Recent Posts

Pages: [1] 2 3 ... 10
BY: Brian Krebs:
The U.S. Supreme Court today ruled that the government needs to obtain a court-ordered warrant to gather location data on mobile device users. The decision is a major development for privacy rights, but experts say it may have limited bearing on the selling of real-time customer location data by the wireless carriers to third-party companies.

At issue is Carpenter v. United States, which challenged a legal theory the Supreme Court outlined more than 40 years ago known as the “third-party doctrine.” The doctrine holds that people who voluntarily give information to third parties — such as banks, phone companies, email providers or Internet service providers (ISPs) — have “no reasonable expectation of privacy.”

full article here:

By Ionut Arghire on June 22, 2018
A security vulnerability patched by Microsoft earlier this month in its Edge browser could be exploited via malicious or compromised websites to read restricted data.

Tracked as CVE-2018-8235, the flaw occurs in how “Microsoft Edge improperly handles requests of different origins,” Microsoft explains in an advisory. The issue results in Edge bypassing Same-Origin Policy (SOP) restrictions and allows for requests that should otherwise be ignored.

As a result, an attacker could exploit the vulnerability to force the user’s browser to send data otherwise restricted. Attacks could be performed via maliciously crafted websites, compromised domains, or through websites that accept or host user-provided content or advertisements.

full article here:

By Kevin Townsend on June 22, 2018

Just before midnight last Sunday evening (June 17, 2018), Elon Musk sent an email to all staff. He was dismayed, he said, to learn about a Tesla employee "making direct code changes to the Tesla Manufacturing Operating System under false usernames and exporting large amounts of highly sensitive Tesla data to unknown third parties."

This was a mainstream malicious insider attack -- but there may be more to it than meets the eye. The motive, according to Musk, was revenge: "he wanted a promotion that he did not receive." But this incident goes way beyond simple revenge sabotage, and includes the theft of sensitive data and the export of that data to unknown outside parties.

The incident could have been triggered by revenge and aggravated by bribery; but until and unless those outside parties can be identified for certain, the true cause of the attack will remain speculative.

full article here:
 by Tara Seals
Fortnite, the sandbox video game, has become so popular that its maker, Epic Games, is ponying up $100 to $300 million to supply prize money for eSports tournaments. What it hasn’t ponied up for – at least not yet – is an Android version. Which means the bad guys are having a field day.

We reported not too long ago on the scourge of fake Fortnite Android apps spreading around the web, looking to entice desperate mobile gamers hungry for a version they can play on their Galaxy devices, et al – and because the game has not been officially released for the platform, these have been quite successful. The Google search “Fortnite for Android” is one of the first auto-fill suggestions for search terms, indicating its popularity. All too often these searches go to scam sites.

full article here:
By Catalin Cimpanu

Security researchers from AlienVault have discovered a new malware strain named GZipDe that appears to be part of a targeted attack —most likely a cyber-espionage campaign.

Researchers discovered this new malware earlier this week after a user from Afghanistan uploaded a boobytrapped Word document on VirusTotal.

The document contained text taken from an article published last month about the Shanghai Cooperation Organization Summit, a political conference on Eurasian political, economic, and security topics.

full article here:
By Catalin Cimpanu

Many brands of webcams, security cameras, pet and baby monitors, use a woefully insecure cloud-based remote control system that can allow hackers to take over devices by performing Internet scans, modifying the device ID parameter, and using a default password to gain control over the user's equipment and its video stream.

In the last nine months, two security firms have published research on the matter. Both pieces of research detail how the camera vendor lets customers use a mobile app to control their device from remote locations and view its video stream.

The mobile app requires the user to enter a device ID, and a password found on the device's box or the device itself. Under the hood, the mobile app connects to the vendor's backend cloud server, and this server establishes connections to each of the user's device in turn, based on the device ID and the last IP address the device has reported from.

full article here:
By Catalin Cimpanu

The times when exploit kits (EKs) were known to be the breeding ground of new zero-days is long gone, and most EKs nowadays live off older vulnerabilities, meaning that keeping your browser, OS, and Flash Player up-to-date is enough to safeguard you from today's top web-based threats.

Exploit kits are web apps developed by malware authors. Crooks lure users on malicious URLs hosting an exploit kit, which uses a known vulnerability to infect the user with malware.

Exploit kits have been around on the criminal underground for more than a decade and were once pretty advanced, often being a place where researchers found zero-days on a regular basis.

full article here:
BY: Help Net SecurityJune 22, 2018

A new report analyzes threat data collected from approximately 750,000 Morphisec protected endpoints globally, between January 1 and March 31, 2018, as well as from in-depth investigations conducted by the Morphisec Labs threat research team.

The report reveals key trends and definitive changes in the attack landscape for a 90-day span, with technical details on specific attack techniques and tactics used, including a highly unique set of threat analyses on five of the most critical threats to enterprise organizations. The Morphisec Labs team provides a risk-based impact analysis for end-users who could be affected by the threats outlined, along with prescriptive guidance on how to protect critical business assets.

full article here:
BY:  Zeljka Zorz, Managing EditorJune 22, 2018

Phishers are using a simple but effective trick to fool Microsoft’s NLP-based anti-phishing protections and Office 365 users into entering their login credentials into spoofed login pages.

The phishing emails landing in targets’ inboxes warn potential victims that their email account has reached a “maximum quota limit” and that they should upgrade their account. To the casual observer, the emails appear to be “signed” by Microsoft.

full article here:
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by Askmark on June 22, 2018, 11:30:06 pm »
No issues here with 4.33 on Win 10 Pro 1803
Pages: [1] 2 3 ... 10