 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
December 21, 2017 5:10 PM
|
Over the course of the current week, WordPress sites around the globe have been the targets of a massive brute-force campaign during which hackers attempted to guess admin account logins in order to install a Monero miner on compromised sites.
The brute-force attack started on Monday morning, 03:00 AM UTC and is still going strong at the time of writing.
Brute-force attack targets over 190,000 WordPress sites/hour
To get an idea of the size of the campaign, WordPress security firm Wordfence says this was the biggest brute-force attack the company was forced to mitigate since its birth in 2012. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress
|
|
Scooped by
Gust MEES
December 19, 2017 11:34 AM
|
Mit der Messenger-App Signal und dem auch von Whatsapp eingesetzten Signal-Protokoll ist Moxie Marlinspike ein großer Coup gelungen. Den will er nun mit einer Bitcoin-Alternative wiederholen. Noch vor einem Jahr waren Cryptowährungen wie Bitcoin die große Hoffnung für Liebhaber des anonymen Bezahlens online. Spätestens seitdem der Bitcoin-Kurs aber immer neue Rekorde bricht, arbeiten immer mehr Entwickler an möglichenAlternativen.
|
|
Scooped by
Gust MEES
December 15, 2017 1:28 PM
|
Webseitenbesucher für Crypto-Mining missbraucht
Der Boom um Kryptowährungen hält weiter an. Um an der zunehmenden Wertsteigerung teilzuhaben, missbrauchen manche Webseitenbetreiber sogar die Rechenleistung ihrer Nutzer für das Mining.
Die Anzahl der Webseiten mit Coinhive-Skript ist besonders in den letzten Monaten geradezu sprunghaft angestiegen.
(Quelle: Sophos )
Blockchain-basierte Währungen wie Bitcoin werden immer beliebter. Mehr und mehr Menschen wollen am enormen Wertanstieg der Digitaldevisen mitverdienen; und das auch mit teilweise fragwürdigen Mitteln. Relativ neu ist etwa das Ausnutzen der Rechenleistung von Webseiten-Besuchern zum Mining, also zum Generieren von Kryptowährungen.
Wie die Experten von Sophos beschreiben, ist dazu lediglich eine in JavaScript geschriebene Anwendung des Anbieters Coinhive notwendig. Ist diese in die Webseite integriert, wird das Tool beim Aufruf der Seite automatisch heruntergeladen. Und schon beginnt der Computer im Hintergrund die Kryptowährung Monero zu schürfen.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
December 1, 2017 6:57 PM
|
A study of 90 cryptocurrency mobile applications available on Google Play found that 90 percent of them contain security vulnerabilities or privacy risks.
Web security company High-Tech Bridge conducted the research, using dynamic, static, and interactive testing to search mobile apps for weaknesses, including the top ten mobile flaws listed by the Open Web Application Security Project (OWASP).
“We took the most popular cryptocurrency mobile applications from Google Play from the ‘Finance' category and tested them for security flaws and design weaknesses that can endanger the user, his or her data stored on the device or send/received via the network, or the mobile device itself,” High-Tech Bridge reported in a Nov. 29 blog post.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
November 27, 2017 11:16 AM
|
Eine DDoS-Attacke hat die Kryptowähungs-Börse Bitfinex lahmgelegt. Das bestätigten die Betreiber auf Twitter. Der Angriff sei während Wartungsarbeiten an der Infrastruktur gestartet worden.
Während Wartungsarbeiten an der Infrastruktur legten Hacker die Kryptowährungs-Börse Bitfinex mit einer DDoS-Attacke lahm. Wie die Betreiber auf Twitter mitteilen, ist der Angriff noch in vollem Gange.
Damit erleidet die Tauschbörse einen weiteren schweren Schlag. Erst vor wenigen Tagen hatte die von den Bitfinex-Machern entwickelte Kryptowährung Tether durch einen Cyber-Angriff 31 Millionen US-Dollar verloren. Es bleibt abzuwarten, wie lange die Nutzer der Plattform noch ihr Vertrauen schenken.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitfinex https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
September 20, 2017 11:54 AM
|
A Chrome browser extension, with over 140,000 users, is gobbling up the resources of users’ computers by secretly mining for virtual cash.
