Post

Visualizzazione dei post da ottobre, 2017

10/10 would patch again: Big Red plasters 'easily exploitable' backdoor in Oracle Identity Manager • The Register

https://www.theregister.co.uk/2017/10/30/oracle_releases_patch_for_remotely_exploitable_backdoor_in_identity_management_system/

Researchers Find Flaw That Could Turn LG Robot Vacuums Into Perfect Spying Machines

https://motherboard.vice.com/en_us/article/ne3zwz/lg-vacuums-hacked-homehack

Panic of Panama Papers-style revelations follows Bermuda law firm hack • The Register

https://www.theregister.co.uk/2017/10/25/bermuda_law_firm_hack/

Watership downtime: BadRabbit encrypts Russian media, Ukraine transport hub PCs • The Register

https://www.theregister.co.uk/2017/10/24/badrabbit_ransomware/

Hackers nip into celeb plastic surgery clinic, tuck away 'terabytes' • The Register

https://www.theregister.co.uk/2017/10/24/london_plastic_surgery_clinic_data_breach/

ROCA 'round the lock: Gemalto says IDPrime .NET access cards bitten by TPM RSA key gremlin • The Register

https://www.theregister.co.uk/2017/10/23/roca_crypto_flaw_gemalto/

A Suspected Network Of 13, 000 Twitter Bots Pumped Out Pro-Brexit Messages In The Run-Up To The EU Vote

https://www.buzzfeed.com/jamesball/a-suspected-network-of-13000-twitter-bots-pumped-out-pro

Advanced Persistent Threat Activity Targeting Energy and Other Critical Infrastructure Sectors

https://www.us-cert.gov/ncas/alerts/TA17-293A

Whole Foods Discloses Data Breach

https://www.wsj.com/articles/whole-foods-discloses-data-breach-1506636659

Unpatched Microsoft Word DDE Exploit Being Used In Widespread Malware Attacks

https://thehackernews.com/2017/10/ms-office-dde-malware-exploit.html

Teen hacker sentenced for serious disruption of Phoenix 911 system

https://nakedsecurity.sophos.com/2017/10/20/teen-hacker-sentenced-for-serious-disruption-of-phoenix-911-system/

Online stock broker COL Financial warns clients of potential system breach

http://www.gmanetwork.com/news/money/companies/630280/online-stock-brokerage-firm-col-financial-warns-clients-of-potential-system-breach/story/

The Reaper Botnet Has Already Infected a Million Networks

https://www.wired.com/story/reaper-iot-botnet-infected-million-networks/

Cryptocurrency mining affects over 500 million people. And they have no idea it is happening.

https://blog.adguard.com/en/crypto-mining-fever/

Australian defense firm was hacked and F-35 data stolen, DOD confirms

https://arstechnica.com/information-technology/2017/10/australian-defense-firm-was-hacked-and-f-35-data-stolen-dod-confirms/

Vulnerability Spotlight: Google PDFium Tiff Code Execution

http://blog.talosintelligence.com/2017/10/GooglePDFium-Vulnerabilitiy.html

Hackers Distribute Malware-Infected Media Player to Hundreds of Mac Users

https://motherboard.vice.com/en_us/article/bj789w/elmedia-player-malware-hack-mac-trojan

Milano, è allarme per i ricatti hacker: studi legali, notai e alberghi nel mirino

http://milano.corriere.it/notizie/cronaca/17_ottobre_21/milano-allarme-ricatti-hacker-e4399988-b5c6-11e7-8b79-fd2501a89a96.shtml

Malware hidden in vid app is so nasty, victims should wipe their Macs • The Register

https://www.theregister.co.uk/2017/10/20/a_total_system_os_reinstall_is_the_only_guaranteed_way_to_totally_rid_your_system_of_this_malware_this_is_a_standard_procedure_for_any_system_compromise_with_the_affection_of_administrator_account/

Australian defense firm was hacked and F-35 data stolen, DOD confirms

https://arstechnica.com/information-technology/2017/10/australian-defense-firm-was-hacked-and-f-35-data-stolen-dod-confirms/

