Viry a Červi

Chinese database details 2.4 million influential people, their kids, addresses, and how to press their buttons

The Register - Anti-Virus - 15 Září, 2020 - 08:27
Compiled using mostly open-source intel, shines a light on extent of China’s surveillance activities

A US academic has revealed the existence of 2.4-million-person database he says was compiled by a Chinese company known to supply intelligence, military, and security agencies. The researcher alleges the purpose of the database is enabling influence operations to be conducted against prominent and influential people outside China.…

Kategorie: Viry a Červi

Infosec big names rally against US voting app maker's bid to outlaw unsanctioned bug hunting via T&Cs

The Register - Anti-Virus - 15 Září, 2020 - 03:08
Probing systems during a live election 'to be treated as hostile unless authorization granted,' Voatz insists

About 70 members of the computer security community on Monday challenged US voting app maker Voatz's effort to dictate the terms under which bug hunters can look for code flaws.…

Kategorie: Viry a Červi

What do F5, Citrix, Pulse Secure all have in common? China exploiting their flaws to hack govt, biz – Feds

The Register - Anti-Virus - 15 Září, 2020 - 01:58
Beijing's snoops don't even need zero-days to break into valuable networks

The US government says the Chinese government's hackers are preying on a host of high-profile security holes in enterprise IT equipment to infiltrate Uncle Sam's agencies and American businesses.…

Kategorie: Viry a Červi

Feds Warn Nation-State Hackers are Actively Exploiting Unpatched Microsoft Exchange, F5, VPN Bugs

VirusList.com - 14 Září, 2020 - 23:20
Monday's CISA advisory is a staunch reminder for federal government and private sector entities to apply patches for flaws in F5 BIG-IP devices, Citrix VPNs, Pulse Secure VPNs and Microsoft Exchange servers.
Kategorie: Viry a Červi

Court hearing on election security is zoombombed on 9/11 anniversary with porn, swastikas, pics of WTC attacks

The Register - Anti-Virus - 14 Září, 2020 - 23:03
Atlanta to upgrade software license with more protection, clerk tells us

A court hearing on election security in America failed in its own security efforts – when it was zoombombed with porn, swastikas and images of the World Trade Center attacks.…

Kategorie: Viry a Červi

Take your pick: 'Hack-proof' blockchain-powered padlock defeated by Bluetooth replay attack or 1kg lump hammer

The Register - Anti-Virus - 14 Září, 2020 - 22:12
You can do it the easy way or the easier way

A "hack-proof" smart padlock with security based on blockchain technology could be defeated by a simple Bluetooth replay attack – or a 1kg lump hammer.…

Kategorie: Viry a Červi

Cloud Leak Exposes 320M Dating-Site Records

VirusList.com - 14 Září, 2020 - 22:00
A misconfigured, Mailfire-owned Elasticsearch server impacted 70 dating and e-commerce sites, exposing PII and details such as romantic preferences.
Kategorie: Viry a Červi

Personal data from Experian on 40% of South Africa's population has been bundled onto a file-sharing website

The Register - Anti-Virus - 14 Září, 2020 - 19:00
August breach hadn't been cleared up at all – and regulators are furious

Personal data on 24 million South Africans, wrongfully sold by Experian to a person it claimed had "pretended" to represent a "legitimate client", is now not only circulating on the dark web – it's also on clearweb file-sharing sites, according to reports.…

Kategorie: Viry a Červi

TikTok Fixes Flaws That Opened Android App to Compromise

VirusList.com - 14 Září, 2020 - 18:23
The flaws are disclosed as Oracle reportedly partners with TikTok as concerns in the U.S. over spying continue.
Kategorie: Viry a Červi

Magecart Attack Impacts More Than 10K Online Shoppers

VirusList.com - 14 Září, 2020 - 18:01
Close to 2,000 e-commerce sites were infected over the weekend with a payment-card skimmer, maybe the result of a zero-day exploit.
Kategorie: Viry a Červi

Sorry we shut you out, says Tutanota: Encrypted email service weathers latest of ongoing DDoS storms

The Register - Anti-Virus - 14 Září, 2020 - 16:27
Privacy-conscious biz insists on rolling its own mitigations, though

Encrypted email biz Tutanota has apologised for accidentally shutting its own users out while fending off the latest of a series of distributed denial-of-service (DDoS) attacks.…

Kategorie: Viry a Červi

Naked Security Live – “Should you worry about your wallpaper?”

Sophos Naked Security - 14 Září, 2020 - 12:36
Naked Security Live - here's the recorded version of our latest video. Enjoy.

Another month, another cryptocurrency exchange hacked and 'millions of dollars' stolen by miscreants

The Register - Anti-Virus - 14 Září, 2020 - 12:15
Plus get patching your Palo Alto kit, there's a nasty crit out there

In brief  Cryptocurrency exchange Eterbase last week admitted hackers broke into its computers and made off with other people's coins, said to be worth $5.4m.…

Kategorie: Viry a Červi

Don't pay the ransom, mate. Don't even fix a price, say Australia's cyber security bods

The Register - Anti-Virus - 12 Září, 2020 - 10:33
Better yet - do the basics and your systems won't get encrypted in the first place

Most online attacks could be easily avoided by following basic cyber security advice, Australia’s national cyber security bureau has said – even as it warned that the impact and severity of things like ransomware attacks are getting worse and worse.…

Kategorie: Viry a Červi

APT28 Mounts Rapid, Large-Scale Theft of Office 365 Logins

VirusList.com - 11 Září, 2020 - 22:28
The Russia-linked threat group is harvesting credentials for Microsoft's cloud offering, and targeting mainly election-related organizations.
Kategorie: Viry a Červi

Office 365 Phishing Attack Leverages Real-Time Active Directory Validation

VirusList.com - 11 Září, 2020 - 22:28
Attackers check the victims' Office 365 credentials in real time as they are typed into the phishing landing page, by using authentication APIs.
Kategorie: Viry a Červi

It’s No ‘Giggle’: Managing Expectations for Vulnerability Disclosure

VirusList.com - 11 Září, 2020 - 21:18
Vulnerability-disclosure policies (VDPs), if done right, can help provide clarity and clear guidelines to both bug-hunters and vendors when it comes to going public with security flaws.
Kategorie: Viry a Červi

Serious Security: Hacking Windows passwords via your wallpaper

Sophos Naked Security - 11 Září, 2020 - 20:33
Themes and wallpapers - how dangerous can they really be?

WordPress Plugin Flaw Allows Attackers to Forge Emails

VirusList.com - 11 Září, 2020 - 18:34
The high-severity flaw in the Email Subscribers & Newsletters plugin by Icegram affects more than 100,000 WordPress websites.
Kategorie: Viry a Červi

What an IDORable Giggle: AI-powered 'female only' app gets in Twitter kerfuffle over breach notification

The Register - Anti-Virus - 11 Září, 2020 - 17:59
Doing the right thing - after trying all the wrong things first

A “female social network” called Giggle whose operators left its user database unsecured has triggered a wave of Twitter controversy after its founder threatened to sue a UK infosec firm who pointed out the vulnerability.…

Kategorie: Viry a Červi
Syndikovat obsah