News: Cexx forums, with volunteers dedicated to helping you remove malware and stay protected
 
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
October 22, 2014, 15:54:01
Pages: 1 ... 8 9 [10]
 91 
 on: September 14, 2014, 16:47:10  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Phish - Paypal ...
- http://myonlinesecurity.co.uk/paypal-account-will-limited-hear-phishing/
14 Sep 2014 - "'Paypal Your account will be limited until we hear from you' pretending to come from service_paypal=cczazmam .com@ wpengine .com; on behalf of; service_paypal@ cczazmam .com. There are a few major common subjects in a phishing attempt. The majority are either PayPal or your Bank or Credit Card... The original email looks like this. It will NEVER be a genuine email from  PayPal or Your Bank so don’t ever follow the links in the email...
    PayPal account information :
    Hello,
    Dear PayPal user ,
    Your account will be limited if you not confirm it .
    Need Assistance?
    Some information on your account appears to be missing or incorrect.
    Please update your account promptly so that you can continue to enjoy
    all the benefits of your PayPal account.
    If you don’t update your account within 37 days, we’ll limit what you can do with your PayPal account.
    Please Login to confirm your information :
    http ://rangeviewrentals .com//wp-content/themes/twentytwelve/wester.html
    Reference Number: PP-003-211-347-423
    Yours sincerely,
    PayPal


This particular phishing campaign starts with an email with a link. In this case to a hacked compromised website, which looks nothing like any genuine PayPal page:
> http://myonlinesecurity.co.uk/wp-content/uploads/2014/09/rangeview_paypal_phishing-scam.png
This one wants your personal details, your Paypal account log in details and your credit card and bank details and your email log in details . Many of them are also designed to specifically steal your facebook and other social network log in details..."

 Evil or Very Mad  Shocked

 92 
 on: September 13, 2014, 05:37:57  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

JPMorgan still seeks to determine extent of Attack
- http://www.nytimes.com/2014/09/13/technology/after-breach-jpmorgan-still-seeks-to-determine-extent-of-attack.html
Sep 12, 2014 - "The headache caused by the attack on JPMorgan Chase’s computer network this summer may not go away anytime soon. Over two months, hackers gained entry to dozens of the bank’s servers, said three people with knowledge of the bank’s investigation into the episode who spoke on the condition of anonymity. This, they said, potentially gave the hackers a window into how the bank’s individual computers work. They said it might be difficult for the bank to find every last vulnerability and be sure that its systems were thoroughly secured against future attack. The hackers were able to review information about a million customer accounts and gain access to a list of the software applications installed on the bank’s computers. One person briefed said more than -90- of the bank’s servers were affected, effectively giving the hackers high-level administrative privileges in the systems. Hackers can potentially crosscheck JPMorgan programs and applications with known security weaknesses, looking for one that has not yet been patched so they can regain access. A fourth person with knowledge of the matter, also speaking on condition of anonymity, said hackers had not gained access to account holders’ financial information or Social Security numbers, and may have reviewed only names, addresses and phone numbers. The hack began in June and was not detected until late July. JPMorgan briefed financial regulators on the extent of the damage last week. Investigators say they believe that at least four other banks or financial institutions were also affected..."

 Shocked  Sad

 93 
 on: September 12, 2014, 16:38:19  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Firefox 32.0.1 released

From an admin. account, start Firefox, then >Help >About >Check for Updates ...
-or-
Download: https://www.mozilla.com/firefox/all.html

Release notes
- https://www.mozilla.org/en-US/firefox/32.0.1/releasenotes/
Sep 12, 2014
Fixed: 32.0.1 - Stability issues for computers with multiple graphics cards
Fixed: 32.0.1 - Mixed content icon may be incorrectly displayed instead of lock icon for SSL sites
Fixed: 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified...

Mobile:
- https://www.mozilla.org/en-US/mobile/32.0.1/releasenotes/
Fixed: 32.0.1 - Link tap selection is offset on some Android devices
Fixed: 32.0.1 - WebRTC: setRemoteDescription() silently fails if no success callback is specified...

