News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
April 20, 2014, 08:21:14
Pages: 1 ... 7 8 [9] 10
 81 
 on: March 05, 2014, 03:57:48  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake PayPal 'Cancel Payment' Phishing Scam
- http://www.hoax-slayer.com/paypal-cancel-payment-phishing-scam.shtml
Mar 5, 2014 - "Email purporting to be from PayPal claims that the recipient has sent a payment to a specified merchant and offers instructions for cancelling the payment if required... The email is a phishing scam designed to trick recipients into divulging their PayPal account login details and a large amount of personal and financial information. All of the information supplied will be sent to online criminals and used to commit financial fraud and identity theft. The merchant or seller specified in the messages may vary in different incarnations of the scam. If you receive one of these bogus emails, do not click on any links or open any attachments that it contains...
> http://www.hoax-slayer.com/images/paypal-cancel-payment-phishing-2014-1.jpg
.
> http://www.hoax-slayer.com/images/paypal-cancel-payment-phishing-2014-2.jpg
... Those who do click will be taken to a -bogus- website and asked to supply their PayPal email address and password on a fake login box. After logging in, they will be presented with the following web form, which asks for a large amount of personal and financial information:
> http://www.hoax-slayer.com/images/paypal-cancel-payment-phishing-2014-3.jpg
... All of the information supplied can be harvested by criminals and used to hijack the compromised PayPal accounts, commit credit card fraud and steal the identities of victims... If a PayPal phishing scam email hits your inbox, you can submit it to the company for analysis via the email address listed on the company's phishing information page*. A quick rule of thumb. PayPal emails will ALWAYS address you by your first and last names or business name. They will never use generic greetings such as 'Dear customer'. Nor will they omit the greeting..."
* https://www.paypal.com/us/webapps/helpcenter/helphub/article/?articleID=FAQ2331&m=SRE
___

Fake Orange MMS SPAM
- http://blog.dynamoo.com/2014/03/mmsorangecouk-image-id-889195266.html
5 Mar 2014 - "A horribly managed spam turned up in my inbox, claiming to be an MMS message from Orange UK. Well, at least that's what it looked like when I got the HTML to render properly enough to make it readable..
   Date:      Wed, 5 Mar 2014 09:14:13 +0000 [04:14:13 EST]
    From:      mms.service3694@ mms. Orange .co .uk
    Subject:      IMAGE Id 889195266-PicFFY2C TYPE=MMS
    Description: Orange
    Received from: 447457714595 | TYPE=MMS


There's meant to be an embedded image, but it is completely corrupt. Not that it makes much difference..
> https://lh3.ggpht.com/-6Y7FeWwXDro/Uxc6yegdBbI/AAAAAAAACsI/BIDHDHvdubU/s1600/orange-mms.png
Attached is a file called bulger,jpg which is actually a ZIP file, so you have to -rename- it from .jpg to .zip in order to infect yourself. (?) Some assembly is required in this case.. Anyway, once you have done all that and unzipped it, you get a malicious file IMG0000002993.exe  which has a  VirusTotal detection rate of 17/50*. The Malwr report** shows that the malware attempts to connect with a bunch of IPs that mostly look like dynamic ADSL subscribers. This sort of behaviour looks like P2P/Gameover Zeus or something similar."
* https://www.virustotal.com/en-gb/file/cad90d9fe94e9808fd571894a8f3a0a3895be839ef96455a599984542b4c7557/analysis/1394030702/

** https://malwr.com/analysis/NGUxODVkY2VlMjE2NGQzOWJhOTYxNWE0ZTQ1ZTA3ODA/

Also see: http://threattrack.tumblr.com/post/78565844188/orange-mms-message-spam
Mar 4, 2014

 Evil or Very Mad  Sad

 82 
 on: March 04, 2014, 05:21:51  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Chrome 33.0.1750.146 released
- https://secunia.com/advisories/57194/
Release Date: 2014-03-04
Criticality: Highly Critical
Where: From remote
Impact: Security Bypass, System access...
CVE Reference(s): CVE-2013-6663, CVE-2013-6664, CVE-2013-6665, CVE-2013-6666, CVE-2013-6667, CVE-2013-6668
Solution: Update to version 33.0.1750.146...
Original Advisory:
- http://googlechromereleases.blogspot.com/2014/03/stable-channel-update.html
"... This update includes -19- security fixes..."

