SECURITY WARNINGS & Notices - Please post them here

[Pondus]

A New IoT Botnet Storm is Coming
https://research.checkpoint.com/new-iot-botnet-storm-coming/

[polonus]

Another zero-day in extension used to attack websites with WordPress detected by Wordfence.

https://wordpress.org/plugins/ultimate-form-builder-lite/#developers

pol

[polonus]

New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication

Is it safe and cannot it be circumvented?

polonus

[DavidR]

New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication

Is it safe and cannot it be circumvented?

polonus

Personally since the various security issues relating to Lenovo, I would be wary of any security related promotion connected to Lenovo. 

Previous to my purchase of this win10 acer notebook, lenovo products were attractive given the Performance Vs Price. Security issues however, took lenovo right off my list and they haven't regained my trust (very hard in my case).

Also fingerprints as a security measure are loosing ground as far as security goes, they can be tricked by a lifted fingerprint. Something that has also been talked about is that fingerprints actually change as we get older; have a look at your fingerprints, the young are relatively clear and well defined those older computer users will see (excuse the pun) that their fingerprints aren't so clearly defined.  They look more worn and faded, possibly more so in those who were in a manual job.

[bob3160]

New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication

Is it safe and cannot it be circumvented?

polonus

Personally since the various security issues relating to Lenovo, I would be wary of any security related promotion connected to Lenovo. 

Previous to my purchase of this win10 acer notebook, lenovo products were attractive given the Performance Vs Price. Security issues however, took lenovo right off my list and they haven't regained my trust (very hard in my case).

Also fingerprints as a security measure are loosing ground as far as security goes, they can be tricked by a lifted fingerprint. Something that has also been talked about is that fingerprints actually change as we get older; have a look at your fingerprints, the young are relatively clear and well defined those older computer users will see (excuse the pun) that their fingerprints aren't so clearly defined.  They look more worn and faded, possibly more so in those who were in a manual job.

As long as we're just talking about fingerprints, I'll agree with you.

[DavidR]

New authentication method on lenovo - FIDO:
They claim to be the first: http://www.businesswire.com/news/home/20171024005571/en/Lenovo%E2%84%A2-Intel%C2%AE-Deliver-Simpler-Safer-Online-Authentication

Is it safe and cannot it be circumvented?

polonus

<snip>
Also fingerprints as a security measure are loosing ground as far as security goes, they can be tricked by a lifted fingerprint. Something that has also been talked about is that fingerprints actually change as we get older; have a look at your fingerprints, the young are relatively clear and well defined those older computer users will see (excuse the pun) that their fingerprints aren't so clearly defined.  They look more worn and faded, possibly more so in those who were in a manual job.

As long as we're just talking about fingerprints, I'll agree with you.

Yes that is the 'main' train of my thoughts fingerprints really aren't that great as far as security is concerned.  There have been articles about biometrics.

"The measurement of physical characteristics, such as fingerprints, DNA, or retinal patterns, for use in verifying the identity of individuals" from http://www.tfd.com/biometrics .

Retinal use for id purposes has also had some negative reports/issues if used for authentication.  Whilst the use of DNA is probably the most secure it has a long way to go before it can be used for id/authentication at such a low level.  I don't think that we will see 'lick/touch screens/pads' to analyse your saliva any time soon.

[Be Secure]

Bad Rabbit: Not-Petya is back with improved ransomware

https://www.welivesecurity.com/2017/10/24/bad-rabbit-not-petya-back/

[Be Secure]

Tyrant Ransomware Spreads in Iran Disguised as Popular VPN App
https://www.bleepingcomputer.com/news/security/tyrant-ransomware-spreads-in-iran-disguised-as-popular-vpn-app/

[polonus]

Dwindling privacy and less security resulting in ever so many data-breaches, now again in the land of down under:

https://medium.com/@woj_ciech/short-story-about-s3-bucket-python-script-thousands-of-data-and-australian-government-435e4d2b213e

polonus

[polonus]

A typical case of lack of input validation for e-mail fraud- damage for customers could be over a million in dollars...
http://theartnewspaper.com/news/galleries-lose-large-sums-to-cybercrime

2FA, in a lot of cases, it cannot come in too soon,

polonus

[polonus]

Tor browser IP leaks for linux- and Mac-users:

Tor project came with an important update: https://blog.torproject.org/tor-browser-709-released

This bug was detected as a design flaw: https://trac.torproject.org/projects/tor/ticket/24052

For some the leakage was hard to reproduce.
Probably the design error was found, because of the transition to unix domain sockets.

