News Kategorien unterhalb von Nachrichten: 0x
News RSS Feeds dieser Nachrichten Kategorie: IT Security Nachrichten
Benutze Feedly zum Abonieren.
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).
Eigene IT Security Webseite / Blog / Quelle hinzufügen
Vulnerability Analysis of Domain Controllers
Hey /security! First post here. I have been working as a Security Engineer for about 6 months now, and I am the ONLY resource at my company that does this kind of work. As such, I am solely tasked with assisting clients with security related issues, making recommendations, etc.
Recently, one of our clients requested a risk analysis. Being CompTIA PenTest+ and CySA+ certified, I am expected to perform a full analysis for this client site. I have no senior officials to lean on, and i'm kind of nervous about undertaking such a large task. I am working backwards through my methodology (Identify Vulnerabilities, Identify Threat, Determine likelihood of threat actualization, determine impact of threat actualization, and evaluate overall risk). Trouble is, I have no clue what industry standard tools and software are recommended to perform these tasks.
I could just do nmap scans and match CVEs to services that are running, but that feels like half-ass results with full-ass effort. I could use the Nessus scanner, but I have to convince my boss to pay for it because we don't currently have it. I could go in and work through it like a PenTest, but i'd have to go through the waver and legal process with our client. I'm sure this board has some GREAT input on this, so let's hear it.
If this is inappropriately posted here, please let me know which board would be more suitable for this topic.
Marketing Analytics Company Leaks Deep Profiles of Entire Ecuador Population
Julian Assange is among those impacted.
The World Has a Third Pole -- and It's Melting Quickly
An anonymous reader shares a report: Many moons ago in Tibet, the Second Buddha transformed a fierce nyen (a malevolent mountain demon) into a neri (the holiest protective warrior god) called Khawa Karpo, who took up residence in the sacred mountain bearing his name. Khawa Karpo is the tallest of the Meili mountain range, piercing the sky at 6,740 metres (22,112ft) above sea level. Local Tibetan communities believe that conquering Khawa Karpo is an act of sacrilege and would cause the deity to abandon his mountain home. Nevertheless, there have been several failed attempts by outsiders -- the best known by an international team of 17, all of whom died in an avalanche during their ascent on 3 January 1991. After much local petitioning, in 2001 Beijing passed a law banning mountaineering there. However, Khawa Karpo continues to be affronted more insidiously. Over the past two decades, the Mingyong glacier at the foot of the mountain has dramatically receded. Villagers blame disrespectful human behaviour, including an inadequacy of prayer, greater material greed and an increase in pollution from tourism. People have started to avoid eating garlic and onions, burning meat, breaking vows or fighting for fear of unleashing the wrath of the deity. Mingyong is one of the world's fastest shrinking glaciers, but locals cannot believe it will die because their own existence is intertwined with it. Yet its disappearance is almost inevitable. Khawa Karpo lies at the world's "third pole." This is how glaciologists refer to the Tibetan plateau, home to the vast Hindu Kush-Himalaya ice sheet, because it contains the largest amount of snow and ice after the Arctic and Antarctic -- about 15% of the global total. However, a quarter of its ice has been lost since 1970. This month, in a long-awaited special report on the cryosphere by the Intergovernmental Panel on Climate Change (IPCC), scientists will warn that up to two-thirds of the region's remaining glaciers are on track to disappear by the end of the century. It is expected a third of the ice will be lost in that time even if the internationally agreed target of limiting global warming by 1.5C above pre-industrial levels is adhered to.
Read more of this story at Slashdot.
Microsoft Exchange Server 2010 Support Gets a Life Extension
After analyzing the deployment state of existing Microsoft Exchange customers, Microsoft has decided to move the end of support date for Exchange Server 2010 to October 13th, 2020. [...]
