Thursday, 5 May 2016

Stolen Passwords 272 Million Email Accounts Found

An American security company claims to have discovered the stolen usernames and passwords of 272 million email accounts. A large part relates to accounts of Russian mail service, let the company hold Security across news agency Reuters to know.

How the data is not stated precisely captured. According to Alex Holden Security Hold the stolen credentials were offered a forum for cyber criminals. He managed to get the data and verified. It turned out to be nearly 57 million accounts, 40 million Yahoo accounts, Microsoft 33 million accounts and nearly 24 million Gmail accounts and hundreds of thousands accounts of Chinese and German email providers., in response to the discovery launched an investigation to see which users are affected, to warn subsequently. A preliminary audit showed that did not work the leaked usernames and passwords.

Humble Bundle Offers Collection Of Books On Hacking

Humble Bundle , a platform that offers all kinds of games and books at low prices, now offers a bundle of different hacking books too. It is about 13 DRM-free books from No Starch Press with a value of $ 366. The asking price of Humble Bundle is partly determined by users.

For the first four books may include users decide what they want to pay. For the next five books must be paid at least $ 14.75. The last four books going away for at least 15 dollars. Users may also pay more. A portion of the proceeds going to charity. Also, users can choose how their money is split between the publisher and the charity.

The books are by different authors and deal with practical malware analysis, programming in Python, Designing BSD Rootkits, bitcoin, working with the Arduino and Raspberry Pi, hacking the Xbox and use the Linux command line. Meanwhile, there are 45,000 book bundles sold. The campaign will run until 11 May.

German Government Launches Test Plan For Security Routers

In order to ensure that routers that individuals and small businesses purchase are safe, the Bundesamtes für Sicherheit in der Informationstechnik (BSI), part of the German Ministry of the Interior, today a comprehensive test plan ( pdf ) launched broadband routers.

The test plan, especially for Internet service providers and manufacturers intended, which describes a secure router to meet.In this way, potential buyers can more easily compare models in the field of security with each other. According to the BSI, the security of a router, an important factor when choosing a particular manufacturer or type. The German federal government has recently abolished the so-called router obligation. Thereby German internet users can choose yourself which soon modem and router that they want to use their broadband connection.

"Routers are a central part in the digitalization and networking. They are the heart of the home network, but protect at the same time against Internet threats. The abolition of the router obligation have internet August this this year more choice in choosing their router. users should make use of this by looking at the safety when choosing a router, "said Arne Schönbohm, head of the BSI.

In the test plan different parts are discussed, such as the presence of security measures. Thus, each router must sort the BSI have a firewall and there should be no default port forwarding enabled. In addition, made several recommendations, such as the presence of an automatic update feature. Furthermore, the test plan contains examples of common vulnerabilities and attack scenarios.

UK Hospitals Receive 230,000 Euro Fine For Data Leak

A collective of UK hospitals has been fined more than 230,000 euros since it had placed the private information of staff inadvertently on its website. It was the national insurance number, date of birth, religion and sexual orientation of 6,500 employees.

The collective discovered the data breach after 10 months and had another 5 months to inform the affected employees. The information was provided voluntarily by the staff, so that collectively an annual overview of diversity and equality could publish within hospitals. The spreadsheets were found to contain hidden data simply became visible by double-clicking on a table. Because of the data breach, the UK data protection authority ICO now fined 185,000 pounds (the equivalent of more than 230,000 euros).

Anti-virus Again Caused Problems For Firefox Users

Mozilla has released an update to Firefox because anti-virus software again caused problems. Last week Firefox 46 , where several security issues were resolved. Shortly after the release of this version Firefox users complained that they did not have websites could charge more.

Users got to see only blank pages. Then Mozilla decided to discontinue the update to Firefox 46. An investigation was opened, from which it appeared that anti-virus software was the culprit. The problems resulted from the scanning of a certain directory. It is not the first time that Firefox crash and virus scanners. Early this year, Firefox proved to crash through the anti-virus software from G Data virus and made ​​sure that some users no SSL sites to visit. Updating to Firefox 46.0.1 will occur automatically on most systems.

Opera Launches Browser With Built AdBlocker

The creators of Opera today a new version launched from the browser on a built AdBlocker features. According to the developers, ad blocking an important measure to make websites load faster and reduce memory consumption.

Some popular websites would no ads 90% load faster. Browser developers, however, have done nothing to this issue, says Krystian Kolondra Opera. The browser developer wanted for his own words change this by providing a built-in Opera AdBlocker. Thereby find blocking ads at the level of the web-site engine, allowing pages to load much faster and less memory is used than in AdBlocker extensions is the case.

According to their own figures would surf with Opera's AdBlocker 62% faster than without AdBlocker. The browser uses less memory when a AdBlocker enabled. Opera users must AdBlocker in Opera 37 does switch itself. Something that can be controlled by site. Opera has been compared to Chrome or Internet Explorer a little browser. The share of Opera culminated in April, however, a revival and polite with 1.9% the highest level in more than a year. Recently let Opera know that a VPN is added to the browser.

Google: Virustotal Not Intended To Compare Anti-Virus

VirusTotal is a popular service from Google that charge suspicious files can be scanned by dozens of virus, but to keep health service and to prevent abuse have now announced new rules and users are reminded of their responsibilities.

According to Google VirusTotal is a nice collaboration between anti-virus companies and users. Users upload suspicious files, which are then shared with the anti-virus companies. "It's an ecosystem where everyone contributes, everyone benefits, and we work together to improve safety on the Internet," said Bernardo Quintero.


To ensure that the ecosystem is in good working there new rules announced. So all anti-virus companies are obliged to integrate their detection scanner in the public interface of VirusTotal. New scanners wishing to apply must first be able to present a certification or independent reviews of security testers, with the best practices of the Anti-Malware Testing Standards Organization (AMTSO) followed by VirusTotal.

Additionally VirusTotal users must follow the requirements and best practices, let Google know. "It's frustrating to see abuse and is detrimental to our community," said Quintero. He points out that VirusTotal is not substitute for a virus. In addition, the service must also not be used to compare virus scanners with each other. "Virus scanners are complex programs on additional detection properties which may not operate within the scanning area of ​​VirusTotal. Therefore, the scanning results from VirusTotal are not designed to compare the effectiveness of anti-virus products," Quintero says.

Wednesday, 4 May 2016

Virus Crashes Medical Equipment During Heart Procedure

A medical system that monitors patients crashed during cardiac procedures because the virus carried a specified virus. Reported that the US regulator FDA. It concerns the Merge Hemo, a programmable diagnostic computer of Merge Healthcare.

The system consists of a data module and the patient Hemo-monitor computer. The two units are connected via a serial interface connected with each other. During a heart procedure, the Hemo-monitor computer lost contact with the client and Hemo was the image black. While the patient was anaesthetized, this caused a delay of five minutes because the system had to be restarted. Research showed that the virus was to perform a scheduled virus scan.

According to the FDA this may compromise the patient at risk. In the case of the incident was the heart procedure, after the system was restarted, been successfully completed. The manufacturer states in response that the hospital has not followed the instructions regarding the installation of anti-virus software. These guidelines establish how the virus must be set so that there are no consequences for treatments. As patient data and medical images must be scanned. There, according Merge Healthcare therefore no problem lie with the medical system.

Google Encrypts All Traffic To blogs On Blogspot

Google has decided to encrypt all traffic to the blogs on its own Blogspot blogging service. In September last year the Internet giant began offering the option for bloggers to activate it yourself. This option has now been removed and traffic to all blogs are now encrypted.

There is also a new option available for bloggers called "HTTPS Redirect", making it possible to enable all visitors to the HTTP version of the blog visit automatically redirected to the https version. In case the option is disabled, it is possible to visit the blog via both http and https. Google warns however for mixed content that may not work properly the https version of the blogs.

It is in this case content such as images, gadgets, ads or templates that are invoked via http. In the case of an https site may cause a mixed content warning. Google argues that it can solve many of these problems, but some must be resolved by the bloggers themselves. To help bloggers and administrators with this, there is now a special tool launched to find mixed content into blogs and posts.

Many Websites Vulnerable ImageMagick Leak

A serious vulnerability in ImageMagick , a popular software library to handle with graphics, ensures that a large number of websites are vulnerable and at risk of being hacked. In case a website allows users to upload an image and using ImageMagick, an attacker can, at worst, run arbitrary code on the Web server.

Several plug-ins for image processing depend on the ImageMagick library, such as PHP's imagick, Ruby's RMagick and paperclip and NodeJS's imagemagick. The vulnerability is called " ImageTragick received" and was discovered by security researcher Nikolay Ermishkin . According to researcher Ryan Huber, it's easy to make abuse and will exploit them for short term appear.

The prediction Huber yesterday evening did turned out to be correct, because now such exploits include published. The developers of ImageMagick have a solution available that prevents the attack. Administrators should add a few lines of code in this case a file used by ImageMagick. A security will be released this weekend.

Wednesday, 20 April 2016

Chat App Viber Also Adds End-To-End Encryption

The popular chat and VoIP app Viber, which has over 600 million users in their own words, will encrypt all calls through end-to-end encryption. It developers have announced today . Through Viber users can chat with each other and whistles.

By adding encryption have Viber users under the assurance that their messages are not intercepted, whether it's for group or one-on-one meetings and regardless of platform. All that users have to do is use the latest version of Viber. Then, the chat app will show if the call is encrypted.

Users will see a gray lock when the call is encrypted. It is also possible to authenticate contacts manually. In this case, the lock will be green. Rolling out the encryption will take place over the next two weeks. In addition to the announcement of encryption Viber also has "Hidden Chats" revealed. Through this option, users can hide certain conversations in the main window so that only the user knows that they exist.

Ad Network Distributes Hundreds Of Infected Ads

A Scottish ad network that gets 10 billion impressions per month in his own words has been used in recent weeks to distribute hundreds of infected ads. Through the ads, which appeared under other porn sites and torrent sites, ransomware was disseminated.

This enables anti-malware company Malwarebytes . The company in the past two weeks had more than 400 unique infected ads of the Scottish advertising network AdsTerra, also known as Terra Clicks stemmed. Malwarebytes decided to warn AdsTerra but has not received a response yet. The ads direct visitors unnoticed by the Magnitude exploitkit. This exploitkit uses known vulnerabilities in Adobe Flash Player and Internet Explorer to infect computers with Cerber-ransomware.

Users who are not redirected to the Magnitude exploitkit, for example because they use certain security software or a virtual machine, will see a pop-up that there is a problem with their computer and they need to call a helpdesk. These are the familiar phone scam in which fraudsters try to gain access to the computer and victims to resolve not charge existing problems.