Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2904796 times)

Para-Noid · « **Reply #4155 on:** October 15, 2015, 08:56:24 PM »

New Flash Player Zero-Day in The Wild

https://blog.malwarebytes.org/zero-days/2015/10/new-flash-player-zero-day-in-the-wild/?utm_source=Gplus&utm_medium=social

Stolen 7-zip bundled with adware?

https://blog.malwarebytes.org/online-security/2015/10/stolen-7-zip-bundled-with-adware/?utm_source=Gplus&utm_medium=social

Security Advisory: Stored XSS in Akismet WordPress Plugin

https://blog.sucuri.net/2015/10/security-advisory-stored-xss-in-akismet-wordpress-plugin.html?utm_campaign=External%3A%20Akismet%203.1.5%3A%20Security%20Release&utm_medium=social&utm_source=googleplus

polonus · « **Reply #4156 on:** October 15, 2015, 11:24:11 PM »

Be aware your free download could have come bundled with an unwanted guest, PC Backup.
PCBackup is a misleading program and there has been malware detected inside it.
It can also come installed on your computer by Dell or other computer manufacturers.
Read: http://www.shouldiremoveit.com/MyPC-Backup-19242-program.aspx
Many PC manufacturers have it installed like Dell, Acer, Lenovo.
Go to configuration and uninstall the program. 68% of good people uninstall it!
I just heard from someone that it is a privacy risk, because they have the info you shared with those that installed it,
mail address and who knows what more, so also a privacy injunction there.

polonus

bob3160 · « **Reply #4157 on:** October 15, 2015, 11:49:18 PM »

Quote from: polonus on October 15, 2015, 11:24:11 PM

Be aware your free download could have come bundled with an unwanted guest, PC Backup.
PCBackup is a misleading program and there has been malware detected inside it.
It can also come installed on your computer by Dell or other computer manufacturers.
Read: http://www.shouldiremoveit.com/MyPC-Backup-19242-program.aspx
Many PC manufacturers have it installed like Dell, Acer, Lenovo.
Go to configuration and uninstall the program. 68% of good people uninstall it!
I just heard from someone that it is a privacy risk, because they have the info you shared with those that installed it,
mail address and who knows what more, so also a privacy injunction there.

polonus

They already have the information the second you register your product or if bought on line, you also supply that information.

polonus · « **Reply #4158 on:** October 16, 2015, 01:09:17 AM »

Hi bob3160,

Thank you for that info bob, but it is new to me that when you give that info to the computer manufacturer it also gets to all the bundler software firms, How should PCBack up know my mail address (or google all account serves it up to them), we bought something online and they automattically filled out the age of my sprouse

, you cannot have any secrets on the Interwebs anymore

. They could have been somewhat more discrete?

polonus

Asyn · « **Reply #4159 on:** October 16, 2015, 12:05:57 PM »

Quote from: Asyn on October 15, 2015, 10:23:25 AM

New Adobe Flash Zero-Day Used in Pawn Storm Campaign Targeting Foreign Affairs Ministries
http://blog.trendmicro.com/trendlabs-security-intelligence/new-adobe-flash-zero-day-used-in-pawn-storm-campaign/

-> https://helpx.adobe.com/security/products/flash-player/apsa15-05.html

Para-Noid · « **Reply #4160 on:** October 16, 2015, 03:51:07 PM »

Mozilla Add-on guidelines

https://blog.malwarebytes.org/online-security/2015/10/mozilla-add-on-guidelines/?utm_source=Gplus&utm_medium=social

Para-Noid · « **Reply #4161 on:** October 17, 2015, 08:09:13 PM »

New Flash Player Zero-Day in The Wild (updated)

https://blog.malwarebytes.org/zero-days/2015/10/new-flash-player-zero-day-in-the-wild/?utm_source=Gplus&utm_medium=social

eFast browser hijacks file associations

https://blog.malwarebytes.org/online-security/2015/10/efast-browser-hijacks-file-associations/?utm_source=Gplus&utm_medium=social

polonus · « **Reply #4162 on:** October 18, 2015, 04:30:22 PM »

Sinkholed domain returned from the graveyard to serve in ad-fest:
https://forum.avast.com/index.php?topic=177906.0
So not only parked domains deserve this fate, others also will serve up ads from inside the grave.

polonus

polonus · « **Reply #4163 on:** October 19, 2015, 05:32:08 PM »

One million SSL certificates still using “insecure” SHA-1 algorithm
Read Netcraft's report here: http://news.netcraft.com/archives/2015/10/19/one-million-ssl-certificates-still-using-insecure-sha-1-algorithm.html

polonus

polonus · « **Reply #4164 on:** October 20, 2015, 04:47:54 PM »

Joomla alerts to wait for a critical update soon: https://www.joomla.org/announcements/release-news/5633-important-security-announcement-pre-release.html

polonus

polonus · « **Reply #4165 on:** October 20, 2015, 05:43:27 PM »

Finfisher the spy software of choice for governments to monitor their citizens.
32 governments now known to use this spy software from Germany.
Read this report by Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and Sarah McKune: https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/
After all of the Hack Team hack commotion, governments haven't really shown to act with more caution in this field.

polonus

bob3160 · « **Reply #4166 on:** October 20, 2015, 05:57:15 PM »

Quote from: polonus on October 20, 2015, 05:43:27 PM

Finfisher the spy software of choice for governments to monitor their citizens.
32 governments now known to use this spy software from Germany.
Read this report by Bill Marczak, John Scott-Railton, Adam Senft, Irene Poetranto, and Sarah McKune: https://citizenlab.org/2015/10/mapping-finfishers-continuing-proliferation/
After all of the Hack Team hack commotion, governments haven't really shown to act with more caution in this field.

polonus

What do you expect when the head of the CIA uses a private email hosted at AOL

polonus · « **Reply #4167 on:** October 20, 2015, 06:08:01 PM »

Hi bob3160,

In the example you mention. Isn't it always the lucky that draw the winning card and gets such a job, but there is no guarantee he should also be among the brightest.

On the detection of Finfisher read here: http://www.netmagellan.com/how-i-removed-a-finfisher-finspy-malware-infection-1814.html where a tool by the name of Detekt was used, and another interesting article: https://citizenlab.org/2013/04/for-their-eyes-only-2/

However it seems there is a lot of cloak -and-dagger stories and desinformation spin involved where such spyware is concerned.

Seems social engineering is the main route of infection - this spyware has nothing to do with your usage of firefox. it probably comes with a similar filename/logo/description to trick users into allowing it access through firewalls etc (via e-mail).

So for us all here two golden rules:
1.Always update what you have to update (use Avast Update Tool)), patch what you have to patch.
2.Never fall for social engineering.
This is two things that everyone could/should do to feel better protected.

Damian

polonus · « **Reply #4168 on:** October 21, 2015, 12:31:15 AM »

Is this a right step into the right direction? Large browsers now all to support free SSL-service Let's Encrypt.
Re: https://letsencrypt.org/certificates/
Has any of the parties involved also considered this could be a golden opportunity for cybercriminals, when the client-side software comes backdoored? But again cybercrime could afford fraudulous certs already anyway.
On the other hand you do not want the (backdoored) encryption privilage to be exclusively to be with Governments and Big Corps, do you now?
How much of your freedom will you hand over for more privacy as there always will be some sort of tradeoff somewhere?

polonus

polonus · « **Reply #4169 on:** October 21, 2015, 05:31:19 PM »

New security feature coming to firefox in the soon future: http://thenextweb.com/apps/2015/10/21/firefox-is-testing-marking-any-page-that-sends-passwords-over-http-as-insecure/
I have these warnings already a long time from an extension I work in Google Chrome SaferChrome Security report,
alongside runs Browser JSGuard extension (e.g. supported by the Govnmnt of India), warning me about all sort of redirections, as there are: Hidden iFrame(s) Redirections, UnAuthorized Redirections, Encode javascript, External Domain Requests & Trackers.

polonus