• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos4 Stats

Security News

Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the attackers are thought to be a single entity. That theory's based on commonalities in the Bitcoin wallets they use to receive ransom payments.

 http://www.theregister.co.uk/2015/10/30/crypowall_paper_cyber_threat_alliance/

Kaspersky Lab has added an additional 14,031 decryption keys to their free repository, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals.

http://www.net-security.org/malware_news.php?id=3137 

Replies

Kudos1 Stats

Re: Security News

bjm_:

Um, reads like Windows Defender AV runs in a restrictive process execution environment.  Thereby protecting Windows Defender AV....Norton's emulator reads like an unknown sample under analysis runs in a sandbox (isolated environment).   

Does Norton Security program run in a sandbox....run in an isolated restrictive environment?

Hi bjm_:

I have no idea.   You might be on the right track, though.  I re-read the MS blog entry Windows Defender Antivirus Can Now Run in a Sandbox and it sounds like many Windows Defender components will execute inside a sandbox to harden Windows Defender against malware attacks, which is quite different from an antivirus program that inspects executable files for malicious behaviour inside a sandboxed software emulator.  I'll have to go back and re-read the MS article User Mode and Kernel Mode to try and figure out if the scan engine in Norton v22.7 and higher (i.e., where real-time protection runs in kernel mode while SDS file scanning runs in user mode) was only done to improve system stability or if this could actually help to harden Norton against malware attacks.

I doubt the Symantec software engineers would ever want to publicly debate the pros and cons of using an AppContainer and sandbox to isolate an entire AV program.

Kudos0

Re: Security News

just read from other security program

"Deep emulation technology allows you to confidently find complex encrypted and polymorphic viruses, not always reliably determined by other decisions".

Kudos1 Stats

Re: Security News

What is Sandbox Protection Feature and What does it do in Windows Defender?
According to Microsoft, If you enable sandbox protection, Windows Defender will run within a sandbox so that if your machine is compromised in future, malicious actions will be limited to the isolated environment, protecting the rest of the system from harm.  Sandbox mode works like an app container.

https://www.askvg.com/windows-10-tip-enable-sandbox-protection-in-windows-defender/

Kudos1 Stats

Re: Security News

lmacri:.
..I re-read the MS blog entry Windows Defender Antivirus Can Now Run in a Sandbox and it sounds like many Windows Defender components will execute inside a sandbox to harden Windows Defender against malware attacks, which is quite different from an antivirus program that inspects executable files for malicious behaviour inside a sandboxed software emulator...

Ionut Ilascu also posted some interesting background information 29-Oct-2018 in the BleepingComputer article Microsoft Sandboxes Windows Defender, which states in part:

"...Antivirus software runs with the highest privileges on the operating system, a level of access coveted by any threat actor, so any exploitable vulnerabilities in these products add to the possibilities of taking over the system.  By making Windows Defender run in a sandbox, Microsoft makes sure that any potential security holes in its product stay contained within an isolated environment...Windows Defender has seen its share of vulnerability reports. Last year, Google's experts Natalie Silvanovich and Tavis Ormandy announced a remote code execution (RCE) bug severe enough to make Microsoft release an out-of-band update to fix the problem..."

That seems to confirm that the Windows Defender program in Win 10 Version 1703 and higher can now be run inside a sandbox to protect the Windows Defender program itself from zero-day exploits that could compromise the AV's real-time protection and other system processes that run in kernel mode.

Kudos0

Re: Security News

Yep.   M$ hype?   
I'm not running over to Windows Defender AV, yet.  

Kudos0

Re: Security News

Kudos0

Re: Security News

Symantec execs cooked the books to protect their fat bonuses, investor lawsuit alleges.
A group of Symantec shareholders are suing the infosec biz, alleging its executive fraudulently invented the company's financial figures.