Equifax website borked again, this time to redirect to fake Flash update

https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/

Internal Accenture Data, Customer Information Exposed in Public Amazon S3 Bucket

https://threatpost.com/internal-accenture-data-customer-information-exposed-in-public-amazon-s3-bucket/128364/

Hyatt Hotels Suffers 2nd Card Breach in 2 Years — Krebs on Security

https://krebsonsecurity.com/2017/10/hyatt-hotels-suffers-2nd-card-breach-in-2-years/

Data Breach Exposed Medical Records, Including Blood Test Results, of Over 100 Thousand Patients

https://gizmodo.com/data-breach-exposed-medical-records-including-blood-te-1819322884

Questions about the Massive South African "Master Deeds" Data Breach Answered

https://www.troyhunt.com/questions-about-the-massive-south-african-master-deeds-data-breach-answered/

Hackers steal $60 million from Taiwanese bank using bespoke malware

https://www.tripwire.com/state-of-security/security-data-protection/hackers-steal-60-million-from-taiwanese-bank-using-bespoke-malware/

Iran hacked 9, 000 UK emails in 'brute force' cyber attack that was blamed on Russia

http://www.express.co.uk/news/uk/866305/uk-iran-cyber-attack-hacking-nuclear-deal-donald-trump-war-westminster

Europol warns ransomware has taken cybercrime ‘to another level’

https://www.tripwire.com/state-of-security/security-data-protection/europol-ransomware-warning/

Ransomware attack on Toshiba forces it to halt production of NAND Flash

http://www.ehackingnews.com/2017/10/ransomware-attack-on-toshiba-forces-it.html

Malware hits 41 Hyatt Hotel properties

http://www.ehackingnews.com/2017/10/malware-hits-41-hyatt-hotel-properties.html

Mobile Stock Trading App Providers Unresponsive to Glaring Vulnerabilities

https://threatpost.com/mobile-stock-trading-app-providers-unresponsive-to-glaring-vulnerabilities/128144/

La Corea del Nord sta già attaccando mezzo mondo, e da anni

http://www.ilpost.it/2017/10/17/corea-del-nord-attacchi-informatici-hacker/

Oracle Hospitality apps rolled out the Big Red carpet to crims

https://www.theregister.co.uk/2017/10/18/oracle_october_2017_quarterly_patches/

Millions of high-security crypto keys crippled by newly discovered flaw

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/

Report: Malware-Wielding Hackers Hit Taiwanese Bank

https://www.bankinfosecurity.com/report-malware-wielding-hackers-hit-taiwanese-bank-a-10368

Equifax website borked again, this time to redirect to fake Flash update

https://arstechnica.com/information-technology/2017/10/equifax-website-hacked-again-this-time-to-redirect-to-fake-flash-update/

DoubleLocker, il ransomware per Android che ruba i dati bancari

http://www.repubblica.it/tecnologia/sicurezza/2017/10/14/news/doublelocker_un_nuovo_ransomware_minaccia_android-178263965/

Dildon'ts of Bluetooth: Pen test boffins sniff out Berlin's smart butt plugs

https://www.theregister.co.uk/2017/09/29/ble_exploits_screwdriving/

Exclusive: Microsoft responded quietly after detecting secret database hack in 2013

https://www.reuters.com/article/us-microsoft-cyber-insight/microsoft-responded-quietly-after-detecting-secret-database-hack-in-2013-idUSKBN1CM0D0

Facebook-hijacking Faceliker malware is on the rise

https://www.grahamcluley.com/facebook-hijacking-faceliker-malware-is-on-the-rise/

Leak of >1,700 valid passwords could make the IoT mess much worse

https://arstechnica.com/information-technology/2017/08/leak-of-1700-valid-passwords-could-make-the-iot-mess-much-worse/

Security Flaw in Infineon Smart Cards and TPMs

https://www.schneier.com/blog/archives/2017/10/security_flaw_i_1.html

Australia jet and navy data stolen in 'extensive' hack

http://www.bbc.co.uk/news/world-australia-41590614

T-Mobile Website Allowed Hackers to Access Your Account Data With Just Your Phone Number

https://motherboard.vice.com/en_us/article/wjx3e4/t-mobile-website-allowed-hackers-to-access-your-account-data-with-just-your-phone-number

