News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
November 25, 2014, 20:56:31
Pages: 1 ... 8 9 [10]
 91 
 on: October 14, 2014, 15:39:22  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Oracle Critical Patch Update Advisory - October 2014
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html
Oct 14, 2014 - "... This Critical Patch Update contains -154- new security fixes across the product families listed below. Please note that a blog entry summarizing the content of this Critical Patch Update and other Oracle Software Security Assurance activities is located at:
- https://blogs.oracle.com/security/entry/october_2014_critical_patch_update
Please note that on September 26, 2014, Oracle released a Security Alert for CVE-2014-7169 "Bash"* and other publicly disclosed vulnerabilities affecting GNU Bash. Customers of affected Oracle products are strongly advised to apply the fixes that were announced in the Security Alert for CVE-2014-7169..."
* http://www.oracle.com/technetwork/topics/security/alert-cve-2014-7169-2303276.html

Patch Availability Table
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html#PIN

October 2014 Risk Matrices
- http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html

 Exclamation Exclamation Exclamation

 92 
 on: October 14, 2014, 13:41:47  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Chrome 38.0.2125.104 released
- http://googlechromereleases.blogspot.com/2014/10/stable-channel-update_14.html
Oct 14, 2014 - "The stable channel has been updated to 38.0.2125.104 for Windows, Mac and Linux. This release contains an update for Adobe Flash as well as a number of other fixes. A full list of changes is available in the log*..."
* https://chromium.googlesource.com/chromium/src/+log/38.0.2125.101..38.0.2125.104?pretty=fuller&n=10000

CVE Reference(s): CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
___

- https://www.us-cert.gov/ncas/current-activity/2014/10/16/Google-Releases-Security-Updates-Chrome-and-Chrome-OS
Oct 16, 2014

 Exclamation

 93 
 on: October 14, 2014, 12:12:29  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Java 8u25 released
- http://www.oracle.com/technetwork/java/javase/downloads/index.html
Oct 14, 2014 - "This release includes important security fixes. Oracle strongly recommends that all Java SE 8 users upgrade to this release."

Release Notes
- http://www.oracle.com/technetwork/java/javase/8u25-relnotes-2296185.html

Java JRE 8u25 downloads
- http://www.oracle.com/technetwork/java/javase/downloads/jre8-downloads-2133155.html

Java JDK 8u25 downloads
- http://www.oracle.com/technetwork/java/javase/downloads/jdk8-downloads-2133151.html

Recommended Version 8 Update 25
- https://www.java.com/en/download/manual.jsp

... if you still need to use Java at all. If not - uninstall it!
___

- http://www.securitytracker.com/id/1031035
CVE Reference: CVE-2014-0050, CVE-2014-2478, CVE-2014-4289, CVE-2014-4290, CVE-2014-4291, CVE-2014-4292, CVE-2014-4293, CVE-2014-4294, CVE-2014-4295, CVE-2014-4296, CVE-2014-4297, CVE-2014-4298, CVE-2014-4299, CVE-2014-4300, CVE-2014-4301, CVE-2014-4310, CVE-2014-6452, CVE-2014-6453, CVE-2014-6454, CVE-2014-6455, CVE-2014-6467, CVE-2014-6483, CVE-2014-6537, CVE-2014-6538, CVE-2014-6542, CVE-2014-6544, CVE-2014-6545, CVE-2014-6546, CVE-2014-6547, CVE-2014-6560, CVE-2014-6563, CVE-2014-6513, CVE-2014-6532, CVE-2014-6503, CVE-2014-6456, CVE-2014-6562, CVE-2014-6485, CVE-2014-6492, CVE-2014-6493, CVE-2014-4288, CVE-2014-6466, CVE-2014-6458, CVE-2014-6468, CVE-2014-6506, CVE-2014-6511, CVE-2014-6476, CVE-2014-6515, CVE-2014-6504, CVE-2014-6519, CVE-2014-6517, CVE-2014-6531, CVE-2014-6512, CVE-2014-6457, CVE-2014-6527, CVE-2014-6502, CVE-2014-6558
Oct 15 2014
Impact: Disclosure of system information, Disclosure of user information, Modification of system information, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Description: Multiple vulnerabilities were reported in Oracle Java. A remote or local user can obtain elevated privileges on the target system. A remote user can partially access and modify data...
Solution: The vendor has issued a fix as part of the Oracle Critical Patch Update Advisory - October 2014.
The vendor's advisory is available at:
- http://www.oracle.com/technetwork/topics/security/cpuoct2014-1972960.html

