Recent Posts

Pages: [1] 2 3 ... 10
By Catalin Cimpanu
A team of academics has created a Chrome extension that can block side-channel attacks that use JavaScript

full article here: :D

Unfortunately the page that you requested does not exist.
By Catalin Cimpanu

Polish law enforcement announced on Friday the arrest of Tomasz T., a well-known cyber-criminal believed to be the author of the Polski, Vortex, and Flotera ransomware strains.

The arrest took place on Wednesday, March 14, in the Polish town of Opole, while Tomasz —a Polish national living in Belgium— was visiting his native country.

Polish infosec experts had been tracking Tomasz for years, and Polish police were ready at the time of his arrest. Working through Europol, Polish police alerted their Belgium counterparts, who searched his house and seized computer equipment.

full article here:
By Catalin Cimpanu

A third-party company that was paid to review the validity of the recent AMD flaws —RyzenFall, MasterKey, Fallout, and Chimera— has confirmed that these vulnerabilities are real, but that regular users shouldn't panic for the time being.

The author of this review is Trail of Bits, a New York-based cyber-security company that CTS Labs, the company that discovered the AMD flaws, contracted and paid to review its findings.

"There is no immediate risk of exploitation of these vulnerabilities for most users," said Dan Guido, the CEO of Trail of Bits.

"Even if the full details were published today, attackers would need to invest significant development efforts to build attack tools that utilize these vulnerabilities. This level of effort is beyond the reach of most attackers," he added.

full article here:
Security & Technology News / Hyperbole Swirls Around AMD Processor Security Threat
« Last post by Antus67 on March 17, 2018, 01:16:43 pm »
 by Threatpost

Maybe it was the exaggerated threats against AMD’s business or the semi-unprofessional way the threats were brought to light but no matter — security start-up CTS-Labs claims of security holes in the chipmaker’s Ryzen and Epic processor lines are now being lambasted across the security community.

Earlier this week Threatpost wrote of the CTS-Labs report that its researchers had discovered 13 critical vulnerabilities and exploitable backdoors in AMD’s EPYC server, Ryzen workstation, Ryzen Pro and Ryzen mobile offerings.  Among the most egregious problems CTS-Labs wrote about in a white paper included:

-The AMD Secure Processor, the gatekeeper responsible for the security of AMD processors, contains critical vulnerabilities that could let attackers permanently install malicious code inside the Secure Processor itself.

full article here:
By Catalin Cimpanu

A team of academics has created a Chrome extension that can block side-channel attacks that use JavaScript code to leak data from a computer's RAM or CPU.

The extension's name is Chrome Zero and is currently only available on GitHub, and not through the official Chrome Web Store.

Researchers created the extension to rewrite and protect JavaScript functions, properties, and objects that are often used by malicious JavaScript code aimed at leaking CPU or memory data.

full article here: :D
Security & Technology News / Who Does What in Cybersecurity at the C-Level
« Last post by Antus67 on March 17, 2018, 01:07:42 pm »
BY: Steve Zurier

As security evolve as a corporate priority, so do the roles and responsibilities of the executive team. These seven titles are already feeling the impact.

What’s in a title? As the threat landscape grows more severe, job titles and lines of reporting will continue to change for security professionals. For example, last year’s CIO 100 found that 70% of CISOs report directly to the CIO, while IDC predicted that during 2018, 75% of CSOs and CISOs will report directly to the CEO.

Rob Clyde, a vice chair on the board of directors at ISACA, says just about all C-Suite players will have a seat on the board of directors in the future – and they’d better be ready.

full article here:
BY: Dark Reading Staff

Executives of Phantom Secure have been indicted on federal RICO charges for encrypting communications among criminals.

"Lie down with dogs, wake up with fleas," the old aphorism goes. "Encrypt for drug traffickers, wake up with indictments," is the version that Phantom Secure might render today. In a series of indictments, a federal grand jury said the CEO and four associates, "... knowingly and intentionally participated in a criminal enterprise that facilitated the transnational importation and distribution of narcotics through the sale and service of encrypted communications."

According to the FBI, Phantom Secure earned more than $80 million in the last decade providing secure communications for over 20,000 users, all of whom were active in various criminal undertakings. In their product offerings, Phantom Secure took standard smart phones, removed all "civilian" functionality, and replaced it with encrypted email systems that the phones could only use for communicating within the Phantom Secure network of devices.

full article here:
VoodooShield / Re: VoodooShield v4 STABLE Thread
« Last post by Geri123 on March 17, 2018, 10:41:31 am »
Vs 4.22 works fine but within the first 20 mins i got 2 times VS couldn't connect to the VS Server to check the reputation(virustotal stuff) of 2 programms. My internet connection was working since i was surfing and listening to online radio.
 by Lindsey O'Donnell

A misconfigured Amazon (S3) Simple Storage Service bucket, managed by a Walmart jewelry partner, left personal details and contact information of 1.3 million customers exposed to the public internet.

The S3 repository containing a MSSQL database backup belongs to MBM Company, a Chicago, Ill.-based jewelry company that operates mainly under the name Limogés Jewelry.

The publicly accessible bucket, discovered Feb. 6 by Kromtech Security, contained personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, IP addresses, and plain text passwords, for shopping accounts of over 1.3 million people throughout the US and Canada.

full article here:

By Eduard Kovacs on March 16, 2018

Just as the U.S. had been preparing to accuse Russia of launching cyberattacks against its energy and other critical infrastructure sectors, the notorious Russia-linked threat group known as Sofacy was spotted targeting a government agency in Europe.

The United States on Thursday announced sanctions against Russian spy agencies and more than a dozen individuals for trying to influence the 2016 presidential election and launching cyberattacks, including the destructive NotPetya campaign and operations targeting energy firms.

full article here:

Pages: [1] 2 3 ... 10