Apache Tomcat HTTP PUT Arbitrary File Upload Vulnerability

https://tools.cisco.com/security/center/viewAlert.x?alertId=55508&vs_f=Alert%20RSS&vs_cat=Security%20Intelligence&vs_type=RSS&vs_p=Apache%20Tomcat%20HTTP%20PUT%20Arbitrary%20File%20Upload%20Vulnerability&vs_k=1

ATM malware is being sold on Darknet market

https://securelist.com/atm-malware-is-being-sold-on-darknet-market/81871/

‘Ridiculous Mistake’ Let North Korea Steal Secret U.S. War Plans

https://www.wsj.com/articles/north-korea-allegedly-used-antivirus-software-to-steal-defense-secrets-1507736060

Security Researchers Hacked a Bluetooth-Enabled Butt Plug

https://motherboard.vice.com/en_us/article/ne788b/hackable-bluetooth-buttplug-hush-lovense

Security News This Week: Go Update Your Mac ASAP To Fix Some Serious Vulnerabilities

https://www.wired.com/story/update-macos-high-sierra-security-patch/

Un hacker ha trovato online dati e codici del Referendum in Lombardia

http://www.corriere.it/tecnologia/cyber-cultura/17_ottobre_19/referendum-autonomia-lombardia-hacker-trova-dati-codici-online-smartmatic-067bafc2-b4e1-11e7-aa01-fc391f169342.shtml

Attacco informatico contro UniCredit, violati i dati di 400 mila clienti italiani. Indaga la Procura

http://www.lastampa.it/2017/07/26/italia/cronache/attacco-informatico-contro-unicredit-violati-i-dati-di-mila-clienti-italiani-oOEHPoqlxNrg3xBWmdVl0L/pagina.html

Watch out for Microsoft Word DDE nasties: Now Freddie Mac menaced • The Register

https://www.theregister.co.uk/2017/10/17/microsoft_dde_attacks/

Oracle Hospitality apps rolled out the Big Red carpet to crims • The Register

https://www.theregister.co.uk/2017/10/18/oracle_october_2017_quarterly_patches/

'Open sesame'... Subaru key fobs vulnerable, says engineer • The Register

https://www.theregister.co.uk/2017/10/16/subaru_key_fobs_vulnerable_says_engineer/

Sounds painful: Audio code bug lets users, apps get root on Linux • The Register

https://www.theregister.co.uk/2017/10/15/advanced_linux_sound_architecture_vulnerable_to_privilege_escalation/

Pulitzer-winning website Politifact hacked to mine crypto-coins in browsers • The Register

https://www.theregister.co.uk/2017/10/13/politifact_mining_cryptocurrency/

Android ransomware DoubleLocker encrypts data and changes PINs • The Register

https://www.theregister.co.uk/2017/10/13/doublelocker_android_ransomware/

Overdraft-fiddling hackers cost banks in Eastern Europe $100m • The Register

https://www.theregister.co.uk/2017/10/10/hybrid_bank_cyber_robbery/

It's 2017... And Windows PCs can be pwned via DNS, webpages, Office docs, fonts – and some TPM keys are fscked too • The Register

https://www.theregister.co.uk/2017/10/10/october_2017_microsoft_windows_patch_tuesday/

Hackers nick $60m from Taiwanese bank in tailored SWIFT attack • The Register

https://www.theregister.co.uk/2017/10/11/hackers_swift_taiwan/

Smut-watchers suckered by evil advertising • The Register

https://www.theregister.co.uk/2017/10/10/smut_watchers_suckered_by_evil_advertising/

Russian Hackers Stole NSA Data on U.S. Cyber Defense

https://www.wsj.com/articles/russian-hackers-stole-nsa-data-on-u-s-cyber-defense-1507222108

Maersk Says June Cyberattack Will Cost It up to $300 Million

https://www.bloomberg.com/news/articles/2017-08-16/maersk-misses-estimates-as-cyberattack-set-to-hurt-third-quarter

