Jump to content

David H. Lipman

  • Content Count

  • Joined

  • Days Won


Everything posted by David H. Lipman

  1. Monster.com says a third party exposed user data but didn’t tell anyone "An exposed web server storing résumés of job seekers — including from recruitment site Monster — has been found online. The server contained résumés and CVs for job applicants spanning 2014 and 2017, many of which included private information like phone numbers and home addresses, but also email addresses and a person’s prior work experience. Of the documents we reviewed, most users were located in the United States. It’s not known exactly how many files were exposed, but thousands of résumés were found in a single folder dated May 2017. Other files found on the exposed server included immigration documentation for work, which Monster does not collect. A company statement attributed to Monster’s chief privacy officer Michael Jones said the server was owned by an unnamed recruitment customer, with which it no longer works. When pressed, the company declined to name the recruitment customer. “The Monster Security Team was made aware of a possible exposure and notified the recruitment company of the issue,” the company said, adding the exposed server was secured shortly after it was reported in August. Although the data is no longer accessible directly from the exposed web server, hundreds of résumés and other documents can be found in results cached by search engines. But Monster did not warn users of the exposure, and only admitted user data was exposed after the security researcher alerted TechCrunch to the matter. “Customers that purchase access to Monster’s data — candidate résumés and CVs — become the owners of the data and are responsible for maintaining its security,” the company said. “Because customers are the owners of this data, they are solely responsible for notifications to affected parties in the event of a breach of a customer’s database.” Under local data breach notification laws, companies are obliged to inform state attorneys general where large numbers of users in their states are affected. Although Monster is not duty bound to disclose the exposure to regulators, some companies proactively warn their users even when third parties are involved. It’s not uncommon for companies to warn their users of a third-party breach. Earlier this year after hackers siphoned off millions of credit cards from third-party payments processor American Medical Collection Agency, its customers — LabCorp and Quest Diagnostics — admitted to the security lapse. Monster said that because the exposure happened on a customer system, Monster is “not in a position” to identify or confirm affected users."
  2. Did you enter your email address(es) in the following site to check to see if that email address was associated with a known breach? That is most likely how they obtained your password and then used it in the cited email. https://haveibeenpwned.com/
  3. Yes, through the anti exploitation module and the ability to scan the Windows Registry.
  4. The question is not which is better but, whom do you TRUST ! Presumably, if you have a good AV/AM keylogging is not an issue and thus a moot point. However if you are on a corporate network that enabled and whitelists a Keylogger ( which is legal in the US ) then it is possible that when you data is decrypted from the credential store it may be harvested. However that points to the fact that one should NOT be doing personal business on the employer provided equipment.
  5. Besides what Porthos has indicated, you have it backwards @renatows You posted in the False Positive section. This is the area to report a situation where Malwarebytes detects a legitimate file incorrectly ( falsely ) making it a False Positive detection. When Malwarebytes doesn't detect a targeted file type that is malicious, that a False Negative. False negatives require a submission in; Newest Malware Threats after reviewing the following on how to provide sample submissions such that Malwarebytes' Anti-Malware (MBAM) can detect targeted but presently undetected threats. Malware Hunters group Purpose of this forum
  6. I don't know what "posts" you refer to but the legitimately named "CPU-Z" utility is not malicious. Note that there is a lot of misinformation on the 'net and any malware can be renamed to masquerade as any legitimate file. In fact, it is a common practice to evade and "hide in plain site" and that is why I stated This is also why you always get software and utilities directly from their source and not third parties that may host files.
  7. If obtained from the maker, https://www.cpuid.com/softwares/cpu-z.html, Yes, it is safe,
  8. These are classed as malicious advertisements or malvertisements. As such it is not about what software is on your PC but about what web sites you visit and one's browsing habits. For example there are certain porn sites that have a greater propensity to exhibit a FakeAlert. If you are on Windows, a Microsoft FakeAlert. If you are on an Apple iPhone or MAC, you will see an Apple FakeAlert. Then there are sites that don't care who they do business with when it comes to advertisement revenue. Or when one marketing company outsources to another. Then the malvertisement may be rotated in or randomly displayed. As I have explained in other discussions I have seen fake Mozilla Firefox malvertisements emanating from the Weather Channel web site. There was a case where members visited AllMusic.com and on rare occasions they got a Microsoft FakeAlert. The reports were few and reproducing it was difficult but finally I was able to coax a Microsoft FakeAlert from a visitation. It was all discussed in This Thread. Reference: Post #20
  9. @iggy22 If you are getting malvertisements in your Browser such as the FakeAlert shown in Post #1 then you need to look at what web sites your are visiting when this happens and your browsing habits. If it is happening on eBay then try to avoid these "standard elements" as there are way too many unscrupulous resellers on eBay as well as Fake eBay sites.
  10. Microsoft .NET Framework 4 (Web Installer) https://www.microsoft.com/en-us/download/details.aspx?id=17851
  11. There are some low-balled crap out that there that are being sold Windows 10/64 bit systems with 2GB RAM and 32GB SSD. To me, they are unfit for merchantability.
  12. That's not Situational Awareness. That's the "Insider Threat". An Insider Threat is someone inside the enclave that has physical access to to the device, equipment and data and for various reasons can be a source of compromise of that device, equipment and/or data. The objective is taking evasive and preventative action. Situational Awareness is about keeping ones wits about them them by understanding current threats, keeping their attention to their physical or virtual environment, by staying on guard and having reactionary plans at hand. Its all about one's relationship to their environmental space and location in time. Situational awareness could be as simple as not looking at a cell phone while walking down a street where their attention to their phone can leave them open to a slip and fall, being hit by a vehicle or even being the object of an assault or robbery. It could also be not eating while driving or playing with their digital dashboard of the vehicle while in motion. It could also be learning about the physical attributes of threats in the virtual world of the Internet and one's interaction in that environment. While there are overlaps in all types of threats it is important to understand the distinction between them and the intricacies of each.
  13. Yahoo! Data Breach Settlement https://yahoodatabreachsettlement.com If you had a Yahoo account anytime in 2012 through 2016, a pending class action settlement may affect you. A Class Action Settlement has been proposed in litigation against Yahoo! Inc. (“Yahoo”) and Aabaco Small Business, LLC (together, called “Defendants” in this notice), relating to data breaches (malicious actors got into system and personal data was taken) occurring in 2013 through 2016, as well as to data security intrusions (malicious actors got into system but no data appears to have been taken) occurring in early 2012 (collectively, the “Data Breaches”). 2012 Data Security Intrusions: From at least January through April 2012, at least two different malicious actors accessed Yahoo’s internal systems. The available evidence, however, does not reveal that user credentials, email accounts, or the contents of emails were taken out of Yahoo’s systems. 2013 Data Breach: In August 2013, malicious actors were able to gain access to Yahoo’s user database and took records for all existing Yahoo accounts—approximately three billion accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders. As a result, the actors may have also gained access to the contents of breached Yahoo accounts and, thus, any private information contained within users’ emails, calendars, and contacts. 2014 Data Breach: In November 2014, malicious actors were able to gain access to Yahoo’s user database and take records of approximately 500 million user accounts worldwide. The records taken included the names, email addresses, telephone numbers, birth dates, passwords, and security questions and answers of Yahoo account holders, and, as a result, the actors may have also gained access to the contents of breached Yahoo accounts, and thus, any private information contained within users’ emails, calendars, and contacts. 2015 and 2016 Data Breach: From 2015 to September 2016, malicious actors were able to use cookies instead of a password to gain access into approximately 32 million Yahoo email accounts. Plaintiffs claim that Defendants failed to adequately protect their Personal Information and that they were injured as a result. Defendants deny any wrongdoing, and no court has made any ruling in these matters. Who’s Included? If you received a Notice about the Data Breaches, or if you had a Yahoo account at any time between January 1, 2012 and December 31, 2016, and are a resident of the United States or Israel, you are a “Settlement Class Member.” What does the Settlement provide? Yahoo has enhanced, or, through its sucessor in interest, Oath Holdings Inc. (“Oath”), continues to enhance security of its customers’ Personal Information stored on its databases. Defendants will also pay for a Settlement Fund of $117,500,000. The Settlement Fund will provide: a minimum of two years of Credit Monitoring Services to protect Settlement Class Members from future harm, or Alternative Compensation instead of credit monitoring for Class Members who already have Credit Monitoring Services (subject to verification and documentation); Out-of-Pocket Costs for losses related to the Data Breaches; and reimbursement of some costs for those who paid for Yahoo premium or small business services. The Settlement Fund will also be used to pay for attorneys’ fees, costs, and expenses, and Service Awards for the Settlement Class Representatives. These are only a summary of the benefits. For complete information, dates, and details on the benefits, visit the Settlement Website www.YahooDataBreachSettlement.com. What are my options? In order to receive any benefits, you must file a claim online or by mail by July 20, 2020. If you want to keep your right to sue the Defendants yourself, you must exclude yourself from the Settlement Class by March 6, 2020. If you exclude yourself you will not receive any credit monitoring or monetary relief from the Settlement. If you stay in the Settlement Class, you may object to the Settlement, and/or the amount of attorneys’ fees, costs, and expenses, and/or the amount of Class Representative Service Awards by March 6, 2020. If you do nothing, you will not receive any credit monitoring or monetary benefits but you will still be bound by the Court’s decisions. Complete information and instructions on Filing a Claim, excluding oneself from the Settlement, or Objecting are available on the Settlement Website at www.YahooDataBreachSettlement.com . The Court has scheduled a hearing in this case at 1:30 pm on April 2, 2020, in Courtroom 8 of the U.S Courthouse, 280 South 1st Street, 4th Floor, San Jose, CA 95113, to consider: whether to approve the Settlement; any objections; a request for Class Representatives’ Service Awards; and attorneys’ fees, costs, and expenses for investigating the facts, litigating the case, and negotiating the settlement. The motion for attorney fees, costs, and expenses will be posted on on the date it is filed or as quickly thereafter as practicable. You may ask to appear at the hearing but you do not have to. This is only a summary. For complete information and to file a claim for benefits, visit the Settlement Website, www.YahooDataBreachSettlement.com, email info@YahooDataBreachSettlement.com or call 844-702-2788 (1-80-9344112 for residents of Israel). Click here to go to the Documents page of the website. Haga clic aquí para ir a la página de Documentos del sitio web. לחץ כאן למעבר לעמוד המסמכים של האתר. Нажмите здесь, чтобы перейти на страницу «Документы» веб-сайта.
