Hacking & Security

154 million voter records exposed, including gun ownership, Facebook profiles and more

Sophos Naked Security - 23 Červen, 2016 - 19:22
Intimate details also include address, age, position on gay marriage, ethnicity, email addresses and whether a voter is "pro-life."

Has the Lizard Squad returned to ruin your day again?

Sophos Naked Security - 23 Červen, 2016 - 18:27
Lizard Squad is back, ruining your favourite games, for your own good

Mobile Advertising Firm Found Tracking Users To Pay $950K

Threatpost - 23 Červen, 2016 - 18:06
A mobile advertising company that settled charges with the Federal Trade Commission this week will pay nearly $1M after it was determined the company tracked customers – including children – without their consent.
Kategorie: Hacking & Security

iOS 10 beta still encrypts user data, but not the kernel

Ars Technica - 23 Červen, 2016 - 17:14

The iOS 10 developer betas come with an unencrypted kernel. (credit: Andrew Cunningham)

Apple has made encryption and user privacy a pillar of the iOS platform in recent years, but earlier this week, security researchers made a curious discovery: as reported by the MIT Technology Review, the operating system kernel in the iOS 10 betas released at WWDC last week is unencrypted. This makes it much easier to dig into the code and look for security flaws.

There was some speculation as to why Apple had done this or whether the company had even released an unencrypted kernel on purpose. After declining to comment initially, an Apple spokesperson confirmed to TechCrunch that the kernel had been left unencrypted on purpose but that user data continues to be encrypted as it normally is.

“The kernel cache doesn’t contain any user info, and by unencrypting it we’re able to optimize the operating system’s performance without compromising security,” the spokesperson said.

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

Carbonite Triggers Password Reset for 1.5M Customers After Reuse Attack

Threatpost - 23 Červen, 2016 - 17:08
Online backup firm Carbonite is forcing all of its 1.5 million users to change their passwords after reporting it was targeted in a password reuse attack.
Kategorie: Hacking & Security

Unpatched Remote Code Execution Flaw Exists in Swagger

Threatpost - 23 Červen, 2016 - 15:43
Researchers at Rapid7 found a vulnerability in the Swagger Code Generator that could execute arbitrary code embedded in a Swagger document.
Kategorie: Hacking & Security

WordPress Security Update Patches Two Dozen Flaws

Threatpost - 23 Červen, 2016 - 14:00
WordPress updated to version 4.5.3, a security release for all versions.
Kategorie: Hacking & Security

Key Management

InfoSec Institute Resources - 23 Červen, 2016 - 14:00

In this lab, we shall see how public/private key encryption system works. Public/Private key encryption is a method which is used when you have to share data between third parties in a secure fashion. This system requires every person to have a key pair (One which is private to them, and one which is a […]

The post Key Management appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Nebezpečný virus infikoval stovky tisíc mobilů a tabletů

Novinky.cz - bezpečnost - 23 Červen, 2016 - 13:22
Národní bezpečnostní tým CSIRT.CZ varoval před novým virem, který se zaměřuje výhradně na mobilní zařízení. V různých koutech světa zvládnul nakazit už několik stovek tisíc tabletů a chytrých telefonů. V nich přitom dokáže udělat poměrně velkou neplechu.
Kategorie: Hacking & Security

Let’s Encrypt Celebrates Big HTTPS Milestone

Threatpost - 23 Červen, 2016 - 13:00
Certificate authority Let’s Encrypt is celebrating a major milestone in the young nonprofit’s existence issuing its 5 millionth certificate this month.
Kategorie: Hacking & Security

Commercial drone industry gets new relaxed rules

Sophos Naked Security - 23 Červen, 2016 - 12:41
The US Federal Aviation Administration has just released its long-awaited rules for the commercial use of lightweight drones. And those rules are extremely drone friendly.

Over half of world's top domains weak against email spoofing

LinuxSecurity.com - 23 Červen, 2016 - 11:46
LinuxSecurity.com: Over half of the world's most popular online services have misconfigured servers which could place users at risk from spoof emails, researchers have warned.
Kategorie: Hacking & Security

Updating code can mean fewer security headaches

LinuxSecurity.com - 23 Červen, 2016 - 11:43
LinuxSecurity.com: Organizations with high rates of code deployments spend half as much time fixing security issues as organizations without such frequent code updates, according to a newly released study.
Kategorie: Hacking & Security

Carbonite online backup service bombarded with reused passwords

Sophos Naked Security - 23 Červen, 2016 - 11:12
The service calls it a "password reuse attack" and told users to reset passwords immediately - and make the new one unique!

Nový malware pro Androidy jménem Godless

CSIRT.cz - 23 Červen, 2016 - 09:49

Nově prozkoumaný vzorek malwaru pro smartphony nazvaný Godless („neznaboh“ či „bezbožník“) umí využít několik postupů k získání vyšších oprávnění.

Kategorie: Hacking & Security

BYOD Security Training for Physicians: The Whys, Whats, Hows and Whens

InfoSec Institute Resources - 23 Červen, 2016 - 03:48

Introduction Despite concerns over the use of personal devices in the healthcare industry, “bring your own device” (BYOD) is becoming “business as usual.” Numerous studies and surveys demonstrate that physicians, as well as others working in the healthcare industry, routinely use their personal mobile devices for business. In many respects, it’s a good thing. Time-crunched […]

The post BYOD Security Training for Physicians: The Whys, Whats, Hows and Whens appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Rise of Darknet Stokes Fear of The Insider

Krebs on Security - 22 Červen, 2016 - 22:49

With the proliferation of shadowy black markets on the so-called “darknet” — hidden crime bazaars that can only be accessed through special software that obscures one’s true location online — it has never been easier for disgruntled employees to harm their current or former employer. At least, this is the fear driving a growing stable of companies seeking technical solutions to detect would-be insiders.

