luxnote lapstore servion thinkspot
Seite 1 von 7 123 ... LetzteLetzte
Ergebnis 1 bis 20 von 131

Thema: [Sammelthread] Artikel rund um sicherheitsrelevante Themen und Aspekte

  1. #1
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts

    [Sammelthread] Artikel rund um sicherheitsrelevante Themen und Aspekte

    DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk



    A new deadly security vulnerability has been discovered in OpenSSL that affects more than 11 Million modern websites and e-mail services protected by an ancient, long deprecated transport layer security protocol, Secure Sockets Layer (SSLv2).

    Dubbed DROWN, the highly critical security hole in OpenSSL was disclosed today as a low-cost attack that could decrypt your sensitive, secure HTTPS communications, including passwords and credit card details…

    ...and that too in a matter of hours or in some cases almost immediately, a team of 15 security researchers from various universities and the infosec community warned Tuesday.
    Kompletter Artikel: The Hacker News - DROWN Attack — More than 11 Million OpenSSL HTTPS Websites at Risk

    Geändert von Helios (04.03.2016 um 14:09 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  2. #2
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You
    A ransomware called Cerber has been floating around for about a week, but we were not able to retrieve a sample until today. Thanks to @BiebsMalwareGuy and @MeegulWorth, samples were found and further analysis of the ransomware could be done. When infected, a victim's data files will be encrypted using AES encryption and will be told they need to pay a ransom of 1.24 bitcoins or ~500 USD to get their files back. Unfortunately, at this point there is no known way to decrypt a victim's encrypted files for free.

    At this time we do not currently know how the Cerber ransomware is being distributed, but according to SenseCy, it is being offered as a service on a closed underground Russian forum. This means that it is probably a new Ransomware as a Service, or RaaS, where affiliates can join in order to distribute the ransomware, while the Cerber developers earn a commission from each ransom payment.

    For anyone who is infected with this ransomware or wants to discuss the infection, we have a dedicated support topic here: CERBER Ransomware Support and Help Topic.
    Kompletter Artikel: Bleeping Computer - The Cerber Ransomware not only Encrypts Your Data But Also Speaks to You
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  3. #3
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter

    Subgraph OS — Secure Linux Operating System for Non-Technical Users

    Subgraph OS — Secure Linux Operating System for Non-Technical Users



    Information security and privacy are consistently hot topics after Edward Snowden revelations of NSA's global surveillance that brought the world's attention towards data protection and encryption as never before.

    Moreover, just days after Windows 10's successful launch last summer, we saw various default settings in the Microsoft's newest OS that compromise users' privacy, making a large number of geeks, as well as regular users, migrate to Linux.

    However, the problem is that majority of users are not friendly to the Linux environment. They don't know how to configure their machine with right privacy and security settings, which makes them still open to hacking and surveillance.

    However, this gaping hole can be filled with a Debian-based Security-focused Linux operating system called Subgraph OS: A key solution to your Privacy Fear.

    Offizielle Webseite - SubGraph OS

    Exploring Subgraph OS
    Geändert von Helios (04.03.2016 um 17:33 Uhr) Grund: Aus dem Kurzfragenthread bzw. dem eigenen Thread ausgelagert und hier angehängt. Dafür ist ein Sammelthread schließlich da.
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  4. #4
    Avatar von Pferdle
    Registriert seit
    06.07.2012
    Ort
    Viersen
    Beiträge
    1.640
    Danke
    0
    Thanked 146 Times in 139 Posts
    Du verbreitest selbst, daß TOR eigentlich unsicher ist: http://thinkpad-forum.de/threads/196...n-Tor-Anwender

    Und jetzt Subgraph OS, welches auf TOR aufbaut?
    X200s, SL9600, AFFS, 8RAM, 180SSD, Linux-Mint / X201, i5-520M, 8RAM, 256SSD, Win7 / Helix2, M-5Y71, 8RAM, 240SSD, ProDock, Win8.1 / T530, i5-3320M, 16RAM, 512SSD, Win7
    TS P510, XEON E5-1620, 32RAM, 512+1TB SSD, Quadro M2000, Win7

  5. #5
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Habe ich ebenfalls gesehen. Will jetzt aber nicht heissen, dass der Tor-Browser per se zum Einsatz kommt. Zu lesen ist, dass jedoch das Tor-Netzwerk (.onion) verwendet wird.

    By default policy, Subgraph OS will restrict the communication of applications so that they use the Tor network exclusively, obfuscating the endpoint's physical origin. Applications will be transparently redirected to connect through the Tor network via our Metaproxy application. Metaproxy will intercept outgoing connections and relay them through the correct proxy (SOCKS, HTTP, etc). Proxy configuration is managed within Metaproxy, allowing applications to transparently connect to the Tor network without having to configure each individual application to use a proxy. Exceptions to the "everything through Tor" policy will be made for specific use cases, such as accessing a captive portal on a public wi-fi network.
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  6. #6
    Avatar von Pferdle
    Registriert seit
    06.07.2012
    Ort
    Viersen
    Beiträge
    1.640
    Danke
    0
    Thanked 146 Times in 139 Posts
    In Deinem selbst genannten Artikel ging es nicht um den Browser, sondern exakt genau um das gesamte Tor (onion)-Netzwerk!
    SubGraph OS baut auf diesem Netzwerk auf. Also quasi ein Betriebssystem mit bereits bekannter eingebauter Hintertür direkt zum FBI.
    X200s, SL9600, AFFS, 8RAM, 180SSD, Linux-Mint / X201, i5-520M, 8RAM, 256SSD, Win7 / Helix2, M-5Y71, 8RAM, 240SSD, ProDock, Win8.1 / T530, i5-3320M, 16RAM, 512SSD, Win7
    TS P510, XEON E5-1620, 32RAM, 512+1TB SSD, Quadro M2000, Win7

  7. #7
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Der Artikel zeigt auf, dass auch das Tor-Netzwerk keine Anonymität hegt entgegen vielen Meinungen. Das Problem mit Tor liegt jedoch tiefer. Die NSA markiert jeden Anwender als "auffällig" und speichert diesen in ihren DBs ab. Ebenfalls auch alle Verbindungen. Selbst, wer nur die Tor-Homepage besucht, wird markiert (mittels XKeyScore).

    In Subgraph OS ist standardmässig das Tor-Netzwerk aktiv. Es lässt sich jedoch auch das "normale" Web mit einem in einer Sandbox liegenden Browser nutzen. Ist bereits alles in Subgraph OS integriert.

    - - - Beitrag zusammengeführt - - -

    How to Steal Secret Encryption Keys from Android and iOS SmartPhones



    Unlike desktops, your mobile devices carry all sorts of information from your personal emails to your sensitive financial details. And due to this, the hackers have shifted their interest to the mobile platform.

    Every week new exploits are discovered for iOS and Android platform, most of the times separately, but the recently discovered exploit targets both Android as well as iOS devices.

    A team of security researchers from Tel Aviv University, Technion and The University of Adelaide has devised an attack to steal cryptographic keys used to protect Bitcoin wallets, Apple Pay accounts, and other highly sensitive services from Android and iOS devices.
    Kompletter Artikel: The Hacker News - How to Steal Secret Encryption Keys from Android and iOS SmartPhones



    Geändert von Helios (05.03.2016 um 10:03 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  8. #8
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    KeRanger: The First Apple Ransomware discovered in hacked installer for Transmission

    The scourge of ransomware has finally come to OS X! Researchers at the security firm Palo Alto Networks have announced that version 2.90 of the Transmission bittorrent client for Mac OS X has been adulterated with a new ransomware variant they have named KeRanger. Users on the Transmission forum and a message on the front page of the Transmission website confirm this:

    Apple_Ransomware.png

    According to Palo Alto Networks, the malicious installer was generated on March 4, and once installed, will wait 3 days after infection before encrypting the victim's files. This means that the first victims won't notice they are affected until at least March 7. Once activated, the ransomware connects to a Command & Control server over the TOR network and will then begin to encrypt certain types of files. It will then demand a ransom of 1 bitcoin, or about $400 USD, to receive a decryptor.
    Kompletter Artikel: Bleeping Computer - KeRanger: The First Apple Ransomware discovered in hacked installer for Transmission

    paloalto Networks: New OS X Ransomware KeRanger Infected Transmission BitTorrent Client Installer - Technical Analysis

    The Hacker News: First Mac OS X Ransomware Targets Apple Users

    - - - Beitrag zusammengeführt - - -

    Update (7. März 2016)

    Bleeping Computer - Information about the KeRanger OS X Ransomware and How to Remove It.
    Geändert von Helios (08.03.2016 um 08:53 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  9. #9
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Hier noch etwas zu Linux-Trojanern:

    Computerworld - Russian cyberspy group uses simple yet effective Linux Trojan

    Palo Alto Networks - A Look Into Fysbis: Sofacy’s Linux Backdoor


    Auch existieren bereits Hybrid-Trojaner, welche sowohl Windows- als auch Linuxsysteme infizieren können. Diese erkennen zuerst das vorliegende System und laden danach den Schadcode über deren Malware-Servern nach.
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  10. #10
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    More than a Billion Snapdragon-based Android Phones Vulnerable to Hacking



    More than a Billion of Android devices are at risk of a severe vulnerability in Qualcomm Snapdragon chip that could be exploited by any malicious application to gain root access on the device.

    Security experts at Trend Micro are warning Android users of some severe programming blunders in Qualcomm's kernel-level Snapdragon code that if exploited, can be used by attackers for gaining root access and taking full control of your device.

    Gaining root access on a device is a matter of concern, as it grants attackers access to admin level capabilities, allowing them to turn your device against you to snap your pictures, and snoop on your personal data including accounts’ passwords, emails, messages and photos.

    The company’s own website notes that Qualcomm Snapdragon SoCs (systems on a chip) power more than a Billion smart devices, including many Internet of Things (IoTs) as of today. Thus, the issue puts many people at risk of being attacked.

    Although Google has pushed out updates after Trend Micro privately reported the issues that now prevents attackers from gaining root access with a specially crafted app, users will not be getting updates anytime soon.
    Trend Micro - Android Vulnerabilities Allow For Easy Root Access
    Geändert von Helios (18.03.2016 um 18:30 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  11. #11
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    New Exploit to 'Hack Android Phones Remotely' threatens Millions of Devices



    Attention Android users!

    Millions of Android devices are vulnerable to hackers and intelligence agencies once again – Thanks to a newly disclosed Android Stagefright Exploit.

    Yes, Android Stagefright vulnerability is Back…

    …and this time, the Stagefright exploit allows an attacker to hack Android smartphones in 10 seconds just by tricking users into visiting a hacker's web page that contains a malicious multimedia file.
    Read Full Story: The Hacker News - New Exploit to 'Hack Android Phones Remotely' threatens Millions of Devices

    Geändert von Helios (23.03.2016 um 19:17 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  12. #12
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Who Viewed Your Profile on Instagram? Obviously, Hackers!



    Are you curious about who viewed your profile on Instagram?

    This is probably the most frequently asked question nowadays, and there are several applications available on Google Play Store and Apple App Store, which claims to offer you the opportunity to see who is looking at your Instagram profile.

    But, should we believe them?

    Is there really some kind of way out to know who viewed your Instagram profile?

    The shortest answer to all these questions is 'NO', such functionality does not exist on Instagram at the moment.
    Geändert von Helios (24.03.2016 um 09:56 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  13. #13
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Badlock — Unpatched Windows-Samba Vulnerability Affects All Versions of Windows




    Security researchers have discovered a nasty security vulnerability that is said to affect almost every version of Windows and Samba and will be patched on April 12, 2016, the Samba development team announced Tuesday.

    So, Save the Date if you are a Windows or Samba file server administrator.

    - - - Beitrag zusammengeführt - - -

    Warning! Think Twice Before Using USB Drives




    Security researchers have discovered a new data-stealing Trojan that makes special use of USB devices in order to spread itself and does not leave any trace of activity on the compromised systems.

    Dubbed USB Thief ( or Win32/PSW.Stealer.NAI), the malware has the capability of stealthy attacking against air-gapped or isolated computers, warns ESET security firm.

    The malware author has employed special programs to protect the USB Thief from being reproduced or copied, making it even harder to detect and reverse-engineer.

    USB Thief has been designed for targeted attacks on computer systems that are isolated from the Internet, according to the ESET malware analyst Tomáš Gardoň.
    Read full story: The Hacker News - Warning! Think Twice Before Using USB Drives


    - - - Beitrag zusammengeführt - - -

    Decryptor Released for the Nemucod Trojan's .CRYPTED Ransomware

    Fabian Wosar of Emisoft has released a free decryptor for the Nemucod .CRYPTED or Decrypt.txt ransomware. A decryptor was previously released by one of our users, macomaco, but required Python in order to generate the decryption key. When Fabian analyzed the ransomware, he saw that it utilized a similar encryption scheme as a previous ransomware and was able to release a Windows decryptor.

    This ransomware is distributed via the Nemucod Trojan.Downloader, which is sent via email as a javascript (.JS) attachment. When a user opens this attachment, the javascript will execute and download further malware to the victim's computer. Recently, one of the malware infections that is being downloaded by Nemucod is the .CRYPTED ransomware, which will encrypt your data and then demand ~.4 bitcoins in order to get a decryption key.
    Read full story: BleepingComputer - Decryptor Released for the Nemucod Trojan's .CRYPTED Ransomware
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  14. #14
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Petya Ransomware skips the Files and Encrypts your Hard Drive Instead

    Typically, when a user becomes infected by a crypto-ransomware, the infection targets and encrypts the files on the victim's hard drives. This leaves the operating system working properly, but with the user unable to open the encrypted documents. The Petya Ransomware takes it to the next level by encrypting portions of the hard drive itself that make it so you are unable to access anything on the drive, including Windows. At the time of this writing, the ransom payments are at ~.9 bitcoins and there is no way to decrypt your drive for free.

    This ransomware is currently being distributed via emails that are targeting the human resources departments of German companies. These emails contain dropbox links to supposed applications that download a file that when executed will install the Petya Ransomware on the computer. An example filename for the installer is Bewerbungsmappe-gepackt.exe.

    It is important to note that there is a lot of bad information on the web about how how to fix your computer when it has been encrypted by Petya. Many of these sites state that you can use the FixMBR command or repair your MBR to remove the infection. Though this will indeed remove the lock screen, it will not decrypt your MFT and thus your files and Windows will still be inaccessible. Only repair the MBR if you do not care about any lost data and want to reinstall Windows.
    Read Full Story: BleepingComputer - Petya Ransomware skips the Files and Encrypts your Hard Drive Instead
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  15. #15
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Here's the Exploit to Bypass Apple Security Feature that Fits in a Tweet



    Did you install the latest update OS X 10.11.4?

    If yes, then you might be wondering with a fact that the Apple had delivered an ineffective patch update this time.

    Yes! This news would definitely disappoint many Apple users, as the latest update of OS X El Capitan 10.11.4 and iOS 9.3 still contain a bunch of vulnerabilities that could affect 130 Million Apple customers.

    Just last week, we reported about a critical zero-day vulnerability in Apple's popular System Integrity Protection (SIP) security defenses, affecting all versions of OS X operating system.

    Even after Apple had fixed the critical flaw in the latest round of patches for Macs and iThings, the SIP can still be bypassed in the most recent version of operating system, leaving Apple users vulnerable to flaws that could remotely hijack their machines.
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  16. #16
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw



    A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user's Outlook, Azure and Office accounts.
    Full story: The Hacker News - Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  17. #17
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Hehe... auf zur nächsten Runde !


    Staatstrojaner - Neue Spähsoftware nicht für Smartphones geeignet

    Deutsche Sicherheitsbehörden können zwar wieder einen Staatstrojaner einsetzen, doch die neue Späh-Software reicht für die Bedürfnisse der Ermittler nicht aus, berichtet die Welt am Sonntag. Daher ist noch der Einsatz von ein weiteren Trojaner geplant, der von dem umstrittenen Unternehmen FinFisher entwickelt wird.

    Der Kernproblem der Sicherheitsbehörden ist demnach: Der Trojaner läuft ausschließlich auf Windows-Systemen und ist dort auch nur in der Lage, die VoIP-Gespräche über Skype abzufangen. Für Smartphones ist die Software nicht geeignet. Kommunizieren Verdächtige nun also mit Chat-Programmen wie Telegram, Threema oder WhatsApp, sind diese für die Ermittler nicht zugänglich.
    Kompletter Artikel: ComputerBase.de - Staatstrojaner - Neue Spähsoftware nicht für Smartphones geeignet

    Nachtrag: Wikipedia - FinFisher
    Geändert von Helios (16.04.2016 um 12:28 Uhr)
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  18. #18
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Warning! CCTV Cameras Sold on Amazon Come with Pre-Installed Malware



    Be careful while buying any off-brand electronics from Amazon, as they could end up infecting you.

    Recently, independent security researcher Mike Olsen discovered that the CCTV surveillance devices sold on Amazon came with pre-installed malware.

    Olsen discovered this nasty secret after he bought a set of outdoor CCTV surveillance cameras from Amazon for one of his friends.

    - - - Beitrag zusammengeführt - - -

    WebUSB API — Connect Your USB Devices Securely to the Internet



    Two Google engineers have developed a draft version of an API called WebUSB that would allow you to connect your USB devices to the Web safely and securely, bypassing the need for native drivers.

    WebUSB – developed by Reilly Grant and Ken Rockot – has been introduced to the World Wide Web Consortium's Web Incubator Community Group (W3C WICG), is build to offer a universal platform that could be adopted by browser makers in future versions of their software.
    Full story: The Hacker News - WebUSB API — Connect Your USB Devices Securely to the Internet

    - - - Beitrag zusammengeführt - - -

    Adware uploads Screenshot of your Active Windows without your Permission

    The crap being pushed out by adware purveyors is seriously out of control and this latest one causes a major breach of privacy. While installing some adware bundles today I ran into a particular nasty variant called Faster Internet that uploads quite a bit of information to their servers without the user's permission. To make matters worse, it uploads a screenshot of what is currently being displayed on your computer without alerting the user.

    When Faster Internet is installed it will create a fingerprint consisting of information related to your motherboard, CPU, hard drives, network adapters, and other information about your computer. This information is then uploaded to the developers server. It will then take a screenshot of the active display on your computer at the time of the install and send this screenshot along with your IP address to the a.duofoldmortify.online/buploada.php URL.
    Full story: BleepingComputer - Adware uploads Screenshot of your Active Windows without your Permission

    - - - Beitrag zusammengeführt - - -

    Why Everyone should uninstall QuickTime Now!

    Yesterday US-Cert released a security alert about two new vulnerabilities discovered in QuickTime for Windows. Both of these vulnerabilities are classified as critical as they could allow attackers to remotely execute commands on vulnerable computers. Since Apple has stated that they are no longer supporting QuickTime for Windows and that these vulnerabilities will not be fixed, it is important that everyone uninstall QuickTime from their computer.

    Apple's reaction to these vulnerabilities has been disappointing to say the least. If they are no longer supporting the product and it is known that they contain two critical vulnerabilities, then why are they still offering these vulnerable programs via their Apple Software Update program?
    Full story: BleepingComputer - Why Everyone should uninstall QuickTime Now!
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  19. #19
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Hackers can spy on your calls and track location, using just your phone number

    IN BRIEF

    The famous ‘60 Minutes’ television show shocked some viewers Sunday evening when a team of German hackers demonstrated how they hacked into an iPhone used by U.S. Congressman, then recorded his phone calls and tracked his movement through Los Angeles.

    Hackers leverage a security flaw in SS7 (Signalling System Seven) protocol that allows hackers to track phone locations, listen in on calls and text messages.
    The global telecom network SS7 is still vulnerable to several security flaws that could let hackers and spy agencies listen to personal phone calls and intercept SMSes on a potentially massive scale, despite the most advanced encryption used by cellular networks.

    All one need is the target's phone number to track him/her anywhere on the planet and even eavesdrop on the conversations.

    SS7 or Signalling System Number 7 is a telephony signaling protocol used by more than 800 telecommunication operators around the world to exchange information with one another, cross-carrier billing, enabling roaming, and other features.
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

  20. #20
    Avatar von Helios
    Registriert seit
    23.09.2009
    Ort
    Schweiz
    Beiträge
    12.518
    Danke
    28
    Thanked 267 Times in 252 Posts
    Themenstarter
    Gefahr - iOS- und Mac-Apps stürzen durch manipulierte PNGs ab

    Mit speziell manipulierten PNG-Dateien können Apps unter Apples iOS oder OS X zum Absturz gebracht werden. Das Problem dabei ist, dass der Fehler im Image-I/O-Framework liegt, das von vielen Anwendungen genutzt wird, womit die Anzahl der betroffen Applikation sehr hoch ausfällt.

    Auch iOS 9.3.1 und OS X 10.11.4 betroffen
    Bereits Mitte Dezember des letzten Jahres meldete der Sicherheitsforscher Lander Brandt das Problem Apple. Diese teilten jedoch erst Ende März dieses Jahres mit, dass sich die Entwickler dem Problem angenommen haben. Bis heute besteht der Fehler jedoch weiterhin und betrifft dabei auch die neusten Versionen von iOS und OS X.

    Der Fehler wird ausgelöst, wenn die manipulierte PNG-Datei einen unbekannten Datenblock enthält, der nicht in der von Apple zu Darstellungen verwendeten Bibliothek libpng enthalten ist. Dadurch kommt es zu einem Fehler, der ist je nach Anwendung unterschiedlich schwer auswirkt.
    Kompletter Artikel - ComputerBase.de: Gefahr - iOS- und Mac-Apps stürzen durch manipulierte PNGs ab

    - - - Beitrag zusammengeführt - - -

    Ist ja mal der Hammer!!!

    How Did Hackers Who Stole $81 Million from Bangladesh Bank Go Undetected?



    In Brief

    Investigators from British defense contractor BAE Systems discovered that hackers who stole $81 million from the Bangladesh Central Bank actually hacked into software from SWIFT financial platform, a key part of the global financial system.

    The hackers used a custom-made malware to hide evidence and go undetected by erasing records of illicit transfers with the help of compromised SWIFT system.
    Full story - The Hacker News: How Did Hackers Who Stole $81 Million from Bangladesh Bank Go Undetected?
    ThinkPad W520, Prozessor: Intel i7-2860QM, NVIDIA Quadro 2000M (2GB RAM), 32GB RAM
    LinkedIn: Uwe Ruch --- WOMOBLOG.CH - Tipps rund ums Wohnmobil

Ähnliche Themen

  1. [Sammelthread] Interessante Artikel im Netz
    Von Evilandi666 im Forum Was sonst nicht passt
    Antworten: 527
    Letzter Beitrag: 13.09.2018, 20:33
  2. Ernste und nachdenkliche Themen
    Von tomstein im Forum Was sonst nicht passt
    Antworten: 4
    Letzter Beitrag: 13.07.2014, 21:00
  3. Sammelthread: Informationen rund ums Lenovo IdeaTab A2109A
    Von moronoxyd im Forum Lenovo Tablets
    Antworten: 0
    Letzter Beitrag: 24.12.2012, 12:36
  4. Profil löschen und andere Themen
    Von solid_gold im Forum Was sonst nicht passt
    Antworten: 31
    Letzter Beitrag: 08.07.2012, 17:52

Lesezeichen

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  
CeCon ok1.de ipWeb Campus Shop CaptainNotebook RO Electronic