Original release date: July 31, 2015 The Internet Crime Complaint Center (IC3) has issued an alert to U.S. businesses about a rise in extortion campaigns. In a typical incident, a business receives an e-mail threatening a Distributed Denial of Service (DDoS) attack to its website unless it pays a ransom
Original release date: July 31, 2015 The National Cybersecurity and Communications Integration Center (NCCIC) and its partners responded to a series of data breaches in the public and private sector over the last year, helping organizations through incident response actions, conducting damage assessments, and implementing restoration and mitigation actions. During NCCIC’s recent work, following best practices proved extremely effective in protecting networks, the information residing on them, and the equities of information owners. The recently updated National Institute of Standards and Technology Cybersecurity Framework highlights best practices
Starting today, Microsoft is offering most Windows 7 and Windows 8 users a free upgrade to the software giant’s latest operating system — Windows 10 . But there’s a very important security caveat that users should know about before transitioning to the new OS : Unless you opt out, Windows 10 will by default share your Wi-Fi network password with any contacts you may have listed in Outlook and Skype — and, with an opt-in, your Facebook friends! This brilliant new feature, which Microsoft has dubbed Wi-Fi Sense , doesn’t share your WiFi network password per se — it shares an encrypted version of that password. But it does allow anyone in your Skype or Outlook or Hotmail contacts lists to waltz onto your Wi-Fi network — should they ever wander within range of it or visit your home (or hop onto it secretly from hundreds of yards away with a good ‘ole cantenna !)
Original release date: July 28, 2015 ISC has released security updates to address a vulnerability in BIND. Exploitation of this vulnerability may allow a remote attacker to cause a denial of service condition. Updates available include: BIND 9-version 9.9.7-P2 BIND 9-version 9.10.2-P3 Users and administrators are encouraged to review ISC Knowledge Base Article AA-01272 and apply the necessary updates.
Original release date: July 28, 2015 Android devices running Android versions 2.2 through 5.1.1_r4 contain vulnerabilities in the Stagefright media playback engine. Exploitation of these vulnerabilities may allow an attacker to access multimedia files or potentially take control of a vulnerable device. Users and administrators are encouraged to review Vulnerability Note VU#924951 for more information
[Guest Diary: Xavier Mertens] [ Integrating VirusTotal within ELK ] Visualisation is a key when you need to keep control of whats happening on networks which carry daily tons of malicious files.
Introduction Earlier this year, we started seeing reports of macro-based Bartalex malware [ 1 ]. Bartalex has been used in Microsoft Officedocuments sentthrough malicious spam (malspam)
Now that my overview of Sysinternals tools with VirusTotal support is complete ( Process Explorer , Autoruns and Sigcheck ), lets address a couple of remarks I received (BTW, if I missed a Sysinternals tools, let me know with a comment). 1) Upload of files. Some people are worried that the Sysinternals tools will upload (confidential) files to VirusTotal.