Page 2 of 44 FirstFirst 1234567891012 ... LastLast
Results 26 to 50 of 1081
  1. #26
    Dislocated Member
    Neo's Avatar
    Join Date
    May 2011
    Last Online
    31-10-2021 @ 03:34 AM
    Location
    Nebuchadnezzar
    Posts
    10,609
    Got it cheers

  2. #27
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    But remember that anyone can hack your phone.


  3. #28
    RIP pseudolus's Avatar
    Join Date
    Jan 2012
    Last Online
    @
    Posts
    18,083
    Quote Originally Posted by Neo View Post
    Car theft in the UK has been reduced by 90% in the last 20 years, car crime now being organised rather than random due to the preventative systems that have been put in place, yet manufacturers are rushing to embrace technology that leaves car security wide open to abuse and even simpler to circumvent than 20 years ago.

    Go figure.
    indeed - every time I see google chrome having problems it scares the shit out of me that they are building cars. Couple to which, you will have retarded gayboys like IT Boy harry doing the repairs.

  4. #29
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Quote Originally Posted by pseudolus View Post
    indeed - every time I see google chrome having problems it scares the shit out of me that they are building cars.
    Poor pseudopuss,

    How do you sleep at night worrying about all this shit?

    P.S. I would be more scared of Internet-enabled medical devices.


  5. #30
    Dislocated Member
    Neo's Avatar
    Join Date
    May 2011
    Last Online
    31-10-2021 @ 03:34 AM
    Location
    Nebuchadnezzar
    Posts
    10,609

  6. #31
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    FFS....

    $10 router blamed in Bangladesh bank hack
    22 April 2016

    Hackers managed to steal $80m (£56m) from Bangladesh's central bank because it skimped on network hardware and security software, reports Reuters.
    The bank had no firewall and used second-hand routers that cost $10 to connect to global financial networks.

    $10 router blamed in Bangladesh bank hack - BBC News

  7. #32
    Pronce. PH said so AGAIN!
    slackula's Avatar
    Join Date
    Jul 2009
    Last Online
    @
    Location
    Behind a slipping mask of sanity in Phuket.
    Posts
    9,088
    Quote Originally Posted by harrybarracuda
    The bank had no firewall and used second-hand routers that cost $10 to connect to global financial networks.
    Since abut 80% of bangladesh seems to be either underwater or suffering from a drought at any given time it's understandable they'd try and save money and all.

    What isn't understandable is how the fuck anybody decided that allowing them into the global financial system would be a good idea.
    bibo ergo sum
    If you hear the thunder be happy - the lightening missed.
    This time.

  8. #33
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Good to see the Mexicans go after the first white hat they could find. Must be taking lessons from the Thais....


    And they've got their fingerprints, which now renders them fucking useless.


    A website that claims to contain the full database of hacked Filipino voter data has appeared online.

    The hacking of the Philippines's voter registration system and database is believed to be the biggest data breach in government history, with more than 55 million people affected. On Thursday the website wehaveyourdata.com claimed to provide easy, searchable access to all the stolen data.

    The site, which is offline at the time of writing, displays full names, addresses and passport numbers and fingerprint data of millions of Filipino voters. Other data contained in the breach and being displayed by the site includes the height and weight of voters and maternal and paternal names.

    The Philippines' Commission on Elections (Comelec), the body at the centre of the data breach, continues to refuse to verify if any of the leaked data is legitimate.

    Security researcher Troy Hunt, who has verified other uploads of the database posted online, said the site "appears to be consistent with the data breach". The site containing the hacked data was making money by displaying banner ads, he noted. Security firm Malwarebytes also said it had verified the legitimacy of the data. Hunt had earlier described the data breach as "freaking huge". "If you lose a password you can change it," he told WIRED on April 14. "You can't change a fingerprint."

    In a statement, those behind the website said they created it because "it would be fun to make a search engine" of the leaked data. "Maybe, at least now, government will start thinking about security of citizens’ personal data", the statement continued.

    On Wednesday 23-year-old IT graduate Paul Biteng was arrested in Manila in connection with the attack. The country's National Bureau of Investigation (NBI) claimed Biteng was a prominent figure in a local network of hackers who used the handle PhantomHacker Khalifa. According to NBI cybercrime division chief Ronald Aguto, Biteng claimed he had "no intention to harm" the voter data website.


