Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Hardhead

Pages: 1 [2] 3 4 ... 21
16
Vulnerability Report & Security Research / Re: Intel ME Vulnerability
« on: July 04, 2019, 05:49:24 am »
By exile360, Saturday at 04:26 PM in General Chat
Quote
...  But what if there was a device inside your CPU, the central 'brain' of your computer that was always on, even when the system is powered off, and what if I told you this device was inside every computer built in the last 11 or so years and that it was so secret and its code so obscured that security researchers can't even audit its code for potential vulnerabilities and that it has full access to your network devices and storage devices in your system, has the ability to power on your system remotely, and even access your hardware and data when no operating system is installed or running? ...
...

I must confess, my first thought--and the second, third and fourth--were along the lines of "What planet do you...?"

But yes.  Powered down.  Exactly what is "powered down"?  Well, duh!  But switched off where?  Most people hit the (large) button on the front of the case to "power up".  Many like me touch the mouse twice, slowly.  Others "touch any key", and not just a few have machines "Wake On LAN" or similar. And all of these have one thing in common.  Whatever you call "powered down" isn't.  The box is sleeping, hibernating, estivating, but OFF it is NOT.  There is always electricity trickling through the CPU...  Actually the entire MoBo.  It's what keeps the internal battery charged, among other necessary things.  Do you off the box at the wall?

So no BS here.  A risk does exist, the threat is real.

Except.  OK, if you don't have a NAT router between your box and the modem, yes, it's a trivial exercise unless the modem is offed.  With a NAT router, life for the threat actor becomes... interesting.  I'm too lazy to look up the numbers in detail, but suffice it to say that, with IPv6 thrown in, the number of local addresses to be checked is in the high thousands.  Now I am making one assumption here: that our beloved CPU is not actively phoning home every few minutes, letting its masters know the necessary room number (and attaching the vital invitation the NAT router wants to see).

If you're like me, you also lack a fixed IP.  Most people settle for lower costs and happily accept a variable IP from the large pool kept by the ISP.  And mine is likely to change every time my router is offed for more than a few minutes, which happens at least once a month.

Tinfoil hat space?  Ask Sony, or Amazon, anybody with lists of usernames and passwords|addresses|employers|etc.  Yes, I know there are actors out there who would dearly love to operate my computer for me, but do they have the knowlege and skill to light up my IME?  I doubt it.
I think we are all on the same planet here in this forum. You may disagree with my post and I respect that as an opinion.
Powered off would be that the OS is shut down and off, plugged in or not plugged in unless you take the internal battery out so the CMOS will not boot. Now if you are able to get the MORPHEUS chip which has been developed then your OS may be bullet proof. I'm just being open mined and respectful. ;)

Cheers

17
Oh so true. My Moms new iPad got infected and I was able to disable what was going on but need help getting rid of it altogether which was no problem. I will say this that I contacted Apple support and it was I that found the infection and disabled it while the Apple rep took screenshots and didn't know what else to do to actually get rid of the infection that involved a certificate that was the last step to remove the infection for good. I knew where to turn to get help with that.

Malwarebytes helped me with the final step.  ;D
There help is the very best IMO. :)

18
Oh, I forgot to mention that Private folder was only password protected and not encrypted to the best of my knowledge but when it came out in its time I thought it was a pretty cool feature just like Personal Vault.  8)

19
Good to see Microsoft taking a hard position on security :)
Yes Antus67, MS use to use to have a similar product called Private folder for Win XP, LOL which I still have a copy of it.
Seems like a spin off from what they use to have long ago.

20
Quote
By Ionut Ilascu June 25, 2019 07:02 PM



A family of banking trojans for Android has spread beyond Russia, a region it normally targeted, and operates in an aggressive way to replace the default SMS app and deploy phishing screens on compromised devices.

Dubbed Riltok, the strain has been known since March 2018 and operated mainly in Russia, where 90% of its victims are located.
Spreading outside Russia

Towards the end of the year, the cybercriminals behind it created a version destined for English speakers. In January 2019 occurred Riltok variants for Italian and French victims.

Other detections were recorded in the U.K. and Ukraine. From the European countries, most of the infections are in France (4%).
https://www.bleepingcomputer.com/news/security/riltok-android-banker-takes-over-sms-app-spawns-phishing-screens/

21
Quote
By Lawrence Abrams June 25, 2019 10:42 AM

Microsoft has released the Windows 10 version 1903 KB4501375 cumulative update to Insiders in the Release ring for testing before it goes live for everyone. For this update there is no support bulletin listing what is fixed, but testing the Event Viewer shows that this update fixes the custom views crash bug.

With the release of the June 2019 Patch Tuesday updates, Microsoft introduced a bug that would cause Custom Views to crash Event Viewer. When users opened a Custom View they would be greeted with a message stating "MMC has detected an error in a snap-in and will unload it", which would cause Event viewer to stop working.

To be able to use Event Viewer again, users would need to restart the program.

This new cumulative update is titled "2019-06 Cumulative Update for Windows 10 Version 1903 (KB4501375)" and when installed will increase the Windows 10 build number to 18362.207.

https://www.bleepingcomputer.com/news/microsoft/windows-10-1903-insiders-test-fix-for-event-viewer-custom-views/

22
Quote
Lawrence Abrams June 25, 2019 01:44 PM
Due to the ever increasing growth of online threats that target your sensitive data, Microsoft has created a new OneDrive feature called 'Personal Vault' that will allow you encrypt and store your files in a secured container.

Personal Vault is a separate storage space in OneDrive that will automatically encrypt stored files and can only be accessed through an authentication method such as 2FA, fingerprint, face, PIN, or codes via email and SMS. This allows the files stored in the Personal Vault to be more secure in the event that someone gains access to your computer, mobile device, or OneDrive account or you become infected.

"Personal Vault adds to the robust privacy and security that OneDrive currently offers, including file encryption at rest and in transit, suspicious activity monitoring, ransomware detection and recovery, mass file deletion notification and recovery, virus scanning on download for known threats, and version history for all file types," stated Microsoft announcement.

23
General Software / Re: Mozilla Firefox Quantum
« on: June 24, 2019, 06:00:22 am »
Firefox v67.0.4 Released
Released: June 5, 2019


• Various security fixes

Direct Download: Firefox 67.0.4 for Windows | Fully Localized Versions
Direct Download: Firefox 64-bit
Download Mobile: Android & iSO
More Info: Release Notes
More Info: Security Advisories

24
Quote
By Lawrence Abrams

    June 22, 2019 03:31 AM

The much anticipated Windows Terminal Preview is here and I have to say, when it works, it's pretty awesome. While it shows great promise, as this is a very early preview, you should expect to see some bugs, crashes, and quirks that will be fixed in future builds.

Microsoft briefly made the preview available on the Microsoft Store earlier yesterday, but they were just gearing up for its release and it was not ready. The working version of Windows Terminal is now available from the Microsoft Store, which is based on version 0.2.1715.0.

To get the the Windows Terminal Preview you need to make sure you are running Windows 10 version 1903 and on build 18362.0 or higher. If you meet the requirements, you can go to the Microsoft Store and search for Windows Terminal to install it.

I assume this is allowing to prompt Linux commands too!  8)
Yes reading ahead allows just that.

https://www.bleepingcomputer.com/news/microsoft/windows-terminal-is-here-in-its-multi-tabbed-console-glory/

25
Quote
By Lawrence Abrams

    June 22, 2019 10:45 AM

Tor Browser 8.5.3 has been released to fix a Sandbox Escape vulnerability in Firefox that was recently used as part of a targeted attack against cryptocurrency companies. As this vulnerability is actively being used, it is strongly advised that all Tor users upgrade to the latest version.

When starting Tor Browser, it should alert you if a new version is available. If you would like to perform a manual check, you can do so by going to Tor Browser menu -> Help -> About Tor Browser

Unfortunately, like the previous release, the Android version of Tor Browser 8.5.3 will not be available until the weekend as part of the Tor team who handles the Android signing token is away at an event.

Tor 8.5.3 can be downloaded from the Tor Browser download page and from the distribution directory.

The full changelog for Tor Browser 8.5.3 is:

Tor Browser 8.5.3 -- June 21 2019
 * All platforms
   * Pick up fix for Mozilla's bug 1560192
https://www.bleepingcomputer.com/news/software/tor-browser-853-fixes-a-sandbox-escape-vulnerability-in-firefox/

26
Quote
By Lawrence Abrams

    June 22, 2019 08:14 PM

According to a statement by the U.S. Cybersecurity and Infrastructure Security Agency, an increase in cyberattacks utilizing destructive wiper tools has been detected targeting U.S. industries and government agencies by Iranian actors or proxies.

The statement, titled "CISA Statement on Iranian Cybersecurity Threats", was posted today by CISA Director Chris Krebs to his Twitter account and issues a warning that Iranian affiliated actors are increasingly using destructive wiper attacks on targeted networks and computers.

A wiper is a malware program designed to delete data on a computer. Unlike ransomware, which is designed to ransom your encrypted files for a payment, wipers are designed to destroy your data with no way of recovering the files.

Wiper attacks have been used in the past by state actors or as decoys for other attacks, which are described later in the article.

https://www.bleepingcomputer.com/news/security/us-government-warns-of-data-wipers-used-in-iranian-cyberattacks/

27
Quote
By Lawrence Abrams

    June 20, 2019

Mozilla has released Firefox 67.0.4 to fix a security vulnerability that has been used in targeted attacks against cryptocurrency firms such as Coinbase. Users of Firefox should immediately install this update.

This week, Mozilla released Firefox 67.0.3 to fix a critical remote code execution vulnerability that was being used in targeted attacks. Since its release, it was discovered that the vulnerability and another unknown one was chained together as part of a phishing attack to drop and execute malicious payloads on victim's machines.

Today, Mozilla released Firefox 67.0.4 that fixes the second unknown vulnerability that was used during this chained attack.

https://www.bleepingcomputer.com/news/security/mozilla-firefox-6704-fixes-second-actively-exploited-zero-day/

28
I'm running Linux and I didn't have any issues finding the update.
Try this page E.
Hope that helps or you can wait until tomorrow and see if you get the update via WU..
I would wait until tomorrow and see what happens using WU.

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4505057

http://www.catalog.update.microsoft.com/Search.aspx?q=KB4495666

29
Thanks Antus67!
I use VLC to watch my DVDs

30
VoodooShield / Re: VoodooShield v5 STABLE Thread
« on: June 09, 2019, 07:34:38 am »
I don't know what happened, but when I tried to add this screenshot in my first post, but it didn't take:

I got the same one as you with the same result.
@ Tarnak and oldschool. Are you having an issue with adding the jpg picture to the forum?
If so please PM and I will look into the forum settings.

Thank you!
Regards,
Hardhead

Pages: 1 [2] 3 4 ... 21