Seven More Chrome Extensions Compromised

https://threatpost.com/seven-more-chrome-extensions-compromised/127458/

WannaCry ransomware attack at LG Electronics takes systems offline

http://www.zdnet.com/article/wannacry-ransomware-attack-at-lg-electronics-takes-systems-offline/

Identity Thieves Hijack Cellphone Accounts to Go After Virtual Currency

https://www.nytimes.com/2017/08/21/business/dealbook/phone-hack-bitcoin-virtual-currency.html

Firmware Update Bricks Samsung Smart TVs in the UK

https://www.bleepingcomputer.com/news/hardware/firmware-update-bricks-samsung-smart-tvs-in-the-uk/

Pwning the Dlink 850L routers and abusing the MyDlink Cloud protocol

https://pierrekim.github.io/blog/2017-09-08-dlink-850l-mydlink-cloud-0days-vulnerabilities.html

Billions of devices imperiled by new clickless Bluetooth attack

https://arstechnica.com/information-technology/2017/09/bluetooth-bugs-open-billions-of-devices-to-attacks-no-clicking-required/

XSS Attacks: The Next Wave

https://snyk.io/blog/xss-attacks-the-next-wave/?utm_content=buffereb0e0&utm_medium=social&utm_source=twitter.com&utm_campaign=buffer

Mr. Confindustria a Bruxelles truffato da un hacker: persi 500mila euro. Licenziato

http://www.repubblica.it/cronaca/2017/09/30/news/beffa_a_bruxelles_mister_confindustria_truffato_e_licenziato-176906111/

Millions of Macs open to EFI Firmware Hacks even if they are up-to-date

http://securityaffairs.co/wordpress/63598/hacking/efi-firmware-hacks.html

Critical Code in Millions of Macs Isn't Getting Apple's Updates

https://www.wired.com/story/critical-efi-code-in-millions-of-macs-is-not-getting-apple-updates/

[Infographic] More Mac malware than ever before

https://business.f-secure.com/more-mac-malware-than-ever-before

Additional information regarding the recent CCleaner APT security incident

https://blog.avast.com/additional-information-regarding-the-recent-ccleaner-apt-security-incident

'Phish for the Future' spearphishing campaign set digital civil liberty activists in its sights

https://www.grahamcluley.com/civil-liberty-spearphishing/

UK National Lottery knocked offline by DDoS attack

https://www.welivesecurity.com/2017/10/02/uk-national-lottery-ddos-attack/

Cyber-security: More than 1,000 attacks reported in UK

http://www.bbc.com/news/uk-41478608

Netgear Fixes 50 Vulnerabilities in Routers, Switches, NAS Devices

https://threatpost.com/netgear-fixes-50-vulnerabilities-in-routers-switches-nas-devices/128230/

The biggest hack in history is actually three times bigger than we feared

https://www.grahamcluley.com/biggest-hack-history-actually-three-times-bigger-feared/

Dumb bug of the week: Apple's macOS reveals your encrypted drive's password in the hint box • The Register

https://www.theregister.co.uk/2017/10/05/apple_patches_password_hint_bug_that_revealed_password/

India's national internet registry breached, but says heist was trivial • The Register

https://www.theregister.co.uk/2017/10/05/ndian_registry_for_internet_names_and_numbers_attack_allegation_by_seqrite/

Dnsmasq and the seven flaws: Patch these nasty remote-control holes • The Register

https://www.theregister.co.uk/2017/10/02/dnsmasq_flaws/

Oath-my-God: THREE! BILLION! Yahoo! accounts! hacked! in! 2013! – not! 'just!' 1bn! • The Register

https://www.theregister.co.uk/2017/10/03/yahoo_says_one_beeelion_user_hack_figure_wrong_its_three/

Patch your WordPress plugins: Scum are right now hijacking blogs • The Register

https://www.theregister.co.uk/2017/10/03/three_wordpress_plugins_critical_flaws/

UK lotto players quids in: Website knocked offline by DDoS attack • The Register

https://www.theregister.co.uk/2017/10/02/lottery_ddos/

Patch your Android, peeps, it has up to 14 nasty flaws to flog • The Register

https://www.theregister.co.uk/2017/10/03/october_android_patches/