• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos4 Stats

Security News

Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the attackers are thought to be a single entity. That theory's based on commonalities in the Bitcoin wallets they use to receive ransom payments.

 http://www.theregister.co.uk/2015/10/30/crypowall_paper_cyber_threat_alliance/

Kaspersky Lab has added an additional 14,031 decryption keys to their free repository, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals.

http://www.net-security.org/malware_news.php?id=3137 

Replies

Kudos0

Re: Security News

I want to be clear that the kind of backup I advocate is a complete system image backup. That’s a backup of your entire hard disk, including your operating system and all your installed programs, as well as your data.

Other types of backups are certainly better than nothing, and it’s incredibly important to back up at least your data, but for the kinds of issues we’re about to consider, it’s a system image backup that’ll save your bacon.

https://askleo.com/backing-first-recommendation-everything/

Kudos0

Re: Security News

Kudos0

Re: Security News

If you own a PC from Dell, HP or Lenovo, chances are very good that the BIOS or UEFI firmware update you installed earlier this month is bad. Here’s how to dig yourself out of the Meltdown/Spectre mess.

https://www.computerworld.com/article/3250297/microsoft-windows/let-the-biosuefi-firmware-recall-begin.html 

Kudos1 Stats

Re: Security News

Alert (TA18-004A) Meltdown and Spectre Side-Channel Vulnerability Guidance
Original release date: January 04, 2018 | Last revised: January 24, 2018

https://www.us-cert.gov/ncas/alerts/TA18-004A

Kudos1 Stats

Re: Security News

You can read Randy's paper 'VirusTotal tips, tricks and myths' in both HTML and PDF format. We have also uploaded the video of his presentation to our YouTube channel.

https://www.virusbulletin.com/blog/2018/01/vb2017-paper-virustotal-tips-tricks-and-myths/ 

Kudos0

Re: Security News

30 Million Possibly Impacted in Crypto-Currency Mining Operation
http://www.securityweek.com/30-million-possibly-impacted-crypto-currency-mining-operation

Kudos0

Re: Security News

Keylogger found on thousands of WordPress-based sites, stealing every keypress.
A new report from researchers at Sucuri reveals that websites are once again being found infected by cryptomining code – stealing the resources of visiting computers to mine for the Monero cryptocurrency.

https://hotforsecurity.bitdefender.com/blog/keylogger-found-on-thousands-of-wordpress-based-sites-stealing-every-keypress-as-you-type-19501.html 

Kudos0

Re: Security News

The venerable, now vulnerable, zipping/unzipping utility 7-Zip needs your attention. Here’s how to see if you have a bad version, and what to do about it.

https://www.computerworld.com/article/3252031/microsoft-windows/multiple-vulnerabilities-in-7-zip-get-it-updated-now.html

Kudos1 Stats

Re: Security News

You know those registry scanners that tell you that you have 2,136 bad registry entries and it’ll only cost you $137 to have them all removed?  On March 1, Microsoft’s going to start kicking those “coercive apps” to the curb.

https://www.askwoody.com/2018/windows-defender-will-start-blocking-and-removing-malware/

Kudos0

Re: Security News

Rre Permalink

Who'd'a thought it? Mine was dated 2009 I think so I replaced it with the good version you referred to. Of course mine was so old it probably didn't have the capability of being dangerous!

Hugh
Kudos1 Stats

Re: Security News

Protect your Windows devices against Spectre and Meltdown | Last Updated: Jan 29, 2018
https://support.microsoft.com/en-us/help/4073757/protect-your-windows-devices-against-spectre-meltdown

Kudos0

Re: Security News

Signed Malware [..] Surprisingly, weaknesses in the majority of available AV programs prevented them from detecting known malware that was digitally signed even though the signatures weren't valid.

https://www.schneier.com/blog/archives/2018/02/signed_malware.html 

Kudos0

Re: Security News

Kudos0

Re: Security News

The Grammarly browser extension, which has about 22 million users, exposes its authentication tokens to all websites, allowing any to access all the user’s data without permission, according to a bug report from Google Project Zero’s Tavis Ormandy.
The high-severity bug was discovered on Friday and fixed early Monday morning, [..]

https://www.cyberscoop.com/bug-in-grammarly-browser-extension-exposes-virtually-everything-a-user-ever-writes/ 

Kudos0

Re: Security News

Kudos0

Re: Security News

All this about Spectre and Meltdown is very confusing!   I am a "general" computer user, and do some gaming.  I have the latest Microsoft Windows 10 updates and the latest Norton definitions.  I have an Intel i5 CPU.  Is it advisable for me to update my BIOS?

Kudos2 Stats

Re: Security News

dforrest:

All this about Spectre and Meltdown is very confusing!   I am a "general" computer user, and do some gaming.  I have the latest Microsoft Windows 10 updates and the latest Norton definitions.  I have an Intel i5 CPU.  Is it advisable for me to update my BIOS?

