Alert

NEWS - November 10, 2015

Comcast says it’s not to blame after 200,000 user accounts were put up for sale online

Comcast will reset the passwords of roughly 200,000 customers after their account information wound up for sale on a shadowy Web site, the company said Monday.

The package of personal data, including the e-mail addresses and passwords of Comcast customers, was listed for sale for $1,000 on a Dark Web site that was also marketing a number of other questionable goods. The Dark Web is a collection of sites that are publicly accessible but cannot found by search engines. Usually Dark Web users need specialized software or instructions to visit a specific Web address.

Comcast said it was not hacked and that its systems and apps were not compromised. The company blamed the incident instead on unsuspecting customers who may have visited malware-laden sites or fallen victim to other schemes that allowed hackers to obtain their data.

Continued: https://www.washingtonpost.com/news/the-switch/wp/2015/11/09/comcast-says-its-not-to-blame-after-200000-accounts-were-illegally-put-up-for-sale/

Related:
Comcast resets passwords for 200,000 users after login credentials go on sale
Comcast resets 200,000 passwords offered for sale on Dark Web
Comcast resets nearly 200,000 passwords after customer list goes on sale
Discussion is locked
Follow
Reply to: NEWS - November 10, 2015
PLEASE NOTE: Do not post advertisements, offensive materials, profanity, or personal attacks. Please remember to be considerate of other members. If you are new to the CNET Forums, please read our CNET Forums FAQ. All submitted content is subject to our Terms of Use.
Reporting: NEWS - November 10, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Comments
- Collapse -
Comodo Issues Eight Forbidden Certificates

Certificate authority Comodo admits it incorrectly issued eight certificates that include forbidden internal server names or reserved IP addresses.

In 2012, the Certificate Authority/Browser Forum banned the use of such designations for certs issued after Nov. 1, 2015. The decision was meant to cut off a common practice of CAs issuing certificates for internal servers that were not unique and exposed networks to man-in-the-middle attacks and other risks.

Comodo senior research and development scientist Rob Stradling wrote in a post to the CA/B forum that last Thursday it discovered that its CA system had issued the offending certs.

Continued : https://threatpost.com/comodo-issues-eight-forbidden-certificates/115311/

Related: HTTPS certificates with forbidden domains issued by “quite a few” CAs

- Collapse -
Vizio Smart TVs track your viewing habits, info is sold to..
.. third parties

Owners of Smart TVs manufactured by California-based consumer electronics company Vizio should be aware that their viewing habits are being tracked and that information sold to third parties ("partners").

And, what's more, with a recent change of the company's privacy policy, the company has started providing this data to companies that “may combine this information with other information about devices associated with that IP address.”

"Beginning October 31, 2015, VIZIO will use Viewing Data together with your IP address and other Non-Personal Information in order to inform third party selection and delivery of targeted and re-targeted advertisements. These advertisements may be delivered to smartphones, tablets, PCs or other internet-connected devices that share an IP address or other identifier with your Smart TV," the privacy policy says.

Continued : http://www.net-security.org/secworld.php?id=19089

Related : This smart TV takes tracking to a new level
- Collapse -
Arrests in JP Morgan, eTrade, Scottrade Hacks

U.S. authorities today announced multiple indictments and arrests in connection with separate hacking incidents that resulted in the theft of more than 100 million customer records from some of the nation’s biggest financial institutions and brokerage firms, including JP Morgan Chase, E*Trade and Scottrade.

Prosecutors in Atlanta and New York unsealed indictments against four men and one unnamed alleged co-conspirator in connection with a complex, sprawling scheme to artificially manipulate the price of certain publicly traded U.S. stocks.

The men allegedly laundered hundreds of millions of dollars from the scheme via a vast cybercrime network that included illegal online pharmacies, fake antivirus or “scareware” schemes, Internet casinos and even a Bitcoin exchange.

Continued : http://krebsonsecurity.com/2015/11/arrests-in-jp-morgan-etrade-scottrade-hacks/

- Collapse -
ProtonMail restores services after epic DDoS attacks

After several days of intense work, Switzerland-based end-to-end encrypted e-mail provider ProtonMail has largely mitigated the DDoS attacks that made it unavailable for hours on end in the last week.

The attacks have exceeded 100Gbps, and are still going on, but they are no longer capable of knocking ProtonMail offline for extended periods of time.

The first attacker, the Armada Collective is a new hacking group motivated by financial gain who demanded a ransom from the company. The second attack came from an unknown group. This second attack caused the bulk of the damage.

Continued : http://www.net-security.org/secworld.php?id=19088

Related :
ProtonMail Back Online Following Six-Day DDoS Attack
How extorted e-mail provider got back online after crippling DDoS attack

- Collapse -
OmniRAT – the $25 way to hack into Windows, OS X and Android
.. devices

Graham Cluley @ the Tripwire State of Security blog:

Just last week, police forces across Europe arrested individuals who they believed had been using the notorious DroidJack malware to spy on Android users.

Now attention has been turned on to another piece of software that can spy on communications, secretly record conversations, snoop on browsing histories and take complete control of a remote device. But, unlike DroidJack, OmniRAT doesn’t limit itself to Android users – it can also hijack computers running Windows and Mac OS X too.

