turvallisuus.org


Anna muutama minuutti ajastasi vaikutuksiltaan suurimman riskin ehkäisemiselle!


Digitoday / Tietoturva
Digitoday - uusimmat uutisotsikot ICT-alalta

FBI: Hakkerit Yhdysvaltojen äänestysjärjestelmien kimpussa
Yhdysvaltojen osavaltioiden vaalijärjestelmiin on yritetty murtautua syyskuun aikana, kertoi FBI-johtaja. Epäilykset kohdistuvat erityisesti venäläishakkereihin.
Löydä aukko iPhonesta, tienaa heti 1,3 miljoonaa - onko se oikein?
Murtautumiskeinoja valtiolle ja muille varakkaille myyvä yritys tarjoaa huippupalkkiota iPhonen uudesta ohjelmistosta löytyvistä aukoista.
IPhonen salaava viestisovellus: Totuus on hieman toinen
Apple on korostanut iMessage-viestiensä salausta, mutta se ei estä yhtiötä keräämästä sovelluksen muita käyttötietoja – tai niiden luovuttamista poliisille, The Intercept uutisoi.
Synkkä arvio: Kaikkiin kiristysohjelmiin ei tepsi mikään
Kiristysohjelmille ei ole olemassa tehokasta vastalääkettä, sanoo F-Securen toimitusjohtaja Samu Konttinen. Edes varmuuskopiot eivät auta, jos ne sijaitsevat samassa järjestelmässä.
Ei hyvältä näytä: Pohjoismaisten firmojen verkot avoinna hyökkääjille
Tietoturvayhtiö F-Secure havaitsi pohjoismaisessa selvityksessään kaikkien tarkastelemiensa yhtiöiden olevan alttiita verkkohyökkäyksille.
"Huikea mahdollisuus kasvuun" - F-Secure lupaa kyberturvaa ja yritysostoja
F-Secure hakee kasvua kyberturvallisuudesta ja yritysostoista. Toimitusjohtaja Samu Konttinen sanoo yhtiön pitävän kiinni myös kuluttajaliiketoiminnasta, vaikka yhtiön laitejulkistus onkin viivästynyt.
Puhuiko Yahoo palturia? "Tietomurtajia ei palkannut kukaan"
Yahoon kärsimään tietomurtoon perehtynyt tietoturvayritys kiistää oletuksen, että tekijänä tai tilaajana olisi vieras valtio.
Web-kameroiden armeija kaatoi verkkopalvelun
Kaksi verkkopalvelua joutui poikkeuksellisen rajun palvelunestohyökkäyksen kohteeksi, Ars Technica kertoo. Hyökkäyksissä on erikoista voiman lisäksi se, miten ne on toteutettu.
Valtavan tietomurron taustalta paljastui valtava moka: Näinkö vähän Yahoo väl...
Yahoon toimitusjohtaja valitsi tietoisesti heikon tietoturvan ennen mittavan salasanamurron julkistamista, The New York Times kirjoittaa.
Uutiseksi naamioitu haittaohjelma leviää Facebookissa – ethän klikannut?
Väärä uutiskuva Brad Pittistä toimii Facebookissa leviävän haittaohjelman täkynä.
Konnat keksivät uuden kiristyksen - ja sössivät sen ihan itse
Lunnaita ei koskaan pitäisi maksaa kiristysohjelmien tekijöille. Mutta Mamba-kiristäjän tapauksessa se on usein jopa teknisesti mahdotonta.
Natsilaulu päätyi Googlen hampaisiin – mitä oikein tapahtuu?
Googlen Youtube-palvelu veti dokumentaristin filmin pois Youtubesta siinä esiintyvän vanhan natsilaulun vuoksi.
Jouduitko hakkeroiduksi? Älä tee tätä yleistä virhettä
Jos ja kun tietomurtaja yllättää yrityksesi, on työntekijän helppo panikoida ja sammuttaa vehkeet. Tietoturvayhtiö varoittaa tekemästä kumpaakaan.
Viranomainen vaatii Facebookia tuhoamaan WhatsApp-käyttäjätiedot Saksassa
Facebook riitelee jälleen Saksan kanssa. Nyt yhtiötä vaaditaan lopettamaan tiedonkeruun WhatsApp-käyttäjistä.
Iso parannus tulossa: Onko Microsoft Edge kohta turvallisin selain?
Microsoft antaa pian mahdollisuuden ajaa verkkoselaintaan virtuaalikoneessa.


