10 total posts
Portable USB drive fixes malware-crippled machines
Malwarebytes launched Techbench, a tool to help IT workers fix and restore even the most malware-infected computers. The 16GB USB simply needs to be plugged into the infected computer, before it automatically scans and removes even the most advanced Trojans, spyware, worms and other malicious software.
Techbench automatically quarantines all malicious software on the USB stick to prevent reinfection. The software also uses Malwarebytes Chameleon, a product designed to neutralize modern malware automatic countermeasures.
The product was directly conceived by Malwarebytes' founder and CEO Marcin Kleczynski, himself a former computer technician. Marcin's many hours fixing infected computers at his local PC repair shop, even though they already had AV software installed, was what initially inspired him to set up Malwarebytes.
Commenting on the launch, Kleczynski said: "Techbench is made by technicians, for technicians. As an IT support worker, there is nothing more frustrating than dealing with an endless line of computers infected with stubborn malware, each needing a different type of fix.
Continued : http://www.net-security.org/malware_news.php?id=2605
Related: Malwarebytes puts automatic antivirus cleanup on USB stick
@ the Malwarebytes Unpacked Blog: Introducing Malwarebytes Techbench
Now that's brilliant, as would be Anti-Virus software. Rob
Facebook Graph Search can now paw through your posts and ..
.. status updates
It's been nearly 10 months, but finally, the wait is over: We can now run Facebook searches to find single women who like men and like getting drunk and who might happen to mention such things in posts and status updates.
Thanks goes to the rollout of Facebook Graph Search's ability to search every single public Facebook post and status update ever made, announced by Facebook on Monday.
The searches can be modified by time - "All of my posts from 2012," for example - location, or the people who participated.
Graph Search for post and status updates is rolling out slowly to a small group of people who currently have Graph Search, Facebook says, including those who signed up for the limited beta of Graph Search, announced in January.
Facebook allows full personal data ransack with Graph Search
Facebook extends Graph Search to include posts, updates, comments
Yahoo Offers $12.50 as Bug Bounty
Major companies have realized both the PR and practical value in paying security researchers a bounty for the responsible disclosure of bugs and vulnerabilities they find: it demonstrates a responsible attitude towards security while being a relatively inexpensive way of finding problems.
But it can also have a negative effect if not handled sensitively. Facebook famously denied Khalil Shreateh a bug bounty even though he had tried to report a bug 'responsibly.' Failing to do so, he demonstrated the flaw by posting directly to Mark Zuckerberg's wall.
The official response from Facebook was that since he did not follow their written procedure for reporting bugs, he did not qualify for a bounty. This is a reaonable position to take - but the widespread public perception was that he was denied a reward out of pique because he hacked Zuckerberg himself. So much so, in fact, that the security industry clubbed together and privately provided a $13,000+ reward (donated by more than 300 individuals).
Continued : http://www.infosecurity-magazine.com/view/34812/yahoo-offers-1250-as-bug-bounty-/
Yahoo pays first bug bounty - $12.50 in Company Store credit
Yahoo! Pays! Paltry! $12.50! Bug! Bounty! For! Nasty! Email! Vuln!
Yahoo offers its first tepid bug bounty
Barack Obama's SSL certificate, NASA and NIST among those..
.. to fall as government shutdown hits sites
The United States government has begun a partial shutdown, after Congress failed to approve funding for government operations. It's obviously a huge news story if you live in America, but it also has an impact on the web for the rest of the world's surfers too.
As Netcraft reports, among those who have suffered is Barack Obama himself. His website at http://www.barackobama.com may still be up and running, but no-one has paid for his SSL certificate to be renewed.
The certificate for this website is invalid. You might be connecting to a website that is pretending to be "barackobama.com", which could put your confidential information ay risk.
