SECURITY WARNINGS & Notices - Please post them here

[polonus]

On the risks from the insider intrusion from within the organization: https://intsights.com/the-dark-webs-increasing-influence-on-insider-risk/ 
info credits go to: Ido Wulkan,  IntSights Head of Intelligence, Herzliya, Il.

pol

[polonus]

Will Word Press CMS ever be secure? I only would like to use it for simple websites with just plain txt.

Being based on PHP (with a very questionable security status) the CMS is highly insecure.
Re: https://blog.sucuri.net/2017/02/wordpress-rest-api-vulnerability-abused-in-defacement-campaigns.html

Also interesting to read: http://unserkaiser.com/blog/2014/02/21/wordpress-password-protected-posts-feature-or-security-leak/


polonus

[Be Secure]

Beware of Cancer trollware, might shut down your favorite AV, too.
https://www.bleepingcomputer.com/news/security/watch-your-computer-go-bonkers-with-cancer-trollware/

[polonus]

Google, Mozilla and Cloudflare complain about AV https interception: https://zakird.com/papers/https_interception.pdf

polonus

[polonus]

From those that report:

"We tested and found that the following products did not intercept TLS
connections: 360 Total, Ahnlabs V3 Internet Security, Avira AV 2016, Comodo
Internet Security, F-Secure Safe, K7 Total Security, Malwarebytes, McAfee
Internet Security, Microsoft Windows Defender, Norton Security, Panda Internet
Security 2016, Security Symantec Endpoint Protection, Tencent PC Manager,
Trend Micro Maximum Security 10, and Webroot SecureAnywhere."

pol

[Dwarden]

also if I read it correctly Avast! was the only product not degrading the TLS / security of connection ...
(tho it had other issues mentioned later in the report)

[=Snake=]

Security vulnerabilities fixed in Firefox 51.0.3
https://www.mozilla.org/en-US/security/advisories/mfsa2017-04/

[Pondus]

New Mac malware detected this week, based on primitive Windows techniques using Word macros
https://9to5mac.com/2017/02/09/new-mac-malware-detected-this-week-based-on-primitive-windows-techniques-using-word-macros/

[polonus]

Protecting your data at border crossing: https://www.zdziarski.com/blog/?p=6918

polonus

[polonus]

Would be interesting to see the differences and discrepances between: https://map.norsecorp.com/#/
and the new http://tld.mcafee.com/

Especially here with Sauron attacks allegedly fitting into the new strategy of alleged Russian cyberthreats:
http://www.telegraph.co.uk/news/2017/02/12/dozens-cyber-attacks-target-heart-government-every-month-gchq/

polonus

[ehmen]

What is Pharming, and (most importantly) how can you prevent it?
http://www.thewindowsclub.com/what-is-pharming

[polonus]

Big issue in Germany now over Firefox Focus collecting and transfering data:
https://www.reddit.com/r/technology/comments/5tmhf4/mozillas_firefox_focus_the_privacy_browser_is/

polonus

[Pondus]

Mirai Widens Distribution with New Trojan that Scans More Ports
http://blog.trendmicro.com/trendlabs-security-intelligence/mirai-widens-distribution-new-trojan-scans-ports/


https://virustotal.com/en/file/2de4851dcaaa4b5ed8421a0c72ceed64497c147d85cbfb1928d6baf7760c0c46/analysis/
https://virustotal.com/en/file/bdad4a77b678fda8328b2fae290e525a553c490214d43df377dbeb3132879673/analysis/
https://virustotal.com/en/file/4856706c088f66965d714fe09af22ee56d84483278582ff3dd8f98bc3c5862ab/analysis/
https://virustotal.com/en/file/2d8cd23e33e56ab396960a0d426c232f6d8905e2ac5833f37c412b699135f6ce/analysis/

[abruptum]

Microsoft Delays This Month’s Security Updates Due to Last-Minute Bug

  http://news.softpedia.com/news/microsoft-delays-this-month-s-security-updates-due-to-last-minute-bug-512937.shtml

[Asyn]

Security updates available for Adobe Flash Player
https://helpx.adobe.com/security/products/flash-player/apsb17-04.html