News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
November 22, 2014, 03:10:48
Pages: [1] 2 3 ... 10
 1 
 on: Today at 00:18:33 
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

WordPress 4.0.1 Security Release
- https://wordpress.org/news/2014/11/wordpress-4-0-1/
Nov 20, 2014 - "WordPress 4.0.1 is now available. This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately... WordPress versions 3.9.2 and earlier are affected by a critical cross-site scripting vulnerability, which could enable anonymous users to compromise a site... This issue does not affect version 4.0, but version 4.0.1 does address these -eight- security issues..."

- http://www.securitytracker.com/id/1031243
Nov 20 2014
Impact: Denial of service via network, Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes 
Version(s): prior to versions 3.7.5, 3.8.5, 3.9.3, 4.0.1
Description: Several vulnerabilities were reported in WordPress. A remote user can cause denial of service conditions. A remote user can conduct cross-site scripting attacks. A remote user can conduct cross-site request forgery attacks. A remote user can compromise a target user's account...
Solution: The vendor has issued a fix (3.7.5, 3.8.5, 3.9.3, 4.0.1).
The vendor's advisory is available at:
- https://wordpress.org/news/2014/11/wordpress-4-0-1/

 Exclamation

 2 
 on: November 20, 2014, 09:16:42  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS14-066: Updated... again
- https://support.microsoft.com/kb/2992611
Last Review: Nov 19, 2014 - Rev: 5.0 ...
___

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 - 10.0 (HIGH)
Last revised: 11/19/2014

 Sad   Questioning or Suspicious

 3 
 on: November 20, 2014, 08:07:10  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Angler Exploit Kit adds New Flash Exploit...
- http://threatpost.com/angler-exploit-kit-adds-new-flash-exploit-for-cve-2014-8440/109498
Nov 20, 2014 - "... Angler is just one of the many such exploit kits available to attackers, but the creators of this one seem to be especially quick about adding exploits for new vulnerabilities to the kit. In October, a week after Adobe released its monthly patch update, researchers saw Angler exploiting an integer overflow in Flash that had just been patched. “This is really, really fast,” Kafeine, a French security researcher who identified the attack at the time, said. “The best I remember was maybe three weeks in February 2014.” Now, Kafeine said he already has seen Angler exploiting a Flash vulnerability that was patched Nov. 11 in Adobe’s November update release*. This vulnerability is CVE-2014-8440, a memory corruption flaw in Flash that can allow an attacker to take control of a target system. The bug exists in Flash on multiple platforms, including Windows, OS X and Linux, and Kafeine said it is getting its share of attention from attackers. “The vulnerability is being exploited in blind mass attack. No doubt about it: the team behind Angler is really good at what it does,” he said in a blog post*..."
* http://malware.dontneedcoffee.com/2014/11/cve-2014-8440.html

> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8440 - 10.0 (HIGH)
Last revised: 11/12/2014

Flash test site: https://www.adobe.com/software/flash/about/
___

Fake Donation Overpayment SCAM
- https://www.ic3.gov/media/2014/141120.aspx
Nov 20, 2014 - "... received numerous complaints from businesses, charitable organizations, schools, universities, health related organizations, and non-profit organizations, reporting an online donation scheme. The complaints reported subjects who had donated thousands of dollars, via stolen credit cards. Once donations were made, the subjects immediately requested the majority of the donation back, but credited to a different card. They claimed to have mistakenly donated too much by adding an extra digit to the dollar amount (i.e., $5000 was ‘accidently’ entered instead of $500). However, very few complainants actually returned the money to the second credit card. Many, through their own investigations, discovered the original card was -stolen- or the credit card company notified them of such. Also, some of the organizations’ policies did not allow funds to be returned to a different credit card."

 Evil or Very Mad Evil or Very Mad   Sad

 4 
 on: November 19, 2014, 06:26:18  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Bank phish ...
- http://myonlinesecurity.co.uk/lloyds-bank-improving-current-account-phishing/
19 Nov 2014 - "There are a few major common subjects in a phishing attempt. The majority are either PayPal or your Bank or Credit Card, with a message saying some thing like :
 -We’re improving your current account
    -There have been unauthorised or suspicious attempts to log in to your account, please verify
    -Your account has exceeded its limit and needs to be verified
    -Your account will be suspended !
    -You have received a secure message from < your bank>
    -New Secure Message
    -We are unable to verify your account information
    -Update Personal Information
    -Urgent Account Review Notification
    -We recently noticed one or more attempts to log in to your PayPal account from a foreign IP address
    -Confirmation of Order