A spokesperson for Symantec told us: "This lawsuit, which we believe is without merit and which we intend to defend against vigorously, was initially filed after the company announced the audit committee investigation in May 2018.

https://www.theregister.co.uk/2018/11/19/symantec_lawsuit_fraud/

Kudos0

Re: Security News

Black Friday Sale.
Our best offer of the year!   GET 75% OFF* 
Norton Security Deluxe for only $19.99
Offer expires December 3rd, 2018
*Terms apply.

https://secure.norton.com/pub/sf/FormLink?_ri_=X0G

Kudos1 Stats

Re: Security News

Kudos1 Stats

Re: Security News

Symantec comes out in swinging in bitter legal battle over security bug audit conspiracy claims.
[..]
Those claims included that several security vendors – Symantec, CrowdStrike, ESET, and the Anti-Malware Testing Standards Organization (AMTSO) – not only knew of bugs in their code and had failed to act but that they were "actively conspiring to prevent independent testing that uncovers those product deficiencies."

https://www.theregister.co.uk/2018/11/29/symantec_attacks_nss_labs/ 

Kudos1 Stats

Re: Security News

Hospitality giant Marriott today disclosed a massive data breach exposing the personal and financial information on as many as a half billion customers who made reservations at any of its Starwood properties over the past four years.

https://krebsonsecurity.com/2018/11/marriott-data-on-500-million-guests-stolen-in-4-year-breach/ 

Marriott International said early Friday that data on roughly 500 million customers staying at Starwood hotel properties had been compromised in a breach that gave unknown attackers access to the Starwood network since 2014.

https://www.securityweek.com/marriott-hit-massive-data-breach-500-million-starwood-customers-impacted

US hotel chain Marriott has admitted that a breach of its Starwood subsidiary's guest reservation network has exposed the entire database – all 500 million guest bookings over four years, making this one of the biggest hacks of an individual org ever.

https://www.theregister.co.uk/2018/11/30/marriott_starwood_hotels_500m_customer_records_hacked/

Kudos0

Re: Security News

Kaspersky Lab won't be getting its day in court after all, as the Washington DC Court of Appeals rejected its case against Uncle Sam.

On Friday, the appeals court panel upheld an earlier district court ruling that Kaspersky could not bring a lawsuit against the US government in hopes of overturning the 2017 order that blocked American government agencies from using its antivirus software.

https://www.theregister.co.uk/2018/11/30/court_rejects_kaspersky/ 

Kudos0

Re: Security News

What the Marriott Breach Says About Security

Reality #1: Bad guys already have access to personal data points that you may believe should be secret but which nevertheless aren’t, including your credit card information, Social Security number, mother’s maiden name, date of birth, address, previous addresses, phone number, and yes — even your credit file.

Reality #2: Any data point you share with a company will in all likelihood eventually be hacked, lost, leaked, stolen or sold — usually through no fault of your own. And if you’re an American, it means (at least for the time being) your recourse to do anything about that when it does happen is limited or nil.

https://krebsonsecurity.com/2018/12/what-the-marriott-breach-says-about-security/

Kudos1 Stats

Re: Security News

Microsoft and Mastercard today announced they're teaming up to create a simplified system for managing and verifying your identity online. From financial services down to email and social media, the goal is to forge a universally recognized digital identity that can be used and verified across services.

https://www.windowscentral.com/microsoft-and-mastercard-want-give-you-universal-digital-identity

Kudos0

Re: Security News

The Canadian branch of 1-800-FLOWERS revealed in a filing with the California attorney general’s office that malware on its website had siphoned off customers’ credit cards over a four-year period.
Four years. Let that sink in.

https://techcrunch.com/2018/12/03/credit-card-stealing-malware-flowers-four-years/ 

Kudos0

Re: Security News

Cross-site scripting attacks: A cheat sheet
Even the most trustworthy-looking website could trick you into giving up personal details through cross-site scripting. Here's what you need to know about XSS attacks.

https://www.techrepublic.com/article/cross-site-scripting-attacks-a-cheat-sheet/ 

Kudos0

Re: Security News

Quora said today that a security breach may have compromised data from about 100 million users. In an email sent to users today and a blog post by CEO Adam D’Angelo, the company said a “malicious third party” gained unauthorized access to Quora’s  systems on Friday. Its internal security teams and a “leading digital forensics and security form” are currently investigating the breach.

https://techcrunch.com/2018/12/03/quora-says-100-million-users-may-have-been-affected-by-data-breach/ 

Kudos0

Re: Security News

Marriott International says that a breach of its Starwood guest reservation database exposed the personal information of up to 500 million people. If your information was exposed, there are steps you can take to help guard against its misuse.

