#  >  > Computers Can Be Fun >  >  > Computer News >  >  *** The Security News Thread  ***

## harrybarracuda

As I was about to post a couple of stories, I thought I might as well start a new thread (it's a bit quiet here).

So if you have stories about newly discovered flaws, exploits, hacks, breaches, etc., please feel free to post them here with the link.

----------


## harrybarracuda

April 11, 2016
Home Routers targeted with DNS malware via mobile devices

Researchers at Trend Micro uncovered a new form of attack exploiting vulnerabilities in a home router.

For the assault to function, a user must use their mobile device to access websites on which sits malicious JavaScript. At that point a second JavaScript will download with DNS changing routines. The infection chain is set in motion by the downloaded JS_JITON script which can infect a mobile device or a modem from several top manufacturers.

Top countries affected are Taiwan, Japan, China, the U.S. and France.

The Trend Micro team explained that the attackers use sophisticated techniques to evade detection, including regularly updating JavaScript codes to amend errors and switching home router targets. The researchers as well saw evidence of keylogging capabilities, but noted that function has since been removed.

They advised users to keep firmware and routers up to date with patches and avoid using default IDs and passwords.

Home Routers targeted with DNS malware via mobile devices - SC Magazine

----------


## harrybarracuda

April 11, 2016
Malware in surveillance cameras sold on Amazon

The Urban Security Group's (USG) Sony Chip HD 6 Camera 1080P PoE IP CCTV surveillance camera kit, sold on Amazon, contains malware in the firmware of its security cameras, a Proctorio security researcher, Mike Olsen, has claimed.

Olsen said the firmware contains malicious iframes that redirect users to Brenz[dot]pl, a site that has been linked to malware distribution, according to an April 9 blog post.

The malicious site was shut down in 2009. However, in 2011 researchers at Sucuri spotted several sites being infected with iframes pointing to the malicious domain.

Olsen told SCMagazine.com via emailed comments although the website currently isn't spreading infections, it looked as though the threat actors could activate it at any point.

He discovered the kit contained malware while probing the system after its interface didn't show any of the normal controls or settings that were available but Olsen wasn't the first to notice a problem with the kit.

Last month, a Whirlpool enthusiast cautioned users in a forum that they came across a version of the camera's firmware which had malware embedded in the HTML pages.

After finding the malware, Olsen said he contacted Amazon who subsequently told him they would contact USG, however as of now neither vendor has taken action yet. The surveillance kit is still available for sale on Amazon.

It's unclear how the kits became infected but Olsen pointed out that the device wasn't delivered directly from China where the product is supposedly made.

Olsen said USG is denying the existence of the malware but nevertheless is offering a solution to "fix" the problem.

SCMagazine.com attempted to contact Amazon, Sony, and USG but has yet to receive comment. 

Malware in surveillance cameras sold on Amazon - SC Magazine

----------


## harrybarracuda

Millions of Firefox users vulnerable to browser extension flaw
by Roland Moore-Colyer
06 Apr 2016

Security researchers have warned that hundreds of popular extensions for the Firefox browser have exposed millions of users to hack attacks.
Researchers from the Northeastern University in Boston discovered a flaw that allows hackers to stealthily execute malicious code hiding behind a seemingly benign extension, such as NoScript and Firebug, and steal data.

The flaw is attributed to a weakness in Firefox’s extension structure, which fails to isolate various browser add-ons. This allows them to connect to the capabilities of other popular third-party extensions.

"These vulnerabilities allow a seemingly innocuous extension to reuse security-critical functionality provided by other legitimate, benign extensions to stealthily launch confused deputy-style attacks," the researchers wrote in a paper presented at Singapore’s Black Hat security conference. 

Hackers could exploit an extension reuse flaw by developing their own add-ons that hide malicious code and tap into the legitimate functions of popular extensions.
Connecting to other legitimate extensions allows hacker-developed add-ons to bypass Firefox’s security checks and extension vetting processes and gain access to a user's machine.

Extensions in the Firefox browser are handled with elevated user privileges, so the hidden malicious code can be used to steal passwords, private browsing data and system resources.

The more privileges a vulnerable extension has, the more scope a hacker has to gain access to data.

The flaw affects extensions with large user bases, such as DownloadHelper, which has over six million users, and NoScript, which has two million, indicating that the scope of the vulnerability is significant.

It is not clear whether the flaw has actually affected any users, as the researchers demonstrated it only as a proof-of-concept. They have supplied the attack framework to Mozilla so that the firm can improve the way it handles security in reviewing extension approvals.

The flaw is likely to be bypassed when Mozilla moves Firefox to its new WebExtensions model that isolates extensions. The company has given developers 18 months to migrate add-ons to the new model before the old extensions are purged. 
Firefox is no stranger to dealing with threats and vulnerabilities, having suffered an attack that stole sensitive information from its Bugzilla account.

Millions of Firefox users vulnerable to browser extension flaw - IT News from V3.co.uk

----------


## harrybarracuda

Panama Papers Breach Reveals Astonishingly Lax Network Security

By Wayne Rash  |  Posted 2016-04-06 

NEWS ANALYSIS: While the vast quantity of information revealed in the breach of the Mossack Fonseca law firm far exceeds the volume taken by Edward Snowden, the main question is how this could happen?

My first reaction after reading accounts about the breach of a vast trove of financial and related information from the Panamanian law firm Mossack Fonseca was to channel John Le Carré and his famed Panamanian tailor/spy Harry Pendel.

However, the reality is much less interesting. The story is actually about a company with third-rate security that gets exploited by a routine hack.

While the details of the attack on Mossack Fonseca haven't been fully revealed, and while there's a great deal of hay being made by newspapers reporting details about prominent people who have offshore financial accounts, the really important story is about what was'’t in the breach. And no, I'm not talking about the puzzling lack of involvement by Americans. What's clearly lacking is even the most basic attempt at protecting the firm's client data.

The firm’s founding partner, Ramon Fonseca, has revealed in an interview with Reuters that the attack that allowed hackers to make off with something over two terabytes of sensitive scans and images along with other information was an external hack. He said that this was not an inside job. That's a surprising confession made only a couple of days after the hack was discovered and after the contents of the firm's files were published far and wide in newspapers and on Websites.

So what really happened? Security experts I've talked to tell me that Mossack Fonseca was almost certainly the victim of a spear-phishing attack, with an email that released malware that opened up access to the firm's network. That would make Fonseca's statement correct, since it doesn't appear that an insider knowingly unleashed the malware or emailed the data to co-conspirators.

But here's where it gets tricky. Even if the attack came from outside, the information on who to target in the attack had to come from somewhere. The fact that the entire digital assets of the firm appear to have been laid bare would indicate that the target had to be someone very senior in the firm, or that the firm simply allowed any employee to look at anything on its servers. So where did the information on employees with privileged access come from?

The chances are very good that the critical information came from inside the firm, perhaps unwittingly. The names of some of the lawyers at the firm can be found on the company's Website with minimal effort. The names of the principals are public, but which of these people to attack? A list of partners with their email addresses could be all that was needed.

Well placed emails were all that was required to carry out the recent spate of CEO spear-phishing attacks that have recently struck companies of all sizes. A senior person at a company gets an email with a plausible request for information that seems to be from someone they know.

The executive provides the requested information and clicks. That's all it takes.
"It's very easy because a lot of companies don't have a lot of security awareness education programs on how to avoid being spear-phished," said Tyler Cohen Wood, a security advisor at Inspired eLearning.

Wood is a former Defense Intelligence Agency senior intelligence officer and cyber-deputy division chief, who has over 16 years working on security issues at the Department of Defense. She said that many breaches can be avoided with some fairly straightforward training in recognizing a spear-phishing attack.

Unfortunately, it doesn't really matter how access was gained because once inside the hackers had their way with the firm's data. Apparently none of it was segmented, none seemed to have access restricted to specific people, none of it was encrypted and apparently nobody was paying attention to the network traffic. How else can you explain how over two terabytes of data was exfiltrated from the company's network with no one noticing?

The theft of so much data could have been enabled by what Wood calls an "unintentional insider," which is someone who provides the critical information for penetrating a network without realizing that they are doing so. She said that such gaps in security can be reduced by appropriate training.

But much of the blame at the firm goes beyond just training employees. Like Target before its breach, apparently there was nothing to prevent someone who had access to the network from getting anywhere on the network they wanted, including some highly sensitive areas that contained the private information of clients.

Worse, there appears to have been nothing in the way of intrusion detection. How else can you explain the ability to move that much data out of a network without anyone noticing? Even if someone had walked into the law firm's office with a portable hard drive and started copying, the process would have taken hours or days. If the breach was done remotely as the firm claims, it could have taken weeks to siphon off all that data.

Regardless of how the perpetrators breached the network, the fact is that lax security practices at Mossack Fonseca must have played a role. Otherwise, even if hackers had managed to get in without assistance, they couldn't have downloaded so much data.

There are important lessons in the Mossack Fonseca breach, not the least of which is to pay more than lip service to security. Even if it's not possible to eliminate all breaches, it's still possible to limit the damage.

Hopefully the firm will take steps to lock things down. And hopefully when all those Icelandic, Russian and Chinese leaders go looking for a private place to shelter the proceeds of their graft, they'll check the service provider's security before they do anything else.

Page 2 - Panama Papers Breach Reveals Astonishingly Lax Network Security

----------


## harrybarracuda

Did you know you can brick an out-of-date iPhone by setting the date back?

http://krebsonsecurity.com/2016/04/n...apple-devices/

----------


## baldrick

harold - you missed patch tuesday for microsoft products

and adobe released some flash player patches which are always of the utmost importance if you allow flash advertisements to display on your browser




> MS16-045 This one will be a major headache for those who run and host virtual machines on Hyper-V. A flaw in the hypervisor could allow a "guest" instance to access the host system and execute code, in addition to infecting the host system or accessing data from other hosted instances.
>     MS16-037 A cumulative update for Internet Explorer that addresses six flaws, including remote code execution vulnerabilities that can be exploited by loading a malicious web page.
>     MS16-038 A cumulative update for the Edge browser that, like the IE fix, patches six vulnerabilities, including remote code execution from malicious web pages.
>     MS16-039 A patch to address a remote code execution flaw present in Windows, .NET Framework, Office, Skype for Business, and Microsoft Lync. According to Microsoft, the vulnerability "could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts."
>     MS16-040 A single flaw in the XML Core Services component in Windows that allows an attacker to take control of a system by convincing the user to click a link "typically by way of an enticement in an email or Instant Messenger message."
>     MS16-041 A remote code execution bug in the .NET Framework that allows an attacker who already has access to the local system to install and execute a malicious application.
>     MS16-042 Four memory corruption vulnerabilities in Office that allow an attacker to remotely execute code by convincing the user to open a malicious Office file. One of the flaws also affects Office for Mac, meaning Apple users will need to patch their software as well.
>     MS16-044 A vulnerability in Windows OLE that allows an attacker to remotely execute code by convincing the target to open "either a specially crafted file or a program from either a webpage or an email message."
>     MS16-046 A flaw in the Windows Secondary Logon that allows an attacker to elevate their user privilege level to Administrator.
> ...

----------


## harrybarracuda

Yeah but that's Swahili to a lot of people. I think it's important to keep it really simple so that people like Albert, ENT and OhOh can understand it.

I'm going for the lowest common denominator.

 :Smile:

----------


## baldrick

> I'm going for the lowest common denominator.


does butters still read this ?   :Smile:

----------


## thaimeme

Security.
For whom?

----------


## thailazer

Ransomware is in the news here in the USA a lot.  Hospitals without backup have had to pay it.  Advice is to have two back ups.

TrendLabs Security Intelligence BlogCERBER: Crypto-ransomware that Speaks, Sold in Russian Underground - TrendLabs Security Intelligence Blog

----------


## harrybarracuda

> Ransomware is in the news here in the USA a lot.  Hospitals without backup have had to pay it.  Advice is to have two back ups.
> 
> TrendLabs Security Intelligence BlogCERBER: Crypto-ransomware that Speaks, Sold in Russian Underground - TrendLabs Security Intelligence Blog


Yeah that popped up in the news too.




> A nasty piece of ransomware that took crypto-extortion to new heights contains a fatal weakness that allows victims to decrypt their data without paying the hefty ransom.
> 
> When it came to light two weeks ago, Petya was notable because it targeted a victim's entire startup drive by rendering its master boot record inoperable. It accomplished this by encrypting the master boot file and displaying a ransom note. As a result, without the decryption password, the infected computer wouldn't boot up, and all files on the startup disk were inaccessible. A master boot record is a special type of boot sector at the very beginning of partitioned hard drive, while a master boot file is a file on NTFS volumes that contains the name, size and location of all other files.
> 
> Petya performs fake CHKDSK, and instead encrypts the master file table on disk.
> Now, someone who goes by the Twitter handle @leostone has devised a tool that generates the password Petya requires to decrypt the master boot file. To use the password generator, victims must remove the startup drive from the infected computer and connect it to a separate Windows computer that's not infected. The victim then extracts data from the hard drive, specifically (1) the base-64-encoded 512 bytes starting at sector 55 (0x37h) with an offset of 0 and (2) the 64-bit-encoded 8-byte nonce from sector 54 (0x36) offset 33 (0x21). By inputting the data into this Web app created by @leostone, the victim can retrieve the password Petya used to decrypt the crucial file.
> 
> Obtaining the hard drive data the Web app needs to derive the password isn't a straight-forward undertaking for many. Fortunately, a separate researcher has developed a free tool called the Petya Sector Extractor that obtains the data in seconds. The app must be run on the computer that's connected to the infected hard drive.
> 
> ...


Experts crack nasty ransomware that took crypto-extortion to new heights | Ars Technica

----------


## harrybarracuda

Chrome Safe Browsing Now Warns Against Fake 'Download' Buttons And Other Deceptive Ads

Michael Crider
14 hours ago



You know those fake "download" buttons you see when you're searching for old Super NES ROMs completely legitimate open-source software? The kind that advertising networks sometimes spit out even on otherwise above-board sites? Yeah, they're awful, and they often link directly to copycat or malicious files. Google hates them as much as you do, and is taking steps to make them less effective. Starting today, Chrome browsers on all platforms will warn visitors to sites with potentially misleading or fake "download" ads.


The new system is an extension of Safe Browsing, that big red web stop sign that sometimes warns you of possible malware, phishing, or legitimate sites that have been compromised. Safe Browsing is used by approximately a billion web users, at least according to Google, so implementing this warning system could have some very wide-reaching effects. We could be so bold as to hope that the jerks who make these fake download ads might try something else, like jumping off the nearest cliff.

The new changes will also apply to those fake "error" or "virus found!" ads and all manner of deceptive social engineering. The addition to the Safe Browsing warnings won't actually block said ads, so you'll still have to be wary on those few occasions when you visit download sites that are less than scrupulous... which you should be doing anyway.

Chrome Safe Browsing Now Warns Against Fake 'Download' Buttons And Other Deceptive Ads

----------


## harrybarracuda

I can't think why anyone would still be running it, but still....





> If you're running Windows, you should probably uninstall QuickTime before you get yelled at by your tech friend — or the U.S. government.
> 
> On Thursday, the U.S. Department of Homeland Security recommended Windows users uninstall QuickTime to avoid cyberattacks.
> 
> That's because Apple is no longer providing security updates for the video player on Windows, according to the security site Trend Micro. The site flagged vulnerabilities in the software. And without updates, those security issues aren't going anywhere.
> 
> Uninstalling QuickTime shouldn't be too much of an inconvenience. As Wired points out, there are plenty of other options for Windows users — which could be one of the reasons Apple might be abandoning the video player for Windows.
> 
> Before you panic, there aren't known active attacks, and the warning does not apply to Mac users.


Department Of Homeland Security Asks People To Uninstall QuickTime - Newsy Story


And there's more:





> Windows users are left stranded and vulnerable from "true" zero-day vulnerabilities, exploits for which there is no patch and none coming either.
> 
> 
> Typically, software vendors provide users with some public direction or announcement on when a product will no longer be supported and reaches its end of life. Apparently, that didn't happen with Apple's QuickTime media player for Windows, which is now at risk from a pair of zero-day vulnerabilities that will not be patched.
> The Zero Day Initiative (ZDI), which is owned by security vendor Trend Micro, issued a pair of security advisories on April 14 warning of zero-day vulnerabilities in Apple's QuickTime for Windows.
> "The vendor has 120 days from notification until we release our advisory," Christopher Budd, global threat communications manager at Trend Micro, told eWEEK. "They can petition for an extension, which will be evaluated on a case-by-case basis."
> Source Incite security researcher Steven Seeley reported the two Apple QuickTime vulnerabilities to ZDI. ZDI, which became part of Trend Micro by way of a $300 million acquisition of TippingPoint from Hewlett Packard Enterprise, is in the business of buying vulnerabilities from security researchers and then responsibly disclosing them to vendors so they can be patched. ZDI is not publicly disclosing what it paid Seeley for the vulnerabilities.
> According to the ZDI's disclosure timeline, it reported the two QuickTime for Windows vulnerabilities to Apple on Nov. 11, 2015, and Apple acknowledged that it received the vulnerability reports the same day. On March 9, 2016, ZDI was on a call with Apple, where it was informed that QuickTime for Windows was going to be deprecated. At that point, ZDI noted that it warned Apple that the two flaws would be considered zero-days.
> Both the ZDI-16-241 and ZDI-16-242 flaws in Apple's QuickTime for Windows are memory heap corruption remote code execution vulnerabilities. "Both vulnerabilities can be exploited by malicious Web pages that the user would have to navigate to," Budd said.
> ...


http://www.eweek.com/security/pair-o...s-at-risk.html

----------


## Neo

In depth low down on ransomware here: OK, panic?newly evolved ransomware is bad news for everyone | Ars Technica

----------


## harrybarracuda

April 13, 2016
Countdown to deletion: Jigsaw ransomware erases files every hour

“Would you like to play a game?” Nope, not this game.

A new ransomware named Jigsaw, inspired by the eponymous character in the Saw horror film franchise, subjects its victims to a countdown clock, deleting files every hour at an escalating rate until a $150 ransom is paid. According to a Bleeping Computer security alert, it's the first time a ransomware has followed through on its threat to not only encrypt, but actually erase content.

The ransomware, whose threat note features an image of the Jigsaw killer's mask, is booby trapped to delete a thousand files at once from a computer if the user attempts to reboot or terminate the process.

Fortunately, there is an escape for Jigsaw's victims: a collective of researchers, including Bleeping Computerowner Lawrence Abrams, researcher Michael Gillespie and the MalwareHunterTeam found a way to neutralize the ransomware with a decryptor program.

Countdown to deletion: Jigsaw ransomware erases files every hour - SC Magazine

----------


## slackula

Newsflash: Absolutely nothing is at risk of cyber-attacks from Buttplug except possibly Buttplug's sanity and let's face it: that was questionable at best to begin with.

This PSA is provided with no warranties imagined or preferred by slackula Heavy Industries™ ®©

----------


## harrybarracuda

> Newsflash: Absolutely nothing is at risk of cyber-attacks from Buttplug except possibly Buttplug's sanity and let's face it: that was questionable at best to begin with.
> 
> This PSA is provided with no warranties imagined or preferred by slackula Heavy Industries ®©


I think Buttplug finally quit because his ipad finally caved in to the deluge of crusted jizz from him watching all that gay porn.

----------


## harrybarracuda

I'm surprised this isn't getting more traction yet.







> Huge phone network security flaw lets anyone bug calls and text messages
> By Chris Smith on Aug 18, 2015 at 12:46 PM
> 
> Spy agencies like the NSA and many others aren’t the only ones able to bug your calls and text messages, a new investigation shows. It turns out that anyone with the right equipment and know-how can tap into a carrier’s phone network to access calls and text messages for without the target’s knowledge.
> 
> The news comes from Australia’s 60 Minutes, which spoke to security researchers who have proven that an SS7 inter-carrier network security flaw lets individuals track your cell phone anywhere in the world, and it can also be used to gain access to phone calls and text messages.
> 
> Anyone with access to a carrier’s phone network would be able to intercept phone calls and text messages, record them, and reroute them to their original destinations, without the cell phone user knowing what’s happening.
> 
> ...


Call and text messages bugging: SS7 hack explained | BGR

----------


## harrybarracuda

More on the Firefox Java namespace fuck up:

NoScript and other popular Firefox add-ons open millions to new attack
Unlike many browsers, Firefox doesn't always isolate an add-on’s functions.

by Dan Goodin - Apr 6, 2016 1:02am AST



NoScript, Firebug, and other popular Firefox add-on extensions are opening millions of end users to a new type of attack that can surreptitiously execute malicious code and steal sensitive data, a team of researchers reported.

The attack is made possible by a lack of isolation in Firefox among various add-ons installed by an end user. The underlying weakness has been described as an extension reuse vulnerability because it allows an attacker-developed add-on to conceal its malicious behavior by invoking the capabilities of other add-ons. Instead of directly causing a computer to visit a booby-trapped website or download malicious files, the add-on exploits vulnerabilities in popular third-party add-ons that allow the same nefarious actions to be carried out. Nine of the top 10 most popular Firefox add-ons contain exploitable vulnerabilities. By piggybacking off the capabilities of trusted third-party add-ons, the malicious add-on faces much better odds of not being detected.

"These vulnerabilities allow a seemingly innocuous extension to reuse security-critical functionality provided by other legitimate, benign extensions to stealthily launch confused deputy-style attacks," the researchers wrote in a paper that was presented last week at the Black Hat security conference in Singapore. "Malicious extensions that utilize this technique would be significantly more difficult to detect by current static or dynamic analysis techniques, or extension vetting procedures."

Of the top 10 most popular add-ons vetted by Mozilla officials and made available on the Mozilla website, only Adblock Plus was found to contain no flaws that could be exploited by a malicious add-on that relied on reuse vulnerabilities. Besides NoScript, Video DownloadHelper, Firebug, Greasemonkey, and FlashGot Mass Down all contained bugs that made it possible for the malicious add-on to execute malicious code. Many of those apps, and many others analyzed in the study, also made it possible to steal browser cookies, control or access a computer's file system, or to open webpages to sites of an attacker's choosing.



The researchers noted that attackers must clear several hurdles for their malicious add-on to succeed. First, someone must go through the trouble of installing the trojanized extension. Second, the computer that downloads it must have enough vulnerable third-party add-ons installed to achieve the attackers' objective. Still, the abundance of vulnerable add-ons makes the odds favor attackers, at least in many scenarios.

In many cases, a single add-on contains all the functionality an attacker add-on needs to cause a computer to open a malicious website. In other cases, the attacker add-on could exploit one third-party add-on to download a malicious file and exploit a second third-party add-on to execute it. In the event that a targeted computer isn't running any third-party add-ons that can be exploited, the attacker-developed add-on can be programmed to provide what's known as a "soft fail" so that the end user has no way of detected an attempted exploit. Here's a diagram showing how the new class of attack works.



"We note that while it is possible to combine multiple extension-reuse vulnerabilities in this way to craft complex attacks, it is often sufficient to use a single vulnerability to successfully launch damaging attacks, making this attack practical even when a very small number of extensions are installed on a system," the researchers wrote. "For example, an attacker can simply redirect a user that visits a certain URL to a phishing website or automatically load a web page containing a drive-by-download exploit."

Proof of concept

The researchers said they developed an add-on containing about 50 lines of code that passed both Mozilla's automated analysis and its full review process. Ostensibly, ValidateThisWebsite—as the add-on was called—analyzed the HTML code of a given website to determine if it was compliant with current standards. Behind the scenes, the add-on made a cross-extension call to NoScript that caused Firefox to open a Web address of the researchers' choosing.

The vulnerability is the result of a lack of add-on isolation in the Firefox extension architecture. By design, Firefox allows all JavaScript extensions installed on a system to share the same JavaScript namespace, which is a digital container of specific identifiers, functions, methods, and other programming features used in a particular set of code. The shared namespace makes it possible for extensions to read from and write to global variables defined by other add-ons, to call or override other global functions, and to modify instantiated objects. The researchers said that a newer form of Firefox extension built on the alternative JetPack foundation theoretically provides the isolation needed to prevent cross-extension calls. In practice, however, JetPack extensions often contain enough non-isolated legacy code to make them vulnerable.

In an e-mail, Firefox's vice president of product issued the following statement:




> The way add-ons are implemented in Firefox today allows for the scenario hypothesized and presented at Black Hat Asia. The method described relies on a popular add-on that is vulnerable to be installed, and then for the add-on that takes advantage of that vulnerability to also be installed.
> 
> Because risks such as this one exist, we are evolving both our core product and our extensions platform to build in greater security. The new set of browser extension APIs that make up WebExtensions, which are available in Firefox today, are inherently more secure than traditional add-ons, and are not vulnerable to the particular attack outlined in the presentation at Black Hat Asia. As part of our electrolysis initiative—our project to introduce multi-process architecture to Firefox later this year—we will start to sandbox Firefox extensions so that they cannot share code.


In the meantime, the researchers said Firefox users would benefit from improvements made to the screening process designed to detect malicious add-ons when they're submitted. To that end, they have developed an application they called CrossFire that automates the process of finding cross-extension vulnerabilities. In their paper, they proposed that it or a similar app be incorporated into the screening process.

"Naturally, we do not intend our work to be interpreted as an attack on the efforts of Firefox's cadre of extension vetters, who have an important and difficult job," the researchers wrote. "However, since the vetting process is the fundamental defense against malicious extensions in the Firefox ecosystem, we believe it is imperative that (i) extension vetters be made aware of the dangers posed by extension-reuse vulnerabilities, and that (ii) tool support be made available to vetters to supplement the manual analyses and testing they perform."

NoScript and other popular Firefox add-ons open millions to new attack | Ars Technica

----------


## pseudolus

wonder how long it will be before the realization occurs to people that all this computer security threats is created by the people who then provide the solutions to it.

----------


## Neo

Car theft in the UK has been reduced by 90% in the last 20 years, car crime now being organised rather than random due to the preventative systems that have been put in place, yet manufacturers are rushing to embrace technology that leaves car security wide open to abuse and even simpler to circumvent than 20 years ago. 

Go figure.

----------


## harrybarracuda

> wonder how long it will be before the realization occurs to people that all this computer security threats is created by the people who then provide the solutions to it.


So please explain how Mozilla benefit from fucking up and then spending countless man hours fixing the problem when the product is free.

You're an idiot.

----------


## Neo

I have no idea what this means.. but it sounds nasty  :Dunno: 

DRAM bitflipping exploits that hijack computers just got easier | Ars Technica

----------


## harrybarracuda

> I have no idea what this means.. but it sounds nasty 
> 
> DRAM bitflipping exploits that hijack computers just got easier | Ars Technica


"Measured concern...."




> The threat posed by Rowhammer is probably at least a few years away from being practical. Still, given recent findings that the bug extends to DDR4 memory, not just DDR3 as previously believed, there's reason for measured concern. Unlike most vulnerabilities, Rowhammer is a physical defect that resides in the hardware itself, so it may not be as easy to fix. While manufacturers are working on measures to prevent Rowhammer attacks, it's important for them to keep abreast of the latest research to make sure the defenses can't be bypassed by new techniques.

----------


## Neo

Got it cheers  :Wink:

----------


## harrybarracuda

But remember that anyone can hack your phone.

 :Smile:

----------


## pseudolus

> Car theft in the UK has been reduced by 90% in the last 20 years, car crime now being organised rather than random due to the preventative systems that have been put in place, yet manufacturers are rushing to embrace technology that leaves car security wide open to abuse and even simpler to circumvent than 20 years ago. 
> 
> Go figure.


indeed - every time I see google chrome having problems it scares the shit out of me that they are building cars. Couple to which, you will have retarded gayboys like IT Boy harry doing the repairs.

----------


## harrybarracuda

> indeed - every time I see google chrome having problems it scares the shit out of me that they are building cars.


Poor pseudopuss,

How do you sleep at night worrying about all this shit?

P.S. I would be more scared of Internet-enabled medical devices.

 :rofl:

----------


## Neo

Brazen no more, makers of account-draining bank trojan get 24 years | Ars Technica

----------


## harrybarracuda

FFS....

$10 router blamed in Bangladesh bank hack
22 April 2016

Hackers managed to steal $80m (£56m) from Bangladesh's central bank because it skimped on network hardware and security software, reports Reuters.
The bank had no firewall and used second-hand routers that cost $10 to connect to global financial networks.

$10 router blamed in Bangladesh bank hack - BBC News

----------


## slackula

> The bank had no firewall and used second-hand routers that cost $10 to connect to global financial networks.


Since abut 80% of bangladesh seems to be either underwater or suffering from a drought at any given time it's understandable they'd try and save money and all.

What isn't understandable is how the fuck anybody decided that allowing them into the global financial system would be a good idea.

----------


## harrybarracuda

Good to see the Mexicans go after the first white hat they could find. Must be taking lessons from the Thais....


And they've got their fingerprints, which now renders them fucking useless.





> A website that claims to contain the full database of hacked Filipino voter data has appeared online.
> 
> The hacking of the Philippines's voter registration system and database is believed to be the biggest data breach in government history, with more than 55 million people affected. On Thursday the website wehaveyourdata.com claimed to provide easy, searchable access to all the stolen data.
> 
> The site, which is offline at the time of writing, displays full names, addresses and passport numbers and fingerprint data of millions of Filipino voters. Other data contained in the breach and being displayed by the site includes the height and weight of voters and maternal and paternal names.
> 
> The Philippines' Commission on Elections (Comelec), the body at the centre of the data breach, continues to refuse to verify if any of the leaked data is legitimate.
> 
> Security researcher Troy Hunt, who has verified other uploads of the database posted online, said the site "appears to be consistent with the data breach". The site containing the hacked data was making money by displaying banner ads, he noted. Security firm Malwarebytes also said it had verified the legitimacy of the data. Hunt had earlier described the data breach as "freaking huge". "If you lose a password you can change it," he told WIRED on April 14. "You can't change a fingerprint."
> ...


Massive Philippines data breach now searchable online (Wired UK)

----------


## harrybarracuda

Hundreds of Spotify credentials appear online – users report accounts hacked, emails changed
Posted 15 minutes ago by Sarah Perez 

A list containing hundreds of Spotify account credentials – including emails, usernames, passwords, account type and other details – has popped up on the website Pastebin, in what appears to be a possible security breach. After reaching out to a random sampling of the victims via email, we’ve confirmed that these users’ Spotify accounts were compromised only days ago. However, Spotify claims that it “has not been hacked” and its “user records are secure.”

It’s unclear, then, where these particular account details were acquired, given that they are specific to Spotify, rather than a set of generic credentials that just happen to work on Spotify.

In addition to the email and login information, the Pastebin post also details the type of account (e.g. Family, Premium), when the subscription auto-renews, and the country where the account was created. The list of accounts is not limited to the U.S., but includes a number of users from all over the world.

Spotify has dealt with security incidents in the past, so one can’t immediately assume that a list of emails like this is related to a new data breach. It could have been that a list of previously compromised accounts is still circulating. And only one of the accounts we tried actually permitted a login, which also left room for doubt about the recency of this particular incident.

But the victims we reached out to told us otherwise.

So far, a half a dozen have responded, confirming that they did experience a Spotify account breach last week. They became aware of the breach in a number of ways – for example, one said he found songs added to his saved songs list that he hadn’t added.

Another also found his account had been used by an unknown third-party.

“I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices,” the victim, who preferred to remain anonymous, told us.

Several others said they were kicked out of Spotify – one even in the middle of streaming music.

When trying to log back in, these users found that their account email had been changed to a new email address not belonging to them. To resolve the matter, they’ve had to work with Spotify customer service to get their account access restored.

In none of the reported cases so far did Spotify reach out to the victims immediately following the breach, nor were their passwords proactively reset for them on their behalf by Spotify.

This seems to contradict the statement a Spotify spokesperson provided us today, when asked about this possible breach:

“We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

It could be that Spotify is still in the process of verifying the account credentials, which could take time.

According to the users we spoke to so far, this issue occurred last week. The Pastebin is dated April 23rd, however. (TechCrunch is declining to link to the Pastebin page to protect the victims.)

Some of the victims are only now dealing with the fallout. One person said they received the email notification that their password had been reset on Sunday. Two others are still in the process of trying to prove to Spotify they are the legitimate account owner.

“..The person was able to change my email address without a second verification, and now I’m jumping through hoops to close my account,” one person told us.

“I had to reach out to Spotify first, and it’s still ongoing,” another said. “They’ve not been helpful, and I’ve only succeeded in getting my account locked so far.”

Because of Spotify’s delay in reseting users’ passwords, many of the victims told us they’ve had problems that extend beyond the streaming service.

Unfortunately, because people often re-use their passwords on other sites, several reported their other accounts have been hacked into as well, including their Facebook, Uber, and even their bank account.

It’s unclear why the unknown third-parties responsible for this incident would want to actually use the Spotify user logins to play music – especially as that alerts the users to the breach. Typically, a hacker would want to simply collect then re-sell the credentials, which makes this particular incident odd.

More to come, as information becomes available.

Hundreds of Spotify credentials appear online ? users report accounts hacked, emails changed | TechCrunch

----------


## harrybarracuda

> Unfortunately, because people often re-use their passwords on other sites, several reported their other accounts have been hacked into as well, including their Facebook, Uber, and even their bank account.


Stupid people. I see Stupid people everywhere.

----------


## harrybarracuda

The meat of the Bangla/SWIFT rip off if you're interested.

BAE Systems Threat Research Blog: Two bytes to $951m

----------


## harrybarracuda

German Nuclear Plant Is 'Riddled' With Malware

By Guest Author  |  Posted 2016-04-28

After the anniversary of the Chernobyl nuclear disaster, a German nuclear plant admits widespread malware infection.


By Tom Jowitt

A German nuclear power plant in Bavaria has admitted that its systems are riddled with malware, and has been shut down as a precaution—a day after the 30th anniversary of the Chernobyl nuclear disaster on Tuesday.

It was reported that the Gundremmingen nuclear power plant is located (75 miles) northwest of Munich, and is run by the German utility RWE.

The company admitted that malware had infected a number of its systems. It said it had immediately informed Germany's Federal Office for Information Security (BSI).

Malware Infection

Reuters reports "W32.Ramnit" and "Conficker" viruses were discovered at Gundremmingen's B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods.

Malware was also reportedly found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems.

The operator said that it has boosted its cyber-security measures, but insisted the malware was not a threat to the facility's operations because it is "isolated from the Internet."

Nuclear Security

This is not the first time that a nuclear power plant has had a security scare. Indeed, the potential risk to systems controlling critical infrastructure and industrial systems remains a worry for many governments and authorities around the world.

In 2015, a hacker managed to hack into the systems of a nuclear power plant in South Korea. A computer worm was later discovered in a device connected to the control system, but the plant operator insisted that the breach had not reached the reactor controls itself.

The hacker later posted files from the hack online, and included a demand for money.

The Stuxnet virus reportedly caused damage to nearly 3,000 centrifuges in the Natanz facility in Iran.

A German steelworks also suffered "massive damage" after a cyberattack on its computer network in late 2014.

Researchers have previously warned that security weaknesses in industrial control systems could allow hackers to create cataclysmic failures in infrastructure.

German Nuclear Plant Is 'Riddled' With Malware

----------


## harrybarracuda

Man jailed for failing to decrypt hard drives
28 April 2016

A man has been held in prison for seven months after failing to decrypt two hard drives that investigators suspect contain indecent images of children.

A court order says the man will remain jailed "until such time that he fully complies" with an order to unlock the password-protected devices.

The US man, who has not been charged with possessing illegal images, is appealing against his detention. "He has never in his life been charged with a crime," wrote his lawyer.

The case highlights the US government's ongoing battle with data encryption.
The man, a former police sergeant, cannot be named for legal reasons.

The case so far

In March 2015, investigators in Delaware County, Pennsylvania, seized computer equipment from the man's home, including two password-protected hard drives.
The investigators had been monitoring the online network Freenet and decided to search the man's home, according to news site Ars Technica.

After a district court ruled the man would not be compelled to decrypt the hard drives, investigators took the case to a federal court that issued a warrant to search the devices.

The government then invoked a 1789 law called the All Writs Act, which gives federal courts the power to force people to co-operate in a criminal investigation.
The same law was controversially invoked by the FBI when it tried to compel Apple to decrypt the iPhone used by California gunman Syed Rizwan Farook. Apple said that the demand was a "stretch" of the law.

According to the jailed man's appeal, he appeared at the district attorney's office to enter passcodes for the hard drives - but they failed to work.

He was then ordered to explain his failure to enter the correct passcodes, but after declining to testify was held in contempt of court and jailed.

"His confinement stems from an assertion of his Fifth Amendment privilege against self-incrimination," wrote the man's lawyer, Keith Donoghue.

The US Constitution's Fifth Amendment is designed to protect people from being forced to testify and potentially incriminating themselves and states: "No person shall be... compelled in any criminal case to be a witness against himself."

The Electronic Frontier Foundation, which campaigns for digital rights, said: "Compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them."

The man's appeal also contends that he should not be forced to decrypt the hard drives because the investigators do not know for certain whether indecent images are stored on them.
The EFF agreed: "Complying with the order would communicate facts that are not foregone conclusions already known to the government".

The appeal, which argued the man should be released from prison while it was considered, was filed on 26 April.

Man jailed for failing to decrypt hard drives - BBC News

----------


## harrybarracuda

An interesting idea: A collated list of Airport Wifi/Passwords.

A Map Of Wireless Passwords From Airports And Lounges Around The World (Updated Regularly) - foXnoMad

----------


## harrybarracuda

Top 10 Web Hacking Techniques of 2015
Kuskos	| January 12, 2016
UPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and judging by our esteemed panelists, we are pleased to announce our Top 10 List of Web Hacking Techniques for 2015:

FREAK (Factoring Attack on RSA-Export Keys)
LogJam
Web Timing Attacks Made Practical
Evading All* WAF XSS Filters
Abusing CDN’s with SSRF Flash and DNS
IllusoryTLS
Exploiting XXE in File Parsing Functionality
Abusing XLST for Practical Attacks
Magic Hashes
Hunting Asynchronous Vulnerabilities
Congratulations to the team that discovered FREAK! 

The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian,Michael Bailey, and J. Alex Halderman. The team can be contacted at freakattack@umich.edu.

Congratulations to all those that made the list! Your research contributions are admired and should be respected. And a special thanks to everyone that voted or shared feedback. Also, for anyone that would be interested in learning more about this list, Johnathan Kuskos will be presenting the list at AppSec Europe on June 1st.

https://www.whitehatsec.com/blog/top...iques-of-2015/

----------


## harrybarracuda

Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts

Jamie Condliffe
Today 3:37am

It may be a good time to update your email password. A report from Reuters suggests that over 270 million hacked email credentials—including those from Gmail, Hotmail and Yahoo—are circulating among Russian digital crime rings.

Reuters reports that an investigation by Hold Security revealed the huge stash of login details, that are said to be being traded among criminals. Most of the credentials relate to the Russian email service Mail.ru, but the team has also identified details from Google, Yahoo and Microsoft.

The team from Hold Security was offered a tranche of 1.17 billion email user records in an online forum, and asked to pay just $1 for a copy of the data. The team refuses to pay for stolen data, but was given the information anyway when it offered to post positive comments about the hacker online.

The team has since sifted through the data set to remove duplicates, revealing that it contains 270 million unique records. Alex Holden, the founder of Hold Security, told Reuters that the data was “potent,” adding that the “credentials can be abused multiple times.”

Hold Security has apparently alerted all of the affected email providers. Mail.ru, Google, Yahoo and Microsoft are all now investigating the situation.

It may be that the stash is out of date and doesn’t present too much of a security threat—though, of course, it could be a new pool of data, in which case the accounts included in the tranche could be at risk. Initial reports to the BBC from Mail.ru suggest that there may also be a lot of repetition in the records, with usernames repeated with multiple passwords.

It may be a good time to refresh your password anyway.

[Reuters]

Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts

----------


## harrybarracuda

The perfect solution to insecure Wifi hotspots - your own VPN/Firewall/Tor on a usb-powered box. And they do an Ethernet version as well.

Tiny Hardware Firewall VPN Client

----------


## baldrick

^ why not have a tp-mr3040 with open wrt / vpn client and a 5$ a month VPN service paid for with bitcoin ?

or 5$ a month to a bulgarian VPS and install your own openvpn server and tor entry node ? also allows you to install a nginix webserver and run a hidden service

or go the whole hog and install a xen hypervisor and have tailes/qubes guest OS to connect to your VPN on the VPS and then straight to tor ?

----------


## harrybarracuda

Supposedly you can get it without the VPN sub, just not from them.

But it's literally a plug and play everything.

You just open its webpage and click a button to turn on the VPN, and/or click a button to turn on Tor.

$35 and it fits on a keyring and powers off USB.

I mean how convenient is that?

----------


## harrybarracuda

May 13, 2016
Second bank hit with SWIFT-based hack, experts say patches failed

The Society for Worldwide Interbank Financial Telecommunication (SWIFT) revelation that another bank was victimized using the same modus operandi as that in the Bangladesh bank hack has the security industry believing the SWIFT system is flawed and possibly still vulnerable to another attack.
The second incident targeted an unnamed commercial bank, according to a SWIFT statement, where malware installed on the SWIFT messaging system was used against the banks' secondary controls, in this case a PDF reader used by the bank to check statement messages. The malware then removed any sign of the breach, SWIFT wrote to its customers. The fact that a second incident has taken place is a sign to security experts that whatever fix was implemented was ineffective and the flaw may still exist.

“News of another incident in which malware was apparently used to cover the tracks of unauthorized banking instructions transmitted by the SWIFT network suggests remediation efforts following February's $81 million Bangladesh reserve bank heist have so far been inadequate,” ESET Senior Security Researcher Stephen Cobb told SCMagazine.com in an email.

SWIFT said its customers have to step up their game and put in place better security.

"In both instances, the attackers have exploited vulnerabilities in banks funds' transfer initiation environments, prior to messages being sent over SWIFT. The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process," SWIFT said.

In February hackers breached the Bangladesh bank's systems, stealing credentials needed to authorize payment transfers from the country's monetary reserves in the Federal Reserve Bank of New York to fraudulent accounts based in the Philippines and Sri Lanka.

Part of the issue mitigating this problem is that none of those involved are certain exactly how the breach occurred, or at least have not said so publicly. SWIFT made the broad comment that it could have been done by an outside gang or conversely it could be inside job. The financial messaging service did give out a few firm details on what transpired saying the attacker compromised the banks' environment by obtaining valid operator credentials and submitting fraudulent messages by impersonating the people from whom the credentials were stolen.

“The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both,” Swift wrote.

Cobb added that the malware issue at the heart of the problem already should have been fixed and its banking partners.

“Given that hundreds of millions of dollars are potentially in play with this type of attack, the presence of malware used to obscure transactions should have been dealt with right away, at every participating institution. The abuse of credentials on the system, seemingly essential to initiating the fraudulent messages that move money, should also have been addressed by now,” he said

Other security advisors weighed in with some steps that could be taken to fix the problem at hand and that should be included to protect future transactions on the SWIFT system. This included adding two-factor authentication into the system, relying less on the human element that is involved in making the SWIFT system work and upgrading the SWIFT software.

“Initiation of transfers is still based on trust. The bank is trusting that the user/batch is who they say they are. The problem is that we seem to be missing a key mitigation strategy here; Multi-factor authentication. The attack could have been thwarted with a simple process of authentication using something you have, something you know, and something you are,” said Brad Bussie, director of product management at STEALTHbits Technologies to SCMagazine.com in an email.

Wim Remes, Rapid7's manager of strategic services, EMEA, told SCMagazine.com in an email that SWIFT and the banks each have to make changes.

“The reality is that most likely an upgrade of the SWIFT software would be needed for all clients and potentially changes on the operating system level as well. Between now and the time that every participant in the SWIFT network has gone through this process there is always a risk that one of the participants will be hacked,” Remes said.

SWIFT again put the majority of the onus to fix the problem on the banks saying they should quickly ensure their endpoints are secure.

Cobb agreed with this stance saying any bank could be a target of this type of attack if it uses SWIFT and does not exercise tight control over its own banking credentials and maintain system integrity.

Dave Amsler, president and founder of Raytheon Foreground Security, said sitting back and just playing defense is another mistake being made. He noted that the advanced systems used by criminals are constantly making adjustments to their malware to beat the installed security software.

“There is only one way to find the most sophisticated, damaging cyber threats within a network: proactively hunt for them,” he said.

Second bank hit with SWIFT-based hack, experts say patches failed

----------


## harrybarracuda

Microsoft has finally decided to remove one of its controversial features Wi-Fi Sense network sharing feature from Windows 10 that shares your WiFi password with your Facebook, Skype and Outlook friends and enabled by default.

With the launch of Windows 10 last year, Microsoft introduced Wi-Fi Sense network sharing feature aimed at making it easy to share your password-protected WiFi network with your contacts within range, eliminating the hassle of manually logging in when they visit.

This WiFi password-sharing option immediately stirred up concerns from Windows 10 users especially those who thought the feature automatically shared your WiFi network with all your contacts who wanted access.

But Wi-Fi Sense actually hands over its users controls so they can select which networks to share and which contact list can access their Wi-Fi.

Also, the feature doesn't share the actual password used to protect your Wi-Fi, but it does give your contacts access to your network.

However, the biggest threat comes in when you choose to share your Wi-Fi access with any of your contact lists.

But, Who really wants to share their Wi-Fi codes with everyone in the contacts?

Of course, nobody wants.

Since the feature doesn't give you the option to share your network with selected individuals on Facebook, Skype or Outlook, anyone in your contact list with a malicious mind can perform Man-in-the-Middle (MITM) attacks.

We have written a detailed article on Wi-Fi Sense, so you can read the article to know its actual security threat to Windows 10 users.

Although Microsoft defended Wi-Fi Sense network-sharing as a useful feature, Windows users did not give it a good response, making the company remove WiFi Sense's contact sharing feature in its latest Windows 10 build 14342.

"The cost of updating the code to keep this feature working combined with low usage and low demand made this not worth further investment," said Microsoft Vice President Gabe Aul. "Wi-Fi Sense, if enabled, will continue to get you connected to open Wi-Fi hotspots that it knows about through crowdsourcing."

Microsoft just released its latest Windows 10 build for testers. The company will remove the Wi-Fi Sense password sharing feature as part of its Anniversary Update due in the summer, but will keep the Wi-Fi Sense feature that lets its users connect to open networks.

Microsoft removes its controversial Windows 10 Wi-Fi Sense Password Sharing Feature

----------


## harrybarracuda

May 17, 2016
Updated banking malware turns entire ATM into a skimmer


Researcher spotted a new and improved ATM malware that turns ATMs into payment card skimmers.

Kaspersky Lab researchers discovered a new and improved version of the ATM malware dubbed “Skimmer” which targets banks and turns entire ATM machines into payment card skimmers.

The malware is installed either through directly accessing the machine or via the bank's internal network. It is capable of executing 21 malicious commands, including dispensing money, collecting and then printing the payment card and account details, and self delete, according to a May 17 Kaspersky press release.The company did not know how many machines are impacted.

Rather than acting immediately, the cybergang responsible for the malware will often leave the Skimmer active on the machine for months before accessing the data so as to not arouse suspicion, the release said.

The malware is obscured using the commercially available Themida packer which makes it difficult for security staffers to analyze, Kaspersky researchers Olga Kochetova and Alexey Osipov said in a May 17 blog post.


Updated banking malware turns entire ATM into a skimmer

----------


## harrybarracuda

A nice free tool to protect you from some variants of Ransomware.

Free Bitdefender tool prevents Locky, other ransomware infections, for now



The tool tricks Locky, TeslaCrypt and CTB-Locker ransomware into believing that computers are already infected

By Lucian Constantin
IDG News Service | Mar 29, 2016 7:18 AM PT

Antivirus firm Bitdefender has released a free tool that can prevent computers from being infected with some of the most widespread file-encrypting ransomware programs: Locky, TeslaCrypt and CTB-Locker.

The new Bitdefender Anti-Ransomware vaccine is built on the same principle as a previous tool that the company designed to prevent CryptoWall infections. CryptoWall later changed the way in which it operates, rendering that tool ineffective, but the same defense concept still works for other ransomware families.

While security experts generally advise against paying ransomware authors for decryption keys, this is based more on ethical grounds than on a perceived risk that the keys won't be delivered.

In fact, the creators of some of the most successful ransomware programs go to great lengths to deliver on their promise and help paying users decrypt their data, often even engaging in negotiations that result in smaller payments. After all, the likelihood of more users paying is influenced by what past victims report.

Many ransomware creators also build checks into their programs to ensure that infected computers where files have already been encrypted are not infected again. Otherwise, some files could end up with nested encryption by the same ransomware program.

The new Bitdefender tool takes advantage of these ransomware checks by making it appear as if computers are already infected with current variants of Locky, TeslaCrypt or CTB-Locker. This prevents those programs from infecting them again.

The downside is that the tool can only fool certain ransomware families and is not guaranteed to work indefinitely. Therefore, it's best for users to take all the common precautions to prevent infections in the first place and to view the tool only as a last layer of defense that might save them in case everything else fails.

*Users should always keep the software on their computer up to date, especially the OS, browser and browser plug-ins like Flash Player, Adobe Reader, Java and Silverlight.* They should never enable the execution of macros in documents, unless they've verified their source and know that the documents in question are supposed to contain such code.

Emails, especially those that contain attachments, should be carefully scrutinized, regardless of who appears to have sent them. Performing day-to day activities from a limited user account on the OS, not from an administrative one, and running an up-to-date antivirus program, are also essential steps in preventing malware infections.

"While extremely effective, the anti-ransomware vaccine was designed as a complementary layer of defense for end-users who don’t run a security solution or who would like to complement their security solution with an anti-ransomware feature," said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, via email.

Free Bitdefender tool prevents Locky, other ransomware infections, for now | Computerworld

----------


## Sumbitch

> harold - you missed patch tuesday for microsoft products
> 
> and adobe released some flash player patches which are always of the utmost importance if you allow flash advertisements to display on your browser
> 
> 
> 
> 
> 
> 			
> ...


These will all be removed by aegis-voat.cmd. Sorry. Thought they were Windows updates, not Adobe.  :Notworthy:

----------


## Sumbitch

This should be a good thread for readers to post their anti-virus and anti-malware software.

I use Microsoft Security Essentials for my antivirus software on my Win 7 and Emsisoft for anti-malware.

----------


## Latindancer

May 18, 2016 




Four years later, LinkedIn is still dealing with the effects of a 2012 data breach.
  At the time, hackers reportedly gained access to more than 6 million of the enterprise social network's 161 million users. But LinkedIn has confirmed that an additional set of data was released on Monday.


117M LinkedIn Passwords Leaked | News & Opinion | PCMag.com

----------


## harrybarracuda

> Originally Posted by baldrick
> 
> 
> harold - you missed patch tuesday for microsoft products
> 
> and adobe released some flash player patches which are always of the utmost importance if you allow flash advertisements to display on your browser
> 
> 
> 
> ...


And quite why would you want to remove Windows updates?

----------


## harrybarracuda

> May 18, 2016 
> 
> 
> 
> 
> Four years later, LinkedIn is still dealing with the effects of a 2012 data breach.
>   At the time, hackers reportedly gained access to more than 6 million of the enterprise social network's 161 million users. But LinkedIn has confirmed that an additional set of data was released on Monday.
> 
> 
> 117M LinkedIn Passwords Leaked | News & Opinion | PCMag.com


I banned LinkedIn a long time ago, and opened an account just to lock it.

Just a gazillion spams from Indians asking for jobs.

----------


## harrybarracuda

In surprising end to TeslaCrypt, the developers shut down their ransomware and released the master decryption key. Over the past few weeks, an analyst for ESET had noticed that the developers of TeslaCrypt have been slowly closing their doors, while their previous distributors have been switching over to distributing the CryptXXX ransomware.  

When the ESET researcher realized what was happening, he took a shot in the dark and used the support chat on the Tesla payment site to ask if they would release the master TeslaCrypt decryption key. To his surprise and pleasure, they agreed to do so and posted it on their now defunct payment site.



Now that the decryption key has been made publicly available, this allowed TeslaCrypt expert BloodDolly to update TeslaDecoder to version 1.0 so that it can decrypt version 3.0 and version 4.0 of TeslaCrypt encrypted files.  This means that anyone who has TeslasCrypt encrypted files with the .xxx, .ttt, .micro, .mp3, or encrypted files without an extension can now decrypt their files for free!

TeslaCrypt shuts down and Releases Master Decryption Key

----------


## Sumbitch

> And quite why would you want to remove Windows updates?


Read the small print.

----------


## Latindancer

> And quite why would you want to remove Windows updates?


I'm running Vista (no probs), but disabled updates for the last 2 months. Every time I enable them, I end up with a black screen soon after (can't remember if it's with cursor or without) , and have to go through Safe Mode, back to the last good configuration.

Not sure why this happens.

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> 
> And quite why would you want to remove Windows updates?
> 
> 
> I'm running Vista (no probs), but disabled updates for the last 2 months. Every time I enable them, I end up with a black screen soon after (can't remember if it's with cursor or without) , and have to go through Safe Mode, back to the last good configuration.
> 
> Not sure why this happens.


It should be fairly simple to use an iterative process to find out which one is bad and google it.

Better than leaving yourself unprotected.

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> And quite why would you want to remove Windows updates?
> 
> 
> Read the small print.


The small print says "wjblaney is a dick".

----------


## Sumbitch

> The small print says "wjblaney is a dick".


Same to you.

----------


## Neo

I've had enough of Avast getting so bloated and limiting the options to opt out of the ever increasing additions to it's software so I've switched to Avira after reviewing it's rating on AV Test  :Wink: 

https://www.av-test.org/en/

----------


## DrB0b

> It should be fairly simple to use an iterative process


A what now?

----------


## harrybarracuda

Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk
Lucian Constantin By Lucian Constantin  FOLLOW
IDG News Service | May 30, 2016

Owners of WordPress-based websites should update the Jetpack plug-in as soon as possible because of a serious flaw that could expose their users to attacks.

Jetpack is a popular plug-in that offers free website optimization, management and security features. It was developed by Automattic, the company behind WordPress.com and the WordPress open-source project, and has over 1 million active installations.

Researchers from Web security firm Sucuri have found a stored cross-site scripting (XSS) vulnerability that affects all Jetpack releases since 2012, starting with version 2.0.

The issue is located in the Shortcode Embeds Jetpack module which allows users to embed external videos, images, documents, tweets and other resources into their content. It can be easily exploited to inject malicious JavaScript code into comments.

Since the JavaScript code is persistent, it will get executed in users' browsers in the context of the affected website every time they view the malicious comment. This can be used to steal their authentication cookies, including the administrator's session; to redirect visitors to exploits, or to inject search engine optimization (SEO) spam.

"The vulnerability can be easily exploited via wp-comments and we recommend everyone to update asap, if you have not done so yet," said Sucuri researcher Marc-Alexandre Montpas in a blog post.

Sites that don't have the Shortcode Embeds module activated are not affected, but this module provides popular functionality so many websites are likely to have it enabled.

The Jetpack developers have worked with the WordPress security team to push updates to all affected versions through the WordPress core auto-update system. Jetpack versions 4.0.3 or newer contain the fix.

In case users don't want to upgrade to the latest version, the Jetpack developers have also released point releases for all twenty-one vulnerable branches of the Jetpack codebase: 2.0.7, 2.1.5, 2.2.8, 2.3.8, 2.4.5, 2.5.3, 2.6.4, 2.7.3, 2.8.3, 2.9.4, 3.0.4, 3.1.3, 3.2.3, 3.3.4, 3.4.4, 3.5.4, 3.6.2, 3.7.3, 3.8.3, 3.9.7, and 4.0.3.


Flaw in popular WordPress plug-in Jetpack puts over a million websites at risk | ITworld

----------


## harrybarracuda

Who's got a MySpace account?

I'd forgotten I had one.

*Notice of Data Breach*
You may have heard reports recently about a security incident involving Myspace. We would like to make sure you have the facts about what happened, what information was involved and the steps we are taking to protect your information. 
What Happened?
Shortly before the Memorial Day weekend, we became aware that stolen Myspace user login data was being made available in an online hacker forum. The data stolen included user login data from a portion of accounts that were created prior to June 11, 2013 on the old Myspace platform. 
We believe the data breach is attributed to Russian Cyberhacker â€˜Peace.â€™ This same individual is responsible for other recent criminal attacks such as those on LinkedIn and Tumblr, and has claimed on the paid hacker search engine LeakedSource that the data is from a past breach. This is an ongoing investigation, and we will share more information as it becomes available. 
What Information Was Involved?
Email addresses, Myspace usernames, and Myspace passwords for the affected Myspace accounts created prior to June 11, 2013 on the old Myspace platform are at risk. As you know, Myspace does not collect, use or store any credit card information or user financial information of any kind. No user financial information was therefore involved in this incident; the only information exposed was usersâ€™ email address and Myspace username and password. 
What We Are Doing
In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password by following instructions at https://myspace.com/forgotpassword 
Myspace is also using automated tools to attempt to identify and block any suspicious activity that might occur on Myspace accounts. 
We have also reported the incident to law enforcement authorities and are cooperating to investigate and pursue this criminal act. As part of the major site re-launch in the summer of 2013, Myspace took significant steps to strengthen account security.Â The compromised data is related to the period before those measures were implemented. We are currently utilizing advanced protocols including double salted hashes (random data that is used as an additional input to a one-way function that "hashes" a password or passphrase) to store passwords.Â Myspace has taken additional security steps in light of the recent report. 
What You Can Do
We have several dedicated teams working diligently to ensure that the information our members entrust to Myspace remains secure. Importantly, if you use passwords that are the same or similar to your Myspace password on other online services, we recommend you set new passwords on those accounts immediately. 
For More Information
If you have any questions, please feel free to contact our Data Security & Protection team at dsp_help@myspace-inc.com or visit our blog at https://myspace.com/pages/blog.

----------


## Sumbitch

I have one. But I can't remember my password.

What are you going to do about it Harry?

----------


## Sumbitch

The motherfuckers. They changed my password, which I can't remember, so how am I going to change that old password on any other accounts?

----------


## harrybarracuda

It's in the post.


https://myspace.com/forgotpassword

----------


## Sumbitch

It says "retrieve an existing password" but it doesn't do it.

Edit: sorry, it says "retrieve an existing account" but it will not retrieve your old password.

----------


## harrybarracuda

> It says "retrieve an existing password" but it doesn't do it.
> 
> Edit: sorry, it says "retrieve an existing account" but it will not retrieve your old password.


Click the link.

You get an email.

You click the link to set a new password.

It isn't rocket surgery.

----------


## baldrick

not forgetting that if you had a linkedin account in 2012 then your password has been compromised - get a password manager and change the linkedin password and every other site you use with a nice random 10 or 12 character

and if you have bought a lenovo recently




> Lenovo is warning users to uninstall its Accelerator support application after it was revealed to have what it says are serious interception vulnerabilities.
> 
> The company is one of five vendors caught pre-installing dangerously-vulnerable OEM software.
> 
> Duo Security researcher Mikhail Davidov reported the holes that would allow eavesdropping attackers to tap into Accelerator's unencrypted update channels to compromise users.
> 
> "A vulnerability was identified in the Lenovo Accelerator Application software which could lead to exploitation by an attacker with man-in-the-middle capabilities," Lenovo says.
> 
> "The vulnerability resides within the update mechanism where a Lenovo server is queried to identify if application updates are available.
> ...


Lenovo cries 'dump our support app' after 'critical' hole found ? The Register

----------


## Sumbitch

> Click the link.
> 
> You get an email.
> 
> You click the link to set a new password.
> 
> It isn't rocket surgery.


You didn't read what I said. I don't want a new password or even a new fucking account. If you reset your password how do know what your old password was?  :Roll Eyes (Sarcastic):

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Click the link.
> 
> You get an email.
> 
> You click the link to set a new password.
> 
> It isn't rocket surgery.
> ...


Why do you want your old password?

Can't you read?

Myspace has been compromised.

----------


## harrybarracuda

> not forgetting that if you had a linkedin account in 2012 then your password has been compromised - get a password manager and change the linkedin password and every other site you use with a nice random 10 or 12 character
> 
> and if you have bought a lenovo recently
> 
> 
> 
> 
> 
> 			
> ...


It's worse than that Jim.

Laptop Updaters From Major Vendors Pose Security Risks

By Sean Michael Kerner  |  Posted 2016-05-31

Researchers from Duo Security found multiple critical vulnerabilities in out-of-the box laptop software updaters from Lenovo, HP, Dell, Acer and Asus.

When consumers buy laptops at retail stores from major laptop vendors, the devices come out-of-the-box with various forms of software updaters. According to research published May 31 by Duo Security, those updates have been exposing users to security risks.

Duo Security found 12 vulnerabilities in the updaters, the worst of which could have potentially enabled an attacker to execute a full system compromise in less than 10 minutes. In some cases, the updaters are used to update what is commonly referred to as "bloatware," extra software that is added to a default operating system providing additional services. Duo Security also found, however, that in many instances "bloatware" isn't the only thing that is being updated by some of these tools.

"Things like device drivers and BIOS firmware get updated by some of them, as well," Darren Kemp, a security researcher at Duo Labs, told eWEEK. "So there are sometimes legitimate, necessary components being updated insecurely through the OEM updaters."

One major cause of the vulnerabilities that Duo Security identified is a lack of proper use of Secure Sockets Layer/Transport Layer Security (SSL/TLS) to authenticate and encrypt an update. Without proper use of SSL/TLS, an update could be intercepted or manipulated by an attacker to deliver malware, instead of a legitimate software update.

Kemp emphasized that the nature of the software being updated is really irrelevant to the overall outcome for an attacker, which is why it doesn't matter what the updaters are actually updating. He noted that the updaters are inherently privileged, executing with system-level permissions.

"There are many opportunities for a man-in-the-middle attacker to piggyback malicious commands or executable code on the back of seemingly legitimate bloatware updates," Kemp said. "The end result is still a compromise for the user; by the time they notice the update, if they notice it, it's probably too late."

Also of particular note is the fact that many of the updaters support the installation of "silent" updates that happen behind the scenes and do not notify the user. Kemp noted that silent updates can potentially be compromised without any indication an update has even been installed. To make matters worse, all the updaters Duo Security looked at provide automatic updates.

"While many of them have some feature that allows a user to interactively request the software check for updates, they all do it autonomously, as well," Kemp said.
While Duo Security found the vulnerabilities in the updaters, it did not find any instances where the vulnerabilities are or have been actively exploited in the wild. 

Additionally, most of the vendors that the updater vulnerabilities affected have already fixed the issues.

Kemp noted that during the course of Duo Security's research, Dell issued software updates that fixed all of the issues. HP fixed the issues with their updaters, while Lenovo simply removed the potentially vulnerable updating software from their systems. Acer and Asus responded to Duo Security, but haven't provided a formal timeline for public fixes, Kemp said.

The way that Duo Security found the security issues wasn't through an automated tool but, rather, through a mostly manual process. "We primarily disassembled most of the components manually and audited the code for vulnerabilities, in conjunction with reviewing packet captures to expedite reverse engineering," Kemp explained.
For consumers looking to protect themselves from the potential risks of vulnerable software updaters, the task is also somewhat manual. "Unfortunately, the only sure way to protect yourself is to simply remove any OEM software altogether, which is admittedly a frustrating task for less technical users," Kemp said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Laptop Updaters From Major Vendors Pose Security Risks

----------


## Sumbitch

> In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password by following instructions at https://myspace.com/forgotpassword


Did you bother to read your post? It says


> invalidated all user passwords


  Secondly, 


> These users returning to Myspace will be prompted to authenticate their account and to reset their password


 That says "reset password" not "retrieve old password"

----------


## Sumbitch

> and if you have bought a lenovo recently





> Lenovo cries 'dump our support app' after 'critical' hole found ? The Register


Thanks. I'm safe with win 7 but windows 10 users are not.




> Only those Lenovo machines with Windows 10 pre-installed sport the exposed app.


Lenovo cries 'dump our support app' after 'critical' hole found ? The Register

----------


## baldrick

a password manager - creates passwords for you for services and webpages - and you only have to remember your master password

https://ssd.eff.org/en/module/how-use-keepassx

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> 
> 
> 
> 			
> 				In order to protect our users, we have invalidated all user passwords for the affected accounts created prior to June 11, 2013 on the old Myspace platform. These users returning to Myspace will be prompted to authenticate their account and to reset their password by following instructions at https://myspace.com/forgotpassword
> 
> ...


You're not listening. 

I asked: "Why do you want your old password?"

----------


## Sumbitch

> not forgetting that if you had a linkedin account in 2012 then your password has been compromised - get a password manager and change the linkedin password and every other site you use with a nice random 10 or 12 character


If it wasn't for you, I'd be totally fooked. I am one of those idiots who use the same password on many different accounts, leaving unique ones only for my banking and business accounts.  :Confused:

----------


## Sumbitch

> if you use passwords that are the same or similar to your Myspace password on other online services, we recommend you set new passwords on those accounts immediately.





> Why do you want your old password?


bc I want to know what other accounts are at risk.

----------


## Sumbitch

> a password manager - creates passwords for you for services and webpages - and you only have to remember your master password


That would be great for a first time computer user with no existing web accounts. Unfortunately, i don't fit that Bill. I have been letting Google Chrome save my passwords so I have access to those accounts but I was using I.E. for a very long time before chrome. How can I retrieve all of my accounts from I.E.? I've bought 3 computers since 2007 and have tried to back up I.E.'s favorites so I can look there first. Do you have any other suggestions? Should I just say "screw-it", put the passwords I can find in the password manager and fook the rest? (The most important sites I use all the time, anyway.)

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> 
> 
> 
> 			
> 				if you use passwords that are the same or similar to your Myspace password on other online services, we recommend you set new passwords on those accounts immediately.
> 			
> ...


Well I don't know about IE, but in Chrome you can view your saved passwords anyway.

Settings, Advanced, Manage Passwords.

----------


## harrybarracuda

Here's a good solution to the password problem.



https://medium.com/@satoshilabs/sato...e6b#.cn6pyucen

Or Steve Gibson is pushing a new approach:

https://www.grc.com/sqrl/sqrl.htm

----------


## harrybarracuda

Cheeky.... if you have an Android Smart TV.






> It seems like you can’t go more than a few days lately without hearing about another ransomware attack. Sometimes it’s just regular folks getting hit by the scammers, but it can also be hospitals, universities, and businesses. Now, a new version of the Frantic Locker (or FLocker) Android ransomware has started popping up that goes after more than your phone or tablet. The new FLocker can lock down your TV until you pay up. And no, it doesn’t care that Game of Thrones is on.
> 
> FLocker has existed for a while now — it’s actually very well-maintained by ransomware standards. The developer is constantly updating the package and adding support for new Android system changes. In a new version of the malware, the owners added support for Android-powered smart TVs.
> 
> Weirdly, FLocker won’t work on Android devices that are in Kazakhstan, Azerbaijan, Bulgaria, Georgia, Hungary, Ukraine, Russia, Armenia, or Belarus. The first thing it does when reaching a new system (you have to install it somehow) is check its location. If it’s not in one of those countries, it attempts to install a command and control system on the smartphone or TV. Android has more security measures than your average Windows PC, believe it or not. In order to take control of your system, it needs administrator access. This is where the Android ransomware diverges from PC ransomware.
> 
> FLocker-paymentYou can’t just encrypt important system data on an Android device without root access, which most devices don’t have. Thus, FLocker tries to get the user to grant administrator access, which allows it to control the screen and prevents it from being uninstalled. It starts by asking nicely, then gets serious with a fake system update warning. When it has admin, FLocker locks the screen to a fake law enforcement notice. As a fine for some unclear criminal activity, the owner of the TV or phone is asked to pay $200. Is the strangest twist yet, this fine must be paid via iTunes gift cards.
> 
> Because we’re not dealing with an encrypted volume, it is possible to fix the FLocker ransomware yourself. You’ll need a computer with the Android developer tools running. Using an ADB command, you can kill the malware process that’s locking the screen, then go into the settings and revoke its administrator access. That’s not an overly technical process, but you need to already have ADB debugging enabled on your device. If that’s not possible, you’ll have to factory reset. That may or may not even be an option on your TV, so Trend Micro suggest contacting the manufacturer.


New Android ransomware targets smart TVs | ExtremeTech

----------


## Sumbitch

> Well I don't know about IE, but in Chrome you can view your saved passwords anyway.  Settings, Advanced, Manage Passwords.


Just dropped Chrome today. Am much happier with Firefox which can do everything that Chrome can and much more. The straw that broke the camel's back came in the last 2 days when Chrome started logging me out of all active web sites on the browser, including Google which I really need for my email. Every since I've been searching and implementing solutions I found surfing. Then I went over to Firefox and it was still logging me into gmail on opening the browser, which is my home page. And it remembered every login/password for all my sensitive, and most commonly used accounts, even though I don't remember logging on to Firefox except to copy and paste my repo to repos and comments. So it must have some kind of sync-up with Chrome or Google about password changes , if not, new accounts. But I'll soon find out about that as I imported all my favorites from Chrome, for the second time, apparently, as Firefox neatly put today's import folder next to the older one. So I'll check out the date stamps and size of both of them, if I have to delete one or the other due to duplicates.

The most important things are that Firefox is basically the platforms for the Tails OS and Tor browser.

 :sexy:

----------


## harrybarracuda

> The most important things are that Firefox is basically the platforms for the Tails OS and Tor browser.


Have you been taking computer lessons from Buttplug?

Firefox is a Browser.

Tor Browser is another Browser based on FireFox ESR.

Tails is an OS based on Debian (Linux).

Qubes is better, ask Ed Snowden.



 :Smile:

----------


## Sumbitch

Accept my apology. I should of thought of that as Tails runs off a USB drive. It does come embedded with Tor and it will accept other browsers except Chrome.  :rofl: 

Harry, see if you can check that out.  :Smile:

----------


## Dragonfly

again, in this day and age, who is stupid enough to use a password manager

and after they complain that users are not savvy enough in terms of good security practices,

harry, a corporate IT guy, being the first offender, 

priceless  :rofl:

----------


## Dragonfly

> Have you been taking computer lessons from Buttplug?


that's rich from someone claiming to run an IT department in a Fortune 500 company and then proceed to put the whole enterprise infrastructure at risk by letting users save all their passwords with a password manager,

I mean, are you real ?

----------


## baldrick

> again, in this day and age, who is stupid enough to use a password manager


do you know what a password manager is ?

I guess you either use the same password on each site or let your browser save them

actually , I think I should test and try and log into TD with your username and a password of 12345

----------


## harrybarracuda

> Originally Posted by Dragonfly
> 
> again, in this day and age, who is stupid enough to use a password manager
> 
> 
> do you know what a password manager is ?
> 
> I guess you either use the same password on each site or let your browser save them
> 
> actually , I think I should test and try and log into TD with your username and a password of 12345


You have to forgive him, what with his retardation and all.

Tell you what Buttplug, you're the big fucking hacker and all, why don't you try hacking my passwords, numbnuts?

Should be easy, start with my Teakdoor password you cum guzzling gallic retard.

 :rofl:

----------


## harrybarracuda

> Accept my apology. I should of thought of that as Tails runs off a USB drive. It does come embedded with Tor and it will accept other browsers except Chrome. 
> 
> Harry, see if you can check that out.


You're not listening. 

I said use Qubes.


https://www.qubes-os.org/tour/#what-is-qubes-os

----------


## Dragonfly

> do you know what a password manager is ?


do you ?

what I find extraordinary is how you think you can get away with it, lecturing others on IT shit when you don't even know basic good practice of password security. And you dare lecture me about security ? learn how to use your fucking password you fucking illiterate aussie, and if you can't, get a fucking iTab

fucking priceless  :rofl: 




> actually , I think I should test and try and log into TD with your username and a password of 12345


let me guess, this is your master password, I prefer 123456  :rofl:

----------


## Dragonfly

> Tell you what Buttplug, you're the big fucking hacker and all, why don't you try hacking my passwords, numbnuts?


does your Fortune 500 company let you get away with such poor practice ? no wonder cyberattacks are happening everything in those firms, when they have IT retards like you running their department

you wouldn't know you got hacked, that's the beauty of it. All Chinese hackers will "stealth" listen your IT infrastructure and you don't even know it. You could have been listened to for the last 10 years, and you still wouldn't know or find out about it.

Harry, you are a fucking joke, always been, but that takes the prize !!!

----------


## baldrick

> do you ?


yes - I use one and do not allow browsers to save passwords - this is the only way to safeguard your login information

as you do not use a password manager your advice and information should be treated with the same ridicule as the horse sperm leaking out your arse

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Tell you what Buttplug, you're the big fucking hacker and all, why don't you try hacking my passwords, numbnuts?
> 
> 
> does your Fortune 500 company let you get away with such poor practice ? no wonder cyberattacks are happening everything in those firms, when they have IT retards like you running their department
> 
> you wouldn't know you got hacked, that's the beauty of it. All Chinese hackers will "stealth" listen your IT infrastructure and you don't even know it. You could have been listened to for the last 10 years, and you still wouldn't know or find out about it.
> 
> Harry, you are a fucking joke, always been, but that takes the prize !!!


Come on Buttplug, the challenge is there. Stop trying to deflect.

You reckon you're some kind of shit hot hacker, although you've already had well worn arse handed to you on a plate.

Hack my Teakdoor password, go on you fucking loser.

 :rofl:

----------


## Latindancer

Ooohh ! The gauntlet has been thrown down !

----------


## harrybarracuda

> Ooohh ! The gauntlet has been thrown down !


And backed away from.

He's all mouth and no trousers.

 :rofl:

----------


## Sumbitch

I don't know if this has been brought up before but firefox has dropped Google's search engine as its default in favor of Yahoo. I  was worried until I found out the reason: a better contract. Also, you can still choose Google as your search engine.

----------


## harrybarracuda

> I don't know if this has been brought up before but firefox has dropped Google's search engine as its default in favor of Yahoo. I  was worried until I found out the reason: a better contract. Also, you can still choose Google as your search engine.


None of them are allowed to freeze out the competition, or else they'd be in trouble with regulators.

----------


## Dragonfly

> Hack my Teakdoor password, go on you fucking loser.


I think I found it already, "suck my big black cock"




> yes - I use one and do not allow browsers to save passwords


your password manager is saving your fucking passwords somewhere you fucking idiot, question of time before you get hacked and it will be resold to some chinese hack

----------


## baldrick

> your password manager is saving your fucking passwords somewhere you fucking idiot,


you blithering fool - of course it is - encrypted on my computer and protected with my master passcode

my passwords are not unencrypted in my browser and easily accessed by any drive by exploit looking for buttsecs

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Hack my Teakdoor password, go on you fucking loser.
> 
> 
> I think I found it already, "suck my big black cock"


No, that's just wishful thinking on your part.

So come on Buttplug, hack my password or you'll have to admit that you're a just a bad bullshit artist who doesn't know a fucking thing about IT.


 :smiley laughing: 


Tell you what fuckhead, I've even made it easy for you. I've set it to an eight character dictionary word.

Go on tosser, fill your boots (and I don't mean with ladyboy jizz).

 :rofl:

----------


## Dragonfly

> So come on Buttplug, hack my password or you'll have to admit that you're a just a bad bullshit artist who doesn't know a fucking thing about IT.


harry, you fooking Corporate muppet, you are getting all worked up because I exposed your fooking lazy ass and your online "reputation" is at stake  :rofl: 

told your password already, and we all know you are going to change it immediately

now tell us how again about your password manager, and how much you need it because your 2 brain cells can't work out a password strategy

----------


## Sumbitch

> None of them are allowed to freeze out the  competition, or else they'd be in trouble with regulators.


I much prefer the options provided by Google, like an image search and images from a regular search which allow you to choose a gif.

----------


## Dragonfly

> encrypted on my computer and protected with my master passcode


maybe you should start reading security news, fucking encryption is easily broken these days, do you think those hackers get around with "1234" password when they go after their victims ?

jesus christ, a password manager, at least you are not running an IT department like Harry does, and we can only hope it's for you gay porn numerous websites

----------


## baldrick

> fucking encryption is easily broken these days


big words you possum felching , racid cum snorter

AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes are not going to be cracked by rainbow tables and my master password I have not seen in any of these password lists - and that is because it is unique to me

you should get back to painting gay pride rainbows on the hello kitty stickers adorning your ipad

----------


## Dragonfly

> AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes are not going to be cracked by rainbow tables and my master password I have not seen in any of these password lists - and that is because it is unique to me


big words you don't understand, and obviously you haven't read security news about hackers means to "open" those very strong encryption

absolutely clueless, fooking Aussie fool  :rofl:

----------


## harrybarracuda

> Originally Posted by baldrick
> 
> AES-256 bit encryption with PBKDF2 SHA-256 and salted hashes are not going to be cracked by rainbow tables and my master password I have not seen in any of these password lists - and that is because it is unique to me
> 
> 
> big words you don't understand, and obviously you haven't read security news about hackers means to "open" those very strong encryption
> 
> absolutely clueless, fooking Aussie fool


Come on, I have an eight character dictionary word set as my password just for you.

Either crack it or just admit you're talking out of your well worn arse you cottaging freak.

You're full of shit.

 :rofl:

----------


## Latindancer

Look, Buttplug....... I've managed to hack Latindancer's password easily enough.

Now YOU hack MINE.....if you think you're up to it.

----------


## harrybarracuda

> Look, Buttplug....... I've managed to hack Latindancer's password easily enough.
> 
> Now YOU hack MINE.....if you think you're up to it.


Of course he's not up to it, he's fucking clueless.

----------


## Dragonfly

> Come on, I have an eight character dictionary word set as my password just for you.  Either crack it or just admit you're talking out of your well worn arse you cottaging freak.


harry, you fooking IT retard, you are using a password manager to store your fooking password,

that alone speaks volume about your fooking skills,

told you already about your password, you like big black cock, nothing wrong with that

I dare you to prove that this wasn't your password  :rofl:

----------


## Dragonfly

> Look, Buttplug....... I've managed to hack Latindancer's password easily enough.
> 
> Now YOU hack MINE.....if you think you're up to it.


holly shit batman !!! he must have used the same password manager as you did

fooking retards  :Smile:

----------


## harrybarracuda

Our mate Buttplug has a yellow streak down his back...

----------


## Dragonfly

harry, stop beating around the bush and try to divert the attention from the real issue

you are using a fooking password manager, you fucking corporate muppet

no wonder all those S&P 500 companies get hacked all the time, with cheap IT skills like you

----------


## baldrick

> and obviously you haven't read security news about hackers means to "open" those very strong encryption


I beileve you have inserted your anal shotputs in the wrong order again you utter soi dog fellater

show me where your "security news " says your drivel ?

----------


## harrybarracuda

> harry, stop beating around the bush and try to divert the attention from the real issue
> 
> you are using a fooking password manager, you fucking corporate muppet
> 
> no wonder all those S&P 500 companies get hacked all the time, with cheap IT skills like you


Can you quote the bit where I said I use a password manager?

You dumb shit.

 :Smile: 

Now stop trying to chicken out.

Hack my dictionary word 8-character Teakdoor password or just admit you're a fucking idiot that knows so little about computers that you think Regedit installs Modem drivers.

 :rofl:

----------


## Dragonfly

> show me where your "security news " says your drivel ?


why don't you educate yourself and start to do your own news search ? fooking illiterate aussie,

I mean using a fooking "password manager", that takes the fooking prize  :rofl:

----------


## Dragonfly

harry, I already told your password, and you changed it again

why don't you look it up in your fooking password manager and post it here, you dumb fuck, because that's how secure you will be with a fooking "password manager", you dumb fook

now go back into the server room and mop that floor, you illiterate mupet

----------


## harrybarracuda

> harry, I already told your password, and you changed it again
> 
> why don't you look it up in your fooking password manager and post it here, you dumb fuck, because that's how secure you will be with a fooking "password manager", you dumb fook
> 
> now go back into the server room and mop that floor, you illiterate mupet


Buttplug all you are doing is embarrassing yourself.

Why don't admit you're just a one-handed mactard who knows fuck all.

You couldn't hack an ice cream with an axe.

 :rofl:

----------


## baldrick

> I mean using a fooking "password manager", that takes the fooking prize


of course if does you collector of dead gerbils - watch out they do not smudge your sticky notes with passwords when you put them on the shelves 

unlike your 1337 skillz tech web news repitoir I like to take the advice of proven experts in security to solve the problems of needing multiple different passwords




> I've long recommended a password manager to solve the very real problem that any password that can be easily remembered is vulnerable to a dictionary attack.


https://www.schneier.com/blog/archiv...ty_of_pas.html

----------


## Dragonfly

> unlike your 1337 skillz tech web news repitoir I like to take the advice of proven experts in security to solve the problems of needing multiple different passwords


from a fooking blog ? fook, you are more stupid than terry, and that takes some power

do your fooking research instead of being lazy and reading fooking gay security blogs for mac tards and win tards

god, you are fooking hopeless, you silly Aussi Retard.

----------


## Dragonfly

harry, be a fooking man for once, and post your fooking password here for all to see how fooking stupid you are with your fooking password manager,

do that or go lick that floor in the server room,

fooking crappy admin for fooking crappy S&P 500 company,

no wonder we are all doomed,

----------


## baldrick

> from a fooking blog


this is like discussing things with pwinoi - you really do not know who Bruce Schneier is ?

keeps on being a script kiddy and leave the adults alone

----------


## Dragonfly

Baldrik, you dumb fook

you are using a fooking password manager like a fooking senile grand mother,

that's the only issue here, you dumb fook

now go buy an iPad, I heard it has a nice password manager for old fookers like you  :rofl:

----------


## baldrick

I understand you only need one password which is for your teakdoor account 

recieveing penis', small de-furred animals and kitchen sinks into your rectum will not require passwords

why is why you have no idea what a password manager is

----------


## harrybarracuda

> I understand you only need one password which is for your teakdoor account 
> 
> recieveing penis', small de-furred animals and kitchen sinks into your rectum will not require passwords
> 
> why is why you have no idea what a password manager is


What do you expect from a bloke who doesn't even know how to work a proper computer?

----------


## Dragonfly

> why is why you have no idea what a password manager is


why is it that you are too fooking stupid to understand what kind of security issues they bring,

you and Harry are the prime examples of fooking fools who think they know their shit when they fooking don't and pose a security threat in their silly organizations by using fooking tools they shouldn't fooking use

I mean fooking priceless,

you belong to the fooking school of Indian IT fucks, with Harry the best in class  :rofl:

----------


## harrybarracuda

Still waiting for the gallic fag to hack my easy password. It seems he learned his lesson  from the last time he got his well worn arse handed to him on a plate.

 :rofl:

----------


## baldrick

> Still waiting for the gallic fag to hack my easy password


still waiting for the quebecois to finish being humped by a baby fur seal and say somthing other than

" you all don't know what you are talking about , but I do " 

and then not saying anything

which is why he is dismissed as a fool

----------


## Dragonfly

> Still waiting for the gallic fag to hack my easy password.


fook harry, we all know you are a fooking thick corporate shill, told your fooking password ages ago, deal the fook with it

now be a fooking good boy and tell us like a grown man that it wasn't it, and best of all, fooking prove it

----------


## Dragonfly

> which is why he is dismissed as a fool


oh that's fooking take the cake, you fooling Aussie retard, you lecturing me about being a fool, and yet you use a fooking password manager like a fooking tool

I mean you couldn't make that shit up, fooking IT idiots lecturing others on good IT practice when they can't even fooking get it right for a fooking password

who the fook they are kidding those 2 idiots,

go back to your room, your mum will call when diner is ready, you fooking retard

----------


## lom

> Tell you what fuckhead, I've even made it easy for you. I've set it to an eight character dictionary word.


PASSWORD  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
>  Tell you what fuckhead, I've even made it easy for you. I've set it to an eight character dictionary word.
> 
> 
> PASSWORD


Actually I set it to "Incorrect".

So when I type it wrong, it says "Your password is incorrect".

 :Smile:

----------


## lom

> Actually I set it to "Incorrect".


Can you count the number of characters for me? 

Personally I use strong passwords like "straw12berry34jam"  :rofl:

----------


## harrybarracuda

"Put it in the cloud" they said. "It will all be secure" they said.

Ooops.




> June 27, 2016
> Microsoft Office 365 hit with massive Cerber ransomware attack, report
> 
> Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last week that not only included a ransom note, but an audio warning informing victims that their files were encrypted.
> 
> Steven Toole, a researcher for the cloud-security firm Avanan, blogged that his company saw the first attack roll in at 6:44 a.m. on June 22 and that at least 57 percent of all Office 365 customers received at least one phishing attempt that contained the infected attachment. While Avanan did not supply a specific number of those possibly hit, Microsoft reported in its first quarter 2016 earnings report that there are 18.2 million Office 365 subscribers.
> 
> In a unique twist, the ransom note was accompanied by an audio file explaining the attack and how to regain access to the files. Toole said it took Microsoft more than 24 hours to detect the attack and start blocking the attachment. The attacker asked for a ransom totaling 1.4 bitcoin, or about $500, for the decryption key. 
> 
> ...


Microsoft Office 365 hit with massive Cerber ransomware attack, report

----------


## Dragonfly

I guess security is not MS strong point,

it has been what ? 25 years of security breach on Windows, what would we expect otherwise from Microsoft Cloud solutions ?

security cloud indeed, not security firewall

----------


## harrybarracuda

> I guess security is not MS strong point,
> 
> it has been what ? 25 years of security breach on Windows, what would we expect otherwise from Microsoft Cloud solutions ?
> 
> security cloud indeed, not security firewall


Buttplug it's a given that the only people that think Microsoft are good at security are them.

Long may it last, easy money.

 :rofl:

----------


## Dragonfly

weren't you advocating some blog from a MS "security" expert only a few days ago ?

guess, not much of a security expert with the track records of MS  :rofl: 

Mr password manager who takes security advice from MS security experts  :rofl:

----------


## harrybarracuda

> weren't you advocating some blog from a MS "security" expert only a few days ago ?


I don't know what that means Buttplug, you'll have to try and explain it in English.

Which blog? And how does one "advocate" it?

----------


## Dragonfly

let me dig out that for you, harry  :Smile:

----------


## baldrick

buttsecs , what do you know about security

anyone who tries to tell you that one OS is more secure than another is a clueless sh1tspeaker





> Which blog


his medications are causing him confusion and he meant me quoting Bruce Schneier - https://en.wikipedia.org/wiki/Bruce_Schneier 

our kisser of speleological gerbils seems to like to display his lack of knowledge

----------


## Dragonfly

> buttsecs , what do you know about security


a bit more than you and Mr Password Manager for a start,

----------


## Dragonfly

> his medications are causing him confusion and he meant me quoting Bruce Schneier


it's hard to tell you 2 idiotic fools apart some time, some retardation level

----------


## baldrick

> a bit more than you and Mr Password Manager for a start


you make these statements and back them up with your buttsecs exploit and you wonder why noone takes you seriously

----------


## Dragonfly

> you make these statements and back them up with your buttsecs exploit and you wonder why noone takes you seriously


I understand TD is your life and your online reputation means more than anything,

but it's a fooking forum for fun, who gives a shit if you take me seriously or not. You are not paying my bills last time I checked, retard.

----------


## harrybarracuda

> Originally Posted by baldrick
> 
> you make these statements and back them up with your buttsecs exploit and you wonder why noone takes you seriously
> 
> 
> I understand TD is your life and your online reputation means more than anything,
> 
> but it's a fooking forum for fun, who gives a shit if you take me seriously or not.



*IF*?

*OR* not?

No fucker takes you seriously, you cum guzzling poofter.

 :rofl:

----------


## Dragonfly

> No fucker takes you seriously, you cum guzzling poofter.


and no one will for you now, Mr fooking Password Manager  :rofl:

----------


## Neo

Malware hits millions of Android phones - BBC News

----------


## harrybarracuda

Firmware Flaw Affects Lenovo ThinkPads, Other PC Makers' Hardware


By Wayne Rash  |  Posted 2016-07-05 

NEWS ANALYSIS: A new zero-day vulnerability may also affect computers from other makers that used similar Intel UEFI reference code to create their BIOS firmware.


Lenovo has confirmed that reports of a critical vulnerability in the UEFI (unified extensible firmware interface) in its ThinkPad computers are accurate and it is currently investigating the problem.

Lenovo released a statement on June 30 verifying there is a vulnerability in the ThinkPad's System Management Mode (SMM) BIOS that was introduced by one of its independent BIOS vendors. However, Lenovo hasn't specified what range of ThinkPad models likely are affected by the vulnerability.

The UEFI is a current version of what used to be called the BIOS (basic input output system), which forms an interface between the computer hardware and the operating system, such as Microsoft Windows. The current practice is that the IBVs (independent BIOS vendors) work from reference code provided by the CPU manufacturer and then develops machine-specific code that provides the rest of the machine-specific interface.

Normally, machines using similar processors and chipsets will use the same reference code. This means that while the vulnerability could have been introduced by the IBV, it's also possible it was introduced by Intel when it created the reference code.

The vulnerability was found by an independent security researcher Dmytro Oleksiuk, who published details on GitHub, a software development collaboration site. Oleksiuk said in his posting that the vulnerability, which he has named ThinkPwn, allows the running of arbitrary SMM code. This enables an attacker to disable Flash write protection and then allow malware infection of the platform firmware. This, in turn, allows an attacker to disable Secure Boot and Virtual Secure Mode on Windows 10.

By embedding malware in the system firmware, an attacker can avoid detection by antimalware software. Furthermore, the malware may be difficult or impossible to remove. Oleksiuk noted in his GitHub entry that the vulnerability apparently was fixed by Intel in 2014, but because there was no public announcement, the vulnerability was never removed by computer makers that were using the earlier version in their UEFI code.

Further research by Oleksiuk and others appears to indicate that Lenovo isn't the only computer maker affected by the same bug. Independent security researcher Alex James reported in a series of Tweets that he found the same vulnerability on some HP laptop computers and in the firmware for some Gigabyte Technology motherboards.

The vulnerability was discovered so recently that the full extent of the problem is unknown. But because Intel and the independent BIOS vendors likely used similar reference code and UEFI software as much as possible, the problem is likely to be much more widespread than just the three makers that are currently known.

While Lenovo has acknowledged that the vulnerability exists, there's more to attacking a computer than the existence of a vulnerability. At the very least, there needs to be a means of delivering it.

For the ThinkPwn bug, the primary means of delivery needs to be a USB memory stick. Then, the computer needs to be booted from that drive before any malware can be initiated.

Analyst Jack Gold said the first thing business users should do is find out whether their anti-malware products will detect software that's trying to perform an exploit using the vulnerability. However, Gold said that because any exploit would be running in the firmware, he suspects that current antimalware apps would not find it.

Gold also said that because any exploit would probably need to be installed on a machine via physical access to its USB port, it's not an easy thing to do. His advice to IT managers: “Be mindful of this, stay up to date, but I wouldn't consider this a huge risk.”

But that doesn't mean that there's no risk at all. Oleksiuk has said in some of his public statements that he believes it would be possible to create a malware attack that would take advantage of the ThinkPwn vulnerability. But even if the exploit could be spread through malware, that doesn't necessarily raise the risk much.

The reason the risk is limited is because the UEFI is written specifically for each type of machine, and for an exploit to work, it would have to target this specific type as well. For this reason, a Lenovo exploit wouldn't work on a HP laptop, even if it had the same vulnerability.

What should the computer makers do about this vulnerability? The obvious answer is they can ask their BIOS vendors to create a new UEFI package using Intel reference code written after the vulnerability was fixed and then distribute a BIOS update.