Hi dforrest:

Is your computer manufacturer still posting software/firmware updates for your computer on their support site?  The MS support article Protect your Windows Devices Against Spectre and Meltdown that bjm_ recommended <here> has links for OEM vendors like HP, Dell, Acer, etc. where you can find out if a microcode update is available for your particular computer make/model and notes:

Install available hardware (firmware) updates from your device manufacturer. All customers will need to check with their device manufacturer to download and install their device specific hardware update. See below for a list of device manufacturer websites.

Woody Leonhard's 21-Feb-2018 ComputerWorld article Intel Releases More Meltdown/Spectre Firmware Fixes has information on the latest BIOS and firmware updates being provided to OEM vendors.  Intel's security advisory INTEL-SA-00088 (Speculative Execution and Indirect Branch Prediction Side Channel Analysis Method) was revised on 20-Feb-2018 and notes that the latest BIOS/UEFI microcode provided to vendors should fix bugs like "the risk of reboot or other unpredictable system behavior" caused by the original Intel microcode updates released in January 2018.

From INTEL-SA-00088 (revised 20-Feb-2018) :

"...We have now released new production microcode updates to our OEM customers and partners for Kaby Lake, Coffee Lake, and additional Skylake-based platforms. As before, these updates address the reboot issues last discussed here, and represent the breadth of our 6th, 7th and 8th Generation Intel® Core™ product lines as well as our latest Intel® Core™ X-series processor family...."

For detailed information on the status of the latest BIOS/UEFI microcode for your specific i5 processor, see Intel's Microcode Revision Guidance of 26-Feb-2018 at https://newsroom.intel.com/wp-content/uploads/sites/11/2018/02/microcode-update-guidance.pdf.  According to the legend in that PDF if your CPU has a Production Status of "Production" then Intel has authorized vendors to use their latest microcode update.

Woody Leonhard frequently reminds his readers that these highly publicized Meltdown and Spectre vulnerabilities can be found in almost every modern computer chip but that there are no reports of these vulnerabilities ever being exploited in real life.  Just my personal opinion, but I would advise that you wait to apply any BIOS/UEFI microcode patch until early adapters have tested and confirmed that Intel has finally fixed the problems caused by the original updates.

Kudos0

Re: Security News

Thank you for the information lmacri, particularly the advice in the last paragraph.

Kudos0

Re: Security News

Equifax just discovered 2.4 million more victims in data breach 03.01.18
https://www.fastcompany.com/40538059/oops-equifax-just-discovered-2-4-million-more-victims-in-data-breach

Kudos0

Re: Security News

FBI used the Best Buy division's repair staff to flag illegal content
http://www.zdnet.com/article/new-documents-reveal-fbi-paid-geek-squad-repair-staff-as-informants/

Kudos0

Re: Security News

Distrust of the Symantec PKI: Immediate action needed by site operators https://security.googleblog.com/2018/03/distrust-of-symantec-pki-immediate.html

Kudos1 Stats

Re: Security News

The investigation into the September 2017 CCleaner incident has revealed what appears to be a stage three payload that attackers supposedly intended to deliver to infected users.

https://www.securityweek.com/ccleaner-incident-investigation-reveals-possible-stage-3-payload 

Kudos0

Re: Security News

Microcode Revision Guidance March 6 2018
The following table provides details of availability for microcode updates currently planned by Intel.

https://newsroom.intel.com/wp-content/uploads/sites/11/2018/03/microcode-update-guidance.pdf 

Kudos2 Stats

Re: Security News

Kudos0

Re: Security News

bjm_:

5 annoying practices of antivirus vendors
https://www.digitalcitizen.life/top-4-annoying-practices-security-vendors

Hi bjm_:

Thanks for the link.  Nice to see Norton Security get a wag of the finger for constantly nagging users to change their browser search engine to Norton Safe Search (powered by Ask.com).

Kudos0

Re: Security News

Kudos1 Stats

Re: Security News

9 important criteria to use when choosing your antivirus software
https://www.digitalcitizen.life/how-choose-great-security-product-thats-right-you

Kudos1 Stats

Re: Security News

One of every 200 Google search autocomplete suggestions are poisoned and are used to drive traffic to misleading sites, to malware, or other malicious content, a team of academics from three US universities has discovered.  March 19, 2018

https://www.bleepingcomputer.com/news/google/one-in-every-200-google-search-suggestions-is-polluted/ 

Kudos0

Re: Security News

Kudos0

Re: Security News

bjm_:

9 important criteria to use when choosing your antivirus software
https://www.digitalcitizen.life/how-choose-great-security-product-thats-right-you

Hi bjm_:

Thanks for the link.  It was interesting to read that F-Secure Total now includes their Freedome VPN app with the annual subscription for home users (Hint! Hint! ).

