News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
August 28, 2014, 15:16:02
Pages: [1] 2 3 ... 10
 1 
 on: Today at 08:27:18 
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Apache HttpComponents client updated
- https://mail-archives.apache.org/mod_mbox/www-announce/201408.mbox/CVE-2014-3577
18 Aug 2014 - "Apache HttpComponents (prior to revision 4.3.5/4.0.2) may be susceptible to a 'Man in the Middle Attack' due to a flaw in the default hostname verification during SSL/TLS when a specially crafted server side certificate is used.
Background: During an SSL connection (https) the client verifies the hostname in the URL against the hostname as encoded in the servers certificate (CN, subjectAlt fields). This is to ensure that the client connects to the 'real' server, as opposed to something in middle (man in the middle) that may compromise end to end confidentiality and integrity..."

> https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3577 - 5.8
Last revised: 08/21/2014

 Exclamation

 2 
 on: August 27, 2014, 15:15:01  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Hacks attack JPMorgan...
- http://www.bloomberg.com/news/print/2014-08-27/fbi-said-to-be-probing-whether-russia-tied-to-jpmorgan-hacking.html
Aug 27, 2014 - "Russian hackers attacked the U.S. financial system in mid-August, infiltrating and stealing data from JPMorgan Chase & Co. and at least one other bank, an incident the FBI is investigating as a possible retaliation for government-sponsored sanctions... The attack resulted in the loss of gigabytes of sensitive data... the probe is still preliminary. Authorities are investigating whether recent infiltrations of major European banks using a similar vulnerability are also linked to the attack... In one case, the hackers used a software flaw known as a zero-day vulnerability in one of the banks’ websites. They then plowed through layers of elaborate security to steal the data, a feat security experts said appeared far beyond the capability of ordinary criminal hackers. The incidents occurred at a low point in relations between Russia and the West. Russian troops continue to mass on the Ukrainian border and the West tightens sanctions aimed at crippling Russian companies, including some of the country’s most important banks... The sophistication of the attack and technical indicators extracted from the banks’ computers provide some evidence of a government link. Still, the trail is muddy enough that investigators are considering the possibility that it’s cyber criminals from Russia or elsewhere in Eastern Europe. Other federal agencies, including the National Security Agency, are now aiding the investigation..."
___

- http://www.reuters.com/article/2014/08/28/us-jpmorgan-cybersecurity-idUSKBN0GS1CO20140828
Aug 28, 2014 - "... the FBI said Wednesday evening it was investigating media reports earlier in the day that several U.S. financial companies have been victims of recent cyber attacks. "We are working with the United States Secret Service to determine the scope of recently reported cyber attacks against several American financial institutions," FBI spokesman Joshua Campbell said in a statement late Wednesday. Campbell did not name any companies or give more details, although media reports had named JPMorgan as one victim of the attacks. Other potential victims have yet to be named..."

- http://www.bloomberg.com/news/print/2014-08-28/russian-hackers-said-to-loot-gigabytes-of-big-bank-data.html
Aug 28, 2014 - "... The attack led to the theft of account information that could be used to drain funds, according to a U.S. official and another person briefed by law enforcement who said the victims may have included European banks. Hackers also took sensitive information from employee computers. Most thefts of financial information involve retailers or personal computers of consumers. Stealing data from big banks is rare, because they have elaborate firewalls and security systems... Investigators have determined that the attacks were routed through computers in Latin America and other regions via servers used by Russian hackers..."

 Sad  Shocked

 3 
 on: August 27, 2014, 11:25:37  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS14-045 rereleased
Vulnerabilities in Kernel-Mode Drivers Could Allow Elevation of Privilege (2984615)
- https://technet.microsoft.com/en-us/library/security/ms14-045.aspx
V3.0 (August 27, 2014): Bulletin rereleased to announce the replacement of the 2982791 update with the 2993651 update* for all supported releases of Microsoft Windows. See the Update FAQ for details.

