The computer and software security thread

[robcar]

I'm only using the bundled Windows Defender in W10 and up to now have not had any issues........... am I trusting to luck too much :-)

[Dannie Boy]

I have been using Bitdefender for just over a year and renewed my subscription back in November after a trouble-free first year - can’t remember how much it cost without checking.

[PET]

Is there any reasoning for the 'little faith' remark?

Only because I've had to uninstall it from a number of people's computers that had viruses!

To answer my own question Kaspersky looks pretty solid by this review (Tom's is a reputable site): https://www.tomsguide.com/us/best-free- ... -6003.html

NOD32 isnt even included.

Good enough for me Buksi - you know very much more than me so it was out with Avast and in with Kaspersky and all looks good

[mariad]

Harassment, violence and abusive actions that make you mentally ill do not always come into tangible form.

Threatening online actions leads to cyberstalking incidents done by your ex-lover, friend, family member or dark online entities due to jealousy or do not want to see you happy.

Moreover, sadly due to lack of awareness, majority cyberstalking victims do not know how to prevent it. Alternatively, if you are not a victim of cyberstalking, your online actions might leads you to become a cyberstalker.

For this, following infographic will help you to understand what cyberstalking is, why it is a severe crime and how to prevent it.

[Homer]

A new Zero Day Exploit* attacks Win10 via Internet Explorer (IE) while you're using Edge, or Win7 while using IE. Until your antivirus company releases a fix, here are step by step instructions on how to disable the security hole. It's simple. You change the default program for an obsolete file format from IE to Notepad.

https://www.computerworld.com/article/3 ... -hole.html

*A zero day exploit is a cyber attack that occurs on the same day a weakness is discovered in software. At that point, it's exploited before a fix becomes available from its creator.

[buksida]

Thai internet infections more than doubled in 2018, says Kaspersky
Kaspersky Lab on Monday released its 2018 security bulletin containing local information and an overview of the threats that faced Thailand over the past year.

According to the report, the web remained one of the major sources of cyberthreats in the country. The global cybersecurity company detected 30,203,943 separate internet-borne infections in Thailand. Overall, 31.8 per cent of Thai users were attacked by web-borne threats last year, according to the report based on data from Kaspersky Security Network (KSN). This is a significant increase over 2017, when the lab’s products detected 12,696,011 threats with 29 per cent of users attacked.

According to Suguru Ishimaru, security researcher at Kaspersky Lab Japan, the Thai increase follows a global trend showing an overall growth of detected malicious installation packages, new mobile banking trojans, and new mobile banking trojans.

http://www.nationmultimedia.com/detail/ ... s/30368122

[HHTel]

Well over double the threats which only translated into another couple of percent of users. That would indicate that protection for users is improving.

I have to say that there does seem to be many more threats detected on my simple PC. I've been well protected by Avast and Malwarebytes. Nothing has caused me a problem.

[buksida]

This doesn't apply to just crypto but anyone that uses a mobile phone for online banking ... or has one email account tied to everything.

The Most Expensive Lesson Of My Life: Details of SIM port hack
I lost north of $100,000 last Wednesday. It evaporated over a 24-hour time span in a “SIM port attack” that drained my Coinbase account. It has been four days since the incident and I’m gutted. I have zero appetite; my sleep is restless; I am awash in feelings of anxiety, remorse, and embarrassment.

This was the single most expensive lesson of my life and I want to share my experience + lessons learned with as many people as possible. My goal is to increase awareness about these types of attacks and to motivate you to increase the security of your online identity.

You might be asking yourself, what exactly is a “SIM port attack”? In order to describe the attack, let’s examine a typical online identity. The diagram below should look familiar to most people.

[PeteC]

This does not make good early morning reading, or at any other time for that matter.

Exclusive: Massive spying on users of Google's Chrome shows new security weakness

https://www.reuters.com/article/us-alph ... SKBN23P0JO

SAN FRANCISCO (Reuters) - A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.

Alphabet Inc’s (GOOGL.O) Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.

“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.

Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.

Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date, according to Awake co-founder and chief scientist Gary Golomb.

Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely.

It is unclear who was behind the effort to distribute the malware. Awake said the developers supplied fake contact information when they submitted the extensions to Google.

“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,” said former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.

The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains, Golomb said.

If someone used the browser to surf the web on a home computer, it would connect to a series of websites and transmit information, the researchers found. Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites.

“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.

After this story's publication, Awake released its research, including the list of domains and extensions. https://awakesecurity.com/blog/the-inte ... egistrars/

All of the domains in question, more than 15,000 linked to each other in total, were purchased from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication Ltd.

Awake said Galcomm should have known what was happening.

In an email exchange, Galcomm owner Moshe Fogel told Reuters that his company had done nothing wrong.

“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”

Fogel said there was no record of the inquiries Golomb said he made in April and again in May to the company’s email address for reporting abusive behavior, and he asked for a list of suspect domains.

After publication, Fogel said the majority of those domain names were inactive and that he would continue to investigate the others.

The Internet Corp for Assigned Names and Numbers, which oversees registrars, said it had received few complaints about Galcomm over the years, and none about malware.

While deceptive extensions have been a problem for years, they are getting worse. They initially spewed unwanted advertisements, and now are more likely to install additional malicious programs or track where users are and what they are doing for government or commercial spies.