Read about this by Robert Ransom at this link: https://packetstormsecurity.com/files/112439/torproxy-bypass.txt

How to reproduce an example was given here: https://trac.torproject.org/projects/tor/ticket/5741

Download and verify "tor-browser-gnu-linux-i686-2.2.35-10-dev-en-US.tar.gz"
Start up Wireshark to monitor your network, optionally filtering for "dns"
Unpack Tor and start it by running the "start-tor-browser" script
Once TorBrowser is open, go to "?http://bitcoincharts.com/"
See DNS request for "bitcoincharts.com" being logged in Wireshark
System information:
Tor Browser Bundle for 32-bit Linux, version 2.2.35-10
Running on Fedora 16

To reproduce the exact syntax used and configuration are important,
obfuscation already can be an erroneous factor,
those into reproducing could come up with their own "scrum-report" of sorts.

(info credits security dot nl).

polonus

P.S. The right order and right use of vpn and tor on whonix could be critical for security reasons.

Important notice:
Remember to use these anonimity tools only for legitimate use. Abuse of such services is an legal offence,
and abusers will often suffer the consequences, when found out. No hacker is really out of harm's way. 

In some countries the use of such tools may be forbidden (certain VPN services in the Russian Federation,
when keys are withheld from the authorities).

Damian

[polonus]

Asian government sites hacked to be abused by PHISHing: https://www.volexity.com/blog/2017/11/06/oceanlotus-blossoms-mass-digital-surveillance-and-exploitation-of-asean-nations-the-media-human-rights-and-civil-society/

pol

[polonus]

PHISHING back as one of the major Internet threats, why so few phishing websites are actually detected and blocked by AV?

See the report: https://security.googleblog.com/2017/11/new-research-understanding-root-cause.html

Best phising detection performance from IDS alerting "fortinet's" see urlquery.net results.
Also check on: http://www.urlvoid.com/scan/freckleface.com.au/

Bitdefender TrafficLight extension and Webutation Rating also do a fine job.
The average AV solution often miserably fails in detecting or
are detecting long after the fact, when the actual phishing campaign is long over.

Third party content blocking via NoScript and uMatrix and browser hygiene is your best option.

Just an example where average AV fails: http://www.urlvoid.com/scan/freckleface.com.au/  -> https://urlquery.net/report/7e257590-c233-482d-871b-db7baadbb167
where only OpenPhish and fortinet detect and alert this.

Also has to do with what we consider accepted legal phishing by a big techno corporation, like Google's for instance,
and what is considered as 'bad phishing', two standards going and a lot of confusion for the modern end-user 

polonus (volunteer website security analyst and website error-hunter0

[bob3160]

This needs to be done ASAP - Disable SMB1

Server Message Block (SMB) is a local network file sharing protocol designed for sharing data, printers, etc.
between computers. SMBv1 is the formative iteration of the protocol which has since been replaced by SMBv2 and SMBv3.
SMB1 is still enabled by default in Windows simply to cater for specific older software which hasn’t been updated to support SMB2 or SMB3.
Microsoft will be disabling SMB1 by default starting with the Windows 10 Fall Creators Update.
It was still turned on on my systems and they are all running Windows 10 Fall Creators Update

[DavidR]

@bob3160

Very interesting, but I do find the response by many companies "Vendor does not publicly document their requirement for SMB1."  That is pretty poor and almost an admission that they do use it, this certainly doesn't help the user protect their system. 

I would be seriously looking to get rid of any program that doesn't comment on their use of SMBv1, if they do, then their users systems could be at risk. If they don't use it (or use a later version of SMBv?) then their users aren't at risk, but should still disable SMBv1.