1. IT-Security >
  2. Cyber Security Nachrichten


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Nachrichten


Suchen

News RSS Quellen: 82x
News Kategorien unterhalb von Nachrichten: 0x
News RSS Feeds dieser Nachrichten Kategorie: RSS Feed IT Security Nachrichten
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 5 von 6.380 Seiten (Bei Beitrag 140 - 175)
223.279x Beiträge in dieser Kategorie

Auf Seite 4 zurück | Nächste 6 Seite | Letzte Seite

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [5] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ]

DSGVO zeigt ihre Zähne

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

von Starwood keine ausreichenden Prüfungen vornahm und danach nicht genügend für IT-Sicherheit gesorgt habe. Marriott kann nun Stellung ...
News Bewertung

Weiterlesen Weiterlesen

Gdata informiert Partner und beleuchtet Sicherheitstrends

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Mittelständische Wirtschaftsunternehmen müssen in Zukunft IT- Sicherheit als Teil der Wertschöpfung sehen und nicht als Cost Center. Denn sonst ist ...
News Bewertung

Weiterlesen Weiterlesen

Ask Slashdot: Could Climate Change Be Solved By Manipulating Photons in Space?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: science.slashdot.org Direktlink direkt öffnen

Slashdot reader dryriver writes: Most "solutions" to climate change center on reducing greenhouse gas emissions on Earth and using renewable energy where possible. What if you could work a bit closer to the root of the problem, by thinking about the problem as an excess number of photons traveling from the Sun to the Earth? Would it be completely physically impossible to place or project some kind of electrical or other field into space that alters the flight paths of photons -- which are energy packets -- that pass through it? What if you could make say 2% of photons that would normally hit the Earth miss the Earth, or at the very least enter Earth's atmosphere at an altered angle? Given that the fight against climate change will likely swallow hundreds of billions of dollars over the next years, is it completely unfeasible to spend a few billion dollars on figuring out how to manipulate the flight paths of photons out in Space? Here's a recent news report along those lines: A group of Swedish researchers believe that a cataclysmic asteroid collision from hundreds of millions of years ago could have the answers to solving climate change... Researchers have been discussing different artificial methods of recreating post-collision asteroid dust, such as placing asteroids in orbits around Earth like satellites and having them "liberate fine dust" to block warming sunlight, thus hypothetically cooling our warming planet. "Our results show for the first time that such dust at times has cooled Earth dramatically," said Birger Schmitz, professor of geology at Lund University and the leader of the study. "Our studies can give a more detailed, empirical based understanding of how this works, and this in turn can be used to evaluate if model simulations are realistic." The research is still a ways out from practical use, however. Scientists are understandably wary about recreating a prehistoric dust storm. Speaking to Science Magazine, Seth Finnegan, a paleontologist at the University of California, Berkeley said that the results of the study "shows that the consequences of messing around in that way could be pretty severe." The university's press release does say their research "could be relevant for tackling global warming if we fail to reduce carbon dioxide emissions." But what do Slashdot's readers think of these ideas? Leave your own thoughts in the comments. Could climate change be solved by manipulating photons in space?

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Mac Malware Poses as Trading App

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink direkt öffnen

A Mac Trojan focused on stealing users’ information was found masquerading as a legitimate trading application, Trend Micro’s security researchers report.

read more


News Bewertung

Weiterlesen Weiterlesen

Dem Hacker auf der Spur

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Vor diesem Hintergrund hat sich die Cyber Security weiterentwickelt. Da Angriffe immer wahrscheinlicher werden, reichen präventive Massnahmen ...
News Bewertung

Weiterlesen Weiterlesen

Emmys: Amazon und Game of Thrones räumen bei den TV-Oscars ab

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

TV-Serie, Game of Thrones, HBO, GoT, Daenerys Targaryen In der Nacht auf heute wurden in Los Angeles die Emmy Awards verliehen, diese werden auch gerne TV-Oscars genannt. Inzwischen sollte man aber auch von Streaming-TV-Oscars sprechen, denn Netflix und vor allem Amazon waren erneut stark vertreten. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Alleged Hacker Faces 154 Charges in Football Leaks Case

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink direkt öffnen

Portuguese prosecutors are bringing 154 charges against an alleged local hacker they believe is linked to the publication of internal documents that embarrassed top European clubs and soccer officials in the Football Leaks case.