Kudos0

Re: Security News

DigiCert Inc. said it has been sending mass email messages, calling customers and running webinars to make sure website owners are aware that Google and Mozilla will no longer trust Symantec-backed digital certificates when they release Chrome 66 next month and Mozilla Firefox 60 in May. March 19, 2018

https://securityintelligence.com/news/websites-replace-digital-certificates-as-browsers-set-deadlines-to-revoke-trust/ 

Kudos1 Stats

Re: Security News

Windows Spectre Patches Are Here, But You Might Want to Want to Wait
Mar 20, 2018
https://www.howtogeek.com/346465/windows-spectre-patches-are-here-but-you-might-want-to-wait/

Kudos1 Stats

Re: Security News

CyberByte steals Malwarebytes’ intellectual property - March 21, 2018 https://blog.malwarebytes.com/malwarebytes-news/2018/03/cyberbyte-steals-malwarebytes-intellectual-property/

Kudos0

Re: Security News

Kudos0

Re: Security News

Introducing 1.1.1.1  https://1.1.1.1/

Kudos0

Re: Security News

Windows 10 Privacy Guide - Spring Creators Update
https://fdossena.com/?p=w10debotnet/index_1803.frag

Kudos0

Re: Security News

bjm_:

Introducing 1.1.1.1  https://1.1.1.1/

Microsoft Windows [Version 10.0.16299.334]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=37ms TTL=54
Reply from 1.1.1.1: bytes=32 time=22ms TTL=54
Reply from 1.1.1.1: bytes=32 time=37ms TTL=54
Reply from 1.1.1.1: bytes=32 time=32ms TTL=54

Ping statistics for 1.1.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 22ms, Maximum = 37ms, Average = 32ms

C:\WINDOWS\system32>

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Security News

Microsoft Windows [Version 10.0.15063.994]
(c) 2017 Microsoft Corporation. All rights reserved.

C:\WINDOWS\system32>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=11ms TTL=58
Reply from 1.1.1.1: bytes=32 time=13ms TTL=58
Reply from 1.1.1.1: bytes=32 time=12ms TTL=58
Reply from 1.1.1.1: bytes=32 time=12ms TTL=58

Ping statistics for 1.1.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 11ms, Maximum = 13ms, Average = 12ms

C:\WINDOWS\system32>


https://malwaretips.com/threads/cloudflare-has-launched-the-internets-fastest-privacy-first-dns-service-1-1-1-1.81424/

Kudos0

Re: Security News

Email advisory on this marked as Phishing Junk by Thunderbird!

Oh well I rescued and unblocked it!

Hugh
Kudos1 Stats

Re: Security News

Kudos1 Stats

Re: Security News

Mozilla Has Started Gradually Enabling TLS 1.3 in Firefox - April 12, 2018
https://www.bleepingcomputer.com/news/software/mozilla-has-started-gradually-enabling-tls-13-in-firefox/

Kudos0

Re: Security News

How to Remove Facebook from Your Life (And Why That’s Nearly Impossible)
April 14th, 2018
https://www.howtogeek.com/348811/how-to-remove-facebook-from-your-life-and-why-thats-nearly-impossible/

Kudos0

Re: Security News

This is pretty nasty. Someone has built a malicious copycat of the popular breach database Have I Been Pwned that will reveal your password in plaintext – unless you pay up a cryptocurrency ransom in Bitcoin, Ethereum, Bitcoin Cash, or Litecoin.

https://thenextweb.com/hardfork/2018/04/12/bitcoin-password-leak-cryptocurrency 

Kudos0

Re: Security News

Everyone Should Use a VPN to Protect Their Internet Privacy
https://www.groovypost.com/reviews/private-internet-access-best-vpn/

Kudos0

Re: Security News

Law enforcement uses anti-virus software to recover suspect's web history.
Let’s mainstream the idea that privacy is almost impossible in the face of digital forensics. Avast AV leaving behind a private browsing database, is a shocking illustration of this.

https://www.csoonline.com/article/3268813/antivirus-software/law-enforcement-uses-anti-virus-software-to-recover-suspects-web-history.html 

Kudos0

Re: Security News

Virtually all banking web apps are vulnerable to hackers, study finds.
https://www.digitaltrends.com/computing/banking-web-applications-among-the-most-vulnerable/


Automated source code analysis of 33 web applications has found that 94 per cent of them have at least one high-severity vulnerability, according to security biz Positive Technologies.

https://www.theregister.co.uk/2018/04/16/web_app_security_sucks/ 

Kudos0

Re: Security News

If you are an AOL or Yahoo user, then you better take note that Oath, the new Verizon-owned parent company of AOL and Yahoo, has published an updated its privacy policy.

https://www.ghacks.net/2018/04/16/oaths-privacy-policy-is-a-privacy-nightmare/ 

Kudos0

Re: Security News

Kudos0

Re: Security News

Any background on who they are, like why trust them? <s>

Hugh
Kudos0

Re: Security News

huwyngr:  Any background on who they are, like why trust them? <s>

 FWIW ~
https://www.tunnelbear.com/about

https://www.tunnelbear.com/blog/