Well at least you're honest.Quote:
Originally Posted by Cujo
:)
Printable View
Well at least you're honest.Quote:
Originally Posted by Cujo
:)
BTW the link you use to check (below) is legitimate, it is owned by Checkpoint.
Gooligan malware affects 1.3 million Android phones - wptv.comQuote:
Gooligan malware affects 1.3 million Android phones
Don't download apps outside of official app stores
WFTS Webteam
5:18 AM, Dec 1, 2016
7 mins ago
Hackers have infected over 1.3 million Android phones and hacked into Google accounts through fake apps.
The malware campaign is named Gooligan.
Researchers at Check Point, a cybersecurity firm, says that hackers stole digital "tokens" and got access to Google account information. The hackers have not stolen the information, Google says.
Once infected, the android phones install fake apps and then rate them highly, making it more likely for other users to download the apps.
Google has started to remove the fake apps from their official store.
Check Point reports that of the 1 million breached accounts, 19 percent are in the Americas, 9 percent are in Europe, 15 percent are in Africa and 57 percent are in Asia.
Enter your email address at this website to see if your account was breached.
Check Point says if your account has been breached, follow these steps:
Power off your device and visit a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
Change your Google account passwords immediately after this process.
List of fake apps infected by Gooligan:
- Perfect Cleaner
- Demo
- WiFi Enhancer
- Snake
- gla.pev.zvh
- Html5 Games
- Demm
- memory booster
- แข่งรถสุดโหด
- StopWatch
- Clear
- ballSmove_004
- Flashlight Free
- memory booste
- Touch Beauty
- Demoad
- Small Blue Point
- Battery Monitor
- 清理大师
- UC Mini
- Shadow Crush
- Sex Photo
- 小白点
- tub.ajy.ics
- Hip Good
- Memory Booster
- phone booster
- SettingService
- Wifi Master
- Fruit Slots
- System Booster
- Dircet Browser
- FUNNY DROPS
- Puzzle Bubble-Pet Paradise
- GPS
- Light Browser
- Clean Master
- YouTube Downloader
- KXService
- Best Wallpapers
- Smart Touch
- Light Advanced
- SmartFolder
- youtubeplayer
- Beautiful Alarm
- PronClub
- Detecting instrument
- Calculator
- GPS Speed
- Fast Cleaner
- Blue Point
- CakeSweety
- Pedometer
- Compass Lite
- Fingerprint unlock
- PornClub
- com.browser.provider
- Assistive Touch
- Sex Cademy
- OneKeyLock
- Wifi Speed Pro
- Minibooster
- com.so.itouch
- com.fabullacop.loudcallernameringtone
- Kiss Browser
- Weather
- Chrono Marker
- Slots Mania
- Multifunction Flashlight
- So Hot
- HotH5Games
- Swamm Browser
- Billiards
- TcashDemo
- Sexy hot wallpaper
- Wifi Accelerate
- Simple Calculator
- Daily Racing
- Talking Tom 3
- com.example.ddeo
- Test
- Hot Photo
- QPlay
- Virtual
- Music Cloud
For fuck's sake....
'Popcorn Time' Ransomware Offers Incentives To Infect OthersQuote:
Ransomware Offers Incentives To Infect Others With Malware
Matthew Broersma , December 12, 2016, 12:42 pm
The malware offers a free decryption key if the victim forces to others to pay up
A new ransomware variant introduces a twist into the malware by offering users a free decryption key, but only if they successfully infect two others and force them to pay up.
The malware, called Popcorn Time, offers users two ways to unlock their files, the “easy way”, by paying 1 Bitcoin (about £620), or the “nasty way”, by sending a “referral link” to other computers.
Referral link
If two others pay a ransom as a result of the referral, the original victim will be sent a free decryption key, according to the instructions displayed by the malware.
The program isn’t related to the video-streaming application of the same name, according to computer security researchers MalwareHunterTeam.
The malware’s source code indicates that it contains a feature that begins deleting users’ files if the wrong key is entered four times, although the feature hasn’t yet been enabled, according to IT education site Bleeping Computer, which earlier disclosed MalwareHunterTeam’s research.
