Hacking & Security

Anonymous journalist Barrett Brown sentenced to 63 months in jail

Sophos Naked Security - 23 Leden, 2015 - 16:22
Barrett Brown has been sentenced to 63 months in prison on charges related to the Stratfor hack.

How the Obamacare website healthcare.gov leaks private data

Sophos Naked Security - 23 Leden, 2015 - 15:57
HealthCare.gov, the US insurance exchange website that is a central component of Obamacare (the Affordable Care Act), is sending personal information on users to third parties including Facebook, Google, and web analytics companies.

Unpatched Apple Vulnerabilities Latest Google Project Zero Disclosures

Threatpost - 23 Leden, 2015 - 15:05
Three unpatched Apple OS X vulnerabilities were disclosed by Google's Project Zero research team. Project Zero discloses if a bug is not patched within 90 days of reporting it to the affected vendor.
Kategorie: Hacking & Security

The Likelihood of Cyber-Terrorism Today

InfoSec Institute Resources - 23 Leden, 2015 - 14:00

Introduction The virtual space has over time become something of real importance for business, politics, work, communities and communications. In becoming gradually more and more dependent and addicted to the Internet, individuals, companies, organizations and governments have raised (or are raising) awareness of being intimately vulnerable to attacks and threats [...]

The post The Likelihood of Cyber-Terrorism Today appeared first on InfoSec Institute.

Kategorie: Hacking & Security

Fake Facebook account case settled with DEA who admits no wrongdoing

Sophos Naked Security - 23 Leden, 2015 - 13:35
The Feds have agreed to pay $134,000 to settle a case over having taken a phony Facebook profile out to lure suspects. Nothing in the ruling prohibits future use of such deceptive tactics.

School rule-breakers to hand over Facebook and Twitter passwords

Sophos Naked Security - 23 Leden, 2015 - 12:52
US school students in the state of Illinois may be forced to give up their social media passwords if they're suspected of cyberbullying or of otherwise breaking school rules.

Silk Road 2.0 deputy arrested after 6-month attack on Tor

Sophos Naked Security - 23 Leden, 2015 - 12:27
Brian Richard Farrell, aka " DoctorClu", was arrested last week. A search warrant shows that the drug market's kingpins were unmasked after a 6-month assault on Tor.

Útvar proti kyberkriminalitě by měl fungovat od příštího roku

Novinky.cz - bezpečnost - 23 Leden, 2015 - 12:04
V Česku by měl od 1. ledna 2016 začít fungovat speciální útvar v boji proti kybernetické kriminalitě, kde budou zástupci policie a Národního bezpečnostního úřadu (NBÚ). Sídlit by měl v Národním centru kybernetické bezpečnosti. Uvedl to policejní prezident Tomáš Tuhý.
Kategorie: Hacking & Security

Google reveals 3 Apple OS X Zero-day Vulnerabilities

The Hacker News - 23 Leden, 2015 - 12:03
After exposing three critical zero-day vulnerabilities in Microsoft's Windows operating systems, Google's Project Zero vulnerability research program has revealed the existence of three more zero-day vulnerabilities, but this time, on Apple's OS X platform. The team has published three zero-day exploits for Apple’s OS X, with sufficient information for an experienced hacker to exploit the bugs in
Kategorie: Hacking & Security

Plané poplachy

Novinky.cz - bezpečnost - 23 Leden, 2015 - 12:00
Závažnost počítačových útoků roste. Firmy plýtvají své kapacity na řešení planých poplachů, což má za důsledek významné finanční dopady.
Kategorie: Hacking & Security

Adobe issues emergency fix for Flash zero-day

Sophos Naked Security - 23 Leden, 2015 - 11:26
Crooks are reportedly using a new Flash vulnerability called CVE-2015-0310. Adobe has a fix already, so grab it while it's hot!

Google Apps Flaw Allowed Hacker to Hijack Account and Disable Two-factor Authentication

The Hacker News - 23 Leden, 2015 - 10:04
A critical cross-site scripting (XSS) vulnerability in the Google Apps administrator console allowed cyber criminals to force a Google Apps admins to execute just about any request on the https://admin.google.com/ domain. The Google Apps admin console allows administrators to manage their organization’s account. Administrators can use the console to add new users, configure permissions,
Kategorie: Hacking & Security

Barrett Brown Sentenced to 5 Years in Prison just for 'Re-Sharing Link to Hacked Material'

The Hacker News - 23 Leden, 2015 - 08:58
Barrett Brown, a journalist formerly served as an unofficial spokesman for the hacktivist collective Anonymous, was sentenced Thursday to over five years in prison, after pleading guilty to federal charges of "transmitting a threat in interstate commerce," "for interfering with the execution of a search warrant," and to being "accessory after the fact in the unauthorized access to a protected
Kategorie: Hacking & Security

Flash má (zase) problém - vypněte jej, ať vás nenakazí

Zive.cz - bezpečnost - 23 Leden, 2015 - 07:32
Pro Adobe Flash nejsou bezpečnostní díry něčím neznámým, dvě nové jsou ale už zneužívány v útocích přes reklamní systémy. Nemusíte být tedy na stránce útočníka, stačí být na stránce, která pečlivě nehlídá, jaké inzeráty se na ní zobrazují. Aktuálně útočníci cílí na Internet Explorer a Firefox na ...
Kategorie: Hacking & Security

Google drops three OS X 0days on Apple

Ars Technica - 23 Leden, 2015 - 01:38

Don't look now, but Google's Project Zero vulnerability research program may have dropped more zero-day vulnerabilities—this time on Apple's OS X platform.

