SECURITY WARNINGS & Notices - Please post them here

[bob3160]

Don't fall for this email:

The attachment will not update your system to Windows 10
The attachment will Encrypt the information on your Computer.
It will cost you money to get the key to un-encrypt the files.
More information at:
http://blogs.cisco.com/security/talos/ctb-locker-win10

[Asyn]

Apple iTunes & AppStore - Persistent Invoice Vulnerability
http://www.vulnerability-lab.com/get_content.php?id=1512

[polonus]

Why adblocking stays your best line of defense against malvertising campaigns, read: https://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/
Yahoo together with other big companies  is working on a better ad experience    (ironical wink)

polonus

[DavidR]

Why adblocking stays your best line of defense against malvertising campaigns, read: https://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/
Yahoo together with other big companies  is working on a better ad experience    (ironical wink)

polonus

Yep, there is no such thing as a 'better ad experience' other than removing them

[polonus]

Chinese Commercial VPN service makes use of hacked Windows servers abroad: https://blogs.rsa.com/terracotta-vpn-enabler-of-advanced-threat-anonymity/
The main reason for the brute force attacks, disabling of the firewall and windows defender - 31 hacked Windows servers were detected. The main reason for the hacks could be it was cost saving.

polonus

[polonus]

But American VPN to China is also not very secure: https://www.goldenfrog.com/vyprvpn/features/vpn-server-locations
-> http://toolbar.netcraft.com/site_report?url=https://www.goldenfrog.com  dns report: http://www.dnsinspect.com/datafoundry.com/1438711068  nameserver version info proliferation turns up moderate bind security: https://www.redhat.com/archives/rhsa-announce/2014-January/msg00013.html  caching only Bind server.
Bind
To hide version in when using Bind, open named.conf configuration file using your favorite editor, go to options section and set a custom version string using version option.  So goldenfrog already has some rust.

polonus

[Para-Noid]

Large Malvertising Campaign Takes on Yahoo!

https://blog.malwarebytes.org/malvertising-2/2015/08/large-malvertising-campaign-takes-on-yahoo/?utm_source=Gplus&utm_medium=social

DYLD_PRINT_TO_FILE exploit found in the wild

https://blog.malwarebytes.org/mac/2015/08/dyld_print_to_file-exploit-found-in-the-wild/?utm_source=Gplus&utm_medium=social

[Asyn]

Researcher says he can hack GM’s OnStar app, open vehicle, start engine
http://venturebeat.com/2015/07/30/researcher-says-can-hack-gms-onstar-app-open-vehicle-start-engine/

[polonus]

Advice from Perry Mertens to uninstall NETBIOS, a protocol dating back to 1983. [/b
Read: ]https://www.linkedin.com/pulse/netbios-30-years-old-forgotten-backdoor-microsoft-windows-mertens
The vulnerability problems of NETBIOS: https://technet.microsoft.com/en-us/library/security/ms00-047.aspx
Earlier we got the same advice here: https://isc.sans.edu/diary/Is+it+time+to+get+rid+of+NetBIOS%3F/12454

polonus

[bob3160]

Advice from Perry Mertens to uninstall NETBIOS, a protocol dating back to 1983. [/b
Read: ]https://www.linkedin.com/pulse/netbios-30-years-old-forgotten-backdoor-microsoft-windows-mertens
The vulnerability problems of NETBIOS: https://technet.microsoft.com/en-us/library/security/ms00-047.aspx
Earlier we got the same advice here: https://isc.sans.edu/diary/Is+it+time+to+get+rid+of+NetBIOS%3F/12454

polonus

Affected Software:
Microsoft Windows NT 4.0 Workstation
Microsoft Windows NT 4.0 Server
Microsoft Windows NT 4.0 Server, Enterprise Edition
Microsoft Windows NT 4.0 Server, Terminal Server Edition
Microsoft Windows 2000

[Para-Noid]

What does a DDoS attack look like?

https://www.youtube.com/watch?utm_campaign=What%20does%20a%20DDoS%20attack%20look%20like%20YouTube%20Video&utm_medium=social&utm_source=googleplus&v=w-I19knBFTM

[Pondus]

“Thunderstrike 2” rootkit uses Thunderbolt accessories to infect Mac firmware
http://arstechnica.com/apple/2015/08/thunderstrike-2-rootkit-uses-thunderbolt-accessories-to-infect-mac-firmware/

[Para-Noid]

0-day bug in fully patched OS X comes under active exploit to bypass password protection

http://arstechnica.com/security/2015/08/0-day-bug-in-fully-patched-os-x-comes-under-active-exploit-to-hijack-macs/

[polonus]

Read: http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed

polonus

[bob3160]

Read: http://www.cio.com.au/article/581435/google-puts-screws-sneaky-chrome-add-on-installs/?utm_medium=rss&utm_source=taxonomyfeed

polonus

Bad Google at it again.