Tornado Scam warning – Fake Donation and services sites emerge

Uncategorized Comments Off on Tornado Scam warning – Fake Donation and services sites emerge

After any tragedy, fake donation emails and websites surface. It is always a best practice to contribute to mainstream organizations like Red Cross or Salvation Army.  Verification that a site is official will ensure funds are properly received by those in need. http://www.arkansasonline.com/news/2014/apr/28/mcdaniel-warns-scams-after-tornado/ http://talkbusiness.net/2014/04/businesses-rally-provide-tornado-relief-ag-warns-scams/ QUOTE: McDaniel says he expects to see scams emerge on services […]

Internet Explorer Zero Day – Bromium Labs shared technical details for CVE-2014-1776 exploit

Uncategorized Comments Off on Internet Explorer Zero Day – Bromium Labs shared technical details for CVE-2014-1776 exploit

Bromium Labs shared technical testing details for the CVE-2014-1776 exploit circulating.  Users should be careful to avoid malicious websites using IE http://labs.bromium.com/2014/02/25/dissecting-the-newest-ie10-0-day-exploit-cve-2014-0322/ QUOTE: Few days ago the news about a fresh Internet Explorer 10 zero-day exploit popped up. Now the exploit code is publicly available and we managed to analyze the vulnerability and find out some details […]

AOL EMAIL security breach – Users should change passwords

Uncategorized Comments Off on AOL EMAIL security breach – Users should change passwords

AOL has shared that email credentials have been discovered for at least 2% of it’s accounts by hackers and recommends all users change passwords immediately http://arstechnica.com/security/2014/04/youve-got-pwned-aol-reports-e-mail-breach-as-bigger-than-thought/ QUOTE:  Last week, AOL confirmed that an unknown number of AOL Mail accounts have been hacked. Today, the company urged all its customers to change passwords and security questions, […]

TDL4 Rootkit – New Variant manipulates Windows kernel vulnerability CVE-2013-3660

Uncategorized Comments Off on TDL4 Rootkit – New Variant manipulates Windows kernel vulnerability CVE-2013-3660

    The TDL4 rootkit is one of the most advanced malware attacks circulating and it can hide in a stealth like manner within the operating system.  A new variant was can manipulate the new CVE-2013-3660 vulnerability.  This leads to access of the Windows kernel and capability to bypass detection by almost all anti-virus products and security defenses.   […]

Internet Explorer Zero Day – CVE-2014-1776 exploit used in targeted attack

Uncategorized Comments Off on Internet Explorer Zero Day – CVE-2014-1776 exploit used in targeted attack

  Several links found in research are noted below which describe this new vulnerability and limited attacks circulating in wild: http://securitywatch.pcmag.com/hacking/323081-xp-users-permanently-vulnerable-to-new-internet-explorer-exploit http://blog.trendmicro.com/trendlabs-security-intelligence/internet-explorer-zero-day-hits-all-versions-in-use/ https://isc.sans.edu/forums/diary/IE+Zero+Day+Advisory+from+Microsoft/18035 https://technet.microsoft.com/en-US/library/security/2963983 http://www.fireeye.com/blog/uncategorized/2014/04/new-zero-day-exploit-targeting-internet-explorer-versions-9-through-11-identified-in-targeted-attacks.html http://www.symantec.com/connect/blogs/zero-day-internet-vulnerability-let-loose-wild http://blogs.mcafee.com/mcafee-labs/product-coverage-mitigation-cve-2014-1776-microsoft-internet-explorer QUOTE: Don’t say we didn’t warn you. Microsoft ended support for Windows XP earlier this month, meaning any new security holes won’t be patched. Well, they’ve found one, […]

HeartBleed OpenSSL Vulnerability – LastPass website testing facility

Uncategorized Comments Off on HeartBleed OpenSSL Vulnerability – LastPass website testing facility

While almost all mainstream sites have been patched, this website testing facility provides improved information from resources offered earlier, (including certificate change history) https://lastpass.com/heartbleed/ EXAMPLES: https://lastpass.com/heartbleed/?h=www.microsoft.com https://lastpass.com/heartbleed/?h=www.yahoo.com

HeartBleed OpenSSL Vulnerability – Simplified for individuals and organizations

Uncategorized Comments Off on HeartBleed OpenSSL Vulnerability – Simplified for individuals and organizations

As shared on the “Securing the Human” site, a simplified summary of actions for individuals and organizations to assess and protect themselves English Version (PDF) http://www.securingthehuman.org/newsletters/ouch/issues/OUCH-2014-special_en.pdf QUOTE: We have received a great deal of feedback that organizations need help explaining to their employees and staff what they can do to protect themselves concerning the Heartbleed vulnerability.  […]

EMAIL 419 SCAM – Free World Cup 2014 tickets

Uncategorized Comments Off on EMAIL 419 SCAM – Free World Cup 2014 tickets

A new variant of the 419 scam uses both monetary amounts and Free World Cup 2014 finals tickets to lure individuals in revealing bank account and other sensitive information.  These spammed emails should be deleted. http://blog.malwarebytes.org/fraud-scam/2014/04/world-cup-2014-cash-prize-tickets-email-is-a-419-scam/ QUOTE; From the spam traps: a World Cup 2014 419 missive, with a wonderfully enlightening subject line: “gkxzhlfgjs‏”.  This is, of course, […]

HeartBleed Open SSL vulnerability – How to test using NMAP

Uncategorized Comments Off on HeartBleed Open SSL vulnerability – How to test using NMAP

The ISC shares techniques for testing vulnerable Open SSL sites using NMAP, which is an excellent free PENTEST tool used in network vulnerability testing https://isc.sans.edu/forums/diary/Testing+your+website+for+the+heartbleed+vulnerability+with+nmap/17991 QUOTE: We have received reports by many readers about buggy tools to test for the heartbleed vulnerability. Today I want to show you how easy it is to check for […]

Heartbleed – Arrest made in Canada for hacking tax agency records

Uncategorized Comments Off on Heartbleed – Arrest made in Canada for hacking tax agency records

This is likely someone capitalizing on use of the exploit itself (not original developer) http://money.cnn.com/2014/04/16/technology/security/canada-heartbleed/index.html QUOTE: Canadian mounties have arrested a teenager who, they say, used the Heartbleed Internet bug to hack into the country’s tax agency. Shortly after the Internet bug was revealed to the world last week, the Canada Revenue Agency suffered a […]


© 2021 Computer Safety & News.
WordPress Theme & Icons by N.Design Studio. Provided by WPMU DEV -The WordPress Experts   Hosted by Microsoft MVPs
Entries RSS Comments RSS Log in