Skip to main content
To Customer Support To Customer Support

Welcome

News, Announcements, Tech Discussions

45072 Topics
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Water Cooler
Good Morning Thread - 2

For the original Good Morning Thread, please see here - Good Morning Thread Good morning/afternoon/evening Webrooters. It is finally cooling down here again now but there are no storms forecast tonight a shame really.

58061264
TripleHelix
Moderator
59 minutes ago
D
New Member
Dallen2020New Member
asked in Tech Talk
I keep receiving "WiFi Security cannot connect" when trying to log into Webroot.

I change my internet provider to Starlink would this contribute to the message? My bandwidth and speed is more than previous may provider. 

91
TripleHelix
Moderator
1 hour ago
TripleHelix
Moderator
TripleHelixModerator
posted in Water Cooler
Goodnight Thread - 2

The old thread (10 years) has run it’s course as you can’t post in there anymore so I started a new one! Thanks @Ssherjj    

1857386
TripleHelix
Moderator
15 hours ago
TylerM
Administrator
TylerMSr. Security Analyst & Community Manager
published in News & Announcements
Merry Christmas, Happy Holidays, and may your logs be peaceful this season!

Hey everyone, As the holiday lights twinkle and we reach the end of another year, I just wanted to drop in and wish you all a Merry Christmas and Happy Holidays!  A traditional yearend highlight is the OpenText Food Bank Campaign. This year, our donations and volunteering efforts across the company helped raise over $465,000 USD, which will provide 2.6 million meals to those in need around the world. A huge THANK YOU to everyone in our team who joined in and helped make a difference!  So here’s to a much-deserved break: kick back, enjoy some eggnog, and try not to have any emergency 3am calls of “Why is this alert showing up?!” Cheers to a joyful holiday season, and may 2024 bring zero vulnerabilities under the tree! Merry Christmas 🎄 and Happy Holidays 🎁!

315
Jasper_The_Rasper
Moderator
1 day ago
TylerM
Administrator
TylerMSr. Security Analyst & Community Manager
published in News & Announcements
Webroot by OpenText Earns “Product of the Year 2024” with Top Remediation TimesAward

We’re proud to announce that Webroot by OpenText has been awarded “Product of the Year 2024” in the Advanced In-The-Wild Malware Test by the AVLab Cybersecurity Foundation! Not only did we excel in detection and prevention, but we also secured the top spot in average remediation time, showcasing our speed and efficiency when it comes to neutralizing threats. Full Lineup of Awards Key Highlights from the Report:Near-Perfect Threat Neutralization: Out of 1,472 malware samples, Webroot successfully blocked 1,471—achieving an outstanding rate of nearly 100%. Proactive Blocking: Over 48% of threats were stopped before they could ever run, and 52% were neutralized immediately post-launch. This proactive defense ensures that both known and unknown threats fail to gain a foothold. #1 in Average Remediation Time: Among all solutions tested, Webroot needed an average of just 36 seconds (based on the top three test results) to automatically restore system integrity after a security incident. This

2014
TripleHelix
Moderator
2 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Microsoft December 2024 Security Updates (Patch Tuesday)

This release consists of the following 72 Microsoft CVEs:Tag CVE Base Score CVSS Vector Exploitability FAQs? Workarounds? Mitigations?System Center Operations Manager CVE-2024-43594Microsoft Office CVE-2024-43600Microsoft Edge (Chromium-based) CVE-2024-49041Microsoft Defender for Endpoint CVE-2024-49057Microsoft Office CVE-2024-49059Microsoft Office SharePoint CVE-2024-49062GitHub CVE-2024-49063Microsoft Office SharePoint CVE-2024-49064Microsoft Office Word CVE-2024-49065Microsoft Office SharePoint CVE-2024-49068Microsoft Office Excel CVE-2024-49069Microsoft Office SharePoint CVE-2024-49070Windows Task Scheduler CVE-2024-49072Windows Mobile Broadband CVE-2024-49073Windows Kernel-Mode Drivers CVE-2024-49074Windows Remote Desktop Services CVE-2024-49075Windows Virtualization-Based Security (VBS) Enclave CVE-2024-49076Windows Mobile Broadband CVE-2024-49077Windows Mobile Broadband CVE-2024-49078Microsoft Office Publisher CVE-2024-49079Windows IP Routing Management Snapin CVE-2024-49080Win

316
TripleHelix
Moderator
2 days ago
C
Administrator
ConnorMThreat Research Analyst
published in Security Industry News
Cyber News Rundown: Interlock ransomware targets Texas Tech UniversityNews

Back in September, the Texas Tech University Health Sciences Center (TTUHSC) fell victim to a ransomware attack, which exfiltrated the sensitive health and medical records for over 1.4 million individuals. The Interlock ransomware group has taken responsibility for this attack and claims to have stolen 2.6TB of data, some of which has already been published to their leak site. Alongside the data theft, several university systems were taken offline to decrease chances of additional damage, which has caused continued interruptions to both TTU campuses and the patient’s online portal. Clop ransomware exploits Cleo zero-day vulnerabilitiesThe threat actors behind the Clop ransomware group have recently claimed to have exploited two zero-day vulnerabilities in the Cleo file-transfer platforms to perform remote code execution and install an unauthorized backdoor in the system. While Cloe has pushed out updates for all vulnerable platforms to resolve the exploits, the backdoor was already use

213
TripleHelix
Moderator
2 days ago
TylerM
Administrator
TylerMSr. Security Analyst & Community Manager
published in News & Announcements
12-02 Webroot Service Degradation Incident Post MortemAlert

Starting at approximately 14:00 UTC on December 2, 2024, our team began receiving reports of severe performance degradation on customer devices. Upon investigation, we identified that the root cause stemmed from an inability for the Webroot agent to communicate with an essential backend service. This disconnect led to a substantial increase in traffic volume as agents repeatedly attempted to reach our cloud backend.To mitigate the situation, we rapidly scaled our backend server capacity, which restored timely feedback loops between the agent and our systems. By doing so, we stabilized overall performance and brought the service back to normal operations.In our post-incident analysis, we discovered that the excessive load correlated with the days immediately following holiday weekends. While minor spikes are not uncommon, the extended post-Thanksgiving weekend created a particularly large surge that exacerbated the performance degradation this time around.Moving forward, our agent and c

240
TylerM
Administrator
2 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Release notes for Microsoft Edge Security Updates December 19, 2024

December 19, 2024Microsoft has released the latest Microsoft Edge Stable Channel (Version 131.0.2903.112) And Extended Stable Channel (Version 130.0.2849.123) that incorporates the latest updates of the Chromium project. For more information, see the Security Update Guide https://learn.microsoft.com/en-us/DeployEdge/microsoft-edge-relnotes-security Make sure to re-add back in the Privacy Protection area after every update. Click on GIF to see full size!  

50
TripleHelix
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
BadBox malware botnet infects 192,000 Android devices despite disruption

December 19, 2024 By Bill Toulas The BadBox Android malware botnet has grown to over 192,000 infected devices worldwide despite a recent sinkhole operation that attempted to disrupt the operation in Germany.Researchers from BitSight warn that the malware appears to have expanded its targeting scope beyond no-name Chinese Android devices, now infecting more well-known and trusted brands like Yandex TVs and Hisense smartphones.The BadBox malware botnetBadBox is an Android malware thought to be based on the 'Triada' malware family, infecting devices made by obscure manufacturers either through supply chain attacks on their firmware, shady employees, or through injections taking place as they enter the product distribution phase.It was first discovered on a T95 Android TV box purchased from Amazon by Canadian security consultant Daniel Milisic in early 2023. Since then, the malware operation has expanded to other no-name products sold online. >>Full Article<<

30
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Ongoing phishing attack abuses Google Calendar to bypass spam filters

December 18, 2024 By Lawrence Abrams  An ongoing phishing scam is abusing Google Calendar invites and Google Drawings pages to steal credentials while bypassing spam filters.According to Check Point, which has been monitoring the phishing attack, the threat actors have targeted 300 brands with over 4,000 emails sent in four weeks.Check Point told BleepingComputer that the attacks targeted a broad range of companies, including educational institutions, healthcare services, building companies, and banks.The attack starts with the threat actors using Google Calendar to send meeting invites that look pretty innocuous, especially if you recognize some of the other guests. >>Full Article<<

20
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Fortinet Patches Critical FortiWLM Vulnerability

Fortinet has released patches for a critical-severity path traversal vulnerability in FortiWLM that was reported last year. December 19, 2024 By Ionut Arghire Fortinet on Wednesday announced patches for a critical-severity vulnerability in Wireless Manager (FortiWLM) that could be exploited for arbitrary code execution.An application suite for wireless device management, FortiWLM enables enterprises to monitor, operate, and administer wireless networks on Fortinet firewalls that are managed using FortiManager.The critical security defect, tracked as CVE-2023-34990 (CVSS score of 9.6), is described as a “relative path traversal” issue that could be exploited remotely, without authentication, to read sensitive files.The vulnerability impacts FortiWLM versions 8.6.0 through 8.6.5 and versions 8.5.0 through 8.5.4, and it could be exploited for code execution, a NIST advisory reads. FortiWLM versions 8.6.6 and 8.5.5 resolve the issue. >>Full Article<< 

10
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Cisco to Acquire Threat Detection Company SnapAttack

Cisco has announced its intention to acquire threat detection company SnapAttack to boost Splunk security product capabilities.  December 19, 2024 By Eduard Kovacs Cisco this week announced its intention to acquire threat detection and defense company SnapAttack to boost Splunk security product capabilities. Financial terms of the deal have not been disclosed.SnapAttack has created a platform that provides detection engineering, threat hunting, threat intelligence, and SIEM migration capabilities. “With Cisco’s acquisition of SnapAttack, security teams using Splunk security products will see even more innovation with accelerated delivery of capabilities that offer even more control, visibility and advanced management of all their security content, including the content they develop themselves,” said Mike Horn, SVP and GM for Splunk’s Security business.>>Full Article<<

30
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Mirai botnet targets SSR devices, Juniper Networks warns

December 19, 2024 By Pierluigi Paganini Juniper Networks warns that a Mirai botnet is targeting SSR devices with default passwords after unusual activity was reported on December 11, 2024.Juniper Networks is warning that a Mirai botnet is targeting Session Smart Router (SSR) products with default passwords.Multiple customers reported anomalous activity on their Session Smart Network (SSN) platforms on December 11, 2024. Threat actors initially compromised the devices, and then employed them in DDoS attacks.“On Wednesday, December 11, 2024, several customers reported suspicious behavior on their Session Smart Network (SSN) platforms. These systems have been infected with the Mirai malware and were subsequently used as a DDOS attack source to other devices accessible by their network.” read the report published by Juniper Networks. “The impacted systems were all using default passwords.” >>Full Article<<

20
Jasper_The_Rasper
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Android malware found on Amazon Appstore disguised as health app

December 19, 2024 By Bill Toulas A malicious Android spyware application named 'BMI CalculationVsn' was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background.The application was discovered by McAfee Labs researchers, who notified Amazon, leading to the application being removed from the store.However, those who installed the app must manually remove it and perform a full scan to eliminate any leftover traces.Android spyware on the Amazon storeThe Amazon Appstore is a third-party app store for Android devices that comes pre-installed on Amazon Fire tablets and Fire TV devices.It is also an alternative to Google Play for Android device owners who can't or don't want to use Google's platform, even offering exclusive Amazon Prime games and content. >>Full Article<<

20
Jasper_The_Rasper
Moderator
3 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Releases Eight Industrial Control Systems Advisories Release Date December 19, 2024

CISA released eight Industrial Control Systems (ICS) advisories on December 19, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS.ICSA-24-354-01 Hitachi Energy RTU500 series CMU ICSA-24-354-02 Hitachi Energy SDM600 ICSA-24-354-03 Delta Electronics DTM Soft ICSA-24-354-04 Siemens User Management Component ICSA-24-354-05 Tibbo AggreGate Network Manager ICSA-24-354-06 Schneider Electric Accutech Manager ICSA-24-354-07 Schneider Electric Modicon Controllers   ICSMA-24-354-01 Ossur Mobile Logic ApplicationCISA encourages users and administrators to review newly released ICS advisories for technical details and mitigations.This product is provided subject to this Notification and this Privacy & Use policy.Vendor Hitachi Energy Delta Electronics Siemens Tibbo Schneider Electrichttps://www.cisa.gov/news-events/alerts/2024/12/19/cisa-releases-eight-industrial-control-systems-advisories

40
TripleHelix
Moderator
3 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
DarkGate malware spread via Microsoft Teams, AnyDesk

December 18, 2024 By SC Staff (Adobe Stock)Threat actors have exploited Microsoft Teams and AnyDesk to facilitate DarkGate malware compromise as part of a new social engineering attack campaign, according to The Hacker News.Attacks involved impersonation of a user's client through a call on Microsoft Teams that successfully lured targets into downloading AnyDesk following the failed installation of the Microsoft Remote Support app, a report from Trend Micro revealed. Threat actors were then able to leverage remote access allowed by AnyDesk to distribute DarkGate, a credential-stealing malware, and other payloads. Such a development — which comes on the heels of the widespread attack campaign targeting YouTube creators with the Lumma Stealer and other phishing operations exploiting Google Accelerated Mobile Pages, Adobe InDesign, and other trusted platforms — should prompt immediate implementation of multi-factor authentication, approved remote access tool allow lists, and more stringen

172
Jasper_The_Rasper
Moderator
4 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Alert CISA Adds Four Known Exploited Vulnerabilities to Catalog Release Date December 18, 2024

CISA has added four new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.CVE-2018-14933·   NUUO NVRmini Devices OS Command Injection Vulnerability·  CVE-2022-23227·   NUUO NVRmini 2 Devices Missing Authentication Vulnerability·  CVE-2019-11001·  Reolink Multiple IP Cameras OS Command Injection Vulnerability·  CVE-2021-40407Reolink RLC-410W IP Camera OS Command Injection VulnerabilityThese types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise.Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited Vulnerabilities established the Known Exploited Vulnerabilities Catalog as a living list of known Common Vulnerabilities and Exposures (CVEs) that carry significant risk to the federal enterprise. BOD 22-01 requires Federal Civilian Executive Branch (FCEB) agencies to remediate identified vulnerabilities by the due date to pr

30
TripleHelix
Moderator
4 days ago
TripleHelix
Moderator
TripleHelixModerator
posted in Security Industry News
Google Chrome Stable Channel Update for Desktop Tuesday December 18, 2024

Wednesday, December 18, 2024The Stable channel has been updated to 131.0.6778.204/.205 for Windows, Mac and 131.0.6778.204 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. https://chromereleases.googleblog.com/2024/12/stable-channel-update-for-desktop_18.html Webroot users make sure to re-add back to Privacy Protection!  

30
TripleHelix
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
How to Lose a Fortune with Just One Bad Click

December 18, 2024 By Brian Krebs Image: Shutterstock, iHaMoo.Adam Griffin is still in disbelief over how quickly he was robbed of nearly $500,000 in cryptocurrencies. A scammer called using a real Google phone number to warn his Gmail account was being hacked, sent email security alerts directly from google.com, and ultimately seized control over the account by convincing him to click “yes” to a Google prompt on his mobile device.Griffin is a battalion chief firefighter in the Seattle area, and on May 6 he received a call from someone claiming they were from Google support saying his account was being accessed from Germany. A Google search on the phone number calling him — (650) 203-0000 — revealed it was an official number for Google Assistant, an AI-based service that can engage in two-way conversations.At the same time, he received an email that came from a google.com email address, warning his Google account was compromised. The message included a “Google Support Case ID number” an

30
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Microsoft won't let customers opt out of passkey push