 Exclamation

 94 
 on: September 12, 2014, 04:22:05  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Update for OneDrive for Business (KB2889866)
- https://support.microsoft.com/kb/2889866
Last Review: Sep 10, 2014 - Rev: 2.0
"Notice: We are investigating an issue that is affecting the September 2014 update for Microsoft OneDrive for Business. Therefore, we have removed the update from availability for now..."

- http://blogs.technet.com/b/office_sustained_engineering/archive/2014/09/10/september-2014-office-update-release.aspx
10 Sep 2014 - "UPDATE - We have discovered an issue with update KB 2889866. We have removed the update from availability while we investigate."
___

- http://www.infoworld.com/t/microsoft-windows/microsofts-new-update-tuesday-looks-whole-lot-the-old-black-tuesday-250304
Sep 11, 2014
___

September 2014 Security Bulletin Webcast Q&A
- http://blogs.technet.com/b/msrc/archive/2014/09/12/september_2d00_2014_2d00_security_2d00_bulletin_2d00_release_2d00_webcast_2d00_q_2d00_a.aspx
12 Sep 2014 - "Today we’re publishing the September 2014 Security Bulletin Webcast Questions & Answers page*..."
* http://blogs.technet.com/b/msrc/p/september-2014-security-bulletin-release-webcast-q-a.aspx

 Exclamation

 95 
 on: September 12, 2014, 02:41:40  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

VMSA-2014-0009 - VMware NSX and vCNS product updates ...
- http://www.vmware.com/security/advisories/VMSA-2014-0009.html
2014-09-11
Summary: VMware NSX and vCloud Networking and Security (vCNS) product updates address a vulnerability that could lead to critical information disclosure.
Relevant releases:
NSX 6.0 prior to 6.0.6
vCNS 5.5 prior to 5.5.3
vCNS 5.1.4 prior to 5.1.4.2
Problem Description:
a. VMware NSX and vCNS information disclosure vulnerability
VMware NSX and vCNS contain an input validation vulnerability. This issue may allow for critical information disclosure...
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-3796 - 5.0

- http://www.securitytracker.com/id/1030835
CVE Reference: CVE-2014-3796
Sep 11 2014
Impact: Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): vCNS 5.1.4 prior to 5.1.4.2, 5.5 prior to 5.5.3 ...
Solution: The vendor has issued a fix (5.1.4.2, 5.5.3)...

 Exclamation

 96 
 on: September 12, 2014, 01:11:22  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake Invoice SPAM - contains malicious VBS script
- http://blog.mxlab.eu/2014/09/12/fake-email-copie-facture-societe-lws-fc-contains-malicvious-vbs-script/
Sep 12, 2014 - "... intercepted a new trojan distribution campaign by email with the subject “[COPIE FACTURE SOCIETE LWS FC-408185] – [LWS INVOICE] 10/09/2014″. This email is sent from the spoofed address “Service clients LWS <noreply@ lws .com>” and has the following body:
S.A.R.L LWS
4, rue galvani
75838 PARIS Cedex 17
Paris le, 10/09/2014
Veuillez trouver en pièce jointe votre facture de référence: facture FC-408185 (Fichier: facture-408185) au format ZIP.
Si vous n’avez pas WinRar (Logiciel permettant de lire les fichiers ZIP) vous pouvez le télécharger ici:
http ://www .rarlab .com/download.htm
Merci pour la confiance que vous nous accordez,
Le service comptabilité LWS ...


