A 虚拟专用网是在互联网上的两台或多台计算机之间的安全通道，允许他们相互访问，如果在本地网络上。在过去，VPN的主要被公司用来安全地远程分支机构连接在一起，或连接漫游员工的办公网络，但今天他们是对消费者的一个重要的服务也一样，保护他们免受攻击，当他们连接到公共无线网络。鉴于其重要性，这里就是你需要了解的VPN是什么：

VPN是为您的隐私和安全性好

打开无线网络构成严重风险用户，因为攻击者坐在同一个网络中可以使用各种技术来嗅探网络流量，甚至劫持账户在不使用HTTPS安全协议的网站。此外，一些无线网络的网络运营商故意注入到广告网络流量，这些可能导致不希望的跟踪。 阅读这篇文章完全，请点击这里 //m.banksfrench.com/article/3138952/5-things-you-need-to-know-about-virtual-private-networks.html 星期二，2017年八时十三分45秒-0700 5月16日 卢西恩江诗丹顿 卢西恩江诗丹顿

A group of hackers that previously leaked alleged U.S. National Security Agency exploits claims to have even more attack tools in its possession and plans to release them in a new subscription-based service.

The group also has intelligence gathered by the NSA on foreign banks and ballistic missile programs, it said.

The Shadow Brokers was responsible for leaking EternalBlue, the Windows SMB exploit that was used by attackers in recent days to infect hundreds of thousands of computers around the world with the WannaCry ransomware program.

To read this article in full, please click here

//m.banksfrench.com/article/3197106/shadow-brokers-teases-more-windows-exploits-and-cyberespionage-data.html 2017年5月15日星期一10:39:19 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

Thousands of organizations from around the world were caught off guard by the WannaCry ransomware attack launched Friday. As this rapidly spreading threat evolves, more cybercriminals are likely to attempt to profit from this and similar vulnerabilities.

As a ransomware program, WannaCry itself is not that special or sophisticated. In fact, an earlier version of the program was distributed in March and April and, judging by its implementation, its creators are not very skilled.

To read this article in full, please click here

//m.banksfrench.com/article/3196123/wannacry-attacks-are-only-the-beginning.html 周五2017年12点39分28秒-0700 5月12日 卢西恩江诗丹顿 卢西恩江诗丹顿

In response to recent attacks where hackers abused Google's OAuth services to gain access to Gmail accounts, the company will review new web applications that request Google users' data.

To better enforce its policy regarding access to user data through its APIs (application programming interfaces), which states that apps should not mislead users when presenting themselves and their intentions, Google is making changes to the third-party app publishing process, its risk assessment systems and the consent page it displays to users.

Google is an identity provider, which means other web apps can use Google as the authentication mechanism for users accessing the app. Apps use the OAuth protocol to do this. These apps can also use Google's APIs to send users requests for information stored in Google's services.

To read this article in full, please click here

//m.banksfrench.com/article/3196382/google-will-review-web-apps-that-want-access-to-its-users-data.html 2017年5月12日星期五08:08:21 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

Attackers behind the highly successful Locky and Bart ransomware campaigns have returned with a new creation: A malicious file-encrypting program called Jaff that asks victims for payments of around $3,700.

Like Locky and Bart, Jaff is distributed via malicious spam emails sent by the Necurs botnet, according to researchers from Malwarebytes. Necurs first appeared in 2012 and is one of the largest and longest-running botnets around today.

According to an April analysis by researchers from IBM Security, Necurs is made up of about 6 million infected computers and is capable of sending batches of millions of emails at a time. It is also indirectly responsible for a large percentage of the world's cybercrime because it's the main distribution channel for some of the worst banking Trojan and ransomware programs.

To read this article in full, please click here

//m.banksfrench.com/article/3196478/new-ransomware-jaff-demands-3700-payments.html 星期四，2017年9点26分36秒-0700 5月11日 卢西恩江诗丹顿 卢西恩江诗丹顿

Users of Asus RT-N and RT-AC series routers should install the latest firmware updates released for their models because they address vulnerabilities that could allow attackers to hijack router settings.

The flaws were discovered by researchers from security consultancy outfit Nightwatch Cybersecurity and leave many Asus router models exposed to cross-site request forgery (CSRF) attacks.

CSRF is an attack technique that involves hijacking a user's browser when visiting a specially crafted website and forcing it to send unauthorized requests to a different website -- or in this case, the router web-based administration interface accessible over the local area network (LAN).

To read this article in full, please click here

//m.banksfrench.com/article/3196149/latest-firmware-updates-for-asus-routers-fix-csrf-security-flaws.html 2017年5月10日星期三08:51:48 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure. The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.

Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.

SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made -- for example, for outdated payment terminals.

To read this article in full, please click here

//m.banksfrench.com/article/3195916/microsoft-finally-bans-sha-1-certificates-in-internet-explorer-and-edge.html 星期二，2017年5月9日十四时21分31秒-0700 卢西恩江诗丹顿 卢西恩江诗丹顿

Microsoft released security patches Tuesday for 55 vulnerabilities across the company's products, including for three flaws that are already exploited in targeted attacks by cyberespionage groups.

Fifteen of the vulnerabilities fixed in Microsoft's patch bundle for May are rated as critical and they affect Windows, Microsoft Office, Microsoft Edge, Internet Explorer, and the malware protection engine used in most of the company's anti-malware products.

System administrators should prioritize the Microsoft Office patches because they address two vulnerabilities that attackers have exploited in targeted attacks over the past two months. Both of these flaws, CVE-2017-0261 and CVE-2017-0262, stem from how Microsoft Office handles Encapsulated PostScript (EPS) image files and can lead to remote code execution on the underlying system.

To read this article in full, please click here

//m.banksfrench.com/article/3195804/microsoft-fixes-55-vulnerabilities-3-exploited-by-russian-cyberspies.html 2017年5月9日星期二07:26:55 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

Microsoft has released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.

The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.

Ormandy announced Saturday on Twitter that he and his colleague found a "crazy bad" vulnerability in Windows and described it as "the worst Windows remote code execution in recent memory."

To read this article in full, please click here

//m.banksfrench.com/article/3195429/microsoft-fixes-remote-hacking-flaw-in-windows-malware-protection-engine.html 星期一，2017年5月8日08:04:45 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

The HandBrake development team posted a security warning on the project's website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.

The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.

To read this article in full, please click here

//m.banksfrench.com/article/3195075/supply-chain-attack-hits-mac-users-of-handbrake-video-converter-app.html 星期五，2017年5月5日07:55:00 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿 <本文> <节课=“页面”>

在过去的一年中，一组攻击者已经成功地从JavaScript代码拼接在一起感染成百上千个属于政府机构与恶意软件架构的计算机，并公开可用的工具。

的攻击，分析了从防病毒公司BitDefender的研究，显示，网络间谍组不一定需要投入大量资金开发独特而强大的恶意软件程序，以实现自己的目标。事实上，用于系统管理使用的公开可用的工具，可以增加攻击的效率，就更难安全厂商检测到它，并将其链接到特定威胁的演员。 阅读这篇文章完全，请点击这里 //m.banksfrench.com/article/3194778/cyberspies-tap-free-tools-to-make-powerful-malware-framework.html 2017年5月4日星期四16:09:05 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

A sophisticated Russian cyberespionage group is readying attacks against Mac users and has recently ported its Windows backdoor program to macOS.

The group, known in the security industry as Snake, Turla or Uroburos, has been active since at least 2007 and has been responsible for some of the most complex cyberespionage attacks. It targets government entities, intelligence agencies, embassies, military organizations, research and academic institutions and large corporations.

"Compared to other prolific attackers with alleged ties to Russia, such as APT28 (Fancy Bear) and APT29 (Cozy Bear), Snake’s code is significantly more sophisticated, it’s infrastructure more complex and targets more carefully selected," researchers from Dutch cybsersecurity firm Fox-IT said in a blog post Wednesday.

To read this article in full, please click here

//m.banksfrench.com/article/3194807/snake-cyberespionage-malware-is-ready-to-bite-mac-users.html 2017年5月4日星期四11:05:59 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

When Microsoft made it possible for enterprises to quickly resolve incompatibilities between their applications and new Windows versions, it didn't intend to help malware authors as well. Yet, this feature is now abused by cybercriminals for stealthy and persistent malware infections.

The Windows Application Compatibility Infrastructure allows companies and application developers to create patches, known as shims. These consist of libraries that sit between applications and the OS and rewrite API calls and other attributes so that those programs can run well on newer versions of Windows.

Shims are temporary fixes that can make older programs work even if Microsoft changes how Windows does certain things under the hood. They can be deployed to computers through Group Policy and are loaded when the target applications start.

To read this article in full, please click here

//m.banksfrench.com/article/3194519/financial-cybercrime-group-abuses-windows-app-compatibility-feature.html 2017年5月3日星期三06:32:17 -0700 卢西恩江诗丹顿 卢西恩江诗丹顿

The Xen Project has fixed three vulnerabilities in its widely used hypervisor that could allow operating systems running inside virtual machines to access the memory of the host systems, breaking the critical security layer among them.

Two of the patched vulnerabilities can only be exploited under certain conditions, which limits their use in potential attacks, but one is a highly reliable flaw that poses a serious threat to multitenant data centers where the customers' virtualized servers share the same underlying hardware.

The flaws don't yet have CVE tracking numbers, but are covered in three Xen security advisories called XSA-213, XSA-214 and XSA-215.

To read this article in full, please click here

//m.banksfrench.com/article/3194069/xen-hypervisor-faces-third-highly-critical-vm-escape-bug-in-10-months.html