Posts

Hak5 2306 – Bash Bunny Phishing Attack With Hamsters

Hak5.org/live to watch the event announcement live!
Hak5.org/rsvp to come to our San Francisco event.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news


Source: Zologic

WPA2 Wi-Fi Vulnerable to KRACK Hack; RSA Keys Broken – ThreatWire

Krack is bad for WiFi, Equifax loses their IRS contract, and an RSA crypto key is vulnerable to being reverse engineered. Today on ThreatWire.

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

https://www.krackattacks.com/
https://www.kb.cert.org/vuls/byvendor?searchview&Query=FIELD+Reference=228519&SearchOrder=4
https://github.com/kristate/krackinfo
https://www.wired.com/story/krack-wi-fi-wpa2-vulnerability/
https://arstechnica.com/information-technology/2017/10/severe-flaw-in-wpa2-protocol-leaves-wi-fi-traffic-open-to-eavesdropping/
http://www.zdnet.com/article/here-is-every-patch-for-krack-wi-fi-attack-available-right-now/
https://www.theverge.com/2017/10/16/16481818/wi-fi-attack-response-security-patches

Equifax Takes Down Compromised Page Redirecting to Adware Download

Equifax Credit Assistance Site Served Spyware

https://www.cnet.com/news/equifax-website-ads-served-adware-malware-expert-finds/
https://randy-abrams.blogspot.com/2017/10/new-equifax-website-compromise.html
https://www.cnet.com/news/irs-reportedly-suspends-7-2-million-equifax-contract/
https://arstechnica.com/tech-policy/2017/10/after-second-bungle-irs-suspends-equifaxs-taxpayer-identity-contract/

https://arstechnica.com/information-technology/2017/10/crypto-failure-cripples-millions-of-high-security-keys-750k-estonian-ids/
https://en.wikipedia.org/wiki/Coppersmith%27s_attack
https://www.yubico.com/keycheck/
https://keychest.net/roca

Youtube Thumbnail credit:
https://static.pexels.com/photos/7101/wood-coffee-iphone-notebook.jpg

Source: Security news


Source: Zologic

WPA and WPA2 Vulnerabilities Update

On October 16, 2017, a statement from the International Consortium for Advancement of Cybersecurity on the Internet (ICASI) was released alerting the industry to a series of vulnerabilities for WPA and WPA2. These vulnerabilities are at the protocol-level and affect a large number of wireless infrastructure devices and wireless clients, across many vendors. This security flaw means that, for vulnerable clients and access points, WPA and WPA2-encrypted Wi-Fi traffic is no longer secure until certain steps are taken to remediate the issue. The Wi-Fi data stream, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge. WatchGuard’s Wi-Fi access points and Wi-Fi enabled appliances are affected by these vulnerabilities. Following is detailed information about the vulnerabilities, which WatchGuard products are affected, and timing for patches.

Who is affected by these vulnerabilities?
Any Wi-Fi client or access point that utilizes the wpa_supplicant or hostapd Open Source software packages in the authentication process may be affected by these vulnerabilities. These are widely used software packages across the industry, so the vast majority of devices will be affected. The ICASI statement linked above includes many, but not all, affected vendors. Organizations that use wireless access points (APs) relying on WPA or WPA2 encryption, and mobile users who connect to Wi-Fi networks with smartphones, tablets, laptops, and other devices, should implement the necessary patches applicable to these vulnerabilities.

How many/what type of vulnerabilities are there?
Refer to the ICASI list of vulnerabilities and Common Vulnerability and Exposure (CVE) identifiers here.

How do the WPA and WPA2 vulnerabilities work?
A malicious user could inject specially-crafted packets into the middle of the WPA/WPA2 authentication handshake, forcing installation of a key known to—or controlled by—the attacker. This results in the possibility of decrypting and/or modifying client traffic. Traffic already protected by a higher-level encryption protocol, such as HTTPS, VPNs, or application encryption would not be impacted.

Depending on the specific device configuration, successful exploitation of these vulnerabilities could allow unauthenticated attackers to perform packet replay, decrypt wireless packets, and to potentially forge or inject packets into a wireless network. This is accomplished by manipulating retransmissions of handshake messages.

When an adversary manipulates certain handshake messages over the air, the exploit results in reuse of some packet numbers when handshakes are performed. The reuse of packet numbers violates the fundamental principle on which the strength of WPA2 encryption and replay security is based. The principle is that for a given key hierarchy, PTK, GTK and IGTK, packet numbers in two original (non-retransmits) packet transmissions protected by them cannot be repeated. For packet pairs where this assumption is violated, it is possible to determine the content of one packet if the plaintext of the other packet is known or can be guessed. Packet number can also permit adversary to replay old packets to the receiver.

Do these vulnerabilities represent a protocol design failure of WPA2?
No, the failure is with the wpa_supplicant or hostapd Open Source software packages, and is not a protocol design failure of WPA2.

Which WatchGuard products were affected?

  • Access Points: AP100, AP102, AP120, AP200, AP300, AP320, AP322, AP420
  • Appliances: XTM 25-W, 26-W, 33-W; Firebox T10-W, T30-W, T50-W

How can WatchGuard partners and customers access patches / updates that address these vulnerabilities?
Patches will be available for Fireware, WatchGuard legacy and current APs, and for WatchGuard Wi-Fi Cloud via the following releases and estimated timing (subject to changes, monitor this blog for patch updates):
Sunday, October 15, 2017:

  • AP120, 320, 322, 420:  Release 8.3.0-657, Cloud mode only

Monday, October 30, 2017:

  • Fireware: Release 12.0.1
  • Legacy AP:
    • AP300: Release 2.0.0.9
    • AP100, 102, 200: Release 1.2.9.14
  • AP120, 320, 322, 420:  Release 8.3.0-657, Non-Cloud (GWC mode)

Have any of WatchGuard’s customers or partners been negatively impacted by these vulnerabilities?
No, we are not aware of any WatchGuard customers or partners who have been negatively impacted by these vulnerabilities.

What is WPA2?
WPA2 (802.11i) is currently the standard for link layer security in Wi-Fi networks. It uses either 802.1x (EAP) or shared key (PSK) based authentication. In 802.1x, the client is authenticated from a backend RADIUS server when setting up a wireless connection. During the authentication process, the client and the RADIUS server generate a common key called Pairwise Master Key (PMK). The PMK is sent from the RADIUS server to the AP over a secure wired network. In PSK, the PMK is statically installed in the client and the AP by entering the same passphrase (password) on both sides. The PMK is then used to generate a hierarchy of keys to be used for encryption and integrity protection for data sent over wireless link between the AP and the client.

The protocol to generate the key hierarchy from PMK is called an EAPOL 4-Way Handshake. It is used to derive the following keys:

  • Pairwise Transient Key (PTK), used to encrypt unicast communication between AP and client. PTK is derived and installed by the AP and the client at the time of setting up a wireless connection. It is refreshed during the connection after pre-configured time has passed. It is also refreshed when client roams between APs using fast transition (FT) protocol.
  • Group Transient Key (GTK), used for encrypting broadcast and multicast messages from APs to clients. A GTK is generated and maintained by the AP. It is securely delivered by the AP to the client at the time of setting up a wireless connection.
  • Integrity Group Transient Key (IGTK), used for providing integrity for broadcast and multicast management messages (called management frame protection or MFP) transmitted from the AP to the client. IGTK is generated and maintained by the AP. It is securely delivered by the AP to the client at the time of setting up a wireless connection.

The keys (GTK and IGTK) are refreshed when a client leaves the AP and the new keys are distributed to all remaining clients using a protocol called Group Key Handshake.

What is WPA?
Wi-Fi Protected Access (WPA) is a security protocol and security certification system developed by the Wi-Fi Alliance in response to weaknesses found in the previous system, Wired Equivalent Privacy (WEP). This was an intermediate measure taken in anticipation of the availability of the more complex and secure WPA2. WPA is obsolete and insecure, and WatchGuard recommends that all customers use WPA2, and not WPA.

Is there a method to protect patched devices against unpatched devices?
WatchGuard is providing patches for all of our affected products, and for non-WatchGuard appliances, users should refer to their Wi-Fi device vendor’s website or security advisories to determine if their device has been affected and has an update available.


Source: WatchGuard

KRACK (Key Reinstallation Attack) for WPA and WPA2 Vulnerabilities Update

[Editor’s note: Article updated on 10/20/2017 with additional information about KRACK mitigation options from WatchGuard.]

On October 16, 2017, a statement from the International Consortium for Advancement of Cybersecurity on the Internet (ICASI) alerted the industry to a series of vulnerabilities for WPA and WPA2, named KRACK (Key Reinstallation Attack). These vulnerabilities affect a large number of wireless infrastructure devices and wireless clients, across many vendors. This security flaw means that, for vulnerable clients and access points, WPA and WPA2-encrypted Wi-Fi traffic is no longer secure until certain steps are taken to remediate the issue. The Wi-Fi data stream, including passwords and personal data, can be intercepted, decrypted, and modified without a user’s knowledge. WatchGuard’s Wi-Fi access points (APs) and Wi-Fi enabled appliances are affected by these vulnerabilities. Following is detailed information about the vulnerabilities, which WatchGuard products are affected, and timing for patches. WatchGuard understands that in many cases, it’s difficult, if not impossible to patch all client devices. For example, IoT devices where vendors may be slow, out of business, or unwilling to patch older product versions, leaving many clients vulnerable indefinitely. See below for details on how WatchGuard Wi-Fi technology can mitigate KRACK for vulnerable clients and details are addressed below.

Who is affected by these vulnerabilities?
The vulnerability is widespread. Review the ICASI statement additional information and CVEs. Organizations that use wireless access points (APs) relying on WPA or WPA2 encryption, and mobile users who connect to Wi-Fi networks with smartphones, tablets, laptops, and other devices, should implement the necessary patches applicable to these vulnerabilities.

How many/what type of vulnerabilities are there?
Refer to the ICASI list of vulnerabilities and Common Vulnerability and Exposure (CVE) identifiers here.

How do the KRACK (Key Reinstallation Attack) for WPA and WPA2 vulnerabilities work?
A malicious user could inject specially-crafted packets into the middle of the WPA/WPA2 authentication handshake, forcing installation of a key known to—or controlled by—the attacker. This results in the possibility of decrypting and/or modifying client traffic. Traffic already protected by a higher-level encryption protocol, such as HTTPS, VPNs, or application encryption would not be impacted.

Depending on the specific device configuration, successful exploitation of these vulnerabilities could allow unauthenticated attackers to perform packet replay, decrypt wireless packets, and to potentially forge or inject packets into a wireless network. This is accomplished by manipulating retransmissions of handshake messages.

When an adversary manipulates certain handshake messages over the air, the exploit results in reuse of some packet numbers when handshakes are performed. The reuse of packet numbers violates the fundamental principle on which the strength of WPA2 encryption and replay security is based. The principle is that for a given key hierarchy, PTK, GTK and IGTK, packet numbers in two original (non-retransmits) packet transmissions protected by them cannot be repeated. For packet pairs where this assumption is violated, it is possible to determine the content of one packet if the plaintext of the other packet is known or can be guessed. Packet number can also permit adversary to replay old packets to the receiver.

Which WatchGuard products were affected?

  • Access Points: AP100, AP102, AP120, AP200, AP300, AP320, AP322, AP420
  • Appliances: XTM 25-W, 26-W, 33-W; Firebox T10-W, T30-W, T50-W

 

How can WatchGuard partners and customers access patches / updates that address these vulnerabilities?
Patches will be available for Fireware, WatchGuard legacy and current APs, and for WatchGuard Wi-Fi Cloud via the following releases and estimated timing (subject to changes, monitor this blog for patch updates):

Sunday, October 15, 2017:

  • AP120, 320, 322, 420:  Release 8.3.0-657, Cloud mode only

 

Monday, October 30, 2017:

  • Fireware: Release 12.0.1
  • Legacy AP:
    • AP300: Release 2.0.0.9
    • AP100, 102, 200: Release 1.2.9.14
  • AP120, 320, 322, 420:  Release 8.3.0-657, Non-Cloud (GWC mode)

 

Q: Is there a method to protect unpatched client devices?
A: WatchGuard is providing patches for all of our affected products and also recommends patching all non-WatchGuard Wi-Fi enabled devices whenever possible.  To protect unpatched client devices, WatchGuard provides two methods of protection:

  1. An option to “Mitigate WPA/WPA2 key reinstallation vulnerability in clients” is available now in the Wi-Fi Cloud, and available October 30, 2017 in Fireware version  12.0.1 in the Gateway Wireless Controller (GWC) settings [available for AP120, AP320, AP322, and AP420 version 8.3.0-657].
  2. AP MAC spoofing prevention is available now in the Wi-Fi Cloud when dedicated WIPS sensors are deployed (not background scanning)

 

Read more about protecting Wi-Fi devices from KRACK this blog post, and in the WatchGuard Knowledge Base.

Have any of WatchGuard’s customers or partners been negatively impacted by these vulnerabilities?
No, we are not aware of any WatchGuard customers or partners who have been negatively impacted by these vulnerabilities.

What is WPA2?
WPA2 (802.11i) is currently the standard for link layer security in Wi-Fi networks. It uses either 802.1x (EAP) or shared key (PSK) based authentication. In 802.1x, the client is authenticated from a backend RADIUS server when setting up a wireless connection. During the authentication process, the client and the RADIUS server generate a common key called Pairwise Master Key (PMK). The PMK is sent from the RADIUS server to the AP over a secure wired network. In PSK, the PMK is statically installed in the client and the AP by entering the same passphrase (password) on both sides. The PMK is then used to generate a hierarchy of keys to be used for encryption and integrity protection for data sent over wireless link between the AP and the client.

The protocol to generate the key hierarchy from PMK is called an EAPOL 4-Way Handshake. It is used to derive the following keys:

  • Pairwise Transient Key (PTK), used to encrypt unicast communication between AP and client. PTK is derived and installed by the AP and the client at the time of setting up a wireless connection. It is refreshed during the connection after pre-configured time has passed. It is also refreshed when client roams between APs using fast transition (FT) protocol.
  • Group Transient Key (GTK), used for encrypting broadcast and multicast messages from APs to clients. A GTK is generated and maintained by the AP. It is securely delivered by the AP to the client at the time of setting up a wireless connection.
  • Integrity Group Transient Key (IGTK), used for providing integrity for broadcast and multicast management messages (called management frame protection or MFP) transmitted from the AP to the client. IGTK is generated and maintained by the AP. It is securely delivered by the AP to the client at the time of setting up a wireless connection.

 

The keys (GTK and IGTK) are refreshed when a client leaves the AP and the new keys are distributed to all remaining clients using a protocol called Group Key Handshake.

What is WPA?
Wi-Fi Protected Access (WPA) is a security protocol and security certification system developed by the Wi-Fi Alliance in response to weaknesses found in the previous system, Wired Equivalent Privacy (WEP). This was an intermediate measure taken in anticipation of the availability of the more complex and secure WPA2. WPA is obsolete and insecure, and WatchGuard recommends that all customers use WPA2, and not WPA.


Source: WatchGuard

HakTip 166 – How To Use ExFAT In Linux: Linux Terminal 201

Having problems mounting a flashdrive formatted in ExFAT on Ubuntu? Here’s how to fix that!

Use coupon code haktip at https://www.eero.com for free overnight shipping on your order to the US or Canada!

Props to HowToGeek for the awesome written directions! https://www.howtogeek.com/235655/how-to-mount-and-use-an-exfat-drive-on-linux/

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news


Source: Zologic

Dit jaar is de Week van de Veiligheid!

Zologic en CyberPrevent steunen de Week van de veiligheid want cybercrime komt veel meer voor dan je denkt!


Je hoopt dat je er nooit mee te maken krijgt, een diefstal, spookfacturen of erger nog: een cyberoverval . Als het je dan toch overkomt, wil je weten hoe jij en je personeel moeten handelen.

Elke vorm van cybercrime heeft specifieke aandachtspunten. Maar met een aantal algemene stelregels kunt u de kans om slachtoffer te worden van cybercrime al flink verkleinen.

Hoe kan ik voorkomen dat ik slachtoffer word van cybercrime?

  • Wees terughoudend met het geven van persoonsgegevens op het internet. Denk daarbij niet alleen aan uw eigen gegevens, maar ook aan die van klanten, leveranciers en personeel. Eenmaal op internet geplaatste gegevens blijven ‘voor eeuwig’ beschikbaar.
  • Geef nooit uw inlog- of pincode af, ook niet als het verzoek afkomstig lijkt van een betrouwbare afzender.
  • Verwijder verdachte e-mails direct en klik nooit op een link die in de e-mail staat.
  • Zorg voor een goed werkende firewall. Een CyberPrevent houdt al het inkomende en uitgaande dataverkeer in de gaten en beoordeelt of iets doorgelaten kan worden of niet.
  • Houd uw software up-to-date. Sommige softwarefouten worden laat ontdekt en vormen een serieus beveiligingsrisico. Softwareleveranciers brengen regelmatig updates van hun software uit, zorg dat u deze updates automatisch installeert.
  • Ga niet onbezonnen in op aanbiedingen per mail maar verifieer altijd eerst of u met een bonafide instelling te maken heeft.Controleer het webadres, voordat u een betaling doet. Als een site nieuw voor u is, check dan altijd bij wie u inkoopt. Of het nu om een bank, een leverancier of een klant gaat.
    Stelt u zichzelf de volgende vragen:
    – Is het een bestaand bedrijf?
    – Staan alle contactgegevens vermeld?
    – Staan er privacy-, leverings- en betaalvoorwaarden op de site?
  • Blijf alert bij online betalingen. Een veilige betaalomgeving herkent u aan:
    – een beveiligde webpagina begint altijd met https, waarbij de ‘s’ staat voor secure
    – een hangslotje. Hier kunt u op klikken om de details van de site te controleren.
  • Zorg voor een back-up van uw documenten.
  • Doe altijd aangifte bij de politie wanneer je bedrijf te maken heeft gehad met cybercrime.
  • Bespreek bovenstaande zaken ook met uw personeel.

Speciaal om jou hierover te informeren, is er de Week van de Veiligheid. Ben jij voorbereid op criminaliteit? Bekijk de veiligheidsmiddelen die je helpen om je business veiliger te maken .  Download dan de poster en hang deze op in de kantine van jouw onderneming.

Wil je nog meer doen om cybercriminaliteit te voorkomen? Kijk dan ook eens naar het menu aan de linkerkant van deze pagina, gebruik de materialen en ga van start. Organiseer bijvoorbeeld een groepstraining, doe een veiligheidsscan, volg samen met je personeel een van de online trainingen of bestel de brochures voor meer veilige gevoel binnen uw organisatie.

 

Hak5 2305 – Password Grabber Bash Bunny Payload

Check out the awesome password grabber payload for the Bash Bunny on Hak5!

Sign up for our October 20 Event where we’ll be giving away gear gifts to the first 100 attendees! – hak5.org/rsvp

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news


Source: Zologic

Using Data to Create Personalized Experiences for a Better Bottom Line

The Need for Personalization

Today’s retail landscape is more competitive than ever. Brands have to rely and work with not only brick-and-mortar chains, but with websites around the world, many of which operate on thinner margins. Brands that are trying to break through are facing an increasingly difficult disrupted marketplace, where new competitors seem to appear almost every day.

Meanwhile, an array of new technologies enable brands to deliver personalized experiences to millions of individual customers in real time. Analytics, both on the web and in-store, provide detailed insights on customers’ interests and purchase patterns, along with increasingly accurate predictions about what they’re likely to buy next month. Brands and retailers are leveraging this data to streamline their sales funnels, achieving greater efficiently every year.

In this increasingly competitive marketplace, personalized customer experiences are no longer just a nice bonus. They’re the only thing preventing your customers from switching to another brand that seems to understand them better. With a tremendous amount of money being spent getting foot traffic in stores, personalized experiences can be used to point consumers towards desired products, in hopes of making a sale. Here’s how visual experiences can enable more engaging experiences, more empowered sales teams, and an improved bottom line for your brand.

A person looks at a mirror.

Personalized, connected, data smart experiences

Data comes from a wide range of sources – and ideally, you should be gathering it from all your store’s touchpoints. Interactions on the web, on mobile, and in brick-and-mortar stores can all combine to create customer insights you’d never have gotten from any single source. Add in volunteered data from loyalty programs, and you’ve got all the resources you need to build robust, 360-degree view of your store.

These deep customer insights enable you to deliver more tailored advertising, orchestrating continuously improved customer journeys that span all digital and physical touchpoints. Instead of showing all your customers the same ads, you’ll be able to show offers related to their individual tastes and preferences – both on the web and in your stores. This kind of interactive signage gets more than twice the engagement rate of social media and 24 percent more dwell time than Google’s benchmark.

Beyond advertising, these robust customer insights will enable you to provide best-in-class sales tools to your employees. The latest generation of in store technologies are helping sales associates get to know their customers via opt-in loyalty programs, allowing them to greet customers by name, purchase anywhere, make recommendations to customers, anticipate customer demand and optimize supply chain to meet demand.

With more informed salespeople comes faster, more streamlined, and personalized service. When your customers feel empowered to begin the purchase process on their own devices – and your sales staff can pick up and complete that process at the point of conversion – you’ll see shorter lines, faster checkouts, and smoother flow of foot traffic throughout your store. Since employees will be able to concentrate more on personal customer service, customers will leave happier than ever.

 

Raising your bottom line

Longer dwell time and shorter lines are all well and good – but how do all these changes perform in terms of return on investment (ROI)? Strikingly well, in fact. Personalized experiences have been shown to contribute to increased revenue and reduced loss in a variety of complementary ways.

Digital signage can also pick up on trends, demographics, patterns, and provide detailed analytics, allowing retailers to better decide how to promote certain items. With this data, retailers can better decide how to spend their advertising dollars. This creates targeted content that has a much better chance at effectively reaching the consumer, ultimately leading to a sale. This can all be done in real time, allowing retailers to minimize waste and spend money when and where it counts.

Personalized experiences are powerful tools for transforming unique spaces into new revenue streams. You could even transform your parking lots into showcases where customers can interact with personalized displays which can help draw them into your store. This may lead to new opportunities in capturing revenue by using these spaces to place digital signage, capture ad revenue and target an untapped audience.

Messaging at the right time is also crucial. Most customers perform their own product research, both at home and in-store. But when shopping in a store, a full 90 percent of shoppers make at least one impulse purchase per trip – often driven by ads or reviews they see on digital signs while at the store.

The more data you’re able to bring together from all channels, the more personalized experiences you’ll be able to serve up at the exact moment when each customer is most likely to consider a purchase. And along the way, your interactive displays will be gathering even more data on your customers’ preferences and behavior, so you can create more targeted, effective outreach, leading to a positive impact on the bottom line.

Visit intel.com/retail to learn more about how Intel technology is shaping the future of responsive retail. To stay informed about Intel IoT developments, subscribe to our RSS feed for email notifications of blog updates, or visit intel.com/IoTLinkedInFacebook and Twitter.


Source: Network News

3 Billion Yahoo Accounts Hacked; Disqus Hacked! – Threat Wire

The Yahoo breach was a lot worse than we thought, the Equifax ex-CEO sheds light on some questions, disqus was hacked, and Kaspersky is stuck in the middle of debates. All that coming up now on ThreatWire.

Hak5 Product Launch Event! October 20th: https://www.hak5.org/rsvp

——————————-
——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

https://motherboard.vice.com/en_us/article/8x8b4x/whoops-yahoo-says-2013-hack-actually-hit-3-billion-users
https://www.oath.com/press/yahoo-provides-notice-to-additional-users-affected-by-previously/

2013 Yahoo Breach Affected All 3 Billion Accounts

Fear Not: You, Too, Are a Cybercrime Victim!

https://www.cnet.com/how-to/find-out-if-your-yahoo-account-was-hacked/
https://www.cnet.com/news/yahoo-announces-all-3-billion-accounts-hit-in-2013-breach/
https://www.cnet.com/how-to/how-to-delete-your-yahoo-account/
https://arstechnica.com/information-technology/2017/10/yahoo-says-all-3-billion-accounts-were-compromised-in-2013-hack/
https://www.wired.com/story/yahoo-breach-three-billion-accounts/
https://thehackernews.com/2017/10/yahoo-email-hacked.html

https://thehackernews.com/2017/10/kaspersky-nsa-spying.html
https://www.wired.com/story/nsa-contractors-hacking-tools/
https://arstechnica.com/information-technology/2017/10/the-cases-for-and-against-claims-kaspersky-helped-steal-secret-nsa-secrets/
https://www.cnet.com/news/russian-hackers-reportedly-stole-nsa-cyber-secrets-in-2015/
https://motherboard.vice.com/en_us/article/kz755a/ex-nsa-hackers-are-not-surprised-by-bombshell-kaspersky-report

We aggressively protect our users and we’re proud of it.

https://www.wired.com/story/equifax-ceo-congress-testimony/
https://arstechnica.com/tech-policy/2017/10/irs-awards-equifax-7-25m-taxpayer-identity-contract-weeks-after-hack/
https://www.cnet.com/news/irs-gives-equifax-7-25-million-contract-to-prevent-tax-fraud/
https://www.cnet.com/news/equifax-ex-ceo-blames-breach-on-one-person-and-a-bad-scanner/

https://blog.disqus.com/security-alert-user-info-breach
https://thehackernews.com/2017/10/disqus-comment-system-hacked.html

Youtube Thumbnail credit:
https://upload.wikimedia.org/wikipedia/commons/thumb/6/66/Yahoo%21_Taiwan_weiya_stage_20160119.jpg/1280px-Yahoo%21_Taiwan_weiya_stage_20160119.jpg

Source: Security news


Source: Zologic

HakTip 165 – Monitoring System Resources Pt 2: Linux Terminal 201

Monitoring system resources via the Linux terminal!

https://github.com/Distrotech/lsof/blob/master/00QUICKSTART
https://askubuntu.com/questions/89710/how-do-i-free-up-more-space-in-boot

——————————-
Shop: http://www.hakshop.com
Support: http://www.patreon.com/threatwire
Subscribe: http://www.youtube.com/hak5
Our Site: http://www.hak5.org
Contact Us: http://www.twitter.com/hak5
Threat Wire RSS: https://shannonmorse.podbean.com/feed/
Threat Wire iTunes: https://itunes.apple.com/us/podcast/threat-wire/id1197048999
Help us with Translations! http://www.youtube.com/timedtext_cs_panel?tab=2&c=UC3s0BtrBJpwNDaflRSoiieQ
——————————

Source: Security news


Source: Zologic