the-december-2021-security-update-review
Title: Re: Technical
Post by: Asyn on December 16, 2021, 10:45:15 AM
USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/
Title: Re: Technical
Post by: Asyn on December 16, 2021, 01:34:12 PM
STOP Ransomware vaccine released to block encryption
https://www.bleepingcomputer.com/news/security/stop-ransomware-vaccine-released-to-block-encryption/
https://github.com/struppigel/STOP-DJVU-Ransomware-Vaccine
Title: Re: Technical
Post by: bob3160 on December 16, 2021, 01:52:49 PM
USB Over Ethernet | Multiple Vulnerabilities in AWS and Other Major Cloud Services
https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/ (https://www.sentinelone.com/labs/usb-over-ethernet-multiple-privilege-escalation-vulnerabilities-in-aws-and-other-major-cloud-services/)
It's important to point out the following:

Vendors have released security updates to address these vulnerabilities.
Some of these are automatically applied while others require customer actions.
At this time, SentinelLabs has not discovered evidence of in-the-wild abuse.
The headline alone isn't always the best news source and can quite often be misleading.
Title: Re: Technical
Post by: Asyn on December 17, 2021, 10:44:42 AM
WooCommerce Credit Card Swiper Injected Into Random Plugin Files
https://blog.sucuri.net/2021/12/woocommerce-credit-card-swiper-injected-into-random-plugin-files.html
Title: Re: Technical
Post by: Asyn on December 17, 2021, 12:17:34 PM
ALPHV BlackCat - This year's most sophisticated ransomware
https://www.bleepingcomputer.com/news/security/alphv-blackcat-this-years-most-sophisticated-ransomware/
Title: Re: Technical
Post by: Asyn on December 18, 2021, 10:41:40 AM
MANGA aka Dark Mirai-based Campaign Targets New TP-Link Router RCE Vulnerability
https://www.fortinet.com/blog/threat-research/manga-aka-dark-mirai-based-campaign-targets-new-tp-link-router-rce-vulnerability
Title: Re: Technical
Post by: Asyn on December 18, 2021, 04:25:21 PM
Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks
https://www.proofpoint.com/us/blog/cloud-security/microsoft-and-github-oauth-implementation-vulnerabilities-lead-redirection
Title: Re: Technical
Post by: Asyn on December 19, 2021, 09:56:48 AM
When Honey Bees Become Murder Hornets
https://eclypsium.com/2021/12/09/when-honey-bees-become-murder-hornets/
https://eclypsium.com/wp-content/uploads/2021/12/When_Honey_Bees_Become_Murder_Hornets.pdf
Title: Re: Technical
Post by: Asyn on December 19, 2021, 02:09:04 PM
Guidance for preventing, detecting, and hunting for CVE-2021-44228 Log4j 2 exploitation
https://www.microsoft.com/security/blog/2021/12/11/guidance-for-preventing-detecting-and-hunting-for-cve-2021-44228-log4j-2-exploitation/
Title: Re: Technical
Post by: Asyn on December 20, 2021, 09:36:00 AM
Karakurt rises from its lair
https://www.accenture.com/us-en/blogs/cyber-defense/karakurt-threat-mitigation
Title: Re: Technical
Post by: Asyn on December 20, 2021, 12:57:36 PM
Avast Finds Backdoor on US Government Commission Network
https://decoded.avast.io/threatintel/avast-finds-backdoor-on-us-government-commission-network/
Title: Re: Technical
Post by: Asyn on December 21, 2021, 10:02:19 AM
TinyNuke Banking Malware Targets French Entities
https://www.proofpoint.com/us/blog/threat-insight/tinynuke-banking-malware-targets-french-entities
Title: Re: Technical
Post by: Asyn on December 21, 2021, 12:13:28 PM
A closer look at Qakbot’s latest building blocks (and how to knock them down)
https://www.microsoft.com/security/blog/2021/12/09/a-closer-look-at-qakbots-latest-building-blocks-and-how-to-knock-them-down/
Title: Re: Technical
Post by: Asyn on December 22, 2021, 09:49:31 AM
Phishing Campaign Targeting Korean to Deliver Agent Tesla New Variant
https://www.fortinet.com/blog/threat-research/phishing-campaign-targeting-korean-to-deliver-agent-tesla-new-variant
Title: Re: Technical
Post by: Asyn on December 22, 2021, 12:02:00 PM
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/
https://arxiv.org/pdf/2112.05719.pdf
Title: Re: Technical
Post by: bob3160 on December 22, 2021, 02:15:30 PM
Bugs in billions of WiFi, Bluetooth chips allow password, data theft
https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/ (https://www.bleepingcomputer.com/news/security/bugs-in-billions-of-wifi-bluetooth-chips-allow-password-data-theft/)
https://arxiv.org/pdf/2112.05719.pdf (https://arxiv.org/pdf/2112.05719.pdf)
Also covered here, https://youtu.be/AKUHgwwPi3I
Title: Re: Technical
Post by: Asyn on December 23, 2021, 09:53:02 AM
Driver-Based Attacks: Past and Present
https://www.rapid7.com/blog/post/2021/12/13/driver-based-attacks-past-and-present/
Title: Re: Technical
Post by: Asyn on December 23, 2021, 04:14:08 PM
Espionage Campaign Targets Telecoms Organizations across Middle East and Asia
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/espionage-campaign-telecoms-asia-middle-east
Title: Re: Technical
Post by: Asyn on December 24, 2021, 11:29:31 AM
Catching malware red-handed: Behavioral threat fingerprinting
https://blog.avast.com/behavioral-threat-fingerprinting-avast
Title: Re: Technical
Post by: Asyn on December 25, 2021, 11:15:01 AM
Owowa: the add-on that turns your OWA into a credential stealer and remote access panel
https://securelist.com/owowa-credential-stealer-and-remote-access/105219/
Title: Re: Technical
Post by: Asyn on December 25, 2021, 12:36:19 PM
Magecart Skimmers Are Alive and Well – Constant Vigilance Is Required
https://www.akamai.com/blog/security/magecart-skimmers-are-alive-and-well-constant-vigilance-is-required
Title: Re: Technical
Post by: Asyn on December 25, 2021, 02:12:41 PM
Log4j Vulnerability: Attackers Shift Focus From LDAP to RMI
https://blogs.juniper.net/en-us/threat-research/log4j-vulnerability-attackers-shift-focus-from-ldap-to-rmi
Title: Re: Technical
Post by: Asyn on December 26, 2021, 11:07:25 AM
Large-scale phishing study shows who bites the bait more often
https://www.bleepingcomputer.com/news/security/large-scale-phishing-study-shows-who-bites-the-bait-more-often/
http://arxiv.org/pdf/2112.07498.pdf
Title: Re: Technical
Post by: Asyn on December 27, 2021, 09:11:11 AM
A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-into-nso-zero-click.html
Title: Re: Technical
Post by: Asyn on December 27, 2021, 11:10:16 AM
DarkWatchman: A new evolution in fileless techniques.
https://www.prevailion.com/darkwatchman-new-fileness-techniques/
Title: Re: Technical
Post by: Asyn on December 27, 2021, 01:24:30 PM
How does your location affect your online privacy?
https://blog.avast.com/location-and-online-privacy-avast
Title: Re: Technical
Post by: Asyn on December 28, 2021, 09:39:09 AM
Phorpiex botnet returns with new tricks making it harder to disrupt
https://www.bleepingcomputer.com/news/security/phorpiex-botnet-returns-with-new-tricks-making-it-harder-to-disrupt/
Title: Re: Technical
Post by: Asyn on December 28, 2021, 01:28:11 PM
Understanding the Impact of Apache Log4j Vulnerability
https://security.googleblog.com/2021/12/understanding-impact-of-apache-log4j.html
Title: Re: Technical
Post by: bob3160 on December 28, 2021, 01:35:07 PM

Countering disinformation requires a more coordinated approach.
https://blog.avast.com/countering-disinformation-report-avast
Title: Re: Technical
Post by: Asyn on December 28, 2021, 04:47:59 PM
Pegasus vs. Predator Dissident’s Doubly-Infected iPhone Reveals Cytrox Mercenary Spyware
https://citizenlab.ca/2021/12/pegasus-vs-predator-dissidents-doubly-infected-iphone-reveals-cytrox-mercenary-spyware/
Title: Re: Technical
Post by: Asyn on December 29, 2021, 10:47:31 AM
For you only: scammers invent new targeted tools to amplify fraud schemes
https://www.group-ib.com/media/target-links-2021/
Title: Re: Technical
Post by: Asyn on December 29, 2021, 02:12:16 PM
Honeypot experiment reveals what hackers want from IoT devices
https://www.bleepingcomputer.com/news/security/honeypot-experiment-reveals-what-hackers-want-from-iot-devices/
https://arxiv.org/pdf/2112.10974.pdf
Title: Re: Technical
Post by: Asyn on December 30, 2021, 09:38:59 AM
NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
https://blog.wiz.io/azure-app-service-source-code-leak/
Title: Re: Technical
Post by: Asyn on December 31, 2021, 09:32:36 AM
MS Teams: 1 feature, 4 vulnerabilities
https://positive.security/blog/ms-teams-1-feature-4-vulns
Title: Re: Technical
Post by: Asyn on January 01, 2022, 10:33:32 AM
Malicious App Targets Major Brazilian Bank Itaú Unibanco
https://blog.cyble.com/2021/12/23/malicious-app-targets-major-brazilian-bank-itau-unibanco/
Title: Re: Technical
Post by: Asyn on January 01, 2022, 01:14:13 PM
Improve kernel security with the new Microsoft Vulnerable and Malicious Driver Reporting Center
https://www.microsoft.com/security/blog/2021/12/08/improve-kernel-security-with-the-new-microsoft-vulnerable-and-malicious-driver-reporting-center/
Title: Re: Technical
Post by: Asyn on January 02, 2022, 10:19:30 AM
Elastic Security uncovers BLISTER malware campaign
https://www.elastic.co/de/blog/elastic-security-uncovers-blister-malware-campaign
Title: Re: Technical
Post by: Asyn on January 02, 2022, 12:26:25 PM
Avos Locker remotely accesses boxes, even running in Safe Mode
https://news.sophos.com/en-us/2021/12/22/avos-locker-remotely-accesses-boxes-even-running-in-safe-mode/
Title: Re: Technical
Post by: Asyn on January 03, 2022, 09:42:53 AM
New Rook Ransomware Feeds Off the Code of Babuk
https://www.sentinelone.com/labs/new-rook-ransomware-feeds-off-the-code-of-babuk/
Title: Re: Technical
Post by: Asyn on January 04, 2022, 10:30:45 AM
Redline Stealer Targeting Accounts Saved to Web Browser with Automatic Login Feature Included
https://asec.ahnlab.com/en/29885/
Title: Re: Technical
Post by: Asyn on January 05, 2022, 11:20:50 AM
Strategically Aged Domain Detection: Capture APT Attacks With DNS Traffic Trends
https://unit42.paloaltonetworks.com/strategically-aged-domain-detection/
Title: Re: Technical
Post by: Asyn on January 05, 2022, 03:49:12 PM
New ways to phish found by academic researchers
https://blog.avast.com/discovering-new-ways-to-phish-avast
https://catching-transparent-phish.github.io/catching_transparent_phish.pdf
Title: Re: Technical
Post by: Asyn on January 06, 2022, 12:33:32 PM
Firmware attack can drop persistent malware in hidden SSD area
https://www.bleepingcomputer.com/news/security/firmware-attack-can-drop-persistent-malware-in-hidden-ssd-area/
Title: Re: Technical
Post by: Asyn on January 06, 2022, 05:57:02 PM
Malicious Telegram Installer Drops Purple Fox Rootkit
https://blog.minerva-labs.com/malicious-telegram-installer-drops-purple-fox-rootkit
Title: Re: Technical
Post by: Asyn on January 07, 2022, 10:35:36 AM
A New Web Skimmer Campaign Targets Real Estate Websites Through Attacking Cloud Video Distribution Supply Chain
https://unit42.paloaltonetworks.com/web-skimmer-video-distribution/
Title: Re: Technical
Post by: Asyn on January 07, 2022, 01:19:48 PM
Night Sky is the latest ransomware targeting corporate networks
https://www.bleepingcomputer.com/news/security/night-sky-is-the-latest-ransomware-targeting-corporate-networks/
Title: Re: Technical
Post by: Asyn on January 08, 2022, 10:17:42 AM
Can You Trust a File’s Digital Signature? New Zloader Campaign exploits Microsoft’s Signature Verification putting users at risk
https://research.checkpoint.com/2022/can-you-trust-a-files-digital-signature-new-zloader-campaign-exploits-microsofts-signature-verification-putting-users-at-risk/
Title: Re: Technical
Post by: Asyn on January 09, 2022, 09:47:53 AM
Persistence without “Persistence”: Meet The Ultimate Persistence Bug – “NoReboot”
https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/
Title: Re: Technical
Post by: Asyn on January 09, 2022, 01:14:44 PM
FluBot’s Authors Employ Creative and Sophisticated Techniques to Achieve Their Goals in Version 5.0 and Beyond
https://www.f5.com/labs/articles/threat-intelligence/flubots-authors-employ-creative-and-sophisticated-techniques-to-achieve-their-goals-in-version-50-and-beyond
Title: Re: Technical
Post by: Asyn on January 10, 2022, 09:59:52 AM
Elephant Beetle: Uncovering an Organized Financial-Theft Operation
https://blog.sygnia.co/elephant-beetle-an-organized-financial-theft-operation
Title: Re: Technical
Post by: Asyn on January 10, 2022, 12:11:37 PM
Google Docs commenting feature exploited for spear-phishing
https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/
Title: Re: Technical
Post by: bob3160 on January 10, 2022, 01:19:40 PM
Google Docs commenting feature exploited for spear-phishing
https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/ (https://www.bleepingcomputer.com/news/security/google-docs-commenting-feature-exploited-for-spear-phishing/)
Any comments I receive are checked. Any comments that contain links of any kind are deleted.
Title: Re: Technical
Post by: Asyn on January 11, 2022, 10:23:19 AM
Patchwork APT caught in its own web
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/
Title: Re: Technical
Post by: bob3160 on January 11, 2022, 03:42:20 PM
Patchwork APT caught in its own web
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ (https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/)
Sounds like they got bitten by a RAT. :)
Title: Re: Technical
Post by: Asyn on January 11, 2022, 04:27:29 PM
Patchwork APT caught in its own web
https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/ (https://blog.malwarebytes.com/threat-intelligence/2022/01/patchwork-apt-caught-in-its-own-web/)
Sounds like they got bitten by a RAT. :)
Yep. 8)
Title: Re: Technical
Post by: Asyn on January 12, 2022, 11:27:05 AM
The January 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/1/11/the-january-2022-security-update-review
Title: Re: Technical
Post by: Asyn on January 12, 2022, 03:06:44 PM
Trojanized dnSpy app drops malware cocktail on researchers, devs
https://www.bleepingcomputer.com/news/security/trojanized-dnspy-app-drops-malware-cocktail-on-researchers-devs/
Title: Re: Technical
Post by: Asyn on January 13, 2022, 10:52:21 AM
New macOS vulnerability, “powerdir,” could lead to unauthorized user data access
https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/
Title: Re: Technical
Post by: Asyn on January 13, 2022, 03:48:38 PM
COVID Omicron Variant Lure Used to Distribute RedLine Stealer
https://www.fortinet.com/blog/threat-research/omicron-variant-lure-used-to-distribute-redline-stealer
Title: Re: Technical
Post by: Asyn on January 14, 2022, 10:14:25 AM
APT35 exploits Log4j vulnerability to distribute new modular PowerShell toolkit
https://research.checkpoint.com/2022/apt35-exploits-log4j-vulnerability-to-distribute-new-modular-powershell-toolkit/
Title: Re: Technical
Post by: Asyn on January 14, 2022, 02:22:32 PM
Don’t Trust This Title: Abusing Terminal Emulators with ANSI Escape Characters
https://www.cyberark.com/resources/threat-research-blog/dont-trust-this-title-abusing-terminal-emulators-with-ansi-escape-characters
Title: Re: Technical
Post by: Asyn on January 14, 2022, 04:19:16 PM
Exploit Kits vs. Google Chrome
https://decoded.avast.io/janvojtesek/exploit-kits-vs-google-chrome/
Title: Re: Technical
Post by: Asyn on January 15, 2022, 10:11:34 AM
Using machine learning for the fast verification of contested antivirus decisions
https://blog.avast.com/machine-learning-for-contested-antivirus-decisions-avast
Title: Re: Technical
Post by: Asyn on January 16, 2022, 11:22:24 AM
New SysJoker Backdoor Targets Windows, Linux, and macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/
Title: Re: Technical
Post by: bob3160 on January 16, 2022, 02:21:37 PM
New SysJoker Backdoor Targets Windows, Linux, and macOS
https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/ (https://www.intezer.com/blog/malware-analysis/new-backdoor-sysjoker/)
Avast has your back on this one. :)
Title: Re: Technical
Post by: Asyn on January 16, 2022, 06:11:29 PM
Researchers develop CAPTCHA solver to aid dark web research
https://www.bleepingcomputer.com/news/security/researchers-develop-captcha-solver-to-aid-dark-web-research/
Title: Re: Technical
Post by: Asyn on January 17, 2022, 09:06:34 AM
Magniber Ransomware Being Distributed via Microsoft Edge and Google Chrome
https://asec.ahnlab.com/en/30645/
Title: Re: Technical
Post by: Asyn on January 18, 2022, 11:36:51 AM
TellYouThePass Ransomware Analysis Reveals a Modern Reinterpretation Using Golang
https://www.crowdstrike.com/blog/tellyouthepass-ransomware-analysis-reveals-modern-reinterpretation-using-golang/
Title: Re: Technical
Post by: Asyn on January 19, 2022, 09:54:55 AM
Abusing Microsoft Office Using Malicious Web Archive Files
https://www.netskope.com/blog/abusing-microsoft-office-using-malicious-web-archive-files
Title: Re: Technical
Post by: Asyn on January 20, 2022, 09:34:39 AM
The BlueNoroff cryptocurrency hunt is still on
https://securelist.com/the-bluenoroff-cryptocurrency-hunt-is-still-on/105488/
Title: Re: Technical
Post by: Asyn on January 20, 2022, 12:55:54 PM
Linux-Targeted Malware Increases by 35% in 2021: XorDDoS, Mirai and Mozi Most Prevalent
https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/
Title: Re: Technical
Post by: kitmubet on January 20, 2022, 03:41:26 PM
found this on malwaretips (Im not a forum member there just saw this)
MoonBounce: the dark side of UEFI firmware
forum thread
https://malwaretips.com/threads/moonbounce-the-dark-side-of-uefi-firmware.112056/
source article link
https://securelist.com/moonbounce-the-dark-side-of-uefi-firmware/105468/
Title: Re: Technical
Post by: Asyn on January 21, 2022, 10:13:38 AM
Destructive malware targeting Ukrainian organizations
https://www.microsoft.com/security/blog/2022/01/15/destructive-malware-targeting-ukrainian-organizations/
Title: Re: Technical
Post by: Asyn on January 21, 2022, 12:40:33 PM
DHL Replaces Microsoft as Most Imitated Brand in Phishing Attempts in Q4 2021
https://blog.checkpoint.com/2022/01/17/dhl-replaces-microsoft-as-most-imitated-brand-in-phishing-attempts-in-q4-2021/
Title: Re: Technical
Post by: Asyn on January 22, 2022, 10:09:27 AM
Exploiting IndexedDB API information leaks in Safari 15
https://fingerprintjs.com/blog/indexeddb-api-browser-vulnerability-safari-15/
Title: Re: Technical
Post by: Asyn on January 22, 2022, 02:14:07 PM
New Ransomware Spotted: White Rabbit and Its Evasion Tactics
https://www.trendmicro.com/en_us/research/22/a/new-ransomware-spotted-white-rabbit-and-its-evasion-tactics.html
Title: Re: Technical
Post by: Asyn on January 23, 2022, 10:00:04 AM
Poking Holes in Crypto-Wallets: A Short Analysis of BHUNT Stealer
https://www.bitdefender.com/blog/labs/poking-holes-in-crypto-wallets-a-short-analysis-of-bhunt-stealer/
Title: Re: Technical
Post by: Asyn on January 23, 2022, 04:55:25 PM
Why you shouldn’t set these 25 Windows policies
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/why-you-shouldn-t-set-these-25-windows-policies/ba-p/3066178
Title: Re: Technical
Post by: Asyn on January 24, 2022, 09:32:18 AM
Fresh Phish: Phishers Lure Victims with Fake Invites to Bid on Nonexistent Federal Projects
https://www.inky.com/blog/fresh-phish-phishers-lure-victims-with-fake-invites-to-bid-on-nonexistent-federal-projects
Title: Re: Technical
Post by: Asyn on January 24, 2022, 01:21:40 PM
Dare to dream: A new way to advertise online
https://blog.avast.com/a-new-way-to-advertise-online-avast
Title: Re: Technical
Post by: bob3160 on January 24, 2022, 02:10:13 PM
Dare to dream: A new way to advertise online
https://blog.avast.com/a-new-way-to-advertise-online-avast (https://blog.avast.com/a-new-way-to-advertise-online-avast)
A great idea but currently only an idea.
https://techcrunch.com/2022/01/20/meps-vote-to-limit-tracking/?utm_source=join1440&utm_medium=email
Title: Re: Technical
Post by: DavidR on January 24, 2022, 03:52:00 PM
Dare to dream: A new way to advertise online
https://blog.avast.com/a-new-way-to-advertise-online-avast

