5441

VirusTotal uploader has privacy leaks: http://seclists.org/fulldisclosure/2017/Sep/5
Weak privacy design by both Google and VT.

polonus

5442

Presumably this doesn’t apply when uploading files directly to the website.

5443

Hi Ehmen,

You are right there. It is just the Windows uploader that has this. :wink:

polonus

5444

Cybersecurity Incident & Important Consumer Information
https://www.equifaxsecurity2017.com/

5445

http://screencast-o-matic.com/screenshots/u/Lh/1504872278860-94841.png

https://blog.avast.com/equifax-website-hacked-now-what

5446

L.S.

If in this new situation you wanna stay monopolist and protect data you should do a better job of it.
and you also should know where you private data went on the non-public Interwebs, read:

https://www.bloomberg.com/news/articles/2017-09-07/three-equifax-executives-sold-stock-before-revealing-cyber-hack

Data commerce through algoritms, a new “weapon of math destruction”,
making the rich richer and the poor poorer still.

polonus

5447

Lenovo Wasn’t Paying Attention: 750,000 Laptops Had Spyware
https://www.inverse.com/article/36136-lenovo-settles-spyware-laptop-case-ftc-32-states

5448

But they already have form for that going back a few years, at that point I was looking for a new laptop and Lenovo was certainly something I was looking at based on value for money. After the revelation, the Lenovo name went off my radar, trust once lost is very hard to regain.

5449

I have a Lenovo but the model isn’t on the list of affected computers.
Excellent computer at a very reasonable price. :slight_smile:

5450

Microsoft Office Zero-Day Vulnerability Addressed in September Patch Tuesday
http://blog.trendmicro.com/trendlabs-security-intelligence/microsoft-office-zero-day-vulnerability-addressed-september-patch-tuesday/

5451

Thanks, Pondus, for the “heads-up” on this one. Hope everyone will be so wise to patch immediately.

Another thing, stay away from url-shorteners or use them wisely, as they were used in this Linkedln-phishing-campaign:
https://blog.malwarebytes.com/threat-analysis/2017/09/compromised-linkedin-accounts-used-to-send-phishing-links-via-private-message-and-inmail/

URL shorteners are a well-known vehicle for spreading malware and phishing scams but they are also used for legitimate purposes, especially on social media where long URLs tend to be too cumbersome. In this attack, the perpetrators are abusing both - ow.ly and a free hosting provider (-gdk.mx) to redirect to the phishing page, itself hosted on a hacked website.

polonus aka Damian

5452
5453

Backdoor in Word Press plug-in Display Widgets abused: https://www.pluginvulnerabilities.com/2017/09/11/wordpress-poor-handling-of-plugin-security-exacerbates-malicious-takeover-of-display-widgets/

polonus

5454

Malvertising Campaign Mines Cryptocurrency Right in Your Browser
Malware authors are using JavaScript code delivered via malvertising campaigns to mine different cryptocurrencies inside people’s browsers, without their knowledge.

https://www.bleepingcomputer.com/news/security/malvertising-campaign-mines-cryptocurrency-right-in-your-browser/

5455

Adware Installs InfoStealer Trojan that it loads via Chrome DLL Hijacking
https://www.bleepingcomputer.com/news/security/adware-installs-infostealer-trojan-that-it-loads-via-chrome-dll-hijacking/

5456

CCleaner Compromised to Distribute Malware for Almost a Month

https://www.bleepingcomputer.com/news/security/ccleaner-compromised-to-distribute-malware-for-almost-a-month/

https://forum.piriform.com/index.php?showtopic=48868

https://www.piriform.com/news/blog/2017/9/18/security-notification-for-ccleaner-v5336162-and-ccleaner-cloud-v1073191-for-32-bit-windows-users

5457

HOLY MOLY! CCleaner is a very popular tool, used by many, properly also in here. Distribution of a malicious version for over a month, is a very serious issue.

Since CCleaner is now owned by Avast, I expect Avast to follow this up with a tool that can detect, remove and rapport of this infection. A tool which can be run manually, but also deployed via network.

Get cracking Avast, you have some serious cleaning up to do.

5458

Well this is where the blame actually should go, the creators of a fake Windows update,
infecting with trojan/win32-floxif-a.

Best removal if affected is restoring your system to a previous state before the infection took place.
Also remember for the free version of CCleaner, a manual update is needed.

So in the future always run your OS as user, not as admin, and have back-ups always.

polonus

5459

Locky Ransomware Pushed Alongside FakeGlobe in Upgraded Spam Campaigns
http://blog.trendmicro.com/trendlabs-security-intelligence/locky-ransomware-pushed-alongside-fakeglobe-upgraded-spam-campaigns/

=======================================================
In the specific campaigns discussed below, both Locky and the ransomware FakeGlobe were being distributed—but the two were rotated. The cybercriminals behind the campaign designed it so that clicking on a link from the spam email might deliver Locky one hour, and then FakeGlobe the next. This makes re-infection a distinct possibility, as victims infected with one ransomware are still vulnerable to the next one in the rotation.

5460

Another mobile anti-virus app did not protect but infect: https://blog.checkpoint.com/2017/09/18/does-your-mobile-anti-virus-app-protect-or-infect-you/

Who, what and where can you fully trust in the digital infrastructure any longer, when the going gets narrow.

polonus