Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2888954 times)

polonus · « **Reply #3945 on:** July 25, 2015, 12:15:43 PM »

Cybercriminal's favorite exploit kit by far is named Angler:
Angler dominated with an 82% of the exploit kit market share - https://blogs.sophos.com/2015/07/21/a-closer-look-at-the-angler-exploit-kit/ link article author = Fraser Howard.
Qualities of this malware: http://blogs.cisco.com/security/talos/angler-domain-shadowing
Link article author is Nick Biasini and edited by Joel Esler.

posted here by polonus

polonus · « **Reply #3946 on:** July 27, 2015, 01:35:54 PM »

Security Researchers wary of Wassenaar Treaty. Discriminating export restrictions could severely hamper international digital security. Lobbyists and none-technical political forces could have clipped the wings of security researchers and could have hampered security for the global community and especially outside the "Wassenaar Global Empire" with the proposals as they are now for CFAA.
What does it bring if you have a computer with a Tb of memory and you cannot work it because of the slow Celeron processor it has inside, you'd better have a swift processor on a computer with an external hard disk?

Or what if you run privacy risks in parts of the world because of encryption export restrictions, even worse if by technical incompetence the encryption is served the wrong end up.

It is like old Rome revisited, the Romans were producing cheese with the use of rennet and germanic/slavonic tribes outside the limes (bounderies) of the empire they made their "ost"/"ser" passing milk through nets made of the Galium plant, also known as catchweed or goosegrass, later they adopted to the new Roman ways of life and produced real cheese (word taken from Latin caseus), with Wassenaar rules "caseus" would never have been exported. Now we even produce kosher and halal cheese.

Read here: https://threatpost.com/security-researchers-wary-of-proposed-wassenaar-rules/112937 Article author = Michael Mimoso.

polonus

SpeedyPC · « **Reply #3947 on:** July 28, 2015, 06:08:53 AM »

Leaked files from state-sponsored hackers reveal which protection their trojans can’t get past

Data breaches on international surveillance firms can teach us a lot about which antivirus programs are actually working.

Recent high-profile leaks show that malware from surveillance firms Hacking Team and FinFisher can't be detected by more than 80% of antivirus programs!

http://blog.emsisoft.com/2015/07/27/leaked-files-from-state-sponsored-hackers-reveal-which-protection-their-trojans-cant-get-past/?ref=ticker150727&utm_source=newsletter&utm_medium=newsletter&utm_content=blog&utm_campaign=ticker150727

Quote

Hacking Team’s trojan detected by 5 out of 34 antivirus vendors
http://ht.transparencytoolkit.org/KnowledgeBase/-%20AV%20Test%20Summary%20-%20%5DHT%5B%20%3A%3A%20KnowledgeBase%20Product.html

polonus · « **Reply #3948 on:** July 28, 2015, 12:51:36 PM »

Hi dear avast users,

10 million potential victims of malverting leading to Angler exploit infections.
Read: http://www.cyphort.com/malvertising-spike/ link article author = Nick Bilogorskiy.
Malvertising via -ads.us.e-planning.net is being blocked for me by uBlock Origin.
Users should always have protection via a decent adblocker.
Understand that using adblockers is a vital part of your protection.
"Do not surf without being protected, else you will surely get infected".

polonus

polonus · « **Reply #3949 on:** July 28, 2015, 12:56:37 PM »

The Home Office warns against TorrentLocker-ransomware with an additional advice to use HTTPS only: https://www.gov.uk/government/news/home-office-fraudulent-email-warning

polonus

polonus · « **Reply #3950 on:** July 28, 2015, 03:25:55 PM »

Quantserve trackers and adware pusher use soup. It is a soup which taste I do not like and why I have an adblocker like uBlock Origin to keep such destinations blocked. See what Visitor related info is gathered via soup

Code: [Select]

 Results from scanning URL: httc://edge.quantserve.com/quant.js
[code]
window.SOUP_test_ab = "";

Quote

Visitor related
Login status of the user - all following flags apply to a logged in visitor (= Soup user) only
Blog privacy - the privacy status the visitor configured for their blog
NSFW toggle - this pertains to an upcoming release that let's the visitor toggle if they want to see NSFW material in /everyone, /friends etc.
Exports - tells us which exports the visitor has configured (currently this can only be facebook)
Reported someone - did the visitor report posts for anything, like spam. This may pertain to the visitors engagement level.
Email - did the visitor supply an email with their registration?
Which imports did the visitor configure?
Did the visitor connect their account to facebook, either via export or signup?
How long has the visitor had his account with Soup, in days
Which pool does the visitor belong to? Currently there is only A, which are all members of @testkitchen, and B, which is the default for everyone. We may use this to do split-testing in the future.
Is the visitor using an adblocker?
How many feeds is the visitor importing to their blog?
How many original (non-imported) posts does the visitor have on their blog?
Days since the last original post of the visitor
Number of groups the visitor is member of

polonus

mchain · « **Reply #3951 on:** July 28, 2015, 07:10:35 PM »