* https://support.microsoft.com/kb/2993651
Last Review: Aug 28, 2014 - Rev: 3.0

- http://blogs.technet.com/b/msrc/archive/2014/08/27/security-bulletin-ms14-045-rereleased.aspx
27 Aug 2014
___

- http://www.infoworld.com/t/microsoft-windows/microsoft-ships-replacement-patch-kb-2993651-two-known-bugs-249342
Aug 28, 2014 - "... As of early this morning, one Windows 8 user was reporting black screens* with the -new- patch, KB 2993651. Answers Forum posters pacman10, JohnBurgessUK, and chadlan can't get Windows Update to check for new updates after installing KB 2993651 (although rseiler reports all's well). It's too early to tell for sure, but there may be more problems with the -new- patch..."
* http://answers.microsoft.com/en-us/windows/forum/windows_7-windows_update/blue-screen-stop-0x50-after-applying-update/6da4d264-02d8-458e-89e2-a78fe68766fd?page=56
___

- http://www.computerworld.com/article/2598533/malware-vulnerabilities/microsoft-engineer-definitely-problems-with-test-process-after-crippling.html
Aug 22, 2014 - "... end users and IT administrators alike, who have all tried to explain what they see as a -decline- in the quality of Microsoft's software updates. Some of that speculation has revolved around the July job cuts \ Microsoft made in the U.S., where according to many accounts a large number of software test engineers were let go..."
 
 
'Maybe just made it -worse- re: the "Dear Mr. Ballmer" open letter:
 
- http://blogs.msmvps.com/bradley/2013/09/12/dear-mr-ballmer-my-email-today/
>> Sep 12th, 2013

 Exclamation Exclamation

 4 
 on: August 27, 2014, 02:39:42  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Invoice SPAM - malicious attachment ...
- http://blog.dynamoo.com/2014/08/morupule-coal-mine-malware-spam.html
27 Aug 2014 - "This -fake- invoice spam claims to be from a (real) coal mine in Botswana. But in fact the PDF file attached to the message is malicious.
   From:     Madikwe, Gladness [GMadikwe@mcm.co.uk]
    Date:     27 August 2014 10:43
    Subject:     Tax Invoice for Delivery Note 11155 dated 22.08.14
    Hello ,  
    Please find attached the invoice for delivery note 11155 which was created on the 22 . 08. 14 after a system error to process this tax invoice.
    Thank you      
    Regards
    Gladness B Madikwe
    Sales & Marketing Clerk
    Morupule Coal Mine ...


Screenshot: http://1.bp.blogspot.com/-1wXuSVrxknQ/U_2vj2r9FGI/AAAAAAAAFVs/qn_Ls8u3nTM/s1600/moropule.png

Neither the Morupule Coal Mine nor the Debswana Diamond Company mentioned in the disclaimer are anything to do with this spam email, in fact it originates from a -hacked- machine in India. The attachment has a VirusTotal detection rate of 5/54*. My PDF.. isn't good enough to tell you what this malware actually does, but you can definitely guarantee that it is malicious."
* https://www.virustotal.com/en-gb/file/b1b121a0ef68b7abf628b4bdf10d583e6996c35a1888779e78d75c2907aebdf7/analysis/1409133512/
___

