Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

Alert

NEWS - August 11, 2016

Aug 11, 2016 12:40PM PDT
This Windows Activation Scam Talks to You So You Won't Forget to Call & Pay

Five days ago, we reported about a ransomware/tech support scam that relied on a fake Windows activation screen to scare users into calling a special telephone number and having their operating system unlocked.

According to two reports from Bleeping Computer and Malwarebytes, there seems to be a resurgence of tech support scams that follows a trend of mimicking Windows activation screens, which is in no way innovative but hasn't been spotted so often in such a short period of time.

Continued: http://news.softpedia.com/news/this-windows-activation-scam-talks-to-you-so-you-won-t-forget-to-call-pay-507191.shtml

Related:
Windows Activation Scam locks your screen and doesn't Shut Up!
http://www.bleepingcomputer.com/news/security/windows-activation-scam-locks-your-screen-and-doesnt-shut-up/

Discussion is locked

- Collapse -
Secure Boot Vulnerability Exposes Windows Devices to Attacks
Aug 11, 2016 12:45PM PDT

Microsoft has been attempting to patch a serious Secure Boot vulnerability that can be exploited to bypass the security feature and install rootkits and bootkits on Windows devices. Researchers believe the security flaw cannot be fully patched.

Secure Boot is a UEFI (Unified Extensible Firmware Interface) feature that should prevent unauthorized programs or drivers from being loaded during the boot process of devices running Windows 8 and later. The feature is designed to ensure that every component loaded at boot is signed and validated.

Continued: http://www.securityweek.com/secure-boot-vulnerability-exposes-windows-devices-attacks

Related:
Microsoft Mistakenly Leaks Secure Boot Key
https://threatpost.com/microsoft-mistakenly-leaks-secure-boot-key/119828/

- Collapse -
Road Warriors: Beware of ‘Video Jacking’
Aug 11, 2016 12:47PM PDT

A little-known feature of many modern smartphones is their ability to duplicate video on the device’s screen so that it also shows up on a much larger display — like a TV. However, new research shows that this feature may quietly expose users to a simple and cheap new form of digital eavesdropping.

Dubbed “video jacking” by its masterminds, the attack uses custom electronics hidden inside what appears to be a USB charging station. As soon as you connect a vulnerable phone to the appropriate USB charging cord, the spy machine splits the phone’s video display and records a video of everything you tap, type or view on it as long as it’s plugged in — including PINs, passwords, account numbers, emails, texts, pictures and videos.

Continued: http://krebsonsecurity.com/2016/08/road-warriors-beware-of-video-jacking/

- Collapse -
Linux Flaw Allows Attackers to Hijack Web Connections
Aug 11, 2016 12:47PM PDT

Researchers discovered that a Transmission Control Protocol (TCP) specification implemented in Linux creates a vulnerability that can be exploited to terminate connections and conduct data injection attacks.

The flaw, tracked as CVE-2016-5696, is related to a feature described in RFC 5961, which should make it more difficult to launch off-path TCP spoofing attacks. The specification was formulated in 2010, but it has not been fully implemented in Windows, Mac OS X, and FreeBSD-based operating systems. However, the feature has been implemented in the Linux kernel since version 3.6, released in 2012.

Continued: http://www.securityweek.com/linux-flaw-allows-attackers-hijack-web-connections

Related:
Use the internet? This Linux flaw could open you up to attack
http://www.computerworld.com/article/3106284/security/use-the-internet-this-linux-flaw-could-open-you-up-to-attack.html

- Collapse -
Bleeping Computer countersues maker of SpyHunter
Aug 11, 2016 1:00PM PDT

Bleeping Computer, a longstanding popular discussion forum that helps people rid their computers of malware, has now countersued Enigma Software Group (ESG), which makes an antivirus software known as SpyHunter

Bleeping now claims that ESG has been violating Bleeping’s trademarks by registering new domain names that include “bleepingcomputer” and posting some of the company’s webpage’s source code on other websites without its authorization, among other allegations.

As Bleeping’s lawyers, which include Marc Randazza, a well-known 1st Amendment lawyer, wrote in their Monday filing: [...]

Continued: http://arstechnica.com/tech-policy/2016/08/bleeping-computer-countersues-maker-of-spyhunter/

Related:
Bleeping Computer Lawsuit Turns Ugly and Interesting at the Same Time
http://news.softpedia.com/news/bleeping-computer-lawsuit-turns-ugly-and-interesting-at-the-same-time-507213.shtml

- Collapse -
New Gmail Alerts Warn of Unauthenticated Senders
Aug 11, 2016 1:13PM PDT

Google is expected soon to begin a gradual rollout of new security features in Gmail that warn users if the system could not authenticate the sender of an email message.

Starting this week for browser-based users of Gmail and Android users, Google will display a question mark over a sender’s profile photo or user logo if the message cannot be authenticated with Sender Policy Framework or DKIM. [...]

A new set of warnings will also be displayed for messages containing potentially dangerous links.

Continued: https://threatpost.com/new-gmail-alerts-warn-of-unauthenticated-senders/119839/

- Collapse -
Thieves can wirelessly unlock up to 100 Million Volkswagens,
Aug 11, 2016 1:59PM PDT
.. each at the press of a button

Security researchers will demonstrate how crooks can break into cars at will using wireless signals that can unlock millions of vulnerable vehicles.

The eggheads, led by University of Birmingham computer scientist Flavio Garcia alongside colleagues from German engineering firm Kasper & Oswald, have managed to clone a VW Group remote control key fob after eavesdropping on the gizmos' radio transmissions.

Almost every vehicle the Volkswagen group has sold for the past 20 years – including cars badged under the Audi and Skoda brands – is potentially vulnerable, say the researchers. The problem stems from VW’s reliance on a “few, global master keys.”

Continued: http://www.theregister.co.uk/2016/08/11/car_lock_hack/

Related:
Almost all cars sold by VW Group since 1995 at risk from unlock hack
https://www.grahamcluley.com/2016/08/cars-sold-group-1995-risk-unlock-hack/