infosec Medialar

Instagram photo 2017-10-23 03:15:30

23 October 03:15:30
Australian government wants to give satire the boot The National Symbols Officer of Australia recently wrote to Juice Media, producers of Rap News and Honest Government Adverts, suggesting that its “use” of Australia’s coat of arms violated various Australian laws. This threat came despite the fact that Juice Media’s videos are clearly satire and no reasonable viewer could mistake them for official publications. It is unfortunate that the Australian government cannot distinguish between impersonation and satire. But it is especially worrying because the government has proposed legislation that would impose jail terms for impersonation of a government agency. https://www.eff.org/deeplinks/2017/10/australian-government-wants-give-satire-boot #infosec
#government #australia #online #security #legal #satire

Instagram photo 2017-10-23 03:14:23

23 October 03:14:23
WPA2 security in trouble as KRACK Belgian boffins tease key re-installation bug A promo for the upcoming ACM security conference has set infosec types all a-Twitter over the apparent cryptographic death of the WPA2 authentication scheme widely used to secure Wi-Fi connections. The authors have everything ready except the details of their disclosure: acceptance at the ACM Conference on Computer and Communications Security (CCS) for their paper Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2, a timeslot, a so-far-empty GitHub repository, and a placeholder Website at krackattacks(dot)com. The disclosure is due some time on the October 16. https://www.theregister.co.uk/AMP/2017/10/16/wpa2_inscure_krackattack/ #infosec
#wpa2 #krack #bug #cybersecurity #ACM #tech #wifi

Instagram photo 2017-10-23 03:14:02

23 October 03:14:02
Scam Alert: Your Trusted Friends Can Hack Your Facebook Account Researchers have detected a new
#Facebook #phishing #scam that can even trick an experienced technical user into falling victim to the scam, helping an attacker gain access to your Facebook #account This latest social media scam is abusing Trusted Contact a Facebook account recovery feature that sends secret access #codes to a few of your close friends in order to help you regain access to your Facebook account in case you forget your #password or lost access to your account. https://amp.thehackernews.com/thn/2017/10/facebook-account-hacking-scam.html #infosec #hacking #security #tech

Instagram photo 2017-10-23 03:13:39

23 October 03:13:39
Flash 0-day in the wild – patch now Six days after
#PatchTuesday-that-wasn’t, #Adobe has released an out-of-band patch for Flash in response to a #zeroday vulnerability that’s being exploited in the wild. This Flash #vulnerability, CVE-2017-11292, could allow remote code execution, and is rated as Critical. It affects Flash both in #browsers and on desktop players, on #Windows, #Mac, #Linux, and #Chrome #OS Adobe notes that this vulnerability is being exploited in the wild, specifically by a criminal group that has previously used other Flash vulnerabilities to carry out their attacks. https://nakedsecurity.sophos.com/2017/10/17/flash-0-day-in-the-wild-patch-now/ #infosec

Instagram photo 2017-10-23 03:13:18

23 October 03:13:18
WordPress Plugins expose sites to increased risk, Report Finds The
#SiteLock #website security report has revealed multiple security trends including security risks associated with #WordPress sites, many of which are at #risk from vulnerable #plugins SiteLock found that 44% of plugins in the WordPress repository have not been updated in over a year. According to the report, websites experience an average of 63 attacks per day. WordPress websites that have 11 to 20 plugins are nearly 2.5 times more likely to be compromised than the average website, according to SiteLock. http://www.eweek.com/security/wordpress-plugins-expose-sites-to-increased-risk-report-finds #infosec #malware #tech #security

Instagram photo 2017-10-23 03:12:58

23 October 03:12:58
Crypto-coin miners caught toiling away in hacked cloud boxes Here s yet another reason to make sure you lock down your clutch of cloud services: cryptocurrency mining. According to a security trends report, developers and organizations are not securing their AWS, Azure and Google Cloud Platform systems, allowing miscreants to hijack them to steal processor cycles for digging up alt-coins. It s believed hackers are able to get into boxes by using their default credentials. http://www.theregister.co.uk/2017/10/17/cryptocoin_miners_turning_up_on_unprotected_cloud_instances/ #infosec
#cryptocurrency #cybersecurity #hacking #mysql #cloud

Instagram photo 2017-10-23 03:12:06

23 October 03:12:06
ATM malware Sold on Underground Markets for $5K! A recently discovered piece of malware targeting automated teller machines (ATM) is being sold on underground markets for $5,000, Kaspersky Lab reports. Dubbed CUTLET MAKER, the malware is being sold as part of a kit that also consists of a password generator & a Stimulator, which is an application that can grab information on the status of cash cassettes in a target
#ATM (such as currency, value, &the amount of notes). The #malware’s functionality suggests that 2 people should be involved in the theft http://www.securityweek.com/atm-malware-sold-underground-markets-5k #darkweb #business #vulnerability #infosec

Instagram photo 2017-10-23 03:10:51

23 October 03:10:51
Data breach exposes millions of South Africans’ personal records! A huge trove of data, containing the personal information of millions of South Africans, including property ownership, employment history, income and company directorships, has been discovered by information security researcher Troy Hunt. Hunt, the founder of HaveIbeenPwned.com, said the breach contains data of more than 30m unique
#SouthAfrica ID numbers. https://www.databreaches.net/data-breach-exposes-millions-of-south-africans-personal-records/ #tips #infosec #business #cybersecurity #hacking

Instagram photo 2017-10-23 03:10:09

23 October 03:10:09
ROCA vulnerability (CVE-2017-15361) allows attackers to recover users Private RSA Keys While security experts are discussing the dreaded KRACK attack against WiFi networks IT giants, including Fujitsu, Google, HP, Lenovo, and Microsoft are warning their customers of a severe flaw in widely used RSA cryptographic library. The vulnerability, dubbed ROCA (Return of Coppersmith’s Attack), could potentially allow a remote attacker to reverse-calculate a private encryption key just by having a target’s public key. http://securityaffairs.co/wordpress/64401/breaking-news/roca-vulnerability-cve-2017-15361.html #infosec #vulnerability
#cve #roca #hacking #encryption #patch #cryptography

Instagram photo 2017-10-23 03:09:25

23 October 03:09:25
US-CERT study predicts machine learning, transport systems to become security risks According to US-CERT survey, transport systems, machine learning and smart robot need better cyber-security risk and threat analysis. The surveys are cumulative, meaning any emerging technologies noted are in addition to those recommended for scrutiny in previous surveys. In other words, previously noted concerns are still live; it s not like phishing and firewall security should be forgotten about just because the latest study focuses on AI and transport stuff. https://www.theregister.co.uk/AMP/2017/10/19/cert_cc_threat_survey/ #infosec
#cert #threat #survey #cybersecurifty #tech #risks #vulnerability