Sites that repeatedly violate Google’s safe browsing policies will be classified as repeat offenders, the company said. A small number of websites take corrective actions after Google displays alerts on their landing pages warning visitors that they’re harmful. However, they typically revert to violating the policies after Google verifies that they’re safe and removes the warnings.
Source: Google Clamps Down on Sneaky Malicious Sites
An old Linux security ‘feature’ script, which activates LUKS disk encryption, has been hiding a major security hole in plain sight.
Source: Major Linux security hole gapes open | ZDNet
Cisco projects that a mere 485 data centers will be handling close to half of the world’s workloads and data in a few years.
Source: Will enterprises all soon be relying on the same few hyperscale data centers? | ZDNet
Yes, you only need a single laptop with a decent internet connection, rather a massive botnet, to launch overwhelming denial of service (DoS) attacks in order to bring down major Internet servers and modern-day firewalls.
Researchers at TDC Security Operations Center have discovered a new attack technique that lone attackers with limited resources (in this case, a laptop and at least 15Mbps of bandwidth) can use to knock large servers offline.
Dubbed a BlackNurse attack or the low-rate “Ping of Death” attack, the technique can be used to launch several low-volume DoS attacks by sending specially formed Internet Control Message Protocol (ICMP) packets, or ‘pings’ that overwhelm the processors on server protected by firewalls from Cisco, Palo Alto Networks, among others.
ICMP is a protocol used by routers and other networking devices to send and receive error messages.
Source: Even A Single Computer Can Take Down Big Servers Using BlackNurse Attack
OUCH!! Probably as bad as the Ashley Madison hack…
Almost every account password was cracked, thanks to the company’s poor security practices. Even “deleted” accounts were found in the breach.
Source: AdultFriendFinder network hack exposes 412 million accounts
Many small businesses with tight budgets are facing a tough choice: Stick with obsolete systems and remain vulnerable to hackers, or spend a lot to install new gear. David Gewirtz shows how Linux can help you preserve your investment while staying safe and secure.
Source: How Linux can save small businesses (and old hardware) | ZDNet
Just a few hours after Donald Trump won the 2016 US Presidential Election, a hacking group launched a wave of cyber attacks targeting U.S.-based policy think-tanks with a new spear phishing campaign designed to fool victims into installing malware.
The group of nation-state hackers, also known as Cozy Bear, APT29, and CozyDuke, is the one of those involved in the recent data breach of the Democratic National Committee (DNC) and is allegedly tied to the Russian government.
Source: Warning: Beware of Post-Election Phishing Emails Targeting NGOs and Think Tanks
Where do you draw the line on personal privacy? The right options are different for everyone. In this guide, I show you which privacy settings help you create the right balance of privacy and convenience in Windows 10.
Source: Take control of your privacy in Windows 10 | ZDNet
Adam Mudd created the tool when he was only 15 and went on to make $385,000 from its sale and a DDoS-for-hire service.
Source: Teen pleads guilty to creating DDoS tool used in 1.7 million attacks – Naked Security
Over a month ago we reported about two critical zero-day vulnerabilities in the world’s 2nd most popular database management software MySQL:
- MySQL Remote Root Code Execution (CVE-2016-6662)
- Privilege Escalation (CVE-2016-6663)
At that time, Polish security researcher Dawid Golunski of Legal Hackers who discovered these vulnerabilities published technical details and proof-of-concept exploit code for the first bug only and promised to release details of the second bug (CVE-2016-6663) later.
Source: Critical Flaws in MySQL Give Hackers Root Access to Server (Exploits Released)
