security.didici.cc

NPM update changes critical Linux filesystem permissions, breaks everything

1 day ago

A recent update to the Node Package Manager introduced a bug that caused it to interfere with the operating system, by locking the system itself out of numerous mission-critical files

Bitcoin exchange founder charged with covering up hack

1 day ago

Prosecutors charged Jon Montroll, chief of the belly-up BitFunder, of trying to cover up a hack that gutted it of 6,000 Bitcoins.

Rancher sues Feds for sneaking a spy camera on to his land

1 day ago

Just like that camera and the agents who stuck it in that tree, the federal lawsuit is treading on contentious territory

5 signs you may be talking to a bot

1 day ago

If you're on social media - be it Twitter, Facebook or Instagram - it's worth asking yourself: Can you tell when you're talking to a bot?

Hacker claims spyware maker Retina-X has been breached, again

1 day ago

Retina-X denies that the vigilante hacker got in

ISC StormCast for Friday, February 23rd 2018

2 days ago

Another Intel Spectre Update https://newsroom.intel.co
m/news/latest-intel-secur
ity-news-updated-firmware
-available/npm Patch kills BSD Systems http://blog.npmjs.org/pos
t/171169301000/v571 https://github.com/npm/np
m/issues/19883Counterfeit Code Signing Cer ...

Tesla cryptojacked by currency miners

2 days ago

Tesla's Amazon Web Services (AWS) cloud account was broken into by hackers who suckled at its computer power for cryptocurrency mining

How one guy could have taken over any Tinder account (but didn’t)

2 days ago

The potential outcome of the Tinder security hole - complete account takeover, with a crook logged in as you

Another baby monitor is allowing strangers to spy on children

2 days ago

Researchers say Mi-Cam is easy to hijack: turn it off to keep the kids from being eyeballed by prying eyes or chatted up by strangers.

ISC StormCast for Thursday, February 22nd 2018

3 days ago

Password Spraying for Active Directory Credentials https://isc.sans.edu/foru
ms/diary/Should+We+Call+i
t+Quits+for+Passwords+Or+
Password+Spraying+for+the
+Win/23361/Critical Cisco Vulnerabilities https://tools.cisco.com/s
ecurity/center/publicatio
nListing.xW ...

Risky Biz Soap Box: Bucgrowd CTO Casey Ellis on bounty innovation, PII norms and defensive bounties

3 days ago

This edition of Soap Box is brought to you by Bugcrowd. So the next 40 minutes or so is a conversation between Bugcrowd CTO and founder Casey Ellis and I. As most of you would know, Bugcrowd runs outsourced bug bounty programs for a wide variety of organ ...

Cyber Aware – are passwords past it? (Hint: no.) [VIDEO]

3 days ago

Getting your online password situation right is easier than you think - so here's how to do it!

Is your child a victim of identity theft?

3 days ago

Finding out someone has already established your child's credit for them is a nightmare to try and clean up after years of damage already done.

Flight simulator comes bundled with password stealing stowaway

3 days ago

How far should a company be able to go to protect its products from piracy?

Artificial intelligence reads privacy policies so you don’t have to

3 days ago

Researchers have created a deep learning tool that turns privacy policies into easy-to-read flowcharts

Read the 200,000 Russian Troll tweets Twitter deleted

3 days ago

NBC News asked three sources to retrieve the evidence of foreign election meddling that Twitter deleted

ISC StormCast for Wednesday, February 21st 2018

4 days ago

Statically Unpacking a Brazilian Banker Malware Sample https://isc.sans.edu/foru
ms/diary/Statically+Unpac
king+a+Brazilian+Banker+M
alware/23359/More Crypto Miners https://blog.redlock.io/c
ryptojacking-teslaDifficu
lties Detecting Coldroot RAT Affecting Mac ...

SN 651: Russian Meddling Technology

4 days ago

This week we examine and discuss the appearance of new forms of Meltdown and Spectre attacks, the legal response against Intel, the adoption of new cybersecurity responsibility in New York, some more on Salon and authorized crypto mining, more on software ...

Facebook to verify election ad buyers by snail mail

4 days ago

The plan came a day after a federal indictment describing a Russian conspiracy to interfere in the 2016 election.

Apple fixes that “1 character to crash your Mac and iPhone” bug

4 days ago

Given the ease of copying and pasting the treacherous "crash character" into a message, Apple needed to get a patch out quickly.

Facebook told to stop tracking users that aren’t logged in

4 days ago

If Facebook doesn't stop tracking users across the web, it could face a fine of €250,000 ($315,000) per day, says Belgian court.

It's Five O'Clock Somewhere - Business Security Weekly #74

4 days ago

This week, Michael and Paul interview Joe Kay, Founder & CEO of Enswarm! In the Tracking Security Information segment, IdentityMind Global rasied $10M, DataVisor raised $40M, & Infocyte raised $5.2M! Last but not least, our second feature interview with S ...

ISC StormCast for Tuesday, February 20th 2018

5 days ago

Apple Releases Fix for Unicode Messaging DoS Flaw in All Operating Systems https://support.apple.com
/en-us/HT208534Flight Simulator Mod Company Uses Password Stealer to "Fight Back" https://www.reddit.com/r/
flightsim/comments/7yh4zu
/fslabs_a320_installer_ ...

Google drops new Edge zero-day as Microsoft misses 90-day deadline

5 days ago

Microsoft wasn't able to come up with a patch within Google's non-negotiable "you have 90 days" period, so the flaw is now public.

Carlos Perez (darkoperator) joins the TrustedSec team!

5 days ago

TrustedSec is proud to announce the hiring of Carlos Perez (@Carlos_Perez) to run the Research and Development team. At TrustedSec, we continue to expand our tooling, capabilities, and talent within the organization. With the addition to Carlos coming abo ...

Broadband network plagued by wheezy old cryptomining gadget

5 days ago

The geriatric Bitcoin miner breathed out "spurious emissions" that befogged T Mobile's broadband network in Brooklyn

US and UK condemn Russia for NotPetya

5 days ago

When it comes to pointing the finger for last year’s historically-disruptive NotPetya cyberattack, nobody could accuse the US and UK of dodging the issue.

Hackers sentenced for SQL injections that cost $300 million

5 days ago

It wasn't *only* SQL injection, but it shows how far you can go if a company exposes its soft and fleshy parts to the internet.

Monday review – the hot 19 stories of the week

5 days ago

From the HTTPS countdown and the site forcing you to watch ads or it'll start cryptomining to Facebook's illegal privacy settings, and more!

ISC StormCast for Monday, February 19th 2018

6 days ago

Inspecting Malicious MSI Files https://isc.sans.edu/foru
ms/diary/Malware+Delivere
d+via+Windows+Installer+F
iles/23349/Monero Miner Injected via Jenkins Flaw https://research.checkpoi
nt.com/jenkins-miner-one-
biggest-mining-operations
-ever-discovered/Microso ...

It's Just Beautiful - Application Security Weekly #06

1 week ago

This week, Keith and Paul discuss Data Security and Bug Bounty programs! In the news, Lenovo warns of critical Wifi vulnerability, Russian nuclear scientists arrested for Bitcoin mining plot, remote workers outperforming office workers, and more on this e ...

Telegram IM security flaw – what you see is NOT always what you get

1 week ago

Crooks revived an old visual trick to disguise files that would otherwise look dangerous right away.

Google’s big plans for email will give it even more power

1 week ago

Google's about to make your inbox a much more interesting place

Why Chrome’s ad filter isn’t an adblocker

1 week ago

Optimistic news coverage has described this as the arrival of adblocking in Chrome, it isn't.

Facebook accused of spamming 2FA phone numbers

1 week ago

The social network is messaging users on their 2FA phone numbers and then posting their "PLEASE STOP!!" replies

They Stole My Shoes - Paul's Security Weekly #548

1 week ago

This week, Steve Tcherchian, CISO and Director of Product Management of XYPRO Technology joins us for an interview! In our second feature interview, Paul speaks with Michael Bazzell, OSINT & Privacy Consultant! In the news, we have updates from Google, Bi ...

