Connect with us

Security news

Game of Thrones Season 7 Episode 6 The Hunt LEAKED!!!

Published

on

Looks like 2017 is a bad year for HBO. Not that it didn’t have leaks in the previous seasons of Game of Thrones but GoT Season 7 seems to be jinxed from the word go. First, we had hackers hacking into HBO servers and stealing 1.35TB of data including episode clips, emails, and internal memos. Even as HBO was dealing with the hacking mess, the news of Star India App Hotstar App employees leaking Game of Thrones Episode 4 “Spoils of War” surfaced,

The employees apparently had privileged access to the GoT S07E04  “Spoils of War” and were able to leak a low res buggy version of the episode two days before its telecast. The airing of next episode i.e. Game of Thrones S06E05 “Eastwatch” went rather smoothly as the original server hackers leaked the episode script but the episode itself was not leaked.

How comes the bombshell. HBO Spain has accidentally have leaked the upcoming  Game of Thrones Season 7 Episode 6 “Death Is the Enemy” full five days before it is supposed to be aired on Sunday 20th August. The accidental leak was enough for hackers to copy the article and spread it through torrent websites.

While we cannot give the links to the leaked GoT S07E06 “Death Is the Enemy,” Googling or keeping your eye on your social media network will give you the 6th episode link.

Game of Thrones Season 7 Episode 6 “Death Is the Enemy” Aired by Mistake

The supposed leak came to light when users reported that episode was available to watch on HBO España’s website for a few hours as the screenshot posted above on Reddit shows. Many other individuals have also reported that the episode was also streaming on Twitch and YouTube before they got taken down. Since then, there have been no reports of the episode being available, either on the website or via a torrent. However, that has not stopped individuals from sharing smaller clips and screenshots of the episode that seem to confirm that the leaked episode was not a hoax. One such clip can be seen below.

Unfortunate Incident

This leak in the latest addition to the long list of unfortunate incidents that have affected HBO recently. In July, there were reports that around 1.5 TB of content was stolen from the company. Since then, hackers have released episodes of different series including Ballers, Room 104, and Curb Your Enthusiasm, scripts of unaired Game of Thrones episodes and even personal information of actors working for HBO.

As we said earlier, 2017 certainly seems to be jinxed for HBO as its golden egg laying hen is being cut to pieces episode after episode.

Readmore

Offers

Security Firm Zerodium Offering $1 Million To Hack Tor Browser

Published

on

Zerodium offers $1 million for zero-day exploits targeting Tor Browser

A U.S. based start-up security firm announced a new bug bounty program on Wednesday where it is offering a total of $1 million in rewards to security researchers to identify zero-day exploits in the Tor Browser on security-focussed Tails Linux and Windows.

The start-up security firm, Zerodium is known for buying security flaws and zero-day vulnerabilities from researchers and selling the information to government customers.

“ZERODIUM, the premium zero-day acquisition platform, announces and hosts a Tor Browser Zero-Day Bounty. ZERODIUM will pay a total of one million U.S. dollars ($1,000,000) in rewards to acquire zero-day exploits for Tor Browser on Tails Linux and Windows.” reads the announcement published by ZERODIUM. “The bounty is open until November 30th, 2017 at 6:00pm EDT, and may be terminated prior to its expiration if the total payout to researchers reaches one million U.S. dollars ($1,000,000).”

The highest individual bounty offered by the company is $250,000 to any researcher who can provide the company with an exploit that allows the attacker to hack a target who’s using the Tor Browser with high security settings on Linux Tails and Windows. Other small bounties range between $75,000 (for exploits that only work for either Windows or Tails, and work only with Javascript allowed, for example, making them easier to develop) and $200,000.

“Today, ZERODIUM sets the bar even higher with a new technical challenge: develop a fully functional zero-day exploit for Tor Browser with JavaScript BLOCKED! Exploits for Tor Browser with JavaScript allowed are also accepted/eligible but have lower payouts (see below).” continues the announcement.

Check the complete price list table below for ‘Tor Browser Zero-Day Exploits Bounty’ along with the rules and payouts:

While Zerodium acknowledged that the Tor network and Tor Browser are used by security-conscious individuals to enhance privacy and anonymity online, it is also used by notorious criminals as a gateway to the dark web of often shady sites.

In a Q & A section, the company said it was offering the million-dollar bounty for Tor to make the world a safer place.

“While the Tor network and Tor Browser are fantastic projects that allow legitimate users to improve their privacy and security on the Internet, the Tor network and browser are, in many cases, used by ugly people to conduct activities such as drug trafficking or child abuse,” the company said.

“We have launched this special bounty for Tor Browser zero-days to help our government customers fight crime and make the world a better and safer place for all.”

In a FAQ section on its website, Zerodium explained that its customers were mainly U.S. Government agencies.

“Zerodium customers are mainly government organisations in need of specific and tailored cyber security capabilities, as well as major corporations from defence, technology, and financial sectors, in need of protective solutions to defend against zero-day attacks,” it said.

“Access to Zerodium solutions and capabilities is highly restricted and is only available to a very limited number of organisations.”

Last month, Zerodium offered up to $500,000 for remote code execution (RCE) and privilege escalation vulnerabilities affecting secure messaging apps, such as Signal, WhatsApp, Telegram, Viber, iMessage, Facebook Messenger, WeChat and others, as well as zero-days targeting mobile email apps.

Readmore

Continue Reading

Productivity

Selecting a Comprehensive Federated Identity Management Solution

Published

on

Selecting a Comprehensive Federated Identity Management Solution

IT departments are faced with increased pressure to provide safe and easy access to a growing number of cloud applications while keeping company data secure. But rolling out application access securely, especially when businesses are yet to fully adopt cloud solutions can be challenging, slow and costly. This is where federated identity management (FIM) comes in.

Selecting a Comprehensive Federated Identity Management SolutionMore companies are shifting from on-premise identity and access management solutions to identity federation management solutions. The adoption of identity and access management as a service (IDaaS) is today’s go-to solution for organizations when it comes to single sign-on (SSO) to SaaS application use.

Here, we’re going to have a closer look at the criteria for selecting the most comprehensive federated identity management solution for organizations.

One Size Doesn’t Fit All

The goal of any federated identity management solution is to ensure that only authorized and authenticated users have access to business systems, applications or network resources. The right federated identity management system will automate this whole process and give users the ability to change their login details at will, from anywhere.

Considering there are many FIM solutions from different vendors, with different features and at varying costs, it’s important to note that there’s no “one size fits all” system for every organization. In selecting the right solution for your organization, you should consider:

  • Scope – Ability to manage identities across the entire organization or a large Federation
  • Features – Are you looking for simplicity or more advanced access control?
  • Ease of deploying the federated identity management system
  • Scalability of the FIM solution
  • Available budget

Organizations must define what exactly they want their system to do in order to choose the right FIM solution to fit their needs.

Federated Identity Management Features

What features do you want for your organization? Do you want a system that supports different operating systems, directories, applications and databases? What types of authentications does the system support (passwords, tokens, biometrics)? Most federated identity management systems will come with standard features that include:

  • Enterprise single sign-on (SSO)
  • Synchronization of passwords and attributes
  • Full provisioning and management of user accounts at all levels
  • Automated access management
  • Rules-based and role-based provisioning and management
  • Real-time monitoring and reporting
  • Policy based management
  • Data Leak Prevention (DLP) integration

The more complicated the feature set it, the more complex the overall deployment process and administration of the solution will be. This also means a need for qualified personnel to implement the system. You should go for features that help you maintain efficiency and competency in customer and application access and security.

Federated Identity Management Architecture

Organizations must also look at identity federation management architecture. Access to critical information sources like the users of the system or application, their roles in the organization, accessibility levels and policies that define identity rules for network resource access is vital. A customizable architecture is what you need to process this information.

Federated Identity Management ArchitectureThe overall FIM architecture should enable users to perform self-service tasks with ease, from anywhere and also allow administrators to manage their identity management systems remotely. High availability of the system, reliability of the information and performance are key to avoiding business slowdown and user frustration.

Choose the Right Vendor

There are various popular IDM and FIM solutions on the market. Choosing the right one is not just about going for the best in the market but what suits you best. It’s all about comparing features and functionality in relation to your organization’s preferences, needs, and budget. Look for these:

  • An established vendor with proven FIM technology solutions
  • Scalability and compatibility
  • Easily customizable system
  • Friendly user-interface
  • Single sign-on and federated identity service
  • Comprehensive auditing and reporting

Summary

The average organization deals with approximately 1000 cloud applications used by employees, and that calls for special attention to the importance of identity and access to securing cloud services and applications. This can’t be accomplished without having a reliable federated identity management infrastructure.

Readmore

Continue Reading

password stealing software

Facebook password stealer actually steals your own password

Published

on

Facebook Password Stealer Steals Only The Hacker’s Passwords

Facebook is one of the most popular targets for hackers. Researchers at Sydney-based LMNTRIX Labs recently came across a new Facebook password stealing malware being marketed online by cybercriminals, which actually steals data from attackers instead of victims. Dubbed as “Instant Karma”, the password stealing software injects a malicious code into the background when it downloads, exposing the user’s credentials, including personal and financial information.

This appears very widespread and growing,” the research team told TechCrunch. “We classified this as an ongoing malicious campaign with the threat actors actively marketing it as ‘Facebook Password Stealer’ or, more innocuously, ‘Facebook Password Recovery.’

The attackers also seem to be sophisticated marketers who understand there is potentially big demand for the purported service and are distributing the sample via Spam, Ad campaigns, Pop-ups, Bundled Software, Porn sites and also some times as a standalone software.”

The malware campaign lures the victims who are seeking the software for hacking into other people’s Facebook accounts. Once the victim clicks the “hack” button, it downloads and runs, and also drops a remote access Trojan (RAT) in the background.

Currently, the password stealing malware is only limited to Windows PC users, although it’s not uncommon to see similar malware targeting mobile users, the researchers said.

The target market goes beyond a typical hacker subset (if there is such a thing) and targets the general user who may be tempted to get inside someone’s Facebook account (friends, enemies, significant others, et al.),” the researchers told TechCrunch. “While there have been methods and apps offering Facebook hacks, this specific malicious campaign which uses the promise of easy Facebook password theft as bait is completely new.”

Source: TechCrunch

Readmore

Continue Reading

Subscribe to our Newsletter

Trending