Kategorie

317 researchers from 78 countries turned 2018 into a worldwide bug-crunching spree.

Internet Explorer (IE) may have launched way back in 1995 but nearly a quarter of a century later it’s still creating work for Microsoft and Windows users.

The flaw is only one of many romance-related security issues as bad actors take advantage of Valentine's Day.

The United States Department of Justice has announced espionage charges against a former US Air Force intelligence officer with the highest level of top-secret clearance for providing the Iranian government classified defense information after she defected to Iran in 2013. Monica Elfriede Witt, 39, was a former U.S. Air Force Intelligence Specialist and Special Agent of the Air Force Office

Až 73 % tuzemských zaměstnanců alespoň jednou během svého působení v nějaké společnosti ohrozilo firemní data. Často nevědomky, přestože výjimkou není ani úmyslné zneužití. Vyplývá to z analýzy technologické společnosti Safetica, která se zaměřuje na ochranu firemních dat.

Příští OTA aktualizace automobilů Tesla přinese zajímavou novinku. Pokud se vozidlo ocitne v nebezpečí, spustí se místo ječící sirény vážná hudba – konkrétně nejznámější varhanní skladba Johanna Sebastian Bacha Tokáta a fuga d moll. Únorový update přidá dvě funkce – Sentry Mode a Dog Mode – ...

Our top tips for Valentine's Day and beyond - all in just 5 minutes. Enjoy!

Researchers have identified multiple security issues with this Lenovo smartwatch.

Banking trojans, led by the ever-changing Emotet, dominated the email-borne threat landscape in Q4, according to Proofpoint.

Posted by Andrew Ahn, Product Manager, Google Play
[Cross-posted from the Android Developers Blog]

Google Play is committed to providing a secure and safe platform for billions of Android users on their journey discovering and experiencing the apps they love and enjoy. To deliver against this commitment, we worked last year to improve our abuse detection technologies and systems, and significantly increased our team of product managers, engineers, policy experts, and operations leaders to fight against bad actors.
In 2018, we introduced a series of new policies to protect users from new abuse trends, detected and removed malicious developers faster, and stopped more malicious apps from entering the Google Play Store than ever before. The number of rejected app submissions increased by more than 55 percent, and we increased app suspensions by more than 66 percent. These increases can be attributed to our continued efforts to tighten policies to reduce the number of harmful apps on the Play Store, as well as our investments in automated protections and human review processes that play critical roles in identifying and enforcing on bad apps.
In addition to identifying and stopping bad apps from entering the Play Store, our Google Play Protect system now scans over 50 billion apps on users' devices each day to make sure apps installed on the device aren't behaving in harmful ways. With such protection, apps from Google Play are eight times less likely to harm a user's device than Android apps from other sources.
Here are some areas we've been focusing on in the last year and that will continue to be a priority for us in 2019:
Protecting User PrivacyProtecting users' data and privacy is a critical factor in building user trust. We've long required developers to limit their device permission requests to what's necessary to provide the features of an app. Also, to help users understand how their data is being used, we've required developers to provide prominent disclosures about the collection and use of sensitive user data. Last year, we rejected or removed tens of thousands of apps that weren't in compliance with Play's policies related to user data and privacy.
In October 2018, we announced a new policy restricting the use of the SMS and Call Log permissions to a limited number of cases, such as where an app has been selected as the user's default app for making calls or sending text messages. We've recently started to remove apps from Google Play that violate this policy. We plan to introduce additional policies for device permissions and user data throughout 2019.
Developer integrityWe find that over 80% of severe policy violations are conducted by repeat offenders and abusive developer networks. When malicious developers are banned, they often create new accounts or buy developer accounts on the black market in order to come back to Google Play. We've further enhanced our clustering and account matching technologies, and by combining these technologies with the expertise of our human reviewers, we've made it more difficult for spammy developer networks to gain installs by blocking their apps from being published in the first place.
Harmful app contents and behaviorsAs mentioned in last year's blog post, we fought against hundreds of thousands of impersonators, apps with inappropriate content, and Potentially Harmful Applications (PHAs). In a continued fight against these types of apps, not only do we apply advanced machine learning models to spot suspicious apps, we also conduct static and dynamic analyses, intelligently use user engagement and feedback data, and leverage skilled human reviews, which have helped in finding more bad apps with higher accuracy and efficiency.
Despite our enhanced and added layers of defense against bad apps, we know bad actors will continue to try to evade our systems by changing their tactics and cloaking bad behaviors. We will continue to enhance our capabilities to counter such adversarial behavior, and work relentlessly to provide our users with a secure and safe app store.
How useful did you find this blog post?
★ ★ ★ ★ ★

Ubuntu and some other Linux distributions suffer from a severe privilege escalation vulnerability that could allow a local attacker or a malicious program to obtain root privileges and total control over the targeted system. Dubbed "Dirty_Sock" and identified as CVE-2019-7304, the vulnerability was discovered by security researcher Chris Moberly, who privately disclosed it to Canonical, the

The issue affects default installations of Ubuntu Server and Desktop and is likely included in many Ubuntu-like Linux distributions.

Ever since Apple announced enhanced privacy protection for macOS Mojave 10.14 last September, a dedicated band of researchers has been poking away at it looking for security flaws. Here's another.

There are no permission dialogues for apps in certain folders for macOS Mojave, which allows a malicious app to spy on browsing histories..

... and enables de-authenticaton attacks that could knock targeted systems off the Wi-Fi and onto one of these nefarious cables.

Michael Schwartz s kolegy z Technické univerzity ve Štýrském Hradci popsal na Arxivu (via Ars Technica) novou techniku počítačového malwaru, který neodhalí žádný antivirus. Jejich experimentální virus totiž přežívá v nedotknutelné a silně šifrované části paměti RAM, kterou si vytvoří ...

Here's the latest Naked Security podcast - enjoy!

Late last year, Sophos published a blog post describing a new tactic in the arms race between hackers trying to sneak malicious content past anti-malware and data exfiltration scanners and the network defenders trying to stop them. The post was based on a Tweet by security researcher Paul Melson, where he shows an example of […]

The post Hiding Malware in Certificates appeared first on InfoSec Resources.

Hiding Malware in Certificates was first posted on February 13, 2019 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

A use case typically describes a situation where and how a system, product or service can be used. This is usually a short list of steps an actor should take in order to reach a goal. The concept of use cases is very broad. A use case could, for instance, cover the installation of a […]

The post 5 Key Cloud Security Use Cases appeared first on InfoSec Resources.

5 Key Cloud Security Use Cases was first posted on February 13, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction to 13 Popular Wireless Hacking Tools Internet is now the basic need of our daily life. With the increasing use of smartphones, most of the things are now online. Every time we have to do something, we just use our smartphone or desktop. This is the reason wi-fi hotspots can be found everywhere. People also […]

The post 13 Popular Wireless Hacking Tools [Updated for 2019] appeared first on InfoSec Resources.

13 Popular Wireless Hacking Tools [Updated for 2019] was first posted on February 13, 2019 at 7:59 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com