News

IT Security News

1 2 3 7

Could your company be facing Legal action if you continue to transfer data on EU individual to the US after 31st January 2016.

On 6 October 2015, the European Court of Justice (ECJ) ruled that the commission’s adequacy decision on the EU-US Safe Harbour arrangement is invalid.

The Pan-Europe Data Protection has warned that if no agreement is reached by the end of January 2016, they are committed to take all necessary and appropriate actions. This would appear to mean that business engaged in the transfer of data to the US will have to hope that new laws are agreed otherwise their action could be deemed unlawful.

 

http://ec.europa.eu/justice/data-protection/article-29/press-material/press-release/art29_press_material/2015/20151016_wp29_statement_on_schrems_judgement.pdf

Shellshock bash Code Injection Vulnerability, what do you need to do? what is the Risk?

 

Report from SAMS ISC

 

Bash Code Injection (Shellshock) Vulnerability (CVE 2014-6271)

 

 

Cento OS Bash vulnerability that had been announced in 2014/09/24 How to FIX

 

 

How to fix bash code injection flaw on CentOS/RedHat 6x Server

 

 

HackerKast Shellshock- September 25, 2014 – WhiteHat Security

 

Would you trust or do business with someone who steals, property theft is a big issue, especially on the internet. We decided to do an investigating to determine how many business website owners on the internet have no regard for copyright and steal logos for other website. For this investigation we decided to see identify who has stolen out logo. From our investigation on the 04 July 2014 we identified 41 cases of logo theft.

————

10 July 2014 As we keep going deeper into this case on Intellectual Property Theft we have now identified 65 sources on the internet that contain this stolen logo. Less than 5 website owner have apologized for the unauthorized use of this logo. But many website owners and business are failing to report, until they realize that we are serious about getting local law enforcement involved.

izeektech isbitgs-wikispaces iqchannels indiamart hotfrog2 hotfrog gshny.weebly gobeshona download.html datacore cybersecureonline buildershoponline beton-nn beacongis 41 40 39 37 35 34 19 18 17 16 14 12 10 9 7 4 3 www.best-reviewer weblocal webdime tozoshop tickadeals security-testlab secugenius sawitcantas rambotechnology rabsnetsolutions podored mywellcare man2bekasi mailmantra macktechaddition javanmardi

Due to a security flaw in the Samsung Galaxy S3 your phones data can be wipe just by surfing web pages (on a compromised website). Hackers have become aware of this security flaw and they are placing hidden code in webpages that will trigger the remote wipe feature of this phone without the permission or any input from the phones user. This code is presently circulating online through websites but it’s also possible that attackers may adopt the code to a test message distribution method, QR code or NFC tag.

Other reports on the internet are saying that they have uncovered more codes built into Samsung devices that could be used in other attacks like killing the phones SIM card. Beside claim we have not seen any evidence of such code yet.

It is also believed that this code may also trigger a factory reset on Galaxy S2 and other Samsung devices that use Samsung's "TouchWiz" interface.

How to Protect you self for this issue:
Backup you Smart Phone content, and check regularly on the Samsung website to see if they have released an update to fix your phone.
The only way to guard against the attacks is to switch off "service loading" in settings, and disable QR code and NFC apps.

How to Test your Phone
You can test your phone by entering any one of the two codes provide here:

*2767*688#
or
*2767*2878#

Please make BACKUP of your all data on your phone before use this code because it you phone is vulnerable the code will wipe all data on your phone and reset it back to factory default.

Devices from other Android manufacturers appear to be unaffected
 

The Wolds First International Team Ethical Hacking Championship
The Europe Championships of the Global CyberLympics has just completed.The Global CyberLympics is the world’s first international team ethical hacking championships, and is been held from September onwards across six continents.

The Asia Pacific Championships will be held at the Hacker Halted Asia Pacific 2011 conference in Kuala Lumpur, Malaysia.
http://www.cyberlympics.org/
 

The Stuxnet Worm was first discovered in July 2010 by a security firm in Belarus, but did not make global headlines until months later when Iranian state media announced the Middle East nation had been the target of a coordinated attack.

The Stuxnet worm was "the first of its kind. It was written to specifically target mission critical control systems running a specific combination of software and hardware.

There are a lot of concerns that the Stuxnet worm could be altered to attack key components of any nation's infrastructure, from electricity grids to oil rigs.

Many experts believe that the Stuxnet worm was only the beginning of a new kind of cyber attacks against critical infrastructure.

It’s quite possible the in 2011 or 2012 that we will see copycat versions of Stuxnet been used by terrorists to try and cripple the infrastructure of some of the major powers.

New scam spreading via Facebook that attempts to capture personal information including email and postal addresses. The scammers are targeting Facebook users through Facebook notification system and by e-mail, saying they have been made administrators of an unknown page. From there, users are directed to click on a link that takes them to a fake Facebook page. When the user has landed on the fake Facebook page, they are re-directed to a different, malicious page where they are asked to provide their e-mail and shipping addresses in order to take part in a test session of the new Apple iPad2. The scam is luring users in with a fake offer to review an iPad 2, saying that Apple is giving away a total of 10,000 iPad2's for review.

Hackers gained unauthorized access to one of the ashampoo servers. They believe the hackers were after customer data. According ashampoo sensitive data such as billing information is not affected, because Ashampoo does not store this data. The stolen pieces of information are data of addresses such as name and e-mail address.

  • Non-work related Internet surfing results in up to a 40% loss in productivity each year- Gartner Group
  • 85.6% of employees use office email for personal reasons- NFO Worldwide
  • 70% of all web traffic to Internet pornography sites occurs during the work hours – Sex Tracker
  • 92% of online stock trading occurs from the workplace during work hours.
  • 64% of employees have received politically incorrect or offensive emails at work- Business Week
  • 30% of employees watch sports online while at work.
  • 24% of employees admit to shopping online while at work.
  • Employees use company Internet access to visit sites more frequently at work than they do at home because of the high-speed Internet access at work.-Nielsen Ratings
  • 30 to 40% of Internet use in the workplace is not related to business.- IDC Research
  • 37% of workers say they surf the Web constantly at work- Vault.com
  • 77.7% of major U.S. companies keep tabs on employees by checking their e-mail, Internet, phone calls, computer files, or by videotaping them at work- American Management Association
  • 63% of companies monitor workers' Internet connections and 47% store and review employee e-mail – American Management Association
  • 27% of companies say that they've fired employees for misuse of office e-mail or Internet connections, and 65% report some disciplinary measure for those offenses – American Management Association
     

An investigation commissioned by data protection company CPP Group found that many people in the UK who sell their old smartphones and SIM cards are failing to wipe the devices of sensitive personal data.  More than half of the devices examined for the study were found to contain credit card PINs, bank account information, and login information for social networking sites.  The information was gathered from 35 used phones and 50 used SIM cards.  Users selling old phones should perform a factory reset.  Unless old SIM cards are being transferred to another of the owner's devices, they should be destroyed.

Read More

1 2 3 7