Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
New 'Fantom' Ransomware Poses As Windows Update
Newest First  |  Oldest First  |  Threaded View
Page 1 / 3   >   >>
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/1/2016 | 1:12:05 PM
Re: Windows 10 affected?
Ultimately, the best advice: Just be extra careful with what you click on, use adblockers, and disable Flash and Java unless you REALLY REALLY REALLY trust the site.  And never click an attachment or link in an email unless you're expecting it and know what it is (and you trust the sender).
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
9/1/2016 | 1:08:18 PM
Re: SMH
Oh, yes, I definitely understand it (heck, even I have issues with the chip scanners sometimes -- especially because of the inconsistency among retailers).  It just used to be much easier and more straightforward.  (But, of course, fewer people had personal computers back then.)

Now stop skateboarding on the sidewalk!
Whoopty
50%
50%
Whoopty,
User Rank: Ninja
9/1/2016 | 8:11:19 AM
Re: Windows 10 affected?
Ransomware still creeps me out the most but at least I have a tonne of backups. But I'd rather be aware and scared, I can't imagine the shock of having all of your most personal files and folders encrypted out of the blue with no warning. 
emjones_uow
50%
50%
emjones_uow,
User Rank: Apprentice
9/1/2016 | 6:23:25 AM
Re: VPN for Additional Security
The ones i mentioned, keeps no log and there are many who does'nt either. I know there are VPNs working in grey areas but not to forget the core purpose of having a VPN. Organizations have it, to secure their network, obviously there are other factors aswell but sparing a small amount for an additional security is the least a simple internet user can do. Makes it difficult to hack ones IP as VPN ensures anonymity. 
lorraine89
50%
50%
lorraine89,
User Rank: Ninja
9/1/2016 | 6:12:59 AM
Re: VPN for Additional Security
How has your experience been with Purevpn? I have read good reviews about their connectivity.
jcavery
50%
50%
jcavery,
User Rank: Moderator
8/31/2016 | 7:50:28 PM
Re: Windows 10 affected?
Ahyup,   XP through 10
jcavery
50%
50%
jcavery,
User Rank: Moderator
8/31/2016 | 7:28:25 PM
Re: SMH
If you have ever gotten behind the wrong person in line at a grocery store with the chipped debit cards, you can understand why that person might also have trouble configuring a reliable backup system on their PC. Back in my day the only chips in a grocery store were right next to the salsa!

That ball that flew over my fence? I'm keeping it. It's mine now.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
8/31/2016 | 2:25:29 PM
Re: SMH
@jcavery: It's kind of dumb if you think about it.  Floppy drives used to come standard on computers (both desktops and laptops).  Local backup was a breeze.  Now floppy drives are considered obsolete because we have thumb drives.  Except thumb drives are still pretty expensive -- unless you get free ones at conferences...which may be infected with malware.

Meanwhile, I've got an old ZIP Drive and ZIP Disks kicking around somewhere and I can't get to what's backed up on those from years ago because nobody makes machines with those printer ports anymore.

Now I'm cranky and wistful for the good old days.  Get off my lawn.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/31/2016 | 2:22:08 PM
Re: Ransomware
Ransomware sort of became this logical next step once the spamming business for black-market pharmaceuticals went under.  Black hatters needed to find a different way to leverage their botnets, their resources, their skillz.

In our attempt to kill a fly, we let in a hornet.
Joe Stanganelli
50%
50%
Joe Stanganelli,
User Rank: Ninja
8/31/2016 | 2:19:24 PM
Re: VPN for Additional Security
In addition or as an alternative, one could work with a virtual sandbox (like sandbox.ie).  One InfoSec guy I know swears by them for protecting against ransomware specifically, among other threats.
Page 1 / 3   >   >>


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41154
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions an attacker with read access to a "SVN core" repository could execute arbitrary SQL queries. The following versions contain the fix: Tuleap Community Edition 11.1...
CVE-2021-41155
PUBLISHED: 2021-10-18
Tuleap is a Free & Open Source Suite to improve management of software developments and collaboration. In affected versions Tuleap does not sanitize properly user inputs when constructing the SQL query to browse and search revisions in the CVS repositories. The following versions contain the fix...
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...