Newest Guccifer 2.0 DNC dump included personal info about celebrities and CEOs

Democratic National Committee hacker Guccifer 2.0 gave The Hill another batch of pilfered DNC documents; these are different than those files which included information on 11,000 donors given to The Hill last week. At that time, Guccifer had claimed that the press had been forgetting about him, that WikiLeaks was “playing for time” and he still had documents to dump.To read this article in full or to leave a comment, please click here

Newest Guccifer 2.0 DNC dump included personal info about celebrities and CEOs

Democratic National Committee hacker Guccifer 2.0 gave The Hill another batch of pilfered DNC documents; these are different than those files which included information on 11,000 donors given to The Hill last week. At that time, Guccifer had claimed that the press had been forgetting about him, that WikiLeaks was “playing for time” and he still had documents to dump.To read this article in full or to leave a comment, please click here

Security software that uses ‘code hooking’ opens the door to hackers

Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit. Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use 'hooking' to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn't otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims' computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that's scheduled to be published Tuesday.To read this article in full or to leave a comment, please click here

Security software that uses ‘code hooking’ opens the door to hackers

Some of the intrusive techniques used by security, performance, virtualization and other types of programs to monitor third-party processes have introduced vulnerabilities that hackers can exploit. Researchers from data exfiltration prevention company enSilo found six common security issues affecting over 15 products when they studied how software vendors use 'hooking' to inject code into a process in order to intercept, monitor or modify the potentially sensitive system API (application programming interface) calls made by that process. Most of the flaws enSilo found allow attackers to easily bypass the anti-exploit mitigations available in Windows or third-party applications, allowing attackers to exploit vulnerabilities that they couldn't otherwise or whose exploitation would have been difficult. Other flaws allow attackers to remain undetected on victims' computers or to inject malicious code into any process running on them, the enSilo researchers said in a report sent via email that's scheduled to be published Tuesday.To read this article in full or to leave a comment, please click here

Can’t upgrade your laptop to Windows 10? Microsoft will give you one for free*

With two weeks left before Microsoft’s free upgrade offer for Windows 10 comes to a close, the company is pulling out its biggest gimmick yet. Its latest offer is that they’ll give you a free Dell Inspiron 15 laptop if they can’t update your laptop to Windows 10 with same-day service.And yes, there are some strings. Quite a few. First, your trade-in PC needs to be compatible with Windows 10 in the first place. That should cut out a lot of lame old PCs from the mix. If you don’t have a compatible system, you can earn $150 to the purchase of a new PC.To read this article in full or to leave a comment, please click here

4 numbers that stood out in VMware’s earnings

VMware this week updated investors on the progress of emerging technologies playing an increasingly significant role in the company’s earnings.+MORE AT NETWORK WORLD: EMC targets strategic markets as Dell acquisition looms | Microsoft will miss its 1 billion Windows 10 device target +VMware’s product mix includes not just compute virtualization, but network virtualization, cloud management and end user computing. Below are four numbers that provide a snapshot of VMware’s earnings and a preview of future offerings.To read this article in full or to leave a comment, please click here

Getting a handle on spam emanating from generic top-level domains

Since I posted my tome about the generic top-level domains (gTLDs), I’ve received mostly bouquets. A few brickbats were also metaphorically hurtled through the window. I’m disturbing business models fostered by the new gTLDs.A lawyer who doesn’t want to be named just threw a tort across the transom. It ended up as junk mail, but I fished it out and responded.+ Also on Network World: Best practices for email security +To read this article in full or to leave a comment, please click here

IDG Contributor Network: Stopping ransomware in its tracks

Allowing ransomware to enter a computer and corrupt a few files before being stomped on is the way to arrest the forward march of an attack, say computer scientists.The key is to not to stop ransomware getting into the system, which is hard, but to simply identify when files are beginning to be encrypted, assume something’s amiss, and then kill anything that’s causing the anomaly, researchers from the University of Florida (UF) and Villanova University say.+ Also on Network World: Who is a target for ransomware? Everyone +To read this article in full or to leave a comment, please click here

​EMC targets strategic markets as Dell acquisition looms

EMC has reported encouraging financials ahead of the company’s crucial shareholder vote this week, as the vendor targets strategic markets and profitability ahead of its upcoming acquisition by Dell. With the largest technology merger in history pending approval, the storage giant reported strategic successes during 2Q16 that it can build from as it continues toward its landmark expected integration into Dell. After a full year of bottom-line declines during 2015, EMC notched a second consecutive quarter of year-to-year net income improvements during 2Q16, rising 160 basis points to 9.7 per cent, supported in part by cost restructuring initiatives but also by heightened monetisation of investment in strategic solutions areas.To read this article in full or to leave a comment, please click here

7 things you shouldn’t do while playing Pokémon Go

Most mobile games can be played quietly and anonymously in the privacy of your own home, cubicle, train seat, or bathroom stall—but Pokémon Go isn’t that kind of game. With physical movement as a primary gameplay mechanic, the Nintendo favorite is getting millions of people out and about and exploring their neighborhoods. Obviously, there’s good in this: People are walking more, socializing with mostly-friendly strangers, and even overcoming anxiety and depression by leaving the house. All of those are tremendous benefits, and it’s awesome to see people getting so much out of the game.To read this article in full or to leave a comment, please click here

Ethernet-over-VPN: What Could Possibly Go Wrong?

One of my readers sent me a link to SoftEther, a VPN solution that

[…] penetrates your network admin's troublesome firewall for overprotection. […] Any deep-packet inspection firewalls cannot detect SoftEther VPN's transport packets as a VPN tunnel, because SoftEther VPN uses Ethernet over HTTPS for camouflage.

What could possibly go wrong with such a great solution?

Read more ...

PS Core Network Concepts

Most of the educational documents related to PS Core Network start with Call Flows. Attach Call Flow, PDP Context, Paging, etc. Basically that was my problem when I started working in PS Core because the Call Flows include a lot of messages which in turn include a lot of parameters and Information Elements so starting with […]

The post PS Core Network Concepts appeared first on Cisco Network Design and Architecture | CCDE Bootcamp | orhanergun.net.

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols.Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second) and 57 million packets per second.While the size itself was impressive and way above what a single organization could fight off on its own, the attack also stood out because it combined six different techniques, or vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.Almost 60 percent of all DDoS attacks observed during the first quarter of this year were multi-vector attacks, Akamai said in a report released last month. The majority of them used two vectors, and only 2 percent used five or more techniques.To read this article in full or to leave a comment, please click here

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols.Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second) and 57 million packets per second.While the size itself was impressive and way above what a single organization could fight off on its own, the attack also stood out because it combined six different techniques, or vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.Almost 60 percent of all DDoS attacks observed during the first quarter of this year were multi-vector attacks, Akamai said in a report released last month. The majority of them used two vectors, and only 2 percent used five or more techniques.To read this article in full or to leave a comment, please click here

Attackers launch multi-vector DDoS attacks that use DNSSEC amplification

DDoS attacks are becoming increasingly sophisticated, combining multiple attack techniques that require different mitigation strategies, and abusing new protocols.Incident responders from Akamai recently helped mitigate a DDoS attack against an unnamed European media organization that peaked at 363G bps (bits per second) and 57 million packets per second.While the size itself was impressive and way above what a single organization could fight off on its own, the attack also stood out because it combined six different techniques, or vectors: DNS reflection, SYN flood, UDP fragment, PUSH flood, TCP flood, and UDP flood.Almost 60 percent of all DDoS attacks observed during the first quarter of this year were multi-vector attacks, Akamai said in a report released last month. The majority of them used two vectors, and only 2 percent used five or more techniques.To read this article in full or to leave a comment, please click here

1 2,763 2,764 2,765 2,766 2,767 3,794