FreshRSS

🔒
❌ About FreshRSS
There are new available articles, click to refresh the page.
Today — August 20th 2018Your RSS feeds

A heated summer for cybersecurity in Canada

By Gabrielle Ladouceur Despins

An overview of some of the cyberattacks that Canadian organizations faced in the summer months of 2018

The post A heated summer for cybersecurity in Canada appeared first on WeLiveSecurity

Monday review – the hot 23 stories of the week

By Naked Security writer
From the 10-year jail sentence for not unlocking your phone and the teen who hacked Apple to Facebook's news feed hoax, and more!

Monday Review

Alleged head of BitConnect cryptocurrency scam arrested in Dubai

BitConnect has been accused of operating an exit scam after duping investors out of millions of rupees.
  • August 20th 2018 at 08:35

Coinbase files patent for freeze logic cryptocurrency wallet security

The invention aims to add a fresh layer of security to wallets used directly for merchant payments.
  • August 20th 2018 at 07:07

How's that encryption coming, buddy? DNS requests routinely spied on, boffins claim

Uninvited middlemen may be messing with message

Most people's DNS queries – by which browsers and other software resolve domain names into IP addresses – remain unprotected while flowing over the internet.…

  • August 20th 2018 at 07:03

EU considers 60-minute deadline for social networks to remove terrorist content

The commission says that not enough progress has been made in stamping out extremist content.
  • August 20th 2018 at 06:12

Et tu, Brute? Then fail, Caesars: When it's hotel staff, not the hackers, invading folks' privacy

El Reg vulture's take on the upset at this year's Black Hat and DEF CON

Comment The hacking world's summer camp has ended. The last of the Black Hat USA, BSides Las Vegas, and DEF CON attendees and organizers have now left Sin City after a week of lectures, networking, and partying.…

  • August 20th 2018 at 06:08

[dos] SEIG Modbus 3.4 - Denial of Service (PoC)

SEIG Modbus 3.4 - Denial of Service (PoC)
  • August 20th 2018 at 00:00

[webapps] WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection

WordPress Plugin Chained Quiz 1.0.8 - 'answer' SQL Injection
  • August 20th 2018 at 00:00

[remote] SEIG Modbus 3.4 - Remote Code Execution

SEIG Modbus 3.4 - Remote Code Execution
  • August 20th 2018 at 00:00

[webapps] MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery

MyBB Moderator Log Notes Plugin 1.1 - Cross-Site Request Forgery
  • August 20th 2018 at 00:00

[dos] Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)

Zortam MP3 Media Studio 23.95 - Denial of Service (PoC)
  • August 20th 2018 at 00:00

[dos] Restorator 1793 - Denial of Service (PoC)

Restorator 1793 - Denial of Service (PoC)
  • August 20th 2018 at 00:00

College Bound? 7 Important Technology Habits for Students

By Toni Birdsong

You’ve loved, shaped, and equipped your child to succeed in college and move in day is finally here.  But there’s still one variable that can turn your child’s freshman year upside down, and that’s technology.

That’s right, that essential laptop and indispensable smartphone your child owns could also prove to be his or her biggest headache if not secured and used responsibly. College students can be targets of identity theft, malware, online scams, credit card fraud, property theft, and internet addiction.

The other part of this new equation? You, parent, are no longer in the picture. Your child is now 100% on his or her own. Equipping time is over. Weekly tech monitoring and family chats are in the rearview mirror. Will they succeed? Of course, they will. But one last parenting chat on safety sure can’t hurt. Here are a couple of reminders to share with your college-bound kids.

7  Technology Habits for Students

1. Minimize use of public computers. Campuses rely on shared computers. Because campus networks aren’t always secure, this can open you up to identity theft. If you have to log on to a public computer be it a cafe, library, or lab, be sure to change any passwords each time you return. If you are working with a study group, don’t share passwords. Public devices can be prone to hackers seeking to steal login credentials and credit card numbers. If you do use public devices, get in the habit of browsing in the privacy mode. Clear browser history, cookies, and quit all applications before logging off.

2. Beware when shopping online. Online shopping is often the easiest way for students to purchase essentials. Be sure to use a secure internet connection when hitting that “purchase” button. Reputable sites encrypt data during transactions by using SSL technologies. Look for the tiny padlock icon in the address bar or a URL that begins with “https” (the “s” stands for secure) instead of “http.” Examine the site and look for misspellings, inconsistencies. Go with your instincts if you think a website is bogus, don’t risk the purchase. Online credit card fraud is on the rise, so beware.

