 Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
February 12, 2013 10:11 AM
|
Products have substantial flaws, technology designers seek ways to extract money from users, and many users twist well intentioned technology in ways the designers never expected, often involving baser instincts. These realities should come as no surprise to security professionals who are usually most effective when assuming the worst in people. One sure to be abused emerging technology is augmented reality.
Augmented reality technologies overlay computer generated data on a live view of the real world. Anticipated application domains include entertainment, travel, education, collaboration, and law enforcement, among numerous others.
|
|
Rescooped by
Gust MEES
from 21st Century Learning and Teaching
January 30, 2013 9:13 AM
|
Der Sicherheitsfirma Rapid7 zufolge lassen sich Zugänge und Passwörter zu IP-Videokameras und digitalen Videorekordern mit Firmware von RaySharp leicht hacken. Die verwenden immerhin 18 Hersteller. Angreifer können über die Schwachstelle die volle Kontrolle übernehmen – und weitere Attacken fahren. Betroffen von den Bugs sind die Geräte von 18 Herstellern, die sich der chinesischen Plattform bedienen. Rapid7 hat daraufhin das Netz durchsucht – und will mindestens 58.000 Geräte gefunden haben, die sich aushebeln lassen. Denn der größte aller Fehler in RaySharps Software ist, das sich über den Port 9000 die Web-Oberfläche zur Gerätesteuerung ganz ohne Passwort öffnen lässt. Zudem sind die Geräte drauf ausgelegt, via UPnP eine Verbindung zum Router aufzubauen – das ist als Öffnung zur Außenwelt gedacht, damit Nutzer ihre Kameras über das Netz steuern können – lässt sich aber in den Werkseinstellungen auch von Unbefugten für ihre dunklen Zwecke nutzen.
Attackers have expanded their attacks beyond the Windows platform to include Mac OS X and Android. 27 Percent of All Cybercrime Linked to the ‘Blackhole’ Exploit Kit, Sophos said. Even though the overall market share for Mac OS X remains small compared to other platforms, the number of Mac threats are growing as more users switch. Flashback, the malware that reportedly infected hundreds of thousands of Apple systems in April was the largest mass attack this year, but it's not the only Mac malware out there. In a typical week, SophosLabs detects 4,900 pieces of OS X malware on Mac computers. ===> In a snapshot of Mac malware detected over a one-week period in August, SophosLab detected various variants of fake antivirus, codecs and Flash player. <=== Read more, a MUST: http://www.securityweek.com/sophos-blackhole-will-get-more-complex-android-and-mac-os-are-prime-attack-targets
Mac malware has been found on a website related to the Dalai Lama, capable of allowing hackers to steal files and spy on keystrokes. If your Mac is infected by OSX/Bckdr-RNW, remote hackers will be able to steal information from your computer and capture any keypresses you make. The attack was presumably designed to infect computers visiting the Dalai Lama-related website, which - one would imagine - would belong to sympathisers with the exiled Tibetan government. ===> Running a Mac without anti-virus software is a little like running naked through a field of thistles. Sooner or later, something bad is going to happen. <=== Read more, a MUST: http://nakedsecurity.sophos.com/2012/12/03/dockster-mac-malware-dalai-lama/
|
|
Scooped by
Gust MEES
November 22, 2012 12:27 PM
|
An increasing number of complex attacks demand improved early warning detection capabilities for CERTs. By having threat intelligence collected without any impact on production infrastructure, CERTs can better defend their constituencies assets. Honeypots are powerful tools that can be used to achieve this goal. This document is the final report of the ‘Proactive Detection of Security Incidents: Honeypots’ study. Publication date: Nov 22, 2012
|
|
Scooped by
Gust MEES
November 20, 2012 6:31 AM
|
|
|
Scooped by
Gust MEES
November 14, 2012 12:05 PM
|
McAfee publie son rapport trimestriel sur les menaces informatiques, qui analyse notamment les techniques du cybercrime et l’évolution mondiale des cyberattaques. Le rapport dévoile de nouveaux détails sur l’opération « High Roller », ainsi que des chiffres en matière de logiciels malveillants visant les mobiles, qui ont quasiment doublé par rapport au trimestre précédent, et la hausse sans précédent des violations des bases de données. McAfee Labs a également constaté une hausse importante de certaines catégories de logiciels malveillants, dont les logiciels de demande de rançons ou ransomware et les fichiers binaires signés. ===> Les rootkits et les logiciels malveillants ciblant les Mac continuent eux aussi d’augmenter, à l’instar des chevaux de Troie voleurs de mots de passe et des logiciels malveillants autoexécutables, qui ont enregistré une hausse considérable. <=== En savoir plus : http://www.globalsecuritymag.fr/Rapport-trimestriel-McAfee,20121114,33708.html
|
|
Scooped by
Gust MEES
November 9, 2012 7:16 AM
|
|
|
Scooped by
Gust MEES
November 5, 2012 10:29 AM
|
Anonymous has leaked VMware’s ESX Server kernel source code online, and the veracity of the claim has been confirmed on the company's Security and Compliance blog. Finally, a number of high and low profile sites have also been hacked and defaced: NBC, Saturday Night Live, a Lady Gaga fan site (all purportedly by a hacker that goes by the handle of Pyknic), the Ghana Consulate, Arcelor Mittal, and others. Read more, a MUST: http://www.net-security.org/secworld.php?id=13900
|
|
Rescooped by
Gust MEES
from 21st Century Learning and Teaching
November 3, 2012 1:51 PM
|
|
|
Scooped by
Gust MEES
November 2, 2012 10:02 AM
|
Misconfigured Apache sites expose user passwords, other private data System status pages are publicly viewable on thousands of sites. Read more, a MUST: http://mcaf.ee/qilcd
Two weeks ago, Mac security software company Intego discovered malware which it classified as "a new Java backdoor trojan called Java/Jacksbot.A.” New threats are discovered all the time, but Intego later concluded that even though Jacksbot is a variant of the Java remote access tool (RAT) created by the jailbreaking group Redpois0n, it can target multiple platforms. The malware writers behind JACKSBOT may just be testing the waters for a successful multiplatform malware; however for now they appear to be unwilling to invest the time and resources to develop the code more completely. ===> It’s likely that the authors will continue to improve the code to fully support infection for OS X and Linux. <=== Read more, a MUST: http://thenextweb.com/2012/10/31/jacksbot-java-malware-can-take-control-of-windows-mac-and-linux-systems/?utm_source=dlvr.it&amp;utm_medium=twitter
|
|
Scooped by
Gust MEES
October 31, 2012 9:24 AM
|
Drives & Controls :: News :: World news :: More than 500,000 control devices are vulnerable to Internet attacks... More than 500,000 control devices are vulnerable to Internet attacks Cyber-security researchers have found more than 500,000 control devices with direct connections to the Internet that could be used to attack them and the systems they control. The unnamed researchers have reported their findings to the US Government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The researchers found the potentially vulnerable systems using the Shodan search engine and searching for control-systems-related terms such as Scada (supervisory control and data acquisition). The researchers are worried that cyber-attackers could use the search engine in a similar way as a shortcut to finding vulnerable control systems and thus threaten or attack critical infrastructure. Read more: http://www.drives.co.uk/fullstory.asp?id=3659
|
|
|
Scooped by
Gust MEES
February 8, 2013 3:28 PM
|
Bit9, a company that provides software and network security services to the U.S. government and at least 30 Fortune 100 firms, has suffered an electronic compromise that cuts to the core of its business: helping clients distinguish known “safe” files from computer viruses and other malicious software.
|
|
Scooped by
Gust MEES
January 28, 2013 10:59 AM
|
Critical infrastructure providers' worst security vulnerability may be their employees.
|
|
Scooped by
Gust MEES
December 4, 2012 11:27 AM
|
Read about the latest cyber security trends in the Sophos Security Threat Report 2013. Most malware developers have found it more profitable to attack Windows than to learn new skills needed to target the smaller OS X user community. ===> But Macs are finding a new home in thousands of businesses and government agencies, and malware authors are paying attention. <===
Forrester Research analyst Frank Gillette recently reported that “almost half of enterprises (1,000 employees or more) are issuing Macs to at least some employees—and they plan a 52% increase in the number of Macs they issue in 2012.”
===> Even more Macs are arriving unofficially through bring your own device arrangements, where they are often an executive’s device of choice for accessing web or cloud applications. <=== ===> Growing Mac usage means many IT organizations must objectively assess, mitigate, and anticipate Mac-related malware threats for the first time. And the risks are clearly increasing! <=== ============================================= Gust MEES Check also my Curation about it: - http://www.scoop.it/t/apple-mac-ios4-ipad-iphone-and-in-security
=============================================
Read more, a MUST: http://www.sophos.com/en-us/medialibrary/PDFs/other/sophossecuritythreatreport2013.pdf?id=ee65b697-1d30-4971-b240-ce96b5e529aa&amp;amp;dl=true
A sample of a new Mac spyware called OSX/Dockster.A was found today on Virus Total. This trojan is currently considered low risk as it is not known to have infected users. It has backdoor functiona...
|
|
Scooped by
Gust MEES
November 20, 2012 8:32 AM
|
The Linux root kit targets 64-bit Linux platforms and uses advanced techniques to hide itself, and infects the websites hosted on attacked HTTP server working to launch drive-by download attacks. “It's an outstanding sample, not only because it targets 64-bit Linux platforms and uses advanced techniques to hide itself, but primarily because of the unusual functionality of infecting the websites hosted on attacked HTTP server - and therefore working as a part of drive-by download scenario,” commented Marta Janus, a Kaspersky Lab Expert who examined the rootkit sample. ===> “This rootkit, though it's still in the development stage, shows a new approach to the drive-by download schema and we can certainly expect more such malware in the future.” <=== Read more: http://www.securityweek.com/linux-rootkit-found-launching-iframe-injection-attacks
|
|
Scooped by
Gust MEES
November 18, 2012 2:02 PM
|
FreeBSD has announced a smallish system compromise.
The FreeBSD administrators took a bunch of servers offline to investigate, and published a blow-by-blow account of what they know about the b...
The malware threat on Macs is real, and should not be underestimated. SophosLabs, is a new variant of the OSX/Imuler Trojan horse. In the past, earlier variants of the OSX/Imuler malware has been spread via topless photos of a Russian supermodel or embedded deep inside boobytrapped PDF files. If your Mac was successfully infected by malware like this, you have effectively given remote control of your computer and your data to an invisible and unknown party. ===> They could steal files from your Mac, spy on your emails, and plant further malware onto your systems. <=== Read more, a MUST: http://nakedsecurity.sophos.com/2012/11/13/new-mac-trojan/
L'éditeur de logiciel de sécurité Kaspersky a publié quelques statistiques sur les failles de sécurité découvertes dans le monde au troisième trimestre. Pour délivrer ces chiffres, Kaspersky s'appuie sur la base d'utilisateurs de ses produits. On trouve ensuite des logiciels d'Adobe (Flash, Adobe Reader et Shockwave) qui est le plus représenté dans ce top 10 avec cinq mentions. Apple est également présent avec des failles concernant QuickTime (14 % des utilisateurs concernés) et iTunes (12 %). Nullsoft avec Winamp ferme la marche. En savoir plus : http://www.macg.co/news/voir/257709/vulnerabilites-kaspersky-pointe-adobe-oracle-et-apple
|
|
Scooped by
Gust MEES
November 5, 2012 9:53 AM
|
Two security vulnerabilities in Safari are being addressed in an update of the browser software released by Apple earlier today. This update coincides with Apple’s iOS 6.0.1 software update, which addressed multiple security problems. The 48.5 MB update to Safari 6.0.2 is available for OS X Lion and OS X Mountain Lion, and is recommended as it fixes security flaws in the software. ===> UPDATE asap!!! <=== Read more, a MUST: http://www.intego.com/mac-security-blog/safari-update-fixes-security-flaws/
Company bolsters anti-hacker defences... Apple has released an update for its Safari web browser designed to fix a number of security flaws.
The iPhone maker released the Safari update alongside a security patch for its iOS mobile operating system on Friday.
The update aims to protect Safari users from drive-by download attacks and patch a number of Java vulnerabilities within the web browser.
===> Drive-by download attacks use malicious websites that infect machines with malware when visited. <===
The update is available now on Apple's OS X Lion v10.7.5, OS X Lion Server v10.7.5 and OS X Mountain Lion v10.8.2 operating systems.
===> The release follows a number of high-profile attacks on Apple's Mac OS. Prior to the update numerous exploits targeting Safari using Java vulnerabilities had been detected. <===
Read more, a MUST: http://www.v3.co.uk/v3-uk/news/2222043/apple-fixes-safari-security-flaws?utm_source=dlvr.it&amp;amp;utm_medium=twitter
Via Gust MEES
|
|
Rescooped by
Gust MEES
from 21st Century Learning and Teaching
October 31, 2012 5:52 PM
|
|
This had to come, I was wondering that it didn't show up earlier! Any device and software program application who connects to the Internet is vulnerable and will get misused one day by the bad guys!!!
Stay protected with updated protection software and update also all your other installed programs on your devices as well as you SHOULD update your browsers!!!
Learn more:
- https://gustmees.wordpress.com/2012/11/29/cyber-hygiene-ict-hygiene-for-population-education-and-business/
This had to come, I was wondering that it didn't show up earlier! Any device and software program application who connects to the Internet is vulnerable and will get misused one day by the bad guys!!!
Stay protected with updated protection software and update also all your other installed programs on your devices as well as you SHOULD update your browsers!!!
Learn more:
- https://gustmees.wordpress.com/2012/11/29/cyber-hygiene-ict-hygiene-for-population-education-and-business/