Post

Visualizzazione dei post da febbraio, 2017

D-Link resolves enterprise switch hacker risk

https://www.theregister.co.uk/2017/02/27/dlink_router_flaw/

Google's Project Zero reveals another Microsoft flaw

https://www.theregister.co.uk/2017/02/27/google_project_zero_reports_flaw_in_ie_edge/

Cloudbleed: Big web brands leaked crypto keys, personal secrets thanks to Cloudflare bug • The Register

https://www.theregister.co.uk/2017/02/24/cloudbleed_buffer_overflow_bug_spaffs_personal_data/

Linux kernel gets patch for 11-year-old local-root-hole security bug • The Register

https://www.theregister.co.uk/2017/02/23/linux_kernel_gets_patch_against_12yearold_bug/

Ransomware attack hit San Francisco train system

http://www.usatoday.com/story/tech/news/2016/11/28/san-francisco-metro-hack-meant-free-rides-saturday/94545998/

Google bellows bug news after Microsoft sails past fix deadline • The Register

https://www.theregister.co.uk/2017/02/20/google_project_zero_discloses_microsoft_bug_again/

Connected car in the second-hand lot? Don't buy it if you're not hack-savvy • The Register

https://www.theregister.co.uk/2017/02/20/connected_car_in_the_secondhand_lot_dont_buy_it_if_youre_not_hacksavvy/

University Breach

https://www.recordedfuture.com/recent-rasputin-activity/

Smash up your kid's Bluetooth-connected Cayla 'surveillance' doll, Germany urges parents • The Register

https://www.theregister.co.uk/2017/02/17/cayla_doll_banned_in_germany/

Hackers still exploiting eBay’s stored XSS vulnerabilities in 2017 | Netcraft

https://news.netcraft.com/archives/2017/02/17/hackers-still-exploiting-ebays-stored-xss-vulnerabilities-in-2017.html

New ASLR-busting JavaScript is about to make drive-by exploits much nastier

https://arstechnica.com/security/2017/02/new-aslr-busting-javascript-is-about-to-make-drive-by-exploits-much-nastier/

Operation Kingphish: Uncovering a Campaign of Cyber Attacks against Civil Society in Qatar and Nepal

https://medium.com/amnesty-insights/operation-kingphish-uncovering-a-campaign-of-cyber-attacks-against-civil-society-in-qatar-and-aa40c9e08852

Vulnerability in Microsoft SMBv3 protocol crashes Windows PCs

http://www.infoworld.com/article/3165231/microsoft-windows/vulnerability-in-microsoft-smbv3-protocol-crashes-windows-pcs.html

ASLR-security-busting JavaScript hack demo'd by university boffins • The Register

https://www.theregister.co.uk/2017/02/14/aslr_busting_javascript_hack/

UK website data insecurity worries: Users in bits over car break-up emails • The Register

https://www.theregister.co.uk/2017/02/14/uk_car_parts_website_insecure_worries/

Trend Micro Patches Password-Leaking Software Flaw | Silicon UK

http://www.silicon.co.uk/security/security-management/trend-micro-password-manager-flaw-183727

Hitachi Payment services accepts its systems were compromised - E Hacker News

http://www.ehackingnews.com/2017/02/hitachi-payment-services-accepts-its.html?m=1

Hacker russi attaccarono la Farnesina di Gentiloni. Russia smentisce

http://www.repubblica.it/esteri/2017/02/10/news/hacker_russia_farnesina-158004555/

F5's Big-IP leaks little chunks of memory, even SSL session IDs • The Register

https://www.theregister.co.uk/2017/02/09/f5s_bigip_leaks_lots_of_little_chunks_of_memory/

Mag publisher Future stored your FileSilo passwords in plaintext. Then hackers hit • The Register

https://www.theregister.co.uk/2017/02/09/filesilo_lost_plaintext_passwords/

Macs don't get viruses? Hahaha, ha... seriously though, that Word doc could be malware • The Register

https://www.theregister.co.uk/2017/02/09/mac_malware_rash/

Fast Food Chain Arby’s Acknowledges Breach

https://krebsonsecurity.com/2017/02/fast-food-chain-arbys-acknowledges-breach/

Revealed: Malware that skulks in memory, invisibly collecting sysadmins' passwords • The Register

https://www.theregister.co.uk/2017/02/08/hidden_malware_menaces_enterprises/

Stolen Passwords Fuel Cardless ATM Fraud

https://krebsonsecurity.com/2017/01/stolen-passwords-fuel-cardless-atm-fraud/

Honeywell SCADA Controllers Exposed Passwords in Clear Text

https://threatpost.com/honeywell-scada-controllers-exposed-passwords-in-clear-text/123562/

Ransomware killed 70% of Washington DC CCTV ahead of inauguration

https://www.theregister.co.uk/2017/01/30/ransomware_killed_70_of_washington_dc_cctv_ahead_of_inauguration/

D-Link sucks so much at Internet of Suckage security – US watchdog

https://www.theregister.co.uk/2017/01/06/ftc_files_suit_over_dlink_security/

Japan Reports over 300 Ransomware Attacks on Smart TVs This Year

http://technewshunter.com/apple/japan-reports-over-300-ransomware-attacks-on-smart-tvs-this-year-28452/

Changing other people's flight bookings is too easy

http://www.computerworld.com/article/3153694/security/changing-other-peoples-flight-bookings-is-too-easy.html

Thousands of bogus certs issued after GoDaddy bug blunder

http://www.itnews.com.au/news/thousands-of-bogus-certs-issued-after-godaddy-bug-blunder-447178

Hotel ransomed by hackers as guests locked out of rooms

http://www.thelocal.at/20170128/hotel-ransomed-by-hackers-as-guests-locked-in-rooms

How Hackers Could Have Pwned You With a Nasty Steam Bug - Motherboard

https://motherboard.vice.com/en_us/article/how-hackers-could-have-pwned-you-with-a-nasty-steam-bug

iKittens: Iranian Actor Resurfaces with Malware for Mac (MacDownloader)

https://iranthreats.github.io/resources/macdownloader-macos-malware/

Web banking malware slurps $1.2m for crooks, now kingpin 'fesses up

https://www.theregister.co.uk/2017/02/06/brooklyn_man_pleads_guilty_to_12m_banking_malware_thefts/

Went out boozing in SF during Dreamforce or Oracle OpenWorld? Malware may have slurped your bank card • The Register

https://www.theregister.co.uk/2017/02/06/intercontinental_hotels_group_hacked/

Got an OpenBSD Web server? Better patch it • The Register

https://www.theregister.co.uk/2017/02/07/got_an_openbsd_web_server_better_patch_it/

Cybersecurity experts uncover dormant botnet of 350, 000 Twitter accounts

https://www.technologyreview.com/s/603404/cybersecurity-experts-uncover-dormant-botnet-of-350000-twitter-accounts/

Hacker: I made 160,000 printers spew out ASCII art around the world • The Register

https://www.theregister.co.uk/2017/02/06/hacker_160000_printers/

Polish banks hit by malware sent through hacked financial regulator • The Register

https://www.theregister.co.uk/2017/02/06/polish_banks_hit_by_malware_sent_through_hacked_financial_regulator/

Slammer worm slithers back online to attack ancient SQL servers • The Register

https://www.theregister.co.uk/2017/02/05/sql_slammer_back/

Particle accelerator hacked: Boffins' hashed passwords beamed up • The Register

https://www.theregister.co.uk/2017/02/03/australian_synchrotron_hacked/

New SMB bug: How to crash Windows system with a 'link of death' • The Register

https://www.theregister.co.uk/2017/02/04/windows_flaw_adds_crashing_as_a_service/

Popular hacker warkit Metasploit now hacks hardware and cars • The Register

https://www.theregister.co.uk/2017/02/03/metasploit_hardware_upgrade/

Chinese hackers switch tactics for spying on Russian jet makers • The Register

https://www.theregister.co.uk/2017/02/03/china_russia_aerospace_apt/

'Webroot made my PCs s*** the bed' – AV update borks biz machines hard • The Register

https://www.theregister.co.uk/2017/02/02/webroot_snafu/

F**k Donald Trump: Hackers wont stop hijacking local US radio stations to play controversial rap song

http://www.ibtimes.co.uk/hackers-wont-stop-hijacking-local-us-radio-stations-play-f-donald-trump-rap-1604304

Careless Licking gets a nasty infection: County stiffed by ransomware • The Register

https://www.theregister.co.uk/2017/02/02/ohio_county_licking_shut_down_by_ransomware/

Home-pwners: Cisco's Prime Home lets hackers hijack people's routers, no questions asked • The Register

https://www.theregister.co.uk/2017/02/01/cisco_remote_access_hole_in_prime_home/

WordPress fixed god-mode zero day without disclosing the problem • The Register

https://www.theregister.co.uk/2017/02/02/last_weeks_boring_sqli_wordpress_patch_hid_fix_for_godmode_zero_day/

Another Schneider vuln: Plaintext passwords on client-side RAM resolved • The Register

https://www.theregister.co.uk/2017/02/02/data_centre_control_kit_flaw_resolved/

Google mistakes the entire NHS for massive cyber-attacking botnet • The Register

https://www.theregister.co.uk/2017/02/01/google_mistakes_entire_nhs_for_a_botnet/

Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society - The Citizen Lab

https://citizenlab.org/2017/02/nilephish-report/