[CaRP] php_network_getaddresses: getaddrinfo failed: Name or service not known (0)
Schneier on Security
A blog covering security and security technology.

Friday Squid Blogging: Bobtail Squid Photos
Pretty. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered....
NEBULA: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: NEBULA (S//SI//FVEY) Multi-Protocol macro-class Network-In-a-Box (NIB) system. Leverages the existing Typhon GUI and supports GSM, UMTS, CDMA2000 applications. LTE capability currently under development. (S//SI//REL) Operational Restrictions exist for equipment deployment. (S//SI//REL) Features: Dual Carrier System EGSM 900MHz UMTS 2100MHz CDMA2000 1900MHz Macro-class Base station 32+Km Range Optional Battery...
Decoding the Voynich Manuscript
The Voynich Manuscript has been partially decoded. This seems not to be a hoax. And the manuscript seems not to be a hoax, either. Here's the paper....
GENESIS: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: GENESIS (S//SI//REL) Commercial GSM handset that has been modified to include a Software Defined Radio (SDR) and additional system memory. The internal SDR allows a witting user to covertly perform network surveys, record RF spectrum, or perform handset location in hostile environments. (S//SI//REL) The GENESIS systems are designed...
Was the iOS SSL Flaw Deliberate?
Last October, I speculated on the best ways to go about designing and implementing a software backdoor. I suggested three characteristics of a good backdoor: low chance of discovery, high deniability if discovered, and minimal conspiracy to implement. The critical iOS vulnerability that Apple patched last week is an excellent example. Look at the code. What caused the vulnerability is...
ENTOURAGE: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: ENTOURAGE (S//SI//REL) Direction Finding application operating on the HOLLOWPOINT platform. The system is capable of providing line of bearing for GSM/UMTS/CDMA2000/FRS signals. A band-specific antenna and laptop controller is needed to compliment the HOLLOWPOINT system and completes the ground based system. (S//SI) The ENTOURAGE application leverages the 4...
DDoSing a Cell Phone Network
Interesting research: Abstract: The HLR/AuC is considered to be one of the most important network elements of a 3G network. It can serve up to five million subscribers and at least one transaction with HLR/AuC is required for every single phone call or data session. This paper presents experimental results and observations that can be exploited to perform a novel...
EBSR: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: EBSR (S//SI//REL) Multi-purpose, Pico class, tri-band active GSM base station with internal 802.11/GPS/handset capability. (S//SI//REL) Operational Restrictions exist for equipment deployment. (S//SI//REL) Features: LxT Model: 900/1800/1900MHz LxU Model: 850/1800/1900MHz Pico-class (1Watt) Base station Optional Battery Kits Highly Mobile and Deployable Integrated GPS, MS, & 802.11 Voice & High-speed...
Breaking Up the NSA
The NSA has become too big and too powerful. What was supposed to be a single agency with a dual mission -- protecting the security of U.S. communications and eavesdropping on the communications of our enemies -- has become unbalanced in the post-Cold War, all-terrorism-all-the-time era. Putting the U.S. Cyber Command, the military's cyberwar wing, in the same location and...
CYCLONE Hx9: NSA Exploit of the Day
Today's item from the NSA's Tailored Access Operations (TAO) group implant catalog: CYCLONE Hx9 (S//SI//FVEY) EGSM (900MGz) macro-class Network-In-a-Box (NIB) system. Uses the existing Typhon GUI and supports the full Typhon feature base and applications. (S//SI//REL) Operational Restrictions exist for equipment deployment. (S//SI//REL) Features: EGSM 900MHz Macro-class (+43dBm) 32+Km Range Optional Battery Kits Highly Mobile and Deployable Integrated GPS, MS,...

The Register - Security
Biting the hand that feeds IT

NHS trusts ?complacent? on cloud app security risks
Do we block unsanctioned ones? Well half of us think we do...

Almost half of NHS Trusts make no attempt to monitor cloud app usage, according to the results of a Freedom of Information request.?


Security analyst says Yahoo!, Dropbox, LinkedIn, Tumblr all popped by same gang
Says five-strong 'Group E' may have lifted a billion Yahoo! records, sells to states

Five hackers are said to be behind breaches totalling up to a staggering three billion credentials from some of the world's biggest tech companies including the Yahoo! breach that led to the loss of 500 million credentials.?


Want to make US$1.5m this weekend? Just jailbreak iOS
Zerodium triples iOS exploit bounty to $1.5M, doubles 'droid to $200k

Exploit broker Zerodium has tripled its bug bounty for a remote iOS 10 jailbreak vulnerability to US$1.5 million.?


'Syrian Electronic Army' goon extradited from Germany now coughs to hacking, ...
His crime boss The Shadow remains at large

An associate of the self-styled Syrian Electronic Army has been sentenced to five years in an American prison for his part in running a cyber extortion scheme against businesses around the world.?


Microsoft widens Edge browser bug hunt for bounty hunters
Keeping you in hoodies

Microsoft has expanded its programme for rewarding those who find and report bugs in its Edge browser, enabling bounty hunters to claim their prize for a broader range of vulnerabilities.?


VESK coughs up £18k in ransomware attack
Biz took the precaution to pay up as a belt and braces approach

Exclusive Hosted desktop and cloud provider VESK is staggering back to its feet after paying 29 Bitcoins (£18,600) in a ransomware attack earlier this week.?


Russian hackers target MH17 journalists for embarrassing Putin
State threat actors are a reality for today's scribes

Journalists investigating the downing of the MH17 flight over eastern Ukraine in 2014 have been hacked by Russia, according to security intelligence outfit ThreatConnect.?


Fingerprint tech makes ATMs super secure, say banks. Crims: Bring it on, suckers
All those unchangeable PINs, up for easy swiping

Cybercriminals are hawking their claimed ability to exploit newly introduced biometric-based ATM authentication technologies.?


Yahoo! Answers used to cloak command and control networks
VXer wordsmiths demo novel stealth tricks

Two malware instances have converted numbers to words in a novel attempt to cloak the IP addresses of command and control servers.?


Researchers crack Oz Govt medical data in 'easy' attack with PCs
White hat efforts show up Govt's proposed laws to criminalise research

Australian researchers have laid waste to the Federal Government's plan to criminalise the decryption of anonymised state data sets, just a day after it was announced, by 'easily' cracking government-held medical data.?


D-Link DWR-932 B owner? Trash it, says security bug-hunter
More than 20 vulns in SOHOpeless LTE gateway

If you've got a D-Link DWR-932 B LTE router, you might want to fire it into the sun ? or hope that a firmware upgrade lands soon.?


How to create a security startup and bag VC millions ? step one: Containers, ...
Step two: Keep doing that

While venture capitalists have been tightening their belts over the past year, there?s still a lot of love and funding for security startups ? especially if you?re working in the right areas.?


Microsoft preps defence against the dark arts for enterprise customers
Application Guard aims to defeat malware served up from web sites

Microsoft is developing a technology for Windows 10 designed to combat the threat of malware served up from web pages penetrating corporate defences and slurping sensitive data.?


How do you approach continuous security?
In application development, build it in

Promo Earlier this week we ran a live broadcast looking at how to build security into your application development process. You can watch it here.?


Urgent! Log in for spear-phisher survey or your account will be deleted
Europol: Cybercrims getting more devious

Europol?s annual cyber-crime survey warns that the quality of spearphishing and other "CEO fraud" is continuing to improve and "cybercrime-as-a-service" means an ever larger group of fraudsters can easily commit online attacks.?




