Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - Antus67

Pages: [1] 2 3 ... 5
1
Web News / Chrome to warn users about lookalike URLs
« on: January 31, 2019, 05:40:26 PM »
by Martin Brinkmann on January 31, 2019 in Google Chrome

Google Chrome may soon warn users when they visit what Google calls lookalike URLs. Lookalike URLs is a loose term that describes site addresses that look very similar to the domain of an authoritative or popular site.

Google does not seem to distinguish between purpose when it comes to the definition of lookalike URLs; the Google Chrome feature displayed warnings or different types of URLs, e.g. URLs that were not registered but still look similar to popular URLs, but also when visiting URLs that are registered and load sites when accessed.

Phishing attacks, a common form of threats on the Internet designed to steal account credentials and other important data, use lookalike domain names often to make the attack -- posing as a different site -- more effective.

Chrome: Navigation suggestions for lookalike URLs



Full Article Here:https://www.ghacks.net/2019/01/31/chrome-warn-lookalike-urls/

2
Web News / Mac Malware Steals Browser Cookies, Sensitive Data
« on: January 31, 2019, 05:33:38 PM »
By Ionut Arghire on January 31, 2019

A recently discovered piece of Mac malware is targeting browser cookies associated with mainstream cryptocurrency exchanges and wallet service websites, as well as personal user information, Palo Alto Networks security researchers say.

Based on the OSX.DarthMiner malware and dubbed CookieMiner, the new threat can also steal saved passwords from Chrome, and iPhone text messages from iTunes backups on tethered Macs. Successful attacks result in full access to the victim’s exchange account and/or wallet.

“By leveraging the combination of stolen login credentials, web cookies, and SMS data, based on past attacks like this, we believe the bad actors could bypass multifactor authentication for these sites,” the security researchers say.

Full Article Here:]https://www.securityweek.com/mac-malware-steals-browser-cookies-sensitive-data?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Securityweek+%28SecurityWeek+RSS+Feed%29[url][/url]

3
Jan 31, 2019 12:26 GMT  ·  By Bogdan Popa

Quote
As I’ve said so many times before, updating a Windows device these days is quite a crazy roller coaster ride, as something could go wrong pretty much at any point.

If you’ve been following Microsoft news closely, you probably know already that the company has shipped several botched updates lately, especially on Windows 10.

On this particular version, the icing of the cake has been without a doubt the October 2018 Update, which deleted user files stored in libraries without them even being notified.

But returning to the experience with Windows Update, some Windows users are finding out the hard way that updating a device doesn’t always go exactly as planned.

Full Article Here:https://news.softpedia.com/news/how-to-fix-windows-update-issues-by-using-google-s-public-dns-524779.shtml

4
Web News / Stealthy Malware Disguises Itself as a WordPress License Key
« on: January 31, 2019, 01:04:44 PM »

Author: Tara Seals
January 30, 2019 11:59 am





A spam injector hides in plain site within WordPress theme files.

UPDATE

A spam-injecting malware is targeting WordPress site owners by disguising itself as a legitimate license key for a WordPress design theme.

According to analysis from Sucuri, a customer opened a malware removal ticket reporting “some weird spam URLs injected onto their WordPress website.” After further investigation into the files on the website, analysts uncovered a hidden encoded spam injector malware in the “./wp-content/themes/toolbox/functions.php” WordPress theme, masquerading as a license key.

Full Article Here:https://threatpost.com/malware-wordpress-license-key/141315/

5
By Sergiu Gatlan



Dell announced the release of a portfolio of endpoint security solutions which combine leading managed security services with premier endpoint protection technology from CrowdStrike and global incident response and threat intelligence from Secureworks

Quote
“Organizations are faced with what may feel like an exponentially expanding threat landscape and a mixed bag of solutions to fix it,” said Brett Hansen, vice president and general manager of client software and security solutions, Dell. “To meet the evolving needs of our customers and stay ahead of ever-evolving threats, Dell is offering organizations the tools they need to keep their devices and data secure.”

Full Article Here:https://www.bleepingcomputer.com/news/security/dell-introduces-dell-safeguard-and-response-solutions-to-fight-evolving-threats/

6
By Sergiu Gatlan



Commercial aircraft manufacturer Airbus announced a data breach incident that impacted the company's “Commercial Aircraft business” information systems and led to third parties gaining unauthorized access to data.

Airbus is a global leader in aeronautics funded in 1970, headquartered in the European Union and currently employing more than 10,000 people.

Full Article Here:https://www.bleepingcomputer.com/news/security/airbus-data-breach-exposes-employee-credentials-professional-contact-details/

7
Web News / Stealthy Malware Disguises Itself as a WordPress License Key
« on: January 30, 2019, 07:41:27 PM »

Author: Tara Seals
January 30, 2019 11:59 am





A spam injector hides in plain site within WordPress theme files.

A spam-injecting malware is targeting WordPress site owners by disguising itself as a legitimate license key for a WordPress design theme.

According to analysis from Sucuri, a customer opened a malware removal ticket reporting “some weird spam URLs injected onto their WordPress website.” After further investigation into the files on the website, analysts uncovered a hidden encoded spam injector malware in the “./wp-content/themes/toolbox/functions.php” WordPress theme, masquerading as a license key.

Full Article Here:https://threatpost.com/malware-wordpress-license-key/141315/

8
Web News / Attackers Can Track Kids’ Locations via Connected Watches
« on: January 30, 2019, 07:39:18 PM »

Author: Tara Seals
January 30, 2019 3:41 pm





A severe flaw exposes sensitive information for 35,000 kids and 20,000 individual accounts.

Despite ongoing warnings about connected watches and toys endangering kids’ privacy and potentially their physical safety, makers of these Internet of Things gadgets continue to turn out products that do just that. The latest concern is a gamut of kids’ GPS-tracking watches, which were found to be exposing sensitive data involving 35,000 children — including their location, in real time.

Full Article Here:https://threatpost.com/kid-tracking-watches-location-data/141335/

9
By Sergiu Gatlan



Google has released Chrome 72 to the Stable desktop channel, which makes it available for everyone to download. This version removes support for TLS 1.0 and TLS 1.1 and HTTP-Based Public Key Pinning, and it will also no longer render resources from FTP servers.

Chrome 72 will also no longer allow popups during page unload, something that the built-in popup blocker was already doing, but now they will be blocked by default whether or not the popup blocker is enabled.

Full Article Here:https://www.bleepingcomputer.com/news/google/chrome-72-released-with-58-security-fixes-deprecates-tls-10-and-11/

10
The  following link explains a important feature Fire Fox has added on:https://www.helpnetsecurity.com/2019/01/30/mozilla-anti-tracking/

11
By Sergiu Gatlan



A data breach incident impacting Discover cards has potentially provided attackers with access to an undisclosed amount of customer information, although anything from account numbers and expiration dates to security codes might have been stolen.

Although these types of data breaches are not uncommon for financial institutions, this is only the second time a data breach involving customers' cards has been reported during 2018 by Discover Financial Services to the California Attorney General.

Full Article Here:https://www.bleepingcomputer.com/news/security/discover-card-users-affected-by-data-breach-new-credit-cards-issued/

12
Web News / What steps consumers need to take to protect themselves online
« on: January 29, 2019, 11:31:09 AM »
BY: Help Net SecurityJanuary 29, 2019

Yesterday was Data Privacy Day, so McAfee warned consumers that cybercriminals are continuing to access personal information through weak passwords, phishing emails, connected things, malicious apps and unsecure Wi-Fi networks.



Full Article Here:https://www.helpnetsecurity.com/2019/01/29/protect-consumers-online/

13
Web News / Undercover Agents Target Cybersecurity Watchdog
« on: January 28, 2019, 11:39:53 AM »
By Associated Press on January 26, 2019

The researchers who reported that Israeli software was used to spy on Washington Post journalist Jamal Khashoggi's inner circle before his gruesome death are being targeted in turn by international undercover operatives, The Associated Press has found.

Twice in the past two months, men masquerading as socially conscious investors have lured members of the Citizen Lab internet watchdog group to meetings at luxury hotels to quiz them for hours about their work exposing Israeli surveillance and the details of their personal lives. In both cases, the researchers believe they were secretly recorded.

Quote
Citizen Lab Director Ron Deibert described the stunts as "a new low."

"We condemn these sinister, underhanded activities in the strongest possible terms," he said in a statement Friday. "Such a deceitful attack on an academic group like the Citizen Lab is an attack on academic freedom everywhere."

Full Article Here:https://www.securityweek.com/undercover-agents-target-cybersecurity-watchdog

14
BY:Keith Bromley, Senior Manager, Solutions, KeysightJanuary 28, 2019

As anyone in the network security world will tell you, it is an extremely intense and stressful job to protect the corporate network from ever-evolving security threats. For a security team, a 99 percent success rate is still a complete failure. That one time a hacker, piece of malware, or DDoS attack brings down your organization’s network (or network availability) is all that matters.

It’s even more frustrating when you consider that the proverbial ‘bad guy’ sitting in the basement of his mother’s house can spend less than $1,000 USD on a computer and malware and bring down a network that you have spent millions of dollars on state-of-the-art equipment to protect.

Full Article Here:https://www.helpnetsecurity.com/2019/01/28/accepting-that-your-network-will-get-hacked/

15
By Usama Jawad @@UsamaJawad96 · Jan 27, 2019 09:16 EST

Cybersecurity is a growing concern for companies dealing with customer data around the globe. With the increasing number of cyberattacks, firms have been taking major steps to combat the threat, such as utilizing the power of artificial intelligence (AI) to detect attacks before they happen.

Now, it has been revealed that DailyMotion has been the target of a malicious attack, that has resulted in several user accounts being compromised.



]https://www.neowin.net/news/dailymotion-target-of-credential-stuffing-attack-several-accounts-breached?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+neowin-main+%28Neowin+News%29[url][/url]

Pages: [1] 2 3 ... 5