Подписаться Бесплатная «Серебряная» новостная рассылка . Подписчиков 8.345 RSS

←   Апрель 2014   →
	1 01.04.2014 06:15:52 17:15:19	2 02.04.2014 06:15:44 17:16:08	3	4 04.04.2014 06:15:38 17:16:15	5	6
7	8 08.04.2014 06:15:38 17:15:53	9 09.04.2014 06:15:50 17:16:13	10 10.04.2014 06:15:48 17:15:56	11 11.04.2014 06:15:50 17:15:53	12	13
14	15 15.04.2014 06:15:40 17:16:36	16 16.04.2014 06:15:52 17:16:27	17	18	19	20
21	22 22.04.2014 06:15:47 17:16:28	23 23.04.2014 06:15:36 17:16:14	24 24.04.2014 06:15:45 17:16:35	25 25.04.2014 06:15:37 17:16:39	26	27
28	29 29.04.2014 06:15:18 17:25:25	30 30.04.2014 06:15:46 17:16:57

За последние 60 дней ни разу не выходила

Сайт рассылки: http://av-host.net
Открыта: 09-03-2012

Автор

kmm

Статистика

8.345 подписчиков
0 за неделю

• Выпуски
• Статистика

←   Все выпуски   →

Для тех, кто в танке: <<Лаборатория Касперского>> начинает совместную с Wargaming акцию

2014-04-02 14:44 Для тех, кто в танке: «Лаборатория Касперского» начинает совместную с Wargaming акцию 2014-04-03 12:14 The MiniDuke of Ukraine 2014-04-03 12:36 Vulnerabilities in Oracle Java Cloud Publicly Disclosed 2014-04-03 13:03 Большая рыбалка: треть фишинговых атак направлены на кражу денег

Антивирусный "хостинг" Клуб пользователей антивирусных услуг (Saas, Cloud) Антивирусы и безопасность (SaaS, Cloud ...) Для тех, кто в танке: «Лаборатория Касперского» начинает совместную с Wargaming акцию 2014-04-02 14:44 KMM поделился ссылкой Для тех, кто в танке: «Лаборатория Касперского» начинает совместную с Wargaming акцию «Лаборатория Касперского» совместно с одним из крупнейших мировых издателей и разработчиков на рынке массовых многопользовательских игр Wargaming представляют акцию «Танковый прорыв» для всех любителей военной техники и игр World Of Tanks и World Of Warplanes. The MiniDuke of Ukraine 2014-04-03 12:14 KMM поделился ссылкой The MiniDuke of Ukraine Roughly one year ago, the MiniDuke malware was discovered in a targeted campaign against European governments. This week, reports have emerged that the malware is being distributed yet again under the guise of PDF documents related to Ukraine – one of which was never released to the public. MiniDuke Background When it first emerged, MiniDuke was noted for what many called a bizarre and advanced approach to malware. MiniDuke was written in machine assembly language, allowing for an extremely small – and unsuspicious file size. At the same time, it connected to both Twitter and Google to receive instructions on where to download updated backdoors. Once connected to malicious CnCs, updates would then come in the form of steganographically encrypted image files, allowing for essentially surreptitious infection. Back when MiniDuke was discovered, it was thought to be the work of a seasoned professional; and, the fact that it specifically targeted governmental computers was alarming. MiniDuke Infection While MiniDuke’s technical details may indeed be quite advanced, initial infection hinges on a simple act of social engineering: getting the victim to open a spoofed PDF. The PDF may come in the form of an official looking governmental document sent via email, or in even more targeted scenarios it could be placed on a USB drive that somehow makes its way into the port of the target’s computer. In both cases, an attacker’s success depends on covert infiltration. MiniDuke must be installed without arousing any suspicion. The MiniDuke of Ukraine is a Social Engineer For malware authors, infecting a governmental employee’s PC is high risk-high reward behavior, and in most cases it is extremely targeted. Most governments practice extremely stringent security policies, and most governmental employees are trained to be suspicious of unsolicited emails or requests to “print” a document on their computer. But attackers do get through, and this of course brings us to MiniDuke’s latest incarnation. The malware has caused concern because the spoofed PDFs find origin in Ukraine. Most of the documents were gleaned from publicly accessible sources, and made to look relevant to whomever they were sent; but one document in particular contains the signature of Ruslan Demchenko, First Deputy Minister for Foreign Affairs of Ukraine. This document was never made publicly accessible. The implications of this latest MiniDuke campaign are thus twofold: Whoever receives the spoofed PDFs is much more likely to open to them, regardless of training, simply because the current crisis in Ukraine is on everyone’s mind. Whoever has created the spoofed PDFs may already have insider access to the Ukrainian government’s computer network. Both of these implications speak to the nature of malware propagation in general, and both can provide insight to any computer user regardless of occupational status. Social engineering usually works best when it leverages current events or a subject the target is known to be involved in. And, when the stakes are high, insider connections are common. For personal users, this isn’t to say that friends betray friends with targeted malware; but, it does relate to the increasingly social nature of the web and does suggest that everyone should be wary of who they “let in” to their Internet social circle. Targeted attacks work because attackers with targets do their research, and minimizing the amount of personal information one puts on the web is therefore an essential step to identity theft prevention. For governmental employees bound by duty to be transparent, this may indeed be difficult; but for the rest of us, it can be as simple as anonymizing a Twitter account. MiniDuke and Emsisoft Fortunately, most Emsisoft users are not at risk of being infected by MiniDuke, simply because the malware is most often deployed in targeted attacks against governmental employees. Nevertheless, Emsisoft Anti-Malware does detect MiniDuke’s dropper and MiniDuke’s payload, simply because malware is malware — no matter who it targets or where it comes from. So whether you’re governmental, civilian, or purely virtual, Have a Great (Malware-Free) Day!   Related Posts: Emsisoft Fraud Alert: LinkedIn Data Breached by Fake… Emsisoft Fraud Alert: LinkedIn Data Breached by Fake… ALERT: Google Drive Phishing Scam 2013: The Year We Were “Snowden” Caphaw Trojan Found in Youtube Ads Vulnerabilities in Oracle Java Cloud Publicly Disclosed 2014-04-03 12:36 KMM поделился ссылкой Vulnerabilities in Oracle Java Cloud Publicly Disclosed Polish computer security research firm Security Explorations has just disclosed 30 unpatched vulnerabilities affecting the popular PaaS Oracle Java Cloud. Disclosure comes in the form of two detailed reports, which contain proof of concept demonstrations and reveal: 1) weaknesses with the PaaS’s implementation and configuration, 2) opportunities for users to access other users’ applications, and, most importantly, 3) issues that could expose the service platform to attacks from remotely executed code. The public disclosure comes roughly two months after Security Explorations had initially reported the vulnerabilities to Oracle. Reports indicate that the corporation did acknowledge the research firm’s findings as early as February 12th. Reports also indicate that at the time of that acknowledgement, Oracle also promised a March 24th status report detailing what was being done to resolve the vulnerabilities. As of April 2nd, Security Explorations had yet to see said report. In response, the research firm has issued public disclosure and encouraged Oracle Java Cloud users to demand a refund due to “unsatisfactory security levels.” Such a disclosure is indeed controversial, as it reveals a number of vulnerabilities to the public at large – a public that includes malicious actors. Issues addressed in the report include: Bypasses of the Java security sandbox Bypasses of whitelisting rules on the Java API Shared server administrator passwords Plain text user password accessibility The use of outdated Java SE software that lacks approximately 150 security fixes The potential for attacks via remote execution of code For those who use the PaaS, these are all issues that cannot be ignored. But even for the rest of us, the general issue of public disclosure of ANY software vulnerability is still quite relevant, and begs the question: Is it the right way to do business? Some would say that public disclosure is in the interest of public (computer) health, and in all cases acceptable. Others would say that it treads too closely to ransom, and that programs like Microsoft’s Bug Bounty, for example, work only to reward malicious behavior. In any event, there is indeed a fine line separating security research firms from malware operations proper, and in most cases it is a line drawn by personal ethics. What is perhaps most interesting about this latest issue with Oracle – a company long known for its less than impenetrable software – is that it highlights the ethical underpinnings of what is viewed by most as a purely technical pursuit. The world of software has its good guys and its bad guys, just as does the non-virtual world. Exactly who is who in this David v. Goliath instance of Oracle and Security Explorations is perhaps a non-binary issue that can’t quite so easily be resolved; but, it should be interesting to see just how many of the vulnerabilities exposed by Security Explorations are addressed in Oracle’s upcoming update on April 15th. In the meantime, Emsisoft welcomes all opinions on the matter of software ethics in the comments section below. Have a Great (Malware (and Vulnerability))-Free Day! Related Posts: Application Vulnerabilities? Put Your Computer on the… Security advice: Be careful when using Java LINKEDIN – connecting to… ZeuS? Adobe Flash Zero Day: Operation GreedyWonk Firmware Vulnerabilities Discovered on Linksys and ASUS… Большая рыбалка: треть фишинговых атак направлены на кражу денег 2014-04-03 13:03 KMM поделился ссылкой Большая рыбалка: треть фишинговых атак направлены на кражу денег Согласно проведенному «Лабораторией Касперского» исследованию, злоумышленники стали чаще стали создавать онлайн-ресурсы, копирующие внешний вид сайтов финансовых компаний, для получения конфиденциальной информации и кражи денег со счетов интернет-пользователей.

---

В избранное

{#template MAIN} <div id="loginForm" style="display:none;" class="subscriberu_popup"> <div class="popup_register"> {#include js_tmpl_auth_reg_tab} {#if $P.login_register_tab == 1} <form class="authentication-form" method="post" action="/MEMBERLOGIN_authen_cred"> <dl class="rg_block_options"> <dt id="js_tap_panel_auth"> <h1>Войти на сайт</h1> {* {#include js_tmpl_auth_reg_button} *} {#include js_tmpl_auth_reg_action} <hr class="logreg_line noPhones"> <div class="logreg_descr noPhones"><p>{#include js_tmpl_auth_reg_descr} </p></div> <div class="logreg_advice noPhones"> Если вы еще не с нами, то начните с <a href="#" onclick="rgNav('js_tab_reg');return false;" class="dashed" data-func="registr">регистрации</a> </div> <br><br> <a class="dashed auth-enter" href="/manage/author/"><b>Вход для авторов</b></a> </dt> </dl> </form> {#/if} {#if $P.login_register_tab == 2} <div class="rg_block_options"> <div id="js_tap_panel_auth"> <h1>Регистрация</h1> <div class="social_reg"> {* <div class="rg_description">{#include js_tmpl_soc_auth_reg_descr}</div> *} {#include js_tmpl_auth_reg_soc} <div class="rg_soc_auth_agree">{#include js_tmpl_auth_reg_agree}</div> </div> <div class="subscribe_reg"> {* <div class="rg_description"> #include js_tmpl_auth_reg_descr </div> *} {#include js_tmpl_auth_reg_action} </div> {* {#include js_tmpl_auth_reg_button} *} <div class="clr"> </div> <hr class="logreg_line noPhones"> <div class="logreg_descr noPhones">{#include js_tmpl_auth_reg_descr} {#include js_tmpl_soc_auth_reg_descr} </div> </div> </div> {#/if} </div> {* <div class="gray_bg register_shadow"></div> *} </div> {#/template MAIN} {#template js_tmpl_auth_reg_tab} <ul class="rg_nav"> <li id="js_tab_auth" class="{#if $P.login_register_tab == 1} rg_active_nav {#/if} rg_first_nav"><a onclick="rgNav('js_tab_auth');return false;" href="">Вход на сайт</a></li> <li id="js_tab_reg" class="{#if $P.login_register_tab == 2} rg_active_nav {#/if}"><a onclick="rgNav('js_tab_reg');return false;" href="">Регистрация </a></li> </ul> <span onclick="hidebo();" class="rg_closed"> </span> {#/template js_tmpl_auth_reg_tab} {#template js_tmpl_auth_reg_action} {#if $P.login_register_tab == 1} {#include js_tmpl_auth_reg_soc} {#/if} <div class="rg_forms"> <input type="hidden" id="login_register_destination" value="{$P.login_register_destination}"/> {#if $P.login_register_tab == 1} <div class="rg_for_input"> <span class="rg_text_inner">E-mail или код подписчика</span> <input id="credential_0" class="js_keydown_selector rg_input_text" data-js_submit="no" data-js_next_input_name="credential_1" name="" type="text" /> </div> <div class="rg_for_input"> <span class="rg_text_inner">Пароль</span> <input id="credential_1" class="js_keydown_selector rg_input_text" data-js_submit="yes" data-js_action="js_loginFormBut" name="" type="password" onkeyup="showAttention(this,!!window.event.shiftKey)" /> <span class="pswd_attention" id="attention_pswd"> <span class="icon_attention"></span> <span class="pswd_attention-text" id="attention-text_pswd1">Русская раскладка клавиатуры!</span> <span class="pswd_attention-text" id="attention-text_pswd2">У вас включен Caps Lock!</span> <span class="pswd_attention-text" id="attention-text_pswd3">У вас включен Caps Lock и русская раскладка клавиатуры!</span> </span> </div> <div class="rg_for_input input-alien"> <span class="chk noPhones"><input id="chk_alien" name="" type="checkbox" /></span><label for="chk_alien" class="noPhones"> Чужой компьютер</label> <a class="forgot_pass" href="/member/totalrecall">Забыли пароль?</a> </div> <div class="rg_for_input"> <em id="auth_msg" class="reg_error"></em> <input id="lf_typeauthid" value="email" type="hidden"> <input type="submit" class="button button-red logreg_submit" id="js_loginFormBut" value="Войти"> <!