Best Deals of the Week, September 26th – September 30th – Deal Alert
deals of the week 100676635 carousel.idge

Check out this roundup of the best deals on gadgets, gear and other cool stuff we have found this week, the week of September 26th. All items are highly rated, and dramatically discounted.

Discounts on New Amazon Echo Dot (2nd Gen) Bundles
echo dot bundle 100684716 primary.idge

Echo Dot is a hands-free, voice-controlled device that uses Alexa to play & control music (either on its own, or through a connected speaker/receiver), control smart home devices, provide information, read the news, set alarms, and more. Right now Amazon is discounting 3 bundles featuring an all new Echo Dot:

To read this article in full or to leave a comment, please click here

Source: csoonline

A group of researchers from Princeton University, Karlstad University and KTH Royal Institute of Technology have devised two new correlation attacks that can be leveraged to deanonymize Tor users. Collectively dubbed DefecTor, the attacks should improve the efficacy of existing website fingerprinting attacks through the attacker’s ability to observe DNS traffic from Tor exit relays. Simulations of the attacks generated great-to-perfect results – the latter mostly when identifying visitors to infrequently visited sites. It has … More
Source: helpnetsecurity

An Android malware is spreading across app stores, including Google Play, and has the capability of stealing sensitive files from corporate networks.

DressCode, a family of Android malware, has been found circulating in at least 3,000 Trojanized apps, security firm Trend Micro said on Friday.

DressCode hides itself inside games, user interface themes, and phone optimization boosters. It can also be difficult to detect because the malicious coding only makes up a small portion of the overall app.

To read this article in full or to leave a comment, please click here

Source: csoonline

To protect users from cryptographic attacks that can compromise secure web connections, the popular Firefox browser will block access to HTTPS servers that use weak Diffie-Hellman keys.

Diffie-Hellman is a key exchange protocol that is slowly replacing the widely used RSA key agreement for the TLS  (Transport Layer Security) protocol. Unlike RSA, Diffie-Hellman can be used with TLS’s ephemeral modes, which provide forward secrecy — a property that prevents the decryption of previously captured traffic if the key is cracked at a later time.

However, in May 2015 a team of researchers devised a downgrade attack that could compromise the encryption connection between browsers and servers if those servers supported DHE_EXPORT, a version of Diffie-Hellman key exchange imposed on exported cryptographic systems by the U.S. National Security Agency in the 1990s and which limited the key size to 512 bits. In May 2015 around 7 percent of websites on the internet were vulnerable to the attack, which was dubbed LogJam.

To read this article in full or to leave a comment, please click here

Source: csoonline

The Arduino team is using Kickstarter to crowdfund their latest project: the ESLOV IoT Invention Kit. ESLOV is a system of intelligent modules that can be connected in an endless variety of ways, and is meant to simplify the creation of Internet-connected devices. The connected modules are plugged into a Wi-Fi and motion hub, which will connect the device (project) to the Internet. Then, the hub has to be connected to the user’s PC so … More
Source: helpnetsecurity

Stolen or weak remote desktop credentials are routinely used to infect point-of-sale systems with malware, but recently they’ve also become a common distribution method for file-encrypting ransomware.

In March, researchers discovered a ransomware program dubbed Surprise that was being installed through stolen credentials for TeamViewer, a popular remote administration tool. But the trend had started long before that, with some ransomware variants being distributed through brute-force password guessing attacks against Remote Desktop Protocol (RDP) servers since 2015.

While this method of infection was initially used by relatively obscure ransomware programs, recently it has been adopted by an increasing number of cybercriminals, including those behind widespread ransomware programs such as Crysis.

To read this article in full or to leave a comment, please click here

Source: csoonline

This was interesting in so many ways, this week McAfee issued a report showing how malware delivery using compromised websites and gaming Google search analytics has suddenly become a lot smarter. What these criminals are doing is they are watching trends and then positioning their assets against the trends to the sites that pop to the top when you are searching on celebrities.

[ Related: Most dangerous cyber celebrities of 2016 ]

To read this article in full or to leave a comment, please click here

Source: csoonline