Cyber Security News

#CyberAware: Teaching Kids to Get Fierce About Protecting Their Identity

Cyber Security News - Sat, 10/06/2018 - 14:57
It wasn’t Kiley’s fault, but that didn’t change the facts: The lending group denied her college loan due to poor credit, and she didn’t have a plan B. Shocked and numb, she began to dig a little deeper. She discovered that someone had racked up three hefty credit card bills using her Social Security Number (SSN) a few years earlier.
Categories: Cyber Security News

Hackers, Good and Bad

Cyber Security News - Sat, 10/06/2018 - 14:50
Attendees of Defcon, a hacking and cybersecurity conference in Las Vegas. Credit Credit Stephen Hiltner/The New York Times. To the Editor: (Inside The Times, Sept. 24), like other reporting on the subject, classifies hackers into two groups: the “good” guys and the “bad” guys.
Categories: Cyber Security News

Artikel von Finn Mayer-Kuckuk

Cyber Security News - Sat, 10/06/2018 - 14:33
Chinas erfolgreichster Unternehmer Jack Ma will seine Posten beim Onlinehändler Alibaba abgeben um trotz des Drucks der politischen Führung unabhängig bleiben zu können. Die USA erheben neue Spionagevorwürfe gegen die Chinesen. Diese sollen Computerplatinen manipuliert und so Server von Unternehmen und Behörden infiltriert haben.
Categories: Cyber Security News

Sony Bravia Smart TVs affected by a critical vulnerability

Security Affairs - Sat, 10/06/2018 - 14:25
Experts at FortiGuard Labs team discovered three vulnerabilities in eight Sony Bravia smart TVs, one of them rated as critical.

Patch management is a crucial aspect for IoT devices, smart objects are surrounding us and represent a privileged target for hackers.

Experts at FortiGuard Labs team discovered three vulnerabilities (a stack buffer overflow, a directory traversal, and a command-injection issue) in eight Sony Bravia smart TVs, one of them rated as critical.

Affected Sony Bravia models include R5C, WD75, WD65, XE70, XF70, WE75, WE6 and WF6.

The most severe vulnerability tracked as CVE-2018-16593 is a command-injection flaw that resides in the Sony application Photo Sharing Plus that allows users to share multimedia content from their mobile devices via Sony Smart TVs.

An attacker needs to share on the same wireless network as the Sony TV in order to trigger the vulnerability.

“This application handles file names incorrectly when the user uploads a media file. An attacker can abuse such filename mishandling to run arbitrary commands on the system, which can result in complete remote code execution with root privilege.” reads the blog post published by Fortinet.
“Fortinet previously released IPS signature Sony.SmartTV.Remote.Code.Execution for this specific vulnerability to proactively protect our customers.”

Remaining bugs also affect the Sony’s Photo Sharing Plus application running on Sony Bravia. The stack buffer overflow (CVE-2018-16595) is a “memory corruption vulnerability that is tied to the lack of sanitization of user input.

“This is a memory corruption vulnerability that results from insufficient size checking of user input. With a long enough HTTP POST request sent to the corresponding URL, the application will crash.” continues the advisory.
Fortinet previously released IPS signature Sony.SmartTV.Stack.Buffer.Overflow for this specific vulnerability to proactively protect our customers.”

The third flaw directory-traversal vulnerability tracked as  CVE-2018-16594 that relates to the way the Photo Sharing Plus app handles file names.

“The application handles file names incorrectly when receiving a user’s input file via uploading a URL. A attacker can upload an arbitrary file with a crafted file name (e.g.: ../../) that can then traverse the whole filesystem.” reads the blog post.
“Fortinet previously released IPS signature Sony.SmartTV.Directory.Traversal for this specific vulnerability to proactively protect our customers.” 

Sony has provided over-the-air patch updated to address the flaws, the fixes need to be approved by the user.

“If your television is set to automatically receive updates when connected to the internet, it should have already been updated. This is the default setting for the affected models.” reads the security advisory published by Sony.

“To verify that your television has been updated, please visit the Downloads section of your model’s product page. Click the Firmware update link for details about how to check the software version. If your television has not already been updated, please follow the instructions to download and install the update.”

window._mNHandle = window._mNHandle || {}; window._mNHandle.queue = window._mNHandle.queue || []; medianet_versionId = "3121199"; try { window._mNHandle.queue.push(function () { window._mNDetails.loadTag("762221962", "300x250", "762221962"); }); } catch (error) {}

Pierluigi Paganini

(Security Affairs – Sony Bravia, hacking)

The post Sony Bravia Smart TVs affected by a critical vulnerability appeared first on Security Affairs.

Categories: Cyber Security News

safety v1.8.4 releases: checks your installed dependencies for known security vulnerabilities

Cyber Security News - Sat, 10/06/2018 - 14:20
Safety is a command line tool. Use it to check your local virtual environment, your requirement files, or any input from stdin for dependencies with If you are using something insecure, you’ll get a report on what exactly is affected. See what is vulnerable. Safety CI integrates with your GitHub account, just like tests do.
Categories: Cyber Security News

DARKSURGEON: Windows packer project to empower incident response, digital forensics, malware analysis, and network defense

Cyber Security News - Sat, 10/06/2018 - 14:20
DARKSURGEON is a Windows packer project to empower incident response, , and network defense. DARKSURGEON has three stated goals: Accelerate incident response, digital forensics, malware analysis, and network defense with a preconfigured Windows 10 environment complete with tools, scripts, and utilities.
Categories: Cyber Security News

Russia hack attacks: Revelations from 'spy mania' - Deutsche Welle

Cyber Security News - Sat, 10/06/2018 - 14:17
in Lausanne. two GRU agents staged a cyberattack against the World Anti-Doping Agency's (WADA) regional office In 2017, confidential files of several high-profile athletes were posted online. WADA said the files were taken during a data breach, with British authorities blaming GRU for the cyberattack.
Categories: Cyber Security News

Claromentis Discuss 1.2.1 Cross Site Scripting

Cyber Security News - Sat, 10/06/2018 - 14:02
Issue: Stored Cross site Scripting (XSS) on Discuss Module v1.2.1 in Claromentis intranet application Reserved CVE: CVE-2018-15903 # Vulnerability OverviewThe Discuss v1.2.1 module in Claromentis 8.2.2 is vulnerable to Stored Cross Site Scripting (XSS).
Categories: Cyber Security News

Lets sociaal netwerk gehackt op verkiezingsdag: Pro-Russische boodschap en volkslied bij inloggen

Cyber Security News - Sat, 10/06/2018 - 14:00
Het belangrijkste sociaal netwerk in Letland, Draugiem, is zaterdag gehackt geweest. Op de inlogpagina verscheen een pro-Russische boodschap en weerklonk het Russische volkslied. Het gebeurde net op de dag dat de Letten naar de stembus trekken. Een pro-Russische partij wordt wellicht de grootste.
Categories: Cyber Security News

Le président d’Interpol soupçonné de corruption par la Chine

Cyber Security News - Sat, 10/06/2018 - 13:51
Que reproche Pékin au président chinois d’Interpol Meng Hongwei ? Selon des sources concordantes, le haut fonctionnaire, interpellé dans son pays après son arrivée en avion depuis Stockholm à la fin du mois de septembre, est soupçonné de corruption par les autorités chinoises.
Categories: Cyber Security News

Android users beware: New virus called OwnMe stealing your data

Cyber Security News - Sat, 10/06/2018 - 13:45
A new virus is roaming the internet, specifically targeting Android users. The malware, known as OwnMe, enters your phone secretly through downloaded apps. As soon as the virus enters your phone, it starts stealing an individual’s personal data. Fortunately, an antivirus company has found out about....
Categories: Cyber Security News

The Chinese Motherboard Hack Is a Crisis, Even If It Didn’t Really Happen

Cyber Security News - Sat, 10/06/2018 - 13:23
Savita Kirloskar / Reuters. It’s easy to forget in the app era, but Silicon Valley got its name from microchips. The generation that transformed orchards into Oracle did so by manufacturing electronic circuits that encrust “chips” of a semiconductor material, usually made of silicon.
Categories: Cyber Security News

The free internet makes us the product — we need to stop it

Cyber Security News - Sat, 10/06/2018 - 13:23
The bad headlines continue to stack up for Facebook this year: from the Cambridge Analytica scandal, to the New York Times that Facebook gave Apple , Samsung , and other mobile device makers access to its users personal data without permission, to the revelation that the firm routinely gives user....
Categories: Cyber Security News

11 stappen om je te wapenen tegen cybercriminelen

Cyber Security News - Sat, 10/06/2018 - 13:22
Door: Jeroen van Onselen Hackers? Cybercriminaliteit? Laat je niet gek maken. Je basisbeveiliging heb je zo op orde. Je zou er bijna bang voor worden als je het nieuws van de afgelopen dagen leest. McAfee die op afstand bij betrouwbare medische foto's komt en hele lichaamsdelen uitprint. Gelekte camerabeelden van de Oranje handbaldames.
Categories: Cyber Security News

國際最具權威的資訊安全專業人員證照CISSP

Cyber Security News - Sat, 10/06/2018 - 13:17
恆逸2018/10/29 、11/3 、11/5開課:CISSP資安系統專家認證課程. CISSP®認證被譽為資訊安全界的至高標準!更是第一張經由ANSI美國國家標準學會認可符合ISO/IWC 17024國際標準要求的資訊安全證照;CISSP®認證是針對在企業組織中的專業資安人員、資安顧問,或是資訊部門管理階層而設計的高階認證。取得CISSP認證的資訊安全人員,其擁有所需要的技術水準與經驗,能有效的處理及執行企業的資訊安全系統與政策。CISSP®認證更可說是安全管理與專業技術的最佳鑑定者! 領先群雄資安技術認證.
Categories: Cyber Security News

Latvian Social Network Hacked on Election Day - IT Company

Cyber Security News - Sat, 10/06/2018 - 13:11
"Currently the operation of the portal is suspended for several hours in order to remedy the consequences [of the cyber attack]," Janis Palkavnieks, the representative of the Draugiem Group, said. As a result of the attack, the social network's homepage started to show pictures depicting Russian....
Categories: Cyber Security News

eSports, i nuovi orizzonti femminili

Cyber Security News - Sat, 10/06/2018 - 13:03
I videogiochi? Roba (sempre più) da ragazze! A confermarlo sono i dati emersi da un’ultima indagine condotta nel 2017 (e pubblicata ad aprile 2018) da Aesvi nel nostro Paese: si scopre, infatti, che Il 57% della popolazione di età compresa tra i 16 e i 64 anni, corrispondente a circa 17 milioni di....
Categories: Cyber Security News

First Lady Melania Trump is mocked for Egypt outfit that looks like Colonel Sanders

Cyber Security News - Sat, 10/06/2018 - 12:40
'Worst Meryl Streep impersonation ever': First Lady Melania Trump is mocked for Egypt outfit that was 'Carmen Sandiego meets smooth criminal, meets Colonel Sanders' Melania Trump has been mocked for the all-white outfit she donned for her last day in Africa on Saturday; Social media users say she....
Categories: Cyber Security News

Chinese Spy Chips

Cyber Security News - Sat, 10/06/2018 - 12:25
Anthony James, Vice President at CipherCloud and Former CMO at “The accusation that the Chinese are embedding malware and surveillance into standard devices is quite real and based on facts. In 2014 an embedded malware named “Zombie Zero” targeted the shipping and logistics industry.
Categories: Cyber Security News

A Chip Off the Old Computer

Cyber Security News - Sat, 10/06/2018 - 11:59
The story in was lurid in the extreme. It read like an Ian Fleming novel, included stylized images of computer circuit boards and had pictures of a tiny chip. What happened, according to the story, was that Chinese hackers working for that nation’s military had found a way to insert a tiny....
Categories: Cyber Security News

Pages