Security-Portal.cz je internetový portál zaměřený na počítačovou bezpečnost, hacking, anonymitu, počítačové sítě, programování, šifrování, exploity, Linux a BSD systémy. Provozuje spoustu zajímavých služeb a podporuje příznivce v zajímavých projektech.

Kategorie

Researchers unearth a huge botnet army of 500,000 hacked routers

The Hacker News - 2 hodiny 37 min zpět
More than half a million routers and storage devices in dozens of countries have been infected with a piece of highly sophisticated IoT botnet malware, likely designed by Russia-baked state-sponsored group. Cisco's Talos cyber intelligence unit have discovered an advanced piece of IoT botnet malware, dubbed VPNFilter, that has been designed with versatile capabilities to gather intelligence,
Kategorie: Hacking & Security

VPNFilter – is a malware timebomb lurking on your router?

Sophos Naked Security - 4 hodiny 43 min zpět
A Cisco paper reports on zombie malware that has apparently infected more than 500,000 home routers.

Surprise! Student receives $36,000 Google bug bounty for RCE flaw

Sophos Naked Security - 6 hodin 26 sek zpět
What's the only thing better than a bug bounty reward? A bug bounty reward you weren't expecting. Especially one that's worth $36,337.

Ultimate Hacking Training Bundle 2018 – Pay What You Want

The Hacker News - 6 hodin 20 min zpět
Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them. By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical
Kategorie: Hacking & Security

Google in court over ‘clandestine tracking’ of 4.4m iPhone users

Sophos Naked Security - 6 hodin 24 min zpět
The search giant could be looking at a giant fine of up to $4.3b.

Backdoors in D-Link’s backyard

Kaspersky Securelist - 8 hodin 38 min zpět

“If you want to change the world, start with yourself.” In the case of security research this can be rephrased to: “If you want to make the world safer, start with the smart things in your home.” Or, to be more specific, start with your router – the core of any home network as well as an interesting research object. And that router you got from your ISP as part of your internet contract is even more interesting when it comes to research.

The impact of vulnerabilities

Note: the following information about vulnerabilities has been submitted to the respective stakeholders (D-Link, ISP provider, Mitre) and we are publishing this information in accordance with vulnerability disclosure policy.

The following advisory describes four vulnerabilities and hardcoded accounts in D-Link DIR-620 firmware. The firmware runs on various D-Link routers that one of the biggest ISPs in Russia delivers to its customers (this conclusion is based on the fact that the router is provided as part of the standard customer contract and the hardcoded credentials contain the name of the ISP in the login string). This is probably why this particular model of router is so popular in Russia and CIS countries (most home routers are located behind their ISP’s NAT, which is why these routers don’t appear in the statistics).

Geography of vulnerable routers

The object of research

The latest versions of the firmware have hardcoded default credentials that can be exploited by an unauthenticated attacker to gain privileged access to the firmware and to extract sensitive data, e.g., configuration files with plain-text passwords. The vulnerable web interface allows an unauthenticated attacker to run arbitrary JavaScript code in the user environment and run arbitrary commands in the router’s operating system (OS).

Example of firmware interface (probably customized for ISP purposes)

These issues were originally identified in firmware version 1.0.37. Some of the discovered vulnerabilities were also identified in other versions of the firmware:

  • 1.3.1
  • 1.3.3
  • 1.4.0
  • 2.0.22
Technical details Weakness in user data validation (reflected cross-site scripting) (CVE-2018-6212)

The one input field that allows user input – Quick search – inspired me to look deeper into the firmware: the field facilitates an XSS attack vector. A reflected cross-site scripting (XSS) attack is possible as a result of missed filtration for special characters in this field and incorrect processing of the XMLHttpRequest object (this vulnerability was discovered in v.1.3.3, but also present in other versions).

Demonstration of a reflected XSS

Vulnerability metrics:

CVSS v3 Base Score: 6.1

Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)

Hardcoded default credentials for web dashboard (CVE-2018-6213)

I downloaded the firmware and extracted the filesystem. Most Unix-based firmware includes BusyBox – software that provides several stripped-down Unix tools for embedded systems. It can easily identify the proprietary binary files, i.e., all binaries that are not in the original BusyBox toolset and which were probably modified for ISP purposes.

I extracted strings from the web server binary (httpd), and my attention was immediately drawn to the “anonymous” string. I looked at the function where this string was being used.

The code responsible for checking the user’s credentials contains ‘harcoded credentials’

These privileged credentials cannot be changed by the administrator. Privileged access to the dashboard allows an attacker to extract sensitive data.

Vulnerability metrics:

CVSS v3 Base Score: 6.5

Vector: (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

OS command injection (CVE-2018-6211)

An OS command injection vulnerability is possible as a result of incorrect processing of the user’s input data in the following parameter (the vulnerability was discovered in v.1.0.3):

/index.cgi?<…>&res_buf

Example of request with OS command injection

Vulnerability metrics:

CVSS v3 Base Score: 9.1

Vector: (/CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H)

Hardcoded default credentials for Telnet (CVE-2018-6210)

Using the vulnerability above, an attacker can extract Telnet credentials. The credentials were discovered in firmware v1.0.3. For example, by using the default credentials for Telnet an attacker can get administrative access to a router (the fragment of “etc/passwd”).

Demonstration of OS command injection vulnerability

Vulnerability metrics:

CVSS v3 Base Score: 10.0

Vector: (/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

How to fix it

We received an official response from the vendor stating that this router model was no longer supported. In this case, we provide the following recommendations:

  • Restrict any access to the web dashboard using a whitelist of trusted IPs
  • Restrict any access to Telnet
  • Regularly change your router admin username and password
Advisory Status

01/15/2018 – reported to vendor
01/15/2018 – reported to ISP
01/24/2018 – received a response from ISP
02/06/2018 – received a response from vendor. Official statement: the model of router was no longer supported by vendor, so vendor will only patch vulnerabilities if the ISP sends a request to do so.

If you’re interested in similar materials related to vulnerability research and you’d like to receive them first, subscribe to the newsletter

MktoForms2.loadForm("//app-sj06.marketo.com", "802-IJN-240", 18906);

Spam and phishing in Q1 2018

Kaspersky Securelist - 8 hodin 38 min zpět

Quarterly highlights Data leaks

Early 2018 will be remembered for a series of data leak scandals. The most high-profile saw Facebook CEO Mark Zuckerberg grilled by US Congress, with many public figures supporting the Delete Facebook campaign. As a result, Zuckerberg promised to get tough and make it more difficult to harvest data from third-party apps.

But the buck doesn’t stop entirely with the tech giants—personal data often ends up in cybercriminal hands due to user carelessness. Some techniques may be timeworn, but one in particular still reels in the victims: Facebook users are one of the juiciest targets for cyberfraudsters looking to launch mass phishing attacks. Last year Facebook was one of the Top 3 most exploited company names. The schemes are numerous, but fairly standard: the user is asked to “verify” an account or lured into signing into a phishing site on the promise of interesting content.

Examples of phishing pages mimicking Facebook login

Fake pages such as these exist in all languages ​​supported by the social media. Sometimes the correct localization is selected automatically based on the victim’s IP address.

Example of code used by cybercriminals to determine the victim’s location and adapt the phishing page

Data often falls into the hands of cybercriminals through third-party apps that users themselves give access to their accounts and sometimes even allow to post messages on their own behalf.

In early March, for instance, several hundred VKontakte users were hit when third parties gained access to their private correspondence. This happened as a result of apps using the social network’s open API to request access to personal data without guaranteeing its safe storage and use.

In the headline-grabbing case of Cambridge Analytica’s This Is Your Digital Life app, users also handed over personal information voluntarily. Carelessness is the culprit: many people are unaware of just how much data they give away in personality quizzes.

Social media quizzes often ask for a lot of user data,

Remember that cybercriminals often use social media to spread malicious content. For example, we wrote about fake airline giveaways, adult video spam, and even an Alberto Suárez phishing petition.

Another major personal data story was the appearance in Russia of the GetContact app for smartphones, which not only tells users who’s calling, but shows the names under which their contacts are saved in other app users’ phone books. For this, the program needs to be fed not just the user’s own data, but the entire address book (photos, email addresses, even conversation history). That earned GetContact a ban in several countries (even before it appeared in Russia).

Telegram, ICOs, cryptocurrencies

In Q1 a battle royale broke out over the Telegram messenger. It all began late last year with talk of an upcoming ICO. That provided the backdrop for cybercriminals to create, which by the end of Q1 had allegedly raked in as much as the company’s rumored private ICO.

