Twitter Two-Factor Authentication: Too Little, Too Late?

/0 Comments/in /by

A posting from Information week in there security section:  Can you feel the two-factor fever?

Following in the footsteps of Microsoft this month, Apple in March, and Facebook and Google before them,Twitter is now testing a two-factor authentication system to make it more difficult for attackers to hijack people’s accounts.

That’s welcome news in the wake of Twitter account takeovers ofBurger King and Jeep, not to mention the Syrian Electronic Army’s media-focused takeover campaign, which to date has compromised everyone from the BBC and Reuters to National Public Radio and the Associated Press. Indeed, one fake tweet — this week’s hoax AP report that the president was injured in a White House bomb blast — led to a temporary downturn in both the stock market and AP’s Twitter-following base. It also led many social media watchers to ask: Why has Twitter been so slow to offer information security improvements?

To read more click here: 

50,000,000 usernames and passwords lost as LivingSocial “special offers” site hacked

/0 Comments/in /by

A posting from Naked Security about 50,000,000 usernames and passwords lost as LivingSocial “special offers” site hacked:

LivingSocial, the online offers site owned in largish part by Amazon, has just emailed its userbase, said to be 50,000,000-strong, to fess up to a data breach.

That’s right: another day, another shed-load of password hashes in the hands of crooks.

At least LivingSocial’s password database was salted and hashed, which reduces the impact of the breach a lot.

Naked Security reader Chris, from Melbourne, Australia, kindly sent us a copy of the notification email he received:

To read more click here: 

AP Twitter Hack: Lessons Learned

/0 Comments/in /by

An posting from Information Week security in there security section: Would you trust an email that says: “Please read the following article, it’s very important: www.washinqtonpost.com/blogs/worldviews/wp/2013/04/23/”?

So went a phishing email reportedly sent to multiple employees at the Associated Press, less than an hour before the company’s Twitter feed was taken over and used to issue multiple tweets, including a hoax report that President Obama had been injured by explosions at the White House. Cue a temporary stock market tumble.

Sharp-eyed email recipients who weren’t distracted might have noticed that Washington was misspelled in the link. But every other indicator suggested it was from a fellow AP staffer, down to the sender’s email address, and the name and mobile phone number listed at the bottom of the email.

To read more click here:

How Lockheed Martin Phishes Its Own

/0 Comments/in /by

An posting From Dark Reading about How Lockheed Martin Phishes Its Own: On several occasions over the past couple of years, employees at Lockheed Martin have flagged suspicious emails that turned out to be previously unknown targeted attack campaigns aimed at the defense contractor.

This additional pair of eyes in security is one of the bonuses of Lockheed Martin’s homegrown phishing training program, according to the defense contractor’s corporate information security officer.

“Employees each year report something to our CIRT [Computer Incident Response Team] because of our [phishing] training, and it’s been something new to us, and we were able to detect an intrusion that was coming at us,” says Chandra McMahon, CISO at Lockheed Martin.

 

To read more click here: 

XSS Vulnerability in Cisco sub domain found by 14 Years Old security researcher

/3 Comments/in /by

A very interesting article from our content partners at hackersnewsbulletin.com:

A Cross Site Scripting Vulnerability found in Cisco sub domain newsroom.cisco.com by a 14 Year Youngest security researcher Ali Hasan Gauri, today he reported us about his Latest vulnerability he found in Cisco sub domain.
After reporting this Vulnerability to CISCO they fixed that.
Ali Hasan also added:
Cisco fixed this XSS Vulnerability very soon But Don’t offer any reward for Researchers .

Here is POChttp://newsroom.cisco.com/press-release-content?articleld=1118649%22%3E%3Cimg%20src=x%20onerror=prompt%28XSS/By/AliHasanGhauri%29%3E

Read the rest here.

Nessus® 5.2 Vulnerability Scanner is Now Available

/0 Comments/in /by
The below content is from an email we received from Tenable:
Tenable is pleased to announce the availability of the Nessus® 5.2 vulnerability scanner. This release provides expanded platform support and integration, enhanced analysis and reporting capabilities, and improved usability. Nessus 5.2 is available now to Nessus ProfessionalFeed®, Nessus Perimeter Service™, and Nessus HomeFeed® users at no additional cost.

Nessus 5.2 delivers the following benefits:

  • Attachments within scan result reports: easy access to supporting information for vulnerability investigation and documentation with a new capability to store attachments within scan result reports.
  • Expanded OS support and integration: Windows 8 and Windows Server 2012 support, and IPv6 scanning for all platforms including Windows.
  • Improved usability: simplified activation to get new users up and running faster, and improved UI responsiveness to enhance the overall user experience. Note: Current Nessus users who upgrade to 5.2 do not need to re-register or re-activate their plugin feed.

For more information on the Nessus 5.2 release, view a brief video introduction or read the “Nessus 5.2 Released” blog post.

Current customers can download 5.2 from the Tenable Support Portal. Detailed instructions and notes on upgrading are located in the Nessus 5.2 Installation and Configuration Guide.

For ProfessionalFeed or Perimeter Service customers who have questions on the Nessus 5.2 release, please contact Tenable Support. HomeFeed users may consult the Tenable Discussion Forum.