Najnowsze wpisy
Update now! Microsoft’s April 2018 Patch Tuesday – 65 vulns, 24 critical
With the Windows 10 1803 Spring Creators Update delayed at the eleventh hour for unknown reasons, admins and end users will still receive plenty of updates in the April 2018 Patch Tuesday. The big picture is 65 security fixes assigned CVE numbers, 23 of which (plus a separate Adobe Flash…
Uso defensivo y ofensivo de Open Source Intelligence (OSINT).
Open Source Intelligence (OSINT), o más precisamente, el uso de fuentes de inteligencia de código abierto para perfilar la exposición en Internet de las organizaciones es decir, footprinting, es una área un muy interesante dentro de la seguridad de la información, particularmente porque es más o menos abierta, lo que…
Logs in High Sierra (10.13) Show Plaintext Password
Uh Oh! Unified Logs in High Sierra (10.13) Show Plaintext Password for APFS Encrypted External Volumes via Disk Utility.app Read more: https://www.mac4n6.com/blog/2018/3/21/uh-oh-unified-logs-in-high-sierra-1013-show-plaintext-password-for-apfs-encrypted-external-volumes-via-disk-utilityapp
New Cloudflare DNS service filtered in Turkey on day of launch
An investigation by Turkey Blocks has found that Turkey’s DNS blocking measures are already actively filtering a new DNS service launched by Cloudflare and APNIC on 1 April 2018. Addresses for Wikipedia and Dutch national broadcaster NOS among several other sites known to be withheld in the country are failing…
Chrome Is Scanning Files on Your Computer, and People Are Freaking Out
Some cybersecurity experts and regular users were surprised to learn about a Chrome tool that scans Windows computers for malware. But there’s no reason to freak out about it. Read more: https://motherboard.vice.com/en_us/article/wj7x9w/google-chrome-scans-files-on-your-windows-computer-chrome-cleanup-tool
OpenBSD 6.3 RELEASED
We are pleased to announce the official release of OpenBSD 6.3. This is our 44th release. We remain proud of OpenBSD’s record of more than twenty years with only two remote holes in the default install. Read more: https://marc.info/?l=openbsd-announce&m=152267725618055
Ever Record a Video on Facebook? Facebook Still Has It.
Have you downloaded your Facebook data archive yet? Facebook makes it easy to obtain a ZIP file of all the data it has on you: your status updates, your friend list, your messages … and, as I and several people I spoke with were surprised to discover, every video you…
Wyciek danych użytkowników popularnej aplikacji MyFitnessPal
Zdrowe odżywianie, choć bardzo dobre dla zdrowia, może okazać się nie tak dobre dla bezpieczeństwa Waszych haseł. Z tego powodu warto także zadbać o zdrowe nawyki w obszarze bezpieczeństwa i prywatności. Czytaj więcej: Wyciek danych użytkowników popularnej aplikacji MyFitnessPal
Facebook and Cambridge Analytica
In the wake of the Cambridge Analytica scandal, news articles and commentators have focused on what Facebook knows about us. A lot, it turns out. It collects data from our posts, our likes, our photos, things we type and delete without posting, and things we do while not on Facebook…
The FBI Used Classified Hacking Tools in Ordinary Criminal Investigations
The FBI’s Remote Operations Unit has hacking tools typically reserved for protecting national security. But an overlooked section of a new report says ROU has used these secret techniques in criminal cases. Read more: https://motherboard.vice.com/en_us/article/7xdxg9/fbi-hacking-investigations-classified-remote-operations-unit
Intel CPUs Vulnerable to New ‚BranchScope’ Attack
Researchers have discovered a new side-channel attack method that can be launched against devices with Intel processors, and the patches released in response to the Spectre and Meltdown vulnerabilities might not prevent these types of attacks. Read more: https://www.securityweek.com/intel-cpus-vulnerable-new-branchscope-attack
Drupal core – Highly critical – Remote Code Execution – SA-CORE-2018-002
A remote code execution vulnerability exists within multiple subsystems of Drupal 7.x and 8.x. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Read more: https://www.drupal.org/sa-core-2018-002