Avivah Litan, a fraud analyst with Gartner Inc., says she’s been inundated recently with calls from organizations asking what they can do to counter the following scenario: A disaffected or disgruntled employee creates a persona on a darknet market and offers to sell his company’s intellectual property or access to his employer’s network.

A darknet forum discussion generated by a claimed insider at music retailer Guitar Center.

Litan said a year ago she might have received one such inquiry a month; now Litan says she’s getting multiple calls a week, often from companies that are in a panic.

“I’m getting calls from lots of big companies, including manufacturers, banks, pharmaceutical firms and retailers,” she said. “A year ago, no one wanted to say whether they had or were seriously worried about insiders, but that’s changing.”

Insiders don’t have to be smart or sophisticated to be dangerous, as this darknet forum discussion thread illustrates.

Some companies with tremendous investments in intellectual property — particularly pharmaceutical and healthcare firms — are working with law enforcement or paying security firms to monitor and track actors on the darknet that promise access to specific data or organizations, Litan said.

“One pharma guy I talked to recently said he meets with [federal agents] once a week to see if his employees are active on the darknet,” she said. “Turns out there are a lot of disgruntled employees who want to harm their employers. Before, it wasn’t always clear how to go about doing that, but now they just need to create a free account on some darknet site.”

Statistics and figures only go so far in illustrating the size of the problem. A Sept. 2015 report from Intel found that internal actors were responsible for 43 percent of data loss — but only about half of that was intended to harm the employer.

Likewise, the 2016 Data Breach Investigation Report (DBIR), an annual survey of data breaches from Verizon Enterprise, found insiders and/or the misuse of employee privileges were present in a majority of incident. Yet it also concluded that much of this was not malicious but instead appeared related to employees mailing sensitive information or loading it to a file-sharing service online.

Perhaps one reason insiders are so feared is that the malicious ones very often can operate for years undetected, doing major damage to employers in the process. Indeed, Verizon’s DBIR found that insider breaches usually take months or years to discover.

Noam Jolles, a senior intelligence expert at Diskin Advanced Technologies, studies darknet communities. I interviewed her last year in “Bidding for Breaches,” a story about a secretive darknet forum called Enigma where members could be hired to launch targeted phishing attacks at companies. Some Enigma members routinely solicited bids regarding names of people at targeted corporations that could serve as insiders, as well as lists of people who might be susceptible to being recruited or extorted.

Jolles said the proliferation of darkweb communities like Enigma has lowered the barriers to entry for insiders, and provided even the least sophisticated would-be insiders with ample opportunities to betray their employer’s trust.

“I’m not sure everyone is aware of how simple and practical this phenomena looks from adversary eyes and how far it is from the notion of an insider as a sophisticated disgruntled employee,” Jolles said. “The damage from the insider is not necessarily due to his position, but rather to the sophistication of the threat actors that put their hands on him.”

Who is the typical insider? According to Verizon’s DBIR, almost one third of insiders at breaches in 2015 were found to be end users who had access to sensitive data as a requirement to do their jobs.

“Only a small percentage (14%) are in leadership roles (executive or other management), or in roles with elevated access privilege jobs such as system administrators or developers (14%),” Verizon wrote, noting that insiders were most commonly found in administrative, healthcare and public sector jobs. “The moral of this story is to worry less about job titles and more about the level of access that every Joe or Jane has (and your ability to monitor them). At the end of the day, keep up a healthy level of suspicion toward all employees.”

If tech industry analysts like Litan are getting pinged left and right about the insider threat these days, it might have something to do with how easy it is to find company proprietary information or access on offer in darknet forums — many of which allow virtually anyone to register and join.

A darknet forum discussion about possible insiders at Vodafone.

The other reason may be that there are a lot more companies looking for this information and actively notifying affected organizations. These notifications invariably become sales pitches for “dark web monitoring” or “threat intelligence services,” and a lot of companies probably aren’t sure what to make of this still-nascent industry.

How can organizations better detect insiders before the damage is done? Gartner’s Litan emphasized continuous monitoring and screening for trusted insiders with high privileges. Beyond that, Litan says there are a wide range of data-driven insider threat technology solutions. On the one end of the spectrum are companies that conduct targeted keyword searches on behalf of clients on social media networks and darknet destinations. More serious and expensive offerings apply machine learning to internal human resources (HR) records, and work to discover and infiltrate online crime rings.

What’s Verizon’s answer to the insider threat? “Love your employees, bond at the company retreat, bring in bagels on Friday, but monitor the heck out of their authorized daily activity, especially ones with access to monetizable data (financial account information, personally identifiable information (PII), payment cards, medical records).”

Additional reading: Insider Threats Escalate and Thrive in the Dark Web.

Kategorie: Hacking & Security

Patched libarchive Vulnerabilities Have Big Reach

Threatpost - 22 Červen, 2016 - 22:27
Libarchive was patched against three memory-related vulnerabilities, putting pressure on admins to ensure third-party software that also uses the library is patched.
Kategorie: Hacking & Security

Nuclear, Angler Exploit Kit Activity Has Disappeared

Threatpost - 22 Červen, 2016 - 21:30
Researchers who study exploit kits are reporting that two major kits, Angler and Nuclear, may no longer be available.
Kategorie: Hacking & Security

Email Servers For More Than Half of World’s Top Sites Can Be Spoofed

Threatpost - 22 Červen, 2016 - 21:26
More than half of the world's top sites suffer from misconfigured email servers, something that heightens the risk of having spoofed emails sent from their domains, researchers warn.
Kategorie: Hacking & Security
Syndikovat obsah