Posts Tagged ‘IFTTT’

Este móvil te deja elegir si quieres usarlo con Android o con Windows 10

February 19, 2020 Leave a comment
Categories: Internet Tags: , ,

DHS’s CISA Warns of New Critical Infrastructure Ransomware Attack

February 19, 2020 Leave a comment

An attack on a natural gas compression facility sent the operations offline for two days.

from Dark Reading:

Motorola insiste en la resistencia del nuevo RAZR: “tenemos confianza total en su pantalla”

February 19, 2020 Leave a comment
Categories: Internet Tags: , ,

Hackers Were Inside Citrix for Five Months

February 19, 2020 Leave a comment

Networking software giant Citrix Systems says malicious hackers were inside its networks for five months between 2018 and 2019, making off with personal and financial data on company employees, contractors, interns, job candidates and their dependents. The disclosure comes almost a year after Citrix acknowledged that digital intruders had broken in by probing its employee accounts for weak passwords.

Citrix provides software used by hundreds of thousands of clients worldwide, including most of the Fortune 100 companies. It is perhaps best known for selling virtual private networking (VPN) software that lets users remotely access networks and computers over an encrypted connection.

In March 2019, the Federal Bureau of Investigation (FBI) alerted Citrix they had reason to believe cybercriminals had gained access to the company’s internal network. The FBI told Citrix the hackers likely got in using a technique called “password spraying,” a relatively crude but remarkably effective attack that attempts to access a large number of employee accounts (usernames/email addresses) using just a handful of common passwords.

In a statement released at the time, Citrix said it appeared hackers “may have accessed and downloaded business documents,” and that it was still working to identify what precisely was accessed or stolen.

But in a letter sent to affected individuals dated Feb. 10, 2020, Citrix disclosed additional details about the incident. According to the letter, the attackers “had intermittent access” to Citrix’s internal network between Oct. 13, 2018 and Mar. 8, 2019, and that there was no evidence that the cybercrooks still remain in the company’s systems.

Citrix said the information taken by the intruders may have included Social Security Numbers or other tax identification numbers, driver’s license numbers, passport numbers, financial account numbers, payment card numbers, and/or limited health claims information, such as health insurance participant identification number and/or claims information relating to date of service and provider name.

It is unclear how many people received this letter, but the communication suggests Citrix is contacting a broad range of individuals who work or worked for the company at some point, as well as those who applied for jobs or internships there and people who may have received health or other benefits from the company by virtue of having a family member employed by the company.

Citrix’s letter was prompted by laws in virtually all U.S. states that require companies to notify affected consumers of any incident that jeopardizes their personal and financial data. While the notification does not specify whether the attackers stole proprietary data about the company’s software and internal operations, the intruders certainly had ample opportunity to access at least some of that information as well.

Shortly after Citrix initially disclosed the intrusion in March 2019, a little-known security company Resecurity claimed it had evidence Iranian hackers were responsible, had been in Citrix’s network for years, and had offloaded terabytes of data.

Iranian hackers recently have been blamed for hacking VPN servers around the world in a bid to plant backdoors in large corporate networks. A report released this week (PDF) by security firm ClearSky details how Iran’s government-backed hacking units have been busy exploiting security holes in popular VPN products from Citrix and a number of other software firms.

ClearSky says the attackers have focused on attacking VPN tools because they provide a long-lasting foothold at the targeted organizations, and frequently open the door to breaching additional companies through supply-chain attacks. The company says such tactics have allowed the Iranian hackers to gain persistent access to the networks of companies across a broad range of sectors, including IT, security, telecommunications, oil and gas, aviation, and government.

Among the VPN flaws available to attackers is a recently-patched vulnerability (CVE-2019-19781) in Citrix VPN servers dubbed “Shitrix” by some in the security community. The derisive nickname may have been chosen because while Citrix initially warned customers about the vulnerability in mid-December 2019, it didn’t start releasing patches to plug the holes until late January 2020 — roughly two weeks after attackers started using publicly released exploit code to break into vulnerable organizations.

How would your organization hold up to a password spraying attack? As the Citrix hack shows, if you don’t know you should probably check, and then act on the results accordingly. It’s a fair bet the bad guys are going to find out even if you don’t.

from Krebs on Security

Presentan un móvil que bloquea sus cámaras si detecta desnudos

February 19, 2020 Leave a comment
Categories: Internet Tags: , ,

Jupiter’s Equator

February 19, 2020 Leave a comment

Thick white clouds are present in this JunoCam image of Jupiter’s equatorial zone. via NASA
Categories: Nasa Tags: ,

Multi-Account Containers: nueva extensión incluida por defecto en Firefox 75 y que puedes probar ya

February 19, 2020 Leave a comment

Multi-Account Containers en Firefox 75

Hoy en día es habitual que tengamos varias cuentas para un mismo servicio. En ocasiones, esto se necesario porque tenemos, al menos, una cuenta personal y otra para el trabajo, por lo que tenemos que estar saliendo y entrando de un servicio para poder hacer un uso u otro. Pensando en esto, hace mucho tiempo que existe la extensión para Firefox Multi-Account Containers, una que añadirán por defecto dentro de aproximadamente dos meses.

Pero, ¿qué es Multi-Account Containers? Si hacemos la traducción directa, tenemos que son contenedores para multicuentas. La extensión nos permite crear varios contenedores, pudiendo elegir el nombre, el icono y el color de éste, para poder separar nuestras cuentas, lo que evitará que tengamos que salir de una para poder entrar a la otra. Y, lo que es mejor, Firefox 75 incluirá la función por defecto, aunque de una manera que mejora a la extensión existente.

Multi-Account Containers se incluirá por defecto en Firefox

Actualmente, podemos descargar la extensión desde este enlace. Como extensión que aún no está integrada perfectamente en el navegador, para abrir un nuevo contenedor tenemos que hacer clic y mantener sobre el botón para abrir una pestaña nueva (+). En ese momento, por defecto tenemos los contenedores Personal, Trabajo, Ocio y Compras, pero podemos editar esto desde los ajustes de la extensión. A partir de Firefox 75, podremos abrir una pestaña en un nuevo contenedor de la misma manera o haciendo clic derecho sobre el botón de pestaña nueva.

Tanto Multi-Account Containers como la función que incluirán por defecto en Firefox 75 nos permitirán lo siguiente.

  • Ahorrar tiempo al no tener que cerrar e iniciar sesión para cambiar entre cuentas. Si añadimos una cuenta de Twitter a “Trabajo”, siempre que abramos una nueva pestaña de “Trabajo” entrará en esa cuenta.
  • Poder usar servicios como Twitter Web con las notificaciones Push nativas de Firefox y que éstas lleguen a todas las cuentas. De lo contrario, sólo nos llegarán a la cuenta que tengamos abierta.
  • Que al entrar a un servicio no lo hagamos con la cuenta equivocada, lo que hará que nos muestre sugerencias que no nos interesan (habríamos entrado por trabajo). El mejor ejemplo para entender este punto es YouTube: si entramos con la cuenta del trabajo y vemos vídeos relacionados con nuestro trabajo, si lo hacemos con la cuenta equivocada nos sugerirá cosas que no nos interesan.
  • Si usamos una app de aplicaciones web sólo para poder usar varias cuentas, olvidarnos de ellas. Esto es posible con Firefox.

Disponible a partir de abril

Como ya hemos mencionado, la extensión hace mucho tiempo que está disponible y la función incluida por defecto llegará con Firefox 75, lo que será el 7 de abril. Si queréis probarla ya mismo, podéis probar la extensión en el actual Firefox o instalar Firefox Nightly., versión que ya lo incluye por defecto ¿Eres uno de los que aprovechará la próxima función del navegador de Mozilla?

from Linux Adictos

Categories: Linux, Internet Tags: , ,