1. IT-Security >
  2. Cyber Security Nachrichten


ArabicEnglishFrenchGermanGreekItalianJapaneseKoreanPersianPolishPortugueseRussianSpanishTurkishVietnamese

Nachrichten


Suchen

News RSS Quellen: 82x
News Kategorien unterhalb von Nachrichten: 0x
News RSS Feeds dieser Nachrichten Kategorie: RSS Feed IT Security Nachrichten
Benutze Feedly zum Abonieren.Folge uns auf feedly
Download RSS Feed App für Windows 10 Store (Leider gibt es nicht mehr viele Extensions mit welchen Sie RSS-Feeds in einer Software abonieren können. Der Browser Support für RSS-Feeds wurde eingestellt (Firefox,Chrome).

Eigene IT Security Webseite / Blog / Quelle hinzufügen

Seitennavigation

Seite 7 von 6.380 Seiten (Bei Beitrag 210 - 245)
223.279x Beiträge in dieser Kategorie

Auf Seite 6 zurück | Nächste 8 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [7] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ]

Did a Prehistoric Asteroid Breakup Shower Earth With Enough Dust To Change the Climate?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: science.slashdot.org Direktlink direkt öffnen

Applehu Akbar writes: CNN reports this week on a paper describing a hypothesis that the breakup of a large asteroid 466 million years ago generated enough dust in Earth's orbit to substantially change the terrestrial climate for an extended period. This would have triggered an 'Ordovician icehouse' climate event, with major effects on biology. "The 93-mile-wide asteroid was in the asteroid belt located between Mars and Jupiter when it collided with something else and broke apart, creating a wealth of dust that flooded the inner solar system..." CNN reports. "To understand how this process unfolded, the researchers found evidence of space dust locked in 466-million-year-old rocks that were once on the sea floor." The paper argues that to this day, that collision "still delivers almost a third of all meteorites falling on Earth."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Debian May Need To Re-Evaluate Its Interest In 'Init System Diversity'

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: linux.slashdot.org Direktlink direkt öffnen

"Debian Project Leader Sam Hartman has shared his August 2019 notes where he outlines the frustrations and issues that have come up as a result of init system diversity with some developers still aiming to viably support systemd alternatives within Debian," reports Phoronix: Stemming from elogind being blocked from transitioning to testing and the lack of clarity into that, Hartman was pulled in to try to help mediate the matter and get to the bottom of the situation with a lack of cooperation between the elogind and systemd maintainers for Debian as well as the release team. Elogind is used by some distributions as an implementation of systemd's logind, well, outside of systemd as a standalone daemon. Elogind is one of the pieces to the puzzle for trying to maintain a modern, systemd-free Linux distribution. Various issues were raised that are trying to be worked through albeit many Debian developers face time limitations and other factors like emotional exhaustion. Hartman noted in his August notes, "I think we may be approaching a point where we need to poll the project -- to have a GR and ask ourselves how committed we are to the different parts of this init diversity discussion. Reaffirming our support for sysvinit and elogind would be one of the options in any such GR. If that option passed, we'd expect all the maintainers involved to work together or to appoint and empower people who could work on this issue. It would be fine for maintainers not to be involved so long as they did not block progress. And of course we would hold the discussions to the highest standards of respect."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Mehrere Probleme in ImageMagick (Fedora)

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Mehrere Probleme in rubygem-rmagick (Fedora)

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

Amazon looks to expand Alexa's world amid growing privacy concerns

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: cnet.com Direktlink direkt öffnen

The online retailer will hold a product launch Wednesday, with Alexa expected to go into earbuds and maybe even a robot.
News Bewertung

Weiterlesen Weiterlesen

Juicy Potato - A Sugared Version Of RottenPotatoNG, With A Bit Of Juice, I.E. Another Local Privilege Escalation Tool, From A Windows Service Accounts To NT AUTHORITY\SYSTEM

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink direkt öffnen


A sugared version of RottenPotatoNG, with a bit of juice, i.e. another Local Privilege Escalation tool, from a Windows Service Accounts to NT AUTHORITY\SYSTEM

Summary
RottenPotatoNG and its variants leverages the privilege escalation chain based on BITS service having the MiTM listener on 127.0.0.1:6666 and when you have SeImpersonate or SeAssignPrimaryToken privileges. During a Windows build review we found a setup where BITS was intentionally disabled and port 6666 was taken.
We decided to weaponize RottenPotatoNG: Say hello to Juicy Potato.
For the theory, see Rotten Potato - Privilege Escalation from Service Accounts to SYSTEM and follow the chain of links and references.
We discovered that, other than BITS there are a several COM servers we can abuse. They just need to:
  1. be instantiable by the current user, normally a "service user" which has impersonation privileges
  2. implement the IMarshal interface
  3. run as an elevated user (SYSTEM, Administrator, ...)
After some testing we obtained and tested an extensive list of interesting CLSID's on several Windows versions.

