FreshRSS

πŸ”’
❌ About FreshRSS
There are new available articles, click to refresh the page.
Today β€” February 21st 2018Your RSS feeds

Hashcat Advanced Password Recovery 4.1.0 Source Code

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the source code release.
  • February 21st 2018 at 14:04

Hashcat Advanced Password Recovery 4.1.0 Binary Release

Hashcat is an advanced GPU hash cracking utility that includes the World's fastest md5crypt, phpass, mscash2 and WPA / WPA2 cracker. It also has the first and only GPGPU-based rule engine, focuses on highly iterated modern hashes, single dictionary-based attacks, and more. This is the binary release.
  • February 21st 2018 at 14:04

How to Secure Data With A Data Loss Prevention Prevention Plan

By Graeme Messina

Data loss prevention has become increasingly more important over the past few decades. Access to information systems that contain confidential, private and proprietary data are vulnerable on many fronts. Data loss prevention (DLP) can be thought of as a preventative measure aimed at stopping data leakage. Gone are the days when physically taking copies of […]

The post How to Secure Data With A Data Loss Prevention Prevention Plan appeared first on InfoSec Resources.


How to Secure Data With A Data Loss Prevention Prevention Plan was first posted on February 21, 2018 at 8:47 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors

Posted by SEC Consult Vulnerability Lab on Feb 21

We have published an accompanying blog post to this technical advisory with
further information:

https://www.sec-consult.com/en/blog/2018/02/internet-of-babies-when-baby-monitors-fail-to-be-smart/index.html

SEC Consult Vulnerability Lab Security Advisory < 20180221-0 >
=======================================================================
title: Hijacking of arbitrary video baby monitors
product: miSafes Mi-Cam...
  • February 21st 2018 at 14:01

Bugtraq: SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors

SEC Consult SA-20180221-0 :: Hijacking of arbitrary miSafes Mi-Cam video baby monitors
  • February 21st 2018 at 15:00

Should We Call it Quits for Passwords? Or, "Password Spraying for the Win!", (Wed, Feb 21st)

Ok, maybe that's a bit dramatic.Β  But for most companies with web services, the answer is a serious "yes" for ditching passwords for those services.Β  Why is that?Β  Let's talk about how the typical external pentest might go.
  • February 21st 2018 at 14:50

Setting the Cybersecurity Bar Higher – Announcing the Cisco 2018 Annual Cybersecurity Report

By John N. Stewart
The 2018 Annual Cybersecurity Report exposes techniques that adversaries use to elude defenses and evade detection. It also provides insights and recommendations designed to help organizations defend against attacks.

World's cyber attacks hit us much harder in past year – major infosec chief survey

Cisco report: Smacked orgs forked out $500k due to attacks

Cyber security breaches were twice as severe in the past year, with total financial losses reaching $500,000 (Β£356,00) per business, according to an extensive survey of CISOs across the globe.…

  • February 21st 2018 at 13:28

Red Hat Security Advisory 2018-0336-01

Red Hat Security Advisory 2018-0336-01 - Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool. This update provides Satellite 6.3 packages for Red Hat Enterprise Linux 7 Satellite server. For the full list of new features provided by Satellite 6.3, see the Release Notes linked to in the references section. See the Satellite 6 Installation Guide for detailed instructions on how to install a new Satellite 6.3 environment, or the Satellite 6 Upgrading and Updating guide for detailed instructions on how to upgrade from prior versions of Satellite 6.
  • February 20th 2018 at 22:27

Ubuntu Security Notice USN-3577-1

Ubuntu Security Notice 3577-1 - Jann Horn discovered that CUPS permitted HTTP requests with the Host header set to "localhost.localdomain" from the loopback interface. If a user were tricked in to opening a specially crafted website in their web browser, an attacker could potentially exploit this to obtain sensitive information or control printers, via a DNS rebinding attack.
  • February 20th 2018 at 22:25

