With the continuous advancements made in technology, our online experiences are becoming more streamlined and seemingly user friendly.
We no longer require stationary desktop computers to access the Internet, but instead can reach the web through our laptops, smartphones, tablets and now, televisions. Smart TVs are one of the latest additions to the family of fun gadgets millions of people have their eyes on, but are they secure? In January 2014, there was a deeper dive into the safety of smart TVs by inspecting the televisions of major manufactures. Journalists were able to crack into the devices by messing with their SSL certificates.Read more
Unkillable nasty still climbs out of the grave to this day. The Asprox botnet was responsible for about a lot of attack sessions recorded during October 2014, impacting different organisations.
The Asprox malware family is continuing to plague businesses, despite multiple attempts to disrupt its infrastructure. The Asprox botnet, which first surfaced around six years ago in 2008, has been linked to phishing scam messages as well as the distribution of secondary malware infections. The zombie network also acts as a platform for hack attacks. Asprox spreads through vulnerable websites, using SQL injections attacks to plant malicious code.Read more
Nearly half of all web application cyber attack campaigns target retail applications, a study has shown. The retail sector is the most heavily targeted by this type of attack, according to the latest web application attack report by security firm.
The warning comes as online retailers gear up for the two busiest days of the online shopping year in the US and increasingly in the UK too. Websites containing consumer information, which require some form of log-in credentials, suffer from the attacks. Consumer information, such as personal details and credit cards, are a valuable and tradable black market piece of information.Read more
Microsoft is considering adding public-key pinning–an important defense against man-in-the-middle attacks–to Internet Explorer. The feature is designed to help protect users against the types of MITM attacks that rely on forged certificates, which comprise a large portion of those attacks.
Attackers use forged or stolen certificates to trick victims’ browsers into trusting a malicious site that the attacker controls. Public-key pinning helps prevent those attacks by binding a set of public keys issued by a trusted certificate authority to a specific domain. With that defense in place, if the user visits the site and is presented with a key that’s not part of the pinned set, the browser will reject the secure connection.Read more
The prototype real time social media monitor will only look at publicly available data though, according to the plans. Germany's foreign intelligence agency reportedly wants to spend on technology that would let it spy in real time on social networks outside of Germany.
The system for real time social network monitoring is still in the construction phase. But a prototype is expected to be launched next June with the aim of monitoring publicly available data on Twitter and blogs. The program should filter out and discard data in the German language. Moreover, a plan to monitor Internet exchanges outside Germany is also in the works.Read more
Researchers have spotted a new technique used by phishers which could trick even more users into believing they are entering their information in a legitimate web form.
Instead of replicating as faithfully as possible a legitimate website, the attackers need only to set up a phishing page with a proxy program which will act as a relay to the legitimate site, and create a few fake pages for when users need to enter their personal and financial information. In the spotted attack, users are directed to the malicious site by clicking on a search result they got by entering a product's name. The attackers used a number of techniques to make the URL appear in the results.Read more
Today Facebook unveiled its hidden service that lets users access their website more safely. Users and journalists have been asking for our response; here are some points to help you understand our thinking.
I didn't even realize I should include this section, until I heard from a journalist today who hoped to get a quote from me about why Tor users wouldn't ever use Facebook. Putting aside the (still very important) questions of Facebook's privacy habits, their harmful real-name policies, and whether you should or shouldn't tell them anything about you, the key point here is that anonymity isn't just about hiding from your destination.Read more
Web surfing is one of the most popular kinds of using the Internet. Every day we are surfing the web: view the news, listen to the music and check e-mail. However, this service puts at risk the information stored on your computer.
During web surfing everyone can get to the site from which you can upload virus or an attacker can trick to get personal information. A digital certificate may be threat signal. Let's look at what it is a digital certificate and how it provides safety when surfing the web. There are many digital certificates and each serves for their own purposes. The most common type of certificates is SSL certificates.Read more
There is an exclusive story on what many are stating to be the largest series of hacks ever. While the reactions among the security industry are mixed, the story does bring to the public’s attention the necessity of online security policies for all aspects of the connected life.
As our researchers have shown in the past, gathering a collection of username and passwords can be easier than many think, with many scraping programs being sold on the deep-web market to the highest bidders. And while some companies are offering paid solutions to help monitor if their accounts have been breached, this does not change the fact that the first layer of security begins at the user.Read more