Spyware, Viruses, & Security forum


NEWS - November 30, 2015

VTech hack gets worse: Chat logs, kids' photos taken in breach

If you thought the cyberattack on childrens' technology firm VTech couldn't get any worse, it just did.

Motherboard reports that the hacker who obtained personal data on almost 5 million parents and more than 200,000 children also took hundreds of gigabytes worth of profile photos, audio files, and chat logs -- many of which belong to children.

Tens of thousands of pictures -- many blank or duplicates -- were thought to have been taken from from Kid Connect, an app that allows parents to use a smartphone app to talk to their children through a VTech tablet.

Continued : http://www.zdnet.com/article/vtech-hack-gets-worse-kids-photos-chat-logs-also-stolen/

Data on 5 Million Users Compromised in Breach at Toy Maker VTech
When children are breached - inside the massive VTech hack
Children Toy Maker VTech Hacked, Data About Kids and Parents Stolen
Discussion is locked
You are posting a reply to: NEWS - November 30, 2015
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: NEWS - November 30, 2015
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
Microsoft Blocking Potentially Unwanted Programs

In reply to: NEWS - November 30, 2015

Microsoft has taken steps to address deceptive software, otherwise known as potentially unwanted programs or applications, with new opt-in protections for Windows users in the enterprise.

The new protection blocks behaviors such as ad-injection, or the bundling of nuisance programs with software legitimately downloaded by users.

“These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time cleaning up the applications,” Microsoft said in its announcement. “Since the stakes are higher in an enterprise environment, the potential disaster that PUA brings can be a cause of concern.”
Continued: https://threatpost.com/microsoft-blocking-potentially-unwanted-programs/115491/

Collapse -
GPS faker software broadcasts spam across thousands..

In reply to: NEWS - November 30, 2015

.. of fake profiles

Different from traditional email spam, social spam can reach a large audience by nature of the platform and can appear trustworthy since it is coming from people in your social network. This kind of spam also has a long lifespan since social media content stays online 24/7 and is rarely removed, if ever.

More than a mere annoyance factor, such attacks degrade brand name reputation and platform integrity, hindering user growth and even driving away existing users. This causes a stagnant user base and loss in ad revenue, which is what ultimately hits home for social media companies.

Continued : http://www.net-security.org/secworld.php?id=19158
Collapse -
Microsoft zaps dodgy Dell digital certificates

In reply to: NEWS - November 30, 2015

Microsoft has updated several of its security tools to remove two digital certificates installed on some Dell computers that could compromise data.

The updates apply to Windows Defender for Windows 10 and 8.1; Microsoft Security Essentials for Windows 7 and Vista; and its Safety Scanner and Malicious Software Removal tool.

Dell mistakenly included private encryption keys for two digital certificates installed in the Windows root store as part of service tools that made its technical support easier. The tools transmit back to Dell what product a customer is using.

Continued: http://www.networkworld.com/article/3009255/microsoft-zaps-dodgy-dell-digital-certificates.html

Collapse -
Gas Theft Gangs Fuel Pump Skimming Scams

In reply to: NEWS - November 30, 2015

Few schemes for monetizing stolen credit cards are as bold as the fuel theft scam: Crooks embed skimming devices inside fuel station pumps to steal credit card data from customers. Thieves then clone the cards and use them to steal hundreds of gallons of gas at multiple filling stations. The gas is pumped into hollowed-out trucks and vans, which ferry the fuel to a giant tanker truck. The criminals then sell and deliver the gas at cut rate prices to shady and complicit fuel station owners.

Agent Steve Scarince of the U.S. Secret Service heads up a task force in Los Angeles that since 2009 has been combating fuel theft and fuel pump skimming rings. Scarince said the crooks who plant the skimmers and steal the cards from fuel stations usually are separate criminal groups from those who use the cards to steal and resell gas.

Continued : http://krebsonsecurity.com/2015/11/gas-theft-gangs-fuel-pump-skimming-scams/

Collapse -
Spyware/adware combo masquerading as AnonyPlayer hits ..

In reply to: NEWS - November 30, 2015

.. Android users

If you suddenly start seeing random advertisements popping up on your Android device, you have likely been infected with adware. But if you're terribly unlucky, you might have also been hit with information-stealing malware.

Dr. Web researchers have recently uncovered and analyzed a Trojanized version of the legitimate AnonyPlayer media application (they dubbed it Android.Spy.510).

It works as expected, but in the background it collects the following information: the model of the mobile device, the SDK version of the OS, availability of root access, and login credentials for the user's Google Play account.

Continued : http://www.net-security.org/malware_news.php?id=3167
Collapse -
Serious privacy vulnerability threatens VPNs with ..

In reply to: NEWS - November 30, 2015

.. port-forwarding capabilities

Researchers have identified a serious vulnerability affecting VPN providers with port-forwarding services that allows an attacker to obtain the real IP address of a user's computer.

VPN service provider Perfect Privacy has published a post about its findings on its blog: [...]

Perfect Privacy goes on to note that while its users are protected, this particular vulnerability affects all users of many other VPN services because only the attacker - not the victim - needs to enable port forwarding in order to exploit the bug. [Screenshot]

Continued : https://grahamcluley.com/2015/11/port-fail-privacy-vulnerability-threatens-vpns-port-forwarding-capabilities/

Related: VPN protocol flaw allows attackers to discover users' true IP address

Popular Forums

Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


Sublime suburban chariot

High on style and technology, the 2019 Volvo XC90 is an incredibly satisfying everyday crossover.