ISC StormCast for Friday, February 16th 2018

1 week ago

Skype Update Vulnerability Fixed in October https://answers.microsoft
.com/en-us/skype/forum/sk
ype_newsms/update-on-inst
aller-for-skype-for-windo
ws-desktop/242f1415-1399-
42e1-a6a2-cd535c8b7ff8?tm
=1518635969608&auth=1
iOS Indian Character DoS http://www.open ...

Joke dating site matches people based on their passwords

1 week ago

Hey baby, nice little "abc123" ya got there.

Coinming frenzy is making it hard for us to find aliens

1 week ago

As cryptocurrency values have soared, so too has the cost of the hardware needed to mine them - if you can even buy the GPUs, given the shortages.

Happy Valentine's Day - Enterprise Security Weekly #80

1 week ago

This week, Paul and John are accompanied by Guy Franco, Security Consultant for Javelin Networks, who will deliver a Technical Segment on Domain Persistence! In the news, we have updates from ServerSide, Palo Alto, NopSec, Microsoft, and more on this epis ...

ISC StormCast for Thursday, February 15th 2018

1 week ago

Meltdown Prime and SpectrePrime: More CPU Exploits Coming https://arxiv.org/abs/180
2.03802Winter Olympics Attack Launched via IT Provider https://www.cyberscoop.co
m/atos-olympics-hack-olym
pic-destroyer-malware-pey
ongchang/OpenSSL Releases TLS 1.3 Alpha a ...

Risky Business #487 -- Guest Katie Moussouris on her recent Senate Subcommittee testimony

1 week ago

On this week’s show we’re going to chat with Katie Moussouris about her testimony before a Senate Subcommittee last week. She fronted a session on Consumer Protection, Product Safety, Insurance, and Data Security titled, “Data Security and Bug Bount ...

Hide Yo Servers, Hide Yo Data . . .

1 week ago

Companies spend millions of dollars to protect their data in the forms of firewalls, antiviruses, spam filters, web content filters, multi-factor authentication, and so on. But what about physical security? Most companies will have a badge system to gran ...

Watch our ads or we’ll use your CPU for cryptomining

1 week ago

The Salon news site are offering users a novel choice: turn off your adblocker or let it use your browser to mine cryptocurrency

When crooks mine cryptocoins, but you pay [Naked Security Podcast 1]

1 week ago

Many of you asked – and waited very patiently, we must admit – for a Naked Security podcast. Wait no more, because Episode One is here! In the Naked Security Podcast, we’ll be taking recent security news stories and turning them into advice – inst ...

Bitcoin mining to zap more energy than households in Iceland this year

1 week ago

As far as Bitcoin miners are concerned, Iceland is starting to look like the best place in the world to run a business.

New AI technology used by UK government to fight extremist content

1 week ago

And it won't rule out forcing big companies like Google and Facebook to use it.

Cryptocurrency startup LoopX exit scams with $4.5M in ICO

1 week ago

It was one flaky pastry: "great profits continuously every month," zero details on its "Loop Algorithm," and nary a single detail on its team.

ISC StormCast for Wednesday, February 14th 2018

1 week ago

Microsoft Patch Tuesday https://isc.sans.edu/foru
ms/diary/February+2018+Mi
crosoft+and+Adobe+Patch+T
uesday/23341/Skype Update Privilege Escalation Vulnerability http://seclists.org/fulld
isclosure/2018/Feb/33Tele
gram Vulnerability Exploited to Spread Crypt ...

SN 650: CryptoCurrency Antics

1 week ago

This week we discuss today's preempted 2nd Tuesday of the month, slow progress on the Intel Spectre firmware update front, a worse-than-originally-tho
ught Cisco firewall appliance vulnerability, the unsuspected threat of hovering hacking drones, hacking a ...

