This week in computer security

Next time before clicking on a suspicious site or e-mail link, not to mention running suspicious executables/attachments that were supposed to be media files, remember, there is a new malware strain that if detected by AC software instadestroys Master Boot Record (MBR) sectors or Home folders on an infested machine. This leads to constant reboots and rendering the PC useless (and possibly a critical data loss).

This malware is called Rombertik and because of it's complexity, I bet this is not the last time you hear about it.

More details on the matter you can find on Cisco blog.
http://blogs.cisco.com/security/talos/rombertik#conclusion
 
Joined
Apr 12, 2009
Messages
23,459
I read about it today as well. This is the most serious thing I've seen so far.
The German-language artiucle about it called it "the Trojan of the scorched earth".

Now, another thing : This German-language article reveals that the PS3-Emulator called "PSeMu3" just isn't one. It's pure spam or/and worse.

Another Article tells about the following GTA V Mods installing Keyloggers : "AngryPlane" and "NoClip".
 
Joined
Nov 5, 2006
Messages
21,909
Location
Old Europe
Now, another thing : This German-language article reveals that the PS3-Emulator called "PSeMu3" just isn't one. It's pure spam or/and worse.

Avoid all PS3 emulator claims. We are many years away from emulating those, if ever. Extremely complex.
 
Joined
May 12, 2015
Messages
93
GTA mods contain malware? ROTFL
That's definetly new, but doesn't surprise me as I've read the other day on the local online site that pirated GTA contains bitcoin miner. :D
God I just wish unofficial Skyrim patch contained viruses...

As for emulations… Who needs Playstation emulator? What would anyone play on it? What isn't ported on PC that's worth a shot?
Okay, Red Dead Redemption. And nothing else, right?
 
Joined
Apr 12, 2009
Messages
23,459
CryptoLocker
There is a new stream that spreads over older Flash player.


http://www.securityweek.com/adobe-patches-hacking-teams-flash-player-zero-day
The long story short. A certain group of hackers found a certain Flash vulnerability. Seems they never exploited it, but kept the info only to themselves. However another hacking group hacked their database and published the vulnerability. The malware makers' response was instantenious and no AV solution could react as fast as possible.

The vulnerability got fixed with today's Flash version (18...203).
Update Flash or remove it completely from your PC.
You've been warned.
 
Last edited:
Joined
Apr 12, 2009
Messages
23,459
Seems the death of Flash is imminent.
http://money.cnn.com/2015/07/14/technology/flash-firefox-facebook/index.html

I'm sure each of us played some flash game or saw some enjoyable swf video, but let's face it, that unoptimized and unsecure piece of garbage should have been either fixed ages ago or long gone.
Even if it's death doesn't come soon, with Firefox adding to companies blocking any Flash content at least horrible intrusive advertisments are gone, no ad-block needed.

For those who still need Flash for some reason, Adobe released a new update today, make sure you install it.
 
Joined
Apr 12, 2009
Messages
23,459
While JDR is chasing 4K gaming, his hardworking neighbors revealed CryptoDrop, an utility that detects a presence of ransomware and stops encrypting files:
http://www.bbc.com/news/technology-36772461

The util passed all tests so far and detected "something is going on" after only 10 files got encrypted by a malware.
It's basically an early warning that can't save everything, you'll lose a few files, but at least ransomware won't encrypt every pic, document or savegame you made.

The util is still in prototype phase, there is no word when it'll hit the market but I bet it'll sell like crazy especially if they integrate some backup of a file if getting changed option that will be able to protect everything.
 
Joined
Apr 12, 2009
Messages
23,459
Security alert: It looks like GOG may be under attack. I received two Two-Step-Authentication e-mails with security codes today because someone tried to log in on my GOG account apparently. One mail was sent at 12:06 CET and the other at 20:38 CET. Both login attempts were made from Russian IP addresses (see attached image) and Windows 7 machines with IE11.

I'd advise everyone here to set up two factor authentication on GOG if you haven't already done so and change your password if you have a weak one like me (I had the same weak six lower case letters password on GOG as here on RPGWatch but not anymore...) since this could be a brute-force attack.

I'm 99.9% sure that my password can not have been stolen directly from me. Sure, I only use Windows Defender and Malwarebytes Anti-Malware (free version) but both have never alerted me to any suspicious findings so I must assume that my password has leaked from an online source (maybe even related to the presumed hack here?).
 

Attachments

  • Capture.JPG
    Capture.JPG
    43.6 KB · Views: 89
Joined
Oct 18, 2006
Messages
3,201
My GOG password can be "killed" with brute force, but it's not a word and is letter/numbers combo. Also it's unique, I don't use it anywhere but on GOG, so any successful breach wouldn't allow someone to use that password on other sites I log in.

In any case there were no login attempts on my GOG account. If my RPGwatch pass leaked it wouldn't work on GOG thus I'd be notified on futile attempts, so I don't think anyone stole RPGwatch data. I mean… The nick isn't the same as here, but e-mail address I use to log on GOG is.
 
Joined
Apr 12, 2009
Messages
23,459
Yahoo says hackers stole personal data from at least 500 million accounts

Yahoo Inc. suffered a data breach in 2014 that affected at least 500 million Yahoo user accounts, the company announced Thursday.

The Sunnyvale, Calif., Internet firm said the hacker is believed to be a “state-sponsored actor” and may have gained access to user information such as names, email addresses, telephone numbers, dates of birth, scrambled passwords, and some encrypted and unencrypted security questions and answers.

Yahoo said hackers did not steal unprotected passwords or credit card and bank account information.

The company did not say how long it had known about the data breach. It did not immediately respond to a request for comment.

2 years ago. And they told us nothing. Assholes. Maybe it's time I switched email providers.
 
Joined
Aug 18, 2008
Messages
15,679
Location
Studio City, CA
Just compromised the security of 15% of the Earth's population and hushed it up for two years. Remain calm citizens. All is well.
 
Joined
Nov 8, 2014
Messages
12,085
Ya. I don't use Yahoo however.... Angry at hackers for stealing sure. It makes me more angry when f-tard companies believe it's more important to cover their ass rather than help protect their users. Keep what you put on the net impersonal and to a minimum.
 
Joined
Apr 9, 2015
Messages
880
The sad truth is that 99% of hackers are not brilliant people - they're script kiddies using what others have learned to cause problems. The real problem is that the infrastructure we're still living with was not really designed with security in mind. Kaos_war_monk is right - unless you spend an inordinate amount of effort worrying about how to secure things properly, your data on the web should be treated as public and disposable.
 
Joined
Nov 8, 2014
Messages
12,085
Just compromised the security of 15% of the Earth's population and hushed it up for two years. Remain calm citizens. All is well.

You are assuming that most of those are not duplicates or bot accounts.

This must be one of the reasons they changed their messenger and dumped it after so many years.

Funny, as I interviewed with White Hat security a few years back. It was founded by a hacker that made a living reporting security flaws to Yahoo concerning their websites back in the 90's. He found so many they went and asked him to run their security.

The shop is in the heart of the silicon valley just a few doors down from the Yahoo office.
 
Joined
Oct 19, 2006
Messages
5,212
Location
The Uncanny Valley
2 years ago. And they told us nothing.
*puts on tinfoil hat* Maybe the NSA forced them to hold out that long, because, well, that's a lot of password hashes that had to be … verified first. :tinfoil:

Ah well, just another reason to always use strong passwords.
 
Last edited:
Joined
Aug 30, 2006
Messages
3,486
Just compromised the security of 15% of the Earth's population and hushed it up for two years. Remain calm citizens. All is well.

They were just happy that they had 500 million users. They were to busy celebrating.
 
Joined
Aug 3, 2008
Messages
8,238
Location
Kansas City
Next big win10 update is coming in a few months and is bringing "controlled folders" feature:
https://www.theverge.com/2017/6/29/15892658/microsoft-windows-10-controlled-folders-feature

What's that for you might ask. Basically, all folders Microsoft is pushing to contain user data (download, documents, desktop, etc) will disallow (over)writing files for any application that is not blessed either by Microsoft or by you. You'll be able to add additional folders to the list of protected folders, but default list is fixed and cannot be changed.

In case you're asking wtf is this, the answer is ransomware. There will always be a security hole somewhere, so Microsoft is trying to prevent the breach aftereffect where some user now needs to pay to access their data or say goodbye to all of it.

If you ask me, this is an almost bullshit move.
The same enduser who after so many warnings still opens e-mail attachments from suspicious addresses will now on allow access question for some executable automatically click on "yes" without thinking. The only thing that's changed is now Microsoft can definetly blame it on the user instead of taking hits on their swiss cheese security holes spyware OS. Not an utter bullshit as it'll help some percentage of users who share the same machine with others as now they can disallow applications' potential rampage before nonparanoic user instaclicks "yes".

But the only real prevention is backup. And HDD space is cheap on PC, we've already switched or are switching to SSD. Internal HDDs are slowly starting to collect dust. Why Microsoft just can't automatically backup previous version(s) of a changed user file in some folder accessible only by OS in case of a restore need I just can't understand.

Microsoft's heads are on phones and consoles for years now. Where only outdated checkpoints design exists because of not enough space to save worldstate in games.
Till they return to PC and turn useless space on ancient HDDs into automated backups, I suggest everyone to still make backups manually.
 
Last edited:
Joined
Apr 12, 2009
Messages
23,459
I assume it would be wise to also backup really important files like those pictures of your small ones, their faces embedded in icecream, to a drive that's not constantly connected to your PC or your network. Like an USB drive, or in my case a removable archive drive on my NAS.

Many backup software packages (I use Acronis) have ransomware protecting features as well.

pibbur
 
Back
Top Bottom