Juicy details
JuicyPotato allows you to:
  • Target CLSID
    pick any CLSID you want. Here you can find the list organized by OS.
  • COM Listening port
    define COM listening port you prefer (instead of the marshalled hardcoded 6666)
  • COM Listening IP address
    bind the server on any IP
  • Process creation mode
    depending on the impersonated user's privileges you can choose from:
    • CreateProcessWithToken (needs SeImpersonate)
    • CreateProcessAsUser (needs SeAssignPrimaryToken)
    • both
  • Process to launch
    launch an executable or script if the exploitation succeeds
  • Process Argument
    customize the launched process arguments
  • RPC Server address
    for a stealthy approach you can authenticate to an external RPC server
  • RPC Server port
    useful if you want to authenticate to an external server and firewall is blocking port 135...
  • TEST mode
    mainly for testing purposes, i.e. testing CLSIDs. It creates the DCOM and prints the user of token. See here for testing

Usage
T:\>JuicyPotato.exe
JuicyPotato v0.1

Mandatory args:
-t createprocess call: <t> CreateProcessWithTokenW, <u> CreateProcessAsUser, <*> try both
-p <program>: program to launch
-l <port>: COM server listen port


Optional args:
-m <ip>: COM server listen address (default 127.0.0.1)
-a <argument>: command line argument to pass to program (default NULL)
-k <ip>: RPC server ip address (default 127.0.0.1)
-n <port>: RPC server listen port (default 135)
-c <{clsid}>: CLSID (default BITS:{4991d34b-80a1-4291-83b6-3328366b9097})
-z only test CLSID and print token's user

Example


Final thoughts
If the user has SeImpersonate or SeAssignPrimaryToken privileges then you are SYSTEM.
It's nearly impossible to prevent the abuse of all these COM Servers. You could think to modify the permissions of these objects via DCOMCNFG but good luck, this is gonna be challenging.
The actual solution is to protect sensitive accounts and applications which run under the * SERVICE accounts. Stopping DCOM would certainly inhibit this exploit but could have a serious impact on the underlying OS.

Binaries
An automatic build is available. Binaries can be downloaded from the Artifacts section here.
Also available in BlackArch.

Authors

References



News Bewertung

Weiterlesen Weiterlesen

'Inside Bill's Brain: Decoding Bill Gates' Premieres on Netflix

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: entertainment.slashdot.org Direktlink direkt öffnen

hcs_$reboot shared this report about Inside Bill's Brain: Decoding Bill Gates, a new three-part documentary that debuted Friday on Netflix from Academy Award-winning director Davis Guggenheim: The Microsoft co-founder and billionaire philanthropist is asked what his worst fear is. It's not family tragedy or personal pain. "I don't want my brain to stop working," he responds... A portrait emerges of a visionary who gnaws on his eyeglasses' arms, downs Cokes and is relentlessly optimistic that technology can solve social ills. He is also someone who reads manically -- he'll scrutinize the Minnesota state budget for fun -- and who is a wicked opponent at cards... While the series is largely sympathetic toward its subject, Guggenheim nevertheless presses Gates on everything from the federal antitrust case against Microsoft in the 1990s to his relationship with his mother. In a phone interview, Gates acknowledged that he balanced the camera's intrusion with the chance to tell the world -- and recruit help -- about his efforts to help the planet and the poor... Each episode in the series introduces three huge global issues the Bill & Melinda Gates Foundation has tackled recently -- safe sanitation technology, polio eradication and nuclear power -- and then switches back in time to see how Gates solved other complex issues in his life as a younger man. "The series doesn't do a traditional cradle-to-grave portrait of him. He wasn't interested in that. I wasn't interested in that," said the filmmaker. Instead, he wanted to find out the source of his relentless optimism and his push to do all these great things.... Gates himself said he appreciated Guggenheim serving as a reality check for many of the seemingly intractable public health issues that his foundation has tackled. "I'm not that objective. It was interesting, through Davis' eyes, to have him say, 'Are you sure?' Well, I'm not sure," said Gates. "So I thought that was good. It made me step back." At one point, Gates admits to eating Tang straight out of the jar.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