The attached ZIP file has the name FACTURE_45871147.zip and contains the 4 kB large file FACTURE_45871147.vbs. the VBS script in fact is encoded to hide the real purpose but it seems that this script will download other malicious files and will install them on a system in order to infect the computer. The trojan is known as Trojan.Script.Crypt.deehcf or VBS/Dloadr-DVY. At the time of writing, 2 of the 53* AV engines did detect the trojan at Virus Total..."
* https://www.virustotal.com/en/file/adf506eebd74dbdd2e23ab2a0918912a95105745226302cca32c760c34d196a5/analysis/
___

Fake Household Improvement SPAM - Zbot Malware
- https://blog.malwarebytes.org/fraud-scam/2014/09/household-improvement-emails-come-with-zbot-malware/
Sep 12, 2014 - "... malicious email in circulation at the moment which claims to contain an invoice from a Kitchen Appliance company. According to another recipient of the mail*, the named company is actually a real business entity although there’s no suggestion that they’ve been hacked or otherwise compromised – it seems the scammers just opened up a directory, said “That one” and just started pretending to be them. The mail reads as follows:
Screenshot: https://blog.malwarebytes.org/wp-content/uploads/2014/09/kitchens1.jpg
... The email comes with a .zip attachment, which contains a piece of Malware known as Zbot.  Zeus (aka Zbot) is something to be avoided, as it can lead to banking password theft, form grabbing, keystroke logging and also Ransomware. The zip contains an executable made to look like a Word .doc file, which is a trick as old as the hills yet extremely effective where catching people out is concerned. Telling Windows to display known file extensions will help to avoid this particular pitfall... we detect this as Trojan.Spy.Zbot, and the current Virus Total scores currently clock in at 29/54**...  there’s another mail*** doing the rounds which spoofs the same email address mentioned above, yet claims to be sent from a toiletries company. If you’ve bought any form of kitchen / household upgrade or addition recently and receive mails with zipped invoices, you may not recall exactly who you bought all of your items from. With that in mind, you may wish to have a look at your receipts and bank statements, and – on the off chance the randomly selected company named in the spam mails matches up – give them a call directly to confirm they really did send you something. There’s a good chance they probably didn’t..."
* http://myonlinesecurity.co.uk/m-m-kitchen-appliances-inv211457-fake-word-doc-malware/

** https://www.virustotal.com/en/file/941434a32431048380956c6bb7c6be5fd4105ac397eb8c46011d27e827014f73/analysis/

*** http://blog.mxlab.eu/2014/09/12/fake-email-with-attached-invoice-from-broad-oak-toiletries-ltd-contains-trojan/
___

Data Breaches and PoS RAM Scrapers
- http://blog.trendmicro.com/trendlabs-security-intelligence/2014-an-explosion-of-data-breaches-and-pos-ram-scrapers/
Sep 11, 2014 - "... Ever since the Target data breach came into the limelight, there has been a constant stream merchants/retailers publicly disclosing data breach incidents. These data breaches typically involve credit card data theft using PoS RAM scrapers. Early this month, Brian Krebs reported yet another big data breach that involves U.S. retailer Home Depot using a new variant of the BlackPOS PoS RAM scraper. Nearly all Home Depot locations in the US are believed to have been affected and it is speculated this data breach might surpass the Target breach in terms of volume of data stolen. In addition to an increased number of data breaches, 2014 also brings an increase in the number of new PoS RAM scraper families. Our PoS RAM scraper family tree illustrates the evolution as follows:
Evolution of the PoS RAM scraper family
> http://blog.trendmicro.com/trendlabs-security-intelligence/files/2014/09/Figure-3-01.png
... Of the six new variants discovered in 2014, four were discovered between June and August.
- Soraya – discovered in June and is a Dexter- and ZeuS-inspired malware. In addition to scraping RAM for credit card Tracks 1 and 2 data, it borrows tricks from ZeuS for hooking the NtResumeThread API, and injects itself into all new processes. It also borrows ZeuS’s form-grabbing functionality and hooks the browser’s HTTP POST function. Trend Micro detects Soraya variants as TSPY_SORAYA.A.
- BrutPOS – discovered in July and appears to have borrowed functionality from a BlackPOS variant. It attempts to exploit PoS systems that use weak or default passwords and has open Remote Desktop Protocol (RDP) ports. BrutPOS will brute-force the login:password combinations to gain entry into the system. Trend Micro detects BrutPOS variants as TROJ_TIBRUN.B and TROJ_TIBRUN.SM.
- Backoff – discovered in July is a successor of Alina. It implements an updated data search function and drops a watchdog process that ensures Backoff is always running on the system. The cybercriminals use publicly available tools to brute-force entry into RDP applications on PoS systems and installs Backoff. Trend Micro detects Backoff variants as TSPY_POSLOGR.A, TSPY_POSLOGR.B, and TSPY_POSLOGR.C.
- BlackPOS ver 2.0 – discovered in August, clones the exfiltration technique that the BlackPOS variant used to compromise U.S. retailer Target. BlackPOS ver 2.0 also adds a unique feature where it pretends to be an AV product installed on the system to avoid drawing unwanted attention to itself. Reports indicate that this malware appears to have been used in the latest big data breach targeting Home Depot. Trend Micro detects BlackPOS ver 2.0 variants as TSPY_MEMLOG.A..."

