Adobe?Flash ???????????????????
Adobe は、攻撃者がリモートで任意のコードを実行する恐れのある Flash の脆弱性に対して緊急パッチを公開しました。
Read More
Tag Archives: security
?????????????????????? Dyre
競合するトロイの木馬が活動停止に追い込まれた結果、Dyre がその穴を埋めるように急増し、多くの国でオンラインバンキングユーザーに対する最大の脅威となってきました。
Read More
Adobe publishes emergency patch for exploited Flash vulnerability
Adobe has patched a Flash vulnerability that allowed attackers to remotely execute arbitrary code.Read More
Dyre emerges as main financial Trojan threat
After takedowns against rival operations Dyre has filled the vacuum and now poses a major threat to banking customers in many countries.Read More
Hola, Hola VPN users, you may have been part of a botnet!
VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following: allows Hola users to use each others’ bandwidth sells their users’ bandwidth to their sister company […]
???????????????????? Apple OS ????
Mac OS X と iOS にパッチ未公開の脆弱性が存在し、悪質なアプリがセキュリティをくぐり抜けて資格情報を盗み出す恐れがあります。
Read More
Apple vulnerabilities pose serious threat to passwords and credentials
Unpatched vulnerabilities in Mac OS X and iOS allow malicious apps to bypass security and steal credentialsRead More
Obtaining your .BANK Domain; a New Best Practice
It will take a little more effort and a little more time to register new .BANK domains for your bank’s trademarks, trade names and service marks, but it’s worth it.
Twitter Card Style:
summary
Remember how quick it was to register your bank’s .com and other domains. You went to your registrar’s homepage, typed in preferred domain names, clicked a few times, entered billing information and you were done. Within a few seconds, you had confirmations and a new online home.
It will take a little more effort and a little more time to register new .BANK domains for your bank’s trademarks, trade names and service marks, but it’s worth it. Here’s why:
All .BANK domains will be verified by Symantec before the registration is confirmed; part of the enhanced security requirements for .BANK domains required by the .BANK registry fTLD. Because this process cannot be fully automated, it requires that we talk to one or two people at your bank.
Verification ensures that only eligible institutions – banks, bank associations, regulators and certain core service providers – have .BANK domains. It also ensures that the person registering .BANK domains for your bank is authorized to do so. Verification protects the integrity of the .BANK gTLD and the integrity of the banks and other organizations that register .BANK domains. You can learn more about the verification process and Symantec’s role here.
During the registration process you will be asked for the bank’s contact information, regulatory ID number, and the government regulatory authority that charters your bank.
You registrar will also request the name and contact information of someone at your company who can verify the employment information of the registrant contact and the share the name and contact information for someone who can verify that the registrant contact is authorized to register the domains requested.
You can help make the registration process smooth and quick by following a few simple guidelines.
- Make sure you have all the necessary information, including contact information for others at your bank, available when you start the registration process.
- Tell your colleagues that they will receive an important call from Symantec, and why. It will only take them a few minutes to get us the information we need.
- Finally, take a few minutes over the next day or two to see if your colleagues have received a call from a Symantec representative and were able to give us the information we need to verify your bank’s .BANK domain(s).
These few additional steps will help ensure that you get the okay for your .BANK domains as fast as possible. The process typically takes a day of two. It is not as fast as a click, but your bank’s new .BANK domains will set a solid foundation on which to build and maintain your online brand.
??????????????????????????????????
攻撃者は、テキストメッセージとちょっとしたソーシャルエンジニアリングを利用するだけで Gmail、Hotmail、Yahoo メールのアカウントを侵害しています。
Read More
New Rules: Feds Mandate HTTPS on U.S. Government Sites
The White House has mandated that all public-facing Web sites of the federal government must implement HTTPS within the next two years.
Twitter Card Style:
summary
Have you read the news lately? It seems like hardly a week can go by without another data breach happening.
In the past few years, cybercriminals have upped their game considerably, using incredibly sophisticated attacks in growing number. Out of every six large companies, five were targeted last year for attack—that’s a 40% increase over 2013.*
The recent breach on federal employees’ private data, allegedly from China, only underscores the continued looming menace cybercriminals present—and this threat hasn’t gone unnoticed by the feds.
In a January 12 post on the White House Blog, President Obama is quoted as saying: “This is a direct threat to the economic security of American families, and we’ve got to stop it.” Further adding, “If we’re going to be connected, then we need to be protected.” So true! And that line of thinking is what prompted the U.S. government’s latest move.
To help combat these attacks, the White House has mandated that all public-facing Web sites of the federal government must implement HTTPS within the next two years.
This is no minor security update. It carries far-reaching implications that extend beyond the fed. Here’s what we mean.
What HTTPS Offers to Everyone
HTTPS provides a secure line of communication over the Internet, combining the usual HTTP (Hypertext Transfer Protocol) that you see in the address bar of unsecure sites, with SSL (Secure Sockets Layer) that you’re likely to see on most sites involving financial transactions.
This federal move shouldn’t come as a surprise, as the majority of the U.S. government sites have already made the switch to the secure protocol. This includes whitehouse.gov, which made the switch on March 11, 2015, to other federal sites that made the jump earlier, like ftc.gov, donotcall.gov, and others.
This goes beyond the initial site communication handshake—drilling down to subdomains, like examplesection.whitehouse.gov, too.
Up until now, many government sites are current with NIST-recommended SSL standards, but the administration has now moved to make prioritizing security and privacy a common practice among all aspects of federal government sites.
Make no mistake about it, this is huge!
These extra security measures follow the Always On SSL tenets advocated by the Online Trust Alliance, exhibiting some of the strongest moves yet to protect the identity and personal information of U.S. citizens online.
Others Must Follow, Strengthening the Security of the Web
Cybercrime isn’t going to easily back down.
Now, it’s far too easy to compromise private information on sites with subpar security. Today’s cybercriminals are smart and tenacious. By protecting all aspects of a site with SSL—not just transaction pages—businesses can help quell social engineering techniques. These complex ruses can now fool even the savviest netizens into handing over their private information to the bad guys.
Nothing is 100% unhackable now and forever. But just like locking your car doors when you’re out, providing as much security as possible is still a good great idea! By expanding the coverage of SSL, we help further the strength and backbone of the Internet itself.