π΄ NASA Investigating Breach That Exposed PII on Employees, Ex-Workers π΄
π Read
via "Dark Reading: ".
Incident is latest manifestation of continuing security challenges at agency, where over 3,000 security incidents have been reported in recent years.π Read
via "Dark Reading: ".
Darkreading
NASA Investigating Breach That Exposed PII on Employees, Ex-Workers
Incident is latest manifestation of continuing security challenges at agency, where over 3,000 security incidents have been reported in recent years.
π΄ How to Remotely Brick a Server π΄
π Read
via "Dark Reading: ".
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.π Read
via "Dark Reading: ".
Darkreading
How to Remotely Brick a Server
Researchers demonstrate the process of remotely bricking a server, which carries serious and irreversible consequences for businesses.
β Facebookβs Rough History of Failed User Revolts β
π Read
via "Threatpost | The first stop for security news".
What will ultimately be the driving force for Facebook to value data privacy?π Read
via "Threatpost | The first stop for security news".
Threat Post
Facebookβs Rough History of Failed User Revolts
What will ultimately be the driving force for Facebook to value data privacy?
β Phone repair shop employees accused of stealing nude photos β
π Read
via "Naked Security".
Keep your passwords safe, since: "Quintal: Did the girl that sounded hot bring her computer last night? Preuit: No Quintal: I'm depressed"π Read
via "Naked Security".
Naked Security
Phone repair shop employees accused of stealing nude photos
Keep your passwords safe, since: βQuintal: Did the girl that sounded hot bring her computer last night? Preuit: No Quintal: Iβm depressedβ
β Glitter bomb engineer exacts revenge on parcel thieves β
π Read
via "Naked Security".
Mark Rober "over-engineered the crap" out of it, including motion detection, geofencing, and 4 cameras to record some priceless reactions.π Read
via "Naked Security".
Naked Security
Glitter bomb engineer exacts revenge on parcel thieves
Mark Rober βover-engineered the crapβ out of it, including motion detection, geofencing, and 4 cameras to record some priceless reactions.
β Most home routers lack simple Linux OS hardening security β
π Read
via "Naked Security".
A new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.π Read
via "Naked Security".
Naked Security
Most home routers lack simple Linux OS hardening security
A new assessment of 28 popular models for home users failed to find a single one with firmware that had fully enabled underlying security hardening features offered by Linux.
π How to set up a Windows 10 computer: 5 essential steps π
π Read
via "Security on TechRepublic".
Getting a new PC is exciting, but you should follow these setup steps before using a Windows 10 machine.π Read
via "Security on TechRepublic".
TechRepublic
How to set up a Windows 10 computer: 5 essential steps | TechRepublic
Getting a new PC is exciting, but you should follow these setup steps before using a Windows 10 machine.
β Facebook denies sharing private messages without user knowledge β
π Read
via "Naked Security".
Facebook hit back at press reports this week that highlighted a deep network of privileged data-sharing partnerships between the social media company and other large organisations.π Read
via "Naked Security".
Naked Security
Facebook denies sharing private messages without user knowledge
Facebook hit back at press reports this week that highlighted a deep network of privileged data-sharing partnerships between the social media company and other large organisations.
π Top 5 highest-paying tech jobs of 2019 π
π Read
via "Security on TechRepublic".
These tech roles will pay the most and be the most heavily recruited this year, according to Scout Exchange.π Read
via "Security on TechRepublic".
TechRepublic
Top 5 highest-paying tech jobs of 2019
These tech roles will pay the most and be the most heavily recruited this year, according to Scout Exchange.
β Microsoft IE Zero Day Gets Emergency Patch β
π Read
via "Threatpost | The first stop for security news".
Microsoft issued an out-of-band patch for a zero day bug in its Internet Explorer browser.π Read
via "Threatpost | The first stop for security news".
Threat Post
Microsoft IE Zero Day Gets Emergency Patch
Microsoft issued an out-of-band patch for a zero day bug in its Internet Explorer browser.
β Facebook Admits Giving Partners Access to Messages β
π Read
via "Threatpost | The first stop for security news".
A Facebook partnership with Netflix, Dropbox, Spotify, and Royal Bank of Canada gave them access to messages.π Read
via "Threatpost | The first stop for security news".
Threat Post
Facebook Admits Giving Partners Access to Messages
A Facebook partnership with Netflix, Dropbox, Spotify, and Royal Bank of Canada gave them access to messages.
β Amazon Sends 1,700 Alexa Voice Recordings to a Random Person β
π Read
via "Threatpost | The first stop for security news".
The intimate recordings paint a detailed picture of a man's life.π Read
via "Threatpost | The first stop for security news".
