Signs of Superfish-like MitM Attacks Discovered in the Wild

  • Rabu, 11 Mar 2015
  • Penulis: Ionut Ilascu, Softpedia

Evidence has been found suggesting that cybercriminals may be relying on the traffic interception engine from Komodia, integrated in Superfish and other software solutions, for nefarious purposes in the wild. Last week, the browser add-on Superfish that had been pre-loaded on certain Lenovo notebook models intended for consumers sparked debate among security researchers on account of the fact that it added a self-signed certificate to validate HTTPS websites, protected by the same RSA private key on all machines it was installed on.

Selengkapnya

Critical Flaws Affect Symantec Data Center Security: Server Advanced

  • Jumat, 13 Feb 2015
  • Penulis: Ionut Ilascu, Softpedia

A set of four vulnerabilities have been found to have a critical impact on Symantec Data Center Security: Server Advanced (SDCS:SA), allowing a potential attacker to bypass the client protection policies and gain access at system and database level. The security issues include the possibility of SQL injection, reflected cross-site scripting (XSS), information disclosure, and policy bypasses.

Selengkapnya

Denial of Service Attacks in Wireless Networks

  • Jumat, 13 Feb 2015
  • Penulis: Mallikarjun Hangargi, Northeastern University

This paper covers the attacks carried out at the first two layers: Physical layer and MAC layer - a sub layer of Data Link layer. At the physical layer, DoS attack is perpetrated by signal jamming also known as intentional interference. There is another form of unintentional interference that is induced by signals from other devices. The two main protocol attacks that are carried out at the MAC layer are masquerading attacks and resource exhaustion attacks. This paper also discusses the solution methods available for mitigating the DoS attacks discussed here.

Selengkapnya

Cybercrime – UNICRI study analyzed risks for the economy and enterprises

  • Jumat, 13 Feb 2015
  • Penulis: Pierluigi Paganini, Security Affairs

Below a few statistics on the cybercrime: Total cost of cyber crime between 375 and 575 billion per year (data McAfee) Data theft accounts for 43% of total costs 36% of total costs for damage to the business and loss of competitiveness (Ponemon Institute) In 2013, 550 million identities violated (+ 493% compared to 2012) (Symantec) Up to 3000 billion in estimated losses over the next six years (World Economic Forum)

Selengkapnya

Reading the ENISA Threat Landscape 2014 report

  • Selasa, 10 Feb 2015
  • Penulis: Pierluigi Paganini, Security Affairs

The European Union Agency for Network and Information Security (ENISA) has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.

Selengkapnya

Warning – Microsofts Outlook app for iOS breaks your company security

  • Selasa, 10 Feb 2015
  • Penulis: René Winkelmeyer's Blog

Microsoft has released their iOS for Outlook today. And it will break your companies security for mobile PIM access in multiple ways! No matter if you’re a Microsoft Exchange or IBM Notes Traveler customer.

Selengkapnya

BlackPwn: BlackPhone SilentText Type Confusion Vulnerability

  • Selasa, 10 Feb 2015
  • Penulis: Mark, Azimuth Blog

While exploring my recently purchased BlackPhone, I discovered that the messaging application contains a serious memory corruption vulnerability that can be triggered remotely by an attacker. If exploited successfully, this flaw could be used to gain remote arbitrary code execution on the target's handset. The code run by the attacker will have the privileges of the messaging application, which is a standard Android application with some additional privileges.

Selengkapnya

News Zeus Shows Significant a Evolution in The Criminal Ecosystem

  • Senin, 09 Feb 2015
  • Penulis: Pierluigi Paganini, Security Affairs

Malware researchers at SentinelOne have spotted a new Zeus variant that was used to target major Canadian banks, including the National Bank of Canada, the Bank of Montreal and the Royal Bank of Canada.

Selengkapnya

File-Encrypting Malware Poses as Google Chrome Update

  • Senin, 09 Feb 2015
  • Penulis: Ionut Ilascu, Softpedia

A new wave of spam linking to file-encryption malware Critroni aims at tricking unsuspecting recipients into believing that an update for Chrome web browser is due and that it is available at the online location provided in the message.

Selengkapnya

Dyre Banking Trojan Delivered to Millions via Blitz Spam Attacks

  • Senin, 09 Feb 2015
  • Penulis: Ionut Ilascu, Sopftpedia

The operators of the Cutwail spam botnet have changed their tactics and started to send the malicious emails in bursts of just a few minutes, targeting millions of users in one charge.

Selengkapnya

Pemantauan Trafik Internet Nasional

Laporan pemantauan trafik internet nasional dengan menampilkan laporan trafik mingguan, trafik bulanan dan trafik tahunan.

Peringatan Ancaman Keamanan & Kerentanan Sistem

Kumpulan arikel tentang peringatan dini ancaman keamanan dan kerentanan sistem.

Berita Keamanan Siber

Kumpulan berita tentang keamanan siber atau IT.

Laporan Hasil Monitoring

Laporan Hasil Monitoring Keamanan Siber Nasional yang dilakukan oleh BSSN meliputi Laporan Bulanan dan Laporan Tahunan.