*** The Security News Thread ***

[Dragonfly]

ok, dumbo, try to guess ITS stands for in most large IT corporate department

oh wait you are working for filthy arabs in the desert, probably a sovereign fund thing, full of clueless lazy IT tards looking for a recycled career

[harrybarracuda]

ok, dumbo, try to guess ITS stands for in most large IT corporate department

oh wait you are working for filthy arabs in the desert, probably a sovereign fund thing, full of clueless lazy IT tards looking for a recycled career

I think the housewife who is your boss and told you to use these imaginary terms probably knows the same level of jack shit that you do.

[Dragonfly]

fuckwit indian don't know, as usual

like how to rename a WIFI connection in Win10

regedit that bitch

[harrybarracuda]

Talking of Patching....

Microsoft strangles critical vulnerabilities, including in-the-wild zero-day flaw. Patch now!

3 days ago
2 Min Read


Microsoft has once again released a batch of essential security updates for users of its software.
One of the flaws (CVE-2017-8759) addressed by Microsoft’s patches is a previously unknown vulnerability in the .Net framework. The zero-day vulnerability was being actively exploited in attacks which targeted Russian-speaking users with poisoned Word documents that served up a version of the FinFisher spyware.
FinFisher, also known as FinSpy or WingBird, is a family of controversial covert surveillance software which has often been linked to spying on political dissidents by intelligence agencies and repressive regimes around the world.
The makers of FinFisher claim that they sell their controversial software exclusively to government agencies for targeted criminal investigations, suggesting that the latest wave of attacks are the work of a hacking group assisted by a state actor.
The most recent attacks on Russian speakers have been tied to a hacking gang known as Neodymium, which in early May 2016 exploited a Flash Player zero-day vulnerability to infect targeted computers with FinFisher. Most of the victims of that attack were located in Turkey, although infections were also seen in Germany, the United Kingdom and the United States.
Also of note is that Microsoft has revealed it has pushed out a fix for the newly-announced BlueBorne exploits (CVE-2017-8628), which could allow an attacker to initiate a Bluetooth connection to a targeted device without the user’s knowledge, and open opportunities ofr man-in-the-middle (MITM) attacks
In its Patch Tuesday release, Microsoft addressed 81 new vulnerabilities – of which 27 have been given the highest rating of “critical”.
In addition, Microsoft is releasing an update to the version of Adobe Flash Player embedded in its Edge and Internet Explorer browsers. Affected software includes Edge, Hyper-V, Internet Explorer, Microsoft Office, Remote Desktop Protocol, Sharepoint, Windows Graphic Display Interface, and Windows Kernel Mode Drivers. In addition, Microsoft is also releasing an update for Adobe Flash Player embedded in Edge and Internet Explorer.
Make sure to roll out Microsoft’s security updates to your vulnerable computers at the earliest opportunity to reduce the chances of a hacker successfully exploiting your devices.
Enterprise customers are recommended to test that the patches do not cause any problems during roll-out on a test set of PCs, before updating all of their PCs across the business.
https://hotforsecurity.bitdefender.c...6.html#new_tab

[Dragonfly]

maybe Microsoft should start thinking about leaving the OS and software business,

that fucking company had been patching hard all their software for the last 15 years,

getting worse and worse, above all when you hire Indians to write your code

[harrybarracuda]

maybe Microsoft should start thinking about leaving the OS and software business,

that fucking company had been patching hard all their software for the last 15 years,

getting worse and worse, above all when you hire Indians to write your code

Don't worry Buttplug, you don't have to worry about patching your 486 running Microsoft Bob.

[Dragonfly]

That 486 with Win95 is still working fine

however, my iPod 4 with iOS 4.1 has stopped functioning, for some reasons, all those apps won't run without an update

damn Apple !!!

Tab 10'' with Android 3.0 still working great though

[baldrick]

That 486 with Win95 is still working fine

a 25Mhz processor and 1 meg of ram - or will you be trying to tell us you have a dx2 66 with 8 meg and with your mad bootskillz it comes out of dreaming mode in milliseconds

you are full of sh1t buttplg

[Dragonfly]

a 25Mhz processor and 1 meg of ram - or will you be trying to tell us you have a dx2 66 with 8 meg and with your mad bootskillz it comes out of dreaming mode in milliseconds

you are full of sh1t buttplg

DX66 overclocked to 100Mhz with 4MB of RAM (why would you need more) and 512MB HDD

sorry not boot time in ms, why would you believe that it would be possible with Win95, dumbo ?

another instance of your cluelessness

[baldrick]

sorry not boot time in ms, why would you believe that

obviously you booting into comphrension mode is just not possible

of dreaming mode in milliseconds

is it the translation back into flemm^^cum guzzling^^ish where the error occurs ?

[harrybarracuda]

Cheeky c u n t s.

The Pirate Bay is secretly running a Bitcoin miner in the background, increasing your CPU usage

When it comes to the Pirate Bay, it's usually movie studios, music producers and software creators that get annoyed with the site -- you know, copyright and all that. But in an interesting twist it is now users who find themselves irked by -- and disappointed in -- the most famous torrent site in the world.
So what's happened? Out of the blue, the Pirate Bay has added a Javascript-powered Bitcoin miner to the site. Nestling in the code of the site is an embedded cryptocurrency miner from Coinhive. Users who have noticed an increase in resource usage on their computers as a result of this are not happy.

The issue is a very new one, with users only noticing a CPU spike starting later on in the day yesterday. Needless to say, the reaction has not been good -- even from the Pirate Bay's own moderators. Over on Reddit, there are complaints about "100% CPU on all 8 threads while visiting TPB," and there are also threads on the PirateBay Forum.
As noted by TorrentFreak, a quick delve into the HTML of the PirateBay reveals what's going on.
An administrator and "supermod" on the PirateBay Forum, Sid is far from impressed:

ffs [That's addressed to Winston not you lot.]
That really is serious, so hopefully we can get some action on it quickly. And perhaps get some attention for the uploading and commenting bugs while they're at it.

He offers the following advice for anyone concerned about the latest addition:

Until it is fixed (and I would expect it to be fixed sooner rather than later) noscript will block it from running, as will disabling javascript.
Blocking/disabling javascript will compromise site functionality in several ways:
- scrolling back though pages of comments won't work
- posting comments won't be possible
- viewing the file list won't work

The website for the Javascript miner even recommends against doing what the Pirate Bay is doing -- that is, sneaking the miner in under the radar without telling anyone:

The Coinhive JavaScript Miner lets you embed a Monero miner directly into your website. The miner itself does not come with a UI -- it's your responsibility to tell your users what's going on and to provide stats on mined hashes.
While it's possible to run the miner without informing your users, we strongly advise against it. You know this. Long term goodwill of your users is much more important than any short term profits.

Any thoughts on this?

https://betanews.com/2017/09/16/pirate-bay-secret-bitcoin-miner/?utm_source=feedburner&utm_medium=feed&utm_campaig n=Feed+-+bn+-+BetaNews+Latest+News+Articles

[harrybarracuda]

If you are a Kodi user, take note:

Kodi is quite possibly the best media center software of all time. If you are looking to watch videos or listen to music, the open source solution provides an excellent overall experience. Thanks to its support for "addons," it has the potential to become better all the time. You see, developers can easily add new functionality by writing an addon for the platform. And yes, some addons can be used for piracy, but not all of them are. These addons, such as Exodus and Covenant, are normally added using a repository, which hosts them.


Unfortunately, there can apparently be security issues with repositories when they shut down. For example, when the metalkettle repo ended, the developer deleted its entry on GitHub. This in itself is not a cause for concern, but unfortunately, GitHub's allowance of project names to be recycled is. You see, someone re-registered the metalkettle name, making it possible for nefarious people to potentially serve up malware to Kodi users.


The warning came from the metalkettle developer over on Twitter (who has since deleted his Twitter account too). As you can see below, he warns that devices with the repository installed could be in danger from a security standpoint. If a user was to search that repo, and the new owner of the GitHub name was to share malware, the user could assume it is safe and install it.


We do not know 100 percent if the person that re-registered the metalkettle name on GitHub is planning anything evil, but it is better to be safe than sorry. If you still have the repository installed, you should remove it immediately. Not to mention, if you know someone using Kodi, such as a friend or family member, you should warn them too.

Someone has re-registered metalkettle on github. So in theory could polute and devices with the repo still installed. #ItsNotMe


— MetalKettle Ⓜ️ (@metal_kettle) September 15, 2017

https://betanews.com/2017/09/15/kodi...r-metalkettle/

[Dragonfly]

I hate Github wankers who shutdown their account after contributing to their opensource code for some time,

it defeats the purpose of opensource longevity and reliability,

fucking millennial wankers, don't think of the consequences of their actions

[harrybarracuda]

I hate Github wankers who shutdown their account after contributing to their opensource code for some time,

it defeats the purpose of opensource longevity and reliability,

fucking millennial wankers, don't think of the consequences of their actions

Alternatively perhaps the owners of Github are remiss for letting accounts get recycled.

[harrybarracuda]

If you're a CCLEANER user, you might want to update to the latest version and do a full antivirus scan.

Talos recently observed a case where the download servers used by software vendor to distribute a legitimate software package were leveraged to deliver malware to unsuspecting victims. For a period of time, the legitimate signed version of CCleaner 5.33 being distributed by Avast also contained a multi-stage malware payload that rode on top of the installation of CCleaner.

[David48atTD]

^ Thanks

I've updated and done a full scan with both AVG and MalwareBytes and nothing was detected.

