π Trojan malware is back and it's the biggest hacking threat to your business π
π Read
via "Security on TechRepublic".
Old school but effective, hackers are shifting aware from in-your-face ransomware to attacks that are much more subtle.π Read
via "Security on TechRepublic".
TechRepublic
Trojan malware is back and it's the biggest hacking threat to your business
Old school but effective, hackers are shifting aware from in-your-face ransomware to attacks that are much more subtle.
π΄ Discover New Tools for Network Testing & Defense at Black Hat Asia π΄
π Read
via "Dark Reading: ".
Find yourself some of the latest and most exciting cybersecurity tools at the Arsenal, where you can meet and chat with their creators.π Read
via "Dark Reading: ".
Dark Reading
Discover New Tools for Network Testing & Defense at Black Hat Asia
Find yourself some of the latest and most exciting cybersecurity tools at the Arsenal, where you can meet and chat with their creators.
π΄ Enterprise Malware Detections Up 79% as Attackers Refocus π΄
π Read
via "Dark Reading: ".
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.π Read
via "Dark Reading: ".
Darkreading
Enterprise Malware Detections Up 79% as Attackers Refocus
A new report on the state of malware shows a spike in B2B malware, with former banking Trojans Emotet and TrickBot topping the list.
π Hackers impersonate these 10 brands the most in phishing attacks π
π Read
via "Security on TechRepublic".
Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.π Read
via "Security on TechRepublic".
TechRepublic
Hackers impersonate these 10 brands the most in phishing attacks
Phishers often spoof major tech brands in their efforts to gain payments from individuals and businesses, according to a Vade Secure report.
β U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks β
π Read
via "Threatpost | The first stop for security news".
An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks.π Read
via "Threatpost | The first stop for security news".
Threat Post
U.S. Gov Issues Urgent Warning of DNS Hijacking Attacks
An emergency directive from the Department of Homeland Security provides "required actions" for U.S. government agencies to prevent widespread DNS hijacking attacks.
π How to authenticate a Linux client with LDAP server π
π Read
via "Security on TechRepublic".
If you've ever wanted to authenticate a Linux desktop to an OpenLDAP server, here's how it's done.π Read
via "Security on TechRepublic".
TechRepublic
How to authenticate a Linux client with LDAP server
If you've ever wanted to authenticate a Linux desktop to an OpenLDAP server, here's how it's done.
π How to authenticate a Linux client with LDAP server π
π Read
via "Security on TechRepublic".
With OpenLDAP, you can manage users on a centralized directory server and then configure each desktop to authenticate to that server.π Read
via "Security on TechRepublic".
TechRepublic
How to authenticate a Linux client with LDAP server
With OpenLDAP, you can manage users on a centralized directory server and then configure each desktop to authenticate to that server.
π΄ Think Twice Before Paying a Ransom π΄
π Read
via "Dark Reading: ".
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.π Read
via "Dark Reading: ".
Darkreading
Think Twice Before Paying a Ransom
Why stockpiling cryptocurrency or paying cybercriminals is not the best response.
π΄ Cybercriminals Home in on Ultra-High Net Worth Individuals π΄
π Read
via "Dark Reading: ".
Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.π Read
via "Dark Reading: ".
Darkreading
Cybercriminals Home in on Ultra-High Net Worth Individuals
Research shows that better corporate security has resulted in some hackers shifting their sights to the estates and businesses of wealthy families.
π Security is the no. 1 IT barrier to cloud and SaaS adoption π
π Read
via "Security on TechRepublic".
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.π Read
via "Security on TechRepublic".
TechRepublic
Security is the no. 1 IT barrier to cloud and SaaS adoption
More than 70% of tech professionals said security spending has increased in the past year, according to a Ping Identity report.
β βChaosβ iPhone X Attack Alleges Remote Jailbreak β
π Read
via "Threatpost | The first stop for security news".
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS.π Read
via "Threatpost | The first stop for security news".