Ransomware rise
The malware is still under development, according to MalwareHunterTeam, and currently targets files in the My Documents, My Pictures, My Music, and desktop folders.
Files are encrypted using the AES-256 algorithm, with a .filock extension appended to the filename.
Researchers have reported a sharp rise in malware infections this year, with some reporting a large proportion of those who pay didn’t receive a decryption key.
Kaspersky Lab said infections of enterprises rose threefold between the first and third quarters of this year, attaining a rate of one infection every 40 seconds.
“The classic ‘affiliate’ business model appears to be working as effectively for ransomware as it does for other types of malware,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. “Victims often pay up so money keeps flowing through the system. Inevitably this has led to us seeing new cryptors appear almost daily.”
The company found 20 percent of small businesses who paid a ransom didn’t have access restored.
Trend Micro also surveyed businesses who paid ransoms and found the same proportion did not receive a decryption key.
Trend said new ransomware families grew by four times from January to September 2016 and predicted the figure would grow by another 25 percent in the coming year.
Certain Netgear Routers with Critical Vulnerability.
Links to updated firmware can be found in the article itself, but easy to mitigate in the meantime by turning off Remote Management if you have it on.
Quote:
NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management
Frequently Asked Questions
What is the vulnerability and what does it mean to my router?
It was discovered that the security mechanism to authenticate the administrator to the router can be bypassed with a script that repeatedly calls a specific URL. The attacker can subsequently gain access to the router settings page.
How can someone launch this attack?
The attack can only be launched once the attacker gets on the network by either connecting wirelessly to the network, with a Ethernet connection to the router, or remotely from the Internet if the remote management feature is turned on. By default remote management is turned off.
How do I prevent this attack?
First step of all security measures is to block unauthorized access to your network. By default NETGEAR routers are pre-configured with random security SSID and passphrase. It is recommended to change the SSID and passphrase, as well as administrator password to the router setup GUI page. You can also block unauthorized device from the NETGEAR genie app or desktop application by right-clicking on the unauthorized device in the Network Map.
Is my router affected?
The following router models are affected.
JNR1010v2 / WNR614 / WNR618 / JWNR2000v5 / WNR2020 / JWNR2010v5 / WNR1000v4 / WNR2020v2 / R6220 / WNDR3700v5
What is NETGEAR doing about it?
NETGEAR takes customer security seriously and has released a firmware that fixes this issue. Details can be found on the firmware release notes articles # 29959, 29461, and 27635.
Customers can be notified of the new firmware by checking the Router Update page, desktop, and mobile genie app. NETGEAR will also proactively notify registered users via email.
Where do I find NETGEAR genie App?
You can download NETGEAR genie App here
genie Landing Page | Apps | Discover | Home | NETGEAR
If you have any security concerns, you can reach us at [email protected].
Last Updated:11/28/2016 | Article ID: 29960
NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management | Answer | NETGEAR Support
slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily :)Quote:
Originally Posted by harrybarracuda
Yeah but not by you, you dim fucker.Quote:
Originally Posted by Dragonfly
:)
Beta Firmware for affected models is available here:
Security Advisory for VU 582384 | Answer | NETGEAR Support
Or you can kill the web server, which won't stop everything else, and which will restart if you restart the route, by opening this URL:
http://<Your Router IP>/cgi-bin/;killall$IFS’httpd‘
And yet after all your years of threats you have managed to do precisely nothing....Quote:
Originally Posted by Dragonfly
Zilch. Zero. Nada. Nothing.
Your last triumphal announcement was that you had managed to discover the brand of my old router and downloaded the user manual for it or some krap like that. You suck at this.
Now, why don't you stick to bragging that you know where I live but are too scared to visit in case you get bitten by a cat or something you fokking pathetic loser.
