Public cloud use surges among DDoS attackers, research shows
According to data accrued by DDoS mitigation software supplier, Link11, during the 12 months to June 2018, a quarter of attacks (25%) in Europe were run off public cloud servers, equating to a 35% rise...
View ArticleClik here to view.
深度解析勒索病毒GlobeImposter3.0变种
背景 GlobeImposter勒索病毒家族从2017年出现,持续活跃到现在,先后出现过V1.0和V2.0两个版本。最近该勒索病毒又更新了,虽然其整体代码框架变化不大,只做了些局部修改,我们也勉强将其称为V3.0版本。该版本仍然采用RSA和AES两种加密算法的结合,病毒本身也未添加横向传播渗透的能力。...
View ArticleClik here to view.
漏洞事件持续发酵 区块链安全风险引关注
今年四月,一行代码凭空蒸发64亿人民币,黑客通过 区块链 代码的漏洞,将相关 区块链 产品的市值全部化整为零。 区块链 技术代码中的漏洞被相继发现后,近年来被过度消费的 区块链 技术,更是大失民心。 区块链 技术拥有不可篡改、可信任、可追溯等特性,就拿文章开头的事件来说,对于储存在 区块链 中的信息, 区块链...
View ArticleClik here to view.
深入解析CVE-2018-5002漏洞利用技术
前言 2018年6月1号,360高级威胁应对团队捕获到一个在野 flash 0day 。上周,国外分析团队Unit 42公布了关于该次行动的 进一步细节 。随后,卡巴斯基在 twitter 指出此次攻击背后的APT团伙是FruityArmor APT。 在这篇博客中,我们将披露该漏洞利用的进一步细节。 漏洞利用...
View ArticleClik here to view.
赵赫:区块链现在是黑客的提款机,很容易变现 | ISC2018
雷锋网 (公众号:雷锋网) 编者按:经常主打安全概念的区块链到底是不是安全的?作为多年研究区块链的专家,如何看待频出的安全事件?这背后的原因有哪些? 在...
View ArticleTCP(GRPC)/HTTPS中TLS单向和双向认证
目前,浏览器中开启HTTPS是比较简单的事情。首先我们需要一个域名,然后找一家可信CA机构申请证书并将证书安装到服务器(例如:RapidSSL、Trustwave SSL、Let’s Encrypt等)。但对TCP协议的服务使用self-signed证书我们应该如何完成? 证书的分类 验证方式 DV SSL证书(域名验证) OV SSL证书(企业验证) EV SSL证书(企业增强/扩展验证)...
View ArticleClik here to view.
卡巴斯基:二季度初始代币发行网络钓鱼非法收入高达230万美元
金色财经 比特币8月20日讯根据知名杀毒软件巨头卡巴斯基发布的一项研究结果显示,今年二季度,网络犯罪分子利用初始代币发行(ICO)网络钓鱼获得的非法收入高达230万美元。 最近,卡巴斯基发布了最新的2018年二季度《垃圾邮件和网络钓鱼报告》(Spam and Phishing in Q2...
View ArticleClik here to view.
Tesla’s Keys Hacked and Cloned: Who Else is Affected?
Add to favorites Cutting edge vehicles’ key fob transponders using ciphers broken since 2005… A team of cryptography and cybersecurity experts from a Belgian university say they have found a way to...
View ArticleClik here to view.
Microsoft publishes Security Servicing Criteria for Windows, revealing how it...
Microsoft has published documentation that reveals how is classifies the severity of vulnerabilities in windows , as well as detailing how it decides whether problems should be addressed with a...
View ArticleClik here to view.
The Effectiveness of Publicly Shaming Bad Security
Here's how it normally plays out: It all begins when a company pops up online and makes some sort of ludicrous statement related to their security posture, often as part of a discussion on a public...
View ArticleClik here to view.
UIDAI Aadhaar software hacked using a patch which disabled critical security:...
The Unique Identification Authority of India (UIDAI) will have some more questions to answer, now that yet another security flaw has been discovered. According to an investigation by HuffPost India ,...
View ArticleClik here to view.
Security: Tor 0-day revealed on Twitter by vulnerability vendor
It's just two weeks since a windows 0-day was revealed on Twitter , and now the same thing has happened for the Tor browser. Zerodium -- self-described as "the premium exploit acquisition program" --...
View ArticleClik here to view.
Honeywell Home Smart Home Security Starter Kit review: Is this super-simple...
Honeywell has a long history of supplying OEM sensors, control panels, and other nuts-and-bolts parts for home security systems. More recently, it’s gained traction with some pretty good smart...
View ArticlePortal flaw leads to some NDIS users losing money
A vulnerability in the service portal for the National Disability Insurance Scheme has allowed a number of providers to obtain personally identifiable information of users and steal money. A report in...
View ArticleBritish Airways hack: Infosec experts finger third party scripts on payment...
Security experts are debating the cause of the British Airways mega-breach, with external scripts on its payment systems emerging as a prime suspect in the hack. Why infosec folk think it was the...
View ArticleMedical Device Insecurity: Diagnosis Clear, Treatment Hazy
An increasing number of healthcare professionals have become alert to the need for well-rounded medical device security in recent years, and players throughout the industry have started putting more...
View ArticleClik here to view.
Congress claims Aadhaar enrolment software hack jeopardised sanctity of UIDAI
Amid reports of analleged breach of the Aadhaar database, the Congress on 11 September said that the sanctity of the unique identification system was jeopardised. The party's remarks came after an...
View ArticleHigher education sector's poor response to cyber threats laid bare in...
The higher education sector has one of the worst track records for dealing with potential cyber threats, according to EfficientIP’s 2018 Global DNS threat report . The research details how 73% of...
View ArticleClik here to view.
What You Need to Know About the TLS 1.3 Protocol and wolfSSL’s SSL/TLS...
Security protocols, like communication protocols, are currently in competition to set industry-wide standards. What is the TLS 1.3 protocol? How does this security protocol differ from SSL? wolfSSL, a...
View ArticleIDG Contributor Network: Start preparing today for the future of quantum...
As an IT security professional, you have a number of issues that demand your attention today. Protecting against data breaches, securing IT infrastructures that are growing more complex and...
View Article