Kategorie

More than a dozen flaws in smart-city gear could open the door to attackers bent on sowing public panic, according to IBM X-Force.

Researchers create PoC of a post-exploitation kernel-mode fileless attack technique.

Reverse engineering the Toshiba FlashAir SD storage card allowed a researcher to execute remote code - and could've allowed him to add other malicious or practical features.

Enlarge (credit: F Delventhal)

Microsoft is building a new Windows 10 sandboxing feature that will let users run untrusted software in a virtualized environment that's discarded when the program finishes running.

The new feature was revealed in a bug-hunting quest for members of the Insider program and will carry the name "InPrivate Desktop." While the quest has now been removed, the instructions outlined the basic system requirements—a Windows 10 Enterprise system with virtualization enabled and adequate disk and memory—and briefly described how it would be used. There will be an InPrivate Desktop app in the store; running it will present a virtualized desktop environment that can be used to run questionable programs and will be destroyed when the window is closed.

While it would, of course, be possible to manually create a virtual machine to run software of dubious merit, InPrivate Desktop will streamline and automate that process, making it painless to run things in a safe environment. There's some level of integration with the host operating system—the clipboard can be used to transfer data, for example—but one assumes that user data is off limits, preventing data theft, ransomware, and similar nastiness.

Read 3 remaining paragraphs | Comments

DarkHydrus uses the open-source Phishery tool to create two of the known Word documents used in the attacks.

G Suite admins will have the option of enabling alerts if Google suspects government-backed hacking attempts.

A flaw in Cortana allowed researchers to take over a locked Windows machine and execute arbitrary code.

Security researchers at Trustwave have released a new open-source tool that uses facial recognition technology to locate targets across numerous social media networks on a large scale. Dubbed Social Mapper, the facial recognition tool automatically searches for targets across eight social media platforms, including—Facebook, Instagram, Twitter, LinkedIn, Google+, the Russian social networking

We’re pleased to announce InfoSec Institute is named to the Customers’ Choice Zone of the Gartner Peer Insights ‘Voice of the Customer’: Security Awareness Computer-Based Training Market Report. Free from vendor influence, Gartner Peer Insights research reports are based on enterprise professionals’ software and service reviews and first-hand experiences through various stages of the IT […]

The post Complimentary Gartner Report: Peer Insights ‘Voice of the Customer’ – Security Awareness CBT appeared first on InfoSec Resources.

Complimentary Gartner Report: Peer Insights ‘Voice of the Customer’ – Security Awareness CBT was first posted on August 9, 2018 at 9:22 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Artificial Intelligence (AI) has been seen as a potential solution for automatically detecting and combating malware, and stop cyber attacks before they affect any organization. However, the same technology can also be weaponized by threat actors to power a new generation of malware that can evade even the best cyber-security defenses and infects a computer network or launch an attack only

An FCC Office of Inspector General (OIG) report has found no evidence of DDoS attacks on the FCC's comments system.

SecurityIQ phishing simulation data from July confirms end users remain susceptible to banking and file-sharing phishing attempts. We looked at performance data from 1,000s phishing templates to bring you the most popular phishing simulations from last month — or the templates with the most sends in July. If you haven’t already sent these templates to […]

The post Top Five SecurityIQ Phishing Templates: July 2018 Edition appeared first on InfoSec Resources.

Top Five SecurityIQ Phishing Templates: July 2018 Edition was first posted on August 9, 2018 at 7:58 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

DARPA's MediaFor project has come up with tools it says can spot AI-created fakes.

Project Zero researcher highlights stubborn iOS bugs as an example of why Apple and the rest of the industry needs to take a fresh approach to securing systems.

Fortnite for Android will sidestep Google Play and be an “off market” experience - is that good or bad? We discuss the issues...

LinuxSecurity.com: Multiple vulnerabilities in a popular healthcare software provider's products may have put at risk the data of over 90 million patients.

LinuxSecurity.com: Opening Black Hat USA in Las Vegas, Black Hat founder Jeff Moss commented on the convergence of cybersecurity and political issues and said that world events "have caught up with us and we're being tested."

** Chytrá kamera Driver i sleduje dění ve voze i před ním ** Dokáže varovat před nebezpečím a hodnotí řidiče ** Umělá inteligence se učí reagovat na situace na silnici

In mixed-design radio chips the processor’s activity leaks into the analog portion of the chip - and is broadcast as output.

At Black Hat, Google's Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration.