Google will slap big red warning on legit sites hosting bad ads
Stepping up its drive to stamp out the distribution of bad ads through its own ad business, Google will now use Safe Browsing tech to block shady ads across the entire web. more…SLOTH Downgrades TLS 1.2 Encrypted Channels
Early last month a new vulnerability was found in how TLS 1.2 was implemented. Researchers from the French Institute for Research in Computer Science and Automation (INRIA) called this new attack SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes). An attacker with man-in-the-middle capabilities could use SLOTH to attack encrypted traffic in the following ways: decrypt […] more…Oracle deprecates the Java browser plugin, prepares for its demise
The much-maligned Java browser plugin, source of so many security flaws over the years, is to be killed off by Oracle. It will not be mourned. Oracle, which acquired Java as part of its 2010 purchase of Sun Microsystems, has announced that the plugin will be deprecated in the next release of Java, version 9, […] more…Virtual Host Upgrades – January 20
Upgrades will be made to several Virtual Hosts during the ITS Maintenance Window (5:00 – 7:00 a.m.) on Wednesday, January 20. The upgrade will migrate Virtual Hosts from the Network Dispatcher load balancer to an A10 load balancer, in order to then retire the Network Dispatcher load balancer at a later date. A 10-minute outage […] more…Virtual Host Upgrades – January 19
Upgrades will be made to several Virtual Hosts during the ITS Maintenance Window (5:00 – 7:00 a.m.) on Tuesday, January 19. The upgrade will migrate Virtual Hosts from the Network Dispatcher load balancer to an A10 load balancer, in order to then retire the Network Dispatcher load balancer at a later date. A 10-minute outage […] more…Operation Black Atlas, Part 2: Tools and Malware Used and How to Detect Them
This is the second part of our two-part blog series on Operation Black Atlas. The first blog entry is entitled, Operation Black Atlas Endangers In-Store Card Payments and SMBs Worldwide; Switches between BlackPOS and Other Tools. Operation Black Atlas has already spread to a multi-state healthcare provider, dental clinics, a machine manufacturer, a technology company […] more…Google to revoke trust in a Symantec root certificate
Very soon, the Android OS, Chrome browser and other Google products will stop trusting all digital certificates that are linked to a 20-year-old Verisign root certificate. The announcement comes after Symantec unveiled plans to retire the Class 3 Public Primary Certification Authority from public use. This is a widely trusted CA that it acquired along […] more…SHA-1 cutoff could block millions of users from encrypted websites
Millions of Web users could be left unable to access websites over the HTTPS protocol if those websites only use digital certificates signed with the SHA-2 hashing algorithm. The warning comes from Facebook and CloudFlare as browser makers are considering an accelerated retirement of the older and increasingly vulnerable SHA-1 function. The two companies have […] more…The German Underground: Buying and Selling Goods via Droppers
The recent Paris attacks were carried out with both guns and explosives. While the perpetrators probably made the latter themselves, they could not do the same for their guns. So where did they turn to? One option may have been: the Deep Web. On November 27, a German arms dealer was arrested on suspicion of […] more…chat.psu.edu Upgrade – December 2
On Wednesday, December 2, during the ITS Maintenance Window (5:00 – 7:00 a.m.), upgrades will be made to the chat.psu.edu service. Hardware and software updates are being implemented during the work period, which will result in an outage lasting the entire ITS Maintenance Window. Users can expect a full, two-hour outage. The upgrade is being […] more…Facebook to help people tune out their ex-lovers
Your ex will evaporate from your newsfeed without unfriending or blocking. Could keep us from becoming Facebook-stalkers, but so too could quitting the site entirely. more…Dissecting Data Breaches: Guard Your Devices Well
In late September I published my research paper titled Follow the Data: Dissecting Data Breaches and Debunking the Myths that delved deep into the causes behind data breaches. The goal of the paper was to provide a thorough analysis of data breaches so businesses and organizations could better understand the problem and learn how to defend […] more…10 reasons why phishing attacks are nastier than ever
Phishing emails have been the scourge of the computer world for decades, defeating even our best efforts to combat them. Most of us can easily spot them by their subject lines and delete without even opening. If we’re not entirely sure and end up opening them, we can immediately identify a phishing attempt by its […] more…Comcast resets nearly 200,000 passwords after customer list goes on sale
Over the weekend, a reader (@flanvel) directed Salted Hash to a post on a Dark Web marketplace selling a number of questionable, if not outright illegal goods. The post in question offered a list of 590,000 Comcast email addresses and corresponding passwords. As proof, the seller offered a brief list of 112 accounts with a […] more…Update: Penn State University Park – Research Park Fiber Optic Hub Facility Renovations
The Research Park telecommunications facility renovations will begin next week. There have been minor changes to the scheduling of this renovation. The first week will stay the same, November 8 – 12. The remaining work will be performed Sunday, November 22 and Monday, November 23. The work scheduled for the nights of November 8 and […] more…Attackers target OWA for domain credentials
A targeted attack against Outlook Web Application (OWA) illustrates how far adversaries will go to establish persistent control over the organization’s entire network. As seen in recent breaches, attackers typically use stolen credentials or malware to get a foothold on the network, and then target the domain controller. Once attackers successfully compromise the domain controller, […] more…More information
- Resolved: DIMC, accounts.psu.edu, MyPennState, & other websites are slow
- Researchers say online voting tech used in 5 states is fatally flawed
- Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange
- Public Facebook event for house party leads to berserk scenes
- Resolved: Maintenance to The RS6K Lab
- When sysadmins attack (again): former worker gets seven years
- Building an Integrated IT/OT Security Program: Notes From the Field
- What IT managers can do to hold on to their best talent
- Hack of Global Law Firm Appleby Exposes Rich and Famous
- Dridex Still Active After Takedown Attempt