exposes

now browsing by tag

 
 

Cloudflare Bug Exposes Data Of Hundreds Of Thousands Of Customers

Source: National Cyber Security – Produced By Gregory Evans

Cloudflare Bug Exposes Data Of Hundreds Of Thousands Of Customers

Cloudflare says a bug in its edge servers exposed the data of its customers, including the websites of some big names. The company says it has found no evidence that anyone used the bug to hack any websites, although hundreds …

The post Cloudflare Bug Exposes Data Of Hundreds Of Thousands Of Customers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

An unpatched vulnerability exposes Netgear routers to hacking

netgear-nighthawk-x10-primary-100688323-large-3x2

Source: National Cyber Security – Produced By Gregory Evans

An unpatched vulnerability exposes Netgear routers to hacking

Several models of Netgear routers are affected by a publicly disclosed vulnerability that could allow hackers to take them over.
An exploit for the vulnerability was published Friday by a researcher who uses the online handle Acew0rm. He claims that

The post An unpatched vulnerability exposes Netgear routers to hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Lax perimeter security exposes bank to hacker extortion attempt

Digital protection and security.Protect system, privacy web information, vector illustration

Source: National Cyber Security – Produced By Gregory Evans

Lax perimeter security exposes bank to hacker extortion attempt

Failure to follow standard network security best practice has exposed a Californian investment bank to cyber criminals’ demands
Hackers have attempted to extort money from an investment bank in California after bypassing network defences to steal documents.
WestPark Capital, based

The post Lax perimeter security exposes bank to hacker extortion attempt appeared first on National Cyber Security.

View full post on National Cyber Security

Grand Theft Auto forum shut down after hack exposes up to 200,000 user details

gta-5-pc-coming-soon

Source: National Cyber Security – Produced By Gregory Evans

Grand Theft Auto forum shut down after hack exposes up to 200,000 user details

Up to 200,000 users of a Grand Theft Auto fan site have had their personal details exposed online after the website’s online forum was breached by hackers last month by exploiting security flaws in a piece of software called vBulletin.

The post Grand Theft Auto forum shut down after hack exposes up to 200,000 user details appeared first on National Cyber Security.

View full post on National Cyber Security

Arrest of Tennessee children exposes flawed juvenile justice – Education Week

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Arrest of Tennessee children exposes flawed juvenile justice – Education Week appeared first on Parent Security Online.

View full post on Parent Security Online

How Heartbleed Bug Exposes Your Passwords to Hackers

Are you safe from the critical bug Heartbleed?? OpenSSL- the encryption technology used by millions of websites to encrypt the communication and is also used to protect our sensitive data such as e-mails, passwords or banking information. But a tiny, but most critical flaw called “Heartbleed” in the widely used OpenSSL opened doors for the cyber criminals to extract sensitive data from the system memory.SSL and TLS are known to provide communication security and privacy over the Internet for applications such as websites, email, instant messaging (IM), including some virtual private networks (VPNs).Heartbleed is a critical bug (CVE-2014-0160) is in the popular OpenSSL cryptographic software library, that actually resides in the OpenSSL’s implementation of the TLS (transport layer security protocols) and DTLS (Datagram TLS) heartbeat extension (RFC6520).This bug was independently discovered by a team of security engineers (Riku, Antti and Matti) at Codenomicon, while improving the SafeGuard feature in Codenomicon’s Defensics security testing tools, and Neel Mehta of Google Security, who first reported it to the OpenSSL team.Software vulnerabilities may come and go, but this bug is more critical as it has left the large number of private keys and other secrets exposed to the Internet. The heartbleed bug can reveal the contents of a server’s memory, where the most sensitive data is stored, including the private data such as usernames, passwords, and credit card numbers. This could allow attackers to retrieve private keys and ultimately decrypt the server’s encrypted traffic or even impersonate the server.

OpenSSL is most widely used cryptographic library for Apache and nginx Web servers, which handles a service of Transport Layer Security (TLS) called Heartbeat, an extension added to TLS in 2012. The combined market share of just those two, Apache and nginx, out of the active sites on the Internet is over 66% according to Netcraft’s April 2014 Web Server Survey.Moreover, OpenSSL is used to protect email servers (SMTP, POP and IMAP protocols), chat servers (XMPP protocol), virtual private networks (SSL VPNs), network appliances and wide variety of client side software. Many large consumer sites are also saved by their conservative choice of SSL/TLS termination equipment and software. OpenSSL is also very popular in client software and somewhat popular in networked appliances which have most inertia in getting updates.

Security researcher ‘Robert Graham’ scanned the Internet and found that more than 600,000 servers are vulnerable to heartbleed flaw, including Yahoo.com, imgur.com, flickr.com, hidemyass.com. [List]

Because of Heartbleed bug, the Canada Revenue Agency was forced to shut down its electronic tax collection service yesterday and apparently, World’s biggest audio platform SoundCloud also logged out its users for fixing this flaw.

Source: http://whogothack.blogspot.co.uk/2014/04/how-heartbleed-bug-exposes-your.html#.VkPBe_mqqko

The post How Heartbleed Bug Exposes Your Passwords to Hackers appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

HeartBleed – Critical Crypto Bug Exposes Yahoo Mail

OpenSSL is considered as a certificate for security but what when OpenSSL itself have a bug. That’s the reason Yahoo mail’s passwords were exposed. Heartbleed is a bug which is the result of a mundane coding error in OpenSSL.

OpenSSL is for implementing HTTPS encryption in websites, e-mail servers, and applications. The result of a missing bounds check in the source code, Heartbleed allows attackers to recover large chunks of private computer memory that handle OpenSSL processes. The leak is the digital equivalent of a grab bag that hackers can blindly reach into over and over simply by sending a series of commands to vulnerable servers. The returned contents could include something as banal as a time stamp, or it could return far more valuable assets such as authentication credentials or even the private key at the heart of a website’s entire cryptographic certificate.

After this bug and a huge loss to Yahoo Mail, OpenSSL developers have released version 1.0.1g that readers should install immediately on any vulnerable machines they maintain. But given the stakes and the time it takes to update millions of servers, the risks remain high.

This worked as by sending many requests at a time and get an entry into website through a hole because of heavy traffic. The bug allows to eavesdropping in a website who is using OpenSSL library.

The OpenSSL patch is only the starting point on the path of Heartbleed recovery. Website operators should strongly consider replacing their X.509 certificates after applying the update and getting all users and administrators to change passwords as well.

Source: http://whogothack.blogspot.co.uk/2014/04/heartbleed-critical-crypto-bug-exposes.html#.Vik8h_mqqko

The post HeartBleed – Critical Crypto Bug Exposes Yahoo Mail appeared first on Am I Hacker Proof.

View full post on Am I Hacker Proof

New Study Exposes Visual Hacking as Under-Addressed Corporate Risk

2161682_3M_Visual_Hacking_Experiment_Infographic

Source: National Cyber Security – Produced By Gregory Evans

 Powered by Max Banner Ads ST. PAUL, Minn.–(BUSINESS WIRE)–While most security professionals focus on thwarting data breaches from high-tech cyber attacks, a new study exposes visual hacking, a low-tech method used to capture sensitive, confidential and private information for unauthorized use, as an under-addressed corporate risk. The 3M Visual Hacking Experiment, conducted by Ponemon Institute on behalf of the Visual Privacy Advisory Council and 3M Company, a leading manufacturer of privacy filters, found that in nearly nine out of ten attempts (88 percent), a white hat hacker was able to visually hack sensitive company information, such as employee access and login credentials, that could potentially put a company at risk for a much larger data breach. “In today’s world of spear phishing, it is important for data security professionals not to ignore low-tech threats, such as visual hacking,” says Larry Ponemon, chairman and founder of Ponemon Institute. “A hacker often only needs one piece of valuable information to unlock a large-scale data breach. This study exposes both how simple it is for a hacker to obtain sensitive data using only visual means, as well as employee carelessness with company information and lack of awareness to data security threats.” During the study, […]

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

The post New Study Exposes Visual Hacking as Under-Addressed Corporate Risk appeared first on National Cyber Security.

View full post on National Cyber Security

Smart LED Lightbulbs Can be Hacked too; Vulnerability exposes Wi-Fi Passwords

Until now, we have seen how different smart home appliances such as refrigerators, TVs and routers could expose our private data, but now you can add another worry to your list —LED light bulb. Don’t laugh! It’s true. Researchers at UK security firm Context have formulated an attack against the Wi-Fi connected lightbulbs, which is available to buy in the UK, that exposes credentials of the Wi-Fi

For more information go to http://www.NationalCyberSecurity.com, http://www. GregoryDEvans.com, http://www.LocatePC.net or http://AmIHackerProof.com

View full post on National Cyber Security