Spyware, Viruses, & Security forum

Alert

NEWS - January 11, 2016

by Carol~ Moderator / January 11, 2016 11:06 AM PST
Latest tech support scam stokes concerns Dell customer data was breached

Tech-support scams, in which fraudsters pose as computer technicians who charge hefty fees to fix non-existent malware infections, have been a nuisance for years. A relatively new one targeting Dell computer owners is notable because the criminals behind it use private customer details to trick their marks into thinking the calls come from authorized Dell personnel.

"What made the calls interesting was that they had all the information about my computer; model number, serial number, and notably the last item I had called Dell technical support about (my optical drive)," Ars reader Joseph B. wrote in an e-mail. "That they knew about my optical drive call from several months prior made me think there was some sort of information breach versus just my computer being compromised."

Continued : http://arstechnica.com/security/2016/01/latest-tech-support-scam-stokes-concerns-dell-customer-data-was-breached/

Related: Well-informed tech support scammers target Dell users
Discussion is locked
You are posting a reply to: NEWS - January 11, 2016
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - January 11, 2016
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Time Warner Cable advises 320,000 customers of possible hack
by Carol~ Moderator / January 11, 2016 11:28 AM PST

Time Warner Cable has sent notices to 320,000 of its customers throughout the U.S., advising them to change the password to their email account out of concern that someone may have gained unauthorized access to that information. The telecommunication company said it was notified of the vulnerability by the FBI, but there’s no evidence to suggest that there was an actual breach.

“Approximately 320,000 customers across our markets could be impacted by this situation,” explained Eric Mangan, director of public relations. “To protect the security of these customers, we are sending emails and direct mail correspondence to encourage them to update their email password as a precaution.”

Continued: http://venturebeat.com/2016/01/06/time-warner-cable-advises-320000-customers-of-possible-hack/

Related: FBI warns Time Warner Cable of potential data breach

Collapse -
Malicious apps in Google Play made unauthorized downloads ..
by Carol~ Moderator / January 11, 2016 11:28 AM PST
Malicious apps in Google Play made unauthorized downloads, sought root

"Apps with as many as a million downloads removed following their discovery."

[Screenshot] Google has banished 13 Android apps from its Play marketplace after security researchers found the apps made unauthorized downloads and attempted to gain root privileges that allowed them to survive factory resets.

One of the 13 apps, which was known as Honeycomb, had as many as one million downloads before it was removed, according to researchers from Lookout, the mobile security provider that spotted the malicious entries. The apps boasted a large number of downloads and highly favorable user ratings, presumably thanks to the ability of one app to automatically download other apps and then leave rave user reviews for them. In a blog post, Lookout researcher Chris Dehghanpoor wrote:

Continued: http://arstechnica.com/security/2016/01/malicious-apps-in-google-play-made-unauthorized-downloads-sought-root/

Related: Beware! More malicious Android games found in the Google Play store
Collapse -
Android-based Smart TVs Hit By Backdoor Spread Via ..
by Carol~ Moderator / January 11, 2016 11:57 AM PST
.. Malicious App

TrendLabs Security Intelligence Blog:

With the year-end shopping season over, many consumers now have new various smart gadgets in their homes. One particularly popular usage of this so-called Internet of Things (IoT) are smart TVs. These TVs are more than just passive display devices; many of them can even run Android apps as well. Some may find these features useful, but these capabilities bring their own risks. (This was something we noted two years ago when we first looked some of the issues of smart TVs.)

Apps that allow users to watch channels from other parts of the world (that would otherwise be unavailable via other methods) are something that many users would find useful. However, some of these apps may put users at risk. These apps contain a backdoor that abuses an old flaw (CVE-2014-7911) in Android versions before Lollipop 5.0 (Cupcake 1.5 to Kitkat 4.4W.2). (We detect these malicious apps as ANDROIDOS_ROOTSTV.A.)

Continued: http://blog.trendmicro.com/trendlabs-security-intelligence/android-based-smart-tvs-hit-by-backdoor-spread-via-malicious-app/
Collapse -
General Motors invites hackers to report security flaws ..
by Carol~ Moderator / January 11, 2016 12:20 PM PST
.. in their cars

General Motors has started a bug bounty program and has invited security researchers to report information on security vulnerabilities affecting the company's products and services.

The program, set up via HackerOne's bug bounty platform, currently offers no concrete rewards except a thanks from the company, so it's more of a public coordinated disclosure program that an actual bug bounty program.

The company has agreed not to sue researchers that participate in the program if they do not harm GM, its customers or other users; if they don't compromise the privacy or safety of their customers and the operation of their services; if they don't violate any law (including disrupting or compromising any data or vehicle that is not their own), and if they agree not to publicly disclose vulnerability details before the flaw is fixed.

Continued: http://www.net-security.org/secworld.php?id=19309

Related:
GM Vulnerability Disclosure Program Lacks Rewards
GM Starts Bug Bounty Program, but Would Security Researchers Trust It?
GM embraces white-hat hackers with public vulnerability disclosure program
Collapse -
Juniper says it will remove flawed cryptographic code ..
by Carol~ Moderator / January 11, 2016 12:48 PM PST
.. from its software

Juniper Networks has announced its intention to remove two flawed cryptographic functions from its software over the next few months.

Last December, the multinational provider and marketer of networking products discovered unauthorized code in its ScreenOS software, which powers its NetScreen firewall, VPN, and traffic-shaping technology. The company subsequently launched an investigation into the matter and issued patched versions of ScreenOS.

Derrick Scholl explained in a post published on Juniper's blog last week that the investigation has not found any other unauthorized code in its software. Even so, the company has decided to make additional, more comprehensive changes to ScreenOS going forward by rejecting two of its underlying cryptographic functions: the pseudo-random number generators Dual_EC and ANSI X9.31.

Continued : https://www.grahamcluley.com/2016/01/juniper-says-remove-flawed-cryptographic-code-software/

Related:
Juniper drops NSA-developed code following new backdoor revelations
Juniper to kill off Dual_EC RNG in ScreenOS following new backdoor revelations
New Discovery Around Juniper Backdoor Raises More Questions About the Company
Popular Forums
icon
Computer Newbies 10,686 discussions
icon
Computer Help 54,365 discussions
icon
Laptops 21,181 discussions
icon
Networking & Wireless 16,313 discussions
icon
Phones 17,137 discussions
icon
Security 31,287 discussions
icon
TVs & Home Theaters 22,101 discussions
icon
Windows 7 8,164 discussions
icon
Windows 10 2,657 discussions

CNET FORUMS TOP DISCUSSION

Help, my PC with Windows 10 won't shut down properly

Since upgrading to Windows 10 my computer won't shut down properly. I use the menu button shutdown and the screen goes blank, but the system does not fully shut down. The only way to get it to shut down is to hold the physical power button down till it shuts down. Any suggestions?