Viry a Červi

Google Project Zero boss: Blockchain won’t solve your security woes – but partying just might

The Register - Anti-Virus - 8 Srpen, 2018 - 22:54
Parisa Tabriz talks Chrome, HTTPS, and more

Black Hat  Parisa Tabriz, a director of engineering at Google and head of the web giant's Project Zero bug-hunting squad, today opened this year's Black Hat USA conference with a reminder that partying is key to securing software.…

Kategorie: Viry a Červi

Black Hat 2018: Mixed Signal Microcontrollers Open to Side-Channel Attacks

VirusList.com - 8 Srpen, 2018 - 22:30
In mixed-design radio chips the processor’s activity leaks into the analog portion of the chip - and is broadcast as output.
Kategorie: Viry a Červi

Black Hat 2018: Google’s Tabriz Talks Complex Security Landscapes

VirusList.com - 8 Srpen, 2018 - 22:24
At Black Hat, Google's Parisa Tabriz discussed how to navigate the complex security environment with long-term thinking and a policy of open collaboration.
Kategorie: Viry a Červi

‘Chaff Bug’ Defense Rolls Out Shiny Objects for Attackers to Find

VirusList.com - 8 Srpen, 2018 - 20:12
Rather than eliminating bugs, the idea is to add large numbers of non-exploitable bugs to software as decoys to waste cyber-criminals' time.
Kategorie: Viry a Červi

Threatlist: Manufacturing, a Top Target for Espionage

VirusList.com - 8 Srpen, 2018 - 19:24
Vectra’s 2018 Spotlight Report found that attackers can easily spy, spread and steal information, largely unhindered by the insufficient internal access controls that are in place.
Kategorie: Viry a Červi

Japanese dark-web drug dealers are so polite, they'll offer 'a refund' if you're not satisfied

The Register - Anti-Virus - 8 Srpen, 2018 - 18:00
Internet underground outside the West takes a different tone

The concept of the "dark web" in Asia is way different to what peeps in Europe and the Americas are used to.…

Kategorie: Viry a Červi

Snapchat source code leaked on GitHub – but no one knows why

Sophos Naked Security - 8 Srpen, 2018 - 17:38
A chunk of Snapchat's source code that wasn't meant to be public just popped up on GitHub. Will this harm security?

Facebook wants to be the future of online banking

Sophos Naked Security - 8 Srpen, 2018 - 16:30
Facebook says to banks: tell us who your customers are, and we'll get them talking to you in Messenger.

Black Hat 2018: Patrick Wardle on Breaking and Bypassing MacOS Firewalls

VirusList.com - 8 Srpen, 2018 - 15:25
A Black Hat talk demonstrates the ease of poking holes in firewalls: How to break, bypass and dismantle macOS firewall products.
Kategorie: Viry a Červi

Could deliberately adding security bugs make software more secure?

Sophos Naked Security - 8 Srpen, 2018 - 14:31
A new study argues that bogging black hats down in fake flaws might be better approach to security.

Profit-strapped Symantec pulls employee share scheme

The Register - Anti-Virus - 8 Srpen, 2018 - 14:17
Cunning plan to push top staff out? Firm keeps schtum

Symantec is cancelling an Employee Share Purchase (ESP) programme, angering some workers in the process.…

Kategorie: Viry a Červi

Black Hat 2018: Update Mechanisms Allow Remote Attacks on UEFI Firmware

VirusList.com - 8 Srpen, 2018 - 13:20
The glitch stems from a functionality intended to allow updates to the UEFI firmware.
Kategorie: Viry a Červi

Podcast: enSilo CEO on Black Hat USA 2018 Top Trends

VirusList.com - 8 Srpen, 2018 - 13:00
As Black Hat's keynote kicks off today, Threatpost pinpoints the most popular trends of the conference with enSilo's CEO.
Kategorie: Viry a Červi

Hey, you know what a popular medical record system doesn't need? 23 security vulnerabilities

The Register - Anti-Virus - 8 Srpen, 2018 - 01:01
Get patching after team gets under the skin of OpenEMR

Fresh light has been shed on a batch of security vulnerabilities discovered in the widely used OpenEMR medical records storage system.…

Kategorie: Viry a Červi

Funnily enough, no, infosec bods aren't mad keen on W. Virginia's vote-by-phone-app plan

The Register - Anti-Virus - 8 Srpen, 2018 - 00:15
Mobile ballots dubbed 'horrific', blockchain reliance questioned

The US state of West Virginia plans to allow some of its citizens to vote in this year's midterm elections via a smartphone app – and its seemingly lax security is freaking out infosec experts.…

Kategorie: Viry a Červi

Fresh Approach to WiFi Cracking Uses Packet-Sniffing

VirusList.com - 7 Srpen, 2018 - 23:29
The new strategy allows an attacker to instead lift ID information directly from the router, within minutes.
Kategorie: Viry a Červi

Cybersecurity Certifications: Why They Matter and How to Know Which Ones To Pursue

VirusList.com - 7 Srpen, 2018 - 20:37
Here is why security professionals need to understand the merits of obtaining certification in today's job market and how it can give them a leg up over their competition.
Kategorie: Viry a Červi

Čuměl si na čuňárny, vím o tobě všechno, zaplať!

