now browsing by tag
Convicted Scots sex beast trawls Tinder for date weeks after prison release | #tinder | #pof | romancescams | #scams
A sex offender who met his victim online has been branded “a danger to women” after he returned to a dating app following his release from jail. Pervert Steven McGinley […] View full post on National Cyber Security
#onlinedating | AsianDate Gives an Insight into the Subtle Signs that Show When a Match is Interested in Dating – Press Release | #bumble | #tinder | #pof | romancescams | #scams
AsianDate gives an insight into the signs to look out for when understanding whether someone is interested in dating and ready for online romance. AsianDate, the international dating platform for […] View full post on National Cyber Security
Re:Zero Starting Life in Another World Season 2 Episode 10 Release Date | #tinder | #pof | romancescams | #scams
– Advertisement – When is the Re: Zero Beginning Life in Another World Season 2 Episode 10 launch date? Observing the events of the last episode, you’re going to be […] View full post on National Cyber Security
– Advertisement –
The Boys are back in action!
This American Superhero Web Series is a dark comedy. Deflecting from the saturated superhero theme, it portrays the inhuman, perverted nature of these ideal superheroes.
About Season 2:
– Advertisement –
The revival of the second season was announced by Jennifer Salke even before the first season aired.
Amazon’s most-watched original series, The boys, was a huge hit.
The Cast of the series:
– Advertisement –
The core team includes many talented actors like Karl Urban (Billy Butcher), Jack Quaid (Hughie), Erin Moriarty (Starlight) and Chace Crawford (The Deep).
Karl’s first look is intense and hints on Billy’s important participation in the second season.
A powerful Neo-Nazi called Stormfront played by Aya Cash is a new addition to the show.
Billy’s dog, Terror, is a sweet surprise to all the loyal comic book fans!
The Premiere Date of season 2:
Amazon has not dropped any hints regarding its release date.
However, we can expect the second season in mid-2020.
Thanks to Karl Urban’s post, which stated that the filming is done and the release date will be out soon.
The Plot of season 2:
The series ended on an open note. The last episode revealed that Becca is alive raising her son in a secretive disposition.
This will be a huge turning point in Butcher’s life and will serve as a central point of focus.
Fans can expect unpredictable stories in future as the series will deviate from the comic books. It’ll add its own uniqueness to the show.
The first teaser:
It dropped in December 2019 at the Comic-Con in Brazil.
Based on what is shown in the teaser, it seems that the second season will be bigger and bloodier.
Hints on season 3 already:
Eric Kripke has promised that the Herogasm storyline has been sidelined for a long time.
Season 2 will serve as a base while this storyline will be a focus in season 3.
It has full potential to compete with DC’s Titans because the series has got a huge fanbase and an amazing plot.
– Advertisement –
The post #deepweb | <p> The Boys Release Date, Cast, Plot, And Will It Compete With DC’s Titans? <p> appeared first on National Cyber Security.
View full post on National Cyber Security
Security services firm Trustwave has released an open source project aimed at companies that want to provide password-cracking as a service to their security teams and red teams, the company announced today at the Black Hat Europe conference.
Using the new CrackQ platform, companies can run periodic checks on their own systems or give red teams a resource for cracking password hashes taken from clients during an engagement, providing businesses with metrics on password quality and statistics on the tool’s use. Written in Python and based on the Web-application framework Flask, the platform is extensible and already includes a graphing library for creating plots in the dashboard, says Dan Turner, principal security consultant at Trustwave’s SpiderLabs
“The dashboard really helps to visualize the weaknesses there [in password selection],” he says. “A viable use case is a security team using it internally to check passwords, but it is primarily for offensive teams to use during an engagement.”
Because they are chosen by users, passwords have always been a weak link in corporate security. A study by Virginia Tech, for example, found slightly more than half of users reused passwords or used variants of the same password. Fifty-six percent of passwords only required 10 guesses to crack, according to the study.
Trustwave regularly finds similar numbers. More than half of the passwords the company’s red teams have taken from Windows Domain Controllers usually can be broken by password-cracking tools, such as Hashcat, the program that powers CrackQ, Turner says. Often, the failure rate is closer to 70%.
Even with common best practices, such as enforcing password complexity and timing out logon attempts, passwords continue to be a weak link in system security.
“The problem is that there are still a a large body of insecure passwords within organizatioons, and it only takes one weak password for a network to be compromised,” he says.
The password cracker does not need to be reinvented, Turner adds. Instead, he wanted to solve the problem of cracking passwords as a team.
