Hacking & Security

APTs Target Victims with Precision, Ephemeral Malvertising

Threatpost - 17 Říjen, 2014 - 19:33
A new precisely targeted and fleeting form of malvertising is being deployed by APT groups to target organizations in the U.S. defense industrial base.
Kategorie: Hacking & Security

Average person has 19 passwords - but 1 in 3 don’t make them strong enough

Sophos Naked Security - 17 Říjen, 2014 - 18:53
The vast majority of people are leaving themselves at risk of identity theft, fraud and extortion by not taking simple but necessary steps to protect themselves online, according to a new study.

Facebook Tool Mines Stolen Passwords, Notifies Affected Users

Threatpost - 17 Říjen, 2014 - 18:00
Facebook announced that it has developed a tool that combs through paste sites where stolen credentials are posted looking for Facebook passwords. Users are then notified and must do a password reset.
Kategorie: Hacking & Security

Report: Cybercrime costs US $12.7M a year

Ars Technica - 17 Říjen, 2014 - 17:05

Cyber attacks on large US companies result in an average of $12.7 million in annual damages, an increase of 9.7 percent from the previous year, according to the fifth Cost of Cybercrime report published by the Ponemon Institute on Wednesday.

The report, sponsored this year by Hewlett Packard’s Enterprise Security division, found that business disruption and information loss account for nearly three-quarters of the cost of cybercrime incidents. The study also confirmed that companies that make security a priority have lower costs associated with security incidents during the year. In particular, companies that use technology that helps flag potential intrusions into critical systems have lower costs, by an average of $2.6 million.

“Business disruption, information loss and the time it takes to detect a breach collectively represented the highest cost to organizations experiencing a breach,” Larry Ponemon, chairman and founder of the Ponemon Institute, said in a statement.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Facebook's new Safety Check lets you tell friends you're safe when disaster strikes

Sophos Naked Security - 17 Říjen, 2014 - 16:46
Facebook has graced its users with a new tool called Safety Check that lets people tell friends if they're OK when disaster strikes.

SAP Patches DoS Flaw in Netweaver

Threatpost - 17 Říjen, 2014 - 16:32
SAP has released a fix for a remotely exploitable denial-of-service in its Netweaver platform. The bug is confirmed to affect several versions of the platform and may be present in others, as well. Researchers at Core Security discovered the vulnerability and reported it to SAP in June. Netweaver is a platform that allows users to build and […]
Kategorie: Hacking & Security

Podvodný e-mail už někdy dostaly tři čtvrtiny Čechů

Novinky.cz - bezpečnost - 17 Říjen, 2014 - 16:09
E-mailovou zprávu od podvodníka již dostaly tři čtvrtiny Čechů. O svou on-line identitu nebo osobní data přišlo 13 procent uživatelů. Vyplývá to z průzkumu společnosti Intel. Podvodné e-maily nejčastěji adresáty vybízejí k uhrazení neexistujícího dluhu či k instalaci záškodnického programu, který by se snažil vytunelovat jejich bankovní účet. Podvodných zpráv přitom přibývá.
Kategorie: Hacking & Security

Wifite Walkthrough part 1

InfoSec Institute Resources - 17 Říjen, 2014 - 14:15

In this article series, we will look at a tool named Wifite suitable for automated auditing of wireless networks. Most of you who have experience in wireless pentesting would use tools like airmon-ng, aireplay-ng, airodump-ng, aircrack-ng to crack wireless networks. This would involve a sequence of steps, like capturing a [...]

The post Wifite Walkthrough part 1 appeared first on InfoSec Institute.

Kategorie: Hacking & Security

Is Lollipop The Most Secure Android Ever?

InfoSec Institute Resources - 17 Říjen, 2014 - 14:00

Android fans such as myself have been eagerly anticipating the upcoming new stable version of Android, 5.0 Lollipop. Android 5.0 was introduced with the codename “Android L” at the Google I/O convention in June 2014. At the time, we didn’t know if “Android L” was going to be 4.5 or [...]

The post Is Lollipop The Most Secure Android Ever? appeared first on InfoSec Institute.

Kategorie: Hacking & Security

SSCC 169 - Mirror, mirror, on the wall, what's the biggest breach of all? [PODCAST]

Sophos Naked Security - 17 Říjen, 2014 - 13:35
It's Chet Chat time! Here's this week's episode of our news-you-can-use security podcast...

Reflection DDoS Attacks Using Millions of UPnP Devices on the Rise

The Hacker News - 17 Říjen, 2014 - 12:47
After successful in launching reflection and amplification Distributed Denial-of-Service (DDoS) attacks by abusing various protocols such as DNS, NTP and SMTP, hackers are now abusing Simple Service Discovery Protocol (SSDP) – part of the UPnP protocol standard – to target home and office devices, researchers warned. SSDP is a network protocol based on the Internet Protocol Suite that
Kategorie: Hacking & Security

'The Snappening’: stolen Snapchat photos site defaced, details of site owner published

Sophos Naked Security - 17 Říjen, 2014 - 12:22
Owner of TheSnappening.org photo site, Mudit Grover, took the stolen Snapchat images and the site down. But within hours, attackers identifying themselves as "Team Danny" allegedly took over the domain and published Grover's personal details.

