Archive for the ‘Uncategorized’ Category

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

ROPEMAKER Exploit Allows for Changing of Email Post-Delivery

August 23rd, 2017

An exploit dubbed ROPEMAKER relies on taking advantage of email design functionality, namely by remotely changing CSS in HTML-based emails after they’ve been sent.

Posted in css, email security, Exploit, Francisco Ribeiro, HTML, Mimecast, ROPEMAKER, Uncategorized, vulnerabilities, Web Security | Comments (0)

Health benefits of wind and solar offset all subsidies

August 17th, 2017

Enlarge

Wind and solar energy are obviously essential in reducing carbon emissions, but they also have a remarkable side effect: saving lives. As they edge out fossil fuels, renewables are reducing not just carbon emissions, but also other air pollutants. And the result is an improvement in air quality, with a corresponding drop in premature deaths.

A paper in Nature Energy this week dives into the weeds by trying to estimate the economic benefits of wind and solar power across the whole of the US. Berkeley environmental engineer Dev Millstein and his colleagues estimate that between 3,000 and 12,700 premature deaths have been averted because of air quality benefits over the last decade or so, creating a total economic benefit between $30 billion and $113 billion. The benefits from wind work out to be more than 7¢ per kilowatt-hour, which is more than unsubsidized wind energy generally costs.

Death is in the air

Poor air quality is a tricky beast in public health, since it’s not obvious when someone dies as a result of air pollution. The World Health Organization estimates that air pollution leads to around 7 million premature deaths globally each year—people dying earlier than they otherwise would have from heightened incidence of cancer, heart disease, and respiratory disease.

Read 11 remaining paragraphs | Comments

Posted in Uncategorized | Comments (0)

Warning: Two Dangerous Ransomware Are Back – Protect Your Computers

August 15th, 2017

Ransomware has been around for a few years but has become an albatross around everyone’s neck—from big businesses and financial institutions to hospitals and individuals worldwide—with cyber criminals making millions of dollars.

In just past few months, we saw a scary strain of ransomware attacks including WannaCry, Petya and LeakerLocker, which made chaos worldwide by shutting down hospitals

Posted in Cyber Attack, file encryption, hacking news, Locky ransomware, Mamba ransomware, ransomware attack, Ransomware Decryption Key, ransomware malware, Uncategorized | Comments (0)

May 30, 2017 – Hack Naked News #127

June 2nd, 2017

Thousands of known bugs found in pacemaker code, Chipotle’s sale terminals get hacked, Microsoft patches another critical malware protection engine flaw, popular Radius server expoitable with TLS session caching, and polite hackers hijacked this mall billboard. All that and more on this episode of Hack Naked News! Full Show Notes Visit http://hacknaked.tv to get all

Posted in Chipotle, Hack Naked News, hacked, Uncategorized | Comments (0)

WannaCry Coding Mistakes Can Help Files Recovery Even After Infection

June 2nd, 2017

Last month WannaCry ransomware hit more than 300,000 PCs across the world within just 72 hours by using its self-spreading capabilities to infect vulnerable Windows PCs, particularly those using vulnerable versions of the OS, within the same network.

But that doesn’t mean WannaCry was a high-quality piece of ransomware.

Security researchers have recently discovered some programming errors in

Posted in Uncategorized | Comments (0)

8 Authentication Pitfalls That Can Put You on the Road to Nowhere

June 1st, 2017

Two-factor, multi-factor, mobile, push, tokenless, biometric: you have choices today when it comes to authentication solutions. Choose the right authentication solution, and you’ve got a straight shot to access that’s secure and convenient for users. Choose the wrong one, and you risk getting on a path that’s at best bumpy and at worst downright dangerous. Here are the things to watch out for:

     1.   Does the solution you’re considering put convenience ahead of security?

An authentication solution shouldn’t have to cut corners on security to give users the convenient access they’re looking for. Choosing one that does puts you at risk for a breach or a compliance violation that could drive the whole organization off a cliff in short order—at which point it won’t matter how convenient the solution is.

     2.   Are your authenticator options going to be limited?

With so many different kinds of users accessing your systems from so many different environments—from cloud to mobile and everything in between—you need a solution that offers more than just a couple of options for authentication. And you need a solution that makes it easy for them to seamlessly move from, say, mobile push to hardware tokens to biometrics and back again.

     3.   What’s the risk of getting stranded on “islands of identity”?

When you have applications on-premises and in the cloud, as most organizations do, it’s easy to end up with silos of identity information we call “islands of identity.” Authentication solutions that don’t provide a way to secure access across them can leave users frustrated and inconvenienced as they try to maneuver through multiple access processes. You can hardly blame them if they just resort to using the same password for everything—and putting the security of the entire organization at risk in the process.

     4.   Can you effectively secure privileged users’ access without subjecting them to heavy-handed authentication demands?

Users with elevated levels of access privileges have so much control over their access, it can sometimes be hard to tell exactly what they’re actually doing, at least until they go spinning out of control. Then it’s too late. Keep in mind that not every authentication solution combines privileged user management with convenient and secure multi-factor authentication to reduce the risk these powerful users create.

     5.   Sure, the solution has features you need nowbut what about the road ahead?

Think back just five years or so: how much have your authentication needs changed since then? How many more applications do you have in the cloud today? How many users are accessing them, and from how many places and types of devices? More important, how much more change is in store on your journey ahead? Why invest in an authentication solution that’s not built to grow and change with you?

     6.   Are you getting the horsepower to handle enterprise-grade needs?

In today’s enterprise, you need to be able to deliver access to more and more of the apps users want, and do it fast. You can’t afford to let an authentication solution that’s not up to the task slow you down.

     7.   Will you have to ditch your existing security infrastructure?

Your investment in security infrastructure is pretty considerable when you take into account the firewalls, legacy security apps and VPN capabilities that form a protective barrier around your on-premises applications, data and other assets. Beware of any authentication solution that doesn’t support the protections and safeguards you already rely on.

     8.   What about your cloud apps?

You need one solution that delivers convenient, secure authentication across all the environments where users need access to resources—on-premises, web, mobile and yes, of course, cloud.

RSA SecurID® Access: Road-tested and industry-trusted authentication to keep your organization moving forward

With 30+ years of experience and over 25,000 customers, RSA’s been there, done that. We’ve seen it all. RSA SecurID Access is the most widely deployed two-factor authentication and multi-factor authentication solution anywhere, protecting resources from cloud to ground without slowing the business down.

Is your authentication strategy on the right track?

Download this infographic and see how you can avoid the most common authentication roadblocks and stay on the path to secure, convenient access for all.

 

 

The post 8 Authentication Pitfalls That Can Put You on the Road to Nowhere appeared first on Speaking of Security – The RSA Blog.

Posted in Uncategorized | Comments (0)

Flipping Security Awareness Training

October 21st, 2016

Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.

Posted in Uncategorized | Comments (0)

Flipping Security Awareness Training

October 21st, 2016

Threats can be minimized when teams understand business goals and objectives. These four tips can help turn things around.

Posted in Uncategorized | Comments (0)

Over 43 Million Weebly Accounts Hacked; Foursquare Also Hit By Data Breach

October 20th, 2016

2016 is the year of data breaches that has made almost every major companies victims to the cyber attacks, resulting in compromise of over billion of online users accounts.

Weebly and Foursquare are the latest victims of the massive data breach, joining the list of “Mega-Breaches” revealed in recent months, including LinkedIn, MySpace, VK.com, Tumblr, Dropbox, and the biggest one — Yahoo.

Posted in data breach, database leaked, Foursquare, hack password, hacking news, password hacking, Uncategorized, website hacking, weebly | Comments (0)