The Anonpop Fake Ransomware is a malware program discovered by @JAMESWT_MHT that pretends to be a ransomware that encrypts your files and demands a ransom of $125 to decrypt them. In reality, though, this program does not encrypt any of your files and deletes them instead. Thankfully, these scumbags do not securely delete the files and you can use Shadow Volume Copies or programs like Recuva or PhotoRec to recover your files.
v5.117 – 15/05/16
[ADD] – Added traditional Chinese translation
[UPD] – Local database v15-05-2016.2
[UPD] – Generic startup elements detection updated
[UPD] – Generic tasks detection updated
[UPD] – Generic softwares detection updated
+ Ad.Outobox ++ Ad.ResultsAlpha + MeMedia.AdVantage
+ Win32.Bifrost + Win32.Kazy + Win32.KillAV.hd + Win32.Koutodoor.aik + Win32.Turkojan
Total: 2615955 fingerprints in 827093 rules for 7610 products.
Pale Moon: Release notes
A small update to address two important issues:
Fix for a crash that could occur at random since the update to 25.8.0.
Fix for CSP (Content Security Policy) to be more lenient towards the incorrect passing of full URLs with all sorts of parameters in the CSP header, leading to misinterpretation of the header and incorrectly blocking the loading of content.
Pale Moon: Release notes
This is a security, stability and usability update.
Updated LibVPX to 1.4.x to be able to play more kinds of VP9-encoded videos.
Updated the JPEG decoder library to 1.4.0.
Fixed and cleaned up XPCOM timer thread code to avoid intermittent issues with events not firing (especially after stand-by).
Updated overrides to work around issues with Facebook and Netflix.
Fixed an issue where too-old system-supplied NSPR and/or NSS libraries would be accepted for use.
Updated the libpng library to 1.5.24 to address critical security issues CVE-2015-7981 and CVE-2015-8126
Updated the NSPR library to 4.10.10 to address several security issues.
Updated the NSS library to 3.19.4 to address several security issues.
Fixed a memory safety hazard in SVG path code (CVE-2015-7199).
Fixed an issue with IP address parsing potentially allowing an attacker to bypass the Same Origin Policy (CVE-2015-7188).
Fixed an Add-on SDK (Jetpack) issue that would allow scripts to be executed despite being forbidden (CVE-2015-7187).
Fixed a crash due to a buffer underflow in libjar (CVE-2015-7194).
Fixed an issue for Android full screen that would potentially allow address spoofing (CVE-2015-7185).
Added size checks in canvas manipulations to avoid potential image encoding vulnerabilities like CVE-2015-7189. DiD
Fixed potential information disclosure vulnerabilities through the NTLM authentication mechanism. Insecure NTLM v1 is now disabled by default, and the workstation name is set to WORKSTATION by default (configurable with a preference for environments where identification of workstations is done by actual reported machine name). This avoids issues like CVE-2015-4515.
Fixed a potentially vulnerable crash from a spinning event loop during resize painting. DiD
DiD This means that the fix is “Defense-in-Depth”: It is a fix that does not apply to an actively exploitable vulnerability in Pale Moon, but prevents future vulnerabilities caused by the same code when surrounding code changes, exposing the problem.
Security Advisories Updated or Released Today
* Microsoft Security Advisory (3097966)
– Title: Inadvertently Disclosed Digital Certificates Could Allow
– Originally published: September 24, 2015
* Microsoft Security Advisory (3042058)
– Title: Update to Default Cipher Suite Priority Order
– Originally published: May 12, 2015
* Microsoft Security Advisory (2960358)
– Title: Update for Disabling RC4 in .NET TLS
– Originally published: May 13, 2014
* Microsoft Security Advisory (2755801)
– Title: Update for Vulnerabilities in Adobe Flash Player in
– Originally published: September 21, 2012
What is CrossBrowse?
The Malwarebytes research team has determined that CrossBrowse is adware. These adware applications display advertisements not originating from the sites you are browsing.
Version 31.6.0, first offered to Release channel users on March 31, 2015
Check out “What’s New” and “Known Issues” for this version of Thunderbird
Version 33.0, first offered to Release channel users on October 13, 2014
Check out “What’s New” and “Known Issues” for this version of Firefox below.
As always, you’re encouraged to tell us what you think, or file a bug in Bugzilla. If interested, please see the complete list of changes in this release.