News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
April 24, 2014, 05:33:40
Pages: [1] 2 3 ... 10
 1 
 on: April 22, 2014, 21:23:54  
Started by AplusWebMaster - Last post by km2357
Shockwave 12.1.1.151 released:

http://get.adobe.com/shockwave/

 2 
 on: April 22, 2014, 01:51:17  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Santander Bank SPAM – word doc malware
- http://myonlinesecurity.co.uk/santander-bank-march-invoice-fake-word-doc-malware/
Apr 22, 2014 - "March Invoice pretending to be from Santander bank  with a sender address of Sarah Gandolfo [sgand0395@ aol.com] is another one from the current zbot runs which try to drop cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... Email reads:
   Please find attached your March invoice, we now have the facility to email invoices, but if you are not happy with this and would like a hard copy please let me know.
    New bank details for BACS payments are Santander Bank Sort Code 271201 Account No 56024641.
    Thanks very much
    Sarah


22April 2014: March invoice 5291.zip ( 10kb) Extracts to March invoice 8912.exe
Current Virus total detections: 1/51* . This March Invoice is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/4c69e3b6d2f7dbaf78eacfd60f2de685da9d942fdf9c1ff7ae4b88be17075fbe/analysis/
___

Visa Card phish ...
- http://www.hoax-slayer.com/visa-card-status-notification-phishing-scam.shtml
Apr 22, 2014 - "... email purporting to be from Visa claims that the recipient's card access has been limited because 'unusual activity' has been detected... The email is -not- from Visa. It is a -scam- designed to steal the recipient's credit card data. A link in the email opens a -fake- website that asks for the user's credit card number, and other information pertaining to the recipient's Visa account...
Example:
Subject: Access to your Visa card has been blocked
Visa Card Status Notification
We are contacting you to Inform you that our Visa Card security department identified some unusual activity in your card. In accordance with Visa Card User Agreement and to ensure that your Visa Card has not been accessed from fraudulent locations, access to your Visa Card has been limited. Your Visa Card access will remain limited until this issue has been resolved please Click My Visa Card Activity to continue.
My Visa Card Activity
We take your online safety seriously, which is why we use state of the art notification systems to identify unusual activity and a challenge process to validate your details.
Thanks for banking with Visa.
Customer Finance Department
© Visa & Co, 2014.


Screenshot: http://www.hoax-slayer.com/images/visa-card-status-notification-phishing-scam-1.jpg

The message invites users to -click- a link to resolve the issue and restore access... the message is -not- from Visa and the claim that the account has been limited is a lie... the email is a typical phishing scam designed to extract financial information from users. The email's links open a -bogus- website created to closely mirror the look and feel of a genuine Visa webpage. The fake page will include a 'verification form' that requests users to supply their credit card number and other account details. After supplying the requested information, users will be taken to a second fake page that informs them that the problem has been resolved and restrictions have been removed... of course, there was no problem with the card to begin with..."
___

Fake 'Paintball Booking' SPAM ...
- http://blog.mxlab.eu/2014/04/22/paintball-booking-confirmation-email-will-infect-your-computer-with-trojan/
Apr 22, 2014 - "... new trojan distribution campaign by email with the subject “Paintball Booking Confirmation”. This email is sent from the spoofed address “”ipguk52@ paintballbookingoffice .com” <ipguk@ paintballbookingoffice .com>” and has the following body:
    Dear client,
    Many thanks for your booking on Saturday 19/04/2014 at our Reading Paintball centre Mapledurham, Reading. Arrival time is 09:15AM prompt.
    Please view the attached booking confirmation, map and important game day documents prior to attending.
    Kind regards,
    Leigh Anderson
    Event Co-ordinator...


The attached ZIP file has the name Booking Confirmation 2826-66935.zip, once extracted a folder Booking Confirmation 0414-28921 is created which contains the 14 kB large file Booking Confirmation 0414-28921.exe. The trojan is known as Win32:Dropper-gen [Drp], W32/Trojan.ZLGD-2681, Trojan:W32/Zbot.BBLB or HEUR/Malware.QVM07.Gen. At the time of writing, 4/51 AV engines did detect the trojan at Virus Total. Use the Virus Total permalink* and Malwr permalink** for more detailed information.
SHA256: 4c69e3b6d2f7dbaf78eacfd60f2de685da9d942fdf9c1ff7ae4b88be17075fbe "
* https://www.virustotal.com/en/file/4c69e3b6d2f7dbaf78eacfd60f2de685da9d942fdf9c1ff7ae4b88be17075fbe/analysis/

** https://malwr.com/analysis/YmI4MmFlNDQ4ZmYzNDczNzlmZjNiYWU1ODMyMmMyZGQ/

 Evil or Very Mad  Sad

 3 
 on: April 18, 2014, 03:31:02  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Facebook Chat Verification used for SPAM
- http://blog.trendmicro.com/trendlabs-security-intelligence/fake-facebook-chat-verification-used-for-spam/
Apr 17, 2014 - "Facebook users are once again the target of a malicious scheme—this time in the form of a notification about “Facebook Chat”. The spammed notification pretends to come from the “official Facebook Chat Team.” A notification shows users of a tagged comment to a Facebook Note containing a fake announcement about a Facebook Chat verification requirement.
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/04/FB-chat-spam1.jpg
The spam tries to sound urgent to convince users to verify their accounts. To do so, they are first asked to to go to a Pastebin URL and are instructed to copy a specific code. The set of instructions differ depending on what browser is being used (Google Chrome, Mozilla Firefox, or Internet Explorer). Users are then directed to a shortened link and are asked to press a particular function key (F12 for Google Chrome users, for example). After clicking on the console tab, users are supposed to paste the provided Javascript code into the address bar, then press Enter. This actually gives bad guys access to the user’s account, giving them the capability to auto-tag anyone in the users’ friends list and start the cycle of victimizing other account users... From the get-go, users should know that there is -no- product called “Facebook Chat,” let alone a team that sends out a supposed “advisory” to its users. The social media site’s official instant messaging feature is called Facebook Messenger, which also the name of its stand-alone app. Earlier this month, Facebook announced* that Android and iOS users will be required use this stand-alone app by eliminating the chat features of the traditional app versions of the site. Facebook has taken action against threats like this by releasing an official announcement. The official Facebook warning** notes, “This is a variant on the self-XSS attack. By pasting the code in the browser console, the user gives the code access to their account. The code usually posts the same scam on other people’s walls, and subscribes the user to pages controlled by the attacker – but it could do much worse things”..."
* http://mashable.com/2014/04/09/facebook-requiring-messenger/

** https://www.facebook.com/selfxss
___

Zeus with your coffee ...
- https://www.securelist.com/en/blog/8207/Would_you_like_some_Zeus_with_your_coffee
Apr 16, 2014 - "Cybercriminals often like to use a bogus letter to trick people into opening malicious attachments. There are two tricks that make this work: a message from a familiar name (a bank, social network, service provider or other organization that might interest the recipient) and an intriguing or alarming subject. An attack based on -fake- messages supposedly from coffee chain Starbucks combined the two.
> https://www.securelist.com/en/images/vlweblog/blog_vergelis_starbucks.jpg
The detected distribution claimed... a recipient's friend made an order for him to celebrate a special occasion in a Starbucks coffee shop. That mysterious friend wished to remain anonymous, enjoying the intrigue he was creating, but was sending out invitations with details of a special menu, which is available in the attachment. In the end they wished the recipient an awesome evening. All the messages were sent out with high importance. Besides, the addresses, created on the Gmail and Yahoo! free mail services, changed from letter to letter and seemed to be randomly generated combinations like incubationg46@, mendaciousker0@ and so on. The attachment was a .exe file and the cybercriminals made no effort to mask it with an archive or double filename extension. They seemed to be sure a happy recipient would open the attachment without any suspicion. Kaspersky Lab detects the attached file as Rootkit.Win32.Zbot.sapu - a modification of one of the most notorious spyware family Zbot (ZeuS). These applications are used by cybercriminals to steal confidential information. This version of Zbot is able to install a rootkit Rootkit.Win32.Necurs or Rootkit.Win64.Necurs, which disrupts the functioning of antiviruses or other security solutions."
___