OneDrive und SwiftKey bekommen nun mit iOS 13 auch den Dark Mode

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Betriebssystem, Apple, iOS, Dark Mode, Apple iOS, iOS 13, Dunkler Modus, Apple iOS 13 Microsoft bietet iPhone-Nutzern ab sofort die Möglichkeit, SwiftKey und OneDrive unter iOS 13 auch im Dark Mode zu nutzen. Die entsprech­en­den Updates werden jetzt verteilt. In den Apps kann die Umschaltung auf den dunklen Modus automatisch genutzt werden. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Custom firewall

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Hello everyone,

I struggle with distractions online, like, really.

I have tried browser extensions but they are easily unplugged, would it be theoretically possible to have someone build and install a custom firewall that blocks out news sites, social media etc and make it virtually uninstallable for a relatively untech savy user like me?

submitted by /u/ed2256
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

Start mit Symbolkraft

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Wie berichtet, werden zu diesem Wintersemester dort erstmals die dualen Studiengänge Wirtschaftsinformatik, It-Security und Embedded Automation ...
News Bewertung

Weiterlesen Weiterlesen

Nur noch heute: Saturn Angebote mit stark reduzierten Schnäppchen

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

shopping, Saturn, Technik, Tech Nick Endspurt bei Saturn: Nur noch heute zeigen sich in den Weekend Deals XXL viele Technik-Schnäppchen stark reduziert. Die Angebote findet man im Online-Shop in Form von Smartphones, Notebooks, Konsolen, Tablets, Spielen, Fernsehern und mehr. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Microsoft: Cyberattacks now the top risk, say businesses | ZDNet

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Microsoft: Cyberattacks now the top risk, say businesses | ZDNet submitted by /u/Cyberthere
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

Rui Pinto: Informant der Football Leaks wird in 147 Fällen beschuldigt

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: golem.de Direktlink direkt öffnen

Dem Nachrichtenmagazin Spiegel hat Rui Pinto Millionen an Dokumenten der Fußballbranche zugespielt. In seiner Heimat Portugal wartet er auf den Prozess. In 147 Fällen soll er beschuldigt werden, darunter auch der Erpressung. (Whistleblower, Rechtsstreitigkeiten)
News Bewertung

Weiterlesen Weiterlesen

Update.py strings.py Version 0.0.4

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: blog.didierstevens.com Direktlink direkt öffnen

This new version of strings.py comes with a new option -T to trim the strings to a given length. And also 2 bug fixes. strings_V0_0_4.zip (https) MD5: 8B1F5A6BEBA2BC8BDFF16B99C27050E4 SHA256: 7BBAAB0E83692288BDC35BC0FBDD6B2F8A141280E506131E2818F49BEF31D01A
News Bewertung

Weiterlesen Weiterlesen

World’s most destructive botnet returns with stolen passwords and email in tow

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

World’s most destructive botnet returns with stolen passwords and email in tow submitted by /u/NISMO1968
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

WordPress XSS Bug Allows Drive-By Code Execution

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

WordPress XSS Bug Allows Drive-By Code Execution submitted by /u/NISMO1968
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

Google Pixel 4: Händler nennt Preise & Namen der Farbvarianten

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Google, Smartphones, Leaks, Android Q, Android 10, Pixel 4, Pixel 4 XL Das Google Pixel 4 soll in drei Wochen in New York angekündigt werden. Nachdem bereits viele technische Spezifikationen durchgesickert sind, hat ein Händler nun auch Preise zu den kommenden Flaggschiff-Modellen veröffentlicht. Insgesamt sind zwölf unterschiedliche Varianten verfügbar. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Antivirus & Firewall: Kostenlose Anti-Hacker-Tools schützen Ihren PC

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: computerwoche.de Direktlink direkt öffnen

Ein öffentliches WLAN oder eine Schwachstelle auf dem System genügen einem findigen Hacker. Mit diesen Gratis-Tools schieben Sie dem Eindringling einen Riegel vor.
News Bewertung

Weiterlesen Weiterlesen

Neuer Versuch: Windows Sets kehren zurück - aber erst im Jahr 2021

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Microsoft, Betriebssystem, Windows, Windows 10, Windows Insider, Insider Preview, Windows 10 Insider Preview, Windows 10 Preview, Windows Insider Preview, Skip Ahead, Sets Im April, kurz vor der Veröffentlichung des Windows 10 Mai Updates, wurde bekannt, dass Microsoft die sogenannte Sets-Funktion streichen wird. Diese befand sich zu dem Zeitpunkt noch in Entwicklung und soll jetzt doch noch fertig gestellt werden. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

Ask Slashdot: How Will 2019 Look To People 20 Years From Now?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: ask.slashdot.org Direktlink direkt öffnen

Here's an interesting thought exercise from Slashdot reader dryriver : What is likely to be so different about living in 2039 that it makes our current present in 2019 feel badly dated in many ways? And can we learn lessons about what we are not doing particularly well today in 2019 -- in the technology field for example -- by imagining ourselves looking back at a long bygone 2019 from 20 years in the future...? Will everything from our current clothing, 4K 2D TVs and film VFX to our computer games, Internet, cars, medical care options and tech gadgets look "terribly dated" to them? Will people in 2039 look at us from their present and think "why couldn't they do X, Y, Z better in 2019?", just as we tend to look 20 years back and wonder "why couldn't they do X, Y, Z better in 1999?" The original submission argues that "If we could understand today how we look 'from 20 years in the future', including the mistakes we are making compared to how things are (possibly) done in 2039, we might get a better understanding of how we should be doing things today." So leave your own thoughts in the comments. How will 2019 look to people 20 years from now?

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Vergiss Wirecard! Diese IT-Wachstumsaktie könnte besser sein

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Das Unternehmen secunet Security Networks ist ein deutscher IT-Dienstleister, der sich auf IT-Sicherheitslösungen spezialisiert hat – besonders für ...
News Bewertung

Weiterlesen Weiterlesen

The Last of Us Part II Release Date Has Just Been Leaked

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: news.softpedia.com Direktlink direkt öffnen

Sony skipped just about every major gaming event this year, as the Japanese company prepares for the next-generation of consoles. However, there's one game, besides Death Stranding, that everyone expects to be able to play before PlayStation 5 hits the shelves: The Last of Us Part II. The sequel to one of the best PlayStation-exclusive was rumored to arrive at the end of this year, but the folks at Naughty Dog had something else in mind. If you're dying to play The Last of Us Part II, you might have to wait until Q1 2020, at least accord to a Swiss retailer. One resetera forum member spotted The Last of Us Part II listing at Swiss retailer Softridge that has the release date set for February 28. Of course, this could be just ...
News Bewertung

Weiterlesen Weiterlesen

Alles Affentheater? Corporate Monkeys in der Chefetage

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: it-daily.net Direktlink direkt öffnen

Frei handeln, frei gestalten, frei entscheiden – wer sich am Arbeitsplatz ohne Einschränkungen entfalten kann, geht in der Regel motiviert ans Werk. Das moderne Unternehmen wartet mit flachen Hierarchien, Selbstorganisation, Flexibilität und Agilität auf. Ziel dieser offenen Kultur bildet in vielen Fällen die Verstärkung der Innovationskraft. 


News Bewertung

Weiterlesen Weiterlesen

GNU's Former Kernel Maintainer Shares 'A Reflection on the Departure of Richard Stallman'

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: news.slashdot.org Direktlink direkt öffnen