read more


News Bewertung

Weiterlesen Weiterlesen

Swiss IT Security schluckt Zapp IT

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Mit dem Zukauf von Zapp IT erweitert Swiss IT Security die Gruppe um ein siebtes Unternehmen. Das 2004 gegründete Basler Unternehmen Zapp IT ...
News Bewertung

Weiterlesen Weiterlesen

Tausende Google-Kalender wegen Nutzerfehler frei im Netz

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Es beinhaltet ein Security Information and Event Management (SIEM), Vulnerability Management sowie professionelle Penetrationstests. Zudem bietet ...
News Bewertung

Weiterlesen Weiterlesen

Reihenweise YouTube-Channels wurden von Spammern übernommen

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Hacker, Tastatur, Maus Binnen der letzten Tage gab es eine ganze Reihe erfolgreicher Angriffe auf bekannte YouTube-Accounts. Dafür mussten die Angreifer nicht nur die Zugangsdaten herausfinden, sondern auch die zusätzlich geschaltete Zwei-Faktor-Authentifizierung überwinden. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Worrying Bug Causes Random Credit Cards to Show Up in Other People’s Apple IDs

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: news.softpedia.com Direktlink direkt öffnen

A number of iPhone owners complain of what appears to be a major security problem encountered when trying to change the billing info or the iTunes credit card data. According to posts on reddit (1 and 2), account information belonging to someone else shows up in others’ Apple IDs, along with full name, billing address, and the last 4 digits of credit cards. While full credit card data is not exposed, the personal information is, and users who came across this bug claim Apple is already aware of the problem. “Spent about 40 minutes on the phone with Apple. They are aware of my issue,” reddit user createdbyeric explains. “They are taking the issue very serious. I was transferred an senior manager who quickly acknowledged how big of an issue this was and he will ...
News Bewertung

Weiterlesen Weiterlesen

2019 Top Trending Issues for Cybersecurity

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: hackersonlineclub.com Direktlink direkt öffnen

Cyber Security TrendingCybersecurity isn’t a new topic in today’s world. However, it is definitely a new concept that everyone who was born before the golden age...

The post 2019 Top Trending Issues for Cybersecurity appeared first on HackersOnlineClub.


News Bewertung

Weiterlesen Weiterlesen

Free Windows 7 Updates for Voting Devices to Continue Until Late 2020

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: news.softpedia.com Direktlink direkt öffnen

Voting machines running Windows 7 will continue to receive free security updates though the end of 2020 despite the January 14 end-of-support date for the operating system. Microsoft says it wants to provide devices that will be used in the voting process with security updates not only in the United States, but also in other democratic states that express their interest in this regard. Additionally, the software giant says it’s working with the government to make the process of certifying voting machines smoother in an attempt to speed up the upgrade process to newer software. “As we head into the 2020 elections, we know there is a relatively small but still significant number of certified voting machines in operation running on Windows 7. We also know that transitioning to machines running newer operating systems in time for the 2020 election may not be possible for a number of reasons, including the lengthy voting machine certification process – a process we are...
News Bewertung

Weiterlesen Weiterlesen

Unter 30, von Bill Gates ausgezeichnet und auf dem Weg zum internationalen Startup-Star ...

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Das Darmstädter Start-up überzeugte auf der weltweit ausstellerstärksten Fachmesse für IT Security, das Fachpublikum mit seinem innovativen ...
News Bewertung

Weiterlesen Weiterlesen

exe2powershell – Convert EXE to BAT Files

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: darknet.org.uk Direktlink direkt öffnen

exe2powershell – Convert EXE to BAT Files

exe2powershell is used to convert EXE to BAT files, the previously well known tool for this was exe2bat, this is a version for modern Windows.

This will convert any binary file (*.exe) to a BAT file, the resulting BAT file contains only echo commands followed by a PowerShell command to re-create the original binary file.

This kind of tool can be useful during a pen-test when you want to trigger a shell without any upload feature.

Read the rest of exe2powershell – Convert EXE to BAT Files now! Only available at Darknet.