AVM veröffentlicht FritzOS-Wartungsupdate für die FritzBox WLAN 3390
There's a Lost Continent 1,000 Miles Under Europe
Scientists have reconstructed the tumultuous history of a lost continent hidden underneath Southern Europe, which has been formally named "Greater Adria" in a new study. From a report: This ancient landmass broke free from the supercontinent Gondwana more than 200 million years ago and roamed for another 100 million years before it gradually plunged underneath the Northern Mediterranean basin. Researchers led by Douwe van Hinsbergen, a professor of global tectonics and paleogeography at Utrecht University, have been piecing together Greater Adria's past for a decade. The team collected rock samples from Spain to Iran, looking for the last material remnants of the continent that are accessible to scientists. The results were published this month in the journal Gondwana Research, and include an animated summary of the lost continent's birth, life, and death. Unless you live in an earthquake zone, it can be easy to forget that Earth is constantly cannibalizing its own landmasses. The map of our world morphs over the eons, as continental plates shift around, bump into each other, and undergo subduction, which occurs when one plate slides underneath another.
Read more of this story at Slashdot.
Instagram Flaw That Could Have Previously Exposed User Data Now Patched
It would seem that Facebooks’ Instagram frequently makes it to the news due to its security glitches. Recently, a researcher
InnfiRAT Targets Personal Data, Cryptocurrency Wallets
Malware called InnfiRAT is creeping into cryptocurrency wallets
Dubbed InnfiRAT; the malware can also steal browser cookies resulting in a compromise of sensitive data such as usernames and passwords.
This is a post from HackRead.com Read the original post: Malware called InnfiRAT is creeping into cryptocurrency wallets
Nyotron’s PARANOID Discovers and Blocks a New “Agent Tesla” Variant
Source: Krebs on Security Earlier this month, Nyotron’s PARANOID prevented an attack that had managed to slip past the endpoint security solution installed on one of our customer’s endpoints. According to our analysis, the attack involved a new variant of the Agent Tesla trojan. It still had that “new car smell” — appearing in the wild mere hours […]
The post Nyotron’s PARANOID Discovers and Blocks a New “Agent Tesla” Variant appeared first on Cybersecurity Insiders.
Asus, Lenovo and Other Routers Riddled with Remotely Exploitable Bugs
Independent researchers found 125 different CVEs across 13 different router and NAS models.
Snowden Says He Would Return to US If He Can Get a Fair Trial
SoftBank Backers Rethink Role in Next Vision Fund on WeWork
The biggest backers of SoftBank's gargantuan Vision Fund are reconsidering how much to commit to its next investment vehicle as an oversized bet on flexible workspace provider WeWork sours. From a report: Saudi Arabia's Public Investment Fund, which contributed $45 billion to the $100 billion Vision Fund, is now only planning to reinvest profits from that vehicle into its successor, according to people familiar with the talks. Abu Dhabi's Mubadala Investment, which invested $15 billion, is considering paring its future commitment to below $10 billion, the people said, asking not to be identified in disclosing internal deliberations. A partial retreat of the two anchor investors would complicate fundraising for SoftBank Chief Executive Officer Masayoshi Son, who upended venture capital by making huge bets on promising yet unproven companies and spurring others to follow suit. Perhaps more than any other startup, WeWork has come to symbolize that brash style, and the success or failure of its IPO is likely to impact Son's ability to raise cash for future deals.
Read more of this story at Slashdot.
Abo-Abzocke: Falsche Handy-Rechnungen für 41.000 Mobilfunk-Kunden
"Achtung Abzocke" warnt jetzt die Stiftung Finanztest Kunden von Mobilcom-Debitel, Vodafone und Klarmobil. Laut einem aktuellen Bericht haben diese Mobilfunkanbieter rund 41.000 Kunden Drittanbieterleistungen in Rechnung gestellt, die nicht erbracht wurden. (Weiter lesen)
The pivot to privacy could come with a $100 million grant video
From The Daily Charge: Three companies are funding projects that focus on internet privacy.
Phishing Attack Targets The Guardian's Whistleblowing Site
The Guardian's SecureDrop whistleblower submission site was targeted with a phishing page that attempted to harvest the unique "codenames" used to identify sources who used the service. In addition, this phishing page promoted an Android app that allowed attackers to perform a variety of malicious activity on a victim's device. [...]
