Hacking & Security

The Shadow Brokers Mess Is What Happens When the NSA Hoards Zero-Days

LinuxSecurity.com - 22 Srpen, 2016 - 10:06
LinuxSecurity.com: When the NSA discovers a new method of hacking into a piece of software or hardware, it faces a dilemma. Report the security flaw it exploits to the product's manufacturer so it gets fixed, or keep that vulnerability secret-what's known in the security industry as a "zero day"-and use it to hack its targets, gathering valuable intelligence.
Kategorie: Hacking & Security

Does your WebCam Crash after Windows 10 Anniversary Update? Here’s How to Fix It

The Hacker News - 20 Srpen, 2016 - 18:16
If your webcam has stopped working after installing recently-released Microsoft's big Anniversary Update for Windows 10, you are not alone. With some significant changes to improve Windows experience, Windows 10 Anniversary Update includes the support for webcams that has rendered a number of different webcams inoperable, causing serious issues for not only consumers but also the enterprise.
Kategorie: Hacking & Security

Lidé podceňují zabezpečení. Každý dvanáctý Čech čelil v zahraničí útoku hackerů

Novinky.cz - bezpečnost - 20 Srpen, 2016 - 11:54
Útoky hackerů nejsou ničím výjimečným, a to ani v době dovolených. V zahraničí se s nimi setkal každý 12. Čech. Vyplývá to z průzkumu antivirové společnosti Kaspersky Lab, podle kterého celkem 15 procent Čechů přišlo někdy v zahraničí o peníze, 12 procent se setkalo s on-line podvodem a osmi procentům někdo zneužil jejich platební karty.
Kategorie: Hacking & Security

Leaked Exploits are Legit and Belong to NSA: Cisco, Fortinet and Snowden Docs Confirm

The Hacker News - 20 Srpen, 2016 - 11:30
Last week, a group calling itself "The Shadow Brokers" published what it said was a set of NSA "cyber weapons," including some working exploits for the Internet's most crucial network infrastructure, apparently stolen from the agency's Equation Group in 2013. Well, talking about the authenticity of those exploits, The Intercept published Friday a new set of documents from the Edward Snowden
Kategorie: Hacking & Security

How the NSA snooped on encrypted Internet traffic for a decade

Ars Technica - 19 Srpen, 2016 - 22:11

Enlarge (credit: NSA)

In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company's now-decommissioned line of PIX firewalls.

The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009. Even after Cisco stopped providing PIX bug fixes in July 2009, the company continued offering limited service and support for the product for an additional four years. Unless PIX customers took special precautions, virtually all of them were vulnerable to attacks that surreptitiously eavesdropped on their VPN traffic. Beyond allowing attackers to snoop on encrypted VPN traffic, the key extraction also makes it possible to gain full access to a vulnerable network by posing as a remote user.

BenignCertain's capabilities were tentatively revealed in this blog post from Thursday, and they were later confirmed to work on real-world PIX installations by three separate researchers. Before the confirmation came, Ars asked Cisco to investigate the exploit. The company declined, citing this policy for so-called end-of-life products. The exploit helps explain documents leaked by NSA contractor Edward Snowden and cited in a 2014 article that appeared in Der Spiegel. The article reported that the NSA had the ability to decrypt more than 1,000 VPN connections per hour.

Read 8 remaining paragraphs | Comments

Kategorie: Hacking & Security

New Brazilian Banking Trojan Uses Windows PowerShell Utility

Threatpost - 19 Srpen, 2016 - 19:00
A new sophisticated banking Trojan targeting Brazilians via a malicious .PIF file that changes browser proxy settings.
Kategorie: Hacking & Security

Multiple Vulnerabilities Identified in ‘Utterly Broken’ BHU Routers

Threatpost - 19 Srpen, 2016 - 18:57
Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything.
Kategorie: Hacking & Security

Twitter takes down 235K extremist accounts

Sophos Naked Security - 19 Srpen, 2016 - 18:44
Third parties say that Islamic State traffic on Twitter has plummeted by 45% over the past 2 years.

Man hacks Android app to get free beer

Sophos Naked Security - 19 Srpen, 2016 - 18:21
A Polish researcher found a loyalty awards app that could be tricked into clocking up loyalty bonuses over and over again...

