Monitoring, eveasdropping, spying, surveillance – these are terms that even the layman today associates with NSA – thanks to the recent spate of exposes about who and what the NSA has been monitoring. One assumes that when European heads of state have not been spared, others are just too easy. While the NSA may not have any real interest in what I do, other conglomerate websites like Facebook and Shutterstock have a very real interest in how I behave with their websites – since it might mean more money for them.
Continue reading “Who monitors your every move? NSA or Facebook or Shutterstock?”
BetaBot – The new malware kid off the block
A new warning about malware designed to target payment platforms highlights why anti-virus software is increasingly ineffective at preventing account compromises. And while this new Trojan is not yet targeting online-banking accounts, financial institutions should be aware of the threat. Continue reading “BetaBot – The new malware kid off the block”
Free guide: 5 Best practices for BYOD
Trend Micro Incorporated has issued a free how-to guide that covers 5 Best Practices for BYOD and includes a checklist for developing flexible, yet secure BYOD policy.
iPhones, iPads, Android-powered devices, and Windows phones have grown into powerful computing platforms, and their use allows enterprise employees to connect to work as never before. These devices offer greater flexibility and adaptability — whether it’s for business or private use. But these devices also put proprietary company information at risk. Ideally, consumer devices can extend and supplement desktop and laptop machines, allowing employees to remain connected to the organization without being chained to a physical office. Incorporating consumer technology into a corporate IT system requires planning, policy, protection, and control.
You can request your copy at https://net-security.tradepub.com/free/w_aaaa2710/?p=w_aaaa2710
Qatar websites hacked for several hours
Several Qatar websites carrying the .qa domain name were hacked for several hours on October 19th.
Read more at Dohanews
Why ‘Administrator’ privileges should not be given to end users?
Security firm releases tool to audit SAP’s HANA
A new tool from security vendor Onapsis aims to secure SAP’s in-memory database HANA, the German company’s fastest-growing data processing product.
Onapsis, a Boston-based company that specializes in SAP security, will incorporate the tool into its X1 suite, which scans for vulnerabilities and configuration problems in SAP deployments.
HANA is a cornerstone of SAP’s strategy to compete with Oracle and IBM. Available as a cloud service and an appliance, it’s designed to process analytical and transaction workloads much faster for SAP’s ERP, CRM, supply chain and business intelligence applications.
Read More at Network World
Mexican ATMs fall prey to new cyberattack
Mexican ATMs have become the target for physically installed malware called “Ploutus.” The malware was designed to take over the ATM at the software level and make it dispense cash on command.
Read the full article at ATM Market Place
Metasploit website Hacked just by sending a spoofed DNS change request via Fax to Domain Registrar
A group of Pro-Palestine hackers was able to hijack the Metasploit website simply by sending a fax to the Domain Registrar.
Read the full article at The Hacker News
Backdoor found in D-Link router firmware code
A backdoor found in firmware used in several D-Link routers could allow an attacker to change a device’s settings, a serious security problem that could be used for surveillance.
Craig Heffner, a vulnerability researcher with Tactical Network Solutions who specializes in wireless and embedded systems, found the vulnerability.
Read the full article at Network World
Google Malaysia Site Hijacked
The Google domain for Malaysia was hijacked on October 10th, redirecting visitors to a page that said a group called Madleets from Pakistan had performed the attack.
MYNIC, the company that administers the country TLD for Malaysia, confirmed the attack in a statement issued Friday morning, saying that its internal incident response team had resolved the problem within a short time of learning of the attack.
Read the full article at Threat Post