Security Leftovers
-
London Calling: Two-Factor Authentication Phishing From Iran
This report describes an elaborate phishing campaign against targets in Iran’s diaspora, and at least one Western activist. The ongoing attacks attempt to circumvent the extra protections conferred by two-factor authentication in Gmail, and rely heavily on phone-call based phishing and “real time” login attempts by the attackers. Most of the attacks begin with a phone call from a UK phone number, with attackers speaking in either English or Farsi.
The attacks point to extensive knowledge of the targets’ activities, and share infrastructure and tactics with campaigns previously linked to Iranian threat actors. We have documented a growing number of these attacks, and have received reports that we cannot confirm of targets and victims of highly similar attacks, including in Iran. The report includes extra detail to help potential targets recognize similar attacks. The report closes with some security suggestions, highlighting the importance of two-factor authentication.
-
Ins0mnia: Unlimited Background Time and Covert Execution on Non-Jailbroken iOS Devices
FireEye mobile researchers discovered a security vulnerability that allowed an iOS application to continue to run, for an unlimited amount of time, even if the application was terminated by the user and not visible in the task switcher. This flaw allowed any iOS application to bypass Apple background restrictions. We call this vulnerability Ins0mnia.
-
Why is the smart home insecure? Because almost nobody cares
It's easy to laugh-and-point at Samsung over its latest smart-thing disaster: after all, it should have already learned its lesson from the Smart TV debacle, right?
Except, of course, that wherever you see “Smart Home”, “Internet of Things”, “cloud” and “connected” in the same press release, there's a security debacle coming. It might be Nest, WeMo, security systems, or home gateways – but it's all the same.
-
Critical PayPal XSS vulnerability left accounts open to attack
PayPal has patched a security vulnerability which could have been used by hackers to steal users' login details, as well as to access unencrypted credit card information. A cross site scripting bug was discovered by Egyptian 'vulnerabilities hunter' Ebrahim Hegazy -- ironically on PayPal's Secure Payments subdomain.
-
Important Notice Regarding Public Availability of Stable Patches
Grsecurity has existed for over 14 years now. During this time it has been the premier solution for hardening Linux against security exploits and served as a role model for many mainstream commercial applications elsewhere. All modern OSes took our lead and implemented to varying degrees a number of security defenses we pioneered; some have even been burned into silicon in newer processors. Over the past decade, these defenses (a small portion of those we've created and have yet to release) have single-handedly caused the greatest increase in security for users worldwide.
-
Finland detains Russian accused of U.S. malware crimes
Finland confirmed on Thursday it has detained a Russian citizen, Maxim Senakh, at the request of U.S. federal authorities on computer fraud charges, in a move that Russia calls illegal.
-
Finland confirms arrest of Russian citizen accused of crimes in the US
Finnish authorities have confirmed the detention of Maxim Senakh, a Russian citizen accused of committing malware crimes in the US. The Russian Foreign Ministry has expressed concern and called on Finland to respect international law.
-
More than 80% of healthcare IT leaders say their systems have been compromised
Eighty-one percent of healthcare executives say their organizations have been compromised by at least one malware, botnet or other kind of cyberattack during the past two years, according to a survey by KPMG.
The KPMG report also states that only half of those executives feel that they are adequately prepared to prevent future attacks. The attacks place sensitive patient data at risk of exposure, KPMG said.
The 2015 KPMG Healthcare Cybersecurity Survey polled 223 CIOs, CTOs, chief security officers and chief compliance officers at healthcare providers and health plans.
-
Removal of SSLv3 from LibreSSL
-
Kansas seeks to block release of voting machine paper tapes
The top election official in Kansas has asked a Sedgwick County judge to block the release of voting machine tapes sought by a Wichita mathematician who is researching statistical anomalies favoring Republicans in counts coming from large precincts in the November 2014 general election.
- Login or register to post comments
- Printer-friendly version
- 1387 reads
- PDF version
More in Tux Machines
- Highlights
- Front Page
- Latest Headlines
- Archive
- Recent comments
- All-Time Popular Stories
- Hot Topics
- New Members
digiKam 7.7.0 is releasedAfter three months of active maintenance and another bug triage, the digiKam team is proud to present version 7.7.0 of its open source digital photo manager. See below the list of most important features coming with this release. |
Dilution and Misuse of the "Linux" Brand
|
Samsung, Red Hat to Work on Linux Drivers for Future TechThe metaverse is expected to uproot system design as we know it, and Samsung is one of many hardware vendors re-imagining data center infrastructure in preparation for a parallel 3D world. Samsung is working on new memory technologies that provide faster bandwidth inside hardware for data to travel between CPUs, storage and other computing resources. The company also announced it was partnering with Red Hat to ensure these technologies have Linux compatibility. |
today's howtos
|
Recent comments
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago
1 year 11 weeks ago