turvallisuus.org


Anna muutama minuutti ajastasi vaikutuksiltaan suurimman riskin ehkäisemiselle!


Digitoday / Tietoturva
Digitoday - uusimmat uutisotsikot ICT-alalta

Lisää pankkiryöstöjä: Swift turvautuu uhkailuun
Maksujärjestelmä Swift pistää kovat piippuun saadakseen pankkien tietoturvan siedettävälle tasolle.
Onko sinulla joku näistä tallentimista? Tiedostot julki, hyökkäyskoodi jaossa
Kaikkiin haavoittuviin D-Linkin nas-tallentimiin ei ole vielä olemassa korjauspäivitystä.
Ei niin nopeasti: EU huolestui Whatsappin muutoksesta
Euroopan unioni lupaa "äärimmäistä valppautta", kun se perehtyy Whatsappin tietojen luovutukseen Facebookille.
Hupsis: Applen visusti vastustama ohjelma asui App Storessa
Jailbreak-työkalu pysyi viikkoja saatavilla Applen virallisessa sovelluskaupassa, 9to5Mac arvioi.
Opera varoittaa murrosta: Vahingot riippuvat käyttäjän omatoimisuudesta
Jos on ottanut Opera sync -toiminnon käyttöön ja on käyttänyt sitä ahkerasti, on Operan murtoilmoituksesta eniten haittaa.
Dropbox-tietoja nettiin – vaihda salasana, jos kuulut tähän ryhmään
Ennen vuoden 2012 aloittaneiden ja salasanaansa laiskasti vaihtaneiden tilien käyttäjät saavat vaihtokehotuksen salasanalle.
Venäläispoliitikon poika tuomittiin krakkeroinnista: "Järkyttävää toimintaa"
Poika katsottiin Yhdysvalloissa syylliseksi 169 miljoonan dollarin kybervahinkoon. Asianajaja puhaltaa pilliin.
Virustorjujalta oma käyttöjärjestelmä – vaikeita kysymyksiä tulossa
Venäläisen tietoturvayrityksen uusi käyttöjärjestelmä on vihdoin valmis, The Register kertoo.
FBI jakeli nettipornoa – syynä vanha riippakivi
Yhdysvaltain liittovaltion poliisilta taisi taas unohtua domainin uusiminen.
Sanoiko joku Stuxnet? Iran löysi haittaohjelmia öljyteollisuudestaan
Onko tässä uusi "Stuxnet"? Tuskin sentään, mutta Iran puhuu silti teollisista haittaohjelmista.
Latasitko "Windows-päivityksen": Se voi käydä kalliiksi
Fantom-niminen haittaohjelma tekee sitä, mitä kiristysohjelmat tekevät – mutta näyttää aidolta Windows-päivitykseltä.
Nämä asiat tiedetään salaperäisestä iPhonen-murtajasta
Israelilaisella NSO Groupilla ei ole edes verkkosivuja, Business Insider kirjoittaa.
Kannattaa tehdä: Näin estät Whatsappia antamasta numeroasi Facebookille
Whatsapp alkaa luovuttaa käyttäjiensä puhelinnumeroita Facebookille. Toimenpide on helppo estää – vaikka Facebook vaikuttaa saavan numeron muitakin teitä.
IPhone-hälytys: "Nyt on syytä paniikkiin"
Kaikki alkoi arabialaisesta toisinajattelijasta, The New York Times kertoo. Ulkopuolinen tietoturvatutkija suosittelee kaikkia vastaavassa tilanteessa olevia panikoimaan nyt heti.
Tämä on vakavaa: iPhonet murrettu – Apple kehottaa päivittämään
IOS:n 9.3.5-versio korjaa haavoittuvuuden, jolla iOS-laite voidaan jailbreakata verkkosivulta käsin.


[CaRP] php_network_getaddresses: getaddrinfo failed: Name or service not known (0)
Schneier on Security
A blog covering security and security technology.

