background preloader

Security

Facebook Twitter

IT-Sicherheit: Die zehn wichtigsten Maßnahmen. S.J. Moore on The Tweeted Times. This iPhone Malware infecting Jailbroken Devices Stole 225,000 Apple Accounts. Jailbreakers Beware!

This iPhone Malware infecting Jailbroken Devices Stole 225,000 Apple Accounts

Some shady tweaks that you installed on their jailbroken devices are looking to steal your iCloud login credentials, a report said. The iCloud account details, including email addresses and passwords, of nearly 220,000 jailbreak users have been breached, an online Chinese vulnerability-reporting platform WooYun reported. WooYun is an information security platform where researchers report vulnerabilities and vendors give their feedbacks. Backdoor Privacy Attack The security breach, according to the website, was a result of 'backdoor privacy attack' caused by the installation of a malicious jailbreak tweak.

A Phishing Trampoline – embedding redirects in PDF documents. Today I ran into a typical fraud email claiming to come from a U.S. bank but with a twist!

A Phishing Trampoline – embedding redirects in PDF documents

Analyzing the attachment, it turns out that there’s no malware inside but instead a new middle step to fool lesser security software. The original file name is “Swift confirmation .pdf” and it was created using Microsoft Word 2010. Job. Search jobs in our offices around the world (in English)Embedded/Firmware Engineer (Wing), Google[x]Google–Mountain View, CA, USAShare Work on all aspects of UAV software, from drivers and motor controllers to vehicle management and mission execution systems.

job

Participate in the team's software process...Software Engineering 1 day agoInstructional Designer and Web Developer, engEDUGoogle–Mountain View, CA, USAShare Serve as an instructional development consultant and collaborate with computer science subject matter experts to develop learning solutions for educators. Analyze needs and ...Technical Solutions1 day agoIndustry Manager, RetailGoogle–Shanghai, Shanghai, ChinaShare Develop and maintain C-level relationships to serve as a trusted partner with our most strategic customers. Government sets criteria for new cyber security organisational standard. Businesses have until 14 October to submit their views on what the new standard should look like, but the Cabinet Office has now laid out guidance that sets out what the standard should be able to deliver (14-page / 176KB PDF) to help inform those submissions.

Government sets criteria for new cyber security organisational standard

As part of its Cyber Security Strategy published in November 2011, the Government promised to develop industry-led cyber security standards for companies. It plans to endorse one standard that "best meets the requirements for effective cyber risk management". Securing Mobile Devices in the Business Environment. OWASP Top Ten for 2013.

3 Major Updates to Application Security Risks.

OWASP Top Ten for 2013

Witter / simX : @boredzo — Also note the ... SniffMyPackets (Beta) – Released!! First. March 15th, 2013.

first

Hash-generator. How passwords can wreck your two-factor authentication. Researchers grab cryptographic keys from Frozen Android Phones. Using a new attack on most popular Android phones platform, a team of researchers in Germany managed to grab stored cryptographic keys if the device is frozen state for an hour.

Researchers grab cryptographic keys from Frozen Android Phones

The method which able to bypasses Google’s data scrambling encryption system introduced in Android 4.0 Ice Cream Sandwich to reveal the phone’s hidden data, when leaving Android phones in a freezer until they fell below -10 degrees Celsius, which revealed previously scrambled data, including contact lists, browsing histories, and photos. The team developed software called FROST, Forensic Recovery of Scrambled Telephones, which lets them copy data from the phone for analysis on a computer.

Map of the Internet: The Internet Visualized in 3D. Here’s a neat little app for you.

Map of the Internet: The Internet Visualized in 3D

The good folks at hosting provider Peer 1 have launched a new app called ‘Map of the Internet’ which, well, does exactly what it says on the box. Available for Android, with an incarnation also optimized for iPhone, iPod touch and iPad, the app visualizes the myriad of networks that constitute that thing known as the Internet. Mobile mayhem: The five biggest enterprise security threats. Mobile devices have revolutionized business efficiency, but much to the regret of enterprise security specialists, they've also introduced tremendous risk.

Mobile mayhem: The five biggest enterprise security threats

Here are the top five risks and how to mitigate them. Mobile devices have revolutionized business efficiency, but much to the regret of enterprise security specialists, they've also introduced tremendous risk. The mere thought of giving employees access to corporate data from anywhere on any network can be enough to give any IT security specialist nightmares. Tools - security-onion - A list of tools included in Security Onion and links to their homepages and documentation. - Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring). Security Onion would like to thank the following open-source projects for their contribution to our community!

Tools - security-onion - A list of tools included in Security Onion and links to their homepages and documentation. - Security Onion is a Linux distro for IDS (Intrusion Detection) and NSM (Network Security Monitoring).

Please note that this is a combined list of tools for Security Onion 10.04 and Security Onion 12.04. The Tweeted Times - personal newspaper generated from your Twitter account. Making BYOD work for you. Ponemon statistics 2012 on cost of cybercrime. At the American Enterprise Institute (AEI) event “Cybersecurity and American power,” Gen. K.B. Alexander, director of the National Security Agency (NSA) and chief at the Central Security Service (CSS), defined cybercrime “the greatest transfer of wealth in history.” alerting Government on the emergency related to intellectual property theft due cyber espionage. “Symantec placed the cost of IP theft to the United States companies in $250 billion a year, global cybercrime at $114 billion annually ($388 billion when you factor in downtime), and McAfee estimates that $1 trillion was spent globally under remediation.

USSD Remote factory reset demo and tutorial. Surveillance State: From Inside Secret FBI Terrorist Screening Room to TrapWire Training. Dirty USSDs and the Android Update Problem. Last week, it was reported that some Android devices could be wiped remotely if the user unwittingly clicked on a link. Since then, Samsung has announced that for the Galaxy S III the issue was already fixed in the last update and urged customers to update their devices accordingly. While the speed of Samsung’s response was commendable, what was left unsaid highlights the complicated environment of Android updates – and why it hurts the security of ordinary users.

Simply put, it is very difficult to push updates for Android devices. Advanced penetration testing using Backtrack. Carole Wozny - Google+ - Android users: How many of you run some type of security… Blog Archive » Stuffing Javascript into DNS names. 2nd Latin American Security Analyst Summit and threats around us. How to Make Your Website Hacker-Proof. Advertisement july 15, 2012 • 08:15 AM. Security still the ‘No. 1 obstacle’ to cloud adoption — Cloud Computing News. Analysis of Flame WuSetupV.exe URL parameters » CrySyS Blog. Protecting Your Security Online. The Good, The Bad and the Insecure. The Tweeted Times - personal newspaper generated from your Twitter account. How Flame Hid In Plain Sight For Years. How to Check for Flame. By Jacob Kitchel The biggest cyber security related news story this week has been about the Flame/Wiper malware. The event has gotten high profile coverage by several media outlets.

Infosec

Howto. Hacking. Linux. For:@twitter. Pentest. Privacy. Scada. Computer Forensics, Malware Analysis & Digital Investigations: Basic Computer Forensic Analysis Techniques in EnCase. Blog » Blog Archive » Pcprox RFID Reader – New Tool for reading RFID/HID Card. PcproxRFIDReader is the FREE tool for reading RFID/HID card ID using pcProx USB readers.

Chetan Surpur. Sidestep is an open-source application for Mac OS X that sits quietly in the background, protecting your security and privacy as you browse the web.