RSS Reader for Computer Security Articles
Credit to Author: BrianKrebs| Date: Thu, 27 Sep 2018 20:45:41 +0000
The U.S. Secret Service is warning financial institutions about a recent uptick in a form of ATM skimming that involves cutting cupcake-sized holes in a cash machine and then using a combination of magnets and medical devices to siphon customer account data directly from the card reader inside the ATM.
Read More
Credit to Author: Jonny Evans| Date: Thu, 27 Sep 2018 06:46:00 -0700
An obscure flaw in Apple’s Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.
Duo Security researchers say they’ve figured out how to enroll a rogue device onto an enterprise’s mobile device management (MDM) system if the business has failed to enable authentication on devices enrolled on the system.
To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple’s Device Enrollment Program (DEP) but not yet set up on the company’s MDM server, they said.
Credit to Author: Jonny Evans| Date: Thu, 27 Sep 2018 06:46:00 -0700
An obscure flaw in Apple’s Device Enrollment Program (DEP) may make it possible for determined hackers to access enterprise networks, though the solution is quite straightforward.
Duo Security researchers say they’ve figured out how to enrol a rogue device onto an enterprise’s MDM system, if the business has failed to enable authentication on devices enrolled on the system.
To make this work, attackers need to get hold of the valid serial number for an Apple device that is registered to Apple’s Device Enrolment Program (DEP), but not yet set-up on the company’s MDM server, they said.
Credit to Author: BrianKrebs| Date: Mon, 24 Sep 2018 16:34:48 +0000
If you’re thinking of donating money to help victims of Hurricane Florence, please do your research on the charitable entity before giving: A slew of new domains apparently related to Hurricane Florence relief efforts are now accepting donations on behalf of victims without much accountability for how the money will be spent. For the past two weeks, KrebsOnSecurity has been monitoring dozens of new domain name registrations that include the terms “hurricane” and/or “florence” and some word related to support (e.g., “relief,” “assistance,” etc. Most of these domains have remained parked or dormant since their creation earlier this month; however, several of them became active only in the past few days, directing visitors to donate money through private PayPal accounts without providing any information about who is running the site or what will be done with donated funds.
Read More
Credit to Author: BrianKrebs| Date: Fri, 21 Sep 2018 16:31:43 +0000
It is now free in every U.S. state to freeze and unfreeze your credit file and that of your dependents, a process that blocks identity thieves and others from looking at private details in your consumer credit history. If you’ve been holding out because you’re not particularly worried about ID theft, here’s another reason to reconsider: The credit bureaus profit from selling copies of your file to others, so freezing your file also lets you deny these dinosaurs a valuable revenue stream.
Read More
Credit to Author: DealPost Team| Date: Fri, 21 Sep 2018 08:10:00 -0700
Apple is dropping the Back To My Mac remote access feature, and in a recent support document they urge you to be prepared by looking for alternatives.
RemotePC by iDrive is a full-featured remote access solution that lets you connect to your work or office computer securely from anywhere, and from any iOS or Android device. Right now, their 50 computer package is 90% off or just $6.95 for your 1st year. So if you need an alternative to Back To My Mac, or have been thinking about remote access, now is a good time to consider RemotePC. Learn more about it here.
Credit to Author: Sharky| Date: Fri, 21 Sep 2018 03:00:00 -0700
Pilot fish returns from an extended holiday weekend to find his inbox full of spam — and for once, dozens of the messages seem to be related.
“I was curious, so I didn’t delete all 50 of them right away,” says fish. “The first one was obviously spam — a ‘Hi, do you remember me, can we talk?’ message with a phishing link.
“But the first reply was from an autoresponder at a legal-services company: Thank you for your email. You have reached the email inbox for… Please let us know if you have any questions.“
The next message is from another autoresponder, replying not to the spam but to the first autoresponder: Thank you for contacting us. This is an automated response confirming the receipt of your ticket. Our team will get back to you as soon as possible.
Credit to Author: SSD / Ori Nimron| Date: Thu, 20 Sep 2018 03:41:42 +0000
Vulnerabilities Summary An ASUSTOR NAS or network attached storage is “a computer appliance built from the ground up for storing and serving files. It attaches directly to a network, allowing those on the network to access and share files from a central location”. In the following advisory we will discuss a vulnerability found inside ASUSTOR … Continue reading SSD Advisory – ASUSTOR NAS Devices Authentication Bypass
Read More