Hacking & Security

Experts Weigh-In Over FBI $1.3 Million iPhone Zero-Day Payout

Threatpost - 22 Duben, 2016 - 19:55
Was the Federal Bureau of Investigation justified in paying over $1.3 million for a hacking tool that opened the iPhone 5c of San Bernardino terrorist?
Kategorie: Hacking & Security

More than 1 million People now access Facebook Over Tor Network

The Hacker News - 22 Duben, 2016 - 19:32
In Brief Facebook has hit another Milestone: More than 1 MILLION people, or you can say privacy conscious, are accessing Facebook over TOR. Facebook proudly announced today that, this month, for the first time, the people connected to the anonymous version of Facebook that's accessible only through the TOR anonymity network exceeded 1 Million – an increase of almost 100% in the past ten
Kategorie: Hacking & Security

Curt Schilling fired by ESPN over offensive Facebook post

Sophos Naked Security - 22 Duben, 2016 - 18:26
Curt Schilling was fired by ESPN on Wednesday over a Facebook post mocking transgender people and the controversy over gender identity and public restrooms.

More than 1 million Facebook users use it in secret

Sophos Naked Security - 22 Duben, 2016 - 18:08
Over a million people accessed Facebook through the Tor network this month, the company says.

The Facebook hacker who caught a Facebook hacker…

Sophos Naked Security - 22 Duben, 2016 - 16:46
Facebook was the victim of both hacks, but is surprisingly relaxed about it.

Threatpost News Wrap, April 22, 2016

Threatpost - 22 Duben, 2016 - 16:21
Mike Mimoso and Chris Brook discuss the news of the week, including BlackBerry CEO's stance on lawful access principles, the FBI/Apple hearing, Viber adding end-to-end crypto, Teslacrypt, and more.
Kategorie: Hacking & Security

Sony PlayStation Network to Get Two-Factor Authentication

The Hacker News - 22 Duben, 2016 - 15:14
In Brief: Sony is finally bolstering the security of the PlayStation Network by adding Two-Factor Authentication to the servers — almost five years after a massive hack that exposed data of over 77 Million users. Sony confirmed to Polygon today that it is planning to introduce two-factor verification to its PlayStation Network widely soon after a Twitter user saw a reference to it in the
Kategorie: Hacking & Security

What’s New on SecurityIQ?

InfoSec Institute Resources - 22 Duben, 2016 - 14:00

Hello, SecurityIQ users!  As our dev team continues to enhance our cloud-based security awareness education platform, I thought you all would like to know about some of the changes and upgrades available to you on SecurityIQ. Here’s this week’s update: Phishing Reports Now Include “Avoided” – We now summarize and graph all the times when learners […]

The post What’s New on SecurityIQ? appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Kali Reporting Tools

InfoSec Institute Resources - 22 Duben, 2016 - 14:00

Penetration testing report is the key deliverable in any security assessment activity. In Penetration testing, the final deliverable is the report which shows the service provided, the methodology used, findings/results and the recommendation. Many penetration testers find the report making as a boring process because it takes a lot of time and effort. In this […]

The post Kali Reporting Tools appeared first on InfoSec Resources.

Kategorie: Hacking & Security

Viry terorizují počítače i mobily

Novinky.cz - bezpečnost - 22 Duben, 2016 - 13:59
S novými viry se v posledních týdnech doslova roztrhl pytel. Tyto škodlivé kódy se přitom již nezaměřují pouze na klasické počítače, stále častěji se je kyberzločinci snaží propašovat také do chytrých telefonů.
Kategorie: Hacking & Security

“Nuclear” exploit kit service cashes in on demand from cryptoransomware rings

Ars Technica - 22 Duben, 2016 - 13:30

The Web console for Nuclear, the customer-friendly malware-as-a-service platform. Some Nuclear infrastructure operating on DigitalOcean servers was recently disrupted. (credit: Check Point)

Security researchers at Cisco Talos and Check Point have published reports detailing the inner workings of Nuclear, an "exploit kit" Web service that deployed malware onto victims' computers through malicious websites. While a significant percentage of Nuclear's infrastructure has been recently disrupted, the exploit kit is still operating—and looks to be a major contributor to the current crypto-ransomware epidemic.

Introduced in 2010, Nuclear has been used to target millions of victims worldwide, giving attackers the ability to tailor their attacks to specific locations and computer configurations. Though not as widely used as the well-known Angler exploit kit, it has been responsible for dropping Locky and other crypto-ransomware onto more than 140,000 computers in more than 200 countries, according to statistics collected by Check Point (PDF). The Locky campaign appeared to be placing the greatest demand on the Nuclear pay-to-exploit service.

Much of Talos' data on Nuclear comes from tracking down the source of its traffic—a cluster of "10 to 15" IP addresses that were responsible for "practically all" of the exploit infrastructure. Those addresses were being hosted by a single cloud hosting provider—DigitalOcean. The hosting company's security team confirmed the findings to Talos and took down the servers—sharing what was on them with security researchers.

Read 12 remaining paragraphs | Comments

Kategorie: Hacking & Security

Anonymous launches OnionIRC – a school for hacktivists on the dark web

Sophos Naked Security - 22 Duben, 2016 - 13:01
Members of the hacker collective Anonymous have just launched a hidden service on the dark web for sharing technical skills in hacking and the use of anonymity software.

Spammers all geared up for Euro 2016!

Kaspersky Securelist - 22 Duben, 2016 - 12:59

Major football tournaments such as the World Cup and the European Championship, traditionally attract a lot of spammer activity. Euro 2016 will be held this summer in France, and it’s not only the fans and players who are getting ready but also Internet fraudsters. The latter have started sending out fake notifications about lottery wins dedicated to the upcoming tournament. Their emails often contain attachments adorned with graphic elements including official emblems, the Euro 2016 logo and those of its sponsors.

The contents of the attachments are the standard stuff: the lottery was held by an authorized organization, the recipient’s address was randomly selected from a large number of email addresses, and in order to claim your prize you have to reply to the email and provide some personal information. We have recorded cases where the same attachment was sent in messages with a different text, but the theme of the email is essentially the same. The fraudsters also use different email addresses and change those used in the body of the message and the attachment.

We have also come across advertising spam in different languages, for example in Dutch, asking recipients to buy a 2-euro commemorative coin issued specifically for Euro 2016.

We expect to see a growth in football-themed spam as the start date of Euro 2016 approaches. This type of fraudulent spam can be one of the most dangerous for users: the perpetrators are unlikely to limit their activity to fake lotteries, and will start spreading various emails offering the chance to win tickets to the games, as was the case before the World Cup in Brazil. The amount of spam targeting users in France, which is hosting the championship, may also increase.

Are you happy? Sad? Angry? Terrified? Microsoft knows…

Sophos Naked Security - 22 Duben, 2016 - 12:19
Our cloud-based face detection service flagged your mood. We don't quite know what it is, but something's bothering you.

FBI paid Hacker $1.3 Million to Unlock San Bernardino Shooter's iPhone

The Hacker News - 22 Duben, 2016 - 11:53
In Brief Guess how much the FBI has paid an unknown grey-hat hacker to break into San Bernardino Shooter's iPhone? FBI Director James Comey hinted during an interview that the FBI spent more than $1.3 Million for breaking into the iPhone of a suspected terrorist and found nothing useful on it. Apple's legal battle with the Federal Bureau of Investigation (FBI) ended following the bureau's
Kategorie: Hacking & Security

SpyEye Makers Get 24 Years in Prison

LinuxSecurity.com - 22 Duben, 2016 - 11:48
LinuxSecurity.com: Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Georgia today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims.
Kategorie: Hacking & Security

FBI Hints It Paid Hackers $1 Million to Get Into San Bernardino iPhone

LinuxSecurity.com - 22 Duben, 2016 - 11:43
LinuxSecurity.com: When the FBI dropped its case against Apple last month after announcing that it had purchased a hacking solution to get into the locked iPhone belonging to one of the alleged San Bernardino shooters, the bureau wouldn't say where it had bought the mysterious solution.
Kategorie: Hacking & Security

700 Million People Just Got Encryption That Congress Can't Touch

LinuxSecurity.com - 22 Duben, 2016 - 11:42
LinuxSecurity.com: Last month, WhatsApp, the hugely popular messaging service that Facebook owns, made end-to-end encryption the default for its 1 billion users. On Tuesday, Viber said it will do the same for the 700 million people who use it.
Kategorie: Hacking & Security

Odemčení zabijákova iPhonu stálo FBI přes 31 miliónů korun

Novinky.cz - bezpečnost - 22 Duben, 2016 - 11:22
Americký Federální úřad pro vyšetřování (FBI) zaplatil za odemčení iPhonu teroristy Syeda Farooka ze San Bernardina přes 1,3 miliónu dolarů, tedy v přepočtu přes 31 miliónů korun. Ve čtvrtek to podle agentury Reuters naznačil šéf FBI James Comey. Detaily o průniku však vyšetřovatelé stále tají.
Kategorie: Hacking & Security

Core Windows Utility Can Be Used to Bypass AppLocker

Threatpost - 22 Duben, 2016 - 02:38
A researcher has discovered that Windows’ Regsvr32 can be used to download and run JavaScript and VBScript remotely from the Internet, bypassing AppLocker’s whitelisting protections.
Kategorie: Hacking & Security
Syndikovat obsah