SECURITY WARNINGS & Notices - Please post them here

[SpeedyPC]

Beware of Tech Support Impersonators
https://blog.malwarebytes.org/fraud-scam/2015/10/beware-of-tech-support-impersonators/?utm_source=twitter&utm_medium=social

[schmidthouse]

Beware of Tech Support Impersonators
https://blog.malwarebytes.org/fraud-scam/2015/10/beware-of-tech-support-impersonators/?utm_source=twitter&utm_medium=social

After reading that article, it all sounded very familiar.

[Para-Noid]

Beware of Tech Support Impersonators
https://blog.malwarebytes.org/fraud-scam/2015/10/beware-of-tech-support-impersonators/?utm_source=twitter&utm_medium=social

After reading that article, it all sounded very familiar.

I wonder where you got that idea. 

[Para-Noid]

Malvertising Campaign Targets Top Spanish Torrent Sites

https://blog.malwarebytes.org/malvertising-2/2015/10/malvertising-campaign-targets-top-spanish-torrent-sites/?utm_source=Gplus&utm_medium=social

Video Saver PUP Blocks You From Changing Your Default Browser

https://blog.malwarebytes.org/security-threat/2015/10/video-saver-pup-blocks-you-from-changing-your-default-browser/?utm_source=Gplus&utm_medium=social

Bypassing Apple’s Gatekeeper

https://blog.malwarebytes.org/mac/2015/10/bypassing-apples-gatekeeper/?utm_source=Gplus&utm_medium=social

Notes from the Lab

http://labs.sucuri.net/?note=2015-10-05&utm_campaign=Malware%20in%20comments%20Note&utm_medium=social&utm_source=googleplus

Phishing for Anonymous Alligators

https://blog.sucuri.net/2015/10/phishing-for-anonymous-alligators.html?utm_campaign=Phishing%20for%20Anonymous%20Alligators%20blogpost&utm_medium=social&utm_source=googleplus

[Pondus]

Finds Angler servers at a Dallas hosting provider during research
http://www.networkworld.com/article/2989827/security/cisco-disrupts-60m-ransomware-biz.html?phint=newt%3Dnetworkworld_daily_news_alert&phint=idg_eid%3D52948c736ecce9e676edc4c93f707d83#tk.NWWNLE_nlt_daily_am_2015-10-07

[abruptum]

Mozilla announces the end of NPAPI plugins in Firefox

  http://www.ghacks.net/2015/10/08/mozilla-announces-the-end-of-npapi-plugins-in-firefox/

[polonus]

SHA-1-algorithm should be phased out earlier according to Dutch, French and Singapore researchers.
Read here in a a joint press release from: Centrum Wiskunde & Informatica (CWI) in the Netherlands, Inria in France and Nanyang Technological University in Singapore (NTU Singapore):
http://www.cwi.nl/news/2015/researchers-urge-industry-standard-sha-1-should-be-retracted-sooner

polonus

[Asyn]

Chinese Hackers Breached LoopPay, Whose Tech Is Central to Samsung Pay
http://www.nytimes.com/2015/10/08/technology/chinese-hackers-breached-looppay-a-contributor-to-samsung-pay.html
http://global.samsungtomorrow.com/samsung-pay-is-safe-secure-and-works-almost-anywhere-you-can-swipe-or-tap-a-card-today/

[polonus]

Vulnerable Netgear Router hack, article author Michael Mimoso: https://threatpost.com/disclosed-netgear-router-vulnerability-under-attack/114960/
Hack took place mainly from malservers inside USA and victims were mainly US users. Pression upgeared on Netgear to patch!
Action going to take the attack server(s) down.
Netgear-routers with router-firmware: N300_1.1.0.31_1.0.1.img en N300-1.1.0.28_1.0.1.img are vulnerable to such attack,
like used for WNR1000v4 Router.

polonus

[Para-Noid]

“GTA V for Mobile” Sites Lead to Surveys

https://blog.malwarebytes.org/online-security/2015/10/gta-v-for-mobile-sites-lead-to-surveys/?utm_source=Gplus&utm_medium=social

Brute Force Amplification Attacks Against WordPress XMLRPC

https://blog.sucuri.net/2015/10/brute-force-amplification-attacks-against-wordpress-xmlrpc.html?utm_campaign=Brute%20Force%20Amplification%20Attacks%20Against%20WordPress%20XMLRPC%20blogpost&utm_medium=social&utm_source=googleplus

[Para-Noid]

Tech Support Scam Asks for Passkey

https://blog.malwarebytes.org/fraud-scam/2015/10/tech-support-scam-asks-for-passkey/?utm_source=Gplus&utm_medium=social

SHA1 algorithm securing e-commerce and software could break by year’s end

http://arstechnica.com/security/2015/10/sha1-crypto-algorithm-securing-internet-could-break-by-years-end/?utm_campaign=External%3A%20SHA1%20algorithm%20securing%20e-commerce%20and%20software%20could%20break%20by%20year%E2%80%99s%20end&utm_medium=social&utm_source=googleplus

Security Tips & Tricks for the iPhone 6s/6s Plus

https://blog.malwarebytes.org/mobile-2/2015/10/security-tips-tricks-for-the-iphone-6s6s-plus/?utm_source=Gplus&utm_medium=social

We as a forum community know and learn about security issues.
It's the average user who don't have a clue that will wonder "what happened?".
The main security issue is PEBKAC.

[polonus]

Here we go again, once more mal-ads on Kickass Torrents
Reported here: https://www.google.com/safebrowsing/diagnostic?site=http%3A%2F%2Fkat.cr%2F&client=googlechrome&hl=en-US  abuse was reported by Google Safebrowsing research!
Users of firefox and Google Chrome browsers are being protected as by default as kat.cr is blocked.

And yes again sloppy cheap bulk-hoster, GoDaddy, at the core of this abuse: https://urlquery.net/report.php?id=1444570618399
where allegedly Rip van Winkle has an IT job now  : http://sitevet.com/db/asn/AS26496  with 10500 blacklisted URLs hosted.

polonus (volunteer website security analyst and website error-hunter)

[Asyn]

Dow Jones & Company Inc. Data Leak
http://s.wsj.net/message/dowjonesletter-20151009.pdf

[polonus]

Obvious browser security mistakes often made:

Having multiple tabs opened in the web browser with mixed secure and insecure sites.
For example dont login in to your secure forum account here, when you simultaneously visit a torrent site.

polonus

[bob3160]

Obvious browser security mistakes often made:

Having multiple tabs opened in the web browser with mixed secure and insecure sites.
For example dont login in to your secure forum account here, when you simultaneously visit a torrent site.

polonus

Who visits torrent sites