Jump to content

David H. Lipman

Experts
  • Content Count

    16,009
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. The FavIcon shows on two different Windows 7 PCs of mine using two different Firefox versions.
  2. State Farm hit by data breach "State Farm – the largest property and casualty insurance provider in the US - has been compromised in a credential stuffing attack. The firm acknowledged the cyberattack, filing a data breach notification with the California Attorney General, and on Wednesday (August 07), it sent out “Notice of Data Breach” emails to users whose online account log-in credentials were obtained by a bad actor. The insurer’s data breach notification email read: “State Farm recently detected an information security incident in which a bad actor used a list of user IDs and passwords obtained from some other source, like the dark web, to attempt to access to State Farm online accounts. During our investigation, we determined that the bad actor possessed the user ID and password for your State Farm online account.” This type of cyberattack is called credential stuffing. Attackers will buy or take usernames and passwords that were leaked from other companies’ data breaches and they will try to use those credentials to log-in to other accounts and sites. It works well against people who use the same password for lots of different sites – something many people are in the habit of doing."
  3. You can't mix the Input Ports and the Output Ports together as that would create a Feedback Loop.
  4. I think Over Arching enmasse fraudsters rake in Millions. This action was just one action taken against one of many fraudsters who is based in the US. Unfortunately many are from "another" country.
  5. https://public.tableau.com/profile/federal.trade.commission#!/vizhome/DoNotCallComplaints/Maps
  6. FTC Sending Refunds to Victims of Tech Support Scam "The Federal Trade Commission is sending refund checks and PayPal payments totaling more than $802,000 to 12,140 consumers as part of a settlement with the operators of a St. Louis-based scam that tricked consumers into buying unnecessary technical support services. Eligible consumers paid for tech support products and services from Global Access Technical Support, which also used the names Global sMind, Global S Connect, Yubdata Tech, and Technolive. The FTC alleged the defendants worked with affiliate marketers to place pop-up ads that falsely claimed the consumer’s computer was infected with viruses or malware. The ads urged consumers to immediately call a toll-free number for help. When consumers called the number, they were connected to telemarketers who falsely claimed to be affiliated with Microsoft or Apple. The telemarketers claimed they needed remote access to consumers’ computers to diagnose the problem. Once given access, the telemarketers tricked consumers into believing that harmless directories on their computers were evidence of problems that required immediate repair. Consumers who receive a check from the FTC should deposit or cash the checks within 60 days, as indicated on the check. For the first time, the FTC is also sending refund payments via PayPal to consumers for whom the agency does not have a mailing address. Consumers will have 30 days to accept the PayPal payment. The FTC’s consumer blog post provides more details about how the refund process will work. The average refund amount is $66. The FTC never requires people to pay money or provide account information to cash a refund check. If recipients have questions about the refunds, they should contact the FTC’s refund administrator, Analytics, at 844-881-1379."
  7. Exactly. It is a OS generated file that is normal. Virus Total is a simple way to check any file. As you now see, there are 3 Virus Total Reports for three copies of "GDIPFONTCACHEV1.DAT". I think you'll find every User Profile has one.
  8. Yes, your presumptions have no basis in fact. There are 100's of files in the OS. Many are caches too. Why single this file out ? Here's the Virus Total report for my Win7 User Profile http://www.virustotal.com/file/1e4f4a4bb936381af55b3f262680a220df11da6cb24320320b6ec2c47de80512/analysis/ Here's the Virus Total report for another file from my Win7 User Profile on another PC https://www.virustotal.com/gui/file/ada06efed5d7a4d328f96c93efca893daf1cc2f3f3b879e535aa31cfa83a0b4c/detection
  9. It is an OS created data file related to your Profile and should left alone. If you have worries on a data files, send it to Virus Total. It will check it with more than 50, participating, anti malware vendors.
  10. If it is a Windows OS based server then it is a non-dedicated server. Non-dedicated servers such as Windows server is often compromised because of the Insider Threat when the role as a File Server is abused by administrators who install unapproved software and Browse the Internet. Malwarebytes' Anti-Malware ( MBAM ) does not target scripted malware files via signatures. That means MBAM will not target; JS, JSE, PS1, PY, .HTML, HTA, VBS, VBE, WSF, .CLASS, SWF, SQL, BAT, CMD, PDF, PHP, etc. It also does not target documents via signatures such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, RTF, etc. It also does not target media files; MP3, WMV, JPG, GIF, etc. Until MBAM, v1.75, MBAM could not access files in archives but with v1.75 came that ability so it can unarchive a Java Jar (which is a PKZip file) but it won't target the .CLASS files within. Same goes with CHM files (which is a PKZip file) but it doesn't target the HTML files within. MBAM v1.75 and later specifically will deal with; ZIP, RAR, 7z, CAB and MSI for archives. And self-Extracting; ZIP, 7z, RAR and NSIS executables (aka; SFX files). MBAM specifically targets binaries that start with the first two characters being; MZ They can be; EXE, CPL, SYS, DLL, SCR and OCX. Any of these file types can be renamed to be anything such as; TXT, JPG, CMD and BAT and they will still be targeted just as long as the binary starts with 'MZ'. This includes file names that use Unicode Right-to-Left Override to obfuscate an executable file extension.
  11. I'm glad to read you decided to file a complaint with the US FBI's IC3. Tech Support scammers are a real problem and Law Enforcement needs all the information from victims that they can receive. PS: Best 'O Luck with that job interview Jim
  12. @JC_Stewart Steer clear from non-vetted applications such as "Shield Apps" and "PC Privacy Shield". Any applications that were installed subsequent to the Microsoft FakeAlert and the company associated with the Tech Support Scam behind the phone number (866) 359-5578 can not be trusted. Chances are the Tech Support Scammer behind the phone number, (866) 359-5578, is an affiliate and received affiliate revenue ( aka; kickback ) for the installation. If you haven't reviewed the references I previously provided, please do so... US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams
  13. https://support.poshmark.com/customer/portal/articles/security-notice "Poshmark Security Notice FAQ What happened? We recently discovered that data from some Poshmark users was acquired by an unauthorized third party. The data acquired does not include any financial or physical address information, and we do not believe your password was compromised. Regardless, we recommend that Poshmark users change their passwords as a precaution and security best practice. What information was affected by this issue? The type of data involved includes: Certain user profile information specified for public use such as username, first and last name, gender, and city Certain internal account information such as email address, user ID, size preferences, one-way encrypted passwords salted uniquely per user (making it nearly impossible to use these passwords to access an account), as well as social media profile information collected when users connect social media accounts to Poshmark Certain internal Poshmark preferences for email and push notifications"
  14. Serious flaws leave WPA3 vulnerable to hacks that steal Wi-Fi passwords "The next-generation Wi-Fi Protected Access protocol released 15 months ago was once hailed by key architects as resistant to most types of password-theft attacks that threatened its predecessors. On Wednesday, researchers disclosed several serious design flaws in WPA3 that shattered that myth and raised troubling new questions about the future of wireless security, particularly among low-cost Internet-of-things devices. While a big improvement over the earlier and notoriously weak Wired Equivalent Privacy and the WPA protocols, the current WPA2 version (in use since the mid 2000s) has suffered a crippling design flaw that has been known for more than a decade: the four-way handshake—a cryptographic process WPA2 uses to validate computers, phones, and tablets to an access point and vice versa—contains a hash of the network password. Anyone within range of a device connecting to the network can record this handshake. Short passwords or those that aren’t random are then trivial to crack in a matter of seconds. One of WPA3’s most promoted changes was its use of “Dragonfly,” a completely overhauled handshake that its architects once said was resistant to the types of password guessing attacks that threatened WPA2 users. Known in Wi-Fi parlance as the Simultaneous Authentication of Equals handshake, or just SAE for short, Dragonfly augments the four-way handshake with a Pairwise Master Key that has much more entropy than network passwords. SAE also provides a feature known as forward secrecy that protects past sessions against future password compromises." Designated: CVE-2019-13377 and CVE-2019-13456
  15. With warshipping, hackers ship their exploits directly to their target’s mail room "Why break into a company’s network when you can just walk right in — literally? Gone could be the days of having to find a zero-day vulnerability in a target’s website, or having to scramble for breached usernames and passwords to break through a company’s login pages. And certainly there will be no need to park outside a building and brute-force the Wi-Fi network password. Just drop your exploit in the mail and let your friendly postal worker deliver it to your target’s door. This newly named technique — dubbed “warshipping” — is not a new concept. Just think of the traditional Trojan horse rolling into the city of Troy, or when hackers drove up to TJX stores and stole customer data by breaking into the store’s Wi-Fi network. But security researchers at IBM’s X-Force Red say it’s a novel and effective way for an attacker to gain an initial foothold on a target’s network. “It uses disposable, low cost and low power computers to remotely perform close-proximity attacks, regardless of the cyber criminal’s location,” wrote Charles Henderson, who heads up the IBM offensive operations unit." Reference: warshipping
  16. GermanWiper Ransomware Erases Data, Still Asks for Ransom "Multiple German companies were off to a rough start last week when a phishing campaign pushing a data-wiping malware targeted them and asked for a ransom. This wiper is being named GermanWiper due to its targeting of German victims and it being a destructive wiper rather than a ransomware. The malware was first reported on the BleepingComputer forum on Tuesday, July 30 and users soon learned after examining their files that it is a data wiper, despite it demanding a ransom payment. No data recovery After compromising a computer and deleting files, GermanWiper leaves a ransom note indicating that the data was encrypted and would not be decrypted unless BTC 0.15038835 is transferred to a listed bitcoin address. Even if a victim pays the ransom, the money is wasted because the malware does not encrypt the data but overwrites it with zeroes and ones, destroying it, according to security researcher Michael Gillespie. The first sample seen by security researchers was built on Monday, July 29. The ID Ransomware service started to receive submissions the same day, a little after 10 AM CEST, MalwareHunterTeam told BleepingComputer. The end of the work week (Friday, August 2) saw the highest number of ID Ransomware submissions for GermanWiper indicating that the campaign had hit plenty of targets. After that day, the number dwindled to less than 20."
  17. Its a good read for all of us to understand about email "Headers" and using them to corroborate received email. Xiexie ni
  18. Please note that I am not a member of Staff. They are Malwarebytes' employees. I am not an employee. I'm just a Forum Member like you but I am in the Forum's Experts group.
  19. What you have demonstrated is you received a Microsoft FakeAlert and you ALLOWED a fraudster access to your computer. That was a mistake. First I suggest going to the Credit Card company and putting into Dispute any/all charges stemming from the fraud based incident. You may want that Credit Card canceled and a new card issued as well. Then I suggest having your PC checked out. Just to make sure there is nothing lingering. Please read; I'm infected - What do I do now? and then create a post in; Windows Malware Removal Help & Support requesting to have your PC checked out after falling for a Tech Support scam initiated by a Microsoft FakeAlert. - - - - I have created a 1series of videos generated from these kinds of fraud sites for the purposes of recognition and education. They are all videos from real web sites. ALL are FRAUDS. All these have one thing in common and they have nothing to do with any software on your PC. They are all nefarious web sites meant to defraud you of money. The objective is to, falsely, goad you to make the phone call and pay for some service contract for an incident that never happened. From there they may continue to charge your Credit Card for other services, remote into your computer and do real damage and/or exfiltrate your personal data and they may use the information they obtain from you to commit additional frauds. MalwareScam.wmv MalwareScam-1.wmv MalwareScam-2.wmv MalwareScam-3.wmv MalwareScam-4.wmv MalwareScam-5.wmv MalwareScam-6.wmv I have also created a PDF ScreenShow of a myriad of FakeAlert screens - FakeAlert-Screens.pdf / Flash Version They are all a kind of malicious advertisement ( aka; malvertisement ). Using Task Manager and Killing the; Edge, IExplorer, Chrome, Firefox, etc, processes is very effective once you are affected by these FakeAlerts. Right now, to block it means Malwarebytes needs to know the URL to block. If you can provide the URL it can be added to the list for Malwarebytes sites to block. Submissions of suspect and malicious URLs can be performed in; Newest IP or URL Threats after reading; READ ME: Purpose of this forum Malwarebytes is creating Beta versions of Browser Add-Ins for Chrome and Firefox to deal with FakeAlerts and other frauds. But as noted, they are still Beta versions. Browser Add-On references: Malwarebytes Browser Extension for Chrome (Beta) Malwarebytes Browser Extension for Firefox (beta) Reference: US FBI PSA - Tech Support Fraud US FTC Consumer Information - Tech Support Scams US FTC - Tech Support Operators Agree to Settle Charges by FTC and the State of Ohio US FTC - FTC and Federal, State and International Partners Announce Major Crackdown on Tech Support Scams Malwarebytes' Blog - Search on - "tech support scams" Malwarebytes' Blog - "Tech support scams: help and resource page" 1. Also located at "My Online Security" - Some videos of typical tech support scams
  20. Just install Windows Updates until there are no more Security updates to be installed.
  21. Yes. Please note that the Malware Removal Help section of the Forum is for those whose systems are actually infected or believe their systems are and requesting assistance to get their systems cleaned-up and not for general queries. Therefore I have requested Forum Admins. move this thread to; General Chat
  22. It was mitigated in a Microsoft June '16 Security Update. https://support.microsoft.com/en-us/help/3165191/ms16-077-security-update-for-wpad-june-14-2016 This is not really a home user risk and it is associated equally to WiFi as Ethernet. One should not worry about a particular risk but worry about all risks and must look at securing their platform from a holistic position. This begins with properly applying OS Security Updates as they are issued.
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.