But of course it's easy to say that a BIOS update would solve the problem, but issuing such an update can be very complex to current hardware owners. Worse, trusting individual owners to update the BIOS in their computers is a dangerous proposition. Done wrong, the result could effectively kill the computer, preventing it from ever working again.

Of more concern is Oleksiuk's suggestion that the ThinkPwn exploit was applied in malware. While such a malware attack would be very difficult because it would require the malware to detect the type of machine it was infecting, such sophisticated malware already has been created to attack other types of vulnerabilities. This means creating such malware to attack machines with different UEFI code is possible.

While there's no reason to panic about the possibility of malware aimed at your computers' BIOS, you also can't afford to drop your guard. Instead, keep in touch with Lenovo or whichever vendor builds your computers and find out if there is a vulnerability. If there is, you need to fix it as soon as possible.

Firmware Flaw Affects Lenovo ThinkPads, Other PC Makers' Hardware

----------


## baldrick

how to block third party cookies

How to Block Third-Party Cookies in Every Web Browser

and stop third party javascript

New attack steals SSNs, e-mail addresses, and more from HTTPS pages | Ars Technica




> Van Goethem said the only mitigation he knows of is to disable the  third-party cookies, since responses sent by the HTTPS site are no  longer associated with the victim. At the moment, most Web browsers by  default enable the receipt of third-party cookies, and some online  services don't work unless third-party cookies are allowed.

----------


## harrybarracuda

Black Hat: Do USB Keys Left in Parking Lots Get Picked Up?
By Sean Michael Kerner  |  Posted 2016-08-04

Will people pick up randomly placed USB keys and stick them in their PCs? A Google researcher who tested this out found surprising results.

LAS VEGAS—In the information security business, there is a longstanding myth that users will pick up random USB keys that can easily infect their machines. That's an urban legend that Elie Bursztein, anti-fraud and abuse research team lead at Google, put to the test and detailed in an amusing session at the Black Hat USA conference here.

Rather than just randomly drop USB drives, Bursztein developed a whole process that involved placing 297 keys at various locations on the University of Illinois campus. Bursztein worked with campus officials and didn't deploy malware on any of the USB keys, but rather included a simple HTML file for tracking as well as a follow-up survey for victims so they can learn what they did wrong.

Bursztein built an application on Google App Engine with a mobile tracking app for Android to manage the process. Not all the keys were identical, as Bursztein used five different labels in an attempt to see if different messages would affect the pick-up rate. Among the messages was one titled "final exam results" and one labeled "confidential." Each of the keys had a number of HTML links in them as well as links to pictures.

To add further diversity to the study, Bursztein placed the keys in various locations around the university campus—including in the parking lot, just outside a building doorway, in a hallway, in a classroom and in a common room.

Surprisingly, 46 percent of the dropped keys "phoned home," according to Bursztein, meaning someone picked up the key, plugged it into a computer and clicked a link.
Bursztein said he found no statistically significant variation across the different keys or even the drop locations.

Bursztein's experiment included a survey that 62 people who picked up the keys ended up filling out; 68 percent of those respondents said they picked up the keys because they wanted to return the drive, while 18 percent said that they were just curious. As it turns out, 54 people did follow instructions on the drive and returned it to Bursztein.

He emphasized that his USB drop wasn't malicious, but real hackers wouldn't be as kind and likely would infect users with malware. He suggested that awareness and security training is likely a good thing, as it's important to teach people to be mindful of what they plug into their computers. Additionally, Bursztein recommended that organizations physically block the USB ports on sensitive computers in order to minimize risk.

"You don't pick up food from the floor and eat it. You might get poisoned. So don't pick up random USB keys, either," Bursztein said.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

Black Hat: Do Randomly Placed USB Keys Get Picked Up?

----------


## harrybarracuda

Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack
 Sunday, August 07, 2016  Swati Khandelwal

Android has Fallen! Yet another set of Android security vulnerabilities has been discovered in Qualcomm chipsets that affect more than 900 Million Android smartphones and tablets worldwide.

What's even worse: Most of those affected Android devices will probably never be patched.

Dubbed "Quadrooter," the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device.

The chip, according to the latest statistics, is found in more than 900 Million Android tablets and smartphones.

That's a very big number.

The vulnerabilities have been disclosed by a team of Check Point researchers at the DEF CON 24 security conference in Las Vegas.

Critical Quadrooter Vulnerabilities:

The four security vulnerabilities are:

CVE-2016-2503 discovered in Qualcomm's GPU driver and fixed in Google's Android Security Bulletin for July 2016.

CVE-2016-2504 found in Qualcomm GPU driver and fixed in Google's Android Security Bulletin for August 2016.

CVE-2016-2059 found in Qualcomm kernel module and fixed in April, though patch status is unknown.

CVE-2016-5340 presented in Qualcomm GPU driver and fixed, but patch status unknown.

Qualcomm is the world's leading designer of LTE (Long Term Evolution) chipsets with a 65% share of the LTE modem baseband market. If any one of the four flaws is exploited, an attacker can trigger privilege escalations for gaining root access to an affected device.

All an attacker needs is to write a piece of malware and send it to the victim. When installed, the malware offers the attacker privilege escalation on the affected devices.
According to the researchers, the attack can also be conducted through a malicious app. An attacker needs to trick a user into installing a malicious app that, unlike other malware, would execute without requiring any special permission checks.
"Such an app would require no special permissions to take advantage of these vulnerabilities, alleviating any suspicion users may have when installing," Check Point researchers write in a blog post.

If any of the four vulnerabilities are successfully exploited, an attacker could gain root access to an affected device, giving the attacker full access to the device, including its data, camera and microphone.

List of Affected Devices (Popular)

android-vulnerability-scanner

More than 900 Million Android devices that ship with Qualcomm chip are vulnerable to the flaws.
Here's the list of some of the popular affected devices, though there are far more devices that are impacted by one or more Quadrooter vulnerabilities.

Samsung Galaxy S7 and Samsung S7 Edge
Sony Xperia Z Ultra
OnePlus One, OnePlus 2 and OnePlus 3
Google Nexus 5X, Nexus 6 and Nexus 6P
Blackphone 1 and Blackphone 2
HTC One, HTC M9 and HTC 10
LG G4, LG G5, and LG V10
New Moto X by Motorola
BlackBerry Priv

How to Check if Your Device is Vulnerable?

You can check if your smartphone or tablet is vulnerable to Quadrooter attack using Check Point's free app.

Since the vulnerable software drivers, which control communication between Qualcomm chipset components, come pre-installed on these devices at the time of manufacturing, they can only be fixed by installing a patch from the devices' distributors or carriers after receiving fixed driver packs from Qualcomm.
"This situation highlights the inherent risks in the Android security model," the researchers say. "Critical security updates must pass through the entire supply chain before they can be made available to end users."

Three of the four vulnerabilities have already been fixed in Google's latest set of monthly security updates, and a patch for the remaining flaw will be rolled out in the upcoming September update.

Since Qualcomm has already released the code, the phone manufacturers could be able to issue patches to the individual devices as soon as possible.
Android Nexus devices are already patched via the over-the-air updates, but other smartphone models will need to wait until their lazy phone manufacturers integrate the fixes into their own custom Android ROMs.

Warning! Over 900 Million Android Phones Vulnerable to New 'QuadRooter' Attack

----------


## harrybarracuda

Microsoft August Security Bulletin

8/9/2016	MS16-103	3182332	Security Update for ActiveSyncProvider	Important
8/9/2016	MS16-102	3182248	Security Update for Microsoft Windows PDF Library	*Critical*
8/9/2016	MS16-101	3178465	Security Update for Windows Authentication Methods	Important
8/9/2016	MS16-100	3179577	Security Update for Secure Boot	Important
8/9/2016	MS16-099	3177451	Security Update for Microsoft Office	*Critical*
8/9/2016	MS16-098	3178466	Security Update for Windows Kernel-Mode Drivers	Important
8/9/2016	MS16-097	3177393	Security Update for Microsoft Graphics Component	*Critica*l
8/9/2016	MS16-096	3177358	Cumulative Security Update for Microsoft Edge	*Critical*
8/9/2016	MS16-095	3177356	Cumulative Security Update for Internet Explorer	*Critical*

----------


## harrybarracuda

Researchers discover advanced cyber-espionage malware
It eluded detection for at least five years.

Mariella Moon , @mariella_moon
08.09.16 in Security

Both Kaspersky and Symantec have unearthed a new type of malware so advanced, they believe it could have links to a country's intelligence agency. They're calling it "Remsec," "Strider" (Aragorn's nickname in LOTR) and "ProjectSauron," because it has several references to the Necromancer in Tolkien's series. According to Symantec, it has been used for what could be state-sponsored attacks to infiltrate 36 computers across at least seven organizations around the world since 2011. 

Its targets include several individuals in Russia, a Chinese airline, an unnamed organization in Sweden and an embassy in Belgium. Kaspersky says you can add various scientific research centers, military installations, telecommunications companies and financial institutions to that list.

ProjectSauron has been active since at least 2011, but it was only unearthed recently because it was designed not to use patterns security experts usually look for when hunting for malware. Kaspersky only discovered its existence when it was asked by an unnamed government organization to investigate something weird going on with its network traffic.

The malware can move across a network -- across even air gapped computers that are supposed to be more secure than typical setups -- to siphon passwords, cryptographic keys, IP addresses, configuration files, among other data off computers. It then stores all those information in a USB drive that Windows recognizes as an approved device. Both security companies believe its development required the involvement of specialist teams and that it costs millions of dollars to operate.

They didn't name a government in particular, but they noted that the malware took cues from older tools used for state-sponsored attacks, including Flamer that's been linked to Stuxnet in the past. As you might know, the Stuxnet worm, widely believed to be the joint creation of the US and Israel, infected Iran's nuclear program computers in the mid-2000s.

https://www.engadget.com/2016/08/09/...auron-malware/

----------


## Latindancer

How on earth can it move across even air gapped computers ???

They're separated by a much larger gap than that odd whistling gap between ENT's front teeth .... :Roll Eyes (Sarcastic):

----------


## harrybarracuda

> How on earth can it move across even air gapped computers ???
> 
> They're separated by a much larger gap than that odd whistling gap between ENT's front teeth ....


Fill your boots.

https://securelist.com/analysis/publ...ectsauron-apt/

Stuxnet traversed airgaps; it was easy, employees moved it for them via USB drives.

In this case it's using more sophisticated methods to hide itself on those USB drives.

----------


## Neo

Woops..!

Secure Boot snafu: Microsoft leaks backdoor key, firmware flung wide open | Ars Technica UK

----------


## Perota

> Originally Posted by Latindancer
> 
> 
> How on earth can it move across even air gapped computers ???
> 
> They're separated by a much larger gap than that odd whistling gap between ENT's front teeth ....
> 
> 
> Fill your boots.
> ...



I believe that it is in Mr Robot that they describe a simple way to do it. Someone drop a few infected USB keys  in the parking lot of the company they want to hack. You need to have just one employee who pick up one of these keys and use it inside the company to infiltrate it.

----------


## Dragonfly

> You need to have just one employee who pick up one of these keys and use it inside the company to infiltrate it.


Harry would be that employee !!!

----------


## Dragonfly

> widely believed to be the joint creation of the US and Israel, infected Iran's nuclear program computers in the mid-2000s.


it's actually French, and I would have to kill you if I would reveal my source  :Razz:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> widely believed to be the joint creation of the US and Israel, infected Iran's nuclear program computers in the mid-2000s.
> 
> 
> it's actually French, and I would have to kill you if I would reveal my source


Stick to making cheese and surrender flags, you thick twat.

 :France:

----------


## Cujo

> Originally Posted by Dragonfly
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by harrybarracuda
> ...


 :rofl:

----------


## harrybarracuda

In the latest data breach impacting the hospitality industry, cybercriminals installed malware in the point-of-sale systems of HEI Hotels & Resorts and may have checked out with customer data including payment card information.

The company, which owns and operates approximately 50 hotels in the U.S. under the franchised brand names Starwood, Marriott, Hyatt and Intercontinental, acknowledged the breach in an online notification.

“Unfortunately, like many other organizations, we recently became aware that several of our properties may have been the victim of a security incident that could have affected the payment card information of certain individuals who used payment cards at point-of-sale terminals, such as food and beverage outlets, at some of our properties,” read the statement.

The malware, designed to capture payment card data in transit as it is routed between systems, was discovered and ultimately eliminated on June 21 after a card processing company alerted HEI of suspicious activity; however, the earliest incidents are known to date as far back as March 1, 2015. Potentially captured information likely includes names, payment card account numbers, expiration dates and verification codes.

HEI also published a notice letter, an FAQ document and a list of affected properties that includes 20 locations stretching from coast to coast. “We have disabled the malware and are in the process of reconfiguring various components of our network and payment systems to enhance the security of these systems,” HEI's notice letter read. HEI has also set up a toll-free number for customers with questions and concerns.

HEI's disclosure comes just days after researchers announced that numerous POS system vendors were compromised in a malware campaign that was likely the work of Russian cybercriminals. In one case, bad actors infected the customer support portal for Oracle's MICROS POS solution, and then waited for business users to log in to steal their passwords and infect their POS systems. It's not know if HEI is a customer of one of the recently affected POS vendors of if this is an entirely unrelated incident.

Regardless, cybersecurity insiders have taken note of a perceived uptick in hospitality industry data breach disclosures in 2016, including incidents affecting Hyatt Hotels Corporation, Kimpton Hotels & Restaurant Group, Omni Hotels & Resorts, and Rosen Hotels & Resorts.

“Any business, regardless of size or vertical specialty, that processes payment data or offers free Wi-Fi to guests, is a lucrative breach target. But unfortunately, large chains like HEI have bullseyes on their backs, enticing hackers with large quantities of valuable information such as credit card data for patrons, sensitive employee data for staff, and sometimes even medical data used by in-house care facilities,” said John Christly, CISO at security service provider Netsurion, in an emailed statement to SCMagazine.com.

“Hospitality companies have always been a target for attack because of both the type of data they hold and the relatively poor security they employ. Financial institutes and technology companies are much more difficult targets. Meanwhile hotel chains with a global presence are generally poorly protected from an information technology perspective,” said Gunter Ollmann, CSO at automated threat management firm Vectra Networks.” Also, because the hospitality industry “depends heavily on transient and temporary staff, they are more prone to physical subversion of their systems.”

In an interview with SCMagazine.com, Chris Strand, security risk and compliance officer at endpoint security company Carbon Black, said he's anything but surprised at the latest breach news, cautioning that the cybersecurity industry is so wrapped up in the ransomware epidemic that it's in danger of overlooking POS threats.

Strand pointed out that when malware campaigns zero in on hospitality chains, the targets are often franchised locations, much like HEI's hotels. The problem, according to Strand, is that franchisors too often “will allow individual franchises to let them run things their way. That means cybersecurity best practices “are pushed down to individual franchises, but not necessary adopted.”

Strand warned that often times franchised hotels systems are “outdated” and “inundated,” and that franchisors must get a better handle on how its franchisees address security concerns.

In the recent Wendy's restaurant data breach, all of the approximately 1,000 U.S.-based locations affected by the POS malware attack were franchised.

Other factors contributing to recent hospitality attacks, Strand added, are incorrect or incomplete adoption of the new “chip and PIN” EMV standard, as well as a tendency to settle for basic PCI compliance instead of aggressively pursuing next-generation security solutions and procedures. Ultimately, the responsibility to secure transactions at the POS is equally split among vendors and their customers, Strand concluded.

Consumers, too, must stay vigilant in checking their accounts for fraudulent activity. However, in a statement emailed to SCMagazine.com, malware research analyst Ken Bechtel from Tenable Network Security noted that in many cases, the consumer is rendered powerless.

“We often forget that the consumer is at a distinct disadvantage when dealing with POS malware, as this threat is beyond their control,” said Bechtel. “While cardholders can help protect their accounts by watching for skimmers, keeping their card within sight while paying bills and checking credit card statements for fraudulent activity, once a POS system is compromised there is nothing the user can do to prevent the activity. It's the responsibility of the organization to detect anomalies in credit card transactions and then take ongoing steps to prevent and remediate potential malware threats.”

Unwanted guests: Hackers breach HEI Hotels & Resorts' POS terminals

----------


## harrybarracuda

Cheap Chinese shit eh?





> Multiple Vulnerabilities in BHU WiFi “uRouter”
> By Tao Sauvage
> 
> A WONDERFUL (AND !SECURE) ROUTER FROM CHINA
> 
> The BHU WiFi uRouter, manufactured and sold in China, looks great – and it contains multiple critical vulnerabilities. An unauthenticated attacker could bypass authentication, access sensitive information stored in its system logs, and in the worst case, execute OS commands on the router with root privileges. 
> 
> In addition, the uRouter ships with hidden users, SSH enabled by default and a hardcoded root password…and injects a third-party JavaScript file into all users’ HTTP traffic.


IOActive Labs Research: Multiple Vulnerabilities in BHU WiFi ?uRouter?

----------


## harrybarracuda

Talking of Routers, an interesting concept from a bunch of lads who already make a custom Firewall distro of Linux.

Only on the AC88U so far but plans to roll out to other devices.

I think I have one at home, so I might give it a shot and report back.

https://www.untangle.com/firmware/

https://wiki.untangle.com/index.php/ASUS_RT-AC88U_Installation




> New home router OS tackles firmware shortcomings
> 
> Untangle announced the release of a new operating system for consumer Wi-Fi routers at DEF CON 24.
> 
> Router hardware has evolved and improved over the years, but its firmware remains stuck in the dark ages when it comes to security, network traffic visibility and control. Recognizing the inherent limitations in popular commercial routers, Untangle set about making a radical new OS for home routers based on its popular, broadly installed and easy-to-use NG Firewall product.
> 
> Untangle’s NG Firewall will be available to flash onto various router models, beginning with the Asus AC3100 RT AC88U.
> 
> “The open source community has known for a long time what router manufacturers are loathe to admit: router firmware is lacking,” said Dirk Morris, founder and chief product officer at Untangle. “Projects like DD-WRT have gained traction because of the limitations of the operating systems developed by hardware manufacturers. Firmware has failed to provide adequate security to the modern home, let alone network traffic visibility and shaping. Untangle handles these issues and more.”
> ...


https://www.helpnetsecurity.com/2016...ome-router-os/

----------


## harrybarracuda

Puts a different spin on the phrase "bug bounty"....

Wouldn't this be considered "stock manipulation"?





> Trading in stock of medical device paused after hackers team with short seller
> St. Jude Medical declares claim of vulnerability "false and misleading."
> 
> SEAN GALLAGHER - 8/27/2016, 12:22 AM
> 
> Trading in the stock of medical device manufacturer St. Jude Medical was halted Friday afternoon after a dramatic drop in its value. That drop was triggered by news of alleged vulnerabilities in the company's cardiac care devices. The vulnerability was disclosed not in a report by the company but by security researchers partnered with Muddy Waters Capital, an investment firm that had "shorted" St. Jude's stock on the information in order to profit from a drop in the stock's value.
> 
> The researchers at the security firm MedSec chose to take this route to disclosure, MedSec CEO Justine Bone said, to "ensure that St. Jude Medical responds appropriately and with urgency." The partnership with a short seller is a fundamental departure from the established approach of responsible disclosure normally taken by researchers. But it also represents an approach that bypasses the sort of legal maneuverings and threats, suppression of information, and inaction that have been experienced by researchers who have discovered vulnerabilities in other products. Researchers who discovered a vulnerability in Volkswagen electronic engine locks, for example, were forced to withhold a paper for two years through a court injunction filed by the automaker in 2012.
> 
> ...


Trading in stock of medical device paused after hackers team with short seller | Ars Technica

----------


## harrybarracuda

So, if you're a Dropbox user and you haven't changed your password since 2012, now's a good time to do it.






> Severity of 2012 Dropbox hack comes to light - 68m accounts were compromised
> 
> John McCarthy
> 31 August 2016 11:22am
> 
> Cloud-based file-manager Dropbox has admitted that the details of over 60 million accounts have been circulated online since a breach in 2012.
> 
> Dropbox
> Motherboard first reported the breach, claiming that while individual users were informed of the breach at the time with forced password resets, the scale of user information circulating on the dark web has just become apparent.
> ...


Severity of 2012 Dropbox hack comes to light - 68m accounts were compromised | Digital | The Drum

----------


## harrybarracuda

Here's what you should know, and do, about the Yahoo breach

Yahoo’s announcement that state-sponsored hackers have stolen the details of at least 500 million accounts shocks both through scale—it’s the largest data breach ever—and the potential security implications for users.

That’s because Yahoo, unlike MySpace, LinkedIn and other online services that suffered large breaches in recent years, is an email provider; and email accounts are central to users’ online lives. Not only are email addresses used for private communications, but they serve as recovery points and log-in credentials for accounts on many other websites.

An email compromise is one of the worst data breaches that a person could experience online, so here’s what you should know:

Fifty shades of hashing

Yahoo said that the “vast majority” of the stolen account passwords were hashed with bcrypt. Hashing is a one-way cryptographic operation that transforms data into a set of random-looking characters that serves as its unique representation—this is called a hash.

Hashes are not supposed to be reversible, so they’re a good way to store passwords. You take input, such as a password, pass it through a hashing algorithm and compare it to a previously stored hash.

This provides a way to verify passwords at log-in time without actually storing them in plain text in the database. But not all hashing algorithms offer equal protection against password cracking attacks that attempt to guess which plaintext password generated a specific hash.

Unlike the ageing MD5, which is quite easy to crack if implemented without additional security measures, bcrypt is considered a much stronger algorithm. This means that in theory, the likelihood of hackers cracking “the vast majority” of Yahoo passwords is very low.

But here’s the problem: Yahoo’s wording suggests that most, but not all passwords were hashed with bcrypt. We don’t know how many passwords were hashed with another algorithm, or which one it was. The fact that this hasn’t been specified in Yahoo’s announcement or FAQ page suggests that it’s an algorithm that’s weaker than bcrypt and that the company didn’t want to give away that information to attackers.

In conclusion, there’s no way to tell if your account was among those whose passwords were hashed with bcrypt or not, so the safest option at this point is to consider your email compromised and to do as much as damage control as possible.

Don’t keep emails just because you can

Once hackers break into an email account they can easily discover what other online accounts are tied to that address by searching for sign-up emails. These are the welcome messages that most websites send when users open a new account, and which users rarely delete. These days most email providers offer enough storage space that users won’t ever have to worry about deleting messages.

Aside from exposing the links between an email address and accounts on various websites, those sign-up emails can also expose the specific account names chosen by the user, if different from their email address.

If you’re among the people who don’t delete welcome emails and other automatic notifications sent by websites, such as password resets, then you might want to consider doing so and even go back to clean your mailbox of such communications.

Sure, there might be other ways for hackers to find out if you have an account on a certain website, or even a number of websites, but why make it easier for them to compile a full list?

Be careful when asked for your personal details

Among the account information that hackers stole from Yahoo were real names, telephone numbers, dates of birth and, in some cases, unencrypted security questions and answers. Some of those details are sensitive and are also used for verification by banks and possibly government agencies.

There are very few cases when a website should have your real date of birth, so be judicious about providing it.

Also, don’t provide real answers to security questions, if you can avoid it. Make something up that you can remember and use that as answer. In fact, Yahoo doesn’t even recommend using security questions anymore, so you can go into your account’s security settings and delete them.

Check your email forwarding rules regularly

Email forwarding is one of those “set it and forget it” features. The option is buried somewhere in the email account settings that you never check and if it’s turned on there’s little to no indication that it’s active.

Hackers know this. They only need to gain access to your email account once, set up a rule to receive copies of all your emails and never log back in again. This also prevents the service from sending you notifications about repeated suspicious log-ins from unrecognized devices and IP addresses.

Two-factor authentication everywhere

Turn on two-factor authentication—this is sometimes called two-step verification—for any account that supports it. This will prompt the online service to ask for a one-time-use code sent via text message or generated by a smartphone app, in addition to the regular password, when you try to access the account from a new device.

It’s an important security feature that could keep your account secure even if hackers steal your password. And Yahoo offers it, so take advantage of it.

Don’t reuse passwords; just don’t

There are many secure password management solutions available today that work across different platforms. There’s really no excuse for not having unique, complex passwords for every single account that you own. If you do want memorable passwords for a few critical accounts use passphrases instead: sentences made up of words, numbers and even punctuation marks.

Here comes phishing

Large data breaches are typically followed by email phishing attempts, as cybercriminals try to take advantage of the public interest in such incident.

These emails can masquerade as security notifications, can contain instructions to download malicious programs that are passed as security tools, can direct users to websites that ask them for additional information under the guise of “verifying” their accounts and so on.

Be on the lookout for such emails and make sure that any instructions that you decide to follow in response to a security incident came from the affected service provider or a trusted source.

Here's what you should know, and do, about the Yahoo breach | PCWorld

----------


## david44

The asseword managers :rofl:

----------


## Dragonfly

^ that's Harry fooked then, he only swear by them  :rofl:

----------


## Cujo

> ^ that's Harry fooked then, he only swear by them


Thought you were going to hack his drop box.
What happened to that?

----------


## harrybarracuda

> Originally Posted by Dragonfly
> 
> 
> ^ that's Harry fooked then, he only swear by them 
> 
> 
> Thought you were going to hack his drop box.
> What happened to that?


Oh Buttplug's always threatening to hack people.

The trouble is he wouldn't have a clue where to start.

 :Smile:

----------


## Latindancer

He starts at the bottom, of course  :Smile:

----------


## Dragonfly

> Thought you were going to hack his drop box.


I did ? link ? probably harry asking me some silly challenge so he could share with me his ladyboy porn collection  :rofl:

----------


## baldrick

> state-sponsored hackers


are they on the benefits ?

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> state-sponsored hackers
> 
> 
> are they on the benefits ?


Fucking Ruskies again innit.

----------


## baldrick

dunno

they could have geolocated and noticed that the haxoring did not start till 10 or 11 in the morning and stopped for an hour in the afternoon when the young and the restless was on the tele

so thus the cnuts were on the dole

----------


## Cujo

> Originally Posted by Cujo
> 
> Thought you were going to hack his drop box.
> 
> 
> I did ? link ? probably harry asking me some silly challenge so he could share with me his ladyboy porn collection





> let me hack your dropbox account, I am sure I would get all your passwords there 
> 
> and then I will store all my gay porn on your Dropbox,
> 
> you will be wanking silly until your death,


https://teakdoor.com/3341469-post175.html

----------


## harrybarracuda

> Just two days after Yahoo! admitted hackers had raided its database of at least 500 million accounts, the Purple Palace is being dragged into court.
> 
> Two Yahoo! users in San Diego, California, filed on Friday a class-action claim [PDF] against the troubled web biz: Yahoo! is accused of failing to take due care of sensitive information under the Unfair Competition Act and the state's Consumer Legal Remedies Act, plus negligence for its poor security, and breaking the Federal Stored Communications Act.
> 
> The stolen Yahoo! database includes people's names, email addresses, telephone numbers, dates of birth, hashed passwords and encrypted or unencrypted security questions and answers about their personal lives.
> 
> “There's a sense of violation,” the plaintiffs' lawyer David Casey, of Casey Gerry Schenk Francavilla Blatt & Penfield, told The Register last night.
> 
> “We think they breached their duty of trust to the clients and violated privacy laws. I anticipate hundreds of cases will be filed and then those will be consolidated into one federal class action suit.”
> ...


And! it! begins! Yahoo! sued! over! ultra-hack! of! 500m! accounts! ? The Register



_"Casey said that at least one of his clients had already seen dodgy activity on their credit card which had been attributed to the attack and another was concerned that their financial and tax data had been viewed by outsiders."_

Tip: You're doing it wrong.

----------


## Neo

I have seen the future of the Internet: Millions of rogue fridges will render it unusable | Ars Technica UK


A smart fridge that was apparently subverted into showing Pornhub in a US store.


High-resolution pictures and videos may reveal more than you want.

----------


## Neo

Brace yourselves: Source code powering potent IoT DDoSes just went public | Ars Technica UK

----------


## harrybarracuda

Sounds like a recipe for utter disaster!




> The LG adverts on telly don't do it justice. The LG Internet Refrigerator has the coolest set of features ever seen in the kitchen. It is a 730 litre, stainless-steel, side by side fridge, with an in-built computer which can be accessed via a 37 centimetre touch-screen LCD monitor mounted on the fridge door. Users can watch TV, listen to MP3 music, take and store digital photos, make a video phone call, use the fridge as a message board or surf the web. It also has VCR and DVD ports, a microphone and speakers. Information about food in the fridge can be stored and a map of the fridge allows the owner to keep an inventory of what foods are in each section and how long they have been there.

----------


## harrybarracuda

If you're wondering what came in your one-size-fits-all Microsoft Update this month:

October 11, 2016
Patch Tuesday: Microsoft patches five zero day vulnerabilities

October's Patch Tuesday is the first to use Microsoft's monthly roll out update system.

Microsoft today issued 10 bulletins covering 45 vulnerabilities, including 5 zero days for this month's Patch Tuesday update, the first using the company's new update methodology.

Five of the updates are rated critical, four important and one moderate and cover several Microsoft products including Windows, IE, Edge and Office. Exploitation of any of the the problems rated critical could result in remote code execution, Microsoft reported. The zero day vulnerabilities are contained in MS16-118, MS16-119, MS16-120, MS16-121 and MS16-126 and are being exploited in the wild.

“Overall it's a mid-sized B week security update but is critical due to the presence of the large amount of 0-day patches,” Amol Sarwate, director of vulnerability Labs at Qualys said to SCMagazine.com in an email.

The zero day in MS-118 is CVE-2016-3298, a Microsoft browser information disclosure vulnerability; in MA-119 it is CVE-2016-7189, a scripting engine remote code execution vulnerability; MS16-120 has CVE-2016-3393, a Windows graphics component RCE vulnerability; MS16-121 is CVE-2016-7193, a Microsoft Office memory corruption vulnerability; and the last one is CVE-2016-3298 in bulletin MS16-126, the only zero day that is not rated critical, just moderate. It fixes an Internet Explorer information disclosure vulnerability.

“This month sees another pass for the vast majority of Microsoft server admins, since nearly all of the patches released in October are solidly client-side. The only exception to this slate of desktop patches is MS16-121, which affects Microsoft SharePoint Server, by way of Microsoft Office. Left unpatched, an attacker who has the ability to store documents on SharePoint can upload a specially-crafted RTF file to gain remote code execution (RCE) on the affected server," Tod Beardsley, Rapid7's security research manager, told SCMagazine.com in an email.

Microsoft's October Patch Tuesday update is the first to take place using the company's new “monthly rollup” methodology, a system that was not greeted very warmly by industry execs when it was first announced.

Microsoft said in August that it would institute the “monthly rollup” for its October update that will include security issues and reliability issues in a single update instead of putting out a series of updates from which system administrators can pick and choose. Microsoft believes this will make life easier for admins and make Windows more reliable by eliminating update fragmentation.

“The big news this month is of course Microsoft's move towards monthly rollup patches for all OS going back to Windows 7.  Moving forward, Microsoft will be releasing two patches for each platform.  The first patch contains only security relevant bug fixes while the other patch, marked as a monthly rollup, may also contain fixes for non-security bugs to improve software reliability,” said Craig Young, Tripwire security researcher said to SCMagazine.com in an email.

Young went on to note that this method can cause security teams problems if one aspect of the update is not compatible with their system. This places them in the difficult position of installing software with a known compatibility issue or not installing the update leaving their system vulnerable. Another potential problem is if the all-in-one updates become large the download itself could hog system resources.

Patch Tuesday: Microsoft patches five zero day vulnerabilities

----------


## harrybarracuda

If you get hit by Ransomware, then this should be your first port of call.

Remember the golden rule: Don't pay!




> ‘No More Ransom’ Goes Global: Another 13 Police Forces Join Fight Against Ransomware
> More than 2,500 victims were able to decrypt their data, with more than $1 million dollars already saved, thanks to the global initiative
> 
> October 17, 2016 06:05 AM Eastern Daylight Time
> 
> WOBURN, Mass.--(BUSINESS WIRE)--Just three months after the successful launch of the No More Ransom project, law enforcement agencies from a further 13 countries have signed up to fight ransomware together with the private sector.
> 
> The new members are: Bosnia and Herzegovina, Bulgaria, Colombia, France, Hungary, Ireland, Italy, Latvia, Lithuania, Portugal, Spain, Switzerland and the United Kingdom. Additional law enforcement agencies and private sector organizations are expected to join the program in the coming months. This collaboration will result in more free decryption tools becoming available, help for even more victims to decrypt their devices and unlock their information, and damaging the cybercriminals where it hurts the most: their wallets.
> 
> ...


The actual site is here:

https://www.nomoreransom.org/

----------


## harrybarracuda

“Most serious” Linux privilege-escalation bug ever is under active exploit
Lurking in the kernel for nine years, flaw gives untrusted users unfettered root access.

DAN GOODIN - 10/20/2016, 11:20 PM

A serious vulnerability that has been present for nine years in virtually all versions of the Linux operating system is under active exploit, according to researchers who are advising users to install a patch as soon as possible.

While CVE-2016-5195, as the bug is cataloged, amounts to a mere privilege-escalation vulnerability rather than a more serious code-execution vulnerability, there are several reasons many researchers are taking it extremely seriously. For one thing, it's not hard to develop exploits that work reliably. For another, the flaw is located in a section of the Linux kernel that's a part of virtually every distribution of the open-source OS released for almost a decade. What's more, researchers have discovered attack code that indicates the vulnerability is being actively and maliciously exploited in the wild.

"It's probably the most serious Linux local privilege escalation ever," Dan Rosenberg, a senior researcher at Azimuth Security, told Ars. "The nature of the vulnerability lends itself to extremely reliable exploitation. This vulnerability has been present for nine years, which is an extremely long period of time."

The underlying bug was patched this week by the maintainers of the official Linux kernel. Downstream distributors are in the process of releasing updates that incorporate the fix. Red Hat has classified the vulnerability as "important."

As their names describe, privilege-escalation or privilege-elevation vulnerabilities allow attackers with only limited access to a targeted computer to gain much greater control. The exploits can be used against Web hosting providers that provide shell access, so that one customer can attack other customers or even service administrators. Privilege-escalation exploits can also be combined with attacks that target other vulnerabilities. A SQL injection weakness in a website, for instance, often allows attackers to run malicious code only as an untrusted user. Combined with an escalation exploit, however, such attacks can often achieve highly coveted root status.

The in-the-wild attacks exploiting this specific vulnerability were found by Linux developer Phil Oester, according to an informational site dedicated to the vulnerability. It says Oester found the exploit using an HTTP packet capture, but the site doesn't elaborate. Attempts to reach Oester for additional details weren't immediately successful. This post will be updated if more information becomes available.

The vulnerability, a variety known as a race condition, was found in the way Linux memory handles a duplication technique called copy on write. Untrusted users can exploit it to gain highly privileged write-access rights to memory mappings that would normally be read-only. More technical details about the vulnerability and exploit are available here, here, and here. Using the acronym derived from copy on write, some researchers have dubbed the vulnerability Dirty COW.

Disclosure of the nine-year-old vulnerability came the same week that Google researcher Kees Cook published research showing that the average lifetime of a Linux bug is five years.

"The systems using a Linux kernel are right now running with security flaws," Cook wrote. "Those flaws are just not known to the developers yet, but they’re likely known to attackers."

?Most serious? Linux privilege-escalation bug ever is under active exploit | Ars Technica

----------


## Dragonfly

probably easy to exploit in a lab, but not in real life, like most exploits actually

----------


## harrybarracuda

> probably easy to exploit in a lab, but not in real life, like most exploits actually


Duh. Try reading more than the headline and trying to be smug.





> What's more, researchers have discovered attack code that indicates* the vulnerability is being actively and maliciously exploited in the wild.*

----------


## harrybarracuda

You have to wonder about the NSA. This bloke managed to snaffle 50Tb without being caught.

Their network operations centre actually phoned Ed Snowden in Hawaii to ask him if he needed more bandwidth because he was downloading so much data.

Some "security" agency!

 :rofl: 




> The Justice Department alleges Harold Thomas Martin III stole 50TB of data, including materials that were marked "Secret" and "Top Secret."
> 
> 
> Back on Aug. 27, National Security Agency contractor Harold Thomas Martin III was arrested on charges of confidential information theft. Initially investigators found six classified documents in Martin's possession, but on Oct. 20, the U.S. Justice Department alleged that Martin's theft of secrets was vastly larger.
> "During execution of the search warrants, investigators seized thousands of pages of documents and dozens of computers and other digital storage devices and media containing, conservatively, fifty terabytes of information," the legal filing against Martin states.
> The filing notes that many of the seized materials are marked "Secret" and "Top Secret" from the period of 1996 to 2016. During that period, Martin worked first in the U.S. Naval Reserves and thereafter for seven different private government contracting companies.
> "Throughout his government assignments, the Defendant violated that trust by engaging in wholesale theft of classified government documents and property—a course of felonious conduct that is breathtaking in its longevity and scale," the court filing states.

----------


## harrybarracuda

How to scan your IoT devices....

Internet of Things (IoT) Scanner - BullGuard

----------


## harrybarracuda

I'm with Google here; if it's being exploited they should at least have come up with a workaround or an advisory.




> Hackers 'actively exploiting' Microsoft Windows security loophole, Google warns
> 11:41, 1 NOV 2016 UPDATED 11:42, 1 NOV 2016
> BY MARTYN LANDI
> The internet search engine giant said it informed Microsoft over flaw 10 days ago, but no fix has yet been released.
> 
> Google has exposed a security flaw in Microsoft Windows, warning that it is already being "actively exploited" by hackers.
> 
> The internet giant said in a post on its security blog that it informed Microsoft of the weakness in the kernel or core of the Windows operating system on October 21, but a fix is yet to be released.
> 
> ...





> Read Microsoft’s snarky response to Google uncovering a Windows flaw
> by Sean Keach
> 36 minutes ago
> 
> Microsoft has hit back at Google after the search engine giant unveiled a “critical vulnerability” in Windows.
> 
> On October 21, Google warned Microsoft privately about a major security flaw in Windows that was already being exploited by hackers. Then, just 10 days later, Google went live to the public with the flaw. Unfortunately, when Google published its findings in detail, Microsoft still hadn’t fixed the issue, which potentially left Windows users more exposed than they had been before.
> 
> “After seven days, per our published policy for actively exploited critical vulnerabilities, we are today disclosing the existence of a remaining critical vulnerability in Windows for which no advisory or fix has yet been released,” reads a blog post written by Neel Mehta and Billy Leonard, of Google’s Threat Analysis Group. “The vulnerability is particularly serious because we know it is being actively exploited.”
> ...





> Google has revealed that it came across previously undiscovered Flash and Windows vulnerabilities in October, and one of them remains unpatched. The tech titan gave both Adobe and Microsoft a heads-up on October 21st -- Adobe issued a fix on October 26th through a Flash update, but Microsoft hasn't released one for its platform yet. The real problem is, according to Google, that unpatched Windows flaw is "being actively exploited."
> 
> Google describes the Windows flaw as follows:
> 
> *"The Windows vulnerability is a local privilege escalation in the Windows kernel that can be used as a security sandbox escape. It can be triggered via the win32k.sys system call NtSetWindowLongPtr() for the index GWLP_ID on a window handle with GWL_STYLE set to WS_CHILD. Chrome's sandbox blocks win32k.sys system calls using the Win32k lockdown mitigation on Windows 10, which prevents exploitation of this sandbox escape vulnerability."*
> 
> As VentureBeat mentioned, however, it's a lot easier to come up with a fix for Flash than for a full operating system. Ten days might not have been enough time at all for Microsoft to address the problem. Redmond's statement to VB echoes the one it issued in 2015 when Google exposed another flaw a bit too soon. A spokesperson said Mountain View's move "puts customers at potential risk" since more people now know that there's a new vulnerability they can exploit:
> 
> "We believe in coordinated vulnerability disclosure, and today's disclosure by Google puts customers at potential risk. Windows is the only platform with a customer commitment to investigate reported security issues and proactively update impacted devices as soon as possible. We recommend customers use Windows 10 and the Microsoft Edge browser for the best protection."
> As for why the big G decided to reveal the flaw even though it could put people at risk, it's all because of the company's existing policy for actively exploited critical vulnerabilities. That policy states that Google will disclose vulnerabilities merely seven days after reporting it to the developer. Microsoft clarified to VB, though, that the Flash bug is needed in order to exploit the Windows flaw. So make sure to update Flash if you haven't done so in the past few weeks while waiting for Microsoft to release a patch.

----------


## harrybarracuda

Microsoft to patch Windows bug that Google revealed
12 Security | ITworld by Gregg Keize

Microsoft on Tuesday said it would patch a Windows vulnerability next week that Google publicly revealed just 10 days after notifying Microsoft.

Microsoft also identified the attackers, asserting that they were the same who had been accused by authorities of hacking the Democratic National Committee (DNC).

"All versions of Windows are now being tested ... and we plan to release [the patches] publicly on the next Update Tuesday, Nov. 8," wrote Terry Myerson, the head of the Windows and devices group, in a post to a company blog.

Microsoft to patch Windows bug that Google revealed | Computerworld

----------


## Dragonfly

do they have the patch for WinXP ?

----------


## harrybarracuda

> do they have the patch for WinXP ?


Sure, if you pay.

----------


## harrybarracuda

November 08, 2016
Chrome exploit allows Svpeng trojan to bypass security measure; patch reportedly coming

The mobile banking trojan Svpeng continues to infect Android devices through malvertising campaigns delivered via the Google AdSense network. But at least experts at Kaspersky Lab now understand how the malicious APK has been able to automatically download itself while bypassing Google Chrome browser permissions.
According to Kaspersky via its Securelist blog, Google has developed a patch in response, but it will not take hold until the next official browser update.
Normally, a suspicious mobile program would trigger a Chrome alert screen that asks the user for permission to download the software, Kaspersky Lab explained in its blog. However, Svpeng's authors programmed the JavaScript malware to download in small, encrypted blocks of 1024 bytes, delivered in piecemeal fashion to the device.
The individual blocks are able to bypass Google Chrome's security measures; consequently the device owner never receives a notification. Once all of the disassembled code has been transferred over, Svpeng rebuilds itself on the device's SD card. This technique does not work on other browsers, Kaspersky noted.
The malware is automatically downloaded in the first place because the malicious code within the ad message emulates a click on the ad as if the user did it himself.
“When this method was used, Chrome's download manager did not perform a check on the file type of saved content,” explained Nikita Buchka, Kaspersky Lab malware analyst, in an email interview with SC Media.
According to a Google spokesperson, the fix is "currently being tested in Chrome 54 and will be live 100 percent in Chrome 55." Additionally, the spokesperson noted that Google's Verify Apps tool, when enabled, provides warnings for Svpeng downloads, even if Chrome doesn't. And while the company doesn't have precise numbers, "the installs are much lower than the figures reported by Kaspersky."
Meanwhile, Google has taken measures to block the ads responsible for spreading the Trojan, noted Kaspersky. Nevertheless, the security company has observed multiple spikes in Svpeng activity of late, detecting infections in 318,000 users over a three-month period starting in August. Attacks peaked in early October, during which time there were as many as roughly 37,000 in one day. Indeed, the malicious ads “can be shown to a huge amount of users in a short span of time,” said Buchka.
Svpeng is designed to steal bank card information via phishing windows; intercept, delete and send text messages; and collect user phone data. Currently, the malware only impacts devices with a Russian-language interface. “However, next time [the culprits] push their ‘adverts' on AdSense they may well choose to attack users in other countries,” warned the Kaspersky blog post.

https://www.scmagazine.com/chrome-ex...OTAyODg1MDUwS0

----------


## harrybarracuda

This Hack Can Silently Break Into 1 Billion Android App Accounts

Thomas Fox-Brewster ,  FORBES STAFF 

Hong Kong-based researchers have demonstrated an attack on a massive number of Android applications, allowing them remote access to whatever accounts lie within. The apps have been downloaded more than 1 billion times, they said, making the impact widespread and severe.

The trio of researchers – Ronghai Yang, Wing Cheong Lau and Tianyu Liu from the Chinese University of Hong Kong – looked at 600 of the most popular US and Chinese Android apps. For 41 per cent of the 182 that supported single sign-on, they found problems associated with OAuth 2.0 – a standard that allows users to have their Facebook or Google accounts verify their logins to different third-party apps or websites. That means the user doesn’t have to provide additional usernames or passwords.

The vulnerabilities resided in the ways app developers implemented OAuth. Normally, when a user logs in via OAuth, the app checks with the ID provider, like Facebook, Google or Chinese firm Sina, that they have correct authentication details for those sites. If they do, OAuth will have an access token from the backend server of the ID provider issued to the server of the mobile app. This allows the app server to gather a user’s authentication information, verify it and let them login with their Facebook or Google credentials.

But the researchers found that, critically, for masses of Android apps, the developers didn’t properly check the validity of the information sent from the ID provider. For instance, they failed to verify the signature attached to the authentication information retrieved from Facebook and Google. In other cases, the app server would only look at the returned user ID and log the individual in without checking the attached OAuth information to see if they were linked.

For these reasons, it’s possible for a remote hacker to download the vulnerable app, login with their own information and then switch in the username of a target individual, using a server set up to tamper with the data sent from Facebook, Google or any other ID provider. Those usernames could either be guessed or retrieved with some simple Googling. That would grant the snoop total control of the data held within the app. (Further information on how the researchers bypassed additional protections implemented by Facebook are outlined in a paper due to be released tomorrow).

Forbes Welcome

----------


## harrybarracuda

The Investigatory Powers Bill, or as it has been more aptly named, the Snoopers Charter, is now as good as passed. It just needs Royal Assent before it becomes law.

So before you Google anything, here's the full list of agencies that can now ask for any UK citizen's browsing history, as outlined in Schedule 4 of the bill, and collected by Chris Yiu: 

Police forces maintained under section 2 of the Police Act 1996Metropolitan police forceCity of London police forcePolice Service of ScotlandPolice Service of Northern IrelandBritish Transport PoliceMinistry of Defence PoliceRoyal Navy PoliceRoyal Military PoliceRoyal Air Force PoliceSecurity ServiceSecret Intelligence ServiceGCHQMinistry of DefenceDepartment of HealthHome OfficeMinistry of JusticeNational Crime AgencyHM Revenue & CustomsDepartment for TransportDepartment for Work and PensionsAn ambulance trust in EnglandCommon Services Agency for the Scottish Health ServiceCompetition and Markets AuthorityCriminal Cases Review CommissionDepartment for Communities in Northern IrelandDepartment for the Economy in Northern IrelandDepartment of Justice in Northern IrelandFinancial Conduct AuthorityFire and rescue authorities under the Fire and Rescue Services Act 2004Food Standards AgencyFood Standards ScotlandGambling CommissionGangmasters and Labour Abuse AuthorityHealth and Safety ExecutiveIndependent Police Complaints CommissionerInformation CommissionerNHS Business Services AuthorityNorthern Ireland Ambulance Service Health and Social Care TrustNorthern Ireland Fire and Rescue Service BoardNorthern Ireland Health and Social Care Regional Business Services OrganisationOffice of CommunicationsOffice of the Police Ombudsman for Northern IrelandPolice Investigations and Review CommissionerScottish Ambulance Service BoardScottish Criminal Cases Review CommissionSerious Fraud OfficeWelsh Ambulance Services National Health Service Trust

----------


## harrybarracuda

Here's how to delete yourself from the internet - at the click of a button
Posted about 6 hours ago by Harriet Marsden in news

In our smartphone-obsessed digital age, we effectively live our entire lives online, which makes us increasingly vulnerable to unseen threats. 

Cyber crime, fraud and identity theft are exponentially growing concerns. Our personal lives, locations, and increasingly our passwords are made public online for anyone to find. 

If the highly invasive Investigatory Powers Bill (AKA the Snooper's Charter) isn't blocked, then every single digital move you make will be recorded for up to 12 months.

Also, infinite junk mails.

But erasing your digital trace from the World Wide Web can seem overwhelming, especially since each person has on average 1,000,000,000 preferences, passwords, subscriptions and linked accounts. So how would you go about tracking them all down?

In step two Swedish developers, with the easy-assemble, Ikea-style approach. 

Wille Dahlbo and Linus Unnebäck have created Deseat.me, which allows you to log in with a Google account, and immediately see which apps and services are linked to it.

The genius part is, instead of having to search all those accounts separately, the site links you directly to the relevant unsubscribe page for that service. It's easy, efficient, and free.

Unfortunately, thusfar the service is only available for accounts and subscriptions linked to Google, which leaves your Hotmail, Yahoo and AOL-related content untouched.

For a similar service, you can use Just Delete Me or Account Killer, both massive directories of links to delete account pages. However, these are only effective when you know the accounts you have. 

Here are some other helpful hacks to help ease your digital footprint:

Change your passwords - billions are now available online, and letter-only English-word passwords are the easiest to crackConsider using symbols and numbers, as well as different passwords for different accountsDelete unnecessary social media accounts - this could also benefit mental health and productivityFor any accounts you deem necessary, check privacy settings (also consider whether your Instagram page needs to be public)Since 2013, every tweet posted from your Twitter account from 2006 onwards is archived, even if you delete your account. Consider converting your privacy settings so only approved followers can read your tweets​For undeletable accounts such as Evernote and Pinterest, change your name to a pseudonym, create a random email address to reassign, and delete all the information Go to 'My Activity' section of your Google account, wipe all search/location history and change account preferences Similarly, delete all activity from other search engines such as Yahoo and BingConsider using a search engine that doesn't track your activity (e.g. DuckDuckGo) rather than Google or BingMake sure you click 'unsubscribe' at the bottom of each spam email, before blocking itRequest that search engines delete certain results about you (e.g. via a URL removal tool) Consider employing the services of a data clearinghouse - although this can be a lengthy and time consuming processCheck with your phone company to make sure your number isn't listed online, and request that they do not post your details in futureRemove yourself from data collection sites such as Spokeo, Whitepages and PeopleFinder - this can be difficult, so consider paying for a service like DeleteMe

----------


## Cujo

> Here's how to delete yourself from the internet - at the click of a button
> Posted about 6 hours ago by Harriet Marsden in news
> 
> In our smartphone-obsessed digital age, we effectively live our entire lives online, which makes us increasingly vulnerable to unseen threats. 
> 
> Cyber crime, fraud and identity theft are exponentially growing concerns. Our personal lives, locations, and increasingly our passwords are made public online for anyone to find. 
> 
> If the highly invasive Investigatory Powers Bill (AKA the Snooper's Charter) isn't blocked, then every single digital move you make will be recorded for up to 12 months.
> 
> ...


That was a really cuntish unedited difficult to read [at][at][at][at] and paste. Fuck you.
Give us the fucking readers digest version next time.

----------


## harrybarracuda

> That was a really cuntish unedited difficult to read [at][at][at][at] and paste. Fuck you.
> Give us the fucking readers digest version next time.


I'm sorry about your pitiful education, but there's no need to moan about it.

Ask your mummy to buy this:

----------


## Dragonfly

interesting articles harry, for once

glad you are moving away from boring MS security bulletin  :rofl:

----------


## Cujo

> Originally Posted by Cujo
> 
> 
> That was a really cuntish unedited difficult to read [at][at][at][at] and paste. Fuck you.
> Give us the fucking readers digest version next time.
> 
> 
> I'm sorry about your pitiful education, but there's no need to moan about it.
> 
> Ask your mummy to buy this:


Yes, having sobered up it's not that difficult.

----------


## harrybarracuda

> Yes, having sobered up it's not that difficult.


Well at least you're honest.

 :Smile:

----------


## harrybarracuda

BTW the link you use to check (below) is legitimate, it is owned by Checkpoint.






> Gooligan malware affects 1.3 million Android phones
> Don't download apps outside of official app stores
> 
> WFTS Webteam
> 5:18 AM, Dec 1, 2016
> 7 mins ago
> 
> Hackers have infected over 1.3 million Android phones and hacked into Google accounts through fake apps. 
> 
> ...


Gooligan malware affects 1.3 million Android phones - wptv.com

----------


## harrybarracuda

For fuck's sake....



> Ransomware Offers Incentives To Infect Others With Malware
> 
> Matthew Broersma , December 12, 2016, 12:42 pm
> 
> The malware offers a free decryption key if the victim forces to others to pay up
> 
> A new ransomware variant introduces a twist into the malware by offering users a free decryption key, but only if they successfully infect two others and force them to pay up.
> 
> The malware, called Popcorn Time, offers users two ways to unlock their files, the “easy way”, by paying 1 Bitcoin (about £620), or the “nasty way”, by sending a “referral link” to other computers.
> ...


'Popcorn Time' Ransomware Offers Incentives To Infect Others

----------


## harrybarracuda

Certain Netgear Routers with Critical Vulnerability.

Links to updated firmware can be found in the article itself, but easy to mitigate in the meantime by turning off Remote Management if you have it on.





> NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management
> 
> Frequently Asked Questions
> 
> What is the vulnerability and what does it mean to my router?
> 
> It was discovered that the security mechanism to authenticate the administrator to the router can be bypassed with a script that repeatedly calls a specific URL. The attacker can subsequently gain access to the router settings page.
> 
> How can someone launch this attack?
> ...



NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management | Answer | NETGEAR Support

----------


## Dragonfly

> Certain Netgear Routers with Critical Vulnerability.


slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Certain Netgear Routers with Critical Vulnerability.
> 
> 
> slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily


Yeah but not by you, you dim fucker.

 :Smile:

----------


## harrybarracuda

Beta Firmware for affected models is available here:

Security Advisory for VU 582384 | Answer | NETGEAR Support

Or you can kill the web server, which won't stop everything else, and which will restart if you restart the route, by opening this URL:

http://_<Your Router IP>_/cgi-bin/;killall$IFShttpd

----------


## slackula

> Originally Posted by harrybarracuda
> 
> Certain Netgear Routers with Critical Vulnerability.
> 
> 
> slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily


And yet after all your years of threats you have managed to do precisely nothing....

Zilch. Zero. Nada. Nothing.

Your last triumphal announcement was that you had managed to discover the brand of my old router and downloaded the user manual for it or some krap like that. You suck at this.

Now, why don't you stick to bragging that you know where I live but are too scared to visit in case you get bitten by a cat or something you fokking pathetic loser.

 :rofl:

----------


## Dragonfly

> Originally Posted by Dragonfly
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by harrybarracuda
> ...


I asked Putin and he sent his best team to do it,

the same ones who did the DNC, you know the hack you claimed you saw the forensic  :rofl:

----------


## Dragonfly

> Zilch. Zero. Nada. Nothing.


how would you know, you can't even secure you own router  :Smile:

----------


## Dragonfly

> bragging that you know where I live but are too scared to visit in case you get bitten by a cat


do not test me, I have Russian special ops on speed dial and they can make your life very complicated  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by Dragonfly
> ...


For the third time, if you weren't such a dim fucker you could read it yourself as I POSTED THE LINK you cum-guzzling fucking moron.

----------


## Dragonfly

> downloaded the user manual


I was trying to help you secure your router since you hadn't even read the manual for basic securing options  :Smile:

----------


## Dragonfly

> I POSTED THE LINK


that was your forensic ? oh boy call center boy, this is quite mediocre evidence even by your stinky Indian standards  :Smile:

----------


## Cujo

> BTW the link you use to check (below) is legitimate, it is owned by Checkpoint.
> 
> 
> 
> 
> 
> 
> 
> 			
> ...


That's a long list. I have one of those apps, Clean Master, I've had it for years, it's very good. But what does it mean? I've never noticed any issues with it. I'n not going to flash my phone, what a pain in the arse.

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> I POSTED THE LINK
> 
> 
> that was your forensic ? oh boy call center boy, this is quite mediocre evidence even by your stinky Indian standards


It's just too complicated for idiots like you Buttplug. As are most things.

----------


## harrybarracuda

CyberReason have released (at least for now) a free anti-Ransomware product that might interest you.

It's available from their website: https://ransomfree.cybereason.com/

There's a writeup here: https://www.cybereason.com/blog-cybe...-held-hostage/

I installed it on a spare machine to check it out; while it's installing it appears to freeze and the disk light is on solid - classic Ransomware symptom that! - but it's just part of the installation and it will finish installing after a few minutes.

It works on Windows 7 upwards, so if you're still dumb enough to be running Windows XP, hard luck, you'll just have to keep risking it.

----------


## harrybarracuda

If you didn't have a good reason to turn off Autofill before, you have now.

https://www.theguardian.com/technolo...-chrome-safari

----------


## Dragonfly

I bet you use it all time, along with your other password managers  :Razz:

----------


## harrybarracuda

> I bet you use it all time, along with your other password managers


And here's the dribbling cumguzzler with yet another inane comment.

Fuck off Buttplug, you're too stupid to be here.

----------


## harrybarracuda

Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches.

One patching expert crossed his fingers that Microsoft would make good on its pledge to publish the same information when it switches to a new online database. "I'm on the fence right now," said Chris Goettl, product manager with patch management vendor Shavlik, of the demise of bulletins. "We'll have to see [the database] in February before we know how well Microsoft has done [keeping its promise]."

Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday -- the monthly round of security updates for Windows and other Microsoft software -- and that the new process would kick in on Feb. 14, next month's patch day.

The web-based bulletins have been a feature of Microsoft's patch disclosure policies since at least 1998, and for almost as long have been considered the professional benchmark by security experts.

A searchable database of support documents will replace the bulletins; that database has been available, albeit in preview, since November on the portal Microsoft dubbed the "Security Updates Guide," or SUG.

The documents stored in the database are specific to a vulnerability on an edition of Windows, or a version of another Microsoft product. They can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document.

"Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs," wrote an unnamed member of the Microsoft Security Response Center in November to explain the switch from bulletins to database.

Goettl saw it differently, saying that the change became a necessity once Microsoft upended Windows patching practices with the mid-2015 launch of Windows 10.

"Microsoft created a reporting and compliance issue for its customers with the discrepancy between Windows 10 and everything else," Goettl said. "With Windows 10, enterprises were auditing a single install instead of six to 10 of them. Then they brought legacy Windows into this as well."

Goettl was talking about the radical patching practice Microsoft introduced with Windows 10, where all security updates for a month are collected into a single download-and-install package. Unlike with 10's predecessors, individual patches cannot be withheld -- a common tactic IT administrators have used when reports surface that a specific patch breaks other software, cripples systems or disrupts workflows.

Critics immediately laid into Microsoft over Windows 10 updates, lambasting both the consolidated and cumulative nature of the patches but also the move to vague and generic descriptions of the underlying vulnerabilities and what the fixes addressed. They expanded their critiques to Windows 7 and Windows 8.1 when in October Microsoft adopted the same update methodology for those older OSes.

"Bulletins cannot be used to report compliance in the enterprise," said Goettl, because they are inconsistent with all-or-nothing updates. The disparity -- bulletins described individual updates, while the updates themselves contained multiple patches that could not be separated -- made the bulletins useless.

But the informational content of the bulletins will remain valuable, Goettl argued, even if updates are packaged differently than before. Microsoft agreed: In a FAQ about the database, the company said, "By February, information provided in the new Security Updates Guide will be on par with the set of details available in traditional security bulletin webpages."

The Security Updates Guide's preview has not met that mark; some information found in the January Patch Tuesday bulletins, for example, was missing from the appropriate entries in the online database.

"There will be a lot of people who will be very put out if [Microsoft] neglects [things like] what's being exploited," said Goettl of the support document replacements. "The key indicators are still very important."

Goettl was willing to give Microsoft the benefit of the doubt for now, but was adamant that the Redmond, Wash. company had to make good on its vow to retain the bulletins' content. "By February, Microsoft is going to have to prove to us that this is a good thing for us," he said.

Microsoft slates end to security bulletins in February | Computerworld

----------


## harrybarracuda

And this wanker is Trump's "Cyber Security Adviser"? Fucking hell, they might as well hire Buttplug.

 :rofl: 




> ORANGE MAN AND SOON TO BE PRESIDENT Donald Trump has appointed former New York mayor Rudy Giuliani as his special advisor on cyber security.
> 
> But within hours of his appointment, security experts were pointing out the glaring insecurities in Giuliani's own security company website, including the use of old, unpatched software, the lack of a firewall and multiple open ports. 
> 
> Giuliani, a lawyer who graduated from the New York University School of Law, was elected the 107th Mayor of New York City in January 1994 and served two terms until the end of December 2001.
> 
> Since 2002, his company Giuliani Partners has offered security consulting under the Giuliani Security & Safety subsidiary while, at the same time Giuliani also opened a legal practice in Manhattan.
> 
> But security specialists were quick to appraise the security of Giuliani's own website - finding it wanting in many basic respects. It runs an old copy of the Joomla open-source content management system on a copy of FreeBSD that was released in 2008. It uses an end-of-life version of PHP, has no firewall and lots of open ports.
> ...


Trump's cyber security advisor runs an insecure website that's easily hacked | TheINQUIRER

----------


## Chico

Thought harry the Hacker was on Holiday you sad fucker.

----------


## harrybarracuda

> Thought harry the Hacker was on Holiday you sad fucker.


Go and fuck yourself, bollock brain, there's a good lad.

----------


## Dragonfly

Harry is a hack, but not a hacker  :Smile:

----------


## harrybarracuda

> Harry is a hack, but not a hacker


Shouldn't you be off wanking over your Twatter feed?

----------


## Sumbitch

^ yah, that's a good 'un.  :Wink:

----------


## harrybarracuda

It's really good that they're making things easier.... Not!




> Windows Security Only Update won’t include Internet Explorer patches anymore


Windows Security Only Update won't include Internet Explorer patches anymore - gHacks Tech News

----------


## harrybarracuda

HACKERS COULD GAIN COMPLETE CONTROL OF AN INTEL-BASED PC USING A USB 3.0 PORT
By Kevin Parrish — January 14, 2017 5:31 AM

When Intel launched its sixth-generation “Skylake” processors and chipsets in 2015, the company introduced a new technology called Direct Connect Interface (DCI), an easy way for testers to debug hardware without having to break open a PC. However, during the 33rd annual Chaos Communication Congress conference in Hamburg, Germany, security researchers Maxim Goryachy and Mark Ermolov of Positive Technologies revealed that hackers can use DCI to take complete control of a system and conduct attacks under the software layer, which would be undetectable by devices owners.

For a better understanding of what’s going on, start with the debugging interface created by the Joint Test Action Group (JTAG). This standard was originally designed to test printed circuit boards once they were manufactured and installed, but has since expanded to processors and other programmable chips. Scenarios for using the interface include forensics, research, low-level debugging, and performance analysis.

The interface itself resides within the processor and programmable chips. In turn, JTAG-capable chips have dedicated pins that connect to the motherboard, which are traced to a dedicated 60-pin debugging port on a system’s motherboard (ITP-XDP). This port enables testers to connect a special device directly to the motherboard to debug hardware in relation to drivers, an operating system kernel, and so on.

But now the JTAG debugging interface can be accessed through a USB 3.0 port by way of Intel’s Direct Connect Interface “debug transport technology.” When a hardware probe is connected to the target Intel-based device, the USB 3.0 protocol isn’t used, but rather Intel’s protocol is employed so that testers can perform trace functions and other debugging tasks at high speed. Using a USB 3.0 port means testers aren’t forced to break into the PC to physically connect to the XDP debugging port.

Intel’s Direct Connect Interface appears to be embedded in the company’s sixth-generation motherboard chipsets, such as the 100 Series (pdf), and its processors. It’s also used in the new seventh-generation Kaby Lake platform as well, meaning hackers have two generations of Intel-based PCs to infest and possibly render useless, such as by re-writing the system’s BIOS.

As the presentation revealed, one way of accessing the JTAG debugging interface through the USB 3.0 port is to use a device with a cheap Fluxbabbitt hardware implant running Godsurge, which can exploit the JTAG debugging interface. Originally used by the NSA (and exposed by Edward Snowden), Godsurge is malware engineered to hook into a PC’s boot loader to monitor activity. It was originally meant to live on the motherboard and remain completely undetectable outside a forensic investigation.

The problem is, most sixth and seventh-generation Intel-based PCs have the Direct Connect Interface enabled by default. Of course, hackers need to have physical access to a PC in order to take control and spread their malicious love. Typically, the debugging modules in Intel’s processors require Intel’s SVT Closed Chassis Adapter connected via USB 3.0, or a second PC with Intel System Studio installed connected directly to the target PC via USB 3.0 as well.

Goryachy noted in his presentation that the problem only resides with Intel’s sixth and seventh-generation Core “U” processors. Intel is now fully aware of the possibility although there’s no time frame of when the problem will be addressed. In the meantime, the debugging interface on affected PCs can be deactivated. Intel Boot Guard can also be used to prevent malware and unauthorized software from making changes to the system’s initial boot block.

Many Intel-based PCs Could Be Hacked Via USB 3.0, Debugging Interface | Digital Trends

----------


## harrybarracuda

If you really must have one of these gizmos in your house, remember to turn voice purchasing off!

Amazon Echo’s Alexa Went Dollhouse Crazy
Robert Hackett
Updated: Jan 09, 2017 8:06 PM

Amazon Echo is a gift that keeps on giving.

Owners complained that their voice-activated devices set off on an inadvertent shopping spree after a California news program triggered the systems to make erroneous purchases, according a local report. A morning show on San Diego’s CW6 News station had been covering a segment about a six-year-old girl in Texas who ordered to her home a dollhouse and four pounds of cookies through her parents' gadget.

Echo devices, powered by Amazon Alexa, the tech giant's artificially intelligent voice assistant, reportedly woke when they heard the name "Alexa" spoken on household television sets. Jim Patton, an anchor on the show, had remarked, "I love that little girl saying 'Alexa ordered me a dollhouse.'"

The comment proved mischievous. A number of Amazon Echos registered the statement as a voice command, and placed orders for dollhouses of their own, the station said.

"A handful" of people said that their devices accidentally tried to buy the toys, reported the Verge, which spoke to the station, although the total figure is not known. Patton told the tech blog that he didn't think any devices actually completed their purchases.

The misfires are attributable to Amazon's decision to enable voice purchasing by default on Echo devices, even though they do not distinguish between different people. The setting is an obvious choice for Amazon, which makes money on e-commerce sales, but the added convenience comes at a cost of being more prone to error.

Customers have the option to add parental controls, including a four-digit code to authorize purchases.The incident highlights privacy and security concerns surrounding a new class of technologies that also includes Google Home, another device featuring a voice-activated assistant. Meanwhile, cops investigating an unrelated, possible murder in Arkansas recently subpoenaed Amazon, asking the company to hand over voice records potentially captured on an Echo device.

Amazon Alexa: Echo Devices Go on Accidental Dollhouse Shopping Spree | Fortune.com

----------


## Dragonfly

> Originally Posted by Dragonfly
> 
> 
> Harry is a hack, but not a hacker 
> 
> 
> Shouldn't you be off wanking over your Twatter feed?


it's called Twitter, not Twatter, you illiterate hack  :Smile: 

see you learn something today  :Razz:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by Dragonfly
> ...

----------


## harrybarracuda

Is antivirus getting worse?
Anti-virus software is getting worse at detecting both known and new threats

By Maria Korolov | Follow 
Contributing Writer, CSO | Jan 19, 2017 6:00 AM PT 

Is anti-virus software getting worse at detecting both known and new threats?
Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.

Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.

"If the industry as a whole is dropping 10 to 15 points in proactive protection, that's really bad," he said. "Anti-virus isn't exactly dead, but it sure smells funny."

According to Sjouwerman, the Virus Bulletin is the industry's premier testing site. The tests are comprehensive, and consistent from year to year, so that a historical comparison is valid.

Several major vendors aren't included in these statistics, he said, because they declined to participate -- and implied that there might be a reason for that.

What's happening is that current anti-virus vendors aren't able to keep up with the attackers, he said, who can generate new malware on the fly.

"The bad guys have completely automated this process," he said. "It's now industrial strength, millions of new variants daily, in an attempt to overwhelm the existing anti-virus engines -- and guess what, the bad guys are winning."

He's not alone in pointing out the problems that anti-virus has been having lately, and other agree with the main thrust of his analysis.

"The report does sound pretty much in sync with what my feeling is, and what the industry is talking about," said Amol Sarwate, director of vulnerability labs at Qualys. "It's not an easy problem to solve. If they make antivirus too aggressive, it causes too many false positives. I think the hope for the future is a combination of multiple technologies. Anti-virus by itself cannot cut it any more."

It's bad, and it will continue to get worse, said Justin Fier, director of cyber intelligence and analysis at Darktrace.

"I would never tell a customer not to invest in it," he said. "But in regards to whether anti-virus is working any more -- I don't think so."

At its core, security reacts to events.

"It's hard to predict what the next big wave of malware or the next big attack platform is going to be and protect against it," he said.

Ransomware in particular is causing problems, said KnowBe4's Sjouwerman, because the malware is so profitable that the cybercriminals are putting more and more resources into development.

Criminals earned $1 billion from their ransomware last year, showing that it's consistently getting through defenses.

But there are some new, early-stage products that specifically target ransomware, he added.

"Some of them work, some of them don't -- this is still very early days," he said. 

"Sophos has acquired one of those companies and now have an additional module that specifically protects against ransomware, and that actually works fine, so Sophos is actually scoring well but they're one of the few that do."

Sophos, which offers both network and endpoint security products, is not included in the Virus Bulletin, but received a 100 percent score for blocking zero-day attacks in the latest antivirus reports.

"One of our major advantages is that we don't rely on any one technology," explained Dan Schiappa, senior vice president and general manager of end user and network security groups at Sophos. "We have a little mini analytics engine, and when it's scanning a file or looking at a behavior, it can call on a bunch of different pieces of technology to determine if it's malware."

The new Intercept X product, which is designed specifically for zero-day threats, looks at how malware attacks systems.

"There are only about 24 different ways that you can exploit a vulnerability," he said. "We might get a couple of new techniques a year, and as long as we keep up with those techniques, we're in pretty good shape. For example, one new technique is to get into the pre-boot environment, and we're building protections against that."

Some vendors dispute whether the results of this one set of tests is conclusive.

"Test scores tend to fluctuate as attackers create new techniques and defenders continue to innovate," said Mark Nunnikhoven, vice president of cloud research at 

Trend Micro was not included in the Virus Bulletin report.
"I can't speak to why we did not participate in this specific round of testing, we do have a lot of respect for Virus Bulletin," said Nunnikhoven.
Instead, he pointed out to his company's performance with AV Test. There, Trend Micro scored at 100 percent in 11 out of the last 14 zero-day detection tests for Windows 7 and Windows 10, and 99 percent on the other three tests.

In fact, average scores on the AV Test of zero-day detection have been going up, from under 97 percent in early 2015 to over 99.7 percent during the last Windows 10 testing round.

Another problem with some tests is how they measure successful detection, said David Dufour, senior director of engineering at Webroot.

Signature-based antivirus can spot malware early, but behavior-based systems have to wait for the malware to actually try to do something.

"Many testing methodologies still rely on older techniques measuring the number of threats that land on a machine," he said, "Rather than taking the time to understand that zero day and unknown malware will take time to identify."

Webroot was absent from both the Virus Bulletin and the AV Test reports.

Is antivirus getting worse? | CSO Online

----------


## harrybarracuda

Yahoo Others Make 2016 a Record Year for Data Breaches, Report Finds

By Robert Lemos  |  Posted 2017-01-26 

Documented data breaches exposed almost 4.3 billion records, far more than previous years, although the total number of breaches held steady, according to a report published by Risk Based Security.


The reported breaches at Yahoo exposed approximately 1.5 billion records, which along with a handful of other immense breaches, made 2016 a record year for data loss, according to a report released by security firm Risk Based Security on Jan. 25.
The report collected and sifted through 4,149 confirmed breach reports from a variety of sources, finding that at least 4.2 billion records were potentially compromised in 2016, up from approximately 1.0 billion in 2013, the previous record.

While the total number of reported data breaches held steady over the past few years, the average breach was more severe—and exposed more records—than previous years, Inga Goddijn, executive vice president at Risk Based Security, told eWEEK.

“We have been tracking breach activity since 2005, and the number of breaches this year was not really higher or lower than prior years, but the severity was off the charts,” she said.

The data seems to show that the average data breach involved between 101 and 1,000 records in 2016, at least an order of magnitude greater than the 1 to 100 records in 2015. In addition, the number of breaches involving more than 1 million records has climbed steadily to 94 incidents in 2016, up from 60 incidents in 2015 and 34 incidents in 2013.

The most significant impact on breach numbers, however, came from the compromise of Internet giant Yahoo, which acknowledged two intrusions in 2016, one involving 500 million records that was reported in September and another involving 1 billion records but reported in December. The breach reported in September likely occurred in 2014, while the latter breach likely happened in 2013, according to the firm. The size of the breaches stunned security experts and threatened to derail the proposed buyout of Yahoo by Verizon.

The search company was not the only one to discover more than one breach in the same year. At least 122 other companies reported two or more breaches in 2016, according to Risk Based Security.

“When there was a major breach, it really kicked these security teams into high gear, resulting in some pretty intensive internal investigations, and we did see subsequent second and third breaches being reported, because of that investigation,” Goddijn said. “Yahoo is the classic example.”

The top-10 breaches—including breaches at FriendFinder and MySpace in addition to Yahoo—accounted for about 3 billion of the year’s compromised records, without which 2016 would have resembled most other years.

Email addresses, passwords and names were the most often exposed pieces of information. Hacking accounted for nearly 93 percent of all records exposed in breaches, with Web misconfigurations and leaks accounting for another 6 percent.
Some industries suffered more than others, with business services, retail and technology sectors accounting for 30 percent of all breaches. The industries impacted by another 24 percent of breaches were not known.

Data Breaches at Yahoo, Others in 2016 Set New Record

----------


## harrybarracuda

Not being a True customer, I'm not sure if the user has admin access to change this, or if they turn off Remote Administration before installing.

It being Thailand I'd guess probably no to both.




> TrueOnline failed to fix buggy routers
> 
> by Michael Mimoso   January 17, 2017 , 12:05 pm
> 
> Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Monday after private disclosures made to the vendors in July went unanswered.
> 
> Researcher Pedro Ribeiro of Agile Information Security found accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline, Thailand’s largest broadband company.
> 
> Ribeiro said he disclosed the vulnerabilities through Beyond Security’s SecuriTeam Secure Disclosure Program, which contacted the affected vendors last July. Ribeiro published a proof of concept exploit yesterday as well.
> ...


https://threatpost.com/router-vulner...atched/123115/

----------


## Dragonfly

> ZyXel and Billion routers


glad I changed those when I got them from True  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> ZyXel and Billion routers
> 
> 
> glad I changed those when I got them from True


What did you change to?

----------


## Dragonfly

NETGEAR of course  :Smile:

----------


## harrybarracuda

> NETGEAR of course


Yeah update it if you haven't already.

----------


## Dragonfly

why ? works fine  :Smile:

----------


## harrybarracuda

> why ? works fine


Oh yes it does.

https://www.trustwave.com/Resources/...TGEAR-Routers/

----------


## Dragonfly

could explain why my passwords to logon into the AdminCP doesn't work anymore  :Razz:

----------


## harrybarracuda

A new alternative to Google DNS or Open DNS:

https://adguard.com/en/adguard-dns/overview.html

----------


## Dragonfly

good one harry, could be a nice alt to spying Google and crappy OpenDNS

----------


## harrybarracuda

*Faints*

----------


## harrybarracuda

10 Things You Need To Know About 'Wikileaks CIA Leak'
 Wednesday, March 08, 2017

Yesterday WikiLeaks published thousands of documents revealing top CIA hacking secrets, including the agency's ability to break into iPhones, Android phones, smart TVs, and Microsoft, Mac and Linux operating systems.

It dubbed the first release as Vault 7.

Vault 7 is just the first part of leak series “Year Zero” that WikiLeaks will be releasing in coming days. Vault 7 is all about a covert global hacking operation being run by the US Central Intelligence Agency (CIA).

According to the whistleblower organization, the CIA did not inform the companies about the security issues of their products; instead held on to security bugs in software and devices, including iPhones, Android phones, and Samsung TVs, that millions of people around the world rely on.

One leaked document suggested that the CIA was even looking for tools to remotely control smart cars and trucks, allowing the agency to cause "accidents" which would effectively be "nearly undetectable assassinations."
While security experts, companies and non-profit organizations are still reviewing 8,761 documents released as Vault 7 archive, we are here with some relevant facts and points that you need to know.

Here's Everything You Need to Know About Vault 7:

Vault 7 purportedly includes 8,761 documents and files that detail intelligence information on CIA-developed software intended to crack any Android smartphone or Apple iPhone, including some that could take full control of the devices.

In fact, Wikileaks alleges that the CIA has a sophisticated unit in its Mobile Development Branch that develops zero-day exploits and malware to "infest, control and exfiltrate data from iPhones and other Apple products running iOS, such as iPads."

Some of the attacks are powerful enough to allow an attacker to remotely take over the "kernel," the heart of the operating system that controls the smartphone operation, or to gain "root" access on the devices, giving the attacker access to information like geolocation, communications, contacts, and more.

These types of attacks would most likely be useful for targeted hacking, rather than mass surveillance.

The leaked documents also detail some specific attacks the agency can perform on certain smartphones models and operating systems, including recent versions of iOS and Android.

CIA Didn't Break Encryption Apps, Instead Bypassed It

In the hours since the documents were made available by WikiLeaks, a misconception was developed, making people believe the CIA "cracked" the encryption used by popular secure messaging software including Signal and WhatsApp.

WikiLeaks asserted that:
"These techniques permit the CIA to bypass the encryption of WhatsApp, Signal, Telegram, Wiebo, Confide and Cloakman by hacking the "smart" phones that they run on and collecting audio and message traffic before encryption is applied."
This statement by WikiLeaks made most people think that the encryption used by end-to-end encrypted messaging clients such as Signal and WhatsApp has been broken.

No, it hasn't.

Instead, the CIA has tools to gain access to entire phones, which would of course "bypass" encrypted messaging apps because it fails all other security systems virtually on the phone, granting total remote access to the agency.

The WikiLeaks documents do not show any attack particular against Signal or WhatsApp, but rather the agency hijacks the entire phone and listens in before the applications encrypt and transmit information.

It’s like you are sitting in a train next to the target and reading his 2-way text conversation on his phone or laptop while he's still typing, this doesn't mean that the security of the app the target is using has any issue.

In that case, it also doesn't matter if the messages were encrypted in transit if you are already watching everything that happens on the device before any security measure comes into play.

But this also doesn't mean that this makes the issue lighter, as noted by NSA whistleblower Edward Snowden, "This incorrectly implies CIA hacked these apps/encryption. But the docs show iOS/Android are what got hacked—a much bigger problem."

CIA Develops Malware to targets Windows, Linux & MacOS

The Wikileaks CIA dump also includes information about the malware that can be used by the agency to hack, remotely spy on and control PCs running Windows, macOS, and Linux operating systems.

This apparently means that the CIA can bypass PGP email encryption and even Virtual Private Network (VPN) on your computer in a similar way. The agency can also see everything you are doing online, even if you are hiding it behind Tor Browser.
Again, this also does not mean that using PGP, VPNs, or Tor Browser is not safe or that the CIA can hack into these services.

But the agency's ability to hack into any OS to gain full control of any device — whether it’s a smartphone, a laptop, or a TV with a microphone — makes the CIA capable of bypassing any service spy on everything that happens on that device.

CIA Borrowed Codes from Public Malware Samples

Yes, in addition to the attacks purportedly developed by the CIA, the agency has adopted some of the code from other, public sources of malware. Well, that's what many does.

One of the documents mentions how the agency supposedly tweaks bits of code from known malware samples to develop its custom code and more targeted solutions.
"The UMBRAGE team maintains a library of application development techniques borrowed from in-the-wild malware," the WikiLeaks document reads. "The goal of this repository is to provide functional code snippets that can be rapidly combined into custom solutions."

Some of the exploits listed were discovered and released by security firms, hacker groups, independent researchers, and purchased, or otherwise acquired by the CIA from other intelligence agencies, such as the FBI, NSA, and GCHQ.
One borrowed exploit in "Data Destruction Components" includes a reference to Shamoon, a nasty malware that has the capability to steal data and then completely wipe out hard-drives.

Another acquired attack by the CIA is SwampMonkey, which allows the agency to get root privileges on undisclosed Android devices.

Persistence, another tool in the CIA arsenal, allows the agency to gain control over the target device whenever it boots up again.

CIA Used Malware-Laced Apps to Spy on Targets

The leaked documents include a file, named "Fine Dining," which does not contain any list of zero-day exploits or vulnerabilities, but a collection of malware-laced applications.

Fine Dining is a highly versatile technique which can be configured for a broad range of deployment scenarios, as it is meant for situations where the CIA agent has to infect a computer physically.

CIA field agents store one or more of these infected applications -- depending upon their targets -- on a USB, which they insert in their target's system to run one of the applications to gather the data from the device.

Developed by OSB (Operational Support Branch), a division of the CIA's Center for Cyber Intelligence, Fine Dining includes modules that can be used to weaponize following applications:

VLC Player Portable
Irfanview
Chrome Portable
Opera Portable
Firefox Portable
ClamWin Portable
Kaspersky TDSS Killer Portable
McAfee Stinger Portable
Sophos Virus Removal
Thunderbird Portable
Opera Mail
Foxit Reader
LibreOffice Portable
Prezi
Babel Pad
Notepad++
Skype
Iperius Backup
Sandisk Secure Access
U3 Software
2048
LBreakout2
7-Zip Portable
Portable Linux CMD Prompt

The CIA's Desperation To Crack Apple's Encryption

This is not the first time when the CIA has been caught targeting iOS devices. It was previously disclosed that the CIA was targeting Apple's iPhones and iPads, following the revelation of top-secret documents from the agency's internal wiki system in 2015 from the Snowden leaks.

The documents described that the CIA had been "targeting essential security keys used to encrypt data stored on Apple's devices" by using both "physical" and "non-invasive" techniques.

In addition to the CIA, the FBI hacking division Remote Operations Unit has also been working desperately to discover exploits in iPhones, one of the WikiLeaks documents indicates.

That could also be the reason behind the agency's effort to force Apple into developing a working exploit to hack into the iPhone belonging to one of the terrorists in the San Bernardino case.

Apple Says It Has Already Patched Most Flaws Documented in CIA Leak

Besides vulnerabilities in Android and Samsung Smart TVs, the leaked documents detail 14 iOS exploits, describing how the agency uses these security issues to track users, monitor their communications, and even take complete control of their phones.

However, Apple is pushing back against claims that the CIA's stored bugs for its devices were effective.

According to Apple, many iOS exploits in the Wikileaks CIA document dump have already been patched in its latest iOS version, released in January, while Apple engineers continue to work to address any new vulnerabilities that were known to the CIA.

Here's the statement provided by an Apple spokesperson:

"Apple is deeply committed to safeguarding our customers’ privacy and security. The technology built into today’s iPhone represents the best data security available to consumers, and we’re constantly working to keep it that way. Our products and software are designed to quickly get security updates into the hands of our customers, with nearly 80 percent of users running the latest version of our operating system. While our initial analysis indicates that many of the issues leaked today were already patched in the latest iOS, we will continue work to rapidly address any identified vulnerabilities. We always urge customers to download the latest iOS to make sure they have the most recent security updates."

Hacking 'Anyone, Anywhere,' Thanks to Internet Of 'Insecure' Things

Besides hundreds of exploits, zero-days, and hacking tools that targets a large number of software and services, Vault 7 also includes details about a surveillance technique — codenamed Weeping Angel — used by the CIA to infiltrate smart TVs.
Samsung smart TVs are found to be vulnerable to Weeping Angel hacks that place the TVs into a "Fake-Off" mode, in which the owner believes the TV is off when it is actually on, allowing the CIA to covertly record conversations "in the room and sending them over the Internet to a covert CIA server."

"Weeping Angel already hooks key presses from the remote (or TV goes to sleep) to cause the system to enter Fake-Off rather than Off," the leaked CIA document reads. "Since the implant is already hooking these events, the implant knows when the TV will be entering Fake-Off mode."

In response to the WikiLeaks CIA documents, Samsung released a statement that reads: "Protecting consumers' privacy and the security of our devices is a top priority at Samsung. We are aware of the report in question and are urgently looking into the matter."

WikiLeaks' CIA Leak Isn't Bigger than Snowden's NSA Leaks

WikiLeaks claims the massive CIA hacking leak is larger than the Edward Snowden revelations about NSA's hacking and surveillance programs, but it is much much smaller.

While the Snowden revelations disclosed the global covert surveillance through text, the voice of people using hacking tools that permitted mass data gathering and analysis, the CIA data dump so far just shows that the CIA gathered and purchased tools that could be used to target individual devices.

However, there is no evidence of mass surveillance of smartphones or computers in the leaked documents. Technologically, the NSA is much more forward in sophistication and technical expertise than the CIA.

Ex-CIA Chief Says Wikileaks dump has made US 'less safe'

Former CIA boss Michael Hayden said the latest leak of highly sensitive CIA documents and files by Wikileaks is "incredibly damaging" and has put lives at risk, BBC reports, while the CIA has not yet commented on the leaks.
The CIA revelations by the whistleblower organization are just beginning. People will see more revelations about the government and agencies from the WikiLeaks in coming days as part of its Year Zero leaks.

10 Things You Need To Know About 'Wikileaks CIA Leak'

----------


## harrybarracuda

Amazing what web sites get up to....

www.urlscan.io

----------


## Dragonfly

> Amazing what web sites get up to....
> 
> www.urlscan.io


not working...

----------


## crackerjack101

Worked for me;

https://urlscan.io/result/e9d9da7f-3...909754#summary



teakdoor.com  119.81.0.75 
URL: TeakDoor: The Thailand Forum
Submission: 3 minutes ago via manual, finished a few seconds later (March 14th 2017, 7 :24: 49 am)  Lookup   Browse    Rescan
Summary
HTTP 39
Links 14
Console 0
Cookies 9
Security 0
IoCs
 API
 JSON
 Map
 DOM
39
Requests

9
Ad-blocked

0
Malicious

13%
Secure

17%
IPv6

7
Domains

7
Subdomains

7
IPs

4
Countries

1,282kB
Transfer

1,309kB
Size

9
Cookies
 This website contacted 7 IPs in 4 countries across 7 domains to perform 39 HTTP transactions. Of those, 5 were secure (13 %) and 17% were IPv6. 
The main IP is 119.81.0.75, located in Singapore, Singapore and belongs to SoftLayer Technologies Inc.. 
In total, 1 MB of data was transfered, which is 1 MB uncompressed. It took 3.865 seconds to load this page. 9 cookies were set, and 0 messages to the console were logged.
IP/ASNs
IP Detail
(Sub)Domains
Domain Tree
Links
Certificates
IP Address		AS Autonomous System
27	119.81.0.75		36351 (SOFTLAYER - SoftLayer Technologies Inc.)
3	2a00:1450:400f:803::200e		15169 (GOOGLE - Google Inc.)
2	163.47.178.206		24482 (SGGS-AS-AP SG.GS)
1	151.101.112.193		54113 (FASTLY - Fastly)
1	68.232.35.169		15133 (EDGECAST - MCI Communications Services)
4	35.161.97.15		16509 (AMAZON-02 - Amazon.com)
39	7		
Summary by...

Type
Domain
IP
Protocol
TLS
Server
Type	#	X-Fer	Size		IPs	
Image	28	1 MB	1 MB	1.0x	6	4
Script	7	93 KB	121 KB	1.3x	2	2
Other	1	894 B	894 B	1.0x	1	1
Stylesheet	1	7 KB	7 KB	1.0x	1	1
Document	1	65 KB	65 KB	1.0x	1	1
Total	39	1 MB	1 MB	1.0x	7	4
Screenshot (click to see full image) ExpandImage


Server locations    

 Server locations

----------


## baldrick

Ubiquity router web server has security issues - I guess you might want to think about patching when ubiquity releases new firmware




> Security researchers have gone public with details of an exploitable flaw in Ubiquiti's wireless networking gear – after the manufacturer allegedly failed to release firmware patches.
> 
> Austrian-based bods at SEC Consult Vulnerability Lab found the programming cockup in November and contacted Ubiquiti – based in San Jose, California – via its HackerOne-hosted bug bounty program. Ubiquiti first denied this was a new bug, then accepted it, then stalled issuing a patch, we're told. After repeated warnings, SEC has now shed light on the security shortcomings.
> 
> Essentially, if you can trick someone using a Ubiquiti gateway or router to click on a malicious link, or embed the URL in a webpage they visit, you can inject commands into the vulnerable device. The networking kit uses a web interface to administer it, and has zero CSRF protection. This means attackers can perform actions as logged-in users.
> 
> A hacker can exploit this blunder to open a reverse shell to connect to a Ubiquiti router and gain root access – yes, the builtin web server runs as root. SEC claims that once inside, the attacker can then take over the entire network. And you can thank a very outdated version of PHP included with the software, we're told.


https://www.theregister.co.uk/2017/0...king_php_hole/

----------


## harrybarracuda

Saw that. Using a 1997 PHP FFS.

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> Amazing what web sites get up to....
> 
> www.urlscan.io
> 
> 
> not working...


Yeah but you're not very bright, are you.

----------


## Dragonfly

> Saw that. Using a 1997 PHP FFS.


works the best though,

the flaw was to run it as root, not a jailrooted dedicated user

I am sure some fools to this day still do, even with latest PHP7  :rofl: 

and your shit link didn't work previously because deemed unsecured by Google DNS  :Razz:

----------


## harrybarracuda

Maybe worth doing a backup, not that I care, I don't own any of that shit.





> Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom
> Joseph Cox
> Mar 21 2017
> 
> A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts.
> 
> The hackers, who identified themselves as 'Turkish Crime Family', demanded $75,000 in Bitcoin or Ethereum, another increasingly popular crypto-currency, or $100,000 worth of iTunes gift cards in exchange for deleting the alleged cache of data.
> 
> "I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing," one of the hackers told Motherboard.
> ...


https://motherboard.vice.com/en_us/a...le-pays-ransom

----------


## harrybarracuda

I wondered how long it would take for stuff like this to start coming out....




> Cisco Issues Advisory On Flaw In Hundreds Of Switches
> Vulnerability was discovered in WikiLeaks' recent data dump on CIA's secret cyber-offensive unit.
> Cisco has issued a security advisory that a bug in the cluster management protocol code of its IOS and IOS XE software may have affected 300 of its switches and can be exploited by a malformed protocol-specific Telnet command, reports ZDNet. Though the company is yet to issue a patch, it says disabling Telnet could remove some risks.
> 
> The flaw was discovered by Cisco on Vault7, WikiLeaks’ recent disclosure of CIA’s secret Center for Cyber Intelligence. WikiLeaks faces criticism for not having edited out all sensitive information in its disclosures and is also under fire for reportedly not providing details of vulnerabilities to affected companies. 
> 
> However, a WikiLeaks spokesman said that "Fortunately, WikiLeaks' Vault7 has permitted Cisco's security team to identity the vulnerability without releasing the exploit code."
> 
> Cisco was involved in a similar issue last year when two vulnerabilities found in hacking tools, allegedly created by the National Security Agency, were identified to impact its products.
> ...