3. Guard your privacy. College is a tough place to learn that not all people are trustworthy — even those who appear to be friends. Sadly, many kids learn about online theft the hard way. Never share passwords, credit card numbers, or student ID numbers. Be aware of shoulder surfing which is when someone peers over your shoulder to see what’s on your computer screen. Avoid leaving computer screens open in dorm rooms or libraries where anyone can check your browsing history, use an open screen, or access financial information. Also, never lend your laptop or tablet to someone else since it houses personal information and make sure that all of your screens are password protected.

4.  Beware of campus crooks. Thieves troll college campuses looking for opportunities to steal smartphones, laptops, wearables, and tablets for personal use or resale. Don’t carry your tech around uncased or leave it unguarded. Conceal it in a backpack. Even if you feel comfortable in your new community, don’t leave your phone even for a few seconds to pick up your food or coffee at a nearby counter. If you are in the library or study lab and need a bathroom break, take your laptop with you. Thieves are swift, and you don’t want to lose a semester’s worth of work in a matter of seconds.

5. Use public Wi-Fi with caution. Everyone loves to meet at the coffee shop for study sessions — and that includes hackers. Yes, it’s convenient, but use public Wi-Fi with care. Consider using VPN software, which creates a secure private network and blocks people from accessing your laptop or activity. To protect yourself, be sure to change your passwords often. This is easy if you use a free password manager like True Key.

6. Social media = productivity killer. Be aware of your online time. Mindless surfing, internet games, and excessive video gaming with roommates can have an adverse effect on your grades as well as your mental health.  Use online website blockers to help protect your study time.

7. Social media = career killer. We can all agree: College is a blast. However, keep the party photos and inappropriate captions offline. Your career will thank you. Remember: Most everything you do today is being captured or recorded – even if you’re not the one with the camera. The internet is forever, and a long-forgotten photo can make it’s way back around when you least expect it.

8. Don’t get too comfortable too fast. Until you understand who you can trust in your new community, consider locking your social media accounts. Disable GPS on mobile apps for security, don’t share home and dorm addresses, email, or phone numbers. While it may be the farthest thing from your mind right now — campus stalking case are real.

toni page birdsong

Toni Birdsong is a Family Safety Evangelist to McAfee. You can find her onTwitter @McAfee_Family. (Disclosures)

The post College Bound? 7 Important Technology Habits for Students appeared first on McAfee Blogs.

How to Protect Your Phone Against a SIM Swap Attack

By Brian Barrett
Your phone number is increasingly tied to your online identity. You need to do everything possible to protect it.

Video: Peeking into msg files - revisited, (Sun, Aug 19th)

I created a video for diary entry "Peeking into msg files - revisited":
  • August 19th 2018 at 10:02

[remote] SEIG SCADA System 9 - Remote Code Execution

SEIG SCADA System 9 - Remote Code Execution
  • August 19th 2018 at 00:00

Make a Wish: Dark Reading Caption Contest Winners

By Marilyn Cohodas Managing Editor, Dark Reading
Certification, endpoint security, 2FA, phishing, and PII were among the themes and puns offered by readers in our latest cartoon caption competition. And the winners are ...

  • August 18th 2018 at 15:00

A Costly CIA Mistake, a Campaign Hack, and More Security News This Week

By Lily Hay Newman
New cyberwar policy, body scanners in Los Angeles, and more of the week's top security news.

Facebook Messenger backdoor demand, bail in Bitcoin, and lots more

If you're not already suffering from Black Hat/DEF CON overload

Roundup It's time for another rapid roundup of computer security news beyond what we've already reported.…

  • August 18th 2018 at 09:21

Release the Edge - Paul's Security Weekly #571

By paul@securityweekly.com

This week, our very own Larry Pesce delivers the Technical Segment on Spoofing GPS with a hackRF! In the Security News, Hacking Police Bodycams, Adobe execution flaws, Google expands to Bug Bounty Program, and if you live in Australia, you could face ten years in jail if you don't unlock your phone! In our final segment, we air our pre-recorded interview with Paul and Matt Alderman from DEF CON on Cigars and Security!

Full Show Notes: https://wiki.securityweekly.com/Episode571

 

Visit https://www.securityweekly.com/psw for all the latest episodes!

 

→Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!!

→Follow us on Twitter: https://www.twitter.com/securityweekly

→Like us on Facebook: https://www.facebook.com/secweekly

  • August 18th 2018 at 09:00

SentinelOne makes YouTube delete Bsides vid 'cuz it didn't like the way bugs were reported

Research silenced amid copyright, trademark claim

Updated If you were at BSides Manchester in England this week, you hopefully caught James Williams' presentation on the shortcomings of some commercial antivirus tools.…

  • August 18th 2018 at 00:51

'Oh sh..' – the moment an infosec bod realized he was tracking a cop car's movements by its leaky cellular gateway

Internet boxes blab coordinates on login pages

Black Hat If you want to avoid the cops, or watch deliveries and call-outs by trucks and another vehicles in real-time, well, there's potentially not a lot stopping you.…

  • August 18th 2018 at 00:20

Researchers Find New Fast-Acting Side-Channel Vulnerability

By Curtis Franklin Jr. Senior Editor at Dark Reading
A group of researchers from Georgia Tech have discovered a method for pulling encryption keys from mobile devices without ever touching the phones, themselves.

  • August 17th 2018 at 21:35

Malicious Cryptomining & Other Shifting Threats

By Dark Reading Staff
Skybox Security CMO Michelle Johnson Cobb discloses research results that include a spike in malicious cryptomining during Bitcoin's peak, a shift to outside-the-perimeter mobile threats, and more.

  • August 17th 2018 at 21:25

The Economics of AI-Enabled Security

By Dark Reading Staff
While AI greatly enhances security, Securonix CTO Tanuj Gulati points out the need for predictable cost models that insulate SOCs from the variables of massive data volume and intense real-time processing.

  • August 17th 2018 at 21:00

Using Threat Deception on Malicious Insiders

By Dark Reading Staff
Illusive Networks CEO Ofer Israeli reveals how distributed deception technology can be as effective against insider threats as it is against outsiders, since it thwarts the lateral movement common to both.

  • August 17th 2018 at 20:20

Taking Away John Brennan's Clearance Threatens National Security

By Emily Dreyfuss
When Trump strips a former CIA director's security clearance, the impact is more than just symbolic.

Filtering the Threat Intelligence Tsunami

By Dark Reading Staff
Reversing Labs CEO Mario Vuksan contends that SOCs are overwhelmed by global threat intelligence, and can benefit more from a targeted "pull" model that focuses on YARA-type binary pattern matching.

  • August 17th 2018 at 19:40

OpenSSL Toolkit 1.1.0i

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.
  • August 17th 2018 at 19:40

Xen xen-netback xenvif_set_hash_mapping Integer Overflow

Xen suffers from an integer overflow vulnerability in xen-netback xenvif_set_hash_mapping.
  • August 17th 2018 at 19:36

Indian Bank Hit in $13.5M Cyberheist After FBI ATM Cashout Warning

By BrianKrebs

On Sunday, Aug. 12, KrebsOnSecurity carried an exclusive: The FBI was warning banks about an imminent “ATM cashout” scheme about to unfold across the globe, thanks to a data breach at an unknown financial institution. On Aug. 14, a bank in India disclosed hackers had broken into its servers, stealing nearly $2 million in fraudulent bank transfers and $11.5 million unauthorized ATM withdrawals from cash machines in more than two dozen countries.

The FBI put out its alert on Friday, Aug. 10. The criminals who hacked into Pune, India-based Cosmos Bank executed their two-pronged heist the following day, sending co-conspirators to fan out and withdraw a total of about $11.5 million from ATMs in 28 countries.

The FBI warned it had intelligence indicating that criminals had breached an unknown payment provider’s network with malware to access bank customer card information and exploit network access, enabling large scale theft of funds from ATMs.

Organized cybercrime gangs that coordinate these so-called “unlimited attacks” typically do so by hacking or phishing their way into a bank or payment card processor. Just prior to executing on ATM cashouts, the intruders will remove many fraud controls at the financial institution, such as maximum withdrawal amounts and any limits on the number of customer ATM transactions daily.

The perpetrators alter account balances and security measures to make an unlimited amount of money available at the time of the transactions, allowing for large amounts of cash to be quickly removed from the ATM.

My story about the FBI alert was breaking news on Sunday, but it was just a day short of useful to financial institutions impacted by the breach and associated ATM cashout blitz.

But according to Indian news outlet Dailypionneer.com, there was a second attack carried out on August 13, when the Cosmos Bank hackers transferred nearly $2 million to the account of ALM Trading Limited at Hang Seng Bank in Hong Kong.

“The bank came to know about the malware attack on its debit card payment system on August 11, when it was observed that unusually repeated transactions were taking place through ATM VISA and Rupay Card for nearly two hours,” writes TN Raghunatha for the Daily Pioneer.

