Recent Posts

Pages: [1] 2 3 ... 10
1

By Ionut Arghire on April 20, 2018

Microsoft on Thursday announced Windows Defender System Guard runtime attestation, a new Windows platform security technology set to roll out to all editions of Windows.

Meant to mitigate attacks in software, the runtime attestation takes advantage of the same hardware-rooted security technologies in virtualization-based security (VBS) as Credential Guard, Microsoft says.

The new security technology can provide supplementary signals for endpoint detection and response (EDR) and antivirus vendors, and can detect artifacts of kernel tampering, rootkits, and exploits. Moreover, it can be used for preventing cheating in games, protecting sensitive transactions (banking apps, trading platforms), and providing conditional access (enabling device security-based access policies).

full article here:https://www.securityweek.com/microsoft-announces-new-windows-platform-security-technology
2

By AFP on April 22, 2018

Hong Kong - It has been jokingly referred to as "Botmageddon". But a surge in new, anonymous Twitter accounts across swathes of Southeast and East Asia has deepened fears the region is in the throes of US-style mass social media manipulation.

Maya Gilliss-Chapman, a Cambodian tech entrepreneur currently working in Silicon Valley, noticed something odd was happening in early April.

Her Twitter account @MayaGC was being swamped by a daily deluge of follows from new users.

"I acquired well over 1,000 new followers since the beginning of March. So, that's approximately a 227 percent increase in just a month," she told AFP.

While many might delight in such a popularity spike, Gilliss-Chapman, who has previously worked for tech companies to root out spam, was immediately suspicious.

The vast majority of these new accounts contained no identifying photograph and had barely tweeted since their creation.

full article here:https://www.securityweek.com/surge-anonymous-asia-twitter-accounts-sparks-bot-fears
3
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by ya5hkh4n on Today at 06:15:15 am »
Dan,

Always ON - It's the max protection.. so I think it shouldn't turn to OFF mode if the icon is left-clicked and shouldn't turn to install/disable mode when programs are installed, wot you say?

And, why not keep it simple? i.e Safe, Suspicious and Unsafe, no need "Be Careful".

It seems, when the option "automatically scan blocked files with the multi-engine blacklist scanner" is Unchecked, Suspicious Alerts appear in Red color like Unsafe Alerts, Suspicious Alerts should be Purple color, right?
4
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by VoodooShield on Today at 05:59:35 am »
Great catch, thank you ya5hkh4n... it was an easy fix, and will be included in the next release.

What happened was when the network connection was disabled, VS was unable to obtain the VoodooAi results, so it returned a -1 (-1 means there was no VoodooAi result), which is less than 90, so VS allowed the file.  So all I had to do was to tell VS that if the result is -1, to ignore the rule and to not allow the file because of that rule.
5
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by ya5hkh4n on Today at 03:47:54 am »
Hmmm, interesting, thank you for letting me know.  There must be a reason... what was the VoodooAi score?  Out of curiosity, what was the blacklist scan result?

Can you send me the file?

Now that you mention this... we should consider disabling certain options when VS is on AutoPilot.  When VS is on AutoPilot, all of the file insight mechanisms really should be enabled.  In other words... AutoPilot utilizes the file insight mechanisms to determine whether to automatically allow a file or not... and if the user starts turning off these mechanisms, who knows what could go wrong.

Thank you!
Is this a reply to my post 473?

my post 473
"On one of my systems, I use the following tweaked settings-
Mode - AutoPilot
Advanced Settings
Automatically scan blocked files with the multi-engine blacklist scanner [ Unchecked ]
Rules
Allow All files on My Computer when VoodooShield is ON, OFF, AUTOPILOT
If VoodooAi is less than or equal to 90

Offline i.e internet disconnected or not available, UNSAFE programs are allowed instead of generating alerts."

It happens on any Modes, with the above mentioned tweaks.

As per Rules, programs with Safe and Suspicious verdict should be allowed and programs with Unsafe verdict should generate alerts.
And it works fine online i.e internet connected.

offline i.e internet disconnected, VS gives alert "connect to internet...........".
I don't get this alert and programs with Unsafe verdict are allowed offline i.e internet disconnected, with the above mentioned tweaks.
Yeah, sorry, that was a reply to your post... I must have forgot to quote it.

This might be easiest... starting with all default settings, can you tell me what settings to change and what steps to take to reproduce this behavior?  Right now I am a little confused, but if you walk me through each step, it should be easy to reproduce, and even easier to fix.  Thank you!
Advanced Settings - Uncheck the option "automatically scan blocked files with the multi-engine blacklist scanner".

Rules - Create a New Ruleset.. attached are the screenshots.

Try the following portable programs.
Dns Jumper - hxxps://www.sordum.org/files/downloads.php?dns-jumper
VidCoder - hxxps://github.com/RandomEngy/VidCoder/releases/download/v2.63/VidCoder-2.63-x64-Portable.exe

Both programs are Unsafe as per VAi.

Offline/Internet Disconnected - VS doesn't generate alerts for not whitelisted programs.
6
Security & Technology News / The Kiss of Death for Passwords: Machine Learning?
« Last post by Antus67 on April 21, 2018, 10:50:59 pm »

By Torsten George on April 18, 2018

Since the introduction of computers, user names and passwords have been the primary method used for access control and authentication. However, as post-mortem analysis of data breaches reveals, compromised credentials have become the primary point of attack for today’s cyber adversaries. In fact, 81 percent of hacking-related breaches leverage either stolen, default, or weak passwords. A contributing factor for these stats is the fact that users often reuse the same password across multiple accounts and applications. For example, according to a report from TeleSign, 73 percent of users leverage the same password for multiple online accounts.

full article here:https://www.securityweek.com/kiss-death-passwords-machine-learning
7
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by VoodooShield on April 21, 2018, 05:47:52 pm »
Interesting... Voodoo doughnuts sound good ;).

I forgot to mention, since VS is now stable, we will be implementing self-protection soon, and will have a beta in the next week or two for you guys to try.

A dev who is familiar with kernel level coding will be doing the work, and it looks to be pretty straightforward, which is cool, that way it will hopefully be done right the first time.

Have a great weekend, I am going to the park with Gracie ;).

8
 BY:April 21, 2018  By Pierluigi Paganini

After analysis, they found out the attacked equihash mining pools are using a vulnerable equihash verifier

(equihashverify : https://github.com/joshuayabut/equihashverify) to verify miners’ shares.

There is a logic vulnerability in this verifier, so attacker can easily fake mining shares which can bypass the equihash solution verifier without using so much computing power.

This vulnerability has a wide impact because the verifier (equihashverify) is previously used by the Zcash official open source mining pool (node-stratum-pool), and many new cryptocurrencies which use equihash as PoW algorithm are forked from this pool.

full article here:https://securityaffairs.co/wordpress/71601/hacking/hacking-equihash-mining-pools.html
9
BY: April 21, 2018  By Pierluigi Paganini

Twitter bans Kaspersky Lab from advertising on its platform citing DHS ban for its alleged ties with Russian intelligence agencies.

“At the end of January of this year, Twitter unexpectedly informed us about an advertising ban on our official accounts where we announce new posts on our various blogs on cybersecurity (including, for example, Securelist and Kaspersky Daily) and inform users about new cyberthreats and what to do about them.” reads an open letter sent to the management of Twitter by Kaspersky. “In a short letter from an unnamed Twitter employee, we were told that our company “operates using a business model that inherently conflicts with acceptable Twitter Ads business practices.”

full article here:https://securityaffairs.co/wordpress/71610/intelligence/twitter-bans-kaspersky.html
Pages: [1] 2 3 ... 10