Threatpost

Syndikovat obsah Threatpost | The first stop for security news
The First Stop For Security News
Aktualizace: 55 min 58 sek zpět

Threatpost News Wrap, September 29, 2017

29 Září, 2017 - 15:00
The macOS Keychain attack, Signal's new private contact discovery service, the Deloitte hack, and a handful of mobile stock trading app vulnerabilities are discussed.
Kategorie: Hacking & Security

Macs Not Receiving EFI Firmware Security Updates as Expected

29 Září, 2017 - 14:00
Researchers at Duo Security are expected today at Ekoparty to reveal data and a paper that shows Mac users are not receiving EFI firmware updates at expected.
Kategorie: Hacking & Security

Google to Enforce HSTS on TLDs it Operates

28 Září, 2017 - 22:00
Google, through Google Domains, operates many TLDs, and this week said it would begin enforcing HSTS on those TLDs. HSTS forces secure client connections over HTTPS.
Kategorie: Hacking & Security

Civil Liberties Activists Hit By Phishing Campaign

28 Září, 2017 - 20:40
Digital civil liberty activists with Fight for the Future and Free Press were hit with a phishing emails designed to steal business credentials earlier this summer.
Kategorie: Hacking & Security

Windows Defender Bypass Tricks OS into Running Malicious Code

28 Září, 2017 - 16:36
Researchers at CyberArk have devised a Windows Defender bypass that tricks the operating system into executing malicious code while Defender scans a benign file.
Kategorie: Hacking & Security

Gatekeeper Alone Won’t Mitigate Apple Keychain Attack

27 Září, 2017 - 19:48
Apple said that macOS' native Gatekeeper security feature would protect against a Keychain attack disclosed this week, but researcher Patrick Wardle said that won't help against Mac malware signed with an Apple certificate.
Kategorie: Hacking & Security

Signal Testing New Private Contact Discovery Service

27 Září, 2017 - 19:16
Signal is testing out a new private contact discovery service that will let the app determine if a user has Signal contacts in their address book, but forbid its servers from accessing the users’ address book.
Kategorie: Hacking & Security

Remote Wi-Fi Attack Backdoors iPhone 7

27 Září, 2017 - 14:00
Google’s Project Zero released a proof-of-concept attack against a Wi-Fi firmware vulnerability in Broadcom chips that backdoors the iPhone 7. The flaw was patched in iOS 11.
Kategorie: Hacking & Security

Oracle Patches Apache Struts, Reminds Users to Update Equifax Bug

26 Září, 2017 - 20:28
Oracle released fixes for a handful of recently patched Apache Struts 2 vulnerabilities late last week.
Kategorie: Hacking & Security

macOS High Sierra Available—And Vulnerable to Keychain Attack

26 Září, 2017 - 20:00
Researcher Patrick Wardle has discovered a critical vulnerability that allows an attacker to dump passwords in plaintext from the macOS Keychain. The vulnerability is in macOS High Sierra, Sierra and El Capitan, and has yet to be patched.
Kategorie: Hacking & Security

Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities

26 Září, 2017 - 16:36
IOActive analyzed 21 mobile stock trading platforms and found vulnerabilities that put transactions and personal information at risk. Of the 13 firms notified, only two acknowledged the disclosure.
Kategorie: Hacking & Security

Deloitte: ‘Very Few Clients’ Impacted by Cyber Attack

25 Září, 2017 - 20:45
Deloitte, one of the "big four" global accounting firms, admitted it fell victim to a cyber attack last year but downplayed the incident on Monday saying it only affected a few of its high profile clients.
Kategorie: Hacking & Security

Android Lockscreen Patterns Less Secure Than PINs

25 Září, 2017 - 20:17
Researchers settle PIN versus pattern debate with study that proves a low-tech hack makes cracking an unlock screen simple.
Kategorie: Hacking & Security

Chris Vickery on Amazon S3 Data Leaks

25 Září, 2017 - 17:15
Mike Mimoso talks to Chris Vickery of Upguard of the recent rash of Amazon S3 data leaks.
Kategorie: Hacking & Security

Adobe Private PGP Key Leak a Blunder, But It Could Have Been Worse

25 Září, 2017 - 15:30
Adobe suffered at a minimum a PR black eye on Friday when one of its private PGP keys was inadvertently published to its Product Incident Security Response Team (PSIRT) blog.
Kategorie: Hacking & Security

Verizon Wireless Internal Credentials, Infrastructure Details Exposed in Amazon S3 Bucket

22 Září, 2017 - 21:56
Verizon is the latest company to leak confidential data through an exposed Amazon S3 bucket.
Kategorie: Hacking & Security

EternalBlue Exploit Used in Retefe Banking Trojan Campaign

22 Září, 2017 - 20:02
Banking Trojan Retefe is adopting new WannaCry tricks, adding an EternalBlue module to propagate the malware.
Kategorie: Hacking & Security

2016 SEC Hack May Have Benefited Insider Trading

22 Září, 2017 - 17:47
The U.S. Securities and Exchange Commission said this week that hackers managed to infiltrate one of its systems last year, something that likely facilitated insider trading.
Kategorie: Hacking & Security

Samba Update Patches Two SMB-Related MiTM Bugs

22 Září, 2017 - 17:00
Samba released three security updates, including two related to SMB connections that could be abused by an attacker already on the network to hijack connections and manipulate traffic or data sent from a client.
Kategorie: Hacking & Security

What’s New In Android 8.0 Oreo Security

22 Září, 2017 - 16:00
Google’s Android security team has turned a corner with 8.0 Oreo, reducing the attack surface, compartmentalizing components and beefing up protection against rogue apps.
Kategorie: Hacking & Security