“At the click of a button, CrackQ will generate a password analysis report from the results of a password-cracking job — a Windows Active Directory domain store. for example,” Turner wrote in a blog post on the tool. “This includes information relating to timings and speed, but crucially insecure password choices and patterns within an organization.”
The software, for example, will also analyze the probable nationality of a user by the words used in their password or if the passphrase mentions specific geographic locations.
CrackQ also uses Hashcat Brain, a feature that prevents the password-cracker from trying the same password multiple times, but turns this off when it becomes a bottleneck, which it can be for slower algorithms.
The platform will be useful for password-cracking in an enterprise context, as it allows the security team the ability to easily create reports and spot weaknesses in password selection, Turner says.
“For us, every penetration test with a significant password store compromise will include a detailed report analyzing weak areas in a password policy,” he says. “CrackQ will help to visualize that and perhaps help drive home the message about poor password choices.”
Interested users and contributors can download or clone the tool on GitHub.
Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s top story: “A Cause You Care About Needs Your Cybersecurity Help.”
Veteran technology journalist of more than 20 years. Former research engineer. Written for more than two dozen publications, including CNET News.com, Dark Reading, MIT’s Technology Review, Popular Science, and Wired News. Five awards for journalism, including Best Deadline … View Full Bio
View full post on National Cyber Security
Shortly after Akamai announced the October 2019 Release with new features and capabilities across its security, performance and media product lines, Akamai’s VP of Product Marketing, Ari Weil, took over Akamai’s Twitter account for a live October Release Q&A.
For those that missed the live event, here’s an overview of all the questions submitted, as well as Ari’s answers.
Q1: What can you tell us about the new #bot intelligence improvements and updates?
A1: @Akamai now shows how #bots relate to customers and their industry – the broader threat they represent, how the bots operate, and effective mitigations
Q2: What @Akamai product update are you most personally excited about @aweil?
A2: #Bot intelligence! It brings detection, insight, and mitigation together to augment our customers’ #security teams in a unified set of controls
Q3: What is the timeline for user fraud detection in Akamai Identity Cloud?
A3: Identity Cloud identifies early stages of the #fraud kill chain; insight from #bot mgr for #credentialstuffing & #accountchecking + a framework to act
Q4: How will @Akamai’s October Release impact #developers?
A4: We’re improving how #developers leverage @akamai as code and be more focused on their #apps and #infrastructure. Ream more here! https://developer.akamai.com/blog/2019/10/15/october-2019-release-whats-it-developers-admins-and-architects%20?utm_source=twitter&utm_medium=social_corporate
Q5: How can I optimize animated #GIFs now with the recent release?
A5: There’s a great blog on this on our #developer site here! https://developer.akamai.com/blog/2019/08/26/introducing-animated-gif-optimization-akamai-image-manager?utm_source=twitter&utm_medium=social_corporate
Q6: Which product update will make the greatest impact on #websec?
A6: #WAF rule improvements and eval capability will help businesses be #secure by design and evolve protections in complex environments.
Q7: How does @Akamai decide what updates to make to products?
A7: #Customer input, our #threat intel, #analyst insights, and our #services engagements all factor in – it’s been a recipe for industry leadership.
Q8: Large-scale #DDoS attacks continue to be on the rise in 2019, what does this latest release do to address both the increase in size and severity of DDoS attacks on the web?
A8: We continue to increase detections and automated #ddos mitigations, and are building out scrubbing centers in more regions. Check out https://www.akamai.com/us/en/security/ddos-resource-center.jsp?utm_source=twitter&utm_medium=social_corporate
Q9: How can orgs continue to improve video #streaming performance in 2019 and beyond?
A9: Here’s a great blog on origin-assisted prefetching that will provide insight and links to more! https://blogs.akamai.com/2019/10/optimizing-video-streaming-performance-with-origin-assisted-prefetching.html?utm_source=twitter&utm_medium=social_corporate
Q10: What kinds of insights can be gained by using the #Bot Intelligence Console?
A10: The Bot Intelligence Console can answer many questions, including: What #bots are hitting your sites and #apps? Are these common to your industry? How does the #bot operate? What controls are effective?
Q11: We are an #AWS shop. Why would I use something besidesin addition to the native AWS services?
A11: 2 words: Shared responsibility. @Akamai handles #DDoS, #app protection & #bot mgmt while you focus on your #AWS deployment. https://www.akamai.com/us/en/solutions/akamai-architectures.jsp?utm_source=twitter&utm_medium=social_corporate
Q12: How does this release address the growing threat of video piracy?
