...
Friday, 30 August 2019
NUEVA TÉCNICA DE HACKING PARA EXPLOTAR ANTIVIRUS Y EXTRAER DATOS DE SERVIDORES
CONTENIDO ORIGINAL: https://noticiasseguridad.com/seguridad-informatica/nueva-tecnica-de-hacking-para-explotar-antivirus-y-extraer-datos-de-servidores/
El equipo de expertos en seguridad de aplicaciones web de TokyoWesterns acaba de revelar un nuevo método de ataque que, de ser explotado, permitiría la extracción de información confidencial de cualquier servidor protegido con Windows Defender.
Este método de ataque, apodado “AV Oracle”, fue revelado durante un reciente evento de ciberseguridad y, según sus desarrolladores, se trata de...
NEW HACKING TECHNIQUE TO EXPLOIT ANTIVIRUS AND EXTRACT DATA FROM SERVERS
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/27/new-hacking-technique-to-exploit-antivirus-and-extract-data-from-servers/
TokyoWesterns’ team of web application security experts just unveiled a new attack method that, if exploited, would allow the extraction of sensitive information from any server protected with Windows Defender.
This attack method, dubbed “Oracle AV”, was disclosed during a recent cybersecurity event and, according to its developers, is a specialized server-side request forgery technique that leverages...
NEW YORK GOVERNMENT PAID $88K USD DUE TO RANSOMWARE ATTACK DESPITE HAVING FIREWALL AND ANTIVIRUS SOLUTIONS
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/27/new-york-government-paid-88k-usd-due-to-ransomware-attack-despite-having-firewall-and-antivirus-solutions/
Even though the complex cybersecurity solutions currently available on the market, a system, network, or computer will never be 100% protected against security threats. Cybersecurity services experts report an incident in New York City that compromised the security of a school district despite having antivirus and firewall solutions.
It is an infection of the dangerous...
Thursday, 29 August 2019
Wednesday, 28 August 2019
Tuesday, 27 August 2019
Monday, 26 August 2019
Sunday, 25 August 2019
Friday, 23 August 2019
Thursday, 22 August 2019
CÓMO PREVENIR LOS RIESGOS DE SEGURIDAD DE DISPOSITIVOS MÓVILES
CONTENIDO ORIGINAL: https://noticiasseguridad.com/seguridad-informatica/como-prevenir-los-riesgos-de-seguridad-de-dispositivos-moviles/
En la actualidad, el número de usuarios de dispositivos móviles inteligentes, especialmente smartphones, ha sobrepasado por mucho a los usuarios de equipos de cómputo de escritorio, pues estos dispositivos son más prácticos y pueden conectarse a Internet desde casi cualquier lugar. Todos usamos smartphones para diversas actividades cotidianas, ya sea por ocio o como parte de nuestras labores profesionales y otras...
Wednesday, 21 August 2019
CRACK ANY WIFI PASSWORD WITH WIFIBROOT
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/12/crack-any-wifi-password-with-wifibroot/
There are many tools used to crack Wifi access points. Most of the Wifi authentication uses WPA/ WPA2 encryption to secure the Wifi networks. Still cracking password with WPA2 is mostly usable. According to ethical hacking researcher of international institute of cyber security still mostly users prefer to use WPA2 authentication for the Access Point security. We will show you to crack WPA/ WPA2 encryption with four way handshake...
CÓMO DESCIFRAR LA CONTRASEÑA DE CUALQUIER CONEXIÓN WIFI CON WIFIBROOT
CONTENIDO ORIGINAL: https://noticiasseguridad.com/tutoriales/como-descifrar-la-contrasena-de-cualquier-conexion-wifi-con-wifibroot/
Existen muchas herramientas para romper las contraseñas de los puntos de acceso WiFi. Actualmente, la mayoría de estas redes usan autenticación WPA/WPA2; según especialistas en hacking ético del Instituto Internacional de Seguridad Cibernética (IICS), el métido de autenticación más utilizado es el WPA2. A continuación, le mostraremos cómo romper ese método de cifrado con un handshake de 4 vías y un ataque...
