On the other hand CVE-2020-1048 is a fun abuse of the print spooler to get persistent SYSTEM access with one line of powershell. It got patched yesterday but you'll also want to investigate any file based printer ports, the patch fixes the underlying issue but can't remove existing access.
So, with all this stuff and breaches and shit, it's becoming increasingly clear that annoying as it is, a password manager is going to be kind of inevitable. Is there any recommended free option, or at least cheap one? Preferably one that isn't too much of a pest to use in both a couple computers and a phone?
hey, is there any security problem with having old C++ redistributables lying around from old game installs in the same way that having old versions of java lying around on a system is a security problem?
hey, is there any security problem with having old C++ redistributables lying around from old game installs in the same way that having old versions of java lying around on a system is a security problem?
I don't even think having the old jre's laying around would be a security problem unless you ran code through them.
But no, C++ redistributables are often just libraries for the STL and stuff like that, patching over them with newer ones should get rid of their security problems as discovered.
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I agree it is a bit annoying to see dozens of redistributables in my programs list that are probably left over from a game I uninstalled ages ago. They're just litter.
"Simple, real stupidity beats artificial intelligence every time." -Mustrum Ridcully in Terry Pratchett's Hogfather p. 142 (HarperPrism 1996)
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited June 2020
So, unfortunately I need a little help with my positively least favorite computer security topic:
Family tech support.
It sounds like my parents somehow infected their mac with something nasty, because Chrome keeps telling them they're downloading malicious files. Even when they're not downloading files at all.
I need to remotely access the machine, because I am sick to death of trying to tell them what to do over the phone and getting "The little MAN with the FACE is doing the THING" as their responses.
Does anyone have any advice for remote-desktop options on mac, preferably ones that can be used cross-platform, and ones that won't open a gigantic gaping security hole in their computer with neon lighted arrows and a sign that says "HACKERS ENTER HERE" (that is, Zoom)?
TetraNitroCubane on
0
Options
Inquisitor772 x Penny Arcade Fight Club ChampionA fixed point in space and timeRegistered Userregular
If there's a decent chance their machine is compromised, willingly downloading any remote access solution would only serve to open the door even further. Literally the next step a hacker/scammer wants is remote access to that machine.
The best thing they can do is buy an external HDD, dump all the files they want to save onto that HDD, put it in a lockbox and never touch it again, and then nuke their machine from orbit (factory reset).
The only time they can take the HDD out of the lockbox is when you are there to physically access it yourself on a clean machine. Even then, I'd do an immediate scan on the whole thing, only pull out the files you truly want (i.e., just the documents, not executables and DLLs that can just be re-downloaded again safely), and then reformat the HDD when you're done.
+3
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
If there's a decent chance their machine is compromised, willingly downloading any remote access solution would only serve to open the door even further. Literally the next step a hacker/scammer wants is remote access to that machine.
The best thing they can do is buy an external HDD, dump all the files they want to save onto that HDD, put it in a lockbox and never touch it again, and then nuke their machine from orbit (factory reset).
The only time they can take the HDD out of the lockbox is when you are there to physically access it yourself on a clean machine. Even then, I'd do an immediate scan on the whole thing, only pull out the files you truly want (i.e., just the documents, not executables and DLLs that can just be re-downloaded again safely), and then reformat the HDD when you're done.
I agree 100%.
But I'm talking about two +65 year old individuals who don't understand that their email password is different than their wifi password, and regularly call up their ISP because they're unable to log into GMail.
When I told them that they likely had malware, and to stop using the computer and cancel their credit cards immediately, they said that "sounded like too much work". I'm just trying to do something, anything, to mitigate.
They absolutely have zero capacity to clone the HDD from an All-in-One Mac on their own. Nevermind reinstalling the OS on their own.
If there's a decent chance their machine is compromised, willingly downloading any remote access solution would only serve to open the door even further. Literally the next step a hacker/scammer wants is remote access to that machine.
The best thing they can do is buy an external HDD, dump all the files they want to save onto that HDD, put it in a lockbox and never touch it again, and then nuke their machine from orbit (factory reset).
The only time they can take the HDD out of the lockbox is when you are there to physically access it yourself on a clean machine. Even then, I'd do an immediate scan on the whole thing, only pull out the files you truly want (i.e., just the documents, not executables and DLLs that can just be re-downloaded again safely), and then reformat the HDD when you're done.
I continue to swear by MalwareBytes, and they have a Mac version that is free to download and use. Once you're rid of the malware, there's little reason to nuke the computer from orbit these days. The vast majority of malware these days aren't viruses or rootkits, they're bullshit browser extensions and garbage like MacKeeper.
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Thanks all. Chrome remote desktop was easy enough to use, and I was able to get MalwareBytes on their machine, as well as do a few other cursory scans. Hopefully that can be at least a band-aid until I can someday manage to get at the machine in person and do a full reinstall.
Earlier today, I received 16 email verification codes from the Kenya Revenue Authority. No links, so it looks like an attempt to use my email for fraud rather than a phishing attempt against me. Weirdly enough, I checked and there's no associated login attempts to my email that I can see.
Is this kind of thing worth following up on?
0
Options
ShadowfireVermont, in the middle of nowhereRegistered Userregular
Earlier today, I received 16 email verification codes from the Kenya Revenue Authority. No links, so it looks like an attempt to use my email for fraud rather than a phishing attempt against me. Weirdly enough, I checked and there's no associated login attempts to my email that I can see.
Is this kind of thing worth following up on?
Probably not. Change your password, make sure 2FA is attached, move on.
In an ideal world, both the 2005 and the 2008 C++ runtimes have been end of life'd and should be removed from any and all computers. I think there were some low severity vulnerabilities attached to them if I remember my time with Qualys vulnerability scans.
But in reality, I still run into games that aren't that old that still sneak them on to your computer.
Got a few more emails. Are scammers just flailing around with random email addresses hoping that they'll get the 1 in 10000 chance of guessing what code was sent?
probably bots scraping lists of stolen email/password combinations and trying them all on government identity systems and banks and such
BahamutZERO on
+1
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited July 2020
Currently unfolding story:
A number of prominent personalities have apparently had their Twitter accounts compromised. Targets include Bill Gates, Kanye West, and Elon Musk, as well as Apple and Uber's Twitter account. Also a wide swath of cryptocurrency related Twitter accounts.
Elon Musk’s Twitter account has seemingly been compromised by a hacker intent on using it to run a bitcoin scam. Microsoft co-founder Bill Gates also had his account seemingly accessed by the same scammer, who posted a similar message with an identical bitcoin wallet address. Both accounts are continuing to post new tweets promoting the scam almost as fast as they are deleted.
Shortly after the initial wave of tweets, the accounts of Apple, Uber, Amazon CEO Jeff Bezos, hip-hop mogul Kanye West, former New York City mayor and billionaire Mike Bloomberg, and even former President Barack Obama have also been compromised and are promoting the scam. It’s unclear show how widespread the operation is, but it appears to be affecting major companies and extremely high-profile individuals, suggesting that someone has either found a severe security loophole in Twitter’s login process or has gained access to a Twitter employee’s admin privileges.
The Tesla CEO’s account issued a mysterious tweet at 4:17PM ET this afternoon reading, “I‘m feeling generous because of Covid-19. I’ll double any BTC payment sent to my BTC address for the next hour. Good luck, and stay safe out there!” The tweet also contained a bitcoin address, presumably one associated with the hacker’s crypto wallet.
The fact that this is hitting so many prominent accounts so rapidly, and that apparently Twitter is deleting the tweets as quickly as they appear, indicates that someone has high level access - and Twitter can't keep them out.
This doesn't look like a standard phishing compromise.
So far I've seen tweets from the accounts of Elon Musk, Jeff Bezos, Bill Gates, and Kanye West. Hackers are putting back tweets as soon as account owners delete them. They've already made $103,000 in two hours.
MalwareTechBlog is... a Malware tech blog.
Jezum Crow. This is a wicked game of whack a mole. Whoever is doing this already hit Biden.
I predict the moment they try to hit Trump, Twitter will actually do something about this.
It’s not immediately known how the account hacks took place. Security researchers, however, found that the attackers had fully taken over the victims’ accounts, and also changed the email address associated with the account to make it harder for the real user to regain access.
TetraNitroCubane on
+4
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
edited July 2020
I'm watching this unfold in real time and it's just phenomenal that Twitter aren't taking any action. Like, IMMEDIATELY.
This may be the single most significant security breach of the last... I don't even know. But considering that the United States is currently run by a man who issues orders via Decree by Twitter, someone with this level of access could fuck some shit up to say the least.
I'm watching this unfold in real time and it's just phenomenal that Twitter aren't taking any action. Like, IMMEDIATELY.
This may be the single most significant security breach of the last... I don't even know. But considering that the United States is currently run by a man who issues orders via Decree by Twitter, someone with this level of access could fuck some shit up to say the least.
They would rather watch the country burn then shut down for even a few minutes to fix this.
Gamertag: KL Retribution
PSN:Furlion
+2
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
They've limited some features, apparently, but the ad-revenue train MUST GO ON.
We’re continuing to limit the ability to Tweet, reset your password, and some other account functionalities while we look into this. Thanks for your patience.
0
Options
TetraNitroCubaneThe DjinneratorAt the bottom of a bottleRegistered Userregular
Two sources close to or inside the underground hacking community provided Motherboard with screenshots of an internal panel they claim is used by Twitter workers to interact with user accounts. One source said the Twitter panel was also used to change ownership of some so-called OG accounts—accounts that have a handle consisting of only one or two characters—as well as facilitating the tweeting of the cryptocurrency scams from the high profile accounts.
Twitter has been deleting screenshots of the panel and has suspended users who have tweeted the screenshots, claiming that the tweets violate its rules.
We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.
We know they used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf. We’re looking into what other malicious activity they may have conducted or information they may have accessed and will share more here as we have it.
Once we became aware of the incident, we immediately locked down the affected accounts and removed Tweets posted by the attackers.
We also limited functionality for a much larger group of accounts, like all verified accounts (even those with no evidence of being compromised), while we continue to fully investigate this.
This was disruptive, but it was an important step to reduce risk. Most functionality has been restored but we may take further actions and will update you if we do.
We have locked accounts that were compromised and will restore access to the original account owner only when we are certain we can do so securely.
Internally, we’ve taken significant steps to limit access to internal systems and tools while our investigation is ongoing. More updates to come as our investigation continues.
So, TLDR seems to be that this was social engineering of employees within Twitter. Likely bribery.
First, why did ANY employee have access to make Tweets from any account?
Second, why did ANY employee have access to change the account's recovery email?
Third, what else did they have access to? They likely left something to get back in. They likely stole sensitive information (DMs, etc).
Fourth, HOLY FUCK TWITTER, this is SECURITY 101 SHIT HERE. The human is always the weakest link in the chain, so you LIMIT THEIR PERMISSIONS.
Twitter servers should be air-gapped. All of them.
TetraNitroCubane on
+9
Options
OrcaAlso known as EspressosaurusWrexRegistered Userregular
I have to wonder if they got to Trumps account. I mean that has to be the most juicy and potentially have some really dangerous private conversions in the DMs. Of course that could make it a hardcore federal crime too
I have to wonder if they got to Trumps account. I mean that has to be the most juicy and potentially have some really dangerous private conversions in the DMs. Of course that could make it a hardcore federal crime too
Oh my god I didn't even think of that.
$5 says he was the real target and they're distracting by making other accounts seem like they were the priority
not a doctor, not a lawyer, examples I use may not be fully researched so don't take out of context plz, don't @ me
I have to wonder if they got to Trumps account. I mean that has to be the most juicy and potentially have some really dangerous private conversions in the DMs. Of course that could make it a hardcore federal crime too
Oh my god I didn't even think of that.
$5 says he was the real target and they're distracting by making other accounts seem like they were the priority
Can I take you up on the bet simply because I want to pay $5 for that to be true?
The personal information of what could be hundreds of thousands of Instacart customers is being sold on the dark web. This data includes names, the last four digits of credit card numbers, and order histories, and appears to have affected customers who used the grocery delivery service as recently as yesterday.
...
“It’s looking recent and totally legit,” Nick Espinosa, the head of cybersecurity firm Security Fanatics, told BuzzFeed News after reviewing the accounts being sold.
Two women whose personal information was for sale confirmed they were Instacart customers, that their last order date and amount matched what appeared on the dark web, and that the credit card information belonged to them.
Less than stellar news for folks who use Pulse Secure VPN (or rather, folks whose work places use it). Hackers used a vulnerability discovered last year to collect password and admin details on over 900 unpatched servers, and released it on a known ransomware forum.
Posts
https://windows-internals.com/printdemon-cve-2020-1048/
PSN:Furlion
I didn't know you could use Dropbox like that. Be careful that you don't piss anyone off!
I don't even think having the old jre's laying around would be a security problem unless you ran code through them.
But no, C++ redistributables are often just libraries for the STL and stuff like that, patching over them with newer ones should get rid of their security problems as discovered.
Family tech support.
It sounds like my parents somehow infected their mac with something nasty, because Chrome keeps telling them they're downloading malicious files. Even when they're not downloading files at all.
I need to remotely access the machine, because I am sick to death of trying to tell them what to do over the phone and getting "The little MAN with the FACE is doing the THING" as their responses.
Does anyone have any advice for remote-desktop options on mac, preferably ones that can be used cross-platform, and ones that won't open a gigantic gaping security hole in their computer with neon lighted arrows and a sign that says "HACKERS ENTER HERE" (that is, Zoom)?
The best thing they can do is buy an external HDD, dump all the files they want to save onto that HDD, put it in a lockbox and never touch it again, and then nuke their machine from orbit (factory reset).
The only time they can take the HDD out of the lockbox is when you are there to physically access it yourself on a clean machine. Even then, I'd do an immediate scan on the whole thing, only pull out the files you truly want (i.e., just the documents, not executables and DLLs that can just be re-downloaded again safely), and then reformat the HDD when you're done.
I agree 100%.
But I'm talking about two +65 year old individuals who don't understand that their email password is different than their wifi password, and regularly call up their ISP because they're unable to log into GMail.
When I told them that they likely had malware, and to stop using the computer and cancel their credit cards immediately, they said that "sounded like too much work". I'm just trying to do something, anything, to mitigate.
They absolutely have zero capacity to clone the HDD from an All-in-One Mac on their own. Nevermind reinstalling the OS on their own.
I continue to swear by MalwareBytes, and they have a Mac version that is free to download and use. Once you're rid of the malware, there's little reason to nuke the computer from orbit these days. The vast majority of malware these days aren't viruses or rootkits, they're bullshit browser extensions and garbage like MacKeeper.
I very much appreciate all the advice!
Family tech support is positively the worst.
Is this kind of thing worth following up on?
Probably not. Change your password, make sure 2FA is attached, move on.
But in reality, I still run into games that aren't that old that still sneak them on to your computer.
Enlist in Star Citizen! Citizenship must be earned!
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
A number of prominent personalities have apparently had their Twitter accounts compromised. Targets include Bill Gates, Kanye West, and Elon Musk, as well as Apple and Uber's Twitter account. Also a wide swath of cryptocurrency related Twitter accounts.
The fact that this is hitting so many prominent accounts so rapidly, and that apparently Twitter is deleting the tweets as quickly as they appear, indicates that someone has high level access - and Twitter can't keep them out.
This doesn't look like a standard phishing compromise.
Edit:
MalwareTechBlog is... a Malware tech blog.
Jezum Crow. This is a wicked game of whack a mole. Whoever is doing this already hit Biden.
I predict the moment they try to hit Trump, Twitter will actually do something about this.
Double Edit (This is moving fast!):
There's some indication that the accounts in question have been fully compromised, including alterations to recovery email options.
This may be the single most significant security breach of the last... I don't even know. But considering that the United States is currently run by a man who issues orders via Decree by Twitter, someone with this level of access could fuck some shit up to say the least.
They would rather watch the country burn then shut down for even a few minutes to fix this.
PSN:Furlion
So, TLDR seems to be that this was social engineering of employees within Twitter. Likely bribery.
First, why did ANY employee have access to make Tweets from any account?
Second, why did ANY employee have access to change the account's recovery email?
Third, what else did they have access to? They likely left something to get back in. They likely stole sensitive information (DMs, etc).
Fourth, HOLY FUCK TWITTER, this is SECURITY 101 SHIT HERE. The human is always the weakest link in the chain, so you LIMIT THEIR PERMISSIONS.
Twitter servers should be air-gapped. All of them.
Lit on fire and tossed in the ocean.
How the hell is that crap accessible to the internet?
Nintendo Network ID: AzraelRose
DropBox invite link - get 500MB extra free.
Oh my god I didn't even think of that.
$5 says he was the real target and they're distracting by making other accounts seem like they were the priority
Can I take you up on the bet simply because I want to pay $5 for that to be true?
https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online
https://www.zdnet.com/article/hacker-leaks-passwords-for-900-enterprise-vpn-servers/