Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Messages - Hardhead

Pages: [1] 2 3 ... 21
This was on the local news where I live at and they are warning people to install the latest Windows 10 MS Updates ASAP!
Windows 10 is the most used OS that has been targeted. All other OS's are not effected from what I understand.

General Software / Re: Mozilla Firefox Quantum
« on: August 15, 2019, 05:37:59 am »
Firefox v68.0.2 Released
Released: August 14, 2019

• Various security fixes

Direct Download: Firefox 68.0.2 for Windows | Fully Localized Versions
Direct Download: Firefox 64-bit
Download Mobile: Android & iSO
More Info: Release Notes
More Info: Security Advisories

Security Software / Re: uBlock Origin
« on: July 26, 2019, 03:51:22 am »

Last updated
    2 days ago (Jul 23, 2019)

Security Software / Re: Windows Firewall Control
« on: July 26, 2019, 03:47:19 am »
boxarrow Current version
Date:    04 March, 2019
SHA256:    535c7f214e16ef525f546e5dadf4124ffdc7eab0b6089cdc0da56888ec24bd2d

boxarrow What's new in version (04.03.2019)
- New: The notifications for svchost.exe include now the service name which generated
the blocked connection under the Name. Creating a rule for svchost.exe from the
notification dialog will always include the service in the newly created rule.
- New: Connections Log has now a new column for the Service name which is used by
svchost.exe. The lookup is made based on the ProcessID, therefore for older entries,
the exact service name can't be detected.
- Fixed: The width of some strings from Dashboard was extended to display properly
when a different language is used.
- Fixed: Rules properties are not updated in Rules Panel if they are open while
changing the user interface language.
- Fixed: Some group names are not displayed correctly in Rules Panel.

Download arrow

By Sergiu Gatlan
July 17, 2019 01:28 PM

A new Linux malware masquerading as a Gnome shell extension and designed to spy on unsuspecting Linux desktop users was discovered by Intezer Labs' researchers in early July.

The backdoor implant dubbed EvilGnome is currently not detected by any of the anti-malware engines on VirusTotal [1, 2, 3] and comes with several capabilities very rarely seen in Linux malware strains.

"EvilGnome’s functionalities include desktop screenshots, file stealing, allowing capturing audio recording from the user’s microphone and the ability to download and execute further modules," Intezer researchers found.

"The implant contains an unfinished keylogger functionality, comments, symbol names and compilation metadata which typically do not appear in production versions."
Infection via self-extractable archives

EvilGnome is delivered with the help of self-extractable archive created using the makeself shell script, with all the metadata generated when creating the malicious payload archive bundled within its headers, possibly by mistake.

The infection is automated with the help of an autorun argument left in the headers of the self-executable payload which instructs it to launch a that will add the malware's spy agent to the ~/.cache/gnome-software/gnome-shell-extensions/ folder, attempting to sneak onto the victim's system camouflaged as a Gnome shell extension.

By Sergiu Gatlan
July 17, 2019 02:37 PM
New DNS security measures for all .gov domains will be implemented by the U.S. government starting today to help mitigate risks associated with future DNS hijacking incidents.

The DotGov Program "operates the .GOV top-level domain (TLD) and makes it available to US-based government organizations, from Federal agencies to local municipalities," as per the U.S. General Services Administration (GSA).

Starting today, domain point of contacts will automatically be sent email alerts whenever the official .gov registrar will make DNS changes:

In response to recent incidents affecting other top-level domains, authorized .gov domain POCs will now receive a system-generated email when a change is made to their DNS in the DotGov Registrar.

The email will alert the POCs that a change was made to their DNS information and include instructions for mitigation should it be necessary.

All the DNS changes made by the registrar will propagate within roughly 24 hours, depending on multiple factors such as the connectivity and caching, DotGov explains.

"If you’re planning to make critical changes to your name servers over the weekend, please contact us before 5 p.m. on the prior Thursday to ensure the information propagates during weekend hours," adds the registrar.

This new DotGov initiative was prompted by a global Domain Name System (DNS) infrastructure hijacking campaign alert issued during January by the National Cybersecurity and Communications Integration Center (NCCIC), which is part of the Cybersecurity and Infrastructure Security Agency (CISA).

At the time, NCCIC advised network administrators to follow this set of best practices designed to safeguard their networks against DNS hijacking attacks:

• Implement multifactor authentication on domain registrar accounts, or on other systems used to modify DNS records.

• Verify that DNS infrastructure (second-level domains, sub-domains, and related resource records) points to the correct Internet Protocol addresses or hostnames.

• Search for encryption certificates related to domains and revoke any fraudulently requested certificates.

Author: Tom Spring
July 17, 2019 1:43 pm

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.

Two firmware vulnerabilities impacting Lenovo, Acer and five additional server brands allow adversaries to brick servers, run arbitrary code on targeted systems and maintain a persistent foothold – surviving even an operating system reinstallation.

The bugs are tied to Gigabyte motherboards used in the vulnerable servers. The culprit is firmware for a motherboard component called a Baseboard Management Controller (BMC), which is used for subsystem management and monitoring. Server-makers using the vulnerable BMC firmware are Lenovo, Acer, AMAX, Bigtera, Ciara, Penguin Computing and sysGen.

The common thread connecting each of the server brands is the use of two specific motherboard SKUs made by Gigabyte, according to researchers at Eclypsium who first identified the bugs and publicly disclosed their findings Tuesday.

Author: Tara Seals
July 17, 2019 1:29 pm

Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector.

Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University.

An academic team at BU uncovered the flaws, which exist in the periodically changing, randomized device addressing mechanism that many new-model Bluetooth Low Energy (BLE) devices incorporate to prevent passive tracking. A paper on the issues (PDF) was presented Wednesday at the 19th Privacy Enhancing Technologies Symposium.

Bluetooth devices advertise themselves as available to other devices in publicly available clear channels, dubbed “advertising channels,” to make pairing with other devices easy. In early versions of the Bluetooth specification, the permanent Bluetooth MAC addresses of devices were regularly broadcast in these clear advertising channels, leading to major privacy concerns stemming from the potential for device-tracking. BLE aimed to solve that by instead allowing device manufacturers to use temporary random addresses in over-the-air communication instead of a device’s permanent address.

Author: Tara Seals
July 17, 2019 9:26 am

The group is using malicious versions of WinRAR and other legitimate software packages to infect targets, likely via watering-hole attacks.


The APT group behind the sophisticated malware known as StrongPity (a.k.a. Promethium) has mounted a fresh spyware campaign that is still ongoing as of July 2019. The group has retooled with new malware to control compromised machines, according to researchers.

“The new malware samples [first identified in early July] have been unreported and generally appear to have been created and deployed to targets following a toolset rebuild in response to the public reporting during the fourth quarter of 2018,” according to the analysis from AT&T’s Alien Labs division, released Wednesday and shared with Threatpost. “Based on compilation times, infrastructure build and use and public distribution of samples, we assess the activity continues to operate successfully as of this report.”

The revamped malware, which is now targeting users located in Turkey, is similar to the group’s hallmark StrongPity/Prometheus code, according to the research, with complete spyware capability. It’s built to locate sensitive documents while establishing a persistent backdoor for remote access.

Help Net Security   July 16, 2019

Artificial intelligence (AI) is rapidly finding applications in nearly every walk of life. Self-driving cars, social media networks, cybersecurity companies, and everything in between uses it.

But a new report published by the SHERPA consortium – an EU project studying the impact of AI on ethics and human rights – finds that while human attackers have access to machine learning techniques, they currently focus most of their efforts on manipulating existing AI systems for malicious purposes instead of creating new attacks that would use machine learning.

The study’s primary focus is on how malicious actors can abuse AI, machine learning, and smart information systems. The researchers identify a variety of potentially malicious uses for AI that are well within reach of today’s attackers, including the creation of sophisticated disinformation and social engineering campaigns.

And while the research found no definitive proof that malicious actors are currently using AI to power cyber attacks, they highlight that adversaries are already attacking and manipulating existing AI systems used by search engines, social media companies, recommendation websites, and more.

By Ionut Ilascu    July 15, 2019 09:35 PM

An app styling itself as a more feature-rich unofficial version of Telegram was installed over 100,000 from Google Play only to provide minimum messaging services and to promote malicious websites.

Named MobonoGram 2019, the app used code from the legitimate Telegram messenger and added a few scripts that ran in secret on the infected device to help with persistence and with loading URLs received from the command server.

By the time security researchers found the malicious app, its developer - RamKal Developers, had already pushed five updates to the official Android store.

Available in English and Farsi, MobonoGram 2019 was available to users in regions that prohibited the use of Telegram (e.g. Russia, Iran) and would start automatically after booting the device, as well as after installing or updating an app.

It is unclear how long MobonoGram 2019 remained on Google Play, but pushing this high a number of installations was possible by redirecting users from third-party repositories to Google's official market for mobile.

Gary Barnett, CEO, Semafone   July 12, 2019

Today’s business landscape is more dynamic than ever before. Organizations are being inundated with data, generated by an ever-increasing number of connected devices and systems. According to IDC, volume of data worldwide will grow ten-fold to 163ZB by 2025, and the majority of that will be created and managed by enterprises.

Along with this increased volume of data comes an increased risk of data breaches. More than 446 million records containing sensitive consumer data were exposed in data breaches in 2018, a 126 percent increase over the previous year, according to the Identity Theft Resource Center.

Help Net Security   July 12, 2019

Organizations around the world are increasingly adopting advanced technologies, which is driving the global Internet of Things (IoT) market.

Fortune Business Insights in a report, titled “Global Internet of Things (IoT) market: Global market analysis, insights and forecast, 2019-2026” states that IoT technology holds significant potential in the ICT sector.

As per the report, the global market was valued at $190.0 Bn in the year 2018 and is anticipated to reach $1111.3 Bn by 2026. The analysts in the report predict that the global market will expand at a ferocious CAGR of 24.7% throughout the forecast years.

Help Net Security   July 12, 2019

Businesses are increasing the pace of investment in AI systems to defend against the next generation of cyberattacks, a study from the Capgemini Research Institute has found. Two thirds (69%) of organizations acknowledge that they will not be able to respond to critical threats without AI.

With the number of end-user devices, networks, and user interfaces growing as a result of advances in the cloud, IoT, 5G and conversational interface technologies, organizations face an urgent need to continually ramp up and improve their cybersecurity.

By Lawrence Abrams    July 12, 2019 05:00 PM

If you read the news, it's hard not to see that ransomware is far from dead and may be worse then ever.

Emboldened by large government payouts, ransomware developers are increasingly targeting cities, the enterprise, and charities where they can create large scale damage and thus potentially large-scale ransom payments.

It is no longer a playing field swamped with small players. While the smaller variants do exist, attackers are now performing more targeted attacks than ever with tried-and-true ransomware variants.

Pages: [1] 2 3 ... 21