Evidence has been found suggesting that cybercriminals may be relying on the traffic interception engine from Komodia, integrated in Superfish and other software solutions, for nefarious purposes in the wild. Last week, the browser add-on Superfish that had been pre-loaded on certain Lenovo notebook models intended for consumers sparked debate among security researchers on account of the fact that it added a self-signed certificate to validate HTTPS websites, protected by the same RSA private key on all machines it was installed on.
SelengkapnyaA set of four vulnerabilities have been found to have a critical impact on Symantec Data Center Security: Server Advanced (SDCS:SA), allowing a potential attacker to bypass the client protection policies and gain access at system and database level. The security issues include the possibility of SQL injection, reflected cross-site scripting (XSS), information disclosure, and policy bypasses.
SelengkapnyaThis paper covers the attacks carried out at the first two layers: Physical layer and MAC layer - a sub layer of Data Link layer. At the physical layer, DoS attack is perpetrated by signal jamming also known as intentional interference. There is another form of unintentional interference that is induced by signals from other devices. The two main protocol attacks that are carried out at the MAC layer are masquerading attacks and resource exhaustion attacks. This paper also discusses the solution methods available for mitigating the DoS attacks discussed here.
SelengkapnyaBelow a few statistics on the cybercrime: Total cost of cyber crime between 375 and 575 billion per year (data McAfee) Data theft accounts for 43% of total costs 36% of total costs for damage to the business and loss of competitiveness (Ponemon Institute) In 2013, 550 million identities violated (+ 493% compared to 2012) (Symantec) Up to 3000 billion in estimated losses over the next six years (World Economic Forum)
SelengkapnyaThe European Union Agency for Network and Information Security (ENISA) has published the annual report on the cyber threat landscape “ENISA Threat Landscape 2014.
SelengkapnyaMicrosoft has released their iOS for Outlook today. And it will break your companies security for mobile PIM access in multiple ways! No matter if you’re a Microsoft Exchange or IBM Notes Traveler customer.
SelengkapnyaWhile exploring my recently purchased BlackPhone, I discovered that the messaging application contains a serious memory corruption vulnerability that can be triggered remotely by an attacker. If exploited successfully, this flaw could be used to gain remote arbitrary code execution on the target's handset. The code run by the attacker will have the privileges of the messaging application, which is a standard Android application with some additional privileges.
SelengkapnyaMalware researchers at SentinelOne have spotted a new Zeus variant that was used to target major Canadian banks, including the National Bank of Canada, the Bank of Montreal and the Royal Bank of Canada.
SelengkapnyaA new wave of spam linking to file-encryption malware Critroni aims at tricking unsuspecting recipients into believing that an update for Chrome web browser is due and that it is available at the online location provided in the message.
SelengkapnyaThe operators of the Cutwail spam botnet have changed their tactics and started to send the malicious emails in bursts of just a few minutes, targeting millions of users in one charge.
Selengkapnya