Recent Posts

Pages: [1] 2 3 ... 10
1
General Software / Re: CCleaner Updates
« Last post by hayc59 on July 19, 2019, 08:32:14 pm »
CCleaner v5.60.77307 Released
16 July 2019

Browser Clean
•  Improved the Flash cleaning rules in Chrome, Opera & CCleaner Browser
Software Updater
• Fixed a disappearing text bug
• Fixed a navigational bug
Localization
• Inserted additional translations into the installer

Download CCleaner
Other Builds
Whats New

Caution: Many companies are adding or bundling prechecked offers of other software with their installation processes.
UNCHECK any unwanted, prechecked software installs that may be offered.
2
By Eduard Kovacs on July 17, 2019

Clinical Pathology Laboratories (CPL) is the latest organization to inform customers that their personal information may have been compromised as a result of a data breach suffered by healthcare billing services provider American Medical Collection Agency (AMCA).

CPL, a laboratory services provider with 1,900 employees, said it learned of the incident in May. The company determined that the breach impacted roughly 34,500 patients who may have had information such as name, address, phone number, date of birth, payment card or banking information, balance information, and treatment provider details stolen.

Another 2.2 million individuals may have had their name, phone number, address, date of birth, dates of service, balance information, and treatment provider information compromised. Financial information was not exposed in the case of these patients, CPL said.

full article here:https://www.securityweek.com/amca-breach-impacts-22-million-patients-clinical-pathology-laboratories
3
Security & Technology News / Party Like a Russian, Carder’s Edition
« Last post by Antus67 on July 18, 2019, 03:29:51 am »
Author: Brian Krebs

“It takes a certain kind of man with a certain reputation
To alleviate the cash from a whole entire nation…”

KrebsOnSecurity has seen some creative yet truly bizarre ads for dodgy services in the cybercrime underground, but the following animated advertisement for a popular credit card fraud shop likely takes the cake.

The name of this particular card shop won’t be mentioned here, and its various domain names featured in the video have been pixelated so as not to further promote the online store in question.

But points for knowing your customers, and understanding how to push emotional buttons among a clientele that mostly views America’s financial system as one giant ATM that never seems to run out of cash.

WARNING: Some viewers may find this video disturbing. Also, it is almost certainly Not Safe for Work.

full article here:https://krebsonsecurity.com/2019/07/party-like-a-russian-carders-edition/
4
Security & Technology News / Sprint Reveals Account Breach via Samsung Website
« Last post by Antus67 on July 18, 2019, 03:25:28 am »
Author: Curtis Franklin Jr.

The last-June breach exposed data including names, phone numbers, and account numbers.

Sprint has been informing customers of a data breach discovered on June 22 that came by way of their account credentials via Samsung's "add a line" website. The number of customers impacted has not been disclosed.

Information exposed in the breach includes phone number, device type, device ID, monthly recurring charges, subscriber ID, account number, account creation date, upgrade eligibility, first and last name, billing address, and add-on services, according to Sprint's notification. The notification also stresses information that might be used in financial fraud was not affected.

full article here:https://www.darkreading.com/attacks-breaches/sprint-reveals-account-breach-via-samsung-website/d/d-id/1335285
5
By Ionut Ilascu



Stalkerware for mobile is easy to get by these days and you don't have to look further than Android's official store. While Google is quick to boot such apps when reported, some linger on adding thousands of installations.

Yesterday, researchers from Avast reported to Google four stalkerware apps believed to be the work of a Russian developer. They were promptly booted from the official Android store, but new ones have been discovered.

The functionality of these apps allowed someone to spy on people without leaving a trail on the device. This types of apps is often used to secretly monitor employee or life partners.

full article here:https://www.bleepingcomputer.com/news/security/stalkerware-apps-on-google-play-installed-over-130-000-times/
6
By Sergiu Gatlan



The Drupal CMS team has released a security update to address a critical severity access bypass vulnerability in the CMS' core component that could allow attackers to take control of impacted sites.

Only a limited set of websites running on the Drupal CMS are affected according to the security advisory given that the security issue only affects the Drupal 8.7.4 version, with Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x not being affected.

"In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created," says the Drupal team.

full article here:https://www.bleepingcomputer.com/news/security/drupal-patches-critical-bug-that-lets-hackers-take-over-sites/
7
Quote
By Sergiu Gatlan
July 17, 2019 01:28 PM

A new Linux malware masquerading as a Gnome shell extension and designed to spy on unsuspecting Linux desktop users was discovered by Intezer Labs' researchers in early July.

The backdoor implant dubbed EvilGnome is currently not detected by any of the anti-malware engines on VirusTotal [1, 2, 3] and comes with several capabilities very rarely seen in Linux malware strains.

"EvilGnome’s functionalities include desktop screenshots, file stealing, allowing capturing audio recording from the user’s microphone and the ability to download and execute further modules," Intezer researchers found.

"The implant contains an unfinished keylogger functionality, comments, symbol names and compilation metadata which typically do not appear in production versions."
Infection via self-extractable archives

EvilGnome is delivered with the help of self-extractable archive created using the makeself shell script, with all the metadata generated when creating the malicious payload archive bundled within its headers, possibly by mistake.

The infection is automated with the help of an autorun argument left in the headers of the self-executable payload which instructs it to launch a setup.sh that will add the malware's spy agent to the ~/.cache/gnome-software/gnome-shell-extensions/ folder, attempting to sneak onto the victim's system camouflaged as a Gnome shell extension.

https://www.bleepingcomputer.com/news/security/new-evilgnome-backdoor-spies-on-linux-users-steals-their-files/
8
Quote
By Sergiu Gatlan
July 17, 2019 02:37 PM
New DNS security measures for all .gov domains will be implemented by the U.S. government starting today to help mitigate risks associated with future DNS hijacking incidents.

The DotGov Program "operates the .GOV top-level domain (TLD) and makes it available to US-based government organizations, from Federal agencies to local municipalities," as per the U.S. General Services Administration (GSA).

Starting today, domain point of contacts will automatically be sent email alerts whenever the official .gov registrar will make DNS changes:

In response to recent incidents affecting other top-level domains, authorized .gov domain POCs will now receive a system-generated email when a change is made to their DNS in the DotGov Registrar.

The email will alert the POCs that a change was made to their DNS information and include instructions for mitigation should it be necessary.

All the DNS changes made by the registrar will propagate within roughly 24 hours, depending on multiple factors such as the connectivity and caching, DotGov explains.

"If you’re planning to make critical changes to your name servers over the weekend, please contact us before 5 p.m. on the prior Thursday to ensure the information propagates during weekend hours," adds the registrar.

This new DotGov initiative was prompted by a global Domain Name System (DNS) infrastructure hijacking campaign alert issued during January by the National Cybersecurity and Communications Integration Center (NCCIC), which is part of the Cybersecurity and Infrastructure Security Agency (CISA).

At the time, NCCIC advised network administrators to follow this set of best practices designed to safeguard their networks against DNS hijacking attacks:

• Implement multifactor authentication on domain registrar accounts, or on other systems used to modify DNS records.

• Verify that DNS infrastructure (second-level domains, sub-domains, and related resource records) points to the correct Internet Protocol addresses or hostnames.

• Search for encryption certificates related to domains and revoke any fraudulently requested certificates.

https://www.bleepingcomputer.com/news/security/us-govt-rolls-out-new-dns-security-measures-for-gov-domains/
9
Quote
Author: Tom Spring
July 17, 2019 1:43 pm

Lenovo, Acer and five additional server manufacturers are hit with supply-chain bugs buried in motherboard firmware.

Two firmware vulnerabilities impacting Lenovo, Acer and five additional server brands allow adversaries to brick servers, run arbitrary code on targeted systems and maintain a persistent foothold – surviving even an operating system reinstallation.

The bugs are tied to Gigabyte motherboards used in the vulnerable servers. The culprit is firmware for a motherboard component called a Baseboard Management Controller (BMC), which is used for subsystem management and monitoring. Server-makers using the vulnerable BMC firmware are Lenovo, Acer, AMAX, Bigtera, Ciara, Penguin Computing and sysGen.

The common thread connecting each of the server brands is the use of two specific motherboard SKUs made by Gigabyte, according to researchers at Eclypsium who first identified the bugs and publicly disclosed their findings Tuesday.

https://threatpost.com/firmware-bugs-plague-supply-chain/146519/
10
Quote
Author: Tara Seals
July 17, 2019 1:29 pm

Identifying tokens and random addresses, meant to create anonymity, do not change in sync on some devices — opening an attack vector.

Vulnerabilities in the way Bluetooth Low Energy is implemented on devices by manufacturers can open the door to global device tracking for the Windows 10, iOS and macOS devices that incorporate it, according to research from Boston University.

An academic team at BU uncovered the flaws, which exist in the periodically changing, randomized device addressing mechanism that many new-model Bluetooth Low Energy (BLE) devices incorporate to prevent passive tracking. A paper on the issues (PDF) was presented Wednesday at the 19th Privacy Enhancing Technologies Symposium.

Bluetooth devices advertise themselves as available to other devices in publicly available clear channels, dubbed “advertising channels,” to make pairing with other devices easy. In early versions of the Bluetooth specification, the permanent Bluetooth MAC addresses of devices were regularly broadcast in these clear advertising channels, leading to major privacy concerns stemming from the potential for device-tracking. BLE aimed to solve that by instead allowing device manufacturers to use temporary random addresses in over-the-air communication instead of a device’s permanent address.

https://threatpost.com/bluetooth-flaws-global-tracking-apple-windows/146517/
Pages: [1] 2 3 ... 10