Tuesday, 20 August 2019
Monday, 19 August 2019
CÓMO HARÁ AMAZON PARA VENDER SUS DATOS DE RECONOCIMIENTO FACIAL USANDO UN TIMBRE
CONTENIDO ORIGINAL: https://noticiasseguridad.com/tecnologia/como-hara-amazon-para-vender-sus-datos-de-reconocimiento-facial-usando-un-timbre/
En una nueva solicitud de patente disponible para todo público, el gigante tecnológico Amazon ha presentado un proyecto que combina el uso de tecnología de reconocimiento facial (como Rekognition, el sistema de reconocimiento desarrollado por la compañía) y Ring, el interfon con cámara que Amazon acaba de adquirir. Acorde a especialistas en ciberseguridad, esta se convertiría en una poderosa...
HOW AMAZON IS SELLING YOUR FACIAL RECOGNITION DATA USING A DOORBELL
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/14/how-amazon-is-selling-your-facial-recognition-data-using-a-doorbell/
In a new patent application available to the public, technology giant Amazon has presented a project that combines the use of facial recognition technology (such as Rekognition, the face detection system developed by the company) and Ring, the camera-based doorbell that Amazon just acquired. According to cybersecurity specialists, this would become a powerful home-level monitoring tool, which can...
Friday, 16 August 2019
PWC OFFERED CYBERSECURITY SERVICES AND ENDED UP BEING FINED $170K USD FOR DATA PRIVACY ISSUES
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/13/pwc-offered-cybersecurity-services-and-ended-up-being-fined-170k-usd-for-data-privacy-issues/
The data protection regulator in Greece has reported that the leading consultancy PriceWaterhouseCoopers (PwC) will be fined $170k USD for violations of Article 83 of the European Union’s General Data Protection Regulation (GDPR), data protection specialists report. Data protection authorities in Greece also imposed some corrective measures that must be implemented by the...
Thursday, 15 August 2019
LOS CONTROLADORES DE MÁS DE 40 FIRMAS, COMO ASUS, REALTEK, GIGABYTE, INTEL, AMD, TOSHIBA, ENTRE OTROS, SON VULNERABLES A LOS HACKERS
CONTENIDO ORIGINAL: https://noticiasseguridad.com/vulnerabilidades/los-controladores-de-mas-de-40-firmas-como-asus-realtek-gigabyte-intel-amd-toshiba-entre-otros-son-vulnerables-a-los-hackers/
Un equipo de especialistas en hacking ético de la firma Eclypsium ha revelado un informe que describe una vulnerabilidad crítica presente en el diseño del software usado en los controladores (drivers) modernos que, de ser explotada, permitiría a los actores de amenazas obtener elevados privilegios que les garantizaría acceso sin restricción alguna...
40 OEM DRIVERS LIKE ASUS, REALTEK, GIGABYTE, INTEL, AMD AND TOSHIBA ARE VULNERABLE TO HACKERS
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/12/40-oem-drivers-like-asus-realtek-gigabyte-intel-amd-and-toshiba-are-vulnerable-to-hackers/
A team of ethical hacking specialists from Eclypsium security firm has revealed a report describing a critical vulnerability present in the design of software used in modern drivers that, if exploited, would allow threat actors to get high privileges that would guarantee them unrestricted access to hardware.
Reports claim that more than 40 hardware manufacturers could be affected by...
Wednesday, 14 August 2019
Tuesday, 13 August 2019
RAZONES SIMPLES POR LAS QUE LA NUBE DE MICROSOFT AZURE NO ES SEGURA
CONTENIDO ORIGINAL: https://noticiasseguridad.com/seguridad-informatica/razones-simples-por-las-que-la-nube-de-microsoft-azure-no-es-segura/
Una reciente investigación realizada por especialistas en hacking ético de la firma Check Point Research reveló la existencia de decenas de vulnerabilidades en un protocolo de uso común en Microsoft Azure. Estas fallas exponen a múltiples ataques cibernéticos a los usuarios de la nube de Microsoft.
Durante su presentación en la conferencia de ciberseguridad Black Hat, los expertos señalaron...
SIMPLE REASONS WHY THE MICROSOFT AZURE CLOUD ISN’T SECURE
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/08/simple-reasons-why-the-microsoft-azure-cloud-isnt-secure/
Recent research by ethical hacking specialists from Check Point Research revealed the existence of dozens of vulnerabilities in a commonly used protocol in Microsoft Azure. These flaws expose multiple cyberattacks to Microsoft cloud users.
During their presentation at the Black Hat cybersecurity conference, experts noted that Remote Desktop Protocol (RDP) flaws, used to access other Windows remote machines,...
CRITICAL SQL INJECTION VULNERABILITY IN A STARBUCKS ENTERPRISE DATABASE
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/08/critical-sql-injection-vulnerability-in-a-starbucks-enterprise-database/
A website security specialist dedicated to the bug reporting helped fix a critical SQL injectionflaw affecting an enterprise database in the famous coffee chain Starbucks. The flaw could have exposed confidential financial and accounting data.
Thanks to his discovery, expert Eugene Lim (also known as ‘spaceraccoon’) received a $4,000 bounty, paid through Starbucks’ vulnerability bounty program, operated...
Monday, 12 August 2019
NUEVA VULNERABILIDAD SWAPGS EN WINDOWS AFECTA CPUS DE INTEL Y AMD
CONTENIDO ORIGINAL: https://noticiasseguridad.com/vulnerabilidades/nueva-vulnerabilidad-swapgs-en-windows-afecta-cpus-de-intel-y-amd/
Especialistas en análisis de vulnerabilidades han revelado la existencia de una vulnerabilidad de seguridad que afecta a todos los equipos de cómputo con sistema operativo Windows que se ejecutan en procesadores Intel y AMD de 64 bits. De ser explotadas, estas fallas podrían brindarle a un hacker acceso a las contraseñas, conversaciones privadas y otra información confidencial almacenada en la...
NEW SWAPGS VULNERABILITY ON WINDOWS AFFECTS INTEL AND AMD CPUS
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/08/07/new-swapgs-vulnerability-on-windows-affects-intel-and-amd-cpus/
Vulnerability testing specialists have revealed a security vulnerability that affects all Windowsoperating system computers running on Intel and AMD 64-bit processors. If exploited, these flaws could give a hacker access to passwords, private conversations, and other sensitive information stored in the operating system kernel memory.
According to reports, the vulnerability takes advantage of the SWAPGS instruction,...
Friday, 9 August 2019
Thursday, 8 August 2019
Wednesday, 7 August 2019
Tuesday, 6 August 2019
Monday, 5 August 2019
Sunday, 4 August 2019
Friday, 2 August 2019
HACKERS ATACAN A POLICÍA DE LOS ÁNGELES; MILES DE OFICIALES SON CHANTAJEADOS USANDO SUS DATOS PERSONALES
CONTENIDO ORIGINAL: https://noticiasseguridad.com/hacking-incidentes/hackers-atacan-a-policia-de-los-angeles-miles-de-oficiales-son-chantajeados-usando-sus-datos-personales/
Los incidentes de ciberseguridad no han dejado de presentarse en diversos departamentos públicos en múltiples áreas de Estados Unidos. Esta ocasión, especialistas en análisis de vulnerabilidades reportan una brecha de datos en los sistemas del Departamento de Policía de Los Ángeles (LAPD). El incidente habría comprometido algunos detalles personales, como...
HACKERS ATTACK LOS ANGELES POLICE DEPARTMENT; THOUSANDS OF OFFICERS ARE BLACKMAILED USING THEIR PERSONAL DATA
ORIGINAL CONTENT: https://www.securitynewspaper.com/2019/07/30/hackers-attack-los-angeles-police-department-thousands-of-officers-are-blackmailed-using-their-personal-data/
Cybersecurity incidents keep happening in various public departments in multiple areas of the United States. This time, vulnerability analysis specialists report a data breach in Los Angeles Police Department (LAPD) systems. The incident would have compromised some personal details, such as full names, phones, email addresses, and passwords stored by the...