Malicious developers have been using Google’s Chrome Store as a conduit for a long time. After one in 10 submissions was deemed malicious, Google said in 2018 https://duo.com/labs/research/crxcavato ... ising-2020 it would improve security, in part by increasing human review.

But in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security uncovered here a similar Chrome campaign that stole data from about 1.7 million users. Google joined the investigation and found 500 fraudulent extensions.

“We do regular sweeps to find extensions using similar techniques, code and behaviors,” Google’s Westover said, in identical language to what Google gave out after Duo’s report.

[buksida]

Google Chrome browser hacks confirmed, but don’t panic – Yet
There’s nothing like the biggest possible target for hackers, and Google Chrome is definitely just that. The bottom line is that there are significant issues, quite real possible threats, and you do need to do whatever’s required to manage these things.

The ever-helpful noisy headlines vary in usefulness, far too much:

Forbes: “Google issues warning for 2 billion Chrome users.” (Forbes articles have a free use limit.)
News.com.au: “Delete Chrome now” Google warning”. (Couldn’t find any statement from Google to that effect.)
Hothardware.com: “Google’s Chrome Browser Is Under Active Attack, Patch Now”.

…Exactly what every Chrome user needs to see, obviously. The story is that Zero Day attacks have now been happening regularly, 11 this year to date, and Google is much less than thrilled.

Not too impressed with the Headless Chicken Little approach to internet security, I found some info direct from Google dated October 7. The Google information is much less hysterical and includes some useful links. The headline, interestingly enough, is Stable Channel Update for Desktop. The word “delete” doesn’t exist on this page.

https://www.digitaljournal.com/tech-sci ... panic-yet/

[hhinner]

Log4Shell security flaw in Java.

https://nakedsecurity.sophos.com/2021/1 ... r-servers/

More scary explanation:

https://www.abc.net.au/news/2021-12-11/ ... /100692876

[buksida]

Thailand IT at its best ... "security number 1":

Huge patient data leak from Siriraj Hospital
About 39 million purported patient records from Siriraj Hospital have been offered for sale on an internet database-sharing forum in what appears to be the latest hack of the country's public health sector.

Authorities are investigating the post, which was on raidforums.com.

The leak is said to include records of VIP patients.

There was no clear indication whether the person who on Sunday offered to sell 38.9 million patient records really had such a huge trove of data.

However, the poster said a sample file was available. Contact could be made through a Telegram app account.

The data supposedly comprises names, addresses, Thai IDs, phone numbers, gender details, dates of birth and other information, according to the poster, who used the name "WraithMax".

The poster said the price for the data was negotiable and it would go to only one buyer.

https://www.bangkokpost.com/thailand/ge ... j-hospital

[hhinner]

^^

It's nice that they need to mention even some VIPs are affected (/cynic).

39 million patient records - busy hospital.

International medical hub!

[buksida]

Thai websites are not known for their security, here is another one ...

Thailand Pass spoof email with malicious links
It seems that government websites in Thailand are often the target of successful hacker attacks and now it appears the Thailand Pass site is no exception. Reports are surfacing of people receiving a spoof email regarding the Thailand Pass pointing them to malicious content.

It is believed that the email database collected by the Thailand Pass website has been accessed by hackers who are using the list of applicants to spread malware. Users have reported receiving fake emails warning that there is something wrong with their Thailand Pass application and urging them to download an attachment from a link in the email. The test has some telltale warning signs such as poor English and punctuation.

“There is a problem related to the request, please download the attachment and update the information. Important note. [sic] You must open the document from a PC and not from the [sic] phone”

The sentence fragment and the lack of closing punctuation should be a red flag not to click the link, which is highlighted by a button and a QR code that has been crudely crossed out. The link leads to a site at gamecardsy dot com – a site that has been flagged by Google Safe Browsing as a harmful or malicious site. Google’s warning states that the site may try to trick you into downloading or installing malicious files that could spam you or harm you.

The QR code included in the spoof email is for a Thailand Pass for a Mr Hongkam and it appears everyone is getting the same generic email with the same Thailand Pass registration account.

Anyone who receives an email like this is advised not to click any links and to warn others who may receive the phishing email. It is always good practice to not click links in any unsolicited email you receive. When in doubt about the validity of an email that seems official, like this one from Thailand Pass, it is advised to open your browser and manually type in the link to the business or service to make sure you are not redirected to a scam or malware.

https://thethaiger.com/hot-news/tourism ... ious-links

[buksida]

Thousands who signed up for Thailand Pass receive scam email
Thousands of people, both Thais and foreigners, who signed for the country’s Thailand Pass program received a fraudulent phishing email asking for personal details.

The emails, which were sent out over the past several days, asked the recipient for their details including their full name, their date of birth, and the last four digits of their passports.

Authorities are advising those who receive the email to not respond to the queries and to delete and block the address.

The Prime Minister’s Office and the Ministry of Foreign Affairs, which runs the Thailand Pass program, have said previously that security was of the utmost importance and that previous personal data leaks linked to the program had been fixed.

Calls to the government spokesman on Tuesday were not immediately returned. The Prime Minister’s Office said they were unaware of the incident and would investigate. The Ministry of Foreign Affairs did not immediately return calls regarding the incident.

https://www.thaienquirer.com/38320/thou ... cam-email/

This can only happen if the TP database was compromised and the personal data was stolen. Thailand 4.0 - security at its best!