Red Hat Security Advisory 2018-0334-01

Red Hat Security Advisory 2018-0334-01 - Chromium is an open-source web browser, powered by WebKit. This update upgrades Chromium to version 64.0.3282.167. Security Fix: chromium-browser: incorrect derived class instantiation in v8.
  • February 20th 2018 at 22:24

Ubuntu Security Notice USN-3576-1

Ubuntu Security Notice 3576-1 - Vivian Zhang and Christoph Anton Mitterer discovered that libvirt incorrectly disabled password authentication when the VNC password was set to an empty string. A remote attacker could possibly use this issue to bypass authentication, contrary to expectations. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. Daniel P. Berrange discovered that libvirt incorrectly handled validating SSL/TLS certificates. A remote attacker could possibly use this issue to obtain sensitive information. This issue only affected Ubuntu 17.10. Various other issues were also addressed.
  • February 20th 2018 at 22:23

Ubuntu Security Notice USN-3575-1

Ubuntu Security Notice 3575-1 - It was discovered that QEMU incorrectly handled guest ram. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue only affected Ubuntu 14.04 LTS and Ubuntu 16.04 LTS. David Buchanan discovered that QEMU incorrectly handled the VGA device. A privileged attacker inside the guest could use this issue to cause QEMU to crash, resulting in a denial of service. This issue was only addressed in Ubuntu 17.10. Various other issues were also addressed.
  • February 20th 2018 at 22:22

Public Cloud Penetration Testing from the Customer Viewpoint

By Uladzislau Murashka

Public cloud computing has evolved into a mainstream solution for data storage, on-demand service, and infrastructure. Garter forecasts the total revenue from worldwide public cloud services to reach $305.8Β billion by 2018 and hit the point of $411.4Β billion by 2020. It is only natural that penetration testing, a cornerstone of corporate security, is on demand, as […]

The post Public Cloud Penetration Testing from the Customer Viewpoint appeared first on InfoSec Resources.


Public Cloud Penetration Testing from the Customer Viewpoint was first posted on February 21, 2018 at 7:00 am.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Bugtraq: Sharutils 4.15.2 Heap-Buffer-Overflow

Sharutils 4.15.2 Heap-Buffer-Overflow
  • February 21st 2018 at 12:00

Bugtraq: Sharutils 4.15.2 Heap-Buffer-Overflow

Sharutils 4.15.2 Heap-Buffer-Overflow
  • February 21st 2018 at 12:00

EDR for Everyone Is about Fighting Alert Fatigue

Endpoint detection and response solutions (EDR) are predicted to become a key security technology by 2020, with 80 percent of large organizations, 25 percent of midsize organizations, and 10 percent of small organizations investing in them. Demand for incident response tools that offer early visibility into advanced threats will fuel the EDR market growth, with expectations of a CAGR of 45.27 percent from 2015 through 2020.

The EDR market is already booming, having grown from $238 million in 2015 revenue to about $500 million in 2016. By 2020, it’s going to be a billion-dollar market and could even match the $3.2 billion (2015) endpoint protection platform (EPP) market.

Despite the rapid growth in the EDR market, these preventative controls are still out of the reach of mid-size and small organizations. As EDR requires dedicated security operations center (SOC) teams to manually investigate alerts, the high cost barrier is something that only large organizations can currently overcome. Or is it?

Fighting Alert Fatigue

EDR solutions have emerged from the premise that it’s impossible to prevent all threats, meaning their purpose is to minimize dwell time of an infection while also reducing the amount of damage it can cause. However, managing the number of security alerts for potential threats can be overwhelming for any under-resourced IT team. Because of that, investigation decisions may end up being either ill-informed or based on summary judgements. This broad strokes approach can lead to full network compromise, especially if traditional EDR is not properly managed or used to its full potential.

Since EDR agents often come installed on top of existing EPP agents and other security technologies, such as SIEM, IDS and IPS, security teams are often bombarded with up to tens of thousands of alerts coming from multiple security consoles, making prioritization nearly impossible. Instead of increasing visibility and raising the overall security posture of the organization, this fragmentation and segregation of security consoles only makes security more cumbersome.

EDR should be about having a single agent and a single management console, and only focusing on really important security events, instead of spreading human resources thin. After all, EDR should enable your security β€œSWAT team” to focus on truly important tasks, and not just chase ghosts and put out fires.

EDR for Everyone

Advanced threat hunting capabilities enabled by EDR agents require alert prioritization and manual investigation by dedicated teams, something that drives costs up beyond the initial purchasing and deployment price. The key to having an EDR solution for everyone lies in detecting advanced attacks using built-in intelligence in the endpoint agent. This lets admins focus solely on specific elusive and advanced threats that have crossed the other layers of prevention, and prevents them from wasting time on false positives. This enhanced security operation enables automated triage of truly important security events, and doesn’t require a full-time dedicated team of security specialists to investigate each and every event or anomaly.

Incident visualization and investigation are also greatly simplified, as detected elusive threats are presented in a comprehensive fashion, with all contextually relevant information, so that the admins can assess the impact of the threat in seconds. This directly translates into swift incident response tactics that enable admins to use surgical precision to remediate the elusive threat by deleting or quarantining it, containing spread.

This type of evolved prevention, which even comes with the ability to fine-tune the protection level of controls from incident response workflows, helps reduce incident response costs by focusing on truly significant alerts. Unlike traditional EDR, which is usually noisy and overburdens already under-resourced IT teams, a smart EDR solution designed to bring the same early detection capabilities but with pinpoint accuracy is within the reach of any organization, regardless of size, vertical, or IT team size.

It’s the Last 1 Percent of Attacks You Should Worry About

Layered security solutions are doing a great job at detecting, preventing and mitigating close to 99 percent of all threats. However, the last 1 percent – or less – are usually the type of sophisticated attack that flies under the radar. The final frontier in cybersecurity involves having the capability of accurately identifying these elusive threats.

The value of EDR for everyone should lie in its ability to fully integrate with your EPP solution, while enabling IT admins to have a holistic view of the security status of the entire infrastructure. This last 1 percent of attacks is not only elusive, but the attacks can also hide behind background noise generated by trivial security incidents, which is why IT admins need the ability to focus on real dangers and problems by preventing, investigating, detecting, and responding to advanced threats effectively and promptly.

About the author: Liviu Arsene is a Senior E-Threat analyst for Bitdefender, with a strong background in security and technology. Reporting on global trends and developments in computer security, he writes about malware outbreaks and security incidents while coordinating with technical and research departments.

Copyright 2010 Respective Author at Infosec Island
  • February 21st 2018 at 10:16

Vuln: Yab Quarx CVE-2018-7274 Multiple HTML Injection Vulnerabilities

Yab Quarx CVE-2018-7274 Multiple HTML Injection Vulnerabilities
  • February 20th 2018 at 00:00

Bad news: 43% of login attempts 'malicious' Good news: Er, umm...

Also bad: Unpatched systems, unsecured APIs, IoT gear, anthrax candy, bottomless pits

An extraordinary 43 per cent of all attempted online account logins are malicious, Akamai claims in its latest internet security report.…

  • February 21st 2018 at 07:04

Vuln: Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities

Radiant CVE-2018-7261 Multiple HTML Injection Vulnerabilities
  • February 20th 2018 at 00:00

Bugtraq: Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS

Multiple Persistent Cross-Site Scripting Vulnerabilities in Quarx CMS
  • February 21st 2018 at 06:00

Coinbase, Worldpay, Visa play blame game after dosh vanishes from crypto-fans' pockets

By l33tdawg
Coinbase, Worldpay, Visa play blame game after dosh vanishes from crypto-fans' pockets l33tdawg Wed, 02/21/2018 - 00:20
  • February 21st 2018 at 00:20

DOJ looks to improve handling of cyberthreats with new task force

By l33tdawg
DOJ looks to improve handling of cyberthreats with new task force l33tdawg Wed, 02/21/2018 - 00:20
  • February 21st 2018 at 00:20