Avast is starting to use old methods, e.g. seeing lots of TV Adverts for avast One recently in the UK ;)
Title: Re: Technical
Post by: alanb on January 24, 2022, 05:51:41 PM
seeing lots of TV Adverts for avast One recently in the UK ;)

And almost hourly radio ads!
Title: Re: Technical
Post by: DavidR on January 24, 2022, 07:50:04 PM
seeing lots of TV Adverts for avast One recently in the UK ;)

And almost hourly radio ads!

Not heard, mind you it is a very rare occasion I even listen to Radio programs.
Title: Re: Technical
Post by: bob3160 on January 24, 2022, 09:32:05 PM
Nothing in the US.
Title: Re: Technical
Post by: Asyn on January 25, 2022, 10:29:33 AM
Campaigns abusing corporate trusted infrastructure hunt for corporate credentials on ICS networks
https://securelist.com/hunt-for-corporate-credentials-on-ics-networks/105545/
Title: Re: Technical
Post by: Asyn on January 25, 2022, 12:51:36 PM
Web Skimming Attacks Using Google Tag Manager
https://decoded.avast.io/pavlinakopecka/web-skimming-attacks-using-google-tag-manager/
Title: Re: Technical
Post by: Asyn on January 26, 2022, 09:53:31 AM
AccessPress Themes Hit With Targeted Supply Chain Attack
https://blog.sucuri.net/2022/01/accesspress-themes-hit-with-targeted-supply-chain-attack.html
Title: Re: Technical
Post by: Asyn on January 26, 2022, 12:42:08 PM
Ransomware gangs increase efforts to enlist insiders for attacks
https://www.bleepingcomputer.com/news/security/ransomware-gangs-increase-efforts-to-enlist-insiders-for-attacks/
Title: Re: Technical
Post by: Asyn on January 27, 2022, 09:40:04 AM
Chasing Chaes Kill Chain
https://decoded.avast.io/anhho/chasing-chaes-kill-chain/
Title: Re: Technical
Post by: Asyn on January 27, 2022, 02:25:00 PM
Malicious PowerPoint files used to push remote access trojans
https://www.bleepingcomputer.com/news/security/malicious-powerpoint-files-used-to-push-remote-access-trojans/
Title: Re: Technical
Post by: Asyn on January 28, 2022, 10:11:33 AM
How BRATA is monitoring your bank account
https://www.cleafy.com/cleafy-labs/how-brata-is-monitoring-your-bank-account
Title: Re: Technical
Post by: Asyn on January 28, 2022, 01:16:59 PM
New DeadBolt ransomware targets QNAP devices, asks 50 BTC for master key
https://www.bleepingcomputer.com/news/security/new-deadbolt-ransomware-targets-qnap-devices-asks-50-btc-for-master-key/
Title: Re: Technical
Post by: Asyn on January 29, 2022, 10:14:28 AM
Financially Motivated Mobile Scamware Exceeds 100M Installations
https://blog.zimperium.com/dark-herring-android-scamware-exceeds-100m-installations/
Title: Re: Technical
Post by: Asyn on January 29, 2022, 02:55:29 PM
PwnKit: Local Privilege Escalation Vulnerability Discovered in polkit’s pkexec (CVE-2021-4034)
https://blog.qualys.com/vulnerabilities-threat-research/2022/01/25/pwnkit-local-privilege-escalation-vulnerability-discovered-in-polkits-pkexec-cve-2021-4034
Title: Re: Technical
Post by: Asyn on January 30, 2022, 10:27:03 AM
TrickBot Bolsters Layered Defenses to Prevent Injection Research
https://securityintelligence.com/posts/trickbot-bolsters-layered-defenses-prevent-injection/
Title: Re: Technical
Post by: Asyn on January 30, 2022, 03:54:55 PM
Watering hole deploys new macOS malware, DazzleSpy, in Asia
https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/
Title: Re: Technical
Post by: Asyn on January 31, 2022, 10:08:48 AM
Analysis and Impact of LockBit Ransomware’s First Linux and VMware ESXi Variant
https://www.trendmicro.com/en_us/research/22/a/analysis-and-Impact-of-lockbit-ransomwares-first-linux-and-vmware-esxi-variant.html
Title: Re: Technical
Post by: Asyn on January 31, 2022, 04:00:14 PM
How to protect your network from a future attack
https://blog.avast.com/protecting-networks-from-future-attacks-avast
Title: Re: Technical
Post by: Asyn on February 01, 2022, 09:28:23 AM
North Korea’s Lazarus APT leverages Windows Update client, GitHub in latest campaign
https://blog.malwarebytes.com/threat-intelligence/2022/01/north-koreas-lazarus-apt-leverages-windows-update-client-github-in-latest-campaign/
Title: Re: Technical
Post by: Asyn on February 01, 2022, 10:35:33 AM
Over 20,000 data center management systems exposed to hackers
https://www.bleepingcomputer.com/news/security/over-20-000-data-center-management-systems-exposed-to-hackers/
Title: Re: Technical
Post by: Asyn on February 02, 2022, 10:00:37 AM
Avast Threat Labs releases Q4 2021 Threat Report
https://blog.avast.com/q4-2021-threat-report-avast
https://decoded.avast.io/threatresearch/avast-q4-21-threat-report/
Title: Re: Technical
Post by: Asyn on February 02, 2022, 01:31:13 PM
Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA
https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/
Title: Re: Technical
Post by: Asyn on February 03, 2022, 09:30:48 AM
Early Bird Catches the Wormhole: Observations from the StellarParticle Campaign
https://www.crowdstrike.com/blog/observations-from-the-stellarparticle-campaign/
Title: Re: Technical
Post by: Asyn on February 03, 2022, 01:35:52 PM
Researchers use GPU fingerprinting to track users online
https://www.bleepingcomputer.com/news/security/researchers-use-gpu-fingerprinting-to-track-users-online/
https://arxiv.org/pdf/2201.09956.pdf
Title: Re: Technical
Post by: Asyn on February 04, 2022, 09:46:13 AM
OiVaVoii – An Active Malicious Hybrid Cloud Threats Campaign
https://www.proofpoint.com/us/blog/cloud-security/oivavoii-active-malicious-hybrid-cloud-threats-campaign
Title: Re: Technical
Post by: Asyn on February 04, 2022, 02:11:01 PM
277,000 routers exposed to Eternal Silence attacks via UPnP
https://www.bleepingcomputer.com/news/security/277-000-routers-exposed-to-eternal-silence-attacks-via-upnp/
Title: Re: Technical
Post by: Asyn on February 05, 2022, 09:51:47 AM
Iranian APT MuddyWater targets Turkish users via malicious PDFs, executables
https://blog.talosintelligence.com/2022/01/iranian-apt-muddywater-targets-turkey.html
Title: Re: Technical
Post by: Asyn on February 05, 2022, 03:10:35 PM
Achieve better patch compliance with Update Connectivity data
https://techcommunity.microsoft.com/t5/windows-it-pro-blog/achieve-better-patch-compliance-with-update-connectivity-data/ba-p/3073356
Title: Re: Technical
Post by: Asyn on February 06, 2022, 10:42:19 AM
How attackers got access to the systems of the National Games of China
https://blog.avast.com/national-games-of-china-systems-attack-analysis-avast
https://decoded.avast.io/janneduchal/analysis-of-attack-against-national-games-of-china-systems/
Title: Re: Technical
Post by: Asyn on February 06, 2022, 02:43:08 PM
Shuckworm Continues Cyber-Espionage Attacks Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-gamaredon-espionage-ukraine
Title: Re: Technical
Post by: Asyn on February 06, 2022, 05:04:31 PM
PowerLess Trojan: Iranian APT Phosphorus Adds New PowerShell Backdoor for Espionage
https://www.cybereason.com/blog/powerless-trojan-iranian-apt-phosphorus-adds-new-powershell-backdoor-for-espionage
Title: Re: Technical
Post by: Asyn on February 07, 2022, 09:04:37 AM
Mars Stealer: Oski refactoring
https://3xp0rt.com/posts/mars-stealer
Title: Re: Technical
Post by: Asyn on February 07, 2022, 12:57:28 PM
An In-Depth Look at the 23 High-Impact Vulnerabilities
https://www.binarly.io/posts/An_In_Depth_Look_at_the_23_High_Impact_Vulnerabilities/
Title: Re: Technical
Post by: Asyn on February 08, 2022, 09:34:03 AM
Decrypted: TargetCompany Ransomware
https://decoded.avast.io/threatresearch/decrypted-targetcompany-ransomware/
Title: Re: Technical
Post by: Asyn on February 08, 2022, 12:16:00 PM
Malicious CSV text files used to install BazarBackdoor malware
https://www.bleepingcomputer.com/news/security/malicious-csv-text-files-used-to-install-bazarbackdoor-malware/
Title: Re: Technical
Post by: Asyn on February 09, 2022, 10:07:38 AM
The February 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/2/8/the-february-2022-security-update-review
Title: Re: Technical
Post by: Asyn on February 09, 2022, 12:47:15 PM
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
https://www.mandiant.com/resources/seo-poisoning-batloader-atera
Title: Re: Technical
Post by: bob3160 on February 09, 2022, 02:07:12 PM
Zoom For You — SEO Poisoning to Distribute BATLOADER and Atera Agent
https://www.mandiant.com/resources/seo-poisoning-batloader-atera (https://www.mandiant.com/resources/seo-poisoning-batloader-atera)
I'm not sure I understand the headline?
How is this related to Zoom ?
Title: Re: Technical
Post by: Asyn on February 10, 2022, 10:38:15 AM
Operation EmailThief: Active Exploitation of Zero-day XSS Vulnerability in Zimbra
https://www.volexity.com/blog/2022/02/03/operation-emailthief-active-exploitation-of-zero-day-xss-vulnerability-in-zimbra/
Title: Re: Technical
Post by: Asyn on February 10, 2022, 01:10:50 PM
MFA PSA, Oh My!
https://www.proofpoint.com/us/blog/threat-insight/mfa-psa-oh-my
Title: Re: Technical
Post by: Asyn on February 10, 2022, 03:07:34 PM
Cyber Signals: Defending against cyber threats with the latest research, insights, and trends
https://www.microsoft.com/security/blog/2022/02/03/cyber-signals-defending-against-cyber-threats-with-the-latest-research-insights-and-trends/
Title: Re: Technical
Post by: Asyn on February 11, 2022, 11:20:40 AM
Antlion: Chinese APT Uses Custom Backdoor to Target Financial Institutions in Taiwan
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/china-apt-antlion-taiwan-financial-attacks
Title: Re: Technical
Post by: Asyn on February 11, 2022, 02:49:42 PM
ACTINIUM targets Ukrainian organizations
https://www.microsoft.com/security/blog/2022/02/04/actinium-targets-ukrainian-organizations/
Title: Re: Technical
Post by: Asyn on February 12, 2022, 10:15:21 AM
FBI shares Lockbit ransomware technical details, defense tips
https://www.bleepingcomputer.com/news/security/fbi-shares-lockbit-ransomware-technical-details-defense-tips/
Title: Re: Technical
Post by: Asyn on February 12, 2022, 04:14:45 PM
Sugar Ransomware, a new RaaS
https://medium.com/walmartglobaltech/sugar-ransomware-a-new-raas-a5d94d58d9fb
Title: Re: Technical
Post by: Asyn on February 13, 2022, 10:27:04 AM
Qbot Likes to Move It, Move It
https://thedfirreport.com/2022/02/07/qbot-likes-to-move-it-move-it/
Title: Re: Technical
Post by: Asyn on February 13, 2022, 11:55:02 AM
Roaming Mantis reaches Europe
https://securelist.com/roaming-mantis-reaches-europe/105596/
Title: Re: Technical
Post by: Asyn on February 14, 2022, 09:54:23 AM
Ugg Boots 4 Sale: A Tale of Palestinian-Aligned Espionage
https://www.proofpoint.com/us/blog/threat-insight/ugg-boots-4-sale-tale-palestinian-aligned-espionage
Title: Re: Technical
Post by: Asyn on February 14, 2022, 01:42:10 PM
Partners-in-crime: Medusa and Cabassous attack banks side-by-side
https://www.threatfabric.com/blogs/partners-in-crime-medusa-cabassous.html
Title: Re: Technical
Post by: Asyn on February 15, 2022, 09:39:23 AM
Distribution of Kimsuky Group’s xRAT (Quasar RAT) Confirmed
https://asec.ahnlab.com/en/31089/
Title: Re: Technical
Post by: Asyn on February 16, 2022, 09:58:58 AM
Ransomware dev releases Egregor, Maze master decryption keys
https://www.bleepingcomputer.com/news/security/ransomware-dev-releases-egregor-maze-master-decryption-keys/
https://www.emsisoft.com/ransomware-decryption-tools/maze-sekhmet-egregor
Title: Re: Technical
Post by: Asyn on February 17, 2022, 11:01:12 AM
Attackers Disguise RedLine Stealer as a Windows 11 Upgrade
https://threatresearch.ext.hp.com/redline-stealer-disguised-as-a-windows-11-upgrade/
Title: Re: Technical
Post by: Asyn on February 18, 2022, 12:48:48 PM
ModifiedElephant APT and a Decade of Fabricating Evidence
https://www.sentinelone.com/labs/modifiedelephant-apt-and-a-decade-of-fabricating-evidence/
Title: Re: Technical
Post by: Asyn on February 19, 2022, 10:35:13 AM
FritzFrog: P2P Botnet Hops Back on the Scene
https://www.akamai.com/blog/security/fritzfrog-p2p
Title: Re: Technical
Post by: Asyn on February 20, 2022, 11:45:35 AM
A walk through Project Zero metrics
https://googleprojectzero.blogspot.com/2022/02/a-walk-through-project-zero-metrics.html
Title: Re: Technical
Post by: Asyn on February 21, 2022, 09:24:10 AM
Never, Ever, Ever Use Pixelation for Redacting Text
https://bishopfox.com/blog/unredacter-tool-never-pixelation
Title: Re: Technical
Post by: Asyn on February 22, 2022, 10:41:09 AM
Hackers Attach Malicious .exe Files to Teams Conversations
https://www.avanan.com/blog/hackers-attach-malicious-.exe-files-to-teams-conversations
Title: Re: Technical
Post by: Asyn on February 22, 2022, 04:49:55 PM
Meet Kraken: A New Golang Botnet in Development
https://www.zerofox.com/blog/meet-kraken-a-new-golang-botnet-in-development/
Title: Re: Technical
Post by: Asyn on February 23, 2022, 08:59:40 AM
Log4j2 In The Wild | Iranian-Aligned Threat Actor “TunnelVision” Actively Exploiting VMware Horizon
https://www.sentinelone.com/labs/log4j2-in-the-wild-iranian-aligned-threat-actor-tunnelvision-actively-exploiting-vmware-horizon/
Title: Re: Technical
Post by: Asyn on February 24, 2022, 09:20:46 AM
New data-wiping malware used in destructive attacks on Ukraine
https://www.bleepingcomputer.com/news/security/new-data-wiping-malware-used-in-destructive-attacks-on-ukraine/
Title: Re: Technical
Post by: Asyn on February 24, 2022, 01:42:33 PM
The TrickBot Saga’s Finale Has Aired: Spinoff is Already in the Works
https://www.advintel.io/post/the-trickbot-saga-s-finale-has-aired-but-a-spinoff-is-already-in-the-works
Title: Re: Technical
Post by: Asyn on February 25, 2022, 09:57:34 AM
Modified CryptBot Infostealer Being Distributed
https://asec.ahnlab.com/en/31802/
Title: Re: Technical
Post by: Asyn on February 25, 2022, 12:55:31 PM
Xenomorph: A newly hatched Banking Trojan
https://www.threatfabric.com/blogs/xenomorph-a-newly-hatched-banking-trojan.html
Title: Re: Technical
Post by: Asyn on February 26, 2022, 10:26:53 AM
Steal Credentials & Bypass 2FA Using noVNC
https://mrd0x.com/bypass-2fa-using-novnc/
Title: Re: Technical
Post by: Asyn on February 26, 2022, 03:10:34 PM
The Bvp47 - a Top-tier Backdoor of US NSA Equation Group
https://www.pangulab.cn/en/post/the_bvp47_a_top-tier_backdoor_of_us_nsa_equation_group/
https://www.pangulab.cn/files/The_Bvp47_a_top-tier_backdoor_of_us_nsa_equation_group.en.pdf
Title: Re: Technical
Post by: Asyn on February 27, 2022, 10:27:30 AM
Ukraine recruits "IT Army" to hack Russian entities, lists 31 targets
https://www.bleepingcomputer.com/news/security/ukraine-recruits-it-army-to-hack-russian-entities-lists-31-targets/
Title: Re: Technical
Post by: Asyn on February 27, 2022, 03:30:56 PM
2022 State of the Phish Report Explores Increasingly Active Threat Landscape, Importance of People-Centric Security
https://www.proofpoint.com/us/blog/security-awareness-training/2022-state-phish-explores-increasingly-active-threat-landscape
Title: Re: Technical
Post by: Asyn on February 28, 2022, 09:01:19 AM
New Sandworm malware Cyclops Blink replaces VPNFilter
https://www.ncsc.gov.uk/news/joint-advisory-shows-new-sandworm-malware-cyclops-blink-replaces-vpnfilter
Title: Re: Technical
Post by: Asyn on February 28, 2022, 02:57:29 PM
Dridex bots deliver Entropy ransomware in recent attacks
https://news.sophos.com/en-us/2022/02/23/dridex-bots-deliver-entropy-ransomware-in-recent-attacks/
Title: Re: Technical
Post by: Asyn on March 01, 2022, 09:18:58 AM
Digital technology and the war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/02/28/ukraine-russia-digital-war-cyberattacks/
Title: Re: Technical
Post by: Asyn on March 01, 2022, 12:26:46 PM
DeadBolt ransomware now targets ASUSTOR devices, asks 50 BTC for master key
https://www.bleepingcomputer.com/news/security/deadbolt-ransomware-now-targets-asustor-devices-asks-50-btc-for-master-key/
Title: Re: Technical
Post by: Asyn on March 02, 2022, 10:11:51 AM
Password analysis - Analysis of 2.5b+ passwords in terms of letter frequency by top-level-domain
https://comedyhacker.com/pwanalysis/
Title: Re: Technical
Post by: Asyn on March 02, 2022, 11:25:21 AM
Alert (AA22-055A ) - Iranian Government-Sponsored Actors Conduct Cyber Operations Against Global Government and Commercial Networks
https://www.cisa.gov/uscert/ncas/alerts/aa22-055a
Title: Re: Technical
Post by: Asyn on March 02, 2022, 04:28:20 PM
(Ex)Change of Pace: UNC2596 Observed Leveraging Vulnerabilities to Deploy Cuba Ransomware
https://www.mandiant.com/resources/unc2596-cuba-ransomware
Title: Re: Technical
Post by: Asyn on March 03, 2022, 09:31:22 AM
Asylum Ambuscade: State Actor Uses Compromised Private Ukrainian Military Emails to Target European Governments and Refugee Movement
https://www.proofpoint.com/us/blog/threat-insight/asylum-ambuscade-state-actor-uses-compromised-private-ukrainian-military-emails
Title: Re: Technical
Post by: Asyn on March 03, 2022, 01:04:51 PM
New Malware Capable of Controlling Social Media Accounts Infects 5,000+ Machines and is actively being Distributed via Gaming Applications on Microsoft’s Official Store
https://research.checkpoint.com/2022/new-malware-capable-of-controlling-social-media-accounts-infects-5000-machines-and-is-actively-being-distributed-via-gaming-applications-on-microsofts-official-store/
Title: Re: Technical
Post by: Asyn on March 04, 2022, 09:04:44 AM
Help for Ukraine: Free decryptor for HermeticRansom ransomware
https://decoded.avast.io/threatresearch/help-for-ukraine-free-decryptor-for-hermeticransom-ransomware/
Title: Re: Technical
Post by: Asyn on March 04, 2022, 02:36:43 PM
2022 may be the year cybercrime returns its focus to consumers
https://www.bleepingcomputer.com/news/security/2022-may-be-the-year-cybercrime-returns-its-focus-to-consumers/
Title: Re: Technical
Post by: Asyn on March 04, 2022, 04:21:46 PM
TeaBot is now spreading across the globe
https://www.cleafy.com/cleafy-labs/teabot-is-now-spreading-across-the-globe
Title: Re: Technical
Post by: Asyn on March 05, 2022, 10:55:13 AM
Experts urge EU not to force insecure certificates in web browsers
https://www.bleepingcomputer.com/news/security/experts-urge-eu-not-to-force-insecure-certificates-in-web-browsers/
https://www.eff.org/press/releases/cybersecurity-experts-urge-eu-lawmakers-fix-website-authentication-proposal-puts
Title: Re: Technical
Post by: Asyn on March 06, 2022, 09:32:36 AM
SharkBot: a “new” generation Android banking Trojan being distributed on Google Play Store
https://research.nccgroup.com/2022/03/03/sharkbot-a-new-generation-android-banking-trojan-being-distributed-on-google-play-store/
Title: Re: Technical
Post by: Asyn on March 06, 2022, 04:25:49 PM
Meet The Secretive Surveillance Wizards Helping The FBI And ICE Wiretap Facebook And Google Users
https://www.forbes.com/sites/thomasbrewster/2022/02/23/meet-the-secretive-surveillance-wizards-helping-the-fbi-and-ice-wiretap-facebook-and-google-users/
Title: Re: Technical
Post by: Asyn on March 07, 2022, 09:22:01 AM
Jester Stealer: An Emerging Info Stealer
https://blog.cyble.com/2022/02/24/jester-stealer-an-emerging-info-stealer/
Title: Re: Technical
Post by: Asyn on March 07, 2022, 05:20:22 PM
Daxin: Stealthy Backdoor Designed for Attacks Against Hardened Networks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/daxin-backdoor-espionage
Title: Re: Technical
Post by: Asyn on March 08, 2022, 09:01:43 AM
Dozens of COVID passport apps put user's privacy at risk
https://www.bleepingcomputer.com/news/security/dozens-of-covid-passport-apps-put-users-privacy-at-risk/
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-passport-risks
Title: Re: Technical
Post by: bob3160 on March 08, 2022, 01:38:57 PM
Dozens of COVID passport apps put user's privacy at risk
https://www.bleepingcomputer.com/news/security/dozens-of-covid-passport-apps-put-users-privacy-at-risk/ (https://www.bleepingcomputer.com/news/security/dozens-of-covid-passport-apps-put-users-privacy-at-risk/)
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-passport-risks (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/covid-passport-risks)
A simple cure for this problem is to do away with those unnecessary passports. :)
Title: Re: Technical
Post by: Asyn on March 08, 2022, 03:31:15 PM
TCP Middlebox Reflection: Coming to a DDoS Near You
https://www.akamai.com/blog/security/tcp-middlebox-reflection
Title: Re: Technical
Post by: Asyn on March 09, 2022, 09:52:37 AM
Why the World Must Resist Calls to Undermine the Internet
https://www.internetsociety.org/blog/2022/03/why-the-world-must-resist-calls-to-undermine-the-internet/
Title: Re: Technical
Post by: Asyn on March 09, 2022, 10:53:16 AM
The March 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/3/8/the-march-2022-security-update-review
Title: Re: Technical
Post by: Asyn on March 10, 2022, 09:27:24 AM
IsaacWiper and HermeticWizard: New wiper and worm targeting Ukraine
https://www.welivesecurity.com/2022/03/01/isaacwiper-hermeticwizard-wiper-worm-targeting-ukraine/
Title: Re: Technical
Post by: Asyn on March 10, 2022, 11:27:48 AM
Decrypted: Prometheus Ransomware
https://decoded.avast.io/threatresearch/decrypted-prometheus-ransomware/
Title: Re: Technical
Post by: Asyn on March 11, 2022, 10:47:58 AM
Bitdefender Labs Sees Increased Malicious and Scam Activity Exploiting the War in Ukraine
https://www.bitdefender.com/blog/hotforsecurity/bitdefender-labs-sees-increased-malicious-and-scam-activity-exploiting-the-war-in-ukraine
Title: Re: Technical
Post by: Asyn on March 11, 2022, 12:53:40 PM
Raccoon Stealer: “Trash panda” abuses Telegram
https://decoded.avast.io/vladimirmartyanov/raccoon-stealer-trash-panda-abuses-telegram/
Title: Re: Technical
Post by: Asyn on March 12, 2022, 11:34:14 AM
Social media phishing attacks are at an all time high
https://www.bleepingcomputer.com/news/security/social-media-phishing-attacks-are-at-an-all-time-high/
Title: Re: Technical
Post by: Asyn on March 12, 2022, 04:10:44 PM
The Dirty Pipe Vulnerability
https://dirtypipe.cm4all.com/
Title: Re: Technical
Post by: Asyn on March 13, 2022, 09:13:33 AM
The Good, the Bad, and the Web Bug: TA416 Increases Operational Tempo Against European Governments as Conflict in Ukraine Escalates
https://www.proofpoint.com/us/blog/threat-insight/good-bad-and-web-bug-ta416-increases-operational-tempo-against-european
Title: Re: Technical
Post by: Asyn on March 13, 2022, 03:17:29 PM
Emotet growing slowly but steadily since November resurgence
https://www.bleepingcomputer.com/news/security/emotet-growing-slowly-but-steadily-since-november-resurgence/
Title: Re: Technical
Post by: Asyn on March 14, 2022, 08:51:40 AM
CVE-2022-26143: TP240PhoneHome Reflection/Amplification DDoS Attack Vector
https://www.akamai.com/blog/security/phone-home-ddos-attack-vector
Title: Re: Technical
Post by: Asyn on March 14, 2022, 12:10:56 PM
An update on the threat landscape
https://blog.google/threat-analysis-group/update-threat-landscape-ukraine/
Title: Re: Technical
Post by: Asyn on March 14, 2022, 04:11:05 PM
Nearly 30% of critical WordPress plugin bugs don't get a patch
https://www.bleepingcomputer.com/news/security/nearly-30-percent-of-critical-wordpress-plugin-bugs-dont-get-a-patch/
Title: Re: Technical
Post by: Asyn on March 15, 2022, 09:02:41 AM
Fake antivirus updates used to deploy Cobalt Strike in Ukraine
https://www.bleepingcomputer.com/news/security/fake-antivirus-updates-used-to-deploy-cobalt-strike-in-ukraine/
Title: Re: Technical
Post by: Asyn on March 15, 2022, 09:19:10 AM
Pre-war spike in phishing attacks targeting infrastructure in Ukraine
https://blog.avast.com/phishing-attacks-in-ukraine
Title: Re: Technical
Post by: Asyn on March 16, 2022, 10:50:43 AM
The AMD Branch (Mis)predictor Part 2: Where No CPU has Gone Before (CVE-2021-26341)
https://grsecurity.net/amd_branch_mispredictor_part_2_where_no_cpu_has_gone_before
Title: Re: Technical
Post by: Asyn on March 16, 2022, 12:19:13 PM
Hackers fork open-source reverse tunneling tool for persistence
https://www.bleepingcomputer.com/news/security/hackers-fork-open-source-reverse-tunneling-tool-for-persistence/
Title: Re: Technical
Post by: Asyn on March 17, 2022, 09:24:47 AM
Increase In Malware Sightings on GoDaddy Managed Hosting
https://www.wordfence.com/blog/2022/03/increase-in-malware-sightings-on-godaddy-managed-hosting/
Title: Re: Technical
Post by: Asyn on March 17, 2022, 02:14:43 PM
Branch History Injection - On the Effectiveness of Hardware Mitigations Against Cross-Privilege Spectre-v2 Attacks
https://www.vusec.net/projects/bhi-spectre-bhb/
Title: Re: Technical
Post by: Asyn on March 17, 2022, 05:07:31 PM
2021 mobile security: Android more vulnerabilities, iOS more zero-days
https://www.bleepingcomputer.com/news/security/2021-mobile-security-android-more-vulnerabilities-ios-more-zero-days/
Title: Re: Technical
Post by: Asyn on March 18, 2022, 10:06:38 AM
BazarLoader Actors Initiate Contact via Website Contact Forms
https://abnormalsecurity.com/blog/bazarloader-contact-form
Title: Re: Technical
Post by: Asyn on March 18, 2022, 01:17:39 PM
New CaddyWiper data wiping malware hits Ukrainian networks
https://www.bleepingcomputer.com/news/security/new-caddywiper-data-wiping-malware-hits-ukrainian-networks/
Title: Re: Technical
Post by: Asyn on March 19, 2022, 11:07:10 AM
AbereBot Returns as Escobar
https://blog.cyble.com/2022/03/10/aberebot-returns-as-escobar/
Title: Re: Technical
Post by: Asyn on March 19, 2022, 12:52:38 PM
DirtyMoe: Worming Modules
https://decoded.avast.io/martinchlumecky/dirtymoe-5/
Title: Re: Technical
Post by: Asyn on March 19, 2022, 04:11:12 PM
Dozens of ransomware variants used in 722 attacks over 3 months
https://www.bleepingcomputer.com/news/security/dozens-of-ransomware-variants-used-in-722-attacks-over-3-months/
Title: Re: Technical
Post by: Asyn on March 20, 2022, 10:08:42 AM
Infostealer Being Distributed via YouTube
https://asec.ahnlab.com/en/32499/
Title: Re: Technical
Post by: Asyn on March 20, 2022, 01:36:52 PM
Mēris and TrickBot standing on the shoulders of giants
https://decoded.avast.io/martinhron/meris-and-trickbot-standing-on-the-shoulders-of-giants/
Title: Re: Technical
Post by: Asyn on March 21, 2022, 09:24:00 AM
New Threat: B1txor20, A Linux Backdoor Using DNS Tunnel
https://blog.netlab.360.com/b1txor20-use-of-dns-tunneling_en/
Title: Re: Technical
Post by: Asyn on March 21, 2022, 02:02:51 PM
Free decryptor released for TrickBot gang's Diavol ransomware
https://www.bleepingcomputer.com/news/security/free-decryptor-released-for-trickbot-gangs-diavol-ransomware/
https://www.emsisoft.com/ransomware-decryption-tools/howtos/emsisoft_howto_diavol.pdf
Title: Re: Technical
Post by: Asyn on March 22, 2022, 09:38:51 AM
What Wicked Webs We Un-weave: Wizard Spider once again proving it isn’t you, it isn’t me; we search for things that you can’t see
https://www.prevailion.com/what-wicked-webs-we-unweave/
Title: Re: Technical
Post by: Asyn on March 23, 2022, 09:09:41 AM
DEV-0537 criminal actor targeting organizations for data exfiltration and destruction
https://www.microsoft.com/security/blog/2022/03/22/dev-0537-criminal-actor-targeting-organizations-for-data-exfiltration-and-destruction/
Title: Re: Technical
Post by: Asyn on March 23, 2022, 04:08:51 PM
Have Your Cake and Eat it Too? An Overview of UNC2891
https://www.mandiant.com/resources/unc2891-overview
Title: Re: Technical
Post by: Asyn on March 23, 2022, 05:09:36 PM
Operation Dragon Castling: APT group targeting betting companies
https://decoded.avast.io/luigicamastra/operation-dragon-castling-apt-group-targeting-betting-companies/
Title: Re: Technical
Post by: Asyn on March 24, 2022, 09:17:46 AM
Exposing initial access broker with ties to Conti
https://blog.google/threat-analysis-group/exposing-initial-access-broker-ties-conti/
Title: Re: Technical
Post by: Asyn on March 24, 2022, 12:23:55 PM
Cyclops Blink Sets Sights on Asus Routers
https://www.trendmicro.com/en_us/research/22/c/cyclops-blink-sets-sights-on-asus-routers--.html
Title: Re: Technical
Post by: Asyn on March 24, 2022, 04:09:09 PM
Spyware dubbed Facestealer infects 100,000+ Google Play users
https://blog.pradeo.com/spyware-facestealer-google-play
Title: Re: Technical
Post by: Asyn on March 25, 2022, 09:41:27 AM
Password stealer disguised as private Fortnite server spreading via Discord
https://blog.avast.com/password-stealer-disguised-as-fortnite-server-spreading-on-discord
Title: Re: Technical
Post by: Asyn on March 25, 2022, 12:37:46 PM
Uncovering Trickbot’s use of IoT devices in command-and-control infrastructure
https://www.microsoft.com/security/blog/2022/03/16/uncovering-trickbots-use-of-iot-devices-in-command-and-control-infrastructure/
Title: Re: Technical
Post by: Asyn on March 25, 2022, 04:01:53 PM
BitRAT Disguised as Windows Product Key Verification Tool Being Distributed
https://asec.ahnlab.com/en/32781/
Title: Re: Technical
Post by: Asyn on March 26, 2022, 10:37:39 AM
Serpent, No Swiping! New Backdoor Targets French Entities with Unique Attack Chain
https://www.proofpoint.com/us/blog/threat-insight/serpent-no-swiping-new-backdoor-targets-french-entities-unique-attack-chain
Title: Re: Technical
Post by: Asyn on March 26, 2022, 03:15:36 PM
New blocks emerge in Russia amid war in Ukraine: An OONI network measurement analysis
https://ooni.org/post/2022-russia-blocks-amid-ru-ua-conflict/
Title: Re: Technical
Post by: Asyn on March 26, 2022, 05:41:15 PM
Storm Cloud on the Horizon: GIMMICK Malware Strikes at macOS
https://www.volexity.com/blog/2022/03/22/storm-cloud-on-the-horizon-gimmick-malware-strikes-at-macos/
Title: Re: Technical
Post by: Asyn on March 27, 2022, 10:46:48 AM
Mustang Panda’s Hodur: Old tricks, new Korplug variant
https://www.welivesecurity.com/2022/03/23/mustang-panda-hodur-old-tricks-new-korplug-variant/
Title: Re: Technical
Post by: Asyn on March 27, 2022, 03:57:27 PM
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html
Title: Re: Technical
Post by: DavidR on March 27, 2022, 04:18:50 PM
Gone in 52 Seconds…and 42 Minutes: A Comparative Analysis of Ransomware Encryption Speed
https://www.splunk.com/en_us/blog/security/gone-in-52-seconds-and-42-minutes-a-comparative-analysis-of-ransomware-encryption-speed.html

Did anyone understand what this was all about  ???
Title: Re: Technical
Post by: Asyn on March 28, 2022, 09:55:00 AM
Distribution of ClipBanker Disguised as Malware Creation Tool
https://asec.ahnlab.com/en/32825/
Title: Re: Technical
Post by: Asyn on March 28, 2022, 02:59:30 PM
Avast Finds Compromised Philippine Navy Certificate Used in Remote Access Tool
https://decoded.avast.io/threatintel/avast-finds-compromised-philippine-navy-certificate-used-in-remote-access-tool/
Title: Re: Technical
Post by: Asyn on March 28, 2022, 04:16:36 PM
Countering threats from North Korea
https://blog.google/threat-analysis-group/countering-threats-north-korea/
Title: Re: Technical
Post by: Asyn on March 29, 2022, 11:44:27 AM
Creepy Spyware Company Goes Broke
https://gizmodo.com/finfisher-claims-insolvency-amid-german-gov-investigat-1848713428
Title: Re: Technical
Post by: Asyn on March 29, 2022, 01:29:35 PM
Phishing-kit market: what’s inside “off-the-shelf” phishing packages
https://securelist.com/phishing-kit-market-whats-inside-off-the-shelf-phishing-packages/106149/
Title: Re: Technical
Post by: Asyn on March 30, 2022, 11:04:28 AM
New JSSLoader Trojan Delivered Through XLL Files
https://blog.morphisec.com/new-jssloader-trojan-delivered-through-xll-files
Title: Re: Technical
Post by: Asyn on March 30, 2022, 02:01:07 PM
Windows Subsystem for Linux (WSL): Threats Still Lurk Below the (Sub)Surface
https://blog.lumen.com/windows-subsystem-for-linux-wsl-threats/
Title: Re: Technical
Post by: Asyn on March 30, 2022, 05:26:59 PM
URL rendering trick enabled WhatsApp, Signal, iMessage phishing
https://www.bleepingcomputer.com/news/security/url-rendering-trick-enabled-whatsapp-signal-imessage-phishing/
Title: Re: Technical
Post by: Asyn on March 31, 2022, 11:37:17 AM
Muhstik Gang targets Redis Servers
https://blogs.juniper.net/en-us/security/muhstik-gang-targets-redis-servers
Title: Re: Technical
Post by: Asyn on March 31, 2022, 03:51:38 PM
Europol dismantles massive call center investment scam operation
https://www.bleepingcomputer.com/news/security/europol-dismantles-massive-call-center-investment-scam-operation/
https://www.europol.europa.eu/media-press/newsroom/news/latvia-and-lithuania-detain-108-over-multi-million-euro-call-centre-scam
Title: Re: Technical
Post by: Asyn on April 01, 2022, 09:08:21 AM
SunCrypt Ransomware Gains New Capabilities in 2022
https://blog.minerva-labs.com/suncrypt-ransomware-gains-new-abilities-in-2022
Title: Re: Technical
Post by: Asyn on April 01, 2022, 02:46:50 PM
New Conversation Hijacking Campaign Delivering IcedID
https://www.intezer.com/blog/research/conversation-hijacking-campaign-delivering-icedid/
Title: Re: Technical
Post by: Asyn on April 01, 2022, 04:54:54 PM
Tracking cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/tracking-cyber-activity-eastern-europe/
Title: Re: Technical
Post by: Asyn on April 02, 2022, 11:00:37 AM
Exclusive Threat Research: Mars (Stealer) Attacks!
https://blog.morphisec.com/threat-research-mars-stealer
Title: Re: Technical
Post by: Asyn on April 02, 2022, 03:07:09 PM
Calendly actively abused in Microsoft credentials phishing
https://www.bleepingcomputer.com/news/security/calendly-actively-abused-in-microsoft-credentials-phishing/
Title: Re: Technical
Post by: Asyn on April 02, 2022, 05:43:59 PM
Transparent Tribe campaign uses new bespoke malware to target Indian government officials
https://blog.talosintelligence.com/2022/03/transparent-tribe-new-campaign.html
Title: Re: Technical
Post by: Asyn on April 03, 2022, 09:27:04 AM
Verblecon: Sophisticated New Loader Used in Low-level Attacks
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/verblecon-sophisticated-malware-cryptocurrency-mining-discord
Title: Re: Technical
Post by: Asyn on April 03, 2022, 02:38:45 PM
New spear phishing campaign targets Russian dissidents
https://blog.malwarebytes.com/threat-intelligence/2022/03/new-spear-phishing-campaign-targets-russian-dissidents/
Title: Re: Technical
Post by: Asyn on April 03, 2022, 05:12:28 PM
Hive Ransomware Deploys Novel IPfuscation Technique To Avoid Detection
https://www.sentinelone.com/blog/hive-ransomware-deploys-novel-ipfuscation-technique/
Title: Re: Technical
Post by: Asyn on April 04, 2022, 09:41:59 AM
Lazarus Trojanized DeFi app for delivering malware
https://securelist.com/lazarus-trojanized-defi-app/106195/
Title: Re: Technical
Post by: Asyn on April 04, 2022, 04:32:50 PM
New Milestones for Deep Panda: Log4Shell and Digitally Signed Fire Chili Rootkits
https://www.fortinet.com/blog/threat-research/deep-panda-log4shell-fire-chili-rootkits
Title: Re: Technical
Post by: Asyn on April 05, 2022, 09:43:11 AM
AcidRain | A Modem Wiper Rains Down on Europe
https://www.sentinelone.com/labs/acidrain-a-modem-wiper-rains-down-on-europe/
Title: Re: Technical
Post by: Asyn on April 05, 2022, 04:36:23 PM
Fresh TOTOLINK Vulnerabilities Picked Up by Beastmode Mirai Campaign
https://www.fortinet.com/blog/threat-research/totolink-vulnerabilities-beastmode-mirai-campaign
Title: Re: Technical
Post by: Asyn on April 06, 2022, 11:30:31 AM
Deep Dive Analysis – Borat RAT
https://blog.cyble.com/2022/03/31/deep-dive-analysis-borat-rat/
Title: Re: Technical
Post by: Asyn on April 06, 2022, 03:48:16 PM
Global Operation Disrupts Business Email Compromise Schemes
FBI, International Partners Carried Out Operation Eagle Sweep to Combat Financially Devastating Crime
https://www.fbi.gov/news/stories/coordinated-operation-disrupts-global-bec-schemes-033022
Title: Re: Technical
Post by: Asyn on April 07, 2022, 09:25:30 AM
US disrupts Russian Cyclops Blink botnet before being used in attacks
https://www.bleepingcomputer.com/news/security/us-disrupts-russian-cyclops-blink-botnet-before-being-used-in-attacks/
Title: Re: Technical
Post by: Asyn on April 07, 2022, 11:00:57 AM
FIN7 Power Hour: Adversary Archaeology and the Evolution of FIN7
https://www.mandiant.com/resources/evolution-of-fin7
Title: Re: Technical
Post by: Asyn on April 07, 2022, 04:38:51 PM
Germany takes down Hydra, world's largest darknet market
https://www.bleepingcomputer.com/news/legal/germany-takes-down-hydra-worlds-largest-darknet-market/
Title: Re: Technical
Post by: Asyn on April 08, 2022, 09:06:45 AM
New malware targets serverless AWS Lambda with cryptominers
https://www.bleepingcomputer.com/news/security/new-malware-targets-serverless-aws-lambda-with-cryptominers/
Title: Re: Technical
Post by: Asyn on April 08, 2022, 11:32:44 AM
SpringShell RCE vulnerability: Guidance for protecting against and detecting CVE-2022-22965
https://www.microsoft.com/security/blog/2022/04/04/springshell-rce-vulnerability-guidance-for-protecting-against-and-detecting-cve-2022-22965/
Title: Re: Technical
Post by: Asyn on April 08, 2022, 01:26:24 PM
Parrot TDS takes over web servers and threatens millions
https://decoded.avast.io/janrubin/parrot-tds-takes-over-web-servers-and-threatens-millions/
Title: Re: Technical
Post by: Asyn on April 09, 2022, 10:16:24 AM
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/
Title: Re: Technical
Post by: Asyn on April 09, 2022, 02:58:09 PM
Threat Spotlight: AsyncRAT campaigns feature new version of 3LOSH crypter
https://blog.talosintelligence.com/2022/04/asyncrat-3losh-update.html
Title: Re: Technical
Post by: bob3160 on April 09, 2022, 05:01:55 PM
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/ (https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/)
The article really isn't very clear as to whose VLC installation is effected. or,
is the infection related to VLC servers?


Title: Re: Technical
Post by: Asyn on April 09, 2022, 05:45:30 PM
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/ (https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/)
The article really isn't very clear as to whose VLC installation is effected. or, is the infection related to VLC servers?
More here: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks
Title: Re: Technical
Post by: bob3160 on April 09, 2022, 07:45:56 PM
Chinese hackers abuse VLC Media Player to launch malware loader
https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/ (https://www.bleepingcomputer.com/news/security/chinese-hackers-abuse-vlc-media-player-to-launch-malware-loader/)
The article really isn't very clear as to whose VLC installation is effected. or, is the infection related to VLC servers?
According to that, the average person isn't a target.
More here: https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks (https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/cicada-apt10-china-ngo-government-attacks)
Title: Re: Technical
Post by: Asyn on April 10, 2022, 09:26:50 AM
Apple Neglects to Patch Two Zero-Day, Wild Vulnerabilities for macOS Big Sur, Catalina
https://www.intego.com/mac-security-blog/apple-neglects-to-patch-zero-day-wild-vulnerabilities-for-macos-big-sur-catalina/
Title: Re: Technical
Post by: Asyn on April 10, 2022, 11:27:58 AM
Android apps with 45 million installs used data harvesting SDK
https://www.bleepingcomputer.com/news/security/android-apps-with-45-million-installs-used-data-harvesting-sdk/
http://blog.appcensus.io/2022/04/06/the-curious-case-of-coulus-coelib/
Title: Re: Technical
Post by: Asyn on April 10, 2022, 04:32:33 PM
FFDroider Stealer Targeting Social Media Platform Users
https://www.zscaler.com/blogs/security-research/ffdroider-stealer-targeting-social-media-platform-users
Title: Re: Technical
Post by: Asyn on April 11, 2022, 09:17:37 AM
Disrupting cyberattacks targeting Ukraine
https://blogs.microsoft.com/on-the-issues/2022/04/07/cyberattacks-ukraine-strontium-russia/
Title: Re: Technical
Post by: Asyn on April 11, 2022, 01:33:50 PM
Colibri Loader combines Task Scheduler and PowerShell in clever persistence technique
https://blog.malwarebytes.com/threat-intelligence/2022/04/colibri-loader-combines-task-scheduler-and-powershell-in-clever-persistence-technique/
Title: Re: Technical
Post by: Asyn on April 12, 2022, 11:10:48 AM
Operation Bearded Barbie: APT-C-23 Campaign Targeting Israeli Officials
https://www.cybereason.com/blog/operation-bearded-barbie-apt-c-23-campaign-targeting-israeli-officials
Title: Re: Technical
Post by: Asyn on April 13, 2022, 11:04:53 AM
CVE-2022-22965: Analyzing the Exploitation of Spring4Shell Vulnerability in Weaponizing and Executing the Mirai Botnet Malware
https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html
Title: Re: Technical
Post by: Asyn on April 13, 2022, 01:31:54 PM
The April 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/4/11/the-april-2022-security-update-review
Title: Re: Technical
Post by: Asyn on April 13, 2022, 03:18:25 PM
New Meta information stealer distributed in malspam campaign
https://www.bleepingcomputer.com/news/security/new-meta-information-stealer-distributed-in-malspam-campaign/
Title: Re: Technical
Post by: Asyn on April 14, 2022, 09:50:04 AM
Look out for Octo's tentacles! A new on-device fraud Android Banking Trojan with a rich legacy
https://threatfabric.com/blogs/octo-new-odf-banking-trojan.html
Title: Re: Technical
Post by: Asyn on April 14, 2022, 06:18:18 PM
Qbot malware switches to new Windows Installer infection vector
https://www.bleepingcomputer.com/news/security/qbot-malware-switches-to-new-windows-installer-infection-vector/
Title: Re: Technical
Post by: Asyn on April 15, 2022, 11:34:34 AM
Tarrask malware uses scheduled tasks for defense evasion
https://www.microsoft.com/security/blog/2022/04/12/tarrask-malware-uses-scheduled-tasks-for-defense-evasion/
Title: Re: Technical
Post by: Asyn on April 15, 2022, 01:10:44 PM
Attackers linger on government agency computers before deploying Lockbit ransomware
https://news.sophos.com/en-us/2022/04/12/attackers-linger-on-government-agency-computers-before-deploying-lockbit-ransomware/
Title: Re: Technical
Post by: Asyn on April 15, 2022, 04:05:24 PM
RaidForums hacking forum seized by police, owner arrested
https://www.bleepingcomputer.com/news/security/raidforums-hacking-forum-seized-by-police-owner-arrested/
https://www.justice.gov/opa/pr/united-states-leads-seizure-one-world-s-largest-hacker-forums-and-arrests-administrator
https://www.europol.europa.eu/media-press/newsroom/news/one-of-world%E2%80%99s-biggest-hacker-forums-taken-down
Title: Re: Technical
Post by: Asyn on April 16, 2022, 01:10:46 PM
Malware Campaigns Targeting African Banking Sector
https://threatresearch.ext.hp.com/malware-campaigns-targeting-african-banking-sector
Title: Re: Technical
Post by: Asyn on April 16, 2022, 04:55:09 PM
Fakecalls: a talking Trojan
https://www.kaspersky.com/blog/fakecalls-banking-trojan/44072/
Title: Re: Technical
Post by: Asyn on April 17, 2022, 10:34:07 AM
Dismantling ZLoader: How malicious ads led to disabled security tools and ransomware
https://www.microsoft.com/security/blog/2022/04/13/dismantling-zloader-how-malicious-ads-led-to-disabled-security-tools-and-ransomware/
Title: Re: Technical
Post by: Asyn on April 17, 2022, 03:33:18 PM
Enemybot: A Look into Keksec's Latest DDoS Botnet
https://www.fortinet.com/blog/threat-research/enemybot-a-look-into-keksecs-latest-ddos-botnet
Title: Re: Technical
Post by: Asyn on April 18, 2022, 11:08:20 AM
Critical Remote Code Execution Vulnerabilities in Windows RPC Runtime
https://www.akamai.com/blog/security/critical-remote-code-execution-vulnerabilities-windows-rpc-runtime
Title: Re: Technical
Post by: Asyn on April 18, 2022, 03:53:24 PM
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/
https://wiscprivacy.com/papers/vca_mute.pdf
Title: Re: Technical
Post by: bob3160 on April 18, 2022, 04:28:59 PM
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/ (https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/)
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/ (https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/)
https://wiscprivacy.com/papers/vca_mute.pdf (https://wiscprivacy.com/papers/vca_mute.pdf)
I use a USB connected mic. If I'm that paranoid and don't think turning off the mike is actually turning off the mike, simply unplug the usb line from the mic.

Title: Re: Technical
Post by: DavidR on April 18, 2022, 04:41:09 PM
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/
https://wiscprivacy.com/papers/vca_mute.pdf

I think people need to start looking at internet of things tools, smart TVs, devices, etc. that use voice commands.  As they are awaiting (read listening) for your commands.
Title: Re: Technical
Post by: Asyn on April 19, 2022, 09:48:52 AM
Old Gremlins, new methods
https://blog.group-ib.com/oldgremlin_comeback
Title: Re: Technical
Post by: Asyn on April 19, 2022, 05:05:18 PM
Zloader 2: The Silent Night
https://decoded.avast.io/vladimirmartyanov/zloader-the-silent-night/
Title: Re: Technical
Post by: Asyn on April 20, 2022, 10:28:03 AM
Threat Spotlight: "Haskers Gang" Introduces New ZingoStealer
https://blog.talosintelligence.com/2022/04/haskers-gang-zingostealer.html
Title: Re: Technical
Post by: Asyn on April 20, 2022, 01:48:57 PM
How to recover files encrypted by Yanlouwang
https://securelist.com/how-to-recover-files-encrypted-by-yanlouwang/106332/
Title: Re: Technical
Post by: Asyn on April 20, 2022, 03:08:08 PM
Newly found zero-click iPhone exploit used in NSO spyware attacks
https://www.bleepingcomputer.com/news/security/newly-found-zero-click-iphone-exploit-used-in-nso-spyware-attacks/
https://citizenlab.ca/2022/04/catalangate-extensive-mercenary-spyware-operation-against-catalans-using-pegasus-candiru/
https://citizenlab.ca/2022/04/uk-government-officials-targeted-pegasus/
Title: Re: Technical
Post by: Asyn on April 21, 2022, 09:52:31 AM
Your iOS app may still be covertly tracking you, despite what Apple says
https://arstechnica.com/information-technology/2022/04/a-year-after-apple-enforces-app-tracking-policy-covert-ios-tracking-remains/
https://arxiv.org/pdf/2204.03556.pdf
Title: Re: Technical
Post by: Asyn on April 21, 2022, 12:52:53 PM
Emotet botnet switches to 64-bit modules, increases activity
https://www.bleepingcomputer.com/news/security/emotet-botnet-switches-to-64-bit-modules-increases-activity/
Title: Re: Technical
Post by: Asyn on April 21, 2022, 04:57:45 PM
New BotenaGo Variant Discovered by Nozomi Networks Labs
https://www.nozominetworks.com/blog/new-botenago-variant-discovered-by-nozomi-networks-labs/
https://www.virustotal.com/gui/file/fdbd955959a8f42450af5ac2bf93efba180f4cbae64dd4dd852f65c2e2057f56?nocache=1
Title: Re: Technical
Post by: Asyn on April 22, 2022, 10:11:53 AM
Social Networks Most Likely to be Imitated by Criminal Groups, with LinkedIn Now Accounting for Half of all Phishing Attempts Worldwide
https://blog.checkpoint.com/2022/04/19/social-networks-most-likely-to-be-imitated-by-criminal-groups-with-linkedin-now-accounting-for-half-of-all-phishing-attempts-worldwide/
Title: Re: Technical
Post by: Asyn on April 22, 2022, 11:37:55 AM
Warez users fell for Certishell
https://decoded.avast.io/danielbenes/warez-users-fell-for-certishell/
Title: Re: Technical
Post by: Asyn on April 22, 2022, 05:34:09 PM
Pwn2Own Miami 2022 Results
https://www.zerodayinitiative.com/blog/2022/4/14/pwn2own-miami-2022-results
Title: Re: Technical
Post by: Asyn on April 23, 2022, 10:10:45 AM
When “secure” isn’t secure at all: High‑impact UEFI vulnerabilities discovered in Lenovo consumer laptops
https://www.welivesecurity.com/2022/04/19/when-secure-isnt-secure-uefi-vulnerabilities-lenovo-consumer-laptops/
Title: Re: Technical
Post by: Asyn on April 23, 2022, 02:14:45 PM
'Mute' button in conferencing apps may not actually mute your mic
https://www.bleepingcomputer.com/news/security/mute-button-in-conferencing-apps-may-not-actually-mute-your-mic/
https://news.wisc.edu/youre-muted-or-are-you-videoconferencing-apps-may-listen-even-when-mic-is-off/
https://wiscprivacy.com/papers/vca_mute.pdf

I think people need to start looking at internet of things tools, smart TVs, devices, etc. that use voice commands.  As they are awaiting (read listening) for your commands.
Real-time voice concealment algorithm blocks microphone spying
https://www.bleepingcomputer.com/news/security/real-time-voice-concealment-algorithm-blocks-microphone-spying/
https://www.engineering.columbia.edu/news/block-smartphone-microphone-speech-recognition-spying
https://arxiv.org/pdf/2112.07076.pdf
Title: Re: Technical
Post by: Asyn on April 24, 2022, 11:13:43 AM
CVE-2022-21449: Psychic Signatures in Java
https://neilmadden.blog/2022/04/19/psychic-signatures-in-java/
Title: Re: Technical
Post by: Asyn on April 24, 2022, 02:07:02 PM
Shuckworm: Espionage Group Continues Intense Campaign Against Ukraine
https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/shuckworm-intense-campaign-ukraine
Title: Re: Technical
Post by: Asyn on April 24, 2022, 05:15:48 PM
Russia’s War in Ukraine Has Complicated the Means Through Which Cybercriminals Launder Funds. Here’s How They’re Adapting
https://www.flashpoint-intel.com/blog/russias-ukraine-war-is-complicating-cybercriminal-money-laundering/
Title: Re: Technical
Post by: Asyn on April 25, 2022, 11:33:24 AM
Leaked Chats Show LAPSUS$ Stole T-Mobile Source Code
https://krebsonsecurity.com/2022/04/leaked-chats-show-lapsus-stole-t-mobile-source-code/
Title: Re: Technical
Post by: Asyn on April 25, 2022, 05:36:39 PM
Zero Tolerance: More Zero-Days Exploited in 2021 Than Ever Before
https://www.mandiant.com/resources/zero-days-exploited-2021
Title: Re: Technical
Post by: Asyn on April 26, 2022, 09:52:06 AM
LemonDuck Targets Docker for Cryptomining Operations
https://www.crowdstrike.com/blog/lemonduck-botnet-targets-docker-for-cryptomining-operations/
Title: Re: Technical
Post by: Asyn on April 26, 2022, 01:21:22 PM
Quantum Ransomware
https://thedfirreport.com/2022/04/25/quantum-ransomware/
Title: Re: Technical
Post by: Asyn on April 26, 2022, 05:18:43 PM
Prynt Stealer Spotted In the Wild
https://blog.cyble.com/2022/04/21/prynt-stealer-a-new-info-stealer-performing-clipper-and-keylogger-activities/
Title: Re: Technical
Post by: Asyn on April 27, 2022, 10:30:09 AM
Browser-in-the-browser attack: a new phishing technique
https://www.kaspersky.com/blog/browser-in-the-browser-attack/44163/
Title: Re: Technical
Post by: Asyn on April 27, 2022, 01:39:34 PM
Emotet malware now installs via PowerShell in Windows shortcut files
https://www.bleepingcomputer.com/news/security/emotet-malware-now-installs-via-powershell-in-windows-shortcut-files/
Title: Re: Technical
Post by: Asyn on April 28, 2022, 09:17:09 AM
How Emotet flooded Japanese inboxes
https://blog.avast.com/emotet-botnet-japan
Title: Re: Technical
Post by: Asyn on April 28, 2022, 11:36:36 AM
Remote Code Execution via VirusTotal Platform
https://www.cysrc.com/blog/virus-total-blog/
Title: Re: Technical
Post by: Asyn on April 28, 2022, 03:31:21 PM
Microsoft finds new elevation of privilege Linux vulnerability, Nimbuspwn
https://www.microsoft.com/security/blog/2022/04/26/microsoft-finds-new-elevation-of-privilege-linux-vulnerability-nimbuspwn/
Title: Re: Technical
Post by: Asyn on April 29, 2022, 08:36:25 AM
EmoCheck now detects new 64-bit versions of Emotet malware
https://www.bleepingcomputer.com/news/security/emocheck-now-detects-new-64-bit-versions-of-emotet-malware/
Title: Re: Technical
Post by: Asyn on April 29, 2022, 03:33:58 PM
New Black Basta ransomware springs into action with a dozen breaches
https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/
Title: Re: Technical
Post by: Asyn on April 30, 2022, 11:08:17 AM
New Core Impact Backdoor Delivered Via VMWare Vulnerability
https://blog.morphisec.com/vmware-identity-manager-attack-backdoor
Title: Re: Technical
Post by: Asyn on April 30, 2022, 12:42:43 PM
Facebook Doesn’t Know What It Does With Your Data, Or Where It Goes: Leaked Document
https://www.vice.com/en/article/akvmke/facebook-doesnt-know-what-it-does-with-your-data-or-where-it-goes
Title: Re: Technical
Post by: bob3160 on April 30, 2022, 04:25:44 PM
New Black Basta ransomware springs into action with a dozen breaches
https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/ (https://www.bleepingcomputer.com/news/security/new-black-basta-ransomware-springs-into-action-with-a-dozen-breaches/)