The SafeBrowse plugin claims to let you surf the web without the nuisance of wasting time, waiting for annoying advertising pop-ups to disappear so you can, for instance, get your hands on a free download.
What you may not realise, however, is how SafeBrowse’s authors are planning to make money out of your use of their ostensibly “free” tool. That’s because the browser extension automatically mines for digital cryptocurrencies as it runs in your background. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency http://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptocurrency+mining
|
|
Scooped by
Gust MEES
September 18, 2017 12:05 PM
|
|
|
Scooped by
Gust MEES
September 13, 2017 5:17 PM
|
|
|
Scooped by
Gust MEES
June 8, 2017 10:05 AM
|
It's time to update your Raspberry Pi devices or risk them being infected with cryptocurrency mining malware. Someone has developed a simple Linux trojan designed to harness the meager power of Raspberry Pi devices to mine cryptocurrency. Raspberry Pi users may need to consider applying a recent Raspbian OS update to their devices, particularly if they are currently configured to allow external SSH connections. According to Russian security firm Dr Web, the malware Linux.MulDrop.14 exclusively targets Raspberry Pi devices to use their processing power to mine a cryptocurrency. Dr Web discovered the Raspberry Pi mining malware after its Linux honeypot machine became infected with it. The malware uses a simple Bash script to attempt to connect to Raspberry Pi devices configured to accept external SSH connections. It targets Raspberry Pi boards with the default login and password, which are 'pi' and 'raspberry', respectively. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Raspberry+PI
|
|
Scooped by
Gust MEES
September 6, 2016 10:38 AM
|
At Tokyo's MtGox, customers have yet to recover their investments more than two years after closure.
Experts say trading venues acting like banks such as Bitfinex will remain vulnerable. These exchanges act as custodial wallets in which they control users' digital currencies like banks control customer deposits.
"The big exchanges that hold customer deposits are a big target for hackers," said ShapeShift's Voorhees, "and unfortunately most bitcoin exchanges store user funds."
When customers' checking accounts are hacked, there is always a third party at the bank that can step in to deal with the theft.
Not so with bitcoin, said Seattle-based Darin Stanchfield, chief executive officer at KeepKey, a hardware wallet provider. He expects more of these attacks to happen despite efforts to improve security at bitcoin exchanges.
"Unfortunately because of its irreversible nature, bitcoin requires near perfect security. " Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?tag=Bitcoin
|
|
Scooped by
Gust MEES
August 3, 2016 10:07 AM
|
|
|
Scooped by
Gust MEES
June 18, 2016 9:45 AM
|
|
|
|
Scooped by
Gust MEES
December 21, 2017 10:18 AM
|
Sicherheitsforscher haben weltweit 14 Millionen Angriffe pro Stunde auf WordPress-Webseiten registriert. Die Angreifer wollen sich Zugang zu den Seiten verschaffen.
Derzeit erschüttert eine Angriffswelle gegen WordPress-Webseiten das Internet. Sicherheitsforscher von Wordfence haben dokumentiert, dass unbekannte Angreifer pro Stunde 190.000 Seiten via Brute Force attackieren. Als Spitzenwert haben sie stündlich 14 Millionen Angriffe beobachtet.
Dabei probieren sie im großen Stil Kombinationen von Nutzernamen und Passwörtern aus, um Admin-Zugriff auf Webseiten zu bekommen. Dabei sollen sie zum Teil organisiert vorgehen und versuchen, die möglichen Zugangsdaten von der URL und dem Inhalt der Webseite abzuleiten.
Malware schürft Kryptowährung
Ziel der Angriffe ist es Wordfence zufolge, auf gekaperten Seiten Software zum Schürfen der Kryptowährung Monero zu installieren oder diese als Ausgangspunkt für weitere Brute-Force-Attacken zu missbrauchen. Mittlerweile sollen die Angreifer dabei Monero im Wert von 100.000 US-Dollar geschürft haben.
Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
December 15, 2017 1:34 PM
|
What would you like with your latte? Cocoa? Cinnamon? Sprinkle of cryptocurrency mining piggybacking off your free Wi-Fi?
Recent visitors to a Buenos Aires Starbucks didn’t actually have a choice: instead, a 10-second delay was foisted on them when they connected to the coffee shop’s “free” Wi-Fi, as their laptops’ power secretly went to mine cryptocoins (of which the Starbucks customers received nary one slim dime, of course).
The mining was noticed by Stensul CEO Noah Dinkin, who took to Twitter on 2 December to ask Starbucks if it was aware of what was going on. He included a screenshot of the code.
Dinkin said in his tweet that the code was mining bitcoins, but it was actually CoinHive code, which offers a JavaScript miner for generating a cryptocurrency called Monero that’s an alternative to Bitcoin. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
December 8, 2017 8:18 PM
|
"Highly professional" hackers made off with around 4,700 Bitcoin from a leading mining service, a Bitcoin exchange has said.
The value of Bitcoin is currently extremely volatile, but at the time of writing, the amount stolen was worth approximately $80m.
The hacked service was NiceHash, a Slovenia-based mining exchange.
It said it was working hard to recover the Bitcoin for its users, adding: "Someone really wanted to bring us down."
The attack happened early on Wednesday, said NiceHash's chief executive Marko Kobal. Attackers accessed the company's systems at 01:18 CET (00:18 GMT). By 03:37 the hackers, whom the company believes were based outside the European Union, had begun stealing Bitcoin.
The theft comes as the price of Bitcoin continues to surge, dumbfounding experts and stoking concerns of a bubble.
High-stakes attacks like this are not uncommon, with several large breaches and thefts hitting Bitcoin and other related services over the past year.
NiceHash is a mining service, a company that pairs up people with spare computing power with those willing to pay to use it to mine for new Bitcoin. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
November 27, 2017 2:35 PM
|
The average home now has around three connected computers and four smart mobile devices. Hardly surprising, considering that 86 per cent of us check the Internet several times a day or more, and that’s outside of work. Chatting, shopping, banking, playing games, listening to music, booking travel and managing our increasingly connected homes. The risk of cyberattack can be the furthest thing from our mind. Every year, Kaspersky Lab’s experts look at the main cyberthreats facing connected businesses over the coming 12 months, based on the trends seen during the year. For 2018, we decided to extract some top predictions that also have big implications for everyday connected life. So what could the hackers be after in 2018? Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet
|
|
Scooped by
Gust MEES
October 5, 2017 8:53 AM
|
Eine Schule im Brandenburger Land, The Pirate Bay und etliche Webseiten aus der Alexa-Top-1-Million-Liste schürfen ungefragt Kryptowährungen auf den Rechnern der Nutzer. Der Anbieter Coinhive will das Verfahren künftig anpassen, damit es weniger Ärger gibt.
Immer mehr Webseiten schürfen ungefragt und ohne Kennzeichnung auf Kosten der Nutzer Kryptowährungen wie Monero. Nach einem Testlauf bei der Torrent-Seite The Pirate Bay verschwand der entsprechende Code des Anbieters Coinhive kurzzeitig wieder aus dem Quelltext der Seite, ist aber mittlerweile wieder integriert. Außerdem gibt es zahlreiche Nachahmer. Richtig lohnen dürfte sich das allerdings nur für die wenigsten Seitenbetreiber - den Verlust an Reputation bei den Besuchern dürfte es kaum wiedergutmachen, wenn diese davon Kenntnis erlangen. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency http://www.scoop.it/t/securite-pc-et-internet/?&tag=cryptocurrency+mining
|
|
Scooped by
Gust MEES
September 18, 2017 1:18 PM
|
|
|
Scooped by
Gust MEES
September 14, 2017 5:46 PM
|
Cryptocurrency mining attacks are on the rise. This year alone, hackers have infected over 1.65 million computers with cryptocurrency miners in just eight months. Security experts say cryptocurrecny mining Trojans have risen dramatically over the past few years, from merely 205,000 global infections in 2013 to over a million in 2017. Security researchers at Kaspersky Lab said in August alone they detected "several large botnets" being used by cybercriminals to profit from concealed crypto mining. The researchers also said that Monero and ZCash are the most popular virtual currencies, as the "anonymity of transactions" is attractive to cybercriminals. The development of the cryptocurrency market has led to an explosive growth in cases where miners are installed without users' knowledge or consent. This can be explained by the fact that when a new cryptocurrency is emerging, it is much easier to mine and make money from it. Threat actors are on the lookout for ways to use the resources of somebody else's hardware, and often it is regular users who fall victim," the Kaspersky Lab researchers said in a blog. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Bitcoin http://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
July 18, 2017 8:38 AM
|
A hacker has made off with roughly $7.4 million in virtual currency after pouncing during an ethereum ICO.
As reported my Motherboard, the hacker took the opportunity to disrupt the Initial Coin Offering (ICO) of CoinDash, a trading platform for cryptocurrencies.
On Monday, CoinDash held its Token Sale event, in which investors were meant to be able to fund apps in development with virtual currency in return for a stake in such applications in an event similar to a crowdfunding campaign.
The CoinDash ICO, like many others in which cryptocurrency "tokens" (CDT) were exchanged for shares in a project, was keenly anticipated by investors.
However, this time, something went terribly wrong.
Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=ETHEREUM http://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
|
Scooped by
Gust MEES
May 17, 2017 1:58 PM
|
A cryptocurrency-mining malware began exploiting a leaked NSA vulnerability several weeks before WannaCry sank its teeth into it.
The researchers expected to see the ransom message above when they looked at a lab machine vulnerable to EternalBlue. Instead they found a subtler threat: Adylkuzz. This malware relies on virtual private servers scanning the Internet on TCP port 445 for distribution. If infection proves successful, it enlists victims in a cryptocurrency-mining botnet. But Adylkuzz isn't interested in sharing an affected computer that's capable of communicating over Microsoft's Microsoft Server Message Block (SMB). Security researcher Kafeine elaborates on that point: "Upon successful exploitation via EternalBlue, machines are infected with DoublePulsar. The DoublePulsar backdoor then downloads and runs Adylkuzz from another host. Once running, Adylkuzz will first stop any potential instances of itself already running and block SMB communication to avoid further infection. It then determines the public IP address of the victim and download the mining instructions, cryptominer, and cleanup tools."
In that sense, Adylkuzz blocks other threats like WannaCry from leveraging ExternalBlue to infect vulnerable computers. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/securite-pc-et-internet/?&tag=Adylkuzz http://www.scoop.it/t/securite-pc-et-internet/?&tag=RANSOMWARE http://www.scoop.it/t/securite-pc-et-internet/?&tag=Phishing http://www.scoop.it/t/securite-pc-et-internet/?&tag=Botnet
|
|
Scooped by
Gust MEES
August 3, 2016 11:20 AM
|
|
|
Scooped by
Gust MEES
July 27, 2016 11:25 AM
|
The DAO stands for the “Distributed Autonomous Organization,” and while that could very well refer to anything from a blockchain car-share app to a hive of honey bees, this rather boring title stands for something truly remarkable: the first unmanned investment portfolio. It is a proof of concept for what many believe will be the future of finance, with software organizing and overseeing an investment strategy developed through semi-democratic input from the collected investors. It’s secured by the much-ballyhooed Ethereum platform, using a cryptocurrency called Ether as its trading currency, and at first everything seemed to be proceeding according to plan. It was a confirmation of the promise of the blockchain, and proof that the future really is near at hand!
Then, just days after that DAO’s public launch, a lone hacker managed to digitally make off with more than $50 million-worth of Ether, or roughly a third of the overall capital the DAO had raised. More than a setback, this was an existential problem: This was the one, specific thing that was supposed to be impossible under the supervision of the blockchain. Despite all the efforts detailed below, make no mistake: the DAO is dead. What’s important now is containing the damage, and stopping it from ruining trust in Ethereum as a whole. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=Ethereum http://www.wired.com/2016/06/50-million-hack-just-showed-dao-human/ http://www.scoop.it/t/luxembourg-europe/?tag=Bitcoin http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain http://www.scoop.it/t/securite-pc-et-internet/?tag=Phishing
|
|
Scooped by
Gust MEES
June 18, 2016 9:40 AM
|
|
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/t/securite-pc-et-internet/?&tag=WordPress