This one is Lloyds bank 'We’re improving your current account' pretending to come from Lloyds Banking Group Plc <info@ emails.very .co.uk> The original email looks like this. It will NEVER be a genuine email from PayPal or Your Bank so don’t ever fill in the html (webpage) form that comes attached to the email. Some versions of this phish will have a link to a website that looks at first glance like the genuine bank website. Lloyds actually -do- allow you to pay in and perform some transactions at a Post Office rather than going to your branch, so many users might get unwittingly caught out by this one and think they need to notify the bank.
Email looks like:

Screenshot: http://myonlinesecurity.co.uk/wp-content/uploads/2014/11/lloyds-We-are-improving-your-current-account.png

This one wants your personal details and bank details. Many of them are also designed to specifically steal your email, facebook and other social network log in details... whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. If it says .EXE then it is a problem and should -not- be run or opened."
___

Azure cloud outages - MSN web portal offline
- http://www.reuters.com/article/2014/11/19/us-microsoft-web-idUSKCN0J309E20141119
Nov 18, 2014 11:53pm EST - "Microsoft Corp's Azure cloud-computing service, which hosts websites and lets customers store and manage data remotely, suffered serious outages on Tuesday taking its popular MSN web portal offline. According to Microsoft's Azure status page*, the problems started around 5pm Pacific time and have still not been fully solved..."
* http://azure.microsoft.com/en-us/status/#history

 Evil or Very Mad   Sad

 5 
 on: November 19, 2014, 03:38:24  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Chrome 39.0.2171.65 released
- http://googlechromereleases.blogspot.com/2014/11/stable-channel-update_18.html
Nov 18, 2014 - "... Chrome 39.0.2171.65 contains a number of fixes and improvements, including:
 64-bit support for Mac
 A number of new apps/extension APIs
 Lots of under the hood changes for stability and performance ...
This update includes -42- security fixes..."
___

- http://www.securitytracker.com/id/1031241
CVE Reference: CVE-2014-7899, CVE-2014-7900, CVE-2014-7901, CVE-2014-7902, CVE-2014-7903, CVE-2014-7904, CVE-2014-7905, CVE-2014-7906, CVE-2014-7907, CVE-2014-7908, CVE-2014-7909, CVE-2014-7910
Nov 20 2014
Impact: A remote user can create HTML that, when loaded by the target user, will execute arbitrary code on the target user's system.
A remote user can obtain potentially sensitive information.
Solution: The vendor has issued a fix (39.0.2171.65)...

 Exclamation Exclamation

 6 
 on: November 18, 2014, 10:33:15  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS Security Bulletin MS14-068 - Critical
Vulnerability in Kerberos Could Allow Elevation of Privilege (3011780)
- https://technet.microsoft.com/library/security/MS14-068
Critical - Elevation of Privilege - Requires restart - Microsoft Windows
Nov 18, 2014 - Ver: 1.0
- https://support.microsoft.com/kb/3011780

- http://blogs.technet.com/b/srd/archive/2014/11/18/additional-information-about-cve-2014-6324.aspx
18 Nov 2014

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6324 - 9.0 (HIGH)
Last revised: 11/19/2014 - "... as exploited in the wild in November 2014..."
___

MS14-066/KB 2992611/WinShock - more problems reported
- http://www.infoworld.com/article/2849292/operating-systems/more-patch-problems-reported-with-the-ms14-066-kb-2992611-winshock-mess.html
Nov 18, 2014 - "... an entire collection of real, bona fide problems that accompany many installations of KB 2992611.
- On Nov. 12, Amazon issued an advisory about the botched Microsoft patch:
[ http://aws.amazon.com/security/security-bulletins/ms14-066-advisory/ ]
    'We have received reports that the patch that Microsoft supplied for MS14-066 has been causing issues, specifically that TLS 1.2 sessions are disconnecting during key exchange.
    While we investigate this issue with the patch provided, we suggest that our customers review their security groups and ensure that external access to Windows instances have been appropriately restricted to the extent possible.'
Now IBM has chimed in with its own advisory:
[ http://www-01.ibm.com/support/docview.wss?uid=swg21690217 ]
    After applying the OS patch, B2B Integrator and FileGateway are unable to start up with the following error:
    The driver could not establish a secure connection to SQL Server by using Secure Sockets
    Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed.".
    [2014-04-22 06:21:32.25] ERRORDTL [1398162092250]com.microsoft.sqlserver.jdbc.SQLServerException: The driver could not establish a secure connection to SQL Server by using Secure Sockets Layer (SSL) encryption. Error: "SQL Server returned an incomplete response. The connection has been closed."
IBM further advises, as of early Tuesday morning, "There is currently no workaround for this issue with the OS patch."
Even BlackBerry - has officially diagnosed a conflict between KB 2992611 and its Print To Go product..."
[ https://supportforums.blackberry.com/t5/BlackBerry-PlayBook/Print-to-Go/td-p/2866644/page/3 ]

> http://www.infoworld.com/article/2849357/microsoft-windows/microsoft-ms14-066kb-2992611-schannel-ms14-068kb-3011780-kb-3000850.html
Nov 18, 2014
___

- https://technet.microsoft.com/library/security/ms14-066
V2.0 (November 18, 2014): Bulletin revised to announce the reoffering of the 2992611 update to systems running Windows Server 2008 R2 and Windows Server 2012. The reoffering addresses known issues that a small number of customers experienced with the new TLS cipher suites that were included in the original release. Customers running Windows Server 2008 R2 or Windows Server 2012 who installed the 2992611 update prior to the November 18 reoffering should reapply the update. See Microsoft Knowledge Base Article 2992611 for more information.
> https://support.microsoft.com/kb/2992611
Last Review: Nov 18, 2014 - Rev: 4.1
... Note: If you downloaded and then installed this security update from the Microsoft Download Center for Windows Server 2008 R2 or Windows Server 2012, we recommend that you reinstall the security update from the Download Center. When you click the Download button, you will be prompted to select the check boxes for updates 2992611 and 3018238. Click to select both updates, and then click Next to continue with the updates. These packages -will- require -two- restarts in sequence during installation.
> http://support2.microsoft.com/kb/3011780
Last Review: Nov 18, 2014 - Rev: 1.0
___

November 2014 update rollup for Windows RT 8.1, Windows 8.1, and Windows Server 2012 R2
> https://support2.microsoft.com/kb/3000850
Last Review: Nov 18, 2014 - Rev: 1.0

 Exclamation

 7 
 on: November 18, 2014, 03:19:25  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Invoice SPAM - Word doc malware attached
- http://myonlinesecurity.co.uk/email-contains-invoice-file-attachment-invoice-1633370-may-word-doc-malware/
18 May 2014 - "'Invoice #1633370 May' with a malicious word doc attachment saying 'This email contains an invoice file attachment' is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:

   This email contains an invoice file attachment

So far today, I have seen 3 different size files attached to this email, All file names are random:
18 November 2014 : invoice_796732903.doc (59kb)       Current Virus total detections: 1/55*

18 November 2014 : invoice_1952581.doc (41kb)      Current Virus total detections: 1/55**

18 November 2014 : invoice_80943810.doc (22kb)      Current Virus total detections: 0/54***
... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/0a78296121f16e13812c609c2d55245a492b6a992c99b403b2427e41acae9e72/analysis/1416303264/

** https://www.virustotal.com/en/file/70411393ea66130204abfb3653646dcb495538fbbc6a5a76bef1376625d2fcbf/analysis/1416304606/

*** https://www.virustotal.com/en/file/670011a08ddcde9d1892593a968f87e9e8800248f6bb9b8967b05ec4c34b64d0/analysis/1416304325/
___

Another Fake FAX SPAM run ...
- http://blog.dynamoo.com/2014/11/incoming-fax-report-spam-lets-party.html
18 Nov 2014 - "... 'need to load some more papyrus into the facsimile machine...:
From:     Incoming Fax [no-reply@ efax .co.uk]
Date:     18 November 2014 13:16
Subject:     INCOMING FAX REPORT : Remote ID: 766-868-5553
INCOMING FAX REPORT
Date/Time: Tue, 18 Nov 2014 14:16:58 +0100
Speed: 4222bps
Connection time: 01:09
Pages: 5
Resolution: Normal
Remote ID: 963-864-5728
Line number: 1
DTMF/DID:
Description: Internal report
We have uploaded fax report on dropbox, please use the following link to download your file...


This is (of course) utter bollocks, and the link in the email downloads a ZIP file document_8731_pdf.zip which in turn contains a malicious executable document_8731_pdf.exe which has a VirusTotal detection rate of 4/54*. According to the Malwr report it makes these following HTTP requests:
http ://108.61.229.224:13861 /1811us1/HOME/0/51-SP3/0/
http ://108.61.229.224:13861 /1811us1/HOME/1/0/0/
http ://159593.webhosting58 .1blu. de/mandoc/narutus1.pmg
It also drops a file EXE1.EXE onto the target system which has a detection rate of 7/55**...
Recommended blocklist:
108.61.229.224
159593.webhosting58 .1blu .de
"
* https://www.virustotal.com/en/file/d567e8853aa3cbccbd5082471f761f75d77daf68c8d448e88875f141d6d0ab6f/analysis/1416318405/
... Behavioural information
TCP connections
108.61.229.224: https://www.virustotal.com/en/ip-address/108.61.229.224/information/
178.254.0.111: https://www.virustotal.com/en/ip-address/178.254.0.111/information/

** https://www.virustotal.com/en/file/5ec1e1850100849dd4750ef083824806304e82be5233e241b69b1960acc96324/analysis/1416318784/

- http://myonlinesecurity.co.uk/incoming-fax-report-remote-id-999-745-5477-fake-pdf-malware/
18 Nov 2014
- https://www.virustotal.com/en/file/d567e8853aa3cbccbd5082471f761f75d77daf68c8d448e88875f141d6d0ab6f/analysis/1416321619/
___

Fake Voice msg SPAM again - PDF malware
- http://myonlinesecurity.co.uk/voice-message-685-869-9737-mailbox-226-fake-pdf-malware/
18 Nov 2014 - "'voice message from 685-869-9737 for mailbox 226' pretending to come from 'Voice Mail <voicemail_sender@  voicemail .com> is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various  Zbots, cryptolocker, ransomware and loads of other malware on your computer... The email looks like:
     You have received a voice mail message from 685-869-9737
    Message length is 00:00:30. Message size is 225 KB.
    Download your voicemail message from dropbox service below (Google Disk Drive Inc.)...


18 November 2014: document_8731_pdf.zip (12 kb): Extracts to: document_8731_pdf.exe
Current Virus total detections: 4/55* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/d567e8853aa3cbccbd5082471f761f75d77daf68c8d448e88875f141d6d0ab6f/analysis/1416321619/

 Evil or Very Mad  Sad

 8 
 on: November 18, 2014, 02:58:39  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

iOS 8.1.1 released
- http://support.apple.com/en-us/HT6590
Nov 17, 2014
... for iPhone 4s and later, iPod touch 5th generation and later, and iPad 2 and later...
- http://www.securitytracker.com/id/1031232
CVE Reference: CVE-2014-4451, CVE-2014-4457, CVE-2014-4463
Nov 18 2014
Impact: Execution of arbitrary code via local system, User access via local system
Fix Available: Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (8.1.1).
___

OS X Yosemite v10.10.1
- http://support.apple.com/en-us/HT6572
Nov 17, 2014
- http://www.securitytracker.com/id/1031230
CVE Reference: CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4460
Nov 18 2014
Impact: Disclosure of system information, Execution of arbitrary code via network, User access via network
Fix Available: Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (10.10.1).
___

Apple TV 7.0.2
- http://support.apple.com/en-us/HT6592
Nov 17, 2014
- http://www.securitytracker.com/id/1031231
CVE Reference: CVE-2014-4452, CVE-2014-4455, CVE-2014-4461, CVE-2014-4462
Nov 18 2014
Impact: Execution of arbitrary code via local system, Execution of arbitrary code via network, User access via local system, User access via network
Fix Available: Yes  Vendor Confirmed:  Yes ...
Solution: The vendor has issued a fix (7.0.2). 
___

- https://isc.sans.edu/diary.html?storyid=18961
Nov 17, 2014
- https://www.us-cert.gov/ncas/current-activity/2014/11/17/Apple-Releases-Security-Updates-iOS-OS-X-Yosemite-and-Apple-TV
Nov 17, 2014

 Exclamation

 9 
 on: November 17, 2014, 05:11:11  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Fax SPAM - malicious .DOCM attachment
- http://blog.dynamoo.com/2014/11/interfax-failed-fax-transmission-spam.html
17 Nov 2014 - "This -fake- fax spam comes with a malicious attachment
   From:     Interfax [uk@ interfax .net]
    Date:     13 November 2014 20:29
    Subject:     Failed Fax Transmission to 01616133969@ fax .tc<00441616133969>
    Transmission Results
    Destination Fax:     00441616133969
    Contact Name:     01616133969@ fax .tc
    Start Time:     2014/11/13 20:05:27
    End Time:     2014/11/13 20:29:00
    Transmission Result:     3220 - Communication error
    Pages sent:     0
    Subject:     140186561.XLS
    CSID:    
    Duration (In Seconds):     103
    Message ID:     485646629
    Thank you for using Interfax ...


