SECURITY WARNINGS & Notices - Please post them here

[mchain]

NSA secret and covert pathways into foreign air-gapped computers
http://www.nytimes.com/2014/01/15/us/nsa-effort-pries-open-computers-not-connected-to-internet.html?hp&_r=1

Other devices than PC's/workstations affected as well.

[polonus]

Why experts again advise to uninstall Java altogether, see: http://www.kb.cert.org/vuls/id/625617
Some kernel components should be completely rewritten according to Bitdefender's Bogdan Botezatu on Twitter Bogdan Botezatu
ATbbotezatu.

polonus

[Asyn]

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates
http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/

[polonus]

Vietman Governmental Attackers use poisoned Word documents to attack critical bloggers-> https://www.virustotal.com/nl/file/351813270729b78fb2fe33be9c57fcd6f3828576171c7f404ed53af77cd91206/analysis/
-> https://www.virustotal.com/nl/file/351813270729b78fb2fe33be9c57fcd6f3828576171c7f404ed53af77cd91206/analysis/
The malicious part is https://threatcenter.crdf.fr/?More&ID=83663&D=CRDF.Virus.Virus.MSWord.Sattelite987105478
and has been around since 2012 and is being used in the latest versions also: https://malwr.com/analysis/NWM5NDU4NmM4NWNlNDJiYzhiYmM4ODhkNGQzNWFkMTY/
Only 1 of 49 av vendors detect the attack code heuristically,

polonus

[Pondus]

SPAM supposedly spotted leaving the fridge.   
http://www.theregister.co.uk/2014/01/20/spam_spotted_leaving_the_fridge/

http://www.proofpoint.com/about-us/press-releases/01162014.php

[Pondus]

EE BrightBox routers can be hacked 'by simple copy/paste operation'
http://www.theregister.co.uk/2014/01/20/brightbox_routers_vuln/

[Asyn]

Adware vendors buy Chrome Extensions to send ad- and malware-filled updates
http://arstechnica.com/security/2014/01/malware-vendors-buy-chrome-extensions-to-send-adware-filled-updates/

Nice apps get bad makeover after spammers buy them
http://blog.avast.com/2014/01/20/nice-apps-get-bad-makeover-after-spammers-buy-them/

[Cast]

Chrome Bugs Allow Sites to Listen to Your Private Conversations
http://talater.com/chrome-is-listening/

I wonder if this affects chromium based browsers as well since Chrome is based of it.

[Pondus]

Visited Yahoo recently? You may have malware!
http://blogs.norman.com/2014/for-consumption/visited-yahoo-recently-you-may-have-malware

[Asyn]

Important Security Update for Yahoo Mail Users
http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users

[polonus]

Data snooping revelations, what can developers do to better protect users? (They let it slip    )
Read: http://stackoverflow.com/questions/21389844/with-the-nsa-data-snooping-revelations-what-can-app-developers-do-to-prevent-th

The angry-bird app developers did not even provide a blocking mechanism - all so-called "sitting data" could be snooped upon, slurped and exploited for BB surveillance purposes!

polonus

P.S. Note - On a side-line.
We had some interesting thread here on blocking/uninstalling geo-location from various software. Why this was I do not know but somehow we have both lost  thread and user  In hindsight from the revelations of grand scale data exploitation/abuse he had a lot of prophetic insight there and then...
I know you cannot blame the surveillance institutions simply on geo-location data proliferation sec, but it has been and still is an importing facilitating factor where user snooping and user profiling  is concerned. 
Read: http://www.ghacks.net/2010/05/10/how-to-disable-geolocation-in-google-chrome/
link author = Martin Brinkman

D

[Pondus]

Malware infections “staying the same” say security experts
http://blogs.norman.com/2014/for-consumption/malware-infections-staying-the-same-say-security-experts

A new survey of computer security professionals has revealed that the amount of malware threats reaching users has stayed the same over the past year, and that users are more likely to be infected by surfing the internet than downloading attachments to emails.

[Pondus]

Viruses now use your computer to infect your phone
http://blogs.norman.com/2014/for-consumption/viruses-now-use-your-computer-to-infect-your-phone

[polonus]

168 domains seized in grand counterfeit goods action: http://www.ice.gov/news/releases/1401/140130newyork.htm

polonus

[polonus]

About the danger of downloading ENC files and banking trojans: http://garwarner.blogspot.co.uk/2014/02/gameover-zeus-now-uses-encryption-to.html
article author = Gary Warner
Go over your logs and check!

polonus