​Privacy Commissioner to probe Australian government agencies on compliance

Australian Information and Privacy Commissioner Timothy Pilgrim has said his office will be conducting assessments of Australian government agencies over the next 12 months in accordance with the Office of the Australian Information Commissioner’s (OAIC) commitments under the Privacy Act 1988.
Under the nearly 30-year-old Act, the OAIC has the power to conduct an assessment of any business or Australian government agency to help them understand their privacy obligations.
As mentioned in the OAIC’s Corporate Plan 2017-18, the probe will require the commissioner to encourage agencies and businesses to “respect and protect” the personal information of citizens that they handle.
有些系统的黑客竟是熟人,熟人更了解安全弱点,同时心存不满的熟人往往也是最严重的安全威胁,保密协议和权限管理要加强。
The plan [PDF] details the OAIC’s intention to also conduct commissioner-initiated inquiries, which will see Pilgrim investigate an incident that may be an interference with privacy without first receiving a complaint from an individual.
Over the next 12 months, the OAIC also plans to develop and implement an Australian Public Service (APS) Privacy Governance Code, as well as a “maturity model” and a toolkit to allow government agencies to benchmark against and self-assess their privacy compliance performance.
Pilgrim’s office will also work with agencies, particularly the Department of Prime Minister and Cabinet, to ensure that the Australian government’s Public Data Policy Statement is implemented in a way that upholds the highest standards of privacy for individuals, the Corporate Plan published on Thursday explains.
In an effort to legislate around informing Australians of when their privacy has been breached, the federal government finally passed data breach notification laws at its third attempt in February, which will see people be alerted of their data being inappropriately accessed come February 2018 under the Privacy Amendment (Notifiable Data Breaches) Act.
The legislation is restricted to incidents involving personal information, credit card information, credit eligibility, and tax file number information that would put individuals at “real risk of serious harm”.
Notification laws apply only to companies covered by the Privacy Act, and sees intelligence agencies, small businesses with turnover of less than AU$3 million annually, and political parties exempt from disclosing breaches.
In preparation of the legislation, the OAIC said it will be developing guidance and support tools for businesses and government agencies to help them fully comply, and it will also be educating the community about the commencement and operation of the data breach scheme.
The commissioner’s office will measure its public awareness through increased media and social media mentions about privacy rights, the plan explains.
Under another internal performance measurement, the OAIC has given itself a target of finalising 80 percent of data breach notifications within 60 days.
Also flagged in the Corporate Plan was the OAIC’s desire to continue the administration of the My Health Records data breach notification scheme, as well as new initiatives to review the privacy guidelines of the Medicare Benefits and Pharmaceutical Benefits Programs under s135AA of the National Health Act 1953 and the Privacy (Credit Reporting) Code 2014 over the next year.
Latest Australian news
Australians willing to pay for better broadband: NBN
​Queensland opens drone strategy consultation
NBN reduces peak funding to AU$51b
Queenslander pays AU$200k for NBN fibre

国农科技完成重大资产出售 2016年净利增逾30倍
NBN knocks back Telstra receipt monetisation plan
在网站上部署和维护SSL证书越来越便宜,诈欺份子也开始使用SSL证书了,所以,我们可得小心验证,确保访问的是可信的站点。

猜您喜欢

人人需知的环境保护管理体系基础知识
电子教学课件设计制作
学习管理系统LMS 学员操作演示
新浪跨国沙龙:张欣赫芬顿谈新女性
PENCINTA-WANITA JUNGLEJUICE
门可罗雀的公司安全部门

Session Hijacking Bug Exposed GitLab Users Private Tokens

GitLab, the popular web-based Git repository manager, fixed a vulnerability recently that could have exposed its users to session hijacking attacks.
Daniel Svartman, a security researcher with Imperva, discovered the issue in May but couldn’t disclose it until Wednesday, after GitLab was able to patch the issue and confirm it had been fixed.
Related Posts
If an attacker had exploited the vulnerability they could have carried out a laundry list of nefarious activities, Svartman told Threatpost on Thursday.
“If an attacker successfully brute-forced an account, the attacker would be able to manage the account, dump the code, perform updates to it, and of course steal potentially sensitive information, such as new versions of software unreleased to the public,” Svartman said, “Also, in other scenarios, by performing updates to the code, the attacker would be able to embed any kind of malware into it.”
The researcher said in a disclosure he knew something was up when he saw his session token in his URL. All he had to do was copy and paste the token around to secure access to GitLab dashboard, account information, individual projects, and even website code.
CyberSecurity Law Introduction 网络安全法宣传视频系列

While having a session token out in the open like that, visible in a URL, is concerning enough, more alarming was Svartman’s second discovery: GitLab uses persistent private session tokens that never expire. If an attacker secured access to a user’s session token it wouldn’t expire, something that could let them stage an attack weeks or months after they stole it, with the victim left none the wiser.
The tokens were also only 20 characters long, something that left them susceptible to brute-forcing, according to the researcher.
“Given their persistent nature and the admin level access they granted, this added up to a real security concern,” Svartman wrote.
It’s unknown how long the vulnerability lingered until it was fixed, but Svartman notes that he wasn’t the first to point it out to GitLab; he also saw it mentioned on the company’s support forums.
信息安全学术界的理论很多,博弈论在投入产出、攻防对抗等领域很有说服力和指导价值,应该得到推广。
When reached Thursday, GitLab told Threatpost there was no indication the vulnerability had been used to compromise an account.
Brian Neel, Security Lead at GitLab stressed that on its own the fact GitLab uses private tokens isn’t a problem.
According to Neel:
“This isn’t something that can be exploited directly. The existence of private tokens only becomes a problem when combined with a cross-site scripting or other vulnerability. Generally speaking, an account with a private token is at no more risk of compromise than if the tokens didn’t exist, unless another vulnerability is leveraged to steal the token. Most modern web services support the concept of a private token: AWS has access/secret keys, GitHub has access tokens, Digital Ocean has tokens, etc. The only real difference between their tokens and our private tokens is that they are limited to the API and typically encrypted. We support both of these options with personal access tokens. GitLab is currently phasing out private tokens in favor of personal access tokens.”
According to Svartman the company is also replacing private tokens with custom RSS tokens for fetching RSS feeds, something that should avoid leaking session IDs. In addition he says the company is “expanding personal access tokens that offer role-based access controls,” something that should bolster security as well.
GitLab fixed a similarly nasty command execution vulnerability in the repository last November, albeit in days, not months. The critical vulnerability could have let an authenticated user gain access to sensitive application files, tokens, or secrets. HackerOne cofounder Jobert Abma found the bug in late October and GitLab issued a fix a week later, on November 2.
内审人员应该向最高管理层报告组织内部问题,或者向上市公司监管机构报告董事会欺诈,不能随便将发现的问题报告给媒体。

猜您喜欢

做猎头招聘?你还需要一道安全通信防火墙
1分钟的信息安全意识动画教程,包括信息安全注意事项及十字安全歌谣,白板动漫,让信息安全知识变得更有趣味。
网络安全法培训短片
马斯克公布SpaceX太空服照片
EUROFUSSBALL DOOWOPCAFE
一分钟快速了解基础信息安全理念

A laughably insecure comment system has left US comms watchdog the FCC open to malware attack, and the agency doesn’t seem to know what to do about it.
The security hole was spotted by a 20-year-old US university student, who found that when someone applies to put a comment onto the FCC website, the system allows almost any file type to be uploaded to its servers. Given the large number of files that can harbor malware, the FCC is making itself a target. THe flaw appears to be at least five months old.
“The bloke who found this is scared to death,” Guise Bule, the security blogger who wrote about the hole, told The Register. “He’s not a computer security whizz, just someone who spotted the issue.”
The problem is that the FCC’s public API is available to anyone with an email address, and publicly documented. It allows files of up to 25MB can be uploaded – more than enough space for a very nasty package of goodies indeed.
People have already started having fun with the site, posting up a document designed to look like an FCC comment from the agency’s staff. The comment reads: “Dear American citizenry, We’re sorry Ajit Pai is such a filthy spineless cuck. Sincerely, The FCC”
信息安全工作机制需按照“谁管理谁负责、谁使用谁负责、谁运行谁负责”的原则,实行归口管理,分级负责。
[股东会]安泰科技:2016年度股东大会决议公告
It now appears that the practice has been stopped, but with one important caveat, according to Bule. The demonstration key the FCC provides still appears to work.
Looks like they either stopped sending out new API keys or their system’s overloaded. I tried requesting with two different email addresses.
— Liam Kirsh (@choicefresh) August 31, 2017
“The FCC comment system is designed to maximize inclusiveness and part of that system allows anyone to upload a document as a public comment, which is what happened in this case,” the agency told The Register.
“The Commission has had procedures in place to prevent malware from being uploaded to the comment system. And the FCC is running additional scans and taking additional steps with its cloud partners to make sure no known malware has been uploaded to the comment system.” ®

Sponsored:
The Joy and Pain of Buying IT – Have Your Say
平板电脑和上网本越来越普及,云计算的普及让人们只需使用网络浏览器便可完成大部分的计算任务,不过要小心那些基于浏览器的小程序、小插件等等,您能很分出恶意的和善意的吗?最好不要安装那些并不十分必要的浏览器插件!

猜您喜欢

EHS在线课程,让全体员工和其他相关方轻松理解并遵照执行EHS方针
网络安全意识教育动画之办公室安全
Cyber Security Law 网络安全法宣传视频《网络安全法》背景知识
山东百余只羊疑吃“毒大葱”死亡
ILWLRP VALIANTMENOFGOD
信息安全意识超短动漫

BUF早餐铺 | 当红女星Instagram账号被黑发裸照;Turla APT组织攻击领事馆和大使馆;46.5万台心脏起搏器有安全漏洞;近3000个比特币挖矿机曝光

九月第一天,愿你吃好睡好工作好!元气满满每一天!

今天是 2017 年 9 月 1 日星期五,新的一月, BUF 早餐铺依然为大家送上美味大餐。今天份的早餐内容有:当红女星 Selena Gomez 的 Instagram 账号被黑,发布 Justin Bieber 裸照;Turla APT 组织的又一波行动:利用后门程序 Gazer 针对全球各地领事馆、大使馆发动攻击;瑞典 web 主机供应商Loopia遭遇严重数据泄露事故,客户数据全部被窃取 ;最新社工攻击:被黑的合法网站字体乱码,要求用户下载缺失字体却暗含恶意程序 ;46.5 万台心脏起搏器存在安全漏洞,需要进行固件更新才能修复 ;腾讯回应”微信发送原图泄露隐私”:与微信并无关;将近 3000 个比特币挖矿机通过 Telnet 端口暴露在网上,疑似来自中国;Firefox 57 有了新的安全防护,阻止 App 滥用辅助功能窃听用户。

easter-brunch-ideas.jpg

【国际时事】

美国著名歌手 Selena Gomez 的 Instagram 账号被黑,黑客还发了Justin Bieber 的裸照

美国著名歌手、演员 Selena Gomez 的 Instagram 账号最近被黑,黑客入侵其账号后还发了Justin Bieber 的三张裸照(前男友大戏)。据称,此次事件应该与近期的 Fappening 2017艳照门事件无关。这些 Justin Bieber 的裸照是 2015 年就泄露在网上的,黑客给这张照片搭配的文字是 “LOOK AT THIS NA LIL SHRIMPY”(看这只弱鸡)。当前 Selena 的 Instagram 账号有超过 1.25 亿粉丝,是 Instagram 粉丝数最多的账号。本周一晚间,此帐号被黑后很快就下线了,Selena 团队迅速反应,几分钟内重新拿到账号并删除了 Bieber 的裸照。当前尚不清楚 Selena 的 Instagram 账号是如何被黑的,媒体猜测可能是钓鱼所致。详情可看 FreeBuf 报道。[SecurityAffairs

selena-gomez-justin-bieber

Turla APT 组织的又一波行动:利用后门程序 Gazer 针对全球各地领事馆、大使馆发动攻击

ESET 安全研究人员最近发现一波新的恶意程序活动,主要针对的是全球范围内的领事馆、大使馆,用来对政府和外交官进行窃听。这波恶意程序活动从 2016 年开始活跃,利用一款名为 Gazer 的后门。研究人员认为攻击是由 Turla APT 黑客组织发动的,先前就有安全公司认为 Turla 与俄罗斯情报部门有关。Gazer 采用 C++ 编写,通过钓鱼邮件投递,劫持目标设备分两步走,首先投递 Skipper 后门,随后安装 Gazer 组件。

