Page 20 of 44 FirstFirst ... 10121314151617181920212223242526272830 ... LastLast
Results 476 to 500 of 1081
  1. #476
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet.
    The disruption is the culmination of a journey that started in December 2015, when the Microsoft Windows Defender research team and DCU activated a Coordinated Malware Eradication (CME) campaign for Gamarue. In partnership with internet security firm ESET, we performed in-depth research into the Gamarue malware and its infrastructure.
    Our analysis of more than 44,000 malware samples uncovered Gamarue’s sprawling infrastructure. We provided detailed information about that infrastructure to law enforcement agencies around the world, including:

    • 1,214 domains and IP addresses of the botnet’s command and control servers
    • 464 distinct botnets
    • More than 80 associated malware families

    The coordinated global operation resulted in the takedown of the botnet’s servers, disrupting one of the largest malware operations in the world. Since 2011, Gamarue has been distributing a plethora of other threats, including:



    A global malware operation

    For the past six years, Gamarue has been a very active malware operation that, until the takedown, showed no signs of slowing down. Windows Defender telemetry in the last six months shows Gamarue’s global prevalence.

    *** The Security News Thread  ***-gamarue-geo-chart-jpg

    https://blogs.technet.microsoft.com/...rue-andromeda/
    Attached Thumbnails Attached Thumbnails *** The Security News Thread  ***-gamarue-geo-chart-jpg  

  2. #477
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    A lot of ISPs dish out Huawei routers, sometimes rebadged, since they're cheap shit.

    Attackers have used an advanced new strain of the Mirai Internet-of-things malware to quietly amass an army of 100,000 home routers that could be used at any moment to wage Internet-paralyzing attacks, a researcher warned Monday.


    Botnet operators have been regularly releasing new versions of Mirai since the source code was openly published 14 months ago. Usually, the new versions contain minor tweaks, many of which contain amateur mistakes that prevent the new releases from having the punch of the original Mirai, which played a key role in a series of distributed denial-of-service attacks that debilitated or temporarily took down Twitter, GitHub, the PlayStation Network and other key Internet services.


    What sets this latest variant apart is its ability to exploit a recently discovered zeroday vulnerability to infect two widely used lines of home and small-office routers even when they're secured with strong passwords or have remote administration turned off altogether, Dale Drew, chief security strategist at broadband Internet provider CenturyLink, told Ars. One of the affected Huawei devices is the EchoLife Home Gateway, and the other is the Huawei Home Gateway. Roughly 90,000 of the 100,000 newly infected devices are one of the two Huawei router models. The new malware also has a dictionary of 65,000 username and password combinations to try against other types of devices.


    "It's a pretty sophisticated approach," Drew told Ars on Monday. The unknown operator "has a pretty significant scanning army right now where he's adding more and more vectors to his IoT pool."
    Up until now, Mirai has preyed on routers that are configured to be administered over the Internet using default passwords. In October, researchers documented a new IoT botnet dubbed Reaper. It was novel because it infected devices by exploiting remote code-execution vulnerabilities. The new Mirai strain takes the same approach.


    In the almost two weeks since the new botnet came to light, the operator has done little more than use the infected devices to scan the Internet for more vulnerable devices and then infect them. Drew warned that the operator could use the compromised devices at any time to wage crippling DDoS attacks, possibly as a fee-based service aimed at people who want to settle personal scores or extort money from online services. The botnet is the same one researchers from China-based Netlab 360 documented last week.


    Security professionals were able to seize the two domain names used to control the botnet, but Drew said the operator has since managed to regain control of the infected devices using new command and control channels. While Level 3, the backbone provider that was recently purchased by CenturyLink, is using its network to block control server communications with infected devices, there are plenty of networks that still allow the botnet to operate freely. Drew said for the time being, security professionals have few options other than to closely monitor the botnet and block any new control channels it may use.


    "The scary story is we have botnet operators desperately trying to get access to nodes numbered in the hundreds of thousands if not millions," he said. "We've always said it takes a village to protect the Internet. When we find a bad guy we're getting that information sinkholed and blocked much more quickly."

    https://arstechnica.com/information-...e-at-any-time/

  3. #478
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 06:42 AM
    Posts
    24,760
    If you are using the modem in bridge mode controlled by your own router it makes no difference what insecure firmware is running on their device

  4. #479
    I'm in Jail

    Join Date
    Mar 2010
    Last Online
    14-12-2023 @ 11:54 AM
    Location
    Australia
    Posts
    13,986
    I have a Huawei router. And it's a Home Gateway....dammit !

  5. #480
    Thailand Expat
    Join Date
    Oct 2015
    Last Online
    16-07-2021 @ 10:31 PM
    Posts
    14,636
    Huawei, sounds like a brand Harry would use

    NETGEAR are for real players

  6. #481
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    And along comes Buttplug to demonstrate once again that he hasn't got a fucking clue.



    Hey Buttplug, tell us which Netgear you are using...

  7. #482
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by baldrick View Post
    If you are using the modem in bridge mode controlled by your own router it makes no difference what insecure firmware is running on their device
    But if they can take control of the device they can change the operating mode, no?