Malvertising: Not all Java from java .com is legit
- http://blog.fox-it.com/2014/08/27/malvertising-not-all-java-from-java-com-is-legitimate/
Aug 27, 2014 - "... getting a Java exploit via java .com, the primary source for one of the most common used browser plugins? Current malvertising campaigns are able to do this... real-time advertisement bidding platforms being infiltrated by cyber criminals spreading malware... Malvertising has changed over the years starting with exploitation of weak advertisement management panels... evolved into pretending to be a legit third party advertiser with social engineering. The current malvertising techniques are quite deceptive and most of the times only noticeable at the client side... It can be a malicious advertiser 3 layers down in the chain but it can also be on the 1st level... observed multiple high-profile websites -redirecting- their visitors to malware... These websites have not been compromised themselves, but are the victim of malvertising. This means an advertisement provider, providing its services to a small part of a website, serves malicious advertisement aimed at infecting visitors with malware. While monitoring network traffic to and from workstations we observed a higher than usual amount of infections. When investigating these incidents in depth we noticed that they were infected with advertisements served via high-profile websites... the following websites were observed redirecting and/or serving malicious advertisements to their visitors:
    Java .com
    Deviantart .com
    TMZ .com
    Photobucket .com
    IBTimes .com
    eBay .ie
    Kapaza .be
    TVgids .nl
The advertisement in this case included the Angler exploit kit. Upon landing on this exploit kit a few checks were done to confirm whether the user is running a vulnerable version of either Java, Flash or Silverlight. If the user was deemed vulnerable the exploit kit would embed an exploit initiating a download of a malicious payload, in this campaign it was the Asprox malware. This whole process of malvertising towards an exploit kit is also visualized in the image at the top of this post. Please note, a visitor does -not- need to -click- on the malicious advertisements in order to get infected. This all happens silently in the background as the ad is loaded by the user’s browser... ... 3 IP’s having been associated with these domains:
    198.27.88.157: https://www.virustotal.com/en/ip-address/198.27.88.157/information/
    94.23.252.38: https://www.virustotal.com/en/ip-address/94.23.252.38/information/
    178.32.21.248: https://www.virustotal.com/en/ip-address/178.32.21.248/information/
There is no silver bullet to protect yourself from malvertising. At a minimum:
- Enable click-to-play in your browser. This prevents 3rd party plugins from executing automatically.
- Keep all plugins running in the browser up-to-date using tools like Secunia PSI.
- Consider turning off unneeded plugins if you don’t use them. For example, Java can be installed without the web-plugin component lowering the risk of exploitation and infection..."
(More detail at the fox-it URL above.)
___

"Customer Statements" - malware SPAM
- http://blog.dynamoo.com/2014/08/customer-statements-malware-spam.html
27 Aug 2014 - "This brief spam has a malicious PDF attachment:
   Fom:     Accounts [hiqfrancistown910@ gmail .com]
    Date:     27 August 2014 09:51
    Subject:     Customer Statements
    Good morning,attached is your statement.
    My regards.
    W ELIAS


Attached is a file Customer Statements.PDF which has a VirusTotal detection rate of 6/55*. Analysis is pending."
* https://www.virustotal.com/en-gb/file/d4701c59264760f0d9a4e47cb9d7db9cb76445bf4f042c1d845ab5191f1cd689/analysis/1409135030/
___

Royal Bank of Canada Payment Spam
- http://threattrack.tumblr.com/post/95908793833/royal-bank-of-canada-payment-spam
Aug 27, 2014 - "Subjects Seen:
   The Bank INTERAC to Leo Dooley was accepted.
Typical e-mail details:
   The INTERAC Bank payment $19063.01 (CAD) that you sent to Leo Dooley, was accepted.
    The transfer is now complete.
    Message recipient: The rating was not provided.
    See details in the attached report.
    Thank you for using the Service INTERAC Bank RBC Royal Bank.


Malicious File Name and MD5:
    INTERAC_PAYMENT_08262014.exe (B064F8DA86DB1C091E623781AB464D8A)
    INTERAC_PAYMENT_08262014.zip (71239A9D9D25105CEC3DF269F1FDCA2D


Screenshot: https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/fb4a2ec18d4a89785009fc1879506a92/tumblr_inline_nayu2cOUqn1r6pupn.png

Tagged: RBC, Upatre
___

AT&T DocuSign Spam
- http://threattrack.tumblr.com/post/95918175803/at-t-docusign-spam
Aug 27, 2014 - "Subjects Seen:
   Please DocuSign this document: Contract_changes_08_27_2014 .pdf
Typical e-mail details:
   Hello,
    AT&T Contract Changes has sent you a new DocuSign document to view and sign. Please click on the ‘View Documents’ link below to begin signing.


