• All Community
    • All Community
    • Forums
    • Ideas
    • Blogs
Advanced

Not what you are looking for? Ask the experts!

Kudos3 Stats

Security News

Intel Security, Palo Alto Networks, Fortinet, and Symantec under the Cyber Threat Alliance have probed the net scourge revealing that the attackers are thought to be a single entity. That theory's based on commonalities in the Bitcoin wallets they use to receive ransom payments.

 http://www.theregister.co.uk/2015/10/30/crypowall_paper_cyber_threat_alliance/

Kaspersky Lab has added an additional 14,031 decryption keys to their free repository, enabling all those who have fallen victim to CoinVault and Bitcryptor ransomware to retrieve their encrypted data without having to pay a ransom to cybercriminals.

http://www.net-security.org/malware_news.php?id=3137 

Replies

Kudos1 Stats

Re: Security News

Predictions of anti-virus software's demise have missed one important fact - Europe's security giant ESET is booming.

http://www.techworld.com/security/is-anti-virus-dead-esets-ransomware-bank-trojan-figures-suggest-otherwise-3628397/ 

Kudos0

Re: Security News

Chrome won't trust Symantec-backed SSL as of Jun 1 unless they account for bogus certs.

https://boingboing.net/2015/11/01/chrome-wont-trust-symantec-b

Kudos0

Re: Security News

Hacking tool swipes encrypted credentials from password manager
"KeeFarce" targets KeePass, but virtually all password managers are vulnerable.

http://arstechnica.com/security/2015/11/hacking-tool-swipes-encrypted-credentials-from-password-manager/ 

Kudos0

Re: Security News

Latest EMET Bypass Targets WoW64 Windows Subsystem

https://threatpost.com/latest-emet-bypass-targets-wow64-windows-subsystem/115224/ 

Kudos0

Re: Security News

Nov 3 Fewer than a quarter of 21 million federal workers hit by a major computer hack have been officially told that their personal information was compromised, six months after the breach was detected, a U.S. government official said on Tuesday.

http://www.reuters.com/article/2015/11/03/usa-cybersecurity-opm-idUSL1N12Y22H20151103 

Kudos0

Re: Security News

03Nov15  How Carders Can Use eBay as a Virtual ATM

http://krebsonsecurity.com/2015/11/how-carders-can-use-ebay-as-a-virtual-atm/ 

New Wave of Pay-at-Pump Skimming Attacks
Organized Crime Steals Millions in Advance of EMV

http://www.cuinfosecurity.com/new-wave-pay-at-pump-skimming-attacks-a-8652 

Kudos0

Re: Security News

Most consumers believe cloud-based apps can be hacked. Posted on 02 November 2015.

http://www.net-security.org/secworld.php?id=19052&utm_

Kudos0

Re: Security News

Kaspersky Lab issued a report that warns users of the possible risks when facing with connected coffee machines and other wireless-enabled home devices.

http://securityaffairs.co/wordpress/41857/hacking/coffee-machines-hacking

To hamper the diffusion of the Cryptowall 4.0 Bitdefender has developed a software that allows users to immunize their computers and block file encryption process implemented by ransomware, including the Cryptowall 4.0.

 http://securityaffairs.co/wordpress/41862/cyber-crime/cryptowall-4-0-russia-vaccine

Kudos0

Re: Security News

Kudos0

Re: Security News

Cyber cooks breached the security of British parliament’s secure network and hacked into many of its computer systems.

https://www.hackread.com/british-parliament-computers-ransomware-infected/ 

Kudos0

Re: Security News

Kaspersky and Microsoft Security Products Abused to Install Spying Trojan

http://news.softpedia.com/news/kaspersky-and-microsoft-security-products-abused-to-install-spying-trojan-495993

Kudos0

Re: Security News

Kudos0

Re: Security News

The developers of the notorious Dyre (Dyreza) banking Trojan have released a new version of the threat that includes support for Windows 10 and Microsoft Edge.

http://www.securityweek.com/dyre-banking-trojan-now-targets-windows-10-microsoft-edge 

Kudos1 Stats

Re: Security News

Kudos0

Re: Security News

A security researcher said it took United Airlines nearly six months to patch a serious vulnerability that could have been exploited to access customer information and manage flight reservations.

http://www.securityweek.com/united-airlines-patches-serious-flaw-after-6-months 

Kudos0

Re: Security News

bjm_:

A security researcher said it took United Airlines nearly six months to patch a serious vulnerability that could have been exploited to access customer information and manage flight reservations.

http://www.securityweek.com/united-airlines-patches-serious-flaw-after-6-months 

Six months ? Is that all ? I bet Symantec could beat that...............

Windows 10 X64 Fall Creators Update 1709
Kudos0

Re: Security News

The UK's former defense secretary Des Browne has issued a stark warning that the country's nuclear weapons could be vulnerable to cyberattacks.

http://betanews.com/2015/11/24/uks-trident-nuclear-weapons-could-be-hit-by-cyberattacks/ 

The surge in data breaches has left millions of consumer records and personally identifiable information compromised, giving fraudsters all they need to open fraudulent accounts aimed at scamming banking institutions out of big dollars.

http://www.bankinfosecurity.com/interviews/what-sleeper-fraud-must-banks-beware-i-2992 

Kudos0

Re: Security News

Kudos0

Re: Security News

Unpatched Flaws Allow Hackers to Compromise Belkin Routers

http://www.securityweek.com/unpatched-flaws-allow-hackers-compromise-belkin-routers 

Kudos0

Re: Security News

Fileless malware evolves, is now harder to detect.
Security researchers from Intel Security (formerly known as McAfee) have compiled their regular online threats report, showing the most aggressive and wide-spread malware types that have targeted users in the last month.

http://news.softpedia.com/news/the-return-of-macro-malware-and-other-malware-trends-497590

Kudos0

Re: Security News

Kudos0

Re: Security News

Intel Security (formerly known as McAfee)

It's part of Intel Security but still using the McAfee name on its products. 

Hugh
Kudos0

Re: Security News

At least 10 major loyalty card schemes compromised in industry-wide scam
http://www.theregister.co.uk/2015/12/16/major_loyalty_card_schemes_compromised_scam/

Wish list app from Target springs a major personal data leak.
http://arstechnica.com/security/2015/12/wish-list-app-from-target-springs-a-major-personal-data-leak/

Kudos0

Re: Security News

FireEye Security Devices Provide Attackers with Backdoor into Corporate Networks.
http://news.softpedia.com/news/fireeye-security-devices-provide-attackers-with-backdoor-into-corporate-networks-497702

Kudos0

Re: Security News

There Are More Malicious Bible Apps than There Are Malicious Poker Apps
http://news.softpedia.com/news/there-are-more-malicious-bible-apps-than-there-are-malicious-poker-apps-497768

Kudos0

Re: Security News

Database leak exposes 3.3 million Hello Kitty fans
http://www.csoonline.com/article/3017171/security/database-leak-exposes-3-3-million-hello-kitty-fans.html

Phantom Squad plans to hack PSN and Xbox, SkidNP hacks its website December 20, 2015 http://securityaffairs.co/wordpress/42914/cyber-crime/42914.html 

Kudos0

Re: Security News

Toshiba to Lose $5.4 Billion in 2015, Shed 7,800 Jobs Posted on December 21, 2015
https://www.petri.com/toshiba-to-lose-5-4-billion-in-2015-shed-7800-jobs

Kudos0

Re: Security News

Google has announced its timeline for deprecating SHA-1 certificates, despite concerns expressed recently that sunsetting the broken encryption hashing algorithm will disconnect millions from the Internet.

https://threatpost.com/google-announces-sha-1-deprecation-timeline/115681/ 

Kudos0

Re: Security News

Kudos0

Re: Security News

Kudos0

Re: Security News

A couple of days ago I got an email purportedly from Interfax saying they were enclosing a Fax message for me which was an attachment in a zip format. I know enough not to touch it but a Google on Interfax produced this right near the top of the list:

Newly Found Interfax Themed JavaScript Malspam  

<< The LookingGlass Cyber Threat Intelligence Group (CTIG) observed a malspam campaign attempting to convince users they had received an incoming Internet fax. The attached fax “document” is actually a malicious obfuscated JavaScript file (MD5: 2EAC091DA007E486ADC524DDEC858D90) acting as a downloader for additional malware. Below is the content of the email:

From: "Interfax Service" <incoming@interfax.net>

Subject: You have received a new fax, document 0000325485

Date: October 26, 2015 at 11:12:34 PM EDT

To: [REDACTED]

Reply-To: "Interfax Service"< incoming@interfax.net>

New incoming fax document. Please, download fax document attached to this email.

Filesize: 292 Kb

Scanned at: Mon, 26 Oct 2015 18:49:57 +0300

Scanned by: Fred Greer

Scan duration: 22 seconds

Resolution: 500 DPI

Pages scanned: 11

Document name: fax-0000325485.doc

Thanks for choosing Interfax! fax-

Simply double clicking the JavaScript file is enough to set off the infection chain. >>

That is exactly the text I got .... and it was not flagged even as spam/junk

So watch out for the unexpected .... and needless to say don't click on anything without doing some checking ....

Google also put this up in a box along side the lists

Interfax

News agency company

Interfax is a Russian non-governmental news agency based in Moscow. The agency was established in 1989 by officials from the international service, Moscow Radio.