A12: With watermarking and access revocation. There are two blogs on the topic: https://blogs.akamai.com/2019/10/watermarking-a-content-owners-mark-to-prevent-piracy.html?utm_source=twitter&utm_medium=social_corporate and https://blogs.akamai.com/2019/10/access-revocation-a-content-providers-tool-to-block-pirates-in-real-time.html?utm_source=twitter&utm_medium=social_corporate
Q13: What are the benefits of using @Akamai’s #streaming services over current social media based solutions (Twitch/Mixer/Facebook/etc)?
A13: Scaling IP #video at #broadcast quality globally. This year we delivered flawless QoE for 18.6 million concurrents and just hit a traffic peak of 106.591tbps this week. See our site for more: https://www.akamai.com/us/en/about/news/press/2019-press/with-18.6-million-simultaneous-viewers-streaming-vivo-ipl-hotstar-shatters-viewership-record-again.jsp?utm_source=twitter&utm_medium=social_corporate
Q14: What can you give a sneak preview of for 2020? What product enhancements will you be focusing on?
A14: We’re expanding our industry leading #security portfolio to protect against #magecart style attacks. We’re seeing strong results with early betas.
Q15: What new #DevOps capabilities is Akamai providing customers?
A15: EdgeWorkers is really exciting because it allows #developers to push business logic to the #edge to solve problems without modifying #apps https://developer.akamai.com/akamai-edgeworkers-overview?utm_source=twitter&utm_medium=social_corporate
Q16: Why is the edge so important for companies to deliver great & secure digital experiences?
A16: The #Edge enables a consistent #security posture across a hybrid/multi #cloud architecture, and that has a real financial impact. https://www.akamai.com/us/en/campaign/assets/reports/forrester-tei-oct-study.jsp?utm_source=twitter&utm_medium=social_corporate
Q17: How can customers use the new #bot activity insights to enhance #security?
A17: Customers can use it to get clarity: is the #bot targeting my industry or just me? How does it behave? What are the most effective mitigations?
Q18: What is the single most formidable, #cybersecurity threat facing businesses today? And how is @Akamai mobilizing to mitigate against it?
A18: There are many, but complexity is a massive challenge. #Risk is compounded by evolving architectures, #shadowIT, and more sophisticated attackers.
Q19: What’s new that will help safeguard against video #piracy?
A19: Check out this great #ebook on #media #security https://www.akamai.com/us/en/multimedia/documents/white-paper/the-state-of-media-security-white-paper.pdf?utm_source=twitter&utm_medium=social_corporate
Q20: Also, how do the new enhancements in the October Release help maintain consistent #security controls?
A20: A picture’s worth 1000 words (or 150 characters) – check out this reference architecture: https://www.akamai.com/us/en/multimedia/documents/infographic/securing-multi-cloud-reference-architecture.pdf?utm_source=twitter&utm_medium=social_corporate
Q21: How does @Akamai’s new Enterprise Application Access functionality help companies further strengthen their #ZeroTrust platforms?
A21: By making the #app and #user the perimeter. A key update is how we use enhanced #security signals to help create a profile for a user risk assessment https://blogs.akamai.com/2019/10/walkdont-walk-secure-intelligent-application-access-with-enhanced-security-signals.html?utm_source=twitter&utm_medium=social_corporate
Q22: What does it mean for #IT and #security teams to deploy @Akamai’s #WAF solutions in evaluation mode?
A22: They can deploy @Akamai’s curated rule updates faster and keep protections up to date by better understanding their impact – see https://blogs.akamai.com/2019/10/tune-your-waf-with-greater-confidence-using-krs-evaluation-mode.htm?utm_source=twitter&utm_medium=social_corporate.
Q23: What can @Akamai customers expect from the new enhancements for Akamai’s #Bot Manager?
A23: Understand how sophisticated, pervasive & active a #bot is plus how to mitigate it – see https://blogs.akamai.com/2019/10/enhance-visibility-into-the-bot-landscape-with-bot-intelligence-console.html?utm_source=twitter&utm_medium=social_corporate
Q24: Does the rollout of #5G and the increased speed level impact how @Akamai develops security solutions? The increased speed could potentially enable bad actors to cause harm much quicker.
A24: We’re actively testing #edgecomputing scenarios with #network operators for #mobile use cases, where reducing latency really matters https://www.lightreading.com/the-edge/akamai-testing-edge-computing-scenarios-with-5g-operators/d/d-id/753485?
Q25: What does this release mean for @Akamai’s products and customers overall?
A25: Deliver superior quality, consistently at scale: with security that is critical when #privacy concerns are paramount. @Akamai helps you own the #Edge!
Learn More: Visit the October Release page on Akamai.com to see everything that was announced.