>> http://www.oracle.com/technetwork/topics/security/cpuoct2014verbose-1972962.html#JAVA

 Exclamation Exclamation

 94 
 on: October 14, 2014, 10:07:17  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Flash 15.0.0.189 released
- https://helpx.adobe.com/security/products/flash-player/apsb14-22.html
Oct 14, 2014
CVE number:
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0558 - 10.0 HIGH
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0564 - 10.0 HIGH
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0569 - 10.0 HIGH
Platform: All Platforms
Summary: Adobe has released security updates for Adobe Flash Player for Windows, Macintosh and Linux. These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system. Adobe recommends users update their product installations to the latest versions:
- Users of the Adobe Flash Player desktop runtime for Windows and Macintosh should update to Adobe Flash Player 15.0.0.189.
- Users of the Adobe Flash Player Extended Support Release should update to Adobe Flash Player 13.0.0.250.
- Users of Adobe Flash Player for Linux should update to Adobe Flash Player 11.2.202.411.
- Adobe Flash Player installed with Google Chrome, Internet Explorer 10 and Internet Explorer 11 will be automatically updated to the current version.
- Users of the Adobe AIR desktop runtime should update to version 15.0.0.293.
- Users of the Adobe AIR SDK and AIR SDK & Compiler should update to version 15.0.0.302.
- Users of Adobe AIR for Android should update to Adobe AIR 15.0.0.293...

For I/E:
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_active_x.exe
For Firefox (Plugin-based browsers):
- http://download.macromedia.com/get/flashplayer/current/licensing/win/install_flash_player_15_plugin.exe

Flash test site:
- http://www.adobe.com/software/flash/about/

AIR download:
- http://get.adobe.com/air/

- http://www.securitytracker.com/id/1031019
CVE Reference: CVE-2014-0558, CVE-2014-0564, CVE-2014-0569
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 13.0.0.244 and prior 13.x versions, 15.0.0.167 and prior, 11.2.202.406 and prior for Linux ...
Solution: The vendor has issued a fix (13.0.0.250 extended support release, 15.0.0.189 for Windows/Mac, 11.2.202.411 for Linux).
The vendor's advisory is available at:
- http://helpx.adobe.com/security/products/flash-player/apsb14-22.html
___

ColdFusion hotfixes available
- https://helpx.adobe.com/security/products/coldfusion/apsb14-23.html
Oct 14, 2014
CVE numbers: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Platform: All Platforms
Summary: Adobe has released security hotfixes for ColdFusion versions 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.  These hotfixes address a security permissions issue that could be exploited by an unauthenticated local user to bypass IP address access control restrictions applied to the ColdFusion Administrator. Cross-site scripting and cross-site request forgery vulnerabilities are also addressed in the hotfixes.
Affected software versions:
ColdFusion 11, 10, 9.0.2, 9.0.1 and 9.0 for all platforms.
Solution: Adobe recommends ColdFusion customers update their installation using the instructions provided in the technote located here: http://helpx.adobe.com/coldfusion/kb/coldfusion-security-hotfix-apsb14-23.html
Customers should also apply the security configuration settings as outlined on the ColdFusion Security page as well as review the ColdFusion 11 Lockdown Guide, ColdFusion 10 Lockdown Guide and ColdFusion 9 Lockdown Guide...
___

- http://www.securitytracker.com/id/1031020
CVE Reference: CVE-2014-0570, CVE-2014-0571, CVE-2014-0572
Oct 14 2014
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information, User access via local system
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 9.0, 9.0.1, 9.0.2, 10, 11 ...
Solution: The vendor has issued a hotfix.