Hugh
Kudos0

Re: Security News

huwyngr,
Hmm, wonder if/what VT Email submission would report.  MD5 is File not found. 

Kudos0

Re: Security News

bjm

Hmm, wonder if/what VT Email submission would report.

Way beyond me .... be happy to send you the email and file if you want to play with it / submit it to some test authority ..... 

Hugh
Kudos0

Re: Security News

huwyngr:

bjm

Hmm, wonder if/what VT Email submission would report.

Way beyond me .... be happy to send you the email and file if you want to play with it / submit it to some test authority ..... 

https://www.virustotal.com/en/documentation/email-submissions/ 

Kudos0

Re: Security News

9.1% of all ransomware-infected emails detected by Bitdefender in 2015 have targeted UK users. Furthermore, 54% of all malware files targeting the UK contained some form of ransomware.

http://www.net-security.org/malware_news.php?id=3182


Expect phishers and other password thieves to up their game in 2016: Both Google and Yahoo! are taking steps to kill off the password as we know it.

http://krebsonsecurity.com/2015/12/expect-phishers-to-up-their-game-in-2016/ 

Kudos0

Re: Security News

A Chrome extension that AVG AntiVirus automatically installs on users’ systems exposes browsing history and other personal data to the Internet, Google Project Zero researcher Tavis Ormandy has discovered.

http://www.securityweek.com/avg-chrome-extension-exposes-user-data 

Kudos0

Re: Security News

A team of researchers has analyzed modern railway systems and they’ve determined that it would not be difficult for a motivated attacker to pull off a cyber “train robbery.”

http://www.securityweek.com/trains-vulnerable-hacker-attacks-researchers 

Kudos0

Re: Security News

Kudos0

Re: Security News

Top 50 Products By Total Number Of "Distinct" Vulnerabilities in 2015
http://www.cvedetails.com/top-50-products.php?year=2015

Kudos0

Re: Security News

Kudos0

Re: Security News

LogMeIn is launching its first revamp of the LastPass password management app, three months after its controversial purchase of the popular utility back in October.

http://www.theregister.co.uk/2016/01/05/lastpass_revamp/ 

Kudos0

Re: Security News

bjm_:

LogMeIn is launching its first revamp of the LastPass password management app, three months after its controversial purchase of the popular utility back in October.

http://www.theregister.co.uk/2016/01/05/lastpass_revamp/ 

How long before they run into problems with operating systems and browsers I wonder ..... 

Hugh
Kudos0

Re: Security News

Security researchers are worried that critical vulnerabilities in antivirus products are too easy to find and exploit
http://www.computerworld.com/article/3020445/security/antivirus-software-could-make-your-company-more-vulnerable.html

Kudos0

Re: Security News

Huge rise in UK house purchase email scams as foreign hackers steal over £10m in 2015

http://www.ibtimes.co.uk/huge-rise-uk-house-purchase-email-scams-foreign-hackers-steal-over-10m-2015-1537295 

Kudos0

Re: Security News

Google security researcher excoriates TrendMicro for critical AV defects
"I don't even know what to say," exasperated researcher tells TrendMicro official.

http://arstechnica.com/security/2016/01/google-security-researcher-excoriates-trendmicro-for-critical-av-defects/ 

Kudos0

Re: Security News

Kudos0

Re: Security News

bjm_:

Kaspersky Free Antivirus released
http://www.ghacks.net/2016/01/14/kaspersky-free-antivirus-released

Some of the comments are interesting -- most are "expectable" .... 

Hugh
Kudos0

Re: Security News

A new version of the TeslaCrypt Ransomware has been discovered by BloodDolly, the creator of TeslaDecoder, that was built on January 12, 2016 @ 09:39:43.  This release calls itself version 3.0 and uses a different encryption key exchange algorithm. Furthermore, all encrypted files will now have the new .XXX, .TTT, .MICRO extensions appended to them.


TeslaCrypt 3.0 Released with Modified Algorithm and .XXX, .TTT, and .MICRO File Extensions

regards, CV | There is no ONE TOUCH KEY to security . Be alert and vigilant. . | Always have a Backup Plan!
Kudos0

Re: Security News

ShmooCon: LastPass design elements create perfect Phishing opportunity.  Cassidy released LostPass - a tool that will demonstrate the attack and enable others to replicate it – on Github.

http://www.csoonline.com/article/3023532/security/shmoocon-lastpass-design-elements-create-perfect-phishing-opportunity

Kudos0

Re: Security News

Hackers have been gifted with an online web service that can produce blueprints for 3D printed keys from nothing more than a photograph of a lock.

http://www.theregister.co.uk/2016/01/18/keysforge_will_give_you_printable_key_blueprints_using_a_photo_of_a_lock/