*** This is a Security Bloggers Network syndicated blog from The Akamai Blog authored by Akamai. Read the original post at: http://feedproxy.google.com/~r/TheAkamaiBlog/~3/LL-pe8F5nK4/october-release-qa-with-ari-weil.html
The post #cybersecurity | #hackerspace |<p> October Release: Q&A with Ari Weil <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#iossecurity | #applesecurity | Four New Games Were Added To Apple Arcade, Including The Surprise Release Of Pilgrims
Surprise! Last night, Apple added four new games to the Apple Arcade service, including the new game, Pilgrims, from Machinarium developer Amanita Design and the early release of The Bradwell Conspiracy.
It seems Pilgrims was a complete surprise, being announced and released all at once. It’s described as a “playful adventure game” where players will have to explore and meet new characters, helping them and learning about their stories. The art style looks lovely. Pilgrims is also now available for PC.
The Bradwell Conspiracy is a first-person puzzle game with a big focus on telling a story. Following a large explosion at the Stonehedge Museum, you are trapped underground in a secret complex. You have to unravel the secrets of this complex and escape with the help of another survivor. This game was planned to release on Oct. 8, but was released a little early on Apple Arcade. It will still be released in a few days for PS4, Xbox One, PC and Switch.
RedOut: Space Assault is a dogfighting game featuring cool-looking spaceships. The game has a full career mode with ship upgrades and various ways to control your starfighter. You can kill the engines to slow your speed, making it easier to navigate a small opening. RedOut: Space Assault is also coming to PC, though no release date is listed on Steam.
Finally, Nightmare Farm is the new game from the developers behind Neko Atsume: Kitty Collector. Nightmare Farm is described as “The story of a painful nightmare spinning in a bright world.” Not entirely sure what that means, but players will have to grow and harvest crops while also preparing meals for visitors to keep them happy.
I’m happy to see Apple adding new games to their service so quickly and these games look good. But I can’t help but feel like this is a terrible way to run a service. The news was buried late Saturday night with no big announcement post, teaser or anything.
Checking out each game’s publishers and developers, only some of them have formally announced the new releases. I assume, over the next few hours and days, more formal announcements and trailers will launch for these games and their Apple Arcade debut. But hopefully, future additions to Apple Arcade will be handled a bit better and not feel so sloppy and poorly done.
View full post on National Cyber Security
Today’s topics include the Huawei router exploit code used in the Satori IoT botnet going public; a rise in GPU sales in 2017; and LinkedIn expanding its job seeker toolkit ahead of the new year.
Researchers at NewSky Security reported Dec. 28 that code from the Satori internet of things botnet that exploits a Huawei router vulnerability has been publicly posted on the internet. The vulnerability, which internet service providers had shut down earlier this month, was discovered by security firm Check Point, which reported the issue to Huawei on Nov. 27.
“An authenticated attacker could send malicious packets to port 37215 to launch attacks. Successful exploit could lead to the remote execution of arbitrary code,” Huawei said.
Check Point reported that the root cause of the flaw is linked to Huawei’s implementation of the Universal Plug and Play protocol via the TR-064 technical report standard. Huawei implementation allowed remote attackers to inject arbitrary commands, which hackers used to build the Satori botnet.
Maya Horowitz, Threat Intelligence Group Manager at Check Point, said “[Users should] change the default password on their router,” and recommends that end users running Huawei routers behind a firewall or Intrusion Prevention System should configure those devices to block the exploit’s traffic.
Jon Peddie Research released Dec. 29 its annual review of graphics processing unit developments, and the results indicate good things for the year past and for 2018. Despite an overall slowdown in worldwide sales of PCs, PC-based GPU sales have been increasing at the same rate as mobile devices.
Sales in the console market have also increased over the year, where integrated graphics are in every console. The IT business has seen a few new GPUs showing the path for future developments and subsequent applications, and 2017 was a solid year for GPU development driven by games, eSports, artificial intelligence, cryptocurrency mining and simulations.
Autonomous vehicles started to become a reality, as did augmented reality. Mobile GPUs, exemplified by Qualcomm, ARM and Imagination Technologies, introduced some advanced devices with long battery life and screens at or approaching 4K.
Jon Peddie Research said, “2018 is going to be an even more amazing year [for GPUs], with AI being the leading applications that will permeate every sector of our lives.”
LinkedIn, Microsoft’s business-focused social network, has new features to help members land a new job or build the skills required for a career change.
This is just in time for the many people, particularly IT workers, who are considering switching jobs in 2018, according to Spiceworks’ recent 2018 IT Career Outlook survey. Nearly a third of IT workers in North America and Europe plan to look for a new job in 2018 with higher salaries and opportunities to improve their skills sets.
LinkedIn is now issuing monthly notifications alerting users to trending skills among folks with the same job title. If members already possess a given skill, they can add it to their profiles, improving the chances that interested employers will come calling. If they lack the expertise, users can click on a skill to see corresponding LinkedIn Learning courses, along with the organizations that are hiring people with that skill.
The post Hackers #Release #Huawei #Router #Exploit Code Used in #IoT #Botnet appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
The Central Intelligence Agency created and used code that pretended to be from Kaspersky Lab while hacking people, a big twist on what has been an ongoing saga of allegations of Kaspersky colluding with the Russian government, according to the latest release by Wikileaks of leaked top secret U.S. government files.
The Vault 8 release, issued Thursday, detailed the source code and development logs behind the CIA’s “Project Hive,” designed by the agency to implant malware to spy on targets outside the country. Within the released code was evidence that the CIA used fake certificates pretending to have been from Kaspersky Lab, meaning essentially that the agency was hacking people across the globe while impersonating Kaspersky.
“This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components,” WikiLeaks said in a statement. “Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention.”
Kaspersky Lab has been in the spotlight since June after the Federal Bureau of Investigation raided the company’s employees as part of an investigation into claims the company was colluding with the Russian government to hack and steal information from the U.S. government. Despite there being no solid evidence to date, the company has since been banned by The White House and Department of Homeland Security from use by U.S. government agencies.
In a surprising twist in a story that already reads like a poorly edited self-published spy drama in Amazon.com Inc.’s Kindle book store, Kaspersky claimed last month that it had indeed gained access to top secret spying tools used by the National Security Agency, but only because a contractor accidentally installed malware on his or her computer. The company then claimed that after being made aware that it had accidentally accessed the code, it immediately deleted it.
Although much of the story to date has appeared to be nothing more than a witch hunt against Kaspersky Lab, the fact that Wikileaks has now revealed that the CIA itself was pretending to be the company while hacking people may finally provide some relief to the company going forward.
The post Wikileaks release #reveals #CIA impersonated #Kaspersky Lab while #hacking people appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures
Former members of Team Espionage recently expressed their concern that the Shadow Brokers’ dump of NSA Windows exploits had done serious damage to the security of the nation. The unwanted exposure of NSA power tools supposedly harmed intelligence gathering efforts, even though the tools targeted outdated operating systems and network software.
However, there are still plenty of computers and networks online using outmoded software. This makes the released exploits a threat (especially those targeting XP users, as that version will never be patched). But not much of a threat to national security, despite the comments of anonymous former Intelligence Community members. It makes them a threat to personal security, as Chris Bing at CyberScoop points out:
One of these hacking tools, a backdoor implant codenamed DOUBLEPULSAR — which is used to run malicious code on an already compromised box — has already been installed on 30,000 to 50,000 hosts, according to Phobos Group founder Dan Tentler. Other researchers have also engineered different detection scripts to quickly scan the internet for infected computers.
John Matherly, the CEO of internet scanning-tool maker Shodan.io, said that upwards of 100,000 computers could be affected.
Rather surprisingly, data gathered by security researchers shows a majority of the infected computers are in the United States. This shows Microsoft’s steady updating push still faces a sizable resistance right here at home. What it also shows is how fast exploits can be repurposed and redeployed once they’re made public. The scans for DOUBLEPULSAR have turned up thousands of hits worldwide.
DOUBLEPULSAR is simply a backdoor, but an extremely handy one. Once installed, it makes targeted computers extremely receptive to further malware payloads.
“The presence of DOUBLEPULSAR doesn’t mean they’re infected by the NSA, it means there is a loading dock ready and waiting for whatever malware anyone wants to give it,” Tentler said. “The chances are none that all theses hosts [were hacked by] the NSA.
So, there’s that small bit of comfort. It’s not the NSA nosing around the innards of your Windows box, but a bunch of script kiddies playing with new toys… adding them to the normal rolls of malware purveyors seeking to zombify your device and/or make off with whatever information is needed to open fraudulent credit card accounts or whatever.
The NSA certainly could have informed Microsoft of these exploits before it ended support for certain platforms, thus ensuring late- (or never-) adopters were slightly more protected from malware merchants and state agencies. But that’s the Vulnerabilities Equity Process for you: no forewarning until a third party threatens to turn your computing weapons over to the general public.
The post Personal Security Takes A Hit With Public Release Of NSA’s Hacking Toolkit appeared first on National Cyber Security Ventures.
View full post on National Cyber Security Ventures