SECURITY WARNINGS & Notices - Please post them here

[Be Secure]

Embittered Enjey Ransomware Developer Launches DDoS Attack on ID Ransomware
https://www.bleepingcomputer.com/news/security/embittered-enjey-ransomware-developer-launches-ddos-attack-on-id-ransomware/

[polonus]

Present-day WWW looks as fragile as a sand-castle

Exploitable javascript code libraries all over the place.

Inherently holed and insecure infrastructure.

And it won't be any better for the forseeable future.

Read: https://www.theregister.co.uk/2017/03/14/outdated_javascript_libraries_weaken_web_security/

Some here, inclusing little old me, are hammering the subject endlessly but almost in vain,
almost as not a soul seems interested to do something about it.

Hey baby, baby,  it is a wild wild wild world out there on most of these insecure online websites!
Interesting survey results for those interested in website development and security: https://stackoverflow.com/insights/survey/2016

polonus (volunteer website security analyst and website error-hunter)

[Pondus]

New Imeij IoT Malware Targets AVTech Equipment
https://www.bleepingcomputer.com/news/security/new-imeij-iot-malware-targets-avtech-equipment/

[polonus]

AV the fine balance between protecting your private data and being a concern or threat to your privacy?

Read: https://www.theregister.co.uk/2017/03/17/security_software_is_a_threat_to_your_privacy_too/

polonus

[Be Secure]

Star Trek Themed Kirk Ransomware Brings us Monero and a Spock Decryptor!
https://www.bleepingcomputer.com/news/security/star-trek-themed-kirk-ransomware-brings-us-monero-and-a-spock-decryptor/

[polonus]

All firefox users should read here, it was Pwn2Own hacked the other day, see: https://forum.avast.com/index.php?topic=199002.msg1378499#msg1378499  and here: http://forums.mozillazine.org/viewtopic.php?f=38&t=2888507
to see the problems with run of the mill browsers go on and on in an endless stream.

Thanks to -midnight for a very early heads-up 

polonus

[DavidR]

All firefox users should read here, it was Pwn2Own hacked the other day, see: https://forum.avast.com/index.php?topic=199002.msg1378499#msg1378499  and here: http://forums.mozillazine.org/viewtopic.php?f=38&t=2888507
to see the problems with run of the mill browsers go on and on in an endless stream.

<snip>

Not sure if your 2nd link is valid/current, given it is was Posted November 14th, 2014, 12:11 pm. All Browsers are constantly under attack, the more market share, the more of a target they will be.

[polonus]

@DavidR,

The second link was to show how that same issue now via an integer overflow was used (revived in another context) in the most recent Pwn2Own hack.

So insecurity is like music being played from a Dutch grinding organ. They use the same blocks (flaws) over and over again to play their favourite tunes and melodies.

Here a golden oldie from 2014 was revived. This is because digital infrastructure is insecure by design. So we have started out with a "a priori"unsafe aka insecure model and have built further onto that.

What has been INsecure from the word go, can never be secure(d) again or it has to be re-built up again from scratch and no one will or can (afford to) do that. We have to live in that world now. Do not trust a thing, and look for a bug everywhere around you, disclosed or not.

polonus

[DavidR]

@DavidR,

The second link was to show how that same issue now via an integer overflow was used (revived in another context) in the most recent Pwn2Own hack.
<snip>
polonus

The same can be said of all browsers and if you want Microsoft Windows, we are still getting security updates for the same sort of issues time and again, Permission Escallation, etc. going back through all of the Window OS releases purporting to be the most secure yet.

[Be Secure]

Big Surprise: Chinese PUPs Deliver Backdoored Drivers
https://www.bleepingcomputer.com/news/security/big-surprise-chinese-pups-deliver-backdoored-drivers/

[bob3160]

Big Surprise: Chinese PUPs Deliver Backdoored Drivers
https://www.bleepingcomputer.com/news/security/big-surprise-chinese-pups-deliver-backdoored-drivers/

"For recent Windows 10 versions, the driver won't load past build 14393 or version 1607."
Another reason to update to the latest version of Windows 10.

[polonus]

Vast increase of hacked websites seen: https://webmasters.googleblog.com/2017/03/nohacked-year-in-review.html

This is unfortunate news and it means that the likes of Eddy, others and little old me will have to report many more malicious, suspicious and insecure websites in the coming future in the "virus and worms section" of these here forums.

If only people would only update & patch, better secure & use best practices, better configure & better retire what is unsafe, we would not be in that awfully insecure infrastructure situation we have now.

Alas the situation gets worse and worse and as far as I can see no better times in sight.

polonus (volunteer website security analyst and website error-hunter)

[Be Secure]

New LLTP Ransomware Appears to be a Rewritten Venus Locker
https://www.bleepingcomputer.com/news/security/new-lltp-ransomware-appears-to-be-a-rewritten-venus-locker/

[Be Secure]

vBulletin Hack Exposes 820,000 Accounts from 126 Forums
http://news.softpedia.com/news/vbulletin-hack-exposes-820-000-accounts-from-126-forums-513416.shtml

[polonus]

GoDaddy acquires Sucuri's. Often the claims that websites were fully secured seemed not quite appropriate.

Will Sucuri offer similar services in the future, like they did in the past, seems to be seen.

polonus