Now That Most Artifacts Are Digital, Software Experts Need to Play Archeologist

By l33tdawg
Now That Most Artifacts Are Digital, Software Experts Need to Play Archeologist l33tdawg Wed, 02/21/2018 - 00:20
  • February 21st 2018 at 00:20

uTorrent vulnerabilities allow information disclosure and remote code execution

By l33tdawg
uTorrent vulnerabilities allow information disclosure and remote code execution l33tdawg Wed, 02/21/2018 - 00:20
  • February 21st 2018 at 00:20

North Korean Threat Widens to Target Multinationals

By l33tdawg
North Korean Threat Widens to Target Multinationals l33tdawg Wed, 02/21/2018 - 00:17
  • February 21st 2018 at 00:17

State officials get classified briefings on election security

By l33tdawg
State officials get classified briefings on election security l33tdawg Wed, 02/21/2018 - 00:17
  • February 21st 2018 at 00:17

U.S. Customs Wants to Use Your Face As a Boarding Pass

By l33tdawg
U.S. Customs Wants to Use Your Face As a Boarding Pass l33tdawg Wed, 02/21/2018 - 00:17
  • February 21st 2018 at 00:17

Flight Sim Labs’ β€˜Heavy Handed’ Anti-Piracy Tactics Raise Hackles

By l33tdawg
Flight Sim Labs’ β€˜Heavy Handed’ Anti-Piracy Tactics Raise Hackles l33tdawg Wed, 02/21/2018 - 00:17
  • February 21st 2018 at 00:17

SWIFT Network Used in $2 Million Heist at Indian Bank

By l33tdawg
SWIFT Network Used in $2 Million Heist at Indian Bank l33tdawg Wed, 02/21/2018 - 00:12
  • February 21st 2018 at 00:12

Just Over Half of Agencies Met a Web Encryption Security Deadline

By l33tdawg
Just Over Half of Agencies Met a Web Encryption Security Deadline l33tdawg Wed, 02/21/2018 - 00:12
  • February 21st 2018 at 00:12

Flight Sim Labs’ β€˜Heavy Handed’ Anti-Piracy Tactics Raise Hackles

By Lindsey O'Donnell
Developer Flight Sim Labs is in hot water after acknowledging that it has installed malware in its flight simulator product that it said targets pirate users of its software.
Yesterday β€” February 20th 2018Your RSS feeds

Hackers Hijacked Tesla's Cloud to Mine Cryptocurrency

By Lily Hay Newman
The recent rash of cryptojacking attacks has hit a Tesla database that contained potentially sensitive information.

Top 5 Security Apps for Android Users

By Stephen Moramarco

Your smartphone is even more valuable than your wallet. If stolen or compromised, its contents can be used against you; if there is work-related information on there, it can also damage your job. That’s why it’s crucial you keep it safe from thieves and spies (as well as malware). To help, here are the top […]

The post Top 5 Security Apps for Android Users appeared first on InfoSec Resources.


Top 5 Security Apps for Android Users was first posted on February 20, 2018 at 4:07 pm.
Β©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

[remote] Torrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure

Torrent (uTorrent) Classic/Web - JSON-RPC Remote Code Execution / Information Disclosure
  • February 20th 2018 at 00:00

[local] Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation

Microsoft Windows - StorSvc SvcMoveFileInheritSecurity Arbitrary File Creation Privilege Escalation
  • February 20th 2018 at 00:00

[dos] Microsoft Internet Explorer 11 - 'Js::RegexHelper::RegexReplace' Use-After-Free

Microsoft Internet Explorer 11 - 'Js::RegexHelper::RegexReplace' Use-After-Free
  • February 20th 2018 at 00:00

Mozilla's executable installers: FUBAR (that's spelled "fucked-up beyond all repair")