Breaking Security News Flash - Black Basta -Ransomware Gang
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/04/30/14/22/c3fv23VYCty/preview.jpg)
https://youtu.be/omRohBCJePM
New or maybe just re-branded. They steal and encrypt your data.
If you don't pay, they leak your data.
See BleepingComputer for the full story. https://bit.ly/3s3ZIvP
Title: Re: Technical
Post by: Asyn on April 30, 2022, 06:06:35 PM
The hybrid war in Ukraine
https://blogs.microsoft.com/on-the-issues/2022/04/27/hybrid-war-ukraine-russia-cyberattacks/
https://aka.ms/ukrainespecialreport
Title: Re: Technical
Post by: Asyn on May 01, 2022, 10:14:29 AM
The ink-stained trail of GOLDBACKDOOR
https://stairwell.com/wp-content/uploads/2022/04/Stairwell-threat-report-The-ink-stained-trail-of-GOLDBACKDOOR.pdf
Title: Re: Technical
Post by: Asyn on May 01, 2022, 01:53:38 PM
Alert (AA22-117A) - 2021 Top Routinely Exploited Vulnerabilities
https://www.cisa.gov/uscert/ncas/alerts/aa22-117a
Title: Re: Technical
Post by: Asyn on May 02, 2022, 08:58:28 AM
REvil ransomware returns: New malware sample confirms gang is back
https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/
Title: Re: Technical
Post by: bob3160 on May 02, 2022, 01:29:28 PM
REvil ransomware returns: New malware sample confirms gang is back
https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/ (https://www.bleepingcomputer.com/news/security/revil-ransomware-returns-new-malware-sample-confirms-gang-is-back/)
You can't keep a good man down.... (OOPS)
Title: Re: Technical
Post by: Asyn on May 02, 2022, 04:33:54 PM
RedLine Stealer Resurfaces in Fresh RIG Exploit Kit Campaign
https://www.bitdefender.com/blog/labs/redline-stealer-resurfaces-in-fresh-rig-exploit-kit-campaign/
https://www.bitdefender.com/files/News/CaseStudies/study/415/Bitdefender-PR-Whitepaper-RedLine-creat6109-en-EN.pdf
Title: Re: Technical
Post by: Asyn on May 03, 2022, 09:18:47 AM
BRONZE PRESIDENT Targets Russian Speakers with Updated PlugX
https://www.secureworks.com/blog/bronze-president-targets-russian-speakers-with-updated-plugx
Title: Re: Technical
Post by: Asyn on May 03, 2022, 11:34:45 AM
This isn't Optimus Prime's Bumblebee but it's Still Transforming
https://www.proofpoint.com/us/blog/threat-insight/bumblebee-is-still-transforming
Title: Re: Technical
Post by: Asyn on May 04, 2022, 09:59:10 AM
Package Planting: Are You [Unknowingly] Maintaining Poisoned Packages?
https://blog.aquasec.com/npm-package-planting
Title: Re: Technical
Post by: Asyn on May 04, 2022, 11:52:06 AM
Facing reality? Law enforcement and the challenge of deepfakes
https://www.europol.europa.eu/publications-events/publications/facing-reality-law-enforcement-and-challenge-of-deepfakes
https://www.europol.europa.eu/cms/sites/default/files/documents/Europol_Innovation_Lab_Facing_Reality_Law_Enforcement_And_The_Challenge_Of_Deepfakes.pdf
Title: Re: Technical
Post by: Asyn on May 04, 2022, 02:12:51 PM
Trello From the Other Side: Tracking APT29 Phishing Campaigns
https://www.mandiant.com/resources/tracking-apt29-phishing-campaigns
Title: Re: Technical
Post by: Asyn on May 04, 2022, 05:31:16 PM
India Orders VPN Companies to Collect and Hand Over User Data
https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data/
Title: Re: Technical
Post by: Asyn on May 05, 2022, 10:01:16 AM
Moshen Dragon’s Triad-and-Error Approach | Abusing Security Software to Sideload PlugX and ShadowPad
https://www.sentinelone.com/labs/moshen-dragons-triad-and-error-approach-abusing-security-software-to-sideload-plugx-and-shadowpad/
Title: Re: Technical
Post by: Asyn on May 05, 2022, 03:39:14 PM
Conti, REvil, LockBit ransomware bugs exploited to block encryption
https://www.bleepingcomputer.com/news/security/conti-revil-lockbit-ransomware-bugs-exploited-to-block-encryption/
Title: Re: Technical
Post by: Asyn on May 06, 2022, 10:29:39 AM
Avast Q1/2022 Threat Report
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/
Title: Re: Technical
Post by: Asyn on May 06, 2022, 01:20:18 PM
Augury - Using Data Memory-Dependent Prefetchers to Leak Data at Rest
https://www.prefetchers.info/
https://www.prefetchers.info/augury.pdf
Title: Re: Technical
Post by: bob3160 on May 06, 2022, 02:52:56 PM
Avast Q1/2022 Threat Report
https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/ (https://decoded.avast.io/threatresearch/avast-q1-2022-threat-report/)
Thanks for sharing.
Title: Re: Technical
Post by: Asyn on May 07, 2022, 10:12:05 AM
Update on cyber activity in Eastern Europe
https://blog.google/threat-analysis-group/update-on-cyber-activity-in-eastern-europe/
Title: Re: Technical
Post by: Asyn on May 07, 2022, 01:49:03 PM
UNC3524: Eye Spy on Your Email
https://www.mandiant.com/resources/unc3524-eye-spy-email
Title: Re: Technical
Post by: Asyn on May 08, 2022, 10:38:55 AM
The Hermit Kingdom’s Ransomware play
https://www.trellix.com/en-us/about/newsroom/stories/threat-labs/the-hermit-kingdoms-ransomware-play.html
Title: Re: Technical
Post by: Asyn on May 08, 2022, 01:19:07 PM
Nozomi Networks Discovers Unpatched DNS Bug in Popular C Standard Library Putting IoT at Risk
https://www.nozominetworks.com/blog/nozomi-networks-discovers-unpatched-dns-bug-in-popular-c-standard-library-putting-iot-at-risk/
Title: Re: Technical
Post by: Asyn on May 08, 2022, 04:03:00 PM
India Orders VPN Companies to Collect and Hand Over User Data
https://www.cnet.com/news/privacy/india-orders-vpn-companies-to-collect-and-hand-over-user-data/
VPN Providers Threaten to Quit India Over New Data Law
https://www.wired.com/story/india-vpn-data-law/
Title: Re: Technical
Post by: Asyn on May 09, 2022, 09:39:11 AM
Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation
https://www.cybereason.com/blog/operation-cuckoobees-cybereason-uncovers-massive-chinese-intellectual-property-theft-operation
Title: Re: Technical
Post by: Asyn on May 09, 2022, 02:36:13 PM
TLStorm 2 – NanoSSL TLS library misuse leads to vulnerabilities in common switches
https://www.armis.com/blog/tlstorm-2-nanossl-tls-library-misuse-leads-to-vulnerabilities-in-common-switches/
Title: Re: Technical
Post by: Asyn on May 10, 2022, 09:20:54 AM
How your location is being tracked — and what to do about it
https://blog.avast.com/en/secure-browser/how-your-location-is-being-tracked-and-what-to-do-about-it
Title: Re: Technical
Post by: Asyn on May 10, 2022, 02:55:11 PM
Raspberry Robin gets the worm early
https://redcanary.com/blog/raspberry-robin/
Title: Re: Technical
Post by: Asyn on May 11, 2022, 09:34:17 AM
Which phishing scams are trending in 2022?
https://blog.avast.com/trending-phishing-scams-2022
Title: Re: Technical
Post by: Asyn on May 11, 2022, 12:03:17 PM
The May 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/5/10/the-may-2022-security-update-review
Title: Re: Technical
Post by: Asyn on May 11, 2022, 05:03:22 PM
NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
https://www.trendmicro.com/en_us/research/22/e/netdooka-framework-distributed-via-privateloader-ppi.html
Title: Re: Technical
Post by: Asyn on May 12, 2022, 10:00:28 AM
Mobile subscription Trojans and their little tricks
https://securelist.com/mobile-subscription-trojans-and-their-tricks/106412/
Title: Re: Technical
Post by: Asyn on May 12, 2022, 05:05:48 PM
UK govt releases free tool to check for email cybersecurity risks
https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/
Title: Re: Technical
Post by: bob3160 on May 12, 2022, 05:25:42 PM
UK govt releases free tool to check for email cybersecurity risks
https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/ (https://www.bleepingcomputer.com/news/security/uk-govt-releases-free-tool-to-check-for-email-cybersecurity-risks/)
This is restricted to Business in the UK.
Title: Re: Technical
Post by: Asyn on May 13, 2022, 12:09:55 PM
Bitter APT adds Bangladesh to their targets
https://blog.talosintelligence.com/2022/05/bitter-apt-adds-bangladesh-to-their.html
Title: Re: Technical
Post by: Asyn on May 14, 2022, 10:21:01 AM
Nerbian RAT Using COVID-19 Themes Features Sophisticated Evasion Techniques
https://www.proofpoint.com/us/blog/threat-insight/nerbian-rat-using-covid-19-themes-features-sophisticated-evasion-techniques
Title: Re: Technical
Post by: Asyn on May 14, 2022, 04:06:02 PM
New IceApple exploit toolset deployed on Microsoft Exchange servers
https://www.bleepingcomputer.com/news/security/new-iceapple-exploit-toolset-deployed-on-microsoft-exchange-servers/
https://www.crowdstrike.com/resources/white-papers/falcon-overwatch-proactive-threat-hunting-unearths-iceapple-post-exploitation-framework/
Title: Re: Technical
Post by: Asyn on May 15, 2022, 10:52:38 AM
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html

Avast responded to our notification with this statement:
"We can confirm the vulnerability in an old version of our driver aswArPot.sys, which we fixed in our Avast 21.5 released in June 2021. We also worked closely with Microsoft, so they released a block in the Windows operating system (10 and 11), so the old version of the Avast driver can't be loaded to memory.

The below example shows that the blocking works (output from the "sc start" command):

               (SC) StartService FAILED 1275:

               This driver has been blocked from loading

The update from Microsoft for the Windows operating system was published in February as an optional update, and in Microsoft's security release in April, so fully updated machines running Windows 10 and 11 are not vulnerable to this kind of attack.

All consumer and business antivirus versions of Avast and AVG detect and block this AvosLocker ransomware variant, so our users are protected from this attack vector.

For users of third-party antivirus software, to stay protected against this vulnerability, we recommend users to update their Windows operating system with the latest security updates, and to use a fully updated antivirus program."
Title: Re: Technical
Post by: bob3160 on May 15, 2022, 01:59:52 PM
AvosLocker Ransomware Variant Abuses Driver File to Disable Anti-Virus, Scans for Log4shell
https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html (https://www.trendmicro.com/en_us/research/22/e/avoslocker-ransomware-variant-abuses-driver-file-to-disable-anti-Virus-scans-log4shell.html)

Avast responded to our notification with this statement:
"We can confirm the vulnerability in an old version of our driver aswArPot.sys, which we fixed in our Avast 21.5 released in June 2021. We also worked closely with Microsoft, so they released a block in the Windows operating system (10 and 11), so the old version of the Avast driver can't be loaded to memory.

The below example shows that the blocking works (output from the "sc start" command):

               (SC) StartService FAILED 1275:

               This driver has been blocked from loading

The update from Microsoft for the Windows operating system was published in February as an optional update, and in Microsoft's security release in April, so fully updated machines running Windows 10 and 11 are not vulnerable to this kind of attack.

All consumer and business antivirus versions of Avast and AVG detect and block this AvosLocker ransomware variant, so our users are protected from this attack vector.

For users of third-party antivirus software, to stay protected against this vulnerability, we recommend users to update their Windows operating system with the latest security updates, and to use a fully updated antivirus program."

Anyone running Antivirus that by now would be almost 1 year out of date,
isn't really interested in protection.
I don't see the sense in publishing an article about a vulnerability that was fixed 11 month's ago?
Title: Re: Technical
Post by: Asyn on May 16, 2022, 10:19:04 AM
A new secret stash for “fileless” malware
https://securelist.com/a-new-secret-stash-for-fileless-malware/106393/
Title: Re: Technical
Post by: Asyn on May 16, 2022, 04:49:41 PM
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits
https://www.bleepingcomputer.com/news/security/microsoft-sysrv-botnet-targets-windows-linux-servers-with-new-exploits/
Title: Re: Technical
Post by: bob3160 on May 16, 2022, 05:01:29 PM
Microsoft: Sysrv botnet targets Windows, Linux servers with new exploits
https://www.bleepingcomputer.com/news/security/microsoft-sysrv-botnet-targets-windows-linux-servers-with-new-exploits/ (https://www.bleepingcomputer.com/news/security/microsoft-sysrv-botnet-targets-windows-linux-servers-with-new-exploits/)
If your system is up to date, this isn't anything to worry about. These exploits have all be addressed but,
your system needs to be kept up to date.
Title: Re: Technical
Post by: Asyn on May 17, 2022, 10:06:57 AM
Please Confirm You Received Our APT
https://www.fortinet.com/blog/threat-research/please-confirm-you-received-our-apt
Title: Re: Technical
Post by: DavidR on May 17, 2022, 01:01:36 PM
Please Confirm You Received Our APT
https://www.fortinet.com/blog/threat-research/please-confirm-you-received-our-apt

For me the email subject, would have me suspicious right from the start.

I confirm nothing, and the Subject having Fw: (forward) in the subject would also have alarm bells ringing.  Lets say someone did seek confirmation of receipt the email would hardly have been forwarded.  Little things like this should have people suspicious and on their guard.

I also use MailWasherPRO as my first level of check, I don't download email directly.  This marks obvious spam and it doesn't download all of the email just a small part (user configurable) and you can set it to be viewed in plain text.  This allows you to look at it and the email and headers without triggering any html content (web-beacons/images/tracking, etc.). 

The program does flag obvious spam, using various sources and allows you to change/mark emails as spam/clean.  Emails marked as Spam are deleted from the email server, for the remainder it calls your email program and the ones you wanted/flagged as good can be downloaded.
Title: Re: Technical
Post by: Asyn on May 17, 2022, 03:50:21 PM
Researchers find 134 flaws in the way Word, PDFs, handle scripts
https://www.theregister.com/2022/05/13/cooperative_mutation_flaw_finder/
https://huhong789.github.io/papers/xu:cooper.pdf
Title: Re: Technical
Post by: Asyn on May 18, 2022, 09:32:55 AM
BPFDoor — an active Chinese global surveillance tool
https://doublepulsar.com/bpfdoor-an-active-chinese-global-surveillance-tool-54b078f1a896
Title: Re: Technical
Post by: Asyn on May 18, 2022, 04:08:28 PM
Custom PowerShell RAT targets Germans seeking information about the Ukraine crisis
https://blog.malwarebytes.com/threat-intelligence/2022/05/custom-powershell-rat-targets-germans-seeking-information-about-the-ukraine-crisis/
Title: Re: Technical
Post by: Asyn on May 19, 2022, 09:29:08 AM
HTML attachments in phishing e-mails
https://securelist.com/html-attachments-in-phishing-e-mails/106481/
Title: Re: Technical
Post by: Asyn on May 19, 2022, 02:52:15 PM
Leaky Forms: A Study of Email and Password Exfiltration Before Form Submission
https://homes.esat.kuleuven.be/~asenol/leaky-forms/
https://homes.esat.kuleuven.be/~asenol/leaky-forms/leaky-forms-usenix-sec22.pdf
Title: Re: Technical
Post by: Asyn on May 20, 2022, 10:23:41 AM
Alert (AA22-137A) - Weak Security Controls and Practices Routinely Exploited for Initial Access
https://www.cisa.gov/uscert/ncas/alerts/aa22-137a
Title: Re: Technical
Post by: Asyn on May 20, 2022, 02:31:28 PM
Do you want 30 BTC? Nothing is easier (or cheaper) in this phishing campaign...
https://isc.sans.edu/forums/diary/Do+you+want+30+BTC+Nothing+is+easier+or+cheaper+in+this+phishing+campaign/28662/
Title: Re: Technical
Post by: Asyn on May 21, 2022, 11:43:46 AM
Conti ransomware shuts down operation, rebrands into smaller units
https://www.bleepingcomputer.com/news/security/conti-ransomware-shuts-down-operation-rebrands-into-smaller-units/
Title: Re: Technical
Post by: Asyn on May 21, 2022, 05:00:56 PM
Foreign Antivirus Software Banned In Russia
Source: https://www.heise.de/news/Putin-Mehr-Cyberattacken-gegen-Russland-beklagt-7102261.html
Excerpt from German article translated with www.DeepL.com/Translator (free version)


Due to a persistent threat situation, Putin ordered to implement a new security strategy in the IT sector by 2025. He said that in order to digitize the economy, the risks associated with the use of foreign software and technology must be reduced to a minimum. The use of foreign antivirus programs would be banned from 2025, the Russian president said.

The latter can be understood as a reaction to the banning of Kaspersky's Russian antivirus software in Western countries. In Germany, the Federal Office for Information Security (BSI) had warned against Kaspersky antivirus software because there was no longer any confidence in its reliability in light of the war against Ukraine. German companies should replace the software with alternative products, the BSI advised.

Kaspersky criticized the warning as politically motivated and not based on technical concerns. A legal appeal filed by Kaspersky against the warning recently finally failed in court. In the USA, the FCC classified Kaspersky Antivirus as a risk to national security.
Title: Re: Technical
Post by: bob3160 on May 21, 2022, 06:21:48 PM
Is there an AV product that will protect us from Politics?
Title: Re: Technical
Post by: Asyn on May 22, 2022, 11:27:28 AM
Rise in XorDdos: A deeper look at the stealthy DDoS malware targeting Linux devices
https://www.microsoft.com/security/blog/2022/05/19/rise-in-xorddos-a-deeper-look-at-the-stealthy-ddos-malware-targeting-linux-devices/
Title: Re: Technical
Post by: Asyn on May 22, 2022, 04:53:03 PM
Pwn2Own Vancouver 2022 - The Results
https://www.zerodayinitiative.com/blog/2022/5/18/pwn2own-vancouver-2022-the-results
Title: Re: Technical
Post by: Asyn on May 23, 2022, 09:38:49 AM
Lazarus Group Exploiting Log4Shell Vulnerability (NukeSped)
https://asec.ahnlab.com/en/34461/
Title: Re: Technical
Post by: Asyn on May 23, 2022, 01:58:13 PM
Ransomware gangs rely more on weaponizing vulnerabilities
https://www.bleepingcomputer.com/news/security/ransomware-gangs-rely-more-on-weaponizing-vulnerabilities/
Title: Re: Technical
Post by: Asyn on May 24, 2022, 11:25:57 AM
Fake Mobile Apps Steal Facebook Credentials, Cryptocurrency-Related Keys
https://www.trendmicro.com/en_us/research/22/e/fake-mobile-apps-steal-facebook-credentials--crypto-related-keys.html
Title: Re: Technical
Post by: Asyn on May 24, 2022, 03:25:06 PM
Russian hackers perform reconnaissance against Austria, Estonia
https://www.bleepingcomputer.com/news/security/russian-hackers-perform-reconnaissance-against-austria-estonia/
https://blog.sekoia.io/turla-new-phishing-campaign-eastern-europe/
Title: Re: Technical
Post by: Asyn on May 25, 2022, 10:19:40 AM
Why You Should Stop Using Nulled WordPress Plugins and Themes
https://kinsta.com/blog/nulled-wordpress-plugins-themes/
Title: Re: Technical
Post by: Asyn on May 25, 2022, 02:04:39 PM
New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux
Title: Re: Technical
Post by: bob3160 on May 25, 2022, 02:54:21 PM
New 'pymafka' malicious package drops Cobalt Strike on macOS, Windows, Linux
https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux (https://blog.sonatype.com/new-pymafka-malicious-package-drops-cobalt-strike-on-macos-windows-linux)
The good news is that both Avast and AVG detect this and protect us from this infection.
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/25/12/52/c3hTlsVrJ5j/preview.jpg)
Title: Re: Technical
Post by: Asyn on May 26, 2022, 10:54:41 AM
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/
Title: Re: Technical
Post by: Asyn on May 26, 2022, 01:42:02 PM
Malware Campaign Targets InfoSec Community: Threat Actor Uses Fake Proof of Concept to Deliver Cobalt-Strike Beacon
https://blog.cyble.com/2022/05/20/malware-campaign-targets-infosec-community-threat-actor-uses-fake-proof-of-concept-to-deliver-cobalt-strike-beacon
Title: Re: Technical
Post by: bob3160 on May 26, 2022, 02:13:36 PM
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/ (https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/)

FTC fines Twitter $150M for using 2FA info
for targeted advertising
(https://d1ka0itfguscri.cloudfront.net/Lh/2022/05/26/12/02/c3hOlnVr79w/preview.jpg)
https://youtu.be/1bQVsUtFcb8 (https://youtu.be/1bQVsUtFcb8)
Twitter asked over 140 million users for this information to protect their accounts starting in 2013, but it failed to inform them that the data would also be used to allow advertisers to target them with ads. Read the whole story at BleepingComputer.
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/
Title: Re: Technical
Post by: Asyn on May 26, 2022, 03:22:31 PM
Microsoft research reveals the changing face of skimming
https://blog.avast.com/microsoft-research-skimming
https://www.microsoft.com/security/blog/2022/05/23/beneath-the-surface-uncovering-the-shift-in-web-skimming/
Title: Re: Technical
Post by: DavidR on May 26, 2022, 04:14:20 PM
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/

For this gross breach of trust - using what is meant to be a security function to trach a user - even worse when it is also a "direct violation of the FTC Act."  I think $150m is a let off, I just wonder if the EU could/would also fine them as well.

I have never trusted social networking from day one and wouldn't trust them as far as I can throw them, hard when it isn't a physical thing.  I still haven't signed up to any social networking services.

Title: Re: Technical
Post by: bob3160 on May 26, 2022, 04:20:04 PM
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/ (https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/)

For this gross breach of trust - using what is meant to be a security function to trach a user - even worse when it is also a "direct violation of the FTC Act."  I think $150m is a let off, I just wonder if the EU could/would also fine them as well.

I have never trusted social networking from day one and wouldn't trust them as far as I can throw them, hard when it isn't a physical thing.  I still haven't signed up to any social networking services.
They are a tool and for our (Meadow Lake Parks Area Assn.) non-profit, it's a way to communicate with our members and keep them updated with our ongoing activities. Trust is a totally different thing.
Title: Re: Technical
Post by: DavidR on May 26, 2022, 05:14:33 PM
FTC fines Twitter $150M for using 2FA info for targeted advertising
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/ (https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/)

For this gross breach of trust - using what is meant to be a security function to trach a user - even worse when it is also a "direct violation of the FTC Act."  I think $150m is a let off, I just wonder if the EU could/would also fine them as well.

I have never trusted social networking from day one and wouldn't trust them as far as I can throw them, hard when it isn't a physical thing.  I still haven't signed up to any social networking services.
They are a tool and for our (Meadow Lake Parks Area Assn.) non-profit, it's a way to communicate with our members and keep them updated with our ongoing activities. Trust is a totally different thing.

My concerns are with the big players in social networking (not local not for profit organisations) as the drive for making money seems to override everything else.
Title: Re: Technical
Post by: Asyn on May 27, 2022, 10:19:59 AM
PDF Malware Is Not Yet Dead
https://threatresearch.ext.hp.com/pdf-malware-is-not-yet-dead/
Title: Re: Technical
Post by: Asyn on May 27, 2022, 01:52:11 PM
The New RansomHouse on The Block
https://cyberint.com/blog/research/ransomhouse/
Title: Re: Technical
Post by: Asyn on May 28, 2022, 10:34:12 AM
PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables
https://blog.sonatype.com/pypi-package-ctx-compromised-are-you-at-risk
Title: Re: Technical
Post by: Asyn on May 28, 2022, 01:12:47 PM
Android apps with millions of downloads exposed to high-severity vulnerabilities
https://www.microsoft.com/security/blog/2022/05/27/android-apps-with-millions-of-downloads-exposed-to-high-severity-vulnerabilities/
Title: Re: Technical
Post by: Asyn on May 29, 2022, 10:55:08 AM
Unknown APT group has targeted Russia repeatedly since Ukraine invasion
https://blog.malwarebytes.com/malwarebytes-news/2022/05/unknown-apt-group-has-targeted-russia-repeatedly-since-ukraine-invasion/
Title: Re: Technical
Post by: Asyn on May 29, 2022, 05:38:01 PM
New Research Paper: Pre-hijacking Attacks on Web User Accounts
https://msrc-blog.microsoft.com/2022/05/23/pre-hijacking-attacks/
https://arxiv.org/abs/2205.10174
Title: Re: Technical
Post by: Asyn on May 30, 2022, 09:24:20 AM
ERMAC Back In Action - Latest Version of Android Banking Trojan Targets over 400 Applications
https://blog.cyble.com/2022/05/25/ermac-back-in-action/
Title: Re: Technical
Post by: bob3160 on May 30, 2022, 11:53:29 AM

Key takeaways from Verizon's 2022 data breach report
https://blog.avast.com/verizon-2022-data-breach-report
Title: Re: Technical
Post by: Asyn on May 30, 2022, 03:41:31 PM
Clop ransomware gang is back, hits 21 victims in a single month
https://www.bleepingcomputer.com/news/security/clop-ransomware-gang-is-back-hits-21-victims-in-a-single-month/
Title: Re: Technical
Post by: Asyn on May 31, 2022, 11:10:26 AM
New Linux-Based Ransomware Cheerscrypt Targets ESXi Devices
https://www.trendmicro.com/en_us/research/22/e/new-linux-based-ransomware-cheerscrypt-targets-exsi-devices.html
Title: Re: Technical
Post by: Asyn on May 31, 2022, 01:17:20 PM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
Title: Re: Technical
Post by: Asyn on May 31, 2022, 05:15:26 PM
New Windows Subsystem for Linux malware steals browser auth cookies
https://www.bleepingcomputer.com/news/security/new-windows-subsystem-for-linux-malware-steals-browser-auth-cookies/
Title: Re: Technical
Post by: Asyn on June 01, 2022, 10:05:31 AM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Title: Re: Technical
Post by: Asyn on June 01, 2022, 11:35:29 AM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Title: Re: Technical
Post by: bob3160 on June 01, 2022, 01:18:46 PM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e (https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e)
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/ (https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/)
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug (https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug)
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ (https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/)
Defender has been updated to protect against this vulnerability. Has Avast done the same?
Title: Re: Technical
Post by: Asyn on June 01, 2022, 01:47:27 PM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e (https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e)
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/ (https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/)
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug (https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug)
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/ (https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/)
Defender has been updated to protect against this vulnerability. Has Avast done the same?
Hi Bob, yes: https://www.virustotal.com/gui/file/4a24048f81afbe9fb62e7a6a49adbd1faf41f266b5f9feecdceb567aec096784?nocache=1
Title: Re: Technical
Post by: bob3160 on June 01, 2022, 03:13:46 PM
Thanks Asyn, I should have thought of that. (Old age?)
Title: Re: Technical
Post by: Asyn on June 02, 2022, 10:31:58 AM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
Title: Re: Technical
Post by: Asyn on June 02, 2022, 03:01:09 PM
Mobile trojan detections rise as malware distribution level declines
https://www.bleepingcomputer.com/news/security/mobile-trojan-detections-rise-as-malware-distribution-level-declines/
Title: Re: Technical
Post by: Asyn on June 03, 2022, 10:23:10 AM
Hunting a Global Telecommunications Threat: DecisiveArchitect and Its Custom Implant JustForFun
https://www.crowdstrike.com/blog/how-to-hunt-for-decisivearchitect-and-justforfun-implant/
Title: Re: Technical
Post by: Asyn on June 03, 2022, 12:09:58 PM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
Outbreak of Follina in Australia
https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/
Title: Re: Technical
Post by: Asyn on June 03, 2022, 04:57:06 PM
Rapidly evolving IoT malware EnemyBot now targeting Content Management System servers and Android devices
https://cybersecurity.att.com/blogs/labs-research/rapidly-evolving-iot-malware-enemybot-now-targeting-content-management-system-servers
Title: Re: Technical
Post by: Asyn on June 04, 2022, 10:43:10 AM
Over 3.6 million exposed MySQL servers on IPv4 and IPv6
https://www.shadowserver.org/news/over-3-6m-exposed-mysql-servers-on-ipv4-and-ipv6/
Title: Re: Technical
Post by: Asyn on June 04, 2022, 12:56:28 PM
FluBot Android malware operation shutdown by law enforcement
https://www.bleepingcomputer.com/news/security/flubot-android-malware-operation-shutdown-by-law-enforcement/
https://www.europol.europa.eu/media-press/newsroom/news/takedown-of-sms-based-flubot-spyware-infecting-android-phones
Title: Re: Technical
Post by: Asyn on June 04, 2022, 05:40:26 PM
ChromeLoader: a pushy malvertiser
https://redcanary.com/blog/chromeloader/
Title: Re: Technical
Post by: Asyn on June 05, 2022, 10:28:13 AM
Ransomware attacks need less than four days to encrypt systems
https://www.bleepingcomputer.com/news/security/ransomware-attacks-need-less-than-four-days-to-encrypt-systems/
Title: Re: Technical
Post by: Asyn on June 05, 2022, 12:51:32 PM
Runescape phish claims your email has been changed
https://blog.malwarebytes.com/scams/2022/05/runescape-phish-claims-your-email-has-been-changed/
Title: Re: Technical
Post by: Asyn on June 05, 2022, 02:31:37 PM
Chinese LuoYu hackers deploy cyber-espionage malware via app updates
https://www.bleepingcomputer.com/news/security/chinese-luoyu-hackers-deploy-cyber-espionage-malware-via-app-updates/
Title: Re: Technical
Post by: Asyn on June 06, 2022, 11:04:56 AM
XLoader Botnet: Find Me If You Can
https://research.checkpoint.com/2022/xloader-botnet-find-me-if-you-can/
Title: Re: Technical
Post by: Asyn on June 06, 2022, 03:12:50 PM
Microsoft disrupts Bohrium hackers’ spear-phishing operation
https://www.bleepingcomputer.com/news/security/microsoft-disrupts-bohrium-hackers-spear-phishing-operation/
Title: Re: Technical
Post by: Asyn on June 06, 2022, 05:24:07 PM
SideWinder.AntiBot.Script
https://blog.group-ib.com/sidewinder-antibot
Title: Re: Technical
Post by: Asyn on June 07, 2022, 09:43:47 AM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
Outbreak of Follina in Australia
https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/
Windows zero-day exploited in US local govt phishing attacks
https://www.bleepingcomputer.com/news/security/windows-zero-day-exploited-in-us-local-govt-phishing-attacks/
Title: Re: Technical
Post by: Asyn on June 07, 2022, 12:34:03 PM
Tales From the Honeypot: WatchDog Evolves With a New Multi-Stage Cryptojacking Attack
https://www.cadosecurity.com/tales-from-the-honeypot-watchdog-evolves-with-a-new-multi-stage-cryptojacking-attack/
Title: Re: Technical
Post by: Asyn on June 07, 2022, 04:01:46 PM
Apple blocked 1.6 millions apps from defrauding users in 2021
https://www.bleepingcomputer.com/news/security/apple-blocked-16-millions-apps-from-defrauding-users-in-2021/
https://www.apple.com/newsroom/2022/06/app-store-stopped-nearly-one-point-five-billion-in-fraudulent-transactions-in-2021/
Title: Re: Technical
Post by: Asyn on June 08, 2022, 10:04:10 AM
Crypto stealing campaign spread via fake cracked software
https://blog.avast.com/fakecrack-campaign
Title: Re: Technical
Post by: Asyn on June 08, 2022, 12:08:03 PM
To HADES and Back: UNC2165 Shifts to LOCKBIT to Evade Sanctions
https://www.mandiant.com/resources/unc2165-shifts-to-evade-sanctions
Title: Re: Technical
Post by: Asyn on June 08, 2022, 03:12:39 PM
Decrypted: TaRRaK Ransomware
https://decoded.avast.io/threatresearch/decrypted-tarrak-ransomware/
Title: Re: Technical
Post by: Asyn on June 09, 2022, 10:21:37 AM
Evasive phishing mixes reverse tunnels and URL shortening services
https://www.bleepingcomputer.com/news/security/evasive-phishing-mixes-reverse-tunnels-and-url-shortening-services/
https://cloudsek.com/whitepapers_reports/cybercriminals-exploit-reverse-tunnel-services-and-url-shorteners-to-launch-large-scale-phishing-campaigns/
Title: Re: Technical
Post by: Asyn on June 09, 2022, 12:45:06 PM
Horde Webmail - Remote Code Execution via Email
https://blog.sonarsource.com/horde-webmail-rce-via-email/
Title: Re: Technical
Post by: Asyn on June 09, 2022, 05:22:16 PM
Shining the Light on Black Basta
https://research.nccgroup.com/2022/06/06/shining-the-light-on-black-basta/
Title: Re: Technical
Post by: Asyn on June 10, 2022, 09:56:07 AM
Ransomware gangs now give victims time to save their reputation
https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-give-victims-time-to-save-their-reputation/
Title: Re: Technical
Post by: Asyn on June 10, 2022, 02:00:18 PM
SVCReady: A New Loader Gets Ready
https://threatresearch.ext.hp.com/svcready-a-new-loader-reveals-itself/
Title: Re: Technical
Post by: DavidR on June 10, 2022, 02:18:31 PM
Ransomware gangs now give victims time to save their reputation
https://www.bleepingcomputer.com/news/security/ransomware-gangs-now-give-victims-time-to-save-their-reputation/

Why they make this seem like an altruistic action saving their reputation (doing them a favour), when it is just another money grubbing action so they have a better chance of getting paid!
Title: Re: Technical
Post by: Asyn on June 10, 2022, 05:19:48 PM
Hacking Some More Secure USB Flash Drives (Part I)
https://blog.syss.com/posts/hacking-usb-flash-drives-part-1/
Title: Re: Technical
Post by: Asyn on June 11, 2022, 10:41:52 AM
Technical Advisory – Multiple Vulnerabilities in U-Boot (CVE-2022-30790, CVE-2022-30552)
https://research.nccgroup.com/2022/06/03/technical-advisory-multiple-vulnerabilities-in-u-boot-cve-2022-30790-cve-2022-30552/
Title: Re: Technical
Post by: Asyn on June 11, 2022, 12:46:31 PM
Phishing tactics: how a threat actor stole 1M credentials in 4 months
https://pixmsecurity.com/blog/blog/phishing-tactics-how-a-threat-actor-stole-1m-credentials-in-4-months/
Title: Re: Technical
Post by: Asyn on June 11, 2022, 03:35:26 PM
Roblox Game Pass store used to sell ransomware decryptor
https://www.bleepingcomputer.com/news/security/roblox-game-pass-store-used-to-sell-ransomware-decryptor/
Title: Re: Technical
Post by: Asyn on June 12, 2022, 10:53:59 AM
Cuba Ransomware Group’s New Variant Found Using Optimized Infection Techniques
https://www.trendmicro.com/en_us/research/22/f/cuba-ransomware-group-s-new-variant-found-using-optimized-infect.html
Title: Re: Technical
Post by: Asyn on June 12, 2022, 02:55:56 PM
Symbiote: A New, Nearly-Impossible-to-Detect Linux Threat
https://blogs.blackberry.com/en/2022/06/symbiote-a-new-nearly-impossible-to-detect-linux-threat
https://www.intezer.com/blog/research/new-linux-threat-symbiote/
Title: Re: Technical
Post by: Asyn on June 13, 2022, 10:07:01 AM
Aoqin Dragon | Newly-Discovered Chinese-linked APT Has Been Quietly Spying On Organizations For 10 Years
https://www.sentinelone.com/labs/aoqin-dragon-newly-discovered-chinese-linked-apt-has-been-quietly-spying-on-organizations-for-10-years/
Title: Re: Technical
Post by: Asyn on June 13, 2022, 01:32:30 PM
PACMAN - Attacking ARM Pointer Authentication with Speculative Execution
https://pacmanattack.com/
https://pacmanattack.com/paper.pdf
Title: Re: Technical
Post by: Asyn on June 13, 2022, 03:10:41 PM
Linux Threat Hunting – ‘Syslogk’ – a kernel rootkit found under development in the wild
https://decoded.avast.io/davidalvarez/linux-threat-hunting-syslogk-a-kernel-rootkit-found-under-development-in-the-wild/
Title: Re: Technical
Post by: Asyn on June 14, 2022, 09:47:03 AM
Lyceum .NET DNS Backdoor
https://www.zscaler.com/blogs/security-research/lyceum-net-dns-backdoor
Title: Re: Technical
Post by: Asyn on June 14, 2022, 01:08:26 PM
Crypto-Miners Leveraging Atlassian Zero-Day Vulnerability
https://blog.checkpoint.com/2022/06/09/crypto-miners-leveraging-atlassian-zero-day-vulnerability/
Title: Re: Technical
Post by: Asyn on June 14, 2022, 05:41:56 PM
WiFi probing exposes smartphone users to tracking, info leaks
https://www.bleepingcomputer.com/news/security/wifi-probing-exposes-smartphone-users-to-tracking-info-leaks/
https://arxiv.org/pdf/2206.03745.pdf
Title: Re: Technical
Post by: Asyn on June 15, 2022, 09:35:16 AM
Follina — a Microsoft Office code execution vulnerability
https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e
https://www.bleepingcomputer.com/news/security/new-microsoft-office-zero-day-used-in-attacks-to-execute-powershell/
https://www.huntress.com/blog/microsoft-office-remote-code-execution-follina-msdt-bug
Guidance for CVE-2022-30190 Microsoft Support Diagnostic Tool Vulnerability
https://msrc-blog.microsoft.com/2022/05/30/guidance-for-cve-2022-30190-microsoft-support-diagnostic-tool-vulnerability/
Windows MSDT zero-day vulnerability gets free unofficial patch
https://www.bleepingcomputer.com/news/security/windows-msdt-zero-day-vulnerability-gets-free-unofficial-patch/
Outbreak of Follina in Australia
https://decoded.avast.io/threatintel/outbreak-of-follina-in-australia/
Windows zero-day exploited in US local govt phishing attacks
https://www.bleepingcomputer.com/news/security/windows-zero-day-exploited-in-us-local-govt-phishing-attacks/
Microsoft patches actively exploited Follina Windows zero-day
https://www.bleepingcomputer.com/news/security/microsoft-patches-actively-exploited-follina-windows-zero-day/
Title: Re: Technical
Post by: Asyn on June 15, 2022, 12:44:20 PM
The June 2022 Security Update Review
https://www.zerodayinitiative.com/blog/2022/6/14/the-june-2022-security-update-review
Title: Re: Technical
Post by: Asyn on June 16, 2022, 10:38:47 AM
Exposing HelloXD Ransomware and x4k
https://unit42.paloaltonetworks.com/helloxd-ransomware/
Title: Re: Technical
Post by: Asyn on June 16, 2022, 05:41:04 PM
Researchers Find Bluetooth Signals Can be Fingerprinted to Track Smartphones
https://thehackernews.com/2022/06/researchers-find-bluetooth-signals-can.html
https://jacobsschool.ucsd.edu/news/release/3461
https://cseweb.ucsd.edu/~schulman/docs/oakland22-bletracking.pdf
Title: Re: Technical
Post by: Asyn on June 16, 2022, 07:15:25 PM
GALLIUM Expands Targeting Across Telecommunications, Government and Finance Sectors With New PingPull Tool
https://unit42.paloaltonetworks.com/pingpull-gallium/
Title: Re: Technical
Post by: Asyn on June 17, 2022, 10:02:51 AM
How SeaFlower 藏海花 installs backdoors in iOS/Android web3 wallets to steal your seed phrase
https://blog.confiant.com/how-seaflower-%E8%97%8F%E6%B5%B7%E8%8A%B1-installs-backdoors-in-ios-android-web3-wallets-to-steal-your-seed-phrase-d25f0ccdffce
Title: Re: Technical
Post by: Asyn on June 17, 2022, 02:14:54 PM
Microsoft’s Vulnerability Practices Put Customers At Risk
https://www.linkedin.com/pulse/microsofts-vulnerability-practices-put-customers-risk-amit-yoran/
Title: Re: Technical
Post by: Asyn on June 17, 2022, 06:09:28 PM
Hertzbleed Attack
https://www.hertzbleed.com/
https://www.hertzbleed.com/hertzbleed.pdf
Title: Re: Technical
Post by: Asyn on June 18, 2022, 03:27:17 PM
Hackers exploit three-year-old Telerik flaws to deploy Cobalt Strike
https://www.bleepingcomputer.com/news/security/hackers-exploit-three-year-old-telerik-flaws-to-deploy-cobalt-strike/
Title: Re: Technical
Post by: Asyn on June 18, 2022, 03:27:37 PM
The many lives of BlackCat ransomware
https://www.microsoft.com/security/blog/2022/06/13/the-many-lives-of-blackcat-ransomware/
Title: Re: Technical
Post by: Asyn on June 18, 2022, 05:52:35 PM
Hundreds arrested and millions seized in global INTERPOL operation against social engineering scams
https://www.interpol.int/News-and-Events/News/2022/Hundreds-arrested-and-millions-seized-in-global-INTERPOL-operation-against-social-engineering-scams
Title: Re: Technical
Post by: Asyn on June 18, 2022, 06:56:40 PM
Microsoft Office 365 feature can help cloud ransomware attacks
https://www.bleepingcomputer.com/news/security/microsoft-office-365-feature-can-help-cloud-ransomware-attacks/
Title: Re: Technical
Post by: Asyn on June 19, 2022, 10:28:02 AM
Russian disinformation spreading across the globe
https://blog.avast.com/russia-ukraine-disinformation
Title: Re: Technical
Post by: DavidR on June 19, 2022, 12:46:51 PM
Russian disinformation spreading across the globe
https://blog.avast.com/russia-ukraine-disinformation

Interesting read.
Title: Re: Technical
Post by: Asyn on June 19, 2022, 01:41:51 PM
Zimbra Email - Stealing Clear-Text Credentials via Memcache injection
https://blog.sonarsource.com/zimbra-mail-stealing-clear-text-credentials-via-memcache-injection/
Title: Re: Technical
Post by: Asyn on June 20, 2022, 09:10:37 AM
Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”
https://www.akamai.com/blog/security/new-p2p-botnet-panchan
Title: Re: Technical
Post by: Asyn on June 20, 2022, 12:22:02 PM
Russian RSocks botnet disrupted after hacking millions of devices
https://www.bleepingcomputer.com/news/security/russian-rsocks-botnet-disrupted-after-hacking-millions-of-devices/
https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation
Title: Re: Technical
Post by: Asyn on June 21, 2022, 11:08:43 AM
F5 Labs Investigates MaliBot
https://www.f5.com/labs/articles/threat-intelligence/f5-labs-investigates-malibot
Title: Re: Technical
Post by: Asyn on June 21, 2022, 02:08:08 PM
Do free countries have more digital wellbeing?
https://blog.avast.com/digital-wellbeing-report
Title: Re: Technical
Post by: Asyn on June 21, 2022, 04:13:49 PM
Google Chrome extensions can be fingerprinted to track you online
https://www.bleepingcomputer.com/news/security/google-chrome-extensions-can-be-fingerprinted-to-track-you-online/
Title: Re: Technical
Post by: Asyn on June 22, 2022, 10:51:00 AM
Malspam pushes Matanbuchus malware, leads to Cobalt Strike
https://isc.sans.edu/forums/diary/Malspam+pushes+Matanbuchus+malware+leads+to+Cobalt+Strike/28752/
Title: Re: Technical
Post by: Asyn on June 22, 2022, 04:55:59 PM
New DFSCoerce NTLM Relay attack allows Windows domain takeover
https://www.bleepingcomputer.com/news/microsoft/new-dfscoerce-ntlm-relay-attack-allows-windows-domain-takeover/
Title: Re: Technical
Post by: Asyn on June 23, 2022, 09:26:59 AM
BRATA is evolving into an Advanced Persistent Threat
https://www.cleafy.com/cleafy-labs/brata-is-evolving-into-an-advanced-persistent-threat
Title: Re: Technical
Post by: Asyn on June 23, 2022, 11:09:43 AM
NSA shares tips on securing Windows devices with PowerShell
https://www.bleepingcomputer.com/news/security/nsa-shares-tips-on-securing-windows-devices-with-powershell/
https://media.defense.gov/2022/Jun/22/2003021689/-1/-1/1/CSI_KEEPING_POWERSHELL_SECURITY_MEASURES_TO_USE_AND_EMBRACE_20220622.PDF
Title: Re: Technical
Post by: Asyn on June 23, 2022, 02:59:40 PM
Russian RSocks botnet disrupted after hacking millions of devices
https://www.bleepingcomputer.com/news/security/russian-rsocks-botnet-disrupted-after-hacking-millions-of-devices/
https://www.justice.gov/usao-sdca/pr/russian-botnet-disrupted-international-cyber-operation
RSocks criminal botnet taken down
https://blog.avast.com/rsocks-criminal-botnet
Title: Re: Technical
Post by: Asyn on June 23, 2022, 05:39:15 PM
Does Acrobat Reader Unload Injection of Security Products?
https://blog.minerva-labs.com/does-acrobat-reader-unload-injection-of-security-products

Avast Dev-Info: Definitely not blocking scanning, they are blocking only some user-mode hooking by preventing injection of aswHook.dll. Only behavior shield depends on this functionality and only marginally.
Title: Re: Technical
Post by: Asyn on June 24, 2022, 09:23:03 AM
APT ToddyCat
https://securelist.com/toddycat/106799/
Title: Re: Technical
Post by: Asyn on June 24, 2022, 01:22:23 PM
Defending Ukraine: Early Lessons from the Cyber War
https://blogs.microsoft.com/on-the-issues/2022/06/22/defending-ukraine-early-lessons-from-the-cyber-war/
Title: Re: Technical
Post by: Asyn on June 24, 2022, 04:02:19 PM
Spyware vendor targets users in Italy and Kazakhstan
https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/
Title: Re: Technical
Post by: Asyn on June 25, 2022, 11:06:29 AM
MEGA: Malleable Encryption Goes Awry
https://mega-awry.io/
https://mega-awry.io/pdf/mega-malleable-encryption-goes-awry.pdf
Title: Re: Technical
Post by: Asyn on June 25, 2022, 04:58:37 PM
Hacking into the worldwide Jacuzzi SmartTub network
https://eaton-works.com/2022/06/20/hacking-into-the-worldwide-jacuzzi-smarttub-network/
Title: Re: Technical
Post by: Asyn on June 26, 2022, 11:37:21 AM
Chinese actor takes aim, armed with Nim Language and Bizarro AES
https://research.checkpoint.com/2022/chinese-actor-takes-aim-armed-with-nim-language-and-bizarro-aes/
Title: Re: Technical
Post by: Asyn on June 26, 2022, 04:20:08 PM
Dark Web Price Index 2022
https://www.privacyaffairs.com/dark-web-price-index-2022/
Title: Re: Technical
Post by: Asyn on June 27, 2022, 09:44:04 AM
Hacking Some More Secure USB Flash Drives (Part II)
https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/
Title: Re: Technical
Post by: Asyn on June 27, 2022, 05:23:11 PM
The Call Is Coming from Inside the House: CrowdStrike Identifies Novel Exploit in VOIP Appliance
https://www.crowdstrike.com/blog/novel-exploit-detected-in-mitel-voip-appliance/
Title: Re: Technical
Post by: Asyn on June 28, 2022, 11:32:16 AM
Python packages upload your AWS keys, env vars, secrets to the web
https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web
Title: Re: Technical
Post by: Asyn on June 28, 2022, 03:08:18 PM
Malware-as-a-service is spreading among teens
https://blog.avast.com/discord-minors-ransomware
Title: Re: Technical
Post by: bob3160 on June 28, 2022, 04:27:38 PM
Malware-as-a-service is spreading among teens
https://blog.avast.com/discord-minors-ransomware (https://blog.avast.com/discord-minors-ransomware)

Malware-as-a-service is spreading among teens
(https://i.imgur.com/wrotHWZm.jpg) (https://i.imgur.com/wrotHWZ.png)
https://youtu.be/k4Ds2nVcqZs
As the Avast team spent more time in the community, observing their behavior and vocabulary,
they realized something surprising: most of the members were minors between the ages of 11 and 16.
To read more on this topic please see the full article by Emma McGowan at the link listed: https://bit.ly/3A9cEFD (https://bit.ly/3A9cEFD)
If you have children or grandchildren, please keep an eye on their online activity and always
guide them in the right direction.
Title: Re: Technical
Post by: Asyn on June 29, 2022, 10:16:27 AM
LockBit Ransomware Disguised as Copyright Claim E-mail Being Distributed
https://asec.ahnlab.com/en/35822/
Title: Re: Technical
Post by: Asyn on June 29, 2022, 01:47:16 PM
Clever phishing method bypasses MFA using Microsoft WebView2 apps
https://www.bleepingcomputer.com/news/security/clever-phishing-method-bypasses-mfa-using-microsoft-webview2-apps/
Title: Re: Technical
Post by: Asyn on June 29, 2022, 05:33:01 PM
Attacks on industrial control systems using ShadowPad
https://ics-cert.kaspersky.com/publications/reports/2022/06/27/attacks-on-industrial-control-systems-using-shadowpad/
https://ics-cert.kaspersky.com/media/Kaspersky-ICS-CERT-Attacks-on-industrial-control-systems-using-ShadowPad-En.pdf
Title: Re: Technical
Post by: Asyn on June 30, 2022, 10:36:19 AM
Exposed Kubernetes clusters
https://blog.cyble.com/2022/06/27/exposed-kubernetes-clusters/
Title: Re: Technical
Post by: Asyn on June 30, 2022, 01:19:57 PM
Malware-as-a-service is spreading among teens
https://blog.avast.com/discord-minors-ransomware (https://blog.avast.com/discord-minors-ransomware)
Malware-as-a-service is spreading among teens
https://youtu.be/k4Ds2nVcqZs
As the Avast team spent more time in the community, observing their behavior and vocabulary,
they realized something surprising: most of the members were minors between the ages of 11 and 16.
To read more on this topic please see the full article by Emma McGowan at the link listed: https://bit.ly/3A9cEFD (https://bit.ly/3A9cEFD)
If you have children or grandchildren, please keep an eye on their online activity and always
guide them in the right direction.
Minors Use Discord Servers to Earn Extra Pocket Money Through Spreading Malware
https://press.avast.com/minors-use-discord-servers-to-earn-extra-pocket-money-through-spreading-malware
Title: Re: Technical
Post by: Asyn on June 30, 2022, 03:21:10 PM
Revive: from spyware to Android banking trojan
https://www.cleafy.com/cleafy-labs/revive-from-spyware-to-android-banking-trojan
Title: Re: Technical
Post by: Asyn on June 30, 2022, 05:14:23 PM
MITRE shares this year's list of most dangerous software bugs
https://www.bleepingcomputer.com/news/security/mitre-shares-this-years-list-of-most-dangerous-software-bugs/
https://cwe.mitre.org/top25/archive/2022/2022_cwe_top25.html
Title: Re: Technical
Post by: Asyn on June 30, 2022, 07:28:20 PM
Return of the Evilnum APT with updated TTPs and new targets
https://www.zscaler.com/blogs/security-research/return-evilnum-apt-updated-ttps-and-new-targets
Title: Re: Technical
Post by: Asyn on July 01, 2022, 09:34:41 AM
ZuoRAT Hijacks SOHO Routers to Silently Stalk Networks
https://blog.lumen.com/zuorat-hijacks-soho-routers-to-silently-stalk-networks/
Title: Re: Technical
Post by: bob3160 on July 26, 2022, 02:20:52 PM
New ‘Lightning Framework’ Linux malware installs rootkits, backdoors
https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/ (https://www.bleepingcomputer.com/news/security/new-lightning-framework-linux-malware-installs-rootkits-backdoors/)