Google patches Android icon Hijacking vuln
- http://www.securityweek.com/google-patches-android-icon-hijacking-vulnerability
Apr 15, 2014 - "Researchers at FireEye have identified a vulnerability affecting Google Android that could be exploited to lead users to malicious sites. According to FireEye*, the issue allows a malicious app with 'normal' protection level permissions to target legitimate icons on the Android home screen and modify them to point to attack sites or the malicious app itself without notifying the user. The issue has been acknowledged by Google, which has released a patch to its OEM partners..."
* http://www.fireeye.com/blog/technical/2014/04/occupy_your_icons_silently_on_android.html
Apr 14, 2014

- https://atlas.arbor.net/briefs/index#-561580891
Elevated Severity
17 Apr 2014

 Evil or Very Mad  Sad

 4 
 on: April 17, 2014, 19:56:27  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

3 Million Credit, Debit Cards stolen in Michaels, Aaron Brothers breaches
- http://krebsonsecurity.com/2014/04/3-million-customer-credit-debit-cards-stolen-in-michaels-aaron-brothers-breaches/
Apr 17, 2014 - "Nationwide arts and crafts chain Michaels Stores Inc. said today that two separate eight-month-long security breaches at its stores last year may have exposed as many as 3 million customer credit and debit cards. The disclosure, made jointly in a press release* posted online and in a statement on the company’s Web site**, offers the first real details about the breach... The statements by Irving, Texas-based Michaels suggest that the two independent security firms it hired to investigate the break-ins initially found nothing. “After weeks of analysis, the Company discovered evidence confirming that systems of Michaels stores in the United States and its subsidiary, Aaron Brothers, were attacked by criminals using highly sophisticated malware that had not been encountered previously by either of the security firms,” the statement reads. The Michaels breach first came to light just weeks after retail giant Target Corp. said that cyber thieves planted malware on cash registers at its stores across the nation, stealing more than 40 million credit and debit card numbers between Nov. 27 and Dec. 15, 2013. That malware was designed to siphon card data when customers swiped their cards at the cash register. According to Michaels, the affected systems contained certain payment card information, such as payment card number and expiration date, about both Michaels and Aaron Brothers customers. The company says there is no evidence that other customer personal information, such as name, address or debit card PIN, was at risk in connection with this issue... Regarding Aaron Brothers, Michaels Stores said it has confirmed that between June 26, 2013 and February 27, 2014, 54 Aaron Brothers stores were affected by this malware..."
* http://www.businesswire.com/news/home/20140417006352/en/Michaels-Identifies-Previously-Announced-Data-Security-Issue
Apr 17, 2014

** http://www.michaels.com/corporate/payment-card-notice-faqs,default,pg.html
Apr 17, 2014

- http://www.reuters.com/article/2014/04/17/us-michaelsstores-cybercrime-idUSBREA3G27N20140417
Apr 17, 2014

 Evil or Very Mad Evil or Very Mad  Sad

 5 
 on: April 17, 2014, 07:20:50  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

MS14-018 ...
- http://support.microsoft.com/kb/2936068
Last Review: April 16, 2014 - Rev: 3.0
___

Microsoft fixes Windows 8.1 Update for corporate WSUS servers
- http://www.infoworld.com/t/microsoft-windows/microsoft-fixes-windows-81-update-corporate-wsus-servers-240654
April 16, 2014 - "...  it will continue to make Windows 8.1 security patches available to WSUS customers until August's Patch Tuesday. Previous announcements said that patches to Windows 8.1 would be cut off in May. This stay of execution for this patch applies only to those who receive security patches through WSUS. Windows 8.1 customers who get their patches through Windows Update (or Microsoft Update) have to install the Windows 8.1 Update/KB 2919355 patch by May 13 if they wish to continue receiving security patches for their machines..."
 