 Evil or Very Mad  Sad

 97 
 on: September 11, 2014, 03:58:56  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake job offer SPAM - llcinc .net
- http://blog.dynamoo.com/2014/09/llc-inc-llcincnet-fake-job-offer.html
11 Sep 2014 - "This -fake- company's name looks like it has been designed to be hard to find on Google. The so-called LLC INC using the domain llcinc .net does -not- exist.
   Date:      Wed, 10 Sep 2014 19:51:50 -0400 [09/10/14 19:51:50 EDT]
    From:      LLC INC
    Reply-To:      recruiter@ llcinc .net
    Subject:      EMPLOYMENT OFFER
    Hello,
      Good day to you overthere we will like to inform you that our company is currently
    opening an opportunity for employment if you are interested please do reply with your resume
    to recruiter@ llcinc .net
    Thanks
    Management LLC INC


This so-called job is going to be something like a money mule, parcel mule or some other illegal activity. The domain llcinc .net was registered just a few days ago with -fake- details... There is no website. The email originates from 209.169.222.37, the mail headers indicate that this is probably a compromised email server mail .swsymphony .org.
Avoid."
___

Fake eFax SPAM leads to Cryptowall
- http://blog.dynamoo.com/2014/09/efax-spam-leads-to-cryptowall.html
11 Sep 2014 - "Yet another -fake- eFax spam. I mean really I cannot remember the last time someone sent me a (real) fax...
From:     eFax [message@ inbound .efax .com]
Date:     11 September 2014 20:35
Subject:     eFax message from "unknown" - 1 page(s), Caller-ID: 1-865-537-8935
Fax Message [Caller-ID: 1-865-537-8935
You have received a 1 page fax at Fri, 12 Sep 2014 02:35:44 +0700.
* The reference number for this fax is atl_did1-1400166434-52051792384-154.
Click here to view this fax using your PDF reader.
Please visit www .eFax .com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service! ...


... the link in the message goes somewhere bad, in this case it downloads a ZIP files from cybercity-game .com/game/Documents.zip which unzips to a malicious executable Documents.scr which has a pretty low VirusTotal detection rate of 2/55*. The ThreatTrack report** clearly identifies this as Cryptowall and identifies that it either downloads data from or posts data... The 111.exe has a much wider detection rate of 22/53*** and according the the ThreatTrack analysis of that binary there is some sort of network connection... I would recommend blocking the following:
188.165.204.210
193.19.184.20
193.169.86.151
goodbookideas .com
mtsvp .com
suspendedwar .com
"
* https://www.virustotal.com/en-gb/file/687c7d8030b9f15bd2ef857116ef8c0c6fe83aa998ff32dab406beb0d4e759c2/analysis/1410467960/

** http://www.dynamoo.com/files/analysis_2567_79b1f47c0dfd99f974d2920a381ad91f.pdf

*** https://www.virustotal.com/en-gb/file/5db8207e1891b01b84c987f8065c2f646cbcceae9ff5af5198a05f75766e8c39/analysis/1410468901/
___