    His arrest has caused confusion in the security community, with some pointing out Biteng's track-record as a white hat hacker best known for helping companies and organisations find and fix flaws. Biteng's name is featured on an official Facebook list of people who made "responsible" disclosures" of security vulnerabilities to the site. A June 2014 list published by Microsoft to thank people who privately disclosed security vulnerabilities also lists Biteng.
    Massive Philippines data breach now searchable online (Wired UK)

  9. #34
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Hundreds of Spotify credentials appear online – users report accounts hacked, emails changed
    Posted 15 minutes ago by Sarah Perez

    A list containing hundreds of Spotify account credentials – including emails, usernames, passwords, account type and other details – has popped up on the website Pastebin, in what appears to be a possible security breach. After reaching out to a random sampling of the victims via email, we’ve confirmed that these users’ Spotify accounts were compromised only days ago. However, Spotify claims that it “has not been hacked” and its “user records are secure.”

    It’s unclear, then, where these particular account details were acquired, given that they are specific to Spotify, rather than a set of generic credentials that just happen to work on Spotify.

    In addition to the email and login information, the Pastebin post also details the type of account (e.g. Family, Premium), when the subscription auto-renews, and the country where the account was created. The list of accounts is not limited to the U.S., but includes a number of users from all over the world.

    Spotify has dealt with security incidents in the past, so one can’t immediately assume that a list of emails like this is related to a new data breach. It could have been that a list of previously compromised accounts is still circulating. And only one of the accounts we tried actually permitted a login, which also left room for doubt about the recency of this particular incident.

    But the victims we reached out to told us otherwise.

    So far, a half a dozen have responded, confirming that they did experience a Spotify account breach last week. They became aware of the breach in a number of ways – for example, one said he found songs added to his saved songs list that he hadn’t added.

    Another also found his account had been used by an unknown third-party.

    “I suspected my account had been hacked last week as I saw ‘recently played’ songs that I’d never listened to, so I changed my password and logged out of all devices,” the victim, who preferred to remain anonymous, told us.

    Several others said they were kicked out of Spotify – one even in the middle of streaming music.

    When trying to log back in, these users found that their account email had been changed to a new email address not belonging to them. To resolve the matter, they’ve had to work with Spotify customer service to get their account access restored.

    In none of the reported cases so far did Spotify reach out to the victims immediately following the breach, nor were their passwords proactively reset for them on their behalf by Spotify.

    This seems to contradict the statement a Spotify spokesperson provided us today, when asked about this possible breach:

    “We monitor Pastebin and other sites regularly. When we find Spotify credentials, we first verify that they are authentic, and if they are, we immediately notify affected users to change their passwords.”

    It could be that Spotify is still in the process of verifying the account credentials, which could take time.

    According to the users we spoke to so far, this issue occurred last week. The Pastebin is dated April 23rd, however. (TechCrunch is declining to link to the Pastebin page to protect the victims.)

    Some of the victims are only now dealing with the fallout. One person said they received the email notification that their password had been reset on Sunday. Two others are still in the process of trying to prove to Spotify they are the legitimate account owner.

    “..The person was able to change my email address without a second verification, and now I’m jumping through hoops to close my account,” one person told us.

    “I had to reach out to Spotify first, and it’s still ongoing,” another said. “They’ve not been helpful, and I’ve only succeeded in getting my account locked so far.”

    Because of Spotify’s delay in reseting users’ passwords, many of the victims told us they’ve had problems that extend beyond the streaming service.

    Unfortunately, because people often re-use their passwords on other sites, several reported their other accounts have been hacked into as well, including their Facebook, Uber, and even their bank account.

    It’s unclear why the unknown third-parties responsible for this incident would want to actually use the Spotify user logins to play music – especially as that alerts the users to the breach. Typically, a hacker would want to simply collect then re-sell the credentials, which makes this particular incident odd.

    More to come, as information becomes available.

    Hundreds of Spotify credentials appear online ? users report accounts hacked, emails changed | TechCrunch

  10. #35
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Unfortunately, because people often re-use their passwords on other sites, several reported their other accounts have been hacked into as well, including their Facebook, Uber, and even their bank account.
    Stupid people. I see Stupid people everywhere.

  11. #36
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    The meat of the Bangla/SWIFT rip off if you're interested.

    BAE Systems Threat Research Blog: Two bytes to $951m

  12. #37
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    German Nuclear Plant Is 'Riddled' With Malware

    By Guest Author | Posted 2016-04-28

    After the anniversary of the Chernobyl nuclear disaster, a German nuclear plant admits widespread malware infection.


    By Tom Jowitt

    A German nuclear power plant in Bavaria has admitted that its systems are riddled with malware, and has been shut down as a precaution—a day after the 30th anniversary of the Chernobyl nuclear disaster on Tuesday.

    It was reported that the Gundremmingen nuclear power plant is located (75 miles) northwest of Munich, and is run by the German utility RWE.

    The company admitted that malware had infected a number of its systems. It said it had immediately informed Germany's Federal Office for Information Security (BSI).

    Malware Infection

    Reuters reports "W32.Ramnit" and "Conficker" viruses were discovered at Gundremmingen's B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods.

    Malware was also reportedly found on 18 removable data drives, mainly USB sticks, in office computers maintained separately from the plant's operating systems.

    The operator said that it has boosted its cyber-security measures, but insisted the malware was not a threat to the facility's operations because it is "isolated from the Internet."

    Nuclear Security

    This is not the first time that a nuclear power plant has had a security scare. Indeed, the potential risk to systems controlling critical infrastructure and industrial systems remains a worry for many governments and authorities around the world.

    In 2015, a hacker managed to hack into the systems of a nuclear power plant in South Korea. A computer worm was later discovered in a device connected to the control system, but the plant operator insisted that the breach had not reached the reactor controls itself.

    The hacker later posted files from the hack online, and included a demand for money.

    The Stuxnet virus reportedly caused damage to nearly 3,000 centrifuges in the Natanz facility in Iran.

    A German steelworks also suffered "massive damage" after a cyberattack on its computer network in late 2014.

    Researchers have previously warned that security weaknesses in industrial control systems could allow hackers to create cataclysmic failures in infrastructure.

    German Nuclear Plant Is 'Riddled' With Malware

  13. #38
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Man jailed for failing to decrypt hard drives
    28 April 2016

    A man has been held in prison for seven months after failing to decrypt two hard drives that investigators suspect contain indecent images of children.

    A court order says the man will remain jailed "until such time that he fully complies" with an order to unlock the password-protected devices.

    The US man, who has not been charged with possessing illegal images, is appealing against his detention. "He has never in his life been charged with a crime," wrote his lawyer.

    The case highlights the US government's ongoing battle with data encryption.
    The man, a former police sergeant, cannot be named for legal reasons.

    The case so far

    In March 2015, investigators in Delaware County, Pennsylvania, seized computer equipment from the man's home, including two password-protected hard drives.
    The investigators had been monitoring the online network Freenet and decided to search the man's home, according to news site Ars Technica.

    After a district court ruled the man would not be compelled to decrypt the hard drives, investigators took the case to a federal court that issued a warrant to search the devices.

    The government then invoked a 1789 law called the All Writs Act, which gives federal courts the power to force people to co-operate in a criminal investigation.
    The same law was controversially invoked by the FBI when it tried to compel Apple to decrypt the iPhone used by California gunman Syed Rizwan Farook. Apple said that the demand was a "stretch" of the law.

    According to the jailed man's appeal, he appeared at the district attorney's office to enter passcodes for the hard drives - but they failed to work.

    He was then ordered to explain his failure to enter the correct passcodes, but after declining to testify was held in contempt of court and jailed.

    "His confinement stems from an assertion of his Fifth Amendment privilege against self-incrimination," wrote the man's lawyer, Keith Donoghue.

    The US Constitution's Fifth Amendment is designed to protect people from being forced to testify and potentially incriminating themselves and states: "No person shall be... compelled in any criminal case to be a witness against himself."

    The Electronic Frontier Foundation, which campaigns for digital rights, said: "Compelled decryption is inherently testimonial because it compels a suspect to use the contents of their mind to translate unintelligible evidence into a form that can be used against them."

    The man's appeal also contends that he should not be forced to decrypt the hard drives because the investigators do not know for certain whether indecent images are stored on them.
    The EFF agreed: "Complying with the order would communicate facts that are not foregone conclusions already known to the government".

    The appeal, which argued the man should be released from prison while it was considered, was filed on 26 April.

