Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Hardhead

Pages: 1 2 [3] 4 5 ... 21
31
Security Software / Re: Belarc Advisor Updates
« on: June 09, 2019, 05:00:24 am »
The Current Belarc Advisor Security Definitions Version is 2019.5.28.2

http://www.belarc.com/info_advisor_defs_update

Version 9.0, Download: Link

Belarc Advisor automatically checks for, fetches, and installs Belarc Advisor Security Definition updates at each use, but you have to download and install the new program versions manually.

32
Security Software / Re: GHOSTERY 8.3.4
« on: June 09, 2019, 04:54:24 am »
GHOSTERY 8.3.4 a month ago (May 9, 2019))

  •      + Fixes bug in Click2Play redirect blocking
Extension Releases
https://github.com/ghostery/ghostery-extension/releases

Firefox Addon
https://addons.mozilla.org/en-US/firefox/addon/ghostery/?src=userprofile

33
Security Software / Re: uBlock Origin
« on: June 09, 2019, 04:49:37 am »
Releases https://github.com/gorhill/uBlock/releases
Version
  1.19.6

Last updated
  6 days ago (Jun 3, 2019) 


https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/

34
I didn't have any issues on Windows 8.1 or Linux.  8)

35
Author: Zeljka Zorz, Managing EditorMay 23, 2019

There is still no public, working exploit code for CVE-2019-0708, a flaw that could allow an unauthenticated remote attacker to execute remote code on a vulnerable target running Remote Desktop Protocol (RDP).



But, as many infosec experts have noted, we’re not far off from when one is created and leveraged by attackers in the wild. With the vulnerability being wormable, when it hits, the exploit could end up compromising millions of systems around the world, in homes and enterprises.

full article here:https://www.helpnetsecurity.com/2019/05/23/bluekeep-rdp-vulnerability/
Very interesting Antus67 as the Intel ME Vulnerability is some what related in the same results however the Intel ME Vulnerability deals with the Intel and AMD chip processor that can only be fixed 2 ways.

At least there is a patch for this vulnerability and Windows 8 and 10 are not affected by the vulnerability but there is no fix unless your System is practically brand new when it comes to Intel ME Vulnerability.

1. Hope that the vendor has a update to flash the bios which many don't as Advancedsetup and exile360 talk about.
2. Or take a risk and brick the Desktop or Laptop system.


 

36
VoodooShield / Re: VoodooShield v5 STABLE Thread
« on: May 22, 2019, 01:16:37 pm »
RE Dan's recent post:

"...And you guys also understand that the ONLY way to provide the most robust and effective lock possible, is through our patented toggling technology.  In other words, you can only lock a computer so tight before it will not even boot properly.  But if you implement a toggling mechanism, you can apply the absolute strongest lock possible, once the computer is up and running."

I assume that Dan is speaking here about "Smart mode", which toggles automatically between on and off?

But I hear that many people run VS in "always on" mode. If you are one of them, have you experienced any issues?
If you use Smart mode, have you found it more user-friendly?

Just curious about this issue.
That was my settings was always on in smart mode when I was testing and I didn’t have any issues.

37
Vulnerability Report & Security Research / Intel ME Vulnerability
« on: May 22, 2019, 01:56:34 am »
By exile360, Saturday at 04:26 PM in General Chat

Quote
For a long time security experts have warned about the dangers of using insecure software and hardware.  They tell us to never use simple passwords, never to write down our passwords, never leave our devices unlocked, and to always change the default administrator password on our routers and other devices.  But what if there was a device inside your CPU, the central 'brain' of your computer that was always on, even when the system is powered off, and what if I told you this device was inside every computer built in the last 11 or so years and that it was so secret and its code so obscured that security researchers can't even audit its code for potential vulnerabilities and that it has full access to your network devices and storage devices in your system, has the ability to power on your system remotely, and even access your hardware and data when no operating system is installed or running?  You would probably tell me that it's time to get my tinfoil hat resized because it's on a little too tight, right?  Well unfortunately not only is this a reality, but it has already had vulnerabilities discovered that could exploit it.

What I am referring to is a piece of technology called IME or the Intel Management Engine.  It is a piece of code that runs inside a chip inside every Intel CPU and it was designed to allow remote control of every Intel based PC.  Unfortunately even if you're using an AMD processor you still have something like this, except they call it 'TrustZone' (a rather ironic name in my opinion :P).

Well, as has been a theme lately, a new vulnerability has been discovered in Intel's Management Engine and the only way to patch it is through a firmware update.  This can be done manually, but it isn't very straightforward, especially if your OEM/system manufacturer hasn't supplied a patch (most don't for these kinds of vulnerabilities unfortunately, especially for older systems).  For those who wish to attempt patching it on your own, you'll find all the tools and instructions required at the Win-Raid Forum here.  They have links to downloads for all of the required tools to check your ME version and the utilities from Intel to patch it along with the latest firmware versions.  That said, if you do intend to patch as I did, BE CAREFUL and read the instructions and information in that post very carefully as there is no one size fits all firmware and you could easily brick your system if you do the wrong thing; sadly the only alternative is to remain vulnerable to potential ME exploits

https://forums.malwarebytes.com/topic/247575-intel-me-vulnerability-time-to-patchagain/


Note: Be sure to read all posts...

38
Here's a little more information if anyone is still running these OS's.

https://blogs.technet.microsoft.com/msrc/2019/05/14/prevent-a-worm-by-updating-remote-desktop-services-cve-2019-0708/

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Vulnerable in-support systems include Windows 7, Windows Server 2008 R2, and Windows Server 2008. Downloads for in-support versions of Windows can be found in the Microsoft Security Update Guide. Customers who use an in-support version of Windows and have automatic updates enabled are automatically protected. 

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708

Resources
Links to downloads for Windows 7, Windows 2008 R2, and Windows 2008
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-0708
Links to downloads for Windows 2003 and Windows XP
https://support.microsoft.com/help/4500705

39
If you use uBlock Origin in advance mode you can stop this from happening.  :)

40
Exactly why I don’t keep anything on the cloud or moon.  :P
I trust my external hard drive more than any cloud or moon. As of now I need to get another external drive because the other one that I have died a good while back. Always better safe than sorry about backups

41
VoodooShield / Re: VoodooShield v4 STABLE Thread
« on: May 11, 2019, 09:25:23 am »
what does clearing the command lines do? is it just the list of triggered commands? Thanks!

what does clearing the command lines do? is it just the list of triggered commands? Thanks!

Not a geek here, but I believe you are correct. It's a list of allowed/blocked command lines. Clearing it is analogous to clearing whitellist I guess.

Yes, Mr.GumP and oldschool its a list of command that have been ran on your OS. So if you see something odd that you know nothing about how it ran then the list is there to remind you what commands have been ran. Regedit,etc...

42
Here's a new updated post about Turla at Bleeping.
That's a nasty one there.

Quote
By Sergiu Gatlan

    May 7, 2019 08:00 AM

A Turla backdoor targeted at Microsoft Exchange mail servers and controllable remotely via email attachments using steganography was discovered by researchers while used in attacks against multiple targets from around the world

ESET also published another analysis of a backdoor used by the Turla hacking group to target the Outlook and The Bat! email clients, a malware strain which uses the legitimate Messaging Application Programming Interface (MAPI) to be able to interact with Outlook and get access to the targets' inboxes while maintaining stealthiness.

https://www.bleepingcomputer.com/news/security/turla-backdoor-deployed-in-attacks-against-worldwide-targets/

43
My pleasure Antus67 ;) 
Well the unhackable part will have to be seen in the future.
Hopefully things are looking promising. That would really be super cool. Just imagine what it will sell for. Big big mula..

44
5/6/2019
05:10 PM
Robert Lemos

Quote
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.

Atlassian's Bitbucket, GitHub, and GitLab notified hundreds of developers over the weekend that their accounts on those repository services were breached and their code deleted by attackers using credentials harvested from another site or misconfigured files.

The accounts of more than an estimated 1,000 developers were impacted by the attack on the three services. In each case, the attackers deleted the victim's code repository and left behind a ransom note demanding a tenth of a bitcoin — about $570 — to restore the data.

Atlassian, which declined to say how many of the users of its Bitbucket service were affected, notified developers whose accounts were impacted and blamed password reuse for the attackers' ability to compromise the service.

"During this attack, a third party accessed your repository by using the correct username and password for one of the users with permission to access your repository," the company stated in a notification to affected users. "We believe that these credentials may have been leaked through another service, as other git hosting services are experiencing a similar attack."

The attack highlights the dangers of mishandling passwords. Reportedly, 392 GitHub users were impacted by the attack, although only 320 users' repositories are currently showing signs of the ransom note. Bitbucket appears to have blocked search results for affected users, while GitLab does not have facilities for searching through repositories.

Reusing the same password on different services is a problematic habit of online users that can undermine security. In addition, developers often unwittingly leave passwords in files that are published to public repositories. None of the services hosting affected developers' repositories found signs of a compromise. Instead, attackers logged onto them from an unrecognized Internet address using valid credentials and then deleted the victim's code.

"GitHub has been thoroughly investigating these reports, together with the security teams of other affected companies, and has found no evidence GitHub.com or its authentication systems have been compromised," the company said. "At this time, it appears that account credentials of some of our users have been compromised as a result of unknown third-party exposures. We are working with the affected users to secure and restore their accounts."

GitLab started investigating the issue on Sunday, after one developer reported that its code had been deleted. The organization concluded that the breach may have occurred when developers mistakenly published passwords stored in another repository.

"We have identified affected user accounts, and all of those users have been notified," a GitLab spokesperson said. "As a result of our investigation, we have strong evidence that the compromised accounts have account passwords being stored in plaintext on a deployment of a related repository."

Atlassian also urged users to not leave passwords in files that may be replicated into public repositories.

https://www.darkreading.com/attacks-breaches/password-reuse-misconfiguration-blamed-for-repository-compromises/d/d-id/1334624

45
 Zeljka Zorz, Managing EditorMay 6, 2019

Quote
Flaw in pre-installed software opens Dell computers to remote hijack

Dell computer owners should update the Dell SupportAssist software as soon as possible to close a high-risk remote code execution vulnerability.

Dell pre-installed software vulnerability
What is Dell SupportAssist?

SupportAssist is software that comes pre-installed on most Dell laptops and computers running Windows.

It has administrator-level access to the operating system and uses it to identify issues, run diagnostics, driver-update scans, and install drivers.
About the vulnerability (CVE-2019-3719)

CVE-2019-3719 is not deemed to be critical as it can’t be exploited by attackers who are not on the same local network as the victim.

Still, instances where that can happen are far from rare. For example, it’s enough for the attacker to be connected to the same public wireless network or enterprise network the potential victim is.

To successfully pull off the attack, the attacker must trick the target into visiting a website booby-trapped with the exploit – no other user interaction is required.

https://www.helpnetsecurity.com/2019/05/06/dell-pre-installed-software-vulnerability/

Pages: 1 2 [3] 4 5 ... 21