LastPass fixes a major exploit
Make sure you have version 4.33.0.
Pixel 4 & Nest Mini: Google lädt zur Vorstellung neuer Hardware
Im Grunde kann es sich Google auch gleich sparen, aber dennoch muss es natürlich sein: der Internetkonzern hat den offiziellen Termin für die Vorstellung seiner neuen Flaggschiff-Smartphones der Google Pixel 4-Serie bekannt gegeben. Mitte Oktober ist es soweit. (Weiter lesen)
Amazon Changed Search Algorithm in Ways That Boost Its Own Products
Amazon.com has adjusted its product-search system to more prominently feature listings that are more profitable for the company, WSJ reported Monday citing people who worked on the project, a move, contested internally, that could favor Amazon's own brands. From the report: Late last year, these people said, Amazon optimized the secret algorithm that ranks listings so that instead of showing customers mainly the most-relevant and best-selling listings when they search -- as it had for more than a decade -- the site also gives a boost to items that are more profitable for the company. The adjustment, which the world's biggest online retailer hasn't publicized, followed a yearslong battle between executives who run Amazon's retail businesses in Seattle and the company's search team, dubbed A9, in Palo Alto, Calif., which opposed the move, the people said. Any tweak to Amazon's search system has broad implications because the giant's rankings can make or break a product. The site's search bar is the most common way for U.S. shoppers to find items online, and most purchases stem from the first page of search results, according to marketing analytics firm Jumpshot. The issue is particularly sensitive because the U.S. and the European Union are examining Amazon's dual role -- as marketplace operator and seller of its own branded products. An algorithm skewed toward profitability could steer customers toward thousands of Amazon's in-house products that deliver higher profit margins than competing listings on the site. Further reading: Amazon Falls After Report That the Company Prioritized Profit in Its Search Listings.
Read more of this story at Slashdot.
HTC wird vorsichtig: 2019 kein Flaggschiff-Smartphone, 5G ab 2020
Saudi Attacks Expose Threat to Critical Infrastructure
Why International Identity Day is so important for us to support and celebrate
Happy international ID day! It may not be a day you have in your calendar, but nonetheless the day is an important initiative to acknowledge the challenges many people face when it comes to having a secure, trusted identity. With at least ten African nations announcing they will hold commemoration activities on September 16 to […]
The post Why International Identity Day is so important for us to support and celebrate appeared first on Cybersecurity Insiders.
Wi-Fi 6 Launches Officially for the Next Generation of Wi-Fi
The Wi-Fi Alliance announced today the availability of the Wi-Fi CERTIFIED 6 certification program for vendors to provide customers with the latest and greatest Wi-Fi experience. Unveiled last year in October, Wi-Fi 6 (also known as 802.11ax) launches officially today with up to 37 percent faster speeds than the previous Wi-Fi generation (802.11ac), increased bandwidth for greater performance with low latency, higher data rates for greater network capacity, as well as MU-MIMO (Multi-User Multiple Input Multiple Output) support for greater download performance on more devices at once. "Wi-Fi CERTIFIED 6 is ushering in a new era of Wi-Fi, building on Wi-Fi’s core characteristics to provide better performance in every environment for users, greater network capacity for service providers to improve coverage for their customers, and new opportunities for advanced applicatio...
Just as Ecuador thought it had seen the back of leaks, over 20m citizen records are exposed
And Julian Assange is among them - but how old are these?
Records on more than 20 million individuals in Ecuador have leaked from an unsecured database in Miami, Florida, containing a mix of official citizen registration data and personal & banking details.…
An iOS 13 Bug Exposes Device Contacts While Exploiting FaceTime Call
After the launch of iOS 12, a researcher discovered back-to-back lock screen bypass flaws in the system exploiting various features.