Cosmos Bank was quick to point out that the attackers did not access systems tied to customer accounts, and that the money taken was from the bank’s operating accounts. The 112-year-old bank blamed the attack on “a switch which is operative for the payment gateway of VISA/Rupay Debit card and not on the core banking system of the bank, the customers’ accounts and the balances are not at all affected.”

Visa issued a statement saying it was aware of the compromise affecting a client financial institution in India.

“Our systems were able to identify the issue quickly, enabling the financial institution to take appropriate action,” the company said. “Visa is working closely with the client in supporting their ongoing investigations on the matter.”

The FBI said these types of ATM cashouts are most common at smaller financial institutions that may not have sufficient resources dedicated to staying up to date with the latest security measures for handling payment card data.

“Historic compromises have included small-to-medium size financial institutions, likely due to less robust implementation of cyber security controls, budgets, or third-party vendor vulnerabilities,” the alert read. “The FBI expects the ubiquity of this activity to continue or possibly increase in the near future.”

In July 2018, KrebsOnSecurity broke the news of two separate cyber break-ins at tiny National Bank of Blacksburg in Virginia in a span of just eight months that led to ATM cashouts netting thieves more than $2.4 million. The Blacksburg bank is now suing its insurance provider for refusing to fully cover the loss.

As reported by Reuters, Cosmos Bank said in a press statement that its main banking software receives debit card payment requests via a “switching system” that was bypassed in the attack. “During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system,” the bank said.

Translation: If a financial institution is not fully encrypting its payment processing network, this can allow intruders with access to the network to divert and/or alter the response that gets sent when an ATM transaction is requested. In one such scenario, the network might say a given transaction should be declined, but thieves could still switch the signal for that ATM transaction from “declined” to “approved.”

One final note: Several news outlets have confused the attack that hit Cosmos Bank with another ATM crime called “jackpotting,” which requires thieves to have physical access to the inside of the cash machine and the ability to install malicious software that makes the ATM spit out large chunks of cash at once. Like ATM cashouts/unlimited operations, jackpotting attacks do not directly affect customer accounts but instead drain ATMs of currency.

Update, 8:10 p.m. ET: An earlier version of this story incorrectly stated that there were only 25 ATMs used in the cashout against Cosmos. The figure was meant to represent the number of countries with ATMs that were used in the heist, not ATMs, and that number is 28 at last count.

Philips Vulnerability Exposes Sensitive Cardiac Patient Information

By Tara Seals
The unpatched flaw would allow a bad actor to execute information-exfiltrating malware, backdoors, ransomware or any other kind of bad code he or she chose.

Ensuring Web Applications Are Hardened, Secure

By Dark Reading Staff
Ofer Maor of Synopsys Software Integrity Group describes how automated testing can non-intrusively pinpoint where developers may be inadvertently exposing data and/or violating compliance mandates.

  • August 17th 2018 at 19:00

Unique Malspam Campaign Uses MS Publisher to Drop a RAT on Banks

By Lindsey O'Donnell
A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.

Marap Malware Appears, Targeting Financial Sector

By Dark Reading Staff
A new form of modular downloader packs the ability to download other modules and payloads.

  • August 17th 2018 at 18:25

Building Security into the DevOps Pipeline

By Dark Reading Staff
As companies pump more code into production at a faster pace, CA Veracode VP of Security Research Chris Eng stresses the importance of avoiding vulnerabilities by building security directly into the DevOps pipeline.

  • August 17th 2018 at 18:20

Severe PHP Exploit Threatens WordPress Sites with Remote Code Execution

By Lindsey O'Donnell
The issue impacts several content management systems, including Typo3 and WordPress, as well as widely-used PDF generation library TCPDF.

Debian Security Advisory 4274-1

Debian Linux Security Advisory 4274-1 - This update provides mitigations for the "L1 Terminal Fault" vulnerability affecting a range of Intel CPUs.
  • August 17th 2018 at 17:42

Debian Security Advisory 4275-1

Debian Linux Security Advisory 4275-1 - Kristi Nikolla discovered an information leak in Keystone, the OpenStack identity service, if running in a federated setup.
  • August 17th 2018 at 17:42

Debian Security Advisory 4273-1

Debian Linux Security Advisory 4273-1 - This update ships updated CPU microcode for some types of Intel CPUs and provides SSBD support (needed to address "Spectre v4") and fixes for "Spectre v3a".
  • August 17th 2018 at 17:42