Gazer 后门

在以往的网络间谍活动中,Turla 也采用 Skipper 作为第一阶段,不过后续用的是 Carbon 和 Kazuar 后门——和 Gazer 存在诸多相似性。Gazer 会从远程 C&C 服务器获取加密命令,利用被入侵的合法网站作为代理,躲避检测。另外 Gazer 没有采用 Windows Crypto API,而是用 3DES 和 RSA 加密库对数据进行加密,再发往 C&C 服务器;还采用代码注入技术控制设备,长期隐蔽窃取信息;还有能力将恶意命令转发到相同网络中的其他设备上。ESET 发现,Gazer 主要窃听欧洲东南部和前苏联政治目标。研究人员表示 Gazer 已经在全球范围内感染了不少目标,大部分受害者位于欧洲。[TheHackerNews]

瑞典 web 主机供应商 Loopia 遭遇严重数据泄露事故,客户数据全部被窃取

瑞典主机服务提供商 Loopia 最近遭遇入侵,整个客户数据库都泄露了。Loopia 前两天已经确认了此次数据泄露事件,事故发生在 8 月 22 日,而到 8 月 25 日 Loopia 才通知其客户的。Loopia 在声明中说,攻击者窃取的客户数据包括个人和联系信息,还有 Loopia Kundzon 的哈希密码(但没有公布加密采用何种哈希算法),但不涉及邮箱、网站、数据库一类用户服务,而且也不存在支付卡信息泄露。当前 Loopia 已经对用户密码进行重置并敦促用户更新个人信息,同时表示,目前不清楚黑客是如何入侵系统的,事件仍在调查中。[ SecurityAffairs]

Loopia.jpg

【安全漏洞】

最新社工攻击:被黑的合法网站字体乱码,要求下载缺失字体却暗含恶意程序

安全研究人员 MalwareBreakdown 近期发布一份社工分析报告,最新的这波攻击效仿了先前的 EITest HoeflerText 活动。当用户访问一家被黑的网站后,用户会收到通知,通知宣称系统缺少 Roboto Condensed 字体,需要用户下载安装字体包才能正常浏览网站。如果用户真的安装了所谓的“字体安装包”,就会感染木马下载器、keylogger 和挖矿机。

社工.jpg

就攻击者来说,首先需要入侵一家合法网站,对其进行篡改,每个页面都加入 JS 恶意代码,导致页面文字成为乱码——看起来就像字体缺失一样。访客访问这家网站的时候,JS 就会显示缺失字体的警告,用户如果真的点击更新按钮,脚本会下载名为 chromefp60.exe(Firefox 则下载 mozillafp60.exe)的文件,用户执行后就会安装恶意程序 payload 了,不同类型的恶意程序包括门罗比挖矿机、Ursnif keylogger 和 Trojan.Downloaders。[来源: BleepingComputer]

46.5万台心脏起搏器存在安全漏洞,需要进行固件更新才能修复

FDA 美国食品药品监督管理局最近发出一份安全公告,提到大约 46.5 万台心脏起搏器设备存在安全问题,可被黑客入侵,需要进行关键软件更新才能解决问题。据说其中存在的漏洞可让黑客篡改设备设置,并将其关闭,这对病人而言会产生致命威胁。FDA 提到,未经授权的攻击者利用漏洞,以及可以买到的工具,就能篡改心脏起搏器的程序命令,导致电池快速耗尽或错误的调节控制。

