What's new arround internet
| Src | Date (GMT) | Titre | Description | Tags | Stories | Notes |
 |
2018-10-09 13:00:00 | 5 Steps to Maximize Your Financial Data Protection (lien direct) |
A series of high-profile data breaches in 2017 made it clear that it's becoming more difficult to protect your and your customer's sensitive information from nefarious agents. As businesses expand, they develop and implement security policies that help protect their sensitive information from outsiders. Still, business growth means more computers, more laptops and more mobile phones—and more network endpoints means more security vulnerabilities and more opportunities for a small oversight to turn into a major data breach.
Financial data breaches can spell disaster, especially for small businesses that have fewer resources to allocate toward proactive security measures and fraud prevention. To help out, we've outlined five steps that you can take to maximize your financial data protection in 2018.
Take Inventory of Your Sensitive Financial Data
The first step to effective financial data protection is to identify the data that is more important to protect. Your full assessment should answer the following questions:
What data do I need to secure?
What computers, servers, laptops, networks, or other devices is the information stored on?
What devices can be used to access the data?
What roles/titles will have permission to view the data?
The best way to start enhancing data security is by restricting access. Isolate or segregate the data onto the fewest number of devices possible, and make it accessible to the fewest number of people. Conduct thorough background checks and ask for references when hiring employees that will come into contact with financial data.
Implement Effective Password Controls
Passwords are an important security measure used to prevent unauthorized users from accessing company laptops, e-mail accounts and other resources that could contain sensitive financial information. Password controls are a set of imposed guidelines for how your staff should set up the passwords that they use to access your sensitive data. Typical password controls include:
Ensuring that passwords are long enough and that they contain a mixture of upper and lower-case letters, numbers and symbols. As passwords get longer, they become exponentially harder to hack by brute force. Hackers use all kinds of tricks to try and guess passwords—writing software that guesses dictionary words or combinations of words from the dictionary, or that guesses birth dates formatted in different ways. Passwords should be 10-12 characters long.
Ensuring that passwords are changed on a regular basis, at least every 90 days for passwords used to access sensitive financial data.
Ensuring that each individual user is assigned one username and password, and that login credentials are never shared.
Protect Your Network with a Firewall
Companies storing and transmitting financial data on an internal network should implement a firewall. A firewall is a hardware or software security device that monitors all incoming and outgoing network traffic and uses predefined security guidelines to determine whether it should be allowed or blocked. Firewalls establish a barrier between your trusted internal network and unauthorized external actors that might try to access or attack it.
You may want to hire a cyber security expert who can help customize your firewall to your unique circumstances and advise you on how to address other potential network security threats.
Look Out for Phishing Scams
Sometimes, fraudsters don't have to gain access to your systems using technological means to attack your company financiall |
Hack Vulnerability | ||
 |
2018-10-09 13:00:00 | New Magecart hack detected at Shopper Approved (lien direct) | Malicious code removed after two days. Impact is smaller compared to previous incidents at Ticketmaster, Feedify, or British Airways. | Hack | ||
|
2018-10-09 10:34:00 | Security researcher source in Supermicro chip hack report casts doubt on story (lien direct) | The explosive report "doesn't make sense," according to the expert which described hardware implant uses in theoretical attacks. | Hack | ||
 |
2018-10-08 14:36:04 | 5 tips to secure your supply chain from cyberattacks (lien direct) | It's nearly impossible to secure supply chains from attacks like the alleged Chinese chip hack that was reported last week. But here are some tips to protect your company. | Hack | ||
 |
2018-10-08 14:30:03 | Chinese Inserting A Backdoor On Supermicro Server BMCs (lien direct) | US officials have shared details of a widespread hardware hack which saw Chinese spies infiltrate 30 American companies, including Amazon and Apple, in 2015 by planting rice-sized computer chips onto their server motherboards which gave hackers access to sensitive consumer and government data. Nicolas Waisman, VP of Security Consulting at Cyxtera: “The supply chain is … The ISBuzz Post: This Post Chinese Inserting A Backdoor On Supermicro Server BMCs | Hack | ||
 |
2018-10-08 00:07:00 | PoC Attack Escalates MikroTik Router Bug to \'As Bad As It Gets\' (lien direct) | Researchers say a medium severity bug should now be rated critical because of a new hack technique that allows for remote code execution on MikroTik edge and consumer routers. | Hack | ||
|
2018-10-07 22:11:00 | DHS and GCHQ join Amazon and Apple in denying Bloomberg chip hack story (lien direct) | US and UK officials stand by Amazon and Apple's statements regarding Bloomberg chip hack story. | Hack | ||
 |
2018-10-05 16:16:00 | China Tech Stocks Lenovo, ZTE Tumble After Chip Hack Report (lien direct) | HONG KONG (AP) - Chinese tech stocks Lenovo Group and ZTE Corp. tumbled in Hong Kong on Friday following a news report Chinese spies might have used chips supplied by another company to hack into U.S. computer systems. | Hack | ||
 |
2018-10-05 13:10:03 | Apple and Amazon deny China hack claims (lien direct) | The tech giants dispute claims that a spy chip tried to steal their corporate secrets and data. | Hack | ||
 |
2018-10-05 00:36:03 | Apple, Amazon Throw Shade on Supply Chain Hack Story (lien direct) | A report by Bloomberg alleging a massive operation by China’s Peoples Liberation Army (PLA) to plant spy hardware on servers used by some of the U.S.’s most high profile corporations is being refuted by tech vendors Apple as well as Amazon, who contend that no such compromises took place. The report written by Jordon Robinson and...Read the whole entry... _!fbztxtlnk!_ https://feeds.feedblitz.com/~/572886254/0/thesecurityledger -->» | Hack | ||
|
2018-10-04 21:24:05 | Hacker wastes entire day hacking Pigeoncoin cryptocurrency only to make $15,000 (lien direct) | Pigeoncoin hack confirms that the CVE-2018-17144 vulnerability fixed in the Bitcoin source code in mid-September was, indeed, as bad as it gets. | Hack Vulnerability | ||
|
2018-10-04 18:39:05 | (Déjà vu) Hack the Box: Olympus Walkthrough (lien direct) | Today we are going to solve another CTF challenge “Olympus”. Olympus is a retired vulnerable lab presented by Hack the Box for helping pentester's to perform online penetration testing according to your experience level; they have a collection of vulnerable labs as challenges, from beginners to Expert level. Level: Easy Task: To find user.txt and... Continue reading → | Hack | ||
|
2018-10-04 18:30:05 | Hack The Marine Corps Results: Nearly 150 Vulnerabilities Reported, $151,542 Paid To Hackers (lien direct) | The U.S. Department of Defense (DoD) and HackerOne, the leading hacker-powered security platform, today announced the results of the DoD's sixth public bug bounty program. The Marine Corps is committed to fighting and winning in all domains, including cybersecurity, and Hack the Marine Corps is a key initiative of this campaign. The bug bounty challenge invited … The ISBuzz Post: This Post Hack The Marine Corps Results: Nearly 150 Vulnerabilities Reported, $151,542 Paid To Hackers | Hack Guideline | ||
 |
2018-10-04 17:41:04 | How Russian Spies Infiltrated Hotel Wi-Fi to Hack Their Victims Up Close (lien direct) | A new indictment details how Russian agents camped outside hotels when remote hacking efforts weren't enough. | Hack | ||
 |
2018-10-04 16:36:51 | Notes on the Bloomberg Supermicro supply chain hack story (lien direct) | Bloomberg has a story how Chinese intelligence inserted secret chips into servers bound for America. There are a couple issues with the story I wanted to address.The story is based on anonymous sources, and not even good anonymous sources. An example is this attribution:a person briefed on evidence gathered during the probe saysThat means somebody not even involved, but somebody who heard a rumor. It also doesn't the person even had sufficient expertise to understand what they were being briefed about.The technical detail that's missing from the story is that the supply chain is already messed up with fake chips rather than malicious chips. Reputable vendors spend a lot of time ensuring quality, reliability, tolerances, ability to withstand harsh environments, and so on. Even the simplest of chips can command a price premium when they are well made.What happens is that other companies make clones that are cheaper and lower quality. They are just good enough to pass testing, but fail in the real world. They may not even be completely fake chips. They may be bad chips the original manufacturer discarded, or chips the night shift at the factory secretly ran through on the equipment -- but with