 Exclamation

 83 
 on: March 04, 2014, 04:18:19  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Phone Phishing, Data Breaches, and Banking Scams
- http://blog.trendmicro.com/trendlabs-security-intelligence/phone-phishing-data-breaches-and-banking-scams/
Mar 4, 2014 - "... I received a rather unusual call that claimed to be from National Australia Bank (NAB), one of the four largest banks in Australia. The caller had my complete name and my address. They claimed that they had flagged a suspicious transaction from my account to an Alex Smith in New Zealand to the tune of 700 Australian dollars. They needed my NAB number to confirm if the transaction was legitimate. There was just one problem with this seemingly plausible call: I wasn’t an NAB customer. I offered to call them back – and when I did so, they simply hung up on me. These sorts of calls are not the only threats that arrive via phone – for example, fake “support” calls that are supposedly from Microsoft* that offer to remove malware from user PCs are sadly commonplace. To most users who simply go about their daily lives, these calls can sound quite convincing and can cause a lot of problems... How did they get that all that information? We don’t know. However, it’s very possible that somebody somewhere had a data breach. They may not have known about it, or they may have decided that since the information “wasn’t critical” – say, they didn’t have my credit card or banking credentials – that it was harmless. However, now you can see how seemingly “harmless” information can be used to carry out real fraud. Since last year, we’ve been pointing out the huge gains in banking malware**. Just as support scams can be thought of as a “real-world” equivalent to ransomware and fake antivirus, so can these sort of phishing calls be the equivalent of these banking malware threats..."
* http://www.microsoft.com/security/online-privacy/msname.aspx

** http://blog.trendmicro.com/trendlabs-security-intelligence/2013-security-roundup/
___

Twitter sends password reset emails by mistake, admits it wasn't hacked
- http://www.theinquirer.net/inquirer/news/2332034/twitter-sends-password-reset-emails-by-mistake-promises-it-hasnt-been-hacked
Mar 04 2014 - "... Twitter sent a number of password reset emails on Monday evening due to a system error. The firm contacted users with the sort of messages usually seen when attackers are taking over accounts. Twitter's email has been shared on the microblogging website, of course, and picked up by the Recode website. The missive presented itself as one of those 'you've been hacked' emails, and informed users about their scorched logins. "Twitter believes that your account may have been compromised by a website or service not associated with Twitter," it said. "We've reset your password to prevent accessing your account." Users took to Twitter to fret about the email, and a search on "Twitter hack" turns up a range of panicked missives and messages of thanks to Twitter for its speedy intervention. Later though, in a statement to Recode, the firm admitted that it had been the victim of nothing more than a system error. "We unintentionally sent some password reset notices tonight due to a system error," it said. "We apologise to the affected users for the inconvenience." Users could not be blamed to worrying about the phantom attack, as we have already seen a large number of security breaches this year already..."
___

Orange MMS Message Spam
- http://threattrack.tumblr.com/post/78565844188/orange-mms-message-spam
Mar 4, 2014 - "Subjects Seen:
    MMS message from: +447974******
Typical e-mail details:
     You have received MMS message from: +447974778589
    You can find the contents of the message in the attachment
    If you have any questions regarding this automated message please contact Orange Customer Support


Malicious File Name and MD5:
    MMS_C0BFB6C0B8.zip (3A123E39BDCAC7ED1127206502C1598C)
    MMS_87436598.exe (10F21C0F2C3C587A509590FA467F8775)


Screenshot: https://gs1.wac.edgecastcdn.net/8019B6/data.tumblr.com/d6ffde2f5ab5fd87acf75fa8676729f2/tumblr_inline_n1xe68fhjQ1r6pupn.png

Tagged: Orange, Androm
___

Bitcoin bank Flexcoin shuts down after theft
- http://www.reuters.com/article/2014/03/04/us-bitcoin-flexcoin-idUSBREA2329B20140304
Mar 4, 2014 - "Bitcoin bank Flexcoin said on Tuesday it was closing down after it lost bitcoins worth about $600,000 to a hacker attack. Flexcoin said in a message posted on its website that all 896 bitcoins stored online were stolen on Sunday. "As Flexcoin does not have the resources, assets, or otherwise to come back from this loss, we are closing our doors immediately," the company said. [ http://www.flexcoin.com/ ] Alberta, Canada-based Flexcoin, which is working with law enforcement agencies to trace the source of the hack, said it would return bitcoins stored offline, or in "cold storage", to users. Cold storage coins are held in computers not connected to the Internet and therefore cannot be hacked... Bitcoin is a digital currency that, unlike conventional money, is bought and sold on a peer-to-peer network independent of central control. Its value soared last year, and the total worth of bitcoins minted is now about $7 billion..."