Debian Security Advisory 4276-1

Debian Linux Security Advisory 4276-1 - Fariskhi Vidyan and Thomas Jarosch discovered several vulnerabilities in php-horde-image, the image processing library for the Horde groupware suite. They would allow an attacker to cause a denial-of-service or execute arbitrary code.
  • August 17th 2018 at 17:42

Ubuntu Security Notice USN-3658-3

Ubuntu Security Notice 3658-3 - USN-3658-1 fixed a vulnerability in procps-ng. This update provides the corresponding update for Ubuntu 12.04 ESM. It was discovered that the procps-ng top utility incorrectly read its configuration file from the current working directory. A local attacker could possibly use this issue to escalate privileges. Various other issues were also addressed.
  • August 17th 2018 at 17:42

Red Hat Security Advisory 2018-2486-01

Red Hat Security Advisory 2018-2486-01 - This release adds the new Apache HTTP Server 2.4.29 packages that are part of the JBoss Core Services offering. This release serves as a replacement for Red Hat JBoss Core Services Apache HTTP Server 2.4.23, and includes bug fixes and enhancements. Issues addressed include buffer overflow, heap overflow, and use-after-free vulnerabilities.
  • August 17th 2018 at 17:41

Red Hat Security Advisory 2018-2482-01

Red Hat Security Advisory 2018-2482-01 - Docker is an open-source engine that automates the deployment of any application as a lightweight, portable, self-sufficient container that runs virtually anywhere. Issues addressed include a container breakout vulnerability.
  • August 17th 2018 at 17:40

Supplementing the SOC with Cyber-as-a-Service

By Dark Reading Staff
Raytheon Cyber Protection Solutions CTO Mark Orlando suggests under-resourced SOCs enhance their effectiveness at-scale by tapping the advanced cyber defense automation his company has developed.

  • August 17th 2018 at 17:40

Red Hat Security Advisory 2018-2469-01

Red Hat Security Advisory 2018-2469-01 - Red Hat JBoss Web Server is a fully integrated and certified set of components for hosting Java web applications. It is comprised of the Apache HTTP Server, the Apache Tomcat Servlet container, Apache Tomcat Connector, JBoss HTTP Connector, Hibernate, and the Tomcat Native library. This release of Red Hat JBoss Web Server 3.1 Service Pack 4 serves as a replacement for Red Hat JBoss Web Server 3.1, and includes bug fixes, which are documented in the Release Notes document linked to in the References. Issues addressed include insecure defaults.
  • August 17th 2018 at 17:39

Ubuntu Security Notice USN-3744-1

Ubuntu Security Notice 3744-1 - Andrew Krasichkov discovered that the PostgreSQL client library incorrectly reset its internal state between connections. A remote attacker could possibly use this issue to bypass certain client-side connection security features. This issue only affected Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. It was discovered that PostgreSQL incorrectly checked authorization on certain statements. A remote attacker could possibly use this issue to read arbitrary server memory or alter certain data. Various other issues were also addressed.
  • August 17th 2018 at 17:39

Ubuntu Security Notice USN-3743-1

Ubuntu Security Notice 3743-1 - A large number of security issues were discovered in the WebKitGTK+ Web and JavaScript engines. If a user were tricked into viewing a malicious website, a remote attacker could exploit a variety of issues related to web browser security, including cross-site scripting attacks, denial of service attacks, and arbitrary code execution.
  • August 17th 2018 at 17:39

Threat Roundup for August 10-17

By Talos Group
Today, Talos is publishing a glimpse into the most prevalent threats we've observed between August 10 and August 17. As with previous round-ups, this post isn't meant to be an...

Exploring, Exploiting Active Directory Admin Flaws

By Kelly Sheridan Staff Editor, Dark Reading
Common methods AD administrators use to protect their environments can easily be exploited. Here's how.

  • August 17th 2018 at 17:20

Assessing & Mitigating Increased Exposure to Third-Party Risk

By Dark Reading Staff
As we increasingly connect with each other digitally, CyberGRX CRO Scott Schneider believes we need to be much more diligent about sharing validated insight into the infosec maturity of our organizations.

  • August 17th 2018 at 17:00

AT&T Faces $224M Legal Challenge Over SIM-Jacking Rings

By Tara Seals
Cryptocurrency angel investor Michael Terpin seeks damages for "gross negligence" by the carrier, alleging it turned a blind eye to store employees' malicious activities.

Leveraging the Power of your End-Users' Human Cognition

By Dark Reading Staff
Cofense CEO Rohyt Belani makes a case for more aggressively leveraging the unique ability of your most perceptive and well-trained end-users to help you more quickly spot and stop email threats.

  • August 17th 2018 at 16:30
❌