Thomas Bushnell, BSG, founded GNU's official kernel project, GNU Hurd, and maintained it from 1990 through 2003. This week on Medium he posted "a reflection on the departure of RMS." There has been some bad reporting, and that's a problem. While I have not waded through the entire email thread Selam G. has posted, my reaction was that RMS did not defend Epstein, and did not say that the victim in this case was acting voluntarily. But it's not the most important problem. It's not remotely close to being the most important problem. This was an own-goal for RMS. He has had plenty of opportunities to learn how to stfu when that's necessary. He's responsible for relying too much on people's careful reading of his note, but even that's not the problem. He thought that Marvin Minsky was being unfairly accused. Minsky was his friend for many many years, and I think he carries a lot of affection and loyalty for his memory. But Minsky is also dead, and there's plenty of time to discuss at leisure whatever questions there may be about his culpability. RMS treated the problem as being "let's make sure we don't criticize Minsky unfairly", when the problem was actually, "how can we come to terms with a history of MIT's institutional neglect of its responsibilities toward women and its apparent complicity with Epstein's crimes". While it is true we should not treat Minsky unfairly, it was not -- and is not -- a pressing concern, and by making it his concern, RMS signaled clearly that it was much more important to him than the question of the institution's patterns of problematic coddling of bad behavior. And, I think, some of those focusing themselves on careful parsing of RMS's words are falling into the same pitfall as he.... Minsky was RMS's protector for a long long time. He created the AI Lab, where I think RMS found the only happy home he ever knew. He kept the rest of the Institute at bay and insulated RMS from attack (as did other faculty that also had befriended RMS). I was around for most of the 90s, and I can confirm the unfortunate reality that RMS's behavior was a concern at the time, and that this protection was itself part of the problem... Bushnell also calls Stallman "a tragic figure. He is one of the most brilliant people I've met, who I have always thought desperately craved friendship and camaraderie, and seems to have less and less of it all the time. This is all his doing; nobody does it to him. But it's still very sad. As far as I can tell, he believes his entire life's work is a failure..." But Bushnell concludes that "It is time for the free software community to leave adolescence and move to adulthood, and this requires leaving childish tantrums, abusive language, and toxic environments behind."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Home Depot and Lowe's Accused of Scanning Millions of Customers Faces

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: yro.slashdot.org Direktlink direkt öffnen

JustAnotherOldGuy tipped us off to this story. The Daily Mail reports: Home Depot and Lowe's are secretly using facial recognition technology to track customer movement in their stores, violating privacy laws in Illinois, plaintiffs in two class action lawsuits say. The plaintiffs, who are Illinois residents, allege the two big box retailers are using the technology without properly notifying customers or seeking their consent, as required by state law... The collection of the biometric data requires written notification, a statement of purpose for the collection of that data and duration for which it will be kept, and written consent from the individuals from which the data is being collected, the lawsuits both state. Neither store, according to both lawsuits, met the benchmarks set in the Illinois law, also know as BIPA and which was enacted in 2008. "Plaintiffs and the class members did not consent to the disclosure or dissemination of their biometric identifiers," say both of the class actions. No evidence is provided for the allegations, although the American Civil Liberties Union confirmed last year that Lowe's was using facial recognition, citing mentions in its 2018 privacy policy. However, IPVM, a camera surveillance industry news site, noted that the privacy policy this year no longer has references to the technology... Walmart also was testing the technology, according to the ACLU, and Madison Square Garden was considering using it. The civil rights organization points out on its website that "stores have a strong financial incentive to collect as much information about their customers as they can get. And we do know that when it comes to this kind of cutting-edge technology, which is taking the human race to places it's never been before, the public has a right to know what stores are doing with it, if anything, so they can vote with their feet if they don't like it."

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Was Cuba's Mysterious Sonic Weapon Just Mosquito Gas?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: science.slashdot.org Direktlink direkt öffnen

Remember concerns about possible "sonic attacks" in Cuba? Long-time Slashdot reader kbahey shares an update: In the wake of the health problems experienced over the past three years by US and Canadian staff in Havana, Cuba embassies, Global Affairs Canada commissioned a clinical study by a team of multidisciplinary researchers. Now, the working hypothesis is that the cause could instead be neurotoxic agents used in pesticide fumigation. The BBC has more coverage on this, saying it may have been merely mosquito gas. "The researchers found that since 2016, Cuba launched an aggressive campaign against mosquitoes to stop the spread of the Zika virus," reports the CBC: The embassies actively sprayed in offices, as well as inside and outside diplomatic residences -- sometimes five times more frequently than usual. Many times, spraying operations were carried out every two weeks, according to embassy records... The researchers are now looking to collaborate with Cuban officials to determine whether any Cubans suffered similar brain injuries...

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Schutz vor Cyberangriffen - warum regelmäßige Updates so wichtig sind

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: google.com Direktlink direkt öffnen

Für Unternehmen ist die IT-Sicherheit deshalb von größter Bedeutung. Im Unternehmensbereich müssen sowohl Geschäftsgeheimnisse sowie ...
News Bewertung

Weiterlesen Weiterlesen

Ubisoft To Send Cease &amp; Desist Requests To DDoS Services Attacking 'Rainbox Six Siege' Players

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: games.slashdot.org Direktlink direkt öffnen

