Author Topic: SECURITY WARNINGS & Notices - Please post them here (Read 2904933 times)

Asyn · « **Reply #5175 on:** March 24, 2017, 06:17:31 PM »

Quote from: polonus on March 24, 2017, 06:13:26 PM

GoDaddy acquires Sucuri's. Often the claims that websites were fully secured seemed not quite appropriate.

Will Sucuri offer similar services in the future, like they did in the past, seems to be seen.

polonus

More here: https://blog.sucuri.net/2017/03/godaddy-sucuri-building-a-security-platform-for-every-website-owner.html

Pondus · « **Reply #5176 on:** March 24, 2017, 11:28:44 PM »

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates
http://thehackernews.com/2017/03/google-invalidate-symantec-certs.html

bob3160 · « **Reply #5177 on:** March 24, 2017, 11:30:56 PM »

Quote from: Pondus on March 24, 2017, 11:28:44 PM

Google Chrome to Distrust Symantec SSLs for Mis-issuing 30,000 EV Certificates
http://thehackernews.com/2017/03/google-invalidate-symantec-certs.html

Good for Avast

They might get a few more customers.

polonus · « **Reply #5178 on:** March 24, 2017, 11:59:45 PM »

Man in the Middle Strategies either by AV or Google for that matter are never advancing security. And root-certificated as such is 'bad practice" period.

As Google rules the market with Google Analytics and Adsense on almost all and every website, they now may have planned this well in advance to have a gigantic advantage. Bye bye Let's Encrypt etc. Now we may see why they started the HTTPS Everywhere strategy.
Their schemes may enhance CA security as a rule, but it also certainly will pay off for them grand scale.

Microsoft was also continuously not following protocol guidelines, just bending the rules everywhere to what suited their policies and monopolistic schemes best.

polonus

polonus · « **Reply #5179 on:** March 27, 2017, 06:00:02 PM »

Do not use it for the time being, LastPass, they keep finding holes in it!

I wonder if it ever was really secure: https://twitter.com/taviso/status/844312124541186048
and https://blog.lastpass.com/2017/03/security-update-for-the-lastpass-extension.html/

Use a piece of paper and some terrible handwriting?

polonus

mchain · « **Reply #5180 on:** March 28, 2017, 07:21:13 AM »

Or use an enigma machine

Pondus · « **Reply #5181 on:** March 28, 2017, 01:28:36 PM »

Cerber Starts Evading Machine Learning
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-starts-evading-machine-learning/

TrueIndian · « **Reply #5182 on:** March 28, 2017, 02:01:55 PM »

Quote from: Pondus on March 28, 2017, 01:28:36 PM

Cerber Starts Evading Machine Learning
http://blog.trendmicro.com/trendlabs-security-intelligence/cerber-starts-evading-machine-learning/

FYI guys,had already discussed about the Dropbox abuse with some of the avast analysts a month ago and they came up with a solution.

Dropbox links like this is detected by avast as JS:RansomDownloader-B[Trj] even if avast doesn't see it on virus total we actually are being potected I can assure that since I have seen such links this week that were missed on VT whereas when I tried downloading it,avast was stopping it.

This is old news actually :slowpokes: probably another PR nonsense for a attack that is almost a month old.

Still interesting read as this is essentially the js download from Dropbox is a downloader that downloads a binary.So if you detect the dropped binary it's game over and there is where machine learning comes in.

Pondus · « **Reply #5183 on:** March 28, 2017, 02:14:29 PM »

Quote

Still interesting read as this is quite misleading... essentially the js download from Dropbox is a downloader that downloads a binary.So if you detect the dropped binary it's game over and there is where machine learning comes in.

That is explained there

Quote

This is old news actually :slowpokes: probably another PR nonsense for a attack that is almost a month old.

If so then all AV vendors do it

And somone need to take the time to analyse and write this, that is not done the same day as they see a thing like this

polonus · « **Reply #5184 on:** March 28, 2017, 02:23:02 PM »

Hi Pondus,

And they 'play'/run the same old working exploits with little variants on the main theme over and over again.
Just like putting a wooden block into a grinding organ and you get the tune you want.
They do not have to write that stack over and over again, just adjust it....

polonus

TrueIndian · « **Reply #5185 on:** March 28, 2017, 04:39:29 PM »

The infection isn't exactly bypassing the machine learning.Of course the downloader is part is just a addition to the infection chain but I think Av's will detect the downloaded binaries in some way at least avast does.

Let me know your thoughts.

Best,
TI

Pondus · « **Reply #5186 on:** March 28, 2017, 05:12:38 PM »

Quote from: TrueIndian on March 28, 2017, 04:39:29 PM

The infection isn't exactly bypassing the machine learning.Of course the downloader is part is just a addition to the infection chain but I think Av's will detect the downloaded binaries in some way at least avast does.

Let me know your thoughts.

Best,
TI

Quote

Machine Learning and Evasion

As a threat, Cerber has already been blocked by earlier advances in security solutions. Running Cerber in a normal process (as done by the loader) can help evade behavioral monitoring, but why go to the trouble of repackaging Cerber and using a separate loader? Earlier versions of Cerber already had a code injection routine which could mimic that particular behavior, so why was the separate loader necessary?

The answer lies in the adoption of the security industry of machine learning solutions. The industry has created features to proactively detect malicious files based on features instead of signatures. The new packaging and loading mechanism employed by Cerber can cause problems for static machine learning approaches–i.e, methods that analyze a file without any execution or emulation.

Self-extracting files and simple, straightforward files could pose a problem for static machine learning file detection. All self-extracting files may look similar by structure, regardless of the content. Unpacked binaries with limited features may not look malicious either. In other words, the way Cerber is packaged could be said to be designed to evade machine learning file detection. For every new malware detection technique, an equivalent evasion technique is created out of necessity.

This new evasion technique does not defeat an anti-malware approach that uses multiple layers of protection. Cerber has its weaknesses against other techniques. For instance, having an unpacked .DLL file will make it easy to create a one-to-many pattern; alternately having a set structure within an archive will make it easier to identify if a package is suspicious. Solutions that rely on a variety of techniques, and are not overly reliant on machine learning, can still protect customers against these threats.

TrueIndian · « **Reply #5187 on:** March 28, 2017, 08:29:54 PM »

That is what I said they don't exactly bypass the machine learning so the title of the blog post is kind of misleading and self contradictory. You are right with the highlighted statements of course

Pondus · « **Reply #5188 on:** March 28, 2017, 08:34:13 PM »

Quote from: TrueIndian on March 28, 2017, 08:29:54 PM

That is what I said they don't exactly bypass the machine learning so the title of the blog post is kind of misleading and self contradictory. You are right with the highlighted statements of course

It could be (meaning) it is dependent on AV product?

TrueIndian · « **Reply #5189 on:** March 28, 2017, 08:41:59 PM »

Quote from: Pondus

It could be (meaning) it is dependent on AV product?

Of course yes.... in this case not avast (at least this time) thanks to the improvements on the back end and their lab.

Most AV's are not traditional anymore.
Antivirus is Evolving and will be Evolving forever.