The decision to close Jumpshot was taken because the business does not fit into Avast’s priorities for 2020 and beyond, he said, adding it would affect “hundreds” of employees.
Avast said it had cut Jumpshot’s access to its data with immediate effect as it winds down the operation.Infosec Institute - Network traffic analysis for IR: Analyzing DDoS attacks -
A DDoS attack works by using multiple exploited machines as a source to attack network traffic. Each of these compromised computers is known as a bot or zombie that collectively establish a Botnet — a malicious network controlled by bot herders or botmasters. The DDoS attack prevents regular traffic from arriving at its desired destination by flooding it with unwanted traffic, like a traffic jam clogging up the highway.
Incident response (IR) teams working in a Security Operation Centers (SOCs) perform network traffic analysis to analyze, detect and eliminate DDoS attacks. But before analyzing the network traffic, we need to understand how threat actors exploit vulnerabilities to penetrate a network.Lifehacker - Calculate How Soon Your Investments Will Double Using the 'Rule of 72' -
What the Rule of 72 really reveals, of course, is the power of finding savings vehicles with the highest potential for growth. Yes, it can be risky to put your money in the stock market—even in low-cost index funds—but leaving your money in a savings account comes with its own risks. When I opened my savings account in 2010, it offered 1.10% APY; a decade later, the interest rate is nearly half that.The Register - Coronavirus claims new victim: 'DEF CON cancelled' joke cancelled after DEF CON China actually cancelled -
The cancellation – or postponement, depending on how optimistic you want to be – was announced by the DEF CON team on Monday, a little more than ten weeks before the confab was scheduled to take place in Beijing. This was to be the second annual outing of the DEF CON event in the Middle Kingdom.Reuters - Huawei denies German report it colluded with Chinese intelligence -
“Huawei Technologies has never, and will never, do anything to compromise the security of networks and data of its customers,” the Chinese company said in response to the report in the Handelsblatt business daily.
“The Handelsblatt article repeats old, unfounded allegations without providing any concrete evidence whatsoever.”
The Handelsblatt report cited a confidential foreign ministry document that intelligence shared by U.S. officials represented a “smoking gun” that meant Chinese companies were unsafe partners for building next-generation 5G mobile networks.
The order makes more demands of the FBI. The court wants to know how the agency is going to make things right. In reference to the Carter Page surveillance applications, the court demands the FBI to explain how it's going to "sequester" everything the FBI collected on/from Carter Page using its bogus applications.
It also wants a detailed description of what the FBI/DOJ is doing to restrict access to unminimized US person info gathered during the Carter Page investigation, as well any restrictions it has placed on access/dissemination of info on Page it never should have collected, much less distributed in the first place.Reuters - Exclusive: Europe wants single data market to break U.S. tech giants' dominance -
The European Union wants to create a single market in data aimed at challenging the dominance of tech giants such as Facebook, Google and Amazon, according to a European Commission proposal seen by Reuters.The Hacker News - Critical OpenSMTPD Bug Opens Linux and OpenBSD Mail Servers to Hackers -
According to Qualys Research Labs, who discovered this vulnerability, the issue resides in the OpenSMTPD's sender address validation function, called smtp_mailaddr(), which can be exploited to execute arbitrary shell commands with elevated root privileges on a vulnerable server just by sending specially crafted SMTP messages to it.Ethereal Mind - EtherealMind’s Fifteen Networking Truths (Rules of Networking)
Dark Reading - Aftermath of a Major ICS Hacking Contest -
That there were mostly successful hacks in the 25 entries by eight teams of hackers in the contest should come as no surprise given the still-nascent state of security in ICS systems. TippingPoint's Zero Day Initiative (ZDI), which sponsors the renowned Pwn2Own contests, shelled out $280,000 in total in prize money to the successful hacking teams.
ICS vendors overall remain in catch-up mode when it comes to security, ICS security experts say. And in that vein, not many are ready to launch a bug bounty program nor likely to enthusiastically embrace participating in hacking contests like Pwn2Own. "A lot of codebases aren't ready for it," notes Dale Peterson, CEO of Digital Bond, founder and sponsor of S4x20. "But there also are some with serious SDLs [secure development life cycles] and that have worked on it really hard and hired third-party offensive teams with great talent to bang on their systems. They're ready for bug bounties."Errata Security - There's no evidence the Saudis hacked Jeff Bezos's iPhone -
There's no evidence the Saudis hacked Jeff Bezos's iPhone.
This is the conclusion of the all the independent experts who have reviewed the public report behind the U.N.'s accusations. That report failed to find evidence proving the theory, but instead simply found unknown things it couldn't explain, which it pretended was evidence.Added 1/30/2020 11:41
Forbes - Severe ‘Perfect 10.0’ Microsoft Flaw Confirmed: ‘This Is A Cloud Security Nightmare’-
‘This is a cloud security nightmare,” Check Point’s Yaniv Balmas tells me. “It undermines the concept of cloud security. You can’t prevent it, you can’t protect yourself. The only one who can is the cloud provider.” In this case that’s Microsoft, provider of the hyper scale Azure.
...
The vulnerability is as punchy as it gets, “a perfect 10.0,” Balmas says, referring to the CVE score on Microsoft’s disclosure in October. “It’s huge—I can’t even start to describe how big it is.” The reason for the hyperbole is that Balmas says his team found the first remote code execution (RCE) exploit on a major cloud platform. One user could break the cloud isolation separating themselves and others, intercepting code, manipulating programs. That isolation is the basis of cloud security, enabling the safe sharing of common hardware.
No comments:
Post a Comment