In the past two days, Project Zero has disclosed OS X vulnerabilities here, here, and here. At first glance, none of them appear to be highly critical, since all three appear to require the attacker to already have some access to a targeted machine. What's more, the first vulnerability, the one involving the "networkd 'effective_audit_token' XPC," may already have been mitigated in OS X Yosemite, but if so the Google advisory doesn't make this explicit and Apple doesn't publicly discuss security matters with reporters.

Still, the exploits could be combined with a separate attack to elevate lower-level privileges and gain control over vulnerable Macs. And since the disclosures contain proof-of-concept exploit code, they provide enough technical detail for experienced hackers to write malicious attacks that target the previously unknown vulnerabilities. The security flaws were privately reported to Apple on October 20, October 21, and October 23, 2014. All three advisories appear to have been published after the expiration of the 90-day grace period Project Zero gives developers before making reports public.

Read 1 remaining paragraphs | Comments

Kategorie: Hacking & Security

Internet attack could shut down US gas stations

Ars Technica - 23 Leden, 2015 - 00:15

A device used to monitor the gasoline levels at refueling stations across the United States—known as an automated tank gauge or ATG—could be remotely accessed by online attackers, manipulated to cause alerts, and even set to shut down the flow of fuel, according to research to be published on Thursday.

The security weakness—identified by Jack Chadowitz, a former process control engineer and founder of control-system monitoring service BostonBase—could theoretically affect the devices at many of the approximately 115,000 fueling stations in the United States, but only a small fraction of those systems—about 5,300—appear to be vulnerable to an Internet attack, according to security firm Rapid7, which conducted a scan for such devices on January 10. While automated tank gauges are typically accessed to monitor fuel inventories, so as to know when to order gasoline, attackers could also access the settings, Chadowitz said.

“One could change the calibration and make the tank report full or empty,” he told Ars. “If you report the tank is full, no one is going to order fuel.”

Read 10 remaining paragraphs | Comments

Kategorie: Hacking & Security

As 0days get meaner, Google defenses increasingly outpace Microsoft

Ars Technica - 22 Leden, 2015 - 21:30

It's the type of bug that could have visited a world of hurt on a sizable number of people using Google Apps to manage business e-mail and calendars. A cross-site scripting (XSS) flaw in https://admin.google.com/ made it possible for attackers to force Google Apps admins to execute just about any request on that subdomain. Forced actions included creating new users with "super admin" rights, removing two-factor authentication and other security controls from existing accounts and modifying domain settings so e-mail is redirected to addresses controlled by the attacker.

But instead of causing disaster for businesses using Google Apps or generating headlines of an alarming new zero-day vulnerability, the bug was privately reported to Google on September 1 and fixed 17 days later. In exchange for the report, Google paid application security engineer Brett Buerhaus $5,000.

The speed and lack of fuss contrasts sharply with vulnerability travails that have recently visited Microsoft. Twice this month, the software company has been shamed when Project Zero, the vulnerability research team sponsored by Google, has publicly reported unfixed bugs that threaten the security of Windows users.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Following Credential Leak, Microsoft Confirms Mojang Not Hacked

Threatpost - 22 Leden, 2015 - 20:35
Microsoft confirmed this week that despite 2000 Mojang user credentials leaking online, the gaming firm has not been hacked.
Kategorie: Hacking & Security

Yes, 123456 is the most common password, but here’s why that’s misleading

Ars Technica - 22 Leden, 2015 - 20:25

I recently worked with SplashData to compile its 2014 Worst Passwords List, and yes, 123456 tops the list. In the data set of 3.3 million passwords I used for SplashData, almost 20,000 of those were in fact 123456. But how often do you genuinely see people using that, or the second most common password, password, in real life? Are people still really that careless with their passwords?

While 123456 is absolutely the most common password, that statistic is a bit misleading. Although 0.6 percent of all users on my list used it, it’s important to remember that 99.4 percent of the users on my list didn’t. What is noteworthy here is that while the top passwords are still the top passwords, the number of people using those passwords has dramatically decreased. In 2011, my analysis showed that 8.5 percent had the passwords password or 123456, but this year that number has gone down to less than one percent. This is huge.

The fact is that the top passwords are always going to be the top passwords, it’s just that the percentage of users actually using those will—at least we hope—continually get smaller. This year, for example, a hacker using the top 10 password list would statistically be able to guess 16 out of 1,000 passwords.

Read 26 remaining paragraphs | Comments

Kategorie: Hacking & Security

Pozor na zranitelné verze témat pro WordPress - PageLines a Platform

CSIRT.cz - 22 Leden, 2015 - 19:52

Před třemi dny byly vydány nové verze témat pro WordPress - PageLines 1.4.6 a Platform 1.4.4; obsahují opravu velmi závažných zranitelností. Pokud některé z uvedených témat používáte na vašich stránkách, doporučuje se ihned záplatovat!

Kategorie: Hacking & Security
Syndikovat obsah