--</a>--> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> </div> {#/if} {#if $P.login_register_tab == 2} <div class="rg_for_input"> <span class="rg_text_inner">E-mail</span> <input id="arfemail" class="js_keydown_selector rg_input_text" name="" type="text" data-js_submit="yes" data-js_action="js_regFormBut"/> </div> <div class="rg_for_input rg_set_lineh rg_for_input_wide"> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_terms' type="checkbox" data-js_submit="yes" /></span> Я ознакомился и согласен с <a class="link_txd logreg_accLink" href="/faq/vereinbarung.html">условиями сервиса Subscribe.ru</a> </label> <br /> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_personal' type="checkbox" data-js_submit="yes" /></span> Нажимая на кнопку "Готово!", я даю <a class="link_txd logreg_accLink" href="/faq/persverordnung.html">согласие на обработку персональных данных</a> </label> </div> {* <div style="float: left;position: absolute;left: 11em;"> <img src="http://www.kupivip.ru/images/vip/logo.png?1604" style="width: 86px; vertical-align: middle;display: block;"> </div> <div class="rg_for_input rg_set_lineh"> <label class="js_tap_panel_checkbox"><input name="" id="js_tap_panel_checkbox_kupivip" type="checkbox" data-js_submit="yes"> Я хочу получать новости о скидках на одежду</label> </div> *} <div class="rg_for_input"> <em id="reg_msg" class="reg_error rg_for_input_wide"></em> <em id="reg_msg2" class="reg_error rg_for_input_wide"></em> <input id="rf_typeauthid" value="email" type="hidden"> <a class="button button-red logreg_submit" id="js_regFormBut" href="#">Готово!</a> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> </div> {#/if} </div> {#/template js_tmpl_auth_reg_action} {#template js_tmpl_auth_reg_agree} <div class="rg_for_input rg_set_lineh rg_for_input_wide"> <label class="js_tap_panel_checkbox"> <span class="chk"><input name="" id='js_tap_panel_checkbox_terms_reg' type="checkbox" data-js_submit="yes" /></span> Я ознакомился и согласен с <a class="link_txd logreg_accLink" href="/faq/vereinbarung.html">условиями сервиса Subscribe.ru</a></label> <em id="reg_msg_soc" class="reg_error rg_for_input_wide"></em> </div> {#/template js_tmpl_auth_reg_agree} {#template js_tmpl_auth_reg_button} <div class="rg_butons_socials"> {#if $P.login_register_tab == 1} <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="auth_email" href="#"><span><i></i>Email</span></a> <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="auth_openid" href="#"><span><i></i>OpenID</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="auth_vkontakte" href="#"><span><i></i>Вконтакте</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="auth_mailru" href="#"><span><i></i>Mail.Ru</span></a> {#/if} {#if $P.login_register_tab == 2} <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="reg_email" href="#"><span><i></i>Email</span></a> <a class="rg_btn_soc rg_bs_01 js_tap_panel_selector" action="reg_openid" href="#"><span><i></i>OpenID</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="reg_vkontakte" href="#"><span><i></i>Вконтакте</span></a> <a class="rg_btn_soc rg_bs_02 js_tap_panel_selector" action="reg_mailru" href="#"><span><i></i>Mail.Ru</span></a> {#/if} </div> {#/template js_tmpl_auth_reg_button} {#template js_tmpl_auth_reg_descr} {#if $P.login_register_tab == 1} Для оформления подписки на выбранную рассылку, работы с интересующей вас группой или доступа в нужный вам раздел, просим авторизоваться на Subscribe.ru {#/if} {#if $P.login_register_tab == 2} Для регистрации укажите ваш e-mail адрес. Адрес должен быть действующим, на него сразу после регистрации будет отправлено письмо с инструкциями и кодом подтверждения. {#/if} {#/template js_tmpl_auth_reg_descr} {#template js_tmpl_soc_auth_reg_descr} Или зарегистрируйтесь через социальную сеть. {#/template js_tmpl_soc_auth_reg_descr} {#template js_tmpl_auth_reg_soc} <div class="rg_soc"> {#if $P.login_register_tab == 1} <a onclick="return _checkSocConfirm(event)" href="https://oauth.vk.com/authorize?client_id=3954260&scope=wall,offline,photos,groups,video,audio,email&redirect_uri={location.protocol+'//'+location.host}/member/login/vk/&response_type=code&v=5.15" class="login_register_vk_button"> <span class="login_register_vk_icon"></span> </a> {#/if} {#if $P.login_register_tab == 2} <a onclick="return _checkSocConfirm(event)" href="https://oauth.vk.com/authorize?client_id=3954260&scope=wall,offline,photos,groups,video,audio,email&redirect_uri={location.protocol+'//'+location.host}/member/join/vk&response_type=code&v=5.15" class="login_register_vk_button"> <span class="login_register_vk_icon"></span> </a> {#/if} </div> {#/template js_tmpl_auth_reg_soc}

{#template MAIN} <div id="loginForm" style="display:none;" class="subscriberu_popup"> <div class="popup_register"> {#include js_tmpl_auth_reg_tab} <dl class="rg_block_options"> <dt id="js_tap_panel_auth"> <p class="rg_description">{#include js_tmpl_auth_reg_descr}</p> <div class="clr"> </div> {#include js_tmpl_auth_reg_action} <div class="clr"> </div> </dt> </dl> </div> <!-- <div class="gray_bg register_shadow"></div> --> </div> {#/template MAIN} {#template js_tmpl_auth_reg_tab} <ul class="rg_nav"> <li id="js_tab_reg" class="rg_active_nav rg_first_nav"><a href="" onclick="return false;" >Регистрация</a></li> </ul> <span onclick="hidebo();" class="rg_closed"> </span> {#/template js_tmpl_auth_reg_tab} {#template js_tmpl_auth_reg_descr} <strong>Пожалуйста, подтвердите ваш адрес.</strong><br><br>Вам отправлено письмо для подтверждения вашего адреса {$P.register_confirm_mail}.<br>Для подтверждения адреса перейдите по ссылке из этого письма. {#/template js_tmpl_auth_reg_descr} {#template js_tmpl_auth_reg_action} <div class="rg_forms confirm_code_from_letter"> <div class="rg_for_input"> <span class="rg_inp_descr" style="width:15em;">Или введите код из письма:</span> <input type="text" value="" id="confirm_code" name="" data-js_submit="yes" data-js_action="js_confirmFormBut" class="js_keydown_selector rg_input_text_conf" > </div> <div class="rg_for_input"><label>Не пришло письмо? <b>Пожалуйста, проверьте папку Спам</b><br /> (папку для нежелательной почты).</label><br />  <a href="" onclick="ajax_recall_code();return false" >Вышлите мне письмо еще раз!</a></div> <div class="rg_for_input"> <em class="reg_error" id="confirm_msg"></em> <a href="#" class="button button-red" id="js_confirmFormBut">Готово</a> <div class="loading loading-cover" style="display: none;"><div class="loader"></div></div> <br> </div> </div> {#/template js_tmpl_auth_reg_action}