VIRY.CZ - 7 Srpen, 2018 - 20:37

Nový trik jak dostat z lidí peníze začal zaplavovat e-mailové schránky…

Na tento trik upozornilo i několik čtenářů VIRY.CZ a netrvalo dlouho a dorazil i do mé schránky. Podstatou e-mailu je, že útočník vám sděluje, že zná vaše heslo – v tomto případě „(cimejade)“. Zároveň pak ještě píše o tom, že k vám při sledování porno stránek propašoval havěť, která mu zajistila vzdálený přístup do vašeho počítače. Následně tak mohl vykrást veškeré kontakty z Messengeru, Outlooku, Facebooku a zároveň sledovat dění na monitoru i webkameře při sledování onoho pornografického materiálu. Pokud nezaplatíte (zde 1000 dolarů), zdokumentovaný zážitek (vámi sledované porno + vás z webkamery) rozešle i vaší rodině, přátelům, kamarádům atd.

It appears that, (cimejade), is your password. You might not know me and you are probably wondering why you are getting this e-mail, right? 

in fact, I put in place a malware over the adult vids (porno) web-site and you know what, you visited this web site to have fun (you know what I mean). While you were watching videos, your internet browser started off functioning as a RDP (Team Viewer) which provided accessibility to your screen and web camera. from then on, my software program obtained all of your current contacts from the Messenger, Microsoft outlook, Facebook, in addition to emails. 

What did I really do? 

I made a double-screen video clip. Very first part shows the recording you were seeing (you have a good taste haha . . .), and 2nd part shows the recording of your webcam. 

exactly what should you do? 

Well, I think, $1000 is a fair price for our little hidden secret. You’ll make the payment by Bitcoin (if you do not know this, search „how to buy bitcoin“ search engines like google). 

BTC Address: 1EaUwtzhfAwJM7oTqPnvfPYMThb9cGcohN 
(It’s case sensitive, so copy and paste it) 

Important: 
You’ve got 1 day to make the payment. (I have a special pixel within this e-mail, and at this moment I know that you have read this email message). If I don’t get the BitCoins, I will certainly send out your videos to all of your contacts including family, colleagues, and so forth. Having said that, if I get the payment, I’ll destroy the recording immidiately. If you want evidence, reply with „Yes!“ and I will definitely send your video recording to your 6 contacts. It is a non-negotiable offer, that being said don’t waste my personal time and yours by responding to this message. 

Podle monitorování BTC adres útočníků je patrné, že vyděšené oběti opravdu občas zbytečně platí :-/ Zpráva totiž může vypadat důvěryhodně, pokud jde opravdu o vaše heslo. K útočníkům se obvykle dostalo z nějakého veřejně dostupného seznamu ukradených přístupů, většinou díky bezpečnostní chybě dané internetové služby. Též je možné, že jde o heslo, které vám vůbec nic neříká a nikdy jste ho nepoužívali a nebo o heslo, které jste sice používali, ale pár let dozadu. Tak jako tak jde o podvod a je skoro jisté, že nic z uvedeného o vás útočník neví. Přesto, pokud je vám heslo povědomé, není nic snažšího, než ho změnit. Tam, kde je to možné, pak doporučuji zapnout tzv. dvoufázové ověření. Nicméně toto je už nad rámec tohoto článku. Více v chystané publikaci o prevenci – výročí 20. let VIRY.CZ se blíží!

Kategorie: Viry a Červi

Microsoft Adds Direct Trust for Let’s Encrypt

VirusList.com - 7 Srpen, 2018 - 19:55
Let’s Encrypt certificates can now stand on their own for almost all newer versions of operating systems, browsers and devices.
Kategorie: Viry a Červi

Pentagon Bans Soldiers from Using GPS Apps and Devices

VirusList.com - 7 Srpen, 2018 - 18:24
This includes physical fitness aids, applications in phones that track locations, and other devices and apps that could pinpoint and track the location of individuals in active combat zones.
Kategorie: Viry a Červi
Syndikovat obsah