An anonymous reader writes: Ubisoft plans to send cease & desist legal letters to operators of DDoS-for-hire services, also known as DDoS booters or DDoS stressors. The company said it plans on making this step as part of a global action plan to curb DDoS attacks aimed at Rainbox Six Siege multiplayer servers. The French video game company has been under a wave of DDoS attacks ever since last week when it launched the Operation Ember Rise update for the Rainbow Six Siege game. Along with the update, Ubisoft also performed a reset of multiplayer rankings. Following the reset, multiple players are suspected to have started launching DDoS attacks at the company's servers. The cheating players have been using the DDoS attacks to trigger server lag and slow down matches. The goal was to annoy opponents, who in many cases would end up disconnecting and receiving a penalty for leaving the match, allowing the player who launched the DDoS attack to gain rank points undeserved. The DDoS attacks have been widespread as several players got wind of the trick and started renting DDoS firepower from online DDoS for-hire sites.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Pufferüberlauf in kpatch-patch (Red Hat)

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: pro-linux.de Direktlink direkt öffnen


News Bewertung

Weiterlesen Weiterlesen

ScoutSuite - Multi-Cloud Security Auditing Tool

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: feedproxy.google.com Direktlink direkt öffnen


Scout Suite is an open source multi-cloud security-auditing tool, which enables security posture assessment of cloud environments. Using the APIs exposed by cloud providers, Scout Suite gathers configuration data for manual inspection and highlights risk areas. Rather than going through dozens of pages on the web consoles, Scout Suite presents a clear view of the attack surface automatically.
Scout Suite is stable and actively maintained, but a number of features and internals may change. As such, please bear with us as we find time to work on, and improve, the tool. Feel free to report a bug with details (please provide console output using the --debug argument), request a new feature, or send a pull request.
The project team can be contacted at [email protected].

Note:
The latest (and final) version of Scout2 can be found in https://github.com/nccgroup/Scout2/releases and https://pypi.org/project/AWSScout2. Further work is not planned for Scout2. Fixes will be implemented in Scout Suite.

Support
The following cloud providers are currently supported/planned:
  • Amazon Web Services
  • Microsoft Azure (beta)
  • Google Cloud Platform
  • Alibaba Cloud (early alpha)
  • Oracle Cloud Infrastructure (early alpha)

Installation
Refer to the wiki.

Compliance

AWS
Use of Scout Suite does not require AWS users to complete and submit the AWS Vulnerability / Penetration Testing Request Form. Scout Suite only performs API calls to fetch configuration data and identify security gaps, which is not considered security scanning as it does not impact AWS' network and applications.

Azure
Use of Scout Suite does not require Azure users to contact Microsoft to begin testing. The only requirement is that users abide by the Microsoft Cloud Unified Penetration Testing Rules of Engagement.
References:

Google Cloud Platform
Use of Scout Suite does not require GCP users to contact Google to begin testing. The only requirement is that users abide by the Cloud Platform Acceptable Use Policy and the Terms of Service and ensure that tests only affect projects you own (and not other customers' applications).
References:

Usage
The following command will provide the list of available command line options:
$ python scout.py --help
You can also use this to get help on a specific provider:
$ python scout.py PROVIDER --help
For further details, checkout our Wiki pages at https://github.com/nccgroup/ScoutSuite/wiki.
After performing a number of API calls, Scout will create a local HTML report and open it in the default browser.
Also note that the command line will try to infer the argument name if possible when receiving partial switch. For example, this will work and use the selected profile:
$ python scout.py aws --profile PROFILE

Credentials
Assuming you already have your provider's CLI up and running you should have your credentials already set up and be able to run Scout Suite by using one of the following commands. If that is not the case, please consult the wiki page for the provider desired.

Amazon Web Services
$ python scout.py aws

Azure
$ python scout.py azure --cli

Google Cloud Platform
$ python scout.py gcp --user-account
Additional information can be found in the wiki.