[CaRP] XML error: no element found at line 53 -




[CaRP] This appears to be an HTML webpage, not a feed.

SecurityFocus News
SecurityFocus is the most comprehensive and trusted source of security information on the Internet. We are a vendor-neutral site that provides objective, timely and comprehensive security information to all members of the security community, from end users, security hobbyists and network administrators to security consultants, IT Managers, CIOs and CSOs.

News: Change in Focus
Change in Focus
News: Twitter attacker had proper credentials
Twitter attacker had proper credentials
News: PhotoDNA scans images for child abuse
PhotoDNA scans images for child abuse

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Conficker data highlights infected networks
Conficker data highlights infected networks
Brief: Google offers bounty on browser bugs
Google offers bounty on browser bugs
Brief: Cyberattacks from U.S. "greatest concern"
Cyberattacks from U.S. "greatest concern"

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Brief: Microsoft patches as fraudsters target IE flaw
Microsoft patches as fraudsters target IE flaw
Brief: Attack on IE 0-day refined by researchers
Attack on IE 0-day refined by researchers
News: Monster botnet held 800,000 people's details
Monster botnet held 800,000 people's details

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
News: Google: 'no timetable' on China talks
Google: 'no timetable' on China talks
News: Latvian hacker tweets hard on banking whistle
Latvian hacker tweets hard on banking whistle
News: MS uses court order to take out Waledac botnet
MS uses court order to take out Waledac botnet

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909
Infocus: Enterprise Intrusion Analysis, Part One
Enterprise Intrusion Analysis, Part One
Infocus: Responding to a Brute Force SSH Attack
Responding to a Brute Force SSH Attack
Infocus: Data Recovery on Linux and ext3
Data Recovery on Linux and <i>ext3</i>

>> Advertisement <<
Can you answer the ERP quiz?
These 10 questions determine if your Enterprise RP rollout gets an A+.
http://www.findtechinfo.com/as/acs?pl=781&ca=909

Dark Reading: Dark Reading News Analysis
Dark Reading: Connecting the Information and Security Community

No Articles Were Found... Visit Our Web Site for More Information
No articles were found.

Business Continuity News
Business continuity and disaster recovery news from around the world. Provided by Continuity Central, the international business continuity news and information portal.

The IT DR program: a crucial, but not well understood, aspect of disaster rec...
While the hardware and software costs for disaster recovery are well understood many organizations do not fully realize that, in order to be assured of successfully executing the plan in the event of an outage or disaster, a comprehensive IT DR program must first be in place. An organization can have all the right IT DR hardware and software, but without a properly managed program, its efforts will fail.
Developing immunity against zero-day mutations
Scott Register looks at how the latest malware can be mutated to evade detection by conventional defences, and how businesses can counter the threat.
More UK organizations take business continuity seriously but confidence in di...
Databarracks has published its sixth Data Health Check survey report. The survey questioned over 350 IT decision makers in the UK about their organization's attitude to business continuity and disaster recovery.
FBI Director warns about the spread of ISIL around the world
During a US Senate Homeland Security and Governmental Affairs Committee hearing on Tuesday 27th September, FBI Director James Comey warned that the increasing success of the military campaign against the Islamic State in Syria and Iraq carries an ominous downside: a wave of terrorist fighters who will spread across the globe as the group loses control of its territory on the ground.
New code of practice helps organizations manage business travel risks
BSI has published PAS 3001:2016 'Travelling for work - Responsibilities of an organization for health, safety and security - Code of Practice'. Developed in association with International SOS this new code of practice advises organizations on how to address and manage the health, safety and security risks posed to their employees who are travelling for work.
Small and medium sized enterprises becoming more risk aware
The risks posed by cyber attacks and reputational damage are increasingly worrying small and medium-sized enterprises (SMEs), according to Zurich Insurance Group's third annual global SME survey.

RSS by CARP