Fake site offering the chance to participate in the Telegram ICO

That was followed by a wave of phishing mailshots to owners of major Russian channels in Telegram. An account under the name Telegram (or something similar) sent a message informing potential victims that suspicious activity had been detected on their account and that confirmation was required to avoid having it blocked. A link was provided to a phishing site masquerading as the login page for the web version of Telegram.

Phishing site mimicking the web version of the Telegram app

If the victim agreed to fill out the form, the cybercriminals gained access to their account, plus the ability to link it to another phone number.

Another spike in scamming activity was recorded when the Internet was buzzing about the imminent takedown of the messenger in Russia. And when the messenger suffered a power outage in a server cluster, it was widely perceived as the start of the ban. Replying to Pavel Durov’s tweet about the malfunction, enterprising cybercriminals offered compensation on his behalf in cryptocurrency. To claim it, users had to follow a link to a site where they were asked to transfer a sum of money to a specified wallet number to receive their “compensation.”

But Telegram does not have a monopoly over the cryptocurrency topic this quarter. We repeatedly encountered phishing sites and email messages exploiting the launch of new ICOs. Cryptocurrency scams often bring in millions of dollars, which explains why cybercriminals are so fond of them.

For instance, on January 31–February 2 the Bee Token startup held an ICO for which participants had to register in advance on the project website, specifying their email address. Cybercriminals managed to get hold of a list of email addresses of potential investors and send out a timely invitation containing e-wallet details for making Ethereum-based investments.

Phishing email supposedly sent from the ICO organizers

123,3275 ether were transferred to this wallet (around $84,162.37). Fraudsters also set up several phishing sites under the guise of the platform’s official site.

A similar scam occurred with the Buzzcoin ICO. The project website invited users to subscribe to a newsletter by leaving an email address. The day before the official ICO start, subscribers received a fraudulent message about the start of pre-sales with a list of cryptowallets to which money should be transferred.

Phishing email supposedly sent from the ICO organizers

Cybercriminals scooped about $15,000 before the organizers took action.

GDPR

One measure that addresses user safety is the General Data Protection Regulation (GDPR), a general policy on the protection and privacy of individuals. This EU regulation has a direct bearing on all companies that process data belonging to EU residents, and therefore has an international scope. The GDPR becomes enforceable on May 25 this year and stipulates large fines (up to EUR 20 million or 4% of annual revenue) for companies whose information activity does not comply with the regulation.

Such a landmark event in the IT world could hardly fail to attract cybercriminals, and in recent months (since the end of last year) we have registered a large number of spam emails related one way or another to the GDPR. It is generally B2B spam—mostly invitations to paid seminars, webinars, and workshops promising to explain the ins and outs of the new regulation and its ramifications for business.

We also came across spam offers to install on the target company’s main website or landing page special fee-based software providing web resources with everything necessary to comply with the new rules. Moreover, the site owner would supposedly be insured against problems relating to user data security.

Spam traffic also contained offers to acquire ready-made specialized databases of individuals and legal entities broken down by business division or other criteria. The sellers had no scruples about stressing that all addresses and contacts for sale were already GDPR-compliant. In fact, harvesting user data and reselling it to third parties without the consent of the owners and data carriers violates not only this regulation, but also the law in general.

Example of a spam message exploiting the GDRP topic

Note that legitimate mailers also became more active. They are already sending notices to users describing the new rules and asking for consent to use and process their data under the new policy. When the new regulation enters into force, the number of such notices will skyrocket, so we predict a surge in scam mailings aimed at obtaining personal info and authentication data for access to various accounts. We urge users to pay close attention to the new regulation and carefully study any notifications related to it. Links should be checked before clicking: they should not contain redirects to third-party sites or domains unrelated to the service on whose behalf the message was sent.

Political spam

In the runup to the Russian presidential elections, we observed a range of political spam, including messages promoting or slurring various candidates. The election topic was used for fraud: cybercriminals sent email messages offering a financial reward for taking part in public opinion polls, as a result of which money ended up being transferred in the opposite direction.

Example of a message inviting recipients to take part in a poll

Phishing for taxpayers

Every country has its own tax year, but as a rule the most active period for dealing with tax services comes at the start of the year. In Q1 we registered many phishing pages mimicking the IRS, HMRC, and other countries’ tax services.

Fake tax service websites

Spam-based malware

Back in Q1 2017 we wrote about a mailout disguised as a resume concealing a malicious file from the Fareit Trojan spyware family. The same quarter 2018, cybercriminals attempted to infect users’ computers with the Smoke Loader  backdoor, also known as Dofoil. Its toolbox includes downloading and installing malware such as cryptocurrency miners, banking Trojans, and ransomware. Smoke Loader could also disable some antivirus software and hide from detection by integrating itself into system processes.

The text of the malicious mailshot varied, with some messages imitating the business correspondence of real company employees. To open the password-protected DOC attachment, the user had to enter the password specified in the message, which triggered a request to enable macros (disabled by default); confirmation proved fatal for message recipients. We observed a trend for password-protected malicious attachments in Q1 2018: such protection hinders detection and increases the chances that the message will reach the recipient.

Examples of emails with malicious attachments

Another long-established social engineering method exploits user fears of infection, data leakage, access denial, and other bugbears. In Q1, this old trick was used to dupe users into parting with cryptocurrency. Most messages tried to scare recipients by reporting that malware was installed on their computer and that personal info (lists of contacts, monitor screenshots, webcam videos, etc.) was compromised. If the scammers didn’t receive a hush payment, it was said, the harvested information would be sent to all the victim’s contacts.

Example of a message with a ransom demand in exchange for not publicizing the victim’s personal data

Some messages from cybercriminals tried not only to extract money, but to install malware on recipients’ computers. The malware was located in a protected archive attachment that the attackers claimed was proof that they had the victim’s data.

Malware under the guise of proving cybercriminal intent

Statistics: spam Proportion of spam in email traffic

Proportion of spam in global email traffic, Q4 2017 and Q1 2018

 

In Q1 2018, the largest share of spam was recorded in January (54.50%). The average share of spam in global email traffic was 51.82%, down 4.63 p.p. against the figure for Q4 2017

Sources of spam by country

Sources of spam by country, Q1 2018

Q1 2018 results put Vietnam (9.22%) top of the leaderboard of spam sources by country. In second place, just 0.64 p.p. behind, came the US (8.55%). The rating’s frequent leader China (7.87%) slipped to third, while India (7.10%) and Germany (6.35%) claimed fourth and fifth. The Top 10 is rounded off by Iran (2.51%).

Spam email size

Spam email size, Q4 2017 and Q1 2018

In Q1 2018, the share of very small emails (up to 2 KB) in spam increased by 19.79 p.p. to 81.62%. Meanwhile,the proportion of emails between 5 and 10 KB in size fell (by 6.05 p.p.) against the previous quarter to 4.11%.

The number of emails between 10 and 20 KB also decreased (by 4.91 p.p.). Likewise, there were fewer emails sized 20 to 50 KB—this quarter they made up just 2.72% of the total, which represents a drop of 6.81 p.p. compared to the previous reporting period.

Malicious attachments in email Top 10 malware families

Top 10 malware families, Q1 2018

 

The most widespread malware family in email traffic this quarter was Trojan-PSW.Win32.Fareit (7.01%), with Backdoor.Java.QRat (6.71%) and Worm.Win32.WBVB (5.75%) completing the Top 3. Fourth place went to Backdoor.Win32.Androm (4.41%), and Trojan.PDF.Badur (3.56%) rounds off the Top 5.

Countries targeted by malicious mailshots

Distribution of Mail Anti-Virus triggers by country, Q1 2018

Germany (14.67%) was this quarter’s leader by number of Mail Anti-Virus triggers, followed by Russia on 6.37% and Britain with a score of 5.43%. Fourth and fifth positions were occupied by Italy (5.40%) and the UAE (4.30%).

Statistics: phishing

In Q1 2018, the Anti-Phishing module prevented 90,245,060 attempts to direct users to scam websites. The share of unique users attacked made up 9.6% of all users of Kaspersky Lab products worldwide.

Geography of attacks

The country with the largest percentage of users affected by phishing attacks in Q1 2018 was Brazil (19.07%, -1.72 p.p.).

Geography of phishing attacks*, Q1 2018

 * Number of users on whose computers Anti-Phishing was triggered as a percentage of the total number of Kaspersky Lab users in that country

Second came Argentina (13.30%), and third place was taken by Venezuela (12.90%). Fourth and fifth went to Albania (12.56%) and Bolivia (12.32%).

 

Country % Brazil 19.07 Argentina 13.30 Venezuela 12.90 Albania 12.56 Bolivia 12.32 Réunion 11.88 Belarus 11.62 Georgia 11.56 France 11.40 Portugal 11.26

Top 10 countries by percentage of users attacked by phishers

Organizations under attack Rating of categories of organizations attacked by phishers

The rating of attacks by phishers on different categories of organizations is based on detections by Kaspersky Lab’s heuristic Anti-Phishing component.  It is activated every time the user attempts to open a phishing page, either by clicking a link in an email or a social media message, or as a result of malware activity. When the component is triggered, a banner is displayed in the browser warning the user about a potential threat.

In Q1 2018, the Global Internet Portals category again took first place with 23.7% (-2.56 p.p.).

Distribution of organizations affected by phishing attacks by category, Q1 2018

However, the combined financial category—banks (18.25%), online stores (17.26%), payment systems (8.41%)—still accounted for almost half of all attacks (43.92%), which is up 4.46 p.p. against the previous quarter . The next categories in descending order were Government Organizations (4.75%), Social Networks and Blogs (4.11%), Telecommunications Companies (2.47%), IT Companies (1.55%), Messengers (0.66%), Online Games (0.43%), and Airlines (0.07%).

Conclusion

The quarter’s main topic, one that we will likely return to many times this year, is personal data. It remains one of the most sought-after wares in the world of information technology for app and service developers, owners of various agencies, and, of course, cybercriminals. Unfortunately, many users still fail to grasp the need to protect their personal information and don’t pay attention to who and how their data is transferred in social media.

Cybercriminal interest in personal data is confirmed by our analysis of spam traffic, where one of the main topics remains mail phishing employing a range of social and technical engineering methods. Throughout the quarter, we observed fake notifications on behalf of social media and popular services, bank phishing, and “Nigerian prince” emails.

The GDPR, set to come on stream in late May, is intended to correct the situation regarding personal data, at least in the EU . Time will tell how effective it is. But one thing is clear: even before its introduction, the new regulation is being actively exploited as a topic by cybercriminals and many others. Regrettably, the GDPR is unlikely to fix the situation.

In Q1 2018, the average share of spam in global email traffic was 51.82%, down 4.63 p.p. against Q4 2017; the Anti-Phishing module blocked 90,245,060 attempts to direct users to fraudulent pages; and Brazil (19.07%, -1.72 p.p.) had the largest share of users attacked by phishers.

Based on the quarter results, it is safe to predict that scammers will continue to exploit “fashionable” topics,  two of which are cryptocurrencies and new ICOs. Given that these topics have begun to attract interest from the general public, a successful attack can reap vast rewards.

Hackers are exploiting a new zero-day flaw in GPON routers

The Hacker News - 9 hodin 23 min zpět
Even after being aware of various active cyber attacks against the GPON Wi-Fi routers, if you haven't yet taken them off the Internet, then be careful—because a new botnet has joined the GPON party, which is exploiting an undisclosed zero-day vulnerability in the wild. Security researchers from Qihoo 360 Netlab have warned of at least one botnet operator exploiting a new zero-day
Kategorie: Hacking & Security

Hackeři ošálili švýcarskou banku, peníze prali v Plzni

Novinky.cz - bezpečnost - 11 hodin 28 min zpět
Plzeňští policisté zabodovali na mezinárodní scéně v boji proti kybernetické kriminalitě v bankovním sektoru. Podařilo se jim rozkrýt poslední článek hackerského útoku na švýcarskou banku Falcon Private Bank, do jehož internetového bankovnictví se loni kdosi naboural a jednoho z jejích klientů připravil o téměř dva milióny korun.
Kategorie: Hacking & Security

Chinese Hackers Find Over a Dozen Vulnerabilities in BMW Cars

The Hacker News - 11 hodin 53 min zpět
Chinese security researchers have discovered more than a dozen vulnerabilities in the onboard compute units of BMW cars, some of which can be exploited remotely to compromise a vehicle. The security flaws have been discovered during a year-long security audit conducted by researchers from Keen Security Lab, a cybersecurity research unit of Chinese firm Tencent, between January 2017 and
Kategorie: Hacking & Security

Researchers Say More Spectre-Related CPU Flaws On Horizon

Threatpost - 22 Květen, 2018 - 23:20
Yet another speculative execution side channel flaw has been disclosed in processors - and security experts warn that more may be out there.
Kategorie: Hacking & Security

Six Vulnerabilities Found in Dell EMC’s Disaster Recovery System, One Critical

Threatpost - 22 Květen, 2018 - 20:23
A pen-tester has found five vulnerabilities in Dell EMC RecoverPoint devices, including a critical RCE that could allow total system compromise.
Kategorie: Hacking & Security

New speculative-execution vulnerability strikes AMD, ARM, and Intel

Ars Technica - 22 Květen, 2018 - 18:24

Intel Skylake die shot. (credit: Intel)

A new attack that uses processors' speculative-execution capabilities to leak data, named Speculative Store Bypass (SSB), has been published after being independently discovered by Microsoft's Security Response Center and Google Project Zero. Processors from Intel and AMD, along with some of those using ARM's designs, are all affected.

Since the Meltdown and Spectre flaws were announced earlier this year, the speculative and predictive capabilities of modern microprocessors have been closely examined, revealing several new attacks.

All the attacks follow a common set of principles. Each processor has an architectural behavior (the documented behavior that describes how the instructions work and that programmers depend on to write their programs) and a microarchitectural behavior (the way an actual implementation of the architecture behaves). These can diverge in subtle ways. For example, architecturally, a program that loads a value from a particular address in memory will wait until the address is known before trying to perform the load. Microarchitecturally, however, the processor might try to speculatively guess at the address so that it can start loading the value from memory (which is slow) even before it's absolutely certain of which address it should use.

Read 8 remaining paragraphs | Comments

Kategorie: Hacking & Security

Server? What server? Site forgotten for 12 years attracts hacks, fines

Sophos Naked Security - 22 Květen, 2018 - 18:17
The University of Greenwich might not have noticed the website but hackers did.

Comcast Patches Router Bug That Leaked Some Wi-Fi Passwords

Threatpost - 22 Květen, 2018 - 18:09
A bug in Comcast’s activation website for its Xfinity routers leaked sensitive customer data.
Kategorie: Hacking & Security

Rachel McBride Talks Online CISM Training with InfoSec Institute

InfoSec Institute Resources - 22 Květen, 2018 - 17:24

Rachel McBride is a certified ITIL Expert and Senior Consultant at Vintun, a Virginia-based information, program and technology solutions provider. A seasoned business analyst and project manager with over 15 years of experience, Rachel enrolled in InfoSec Institute’s Certified Information Security Manager (CISM) Boot Camp in early 2018 to secure her CISM certification and advance […]

The post Rachel McBride Talks Online CISM Training with InfoSec Institute appeared first on InfoSec Resources.

Rachel McBride Talks Online CISM Training with InfoSec Institute was first posted on May 22, 2018 at 10:24 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com
Kategorie: Hacking & Security

TeenSafe phone monitoring app leaks teens’ iCloud logins in plaintext

Sophos Naked Security - 22 Květen, 2018 - 16:44
The "secure" monitoring app is used by over a million parents.

Intel Responds to Spectre-Like Flaw In CPUs

Threatpost - 22 Květen, 2018 - 16:03
Intel on Monday acknowledged that its processors are vulnerable to another Spectre-like speculative execution side channel flaw that could allow attackers to access information.
Kategorie: Hacking & Security

Už žádné flešky a externí disky. IBM je všem zaměstnancům natvrdo zakázalo

Zive.cz - bezpečnost - 22 Květen, 2018 - 14:50
Hlavní bezpečnostní šéf IBM Shamla Naidoo zavedl novou bezpečnostní politiku, která platí pro všechny zaměstnance a počítače IBM po celém světě. Nikdo nesmí do firemního počítače připojit externí úložiště dat, ať už jde o paměťovou kartu, flash disk nebo větší externí disk. IBM už sice tento zákaz ...
Kategorie: Hacking & Security

Please vote for Naked Security at the European Blogger Awards 2018!

Sophos Naked Security - 22 Květen, 2018 - 13:49
We've been nominated in 8 categories at the European Blogger Awards 2018... but we need your help to win!
Syndikovat obsah