Posted by Stefan Kanthak on Feb 20

Hi @ll,

since many years, Mozilla tries to beat the crap out of their
always vulnerable executable installers: see for example
<https://bugzilla.mozilla.org/show_bug.cgi?id=579593> alias CVE-2010-3131
<https://bugzilla.mozilla.org/show_bug.cgi?id=811557>
<https://bugzilla.mozilla.org/show_bug.cgi?id=792106> alias CVE-2012-4206
<https://bugzilla.mozilla.org/show_bug.cgi?id=961676> alias CVE-2014-1520
<...
  • February 20th 2018 at 18:15

Re: Defense in depth -- the Microsoft way (part 51): Skype's home-grown updater allows escalation of privilege to SYSTEM

Posted by Stefan Kanthak on Feb 20

"Jeffrey Walton" <noloader () gmail com> wrote:

[ http://seclists.org/fulldisclosure/2018/Feb/33 ]

This is of course related: after Zack Whittacker published
<https://www.zdnet.com/article/skype-cannot-fix-security-bug-without-a-massive-code-rewrite/>
some hundred news outlets, bloggers etc. followed up.
Except Zack Whittacker nobody contacted me.
Many copied his article, some others added their own and wrong...
  • February 20th 2018 at 18:15

APPLE-SA-2018-02-19-4 watchOS 4.2.3

Posted by Apple Product Security on Feb 20

APPLE-SA-2018-02-19-4 watchOS 4.2.3

watchOS 4.2.3 is now available and addresses the following:

CoreText
Available for: All Apple Watch models
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

Instructions on how to update your Apple Watch software are
available at...
  • February 20th 2018 at 18:14

APPLE-SA-2018-02-19-3 tvOS 11.2.6

Posted by Apple Product Security on Feb 20

APPLE-SA-2018-02-19-3 tvOS 11.2.6

tvOS 11.2.6 is now available and addresses the following:

CoreText
Available for: Apple TV 4K and Apple TV (4th generation)
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

Apple TV will periodically check for software updates....
  • February 20th 2018 at 18:14

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update

Posted by Apple Product Security on Feb 20

APPLE-SA-2018-02-19-2 macOS High Sierra 10.13.3 Supplemental Update

macOS High Sierra 10.13.3 Supplemental Update is now available and
addresses the following:

CoreText
Available for: macOS High Sierra 10.13.3
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

macOS High...
  • February 20th 2018 at 18:14

APPLE-SA-2018-02-19-1 iOS 11.2.6

Posted by Apple Product Security on Feb 20

APPLE-SA-2018-02-19-1 iOS 11.2.6

iOS 11.2.6 is now available and addresses the following:

CoreText
Available for: iPhone 5s and later, iPad Air and later, and
iPod touch 6th generation
Impact: Processing a maliciously crafted string may lead to heap
corruption
Description: A memory corruption issue was addressed through improved
input validation.
CVE-2018-4124: an anonymous researcher

Installation note:

This update is available through iTunes...
  • February 20th 2018 at 18:14

Navarino Infinity onship unit multiple vulnerabilities

Posted by Vangelis Stykas on Feb 20

There is also a blog post about that on:
https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3
<https://medium.com/@evstykas/pwning-ships-vsat-for-fun-and-profit-ba0fe9f42fb3>

Vulnerability Security Advisory < 201800217 >
=======================================================================
title: Multiple vulnerabilities
product: All Navarino infinity products
vulnerable...
  • February 20th 2018 at 18:12

[Project] Patton: The clever vulnerability knowledge store

Posted by cr0hn on Feb 20

Dear colleagues,

Please, let me to introduce Patton project:

- Patton-Server: https://github.com/BBVA/patton-server
- Patton-CLI: https://github.com/BBVA/patton-cli

Patton is project that store the vulnerability information (CVEs) and
link it with product details (CPE) and allow to ask in a **very clever
way**. What that mean?

Patton can **deduce** the CVEs from an imprecise product name.

It’s useful to detect vulnerabilities without do...
  • February 20th 2018 at 18:11
❌