News Bewertung

Weiterlesen Weiterlesen

Ex-Google Engineer Says That Robot Weapons May Cause Accidental Mass Killings

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: hardware.slashdot.org Direktlink direkt öffnen

"A former Google engineer who worked on the company's infamous military drone project has sounded a warning against the building of killer robots," reports Business Insider. Long-time Slashdot reader sandbagger quotes their report: Laura Nolan had been working at Google four years when she was recruited to its collaboration with the US Department of Defense, known as Project Maven, in 2017, according to the Guardian. Project Maven was focused on using AI to enhance military drones, building AI systems which would be able to single out enemy targets and distinguish between people and objects. Google canned Project Maven after employee outrage, with thousands of employees signing a petition against the project and about a dozen quitting in protest. Google allowed the contract to lapse in March this year. Nolan herself resigned after she became "increasingly ethically concerned" about the project, she said... Nolan fears that the next step beyond AI-enabled weapons like drones could be fully autonomous AI weapons. "What you are looking at are possible atrocities and unlawful killings even under laws of warfare, especially if hundreds or thousands of these machines are deployed," she said.... Although no country has yet come forward to say it's working on fully autonomous robot weapons, many are building more and more sophisticated AI to integrate into their militaries. The US navy has a self-piloting warship, capable of spending months at sea with no crew, and Israel boasts of having drones capable of identifying and attacking targets autonomously -- although at the moment they require a human middle-man to give the go-ahead. Nolan is urging countries to declare an outright ban on autonomous killing robots, similar to conventions around the use of chemical weapons.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Girlfriend downloaded one of those 'Your phone has 37 viruses' apps. What should she do?

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

As I said, girlfriend downloaded one of those shady virus apps after seeing a pop up on her phone. She downloaded the app, let it scan her system, and called me after. I immediately told her to delete the app and start changing her passwords. What else should she do? Please help or point me to the right subreddit. Thank you.

submitted by /u/5933718
[link] [comments]
News Bewertung

Weiterlesen Weiterlesen

Full Interview: Edward Snowden On Trump, Privacy, And Threats To Democracy | The 11th Hour | MSNBC

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: reddit.com Direktlink direkt öffnen

Full Interview: Edward Snowden On Trump, Privacy, And Threats To Democracy | The 11th Hour | MSNBC submitted by /u/mynameisalex1
[link] [comments]

News Bewertung

Weiterlesen Weiterlesen

Apple iOS 13: Aktualisierung sorgt für Daten-Weltrekord am DE-CIX

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: winfuture.de Direktlink direkt öffnen

Betriebssystem, Apple, Iphone, Logo, Software, iOS 13 Die Freigabe des vor kurzem vorgestellten Apple-Betriebssystems iOS 13 hat für einen neuen Re­kord am weltweit größten Internetknoten gesorgt. Der DE-CIX in Frankfurt konnte mit einer temporären Übertragungsrate von über 7,1 Terabit pro Sekunde einen neuen Höchstwert vermelden. (Weiter lesen)
News Bewertung

Weiterlesen Weiterlesen

In Hong Kong, Protesters and Police Are Now Doxxing Each Other

Zur Kategorie wechselnIT Security Nachrichten vom | Quelle: yro.slashdot.org Direktlink direkt öffnen

As protests continue to rock Hong Kong, social media sites are now being used to share names, photos, phone numbers, ages and occupationa of individuals "on both sides of the protest line," reports the Guardian: Supporters of the Hong Kong government have sought to identify masked protesters at demonstrations, while protesters themselves also appear to have taken part, sharing private information about police officers and their families across Telegram... Hong Kong's privacy commission said it had received 1,376 complaints and 126 enquiries between 14 June and 18 September regarding personal information being leaked online, according to Stephen Kai-yi Wong, privacy commissioner for personal data. While journalists have become a high-profile target, about 40% of cases involve police officers while the rest concern government officials, community leaders, the families of police officers, and other citizens, Wong said.... Craig Choy, a spokesperson for Hong Kong's Progressive Lawyers Group and a specialist in data protection law, said the high volume of cases was unprecedented in Hong Kong... The privacy commission has referred nearly 1,000 cases for criminal investigation and consideration for prosecution. Eight people were arrested in July for doxxing police officers, according to Hong Kong Free Press. Choy said doxxing of police began after officers stopped wearing badge numbers on their uniforms when they attended protests -- leading protesters to attempt to identify officers independently as police tactics and arrests began to escalate.

Read more of this story at Slashdot.


News Bewertung

Weiterlesen Weiterlesen

Seitennavigation

Seite 7 von 6.380 Seiten (Bei Beitrag 210 - 245)
223.279x Beiträge in dieser Kategorie

Auf Seite 6 zurück | Nächste 8 Seite | Letzte Seite

[ 2 ] [ 3 ] [ 4 ] [ 5 ] [ 6 ] [7] [ 8 ] [ 9 ] [ 10 ] [ 11 ] [ 12 ] [ 13 ] [ 14 ] [ 15 ] [ 16 ] [ 17 ]