Quote from: polonus on July 28, 2015, 12:56:37 PM

The Home Office warns against TorrentLocker-ransomware with an additional advice to use HTTPS only: https://www.gov.uk/government/news/home-office-fraudulent-email-warning

polonus

Timely warning notification there. I'm sure avast will have protection soon.

mchain · « **Reply #3952 on:** July 28, 2015, 08:51:11 PM »

Update on Rowhammer:
http://www.slate.com/articles/technology/bitwise/2015/07/rowhammer_security_exploit_why_a_new_security_attack_is_truly_terrifying.html

Earlier post (March 2015) by Pondus here:
https://forum.avast.com/index.php?topic=52252.msg1192762#msg1192762

(EDIT: Corrected year to 2015)

Para-Noid · « **Reply #3953 on:** July 28, 2015, 09:11:22 PM »

Advert Strikes Out Via Copycat Gaming Site

https://blog.malwarebytes.org/malvertising-2/2015/07/advert-strikes-out-via-copycat-gaming-site/?utm_source=Gplus&utm_medium=social

Ukrainian Media Site RBC[dot]UA Drops CryptoWall Ransomware

https://blog.malwarebytes.org/exploits-2/2015/07/ukrainian-media-site-rbcdotua-drops-cryptowall-ransomware/?utm_source=Gplus&utm_medium=social

Fake Safari update installs MacKeeper, ZipCloud

https://blog.malwarebytes.org/fraud-scam/2015/07/fake-safari-update-installs-mackeeper-zipcloud/?utm_source=Gplus&utm_medium=social

Para-Noid · « **Reply #3954 on:** July 29, 2015, 08:03:09 PM »

Malwarebytes Anti-Malware Now Supports Windows 10 (Not surprising.)

https://blog.malwarebytes.org/news/2015/07/malwarebytes-anti-malware-now-supports-windows-10/?utm_source=Gplus&utm_medium=social

USA TODAY Fantasy Sports Discussion Forum Serves Malware

https://blog.malwarebytes.org/exploits-2/2015/07/usa-today-fantasy-sports-discussion-forum-serves-malware/?utm_source=Gplus&utm_medium=social

polonus · « **Reply #3955 on:** July 30, 2015, 06:20:05 PM »

How your privacy has been thrown out of the window on Google Android:
http://arstechnica.com/gadgets/2013/10/googles-iron-grip-on-android-controlling-open-source-by-any-means-necessary/
That was written in 2013 and the situation has only grown worse with adblockers taken from Google Shop etc. etc.

polonus

polonus · « **Reply #3956 on:** July 30, 2015, 10:13:21 PM »

BIND users should immediately upgrade - there is no circumventing this vulnerability can be easily attacked by exploitkits.
Read: https://www.isc.org/blogs/about-cve-2015-5477-an-error-in-handling-tkey-queries-can-cause-named-to-exit-with-a-require-assertion-failure/ posted by Michael McNally
This general bug could mean a big problem when not patched.

polonus

Para-Noid · « **Reply #3957 on:** August 01, 2015, 06:44:02 PM »

Defeating The Fake iOS Crash Reports

https://blog.malwarebytes.org/fraud-scam/2015/07/defeating-the-fake-ios-crash-reports/?utm_source=Gplus&utm_medium=social

Para-Noid · « **Reply #3958 on:** August 03, 2015, 07:15:47 PM »

BIND9 – Denial of Service Exploit in the Wild

https://blog.sucuri.net/2015/08/bind9-denial-of-service-exploit-in-the-wild.html?utm_campaign=BIND9%20%E2%80%93%20Denial%20of%20Service%20Exploit%20in%20the%20Wild%20Blogpost&utm_medium=social&utm_source=googleplus

polonus · « **Reply #3959 on:** August 03, 2015, 09:36:00 PM »

Cybercriminals planning future atatcks preying on existing vulnerabilities:
http://www.net-security.org/secworld.php?id=18691
For instance: https://isc.sans.edu/forums/diary/Worm+Backdoors+and+Secures+QNAP+Network+Storage+Devices/19061
Shellshock or Bashdoor: https://en.wikipedia.org/wiki/Shellshock_(software_bug)
Reconnaissance attack tools: http://www.sans.org/reading-room/whitepapers/tools/tools-tools-tools-406
(P.S. Use of such tools could be offensive, restricted and under circumstances illegal - )

polonus