Logjam: the latest TLS vulnerability explainedFilippo Valsorda, CloudflareYesterday, a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. This analysis included a novel downgrade attack against the TLS protocol itself called Logjam, which exploits EXPORT cryptography (just like FREAK).Jumat, 12 Jun 2015
Insider vs. Outsider Threats: Identify and Preventbrenda, Infosec InstituteBefore getting a deep understanding of these threats, we first need to define what we mean by the term “Malicious Insider” or “Insider Threat.” Firstly, an Insider is an individual with privileged access to an IT system in an organizationJumat, 12 Jun 2015
Critical vulnerabilities in JSON Web Token libraries ab0files BlogRecently, while reviewing the security of various JSON Web Token implementations, I found many libraries with critical vulnerabilities allowing attackers to bypass the verification step. ...Jumat, 12 Jun 2015
Trend Micro Discovers MalumPoS; Targets Hotels and other US IndustriesJay Yaneza, Security Intelligence Blog (Trend Micro)We first discovered MalumPoS, a new attack tool that threat actors can reconfigure to breach any PoS system they wish to target. Currently, it is designed to collect data from PoS systems running on Oracle® MICROS®, a platform popularly used in the hospitality, food and beverage, and retail industries.Jumat, 12 Jun 2015
New research suggests that hackers can track subway riders through their phonesPatrick Howell O'Neill, The Daily DotDetermined hackers can track the movements of millions of subway riders around the world even as they go underground by breaking into smartphone motion detectors, new research from Chinese academics reveals. The attack can track subway riders with up to 92 percent accuracy.Kamis, 11 Jun 2015
Apple Releases Patches For a WatchDennis Fisher, Threat Post (Kaspersky Blog)The most serious of the vulnerabilities is a bug in the font parser in Watch OS. “Processing a maliciously crafted font file may lead to arbitrary code execution. A memory corruption issue existed in the processing of font files. This issue was addressed through improved bounds checking,” the Apple advisory says.Kamis, 11 Jun 2015
Understanding Flash Exploitation and the Alleged CVE-2015-0359 ExploitGal Badishi and Shlomi Levin, Palo Alto NetworksThe above is a detailed analysis of the root cause of the CVE-2015-X vulnerability, as well as a step-by-step explanation of how to trigger it. More importantly, we shared insights on workers, and suggested that there might be other paths leading to vulnerabilities of similar nature.Kamis, 11 Jun 2015
SPSS Vulnerability Is Tough To Exploit But Stakes Are High For Client BaseAlex Harvey, Fortinet BlogSPSS is one of the most widely used statistical analysis packages in the world. It was first released in 1968 and gained considerable traction among social sciences researchers. Kamis, 11 Jun 2015
New 'sleeper' ransomware laid dormant on infected PCs until this week, report saysColin Neagle, NetworkWorldA new strain of ransomware that had laid dormant on infected devices suddenly "woke up" at midnight on Monday, May 25, security firm KnowBe4 said in an alert issued today. ...Rabu, 10 Jun 2015
New Point-of-Sale Malware NitlovePoS Sends Card Data via Encrypted ConnectionIonut Ilascu, SoftpediaSecurity researchers identified a fresh malware piece targeting point-of-sale (PoS) systems that relies on encrypted communication to exfiltrate payment card info from the memory of the payment processing machines.Rabu, 10 Jun 2015
Disclaimer | Copyright © 2013 - Id-SIRTII/CC
Id-SIRTII/CC - Indonesia Security Incident Response Team on Internet Infrastructure/Coordination Center
Menara Ravindo Lt. 17, Jl. Kebon Sirih No. 75 Jakarta Pusat, 10340, Indonesia
Member of: