• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos4 Stats

Security News

Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the attackers are thought to be a single entity. That theory's based on commonalities in the Bitcoin wallets they use to receive ransom payments.

 http://www.theregister.co.uk/2015/10/30/crypowall_paper_cyber_threat_alliance/

Kaspersky Lab has added an additional 14,031 decryption keys to their free repository, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals.

http://www.net-security.org/malware_news.php?id=3137 

Replies

Kudos1 Stats

Re: Security News

Kudos1 Stats

Re: Security News

Finding an Office document containing two exploits is not a common thing. In addition, almost everyone has a Windows operating system with Microsoft Office – there are a wide range of endpoints vulnerable to this exploit. We believe this combination indicates that the malware authors are keen on infecting as much devices as they can and not launching a targeted attack.

https://blog.avira.com/two-for-the-price-of-one-malicious-tricks-can-work-together/ 

Kudos1 Stats

Re: Security News

bjm_:

Cryptojacking Coinhive Miners Land on the Microsoft Store For the First Time
https://www.bleepingcomputer.com/news/security/cryptojacking-coinhive-miners-land-on-the-microsoft-store-for-the-first-time/

On a related note, the planned cryptominer blocking in Firefox that bjm_ first posted about <here> in August 2018 is now being tested in the FF v66 beta releases, although it isn't certain if cryptominer blocking will be enabled by default when the stable release of FF v66 is released on 19-Mar-2019.  See Lawrence Abrams' 05-Feb-2019 bleepingcomputer article at https://www.bleepingcomputer.com/news/security/mozilla-adding-cryptomining-and-fingerprint-blocking-to-firefox/.

Kudos1 Stats

Re: Security News

bjm_:

Google is working on the Chrome extension manifest version 3 at the moment which defines the capabilities of Chrome's extensions platform.
Raymond Hill, known as Gorhill online, the author of the popular content blockers uBlock Origin and uMatrix, voiced his concern over some of the planned changes; these changes, if implemented as proposed currently, remove functionality that the extensions use for content blocking.
https://www.ghacks.net/2019/01/22/chrome-extension-manifest-v3-could-end-ublock-origin-for-chrome/

In brief: Last month Google proposed changes that would have made numerous plugins, and particularly ad blockers, inoperable in Chrome, justifying the move by promising performance gains. But a new study has challenged Google’s claims of ad blockers adversely affecting performance, leading Google to backtrack on their plans.

https://www.techspot.com/news/78794-google-amends-proposed-chrome-changes-would-have-broken.html 

Kudos0

Re: Security News

Scammers handling a phishing website for Office 365 credentials added live support to add to the illusion of legitimacy necessary to trick victims.

But things don't always work the way the cybercriminals intend and their bluff was called by security researchers spotting the scam a mile away.

https://www.bleepingcomputer.com/news/security/office-365-phishing-page-comes-with-live-chat-support/ 

Kudos0

Re: Security News

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected.
This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (cryptojacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said.

https://www.zdnet.com/article/new-browser-attack-lets-hackers-run-bad-code-even-after-users-leave-a-web-page/ 

Kudos1 Stats

Re: Security News

Security researchers have recently found flaws in several popular password managers that can allow attackers with access to a computer to retrieve passwords from its memory. 

Password managers encrypt the password database with a key derived from the user's master password. When a user types a master password, the key is loaded in the program's memory and the vault is unlocked. Some or all individual passwords stored in the vault might also temporarily be copied in the program's memory as they're being used.

https://www.itworld.com/article/3344298/password-managers-remain-an-important-security-tool-despite-new-vulnerability-report.html

Kudos1 Stats

Re: Security News

Exploit detection service EdgeSpot says it has spotted several PDF documents that exploit a zero-day vulnerability in Chrome to collect information on users who open the files through Google’s web browser.

Until a patch is released, users have been advised to avoid opening suspicious PDF documents via Chrome and use other PDF viewers.

https://www.securityweek.com/chrome-zero-day-exploited-harvest-user-data-pdf-files 

Kudos0

Re: Security News

2019 Webroot Threat Report: Forty Percent of Malicious URLs Found on Good Domains
Home User Devices are More Than Twice as Likely to Get Infected as Business Devices
                              Explore the 2019 Webroot Threat Report

 https://www.webroot.com/us/en/about/press-room/releases/2019-webroot-threat-report

Kudos0

Re: Security News

Kudos1 Stats

Re: Security News

Fabian Wosar: Recently I was kind of surprised to see that an otherwise super privacy conscious user had Traffic Light installed for example. It doesn't seem to be common knowledge that Traffic Light and a bunch of other browser extensions (Comodo Online Security Pro, Norton Safe Web, Avira Browser Safety, Avast Online Security being the biggest ones) like it will literally send every single URL you visit in clear text off to the vendor's server. The privacy policies aren't always clear and kinda sketchy at times. I am sure that some people don't mind. But I am also sure that a lot of people do mind, but simply don't know.

https://malwaretips.com/threads/i-am-head-of-research-at-emsisoft-ask-me-anything.90999/#post-802182 

Kudos1 Stats

Re: Security News

Kudos0

Re: Security News

SSL and TLS certificates and related services can be easily acquired from dark web marketplaces, according to an academic study sponsored by Venafi, a company specializing in the protection of cryptographic keys and digital certificates.

Venafi has published one report (PDF), titled “SSL/TLS Certificates and Their Prevalence on the Dark Web.” However, this report only presents the study’s preliminary findings and the company says we should expect two more reports.

 https://www.securityweek.com/study-finds-rampant-sale-ssltls-certificates-dark-web

Kudos0

Re: Security News

Security experts at FortiGuard uncovered a new malware campaign aimed at delivering the StealthWorker brute-force malware.

The malicious code targets both Windows and Linux systems, compromised systems are used to carry out brute force attacks along with other infected systems.

The malicious code was first discovered by Malwarebytes at the end of February and tracked by malware researchers at Cybaze-Yoroi ZLab as GoBrut.

https://securityaffairs.co/wordpress/82108/malware/stealthworker-malware.html 

Kudos1 Stats

Re: Security News

AN EMAIL MARKETING COMPANY LEFT 809 MILLION RECORDS EXPOSED ONLINE
Last week, security researchers Bob Diachenko and Vinny Troia discovered an unprotected, publicly accessible MongoDB database containing 150 gigabytes of detailed, plaintext marketing data—including 763 million unique email addresses. The pair are going public with their findings today.

https://www.wired.com/story/email-marketing-company-809-million-records-exposed-online/ 

Kudos1 Stats

Re: Security News

Most people who have frozen their credit files with Equifax have been issued a numeric Personal Identification Number (PIN) which is supposed to be required before a freeze can be lifted or thawed. Unfortunately, if you don’t already have an account at the credit bureau’s new myEquifax portal, it may be simple for identity thieves to lift an existing credit freeze at Equifax and bypass the PIN armed with little more than your, name, Social Security number and birthday.

Consumers in every U.S. state can now freeze their credit files for free with Equifax and two other major bureaus (Trans Union and Experian). A freeze makes it much harder for identity thieves to open new lines of credit in your name.

https://krebsonsecurity.com/2019/03/myequifax-com-bypasses-credit-freeze-pin/

Kudos1 Stats

Re: Security News

Equifax Was Aware of Cybersecurity Weaknesses for Years, Senate Report Says - March 11, 2019
The massive Equifax data breach that impacted 148 million Americans in 2017 was the result of years of poor cybersecurity practices, a new Staff Report from the United States Senate’s Permanent Subcommittee on Investigations reveals. 

https://www.securityweek.com/equifax-was-aware-cybersecurity-weaknesses-years-senate-report-says 

Kudos1 Stats

Re: Security News

New Release Adblock Plus 3.5: Making blocking 5x faster!· 2019-03-13

Adblock Plus 3.5 for Chrome, Firefox and Opera released

Eyeo, the Germany-based company behind the Adblock Plus software, has tried to leverage its userbase to change how content is monetized online. The company has an Acceptable Ads initiative, which selectively blocks advertising (on by default in Adblock Plus). Non-intrusive ads are allowed through in hopes of finding a compromise between users and advertisers.

https://venturebeat.com/2019/03/13/adblock-plus-is-now-5-times-faster-at-recognizing-ads-uses-60-less-cpu/

Kudos0

Re: Security News

bjm_:

https://avlab.pl/PDF_avlab/AVLab-Test-of-software-for-online-banking-protection.pdf

Hi bjm_:

Thanks for the link.  Nice to see all the green check marks for Norton Security v22.5 (I wonder if they meant v22.15 or v22.16) but do you know where users can find details about the testing methodology?  Most of the information on website for the company that published those results (AVLab.pl) is only available in Polish.  The description of Norton components that provide "banking protection" in that PDF are a bit generic (it mentions heuristic detection, vulnerability / intrusion protection and the built-in firewall) and I'm wondering if the test installation included a browser extension like Norton Safe Web or Norton Password Manager.

Kudos0

Re: Security News

lmacri:
Hi bjm_:

Thanks for the link.  Nice to see all the green check marks for Norton Security v22.5 (I wonder if they meant v22.15 or v22.16) but do you know where users can find details about the testing methodology?  Most of the information on website for the company that published those results (AVLab.pl) is only available in Polish.  The description of Norton components that provide "banking protection" in that PDF are a bit generic (it mentions heuristic detection, vulnerability / intrusion protection and the built-in firewall) and I'm wondering if the test installation included a browser extension like Norton Safe Web or Norton Password Manager.

Yeah, no particulars beyond.  

Norton Security is a very complex suite that uses a heuristic and proactive detection, providing an effective protection by detecting a suspicious application activity and also when downloading unknown files. The solution works well with a protection against unknown threats which is based on the files reputation. Norton guarantees a security at a higher level by detecting a destructive code and a protection against unknown threats for which no signatures have been released. A firewall is a very useful module. It blocks hacker attacks and unauthorized traffic by monitoring communications between networked computers. It informs about connections from other devices as well as connections made by applications located in the system. An additional advantage is the fact that it closes inactive ports, protecting against scanning them. The firewall monitors a network traffic both incoming and outgoing, and compares information communicated with the signatures database of the attacks. These signatures contain information allowing to detect an attack that exploits software or operating system vulnerabilities. When such data are detected by the module, the connection with a host is interrupted and a received packet is rejected. 


using Chrome built-in translate 

and I'm wondering if the test installation included a browser extension like Norton Safe Web or Norton Password Manager.

maybe, try ... kontakt (at) avlab.pl or contact (at) avlab.pl

Kudos1 Stats

Re: Security News

Malvertising, the practice of sprinkling malicious code to legitimate-looking ads, affects both small and large websites. Protecting against it is harder than it seems. MARCH 20, 2019

 https://www.itworld.com/article/3373647/what-is-malvertising-and-how-you-can-protect-against-it.html

Kudos0

Re: Security News

Kudos0

Re: Security News

Office Depot and Tech Support Firm Will Pay $35 Million to Settle FTC Allegations That They Tricked Consumers into Buying Costly Computer Repair Services

https://www.ftc.gov/news-events/press-releases/2019/03/office-depot-tech-support-firm-will-pay-35-million-settle-ftc

Kudos0

Re: Security News

CLOUDFLARE SAYS ITS NEW VPN SERVICE WON’T SLOW YOU DOWN
Mobile phone users can begin signing up for the service, dubbed Warp, through Cloudflare's mobile app 1.1.1.1 on Monday; Cloudflare says it hopes the service is working Monday, but it might take a few days. Regardless, Warp is a sign of things to come for the rest of the internet. The technology that Cloudflare is betting will make Warp fast is a protocol invented by Google called QUIC, and it could one day make the rest of the internet faster and more reliable.

https://www.wired.com/story/cloudflare-says-new-vpn-service-wont-slow-you-down/ 

Kudos0

Re: Security News

FWIW ~ just learned that VirusTotal has a new interface.  
https://www.virustotal.com/gui/home/upload

VirusTotal:  Please also be aware that you should use the new interface since the old one is deprecated and therefore the analyses can be out-of-date.

Kudos0

Re: Security News

The courts and Canada are doing what the U.S. government won’t on data breaches.
https://slate.com/technology/2019/04/equifax-data-breach-aftermath-canada-united-states.html