Friday Squid Blogging: Bobtail Squid Photos
Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
NEBULA: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: NEBULA (S//SI//FVEY) Multi-Protocol macro-class Network-In-a-Box (NIB) system. Leverages the existing Typhon GUI and supports GSM, UMTS, CDMA2000 applications. LTE capability currently under development. (S//SI//REL) Operational Restrictions exist for equipment deployment. (S//SI//REL) Features: Dual Carrier System EGSM 900MHz UMTS 2100MHz CDMA2000 1900MHz Macro-class Base station 32+Km Range Optional Battery...
Decoding the Voynich Manuscript
The Voynich Manuscript has been partially decoded. This seems not to be a hoax. And the manuscript seems not to be a hoax, either. Here's the paper....
GENESIS: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: GENESIS (S//SI//REL) Commercial GSM handset that has been modified to include a Software Defined Radio (SDR) and additional system memory. The internal SDR allows a witting user to covertly perform network surveys, record RF spectrum, or perform handset location in hostile environments. (S//SI//REL) The GENESIS systems are designed...
Was the iOS SSL Flaw Deliberate?
Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is...
ENTOURAGE: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: ENTOURAGE (S//SI//REL) Direction Finding application operating on the HOLLOWPOINT platform. The system is capable of providing line of bearing for GSM/UMTS/CDMA2000/FRS signals. A band-specific antenna and laptop controller is needed to compliment the HOLLOWPOINT system and completes the ground based system. (S//SI) The ENTOURAGE application leverages the 4...
DDoSing a Cell Phone Network
Interesting research: Abstract: The HLR/AuC is considered to be one of the most important network elements of a 3G network. It can serve up to five million subscribers and at least one transaction with HLR/AuC is required for every single phone call or data session. This paper presents experimental results and observations that can be exploited to perform a novel...
EBSR: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: EBSR (S//SI//REL) Multi-purpose, Pico class, tri-band active GSM base station with internal 802.11/GPS/handset capability. (S//SI//REL) Operational Restrictions exist for equipment deployment. (S//SI//REL) Features: LxT Model: 900/1800/1900MHz LxU Model: 850/1800/1900MHz Pico-class (1Watt) Base station Optional Battery Kits Highly Mobile and Deployable Integrated GPS, MS, & 802.11 Voice & High-speed...
Breaking Up the NSA
The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission -- protecting the security of U.S. communications and eavesdropping on the communications of our enemies -- has become unbalanced in the post-Cold War, all-terrorism-all-the-time era. Putting the U.S. Cyber Command, the military's cyberwar wing, in the same location and...
CYCLONE Hx9: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: CYCLONE Hx9 (S//SI//FVEY) EGSM (900MGz) macro-class Network-In-a-Box (NIB) system. Uses the existing Typhon GUI and supports the full Typhon feature base and applications. (S//SI//REL) Operational Restrictions exist for equipment deployment. (S//SI//REL) Features: EGSM 900MHz Macro-class (+43dBm) 32+Km Range Optional Battery Kits Highly Mobile and Deployable Integrated GPS, MS,...

The Register - Security
Biting the hand that feeds IT

Angler's obituary: Super exploit kit was the work of Russia's Lurk group
Kasperksky's chief malware sleuth solves the mystery of the doomed exploit juggernaut

Ruslan Stoyanov was right: what could be history's most advanced financially-driven malware was the progeny of some 50 jailed hackers known as the Lurk group.?


HPE yawns, stretches, and patches January OpenSSH bug in virtual access products
lighttpd also gets a fix

HPE customers have just been issued patches related to the lighttpd daemon and OpenSSH for remote access devices.?


More banks plundered through SWIFT attacks
Shape up, cause the Bangladesh Bank hack is just the start, SWIFT warns

Criminals have hacked an unspecified number of new banks, using the SWIFT messaging system already implicated in one of the most lucrative breaches in history.?


Dropbox: 2012 credentials file is real
Including the passwords that are now obsolete

A data dump purported to contain 60 million Dropbox user IDs is the real thing, with the company confirming it to The Register, and independent verification from security researcher Troy Hunt.?


USBee stings air-gapped PCs: Wirelessly leak secrets with a file write
Technique turns connected storage devices into transmitters

Video Mordechai Guri, the Israeli researcher who has something of a knack for extracting information from air-gapped PCs, has done it again ? this time using radio frequency transmissions from USB 2 connections.?


OneLogin breached, hacker finds cleartext credential notepads
'Store your firewall password here' notes pillaged

Password attic OneLogin has been breached, and it's bad, because the service that suffered the breach is one often used by people to store credentials like admin password and software keys.?


71,000 Minecraft World Map accounts leaked online after 'hack'
Dumped creds have been exposed since January

Some 71,000 user accounts and IP addresses have been leaked from Minecraft fan website Minecraft World Map.?


Ripper! Boffins find malware thought behind $347k Thai ATM raids
Evil EMV card pwns NCR ATMs, sets dispensary to max

Researchers at security firm FireEye may have found the malware responsible for plundering ATMs across Thailand and other parts of South East Asia.?


