SECURITY WARNINGS & Notices - Please post them here

[polonus]

Has the time come to say goodbye to the Ghostery extension?
Ghostery acquired by German firm CLIQZ and Burda (fashion glossy publisher).
Re: https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/
Are they gonna sell your personal Ghostery data to the highest bidder now.
You were the product all the time, did not you realize?

polonus

[bob3160]

Has the time come to say goodbye to the Ghostery extension?
Ghostery acquired by German firm CLIQZ and Burda (fashion glossy publisher).
Re: https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/
Are they gonna sell your personal Ghostery data to the highest bidder now.
You were the product all the time, did not you realize?

polonus

It was recently removed from the list of programs I recommend.
One more good program choosing profit over integrity. 

[DavidR]

Has the time come to say goodbye to the Ghostery extension?
Ghostery acquired by German firm CLIQZ and Burda (fashion glossy publisher).
Re: https://www.ghostery.com/blog/ghostery-news/ghostery-acquired-cliqz/
Are they gonna sell your personal Ghostery data to the highest bidder now.
You were the product all the time, did not you realize?

polonus

Me, I tried it a long time ago but it conflicted with another add-on (I can't recall which) so it became history right then.

[Dwarden]

i would not be worried yet about the Ghostery, the new Company seems to have clean track and it's located in Germany where privacy laws are quite good

[polonus]

Enforce Flash to be updated in Chrome.

You might have updated chrome, still your flashplayer may have an outdated version. You are vulnerable!

You can enforce a Flash update by typing chrome://components in the address bar.
Look in the listing there for Adobe Flash Player and ignore Status - No Update,
but look at the version number.

Anything other than version 24.0.0.221 , and you have to update immediately.

polonus

[bob3160]

Enforce Flash to be updated in Chrome.

You might have updated chrome, still your flashplayer may have an outdated version. You are vulnerable!

You can enforce a Flash update by typing chrome://components in the address bar.
Look in the listing there for Adobe Flash Player and ignore Status - No Update,
but look at the version number.

Anything other than version 24.0.0.221 , and you have to update immediately.

polonus

Unless you're blocking updates, this will auto update. It did for me:

[Be Secure]

The Rise in SSL-based Threats
https://www.zscaler.com/blogs/research/rise-ssl-based-threats-1

[Pondus]

75% of All Ransomware Developed by Russian-Speaking Criminals
https://www.bleepingcomputer.com/news/security/75-percent-of-all-ransomware-developed-by-russian-speaking-criminals/

[Asyn]

Windows gdi32.dll heap-based out-of-bounds reads / memory disclosure in EMR_SETDIBITSTODEVICE and possibly other records
https://bugs.chromium.org/p/project-zero/issues/detail?id=992

[Be Secure]

New TeamSpy Malware Campaign Turns TeamViewer into Spy Tool
http://news.softpedia.com/news/new-teamspy-malware-campaign-turns-teamviewer-into-spy-tool-513115.shtml

[polonus]

Alarm bells should go off on the security and existing vulnerabilities of DNSSEC.

Some banking sites and sites of internet providers haven't got secure DNSSEC implementations or exploitable vulnerabilities.

Threats of DNSSEC insecurity causes spoofing and redirections (to malcode).

Check your DNSSEC here: https://dnssec-name-and-shame.com/domain
Also:  https://dnssec-debugger.verisignlabs.com/ & here: http://dnsviz.net/
Extension to check websites inside the browser: DNSSEC/TLSA validator: https://www.dnssec-validator.cz/

polonus

[Be Secure]

Unstoppable JavaScript Attack Helps Ad Fraud, Tech Support Scams, 0-Day Attacks

https://www.bleepingcomputer.com/news/security/unstoppable-javascript-attack-helps-ad-fraud-tech-support-scams-0-day-attacks/

[Asyn]

Microsoft Security Bulletin MS17-005 - Critical
Security Update for Adobe Flash Player (4010250)
https://technet.microsoft.com/library/security/ms17-005.aspx

[ehmen]

Smartphone users should stay safe from QRishing scams
http://www.thewindowsclub.com/qrishing-scams-qr-code-smartphone

[Para-Noid]

Rogue Chrome extension pushes tech support scam

https://blog.malwarebytes.com/threat-analysis/2017/02/rogue-chrome-extension-pushes-tech-support-scam/?utm_source=googleplus&utm_medium=social

Too many people just add an extension without doing the necessary research.
Just because an extension look good doesn't mean it is good.
I can't stress and/or say this enough "Look before you leap".