News

A new type of fraud: News Scareware

After posting the article with the ads, I thought that I covered all stupid things that online publications do to force their readers to pay, subscribe or to disable ad blockers. Well, this was not correct… The stupidity goes on… with Washington Post.   They request your email address in order to allow you to read any article. I tried first to add some bogus email address so that I move on. But, these guys take things really serious. They connect to the SMTP server and try to authenticate if the user exists. If it doesn’t work, you get an…


Self-driving car: security and liability

I read about Google’s vision of driverless cars. I like it, but I can’t stop to ask myself a few questions. Before that, Google’s driverless car just got its driver license 🙂 The NHTSA letter isn’t a ruling; it’s a clarification about how the agency will interpret the law in the future. You can read the full thing here (warning: It’s a mess), but the key part is below: As a foundational starting point for the interpretations below, NHTSA will interpret driver in the context of Google’s described motor vehicle design as referring to the SDS, and not to any…


Cyber Security is a Shared Responsibility: October is Cyber Security Month

The 3rd consecutive year, celebrating the European Cyber Security Month (ECSM) through-out October, has just been kicked-off in Brussels.     Here is the agenda: WEEK 1 Cyber Security Training for Employees WEEK 2 Creating a Culture of Cyber Security at Work WEEK 3 Code Week for All WEEK 4 Understanding Cloud Solutions for All WEEK 5 Digital Single Market for All   In the Activities page, depending of where you are, you can filter which activities to see: Germany, USA If you’re a hand-on cyber security professional, you may want to start with the Toolbox. In the awareness files you can…


T-Mobile advises 15 Mil customers affected by the Experian breach to use Experian’s ProtectMyID service

From time to time there is a WTF Moment when you ask yourself: Is he kidding?, Is he stupid?, or Does he really think that everyone else is stupid?   T-Mobile CEO on Experian’s Data Breach The investigation is ongoing, but what we know right now is that the hacker acquired the records of approximately 15 million people, including new applicants requiring a credit check for service or device financing from September 1, 2013 through September 16, 2015. These records include information such as name, address and birthdate as well as encrypted fields with Social Security number and ID number…


WinRAR: The wrong way of answering to a critical vulnerability

With over 500 million users worldwide, WinRAR is by far the most popular compression program. An independent security lab found a remote code execution vulnerability in the official WInRAR SFX v5.21 software. The vulnerability allows remote attackers to unauthorized execute system specific code to compromise a target system. The issue is located in the Text and Icon function of the Text to display in SFX window module.  Remote attackers are able to generate own compressed archives with malicious payloads to execute system specific codes for compromise. The security risk of the code execution vulnerability is estimated as critical with a CVSS(common…


Security release 4.2.4 for WordPress is available – update now

This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site. Read more here: https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/ WordPress 4.2.4 also fixes four bugs. For more information, see the release notes or consult the list of changes.   If you have your site already at WordPress 4.x and it is properly configured, you should only see this email in your inbox: Howdy! Your site at http://www.sorinmustaca.com has been updated automatically to WordPress 4.2.4. No further action is needed on your part. For more on version 4.2.4, see the About WordPress screen: http://www.sorinmustaca.com/wp-admin/about.php If you experience any issues…


Here is how to stop Windows 10 to deliver updates from your PC to complete strangers

If you have a Windows 7 or 8.x, chances are that you already upgraded to the latest Windows version. What you don’t know is that Windows Update Delivery optimization (WUDO) has set up your computer in a Peer to Peer network to deliver updates for other Windows 10 users. „Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft. This can help you get updates and apps more quickly if you have a limited or unreliable Internet connection. And if you own more than one PC, it can reduce the amount…


Windows 10 and “we own you”: questionable default privacy settings

First thing you see after the Windows 10 migration is done is the “Customize Settings” dialog below. In a few words, Microsoft is trying to “own” the user that just got the “best OS of all times”, at least according to Microsoft. 1. Just turn everything OFF       2. Let “Smart Screen” ON, turn everything else OFF If you install a lot of software and you experience problems with them, you may want to enable the last option, “Send error reports and diagnostics to Microsoft”   Last, after installation, you will see that near your programs, there are ads…


No Picture

First time in history: 1.4 mil vehicles recalled due to security issues (hacking)

Fiat Chrysler will recall 1.4 million vehicles in the United States to install software to prevent hackers from gaining remote control of the engine, steering and other systems in what federal officials said was the first such action of its kind. The announcement on Friday by FCA US LLC, formerly Chrysler Group LLC, was made days after reports that cybersecurity researchers used a wireless connection to turn off a Jeep Cherokee’s engine as it drove, increasing concerns about the safety of Internet-enabled vehicles. This is happening when you want to hit a milestone instead of doing the things right from…


ITSecurityNews.info says Farewell to Mailchimp

  .. and hope to never see you again! Yes, I closed my account because of so many issues in the past time. First, it was because I had too many mails, then too many subscribers, then the emails below. Due to the fact that probably some bots were registered, some sensitive keywords went in the email (after all, the website is about IT Security), they decided to block my account. And I removed it. Because of the email addresses that were blocked, I received also the email below: Imagine that from almost 2500 emails a few emails were probably fake,…


By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close