• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos3 Stats

Security News

Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the attackers are thought to be a single entity. That theory's based on commonalities in the Bitcoin wallets they use to receive ransom payments.

 http://www.theregister.co.uk/2015/10/30/crypowall_paper_cyber_threat_alliance/

Kaspersky Lab has added an additional 14,031 decryption keys to their free repository, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals.

http://www.net-security.org/malware_news.php?id=3137 

Replies

Kudos0

Re: Security News

Okay.  Thanks again.  I just reached out to Quad9.  

Kudos0

Re: Security News

We have 100s of servers around the world responding to ANYCAST queries.
Please use 149.112.112.112 as your alternate DNs server.


For alternate DNS server, please use 149.112.112.112
as for reliability, we have infrastructures in about 100 different physical locations around the world responding to anycast queries.

Quad9 

Kudos1 Stats

Re: Security News

OSX.Proton spreading through fake Symantec blog [..] The fake post promotes a program called “Symantec Malware Detector,” supposedly to detect and remove the malware. No such program actually exists.

https://blog.malwarebytes.com/threat-analysis/mac-threat-analysis/2017/11/osx-proton-spreading-through-fake-symantec-blog/

Kudos0

Re: Security News

A new tech support scam technique streamlines the entire scam experience, leaving potential victims only one click or tap away from speaking with a scammer. We recently found a new tech support scam website that opens your default communication or phone call app, automatically prompting you to call a fake tech support scam hotline.

https://blogs.technet.microsoft.com/mmpc/2017/11/20/new-tech-support-scam-launches-communication-or-phone-call-app/ 

Kudos0

Re: Security News

To create the impression of a “problem”, tech support scam websites attempt to lock the browser. Some do this using pop-up or dialog loops ....

Sounds familiar .... 

Hugh
Kudos0

Re: Security News

Kudos1 Stats

Re: Security News

Kudos1 Stats

Re: Security News

Scammers are using fake messages and a phony "Troubleshooter for Windows" application to get $25 from victims.

https://www.cnet.com/news/this-scam-tricks-you-into-buying-fake-tech-support-software/ 

Kudos0

Re: Security News

Trust Your Security Vendor, 'They Have Access to Everything You Do,' Says F-Secure Research Chief

http://www.securityweek.com/trust-your-security-vendor-they-have-access-everything-you-do-says-f-secure-research-chief 

Kudos0

Re: Security News

Western allies consider offensive cyber warfare agreement as Russia launches plan for ‘independent internet’

https://www.cyberscoop.com/western-allies-consider-offensive-cyber-warfare-pact-as-russia-launches-plan-for-independent-internet/

Kudos1 Stats

Re: Security News

Google Chrome vows to carpet bomb meddling Windows antivirus tools.
Browser will block third-party software from mucking around with pages next year.
By mid-2018 Google Chrome will no longer allow outside applications – cough, cough, antivirus packages – to run code within the browser on Windows.

http://www.theregister.co.uk/2017/11/30/google_chrome_antivirus_shutout/ 

Kudos0

Re: Security News

I wonder what that means for HMP.A / MB / NS?

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Security News

Rather than accept injected code, Chrome will require applications to use either Native Messaging API calls or Chrome extensions to add functionality to the browser. Google believes both methods can be used to retain features without having to risk browser crashes. [..]
Google is advising developers to get out ahead of the changes by shifting to extensions or Native Messaging and testing their software for compatibility with Chrome Beta browser builds.

we'll see?

Kudos0

Re: Security News

Kudos0

Re: Security News

Kudos0

Re: Security News

Ghostery Deploys AI in the Fight Against Ad Trackers
https://www.wired.com/story/ghostery-deploys-ai-in-fight-against-ad-trackers/

Kudos0

Re: Security News

Alarming Cybersecurity Statistics
https://www.appguard.us/blog/cybersecurity-statistics
 

Kudos0

Re: Security News

Norton Security Premium is a security software that is good when it comes to:

https://www.digitalcitizen.life/security-everyone-reviewing-norton-security 

Kudos0

Re: Security News

Kudos1 Stats

Re: Security News

Researchers have found a database of 1.4 billion clear text credentials in what appears to be the single largest aggregate database yet found on the dark web.

http://www.securityweek.com/database-14-billion-credentials-found-dark-web 

Kudos0

Re: Security News

Kudos0

Re: Security News

Kudos1 Stats

Re: Security News

Kaspersky Sues U.S. Government Over Product Ban
http://www.securityweek.com/kaspersky-sues-us-government-over-product-ban

Kudos0

Re: Security News

Kudos0

Re: Security News

Kaspersky’s business with the U.S. government wildly pales in comparison to competitors like FireEye and Symantec. According to USASpending.gov, FireEye earned approximately $51 million in prime contracts in FY2016 and FY2017. Symantec earned approximately $117 million in prime contracts over the same time frame.

https://www.cyberscoop.com/kaspersky-us-government-contracts-dhs-bod-lawsuit/

Kudos1 Stats

Re: Security News

Kudos1 Stats

Re: Security News

There’s no need to panic over the lavishly publicized Meltdown and Spectre security holes. Behind the bellicose roars of certain doom, a handful of important facts stand out.  Jan 4, 2018

https://www.computerworld.com/article/3245788/microsoft-windows/windows-meltdown-and-spectre-keep-calm-and-carry-on.html 


How to Check and Update Windows Systems for the Meltdown and Spectre CPU Flaws.  Jan 4, 2018

https://www.bleepingcomputer.com/news/microsoft/how-to-check-and-update-windows-systems-for-the-meltdown-and-spectre-cpu-flaws/ 

Kudos0

Re: Security News

Scary Chip Flaws Raise Spectre of Meltdown 
Jan 5, 2018
https://krebsonsecurity.com/2018/01/scary-chip-flaws-raise-spectre-of-meltdown/

Kudos2 Stats

Re: Security News

Important information about Microsoft Meltdown CPU security fixes, antivirus vendors and you

“Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key”

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Security News

Risk Based Security brings some sanity to the Meltdown debacle
I just finished reading this article, recommended by Kevin Beaumont. The Slow Burn of Meltdown and Spectre: Exploits, Lawsuits, and Perspective.
I repeat – forgive me if you’ve heard this before – but there are NO KNOWN Meltdown or Spectre exploits in the wild.
For everybody else, the first attacks (if there ever are any) are likely to come through web browsers. You need to harden your browser as soon as the update is available. You’ll want to install the new Windows patches as soon as they pass muster. And you need to get your BIOS or UEFI updated one of these days. But there’s no big rush.

https://www.askwoody.com/2018/risk-based-security-brings-some-sanity-to-the-meltdown-debacle/ 

Kudos0

Re: Security News

Krusty13: “Customers will not receive the January 2018 security updates (or any subsequent security updates) and will not be protected from security vulnerabilities unless their antivirus software vendor sets the following registry key”


How to Check if Your PC Is Protected Against Meltdown and Spectre
https://www.howtogeek.com/338801/how-to-check-if-your-pc-is-protected-against-meltdown-and-spectre/

Kudos1 Stats

Re: Security News

Kudos0

Re: Security News

bjm_:

Protect your Windows devices against Spectre and Meltdown
https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

As far as I can tell, about all I can do is wait to see if HP release a firmware patch for one of my machines because the other two are so-out-of-luck.  

I've installed the Windows patch and there's nothing else I can do except block JavaScript in my browsers and hope for the best.

I'll assume that all of my machines are compromised and there's not a damn thing I can do about it.

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Security News

A little bit of knowledge is... well a little bit of knowledge.
Kudos1 Stats

Re: Security News

Everything You Need to Know About Meltdown and Spectre Vulnerabilities
https://www.askvg.com/guide-everything-you-need-to-know-about-meltdown-and-spectre-vulnerabilities/

Kudos0

Re: Security News

Microsoft’s Jan. 2018 Patch Tuesday Lowdown
Any readers who experience a BSOD after applying January’s batch of updates may be able to get help from Microsoft’s site: Here are the corresponding help pages for Windows 7, Windows 8.1 and Windows 10 users.

https://krebsonsecurity.com/2018/01/microsofts-jan-2018-patch-tuesday-lowdown/ 

Kudos0

Re: Security News

50+ Internet Security Blogs Jan 9, 2018
https://heimdalsecurity.com/blog/best-internet-security-blogs/
 

Kudos0

Re: Security News

Enigma Software Group Presses New French Lawsuit Claims Against Malwarebytes
http://www.prleap.com/pr/259961/enigma-software-group-presses-new-french

Kudos0

Re: Security News

Fake Spectre and Meltdown patch pushes Smoke Loader malware.
[..] Moreover, the same fraudulent domain has a link to a ZIP archive (Intel-AMD-SecurityPatch-11-01bsi.zip) containing the so-called patch (Intel-AMD-SecurityPatch-10-1-v1.exe), which really is a piece of malware.
Upon running it, users will infect themselves with Smoke Loader, a piece of malware that can retrieve additional payloads. Post-infection traffic shows the malicious file attempting to connect to various domains and sending encrypted information: [..]

