Written by Eric O’Neill, National Security Strategist at Carbon Black
The Slingshot cyber espionage campaign exposed recently by Kaspersky Lab is a U.S. government operation targeting members of terrorist organizations, according to a media report.
Expedia-owned travel fare aggregator Orbitz.com discovered that one of its platforms was compromised last year and hackers might have accessed the payment cards details and personal information of about 880,000 customers.
WSJ Wealth Adviser Briefing: Facebook, Airport Shopping, Successful People
LONDON (AP) — The Latest on the alleged use of Facebook data to influence the U.S. presidential election (all times local):9:40 a.m.The Cambridge University researcher who developed an app used by Cambridge Analytica to harvest data from millions of Facebook users claims he has been made a scapegoat.Alexandr Kogan told BBC on Wednesday he believed all the information he provided was obtained legitimately. He said he was approached by Cambridge Analytica, which is being investigated by British and U.S. authorities for possible misuse of data.He said: “They approached me. In terms of the usage of Facebook data they wrote the terms of service for the app, they provided the legal advice that this was all appropriate.”Kogan admitted he did not ask enough questions about the data use and did not have a lawyer review the agreement.Cambridge Analytica has suspended its top executive as possible misuse of data is checked.
A new wave of record-breaking distributed denial-of-service (DDoS) attacks have struck enterprises, changing the DDoS threat landscape yet again.
mark.reinhold at oracle.com mark.reinhold at oracle.com
Tue Mar 20 15:55:51 UTC 2018
- Previous message: Result: New Group: Vulnerability Group
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
JDK 10, the first release produced under the six-month rapid-cadence release model , is now Generally Available. We've identified no P1 bugs since we promoted build 46 almost two weeks ago, so that is the official GA release, ready for production use. GPL'd binaries from Oracle are available here: http://jdk.java.net/10 (There are links on that page to Oracle's commercial binaries, for those who are interested.) Binaries from other implementors will no doubt be available in short order. This release includes twelve features: Local-Variable Type Inference http://openjdk.java.net/jeps/286 Consolidate the JDK Forest http://openjdk.java.net/jeps/296 Garbage-Collector Interface http://openjdk.java.net/jeps/304 Parallel Full GC for G1 http://openjdk.java.net/jeps/307 Application Class-Data Sharing http://openjdk.java.net/jeps/310 Thread-Local Handshakes http://openjdk.java.net/jeps/312 Remove the Native-Header Generation Tool http://openjdk.java.net/jeps/313 Additional Unicode Language-Tag Extensions http://openjdk.java.net/jeps/314 Heap Allocation on Alternative Memory Devices http://openjdk.java.net/jeps/316 Experimental Java-Based JIT Compiler http://openjdk.java.net/jeps/317 Root Certificates http://openjdk.java.net/jeps/319 Time-Based Release Versioning http://openjdk.java.net/jeps/322 along with, of course, hundreds of smaller enhancements. Thanks to everyone who contributed to JDK 10, whether directly or indirectly. Considering the enormous change that we just made to the release model, this all went pretty smoothly! - Mark  https://mreinhold.org/blog/forward-faster  http://mail.openjdk.java.net/pipermail/discuss/2017-September/004281.html
Kozmo.com, the startup that attempted on-demand delivery of anything way back in 1998 but burned through $280 million in capital and failed to make itself profitable, is back.
Geek’s Guide to Britain The pell-mell expansion of Britain’s railways in the 19th century has bequeathed some impressive feats of engineering. Great stone viaducts like those at Calstock in Cornwall and Harringworth near Melton Mowbray get the glory, but for my money it’s the iron bridges that are the real marvels.
Following the news that Wigan Council has experienced more than 80 data breaches in the past two years, Raj Samani, Chief Scientist and Fellow at McAfee commented below.
