Hacking & Security

Yet more bad news for Flash as Google Chrome says goodbye (sort of)

Sophos Naked Security - 18 Květen, 2016 - 13:05
As HTML5 is set to become the default experience in Chrome, Adobe Flash takes another meaningful step towards well-earned extinction.

Scope of Gaping Android Security Hole Grows

Threatpost - 18 Květen, 2016 - 13:00
Security researchers at Skycure are upping the ante on a vulnerability that it says now leaves 95.4 percent of all Android devices vulnerable to an attack that hands over control of a phone or tablet to an attacker.
Kategorie: Hacking & Security

Developer of anonymous Tor software dodges FBI, leaves US

LinuxSecurity.com - 18 Květen, 2016 - 12:06
LinuxSecurity.com: The FBI's attempts to break into Tor are starting to manifest in strange ways. FBI agents are currently trying to subpoena one of Tor's core software developers to testify in a criminal hacking investigation, CNNMoney has learned.
Kategorie: Hacking & Security

It's trivially easy to identify you based on records of your calls and texts

LinuxSecurity.com - 18 Květen, 2016 - 11:57
LinuxSecurity.com: Contrary to the claims of America's top spies, the details of your phone calls and text messages-including when they took place and whom they involved-are no less revealing than the actual contents of those communications.
Kategorie: Hacking & Security

How to empty your bank's vault with a few clicks and lines of code

LinuxSecurity.com - 18 Květen, 2016 - 11:53
LinuxSecurity.com: A security researcher has demonstrated how he could have theoretically emptied an Indian bank's coffers with no more than a few clicks and lines of code.
Kategorie: Hacking & Security

Malware attacks on two banks have links with 2014 Sony Pictures hack

LinuxSecurity.com - 18 Květen, 2016 - 11:51
LinuxSecurity.com: Bangladesh Bank, a commercial bank in Vietnam and ... Sony Pictures are the unlikely bedfellows in a tale of cyber intrigue uncovered by security researchers at BAE Systems.
Kategorie: Hacking & Security

Hackeři zotročili milión počítačů. Vydělávali tak velké peníze

Novinky.cz - bezpečnost - 18 Květen, 2016 - 10:06
Skupině zatím neznámých hackerů se podařilo infikovat virem na milión počítačů z různých koutů světa. Přestože jejich majitelé o tom neměli ani tušení, s pomocí jejich PC pak vydělávali velké peníze. Upozornil na to server The Hacker News.
Kategorie: Hacking & Security

RunKeeper acknowledges location data leak to ad service, pushes updates

Ars Technica - 18 Květen, 2016 - 00:23

(credit: RunKeeper)

RunKeeper announced Tuesday that it had found a bug in its Android code that resulted in the leaking of users’ location data to an unnamed third-party advertising service. The blog post came four days after the Norwegian Consumer Council filed a complaint against the Boston company.

In the blog post, CEO Jason Jacobs wrote:

Like other Android apps, when the Runkeeper app is in the background, it can be awakened by the device when certain events occur (like when the device receives a Runkeeper push notification). When such events awakened the app, the bug inadvertently caused the app to send location data to the third-party service.

Today we are releasing a new version of our app that eliminates this bug and removes the third-party service involved. Although the bug affected only our Android app, we have decided to remove this service from our iOS product too out of an abundance of caution. The iOS release will be made available once approved by Apple.

We take our responsibility for the privacy of user data very seriously, and we are thankful to the Runkeeper user community for your continued trust and support.

In an e-mail sent to Ars, Jacobs declined further questions, noting the statement "will be our only comment at this time."

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

Google Set to Kill SSLv3 and RC4 in SMTP, Gmail in June

Threatpost - 17 Květen, 2016 - 23:02
Google announced this week that it will begin to disable SSLv3 and RC4 a month from now, on June 16.
Kategorie: Hacking & Security

At the cost of security everywhere, Google dorking is still a thing

Ars Technica - 17 Květen, 2016 - 22:24

(credit: anutkak43)

Some people never seem to learn. A recent investigation by security firm Compaas trawled Google Docs and Dropbox and found thousands of sensitive documents belonging to hospitals, schools, and corporations. In many cases, the spreadsheets caused the organizations to run afoul of consumer privacy laws.

"We found a couple hospitals that had breaches in HIPAA compliance," Compaas COO Doron David said. "There was patient information, what types of surgeries they had, social security numbers. Anything that you would think of that you would consider personal is the type of thing we've come across."

In most cases, the documents are uploaded by employees who don't understand the privacy implications of what they're doing. They simply know that Google Docs and similar services are a much easier way to exchange documents than official methods provided by their employer. In other cases, they use misconfigured third-party apps to swap documents with co-workers. The end result is documents that never should have been made public but can in fact be downloaded by anyone.

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

1 Million Computers Hacked for making big Money from Adsense

The Hacker News - 17 Květen, 2016 - 21:22
A group of cyber criminals has infected as much as 1 Million computers around the world over the past two years with a piece of malware that hijacks search results pages using a local proxy. Security researchers from Romania-based security firm Bitdefender revealed the presence of this massive click-fraud botnet, which the researchers named Million-Machine Campaign. For those unaware,
Kategorie: Hacking & Security

Hacker finds flaws that could let anyone steal $25 Billion from a Bank

The Hacker News - 17 Květen, 2016 - 19:47
A security researcher could have stolen as much as $25 Billion from one of the India's biggest banks ‒ Thanks to the bank's vulnerable mobile application. Late last year, security researcher Sathya Prakash discovered a number of critical vulnerabilities in the mobile banking application of an undisclosed bank that allowed him to steal money from any or all bank customers with the help of just
Kategorie: Hacking & Security

Anti-Phishing Tips

InfoSec Institute Resources - 17 Květen, 2016 - 19:28

Phishing scams are everywhere – in your inbox, your web browser, and even on your smartphone. Here are a few tips we hope will help prevent you from getting hooked. Recognizing a Phishing Email First and foremost, it’s important to know how to recognize an email that is actually a phishing scam. After all, as […]

The post Anti-Phishing Tips appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Apple’s big security update – but some iPad Pro users say they’ve been “bricked”

Sophos Naked Security - 17 Květen, 2016 - 19:25
Apple just pushed out a big tranche of updates, which should be good news, but some iPad Pro users are not happy at all!

Několik českých providerů má problém - jejich sítěmi se šíří vir Motherfucker

Zive.cz - bezpečnost - 17 Květen, 2016 - 19:16
Sítěmi několika tuzemských poskytovatelů internetu se šíří vir, který napadá Wi-Fi zařízení od Ubiquiti se systémem AirOS. Díky závažné bezpečností díře mohou útočníci do systému zařízení nahrát libovolný soubor a to i v případě, že je zařízení zaheslováno. Ochranou je především urychlený update ...
Kategorie: Hacking & Security

The Phishing Landscape

InfoSec Institute Resources - 17 Květen, 2016 - 19:03

Phishing Landscape Phishing Networks Phishing Chat Rooms Botnets Phishing Marketplace Ransomware Evolution of Phishing Attacks Adopting New Technologies Circumventing Anti-phishing Solutions Growing Sophistication of Phishing Messages

The post The Phishing Landscape appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Academics Make Theoretical Breakthrough in Random Number Generation

Threatpost - 17 Květen, 2016 - 18:25
Two University of Texas academics have made what some experts believe is a breakthrough in random number generation that could have longstanding implications for cryptography and computer security.
Kategorie: Hacking & Security

Banking Trojan Outwits Google Verify Apps Scanner

Threatpost - 17 Květen, 2016 - 17:38
A banking Trojan hiding in a casino app was removed from Google Play. The malware slipped past Google Verify Apps malware scanner and get into the marketplace.
Kategorie: Hacking & Security

Basic phone logs can reveal intimate details, study finds

Sophos Naked Security - 17 Květen, 2016 - 17:29
Using call and text logs, Stanford researchers gleaned names, partners' names, where people live, someone's plans to grow cannabis, and more.

Ukrainian Hacker Admits Stealing Corporate Press Releases for $30 Million Profit

The Hacker News - 17 Květen, 2016 - 17:24
A 28-year-old Ukrainian hacker has pleaded guilty in the United States to stealing unpublished news releases and using that non-public information in illegal trading to generate more than $30 Million (£20.8 Million) in illicit profits. Vadym Iermolovych, 28, admitted Monday that he worked with two other Ukrainian hackers to hack into computer networks at PR Newswire, Marketwired and Business
Kategorie: Hacking & Security
Syndikovat obsah