  14. They just keep coming... Hi, how you doing ? We see nothing mischievous in pleasing yourself from once in a while. Certain things must be kept private, and if your relatives and friends are confronted by it, this will be something to worry about. Something anyone would be badly put out by. This will strongly influence your personal life and wellbeing. For a certain period of time, we have been tracking your PC activity via a trojan virus that you had caught and that had infected your PC. You had been infected after clicking on an poster on one of our virus-infected pornographic websites. A trojan virus provides us with access to your PC and any device that is connected to it, whether via wifi or bluetooth. We have been monitoring your screen and everything you have been doing - through a live feed - and you had no idea of us doing this. We also have access to your camera and microphone which we can switch on and off whenever we want. Any information that has been interesting or relevant to us has been stored privately. For instance: contacts, social media, emails, etc. We have recorded a video where you can be seen pleasing yourself, and we have added the video you was watching as an split screen footage. With one press of a button I can forward this video to all your contacts, social media, etc. If you want to prevent this from happening transfer the amount of $750 to the following bitcoin address. Bitcoin wallet: 1E4WMuN9jZ##############yL3LmoMek4HNEenh7hB Buying bitcoin is very easy and straightforward (usually verification is needed) through the following websites: www.coinbase.com www.localbitcoin.com www.coinmama.com www.bitit.io ww.bitpanda.com www.bittylicious.com The next moment after receiving money, I will erase all your data. We are very generous, so you have 5 days to process the payment. Failing to do so will leave you with the consequences that you have been made aware of. We don’t make mistakes. By the way, nothing can be more stupid that reporting this, as it is absolutely unattainable to track this email, as these messages were processed through the external server located in another country. These accounts have been hacked. If you make the stupid choice to do report this or contact anybody about this message we will directly release your footage and forward it. Any other things we obtained that can possibly harm you will be used against you too. We will get notified as soon as this email has been opened, from that moment the clock starts running. You have 5 days exactly, not a minute longer. Best Regards
  15. The term malware is the overarching concept of Malicious Software and is a derivation of parts of those words concatenated together. All viruses are malware but not all malware are viruses. There is a taxonomy to malware just like there is in the animal kingdom or even vehicles. Just like all Fords are automobiles not all automobiles are Fords. There are three basic sub-types of malware; Viruses, Trojans and Exploit code Viruses - A subset of malware that is capable of self replicating and spreading autonomously. That means viruses are able to spread from computer to computer, computer to media and from media to computer without assistance. Viruses are further broken down and have sub-types based upon how they spread. For example there are viruses that are called file infectors because they spread by infecting a legitimate file by appending, prepending or cavity injecting code into the file which will then, in turn, be able to infect other files. There are also type of viruses called worms. They can use Network Protocol to spread from system to system over a network. they are known as Internet Worms. Then there are worms that exploit the AutoRun/AutoPlay facility in Windows. Malicious code is placed on a media such as a CDROM, Flash Drive or Removable hard disk in such a way that when they are inserted into a windows PC the infector spreads from the media to the system. Trojans - This is a malware sub-type that requires assistance to infect a system. It could be Social Engineering ( the Human Exploit ), Exploit code or some other means. A trojan can infect a legitimate file by appending, prepending or cavity injecting code into the file but that is the extent of the infection. The altered file can't spread the infection. Such a file is deemed "trojanized" or "patched". There are many other sub-types of trojans as this is the biggest class of malware can; inject malicious code, download, drop, dial porn ( 900 ) numbers, steal passwords, steal data, create a Remote Access backdoor, act as a part of a larger robotic system doing the bidding of a central command and control (C2) system, act as a Proxy, and many, many, more forms of malicious activity. Exploit code - This is code to take advantage of a system, functionality, or bad coding. For example there may be a software bug in a particular program that when exploited can cause a trojan to be installed. Another example is where a file is coded in such a way that when viewed or rendered will cause that viewer and rendering software to act in an unusual way. For example a Winmad trojan may exploit the Digital rights Management ( DRM ) to cause the use of a media file ( MP3, WAV, etc ) file to cause a malicious download. The above may be combined. For example the Lovsan/Blaster worm was an Internet worm that exploited a bug in the RPC/RPCSS subsystem of Windows which uses TCP port 135 and cause the installation and execution of the malware. Once infected that system can seek out other vulnerable systems via TCP port 135 and infect them. Thus the Lovsan/Blaster worm uses both Exploit Code and is a Internet worm. There are also other situations where a trojan can be infected by a virus. For example a Downloader Trojan may be infected by a file infecting virus such as Sality or Parite. The trojan will still do what it was programmed to do but it will also cause other files to be infected and spread that virus to other systems, You'll see the term "trojan virus". This is a false term. The above is not a "trojan virus" it is a trojan infected with a virus. Calling a malware a "trojan virus" is akin to calling a particular automobile a "Ford Chevrolet" or a "Mazda Datsun".
  16. Hind-sight is 20/20 and through the lens of time, we learn more. It also is a reminder of how Pakistani A.Q. Khan proliferated Nuclear technology and while Qadafi gave up on nuclear technology, Iran never did. Dank je @pondus
  17. As always I suggest creating a password encrypted ( enhanced RSA and AES ) Excel Spreadsheet using highbit encryption with a Strong Password. For added security, that password encrypted Excel Spreadsheet can be stored within a password protected ZIP file using a Strong Password. Thus making the data enclosed within a double wrapped secured container.
  18. I can see two different sub-forums as they are programmed differently and will have different bugs and errors. As one can see the Chrome extension is live but the Firefox version has been temporarily pulled. This demonstrates that division. I can see one False Positive reporting sub-forum in the Malwarebytes Browser Guard for both Chrome and Firefox so as to clearly identify and separate F/P Reporting for them
  19. They are both malvertisements. The first is for a software update that purports to be Adobe Flash but it is not. It will install Adware or some Potentially unwanted software or actual malware. The second is an Apple FakeAlert for some product. They have nothing to do with any software on your PC. Examples: FakeAlert-Screens.pdf / Flash Version Here are videos demonstrating Apple FakeAlerts used to goad Apple device users to download Advanced MAC Cleaner and MyMobileSecure VPN solution. Apple FakeAlert leads to Advanced MAC Cleaner Rogue AV software Apple FakeAlert leads to MyMobileSecure VPN solution You can't quarantine web sites. You need to look at your Browsing habits and what sites you visited when you got these malvertisements and try to avoid them if possible.
  20. Yes. I have repeated it because the problem gets re-posted over and over and the answer doesn't change. I will try to update the text as things change though.
  21. This is purely a scam and they send those emails out en masse hoping one or two bite at the bait. Just delete the email and then change your email password to a new Strong Password just to make sure. Additionally, you can enter your email address(es) in the following site and it will check to see if that email address was part of a known breach. This is the way they know the password. Through a data breach where the harvested data is then sold or bartered. https://haveibeenpwned.com/ Please reference: ----------------- US FBI PSA - Extortionists Increasingly Using Recipients' Personal Information To Intimidate Victims US FTC Consumer Information - How to avoid a Bitcoin blackmail scam MyOnlinesecurity - attempted-blackmail-scam-watching-porn BleepingComputer - Beware of Extortion Scams Stating They Have Video of You on Adult Sites Malwarebytes' Blog - Sextortion emails: They’re probably not watching you Malwarebytes Forum sample thread - Got strange threating email. Malwarebytes Forum FYI thread - FYI: Email Blackmail Scam still current
  22. Email clients aren't a vulnerability. Yes, certain email client software may fall to a software vulnerability that may be exploitable but they are few and far between and there is a myriad of email clients. The true vulnerability is the email recipient themselves. Many forms of malicious emails use Social Engineering which is the human exploit. The vulnerability is falling for a Phishing email or, what we were previously discussing, a sextortion email. The vulnerability is the susceptibility for falling for Social Engineering ploys.
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.