    Man jailed for failing to decrypt hard drives - BBC News

  14. #39
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541

  15. #40
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Top 10 Web Hacking Techniques of 2015
    Kuskos | January 12, 2016
    UPDATE – 4/20/2016 We have our Top 10 list folks! After a lot of coordination, research, voting by the community and judging by our esteemed panelists, we are pleased to announce our Top 10 List of Web Hacking Techniques for 2015:

    FREAK (Factoring Attack on RSA-Export Keys)
    LogJam
    Web Timing Attacks Made Practical
    Evading All* WAF XSS Filters
    Abusing CDN’s with SSRF Flash and DNS
    IllusoryTLS
    Exploiting XXE in File Parsing Functionality
    Abusing XLST for Practical Attacks
    Magic Hashes
    Hunting Asynchronous Vulnerabilities
    Congratulations to the team that discovered FREAK!

    The FREAK attack was discovered by Karthikeyan Bhargavan at INRIA in Paris and the miTLS team. Further disclosure was coordinated by Matthew Green. This report is maintained by computer scientists at the University of Michigan, including Zakir Durumeric, David Adrian, Ariana Mirian,Michael Bailey, and J. Alex Halderman. The team can be contacted at freakattack@umich.edu.

    Congratulations to all those that made the list! Your research contributions are admired and should be respected. And a special thanks to everyone that voted or shared feedback. Also, for anyone that would be interested in learning more about this list, Johnathan Kuskos will be presenting the list at AppSec Europe on June 1st.

    https://www.whitehatsec.com/blog/top...iques-of-2015/

  16. #41
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts

    Jamie Condliffe
    Today 3:37am

    It may be a good time to update your email password. A report from Reuters suggests that over 270 million hacked email credentials—including those from Gmail, Hotmail and Yahoo—are circulating among Russian digital crime rings.

    Reuters reports that an investigation by Hold Security revealed the huge stash of login details, that are said to be being traded among criminals. Most of the credentials relate to the Russian email service Mail.ru, but the team has also identified details from Google, Yahoo and Microsoft.

    The team from Hold Security was offered a tranche of 1.17 billion email user records in an online forum, and asked to pay just $1 for a copy of the data. The team refuses to pay for stolen data, but was given the information anyway when it offered to post positive comments about the hacker online.

    The team has since sifted through the data set to remove duplicates, revealing that it contains 270 million unique records. Alex Holden, the founder of Hold Security, told Reuters that the data was “potent,” adding that the “credentials can be abused multiple times.”

    Hold Security has apparently alerted all of the affected email providers. Mail.ru, Google, Yahoo and Microsoft are all now investigating the situation.

    It may be that the stash is out of date and doesn’t present too much of a security threat—though, of course, it could be a new pool of data, in which case the accounts included in the tranche could be at risk. Initial reports to the BBC from Mail.ru suggest that there may also be a lot of repetition in the records, with usernames repeated with multiple passwords.

    It may be a good time to refresh your password anyway.

    [Reuters]

    Russian Hackers Have 270 Million Email Logins, Including Gmail and Yahoo Accounts

  17. #42
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    The perfect solution to insecure Wifi hotspots - your own VPN/Firewall/Tor on a usb-powered box. And they do an Ethernet version as well.

    Tiny Hardware Firewall VPN Client


  18. #43
    Excommunicated baldrick's Avatar
    Join Date
    Apr 2006
    Last Online
    Today @ 11:33 AM
    Posts
    24,744
    ^ why not have a tp-mr3040 with open wrt / vpn client and a 5$ a month VPN service paid for with bitcoin ?

    or 5$ a month to a bulgarian VPS and install your own openvpn server and tor entry node ? also allows you to install a nginix webserver and run a hidden service

    or go the whole hog and install a xen hypervisor and have tailes/qubes guest OS to connect to your VPN on the VPS and then straight to tor ?
    If you torture data for enough time , you can get it to say what you want.

  19. #44
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Supposedly you can get it without the VPN sub, just not from them.

    But it's literally a plug and play everything.

    You just open its webpage and click a button to turn on the VPN, and/or click a button to turn on Tor.

    $35 and it fits on a keyring and powers off USB.

    I mean how convenient is that?

