Viry a Červi

Monday review – the hot 21 stories of the week

Sophos Naked Security - 11 Prosinec, 2017 - 11:23
Get yourself up to date with everything we've written in the last seven days - it's weekly roundup time.

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Virus Bulletin News - 11 Prosinec, 2017 - 11:15
Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.

Read more
Kategorie: Viry a Červi

VB2017 video: Spora: the saga continues a.k.a. how to ruin your research in a week

Virus Bulletin News - 11 Prosinec, 2017 - 11:15
Today, we publish the video of the VB2017 presentation by Avast researcher Jakub Kroustek and his former colleague Előd Kironský, now at ESET, who told the story of Spora, one of of the most prominent ransomware families of 2017.

Read more
Kategorie: Viry a Červi

Language bugs infest downstream software, fuzzer finds

The Register - Anti-Virus - 11 Prosinec, 2017 - 09:04
And you worked so hard to make it secure

Developers working in secure development guidelines can still be bitten by upstream bugs in the languages they use.…

Kategorie: Viry a Červi

Leftover Synaptics debugger puts a keylogger on HP laptops

The Register - Anti-Virus - 11 Prosinec, 2017 - 07:03
Vendor first to patch, expect other OEMs to follow

For the second time this year, HP Inc has had to patch its laptops after a security researcher found a driver-level keylogger – and this time, other laptop-makers might have to check their own products.…

Kategorie: Viry a Červi

Microsoft Dynamics 365 sandbox leaked TLS certificate's private parts

The Register - Anti-Virus - 11 Prosinec, 2017 - 01:31
Hey Redmond, is this your secret key?

Another day, another credential found wandering without a leash: Microsoft accidentally left a Dynamics 365 TLS certificate and private key where they could leak, and according to the discoverer, took 100 days to fix the bungle.…

Kategorie: Viry a Červi

Android Flaw Allows Attackers to Poison Signed Apps with Malicious Code

VirusList.com - 8 Prosinec, 2017 - 23:20
An Android vulnerability called Janus allows attackers to inject malicious code into signed Android apps.
Kategorie: Viry a Červi

Android flaw lets attack code slip into signed apps

The Register - Anti-Virus - 8 Prosinec, 2017 - 22:06
Janus bug leaves APKs vulnerable to poisoning

Researchers say a recently patched vulnerability in Android could leave users vulnerable to attack from signed apps.…

Kategorie: Viry a Červi

Apple Fixes Flaw Impacting HomeKit Devices

VirusList.com - 8 Prosinec, 2017 - 16:31
Apple said it has fixed an undisclosed vulnerability in its HomeKit framework that could have allowed unauthorized remote control of HomeKit devices such as smart locks and connected garage door openers.
Kategorie: Viry a Červi

Phishing embraces HTTPS, hoping you’ll “check for the padlock”

Sophos Naked Security - 8 Prosinec, 2017 - 16:12
HTTPS is one of security’s great love affairs, but it's not all roses.

UK.gov law resources now untrustworthy, according to browsers

The Register - Anti-Virus - 8 Prosinec, 2017 - 15:25
justice.gov.uk website SSL certificate expires

The SSL certificate on the criminal justice and court listing site justice.gov.uk expired yesterday, causing browsers to now warn users that their information is at risk.…

Kategorie: Viry a Červi

Next-gen telco protocol Diameter has last-gen security – researchers

The Register - Anti-Virus - 8 Prosinec, 2017 - 14:10
Infosec boffins raise flags

Some of the well-known weaknesses of SS7 Roaming Networks have been replicated in the next-gen telco protocol, Diameter.…

Kategorie: Viry a Červi

Google AI teaches itself ‘superhuman’ chess skills in four hours

Sophos Naked Security - 8 Prosinec, 2017 - 12:39
Move aside, ugly, giant bags of mostly water, the computers are teaching themselves now

Sloppy coding + huge PSD2 changes = Lots of late nights for banking devs next year

The Register - Anti-Virus - 8 Prosinec, 2017 - 11:07
*Cough* Cobol, .NET *cough*

Poorly written code is leaving banks at greater risk of attack and poorly prepared for big changes in the financial sector due to come into effect early next year.…

Kategorie: Viry a Červi

VMware and Carbon Black: you complete me, no <i>you</i> complete <i>me</i>

The Register - Anti-Virus - 8 Prosinec, 2017 - 05:03
Virtzilla's App Defence and CB's endpoint protection combine for whitelist-fest

VMware and Carbon Black have joined forces to enhance each other's security wares.…

Kategorie: Viry a Červi

Uber disguised $100,000 hacker payoff as bug bounty, claims Reuters

Sophos Naked Security - 8 Prosinec, 2017 - 03:05
Can a hacker's extortion demand ever be paid off as though it were a bug bounty? Or is that a step too far?

Apple fills the KRACK on iPhones – at last

Sophos Naked Security - 8 Prosinec, 2017 - 01:45
KRACK is a Wi-Fi encryption bug - Apple patched it quickly, but only for iPhone 7 and later. Now everyone else gets a patch, too...

Security industry needs to be less trusting to get more secure

The Register - Anti-Virus - 8 Prosinec, 2017 - 00:01
Black Hat crowd encouraged to be paranoid

Delegates to Black Hat Europe have been encouraged to turn conventional security thinking on its head by practicing security through distrust.…

Kategorie: Viry a Červi

Apple gets around to patching all the other High Sierra security holes

The Register - Anti-Virus - 7 Prosinec, 2017 - 21:47
Another week, another Mac patch to install

Apple has released a security update to address nearly two dozen vulnerabilities in macOS High Sierra.…

Kategorie: Viry a Červi

Banking Apps Found Vulnerable to MITM Attacks

VirusList.com - 7 Prosinec, 2017 - 19:51
Using a free tool called Spinner, researchers identified certificate pinning vulnerabilities in mobile banking apps that left customers vulnerable to man-in-the-middle attacks.
Kategorie: Viry a Červi
Syndikovat obsah