luxnote lapstore servion thinkspot
Seite 2 von 7 ErsteErste 1234 ... LetzteLetzte
Ergebnis 21 bis 40 von 131

Thema: [Sammelthread] Artikel rund um sicherheitsrelevante Themen und Aspekte

  1. #21
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    PLATINUM Hackers Hijack Windows Hotpatching to Stay Hidden



    In Brief

    The Microsoft’s Windows Defender Advanced Threat Hunting team detected that a cyber espionage group of hackers, known as PLATINUM, has found a way to turn the Windows's Hotpatching technique (a way of updating the operating system without requiring a restart) to hide its malware from Antivirus products.

    PLATINUM group has been active since 2009 and launching large-scale attacks against governmental organizations, intelligence agencies, defense institutes and telecommunication providers in South and Southeast Asia.
    Full story: The Hacker News - PLATINUM Hackers Hijack Windows Hotpatching to Stay Hidden

    - - - Beitrag zusammengeführt - - -

    Former Tor Developer Created Malware for FBI to Unmask Tor Users



    In Brief

    According to an investigation, Matthew Edman, a cyber security expert and former employee of the Tor Project, helped the FBI with Cornhusker a.k.a Torsploit malware that allowed Feds to hack and unmask Tor users in several high-profile cases, including Operation Torpedo and Silk Road.
    Full story: The Hacker News - Former Tor Developer Created Malware for FBI to Unmask Tor Users

    - - - Beitrag zusammengeführt - - -

    U.S. Supreme Court allows the FBI to Hack any Computer in the World



    In Brief

    The US Supreme Court has approved amendments to Rule 41, which now gives judges the authority to issue search warrants, not only for computers located in their jurisdiction but also outside their jurisdiction.

    Under the original Rule 41, let’s say, a New York judge can only authorize the FBI to hack into a suspect's computer in New York.

    But the amended rule would now make it easier for the FBI to hack into any computer or network, literally anywhere in the world.
    Full story: The Hacker News - U.S. Supreme Court allows the FBI to Hack any Computer in the World

    - - - Beitrag zusammengeführt - - -

    Ransomware Virus Shuts Down Electric and Water Utility



    Recently, the American public utility Lansing Board of Water & Light (BWL) has announced that the company has become a victim of Ransomware attack that knocked the utility's internal computer systems offline.

    Also Read: FBI Suggests Ransomware Victims — 'Just Pay the Ransom'.

    The attack took place earlier this week when one of the company’s employees opened a malicious email attachment.
    Full story: The Hacker News - Ransomware Virus Shuts Down Electric and Water Utility
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  2. #22
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Warning — Widely Popular ImageMagick Tool Vulnerable to Remote Code Execution



    A serious zero-day vulnerability has been discovered in ImageMagick, a widely popular software tool used by a large number of websites to process user's photos, which could allow hackers to execute malicious code remotely on servers.

    ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images.

    The ImageMagick tool is supported by many programming languages, including Perl, C++, PHP, Python, Ruby and is being deployed by Millions of websites, blogs, social media platforms, and popular content management systems (CMS) such as WordPress and Drupal.

    Slack security engineer Ryan Huber disclosed a zero-day flaw (CVE-2016–3714) in the ImageMagick image processing library that allows a hacker to execute malicious code on a Web server by uploading maliciously-crafted image.

    - - - Beitrag zusammengeführt - - -

    High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic



    OpenSSL has released a series of patches against six vulnerabilities, including a pair of high-severity flaws that could allow attackers to execute malicious code on a web server as well as decrypt HTTPS traffic.

    OpenSSL is an open-source cryptographic library that is the most widely being used by a significant portion of the Internet services; to cryptographically protect their sensitive Web and e-mail traffic using the Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocol.

    One of the high-severity flaws, CVE-2016-2107, allows a man-in-the-middle attacker to initiate a "Padding Oracle Attack" that can decrypt HTTPS traffic if the connection uses AES-CBC cipher and the server supports AES-NI.
    Full story - The Hacker News: High-Severity OpenSSL Vulnerability allows Hackers to Decrypt HTTPS Traffic

    - - - Beitrag zusammengeführt - - -

    U.S. developing Technology to Identify and Track Hackers Worldwide



    Without adequate analysis and algorithms, mass surveillance is not the answer to fighting terrorism and tracking suspects.

    The aim of Enhanced Attribution program is to track personas continuously and create “algorithms for developing predictive behavioral profiles.

    "The goal of the Enhanced Attribution (EA) program is to develop technologies for generating operationally and tactically relevant information about multiple concurrent independent malicious cyber campaigns, each involving several operators; and the means to share such information with any of a number of interested parties without putting at risk the sources and methods used for collection," reads the project’s official site.

    In other words, the Enhanced Attribution Program will not only help the government characterize the cyber criminal but also share the criminal’s modus operandi with potential victims and predict the attacker’s next target.
    Full story - The Hacker News: U.S. developing Technology to Identify and Track Hackers Worldwide
    Geändert von Helios (05.05.2016 um 22:14 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  3. Grund
    Spam!

  4. Grund
    Spam!

  5. #23
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Wieder mal zu gut fürs Guinness-Buch der Rekorde .


    U.S.A's Nuclear Defense Program is run from Floppy Disks

    Sometimes you read something and you can't quite believe it and then you read it again and get scared. This is what happened when I read through the United States Government Accountability Office's Report to Congressional Requesters about the need to update aging legacy systems.

    This report outlines how some of the critical systems in the US government are running on outdated programming languages, hardware, and that the Strategic Automated Command and Control System (SACCS) still uses floppy disks!!!!!!! This aging equipment and software comes with a hefty price tag as its very costly to maintain. In fact, this report shows that of the $80 billion budget allocated to 26 government agencies, 61 billion, or close 76%, of that budget was used towards operations and maintenance.
    Read full story at BleepingComputer: U.S.A's Nuclear Defense Program is run from Floppy Disks

    Geändert von Helios (31.05.2016 um 18:45 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  6. Grund
    SPAM

  7. #24
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Facebook Ads now Tracks you, Even if you don't have an Account

    There's nowhere to hide across the web, especially from the marketing and advertising companies.

    If you are paranoid about your privacy, you may get upset to know that Facebook will now track and deliver targeted Ads on other apps and websites for everyone, even if you do not have Facebook accounts.

    Until now, Facebook was showing targeted ads only to its users, but now the social networking giant says it needs extra data to make its ads better.
    Full story - The Hacker News: Facebook Ads now Tracks you, Even if you don't have an Account
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  8. #25
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Passwortmanager KeePass 2 potentiell angreifbar

    Der Passwortmanager KeePass 2 ist potentiell gefährdet, weil der Entwickler sich weigert, eine automatische Update-Routine mit HTTPS besser abzusichern. Die Begründung lautet, Werbeeinnahmen würden mit HTTPS sinken. Somit bleibt KeePass 2 gegen Man-in-the-Middle-Angriffe verwundbar.

    Beim ersten Start des Open-Source-Passwortmanagers KeePass 2 wird der Anwender gefragt, ob er der Empfehlung nachkommen und den automatischen Update-Check aktivieren möchte. Wird dies bestätigt, werden bis hin zur aktuellen Version 2.33 unverschlüsselte HTTP-Anfragen verwendet, um auf vorhandene Updates zu prüfen.
    Kompletter Artikel - Computerbase.de: Passwortmanager KeePass 2 potentiell angreifbar

    - - - Beitrag zusammengeführt - - -

    Have you ever suspected that Facebook is listening to your conversations through Microphone?

    Have you ever felt Facebook is showing you very relevant ads about topics you’re only discussing around your phone?

    If yes, then you may find this news worth reading.

    Communications Professor Kelli Burns from the University of South Florida claims that Facebook is listening to all conversations people have while its app is open to serve more relevant ads for products related to what they are talking about.

    However, the social networking giant responds it does listen to audio and collect information from users, but does not record or use sounds heard around people for targeted ads.

    "Facebook does not use microphone audio to inform advertising or News Feed stories in any way," a Facebook spokesperson said. "Businesses are able to serve relevant ads based on people's interests and other demographic information, but not through audio collection."
    Full story - The Hacker News: Have you ever suspected that Facebook is listening to your conversations through Microphone?
    Geändert von Helios (03.06.2016 um 22:55 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  9. #26
    Help-Desk Avatar von Mornsgrans
    Registriert seit
    20.04.2007
    Ort
    Idar-Oberstein
    Beiträge
    62.159
    Danke
    26
    Thanked 1.202 Times in 1.085 Posts
    Blackberry liefert User-Daten an Behörden in aller Welt

    Blackberry entschlüsselt BBM- und PIN-Nachrichten und liefert zahlreiche weitere User-Daten an ausländische Behörden in aller Welt. Der kanadischen Polizei dürfte Blackberry sogar einen Generalschlüssel gegeben haben.
    Quelle
    70. ThinkPad-Forum - Stammtisch - 13.04.19 ab 10:00 Uhr im "Baron", Mainz ------ Meine ThinkPads
    Ich trinke meinen Kaffee wie Chuck Norris: Schwarz und ohne Wasser
    "Der Computer rechnet mit allem - nur nicht mit seinem Besitzer." - Dieter Hildebrandt

  10. #27
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Android Ransomware now targets your Smart TV, Too!



    Do you own a Smartwatch, Smart TV, Smart fridge, or any Internet-connected smart device?

    If your answer is yes, then you need to know the latest interest of the cyber criminals in the field of Internet of Things.

    Ransomware!

    After targeting hospitals, universities, and businesses, Ransomware has started popping up on Smart TV screens.
    The Hacker News - Android Ransomware now targets your Smart TV, Too!
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  11. #28
    Moderator Avatar von gatasa
    Registriert seit
    08.11.2005
    Ort
    nördliches Münsterland
    Beiträge
    6.566
    Danke
    77
    Thanked 255 Times in 209 Posts
    Spass: Asus Eee PC, 560, 760DC, 240, i1200, 2x T20, A31, X31, X41t, X60s, X61, T60, X200 unterwegs: X250 (i5-5300U, 8GB RAM, 240 GB SSD Intel, IPS) zu Hause: T530, Lenovo TAB 2 A7 zur Pflege:T400

  12. #29
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Dozens of Malicious Apps on Play Store can Root & Hack 90% of Android Devices



    It's not at all surprising that the Google Play Store is surrounded by a large number of malicious apps that has the ability to gain users' attention into falling victim for one, but this time, it is even worse than most people realize.

    Researchers at Trend Micro have detected a family of malicious apps, dubbed 'Godless,' that has the capability of secretly rooting almost 90 percent of all Android phones.

    Well, that's slightly terrifying.

    The malicious apps are distributed via different methods and variety of app stores, including Google Play Store, which is usually considered as a safe option for downloading apps.

    - - - Beitrag zusammengeführt - - -

    Researcher spots an ATM Skimmer while on vacation in Vienna



    We have heard a lot about ATM skimmers, but it's nearly impossible to spot one.

    Some skimmers are designed to look exactly like the card slot on the original machine and attached to the front, and others are completely hidden inside the ATM.

    But, during his vacation in Vienna, Austria, cyber security expert Benjamin Tedesco spotted an ATM skimmer that was totally unrecognizable.
    The Hacker News - Researcher spots an ATM Skimmer while on vacation in Vienna
    Geändert von Helios (26.06.2016 um 15:27 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  13. #30
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Zero-Day Warning! Ransomware targets Microsoft Office 365 Users



    If just relying on the security tools of Microsoft Office 365 can protect you from cyber attacks, you are wrong.

    Variants of Cerber Ransomware are now targeting MS Office 365 email users with a massive zero-day attack that has the ability to bypass Office 365's built-in security tools.

    According to a report published by cloud security provider Avanan, the massive zero-day Cerber ransomware attack targeted Microsoft Office 365 users with spam or phishing emails carrying malicious file attachments.

    The Cerber ransomware is invoked via Macros. Yes, it's hard to believe but even in 2016, a single MS Office document could compromise your system by enabling 'Macros'.

    - - - Beitrag zusammengeführt - - -

    IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack



    The Internet of Things (IoTs) or Internet-connected devices are growing at an exponential rate and so are threats to them.

    Due to the insecure implementation, these Internet-connected embedded devices, including Smart TVs, Refrigerators, Microwaves, Set-top boxes, Security Cameras and printers, are routinely being hacked and used as weapons in cyber attacks.

    We have seen how hackers literally turned more than 100,000 Smart TVs and Refrigerator into the cyber weapon to send out millions of malicious spam emails for hacking campaigns; we have also seen how hackers abused printers and set-top-boxes to mine Bitcoins.

    And now…

    Cyber crooks are hacking CCTV cameras to form a massive botnet that can blow large websites off the Internet by launching Distributed Denial-of-service (DDoS) attacks.

    Researchers at Security firm Sucuri came across a botnet of over 25,000 CCTV cameras targeting business around the globe while defending a small jewelry shop against a DDoS attack.
    The Hacker News - IoT Botnet — 25,000 CCTV Cameras Hacked to launch DDoS Attack

    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  14. #31
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Antivirus firm Avast to Buy its rival AVG for $1.3 Billion



    Antivirus company Avast Software is planning to acquire Dutch rival AVG Technologies for $1.3 Billion in cash.

    Avast announced today that it would buy Amsterdam-based AVG Technologies for $25 per share in an all-cash transaction valued at $1.3 Billion in an aim to expand its presence in the emerging markets.

    With more than 230 Million users worldwide, Avast provides free and paid security software packages for both PCs as well as mobile devices to businesses and individuals.
    The Hacker News - Antivirus firm Avast to Buy its rival AVG for $1.3 Billion


    Addendum:

    https://www.computerbase.de/2016-07/antiviren-software-avast-will-avg-fuer-1.3-mrd.-us-dollar-uebernehmen/
    Geändert von Helios (07.07.2016 um 18:57 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  15. #32
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Vorsicht beim Herunterladen von Pokémon GO-APKs auf Android!

    Downloading Pokémon GO Game for Android? Beware! It Could be Malicious...
    Due to the huge interest surrounding Pokémon Go, many gaming and tutorial websites have offered tutorials recommending users to download the APK from a non-Google Play link.

    In order to download the APK, users are required to "side-load" the malicious app by modifying their Android core security settings, allowing their device's OS to install apps from "untrusted sources."

    ...

    Pokémon Go is Installing DroidJack Malware

    Security researchers have warned users that many of these online tutorials are linked to malicious versions of the Pokémon Go app that install a backdoor on Android phones, enabling hackers to compromise a user's device completely.

    Security firm Proofpoint has discovered the malicious app, or APK, that has been infected with DroidJack – a Remote Access Tool (RAT) that can hack any Android device by opening a silent backdoor for hackers.
    The Hacker News - Downloading Pokémon GO Game for Android? Beware! It Could be Malicious...

    - - - Beitrag zusammengeführt - - -

    Uh-Oh! Pokémon GO grants itself 'Full Access' to your Google Account — Fix It NOW



    Pokémon GO – A Huge Security Risk


    Adam Reeve labeled the game "malware," saying that Pokémon GO is a "huge security risk" as the game, for some reason, grants itself "full account access" to your Google account when you sign into the app via Google on iPhone or iPad.

    Yes, you heard that right: Full Account Access.

    Any app, according to Google's own support page, that granted Full account access, can:
    "See and modify nearly all information in your Google Account (but it can't change your password, delete your account, or pay with Google Wallet on your behalf)."
    Full Story - The Hacker News: Uh-Oh! Pokémon GO grants itself 'Full Access' to your Google Account — Fix It NOW
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  16. #33
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Here's How Riffle Anonymity Network Protects Your Privacy better than Tor



    Online privacy is an Internet buzzword nowadays. If you are also concerned about the privacy of your web surfing, the most efficient way is to use TOR – a free software that lets users communicate anonymously by hiding their actual location from snoopers.

    Although TOR is a great anonymous network, it has some limitations that could still allow a motivated hacker to compromise the anonymity of legions of users, including dark web criminals as well as privacy-minded innocents.

    Moreover, TOR (The Onion Network) has likely been targeted by the FBI to arrest criminals, including the alleged Silk Road 2 lieutenant Brian Richard Farrell, who was arrested in January 2014.

    ...

    RIFFLE – A New Anonymity Network


    Researchers from the Massachusetts Institute of Technology (MIT) and the École Polytechnique Fédérale de Lausanne (EPFL) have created a new anonymity network, which they claim fixes some of Tor's weak points.

    Dubbed Riffle, the anonymity network promises to provide better security against situations when hackers introduce rogue servers on the network, a technique to which TOR is vulnerable.

    Riffle maintains users' privacy as long as at least one of its server remains safe.
    Full article: The Hacker News - Here's How Riffle Anonymity Network Protects Your Privacy better than Tor

    MIT News: Riffle - How to stay anonymous online
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  17. #34
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes



    Another blow to the Tor Project: One of the Tor Project's earliest contributors has decided to quit the project and shut down all of the important Tor nodes under his administration.

    Lucky Green was part of the Tor Project before the anonymity network was known as TOR. He probably ran one of the first 5 nodes in the TOR network at its inception and managed special nodes inside the anonymity network.

    However, Green announced last weekend that "it is no longer appropriate" for him to be part of the Tor Project, whether it is financially or by providing computing resources.
    The Hacker News - Core Tor Contributor Leaves Project; Shutting Down Important Tor Nodes

    - - - Beitrag zusammengeführt - - -

    Beware! Your iPhone Can Be Hacked Remotely With Just A Message



    In Brief

    Do you own an iPhone? Mac? Or any Apple device?

    Just one specially-crafted message can expose your personal information, including your authentication credentials stored in your device's memory, to a hacker.

    The vulnerability is quite similar to the Stagefright vulnerabilities, discovered a year ago in Android, that allowed hackers to silently spy on almost a Billion phones with just one specially-crafted text message.
    The Hacker News: Beware! Your iPhone Can Be Hacked Remotely With Just A Message
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  18. #35
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Police Unlock Dead Man's Phone by 3D-Printing his Fingerprint



    Now no more fight with Apple or any smartphone maker, as federal authorities have discovered a new tool for unlocking phones, as far as your phone is using any biometric sensor…


    3D Printing!


    Yes, Police in Michigan is considering 3D printing a dead man’s fingers so they could unlock smartphones in investigation crimes using their biometric sensors.
    The Hacker News - Police Unlock Dead Man's Phone by 3D-Printing his Fingerprint
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  19. #36
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    End of SMS-based 2-Factor Authentication; Yes, It's Insecure!

    SMS-based Two-Factor Authentication (2FA) has been declared insecure and soon it might be a thing of the past.

    Two-Factor Authentication or 2FA adds an extra step of entering a random passcode sent to you via an SMS or call when you log in to your account as an added layer of protection.

    Here's what the relevant paragraph of the latest DAG draft reads:

    "If the out of band verification is to be made using an SMS message on a public mobile telephone network, the verifier SHALL verify that the pre-registered telephone number being used is actually associated with a mobile network and not with a VoIP (or other software-based) service. It then sends the SMS message to the pre-registered telephone number. Changing the pre-registered telephone number SHALL NOT be possible without two-factor authentication at the time of the change. OOB [Out of band verification] using SMS is deprecated, and will no longer be allowed in future releases of this guidance."
    The Hacker News - End of SMS-based 2-Factor Authentication; Yes, It's Insecure!




    KeySniffer Lets Hackers Steal Keystrokes from Wireless Keyboards

    Radio-based wireless keyboards and mice that use a special USB dongle to communicate with your PC can expose all your secrets – your passwords, credit card numbers and everything you type.

    Back in February, researchers from the Internet of things security firm Bastille Networks demonstrated how they could take control of wireless keyboards and mice from several top vendors using so-called MouseJack attacks.

    The latest findings by the same security firm are even worse.

    Researchers have discovered a new hacking technique that can allow hackers to take over your wireless keyboard and secretly record every key you press on it.

    Dubbed KeySniffer, the hack is death for millions of wireless, radio-based keyboards.
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  20. #37
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    Beware! Advertisers Are Tracking You via Phone's Battery Status

    Is my smartphone battery leaking details about me?

    Unfortunately, YES!

    Forget about supercookies, apps, and malware; your smartphone battery status is enough to monitor your online activity, according to a new report.

    In 2015, researchers from Stanford University demonstrated a way to track users' locations – with up to 90 percent accuracy – by measuring the battery usage of the phone over a certain time.

    The latest threat is much worse.
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  21. #38

    Registriert seit
    08.01.2016
    Beiträge
    493
    Danke
    7
    Thanked 14 Times in 13 Posts
    Was Apps nicht alles für Informationen und Berechtigungen brauchen ... verwundert mich immer wieder.

    @Helios
    Ein großes Danke übrigens für diesen Thread hier. Er kostet mich zwar Schlaf, ist aber sehr informativ
    Geändert von deckel (02.08.2016 um 22:06 Uhr) Grund: watt vergessen

  22. #39
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 268 Times in 252 Posts
    Themenstarter
    4 Flaws hit HTTP/2 Protocol that could allow Hackers to Disrupt Servers



    If you think that the HTTP/2 protocol is more secure than the standard HTTP (Hypertext Transfer Protocol), then you might be wrong, as it took researchers just four months to discover four flaws in the HTTP/2 protocol.

    HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as the browsing experience of the online users.

    Now, security researchers from data center security vendor Imperva today at Black Hat conference revealed details on at least four high-profile vulnerabilities in HTTP/2 – a major revision of the HTTP network protocol that the today’s web is based on.

    The vulnerabilities allow attackers to slow web servers by flooding them with innocent looking messages that carry a payload of gigabytes of data, putting the servers into infinite loops and even causing them to crash.

    - - - Beitrag zusammengeführt - - -

    This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards



    Forget about security! It turns out that the Chip-and-PIN cards are just as easy to clone as magnetic stripe cards.

    It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes.

    We have been told that EMV (Europay, MasterCard and Visa) chip-equipped cards provides an extra layer of security which makes these cards more secure and harder to clone than the old magnetic stripe cards.

    But, it turns out to be just a myth.

    A team of security engineers from Rapid7 at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modifications to equipment would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions.

    The demonstration was part of their presentation titled, "Hacking Next-Gen ATMs: From Capture to Washout," [PDF]. The team of researchers was able to show the audience an ATM spitting out hundreds of dollars in cash.
    The Hacker News - This ATM Hack Allows Crooks to Steal Money From Chip-and-Pin Cards

    Geändert von Helios (08.08.2016 um 17:14 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  23. #40

    Registriert seit
    01.12.2011
    Ort
    Hannover
    Beiträge
    5.381
    Danke
    90
    Thanked 394 Times in 308 Posts
    Telegram Accounts gehackt:
    http://www.heise.de/newsticker/meldu...t-3289434.html
    Eine Hackergruppe hat im Iran rund ein Dutzend Konten des verschlüsselnden Messengers Telegram abgehört, wozu vermutlich die Mithilfe eines iranischen Mobilfunkproviders vonnöten war, wie Reuters berichtet. Dabei wurde nicht etwa die Verschlüsselung geknackt, sondern das Konto angegriffen: Die Angreifer haben die Bestätigungs-SMS abgefangen, die Telegram bei der Installation der App ans Smartphone sendet. Damit gelang es den Hackern, weitere Geräte mit dem Konto zu verbinden und somit alle Nachrichten abzuhören und eigene zu schreiben.

    Diese Art von Angriffen ist immer dann möglich, wenn die Hacker mit einem Mobilfunkprovider zusammen arbeiten, etwa die Geheimdienste in totalitären Staaten.
    T500 W520 T500, T480s: i7-8550U, 16GB, 1TB 970 Pro, MX150, PC: Asus Z97-A, i7-5775C@4,1GHz, 16GB 2400, 1TB SSD Homesrv: 32,5/24,5TB brt/net, Supermicro X11SSH-CTF, Xeon E3-1240v6, 32GB, SSD, LTO: 3x LTO (5&6), 125TB, Srv: einige Supermicro PDSML-LN2+, Xeon 3220, 8GB

Ähnliche Themen

  1. [Sammelthread] Interessante Artikel im Netz
    Von Evilandi666 im Forum Was sonst nicht passt
    Antworten: 527
    Letzter Beitrag: 13.09.2018, 20:33
  2. Ernste und nachdenkliche Themen
    Von tomstein im Forum Was sonst nicht passt
    Antworten: 4
    Letzter Beitrag: 13.07.2014, 21:00
  3. Sammelthread: Informationen rund ums Lenovo IdeaTab A2109A
    Von moronoxyd im Forum Lenovo Tablets
    Antworten: 0
    Letzter Beitrag: 24.12.2012, 12:36
  4. Profil löschen und andere Themen
    Von solid_gold im Forum Was sonst nicht passt
    Antworten: 31
    Letzter Beitrag: 08.07.2012, 17:52

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
CeCon ok1.de ipWeb Campus Shop CaptainNotebook RO Electronic