Mainstream Technologies: česká firma pomáhá realizovat evropský navigační systém Galileo

Zive.cz - bezpečnost - 19 Srpen, 2016 - 16:50
** Společnost Mainstream Technologies vyrostla ze dvou lidí na dnešních padesát, čím si prošla? ** V Česku se daří nasazovat cloud ve firmách ** Jak probíhá práce na vesmírném projektu GNSS Galileo?
Kategorie: Hacking & Security

Threatpost News Wrap, August 19, 2016

Threatpost - 19 Srpen, 2016 - 15:00
Mike Mimoso and Chris Brook discuss the news of the week, including the Shadow Brokers debacle, the VeraCrypt audit, Pokemon ransomware, and a browser address bar vulnerability.
Kategorie: Hacking & Security

Nebezpečné triky počítačových pirátů

Novinky.cz - bezpečnost - 19 Srpen, 2016 - 13:35
Kyberzločinci se snaží neustále hledat nové cesty, jak se dostat lidem do PC. V posledních měsících jejich snahy stále častěji směřují také k chytrým telefonům. Často jim přitom nejde pouze o získání citlivých dat, důmyslné podvody jim vydělávají velké peníze.
Kategorie: Hacking & Security

Police chiefs: we need the right to decrypt your stuff

Sophos Naked Security - 19 Srpen, 2016 - 13:09
The maple leaf. Hockey. Tim Horton's donuts. Forced decryption?

Why people ignore security alerts up to 87% of the time

Sophos Naked Security - 19 Srpen, 2016 - 12:29
A study shows that timing is key: interrupt a user while they're doing something important, and you cause a bottleneck in their brain.

Warning — Bitcoin Users Could Be Targeted by State-Sponsored Hackers

The Hacker News - 19 Srpen, 2016 - 11:37
Another day, another bad news for Bitcoin users. A leading Bitcoin information site is warning users that an upcoming version of the Blockchain consolidation software and Bitcoin wallets could most likely be targeted by "state-sponsored attackers." Recently, one of the world's most popular cryptocurrency exchanges, Bitfinex, suffered a major hack that resulted in a loss of around $72 Million
Kategorie: Hacking & Security

Twitter jen za poslední rok smazal přes 300 tisíc účtů teroristů a dalších fanatiků

Zive.cz - bezpečnost - 19 Srpen, 2016 - 10:36
Moderní teroristé všeho druhu si jako nástroj PR oblíbili Twitter, kde se snaží publikovat zprávičky s populárními hashtagy, aby se o nich dozvědělo co nejvíce lidí. Není tedy divu, že zejména fanoušci tzv. Islámského státu dnem i nocí zakládají nové a nové profily… A služba je dnem i noci maže. A ...
Kategorie: Hacking & Security

Confirmed: hacking tool leak came from "omnipotent" NSA-tied group

LinuxSecurity.com - 19 Srpen, 2016 - 10:11
LinuxSecurity.com: The leak over the weekend of advanced hacking tools contains digital signatures that are almost identical to those in software used by the state-sponsored Equation Group, according to a just-published report from security firm Kaspersky Lab.
Kategorie: Hacking & Security

Wikileaks hosts hundreds of malware files in email dumps

LinuxSecurity.com - 19 Srpen, 2016 - 10:09
LinuxSecurity.com: Wikileaks is reportedly hosting over 300 malware samples among the website's cache of leaked emails. As reported by The Register, Bulgarian security researcher Dr Vesselin Bontchev claims that the malware, of which there are at least 300 files hosted, has been found within the recent email dump of communication from the Turkish party AKP.
Kategorie: Hacking & Security

Omegle, the Popular 'Chat with Strangers' Service Leaks Your Dirty Chats and Personal Info

The Hacker News - 19 Srpen, 2016 - 09:53
Ever since the creation of online chat rooms and then social networking, people have changed the way they interact with their friends and associates. However, when it comes to anonymous chatting services, you don't even know what kinds of individuals you are dealing with. Sharing identifiable information about yourself with them could put you at risk of becoming a victim of stalking,
Kategorie: Hacking & Security

Hackeři napadli i počítače amerických republikánů

Novinky.cz - bezpečnost - 19 Srpen, 2016 - 06:21
Hackeři napadli počítače americké Republikánské strany i pracovníků kampaně jejího kandidáta na prezidenta Donalda Trumpa. S odvoláním na zdroje z vyšetřování to ve čtvrtek napsala agentura Reuters. Už dříve americká média oznámila, že hackeři napadli i konkurenční Demokratickou stranu.
Kategorie: Hacking & Security
Syndikovat obsah