β Microsoft Azure data deleted because of DNS outage β
π Read
via "Naked Security".
Users of Microsoftβs Azure system lost database records as part of a mass outage on Tuesday. A combination of DNS problems and automated scripts were to blame, said reports.π Read
via "Naked Security".
Sophos News
Naked Security β Sophos News
β Hacker talks to baby through Nest security cam, jacks up thermostat β
π Read
via "Naked Security".
Yet another family unnerved by yet another voice coming from a nursery webcam serves as yet another argument against password reuse.π Read
via "Naked Security".
Naked Security
Hacker talks to baby through Nest security cam, jacks up thermostat
Yet another family unnerved by yet another voice coming from a nursery webcam serves as yet another argument against password reuse.
ATENTIONβΌ New - CVE-2017-18361
π Read
via "National Vulnerability Database".
In Pylons Colander through 1.6, the URL validator allows an attacker to potentially cause an infinite loop thereby causing a denial of service via an unclosed parenthesis.π Read
via "National Vulnerability Database".
β Credential dump contains another 2.2 billion pwned accounts β
π Read
via "Naked Security".
How many user credentials have fallen into the hands of criminals during a decade of data breaches? Billions, according to two recent discoveries.π Read
via "Naked Security".
Naked Security
Credential dump contains another 2.2 billion pwned accounts
How many user credentials have fallen into the hands of criminals during a decade of data breaches? Billions, according to two recent discoveries.
π Spectre and Meltdown explained: A comprehensive guide for professionals π
π Read
via "Security on TechRepublic".
Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.π Read
via "Security on TechRepublic".
TechRepublic
Spectre and Meltdown explained: A comprehensive guide for professionals
Staying up to date on Spectre and Meltdown can be challenging. This guide includes in-depth explanations about these uniquely dangerous security vulnerabilities and the best mitigation solutions.
π΄ Study the Cutting Edge of Cybersecurity at Black Hat Asia π΄
π Read
via "Dark Reading: ".
Whether you want an in-depth look at one of the biggest data breaches in recent memory or some advanced data forensics training, Black Hat Asia is the place to be.π Read
via "Dark Reading: ".
Dark Reading
Study the Cutting Edge of Cybersecurity at Black Hat Asia
Whether you want an in-depth look at one of the biggest data breaches in recent memory or some advanced data forensics training, Black Hat Asia is the place to be.
β Linux user? Check those patches! Public exploit published for systemd security holesβ¦ β
π Read
via "Naked Security".
A pair of bugs in a very widely used Linux system tool called systemd have just been "weaponised" - check you're patched!π Read
via "Naked Security".
Naked Security
Linux user? Check those patches! Public exploit published for systemd security holesβ¦
A pair of bugs in a very widely used Linux system tool called systemd have just been βweaponisedβ β check youβre patched!
<b>⌨ 250 Webstresser Users to Face Legal Action ⌨</b>
<code>More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Unionβs law enforcement agency.</code><code>In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.</code><code>Media</code><code>Webstresser.org (formerly Webstresser.co), as it appeared in 2017.</code><code>In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week.</code><code>βSize does not matter β all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,β Europol officials warned.</code><code>The focus on Webstresserβs customers is the latest phase of βOperation Power Off,β which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called βbooterβ or βstresserβ services β virtual hired muscle that even completely unskilled users can rent to knock nearly any website or Internet user offline.</code><code>Operation Power Off is part of a broader law enforcement effort to disrupt the burgeoning booter service industry and to weaken demand for such services. In December, authorities in the United States filed criminal charges against three men accused of running booter services, and orchestrated a coordinated takedown of 15 different booter sites.</code><code>Media</code><code>This seizure notice appeared on the homepage of more than a dozen popular βbooterβ or βstresserβ DDoS-for-hire Web sites in December 2018.</code><code></code><code>The takedowns come as courts in the United States and Europe are beginning to hand down serious punishment for booter service operators, their customers, and for those convicted of launching large-scale DDoS attacks. Last month, a 34-year-old Connecticut man received a 10-year prison sentence for carrying out DDoS attacks a number of hospitals in 2014. Also last month, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberiaβs Internet access in 2016.</code><code>In December 2018, the ringleader of an online crime group that launched DDoS attacks against Web sites β including several against KrebsOnSecurity β was sentenced to three years in a U.K. prison. And in 2017, a 20-year-old from Britain was sentenced to two years in jail for renting out Titanium Stresser, a booter service that earned him $300,000 over several years it was in operation.</code><code>Many in the hacker community have criticized authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the vast majority of both groups are young men under the age of 21 and are using booter services to settle petty disputes over online games.</code><code>But not all countries involved in Operation Power Off are taking such a punitive approach. In the Netherlands, the police and the prosecutorβs office have deployed new legal intervention called βHack_Right,β a diversion program intended for first-time cyber offenders. Europol says at least one user of Webstresser has already received this alternative sanction.</code><code>βSkillsβ¦
<code>More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Unionβs law enforcement agency.</code><code>In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks.</code><code>Media</code><code>Webstresser.org (formerly Webstresser.co), as it appeared in 2017.</code><code>In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week.</code><code>βSize does not matter β all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,β Europol officials warned.</code><code>The focus on Webstresserβs customers is the latest phase of βOperation Power Off,β which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called βbooterβ or βstresserβ services β virtual hired muscle that even completely unskilled users can rent to knock nearly any website or Internet user offline.</code><code>Operation Power Off is part of a broader law enforcement effort to disrupt the burgeoning booter service industry and to weaken demand for such services. In December, authorities in the United States filed criminal charges against three men accused of running booter services, and orchestrated a coordinated takedown of 15 different booter sites.</code><code>Media</code><code>This seizure notice appeared on the homepage of more than a dozen popular βbooterβ or βstresserβ DDoS-for-hire Web sites in December 2018.</code><code></code><code>The takedowns come as courts in the United States and Europe are beginning to hand down serious punishment for booter service operators, their customers, and for those convicted of launching large-scale DDoS attacks. Last month, a 34-year-old Connecticut man received a 10-year prison sentence for carrying out DDoS attacks a number of hospitals in 2014. Also last month, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberiaβs Internet access in 2016.</code><code>In December 2018, the ringleader of an online crime group that launched DDoS attacks against Web sites β including several against KrebsOnSecurity β was sentenced to three years in a U.K. prison. And in 2017, a 20-year-old from Britain was sentenced to two years in jail for renting out Titanium Stresser, a booter service that earned him $300,000 over several years it was in operation.</code><code>Many in the hacker community have criticized authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the vast majority of both groups are young men under the age of 21 and are using booter services to settle petty disputes over online games.</code><code>But not all countries involved in Operation Power Off are taking such a punitive approach. In the Netherlands, the police and the prosecutorβs office have deployed new legal intervention called βHack_Right,β a diversion program intended for first-time cyber offenders. Europol says at least one user of Webstresser has already received this alternative sanction.</code><code>βSkillsβ¦
π΄ KISS, Cyber & the Humble but Nourishing Chickpea π΄
π Read
via "Dark Reading: ".
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.π Read
via "Dark Reading: ".
Dark Reading
KISS, Cyber & the Humble but Nourishing Chickpea
The combination of simple, straightforward, and methodical ingredients are the keys to developing a balanced and well-rounded security program.
β Cybercriminals Aim for the Super Bowl Goal Posts β
π Read
via "Threatpost | The first stop for security news".
Scams, infrastructure attacks, data harvesting and attacks on streamers are all in the offing.π Read
via "Threatpost | The first stop for security news".
Threat Post
Cybercriminals Aim for the Super Bowl Goal Posts
Scams, infrastructure attacks, data harvesting and attacks on streamers are all in the offing.
π Why you need to use DMARC and SPF on mail servers to prevent phishing and fraud π
π Read
via "Security on TechRepublic".
Open-source, industry standard specifications are available to protect your business, but real-world deployment is still lower than optimal.π Read
via "Security on TechRepublic".
TechRepublic
Why you need to use DMARC and SPF on mail servers to prevent phishing and fraud
Open-source, industry standard specifications are available to protect your business, but real-world deployment is still lower than optimal.
β Threatpost News Wrap Podcast For Feb. 1 β
π Read
via "Threatpost | The first stop for security news".
From Facebook's research app being pulled from iOS devices to a new-found dump of compromised credentials, here are the top news of the week.π Read
via "Threatpost | The first stop for security news".
Threat Post
Threatpost News Wrap Podcast For Feb. 1
From Facebook's research app being pulled from iOS devices to a new-found dump of compromised credentials, here are the top news of the week.
ATENTIONβΌ New - CVE-2016-10741
π Read
via "National Vulnerability Database".
In the Linux kernel before 4.9.3, fs/xfs/xfs_aops.c allows local users to cause a denial of service (system crash) because there is a race condition between direct and memory-mapped I/O (associated with a hole) that is handled with BUG_ON instead of an I/O failure.π Read
via "National Vulnerability Database".
β FaceTime bug, eavesdropping and digital snooping β what to do? [VIDEO] β
π Read
via "Naked Security".
In this week's Naked Security Live video: what to do about microphone-equipped devices in your home?π Read
via "Naked Security".
Naked Security
FaceTime bug, eavesdropping and digital snooping β what to do? [VIDEO]
In this weekβs Naked Security Live video: what to do about microphone-equipped devices in your home?
π How to secure NGINX with Let's Encrypt π
π Read
via "Security on TechRepublic".
If you run NGINX and want to use free certificates, it's possible with Let's Encrypt.π Read
via "Security on TechRepublic".
TechRepublic
How to secure NGINX with Let's Encrypt
If you run NGINX and want to use free certificates, it's possible with Let's Encrypt.
π΄ Nest Hack Leaves Homeowner Sleepless in Chicago π΄
π Read
via "Dark Reading: ".
A Chicago-area family's smart home controls were compromised in a hack that has left them feeling vulnerable in their own home.π Read
via "Dark Reading: ".
Darkreading
Nest Hack Leaves Homeowner Sleepless in Chicago
A Chicago-area family's smart home controls were compromised in a hack that has left them feeling vulnerable in their own home.
ATENTIONβΌ New - CVE-2018-0722
π Read
via "National Vulnerability Database".
Path Traversal vulnerability in Photo Station versions: 5.7.2 and earlier in QTS 4.3.4, 5.4.4 and earlier in QTS 4.3.3, 5.2.8 and earlier in QTS 4.2.6 could allow remote attackers to access sensitive information on the device.π Read
via "National Vulnerability Database".
β Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware β
π Read
via "Threatpost | The first stop for security news".
The Remexi spyware has been improved and retooled.π Read
via "Threatpost | The first stop for security news".
Threat Post
Chafer APT Takes Aim at Diplomats in Iran with Improved Custom Malware
The Remexi spyware has been improved and retooled.
π Spectre and Meltdown explained: New variants and more efficient patches π
π Read
via "Security on TechRepublic".
Learn about these uniquely dangerous vulnerabilities as TechRepublic's James Sanders discusses up-to-date info on the latest variants and best mitigation strategies to minimize performance impact.π Read
via "Security on TechRepublic".
TechRepublic
Spectre and Meltdown explained: New variants and more efficient patches
Learn about these uniquely dangerous vulnerabilities as TechRepublic's James Sanders discusses up-to-date info on the latest variants and best mitigation strategies to minimize performance impact.
β Houzz Urges Password Resets After Data Breach β
π Read
via "Threatpost | The first stop for security news".
The decorating website said that account usernames, passwords and more have been compromised as part of a breach.π Read
via "Threatpost | The first stop for security news".
Threat Post
Houzz Urges Password Resets After Data Breach
The decorating website said that account usernames, passwords and more have been compromised as part of a breach.