less quality control.The supply chain description in the Bloomberg story is accurate, except that in fails to discuss how these cheap, bad chips frequently replace the more expensive chips, with contract manufacturers or managers skimming off the profits. Replacement chips are real, but whether they are for malicious hacking or just theft is the sticking point.For example, consider this listing for a USB-to-serial converter using the well-known FTDI chip. The word "genuine" is in the title, because fake FTDI chips are common within the supply chain. As you can see form the $11 price, the amount of money you can make with fake chips is low -- these contract manufacturers hope to make it up in volume. The story implies that Apple is lying in its denials of malicious hacking, and deliberately avoids this other supply chain issue. It's perfectly reasonable for Apple to have rejected Supermicro servers because of bad chips that have nothing to do with hacking.If there's hacking going on, it may not even be Chinese intelligence -- the manufacturing process is so lax that any intelligence agency could be responsible. Just because most manufacturing of server motherboards happen in China doesn't point the finger to Chinese intelligence as being the ones responsible.Finally, I want to point out the sensationalism of the story. It spends much effort focusing on the invisible nature of small chips, as evidence that somebody is trying to hide something. That the chips are so small means nothing: except for the major chips, all the chips on a motherboard are small. It's hard to have large chips, except for the big things like the CPU and DRAM. Serial ROMs containing firmware are never going to be big, because they just don't hold that much information.A fake serial ROM is the focus here not so much because that's the chip they found by accident, but that's the chip they'd look for. The chips contain the firmware for other hardware devices on the motherboard. Thus, instead of designing complex hardware to do malicious things, a hacker simply has to make simple changes t |
Hack | ||
|
2018-10-04 10:23:02 | Hackers Earn $150,000 in Marine Corps Bug Bounty Program (lien direct) | The U.S. Department of Defense's sixth public bug bounty program, Hack the Marine Corps, has concluded, and white hat hackers who took part in the challenge earned more than $150,000. | Hack | ||
 |
2018-10-03 13:10:01 | Experts found 9 NAS flaws that expose LenovoEMC, Iomega Devices to hack (lien direct) | Experts discovered nine vulnerabilities affecting NAS devices that could be exploited by unauthenticated attackers to access protected content. Nine flaws affecting NAS devices could be exploited by unauthenticated attackers to access protected content. The vulnerabilities are traked as CVE-2018-9074, CVE-2018-9075, CVE-2018-9076, CVE-2018-9077, CVE-2018-9078, CVE-2018-9079, CVE-2018-9080, CVE-2018-9081 and CVE-2018-9082. According to Lenovo, the flaws affect 20 models of network attached storage (NAS) devices sold by the […] | Hack | ||
|
2018-10-03 11:38:01 | Facebook says other apps not caught in hack (lien direct) | Third-party sites accepting Facebook log-ins like Tinder and Airbnb are not believed to be affected. | Hack | ||
 |
2018-10-03 03:00:03 | Women in Information Security: Pam Armstrong (lien direct) | Last time, I spoke with Sharka. She's a pentester who knows how to hack a glucose meter. She also taught me a few things about physical security. Now I get to talk with Pam Armstrong. Web development eventually led her to healthcare security. Kim Crawley: Please tell me about what you do. Pam Armstrong: I […]… Read More | Hack | ||
 |
2018-10-02 18:47:05 | iPhone Passcode Bypass Hack Exposes Contacts And Photos (lien direct) | Flaw in Apple's iOS 12 allows an attacker to access contacts and photos in iPhone XS model A passcode bypass vulnerability has been discovered in Apple's new iOS version 12 that could allow an attacker to access photos and contact details on a locked iPhone XS as well as other Apple devices. Jose Rodriguez, a […] | Hack Vulnerability | ||
|
2018-10-02 14:12:03 | The Facebook Hack Is an Internet-Wide Failure (lien direct) | Major sites using Facebook's Single Sign-On don't implement basic security features, potentially making the fallout of last week's hack much worse. | Hack | ||
 |
2018-10-02 02:36:05 | New iPhone Passcode Bypass Hack Exposes Photos and Contacts (lien direct) | Looking for a hack to bypass the passcode or screen lock on iPhones?
Jose Rodriguez, an iPhone enthusiast, has discovered a passcode bypass vulnerability in Apple's new iOS version 12 that potentially allows an attacker to access photos and contacts, including phone numbers and emails, on a locked iPhone XS and other recent iPhone models.