Cisco Issues Advisory On Flaw In Hundreds Of Switches

----------


## Dragonfly

> Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom


awesome, let's hope they do  :Smile: 

itards super owned !!!  :rofl:

----------


## harrybarracuda

Holiday Inn hotels hit by card payment system hack
5 hours ago

The owner of the Holiday Inn and Crowne Plaza hotel brands has disclosed that payment card-stealing malware has struck about 1,200 of its franchisees' properties.
UK-based Intercontinental Hotels Group (IHG) said all but one of the locations affected were in the US, with the other being in Puerto Rico.
Guests have been warned they could have had money stolen as a consequence.
One expert said there might be further hotels affected.
Buckinghamshire-based IHG had previously reported in February that a dozen US hotels that it managed itself had been affected by the same attack.
"Individuals should closely monitor their payment card account statements," a spokeswoman told the BBC following the latest discovery.
"If there are unauthorised charges, individuals should immediately notify their bank.
"Payment card network rules generally state that cardholders are not responsible for such charges."
Other affected brands include Hotel Indigo and Candlewood Suites.
Hijacked card data
IHG said an investigation had detected signs the malware had been active at front-desk payment locations at the hotels between 29 September and 29 December 2016.
However, it only has confirmation that the threat was definitely eradicated last month.
The attack hijacked information taken from the payment cards' magnetic strips as it was being routed through the hotels' computer servers, said the hotel group.
This could include the card number, expiration date and verification code.
IHG does not believe other guest information was stolen.
It has published a tool for visitors to check if hotels they stayed at are among those affected.

The firm notes that other franchisees that had adopted an encryption-based security measure would not have been affected.
But one cybersecurity expert said that the list might not be comprehensive.
"IHG has been offering its franchised properties a free examination by an outside computer forensic team," wrote Brian Krebs.
"But not all property owners have been anxious to take the company up on that offer.
"As a consequence, there may be more breached hotel locations yet to be added to the state look-up tool."
Other hotel chains to have been struck by payment system hacks in recent years include Hyatt, Mandarin Oriental and Trump Hotels.
The US has been slower to switch to a chip-and-pin system than many other countries, which makes it more difficult to carry out such attacks.

Holiday Inn hotels hit by card payment system hack - BBC News

----------


## harrybarracuda

One of those things you would think someone would have thought of earlier....
*
Unicode trick lets hackers hide phishing URLs*
Some perfectly authentic looking web addresses are not what they seem and not all browsers are taking the problem seriously




> Here’s a challenge for you: you click on a link in your email, and find yourself at the website https://аррӏе.com. Your browser shows the green padlock icon, confirming it’s a secure connection; and it says “Secure” next to it, for added reassurance. And yet, you’ve been phished. Do you know how?
> 
> The answer is in that URL. It may look like it reads “apple”, but that’s actually a bunch of Cyrillic characters: A, Er, Er, Palochka, Ie. The security certificate is real enough, but all it confirms is that you have a secure connection to аррӏе.com – which tells you nothing about whether you’re connected to a legitimate site or not.
> 
> The proof-of-concept domain was put together by Xudong Zheng, a security researcher who wanted to demonstrate the problem with the way domain names can be registered and displayed. For a long time, domain names could only be written in Latin characters without diacritics, but since 1998 it’s actually been possible to write them in other alphabets too. That’s useful if you want to register a domain name in Chinese or Arabic script, or even just correctly spelled French or German – anything that can be represented with the Unicode standard can be registered, even emoji – but it’s also opened up a whole new avenue of misdirection for malicious actors to take advantage of, by finding characters in other alphabets which look similar to Latin ones.
> 
> “From a security perspective, Unicode domains can be problematic because many Unicode characters are difficult to distinguish from common ASCII characters,” Zheng writes. “It is possible to register domains such as ‘xn--pple-43d.com’, which is equivalent to ‘аpple.com’. It may not be obvious at first glance, but ‘аpple.com’ uses the Cyrillic ‘а’ (U+0430) rather than the ASCII “a” (U+0041). This is known as a homograph attack.”
> 
> Some browsers will keep an eye out for such tricks, and display the underlying domain name if they sense mischief. A common approach is to reject any domain name containing multiple alphabets. But that doesn’t work if the whole thing is written in the same alphabet.
> ...


https://www.theguardian.com/technolo...-trick-hackers

----------


## harrybarracuda

Mastercard introduces card with built-in fingerprint scanner

By Sead Fadilpašić Published 1 day ago



Mastercard has unveiled a new card that comes with a fingerprint scanner, allowing consumers to make purchases without the card ever leaving their hands. It builds on fingerprint scanning technology currently available in smartphones, and can be used at EMV terminals worldwide, the company says.

The technology was tested in South Africa, in two separate trials. One was with Pick n Pay, while the other one was Absa Bank, a subsidiary of Barclays Africa.

The process is simple. You go to your financial institution and enroll for the card. Once registered, your fingerprint is converted into an encrypted digital template and stored on the card.

When shopping, dip the card into the terminal while holding the finger on the sensor. If the fingerprint is a match, the transaction is approved.

"Consumers are increasingly experiencing the convenience and security of biometrics," said Ajay Bhalla, president, enterprise risk and security, Mastercard. "Whether unlocking a smartphone or shopping online, the fingerprint is helping to deliver additional convenience and security. It’s not something that can be taken or replicated and will help our cardholders get on with their lives knowing their payments are protected."

Additional trials are being planned in Europe and Asia Pacific in the coming months.

Said Richard van Rensburg, deputy CEO of Pick n Pay: "We are delighted that this innovation has been trialled for the first time at Pick n Pay stores in South Africa. Biometric capability will mean added convenience and enhanced security for our customers. The technology creates a platform on which we can further our strategy of personalizing the shopping experience in a meaningful way. We have been extremely impressed with the robust and secure nature of the technology."

https://betanews.com/2017/04/21/mast...+News+Articles

----------


## harrybarracuda

Researchers discover security flaws in over 20 Linksys router models
The vulnerabilities could be used to create a botnet
By Rob Thubron on Apr 21, 2017, 6:15 AM

Security researchers have discovered a number of vulnerabilities in various models of Linksys routers that hackers could potentially exploit to create a botnet.
Senior security consultant Tao Sauvage and independent researcher Antide Petit discovered the bugs late last year. In a recent blog post, Sauvage reveals they identified ten vulnerabilities that range from low- to high-risk issues, six of which can be exploited remotely by attackers.

The security flaws could allow hackers to overload a device, force a reboot, deny user access, leak sensitive information about the router, and change restricted settings.
"A number of the security flaws we found are associated with authentication, data sanitisation, privilege escalation, and information disclosure," said Sauvage. "Additionally, 11 per cent of the active devices exposed were using default credentials, making them particularly susceptible to an attacker easily authenticating and potentially turning the routers into bots, similar to what happened in last year's Mirai Denial of Service (DoS) attacks."

The flaws are present in over 20 different models of Linksys routers - the full list is available below. An initial scan discovered there were over 7000 vulnerable devices exposed at the time of the search. The majority of affected routers, 69 percent, are located in the US.

IOActive informed Linksys of the issues in January, allowing the company three months to address the problems before going public with its findings.
Benjamin Samuels, an application security engineer at Belkin (Linksys Division), said: "Working together with IOActive, we've been able to efficiently put a plan together to address the issues identified and proactively communicate recommendations for keeping customer devices and data secure."

"Security is a high priority and by taking a few simple steps, customers can ensure their devices are more secure while we address the findings. IOActive has been a great partner throughout what's been a textbook example of researcher and vendor working cooperatively."

In a recent advisory, Linksys advises users to enable automatic updates, disable the Wi-Fi Guest Network feature, and change the default admin password. A firmware update to fix the issues will be released in the coming weeks.

Here is the list of affected products:

WRT Series
WRT1200AC
WRT1900AC
WRT1900ACS
WRT3200ACM

EAxxxx Series
EA2700
EA2750
EA3500
EA4500 v3
EA6100
EA6200
EA6300
EA6350 v2
EA6350 v3
EA6400
EA6500
EA6700
EA6900
EA7300
EA7400
EA7500
EA8300
EA8500
EA9200
EA9400
EA9500

Researchers discover security flaws in over 20 Linksys router models - TechSpot

----------


## harrybarracuda

*Ransomware Payout Doesn't Pay Off*

About 40% of small- and midsized businesses hit with ransomware paid their attackers, but less than half got their information back.
Ransomware, ironically, is a crime based on trust. Victims pay attackers who compromise their data with an expectation it will be returned to them.

Unfortunately, a growing number of ransomware targets pay thousands of dollars to get their data back, but receive nothing. This was the most surprising result to come from a Bitdefender survey of 250 IT pros working in small and medium businesses (SMBs), says senior threat analyst Bogdan Botezatu.

The survey, conducted by Spiceworks, discovered one in five SMBs was hit with a ransomware attack within the past 12 months. Of the 20% targeted, 38% paid attackers an average of $2,423 to release their data. Less than half (45%) got their information back.

"Until now, ransomware was a business where honesty was key," Botezatu explains. "Everyone paid the ransom expecting they would get their data back … the ransomware space is continuously changing. Honor among criminals is no longer there."

He says this reflects a broader trend across cybercrime as attackers' boundaries change. Many used to avoid healthcare attacks because they could potentially harm patients. Now, healthcare organizations are frequently targeted, and lack the tech and best practices to defend themselves.

Similarly, SMBs represent a growing pool of victims as attackers seek weaker targets. Ransomware had mostly hit consumers until now, says Botezatu. Businesses weren't targeted as often because cybercriminals likely knew about their strong security tools and data backups. 

"They're not going to the consumer or enterprise that much," he continues. "They found their sweet spot in the middle."

Researchers found SMBs are appealing targets for ransomware because they handle the same sensitive business information (customer data, financial records, product info) as larger organizations, but lack the strong security measures to protect it.

Attackers know they're more likely to receive payment from SMBs, which have more sensitive data than consumers. An individual may be willing to pay about $1,000 for ransomed files. A business with hundreds of customers will pay far more because they need that information, Botezatu says.

Email, cited by 77% of SMBs, is the most popular vector of attack. Cybercriminals use email to compel victims to open or download attachments, or click malicious links, reported 56% and 54% of SMBs, respectively. Nearly one-third (31%) of attacks occurred via social engineering.

"This is serious," says Botezatu. "Whatever you do, you cannot block email in a company - and hackers have a wide assortment of file extensions they can squeeze ransomware into."

Most SMBs hit with ransomware attacks were able to mitigate the attack by restoring data from backup (65%), or through security software or practices (52%). One-quarter of those targeted could not find a solution to address the problem and lost their data as a result.

Botezatu advises SMBs to "strongly consider" complementing their security strategy with a backup security solution. Ransomware is a highly volatile type of attack, he explains, and it only needs to run once to be effective. Criminals don't need to be persistent to encrypt all your data.

If you are attacked? "Don't pay up," he says. "Try to do without the data."

An attack should serve as a lesson learned, he continues. If people continue paying to get their information, ransomware attacks will continue as a means of easy money for cybercriminals. While Botezatu thinks ransomware is here to stay, he urges victims to avoid paying up.

"Every payment you make keeps the ecosystem alive," he emphasizes.

Ransomware Payout Doesn't Pay Off

----------


## harrybarracuda

Remote security exploit in all 2008+ Intel platforms
Updated: Nehalem through Kaby all remotely and locally hackable
May 1, 2017 by Charlie Demerjian

Every Intel platform from Nehalem to Kaby Lake has a remotely exploitable security hole. SemiAccurate has been begging Intel to fix this issue for literally years and it looks like they finally listened.

Update May 1, 2017 # 3:35pm: Intel just confirmed it, but not to SemiAccurate. You can read their advisory here.

The short version is that every Intel platform with AMT, ISM, and SBT from Nehalem in 2008 to Kaby Lake in 2017 has a remotely exploitable security hole in the ME (Management Engine) not CPU firmware. If this isn’t scary enough news, even if your machine doesn’t have SMT, ISM, or SBT provisioned, it is still vulnerable, just not over the network. For the moment. From what SemiAccurate gathers, there is literally no Intel box made in the last 9+ years that isn’t at risk. This is somewhere between nightmarish and apocalyptic.

First a little bit of background. SemiAccurate has known about this vulnerability for literally years now, it came up in research we were doing on hardware backdoors over five years ago. What we found was scary on a level that literally kept us up at night. For obvious reasons we couldn’t publish what we found out but we took every opportunity to beg anyone who could even tangentially influence the right people to do something about this security problem. SemiAccurate explained the problem to literally dozens of “right people” to seemingly no avail. We also strongly hinted that it existed at every chance we had.

Various Intel representatives over the years took my words seriously, told me I was crazy, denied that the problem could exist, and even gave SemiAccurate rather farcical technical reasons why their position wasn’t wrong. Or dangerous. In return we smiled politely, argued technically, and sometimes, usually actually, were not so polite about our viewpoint. Unfortunately it all seems to have been for naught.

The problem is quite simple, the ME controls the network ports and has DMA access to the system. It can arbitrarily read and write to any memory or storage on the system, can bypass disk encryption once it is unlocked (and possibly if it has not, SemiAccurate hasn’t been able to 100% verify this capability yet), read and write to the screen, and do all of this completely unlogged. Due to the network access abilities, it can also send whatever it finds out to wherever it wants, encrypted or not.

While these capabilities sounds crazy to put on a PC, they are there for very legitimate reasons. If an IT organization needs to re-image a system, you need to be able to remotely write to disk. Virus cleaning? Scan and write arbitrary bits. User logging and (legitimate) corporate snooping? That too. In short everything you need to manage a box can be exploited in ugly ways. When Intel told us that a version of AMT could be used to bare metal image a dead machine over a cellular connection, we turned white. We explained to them why SemiAccurate thought this was a bad idea and they respectfully disagreed. I’ll bet they aren’t laughing now.

The news today is more problematic than it seems though, the nuances of security disclosures tend to be lost on those not involved in the field. What we mean by this is if a company knows about a flaw and doesn’t fix it for quite literally years, there usually is a reason why. For a security hole that was present for about a decade that suddenly gets patched, this means an affected party with the leverage to get Intel to act did just that. Again.

We are cheering that the hole is being fixed and Intel is issuing a patch. That and Intel has plans on when to issue “reactive” NDAs to customers several weeks before the “proactive” and “public” disclosures. [Editor’s emphasis] That begs the question of reacting to what? If it isn’t being exploited, there is nothing to react to before it is disclosed, right?

Back to the point, what is the issue? Again we won’t be specific until the fixes are out but on April 25, Intel released a firmware fix for this unnamed issue. It affects every Intel machine from Nehalem in 2008 to Kaby Lake in 2017. The vulnerability affects AMT, ISM, and SBT bearing machines. For those not up on Intel security acronyms, this is every Intel box shipped with an Intel chipset for the past decade or so.

Depending on whether you are a glass half empty or half full type, there is a bit of good news. This flaw is remotely exploitable only if you have AMT turned on, that is the ‘good’ news. The bad news is that if you don’t have it turned on or provisioned the vulnerability is still exploitable locally. If you aren’t the half full type, you might sum this up by saying there is no way to protect a manageable Intel based computer until this hole has been patched, it is that bad. Let me repeat, you can not protect a manageable PC or server with this flaw until there is a patch, period. This flaw is present in ME firmware from version 6.0-11.6, things before and after those numbers are not affected probably because they used the AMT engine with the non-ARC CPU cores in older iterations.

Luckily Intel has some mitigation options for the affected users, that is you, whether you know it or not. They have two fixes for provisioned AMT and non-provisioned boxes, both prevent the issue from happening until the firmware update has been distributed by OEMs. Unfortunately since this issue is not disclosed officially yet, they won’t tell you what it is. Due to the severity of the issue, we highly recommend you make these changes immediately, don’t wait for the official disclosure.

If you have provisioned AMT or ISM on your systems, you should disable it in the Intel MEBx. If you haven’t provisioned these, or have and want to mitigate the local vulnerability too, there are more steps to take. If you have a box with AMT, ISM, or SBT, you need to disable or uninstall Local Manageability Service (LMS) on your boxes. Intel helpfully points out that doing this will mean your box can’t be managed using those services when you disable them. If this makes you think about whether or not to disable those things, trust us, don’t think about it, disable them NOW.

This brings us to a very ugly point. Intel has put AMT and it’s variants into every device they make. Some you can’t see because it is fused off but off is a very strong term. There are several features that AMT provides that are present in consumer systems even though the ‘technology’ isn’t there. This is one of the arguments that SemiAccurate has had with Intel security personnel over the years, we have begged them to offer a SKU without the AMT hardware for just this very reason. Intel didn’t, the pressure to lock corporate customers in to their silicon was too high.

With this exploit, every Intel box for 9+ years is now vulnerable because you couldn’t buy a box without it even if you wanted to other than a few older 4S servers. If you deployed Intel’s management solutions like AMT or SBS, you know the ones we mocked, you now have to turn it off or face remote exploitation. If you are a large corporation with AMT deployed, and most companies have deployed it, turning it off is easy, just a console command or three and it is done. Turning it back on however means going to every desktop, laptop, and server in your organization manually patching the BIOS and ME firmware, then turning the ME features like AMT back on. Manually.

This all assumes that there is a patch for your machine. Intel has a slew of BIOS/ME firmware patches out and in the hands of OEMs now. From here it isn’t Intel’s problem, and we mean that without even a hint of sarcasm. Intel has done their part and delivered the updated firmware to OEMs, it is now up to them to do the right thing. Some will.

The problem from here is twofold starting with no-name PCs. If you have a white-box PC or one from a sketchy vendor, chances are they won’t bother with a firmware update. Security is a cost center and most OEMs run on margins too thin to bother with security patches even if they cared. Most simply don’t care.

On the other hand OEMs who do actually care, that would be most of the big ones like Dell, HP, Lenovo, and so on, will put out patches for their machines. The second problem is for how long? No not for how long will they keep patches up but how far back will they issue the patches for? Most OEMs don’t patch things out of warranty for good reason, this is a fair thing for them to do. Most PCs have a one or three year warranty with five being the rare exception for some boxes like servers. Most of the PCs in this category from tier 1 and 2 vendors should have patches issued in short order. Check for them daily and apply them immediately, really.

At best though this means there will be patches out for less than half of the affected machines. Do you or your organization have any machines in service but out of warranty? I’ll bet you do. What about embedded devices that are increasingly PC based? Digital signage perhaps? Industrial controls. HVAC. Security systems. Flight controls. Air traffic controls. Medical devices. I could go on but all of these are likely PC based and anything infrastructure related is likely networked, management engine enabled, and quite possibly in warranty from the service provider. But quite likely out of warranty from the board vendor who made the underlying PC the service it is based on. Do you know what is in your systems? I’ll bet you think you do.

So this Intel AMT/ISM/SBT vulnerability is the proverbial ‘big one’. It is remotely exploitable if you have Intel’s management solutions in use, locally exploitable if you have them provisioned in your machine. You have them on your machine. You really need to turn them off, uninstall all the pieces, and do it now, don’t wait for the official word on WW26. That is the end of June for non-Intelspeak people, they will officially issue this guidance then along with OEM disclosures.

Because SemiAccurate strongly suspects this vulnerability is being exploited in the wild as we speak, you should take the official mitigation steps as soon as possible. Then contact your OEMs and strongly suggest that firmware patches for every system, including-out-of warranty systems, would be appreciated by you. Then go over every embedded Intel board with a fine tooth comb. Remember it is every Intel system from Nehalem in 2008 to Kaby Lake in 2017, ME firmware version from 6.0-11.6. If you have or suspect you have these, act now. Really. This is the big one but you can take some corrective action before it is too late. Richard Stallman was right about firmware, and there are alternatives now too.S|A

TLDR; Average computer user – If your system is 10 years old or newer it is likely exploitable, check for patches daily and install all patches immediately. If there is no patch, back up data and replace.


Remote security exploit in all 2008+ Intel platforms - SemiAccurate

----------


## baldrick

before anyone freaks out 

you are unlikely to have enabled Active Management Technology

cool - but should be limited to access only from subnet machines - can vpn for doing it from the beach

https://en.wikipedia.org/wiki/Intel_...ent_Technology

----------


## harrybarracuda

> before anyone freaks out


...Take a deep breath and calm down Mr. Mainwaring.

Then just check.

----------


## harrybarracuda

Oooops....




> IBM warns of malware on USB drives shipped to customers
> 
> IBM said some flash drives for Storewize initialisation should be destroyed because 
> they may contain Trojan malware.
> 
> By Danny Palmer | May 2, 2017 -- 11:48 GMT (12:48 BST) | Topic: Security
> 
> IBM has urged customers to destroy USB drives which shipped with some of its Storewize storage systems because they may contain malware.
> 
> ...


IBM warns of malware on USB drives shipped to customers | ZDNet

----------


## harrybarracuda

Google confirms massive phishing attack targeting millions of Gmail users
Scammers used legit-looking Docs file to fool users into spreading a worm
04 May 2017

GOOGLE HAS SHEEPISHLY CONFIRMED that millions of Gmail users were the target of a global phishing attack that spread rapidly on Wednesday.

The phishing campaign aimed to gain control of Gmail users' entire email histories by spreading a worm to all of their contacts via an emailed invitation asking them to check out an attached "Google Docs," or GDocs link. The invitation not only appeared genuine but also from a trusted contact.

Users that clicked the link were taken to a real Google security page, where they were asked to give permission for the fake app, posing as GDocs, to manage their email account. The worm then sent itself out to all of the affected users' contacts, reproducing itself hundreds of times every time the link was clicked.

Google recognised the phishing scam on Wednesday and warned users to be vigilant.

Enterprise security firm Agari warned that this type of attack is "different and scary "because of its ability to evade common defenses and make use of Google APIs to trick users into granting access.

"The attack didn't directly try to steal usernames and passwords like a typical phishing scam but rather tricked users into allowing complete access to their email account," said the firm in a blog post. "Typically, users have been trained to change their password when they think they have been a victim of a phishing scam. In this case, that would not solve the problem."

The firm also said that the cybercriminals who launched the attack have access to all of the victims' emails until the app is disabled.

"With that access, the criminals can use your identity to scam co-workers or relatives, reset your bank account password and steal money or harvest information to steal the victim's identity. There are an infinite number of ways a cybercriminal can monetise this kind of access."

Google released an official statement late on Wednesday to say it has addressed the issue with the phishing email claiming to be Google Docs and working to ensure no there will be no repeat of it.

"We have taken action to protect users against an email impersonating Google Docs and have disabled offending accounts. We've removed the fake pages, pushed updates through Safe Browsing, and our abuse team is working to prevent this kind of spoofing from happening again. We encourage users to report phishing emails in Gmail."

If you think you were affected, Google advises that you visit its security checkup site. 



Google confirms massive phishing attack targeting millions of Gmail users | TheINQUIRER

----------


## baldrick

it is quite easy to flash your BIOS on your mobo - you download the correct one from your manuf website , put it on a USB drive , plug it in and boot the computer and go to the BIOS ( normally by tapping the delete key as the comp starts ) - then navigate to the BIOS upgrade section and point it at the USB drive




> before anyone freaks out





> *Identifying Vulnerable Systems*
> 
>   When Intel publicly disclosed the  AMT security flaw, it also released a detection guide. On May 4, the  company released a downloadable discovery tool,  as well. Considering the short time span between the public disclosure  and the release of a discovery tool or the time when PC OEMs will begin  shipping fixes, this may be a hint that Intel wasn’t quite ready to  disclose the bug on May 1.
> *Securing Vulnerable Systems*
> 
>   If Intel’s discovery tool reports  a vulnerability or is unable to say whether a particular system is  vulnerable, the company recommends system administrators take steps to  secure their systems in other ways. 
>   Intel released a mitigation guide,  too, which teaches system administrators how to disable the AMT, the  Intel Standard Manageability (ISM), and Intel Small Business Technology  (SBT) software. Disabling these vulnerable business-oriented features  should keep the systems safe against the exploitation of this particular  privilege escalation vulnerability.
>   From May 8, PC manufacturers will  begin to release patches for their products, which should fix the  issue. However, it remains to be seen if the manufacturers will release a  patch for all the vulnerable products they’ve sold since 2010, or  whether they’ll only patch more recent systems. Intel was not  immediately available to clarify this potential issue.

----------


## harrybarracuda

*Microsoft releases emergency patch for 'crazy bad' Windows zero-day bug*

The vulnerability has been dubbed the worst Windows remote code execution flaw in recent memory.

By Charlie Osborne for Zero Day | May 9, 2017 -- 08:51 GMT (09:51 BST) | Topic: Security

Microsoft has released a patch rapidly developed to combat a severe zero-day vulnerability discovered only days ago.

Late Monday, the Redmond giant issued a security advisory for CVE-2017-0290, a remote code execution flaw impacting the Windows operating system.

The security vulnerability was disclosed over the weekend by Google Project Zero security experts Natalie Silvanovich and Tavis Ormandy.

On Twitter, prominent vulnerability hunter Ormandy revealed the existence of a zero-day flaw in Microsoft Malware Protection Engine (MsMpEng), used by Windows Defender and other security products.

The researcher deemed the find a "crazy bad" bug which may be "the worst Windows remote code exec [execution flaw] in recent memory."

Ormandy did not reveal anything else at the time, to give Microsoft time to fix the scripting engine memory corruption vulnerability after it was reported privately.

The built-in deployment system and scanner engine in Microsoft's products will issue the patch to vendors automatically over the next 48 hours and so more details have been disclosed.

The vulnerability allows attackers to remotely execute code if the Microsoft Malware Protection Engine scans a specially crafted file. When successfully exploited, attackers are able to worm their way into the LocalSystem account and hijack an entire system.

With such power, they have complete control to install or delete programs, steal information, create new accounts with full user rights, and download additional malware.

The Project Zero team says the vulnerability can be leveraged against victims by only sending an email to users -- without the need for the message to be opened or any attachments to be downloaded. An attack leveraging the exploit could also be conducted through malicious website visits or instant messaging.

According to Ormandy, the vulnerability could not only be exploited to work against default systems, but is also "wormable." In other words, malware using the exploit can replicate itself and spread beyond the target system.

"Vulnerabilities in MsMpEng are among the most severe possible in Windows, due to the privilege, accessibility, and ubiquity of the service," the team says.

"If the affected antimalware software has real-time protection turned on, the Microsoft Malware Protection Engine will scan files automatically, leading to exploitation of the vulnerability when the specially crafted file scanned," Microsoft said. "If real-time scanning is not enabled, the attacker would need to wait until a scheduled scan occurs in order for the vulnerability to be exploited."

Microsoft Forefront Endpoint Protection 2010, Microsoft Endpoint Protection, Microsoft Forefront Security for SharePoint Service Pack 3, Microsoft System Center Endpoint Protection, Microsoft Security Essentials, Windows Defender for Windows 7, Windows Defender for Windows 8.1 and RT 8.1, Windows Defender for Windows 10, Windows 10 1511, Windows 10 1607, Windows Server 2016, Windows 10 1703, and Windows Intune Endpoint Protection are all affected.

However, Microsoft told the Project Zero team that the Control Flow Guard (CFG) security feature lowers the risk of compromise on some of the latest platforms where the feature is enabled.

Ormandy praised Microsoft for how quickly the emergency patch was issued, saying that he was "blown away at how quickly @msftsecurity responded to protect users, can't give enough kudos."

Microsoft says there have been no reports of the issue being exploited in the wild. System administrators do not need to act as Microsoft's internal systems will push the engine updates to vulnerable systems, however, the update can also be applied manually for a quicker fix.

Microsoft releases emergency patch for 'crazy bad' Windows zero-day bug | ZDNet

----------


## harrybarracuda

Cheeky fuckers.

https://www.modzero.ch/advisories/MZ...-Keylogger.txt

----------


## Neo

https://arstechnica.com/security/201...earchers-warn/

----------


## harrybarracuda

Links on the current Ransomware attack. If you apply Windows Updates, especially:

https://technet.microsoft.com/en-us/.../ms17-010.aspx

you will probably be protected.

Source is not known yet, but it uses the NSA exploits that ShadowBrokers released.

https://www.bleepingcomputer.com/new...-on-a-rampage/

----------


## harrybarracuda

Costin Raiu‏Verified account @craiu  2h2 hours ago

 So far, we have recorded more than 45,000 attacks of the #WannaCry ransomware in 74 countries around the world. Number still growing fast.

----------


## harrybarracuda

Looks like Vlad's taking it up the arse...

----------


## harrybarracuda

Latest on Twatter use the following Hashtags:

#WanaCrypt0r #WCry #WannaCry

----------


## harrybarracuda

https://intel.malwaretech.com/botnet/wcrypt

----------


## harrybarracuda



----------


## harrybarracuda

Ooops...

----------


## Dragonfly

I am safe, I am running WinXP  :Smile: 

and I don't open DOC files from strangers  :Banana: 

fucking awesome !!!

----------


## Neo

The ransomware appears to be one of several tools belonging to the  National Security Agency (NSA) that a hacking group known as The Shadow  Brokers has been leaking to the web over the past several months.  According to an Arstechnica  report last month, The Shadow Brokers leaked around a gigabyte worth of  weaponized software exploits, including one that targeted most versions  of Windows.

This particular ransomware is called WCry. It's also  been called several other names, including WannaCry, WannaCryptor,  WannaCrypt, and Wana Decryptor. They're all the same and reference  version 2.0 of WCry, BleepingComputer reports.
As  the day has gone on, WCry has spread to the U.K. and other parts of the  world. Earlier in the day a researcher for Kaspersky Lab noted 45,000 attacks in 74 countries, and said that WCry's list of victims was "growing fast."

There is a live map at MalwareTech  that shows WCry spreading to victims in real time. According to Avast  security researcher Jakub Kroustek, WCry has claimed over 57,000 PCs in  just a few hours, some of the first of which were Spanish companies,  such as utility outfits Telefonica, Gas Natural, and Iberdrola.

Forbes  says victims have been asked to cough up $300 to remove the infection  and decrypt their files. Otherwise, their data remains encrypted and  inaccessible. On top of that, victims are being told that after 7 days,  their files will be lost forever if the ransom is not paid.

The  ransomware is said to have initially spread through spam containing fake  invoices, job offers, and other attempts aimed at random email  addresses. However, it's also been able to spread through the worm-like  EternalBlue exploit.

----------


## harrybarracuda

So then, if you want to be safe from this little bastard:

- Do a Windows Update. Keep doing it until there are more to apply (Microsoft patched this in March).

Having said that, researchers found that, in this particular malware, if a certain domain was available to respond, WannaCry ceases activity, so they registered that domain and the attacks are now subsiding.

So you probably have time to do the patching before some other bright spark issues a newer variant - don't waste it.

----------


## Latindancer

Am I ok using Vista ? I cannot update any more....

----------


## bsnub

> Am I ok using Vista


Nope.  :Smile:

----------


## Dragonfly

> So then, if you want to be safe from this little bastard:
> 
> - Do a Windows Update. Keep doing it until there are more to apply (Microsoft patched this in March).
> 
> Having said that, researchers found that, in this particular malware, if a certain domain was available to respond, WannaCry ceases activity, so they registered that domain and the attacks are now subsiding.
> 
> So you probably have time to do the patching before some other bright spark issues a newer variant - don't waste it.


don't listen to this non-sense from Harry,

Turn off Windows Update, these 0d attacks feeds on Windows Update latest patch by MS

Downgrade Windows by 2 versions, and you will be safe for a long time, there are no new features that are useful in Windows 7 or Win10, it's only gay shit for stupid users  :Smile: 

alternativetly, buy an iMac

----------


## Dragonfly

> Am I ok using Vista ? I cannot update any more....


downgrade to WinXP and you will be fine, VISTA was a POS with gay icons on the desktop, didn't do anything better

----------


## Latindancer

I believe Vista is essentially the same as XP. And though it had a bad rep at first, after it was tweaked it was a stable platform.....which I have proved for the last 4 years by using it.

And my icons are fine.

----------


## bsnub

> I believe Vista is essentially the same as XP.


 :smiley laughing:

----------


## Dragonfly

> I believe Vista is essentially the same as XP


WRONG !!! again  :Smile: 

completely different platform, actually Win7 is closer to Vista than XP

----------


## Dragonfly

> Ooops...


what happened harry, did they got you too ?  :rofl:

----------


## Passing Through

Install a version of Linux and if for some reason you have a pressing need to use a Windows application, just run a virtual machine.

----------


## Latindancer

> Originally Posted by Latindancer
> 
> I believe Vista is essentially the same as XP.


Hey, I don't claim to know anything much about computers. Sheesh...

----------


## bsnub

^ You have mail... :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> So then, if you want to be safe from this little bastard:
> 
> - Do a Windows Update. Keep doing it until there are more to apply (Microsoft patched this in March).
> 
> Having said that, researchers found that, in this particular malware, if a certain domain was available to respond, WannaCry ceases activity, so they registered that domain and the attacks are now subsiding.
> 
> ...


Fuck off you stupid queer troll.

----------


## harrybarracuda

> Originally Posted by Latindancer
> 
> 
> Am I ok using Vista ? I cannot update any more....
> 
> 
> downgrade to WinXP and you will be fine, VISTA was a POS with gay icons on the desktop, didn't do anything better


....And Fuck off you stupid queer troll.

Maybe you can fix it with regedit eh, you fucking moron.

----------


## harrybarracuda

> Install a version of Linux and if for some reason you have a pressing need to use a Windows application, just run a virtual machine.


Yeah pretty fucking stupid advice, since most people using Windows are either using it for a reason or they're just a fucktard like Buttplug.

Having said that, I cannot see the attraction of Vista, it was as slow as shit and painful to watch.

This exploit is all about legacy, Microsoft trying to keep SMB 1.0 support for cunts that can't be arsed to spend the money to upgrade.

So I hope all those c u n t s got encrypted, and hopefully now they'll dump the shit and move onto something a but more secure.

Apart from Buttplug, he's just a dumb c u n t, and I couldn't give a fuck what happens to the fat queer troll.

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Ooops...
> 
> 
> what happened harry, did they got you too ?


"did they got you too"?

Learn how to speak English, you stupid fat queer troll.

----------


## harrybarracuda

> Am I ok using Vista ? I cannot update any more....


I have seen several references to Microsoft releasing an emergency patch for Vista and XP, but I have yet to see a link that works.

Maybe thick c u n t s like Buttplug are desperately trying to get it and jamming the site up.


Added: It's your lucky day, the Vista patch is up:

http://download.windowsupdate.com/d/...16a85c745c.msu


https://www.manageengine.com/product...12598-x86.html

----------


## Passing Through

> most people using Windows are either using it for a reason or they're just a fucktard like Buttplug.


If 'fucktard like Buttplug' means average consumer who knows little about computers and is too scared to try something new, then yes, you're right. Most people use Windows because they don't know that there is an alternative or think that you need to be some kind of black belt hacker to use a Linux system.

----------


## harrybarracuda

> most people using Windows are either using it for a reason or they're just a fucktard like Buttplug.
> 			
> 		
> 
> If 'fucktard like Buttplug' means average consumer who knows little about computers and is too scared to try something new, then yes, you're right. Most people use Windows because they don't know that there is an alternative or think that you need to be some kind of black belt hacker to use a Linux system.


Most people use Windows because it has by far the widest selection of software and compatible hardware.

If Linux was the number one OS, you'd be sat here in the middle a Linux ransomware attack telling everyone to switch to Windows.

There is nothing to stop you opening a "Use Linux instead of Windows" thread. Fuck, how hard is it to use Rufus to burn a bootable Linux ISO and give it a try without even wiping Windows?

If you are that confident that you are right, it should be a great success.

And no, inexperienced computer user is not the same as "fucktard like Buttplug", that gallic poof is very special needs, as you may have deduced.

----------


## harrybarracuda

This may take a few refreshes to load, but it has patches for legacy OS's.


http://www.catalog.update.microsoft....px?q=KB4012598

----------


## Dragonfly

> This may take a few refreshes to load, but it has patches for legacy OS's.
> 
> 
> http://www.catalog.update.microsoft....px?q=KB4012598


thank you love,

how is your ass this morning ? hurting a bit with that 0d ?  :Smile:

----------


## Dragonfly

> Most people use Windows because it has by far the widest selection of software and compatible hardware.


actually most people use Windows because it comes pre-loaded on their hardware and they are too lazy to think otherwise

try again,

----------


## Dragonfly

> Yeah pretty fucking stupid advice,


the problem is that any advice that doesn't come boxed from your call center version is stupid,

maybe you should look and learn differently  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Yeah pretty fucking stupid advice,
> 
> 
> the problem is that any advice that doesn't come boxed from your call center version is stupid,
> 
> maybe you should look and learn differently


Maybe you should fuck off you stupid fat queer.

----------


## Neo

Global cyber-attack: Security blogger halts ransomware 'by accident' - BBC News

----------


## harrybarracuda

You would expect any company in Asia to have all their staff in over the weekend cleaning out any emails that might be suspicious.

OK, you wouldn't.

There are probably going to be a bundle of new attacks come Monday morning all over Asia.

----------


## harrybarracuda

By the way, if you have Windows 10, you are still vulnerable because it supports SMB1.0 (that legacy shit again).

If you want to turn it off, just type "Windows Features" into the search box and disable it as per the image:




Or just apply Windows Updates.

----------


## Dragonfly

what's the regedit hack for that ? need to do it for my Win10  :Smile:

----------


## harrybarracuda

> what's the regedit hack for that ? need to do it for my Win10


Fuck off you fat queer troll.

----------


## taxexile

> SMB1.0


what exactly, in laymans terms, is it and does that do?

how exactly does it leave a win10 computer open to attacks?

if it is turned off, what features will be disabled?

i have looked it up, but cant understand much of the explanations. they are very technical.

----------


## bsnub

> what exactly, in laymans terms, is it and does that do?


This has all you need to know;

https://blogs.technet.microsoft.com/...op-using-smb1/

----------


## taxexile

thanks bsnub , starting to become a (little) clearer now.

----------


## Begbie

> By the way, if you have Windows 10, you are still vulnerable because it supports SMB1.0 (that legacy shit again).
> 
> If you want to turn it off, just type "Windows Features" into the search box and disable it as per the image:
> 
> 
> 
> 
> Or just apply Windows Updates.


Thanks for that. I'd already applied the updates, Win 10. SMB1 was still enabled, isn't now.

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> By the way, if you have Windows 10, you are still vulnerable because it supports SMB1.0 (that legacy shit again).
> 
> If you want to turn it off, just type "Windows Features" into the search box and disable it as per the image:
> 
> 
> 
> ...


I think the update fixed it anyway, but I can't see any reason at all to have it turned on.

----------


## Dragonfly

to make sure stupid SMB1 is disabled, it doesn't hurt to add this regkey  :Razz: 

this works for all Windows version:

Go to: "HKLM:\SYSTEM\CurrentControlSet\Services\LanmanSer  ver\Parameters"

Then add New DWORD key => SMB1 with Value = 0

----------


## Latindancer

Ok....how do I do this in Vista ?

----------


## Dragonfly

launch regedit from the run menu, very easy

----------


## Cujo

DF reminds me of an engineer I used to work with who acted like he was trying to help but spoke one or two levels of understanding above the level of the person he was speaking to. Just so he sounded smart.

----------


## VocalNeal

This is the problem with computers and...

The average car driver does wish to change the fuel injectors. Or even know ho to. Why isn't this stuff disabled if it is vulnerable.

----------


## harrybarracuda

> Ok....how do I do this in Vista ?


Apply the patch in the link above.

Added: To save you scrolling through the fat, gay troll's shite:

http://www.catalog.update.microsoft....px?q=KB4012598

Seriously though, get off Vista. You're just asking for trouble.

----------


## harrybarracuda

> DF reminds me of an engineer I used to work with who acted like he was trying to help but spoke one or two levels of understanding above the level of the person he was speaking to. Just so he sounded smart.


Really? He reminds me of a very stupid, fat, queer troll.

----------


## harrybarracuda

> This is the problem with computers and...
> 
> The average car driver does wish to change the fuel injectors. Or even know ho to. Why isn't this stuff disabled if it is vulnerable.


They didn't think it was worth worrying about until some bunch of hackers pointed out that the NSA was using it for spying.

----------


## Cujo

> Originally Posted by Cujo
> 
> 
> DF reminds me of an engineer I used to work with who acted like he was trying to help but spoke one or two levels of understanding above the level of the person he was speaking to. Just so he sounded smart.
> 
> 
> Really? He reminds me of a very stupid, fat, queer troll.


 :smiley laughing:

----------


## Dragonfly

> DF reminds me of an engineer I used to work with who acted like he was trying to help but spoke one or two levels of understanding above the level of the person he was speaking to. Just so he sounded smart.


that's basic computer stuff, it's not my fault that you or harry are computer retards and need to follow scripts to understand computers

maybe you should get an education ?

----------


## Cujo

> Originally Posted by Cujo
> 
> 
> DF reminds me of an engineer I used to work with who acted like he was trying to help but spoke one or two levels of understanding above the level of the person he was speaking to. Just so he sounded smart.
> 
> 
> that's basic computer stuff, it's not my fault that you or harry are computer retards and need to follow scripts to understand computers
> 
> maybe you should get an education ?


By your definition most people are 'computer retards', so tone it down a bit for those ones.
Or is that below you?

----------


## harrybarracuda

> Originally Posted by Dragonfly
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by Cujo
> ...


Don't worry about Buttplug, he's just a fat queer troll.

Anyone who takes advice from him is a fucking idiot.

----------


## Dragonfly

> Originally Posted by Dragonfly
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by Cujo
> ...


what's your point ? like I said, get an education or some proper training, and not in a call center like that silly script bot of Harry  :Smile: 

or maybe you are too lazy to learn, like 99% of the users

my point is educate yourself, it's not that difficult, and you have no excuse not to. 

Look what happened when you don't and just parrot news bulletin, you end up like Harry in a call center working for Arabs in a desert  :Smile:

----------


## harrybarracuda

> Originally Posted by Cujo
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by Dragonfly
> ...


Why don't you take your own advice, you fat queer troll.

----------


## harrybarracuda

Just in case Mac users believe all that bollocks about them being safe...




> The website of the HandBrake app has been compromised, and one of its download mirrors modified to host a version of the Proton RAT embedded in the app's Mac client.
> 
> HandBrake is a multi-platform transcoder, an app that helps users convert multimedia files from one format to another.
> 
> According to a security alert posted yesterday on the app's forum, an unknown attacker had compromised on of the website's download mirrors, located at download.handbrake.fr.
> 
> The miscreant(s) replaced the Mac version of the HandBrake client with his own version, which also contained Proton, a Remote Access Trojan for macOS.
> 
> The Proton RAT was first spotted in March when a crook put it up for sale on an underground hacking forum. The RAT can be used to steal data from infected devices, but also to allow attackers to connect via VNC or SSH to infected hosts.


https://www.bleepingcomputer.com/new...for-mac-users/

----------


## Dragonfly

> Why don't you take your own advice, you fat queer troll.


that advice go for you too, love  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Why don't you take your own advice, you fat queer troll.
> 
> 
> that advice go for you too, love


Must have missed this bit:




> Don't worry about Buttplug, he's just a fat queer troll.
> 
> Anyone who takes advice from him is a fucking idiot.


I'll pass thanks, queer.

----------


## Dragonfly

> Originally Posted by Dragonfly
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by harrybarracuda
> ...


but you are a fucking idiot, regardless, so you might as well take it  :Smile: 

can you write a single line of code, like "hello world" in C or even VBA you worthless fraud ?  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by Dragonfly
> ...


Which bit of "fuck off you fat queer troll" are you struggling with?

----------


## Dragonfly

> Which bit of "fuck off you fat queer troll" are you struggling with?


Yes I love you too Harry  :Smile:

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Which bit of "fuck off you fat queer troll" are you struggling with?
> 
> 
> Yes I love you too Harry


Really, I just think you're a fat queer troll. You should fuck off.

----------


## harrybarracuda

It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.

On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.

Link here:

https://ransomfree.cybereason.com/download/

----------


## crackerjack101

> It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.
> 
> On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.
> 
> Link here:
> 
> https://ransomfree.cybereason.com/download/


I've read that this consumes a great deal of memory and stuff. 
You know all that energetic stuff that makes these electric computers work.
Is that the case?

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> It's worth mentioning that there have been at least four new variants detected since WCrypt 1.0.
> 
> On the off chance of there being one that uses a different exploit, a quick reminder that CyberReason have a free tool that uses file honeypot monitoring to detect and block Ransomware attacks.
> 
> Link here:
> 
> ...


If it is, I haven't noticed it.

The service uses 40-50Mb of RAM, a small amount of Disk i/o and blips at <1% CPU.

Hardly a hog considering what it's saving you from.

Where did you read that? Was it an early release? It's now in version 2.2.7.0.

----------


## crackerjack101

> Originally Posted by crackerjack101
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by harrybarracuda
> ...


I just googled it and there were a few comments but it's worth noting that there were more comments in favour.
Anyway I've downloaded it and I thank you for the tip.

Cheers

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by crackerjack101
> ...


You can always uninstall if you get different results to me.

BTW if you get a red exclamation mark on the icon in the system tray, that simply means it requires a reboot. It does that after upgrade, I'm not sure about installation.

----------


## crackerjack101

> Originally Posted by crackerjack101
> 
> 
> 
> 
> 
> 
> 
>  Originally Posted by harrybarracuda
> ...


OK Cheers.

----------


## Dragonfly

fuck, it doesn't work on XP

Harry where is the download link for the XP version ?

----------


## harrybarracuda

> fuck, it doesn't work on XP
> 
> Harry where is the download link for the XP version ?


Sorry, this thread is in English, so you'll have to get a dictionary and scroll up.

----------


## harrybarracuda

Ooops.

----------


## crackerjack101

> Ooops.


Yes, I laughed at that. It happened around the time they were saying LOS wasn't affected. LMFAO

----------


## Dragonfly

I wonder if the BTS would be affected, with all those ads screen in the station, they all run on Vista or Win7

----------


## harrybarracuda

You have to wonder if Wikileaks actually want Assuange in jail...




> WikiLeaks posts user guides for CIA malware implants Assassin and AfterMidnight
> WikiLeaks released user guides for CIA malware implants Assassin and AfterMidnight which target Windows PCs.
> Credit: Michael Kan
> 
> The latest WikiLeaks release of CIA malware documentation was overshadowed by the WannaCry ransomware attack sweeping across the world on Friday.
> 
> WikiLeaks maintains that “Assassin” and “AfterMidnight” are two CIA “remote control and subversion malware systems” which target Windows. Both were created to spy on targets, send collected data back to the CIA and perform tasks specified by the CIA. Both are persistent and can be scheduled to autonomously uninstall on a specific date and time.
> 
> The leaked documents pertaining to the CIA malware frameworks included 2014 user’s guides for AfterMidnight, AlphaGremlin – an addon to AfterMidnight – and Assassin. When reading those, you learn about Gremlins, Octopus, The Gibson and other CIA-created systems and payloads.
> ...


WikiLeaks posts user guides for CIA malware implants Assassin and AfterMidnight | Computerworld

----------


## harrybarracuda

Shame they couldn't nick something decent...




> In a report from The Hollywood Reporter and Deadline, Iger confirmed that an upcoming movie from Disney has been stolen by hackers who are seeking a huge payout to not release the movie. Unsurprisingly Disney has no interest in dealing or giving in to the hackers and according to Iger, the company has no plans to pay them and are working with the FBI to sort it out.
> It was not revealed what movie the hackers might have stolen, but Deadline claims to have heard from their sources that the movie in question is the latest title in the Pirates of the Caribbean franchise. The hackers are saying that they will release bits of the movie should their demands not be met, so presumably unless the FBI can get the movie back in time, we should have confirmation pretty soon.



A Disney Movie Is Reportedly Being Held Hostage By Hackers | Ubergizmo

----------


## harrybarracuda

Nice bit of diversion then?




> On Friday, May 12, attackers spread a massive ransomware attack worldwide using the EternalBlue exploit to rapidly propagate the malware over corporate LANs and wireless networks. EternalBlue, originally exposed on April 14 as part of the Shadow Brokers dump of NSA hacking tools, leverages a vulnerability (MS17-010) in Microsoft Server Message Block (SMB) on TCP port 445 to discover vulnerable computers on a network and laterally spread malicious payloads of the attacker’s choice. This particular attack also appeared to use an NSA backdoor called DoublePulsar to actually install the ransomware known as WannaCry.
> 
> Over the subsequent weekend, however, we discovered another very large-scale attack using both EternalBlue and DoublePulsar to install the cryptocurrency miner Adylkuzz. Initial statistics suggest that this attack may be larger in scale than WannaCry: because this attack shuts down SMB networking to prevent further infections with other malware (including the WannaCry worm) via that same vulnerability, it may have in fact limited the spread of last week’s WannaCry infection.
> 
> Symptoms of this attack include loss of access to shared Windows resources and degradation of PC and server performance. Several large organizations reported network issues this morning that were originally attributed to the WannaCry campaign. However, because of the lack of ransom notices, we now believe that these problems might be associated with Adylkuzz activity. However, it should be noted that the Adylkuzz campaign significantly predates the WannaCry attack, beginning at least on May 2 and possibly as early as April 24. This attack is ongoing and, while less flashy than WannaCry, is nonetheless quite large and potentially quite disruptive.
> 
> In the course of researching the WannaCry campaign, we exposed a lab machine vulnerable to the EternalBlue attack. While we expected to see WannaCry, the lab machine was actually infected with an unexpected and less noisy guest: the cryptocurrency miner Adylkuzz. We repeated the operation several times with the same result: *within 20 minutes of exposing a vulnerable machine to the open web, it was enrolled in an Adylkuzz mining botnet.*


https://www.proofpoint.com/us/threat...e-doublepulsar

----------


## harrybarracuda

UK Schedule 7 – Man Charged For Not Sharing Password

May 19, 2017

Finally UK Schedule 7 of the Terrorism Act 2000 is finally being enacted and is no longer an idle threat, so be aware it’s not only the USA that has these kind of draconian laws.

A man who refused to share his phone and laptop passwords has been charged under Schedule 7, which is pretty shitty.

British police have charged a man under antiterror laws after he refused to hand over his phone and laptop passwords.

Muhammad Rabbani, international director of CAGE, was arrested at Heathrow in November after declining to unlock his devices, claiming they contained confidential testimony describing torture in Afghanistan as well as information on high-ranking officials. CAGE positions itself as a non-profit organization that represents and supports families affected by the West’s TWAT (aka The War On Terror).

On Wednesday this week, he was charged under Schedule 7 of the Terrorism Act 2000: specifically, he is accused of obstructing or hampering an investigation by refusing to cough up his login details.

“On 20 November 2016, at Heathrow Airport, he did willfully obstruct, or sought to frustrate, an examination or search under Schedule 7 of the Terrorism Act 2000, contrary to paragraph 18(1)(c) of that Schedule,” London’s Metropolitan Police alleged. “He is due to appear in Westminster Magistrates’ Court on 20 June.”

Rabbani apparently committed the offense last November and was protecting some pretty heavy evidence it seems and he also been stopped under Schedule 7 many times.

This time it’s going to court and three months jail time is no joke.

If found guilty, Rabbani could face up to three months in prison and a fine of £2,500 (US$3,242). He has said he will fight the case and is hopeful of winning. He claims he has been stopped under Schedule 7 about 20 times and has always refused to hand over his passwords. However, it appears that the Met is now ready to test this case in court, so formal charges have been brought.

Schedule 7 was controversial when it was first introduced by the Blair administration. Back then it was claimed by the Labour government that it would be used only in extreme terrorism cases, but since then has been used plenty of times – most notably to hold the partner of Glenn Greenwald over the leaking of the Snowden archives.

What makes Schedule 7 rather tricksy is that no evidence is required to pull someone over for questioning under the law. Usually, Brit officers must have at least reasonable suspicion of a crime before collaring a suspect, but under these antiterror rules, they can hold and quiz people for up to nine hours with no evidence at all.

To be fair Cage does have a bit of a dodgy reputation for being terrorism apologists, so he does fit a certain profile that would explain the 20+ Schedule 7 stops.

And if he’s really carrying such sensitive data in the open on his laptop and phone he’s a bit of a n00b ain’t he?

https://www.darknet.org.uk/2017/05/u...ring-password/

----------


## harrybarracuda

The CIA has lots of ways to hack your router

New WikiLeaks docs reveal how spies rewrote firmware in the supply chain
by Russell Brandom@russellbrandom  Jun 15, 2017, 5:20pm EDT

Routers sit at the front gate of nearly every network, offering total access and few security measures to prevent remote attacks. If you can compromise someone’s router, you’ve got a window into everything they’re doing online.

According to new documents published by WikiLeaks, the CIA has been building and maintaining a host of tools to do just that. This morning, the group published new documents describing a program called Cherry Blossom, which uses a modified version of a given router’s firmware to turn it into a surveillance tool. Once in place, Cherry Blossom lets a remote agent monitor the target’s internet traffic, scan for useful information like passwords, and even redirect the target to a desired website.

The document is part of a series of publications on CIA hacking tools, including previous modules targeting Apple products and Samsung Smart TVs. As with previous publications, the document dates to 2012, and it’s unclear how the programs have developed in the five years since.

The manual describes different versions of Cherry Blossom, each tailored to a specific brand and model of router. The pace of hardware upgrades seems to have made it arduous to support each model of router, but the document shows the most popular routers were accessible to Cherry Blossom.

“As of August 2012,” the manual reads, “CB-implanted firmwares can be built for roughly 25 different devices from 10 different manufacturers, including Asus, Belkin, Buffalo, Dell, DLink, Linksys, Motorola, Netgear, Senao, and US Robotics.”

The manual also goes into detail on how CIA agents would typically install the modified firmware on a given device. “In typical operation,” another passage reads, “a wireless device of interest is implanted with Cherry Blossom firmware, either using the Claymore tool or via a supply chain operation.” The “supply-chain operation” likely refers to intercepting the device somewhere between the factory and the user, a common tactic in espionage operations. No public documents are available on the “Claymore tool” mentioned in the passage.

It’s unclear how widely the implant was used, although the manual generally refers to use against specific targets, rather than for mass surveillance. There’s also reason to believe the NSA was employing similar tactics. In 2015, The Intercept published documents obtained by Edward Snowden that detailed efforts by the UK’s GCHQ to exploit vulnerabilities in 13 models of Juniper firewalls.

https://www.theverge.com/2017/6/15/1...linksys-belkin

----------


## harrybarracuda

I think the phrase "about bloody time" springs to mind...




> Windows 10 Insider Preview Build 16232 set to fight ransomware
> July 1, 2017 by Nancy Owano
> 
> (Tech Xplore)—Something called the Windows 10 Insider Build is offering a peek at what is in store, and the message is clear that Microsoft is fighting the good fight against malware havoc.
> The new Windows 10 Inside Preview was released to some Insiders on Wednesday; reports are out about what new features Microsoft has in mind.
> With all the recent spotlights on ransomware, it comes as no surprise that, for Insider Preview 16232, most of the new features are aimed at improving security.
> Windows Insiders can try out Preview Build 16232, which brings a new 'Controlled Folder Access' feature to the OS, designed to protect your files from ransomware, said TrustedReviews.
> Essentially, Windows 10 is fighting ransomware by locking up your data. Windows Latest wrote Friday that "Users could soon hide important files from ransomware soon in Windows 10." Hot Hardware said, Windows 10 Fall Creators Update neutralizes ransomware with controlled folders.
> Just what is Controlled Folders—as this seems to be the main talking point about the preview.
> ...


https://techxplore.com/news/2017-07-...ansomware.html

----------


## harrybarracuda

WikiLeaks Reveals CIA Malware That Can Locate a Windows User in Seconds
CIA developed the malware in 2013, WikiLeaks says
Jun 30, 2017 14:15 GMT  ·  By Bogdan Popa 	 ·  Share:      

A new WikiLeaks dump reveals a new form of malware that the CIA has been using since 2013 against Windows computers, this time not to compromise systems, but to determine the location of users in a matter of seconds.

The tool is called ELSA and it was primarily developed for Windows 7, but it can arguably be used against any version of Windows, including Windows 10, though in this case some additional tweaks need to be made because of the security improvements included by Microsoft.

What ELSA does is infect Wi-Fi capable networks and then use the wireless module to look for public Wi-Fi points that are available in the range.

The malware logs the MAC address of each network and then checks for information in public databases that are maintained by Microsoft and Google. These databases are primarily used for providing users with easy access to the Internet on a number of devices, though the CIA appears to have found a different purpose for them.

Windows users exposed
Once the location of the public Wi-Fi is determined, the malware analysis the strength of the user’s signal, then calculating the possible coordinates of the user. The information is encrypted and sent to the FBI, where it’s stored on a server until an agent can extract it and save it in specific files.

What’s important to know is that ELSA requires the CIA to already be in control of the system, but that shouldn’t be a problem given the fact that the agency reportedly has other forms of malware that can exploit unknown vulnerabilities in Windows.

So since the CIA already has full control of a Windows system, determining the location isn’t really the worst thing that can happen, as the agency can also steal files, spy on users, and do pretty much they want on the computer.

Just like it happened in the past, there’s a chance that ELSA leaks at some point and becomes available to hackers, once again exposing Windows users to additional threats. We’ve reached out to Microsoft to find out more about how they plan to tackle the vulnerability and if a patch is on its way, and we’ll update the article when an answer is provided.

WikiLeaks Reveals CIA Malware That Can Locate a Windows User in Seconds

----------


## Dragonfly

WinXP is safe, once more  :Smile:

----------


## harrybarracuda

> WinXP is safe, once more


You keep telling yourself that Buttplug.

When the blackmail demands arrive, try to resist the temptation to top yourself long enough to tell us about it here, so we can have a fucking good laugh.

----------


## Dragonfly

I thought you got hit last week with that nasty ransomware, Middle East was quite affected, as usual  :rofl: 

if they didn't hire Indians and expat fools obsessed over money, maybe their network and application bus would be better secured  :Smile:

----------


## harrybarracuda

> I thought you got hit last week with that nasty ransomware, Middle East was quite affected, as usual


What in the Middle East was affected?

Oh, you're just making up shit again as usual.

You stupid fat queer troll.

----------


## harrybarracuda

Russia, China vow to kill off VPNs, Tor browser
New laws needed because today's censorship not good enough, apparently
By Kieren McCarthy in San Francisco 11 Jul 2017 at 18:23

Russia and China are banning the use of virtual private networks, as their governments assert ever greater control over what citizens can see online.

In Russia, the State Duma – the lower house of the Federal Assembly of Russia (legislature) – unanimously adopted the first reading of new legislation that would ban the use of VPNs as well as online anonymizers like the Tor browser if they don't block access to a government-run list of websites.

That list of websites will include any sites that provide software that can circumvent censorship. And, most insidiously, the law will require search engines to remove references to blocked websites so citizens don't know what it is they are not allowed to see.

The legislation was approved in record time after the director of the FSB intelligence agency, Alexander Bortnikov, gave an hour-long talk to Duma deputies in a closed meeting, in which he said how important it was that the law was passed and passed quickly. Attendees were told not to report that the meeting even took place, apparently.

In a note explaining the law, Duma deputies argue that the law is necessary because the existing censorship apparatus in place is "not effective enough."

A second law that also passed its first reading this month will require mobile phone operators to:

Identify specific users
Block messages if requested to do so by the state
Allow the authorities to send their own messages to all users
Any companies that fail to comply with the rules can be fined up to one million rubles ($16,500).

Far East
Meanwhile, China has started enforcing its rules, approved in January, that do pretty much the same thing.

The Chinese government requires all VPN services to apply for a license, and as part of the license requirements, they are expected to block access to websites and services the Chinese government doesn't approve of.

Now the government has "requested" that the country's three mobile operators block the use of VPN apps on their networks, and have set a hard deadline of February 1 next year. Chinese users in their millions use VPNs as a way of bypassing widespread online censorship that blocks services such as Facebook and Twitter as well as many Western news websites.

The Ministry of Industry and Information Technology said back in January that the VPN and cloud computing market was undergoing "disorderly development," and as such there was an "urgent need for regulation norms."

That followed a largely ineffective effort to kill off VPNs back in 2015. But this time the government seems more determined to enforce censorship.

Earlier this month two VPN services – Green VPN and Haibei VPN – said they were shutting down their services in mainland China, having received a "notice from regulatory departments."

The government also recently passed new rules that will censor information that does not reflect "core socialist values" – in effect banning discussion on topics such as drugs and homosexuality. Previously, Chinese internet users had grown used to a censored version of the internet built largely around protecting the ruling party by limiting political debate.

It's unclear whether the same rules will apply to the political elite, however. The architect of China's Great Firewall himself used one publicly in a presentation last year when he found himself blocked by his own creation. ®

https://www.theregister.co.uk/2017/0...s_tor_browser/

----------


## Dragonfly

I think the NSA beat them to it,

----------


## harrybarracuda

> I think the NSA beat them to it,


That's because you're a stupid fat fag troll and you didn't understand the article because you have the English comprehension skills  of a 4 year old Afghani asylum seeker.

----------


## Latindancer

Oh dear...Cujo will be reduced to reading TV forum only  :rofl:

----------


## harrybarracuda

> Oh dear...Cujo will be reduced to reading TV forum only


Is he in China or Russia?

----------


## Latindancer

He's in China...did you miss his thread about the city he lives in ?

----------


## Cujo

They seem to be focusing on Chinese based VPNs, at least for the time being. Mine is a Romanian one. I seem to be alright for the time being.

----------


## baldrick

get a torrent seedbox - they come with a VPN server also - the chin govt will just think you are torrenting p0rn

https://yourseedbox.com/#shared

you can pay with BTC

----------


## bsnub

> get a torrent seedbox


This is the one I use. It is really good as you can set it up to stream torrents directly off it.

bytesized-hosting.com

Reasonable price too.

----------


## harrybarracuda

> He's in China...did you miss his thread about the city he lives in ?


Take a wild guess.

----------


## Latindancer

Well, I had a look at threads started by him and can't find it. If you want to see it you'll have to ask doggy-breath himself.

----------


## harrybarracuda

*Watch out for this money stealing macOS malware which mimics your online bank*

OSX Dok now attempts to steal money from Apple Mac users -- and could be being prepared for use in further attacks.
 Danny Palmer
By Danny Palmer | July 14, 2017 -- 10:58 GMT (11:58 BST) | Topic: Security

A recently discovered strain of Apple Mac malware has begun mimicking major banking websites in an effort to steal login details from victims.

First uncovered in May, OSX.Dok affected all versions of Apple's older OS X operating system and was initially used to spy on victims' web traffic.

The malware was later modified to infect macOS users, and its latest variant has been updated to steal money and financial credentials, say researchers at Check Point.

This new Dok campaign is distributed via phishing emails relating to financial or tax matters, with the payload deployed via a malicious ZIP file that victims are urged to run. This latest attack specifically targets macOS users, with the malware partnered with a man in the middle attack that enables the perpetrators to spy on all victim communications, even if they're SSL encrypted.

Dok appears to be highly sophisticated malware, shown by mutations in its code that make it more difficult to detect and remove -- especially as Dok modifies the OS' settings in order to disable security updates and prevent some Apple services from communicating.

Once installed on a system, Dok downloads TOR for the purposes of communication with a command and control server over the dark web, which helps to geolocate the victim and customise the attack according to location -- with evidence suggesting the malware mainly targets users in Europe.

A proxy file is served to the victim depending on their location, with the aim of redirecting traffic to bank domains to a fake site hosted on the attacker's C&C server, which harvests login credentials and allows the attacker to carry out bank transactions.

For example, a proxy setting for a Swiss IP address contains instructions for redirecting the victims' attempts to visit banking websites local to the country, including Credit Suisse, Globalance Bank, and CBH Bank.

After entering their login details, the user is prompted to provide their mobile number for supposed SMS verification. Obviously, this isn't what the phone number is for; instead the attackers use it to prompt the victim into downloading a mobile application -- as well as Signal, a legitimate messaging app.

It's likely Signal is installed in order to allow the attacker to communicate with the victim at a later stage or to commit additional malicious or fraudulent activities, such as installing malware onto the mobile device. Whatever the intentions of using Signal are, researchers note that its use will "make it harder for law enforcement to trace the attacker".

While the identity and location of those behind Dok is unknown, researchers note that the Apple malware is a version of the Retefe banking Trojan, which has been ported from Windows. Retefe has also been known to predominately target European banks.

Whoever is behind OSX.Dok, Check Point warns the malware is still on the loose and will be a threat for some time to come, especially if the attackers continue to invest in advanced obfuscation techniques.

Macs long had a reputation for being virus-free, but cybercriminals are increasingly turning their attention to Apple systems and distributing malware to users.

Watch out for this money stealing macOS malware which mimics your online bank | ZDNet

----------


## Latindancer

Harry : I just found the thread in which Cujo shows his city.https://teakdoor.com/china-korea-japa...hbourhood.html

----------


## harrybarracuda

> Harry : I just found the thread in which Cujo shows his city.https://teakdoor.com/china-korea-japa...hbourhood.html


Thrilling stuff.

----------


## harrybarracuda

FBI Warns About Security Risks From IoT-Connected Toys in Your Home
By: Wayne Rash | July 19, 2017

The idea that a toy presents a real security threat first came to national attention back in 1998, when a small robot disguised as a fanciful animal was banned by the National Security Agency.

This critter was known as a Furby. The Furby appeared to learn English by listening to words spoken around it and using those words to begin speaking. The government was concerned that the Furby might hear classified information and then repeat it.

While there was some debate as to whether the Furby could actually record English words, it’s since been replaced by a series of smart toys that can most assuredly listen to the conversations around them and also watch the activity around them using cameras.

Those toys, many of which seem to be intelligent dolls or other companions, connect to the internet using WiFi or through a smartphone using Bluetooth. As long as those devices are connected to the internet, there’s no way to know what they’re recording or what information is being sent back to a server somewhere on the internet.

This possibility so alarmed the FBI that the agency issued an urgent announcement on July 17 describing the vulnerability and explaining steps to take to keep the devices from being too much of a threat.

The FBI is particularly concerned because young children will tell their toys all sorts of private information, thinking they’re speaking in confidence. Such supposedly private revelations could risk the child’s safety, not to mention the safety of the entire family.

But the risks from connected devices in the home go far beyond just intelligent companions. A new presentation set for the Black Hat USA conference on July 26 covers security vulnerabilities in Segway hoverboards, which can be taken over by hijacking their Bluetooth connection. Researchers were able to control the overboard remotely and even turn it off while someone was riding it. Additional exploits included the ability to load the hoverboard with malware.

Both of these warnings demonstrate the common threat affecting IoT devices used in the home and in enterprises as well. After all, the NSA wasn’t worried about the Furby being used in the home, but rather when employees started bringing them into the office. That common threat is the lack of security in consumer IoT in general.

The Segway hoverboard was shipped with no real security, for example, even though there was a Bluetooth PIN. That PIN turned out to be cosmetic and did not prevent access. Since then, Segway has apparently instituted encryption on those devices.

The lack of security on those internet connected toys is so pervasive that the FBI provided detailed advice for taking steps that might help with security, such as using strong passwords. The most important piece of advice from the FBI, however, is to make sure the devices are turned off when they’re not actually being used, and when they are being used, to keep an eye on what’s happening through the app associated with the device.

While the FBI focuses on the risks to privacy through internet connected toys, there are actually risks that go beyond that. Because of the lack of security on such devices, it would be relatively easy to load malware that could take over cameras and microphones on internet connected toys. Once infected by malware, the connected toy could then be used for surveillance of the home or office where the toy is being used.

The resulting risk to privacy was enough, according to a report in Reuters, to cause the German government to ban the sales and ownership of a talking doll named Cayla. There the government recommended destroying the internet connected doll immediately.

It would be bad enough if those were the only IoT threats out there on the Internet, but they’re only the latest. There’s a search engine that allows users to find and view any of millions of unsecured IoT-connected video cameras world-wide. Those same video cameras were the repositories for malware that was later used in a massive Distributed Denial of Service attack last year.

Unfortunately, there’s little or no indication that there’s any serious effort on the part of device makers to secure their products. That means that it will pay big dividends to read the FBI’s list of recommendations for dealing with internet connected toys and follow them. Just because the IoT device you’re concerned about isn’t marketed as a toy doesn’t matter.

Likewise, when you read the FBI’s recommendations, remember that you can replace the word “children” with the word “employee” and the advice is still relevant. If you find that the device you’re planning to use can’t work within the FBI’s recommendations, then don’t use it.

Examples of the failings you might encounter when implemented to devices would be the inability to connect with encrypted WiFi, the inability to receive firmware or software updates or the inability to authenticate communications.

Regardless of whether the device is marketed as a toy or, a TV camera or as an industrial process controller, the risks are serious and it’s critical to pay attention to security.

FBI Warning About Toys Should Apply to All Web-Connected Devices

----------


## harrybarracuda

And a follow up on the doll.

German parents told to destroy doll that can spy on children
German watchdog classifies My Friend Cayla doll as ‘illegal espionage apparatus’ and says shops and owners could face fines



Germany’s telecommunications watchdog has ordered parents to destroy or disable a “smart doll” because the toy can be used to illegally spy on children.

The My Friend Cayla doll, which is manufactured by the US company Genesis Toys and distributed in Europe by Guildford-based Vivid Toy Group, allows children to access the internet via speech recognition software, and to control the toy via an app.

But Germany’s Federal Network Agency announced this week that it classified Cayla as an “illegal espionage apparatus”. As a result, retailers and owners could face fines if they continue to stock it or fail to permanently disable the doll’s wireless connection.

Under German law it is illegal to manufacture, sell or possess surveillance devices disguised as another object. According to some media reports, breaching that law can result in a jail term of up to two years.

The ruling comes after Stefan Hessel, a student at Saarbrücken University, raised concerns about the device, which was voted one of the top 10 toys of the year in 2014 by the German toy trade association.

*“Access to the doll is completely unsecured,” Hessel told Saarbrücker Zeitung. “There is no password to protect the connection.”*

The student said *hackers could access the doll via its bluetooth connection from a distance of up to 15 meters, listening in on conversations as well as speaking directly to the child playing with it.*

The German ruling could potentially have EU-wide consequences for toymakers. The EU’s commissioner for justice, consumers and gender equality, Vera Jourová, said: “I’m worried about the impact of connected dolls on children’s privacy and safety.”

While the monitoring and the enforcement of the data protection rules are the responsibility of the national data protection authorities, the national consumer authorities work together under the Consumer Protection Cooperation network.

The commission is organising a workshop bringing together the consumer authorities and the data protection authorities in March to further discuss the problem with smart toys and appliances.

Vivid Toy Group has not responded to a request for a comment on the German ruling. Previously the company has said examples of hacking were isolated and carried out by specialists, but it was looking into upgrading the app used along with the doll.

https://www.theguardian.com/world/20...py-on-children

----------


## Dragonfly

> The idea that a toy presents a real security threat first came to national attention back in 1998, when a small robot disguised as a fanciful animal was banned by the National Security Agency.  This critter was known as a Furby. The Furby appeared to learn English by listening to words spoken around it and using those words to begin speaking. The government was concerned that the Furby might hear classified information and then repeat it.


the NSA scared of furby, they really are a bunch of fuckig clueless idiots

in the meantime their network is being penetrated daily by everyone with a bit of skills (not you harry)

what's next ? finding Russians hiding inside those dolls  :Roll Eyes (Sarcastic):

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> The idea that a toy presents a real security threat first came to national attention back in 1998, when a small robot disguised as a fanciful animal was banned by the National Security Agency.  This critter was known as a Furby. The Furby appeared to learn English by listening to words spoken around it and using those words to begin speaking. The government was concerned that the Furby might hear classified information and then repeat it.
> 
> 
> the NSA scared of furby, they really are a bunch of fuckig clueless idiots
> 
> in the meantime their network is being penetrated daily by everyone with a bit of skills (not you harry)
> 
> what's next ? finding Russians hiding inside those dolls


Fuck off you fat queer troll.

----------


## harrybarracuda

Now there's a surprise....





> FTC Asked to Investigate Hotspot Shield VPN Privacy Risks
> By: Sean Michael Kerner | August 09, 2017
> 
> A Virtual Private Network (VPN) is a technology that is intended to help keep user information encrypted and private. According to a complaint filed by the Center of Democracy and Technology (CDT), AnchorFree's Hotspot Shield VPN is not properly securing its users and is unfairly sharing user information.
> 
> The CDT made its claims in a 13-page complaint filed with the U.S Federal Trade Commission (FTC) and alleges that AnchorFree is engaged in unfair and deceptive trade practices. AnchorFree denies the allegations.
> 
> "Among other concerns, the complaint details the ways in which Hotspot Shield's marketing claims around privacy and security directly contradict its actual practices and policies – the description of the Hotspot Shield app in Google’s Play Store announces, Your privacy and security are guaranteed!, while CDT’s investigation found the opposite," Michelle De Mooy, Director, Privacy and Data Project at CDT wrote in a blog post.
> 
> ...


AnchorFree Disputes Privacy Risk Claims Against Hotspot Shield VPN

----------


## Neo

*Hackers Steal Personal Information of 143 Million Americans in One Attack*
By Kate Conger on 08 Sep 2017 at 12:30PM

Equifax, one of the largest credit reporting agencies in the US, revealed today that it has suffered a massive data breach at the hand of hackers. The stolen data includes names, Social Security numbers, birthdates, and other personal information for 143 million Americans.

The data was accessed via a web application vulnerability, Equifax said in a statement. The company’s investigation found that hackers first accessed the data in mid-May of this year and maintained their access over the summer, ending on July 29. Equifax is working with a forensic firm to investigate the breach, and says its investigation is ongoing.

Credit card numbers belonging to roughly 209,000 consumers were also stolen, along with what Equifax calls “dispute documents with personal identifying information” for 182,000 more people.

“The company has found no evidence of unauthorised activity on Equifax’s core consumer or commercial credit reporting databases,” the company said in a statement.

Equifax says that data belonging to people in Canada and the United Kingdom may also have been accessed, and it is working with regulators in those countries to disclose the breach.

“This is clearly a disappointing event for our company, and one that strikes at the heart of who we are and what we do. I apologize to consumers and our business customers for the concern and frustration this causes,” Equifax CEO Richard F. Smith said in a statement.

Social Security numbers and other personal information can be used in identity theft schemes. Credit card numbers, of course, can be used to make fraudulent purchases. Equifax is offering identity theft protection and credit monitoring to affected consumers.

The Equifax breach affects many more people than the 2013 Target hack that exposed the financial information of more than 41 million customers. Target paid a $18.5 million settlement in response to lawsuits over the hack.

Hackers Steal Personal Information of 143 Million Americans in One Attack | Gizmodo UK

----------


## raycarey

two points on the above:

1.  equifax set up a webpage if you think your data was stolen....you need to give your last name and the last 6 digits of your social security number....and they don't actually tell you whether or not you're in jeopardy.    errr...no thanks.
http://www.marketwatch.com/story/aft...ted-2017-09-07

2.  after the breach was discovered (and before informing the public), executives unloaded a lot of stock...i'd guess some  of these people are going to need to lawyer up.
http://www.marketwatch.com/story/equ...lic-2017-09-07

----------


## Dragonfly

> The data was accessed via a web application vulnerability, Equifax said in a statement. The company’s investigation found that hackers first accessed the data in mid-May of this year and maintained their access over the summer, ending on July 29. Equifax is working with a forensic firm to investigate the breach, and says its investigation is ongoing.


this what happens when you let fuckwit Indians take over your IT infrastructure and webapp development.

Unfortunately this is quite common, there are tons of S&P 500 companies that have been infiltrated deeply and still are, and yet don't know it. They either couldn't care less or simply too incompetent to do anything about it.

----------


## jabir

> two points on the above:
> 
> 1.  equifax set up a webpage if you think your data was stolen....you need to give your last name and the last 6 digits of your social security number....and they don't actually tell you whether or not you're in jeopardy.    errr...no thanks.
> After huge data breach, Equifax not telling all customers whether they are affected - MarketWatch
> 
> 2.  after the breach was discovered (and before informing the public), executives unloaded a lot of stock...i'd guess some  of these people are going to need to lawyer up.
> Equifax executives sold stock after data breach, before informing public - MarketWatch


These sites are ultra secure, they don't even ask for mother's maiden name or secret password.

----------


## Grampa

> 2. * after* the breach was discovered (and before informing the public), executives unloaded a lot of stock...i'd guess some  of these people are going to need to lawyer up.


Yes, and reports say the execs unloaded their stock holdings _before_ the news was released to the public.

----------


## harrybarracuda

> Originally Posted by raycarey
> 
> 
> 2. * after* the breach was discovered (and before informing the public), executives unloaded a lot of stock...i'd guess some  of these people are going to need to lawyer up.
> 
> 
> Yes, and reports say the execs unloaded their stock holdings _before_ the news was released to the public.


They claim they didn't know.

 :Smile: 

Fucking hell, they are asking you to "enroll" to find out if you're impacted.

Yeah, right.

 :smiley laughing:

----------


## raycarey

> Fucking hell, they are asking you to "enroll" to find out if you're impacted.



it gets worse....if you enroll, you have to put a check mark next to a lot of small print.....part of that small print states that you waive any rights to join a class action suit against equifax.

----------


## harrybarracuda

> Originally Posted by harrybarracuda
> 
> Fucking hell, they are asking you to "enroll" to find out if you're impacted.
> 
> 
> 
> it gets worse....if you enroll, you have to put a check mark next to a lot of small print.....part of that small print states that you waive any rights to join a class action suit against equifax.


You have to admire the lawyers that put that one together so quickly.

Lots of people will be ticking away in their haste to find out if Equifax have fucked them over.

One hopes there is a massive fine coming their way.

----------


## David48atTD

I'm not a computer sort of guy, but I read this ...

BlueBorne: Bluetooth bug could expose billions of devices to attack, cyber experts warn

Internet security experts are urging people to update  their software to protect against a serious vulnerability, 
which if  exploited could spread uncontrollably via the common wireless technology  bluetooth.

The so-called 'BlueBorne vulnerability' could allow  hackers to spread from device to device over bluetooth without the  owner's knowledge.
Ty Miller, managing director of international  cyber security firm Threat Intelligence, said this could be one of the  most dangerous security flaws that has come out to date.

The  vulnerability is considered serious, as the researchers who found it say  an exploit could spread without people clicking on a link or being on  the internet.

The guts of the story is here

----------


## harrybarracuda

Microsoft fixed it on Tuesday.

The rest are playing catch up.

I bet Buttplug won't be happy about that.

 :Smile:

----------


## harrybarracuda

It's the sort of thing I could imagine happening if you let Buttplug run your computers.

 :smiley laughing: 




> As we close in on a week since Equifax announced the massive hack that could potentially have exposed the financial information of 143 million consumers in the U.S., we have been left with many questions. How could a firm entrusted with our most sensitive financial data allow this to happen? Well, security researcher, Brian Krebs (who broke the Target breach story in 2014), reports today that the company _still_ has some shocking vulnerabilities on its website in Argentina.
> According to information supplied to Krebs by security researcher Alex Holden of Hold Security, the company is still leaving user data vulnerable to attacks. This firm began researching Equifax sites in South America and found almost immediately that it was simple, pimple to get into an employee portal that had been designed for Equifax Argentina employees to manage credit disputes in the country. Unbelievably, it was protected with the *user name admin and the password admin.* It obviously didnt take a hacking genius to get inside.

----------


## harrybarracuda

You can't explain shit like this to the likes of Buttplug, because he's too stupid, but essentially Equifax got hit because they didn't do their updates.

Apache released a patch for a serious vulnerability - which was being exploited in the wild - in Mid-March; they hadn't bothered applying it.  _Som num na_.




> "Equifax has been intensely investigating the scope of the intrusion with the assistance of a leading, independent cybersecurity firm to determine what information was accessed and who has been impacted," company officials wrote in an update posted online. "We know that criminals exploited a US website application vulnerability. The vulnerability was Apache Struts CVE-2017-5638. We continue to work with law enforcement as part of our criminal investigation, and have shared indicators of compromise with law enforcement."




https://arstechnica.com/information-...month-old-bug/

----------


## Dragonfly

sounds like they were managed by Indians, something you seem to know about Harry  :Smile: 

I wonder if they were using one of your legendary password managers to store all their login info  :rofl:

----------


## baldrick

make some more sh1t up butterfly , it makes you look like you know what you are talking about




> Dave Webb - 
> chief information officer for Equifax, where he is responsible for leading a global team of IT professionals in delivering the technology strategy as well as support for the company's innovative solutions.


Corporate Leadership | About Us | Equifax

----------


## harrybarracuda

> sounds like they were managed by Indians, something you seem to know about Harry 
> 
> I wonder if they were using one of your legendary password managers to store all their login info


Of course not Buttplug, they were doing the same as you do, can't you read?

Username Admin Password Admin.

 :bananaman:

----------


## Dragonfly

> Of course not Buttplug, they were doing the same as you do, can't you read?
> 
> Username Admin Password Admin.


ah again you are wrong, harry

I always use "password" for my admin passwords  :Smile:

----------


## Dragonfly

> make some more sh1t up butterfly , it makes you look like you know what you are talking about
> 
> 
> 
> Corporate Leadership | About Us | Equifax



you don't know how these things work, Mr Plumber

Their CTO is simply a buyer, he is buying all those IT services from Indian providers like INFOSYS

but you wouldn't know that since you are a clueless little amateur  :Smile:

----------


## baldrick

> he is buying all those IT services from Indian providers like INFOSYS


and a simple google search shows where their data centres are located

and guess what - https://www.glassdoor.com/Jobs/Equif..._IC1155641.htm

buttplug is shown to be a sh1tspeaking idiot ...again ... and again ... and again

----------


## Dragonfly

> and a simple google search shows where their data centres are located
> 
> and guess what - https://www.glassdoor.com/Jobs/Equif..._IC1155641.htm
> 
> buttplug is shown to be a sh1tspeaking idiot ...again ... and again ... and again


god, you are just too easy to expose as ignorant

2 job posts to prove your point ? how more stupid do you need to be ?

if you had any experience in the real world, you would know that all S&P 500 companies and MidCap companies are outsourcing their IT services to INFOSYS and their like

their datacenter can be in the US or fuck knows, they can still be operated by Indians or INFOSYS you dumbo

god, you and harry you quite make the pair of Indian call center boys

----------


## harrybarracuda

> and a simple google search shows where their data centres are located
> 
> and guess what - https://www.glassdoor.com/Jobs/Equif..._IC1155641.htm
> 
> buttplug is shown to be a sh1tspeaking idiot ...again ... and again ... and again


He's not very bright you know.

----------


## Dragonfly

Harry tell Pumber boy how many Indians you are managing in your ITS  :Smile:

----------


## harrybarracuda

What is an "ITS"?

Is this some new word you made up because you don't know what the fuck you're on about?

----------


## baldrick

> if you had any experience in the real world, you would know that all S&P 500 companies and MidCap companies are outsourcing their IT services to INFOSYS and their like





> What is an "ITS"?


Indian typing services - buttplug relates data entry with IT services management

----------


## Dragonfly

dumber and dumber trying to figure out basic corporate lingo  :rofl:

----------


## harrybarracuda

> Indian typing services - buttplug relates data entry with IT services management


Cool, Buttplug has found a job as a data entry clerk.

 :bananaman:

----------


## Dragonfly

ok, dumbo, try to guess ITS stands for in most large IT corporate department

oh wait you are working for filthy arabs in the desert, probably a sovereign fund thing, full of clueless lazy IT tards looking for a recycled career  :Smile:

----------


## harrybarracuda

> ok, dumbo, try to guess ITS stands for in most large IT corporate department
> 
> oh wait you are working for filthy arabs in the desert, probably a sovereign fund thing, full of clueless lazy IT tards looking for a recycled career


I think the housewife who is your boss and told you to use these imaginary terms probably knows the same level of jack shit that you do.

----------


## Dragonfly

fuckwit indian don't know, as usual

like how to rename a WIFI connection in Win10  :rofl: 

regedit that bitch  :Smile:

----------


## harrybarracuda

Talking of Patching....

*Microsoft strangles critical vulnerabilities, including in-the-wild zero-day flaw. Patch now!*3 days ago
2 Min Read


Microsoft has once again released a batch of essential security updates for users of its software.
One of the flaws (CVE-2017-8759) addressed by Microsoft’s patches is a previously unknown vulnerability in the .Net framework. The zero-day vulnerability was being actively exploited in attacks which targeted Russian-speaking users with poisoned Word documents that served up a version of the FinFisher spyware.
FinFisher, also known as FinSpy or WingBird, is a family of controversial covert surveillance software which has often been linked to spying on political dissidents by intelligence agencies and repressive regimes around the world.
The makers of FinFisher claim that they sell their controversial software exclusively to government agencies for targeted criminal investigations, suggesting that the latest wave of attacks are the work of a hacking group assisted by a state actor.
The most recent attacks on Russian speakers have been tied to a hacking gang known as Neodymium, which in early May 2016 exploited a Flash Player zero-day vulnerability to infect targeted computers with FinFisher. Most of the victims of that attack were located in Turkey, although infections were also seen in Germany, the United Kingdom and the United States.
Also of note is that Microsoft has revealed it has pushed out a fix for the newly-announced BlueBorne exploits (CVE-2017-8628), which could allow an attacker to initiate a Bluetooth connection to a targeted device without the user’s knowledge, and open opportunities ofr man-in-the-middle (MITM) attacks
In its Patch Tuesday release, Microsoft addressed 81 new vulnerabilities – of which 27 have been given the highest rating of “critical”.
In addition, Microsoft is releasing an update to the version of Adobe Flash Player embedded in its Edge and Internet Explorer browsers. Affected software includes Edge, Hyper-V, Internet Explorer, Microsoft Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, and Windows Kernel Mode Drivers. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
Make sure to roll out Microsoft’s security updates to your vulnerable computers at the earliest opportunity to reduce the chances of a hacker successfully exploiting your devices.
Enterprise customers are recommended to test that the patches do not cause any problems during roll-out on a test set of PCs, before updating all of their PCs across the business.
https://hotforsecurity.bitdefender.c...6.html#new_tab

----------


## Dragonfly

maybe Microsoft should start thinking about leaving the OS and software business,

that fucking company had been patching hard all their software for the last 15 years,

getting worse and worse, above all when you hire Indians to write your code  :rofl:

----------


## harrybarracuda

> maybe Microsoft should start thinking about leaving the OS and software business,
> 
> that fucking company had been patching hard all their software for the last 15 years,
> 
> getting worse and worse, above all when you hire Indians to write your code


Don't worry Buttplug, you don't have to worry about patching your 486 running Microsoft Bob.

 :Smile:

----------


## Dragonfly

That 486 with Win95 is still working fine  :Smile: 

however, my iPod 4 with iOS 4.1 has stopped functioning, for some reasons, all those apps won't run without an update  :Razz: 

damn Apple !!!

Tab 10'' with Android 3.0 still working great though  :Smile:

----------


## baldrick

> That 486 with Win95 is still working fine


a 25Mhz processor and 1 meg of ram - or will you be trying to tell us you have a dx2 66 with 8 meg and with your mad bootskillz it comes out of dreaming mode in milliseconds

you are full of sh1t buttplg

----------


## Dragonfly

> a 25Mhz processor and 1 meg of ram - or will you be trying to tell us you have a dx2 66 with 8 meg and with your mad bootskillz it comes out of dreaming mode in milliseconds
> 
> you are full of sh1t buttplg


DX66 overclocked to 100Mhz with 4MB of RAM (why would you need more) and 512MB HDD

sorry not boot time in ms, why would you believe that it would be possible with Win95, dumbo ? 

another instance of your cluelessness  :Roll Eyes (Sarcastic):

----------


## baldrick

> sorry not boot time in ms, why would you believe that


obviously you booting into comphrension mode is just not possible





> of dreaming mode in milliseconds


is it the translation back into flemm^^cum guzzling^^ish where the error occurs ?

----------


## harrybarracuda

Cheeky c u n t s.

*



The Pirate Bay is secretly running a Bitcoin miner in the background, increasing your CPU usage

When it comes to the Pirate Bay, it's usually movie studios, music producers and software creators that get annoyed with the site -- you know, copyright and all that. But in an interesting twist it is now users who find themselves irked by -- and disappointed in -- the most famous torrent site in the world.
So what's happened? Out of the blue, the Pirate Bay has added a Javascript-powered Bitcoin miner to the site. Nestling in the code of the site is an embedded cryptocurrency miner from Coinhive. Users who have noticed an increase in resource usage on their computers as a result of this are not happy.

The issue is a very new one, with users only noticing a CPU spike starting later on in the day yesterday. Needless to say, the reaction has not been good -- even from the Pirate Bay's own moderators. Over on Reddit, there are complaints about "100% CPU on all 8 threads while visiting TPB," and there are also threads on the PirateBay Forum.
As noted by TorrentFreak, a quick delve into the HTML of the PirateBay reveals what's going on.
An administrator and "supermod" on the PirateBay Forum, Sid is far from impressed:
ffs [That's addressed to Winston not you lot.]
That really is serious, so hopefully we can get some action on it quickly. And perhaps get some attention for the uploading and commenting bugs while they're at it.He offers the following advice for anyone concerned about the latest addition:
Until it is fixed (and I would expect it to be fixed sooner rather than later) noscript will block it from running, as will disabling javascript.
Blocking/disabling javascript will compromise site functionality in several ways:
- scrolling back though pages of comments won't work
- posting comments won't be possible
- viewing the file list won't workThe website for the Javascript miner even recommends against doing what the Pirate Bay is doing -- that is, sneaking the miner in under the radar without telling anyone:
The Coinhive JavaScript Miner lets you embed a Monero miner directly into your website. The miner itself does not come with a UI -- it's your responsibility to tell your users what's going on and to provide stats on mined hashes.
While it's possible to run the miner without informing your users, we strongly advise against it. You know this. Long term goodwill of your users is much more important than any short term profits.Any thoughts on this?




https://betanews.com/2017/09/16/pirate-bay-secret-bitcoin-miner/?utm_source=feedburner&utm_medium=feed&utm_campaig  n=Feed+-+bn+-+BetaNews+Latest+News+Articles

*

----------


## harrybarracuda

If you are a Kodi user, take note:




> Kodi is quite possibly the best media center software of all time. If you are looking to watch videos or listen to music, the open source solution provides an excellent overall experience. Thanks to its support for "addons," it has the potential to become better all the time. You see, developers can easily add new functionality by writing an addon for the platform. And yes, some addons can be used for piracy, but not all of them are. These addons, such as Exodus and Covenant, are normally added using a repository, which hosts them.
> 
> 
> Unfortunately, there can apparently be security issues with repositories when they shut down. For example, when the metalkettle repo ended, the developer deleted its entry on GitHub. This in itself is not a cause for concern, but unfortunately, GitHub's allowance of project names to be recycled is. You see, someone re-registered the metalkettle name, making it possible for nefarious people to potentially serve up malware to Kodi users.
> 
> 
> The warning came from the metalkettle developer over on Twitter (who has since deleted his Twitter account too). As you can see below, he warns that devices with the repository installed could be in danger from a security standpoint. If a user was to search that repo, and the new owner of the GitHub name was to share malware, the user could assume it is safe and install it.
> 
> 
> ...


https://betanews.com/2017/09/15/kodi...r-metalkettle/

----------


## Dragonfly

I hate Github wankers who shutdown their account after contributing to their opensource code for some time,

it defeats the purpose of opensource longevity and reliability, 

fucking millennial wankers, don't think of the consequences of their actions

----------


## harrybarracuda

> I hate Github wankers who shutdown their account after contributing to their opensource code for some time,
> 
> it defeats the purpose of opensource longevity and reliability, 
> 
> fucking millennial wankers, don't think of the consequences of their actions


Alternatively perhaps the owners of Github are remiss for letting accounts get recycled.

----------


## harrybarracuda

If you're a CCLEANER user, you might want to update to the latest version and do a full antivirus scan.

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner.

----------


## David48atTD

^ Thanks

I've updated and done a full scan with both AVG and MalwareBytes and nothing was detected.

----------


## harrybarracuda

How fucking embarrassing for an AV company not to realise that they served up more than two million customers with malware!

----------


## Dragonfly

Avast has always been an amateurish company and a bunch of wankers

I can't believe how many fucking idiots download AV from Avast for free and think they are really safe  :rofl:

----------


## harrybarracuda

Another ransomware attack....Keep your eyes peeled for dodgy emails, do a Windows Update and update your antivirus.  ***






> A ransomware attack sweeping the globe right now is launching about 8,000 different versions of the virus script at Barracuda's customers, Eugene Weiss, lead platform architect at Barracuda, told Axios, and it's hitting at a steady rate of about 2 million attacks per hour.*Weiss' gut reaction on this hack:* "What's remarkable about this one is just the sheer volume of it."
> 
> Here's what you need to know on the latest:
> 
> 
> *Automated hacking:* "Nobody actually sat there and made 8,000 digital modifications," Weiss said. The way they do it is by using a kit that essentially automates code variations.*What to watch out for:* An incoming email spoofing the destination host, with a subject about "Herbalife" or a "copier" file delivery. Two of the latest variants Barracuda has detected include a paragraph about legalese to make it seem official, or a line about how a "payment is attached," which tricks you to click since, as Weiss puts it, "everyone wants a payment."*The hackers are using social engineering* to get people to click. That's increasingly becoming a trend, per Weiss. It's "less pure technical hacks" and instead using psychological tactics "get someone to click on something they shouldn't be."*If you remember one thing:* "Don't click the link that is absolutely the most essential thing."*The targets:* Email addresses at businesses or institutional groups in the U.S. or Canada.*It's likely not a nation-state* perpetrating the hack, since the hackers' motives are financial. Instead it's a small, sophisticated group of criminals. The attacks are originating in Vietnam for the most part, as well as India, Colombia, Turkey, Greece, and a few other countries.*The future of global hacks:* "At some point in the future you may see multilingual internationalized" hacks, Weiss said. In other words, they could be language-targeted. While the messages from these particular hackers are all in English so far, the virus programs are assessing the target computers' language settings.


https://www.axios.com/ransomware-hac...487583502.html

Cisco's Talos Intelligence Group Blog: New Ransomware Variant "Nyetya" Compromises Systems Worldwide

----------


## Dragonfly

fucking safe here with Win2000 server,

----------


## harrybarracuda

> fucking safe here with Win2000 server,


What a fucking moron, you can't even get it right when you're trying to be funny.

Stick to the "Getting fucked by ladyboys" thread buttplug, it's the only thing you're good at I reckon.

----------


## Dragonfly

hey Harry, didn't realize they had virus named after you  :Smile: 

but at the same time, you do act like one  :rofl:

----------


## harrybarracuda

Still ironing out the wrinkles, but it seems there is a recommendation to use mobile data to access sensitive sites rather than WPA2 Wifi, at least until it is fixed (if it ever is, depending on the vendor).

Alternatively, use a trusted VPN.






> An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.
> The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, Apple, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
> "This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."


https://arstechnica.com/information-...eavesdropping/


Added: This is not a remote attack, the attacker needs to be in range of the Wifi in question.

----------


## David48atTD

Wi-fi connections vulnerable to hackers after flaw discovered



*The US Department of Homeland Security has warned of cyber risks  associated with a widely-used system for 
securing wi-fi communications,  after Belgian researchers discovered a flaw that could allow hackers to  read 
information thought to be encrypted, or infect websites with  malware.*

*Key points:
*
Researchers say the flaw is likely to affect all devices that support wi-fiUS Homeland Security has recommended installing vendor updatesAn industry group thinks the issue can be easily patched 

 The alert from the DHS Computer Emergency Response Team said the flaw  could be used within range of wi-fi using the 
WPA2 protocol to hijack  private communications. 

It recommended installing vendor updates  on affected products, such as routers provided by Cisco Systems Inc or  Juniper Networks Inc.
Belgian Researchers Mathy Vanhoef and Frank  Piessens of Belgian university KU Leuven disclosed the bug in WPA2,  which 
secures modern wi-fi systems used by vendors for wireless  communications between mobile phones, laptops and other connected  
devices with Internet-connected routers or hot spots.
"If your device supports wi-fi, it is most likely affected," the researchers said.

They have set up a website to provide technical information about the flaw.

The site also details methods hackers might use to attack vulnerable devices.
Here

----------


## harrybarracuda

There is a list of affected products here. It is long, but not exhaustive!

https://www.kb.cert.org/vuls/byvendo...&SearchOrder=4

----------


## uncle junior

So we're should quit using wifi and use data....convenient for for somebody innit

----------


## baldrick

> There is a list of affected products here


I thought it was basically everything ?

if you have a vpn you will be ok as the data will be in an encrypted tunnel

----------


## harrybarracuda

> I thought it was basically everything ?


Which is why I actually said: "There is a list of affected products here. It is long, but not exhaustive!".




> if you have a vpn you will be ok as the data will be in an encrypted tunnel


Which is why I actually said: "Alternatively, use a trusted VPN".

Do try and keep up Baldrick.

----------


## baldrick

> Which is why I actually said: "There is a list of affected products here. It is long, but not exhaustive!".


which is why I said - basically everything - do you think people will go through the list to look for their devices ?

the next step is to walk people through how to update their wifi AP firmwares when they give us the model numbers

microsoft has pushed out a patch for peoples computers , which will cover most people here

their phones should have updates pushed to them and it is not hard to update

----------


## harrybarracuda

> which is why I said - basically everything - do you think people will go through the list to look for their devices ?


The ones that actually care will. The ones that don't, I couldn't give a shit.




> the next step is to walk people through how to update their wifi AP firmwares when they give us the model numbers


Of course, if they ask.




> microsoft has pushed out a patch for peoples computers , which will cover most people here


Actually it just did it as part of Patch Tuesday, but how many dim fuckers here are always saying "I don't need updates, blah blah blah". Fuck 'em.




> their phones should have updates pushed to them and it is not hard to update


Not for you and I, but remember we are catering to people like Buttplug.

 :Smile:

----------


## baldrick

I would say that most are not like butterfluffer




> we are catering to people like Buttplug.


yes - butterbums idea of an update is changing the condom on the indian ladyboy that is fcuking him

----------


## Dragonfly

I can see from your tech speech that you guys are low level IT personnel dealing with hardware and crappy security questions  :Smile: 

For the record, I have people to fix my WIFI routers, I do not need to do any update myself  :rofl: 

you boys should work for me, you would get free meals and an extra bowl of rice if you do well  :Smile:

----------


## harrybarracuda

> For the record, I have people to fix my WIFI routers


Yeah buttplug, having to take your ageing Dlink to Somchai's electronic shop does not count as "I have people to fix my wifi routers".

 :rofl:

----------


## Dragonfly

> Yeah buttplug, having to take your ageing Dlink to Somchai's electronic shop does not count as "I have people to fix my wifi routers".


I am a NetGear man myself, not Dlink, more like Baldrick type of hardware, if you get my drift  :Wink:

----------


## baldrick

> not Dlink


reminded me of the only d-link product I ever purchased - dwl-120



problem was there were not many APs around in 2002 on batam - but I was in singapore the next year working and staying at a hotel and I could reliably connect to open APs in the appartments around me - just chose the fastest via speedtest

----------


## Dragonfly

Dlink is so you, baldrick

why am I not surprised,

boys like Harry are into LINKSYS, real players go for CISCO and NETGEAR

----------


## harrybarracuda

> Dlink is so you, baldrick
> 
> why am I not surprised,
> 
> boys like Harry are into LINKSYS, real players go for CISCO and NETGEAR


FFS Buttplug, you're so 1990's.

 :rofl:

----------


## misskit

*New wave of cyber attacks hits Russia, Japan, other nations*

KIEV/MOSCOW--Cyber attacks using malware called "BadRabbit" hit Russia and other nations on Tuesday, affecting Russian Interfax news agency and causing flight delays at Ukraine's Odessa airport.


While no major outages were reported, the U.S. government issued a warning on the attack, which followed campaigns in May and June that used similar malware and resulted in what some economists estimated are billions of dollars in losses.


The attacks are disturbing because attackers quickly infected critical infrastructure, including transportation operators, indicating it was a "well-coordinated" campaign, said Robert Lipovsky, a researcher with cyber firm ESET.


More than half the victims were in Russia, followed by Ukraine, Bulgaria, Turkey and Japan, according to ESET.


The U.S. Department of Homeland Security issued a warning on the BadRabbit ransomware, a type of virus that locks up infected computers and asks victims to pay a ransom to restore access. It did not identify any U.S. victims but advised the public to refrain from paying ransoms and report any infections to the Federal Bureau of Investigation through the government's Internet Crime Complaint Center.


Ransomware infections have the potential to halt activity at targeted organizations. The May "WannaCry" ransomware shuttered hospitals, factories and other facilities around the globe for days.


Interfax, one of Russia's largest news agencies, said some of its services were hit by the attack but expected them to be back online by the end of Tuesday.


An Odessa airport spokesman said a few flights were delayed because workers had to process passenger data manually. Kiev's metro system reported a hack on its payment system but said trains were running normally.


Ukraine's cyber police chief said the country was "barely affected."


Russian cyber-security firm Kaspersky Lab said BadRabbit appeared to spread through a mechanism similar to June's destructive NotPetya virus, which took down many Ukrainian government agencies and businesses. It then spread across corporate networks of multinationals with operations or suppliers in eastern Europe.


Kaspersky said it was investigating to see whether BadRabbit was related to NotPetya.


Ukrainian banking services, which have been hit by previous attacks, were unaffected, according to the nation's central bank.


New wave of cyber attacks hits Russia, Japan, other nations?The Asahi Shimbun

----------


## harrybarracuda

Same as the last big one, so if you didn't fix Windows when you had the chance then _som num na_.

----------


## Dragonfly

> FFS Buttplug, you're so 1990's.


I bet you have Chinese routers, no wonder you have been hacked more often than the NSA and Hillary combined  :rofl:

----------


## harrybarracuda

> I bet you have Chinese routers, no wonder you have been hacked more often than the NSA and Hillary combined


Of course you do Buttplug.

But that's because you're an "IT Expert".

 :rofl:

----------


## baldrick

> LINKSYS, real players go for CISCO


cisco has owned linksys for nearly 10 years




> NETGEAR


bwahahahahahahahahahahahaha

----------


## Dragonfly

> Of course you do Buttplug.
> 
> But that's because you're an "IT Expert".


English is not your first language, or is your native Indian taking over ?

----------


## Dragonfly

> cisco has owned linksys for nearly 10 years
> 
> 
> 
> bwahahahahahahahahahahahaha


Says the DLINK man  :rofl:

----------


## harrybarracuda

> _ Originally Posted by Dragonfly 
> LINKSYS, real players go for CISCO
> 
> _


I would mock him further but you've used up the forum quota of MakingButtplugLookStupidAgain.

Bad Baldrick.

----------


## Dragonfly

with your Indian accent harry, that sounds hillarious

----------


## Dragonfly

> cisco has owned linksys for nearly 10 years


2 different brands for 2 different markets, dumbo

CISCO for enterprises, LINKSYS for basement boys like harry

----------


## harrybarracuda

> 2 different brands for 2 different markets, dumbo
> 
> CISCO for enterprises, LINKSYS for basement boys like harry


Oh look, this is Buttplug being the "IT Expert".

Or perhaps he just frantically googled the Cisco website.

 :rofl:

----------


## Dragonfly

jesus christ, you have been reading too many call center scripts harry  :rofl:

----------


## harrybarracuda

> jesus christ, you have been reading too many call center scripts harry


No Buttplug, just your hilariously witless posts. Comedy fucking gold they are.

 :bananaman:

----------


## harrybarracuda

Researchers at Princeton University have found that over 480 globally popular websites are keylogging data and sending it to third-party servers. Some of the most popular and heavy-trafficked websites in the world were found running third-party scripts called "session replay" scripts, that can track users' every letter typed and every click and more which in turn were sent to third-party servers across the globe.


The researchers' revelations indicate the invasive extent to which users' online activities are tracked. In the first instalment of a series titled "No Boundaries", researchers from Princeton's Center for Information Technology Policy (CITP), said even in instances where users have visited a site to fill an online form, but left it incomplete and abandoned it, every single letter typed is recorded.


The researchers studied seven of the most popular session replay firms - FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and the highly popular Russian search engine Yandex. The study's findings revealed that at least one of the firms' scripts is being used by 482 of the world's top 50,000 sites, according to Alexa's ranking.


*Click here* to check out the list of websites using session replay scripts.


What is session replay?


According to the researchers, "session replay" scripts are commonly used by companies to help them understand how their customers are using the firms' sites. However, instead of recording general statistics about users' behaviour, the scripts record and can also replay entire individual browsing sessions. The researchers say the scripts are often found on pages where users input their sensitive information, including passwords, credit card data and medical condition.


"These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers," the researchers said in a blog.


Motherboard reported that firms like Fullstory that provide such user-tracking software, also design tracking scripts that allow companies to connect a user's real identity with the data collected. This means, by using such software, companies can see a user linked to a specific name and/or email.


"Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording," the researchers added. "This may expose users to identity theft, online scams, and other unwanted behavior. The same is true for the collection of user inputs during checkout and registration processes."


Motherboard reported that the researchers are concerned about companies using session scripts being vulnerable to targeted hacks, especially given how hackers would likely consider them high- value targets. In case of Yandex, Smartlook and Hotjar, which run HTTP instead of the more secure and encrypted HTTPS pages, researchers believe hackers could launch a man-in-the-middle attack to "extract all of the recording data".


Fortunately, users can block session replay scripts using the popular ad-blocking tool AdBlock Plus. As a result of the revelations brought to light by the Princeton University researchers, AdBlock Plus issued an update to block all session replay scripts.

Your every keystroke is recorded by over 480 of the most popular websites in the world

----------


## Dragonfly

A very useful tech actually, a few tech startup in our investment portfolios are using those things

great tech, fuck the security warnings  :Smile:

----------


## baldrick

> great tech


for exploiting lusers - great idea to allow exfiltration of your personal data to third party companies

your investments skills , like your IT skills , will prove to you and everyone else  soon enough that this idea is sh1t that will be circumvented or sites using it will be ostrascised

proxy through archive.is , archive.li  archive.eu will not have any of this crap running on your machine - expect plugins to detect and bypass automatically soon

offsite javascript is always a total security hazard

----------


## harrybarracuda

> for exploiting lusers - great idea to allow exfiltration of your personal data to third party companies
> 
> your investments skills , like your IT skills , will prove to you and everyone else  soon enough that this idea is sh1t that will be circumvented or sites using it will be ostrascised
> 
> proxy through archive.is , archive.li  archive.eu will not have any of this crap running on your machine - expect plugins to detect and bypass automatically soon
> 
> offsite javascript is always a total security hazard


Don't be misled Baldrick.

Buttplug read something on someone's desk while he was emptying the bins.

 :Smile:

----------


## Dragonfly

it's very convenient to see and analyze what users are doing,

that tech is spreading fast, everyone wants to know how UX is effective and that tool delivers

it has been around for a while and it's perfectly legitimate for a website to run it, I don't see AV blocking it, or else they would get sued

----------


## harrybarracuda

> it's very convenient to see and analyze what users are doing,
> 
> that tech is spreading fast, everyone wants to know how UX is effective and that tool delivers
> 
> it has been around for a while and it's perfectly legitimate for a website to run it, I don't see AV blocking it, or else they would get sued


So fucking sue them then, dickhead.

 :rofl: 
*
Fortunately, users can block session replay scripts using the popular ad-blocking tool AdBlock Plus. As a result of the revelations brought to light by the Princeton University researchers, AdBlock Plus issued an update to block all session replay scripts.*

----------


## Dragonfly

no big deal, most people don't use AdBlock Plus, at least the ones you want on your website, not the Indian dickheads like you  :Smile: 

as long as it's not the AV firms, we are fine !!!

----------


## harrybarracuda

> no big deal, most people don't use AdBlock Plus, at least the ones you want on your website, not the Indian dickheads like you 
> 
> as long as it's not the AV firms, we are fine !!!


Yeah, thought so, you're full of shit as usual.

 :smiley laughing:

----------


## Dragonfly

hey you are the filthy Indian, not I

----------


## harrybarracuda

> hey you are the filthy Indian, not I


I don't think you even get that high on the pay grade, you weird stalker.

----------


## Mr Earl

When Butters met Harry....
go ahead Harry put some butter on your finger!

----------


## harrybarracuda

> When Butters met Harry....
> go ahead Harry put some butter on your finger!


Careful Mr. E, you don't want to attract his attention, he might start PM'ing you for a meet.

 :bananaman:

----------


## Dragonfly

hey harry, you have a new boyfriend ? he loves Trump as much as I do  :Smile:

----------


## harrybarracuda

> hey harry, you have a new boyfriend ? he loves Trump as much as I do


Good, maybe he'll fuck you up the arse then.

----------


## harrybarracuda

Either Uber's accounting & auditing is shite or the CEO should be the one taking the fall.

Actually, looking at it, he did.

What about the CFO though?




> Uber Chief Security Office Joe Sullivan and the lawyer reporting to him were fired after paying hackers $100,000 to cover up a massive data breach from October 2016, the company’s CEO confirmed on Tuesday, Bloomberg writes. The ride-service provider was hacked after two cyber criminals acquired the login credentials of the Amazon Web Services account that stored Uber’s data.
> 
> The data breach affected Uber clients and drivers from around the world, but the victims and regulators were never informed. Hackers stole names and drivers’ license numbers of some 600,000 drivers in the US, and personal information of 57 million account holders, such as names, email addresses and mobile phone numbers. They did not get into the corporate systems or infrastructure, nor did they steal information related to trip location history, credit card numbers, bank account numbers, Social Security numbers or dates of birth, confirmed Uber CEO Dara Khosrowshahi.
> 
> “None of this should have happened, and I will not make excuses for it. While I can’t erase the past, I can commit on behalf of every Uber employee that we will learn from our mistakes,” Khosrowshahi said. “We are changing the way we do business, putting integrity at the core of every decision we make and working hard to earn the trust of our customers.”
> 
> Former Uber CEO Travis Kalanick was informed of the breach in November 2016, during a separate federal investigation by the Federal Trade Commission for privacy violations.
> Uber ensures the stolen information has been destroyed. At the moment of writing, no evidence of fraud or misuse has been detected. Affected accounts are monitored and will receive extra fraud protection.
> 
> https://hotforsecurity.bitdefender.com/blog/uber-chief-security-officer-fired-after-massive-data-breach-cover-up-19246.html

----------


## harrybarracuda

*Did Intel leave a huge security hole in your brand new PC?*

By Darren Allan4 hours ago

*Skylake or later processors are affected by a range of flaws*

There’s a huge and extremely worrying range of flaws in newer Intel processors which could allow hackers to take full control over the relevant machines – with millions of PCs potentially affected.

After a severe exploit was uncovered by Mark Ermolov and Maxim Goryachy, Moscow-based security experts who work for Positive Technologies Research, Intel has admitted that some 10 vulnerabilities exist in the Intel Management Engine, Trusted Execution Engine and Server Platform Services.

As mentioned, these flaws can be leveraged to remotely execute commands, take control of machines and pilfer precious data, and they affect all of Intel’s Core series of processors from Skylake (6th-generation) onwards, including the firm’s latest 8th-gen CPUs.

Many Xeon as well as Atom, Pentium and Celeron processors are also hit by these gremlins. Intel lists the full details of chips which are affected here, and also offers a detection tool to check whether your system is subject to these gaping holes (although note that the utility is designed for businesses, not consumer users).

As Ars Technica reports, the majority of the vulnerabilities (six of them) affect the Intel Management Engine, an independent subsystem on the firm’s processors which Intel says is designed for remote admin, but which has long been criticized as a potential backdoor in some quarters.
*
Minix mayhem*

There’s been a lot of controversy about the Management Engine of late, because it was found to run a version of Minix – a ‘mini-Unix’ OS originally created by Andrew Tanenbaum for educational purposes, but apparently adapted by Intel for its processors.

Much of the controversy has bubbled around the fact that the user has no access to this Minix OS, yet it has full access to the host PC, as Network Worldpointed out earlier this month. And this has long been feared as a big security risk – and now proven so with the discovery of these exploits that can be executed via the Management Engine.
This really is quite mind-boggling stuff, topped by the fact that even Tanenbaum, the creator of Minix, didn’t realize that Intel was using his OS inside its chips in such a manner (according to Maxim Goryachy).

Naturally, there’s a big scramble underway to patch the vulnerabilities, and Intel suggests that affected users should check for new firmware from their PC manufacturer.

Lenovo is apparently going to have patched firmware rolling out tomorrow, with Dell working on the problem as well, but there’s no ETA regarding the latter’s patch. Other PC manufacturers are doubtless beavering away, too (you would hope).

Meanwhile, in the broader picture going forward, it’ll be interesting to see how Intel fights the flames which will doubtless be raging around the issue of exactly what is going on inside the firm’s CPUs when it comes to the Management Engine.

Modern operating systems and processors should be built to be increasingly secure, of course, but this is clearly a huge step backwards for Intel on the security front.

Did Intel leave a huge security hole in your brand new PC? | TechRadar

----------


## OhOh

> eah but that's Swahili to a lot of people. I think it's important to keep it really simple so that people like Albert, ENT and OhOh can understand it.
> 
> I'm going for the lowest common denominator.


Here's me thinking it was a bondage thread. 'arry I struggle with English. Don't try and confuse me with Swahili, is that a new browser for Windows 10?

Doesn't the government here provide security?

----------


## harrybarracuda

> Here's me thinking it was a bondage thread.


The defence rests its case, m'lud.

----------


## harrybarracuda

*DNS resolver 9.9.9.9 will check requests against IBM threat database*

*Group Co-founded by City of London Police promises 'no snooping on your requests'*

By Richard Chirgwin 20 Nov 2017 at 06:58

The Global Cyber Alliance has given the world a new free Domain Name Service resolver, and advanced it as offering unusually strong security and privacy features.

The Quad9 DNS service, at 9.9.9.9, not only turns URIs into IP addresses, but also checks them against IBM X-Force's threat intelligence database. Those checks protect agains landing on any of the 40 billion evil sites and images X-Force has found to be dangerous.

The Alliance (GCA) was co-founded by the City of London Police, the District Attorney of New York County and the Center for Internet Security and styled itself "an international, cross-sector effort designed to confront, address, and prevent malicious cyber activity."

IBM's helped the project in two ways: back in 1988, Big Blue secured the 9.0.0.0/8 block of 16 million addresses, which let it dedicate 9.9.9.9 to the cause.

The Alliance, which oversees the initiative, said the other partner, Packet Clearing House, gave the system global reach via 70 points of presence in 40 countries.

It claimed users wouldn't suffer a performance penalty for using the service, but added it plans to double the Quad9 PoPs over the next 18 months.

GCA, which did the development work, also coordinated the threat intelligence community to incorporate feeds from 18 other partners, “including Abuse.ch, the Anti-Phishing Working Group, Bambenek Consulting, F-Secure, mnemonic, 360Netlab, Hybrid Analysis GmbH, Proofpoint, RiskIQ, and ThreatSTOP.”

The organisation promised that records of user lookups would not be put out to pasture in data farms: “Information about the websites consumers visit, where they live and what device they use are often captured by some DNS services and used for marketing or other purposes”, it said. Quad9 won't “store, correlate, or otherwise leverage” personal information.

Google makes the same promise for its 8.8.8.8 DNS service, saying: “We don't correlate or combine information from our temporary or permanent logs with any personal information that you have provided Google for other services.” However, most home users accept the default configuration for their ISP, each of which will have its own attitude to monetising user data.

GCA also said it hoped the resolver would attract users on the security-challenged Internet of Things, because TVs, cameras, video recorders, thermostats or home appliances “often do not receive important security updates”.
If you're one of the lucky few whose ISP offers IPv6, there's a Quad9 resolver for you at 2620:fe::fe (the PCH public resolver). ®


https://www.theregister.co.uk/2017/1..._dns_resolver/

----------


## harrybarracuda

But it's OK because Apple is *really* secure....

 :smiley laughing: 




> If you own a Mac computer and run the latest version of Apples operating system, macOS High Sierra, then you need to be extra careful with your computer.
> 
> A serious, yet stupid vulnerability has been discovered in macOS High Sierra that allows untrusted users to quickly gain unfettered administrative (or root) control on your Mac without any password or security check, potentially leaving your data at risk.
> 
> Discovered by developer Lemi Orhan Ergin on Tuesday, the vulnerability only requires anyone with physical access to the target macOS machine to enter root into the username field, leave the password blank, and hit the Enter a few timesand Voila!
> 
> In simple words, the flaw allows an unauthorized user that gets physical access on a target computer to immediately gain the highest level of access to the computer, known as root, without actually typing any password.


https://vulners.com/thn/THN:47FC768D...n=browserPopUp

----------


## Dragonfly

> Group Co-founded by City of London Police promises 'no snooping on your requests'


right  :Smile: 




> Discovered by developer Lemi Orhan Ergin on Tuesday, the vulnerability only requires anyone with physical access to the target macOS machine to enter “root” into the username field, leave the password blank, and hit the Enter a few times—and Voila!


got to try it on a mactard  :rofl:

----------


## harrybarracuda

Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser
2017-11-29 22:19:00
Reporter Swati Khandelwal
Modified 2017-11-30 09 :35: 55




Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser.


Due to the recent surge in cryptocurrency prices, hackers and even legitimate website administrators are increasingly using JavaScript-based cryptocurrency miners to monetize by levying the CPU power of their visitor’s PC to mine Bitcoin or other cryptocurrencies.


After the world’s most popular torrent download website, The Pirate Bay, caught secretly using Coinhive, a browser-based cryptocurrency miner service, on its site last month, thousands of other websites also started using the service as an alternative monetization model to banner ads.


However, websites using such crypto-miner services can mine cryptocurrencies as long as you’re on their site. Once you close the browser window, they lost access to your processor and associated resources, which eventually stops mining.


Unfortunately, this is not the case anymore.


Security researchers from anti-malware provider Malwarebytes have found that some websites have discovered a clever trick to keep their cryptocurrency mining software running in the background even when you have closed the offending browser window.


How Does This Browser Technique Work?


According to a blog post published Wednesday morning by Malwarebytes, the new technique works by opening a hidden pop-under browser window that fits behind the taskbar and hides behind the clock on your Microsoft’s Windows computer.


From there (hidden from your view), the website runs the crypto-miner code that indefinitely generates cryptocurrency for the person controlling the site while eating up CPU cycles and power from your computer until and unless you notice the window and close it.


Researchers say this technique is a lot harder to identify and able to bypass most ad-blockers because of how cleverly it hides itself. The crypto-miner runs from a crypto-mining engine hosted by Amazon Web Servers.


“This type of pop-under is designed to bypass adblockers and is a lot harder to identify because of how cleverly it hides itself,” Jérôme Segura, Malwarebytes’ Lead Malware Intelligence Analyst, says in the post. “Closing the browser using the “X” is no longer sufficient.”


To keep itself unidentified, the code running in the hidden browser always takes care of the maximum CPU usage and maintains threshold to a medium level.


You can also have a look at the animated GIF image that shows how this clever trick works.


This technique works on the latest version of Google’s Chrome web browser running on the most recent versions of Microsoft’s Windows 7 and Windows 10.


How to Block Hidden Cryptocurrency Miners


If you suspect your computer CPU is running a little harder than usual, just look for any browser windows in the taskbar. If you find any browser icon there, your computer is running a crypto-miner. Now simply, kill it.


More technical users can run Task Manager on their computer to ensure there is no remnant running browser processes and terminate them.


Since web browsers themselves currently are not blocking cryptocurrency miners neither does the integrated Windows Defender antivirus software, you can use antivirus programs that automatically block cryptocurrency miners on web pages you visit.


For this, you can contact your antivirus provider to check if they do.


Alternatively, you can make use of web browser extensions, like No Coin, that automatically block in-browser cryptocurrency miners for you, and regularly update themselves with new mining scripts that come out.


Created by developer Rafael Keramidas, No Coin is an open source extension that blocks Coin Hive and other similar cryptocurrency miners and is available for Google Chrome, Mozilla Firefox, and Opera.


No Coin currently does not support Microsoft Edge, Apple Safari, and Internet Explorer. So, those using one of these browsers can use an antimalware program that blocks cryptocurrency miners.

https://vulners.com/thn/THN:AC3A8FB7...n=browserPopUp

----------


## Dragonfly

> Cryptocurrency Mining Scripts Now Run Even After You Close Your Browser
> 2017-11-29 22:19:00
> Reporter Swati Khandelwal
> Modified 2017-11-30 0955
> 
> 
> 
> 
> Some websites have found using a simple yet effective technique to keep their cryptocurrency mining javascript secretly running in the background even when you close your web browser.
> ...


nice,

----------


## Dragonfly

> According to a blog post published Wednesday morning by Malwarebytes, the new technique works by opening a hidden pop-under browser window that fits behind the taskbar and hides behind the clock on your Microsofts Windows computer.


actually my favorite porn sites are doing exactly the same thing while I wank  :Smile: 

so wanking is now profitable business thanks to porn Cryptos mining,

----------


## harrybarracuda

> actually my favorite porn sites are doing exactly the same thing while I wank 
> 
> so wanking is now profitable business thanks to porn Cryptos mining,


Why bother commenting Buttplug?

Everyone knows you're a wanker already.

----------


## harrybarracuda

Today, with help from Microsoft security researchers, law enforcement agencies around the globe, in cooperation with Microsoft Digital Crimes Unit (DCU), announced the disruption of Gamarue, a widely distributed malware that has been used in networks of infected computers collectively called the Andromeda botnet.
The disruption is the culmination of a journey that started in December 2015, when the Microsoft Windows Defender research team and DCU activated a Coordinated Malware Eradication (CME) campaign for Gamarue. In partnership with internet security firm ESET, we performed in-depth research into the Gamarue malware and its infrastructure.
Our analysis of more than 44,000 malware samples uncovered Gamarue’s sprawling infrastructure. We provided detailed information about that infrastructure to law enforcement agencies around the world, including:

1,214 domains and IP addresses of the botnet’s command and control servers464 distinct botnetsMore than 80 associated malware families
The coordinated global operation resulted in the takedown of the botnet’s servers, disrupting one of the largest malware operations in the world. Since 2011, Gamarue has been distributing a plethora of other threats, including:

Petya and Cerber ransomwareKasidet malware (also known as Neutrino bot), which is used for DDoS attacksLethic, a spam botInfo-stealing malware Ursnif, Carberp, and Fareit, among others

*A global malware operation*For the past six years, Gamarue has been a very active malware operation that, until the takedown, showed no signs of slowing down. Windows Defender telemetry in the last six months shows Gamarue’s global prevalence.



https://blogs.technet.microsoft.com/...rue-andromeda/

----------


## harrybarracuda

A lot of ISPs dish out Huawei routers, sometimes rebadged, since they're cheap shit.




> Attackers have used an advanced new strain of the Mirai Internet-of-things malware to quietly amass an army of 100,000 home routers that could be used at any moment to wage Internet-paralyzing attacks, a researcher warned Monday.
> 
> 
> Botnet operators have been regularly releasing new versions of Mirai since the source code was openly published 14 months ago. Usually, the new versions contain minor tweaks, many of which contain amateur mistakes that prevent the new releases from having the punch of the original Mirai, which played a key role in a series of distributed denial-of-service attacks that debilitated or temporarily took down Twitter, GitHub, the PlayStation Network and other key Internet services.
> 
> 
> What sets this latest variant apart is _its ability to exploit a recently discovered zeroday vulnerability to infect two widely used lines of home and small-office routers even when they're secured with strong passwords or have remote administration turned off altogether_, Dale Drew, chief security strategist at broadband Internet provider CenturyLink, told Ars. _One of the affected Huawei devices is the EchoLife Home Gateway, and the other is the Huawei Home Gateway._ Roughly 90,000 of the 100,000 newly infected devices are one of the two Huawei router models. The new malware also has a dictionary of 65,000 username and password combinations to try against other types of devices.
> 
> 
> ...

----------


## baldrick

If you are using the modem in bridge mode controlled by your own router it makes no difference what insecure firmware is running on their device

----------


## Latindancer

I have a Huawei router. And it's  a Home Gateway....dammit !

----------


## Dragonfly

Huawei, sounds like a brand Harry would use  :rofl: 

NETGEAR are for real players  :Smile:

----------


## harrybarracuda

And along comes Buttplug to demonstrate once again that he hasn't got a fucking clue.

 :Smile: 

Hey Buttplug, tell us which Netgear you are using...

----------


## harrybarracuda

> If you are using the modem in bridge mode controlled by your own router it makes no difference what insecure firmware is running on their device


But if they can take control of the device they can change the operating mode, no?

----------


## harrybarracuda

*HP laptops found to have hidden keylogger*


*Hidden software that can record every letter typed on a computer keyboard has been discovered pre-installed on hundreds of HP laptop models.*
Security researcher Michael Myng found the keylogging code in software drivers preinstalled on HP laptops to make the keyboard work.
HP said more than 460 models of laptop were affected by the "potential security vulnerability".
It has issued a software patch for its customers to remove the keylogger.
The issue affects laptops in the EliteBook, ProBook, Pavilion and Envy ranges, among others. HP has issued a full list of affected devices, dating back to 2012.
In a statement, the company said: "HP uses Synaptics' touchpads in some of its mobile PCs and has worked with Synaptics to provide fixes to their error for impacted HP systems, available via the security bulletin on HP.com."
*'Loss of confidentiality'*

Mr Myng discovered the keylogger while inspecting Synaptics Touchpad software, to figure out how to control the keyboard backlight on an HP laptop.
He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.
According to HP, it was originally built into the Synaptics software to help debug errors.
It acknowledged that could lead to "loss of confidentiality" but it said neither Synaptics nor HP had access to customer data as a result of the flaw.
In May, a similar keylogger was discovered in the audio drivers pre-installed on several HP laptop models.
At the time, the company said the keylogger code had been mistakenly added to the software.

HP laptops found to have hidden keylogger - BBC News


Added:




> HP computer owners out there will probably want to check out HP’s support document *at this link*, and apply the patch that removes the keylogger.

----------


## Dragonfly

> HP has issued a full list of affected devices, dating back to 2012.


great, I am safe, mine is from 2002  :Smile:

----------


## baldrick

> But if they can take control of the device they can change the operating mode, no?


But then where are they?  Stop the communication only.  Unless your firmware is exploitable they can't go anywhere

----------


## harrybarracuda

> But then where are they?  Stop the communication only.  Unless your firmware is exploitable they can't go anywhere



Erm....





> _exploit a recently discovered zero day vulnerability to infect two widely used lines of home and small-office routers even when they're secured with strong passwords or have remote administration turned off altogether_


https://www.checkpoint.com/defense/a...2017-1016.html

----------


## Dragonfly

> But then where are they?  Stop the communication only.  Unless your firmware is exploitable they can't go anywhere


hello earth ??? your brain is getting full of Bitcoin non-sense, full of hot air that is going to toast your ASIC implant  :rofl:

----------


## Dragonfly

> He said the keylogger was disabled by default, but an attacker with access to the computer could have enabled it to record what a user was typing.


so a lot of noise about nothing, and hackers have better targets with all the holes in Win10, Chrome etc...

----------


## harrybarracuda

There's always the sound of witless babbling whenever Buttplug arrives.

He's not very bright you know.

 :Roll Eyes (Sarcastic):

----------


## raycarey

the .exe file for removing the keylogger from my wife's HP laptop is 181 MB.

 :Wtf:

----------


## harrybarracuda

> the .exe file for removing the keylogger from my wife's HP laptop is 181 MB.


Are you on dialup?

----------


## Dragonfly

> the .exe file for removing the keylogger from my wife's HP laptop is 181 MB.


181MB or 181,000 Bytes  :Smile: 

do a screenshot  :Smile:

----------


## raycarey

> Are you on dialup?






why would a software removal file need to be that large?  especially when it's their software?

----------


## harrybarracuda

> why would a software removal file need to be that large?  especially when it's their software?


It's not a removal tool.

It's a complete set of Synaptics drivers.

----------


## baldrick

> exploit a recently discovered zero day vulnerability to infect two widely used lines of home and small-office routers


only if you have manufacturers firmware on your machine

it is not a hardware 0 day

----------


## harrybarracuda

> only if you have manufacturers firmware on your machine
> 
> it is not a hardware 0 day


Now you're just being obtuse.

99.99+% of routers have the manufacturers firmware on them.

----------


## harrybarracuda

*File With 1.4 Billion Hacked And Leaked Passwords Found On The Dark Web*
There have been numerous high-profile breaches involving popular websites and online services in recent years, and it's very likely that some of your accounts have been impacted. It's also likely that your credentials are listed in a massive file that's floating around the Dark Web.

Security researchers at 4iQ spend their days monitoring various Dark Web sites, hacker forums, and online black markets for leaked and stolen data. Their most recent find: a 41-gigabyte file that contains a staggering 1.4 billion username and passwordcombinations. The sheer volume of records is frightening enough, but there's more.
All of the records are in plain text. 4iQ notes that around 14% of the passwords -- nearly 200 million -- included had not been circulated in the clear. All the resource-intensive decryption has already been done with this particular file, however. Anyone who wants to can simply open it up, do a quick search, and start trying to log into other people's accounts.


Everything is neatly organized and alphabetized, too, so it's ready for would-be hackers to pump into so-called "credential stuffing" apps
Where did the 1.4 billion records come from? The data is not from a single incident. The usernames and passwords have been collected from a number of different sources. 4iQ's screenshot shows dumps from Netflix, Last.FM, LinkedIn, MySpace, dating site Zoosk, adult website YouPorn, as well as popular games like Minecraft and Runescape.
Some of these breaches happened quite a while ago and the stolen or leaked passwords have been circulating for some time. That doesn't make the data any less useful to cybercriminals. Because people tend to re-use their passwords -- and because many don't react quickly to breach notifications -- a good number of these credentials are likely to still be valid. If not on the site that was originally compromised, then at another one where the same person created an account.

Part of the problem is that we often treat online accounts "throwaways." We create them without giving much thought to how an attacker could use information in that account -- which we _don't_ care about -- to comprise one that we _do_ care about. In this day and age, we can't afford to do that. We need to prepare for the worst every time we sign up for another service or site.

https://www.forbes.com/sites/fidelit.../#15ca907c3f5c

----------


## Dragonfly

> adult website YouPorn


fuck, that's me fucked then

 thank god I only use "password" for my password on those websites  :Smile:

----------


## harrybarracuda

*There have been at least 360,000 new malicious files detected every day in 2017an 11.5% increase from the previous year.
*
According to Kaspersky Labs Number of the Year for 2017, a number of these new malicious files (processed by the companys in-lab detection technologies) fall into the malware category (78%); however, viruses still account for 14% of daily detections. The remaining files are advertising software (8%).

This growth is having an effect at large: Kaspersky found that 29.4% of user computers encountered an online malware attack at least once over the course of the year; and 22% of user computers were subjected to advertising programs and their components.

Other interesting data points in the report include the fact that viruses significantly dropped in prevalence five to seven years ago, due to their complex development and low efficiency, Kaspersky said. However, a modicum of development still keeps chugging along as the 14% figure illustrates.

The reasons behind the growth are myriad: The explosive increase in ransomware attacks over the last couple of years is only set to continue, thanks to a growing criminal ecosystem behind this type of threat. Kaspersky said that bad actors are producing hundreds of new samples every day. Aside from that, 2017 also saw a spike in crypto-minersa class of malware that cyber-criminals have started to use actively. Also, the increase in detections could be attributed to detection technologies getting better, and catching more.

The number of new malwares was calculated for the first time in 2011, when the total equaled only 70,000. Since then, it has grown five-fold. Also, after a slight decrease in 2015, the number of malicious files detected every day is growing for the second year in a row.

In 2015, we witnessed a visible drop in daily detections and started thinking that new malware could be less important for criminals, who may have instead shifted their attention towards reusing old malware, said Vyacheslav Zakorzhevsky, head of the anti-malware team at Kaspersky Lab. However, over the last two years, the number of new malware we discovered has been growing, which is a sign that interest in creating new malicious code has been revived.

https://www.infosecurity-magazine.com/news/360k-new-malware-samples-every-day/

----------


## harrybarracuda

*Western Digital’s My Cloud Storage Devices Have Hard-Coded Backdoor*By Ryan Whitwam on January 9, 2018 at 10:45 am


Western Digital’s My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device. Western Digital was told about the vulnerabilities last year but has yet to patch many devices.
A Western Digital My Cloud NAS starts at less than $200 for a few terabytes with a single disk. It goes up to about $700 in the largest 16TB dual-drive system. Then there are the My Cloud EX series devices, which are more like a traditional NAS with user-accessible drive bays. These might cost well over $1,000 once equipped with drives. The majority of Western Digital’s network storage products are affected by the vulnerability.
According to researchers at GulfTech, WD’s NAS boxes use a broken security model that allows remote attackers to upload files and gain root access, but that’s not all. There’s also a hard-coded backdoor that could allow anyone to access your files. It’s really a mess.
The My Cloud devices are designed to be accessible by the owner locally as well as over the internet. It turns out someone else can ping the NAS remotely with a request to upload a file in such a way that the NAS lets them in. The researchers created a proof-of-concept module that can gain root access to the device, potentially allowing access to all the files contained in the NAS.


Things are made even worse by WD’s inclusion of a hard-coded backdoor. These devices contain an admin username “mydlinkBRionyg” and password “abc12345cba,” allowing anyone to log in remotely. This is hard-coded in the binary, so users cannot change it or revoke access. That makes the buggy code above extremely easy to access. An attacker could even hack the My Clouds on your network by tricking you into visiting a webpage with an embedded iframe that makes the login request.
GulfTech notified Western Digital of the vulnerabilities in June of last year, and the company requested a 90-day window to push out updates. Many devices still lack updates after six months, so GulfTech published its analysis. As of now, any of the affected models on firmware older than 4.x is vulnerable. If that’s you, it might be smart to disconnect the My Cloud for now, or at least put it someplace in your network where it can’t access the internet.

https://www.extremetech.com/computin...coded-backdoor

----------


## harrybarracuda

*Western Digitals My Cloud Storage Devices Have Hard-Coded Backdoor*By Ryan Whitwam on January 9, 2018 at 10:45 am


Western Digitals My Cloud network attached storage (NAS) devices claim to offer an easy, all-in-one solution for storing your data at home. However, they might also be providing an easy, all-in-one solution for hackers to steal your data take control of your device. Western Digital was told about the vulnerabilities last year but has yet to patch many devices.
A Western Digital My Cloud NAS starts at less than $200 for a few terabytes with a single disk. It goes up to about $700 in the largest 16TB dual-drive system. Then there are the My Cloud EX series devices, which are more like a traditional NAS with user-accessible drive bays. These might cost well over $1,000 once equipped with drives. The majority of Western Digitals network storage products are affected by the vulnerability.
According to researchers at GulfTech, WDs NAS boxes use a broken security model that allows remote attackers to upload files and gain root access, but thats not all. Theres also a hard-coded backdoor that could allow anyone to access your files. Its really a mess.
The My Cloud devices are designed to be accessible by the owner locally as well as over the internet. It turns out someone else can ping the NAS remotely with a request to upload a file in such a way that the NAS lets them in. The researchers created a proof-of-concept module that can gain root access to the device, potentially allowing access to all the files contained in the NAS.


Things are made even worse by WDs inclusion of a hard-coded backdoor. These devices contain an admin username mydlinkBRionyg and password abc12345cba, allowing anyone to log in remotely. This is hard-coded in the binary, so users cannot change it or revoke access. That makes the buggy code above extremely easy to access. An attacker could even hack the My Clouds on your network by tricking you into visiting a webpage with an embedded iframe that makes the login request.
GulfTech notified Western Digital of the vulnerabilities in June of last year, and the company requested a 90-day window to push out updates. Many devices still lack updates after six months, so GulfTech published its analysis. As of now, any of the affected models on firmware older than 4.x is vulnerable. If thats you, it might be smart to disconnect the My Cloud for now, or at least put it someplace in your network where it cant access the internet.

https://www.extremetech.com/computin...coded-backdoor

----------


## harrybarracuda

The Wi-Fi Alliance, a clutch of companies responsible for certifying products as capable of transmitting data over Wi-Fi, is working on WPA3, a new wireless protocol that’s designed to replace the existing WPA2 and boost security.
That’s big, because the WPA2 encryption protocol that protects your Wi-Fi router and connected devices from intrusions was cracked last October. And while that left many a router and Android device vulnerable to attacks, it was patched soon enough by the likes of Google, Microsoft and Apple.

Hopefully, that’s the last major wireless security bug we see for a long while (WPA2 is now about 14 years old). To ensure enhanced security, the Wi-Fi Alliance is building four major features into WPA3:

Robust protections even when users choose passwords that fall short of typical complexity recommendations.A simplified process of configuring security for devices that have limited or no display interface.Strengthened user privacy in open networks through individualized data encryption.A 192-bit security suite, aligned with the Commercial National Security Algorithm (CNSA) Suite from the Committee on National Security Systems, will further protect Wi-Fi networks with higher security requirements such as those in use in government, defense, and industrial sectors.
If you’re buying a new router or other network equipment later this year, you’ll want to look out for WPA3 certification. Android Police notes that your existing hardware may not receive WPA3 firmware updates because of the certification requirement, but that will largely depend on whether manufacturers care to take the effort to secure the devices they’ve already sold.

https://thenextweb.com/gadgets/2018/...uter-security/

----------


## harrybarracuda

Gotta love the jinglies. Journalist reports that peoples PII is for sale for $8.75 so they include her in the criminal complaint about the breach!

Tossers.

 :rofl: 




> *Indian data leak looks to have been an inside job*
> 
> *5,000 officials blocked from accessing billion-plus-records Aadhaar systen*
> 
> By Richard Chirgwin 10 Jan 2018 at 06:31 SHARE ▼
> 
> The government authority in charge of India's billion-records-and-counting Aadhaar biometric identity database, the Unique Identity Authority of India (UIDAI), has suspended 5,000 officials from accessing the system.
> As we reported yesterday, a journalist for the country's Tribune newspaper wrote of her ability to access Aadhaar records for 500 rupees (US$8.75). The UIDAI responded by including the journalist, Rachna Khaira, in a criminal complaint.
> At the time, it was unclear whether access to the system was offered by hackers who had compromised the system, or insiders misusing their accounts to set up Aadhaar gateways for those who could pay.
> ...


https://www.theregister.co.uk/2018/0...each_response/

----------


## harrybarracuda

*Taiwanese cops give malware-laden USB sticks as prizes for security quiz**What was second prize? We think we'd rather have that*By Richard Chirgwin 10 Jan 2018 at 07:29 SHARE ▼

Winners of a security quiz staged by Taiwan's Criminal Investigation Bureau may be wondering why they tried so hard to do well after some of the USB drives handed out as prizes turned out to be wretched hives of malware and villainy.
According to the Taipei Times, the Bureau hosted an infosec event in December 2017, and gave 250 drives to people who won a cybersecurity quiz.
It's since emerged that 54 of the 8GB drives were infected by a computer used by an employee of supplier Shawo Hwa Industries Co “to transfer an operating system to the drives and test their storage capacity”.
While the dongles were manufactured in China, the Taipei Times said there's no suggestion that espionage was a motive.
The good news is that the infection was an old virus Chinese-language site Liberty Times names as “XtbSeDuA.exe” that tries to steal personal data from 32-bit machines.
The CIB says stolen data was forwarded to a relay IP address in Poland which in 2015 was associated with 2015 Europol raids on an electronic funds fraud ring. The police added that the server receiving the data from the latest infections has been shut down.
The prizes were handed out from December 11 to December 12, when complaints from the public started arriving, but 34 of the drives are still in circulation somewhere. ®

https://www.theregister.co.uk/2018/0...olice_malware/

----------


## Dragonfly

that's what happens when you let Indians run setup for Routeurs and USB memcards  :rofl:

----------


## harrybarracuda

> that's what happens when you let Indians run setup for Routeurs and USB memcards



Ah, so that's what cheese eating surrender monkeys call them: "Le routeur".

----------


## harrybarracuda

*BitTorrent critical flaw allows hackers to remotely control users' computers*

*Security researchers also warned that BitTorrent clients could be susceptible to attacks as well if the flaw is leveraged.

*_A critical flaw in the popular Transmission BitTorrent app could allow hackers to remotely control users' computers. The flaw, uncovered by Google Project Zero security researchers, allows websites to execute malicious code on users' devices. Researchers also warned that BitTorrent clients could be susceptible to attacks as well if the flaw is leveraged._
_Project Zero researcher Tavis Ormandy posted a proof-of-concept attack, which exploits a specific Transmission function, via which the BitTorrent app can be controlled with the user's web browser. Ormandy reportedly used a hacking technique called the "domain name system rebinding" to come up with a way by which to remotely control the Transmission interface when a vulnerable user visits a malicious site. According to Ormandy, the exploit attack works on Chrome and FireFox on Windows as well as on Linux.
_
http://www.ibtimes.co.uk/bittorrent-critical-flaw-allows-hackers-remotely-control-users-computers-1655287

----------


## harrybarracuda

Norwegian health authority hacked, patient data of nearly 3 million citizens possibly compromised


Hackers have breached the systems of the Southern and Eastern Norway Regional Health Authority (Helse Sør-Øst RHF), and possibly made off with personal information and health records of some 2.9 million Norwegians.


The breach was announced on Monday by the authority.


The first to notice that something was amiss was HelseCERT, the Norwegian healthcare sector’s national information security center, which detects unwanted events and traffic and reports them to affected actors. HelseCERT notified Hospital Partner HF, the company responsible for all ICT operations in Helse Sør-Øst RHF.


Cathrine M. Lofthus, the CEO of the Southern and Eastern Norway Regional Health Authority, said that measures have been taken to limit the damage caused by the breach, but that it hasn’t affected patient treatment or patient safety.


“The event is handled according to established emergency preparedness routines and in collaboration with HelseCERT (Norwegian Helsenett SF) and NorCERT (National Security Authority) as well as other expertise. A number of measures have been implemented to remove the threat and further measures will be implemented in the future,” the authority said.


Norway’s police, military intelligence and its National Security Authority are investigating the breach, but it’s still unknown if the attackers managed to access and exfiltrate patient data.


“Due to pending investigations, there is not much information available about the breach itself. Still, it is said to involve a serious foreign actor, with speculations pointing to a state actor,” Kai Roer, CEO at Norwegian security culture company CLTRe, told Help Net Security.


Helse Sør-Øst RHF says that “the threat actor is an advanced and professional player.”


Norwegian public health care is divided into several regions, and the Southern and Eastern Norway Regional Health Authority covers the counties of Akershus, Aust-Agder, Buskerud, Hedmark, Oppland, Telemark, Vest-Agder, Vestfold, Østfold, and Oslo (the country’s capital).


Health records found here will most probably include that of government and secret police employees, military and intelligence staff, politicians and other public individuals.


Nyvoll Nygaard, an adviser with the Norwegian Police Security Service, said that it’s possible that someone working for a foreign state aimed to collect information that may harm fundamental national interests relating to the community infrastructure.


But, it could just as easily turn out that the attackers were merely after data they can sell on to the highest bidder.


“The healthcare sector is known to be a target for hackers, and the healthcare sector in Norway is no exception. 2,8 m patient records lost is equal to half of Norway’s total population, and as such must be considered a major breach,” Roer noted.


https://www.helpnetsecurity.com/2018/01/18/norwegian-health-authority-hacked/

----------


## harrybarracuda

I think we might have the odd OnePlus user here, so take note:

*OnePlus Attackers Steal Credit Card Data From 40,000 Customers*By: Sean Michael Kerner| January 19, 2018


*Days after receiving initial reports about fraudulent activity, the mobile phone vendor reveals that attackers were able to get a malicious script onto its website that stole user credit card information.

*
Mobile phone vendor OnePlus announced on Jan. 19 that it was the victim of a security breach that exposed credit card information of up to 40,000 customers.
The admission that there was a data breach comes three days after OnePlus announced that it was temporarily disabling credit card payments on its website. OnePlus disabled the credit card payments on Jan. 16, after receiving reports from customers that they were seeing unknown credit card charges after buying something online from OnePlus.
"One of our systems was attacked, and a malicious script was injected into the payment page code to sniff out credit card info while it was being entered," OnePlus stated in an advisory on the breach.
The attack appears to had been ongoing from mid-November 2017 until Jan. 11, 2018, OnePlus said. According to the company, credit card information (card numbers, expiration dates and security codes) that was entered on the Oneplus.net site may have been compromised. Users who saved their credit card information on the site, as well as those who use PayPal, do not appear to be impacted by the breach, however.


OnePlus' investigation into the data breach found that a malicious script was operating intermittently on the Oneplus.netsite. The script was able to capture data from end users' web browsers and then send that data to the attacker. According to OnePlus, it has now eliminated the immediate risk. 
"We have quarantined the infected server and reinforced all relevant system structures," OnePlus stated.
What remains unclear is how the malicious script got onto the OnePlus server in the first place and why it wasn't caught by security technology. The company is now working with its technology providers as well as law enforcement to further investigate the security incident.
"We are also working with our current payment providers to implement a more secure credit card payment method, as well as conducting an in-depth security audit," OnePlus stated. "All these measures will help us prevent such incidents from happening in the future."
Chris Morales, head of security analytics at Vectra, said he is impressed with the expediency and thoroughness OnePlus is taking in providing its customers with a breach notification. That said, Morales noted that while it is unfortunate that the breach occurred, it is not at all surprising.
"This breach should be a reminder that HTTPS, while encrypted, is not a guarantee of a secure transaction as attackers can compromise the systems at both ends of any encrypted conversation," Morales told _eWEEK_.
*What Should End Users Do?*
OnePlus recommends that its customers check their credit card statement and immediately report any unrecognized charges. The company will also be providing credit card monitoring services to impacted customers.
"Unfortunately, there is not much a consumer can do to prevent being victimized as part of a breach," Shawn Kanady, principal security consultant at security Trustwave, told _eWEEK_.
Kanady added that online shopping will always be risky for the consumer so it becomes more of an awareness and detection issue for the everyday shopper. In his view, the key is to understand the risk and set up some safeguards.
Among the online safeguards that Kanady recommends for online shoppers are the following:

Set up text-based alerts on your bank/credit account for any transaction over a certain dollar amount. It could be $1.Set up accounts that are only used when shopping online. Segregating your accounts will prevent fraud on your high-value accounts like your checking account.Do not opt-in on saving your credit card information for later billing.Use prepaid cards or a PayPal account for online shopping, allowing for an extra layer between the attacker and your real accounts.
_Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

OnePlus Website Hack Leads to Theft of Credit Card Information_

----------


## harrybarracuda

Google, Amazon Among IT Giants Backing Microsoft in Supreme Court Case
By: Pedro Hernandez | January 19, 2018


Major technology companies, lawmakers and media organizations rally behind Microsoft in a U.S. Supreme Court case with implications for the cloud computing market.


Amazon, Apple and Google are among the many IT giants that are siding with Microsoft in a closely watched email privacy case that has made its way to the U.S. Supreme Court.


The industry heavyweights were among the 288 signatories on 23 amicus, or friend of the court, briefs filed on Jan. 18 in support of Microsoft and its legal battle against the U.S. Department of Justice, announced the Redmond, Wash., software maker's president and chief legal officer, Brad Smith. Microsoft's lawyers are set to appear before the nation's top court on Feb. 27, with a decision expected to be handed down by June.


Microsoft is challenging the DOJ's efforts to obtain user emails stored in an Irish data center with the use of a search warrant. The company experienced a similar groundswell of industry support in 2014 after it filed an appeal of U.S. District Judge Loretta Preska's controversial ruling ordering Microsoft to turn over the emails, an appeal it won in July 2016. However, the U.S. Supreme Court granted a DOJ petition to review the case in October 2017.


Reiterating Microsoft's stance, Smith said that the DOJ's attempts to access a foreign user's emails is "a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk," in a Jan. 19 announcement. "If the U.S. government obtains the power to search and seize foreign citizens' private communications physically stored in other countries, it will invite other governments to do the same thing. If we ignore other countries' laws, how can we demand that they respect our laws?"


Smith also made the argument that the DOJ's position can harm the American economy and its workers, since the world's top cloud computing companies hail from the United States. Foreign customers may come to distrust American companies that operate data centers overseas if the U.S. government can unilaterally obtain data from those facilities, he said.


Microsoft's arguments appear to be resonating with the IT industry.


Cisco, Dropbox, eBay, Facebook, HP, Salesforce, SAP and Verizon are among the companies represented in an amicus brief filed on behalf of technology companies. IBM, in an individually filed brief, stated that "[a] rule allowing the government to obtain cloud data stored abroad by a U.S.-based company will significantly disadvantage U.S. cloud services providers when it comes to competing for enterprise clients, who may prefer to use cloud services from a company with no presence in the United States."


Tech companies aren't the only ones rallying behind Microsoft.


Five members of the Congress have joined the cause, namely Senators Orrin Hatch (R-UT) and Christopher Coons (D-DE), along with Doug Collins (R-GA), Darrell Issa (R-CA) and Hakeem Jeffries (D-NY) of the U.S. House of Representatives. Abroad, a number of members of the European Parliament, including The UK's Claude Moraes and Germany's Manfred Weber, are backing Microsoft.


Media organizations include The Associated Press Media Editors, CNN, Fox News, NPR and Thomson Reuters Markets. A number of trade organizations, including the U.S. Chamber of Commerce and Information Technology and Innovation Foundation (ITIF), have also voiced their support.


Copies of the amicus briefs can be found here and a list of signatories is available here.

Apple, Google and IBM Support Microsoft in Supreme Court Case

----------


## baldrick

> Reiterating Microsoft's stance, Smith said that the DOJ's attempts to access a foreign user's emails is "a path that will lead to the doorsteps of American homes by putting the privacy of U.S. citizens' emails at risk,"


this is what fcuks me about all these lawsuits

the us of farking a says  " youse all belong us laws " and fcuk you

they will try to have every other fcuker in the world arrested to comply with their corporate kleptocracy , but like fcuk they will send one of their scumbags to answer to another countries laws

they have mounted the slippery slope and should not be surprised as their cherished model of enforced theft starts to be targeted as tech accelerates faster than the dinosaurs can legislate their protections

----------


## harrybarracuda

> this is what fcuks me about all these lawsuits
> 
> the us of farking a says  " youse all belong us laws " and fcuk you
> 
> they will try to have every other fcuker in the world arrested to comply with their corporate kleptocracy , but like fcuk they will send one of their scumbags to answer to another countries laws
> 
> they have mounted the slippery slope and should not be surprised as their cherished model of enforced theft starts to be targeted as tech accelerates faster than the dinosaurs can legislate their protections


I think the people trying to enforce this warrant have not a fucking clue about technology. Probably even less than Buttplug.

----------


## Dragonfly

technology is irrelevant in those battles, only a complete social retard like Harry or Baldrick would fall for it and think they have it all figure out in technical terms

no wonder they focus so much on buying bitcoins and think they will get away with it, the silly clowns  :rofl:

----------


## harrybarracuda

> technology is irrelevant in those battles, only a complete social retard like Harry or Baldrick would fall for it and think they have it all figure out in technical terms
> 
> no wonder they focus so much on buying bitcoins and think they will get away with it, the silly clowns



Told you. Like a moth to a fucking flame.

 :smiley laughing:

----------


## baldrick

Butterfluffer is the canary

----------


## harrybarracuda

*DuckDuckGo offers new privacy extension and app*

DuckDuckGo, the company behind the eponymous privacy-minded Internet search engine, has announced a new browser extension and mobile app: DuckDuckGo Privacy Essentials.





It makes DuckDuckGo the default search engine (this features is optional  it can be switched off).



Forces websites to serve users with an encrypted version (i.e., HTTPS version) of the site  if its available.

Blocks all hidden, third-party trackers it can find and provides users with a list of them.Provides information about websites terms of service and privacy policies.

That last feature is based on the scores and analysis results by the Terms of Service Didnt Read (TOSDR) service and, unfortunately, the results might be incomplete and outdated. DuckDuckGo founder Gabriel Weinberg says that they are working with TOSDR to help them to rate and label as many websites as possible.

Once you start using the new app and browser extension, youll quickly notice something: hardly any website currently gets an A on privacy. Thats because hardly any website out there truly prioritizes your privacy, Weinberg noted.
The goal of the extension/app is to make it visible to users which sites track them and how, and which sites care about user privacy.

As more people start taking their privacy back online, the companies who make money off our personal information will be put on more notice, and well collectively raise the Internets privacy grade, ending the widespread use of invasive tracking, he hopes.

The new extension and app are available for Firefox, Safari, Chrome, iOS, and Android. They are open source, and the code is available on GitHub.



https://www.helpnetsecurity.com/2018/01/24/duckduckgo-privacy-app/

----------


## david44

Norse Code

The healthcare sector is known to be a target for hackers, and the healthcare sector in Norway is no exception. 2,8 m patient records lost is equal to half of Norways total population, and as such must be considered a major breach, Roer noted.

Send for Inspector Morse

----------


## harrybarracuda

> Norse Code
> 
> “The healthcare sector is known to be a target for hackers, and the healthcare sector in Norway is no exception. 2,8 m patient records lost is equal to half of Norway’s total population, and as such must be considered a major breach,” Roer noted.
> 
> Send for Inspector Morse


See Post #508

----------


## Latindancer

Last year was a banner year for cybercrime. More data was stolen in the first six months of 2017 than in the entirety of 2016. They call it "explosive data exfiltration".  :Smile: 


https://www.helpnetsecurity.com/2018...-exfiltration/

----------


## harrybarracuda

> Last year was a banner year for cybercrime. More data was stolen in the first six months of 2017 than in the entirety of 2016. They call it "explosive data exfiltration". 
> 
> 
> https://www.helpnetsecurity.com/2018...-exfiltration/


Amazes me how many companies can't do the simple thing of measuring their normal traffic and setting a baseline.

Once you've done that you can just monitor for exceptions and be alerted if large amounts of data start moving where they are not supposed to.

There are lots of free, open source Netflow analyzers and it simply requires a little bit of work.

----------


## harrybarracuda

Details in the link.




> *How to Check If You're Infected with CrossRAT?*
> 
> 
> Since CrossRAT persists in an OS-specific manner, detecting the malware will depend on what operating system you are running.
> 
> For Windows:
> 
> Check the 'HKCU\Software\Microsoft\Windows\CurrentVersion\Ru  n\' registry key.If infected it will contain a command that includes, java, -jar and mediamgrs.jar.
> For macOS:
> ...



https://thehackernews.com/2018/01/crossrat-malware.html

----------


## harrybarracuda

*Unauthorized Monero Mining Campaign Impacting Up to 30M Systems*By: Sean Michael Kerner| January 26, 2018


*The Palo Alto Networks Unit 42 security research team reveals a new cryptocurrency attack that makes use of URL shorteners to trick users into installing Monero mining software.

*
Palo Alto Networks is warning of a new cryptocurrency mining attack that is using URL shorteners as a way to infect victims' systems.
In a Jan. 24 report, the Palo Alto Networks Unit 42 security research group revealed that up to 30 million systems may be impacted by the attack, which has been ongoing since October 2017. The attack payload installs the open-source XMRig mining software on a victim's machine to consume CPU resources and mine the Monero cryptocurrency. It's currently not known who is behind the new attack.

Attackers Use URL Shorteners in Cryptocurrency Mining Attack

----------


## harrybarracuda

*Privacy Tools Adds Transparency to Microsoft Windows Data Collection*By: Pedro Hernandez| January 25, 2018


*The upcoming Windows Diagnostic Data Viewer app and revamped Privacy Dashboard will allow users to see the data Microsoft has collected on them.

*
Wondering exactly what kind of data Windows is sending to Microsoft? A new tool, called the Windows Diagnostic Data Viewer, lifts the veil on the previously opaque communications between Windows PCs and Microsoft's telemetry-gathering operations.
To many Windows users, particularly those concerned about the privacy of their data, it comes as no surprise that Microsoft's operating system can collect and transmits data regarding a PC's configuration, device health, application usage and other information.
Microsoft analyzes this data to shed light on how the system software is faring across a wide variety of hardware combinations and usage patterns, information that the software maker then uses to address issues, improve the OS and help guide the software giant's ongoing OS development efforts.


It's a practice that stoked privacy concerns when Windows 10 first hit the scene. Privacy advocates were alarmed by breadth of information Microsoft collected on people who used its operating system software and cloud services.
Soon, with the Windows Diagnostic Data Viewer, users will be able to see exactly what kind of data their Windows 10 PCs are sharing with Microsoft, announced Marisa Rogers, the Windows and Devices Group Privacy Officer at Microsoft.
"Our commitment is to be fully transparent on the diagnostic data collected from your Windows devices, how it is used, and to provide you with increased control over that data. This is all part of our commitment to increase your trust and confidence in our products and services," she wrote in a Jan. 24 blog post, authored just days before Data Privacy Day (Jan. 28).
"You are able to see and search all Windows diagnostic data that's in the cloud related to your specific device," continued the executive. Users will be able to view information on their devices and their configurations, including connected peripherals, settings and the network information pertaining to a given device.
Delving deeper, Windows Diagnostic Data Viewer can show reliability and performance information, along with data on a user's file queries and movie consumption. Alarming as it may sound to some users, Rogers claimed that the "functionality is not intended to capture user viewing or, listening habits."
Users can also explore their application usage, along with an inventory of installed applications and device updates.
Windows Diagnostic Data Viewer will be released to the Microsoft Store app marketplace as part of the next major Windows 10 update. Members of the Windows Insider program can take the app for an early spin.
In addition to the viewer app, Microsoft has revamped its Privacy Dashboard, providing users with a clearer view of the data that is saved to their Microsoft accounts.  More updates are on the way, stated Rogers.
An updated Activity History page will soon allow users to access and manage their media, product and Microsoft services activity information. Additionally, users will be able to export their dashboard data and delete specific items.

New Privacy Tools Lets Users View Data Windows Sends to Microsoft

----------


## harrybarracuda

Hackers forced US ATM machines to spit out cash
on Sunday, January 28, 2018


Two of the world's largest ATM manufacturers in the US, Diebold Nixdorf Inc and NCR Corp have warned their clients  that hackers are targeting their machines with tools that force them to spit out money via hacking schemes “jackpotting.”


Both the makers have not identified any victims or how much money they had lost till now.


The attack was reported for the first time on 27 January by the security news website Krebs on Security. Immediately, companies sent out alerts to clients warning of the trend on Saturday.


'This should be treated by all ATM deployers as a call to action to take appropriate steps to protect their ATMs against these forms of attack,' the company said.


Jackpotting has been widely used around the world in recent years, but still, it is unclear how much cash has been stolen because victims and police do not disclose details.


Diebold Nixdorf has admitted that US authorities had warned them about one of its ATM models Opteva, which they stopped manufacturing several years ago,  being targetted by the hackers, but they did not take the warning seriously.


 Krebs on Security reported, "a confidential US Secret Service alert sent to banks said the hackers targeted stand-alone ATMs typically located in pharmacies and big-box retailers as well as drive-thru ATMs."


However, Federal Bureau of Investigation has started investigating the matter.


http://www.ehackingnews.com/2018/01/hackers-forced-us-atm-machines-to-spit.html

----------


## harrybarracuda

*You publish 20,000 clean patches, but one goes wrong and you're a PC-crippler forever*

*Malwarebytes pushed a patch, then a patch for the patch*

By Richard Chirgwin 29 Jan 2018 at 03:04


Security software vendor Malwarebytes has overwritten two updates to its products and apologised to users who found their machines turned into near-bricks.
The problem started with a production update the company pushed out last Friday, which sent users to their keyboards complaining of excessive RAM and CPU consumption.
Affected products included Malwarebytes for Windows Premium, Malwarebytes for Windows Premium Trial, Malwarebytes Endpoint Security (MBES) and Malwarebytes Endpoint Protection (Cloud Console).
Irritated users lit up the company's forums with hundreds of messages about the issue.
The company moved to resolve the issue, but its first fix failed and users kept venting. That led to this Sunday apology, as the company pushed out a second fix.
The root cause of the issue was a malformed protection update that the client couldnt process correctly, the apology post said, something Malwarebytes says is rare since we have pushed upwards of 20,000 of these protection updates routinely.
The company also published the timeline below, in its analysis [PDF] of the issue.





The company explained that the snafu arose because of work to try and improve its Web protection detection syntax controls.
Recently we have been improving our products so that we can show the reason for a block, i.e. the detection 'category' for the web protection blocks. In order to support this new feature, we added enhanced detection syntaxes to include the block category in the definitions. The unfortunate oversight was that one of the syntax controls was not implemented in the new detection syntax, which cause the malformed detection to be pushed into production. ®


https://www.theregister.co.uk/2018/0..._patchy_patch/

----------


## harrybarracuda

Keylogger campaign infects 2,000 WordPress sites
Monday, January 29, 2018 |




Security researchers have discovered over 2,000 WordPress sites —possibly more— infected with a keylogger that's being loaded on the WordPress backend login page and a crypto jacking script (in-browser cryptocurrency miner) on their frontends.


Researchers at Sucuri who made the discovery said the recent campaign is tied to threat actors behind a December 2017 campaign. Both incidents used a keylogger/cryptocurrency malware called cloudflare[.]solutions. The name is derived from the domain used to serve up the malicious scripts in the first campaign, cloudflare[.]solutions.


Cloudflare[.]solutions is in no way related to network management and security firm Cloudflare.


The attack is quite simple. Miscreants find unsecured WordPress sites —usually running older WordPress versions or older themes and plugins— and use exploits for those sites to inject malicious code into the CMS' source code.


Attackers use injection scrips on WordPress sites with weak or outdated security. “The cdjs[.]online script is injected into either a WordPress database (wp_posts table) or into the theme’s functions.php file,” Sinegubko wrote.


HTLM is obfuscated to include JavaScript code, such as “googleanalytics.js”, that load the malicious scripts “startGoogleAnalytics” from the attackers’ domains.


The malicious code includes two parts. For the admin login page, the code loads a keylogger hosted on a third-party domain. For the site's frontend, crooks load the Coinhive in-browser miner and mine Monero using the CPUs of people visiting the site.


“While these new attacks do not yet appear to be as massive as the original cloudflare[.]solutions campaign, the reinfection rate shows that there are still many sites that have failed to properly protect themselves after the original infection,” wrote Denis Sinegubko, a senior malware researcher at Sucuri who authored research blog this week.


For the late-2017 campaign, crooks loaded their keylogger from the "cloudflare.solutions" domain. Those attacks affected nearly 5,500 WordPress sites but were stopped on December 8 when the registrar took down the miscreants' domain.


Keylogger campaign infects 2,000 WordPress sites - E Hacking News

----------


## harrybarracuda

Microsoft Issues Out-of-Band Fix for Intel’s Broken Spectre Patch
Infosecurity 20h

Microsoft has been forced to issue an out-of-band patch to fix problems caused by a buggy Intel update for one of the Spectre vulnerabilities disclosed earlier this month.
The Redmond fix (KB4078130) was issued over the weekend and disables the mitigation for branch target injection vulnerability CVE-2017-5715.
The fix covers Windows 7 (SP1), Windows 8.1 and all versions of Windows 10, for client and server.
Intel first reported “reboot issues” for Broadwell and Haswell platforms on January 11.
Last week it claimed to be making good progress on fixing the problem, and recommended that in the meantime “OEMs, cloud service providers, system manufacturers, software vendors and end users stop deployment of current versions, as they may introduce higher than expected reboots and other unpredictable system behavior.”
The chip giant then claimed during its fourth quarter financials that the ‘fix’ may also lead to “data loss or corruption.”
Microsoft agreed, but said its new out-of-band update reverses the problem. It can be applied by downloading from the Microsoft Update Catalog website or – for advanced users – via registry setting changes.
Microsoft added:
“As of January 25, there are no known reports to indicate that this Spectre variant 2 (CVE 2017-5715 ) has been used to attack customers. We recommend Windows customers, when appropriate, reenable the mitigation against CVE-2017-5715 when Intel reports that this unpredictable system behavior has been resolved for your device.”
This is the second unscheduled fix Redmond has been forced to issue since the Spectre and Meltdown flaws were made public at the start of the year.
The previous one was issued in the first week of January to address the Meltdown vulnerability, but itself ended up causing problems for customers because of compatibility issues with some AV tools. These caused blue screen (BSOD) errors for some customers.

https://www.infosecurity-magazine.co...nd-fix-intels/

----------


## david44

https://www.economist.com/blogs/gull...8/01/free-bird full post in news for those unable to open link

----------


## harrybarracuda

Techrader says the best free antimalware of 2018 is Bitdefender.


It does seem to have an impressive feature set for a freebie.


Details here:

The best free anti-malware software 2018 | TechRadar

----------


## pseudolus

I used it for a while, but changed again. Can't precisely remember why but irritating "please upgrade" pop ups all the time seems to ring a bell.

----------


## harrybarracuda

> I used it for a while, but changed again. Can't precisely remember why but irritating "please upgrade" pop ups all the time seems to ring a bell.


Well all the free ones tend to do that...  they want your subscription.

----------


## harrybarracuda

Last year, attackers linked to the Russian hacking group APT28 (sometimes called Fancy Bear) started hacking like its 1999 with Microsoft Word-based malware that doesnt trigger security warnings along the way. These types of attacks are called macro-less malware because they bypass the security warnings added to Microsoft Office programs in response to traditional macro malware like the Melissa virus at the end of the 20th century.

In a November 2017 analysis, security giant McAfee noted one APT28 campaign that used a combination of phishing and macro-less malware to drop spyware onto victim computers.

Macro-less malware exploits a Microsoft protocol called Dynamic Data Exchange (DDE) to run malicious code within Microsoft Office documents. DDE has its legitimate uses too, mainly to share data between applications. In this case, attackers can use DDE to launch other applications, like PowerShell, and execute malicious code.

These new DDE attacks still require some amount of user interaction, just like traditional Office macro attacks. In order for the malicious DDE code to execute, the attacker must convince the victim to disable Protected Mode and click through at least one additional prompt. Where they differ from traditional Office macro attacks though, is how the prompts are framed to the user.

With Microsoft Office 2003 and later, Microsoft changed macro warning prompts to highlight their security implications, using yellow shields and prominent Security Warning messages. DDE execution prompts however, are simple grey boxes, sometimes with no mention of security, that ask users This document contains links that may refer to other files. Do you want to update this document with the data from the linked file? In other words, DDE is now handled similarly to how traditional macros were handled 20 years ago back in Office 97. New attack method, but the same user interaction.

Both traditional macro malware and macro-less malware have the same end result  they allow attackers to leverage the Microsoft Windows scripting engine to download and execute malicious payloads. While macros can embed Visual Basic code directly into a Word document, DDE must launch a separate application, like PowerShell, to perform complex tasks like downloading and executing malware.

So why are attackers doing this? Macro-less malware attacks are successful for the same reason that macro malware has stuck around for over 20 years. A large amount of end users simply do not read pop up prompts before clicking yes. Attackers often increase their chances of successfully infecting their targets by using social engineering tactics like explicit instructions to accept all prompts in order to view the important message. Bad actors are notorious for recycling anything that works, so its common for malicious tactics like this to resurface in different forms time and time again.

Luckily, there are steps you can take to protect yourself. In the wake of the APT28 attacks, Microsoft published a security advisory with instructions for enabling DDE controls to disable the protocol entirely. Many advanced malware sandboxing solutions can detect DDE-based malware and stop it from ever entering your network. Most importantly though, end users need to be trained to spot phishing attacks and the social engineering tricks that attackers use to trick their victims into clicking through DDE prompts.

Microsoft has already started to improve Offices handling of macro-less malware by adding several behind-the-scenes controls to stop malicious DDE code in its tracks. It likely wont be long until Microsoft improves their DDE security prompts to provide better guidance to would-be victims. But, these prominent security warnings have failed to end macro malware, which means both types of attacks are still something to watch out for in the future. As always, when in doubt, dont click on anything you dont understand or expect.

https://www.helpnetsecurity.com/2018/02/05/macro-less-malware/

----------


## harrybarracuda

*Flaw in Grammarly’s extensions opened user accounts to compromise*A vulnerability in the Grammarly Chrome and Firefox extensions allowed websites to read users’ authentication tokes and use to them to log in to the users’ Grammarly accounts and access all the (potentially sensitive) information held in them.
The vulnerability was discovered by Google project Zero researcher Tavis Ormandy, who reported it to Grammarly on Friday.
“I’m calling this a high severity bug because it seems like a pretty severe violation of user expectations. Users would not expect that visiting a website gives it permission to access documents or data they’ve typed into other websites,” Ormandy noted.
He also provided proof-of-concept code for triggering the bug.
By Monday, the company pushed out a new version of the popular extension, with the hole plugged.
“At this time, Grammarly has no evidence that any user information was compromised by this issue. The bug potentially affected text saved in the Grammarly Editor,” the company stated on Tuesday.
“This bug did not affect the Grammarly Keyboard, the Grammarly Microsoft Office add-in, or any text typed on websites while using the browser extension. The bug is fixed, and there is no action required by our users. We’re continuing to monitor actively for any unusual activity.”
Ormandy praised the company’s swiftness in responding to the report and issuing the fix.
“I’ve verified that Mozilla now also has the update, so users should be auto-updated to the fixed version,” he noted.
The vulnerable Chrome extension has been downloaded by over 10 million users. The Firefox Grammarly extension has over 600,000 users.

https://www.helpnetsecurity.com/2018...vulnerability/

----------


## harrybarracuda

Once again, the record has been broken for both the most breaches and the most data compromised in a year. There were 5,207 breaches recorded last year, surpassing 2015s previous high mark by nearly 20%, according to the 2017 Data Breach QuickView Report by Risk Based Security.

The number of records compromised also surpassed all other years with over 7.8 billion records exposed, a 24.2% increase over 2016s previous high of 6.3 billion.

The level of breach activity this year was disheartening, commented Inga Goddijn, Executive VP for Risk Based Security. We knew things were off to a bad start once the phishing season for W-2 data kicked into high gear. But by the time April 18th came and went, breach disclosures leveled off and we went into summer hopeful the worst was behind us. Unfortunately, that wasnt the case.
*
Record number of exposed records*

In addition to the number of breaches and amount of data lost, 2017 stood out for another reason. For the past eight years, hacking has exposed more records than any other breach type. In 2017, breach type Web  which is largely comprised of accidentally exposing sensitive data to the Internet  took over the top spot compromising 68.8% or 5.4 billion records.

Hacking still remained the leading breach type, account for 55% of reported incidents, but its impact on records exposed fell to the number two spot, with 2.3 billion records compromised. For the first time since 2008, inadvertent data exposure and other data mishandling errors caused more data loss than malicious intrusion into networks.

Were seeing a lot of interest in calling out organizations that mishandle sensitive data, said Ms Goddijn. Several of the security researchers that are actively engaged in searching for exposed datasets are no longer willing to keep their findings confidential. Likewise, more individuals are calling out breaches when they discover their own data is exposed.
*
Aetna breach*

A prime example of this is the August breach impacting 11,887 Aetna members. An unnamed mail processing vendor working for Aetna sent letters to HIV patients, informing them of changes to the prescription fulfillment process. Unfortunately the letter shop used envelopes with an especially large glassine window, exposing highly sensitive HIV status information.

The breach was brought to light by a letter recipient  triggering both civil lawsuits and an investigation by the New York Attorney General and ending with Aetna agreeing to pay $18.3 million in order to settle the various proceedings. While this is an extreme example, 2017 saw many other situations where customers, clients and unrelated third parties discovered the problem and chose to take action.

*Types of breaches*

Comparing the number of breaches discovered internally to the number of breaches found by outsiders highlights one dynamic behind the trend. Of the 3,904 breaches with a confirmed discovery method, only 728 or 18.6%, were discovered by the organization responsible for protecting the data.

The remaining 3,176 were found by law enforcement, external fraud detection or monitoring, customers, or unrelated parties including disclosure by the malicious actors themselves. While there is not a direct correlation between discovery method and interest in publicizing breach activity, this data does show that the majority of breaches still go undetected by the compromised organization.

https://www.helpnetsecurity.com/2018...activity-2017/

----------


## Latindancer

One of the world’s most popular free VPN services is leaking sensitive data on its users, a security researcher has claimed.

 A flaw in Hotspot Shield, which boasts more than 500 million users,  leaks information such as what country a user is located in and the name  of their Wi-Fi network.

https://tech.thaivisa.com/worlds-lea..._campaign=news

----------


## harrybarracuda

If you find yourself hit with something like this, just open Task Manager and kill Chrome. And then stay away from the offending site.

 :Smile: 




> A New Trick discovered to block Visitors and Scare Non-Technical Users into Paying for Unneeded Software and Servicing Fees
> 5 E Hacking News - Latest Hacker News and IT Security News by Medha 
> 
> 
> The administrators of some technical support scam websites have discovered a new trick to block visitors on their shady sites and scare non-technical users into paying for unneeded programming or overhauling charges.
> 
> 
> The trick depends on utilizing JavaScript code stacked on these vindictive pages to start thousands of file download tasks that rapidly take up the client/user's memory assets, solidifying or (freezing more likely) Chrome on the con scammer's webpage.
> 
> ...

----------


## harrybarracuda

> One of the world’s most popular free VPN services is leaking sensitive data on its users, a security researcher has claimed.
> 
>  A flaw in Hotspot Shield, which boasts more than 500 million users,  leaks information such as what country a user is located in and the name  of their Wi-Fi network.
> 
> https://tech.thaivisa.com/worlds-lea..._campaign=news



It's worse than that describes, but I'd expect that from those Thaivisa mongs.





> According to the entry for the vulnerability (CVE-2018-6460) in the National Vulnerability Database, Hotspot Shield runs a webserver with a static IP address 127.0.0.1 and port 895, and the web server uses JSONP and hosts sensitive information including configuration.
> But user-controlled input is not sufficiently filtered: “An unauthenticated attacker can send a POST request to /status.js with the parameter func=$_APPLOG.Rfunc and extract sensitive information about the machine, including whether the user is connected to a VPN, to which VPN he/she is connected, and _what is their real IP address_.”
> According to researcher Paulos Yibelo, who discovered the flaw, the attacker can also extract information such as the users’ country code and Wi-Fi network name, if the user is connected to one.

----------


## harrybarracuda

Meanwhile, on with the show....




> Swiss telecoms giant Swisscom has admitted suffering a data breach late last year which exposed the personal details of around 800,000 customers to unauthorized parties.
> The company, which is majority-owned by the government, claimed that the intruders accessed the data via a sales partner last Autumn.
> Most of those affected were mobile customers, although a “few” fixed network subscribers were also hit. The number of breached customers represents around 10% of the entire population of Switzerland.
> Customers’ names, addresses, telephone numbers and dates of birth were compromised. Although Swisscom maintained this data is “non-sensitive” it would be enough to give fraudsters a useful start to help craft convincing follow-on phishing attacks.
> That said, the firm has claimed no such activity has affected customers as yet.
> “Swisscom discovered the incident during a routine check of operational activities and made it the subject of an in-depth internal investigation,” the company continued.
> “Swisscom stresses that the system was not hacked and no sensitive data, such as passwords, conversation or payment data, was affected by the incident. Rigorous long-established security mechanisms are already in place in this case.”
> After discovering the incident, Swisscom said it blocked the offending partner’s access rights immediately. It promised to introduce two-factor authentication for all sales partners this year, put in place systems to raise the alarm in the case of any unusual activity and make it impossible to run high-volume queries for all customer info.
> Ilia Kolochenko, CEO of High-Tech Bridge, argued that security exposure via partners is still a widely unacknowledged problem.
> ...

----------


## harrybarracuda

*Inside North Koreas Hacker Army*

The regime in Pyongyang has sent hundreds of programmers to other countries. Their mission: Make money by any means necessary. Here's what their lives are like.

In most respects, Jong Hyok looks like any other middle-aged male tech worker you might see on the skyscraper-shadowed streets of Seouls Gangnam district: smartphone in hand, dark-blue winter coat over a casual, open-collared work shirt. Sit him down at a sushi restaurant and start asking him questions, though, and you soon sense that Jong is harboring an extraordinary tale. He slouches, staring intently at the table before him and speaking haltingly, his sentences often trailing away unfinished.


Jong tells you hes in his late 30s, but his tired eyes and wizened skin make him look a decade older. He says hes concerned that youll be indiscreet with details that could expose him or his family. You wonder momentarily if he suspects youre a North Korean spy. But no, youre here to relate the remarkable story of his years spent cracking computer networks and programs to raise money for the regime in Pyongyang.


North Koreas hacking prowess is almost as feared globally as its nuclear arsenal. Last May the country was responsible for an internet scourge called WannaCry, which for a few days infected and encrypted computers around the world, demanding that organizations pay ransom in Bitcoin to unlock their data. A few years before that, North Korea stole and published the private correspondence of executives at Sony Pictures Entertainment, which had produced a Seth Rogen satire of the country called The Interview.


Jong wasnt involved in those attacks, but for half a decade before defecting, he was a foot soldier in North Koreas hacker army. Unlike their counterparts elsewhere, who might seek to expose security vulnerabilities, steal corporate and state secrets, or simply sow chaos, North Korean hackers have a singular purpose: to earn money for the country, currently squeezed by harsh international sanctions for its rogue nuclear program. For most of the time Jong spent as part of this brigade he lived and worked in a crowded three-story home in a northeastern Chinese city. The hackers he shared it with were required to earn up to $100,000 a year, through whatever means they could, and were allowed to keep less than 10 percent of that. If they stepped out of line, the consequences could be severe.


Experts in the South Korean government say that over the years, North Korea has sent hundreds of hackers into neighboring countries such as China, India, and Cambodia, where theyve raised hundreds of millions of dollars. But actually finding one of these cyberwarriors is, for obvious reasons, difficult. Sources in South Koreas government and the North Korean defector community provided Bloomberg Businessweek with the name of someone who has deep knowledge of the latter groupa fixer of sorts. This contact, a middle-aged man who chose his words with painstaking deliberation, asked that his name not be used. After several meetings, he offered the phone numbers of three contacts, requesting that Businessweek shield their identities. Jongwhich is not his real namewas one of them.


For decades, North Koreas government has sought to use modern technology to transform one of the most isolated, impoverished parts of the world. During the 1990s, Kim Jong Il, the father of current leader Kim Jong Un, touted programming as a way for the country to rebuild its economy after years of catastrophic famine. He established technology degrees at Pyongyangs universities and attended annual software-writing contests to put gold watches on the wrists of winners.


Reports from Korea watchers suggest that, sometime in the back half of the decade, Kim Jong Il formed a cyber army designed to expand North Koreas hacking activities. Initially the unit managed only random incursions, on targets like government websites and banking networks, but when Kim died in 2011, his son expanded the program. Soon it was launching attacks more consistently and on more important targets, such as nuclear plants, defense networks, and financial institutions.


Formally, North Korea denies engaging in hacking and describes accusations to that effect as enemy propaganda. It says its overseas computer efforts are directed at promoting its antivirus software in the global market. The country has for more than a decade been working on such programs, including one called SiliVaccine. It also has a homegrown operating system, Red Star, that software developers have pointed out looks suspiciously like macOS. Kim Jong Uns affinity for Apple products is well-known. In 2013, he was photographed sitting in front of an iMac during a meeting with military officials to discuss missile attacks on the U.S.; a picture released a few years later showed him with an Apple laptop on his private jet.


Kim has also moved to make more smartphones available to North Koreas 25 million citizens and begun rewarding computer scientists with nicer homes and higher salaries. And hes sent increasing numbers of them into neighboring countries, where internet access is better and they can more easily hide their tracks. Defectors say programmers cross the border clutching bean paste, hot pepper paste, dried anchovy, and other comforts of home.


Elite programmers? No way. We were just a bunch of poor, low-paid laborers


Jong was part of an earlier wave sent by Kim Jong Il. Born in Pyongyang during the early 1980s, he was raised by parents who were faithful to the Workers Party of Korea and Kim Il Sung, North Koreas founder, who led the party and is Kim Jong Uns grandfather. Growing up, Jong heard tales of his own grandfathers brave fight against Japans imperial army in Manchuria alongside Kim Il Sung during World War II.


As a child, Jongs favorite subject was biology, and he aspired to become a doctor. His parents were supportive, but the state determined from his test scores that he should study computer science. There was no questioning the decision. Heartbroken at first, he eventually became fascinated by the inner workings of computers, and in his junior year of university, in the late 1990s, he was selected by the government to study in China.


The years he spent there were a revelation. A government minder accompanied each delegation, but Jongs was lax, and he managed to go drinking, dancing, and camping with Chinese students. The biggest shock was having almost unlimited access to the internet. The computers back home were so strictly controlled that they were useful mostly for calculating figures or displaying diagrams. The ones in China showed Jong much more of the world. I felt like a colt cut loose on the field, he says.


For a brief moment, North Korea seemed to be moving in a more open direction. During school breaks, Jong would return home to find that some of his wealthier friends owned personal computers. They played video games like Counter-Strike and watched DVDs of South Korean soap operas, which were becoming so easy to obtain that Jong almost believed unification was at hand. Soon, though, government authorities were storming homes to confiscate such material in a crackdown on the so-called yellow wind of capitalism.


Jong graduated and returned home to get his masters degree, for which he worked at a state agency, creating office software. The government was at the time investing in a variety of tech projects, including one that used power lines to transmit data. Once again, Jong glimpsed hope that the regime might see technology as a means for advancement, not just a threat.


After graduation, he went to work for a state-affiliated software development agency. Before he could settle in, the government informed him that it had other plans. He was being moved to China, to conduct software research that would brighten the future of North Koreas information technology sector.


Jong knew exactly what that meant: Go make money for your country.


Not long after, Jong crossed the border on foot and caught a bus to his assigned city. There, he made his way to a relatively large house set on a busy street amid a forest of high-rises. The place was owned by a Chinese tycoon with business ties to Pyongyang. Dozens of graduates from North Koreas elite universitiesall menslept in cots and bunks on the top floor. A warren of cubicles and computers occupied the lower floors, and portraits of Kim Jong Il and Kim Il Sung hung on the walls.


At first Jong didnt have a computer, so he borrowed one from his roommates, promising to pay a rental fee once hed made enough money to buy his own machine. He began his new career by obtaining beta versions of commercial software such as video games and security programs, then making pirate replicas his clients could sell online. Orders came in via word of mouth and broker websites from around the world; many were from China or South Korea, allowing for easier communication.


Each unit was overseen by a chief delegate, a non-coder who arranged transactions and collected payments. A separate minder from North Koreas state police was there to handle security issues. The work was arduous, involving reverse-engineering code and intercepting communications between the source program and the servers of the company that made it. Jong recalls that it took 20 programmers to build a functioning replica of one program. The hackers often found themselves racing to decipher vulnerabilities in a piece of software before its creators could patch the security holes.


Jong got up to speed quickly and was soon considered a senior member of the house. When orders were slow, he and his colleagues hacked gambling sites, peeking at the cards of one player and selling the information to another. They created bots that could roam around in online games such as Lineage and Diablo, collecting digital items like weapons and clothes and scoring points to build up their characters. Then theyd sell the characters for nearly $100 a pop. Every so often, to maintain the facade that he was pursuing research to benefit North Korea, Jong would create scholarly software, for example a data-graphing program, and send it across the border.


All in all, the work was unglamorous. Elite programmers? No way. We were just a bunch of poor, low-paid laborers, Jong recalls. He denies any complicity in the kinds of crimes that security experts have attributed in recent years to North Korea, such as snatching credit card numbers, installing ransomware on corporate servers, and swiping South Korean defense secrets. But he doesnt doubt that such things were going on. North Korea will do anything for money, even if that means asking you to steal, he says.


Any moral qualms that he or other programmers might have felt were subordinated by their mission. They had targets to meetor else. Failing to clear a benchmark known as juk-bol-e (enough to buy a bowl of soup) could mean being sent home. More serious offenses, such as skimming profits or not showing sufficient fealty to the regime, could result not only in repatriation but revolutionization, hard labor at a factory or farm.


On Saturdays the handlers, sometimes alongside visiting officials, would hold two-hour meetings with the units to discuss the philosophies of Kim Il Sung and Kim Jong Il, as well as any new ideological tenets dispensed by Kim Jong Un. Key statements would be memorized and recited in a loyalty pledge of sorts. A few times, Jong says, he dealt with two especially talented hackers who handled military espionage assignments, infiltrating the websites and servers of foreign countries. They were staunchly loyal to the regime, and he was particularly careful not to make any comments they might see as critical.


Jong estimates that he was eventually bringing in around $100,000 a year. Because he and his cohorts were regarded as productive, they were allowed to live relatively well. They enjoyed air conditioning during the summer and ventured into the neighborhood in chaperoned groups. In their spare time they played Counter-Strike, sometimes sneaking down at night to their cubicles to catch up on South Korean soap operas. On Saturdays, after their indoctrination session, they might go outside to the sizable backyard to play soccer, badminton, or volleyball. Twice a year, they would meet with hacking units from across China to celebrate propaganda events such as the blossoming of Kimilsungia and Kimjongilia, orchids named for Kim Jong Uns father and grandfather.


Jongs abilities also led him to be sent on trips elsewhere in China with North Korean officials. As he traveled, he got a view of how the hacker corps were organized and learned that not every unit was as lucky as his. Government agencies and state-affiliated corporations would each send their own units abroad to generate cash. All of their activities were planned and directed by a shadowy branch of the Workers Party called Office 91. The hacking units tended to keep in close touch with North Koreas consulates, gathering there to drink, talk shop, and trade computer gear.


Some hackers barely fed themselves and were just fortunate to have orders to work on


One summer, Jong and some colleagues visited a cramped, run-down building in the northeastern city of Yanji. Living there were a dozen coders whod been sent by North Koreas railways ministry. They were trying to crack high-end software that analyzed live orchestral performances and wrote musical scores. It was the rainy season, and the men worked in shorts and relied on fans to combat the heat and humidity; water dripped from the ceiling.


Stacked against one wall were packages of ramen. Some hackers barely fed themselves and were just fortunate to have orders to work on, Jong says. One of them was being treated for tuberculosis; another had required medical treatment after waking up with a cockroach lodged in his ear. But they werent getting the kind of care his crew would have received.


Other programmers told Jong similarly gruesome stories. He heard about a young coder in Beijing, known for boasting of his elite education, whose colleagues had severely beaten him, shattering his ribs, after finding out hed been receiving kimchi from a South Korean businessman. A hacker in Guangzhou was said to have died of dengue fever a year after leaving his home and children behind. The mans boss apparently decided it would be too expensive to repatriate the body, so it was cremated and six months later another programmer took the ashes home. Hackers joked darkly that while theyd arrived as protein, they might return as powder.


Finally, after hed been working in China for a few years, Jong himself landed in trouble. Hes spare with the details, describing only an unsavory incident involving a government official. He fled before the regime could mete out the inevitable beating or trip home for revolutionization. For two years he roamed southern China, earning money by hacking, sleeping in hotels, and tasting the sort of freedom hed previously only imagined. His last stop in the region was Shenzhen, near Hong Kong, where, after making $3,000 and quickly spending it in ways he vaguely describes as enjoying life, he realized he was tired.


Returning home wasnt an optiondesertion could be punishable by death. Instead, Jong bought a fake Chinese passport for 10,000 yuan (about $1,600), traveled to Bangkok by train and bus, and knocked on the door of the South Korean embassy. He lived inside the compound for a month, undergoing a security check, before being flown to Seoul.


The two other defectors I spoke with confirmed the broad contours of Jongs story, though their own work was somewhat different from his. They were among a group of programmers that North Korea had deployed to China to develop and sell iPhone and Android applications. Using fake identities, they posted on freelancing websites such as Upwork.com and took jobs developing apps for taxi-hailing, online shopping, facial recognitionanything that generated money. They say they were required to make around $5,000 a month for the government, working up to 15 hours a day and operating under the same pressures and threats as Jong and his peers.


One of the defectors, who worked under the auspices of a state agency called the Korea Computer Center, had long been cynical about his country; hed come to hate bellowing out the loyalty oath to Kim Jong Un every Saturday and finally concluded that everything about the regime was a lie. He managed to escape when a Chinese client who liked his work asked to meet in person. He declined at first but changed his mind and wound up confessing that he was from North Korea. When he said he wanted out, the client offered to help.


The other defector says that one day he simply snapped from overwork and left, roaming around China on foot in hopes of encountering one of the South Korean spies hed been warned about before leaving home. For six days he slept inside greenhouses, gyms, any place with a roof, worrying the whole time that hed made a huge mistake. It was already too late, thoughif he went back hed be punished. Finally, he found a shop whose sign indicated it was run by someone from South Korea. The shopkeeper was willing to help.


Lim Jong In, head of the department of cyberdefense at Korea University in Seoul and a former special adviser to South Koreas president, says that North Koreas hacking strategy has evolved since Jong defected. At the programs height, he says, well over a hundred businesses believed to be fronts for North Korean hacking were working in the Chinese border cities of Shenyang and Dandong alone. China has since cracked down on these operations in an effort to comply with United Nations sanctions, but theyve simply been moved elsewhere, to countries such as Russia and Malaysia. Their value to the regimeand to the hackers themselvesis simply too high to forgo. North Korea kills two birds with one stone by hacking: It shores up its security posture and generates hard currency, Lim says. For hackers it offers a fast track to a better life at home.


Jong is doing well for himself in Seoul. He blushes when congratulated for a promotion he recently received at a local software security company, saying he had to work especially hard for it. I feel like my value as a programmer is discounted by half when I tell people Im from North Korea, he says. Others in the 30,000-odd defector community express similar frustrations about their outsider status; some display contempt for their adopted countrys concerns about appearances and money, and recall with pride their homelands penchant for bluntness.


Still, theres no going back. Jong is sometimes visited by South Korean and U.S. agents who ask him for details that might fill holes in ongoing investigations. The South Koreans ask about Office 91what its hackers are like and what theyve worked on in the past. The Americans recently inquired whether he knew anything about a four-story building in Pyongyang where Western-designed semiconductors are photographed and X-rayed for replication.


At night, Jong returns home to a quiet life with his South Korean wife. Their baby son, he says, babbles happily and has just started to walk.


https://www.bloomberg.com/news/features/2018-02-07/inside-kim-jong-un-s-hacker-army

----------


## harrybarracuda

If you have a Netgear, go into Admin and check for a firmware update.






> *Wish you could log into someone's Netgear box without a password? Summon a &genie=1*
> 
> *Get patching  there's this auth bypass and loads of other bugs*
> 
> By Iain Thomson in San Francisco 9 Feb 2018 at 00:34
> 
> 
> If you're using a Netgear router at home, it's time to get patching. The networking hardware maker has just released a tsunami of patches for a couple of dozen models of its kit.
> 
> ...

----------


## harrybarracuda

Probably good practice, but will probably cause a few people to panic.

But of course if you read this thread you won't bat an eyelid, because you'll know all about it.

 :Smile: 




> Google announced earlier today plans to mark all HTTP sites as "Not Secure" in Chrome, starting with July 2018, when the company plans to release Google Chrome 68.
> The company's decision comes after HTTPS adoption increased among website owners and a large chunk of today's traffic is now encrypted.
> Google said that more than 68% of Chrome traffic on both Android and Windows and over 78% of Chrome traffic on both Chrome OS and Mac, is now being sent via HTTPS.


https://www.bleepingcomputer.com/new...ing-july-2018/

----------


## harrybarracuda

Handy if you want to stop your curiosity getting the better of you:




> If you ever come across a link in email or on a website, always hover your mouse cursor over it to see the destination URL at the bottom of the browser to ensure it’s safe. But, this trick doesn’t work with shortened URLs that are quite common these days on social media websites.
> 
> However, this also doesn’t mean you have to facecheck every short URL and risk your security. There are multiple ways to check what’s behind a shortened URL without opening it. And in this post, I’ll show you how to do it on your PC and your smartphone.
> 
> 
> *Use the built-in preview*
> 
> Most of the popular link shortening services let you preview the link by tweaking the shortened URL. Just memorize these simple tweaks, and for most short URLs you won’t have to depend on a third-party service. Below is the list of preview tweaks:
> *
> ...

----------


## harrybarracuda

Over 4000 websites including several belonging to UK and US government agencies were found over the weekend to be running hidden crypto-mining malware.

Security researcher Scott Helme first investigated the website of the Information Commissioners Office (ICO) after a tip-off that AV filters were raising red flags.

At first the obvious thought is that the ICO were compromised so I immediately started digging into this after firing off a few emails to contact people who may be able to help me with disclosure. I quickly realised though that this script, whilst present on the ICO website, was not being hosted by the ICO, it was included by a third-party library they loaded he explained.

If you want to load a crypto miner on 1,000 websites you don't attack 1,000 websites, you attack the one website that they all load content from. In this case it turned out that Texthelp, an assistive technology provider, had been compromised and one of their hosted script files changed.

It turned out that attackers had compromised a JavaScript file which was part of the Texthelp Browsealout product, adding malicious code which effectively installed the CoinHive miner.

Some of the sites affected by CoinHive included United States Courts, the General Medical Council, the UKs Student Loans Company, NHS Inform and many others.
Helme argued that mitigating the attack only requires a small code change to how the Browsealoud script is loaded.

What I've done here is add the SRI Integrity Attribute and that allows the browser to determine if the file has been modified, which allows it to reject the file. You can easily generate the appropriate script tags using the SRI Hash Generator and rest assured the crypto miner could not have found its way into the page, he explained.

To take this one step further and ensure absolute protection, you can use Content Security Policy and the require-sri-for directive to make sure that no script is allowed to load on the page without an SRI integrity attribute.

The good news is the attack took place on Sunday morning and Texthelp has been quick to recognise the issue and take its service temporarily offline to fix it.

Crypto-mining is an increasingly popular way for cyber-criminals to make money; in fact, many are turning away from ransomware to focus on the new tactic, according to Cisco Talos.

IBM claimed to have seen a six-fold increase crypto-mining malware attacks between January and August 2017.

https://www.infosecurity-magazine.co...found-on-4000/

----------


## harrybarracuda

In case you're interested in what security features Microsoft are adding to Windows 10 with each new update...




> *Whats new in Windows 10 security features: The anti-ransomware edition*
> 
> *Here's what you need to know about each security update to Windows 10 as they roll out from Microsoft. Now updated for 1709, Fall Creators Edition.*
> 
> 
> With the new era of Windows as a service, Microsoft is rolling out changes to the operating system twice a year. Many of those changes will allow you to improve your security posture and offer more security choices. You no longer have to wait for a new operating system to deploy new security features.
> 
> Below is a summary of all the new security features and options in Windows 10 version 1709, also known as the Fall Creators Edition. Bookmark this article, because we will be adding new security features as Microsoft releases future Windows updates.
> 
> ...

----------


## harrybarracuda

An Essex man has been given two years in jail for running a website which allowed would-be hackers to test whether their malware could bypass AV filters.
Goncalo Esteves, of Cape Close, Colchester, operated the reFUD.me site which charged visitors to test their tools against anti-malware scanners.
Using the pseudonym 'KillaMuvz', he also sold custom-made malware-disguising products and offered technical support to users.
These products are known as 'crypters' — tools which can be used by black hats to help evade AV.
Esteves sold his Cryptex Lite product for $7.99/month, while a lifetime license for Cryptex Reborn cost $90. He also provided support via a dedicated Skype account and accepted payment in conventional currency, Bitcoin or even Amazon vouchers.
His PayPal account alone netted him £32,000 between 2011 and 2015, although the amount received in Bitcoin and Amazon vouchers is unknown.
“Esteves helped hackers to sharpen their knives before going after their victims. His clients were most likely preparing to target businesses and ordinary people with fraud and extortion attempts,” argued Mike Hulett, head of operations at the National Crime Agency’s National Cyber Crime Unit (NCA NCCU).
“He made a fair bit of money, but he’d probably have made much more, and certainly for longer, if he’d pursued a legitimate career in cybersecurity.”
The NCA also thanked Trend Micro, which helped conduct a joint operation with the agency to catch Esteves.
This came after the two parties signed an MoU in 2015 formalizing their co-operation in the form of a ‘virtual team’ comprising members of the NCCU and Trend Micro’s Forward Looking Threat Research team (FTR).
Esteves was sentenced at Blackfriars Crown Court in relation to two charges under the Computer Misuse Act.

https://www.infosecurity-magazine.co...stermind-gets/

----------


## harrybarracuda

Microsoft has deluged administrators with this month’s patch update round, fixing a total of 50 CVEs, 14 of them listed as critical.
Most experts have highlighted CVE-2018-0825 for urgent treatment. It’s an RCE flaw in Structured Query.
“This bug allows an attacker to get code execution through vulnerable versions of Microsoft Outlook. What’s truly frightening with this bug is that the Preview Pane is an attack vector, which means simply viewing an email in the Preview Pane could allow code execution,” explained Dustin Childs of the Zero Day Initiative.
“The end user targeted by such an attack doesn’t need to open or click on anything in the email – just view it in the Preview Pane. If this bug turns into active exploits – and with this attack vector, exploit writers will certainly try – unpatched systems will definitely suffer.”
Also worthy of note is the single publicly disclosed vulnerability in the list: CVE-2018-0771 is a Security Feature Bypass flaw in Edge that could allow an attacker to host a specially crafted website designed to exploit the vulnerability.
“Compromised websites and websites that accept or host user-provided content or advertisements are also susceptible,” explained Ivanti director of product management, Chris Goettl. “The attacker could force the browser to send data that would otherwise be restricted.”
Goettl also flagged a number of elevation of privilege flaws which could be leveraged by hackers who have already infiltrated systems, for example during an APT-style attack.
“CVE-2018-0820 (a vulnerability in the Windows Kernel), CVE-2018-0821 (Windows AppContainer), CVE-2018-0822 (NTFS Global Reparse Point), CVE-2018-0826 (Windows Storage Services), CVE-2018-0844 (Windows Common Log File System Driver), CVE-2018-0846 (Windows Common Log File System Driver), and CVE-2018-0823 (Named Pipe File System) each have an exploit index of 1 for the latest Windows versions,” he explained.
“These updates cover a lot of services and the kernel so the monthly OS updates will affect a broad surface area. This is also a good example of the importance of layered security. If you are running least privilege for users in your environment, vulnerabilities such as these can still enable an attacker to gain full control of a system.”
Elsewhere there was plenty from Adobe to keep admins busy this month: APSB18-02resolves 41 vulnerabilities, including 17 critical ones.
Most urgent is the out-of-band update released earlier this month to fix a zero-day actively being exploited in the wild.

https://www.infosecurity-magazine.co...-flaws-to-fix/

----------


## harrybarracuda

Try as I might I can't get TD to upload an expandable version of this, so just click the link.

https://hakin9.org/ransomware-gone-g...s-slowing-tsg/

----------


## harrybarracuda

The North Korean–linked hacking group known as Reaper is expanding its operations in both scope and sophistication, and it has now graduated to the level of an advanced persistent threat.
According to FireEye, the threat actor has carried out long-term targeting of North Korea’s interests in South Korea since 2013, but it’s now focusing on multinational campaigns using advanced capabilities. For instance, the group recently exploited a zero-day vulnerability in Abode Flash Player, CVE-2018-4878, which represents a concerning level of technical sophistication.
“The slow transformation of regional actors into global threats is well established,” the firm said in a report on the group, which has added a new moniker to its name: APT37. “Minor incidents in Ukraine, the Middle East and South Korea have heralded the threats, which are now impossible to ignore. In some cases, the global economy connects organizations to aggressive regional actors. In other cases, a growing mandate draws the actor on to the international stage. Ignored, these threats enjoy the benefit of surprise, allowing them to extract significant losses on their victims, many of whom have never previously heard of the actor.”
Reaper has set its sights primarily on corporations in vertical industries, including chemicals, electronics, manufacturing, aerospace, automotive and healthcare – and has been seen recently targeting Japan, Vietnam and the Middle East. It uses social engineering tactics tailored specifically to desired targets, strategic web compromises and torrent file-sharing sites to distribute malware more indiscriminately.
That malware represents a diverse bag of tricks to be used for both initial intrusion and data exfiltration, including custom malware used for espionage purposes. Its tool set includes access to zero-day vulnerabilities and destructive wiper malware, FireEye said.
The firm also noted that it’s possible that APT37’s distribution of malware via torrent websites could assist in creating and maintaining botnets for future distributed denial-of-service (DDoS) attacks, or for other activity such as financially motivated campaigns or disruptive operations.
As far as attribution, “disruptive and destructive cyber-threat activity (including the use of wiper malware, public leaks of proprietary materials by false hacktivist personas, DDoS attacks and electronic warfare tactics such as GPS signal jamming) is consistent with past behavior by other North Korean actors,” the firm said. FireEye also detected malware development artifacts that points to Pyongyang, and the targeting aligns with North Korean state interests.
“North Korea has repeatedly demonstrated a willingness to leverage its cyber capabilities for a variety of purposes, undeterred by notional redlines and international norms,” FireEye noted. “Though they have primarily tapped other tracked suspected North Korean teams to carry out the most aggressive actions, APT37 is an additional tool available to the regime, perhaps even desirable for its relative obscurity. We anticipate APT37 will be leveraged more and more in previously unfamiliar roles and regions, especially as pressure mounts on their sponsor.

----------


## harrybarracuda

I hope you've all got a long and complex TD password.....






> An extraordinary 43 per cent of all attempted online account logins are malicious, Akamai claims in its latest internet security report.
> "Credential abuse" is an increasingly popular line of attack, thanks in large part to the readily availability of huge user/password databases that has been stolen and are sold online.
> Akamai identifies two main types of such attacks: "bursty, high-speed login attempts" to break into people's accounts, and "low and slow attempts to avoid apprehension by spreading login tries across longer time periods," again to gain unauthorized access to profiles and systems.
> The web hosting giant even reckons it may be underestimating the problem because it only gathered data from websites that use an email address as a username, which included no less than six billion login attempts over two months. Banks typically require you to select a username rather than an email and are often the most persistent focus of attackers attention, for obvious reasons, so are likely missing from this dataset.
> In addition to detailing credential abuse, Akamai's quarterly State of the Net report, out this week, identifies mobile devices, the internet of things, and APIs as the biggest, and somewhat bleeding obvious, new threats to online security.
> API attacks more than doubled in the last quarter, we're told. Akamai has also noticed a new trend in miscreants breaking into systems in order to use their computing power for activities including mining cryptocurrencies, rather than simply stealing information.
> "We are seeing a new trend of enterprise systems being targeted, not only to steal their data, but to steal their computing resources, perhaps driven in part by the rise of cryptocurrencies and the potential value of mining resources," the report notes.

----------


## harrybarracuda

This made me laugh.

Fucking Nazis complaining because Twitter deleted all their fake Russian followers!

 :rofl: 

https://gizmodo.com/conservative-twi...ers-1823185428

----------


## harrybarracuda

*Allentown Struggles with $1 Million Cyber-Attack*
The city of Allentown, Pennsylvania, is struggling to remediate a malware attack that could cost nearly $1 million to mitigate.
According to local paper _The Morning Call_, the city’s critical systems have been hit by the malware known as Emotet, impacting both financial and public safety operations, according to Mayor Ed Pawlowski. Allentown’s finance department can’t complete any external banking transactions, the city’s 185 surveillance cameras are impacted and the police department can’t access Pennsylvania State Police databases, Pawlowski said.
Emotet spread like wildfire around the city’s networks, self-replicating (Emotet can spread itself to other systems by stealing an address book from a computer on the network) and harvesting city employees’ credentials along the way. There’s an intimation that phishing was the initial infection vector: Pawlowski warned city residents not to open emails and attachments from city employees. In the past Emotet has been spread via weaponized Microsoft Word documents.
The virus impacted all city systems that run Microsoft, so the city has hired Microsoft engineers to handle emergency response to the crisis for an initial $185,000. Though the virus has now been contained, Pawlowski said it will cost $800,000 to $900,000 to fully remediate the damage.
Further details remain shadowy.
“I’m not trying to in any way shape or form hide anything from the public,” Pawlowski told the city council. “But we just don’t want to divulge how we’re aggressively attacking this because if it is a hacker, they can always modify their attack.”
“Shame on us for doing a disservice to our intelligence community,” said Allentown IT director Matthew Leibert, chastising the council for holding an open hearing on the incident, given that there’s an ongoing criminal investigation into where the virus came from.
Pawlowski also said the virus evaded the city’s “extensive” antivirus and firewall systems.
“This particular virus actually is unlike any other virus,” he said. “It has intelligence built in, so it keeps adapting to our systems, thus evading any firewalls that we have up.”
Emotet first emerged in 2014 as a Trojan designed to steal banking credentials from targets in Austria and Germany. It searches the targeted system for sensitive information that will be exfiltrated to the command-and-control (C2) servers under the attackers’ control. The attacker can then sell the information harvested or log into the account themselves to steal more information.
Starting late last year, the malware began spreading beyond financial targets and into the US and other arenas, while adding new capabilities, including a new dropper, sandbox awareness and anti-analysis capabilities.

https://www.infosecurity-magazine.co...ith-1-million/

----------


## baldrick

^ obviously they did not seperate their networks via VPNs and some numbnut has connected his latest aliexpress IoT device

----------


## bsnub

> the city’s 185 surveillance cameras are impacted and the police department can’t access Pennsylvania State Police databases


Good! Fuck that city! They got what they deserved.

----------


## harrybarracuda

> ^ obviously they did not seperate their networks via VPNs and some numbnut has connected his latest aliexpress IoT device



..... Or not.




> Emotet can spread itself to other systems by stealing an address book from a computer on the network) and harvesting city employees’ credentials along the way. There’s an intimation that phishing was the initial infection vector: Pawlowski warned city residents not to open emails and attachments from city employees.

----------


## harrybarracuda

*Security flaw in uTorrent allows hackers remote access*

on Thursday, February 22, 2018 |


Tavis Ormandy, a vulnerability researcher at Google and a part of Google Project Zero, a team of security analysts specializing in finding zero-day vulnerabilities, revealed on Wednesday a vulnerability in BitTorrent’s uTorrent Windows and web client that allows hackers to either plant malware on the user’s computer or see their download activity.

Google Project Zero published their research once the 90-day window that it gave to uTorrent to fix the flaw before publicly disclosing it was over.

According to Ormandy, the flaws are easy to exploit and make it possible for hackers to remotely access downloaded files or download malware on their computers using the random token generated upon authentication.

He reported on Twitter that the initial fix that BitTorrent rolled out seemed to only generate a second token, which did not fix the flaw and said, “you just have to fetch that token as well.”






> ✔@taviso
> 
> 
> 
> Hmm, it looks like BitTorrent just added a second token to uTorrent Web. That does not solve the DNS rebinding issue, it just broke my exploit. 
> 12:08 AM - Feb 21, 2018




BitTorrent issued a statement on Wednesday regarding the issue:

On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and BitTorrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user’s consent (e.g. adding a torrent).

Security flaw in uTorrent allows hackers remote access - E Hacking News

----------


## harrybarracuda

*Intel releases Spectre 2 microcode updates for Kaby Lake, Coffee Lake, Skylake*Intel has released to OEMs a new set of Spectre firmware updates. They include microcode for Kaby Lake, Coffee Lake, and Skylake processors.


“This represents our 6th, 7th, and 8th Generation Intel Core product lines as well as our latest Intel Core X-series processor family. It also includes our recently announced Intel Xeon Scalable and Intel Xeon D processors for data center systems,” Navin Shenoy, general manager of the Data Center Group at Intel Corporation, pointed out.
The release follows that of microcode updates for some Skylake-based platforms in early February, and Intel’s January advice to stop deploying initial firmware updates that addressed Spectre (variant 2) due to a higher than expected incidence of reboots and other unpredictable system behavior.
Shenoy advised users to implement OEM firmware updates as the OEMs release them.
Intel also offers a constantly updated document that offers insight into the current situation regarding Spectre patches, i.e., released microcode. As can be seen, the status of the various updates varies from “planning” and “pre-beta” to “production.”
Microsode updates for older processors using the Broadwell and Haswell cores are still in “beta”.
*Mitigation instead of an update?*Shenoy also noted the existence of a Google-developed mitigation technique for Variant 2 called Retpoline.
“‘Retpoline’ sequences are a software construct which allow indirect branches to be isolated from speculative execution. This may be applied to protect sensitive binaries (such as operating system or hypervisor implementations) from branch target injection attacks against their indirect branches,” Google explains.
“The name ‘retpoline’ is a portmanteau of ‘return’ and ‘trampoline.’ It is a trampoline construct constructed using return operations which also figuratively ensures that any associated speculative execution will ‘bounce’ endlessly.”
Intel has provided more information on Retpoline in a newly published white paper.

https://www.helpnetsecurity.com/2018...ocode-updates/

----------


## harrybarracuda

Google Chrome ALERT - Password stealing malware hits ‘thousands’ of PCs, are YOU affected?


GOOGLE Chrome users have been put on alert about a strain of password stealing malware.
By DION DASSANAYAKE
PUBLISHED: 08:01, Sat, Feb 24, 2018




Google Chrome fans are being warned about password stealing malware that could have made its way onto their machines.


Google Chrome is without a doubt the most popular internet browser in the world right now.


NetMarketShare stats for the whole of last year show Google Chrome as having a staggering 58.90 per cent chunk of the internet browser marketplace.


Its nearest rival, Mozilla’s FireFox, has a 13.29 per cent share while Internet Explorer is on 13 per cent.


Microsoft’s newer Edge browser, which is bundled in with Windows 10, lags behind with a 3.78 per cent market share.


These stats underline how Chrome’s crown as the world’s most popular internet browser is undisputed.


And fans of Google Chrome have been put on alert about a strain of password stealing malware.


However, the way the malware may have been distributed onto Google Chrome users’ machines could leave them stunned.


The malware warning first emerged on Reddit, with user crankyrecursion making the discovery.


They claimed to have found a suspicious file hidden away on an add-on installer for a flight-simulator.


FlightSimLabs (or FSLabs) make add-ons for the hugely popular Microsoft Flight Simulator.


And they were accused by the Reddit user of adding a file called ‘test.exe’, which is allegedly a password stealer, to their A320X add-on installer.


Andrew Mabbitt, founder of cybersecurity company Fidus Information Security, also flagged the issue to Motherboard.


Mabbitt said he scanned the file through malware search engine VirusTotal, and it was flagged up by a number of anti-virus products as malicious.


He said: “When run, the programme extracts all saved usernames and passwords from the Chrome browser and appears to send them to FSLabs.


“This is by far one of the most extreme, and bizarre, methods of Digital Rights Management (DRM) we've ever seen.”


Founder and owner of FSLabs Lefteris Kalamaras took to the flight simulator’s forums to speak out about the malware claims.


He said: “First of all—there are no tools used to reveal any sensitive information of any customer who has legitimately purchased our products.


“We all realise that you put a lot of trust in our products and this would be contrary to what we believe.


“There is a specific method used against specific serial numbers that have been identified as pirate copies and have been making the rounds on ThePirateBay, RuTracker and other such malicious sites.”


Google Chrome users have been warned the malware could have reached 'thousands' of PCs


Kalamaras explained the installer would check whether a user entered in a serial number that had previously been identified as one used by pirates.


If a serial number was entered that matched one that had been flagged up, then the Chrome password dump tool would kick in.


Kalamaras said this was only meant to target specific pirates that were trying to bypass its DRM (digital rights management) system.


He added: “Test.exe is part of the DRM and is only targeted against specific pirate copies of copyrighted software obtained illegally.


“That programme is only extracted temporarily and is never under any circumstances used in legitimate copies of the product.


“The only reason why this file would be detected after the installation completes is only if it was used with a pirate serial number (not blacklisted numbers).”


Kalamaras admitted his firm’s approach to DRM was “overly heavy-handed” and a new installer has been released without the Text.exe file.


He wrote: ”We have already replaced the installer in question and can only promise you that we will do everything in our power to rectify the issue with those who feel offended, as well as never use any such heavy-handed approach in the future.


“Once again, we humbly apologise."


However, cybersecurity expert Mabbitt told ZDNet that what had been done was “incomprehensible”.


He also said the malware itself, while not activated, would have been “dropped on every single PC it [the FSLabs software] was installed on”.


He said: "Their statement is more a personal justification of what they've done, and they're not comprehending what exactly they just did.


“The fact is they dropped malware on [potentially] thousands of machines, secretly, in an attempt to gather information on a single target.


"Regardless if the target in question was pirated copies of the game or not, dumping their Chrome usernames/passwords and siphoning them off, insecurely too, to servers under their control is incomprehensible.


"They've noted they knew what serials the pirate was using. Surely, the logical next step was simply to blacklist those serials and prevent them from being used."

https://www.express.co.uk/life-style...alware-warning

----------


## harrybarracuda

*AutoSploit: Making Massive Cyber Attacks Too Easy?*
he introduction on January 30th of AutoSploit, a self-described "automated mass exploiter" that makes it disturbingly easy for less technical hackers to launch cyber attacks, caused some panic in the security community.
The tool leverages the Shodan search engine to find potential targets, and can provide targets in response to search terms. "After [the search] operation has been completed the 'Exploit' component of the program will go about the business of attempting to exploit these targets by running a series of Metasploit modules against them," AutoSploit author VectorSEC wrote.
In an analysis of the tool, Rapid7 research director Tod Beardsley noted that AutoSploit "doesn't appear to offer any mechanism to assess and exploit targets that _aren't_ picked essentially at random."
"In the end, I can't figure out how to use Autosploit.py in a way that isn't merely a random act of vandalism," Beardsley added. "As a user, I have little to no control over target selection, which means I am necessarily going to cause headaches and harm to innocent bystanders."

In response, VectorSEC tweeted, "Don't worry guys. The new version will have an option included that will allow the user to select a custom list of targets."
Regardless, it's worth questioning how much of a threat AutoSploit presents on its own. British security architect Kevin Beaumont suggested, "If anybody is concerned about this, your threat model collapses at kids being bored running python scripts."
*An opportunity for script kiddies*Still, AutoSploit could provide a less skilled attacker with an unprecedented amount of power. Stephanie Weagle, vice president of Corero, told _eSecurity Planet_ by email that AutoSploit "provides an unending opportunity for cybercriminals and script kiddies to hijack vulnerable devices and subsequently launch attacks against online organizations with ease."
And Weagle said companies have to respond. "It is now imperative for organizations to implement a next generation Internet gateway that includes a DDoS layer of security to immediately detect and mitigate DDoS attacks," she said. "Without this DDoS mitigation layer, companies who are hit with a DDoS attack could face significant loss of revenues and reputation due to outages."
At the same time, Plixer director of strategic relationships and marketing Bob Noel said it's important to remember that AutoSploit doesn't introduce anything new in terms of malicious code or attack vectors. "What it does present is an opportunity for those who are less technically adept to use this tool to cause substantial damage," he said.
Ultimately, Noel said, AutoSploit expands the threat landscape by allowing a wider range of people to launch major attacks. "It also demonstrates that it is impossible for organizations to prevent all cyber attacks, and this should act as a wake-up call to invest in incident response technologies, people and best security practices," he said.
But Synopsys vice president of security technology Gary McGraw cautioned against overreacting to the news. "Tools for improving computer security can also be used to do bad things," he said. "Try to do good things with them."
"Oh, and fix the broken software," he added. "Really."

https://www.esecurityplanet.com/thre...-too-easy.html

----------


## harrybarracuda

Some interesting facts in a report about Phishing:




> The company based the report on data from tens of millions of simulated phishing attacks, and they found that:
> 
> Personalized phishing tests (personalized email address, first name or last name) are no more effective than non-personalized ones.End users are most likely to report suspicious emails in the middle of the week.The topics and themes that are most tempting to end users are “online shopping security updates,” “corporate voicemail from an unknown caller,” and “corporate email improvements.”Two simulated phishing templates had a near 100% click rate: one that masqueraded as a database password reset alert, and another that claimed to include an updated building evacuation plan.Organizations in the telecommunications, retail, consumer goods, government, and hospitality industries have, on average, the worst click rate (15% to 13%), while those in the energy, finance, transportation and defense industrial base industries have the best (8% to 3%).



https://www.helpnetsecurity.com/2018/02/23/phishing-messages/

----------


## harrybarracuda

*German government confirms hackers blitzkrieged its servers to steal data**Probably-Russian Fancy Bear team fingered for attack*By Iain Thomson in San Francisco 1 Mar 2018 at 06:03]


The German Interior ministry has confirmed that it has identified a serious attack against its servers, amidst reports that the culprits were the Russian APT28 – aka Fancy Bear – hacking group.
On Wednesday local news site DPA International reported that the German government discovered a serious intrusion into its servers in December 2017. The attack is thought to have seen data exfiltrated for up to a year before its discovery.
Johannes Dimroth, a spokesman for the ministry, confirmed that "government information technology and networks," had been affected by an intrusion. "The incident is being treated as a high priority and with substantial resources," he said.
Fancy Bear has been active for at least a decade. Its activities have often non-Russian government targets. The group was fingered for the Democratic National Committee hack ahead of the 2017 US Presidential election, attacks during the 2017 French election, brazen rummaging in Finnish security forces' servers and even attacks on the sports doping authorities.
In December 2016 Germany's Federal Office for the Protection of the Constitution took the unusual step of issuing a public warning about hacking ahead of national elections in September 2017. That warning named Russia as the likely culprit.
Russia has always denied that it has anything to do with Fancy Bear, but the types of malware used, the software and coding styles, and its choice of targets suggest that Putin and his pals might have Fancy Bear dancing to their tune.
This latest attack on Germany will not serve to warm relations between these two historical enemies. With Russia looking to take an increasingly muscular role in European affairs, hopefully such conflicts will not leave the online realm. ®

https://www.theregister.co.uk/2018/0...to_steal_data/

----------


## harrybarracuda

In a major win for US law enforcement, Israeli cyber forensics firm, Cellebrite, which is a major government contractor, claims to have found a way to break into any iPhone in the market. The company says that it can get around the security of devices running from iOS 5 to iOS 11.


The company is allegedly actively advertising to law enforcement and private forensics from across the globe.


This reportedly includes the iPhone X, which Forbes reported had been successfully breached by the Department of Homeland Security in November 2017 with suspected involvement of Cellebrite technology.


The reporter was able to dig up a warrant for the same, which notes that the department’s Cellebrite specialist performed a “forensic extraction” in December, although the exact method of unlocking the iPhone is not mentioned.


Apple has repeatedly refused to help law enforcement agencies break into iPhones, stating the need its customers’ privacy. This decision has often led to clashes between the two.


In the past, there have been various cases when law enforcement called upon Apple to provide a way to unlock the iPhones to access necessary information, even going so far as to obtain a court order to help disable to PIN feature. However, Apple has always refused.


If Cellebrite has indeed found a way to hack into iPhones, it could lead to a major change in their interactions.

Israeli company says it can break into any iPhone ? and can help law do the same - E Hacking News

----------


## david44

Certainly won't do their stocks any harm .

----------


## harrybarracuda

*Microsoft Resumes Issuing Windows Patches to Fix Meltdown, Spectre*By: Pedro Hernandez| March 02, 2018

Microsoft has resumed issuing patches to fix Meltdown and Spectre CPU vulnerabilities in PC CPUs after the software giant and its hardware partners have had time to evaluate the best ways fix what proved to be a complex cyber-security problem.
Like most major software vendors, Microsoft rushed to update its Windows operating systems after the software giant was notified of the vulnerabilities in modern-day computer processors.
That’s because it was clear after the vulnerabilities were disclosed in early days of 2018 that they can undermine some of the most fundamental data protection mechanisms found in today's CPUs, including those from Intel, Advanced Micro Devices (AMD) and Arm.

Meltdown and Spectre essentially dissolve the barriers that prevent applications and attackers from arbitrarily accessing system memory. If exploited, the flaws could potentially allow attackers and malicious software to access memory locations that are ordinarily off limits, exposing sensitive information.
Although few Meltdown- and Spectre-based attacks have been detected so far, the risk posed by flaws have the IT industry on high alert and still dealing with the fallout. Microsoft released an emergency patch for Windows in January to reverse an earlier microcode patch from Intel that caused instability in some systems with Broadwell and Haswell processors.
Now, Microsoft is taking a more cautious approach to issuing Windows patches that touch both the operating system and any Intel-based hardware it runs on.
"While firmware (microcode) security updates are not yet broadly available, Intel recently announced that they have completed their validations and started to release microcode for newer CPU platforms," wrote John Cable, director of Program Management, Windows Servicing and Delivery, at Microsoft in a March 1 blog post.
"Today, Microsoft will make available Intel microcode updates, initially for some Skylake devices running the most broadly installed version of Windows 10—the Windows 10 Fall Creators Update—through the Microsoft Update Catalog, KB4090007."
First introduced in 2015, Skylake is the codename of Intel's sixth-generation Core processors. According to the support document pertaining to KB4090007, the patch will target the Skylake H and S processors for notebooks and desktops, along with power-sipping Intel Core m processors, Skylake U/Y and U23e chips. The patch applies to version 1709 of Windows 10 and the Datacenter and Standard editions of Windows Server.
Of course, Microsoft is just one of several operating system makers that have had to issues fixes for Meltdown and Spectre.
On Jan. 28, and a little later than usual, Linus Torvalds released Linux 4.15 with patches addressing the CPU flaws. In his release announcement, he acknowledged that the process for releasing the new Linux kernel "was not a pleasant release cycle, with the whole Meltdown/Spectre thing coming in in the middle of the cycle."
A day later, Apple announced it had released a series of updates for various macOS operating systems and other software, including macOS Sierra, High Sierra, El Capitan, iOS and the Safari browser on select versions of macOS.
Google, whose Project Zero cyber-security research unit had a hand in unearthing the CPU vulnerabilities, was quick to address them across its product portfolio, including Android and Chrome OS, the company revealed on Jan. 3.

Microsoft Adds Intel Firmware Fix to Meltdown and Spectre Patch

----------


## harrybarracuda

Time to update Adobe Flash Player if you have it.




> Cybercriminals are leveraging a recently patched critical Adobe Flash Player vulnerability in a massive spam campaign targeting unpatched computers.
> According to cybersecurity firm Morphisec, cybercriminals are blasting spam messages that urge recipients to click a link to download a Word document. And when a victim opens the document and enables macros, malware attempts to exploit an Adobe Flash Player bug (CVE-2018-4878) patched by Adobe earlier this month. Victims who fall for the ploy could ultimately hand over control of their systems to an attacker, according to researchers.
> Adobe classified the bug as critical, describing it as a use-after-free vulnerability impacting its Adobe Flash Player running on Windows 10, macOS, Linux and Chrome OS  systems. The flaw was originally found by the South Korean Computer Emergency Response Team on Jan. 31 and identified as a Flash SWF file embedded in Microsoft Word and Excel documents.
> 
> 
> Michael Gorelik, chief technology officer and vice president of Research and Development at Morphisec, said that as part of the recent spam campaign victims were sent emails with short links to the malicious Word documents for download. He added, the malicious attachments were able to, for the most part, circumvent AV protection – showing a low detection ratio on VirusTotal.
> “After downloading and opening the Word document, the attack exploits the Flash vulnerability 2018-4878 and opens a (command prompt) which is later remotely injected with a malicious shellcode that connects back to a malicious (C2) domain,” Gorelik wrote in a technical write-up outlining the attacks. “The next step, the shellcode downloads a ‘m.db’ dll from the same domain, which is executed using regsvr32 process in order to be able to bypass whitelisting solutions.”
> A regsvr32 (Microsoft Register Server) process is a command-line utility that is part of the Windows OS and is used for registering and unregistering DLLs and ActiveX controls within the context of the Windows Registry.
> Researchers said the analytics for the short links used in the email spam campaign shows the same pattern as a legitimate email campaigns, making them hard to detect. “Clickthroughs spike in the first couple of hours after emails are sent. Signature-based defenses, like antiviruses, cannot cope with this pace,” Gorelik wrote.
> ...

----------


## harrybarracuda

*Microsoft starts releasing Microcode patches for certain processors to fix Spectre.*

The Knowledgebase page is:

https://support.microsoft.com/en-us/...rocode-updates

At present there are only a couple on it, but the list will be amended as new fixes arrive.

If you're not sure what your processor is, then I would try this (Windows):

https://www.cpuid.com/softwares/cpu-z.html

----------


## baldrick

> If you're not sure what your processor is


if you're not sure what a processor is - have another beer

----------


## Latindancer

Belarc Advisor is telling me that I have a 2.67 Gigahertz Intel Core Quad Q9450. 

Is Q9450 the ID ? 

And I should wait and check that website to see if a patch is made ?

----------


## harrybarracuda

> Belarc Advisor is telling me that I have a 2.67 Gigahertz Intel Core Quad Q9450. 
> 
> Is Q9450 the ID ? 
> 
> And I should wait and check that website to see if a patch is made ?


Fuck knows.

----------


## baldrick

It is about 10 years old and is affected by spectre 

Doubt you will get any sort of patch. No chance of firmware 
Maybe Windows updates are your only chance

----------


## harrybarracuda

Malware was discovered on point of sales systems at more than 160 Applebees restaurants, exposing credit card information from unknowing diners.

RMH Franchise Holdings, which owns and operates more than 160 Applebees stores across the U.S., said that it recently discovered malware infecting its point of sale systems (POS). The malware may have enabled hackers to steal certain guests names, credit or debit card numbers, expiration dates and card verification codes processed during limited time periods.

Stores were impacted on varying dates, with most POS systems first hit in either November or December 2017 until January, according to RMHs website.

RMH believes that unauthorized software placed on the point-of-sale system at certain RMH-owned and -operated Applebees restaurants was designed to capture payment card information and may have affected a limited number of purchases made at those locations, the company said in a statement.

Upon learning of a potential incident, RMH told Threatpost it promptly launched an investigation, obtained the help of leading cyber security forensics firms, and reported the matter to law enforcement.

Due to existing security measures that were already in place at RMH, the incident had been contained by the time that it was discovered on February 13, 2018, an RMH spokesperson told Threatpost.

RMH said it operates its point-of-sale systems isolated from the broader Applebees network, and this notice applies only to RMH-owned Applebees restaurants. The company did not respond to a question asking what type of POS device or malware was used in its Applebees stores targeted in the attack.

POS malware is a growing menace for retailers in the hospitality industry. Most recently, in January, fashion retailer Forever 21 revealed that malware had sat on certain POS terminals for almost eight months in its stores, allowing hackers steal consumer credit card data from the company.

Other impacted companies in 2017 include Intercontinental Group, which said its payment card systems in 12 of its hotels had been breached. The Hard Rock Hotels and Casinos franchise also was stung by POS malware that managed to infect the chains inventory management SaaS application.

Were seeing more of these types of breaches happening its an industry wide problem as more retailers look to an ecosystem of providers to bring in third party systems like point of sale and inventory management solutions, Fred Kneip, CEO of security firm CyberGRX told Threatpost. As of today a lot of stores are playing catch up with security, and it can take months or years to realize that compromises have happened on third party systems.

In a statement, RMH urged customers to monitor their bankcard statements. But the ultimate security safeguards against POS malware must come from retailers themselves, Kneip said.

Chain restaurants not only need a real-time feed of threats emanating from vendors to mitigate malicious access to their networks, they need to measure and monitor how other third parties like franchisees and divisions are managing this type of risk, he said.

https://threatpost.com/pos-malware-f...ations/130281/

----------


## harrybarracuda

An interesting one. I always turn Cortana off, but mainly because I find it as irritating as that fucking paper clip.





> *Researchers Bypassed Windows Password Locks With Cortana Voice Commands*
> 
> *Two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana.*
> 
> One of the most basic steps a computer user can take to secure their system against someone with physical access to it is to configure it to password-lock after an interval of inactivity. This prevents nosy office colleagues and Starbucks patrons from peering at your screen when you step away, and also helps protect against most "evil maid" attacks—where a malicious hotel worker, airport security agent, or someone else with brief access to your machine plugs a malicious USB stick into it to implant spyware.
> 
> But two independent Israeli researchers found a way for an attacker to bypass the lock protection on Windows machines and install malware by using voice commands directed at Cortana, the multi-language, voice-commanded virtual assistant that comes embedded in Windows 10 desktop and mobile operating systems.
> 
> Tal Be'ery and Amichai Shulman found that the always-listening Cortana agent responds to some voice commands even when computers are asleep and locked, allowing someone with physical access to plug a USB with a network adapter into the computer, then verbally instruct Cortana to launch the computer's browser and go to a web address that does not use https—that is, a web address that does not encrypt traffic between a user's machine and the website. The attacker's malicious network adapter then intercepts the web session to send the computer to a malicious site instead, where malware downloads to the machine, all while the computer owner believes his or her machine is protected.
> ...

----------


## harrybarracuda

Paying off a ransomware demand is a great way to end up losing both your money and your files.


This according a study from security company CyberEdge, which found that for those hit by a ransomware infection the best bet is probably to just restore from a backup. The survey, based on a poll of information security professionals, found that less than half of those who pay a ransom demand end up getting their data back.

The report says that 55 per cent of the people it surveyed reported a malware infection hitting their systems in 2017. Spain had the highest rate, with 80 per cent of respondents reporting malware, followed by companies in China (74 per cent) and Mexico (71.9 per cent.) In the US, 53.8 per cent of respondents were hit by ransomware, while slightly under half of those in the UK, 49.5 per cent, were hit.

Overall, 72.4 per cent of those who were infected with ransomware were able to get their data back. Most of those, however, were companies that simply ignored the ransom demands, then restored their systems with uninfected backup copies. The study found that 86.9 per cent of those who refused to pay the demand ended up recovering their data.

Of those who caved to the demand and paid the ransom, 49.4 per cent said they could recover their data, while 50.6 ended up losing it anyway. The not-so-shocking conclusion is that criminals don't always stay true to their word.

"It's like flipping a coin twice consecutively – once to determine if your organization will be victimized by ransomware, and then, if you decide to pay the ransom, flip it again to determine if you'll get your data back," CyberEdge says.

"The clear lesson here is the critical importance of maintaining up-to-date offline backups."

There is some good news to be had in the report, at least. CyberEdge notes that, for the first time in the five years it has been doing the annual report, the number of respondents reporting at least one attack was down (from 79.2 per cent to 77.2) and the number of companies that were frequently attacked, more than six times in a year, was also down.

"Perhaps this is more evidence that IT security has finally stopped the bleeding of rising cyberattacks," CyberEdge says.

We can only hope so. ®

https://www.theregister.co.uk/2018/0...ir_files_back/

----------


## harrybarracuda

Now it's AMD's turn....




> *What happened?*13 Critical Security Vulnerabilities and Manufacturer Backdoors discovered throughout AMD Ryzen & EPYC product lines.
> 
> 
> *Am I affected?*Any consumer or organization purchasing AMD Servers, Workstations, or Laptops are affected by these vulnerabilities.
> 
> 
> *What is this site for?*This site is to inform the public about the vulnerabilities and call upon AMD and the security community to fix the vulnerable products.
> 
> https://amdflaws.com/

----------


## harrybarracuda

As part of Patch Tuesday, Microsoft today released a patch for CVE-2018-0886, a remote code execution vulnerability in the company's authentication processing Credential Security Support Provider (CredSSP) protocol, which is used by Remote Desktop Protocol (RDP) and Windows Remote Management (WinRM).

The flaw could allow an attacker to steal user credentials and execute code on a target system.

"Any application that depends on CredSSP for authentication may be vulnerable to this type of attack," Microsoft warned.

To mitigate the threat, Microsoft is urging admins to enable Group Policy systems on their systems and update all Remote Desktop clients. "We recommend that administrators apply the policy and set it to 'Force updated clients' or 'Mitigated' on client and server computers as soon as possible," the company advised. "These changes will require a reboot of the affected systems."

The vulnerability also highlights the importance of patch management systems.
*
Broad exposure*

The vulnerability was first uncovered by Preempt Security researchers, who noted that it affects all versions of Windows.

"In terms of the vastness of this issue, we can note that RDP is the most popular application to perform remote logins," Preempt lead security researcher Yaron Zinar wrote in a blog post. "To further highlight this, in Preempt internal research we found that almost all enterprise customers are using RDP, making them vulnerable to this issue."

Zinar noted that blocking the relevant application ports/service (RDP, DCE/RPC) would block the attack. "It is recommended to apply the proper network segmentation policy and block unnecessary ports/services," he wrote.

Similarly, the attack relies on privileged users using their credentials to perform IT operations. "In order to better protect your network, you should reduce privileged account usage as much as possible and use non-privileged accounts whenever applicable," Zinar added.

The researchers plan to demonstrate the attack next week at Black Hat Asia 2018.
*
Limiting access*

Nathan Wenzler, chief security strategist at AsTech, told _eSecurity Planet_ by email that vulnerabilities like these serve as yet another example of how dangerous it can be to rely on security or admin tools without locking them down with hardened configurations.
"Of course, Microsoft has an obligation to ensure the vulnerability is fixed, which they're doing, but it's imperative that admins and security practitioners are doing more to reduce the amount of privileged access their administrators possess, that tools such as RDP are disabled if they're not being used, and doing whatever else they can to limit the amount of administrator-level exposure that an attacker might be able to compromise anywhere along the chain and then use to wreak havoc on the rest of the network," Wenzler said.

Still, Vectra head of security analytics Chris Morales noted that several variables have to be right for this attack to succeed. "Most importantly, the attacker needs to already be on the network and in a position between the clients and servers," he said. "If an attacker is already that deep in the network, there are many other things they could do scope out a network, find authentication accounts and compromise a server."

As a result, Morales suggested, this threat might be best classified as an internal reconnaissance activity, one of many that an attacker might use. "As long as a company is properly monitoring their internal environment for attacker behaviors, and can correlate this type of behavior with other attacker behaviors, they should have sufficient visibility to detect and respond to this type of reconnaissance behavior," he said.

https://www.esecurityplanet.com/thre...erability.html

----------


## harrybarracuda

Security researchers have discovered a massive continuously growing malware campaign that has already infected nearly 5 million mobile devices worldwide.

Dubbed RottenSys, the malware that disguised as a 'System Wi-Fi service' app came pre-installed on millions of brand new smartphones manufactured by Honor, Huawei, Xiaomi, OPPO, Vivo, Samsung and GIONEE—added somewhere along the supply chain.

All these affected devices were shipped through Tian Pai, a Hangzhou-based mobile phone distributor, but researchers are not sure if the company has direct involvement in this campaign.





According to Check Point Mobile Security Team, who uncovered this campaign, RottenSys is an advanced piece of malware that doesn't provide any secure Wi-Fi related service but takes almost all sensitive Android permissions to enable its malicious activities.
"According to our findings, the RottenSys malware began propagating in September 2016. By March 12, 2018, 4,964,460 devices were infected by RottenSys," researchers said.To evade detection, the fake System Wi-Fi service app comes initially with no malicious component and doesn’t immediately start any malicious activity.

Instead, RottenSys has been designed to communicate with its command-and-control servers to get the list of required components, which contain the actual malicious code.

RottenSys then downloads and installs each of them accordingly, using the "DOWNLOAD_WITHOUT_NOTIFICATION" permission that does not require any user interaction.

*Hackers Earned $115,000 in Just Last 10 Days*
At this moment, the massive malware campaign pushes an adware component to all infected devices that aggressively displays advertisements on the device’s home screen, as pop-up windows or full-screen ads to generate fraudulent ad-revenues.
"RottenSys is an extremely aggressive ad network. In the past 10 days alone, it popped aggressive ads 13,250,756 times (called impressions in the ad industry), and 548,822 of which were translated into ad clicks," researchers said.According to the CheckPoint researchers, the malware has made its authors more than $115,000 in the last 10 days alone, but the attackers are up to "something far more damaging than simply displaying uninvited advertisements."



Since RottenSys has been designed to download and install any new components from its C&C server, attackers can easily weaponize or take full control over millions of infected devices.

The investigation also disclosed some evidence that the RottenSys attackers have already started turning millions of those infected devices into a massive botnet network.

Some infected devices have been found installing a new RottenSys component that gives attackers more extensive abilities, including silently installing additional apps and UI automation.
"Interestingly, a part of the controlling mechanism of the botnet is implemented in Lua scripts. Without intervention, the attackers could re-use their existing malware distribution channel and soon grasp control over millions of devices," researchers noted.This is not the first time when CheckPoint researchers found top-notch brands affected with the supply chain attack.

Last year, the firm found smartphone belonging to Samsung, LG, Xiaomi, Asus, Nexus, Oppo, and Lenovo, infected with two pieces of pre-installed malware (Loki Trojan and SLocker mobile ransomware) designed to spy on users.

*How to Detect and Remove Android Malware?*
To check if your device is being infected with this malware, go to Android system settings→ App Manager, and then look for the following possible malware package names:


com.android.yellowcalendarz (每日黄历)com.changmi.launcher (畅米桌面)com.android.services.securewifi (系统WIFI服务)com.system.service.zdsgt
If any of above is in the list of your installed apps, simply uninstall it.

https://thehackernews.com/2018/03/android-botnet-malware.html

----------


## fishlocker

Woke up to this bit of click bait. I was ready to sell all until I read the full article. 



Forbes Now: Russia Hacks Into U.S. Nuclear Power Plants. http://google.com/newsstand/s/CBIwgPTj9zc

----------


## fishlocker

I recall working the night of the y2k scare. Pretty normal night, we watched Cheeters at 2300 as usual while the clock ticked away. Then more waiting. Nothing happened at 00:00 as usual.

----------


## harrybarracuda

> Woke up to this bit of click bait. I was ready to sell all until I read the full article. 
> 
> 
> 
> Forbes Now: Russia Hacks Into U.S. Nuclear Power Plants. http://google.com/newsstand/s/CBIwgPTj9zc


It's real enough:

https://www.us-cert.gov/ncas/alerts/TA18-074A

----------


## harrybarracuda

The City of Atlanta is the latest victim of a large-scale ransomware attack, though it could have been worse without the cloud, according Atlanta's chief information officer. 

On March 22, Atlanta Mayor Keisha Bottoms, confirmed that a ransomware attack had occurred against IT systems operated by the city of Atlanta, with attackers demanding payment of approximately $51,000 ransom in Bitcoin to release the impacted systems.

"The City of Atlanta is currently experiencing outages on various customer facing applications, including some that customers may use to pay bills or access court-related information," Atlanta city officials wrote in a Twitter message.

"Our information management team is working with the FBI, Homeland Security and also external partners from Microsoft and Cisco cyber-security incident response teams to help resolve this issue," Atlanta Mayor Bottoms said in a press conference on March 22.

In a ransomware attack, malware is somehow loaded onto a system, that attempts to encrypt all the data on victimized system. The victim is then presented with a demand, or ransom message, for payment in order to get the decryption key to restore data.  Ransomware attacks have taken aim at U.S cities and infrastructure in the past, including a November 2016 attack against the San Francisco transit system.

City of Atlanta Chief Operating Officer Richard Cox said during a press conference, that at approximately 5:40 AM on March 22, information management officials were made aware of an outage of a number of the city's applications. Cox noted that while several city departments have been impacted, the departments of public safety, water services and airport are operating without incident.

"The City of Atlanta has experience a ransomware cyber-attack. This attack has encrypted some of the city's data, however we're still validating the extent of the compromise," Cox said. 

Cox noted that it's not clear if personal information was compromised in the ransomware attack and as a precaution, he advised city employees to monitor and protect their personal information. He added that the city of Atlanta will offer employees additional resource to protect their personal information as needed in the coming days.
*
Cloud*

During the press conference, Atlanta officials were asked if the ransomware attack was due to missteps or unpatched systems in Atlanta's IT operations. 

"This is not a new issue to the State of Georgia or to our country and we have been taking active measures to mitigate risks," Atlanta Chief Information Officer Daphne Rackley said during the press conference. "Those measures I think have limited the impact in this instance."

In particular, Rackley noted that Atlanta has taken a 'cloud first' strategy where many of the city's systems are being migrated to the cloud, in an effort to provide more robust security controls and availability. Rackely also noted that Atlanta has data backups for the impacted systems.

"We do have backup systems already which will help with restoration as needed," Rackely said. "But we're just at first stage of the investigation and figuring out what to do next."

In any ransomware attack, one of the potential options is for the victim to pay the ransom as demanded by attackers. It's not clear if that option is acceptable to the Atlanta administration.

"We can't speak to that right now," Mayor Bottoms said in response to a press conference question about whether Atlanta will pay the ransom. "We will be looking for guidance from our federal partners on how to navigate the best course of action. Right now we're focused on fixing the issue."

Atlanta CIO Claims Cloud Helped to Mitigate Impact of Ransomware Attack

----------


## harrybarracuda

*AMD Set to Patch 13 Vulnerabilities Disclosed by CTS Labs*By: Sean Michael Kerner | March 21, 2018


After being blindsided by a set of vulnerability reports that were disclosed without giving AMD time to analyze, the silicon vendor has now provided a technical assessment.


CTS Labs caught silicon vendor Advanced Micro Devices off-guard on March 12 when it reported to the company that it had discovered a set of vulnerabilities that impact AMD's EPYC, Ryzen, Ryzen Pro and Ryzen Mobile processors.


Contrary to established best practices in the security industry, CTS Labs only gave AMD 24 hours to respond, publicly disclosing the flaws on March 13. AMD has now had just over a week to analyze the findings, and on March 20 it released an initial technical analysis of the CTS Labs research. The analysis confirms initial reports that the flaws pose limited risk to most end users.

"We believe that each of the issues cited can be mitigated through firmware patches and a standard BIOS update, which we plan to release in the coming weeks," AMD stated in an email sent to eWEEK. "These patches and updates are not expected to impact performance."


The flaws impact AMD's EPYC, Ryzen, Ryzen Pro and Ryzen Mobile processors and have been dubbed Ryzenfall, Masterkey, Fallout and Chimera by CTS Labs. Most of the issues were found with AMD's Secure Processor element that could potentially have enabled attackers to read and write to protected memory.
While AMD did not refute that the vulnerabilities are real, the company did say their impact is somewhat muted given that an attacker would need administrative access to a system.

"It’s important to note that all the issues raised in the research require administrative access to the system, a type of access that effectively grants the user unrestricted access to the system and the right to delete, create or modify any of the folders or files on the computer, as well as change any settings," AMD CTO Mark Papermaster wrote in a blog post. "Any attacker gaining unauthorized administrative access would have a wide range of attacks at their disposal well beyond the exploits identified in this research."

Going a step further, Papermaster noted that there are controls in modern operating systems that provide an additional layer of security that can help to prevent unauthorized administrative access. Even though the issues outlined by CTS Labs require administrative access, AMD is taking the flaws seriously and is now working on firmware patches that will be made available via BIOS updates in the coming weeks.

Disclosure

CTS Labs was broadly criticized in the security community for not giving AMD enough time to respond to its vulnerability reports. Industry best practices for responsible disclosure on vulnerabilities that are not actively being exploited dictate that researchers provide vendors with an appropriate amount of time that can range from 30 to more than 90 days to investigate and respond to flaws. 

In an open letter responding to the criticism about its AMD flaws disclosure, Ilia Luk-Zilberman, CTO of CTS Labs, argued that responsible disclosure doesn't actually work to protect end users. He wrote that with the current model of responsible disclosure, during the initial 30- to 90-day period it's up to the vendor if it wants to alert customers that there is a problem.

"I think that a better way would be to notify the public on day 0 that there are vulnerabilities and what is the impact," Luk-Zilberman wrote. "To notify the public and the vendor together and not to disclose the actual technical details ever unless it's already fixed."


Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

AMD Responds to Vulnerability Allegations, Claims Minimal Impact

----------


## harrybarracuda

*Phishing, malware, and cryptojacking continue to increase in sophistication*


Attackers are constantly trying new ways to get around established defenses. The data, collected throughout 2017 by Webroot, illustrates that attacks such as ransomware are becoming a worldwide threat and are seamlessly bypassing legacy security solutions because organizations are neglecting to patch, update, or replace their current products.

The findings showcase a dangerous, dynamic threat landscape that demands organizations deploy multi-layered defenses that leverage real-time threat intelligence.

*Cryptojacking is gaining traction as a profitable and anonymous attack that requires minimal effort.* Since September 2017, more than 5,000 websites have been compromised with JavaScript cryptocurrency miner CoinHive to mine Monero by hijacking site visitors CPU power.
*
Windows 10 is almost twice as safe as Windows 7.* However, the data reveals that the operating system migration rate for enterprises has been quite slow; Webroot saw only 32 percent of corporate devices running Windows 10 by the end of 2017.
*
Polymorphism, i.e. creating slightly different variants of malicious or unwanted files, has become mainstream.* In 2017, 93 percent of the malware encountered and 95 percent of potentially unwanted applications (PUAs) were only seen on one machine. In these instances, the identifiers are unique and undetectable by traditional signature-based security approaches.
*
Ransomware and its variants became an even more serious threat.* This past year, new and reused ransomware variants were distributed with a variety of purposes. Together, WannaCry and NotPetya infected more than 200,000 machines in over 100 countries within just 24 hours.
*
High-risk IP addresses continue to cycle from malicious to benign and back again.* Webroot saw 10,000 malicious IP addresses reused an average of 18 times each in 2017. The vast majority of malicious IP addresses represent spam sites (65 percent), followed by scanners (19 percent), and Windows exploits (9 percent).
*
Of the hundreds of thousands of new websites created each day in 2017*, 25 percent of URLS were deemed malicious, suspicious, or moderately risky. High-risk URLs fell into two major categories: malware sites (33 percent) and proxy avoidance and anonymizers (40 percent).
*
Phishing attacks are becoming increasingly targeted,* using social engineering and IP masking to achieve greater success. On average, phishing sites were online from four to eight hours, meaning they were designed to evade traditional anti-phishing strategies. Only 62 domains were responsible for 90 percent of the phishing attacks observed in 2017.
*
Mobile devices continue to be a prime target for attackers*  32 percent of mobile apps were found to be malicious. Trojans continue to be the most prevalent form of malicious mobile apps (67 percent), followed by PUAs (20 percent).

Over the past year, news headlines have revealed that attackers are becoming more aggressive and getting extremely creative. Cryptojacking made our threat report for the first time this year as an emerging threat that combines everything an attacker could want: anonymity, ease of deployment, low-risk, and high-reward. Organizations need to use real-time threat intelligence to detect these types of emerging threats and stop attacks before they strike, said Hal Lonas, CTO at Webroot.

https://www.helpnetsecurity.com/2018...cryptojacking/

----------


## david44

Good heads up

How would you know if you've been hijacked for crypto mining ?
Noticeable speed difference?

----------


## harrybarracuda

> Good heads up
> 
> How would you know if you've been hijacked for crypto mining ?
> Noticeable speed difference?



That's the obvious one. But there are browser addons:




> If you don't want to use an ad blocker or just want to specifically block coin mining, there are a handful of extensions available 
> 
> 
> No Coin (Chrome, Firefox, Opera)minerBlock (Chrome, Firefox, Opera)Anti Miner (Chrome)Coin-Hive Blocker (Chrome)

----------


## harrybarracuda

Zuckerberg Bingo! Or just do a shot per hit.

Goes with Zuckerberg's testimony on the hill.

 :Smile:

----------


## harrybarracuda

*Password-free logins are coming to Chrome, Firefox and Edge*

By Cat Ellis 3 hours ago Software 
*
Fingerprints and USB keys are the way forward*

Forget passwords – you'll soon have another way to log into websites that will make your accounts less vulnerable.

Chrome, Firefox and Edge will soon support a new open standard called Web Authentication (WebAuthn). When it's implemented, you'll be able to use a mobile device to verify your identity. This could involve an app, a USB hardware key, or biometric data, and could either serve as an extra form of authentication or replace passwords completely.

This type of authentication makes it much harder for criminals to pull off phishing attacks because there's no consistent line of characters (like a conventional password) that provides access to your accounts.
*
Knock, knock*

Some services, including Google and Facebook, already support multi-factor authentication via a smartphone app or Yubikey device. It's also popular in businesses where security is particularly important, but isn't widely used elsewhere.

Hopefully, that's about to change. WebAuthn is an open standard, which means it's much more accessible to smaller developers that can't afford to invest in their own technology.

The WebAuthn standard is supported by Firefox Beta (version 60.0) and is scheduled for general release in May. It will also appear in Chrome and Edge in the coming months. Apple hasn't revealed when the standard will be supported in Safari, but has committed to it.

https://www.techradar.com/news/passw...refox-and-edge

----------


## harrybarracuda

*2.6 billion records were stolen, lost or exposed worldwide in 2017*

Gemalto released the latest findings of the Breach Level Index, revealing that 2.6 billion records were stolen, lost or exposed worldwide in 2017, an 88% increase from 2016. While data breach incidents decreased by 11%, 2017 was the first year publicly disclosed breaches surpassed more than two billion compromised data records since the Breach Level Index began tracking data breaches in 2013.


Over the past five years, nearly 10 billion records have been lost, stolen or exposed, with an average of five million records compromised every day. Of the 1,765 data breach incidents in 2017, identity theft represented the leading type of data breach, accounting for 69% of all data breaches. Malicious outsiders remained the number one cybersecurity threat last year at 72% of all breach incidents.

Companies in the healthcare, financial services and retail sectors were the primary targets for breaches last year. However, government and educational institutions were not immune to cyber risks in 2017, making up 22% of all breaches.

Based on data breach reports collected in the Breach Level Index, the major 2017 highlights include:

*Human error a major risk management and security issue:* 

Accidental loss, consisting of improper disposal of records, misconfigured databases and other unintended security issues, caused 1.9 billion records to be exposed. A dramatic 580% increase in the number of compromised records from 2016.

*Identity theft is still the number one type of data breach:* 

Identity theft was 69% of all data breach incidents. Over 600 million records were impacted resulting in a 73% increase from 2016.

*Internal threats are increasing:* 

The number of malicious insider incidents decreased slightly. However, the amount of records stolen increased to 30 million, a 117% increase from 2016.

*What a nuisance:* 

The number of records breached in nuisance type attacks increased by 560% from 2016. The Breach Level Index defines a data breach as a nuisance when the compromised data includes basic information such as name, address and/or phone number. The larger ramification of this type of breach is often unknown, as hackers use this data to orchestrate other attacks.

The manipulation of data or data integrity attacks pose an arguably more unknown threat for organizations to combat than simple data theft, as it can allow hackers to alter anything from sales numbers to intellectual property. By nature, data integrity breaches are often difficult to identify and in many cases, where this type of attack has occurred, we have yet to see the real impact, said Jason Hart, Vice President and CTO for Data Protection at Gemalto.


*Data breaches by type*

Identity theft was the leading type of data breach, accounting for 69% of all incidents constituting 26% of breached data in 2017. The second most prevalent type of breach was access to financial data (16%). The number of lost, stolen or compromised records increased the most for nuisance type of data breaches (560%) which constituted 61% of all compromised data. Account access and existential type breaches decreased both in incidents and records from 2016.

*Data breaches by industry*

In 2017, the industries that experienced the largest number of data breach incidents were healthcare (27%), financial services (12%), education (11%) and government (11%). In terms of the amount of records lost, stolen or compromised, the most targeted sectors were government (18%), financial services (9.1%) and technology (16%).

*Data breaches by source*

Malicious outsiders were the leading source of data breaches, accounting for 72% of breaches, however making up only 23% of all compromised data. While accidental loss was the cause of 18% of data breaches, it accounted for 76% of all compromised records, an increase of 580% from 2016. Malicious insider breaches were 9% of the total number of incidents, however this breach source experienced a dramatic increase (117%) in the number of compromised or stolen records from 2016.

Companies can mitigate the risks surrounding a breach through a security by design approach, building in security protocols and architecture at the beginning, said Hart. This will be especially important, considering in 2018 new government regulations like Europes General Data Protection Regulation(GDPR) and the Australian Privacy Act (APA) go into effect. These regulations require companies to adapt a new mindset towards security, protecting not only their sensitive data but the privacy of the customer data they store or manage.

https://www.helpnetsecurity.com/2018...promised-2017/

----------


## harrybarracuda

You might decide to defer if you are planning to install the soon-to-be-released Spring Creators Update (but having said that, I would wait a few weeks for that to spread first, in case there are any problems with it).

But the Adobe stuff does need looking at if you're using any of it.




> Over 20 Critical Microsoft Patches to Apply This Month
> 7 Infosecurity
> 
> 
> Over 20 Critical Microsoft Patches to Apply This Month
> 
> 
> Microsoft has fixed 65 vulnerabilities this month, over a third of which are critical and stretch across OS, browser and Office environments.
> 
> ...

----------


## harrybarracuda

*It's April 2018, and we've had to sit on this Windows 10 Spring Creators Update headline for days**Bug gives Microsoft cold feet*By Shaun Nichols in San Francisco 12 Apr 2018 at 05:28


Microsoft has yet to release the Spring Creators Update to Windows 10. We've been sitting here waiting with a story about the launch ready to go, and nothing. Now people are starting to talk.


Rumored to arrive on April 10 alongside Patch Tuesday, the Spring Creators Update, aka version 1803 aka Red Stone 4, is due to deliver new code including a revamped interface, enhanced privacy and security features, and beefed up Cortana search capabilities.

Now if only they could just get the damn thing out the door. With that suggested deadline having come and gone, it's worth asking just what is going on. Could it be that everyone was preoccupied with Mark Zuckerberg appearing before US Congress, and any operating system launch would be lost in the headlines? Surely not.

Microsoft isn't much help. When prodded for explanation, a Redmond spokesperson only had this to offer:




> _We’re excited to release the next update to Windows 10 and we’ll share more when we’re ready._



That's not much help. Windows watcher Zac Bowden reported that a show-stopping bug was holding up the release of SCU. There's no word on exactly what the fault is, but it's nice to know Microsoft isn't just knowingly shipping broken code.


One industry source familiar with Redmond's processes told us that this could be a repeat of a bug that cropped up when version 1709, the Windows 10 Fall Creators Update, arrived. When that landed and was installed, some people found that their computers were unable to easily and automatically pick up any more fixes and patches from Windows Update, unless they enrolled in the Insider beta-testing program.

It is suggested this could be the case again, that a gremlin in the distribution of the software is holding up the release rather than a programming fault that you'd expect would have been picked up by now in the extensive rounds of testing.

By design, there has been no official word on when the update will land, and chances are when it does arrive there will be little fanfare – as Microsoft tends to roll out the software gradually to minimizing the howling and screaming when the thing happens to break machines. In the meantime, one sure-fire way to get the latest Windows is to enroll in the Insider program, and play away. ®



https://www.theregister.co.uk/2018/0...eators_update/

----------


## lom

> One industry source familiar with Redmond's processes told us that this could be a repeat of a bug that cropped up when version 1709, the Windows 10 Fall Creators Update, arrived. When that landed and was installed, some people found that their computers were unable to easily and automatically pick up any more fixes and patches from Windows Update, unless they enrolled in the Insider beta-testing program.


That bug is well known to me and it is a pity that MS couldn't/wouldn't inform how to fix it.

----------


## harrybarracuda

> That bug is well known to me and it is a pity that MS couldn't/wouldn't inform how to fix it.


Let's face it, Windows Update sucks. That's why they added the Troubleshooter.

https://answers.microsoft.com/en-us/...d-99cc23235dec

----------


## harrybarracuda

LONDON — Hackers are increasingly targeting 'internet of things' devices to access corporate systems — everything from CCTV cameras to air-conditioning units.

The "internet of things" refers to devices that are hooked up to the internet to allow live streams of data to be monitored. The term covers everything from household appliances to widgets in power plants and everything in between.
Nicole Eagan, the CEO of cybersecurity company Darktrace, told the WSJ CEO Council in London on Thursday: "There's a lot of internet of things devices, everything from thermostats, refrigeration systems, HVAC [air conditioning] systems, to people who bring in their Alexa devices into the offices. There's just a lot of IoT. It expands the attack surface and most of this isn't covered by traditional defenses."
Eagan gave one memorable anecdote about a case Darktrace worked on where an unnamed casino was hacked via a thermometer in a lobby aquarium.
"The attackers used that to get a foothold in the network. They then found the high-roller database and then pulled that back across the network, out the thermostat, and up to the cloud," she said.
Robert Hannigan, who ran the British government's digital spying agency GCHQ from 2014 to 2017, appeared alongside Eagan on the panel and agreed that hackers targeting internet of things devices is a growing problem for companies.
"With the internet of things producing thousands of new devices shoved onto the internet over the next few years, that's going to be an increasing problem," Hannigan said. "I saw a bank that had been hacked through its CCTV cameras because these devices are bought purely on cost."
He said regulation to mandate safety standards would likely be needed.
"It's probably one area where there'll likely need to be regulation for minimum security standards because the market isn't going to correct itself," he said. "The problem is these devices still work. The fish tank or the CCTV camera still work."

Hackers stole a casino's database through a thermometer in the lobby fish tank - Business Insider Deutschland

----------


## baldrick

if you have anything that can be connected to from the WAN that is not via VPN then you are going to be done over

if you have any devices with uPnP enabled so they open ports on your WAN you are going to be done over

----------


## bsnub

Get a free copy of Auslogics BoostSpeed 9! 

Auslogics BoostSpeed 9

----------


## harrybarracuda

> Get a free copy of Auslogics BoostSpeed 9! 
> 
> Auslogics BoostSpeed 9


As thrilling as you clearly find it, not Security News.

----------


## baldrick

fluffer haxored his computer

----------


## harrybarracuda

*Russian hackers targeting millions of devices around the world, US and UK warn*

Intelligence agencies say spying could be preparation for future attacks 


Russian hackers are targeting millions of devices around the world to spy, steal information and build networks for potentially devastating future cyberattacks, the US and UK have revealed.

The first ever joint technical alert from the two countries urged members of the public and businesses to help combat vulnerabilities with basic security precautions.

Ciaran Martin, chief executive of the National Cyber Security Centre (NCSC)  an arm of British intelligence agency GCHQ  said Russia was its most capable hostile adversary in cyberspace

In a call with _The Independent_ and other outlets, he said all attacks uncovered by American security services had directly affected the UK, including intrusion into the energy sector.

This is sustained targeting of multiple entities over months that we believe the Russian state to be behind, Mr Martin added.

The purpose of these attacks could be espionage, the theft of intellectual property and they could be positioned for use in times of tension. 

There are millions of machines being globally targeted, trying to seize control over connectivity.

The total is believed to include tens of thousands of home devices in the UK alone, which could be used at scale for wider operations.

Security services admitted they do not know the full scale of attacks by state-sponsored Russian hackers, who are using routers connecting peoples homes and offices to the internet to spy on the information going through them, harvesting passwords, data and other information that could later be used in an attack.

Mr Martin said some efforts are directly targeting the British government and critical national services, such as the NHS, where the crippling impact of North Koreas WannaCry attack showed the devastating potential of cyber warfare last year.
Other targets include internet service providers and the private sector, providing a basic infrastructure to launch future operations. 

GCHQ has been tracking Russian actors for more than 20 years but the threat has come to renewed global attention following global ransomware incidents, power outages in Ukraine and alleged interference in foreign elections.

American officials denied that Mondays pre-planned warning was linked to any increase in malicious activity following air strikes against the Kremlins Syrian allies on Saturday.

Bombing targeting chemical weapons stores by the US, UK and France worsened tensions with Vladimir Putins government further following the Salisbury nerve agent attack, diplomatic expulsions and ongoing sanctions over the Ukrainian war.

Rob Joyce, special assistant to Donald Trump and the US National Security Councils cyber security coordinator, said Russia was amassing a tremendous weapon but there was no specific intelligence on the targeting of elections.

When we see malicious cyber activity, whether it be from the Kremlin or other malicious nation-state actors, we are going to push back and push back hard, he added, detailing cyber defence, sanctions and prosecutions.

Mr Joyce said all elements of national power were being mounted against the threat, including counter-attacks and asymmetric warfare.

Security services warned that global connectivity provided by the internet of things relied upon in modern life was being exploited and issued advice on how civilians and businesses can protect their devices, as well as national defences.

They stressed that threats came from countries other than Russia, as well as criminals seeking to profit.

Switches, firewalls and Network Intrusion Detection System (NIDS) are also being exploited in what are known as man-in-the-middle attacks.

Security weaknesses combined with a Russian government campaign to exploit these devices threatens the UK and USs safety, security, and economic well-being, the NCSC said.

The Kremlin has denied persistent accusations of malicious cyber activity but last year Mr Putin conceded that patriotic Russian hackers may be acting in the fight against those who speak badly about Russia.

Keir Giles, an expert in Russian information warfare at Chatham House, said the line between government, business and the criminal world was blurred.

The bottom line is these attacks would not be coming from Russia without Russian state collusion  if they wanted to stop it they could, he told_ The Independent._

Mr Giles said Russias attacks had become more blatant due to a lack of deterrents during Barack Obamas administration.
They have not cared for some time about being identified as the source of hostile activity, he added.

Russia is far less concerned about being a rogue state because they have no reputation to maintain, they are behaving more like North Korea than the European nation they once pretended or aspired to be.

This is just another symptom of Russia believing it is in an advanced state of conflict in the West in every domain apart from overt military clashes.

Ewan Lawson, a senior research fellow at the Royal United Services Institute for Defence and Security Studies (RUSI), said actors could be viewing browsing history, emails, messages or sending information elsewhere.

The concern with the presence of someone on your network is are they simply there looking or as a preparatory measure for something more nefarious? the former RAF officer added.

Either is bad. We havent seen a lot of damaging attacks yet but I believe were going to. If they were on a transport network, for example, the potential is there to disrupt train services. You could get into the signalling network.

Read the full alert and advice here.

https://www.independent.co.uk/news/u...-a8307696.html

----------


## baldrick

and western governments want to hamstring deveolpment of decentralised point to point encrypted communications ?

viva la blockchain

----------


## harrybarracuda

If you are using any of these, get rid.


AdRemover for Google Chrome™ (10M+ users)uBlock Plus (8M+ users)Adblock Pro (2M+ users)HD for YouTube™ (400K+ users)Webutation (30K+ users)
https://blog.adguard.com/en/over-20-...e-ad-blockers/

----------


## harrybarracuda

A group of 34 tech companies, including Facebook and Microsoft, have formed a cybersecurity consortium, pledging to work together to “act responsibly, to protect and empower our users and customers, and thereby to improve the security, stability, and resilience of cyberspace.”

The group, which also includes Arm, Cisco, HP, Nielsen, Nokia, Oracle, Telefónica and Trend Micro, has published a Cybersecurity Tech Accord that promises to protect the group’s collective users and customers from cyberattacks by designing offerings that prioritize security and privacy and that are developed with an eye to reducing vulnerabilities. Part of that includes securing the supply chain to prevent tampering.

It also said that the companies won’t work with governments on offensive capabilities.

“Protecting our online environment is in everyone’s interest,” said Microsoft president Brad Smith in a blog post. “The companies that are part of the Cybersecurity Tech Accord promise to defend and advance technology’s benefits for society. And we commit to act responsibly, to protect and empower our users and customers, and help create a safer and more secure online world.”

Crucially, the group said that members would work with each other, establishing partnerships with industry leaders and security researchers to improve technical collaboration, perform coordinated vulnerability disclosure, and share information on threats. Meanwhile, user education will be a priority, with more information and better tools to enable consumers and businesses to understand the threats and protect themselves against them.

“Separate from the fact that some of the major social networks and cloud operators are missing, the key to any meaningful outcome is better communication to users, of how to use the security capabilities within the various vendors’ tools,” David Ginsburg, vice president of marketing at Cavirin, told _Infosecurity_. “In several cases, the capabilities are there, but they are too difficult to deploy, or, in some cases, tools from multiple vendors will provide contradictory guidance. This practical aspect is tremendously important.”

Despite the good feels, Mike Banic, vice president of marketing at Vectra, added that the pledge doesn’t include any enforcement actions, and as a voluntary plan it is less likely to have an effect than regulation would.

“The impending EU General Data Protection Regulation (GDPR) will have more impact [on improving security], since it has real teeth in the form of fines that can be as much as 4% of annual revenue if the personal information of EU-based citizens is exposed or misused, and organizations must provide notification within 72 hours,” he said. “An example to consider is the timeline of the Equifax breach where personally identifiable information (PII) was exposed and notification was not within the notification period. With so many organizations operating in EU nations or processing EU-based citizen’s data, evaluating their security program to ensure GDPR compliance is such a high priority that this alliance may go unnoticed.”

https://www.infosecurity-magazine.co...and-32-others/

----------


## Latindancer

Yahoo has been sold. 

  For the last couple of days, when I log into my email I am prompted to agree to the actual content of my email being read or analysed. I haven't yet.
  I feel it is coming a bit too hot on the heels of the whole Facebook scandal.



New Privacy and Terms

Yahoo is now part of Oath, the media and tech company behind today’s top news, sports and entertainment sites and apps.

By choosing “I accept” below, you agree to Oath’s new Terms of Service and Privacy Policy. Below is a summary of some of the key updates. To learn more about our approach to privacy, click here.

How we collect and use data.

    We’ve updated some of the ways we collect and analyze user data in order to deliver services, content, relevant advertising and abuse protection.
This includes: analyzing content and information when you use our services (including emails, instant messages, posts, photos, attachments, and other communications), linking your activity on other sites and apps with information we have about you, and providing anonymized and/or aggregated reports to other parties regarding user trends.

Q: What user information is being shared?

A: We share user information only in limited circumstances, including among Oath affiliates and others in Verizon; our trusted partners who work on behalf of or with Oath based on our directions and in compliance with appropriate confidentiality measures; our advertising, analytics and business partners; and as otherwise disclosed in the Oath Privacy Policy.

----------


## harrybarracuda

So dump it.

https://protonmail.com/

----------


## harrybarracuda

SIEMonster are pleased to announce a new product range of affordable Micro SIEM appliances designed to monitor the Internet of Things (IoT) in your home or business.SIEMonster have developed a low cost SIEM appliance codenamed “Redback” for (IoT) security monitoring. Customers can now receive device alerts, hacker attempts or firmware updates instantly to their smart phones or mobile devices using the SIEMonster Redback smartphone application.



My fridge is as dumb as a fucking rock.





https://siemonster.com/siemonster-mi...em-appliances/

----------


## harrybarracuda

Windows Defender Browser Protection for Google Chrome first look

by Martin Brinkmann on April 19, 2018 in Google Chrome - Last Update: April 19, 2018 - No comments

Microsoft published the new security extension Windows Defender Browser Protection for Google Chrome yesterday which adds another link vetting mechanism to Chrome to protect users against phishing and other malicious types of sites.

Google Chrome protects users against malicious and deceptive sites already but Microsoft believes that its technology offers better protection against phishing attacks than Google's does.

The company cites a 2017 study by NSS Labs in which Microsoft Edge blocked 99% of all phishing attacks while Chrome and Firefox blocked only 87% and 70% of all attacks respectively.

Microsoft published the extension for Google Chrome exclusively but it installs in other Chromium-based browsers as well albeit with some issues. In Vivaldi, for instance, it did not display the extension icon. The missing icon does not mean that the extension's checking of sites does not work, but that you can't interact with the icon directly.

Initial user reviews indicate, however, that the extension does not work on Chrome OS right now.

Windows Defender Browser Protection adds an icon to Chrome's main toolbar when it is installed. You can interact with the icon, but the only options that it provides is to enable or disable the protection, and to click on links to open the privacy statement, give feedback to Microsoft, or open "learn more" links.

The browser extension adds its capabilities to Chrome without interfering with the browser's built-in protection against deceptive sites which means, at least in theory, that the protection won't get worse after installing Microsoft's extension for Chrome. I don't really know what happens if Microsoft's extension and Google's built-in protection are triggered on the same page, though. My best guess is that Chrome's built-in functionality will kick in then but that remains to be tested.

Windows Defender Browser Protection brings the phishing protection that Microsoft uses for Edge to Google Chrome and therefore also to non-Windows systems. I'm not sure why Microsoft would bring one of the few advantages that Edge has over Google Chrome to the competing browser but the most likely explanation is that Microsoft gets additional data out of it that it will process, and that the collected data trumps giving up that advantage.

The extension has no privacy policy of its own which makes it impossible to tell which data Microsoft collects and how the company processes the data.

https://www.ghacks.net/2018/04/19/wi...me-first-look/

----------


## harrybarracuda

*Dubai's Careem hit by cyber attack affecting 14 million users*



Reuters Staff
2 MIN READ

DUBAI (Reuters) - Careem, Uber’s main ride-hailing app rival in the Middle East, was hit by a cyber attack that compromised the data of 14 million users, it said on Monday.







The company learned of the breach, in which access was gained to a computer system that stored customer and driver account information, on January 14, it said in statement.

Names, email addresses, phone numbers and trip data were stolen, though there was no evidence that passwords or credit card information - held on external third-party servers - were compromised, it said.




At the time of the attack, Careem had 14 million customers and 558,000 drivers on its platform operating in 78 cities across the region, a company spokesman told Reuters. Users who have signed up since the attack were not affected.




The company, one of the region’s most prominent start-ups, apologized to its users, saying it “has learned from this experience and will come out of it a stronger and more resilient organization”.

News of the attack comes at a sensitive time for Careem, as it tests investor appetite for a bid to raise as much as $500 million to fund new business lines. It completed a funding round of the same amount last year.

Careem, founded in 2012, already counts Saudi Arabia’s Kingdom Holding, German carmaker Daimler and Chinese ride-hailer DiDi Chuxing among its investors.


The company has previously said it is targeting profitability in the second half of 2018. It has also said that an initial public offering is an option under consideration.

Reporting by Katie Paul; Editing by Ghaida Ghantous and David Goodman

https://www.reuters.com/article/us-c...-idUSKBN1HU1WJ

----------


## harrybarracuda

*Millions of Hotel Rooms Are at Risk of 'Master Key' Hack*Millions of hotel rooms are at risk of being unlocked with a “master key” hack.

Security researcher F-Secure revealed on Wednesday that hotel rooms in 166 countries and 40,000 locations are at risk of being unlocked and opened by hackers who have exploited software in electronic keys created by Assa Abloy, formerly known as VingCard. According to the researchers, whose claims were earlier reported on by Gizmodo, the software running on those keys, called Vision, has a vulnerability that allows criminals to create master keys and open any door in the facility.

In order to exploit the flaw, hackers need a single hotel room key. They then use an RFID reader to try several key combinations to decode the card. In most cases, according to the security researchers, about 20 key combinations are required before the code is determined and the master key is created for the hotel. Worse yet, the whole process takes only one minute to complete.

Breaking into hotel rooms is nothing new. But electronic key cards have taken the place of traditional locks and keys due in large part to the assumption of improved security. But with technology comes the possibility of software or hardware failing to provide enough security and causing problems. And according to F-Secure, that’s what happened with the hotel room keys it’s analyzed.


It’s unknown whether anyone has actually exploited the threat and F-Secure has not released its techniques. The researchers are, however, working with Assa Abloy to address the problem. In an interview with Gizmodo, the researchers said Assa Abloy has taken their findings “very seriously from the beginning.”

A software patch has been developed and hotels are now being urged to update their software. Once the patch is applied, their hotel rooms will no longer be susceptible to the hack.

Assa Aboly did not respond to a Fortune request for comment on the findings.

&#39;Master Key&#39; Hack Opens Millions of Hotel Rooms | Fortune

----------


## parryhandy

^ so do outfits like f secure get paid by these companies for finding exploits or are they kind of blackmailing them when they find vulnerabilities ?

----------


## harrybarracuda

> ^ so do outfits like f secure get paid by these companies for finding exploits or are they kind of blackmailing them when they find vulnerabilities ?


They get publicity for their products by finding these vulnerabilities.

----------


## harrybarracuda

New Gmail has automated scans -- here’s what you can and can’t turn off
Google releases several new features for its Gmail update, including scans through your emails to help with convenience and security. Some are there for good.


The refreshed Gmail has multiple new features designed to make sorting through your inbox more convenient. But it also means having Google's artificial intelligence automatically sifting through your messages.


Google announced the Gmail update on Wednesday, giving a major facelift to more than 4 million paying businesses that use G Suite, the professional version of Google's productivity apps. One of the new features includes using AI scans for emails, for Smart Nudge, Smart Reply and high-priority notifications.


Smart Nudge reminds people if they didn't respond to an email after a set amount of days. High-priority notifications looks through your emails, determines what's important, and chooses which ones to notify you about. Smart Reply, which offers canned responses to emails, has been available on mobile platforms since the introduction of Google's standalone Inbox app in May 2017.


Considering how much data Google has on its users -- which often exceeds data collected from Facebook -- the new features' scans might not be worth giving up your privacy. This debate arises as Facebook deals with a firestorm over how it handles user data, which has forced people to reassess how our data is being collected and used.


The good news: the new Gmail gives users the option to shut off some of these scans. The bad news: you don't have complete control.  


What you can control


- Smart reply
- Nudging
- High priority notifications


"There isn't a way to turn off security processing, but users may turn off features like Smart Reply and Nudging in Settings," Brooks Hocog, a Google spokesman, said.


You'll be able to do it in your settings on the new Gmail once the features are available. They haven't rolled out yet, but should be available in coming weeks, Google said. 


What you can't turn off


- Security features


Google introduced its AI security features last May, blocking anything it determines is spam, phishing or malware.


There's some justification for why those security settings are mandatory. With more than 1.2 billion users, Gmail is a major target for cybercriminals. About 50 percent to 70 percent of messages in Gmail's inboxes are spam, according to the company.


Google declined to disclose how long it keeps data from Gmail scans.  


The company also stressed that none of the scans will contribute to advertising. Google used to scan Gmail messages to help serve ads based on your personal information, but stopped last June.


Privacy concerns with big tech have moved into the spotlight as people start to take issues with just how much companies know about us. Facebook served as a catalyst to the debate after its Cambridge Analytica scandal, where information on 87 million people was obtained through an oversight on how much data its apps could get.


So even if you turn off Gmail's newest AI scanning features, you should know: Google's algorithms are still searching through your messages -- just for other purposes. 


https://www.cnet.com/news/the-new-gm...cant-turn-off/

----------


## misskit

*Computer users warned against GhostSecret operation*BANGKOK, 1st May 2018 (NNT) - The Ministry of Digital Economy and Society has warned computer users of a new malware, which can damage information on computers, under Operation GhostSecret by a group of hackers named Hidden Cobra. 

The Deputy Permanent Secretary for Digital Economy and Society, Gp. Capt. Somsak Khaosuwan, said Thailand Computer Emergency Response Team (ThaiCERT) had reported on the investigation conducted by experts at McAfee that identified the Operation GhostSecret. 

The GhostSecret was found using servers in Thailand to attack and destroy infrastructure agencies, entertainment industry and financial and public health sectors. It has attacked more than 17 countries, including Thailand. 

People are advised not to download unknown files and to regularly update their operating systems and antivirus softwares. 



National News Bureau Of Thailand | Computer users warned against GhostSecret operation

----------


## harrybarracuda

Heheheh




> Further investigation into the control server infrastructure reveals the SSL certificate d0cb9b2d4809575e1bc1f4657e0eb56f307c7a76, which is tied to the control server 203.131.222.83, used by the February 2018 implant. *This server resides at Thammasat University in Bangkok, Thailand.*


https://securingtomorrow.mcafee.com/...ata-worldwide/

----------


## harrybarracuda

Twatter fans take note:

https://blog.twitter.com/official/en...nt-secure.html

(Translation: They fucked up again).

----------


## harrybarracuda

*New Rowhammer attack can be used to hack Android devices remotely*Researchers from Vrije Universiteit in Amsterdam have demonstrated that it is possible to use a Rowhammer attack to remotely hack Android phones.


*What is a Rowhammer attack?*“The Rowhammer attack targets the design of DRAM memory. On a system where the DRAM is insufficiently refreshed, targeted operations on a row of DRAM memory may be able to influence the memory values on neighboring rows,” the CERT Division of the Software Engineering Institute (SEI) at Carnegie Mellon University succinctly explained.


The result of such an attack is that the value of one or more bits in physical memory (in this case GPU memory) is flipped, and may offer new access to the target system.

Successful Rowhammer attacks have been previously demonstrated against local machines, remote machines, and Linux virtual machines on cloud servers.
*The GLitch attack*The researchers dubbed their attack “GLitch,” as it leverages WebGL, a JavaScript API for rendering interactive graphics in web browsers, to determine the physical memory layout of the DRAM memory before starting the targeted Rowhammer attack.

Vulnerable smartphones can be targeted by tricking users into visiting a website hosting a malicious JavaScript. A successful exploitation results in malicious code being run on the devices, but just within the privilege of the browser, meaning that a complete compromise of the device is not possible but password theft is.

“The impact of combining both the side-channel attack and rowhammer attack has been demonstrated to bypass the Firefox sandbox on the Android platform,” the SEI CERT division noted.

“It is important to realize that the GLitch attack has only successfully been demonstrated on the Nexus 5 phone, which was released in 2013. The Nexus 5 phone received its last software security update in October, 2015, and is therefore an already unsafe device to use. Several other phones released in 2013 were tested, but were not able to successfully be attacked with the GLitch attack. Success rates on phones newer than 2013 models were not provided. Non-Android devices were not tested as well.”

The researchers have told Wired that the attack can be modified to target different phone architectures and different browsers.

To mitigate the risk of this particular attack, Google and Mozilla have already released updates for Chrome and Firefox that disable the high precision WebGL timers leveraged to leak memory addresses.

More technical details about GLitch can be found in this paper.

https://www.helpnetsecurity.com/2018...ttack-android/

----------


## harrybarracuda

Cheeky Russian fuckers....

_"The ransomware targets users in the USA, Kuwait, Germany, Iran and avoids targeting user in Russia, Belarus, Ukraine, Georgia, Tajikistan, Kazakhstan, and Uzbekistan"._





> *New Variant of SynAck Ransomware uses the Doppelgänging technique*
> 
> Researchers have discovered a new variant of SynAck ransomware which uses the Process Doppelgänging technique.
> 
> Process Doppelgänging is a new code injection technique which utilized the windows mechanism NTFS transaction to create a malicious process from the transacted file to avoid detection from security products.
> 
> This attacking technique works on all version Microsoft Windows including Windows 10 and can bypass most of the modern security solutions.
> 
> <snip>
> ...


https://securereading.com/new-varian...ing-technique/

----------


## harrybarracuda

*Eight new Spectre variants affecting Intel chips discovered, four are "high risk"*

*Intel is already working on fixes*

Spectre and Meltdown may not be getting as many headlines as they were a few months ago, but that could soon all change following the discovery of eight Spectre-style security issues in Intel’s CPUs.

German website Heise reports that the vulnerabilities, called Spectre Next Generation, or Spectre NG, were recently reported to Intel. The chip maker gave four of them a severity rating of high, while the remaining four were rated as medium severity.

The technical details haven’t been revealed, but the vulnerabilities’ risks and attack scenarios are similar to the original Spectre. Cloud hosting and cloud services providers are most at risk from Spectre NG, as attackers could use the exploit to gain access to data transfers and compromise secure data.

Heise writes that some ARM CPUs are also vulnerable to Spectre NG, though it’s unclear if AMD’s processors are also at risk, and if so, to what extent.

Intel is said to be working on fixes for Spectre Next Generation, while other patches are being developed alongside operating system manufacturers such as Microsoft. The report suggests that these will be released in two batches. The first could arrive as soon as this month, with the second arriving sometime in August, though these dates could always change.

As with Spectre and Meltdown, one of the biggest concerns for everyday users with Spectre NG is how the fixes could affect system performance, and whether any result in the same problems as before: Intel's microcode caused random system restarts and the company recommended users stop installing it. Microsoft eventually had to release a software update for Windows 7, Windows 8.1, and Windows 10 to disable Intel's mitigation against Spectre variant 2.

Update: Intel provided this statement to TechSpot via email:
“Protecting our customers’ data and ensuring the security of our products are critical priorities for us. We routinely work closely with customers, partners, other chipmakers and researchers to understand and mitigate any issues that are identified, and part of this process involves reserving blocks of CVE numbers. We believe strongly in the value of coordinated disclosure and will share additional details on any potential issues as we finalize mitigations. As a best practice, we continue to encourage everyone to keep their systems up-to-date.”

https://www.techspot.com/news/74447-...iscovered.html

----------


## harrybarracuda

*IBM bans all removable storage, for all staff, everywhere**Risk of ‘financial and reputational damage’ is too high, says CISO*By Simon Sharwood, APAC Editor 10 May 2018 at 05:01
201  SHARE ▼



IBM has banned its staff from using removable storage devices.

In an advisory to employees, IBM global chief information security officer Shamla Naidoo said the company “is expanding the practice of prohibiting data transfer to all removable portable storage devices (eg: USB, SD card, flash drive).”

The advisory stated some pockets of IBM have had this policy for a while, but “over the next few weeks we are implementing this policy worldwide.”

Big Blue’s doing this because “the possible financial and reputational damage from misplaced, lost or misused removable portable storage devices must be minimised.”

IBMers are advised to use Big Blue’s preferred sync ‘n’ share service to move data around.

But the advisory also admitted that the move may be “disruptive for some.”

She’s not wrong: The Register understands that frontline IBM staff sometimes need to download patches so they can be installed on devices they manage for clients and that bootable USB drives are one means of installing those patches.

Indeed, IBM offers advice on how to install Linux on its own POWER 9 servers using a USB key. ®

UPDATE: Since publishing this story we've heard whispers that IBM has taken note of staff objections to the removable storage ban, especially when doing software updates, and is considering making a few exemptions.



https://www.theregister.co.uk/2018/0...ff_everywhere/

----------


## harrybarracuda

*Brutal cryptocurrency mining malware crashes your PC when discovered*WinstarNssmMiner not only leeches your processing power but will maliciously crash your system if you attempt to remove it.

By Charlie Osborne for Zero Day | May 17, 2018 -- 09:15 GMT (10:15 BST) | Topic: Security




A new form of cryptominer has been discovered which crashes systems the moment antivirus products attempt to remove the malware.

The malware, dubbed WinstarNssmMiner by 360 Total Security researchers, has been used in half a million attempted attacks leveraged at PCs in only three days.


On Wednesday, the cybersecurity firm said the cryptomining malware aims to infect PCs in order to steal processing power for the purpose of mining the Monero cryptocurrency.

WinstarNssmMiner is brutal code as it will crash victim PCs the moment antivirus products detect and attempt to remove it.

The cryptominer launches the svchost.exe process -- used to manage system services -- and injects malicious code into the file. One injected process begins mining cryptocurrency while the other runs in the background to avoid detection and scan for antivirus protection.

In the second stage, WinstarNssmMiner then tampers with CriticalProcess, adding a process attribute which allows the malware to crash the system at whim.

However, the malware is a coward at heart. As 360 Total Security writes, WinstarNssmMiner "turns off antivirus protection of defenseless foes and backs off when facing sharp swords."


The malware scans compromised systems for antivirus products. Any "decent" solutions offered by reputable companies -- such as Kaspersky Lab and Avast -- and will quit automatically if these types of antivirus products are discovered.

However, if weaker antivirus systems are in use, the crash process starts up and victims have to live with crippling slowness and blue screens while the malware cheerfully steals their power and mines Monero on the attacker's behalf.

"Due to the nature of digital currency mining, cryptominers use up victims' processing power for the sake of their distributors," the researchers note. "Some savvy users are able to identify and terminate the CPU consuming applications. Hence, WinstarNssmMiner protects itself by configuring its mining processes' attribute to CriticalProcess so infected computers crash when users terminate it."

Four mining pools have been linked to the malware at present. At the time of writing, the threat actors behind the spread of WinstarNssmMiner have mined 133 Monero, which is equivalent to roughly $26,500.

The malware is based on XMRig, a legitimate open-source cryptocurrency mining project. This legitimate script, however, has been hijacked by malware developers for fraudulent cryptocurrency mining purposes.

IBM, for example, has connected XMRig to cryptocurrency mining malware RubyMiner and Waterminer.


Earlier this week, researchers from RedLock warned that cryptojacking attacks are on the rise against enterprise players which utilize cloud environments.

Up to 25 percent of organizations are thought to have experienced cryptojacking activity within their cloud environments this year alone. Insecure databases and the failure to rotate access keys are often at fault.

https://www.zdnet.com/article/brutal...en-discovered/

----------


## harrybarracuda

Oh great.




> The introduction of GDPR next week could see a future increase in the amount of malicious spam, due to the end of blocking malicious domains by registrar.
> 
> Speaking to _Infosecurity_ this week, Caleb Barlow, vice president of threat intelligence at IBM Security, said that the Whois database is the fundamental ethos of how we protect the internet and we are seeing those services get shut down as GDPR offers the ability to protect the identity of the domain owner.
> 
> Barlow called this an unintended consequence of this privacy law and that the end of disclosure of who owns the domain will prevent tracking the owners.
> 
> He said: Millions of emails come in every day and we use Whois to see who sent it and block spammers, so the message doesnt even make it in as it is blocked at the network layer. When a new domain gets registered we look at the Whois information and name and address.
> 
> This issue was addressed by David Redl, the new head of the US National Telecommunications and Information Administration, earlier this year. He said: The Whois service can, and should, retain its essential character while complying with national privacy laws, including the GDPR. It is in the interests of all internet stakeholders that it does.
> ...

----------


## harrybarracuda

Early release of this one because it's already infected 500,000 devices....




> WEDNESDAY, MAY 23, 2018
> 
> *New VPNFilter malware targets 100,000s of networking devices worldwide*
> 
> 
> INTRO
> 
> 
> For several months, Talos has been working with public- and private-sector threat intelligence partners and law enforcement in researching an advanced, likely state-sponsored or state-affiliated actor's widespread use of a sophisticated modular malware system we call "VPNFilter." We have not completed our research, but recent events have convinced us that the correct way forward is to now share our findings so that affected parties can take the appropriate action to defend themselves.  In particular, the code of this malware overlaps with versions of the BlackEnergy malware — which was responsible for multiple large-scale attacks that targeted devices in Ukraine. 
> ...

----------


## Latindancer

*US disrupts Russian botnet of 500,000 hacked routers*US  Justice Department seizes "VPNFilter" botnet set up by a hacking group  variously called APT28, Pawn Storm, Sandworm, Fancy Bear and the Sofacy  Group.


The  US Justice Department said Wednesday that it had seized an internet  domain that directed a dangerous botnet of a half-million infected home  and office network routers, controlled by hackers believed tied to  Russian intelligence.
The  move was aimed at breaking up an operation deeply embedded in small and  medium-sized computer networks that could allow the hackers to take  control of computers as well as easily steal data.


The  Justice Department said the "VPNFilter" botnet was set up by a hacking  group variously called APT28, Pawn Storm, Sandworm, Fancy Bear and the  Sofacy Group.
The  group is blamed for cyber attacks on numerous governments, key  infrastructure industries like power grids, the Organization for  Security and Co-operation in Europe, the World Anti-Doping Agency, and  other bodies.
US  intelligence agencies also say it was involved in the operation to hack  and release damaging information on the Democratic Party during the  2016 US presidential election, and has engineered a number of computer  network disruptions in Ukraine.
"According  to cybersecurity researchers, the Sofacy Group is a cyber-espionage  group believed to have originated from Russia," the Department of  Justice said in a court filing.


"Likely  operating since 2007, the group is known to typically target  government, military, security organizations, and other targets of  intelligence value, through a variety of means," it said.
The  Justice filing did not say who was behind Sofacy Group, but US  intelligence has in the past linked it to Russia's GRU military  intelligence agency, and numerous private computer security groups have  made the same connection.
In  Wednesday's action, the Justice Department said it had obtained a  warrant authorizing the FBI to seize a computer domain that is part of  the command and control system of the VPNFilter botnet.
The  botnet targets home and office routers, through which it can relay  orders from the botnet's controllers and intercept and reroute traffic  back to them, virtually undetected by the users of a network.


In  a report released in parallel to the Justice announcement, network  equipment giant Cisco said VPNFilter had infected at least 500,000  devices in at least 54 countries.
It has targeted popular router brands like Linksys, MikroTik, NETGEAR and TP-Link.
"The  behavior of this malware on networking equipment is particularly  concerning, as components of the VPNFilter malware allows for theft of  website credentials," Cisco said.
It  also has "a destructive capacity that can render an infected device  unusable, which can be triggered on individual victim machines or en  masse."
Both  Justice and Cisco said they were releasing details of the problem  before having found a strong, permanent fix. Justice said that by  seizing control of one of the domains involved in running VNPFilter, it  will give owners of infected routers a chance to reboot them, forcing  them to begin communicating with the now-neutralized command domain.


The  vulnerability will remain, Justice said, but the move will allow them  more time to identify and intervene in other parts of the network.
US  Justice Department seizes "VPNFilter" botnet set up by a hacking group  variously called APT28, Pawn Storm, Sandworm, Fancy Bear and the Sofacy  Group

https://au.news.yahoo.com/us-disrupt...7390--spt.html

----------


## harrybarracuda

I doubt there's just one domain involved.

All depends if they want to blow their cover by triggering it now.

----------


## harrybarracuda

List of devices that come preinstalled with Adware according to Avast post (Second link).

https://docs.google.com/spreadsheets...f50/edit#gid=0

https://blog.avast.com/android-devic...talled-malware

----------


## harrybarracuda

Currently only targeting Poland, but I dare say this malware is for sale in some murky corner of the Dark Web.




> *BackSwap Trojan exploits standard browser features to empty bank accounts*Creating effective and stealthy banking malware is becoming increasingly difficult, forcing malware authors to come up with innovative methods. The latest creative burst in this malware segment comes from a group that initially came up with malware stealing cryptocurrency by replacing wallet addresses in the clipboard.
> *About the BackSwap banking malware*“To steal money from a victim’s account via the internet banking interface, typical banking malware will inject itself or its specialized banking module into the browser’s process address space,” ESET malware researcher Michal Poslušný notes.
> 
> 
> The success of this approach depends on the injection not be detected by security solutions, modules matching the bitness of the target browser, and the banking module hooking browser functions, and their location varies from browser to browser.
> 
> BackSwap eschews the usual “process injection for monitoring browsing activity” trick. Instead, it handles everything by working with Windows GUI elements and simulating user input.
> 
> “This might seem trivial, but it actually is a very powerful technique that solves many ‘issues’ associated with conventional browser injection,” the researcher notes.
> ...

----------


## harrybarracuda

Well if you ever needed an excuse to have a secure gateway inside your ISP's router...

Mind you I'm surprised they didn't lock up the bloke who found out about it.

 :Smile: 





> *ISP popped router ports, saving customers the trouble of making themselves hackable**SingTel then left them open for a while, because ... well there's no excuse is there?*By Richard Chirgwin 29 May 2018 at 02:08
> 15  SHARE ▼
> 
> 
> 
> Singaporean broadband users were left vulnerable to attackers after their ISP opened remote access ports on their modems and forgot to close them.
> 
> The discovery was made by NewSky Security researcher Ankit Anubhav, who used Shodan to scan for SingTel routers open on port 10,000 – the default Network Data Management Protocol TCP/UDP port.
> 
> ...


https://www.theregister.co.uk/2018/0...er_ports_open/

----------


## harrybarracuda

Simple walkthrough for those with devices listed as VPNFilter-vulnerable, although the steps apply even if your Router is not on the list.




> *How to remove VPNFilter and protect your router or NAS*
> 
> To completely remove VPNFilter and protect your router from being infected again, you should follow these steps:
> 
> 
> *Reset Router to Factory Defaults:* Linksys * Netgear * QNAP * TP-Link*Upgrade to the latest firmware:* Linksys * Netgear * QNAP * TP-Link*Change the default admin password*: Linksys * Netgear * QNAP * TP-Link*Disable Remote Administration:* Linksys * Netgear * QNAP * TP-Link
> The Linksys and Netgear links are for enabling remote administration, which we do not want to do. I only listed them as it shows how to get to a page where you can check if its enabled or not. Typically, remote administration is disabled by default.
> https://www.bleepingcomputer.com/new...ts-not-enough/

----------


## harrybarracuda

Muppets. Cloudflare blocked their own traffic thinking it was a DDOS attack.

 :Smile: 




> When is a DDoS attack not a DDoS attack?
> 
> 
> In the case of Cloudflare’s much-vaunted and recently-launched 1.1.1.1 DNS service, the answer is when the company diligently starts blocking a DDoS event which turns out to have been caused by something much closer to home.
> 
> Users pointing their DNS resolution at 1.1.1.1 (or 1.0.0.1) at router level on 31 May would have noticed a 17-minute disruption to DNS resolution for all network devices, starting at 17:58 UTC.
> 
> Users doing the same from a Windows, Linux or Mac computer would have noticed the same effect but only on that device.
> 
> ...

----------


## harrybarracuda

I didn't notice that Pornhub quietly announced a free VPN service.

Make's sense I suppose.

 :Smile: 

https://www.vpnhub.com/

----------


## harrybarracuda

Talos have updated the list of devices vulnerable to VPNFilter:

*ASUS DEVICES:*RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

*D-LINK DEVICES:*DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

*HUAWEI DEVICES:*HG8245 (new)

*LINKSYS DEVICES:*E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

*MIKROTIK DEVICES:*CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)



*NETGEAR DEVICES:*DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

*QNAP DEVICES:*TS251
TS439 Pro
Other QNAP NAS devices running QTS software

*TP-LINK DEVICES:*R600VPN
TL-WR741ND (new)
TL-WR841N (new)

*UBIQUITI DEVICES:*NSM2 (new)
PBE M5 (new)

*UPVEL DEVICES:*Unknown Models* (new)

*ZTE DEVICES:*ZXHN H108N (new)

* Malware targeting Upvel as a vendor has been discovered, but we are unable to determine which specific device it is targeting.

Blog post is here:

https://blog.talosintelligence.com/2...er-update.html

----------


## harrybarracuda

Oh, and update your FOSCAM cameras, too.

https://blog.vdoo.com/2018/06/06/vdo...oscam-cameras/

----------


## harrybarracuda

Retailer Dixons Carphone said it has uncovered unauthorised access of data held by the company, involving 5.9 million payment cards and 1.2 million personal data records.

Read more: https://metro.co.uk/2018/06/13/hacke...9/?ito=cbshare
Twitter: https://twitter.com/MetroUK | Facebook: https://www.facebook.com/MetroUK/

----------


## harrybarracuda

Bit more from the Beeb:




> Dixons Carphone has admitted a huge data breach involving 5.9 million payment cards and 1.2 million personal data records.
> It has begun investigating the unauthorised access of data.
> 
> 
> It said 5.8 million of the credit and debit cards had chip-and-pin protection and that pin codes had not been accessed.
> As a result, about 105,000 non-EU cards, which were not chip-and-pin, had been compromised, it said.
> 
> Dixons Carphone said it had no evidence that any of the cards had been used fraudulently following the breach.
> 
> ...

----------


## David48atTD

Google confirms external apps can scan your emails:

Google has confirmed it allows some external software developers to  read and analyse the inboxes of Gmail users, following 
scrutiny about  privacy on the platform. 

External apps can integrate with Gmail so  customers have options around how they use their email, director of  security at 
Google Cloud Suzanne Frey said in a blog post.

Before an app is able to access your data, she wrote, the company always shows a "permissions screen" that details the 
data the app can access. 

In 2017, Google announced it would no longer scan Gmail to personalise advertisements. 

"To be absolutely clear: no-one at Google reads your Gmail," Ms Frey said.   :Smile:

----------


## harrybarracuda

Talking of Google...





> Just a simple reminder that Google Chrome will mark unencrypted websites as “not secure” sometime this month. Make sure to get your website encrypted if you do not want Google to call you out on the address bar in the Chrome browser.


https://www.androidauthority.com/jul...chrome-836247/

----------


## harrybarracuda

Time to update Adobe Reader (and Acrobat) if you are using it.

https://helpx.adobe.com/security/pro...apsb18-09.html

Also some Microsoft recent updates that are being exploited in the wild on Windows 7 (and Server 2008).

https://portal.msrc.microsoft.com/en.../CVE-2018-8120


Interesting that someone found them after somebody else uploaded a Proof of Concept to Virustotal. You would have thought they would have sent them to Adobe and MS and trousered the bug bounty!

----------


## harrybarracuda

Voice-activated digital assistants—such as the Amazon Echo that sits on your counter to Cortana on your Windows systems or Siri on Apple's iPhones—are intended to connect users to services through an easy-to-use voice interface. However, the voice assistants are making cyber-attackers' jobs easier as well. 


At the Black Hat conference later this month, for example, four researchers will show how Cortana can be used to bypass the security on locked Windows PCs and other devices. While the group is exploiting a specific vulnerability—dubbed "Open Sesame"—the issues with voice assistants are deeper, said Tal Be'ery, an independent researcher and part of the team. 


"Voice interfaces can be a good idea, but it is not relevant to all devices and all actions," he said. "Enabling everything the PC does, and going through a voice interface on a corporate environment—this is not a very smart architecture decision." 


The research involves just the latest attack that utilizes voice assistants, which often prioritize convenience over security. Digital assistants have been added to phones and PCs as a convenient new way of interacting with the devices. Smart speakers—such as the Amazon Echo and the Google Home—have taken off, with 1 in 6 Americans owning one of the devices. 


Yet, there already has been incidents. In January 2017, an on-air news caster said, "I love the little girl saying, 'Alexa ordered me a dollhouse,'" leading to Alexa devices in viewers' homes attempting to order dollhouses. And in May 2018, Amazon's smart speaker picked up a couples' conversation, recorded it, and sent it to a friend. 


The incidents underscore that, in addition to bypassing many security controls, voice assistants are nothing less than sleepless sensors that are almost always listening for potential commands, which makes them a privacy issue. 


"The cases that will be handled first are those that are triggered accidentally—like the dollhouse incident," said Nicholas Carlini, a recent PhD graduate from the University of California, Berkeley, who researched adversarial attacks against artificial intelligence systems. "It is an active area of research of how to stop these issues." 


Here are five ways that voice assistants can be used to attack. 


1. Hiding commands in the audio


Among adversarial attacks against machine-learning and artificial-intelligence systems are a class that attempt to change an input—an image for vision systems and an audio clip for voice systems—so that the machine recognizes it as something completely different. 


UC Berkeley's Carlini used just such a technique in his research by modifying an audio clip that transcribes to one phrase to a 99.9-percent similar clip that transcribes into a completely different phrase. The technique can even hide commands inside music. 


Currently, the effort only works in the most controlled environments, but creating a generalized attack should be feasible, said Carlini. 


"It's still unknown whether this can be done over the air," he said. "We tried some obvious things, but we didn't try too hard…I believe it would be possible." 


2. Machines can hear it, you can't


Hiding commands inside other audio is not the only way to create a covert way to manipulate voice assistants. In an attack presented in 2017, six researchers from Zhejiang University showed that they could use sound inaudible to human to command Siri to make a phone call or to take other actions. 


Called the DolphinAttack, the hack shows that a lack of security can be used to command a voice assistant to visit a malicious site, spy on the users, inject fake information or conduct a denial-of-service attack, the researchers stated in their paper. 


This "serves as a wake-up call to reconsider what functionality and levels of human interaction shall be supported in voice controllable systems," the researchers said. 


3. It this on? Yes, it is


Even when a voice assistant is not taking an action on your behalf, it continues to listen for commands. Like mobile phones, home voice assistants are sensors that know a lot about you. This gives the companies behind the devices a privileged place in your home, and your life, making them an ideal target for attackers. 


"To operate, these devices need to listen all the time by design—once you say the keyword, and then they start collecting data and sending it to the cloud," researcher Be'ery said. "So this is a bug that is placed in your house by design." 


In addition to malicious attacks, the devices have already been shown to expose privacy inadvertently. The incident where a couple was recorded by an Amazon Echo, required the device to mishear three commands or prompts before sending the message to a friend. 


4. Trumping system security


Multiple portions of the code base in many general-purpose devices, such as a PC or a phone, could be exploited by hackers. This "attack surface area" is only made larger and more porous when you add voice-assistant technology and prioritize convenience over security, said researcher Be'ery. 


Along with two researchers from the Israel Institute of Technology and the former chief technology officer of security firm Imperva, Be'ery will demonstrate at the Black Hat conference the weaknesses that the Cortana digital assistant adds to Windows devices. 


"Introducing such a complex logic and extending it to so many places, all happening when the computer is supposed to be locked—it is not going to end up well," he said. "There is too much attack surface area." 


5. Jumping from device to device


Attackers often find ways into a home through the router or an unsecured wireless network. Voice assistants add another vector that allows them to bridge attacks, using an audio device—such as a TV or even a loud car radio on the street—to issue commands to the devices. 


The dollhouse incident is an inadvertent version of this attack. 


For most of these issues, there is no easy solution. While filters can be put in place to limit using inputs outside of human hearing, most security fixes for the other problems would make the devices more difficult to use and so are only requested in certain cases, such as purchasing items or transferring money. 


"From a usability aspect, the answer is no, we don't want to add a second factor," said Carlini. "I don't see an obvious solution that is not to ask for a second factor."


How Voice-Activated Assistants Pose Security Threats in Home, Office

----------


## harrybarracuda

Video showing how shockingly easy it is to install a skimmer on a POS terminal while the clerk is distracted....

----------


## harrybarracuda

SINGAPORE: Hackers have stolen the health records of 1.5 million Singaporeans including Prime Minister Lee Hsien Loong, authorities said Friday, with the leader specifically targeted in the city-states biggest ever data breach.

Singapores health and information ministries said a government database was broken into in a deliberate, targeted and well-planned strike, describing the attack as unprecedented.

Attackers specifically and repeatedly targeted the personal particulars and outpatient information of Prime Minister Lee Hsien Loong, health minister Gan Kim Yong told a press conference.

Forensic analysis by Singapores Cyber Security Agency indicates this is a deliberate, targeted, and well-planned cyber-attack and not the work of casual hackers or criminal gangs, he added.

Officials declined to comment on the identity of the hackers, citing operational security, but said the prime ministers data has not shown up anywhere on the internet.

I dont know what the attackers were hoping to find. Perhaps they were hunting for some dark state secret, or at least something to embarrass me, Lee wrote on Facebook.

My medication data is not something I would ordinarily tell people about, but there is nothing alarming in it.

Hackers used a computer infected with malware to gain access to the database between June 27 and July 4 before administrators spotted unusual activity, authorities said.

The compromised data includes personal information and medication dispensed to patients, but medical records and clinical notes have not been affected, the health and communications ministries said.

Health records contain information that is valuable to governments, said Eric Hoh, Asia-Pacific president of cyber-security firm FireEye.

Nation-states increasingly collect intelligence through cyber-espionage operations which exploit the very technology we rely upon in our daily lives.

Earlier this month, the US National Intelligence Director Dan Coats described Russia, China, Iran and North Korea as the worst offenders when it came to attacks on American digital infrastructure.

Some hackers have in the past offered stolen data and software for sale online.

Wealthy Singapore is hyper-connected and on a drive to digitise government records and essential services, including medical records which public hospitals and clinics can share via a centralised database.

But authorities have put the brakes on these plans while they investigate the cyber-attack. A former judge will head a committee looking into the incident.

While the city-state has some of the most advanced military weaponry in the region, the government says it fends off thousands of cyberattacks every day and has long warned of breaches by actors as varied as high-school students in their basements to nation-states.

In his Facebook post about the attack, Loong warned that those trying to break into our data systems are extremely skilled and determined. They have huge resources, and never give up trying.

In 2017, hackers broke into a defence ministry database, stealing the information of some 850 Singapore army conscripts and ministry staff. -AFP

https://www.thestar.com.my/news/regi...e-cyberattack/

----------


## harrybarracuda

SophosLabs has uncovered a mobile malware distribution campaign that uses advertising placement to distribute the Red Alert Trojan, linking counterfeit branding of well-known apps to Web pages that deliver an updated, 2.0 version of this bank credential thief.


The group distributing this family of malware decorates it in the branding and logos of well-known social media or media player apps, system update patches, or (in its most recent campaign) VPN client apps in an attempt to lure users into downloading, installing, and elevating the privileges of a Trojanized app hosted on a site not affiliated with any reputable app market or store.

Aside from the inescapable irony of disguising a security-reducing Trojan as an ostensibly security-enhancing app, and the righteous affront to the whole concept of a VPN’s purpose a Trojan so disguised inspires, this represents an escalation in the variety of app types targeted by this campaign of bankbots in disguise.

https://news.sophos.com/en-us/2018/0...urity-seekers/

----------


## harrybarracuda

*Hackers threaten to disrupt Moscow Domodedovo Airport navigation system unless they Bitcoin Ransom*on Thursday, July 26, 2018 |



Unknown Hackers demand several hundred of Bitcoins from the administration of the Airport "Domodedovo" (Moscow International airport), otherwise they will intervene in the navigation systems of the Airport.

According to the Airport staff, the attackers sent threatening e-mail to the Domodedovo Contact Center.  They said they will interrupt the function of the Airport's navigation equipment this weekend on July 28-29.

The hackers have claimed that they have the technical capabilities to do it.

Should people be worried about this? Vladimir Ulyanov, Head of the Analytical Center "Zecurion", believes that if cyber criminals have an accomplice inside the Airport "Domodedovo", then there are reasons to be concerned.

But a person who is sitting in another country or inside the country can't simply hack into these system via Internet, says Ulyanov. 

"In this case, threats were sent to some common box. If we are talking about serious attacks, then in this case the letter would most likely have come to the person who is responsible for information security or can make a decision that he is ready to pay ransom." local media quote Ulyanov as saying. 

The Airport administration has tightened security measures at terminals and at airfields.

Domodedovo Safety Officials confirmed reports of an anonymous threatening e-mail and stressed that the functioning of the Airport "Domodedovo" is not under threat.



Hackers threaten to disrupt Moscow Domodedovo Airport navigation system unless they Bitcoin Ransom - E Hacking News

----------


## harrybarracuda

*After extensive testing, Google introduces the Titan Security Key*Google recently shared that since it made employees use physical security keys instead of passwords and one-time codes none of them – and there are over 85,000 – have been successfully phished.
Then, on Wednesday, the company announced that they have created their own line of security keys – the Titan Security Key – and that they’ve been testing it in-house for over a year.

*The Titan Security Key*Security keys are physical keys that are used to provide user authentication over Bluetooth and USB. They won’t work on phishing sites made to look like the real deal.
Titan Security Key adheres to the FIDO (Fast IDentity Online) specification and includes firmware developed by Google to verify its integrity.
“We’ve long advocated the use of security keys as the strongest, most phishing-resistant authentication factor for high-value users, especially cloud admins, to protect against the potentially damaging consequences of credential theft,” noted Jennifer Lin, Product Management Director, Google Cloud.
Titan Security Keys are currently available now Google Cloud customers and will soon be available for anyone to purchase on the Google Store.
Users will be able to use the key to authenticate to non-Google services, too, although they integrity verification firmware might not work on them.



https://www.helpnetsecurity.com/2018...-security-key/

----------


## harrybarracuda

It seems Win 10 has a crapware blocker that is not enabled by default on consumer PCs.

https://www.howtogeek.com/360648/how...pware-blocker/

----------


## harrybarracuda

Big fucking Oops!




> Snap Inc. was forced to send a takedown request to a website used to host computer files after Snapchat source code was leaked online, potentially exposing company secrets.
> 
> 
> Last Friday, the Microsoft-owned code repository GitHub received an urgent request. The individual had a simple complaint: Someone had published code from what purported to be Snapchat’s iOS app. “We would appreciate you take down the whole thing,” he or she wrote. Source code is not typically made public, and is the basic component of an app’s design.
> 
> “I am [redacted] at Snap Inc., owner of the leaked source code,” the complaint stated. The takedown request was filed under the Digital Millennium Copyright Act (DMCA), which is the main U.S. copyright law. The notice listed the description as “Snapchat source code.”
> 
> Pointing to a webpage hosting the seemingly stolen material, a further description read: “It was leaked, and a user has put it in this GitHub repository. Snap Inc. doesn’t publish it publicly.” The complaint listed a California contact address—the same as Snap Inc.’s corporate HQ.



https://www.newsweek.com/snapchat-so...s-risk-1060345

----------


## harrybarracuda

WPA2 Wifi Encryption just got a whole lot more vulnerable....

https://medium.com/@billbuchanan_276...r-55d7775a7a5a

----------


## baldrick

^



> If you have a home-based router — using WPA-Personal — then the device may be vulnerable if you use a simple password.


if you are using a simple password on anything you are going to lose control of the device

----------


## harrybarracuda

Little fuckers at it again:

https://www.us-cert.gov/ncas/analysis-reports/AR18-221A

----------


## harrybarracuda

*FBI Warns of ‘Unlimited’ ATM Cashout Blitz*The Federal Bureau of Investigation (FBI) is warning banks that cybercriminals are preparing to carry out a highly choreographed, global fraud scheme known as an “ATM cash-out,” in which crooks hack a bank or payment card processor and use cloned cards at cash machines around the world to fraudulently withdraw millions of dollars in just a few hours.



“The FBI has obtained unspecified reporting indicating cyber criminals are planning to conduct a global Automated Teller Machine (ATM) cash-out scheme in the coming days, likely associated with an unknown card issuer breach and commonly referred to as an ‘unlimited operation’,” reads a confidential alert the FBI shared with banks privately on Friday.

The FBI said unlimited operations compromise a financial institution or payment card processor with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert continues. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”
Organized cybercrime gangs that coordinate unlimited attacks typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum ATM withdrawal amounts and any limits on the number of customer ATM transactions daily.

The perpetrators also alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.

“The cyber criminals typically create fraudulent copies of legitimate cards by sending stolen card data to co-conspirators who imprint the data on reusable magnetic strip cards, such as gift cards purchased at retail stores,” the FBI warned. “At a pre-determined time, the co-conspirators withdraw account funds from ATMs using these cards.”

Virtually all ATM cashout operations are launched on weekends, often just after financial institutions begin closing for business on Saturday. Last month, KrebsOnSecurity broke a story about an apparent unlimited operation used to extract a total of $2.4 million from accounts at the National Bank of Blacksburg in two separate ATM cashouts between May 2016 and January 2017.

In both cases, the attackers managed to phish someone working at the Blacksburg, Virginia-based small bank. From there, the intruders compromised systems the bank used to manage credits and debits to customer accounts.

The 2016 unlimited operation against National Bank began Saturday, May 28, 2016 and continued through the following Monday. That particular Monday was Memorial Day, a federal holiday in the United States, meaning bank branches were closed for more than two days after the heist began. All told, the attackers managed to siphon almost $570,000 in the 2016 attack.

The Blacksburg bank hackers struck again on Saturday, January 7, and by Monday Jan 9 had succeeded in withdrawing almost $2 million in another unlimited ATM cashout operation.

The FBI is urging banks to review how they’re handling security, such as implementing strong password requirements and two-factor authentication using a physical or digital token when possible for local administrators and business critical roles.

Other tips in the FBI advisory suggested that banks:

-Implement separation of duties or dual authentication procedures for account balance or withdrawal increases above a specified threshold.

-Implement application whitelisting to block the execution of malware.

-Monitor, audit and limit administrator and business critical accounts with the authority to modify the account attributes mentioned above.

-Monitor for the presence of remote network protocols and administrative tools used to pivot back into the network and conduct post-exploitation of a network, 
such as Powershell, cobalt strike and TeamViewer.

-Monitor for encrypted traffic (SSL or TLS) traveling over non-standard ports.

-Monitor for network traffic to regions wherein you would not expect to see outbound connections from the financial institution.

Update, Aug. 15, 11:11 a.m. ET: Several sources now confirm that the FBI alert was related to a breach of the Cosmos cooperative bank in India. According to multiple news sources, thieves using cloned cards executed some 12,000 transactions and stole roughly $13.5 million from Cosmos accounts via 25 ATMs located in Canada, Hong Kong and India.

https://krebsonsecurity.com/2018/08/...tz/#more-44642

----------


## harrybarracuda

Hackers obtained the credit card details of some 380,000 British Airways travellers during a two-week data breach this northern summer that leaves the customers vulnerable to financial fraud, the airline says.



BA's CEO, Alex Cruz, said today that enough data was stolen to allow criminals to use credit card information for illicit purposes, and that police are investigating.


"We know that the information that has been stolen is name, address, email address, credit card information; that would be credit card number, expiration date and the three-letter code in the back of the credit card," he told the BBC.


He added that no passport data had been obtained in what he called a "very sophisticated, malicious criminal attack."


It advises people to contact their bank or credit card company if they used the airline's website and mobile app to make or change a booking between 10.58pm London time on August 21 and 9.45pm London time on September 5.


The recommendation does not apply to customers who bought tickets or changed reservations outside those times.


The airline promised to reimburse any financial losses suffered by customers directly because of the theft of this data.


Consumer advice website MoneySavingExpert says affected customers should first seek advice from their bank, then monitor bank and credit card statements closely for signs of possible fraudulent activity.


It also warns of possible "phishing scams" in which hackers would try to trick affected consumers into revealing personal information like pincodes or banking passwords.


Some angry travelers complained to Britain's Press Association that they had already noted bogus activity on credit cards that had been used to make British Airways bookings during the time when the breach was undetected.


The hack once again puts the spotlight on the strength of the IT systems at major companies as they expand their digital services.


British Airways experienced an IT-related crisis in May last year when roughly 75,000 passengers were stranded after the airline cancelled more than 700 flights over three days because of system problems.


In the US, Delta Airlines said in April that payment-card information for several hundred thousand customers could have been exposed by a malware breach months earlier. The same breach also hit Sears Holdings Corp., which operates Kmart stores.

British Airways revealed the new hack on Thursday evening local time and began notifying customers.


Britain's National Crime Agency says it is investigating.


Shares in BA's parent company, IAG, were down 3 per cent on Friday.

https://www.tvnz.co.nz/one-news/worl...000-travellers

----------


## harrybarracuda

The recent British Airways data breach affecting 380,000 individuals appears to be the work of a known adversary that infects websites with a script designed to collect payment card data.


The name of the group is MageCart, and the scripts it uses have the same effect as the physical card skimming devices used by cybercriiminals at ATMs. In a typical attack, the group casts a wide net by compromising commonly used third-party functionality that allows access to hundreds of websites.


Digital threat management company RiskIQ tracks the activity of MageCart group and reported their use of web-based card skimmers since 2016. They are familiar with the threat actor and their skimmer-code and detect it almost on an hourly basis.

With British Airways, though, MageCart took a targeted approach and customized the script so that did not ring any alarm bells.

"This particular skimmer is very much attuned to how British Airway’s payment page is set up, which tells us that the attackers carefully considered how to target this site instead of blindly injecting the regular Magecart skimmer," RiskIQ says in a report shared with BleepingComputer in advance.

For this investigation, the researchers identified all the scripts loaded by the air carrier's website and searched for recent changes.

The researchers noticed that the Modernizr JavaScript library had been modified with 22 new lines of code at the bottom, a tactic often used by attackers to make sure they don't break the functionality of the script.


British Airways website loaded the library from the baggage claim information page, and the change made by MageCart threat actor allowed Modernizr to send payment information from the customer to the attacker's server.

The compromised code reacted in the same whether the website launched on a computer screen or from the mobile app, since in both cases the resources for for searching, booking or managing flights were the same.

The change in the JavaScript library was confirmed by the headers sent by the British Airways server, which indicated August 21, 20:49 GMT as the time and date of the last modification in Modernizr.

In the statement on the data breach, the airline said the theft occurred between August 21, 22:58 BST, one hour after MageCart made the change in Modernizr.


More evidence that MageCart prepared for this attack and aimed to keep it active for as long a period as possible is found in the infrastructure used for exfiltrating the payment card details.

The compromised Modernizr script delivered all the data to baways[.]com, which resembles the legitimate domain used by British Airways, and would likely not raise suspicions during a cursory look at the modified library.

RiskIQ also discovered that MageCart purchased an SSL certificate from Comodo, instead of going with the free choice from Let's Encrypt. The reason for this is that a paid certificate is less likely to attract attention.


With this attack, MageCart threat actor has stepped up the ladder and showed they are capable of refining its operations, blending in with the targeted website to maintain their presence.

It is unclear how MageCart managed to compromise the British Airways website, but RiskIQ says that being able "to modify a resource for the site tells us the access was substantial."

https://www.bleepingcomputer.com/new...raping-attack/

----------


## harrybarracuda

You might want to take your WD MyCloud off the interwebs until they fix this....

https://www.securify.nl/advisory/SFY...rivileges.html

----------


## harrybarracuda

If you trust Tor, there is now an official Android version:

https://www.hackread.com/download-to...r-for-android/

OrFox will be disappearing.

----------


## harrybarracuda

Apparently this link will crash your iPhone.

https://s3.eu-central-1.amazonaws.co...ri-reaper.html

----------


## harrybarracuda

Put Two Factor Authentication on lots of websites with a single app...

https://authy.com/

----------


## harrybarracuda

A good reason to make sure your laptop has the latest firmware...




> ...the LoJax malware is unable to attack recent versions of computer firmware, meaning that if you keep your firmware updated, you’re unlikely to be a victim.


Russian Malware That Embeds Itself Into PC Firmware Found in Wild

----------


## baldrick

^ though if you are updating your firmware via a windows software I would not be so confident

but it seems like a good idea if you are installing an OS , flash the firmware first

----------


## Latindancer

"it will survive the reinstallation of an operating system or even the replacement of the computers hard disk".

Where on earth does it hide ? The CPU ? The RAM ?

----------


## harrybarracuda

> "it will survive the reinstallation of an operating system or even the replacement of the computer’s hard disk".
> 
> Where on earth does it hide ? The CPU ? The RAM ?


Firmware doesn't "hide". It's stored on Flash ROM usually.

----------


## David48atTD

Just for fun ...

----------


## harrybarracuda

Chinkies is nosey little fuckers...

Super Micro shares are cheap right now though.




> A major U.S. telecommunications company discovered manipulated hardware from Super Micro Computer Inc. in its network and removed it in August, fresh evidence of tampering in China of critical technology components bound for the U.S., according to a security expert working for the telecom company.
> 
> The security expert, Yossi Appleboum, provided documents, analysis and other evidence of the discovery following the publication of an investigative report in Bloomberg Businessweek that detailed how Chinas intelligence services had ordered subcontractors to plant malicious chips in Supermicro server motherboards over a two-year period ending in 2015.
> 
> Appleboum previously worked in the technology unit of the Israeli Army Intelligence Corps and is now co-chief executive officer of Sepio Systems in Gaithersburg, Maryland. His firm specializes in hardware security and was hired to scan several large data centers belonging to the telecommunications company. Bloomberg is not identifying the company due to Appleboums nondisclosure agreement with the client. Unusual communications from a Supermicro server and a subsequent physical inspection revealed an implant built into the servers Ethernet connector, a component that's used to attach network cables to the computer, Appleboum said.
> 
> The executive said he has seen similar manipulations of different vendors' computer hardware made by contractors in China, not just products from Supermicro. Supermicro is a victim -- so is everyone else, he said. Appleboum said his concern is that there are countless points in the supply chain in China where manipulations can be introduced, and deducing them can in many cases be impossible. That's the problem with the Chinese supply chain, he said.
> 
> Supermicro, based in San Jose, California, gave this statement: The security of our customers and the integrity of our products are core to our business and our company values. We take care to secure the integrity of our products throughout the manufacturing process, and supply chain security is an important topic of discussion for our industry. We still have no knowledge of any unauthorized components and have not been informed by any customer that such components have been found. We are dismayed that Bloomberg would give us only limited information, no documentation, and half a day to respond to these new allegations.
> ...

----------


## baldrick

If the data is traversing the server encrypted,  who gives a fcuk

----------


## harrybarracuda

> If the data is traversing the server encrypted,  who gives a fcuk


You'd be amazed how many people don't bother encrypting internal traffic. They think firewalls and VPNs cover it.

----------


## harrybarracuda

Had a mate on the phone this morning panicking because he'd got a Booking.com cancellation for a booking he'd never made.

I've taught him how to spot Phishing emails but this was legit, so he phoned Booking.com and they told him the booking was made on the 9th.

I can only assume that someone got his hotmail.com and booking.com passwords (unless they were the same, which in itself is a big NO)... AND... he'd saved his card details there.

The most logical thing is that they were checking to see if the card worked, and deleted the original booking email, but he spotted the cancellation before they could delete it.

So I told him to cancel his card, change the passwords (and make them unique for each system) and add 2FA on his Hotmail account (it's a piece of piss, you just use the Authenticator app on your phone as a second login credential).

However, the important thing is that you should never, ever, ever save payment details on these sites.

Pay.As.You.Go.

Just sayin'.

----------


## harrybarracuda

Got a PS4? Watch out for dodgy messages.




> It seems a malicious message is making the rounds on the PlayStation Network. Reddit reports suggest PS4 owners are receiving a message that contains indecipherable characters that are causing their console to stop functioning, and requiring a factory reset to regain functionality.
> 
> 
> According to some users, players on in multiplayer games may send the offending message as a means of taking down an opposing team, and the best remedy may be to change your messaging settings to private so that only trusted friends can send you a message.
> 
> Users are also being warned that the console may crash not only when you open the message but also if you receive the notification. One possible solution may be to access your messages via the mobile app and delete the offending message, though some users have found that to also be futile.
> 
> This is not the first time that such an exploit has been used to crash a gadget. The mechanism of the attack seems to rely on deficiencies in the text processing ability of code; past reports indicate similar exploits by sending an SMS to crash a phone. There's also, of course, the famous incident from earlier this year when a Telugu character would crash various apps on the iPhone.
> 
> Update: An earlier version of this article more ambiguously stated the message was causing consoles to be bricked. It has now been amended to clarify that this was a 'soft brick', and that the device is still recoverable via a factory reset.

----------


## baldrick

haaarrrryyyyy - you should be all over this one - or are you freaking out wondering how you are going to roll out full disk encryption by tomorrow

https://www.theregister.co.uk/2018/1...sd_encryption/

SSDs from crucial and samsung have been only using the Disk Encryption Key on the hardware to encrypt drives and this can be manipulated via the debugging ports and firmware
worse still bitlocker assumes everything is good and the DEK is derived from the user password

whoops

----------


## harrybarracuda

> haaarrrryyyyy - you should be all over this one - or are you freaking out wondering how you are going to roll out full disk encryption by tomorrow
> 
> https://www.theregister.co.uk/2018/1...sd_encryption/
> 
> SSDs from crucial and samsung have been only using the Disk Encryption Key on the hardware to encrypt drives and this can be manipulated via the debugging ports and firmware
> worse still bitlocker assumes everything is good and the DEK is derived from the user password
> 
> whoops


Since my Governance team make the Sloth out of Zootopia look like he's got ADHD, I'm actually OK with that one at the moment.

But useful to know going forward!

----------


## harrybarracuda

You would think after the Bangladesh breach that they *might* have spent a few quid on security. 




> In a shocking revelation, the head of the Federal Investigation Agency’s (FIA) cybercrime wing has said data from "almost all" Pakistani banks was stolen in a recent security breach.
> 
> 
> "According to a recent report we have received, data from almost all Pakistani banks has been reportedly hacked," FIA Cybercrimes Director retired Capt Mohammad Shoaib told Geo News on Tuesday.
> 
> When pressed to clarify, the official said data from "most of the banks" operating in the country had been compromised.
> 
> Speaking to DawnNewsTV, Shoaib said hackers based outside Pakistan had breached the security systems of several local banks. "The hackers have stolen large amounts of money from people's accounts," he added.
> 
> ...

----------


## harrybarracuda

This is hilarious. That will fucking teach the tight bastards.





> An independent researcher who was disgruntled with traditional bug bounty methods took it upon himself to leak the details of an exploit in Oracle’s Virtual Box without first informing Oracle.
> 
> 
> Sergey Zelenyuk discovered a flaw that would allow him to escape from the virtual environment of the guest machine to reach the Ring 3 privilege layer used for running code from most user programs with the least privileges.
> 
> The vulnerability exists in VirtualBox 5.2.20 and prior versions.
> 
> The bug can be leveraged on virtual machines configured with the Intel PRO/1000 MT Desktop (82540EM) network adapter in Network Address Translation (NAT) mode.
> 
> ...

----------


## harrybarracuda

Researchers at cybersecurity company ESET have found a malware campaign that compromises device’s firmware component. The campaign is believed to be supported and spread by Kremlin-backed group Fancy Bear.

According to the report, the malware is dubbed LoJax, and is capable enough to “serve as a key to the whole computer” by infecting the Unified Extensible Firmware Interface (UEFI) of a device. It is very hard to detect, and can also survive the operating system (OS) reinstallations.

“The way that LoJax accesses both the UEFI and LoJack is by using binary files that, from the operating system, compile information about its hardware,” Panda Security researchers said in a blog.

“LoJax isn’t dangerous simply because of the infection of the UEFI itself, but also due to the fact that many cybersecurity solutions, including corporate cybersecurity solutions that are present in many companies, completely overlook Computrace LoJack and the UEFI software, as the classify it to be safe.”

LoJack is an anti-theft software, which is most commonly known for its cyber attack on the Democratic National Committee in 2016, as well as several other attacks on European organizations.

“Although we were aware in theory that UEFI rootkits existed, our discovery confirms that they are used by an active advanced persistent threat group,” said ESET researcher Jean-Ian Boutin, in a press release.

 “These attacks targeting the UEFI are a real threat, and anyone in the crosshairs of Sednit [Fancy Bear] should be watching their networks and devices very closely.”

'LoJax' malware can survive operating system reinstallations - E Hacking News

----------


## harrybarracuda

Months after announcing its privacy-focused DNS service, Cloudflare is bringing 1.1.1.1 to mobile users.


Granted, nothing ever stopped anyone from using 1.1.1.1 on their phones or tablets already. But now the app, now available for iPhones, iPads and Android devices, aims to make it easier for anyone to use its free consumer DNS service.

The app is a one-button push to switch on and off again. That’s it.

Cloudflare rolled out 1.1.1.1 earlier this year on April Fools’ Day, no less, but privacy is no joke to the San Francisco-based networking giant. In using the service, you let Cloudflare handle all of your DNS information, like when an app on your phone tries to connect to the internet, or you type in the web address of any site. By funneling that DNS data through 1.1.1.1, it can make it more difficult for your internet provider to know which sites you’re visiting, and also ensure that you can get to the site you want without having your connection censored or hijacked.

It’s not a panacea to perfect privacy, mind you — but it’s better than nothing.

The service is also blazing fast, shaving valuable seconds off page loading times — particularly in parts of the world where things work, well, a little slower.

“We launched 1.1.1.1 to offer consumers everywhere a better choice for fast and private Internet browsing,” said Matthew Prince, Cloudflare chief executive said. “The 1.1.1.1 app makes it even easier for users to unlock fast and encrypted DNS on their phones.”

You can download the app from Apple’s App Store and Google Play.

https://techcrunch.com/2018/11/11/cloudflare-privacy-dns-service-ios-android/

----------


## harrybarracuda

Windows users in Europe have recently been the target of a sophisticated malware campaign that provides attackers with a diverse array of capabilities, including cryptomining, credential stealing, ransomware and remote-access takeovers.


Named DarkGate by its developer, the malware is reportedly distributed via Torrent files disguised as popular entertainment offerings — including the Spanish basketball dramedy Campeones and the zombie drama The Walking Dead. But these files actually execute malicious VBscripts on those who download them. 

Upon infection, the first malware’s interaction with the C2 server commences the mining process, but from there DarkGate has the potential to carry out additional attacks.

So far, the campaign has focused largely on users in Spain and France, according to a Nov. 13 blog post from endpoint security company enSilo, whose researcher Adi Zeligson discovered the threat on Dec. 27, 2017.

Researchers say that DarkGate appears to be closely related to a previously known password-stealer called Golroted.

DarkGate’s password-stealing component uses NirSoft tools to swipe user credentials, browsers cookies, browser history and Skype chats, enSilo reported. But the attackers seem to clearly favor cryptocurrency credentials, reported blog post authors Zeligson and fellow researcher Rotem Kerner, as the malware “looks for specific strings in the names of windows in the foreground that are related to different kinds of crypto wallets” used for trading on various crypto applications and websites.

Aside from its versatility, DarkGate is also notable in that it practices the act of process hollowing — the act of loading a legitimate process onto a system in order to use it as a wrapper to conceal malicious code. DarkGate abuses the processes vbc.exe or regasm.exe for this purpose, the blog post explains.


The malware also relies on UAC (User Account Control) bypass capabilities to elevate its privileges. For this, it employs two distinct tricks, exploiting both the scheduled task DiskCleanup and the legitimate process file eventvwr.exe, aka the Event Viewer Snapin Launcher.

Another of DarkGate’s remarkable traits is its human-powered, “reactive” C2 infrastructure, which is staffed by actual people. These operators “act upon receiving notifications of new infections with crypto wallets,” reported blog post authors Zeligson and fellow researcher Rotem Kerner. 

Additionally, “When the operator detects any interesting activity… they then proceed to install a custom remote access tool on the [infected] machine for manual operations.”

DarkGate deceptively attempts to hide its C2 infrastructure by disguising its malicious servers as known legitimate services, including Akamai CDN or AWS. The malware also takes measures to avoid detection by monitoring for conditions typically found in a sandbox or VM environments ,as well as by checking for the presence of specific AV solutions.

In an email interview with SC Media, an enSilo spokesperson said the researchers believe that the attackers “aim for targets which will maximize their monetary gain and as such prefer to reach valuable targets; for example, organizations with significant computing resources.”

https://www.scmagazine.com/home/secu...windows-users/

----------


## harrybarracuda

Schoolboy error - again.




> Tens of millions of text messages have been exposed on a company’s database by a security lapse.
> 
> 
> The messages, which included password reset links, two-factor authentication codes and shipping notifications, were exposed on a server belonging to Voxox.
> 
> Alarmingly, the San Diego-based communications company’s server was not password protected, meaning anyone who knew where to find it could easily snoop.
> 
> 
> Berlin-based security researcher Sébastien Kaul found the database had just over 26 million text messages when it was taken offline by Voxox following an inquiry by TechCrunch.
> ...

----------


## harrybarracuda

A new hacking tool making the rounds in underground forums has been deemed the latest "go-to" universal offering for attackers targeting Microsoft Windows PCs.


The software is called L0rdix and according to cybersecurity researchers from enSilo is "aimed at infecting Windows-based machines, combines stealing and cryptocurrency mining methods, [and] can avoid malware analysis tools."


In a blog post on Tuesday, enSilo researcher Ben Hunter said the tool is relatively new and is available for purchase. There are, however, indicators that L0rdix is still undergoing development despite an array of different functions already implemented within the malware.


Written in .NET, L0rdix has been developed with stealth in mind. The malware is obfuscated using the standard ConfuserEx obfuscator, and some samples have been tweaked with the more sophisticated .NETGuard obfuscator.


The developers of L0rdix have made an effort when it comes to virtual environments and sandboxes, which are commonly used by researchers for the purposes of reverse engineering and malware analysis.


L0rdix not only performs a number of standard scans to detect these environments but also uses WMI queries and registry keys to search for strings which may indicate sandbox products.


"The less common checks made by L0rdix include searching processes that load sbiedll.dll which belongs to the sandboxie product, aspiring to increase its chances to avoid running in a simple free virtual environment tool," Hunter added.


The malware has been constructed with sales in mind, containing five core modules with configuration auto-update capabilities and a structure which allows future modules to be easily integrated within L0rdix.


Once a machine is infected, the malware pulls information including OS version, device ID, CPU model, installed antivirus products and current user privileges. This information is encrypted and sent to the command-and-control (C2) server, alongside a screenshot of the machine.


The malware's files and configuration settings are then updated based on this information, and it is at this point where L0rdix 'decides' whether or not cryptocurrency mining and data theft are appropriate.


L0rdix will then infect all removable drives, mapping itself to their icons and hiding the legitimate drive files and directories.


"All of this is done to make sure that the malware will execute by the user double-clicking it on another machine," the researcher says.


Another function is responsible for maintaining persistence. The malware will copy itself to a number of traditional areas, such as scheduled tasks -- but this is an area which is ripe for improvement in the future.


L0rdix is also able to act as a botnet by enslaving the infected PC, with optional commands including opening specific URLs in a browser -- which potentially could be used for domain flooding in Distributed Denial-of-Service (DDoS) attacks -- killing specific processes, uploading and executing additional payloads, and executing cmd commands.


In addition, the malware is able to monitor Windows clipboards for signs of cryptocurrency wallets and strings. If found, this content is sent to the C2, and L0rdix will also aim to collect browser cookies and credentials.


When it comes to fraudulent cryptocurrency mining, some samples contain miner code -- but enSilo believes this was developed in one of the later stages of coding as in some samples, this functionality is absent.


"While it's very easy to notice that most of the effort was put into evading virtual environments and analysis tools along with implementing the stealing module, L0rdix still presents unfinished modules and weak implementation details such as simple encryption or simple data handling between the server and the client," Hunter says. "Those indicators might suggest that the tool is still under development."


enSilo expected to see more sophisticated versions of the multipurpose tool in the future as L0rdix undergoes further development to stay attractive to underground buyers.


https://www.zdnet.com/article/l0rdix...fe-of-hacking/

----------


## harrybarracuda

Flash Player vulnerable AGAIN....

https://nakedsecurity.sophos.com/201...vulnerability/

Update Flash or your Flash-enabled browser (or both).

----------


## harrybarracuda

The cheeky fuckers...

 :rofl: 




> Hackers are offering Black Friday discounts for stolen credit card details being bought and sold on the dark web as they seek to cash in on an online shopping bonanza. 
> 
> 
> Security experts including the FBI, the UK's cyber defence agency and online security firms have warned of a wave of hacking and fraud as criminals exploit Britain's biggest weekend of online shopping across Black Friday and Cyber Monday.
> 
> Last year proved another record year for sales, with billions spent in the UK alone, or more than £10,000 per second according to one estimate. But with a spike in digital shoppers, hackers are also making the most of the surge in online transactions.
> 
> Messages on encrypted messaging app Telegram seen by the Telegraph showed hackers were promoting "festive season" deals to fellow cyber criminals.
> 
> ...


https://www.telegraph.co.uk/technolo...-card-details/

----------


## misskit

*DOJ unseals charges in alleged massive online ad fraud*The Department of Justice (DOJ) on Tuesday unsealed charges against eight individuals in an alleged widespread digital advertising fraud that reportedly used botnets to give the appearance of billions of humans looking at online ads. 


Aleksandr Zhukov, Boris Timokhin, Mikhail Andreev, Denis Avdeev, Dmitry Novikov, Sergey Ovsyannikov, Aleksandr Isaev and Yevgeniy Timchenko were charged with crimes including wire fraud, money laundering, computer intrusion and aggravated identity theft, according to a department release.


The department also announced that a federal court unsealed seizure warrants allowing the FBI to take over 31 domains as well as seize data from 89 servers involved in the botnets, or networks of infected internet-connected devices that can be utilized by hackers.

MORE. https://thehill.com/policy/cybersecu...nline-ad-fraud

----------


## harrybarracuda

Poor old Vlad gets a taste of his own medicine....




> Moscow recently opened its first cable-car service and promised free rides for the first month. Unfortunately, only days after after the service was made available, attackers reportedly hacked into the cable car systems and infected them with ransomware.
> 
> 
> With eager passengers waiting to take their free ride, police officers were explaining that the cable car was shut down due to technical reasons according to a report from the TheMoscowTimes.
> 
> 
> According to another Russian media report, the main computer for the cable car system was infected with ransomware and was demanding a ransom payment in bitcoins to decrypt the files required for the operation of the cable car.
> 
> "According to the agency interlocutor, a message was received from an unknown person on the head computer of the Moscow Cable Cars operating company requesting to transfer bitcoins to him in exchange for decrypting all the electronic files of the computer that is responsible for the cable car operation. The amount of the ransom, said in the letter, depends "on the speed of response to the letter." As a result, there was a failure in the cable car."
> ...

----------


## harrybarracuda

Marriott breach, up to 500 million customers.




> Marriott said Friday that hackers have had access to the reservation systems of many of its hotel chains for the past four years, a breach that exposed private details of up to 500 million customers while underscoring the sensitive nature of records showing where and when people travel — and with whom.
> 
> 
> The breach of the reservation system for Marriott’s Starwood subsidiaries was one of the largest in history, after two record-setting Yahoo hacks, and was particularly troubling for the nature of the data that apparently was stolen, security experts said. That includes familiar information — such as names, addresses, credit card numbers and phone numbers — and also rarer prizes for hackers, such as passport numbers, travel locations and arrival and departure dates.
> 
> The potential value of such information on such a large percentage of the world’s travelers triggered speculation that Marriott may have been the target of nation-state hackers seeking to track the movements of diplomats, spies, military officials and business executives. Yet even if the hackers were mere criminals in search of profit, such data offered the raw material for a range of possible misdeeds, including identity theft.


https://www.washingtonpost.com/busin...=.a948594a0ae3

----------


## headhunter

i have just recieved by ems.mail a MCAFEE anti-virus package for 1device x 1yr.what i recieved was a jiffy bag wrapped in sticky tape that DOES NOT allow you to open.
i have managed to cut it open,inside was a small piece of cardboard with just a line id@ 8characters,no instructions just a bag of rubbish.luckely I have put a stop on the payment.please is there anyone that can help.
TRYING TO CONTACT LAZADA YOU GOT MORE CHANCE TO WIN THE LOTTERY.

----------


## harrybarracuda

> i have just recieved by ems.mail a MCAFEE anti-virus package for 1device x 1yr.what i recieved was a jiffy bag wrapped in sticky tape that DOES NOT allow you to open.
> i have managed to cut it open,inside was a small piece of cardboard with just a line id@ 8characters,no instructions just a bag of rubbish.luckely I have put a stop on the payment.please is there anyone that can help.
> TRYING TO CONTACT LAZADA YOU GOT MORE CHANCE TO WIN THE LOTTERY.


No idea what you are babbling on about but you might be better posting it in the lounge in case anyone else can understand you.

----------


## crackerjack101

> i have just recieved by ems.mail a MCAFEE anti-virus package for 1device x 1yr.what i recieved was a jiffy bag wrapped in sticky tape that DOES NOT allow you to open.
> i have managed to cut it open,inside was a small piece of cardboard with just a line id@ 8characters,no instructions just a bag of rubbish.luckely I have put a stop on the payment.please is there anyone that can help.
> TRYING TO CONTACT LAZADA YOU GOT MORE CHANCE TO WIN THE LOTTERY.


Repack it and get the refund code from your Lazada account, take it to a 7/11 and send it back. I've done this 2 or 3 times and had the money back in my account within 10 days.

----------


## harrybarracuda

> Repack it and get the refund code from your Lazada account, take it to a 7/11 and send it back. I've done this 2 or 3 times and had the money back in my account within 10 days.


You can translate that?

What did they send him? And was it for someone else?

----------


## crackerjack101

> You can translate that?
> 
> What did they send him? And was it for someone else?


I just assume he ordered something from Lazada and doesn't like it.

----------


## harrybarracuda

> I just assume he ordered something from Lazada and doesn't like it.



Must have ordered it when he was pissed then. Like now.

----------


## headhunter

> Must have ordered it when he was pissed then. Like now.


come on HB you know I cant get pissed,but what I ordered from lazada [A MCAFEE ANTI VIRUS PROTECTION PACKAGE was nothing like what they advertise and show.
sorry HB I am [PISSED] OFF.

----------


## headhunter

yes C.M.P.cash on delivery,postman excepted it back,for to be sent back to lazada.
to give you some idea what is advertised,google LAZADA ANTI VIRUS MCAFEE 1 DEVICE.
as lazada would not answer wed.1hr.yesterday the same,so I did NOT PAY.

----------


## harrybarracuda

> come on HB you know I cant get pissed,but what I ordered from lazada [A MCAFEE ANTI VIRUS PROTECTION PACKAGE was nothing like what they advertise and show.
> sorry HB I am [PISSED] OFF.


You ordered software. Sounds like they sent you a key.

If that's the case, you install the free McAfee from their site and then enter the key to register it for a year.

----------


## headhunter

> You ordered software. Sounds like they sent you a key.
> 
> If that's the case, you install the free McAfee from their site and then enter the key to register it for a year.


thanks HARRY,the invoice says in the box,free instructions,no box,no instructions,just a piece of cardboard 2"x2"and a line id.thats it.

----------


## harrybarracuda

> thanks HARRY,the invoice says in the box,free instructions,no box,no instructions,just a piece of cardboard 2"x2"and a line id.thats it.


Sounds well dodgy.

Unless you're supposed to get the key from the Line ID.

----------


## headhunter

> Sounds well dodgy.
> 
> Unless you're supposed to get the key from the Line ID.


last yr.i bought a new pc.which came with MCAFEE protection,now its run out I contacted mcafee agent bkk.but their phone is dead.
to buy a package from mcafee you NEED a credit card,no have,so today the wife will go to our internet provider TOT.and get them to do it for us,one of their engineers lives 50mts.from us.

----------


## harrybarracuda

IIRC you can buy a proper antivirus license at Banana IT. Not sure about McAfee though.

----------


## harrybarracuda

I read that there are something like 15 different competing standards, but I doubt any of them have the one billion+ customer base this one has...




> *Mastercard and Microsoft say they're developing a universal identity management solution*
> Identity management is one of the most cumbersome issues in information security today. How should organizations verify that people using a banking, e-commerce or other digital service are who they say they are? Mastercard and Microsoft are banding together to try to find a universal solution, the two companies announced Monday.
> 
> 
> Current identity management schemes are onerous for end users, Microsoft and Mastercard say. 
> 
> Organizations and individuals have to rely on things like a Social Security number, proof of address, a username and password or something else.
> 
> “We believe that there is a huge need for a universally-recognized digital identity service the puts the individual in control. Right now, proving one’s identity online places a huge burden on individuals,” Charles Walton, Mastercard’s senior vice president of digital identity products, told 
> ...

----------


## harrybarracuda

Adobe released patches today for a new zero-day vulnerability discovered in the company's popular Flash Player app. The zero-day has been spotted embedded inside malicious Microsoft Office documents.


These documents were discovered last month after they've been uploaded on VirusTotal, a web-based file scanning service, from a Ukrainian IP address.

According to reports from Gigamon (formerly ICEBRG) and Chinese cyber-security firm Qihoo 360 Core Security, the two companies which spotted the documents, the zero-day was embedded as a Flash Active X object inside a Word document designed to look like a seven-page employment application for a Russian state healthcare clinic.

If victims who received the documents allowed the Flash Active X object to execute, researchers said the malicious code would escalate its access from the Office app to the underlying OS. Here it would drop a JPG file, then unzip another RAR file attached at the end of this JPG file to drop an EXE file on the victim's PC, and then run this file (a basic barebones backdoor trojan). Researchers said this zero-day was capable of running on both 32-bit and 64-bit architectures.

https://www.zdnet.com/article/adobe-...tag=RSSbaffb68

----------


## harrybarracuda

In what appears to be a first on the cyber-espionage scene, a nation-state-backed hacking group has used a Google Chrome extension to infect victims and steal passwords and cookies from their browsers.


This is the first time an APT (Advanced Persistent Threat --an industry term for nation-state hacking groups) has been seen (ab)using a Chrome extension, albeit it's not the first time one has used a browser extension, as the Russian-linked Turla APT previously used a Firefox add-on in 2015 [1, 2].

According to a report that's going to be published later today by the ASERT team at Netscout reveals the details of a spear-phishing campaign that's been pushing a malicious Chrome extension since at least May 2018.

Hackers used spear-phishing emails to lure victims on websites copied from legitimate academic organizations. These phishing sites, now down, showed a benign PDF document but prevented users from viewing it, redirecting victims to the official Chrome Web Store page to install a (now removed) Chrome extension named Auto Font Manager.


Netscout researchers say the extension had the ability to steal both cookies and site passwords, but they've also seen email forwarding on some compromised accounts.

Speaking to ZDNet, Netscout researchers said the spear-phishing campaigns using this Chrome extension targeted the academic sector but did not want to give out the names of the victims just yet.

"We've identified three universities based in the United States and one non-profit institution based in Asia [that] we're certain to have been targeted," researchers told us.

"A large number of the victims, across multiple universities, had expertise in biomedical engineering, possibly suggesting a motivation for the attackers' targeting," researchers added separately, in their report.


But while looking into this recent attacks, researchers also discovered that the same infrastructure that hosted these phishing sites had also been previously used in another hacking campaign that relied on breaking into universities' networks via Remote Desktop Connections (RDP) connections.

Netscout told ZDNet that "the two separate threads of activity have shared infrastructure and overlapping victims, but it's unclear which came first."

Investigators also added that the people behind this recent campaign, which Netscout named Stolen Pencil, have been very sloppy when it came to hiding their tracks. Researchers said they found evidence suggesting that the group may be based in North Korea.
"Poor OPSEC led to users finding open web browsers in Korean, English-to-Korean translators open, and keyboards switched to Korean language settings," researchers said.

But while Netscout researchers didn't want to link this campaign to a specific North Korean APT (Advanced Persistent Threat --an industry term for nation-state hacking groups), multiple industry sources to whom ZDNet showed the Chrome extension file hashes yesterday pointed us to a cyber-espionage group known as Kimsuky (also known as Velvet Chollima).

A 2013 Kaspersky Lab report presented evidence linking the group to North Korea's regime. The same report also detailed Kimsuky's propensity for going after academic targets, the same ones targeted with this most recent campaign.

As for what the hackers were after, Netscout researchers told ZDNet that they've "seen no evidence of data theft, but like any intrusion, we can't entirely discount the possibility. None of the tools or commands were specifically geared towards stealing information - they were focused on credential theft and maintaining access."

Universities have always been an attractive target for nation-state hackers, especially those looking for proprietary information or unreleased research. While both Chinese and Russia state hackers have been known to go after the academic sector on a regular basis, Iranian hackers have been the most active of the bunch.

Earlier this year in March, the US indicted 10 Iranians for hacks against 320 universities in 22 countries, 144 of which were in the US. Some of the research papers the hackers stole were eventually published online on pay-for-access portals operated by some of the indicted hackers, who, apparently, found a way to generate side profits from their day-to-day state-sponsored hacking campaigns. The indictments didn't stop Iranian hackers from their attacks, though.

https://www.zdnet.com/article/cyber-...#ftag=RSSbaffb68

----------


## harrybarracuda

*Google Chrome 71 is out with 43 security fixes*

by Martin Brinkmann on December 05, 2018 in Google Chrome - Last Update: December 05, 2018 


Google released Google Chrome 71 to the stable channel yesterday. The new version of the web browser is a security update first and foremost as it includes 43 security fixes.

Google Chrome 71 will roll out to all desktop installations on Windows, Mac and Linux over the coming days and weeks according to Google.

*Users and administrators who don't want to wait days or weeks can load* _chrome://settings/help_* in the browser's address bar to run a manual check for updates.*


https://www.ghacks.net/2018/12/05/google-chrome-71/

----------


## cisco999

> wonder how long it will be before the realization occurs to people that all this computer security threats is created by the people who then provide the solutions to it.


That exactly what I said to a rep from Webroot.com  15 years  ago when they kept sending me discs which they the said were outdated as soon as I received them.   Never did get the malware eliminated from that machine.

----------


## harrybarracuda

> That exactly what I said to a rep from Webroot.com  15 years  ago when they kept sending me discs which they the said were outdated as soon as I received them.   Never did get the malware eliminated from that machine.



Well in fairness clearly neither of you have much of a fucking clue how it works.

 :Smile:

----------


## harrybarracuda

*Researchers create AI that could spell the end for website security captchas*Researchers have created new artificial intelligence that could spell the end for one of the most widely used website security systems.


The new algorithm, based on deep learning methods, is the most effective solver of captcha security and authentication systems to date and is able to defeat versions of text captcha schemes used to defend the majority of the world’s most popular websites.


Text-based captchas use a jumble of letters and numbers, along with other security features such as occluding lines, to distinguish between humans and malicious automated computer programmes. It relies on people finding it easier to decipher the characters than machines.

Developed by computer scientists at Lancaster University in the UK as well as Northwest University and Peking University in China, the solver delivers significantly higher accuracy than previous captcha attack systems, and is able to successfully crack versions of captcha where previous attack systems have failed.

The solver is also highly efficient. It can solve a captcha within 0.05 of a second by using a desktop PC.

It works by using a technique known as a ‘Generative Adversarial Network’, or GAN. This involves teaching a captcha generator programme to produce large numbers of training captchas that are indistinguishable from genuine captchas. These are then used to rapidly train a solver, which is then refined and tested against real captchas.

By using a machine-learned automatic captcha generator the researchers, or would be attackers, are able to significantly reduce the effort, and time, needed to find and manually tag captchas to train their software. It only requires 500 genuine captchas, instead of the millions that would normally be needed to effectively train an attack programme.

Previous captcha solvers are specific to one particular captcha variation. Prior machine-learning attack systems are labour intensive to build, requiring a lot of manual tagging of captchas to train the systems. They are also easily rendered obsolete by small changes in the security features used within captchas.

Because the new solver requires little human involvement it can easily be rebuilt to target new, or modified, captcha schemes.

The programme was tested on 33 captcha schemes, of which 11 are used by many of the world’s most popular websites – including eBay, Wikipedia and Microsoft.

Dr Zheng Wang, Senior Lecturer at Lancaster University’s School of Computing and Communications and co-author of the research, said: “This is the first time a GAN-based approach has been used to construct solvers. Our work shows that the security features employed by the current text-based captcha schemes are particularly vulnerable under deep learning methods.
“We show for the first time that an adversary can quickly launch an attack on a new text-based captcha scheme with very low effort. This is scary because it means that this first security defence of many websites is no longer reliable. This means captcha opens up a huge security vulnerability which can be exploited by an attack in many ways.

Mr Guixin Ye, the lead student author of the work said: “It allows an adversary to launch an attack on services, such as Denial of Service attacks or spending spam or fishing messages, to steal personal data or even forge user identities. Given the high success rate of our approach for most of the text captcha schemes, websites should be abandoning captchas.”

Researchers believe websites should be considering alternative measures that use multiple layers of security, such as a user’s use patterns, the device location or even biometric information.

https://www.helpnetsecurity.com/2018...rity-captchas/

----------


## harrybarracuda

I suppose if you aren't into Bitcoin....




> A Russian company that claims to specialize in decrypting ransomware is actually just secretly brokering deals with the malware distributors and charging victims for this middle-man service, researchers say.
> 
> The so-called IT consulting firm, known as Dr. Shifro, advertises that it can fix systems affected by such malicious encryptors as Cryakl, Scarab, Bomber, and Dharma/Crisis. But in reality, the company simply asks the ransomware’s creators to hand over a decryption key for a discounted price, according to Bleeping Computer, citing findings from Check Point Software Technologies.
> 
> During its investigation, Check Point observed Dr. Shifro allegedly charging a minimum of $1,000 for its imaginary IT services, plus the cost of paying for the decryptor. Check Point estimates that Dr. Shifro has earned at least $300,000 in revenue from this operation since it began in 2015.
> 
> https://www.scmagazine.com/home/secu...rchers-report/

----------


## harrybarracuda

So it seems that the Anonymous script kiddies launched another one of their laughable "ops" again this week, targeting banks.

They managed to launch a few DDOS attacks on the websites of such banking titans as the Central Bank of Dominica and the Central Bank of the Maldives. Whoop de fucking doo   :rofl: 

They really are a bunch of wankers.

 :Smile:

----------


## harrybarracuda

*Shamoon malware destroys data at Italian oil and gas company*

About a tenth of Saipem's IT infrastructure infected with infamous data-wiping Shamoon malware.




A new variant of the Shamoon malware was discovered on the network of Italian oil and gas contractor Saipem, where it destroyed files on about ten percent of the company's PC fleet, ZDNet has learned.
The vast majority of the affected systems were located in the Middle East, where Saipem does a vast majority of its business, but infections were also reported in India, Italy, and Scotland.

Shamoon is one of the most dangerous strains of malware known to date. It was first deployed in two separate incidents that targeted the infrastructure of Saudi Aramco, Saudi Arabia's largest oil producer, in 2012 and 2016. During those incidents, the malware wiped files and replaced them with propaganda images (burning US flag, body of Alan Kurdi). The 2012 attack was devastating in particular, with Shamoon wiping data on over 30,000 computers, crippling the company's activity for weeks.

This new Shamoon attack also has an Aramco connection. Saipem, an Italian oil and gas company specialized in drilling services and pipeline design, is one of Saudi Aramco's main foreign contractors.

This latest Shamoon incident took over the past weekend of December 8 and 9. The company publicly acknowledged the incident on Monday in a press release, calling it a cyber-attack, but without providing any useful information.

On the same day, a never-before-seen version of the Shamoon malware was uploaded on VirusTotal from an IP address located in Italy, where Saipem's main headquarters are located, and other samples were uploaded the next day from an IP address in India, another region that Saipem also said was affected.

Following repeated requests for comments, from both ZDNet and other publications, Saipem admitted in an email that they've been infected with a Shamoon variant.

But while in past Shamoon incidents attackers deleted and replaced files, a source inside the company told ZDNet that this time, attackers chose to encrypt data.

A security researcher who analyzed the Shamoon files uploaded on VirusTotal told ZDNetthat this is somewhat incorrect. This version of Shamoon overwrites original files with garbage data. This garbage data might look like encrypted content to an untrained eye, but it's just random bits of information that can't be recovered with an encryption key.

But despite this news, the Shamoon infection didn't appear to do damage to Saipem's ability to do business. Only regular workstations and laptops connected to Saipem's business network were affected, ZDNet was told, and the company's internal systems for controlling industrial equipment were not impacted.

Currently, Saipem is taking the Shamoon attack in stride, having already restored most of its affected systems using existing backups.

Older versions of the Shamoon malware were also known to come hardcoded with a list of SMB (Server Message Block) credentials that the malware would use to spread throughout a network on its own.

But in a phone call with ZDNet on Tuesday, Brandon Levene, the Chronicle security researcher who first spotted the new Shamoon malware on VirusTotal, said this Shamoon version didn't come with the regular list of SMB credentials that it used to feature in the past for self-propagation.

This might also explain why Saipem's IT staff is currently reviewing RDP (Remote Desktop Protocol) as the primary entry point for the malware into its network.

"You could just load Mimikatz onto the box and away you go to pivot that way," Levene told ZDNet in a phone call about the technical possibility of RDP being the entry point for the hack and the absence of any SMB credentials usually seen in the past.

"They could have encoded them [the SMB credentials] afterward [after obtaining them with Mimikatz]," Levene said, "that would certainly make sense as to why the [SMB] functionality wasn't necessary."

"Additionally, the networking component wasn't there. There's no command and control server configured," the researcher told us. "Older versions had a command and control server configured, and those would report what files were popped or overwritten."

The lack of these two components --SMB spreader and networking component-- fits with the scenario of a manual deployment, where the attacker was present and roaming around the company's network, rather than the malware being delivered via a phishing email, and left to spread on its own.

This theory is also confirmed by the fact that this new Shamoon version was also configured with a trigger date of "December 7, 2017, 23:51." The Shamoon "trigger date" is the date after which Shamoon's destructive behavior starts.

"Trigger dates" are often used for malware deployed to spread on its own, in order to make sure the malware has time to infect as many computers inside an internal network.

By using an old trigger date for this variant, attackers made sure Shamoon's destructive behavior started as soon as they executed the Shamoon payload.

https://www.zdnet.com/article/shamoo...d-gas-company/

----------


## harrybarracuda

Rumours have abounded for a while. 18305 downloading now.




> Microsoft officially took the wraps off a feature expected to come to Windows 10 19H1 early next year that it has rechristened as "Windows Sandbox." This feature, which will be part of Windows 10 Pro and Enterprise editions, creates "an isolated, temporary desktop environment" where users can run potentially suspicious software, officials said in a blog post on December 18. 
> 
> Earlier this year, Microsoft was rumored to be readying a new security feature for Windows 10 that was called, at that time, "InPrivate Desktop." InPrivate Desktop got a mention in Microsoft's Insider Feedback Hub during a bug-bash quest in August. The codename for InPrivate Desktop was "Madrid." 
> 
> In today's blog post about Windows Sandbox, Microsoft officials said the feature was available to users of Windows 10 Pro or Enterprise running Build 18301 or later. (Microsoft has not yet made available Build 18301 of Windows 10 to Insider testers, but could potentially do so later this week.) But later, the post said the feature could work with Windows 10 Pro or Enterprise Build 18292. The feature also requires AMD64 (aka x64) and virtualization capabilities enabled in BIOS, the post noted. 
> 
> Windows Sandbox is a lightweight virtual machine that builds on the technologies used in Windows Containers, according to the post. Windows Sandbox makes use of a new technology Microsoft calls "integrated scheduler," which allows the host to decide when the sandbox runs. 
> 
> 
> ...

----------


## harrybarracuda

It's in Windows Features.

----------


## harrybarracuda

Make sure you do your updates this month, there are a few 0-day nasties floating around.

----------


## harrybarracuda

*WiFi firmware bug affects laptops, smartphones, routers, gaming devices*List of impacted devices includes PS4, Xbox One, Samsung Chromebooks, and Microsoft Surface devices.

"The researcher says the firmware function to scan for new WiFi networks launches automatically every five minutes, making exploitation trivial. All an attacker has to do is send malformed WiFi packets to any device with a Marvell Avastar WiFi chipset and wait until the function launches, to execute malicious code and take over the device."

https://www.zdnet.com/article/wifi-f...aming-devices/

----------


## harrybarracuda

*Bug allows Facetime users to listen to and, in some cases, watch a person before they answer call**Apple is working to fix the issue.*
A BUG IN Apple’s FaceTime app allows users to listen to audio from the phone of the person they are calling before the person has accepted or rejected the call.


The bug was first reported by tech website 9to5Mac.

To trigger the bug, while making a FaceTime call, swipe up from the bottom of the screen and tap Add Person and add your own phone number here.

This allows you to start a group FaceTime call including yourself and the audio of the person you originally called, even if they haven’t answered the call.

https://www.thejournal.ie/facetime-bug-4464349-Jan2019/

----------


## harrybarracuda

*A NEW GOOGLE CHROME EXTENSION WILL DETECT YOUR UNSAFE PASSWORDS*DATA BREACHES THAT compromise people's usernames and passwords have become so common, and used in crime for so long, that millions of stolen credential pairs have actually become practically worthless to criminals, circulating online for free. And that doesn't even begin to scratch the surface of the more current credentials sold on the black market. All of this means that it's increasingly difficult to keep track of which of your passwords you need to change. So Google has devised a Chrome extension to watch your back.

On Tuesday, the company is announcing "Password Checkup," which runs in Chrome all the time as you go about your daily web browsing, and checks passwords you enter on all sites against a database of known compromised passwords. Password Checkup isn't a password manager, gauge of how weak or strong your passwords are, or source of advice. It just sits quietly until it detects a credential pair that is known to be exposed, and then it shows a warning. That's it.

The tool is unobtrusive by design, so you'll actually pay attention to it when it notices genuine risks. If you've been feeling overwhelmed by all the news of data breaches and cybercrime over the last few years, Password Checkup is meant as an easy way to take back some control.
*Watchdog*Google accounts tend to be particularly sensitive, because they are often the key to a person's email address. So the company has already been grappling with notifying users when their Google credentials are compromised—not because Google was hacked, but because people reuse passwords on multiple sites.

Google relies on a database of compromised credentials that totals about four billion unique usernames and passwords, gathered from troves its security teams access online as they go about their larger threat detection research for the company. Google says it hasn't ever bought stolen credentials, and that it doesn't currently collaborate with other security-minded aggregators like Have I Been Pwned, a service maintained by the security researcher Troy Hunt. The company does accept donations of stolen credentials from researchers, though.

The company has already uses that stash to force Google users to abandon exposed passwords. And other Google divisions, like Nest, are working on features to prevent exposed password reuse, because of problems with account takeovers.

"We've reset something like 110 million passwords on Google accounts because of massive breaches and other data exposures," says Elie Bursztein, who leads the anti-abuse research team at Google. "The idea is, can we have a way to do it everywhere? It works in the background and then after 10 seconds you may get a warning that says 'hey, this is part of a data breach, you should consider changing your password'. We want it to be 100 percent if we show it to you you have to change it."

Google's database is always growing, but appears to have some holes. When I tested Password Checkup with a login that I know has been compromised in breaches (so I have one account I haven't updated yet, what are you gonna do) it didn't flag it.

Bursztein and Kurt Thomas, a Google security and anti-abuse research scientist note that they've skewed toward zero false positives so they aren't accidentally giving users warnings based on similar, but slightly different passwords or the same password that was compromised for a different person, but not you. And they emphasize that while the company is releasing Password Checkup as a regular Chrome extension for people to start using, it's still an experiment and isn't necessarily finalized.
*Check Mate*The researchers are anticipating controversy—or "a conversation" as they often call it— about a crucial question that you may have by now, too: If Password Checkup is running quietly on Chrome all the time with the express goal of monitoring your login credentials, isn't Google going to end up with a terrifying trove of all your passwords? And if so, couldn't attackers find a way to compromise Password Checkup to grab tons of current credentials, track you, or infiltrate Google's database of stolen data?

"There are four threats we had to think about when designing the system," Thomas says. "The first is that Google never learns your username and password in the process. Another one is we don’t want to tell you about anyone else’s usernames and passwords that don’t belong to you. And we need to prevent somebody from brute forcing the system. We don’t want you to start guessing random usernames and passwords. And the last is we don’t want any sort of trackable identifier for the user that would reveal any information."

It wouldn't be feasible on multiple levels for Google to check the credentials without any data leaving the user's device at all. Instead, the company collaborated with cryptographers at Stanford University to devise layers of encryption and hashing—protective data scrambling—that combine to protect the data as it traverses the internet. First of all, the entire database is scrambled with a hashing function called Argon 2, a robust, well-regarded scheme, as a deterrent against an attacker compromising the database or attempting to pull credentials out of the Chrome extension.

Rather than have you download the entire database, the researchers devised a scheme for downloading a smaller subset, or partition, of the data without revealing too much about your specific username and password. When you log into a site, Password Checkup generates a hash of your username and password on your device, and then sends a snippet of it to Google. The system then uses this prefix to create the smaller subset of breached username and password data to download onto your device. "This provides a strong anonymity set where there’s basically hundreds of thousands of usernames and passwords that would fall into that prefix, but we have no idea which they are," Thomas says. "When you sign in you send that little prefix to Google and we give you every account that we know to download."

To index into your subset of the database, your device signs your encrypted username and password with a key only it knows and sends it to Google. Next the company signs it with its own secret key, then sends it back to your device, which decrypts it with its key. After this handshake is complete, the data is finally in the right state of encryption and hashing to do a compatible local lookup on your device against the portion of the database you've downloaded. The idea is that everything is encrypted all the time to make the data as indecipherable and useless to a potential attacker—or Google itself—as possible at every phase.
*Details Matter*Google plans to release an academic paper about the tool with Stanford researchers that details its underlying protocols and cryptographic principles for public vetting.

When asked about the idea of a browser extension that attempts to monitor passwords in a cryptographically secure and private way, Johns Hopkins cryptographer Matthew Green said, "It's possible. It could be done securely, I think. I think. But details matter." Green notes that such a scheme would need to be executed essentially perfectly and would have a number of crucial areas where it could fall short. "If a lot of people will be using it—it's a little scary, frankly," he says.

With such a desperate need for easily understandable breach information and advice, a lot of people very easily could start using Password Checkup quickly. So it will be incumbent upon Google to actually continue improving the extension's security based on community feedback—both from users and cryptographers.

https://www.wired.com/story/password...ome-extension/

----------


## harrybarracuda

Windows 7 may be creakingly old now, but it is still widely used. While large numbers of consumers have migrated to Windows 10, there are still plenty of organizations that are clinging to the old operating system out of a sense of nostalgia, an unwillingness to upgrade, lack of funds for upgrading, or legacy requirements.

As of January 14, 2020, Microsoft will no longer be providing support or security updates for Windows 7 -- apart from for those who are willing to pay for it. The company is offering up to three years of Windows 7 Extended Security Updates (ESU), and pricing has just been revealed.

Details of pricing have been shared by ZDNet, and they are predictably high. Extended Security Updates will only be available to Windows 7 Professional and Windows 7 Enterprise customers, and the cost doubles on a year-by-year basis. For the first year (January 2020-21), Windows Enterprise customers can expect to pay $25 per device, rising to $100 in the third year. For Windows 7 Professional, the starting figure is $50 per device, rising to $200.

ZDNet's Mary Jo Foley explains:
For Windows 10 Enterprise and Microsoft 365 customers, Microsoft will provide Windows 7 ESUs as an "add-on," according to information Microsoft seemingly shared with partners and its field sales people. Year one (January 2020 to 2021), that add-on will cost $25 per device for that set of users. Year two (January 2021 to 2022) that price goes up to $50 per device. And Year three (January 2022 to January 2023) it goes up to $100 per device. To qualify for this pricing tier, customers can be running Pro as long as they are considered "active customers" of Windows Enterprise in volume licensing.

For users who decide to stick with Windows 10 Pro rather than Windows 10 Enterprise, those ESU prices are significantly higher. Year one, Windows 7 ESUs will cost those Windows 7 Pro customers $50 per device; Year 2, $100 per device; and Year 3, $200 per device, according to information Microsoft seemingly shared with its partners and field sales people.

There is a hint that bulk discounts could be available, which would be good news for organizations with large number of computers still to be upgraded to Windows 10. With a total cost of up to $350 per system, things could get expensive. A Microsoft spokesperson says: "Customers would need to work with their Microsoft account team for details on pricing".

https://betanews.com/2019/02/06/micr...dates-pricing/

----------


## David48atTD

*Block and Defer Windows 10 Updates*The first thing you can do  to avoid getting the above update problems and more is to take over the  control when your Windows 10 updates. 
This way you can hold off getting  updates the moment Microsoft rolls them out, monitor the news for a bit  to see if any major errors crop up, then manually do the update  yourself.


Recently, Windows Insiders revealed that an update is  coming to Windows 10 (around April 2019) which will allow all Windows  users (including Home users) to pause updates by up to seven days. In  the meantime, if you’re on Windows  10 Pro, enterprise, Education or S,  you can postpone updates by going to
... Settings -> Update &  Security -> Windows Update. Here, select the option ‘Choose when  updates are installed’ and pick the number of days you’d like to delay  it by.


There’s another way to take control of Windows 10 updates –  depending on whether you have the Home or Pro version of the OS – and  we have a guide that takes you through disabling and scheduling Windows 10 updates.


---

*How to Roll Back Windows 10 Updates*After every major update  Windows 10 gives you a ten-day window to roll back to a previous version  of Windows. It’s a useful feature and should give you enough time to  judge whether you have a problematic update. Of course, this won’t  recover your files if Windows 10 deletes them, but at least you’ll be on  a more stable version of the OS.




To do this, go to Windows 10 Settings, then click “Update & security  -> Recovery.” 

Below “Reset this PC” you should see the option to “go  back to the previous version of Windows 10.” 

Click “Get started,” then  follow the steps to roll back Windows 10. 

Again, this option is only  available for  *ten days* after a Windows 10 build update.


https://www.maketecheasier.com/lates...date-problems/

----------


## harrybarracuda

1H19 - the next release - is the dog's bollocks.

----------


## harrybarracuda

*Edge secretly disables security mechanism on Facebook*
A hidden whitelist in Microsoft Edge is allowing Facebook to execute Flash Player content without authorization.


Adobe’s soon-to-be-deprecated media plugin is notorious for being insecure, riddled with bugs, and leaving users vulnerable to cyber-attacks.

As a response, browsers severed their ties with the once-popular tech and enabled Click2Play, meaning websites are not allowed to execute Flash without users’ permission.

However, a hidden whitelist discovered by a Google Project Zero researcher has revealed that a number of domains have been able to bypass Click2Play in Microsoft’s Edge browser.

The file – c:\Windows\system32\edgehtmlpluginpolicy.bin – contains a default whitelist of domains that can bypass Click2Play and load Flash content without permission.

This issue was discovered by Ivan Fratric, who disclosed the flaw on November 26, before going public after a 90-day disclosure deadline.

https://portswigger.net/daily-swig/e...sm-on-facebook

----------


## harrybarracuda

I find it hard to believe 500 million people are using this piece of shit, but if you are, ditch it and switch to 7Zip.




> *Security experts at Check Point have disclosed technical details of a critical vulnerability in the popular file compression software WinRAR.*Experts at Check Point discovered the logical bug in WinRAR by using the WinAFL fuzzer and found a way to exploit it to gain full control over a target computer.
> 
> 
> Over 500 million users worldwide use the popular software and are potentially affected by the flaw that affects all versions of released in the last 19 years.
> 
> The flaw is an “Absolute Path Traversal” issue in the library that could be exploited to execute arbitrary code by using a specially-crafted file archive.
> 
> <snip>
> 
> ...


https://securityaffairs.co/wordpress...ical-flaw.html

----------


## harrybarracuda

A Chrome add-on called Video Downloader (or Video Downloader Plus) has a serious cross-site scripting flaw.

If you use it, check that you're on the latest, recent version which fixed it.

https://thehackerblog.com/video-down...loit-detailed/

----------


## harrybarracuda

A straight rip off of Chrome's Password Checkup add-on, but anything to stops breaches is a good thing.




> *Mozilla Firefox 67 to Warn About Breached Sites Using New Add-On*
> Firefox Monitor is a Mozilla service that has partnered with Have I been Pwned to alert users when their email address has been discovered in a data breach. In the past, Firefox Monitor was a standalone service, but starting in Firefox 67 it will now be included as an extension.
> 
> 
> As part of a test in November 2018, Mozilla started displaying notifications to Firefox users when they visited a site that historically has had a data breach. You can see an example of one of these breach notifications below.
> 
> 
> 
> As spotted by Techdows.com, starting in the current Firefox Nightly build for version 67, Firefox Monitor will now be integrated as a system extension.
> ...

----------


## OhOh

> A Chrome add-on called Video Downloader (or Video Downloader Plus) has a serious cross-site scripting flaw.


Has the Firefox version been affected?

----------


## harrybarracuda

> Has the Firefox version been affected?


I don't know but just make certain that you're on the latest version to be sure.

----------


## harrybarracuda

From the horse's mouth:




> Are you a Google Chrome browser user? Be alert!
> 
> Earlier today, a dangerous Zero-Day Vulnerability was found in Google Chrome. 
> 
> *Google Chrome’s Desktop Engineering and Security Lead, John Schuh tweeted :*
> *
> *
> *“Also, seriously, update your Chrome installs... like right this minute.”*

----------


## Takeovers

Received this email. Way above the usual spam, had a good laugh. You got to admit it has some style. 

 :bananaman: 


Hello!




> I have very bad news for you.
> 21/10/2018 - on this day I hacked your OS and got full access to your account jxxx@yyy.somewhere
> 
> So, you can change the password, yes... But my malware intercepts it every time.
> 
> How I made it:
> In the software of the router, through which you went online, was a vulnerability.
> I just hacked this router and placed my malicious code on it.
> When you went online, my trojan was installed on the OS of your device.
> ...

----------


## baldrick

> I made a screenshot of the adult sites where you have fun (do you understand what it is about, huh?).
> After that, I made a screenshot of your joys (using the camera of your device) and glued them together.
> Turned out amazing! You are so spectacular!


it sounds like he wants a date

a couple of years ago several moroccon villages were making a living out of extorting moneys for similar ruses with middle eastern computer users




but more important is the discovery of malware infecting a sh1t load of apps on googles play store - list of apps at the bottom of the linked page - they all have in common that they used an infected library which they probably did not realise had been covertly modified

mostly driving simulator games

though I imagine some of our teakdorians will have this app installed




> com.mustache.beard.editor    Beard mustache hairstyle changer Editor





> Check Point researchers from the Mobile Threat Team have discovered a new adware campaign on the Google Play Store. This particular strain of Adware was found in 206 applications, and the combined download count has reached almost 150 million. Google was swiftly notified and removed the infected applications from the Google Play Store.


https://research.checkpoint.com/simb...n-google-play/

----------


## Takeovers

> but more important is the discovery of malware infecting a sh1t load of apps on googles play store - list of apps at the bottom of the linked page - they all have in common that they used an infected library which they probably did not realise had been covertly modified


I am quite confident there is no malware involved. Just this funny email. He has nothing on me.

----------


## baldrick

yes - it is just a mass mail

the android malware is a different story and I added it as security news

----------


## harrybarracuda

It's called "Sextortion". A mate of mine from CM emailed me in a panic about receiving one.

I had to explain to him that it would be a bit difficult to video him knocking one out to Xhamster when he hasn't got a fucking webcam of any kind.

 :Smile:

----------


## baldrick

this is not for you harry - I know you have proudly released all your self abuse videos to the WWF to stop monkeys wanking in public zoos

the morrocan's actually did/do have video - they faked video chat with the lebenese , syrian , jordanian using pr0n vids from the web fed to skype and recorded the boys fapping and then threatened to show it to their mothers

they had / still have a thriving business running

Oued Zem




> In the meantime, go to the 'business' for many scammers still good. There are even real sextortion gangs who take about 80 000 per year. In the dusty, poor town driving many BMWs and Mercedes around. Ten years ago there were four exchange offices in the town and two banks. Today there are forty and fifteen respectively.

----------


## harrybarracuda

Yes there are real scams but they normally involving engaging the victim with a fake profile or some whore.

But the email scams are different.

----------


## harrybarracuda

Norsk Hydro hit bad by a ransomware attack.




> The Norwegian National Security Authority (NNSA), the state agency in charge of cybersecurity, said the attack used a virus known as LockerGoga, a relatively new strain of so-called ransomware which encrypts computer files and demands payment to unlock them.


https://www.reuters.com/article/us-n...-idUSKCN1R00NJ

----------


## Buckaroo Banzai

> Make sure you do your updates this month, there are a few 0-day nasties floating around.


every time i see a win 10 update I get anxiety attacks.
Just did my Win 10 update, now the battery status icon is gone from my tray. I have to keep on going to my settings to check on the status of my laptop battery. Went to YouTube for fixes,  seems like the "config Sys" command from MS DOS  days is rearing its ugly head, don't want to start messing with settings  I don't understand, Looks like I will have to take my laptop in the shop for someone who knows what they are doing to fix. Any recommends on a shop in Khon Kaen?
Next laptop  will be a Mack. Tired of windows.

----------


## baldrick

I install classic shell on win 10

Classic Shell: Downloads

get your desktop back to a no frills GUI

----------


## Buckaroo Banzai

> I install classic shell on win 10
> 
> Classic Shell: Downloads
> 
> get your desktop back to a no frills GUI


did a litle search and found "classic start" also , would such programs restore my battery status icon? that's all I want.

----------


## baldrick

try it and find out

I use it because it sets the windows GUI back to the old style without all the bullsh1t pretty stuff

I would expect you to get the normal taskbar

you can always turn it off

----------


## harrybarracuda

> every time i see a win 10 update I get anxiety attacks.
> Just did my Win 10 update, now the battery status icon is gone from my tray.


Did you try clicking the little "up" chevron and seeing if it's there? And if it is, drag it back into the taskbar. 

But if you're really too thick to know that's how Windows works after all this time, and it's giving you "anxiety attacks" then yes, go and get a Mac. They're designed for people who don't really understand computers and want their little hands held all the time.

----------


## harrybarracuda

*Microsoft Issues the Update to Announce the End of Windows 7 Updates*By: Wayne Rash | March 25, 2019

It’s not exactly the Windows Update to end all updates, but it’s close. Windows 7 machines that downloaded the most recent round of official updates got one that doesn’t do much beyond telling you to stop using Windows 7. The way it’s supposed to work is that computers running Windows 7 will start getting pop-up notices beginning April 18 letting them know that all support for Windows 7 will end on Jan. 14, 2020.


The pop-up notice will provide a link to additional information on Microsoft’s website letting you know your upgrade options, including buying new computers, which is what the company really wants you to do. While the notices aren’t supposed to appear until April, some users are reporting seeing them already. When the notice does appear, you can check a box in the lower left corner telling the alert not to appear again.

This is Microsoft’s gentle (but not subtle) means of telling you that it’s high time to stop fooling around and update Windows. But by now, you know this. Problem is, you’re one of hundreds of millions of places where Windows 7 is still running, and while there are some instances in which you can stick with it, in nearly every case you can’t. It’s reaching its end of life, and continuing to use it after next January will mean using a system that’s more and more vulnerable to security risks.


Why So Many Still Haven’t Upgraded to Windows 10

So why haven’t you upgraded your Windows 7 machines? There are a number of reasons, a couple of which are legitimate.



You just haven’t gotten around to it. Procrastination will eventually create headaches as new software won’t work. Worse, you’ll be vulnerable to an ever wider range of attacks and exploits, and you may not be able to do anything about it. You need to move forward.You’re concerned that your applications won’t work. Windows 10 has a compatibility mode that will tell your applications that you’re running Windows 7 (or XP or whatever), and it works quite well. But for the most part, commercial applications will work fine. Some custom applications may have trouble, but it’s unlikely. If it is a problem, consider upgrading to Windows 8.1 to see if that works. Meanwhile, update your custom apps.You don’t want to spend the money to update. You could have upgraded to Windows 10 when it was free. However, you may still be able to perform a clean install of Windows 10 and use your existing Windows 7 installation key. Microsoft enabled this over a year ago, and it may still work.Your computer won’t run Windows 10. There are a few computers, including my ancient HP xw8200 workstation, that cannot run Windows 10. All you can do in this case is continue with Windows 7 and hope for the best, or you can run a different operating system such as Linux. Or you can replace your old computer with a new one. I did both with a new HP workstation, and I’m getting a copy of Linux that understands my SCSI controllers on the old one.You have an enterprise license. You can arrange for continued support for some business installations of Windows 7. This is a feature of some enterprise contracts with Microsoft, and you may be able to add this support if you don’t already have it.You have embedded Windows 7 and can’t upgrade. Embedded Windows in ATMs, gas pumps, POS devices, medical devices and other embedded applications aren’t subject to the end-of-life limits for other Windows 7 installations. Microsoft has an FAQ about this.

Considering the rate at which internet of things (IoT) devices running Windows are spreading, that last point might end up being the largest installed base of Windows 7 still extant. And, like everything else in the IoT world, this means that security issues will follow embedded Windows until the device makers start following the new federal guidelines and make their devices so they can be updated.

From a business perspective, running on an old, unsupported operating system is pretty hard to defend. Windows 7 came out 10 years ago, and you’ve known for at least five years that the operating system’s days were numbered. You’ve known the exact end of support date for over a year now. And you’ve known for longer than that about Microsoft’s plan to stop supporting Windows 7.

Even if you run a very small business, the investment required to keep your technology current is fairly minimal. It’s probably going to cost less to buy a new computer than it will cost you for business lunches over the course of a month, and unlike lunch, newer technology will improve your efficiency and also reduce your risks. You should be budgeting for hardware replacements over the course of three or four years for each machine, anyway.

The best way to think about the patch that will start nagging you to update Windows in April is with thanks. You’ve been reminded in enough time that even if you have a lengthy procurement process, you still have time to either update Windows or to update your computer with a new one. Neither path is particularly arduous, especially compared with the pain of recovering from a breach that happened when you didn’t take action.

https://www.eweek.com/enterprise-app...dows-7-updates

----------


## harrybarracuda

If anyone is running these models of D-Link router, go in and check your DNS hasn't been tampered with, and make sure you update to the latest firmware.




> The first DNS hijacking exploit attempts targeted multiple models of D-Link DSL modems, including:
> 
> D-Link DSL-2640BD-Link DSL-2740RD-Link DSL-2780BD-Link DSL-526B


Also these:

----------


## OhOh

No Huawei routers listed?

----------


## harrybarracuda

> No Huawei routers listed?


Oh no, the chinky spies have their own page.

https://www.cvedetails.com/vulnerabi...79/Huawei.html

----------


## OhOh

And these companies as well:

https://www.cvedetails.com/vulnerability-list/vendor_id-750/Nokia.html

https://www.cvedetails.com/vulnerabi...2/Samsung.html

https://www.cvedetails.com/google-search-results.php?q=ZTE+%3A+Security+Vulnerabilities+&sa  =Search

https://www.cvedetails.com/vulnerability-list/vendor_id-238/Intel.html

https://www.cvedetails.com/vulnerability-list/vendor_id-16/Cisco.html

https://www.cvedetails.com/vulnerability-list/vendor_id-10/cvssscoremin-7/cvssscoremax-7.99/HP.html

Seems to be many common problems.

----------


## harrybarracuda

Yes, but in the case of the rest you know they aren't put there deliberately (unless they are other chinky spying shit).

----------


## OhOh

^ So the errors etc. must be by poor project specs, bad programming, insufficient checking or inadequate development control then? 

If so, that is exactly what Huawei is accused of by the UK auditors.

Or can you suggest other reasons that these problems are occurring?

----------


## harrybarracuda

> ^ So the errors etc. must be by poor project specs, bad programming, insufficient checking or inadequate development control then? 
> 
> If so, that is exactly what Huawei is accused of by the UK auditors.
> 
> Or can you suggest other reasons that these problems are occurring?


Are you stupid or something?

Everyone knows the chinkies leave backdoors in everything.

They are dirty little spies.

Do I have to post the designs they've stolen AGAIN for it to sink in?

Or are you just going to carry on with your snivelling chinky brown nosing?

----------


## harrybarracuda

*Easter Attack Affects Half a Billion Apple iOS Users via Chrome Bug*
About a half a billion Apple iOS users (and counting) have been hit by session-hijacking cybercriminals bent on serving up malware. They’re exploiting an unpatched flaw in the Chrome for iOS browser, to bypass sandboxing and hijack user sessions, targeting iPhone and iPad users.


The attacks are the work of the eGobbler gang, researchers said, which has a track record of mounting large-scale malvertising attacks ahead of major holiday weekends. Easter is coming up, and the crooks are banking on consumers spending a lot more time than usual browsing the web on their phones.

Session hijacking occurs when a user is browsing a web page and is suddenly redirected to another site or landing page, or when a pop-up appears that one can’t exit out of. The pages look like ads from well-known brands; but in reality, if a user clicks on one of them, a payload is deployed.


In this case, “the campaign…is currently still active under ‘.site’ TLD landing pages,” said Eliya Stein at Confiant, in an analysis this week. “With half a billion user sessions impacted, this is among the top three massive malvertising campaigns that we have seen in the last 18 months.”

The offensive is mainly targeting U.S. users, though some European activity has been observed.

Meanwhile, at least one other research firm said that the attack is effective against Apple Safari users as well – opening up a much larger threat surface, given that most iOS users make use of Apple’s default browser for mobile web surfing.

https://threatpost.com/easter-attack-apple-ios/143901/

----------


## harrybarracuda

Doh!!


[QUOTE]
China-based app maker ignored repeated warnings by researchers that its password database  stored in plain text  was accessible to anyone online.

More than 2 million passwords for Wi-Fi hotspots were leaked online by the Android app developer behind the mobile application called WiFi Finder. The passwords were part of an insecure database found by researchers at GDI Foundation.

The Android app itself did not just help users find Wi-Fi hotspots, but also supplied username and passwords that were crowdsourced by the apps users. According to researchers, the total database included 2 million username and password pairs, with tens-of-thousands of hotspots located in the United States, according to TechCrunch, which first reported the leaky server.

GDI Foundation said the developer is based in China and the app has been downloaded thousands of times by users. Data included public and private hotspots, but also countless numbers of home Wi-Fi hotspots.

https://threatpost.com/leaky_app_data/144029/

[/QUOTE]

----------


## baldrick

err - so what

free wifi as long as your device is secure and you don't like MIM attacks - onwards

----------


## harrybarracuda

> err - so what
> 
> free wifi as long as your device is secure and you don't like MIM attacks - onwards


And what do you think is the probability that people who would use an app like this understand either security or the consequences?

In fairness, you'd have to be that dumb - almost Buttplugian one would say - that someone has probably compromised your router and home network already.

----------


## OhOh

"Researchers" finding a China story, 'arry lives for such things.

----------


## harrybarracuda

> "Researchers" finding a China story, 'arry lives for such things.


Awwwww wassup snowflake.

----------


## OhOh

All available no doubt at your, "not for profit, but agency funded", site,  "China Tittle-Tattle - All the unproven garbage one  can find.com"

----------


## harrybarracuda

> All available no doubt at your, "not for profit, but agency funded", site,  "China Tittle-Tattle - All the unproven garbage one  can find.com"


Actually, just news sites.

I expect you don't get these reports on IAMACHINKYBROWNNOSER.COM

----------


## harrybarracuda



----------


## harrybarracuda

Always a handy reminder....

----------


## OhOh

*50,000 companies exposed to hacks of 'business critical' SAP systems: researchers*


_"LONDON (Reuters) - Up to 50,000 companies running SAP software are at  greater risk of being hacked after security researchers found new ways  to exploit vulnerabilities of systems that havent been properly  protected and published the tools to do so online. 

German software giant SAP said it issued guidance on how to correctly  configure the security settings in 2009 and 2013. But data compiled by  security firm Onapsis shows that 90 percent of affected SAP systems have  not been properly protected.     

__Basically, a company can be brought to a halt in a matter of  seconds, said Onapsis Chief Executive Mariano Nunez, whose company  specializes in securing business applications such as those made by SAP  and rival Oracle. 
_
_With these exploits, a hacker could steal  anything that sits on a companys SAP systems and also modify any  information there  so he can perform financial fraud, withdraw money,  or just plainly sabotage and disrupt the systems. 
_
_SAP said: SAP always strongly recommends to install security fixes as they are released. 
_
_SAP  software is used by more than_ _90 percent of the worlds top 2,000 to manage everything from employee payrolls to product  distribution and industrial processes. "

_Continues;

https://www.reuters.com/article/us-sap-security/50000-companies-exposed-to-hacks-of-business-critical-sap-systems-researchers-idUSKCN1S80VJ?il=0




Dodgy EU software to be banned?

----------


## harrybarracuda

It's nothing new. It's a default configuration that SAP say you should change for your environment.

I don't see how they can say it affects 90% of the world's SAP sites unless they've had internal access to all of them.

Someone is promoting their services to pointy-haired bosses I suspect.

----------


## harrybarracuda

That Dell crapware.... get rid.




> *Remote Code Execution on most Dell computers*What computer do you use? Who made it? Have you ever thought about what came with your computer? When we think of Remote Code Execution (RCE) vulnerabilities in mass, we might think of vulnerabilities in the operating system, but another attack vector to consider is “What third-party software came with my PC?”. In this article, I’ll be looking at a Remote Code Execution vulnerability I found in Dell SupportAssist, software meant to “proactively check the health of your system’s hardware and software” and which is “preinstalled on most of all new Dell devices”.
> 
> https://d4stiny.github.io/Remote-Code-Execution-on-most-Dell-computers/

----------


## baldrick

Acer , lenovo and now dell have made this stupid mistake

how many people actually call these companies and ask for remote assistance via this sort of connection ?

----------


## baldrick

firefox extension fcukup

fixes here if you want to get them working again before they get their sh1t into a pile and fix the problem

http://www.reddit.com/r/firefox/comments/bkhtv8/heres_whats_going_on_with_your_addons_being/

----------


## harrybarracuda

> firefox extension fcukup
> 
> fixes here if you want to get them working again before they get their sh1t into a pile and fix the problem
> 
> http://www.reddit.com/r/firefox/comments/bkhtv8/heres_whats_going_on_with_your_addons_being/


Schoolboy error.

 :rofl:

----------


## harrybarracuda

Arf.

----------


## baldrick

er - no PiHole

what sort of Amateur sh1tshow do you think people should run

----------


## harrybarracuda

You can add one of those, and if you want to be really paranoid run your shit through any number of cloud analytics platforms as well.

Fuck it, if you have the budget do what you like.

 :Smile:

----------


## baldrick

are you able to pass a camel through the eye of a PiHole ?  :Smile:

----------


## baldrick

if youare using firefox you should be able to update to 66.0.0.4 which will fix you addons/extensions issue

http://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/

----------


## harrybarracuda

> if youare using firefox you should be able to update to 66.0.0.4 which will fix you addons/extensions issue
> 
> http://blog.mozilla.org/addons/2019/05/04/update-regarding-add-ons-in-firefox/


I've got 66.0.4 showing in mine.

----------


## baldrick

that is because I am a 00 and you are not  :Smile:

----------


## harrybarracuda

> that is because I am a 00 and you are not


That's not your blood alcohol level then.

 :bananaman:

----------


## harrybarracuda

WhatsApp is encouraging users to update to the latest version of the app after discovering a vulnerability that allowed spyware to be injected into a users phone through the apps phone call function.

The spyware was developed by the Israeli cyber intelligence company NSO Group, according to the Financial Times, which first reported the vulnerability.

Attackers could transmit the malicious code to a targets device by calling the user and infecting the call whether or not the recipient answered the call. Logs of the incoming calls were often erased, according to the report.

WhatsApp said that the vulnerability was discovered this month, and that the company quickly addressed the problem within its own infrastructure. An update to the app was published Monday, and the company is encouraging users to upgrade out of an abundance of caution.

The company has also alerted US law enforcement to the exploit, and published a CVE notice, an advisory to other cybersecurity experts alerting them to common vulnerabilities and exposures.

The vulnerability was used in an attempted attack on the phone of a UK-based attorney on 12 May, the FT reported. The lawyer, who was not identified by name, is involved in a lawsuit against NSO brought by a group of Mexican journalists, government critics and a Saudi Arabian dissident.

The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems, WhatsApp said in a statement. We have briefed a number of human rights organizations to share the information we can and to work with them to notify civil society.
NSO Group did not immediately respond to the Guardians request for a comment. The company told the FT that it was investigating the WhatsApp attacks.

Under no circumstances would NSO be involved in the operating or identifying of targets of its technology, which is solely operated by intelligence and law enforcement agencies, NSO Group told the FT. NSO would not, or could not, use its technology in its own right to target any person or organization, including this individual.

NSO limits sales of its spyware, Pegasus, to state intelligence agencies. The spywares capabilities are near absolute. Once installed on a phone, the software can extract all of the data thats already on the device (text messages, contacts, GPS location, email, browser history, etc) in addition to creating new data by using the phones microphone and camera to record the users surroundings and ambient sounds, according to a 2016 report by the New York Times.

﻿WhatsApp has about 1.5bn users around the world. The messaging app uses end-to-end encryption, making it popular and secure for activists and dissidents. The Pegasus spyware does not affect or involve the apps encryption.

https://www.theguardian.com/technolo...-vulnerability

----------


## baldrick

for those of you who do use whatsapp - make sure you are getting a version that has been updated




> VE-2019-3568
> Description: A buffer overflow vulnerability in WhatsApp VOIP stack allowed remote code execution via specially crafted series of SRTCP packets sent to a target phone number.
> Affected Versions: The issue affects WhatsApp for Android prior to v2.19.134, WhatsApp Business for Android prior to v2.19.44, WhatsApp for iOS prior to v2.19.51, WhatsApp Business for iOS prior to v2.19.51, WhatsApp for Windows Phone prior to v2.18.348, and WhatsApp for Tizen prior to v2.18.15.
> Last Updated: 2019-05-13

----------


## harrybarracuda

One of my throng proudly informed everyone that it doesn't affect him because he uses 2FA.

 :rofl:

----------


## baldrick

^ I would have sacked butterfluffer by now  :Smile: 

iTards probably need to update their app store app to get the latest version of whatsapp

----------


## harrybarracuda

> ^ I would have sacked butterfluffer by now 
> 
> iTards probably need to update their app store app to get the latest version of whatsapp


Actually despite being a tard he still knows what Regedit is for.

Maybe Buttplug could get a job as his junior assistant.

 :Smile:

----------


## harrybarracuda

If you are running Windows 7 or Server 2008: Patch this one ASAP.

Or simply do a Windows Update.

If you are running XP or 2003, stop licking the windows and patch this, because it's serious enough that they have released a free patch for those, too.

Then stop being a tightwad arsehole and buy a fucking new computer, you tits.




> Prevent a worm by updating Remote Desktop Services (CVE-2019-0708)
> MSRC TeamMay 14, 2019
> 
> Today Microsoft released fixes for a critical Remote Code Execution vulnerability, CVE-2019-0708, in Remote Desktop Services – formerly known as Terminal Services – that affects some older versions of Windows. The Remote Desktop Protocol (RDP) itself is not vulnerable. This vulnerability is pre-authentication and requires no user interaction. 
> 
> In other words, the vulnerability is ‘wormable’, meaning that any future malware that exploits this vulnerability could propagate from vulnerable computer to vulnerable computer in a similar way as the WannaCry malware spread across the globe in 2017. While we have observed no exploitation of this vulnerability, it is highly likely that malicious actors will write an exploit for this vulnerability and incorporate it into their malware. 
> 
> Now that I have your attention, it is important that affected systems are patched as quickly as possible to prevent such a scenario from happening. In response, we are taking the unusual step of providing a security update for all customers to protect Windows platforms, including some out-of-support versions of Windows. 
> 
> ...

----------


## baldrick

Why are things like remote desktop service running by default ? 

So many crap services run by default in an attempt to make windows tard friendly when all most of them do is allow another attack vector. Most home windows users do not even use local networks for file sharing or casting etc.  

Every new update of Windows 10 becomes more of a pain to regulate the default install or sh1t that gets re enabled on updates.  

It is becoming worse without technical benefits

Unless you have it on a corporate setup with full remote deployment of configuration then you should be running it sandboxed in a VM,  or a standalone boot instance for games

/rant

----------


## harrybarracuda

> Why are things like remote desktop service running by default ? 
> 
> So many crap services run by default in an attempt to make windows tard friendly when all most of them do is allow another attack vector. Most home windows users do not even use local networks for file sharing or casting etc.  
> 
> Every new update of Windows 10 becomes more of a pain to regulate the default install or sh1t that gets re enabled on updates.


It doesn't affect Windows 10.

It was probably in earlier versions to enable Remote Assistance and the like, to help fucking retards like buttplug and repeater when they get stuck.

The Internet should be like a motorway, no L-drivers allowed. There should be a special dumbfucks mini-internet for them to learn how to access katoey dating sites and Fox News and stuff before they are allowed to start posting drivel on the first forum they find; and it should be isolated from the proper internet so people don't get blasted with shit from all the infections they inevitably contract.

----------


## harrybarracuda

Oh dear oh dear...




> *Salesforce? Salesfarce: Cloud giant in multi-hour meltdown after database blunder grants users access to all data*
> https://www.theregister.co.uk/2019/05/17/salesforce_database_outage/

----------


## harrybarracuda

If you have an Asus router:




> ASUS is releasing a firmware update for selected routers. Our most recent firmware update contains enhanced security protections against unauthorized access, alteration, disclosure of data, malware, phishing and DDoS attacks.
> 
> We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected against unwanted intrusion. As a user of an ASUS router, we advise taking the following actions:
> 
> 1. Update your router to the latest firmware. We recommend that you do so as soon as they are released. You will find the latest firmware available for download from the ASUS Product Security Advisory page, at
> 
> https://www.asus.com/Static_WebPage/...sory/#header11
> 
> 2. Set up separate passwords for your wireless network and router-administration page. Use passwords with a length of at least eight characters, and include a mix of capital letters, numbers and symbols. Do not use the same password for multiple devices or services.
> ...

----------


## harrybarracuda

If you have an Asus router (and if you're running stock firmware on it):




> ASUS is releasing a firmware update for selected routers. Our most recent firmware update contains enhanced security protections against unauthorized access, alteration, disclosure of data, malware, phishing and DDoS attacks.
> 
> We strongly encourage you to periodically audit both your equipment and your security procedures, as this will ensure that you will be better protected against unwanted intrusion. As a user of an ASUS router, we advise taking the following actions:
> 
> 1. Update your router to the latest firmware. We recommend that you do so as soon as they are released. You will find the latest firmware available for download from the ASUS Product Security Advisory page, at
> 
> https://www.asus.com/Static_WebPage/...sory/#header11
> 
> 2. Set up separate passwords for your wireless network and router-administration page. Use passwords with a length of at least eight characters, and include a mix of capital letters, numbers and symbols. Do not use the same password for multiple devices or services.
> ...

----------


## harrybarracuda

If you are using Webex, patch it.




> These vulnerabilities affect the following versions of the Cisco Webex Network Recording Player for 
> Microsoft Windows and the Cisco Webex Player for Microsoft Windows:  
> 
> 
> •  Cisco Webex Business Suite sites — All Webex Network Recording Player and Webex Player 
> versions prior to Version WBS39.2.205 
> 
> •  Cisco Webex Meetings Online — All Webex Network Recording Player and Webex Player 
> versions prior to Version 1.3.42 
> ...

----------


## OhOh

If you are using Gmail this may be of interest;

*Google Parses Your Gmail For Financial Transactions*


_"Recently I came across this story  by Todd Haselton that describes how the author located an obscure “purchases” page  in his Google account settings and there found a methodical list of his  online purchasing history, from third-party outside vendors, going back  to 2o12. _ _

The upshot of the story was that:__Google saves years of information on purchases you’ve made, even outside Google, and pulls this information from Gmail._
_It’s complicated to delete this private information, and options to turn it off are hidden in privacy settings.__Google says it doesn’t use this information to sell you ads._
 _This can’t be true (can it?)
_
_The more I thought about this the more I thought “this can’t be true”. I apologize for doubting Haselton, but I thought he had to  have it wrong, that maybe he had a stored credit card in his browser  that he had forgotten or something, because the ramifications if true,  are dire.
_
_First, it means that in order to isolate and parse purchases, Google must then be scanning every email, otherwise, how would they know what’s a purchase and what isn’t?
_
_Further, if they were scanning every email for purchases, what else where  they scanning for? Either now, or in the future? The important  mechanism, the infrastructure and methodology to scan and parse every  inbound email is clearly in place and operational now, adding additional  criterion is just a matter of tweaking the parameters.
_
_Then, there is the matter that Google is doing this without informing  their users. We can probably wager that there is buried down the rabbit  hole of the ToS some clause that alludes to the possibility that Google  reserves the right from time to time (including all the time) to do  something or another with your email that may or may not involve machine  reading it and dissecting it for your behavioural patterns; none of us  have ever read it.

_More importantly, it didn’t require an explicit opt-in to fire it up."

Continues here;


https://www.zerohedge.com/news/2019-...l-transactions

----------


## harrybarracuda

Have you only just worked out that cloud based mail services have full access to anything that you don't encrypt?

----------


## OhOh

> cloud based mail services


Never knowingly used one.

----------


## harrybarracuda

> Never knowingly used one.


You registered to Teakdoor with a real email account?

Oh dear.

Or should I say OhOh dear.

----------


## OhOh

> You registered to Teakdoor witha real email account?


Yea a "real email account".  :Smile:  

How many "real email accounts" have you had in the past 20 years?

----------


## baldrick

> Yea a "real email account".


TwistingHarrysTitties@gmail.com ?

----------


## harrybarracuda

> TwistingHarrysTitties@gmail.com ?


hohodoesntknowwhatacloudemailaccountis@hotmail.com

----------


## baldrick

er  ...aol.com

----------


## harrybarracuda

> er  ...aol.com


He definitely qualifies as an AOL.

 :Smile:

----------


## harrybarracuda

Patch! Patch! Patch!




> Two critical vulnerabilities in Microsoft's NTLM authentication protocol consisting of three logical flaws make it possible for attackers to run remote code and authenticate on machines running any Windows version.
> 
> Following Preempt’s responsible disclosure of the vulnerabilities found in NTLM, Microsoft has issued security advisories and patches for the CVE-2019-1040 Windows NTLM Tampering Vulnerability and the CVE-2019-1019 Microsoft Windows Security Feature Bypass Vulnerability as part of the Patch Tuesday updates published today.


https://www.bleepingcomputer.com/new...o-rce-attacks/

----------


## harrybarracuda

Never give your phone to a chinky copper...

https://medium.com/@fs0c131y/mfsocke...l-58e8850c3de4

----------


## harrybarracuda

*New MacOS Malware Discovered*A wave of new MacOS malware over the past month includes a zero-day exploit and other attack code.


A wave of malware targeting MacOS over the past month has raised the profile of the operating system once advertised as much safer than Windows. The newest attack code for the Mac includes three pieces of malware found in June — a zero-day exploit, a package that includes sophisticated anti-detection and obfuscation routines, and a family of malware that uses the Safari browser as an attack surface.

The zero-day exploit, dubbed OSX/Linker by researchers at Intego who discovered it, takes advantage of a vulnerability in MacOS Gatekeeper — the MacOS function that enforces code-signing and has the ability to limit program execution to properly sign code from trusted publishers.

The MacOS X GateKeeper Bypass vuln used in OSX/Linker was first discovered in February 2019 by independent researcher Filippo Cavallarin, who says that he notified Apple of the finding. After a 90-day disclosure deadline passed, Cavallarin publicly disclosed the vulnerability on May 24.

https://www.darkreading.com/attacks-breaches/new-macos-malware-discovered-/d/d-id/1335135

----------


## harrybarracuda

If you want to block chinky, russky and mad mullah spies, you can use these links to add the appropriate rules in your firewall:

https://lite.ip2location.com/china-ip-address-ranges

https://lite.ip2location.com/russian...address-ranges

https://lite.ip2location.com/iran-is...address-ranges

I would add North Korea but they do all their shit remotely.

----------


## Klondyke

^If it is so easy, so why the US election gone so wrong?

----------


## harrybarracuda

Fucking chinkies, at it again.





> As many as 25 million Android phones have been hit with malware that replaces installed apps like WhatsApp with evil versions that serve up adverts, cybersecurity researchers warned Wednesday.
> 
> 
> Dubbed Agent Smith, the malware abuses previously-known weaknesses in the Android operating system, making updating to the latest, patched version of Google's operating system a priority, Israeli security company Check Point said.
> 
> Most victims are based in India, where as many as 15 million were infected. But there are more than 300,000 in the U.S., with another 137,000 in the U.K., making this one of the more severe threats to have hit Google's operating system in recent memory.
> 
> The malware has spread via a third party app store 9apps.com, which is owned by China’s Alibaba, rather than the official Google Play store. Typically, such non-Google Play attacks focus on developing countries, making the hackers' success in the U.S. and the U.K. more remarkable, Check Point said.
> 
> ...

----------


## OhOh

No gogle gaps or responses to be found by an ameristani regime publisher, how quaint

----------


## harrybarracuda

> No gogle gaps or responses to be found by an ameristani regime publisher, how quaint


No American would do it you dumb shit.  They can be sued.

Try that in Chinastan and hey presto! you're in a re-education camp or disappeared.

Jaysus you're thick.

----------


## baldrick

if you are using any of the following extensions in your browser - uninstall them - all or your PMs is belong to the borg

do not install extensions until you have seen them reviewed by trusted 3rd parties




> *Fairshare Unlock*, a Chrome extension for accessing  premium content for free. (A Firefox version of the extension, available  here, collects the same browsing data.)available from Mozillas add-ons store.   
> *SpeakIt!*, a text-to-speech extension for Chrome.
> *Hover Zoom,* a Chrome extension for enlarging images.
> *PanelMeasurement,* a Chrome extension for finding market research surveys
> *Super Zoom,* another image extension for both Chrome and Firefox. Google and Mozilla removed Super Zoom from their add-ons stores in February or March, after Jadali reported its data collection behavior. Even after that removal, the extension continued to collect browsing behavior on the researchers lab computer weeks later.
> *SaveFrom.net Helper* a Firefox extension that promises to make Internet downloading easier. Jadali observed the data collection only in an extension version downloaded from the developer. He did not observe the behavior in the version that was previously 
> *Branded Surveys,* which offers chances to receive cash and other prizes in return for completing online surveys.
> *Panel Community Surveys,* another app that offers rewards for answering online surveys.



http://arstechnica.com/information-t...and-4m-people/

----------


## harrybarracuda

So the old Russkies are after Tor as well.... no surprise really.




> *SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB) has been hacked, attackers stole data about internal projects.*
> 
> Attackers have hacked SyTech, a contractor for the Federal Security Service of the Russian Federation (FSB), and exfiltrated data about internal projects.
> 
> According to the Russian media, SyTech has been working with FSB since 2009, in particular, they contributed to several projects for FSB unit 71330 and for fellow contractor Quantum. The company earned 40 million rubles ($635,000) from public contracts in 2018. The latest project is the development of Nalog-3 for the Main Scientific Innovation Implementation Center.
> 
> According to the data received, the majority of non-public projects of Sytech were commissioned by military unit No. 71330, which allegedly is part of the 16th directorate of the FSB of Russia. states the website CrimeRussia.This unit is engaged in electronic intelligence, experts form the International Center for Defense and Security in Tallinn believe.
> 
> Some of the research projects accessed by the hackers were for Russias intelligence service, including one for deanonymizing Tor traffic.
> ...

----------


## OhOh

*Huawei Earns Highly Coveted “Recommended” Rating in NSS Labs 2019 NGFW Group Test*


_"[Shenzhen, China, July 18, 2019] Huawei announced today that it has  earned NSS Labs' highly coveted "Recommended" rating in the latest  Next-Generation Firewall (NGFW) group test. In this year’s test, 12  products from industry-leading vendors were tested. Only the top  technical products earned a “Recommended” rating from NSS Labs. 

 Achieving this rating validates Huawei's best-in-class firewalls deliver  high security effectiveness at a low total cost of ownership (TCO).

NSS Labs is recognized globally as the most trusted source for  independent, fact-based cybersecurity guidance. NSS Labs' NGFW group  test comprehensively measures and compares security effectiveness,  performance, stability and reliability, and TCO among NGFWs from a  variety of security vendors.

In this year's NGFW group test, NSS Labs  used its state-of-the-art attacks and evasions to evaluate the  capability of products to defend against the latest threats on the live  networks. 

The Huawei USG6620E NGFW demonstrated a 99.36% live exploit  block rate with 94.2% overall security effectiveness as well as  comprehensive "SSL/TLS functionality", passing 100% of the  interoperability tests. 

Huawei's NGFW stood out with outstanding  cost-performance, having a low Total Cost of Ownership._ 




2019 Next Generation Firewall (NGFW) Security Value Map (SVM) from NSS Labs

_The NGFW is the first line of defense against today’s threats and is  also a critical component of any defense-in-depth strategy. The NGFW  market is one of the largest and most mature markets in the  cybersecurity industry. IDC Forecast Report estimate that [1],  the NGFW market is estimated to grow from US$15.8 billion in 2018 to  US$23.8 billion by 2023 at a compound annual growth rate (CAGR) of 8.52%[2].
_
_“In the NSS Labs 2019 NGFW Group test, the Huawei HiSecEngine  USG6000E NGFW demonstrated strong protection at a low total cost of  ownership.  We commend Huawei for achieving a ‘Recommended’ rating for  the HiSecEngine USG6000E NGFW,” said Vikram Phatak, Founder of NSS Labs.  “As an NSS Labs ‘Recommended’ product, the HiSecEngine USG6000E NGFW  should be considered by companies looking to deploy an NGFW.”  
_
_Huawei HiSecEngine USG series NGFWs are Huawei's core security engine  products that provide comprehensive, efficient, and integrated security  for cloud service providers, large data centers, midsize and large  enterprises, and chain organizations. In addition to basic NGFW  capabilities, Huawei HiSecEngine USG series NGFWs can interwork with  other security devices to proactively defend against network threats,  enhance border detection capabilities, and effectively defend against  advanced threats. Denzel Song, President of Huawei Security Product  Domain said, "Earning the 'Recommended' rating from NSS Labs proves that  Huawei's NGFW is among best products in the industry. 

Strictly  evaluated by the independent third party, Huawei NGFW products instill  confidence. This is the result of more than ten years of unremitting  effort by Huawei in the security field. We will continue our efforts to  bring better products and greater benefits to our customers."

To read the Analysis Report of Huawei HiSecEngine USG6000E Series  Firewall Earning Recommended Rating from NSS Labs, please see the link:__ Download_

https://www.huawei.com/en/press-even...gfw-group-test


https://www.nsslabs.com/news/2019/7/...p-test-results

----------


## harrybarracuda

_"Huawei NGFW products instill confidence"_


said Huawei.

 :rofl:

----------


## OhOh

> said Huawei.


It appears that the ameristani NSS Labs  testing company, had no qualms about it's recommendation of fit for purpose/value for money

Or did the company receive an 'incentive" from Asia? 

It does seem many of their countrymen are easily persuaded by the quick fix of green folding paper

----------


## harrybarracuda

The chinkies probably just gave them a modified unit with the backdoors removed.

----------


## harrybarracuda

Looks like common sense prevailed in the trial of Marcus Hutchins.

Although it was pretty fucking dumb of the US to prosecute him in the first place.




> *Security Researcher Who Stopped WannaCry Avoids Jail Time*The 25-year-old Marcus Hutchins was sentenced to one year of supervised release for his past involvement in creating a separate malware strain known as Kronos. In 2017, Hutchins famously activated a kill switch to the WannaCry ransomware attack.
> 
> The researcher who helped stop the WannaCry ransomware outbreak will avoid jail time for his past involvement in creating a separate malware strain known as Kronos.
> 
> On Friday, a US federal court in Wisconsin sentenced the 25-year-old Marcus Hutchins to one year of supervised release, according to TechCrunch.
> 
> 
> "Sentenced to time served!" Hutchins tweeted after the ruling. "Incredibly thankful for the understanding and leniency of the judge."
> 
> ...

----------


## harrybarracuda

Comprehensive testing of 21 free Android antivirus apps revealed big security vulnerabilities and privacy concerns; especially for AEGISLAB, BullGuard, dfndr and VIPRE.

A slew of popular free Android antivirus apps in recent testing proved to have security holes and privacy issues  including a critical vulnerability that exposes users address books, and another serious flaw that enables attackers to turn off antivirus protection entirely.

According to an analysis from Comparitech of 21 Android antivirus vendors, three of the apps tested (from VIPRE Mobile, AEGISLAB and BullGuard) had serious security flaws, and seven apps couldnt detect a test virus. In total, 47 percent of the vendors tested failed in some way.

VIPREs popular app was found to have two insecure direct object reference (IDOR) bugs, including a critical flaw that put premium users with address book sync enabled at risk of having their contacts stolen, including full names, photos, addresses and notes with sensitive personal information.

Using the online dashboard, we discovered it was possible for attackers to access the address books of VIPRE Mobile users with cloud sync enabled, Comparitech researchers said in a blog posting on Thursday. Based on our proof-of-concept and the popularity of the app, we estimate over a million contacts were sitting on the web unsecured.

The flaw was caused by broken or poorly implemented access control, which manifests as an IDOR vulnerability in VIPRE Mobiles backend.

The script responsible only checked to make sure the attacker was logged in, researchers said. No further checking was done to ensure the request was being performed by the proper device or account.

The other serious flaw opened the door to an attacker sending fake antivirus alerts.

Generating fraudulent alerts and sending them to unsuspecting users was trivial, researchers said. We found we could edit fields in the alert request to make it say whatever we wanted. We were able to push fake alerts by capturing the request generated when a virus is found, then manipulating the request to change the user ID and other parameters. The result is an entirely real looking virus alert displayed on the victims VIPRE Mobile dashboard.

BullGuards app meanwhile also contained a serious IDOR flaw, which meant that all users were vulnerable to an attacker remotely disabling their antivirus protection. Also, the app had a serious cross-site scripting issue (XSS) that would allow attackers to insert malicious code because of a vulnerable

The IDOR vulnerability would allow an attacker to iterate through customer IDs and disable BullGuard on every device.

We were able to intercept and alter the request to disable BullGuard Mobile antivirus, the researchers wrote. Our testing found the request generated when a user shuts off antivirus protection can be captured and altered. By changing the user ID in this request, antivirus protection on any device can be disabled. Access control did not appear to be in place to ensure the correct user was making the request.

In addition, Comparitech found that one of the scripts responsible for processing new users on the BullGuard website is vulnerable to XSS.

The script in question doesnt sanitize any parameters passed to it, which enables an attacker to run malicious code, they explained.

Attackers could exploit this to display an alert on the page, hijack sessions, harvest personal data or use the website as a platform for phishing campaigns.

And finally, users of the AEGISLAB web dashboard were also at risk from a serious XSS flaw that would open the door to attackers inserting malicious code, because the firm didnt lock down the apps dashboard.

We found several XSS flaws affecting one script running on the my2.aegislab.com domain, according to the analysis. Because none of the parameters passed to the script were sanitized, it would have been trivial for an attacker to execute malicious code.

All three vendors have updated their apps to address the vulnerabilities, according to Comparitech.
*
Virus Detection and Privacy*

In addition to the security issues, many apps were found to fall down on the job when it came to basic detection. AEGISLAB Antivirus Free; Antiy AVL Pro Antivirus & Security; Brainiacs Antivirus System; Fotoable Super Cleaner; MalwareFox Anti-Malware; NQ Mobile Security & Antivirus Free; Tap Technology Antivirus Mobile; and Zemana Antivirus & Security failed to detect a test virus.

The Metasploit payload we used attempts to open a reverse shell on the device without obfuscation, explained the researchers, in a posting on Thursday. It was built for exactly this sort of testing. Every Android antivirus app should be able to detect and stop the attempt.

On the privacy front, many of the free apps display targeted ads. So, the researchers also used information from the Exodus mobile privacy database to look for dangerous permissions and advertising trackers.

In our analysis, dfndr security was far and away the worst offender, the firm said. The sheer number of advertising trackers bundled with the app is impressive. As far as we can tell, dfndr puts users search and browser habits up for sale on every ad exchange there is.

dfndr also requests permission to access fine location data, access the camera, read and write contacts, look through the address book, and grab the IMEI (unique ID) and phone number of the device, according to the analysis.
The vendor did not immediately return a request for comment.

The issues found are a testament to the fact that mobile malware is still not a high-volume threat, the researchers said.

In 2018, Kaspersky Labs reported it blocked 116.5 million virus and malware infections on Android and iOS devices; that sounds like a huge amount but, according to their numbers, only 10 percent of users in the U.S., 5 percent in Canada, and 6 percent in the U.K. needed to be protected from a mobile threat last year, explained the analysts. So vendors focus on adding features to differentiate themselves, sometimes instead of improving their codebase. And they clearly dont always do a great job. Every vulnerability we found was with a system incidental to the actual virus scanning.

https://threatpost.com/critical-bug-android-antivirus/146927/

----------


## OhOh

> In 2018, Kaspersky Labs reported it blocked 116.5 million virus and malware infections on Android and iOS devices


Are we to assume that *Kaspersky Labs*, as they are quoted above in a helpful way, that their free or purchased, Android, PC and network products, are thus regarded as "safe"?

If not what are the recommendations of our TD security experts, for free and purchased products?

----------


## harrybarracuda

Microsoft Defender (Free)
Microsoft Defender ATP (extremely not free)

You can't trust that Kaspersky shit, they're bound to be sending all of your personal stuff to Vlad.

----------


## harrybarracuda

*AT&T employees took bribes to plant malware on the company's network
*
DOJ charges Pakistani man with bribing AT&T employees more than $1 million to install malware on the company's network, unlock more than 2 million devices.

By Catalin Cimpanu for Zero Day | August 6, 2019 -- 14:02 GMT (15:02 BST) | Topic: Security

AT&T employees took bribes to unlock millions of smartphones, and to install malware and unauthorized hardware on the company's network, the Department of Justice said yesterday.

These details come from a DOJ case opened against Muhammad Fahd, a 34-year-old man from Pakistan, and his co-conspirator, Ghulam Jiwani, believed to be deceased.

The DOJ charged the two with paying more than $1 million in bribes to several AT&T employees at the company's Mobility Customer Care call center in Bothell, Washington.

The bribery scheme lasted from at least April 2012 until September 2017. Initially, the two Pakistani men bribed AT&T employees to unlock expensive iPhones so they could be used outside AT&T's network.

The two recruited AT&T employees by approaching them in private via telephone or Facebook messages. Employees who agreed, received lists of IMEI phone codes which they had to unlock for sums of money.

Employees would then receive bribes in their bank accounts, in shell companies they created, or as cash, from the two Pakistani men.

This initial stage of the scheme lasted for about a year, until April 2013, when several employees left or were fired by AT&T.

That's when Fahd changed tactics and bribed AT&T employees to install malware on AT&T's network at the Bothell call center. Between April and October 2013, this initial malware collected data on how AT&T infrastructure worked.

According to court documents unsealed yesterday, this malware appears to be a keylogger, having the ability "to gather confidential and proprietary information regarding the structure and functioning of AT&T's internal protected computers and applications.

The DOJ said Fahd and his co-conspirator then created a second malware strain that leveraged the information acquired through the first. This second malware used AT&T employee credentials to perform automated actions on AT&T's internal application to unlock phone's at Fahd's behest, without needing to interact with AT&T employees every time.

In November 2014, as Fahd began having problems controlling this malware, the DOJ said he also bribed AT&T employees to install rogue wireless access points inside AT&T's Bothell call center. These devices helped Fahd with gaining access to AT&T internal apps and network, and continue the rogue phone unlocking scheme.

The DOJ claims Fahd and Jiwani paid more than $1 million in bribes to AT&T employees, and successfully unlocked more than two million devices, most of which were expensive iPhones. One AT&T employee received more than $428,500 in bribes over a five year period, investigators said.

The DOJ said the two operated three companies named Endless Trading FZE, Endless Connections Inc., and iDevelopment. The DOJ didn't say if Fahd and Jiwani were unlocking stolen devices, or running a unauthorized phone unlocking website. For some email communications, Fahd used the unlockoutlt@ymail.com address, suggesting the latter scenario.

Fahd was arrested in Hong Kong in February 2018, and extradited to the US on August 2, last week. He now faces a litany of charges that may send him behind bars for up to 20 years.

AT&T estimated it lost revenue of more than $5 million/year from Fahd's phone unlocking scheme.

"We have been working closely with law enforcement since this scheme was uncovered to bring these criminals to justice and are pleased with these developments," an AT&T spokesperson told ZDNet. The company said this incident did not involve access to customers' personal data.

https://www.zdnet.com/article/at-t-e...panys-network/

----------


## Klondyke

Damned Chinks...

----------


## harrybarracuda

FFS...





> Ukrainian authorities are investigating a potential security breach at a local nuclear power plant after employees connected parts of its internal network to the internet so they could mine cryptocurrency.
> The investigation is being led by the Ukrainian Secret Service (SBU), who is looking at the incident as a potential breach of state secrets due to the classification of nuclear power plants as critical infrastructure.
> Investigators are examining if attackers might have used the mining rigs as a pivot point to enter the nuclear power plant's network and retrieve information from its systems, such as data about the plant's physical defenses and protections.
> 
> https://www.zdnet.com/article/employees-connect-nuclear-plant-to-the-internet-so-they-can-mine-cryptocurrency/

----------


## Latindancer

I love these juxtapositions :

*Russian launches floating nuclear reactor across Arctic*

https://www.bangkokpost.com/world/17...62iCw#cxrecs_s

----------


## harrybarracuda

> I love these juxtapositions :
> 
> *Russian launches floating nuclear reactor across Arctic*
> 
> https://www.bangkokpost.com/world/17...62iCw#cxrecs_s


Nothing to do with this thread and it's already been posted elsewhere.

https://teakdoor.com/world-news/19303...or-across.html

----------


## harrybarracuda

If you use Bitdefender Antivirus Free 2020, make sure you update it ASAP (and apply all Windows updates).

https://www.bitdefender.com/support/...rus-free-2020/

----------


## harrybarracuda

*Google Uncovers Massive iPhone Attack Campaign*

A group of hacked websites has been silently compromising fully patched iPhones for at least two years, Project Zero reports.

For at least two years, a small collection of hacked websites has been attacking iPhones in a massive campaign affecting thousands of devices, researchers with Google Project Zero report.

These sites quietly infiltrated iPhones through indiscriminate "watering hole" attacks using previously unknown vulnerabilities, Project Zero's Ian Beer reports in a disclosure published late Thursday. He estimates affected websites receive thousands of weekly visitors, underscoring the severity of a campaign that upsets long-held views on the security of Apple products.

"There was no target discrimination; simply visiting the hacked website was enough for the exploit server to attack your device, and if it was successful, install a monitoring plant," Beer explains.

Google's Threat Analysis Group (TAG) found five exploit chains covering nearly every operating system release from iOS 10 to the latest version of iOS 12. These chains connected security flaws so attackers could bypass several layers of protection. In total, they exploited 14 vulnerabilities: seven affecting the Safari browser, five for the kernel, and two sandbox escapes.

When unsuspecting victims accessed these malicious websites, which had been live since 2017, the site would evaluate the device. If the iPhone was vulnerable, it would load monitoring malware. This was primarily used to steal files and upload users' live location data, Beer writes.

The malware granted access to all of a victims' database files used by apps like WhatsApp, Telegram, and iMessage so attackers could view plaintext messages sent and received. Beer demonstrates how attackers could upload private files, copy a victim's contacts, steal photos, and track real-time location every minute. The implant also uploads the device keychain containing credentials and certificates, as well as tokens used by services like single sign-on, which people use to access several accounts.

There is no visual indicator to tell victims the implant is running, Beer points out, and the malware requests commands from a command-and-control server every 60 seconds.

"The implant has access to almost all of the personal information available on the device, which it is able to upload, unencrypted, to the attacker's server," he says. It does not persist on the device; if the iPhone is rebooted the implant won't run unless the device is re-exploited. Still, given the amount of data they have, the attacker may remain persistent without the malware.

Google initially discovered this campaign in February and reported it to Apple, giving the iPhone maker one week to fix the problem. Apple patched it in iOS 12.1.4, released on February 7, 2019.

iPhones, MacBooks, and other Apple devices are widely considered safer than their competitors. Popular belief also holds that expensive zero-day attacks are reserved for specific, high-value victims. Google's discovery dispels both of these assumptions: This attack group demonstrated how zero-days can be used to wreak havoc by hacking a larger population.

https://www.darkreading.com/endpoint...d/d-id/1335699

----------


## harrybarracuda

Researchers say an attacker could send a rogue over-the-air provisioning message to susceptible phones and route all internet traffic through a hacker-controlled proxy.

Over half of all Android handsets are susceptible to a clever over-the-air SMS phishing attack that could allow an adversary to route all internet traffic through a rogue proxy, as well as hijack features such as a handset’s homepage, mail server and directory servers for synchronizing contacts and calendars.
Researchers at Check Point said Samsung, Huawei, LG and Sony handsets are “susceptible” to the phishing ploy.





> Researchers said, assuming that at least some of the recipients are gullible enough to accept a CP without challenging its authenticity, the OMA CP message allows the modification of the following settings over-the-air:
> 
> MMS message serverProxy addressBrowser homepage and bookmarksMail serverDirectory servers for synchronizing contacts and calendar


https://threatpost.com/half-of-andro...attack/147988/

----------


## Klondyke

*Huawei accuses US of trying to hack its systems, recruit spies & intimidate employees

*The US has used “unscrupulous means” to attack Huawei’s business in recent months – trying to hack its servers and turn employees into spies using extortion, legal threats and coercion, the Chinese telecom giant has claimed.

Washington “has been using every tool at its disposal – including both judicial and administrative powers, as well as a host of other unscrupulous means – to disrupt the normal business operations of Huawei and its partners,” the company said in a statement released on Tuesday, adding that the US had been “leveraging its political and diplomatic influence to lobby other governments to ban Huawei equipment” as well.

Jealous of Huawei’s number-two position in the world smartphone market, the US government has used law enforcement to threaten, coerce, and entice current and former employees to become spies for Washington, impersonated Huawei employees for entrapment purposes, launching cyberattacks against company systems, and “obstruct[ed] normal business activities,” Huawei declared, accusing the US of interfering with shipments, denying visas, and otherwise waging lawfare against the company.

Washington has even conspired with Huawei clients and competitors to try to get the company blackballed in the industry, the company added.

The statement came in response to last week’s claim by the Wall Street Journal that the US Department of Justice was investigating Huawei for stealing a patented smartphone camera design.

Patent-holder Rui Pedro Oliveira, Huawei claimed, had threatened the Chinese company with media exposure and pressure exerted through “political channels” if it did not pay “an extortionate amount of money” – even though his design bears little resemblance to Huawei’s own. Accusing Oliveira of “taking advantage of the current geopolitical situation,” Huawei also slammed the media for “encouraging” such mendacious behavior.

The allegations may seem like a ‘man-bites-dog’ story to media that have uncritically parroted US allegations that China is the one using Huawei’s ubiquitous telecom infrastructure to spy on other countries and stealing their tech, but Huawei has always maintained it is innocent of the charges of spying leveled against it by the US, and no proof of any spying has emerged.

“The fact remains that none of Huawei’s core technology has been the subject of any criminal case brought against the company, and none of the accusations levied by the US government have been supported with sufficient evidence,” the statement continued, concluding that “no company becomes a global leader in their field through theft.”

https://www.rt.com/news/468058-huawe...g-intimidation

----------


## harrybarracuda

For those of you that do things like check facts, Wiki is under a significant DDOS attack.




> Wikipedia has stopped working for some users in the UK and Europe, and a number of places in the Middle East.
> The online encyclopaedia failed to load on desktops, tablets and mobile phones. 
> Outages were reported shortly before 7pm, BST, according to the downdetector.com , which monitors websites. 
> 
> The UK was heavily affected, but there were reports of the site being down in a number of other European countries, including Poland, France, Germany and Italy.     
> No one was immediately available for comment at the Wikimedia Foundation, which manages the site.

----------


## harrybarracuda

Couple of things to try before you use the hotel safe....

----------


## harrybarracuda

....And....

----------


## harrybarracuda

I would imagine the more responsible vendors will have updates soon, so check. Full list of devices at the bottom of this post.




> *125 New Flaws Found in Routers and NAS Devices from Popular Brands*
> The world of connected consumer electronics, IoT, and smart devices is growing faster than ever with tens of billions of connected devices streaming and sharing data wirelessly over the Internet, but how secure is it?
> 
> As we connect everything from coffee maker to front-door locks and cars to the Internet, we're creating more potential—and possibly more dangerous—ways for hackers to wreak havoc.
> 
> Believe me, there are over 100 ways a hacker can ruin your life just by compromising your wireless router—a device that controls the traffic between your local network and the Internet, threatening the security and privacy of a wide range of wireless devices, from computers and phones to IP Cameras, smart TVs and connected appliances.
> 
> 
> In its latest study titled "SOHOpelessly Broken 2.0," Independent Security Evaluators (ISE) discovered a total of 125 different security vulnerabilities across 13 small office/home office (SOHO) routers and Network Attached Storage (NAS) devices, likely affecting millions.
> ...




*Devices in SOHOpelessly Broken 2.0*Device
Firmware Version

Buffalo TeraStation TS5600D1206*
3.61-0.08

Synology DS218j
6.1.5

TerraMaster F2-420
3.1.03

Zyxel NSA325 v2*
4.81

Drobo 5N2
4.0.5-13.28.96115

Asustor AS-602T*
3.1.1

Seagate STCR3000101
4.3.15.1

QNAP TS-870*
4.3.4.0486

Lenovo ix4-300d*
4.1.402.34662

ASUS RT-AC3200
3.0.0.4.382.50010

Netgear Nighthawk R9000
1.0.3.10

TOTOLINK A3002RU
1.0.8

Xiaomi Mi Router 3
2.22.15

----------


## harrybarracuda

If you have any of these D-Link routers connected to the Internet, throw them in the bin and buy a new one.




> Fortinet's FortiGuard Labs discovered and reported an unauthenticated command injection vulnerability (FGVD-19-117 / CVE-2019-16920) in D-Link products that could lead to remote code execution without authentication. The cybersecurity specialists therefore considers this problem as critical.
> 
> "The main cause of the vulnerability is the lack of verification of the integrity of arbitrary commands executed by the execution of native system commands, which is a typical security pit for many firmware manufacturers" Fortinet explains. blog.
> 
> The vulnerability has been detected in the latest firmware of the following D-Link routers: DIR-655, DIR-866L, DIR-652, and DHP-1565. These equipments arrived at the end of their life. D-Link, which was notified of the problem on September 22nd (and confirmed the vulnerability the next day) will not make any bug fixes. That's why Fortinet believes that it is essential for users of these devices to immediately turn to a new product.
> 
> https://www.freetechways.xyz/2019/10/dlink-router-remote-execution.html

----------


## OhOh

No mention of Chinese made ZTE Internet/WIFI boxes?

----------


## harrybarracuda

> No mention of Chinese made ZTE Internet/WIFI boxes?


Why would you be dumb enough to buy that shit?

----------


## OhOh

It was part of the AIS package, very responsive to all my queries and faultless performance of the equipment's features/requirements.

What's not to like, a sticker on the bottom with "Made in China" printed on it? Try determining a coffee machine's provenance in the largest ameristani supermarket.

----------


## harrybarracuda

> It was part of the AIS package, very responsive to all my queries and faultless performance of the equipment's features/requirements.
> 
> What's not to like, a sticker on the bottom with "Made in China" printed on it? Try determining a coffee machine's provenance in the largest ameristani supermarket.


Well I suppose in your case you are happy to send everything to Chinastan.

----------


## OhOh

> you are happy


Like a pig in shit. 

However after spending a few weeks at an Issan farm where they were raising pigs, I would question it's value as a sign of contentment.




> send everything to Chinastan


If it doubles the grams/post rate, what's not to like.

----------


## harrybarracuda

> Like a pig in shit. 
> 
> However after spending a few weeks at an Issan farm where they were raising pigs, I would question it's value as a sign of contentment.
> 
> 
> 
> If it doubles the grams/post rate, what's not to like.

----------


## harrybarracuda

_"Its to be noted that you need to be an administrator in order to make the changes."
_
It's also to be noted that you should go back to a standard user profile when you are playing on the interwebsnet.





> Microsoft has officially announced the general availability of a new Tamper Protection feature for its Windows Defender Antivirus service.
> 
> The security feature is essentially meant to thwart any attempts made by cybercriminals to break the real-time anti-malware defenses incorporated in Windows.
> 
> In other words, tamper protection safeguards against malicious and unauthorized changes to security features, ensuring that endpoint security doesnt go down.
> 
> The setting, _which will be on by default for home users_, can be accessed as follows:
> 
> 
> ...

----------


## harrybarracuda

Oh Vlad.... your Iranian brothers will not be pleased.




> *Russian hackers cloak attacks using Iranian group*
> 
> 
> An Iranian hacking group was itself hacked by a Russian group to spy on multiple countries, UK and US intelligence agencies have revealed.
> 
> The Iranian group - codenamed OilRig - had its operations compromised by a Russian-based group known as Turla.
> 
> The Russians piggybacked on the Iranian group to target other victims.
> 
> ...

----------


## harrybarracuda

*New Google Chrome Security Alert: Update Your Browsers As ‘High Severity’ Zero-Day Exploit Confirmed

https://www.forbes.com/sites/daveywinder/2019/11/01/new-google-chrome-security-alert-update-your-browsers-as-high-severity-zero-day-exploit-confirmed/#4784246470b3*

----------


## harrybarracuda

Is anyone still using routers this old?




> The new Gafgyt variant, detected in September, is a competitor of the JenX botnet. JenX also leverages remote code execution exploits to access and recruit botnets to attack gaming servers, especially those running the Valve Source engine, and launch a denial-of-service (DoS) attack. This Gafgyt variant targets vulnerabilities in three wireless router models, two of which it has in common with JenX. The two share CVE-2017-17215 (in _Huawei HG532_) and CVE-2014-8361 (in _Realtek's RTL81XX chipset_). CVE-2017-18368 (in _Zyxel P660HN-T1A_) is a new addition to Gafgyt.

----------


## Neverna

> Is anyone still using routers this old?


Butterfluff?

----------


## harrybarracuda

> Butterfluff?


Yeah probably.

 :rofl:

----------


## harrybarracuda

If you're driving in the US, remember: CASH IS KING!




> Payments processor VISA says North American merchants who operate gas stations and gas pumps are facing a rash of attacks from cybercrime groups wanting to deploy point-of-sale (POS) malware on their networks.
> 
> https://www.zdnet.com/article/visa-w...north-america/

----------


## harrybarracuda

Some TP-Link Archer routers have major vulnerability - patched firmware at the link below.




> TP-Link patched a critical vulnerability impacting some of its Archer routers that could allow potential attackers to void their admin passwords and remotely take control of the devices over LAN via a Telnet connection.
> 
> "If exploited, this router vulnerability can allow a remote attacker to take control of the routers configuration via Telnet on the local area network (LAN) and connect to a File Transfer Protocol (FTP) server through the LAN or wide area network (WAN)," found IBM X-Force Red's Grzegorz Wypych.
> 
> To exploit this security flaw, attackers have to send an HTTP request containing a character string longer than the allowed number of bytes, with the result being that the user password is completely voided and replaced with an empty value.
> 
> This works despite built-in validation because it only checks the referrers HTTP headers, allowing the attacker to trick the routers httpd service to recognize the request as valid by using the hardcoded tplinkwifi.net value.
> 
> Since the only type of users on these routers is admin with full root permissions, once the threat actors bypass the authentication process, they would automatically get admin privileges on the router.
> ...

----------


## Latindancer

*It Seemed Like a Popular Chat App. It's Secretly a Spy Tool.*

Mark Mazzetti, Nicole Perlroth and Ronen Bergman


December 23, 2019, 10:58 PM GMT+10


WASHINGTON   It is billed as an easy and secure way to chat by video or text  message with friends and family, even in a country that has restricted  popular messaging services like WhatsApp and Skype.
But the  service, ToTok, is actually a spying tool, according to U.S. officials  familiar with a classified intelligence assessment and a New York Times  investigation into the app and its developers. It is used by the  government of the United Arab Emirates to try to track every  conversation, movement, relationship, appointment, sound and image of  those who install it on their phones.

ToTok, introduced only  months ago, was downloaded millions of times from the Apple and Google  app stores by users throughout the Middle East, Europe, Asia, Africa and  North America. While the majority of its users are in the Emirates,  ToTok surged to become one of the most downloaded social apps in the  U.S. last week, according to app rankings and App Annie, a research  firm.

ToTok amounts to the latest escalation in a digital arms  race among wealthy authoritarian governments, interviews with current  and former U.S. foreign officials and a forensic investigation showed.  The governments are pursuing more effective and convenient methods to  spy on foreign adversaries, criminal and terrorist networks, journalists  and critics  efforts that have ensnared people all over the world in  their surveillance nets.
Persian Gulf nations like Saudi Arabia,  the Emirates and Qatar previously turned to private firms  including  Israeli and U.S. contractors  to hack rivals and, increasingly, their  own citizens. The development of ToTok, experts said, showed that the  governments can cut out the intermediary to spy directly on their  targets, who voluntarily, if unwittingly, hand over their information.

A  technical analysis and interviews with computer security experts showed  that the firm behind ToTok, Breej Holding, is most likely a front  company affiliated with DarkMatter, an Abu Dhabi-based cyberintelligence  and hacking firm where Emirati intelligence officials, former National  Security Agency employees and former Israeli military intelligence  operatives work. DarkMatter is under FBI investigation, according to  former employees and law enforcement officials, for possible  cybercrimes. The U.S. intelligence assessment and the technical analysis  also linked ToTok to Pax AI, an Abu Dhabi-based data mining firm that  appears to be tied to DarkMatter.
Pax AIs headquarters operate  from the same Abu Dhabi building as the Emirates signals intelligence  agency, which until recently was where DarkMatter was based.
The  UAE is one of Americas closest allies in the Middle East, seen by the  Trump administration as a bulwark against Iran and a close  counterterrorism partner. Its ruling family promotes the country as an  example of a modern, moderate Arab nation, but it has also been at the  forefront of using surveillance technology to crack down on internal  dissent  including hacking Western journalists, emptying the banking  accounts of critics, and holding human rights activists in prolonged  solitary confinement over Facebook posts.

The government blocks  specific functions of apps like WhatsApp and Skype, a reality that has  made ToTok particularly appealing in the country. Huawei, the Chinese  telecom giant, recently promoted ToTok in advertisements.

Spokesmen  for the CIA and the Emirati government declined to comment. Calls to a  phone number for Breej Holding rang unanswered, and Pax employees did  not respond to emails and messages. An FBI spokeswoman said that while  the FBI does not comment on specific apps, we always want to make sure  to make users aware of the potential risks and vulnerabilities that  these mechanisms can pose.

When The Times initially contacted  Apple and Google representatives with questions about ToToks connection  to the Emirati government, they said they would investigate. On  Thursday, Google removed the app from its Play store after determining  ToTok violated unspecified policies. Apple removed ToTok from its App  Store on Friday and was still researching the app, a spokesman said.  ToTok users who already downloaded the app will still be able to use it  until they remove it from their phones.

It was unclear when U.S.  intelligence services first determined that ToTok was a tool of Emirati  intelligence, but one person familiar with the assessment said that U.S.  officials have warned some allies about its dangers. It is not clear  whether U.S. officials have confronted their counterparts in the Emirati  government about the app. One digital security expert in the Middle  East, speaking on the condition of anonymity to discuss powerful hacking  tools, said that senior Emirati officials told him that ToTok was  indeed an app developed to track its users in the Emirates and beyond.
ToTok  appears to have been relatively easy to develop, according to a  forensic analysis performed for The Times by Patrick Wardle, a former  NSA hacker who works as a private security researcher. It appears to be a  copy of a Chinese messaging app offering free video calls, YeeCall,  slightly customized for English and Arabic audiences.

ToTok is a  cleverly designed tool for mass surveillance, according to the technical  analysis and interviews, in that it functions much like the myriad  other Apple and Android apps that track users location and contacts.
On  the surface, ToTok tracks users location by offering an accurate  weather forecast. It hunts for new contacts any time a user opens the  app, under the pretense that it is helping connect with their friends,  much like how Instagram flags Facebook friends. It has access to users  microphones, cameras, calendar and other phone data. Even its name is an  apparent play on the popular Chinese app TikTok.
Though billed as  fast and secure, ToTok makes no claim of end-to-end encryption, like  WhatsApp, Signal or Skype. The only hint that the app discloses user  data is buried in the privacy policy: We may share your personal data  with group companies.
So instead of paying hackers to gain access  to a targets phone  the going rate is up to $2.5 million for a  hacking tool that can remotely access Android phones, according to  recent price lists  ToTok gave the Emirati government a way to persuade  millions of users to hand over their most personal information for  free.
There is a beauty in this approach, said Wardle, now a  security researcher at Jamf, a software company. You dont need to hack  people to spy on them if you can get people to willingly download this  app to their phone. By uploading contacts, video chats, location, what  more intelligence do you need?
In an intelligence-gathering  operation, Wardle said, ToTok would be Phase 1. Much like the NSAs bulk  metadata collection program  which was quietly shut down this year   ToTok allows intelligence analysts to analyze users calls and contacts  in search of patterns, though its collection is far more invasive. It is  unclear whether ToTok allows the Emiratis to record video or audio  calls of its users.

Each day, billions of people freely forgo  privacy for the convenience of using apps on their phones. The Privacy  Project by the Times Opinion section published an investigation last  week revealing how app makers and third parties track the  minute-by-minute movements of mobile phone users.
Private  companies collected that data for targeted marketing. In ToToks case   according to current and former officials and digital crumbs the  developers left behind  much of the information is funneled to  intelligence analysts working on behalf of the Emirati state.
In  recent months, semiofficial state publications began promoting ToTok as  the free app long sought by Emiratis. This month, users of a messaging  service in the Emirates requiring paid subscriptions, Botim, received an  alert telling users to switch to ToTok  which it called a free, fast  and secure messaging app. Accompanying the message was a link to  install it.
The marketing seems to have paid off.

In  reviews, Emiratis expressed gratitude to ToToks developers for finally  bringing them a free messaging app. Blessings! Your app is the best App  so far that has enable me and my family to stay connected!!! one  wrote. Kudos, another wrote. Finally, an app that works in the UAE!
ToToks  popularity extended beyond the Emirates. According to recent Google  Play rankings, it was among the top 50 free apps in Saudi Arabia,  Britain, India, Sweden and other countries. Some analysts said it was  particularly popular in the Middle East because  at least on the  surface  it was unaffiliated with a large, powerful nation.
Though  the app is a tool for the Emirati government, the exact relationship  between the firms behind it is murky. Pax employees are made up of  European, Asian and Emirati data scientists, and the company is run by  Andrew Jackson, an Irish data scientist who previously worked at  Palantir, a Silicon Valley firm that works with the Pentagon and U.S.  spy agencies.
Its affiliate company, DarkMatter, is in effect an  arm of the Emirati government. Its operations have included hacking  government ministries in Iran, Qatar and Turkey; executives of FIFA, the  world soccer organization; journalists and dissidents.
Last  month, the Emirati government announced that DarkMatter would combine  with two dozen other companies to create a defense conglomerate focused  on repelling cyberattacks.

The FBI is investigating American  employees of DarkMatter for possible cybercrimes, according to people  familiar with the investigation. The inquiry intensified after former  NSA hackers working for the company grew concerned about its activities  and contacted the bureau. Reuters first reported the program they worked  on, Project Raven.

At Pax, data scientists openly brag about  their work on LinkedIn. One who listed his title as data science team  lead said he had created a message intelligence platform that reads  billions of messages to answer four questions: who you are, what you  do, how do you think, and what is your relationship with others.
With the answers to these four questions, we know everything about one person, wrote the data scientist, Jingyan Wang.
Other  Pax employees describe their experience creating tools that can search  government data sets for faces from billions of video feeds and pinpoint  Arabic dialects from transcribed video messages.
None mention an affiliation with ToTok.
This article originally appeared in The New York Times.


© 2019 The New York Times Company




https://www.yahoo.com/news/seemed-po...125738897.html

----------


## fishlocker



----------


## fishlocker

I was thinking about you. Here we go..

----------


## harrybarracuda

*Travelex Knocked Offline by System-Wide Malware Attack*https://threatpost.com/travelex-knoc...attack/151522/

----------


## VocalNeal

Sorry wrong thread ::spin::

----------


## Latindancer

*Microsoft and NSA say a security bug affects millions of Windows 10 computers*Microsoft  has released a security patch for a dangerous vulnerability affecting hundreds of millions of computers running Windows 10.
The vulnerability is found in a decades-old Windows cryptographic component, known as CryptoAPI.  The component has a range of functions, one of which allows developers  to digitally sign their software, proving that the software has not been  tampered with. But the bug may allow attackers to spoof legitimate  software, potentially making it easier to run malicious software — like  ransomware — on a vulnerable computer.
"The  user would have no way of knowing the file was malicious, because the  digital signature would appear to be from a trusted provider," Microsoft  said.

Microsoft and NSA say a security bug affects millions of Windows 10 computers

----------


## harrybarracuda

It's no more critical than all the other critical patches that get released every month.

It's just unusual that the NSA announced it rather than using it to write another exploit.

Which probably means they have others.

----------


## harrybarracuda

Another reason not to use IE.




> Microsoft has published a security advisory today about an Internet Explorer (IE) vulnerability that is currently being exploited in the wild -- a so-called zero-day.
> 
> The company's security advisory (ADV200001) currently only includes workarounds and mitigations that can be applied in order to safeguard vulnerable systems from attacks.
> 
> At the time of writing, there is no patch for this issue. Microsoft said it was working on a fix, to be released at a later date.
> 
> While Microsoft said it was aware that the IE zero-day was being exploited in the wild, the company described these as "limited targeted attacks," suggesting the zero-day was not broadly exploited, but rather that it was part of attacks aimed at a small number of users.
> 
> These limited IE zero-day attacks are believed to be part of a larger hacking campaign, which also involves attacks against Firefox users.
> ...

----------


## harrybarracuda

Clever Android Virus Keeps Coming Back Even After a Full Reset

xHelper is an Android malware infection that has been around for a while, with security vendor Malwarebytes first detecting it in May 2019.
Since then, the majority of Android security apps added xHelper detection, which means that most devices should already be protected against this form of malware.

But as it turns out, cleaning a device is much harder than we think, as xHelper keeps coming back even after a full reset.

How is this possible? Malwabytes says xHelper is not based on pre-installed malware bundled with the firmware, but uses Google Play, which keeps serving the infection after a full device reset or a successful clean with an antivirus.

“Google Play was not infected with malware. However, something within Google PLAY was triggering the re-infection—perhaps something that was sitting in storage. Furthermore, that something could also be using Google PLAY as a smokescreen, falsifying it as the source of malware installation when in reality, it was coming from someplace else,” Malwarebytes explains in a new analysis of the malware.

Disabling Google Play
The security vendor details the case of a customer whose device was infected with xHelper. Following a closer inspection of the files stored on the compromised Android phone, it was discovered that a Trojan dropper was embedded into an APK located in a directory called com.mufc.umbtts.

The worse part is that researchers still don’t know how Google Play is used to trigger the infection.

“Here’s the confusing part: Nowhere on the device does it appear that Trojan.Dropper.xHelper.VRW is installed. It is our belief that it installed, ran, and uninstalled again within seconds to evade detection—all by something triggered from Google Play.  The “how” behind this is still unknown,” the Malwarebytes researchers explain.

To clean the infection, users first need to disable the Google Play store and only then run a device scan with an antivirus. Otherwise, the malware will keep coming back, despite the virus apparently getting removed.

https://news.softpedia.com/news/clever-android-virus-keeps-coming-back-even-after-full-reset-529198.shtml

----------


## harrybarracuda

So the latest advice is to enable DNS-over-HTTPS in your Browser.

Apparently this really pisses off Google, but more importantly it encrypts your DNS requests (i.e. the "site lookup" when you enter a site name) 

It means your DNS requests can't be tampered with by anyone else, or diverted by a compromised router.

Instructions on how to do it in various browsers can be found here (apparently it's already enabled by default for US Firefox users):

How to Enable DNS Over HTTPS in Your Web Browser

If you're using Safari, hard luck, it isn't supported and that's because you wasted your money on overpriced Apple shite.

 :Smile:

----------


## lom

> Apparently this really pisses off Google


Sure it does if you use another DNS provider than google because then they can not link your DNS requests to your recent google search.
They want to see which of the presented google results you did choose to visit.

----------


## harrybarracuda

> Sure it does if you use another DNS provider than google because then they can not link your DNS requests to your recent google search.
> They want to see which of the presented google results you did choose to visit.


And then again big ISPs _et al_ hate Google for putting it in Chrome.

Double the fun if you do it on Firefox.

----------


## TTraveler

"Warning issued for millions of Google Chrome users." 

Time to update!

Still better than Edge.

https://www.forbes.com/sites/gordonkelly/2020/02/27/google-chrome-80-upgrade-zero-day-vulnerability-security-problem-update-chrome-browser/#34b412fe77af

----------


## harrybarracuda

If you have a Netgear Router, check if it's on the list and, if so, update it.




> Netgear this week has pushed out a passel of patches for its home networking gear, covering seven modem-router gateways, one range extender and 40-odd routers, including some Nighthawk models and Orbi mesh routers and satellites. 
> 
> A full list of the affected models is at the end of this story.
> 
> The worst of the flaws lets hackers remotely install malware on the Nighthawk X4S gaming router, model R7800. That could lead to the entire Wi-Fi network and all web traffic that runs through it being compromised. Netgear gives that vulnerability a severity score of 9.4/10, which qualifies as "critical."Almost as bad is a "pre-authentication command injection security vulnerability" on five models, which could also lead to total network takeover. That affects router models R6400v2, R6700, R6700v3, R6900 and  R7900. It gets a "high" severity rating of 8.3/10.
> 
> 
> Right behind that is a "post-authentication command injection security vulnerability." The only difference from the previous flaw is that the attacker apparently has to be logged in somehow. 
> 
> ...

----------


## harrybarracuda

Depending on your version, you might want this patch.

Microsoft patches SMBv3 wormable bug that leaked earlier this week | ZDNet

----------


## harrybarracuda

Well this is a bitch. Unless you have behavioural antivirus, (well, even if you've got it tbh): 

- Don't click on links or attachments unless you are 110% certain you know what they are.
- If you have the latest Windows 10, use Controlled Folder Access (it's not 100% protection but it might help). Link HERE
- BACKUP YOUR CRITICAL DATA





> *Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight
> 
> Beware Of This New Windows 10 Ransomware Threat Hiding In Plain Sight
> 
> *

----------


## lom

^ ok, have read, have understood,  won't click on your link Harry.

----------


## harrybarracuda

> ^ ok, have read, have understood,  won't click on your link Harry.


You can trust my links 111%.....

----------


## harrybarracuda

Another unpatched critical vulnerability.....

One that affects all you cheapskates and luddites using out-of-support OS's.




> Microsoft is warning of critical zero-day flaws in its Windows operating system that could enable remote code execution. The unpatched flaws are being exploited by attackers in “limited, targeted” attacks, the company said.
> According to Microsoft, two remote code execution vulnerabilities exist in the way that Windows’ Adobe Type Manager Library handles certain fonts. Adobe Type Manager is a font management tool built into both Mac OS and Windows operating systems, and produced by Adobe. While no patches are available for the flaws, workaround mitigations can protect users.
> “Microsoft is aware of limited targeted attacks that could leverage unpatched vulnerabilities in the Adobe Type Manager Library, and is providing the following guidance to help reduce customer risk until the security update is released,” according to a Monday Microsoft security advisory.


Microsoft Warns of Critical Windows Zero-Day Flaws | Threatpost


There is an easy mitigation though.

----------


## harrybarracuda

Anyone using OpenWRT?

If you are, there's an RCE vulnerability in older versions (details in the link):




> To fix this issue, affected users are advised to upgrade their device firmware to the latest OpenWrt versions 18.06.7 and 19.07.1, which were released last month.



Critical RCE Bug Affects Millions of OpenWrt-based Network Devices

----------


## harrybarracuda

If you have a D-Link DSL-2640b, best make sure it is not internet accessible or better still take it offline.


Security Advisories: D-Link DSL-2640B –

----------


## harrybarracuda

Cloudflare have added two new DNS Services; one for Malware and one for Malware+Adult.

Pretty easy to implement if you want to stop the saucepans watching gonzo.

It's never going to be perfect but every little helps.

Introducing 1.1.1.1 for Families

----------


## harrybarracuda

WASHINGTON/SAN FRANCISCO (Reuters) - Apple Inc is planning to fix a flaw that a security firm said may have left more than half a billion iPhones vulnerable to hackers.

The bug, which also exists on iPads, was discovered by ZecOps, a San Francisco-based mobile security forensics company, while it was investigating a sophisticated cyberattack against a client that took place in late 2019. Zuk Avraham, ZecOps chief executive, said he found evidence the vulnerability was exploited in at least six cybersecurity break-ins.

An Apple spokesman acknowledged that a vulnerability exists in Apples software for email on iPhones and iPads, known as the Mail app, and that the company had developed a fix, which will be rolled out in a forthcoming update on millions of devices it has sold globally.

Apple declined to comment on Avrahams research, which was published on Wednesday, that suggests the flaw could be triggered from afar and that it had already been exploited by hackers against high-profile users.

Avraham said he found evidence that a malicious program was taking advantage of the vulnerability in Apples iOS mobile operating system as far back as January 2018. He could not determine who the hackers were and Reuters was unable to independently verify his claim.

To execute the hack, Avraham said victims would be sent an apparently blank email message through the Mail app forcing a crash and reset. The crash opened the door for hackers to steal other data on the device, such as photos and contact details.

ZecOps claims the vulnerability allowed hackers to remotely steal data off iPhones even if they were running recent versions of iOS. By itself, the flaw could have given access to whatever the Mail app had access to, including confidential messages.

Avraham, a former Israeli Defense Force security researcher, said he suspected that the hacking technique was part of a chain of malicious programs, the rest undiscovered, which could have given an attacker full remote access. Apple declined to comment on that prospect.

ZecOps found the Mail app hacking technique was used against a client last year. Avraham described the targeted client as a Fortune 500 North American technology company, but declined to name it. They also found evidence of related attacks against employees of five other companies in Japan, Germany, Saudi Arabia, and Israel.

Avraham based most of his conclusions on data from crash reports, which are generated when programs fail in mid-task on a device. He was then able to recreate a technique that caused the controlled crashes.

Two independent security researchers who reviewed ZecOps discovery found the evidence credible, but said they had not yet fully recreated its findings.

Patrick Wardle, an Apple security expert and former researcher for the U.S. National Security Agency, said the discovery confirms what has always been somewhat of a rather badly kept secret: that well-resourced adversaries can remotely and silently infect fully patched iOS devices.

Because Apple was not aware of the software bug until recently, it could have been very valuable to governments and contractors offering hacking services. Exploit programs that work without warning against an up-to-date phone can be worth more than $1 million.

While Apple is largely viewed within the cybersecurity industry as having a high standard for digital security, any successful hacking technique against the iPhone could affect millions due to the devices global popularity. In 2019, Apple said there were about 900 million iPhones in active use.

Bill Marczak, a security researcher with Citizen Lab, a Canada-based academic security research group, called the vulnerability discovery scary.

A lot of times, you can take comfort from the fact that hacking is preventable, said Marczak. With this bug, it doesnt matter if youve got a PhD in cybersecurity, this will eat your lunch.

Flaw in iPhone, iPads may have allowed hackers to steal data for years - Reuters

----------


## harrybarracuda

Another big data breach, enter your password at haveibeenpwned.com and change any relevant passwords.




> db8151dd: In February 2020, a massive trove of personal information referred to as "db8151dd" was provided to HIBP after being found left exposed on a publicly facing Elasticsearch server. The exposed data could not be attributed to an owner and appears to be related to a CRM which aggregated personal information and customer interactions. The data was provided to HIBP by dehashed.com.
> Compromised data: Email addresses, Job titles, Names, Phone numbers, Physical addresses, Social media profiles

----------


## raycarey

> enter your password at haveibeenpwned.com


enter your email address

----------


## harrybarracuda

> enter your email address



Doh! Yes email address  :rofl: 

<mental note: Drink coffee before posting>

----------


## Latindancer

I love these TD moments of extreme irony  :smiley laughing:

----------


## harrybarracuda

> I love these TD moments of extreme irony


Actually you could enter your password and it wouldn't do any harm, but don't expect a ton of results.

For that you need to use this:

How Secure Is My Password?

 :Smile:

----------


## harrybarracuda

*EasyJet hit by cyberattack where email and travel details for 9million customers stolen**EASYJET has been targeted in a cyber attack, which has resulted in hackers accessing millions of customers contact and travel information.

The airline, which has currently grounded all of its flights in response to the coronavirus pandemic, said it has now blocked the unauthorised access. A company investigation found that the email address and travel details of about 9million customers were accessed. The hackers also accessed the credit card details of more than 2,000 customers.* 
https://www.express.co.uk/news/uk/1284201/easyjet-airline-cyber-attack-latest-travel-news-customers-details-emails-hacked

----------


## Latindancer

I got an email the other day which caught my eye because the subject line was the password I use to log on to my desktop computer. 
Some little shit said he had video footage of me wanking and the website details, and wanted Bitcoin.....but I have my camera unplugged unless actually using it.
I suppose it was some Facebook or other link I clicked on. Somehow they got my email address and computer password.

We think we know it all about this kind of thing, but it pays to read something by experts and keep it in mind. 

Phishing Scams & Attacks - How to Protect Yourself  | Kaspersky

----------


## harrybarracuda

> I got an email the other day which caught my eye because the subject line was the password I use to log on to my desktop computer. 
> Some little shit said he had video footage of me wanking and the website details, and wanted Bitcoin.....but I have my camera unplugged unless actually using it.
> I suppose it was some Facebook or other link I clicked on. Somehow they got my email address and computer password.
> 
> We think we know it all about this kind of thing, but it pays to read something by experts and keep it in mind. 
> 
> Phishing Scams & Attacks - How to Protect Yourself  | Kaspersky



It's called "Sextortion" and they're a bunch of chancers.

Enter your email address at haveibeenpwned.com and see where they got your password from.

----------


## TTraveler

*Massive spying on users of Google's Chrome shows new security weakness*"A newly discovered spyware effort attacked users through 32 million  downloads of extensions to Google’s market-leading Chrome web browser,  researchers at Awake Security told Reuters, highlighting the tech  industry’s failure to protect browsers as they are used more for email,  payroll and other sensitive functions."

Exclusive: Massive spying on users of Google's Chrome shows new security weakness - Reuters

----------


## harrybarracuda

If your Netgear Router is on this list (and it includes some relatively recent models), you need to check for new firmware to fix identified vulnerabilities. Details in the link.




> NETGEAR is aware of multiple security vulnerabilities on the following products:
> 
> 
> AC1450D6220D6300D6400D7000v2D8500DC112ADGN2200DGN2200MDGN2200v4DGND3700EX3700EX3800EX3920EX6000EX6100EX6120EX6130EX6150EX6200EX6920EX7000LG2200DMBM621MBR1200MBR1515MBR1516MBR624GUMBRN3000MVBR1210CR4500R6200R6200v2R6250R6300R6300v2R6400R6400v2R6700R6700v3R6900R6900PR7000R7000PR7100LGR7300R7850R7900R8000R8300R8500RS400WGR614v10WGR614v8WGR614v9WGT624v4WN2500RPWN2500RPv2WN3000RPWN3100RPWN3500RPWNCE3001WNDR3300WNDR3300v2WNDR3400WNDR3400v2WNDR3400v3WNDR3700v3WNDR4000WNDR4500WNDR4500v2WNR1000v3WNR2000v2WNR3500WNR3500LWNR3500Lv2WNR3500v2WNR834Bv2XR300
> 
> NETGEAR strongly recommends that you download the latest firmware as soon as a firmware update or firmware hotfix is available for your product. See the following table for a list of products with firmware fixes available for one or more vulnerabilities.
> 
> https://kb.netgear.com/000061982/Security-Advisory-for-Multiple-Vulnerabilities-on-Some-Routers-Mobile-Routers-Modems-Gateways-and-Extenders

----------


## harrybarracuda

Another warning to check your router firmware and make sure it's up to date, regardless of brand.

If it isn't supported any more, get rid.


Popular home routers plagued by critical security flaws | WeLiveSecurity

----------


## TTraveler

If the news about router security flaws has you thinking it's time for a new, more secure router, techradar.com recently posted this list of 2020's best:
Best secure router of 2020: keep your router and devices safe at home or work | TechRadar

----------


## harrybarracuda

Time to update Chrome if you haven't got it doing it automagically:




> Original release date: July 14, 2020
> Google has released Chrome version 84.0.4147.89 for Windows, Mac, and Linux. _This version addresses vulnerabilities that an attacker could exploit to take control of an affected system._



And as an added bonus, if you have a Microsoft Network in your office, tell your IT staff to look for a WORMABLE,  critical DNS Server patch.

 :Smile:

----------


## harrybarracuda

*Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online*

An OPSEC error by an Iranian threat actor has laid bare the inner workings of the hacking group by providing a rare insight into the "behind-the-scenes look into their methods."

IBM's X-Force Incident Response Intelligence Services (IRIS) got hold of nearly five hours worth of video recordings of the state-sponsored group it calls ITG18 (also called Charming Kitten, Phosphorous, or APT35) that it uses to train its operators.

Some of the victims in the videos included personal accounts of U.S. and Greek Navy personnel, in addition to unsuccessful phishing attempts directed against U.S. state department officials and an unnamed Iranian-American philanthropist.

"Some of the videos showed the operator managing adversary-created accounts while others showed the operator testing access and exfiltrating data from previously compromised accounts," the researchers said.

The IBM researchers said they found the videos on a virtual private cloud server that was left exposed due to a misconfiguration of security settings. The server, which was also found to host several ITG18 domains earlier this year, held more than 40 gigabytes of data.

The discovered video files show that ITG18 had access to the targets' email and social media credentials obtained via spear-phishing, using the information to log in to the accounts, delete notifications of suspicious logins so as not to alert the victims, and exfiltrate contacts, photos, and documents from Google Drive.

"The operator was also able to sign into victims' Google Takeout (takeout.google.com), which allows a user to export content from their Google Account, to include location history, information from Chrome, and associated Android devices," the researchers noted.

Besides this, the videos  captured using Bandicam's screen-recording tool  also show that the actors behind the operation plugged the victims' credentials to Zimbra's email collaboration software intending to monitor and manage the compromised email accounts.

Outside of email accounts, the researchers said they found the attackers employing a long list of compromised usernames and passwords against at least 75 different websites ranging from banks to video and music streaming to something as trivial as pizza delivery and baby products.
Other clips showed the ITG18 group leveraging dummy Yahoo! accounts, which include a phone number with Iran's country code (+98), using them to send the phishing emails, some of which bounced back, suggesting the emails did not reach the victim's inbox.

"During the videos where the operator was validating victim credentials, if the operator successfully authenticated against a site that was set up with multi-factor authentication (MFA) they paused and moved on to another set of credentials without gaining access," the researchers said.

ITG18 has a long history of targeting the U.S. and the Middle Eastern military, diplomatic, and government personnel for intelligence gathering and espionage to serve Iran's geopolitical interests.

If anything, the discovery emphasizes the need to secure your accounts by using stronger passwords, turning on two-factor authentication, and reviewing and limiting access to third-party apps.

"The compromise of personal files of members of the Greek and U.S. Navy could be in support of espionage operations related to numerous proceedings occurring in the Gulf of Oman and Arabian Gulf," IBM X-Force researchers concluded. "The group has shown persistence in its operations and consistent creation of new infrastructure despite multiple public disclosures and broad reporting on its activity."

Iranian Hackers Accidentally Exposed Their Training Videos (40 GB) Online

----------


## harrybarracuda

If you are using any of these VPN's, ditch them immediately.

They've all been caught logging copious amounts of user data when they claimed they don't.

UFO VPN
FAST VPN
Free VPN
Super VPN
Flash VPN
Secure VPN
Rabbit VPN

----------


## TTraveler

None of these free VPNs are really "free." They have to make their money somehow. If you have to use a VPN, then pay for one. 

Flash VPN, UFO VPN, and five other services leaked 1.2TB of private information

----------


## harrybarracuda

Google will soon introduce biometric authentication to the Chrome Autofill feature on Android devices, in a bid to make conducting online purchases via its browser more convenient and secure.

Users will still need to input their information manually when using a credit card for the first time but, for future purchases, Chrome for Android will allow users to bypass CVV checks and authenticate transactions using face ID or fingerprint alone. 

Google Chrome will also apply a similar process to logging into online services. The new touch-to-fill feature will bring up a list of accounts attached to the webpage a user is currently browsing and allow them to verify their identity using biometrics.

Previously, an unauthorized third party with access to a device could gain entry to the owners online accounts via the Autofill feature (which required no additional authentication). Using biometrics, however, puts paid to this possibility - unless twins are involved, of course.

For security conscious users, the common advice was never to use a browsers autofill function and opt for a secure password  manager instead. But with the imminent upgrade to Chrome for Android, its possible account credentials will be just as safe stored in-browser.

To ensure sensitive biometric information remains secure, Chrome utilizes the WebAuthn standard when registering fingerprint and facial data. Google has also assured users that biometric data will always remain on-device, never transmitted to the cloud.

The new feature also significantly reduces the risk of falling victim to elaborate phishing scams. While a fake landing page hosted on an illegitimate domain might deceive an unwitting user, the browser itself will not be so easy to dupe.

Already available on Chrome for Mac and Windows, biometric authentication is set to land on Android devices within the next few weeks.

Youll never need a password manager again, thanks to this new Chrome update | TechRadar

----------


## harrybarracuda

The chinkies are blocking new secure traffic because they can't snoop on their citizens.

I'm sure Vlad will be following.

China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet

----------


## TTraveler

> The chinkies are blocking new secure traffic because they can't snoop on their citizens.
> 
> I'm sure Vlad will be following.
> 
> China is now blocking all encrypted HTTPS traffic that uses TLS 1.3 and ESNI | ZDNet


This terminology can be confusing for those who aren't into IT. Here are a few paragraphs from the article that provide a little more clarity:

"The Chinese government has deployed an update to its national  censorship tool, known as the Great Firewall (GFW), to block encrypted  HTTPS connections that are being set up using modern, interception-proof  protocols and technologies. 

The ban has been in place for at  least a week, since the end of July, according to a joint report  published this week by three organizations tracking Chinese censorship  -- iYouPort, the University of Maryland, and the Great Firewall Report. Through the new GFW update, Chinese officials are only targeting HTTPS traffic that is being set up with new technologies like TLS 1.3 and ESNI (Encrypted Server Name Indication). Other  HTTPS traffic is still allowed through the Great Firewall, if it uses  older versions of the same protocols -- such as TLS 1.1 or 1.2, or SNI  (Server Name Indication)."

----------


## harrybarracuda

If it's not the chinkies, it's the russkies....




> *Russia is targeting Linux with Drovorub malware
> 
> The NSA has issued a warning about a new round of cyberattacks by Russia. This time, the GRU (Główny Zarząd Wywiadowczy, the Russian General Staff Main Intelligence Directorate) is targeting Linux machines.
> 
> To orchestrate the attacks, the GRU is using a malware suite called Drovorub. The suite is made up of four modules and uses a variety of techniques to hide itself and evade detection.
> 
> The National Security Agency does not say how long the malware has been in circulation for, but points out that the Russian GRU 85th GTsSS responsible for deploying it has been seen operating under various names including Fancy Bear, APT28 and Strontium. Drovorub is concerning not only because of the steps it takes to hide itself, but also because of the root level privileges it is able to obtain.
> 
> The NSA describes the malware:
> ...

----------


## harrybarracuda

*Microsoft will bid farewell to Internet Explorer and legacy Edge in 2021*
Microsoft will end support for Internet Explorer 11 across its Microsoft 365 apps and services next year. In exactly a year, on August 17th, 2021, Internet Explorer 11 will no longer be supported for Microsoft’s online services like Office 365, OneDrive, Outlook, and more. Microsoft is also ending support for Internet Explorer 11 with the Microsoft Teams web app later this year, with support ending on November 30th.


While it’s still going to take some time to pry enterprise users of Internet Explorer 11 away, Microsoft is hoping that the new Internet Explorer legacy mode in the Chromium-based Microsoft Edge browser will help. It will continue to let businesses access old sites that were specifically built for Internet Explorer, until Microsoft fully drops support for Internet Explorer 11 within Windows 10. Microsoft’s move to stop supporting Internet Explorer 11 with its main web properties is a good first step, though.

Microsoft will bid farewell to Internet Explorer and legacy Edge in 2021 - The Verge

----------


## TTraveler

I haven't really fallen in love with MS Edge either. Wonder if it's going to be on the chopping block in the next few years as well. With the speed of technological change, one never really knows what surprises the next decade holds.

----------


## harrybarracuda

Fucking chinkies at it again. Don't buy that bargain shit chinky phone off Lazada, it's a false economy.




> There are plenty of markets around the world that might not have a population that’s willing to shell out $1,000 for a smartphone. This is why there are companies that purely make cheap Android phones to sell to the masses. Obviously there are compromises when you make a cheap phone, such as using less premium materials or using lower-end hardware.
> Unfortunately, it also seems that in some cases, you might end up compromising on security as well. According to a report from BuzzFeed News, it seems that there are cheap Chinese Android smartphones being sold in regions such as Africa where it has been discovered that these phones actually come preloaded with malware that will steal your money.


Money-Stealing Malware Found Preloaded On Cheap Android Phones | Ubergizmo

----------


## TTraveler

I feel like Africans in Africa are getting the short end of the stick much of the time. While their leaders seem to think that China and its technology are the solution, the reality on the ground doesn't quite measure up, does it.

----------


## harrybarracuda

If you think you had dodgy Internet yesterday, it wasn't just you....




> A CenturyLink BGP routing mistake has led to a ripple effect across the Internet that led to outages for numerous Internet-connected services such as Cloudflare, Amazon, Garmin, Steam, Discord, Blizzard, and many more.
> These outages started at approximately 6 AM EST, when customers began reporting a wide-scale outage in the USA affecting CenturyLink services.
> 
> When performing searches on Twitter, there was a sudden influx of complaints about poor performance or outages on numerous connected services such as Blizzard, Steam, Discord, Roblox, Cloudflare, Hulu, Slink, Reddit, Amazon AWS, and many more.
> 
> 
> CenturyLink states that their Level3 CA3 data center is causing this outage and are investigating the issue.
> "Our technical teams are investigating an issue affecting some services in the CA3 data center. Ensuring the reliability of our services is our top priority. We will continue to provide status updates as this incident progresses. If you need further support, please contact us at help@ctl.io," CenturyLink's status page states.
> This outage has since been resolved, and services are slowly recovering, with some areas taking longer than others.


Just a moment...

----------


## Dragonfly

> Another warning to check your router firmware and make sure it's up to date, regardless of brand.
> 
> If it isn't supported any more, get rid.
> 
> 
> Popular home routers plagued by critical security flaws | WeLiveSecurity


holly shit, one of my home router is listed there, thank god I am no fuckwit and know how to harden a network like a proper netadmin, unlike other fuckwits who can only report what they see, not what they can do  :Smile:

----------


## harrybarracuda

Unbeknownst to many, last month Microsoft patched one of the most severe bugs ever reported to the company, an issue that could be abused to easily take over Windows Servers running as domain controllers in enterprise networks.


The bug was patched in the August 2020 Patch Tuesday under the identifier of CVE-2020-1472. It was described as an elevation of privilege in Netlogon, the protocol that authenticates users against domain controllers.

The vulnerability received the maximum severity rating of 10, but details were never made public, meaning users and IT administrators never knew how dangerous the issue really was.

Zerologon attack lets hackers take over enterprise networks: Patch now | ZDNet

----------


## TTraveler

For all those digital hypochondriacs out there, here's more news about Microsoft security vulnerabilities and patches within the last couple weeks. Not much comfort out there.

Microsoft Patch Tuesday, Sept. 2020 Edition —  Krebs on Security

----------


## harrybarracuda

If you are dumb enough to be using Anvisoft as your antivirus, ditch it immediately.

Chinese Antivirus Firm Was Part of APT41 ‘Supply Chain’ Attack —  Krebs on Security

----------


## harrybarracuda

If you use Firefox for Android, update it pronto.




> Mozilla has patched a security flaw that could allow cybercriminals to hijack all vulnerable Firefox for Android browsers running on devices connected to the same Wi-Fi network. The vulnerability could be abused to force users to visit websites housing malicious content, which could then be used to execute phishing attacks or to download malware to their devices.
> 
> The vulnerability was discovered by Australian security researcher Chris Moberly, who said, The victim simply has to have the Firefox application running on their phone. They do not need to access any malicious websites or click any malicious links. No attacker-in-the-middle or malicious app installation is required. Moberly worked with Mozilla to fix the vulnerability with the updated Firefox version.


Firefox for Android vulnerability allows hackers to hijack device over Wi-Fi | 2020-09-22 | Security Magazine

----------


## harrybarracuda

*Suspected ransomware attack hits one of the largest hospital networks in the US*

One of the USs largest healthcare providers has been hit by what looks like a highly coordinated ransomware attack (via NBC News). Over the weekend, hospitals in the US operated by Universal Health Services started to notice problems with their IT systems, with some employees reporting that they could not access their computers.    

In a statement the company shared on Monday morning, UHS said its computer network is down due to an "IT security issue." The company says it doesn't appear like employee or patient data was accessed in the incident. UHS cares for approximately 3.5 million patients each year and operates about 400 healthcare facilities across the US and UK.   

"We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible," the statement reads. "Patient care continues to be delivered safely and effectively."

NBC News reports some UHS hospitals have had to fall back on filing patient information using pen and paper due to the attack. On Reddit and Twitter, there are also reports of UHS facilities redirecting ambulances to other nearby hospitals. "When the attack happened multiple antivirus programs were disabled by the attack and hard drives just lit up with activity," says one of those reports. 

A UHS employee told Bleeping Computer that they saw files renamed during the attack to include a .ryk extension. That extension is associated with the Ryuk ransomware. Like most other ransomware, Ryuk encrypts files to prevent someone from accessing them until they pay a fee. 

Suspected ransomware attack hits one of the largest hospital networks in the US | Engadget

----------


## TTraveler

Didn't expect to see this happening in Russia.*

Big Game Hunting: Now in Russia* (It's not about animals)
"The email raised no suspicions. An employee of a Russian medical company  boldly clicked on the link and downloaded the attached ZIP archive. The  message with the subject "Bill due" looked like it had been sent by the  Finance Department of a large Russian media holding, the RBC Group.  After the executable file was run for just twenty seconds, Windows  Defender detected and deleted the malware. Yet these twenty seconds were  enough for the Trojan to achieve persistence in the infected system.  The victim failed to notice anything. Three weeks later, the company's  employees arrived at work and were greeted by an alarming message on  their computer screens: "Your files have been encrypted". All work  stopped. The attackers demanded $50,000 in cryptocurrency to decrypt the  files. A new cybercriminal group called OldGremlin was behind that  attack."
Big Game Hunting: Now in Russia

----------


## harrybarracuda

Filthy Russian thief jailed for seven years. Russia, of course, tried to protect him. Suck on that Vladdy boy.




> A Russian scumbag found guilty of hacking into LinkedIn, Dropbox, and Formspring  and stealing data on over 200 million users  has been sent down for more than seven years. Yevgeniy Nikulin was sentenced to 88 months in an American prison by a federal court in San Francisco this week though the judge in this case, William Alsup, was surprisingly kind about the 32-year-old Russian. I think youre a brilliant guy. Very smart, Alsup told him. I urge you to apply that brilliance to a lawful profession and do something good with your life other than hacking into computers.
> 
> The sentence will account for the four years Nikulin has already spent behind bars following his capture in a restaurant while on holiday in Prague in 2016 after he attracted attention by driving around in a flashy car and spending liberally. He was charged with nine criminal counts of computer intrusion, causing damage to a protected computer, aggravated identity theft, trafficking, and conspiracy.
> 
> His trial in the US was dogged by delays: first by Russian authorities who tried to prevent him being extradited to America, then following a lengthy dispute over whether he was mentally fit to stand trial. When the hearings finally began, it was almost immediately put on hold due to the coronavirus outbreak, and was nearly abandoned after jury members objected to being in close confines for weeks.


Russian hacker, described as 'brilliant' by judge, gets seven years in a US clink for raiding LinkedIn, Dropbox  The Register

----------


## TTraveler

I imagine that for Vladdy, this is another boost for Russian national pride, despite the arrest. Isn't hacking what Russia is most famous for right about now? The country is struggling in a lot of areas, but not in its reputation for cyber warfare expertise.

----------


## harrybarracuda

You might be able to buy your own homemade porn for $150....




> A hacker collective claims to have breached over 50,000 home security cameras before going on to steal peoples private footage and post some of it online. While a considerable portion of the videos seems to have come from Singapore, a number of people living in _Thailand_, South Korea, and Canada also seem to have their privacy invaded.
> 
> Some of the videos  which range from one to twenty minutes in length and show people of varying ages in compromising positions or various stages of undress  have been uploaded to porn websites.
> 
> The New Paper, which broke the story, quoted the unnamed hacker group as saying that it has shared the clips with over 70 members who paid US$150 for lifetime access to the loot. The gang, whose group on the instant messaging app Discord has nearly 1,000 members, reportedly specializes in hacking security cameras.
> 
> To lend extra credence to their claims, the collective is offering a free sample containing 700 megabytes worth of data comprising over 4,000 clips and pictures. Theyre also reportedly willing to share access to all hijacked cameras with fellow members. Moreover, VIP members with voyeuristic tendencies will be treated to a course on how to explore, watch live and record hacked cameras, which could mean that the number of private videos could grow over time.


50,000 home cameras reportedly hacked, footage posted online | WeLiveSecurity

----------


## TTraveler

Ok, I think I can do without security cameras at home. I'll just buy better locks because they, at least, can't spy on me.

----------


## harrybarracuda

Watch out for dodgy offers of free McAfee Internet Security.

It's the chinkies trying to Phish you.



Google: Chinese Hackers Are Posing as McAfee Antivirus to Phish Victims

----------


## misskit

^ That one popped up on my iPad last week.

----------


## TTraveler

Amazed that there are no spelling errors or other common signs of fishing. They look like pros.

----------


## harrybarracuda

> Amazed that there are no spelling errors or other common signs of fishing. They look like pros.


Chinky government hackers. Probably learned their trade at MIT.

----------


## harrybarracuda

If you are using Chrome or a Chromium based browser, do an update ASAP.

And check Firefox also.




> *Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser*


Google Patches Actively-Exploited Zero-Day Bug in Chrome Browser | Threatpost

----------


## harrybarracuda

If you're using a Tenda Router you should apply the latest firmware. This will still leave you open to DoS attacks, but at least no-one can steal your data.

( I don't have one myself, you'll have to hunt through the menus for the Firmware Update option).

Tenda Router Zero-Days Emerge in Spyware Botnet Campaign | Threatpost

----------


## harrybarracuda

Ooops




> A data breach at the security company Gunnebo has led to large amounts of sensitive information about security systems around the world being published openly online.
> 
> This is what Dagens Nyheter reveals today.
> 
> These will be 38,000 files, including drawings of bank vaults, monitoring and alarm equipment and _security functions for ATMs_.
> 
> The intrusion must have taken place in August and include _information for customers worldwide_.


Enormous security leak at the Rikssbanken and banks  Nord News

----------


## TTraveler

Gunnebo is now one of those companies that security pros no longer want on their resumes.

----------


## harrybarracuda

Well fair play to them, they aren't paying the ransom.




> *A comment on information in the media about the IT-incident*This Tuesday, Swedish media once again reported on the data breach to which Gunnebo was subjected, and which the company communicated via a press release on 25 August. As Gunnebo already stated at the time, the incident is extremely regrettable.
> 
> In the media reporting on Tuesday it is indicated that the company was not aware that data had been copied in the intrusion. However, this information is incorrect. Ever since the data breach was discovered, Gunnebo has worked based on the hypothesis that files may have ended up in the wrong hands, and thus the company decided a few days into the breach to analyze the data on servers around the world. The company has systematically communicated this with affected customers locally. During a later phase, the criminals decided to upload a certain part of Gunnebo's stolen data on the so-called Darknet, also this data set has been further analyzed, which is an ongoing process.
> 
> "Of course, we have been aware that files that originate from us are available on Darknet, and we naturally regret that this is the case. Unfortunately, this is exactly how computer criminals work. Therefore, I would like to emphasize that it has never been an alternative for Gunnebo to pay a ransom to have the files deleted. The only way to curb this kind of crime is that the affected organizations do not fall short and pay out ransoms”, said Stefan Syrén, President and CEO, Gunnebo.


https://www.gunnebo.com/

----------


## TTraveler

If hackers steal from the rich and donate to the poor, is it justified?

This professional ransomware for hire team just donated $20k in bitcoin to a couple of charities. 

When Hackers Have PR Departments: Tens of Thousands in Stolen Bitcoins Donated To Charity Organizations - CPO Magazine

----------


## harrybarracuda

> If hackers steal from the rich and donate to the poor, is it justified?


Don't be silly.

----------


## TizMe

Just noticed this. Is everyone aware?

----------


## TizMe

Just noticed this. Is everyone aware?

----------


## harrybarracuda

Doesn't surprise me, they rarely bother patching the software that hosts Teakdoor.

----------


## harrybarracuda

There have been three batches of nasty 0-days released in the last few weeks, so update Chrome and Edge Chromium (and Firefox for the sake of it).

----------


## TTraveler

> Attachment 60028
> 
> Just noticed this. Is everyone aware?


Phew. Glad I used a 100% unique password for this particular site. They can have it.

----------


## baldrick

> Phew. Glad I used a 100% unique password for this particular site.


and unique username to stop tards stalking

----------


## harrybarracuda

So apparently a large cache of Lazada Thailand info is being touted on the web. Someone has seen a sample and said it looks legit.

it doesn't include credit card info, etc., but it does contain email addresses.

This means that attackers that gain access to that could send fake Lazada messages that look convincing to existing customers.

So if you are a Lazada user, be very careful to check any emails from them. Hover the mouse over the email address and the links to make sure they are legit.

Where possible use the Lazada website rather using links in emails.

IF you have any doubts about an email, contact Lazada Support.



*** I should add that, since Lazada are not being very forthcoming about it, you should change your password immediately. And don't change one character, pick a new, long, passphrase.

----------


## TTraveler

Per this report, Shopee and Line were hacked as well. No shortage of bad cybersecurity news these days. 
[Update-1] Lazada blames third party for data leak; leak affects Shopee and Line as well, Lazada says - Thai Enquirer

----------


## TTraveler

How are Thai hospitals handling the recent uptick in ransomware attacks against medical providers? Several US based healthcare systems have fared rather poorly.

"Hospitals and the healthcare industry have faced a flurry of cyberattacks over the past few months. In September, a ransomware attack shut  down Universal Health Services, a Fortune-500 owner of a nationwide  network of hospitals. And more recently, in October, several hospitals  were targeted by ransomware attacks, including Klamath Falls, Ore.-based Sky Lakes Medical Center and New York-based St. Lawrence Health System."

Post-Cyberattack, UVM Health Network Still Picking Up Pieces | Threatpost

----------


## harrybarracuda

> How are Thai hospitals handling the recent uptick in ransomware attacks against medical providers?



The same as everyone else is, probably. Hoping you're not next.

----------


## harrybarracuda

Anyone out there got True Online as their ISP?

And if so, do you by any chance have a Zyxel 660HN Router provided by them? (Check on the label).

----------


## lom

> Anyone out there got True Online as their ISP?
> 
> And if so, do you by any chance have a Zyxel 660HN Router provided by them?


That is a 10 years old ADSL modem/router, I don't think True does ADSL nowadays.
I may still have one in the junkbox..

----------


## harrybarracuda

> That is a 10 years old ADSL modem/router, I don't think True does ADSL nowadays.
> I may still have one in the junkbox..


Well even here in the sandpit I am seeing a shitload of exploit traffic trying to get control of that model, so someone must think they're still active.

And it's explicitly labelled "TrueOnline Zyxel 660HN"

 :Smile:

----------


## harrybarracuda

More critical Chrome bugs.

High-Severity Chrome Bugs Allow Browser Hacks | Threatpost

----------


## harrybarracuda

Russians are favourites....





> WASHINGTON — For years, the cybersecurity firm FireEye has been the first call for government agencies and companies around the world who have been hacked by the most sophisticated attackers, or fear they might be.
> Now it looks like the hackers — in this case, evidence points to Russia’s intelligence agencies — may be exacting their revenge.
> FireEye revealed on Tuesday that its own systems were pierced by what it called “a nation with top-tier offensive capabilities.” The company said hackers used “novel techniques” to make off with its own tool kit, which could be useful in mounting new attacks around the world.


FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State - The New York Times

----------


## TTraveler

> Russians are favourites....
> 
> FireEye, a Top Cybersecurity Firm, Says It Was Hacked by a Nation-State - The New York Times


Russians are in a really bad mood these days. Anger is a stimulant for hackers.

----------


## TTraveler

Russian (state sponsored) hacking groups are in the news again. I imagine their, "cover your tracks" training is overdue. 

"Russian government hackers are behind the breach at the US Treasury and Commerce departments, says a report."


"The  hackers have been able to monitor email traffic within the departments  for months, and it is not known how many other federal agencies they may  have compromised.


Now  the FBI is investigating the campaign by the hacking group working for  the Russian foreign intelligence service, SVR, according to the _Washington Post_."


"The  hackers, who are known as Cozy Bear or APT29, are reportedly the same  group that hacked the White House and State Department under the Obama  administration."

Russian government hackers behind breach at US treasury and commerce departments | The Independent

----------


## harrybarracuda

There is quite a lot of speculation that:

- They took FireEye's Red Team toolkit (proprietary Penetration testing tools - that were probably very good and were reported stolen, possibly a while back)
- They used these to get into the supply chain for updates to a product called SolarWinds Orion, which meant they could push malware with the customer updates.
- Having established a foothold on peoples' networks they could then do all manner of reconnaissance and data exfiltration.
- One article talks about them bypassing Microsoft Authentication, but if they had admin rights on the infrastructure, it would be easy to change the destination of two factor authentication requests.

It's a right mess and I look forward to the CISA report - under whoever baldy orange loser put in charge when he sacked the best man for the job (and his number two resigned).

Added: A chap called Brandon Wales. I bet his phone is ringing off the hook this morning.

----------


## TTraveler

I imagine Brandon Wales' phone has been ringing off the hook since November 18th. 

Interesting article about him for people seeing that name for the first time. 

After Krebs' dismissal, DHS’s cyber agency is led by career official Brandon Wales. For now.

----------


## harrybarracuda

Now it seems they used Orion to breach FireEye.

That's fucking embarrassing.




> FireEye is considered one of the best malware sandboxes on the market today. The tool performs deep packet analysis through a full attack lifecycle and reports on any atypical modifications to applications or operating systems (OS) running on devices.

----------


## harrybarracuda

This is definitely going to have consequences for whoever did it. With this scale and sophistication, it's either Vlad or the chinkies.




> The fallout from the SolarWinds breaches will be far more difficult and time-consuming to remediate than originally assumed, as the attackers likely found more ways to enter federal networks than just the SolarWinds Orion product and have been targeting IT and response personnel, according to the governments lead cybersecurity agency.
> 
> The Cybersecurity and Infrastructure Security Agency, or CISA, released an alert Thursday through the U.S. Computer Emergency Readiness Team, or US-CERT, detailing what the agency currently knows about the attack. The alert calls out at least one other attack vector beyond SolarWinds products and identifies IT and security personnel as prime targets of the hacking campaign.
> 
> CISA has determined that this threat poses a grave risk to the federal government and state, local, tribal, and territorial governments as well as critical infrastructure entities and other private sector organizations, officials wrote.
> While the alert does not name suspects, officials offered a look into what is known about the attackers techniques and motivations.
> 
> The adversarys initial objectives, as understood today, appear to be to collect information from victim environments, the alert states. CISA has observed in its incident response work adversaries targeting email accounts belonging to key personnel, including IT and incident response personnel.
> 
> ...


SolarWinds Isn't the Only Way Hackers Entered Networks, CISA Says - Defense One

----------


## raycarey

> This is definitely going to have consequences for whoever did it.


perhaps......but why would there suddenly be consequences now?

the chinese and russians have been hacking US govt agencies for literally decades....and when the hacks are made public, the US govt. rarely even mentions the countries by name, much less retaliates.

the broad brush reason for this is that this is considered espionage...and the US is essentially doing the same thing 24/7/365.


the pentagon's budget is nearly $2 billion per day.....congress is likely going to pass a massive infrastructure package in Q1.....a significant portion of that needs to make it into cyber security.

----------


## harrybarracuda

> perhaps......but why would there suddenly be consequences now?


Because of the scale and nature of the attack and the fact that there isn't a fucking snivelling sycophantic wanker in the Whitehouse past January 20th... *

* Although we'll still have our snivelling sycophantic wankers here.

----------


## raycarey

the acting US defense secretary (appointed by trump days after he lost the election) just ordered a pentagon wide halt to any transition meetings with representatives of the incoming biden administration.

if trump's not a russian asset....tell me how he would act differently if he was.

----------


## harrybarracuda

> the acting US defense secretary (appointed by trump days after he lost the election) just ordered a pentagon wide halt to any transition meetings with representatives of the incoming biden administration.
> 
> if trump's not a russian asset....tell me how he would act differently if he was.


You should probably post that in the Biden thread. As it has fuck all to do with this.

CISA has now said it affects companies other than SolarWinds customers, and they will release details when investigations are completed.

This is quite the global attack in reality.

44% of the known targets are IT, Software or Equipment vendors. 

And they probably all provide updates to their customers.

----------


## TTraveler

Haven't heard yet whether any companies or governments in Asia were affected. Saw this today though, and wonder if it's an indication that Chinese orgs were affected as well. 
"Chinese cybersecurity firm RedDrip Team published their findings on Github, saying its decoder tool had identified nearly a hundred suspected victims of the SolarWinds/Orion breach, including universities, governments and high tech companies."
Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ —  Krebs on Security

----------


## harrybarracuda

> Haven't heard yet whether any companies or governments in Asia were affected. Saw this today though, and wonder if it's an indication that Chinese orgs were affected as well. 
> "Chinese cybersecurity firm RedDrip Team published their findings on Github, saying its decoder tool had identified nearly a hundred suspected victims of the SolarWinds/Orion breach, including universities, governments and high tech companies."
> Malicious Domain in SolarWinds Hack Turned into ‘Killswitch’ —  Krebs on Security



Unfortunately I can't find a bigger version, but:

----------


## harrybarracuda

Confirmed:

Solarwinds
FireEye
Microsoft
VMWare
Cisco


Jungle drums suggest:

Fortinet
PaloAlto
Checkpoint

----------


## harrybarracuda

Of course some trumpanzee (probably on Parler) said Dominion used SolarWinds (they don't).

----------


## TTraveler

> Unfortunately I can't find a bigger version, but:
> 
> Attachment 61837


Interesting that Russia appears completely unscathed.  ::chitown::

----------


## harrybarracuda

> Interesting that Russia appears completely unscathed.


Indeed. But they are mates with the chinkies.

----------


## harrybarracuda

Had an interesting call this afternoon that leaned me further in the Russia direction.

*taps nose*

----------


## TTraveler

> Had an interesting call this afternoon that leaned me further in the Russia direction.
> 
> *taps nose*


And what did you learn on the call?

----------


## baldrick

> 44% of the known targets are IT, Software or Equipment vendors.


was the md5 hash before or after the malicious code insertion ?

----------


## harrybarracuda

> was the md5 hash before or after the malicious code insertion ?


Have you downloaded an nVidia update since April?

----------


## harrybarracuda

> And what did you learn on the call?



Sorry TLP:Red not Chatham House rule.

 :Smile:

----------


## harrybarracuda

Multiple security researchers and research teams have published over the weekend lists ranging from 100 to 280 organizations that installed a trojanized version of the SolarWinds Orion platform and had their internal systems infected with the Sunburst malware.

The list includes the names of tech companies, local governments, universities, hospitals, banks, and telecom providers.

The biggest names on this list include the likes of Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.

Partial lists of organizations infected with Sunburst malware released online | ZDNet

----------


## baldrick

> Have you downloaded an nVidia update since April?


yes - were nvidia drivers compromised ?

----------


## harrybarracuda

> yes - were nvidia drivers compromised ?


nVidia were and it's a supply chain attack.

Imagine if they were able to insert a little bit of code into every nVidia update?

----------


## baldrick

> nVidia were and it's a supply chain attack.
> 
> Imagine if they were able to insert a little bit of code into every nVidia update?


from what I can gather this solar winds orion software was used to update firmwares and generally manage switches on a network

what evidence is there so far that vlads minions did more than compromise machines and steal data ? has any malware been found in any companies downloads , or is it still all speculation for clickbaits ?

----------


## harrybarracuda

> from what I can gather this solar winds orion software was used to update firmwares and generally manage switches on a network
> 
> what evidence is there so far that vlads minions did more than compromise machines and steal data ? has any malware been found in any companies downloads , or is it still all speculation for clickbaits ?


There's your problem right there.

The SolarWinds Malware was inserted in April.

No-one identified it for seven months.

Anyone that has been compromised could have been used in a similar attack.

Cisco is obviously the biggest threat of the lot.

Having said that, it is a titanic failure on SolarWinds part to let someone modify their updates and them not actually notice.

----------


## lom

> Having said that, it is a titanic failure on SolarWinds part to let someone modify their updates and them not actually notice.


It is a titanic failure not having waterproof bulkheads between the internet and your product building computer, a computer which should be clean-roomed and only accessible by sneaker-net.
The same goes for all software developing computers, source code should not be accessible from outside.

----------


## baldrick

and did the IT crowd check the md5s before installation ?

----------


## harrybarracuda

> and did the IT crowd check the md5s before installation ?


Probably not, and if they generated ones on the finished (and infected product) it would have passed muster anyway. And since it was signed by a legit SolarWinds certificate, it never raised a flag. There was no reason not to trust it.

It's a fucking shit show and a half. Now everyone and their aunties are having to query their vendors, especially in the OT space, asking for guarantees that they haven't been shipped bent code. And who the fuck wants to admit it?

The lawsuits coming SolarWinds way...

----------


## harrybarracuda



----------


## OhOh

> Cisco, SAP, Intel, Cox Communications, Deloitte, Nvidia, Fujitsu, Belkin, Amerisafe, Lukoil, Rakuten, Check Point, Optimizely, Digital Reach, and Digital Sense.


No mention of Chinese companies. 

Tight as an OZ grandmother:


https://daydaynews.cc/en/international/816152.html

----------


## harrybarracuda

> No mention of Chinese companies.


Precisely why they are not excluded as suspects yet.

----------


## harrybarracuda

Let's finish the year with another sneaky fucking backdoor from a chinky company.




> Zyxel undocumented account (CVE-2020-29583) 
> 
> Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The password for this account can be found in cleartext in the firmware. This account can be used by someone to login to the ssh server or web interface with admin privileges
> 
> Username: zyfwp
> Password: PrOw!aN_fXp

----------


## lom

> Let's finish the year with another sneaky fucking backdoor from a chinky company.


Zyxel is a Taiwanese company..

----------


## OhOh

> Username: zyfwp
> Password: PrOw!aN_fXp





> can be found in cleartext in the firmware.


Well hidden then.

 :rofl: 

Probably the communal Zyxel Security advisor's login.

Security advisories | Zyxel




> Zyxel is a Taiwanese company..


The vassal wanabe will have some reeducation one suspects, Jeopardising national security and pissing off the EU, may be the charges utilised.

 :Roll Eyes (Sarcastic):

----------


## harrybarracuda

> Zyxel is a Taiwanese company..


Who like everyone else outsource manufacturing to Chinastan...

Security advisories | Zyxel

Yes, they have to do that after they've been rumbled... "Oh sorry, that was an accident". I expect this bloke will be looking for a new job soon, but he'll probably get one at another place that needs a new backdoor inserting.

https://www.linkedin.com/in/edward-y...alSubdomain=tw



 :rofl:

----------


## harrybarracuda

I don't know how I missed this one, although in fairness it only affects companies in Chinastan forced to install "tax software" in Chinastan.

Fucking chinkies you cannot trust them for anything. That's why HooHoo will go for a Western vaccine.

 :bananaman: 




> In June, Trustwave reported the discovery of a dangerous new malware family dubbed GoldenSpy, hidden within tax payment software mandated by China Tax Bureau (CTB) for all businesses operating in the country. 
> 
> 
> This took an unexpected turn soon after Trustwave posted its findings and advice on how to defeat the unusually persistent malware. It quickly became apparent that the threat actors behind the malware had not only read Trustwave’s report, but then took swift action to reverse existing malware infections and attempt cover their tracks. In this Q&A, Brian Hussey, VP of cyber threat detection and response at Trustwave, discusses the ongoing game of cat and mouse between the security pros and threat actors.


New GoldenHelper malware found in official Chinese tax software

----------


## TTraveler

Tax software again. 

Smells a bit like Notpetya, which ground much of Ukraine (and companies like Mersk) to a hard stop after hiding out in a widely-used Ukrainian tax software. 

Backdoor built in to widely used tax app seeded last week’s NotPetya outbreak | Ars Technica

----------


## OhOh

> *hidden* within tax payment software mandated by China Tax Bureau (CTB) for all businesses operating in the country.





> Well hidden then.


Simplified Chinese,






> cleartext in the firmware.


Or simplified

----------


## harrybarracuda

The thing is HooHoo I could have said this:




> "Some of the interesting techniques GoldenHelper uses include randomization of name whilst in transit, randomization of file system location, timestomping, IP-based DGA (Domain Generation Algorithm), UAC bypass and privilege escalation."


But you wouldn't understand any of it because you're not very bright.

----------


## OhOh

> But you wouldn't understand any of it


Every business has it's own metalanguage and I didn't get past this:




> Some of the interesting techniques GoldenHelper uses include ......... zzzzzzzzz


1. Issued a spec, 
2. Review techies application, 
3. If 2 < 1. Go 1 else go 4
4. Issue a internal comments doc.
5. Wait zzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
6. If 2 < 1. Go 5 else go 1
5. Sell the App.
6. Spend bonus on frivolities

Impressive eh, or am I missing a critical loop?

Got to keep the recipe's a secret, lines 2. - 4. eh.

----------


## harrybarracuda

> Impressive eh, or am I missing a critical loop?


Oh look, HooHoo's resorting to the waffle again.

Let's just repeat the story so it sinks in:
*
The chinkies planted malware and backdoors in a tax program that the chinkies had forced foreign companies to use.*

So Hoohoo resorts to talking about KFC as if somehow this is more important.

 ::chitown::

----------


## harrybarracuda

I've met Alex half a dozen times over recent years. The last time I found him propping up the pool bar at the birthplace of the Pina Colada wearing an England footy shirt. With these two in charge the sloppy Solarwinds security team are about to experience a world of hurt, and I'm sure several will be headed for the exits.




> SolarWinds has hired the former head of the US Cybersecurity and Infrastructure Security Agency (CISA), Chris Krebs, in an effort to recover from last months cyber attack which left 18,000 customers exposed to what are believed to be Russian hackers.
> 
> Krebs was the first director of CISA, which was founded in 2018 as a part of US Homeland Security. He also led the effort to maintain the cyber safety of the 2020 US presidential election and was famously fired by President Trump after he proclaimed the election to be the most secure ever in US history.
> 
> SolarWinds has also taken on Facebook CSO Alex Stamos, who was previously hired by Zoom to help the video conferencing provider boost its security following incidents of Zoom-bombing, which led to numerous companies and institutions banning the use of the platform.
> 
> Krebs and Stamos have recently formed a security consulting business, of which expertise SolarWinds is now expected to benefit from.


SolarWinds hires former Trump cyber security chief | IT PRO

----------


## TTraveler

The Solarwinds security team needs a big shock right about now, and hopefully those two leaders can deliver it.

----------


## harrybarracuda

> The Solarwinds security team needs a big shock right about now, and hopefully those two leaders can deliver it.


Stamos in particular is a big fan of red teaming!  :Smile:

----------


## harrybarracuda

Bejaysus what a mess.




> *Third malware strain discovered in SolarWinds supply chain attack*

----------


## TTraveler

> Bejaysus what a mess.


The good news: they found it. 
But one must wonder how many more strains are in the system that haven't been found.

----------


## harrybarracuda

> The good news: they found it. 
> But one must wonder how many more strains are in the system that haven't been found.


I got invited to an InfoBlox presentation yesterday. I sort of mentioned that spending six figures on a package that didn't detect shitloads of outbound DNS exfiltration wasn't really my thing.

 :Smile:

----------


## TTraveler

*Millions of Social Profiles Leaked by Chinese Data-Scrapers*



> More than 400GB of public and private profile data for 214 million social-media users from around the world has been exposed to the internet  including details for celebrities and social-media influencers in the U.S. and elsewhere.
> 
> The leak stems from a misconfigured ElasticSearch database owned by Chinese social-media management company SocialArks, which contained personally identifiable information (PII) from users of Facebook, Instagram, LinkedIn and other platforms, according to researchers at Safety Detectives.
> 
> The server was found to be publicly exposed without password protection or encryption during routine IP-address checks on potentially unsecured databases, researchers said. It contained more than 318 million records in total.


*
Millions of Social Profiles Leaked by Chinese Data-Scrapers | Threatpost*

----------


## harrybarracuda

Built-in backdoors and vulnerabilities and straight away you think of one country...




> *Multiple backdoors and vulnerabilities discovered in FiberHome routers*At least 28 backdoor accounts found in FiberHome FTTH ONT routers.
> 
> At least 28 backdoor accounts and several other vulnerabilities have been discovered in the firmware of a popular FTTH ONT router, widely deployed across South America and Southeast Asia.
> 
> 
> FTTH ONT stands for Fiber-to-the-Home Optical Network Terminal. These are special devices fitted at the end of optical fiber cables. Their role is to convert optical signals sent via fiber optics cables into classic Ethernet or wireless (WiFi) connections.
> 
> 
> FTTH ONT routers are usually installed in apartment buildings or inside the homes or businesses that opt for gigabit-type subscriptions.
> ...


Multiple backdoors and vulnerabilities discovered in FiberHome routers | ZDNet

----------


## TTraveler

> Built-in backdoors and vulnerabilities and straight away you think of one country...


Couldn't possibly be the country that hoards its researchers and the vulnerabilities they discover... :Yup: 




> They say you don't notice something good until it's gone. With  China's decision to restrict its information security researchers from  participating in global hacking competitions, we're about to see what  that looks like on the global "zero day" stage.
> 
>                                                                                                  For over a decade Pwn2Own ... brought together security talent  from across the globe in a friendly hacking competition that is a  cornerstone of research and advancement on par with Black Hat and Def  Con.
> 
> China's hackers routinely win, sweeping the board -- notably,  the Tencent and Keen teams. Pwn2Own is good-natured, and all in the  name of researchers finding big bugs, nabbing great bounties and drawing  attention to security holes and zero-days that need to be fixed.
> 
> But (since 2018), China is no longer allowing its researchers to compete.


https://www.engadget.com/2018-03-16-chinese-hackers-pwn2own-no-go.html

----------


## harrybarracuda

I bet you can't guess whose dodgy, backdoor-infested shit this is aimed at.




> On January 20th President Biden signed an Executive Order that in part suspended the implementation of President Trump's May 1, 2020 order halting the use of components produced by hostile foreign states in the Bulk Power System:
> 
> Sec 7 (c)  Executive Order 13920 of May 1, 2020 (Securing the United States Bulk-Power System), is hereby suspended for 90 days.  The Secretary of Energy and the Director of OMB shall jointly consider whether to recommend that a replacement order be issued.

----------


## harrybarracuda

*Check if your photos were used to develop facial recognition systems with this free tool*

----------


## harrybarracuda

A strangely targeted attack...




> A mysterious hacking group has compromised the server infrastructure of a popular Android emulator and has delivered malware to a handful of victims across Asia in a highly-targeted supply chain attack.
> The attack was discovered by Slovak security firm ESET on January 25, last week, and targeted BigNox, a company that makes NoxPlayer, a software client for emulating Android apps on Windows or macOS desktops.
> ESET says that based on evidence its researchers gathered, a threat actor compromised one of the company's official API (api.bignox.com) and file-hosting servers (res06.bignox.com).
> Using this access, hackers tampered with the download URL of NoxPlayer updates in the API server in order to deliver malware to NoxPlayer users.
> "Three different malware families were spotted being distributed from tailored malicious updates toselected victims, with no sign of leveraging any financial gain, but rather surveillance-related capabilities," ESET said in a report shared today with ZDNet.
> Despite evidence implying that attackers had access to BigNox servers since at least September 2020, ESET said the threat actor didn't target all of the company's users but instead focused on specific machines, suggesting this was a highly-targeted attack looking to infect only a certain class of users.
> Until today, and based on its own telemetry, ESET said it spotted malware-laced NoxPlayer updates being delivered to only five victims, located in Taiwan, Hong Kong, and Sri Lanka.


Hacker group inserted malware in NoxPlayer Android emulator | ZDNet

----------


## TTraveler

Finally some good news. 



> U.S. and Bulgarian authorities this week seized the darkweb site used by the *NetWalker*   ransomware cybercrime group to publish data stolen from its victims.  In  connection with the seizure, a Canadian national suspected of  extorting  more than $27 million through the spreading of NetWalker was  charged in  a Florida court.
> 
> Chainalysis has traced more than $46 million worth of funds in NetWalker  ransoms since it first came on the scene in August 2019




Sebastien Vachon-Desjardins was living his best life between Miami  and  Ottawa, Canada, after pulling in at least $27.6 million from ransomware  operation NetWalker. Appears his expertise was targeting healthcare  organizations. He gets extra scumbag points for doing so during a  pandemic.
Arrest, Seizures Tied to Netwalker Ransomware —  Krebs on Security

----------


## harrybarracuda

I look forward to a massive jail sentence for this PoS.

----------


## OhOh

> hopefully those two leaders can deliver it.


ameristani leaders "delivering".

 :rofl:

----------


## harrybarracuda

> ameristani leaders "delivering".


HooHoo is quite happy to see chinky government spies destroying livehoods.

He is quite spiteful.

----------


## Backspin

Lol now they are telling us it was China that did the Solarwinds hack. 
*

Suspected Chinese hackers used SolarWinds bug to spy on U.S. payroll agency  sources | Financial Post
*

First Russia did the Afganstan bounties. Then China did the Afganistan bounties  :Roll Eyes (Sarcastic): 

Intel on China bounties called less' credible than Russia payments - POLITICO

----------


## TTraveler

"An online community promoting female escorts and reviews of their  services has suffered a data breach after a hacker downloaded the site's  database."

"EscortReviews.com is an adult online vBulletin forum community that  allows US and Mexico-based escorts to promote their services, share  profile pictures, contact information, and biographies to prospective  clients. Clients can then post reviews about their experiences with the  particular escort."

Backspin will be happy no one is blaming China. Yet.


http://Female escort review site dat...70,000 members

----------


## harrybarracuda

> "An online community promoting female escorts and reviews of their  services has suffered a data breach after a hacker downloaded the site's  database."
> 
> "EscortReviews.com is an adult online vBulletin forum community that  allows US and Mexico-based escorts to promote their services, share  profile pictures, contact information, and biographies to prospective  clients. Clients can then post reviews about their experiences with the  particular escort."
> 
> Backspin will be happy no one is blaming China. Yet.
> 
> 
> http://Female escort review site dat...70,000 members


Hmmm

"She wanted Bt500. I tried to borrow the money off some stranger outside a shop, but he only lent me Bt100 and he made me buy him a beer with it. I think he was mocking me. 0/5 do not recommend - S. Mark, Thailand)"

----------


## harrybarracuda

A quite good write-up on Microsoft Defender, the free antivirus client built into Windows.

It's worth noting that it's a decent a/v tool in its own right, but there is a downloadable Configuration Tool that exposes all the hidden settings, and the article makes some sensible suggestions as to which ones to enable.

Link here:

Decoding Microsoft Defender’s hidden settings | Computerworld

----------


## harrybarracuda

Shit's getting real.




> *Hackers breach, attempt to poison Florida city's water supply*



Hackers breach, attempt to poison Florida city's water supply | TheHill

----------


## jabir

> A quite good write-up on Microsoft Defender, the free antivirus client built into Windows.
> 
> It's worth noting that it's a decent a/v tool in its own right, but there is a downloadable Configuration Tool that exposes all the hidden settings, and the article makes some sensible suggestions as to which ones to enable.
> 
> Link here:
> 
> Decoding Microsoft Defender’s hidden settings | Computerworld


Had a look, fortunately my system seems to be working ok so I won't be fiddling with stuff that I don't understand, esp without Butterfly to save the day. Took a couple of decades to sink in, but my pioneer 'what happens if I click this' days often ended in a full reinstall, lost data and other shit.

----------


## harrybarracuda

> I won't be fiddling with stuff that I don't understand, esp without Butterfly to save the day.


Well that's fucking hilarious.

 :rofl:

----------


## TTraveler

Remember the recent North Korea sponsored attack on security researchers? This article has a screenshot of one of the actual Phishing messages. 

https://safernet.it/state-sponsored-hackers-cybersecurity/

----------


## harrybarracuda

They have been busy little bees.




> CISA, the Federal Bureau of Investigation, and the Department of the Treasury have released a Joint Cybersecurity Advisory and seven Malware Analysis Reports (MARs) on the North Korean government’s dissemination of malware that facilitates the theft of cryptocurrency—referred to by the U.S. Government as “AppleJeus.”
> The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA.
> CISA encourages users and administrators to review the following resources for more information.
> 
> Joint Cybersecurity Advisory: AppleJeus: Analysis of North Korea’s Cryptocurrency MalwareMAR-10322463-1.v1: AppleJeus – Celas Trade ProMAR-10322463-2.v1: AppleJeus – JMT TradingMAR-10322463-3.v1: AppleJeus – Union CryptoMAR-10322463-4.v1: AppleJeus – Kupay WalletMAR-10322463-5.v1: AppleJeus – CoinGoTradeMAR-10322463-6.v1: AppleJeus – DorusioMAR-10322463-7.v1: AppleJeus – Ants2WhaleNorth Korean Malicious Cyber Activity page


https://us-cert.cisa.gov/ncas/curren...vity-applejeus

----------


## TTraveler

The big guy can't feed his own people but has plenty of cash to train and/or hire some of the world's best hackers. Piece of work.

----------


## harrybarracuda

I don't normally post tweets but Microsoft don't normally use the word "rampant".




> We’re tracking a rampant phishing attack that uses DGA domains, free email services, and even compromised email accounts to send massive numbers of phishing emails. These emails are linked by open redirector URLs that begin with a distinct pattern: hxxps://t[.]domain[.]tld/r/?


https://twitter.com/MsftSecIntel/sta...62191304019968

----------


## harrybarracuda

A user on a popular hacker forum is selling three databases that purportedly contain user credentials and device data stolen from three different Android VPN services – SuperVPN, GeckoVPN, and ChatVPN – with 21 million user records being sold in total. 

https://cybernews.com/security/one-of-the-biggest-android-vpns-hacked-data-of-21-million-users-from-3-android-vpns-put-for-sale-online/?web_view=true

----------


## harrybarracuda

So stay away from Xerox multifunction printers then....




> A legal demand has allegedly prevented a security conference speaker from holding a talk on Xerox printers.
> 
> On February 18, a copy of a notice published by Infiltrate security conference organizers was posted to Twitter. The statement revealed that a planned talk by Raphaël Rigo, a security researcher from Airbus Security Lab, was canceled.
> 
> The presentation was due to happen on February 18 at 11:00 EST. However, with what appeared to be less than an hour to go, Infiltrate said the event was canceled and apologized for the inconvenience.
> 
> I regret to inform you that we received notification this morning that pending legal action we cannot present Raphaëls Xerox research, the notice from Infiltrate reads.
> 
> Sadly, we must cancel the event today. We must cease and desist publication, presentation, and discussions related to the content of Raphaëls talk.
> https://portswigger.net/daily-swig/xerox-legal-threat-reportedly-silences-researcher-at-infiltrate-security-conference

----------


## TTraveler

New ransomware doesn't demand money, but instead requires victims to join a Discord server.  And if you can't join the server, they decode your stuff anyway. Looks like someone is practicing for something bigger. 

https://www.bleepingcomputer.com/news/security/new-ransomware-only-decrypts-victims-who-join-their-discord-server/

----------


## Backspin

*
US Preparing Cyberattack Against Russia Over SolarWinds Hack: Report*According to a report from _The New York Times_, the Biden administration is *planning cyberattacks against Russia in the coming weeks*.  The cyber offensive could come with new sanctions and would mark a  serious escalation towards Moscow from the new administration.


Anonymous US officials told the _Times_ that the *first "major move" is expected to happen over the next three weeks*. It will consist of a "series of clandestine actions across Russian networks that are *intended to be evident to President Vladimir Putin* and his intelligence services and military but not to the wider world."


Watch all the Russophobes cheer this on. Yes ! Lets attack our only nuclear equal. Great idea !

----------


## TTraveler

> *
> US Preparing Cyberattack Against Russia Over SolarWinds Hack: Report*
> 
> 
> According to a report from _The New York Times_, the Biden administration is *planning cyberattacks against Russia in the coming weeks*.  The cyber offensive could come with new sanctions and would mark a  serious escalation towards Moscow from the new administration.
> 
> 
> Anonymous US officials told the _Times_ that the *first "major move" is expected to happen over the next three weeks*. It will consist of a "series of clandestine actions across Russian networks that are *intended to be evident to President Vladimir Putin* and his intelligence services and military but not to the wider world."
> 
> ...


What would your suggestion be for an alternative, safer action plan?

----------


## harrybarracuda

Chinkies next.

----------


## Bogon

> What would your suggestion be for an alternative, safer action plan?


Scrap Microsoft and move over to BlackBerry would be the best option.

----------


## harrybarracuda

> Scrap Microsoft and move over to BlackBerry would be the best option.


Wow what a cracking idea.

----------


## Bogon

^ The only suggested alternative so far, which means by default that it's the best.  :Smile:

----------


## harrybarracuda

Probably should have done that a bit earlier...




> *One-Click Microsoft Exchange On-Premises Mitigation Tool – March 2021*

----------


## harrybarracuda

Ouch




> *Acer reportedly hit with $50 million ransomware demand*The attack looks to be the work of the REvil group that hit Travelex last year


Acer reportedly hit with $50 million ransomware demand  - The Verge

----------


## harrybarracuda

Am I bad for laughing?




> *A Cyberattack Allegedly Knocked Insurance Giant CNA Offline*


_"CNA is one of the larger providers of cyber insurance in the country"._

----------


## TTraveler

> Am I bad for laughing?
> 
> 
> _"CNA is one of the larger providers of cyber insurance in the country"._


Laughter is probably the best response right about now, unless you have cyber insurance with CNA; then finding a new provider might be a better activity.

----------


## harrybarracuda

OK this is getting serious. Now the bastards are nicking your porn!

*'We have your porn collection': The rise of extortionware*

----------


## harrybarracuda

Big Oops.




> *Whistleblower: Ubiquiti Breach “Catastrophic”*


Whistleblower: Ubiquiti Breach “Catastrophic” —  Krebs on Security

----------


## harrybarracuda

*Facebook data on millions of user accounts leaked online in latest breach*Leaked data from 533 million Facebook users across the world was posted online. Information security experts believe the leaked information will be used for cybercrimes by bad actors.

Facebook data on millions of user accounts leaked online in latest breach | News | DW | 04.04.2021

----------


## harrybarracuda



----------


## TTraveler

> *Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities.*
> 
> Exploits allow hackers to log into VPNs and then access other network resources.


Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities | Ars Technica

----------


## harrybarracuda

> Feds say hackers are likely exploiting critical Fortinet VPN vulnerabilities | Ars Technica


None of these exploits are new and anyone getting hit by them deserves it for appalling security hygiene.



> advanced persistent threat (APT) actors are actively exploiting known Fortinet FortiOS vulnerabilities CVE-2018-13379, CVE-2020-12812, and CVE-2019-5591.

----------


## harrybarracuda

Now it's SAP's turn....

Malicious Cyber Activity Targeting Critical SAP Applications | CISA

----------


## TTraveler

> Now it's SAP's turn....
> 
> Malicious Cyber Activity Targeting Critical SAP Applications | CISA


I think this year everyone is going to get a turn.

----------


## harrybarracuda

And now LinkedIn...



> *Data scraped from 500 million LinkedIn users found for sale online*https://www.techrepublic.com/article/data-scraped-from-500-million-linkedin-users-found-for-sale-online/

----------


## TTraveler

> Pwn2Own 2021: Microsoft Exchange Server, macOS, Windows 10 and Teams Hacked
> 
> Winners of the first day have earned more than half a million already.


Pwn2Own 2021: Microsoft Exchange Server, macOS, Windows 10 and Teams Hacked

----------


## harrybarracuda

Probably by design....




> *Joker malware infects over 500,000 Huawei Android devices*
> 
> More than 500,000 Huawei users have downloaded from the companys official Android store applications infected with Joker malware that subscribes to premium mobile services.
> 
> Researchers found ten seemingly harmless apps in AppGallery that contained code for connecting to malicious command and control server to receive configurations and additional components.
> 
> A report from antivirus maker Doctor Web notes that the malicious apps retained their advertised functionality but downloaded components that subscribed users to premium mobile services.
> 
> To keep users in the dark the infected apps requested access to notifications, which allowed them to intercept confirmation codes delivered over SMS by the subscription service.
> ...

----------


## harrybarracuda

*Malicious code in APKPure app*Recently, we’ve found malicious code in version 3.17.18 of the official client of the APKPure app store. The app is not on Google Play, but it is itself a quite a popular app store around the world. Most likely, its infection is a repeat of the CamScanner incident, when the developer implemented a new adware SDK from an unverified source.
We notified the developers about the infection on April 8. APKPure confirmed the issue and promptly fixed it with the release of version 3.17.19.

Malicious code in APKPure app | Securelist

----------


## TTraveler

Another "dating service“ hack. If you are still in the closet, this could be a problem. 

"Men's social networking website and online dating application Manhunt has suffered a data breach. 


According to a security notice, the  20-year-old site was compromised in a cyber-attack that took place in  February 2021.


An unauthorized third party downloaded personal information  belonging to some Manhunt users after gaining access to the company's  account credential database.

The compromised database contained customers' usernames, email  addresses, and passwords. After discovering that a breach had occurred,  Manhunt performed a forced reset of all users' passwords.

Manhunt began notifying users of the security incident last  month. The company did not say how many of the approximately 6 million  men who use the site had been impacted by the attack."


Dating Service Suffers Data Breach - Infosecurity Magazine

----------


## deeks

^Have you warned snubby and antsy about it yet? :Smile:

----------


## TTraveler

> ^Have you warned snubby and antsy about it yet?


I was hoping someone else would!

----------


## TTraveler

Careful where you click...




> In perhaps one of the biggest phishing incidents targeting some of the world’s largest news organizations, hackers have created fake replica websites of news portals of 900 global news portals, including at least 57 from India including websites of The Hindu, NDTV, Hindustan Times, and News18 among many others and are using them to distribute malware and scam advertisements. 
> 
> Other  affected news portals include those belonging to Jagran, Moneycontrol,  DNA, Punjab Kesari, Jan Satta, First Post and Business Standard. Global  news portals that were targeted include portals of BBC, Washington Times, and The Australian among several others.


https://ciso.economictimes.indiatime...aders/82324228

----------


## baldrick

if you are really interested in computer and online security

you should read this and stop installing appliances on your edge - build only exactly what is needed

This Is How They Tell Me the World Ends: The Cyberweapons Arms Race  by Nicole Perlroth

https://www.goodreads.com/book/show/...SE4UQzz&rank=1

----------


## harrybarracuda

Not a lot of explanation there Baldrick. Has Zero Trust gone out of the window now then?

----------


## baldrick

ZTNA is useless if you are trusting vendor appliances

Build your appliances yourself with an OS and applications that you can trust . It seems the zero days seem to be mainly available for vendor devices.

Not withstanding your users opening doc files

----------


## harrybarracuda

Chinky bastards at it again.

Chinese TV maker: Yes, our Android TVs spied on customers [updated] | Tom's Guide

----------


## TTraveler

Appears that a Chinese company is behind a "a major coordinated scheme by Amazon vendors to procure fake reviews for their products."

Misconfigured Database Exposes 200K Fake Amazon Reviewers - Infosecurity Magazine

----------


## harrybarracuda

Chinky bastards at it again.




> Chinese threat groups continue to deploy new malware strains on the compromised network of dozens of US and EU organizations after exploiting vulnerable Pulse Secure VPN appliances.
> As FireEye threat analysts revealed last month, state-sponsored threat actors were exploiting a recently patched zero-day in the Pulse Connect Secure gateways.
> After compromising the targeted devices, they deployed malware to maintain long-term access to networks, collect credentials, and steal proprietary data.
> "We now assess that espionage activity by UNC2630 and UNC2717 supports key Chinese government priorities," FireEye said in a follow-up report published on Thursday.
> "Many compromised organizations operate in verticals and industries aligned with Beijing's strategic objectives outlined in China's recent 14th Five Year Plan."


Chinese cyberspies are targeting US, EU orgs with new malware

----------


## harrybarracuda

Might be a good time to buy shares in Tyson Foods...




> JBS Foods, a leading food company and the largest meat producer globally, had to shut down production at multiple sites worldwide following a cyberattack.
> The incident impacted multiple JBS production facilities worldwide over the weekend, including those from the United States, Australia, and Canada.
> JBS is currently the world's largest beef and poultry producer and the second-largest global pork producer, with operations in the United States, Australia, Canada, the United Kingdom, and more.
> The company has a team of 245,000 employees around the world, serving an extensive portfolio of brands including Swift, Pilgrim's Pride, Seara, Moy Park, Friboi, Primo, and Just Bare to customers from 190 countries on six continents.


Food giant JBS Foods shuts down production after cyberattack

----------


## TTraveler

> Might be a good time to buy shares in Tyson Foods...
> 
> Food giant JBS Foods shuts down production after cyberattack


June 1st: "Happy cow day."

----------


## TTraveler

Seems the US is starting to take Ransomware seriously now:

US to Treat Ransomware Like Terrorism: US to Treat Ransomware Like Terrorism - Infosecurity Magazine

----------


## harrybarracuda



----------


## TTraveler

Ah, I remember those from years ago. As a teen, I'd fill the whole thing out. Bad choices.

----------


## TTraveler

Looks like we aren't going to see an end to price increases and supply shortages any time soon.

Cyberattacks on Transportation and Logistics System Witness a Surge           
https://cyware.com/news/cyberattacks...surge-10d94d2b

----------


## harrybarracuda

Audi and Volkswagen have suffered a data breach affecting 3.3 million customers after a vendor exposed unsecured data on the Internet.
Volkswagen Group of America, Inc. (VWGoA) is the North American subsidiary of the German Volkswagen Group. It is responsible for US and Canadian operations for Volkswagen, Audi, Bentley, Bugatti, Lamborghini, and VW Credit, Inc.
According to data breach notifications filed with the California and Maine Attorney General's office, VWGoA disclosed that a vendor left unsecured data exposed on the Internet between August 2019 and May 2021.
On March 20th, VWGoA was notified by the vendor that an unauthorized person had accessed the data and may have obtained the customer information for Audi, Volkswagen, and some authorized dealers.
VWGoA states that the breach involved 3.3 million customers, with over 97% of those affected relating to Audi customers and interested buyers.
The data exposed varies per customer but could range from contact information to more sensitive information such as social security numbers and loan numbers.
"The data included some or all of the following contact information about you: first and last name, personal or business mailing address, email address, or phone number. In some instances, the data also included information about a vehicle purchased, leased, or inquired about, such as the Vehicle Identification Number (VIN), make, model, year, color, and trim packages," explains the VWGoA data breach notification first reported by TechCrunch.
"The data also included more sensitive information relating to eligibility for a purchase, loan, or lease. More than 95% of the sensitive data included was driver’s license numbers. There were also a very small number of dates of birth, Social Security or social insurance numbers, account or loan numbers, and tax identification numbers."
For those customers 90,000 customers who had more sensitive information exposed, Volkswagen is providing free credit protection and monitoring services, including $1 million of insurance against identity theft.
VWGoA began notifying affected customers and prospective customers yesterday via mail and warn that customers should be on the lookout for suspicious emails, calls, or texts.

Audi, Volkswagen data breach affects 3.3 million customers

----------


## TTraveler



----------


## Cujo

Did buttplug ever rise to the challenge and hack Harrys passwords ?

----------


## harrybarracuda

> Did buttplug ever rise to the challenge and hack Harrys passwords ?


If you had to sum up buttplug's hacking skills in a pic...

----------


## harrybarracuda

A very simple tutorial on how to turn on Windows 10's built in Ransomware Protection.

How to Turn on Windows 10 Ransomware Protection | Digital Trends

----------


## TTraveler

> A very simple tutorial on how to turn on Windows 10's built in Ransomware Protection.
> 
> How to Turn on Windows 10 Ransomware Protection | Digital Trends


Good info, good timing.

----------


## TTraveler

I get why they're doing it, but not sure how I feel about the ethics of it. 

"Vigilante malware stops victims from visiting piracy websites"

Vigilante malware stops victims from visiting piracy websitesSecurity Affairs

----------


## misskit

WASHINGTON (AP)  A ransomware attack paralyzed the networks of at least 200 U.S. companies on Friday, according to a cybersecurity researcher whose company was responding to the incident.


The REvil gang, a major Russian-speaking ransomware syndicate, appears to be behind the attack, said John Hammond of the security firm Huntress Labs. He said the criminals targeted a software supplier called Kaseya, using its network-management package as a conduit to spread the ransomware through cloud-service providers. Other researchers agreed with Hammonds assessment.


Kaseya handles large enterprise all the way to small businesses globally, so ultimately, (this) has the potential to spread to any size or scale business, Hammond said in a direct message on Twitter. This is a colossal and devastating supply chain attack.


Such cyberattacks typically infiltrate widely used software and spread malware as it updates automatically.


It was not immediately clear how many Kaseya customers might be affected or who they might be. Kaseya urged customers in a statement on its website to immediately shut down servers running the affected software. It said the attack was limited to a small number of its customers.


Brett Callow, a ransomware expert at the cybersecurity firm Emsisoft, said he was unaware of any previous ransomware supply-chain attack on this scale. There have been others, but they were fairly minor, he said.


This is SolarWinds with ransomware, he said. He was referring to a Russian cyberespionage hacking campaign discovered in December that spread by infecting network management software to infiltrate U.S. federal agencies and scores of corporations.


Cybersecurity researcher Jake Williams, president of Rendition Infosec, said he was already working with six companies hit by the ransomware. Its no accident that this happened before the Fourth of July weekend, when IT staffing is generally thin, he added.


Theres zero doubt in my mind that the timing here was intentional, he said.


Hammond of Huntress said he was aware of four managed-services providers  companies that host IT infrastructure for multiple customers  being hit by the ransomware, which encrypts networks until the victims pay off attackers. He said thousand of computers were hit.


We currently have three Huntress partners who are impacted with roughly 200 businesses that have been encrypted, Hammond said.


Hammond wrote on Twitter: Based on everything we are seeing right now, we strongly believe this (is) REvil/Sodinikibi. The FBI linked the same ransomware provider to a May attack on JBS SA, a major global meat processer.


The federal Cybersecurity and Infrastructure Security Agency said in a statement late Friday that it is closely monitoring the situation and working with the FBI to collect more information about its impact.


CISA urged anyone who might be affected to follow Kaseyas guidance to shut down VSA servers immediately. Kaseya runs whats called a virtual system administrator, or VSA, thats used to remotely manage and monitor a customers network.


The privately held Kaseya says it is based in Dublin, Ireland, with a U.S. headquarters in Miami. The Miami Herald recently described it as one of Miamis oldest tech companies in a report about its plans to hire as many as 500 workers by 2022 to staff a recently acquired cybersecurity platform.


Brian Honan, an Irish cybersecurity consultant, said by email Friday that this is a classic supply chain attack where the criminals have compromised a trusted supplier of companies and have abused that trust to attack their customers.


He said it can be difficult for smaller businesses to defend against this type of attack because they rely on the security of their suppliers and the software those suppliers are using.


The only good news, said Williams, of Rendition Infosec, is that a lot of our customers dont have Kaseya on every machine in their network, making it harder for attackers to move across an organizations computer systems.


That makes for an easier recovery, he said.


Active since April 2019, the group known as REvil provides ransomware-as-a-service, meaning it develops the network-paralyzing software and leases it to so-called affiliates who infect targets and earn the lions share of ransoms.


REvil is among ransomware gangs that steal data from targets before activating the ransomware, strengthening their extortion efforts. The average ransom payment to the group was about half a million dollars last year, said the Palo Alto Networks cybersecurity firm in a recent report.


Some cybersecurity experts predicted that it might be hard for the gang to handle the ransom negotiations, given the large number of victims  though the long U.S. holiday weekend might give it more time to start working through the list.


Ransomware hits hundreds of US companies, security firm says

----------


## harrybarracuda

Damn, if only there was a Security News thread for things like this... :Smile:

----------


## TTraveler

Wonder if this will destroy Kaseya or make it stronger. 

Solarwinds, though it's become a byword for supply chain attacks, doesn't appear to be struggling too much.

----------


## TTraveler

Update: "Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly"

Kaseya Rules Out Supply-Chain Attack; Says VSA 0-Day Hit Its Customers Directly

----------


## harrybarracuda

D-Link has issued a firmware hotfix to address multiple vulnerabilities in the DIR-3040 AC3000-based wireless internet router.

Following successful exploitation, they can let attackers execute arbitrary code on unpatched routers, gain access to sensitive information or crash the routers after triggering a denial of service state.

The DIR-3040 security flaws discovered and reported by Cisco Talos security researcher Dave McDaniel include hardcoded passwords, command injection, and information disclosure bugs.

D-Link issues hotfix for hard-coded password router vulnerabilities

----------


## harrybarracuda

Chinky bastards at it again.




> CISA, the Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) have observed increasingly sophisticated Chinese state-sponsored activity targeting U.S. political, economic, military, educational, and critical infrastructure personnel and organizations. In response:
> 
> 
> The White House has released a statement attributing recent Microsoft Exchange server exploitation activity to the Peoples Republic of China (PRC).
> 
> 
> 
> The Department of Justice has indicted four Chinese cyber actors from the advanced persistent threat (APT) group APT40 for malicious cyber activities, carried out on orders from PRC Ministry of State Security (MSS) Hainan State Security Department (HSSD). These activities resulted in the theft of trade secrets, intellectual property, and other high-value information from companies and organizations in the United States and abroad, as well as from multiple foreign governments.
> 
> ...

----------


## lom

> Microsoft Exchange server


a fitting name for that product, innit?  :Smile:

----------


## TTraveler

> Chinky bastards at it again.


I don't get why China denies any involvement. One would think such hacking feats would bring glory to the nation, the party, or something.

----------


## TTraveler

More printer vulnerabilities: "Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug."

Hundreds of millions of HP, Xerox, and Samsung printers vulnerable to new bug - The Record by Recorded Future

----------


## harrybarracuda

Well shit.




> The world woke up on Tuesday to two new vulnerabilities—one in Windows and the other in Linux—that allow hackers with a toehold in a vulnerable system to bypass OS security restrictions and access sensitive resources.
> 
> As operating systems and applications become harder to hack, successful attacks typically require two or more vulnerabilities. 
> 
> One vulnerability allows the attacker access to low-privileged OS resources, where code can be executed or sensitive data can be read. 
> 
> A second vulnerability elevates that code execution or file access to OS resources reserved for password storage or other sensitive operations. The value of so-called local privilege escalation vulnerabilities, accordingly, has increased in recent years.


Two-for-Tuesday vulnerabilities send Windows and Linux users scrambling | Ars Technica

----------


## baldrick

> and the other in Linux





> 1/ We mkdir() a deep directory structure (roughly 1M nested directories)


you wouldn't want to do that manually

----------


## harrybarracuda

> you wouldn't want to do that manually


As someone pointed out, I'm surprised that didn't blow up the system.

----------


## harrybarracuda

Chinky bastards at it again.




> Chinese state-sponsored attackers have breached 13 US oil and natural gas (ONG) pipeline companies between December 2011 to 2013 following a spear-phishing campaign targeting their employees.
> The end goal of the attacks was to help China develop cyberattack capabilities that would allow future intrusions to physically damage targeted pipelines or disrupt US pipeline operations.


Chinese state hackers breached over a dozen US pipeline operators

----------


## TTraveler

At this rate, one must assume that China/Russia/NK or whoever has accessed pretty much everything there is to access. I'm sure the things we hear about in the news are just the tip of the iceberg of what's actually known. And what's known but not revealed by companies and governments is probably only the tip of the iceberg on intrusions as a whole, most of which go undetected.

----------


## baldrick

> has accessed pretty much everything there is to access


everything that is easy to access




> China state hackers are compromising large numbers of home and office routers for use in a vast and ongoing attack against organizations in France, authorities from that county said.


Home and office routers come under attack by China state hackers, France warns | Ars Technica

if you are forced to use an ISP supplied router to connect , then be sure to put your own router behind it for your local network

----------


## harrybarracuda

> if you are forced to use an ISP supplied router to connect , then be sure to put your own router behind it for your local network


Especially if your ISP supplied router is a Huawei.

----------


## harrybarracuda

*StrongPity APT targets Android devices.*Researchers at Trend Micro say the StrongPity APT is developing and deploying Android backdoors for the first time. The threat actor is using compromised websites as watering-holes to trick users into installing malicious Android apps:
"There are no known public reports of StrongPity using malicious Android applications in their attacks at the time of writing. In order to strengthen our confidence in the accuracy of our attribution to StrongPity, we decided to further examine some of their samples that were used to target Microsoft Windows platforms and see if we could identify similar tools, tactics, and procedures (TTPs) in their actions.
"Just as we have seen with the Android apps, the StrongPity group favors repacking benign installers to produce trojanized versions of these applications. Likewise, the main function of these backdoors is to search, harvest, and exfiltrate files from the victim’s computers."

https://thecyberwire.com/newsletters...-briefing/3/30

----------


## TTraveler

China is changing the meaning of security as we know it. instead of keeping information safe from 3rd parties, to China, security means making information easily accessible to government organs. At least that's how I interpret this activity. 




> *Tencent suspends signups to WeChat, citing 'security upgrade' and need to comply with Chinese laws* *Promises everything will be back to normal sometime in early August*


Tencent suspends signups to WeChat, citing 'security upgrade' and need to comply with Chinese laws • The Register

----------


## harrybarracuda

> China is changing the meaning of security as we know it. instead of keeping information safe from 3rd parties, to China, security means making information easily accessible to government organs. At least that's how I interpret this activity. 
> 
> 
> 
> Tencent suspends signups to WeChat, citing 'security upgrade' and need to comply with Chinese laws • The Register


No, you're right, the chinky bastards demand access to company networks pretending that it's for "security".

It's all part of their IP theft approach to doing business.

----------


## harrybarracuda

Be careful with your Kindle and "free" ebooks. Attackers can now insert malware and take control of your Kindle and possibly Amazon account.




> Your Amazon Kindle and your Amazon account could be hacked by just opening a single ebook, according to research published Friday as part of the DEF CON security conference taking place in Las Vegas this week.
> 
> Once the malicious book is opened, a remote hacker could delete all books on the device and could steal the authentication token used to get into an Amazon account, according to the proof of concept attack developed by researchers at Israel-based cybersecurity company Check Point. Equipped with these tokens the attacker would now be able to access the victims Amazon account and perform anything on his behalf, said Yaniv Balmas, head of cyber research at Check Point. An attacker could have also used the Kindle as a launchpad for attacking other devices on a local WiFi network.


Amazon Kindle Hack Needs Just One Evil Ebook To Take Over Your EreaderAnd Maybe Your Amazon Account Too

----------


## baldrick

> No, you're right, the chinky bastards demand access to company networks pretending that it's for "security".


they will soon be able to see butterfluffers arsehole when they get access to the photos on his iphone

----------


## harrybarracuda

*Actively exploited bug bypasses authentication on millions of routers

"Vulnerable devices include dozens of router models from multiple vendors and ISPs, including Asus, British Telecom, Deutsche Telekom, Orange, O2 (Telefonica), Verizon, Vodafone, Telstra, and Telus.*Based on the number of router models and the long list of vendors impacted by this bug, the total number of devices exposed to attacks likely reaches millions of routers."

Actively exploited bug bypasses authentication on millions of routers

Multiple Vulnerabilities in Buffalo and Arcadyan manufactured routers - Research Advisory | Tenable(R)

----------


## harrybarracuda

Malware attacks on Synology NAS.

Synology warns of malware infecting NAS devices with ransomware

----------


## baldrick

no words




> only allow public ports for... 
> 
> brute force capabilities that enable it to log into Internet-exposed devices ....

----------


## TTraveler

I'm going to count this as good news. 




> A disgruntled Conti affiliate has leaked the gang's training material  when conducting attacks, including information about one of the  ransomware's operators. The Conti Ransomware operation is run as a ransomware-as-a-service  (RaaS), where the core team manages the malware and Tor sites, while  recruited affiliates perform network breaches and encrypt devices.
>  As part of this arrangement, the core team earns 20-30% of a ransom payment, while the affiliates earn the rest.
> The affiliate said they posted the material as he was only paid $1,500  as part of an attack, while the rest of the team are making millions and  promising big payouts after a victim pays a ransom.


https://www.bleepingcomputer.com/news/security/angry-conti-ransomware-affiliate-leaks-gangs-attack-playbook/

----------


## baldrick



----------


## harrybarracuda

They forgot the CVV.

Meanwhile...

----------


## harrybarracuda

T-Mobile is looking to claims of a potential hack of personal data from more than 100 million of its customers.
The telecommunications company confirmed Monday that there was unauthorized access to T-Mobile data, but they “have not yet determined that there is any personal customer data involved,” a T-Mobile spokesperson said in an email.
A hacker on an online forum claimed to be selling T-Mobile customers’ private data, including names, Social Security numbers, addresses, phone numbers and drivers license information. Vice’s Motherboard first reported the incident and confirmed the data appeared to be that of T-Mobile customers.



T-Mobile is looking into a hack of 100 million customers’ data. Here’s what to do if you think that your data was leaked - MarketWatch

----------


## TTraveler

Update on T-Mobile's little disaster. 




> T-Mobile discovered the breach when hackers started to sell T-Mobile  customers’ user data on a dark web forum. The hackers claimed to have  over 100 million users’ private data when they spoke to Vice on Sunday,  15th August. In response, T-Mobile began an investigation and closed  the vulnerability on Monday, confirming the hack but not revealing the  scope of the damage. By Wednesday, 18th August, T-Mobile confirmed that a  breach of over 40 million users’ data had taken place.
> 
> According  to several sources, including the hackers themselves, the breach  includes SSNs as well as driver’s licenses. In some cases, the data may  also include account PINs as well. This breach has affected current,  past, and potential customers of T-Mobile.


The below article has links to resources to help those affected, in addition to more info about the attack.

T-Mobile Data Breach: Is Your Data Safe?

----------


## DC101

Why on earth would you give your driving license to T-mobile anyways?

----------


## harrybarracuda

> Why on earth would you give your driving license to T-mobile anyways?


Photo ID?

----------


## DC101

> Photo ID?


There are ways around it

----------


## harrybarracuda

> There are ways around it


Ways around what?

----------


## harrybarracuda

SteelSeries and Razer users should update drivers and software.

SteelSeries bug gives Windows 10 admin rights by plugging in a device (bleepingcomputer.com)

----------


## TTraveler

21-year-old tells WSJ he was behind massive T-Mobile hack, calls T-Mobile security "awful."

21-year-old tells WSJ he was behind massive T-Mobile hack | ZDNet

----------


## TTraveler

Where the people are sick, the security is sick also. It seems Thai hospitals are becoming a favorite target of hackers lately. 

Additionally Thailand's cyber security rating is falling fast! A bad sign for everyone, not just hospitals.




https://www.bangkokpost.com/business...t-data-robbery

----------


## harrybarracuda

*Apple issues emergency software update after discovery of 'zero click' malware*

Apple has issued an emergency software update after a flaw was found that allows spyware attributed to Israel's NSO Group to infect an iPhone, Apple Watch, or Mac computer without the user having to click on anything.

The malware was found on the phone of an unidentified Saudi activist by Canadian internet security watchdog Citizen Lab.

It is the first time that a "zero-click" exploit - which affects all of the phone's operating systems - has been caught and analysed.

The phone is thought to have been infected in February, although the researchers discovered the malicious code on 7 September and immediately alerted Apple.

Ivan Krstić, head of Apple security engineering and architecture, said: "After identifying the vulnerability used by this exploit for iMessage, Apple rapidly developed and deployed a fix in iOS
14.8 to protect our users.

"Attacks like the ones described are highly sophisticated, cost millions of dollars to develop, often have a short shelf life, and are used to target specific individuals."

"While that means they are not a threat to the overwhelming majority of our users, we continue to work tirelessly to defend all our customers, and we are constantly adding new protections for their devices and data," he added.

Citizen Lab researcher Bill Marczak said there was high confidence that Israeli surveillance firm NSO Group was behind the attack, although it was "not necessarily" being attributed to the Saudi government.

In a statement to Reuters, NSO did not confirm or deny that it was behind the technique, saying only that it would "continue to provide intelligence and law enforcement agencies around the world with life-saving technologies to fight terror and crime".

Citizen Lab has previously found evidence of zero-click malware being used to hack the phones of some journalists and other targets but Mr Marczak said this was the first time one had been captured "so we can find out how it works".

Security experts have said that the average user does not need to be too concerned, as such attacks tend to be highly targeted, but the exploit was still alarming.

Mr Marczak said that malicious files were put on the Saudi activist's phone via the iMessage app before the phone was hacked with NSO's Pegasus spyware.

This meant the phone was able to spy on its user, without them even knowing.

Citizen Lab researcher John Scott-Railton said: "Popular chat apps are at risk of becoming the soft underbelly of device security. Securing them should be top priority."

In July it was reported that NSO Group's spyware had been used to target journalists, political dissidents and human rights activists.

NSO Group says that its spyware is only used by governments to hack the mobile phones of terrorists and serious criminals, but a leaked list featuring more than 50,000 phone numbers of interest to the company's clients suggested that it is being used much more broadly.

More than 1,000 individuals in 50 countries were allegedly selected for potential surveillance - including 189 journalists and more than 600 politicians and government officials, according to Paris-based journalism non-profit Forbidden Stories and Amnesty International, as well as their media partners.

Mr Marczak said on Monday: "If Pegasus was only being used against criminals and terrorists, we never would have found this stuff."

It has also been reported that the FBI is investigating NSO Group, and Israel has set up a senior inter-ministerial team to examine the allegations surrounding how the spyware is being used.

https://news.sky.com/story/apple-issues-emergency-software-update-after-discovery-of-zero-click-malware-12407471

----------


## harrybarracuda

And two 0-days in Chrome as well.

Time to "Help -> About"....

Google patches 10th Chrome zero-day exploited in the wild this year

----------


## TTraveler

"WTF I thought this was a free service, but I'm getting charges on my cards after checking"

----------


## harrybarracuda

Netgear has released new firmware to fixed a Remote Code Execution vulnerability.

Apply ASAP. Affected models in the link.

Security Advisory for Remote Code Execution on Some Routers, PSV-2021-0204 | Answer | NETGEAR Support

----------


## harrybarracuda

Well that seems like an eminently sensible idea.




> American search engine giant Google is rolling out the latest privacy feature that auto-resets permission for apps that haven’t been used for months.
> According to the company, this feature will automatically revoke the permission for inactive apps to access sensitive device features, including SMS messages, sensors, and contact lists.




Google to Auto-Reset Inactive Android App Permissions for Billions of Devices

----------


## harrybarracuda

This doesn't affect me in the slightest but it might get some people TWITCHING!

(Do you see what I did there?)

If it's true, no-one respectable has got hold of it yet.





> *ALL TWITCH DATA HAS APPARENTLY LEAKED INCLUDING ENCRYPTED PASSWORDS AND PAY-OUT INFORMATION*


All Twitch Data Has Apparently Leaked Including Encrypted Passwords And Pay-Out Information



Added: The Verge say it's legit

----------


## harrybarracuda

This is a worry.




> "The developers of these malicious documents have made considerable effort to obfuscate malicious code, achieving zero detections on VirusTotal."




Russian cybercrime gang targets finance firms with stealthy macros

----------


## harrybarracuda

Doh!




> Last week, threat actors known as 'Desorden' emailed journalists to say they hacked Acer India's servers and stole data, including customer information.
> 
> Acer later confirmed the breach but stated it was an "isolated attack," affecting only their after-sales service systems in India.
> 
> Less than a week later, Desorden emailed BleepingComputer to say they breached Acer Taiwan's servers on October 15th and stole employee and product information.
> 
> They also shared images of an internal Acer Taiwan portal and CSV files containing login credentials for Acer employees.


Acer hacked twice in a week by the same threat actor

----------


## harrybarracuda

Critical Vulnerabilities in Chrome being actively exploited.

Update NOW.

Google Releases Urgent Chrome Update to Patch 2 Actively Exploited 0-Day Bugs

----------


## harrybarracuda

A luxury hotel chain in Thailand is reporting a data breach thanks to a notorious group of cybercriminals who have been behind a spate of attacks in recent weeks. 
Thirayuth Chirathivat, CEO of Centara Hotels & Resorts, said in a statement that on October 14, they were "made aware" of a cyberattack on the hotel chain's network.
An investigation confirmed that cyberattackers had in fact breached their system and accessed the data of some customers. The data accessed includes names, booking information, phone numbers, email addresses, home addresses and photos of IDs. 
The company did not say if the IDs accessed included passports, which are often asked for by hotels like Centara Hotels & Resorts.
"Whilst the breach has been successfully contained, the investigation into the source, root cause and complete extent of the incident remains ongoing, and we will provide more information when it becomes available," Chirathivat said.
Chirathivat went on to urge the hotel's customers to "change their passwords as soon as possible, and to remain aware of any suspicious or unsolicited calls and/or emails requesting personal information." 
"We can confirm that we at Centara Hotels & Resorts will not be contacting you to ask for any personal identifiable information," Chirathivat added, noting that anyone with questions should email or call the hotel. 
The Desorden Group -- which claimed responsibility for two recent attacks on laptop maker Acer -- said it was behind the attack on Centara Hotels & Resorts. 
In addition to the hack on Centara Hotels & Resorts, Desorden claimed to have breached the servers of Central Group, which owns the hotel chain and more than 2,000 restaurants across Thailand. That breach involved 80GBs of files, including personal information of customers and business details of each restaurant. 
In messages to ZDNet, the group claimed the hotel hack was part of the larger attack on Central Group. Central Group is owned by the Chirathivat family, who are worth $11.6 billion. The family, led by Tos Chirathivat, controls thousands of food, fashion, property and building materials businesses across Thailand.
The hacker group, which has attacked a number of companies across Asia in recent years, would not respond to questions about whether this was a ransomware attack but claimed they "basically brought down their entire backend, which consists of 5 servers."
They said they stole 400GB of files over the course of 10 days and added that the data includes information about anyone who stayed at any of the 70 luxury hotels owned by the Thai conglomerate between 2003 and 2021. They claimed the data includes people's passport numbers and ID numbers. There was even data from people who booked in advance until December 2021.
The stolen files also allegedly include business data and employee information. 
The group tried to claim that they were "assisting" the hotel by showing them how they might "mitigate future attacks" and said they were the ones who notified the company that they had been hacked. 
Operators connected to Desorden said they were negotiating a ransom payment of $900,000, but the company backed out of the deal on Tuesday. The group is now threatening to leak the information. 
Centara Hotels & Resorts and Central Restaurants Group did not respond to requests for comment about the claims made by the hackers. 
The Desorden Group also claimed an attack on the Malaysian servers of ABX Express Enterprise in September. 

Luxury hotel chain in Thailand reports data breach | ZDNet

----------


## harrybarracuda

Anyone using Godaddy Managed Wordpress Servers?


Document

----------


## harrybarracuda

I love the euphemism:_ "Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store"_

which translates to "_Caught the chinky spying bastards at it and watched to make sure they removed the identified apps from their store_".





> A large-scale malware campaign on Huawei's AppGallery has led to approximately 9,300,000 installs of Android trojans masquerading as over 190 different apps.
> 
> The trojan is detected by Dr.Web as 'Android.Cynos.7.origin' and is a modified version of the Cynos malware designed to collect sensitive user data.
> 
> The discovery and report come from researchers at Dr. Web AV, who notified Huawei and helped them remove the identified apps from their store.
> 
> However, those who installed the apps on their devices will still have to remove them from their Android devices manually.
> *
> Trojan disguised as game apps*
> ...

----------


## harrybarracuda

Convicts being a bit nosey ....




> A man who was forced to hand over his phone and passcode to Australian Border Force after returning to Sydney from holiday has labelled the tactic an absolute gross violation of privacy, as tech advocates call for transparency and stronger privacy protections for peoples devices as they enter the country.
> 
> Software developer James and his partner returned from a 10-day holiday in Fiji earlier this month and were stopped by border force officials at Sydney airport. They were taken aside, and after emptying their suitcases, an official asked them to write their phone passcodes on a piece of paper, before taking their phones into another room.
> 
> It was half an hour before their phones were returned, and they were allowed to leave. James initially posted about his ordeal on Reddit.
> 
> We werent informed why they wanted to look at the phones. We were told nothing, he told Guardian Australia.
> Who knows what theyre taking out of it? With your phone and your passcode they have everything, access to your entire email history, saved passwords, banking, Medicare, myGov. Theres just so much scope.
> 
> ...

----------


## harrybarracuda

If you own one of these pitiful devices, best to get on this straight away.




> Apple has announced the discovery of a serious security vulnerability for iPhones, iPads and Macs which could potentially allow attackers to take complete control of a victim's devices.
> 
> Fortunately the announcement came as Apple released a security update that would prevent the attack from taking place.
> 
> To install this security update, you can go to the Settings App, then General, then Software Updates.
> The latest version of iOS and iPadOS is 15.6.1, while macOS is on 12.5.1.
> 
> According to Apple the vulnerability could have been exploited by "processing web content", meaning accessing a web page which contained malicious code.
> 
> ...

----------


## harrybarracuda

If you're using Chrome, and are stupid enough not have updates turned on, then check for updates - and turn on automatic updates.

Google Confirms Chrome Zero-Day #5 As CVE-2022-2856 Attacks Begin

----------


## harrybarracuda

*Netgear warns users to patch recently fixed WiFi router bug
Netgear has fixed a high-severity vulnerability affecting multiple WiFi router models and advised customers to update their devices to the latest available firmware as soon as possible.
The flaw impacts multiple Wireless AC Nighthawk, Wireless AX Nighthawk (WiFi 6), and Wireless AC router models.
Although Netgear did not disclose any information about the component affected by this bug or its impact, it did say that it is a pre-authentication buffer overflow vulnerability.
The impact of a successful bufferoverflow exploitation can range from crashes following denial of service to arbitrary code execution, if code execution is achieved during the attack.
Attackers can exploit this flaw in low-complexity attacks without requiring permissions or user interaction.
In a security advisory published on Wednesday, Netgear said it "strongly recommends that you download the latest firmware as soon as possible."
The list of vulnerable routers and the patched firmware versions can be found in the table below.


Vulnerable Netgear router
Patched firmware version

RAX40
Firmware version 1.0.2.60

RAX35
Firmware version 1.0.2.60

R6400v2
Firmware version 1.0.4.122

R6700v3
Firmware version 1.0.4.122

R6900P
Firmware version 1.3.3.152

R7000P
Firmware version 1.3.3.152

R7000P
Firmware version 1.0.11.136

R7960P
Firmware version 1.4.4.94

R8000P
Firmware version 1.4.4.94




*https://www.bleepingcomputer.com/news/security/netgear-warns-users-to-patch-recently-fixed-wifi-router-bug/

----------