News Bewertung

Weiterlesen Weiterlesen

No Cyber Attack on Iran says Ministry

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: cybersecurity-insiders.com Direktlink direkt öffnen

Iran has cleared the air that there has been no cyberattack on its digital assets operating in Oil Refineries as claimed by some sources from western media. According to a press statement released by the Government’s Cyber Security Office to Times of Israel, no successful cyberattack was witnessed on oil refineries and so disruption claims […]

The post No Cyber Attack on Iran says Ministry appeared first on Cybersecurity Insiders.


News Bewertung

Weiterlesen Weiterlesen

Dubai Cheers Exhibition lost $53,000 due to Phishing Cyber Attack

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: cybersecurity-insiders.com Direktlink direkt öffnen

UAE based company Cheers Exhibition which is into stand building business for companies hosting their products & services at exhibitions has admitted that it has become a victim of a phishing cyber attack recently. And as per the latest update released to the media, its website has been pulled down as the website content holding […]

The post Dubai Cheers Exhibition lost $53,000 due to Phishing Cyber Attack appeared first on Cybersecurity Insiders.


News Bewertung

Weiterlesen Weiterlesen

Sichere Web-Konferenzen abhalten

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Schlagwörter: Authentifizierung, BlueJeans, Collaboration, IT-Sicherheit, ... Mit kostenlosen Audio-, Video- und Web-Konferenzen ist es eine große ...
News Bewertung

Weiterlesen Weiterlesen

Software-Entwicklung virtueller Maschinen mit V-Realize Automation

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Die Techniken, welche die Trusted Security Solutions Group (TSS) von ... dem US-Verteidigungsministerium, der Singapore Cyber Security Agency ...
News Bewertung

Weiterlesen Weiterlesen

Google Loans Cameras To Volunteers To Fill Gaps in 'Street View'

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: tech.slashdot.org Direktlink direkt öffnen

NPR explains why a man "applied to borrow a 360-degree camera through Google's Street View camera loan program." Kanhema, who works as a product manager in Silicon Valley and is a freelance photographer in his spare time, volunteered to carry Google's Street View gear to map what amounted to 2,000 miles of his home country. The Berkeley, California, resident has filled in the map of other areas in Africa and Canada as well.... Google says it has "largely mapped" only 87 of nearly 200 countries on the platform, which launched in 2007. Many other countries on the planet have at least some Street View coverage, Google says. But there are sizable gaps in regions like Africa, Antarctica and Central Asia, while areas such as the U.S. and Europe are mostly filled in. While users can see almost every street corner in places such as Paris or New York, they can't do the same for Algiers, Algeria, or Kabul, Afghanistan. "We start in the large metropolitan areas where we know we have users, where it's easy for us to drive and we can execute quickly," says Stafford Marquardt, a product manager for Street View. He says the team is working to expand the service's reach. To do that, Google often relies on volunteers who can either borrow the company's camera equipment or take photos using their own. Most images on Street View are collected by drivers, and most of these drivers are employed by third parties that work with Google. But when it comes to the places Google hasn't prioritized, people like Kanhema can fill in the gaps... All this is a lot of work, but for Kanhema, it's a hobby. Google doesn't pay him or the other volunteers -- whom the company calls "contributors" -- for the content they upload. Kanhema, for example, spent around $5,000 of his own money to travel across Zimbabwe for the project. "What motivates me is just being that constant nudge on these companies and this system to pay attention to those parts of the world," he says. Craig Dalton, an assistant professor of global studies and geography at Hofstra University, says Google's business model plays a big role in which places are added to Street View first. "Google Maps is not a public service. Google Maps is a product from a company, and things are included and excluded based on the company's needs," Dalton says. "Sometimes that means that things are excluded that have a lot of merit but that don't fit the business plan..." Although the company's end goal is to make a global street map, Kanhema is unsure when places like his hometown would be visible on the platform without volunteered images. "There's not always going to be a business case to tell the story of how people live across the world," he says. The volunteer contributors to Street View can sometimes receive funding from tourism boards or travel agencies, according to the article, but Street View's product manager adds that Google currently has no plans to compensate its volunteers. He says instead that Google compensates its volunteer contributors "in a lot of other ways" by offering "a platform to host gigabytes and terabytes of imagery and publish it to the entire world, absolutely for free."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

M2solutions und Nordland sind strategische Partner

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Der Holsteiner IT-Dienstleister und der Ahrensburger POS-Spezialist arbeiten ab sofort ... IT-Dienstleistungen und IT-Security-Lösungen profitieren.“.
News Bewertung

Weiterlesen Weiterlesen

Google Braces for Landmark Global Privacy Ruling

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Google Braces for Landmark Global Privacy Ruling submitted by /u/mynameisalex1
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

KI braucht intelligentes Datenmanagement

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: it-daily.net Direktlink direkt öffnen

Künstliche Intelligenz (KI) verändert nicht nur die Produktions- und Arbeitswelt in den Unternehmen, sondern auch die Art und Weise, wie nationale Sicherheitsorganisationen weltweit ihre Operationen durchführen und Aktivitäten steuern. 


News Bewertung

Weiterlesen Weiterlesen

Think twice before using facial-recognition technology or fingerprint scanning

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Think twice before using facial-recognition technology or fingerprint scanning submitted by /u/mynameisalex1
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

DIE ZUKUNFT DES WAN MANAGEMENTS - ZERO TOUCH PROVISIONING

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: it-daily.net Direktlink direkt öffnen

Die Telekommunikationslandschaft erlebt in den letzten Jahren einen gezielten und steten Wandel der Netzinfrastruktur. Sei es der Wechsel von ISDN auf VoIP oder der Ablösung des quasi Marktstandards MPLS zum SD-WAN. 


News Bewertung

Weiterlesen Weiterlesen

3 Types of Network Attacks to Watch Out For

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: tripwire.com Direktlink direkt öffnen

Cybersecurity is becoming more of a common tongue term in today’s industry. It is being passed around the executive meetings along with financial information and projected marketing strategies. Here are some common attack vectors plaguing the industry when it comes to network infrastructure. It does not really matter the infrastructure type you have. If there […]… Read More

The post 3 Types of Network Attacks to Watch Out For appeared first on The State of Security.


News Bewertung

Weiterlesen Weiterlesen

Building a Foundation for “Smart” Steel Factories with Fog Computing, the Cloud and Cybersecurity

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: tripwire.com Direktlink direkt öffnen

Digital technologies have been transforming our world for the past few decades. For instance, the Internet of Things (IoT) and cloud computing have induced an evolution in the way we as society live our everyday lives as well as how many enterprises conduct business. This evolution has started to enter the industrial realm, most notably […]… Read More

The post Building a Foundation for “Smart” Steel Factories with Fog Computing, the Cloud and Cybersecurity appeared first on The State of Security.


News Bewertung

Weiterlesen Weiterlesen

Massive wave of account hijacks hits YouTube creators

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: zdnet.com Direktlink direkt öffnen

YouTube creators from the auto and car community were hit the hardest in what appears to be a coordinated attack.
News Bewertung

Weiterlesen Weiterlesen

Do Coders Crave a Sense of Control?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: developers.slashdot.org Direktlink direkt öffnen

This week Stack Overflow's CEO/founder Joel Spolsky spoke to Clive Thompson, the tech journalist who just published the new book Coders: the Making of a New Tribe and the Remaking of the World . "It's a sort of ethnographic history of this particular tribe," explains a blog post at Stack Overflow, "examining how software developers fit into the world of business and culture and how their role in society has shifted in recent decades. "The official conversation kicked off after a 15-minute tangent on Joel's collection of Omni magazine and the formative role this publication had for both men." Some excerpts: Clive: The question in my mind is, who is interested in this? What gets them bit by the bug so they are willing to crawl over all the broken glass that is the daily work. Joel: In my time, it was the absolute control. Whatever code you wrote, that's what executed. There was no translation. It wasn't like, well the flour was kind of old, and I tried to make the souffle but it collapsed. Unlike so many things you will try to accomplish as a child or an adult, where you work on something but it doesn't turn out as you expect it to, with code it will do exactly what you told it. Even if that's not what you meant. You might suddenly realize you're obeying me to the point of making me angry. Clive: The monkey's paw thing. I shouldn't have wished for that. Joel: But the computer is still being completely obedient. Clive: That thrill is a common thread I found in my research, from the 1960s through today. I will talk to people in their 80s who worked on machines the size of an entire room, and it's the same damn thing talking to a 15-year-old girl at an afterschool program working on a raspberry pi or P5. There is something unique about the micro-world that is inside the machine, qualitatively different from our real world. Joel: It's sort of utopian. Things behave as they are supposed to. The reason I put a question mark on that, as programmers move higher and higher up the abstraction tree, that kinda goes away. Clive: I think the rise of machine learning is an interesting challenge to the traditional craft of software development. Some of the people I spoke with for the book aren't interested in it because they don't like the idea of working with these indeterminate training systems... there is something unsettling about not really knowing what's going on with what you're building. Joel: I just picked up Arduino a year ago and that was enormously fun because it was like going back to C, instead of all these fancy high-level languages where you don't know what they are going to do. It offered a really detailed level of control. If something doesn't work, you can figure it out, because everything is tractable. They also discussed the future of coding -- and took a fond look back at its past. Spolsky remembers his first exposure to computers was an interactive terminal system connected to a mainframe that ran FORTRAN, BASIC, and PL/I programs. "Many, many years later I realized there was no way they had enough memory for three compilers and in fact what they had was a very simple pre-processsor that made Basic, FORTRAN, and PL/I all look like the same mush. "It was a very crappy subset of each of those three languages."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Der Schlüssel zu moderner Cyber-Sicherheit