Rodriguez, who also discovered iPhone lock screen
|
Hack Vulnerability | ||
|
2018-10-01 14:52:01 | Will Facebook be fined after hack attack? (lien direct) | The social network could face a hefty fine if it is found to have breached data protection rules. | Hack | ||
|
2018-10-01 14:35:03 | (Déjà vu) Hack the Box: Sunday Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Sunday. Sunday is a retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable labs as challenges, from beginners to Expert level. Level: Easy Task: find user.txt and root.txt file in victim's... Continue reading → | Hack | ||
|
2018-10-01 13:48:04 | Industry Reactions to Facebook Hack (lien direct) |  Facebook revealed last week that malicious actors may have obtained access tokens for 50 million accounts after exploiting several bugs related to the “Vi
|
Hack | ||
|
2018-10-01 08:16:02 | Several Bugs Exploited in Massive Facebook Hack (lien direct) |
|
Hack | ||
|
2018-10-01 05:40:00 | Two SIM swappers arrested for CMCT hack (lien direct) | Suspects stand accused of stealing cryptocurrency worth $14 million from a California startup. | Hack | ||
|
2018-09-29 10:30:01 | Industry Leaders Reaction on Recent Facebook Hack (lien direct) | It is being reported that Facebook said an attack on its computer network led to the exposure of information from nearly 50 million of its users. The company discovered the breach earlier this week, finding that attackers had exploited a feature in Facebook's code that allowed them to take over user accounts. Facebook fixed the vulnerability and notified law enforcement officials. More … The ISBuzz Post: This Post Industry Leaders Reaction on Recent Facebook Hack | Hack Vulnerability Guideline | ||
 |
2018-09-28 19:39:01 | Millions of accounts affected in latest Facebook hack (lien direct) |
Facebook announced earlier today that its social network had been breached, resulting in 40 million accounts that were directly impacted. Learn more as the Facebook breach story develops.
Categories:
Cybercrime
Tags: access tokensbig breachesbreachdata breachfacebookFacebook breachfacebook hackpassword resetsocial mediasocial networksView Asvulnerabilitiesvulnerability
(Read more...)
|
Hack | ||
|
2018-09-28 17:26:05 | iPhone XS Passcode Bypass Hack Exposes Contacts, Photos (lien direct) | Bypass works on iOS 12 and Apple's latest iPhone XS model phones allowing an attacker to access contacts and photos. | Hack | ||
|
2018-09-28 07:56:05 | Teenage Apple hacker avoids jail for \'hacky hack hack\' attack (lien direct) | The self-proclaimed Apple fan stole roughly 90GB of confidential data from the iPad and iPhone maker. | Hack | ||
|
2018-09-27 06:56:03 | Hack the Gemini inc:2 (CTF Challenge) (lien direct) | Hello Friends!! Today we are going to breach a new VM lab “Gemini inc:2” of the vulnhub series and before moving ahead you can also take a look over Gemini inc:1 which we had solved earlier. Gemini Inc has contacted you to perform a penetration testing on one of their internal system. This system has... Continue reading → | Hack | ||
|
2018-09-26 19:00:00 | Chegg to reset passwords for 40 million users after April 2018 hack (lien direct) | Chegg says it discovered the hack last week and that hackers didn't access financial or SSN data. | Hack | ||
 |
2018-09-25 03:00:00 | The Sony hacker indictment: 5 lessons for IT security (lien direct) | In August 2018, the US Department of Justice (DoJ) unsealed the indictment of a North Korean spy, Park Jin Hyok, whom they claim was behind the hack against Sony and the creation and distribution of the WannaCry ransomware. The 170-plus-page document was written by Nathan Shields of the FBI's LA office and shows the careful sequence of forensic analysis they used to figure out how various attacks were conducted. | Hack | Wannacry | |
|
2018-09-24 21:57:00 | SHEIN fashion retailer announces breach affecting 6.42 million users (lien direct) | Hack took place somewhere in June, but the company only discovered the breach in late August. | Hack | ||
|
2018-09-24 17:03:01 | Q&A: Reddit breach shows use of \'SMS 2FA\' won\'t stop privileged access pillaging (lien direct) | The recent hack of social media giant Reddit underscores the reality that all too many organizations — even high-visibility ones that ought to know better — are failing to adequately lock down their privileged accounts. Related: 6 best practices for cloud computing An excerpt from Reddit's mea culpa says it all: “On June 19, we […] | Hack | ||
|
2018-09-24 10:42:05 | (Déjà vu) Hack the Box Challenge: Canape Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Canape” which is available online for those who want to increase their skill in penetration testing and black box testing. Canape is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable... Continue reading → | Hack | ||
|
2018-09-22 05:20:00 | Hack the MinU: 1 (CTF Challenge) (lien direct) | Hello Friends! Today we are going to solve another CTF challenge “MinU: 1” This boot2root is an Ubuntu Based virtual machine and has been tested using Virtual Box. The network interface of the virtual machine will take its IP settings from DHCP. Your goal is to capture the flag on /root. You can download it... Continue reading → | Hack | ||
|
2018-09-21 13:09:02 | Homebuyers Being Targeted by Money Transfer Scam (lien direct) | Money Transfer Scam – Scammers hack the victims’s email accounts, monitor conversations between the buyers and title agents, send instructions on where to wire the money. A new homebuyer moves through a period of vulnerable transition as they invest in their future. This sensitive stage - a confusing flurry of representatives, documentation and planning - […] | Hack | ||
|
2018-09-19 20:00:00 | Zaif cryptocurrency exchange loses $60 million in recent hack (lien direct) | The Osaka-based cryptocurrency exchange discovered hack two days ago, and is working to secure funds to reimburse affected users. | Hack | ||
|
2018-09-19 17:30:04 | Cold Boot Attacks A Threat To All Modern Computers (lien direct) | After researchers recently discovered a way to physically hack into PC’s, Tyler Reese, Product Manager from One Identity, explains how organisations can protect systems from these attacks and what users can do to protect their data. Tyler Reese, Product Manager at One Identity: “Physical security is just as important as cyber security. Organization should make … The ISBuzz Post: This Post Cold Boot Attacks A Threat To All Modern Computers | Hack Threat | ||
|
2018-09-19 15:35:03 | (Déjà vu) Hack the ROP Primer: 1.0.1 (CTF Challenge) (lien direct) | Hello friends! Today we are going to take another CTF challenge known as ROP Primer. The credit for making this vm machine goes to “Bas” and it is another capture the flag challenge in which our goal is to capture all the flags to complete the challenge. You can download this VM here. We have 3... Continue reading → | Hack | ||
|
2018-09-19 10:12:00 | US judge allows e-voting despite hack fears (lien direct) | The judge, in the state of Georgia, is "gravely concerned" about hacking - but allows e-voting to go ahead. | Hack | ||
 |
2018-09-18 17:35:00 | Internet-Connected CCTV Cameras Vulnerable to \'Peekaboo\' Hack (lien direct) | Zero-day flaw in China-based NUUO's video recorder technology still unfixed three months after vendor was alerted. | Hack | ||
|
2018-09-18 14:24:01 | Swiss, Russian FMs to Meet Next Week on Spy Row (lien direct) | Switzerland's foreign minister said Monday that he will meet his Russian counterpart next week after details emerged of alleged attempts by two Russian spies to hack sensitive Swiss targets. | Hack | ||
|
2018-09-17 16:47:02 | (Déjà vu) Hack the Box: Fulcrum Walkthrough (lien direct) | Hello friends!! Today we are going to solve another CTF challenge “Fulcrum” which is available online for those who want to increase their skill in penetration testing and black box testing. Fulcrum is retired vulnerable lab presented by Hack the Box for making online penetration practices according to your experience level; they have the collection of vulnerable... Continue reading → | Hack | ||
 |
2018-09-17 12:44:03 | Future UK Cyber Security Stars Tackle Vulnerable Cryptocurrency in Latest Challenges (lien direct) | On Friday, Her Majesty's Government Communications Centre (HMGCC) and leading science and engineering company QinetiQ hosted the latest Cyber Security Challenge UK Face-to-Face competition at QinetiQ's headquarters in Farnborough. The competition saw 28 code-breaking amateurs from across the country ethically hack the cryptocurrency wallets of customers from a fictitious bank. The challenges, which put contestants' ... | Hack Guideline | ||
|
2018-09-15 11:10:03 | Dutch expelled two Russian spies over hack plan on Swiss lab working on Skripal case (lien direct) | Dutch intelligence services arrested two alleged Russian spies that were planning to hack a Swiss laboratory where is ongoing an investigation on the poisoning of the spy Sergei Skripal. According to Dutch-based NRC newspaper and Swiss daily Tages-Anzeiger, Dutch intelligence services arrested two alleged Russian spies working for Russia’s GRU military intelligence service on suspicion of planning to […] | Hack | ||
|
2018-09-14 20:07:05 | Russian Spies Arrested on Suspicion of Plans to Hack Swiss Laboratory (lien direct) | Dutch 'Expelled Two Russian Spies Over Novichok Lab Plot' | Hack | ||
|
2018-09-14 13:57:01 | North Korea claims NHS and Sony hack suspect \'doesn\'t exist\' (lien direct) | The man alleged to have hacked the UK's health service and Sony Pictures is not real, says Pyongyang. | Hack |
To see everything:
Our RSS (filtrered)
