VirusTotal uploader has privacy leaks: http://seclists.org/fulldisclosure/2017/Sep/5
Weak privacy design by both Google and VT.
polonus
Presumably this doesn’t apply when uploading files directly to the website.
Hi Ehmen,
You are right there. It is just the Windows uploader that has this. 
polonus
Cybersecurity Incident & Important Consumer Information
https://www.equifaxsecurity2017.com/
L.S.
If in this new situation you wanna stay monopolist and protect data you should do a better job of it.
and you also should know where you private data went on the non-public Interwebs, read:
Data commerce through algoritms, a new “weapon of math destruction”,
making the rich richer and the poor poorer still.
polonus
Lenovo Wasn’t Paying Attention: 750,000 Laptops Had Spyware
https://www.inverse.com/article/36136-lenovo-settles-spyware-laptop-case-ftc-32-states
But they already have form for that going back a few years, at that point I was looking for a new laptop and Lenovo was certainly something I was looking at based on value for money. After the revelation, the Lenovo name went off my radar, trust once lost is very hard to regain.
I have a Lenovo but the model isn’t on the list of affected computers.
Excellent computer at a very reasonable price. 
Microsoft Office Zero-Day Vulnerability Addressed in September Patch Tuesday
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-office-zero-day-vulnerability-addressed-september-patch-tuesday/
Thanks, Pondus, for the “heads-up” on this one. Hope everyone will be so wise to patch immediately.
Another thing, stay away from url-shorteners or use them wisely, as they were used in this Linkedln-phishing-campaign:
https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/
URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome. In this attack, the perpetrators are abusing both - ow.ly and a free hosting provider (-gdk.mx) to redirect to the phishing page, itself hosted on a hacked website.
polonus aka Damian
Backdoor in Word Press plug-in Display Widgets abused: https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/
polonus
Malvertising Campaign Mines Cryptocurrency Right in Your Browser
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people’s browsers, without their knowledge.
Adware Installs InfoStealer Trojan that it loads via Chrome DLL Hijacking
https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/
CCleaner Compromised to Distribute Malware for Almost a Month
HOLY MOLY! CCleaner is a very popular tool, used by many, properly also in here. Distribution of a malicious version for over a month, is a very serious issue.
Since CCleaner is now owned by Avast, I expect Avast to follow this up with a tool that can detect, remove and rapport of this infection. A tool which can be run manually, but also deployed via network.
Get cracking Avast, you have some serious cleaning up to do.
Well this is where the blame actually should go, the creators of a fake Windows update,
infecting with trojan/win32-floxif-a.
Best removal if affected is restoring your system to a previous state before the infection took place.
Also remember for the free version of CCleaner, a manual update is needed.
So in the future always run your OS as user, not as admin, and have back-ups always.
polonus
Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-pushed-alongside-fakeglobe-upgraded-spam-campaigns/
=======================================================
In the specific campaigns discussed below, both Locky and the ransomware FakeGlobe were being distributed—but the two were rotated. The cybercriminals behind the campaign designed it so that clicking on a link from the spam email might deliver Locky one hour, and then FakeGlobe the next. This makes re-infection a distinct possibility, as victims infected with one ransomware are still vulnerable to the next one in the rotation.
Another mobile anti-virus app did not protect but infect: https://blog.checkpoint.com/2017/09/18/does-your-mobile-anti-virus-app-protect-or-infect-you/
Who, what and where can you fully trust in the digital infrastructure any longer, when the going gets narrow.
polonus