Victoria Gov tips $6.5M into uni security seeder, city-country farm tech
Garden State wants a thousand startups to bloom

The government of the southern Australian state of Victoria has tipped A$450,000 (£260,083, US$340,872) to spin up an information security incubator in Deakin University.?


FBI: Look out ? hackers are breaking into US election board systems
SQL injection attack used to slurp voters' info

IT admins have received a flash warning from the FBI to harden up their systems following attacks against servers run by two US state election boards.?


Chinese CA hands guy base certificates for GitHub, Florida uni
Man-in-the-middle diddle

A Chinese certificate authority handed out a base certificate for GitHub and the Univerisity of Central Florida to a mere user in a significant security blunder.?


Big data busts crypto: 'Sweet32' captures collisions in old ciphers
Boffins blow up Blowfish and double down on triple DES

Researchers with France's INRIA are warning that 64-bit ciphers ? which endure in TLS configurations and OpenVPN ? need to go for the walk behind the shed.?


Russia MP's son found guilty after stealing 2.9 million US credit cards
Point of sales malware wrought $169 million in damages.

The son of a Russian member of parliament has been found guilty of stealing and selling millions of US credit card numbers using point of sales malware.?


NewSat network breach 'most corrupted' Oz spooks had seen: report
Spies had interception kit in Satellite provider's data centre, ex staffer tells El Reg

Defunct Australian satellite company Newsat distinguished itself in a way never known to the public before the company went under: it was so badly hacked it had 'the most corrupted' network the nation's spy agency had encountered.?


Our pacemakers are totally secure, says short-sold St Jude
Hackable medical device claims are 'false and misleading'

The manufacturer of pacemakers and defibrillators has slammed a report by security researchers accusing it of putting customers lives at risk.?




[CaRP] XML error: no element found at line 53 -




[CaRP] This appears to be an HTML webpage, not a feed.

SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

News: Change in Focus
Change in Focus
News: Twitter attacker had proper credentials
Twitter attacker had proper credentials
News: PhotoDNA scans images for child abuse
PhotoDNA scans images for child abuse

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Conficker data highlights infected networks
Conficker data highlights infected networks
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
Brief: Cyberattacks from U.S. "greatest concern"
Cyberattacks from U.S. "greatest concern"

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Microsoft patches as fraudsters target IE flaw
Microsoft patches as fraudsters target IE flaw
Brief: Attack on IE 0-day refined by researchers
Attack on IE 0-day refined by researchers
News: Monster botnet held 800,000 people's details
Monster botnet held 800,000 people's details

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Google: 'no timetable' on China talks
Google: 'no timetable' on China talks
News: Latvian hacker tweets hard on banking whistle
Latvian hacker tweets hard on banking whistle
News: MS uses court order to take out Waledac botnet
MS uses court order to take out Waledac botnet

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: Enterprise Intrusion Analysis, Part One
Enterprise Intrusion Analysis, Part One
Infocus: Responding to a Brute Force SSH Attack
Responding to a Brute Force SSH Attack
Infocus: Data Recovery on Linux and ext3
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Dark Reading: Dark Reading News Analysis
Dark Reading: Connecting the Information and Security Community

No Articles Were Found... Visit Our Web Site for More Information
No articles were found.

Business Continuity News
Business continuity and disaster recovery news from around the world. Provided by Continuity Central, the international business continuity news and information portal.

Cybersecurity report finds that many attacks are due to hidden malware in enc...
A surprising outcome of the growing use of encryption technology is an increase in cyber attacks, according to a new report from A10 Networks.
NIST study looks at the evacuation needs of mobility impaired people
A new NIST study provides guidance for helping mobility impaired people get safely out of multistory buildings during emergencies, including the use of special evacuation elevators.
The 100 best practices in big data security
The Cloud Security Alliance (CSA) has announced the release of a new handbook from its CSA Big Data Working Group, outlining the 100 best practices in big data security.
Ransomware: to pay or not to pay? That is the question
Gary Watson says that organizations should never get to the stage where they need to ask the above question. Combining data security with data protection can keep data safe and eliminate the need to pay ransoms.
World Risk Index published: ranks countries by disaster risk and resilience
The World Risk Index has been published within the World Risk Report 2016. Calculated by the Institute of Spatial and Regional Planning at the University of Stuttgart (IREUS), the index assesses the risk of disaster in 171 countries through the combined analysis of natural hazards and societal vulnerabilities.
Business Continuity Institute presents its Asia Awards
The Awards Ceremony for the BCI's Asia Awards took place on Thursday 25th August at the Sands Expo and Convention Centre in Singapore.

RSS by CARP