 Exclamation Exclamation

 95 
 on: October 14, 2014, 09:39:51  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

- https://technet.microsoft.com/library/security/ms14-oct
Oct 14, 2014 - "This bulletin summary lists security bulletins released for October 2014...
(Total of -8-)

Microsoft Security Bulletin MS14-056 - Critical
Cumulative Security Update for Internet Explorer (2987107)
- https://technet.microsoft.com/library/security/ms14-056
Critical - Remote Code Execution - Requires restart - Microsoft Windows, Internet Explorer
- https://support.microsoft.com/kb/2987107
"... resolves -14- privately reported vulnerabilities in Internet Explorer. This security update helps protect Internet Explorer from being attacked when you view a specially crafted webpage..."
- https://support.microsoft.com/kb/2987107
Last Review: Oct 20, 2014 - Rev: 3.0

Microsoft Security Bulletin MS14-057 - Critical
Vulnerabilities in .NET Framework Could Allow Remote Code Execution (3000414)
- https://technet.microsoft.com/library/security/ms14-057
Critical - Remote Code Execution - May require restart - Microsoft Windows, Microsoft .NET Framework

Microsoft Security Bulletin MS14-058 - Critical
Vulnerability in Kernel-Mode Driver Could Allow Remote Code Execution (3000061)
- https://technet.microsoft.com/library/security/ms14-058
Critical - Remote Code Execution - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-059 - Important
Vulnerability in ASP.NET MVC Could Allow Security Feature Bypass (2990942)
- https://technet.microsoft.com/library/security/ms14-059
Important - Security Feature Bypass - May require restart - Microsoft Developer Tools
- https://support2.microsoft.com/kb/2990942
Last Review: Oct 16, 2014 - Rev: 2.0

Microsoft Security Bulletin MS14-060 - Important
Vulnerability in Windows OLE Could Allow Remote Code Execution (3000869)
- https://technet.microsoft.com/library/security/ms14-060
Important - Remote Code Execution - May require restart - Microsoft Windows
- http://www.isightpartners.com/2014/10/cve-2014-4114/
Oct 14, 2014
- https://support.microsoft.com/kb/3000869
Last Review: Oct 14, 2014 - Rev: 1.1

Microsoft Security Bulletin MS14-061 - Important
Vulnerability in Microsoft Word and Office Web Apps Could Allow Remote Code Execution (3000434)
- https://technet.microsoft.com/library/security/ms14-061
Important - Remote Code Execution - May require restart - Microsoft Office, Microsoft Office Services, Microsoft Office Web Apps
- https://support.microsoft.com/kb/3000434
Last Review: Oct 14, 2014 - Revision: 1.1

Microsoft Security Bulletin MS14-062 - Important
Vulnerability in Message Queuing Service Could Allow Elevation of Privilege (2993254)
- https://technet.microsoft.com/library/security/ms14-062
Important - Elevation of Privilege - Requires restart - Microsoft Windows

Microsoft Security Bulletin MS14-063 - Important
Vulnerability in FAT32 Disk Partition Driver Could Allow Elevation of Privilege (2998579)
- https://technet.microsoft.com/library/security/ms14-063
Important - Elevation of Privilege - Requires restart - Microsoft Windows
___

- http://blogs.technet.com/b/msrc/archive/2014/10/14/october-2014-updates.aspx

Deployment Priority, Severity, and Exploit Index
- http://blogs.technet.com/cfs-file.ashx/__key/communityserver-blogs-components-weblogfiles/00-00-00-45-71/October-2014-Security-Bulletins-overview.png
___