[harrybarracuda]

How fucking embarrassing for an AV company not to realise that they served up more than two million customers with malware!

[Dragonfly]

Avast has always been an amateurish company and a bunch of wankers

I can't believe how many fucking idiots download AV from Avast for free and think they are really safe

[harrybarracuda]

Another ransomware attack....Keep your eyes peeled for dodgy emails, do a Windows Update and update your antivirus. ***

A ransomware attack sweeping the globe right now is launching about 8,000 different versions of the virus script at Barracuda's customers, Eugene Weiss, lead platform architect at Barracuda, told Axios, and it's hitting at a steady rate of about 2 million attacks per hour.Weiss' gut reaction on this hack: "What's remarkable about this one is just the sheer volume of it."

Here's what you need to know on the latest:

• Automated hacking: "Nobody actually sat there and made 8,000 digital modifications," Weiss said. The way they do it is by using a kit that essentially automates code variations.
• What to watch out for: An incoming email spoofing the destination host, with a subject about "Herbalife" or a "copier" file delivery. Two of the latest variants Barracuda has detected include a paragraph about legalese to make it seem official, or a line about how a "payment is attached," which tricks you to click since, as Weiss puts it, "everyone wants a payment."
• The hackers are using social engineering to get people to click. That's increasingly becoming a trend, per Weiss. It's "less pure technical hacks" and instead using psychological tactics "get someone to click on something they shouldn't be."
• If you remember one thing: "Don't click the link that is absolutely the most essential thing."
• The targets: Email addresses at businesses or institutional groups in the U.S. or Canada.
• It's likely not a nation-state perpetrating the hack, since the hackers' motives are financial. Instead it's a small, sophisticated group of criminals. The attacks are originating in Vietnam for the most part, as well as India, Colombia, Turkey, Greece, and a few other countries.
• The future of global hacks: "At some point in the future you may see multilingual internationalized" hacks, Weiss said. In other words, they could be language-targeted. While the messages from these particular hackers are all in English so far, the virus programs are assessing the target computers' language settings.

https://www.axios.com/ransomware-hac...487583502.html

Cisco's Talos Intelligence Group Blog: New Ransomware Variant "Nyetya" Compromises Systems Worldwide

[Dragonfly]

fucking safe here with Win2000 server,

[harrybarracuda]

fucking safe here with Win2000 server,

What a fucking moron, you can't even get it right when you're trying to be funny.

Stick to the "Getting fucked by ladyboys" thread buttplug, it's the only thing you're good at I reckon.

[Dragonfly]

hey Harry, didn't realize they had virus named after you

but at the same time, you do act like one

[harrybarracuda]

Still ironing out the wrinkles, but it seems there is a recommendation to use mobile data to access sensitive sites rather than WPA2 Wifi, at least until it is fixed (if it ever is, depending on the vendor).

Alternatively, use a trusted VPN.

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.
The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8am Monday, East Coast time. A website disclosing the vulnerability said it affects the core WPA2 protocol itself and is effective against devices running the Android, Linux, Apple, Windows, and OpenBSD operating systems, as well as MediaTek Linksys, and other types of devices. The site warned attackers can exploit it to decrypt a wealth of sensitive data that's normally encrypted by the nearly ubiquitous Wi-Fi encryption protocol.
"This can be abused to steal sensitive information such as credit card numbers, passwords, chat messages, emails, photos, and so on. The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites."

https://arstechnica.com/information-...eavesdropping/


Added: This is not a remote attack, the attacker needs to be in range of the Wifi in question.

[David48atTD]

Wi-fi connections vulnerable to hackers after flaw discovered



The US Department of Homeland Security has warned of cyber risks associated with a widely-used system for
securing wi-fi communications, after Belgian researchers discovered a flaw that could allow hackers to read
information thought to be encrypted, or infect websites with malware.

Key points:

• Researchers say the flaw is likely to affect all devices that support wi-fi
• US Homeland Security has recommended installing vendor updates
• An industry group thinks the issue can be easily patched

The alert from the DHS Computer Emergency Response Team said the flaw could be used within range of wi-fi using the
WPA2 protocol to hijack private communications.

It recommended installing vendor updates on affected products, such as routers provided by Cisco Systems Inc or Juniper Networks Inc.
Belgian Researchers Mathy Vanhoef and Frank Piessens of Belgian university KU Leuven disclosed the bug in WPA2, which
secures modern wi-fi systems used by vendors for wireless communications between mobile phones, laptops and other connected
devices with Internet-connected routers or hot spots.

"If your device supports wi-fi, it is most likely affected," the researchers said.

They have set up a website to provide technical information about the flaw.

The site also details methods hackers might use to attack vulnerable devices.
Here

[harrybarracuda]

There is a list of affected products here. It is long, but not exhaustive!

https://www.kb.cert.org/vuls/byvendo...&SearchOrder=4