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: it-daily.net Direktlink direkt öffnen

Nicolas Fischbach, CTO des globalen Cyber-Security-Anbieters Forcepoint, spricht über die Bedeutung der Analyse menschlichen Verhaltens und wie sich die Cyber Security in den nächsten Jahren verändern wird.


News Bewertung

Weiterlesen Weiterlesen

Star Trek: Deep Space Nine 'Nog' Actor Aron Eisenberg Has Died at 50

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: entertainment.slashdot.org Direktlink direkt öffnen

An anonymous reader quotes CNET: Actor Aron Eisenberg, who played Nog on Star Trek: Deep Space Nine, died Saturday at age 50, his wife Malíssa Longo posted on Facebook. "He was an intelligent, humble, funny, emphatic soul," Longo wrote. "He sought to live his life with integrity and truth. He was so driven to put the best he had into whatever work was put before him." The actor's cause of death wasn't released, but he underwent his second kidney transplant in 2015, StarTrek.com notes in an obituary. Eisenberg played Nog, the first Ferengi to join Starfleet, and appeared in 40 episodes from across all seven seasons. The show ran from 1993 to 1999. His character was the son of Rom, the nephew of Quark, and the best friend of Jake Sisko, who was the son of commanding officer Benjamin Sisko. Eisenberg was told nothing about his character when he was cast and had no idea that the part would last, Star Trek reports "I thought every episode I was doing might be my last episode," he told StarTrek.com in 2012. The site also notes that Eisenberg also played Kar, the young Kazon-Ogla, in a 1995 Star Trek: Voyager episode. This year Aron had become the host and producer of a Star Trek-themed podcast called "The 7th Rule." And Deep Space Nine (and the other early Star Trek series) are all available through Amazon Prime. CNET remembered the actor by sharing the Deep Space Nine scene where Nog makes a passionate speech about why he wants to join Starfleet Academy. ("My father is a mechanical genius. He could've been chief engineer of a starship if he'd had the opportunity. But he went into business like a good Ferengi...") On Twitter 79-year-old René Auberjonois (who played Odo on Deep Space Nine) called Aron "such a pure, sweet soul and gifted artist. He was a dedicated collaborator and friend. My condolences and love to his wife and family." Armin Shimerman, who had played Nog's bartender uncle Quark, tweeted Sunday "I have lost a great friend and the world has lost a great heart... He was a man of conviction and enormous sensitivity and the best of humanity... Flights of angels my friend... you will be missed." And Next Generation actor Jonathan Frakes tweeted "bless his sweet soul."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Rebel Cops Review (PC)

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: softpedia.com Direktlink direkt öffnen

Rebel Cops is Weappy Studio's latest game and a spinoff from This Is the Police, the series that made the developer known to the gaming industry. However, unlike either of the two This Is the Police games, Rebel Cops is a straightforward experience that doesn't require management skills, nor moral choices. If you've played This Is the Police, this is a similar game stripped down by all other aspects except for the turn-based combat. The moral choices are limited to using lethal or non-lethal force when taking down an enemy, but they are merely reduced to decisions related to how you want to approach a mission from a tactical point of view. The premise of the game is as generic as a cop flick's scenario: a Russian crime boss takes over a rural town paying off all cops or eliminating those who oppose him. The last stand for justice is a group of incorruptible cops, who resign from the police force and take it to the woods to try and retake Ripton from Viktor Zuev's c...
News Bewertung

