Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
Anonymous has leaked VMware’s ESX Server kernel source code online, and the veracity of the claim has been confirmed on the company's Security and Compliance blog. Finally, a number of high and low profile sites have also been hacked and defaced: NBC, Saturday Night Live, a Lady Gaga fan site (all purportedly by a hacker that goes by the handle of Pyknic), the Ghana Consulate, Arcelor Mittal, and others. Read more, a MUST: http://www.net-security.org/secworld.php?id=13900
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Misconfigured Apache sites expose user passwords, other private data System status pages are publicly viewable on thousands of sites. Read more, a MUST: http://mcaf.ee/qilcd
Cybercriminals Continue to Improve Skype-Spreading Malware... At the beginning of October, cybercriminals started spreading some nasty pieces of malware via Skype by using messages such as “lol is this your new profile pic” to trick users into clicking on malicious links. According to security firms, millions of users might have infected their computers after clicking on the suspicious links. Although the infection rates have dropped since, security researchers say that the individuals responsible for developing and maintaining the threats known as W32.IRCBot.NG and W32.Phopifas haven’t given up on their project. The infection routine remains unchanged, but the developers have added new hosts from which the pieces of malware can be downloaded, Symantec experts explain. Read more, a MUST: http://news.softpedia.com/news/Cybercriminals-Continue-to-Improve-Skype-Spreading-Malware-303654.shtml?utm_source=twitter&utm_medium=twitter&utm_campaign=twitter_web
|
Scooped by
Gust MEES
|
Drives & Controls :: News :: World news :: More than 500,000 control devices are vulnerable to Internet attacks... More than 500,000 control devices are vulnerable to Internet attacks Cyber-security researchers have found more than 500,000 control devices with direct connections to the Internet that could be used to attack them and the systems they control. The unnamed researchers have reported their findings to the US Government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). The researchers found the potentially vulnerable systems using the Shodan search engine and searching for control-systems-related terms such as Scada (supervisory control and data acquisition). The researchers are worried that cyber-attackers could use the search engine in a similar way as a shortcut to finding vulnerable control systems and thus threaten or attack critical infrastructure. Read more: http://www.drives.co.uk/fullstory.asp?id=3659
|
Scooped by
Gust MEES
|
Steven Chabinsky, former top lawyer in the FBI's cybersecurity section, thinks attackers are ahead of us and we need to change our defensive thinking. "When that happens, you know you have a strategy problem on your hands. Had the strategy been working, people would have been executing properly and succeeding. But it isn't. The government and private sector were executing on their plans very well and they didn't improve cybersecurity every year. There was objectively better security, but subjectively, against threat actors, they were gaining momentum. The threat continues to outpace us." Read more, a MUST: http://threatpost.com/en_us/blogs/think-differently-cybersecurity-or-fall-farther-behind-former-fbi-lawyer-says-091912
|
L'éditeur de logiciel de sécurité Kaspersky a publié quelques statistiques sur les failles de sécurité découvertes dans le monde au troisième trimestre. Pour délivrer ces chiffres, Kaspersky s'appuie sur la base d'utilisateurs de ses produits. On trouve ensuite des logiciels d'Adobe (Flash, Adobe Reader et Shockwave) qui est le plus représenté dans ce top 10 avec cinq mentions. Apple est également présent avec des failles concernant QuickTime (14 % des utilisateurs concernés) et iTunes (12 %). Nullsoft avec Winamp ferme la marche. En savoir plus : http://www.macg.co/news/voir/257709/vulnerabilites-kaspersky-pointe-adobe-oracle-et-apple
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
European Commission - Press Release - European Commission Neelie Kroes Vice-President of the European Commission responsible for the Digital Agenda Information Security Forum Conference, Chicago 4th November 2012 Every day, people worldwide rely... ===> Cyber-security should be recognised as a top political priority. <=== Here in the US it has long obtained political attention. It is time we do the same in Europe and worldwide. Read more, a MUST: http://europa.eu/rapid/press-release_SPEECH-12-774_en.htm?locale=en
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
"Waging war" on Russia, hacktivist collective GhostShell have released 2.5 million records stolen from the Russian government.
Two security vulnerabilities in Safari are being addressed in an update of the browser software released by Apple earlier today. This update coincides with Apple’s iOS 6.0.1 software update, which addressed multiple security problems. The 48.5 MB update to Safari 6.0.2 is available for OS X Lion and OS X Mountain Lion, and is recommended as it fixes security flaws in the software. ===> UPDATE asap!!! <=== Read more, a MUST: http://www.intego.com/mac-security-blog/safari-update-fixes-security-flaws/
Company bolsters anti-hacker defences... Apple has released an update for its Safari web browser designed to fix a number of security flaws. The iPhone maker released the Safari update alongside a security patch for its iOS mobile operating system on Friday. The update aims to protect Safari users from drive-by download attacks and patch a number of Java vulnerabilities within the web browser. ===> Drive-by download attacks use malicious websites that infect machines with malware when visited. <=== The update is available now on Apple's OS X Lion v10.7.5, OS X Lion Server v10.7.5 and OS X Mountain Lion v10.8.2 operating systems. ===> The release follows a number of high-profile attacks on Apple's Mac OS. Prior to the update numerous exploits targeting Safari using Java vulnerabilities had been detected. <=== Read more, a MUST: http://www.v3.co.uk/v3-uk/news/2222043/apple-fixes-safari-security-flaws?utm_source=dlvr.it&amp;amp;utm_medium=twitter
Via Gust MEES
With more than 2 Million home computers infected, the ZeroAccess Botnet Generates roughly $1 Million in Ad Click fraud daily for cybercriminals. A report from network-based security and analytics vendor Kindsight says that 2.2 million home networks were infected with the ZeroAccess botnet in Q3 2012. This infection rate means that advertisers are losing almost one million dollars a day due to click fraud generated by the botnet, the report adds. ZeroAccess has been around since 2010, and is a business in and of itself. In September, it was estimated that the size of the botnet had grown to one million systems and had been installed over 9 million times globally, with the majority of these infection and installation points located within the U.S. Read more, a MUST: http://www.securityweek.com/millions-home-networks-infected-zeroaccess-botnet?utm_source=dlvr.it&amp;utm_medium=twitter
“The Russian shadow economy is an economy of scale, one that is service oriented and that has become a kleptocracy wherein crony capitalism has obtained a new lease on life in cyberspace,” says a new report into the cybercriminal Russian underground. Professor John Walker, chair of the London chapter ISACA and CTO of Secure-Bastion, sees a road-map for APT laid out by the report. “In a nutshell,” he told Infosecurity, “what the Trend Micro report is confirming is that the much debated logical attack vectors of ===> the Advanced Persistent Threat (APT), and the more focused Advanced Evasion Techniques (AET) as reported by StoneSoft are not hype, but reality.<=== “In the Trend Micro report,” he continued, “we see the imagination of the Russian Cyber Attacker laid out before our eyes – with some excellent examples of the lengths cyber criminals are prepared to take to underpin a successful mission. ===> It is also very clear that, this mission is lucrative, and would seem to imply it is going to be with us for some time yet.” <=== Read more, a MUST: http://www.infosecurity-magazine.com/view/29077/a-look-at-the-russian-underground-cyber-market/#.UJFD5MecGjY.twitter
Symantec helps consumers and organizations secure and manage their information-driven world. Zero-Day World Zero-day (zero-hour or day zero) vulnerabilities are previously unknown vulnerabilities that have not been revealed publicly but are exploited by attackers. Discovering and exploiting zero-day vulnerabilities helps cyber criminals to increase the success rate of attacks. Attacks using zero-day exploits are tough to identify and analyze because in many cases information is not available until attacks have already occurred. There is practically no protection against zero-day attacks as details of the vulnerability is usually a mystery when these attacks are first observed. Learn more, a MUST: http://www.symantec.com/connect/blogs/zero-day-world
|