Attached is a malicious Word macro file called 00000293.docm which is currently undetected at VirusTotal*... Inside this .DOCM file is a malicious macro... which attempts to download a malicious binary from http ://agro2000 .cba .pl/js/bin.exe . This file is downloaded to %TEMP%\MRSWZZFEYPX.exe and the binary also has zero detections at VirusTotal**, and the Malwr report shows that it tries to connect to the following URL: http ://84.40.9.34 /lneinn/mo%26af.lipgs%2Bfn%7El%3Fboel%3D%3F+%3Fa%20%3F~pigc_k/ci$slf%2B%20l%3D%7E . It then drops a malicious DLL onto the target system which has a rather better detection rate of 12/53***. If you are a corporate email admistrator they you might consider blocking .DOCM files at the perimeter as I can see no valid reason these to be sent by email. You should definitely block 84.40.9.34 (Hostway, Belgium) as this is a known bad server that has been used in several recent attacks."
* https://www.virustotal.com/en/file/724b6ed9f68ae9e217f1b88a8107f7b3cb95cf8a55ce2fbf0a7c455099f66012/analysis/1416221806/

** https://www.virustotal.com/en/file/8307c13583837bcfc30e8c267133f33e3fff4d86abd59adcb7f1fb7dd04a0d54/analysis/1416222127/

*** https://www.virustotal.com/en/file/1a774212d3f20523c4ddd63dd657954eeb7bf97c19ce9a9838b5297239c0119b/analysis/1416222797/

84.40.9.34: https://www.virustotal.com/en/ip-address/84.40.9.34/information/

- http://myonlinesecurity.co.uk/failed-fax-transmission-01616133969fax-tc-word-doc-malware/
17 Nov 2014
> https://www.virustotal.com/en/file/724b6ed9f68ae9e217f1b88a8107f7b3cb95cf8a55ce2fbf0a7c455099f66012/analysis/1416212735/
___

Fake Investment SPAM ...
- http://myonlinesecurity.co.uk/investment-opportunities-ireland-malware/
17 Nov 2014 - "'Investment Opportunities in Ireland' pretending to come from IDA Ireland (Home of Foreign Businesses) <info@idaireland.com> with a link to a malicious zip attachment is another one from the current bot runs which try to download various Trojans and password stealers especially banking credential stealers, which may include cridex, dridex, dyreza and various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment...

Screenshot: http://myonlinesecurity.co.uk/wp-content/uploads/2014/11/Investment-Opportunities-in-Ireland.png

Todays Date: investmentareas.rar: Extracts to:  investmentareas.scr
Current Virus total detections: 26/55* . Be very careful with email attachments. All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
* https://www.virustotal.com/en/file/b05b065ab2fbb6db6c29fd0a6ad856bca0fafe46322d91890dc1755788ea6e7b/analysis/1416215003/
___

Fake 'Payment Declined' Phish ...
- http://myonlinesecurity.co.uk/bt-account-payment-declined-phishing/
17 Nov 2014 - "Any phishing attempt wants to get as much personal and financial information from you as possible. This 'BT Account- Payment Declined' pretending to come from BT .com <noreplymail@ btc .com> phishing scam is one of them. The phishers try to use well known companies or Government departments like British Telecom, HMRC, Inland Revenue, Virgin Media, British Gas or any company that many people are likely to have an account with. This one wants your personal details and your credit card and bank details. Many of them are also designed to specifically steal your email, facebook and other social network log in details...

Screenshot: http://myonlinesecurity.co.uk/wp-content/uploads/2014/11/BT-Account-Payment-Declined.png

The link in the email leads you to a webpage looking like:
Screenshot2: http://myonlinesecurity.co.uk/wp-content/uploads/2014/02/BT-billing-fake-log-in.png

That leads on to a page to enter all your details, including bank account, credit card, mother’s maiden name and everything else necessary to steal your identity and clean out your bank and credit card accounts:
Screenshot3: http://myonlinesecurity.co.uk/wp-content/uploads/2014/02/BT-billing-fake-details.png

Then you get a success page, where they kindly inform you that “The Anti Fraud System has been succesfully added to your account” and then are bounced to the real BT site:
Screenshot4: http://myonlinesecurity.co.uk/wp-content/uploads/2014/02/BT-billing-fake-details-success-.png

All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email... whether it is a straight forward attempt, like this one, to steal your personal, bank, credit card or email and social networking log in details. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened."
___

Fake 'Test message' SPAM plague continues..
- http://blog.dynamoo.com/2014/11/test-message-spam-plague-continues.html
17 Nov 2014 - "This plague of spam "test messages" have been going on for two days now, probably sourced from "Botnet 125"* which sends most of the spam I get. These messages are annoying but no harmful in themselves, I suspect they are probing mail servers for responses. If you have a catch-all email address then you will probably see a lot of these. The targets are either completely random or have been harvested from one data breach or another as far as I can see.
   From: Hollie <Laurie.17@ 123goa .com>
    Date: 17 November 2014 19:04
    Subject: Test 8657443T
  test message.
    Murphy became a free agent on October 15, after refusing a minor league assignment. Silva implies the last cycle has begun, believing herself to be the host.
    Icelandic had been heard. American CIA contract air crews and pilots from the Alabama Air Guard...
..."
* http://www.proofpoint.com/threatinsight/posts/dueling-dridex-campaigns-target-banking-customers.php

 Evil or Very Mad  Sad

 10 
 on: November 16, 2014, 07:31:34  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS14-066: Known issues ...
- https://support.microsoft.com/kb/2992611
Last Review: Nov 14, 2014 - Rev: 3.0
See: Known issues with this security update:
"    We are aware of an issue in certain configurations in which TLS 1.2 is enabled by default, and TLS negotiations may fail. When this problem occurs, TLS 1.2 connections are dropped, processes hang (stop responding), or services become intermittently unresponsive..."

Security Update MS14-066 causes major performance problems in Microsoft Access / SQL Server applications
- http://darrenmyher.wordpress.com/2014/11/13/security-update-ms14-066-causes-major-performance-in-microsoft-access-sql-server-applications/
Nov 13, 2014
___

Hold off installing MS14-066 / KB 2992611
- http://blogs.msmvps.com/spywaresucks/2014/11/16/hold-off-installing-ms14-066-kb-2992611/
Nov 16, 2014 - "Word is it is breaking stuff, including the ability to access using secure sites using Chrome.
Possible fixes if you’re already affected:
- Open gpedit.msc
- Go to computer configuration > administrative templates > Network > SSL Configuration Settings > - SSL Cipher Suite Order: Set it to enabled
- Reboot
The policy populates the Windows registry with the legacy cipher suites less the 4 new cipher suites added by MS14-066 /2992611. The list of ciphers used can be viewed by enabling the policy then reviewing the list of ciphers in the dialog box
Or: Remove MS14-066 / KB 2992611 and reboot.
Amazon Advisory: https://aws.amazon.com/security/security-bulletins/ms14-066-advisory/ "

- http://www.infoworld.com/article/2848574/operating-systems/microsoft-botches-kb-2992611-schannel-patch-tls-alert-code-40-slow-sql-server-block-iis-sites.html
Nov 17, 2014 - "...  we're sitting here with a bad patch, almost a week after Black Tuesday, and the patch is -still- being offered through Automatic Update. Microsoft hasn't pulled it, in spite of one acknowledged major problem, another that's the talk of the SQL Server community, and a few hangers-on that may clobber your machines. Amazon raised a red flag on Wednesday..."

MS14-066 Advisory
- https://aws.amazon.com/security/security-bulletins/ms14-066-advisory/
2014/11/14 5:30PM PST - "We are continuing to investigate the reported issues with the patch that was supplied for MS14-066. This updated status is being provided for the service below. We will continue to update this Security Bulletin for the other services previously identified as more information becomes available.
Amazon Relational Database Service (RDS):
Amazon RDS will build and deploy any required updates to affected RDS SQL Server instances. Any needed updates will require a restart of the RDS database instance. Communication of the specific timing of the update for each instance will be communicated via email or AWS Support directly to customers prior to any instance restart...

We will continue provide updates to this security bulletin.
___

WinShock (KB2992611) Patch breaks IIS
- https://social.technet.microsoft.com/Forums/windowsserver/en-US/218cf562-3dab-4d09-adcc-74f65d0f29f1/winshock-kb2992611-patch-breaks-iis?forum=winserversecurity
Last entry (as of date/time of this post): Nov 16, 2014 12:01 AM
___

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-6321 - 10.0 (HIGH)
Last revised: 11/12/2014
> http://technet.microsoft.com/security/bulletin/MS14-066

 Exclamation

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.263 seconds with 15 queries.