Threat Post
βChaosβ iPhone X Attack Alleges Remote Jailbreak
The attack makes use of previously disclosed critical vulnerabilities in the Apple Safari web browser and iOS.
π How to Lock a User Account After X Number of Incorrect Logins on Cent OS 7 π
π Read
via "Security on TechRepublic".
Jack Wallen shows you how to lock out users after failed login attempts in CentOS 7.π Read
via "Security on TechRepublic".
β 6 Signs of Successful Threat Hunting β
π Read
via "Threatpost | The first stop for security news".
Here are six tips to put threat hunters in the driver's seat so they can outsmart their adversaries.π Read
via "Threatpost | The first stop for security news".
Threat Post
6 Signs of Successful Threat Hunting
Here are six tips to put threat hunters in the driver's seat so they can outsmart their adversaries.
π Modular Anatova ransomware encrypts data as quickly as possible before detection π
π Read
via "Security on TechRepublic".
The new malware is being propagated on P2P networks, and demands a ransom equivalent to $725 USD, according to McAfee Labs.π Read
via "Security on TechRepublic".
TechRepublic
Modular Anatova ransomware encrypts data as quickly as possible before detection
The new malware is being propagated on P2P networks, and demands a ransom equivalent to $725 USD, according to McAfee Labs.
π΄ Google Creates Online Phishing Quiz π΄
π Read
via "Dark Reading: ".
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.π Read
via "Dark Reading: ".
Darkreading
Google Creates Online Phishing Quiz
Google Alphabet incubator Jigsaw says knowing how to spot a phish plus two-factor authentication are the best defenses against falling for a phishing email.
β Monero: Cybercrimeβs Top Choice for Mining Malware β
π Read
via "Threatpost | The first stop for security news".
Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys.π Read
via "Threatpost | The first stop for security news".
Threat Post
Monero: Cybercrimeβs Top Choice for Mining Malware
Illicit Monero-mining malware accounts for more than 4 percent of the XMR in circulation, and has created $57 million in profits for the bad guys.
<b>⌨ How the U.S. Govt. Shutdown Harms Security ⌨</b>
<code>The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.</code><code>Media</code><code>One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown βis crushing our ability to take the fight to cyber criminals.β</code><code>βThe talent drain after this is finally resolved will cost us five years,β said the source, who asked to remain anonymous because he was not authorized to speak to the news media. βLiterally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.β</code><code>The source said his agency canβt even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.</code><code>βInvestigators who are eligible to retire or who simply wish to walk away from their job arenβt retiring or quitting now because they canβt even be processed out due to furlough of the organizationβs human resources people,β the source said. βThese are criminal investigations involving national security. Itβs also a giant distraction and people arenβt as focused.β</code><code>The sourceβs comments echoed some of the points made in a 72-page report (PDF) released this week by the FBI Agents Association, a group that advocates on behalf of active and retired FBI special agents.</code><code>βToday we have no funds for making Confidential Human Source payments,β reads a quote from the FBIAA report, attributed to an agent in the FBIβs northeast region. βIn my situation, I have two sources that support our national security cyber mission that no longer have funding. They are critical sources providing tripwires and intelligence that protect the United States against our foreign adversaries. The loss in productivity and pertinent intelligence is immeasurable.β</code><code>My federal law enforcement source mentioned his agency also was unable to pay confidential informants for their help with ongoing investigations.</code><code>βWe are having the same problems like not being able to pay informants, no travel, critical case coordination meetings postponed, and no procurements to further the mission,β the source said.</code><code>The extended shutdown directly affects more than 800,000 workers, many of them furloughed or required to work without pay. Some federal employees, now missing at least two back-to-back paychecks, are having trouble keeping food on the table. CNN reports that FBI field offices across the country are opening food banks to help support special agents and staff struggling without pay.</code><code>An extended lack of pay is forcing many agents to seek side hustles and jobs, despite rules that seek to restrict such activity, according to media reports. Missing multiple paychecks also can force investigators to take on additional debt. This is potentially troublesome because excess debt down the road can lead to problems keeping oneβs security clearances.</code><code>Excessive debt is a threat to clearances because it can make people more susceptible to being drawn into illegal activities or taking bribes for money, which in turn may leave them vulnerable to extortion. Indeed, this story from Clearancejobs.com observes that the shutdown may be inadvertently creating new recruiting opportunities for foreign intelligence operatives.</code><code>βIf you are a hostileβ¦
<code>The ongoing partial U.S. federal government shutdown is having a tangible, negative impact on cybercrime investigations, according to interviews with federal law enforcement investigators and a report issued this week by a group representing the interests of FBI agents. Even if lawmakers move forward on new proposals to reopen the government, sources say the standoff is likely to have serious repercussions for federal law enforcement agencies for years to come.</code><code>Media</code><code>One federal agent with more than 20 years on the job told KrebsOnSecurity the shutdown βis crushing our ability to take the fight to cyber criminals.β</code><code>βThe talent drain after this is finally resolved will cost us five years,β said the source, who asked to remain anonymous because he was not authorized to speak to the news media. βLiterally everyone I know who is able to retire or can find work in the private sector is actively looking, and the smart private companies are aware and actively recruiting. As a nation, we are much less safe from a cyber security posture than we were a month ago.β</code><code>The source said his agency canβt even get agents and analysts the higher clearances needed for sensitive cases because everyone who does the clearance processing is furloughed.</code><code>βInvestigators who are eligible to retire or who simply wish to walk away from their job arenβt retiring or quitting now because they canβt even be processed out due to furlough of the organizationβs human resources people,β the source said. βThese are criminal investigations involving national security. Itβs also a giant distraction and people arenβt as focused.β</code><code>The sourceβs comments echoed some of the points made in a 72-page report (PDF) released this week by the FBI Agents Association, a group that advocates on behalf of active and retired FBI special agents.</code><code>βToday we have no funds for making Confidential Human Source payments,β reads a quote from the FBIAA report, attributed to an agent in the FBIβs northeast region. βIn my situation, I have two sources that support our national security cyber mission that no longer have funding. They are critical sources providing tripwires and intelligence that protect the United States against our foreign adversaries. The loss in productivity and pertinent intelligence is immeasurable.β</code><code>My federal law enforcement source mentioned his agency also was unable to pay confidential informants for their help with ongoing investigations.</code><code>βWe are having the same problems like not being able to pay informants, no travel, critical case coordination meetings postponed, and no procurements to further the mission,β the source said.</code><code>The extended shutdown directly affects more than 800,000 workers, many of them furloughed or required to work without pay. Some federal employees, now missing at least two back-to-back paychecks, are having trouble keeping food on the table. CNN reports that FBI field offices across the country are opening food banks to help support special agents and staff struggling without pay.</code><code>An extended lack of pay is forcing many agents to seek side hustles and jobs, despite rules that seek to restrict such activity, according to media reports. Missing multiple paychecks also can force investigators to take on additional debt. This is potentially troublesome because excess debt down the road can lead to problems keeping oneβs security clearances.</code><code>Excessive debt is a threat to clearances because it can make people more susceptible to being drawn into illegal activities or taking bribes for money, which in turn may leave them vulnerable to extortion. Indeed, this story from Clearancejobs.com observes that the shutdown may be inadvertently creating new recruiting opportunities for foreign intelligence operatives.</code><code>βIf you are a hostileβ¦
ATENTIONβΌ New - CVE-2017-17836
π Read
via "National Vulnerability Database".
In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, weather it be via XSS or by leaving a machine unlocked can exfil all credentials from the system.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-17835
π Read
via "National Vulnerability Database".
In Apache Airflow 1.8.2 and earlier, a CSRF vulnerability allowed for a remote command injection on a default install of Airflow.π Read
via "National Vulnerability Database".
ATENTIONβΌ New - CVE-2017-15720
π Read
via "National Vulnerability Database".
In Apache Airflow 1.8.2 and earlier, an authenticated user can execute code remotely on the Airflow webserver by creating a special object.π Read
via "National Vulnerability Database".