Weiterlesen Weiterlesen

How the Microsoft Store Urges Customers To Trade In Their iPhones

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: apple.slashdot.org Direktlink direkt öffnen

"Have you ever wondered how -- or even why -- Microsoft is offering $650 to switch from iPhone to Samsung's latest phones?" asks tech columnist Chris Matyszczyk. "A Microsoft store salesman enlightened me. It was spiritual, as much as factual." "This is a Microsoft store," I said. "Why are you pushing these?" "Because three weeks ago, you couldn't do what you can do now," he said. This was quite some drama. I hadn't heard that my life had changed just 21 days prior, but Oscar was ready to explain. "Now you can have a terabyte, which means this phone improves your mobility and can now replace your laptop. You can now run your business straight from this phone," he said... With a fervent -- and, I have to say, elegant -- enthusiasm, he talked me through my new possibilities. The ability to have everything from Outlook to Word to Excel to One Drive existing simultaneously on every gadget was, apparently, my new Nirvana. He took me over to a desktop and showed me how to dock my new Samsung phone and work simultaneously on the phone and the desktop. He then led me to the Surface Pro 6. "This is the one I've got. And, look, you don't need a keyboard," he said, as he brought up the on-screen keyboard that really isn't very easy to type on. Oscar's congenital positivity was so alluring that I had to insert a pause and ask him what phone he had. He pulled out the same iPhone XR as mine, but sadly in a case. "I've been with Apple for a long time," he explained. "But I just need to pay my iPhone down a bit more and I'm going to switch to this Note..." "Switching from iPhone to Samsung isn't easy, is it?" I muttered. "It's all in your mind," he replied. "You need to have a growth mindset. That's what leaving your iPhone behind represents. Growth." I had to laugh. Not out of insult, but out of sheer admiration for his TED Talk attempt to inspire. He was appealing to my spirit, not my rational mind. He was right, of course. I have a growth bodyset, not a growth mindset.... [A]s I walked out many minutes later, I remembered there was a new iPhone coming out. Three new iPhones. Would any of them represent personal growth?

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

What are some tool that use checksums in support of incident response?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

submitted by /u/Jessywis
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

Deobfuscating/REversing Remcos - AutoIt, Shellcode, and RunPE

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: rinseandrepeatanalysis.blogspot.com Direktlink direkt öffnen

Remcos is a robust RAT actively being used in the wild. 
This multi-staged/evasive RAT provides powerful functionality to an attacker. Each stage is written in a different language: AutoIt -> Shellcode -> C++. I wanted to explore both the evasiveness, and core functionality of the malware.

This variant is a compiled AutoIt script.
AutoIt executables store their payload in the resource section, and load it at runtime via LoadResource.
AutoIt is de-compilable, this can be performed by dropping the executable into Exe2Aut.
The source code is obfuscated, but can be easily deobfuscated with Python.  Here is a block of code obfuscated with a recurring algorithm used throughout the malware.
Function and variable names are randomized, and the first line of the function begins with defining an array of 169 elements.  Each element is an integer, the result of either an addition or subtraction.  The malware then iterates through this array, passing each element to the ChrW() function, which will convert each integer to an ASCII character, building a string one character at a time.

We can use some greedy regex to grab all of these arrays and decode them with Python (snippet below).
The Python eval() function can be used to perform the addition/subtraction for each element.
As you can see, many of these integers are within the ASCII range, thus can be resolved with the chr() function.  The .join() function is used to join the list into one string, and the [list comprehension] is used to iterate through the list, performing the chr() function on each element.
I then added a function to decode all hex strings from the output, which first prints the hex itself, then the decoded ASCII on the following line.  One of the last lines of hex failed to decode (highlighted below).  There are several interesting hex values that stand out in the string that lead me to believe that this was shellcode.  E.g. E9 is a jump near, 55 8B EC is the start of a function prologue (push ebp....mov ebp, esp), 4D 5A ('MZ'), 50 45 ('PE'), etc...
I copied this hex string into HxD and saved it to disk to create the binary.
I then loaded it into IDA for further analysis. 
The first jmp transfers control flow to an address outside of this blob of shellcode, which suggests that there is likely more shellcode somewhere else within the malware. A function prologue/new stack frame is then committed (push ebp...mov ebp, esp....sub esp, 0x14).  The first cmp is dereferencing the address in EBX, checking for the value 'MZ', which is the magic bytes for a Windows Executable (.exe, .dll, .sys).  If this value is found at that location, then the the jump is taken (JZ = Jump if Zero/Equal...5A4D - 5A4D = 0 sets the Zero Flag).  0x3C from the 0x0 byte / 'MZ' header of an executable is the offset to the start of PE header. This offset is obtained and then checked for the value 'PE', which is the magic bytes of the PE header.

