Logjam: the latest TLS vulnerability explained

  • Jumat, 12 Jun 2015
  • Penulis: Filippo Valsorda, Cloudflare

Yesterday, a group from INRIA, Microsoft Research, Johns Hopkins, the University of Michigan, and the University of Pennsylvania published a deep analysis of the Diffie-Hellman algorithm as used in TLS and other protocols. This analysis included a novel downgrade attack against the TLS protocol itself called Logjam, which exploits EXPORT cryptography (just like FREAK).

Selengkapnya

Insider vs. Outsider Threats: Identify and Prevent

  • Jumat, 12 Jun 2015
  • Penulis: brenda, Infosec Institute

Before getting a deep understanding of these threats, we first need to define what we mean by the term “Malicious Insider” or “Insider Threat.” Firstly, an Insider is an individual with privileged access to an IT system in an organization

Selengkapnya

Critical vulnerabilities in JSON Web Token libraries

  • Jumat, 12 Jun 2015
  • Penulis: ab0files Blog

Recently, while reviewing the security of various JSON Web Token implementations, I found many libraries with critical vulnerabilities allowing attackers to bypass the verification step. ...

Selengkapnya

Trend Micro Discovers MalumPoS; Targets Hotels and other US Industries

  • Jumat, 12 Jun 2015
  • Penulis: Jay Yaneza, Security Intelligence Blog (Trend Micro)

We first discovered MalumPoS, a new attack tool that threat actors can reconfigure to breach any PoS system they wish to target. Currently, it is designed to collect data from PoS systems running on Oracle® MICROS®, a platform popularly used in the hospitality, food and beverage, and retail industries.

Selengkapnya

New research suggests that hackers can track subway riders through their phones

  • Kamis, 11 Jun 2015
  • Penulis: Patrick Howell O'Neill, The Daily Dot

Determined hackers can track the movements of millions of subway riders around the world even as they go underground by breaking into smartphone motion detectors, new research from Chinese academics reveals. The attack can track subway riders with up to 92 percent accuracy.

Selengkapnya

Apple Releases Patches For a Watch

  • Kamis, 11 Jun 2015
  • Penulis: Dennis Fisher, Threat Post (Kaspersky Blog)

The most serious of the vulnerabilities is a bug in the font parser in Watch OS. “Processing a maliciously crafted font file may lead to arbitrary code execution. A memory corruption issue existed in the processing of font files. This issue was addressed through improved bounds checking,” the Apple advisory says.

Selengkapnya

Understanding Flash Exploitation and the Alleged CVE-2015-0359 Exploit

  • Kamis, 11 Jun 2015
  • Penulis: Gal Badishi and Shlomi Levin, Palo Alto Networks

The above is a detailed analysis of the root cause of the CVE-2015-X vulnerability, as well as a step-by-step explanation of how to trigger it. More importantly, we shared insights on workers, and suggested that there might be other paths leading to vulnerabilities of similar nature.

Selengkapnya

SPSS Vulnerability Is Tough To Exploit But Stakes Are High For Client Base

  • Kamis, 11 Jun 2015
  • Penulis: Alex Harvey, Fortinet Blog

SPSS is one of the most widely used statistical analysis packages in the world. It was first released in 1968 and gained considerable traction among social sciences researchers.

Selengkapnya

New 'sleeper' ransomware laid dormant on infected PCs until this week, report says

  • Rabu, 10 Jun 2015
  • Penulis: Colin Neagle, NetworkWorld

A new strain of ransomware that had laid dormant on infected devices suddenly "woke up" at midnight on Monday, May 25, security firm KnowBe4 said in an alert issued today. ...

Selengkapnya

New Point-of-Sale Malware NitlovePoS Sends Card Data via Encrypted Connection

  • Rabu, 10 Jun 2015
  • Penulis: Ionut Ilascu, Softpedia

Security researchers identified a fresh malware piece targeting point-of-sale (PoS) systems that relies on encrypted communication to exfiltrate payment card info from the memory of the payment processing machines.

Selengkapnya

Pemantauan Trafik Internet Nasional

Laporan pemantauan trafik internet nasional dengan menampilkan laporan trafik mingguan, trafik bulanan dan trafik tahunan.

Peringatan Ancaman Keamanan & Kerentanan Sistem

Kumpulan arikel tentang peringatan dini ancaman keamanan dan kerentanan sistem.

Security News

Kumpulan berita tentang keamanan siber atau IT.

Laporan Insiden

Id-SIRTII/CC menerima pelaporan insiden dari publik untuk kemudian dilakukan koordinasi kepada pihak-pihak yang berkepentingan.