  8. #483
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    HP laptops found to have hidden keylogger


    Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.
    Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
    HP said more than 460 models of laptop were affected by the "potential security vulnerability".
    It has issued a software patch for its customers to remove the keylogger.
    The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012.
    In a statement, the company said: "HP uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."
    'Loss of confidentiality'

    Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop.
    He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.
    According to HP, it was originally built into the Synaptics software to help debug errors.
    It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
    In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.
    At the time, the company said the keylogger code had been mistakenly added to the software.

    HP laptops found to have hidden keylogger - BBC News


    Added:


    HP computer owners out there will probably want to check out HP’s support document
    at this link, and apply the patch that removes the keylogger.

  9. #484
    Thailand Expat
    Join Date
    Oct 2015
    Last Online
    16-07-2021 @ 10:31 PM
    Posts
    14,636
    Quote Originally Posted by harrybarracuda View Post
    HP has issued a full list of affected devices, dating back to 2012.
    great, I am safe, mine is from 2002

  10. #485
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 06:42 AM
    Posts
    24,760
    Quote Originally Posted by harrybarracuda View Post
    But if they can take control of the device they can change the operating mode, no?
    But then where are they? Stop the communication only. Unless your firmware is exploitable they can't go anywhere

  11. #486
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by baldrick View Post
    But then where are they? Stop the communication only. Unless your firmware is exploitable they can't go anywhere

    Erm....


    exploit a recently discovered zero day vulnerability to infect two widely used lines of home and small-office routers even when they're secured with strong passwords or have remote administration turned off altogether
    https://www.checkpoint.com/defense/a...2017-1016.html

  12. #487
    Thailand Expat
    Join Date
    Oct 2015
    Last Online
    16-07-2021 @ 10:31 PM
    Posts
    14,636
    Quote Originally Posted by baldrick View Post
    But then where are they? Stop the communication only. Unless your firmware is exploitable they can't go anywhere
    hello earth ??? your brain is getting full of Bitcoin non-sense, full of hot air that is going to toast your ASIC implant

  13. #488
    Thailand Expat
    Join Date
    Oct 2015
    Last Online
    16-07-2021 @ 10:31 PM
    Posts
    14,636
    Quote Originally Posted by harrybarracuda View Post
    He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.
    so a lot of noise about nothing, and hackers have better targets with all the holes in Win10, Chrome etc...

  14. #489
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    There's always the sound of witless babbling whenever Buttplug arrives.

    He's not very bright you know.


  15. #490
    Thailand Expat raycarey's Avatar
    Join Date
    Jan 2006
    Last Online
    @
    Posts
    15,054
    the .exe file for removing the keylogger from my wife's HP laptop is 181 MB.


  16. #491
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by raycarey View Post
    the .exe file for removing the keylogger from my wife's HP laptop is 181 MB.

    Are you on dialup?

  17. #492
    Thailand Expat
    Join Date
    Oct 2015
    Last Online
    16-07-2021 @ 10:31 PM
    Posts
    14,636
    Quote Originally Posted by raycarey View Post
    the .exe file for removing the keylogger from my wife's HP laptop is 181 MB.

    181MB or 181,000 Bytes

    do a screenshot

  18. #493
    Thailand Expat raycarey's Avatar
    Join Date
    Jan 2006
    Last Online
    @
    Posts
    15,054
    Quote Originally Posted by harrybarracuda View Post
    Are you on dialup?




    why would a software removal file need to be that large? especially when it's their software?

  19. #494
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by raycarey View Post




    why would a software removal file need to be that large? especially when it's their software?
    It's not a removal tool.

    It's a complete set of Synaptics drivers.

  20. #495
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 06:42 AM
    Posts
    24,760
    Quote Originally Posted by harrybarracuda View Post
    exploit a recently discovered zero day vulnerability to infect two widely used lines of home and small-office routers
    only if you have manufacturers firmware on your machine

    it is not a hardware 0 day

  21. #496
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Quote Originally Posted by baldrick View Post
    only if you have manufacturers firmware on your machine

    it is not a hardware 0 day
    Now you're just being obtuse.

    99.99+% of routers have the manufacturers firmware on them.

  22. #497
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    File With 1.4 Billion Hacked And Leaked Passwords Found On The Dark Web


    There have been numerous high-profile breaches involving popular websites and online services in recent years, and it's very likely that some of your accounts have been impacted. It's also likely that your credentials are listed in a massive file that's floating around the Dark Web.

    Security researchers at 4iQ spend their days monitoring various Dark Web sites, hacker forums, and online black markets for leaked and stolen data. Their most recent find: a 41-gigabyte file that contains a staggering 1.4 billion username and passwordcombinations. The sheer volume of records is frightening enough, but there's more.
    All of the records are in plain text. 4iQ notes that around 14% of the passwords -- nearly 200 million -- included had not been circulated in the clear. All the resource-intensive decryption has already been done with this particular file, however. Anyone who wants to can simply open it up, do a quick search, and start trying to log into other people's accounts.


    Everything is neatly organized and alphabetized, too, so it's ready for would-be hackers to pump into so-called "credential stuffing" apps
    Where did the 1.4 billion records come from? The data is not from a single incident. The usernames and passwords have been collected from a number of different sources. 4iQ's screenshot shows dumps from Netflix, Last.FM, LinkedIn, MySpace, dating site Zoosk, adult website YouPorn, as well as popular games like Minecraft and Runescape.
    Some of these breaches happened quite a while ago and the stolen or leaked passwords have been circulating for some time. That doesn't make the data any less useful to cybercriminals. Because people tend to re-use their passwords -- and because many don't react quickly to breach notifications -- a good number of these credentials are likely to still be valid. If not on the site that was originally compromised, then at another one where the same person created an account.

    Part of the problem is that we often treat online accounts "throwaways." We create them without giving much thought to how an attacker could use information in that account -- which we don't care about -- to comprise one that we do care about. In this day and age, we can't afford to do that. We need to prepare for the worst every time we sign up for another service or site.

    https://www.forbes.com/sites/fidelit.../#15ca907c3f5c




  23. #498
    Thailand Expat
    Join Date
    Oct 2015
    Last Online
    16-07-2021 @ 10:31 PM
    Posts
    14,636
    Quote Originally Posted by harrybarracuda View Post
    adult website YouPorn
    fuck, that's me fucked then

    thank god I only use "password" for my password on those websites

  24. #499
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    There have been at least 360,000 new malicious files detected every day in 2017—an 11.5% increase from the previous year.

    According to Kaspersky Lab’s Number of the Year for 2017, a number of these new malicious files (processed by the company’s in-lab detection technologies) fall into the malware category (78%); however, viruses still account for 14% of daily detections. The remaining files are advertising software (8%).

    This growth is having an effect at large: Kaspersky found that 29.4% of user computers encountered an online malware attack at least once over the course of the year; and 22% of user computers were subjected to advertising programs and their components.


    Other interesting data points in the report include the fact that viruses significantly dropped in prevalence five to seven years ago, due to their complex development and low efficiency, Kaspersky said. However, a modicum of development still keeps chugging along as the 14% figure illustrates.


    The reasons behind the growth are myriad: The explosive increase in ransomware attacks over the last couple of years is only set to continue, thanks to a growing criminal ecosystem behind this type of threat. Kaspersky said that bad actors are producing hundreds of new samples every day. Aside from that, 2017 also saw a spike in crypto-miners—a class of malware that cyber-criminals have started to use actively. Also, the increase in detections could be attributed to detection technologies getting better, and catching more.


    The number of new malwares was calculated for the first time in 2011, when the total equaled only 70,000. Since then, it has grown five-fold. Also, after a slight decrease in 2015, the number of malicious files detected every day is growing for the second year in a row.


    “In 2015, we witnessed a visible drop in daily detections and started thinking that new malware could be less important for criminals, who may have instead shifted their attention towards reusing old malware,” said Vyacheslav Zakorzhevsky, head of the anti-malware team at
    Kaspersky Lab. “However, over the last two years, the number of new malware we discovered has been growing, which is a sign that interest in creating new malicious code has been revived.”

    https://www.infosecurity-magazine.com/news/360k-new-malware-samples-every-day/



  25. #500
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,555
    Western Digital’s My Cloud Storage Devices Have Hard-Coded Backdoor




    Western Digital’s My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device. Western Digital was told about the vulnerabilities last year but has yet to patch many devices.
    A Western Digital My Cloud NAS starts at less than $200 for a few terabytes with a single disk. It goes up to about $700 in the largest 16TB dual-drive system. Then there are the My Cloud EX series devices, which are more like a traditional NAS with user-accessible drive bays. These might cost well over $1,000 once equipped with drives. The majority of Western Digital’s network storage products are affected by the vulnerability.
    According to researchers at GulfTech, WD’s NAS boxes use a broken security model that allows remote attackers to upload files and gain root access, but that’s not all. There’s also a hard-coded backdoor that could allow anyone to access your files. It’s really a mess.
    The My Cloud devices are designed to be accessible by the owner locally as well as over the internet. It turns out someone else can ping the NAS remotely with a request to upload a file in such a way that the NAS lets them in. The researchers created a proof-of-concept module that can gain root access to the device, potentially allowing access to all the files contained in the NAS.


    Things are made even worse by WD’s inclusion of a hard-coded backdoor. These devices contain an admin username “mydlinkBRionyg” and password “abc12345cba,” allowing anyone to log in remotely. This is hard-coded in the binary, so users cannot change it or revoke access. That makes the buggy code above extremely easy to access. An attacker could even hack the My Clouds on your network by tricking you into visiting a webpage with an embedded iframe that makes the login request.
    GulfTech notified Western Digital of the vulnerabilities in June of last year, and the company requested a 90-day window to push out updates. Many devices still lack updates after six months, so GulfTech published its analysis. As of now, any of the affected models on firmware older than 4.x is vulnerable. If that’s you, it might be smart to disconnect the My Cloud for now, or at least put it someplace in your network where it can’t access the internet.

    https://www.extremetech.com/computin...coded-backdoor



Page 20 of 44 FirstFirst ... 10121314151617181920212223242526272830 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •