Your new post is loading...
Your new post is loading...
|
Scooped by
Gust MEES
|
Chinesischer Tiktok-Betreiber hat vollen Zugriff auf Daten "Alles wird in China eingesehen", heißt es in einem geleakten Bericht des Tiktok-Konzerns Bytedance. Die Firma hat Zugriff auf US-Daten.
Tiktok-Daten sind nicht unbedingt vor einer Einsicht sicher. (Bild: Bytedance/Montage: Golem.de)
Die Social-Media-Videoplattform Tiktok steht im Verdacht, persönliche Userdaten von US-Kunden an die Unternehmenszentrale in China weiterzuleiten. Dabei sei der Zugriff auf sämtliche Informationen möglich. "Alles wird in China eingesehen", sagt ein anonymisierter Angestellter bei Tiktok-Betreiber Bytedance in einem Meeting. Dieses und mehr als 80 weitere Aufzeichnungen wurden unter anderem vom Magazin Buzzfeed News eingesehen. Die Protokolle gehen demzufolge auf September 2021 bis Januar 2022 zurück. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Privacy https://www.scoop.it/topic/social-media-and-its-influence
|
Scooped by
Gust MEES
|
Résultat des courses : vous n'aurez bientôt plus besoin d'un mot de passe pour vous connecter à vos appareils, à des sites web ou à des applications.
Au lieu de cela, votre téléphone stockera un justificatif FIDO appelé "passkey", qui sera utilisé pour déverrouiller votre appareil – et l'ensemble de vos comptes en ligne. Il s'agit d'un dispositif plus sûr qu'un mot de passe, car cette clé est protégée par de la cryptographie et n'est montrée à votre compte en ligne que lorsque vous déverrouillez votre appareil. A contrario, les mots de passe nous rendent vulnérables aux tentatives d’hameçonnage et à nos propres mauvaises habitudes, comme l'utilisation du même mot de passe sur plusieurs comptes. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Behind almost all Linux firewalls tools such as iptables; its newer version, nftables; firewalld; and ufw, is netfilter, which controls access to and from Linux's network stack. It's an essential Linux security program, so when a security hole is found in it, it's a big deal.
|
Scooped by
Gust MEES
|
Les malwares mobiles se multiplient sur nos smartphones Sécurité : Les experts en cybersécurité alertent sur une augmentation de 500 % des cyberattaques mobiles. Une flambée qui doit beaucoup à la multiplication des malwares destinés aux smartphones, qu'affectionnent les pirates. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Mobile-Security
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Mit Selfie-Apps lassen sich die Größe von Mund, Nase oder Augen verändern und Make-up auftragen. Doch die Apps erheben teilweise nicht nur biometrische Daten, sondern verkaufen sie auch an Dritte, wie das Verbraucherschutzportal Mobilsicher.de herausgefunden hat.
Das Portal hat die sechs beliebtesten Selfie-Bearbeitungs-Apps aus Googles Play Store auf Datenschutzprobleme hin überprüft. Zusammen wurden die Apps bisher über 500 Millionen Mal heruntergeladen.
Insbesondere die Datenschutzerklärung der App Perfect365 hat es demnach in sich. Laut Mobilsicher.de gibt der Anbieter dort an, dass in den vergangenen zwölf Monaten umfangreiche Datensätze über die Nutzer an Dritte verkauft wurden. Enthalten waren demnach die vollen Namen, biometrische Daten, Standortdaten sowie alle weiteren Angaben, die in der App gemacht wurden. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Android
|
Scooped by
Gust MEES
|
North Korean-backed hacking group Lazarus has added the Windows Update client to its list of living-off-the-land binaries (LoLBins) and is now actively using it to execute malicious code on Windows systems.
The new malware deployment method was discovered by the Malwarebytes Threat Intelligence team while analyzing a January spearphishing campaign impersonating the American security and aerospace company Lockheed Martin.
After the victims open the malicious attachments and enable macro execution, an embedded macro drops a WindowsUpdateConf.lnk file in the startup folder and a DLL file (wuaueng.dll) in a hidden Windows/System32 folder. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Windows
|
Scooped by
Gust MEES
|
If it's not one thing, it's another. After one real Linux problem -- the heap overflow bug in the Linux kernel's fs/fs_context.c program -- is found and fixed, then a new security problem is discovered. This time security company Qualys has uncovered a truly dangerous memory corruption vulnerability in polkit's pkexec, CVE-2021-4034.
Polkit, formerly known as PolicyKit, is a systemd SUID-root program. It's installed by default in every major Linux distribution.
How dangerous is it? Very. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Rechenfehler im Linux-Kernel erlaubt Rechteausweitung Vor allem in Cloud-Systemen problematisch: An Linux-Systemen angemeldete Nutzer könnten aufgrund eines potenziellen Pufferüberlaufs ihre Rechte ausweiten. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
Cybersecurity experts believe CVE-2021-44228, a remote code execution flaw in Log4j, will take months, if not years, to address due its ubiquity and ease of exploitation.
Steve Povolny, head of advanced threat research for McAfee Enterprise and FireEye, said Log4Shell "now firmly belongs in the same conversation as Shellshock, Heartbleed, and EternalBlue."
"Attackers began by almost immediately leveraging the bug for illegal crypto mining, or using legitimate computing resources on the Internet to generate cryptocurrency for financial profit... Further exploitation appears to have pivoted towards theft of private information," Povolny told ZDNet.
"We fully expect to see an evolution of attacks." Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Log4j
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Flaws in networkd-dispatcher, a service used in the Linux world, can be exploited by a rogue logged-in user or application to escalate their privileges to root level, allowing the box to be commandeered, Microsoft researchers said Wednnesday.
It's nice of Redmond to point out these flaws and have them fixed in any affected distributions; the US tech giant is a big user of Linux and relies on the open-source OS throughout its empire. It's just a little perplexing the biz went to all the effort of a big write-up and giving the flaws a catchy name, Nimbuspwn, when countless privilege-elevation holes are fixed in its Windows operating system each month, and we can't recall Microsoft lately making this much of a song and dance over them. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
A new Remote Access Trojan (RAT) might have an amusing name to some, but its capabilities show the malware to be no laughing matter.
Dubbed Borat RAT, Cyble Research Labs said in a recent malware analysis that the new threat doesn't settle for standard remote access capabilities; instead, Borat RAT also includes spyware and ransomware functions.
According to the cybersecurity researchers, the Trojan, named after the character adopted by comedian Sacha Baron Cohen, is offered for sale to cybercriminals in underground forums.
Borat RAT has a centralized dashboard and is packaged up with a builder, feature modules, and a server certificate. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=RAT
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Roughly two-thirds of test digital vaccination applications commonly used today as safe passes and travel passports exhibit behavior that may put users' privacy at risk.
The risks are substantial as these apps are required for large populations worldwide, allowing hackers an extensive target base.
Digital passports Digital passport apps store proof of a person's COVID-19 vaccination status, full name, ID number, date of birth, and other personally identifiable information (PII) encoded in a QR code or displayed directly in the app. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Privacy Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Coronavirus
|
Scooped by
Gust MEES
|
Scam artists have taken advantage of a contract migration initiative to swindle NFTs out of users in an opportunistic phishing attack.
Last week, NFT marketplace OpenSea announced the rollout of contract migrations and an upgrade to make sure inactive, old NFT listings on Ethereum expire safely and to allow OpenSea to "offer new safety features in the future."
The contract migration timeline was set from February 18 to February 25.
NFT holders are required to make the change, and OpenSea published a guide to assist them. After the deadline, any listings that were not migrated would expire, although they could be re-listed after this window without further fees.
However, an attacker saw an opportunity to cash in. Check Point Research has suggested that phishing emails were sent to users, linking them to fraudulent websites. Learn more / En savoir plus / Mehr erfahren: http://www.scoop.it/t/21st-century-learning-and-teaching/?tag=blockchain https://www.scoop.it/topic/securite-pc-et-internet/?&tag=WEB3 https://www.scoop.it/t/securite-pc-et-internet/?&tag=crypto-currency
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
Triviale Linux-Lücke ermöglicht Root-Rechte Zum Ausnutzen der Sicherheitslücke in Polkit muss der Dienst nur installiert sein. Das betrifft auch Serversysteme. Exploits dürften schnell genutzt werden. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/t/securite-pc-et-internet/?&tag=Linux
|
Scooped by
Gust MEES
|
|
Scooped by
Gust MEES
|
The WordPress WP HTML Mail plugin, installed in over 20,000 sites, is vulnerable to a high-severity flaw that can lead to code injection and the distribution of convincing phishing emails.
'WP HTML Mail' is a plugin used for designing custom emails, contact form notifications, and generally tailored messages that online platforms send to their audience.
The plugin is compatible with WooCommerce, Ninja Forms, BuddyPress, and others. While the number of sites using it isn't large, many have a large audience, allowing the flaw to affect a significant number of Internet users.
|
Scooped by
Gust MEES
|
Miscreants are wasting no time in using the widespread Log4j vulnerability to compromise systems, with waves and waves of live exploit attempts focused mainly – for now – on turning infected devices into cryptocurrency-mining botnet drones.
Israel's Check Point said this morning it was seeing around 100 exploit attempts every minute, going into further detail in a blog post.
Apache Log4j is a logging utility written in Java that is used all over the world in many software packages and online systems. Last week it emerged that Alibaba security engineer Chen Zhaojun had found and privately disclosed on November 24 details of a trivial-to-exploit remote code execution hole (CVE-2021-44228) in Log4j 2.x, specifically versions 2.14.1 and earlier.
Exploitation is possible by feeding a specially crafted snippet of text, such as a message or username, to an application that logs this information using Log4j 2. Learn more / En savoir plus / Mehr erfahren: https://www.scoop.it/topic/securite-pc-et-internet https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Log4j
|
Chinesischer Tiktok-Betreiber hat vollen Zugriff auf Daten
"Alles wird in China eingesehen", heißt es in einem geleakten Bericht des Tiktok-Konzerns Bytedance. Die Firma hat Zugriff auf US-Daten.
Tiktok-Daten sind nicht unbedingt vor einer Einsicht sicher.
(Bild: Bytedance/Montage: Golem.de)
Die Social-Media-Videoplattform Tiktok steht im Verdacht, persönliche Userdaten von US-Kunden an die Unternehmenszentrale in China weiterzuleiten. Dabei sei der Zugriff auf sämtliche Informationen möglich. "Alles wird in China eingesehen", sagt ein anonymisierter Angestellter bei Tiktok-Betreiber Bytedance in einem Meeting. Dieses und mehr als 80 weitere Aufzeichnungen wurden unter anderem vom Magazin Buzzfeed News eingesehen. Die Protokolle gehen demzufolge auf September 2021 bis Januar 2022 zurück.
Learn more / En savoir plus / Mehr erfahren:
https://www.scoop.it/topic/securite-pc-et-internet/?&tag=Privacy
https://www.scoop.it/topic/social-media-and-its-influence