SECURITY WARNINGS & Notices - Please post them here

[Pondus]

Lenovo Wasn't Paying Attention: 750,000 Laptops Had Spyware
https://www.inverse.com/article/36136-lenovo-settles-spyware-laptop-case-ftc-32-states

[DavidR]

Lenovo Wasn't Paying Attention: 750,000 Laptops Had Spyware
https://www.inverse.com/article/36136-lenovo-settles-spyware-laptop-case-ftc-32-states

But they already have form for that going back a few years, at that point I was looking for a new laptop and Lenovo was certainly something I was looking at based on value for money.  After the revelation, the Lenovo name went off my radar, trust once lost is very hard to regain.

[bob3160]

I have a Lenovo but the model isn't on the list of affected computers.
Excellent computer at a very reasonable price.

[Pondus]

Microsoft Office Zero-Day Vulnerability Addressed in September Patch Tuesday
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-office-zero-day-vulnerability-addressed-september-patch-tuesday/

[polonus]

Thanks, Pondus, for the "heads-up" on this one. Hope everyone will be so wise to patch immediately.

Another thing, stay away from url-shorteners or use them wisely, as they were used in this Linkedln-phishing-campaign:
https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/

URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome. In this attack, the perpetrators are abusing both -
 ow.ly and a free hosting provider (-gdk.mx) to redirect to the phishing page, itself hosted on a hacked website.

polonus aka Damian

[bob3160]

Thanks, Pondus, for the "heads-up" on this one. Hope everyone will be so wise to patch immediately.

Another thing, stay away from url-shorteners or use them wisely, as they were used in this Linkedln-phishing-campaign:
https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/

URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome. In this attack, the perpetrators are abusing both -
 ow.ly and a free hosting provider (-gdk.mx) to redirect to the phishing page, itself hosted on a hacked website.
[-quote]

polonus aka Damian

It also depends on Who is using that shortened link. and if you trust that site and or that person posting the link.
If you aren't sure, it isn't hard to use a tool that shows the actual URL which can always be checked for malicious content.

[polonus]

Backdoor in Word Press plug-in  Display Widgets abused: https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/

polonus

[Be Secure]

Malvertising Campaign Mines Cryptocurrency Right in Your Browser
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people's browsers, without their knowledge.

https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/

[ehmen]

Adware Installs InfoStealer Trojan that it loads via Chrome DLL Hijacking
https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/

[REDACTED]

CCleaner Compromised to Distribute Malware for Almost a Month

https://www.bleepingcomputer.com/news/security/ccleaner-compromised-to-distribute-malware-for-almost-a-month/

https://forum.piriform.com/index.php?showtopic=48868

 https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

[REDACTED]

CCleaner Compromised to Distribute Malware for Almost a Month

https://www.bleepingcomputer.com/news/security/ccleaner-compromised-to-distribute-malware-for-almost-a-month/

https://forum.piriform.com/index.php?showtopic=48868

 https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

HOLY MOLY! CCleaner is a very popular tool, used by many, properly also in here. Distribution of a malicious version for over a month, is a very serious issue.

Since CCleaner is now owned by Avast, I expect Avast to follow this up with a tool that can detect, remove and rapport of this infection. A tool which can be run manually, but also deployed via network.

Get cracking Avast, you have some serious cleaning up to do.

[polonus]

Well this is where the blame actually should go, the creators of a fake Windows  update,
infecting with trojan/win32-floxif-a.

Best removal if affected is restoring your system to a previous state before the infection took place.
Also remember for the free version of CCleaner, a manual update is needed.

So in the future always run your OS as user, not as admin, and have back-ups always.

polonus

[Pondus]

Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-pushed-alongside-fakeglobe-upgraded-spam-campaigns/



=======================================================
In the specific campaigns discussed below, both Locky and the ransomware FakeGlobe were being distributed—but the two were rotated. The cybercriminals behind the campaign designed it so that clicking on a link from the spam email might deliver Locky one hour, and then FakeGlobe the next. This makes re-infection a distinct possibility, as victims infected with one ransomware are still vulnerable to the next one in the rotation.
=======================================================

[polonus]

Another mobile anti-virus app did not protect but infect: https://blog.checkpoint.com/2017/09/18/does-your-mobile-anti-virus-app-protect-or-infect-you/

Who, what and where can you fully trust in the digital infrastructure any longer, when the going gets narrow.

polonus

[bob3160]

Another mobile anti-virus app did not protect but infect: https://blog.checkpoint.com/2017/09/18/does-your-mobile-anti-virus-app-protect-or-infect-you/

Who, what and where can you fully trust in the digital infrastructure any longer, when the going gets narrow.

polonus

1st tip, don't use what you don't know. 2nd tip even if you know the company, do a bit of investigating before installing.
3rd tip always back up what you can't afford to lose. Nothing is ever 100% so you need a way back if what you depend on to keep
you safe, fails.