Kategorie

The savvy technique of avoiding malicious links in the email allowed the phishing attack to reach its targets.

Up to 24 Apache Struts Security Advisories listed the wrong versions that were impacted by vulnerabilities, researchers warn.

Update — With this month's patch Tuesday updates, Microsoft has finally addressed this vulnerability, tracked as CVE-2019-1162, by correcting how the Windows operating system handles calls to Advanced Local Procedure Call (ALPC). A Google security researcher has just disclosed details of a 20-year-old unpatched high-severity vulnerability affecting all versions of Microsoft Windows, back

700,000 customer records were exposed after being housed on a vendor's server that lacked appropriate security.

Researchers said that clickjacking is a threat that's evolving, with new tactics just starting to emerge.

The bug's in Firefox, but our advice is worth reading whether you use Firefox or not.

At Infosec, we believe knowledge is the most powerful tool in the fight against cybercrime. We help IT and security professionals advance their careers with a full regimen of certifications and skills development training. We also empower all employees with security awareness and training to stay cybersecure at work and home. Founded by smart people […]

The post About Infosec appeared first on Infosec Resources.

About Infosec was first posted on August 15, 2019 at 11:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Episode 4 of the Naked Security Podcast is now live - listen now!

There are many ways to compromise company data, but IT teams often overlook one of the most serious: the humble printer.

Introduction In the cybersecurity field, certifications go a long way. Not only do they teach you the skills and knowledge you need to succeed in various career pathways, but they also net you a higher salary. Plus, when it comes time to apply for a new job or promotion, your certification will put you a […]

The post CySA+ jobs outlook appeared first on Infosec Resources.

CySA+ jobs outlook was first posted on August 15, 2019 at 8:03 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction: What is the DoD’s actual cyber-strategy? In order to execute the national cyber-strategy, the U.S. Department of Defense (DoD) is striving to make its operatives more skilled with specialized training opportunities and by increasing efficiency in recruitment and in the hiring and training of personnel in information assurance (IA) duties. The Information Assurance Workforce […]

The post CySA+: IA levels appeared first on Infosec Resources.

CySA+: IA levels was first posted on August 15, 2019 at 8:01 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction Hiring information security professionals with the right credentials is a priority for most all organizations these days. With all that can go wrong, from cyberattacks to insider threats, organizations have a strong interest in stamping out these potential threats to their business.  Hiring information security professionals that hold a CySA+ certification is a move […]

The post CySA+: Increasing the organization’s credibility appeared first on Infosec Resources.

CySA+: Increasing the organization’s credibility was first posted on August 15, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Introduction This article gives details about assembly programming for the Intel 8086 microprocessor. It also presents very clear details by providing example cases, definitions and syntax explanations on arithmetic instructions, logical instructions and operands. Why study this topic? It’s important to understand the basic concepts of computer architecture, chip logic and memory management. People dealing […]

The post Assembly Basics appeared first on Infosec Resources.

Assembly Basics was first posted on August 15, 2019 at 8:00 am.
©2017 "InfoSec Resources". Use of this feed is for personal non-commercial use only. If you are not reading this article in your feed reader, then the site is guilty of copyright infringement. Please contact me at darren.dalasta@infosecinstitute.com

Posted by Jennifer Pullman, Kurt Thomas, and Elie Bursztein, Spam and Abuse research

Back in February, we announced the Password Checkup extension for Chrome to help keep all your online accounts safe from hijacking. The extension displays a warning whenever you sign in to a site using one of over 4 billion usernames and passwords that Google knows to be unsafe due to a third-party data breach. Since our launch, over 650,000 people have participated in our early experiment. In the first month alone, we scanned 21 million usernames and passwords and flagged over 316,000 as unsafe---1.5% of sign-ins scanned by the extension.
Today, we are sharing our most recent lessons from the launch and announcing an updated set of features for the Password Checkup extension. Our full research study, available here, will be presented this week as part of the USENIX Security Symposium.

Which accounts are most at risk?

Hijackers routinely attempt to sign in to sites across the web with every credential exposed by a third-party breach. If you use strong, unique passwords for all your accounts, this risk disappears. Based on anonymous telemetry reported by the Password Checkup extension, we found that users reused breached, unsafe credentials for some of their most sensitive financial, government, and email accounts. This risk was even more prevalent on shopping sites (where users may save credit card details), news, and entertainment sites.

In fact, outside the most popular web sites, users are 2.5X more likely to reuse vulnerable passwords, putting their account at risk of hijacking.
Anonymous telemetry reported by Password Checkup extension shows that users most often reuse vulnerable passwords on shopping, news, and entertainment sites.

Helping users re-secure their unsafe passwords

Our research shows that users opt to reset 26% of the unsafe passwords flagged by the Password Checkup extension. Even better, 60% of new passwords are secure against guessing attacks—meaning it would take an attacker over a hundred million guesses before identifying the new password.
Improving the Password Checkup extension

Today, we are also releasing two new features for the Password Checkup extension. The first is a direct feedback mechanism where users can inform us about any issues that they are facing via a quick comment box. The second gives users even more control over their data. It allows users to opt-out of the anonymous telemetry that the extension reports, including the number of lookups that surface an unsafe credential, whether an alert leads to a password change, and the domain involved for improving site coverage. By design, the Password Checkup extension ensures that Google never learns your username or password, regardless of whether you enable telemetry, but we still want to provide this option if users would prefer not to share this information.


We're continuing to improve the Password Checkup extension and exploring ways to implement its technology into Google products. For help keeping all your online accounts safe from hijacking, you can install the Password Checkup extension here today.

In this digital era, the success of almost every marketing, advertising, and analytics company drives through tracking users across the Internet to identify them and learn their interests to provide targeted ads. Most of these solutions rely on 3rd-party cookies, a cookie set on a domain other than the one you are browsing, which allows companies including Google and Facebook to fingerprint

The vanity plate sounded good in theory: maybe it would make his plate invisible to ALPR systems?!

Have you heard about the recent leak affecting the hacking forum Cracked.to? Last Friday the forum's database of 321,000 members and 749,161 unique email addresses was leaked on rival site, RaidForums. Learn the details in this interesting article:

When users of hacking forums turn on each other, expect things to get messy quickly.

Facebook says it's paused the practice of collecting voice clips and sending them to employees to transcribe and analyze.

Jihokorejský výrobce bezpečnostních podnikových systémů Suprema má vážný problém. Na webu kdosi zpřístupnil data z Jeho biometrické služby BioStar 2, kterou využívají společnosti po celém světě včetně nejrůznějších bank nebo britské policie. Uniklá data objevili izraelští výzkumníci ...