  20. #45
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    May 13, 2016
    Second bank hit with SWIFT-based hack, experts say patches failed

    The Society for Worldwide Interbank Financial Telecommunication (SWIFT) revelation that another bank was victimized using the same modus operandi as that in the Bangladesh bank hack has the security industry believing the SWIFT system is flawed and possibly still vulnerable to another attack.
    The second incident targeted an unnamed commercial bank, according to a SWIFT statement, where malware installed on the SWIFT messaging system was used against the banks' secondary controls, in this case a PDF reader used by the bank to check statement messages. The malware then removed any sign of the breach, SWIFT wrote to its customers. The fact that a second incident has taken place is a sign to security experts that whatever fix was implemented was ineffective and the flaw may still exist.

    “News of another incident in which malware was apparently used to cover the tracks of unauthorized banking instructions transmitted by the SWIFT network suggests remediation efforts following February's $81 million Bangladesh reserve bank heist have so far been inadequate,” ESET Senior Security Researcher Stephen Cobb told SCMagazine.com in an email.

    SWIFT said its customers have to step up their game and put in place better security.

    "In both instances, the attackers have exploited vulnerabilities in banks funds' transfer initiation environments, prior to messages being sent over SWIFT. The attackers have been able to bypass whatever primary risk controls the victims have in place, thereby being able to initiate the irrevocable funds transfer process," SWIFT said.

    In February hackers breached the Bangladesh bank's systems, stealing credentials needed to authorize payment transfers from the country's monetary reserves in the Federal Reserve Bank of New York to fraudulent accounts based in the Philippines and Sri Lanka.

    Part of the issue mitigating this problem is that none of those involved are certain exactly how the breach occurred, or at least have not said so publicly. SWIFT made the broad comment that it could have been done by an outside gang or conversely it could be inside job. The financial messaging service did give out a few firm details on what transpired saying the attacker compromised the banks' environment by obtaining valid operator credentials and submitting fraudulent messages by impersonating the people from whom the credentials were stolen.

    “The attackers clearly exhibit a deep and sophisticated knowledge of specific operational controls within the targeted banks – knowledge that may have been gained from malicious insiders or cyber attacks, or a combination of both,” Swift wrote.

    Cobb added that the malware issue at the heart of the problem already should have been fixed and its banking partners.

    “Given that hundreds of millions of dollars are potentially in play with this type of attack, the presence of malware used to obscure transactions should have been dealt with right away, at every participating institution. The abuse of credentials on the system, seemingly essential to initiating the fraudulent messages that move money, should also have been addressed by now,” he said

    Other security advisors weighed in with some steps that could be taken to fix the problem at hand and that should be included to protect future transactions on the SWIFT system. This included adding two-factor authentication into the system, relying less on the human element that is involved in making the SWIFT system work and upgrading the SWIFT software.

    “Initiation of transfers is still based on trust. The bank is trusting that the user/batch is who they say they are. The problem is that we seem to be missing a key mitigation strategy here; Multi-factor authentication. The attack could have been thwarted with a simple process of authentication using something you have, something you know, and something you are,” said Brad Bussie, director of product management at STEALTHbits Technologies to SCMagazine.com in an email.

    Wim Remes, Rapid7's manager of strategic services, EMEA, told SCMagazine.com in an email that SWIFT and the banks each have to make changes.

    “The reality is that most likely an upgrade of the SWIFT software would be needed for all clients and potentially changes on the operating system level as well. Between now and the time that every participant in the SWIFT network has gone through this process there is always a risk that one of the participants will be hacked,” Remes said.

    SWIFT again put the majority of the onus to fix the problem on the banks saying they should quickly ensure their endpoints are secure.

    Cobb agreed with this stance saying any bank could be a target of this type of attack if it uses SWIFT and does not exercise tight control over its own banking credentials and maintain system integrity.

    Dave Amsler, president and founder of Raytheon Foreground Security, said sitting back and just playing defense is another mistake being made. He noted that the advanced systems used by criminals are constantly making adjustments to their malware to beat the installed security software.

    “There is only one way to find the most sophisticated, damaging cyber threats within a network: proactively hunt for them,” he said.

    Second bank hit with SWIFT-based hack, experts say patches failed

  21. #46
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    Microsoft has finally decided to remove one of its controversial features Wi-Fi Sense network sharing feature from Windows 10 that shares your WiFi password with your Facebook, Skype and Outlook friends and enabled by default.

    With the launch of Windows 10 last year, Microsoft introduced Wi-Fi Sense network sharing feature aimed at making it easy to share your password-protected WiFi network with your contacts within range, eliminating the hassle of manually logging in when they visit.

    This WiFi password-sharing option immediately stirred up concerns from Windows 10 users especially those who thought the feature automatically shared your WiFi network with all your contacts who wanted access.

    But Wi-Fi Sense actually hands over its users controls so they can select which networks to share and which contact list can access their Wi-Fi.

    Also, the feature doesn't share the actual password used to protect your Wi-Fi, but it does give your contacts access to your network.

    However, the biggest threat comes in when you choose to share your Wi-Fi access with any of your contact lists.

    But, Who really wants to share their Wi-Fi codes with everyone in the contacts?

    Of course, nobody wants.

    Since the feature doesn't give you the option to share your network with selected individuals on Facebook, Skype or Outlook, anyone in your contact list with a malicious mind can perform Man-in-the-Middle (MITM) attacks.

    We have written a detailed article on Wi-Fi Sense, so you can read the article to know its actual security threat to Windows 10 users.

    Although Microsoft defended Wi-Fi Sense network-sharing as a useful feature, Windows users did not give it a good response, making the company remove WiFi Sense's contact sharing feature in its latest Windows 10 build 14342.

    "The cost of updating the code to keep this feature working combined with low usage and low demand made this not worth further investment," said Microsoft Vice President Gabe Aul. "Wi-Fi Sense, if enabled, will continue to get you connected to open Wi-Fi hotspots that it knows about through crowdsourcing."

    Microsoft just released its latest Windows 10 build for testers. The company will remove the Wi-Fi Sense password sharing feature as part of its Anniversary Update due in the summer, but will keep the Wi-Fi Sense feature that lets its users connect to open networks.

    Microsoft removes its controversial Windows 10 Wi-Fi Sense Password Sharing Feature

  22. #47
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    May 17, 2016
    Updated banking malware turns entire ATM into a skimmer


    Researcher spotted a new and improved ATM malware that turns ATMs into payment card skimmers.

    Kaspersky Lab researchers discovered a new and improved version of the ATM malware dubbed “Skimmer” which targets banks and turns entire ATM machines into payment card skimmers.

    The malware is installed either through directly accessing the machine or via the bank's internal network. It is capable of executing 21 malicious commands, including dispensing money, collecting and then printing the payment card and account details, and self delete, according to a May 17 Kaspersky press release.The company did not know how many machines are impacted.

    Rather than acting immediately, the cybergang responsible for the malware will often leave the Skimmer active on the machine for months before accessing the data so as to not arouse suspicion, the release said.

    The malware is obscured using the commercially available Themida packer which makes it difficult for security staffers to analyze, Kaspersky researchers Olga Kochetova and Alexey Osipov said in a May 17 blog post.


    Updated banking malware turns entire ATM into a skimmer

  23. #48
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,541
    A nice free tool to protect you from some variants of Ransomware.

    Free Bitdefender tool prevents Locky, other ransomware infections, for now



    The tool tricks Locky, TeslaCrypt and CTB-Locker ransomware into believing that computers are already infected

    By Lucian Constantin
    IDG News Service | Mar 29, 2016 7:18 AM PT

    Antivirus firm Bitdefender has released a free tool that can prevent computers from being infected with some of the most widespread file-encrypting ransomware programs: Locky, TeslaCrypt and CTB-Locker.

    The new Bitdefender Anti-Ransomware vaccine is built on the same principle as a previous tool that the company designed to prevent CryptoWall infections. CryptoWall later changed the way in which it operates, rendering that tool ineffective, but the same defense concept still works for other ransomware families.

    While security experts generally advise against paying ransomware authors for decryption keys, this is based more on ethical grounds than on a perceived risk that the keys won't be delivered.

    In fact, the creators of some of the most successful ransomware programs go to great lengths to deliver on their promise and help paying users decrypt their data, often even engaging in negotiations that result in smaller payments. After all, the likelihood of more users paying is influenced by what past victims report.

    Many ransomware creators also build checks into their programs to ensure that infected computers where files have already been encrypted are not infected again. Otherwise, some files could end up with nested encryption by the same ransomware program.

    The new Bitdefender tool takes advantage of these ransomware checks by making it appear as if computers are already infected with current variants of Locky, TeslaCrypt or CTB-Locker. This prevents those programs from infecting them again.