Malicious WordPress injection sending to 178.62.254.78 and 176.58.100.98
- http://blog.dynamoo.com/2014/09/malicious-wordpress-injection-sending.html
11 Seo 2014 - "There is currently some sort of injection attack against WordPress sites that is injected code into the site's .js files. Not so unusual.. except that the payload site in the file changes every half hour or so... The site mentioned in the IFRAME is the one that keeps -changing- so presumably there is either something running on the compromised WordPress site, or there is some other mechanism for the bad guys to update the details... All these subdomains are hijacked from legitimate domains using AFRAID.ORG nameservers, and are hosted on 178.62.254.78 (Digital Ocean, Netherlands). These then pass the victim onto another domain in the format... blocking the following IPs may give you better protection:
176.58.100.98
178.62.254.78
"

176.58.100.98: https://www.virustotal.com/en-gb/ip-address/176.58.100.98/information/

178.62.254.78: https://www.virustotal.com/en-gb/ip-address/178.62.254.78/information/
___

Fake Employee Important Address UPDATE/SPAM – PDF malware
- http://myonlinesecurity.co.uk/employees-important-address-update-fake-pdf-malware/
11 Sep 2014 - "'To All Employee’s –  Important Address UPDATE' which pretends to come from Administrator at your own domain is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
     To All Employee’s:
    The end of the year is approaching and we want to ensure every employee receives their W-0 to the correct address. Verify that the address is correct.. If changes need to be made, contact HR .. Administrator ...


11 September 2014: Documents.zip: Extracts to: Documents.scr
Current Virus total detections: 0/53* ...  another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/687c7d8030b9f15bd2ef857116ef8c0c6fe83aa998ff32dab406beb0d4e759c2/analysis/1410456657/

- http://blog.dynamoo.com/2014/09/to-all-employees-important-address.html
11 Sep 2014 - "This -fake- HR spam leads to a malicious ZIP file:
    From:     Administrator [administrator@ victimdomain .com]
    Date:     11 September 2014 22:25
    Subject:     To All Employee's - Important Address UPDATE
    To All Employee's:The end of the year is approaching and we want to ensure every employee receives their W-5 to the correct address. Verify that the address is correct... If changes need to be made, contact HR... [/i]

The link in the email goes to the same site as described in this earlier post*, which means that the payload is Cryptowall."
* http://blog.dynamoo.com/2014/09/efax-spam-leads-to-cryptowall.html
___

Fake picture or video SPAM – jpg malware
- http://myonlinesecurity.co.uk/new-picture-video-message-fake-jpg-malware/
11 Sep 2014 - "'A new picture or video' message pretending to come from getmyphoto@ vodafone .co.uk is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The attachment file names are so far all the same and it extracts to a fake windows short cut file .pif Even setting show file extensions will, not show the .pif extension in windows 8  and the unzipped file will look like a genuine windows short cut, so you need to be especially wary and cautious. See below:
> http://myonlinesecurity.co.uk/wp-content/uploads/2014/09/pif-not-showing.png
The email looks like:
   You have received a picture message from mobile phone number +447586595142 picture
    Please note, the free reply expires three days after the original message is sent from the Vodafone network. Vodafone Service


There is a second version of this email doing the rounds today. Instead of an attachment it has a link to a compromised/ infected/newly created malware pushing site where it automatically tries to download the malware in a zip file.
You have received a picture message from mobile phone number +447557523496 click here to view picture message
Please note, the free reply expires three days after the original message is sent from the Vodafone network. Vodafone Service


... there will be hundreds of different sites. The  zip was 90837744-2014_481427.zip which extracts to 90837744-2014_481427.scr which has the same #  and detection rate as the pif file earlier submitted to virus total*

11 September 2014: IMG_00005_09112014.jpeg.zip : Extracts to:    IMG_00005_09112014.jpeg.pif
Current Virus total detections:4/53** . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper jpg file instead of the .pif ( windows shortcut) file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/1425dcfbe06fa76c7b1e491e4573afedd2a867e50650b9ad70e90ae872024821/analysis/1410430034/

** https://www.virustotal.com/en/file/1425dcfbe06fa76c7b1e491e4573afedd2a867e50650b9ad70e90ae872024821/analysis/1410427007/
___

Fake 'new order' SPAM – PDF malware
- http://myonlinesecurity.co.uk/new-order-fake-pdf-malware/
11 Sep 2014 - "'new order' pretending to come from random names at live .co.uk is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... This email has various subjects, including new order, new invoice, FWD:invoice, FWD Order... The attachment file names are so far all the same and it extracts to a -fake- windows short cut file .pif . Even setting show file extensions will -not- show the .pif extension in windows 8  and the unzipped file will look like a genuine windows short cut, so you need to be especially wary and cautious. See below:
> http://myonlinesecurity.co.uk/wp-content/uploads/2014/09/pif-not-showing.png
The email looks like:
Warmest regards,
> http://myonlinesecurity.co.uk/wp-content/uploads/2014/09/new-order.png


11 September 2014: 2014.09.11.zip : Extracts to:    2014.09.11.pdf.pif
Current Virus total detections: 4/53* . This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .pif ( windows shortcut) file it really is, so making it much more likely for you to accidentally open it and be infected... The basic rule is NEVER open any attachment to an email, unless you are expecting it... Never just blindly click on the file in your email..."
* https://www.virustotal.com/en/file/1425dcfbe06fa76c7b1e491e4573afedd2a867e50650b9ad70e90ae872024821/analysis/1410427007/

 Evil or Very Mad Evil or Very Mad  Sad

 98 
 on: September 10, 2014, 15:07:49  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

5 million GMail accounts hacked
- http://money.cnn.com/2014/09/10/technology/security/gmail-hack/
Sep 10, 2014
___

- http://www.webroot.com/blog/2014/09/10/5-million-gmail-accounts-breached-one/
Sep 10, 2014 - "... This morning, we found out that there was a breach of over 5 million Gmail accounts, all hosted in a plain text file on Russian hacker forums.  Naturally, we wanted to see what the data was like, and there it was, plain as day for everyone to see. We started to look up our various accounts, and out of my whole team, I was the only one to appear. Right in front of me, on a list with 5 million other people, was my information.... Every three months is the average for a company for changing of passwords, often not allowing you to repeat for at least 10 passwords. This may be an annoyance, but with breaches like this occurring on a daily basis, it’s a necessary step that you should be following at home as well. It’s no longer simply about someone figuring your password out, but rather the idea that any level of breach can grab your standard password and e-mail address, and attempt it across multiple channels until success is found.  Changing your password removes this ability... With cell phones being at the ready in almost all aspects of our daily lives, this is one of the most convenient and easy layers to implement. By adding this layer, the service will authenticate any login attempt through an independent channel, allowing you to know if someone is attempting unauthorized access. Below are links to the sites listed above for their steps on enabling this step.
    Gmail: https://www.google.com/landing/2step/
    Amazon: http://aws.amazon.com/iam/details/mfa/
    PayPal: https://www.paypal.com/us/cgi-bin?cmd=xpt/Marketing_CommandDriven/securitycenter/PayPalSecurityKey-outside&bn_r=o
    Facebook: https://www.facebook.com/note.php?note_id=10150172618258920
    Twitter: https://blog.twitter.com/2013/getting-started-with-login-verification
While we are still unsure how the hacker was able to get all this information, it’s clear as day that it is out there, and because of that, vigilance is key. Just as you wouldn’t leave your credit cards laying around, you shouldn’t risk your passwords being out there either.  Data is valuable, and the more private or financially focused it is, the more we need to take it seriously.  So take these simple steps, get another layer of security established, and make it a habit to change passwords so you don’t become another name on the list as I did. In the mean time, you can check and see if your e-mail is apart of the breach by following this link:
- https://isleaked.com/en.php

Google Two-Step authentication: https://support.google.com/a/answer/175197?hl=en
___

- http://www.databreaches.net/5-million-compromised-google-accounts-leaked/
Sep 10, 2014
___

- http://www.theinquirer.net/inquirer/news/2364644/google-dismisses-all-but-two-percent-of-gmail-password-dump
Sep 11 2014 - "... Google talked about "credential dumps"*, which is described as the uploading of a lot of usernames and passwords on the web. It called them a 'recent phenomenon', adding that it regularly scans them for evidence of impact. It said that a recent leak from earlier this week, which was thought to include data from around five million Google and other provider email accounts, had a failure rate of around 98 percent, meaning that fewer than two out of every hundred credentials could be used... The firm took the opportunity to remind people that they probably use the same login credentials on a range of websites and that this is like bathing in gasoline while smoking a pipe..."
* http://googleonlinesecurity.blogspot.com.es/2014/09/cleaning-up-after-password-dumps.html

 Shocked  Evil or Very Mad

 99 
 on: September 10, 2014, 11:25:24  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

VMSA-2014-0008 - VMware vSphere product updates to 3rd party libraries
- http://www.vmware.com/security/advisories/VMSA-2014-0008.html
Sep 9, 2014
Summary: VMware has updated vSphere third party libraries
- Relevant releases:
VMware vCenter Server 5.5 prior to Update 2
VMware vCenter Update Manager 5.5 prior to Update 2
VMware ESXi 5.5 without patch ESXi550-201409101-SG
Problem Description:
a. vCenter Server Apache Struts Update
b. vCenter Server tc-server 2.9.5 / Apache Tomcat 7.0.52 updates
c. Update to ESXi glibc package
d. vCenter and Update Manager, Oracle JRE 1.7 Update 55
Change log:
VMSA-2014-0008 Initial security advisory in conjunction with the release of vSphere 5.5 Update 2 on 2014-09-09...

 Exclamation

 100 
 on: September 10, 2014, 03:19:51  
Started by AplusWebMaster - Last post by AplusWebMaster
FYI...

Fake DHL invoice SPAM
- http://blog.dynamoo.com/2014/09/geir-myklebust-dhl-no.html
10 Sep 2014 - "Geir Myklebust is a real employee for DHL in Norway, but neither he nor DHL are responsible for this spam run in any way (their systems have NOT been breached either). Instead, it contains a malicious attachment and it should simply be deleted.
From:     Geir Myklebust (DHL NO) [Geir.Myklebust@ dhl .com]
Date:     10 September 2014 10:35
Subject:     FW: customer acct. no.: 4690086 - invoice 0257241 needs to be paid
Dear Sir.
The attached invoice from Villmarksmessen 2014 has still not been settled.
Please advise as soon as possible.
Thank you and regards,
Geir
Med vennlig hilsen/ Kind Regards
Geir Myklebust
Product Manager, Avd. Trade Fairs & Events
DHL Global Forwarding (Norway) AS
Avd. Trade Fairs & Events
Messeveien 14
2004 Lillestrøm ...


Attached is a ZIP file of various different names (e.g. invoice_0257241.zip), containing a malicious executable file invoice_3466198.exe which has a VirusTotal detection rate of 3/54*. The Comodo CAMAS report** shows an attempted connection to voladora .com/Imagenes/qaws.cab which is currently coming up with a socket error. I would recommend that you block access to that domain. Further analysis is pending..."
* https://www.virustotal.com/en-gb/file/779955dd6a5da605f2432449bf1edc35e356a251cf43f3cbfda704a26cac5038/analysis/1410342283/

** http://camas.comodo.com/cgi-bin/submit?file=779955dd6a5da605f2432449bf1edc35e356a251cf43f3cbfda704a26cac5038

"UPDATE: a second malicious binary is doing the round, this time with a detection rate of 2/53***..."
*** https://www.virustotal.com/en-gb/file/febd053fdafbc097eedbacac3e0f97d912f7925ddab0dfc90a32895dac35fbdd/analysis/1410353017/

92.43.17.6: https://www.virustotal.com/en/ip-address/92.43.17.6/information/

- http://myonlinesecurity.co.uk/fw-customer-acct-186588-invoice-9782264-needs-paid-fake-pdf-malware/
10 Sep 2014
- https://www.virustotal.com/en/file/febd053fdafbc097eedbacac3e0f97d912f7925ddab0dfc90a32895dac35fbdd/analysis/1410350810/
___

Fake Overdue invoice SPAM – doc malware
- http://myonlinesecurity.co.uk/overdue-invoice-1197419584-fake-doc-malware/
10 Sep 2014 - "'Overdue invoice #1197419584' is another one from the current bot runs which try to download various Zbots, cryptolocker, ransomware and loads of other malware on your computer. They are using email addresses and subjects that will entice a user to read the email and open the attachment... The email looks like:
   Good afternoon,
    I was hoping to hear from you by now. May I have payment on invoice #1197419584 today please, or would you like a further extension?
    Best regards,
    Cherish Schaunaman
    +07540 61 15 69

... or like this one:
   This email contains an invoice file in attachment.