Database Leaks Data on Most of Ecuador's Citizens, Including 6.7 Million Children
The personal records of most of Ecuador's population, including children, has been left exposed online due to a misconfigured database, ZDNet reported Monday. From the report: The database, an Elasticsearch searver, was discovered two weeks ago by vpnMentor security researchers Noam Rotem and Ran Locar, who shared their findings exclusively with ZDNet. Together, we worked to analyze the leaking data, verify its authenticity, and contact the server owner. The leaky server is one of the, if not the biggest, data breaches in Ecuador's history, a small South American country with a population of 16.6 million citizens. The Elasticsearch server contained a total of approximately 20.8 million user records, a number larger than the country's total population count. The bigger number comes from duplicate records or older entries, containing the data of deceased persons.
Read more of this story at Slashdot.
Tax Professionals Targeted in IRS Tax Return Phishing Scam
HP printers try to send data back to HP about your devices and what you print
U.S. Sanctions North Korean Group Behind WannaCry, Sony Hacks
Three North Korean threat groups have been sanctioned in the U.S. as part of a larger U.S. initiative against North Korea-linked malicious cyber activity.
White House CIO slams Cyber Insurance Companies for encouraging ransomware
Theresa Payton, the EX CIO of White House has slammed Cyber Insurance companies for encouraging customers in bowing down to the demands of hackers and making the victims pay the ransom in exchange for a decryption key. “I am increasingly concerned on the practice followed by the insurance companies and would like the white house […]
The post White House CIO slams Cyber Insurance Companies for encouraging ransomware appeared first on Cybersecurity Insiders.
New encryption method called ‘Splintering’ makes password hacking 14 million percent more challenging
Xiaomi Mi 9 Lite jetzt in Europa gestartet: Teurer als das bessere Mi 9T
Xiaomi baut viele Smartphones. Manchmal kannibalisiert sich der chinesische Hersteller damit sogar selbst - so auch im Fall des jetzt offiziell vorgestellten Xiaomi Mi9 Lite. Mit einem Preis von knapp 320 Euro ist das neue Smartphone teurer als das bessere Xiaomi Mi 9T. (Weiter lesen)
LastPass Bug Leaks Credentials From Previous Site
Password manager LastPass has released an update last week to fix a security bug that exposes credentials entered on a previously visited site. From a report: The bug was discovered last month by Tavis Ormandy, a security researcher with Project Zero, Google's elite security and bug-hunting team. LastPass, believed to be the most popular password manager app today, fixed the reported issue in version 4.33.0, released last week, on September 12. If users have not enabled an auto-update mechanism for their LastPass browser extensions or mobile apps, they're advised to perform a manual update as soon as possible. This is because yesterday, Ormandy published details about the security flaw he found. The security researcher's bug report walks an attacker through the steps necessary to reproduce the bug.
Read more of this story at Slashdot.
First-Ever Microsoft Linux Conference Announced for March 10-11, 2020
Microsoft announced something Linux users would have never dreamed of, the first Microsoft Linux Conference for their WSL (Windows Subsystem for Linux) implementation. If you never heard of WSL, let us tell you that Windows Subsystem for Linux is a compatibility layer designed by Microsoft to let you install GNU/Linux distributions and natively run Linux binaries on Windows 10 and Windows Server 2019 operating systems. WSL 2, the latest version of Windows Subsystem for Linux, was announced by Microsoft earlier this summer and it introduces major new features like an entirely new architecture that uses a real, in-house built Linux kernel, as well as full system call compatibility to run more Linux apps. "This kernel has been specia...
Watchmen - Neuer Trailer verrät weitere Details zur Story der Serie
Der Sender HBO gewährt uns mit dem ersten richtigen Trailer neue Einblicke in die Serienadaption der Watchmen-Comics - beziehungsweise deren Fortführung, denn das neue Format spielt einige Jahr nach den Ereignissen der Vorlage. Zu sehen gibt es viele bisher unveröffentlichte Szenen, die mehr über die Story verraten. (Weiter lesen)
SeitennavigationSeite 1 von 6.342 Seiten (Bei Beitrag 1 - 35)
221.949x Beiträge in dieser Kategorie
Nächste 2 Seite | Letzte Seite
[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ]