News aggregator

New DNS Vulnerability Lets Attackers Launch Large-Scale DDoS Attacks

THN - Wed, 20/05/2020 - 08:16
Israeli cybersecurity researchers have disclosed details about a new flaw impacting DNS protocol that can be exploited to launch amplified, large-scale distributed denial-of-service (DDoS) attacks to takedown targeted websites. Called NXNSAttack, the flaw hinges on the DNS delegation mechanism to force DNS resolvers to generate more DNS queries to authoritative servers of attacker's choice,

Ukrainian Police Arrest Hacker Who Tried Selling Billions of Stolen Records

THN - Wed, 20/05/2020 - 07:33
The Ukrainian police have arrested a hacker who made headlines in January last year by posting a massive database containing some 773 million stolen email addresses and 21 million unique plaintext passwords for sale on various underground hacking forums. In an official statement released on Tuesday, the Security Service of Ukraine (SBU) said it identified the hacker behind the pseudonym "Sanix

Apple “MagicPairing” for AirPods – the magic isn’t perfect yet

Sophos - Naked Security - Tue, 19/05/2020 - 13:54
Apple's efforts to overcome the limitations of Bluetooth is a proprietary system called MagicPairing, but there are flaws in the magic.

Brazil's Biggest Cosmetic Brand Natura Exposes Personal Details of Its Users

THN - Tue, 19/05/2020 - 13:18
Brazil's biggest cosmetics company Natura accidentally left hundreds of gigabytes of its customers' personal and payment-related information publicly accessible online that could have been accessed by anyone without authentication. SafetyDetective researcher Anurag Sen last month discovered two unprotected Amazon-hosted servers—with 272GB and 1.3TB in size—belonging to Natura that consisted of

Cash-flashing rapper charged with money laundering for BTC-e

Sophos - Naked Security - Tue, 19/05/2020 - 11:56
The FBI nabbed "Plinofficial" when he arrived at Miami airport carrying $20K cash, allegedly made off of the defunct, fraud-fav exchange.

Firefox to tell you if sites are shortening your passwords

Sophos - Naked Security - Tue, 19/05/2020 - 10:54
Mozilla is fixing a longstanding password problem to alert users when their password exceeds the maximum length allowed.

British Airline EasyJet Suffers Data Breach Exposing 9 Million Customers' Data

THN - Tue, 19/05/2020 - 10:50
British low-cost airline EasyJet today admitted that the company has fallen victim to a cyber-attack, which it labeled "highly sophisticated," exposing email addresses and travel details of around 9 million of its customers. In an official statement released today, EasyJet confirmed that of the 9 million affected users, a small subset of customers, i.e., 2,208 customers, have also had their

New Bluetooth Vulnerability Exposes Billions of Devices to Hackers

THN - Tue, 19/05/2020 - 08:20
Academics from École Polytechnique Fédérale de Lausanne (EPFL) disclosed a security vulnerability in Bluetooth that could potentially allow an attacker to spoof a remotely paired device, exposing over a billion of modern devices to hackers. The attacks, dubbed Bluetooth Impersonation AttackS or BIAS, concerns Bluetooth Classic, which supports Basic Rate (BR) and Enhanced Data Rate (EDR) for

The RATicate gang – implanting malware in an industry near you

Sophos - Naked Security - Mon, 18/05/2020 - 13:35
These days, "What does this malware do?" is the question that has dozens of possible answers... here's how and why.

Senate renews warrantless collection of web histories

Sophos - Naked Security - Mon, 18/05/2020 - 12:20
The government can keep on surveilling your online life without a warrant. An amendment to ban it failed by just one vote.

Shiny new Azure login attracts shiny new phishing attacks

Sophos - Naked Security - Mon, 18/05/2020 - 09:27
Admins working with Microsoft Azure beware: phishers are updating their assets to reflect changes on the company's cloud-based login screen.

Monday review – the hot 17 stories of the week

Sophos - Naked Security - Mon, 18/05/2020 - 06:33
From DHL delivery phishes to the top 10 most exploited bugs - and everything in between. It's weekly roundup time.

S2 Ep 39: Thunderspy, government encryption, and reply all mistakes – Naked Security Podcast

Sophos - Naked Security - Fri, 15/05/2020 - 10:50
Reply all woes, DHS says no to DoH and why turning your computer off is good for security.

How scammers abuse Google Search’s open redirect feature

Sophos - Naked Security - Fri, 15/05/2020 - 10:04
Google Search uses open redirects by design, which is handy if you're a scammer trying to hide an iffy-looking URL.

Top 10 most exploited vulnerabilities list released by FBI, DHS CISA

Sophos - Naked Security - Fri, 15/05/2020 - 07:33
The agencies say it's vital to prioritize patching. Otherwise, we're making it easy for attackers who don't have to work at finding 0 days.

Microsoft joins encrypted DNS club with Windows 10 option

Sophos - Naked Security - Fri, 15/05/2020 - 06:43
Microsoft is the latest browser vendor to join the encrypted DNS club by supporting DNS over HTTPS in Windows 10.

HTTP Status Codes Command This Malware How to Control Hacked Systems

THN - Fri, 15/05/2020 - 06:43
A new version of COMpfun remote access trojan (RAT) has been discovered in the wild that uses HTTP status codes to control compromised systems targeted in a recent campaign against diplomatic entities in Europe. The cyberespionage malware—traced to Turla APT with "medium-to-low level of confidence" based on the history of compromised victims—spread via an initial dropper that masks itself as

PrintDemon – patch this ancient Windows printer bug!

Sophos - Naked Security - Thu, 14/05/2020 - 13:18
Bugs can last a long time... even if you thought you removed them years ago.

Woman stalked by sandwich server via her COVID-19 contact tracing info

Sophos - Naked Security - Thu, 14/05/2020 - 09:52
She wanted a sub, not Facebook, Instagram and SMS come-ons from the guy who served her and intercepted her contact-tracing details.

Effective Business Continuity Plans Require CISOs to Rethink WAN Connectivity

THN - Thu, 14/05/2020 - 08:16
As more businesses leverage remote, mobile, and temporary workforces, the elements of business continuity planning are evolving and requiring that IT professionals look deep into the nuts and bolts of connectivity. CISOs and their team members are facing new challenges each and every day, many of which have been driven by digital transformation, as well as the adoption of other


Subscribe to Shiga Tecnologia aggregator