NIST, the National Institute of Standards and Technology, has a stark message on the front of its website at http://nist.gov/
NIST Closed, NIST and Affiliated Web Sites Not Available
Due to a lapse in government funding, the National Institute of Standards and Technology (NIST) is closed and most NIST and affiliated web sites are unavailable until further notice. We sincerely regret the inconvenience.
Fake Facebook Mobile Page Steals Credit Card Details
From the TrendLabs Security Intelligence Blog:
We recently encountered a mobile phishing page that looks very similar to the official Facebook mobile page. However, looking closely into the URL address, there are noticeable differences. The real Facebook page is located at https://m.facebook.com/login and has the lock icon to show that the page is secured. [Screenshot]
This page tries to steal more than Facebook credentials. Should users actually try to log in, the page then prompts users to choose a security question. This may sound harmless, but these same security questions might be used across several different sites, and can compromise your security as well. [Screenshot]
Once users are done, they are led to another page, this time asking for their credit card details.
Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/fake-facebook-mobile-page-steals-credit-card-details/
Data Broker Hackers Also Compromised NW3C
The same miscreants responsible for breaking into the networks of America's top consumer and business data brokers appear to have also infiltrated and stolen huge amounts of data from the National White Collar Crime Center (NW3C), a congressionally-funded non-profit organization that provides training, investigative support and research to agencies and entities involved in the prevention, investigation and prosecution of cybercrime.
Last week, KrebsOnSecurity reported that entrepreneurs behind the underground criminal identity theft service ssndob[dot]ms also were responsible for operating a small but powerful collection of hacked computers exclusively at top data brokers, including LexisNexis, Dun & Bradstreet and HireRight/Kroll. A closer analysis of the Web server used to control that collection of hacked PCs shows that the attackers also had at least one infected system for several months this summer inside of the NW3c.
Core to the NW3C's mission is its Investigative Support division, which according to the organization's site "provides timely, relevant and effective services to member agencies involved in the prevention, investigation and prosecution of economic and high-tech crimes. The section has no investigative authority but can provide analytical assistance and perform public database searches."
Latest 100 Gigabit Attack Is One of Internet's Largest
Quite possibly, the largest raw packet bandwidth attack in history slams a site for nine hours, but the site under attack stays afloat.
Unbeknownst to many people in the world, late last week one of the largest attacks in the history of the Internet was taking place—a massive nine-hour barrage that leveled an unrelenting 100 Gigabits of traffic at its peak.
The attack took place on Sept. 24, and to date the victim of the attack is remaining in the shadows, not wanting to be publicly identified. The target Website is protected by cloud security vendor Incapsula, which was able to withstand the massive distributed denial-of-service (DDoS) attack and keep the targeted Website up and running.
Incapsula co-founder Marc Gaffan explained to eWEEK that the attacked site is in an industry that is constantly under assault. The attack leveraged raw bandwidth under the control of the attacker and was not a DNS reflection or amplification attack, Gaffan said. In March of this year, another 100 Gigabit attack was reported that leveraged DNS reflection. With DNS reflection, the number of inbound connections to a target Website is amplified by taking advantage of poorly configured DNS servers.
Obamacare Spam Surfaced Even Before Enrollment Starts
From the TrendLabs Security Intelligence Blog:
October 1, 2013
As enrolment for the controversial Affordable Care Act or Obamacare starts today, cybercriminals already had a head start, spewing Obamacare-related spam as early as first weeks of September.
Spam containing the terms "medicare" "enrollment" "medical insurance" started surfacing during the first week of September. Some of these spam variants can be easily recognized as such. However, others appear professional enough to fool some users into opening the email and clicking the links in these messages. [Screenshot]
Once users click these links, they are lead to nefarious pages, in particular survey scam sites. These sites typically encourage users to disclose certain information by pretending to be consumer survey pages or promising enticing prizes or in this case, Apple products like iPad, iPhone 5 etc. [Screenshot]
Continued : http://blog.trendmicro.com/trendlabs-security-intelligence/obamacare-spam-surfaced-even-before-enrolment-starts/