And that’s not the only difference between DroidJack and OmniRAT. Both of them may be being sold openly online, but OmniRAT retails for as little as $25 compared to DroidJack’s more hefty $210.

Continued : http://www.tripwire.com/state-of-security/security-data-protection/omnirat-hack/
- Collapse -
Scary!

Getting harder to stay safe by the day. Shocked

- Collapse -
Adobe Flash Update Includes Patches for 17 Vulnerabilities

In what’s becoming a monthly ritual, Adobe today pushed out an updated version of its Flash Player that includes patches for critical vulnerabilities.

Today’s update isn’t as voluminous as a most have been since the start of summer, nonetheless, since July when a run of updates addressed zero days published after the Hacking Team breach and including an emergency update last month, Adobe has fixed more than 80 vulnerabilities in the beleaguered software.

Version 19.0.0.245 released today patches 17 vulnerabilities, all of them paving the way to remote code execution if exploited; Adobe said it has no reports of public exploits for any of the patched flaws.

Continued: : https://threatpost.com/adobe-flash-update-includes-patches-for-17-vulnerabilities/115322/

See : Critical Security Updates for Adobe Flash Player (APSB15-2Cool

- Collapse -
Report: We're Going to See More Ransomware, Less Hacktivism

2015 has been a busy year for cyber-criminals, but don't expect them to take a vacation for 2016 either, at least that's the conclusion of the McAfee Labs Threats Predictions Report, released today by Intel Security.

Aggregating personal opinions from over 33 security leaders across the world, the report shows on what areas organizations should focus their efforts for the upcoming year.

Ransomware will continue to cause troubles

The major threat and one that anyone could have predicted is ransomware, which has had a "spectacular" year in 2015, with some groups making hundreds of millions of dollars with their operations. .....

Adobe Flash Player was the most problematic application of 2015

Continued : http://news.softpedia.com/news/report-we-re-going-to-see-more-ransomware-in-2016-less-hacktivism-495960.shtml

McAfee Report: McAfee Labs Threats Predictions Report (pdf)

- Collapse -
Cryptowall 4.0: Update makes world's worst ransomware worse

The fourth iteration of the world's worst ransomware Cryptowall has surfaced with gnarlier encryption tactics and better evasion tricks that have fooled current antivirus platforms.

Ransomware has ripped through scores of businesses and end-user machines in sporadic and targeted attacks that have cost victims millions of dollars in ransom payments made to criminals who have illegally encrypted valuable files.

The worst offenders remain at large including a single group who may be behind Cryptowall 3.0 and have made some US$325 million this year according to the Cyber Threat Alliance, dwarfing FBI June figures which noted it extorted some US$18 million from US victims alone in about a year.

Continued : http://www.theregister.co.uk/2015/11/09/cryptowall_40/

- Collapse -
Linux Encoder victims catch a lucky break: a flaw in the ..
.. malware means no ransom has to be paid

The recently spotted Linux Encoder crypto-ransomware is very disruptive, but the good news is that the malware makers have made a mistake that allowed Bitdefender researchers to recover the AES encryption key without having to decrypt it with the RSA private key held by the criminals.

Linux Encoder, like most crypto-ransomware, encrypts the files with the AES encryption algorithm, which uses the same key for both encryption and decryption, and is generated on the target's computer.

This key is sent to the attacker's server, and is then encrypted with the RSA encryption algorithm, which creates a public key (for encryption) and the private one (for decryption). Only the public key is sent to the victim PC.

Continued : http://www.net-security.org/malware_news.php?id=3151
- Collapse -
November Patch Tuesday Brings 12 Bulletins, Four Critical

Microsoft today pushed out 12 bulletins as part of November’s Patch Tuesday, including four critical updates, all of which can lead to remote code execution.

The update is rounded out by fixes for Windows, Lync, .NET, and Skype for Business, but there are two critical fixes that affect browsers on practically every build of Windows, Internet Explorer and Edge.

The Internet Explorer bulletin is marked critical for any users running versions of IE 7 to IE 11 and fixes 25 different vulnerabilities, mostly memory corruption bugs that can lead to code execution, in the browser. Assuming an attacker could get a user to view a specially crafted website, they could exploit the vulnerabilities and gain the same rights as the user.

Continued : https://threatpost.com/november-patch-tuesday-brings-12-bulletins-four-critical/

See: Microsoft Security Bulletin Summary for November 2015

- Collapse -
Beware of Apple-themed phishing emails threatening to ..
.. limit your account

A new email phishing campaign is targeting businesses and consumers who have Apple IDs, trying to get them to enter their Apple login credentials, personal and credit card information into a site that mimics that of the popular tech company, the Comodo Antispam Labs team warns.

The fake email looks threatens with "limitations" on the victims' Apple account if they don't provide the needed information: [Screenshot]

The email is sent from from verify@appe.com, and the link included in it currently leads to a fake login page located at https://srv80.prodns.com.br/~good/my-account/en/.

Continued : http://www.net-security.org/secworld.php?id=19084

Comodo Antispam Labs warning: Apple IDs Being Targeted In New Global Phishing Email Scam

CNET Forums