10 September 2014 : bill_2014-09-10_09-16-23_1197419584.arj :
Extracts to:  bill_2014-09-10_09-16-23_1197419584.exe
Current Virus total detections: 6/55*
Alternative version 10 September 2014 : Invoice4777_2C7.zip :
Extracts to: attachment_scaned.doc            .exe
Current Virus total detections: 2/54**
This 'Overdue invoice #1197419584' is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper Microsoft word.doc file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected..."
* https://www.virustotal.com/en/file/4c6d8f5ad6ff6f35be8b2fe921fc65619ba5708b5a0597a6929fd3bc3f36aabb/analysis/1410342531/

** https://www.virustotal.com/en/file/877eab31951bb48139f0ec592ce906ff3891a74f078af494eeb8ccbc9d913b52/analysis/1410341816/
___

'Outstanding Warrant' Phone SCAMS
- http://www.hoax-slayer.com/outstanding-warrant-phone-scams.shtml
Sep 10, 2014 - "Scammers posing as law-enforcement officers are cold-calling people and tricking them into paying over the phone to resolve supposedly outstanding warrants. The scammers warn victims that, if they don't pay the requested fee, police may come to their home and arrest them... The scammers are reportedly quite skilled at impersonating police officers and are often able to convince victims that they are legitimate. When victims call back on the number provided, the scammers may identify their 'office' as a seemingly legitimate entity such as the 'County Warrants Department'. This simple -ruse- may further convince victims that the scammer's claims are true... This type of -scam- is certainly nothing new and has been around in various forms for many years... a flurry of reports from several US states suggests that these scammers are currently quite active. The scammers are also using variations of the old jury duty phone scam to steal money from victims. Police will -never- call you and demand an immediate payment to resolve an outstanding warrant. If you receive such a suspect call, do -not- give the caller any personal and financial information and do -not- comply with their instructions. If in doubt, call your local police to check. Do -not- use a phone number provided by the caller. Find a number for police in a local phone directory..."
___

Malvertisements - YouTube, Amazon and Yahoo
- http://www.computerworld.com/article/2604303/malicious-advertising-hits-amazon-youtube-and-yahoo.html
Sep 9, 2014 - "Malicious advertisements have popped up on websites such as YouTube, Amazon and Yahoo, part of a sophisticated campaign to spread malware, Cisco said*... When encountered, the malicious advertisements cause the user to be -redirected- to a different website, which triggers a download based on whether the computer is running Windows or Apple's OS X... Cisco didn't identify the advertising network that is serving the malicious advertisements. Although ad networks try to filter out malicious ones, occasionally bad ones slip in, which for a high-traffic site means a large pool of potential victims...  Some of the malicious ads were served on youtube.com, amazon.com and ads.yahoo.com, Pelkmann wrote. All told, 74 domains were serving the ads. When a victim is -redirected- by one of the ads, the computer downloads a piece of malware with a unique checksum, making it harder for security software to detect. The download may also contain legitimate software such as a media player. To be infected, the user must be convinced to open the file. 'The attackers are purely relying on social engineering techniques in order to get the user to install the software package,' Pelkmann wrote. 'No drive-by exploits are being used thus far'..."
* http://blogs.cisco.com/security/kyle-and-stan/

 Evil or Very Mad  Sad

Pages: 1 ... 8 9 [10]
Powered by SMF 1.1.20 | SMF © 2013, Simple Machines Page created in 0.717 seconds with 15 queries.