:rofl:
I asked Putin and he sent his best team to do it,Quote:
Originally Posted by harrybarracudaYeah but not by you, you dim fucker.Quote:
Originally Posted by Dragonfly
:)
the same ones who did the DNC, you know the hack you claimed you saw the forensic :rofl:
how would you know, you can't even secure you own router :)Quote:
Originally Posted by slackula
do not test me, I have Russian special ops on speed dial and they can make your life very complicated :)Quote:
Originally Posted by slackula
For the third time, if you weren't such a dim fucker you could read it yourself as I POSTED THE LINK you cum-guzzling fucking moron.Quote:
Originally Posted by DragonflyI asked Putin and he sent his best team to do it,Quote:
Originally Posted by harrybarracudaYeah but not by you, you dim fucker.Quote:
Originally Posted by Dragonfly
:)
the same ones who did the DNC, you know the hack you claimed you saw the forensic :rofl:
I was trying to help you secure your router since you hadn't even read the manual for basic securing options :)Quote:
Originally Posted by slackula
that was your forensic ? oh boy call center boy, this is quite mediocre evidence even by your stinky Indian standards :)Quote:
Originally Posted by harrybarracuda
That's a long list. I have one of those apps, Clean Master, I've had it for years, it's very good. But what does it mean? I've never noticed any issues with it. I'n not going to flash my phone, what a pain in the arse.Quote:
Originally Posted by harrybarracuda
It's just too complicated for idiots like you Buttplug. As are most things.Quote:
Originally Posted by Dragonfly
CyberReason have released (at least for now) a free anti-Ransomware product that might interest you.
It's available from their website: https://ransomfree.cybereason.com/
There's a writeup here: https://www.cybereason.com/blog-cybe...-held-hostage/
I installed it on a spare machine to check it out; while it's installing it appears to freeze and the disk light is on solid - classic Ransomware symptom that! - but it's just part of the installation and it will finish installing after a few minutes.
It works on Windows 7 upwards, so if you're still dumb enough to be running Windows XP, hard luck, you'll just have to keep risking it.
If you didn't have a good reason to turn off Autofill before, you have now.
https://www.theguardian.com/technolo...-chrome-safari
I bet you use it all time, along with your other password managers :p
And here's the dribbling cumguzzler with yet another inane comment.Quote:
Originally Posted by Dragonfly
Fuck off Buttplug, you're too stupid to be here.
Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches.
One patching expert crossed his fingers that Microsoft would make good on its pledge to publish the same information when it switches to a new online database. "I'm on the fence right now," said Chris Goettl, product manager with patch management vendor Shavlik, of the demise of bulletins. "We'll have to see [the database] in February before we know how well Microsoft has done [keeping its promise]."
Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday -- the monthly round of security updates for Windows and other Microsoft software -- and that the new process would kick in on Feb. 14, next month's patch day.
The web-based bulletins have been a feature of Microsoft's patch disclosure policies since at least 1998, and for almost as long have been considered the professional benchmark by security experts.
A searchable database of support documents will replace the bulletins; that database has been available, albeit in preview, since November on the portal Microsoft dubbed the "Security Updates Guide," or SUG.
The documents stored in the database are specific to a vulnerability on an edition of Windows, or a version of another Microsoft product. They can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document.
"Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs," wrote an unnamed member of the Microsoft Security Response Center in November to explain the switch from bulletins to database.
Goettl saw it differently, saying that the change became a necessity once Microsoft upended Windows patching practices with the mid-2015 launch of Windows 10.
"Microsoft created a reporting and compliance issue for its customers with the discrepancy between Windows 10 and everything else," Goettl said. "With Windows 10, enterprises were auditing a single install instead of six to 10 of them. Then they brought legacy Windows into this as well."
Goettl was talking about the radical patching practice Microsoft introduced with Windows 10, where all security updates for a month are collected into a single download-and-install package. Unlike with 10's predecessors, individual patches cannot be withheld -- a common tactic IT administrators have used when reports surface that a specific patch breaks other software, cripples systems or disrupts workflows.
Critics immediately laid into Microsoft over Windows 10 updates, lambasting both the consolidated and cumulative nature of the patches but also the move to vague and generic descriptions of the underlying vulnerabilities and what the fixes addressed. They expanded their critiques to Windows 7 and Windows 8.1 when in October Microsoft adopted the same update methodology for those older OSes.
"Bulletins cannot be used to report compliance in the enterprise," said Goettl, because they are inconsistent with all-or-nothing updates. The disparity -- bulletins described individual updates, while the updates themselves contained multiple patches that could not be separated -- made the bulletins useless.