For example, here is a hex dump of a windows executable with the offset of the PE header (0x3c) highlighted.
Here is the start of the PE header - magic bytes = 'PE'
Back to the shellcode, the malware then locates the Export table, which is 0x78 from the start of the PE header.  It then obtains pointers to several important tables.  These tables can be walked by shellcode to locate the addresses of WinAPI functions it may want to use.  A manual/evasive way of giving you what GetProcAddress would return. 

Back to the AutoIt code, I added a few lines to the Python to actually replace the encoded values with the decoded ones, so that I could get a better look at how they are being used.
Before:
After:
I then started picking through the code, renaming variables to make more sense, and decoding any other obfuscated code I came across.  The decdata function pulls a payload from the resource section through calling the user-defined function 'globaldata()'.  There is a lot of garbage code (variables that are defined but never used and pointless arithmetic) that could be removed to clean it up.
This variable is defined, but never used, thus can be deleted!
Deobfuscated and cleaned up, you can see how much garbage was added to the function.  The deobfuscation algorithm appears to be: hex -> ASCII (BinaryToString), reversed (StringReverse), and replace '%$=' with '/'.
The malware is using the WinAPI function CryptBinaryToString to convert the byte array '$sdata' to a string.  The output string will be stored within a struct, which will be accessed by DllStructGetData to return the decoded data.

As mentioned earlier, the encoded data is pulled from the resource section of the executable via the 'globaldata()'function.
The resource that gets loaded is of type RCDATA, which is raw data.  
Dumping this resource and popping it into a hex editor shows a reversed base64 string.
Here is the end of the resource ('TVqQ' is the base64 encoding of 'MZ'):
Using python to decode the payload, I stored the reversed base64 string in the variable 's', then performed the reverse and replace.
Decoded and copied to disk, the fully decoded payload is a windows executable.
The malware also attempts to privesc through the event viewer registry hijack to bypass UAC.  Here is the deobfuscated/beautified code.
Another piece of code that stands out is the runpe() function.  This routine is invoked via the wddtuykqzw() function.
RunPE is passed the path to the malware, a variable that invokes the decdata() function, and boolean values for the $protect and $persist parameters.
The first local variable contains the shellcode we loaded into IDA.  More shellcode is appended to this variable throughout this function.
The shellcode is being appended to this variable 169 bytes at a time.
To quickly pull these values out, I grep'd for ["169"], and then awk'd for the 4th column, which contains the hex string.
I then formatted and copied this string, dropped it into the hex editor, and then loaded the binary into IDA.  As you can see, there are now 6 recognized functions.
sub_22D prepares for resolving WinAPIs that the malware needs by building stack strings.  al is set to 0, and used repeatedly to insert a null-terminator to the end of each string/API.
Converting the hex to ASCII:
Two structs are created: one to store the shellcode, and the other to store the in-memory executable from the resource section.  The struct 'silkrefud' stores the executable, and the shellcode is stored in the 'uderboss' struct.  Control flow is then transferred to the shellcode via the 'DllCallAddress' function, which is passed a pointer to the 'silkrefud' struct as an argument.
To debug the shellcode, I loaded the executable into the debugger (x32dbg) and set a breakpoint on VirtualAlloc (trying to hit the block of code above).  Before hitting the bp, I received an error message, and the program exited.
To bypass this mechanism, I set the BeingDebugged flag in the Process Environment Block (PEB) to 0.  This is to trick the malware into thinking we aren't debugging it. To view the PEB in the memory dump window, the command is: dump fs:[30]

