Don`t you consider well-known KRACK to be the most dangerous attack? Meet even worse security hole. A destroying vulnerability has endangered the security of the most encryption keys, including those being used in identification documents, software signing and platform modules preventing government and enterprise computers from different attacks. One more wild morning brought the terrible news: security specialists discovered an inevitable deficiency in a commonly used cryptography code library, to be more precise, in chips that were made by a German company.
ROCA is short for Return of Coppersmith`s Attack, the researchers revealed this weakness in RSA keys of the software library that was used by cryptographic smartcards, security tokens and other secure hardware chips. The researchers wrote that this exploit allows the attacker to figure out the private part of an RSA key. Moreover, such an attack impacts on all widely used key lengths and chips produced in 2012. Continue reading →

The KRACK Attack is coming! The recent development – a Bug with a telling name

To be more precise, these are the KRACK Attacks, because there are several similar attacks that were introduced in the paper by KRACK.
So-called KRACK attacks are yet more proofs that many encrypted Wi-Fi networks are not as secure as you may think.
Using WPA and WPA2 encryption, KRACK affects many networks. It`s worth mentioning that nowadays the majority of wireless access points are covered exactly with this kind of encryption.
From the theoretical perspective, a criminal in your surrounding could spy out some of the encrypted traffic sent to one of the company computers.
A criminal can only fitfully transmit small amounts of traffic, but nevertheless, the consequences could be very dangerous. Continue reading →

According to the results of a new investigation, workers have a big gap in knowledge of security measures and these unaware employees represent a great risk for their company to be hit by the criminals.

The 2017 State of Privacy and Security Awareness Report involved 1,012 US workers in the survey and revealed that 70% of employees lack a knowledge of security and privacy spheres. It`s better result in comparison with the last year, when the number of unaware employees reached 88%. Continue reading →

Nowadays, to be proactive when it goes about privacy, is no longer about making efforts to hide from authorities. Privacy is of a critical importance now, because it is closely connected with security and protection of you as well as your close people or a working staff from being hit by the skilled and inventive cybercriminals. Continue reading →

European companies must adhere to staff privacy at work, as the European Court of Human Rights has decreed.

The lower chamber of the court reconsiders the case of 2016, when it found no interference in privacy of the workplace communication surveillance. It was the first time for considering issue connecting with the electronic communication surveillance at a private company.

In August 2007, the employer fired Bogdan Mihai Bărbulescu from Bucharest, Romania, for use of Yahoo Messenger for his personal purposes. The account was created by his employer`s demand, and court documents don`t contain this information. Continue reading →

Microsoft has been using Linux for practically three years, and it costs the system a pretty sum, actually.
Last year, Microsoft informed about the development of Windows Subsystem for Linux (WSL) in Windows 10, which provides users with the Linux command-line shell in order to use native Linux applications on Windows system. So, there is no need for a virtualization.
Security specialists of the security firm Check Point Software Technologies have revealed the WSL feature that helps malware intended for Linux to hit Windows devices.
The investigators created a new tricky mechanism called Bashware, which exploits Windows` built-in WSL feature. CheckPoint researchers indicated that a well-known Linux malware is able to exploit this Bashware attack mechanism, because security measures for Windows aren`t designed for the protection of similar threats.
This new malware provides the hacker with possibily to disguise any Linux malware from the most widespread security solutions such as future anti-virus programs, anti-ransomware solutions, malware inspection tools, etc. Continue reading →

There was a legal procedure between a web developer and his former employer in Germany, when a judge ordered that keeping an eye on a worker, using keylogger spyware contravenes the law.

Actually, keyloggers can be of different types. They can be plugged in between a keyboard and a PC, but the most are software with advanced features, such as watching over monitor object file and taking screenshots of it. The employer’s malware contains exactly these features. Continue reading →

The majority of malicious software apps are coming from the Internet, and unfortunately, Android users have one more reason to worry: spyware apps that steal data from the infected devices. Continue reading →

A lot of users have downloaded over 500 various apps from official Google Play Store. The majority of these apps were infected with a tricky ad library that spreads spyware without being noticed and can do different hazardous procedures.

The main source of income for the app developers is advertising, because Google Play Store provides free downloads for 90% of Android apps. Toward this goal, they embed Android SDK Ads library in their apps that doesn’t influence app’s functionality. Continue reading →

Security specialists revealed a dangerous adware botnet counting practically half a million victims, after attempts to remain in the background.

As ESET informed, Stantinko botnet targets mainly Russia and Ukraine. Its developers put it in circulation by installing hostile browser extensions that contain malicious ad and click fraud.

ESET also added that they were used for a fully featured backdoor sending, a bot for searches on Google, and a tool for performance of brute-force attacks on Joomla and WordPress administrator panels when trying to resell them. Continue reading →

This banking Trojan can easily thieve sensitive data from the infected devices because of Accessibility Services.

Android devices with all updates and the latest Android version, and all security patches installed are also at risk, so these techniques aren’t as safe as many users think. Continue reading →

The experiment involves Elon Musk’s OpenAI framework.

DEF CON Machine-learning tools improve their skills and have ability to create their own malware that overcomes antivirus software.

In a major presentation at the DEF CON hacking convention Hyrum Anderson, technical manager of data science at security shop Endgame, demonstrated the company research involving Elon Musk’s OpenAI framework adaptation to the aim of developing malware that cannot be revealed by security-protection modules. Continue reading →

The survey reveals that a leak of data has increased to 20% because of failure to deprovision employees.

In spite of the fact that companies pay more attention to security sphere, a new investigation from the identity management provider OneLogin proved that still there is a lack of attention in many businesses to critical threats issues brought on by ex-employees – San Francisco, Calif., July 13, 2017. Continue reading →

The investigation of Wakefield Research revealed that although online worry increases, password algorithms remain unimproved. For example, 81% of respondents use one password for many accounts. They are more or less digitally dodgy, but, nevertheless, 92% say they use one password for various accounts. Continue reading →

Many ransomware attacks (76%) take roots in your PC performance through sending malicious messages to your email.

As Barracuda reported, phishing is a real moneymaking (particularly spear phishing). Most of the companies communicate through email, that is why it is the most commonly used tool for attackers’ tricks. Continue reading →

There is no way to avoid the reality: cybercrime, or cyber espionage will hit. Attackers are employing methods to deliver malware and steal credentials, from old vectors like malvertising, to new ones like appliances connected to the Internet of Things.

Companies try to improve their security measures, but many of them are not aware of the biggest dangers.

The reality is that cybercrime will definitely hit. The attackers’ methods focus on credentials steal, using old vectors like malvertising, or new ones like connection to the Internet of Things.

Every specialist in security sphere decides on his own which threats are the most dangerous and which are of a least concern. Continue reading →

Ransomware popularity increases – a real money making

The strategy is clear: a virus infects your PC and encrypts your data until you pay a ransom. The hackers create bit by bit instruction on how much to pay and even offer how to buy bitcoin if you are a new one in such issues. Usually, the sum comes to a few hundred dollars. Many users think that this is a better solution rather than giving up. Such systems are really profitable, none other but their designers know it.

Recently, WannaCry ransomware hit more than 150 countries. It has a rather particular origin: the basis of it is fragility of the National Security Agency, which one can use to disorder many versions of the Windows operating system. An unknown hacker knot called Shadow Brokers stole the NSA’s code (the security community considered these hackers to be the Russians) in 2014 and gave it to the world in April.

Microsoft fixed the weakness a month earlier after the NSA alert message that the information leak was inevitable. But older Windows versions were also infected, and unfortunately, there are a lot of users who do not care about their systems security. So, it is a great chance for WannaCry creators to infect computers and blackmail their users.

Good advice is to regularly update your system patches and REGULARLY backup your data.

Continue reading →

Specialists, who have created fingerprints capable of fooling the sensors, said that smartphone fingerprint scanners are not as secure as we used to believe.

They could unlock mobiles with fingerprint security by using fake ones, so it is a great way to log in and to make different payments.

The investigation results of New York and Michigan State Universities revealed the researchers’ ability to develop “master prints that could fool a scanner up to 65 per cent of the time”. So, that means a rapid improvement of the artificial physical fingerprints.

To unlock smartphones, fingerprint scanners are considered to be more secure than passcodes. The Apple company stated that ID scanner used on iPhone has the slightest chance to be coincident with a fingerprint of another person. Continue reading →

If you are fed to the teeth with people continuously asking about browsing safety, we are with you. Different warnings about internet security… But do not forget about antivirus program, little icon of which does its work.

Practically everyone believes he can light-heartedly click, specify and skim different type of information, and surf on the huge open space that is the internet.

Do not pay attention to those internet security fibs. The next perversions may be hard to perceive at first sight, but ultimately, it will be better for you to be aware of them. Continue reading →