There’s no way to sugar-coat this: Have I Been Pwned (HIBP) only exists due to a whole bunch of highly illegal activity that has harmed many individuals and organisations alike. That harm extends all the way from those in data breaches feeling a sense of personal violation (that’s certainly how I feel when I see my personal information exposed), all the way through to people literally killing themselves (there are many documented examples of this in the wake of the Ashley Madison breach). Plus, of course, there’s the ginormous financial impact; TalkTalk claims their 2015 hack cost them £42M and I’ve heard first-hand from those inside other companies that have suffered data breaches about just how costly they’ve been (“many millions of dollars” is very common).
By 2021, Cisco expects 94 percent of workloads and compute instances to be processed by cloud data centers. Attackers are already starting to focus and targeting cloud accounts, moving away from traditional data centers.
Blockchain technology and the decentralizing effects of distributed ledgers have enormous amounts of potential and may mean the Internet will never be the same again. The fact that one could eventually run vast applications without any servers is equally transformational. But it’s still very much a wild west out there in terms of ascertaining who is working on ‘the real deal’.
What’s happening with blackmails? For those who don’t know the word, it is a piece of mail sent to a victim to ask money in return for not revealing compromising information about him/her. For a few days, we noticed a peak of such malicious emails. One of our readers reported one during the weekend, Johannes Ullrich received also one. A campaign targeted people in The Netherlands.
Blackmails are not new. For years, bad people tried to extort money by using different techniques. For months, we are facing ransomware attacks which encrypt data to prevent the victim to access his/her files but there exist other techniques for a while. In 2012, I wrote a blog post about the social impact of ransomware. At this time, Belgium was under fire with plenty of fake pages pretending to be from the Police services:
In this case, it was quite easy to get rid of such page (a simple system restore was enough). I remembered a friend of mine, non-techie, that was ready to pay the ransom to not disclose some personal stuff to his wife!
Today, blackmail apparently remains a nice way to get money from the victim, even more with the cryptocurrencies that are harder to track. Most of the blackmail samples propose to the victim to pay via a BTC wallet. For the security guys, this is even better because we can track to wallet usage and detect is the campaign is ongoing and if victims paid.
Here is a first example:
Hey . Have you ever heard anything information related to the RAT malware 68967? Great job, you have today became a satisfied owner of my own, personal version of this software. I've been able to locate several interesting stuff on your personal computer and I have also been able get in to all ur units, which includes a cellphone. Yet these are definitely all are very little things as opposed to the next. I made this virus to record a mike, a cam, as well as the graphic on the screen, and you know I have created numerous interesting movies. I do believe a few movies will certainly be interesting for you personally 😀 The best part is that my application recorded is a moment you go to one of the pornographic sites. I even haveinvested two hours of my time to combine two video clips, one which is an image on the screen and another one of the actual web cam. It was quite amusing! Ok, lets get right to the point. I recommend you pay out 350 usd to my wallet - 1Q7xmTttjGgACeuY6ThtBQ9YXEeSzcWgdM I solely utilize BTC. If you will have trouble payingjust use any search box. After obtaining the funds. We will both just forget about this unpleasant moment and erase all the info I have gathered from your devices. You have three days. If I do not receive my cash, I am going to deliver all of the details to the contact information I located on your equipment! Possibly I'll do it with your accounts. It will be very amusing if your loved people obtain a footage of this type. I offer a small amount of time simply because my wallets frequently get locked and you will need to deliver just before that. Yes, you are not the only person receiving an email of this sort, I have infected a 9972 individuals and more than 1131 of them ended up with fascinating things. You actually can call up authorities, think its worthless, the worst stuff they are able to perform is block my wallet. So do not do stupid things. If perhaps I will not receive my cash for any reason, including the failure to send them to a blocked account wallet, ur status will be destroyed. Therefore hurry up! I take care of my anonymousness and use the short-lived e-mail to deliver messages, additionally I am on-line from my working laptopand i only with fake Wi fi from numerous organizations besides i use Double-VPN. Thus, getting in touch with me and responding to to this notice makes no sense.
may be used to manufacture the company’s Big Falcon Rocket, or BFR vehicle
There’s a talent shortage for trained cybersecurity pros, but fertile hunting grounds can be found among veterans preparing to leave military service.