But the informational content of the bulletins will remain valuable, Goettl argued, even if updates are packaged differently than before. Microsoft agreed: In a FAQ about the database, the company said, "By February, information provided in the new Security Updates Guide will be on par with the set of details available in traditional security bulletin webpages."
The Security Updates Guide's preview has not met that mark; some information found in the January Patch Tuesday bulletins, for example, was missing from the appropriate entries in the online database.
"There will be a lot of people who will be very put out if [Microsoft] neglects [things like] what's being exploited," said Goettl of the support document replacements. "The key indicators are still very important."
Goettl was willing to give Microsoft the benefit of the doubt for now, but was adamant that the Redmond, Wash. company had to make good on its vow to retain the bulletins' content. "By February, Microsoft is going to have to prove to us that this is a good thing for us," he said.
Microsoft slates end to security bulletins in February | Computerworld
And this wanker is Trump's "Cyber Security Adviser"? Fucking hell, they might as well hire Buttplug.
:rofl:
Trump's cyber security advisor runs an insecure website that's easily hacked | TheINQUIRERQuote:
ORANGE MAN AND SOON TO BE PRESIDENT Donald Trump has appointed former New York mayor Rudy Giuliani as his special advisor on cyber security.
But within hours of his appointment, security experts were pointing out the glaring insecurities in Giuliani's own security company website, including the use of old, unpatched software, the lack of a firewall and multiple open ports.
Giuliani, a lawyer who graduated from the New York University School of Law, was elected the 107th Mayor of New York City in January 1994 and served two terms until the end of December 2001.
Since 2002, his company Giuliani Partners has offered security consulting under the Giuliani Security & Safety subsidiary while, at the same time Giuliani also opened a legal practice in Manhattan.
But security specialists were quick to appraise the security of Giuliani's own website - finding it wanting in many basic respects. It runs an old copy of the Joomla open-source content management system on a copy of FreeBSD that was released in 2008. It uses an end-of-life version of PHP, has no firewall and lots of open ports.
Furthermore, its SSL certificate has expired and, perhaps most heinous of all, it runs Adobe Flash.
"Oh yeah, I totally trust this guy to put together a top-notch team to protect us from hackers," commented Aquent senior developer Michael Fienen.
Speaking to Motherboard, though, a Giuliani executive suggested that the company's security focus was legal, rather than technical, and aimed at helping the CEO not get fired over security, rather than preventing security breaches.
"If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber," the anonymous executive told Motherboard. "Basically, not to prevent a Target [breach], but how to prevent a Target CEO [from] being fired."
On the company's website, it claims: "Giuliani Security & Safety offers corporations, individuals, and governments a comprehensive range of security and crisis management services.
"The firm's domestic and international experts possess a broad range of experience in law enforcement, crisis management, life safety, intelligence gathering, internal investigations, forensic accounting, and security design and architecture."
However, it's unclear for whom the company provides services, especially as its own security would appear to be sorely lacking.
Thought harry the Hacker was on Holiday you sad fucker.
Go and fuck yourself, bollock brain, there's a good lad.Quote:
Originally Posted by Chico
Harry is a hack, but not a hacker :)
Shouldn't you be off wanking over your Twatter feed?Quote:
Originally Posted by Dragonfly
^ yah, that's a good 'un. ;)
It's really good that they're making things easier.... Not!
Windows Security Only Update won't include Internet Explorer patches anymore - gHacks Tech NewsQuote:
Windows Security Only Update won’t include Internet Explorer patches anymore
HACKERS COULD GAIN COMPLETE CONTROL OF AN INTEL-BASED PC USING A USB 3.0 PORT
By Kevin Parrish — January 14, 2017 5:31 AM
When Intel launched its sixth-generation “Skylake” processors and chipsets in 2015, the company introduced a new technology called Direct Connect Interface (DCI), an easy way for testers to debug hardware without having to break open a PC. However, during the 33rd annual Chaos Communication Congress conference in Hamburg, Germany, security researchers Maxim Goryachy and Mark Ermolov of Positive Technologies revealed that hackers can use DCI to take complete control of a system and conduct attacks under the software layer, which would be undetectable by devices owners.
For a better understanding of what’s going on, start with the debugging interface created by the Joint Test Action Group (JTAG). This standard was originally designed to test printed circuit boards once they were manufactured and installed, but has since expanded to processors and other programmable chips. Scenarios for using the interface include forensics, research, low-level debugging, and performance analysis.
The interface itself resides within the processor and programmable chips. In turn, JTAG-capable chips have dedicated pins that connect to the motherboard, which are traced to a dedicated 60-pin debugging port on a system’s motherboard (ITP-XDP). This port enables testers to connect a special device directly to the motherboard to debug hardware in relation to drivers, an operating system kernel, and so on.
But now the JTAG debugging interface can be accessed through a USB 3.0 port by way of Intel’s Direct Connect Interface “debug transport technology.” When a hardware probe is connected to the target Intel-based device, the USB 3.0 protocol isn’t used, but rather Intel’s protocol is employed so that testers can perform trace functions and other debugging tasks at high speed. Using a USB 3.0 port means testers aren’t forced to break into the PC to physically connect to the XDP debugging port.
Intel’s Direct Connect Interface appears to be embedded in the company’s sixth-generation motherboard chipsets, such as the 100 Series (pdf), and its processors. It’s also used in the new seventh-generation Kaby Lake platform as well, meaning hackers have two generations of Intel-based PCs to infest and possibly render useless, such as by re-writing the system’s BIOS.
As the presentation revealed, one way of accessing the JTAG debugging interface through the USB 3.0 port is to use a device with a cheap Fluxbabbitt hardware implant running Godsurge, which can exploit the JTAG debugging interface. Originally used by the NSA (and exposed by Edward Snowden), Godsurge is malware engineered to hook into a PC’s boot loader to monitor activity. It was originally meant to live on the motherboard and remain completely undetectable outside a forensic investigation.
The problem is, most sixth and seventh-generation Intel-based PCs have the Direct Connect Interface enabled by default. Of course, hackers need to have physical access to a PC in order to take control and spread their malicious love. Typically, the debugging modules in Intel’s processors require Intel’s SVT Closed Chassis Adapter connected via USB 3.0, or a second PC with Intel System Studio installed connected directly to the target PC via USB 3.0 as well.
Goryachy noted in his presentation that the problem only resides with Intel’s sixth and seventh-generation Core “U” processors. Intel is now fully aware of the possibility although there’s no time frame of when the problem will be addressed. In the meantime, the debugging interface on affected PCs can be deactivated. Intel Boot Guard can also be used to prevent malware and unauthorized software from making changes to the system’s initial boot block.
Many Intel-based PCs Could Be Hacked Via USB 3.0, Debugging Interface | Digital Trends
If you really must have one of these gizmos in your house, remember to turn voice purchasing off!
Amazon Echo’s Alexa Went Dollhouse Crazy
Robert Hackett
Updated: Jan 09, 2017 8:06 PM
Amazon Echo is a gift that keeps on giving.
Owners complained that their voice-activated devices set off on an inadvertent shopping spree after a California news program triggered the systems to make erroneous purchases, according a local report. A morning show on San Diego’s CW6 News station had been covering a segment about a six-year-old girl in Texas who ordered to her home a dollhouse and four pounds of cookies through her parents' gadget.
Echo devices, powered by Amazon Alexa, the tech giant's artificially intelligent voice assistant, reportedly woke when they heard the name "Alexa" spoken on household television sets. Jim Patton, an anchor on the show, had remarked, "I love that little girl saying 'Alexa ordered me a dollhouse.'"
The comment proved mischievous. A number of Amazon Echos registered the statement as a voice command, and placed orders for dollhouses of their own, the station said.
"A handful" of people said that their devices accidentally tried to buy the toys, reported the Verge, which spoke to the station, although the total figure is not known. Patton told the tech blog that he didn't think any devices actually completed their purchases.
The misfires are attributable to Amazon's decision to enable voice purchasing by default on Echo devices, even though they do not distinguish between different people. The setting is an obvious choice for Amazon, which makes money on e-commerce sales, but the added convenience comes at a cost of being more prone to error.
Customers have the option to add parental controls, including a four-digit code to authorize purchases.The incident highlights privacy and security concerns surrounding a new class of technologies that also includes Google Home, another device featuring a voice-activated assistant. Meanwhile, cops investigating an unrelated, possible murder in Arkansas recently subpoenaed Amazon, asking the company to hand over voice records potentially captured on an Echo device.
Amazon Alexa: Echo Devices Go on Accidental Dollhouse Shopping Spree | Fortune.com
it's called Twitter, not Twatter, you illiterate hack :)Quote:
Originally Posted by harrybarracudaShouldn't you be off wanking over your Twatter feed?Quote:
Originally Posted by Dragonfly
see you learn something today :p
https://teakdoor.com/images/smilies1/You_Rock_Emoticon.gifQuote:
Originally Posted by Dragonflyit's called Twitter, not Twatter, you illiterate hack :)Quote:
Originally Posted by harrybarracudaShouldn't you be off wanking over your Twatter feed?Quote:
Originally Posted by Dragonfly
see you learn something today :p
Is antivirus getting worse?
Anti-virus software is getting worse at detecting both known and new threats
By Maria Korolov | Follow
Contributing Writer, CSO | Jan 19, 2017 6:00 AM PT
Is anti-virus software getting worse at detecting both known and new threats?
Earlier this week, Stu Sjouwerman, CEO of security awareness training company KnowBe4, looked at the data published by the Virus Bulletin, a site that tracks anti-virus detection rates. And the numbers didn't look good.
Average detection rates for known malware went down a couple of percentage points slightly from 2015 to 2016, he said, while detection rates for zero-days dropped in a big way - from an average of 80 percent down to 70 percent or lower.
"If the industry as a whole is dropping 10 to 15 points in proactive protection, that's really bad," he said. "Anti-virus isn't exactly dead, but it sure smells funny."
According to Sjouwerman, the Virus Bulletin is the industry's premier testing site. The tests are comprehensive, and consistent from year to year, so that a historical comparison is valid.
Several major vendors aren't included in these statistics, he said, because they declined to participate -- and implied that there might be a reason for that.
What's happening is that current anti-virus vendors aren't able to keep up with the attackers, he said, who can generate new malware on the fly.
"The bad guys have completely automated this process," he said. "It's now industrial strength, millions of new variants daily, in an attempt to overwhelm the existing anti-virus engines -- and guess what, the bad guys are winning."
He's not alone in pointing out the problems that anti-virus has been having lately, and other agree with the main thrust of his analysis.
"The report does sound pretty much in sync with what my feeling is, and what the industry is talking about," said Amol Sarwate, director of vulnerability labs at Qualys. "It's not an easy problem to solve. If they make antivirus too aggressive, it causes too many false positives. I think the hope for the future is a combination of multiple technologies. Anti-virus by itself cannot cut it any more."
It's bad, and it will continue to get worse, said Justin Fier, director of cyber intelligence and analysis at Darktrace.
"I would never tell a customer not to invest in it," he said. "But in regards to whether anti-virus is working any more -- I don't think so."
At its core, security reacts to events.
"It's hard to predict what the next big wave of malware or the next big attack platform is going to be and protect against it," he said.
Ransomware in particular is causing problems, said KnowBe4's Sjouwerman, because the malware is so profitable that the cybercriminals are putting more and more resources into development.
Criminals earned $1 billion from their ransomware last year, showing that it's consistently getting through defenses.
But there are some new, early-stage products that specifically target ransomware, he added.
"Some of them work, some of them don't -- this is still very early days," he said.
"Sophos has acquired one of those companies and now have an additional module that specifically protects against ransomware, and that actually works fine, so Sophos is actually scoring well but they're one of the few that do."
Sophos, which offers both network and endpoint security products, is not included in the Virus Bulletin, but received a 100 percent score for blocking zero-day attacks in the latest antivirus reports.
"One of our major advantages is that we don't rely on any one technology," explained Dan Schiappa, senior vice president and general manager of end user and network security groups at Sophos. "We have a little mini analytics engine, and when it's scanning a file or looking at a behavior, it can call on a bunch of different pieces of technology to determine if it's malware."
The new Intercept X product, which is designed specifically for zero-day threats, looks at how malware attacks systems.
"There are only about 24 different ways that you can exploit a vulnerability," he said. "We might get a couple of new techniques a year, and as long as we keep up with those techniques, we're in pretty good shape. For example, one new technique is to get into the pre-boot environment, and we're building protections against that."
Some vendors dispute whether the results of this one set of tests is conclusive.
"Test scores tend to fluctuate as attackers create new techniques and defenders continue to innovate," said Mark Nunnikhoven, vice president of cloud research at
Trend Micro was not included in the Virus Bulletin report.
"I can't speak to why we did not participate in this specific round of testing, we do have a lot of respect for Virus Bulletin," said Nunnikhoven.
Instead, he pointed out to his company's performance with AV Test. There, Trend Micro scored at 100 percent in 11 out of the last 14 zero-day detection tests for Windows 7 and Windows 10, and 99 percent on the other three tests.
In fact, average scores on the AV Test of zero-day detection have been going up, from under 97 percent in early 2015 to over 99.7 percent during the last Windows 10 testing round.
Another problem with some tests is how they measure successful detection, said David Dufour, senior director of engineering at Webroot.
Signature-based antivirus can spot malware early, but behavior-based systems have to wait for the malware to actually try to do something.
"Many testing methodologies still rely on older techniques measuring the number of threats that land on a machine," he said, "Rather than taking the time to understand that zero day and unknown malware will take time to identify."
Webroot was absent from both the Virus Bulletin and the AV Test reports.
Is antivirus getting worse? | CSO Online
Yahoo Others Make 2016 a Record Year for Data Breaches, Report Finds
By Robert Lemos | Posted 2017-01-26
Documented data breaches exposed almost 4.3 billion records, far more than previous years, although the total number of breaches held steady, according to a report published by Risk Based Security.
The reported breaches at Yahoo exposed approximately 1.5 billion records, which along with a handful of other immense breaches, made 2016 a record year for data loss, according to a report released by security firm Risk Based Security on Jan. 25.
The report collected and sifted through 4,149 confirmed breach reports from a variety of sources, finding that at least 4.2 billion records were potentially compromised in 2016, up from approximately 1.0 billion in 2013, the previous record.
While the total number of reported data breaches held steady over the past few years, the average breach was more severe—and exposed more records—than previous years, Inga Goddijn, executive vice president at Risk Based Security, told eWEEK.
“We have been tracking breach activity since 2005, and the number of breaches this year was not really higher or lower than prior years, but the severity was off the charts,” she said.
The data seems to show that the average data breach involved between 101 and 1,000 records in 2016, at least an order of magnitude greater than the 1 to 100 records in 2015. In addition, the number of breaches involving more than 1 million records has climbed steadily to 94 incidents in 2016, up from 60 incidents in 2015 and 34 incidents in 2013.
The most significant impact on breach numbers, however, came from the compromise of Internet giant Yahoo, which acknowledged two intrusions in 2016, one involving 500 million records that was reported in September and another involving 1 billion records but reported in December. The breach reported in September likely occurred in 2014, while the latter breach likely happened in 2013, according to the firm. The size of the breaches stunned security experts and threatened to derail the proposed buyout of Yahoo by Verizon.
The search company was not the only one to discover more than one breach in the same year. At least 122 other companies reported two or more breaches in 2016, according to Risk Based Security.
“When there was a major breach, it really kicked these security teams into high gear, resulting in some pretty intensive internal investigations, and we did see subsequent second and third breaches being reported, because of that investigation,” Goddijn said. “Yahoo is the classic example.”
The top-10 breaches—including breaches at FriendFinder and MySpace in addition to Yahoo—accounted for about 3 billion of the year’s compromised records, without which 2016 would have resembled most other years.
Email addresses, passwords and names were the most often exposed pieces of information. Hacking accounted for nearly 93 percent of all records exposed in breaches, with Web misconfigurations and leaks accounting for another 6 percent.
Some industries suffered more than others, with business services, retail and technology sectors accounting for 30 percent of all breaches. The industries impacted by another 24 percent of breaches were not known.
Data Breaches at Yahoo, Others in 2016 Set New Record
Not being a True customer, I'm not sure if the user has admin access to change this, or if they turn off Remote Administration before installing.
It being Thailand I'd guess probably no to both.
https://threatpost.com/router-vulner...atched/123115/Quote:
TrueOnline failed to fix buggy routers
by Michael Mimoso January 17, 2017 , 12:05 pm
Details on serious vulnerabilities in a number of routers freely distributed by a major Thai ISP were published on Monday after private disclosures made to the vendors in July went unanswered.
Researcher Pedro Ribeiro of Agile Information Security found accessible admin accounts and command injection vulnerabilities in ZyXel and Billion routers distributed by TrueOnline, Thailand’s largest broadband company.
Ribeiro said he disclosed the vulnerabilities through Beyond Security’s SecuriTeam Secure Disclosure Program, which contacted the affected vendors last July. Ribeiro published a proof of concept exploit yesterday as well.
Ribeiro told Threatpost he’s unsure whether TrueOnline introduced the vulnerabilities as it adds its own customization to the routers, or whether they came from the respective manufacturers. A ZyXel representative told Threatpost the router models are no longer supported and would not comment on whether patches were being developed. A request for comment from Billion was not returned in time for publication.
The commonality between the routers appears to be that they’re all based on the TC3162U system-on-a-chip manufactured by TrendChip. Affected routers are the ZyXel P660HN-T v1 and P660HN-T v2, and Billion 5200 W-T, currently in distribution to TrueOnline customers.
The TC3162U chips run two different firmware variants, one called “ras” which includes the Allegro RomPage webserver vulnerable to the Misfortne Cookie attacks, and the other called tclinux.
The tclinux variant contains the vulnerabilities found by Ribeiro, in particular several ASP files, he said, are vulnerable to command injection attacks. He also cautions that they could be also vulnerable to Misfortune Cookie, but he did not investigate this possibility.
“It should be noted that tclinux contains files and configuration settings in other languages (for example in Turkish). Therefore it is likely that these firmware versions are not specific to TrueOnline, and other ISP customised routers in other countries might also be vulnerable,” Ribeiro said in his advisory. “It is also possible that other brands and router models that use the tclinux variant are also affected by the command injection vulnerabilities (the default accounts are likely to be TrueOnline specific).”
In addition to Ribeiro’s proof-of-concept, Metasploit modules are available for three of the vulnerabilities.
Most of the vulnerabilities can be exploited remotely, some without authentication.
“These vulnerabilities are present in the web interface. The default credentials are part of the firmware deployed by TrueOnline and they are authorized to perform remote access over the WAN,” Ribeiro said. “Due to time and lab constraints I was unable to test whether these routers expose the web interface over the WAN, but given the credentials, it is likely.”
The ZyXel P660HN-T v1 router is vulnerable to an unauthenticated command injection attack that can be exploited remotely. Ribeiro said he found the vulnerability in the remote system log forwarding function, specifically in the ViewLog.asp page.
V2 of the same router contains the same vulnerability, but cannot be exploited without authentication, he said.
“Unlike in the P660HN-Tv1, the injection is authenticated and in the logSet.asp page. However, this router contains a hardcoded supervisor password that can be used to exploit this vulnerability,” Ribeiro said. “The injection is in the logSet.asp page that sets up remote forwarding of syslog logs, and the parameter vulnerable to injection is the serverIP parameter.”
The Billion 5200W-T is also vulnerable to unauthenticated and authenticated command injection attacks; the vulnerability was found in its adv_remotelog.asp page.
“The Billion 5200W-T router also has several other command injections in its interface, depending on the firmware version, such as an authenticated command injection in tools_time.asp (uiViewSNTPServer parameter),” Ribeiro said. It should be noted that this router contains several hardcoded administrative accounts that can be used to exploit this vulnerability.”
Ribeiro said default and weak admin credentials were found on the all of the versions and were accessible remotely.
The researcher said it’s unknown whether the routers can be patched remotely.
“Again, given the existence of default credentials that have remote access, it is likely that it is possible to update the firmware remotely,” Ribeiro said.
glad I changed those when I got them from True :)Quote:
Originally Posted by harrybarracuda
What did you change to?Quote:
Originally Posted by Dragonfly
NETGEAR of course :)
Yeah update it if you haven't already.Quote:
Originally Posted by Dragonfly
why ? works fine :)