Hacking Smart Electricity Meters To Cut Power Bills

The Hacker News - 17 Říjen, 2014 - 11:08
Smart devices are growing at an exponential pace with the increase in connecting devices embedded in cars, retail systems, refrigerators, televisions and countless other things people use in their everyday life, but security and privacy are the key issues for such applications, which still face some enormous number of challenges. Millions of Network-connected electricity meters or Smart
Kategorie: Hacking & Security

CAINE Linux Distribution Helps Investigators With Forensic Analysis

LinuxSecurity.com - 17 Říjen, 2014 - 11:06
LinuxSecurity.com: There is no shortage of Linux distributions to serve specific markets and use cases. In the security market, a number of Linux distributions are widely used, including Kali Linux, which is popular with security penetration testers. There's also CAINE Linux, which is focused on another area of security. CAINE, an acronym for Computer Aided INvestigative Environment, is a Linux distribution for forensic investigators.
Kategorie: Hacking & Security

The Hacker Wars Hits NYC

LinuxSecurity.com - 17 Říjen, 2014 - 11:04
LinuxSecurity.com: Hackers are big news! On October 2, a New York Times headline trumpeted: "JP Morgan Chase Hacking Affects 76 Million Households." Recently retailers like Home Depot and Target were hit as well -- data banks reportedly hacked, personal information potentially compromised.
Kategorie: Hacking & Security

The Hacktivist as Angry Young Man

LinuxSecurity.com - 17 Říjen, 2014 - 11:01
LinuxSecurity.com: Making no pretense of balance or objectivity, Vivien Lesnik Weisman's excitable documentary "The Hacker Wars" is a forceful indictment of the United States government's surveillance and prosecution of computer hackers and journalists.
Kategorie: Hacking & Security

Whisper CTO says tracking “anonymous” users not a big deal, really

Ars Technica - 17 Říjen, 2014 - 07:40

On Thursday, the Guardian reported that the developers of Whisper, a social media platform that allows individuals to post anonymous messages that can be seen by others based on a number of factors, isn’t all that anonymous after all. Whisper, which is advertised as “the safest place on the Internet,” tracks geolocation data of posters and uses their location data for a number of purposes—including censorship and reporting of posts from military bases to the Department of Defense. Whisper’s chief technology officer took to YCombinator’s Hacker News to defend the company against the report, but his explanation was torn apart by security and privacy experts in the discussion that followed.

Much like its competitor Secret, Whisper allows individuals to post anonymous messages overlaid on images or photos to share with others for comment. The application uses geolocation data to determine where the poster is and who should be able to see its contents.  It has become popular with a number of communities, including members of the military.

The Guardian was exploring a potential editorial relationship with Whisper, and staff from the news organization spent three days at Whisper’s offices in Los Angeles. While there, the Guardian team witnessed Whisper employees using an in-house geolocation tool to track posts made from various locations and found that the company is tracking specific Whisper users believed to be “potentially newsworthy,” including members of the military, government employees, and employees of companies such as Disney and Yahoo. The company also shares information about posters and their locations with the Defense Department, FBI, and the UK’s MI5, the Guardian’s Paul Lewis and Dominic Rushe reported.

Read 8 remaining paragraphs | Comments

Kategorie: Hacking & Security

FBI director to citizens: Let us spy on you

Ars Technica - 17 Říjen, 2014 - 00:30

The expanding options for communicating over the Internet and the increasing adoption of encryption technologies could leave law enforcement agents “in the dark” and unable to collect evidence against criminals, the Director of the FBI said in a speech on Thursday.

In a post-Snowden plea for a policy more permissive of spying, FBI Director James B. Comey raised the specters of child predators, violent criminals, and crafty terrorists to argue that companies should build surveillance capabilities into the design of their products and allow lawful interception of communications. In his speech given at the Brookings Institute in Washington DC, Comey listed four cases where having access to a mobile phone or laptop proved crucial to an investigation and another case where such access was critical to exonerating wrongly accused teens.

All of that will go away, or at least become much harder, if the current trend continues, he argued.

Read 15 remaining paragraphs | Comments

Kategorie: Hacking & Security

Novinky z konference Black Hat

CSIRT.cz - 16 Říjen, 2014 - 21:47

Na dnešním prvním dni konference Black Hat informoval profesor Adi Shamir o svém výzkumu přenosu dat z a do systémů oddělených od Internetu. Během přednášky objasnil, jakým způsobem může malware využít multifunkční tiskárny k přenosu dat. Se svými spolupracovníky také takovýto přenos dat pomocí laseru a skeneru multifunkční tiskárny vyzkoušel.

Kategorie: Hacking & Security

Jak ovládnout jakýkoliv uživatelský účet služby Addthis

CSIRT.cz - 16 Říjen, 2014 - 21:40

Bezpečnostní expert Federico Fazzi odhalil závažnou zranitelnost ve službě Addthis.com, která umožňuje útočníkům převzít kontrolu nad libovolným účtem.

Kategorie: Hacking & Security
Syndikovat obsah