- http://www.securitytracker.com/id/1031018 - MS14-056
CVE Reference: CVE-2014-4123, CVE-2014-4124, CVE-2014-4126, CVE-2014-4127, CVE-2014-4128, CVE-2014-4129, CVE-2014-4130, CVE-2014-4132, CVE-2014-4133, CVE-2014-4134, CVE-2014-4137, CVE-2014-4138, CVE-2014-4140, CVE-2014-4141
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 6, 7, 8, 9, 10, 11 ...
- http://www.securitytracker.com/id/1031021 - MS14-057
- http://www.securitytracker.com/id/1031022 - MS14-058
- http://www.securitytracker.com/id/1031023 - MS14-059
- http://www.securitytracker.com/id/1031017 - MS14-060
CVE Reference: CVE-2014-4114
Oct 14 2014
Impact: Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): Vista SP2, 2008 SP2, 7 SP1, 2008 R2 SP1, 8, 8.1, 2012, 2012 R2, RT, RT 8.1; and prior service packs ...
This vulnerability is being actively exploited via PowerPoint files.
The original advisory is available at: http://www.isightpartners.com/2014/10/cve-2014-4114/
iSIGHT Partners reported this vulnerability...
- http://www.securitytracker.com/id/1031024 - MS14-061
- http://www.securitytracker.com/id/1031025 - MS14-062
- http://www.securitytracker.com/id/1031027 - MS14-063
___

October 2014 Office Update Release
- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/10/14/october-2014-office-update-release.aspx
14 Oct 2014 - "... There are 6 security updates (1 bulletin) and 21 non-security updates..."
___

MSRT October 2014 Hikiti
- http://blogs.technet.com/b/mmpc/archive/2014/10/14/msrt-october-2014-hikiti.aspx
Oct 14, 2014 - "The October release of the Malicious Software Removal Tool (MSRT) is directly related to a Coordinated Malware Eradication (CME) initiative led by Novetta and with the help of many other security partners: F-Secure, ThreatConnect, ThreatTrack Security, Volexity, Symantec, Tenable, Cisco, and iSIGHT. Collaboration across private industry is crucial to addressing advanced persistent threats. The target in this campaign is an advanced persistent threat that served as the infrastructure of actors that launched targeted attacks against multiple organizations around the world. This month, the MSRT along with all of the partners in our Virus Information Alliance program are releasing new coverage for this infrastructure: Win32/Hikiti and some of the related malware families, Win32/Mdmbot, Win32/Moudoor, Win32/Plugx, Win32/Sensode, and Win32/Derusbi. Novetta has released an executive summary* on this threat..."
* http://www.novetta.com/operationsmn
___

ISC Analysis
- https://isc.sans.edu/diary.html?storyid=18819
2014-10-14 - "... only -8- instead of the promised 9 bulletins. Also, of particular interest is MS14-060 which was pre-announced by iSight Partners. iSight has seen this vulnerability exploited in some "APT" style attacks against NATO/US military interests and attributes these attacks to Russia..."
___

MS Advisories for October 2014

Microsoft Security Advisory 2755801
Update for Vulnerabilities in Adobe Flash Player in Internet Explorer
- https://technet.microsoft.com/en-us/library/security/2755801
Updated: Oct 14, 2014 - v30.0

Microsoft Security Advisory 2949927
Availability of SHA-2 Hashing Algorithm for Windows 7 and Windows Server 2008 R2
- https://technet.microsoft.com/en-us/library/security/2949927
Oct 14, 2014
V2.0 (October 17, 2014): Removed Download Center links for Microsoft security update 2949927. Microsoft recommends that customers experiencing issues -uninstall- this update. Microsoft is investigating behavior associated with this update, and will update the advisory when more information becomes available.
- https://support.microsoft.com/kb/2949927
Last Review: Oct 21, 2014 - Rev: 6.1

Microsoft Security Advisory 2977292
Update for Microsoft EAP Implementation that Enables the Use of TLS
- https://technet.microsoft.com/en-us/library/security/2977292
Oct 14, 2014

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008.aspx
V1.1 Oct 15, 2014: Advisory revised to include a workaround for disabling the SSL 3.0 protocol in Windows.

.

 96 
 on: October 14, 2014, 07:27:38  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Firefox 33.0 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html

Security Advisories for 33.0:
- https://www.mozilla.org/security/known-vulnerabilities/firefox.html#firefox33
Fixed in Firefox 33
MFSA 2014-82 Accessing cross-origin objects via the Alarms API
MFSA 2014-81 Inconsistent video sharing within iframe
MFSA 2014-80 Key pinning bypasses
MFSA 2014-79 Use-after-free interacting with text directionality
MFSA 2014-78 Further uninitialized memory use during GIF
MFSA 2014-77 Out-of-bounds write with WebM video
MFSA 2014-76 Web Audio memory corruption issues with custom waveforms
MFSA 2014-75 Buffer overflow during CSS manipulation
MFSA 2014-74 Miscellaneous memory safety hazards (rv:33.0 / rv:31.2)

Release notes
- https://www.mozilla.org/en-US/firefox/33.0/releasenotes/
Oct 14, 2014

... complete list of changes in this release... 3422 bugs found.
___

- http://www.securitytracker.com/id/1031028
CVE Reference: CVE-2014-1574, CVE-2014-1575, CVE-2014-1576, CVE-2014-1577, CVE-2014-1578, CVE-2014-1580, CVE-2014-1581, CVE-2014-1582, CVE-2014-1583, CVE-2014-1584, CVE-2014-1585, CVE-2014-1586
Oct 14 2014
Impact: Disclosure of system information, Disclosure of user information, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 33.0 ...
___

Mozilla to disable encryption feature in next Firefox browser due to 'Poodle' bug
- http://www.reuters.com/article/2014/10/15/cybersecurity-encryption-mozilla-idUSL3N0SA04O20141015
Oct 14, 2014 - "Mozilla said it will -disable- Secure Sockets Layer (SSL) encryption in the latest version of its Firefox web browser that will be released on Nov. 25 after a security bug called "Poodle" was discovered in a web encryption technology. "By exploiting this vulnerability, an attacker can gain access to things like passwords and cookies, enabling him to access a user's private account data on a website," Mozilla said in its blog*. SSL 3.0 will be disabled by default in Firefox 34, Mozilla said. The code to disable the security protocol will be available shortly via Mozilla Nightly, an in-development version of Mozilla's browser. Mozilla also said that Firefox 35 will support a generic Transport Layer Security (TLS) downgrade protection mechanism called SCSV (Signaling Cipher Suite Value), as a precautionary measure..."
* https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/
Oct 14, 2014 - "Summary: SSL version 3.0 is no longer secure. Browsers and websites need to turn off SSLv3 and use more modern security protocols as soon as possible, in order to avoid compromising users private information. We have a plan to turn off SSLv3 in Firefox. This plan was developed with other browser vendors after a team at Google discovered a critical flaw in SSLv3, which can allow an attacker to extract secret information from inside of an encrypted transaction. SSLv3 is an old version of the security system that underlies secure Web transactions and is known as the Secure Sockets Layer (SSL) or Transport Layer Security (TLS)..."

Microsoft Security Advisory 3009008
Vulnerability in SSL 3.0 Could Allow Information Disclosure
- https://technet.microsoft.com/en-us/library/security/3009008.aspx
Oct 14, 2014

- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3566
Last revised: 10/14/2014

 Exclamation

 97 
 on: October 14, 2014, 05:17:48  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake DOC attachment SPAM - malware
- http://blog.dynamoo.com/2014/10/to-view-your-document-please-open.html
14 Oct 2014 - "This spam comes with a malicious DOC attachment:

   From:     Anna [ ?ǯ#- {qYrs l: Ei91ɤy$e| ps' Qt#7 o[o[o[7 {x|%S;UpbSˑBi` f [no-reply@ bostonqatar .net]
    Date:     14 October 2014 11:09
    Subject:     Your document
    To view your document, please open attachment.


The "From" field in the samples I have seen seems to be a random collection of characters. The DOC attachment is also randomly named in the format document_9639245.doc. This word document contains a malicious macro [pastebin] which downloads an additional component from pro-pose-photography .co.uk/fair/1.exe. The DOC file has a VirusTotal detection rate of 0/55* and the EXE file is just 2/54** ... UPDATE: among other things the malware drops the executable pefe.exe with a detection rate of 3/55***..."
* https://www.virustotal.com/en-gb/file/38e14668c5676fd53234abc8128ba16b2f5b19ccadaa6dda75c3a2bf9480d285/analysis/1413281775/

** https://www.virustotal.com/en-gb/file/9f202cf5e15101c5a7e05280ad4dc86092b4036dcbbd8dd144e58c4115638e75/analysis/1413283670/

*** https://www.virustotal.com/en-gb/file/c9ae7f694229861dd05492bd532980f2504c3bc3ce58fd6fad71c44cb053d643/analysis/1413287366/

- http://myonlinesecurity.co.uk/document-word-doc-malware/
14 Oct 2014 - "... The email is very plain, simple and terse and just says:

To view your document, please open attachment.

14 October 2014: document_1720781.doc Current Virus total detections: 0/55* ..."
* https://www.virustotal.com/en/file/38e14668c5676fd53234abc8128ba16b2f5b19ccadaa6dda75c3a2bf9480d285/analysis/1413281933/
___

Fake Sales Order SPAM - word doc malware
- http://myonlinesecurity.co.uk/sales-order-number-son1410-000183-fake-word-doc-malware/
14 Oct 2014 - "'Sales Order Number SON1410-000183' pretending to come from mail@ firwood .co.uk is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
   <html>
    <body bgcolor=#FFFFFF>
    <table width=750″ border=0″>
    <tr>
    <td>
    <font face=verdana size=2″></font>
    <br><br>
    <font face=verdana size=2″>Please find the attached document a summary
    of which is below:</font>
    </td>
    </tr>
    </table>
    <table width=750″ border=0″> ...
        </table>
    <font face=verdana size=2″>Regards </br></br><B>Firwood Paints Ltd
    </B></br>Oakenbottom Road </br>Bolton BL2 6DP   England </br></br>Tel +44
    (0)1204 525231 </br>Fax +44 (0)1204 362522 </br>e mail mail@ firwood .co.uk
    </br></font>
    </body>
    </html>
    Automated mail message produced by DbMail.
    Registered to X3 Sage North America, License EDM2013051.
    This message has been scanned for viruses by BlackSpider MailControl ...


14 October 2014: Extracts to: SON141000-000183.pdf.exe
Current Virus total detections: 13/54* . This is another one of the spoofed icon files that unless you have show known file extensions enabled, will look like a proper word .doc file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/1fd1e3787b4982b6029ebd9859d6aff3bd313903a2322c29a80bbd105a5651ac/analysis/1413274440/
___

YouTube Ads lead to Exploit Kits ...
- http://blog.trendmicro.com/trendlabs-security-intelligence/youtube-ads-lead-to-exploit-kits-hit-us-victims/
Oct 14, 2014 - "Malicious ads are a common method of sending users to sites that contain malicious code. Recently, however, these ads have showed up on a new attack platform: YouTube. Over the past few months, we have been monitoring a malicious campaign that used malicious ads to direct users to various malicious sites. Users in the United States have been affected almost exclusively, with more than 113,000 victims in the United States alone over a 30-day period.
Countries affected by this malicious ad campaign:
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/10/malad.jpg
Recently, we saw that this campaign was showing up in ads via YouTube as well. This was a worrying development: not only were malicious ads showing up on YouTube, they were on videos with more than 11 million views in particular, a music video uploaded by a high-profile record label. The ads weve observed do not -directly- lead to malicious sites from YouTube. Instead, the traffic passes through two advertising sites, suggesting that the cybercriminals behind this campaign bought their traffic from legitimate ad providers. In order to make their activity look legitimate, the attackers used the -modified- DNS information of a Polish government site. The attackers did not compromise the actual site; instead they were able to change the DNS information by adding subdomains that lead to their own servers. (How they were able to do this is unclear.) The traffic passes through two -redirection- servers (located in the Netherlands) before ending up at the malicious server, located in the United States. The exploit kit used in this attack was the Sweet Orange exploit kit. Sweet Orange is known for using four vulnerabilities, namely:
    CVE-2013-2460 Java
    CVE-2013-2551 Internet Explorer
    CVE-2014-0515 - Flash
    CVE-2014-0322 Internet Explorer
Based on our analyses of the campaign, we were able to identify that this version of Sweet Orange uses vulnerabilities in Internet Explorer. The URL of the actual payload constantly changes, but they all use subdomains on the same Polish site mentioned earlier. However, the behavior of these payloads are identical. The final payloads of this attack are  variants of the KOVTER malware family, which are detected as TROJ_KOVTER.SM. This particular family is known for its use in various ransomware attacks, although they lack the encryption of more sophisticated attacks like Cryptolocker. The websites that TROJ_KOVTER.SM accesses in order to display the fake warning messages are no longer accessible. Users who keep their systems up to date will not affected by this attack, as Microsoft released a patch for this particular vulnerability in May 2013. We recommend that read and apply the software security advisories by vendors like Microsoft, Java, and Adobe, as old vulnerabilities are still being exploited by attackers. Applying the necessary patches is essential part of keeping systems secure..."

 Evil or Very Mad  Sad

 98 
 on: October 14, 2014, 02:46:31  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Dropbox passwords leaked
- http://www.reuters.com/article/2014/10/14/us-cybercrime-dropbox-idUSKCN0I309Z20141014
Oct 14, 2014 - "Hundreds of alleged usernames and passwords for online document-sharing site Dropbox were published on Monday on Pastebin, an anonymous information-sharing website. The anonymous user, who claims to have hacked close to 7 million accounts, is calling for Bitcoin donations to fund the operation... Dropbox, however, said it has -not- been hacked. "These usernames and passwords were unfortunately -stolen- from other services and used in attempts to log in to Dropbox accounts. We'd previously detected these attacks and the vast majority of the passwords posted have been expired for some time now. All other remaining passwords have been expired as well," a Dropbox spokesman said in an email to Reuters. Dropbox is a Silicon Valley startup that has proved a hit with consumers and boasts more than 200 million users six years after it was started..."

- http://www.theinquirer.net/inquirer/news/2375519/dropbox-denies-it-was-hacked-as-7-million-passwords-leak-online
Oct 14 2014 - "... The company said* that, if any leak has occurred, it came from a third-party app and if anyone does happen to be using the same password across services, it is still likely to be very out of date as the company now uses a token API rather than a text-in-the-clear system. At present, the hackers are dripfeeding the user names and passwords they claim to have harvested into Pastebin documents and are appealing for bitcoin donations to reveal more..."

* https://blog.dropbox.com/2014/10/dropbox-wasnt-hacked/
Oct 13, 2014 - "Recent news articles claiming that Dropbox was hacked arent true. Your stuff is safe. The usernames and passwords referenced in these articles were stolen from unrelated services, not Dropbox. Attackers then used these stolen credentials to try to log in to sites across the internet, including Dropbox. We have measures in place to detect suspicious login activity and we automatically reset passwords when it happens. Attacks like these are one of the reasons why we strongly encourage users not to reuse passwords across services. For an added layer of security, we always recommend enabling 2 step verification on your account.
Update: 10/14/2014 12:30am PT
A subsequent list of usernames and passwords has been posted online. Weve checked and these are not associated with Dropbox accounts."

 Neutral  Sad

 99 
 on: October 13, 2014, 12:17:36  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Dropbox glitch leaves some users with deleted files
- http://www.theinquirer.net/inquirer/news/2375294/dropbox-glitch-leaves-some-users-with-deleted-files
Oct 13 2014 - "... a 'glitch' in some versions of the Dropbox app resulted in the deletion of files... The bug occurred when certain versions of the desktop sync app were shutdown prematurely by a program or system crash, and was limited to users of the selective sync feature where only certain folders are replicated on the desktop..."

 Shocked  Sad

 100 
 on: October 13, 2014, 06:36:18  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Site Delistings
- http://www.malwaredomains.com/?p=3667
October 10th, 2014 - "... too many false positives and weve rolled back the last update. Please update your blocklists ASAP..."

 Exclamation

Pages: 1 ... 8 9 [10]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.679 seconds with 15 queries.