Recent Posts

Pages: [1] 2 3 ... 10
General Software / Re: iTunes
« Last post by Hardhead on Today at 06:41:42 am »
iTunes 12.7.3 for Windows 7 or later.
32 and 64bit downloads.
Also you can get the new iTunes update by going to Apple Software Updater on you computer.
That has been fixed with the latest IOS 11.2.6 Apple Update.  ;)
Just came out yesterday.
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by gorblimey on Today at 03:57:54 am »

4.18b, it seems programs are allowed when net is not available or disconnected. Can anyone confirm?

Yes.  Due to unacceptable 1-3 second delays in scanning I run with this setup.  Sometimes a less used program will be queried, then VS will complain about lack of internet access, but I do get the chance to roughly trample on the complaint.

I do this because all my apps are scanned prior to launch, even though they are whitelisted.

@Dan - I know VS takes the hash value of snapshot programs, and it is good (best?) practice to suss briefly before launch, but given that calculating the hash only requires a couple of msecs, could VS run a hash check for whitelisted apps?  Even MD5 would do a sufficient job of validation.

By Ionut Arghire on February 22, 2018

A newly observed variant of the infamous Mirai botnet is capable of setting up proxy servers on the infected Internet of Things (IoT) devices, Fortinet warns.

Mirai is a distributed denial of service (DDoS)-capable malware family that emerged in late 2016. Targeting IoT devices to add them to a botnet and launch powerful attacks, Mirai has been involved on some massive incidents right from the start.

Referred to as OMG because of strings containing "OOMGA" it its configuration table, the malware keeps most of Mirai’s capabilities, but also adds its own features to the mix.

Unlike Mirai, the OMG variant’s configuration includes two strings used to add a firewall rule to ensure traffic on two random ports is allowed, Fortinet discovered. 

Full Article Here:
Punters not happy with handling of vulnerability confessions
By Shaun Nichols in San Francisco 21 Feb 2018 at 22:43

It's not just Intel facing a legal firestorm over its handling of the Spectre and Meltdown CPU design flaws – AMD is also staring at a growing stack of class-action complaints related to the chip vulnerabilities.

At least four separate lawsuits have now been filed against the California-based processor slinger, alleging violations ranging from securities fraud to breach of warranty, unfair competition, and negligence. The cases, all submitted to a US district court in San Jose.

Full Article Here:
Multiple customers have reported logging in to their bank accounts, only to be presented with another customer’s bank account details. Chase has acknowledged the incident, saying it was caused by an internal “glitch” Wednesday evening that did not involve any kind of hacking attempt or cyber attack

Trish Weller, director of communications for the retail side of JP Morgan Chase, said the incident happened Wednesday evening, for “a pretty limited number of customers” between 6:30 pm  and 9 pm ET who “sporadically during that time while logged in to could see someone else’s account details.”

Krebs on Security:
A bug in npm (Node Package Manager), the most widely used JavaScript package manager, will change ownership of crucial Linux system folders, such as /etc, /usr, /boot.

Changing ownership of these files either crashes the system, various local apps, or prevents the system from booting, according to reports from users who installed npm v5.7.0. —the buggy npm update.

Full Article Here:
By Catalin Cimpanu

There's a thriving underground market for buying and selling code-signing certificates meant to help malware pass unnoticed by security scanners, but according to new research, the prices for such certificates are too high, and only a few hackers can afford one.

It's been known for years that the hardest malware to detect is the one that's signed with certificates issued to well-known and established companies.

But for a long time, it's been believed —and rightfully so— that hackers got their hands on such certificates by stealing them from the networks of legitimate companies, their partners, or the Certificate Authorities (CAs) themselves.

Full Article Here:
By: Zeljka Zorz - Managing Editor February 22, 2018

Trend Micro has plugged a bucketload of vulnerabilities in its Email Encryption Gateway, some of which can be combined to execute root commands from the perspective of a remote unauthenticated attacker.

The Trend Micro Encryption for Email Gateway (TMEEG) is a Linux-based software solution/virtual appliance that provides the ability to perform the encryption and decryption of email at the corporate gateway, regardless of the email client and the platform from which it originated.

Trend Micro has released a security update (version 5.5 Build 1129) to plug ten of these holes, but the last two on the list are still unpatched.

Full Article Here:
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by Andi on February 22, 2018, 11:12:44 pm »
Pages: [1] 2 3 ... 10