Jump to content

David H. Lipman

Experts
  • Content Count

    16,009
  • Joined

  • Days Won

    1

Everything posted by David H. Lipman

  1. I think you are coming to faux conclusions from a lack of understanding of the subject matter.
  2. Verification is made by a query to an Online Certificate Status Protocol server ( OCSP ). Certificate Authorities (CA) do n't infect systems. There merely issue Root and Intermediate Certificates for purposes of publishing, encryption, non-repudiation and other security related systems that use a unique high-bit security certificate. Queries to an OCSP may contain such a request for a Certificate Revocation List (CRL).
  3. https://geminiadvisory.io/breached-wawa-payment-card-records-reach-dark-web/ Breached Wawa Payment Card Records Reach Dark Web "By Stas Alforov and Christopher Thomas Key Findings The Joker’s Stash marketplace, one of the largest and most notorious dark web marketplaces for buying stolen payment card data, began uploading records from its latest major breach on January 27. The breach was titled “BIGBADABOOM-III.” Gemini determined that the point of compromise for BIGBADABOOM-III is Wawa, an East Coast-based convenience store and gas station. The company first discovered the breach on December 10, 2019. Since the breach may have affected over 850 stores and potentially exposed 30 million sets of payment records, it ranks among the largest payment card breaches of 2019, and of all time. Major breaches of this type often have low demand in the dark web. This may be due to the breached merchant’s public statement or to security researchers’ quick identification of the point of compromise. However, JokerStash uses the media coverage of major breaches such as these to bolster their credibility as the most notorious vendor of compromised payment cards."
  4. zpr.io is a URL shortening site [ by Zapier Integrations ] and thus what may be blocked is the site being redirected.
  5. This sub-forum is for the submission of physical disk files that are targeted by Malwarebytes and are malicious or are perceived to be malicious. Phishing pages are web sites and are not disk files. The sites may be blocked by URL and/or IP address by the MBAM product or by evaluation by the Browser Guard product. It is not a discussion group on product detection or for the use of third party applications, web sites and/or utilities. Product detection discussions are performed in relative sub-forums such as; Malwarebytes for Windows Support Forum and Malwarebytes Browser Guard I have requested this thread be moved to; Malwarebytes for Windows Support Forum
  6. Put the information in Code Tags ( instead of a quote ) and that will prevent a possible URI to be parsed into a clickable link.
  7. Exactly and the sites' exploit that fact and the lack of knowledge, by the public at-large, of the consequences of this "this action" will cause "this kind" of result.
  8. Push Notifications are highly abused. Many unscrupulous sites use social engineering to goad one to Allow the notifications that become persistent and many are malicious such as FakeAlerts. Most are nothing more than an Advertisement and Malvertisement vehicle,
  9. The Forum Administrator removed the malicious document that was the "source" of the client's infection that affected that NAS. RE: Probable DOC macro downloader
  10. The way to recover the data files, is to restore them from your last backup. You stated... " I'm including the INFECTED file here " Are you stating that this DOC was your legitimate file and it was altered to be malicious in the above referenced process ?
  11. You posted a graphic of a Virus Total Report and not the URL of a Virus Total Report and thus it is insufficient information to evaluate but ad hoc, and assuming it is a Malwarebytes' digitally signed installer, that is a False Positive by Jiangmin. I submitted the Online Installer and I got the above results. https://www.virustotal.com/gui/file/b9dc6dafb81bcc3edf2c89f9b8d72d3060964ee32e173d59d60ebf559fec7a82/detection This is the Malwarebytes' digitally signed installer, and that is a False Positive declaration by Jiangmin. Besides being a Digitally Signed binary by Malwarebytes, from the Virus Total Report, First Submission 2019-10-24 . When any file has been known to Virus Total for that long and you have one, two, three or so hits, they can be construed as False Positives. If any malware is submitted to Virus Total, the number of vendor hits dramatically increase over time.
  12. You may want to consider buying your own Router ( no rental fee ) so you have full control. It is just a matter of choosing an approved, supported, Router and contacting Comcast and providing them the new device's Cable MAC ( aka CMAC ) address for MAC Approved access to their network. https://www.xfinity.com/support/articles/list-of-approved-cable-modems
  13. Sextortion Email Scammers Try New Tactics to Bypass Spam Filters "extortion scammers have started to utilize new tactics to bypass spam filters and secure email gateways so that their scam emails are delivered to their intended recipients. Sextortion scams are emails that pretend to be from an attacker who has hacked your PC and installed malware that can monitor what sites you visit and create videos using your webcam. These emails go on to state that they have created a video of you while watching adult web sites and will send the video to all of your contacts unless you pay an extortion demand. Sextortion scams have become so common that spam filters and secure mail gateways have been doing a good job at preventing them from being delivered to their recipients. Using new evasion tactics To bypass these filters, attackers have started to utilize new tactics such as sending sextortion emails in foreign languages and splitting bitcoin addresses into two parts. This is illustrated in a new sextortion email shared with BleepingComputer where the scammers are sending these emails to English speaking users but with the content written in Russian. As can be seen in the email below, the only text in English is the instructions to "Use google translator." Sextortion Email "
  14. You posted a Virus Total URL with one detection in ~6 weeks on a Microsoft digitally signed binary indicating it is a False Positive.
  15. No. Leave it alone. The objective is to not get infected. That will prevent the malicious use of the Command Interpreter.
  16. Y2K, the non-event, was 20 years ago !
  17. This looks like a False Positive by Antiy-AVL. First Submission 2019-11-12 If it was malware, in the time that has transpired, the detection rate would be much higher. This is bolstered by the fact it is a Microsoft digitally signed file.
  18. Really good music transcends all languages @MAM Example: PS:
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.