Threat Post
Amazon Sends 1,700 Alexa Voice Recordings to a Random Person
The intimate recordings paint a detailed picture of a man's life.
π΄ Automating a DevOps-Friendly Security Policy π΄
π Read
via "Dark Reading: ".
There can be a clash of missions between security and IT Ops teams, but automation can help.π Read
via "Dark Reading: ".
Dark Reading
Automating a DevOps-Friendly Security Policy
There can be a clash of missions between security and IT Ops teams, but automation can help.
π 3 ways to protect your employees' inboxes from phishing threats π
π Read
via "Security on TechRepublic".
Some 42% of companies say employees have fallen victim to a phishing attack, according to EdgeWave. Here's how to keep them safe.π Read
via "Security on TechRepublic".
TechRepublic
3 ways to protect your employees' inboxes from phishing threats
Some 42% of companies say employees have fallen victim to a phishing attack, according to EdgeWave. Here's how to keep them safe.
π΄ 2018 In the Rearview Mirror π΄
π Read
via "Dark Reading: ".
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware - and a new world's record for data breaches.π Read
via "Dark Reading: ".
Dark Reading
2018 In the Rearview Mirror
Among this year's biggest news stories: epic hardware vulnerabilities, a more lethal form of DDoS attack, Olympic 'false flags,' hijacked home routers, fileless malware - and a new world's record for data breaches.
ATENTIONβΌ New - CVE-2017-9704
π Read
via "National Vulnerability Database".
In all android releases(Android for MSM, Firefox OS for MSM, QRD Android) from CAF using the linux kernel, There is no synchronization between msm_vb2 buffer operations which can lead to use after free.π Read
via "National Vulnerability Database".
π΄ Hackers Bypass Gmail, Yahoo 2FA at Scale π΄
π Read
via "Dark Reading: ".
A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.π Read
via "Dark Reading: ".
Darkreading
Hackers Bypass Gmail, Yahoo 2FA at Scale
A new Amnesty International report explains how cyberattackers are phishing second-factor authentication codes sent via SMS.
π΄ US Indicts 2 APT 10 Members for Years-Long Hacking Campaign π΄
π Read
via "Dark Reading: ".
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.π Read
via "Dark Reading: ".
Darkreading
US Indicts 2 APT10 Members for Years-Long Hacking Campaign
In an indictment unsealed this morning, the US ties China's state security agency to a widespread campaign of personal and corporate information theft.
π Amazon sent private Alexa voice interactions from Echo smart speaker to the wrong customer π
π Read
via "Security on TechRepublic".
After one German user requested a copy of their Alexa voice history under the GDPR, he got another user's data in the process.π Read
via "Security on TechRepublic".
TechRepublic
Amazon sent private Alexa voice interactions from Echo smart speaker to the wrong customer
After one German user requested a copy of their Alexa voice history under the GDPR, he got another user's data in the process.
β Drones shut down major international airport β
π Read
via "Naked Security".
A drone operator has repeatedly flown two (UAVs close to the runway, grounding flights at the airport since last night.π Read
via "Naked Security".
Naked Security
Drones shut down major international airport
A drone operator has repeatedly flown two (UAVs close to the runway, grounding flights at the airport since last night.
<b>⌨ Feds Charge Three in Mass Seizure of Attack-for-hire Services ⌨</b>
<code>Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different βbooterβ or βstresserβ sites β attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.</code><code>Media</code><code>The seizure notice appearing on the homepage this week of more than a dozen popular βbooterβ or βstresserβ DDoS-for-hire Web sites.</code><code>As of Thursday morning, a seizure notice featuring the seals of the U.S. Justice Department, FBI and other law enforcement agencies appeared on the booter sites, including:</code><code>anonsecurityteam[.]com
booter[.]ninja
bullstresser[.]net
critical-boot[.]com
defcon[.]pro
defianceprotocol[.]com
downthem[.]org
layer7-stresser[.]xyz
netstress[.]org
quantumnstress[.]net
ragebooter[.]com
request[.]rip
str3ssed[.]me
torsecurityteam[.]org
vbooter[.]org</code><code>Booter sites are dangerous because they help lower the barriers to cybercrime, allowing even complete novices to launch sophisticated and crippling attacks with the click of a button.</code><code>Cameron Schroeder, assistant U.S. attorney for the Central District of California, called this weekβs action the largest simultaneous seizure of booter service domains ever.</code><code>βThis is the biggest action U.S. law enforcement has taken against booter services, and weβre doing this in cooperation with a large number of industry and foreign law enforcement partners,β Schroeder said.</code><code>Booter services are typically advertised through variety of methods, including Dark Web forums, chat platforms and even youtube.com. They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. The services are priced according to the volume of traffic to be hurled at the target, the duration of each attack, and the number of concurrent attacks allowed.</code><code>Purveyors of stressers and booters claim they are not responsible for how customers use their services, and that they arenβt breaking the law because β like most security tools β stresser services can be used for good or bad purposes. For example, all of the above-mentioned booter sites contained wordy βterms of useβ agreements that required customers to agree they will only stress-test their own networks β and that they wonβt use the service to attack others.</code><code>But experts say todayβs announcement shreds that virtual fig leaf, and marks several important strategic shifts in how authorities intend to prosecute booter service operators going forward.</code><code>βThis action is predicated on the fact that running a booter service itself is illegal,β said Allison Nixon, director of security research at Flashpoint, a security firm based in New York City. βThatβs a slightly different legal argument that has been made in the past against other booter owners.β</code><code>For one thing, the booter services targeted in this takedown advertised the ability to βresolveβ or determine the true Internet address of a target. This is especially useful for customers seeking to harm targets whose real address is hidden behind mitigation services like Cloudflare (ironically, the same provider used by most of these booter services to withstand attacks by competing booter services).</code><code>Some resolvers also allowed customers to determine the Internet address of a target using nothing more than the targetβs Skype username.</code><code>βYou donβt need to use a Skype resolver just to attack yourself,β assistant U.S. Attorney Schroeder said. βClearly, the people running these booter services know their services are being used not by people targeting their own infrastructure, and have built in capabilities thatβ¦
<code>Authorities in the United States this week brought criminal hacking charges against three men as part of an unprecedented, international takedown targeting 15 different βbooterβ or βstresserβ sites β attack-for-hire services that helped paying customers launch tens of thousands of digital sieges capable of knocking Web sites and entire network providers offline.</code><code>Media</code><code>The seizure notice appearing on the homepage this week of more than a dozen popular βbooterβ or βstresserβ DDoS-for-hire Web sites.</code><code>As of Thursday morning, a seizure notice featuring the seals of the U.S. Justice Department, FBI and other law enforcement agencies appeared on the booter sites, including:</code><code>anonsecurityteam[.]com
booter[.]ninja
bullstresser[.]net
critical-boot[.]com
defcon[.]pro
defianceprotocol[.]com
downthem[.]org
layer7-stresser[.]xyz
netstress[.]org
quantumnstress[.]net
ragebooter[.]com
request[.]rip
str3ssed[.]me
torsecurityteam[.]org
vbooter[.]org</code><code>Booter sites are dangerous because they help lower the barriers to cybercrime, allowing even complete novices to launch sophisticated and crippling attacks with the click of a button.</code><code>Cameron Schroeder, assistant U.S. attorney for the Central District of California, called this weekβs action the largest simultaneous seizure of booter service domains ever.</code><code>βThis is the biggest action U.S. law enforcement has taken against booter services, and weβre doing this in cooperation with a large number of industry and foreign law enforcement partners,β Schroeder said.</code><code>Booter services are typically advertised through variety of methods, including Dark Web forums, chat platforms and even youtube.com. They accept payment via PayPal, Google Wallet, and/or cryptocurrencies, and subscriptions can range in price from just a few dollars to several hundred per month. The services are priced according to the volume of traffic to be hurled at the target, the duration of each attack, and the number of concurrent attacks allowed.</code><code>Purveyors of stressers and booters claim they are not responsible for how customers use their services, and that they arenβt breaking the law because β like most security tools β stresser services can be used for good or bad purposes. For example, all of the above-mentioned booter sites contained wordy βterms of useβ agreements that required customers to agree they will only stress-test their own networks β and that they wonβt use the service to attack others.</code><code>But experts say todayβs announcement shreds that virtual fig leaf, and marks several important strategic shifts in how authorities intend to prosecute booter service operators going forward.</code><code>βThis action is predicated on the fact that running a booter service itself is illegal,β said Allison Nixon, director of security research at Flashpoint, a security firm based in New York City. βThatβs a slightly different legal argument that has been made in the past against other booter owners.β</code><code>For one thing, the booter services targeted in this takedown advertised the ability to βresolveβ or determine the true Internet address of a target. This is especially useful for customers seeking to harm targets whose real address is hidden behind mitigation services like Cloudflare (ironically, the same provider used by most of these booter services to withstand attacks by competing booter services).</code><code>Some resolvers also allowed customers to determine the Internet address of a target using nothing more than the targetβs Skype username.</code><code>βYou donβt need to use a Skype resolver just to attack yourself,β assistant U.S. Attorney Schroeder said. βClearly, the people running these booter services know their services are being used not by people targeting their own infrastructure, and have built in capabilities thatβ¦