https://blog.malwarebytes.com/cybercrime/2018/01/fake-spectre-and-meltdown-patch-pushes-smoke-loader/ 

Kudos1 Stats

Re: Security News

Malwarebytes for Firefox extension Last Update: January 14, 2018

The description reveals that Malwarebytes for Firefox “detects and protects against malware, scams, and deceptive advertising on the web”.
The extension is brand new and labeled as beta right now. Malwarebytes did not release a Chrome version of the extension.
Firefox users don’t need Malwarebytes installed on their device; the extension makes no mention of it, and the ad-blocking works fine without a Malwarebytes installation.

https://www.ghacks.net/2018/01/13/malwarebytes-for-firefox-extension/

Kudos1 Stats

Re: Security News

bjm_:

Malwarebytes for Firefox extension Last Update: January 14, 2018....
https://www.ghacks.net/2018/01/13/malwarebytes-for-firefox-extension/

According to Malwarebytes employee dcollins' post in Firefox Extension the browser extension posted on the Firefox AMO site at https://addons.mozilla.org/en-US/firefox/addon/malwarebytes/ "is an early Beta and was meant for Malwarebytes employees only.... Our apologies for this hiccup, and please bear with us while we tune and tweak this product to release quality."

I find it hard to believe that someone at Malwarebytes either "accidentally" posted this early beta in the AMO store or didn't think that anyone outside the company would eventually discover it.  Except for a small "experimental" icon in the title banner there's nothing in the description to warn people that this extension should only be installed on test systems and is not meant for the general public.

Kudos0

Re: Security News

Kudos1 Stats

Re: Security News

Kudos0

Re: Security News

Four malicious Chrome extensions managed to infect over half a million users worldwide, including employees of major organizations, ICEBRG reports.

http://www.securityweek.com/half-million-impacted-four-malicious-chrome-extensions 

Kudos0

Re: Security News

Gibson releases InSpectre vulnerability and performance checker - Jan 16, 2018
https://www.ghacks.net/2018/01/16/gibson-releases-inspectre-vulnerability-and-performance-checker/

This is the Initial Release of InSpectre We did not wish to delay this application's release while building additional confidence in its conclusions and output. It has been carefully tested under as many different scenarios as possible. But new is new, and it is new. We may well have missed something. So please use and enjoy InSpectre now. But you may wish to check back in a few days to see whether we may have found and fixed some last bits of debris. Jan 15, 2018

https://www.grc.com/inspectre.htm

Kudos1 Stats

Re: Security News

Win10 Fall Creators Update has a nasty habit of re-launching programs on reboot. In spite of repeated, pointed criticism, Microsoft is digging in its heels — or just ignoring the problem and hoping it'll go away.

https://www.computerworld.com/article/3250485/microsoft-windows/win10-1709-s-most-irksome-feature-programs-come-back-from-the-dead.html 

Kudos0

Re: Security News

Intel says you should NOT install its Meltdown firmware fixes.
The warning, which encompasses just about every Intel processor out there, from all PC manufacturers, takes effect immediately.

https://www.computerworld.com/article/3250250/malware-vulnerabilities/belay-that-order-intel-says-you-should-not-install-its-meltdown-firmware-fixes.html 

Kudos0

Re: Security News

The cornerstone of making a good password has shifted from complexity to length.

https://blog.emsisoft.com/2018/01/23/how-to-create-manage-store-passwords/

Kudos1 Stats

Re: Security News

Back up. Back up first. Back up often. Sooner or later, you’ll be very, very glad you did.

https://askleo.com/backing-first-recommendation-everything/

Kudos1 Stats

Re: Security News

bjm_:

Back up. Back up first. Back up often. Sooner or later, you’ll be very, very glad you did.

https://askleo.com/backing-first-recommendation-everything/

And make sure that by "backup" you understand how to make an image of the whole drive ..... and do it at intervals based on how important it is to recover quickly to a complete replica of what you had without installing Windows, applications as well as personal files.

Many unfortunately overlook that "backup" often only includes data/personal files etc  but not "the works"

It takes me about 20 minutes to make an image of my workhorse drive ... and about the same to restore. Depends on how many GB obviously -- say about 200GB on mine but most image files are on other drives.

Hugh