Would you allow Facebook into your home?

1 week ago

If you believe some of the more speculative stories on the internet right now, this question won't be hypothetical for long.

Did the NSA really use Twitter to send coded messages to a Russian?

1 week ago

A sequence of 12 NSA tweets are claimed to be a coded back-channel used to communicate with a Russian negotiating to sell cyberweapons.

Facebook’s privacy settings are illegal, says court

1 week ago

Forcing real name use is illegal, as are default settings such as making profiles available to search engines so anybody can bump into them.

Beware the ‘celebrities’ offering you free cryptocoins on Twitter

1 week ago

Who CAN you trust if you can't trust @DoonaldTrump65, promising Ethereum to all comers like he's a cryptocurrency version of Oprah Winfrey?

This Is An Emergency - Business Security Weekly #73

1 week ago

This week, Michael and Paul interview Dawn-Marie Hutchinson, Executive Director of Optiv Offline! In the Article Discussion, security concern pushing IT to channel services, what drives sales growth and repeat business, and in the news, we have updates fr ...

ISC StormCast for Tuesday, February 13th 2018

1 week ago

Malspam using Valentines DAy and IRS to Lure Users https://securityintellige
nce.com/necurs-spammers-g
o-all-in-to-find-a-valent
ines-day-victim/ https://myonlinesecurity.
co.uk/please-note-irs-urg
ent-message-164-malspam-d
elivers-rapid-ransomware/
Resurrecting ...

Episode 203 - Evaluating Your Security Program: Threat Mapping

1 week ago

Show Notes   Episode 203 - Evaluating Your Security Program: Threat Mapping   Why Evaluate Your Program Part of annual policy review If you don’t evaluate you will never improve Continual review will help protect your budget Awareness and Education i ...

Jim Carrey Hacked My Facebook - Application Security Weekly #05

1 week ago

This week, Keith and Paul continue to discuss OWASP Application Security Verification Standard! In the news, Cisco investigation reveals ASA vulnerability is worse than originally thought, Google Chrome HTTPS certificate apocalypse, Intel made smart glass ...

How to Choose a PCI QSA

1 week ago

As of writing this article, there are currently 378 PCI QSA Companies worldwide that are certified by the PCI Council. That is quite a selection to narrow your choices. So what do you look for in good qualities to partner with? What attributes do you form ...

Ep. 102 - Penning the Future with JJ Green

1 week ago

JJ Green just wants to share the story. With over 25 years of journalistic travel into 51 countries he has witnessed conflicts, disasters and political struggles that have shaped our world today.  On this podcast we discuss: Do you really like Bruce Horn ...

Google-Nest merger reawakens privacy worries

1 week ago

One observer said it "would be naive" to expect that a combined Google/Nest wouldn't bring all the platforms and all the data together.

You have five months to switch your website to HTTPS

1 week ago

Starting in July, Google Chrome will mark all HTTP sites as ‘not secure’.

Facebook is not testing a dislike button, except for the one it’s testing

1 week ago

Nope, there's no upside-down thumb coming our way. Rather, It's a Reddit-esque downvote option, and it's a limited test.

Monday review – the hot 25 stories of the week

1 week ago

Cryptomining on government websites, Wordpress DoS attacks, and a huge Facebook hoax - catch up with everything you missed in the last seven days.

ISC StormCast for Monday, February 12th 2018

1 week ago

Signed Dridex Malware and Identifying Signed Word Macros https://isc.sans.edu/foru
ms/diary/An+autograph+fro
m+the+Dridex+gang/23331/ https://isc.sans.edu/foru
ms/diary/Finding+VBA+sign
atures+in+Word+documents/
23333/Browsealoud Plugin Used to Compromise High ...

Cryptomining script poisons government websites – What to do

1 week ago

Reports surfaced over the the weekend of many government websites that were "infected with malware". Here's what we know, and what to do.

Winter Olympics network outages blamed on unexplained cyberhack

1 week ago

The 2018 Winter Games seem to have gone ahead smoothly despite an apparent hacking attack during the opening ceremony.

Have federal nuclear supercomputer? GO CRYPTOMINING!

2 weeks ago

News of arrests at a Russian nuclear physics lab for "unauthorised cryptomining" reminded us of [email protected] in the 1990s...

Chinese police get facial recognition glasses

2 weeks ago

The eyeglass-mounted camera is equipped with facial-recognition technology capable of “highly effective screening” of crowds

Robot’s revenge – the CAPTCHA that stops humans

2 weeks ago

"You are a human. You are not invited."

Walk The Plank - Paul's Security Weekly #547

2 weeks ago

This week, Zane Lackey of Signal Sciences joins us for an interview! Our very own Larry Pesce delivers the Technical Segment on an intro to the ESP8266 SoC! In the news, we have updates from Bitcoin, NSA, Facebook, and more on this episode of Paul's Secur ...

ISC StormCast for Friday, February 9th 2018

2 weeks ago

Exploiting Blind SQL Injection and Division by Zero Exceptions https://isc.sans.edu/foru
ms/diary/SQL+injection+an
d+division+by+zero+except
ions/23325/Netgear Router Flaws https://www.trustwave.com
/Resources/SpiderLabs-Blo
g/Multiple-Vulnerabilitie
s-in-NETGE ...

WordPress denial-of-service attacks – how real is the problem? [VIDEO]

2 weeks ago

Reports suggest that "29% of all websites are easy to DoS" thanks to what's being called a WordPress security flaw - here are the facts.

iOS ‘iBoot’ source code posted online, Apple issues DMCA takedown notice

2 weeks ago

The source code for Apple's iOS 'iBoot' secure bootloader has been leaked to GitHub.

Uber data breach aided by multi-factor authentication weakness

2 weeks ago

How to bolt a stable door when the horse is already miles down the road...

Deepfake porn videos banned by Reddit, Twitter, Pornhub

2 weeks ago

The AI-created deepfakes have been kicked off their original home and other big sites

Facebook HOAX! New algorithm will NOT only show you 26 friends

2 weeks ago

"Guess what, friends.... Facebook's algorithm now chooses your 26 FB friends." No, no it doesn't.

Heinous Noises - Enterprise Security Weekly #79

2 weeks ago

This week, Paul is joined by Doug White, host of Secure Digital Life, to interview InfoSecWorld 2018 Speaker Summer Fowler! In the news, we have updates from Cisco, SANS, Scarab, and more on this episode of Enterprise Security Weekly!   Full Show Notes: ...

ISC StormCast for Thursday, February 8th 2018

2 weeks ago

PinMe: Tracking a Smarthphone User around the World https://arxiv.org/pdf/180
2.01468.pdfNameCheap Vulnerability Allows Unauthorized Subdomain Creation; https://www.kirkville.com
/namecheap-name-server-vu
lnerability-allows-unauth
orized-users-to-create-su
b-d ...

WordPress users – do an update now, and do it by hand!

2 weeks ago

The automatic update to WordPress 4.9.3 broke automatic updating, so the emergency update to 4.9.4 means you need to click a button.

It’s February 2018: What you need to know about the new PCI controls

2 weeks ago

It is finally here: the forward-dated controls that have been in existence since the release of version 3.2 of the PCI Data Security Standard, from April 2016. Hopefully, by now, you have had a chance to review them, but if you haven’t we are going to t ...

New PCI Controls and What You Should Know

2 weeks ago

It is finally here: the forward-dated controls that have been in existence since the release of version 3.2 of the PCI Data Security Standard, from April 2016. Hopefully, by now, you have had a chance to review them, but if you haven’t we are going to t ...

How to Select a QSA

2 weeks ago

As of writing this article, there are currently 378 PCI QSA Companies worldwide that are certified by the PCI Council. That is quite a selection to narrow your choices. So what do you look for in good qualities to partner with? What attributes do you form ...

HackNYC 2018: Preview with Kevin E. Greene

2 weeks ago

Prior to his work as Principal Software Assurance Engineer at MITRE, Kevin E. Greene was R&D Program Manager for the Department of Homeland Security. He is currently on the organizing committee for HackNYC, helping to organize talks and sessions around pr ...

Reddit users, beware its evil twin

2 weeks ago

Unbeknownst to Reddit users, the site recently acquired an unwanted, evil twin

YouTube Kids hasn’t cleaned up its act

2 weeks ago

YouTube is apologizing, again, uttering the tried-and-true "we have to do better."

Alleged Kelihos botmaster and spam king extradited to US

2 weeks ago

Arrested last April in Barcelona, Russian programmer Peter Yuryevich Levashov allegedly ran a botnet of up to 90,000 enslaved computers.

ISC StormCast for Wednesday, February 7th 2018

2 weeks ago

Loki Bot Malspam Variations https://isc.sans.edu/foru
ms/diary/3+examples+of+ma
lspam+pushing+LokiBot+mal
ware/23317/Adobe Releases Out-of-Band Patch https://helpx.adobe.com/s
ecurity/products/flash-pl
ayer/apsb18-03.htmlGramma
rly Fixes Patch in Google Chrome ...

SN 649: Meltdown & Spectre Emerge

2 weeks ago

This week we observe that the Net Neutrality battle is actually FAR from lost, ComputerWorld's Woody Leonard enumerates a crazy January of updates, "EternalBlue" is turning out to be far more eternal than we'd wish, will Flash EVER die? A new 0-day Flash ...

Risky Business #486 -- Locking down AWS permissions with RepoKid

2 weeks ago

On this week’s show we’re chatting with Travis McPeak at Netflix about a took they’ve developed called RepoKid. It automatically strips unused AWS permissions, which I’m guessing a lot of you will find quite useful. We’ll also chat with Dan Kuy ...

Safer Internet Day 2018 [VIDEO]

2 weeks ago

Here's how we think we can all make a difference, not just for today and tomorrow but for our children's internet tomorrows, too.

Uber and Waymo clash in court over driverless technology

2 weeks ago

Day one in court saw evidence that former Uber CEO Kalanick desperately wanted self-driving car technology. And a "pound of flesh."

Firefox 59’s privacy mode plugs leaky referrers

2 weeks ago

The Firefox browser’s Private Browsing Mode won't tell websites where visitors have come from.

Early Google, Facebook employees band together to tame tech addiction

2 weeks ago

One coalition member notes that with smartphones, for example, “they’ve got you for every waking moment".

Keeping kids safe online – trying to practice what I preach

2 weeks ago

My approach to keeping my kid safe online is easy right now because she's a baby and it's all fully under my control. My main concern is her future privacy, and I know it only gets harder from here.

50% off Sophos Home Premium, because you’re not just IT at work

2 weeks ago

Your kids need just as much cyber-armor on their machine as your CEO does... so why not make business-grade security available at home?

Safer Internet Day: 3 things your social networks can do for you

2 weeks ago

It's Safer Internet Day 2018, and there are things you can do for your social networks...and things they can do for you.

Safer Internet Day: 3 things you can do for your social networks

2 weeks ago

It's Safer Internet Day 2018, and there are things your social networks should be doing... and things you can do for them.

Put Your Dockers On - Business Security Weekly #72

2 weeks ago

This week, Michael and Paul interview Vik Desai, Managing Director at Accenture! Matt Alderman and Asif Awan of Layered Insight join Michael and Paul for another interview! In the news, we have updates from BehavioSec, RELX, DISCO, Logikcull, and more on ...

ISC StormCast for Tuesday, February 6th 2018

2 weeks ago

https://tools.cisco.com/s
ecurity/center/content/Ci
scoSecurityAdvisory/cisco
-sa-20180129-asa1https://
www.nccgroup.trust/global
assets/newsroom/uk/events
/2018/02/reconbrx2018-rob
in-hood-vs-cisco-asa.pdfh
ttps://pastebin.com/YrBcG
2LnTLS Extension Covert Channe ...