    The downside is that the tool can only fool certain ransomware families and is not guaranteed to work indefinitely. Therefore, it's best for users to take all the common precautions to prevent infections in the first place and to view the tool only as a last layer of defense that might save them in case everything else fails.

    Users should always keep the software on their computer up to date, especially the OS, browser and browser plug-ins like Flash Player, Adobe Reader, Java and Silverlight. They should never enable the execution of macros in documents, unless they've verified their source and know that the documents in question are supposed to contain such code.

    Emails, especially those that contain attachments, should be carefully scrutinized, regardless of who appears to have sent them. Performing day-to day activities from a limited user account on the OS, not from an administrative one, and running an up-to-date antivirus program, are also essential steps in preventing malware infections.

    "While extremely effective, the anti-ransomware vaccine was designed as a complementary layer of defense for end-users who don’t run a security solution or who would like to complement their security solution with an anti-ransomware feature," said Bogdan Botezatu, a senior e-threat analyst at Bitdefender, via email.

    Free Bitdefender tool prevents Locky, other ransomware infections, for now | Computerworld

  24. #49
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    29-04-2020 @ 04:54 PM
    Location
    Chiang Mai
    Posts
    5,596
    Quote Originally Posted by baldrick View Post
    harold - you missed patch tuesday for microsoft products

    and adobe released some flash player patches which are always of the utmost importance if you allow flash advertisements to display on your browser

    MS16-045 This one will be a major headache for those who run and host virtual machines on Hyper-V. A flaw in the hypervisor could allow a "guest" instance to access the host system and execute code, in addition to infecting the host system or accessing data from other hosted instances.
    MS16-037 A cumulative update for Internet Explorer that addresses six flaws, including remote code execution vulnerabilities that can be exploited by loading a malicious web page.
    MS16-038 A cumulative update for the Edge browser that, like the IE fix, patches six vulnerabilities, including remote code execution from malicious web pages.
    MS16-039 A patch to address a remote code execution flaw present in Windows, .NET Framework, Office, Skype for Business, and Microsoft Lync. According to Microsoft, the vulnerability "could allow remote code execution if a user opens a specially crafted document or visits a webpage that contains specially crafted embedded fonts."
    MS16-040 A single flaw in the XML Core Services component in Windows that allows an attacker to take control of a system by convincing the user to click a link "typically by way of an enticement in an email or Instant Messenger message."
    MS16-041 A remote code execution bug in the .NET Framework that allows an attacker who already has access to the local system to install and execute a malicious application.
    MS16-042 Four memory corruption vulnerabilities in Office that allow an attacker to remotely execute code by convincing the user to open a malicious Office file. One of the flaws also affects Office for Mac, meaning Apple users will need to patch their software as well.
    MS16-044 A vulnerability in Windows OLE that allows an attacker to remotely execute code by convincing the target to open "either a specially crafted file or a program from either a webpage or an email message."
    MS16-046 A flaw in the Windows Secondary Logon that allows an attacker to elevate their user privilege level to Administrator.
    MS16-047 A "man in the middle" flaw in the Windows Security Account Manager and Local Security Authority Domain components that allows an attacker with access to network traffic the ability to downgrade security controls and then impersonate the user – aka the Badlock bug.
    MS16-048 A vulnerability in Windows CSRSS that potentially allows an attacker to bypass security credentials and gain administrator access by exploiting a flaw in the way CSRSS handles memory tokens.
    MS16-049 A denial of service vulnerability in Windows that allows an attacker to freeze a targeted machine just by sending a malicious HTTP packet.
    MS16-050 A cumulative update for Flash Player addressing a total of 10 security bugs, including remote code execution flaws.
    These will all be removed by aegis-voat.cmd. Sorry. Thought they were Windows updates, not Adobe.

  25. #50
    Thailand Expat
    Sumbitch's Avatar
    Join Date
    Jul 2011
    Last Online
    29-04-2020 @ 04:54 PM
    Location
    Chiang Mai
    Posts
    5,596
    This should be a good thread for readers to post their anti-virus and anti-malware software.

    I use Microsoft Security Essentials for my antivirus software on my Win 7 and Emsisoft for anti-malware.

Page 2 of 44 FirstFirst 1234567891012 ... LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •