Spyware Sucks
“There is no magic fairy dust protecting Macs" – Dai Zovi, author of “The Mac Hacker’s Handbook"
Syndication feeds available

Australian Bureau of Statistics waves a big red flag at a bull (aka hackers)

August 3rd 2016 in safety and privacy on the Internet

The 5 yearly Australian Census is collecting the names and addresses of all Australians (nothing unusual there), matching that information to myriad questions in the Census (again, nothing unusual). However, they are now retaining names and addresses to enable the Census to be linked to other national data for up to four years, instead of just 18 […]

Read On No Comments

Information about the AdGholas Malvertising Campaigns

July 29th 2016

Cite: https://www.proofpoint.com/us/threat-insight/post/massive-adgholas-malvertising-campaigns-use-steganography-and-file-whitelisting-to-hide-in-plain-sight The checks that were made to identify infection candidates are especially interesting, going so far as to check for OEM branding.

Read On No Comments

Defeating ransomware using Fiddler

July 7th 2016

Cite: https://twitter.com/Kleissner/status/750019370617823232  “How to defeat that ransomware easily: Download Fiddler, set a breakpoint, manipulate BTC balance”  

Read On Comments Off on Defeating ransomware using Fiddler

NetGear and Symantec vulnerabilities

July 1st 2016

NetGear Web GUI Password Recovery and Exposure Security Vulnerability: http://kb.netgear.com/app/answers/detail/a_id/30632 “NETGEAR is aware of the security issue that can expose web GUI login passwords while the password recovery feature is disabled. This vulnerability occurs when an attacker can access the internal network or when remote management is enabled on the router.” Norton vulnerability: unclicked links […]

Read On Comments Off on NetGear and Symantec vulnerabilities

Fake “Your Apple ID has been suspended” email

May 4th 2016

The domain being used to steal Apple ID usernames and passwords is mycloud-4.net, registered on 1 May 2016 via Crazy Domains.  Stay away.    

Read On Comments Off on Fake “Your Apple ID has been suspended” email

Malicious spam

May 4th 2016

Just a reminder, be careful of the emails you open… all of the pictured emails are NOT legitimate, and included malicious attachments…

Read On Comments Off on Malicious spam

Are you being prompted to download a JS (javascript) from areyouahuman.com?

April 23rd 2016

Apparently an areyouadownload.com partner incorrectly implemented a tag, causing the download prompt. Cite: https://twitter.com/areyouahuman/status/723529493202137088 areyouahuman.com is a service that tries to differentiate between bots, and “verified humans” before content, services and ads are presented to a website visitor.

Read On Comments Off on Are you being prompted to download a JS (javascript) from areyouahuman.com?

Urgent call to action: uninstall QuickTime for Windows

April 17th 2016

Cite: http://blog.trendmicro.com/urgent-call-action-uninstall-quicktime-windows-today/  

Read On Comments Off on Urgent call to action: uninstall QuickTime for Windows

Microsoft’s Edge browser to auto pause Flash based advertisements

April 12th 2016

It’s a good step forward in protecting users from malvertizing, but not a panacea. Cite: https://blogs.windows.com/msedgedev/2016/04/07/putting-users-in-control-of-flash/ By the way, have you updated Flash recently on your local computer? Please do so.  You can check the version you have installed here.  

Read On Comments Off on Microsoft’s Edge browser to auto pause Flash based advertisements