Malicious URLs:
    79.172.51.73/Docusign/wps/myportal/sitemap/Member/ATT/SignDocument/7c16d8c7-e5ad-4870-bb79-1c1e4c9b35d6&er=fb88d3b6-88f4-4903-ae77-41754063bd7c/Contract_changes_08_27_2014.zip
Malicious File Name and MD5:
    Contract_changes_08_27_2014.zip (5ED69A412ADB215A1DABB44E88C8C24D)
    Contract_changes_08_27_2014.exe (C65966CCA8183269FF1120B17401E693)


Screenshot: https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/2be088fa857d593c69b6a9644b1fec46/tumblr_inline_naz25ifIWp1r6pupn.png

79.172.51.73: https://www.virustotal.com/en-gb/ip-address/79.172.51.73/information/

Tagged: ATT, DocuSigin, Upatre

- http://myonlinesecurity.co.uk/please-docusign-document-contract_changes_08_27_2014-pdf-fake-pdf-malware/
27 Aug 2014
___

ADP Past Due Invoice Spam
- http://threattrack.tumblr.com/post/95917541998/adp-past-due-invoice-spam
Aug 27, 2014 - "Subjects Seen:
   ADP Past Due Invoice
Typical e-mail details:
   Your ADP past due invoice is ready for your review at ADP Online Invoice Management .
    If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.
    Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.
    Review your ADP past due invoice here...


Malicious URLs:
    81.80.82.27/upload/portal.adp.com/wps/myportal/sitemap/PayTax/PayStatements/invoice_449017368.zip
Malicious File Name and MD5:
    invoice_449017368.zip (CF55AD09F9552A80CD1534BD392B44D1)
    invoice_449017368.exe (C65966CCA8183269FF1120B17401E693)


Screenshot: https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/595fe50ab5e77ca2c29866eed0475ea8/tumblr_inline_naz1pmSD3h1r6pupn.png

81.80.82.27: https://www.virustotal.com/en-gb/ip-address/81.80.82.27/information/

Tagged: ADP, Upatre
___

Fake Payment Advice SPAM - PDF malware
- http://myonlinesecurity.co.uk/payment-advice-note-27-08-2014-fake-pdf-malware/
27 Aug 2014 - "'Payment Advice Note from 27.08.2014' is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email reads:
   Disclaimer:
    This e-mail is intended solely for the use of the individual to whom it is addressed. Any views or opinions presented are solely those of the author and do not represent those of AL-KO KOBER Limited. It may also contain information, which may be privileged and confidential and subject to legal privilege. If you are not the intended recipient, you may not peruse, use, disseminate, distribute or copy this message. If you have received this message in error, please notify the sender immediately by email, facsimile or telephone and return or destroy the original message.
    AL-KO KOBER Limited is Registered in England at Companies Registration Office Cardiff with Company number: 492005. AL-KO KOBER Limited, South Warwickshire Business Park, Kineton Road, Southam, Warwickshire, CV47 0AL.
    Cell 270 547-9194


27 August 2014: Payment_Advice_Note_27.08.2014.PDF.zip (48 kb)  
Extracts to   Payment_Advice_Note_27.08.2014.PDF.scr
Current Virus total detections: 0/55* . This Payment Advice Note from 27.08.2014 is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/2423cecc3c6a33db524d3d067103f9685576c8d1317d7d279917de986057f9ba/analysis/1409154303/

 Evil or Very Mad  Sad

 5 
 on: August 27, 2014, 02:20:17  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Chrome 37.0.2062.94 released
- http://googlechromereleases.blogspot.com/2014/08/stable-channel-update_26.html
Aug 26, 2014 - "... promotion of Chrome 37 to the stable channel for Windows, Mac and Linux. Chrome 37.0.2062.94 contains a number of fixes and improvements, including:
 - DirectWrite support on Windows for improved font rendering
 - A number of new apps/extension APIs
 - Lots of under the hood changes for stability and performance...
This update includes -50- security fixes..."

- https://secunia.com/advisories/60268/
Release Date: 2014-08-27
Criticality: Highly Critical
Where: From remote
Impact: Unknown, Security Bypass, Spoofing, System access...
CVE Reference(s): CVE-2014-3168, CVE-2014-3169, CVE-2014-3170, CVE-2014-3171, CVE-2014-3172,
CVE-2014-3173, CVE-2014-3174, CVE-2014-3175, CVE-2014-3176, CVE-2014-3177 ...
Some vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can be exploited by malicious people to conduct spoofing attacks, bypass certain security restrictions, and compromise a user's system...
Solution: Upgrade to version 37.0.2062.94...

- http://www.securitytracker.com/id/1030767
CVE Reference:  CVE-2014-3168, CVE-2014-3169, CVE-2014-3170, CVE-2014-3171, CVE-2014-3172, CVE-2014-3173, CVE-2014-3174, CVE-2014-3175, CVE-2014-3176, CVE-2014-3177
Aug 28 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes 
Version(s): prior to 37.0.2062.94 ...
____

- https://www.us-cert.gov/ncas/current-activity/2014/08/27/Google-Releases-Security-Updates-Chrome
Aug 27, 2014 - "...update includes 50 security fixes some of which could allow a remote attacker to obtain unauthorized access or cause a denial of service..."

 Exclamation   Shocked

 6 
 on: August 27, 2014, 00:28:18  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

160 New Domains
- http://www.malwaredomains.com/?p=3644
August 25th, 2014 - "Added 160 new domains flagged as malicious from mwsl.org.cn, yandex.com, and safebrowsing.clients.google.com..."

 Exclamation

 7 
 on: August 26, 2014, 12:15:51  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

HP recall - Notebook Computer AC Power Cords due to Fire and Burn Hazards
- http://www.cpsc.gov/en/Recalls/2014/Hewlett-Packard-Recalls-Notebook-Computer-AC-Power-Cords/
Aug 26, 2014
Recall number: 14-262
Recall Summary: Name of product: Hewlett-Packard and Compaq notebook computer AC power cords.
Hazard: The AC power cord can overheat, posing a potential fire and burn hazard.
Remedy: Customers should immediately stop using and unplug the recalled power cords and contact Hewlett-Packard to order a free replacement...
Manufactured in: China
> http://www.cpsc.gov/Global/Images/Recall/2014/14262/AC%20Power%20CordLARGE.jpg
Consumer Contact: Hewlett-Packard toll-free at (877) 219-6676 ...
___

- http://h30652.www3.hp.com/
Aug 26, 2014
- https://hpstorageprod01.blob.core.windows.net/hpboltimages/PowerCord.jpg
___

- http://www.reuters.com/article/2014/08/26/us-usa-recall-hewlettpackard-idUSKBN0GQ1MV20140826
Aug 26, 2014 - "Hewlett-Packard Co is recalling about 6 million computer power cords after 29 reports of the cords melting or charring..."

 Exclamation Exclamation

 8 
 on: August 26, 2014, 02:16:46  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Internet Explorer may become slow or unresponsive when web applications implement consecutive modal dialog boxes
- https://support.microsoft.com/kb/2991509
Last Review: Aug 21, 2014 - Rev: 2.0 - "After you apply the MS14-037 or MS14-051 cumulative security update for Internet Explorer, web applications that implement consecutive modal dialog boxes may cause Internet Explorer to become slow and unresponsive over time. This issue occurs in Internet Explorer versions 7 through 11..."

- https://support.microsoft.com/kb/2991509#prerequisites
"Prerequisites: You -must- have MS14-051* Cumulative security update for Internet Explorer installed to apply this hotfix... You -must- restart the computer after you apply this update..."

* https://support.microsoft.com/kb/2976627

MS14-051 Issue fix KB2991509 not available for Windows 8 x64
- http://social.technet.microsoft.com/Forums/en-US/c8581d6e-f756-4d1d-b296-0bb0d2df6bb4/ms14051-issue-fix-kb2991509-not-available-for-windows-8-x64?forum=ieitprocurrentver
___

- http://blogs.msmvps.com/bradley/2014/08/25/were-heading-into-the-4th-tuesday/
August 25th, 2014 - "With no hint of a re-release of the kernel updates that caused the bsod’s. On the one hand it’s good to only release it when it’s ready, on the other hand, it’s a bit concerning that it’s talking this long to come out with a rereleased version."

 Sad

 9 
 on: August 26, 2014, 01:24:59  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Vodafone SPAM
- http://blog.dynamoo.com/2014/08/vodafone-mms-service-malware-spam.html
26 Aug 2014 - "This -fake- Vodafone spam comes with a malicious attachment. There is not body text as such, the header reads:
   From:     Vodafone MMS service [mms813562@ vodafone .co.uk]
    Date:     26 August 2014 12:00
    Subject:     IMG Id 813562-PictQbmR TYPE--MMS


The version I had was mangled and the attachment was just called noname which required a bit of work to turn into a ZIP file IMG Id 813562-PicYbgRr TYPE--MMS.zip which in turn contains a malicious executable Picture Id 550125-PicSfdce TYPE-MMS.exe This .EXE file has a VirusTotal detection rate of 3/55*. The malware then attempts to download additional components... This second component has a VirusTotal detection rate of 3/53**... I would recommend the following blocklist:
192.254.186.106 ..."
(More detail at the dynamoo URL above.)
* https://www.virustotal.com/en-gb/file/fe088d41e44b4c63ea6c4ed572f4537dc19265bddc56a567b61587b35819511d/analysis/1409051519/

** https://www.virustotal.com/en-gb/file/8aa74dba2e258b6965c8e3e68480ac5912f52fd85dc6c96839cce0c23123e776/analysis/1409052175/

192.254.186.106: https://www.virustotal.com/en/ip-address/192.254.186.106/information/
___

Phishers hook Facebook Users via SMS
- https://blog.malwarebytes.org/fraud-scam/2014/08/phishers-hook-facebook-users-via-sms/
Aug 26, 2014 - "If you happen to receive an SMS message from a potentially unknown recipient with the following text—
    wtf f***** remove this pic from Facebook. http ://bit[dot]do/fbnudephotos
... much like the fellow on the screenshot:
> https://blog.malwarebytes.org/wp-content/uploads/2014/08/SMS.png
...then you’ve been targeted by a phishing campaign. The bit .do link is the shortened URL for a publicly available HTML page hosted on a Dropbox account. It looks like this:
> https://blog.malwarebytes.org/wp-content/uploads/2014/08/dbox-phish.png
All links but one – the 'Get Facebook for iPhone and browse faster' link – lead to a 404 page. The aforementioned link leads to the actual iTunes app download page. The full code of the page is actually hex encoded and executed by the unescape () function... Once users provide their Facebook credentials to the page, these are then posted to a .PHP page hosted on 193[dot]107[dot]17[dot]68, which we found out to be quite a popular location for hosting malware. While this happens at the background, users are directed to the following screenshot which serves as humour, if not a “Gotcha!” after a successful con:
> https://blog.malwarebytes.org/wp-content/uploads/2014/08/unibrow.png
... Individuals or groups with bad intent have been using SMS as a way to -scam- people, either for their money or for their information. Senior Security Researcher Jérôme Segura have published a post entitled “SMS Scams: How To Defend Yourself”* back in 2013, which I recommend you... read as well. His thoughts on this kind of fraud remains relevant to this date..."
* https://blog.malwarebytes.org/intelligence/2013/07/sms-scams-how-to-defend-yourself/

193.107.17.68: https://www.virustotal.com/en/ip-address/193.107.17.68/information/
___

Vacation SCAMS ...
- https://blog.malwarebytes.org/fraud-scam/2014/08/leave-these-vacation-scams-at-the-border/
Aug 26, 2014 - "... common travel scams and things to be wary of right now... First up, we have an Infographic over at the Just the flight blog which details 40 tourist scams to avoid*, along with common locations for said scams:
* http://www.justtheflight.co.uk/blog/16-40-tourist-scams-to-avoid-this-summer.html
... Whether you’re being driven to fake hotels by taxi drivers in on the act, looking at bogus takeaway menus slipped under your hotel door, accosted by  pretend policemen or trying to catch a fake baby (no really) thrown in your general direction by a scammer working with pickpockets... Next up, we have some advice on the South China Morning Post in relation to travelling alone**, which includes tips and advice alongside links to additional information. Well worth a look if you’re planning on upping sticks and going solo:
** http://www.scmp.com/magazines/48hrs/article/1574227/roam-alone-tips-single-traveller
Finally, there’s a device which can be placed inside jewelry and perform numerous functions while on the move, including sending alert messages*** in case of emergency:
*** http://www.bust.com/this-stylish-jewelry-could-keep-you-safe.html
Wherever you go, you can be sure con-jobs and fakeouts lie in wait and the sensible traveler will do a little background reading before wandering off to parts unknown. It pays to keep your wits about you whether at home or abroad..."
(More at the malwarebytes URL at the top.)
___