 Evil or Very Mad  Sad

 84 
 on: March 04, 2014, 03:06:17  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

300,000+ wireless routers hijacked by criminals in global attack
- http://www.welivesecurity.com/2014/03/04/more-than-300000-wireless-routers-hijacked-by-criminals-in-global-attack/
4 Mar 2014 - "More than 300,000 wireless routers worldwide are under the control of an unknown group of cybercriminals, who have made malicious changes to the devices’ settings, allowing the attackers to misdirect computers to websites of their choice. Ars Technica reports* that the attack, which began in January 2014, affects multiple brands of router, including devices from D-Link, Micronet, Tenda among others. Routers around the world are affected, with many victims in Vietnam, but other affected in Thailand, Colombia and Italy. Team Cymru**, the specialist security company which identified the attack said that the mass  attack was the “latest in a growing trend” of cybercriminals targeting SOHO (small office/home office) routers as a way to target victims without compromising PCs directly..."
* http://arstechnica.com/security/2014/03/hackers-hijack-300000-plus-wireless-routers-make-malicious-changes/
"... The telltale sign a router has been compromised is DNS settings that have been changed to 5.45.75.11 and 5.45.76.36..."
** https://www.team-cymru.com/ReadingRoom/Whitepapers/SOHOPharming.html?pk_campaign=SOHOPharming&pk_kwd=Media

 Evil or Very Mad  Exclamation  Sad

 85 
 on: March 03, 2014, 03:41:51  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Malware sites to block ...
- http://blog.dynamoo.com/2014/03/malware-sites-to-block-2314.html
2 Mar 2014 - "These domains and IPs are all connected with this gang*, some of it appears to be involved in -malware- distribution, -fraud- or other illegal activities. I recommend that you -block- these IPs and domains. Note that some of the IPs listed below are compromised nameservers (marked [ns]) which look like they are insufficiently well locked down. There is a plain list of IPs at the end for copy-and-pasting..."
(Long list at the URL above.)
* http://blog.dynamoo.com/2014/03/seekcousacom-seekconzcom-fake-job-offer.html
2 Mar 2014
___

Rising use of Malicious Java Code ...
- https://www.trusteer.com/blog/rising-use-of-malicious-java-code-for-enterprise-infiltration-0
Mar 3, 2014 - "... exploit kits such as the Blackhole and Cool exploit kit were found to be using unpatched Java vulnerabilities... to install malware..."
Extract from the 2014 IBM X-Force Threat Intelligence Quarterly report
Exploited apps - Dec 2013
> https://www.trusteer.com/sites/default/files/ScreenShot609.png
Java vulnerabilities - 2010-2013
> https://www.trusteer.com/sites/default/files/ScreenShot610.png

 Evil or Very Mad  Sad

 86 
 on: March 01, 2014, 04:18:52  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

The ThreatCon is currently at Level 2: Elevated
- http://www.symantec.com/security_response/threatconlearn.jsp
Mar 2, 2014 - "On February 19, 2014, Microsoft released a security advisory confirming a limited, targeted attacks that attempt to exploit a vulnerability in Internet Explorer 9 and 10. The exploit is now being used in mass attacks. Customers are advised to update to Internet Explorer 11 or apply the Microsoft Fix it* solution described in the Microsoft Security Advisory. A security patch has yet to be released.
Microsoft Security Advisory (2934088) Vulnerability in Internet Explorer Could Allow Remote Code Execution"
* http://support.microsoft.com/kb/2934088#FixItForMe

> http://www.netmarketshare.com/browser-market-share.aspx?qprid=0&qpcustomd=0
Feb 2014 - IE: 58%
___

Fake Companies House SPAM
- http://blog.dynamoo.com/2014/02/companies-house-fw-case-6569670-spam.html
28 Feb 2014 - "This -fake- Companies House spam leads to malware:
   From:     Companieshouse.gov.uk [web-filing@companies-house .gov .uk]
    Date:     28 February 2014 12:55
    Subject:     Spam FW: Case - 6569670
    A company complaint was submitted to Companies House website.
    The submission number is 6569670
    For more details please click : https ://companieshouse .gov .uk/Case?=6569670
    Please quote this number in any communications with Companies House.
    All Web Filed documents are available to view / download for 10 days after their
    original submission. However it is not possible to view copies of accounts that
    were downloaded as templates.
    Companies House Executive Agency may use information it holds to prevent
    and detect fraud. We may also share such information, for the same purpose,
    with other organisations that handle public funds.
    If you have any queries please contact the Companies House Contact Centre ...


Screenshot: https://lh3.ggpht.com/-_WHfOqxcvGU/UxCsGiLDt5I/AAAAAAAACro/R7Ysn-oY3CA/s1600/companies-house-4.png

The link in the email goes to:
[donotclick]economysquareshoppingcenter .com/izmir/index.html
in turn this runs one or more of the following scripts:
[donotclick]homedecorgifts .biz/outfitted/mascara.js
[donotclick]www.coffeemachinestorent .co.uk/disusing/boas.js
[donotclick]citystant .com/trails/pulitzer.js
[donotclick]rccol.pytalhost .de/turban/cupped.js
which in turn leads to a payload site at:
[donotclick]digitec-brasil .com.br/javachecker.php?create=3019&void-cat=4467&first-desk=9002
According to this URLquery report*, the payload site has some sort of Java exploit.
Recommended blocklist:
digitec-brasil .com.br
homedecorgifts .biz
coffeemachinestorent .co.uk
citystant .com
rccol.pytalhost .de
"
* http://urlquery.net/report.php?id=9706278
___

Fake Urgent eviction notification - Asprox...
- http://stopmalvertising.com/spam-scams/urgent-eviction-notification-a-deeper-dive-into-the-asprox-ecosystem.html
Feb 28, 2014 - "The latest Asprox / Kuluoz spam template consists of an unsolicited email appearing to be from ppmrental .com. Prospectors Property Management is a Real Estate Agency located in Morgan Hill, California. The emails arrive with the subject line "Urgent eviction notification". The spammed out message notifies the recipient that as a trespasser they need to move out from their property before the 21 March 2014 and leave the property empty of their belongings and trash. The addressee must contact the Real Estate without delay in order to make arrangements to move out. Failure to do so could result in being locked out of the house. A detailed bank statement as well as the Real Estate's contact information can be found in the attachment. The executable file inside the ZIP archive poses as a Microsoft Word Document. This is one of the main reasons why you should never trust a file by its icon. Make sure that Windows Explorer is set to show file extensions and always pay attention to the file extension instead. The payload, Urgent_notice_of_eviction.exe will start up an instance of svchost.exe before accessing the internet. A copy of the executable will be copied under a random name to the %User Profile%\Local Settings\Application Data folder. A small downloader - bqoqusgj.exe in our analysis - will be fetched from the C&C together with 3 other files:
    vbxghrke - 66.5 KB (68,161 bytes)
    kqrbfxel - 12.0 KB (12,326 bytes)
    ihxqgwcu.exe - 140 KB (143,360 bytes)
A new start up entry will be created for ihxqgwcu.exe so that the program starts each time Windows starts but the executable isn’t launched yet. In meanwhile bqoqusgj.exe will download two files posing as Updates for the Flash Player: updateflashplayer_9e26d2b2.exe (libs5.8/jquery directory) and UpdateFlashPlayer_266a0199.exe (libs5.8/ajax directory).
> http://stopmalvertising.com/research/images/asprox-infogram1.jpg
... Updateflashplayer_9e26d2b2.exe will instantly shutdown and reboot the computer. A series of error messages will appear upon reboot as the malicous binary has deleted several critical registry keys belonging to Antivirus / Firewall / HIPS applications...The Asprox ad fraud binary also makes sure that the computer can’t boot in Safe Mode by deleting the corresponding registry entries. As seen below, booting the computer in safe mode results in a blue screen.
> http://stopmalvertising.com/research/images/asprox-infogram2.jpg
... For an in-depth analysis of Asprox / Kuluoz please refer to: Analysis of Asprox and its New Encryption Scheme*... Email:
> http://stopmalvertising.com/research/images/asprox-infogram10.jpg
... IP Details
       46.161.41.154
        37.221.168.50
        109.163.239.243 ...
   14.54.223.133
    37.193.48.182 (504)
    37.115.155.128
    72.227.178.35
    90.154.249.71
    91.225.93.237
    100.2.223.97
    109.226.203.101
    176.212.145.163
    188.129.241.164
    213.231.48.242
..."
(More detail at the stopmalvertising URL above.)
* http://stopmalvertising.com/malware-reports/analysis-of-asprox-and-its-new-encryption-scheme.html

- http://tools.cisco.com/security/center/viewThreatOutbreakAlert.x?alertId=33147
2014 Mar 03

 Evil or Very Mad  Sad

 87 
 on: February 28, 2014, 20:03:09  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Botnet spam, Zeus, BHEK, iframes
- http://www.malwaredomains.com/?p=3557
February 27th, 2014 - "Added 200 domains on 2/22 and 2/24 associated with Black Hole Exploit Kit, Botnet Spam, malicious iframes, etc..."

 Exclamation

 88 
 on: February 28, 2014, 17:39:56  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Microsoft Security Advisory (2862152)
Vulnerability in DirectAccess and IPsec Could Allow Security Feature Bypass
- http://technet.microsoft.com/en-us/security/advisory/2862152
Published: Nov 12, 2013 | Updated: Feb 28, 2014 Ver: 1.1 - "Microsoft is announcing the availability of an update for all supported releases of Windows to address a vulnerability in how server connections are authenticated to clients in either DirectAccess or IPsec site-to-site tunnels. An attacker who successfully exploited the vulnerability could use a specially crafted DirectAccess server to pose as a legitimate DirectAccess Server in order to establish connections with legitimate DirectAccess clients. The attacker-controlled system, appearing to be a legitimate server, could cause a client system to automatically authenticate and connect with the attacker-controlled system, allowing the attacker to intercept the target user's network traffic and potentially determine their encrypted domain credentials. Microsoft is not aware of any active attacks that are exploiting this vulnerability as of the release of this advisory.
Recommendation: Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service*.
Note: In addition to installing the update, additional administrative steps are required to be protected from the vulnerability described in this advisory. Please see the Suggested Actions section of this advisory for more information... customers must also follow the configuration guidance provided in Microsoft Knowledge Base Article 2862152** to be fully protected from the vulnerability..."
• V1.0 (November 12, 2013): Advisory published.
• V1.1 (February 28, 2014): Advisory -revised- to announce a detection change in the 2862152 update for Windows 8.1 for 32-bit Systems, Windows 8.1 for x64-based Systems, Windows Server 2012 R2, and Windows RT 8.1. This is a detection change only. There were no changes to the update files. Customers who have already successfully updated their systems do not need to take any action.

* http://update.microsoft.com/microsoftupdate/

** http://support.microsoft.com/kb/2862152
Last Review: Dec 2, 2013 - Rev: 2.0

.

 89 
 on: February 28, 2014, 03:34:02  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

IE10 0-day exploited in widespread Drive-by Downloads
- http://www.symantec.com/connect/blogs/internet-explorer-10-zero-day-vulnerability-exploited-widespread-drive-downloads
Updated: 27 Feb 2014 - "... We’ve observed trends suggesting that attacks targeting this vulnerability are no longer confined to advanced persistent threats (APT) — the zero-day attacks are expanding to attack average Internet users as well. We refer to these attacks as drive-by downloads. This is not a surprising result, as the vulnerability’s exploit code received a lot of exposure, allowing anyone to acquire the code and re-use it for their own purposes. Our internal telemetry shows a big uptick in attempted zero-day attacks. The attacks started to increase dramatically from February 22, targeting users in many parts of the world. Our telemetry shows -both- targeted attacks and drive-by downloads in the mix.
Attacks targeting CVE-2014-0322 around the world
> http://www.symantec.com/connect/sites/default/files/users/user-2551621/IE%2010%20zero%20day%201.png
... websites either were modified to host the exploit code for the Internet Explorer zero-day vulnerability or were updated with the insertion of an iframe that redirects the browser to another compromised site hosting the exploit code. If the attack is successful, the exploit drops a banking Trojan that steals login details from certain banks... Microsoft has yet to provide a security update to patch the affected vulnerability. However, the company has offered the following solutions to help users protect their computers from exploits that take advantage of this vulnerability:
- Upgrade to Internet Explorer 11
- Install the Microsoft Fix it workaround solution:
> http://support.microsoft.com/kb/2934088#FixItForMe "
___

Fake Netflix Phish leads to Fake MS Tech Support
- http://blog.malwarebytes.org/fraud-scam/2014/02/netflix-phishing-scam-leads-to-fake-microsoft-tech-support/
Feb 28, 2014 - "... came across what I first thought was a typical phishing scam targeting Netflix:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/02/signin.png
Until I realized it wasn’t, or at least that there was something more to it. Of course it stole my credentials:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/02/phish.png
But it also displayed a message saying my account had been suspended:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/02/suspended.png
In order to fix this issue, you are urged to call “Netflix” at a 1-800 number. If you do a bit of a search you will find out this is -not- the official hotline, so this warranted a deeper investigation. Once I called the number, the rogue support representative had me download a “NetFlix Support Software”:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/02/software.png
This is nothing else but the popular remote login program TeamViewer:
> http://cdn.blog.malwarebytes.org/wp-content/uploads/2014/02/downloads.png
After remotely connecting to my PC, the scammer told me that my Netflix account had been suspended because of illegal activity. This was supposedly due to hackers who had infiltrated my computer as he went on to show me the scan results from their own ‘Foreign IP Tracer’, a -fraudulent- custom-made Windows batch script... According to him, there was only one thing to do: To let a Microsoft Certified Technician fix my computer. He drafted a quick invoice and was kind enough to give me a $50 Netflix coupon (fake of course) before transferring me to another technician... During our conversation, the scammers were not idle. They were going through my personal files and uploading those that looked interesting to them, such as ‘banking 2013.doc‘... Another peculiar thing is when they asked me for a picture ID and a photo of my credit card since the Internet is not secure and they needed proof of my identity. I could not produce one, therefore they activated my webcam so that I could show said cards to them onto their screen... This is where it ended as my camera was disabled by default. The scammers were located in India, information gathered from the TeamViewer logfile... -never- let anyone take remote control of your computer unless you absolutely trust them. This scam took place in a controlled environment that had been set up specifically for that purpose..."
___

Upcoming Verizon DBR report ...
- http://www.darkreading.com/attacks-breaches/verizon-shares-glimpse-into-upcoming-201/240166380?printer_friendly=this-page
Feb 28, 2014 RSA CONFERENCE 2014 San Francisco - "... data breach data gathered by Verizon for its Data Breach Investigations Report shows that the bad guys are winning when it comes to the efficiency of hacking into their victims' systems... Wade Baker, managing principal of RISK Intelligence for Verizon... says... "Less than 25 percent of good guys discovered these incidents in a days or less... The bad guys are winning at a faster rate than the good guys are winning"... Bryan Sartin, director of Verizon's RISK Team, said... "Victims don't even find out on their own. They are finding out from someone else"... U.S. Secret Service special agent Edward Lowery, who heads up the agency's criminal investigative division, said... "They are in it for the profit, and their business model requires that they be surreptitious. It's all about the money"... Verizon's Baker says the bad news from this year's report is that the cyber criminals and other attackers are getting better at what they do, while the security community is not improving its game quickly enough to keep pace..."

 Evil or Very Mad Evil or Very Mad

 90 
 on: February 28, 2014, 02:19:26  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Microsoft Security Advisory (2871690)
Update to Revoke Non-compliant UEFI Modules
- http://technet.microsoft.com/en-us/security/advisory/2871690
Updated: Feb 27, 2014 Ver: 2.0 - "Microsoft is announcing the availability of an update for Windows 8 and Windows Server 2012 that revokes the digital signatures for nine private, third-party UEFI (Unified Extensible Firmware Interface) modules that could be loaded during UEFI Secure Boot. When the update is applied, the affected UEFI modules will no longer be trusted and will no longer load on systems where UEFI Secure Boot is enabled. The affected UEFI modules consist of specific Microsoft-signed modules that are either not in compliance with our certification program or their authors have requested that the packages be revoked. At the time of this release, these UEFI modules are not known to be available publicly...
... The -rereleased- update* addresses an issue where specific third-party BIOS versions did not properly validate the signature of the original update... The 2871777 update** is a -prerequisite- and must be applied before this update can be installed..."

* https://support.microsoft.com/kb/2871690
Last Review: Feb 27, 2014 - Rev: 2.0
Also see: Known issues with this security update...

** https://support.microsoft.com/kb/2871777
Last Review: Sep 18, 2013 - Rev: 6.0
Applies to: Win8, winSvr2012

 Exclamation

Pages: 1 ... 7 8 [9] 10
Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Page created in 0.281 seconds with 16 queries.