- http://blogs.technet.com/b/wsus/archive/2014/04/16/solution-to-kb2919355-preventing-interaction-with-wsus-3-2-over-ssl.aspx
16 Apr 2014

- https://support.microsoft.com/kb/2919355
Apr 16, 2014 - Rev: 11.0
Apr 17, 2014 - Rev: 12.0
Last Review: Apr 18, 2014 - Rev: 13.0

- https://support.microsoft.com/kb/2959977
Last Review: April 17, 2014 - Rev: 3.0

 Exclamation Question

 6 
 on: April 16, 2014, 12:28:54  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Something still evil on 66.96.223.192/27
- http://blog.dynamoo.com/2014/04/something-still-evil-on-669622319227.html
16 April 2014 - "Last week I wrote about a rogue netblock hosted by Network Operation Center* in the US. Well, it's still spreading malware but now there are -more- domains active on this range. A full list of the subdomains I can find are listed here [pastebin**]. I would recommend that you apply the following blocklist:
66.96.223.192/27
andracia .net
..."
(Long list at the dynamoo URL above.)
* http://blog.dynamoo.com/2014/04/something-evil-on-669622319227.html

** http://pastebin.com/RQfE69hn
___

Netflix-themed tech support SCAM ...
- http://blog.malwarebytes.org/fraud-scam/2014/04/netflix-themed-tech-support-scam-comes-back-with-more-copycats/
April 16, 2014 - "A few weeks ago we blogged about this Netflix phishing scam -combined- with fake tech support that was extorting private information and money from people. The scam worked by asking unsuspecting users to log into their Netflix account and enter their username and password into a -fraudulent- website. After collecting the personal details, the perpetrators used a fake warning to state the particular account had been suspended. All this effort was really about leading potential victims into a trap, by making them call a 1-800 number operated by -fake- tech support agents ready to social engineer their mark and collect their credit card details. A slightly new variant is once again making the rounds with the same goal of funnelling traffic to -bogus- ‘customer support’ hotlines:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/04/blurred_netflix.png
... this time around the scammers behind it are expanding the phishing pages to other online services as well to target a wider audience. Crooks are buying online ads for each brand such as this one on Bing for “netflix tech support number”:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/04/bingad1.png
... The quality of leads you get from targeted advertising is much higher than that from random cold calls. If you can attract people already looking for help and offer them your service, chances are conversion rates will be higher..."

 Evil or Very Mad Evil or Very Mad  Sad

 7 
 on: April 16, 2014, 11:55:41  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

WordPress 3.9 released
- https://wordpress.org/download/
Apr 16, 2014 - "The latest stable release of WordPress (Version 3.9) is available..."

- https://wordpress.org/news/2014/04/smith/
"... available for download or update in your WordPress dashboard. This release features a number of refinements..."

- https://core.trac.wordpress.org/browser/tags/3.9

 Exclamation

 8 
 on: April 15, 2014, 19:03:18  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Oracle Critical Patch Update Advisory - April 2014
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
Apr 15, 2014

- https://blogs.oracle.com/security/entry/april_2014_critical_patch_update
Apr 15, 2014

- https://www.us-cert.gov/ncas/current-activity/2014/04/16/Oracle-Releases-April-2014-Security-Advisory
April 16, 2014 - "Oracle has released its Critical Patch Update for April 2014 to address -104- vulnerabilities across multiple products. This update contains the following security fixes:
• 2 for Oracle Database Server
• 20 for Oracle Fusion Middleware
• 3 for Oracle Hyperion
• 10 for Oracle Supply Chain Products Suite
• 8 for Oracle PeopleSoft Products
• 1 for Oracle Siebel CRM
• 1 for Oracle iLearning
• 37 for Oracle Java SE
• 3 for Oracle and Sun Systems Products Suite
• 5 for Oracle Virtualization
• 14 for Oracle MySQL ..."

Oracle Database Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixDB

Oracle Fusion Middleware Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixFMW

Oracle Hyperion Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixHYP

Oracle PeopleSoft Enterprise Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixPS

Oracle Siebel CRM Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixSECR

Oracle Supply Chain Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixSCP

Oracle Java SE Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA

Oracle and Sun Systems Products Suite Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixSUNS

Oracle Linux and Virtualization Products Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixOVIR

Oracle MySQL Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixMSQL
___

Oracle Java Cloud Service ...
- https://blogs.oracle.com/security/entry/oracle_java_cloud_service_april
Apr 17, 2014
___

- https://atlas.arbor.net/briefs/index#814257545
Extreme Severity
17 Apr 2014

 Exclamation

 9 
 on: April 15, 2014, 18:37:54  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Java SE 8u5
- http://www.oracle.com/technetwork/java/javase/downloads/index.html
Apr 15, 2014

Release Notes
- http://www.oracle.com/technetwork/java/javase/8train-relnotes-latest-2153846.html

Oracle Java SE Risk Matrix
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA
___

Recommended Version 7 Update 55
- https://www.java.com/en/download/manual.jsp

Release Notes - 7u55
- http://www.oracle.com/technetwork/java/javase/7u55-relnotes-2177812.html
"...  This JRE (version 7u55) will expire with the release of the next critical patch update scheduled for July 15, 2014..."
___

- https://secunia.com/advisories/57932/
Release Date: 2014-04-16
Criticality: Highly Critical
Where: From remote
Impact: Manipulation of data, Exposure of sensitive information, DoS, System access
CVE Reference(s): CVE-2013-6629, CVE-2013-6954, CVE-2014-0429, CVE-2014-0432, CVE-2014-0446, CVE-2014-0448, CVE-2014-0449, CVE-2014-0451, CVE-2014-0452, CVE-2014-0453, CVE-2014-0454, CVE-2014-0455, CVE-2014-0456, CVE-2014-0457, CVE-2014-0458, CVE-2014-0459, CVE-2014-0460, CVE-2014-0461, CVE-2014-0463, CVE-2014-0464, CVE-2014-1876, CVE-2014-2397, CVE-2014-2398, CVE-2014-2401, CVE-2014-2402, CVE-2014-2403, CVE-2014-2409, CVE-2014-2410, CVE-2014-2412, CVE-2014-2413, CVE-2014-2414, CVE-2014-2420, CVE-2014-2421, CVE-2014-2422, CVE-2014-2423, CVE-2014-2427, CVE-2014-2428
... vulnerabilities are reported in the following products:
* JDK and JRE 7 Update 51 and prior
* JDK and JRE 6 Update 71 and prior
* JDK and JRE 5 Update 61 and prior
* JDK and JRE 8
Solution: Apply updates...
Original Advisory:
- http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html#AppendixJAVA

 Exclamation

 10 
 on: April 14, 2014, 19:48:50  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Adobe Reader Mobile 11.2 released
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html
April 14, 2014
CVE Number: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0514 - 9.3
Platform: Android
Summary: Adobe has released a security update for Adobe Reader Mobile for the Android operating system. This update addresses a vulnerability that could be exploited to gain remote code execution on the affected system. Adobe recommends users update their product installations...
Solution: Adobe recommends users of Adobe Reader Mobile update to the newest version, available here: https://play.google.com/store/apps/details?id=com.adobe.reader
This update addresses a -critical- vulnerability in the software..."
___

- https://secunia.com/advisories/57928/
Release Date: 2014-04-15
Criticality: Highly Critical
Where: From remote
Impact: System access ...
CVE Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0514
... vulnerability is reported in versions 11.1.3 and prior.
Solution: Update to version 11.2.
Original Advisory: APSB14-12:
- http://helpx.adobe.com/security/products/reader-mobile/apsb14-12.html

 Exclamation

Pages: [1] 2 3 ... 10
Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.61 seconds with 16 queries.