 Enrolment invitations will continue until security improves December 18, 2024 By Thomas Claburn Microsoft last week lauded the success of its efforts to convince customers to use passkeys instead of passwords, without actually quantifying that success.The software megalith credits passkey adoption to its enrolment user experience, or UX, which owes its unspecified uptake to unavoidable passkey solicitations – sometimes referred to as "nudges.""We're implementing logic that determines how often to show a nudge so as not to overwhelm users, but we don't let them permanently opt out of passkey invitations," explained Sangeeta Ranjit, group product manager, and Scott Bingham, principal product manager, in a blog post.The corporation's onboarding strategy seems to suit its corporate address: One Microsoft Way. >>Full Article<<

20
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Home Tech Security US may ban world's most popular routers and modems - what that means for you

TP-Link products have been connected to several high-profile hacking incidents. (Also, they're made in China. December 18, 2024 By Artie Beaty Bloomberg/Getty ImagesThe US may soon ban the world's most popular router over national security fears.According to a report from the Wall Street Journal, Chinese-owned TP-Link is currently under investigation by the US Justice, Commerce, and Defense departments because of its link to several high-profile hacking incidents. The move comes as the US government is also considering a ban of Chinese-owned social media app TikTok over data security concerns.The brand makes up more than half the American market for routers, the WSJ said, largely due to its low prices. It's the most popular option on Amazon, it distributes its routers to more than 300 ISPs, and two of the top five spots on ZDNET's best Wi-Fi router list are TP-Link. In addition, the company's devices power many government systems. In short, this company's devices are very popular.  &gt

20
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Hacker Leaks Cisco Data

IntelBroker has leaked 2.9 Gb of data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total.  December 18, 2024 By Eduard Kovacs A hacker has leaked data stolen recently from a Cisco DevHub instance, but claims it’s only a fraction of the total amount of files that was taken.The notorious hacker IntelBroker announced in October that he and others had breached Cisco systems and obtained source code, certificates, credentials, confidential documents, encryption keys and other types of information. The hacker claimed to have obtained source code associated with several major companies. Cisco’s investigation showed that its systems had not been breached and that the data was actually obtained from a public-facing DevHub environment that serves as a resource center from where customers can obtain source code, scripts and other content.  >>Full Article<<

20
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
AI-generated malvertising “white pages” are fooling detection engines

 December 18, 2024 By Jérôme Segura This is no secret, online criminals are leveraging artificial intelligence (AI) and large language models (LLMs) in their malicious schemes. While AI tends to be abused to trick people (i.e. deepfakes) in order to gain something, sometimes, it is meant to defeat computer security programs.With AI, this process has just become easier and we are seeing more and more cases of fake content produced for deception purposes. In the criminal underground, web pages or sites that are meant to be decoys are sometimes called “white pages,” as opposed to the “black pages” (malicious landing pages).In this blog post, we take a look at a couple of examples where threat actors are buying Google Search ads and using AI to create white pages. The content is unique and sometimes funny if you are a real human, but unfortunately a computer analyzing the code would likely give it a green check. >>Full Article<<

30
Jasper_The_Rasper
Moderator
4 days ago
Jasper_The_Rasper
Moderator
Jasper_The_RasperModerator
posted in Security Industry News
Malicious Microsoft VSCode extensions target devs, crypto community

December 18, 2024 By Bill Toulas Malicious Visual Studio Code extensions were discovered on the VSCode marketplace that download heavily obfuscated PowerShell payloads to target developers and cryptocurrency projects in supply chain attacks.In a report by Reversing Labs, researchers say the malicious extensions first appeared in the VSCode marketplace in October."Throughout October 2024, the RL research team saw a new wave of malicious VSCode extensions containing  downloader functionality — all part of the same campaign," reads the Reversing Labs' report."The community was first notified of this campaign taking place in early October, and since then, the team has been steadfast in tracking it."An additional package targeting the crypto community and part of this campaign was found on NPM. >>Full Article<<

20
Jasper_The_Rasper
Moderator
4 days ago

Badges

Show all badges

Join the Conversation

Terms & Conditions