Подписаться Бесплатная «Серебряная» новостная рассылка . Подписчиков 8.346 RSS

←   Май 2014   →
			1	2	3	4
5	6 06.05.2014 06:15:26 18:33:22	7	8 08.05.2014 06:15:20 17:15:36	9 09.05.2014 06:15:30 17:15:32	10	11
12	13 13.05.2014 06:15:33 17:15:35	14 14.05.2014 06:15:28 17:15:39	15 15.05.2014 06:15:18 17:15:41	16 16.05.2014 06:15:30 17:15:41	17	18
19	20 20.05.2014 06:15:31 17:15:37	21 21.05.2014 06:15:32 17:15:39	22 22.05.2014 06:15:29 17:15:49	23 23.05.2014 06:15:23 17:15:53	24	25
26	27	28 28.05.2014 06:15:29 17:15:38	29	30	31

За последние 60 дней ни разу не выходила

Сайт рассылки: http://av-host.net
Открыта: 09-03-2012

Автор

kmm

Статистика

8.346 подписчиков
0 за неделю

• Выпуски
• Статистика

←   Все выпуски   →

IE Zero Day Update: Microsoft Issues Emergency Patch, Even for XP

2014-05-02 06:12 IE Zero Day Update: Microsoft Issues Emergency Patch, Even for XP 2014-05-02 14:18 Warning: Don’t Get Vished 2014-05-02 14:19 Hack Your Facebook Friends? More Like Hack Yourself.

Антивирусный "хостинг" Клуб пользователей антивирусных услуг (Saas, Cloud) Антивирусы и безопасность (SaaS, Cloud ...) IE Zero Day Update: Microsoft Issues Emergency Patch, Even for XP 2014-05-02 06:12 KMM поделился ссылкой IE Zero Day Update: Microsoft Issues Emergency Patch, Even for XP In response to the critical zero day vulnerability (CVE-2014-1776)  currently affecting Internet Explorer, versions 6-11, Microsoft has issued an emergency patch. Users who have automatic updates from Microsoft enabled will receive the emergency patch automatically. This includes users running Windows XP, even though Microsoft cut support for the operating system on April 8th, 2014. Microsoft’s announcement of the patch does not explain why they have chosen to issue it to an operating system they supposedly no longer support; however, reports from FireEye Labs indicate that there is currently a new variant of the attack actively and specifically exploiting the vulnerability on machines running Internet Explorer 8 with Windows XP. Anyone running Emsisoft on Windows XP should know that we have chosen to support our software on the OS until at least April 2016. If you are still running XP, you should also know that this critical security vulnerability is likely only the first of many to come. For this reason, we recommend updating to a Microsoft supported OS as soon as possible. Have a Great (Zero-Free) Day!     Related Posts: Reminder: Microsoft Ends Support for Windows XP April 8th,… New Internet Explorer Zero Day Attack: Operation Snowman Emsisoft Extends Protection for Windows XP Emsisoft Extends Protection for Windows XP Warning: Internet Explorer Zero Day CVE-2014-1776 Warning: Don’t Get Vished 2014-05-02 14:18 KMM поделился ссылкой Warning: Don’t Get Vished If you’ve spent some time on the Internet, you probably know that if you aren’t careful you can get “phished” through a fraudulent email or a malicious website. But did you also know that you can get “vished” through an SMS text message sent to your mobile device? A recent report released by researchers at PhishLabs has uncovered a large “vishing” campaign affecting an average of 250 people per day – potentially since October 2013. The financial institution utilized in this campaign has yet to be disclosed, but PhishLabs’ report indicates that it is of medium-size and based in the United States. The report also indicates that the campaign is just one of many others like it. How to Spot a Vish To spot this latest scam, watch out for an unsolicited SMS text message from your bank that states your card has been deactivated and includes a phone number to call for reactivation. Vishing is the act of phishing through Voice over IP (VOIP) technology. Much like a phisher attempts to steal your personal information with a cheesy email or a fake website, a visher attempts to do so through a phone call or a text message. In order to do so, the visher – or gang of vishers – must first accomplish a few preliminary steps. First: compromise a server unconnected to their name and install Interactive Voice Response (IVR) software onto it. Second: Hack a VoIP server (also unconnected to their name) that will allow them to send the vishing SMS texts. Third: Use the IVR to record an automated customer service voice assistance program that emulates the one used by the targeted bank and include a prompt to enter account and pin numbers. Fourth: Use the compromised VoIP server to disburse vishing text messages that include a phone number which connects victims who call it to the fake customer service IVR. Fifth: Wait for victims to enter their credentials. Sixth: Cash in. The well documented, step-wise nature of vishing campaigns is reflective of the fact that this technique has actually been around for quite some time and that it is usually instigated by well organized groups of attackers – to whom many banks and individual customers fall prey. Once credit or debit account credentials are compromised, they can be used to make fraudulent purchases both online and off. Vishers can either shop online using cardless transactions or create fake cards with the stolen numbers to cash out instantly at ATMs. Preventing Psychological Malware (and actual malware too) Malware isn’t always computerized. Though carried out through technical means, the impetus to each and every compromised account in this latest vishing campaign was a victim making a wrong decision – calling a fraudulent phone number and sharing financial information with an unknown party.  This is social engineering, and the only way to prevent it is through increased security knowledge. This is why we blog. Financial malware is just as often computerized as it is psychological though – perhaps even more so. Most notorious of all is the use of financial Trojans like Zeus, which can perform man-in-the-middle attacks to steal user credentials. This is why we create anti-malware and submit it to testing organizations like MRG-Effitas – to make sure that it can protect you and your computer from 100% of the world’s most prevalent financial malware threats. As this latest vishing campaign shows, financial cybercrime is also merging into the mobile world. This is why in addition to blogging and creating high performance anti-malware for the PC, we also offer Emsisoft Mobile Security. SMS texts like the one used in this latest vish campaign detailed by PhishLabs can also be used to link victims to more traditional but equally malicious phishing websites or drive-by websites that automatically install malware – as was done just one week ago with the Facebook iBanking rogue. As always, if you even slightly suspect that you might have been vished by this latest campaign or by any campaign like it, you should keep a close eye on your financial accounts and consider contacting your bank. It’s not enough to play the odds and assume that you won’t be targeted! An attacker with your credentials can create a fake card and cash in on an ATM, can make unmitigated purchases online, can sell your credentials to other cyber-thieves, and can even go as far as falsifying your identity. Have a great (Vish-Free) day! Related Posts: Alert! Monster.com Serving Gameover Zeus World of Warcraft Expansion Pack Phishing Scam Special Delivery: Malware via UPS Email Scam Watch out for iBanking Android Rogue on Facebook Dangers to your bank account – how to perform… Hack Your Facebook Friends? More Like Hack Yourself. 2014-05-02 14:19 KMM поделился ссылкой Hack Your Facebook Friends? More Like Hack Yourself. What if you could hack your friend’s Facebook account simply by copying and pasting a piece of code into your web-browser’s console? A recent Facebook scam promises just that. Hack Any Friend’s Facebook Scam False promises on Facebook: it’s a recurring theme adopted by spammers. This time, it’s a Facebook post that begins as follows: UPDATE LINK FOR FACEBOOK HACKING F.A.C.B.O.O.K —-H.A.C.K.I.N.G(ONLY FOR EDUCATION PURPOSES) The content of the post includes a link to a Google document and written instructions on how to hack your friend’s Facebook account, as well as an instructional video. The instructions tell you to go to the Google document, copy its contents, paste those contents into your web browser’s console (found by hitting F12), hit enter, and wait 2 hours for the hack to kick in. Users who follow these instructions will in reality hack their OWN account. Self Cross-Site Scripting Hack Rather than a magical code to hack your friend’s Facebook account, the contents of the Google Doc are actually a malicious JavaScript code that hijacks your account for spamming. While you sit and wait the prescribed 2 hours for the hack to kick in, your Facebook account is used to generate Likes on pages owned by the attackers. Furthermore, the code tells your account to tag all of your friends in its original post so that they can be lured to it too. The copy-paste technique used in this scam is called Self Cross-Site Scripting, or Self XSS. Self XSS is about as simple as it gets: Attackers generate malicious code and then try to convince their victims to paste that code into their web console and execute it. This type of attack hinges on social engineering – like dangling the promise of being able to hack any friend’s account – and it has actually been around for quite some time. Reports indicate that this latest campaign has been active since early 2014 and that it has already generated as many as 100,000 fraudulent Likes. Such success had indeed been noticed by Facebook and prompted the social media giant to issue a warning regarding this type of attack, which includes the option to enable or disable the web console while on Facebook: https://www.facebook.com/selfxss. The warning jests at enabling the web console by stating “Allow my account to be hijacked if I paste malicious JavaScript” next to the setting’s check box. More importantly, the warning also points out that a Self XSS can be used to do much worse than generate Like spam. Beyond Facebook accounts, Self XSS hacks are used to execute a wide variety of malware, to commit all types of cybercrime. Protect Yourself (from Yourself) with Surf Protection Technology If you think you have fallen victim to the Hack Your Friend’s Facebook scam, you should review your Facebook activity log to see if your account has been used to generate fraudulent Likes: https://www.facebook.com/help/www/289066827791446. If it has, you can always Unlike them. It’s also good practice to exercise caution when encountering any Internet offer dangling a virtual carrot just out of reach. Scams like these happen almost every single day, and are most often initiated through large social media networks where they can achieve the most exposure. If you’d rather not have to worry about things every time you log on to your favorite social site to view pictures of your family and friends, we’d also suggest utilizing Emsisoft Anti-Malware’s Surf Protection Technology. It’s designed to prevent you from visiting malicious websites that contain copy-paste code used in Self XSS attacks. That way, you can protect yourself from yourself (and from malware too).   Have a Great (Malware-Free) Day! Related Posts: Naked Videos of Your Facebook Friends – Translation:… Take care of this new Facebook scam: Amy Winehouse SHOCKING… Watch out for iBanking Android Rogue on Facebook Warning: Don’t Get Vished Fraud attempts on social networks How Facebook scams work

---

В избранное

{#template MAIN} <div id="loginForm" style="display:none;" class="subscriberu_popup"> <div class="popup_register"> {#include js_tmpl_auth_reg_tab} {#if $P.login_register_tab == 1} <form class="authentication-form" method="post" action="/MEMBERLOGIN_authen_cred"> <dl class="rg_block_options"> <dt id="js_tap_panel_auth"> <h1>Войти на сайт</h1> {* {#include js_tmpl_auth_reg_button} *} {#include js_tmpl_auth_reg_action} <hr class="logreg_line noPhones"> <div class="logreg_descr noPhones"><p>{#include js_tmpl_auth_reg_descr} </p></div> <div class="logreg_advice noPhones"> Если вы еще не с нами, то начните с <a href="#" onclick="rgNav('js_tab_reg');return false;" class="dashed" data-func="registr">регистрации</a> </div> <br><br> <a class="dashed auth-enter" href="/manage/author/"><b>Вход для авторов</b></a> </dt> </dl> </form> {#/if} {#if $P.login_register_tab == 2} <div class="rg_block_options"> <div id="js_tap_panel_auth"> <h1>Регистрация</h1> <div class="social_reg"> {* <div class="rg_description">{#include js_tmpl_soc_auth_reg_descr}</div> *} {#include js_tmpl_auth_reg_soc} <div class="rg_soc_auth_agree">{#include js_tmpl_auth_reg_agree}</div> </div> <div class="subscribe_reg"> {* <div class="rg_description"> #include js_tmpl_auth_reg_descr </div> *} {#include js_tmpl_auth_reg_action} </div> {* {#include js_tmpl_auth_reg_button} *} <div class="clr"> </div> <hr class="logreg_line noPhones"> <div class="logreg_descr noPhones">{#include js_tmpl_auth_reg_descr} {#include js_tmpl_soc_auth_reg_descr} </div> </div> </div> {#/if} </div> {* <div class="gray_bg register_shadow"></div> *} </div> {#/template MAIN} {#template js_tmpl_auth_reg_tab} <ul class="rg_nav"> <li id="js_tab_auth" class="{#if $P.login_register_tab == 1} rg_active_nav {#/if} rg_first_nav"><a onclick="rgNav('js_tab_auth');return false;" href="">Вход на сайт</a></li> <li id="js_tab_reg" class="{#if $P.login_register_tab == 2} rg_active_nav {#/if}"><a onclick="rgNav('js_tab_reg');return false;" href="">Регистрация </a></li> </ul> <span onclick="hidebo();" class="rg_closed"> </span> {#/template js_tmpl_auth_reg_tab} {#template js_tmpl_auth_reg_action} {#if $P.login_register_tab == 1} {#include js_tmpl_auth_reg_soc} {#/if} <div class="rg_forms"> <input type="hidden" id="login_register_destination" value="{$P.login_register_destination}"/> {#if $P.login_register_tab == 1} <div class="rg_for_input"> <span class="rg_text_inner">E-mail или код подписчика</span> <input id="credential_0" class="js_keydown_selector rg_input_text" data-js_submit="no" data-js_next_input_name="credential_1" name="" type="text" /> </div> <div class="rg_for_input"> <span class="rg_text_inner">Пароль</span> <input id="credential_1" class="js_keydown_selector rg_input_text" data-js_submit="yes" data-js_action="js_loginFormBut" name="" type="password" onkeyup="showAttention(this,!!window.event.shiftKey)" /> <span class="pswd_attention" id="attention_pswd"> <span class="icon_attention"></span> <span class="pswd_attention-text" id="attention-text_pswd1">Русская раскладка клавиатуры!</span> <span class="pswd_attention-text" id="attention-text_pswd2">У вас включен Caps Lock!</span> <span class="pswd_attention-text" id="attention-text_pswd3">У вас включен Caps Lock и русская раскладка клавиатуры!</span> </span> </div> <div class="rg_for_input input-alien"> <span class="chk noPhones"><input id="chk_alien" name="" type="checkbox" /></span><label for="chk_alien" class="noPhones"> Чужой компьютер</label> <a class="forgot_pass" href="/member/totalrecall">Забыли пароль?</a> </div> <div class="rg_for_input"> <em id="auth_msg" class="reg_error"></em> <input id="lf_typeauthid" value="email" type="hidden"> <input type="submit" class="button button-red logreg_submit" id="js_loginFormBut" value="Войти"> <!--</a>--> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> </div> {#/if} {#if $P.login_register_tab == 2} <div class="rg_for_input"> <span class="rg_text_inner">E-mail</span> <input id="arfemail" class="js_keydown_selector rg_input_text" name="" type="text" data-js_submit="yes" data-js_action="js_regFormBut"/> </div> <div class="rg_for_input rg_set_lineh rg_for_input_wide"> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_terms' type="checkbox" data-js_submit="yes" /></span> Я ознакомился и согласен с <a class="link_txd logreg_accLink" href="/faq/vereinbarung.html">условиями сервиса Subscribe.ru</a> </label> <br /> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_personal' type="checkbox" data-js_submit="yes" /></span> Нажимая на кнопку "Готово!", я даю <a class="link_txd logreg_accLink" href="/faq/persverordnung.html">согласие на обработку персональных данных</a> </label> </div> {* <div style="float: left;position: absolute;left: 11em;"> <img src="http://www.kupivip.ru/images/vip/logo.png?1604" style="width: 86px; vertical-align: middle;display: block;"> </div> <div class="rg_for_input rg_set_lineh"> <label class="js_tap_panel_checkbox"><input name="" id="js_tap_panel_checkbox_kupivip" type="checkbox" data-js_submit="yes"> Я хочу получать новости о скидках на одежду</label> </div> *} <div class="rg_for_input"> <em id="reg_msg" class="reg_error rg_for_input_wide"></em> <em id="reg_msg2" class="reg_error rg_for_input_wide"></em> <input id="rf_typeauthid" value="email" type="hidden"> <a class="button button-red logreg_submit" id="js_regFormBut" href="#">Готово!</a> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> </div> {#/if} </div> {#/template js_tmpl_auth_reg_action} {#template js_tmpl_auth_reg_agree} <div class="rg_for_input rg_set_lineh rg_for_input_wide"> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_terms_reg' type="checkbox" data-js_submit="yes" /></span> Я ознакомился и согласен с <a class="link_txd logreg_accLink" href="/faq/vereinbarung.html">условиями сервиса Subscribe.ru</a></label> <em id="reg_msg_soc" class="reg_error rg_for_input_wide"></em> </div> {#/template js_tmpl_auth_reg_agree} {#template js_tmpl_auth_reg_button} <div class="rg_butons_socials"> {#if $P.login_register_tab == 1} <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="auth_email" href="#"><span><i></i>Email</span></a> <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="auth_openid" href="#"><span><i></i>OpenID</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="auth_vkontakte" href="#"><span><i></i>Вконтакте</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="auth_mailru" href="#"><span><i></i>Mail.Ru</span></a> {#/if} {#if $P.login_register_tab == 2} <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="reg_email" href="#"><span><i></i>Email</span></a> <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="reg_openid" href="#"><span><i></i>OpenID</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="reg_vkontakte" href="#"><span><i></i>Вконтакте</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="reg_mailru" href="#"><span><i></i>Mail.Ru</span></a> {#/if} </div> {#/template js_tmpl_auth_reg_button} {#template js_tmpl_auth_reg_descr} {#if $P.login_register_tab == 1} Для оформления подписки на выбранную рассылку, работы с интересующей вас группой или доступа в нужный вам раздел, просим авторизоваться на Subscribe.ru {#/if} {#if $P.login_register_tab == 2} Для регистрации укажите ваш e-mail адрес. Адрес должен быть действующим, на него сразу после регистрации будет отправлено письмо с инструкциями и кодом подтверждения. {#/if} {#/template js_tmpl_auth_reg_descr} {#template js_tmpl_soc_auth_reg_descr} Или зарегистрируйтесь через социальную сеть. {#/template js_tmpl_soc_auth_reg_descr} {#template js_tmpl_auth_reg_soc} <div class="rg_soc"> {#if $P.login_register_tab == 1} <a onclick="return _checkSocConfirm(event)" href="https://oauth.vk.com/authorize?client_id=3954260&scope=wall,offline,photos,groups,video,audio,email&redirect_uri={location.protocol+'//'+location.host}/member/login/vk/&response_type=code&v=5.15" class="login_register_vk_button"> <span class="login_register_vk_icon"></span> </a> {#/if} {#if $P.login_register_tab == 2} <a onclick="return _checkSocConfirm(event)" href="https://oauth.vk.com/authorize?client_id=3954260&scope=wall,offline,photos,groups,video,audio,email&redirect_uri={location.protocol+'//'+location.host}/member/join/vk&response_type=code&v=5.15" class="login_register_vk_button"> <span class="login_register_vk_icon"></span> </a> {#/if} </div> {#/template js_tmpl_auth_reg_soc}

{#template MAIN} <div id="loginForm" style="display:none;" class="subscriberu_popup"> <div class="popup_register"> {#include js_tmpl_auth_reg_tab} <dl class="rg_block_options"> <dt id="js_tap_panel_auth"> <p class="rg_description">{#include js_tmpl_auth_reg_descr}</p> <div class="clr"> </div> {#include js_tmpl_auth_reg_action} <div class="clr"> </div> </dt> </dl> </div> <!-- <div class="gray_bg register_shadow"></div> --> </div> {#/template MAIN} {#template js_tmpl_auth_reg_tab} <ul class="rg_nav"> <li id="js_tab_reg" class="rg_active_nav rg_first_nav"><a href="" onclick="return false;" >Регистрация</a></li> </ul> <span onclick="hidebo();" class="rg_closed"> </span> {#/template js_tmpl_auth_reg_tab} {#template js_tmpl_auth_reg_descr} <strong>Пожалуйста, подтвердите ваш адрес.</strong><br><br>Вам отправлено письмо для подтверждения вашего адреса {$P.register_confirm_mail}.<br>Для подтверждения адреса перейдите по ссылке из этого письма. {#/template js_tmpl_auth_reg_descr} {#template js_tmpl_auth_reg_action} <div class="rg_forms confirm_code_from_letter"> <div class="rg_for_input"> <span class="rg_inp_descr" style="width:15em;">Или введите код из письма:</span> <input type="text" value="" id="confirm_code" name="" data-js_submit="yes" data-js_action="js_confirmFormBut" class="js_keydown_selector rg_input_text_conf" > </div> <div class="rg_for_input"><label>Не пришло письмо? <b>Пожалуйста, проверьте папку Спам</b><br /> (папку для нежелательной почты).</label><br />  <a href="" onclick="ajax_recall_code();return false" >Вышлите мне письмо еще раз!</a></div> <div class="rg_for_input"> <em class="reg_error" id="confirm_msg"></em> <a href="#" class="button button-red" id="js_confirmFormBut">Готово</a> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> <br> </div> </div> {#/template js_tmpl_auth_reg_action}