Quoting SecurityWeek:
The holiday season is well underway and so is the shopping frenzy. In an effort to avoid the crowds and save time, many consumers are turning to online shopping. In fact, Adobes new, 2015 Holiday Shopping Report, finds that online shoppers will spend $83 billion dollars this year (up 11 percent from last year), an average of $305 each. That means more than 270 million shoppers will be making purchases online.
The Islamic State has released its own app for Android smartphones, which it uses to spread propaganda, including videos of beheadings and messages about terrorist attacks in various parts of the world.
The existence of the App was uncovered by the Ghost Security Group, a vigilante collective that aims to disrupt Isil’s online operations.
Rather than using the Google Play Store, which would allow Google to take it down, Isis is distributing installation links through encrypted Telegram App messages.
Although thousands of Twitter accounts have been taken down, and Telegram has banned dozens of Isil channels, the use of its own app would allow Isil to avoid such attempts to police and block its communications.
Kazakhtelecom JSC notifies on introduction of National security certificate from 1 January 2016
From 1 January 2016 pursuant to the Law of the Republic of Kazakhstan «On communication» Committee on Communication, Informatization and Information, Ministry for investments and development of the Republic of Kazakhstan introduces the national security certificate for Internet users.
According to the Law telecom operators are obliged to perform traffic pass with using protocols, that support coding using security certificate, except traffic, coded by means of cryptographic information protection on the territory of the Republic of Kazakhstan.
The national security certificate will secure protection of Kazakhstan users when using coded access protocols to foreign Internet resources.
By words of Nurlan Meirmanov, Managing director on innovations of Kazakhtelecom JSC, Internet users shall install national security certificate, which will be available through Kazakhtelecom JSC internet resources. «User shall enter the site telecom.kz and install this certificate following step by step installation instructions”- underlined N.Meirmanov.
Kazakhtelecom JSC pays special attention that installation of security certificate can be performed from each device of a subscriber, from which Internet access will be performed (mobile telephones and tabs on base of iOS/Android, PC and notebooks on base of Windows/MacOS).
Detailed instructions for installation of security certificate will be placed in December 2015 on site telecom.kz.
PR department
Kazakhtelecom JSC
30.11.2015
○ http://motherboard.vice.com/read/kazakhstan-announces-plan-to-spy-on-encrypte d-internet-traffic
Long story short, it may be long past the time to give it up…
http://rum.supply/2015/12/05/aol-desktop.html
AOL Desktop is “the all-in-one experience with mail, instant messaging, browsing, search, content, and dial-up connectivity”. It is the direct successor of the old Windows AOL clients from the 1990s.
Issues in AOL Desktop, version 9.8.1 and below, that have existed since 1993, can be exploited by an entity in a man-in-the-middle position to write files to disk and cause remote command execution.
FDO91 – “Form Definition Order” http://mazur-archives.s3.amazonaws.com/aol-files/fdo91/tutorial_faq.html
AOL: FDO stands for Form Definition Operator. AOL communicates using this programming language. For example, after clicking any icon or button in AOL, FDO code is sent by the AOL system and interpreted by your AOL to create a window. So, the FDO language is the language used to describe forms on the AOL client. This site has a focus on learning how to program in FDO and provides a surfeit of examples and tutorials for those who want to learn.
They use a compiled homegrown scripting language. No authentication is done on any packets sent, and the client will execute any FDO it is sent by the server.
Some FDO opcodes are interesting from an attacker’s perspective. The fm_* series of opcodes (the File Management protocol, 0x08xx), have existed since the very first version of AOL for Windows from 1993. This series of opcodes enables reading from and writing to disk.
The async_exec_app opcode (0x0d19) takes a string operand, and executes the command in that string. This opcode has existed since version 2.0 of AOL for Windows, from 1994.
9.8.1 and below. It is not known whether the betas of 9.8.2 are affected.
Uninstallation of this software will prevent exploitation of these issues. The researchers cannot sanction any mitigations except to remove this software definitively from any affected devices.
Saying “Dramatically Increased Connectivity” over and over is too laborious, thus: “DIC”
I am not saying that Windows 10 is necessarily a bad thing. But, If you don’t want it, it should not be forced on you.
In the wake of Windows 10 DIC, we’ve seen the creation of many freeware apps to assist users in managing Windows 10 DIC, because they feel rather strongly about not wanting to have any DIC… Regardless of what that DIC’s purpose and intentions may be.
Another large group of people has decided that rather than getting Windows 10 and then working to neuter the DIC, they would prefer to simply remain on Windows 7 or 8.1. This has spawned another class of freeware to prevent Microsoft from shoving Windows 10 down everyone’s throat. One such tool is that GWX Control Panel by Josh Mayfield
(GWX == Get Windows 10)
Since Windows 10’s release, and thanks to his GWX Control Panel and users, Josh has been monitoring Microsoft’s GWX behavior.
http://blog.ultimateoutsider.com/2015/08/using-gwx-stopper-to-permanently-remove.ht ml
Josh: “December 1, 2015: I’ve gotten some very interesting reports from people using the new Monitor Mode feature. Different PCs are seeing different Windows 10 settings get re-enabled for mysterious reasons. They’re not false alarms; these settings are really getting re-set by Windows (it’s not happening to everybody, just certain users/computers), and I’m doing research and testing to see what I can do to stop it once and for all. To those of you observing this strange behavior: Hang in there; the next version of the GWX Control Panel will have some features intended to help you regain control and better understand what’s happening on your PC.”
The Windows Update engine has been updated and the December 1st release says:
Sometime next year (2016), 
Microsoft will shift the Windows 10 upgrade
from the optional ‘nag’ to the “recommended” or “Important” update list. Which means, rather than seeing the “Upgrade to Windows 10” popup nag, you will see it in your “Recomended” or “Important” update list along with all of your other Windows Updates.
Updates on that list are automatically downloaded and installed on most PCs. If you have the “Auto Update” feature turned on, then you will very likely be automatically “Upgraded” to Windows 10.
The GWX Control Panel app can be downloaded from Mayfield’s website.
The App is free, but Mayfield does accept donations through PayPal. Gregg Keizer, who interviewed Josh quoted him, saying: I get a donation from about one in every thousand downloads.
Install your Windows updates folks!
Microsoft’s second Tuesday of the Month
Adobe updates FLASH to v20.0.0.235
Post from SAN Internet Storm Center:
Special Note: MS15-127 looks particularly “nasty”. A remote code execution vulnerability in Microsoft’s DNS server. Microsoft rates the exploitability as “2”, but doesn’t provide much detail as to the nature of the vulnerability other than the fact that it can be triggered by remote DNS requests, which is bad news in particular if you are using a Microsoft DNS server exposed to the public internet. In this case, I would certainly expedite this patch. This is the vulnerability to look out for this time around.
Overview of the December 2015 Microsoft patches and their status, color coded for you, here.
Great article on PUM removal!
“A PUM (for Potentially Unwanted Modification) is a sensitive modification made by a program which can be malware or legit, or even made by the user. Such detection is triggered depending on what is modified.”
Thanksgiving, Black Friday, Cyber Monday . . . the time is ripe for scam artists to target the unsuspecting shopper.
Shared from IDShield. Learn more about legal and identity protection here.
The “secret sisters” gift exchange is popping up on social media. You’ve probably seen friends looking for others to participate in the Secret Sister Gift Exchange in your news feed. Invitees are told to send a $10 gift to the next person on the list and invite 6 friends to join. This is a scam. Participating violates the Postal Lottery Statute.
According to Snopes.com, the messages first appeared on Facebook, Pinterest and other sites in early October. The posts explained every participant would receive 36 gifts if they sent one gift valued at $10 or more.
Not all debit & credit card issuers have sent new EMV chip cards to their customers yet. Knowing this, scammers are telling people that they must provide personal data or money to obtain a new card. This is not true.
Scammers send a fake e-mail that claims a package was sent by you or is to be delivered to you. The purpose: to try to collect personal data or download a virus. Delete it without responding.
Fraudulent websites are common. So, finding a fabulous offer from a website with which you are not familiar could be a red flag. Remember . . . “If it seems too good to be true, it probably is.”
Shared from IDShield. Learn more about legal and identity protection here.
If you are unfortunate enough to get hit by the Windows Power Worm Ransomware, do not pay the ransom. Not because they will decrypt your files if you do pay, but because they can’t decrypt your files!
As it turns out, Power Worm has a software bug! It was badly coded, and do to this bug, it locks your data away forever.
It infects Microsoft Word and Excel files, and the latest version of its update goes after many more files it finds on the machine.
If you get this worm just restore from your backup. You do have a backup, right?
Read more about Windows Power Worm Ransomware
here.
From a company that those of use in the IT security industry know well, Spybot Search and Destroy. This is for Windows 10 users concerned about the new monitoring features built into Windows 10, and of course we’ve heard that MS intends to port these features back to Windows 7 and 8.
Anyway, they have developed a new utility, Spybot Anti-Beacon. This is a standalone tool which was designed to block and stop the various tracking (telemetry) features (aka: issues) present in Windows 10. They have since modified it to block similar tracking functionality in the Windows 7, Windows 8 and Windows 8.1 operating systems. I interested, you can check it out here…
Just Some 