SECURITY WARNINGS & Notices - Please post them here

[Asyn]

Cybersecurity Advisory Notice
https://www.foxitsoftware.com/support/security-advisories.php

[Pondus]

Revealed: How a secret Dutch mole aided the U.S.-Israeli Stuxnet cyberattack on Iran
https://www.yahoo.com/news/revealed-how-a-secret-dutch-mole-aided-the-us-israeli-stuxnet-cyber-attack-on-iran-160026018.html

[Pondus]

41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os

[DavidR]

41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os

My surprise is that it is only 41%

[=Snake=]

41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os

My surprise is that it is only 41%

And we belong to those 41% 

[bob3160]

41% of Consumers Still Use Unsupported or Nearly Expired Operating Systems
https://usa.kaspersky.com/about/press-releases/2019_consumers-still-use-unsupported-and-near-end-of-life-os

My surprise is that it is only 41%

And we belong to those 41% 

Happy to be part of the 59%.

[polonus]

Spammers abuse Snowden's new book to spread emotet malware trojan downloader infections.
Read: https://blog.malwarebytes.com/botnets/2019/09/emotet-malspam-campaign-uses-snowdens-new-book-as-lure/

We cannot tell for sure, such malware spam campaigns come from average cybercriminals or with the blessing of some state actors,
consider: https://www.theverge.com/2019/9/17/20870706/edward-snowden-book-us-government-justice-lawsuit-profits-release

Think of groups like APT28, DarkMatter and other groups that operate with government consent of sorts.

Analyzing one example from South Africa in Afrikaans & US American English:
See: https://any.run/report/821e3f454016615879c524b7b2604c21f783b062f4c9756993a2be75e08d8820/ea4d097e-bc52-4ac1-bcc1-6acee3cd47ee
Other information on this malware campaign:
https://isc.sans.edu/diary/More+Malspam+pushing+Emotet+malware/23083
on forwarding port: https://www.google.com/search?client=avast&ei=RFyLXfWLHYLMwQKU6Z-gAw&q=port+7080+used+for+malware&oq=port+7080+used+for+malware&gs_l=psy-ab.12..33i160.526.2228..3679...0.2..2.786.4145.2-3j5-3j2......0....1..gws-wiz.......0i71j0i22i30.S9TZ0mtzXLA&ved=0ahUKEwj1vY_F--vkAhUCZlAKHZT0BzQQ4dUDCAs
detection: https://www.virustotal.com/gui/url/cfe00e649b459de311f14bc751439f6ada69b4462f4251399b3d250447791bfa/detection
On infesting sw-cp server: https://toolbar.netcraft.com/site_report?url=http%3A%2F%2Feuve264289.serverprofi24.de%2F
On the zero-day being abused: https://blogs.cisco.com/security/plesk-0-day-targets-web-servers
On that particular launching IP: https://www.shodan.io/host/62.75.171.248

polonus (volunteer 3rd party cold recon website security analyst and website error-hunter)

[Asyn]

Google Chrome Keystone is modifying /var symlink on non SIP Macs causing Boot Issues
https://mrmacintosh.com/google-chrome-keystone-is-modifying-var-symlink-on-non-sip-macs-causing-boot-issues/
https://support.google.com/chrome/thread/15235262

[polonus]

Malicious HTA node.js malware, not just for spammers.
Cisco & Microsoft warn users.
See: https://www.trustedsec.com/2015/07/malicious-htas/
Re: -https://github.com/InQuest/malware-samples/tree/master/2019-04-Malicious-HTA-file
and read: https://www.cybersecurity-help.cz/blog/698.html

polonus

[Pondus]

Malicious HTA node.js malware, not just for spammers.
Cisco & Microsoft warn users.
See: https://www.trustedsec.com/2015/07/malicious-htas/
Re: -https://github.com/InQuest/malware-samples/tree/master/2019-04-Malicious-HTA-file
and read: https://www.cybersecurity-help.cz/blog/698.html

polonus

Divergent: "Fileless" NodeJS Malware Burrows Deep Within the Host
https://blog.talosintelligence.com/2019/09/divergent-analysis.html


https://www.virustotal.com/gui/file/47b5dac9152220fbbf122eff89ac93d42e9196f5ab665a2a6d99594246ab8a81/detection

https://www.virustotal.com/gui/file/062688aec1bdf1208bd72a77696e1fbcd1076f54bd6e59141ed12b6f8e3ba32c/detection

[polonus]

Security Attacks via Malicious QR Codes:
Read: https://resources.infosecinstitute.com/security-attacks-via-malicious-qr-codes/

Various generators for various purposes:
https://www.the-qrcode-generator.com/
http://goqr.me/
http://www.qr-code-generator.com/
http://www.qrstuff.com/
https://scan.me/qr-code-generator

A QR code has an unlimited lifespan, PHISHING is the main attack vector for malicious QR Code.
info credits for the above information go to INFOSEC.'s Pavitra Shankdhar

polonus

[Asyn]

Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs
https://www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/

[bob3160]

Comodo Forums Breached, Data of Over 170,000 Users Up for Grabs
https://www.bleepingcomputer.com/news/security/comodo-forums-breached-data-of-over-170-000-users-up-for-grabs/

Some of us know first hand that no forum is ever 100% safe. Actually, nothing is which is why we need security.

[polonus]

Cybercrime is everywhere, read about Predator the Thief, a malware stealer, here:
https://www.fortinet.com/blog/threat-research/predator-the-thief-new-routes-delivery.html  (info credits go to Fortinet's).

One of the launch IPs for this: https://www.shodan.io/host/18.219.205.14
Not detected as such at VT: https://www.virustotal.com/gui/url/b7cbb3ffcdd2172d17328a0e0fd45a67844e2d557c91cf35284339e064b3fa57/details
Stumbled upon this malbot here: http://cybercrime-tracker.net/index.php
where one can meet more notorious members of this unwelcome family 

polonus

[Pondus]

Russian hackers modify Chrome and Firefox to track secure web traffic

The perpetrators may have Russian government support.

https://www.engadget.com/2019/10/06/russian-hackers-modify-chrome-firefox/?guccounter=1&guce_referrer=aHR0cHM6Ly9pdGF2aXNlbi5uby8yMDE5LzEwLzA3L3J1c3Npc2tlLWhhY2tlcmUtaGFyLW1vZGlmaXNlcnQtY2hyb21lLW9nLWZpcmVmb3gtbXVsaWdlbnMtbWVkLXJ1c3Npc2tlLW15bmRpZ2hldGVyLWktcnlnZ2VuLw&guce_referrer_sig=AQAAANa41GseYgc442zehSlhCKHRYMthxO69f_j7L_6bLGUjRkrtO2FboKmw9jaUShXYfGlssPH8xO-5p1GqSkHuknWQ3bVOVIHv0k1HIaW5kNpN2G8PDe8wRwy5eoqb-snsi9Kgqvi4HDLVA9ZO2YhI2H8t_w495npwxMPsuyE2kMZd