BeingDebugged (offset 0x2 of PEB) is set to 1 (PEB -> fs:[30])
Setting flag to 0
After clearing the flag, I ran the program again and hit the VirtualAlloc called at the end of the runpe() function.
Here are the args passed to VirtualAlloc (matches the runpe() instance of this call)
I then set a memory-write breakpoint on the return value of this function, which is the base address of the newly allocated region of memory.
The breakpoint is hit on the 'repe movsb' instruction.
This instruction copies the shellcode to the newly allocated memory.
Control flow is then transferred to the shellcode that we analyzed earlier.
As we saw at the end of the runpe() function, the address of the 'silkrefud' struct (executable) is passed as an argument to the shellcode.
The shellcode uses stack strings to store the names of its WinAPI functions.  These strings are placed into local variables 4 bytes at a time.  As mentioned earlier, the al register is set to 0, and is used to place a null-byte at the end of each string.
 API names resolved in memory:
CreateProcessW is dynamically resolved, which is used to create another instance of the malware in a suspended state.  The original executable is then overwritten in memory with the executable from the malware's executable section (RunPE / process hollowing).
Below is the injected executable at address 0x00400000. This is the default address of the image base, this is where the original executable was overwritten in memory.
 
GetModuleHandleA is called just before WinMain is called in this new executable.
I set a breakpoint on this API call to catch the suspended thread just before main is called, then allowed the original process to call NtResumeThread, allowing the executive thread of the injected process to run.  
The malware then checks to see if it has infected the system through trying to obtain a handle to its hardcoded mutex.
If not present, it then queries the registry for a value also related to the malware.  If found, it deletes it.
A new mutex is then created:
The next function resolves the addresses of several WinAPIs, storing them in global variables.
Following this function, the malware enters an anti-analysis routine.  The first check performed is to attempt to obtain a handle to 'SbieDll.dll', this will detect if the malware is running in Sandboxie.
The malware also checks the NtGlobalFlag in the PEB to detect being debugged.
The malware then checks for procmon by attempting to obtain a handle to the tool's window.  It attempts to detect Process Explorer using the same technique.
The malware detects VMware through the 'in' instruction. If running in VMware, EBX will return the string 'VMXh'.
VirtualBox is detected through attempting to open a registry key associated with VirtualBox.
Admin rights are checked via the WinAPI call IsUserAnAdmin.  This return value is then moved into a global variable.
If not run as admin, the malware attempts to privsec (bypass UAC) through the Event Viewer registry hijack (same technique used in the AutoIt code).
The malware then attempts to set the 'EnableLUA' registry value to 0. This is to stop the system from prompting the user when attempting to install something or make a system change (UAC message). 
Command: cmd.exe /k %windir%\System32\reg.exe ADD HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System /v EnableLUA /t REG_DWORD /d 0 /f
The mutex checked for earlier is then created, just before the malware performs the RunPE technique.
RunPE is performed through the standard sequence of risky WinAPI calls.

The malware contains several interesting commands/modules.  Here is a snippet of several of the hardcoded commands available.
'downloadfromurltofile' will ultimately call URLDownloadToFile.
The downloaded file is then passed to ShellExecuteA to be ran.
'getproclist' will retrieve a list of running process by iterating through a snapshot of running processes via CreateToolhelp32Snapshot.
'execom' allows the malware to spawn additional processes and provide them commandline args.  This is performed via WinExec:

Alternatively, the malware also has the capability to run native commands that will be passed to cmd.exe. Cmd.exe stdout is redirected to a named pipe, which the malware reads in.

The 'scrcap' function will take a screenshot and send it back to C2.
The malware has both online and offline options for logging keystrokes.
This code block is translating virtual key codes to their respective key names.
'clearlogins' clears IE cookies, the Mozilla sqlite database, and Chrome stored logins.  A related function has the ability to steal this information prior to deletion.
The malware also has the ability to hijack the user's webcam. The malware calls out to C2 for an additional library for this functionality.
This library is mapped, then loaded in memory via LoadLibrary.  The addresses of this DLL's functions are manually resolved, and placed in global variables.
'miccapture' will eavesdrop on the victim machine's mic.
Clipboard data is also stolen and exfiltrated.
Thanks for reading, and happy REversing!




News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 5 von 6.380 Seiten (Bei Beitrag 140 - 175)
223.279x Beiträge in dieser Kategorie

Auf Seite 4 zurück | Nächste 6 Seite | Letzte Seite

[ 1 ] [ 2 ] [ 3 ] [ 4 ] [5] [ 6 ] [ 7 ] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ]