*** The Security News Thread ***

[harrybarracuda]

Yes, having sobered up it's not that difficult.

Well at least you're honest.

[harrybarracuda]

BTW the link you use to check (below) is legitimate, it is owned by Checkpoint.

Gooligan malware affects 1.3 million Android phones
Don't download apps outside of official app stores

WFTS Webteam
5:18 AM, Dec 1, 2016
7 mins ago

Hackers have infected over 1.3 million Android phones and hacked into Google accounts through fake apps.

The malware campaign is named Gooligan.

Researchers at Check Point, a cybersecurity firm, says that hackers stole digital "tokens" and got access to Google account information. The hackers have not stolen the information, Google says.

Once infected, the android phones install fake apps and then rate them highly, making it more likely for other users to download the apps.

Google has started to remove the fake apps from their official store.

Check Point reports that of the 1 million breached accounts, 19 percent are in the Americas, 9 percent are in Europe, 15 percent are in Africa and 57 percent are in Asia.

Enter your email address at this website to see if your account was breached.

Check Point says if your account has been breached, follow these steps:

Power off your device and visit a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
Change your Google account passwords immediately after this process.
List of fake apps infected by Gooligan:

• Perfect Cleaner
• Demo
• WiFi Enhancer
• Snake
• gla.pev.zvh
• Html5 Games
• Demm
• memory booster
• แข่งรถสุดโหด
• StopWatch
• Clear
• ballSmove_004
• Flashlight Free
• memory booste
• Touch Beauty
• Demoad
• Small Blue Point
• Battery Monitor
• 清理大师
• UC Mini
• Shadow Crush
• Sex Photo
• 小白点
• tub.ajy.ics
• Hip Good
• Memory Booster
• phone booster
• SettingService
• Wifi Master
• Fruit Slots
• System Booster
• Dircet Browser
• FUNNY DROPS
• Puzzle Bubble-Pet Paradise
• GPS
• Light Browser
• Clean Master
• YouTube Downloader
• KXService
• Best Wallpapers
• Smart Touch
• Light Advanced
• SmartFolder
• youtubeplayer
• Beautiful Alarm
• PronClub
• Detecting instrument
• Calculator
• GPS Speed
• Fast Cleaner
• Blue Point
• CakeSweety
• Pedometer
• Compass Lite
• Fingerprint unlock
• PornClub
• com.browser.provider
• Assistive Touch
• Sex Cademy
• OneKeyLock
• Wifi Speed Pro
• Minibooster
• com.so.itouch
• com.fabullacop.loudcallernameringtone
• Kiss Browser
• Weather
• Chrono Marker
• Slots Mania
• Multifunction Flashlight
• So Hot
• Google
• HotH5Games
• Swamm Browser
• Billiards
• TcashDemo
• Sexy hot wallpaper
• Wifi Accelerate
• Simple Calculator
• Daily Racing
• Talking Tom 3
• com.example.ddeo
• Test
• Hot Photo
• QPlay
• Virtual
• Music Cloud

Gooligan malware affects 1.3 million Android phones - wptv.com

[harrybarracuda]

For fuck's sake....

Ransomware Offers Incentives To Infect Others With Malware

Matthew Broersma , December 12, 2016, 12:42 pm

The malware offers a free decryption key if the victim forces to others to pay up

A new ransomware variant introduces a twist into the malware by offering users a free decryption key, but only if they successfully infect two others and force them to pay up.

The malware, called Popcorn Time, offers users two ways to unlock their files, the “easy way”, by paying 1 Bitcoin (about £620), or the “nasty way”, by sending a “referral link” to other computers.

Referral link

If two others pay a ransom as a result of the referral, the original victim will be sent a free decryption key, according to the instructions displayed by the malware.

The program isn’t related to the video-streaming application of the same name, according to computer security researchers MalwareHunterTeam.

The malware’s source code indicates that it contains a feature that begins deleting users’ files if the wrong key is entered four times, although the feature hasn’t yet been enabled, according to IT education site Bleeping Computer, which earlier disclosed MalwareHunterTeam’s research.

Ransomware rise

The malware is still under development, according to MalwareHunterTeam, and currently targets files in the My Documents, My Pictures, My Music, and desktop folders.

Files are encrypted using the AES-256 algorithm, with a .filock extension appended to the filename.

Researchers have reported a sharp rise in malware infections this year, with some reporting a large proportion of those who pay didn’t receive a decryption key.

Kaspersky Lab said infections of enterprises rose threefold between the first and third quarters of this year, attaining a rate of one infection every 40 seconds.

“The classic ‘affiliate’ business model appears to be working as effectively for ransomware as it does for other types of malware,” said Fedor Sinitsyn, senior malware analyst at Kaspersky Lab. “Victims often pay up so money keeps flowing through the system. Inevitably this has led to us seeing new cryptors appear almost daily.”

The company found 20 percent of small businesses who paid a ransom didn’t have access restored.

Trend Micro also surveyed businesses who paid ransoms and found the same proportion did not receive a decryption key.

Trend said new ransomware families grew by four times from January to September 2016 and predicted the figure would grow by another 25 percent in the coming year.

'Popcorn Time' Ransomware Offers Incentives To Infect Others

[harrybarracuda]

Certain Netgear Routers with Critical Vulnerability.

Links to updated firmware can be found in the article itself, but easy to mitigate in the meantime by turning off Remote Management if you have it on.

NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management

Frequently Asked Questions

What is the vulnerability and what does it mean to my router?

It was discovered that the security mechanism to authenticate the administrator to the router can be bypassed with a script that repeatedly calls a specific URL. The attacker can subsequently gain access to the router settings page.

How can someone launch this attack?

The attack can only be launched once the attacker gets on the network by either connecting wirelessly to the network, with a Ethernet connection to the router, or remotely from the Internet if the remote management feature is turned on. By default remote management is turned off.

How do I prevent this attack?

First step of all security measures is to block unauthorized access to your network. By default NETGEAR routers are pre-configured with random security SSID and passphrase. It is recommended to change the SSID and passphrase, as well as administrator password to the router setup GUI page. You can also block unauthorized device from the NETGEAR genie app or desktop application by right-clicking on the unauthorized device in the Network Map.

Is my router affected?

The following router models are affected.

JNR1010v2 / WNR614 / WNR618 / JWNR2000v5 / WNR2020 / JWNR2010v5 / WNR1000v4 / WNR2020v2 / R6220 / WNDR3700v5

What is NETGEAR doing about it?

NETGEAR takes customer security seriously and has released a firmware that fixes this issue. Details can be found on the firmware release notes articles # 29959, 29461, and 27635.
Customers can be notified of the new firmware by checking the Router Update page, desktop, and mobile genie app. NETGEAR will also proactively notify registered users via email.

Where do I find NETGEAR genie App?

You can download NETGEAR genie App here

genie Landing Page | Apps | Discover | Home | NETGEAR
If you have any security concerns, you can reach us at security@netgear.com.

Last Updated:11/28/2016 | Article ID: 29960

NETGEAR Product Vulnerability Advisory: Potential security issue associated with remote management | Answer | NETGEAR Support

[Dragonfly]

Certain Netgear Routers with Critical Vulnerability.

slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily

[harrybarracuda]

Certain Netgear Routers with Critical Vulnerability.

slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily

Yeah but not by you, you dim fucker.

[harrybarracuda]

Beta Firmware for affected models is available here:

Security Advisory for VU 582384 | Answer | NETGEAR Support

Or you can kill the web server, which won't stop everything else, and which will restart if you restart the route, by opening this URL:

http://<Your Router IP>/cgi-bin/;killall$IFS’httpd‘

[slackula]

Certain Netgear Routers with Critical Vulnerability.

slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily

And yet after all your years of threats you have managed to do precisely nothing....

Zilch. Zero. Nada. Nothing.

Your last triumphal announcement was that you had managed to discover the brand of my old router and downloaded the user manual for it or some krap like that. You suck at this.

Now, why don't you stick to bragging that you know where I live but are too scared to visit in case you get bitten by a cat or something you fokking pathetic loser.

[Dragonfly]

Certain Netgear Routers with Critical Vulnerability.

slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily

Yeah but not by you, you dim fucker.

I asked Putin and he sent his best team to do it,

the same ones who did the DNC, you know the hack you claimed you saw the forensic

[Dragonfly]

Zilch. Zero. Nada. Nothing.

how would you know, you can't even secure you own router

[Dragonfly]

bragging that you know where I live but are too scared to visit in case you get bitten by a cat

do not test me, I have Russian special ops on speed dial and they can make your life very complicated

[harrybarracuda]

Certain Netgear Routers with Critical Vulnerability.

slackula is running a Netgear router with all options enabled, no wonder he got hacked so easily

Yeah but not by you, you dim fucker.

I asked Putin and he sent his best team to do it,

the same ones who did the DNC, you know the hack you claimed you saw the forensic

For the third time, if you weren't such a dim fucker you could read it yourself as I POSTED THE LINK you cum-guzzling fucking moron.

[Dragonfly]

downloaded the user manual

I was trying to help you secure your router since you hadn't even read the manual for basic securing options

[Dragonfly]

I POSTED THE LINK

that was your forensic ? oh boy call center boy, this is quite mediocre evidence even by your stinky Indian standards

[Cujo]

BTW the link you use to check (below) is legitimate, it is owned by Checkpoint.

Gooligan malware affects 1.3 million Android phones
Don't download apps outside of official app stores

WFTS Webteam
5:18 AM, Dec 1, 2016
7 mins ago

Hackers have infected over 1.3 million Android phones and hacked into Google accounts through fake apps.

The malware campaign is named Gooligan.

Researchers at Check Point, a cybersecurity firm, says that hackers stole digital "tokens" and got access to Google account information. The hackers have not stolen the information, Google says.

Once infected, the android phones install fake apps and then rate them highly, making it more likely for other users to download the apps.

Google has started to remove the fake apps from their official store.

Check Point reports that of the 1 million breached accounts, 19 percent are in the Americas, 9 percent are in Europe, 15 percent are in Africa and 57 percent are in Asia.

Enter your email address at this website to see if your account was breached.

Check Point says if your account has been breached, follow these steps:

Power off your device and visit a certified technician, or your mobile service provider, to request that your device be “re-flashed.”
Change your Google account passwords immediately after this process.
List of fake apps infected by Gooligan:

• Perfect Cleaner
• Demo
• WiFi Enhancer
• Snake
• gla.pev.zvh
• Html5 Games
• Demm
• memory booster
• แข่งรถสุดโหด
• StopWatch
• Clear
• ballSmove_004
• Flashlight Free
• memory booste
• Touch Beauty
• Demoad
• Small Blue Point
• Battery Monitor
• 清理大师
• UC Mini
• Shadow Crush
• Sex Photo
• 小白点
• tub.ajy.ics
• Hip Good
• Memory Booster
• phone booster
• SettingService
• Wifi Master
• Fruit Slots
• System Booster
• Dircet Browser
• FUNNY DROPS
• Puzzle Bubble-Pet Paradise
• GPS
• Light Browser
• Clean Master
• YouTube Downloader
• KXService
• Best Wallpapers
• Smart Touch
• Light Advanced
• SmartFolder
• youtubeplayer
• Beautiful Alarm
• PronClub
• Detecting instrument
• Calculator
• GPS Speed
• Fast Cleaner
• Blue Point
• CakeSweety
• Pedometer
• Compass Lite
• Fingerprint unlock
• PornClub
• com.browser.provider
• Assistive Touch
• Sex Cademy
• OneKeyLock
• Wifi Speed Pro
• Minibooster
• com.so.itouch
• com.fabullacop.loudcallernameringtone
• Kiss Browser
• Weather
• Chrono Marker
• Slots Mania
• Multifunction Flashlight
• So Hot
• Google
• HotH5Games
• Swamm Browser
• Billiards
• TcashDemo
• Sexy hot wallpaper
• Wifi Accelerate
• Simple Calculator
• Daily Racing
• Talking Tom 3
• com.example.ddeo
• Test
• Hot Photo
• QPlay
• Virtual
• Music Cloud

Gooligan malware affects 1.3 million Android phones - wptv.com

That's a long list. I have one of those apps, Clean Master, I've had it for years, it's very good. But what does it mean? I've never noticed any issues with it. I'n not going to flash my phone, what a pain in the arse.

[harrybarracuda]

I POSTED THE LINK

that was your forensic ? oh boy call center boy, this is quite mediocre evidence even by your stinky Indian standards

It's just too complicated for idiots like you Buttplug. As are most things.

[harrybarracuda]

CyberReason have released (at least for now) a free anti-Ransomware product that might interest you.

It's available from their website: https://ransomfree.cybereason.com/

There's a writeup here: https://www.cybereason.com/blog-cybe...-held-hostage/

I installed it on a spare machine to check it out; while it's installing it appears to freeze and the disk light is on solid - classic Ransomware symptom that! - but it's just part of the installation and it will finish installing after a few minutes.

It works on Windows 7 upwards, so if you're still dumb enough to be running Windows XP, hard luck, you'll just have to keep risking it.

[harrybarracuda]

If you didn't have a good reason to turn off Autofill before, you have now.

https://www.theguardian.com/technolo...-chrome-safari

[Dragonfly]

I bet you use it all time, along with your other password managers

[harrybarracuda]

I bet you use it all time, along with your other password managers

And here's the dribbling cumguzzler with yet another inane comment.

Fuck off Buttplug, you're too stupid to be here.

[harrybarracuda]

Microsoft next month will stop issuing detailed security bulletins, which for nearly 20 years have provided individual users and IT professionals information about vulnerabilities and their patches.

One patching expert crossed his fingers that Microsoft would make good on its pledge to publish the same information when it switches to a new online database. "I'm on the fence right now," said Chris Goettl, product manager with patch management vendor Shavlik, of the demise of bulletins. "We'll have to see [the database] in February before we know how well Microsoft has done [keeping its promise]."

Microsoft announced the demise of bulletins in November, saying then that the last would be posted with January's Patch Tuesday -- the monthly round of security updates for Windows and other Microsoft software -- and that the new process would kick in on Feb. 14, next month's patch day.

The web-based bulletins have been a feature of Microsoft's patch disclosure policies since at least 1998, and for almost as long have been considered the professional benchmark by security experts.

A searchable database of support documents will replace the bulletins; that database has been available, albeit in preview, since November on the portal Microsoft dubbed the "Security Updates Guide," or SUG.

The documents stored in the database are specific to a vulnerability on an edition of Windows, or a version of another Microsoft product. They can be sorted and filtered by the affected software, the patch's release date, its CVE (Common Vulnerabilities and Exposures) identifier, and the numerical label of the KB, or "knowledge base" support document.

"Our customers have asked for better access to update information, as well as easier ways to customize their view to serve a diverse set of needs," wrote an unnamed member of the Microsoft Security Response Center in November to explain the switch from bulletins to database.

Goettl saw it differently, saying that the change became a necessity once Microsoft upended Windows patching practices with the mid-2015 launch of Windows 10.

"Microsoft created a reporting and compliance issue for its customers with the discrepancy between Windows 10 and everything else," Goettl said. "With Windows 10, enterprises were auditing a single install instead of six to 10 of them. Then they brought legacy Windows into this as well."

Goettl was talking about the radical patching practice Microsoft introduced with Windows 10, where all security updates for a month are collected into a single download-and-install package. Unlike with 10's predecessors, individual patches cannot be withheld -- a common tactic IT administrators have used when reports surface that a specific patch breaks other software, cripples systems or disrupts workflows.

Critics immediately laid into Microsoft over Windows 10 updates, lambasting both the consolidated and cumulative nature of the patches but also the move to vague and generic descriptions of the underlying vulnerabilities and what the fixes addressed. They expanded their critiques to Windows 7 and Windows 8.1 when in October Microsoft adopted the same update methodology for those older OSes.

"Bulletins cannot be used to report compliance in the enterprise," said Goettl, because they are inconsistent with all-or-nothing updates. The disparity -- bulletins described individual updates, while the updates themselves contained multiple patches that could not be separated -- made the bulletins useless.

But the informational content of the bulletins will remain valuable, Goettl argued, even if updates are packaged differently than before. Microsoft agreed: In a FAQ about the database, the company said, "By February, information provided in the new Security Updates Guide will be on par with the set of details available in traditional security bulletin webpages."

The Security Updates Guide's preview has not met that mark; some information found in the January Patch Tuesday bulletins, for example, was missing from the appropriate entries in the online database.

"There will be a lot of people who will be very put out if [Microsoft] neglects [things like] what's being exploited," said Goettl of the support document replacements. "The key indicators are still very important."

Goettl was willing to give Microsoft the benefit of the doubt for now, but was adamant that the Redmond, Wash. company had to make good on its vow to retain the bulletins' content. "By February, Microsoft is going to have to prove to us that this is a good thing for us," he said.

Microsoft slates end to security bulletins in February | Computerworld

[harrybarracuda]

And this wanker is Trump's "Cyber Security Adviser"? Fucking hell, they might as well hire Buttplug.

ORANGE MAN AND SOON TO BE PRESIDENT Donald Trump has appointed former New York mayor Rudy Giuliani as his special advisor on cyber security.

But within hours of his appointment, security experts were pointing out the glaring insecurities in Giuliani's own security company website, including the use of old, unpatched software, the lack of a firewall and multiple open ports.

Giuliani, a lawyer who graduated from the New York University School of Law, was elected the 107th Mayor of New York City in January 1994 and served two terms until the end of December 2001.

Since 2002, his company Giuliani Partners has offered security consulting under the Giuliani Security & Safety subsidiary while, at the same time Giuliani also opened a legal practice in Manhattan.

But security specialists were quick to appraise the security of Giuliani's own website - finding it wanting in many basic respects. It runs an old copy of the Joomla open-source content management system on a copy of FreeBSD that was released in 2008. It uses an end-of-life version of PHP, has no firewall and lots of open ports.


Furthermore, its SSL certificate has expired and, perhaps most heinous of all, it runs Adobe Flash.

"Oh yeah, I totally trust this guy to put together a top-notch team to protect us from hackers," commented Aquent senior developer Michael Fienen.

Speaking to Motherboard, though, a Giuliani executive suggested that the company's security focus was legal, rather than technical, and aimed at helping the CEO not get fired over security, rather than preventing security breaches.

"If you hired them on a cyber engagement, they are going to tell you what your legal obligations are and how to manage the legal risk related to cyber," the anonymous executive told Motherboard. "Basically, not to prevent a Target [breach], but how to prevent a Target CEO [from] being fired."

On the company's website, it claims: "Giuliani Security & Safety offers corporations, individuals, and governments a comprehensive range of security and crisis management services.

"The firm's domestic and international experts possess a broad range of experience in law enforcement, crisis management, life safety, intelligence gathering, internal investigations, forensic accounting, and security design and architecture."

However, it's unclear for whom the company provides services, especially as its own security would appear to be sorely lacking.

Trump's cyber security advisor runs an insecure website that's easily hacked | TheINQUIRER

[Chico]

Thought harry the Hacker was on Holiday you sad fucker.

[harrybarracuda]

Thought harry the Hacker was on Holiday you sad fucker.

Go and fuck yourself, bollock brain, there's a good lad.

[Dragonfly]

Harry is a hack, but not a hacker