SourceForge sub-domain redirects to Flash-Pack-Exploit-Kit
- https://blog.malwarebytes.org/exploits-2/2014/08/sub-domain-on-sourceforge-redirects-to-flash-pack-exploit-kit/
Aug 25, 2014 - "We have talked about SourceForge before on this blog, in particular when they were associated with -bundled- software... take a look at an infected sub-domain hosted on SourceForge responsible for a drive-by download attack... This calls to stat-count .dnsdynamic .com a domain previously identified* as a source of malicious activity. This one is no different...
* https://www.virustotal.com/en/domain/stat-count.dnsdynamic.com/information/
... You may recognize the URL landing for the Flash Pack Exploit Kit. There is an interesting series of -redirections- ... The last URL is a Flash file, VT detection here:
>  https://www.virustotal.com/en/file/6082e26c223171124388ba2cf01e65840ef997863f42e418998d97e4fbcd6803/analysis/1408996053/
... A Flash file with a peculiar name for its classes:
> https://www.virustotal.com/en/file/3fc9204595ccfacae5624653d96b95e60d25609f560e543054525ca2e56cb0b6/analysis/1408979154/
The payload (VT results**) is detected by Malwarebytes Anti-Malware as Trojan.Agent.ED... We have spotted similar redirections to the Flash Pack exploit kit in other popular sites as well. Whether is it part of a larger campaign is hard to say but it is particularly active at the moment. Drive-by download attacks are the number -one- vector for malware infections. Legitimate websites often fall victim to malicious -injections- stealing incoming traffic and sending it to booby-trapped pages. Within seconds, an unpatched computer could get infected with a nasty piece of malware..."
(More detail at the malwarebytes URL at the top.)
** https://www.virustotal.com/en/file/5df51346ec3d96e781650488caaad85e64afbd2c45ca6228f7c6eddeb70de464/analysis/1408996125/

dnsdynamic .com - 84.45.76.100: https://www.virustotal.com/en/ip-address/84.45.76.100/information/

 Evil or Very Mad Evil or Very Mad  Sad

 10 
 on: August 26, 2014, 00:48:29  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Netis routers - backdoor open ...
- http://blog.trendmicro.com/trendlabs-security-intelligence/netis-routers-leave-wide-open-backdoor/
Aug 25, 2014 - "Routers manufactured by Netcore, a popular brand for networking equipment in China, have a wide-open backdoor that can be fairly easily exploited by attackers. These products are also sold under the Netis brand name outside of China. This backdoor allows cybercriminals to easily run arbitrary code on these routers, rendering it vulnerable as a security device. What is this backdoor? Simply put, it is an open UDP port listening at port 53413. This port is accessible from the WAN side of the router. This means that if the router in question has an externally accessible IP address (i.e., almost all residential and SMB users), an attacker from anywhere on the Internet can access this backdoor... This backdoor is “protected” by a single, -hardcoded- password located in the router’s firmware. Netcore/Netis routers appear to all have the -same- password. This “protection” is essentially -ineffective- as attackers can easily log into these routers and users cannot modify or disable this backdoor... In order to determine if their router is vulnerable, users can use an online port scanner... probe at port 53413:
> https://www.grc.com/port_53413.htm
... Users have relatively few solutions available to remedy this issue. Support for Netcore routers by open source firmware like dd-wrt and Tomato is essentially limited; only one router appears to have support at all. Aside from that, the only adequate alternative would be to -replace- these devices."

 Sad  Questioning or Suspicious

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.846 seconds with 16 queries.