LinuxSecurity.com

Syndikovat obsah
The central voice for Linux and Open Source security news.
Aktualizace: 1 hodina 28 min zpět

OPEN SOURCE WON. SO, NOW WHAT?

6 Duben, 2018 - 11:46
LinuxSecurity.com: The government is now a little more open. This week, the White House released its first official federal source code policy, detailing a pilot program that requires government agencies to release 20 percent of any new code they commission as open source software, meaning the code will be available for anyone to examine, modify, and reuse in their own projects.
Kategorie: Hacking & Security

Email Fraud is a Top Business Risk for 2018

5 Duben, 2018 - 11:10
LinuxSecurity.com: Email fraud is a top risk for 2018, resulting in employee termination. More than 77% of businesses expect they will fall victim to email fraud in the next 12 months, and only 40% have full visability into email threats.
Kategorie: Hacking & Security

Iran 'the New China' as a Pervasive Nation-State Hacking Threat

5 Duben, 2018 - 11:04
LinuxSecurity.com: Of the four new advanced persistent threat (APT) groups christened by FireEye last year, three were out of Iran. Mandiant, the incident response services arm of FireEye, witnessed a major increase in nation-state hacking activity by Iranian attackers in 2017, especially on the cyber espionage side of things. Iranian groups now are maintaining and keeping a foothold in victim organizations for months and sometimes years, demonstrating their sophistication, according to Mandiant's newly published M Trends Report on its incident investigations in 2017.
Kategorie: Hacking & Security

White House Lags Far Behind on Email Security Benchmark

4 Duben, 2018 - 17:42
LinuxSecurity.com: More than 95 percent of White House email domains lack a security feature that prevents them from being used in massive phishing attacks, according to a Wednesday report from a cybersecurity industry group.
Kategorie: Hacking & Security

No, Panera Bread Doesn't Take Security Seriously

4 Duben, 2018 - 17:30
LinuxSecurity.com: In August 2017, I reported a vulnerability to Panera Bread that allowed the full name, home address, email address, food/dietary preferences, username, phone number, birthday and last four digits of a saved credit card to be accessed in bulk for any user that had ever signed up for an account. This includes my own personal data! Despite an explicit acknowledgement of the issue and a promise to fix it, Panera Bread sat on the vulnerability and, as far as I can tell, did nothing about it for eight months. When Brian Krebs publicly broke the news, other news outlets emphasized the usual "We take your security very seriously, security is a top priority for us" prepared statement from Panera Bread. Worse still, the vulnerability was not fixed at all - which means the company either misrepresented its actual security posture to the media to save face or was not competent enough to determine this fact for themselves. This post establishes a canonical timeline so subsequent reporting doesn't get confused.
Kategorie: Hacking & Security

Facebook Expands Bug Bounty Amid Spiraling Privacy Scandal

3 Duben, 2018 - 12:16
LinuxSecurity.com: Amid a data privacy scandal that has blown up worldwide, Facebook has decided to make a few changes to "review developers' actions for evidence of misuse, implement additional measures to protect data, and give people more control of their information."
Kategorie: Hacking & Security

Saks, Lord & Taylor Payment Card Breach Affects 5 Million

3 Duben, 2018 - 12:15
LinuxSecurity.com: Luxury department store behemoth Saks Fifth Avenue and sister stores Saks OFF 5TH and Lord & Taylor have become the latest retail victim of a data breach. The incident impacts 5 million payment cards that were used at stores in North America, from May 2017 to March 2018.
Kategorie: Hacking & Security

GoScanSSH Malware Avoids US Military, South Korea Targets

3 Duben, 2018 - 12:11
LinuxSecurity.com: A new strain of malware that targets vulnerable Linux-based systems is loose in the wild, with an interesting habit of avoiding government and military networks.
Kategorie: Hacking & Security

Report Shows Ransomware is the New Normal

2 Duben, 2018 - 20:21
LinuxSecurity.com: A new report says that ransomware attacks are the new normal for IT and for the most part, attacks are coming from criminals in the same country as the victim. There are many more numbers to chew on in the report, but the sheer enormity of the problem may be the most surprising result.
Kategorie: Hacking & Security

Football team pays $2.5 million to criminals in transfer fee scam

2 Duben, 2018 - 20:16
LinuxSecurity.com: Italian football team Lazio paid $2.5 million for Dutch player Stefan de Vrij to the wrong bank account, after being convinced to switch account numbers by an email scammer. Business email compromise is becoming increasingly common. In addition to sending out phishing emails from compromised accounts, crooks can view email history, copy invoices and documents, and delete incoming emails that could reveal the scam.
Kategorie: Hacking & Security

Deconstructing a Business Email Compromise Attack

2 Duben, 2018 - 20:10
LinuxSecurity.com: Phishing attacks are becoming more prevalent and harder to detect. Scammers are developing highly sophisticated methods to target both businesses and individuals. If undetected, these attacks can have devastating results.
Kategorie: Hacking & Security

150 million MyFitnessPal accounts compromised - here's what to do

2 Duben, 2018 - 17:22
LinuxSecurity.com: MyfitnessPal has been hacked! Because email addresses were among the information stolen, criminals have been able to send MyfitnessPal spear phishing emails for the past month. These spear phishing attacks are especially dangerous because stolen personal information that users had logged in the app can be used to make phishing emails very convincing and difficult to detect.
Kategorie: Hacking & Security

A New Backdoor Around the Fourth Amendment: The CLOUD Act

2 Duben, 2018 - 14:57
LinuxSecurity.com: There's a new, proposed backdoor to our data, which would bypass our Fourth Amendment protections to communications privacy. It is built into a dangerous bill called the CLOUD Act, which would allow police at home and abroad to seize cross-border data without following the privacy rules where the data is stored.
Kategorie: Hacking & Security

Saks, Lord & Taylor hacked; 5 million payment cards compromised

2 Duben, 2018 - 14:43
LinuxSecurity.com: Hackers made off with a whopping five million credit and debit card numbers from Saks Fifth Avenue, Saks Off 5th and Lord & Taylor, placing it "among the most significant credit card heists in modern history."
Kategorie: Hacking & Security

Beyond Implementation: Policy Considerations for Secure Messengers

2 Duben, 2018 - 13:02
LinuxSecurity.com: One of EFF's strengths is that we bring together technologists, lawyers, activists, and policy wonks. And we've been around long enough to know that while good technology is necessary for success, it is rarely sufficient. Good policy and people who will adhere to it are also crucial.
Kategorie: Hacking & Security

Purism Librem 13: A Security-Focused Powerhouse of a Linux Laptop

30 Březen, 2018 - 11:35
LinuxSecurity.com: he company in question is Purism. Does the name sound familiar? It should. This is the same company behind the Librem 5 phone, a mobile device that promises to bring Linux to mobility, on a level that might lend a modicum of relevancy to Linux in the smartphone landscape (and not just as a kernel on the world's most popular platform).
Kategorie: Hacking & Security

How to configure multiple websites with Apache web server

30 Březen, 2018 - 11:31
LinuxSecurity.com: In my last post, I explained how to configure an Apache web server for a single website. It turned out to be very easy. In this post, I will show you how to serve multiple websites using a single instance of Apache.
Kategorie: Hacking & Security

Lizard Squad member jailed after offering DDoS-for-hire attack service

29 Březen, 2018 - 14:00
LinuxSecurity.com: "Hacker-for-hire" service launched distributed denial-of-service (DDoS) attacks against websites and phone-bombed its victims.
Kategorie: Hacking & Security

Update Drupal ASAP: Over a million sites can be easily hacked by any visitor

29 Březen, 2018 - 13:50
LinuxSecurity.com: Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.
Kategorie: Hacking & Security

Cisco critical flaw: At least 8.5 million switches open to attack, so patch now

29 Březen, 2018 - 13:48
LinuxSecurity.com: Cisco has released patches for 34 vulnerabilities mostly affecting its IOS and IOS XE networking software, including three critical remote code execution security bugs. Perhaps the most serious issue Cisco has released a patch for is critical bug CVE-2018-0171 affecting Smart Install, a Cisco client for quickly deploying new switches for Cisco IOS Software and Cisco IOS XE Software.
Kategorie: Hacking & Security