The company set up an informational website, https://answers.kroll.com, and a call center, 877-273-9481, to answer questions. It says affected customers also can sign up for a year of free services that will monitor websites that criminals use to share people’s personal information. Marriott says the service will alert customers if their information shows up on the websites, and will also include fraud loss reimbursement and other services.

 https://www.consumer.ftc.gov/blog/2018/12/marriott-data-breach

Kudos0

Re: Security News

The Federal Trade Commission (FTC) has released an alert to provide affected users with recommended precautions against identity theft after the recent breach of the Marriott International Starwood guest reservation database.

NCCIC encourages users and administrators to review the FTC Alert and the NCCIC Tip on Preventing and Responding to Identity Theft. If you believe you are a victim of identity theft, visit the FTC’s identity theft website to make a report.

https://www.us-cert.gov/ncas/current-activity/2018/12/04/FTC-Issues-Alert-Recent-Marriott-Breach 

Kudos1 Stats

Re: Security News

Cybersecurity giant Symantec on Wednesday announced a new product meant to protect industrial control networks from a pernicious threat: USB flash drives. [..]

ISCP Neural utilizes artificial intelligence capabilities to malware on USB drives in a way that will increase detection efficacy by up to 15 percent, the company claims. The devices are scheduled to be available for shipping in early 2019 at a rate of $25,000, the company told SecurityWeek

The product announcement comes amid internal changes at Symantec, an established security player that’s shifting away from traditional antivirus technology to enterprise security products.  [..]

Symantec’s ISCP Neural announcement also comes at a time when the established security vendor appears to be on the precipice of change. Three executives including Chief Operating Officer Michael Fey have left the company, and the firm is in the process of transitioning from the consumer market to enterprise sales, according to Bloomberg.

https://www.cyberscoop.com/symantec-markets-usb-security-industrial-facilities-amid-shift-enterprise-sales/ 

Kudos1 Stats

Re: Security News

bjm_:
...Symantec’s ISCP Neural announcement also comes at a time when the established security vendor appears to be on the precipice of change. Three executives including Chief Operating Officer Michael Fey have left the company, and the firm is in the process of transitioning from the consumer market to enterprise salesaccording to Bloomberg....

Bet that won't stop them from spamming me with pop-up ads and marketing e-mails about ISCP Neural.

Kudos1 Stats

Re: Security News

Kudos1 Stats

Re: Security News

Malicious sites abuse 11-year-old Firefox bug that Mozilla failed to fix.
Bug dealt with in Chrome and Edge, but still a problem for Firefox users.

https://www.zdnet.com/article/malicious-sites-abuse-11-year-old-firefox-bug-that-mozilla-failed-to-fix/

Kudos2 Stats

Re: Security News

DECEMBER 11, 2018
Microsoft hasn’t learned its lesson. If you click the “Check for Updates” button in the Settings app, Microsoft still considers you a “seeker” and will give you “preview” updates that haven’t gone through the normal testing process.
[...]
As Woody Leonhard points out over at Computerworld, these extra monthly cumulative updates aren’t tested through the normal Windows Insider process. They’re just tested on your PC after you click the update. And Surface Book 2 owners have seen blue screen errors after installing these “optional” cumulative updates recently, so the stability of these updates is in real question.

https://www.howtogeek.com/fyi/watch-out-clicking-check-for-updates-still-installs-unstable-updates-on-windows-10/ 

DECEMBER 12, 2018
According to Microsoft, Windows 10 has “B,” “C,” and “D” updates—but never “A” updates! These updates are released at different times, contain different things, and are offered to different people. Let’s break all this down.
[...]
Here’s where it gets ugly: Windows Update doesn’t automatically install C and D updates on most PCs. However, it does install C and D updates when you head to Settings > Update & Security > Windows Update and click “Check for Updates.” In Microsoft’s world, this makes you a “seeker” who wants to test these updates before most Windows users get them. Microsoft disclosed this in a recent blog post.
[...]
Microsoft has repeatedly said only “advanced users” should click the “Check for Updates” button, but that warning only appears in blog posts that only advanced users will read. The standard Windows Update screen in Windows 10 provides no such warnings. It’s ridiculous, but that’s the way Windows 10 works right now.

https://www.howtogeek.com/398226/now-windows-10-has-c-b-and-d-updates.-what-is-microsoft-smoking/ 

Kudos1 Stats

Re: Security News

Will Credit Monitoring Services Protect Me After a Data Breach?
After a major data breach, it’s hard to know whether your information has been compromised and how to protect yourself afterward. Businesses have cropped up that offer credit monitoring services—peace of mind for a price. But should you pay for them, or even sign up for a free trial? 

Credit monitoring services, like LifeLock or Identity Guard, offer a range of monitoring “plans” that run from $10 to $30 a month. While these different plans come with different perks, they all do one basic thing—routinely check your credit reports and alert you when there’s suspicious activity. That’s right; credit monitoring services don’t prevent your identity from being stolen, they just let you know when it’s been stolen. [...]

https://www.howtogeek.com/398368/will-credit-monitoring-services-protect-me-after-a-data-breach/ 

Kudos1 Stats

Re: Security News

bjm_:

Will Credit Monitoring Services Protect Me After a Data Breach?
After a major data breach, it’s hard to know whether your information has been compromised and how to protect yourself afterward. Businesses have cropped up that offer credit monitoring services—peace of mind for a price. But should you pay for them, or even sign up for a free trial? 

Credit monitoring services, like LifeLock or Identity Guard, offer a range of monitoring “plans” that run from $10 to $30 a month. While these different plans come with different perks, they all do one basic thing—routinely check your credit reports and alert you when there’s suspicious activity. That’s right; credit monitoring services don’t prevent your identity from being stolen, they just let you know when it’s been stolen. [...]

https://www.howtogeek.com/398368/will-credit-monitoring-services-protect-me-after-a-data-breach/ 

Hi bjm_:

Thanks for the link.  I had to smile when I read the comment "And services like dark web scans are genuinely just nonsense meant to give you a false sense of security." That was an excellent article and I've bookmarked it for future reference - it should be required reading for every user who has posted in this community asking about the legitimacy of the latest round of "Is your email for sale on the dark web?" spam e-mails promoting Norton LifeLock.

Kudos0

Re: Security News

lmacri:

Hi bjm_:  Thanks for the link.  I had to smile when I read the comment "And services like dark web scans are genuinely just nonsense meant to give you a false sense of security."  [..]

Reality #1 & Reality #2
https://community.norton.com/en/comment/8041221#comment-8041221 

Kudos1 Stats

Re: Security News

A new tech support scam has been discovered that uses JavaScript to create a loop that ultimately causes Google Chrome to use up all of the CPU resources on the computer and freeze the browser.

https://www.bleepingcomputer.com/news/security/new-tech-support-scam-causes-chrome-browser-to-use-100-percent-of-the-cpu/ 

Kudos1 Stats

Re: Security News

Phishing and malspam campaigns are in high gear for the holidays and a new campaign pretending to be an Amazon order confirmation is particularly dangerous as people shop for holiday gifts.

https://www.bleepingcomputer.com/news/security/fake-amazon-order-confirmations-push-banking-trojans-on-holiday-shoppers/

Kudos0

Re: Security News

Researcher at ESET outlines research on the first successful UEFI rootkit used in the wild.

https://threatpost.com/uefi-rootkit-sednit/140420/ 

Kudos1 Stats

Re: Security News

“A browser extension that blocks bad websites without compromising your privacy?”

What sounds like an attempt to square the circle, actually can be done. Almost all browser extensions that aim to block harmful websites send each visited website to cloud servers that match the exact URL/address with a large database of known bad sites. That comes with the advantage of being able to filter sites very thoroughly on the URL level (different from DNS- or host-based filtering such as available in Emsisoft’s Surf Protection feature), but the big downside of that approach is that the creators of such extensions can basically see all the websites you’re visiting and track you throughout all your online activities.

Our development team proves that things can be done in a better, more privacy-conscious way. Emsisoft Browser Security is a brand new extension, currently available for Chrome and Firefox, that not only blocks access to websites that distribute malware, but also prevents phishing attacks that try to steal your passwords.

How it works:

Instead of sending each full website URL to a cloud server for matching, it only sends a calculated hash value of the domain name of each newly visited site to our servers once and then receives a list of matching patterns that are applied locally on your computer. Those patterns are then kept for successive visits of pages on the same host/domain, which not only speeds up the matching significantly, but also means that Emsisoft doesn’t know any of the details of your browsing activity.

Emsisoft Browser Security works independently of Emsisoft Anti-Malware and can be obtained free of charge from the extension stores:

Get Emsisoft Browser Security for Chrome
Get Emsisoft Browser Security for Firefox

We’re working on making the extension available for Edge users too.

blog.emsisoft.com/en/32517/new-in-2018-12-safe-web-browsing-with-emsisoft-browser-security/

Kudos1 Stats

Re: Security News

Windows 10 Home Will Finally Let You Pause Updates
Only Windows 10 Professional users can pause Windows updates today, but that’s about to change. Windows 10 Home users will soon be able to pause updates for up to seven days.

https://www.howtogeek.com/fyi/windows-10-home-will-finally-let-you-pause-updates/ 

Kudos0

Re: Security News

Kudos0

Re: Security News

A new in-development ransomware has been discovered that not only encrypts your files, but also tries to steal your PayPal credentials with an included phishing page.

The ransomware itself is nothing special, but the ransom note is clever as it not only tries to steal your money through a normal bitcoin ransom payment, but also offers a choice to pay via PayPal. If a user chooses to pay using PayPal, they will be brought to a phishing site that will then attempt to steal the victim's PayPal credentials.

https://www.bleepingcomputer.com/news/security/new-ransomware-bundles-paypal-phishing-into-its-ransom-note/ 

Kudos0

Re: Security News

It is almost February and love is in the air, but that doesn't mean you should open every love letter you receive. A large malspam campaign has been discovered that uses romantic and endearing email subjects to trick recipients into getting infected with ransomware, miners, and more.  [...]
Once executed, the krablin.exe file will be copied to %UserProfile%\[number]\winsvcs.exe and attempt to download five other malware samples to the computer and execute them. According to ISC Handler Brad Duncan, this will result in a cocktail of malware that consists of the GandCrab Ransomware version 5.0.4, a Monero XMRig miner, and the Phorpiex spambot.  [...]
Malspam continues to be a strong and widely used vector to distribute malware and users should always be suspicious of emails from strangers, especially ones with strange attachments.

https://www.bleepingcomputer.com/news/security/hope-youre-using-protection-as-love-letter-malspam-has-nasty-surprises/ 

Kudos0

Re: Security News

Researchers hope to trick call center operators into revealing details about their criminal operation, which they can later share with authorities.
One of the largest online communities of security researchers is organizing a night of fun, learning, and research, during which they plan to reverse the table and prank call tech support scammers.

https://www.zdnet.com/article/security-researchers-are-planning-a-night-of-prank-calls-against-tech-support-scammers/

Kudos0

Re: Security News

bjm_:

Researchers hope to trick call center operators into revealing details about their criminal operation, which they can later share with authorities.
One of the largest online communities of security researchers is organizing a night of fun, learning, and research, during which they plan to reverse the table and prank call tech support scammers.

https://www.zdnet.com/article/security-researchers-are-planning-a-night-of-prank-calls-against-tech-support-scammers/

There's guys doing that on YouTube all the time.  Here's one example:

https://www.youtube.com/watch?v=XinWEE3G8zs

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Security News

Google is working on the Chrome extension manifest version 3 at the moment which defines the capabilities of Chrome's extensions platform.
Raymond Hill, known as Gorhill online, the author of the popular content blockers uBlock Origin and uMatrix, voiced his concern over some of the planned changes; these changes, if implemented as proposed currently, remove functionality that the extensions use for content blocking.

https://www.ghacks.net/2019/01/22/chrome-extension-manifest-v3-could-end-ublock-origin-for-chrome/

Kudos1 Stats

Re: Security News

Anonymous said on January 24, 2019 
Turning off Norton’s SONAR Protection, Auto-Protect, and Boot Time Protection for 15 minutes did not dynamically remove their injected DLLs.

I hope that Symantec provides a way for users to control injection of DLLs into Firefox (or as stated in the article “exclude browsers that block these attempt anyway”), or that Mozilla provides a whitelisting capability, so that both products can peacefully co-exist and so users don’t have to switch browsers and/or anti-virus products.

 https://www.ghacks.net/2019/01/21/firefox-will-block-dll-injections/

Kudos1 Stats

Re: Security News

bjm_:

Anonymous said on January 24, 2019 
Turning off Norton’s SONAR Protection, Auto-Protect, and Boot Time Protection for 15 minutes did not dynamically remove their injected DLLs ...

 https://www.ghacks.net/2019/01/21/firefox-will-block-dll-injections/

Hi bjm_:

Thanks for highlighting the comments by Anonymous in that ghacks.net article. I've had a few Firefox crashes in the past that were traced back to an update to the Norton Intrusion Prevention (IPS) script engine IPSEng32.dll so I'm not surprised to hear that Mozilla is going to start blocking the injection of DLLs by antivirus applications and other third-party programs when FF v66 is released on 29-Jan-2019.  I doubt my old 32-bit FF ESR v52 browser will be affected but I'd be curious to know if other Norton users encounter problems with Intrusion Prevention, Exploit Prevention or their Norton browser extensions for Firefox after FF v66 is released.
------------
32-bit Vista Home Premium SP2 * Firefox ESR v52.9.0 * Norton Security Deluxe v22.15.1.8

Kudos1 Stats

Re: Security News

AV-TEST Windows 10: December 2018
https://www.av-test.org/en/antivirus/home-windows/

Kudos0

Re: Security News

Hackers are sharing 2.2 billion unique usernames and passwords.
The silver lining, if you can call it that, is that much of the data in the dump is from old breaches involving companies like Yahoo, LinkedIn and Dropbox. Some of the data appears to be “new,” likely coming from smaller, obscure website hacks, and could still be valuable.

Hasso Plattner Institute has a tool to check your e-mail address against the data. Troy Hunt’s service, Have I Been Pwned, hasn’t got around to adding Collections #2-5 yet but probably will in the near future. Today 2:27 PM

https://www.techspot.com/news/78525-collections-2-5-845gb-stolen-usernames-passwords-circulating.html 

Kudos0

Re: Security News

A little bit of knowledge is... well a little bit of knowledge.
Kudos0

Re: Security News

Security firm identifies hacker behind Collection 1 leak, as Collection 2-5 become public - February 2, 2019 
https://www.zdnet.com/article/security-firm-identifies-hacker-behind-collection-1-leak-as-collection-2-5-become-public/

Kudos0

Re: Security News

Godaddy.com, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

https://krebsonsecurity.com/2019/02/crooks-continue-to-exploit-godaddy-hole/ 

Kudos0

Re: Security News

Kudos0

Re: Security News

A malicious spreadsheet has been discovered that builds a PowerShell command from individual pixels in a downloaded image of Mario from Super Mario Bros. When executed, this command will download and install malware such as the GandCrab Ransomware and other malware.

https://www.bleepingcomputer.com/news/security/mail-attachment-builds-ransomware-downloader-from-super-mario-image/ 

Kudos1 Stats

Re: Security News

SE Labs Home Anti-Malware Protection OCTOBER-DECEMBER 2018

https://selabs.uk/en/reports/consumers

Kudos1 Stats

Re: Security News

bjm_:

SE Labs Home Anti-Malware Protection OCTOBER-DECEMBER 2018
https://selabs.uk/en/reports/consumers

Hi bjm_:

Thanks for the link.  Dennis Technology Labs used to be on my list of favourites for AV testing companies until they went out of operation a few years ago.  The About page for SE Labs notes the company's founder, Simon Edwards, was associated with both Dennis Technology Labs and AMTSO so I've bookmarked SE Labs for future reference.

Kudos0

Re: Security News

Everything you need to know about cybercrime
https://www.malwarebytes.com/cybersecurity/