心脏起搏器.jpg

这些存在漏洞的心脏起搏器是由 Abbott Laboratories 生产的(先前叫做 St. Jude Medical)。如果要修复漏洞,病人必须去找医生或者医疗供应商,进行固件更新——除了美国国内,美国国外还有 28 万台设备需要更新。值得一提的是,2016 年,Muddy Waters 曾经发布过一份 St. Jude Medical 生产的其他植入式设备存在安全问题的报告,而 St. Jude Medical 不仅不承认这份报告,还将其推上法庭。最终 FDA 进行调查确认了 Muddy Waters 报告的正确性。[来源:HackRead]

【国内新闻】

腾讯回应”微信发送原图泄露隐私”:与微信并无关

近日,据央视新闻客户端报道称,微信发送照片时选择“原图”传送会暴露个人的位置信息,经过修图软件处理后仍有显示。拍照时软件调用 Exif 中的 GPS 全球定位系统数据,这些来自于手机内部的传感器以及陀螺仪的数据,把拍照时的位置时间等记录下来。

微信.jpeg

对此,微信官方公众号回应称,任何智能手机拍摄的照片,都含有 Exif 参数,可以调用 GPS 全球定位系统数据,在照片中记录下位置、时间等信息。当用户把原始图片发送给其他人时,所附带的信息也一并发出去。所谓的地理位置信息泄露,与微信无关。此外,用户在朋友圈发送的图片都经过了系统自动压缩,不是原始图片,已不带位置信息。同时也提醒用户,注意个人信息保护,在智能手机“设置”中,关闭定位服务等隐私相关功能。[来源:新浪科技]

【其他】

将近3000个比特币挖矿机通过Telnet端口暴露在网上,疑似来自中国?

荷兰安全研究人员 Victor Gevers 最近发现 2893 个比特币挖矿机暴露在互联网上,而且相应 Telnet 端口没有密码。所有的挖矿机都在相同的矿池中处理比特币交易,看起来应该属于同一家组织。Gevers 表示,从暴露的挖矿机和设备的 IP 地址来看,这应该是中国政府旗下的某个组织。受影响的组织似乎很快就看到了 Gever 发的推特,并很快将暴露在外的设备保护了起来。

比特币.jpg

当前绝大部分挖矿设备都已经无法通过 Telnet 访问,毕竟 2893 个挖矿机能够产生的实际收益还是相当可观的,有一名 Twitter 用户表示这么多矿机如果挖莱特币,每天的收入可以超过 100 万美元。Gevers 当前还在调查为何这些设备会在这么长的时间内暴露在网上,还没有 Telnet 密码,似乎有人尝试在设备上安装后门或恶意程序,还有研究人员则表示这些设备可能是加入到了迅雷的共享带宽计划中。[来源:BleepingComputer]

Firefox 57有了新的安全防护,阻止App滥用辅助功能窃听用户

预计将在 11 月 14 日发布的 Firefox 57 会加入一项新的安全特性,可阻止辅助应用(accessibility apps)访问浏览器的数据。Accessibility 辅助特性实际上是为残障人士准备的。Firefox 的辅助特性可让某些特殊的辅助 App 连接到浏览器,将浏览器中的数据传递给残障人士。比如屏幕朗读器使用 Firefox 的辅助支持特性会将活跃 web 页面的内容、菜单、按钮、浏览器记录等朗读出来。但现在有应用利用此特性收集用户数据,Mozilla的工程师表示这样的应用还不少。所以新版 Firefox 在设置选项隐私项中加入了辅助活跃状态显示,并且提供关闭辅助特性的开关。

此外,Firefox 在 “about:support” 页面中也加入了辅助选项部分,如果辅助特性开启,这部分则会列出所有使用此特性的 App,这样用户就能发现窃听用户、恶意收集数据的 App了。值得一提的是,Firefox 57 将首度开始支持 WebExtensions 扩展系统。[来源:BleepingComputer]

火狐.png

AngelaY 编译整理,转载请注明来自 FreeBuf.COM

PPE使用教程–听力系统防护

猜您喜欢

网络安全公益短片防范社工电话诈骗
53% nulaxy无线车载调频蓝牙套件与显示器和USB充电器-交易提醒 http://www.chinacybersafety.com/201705302756.html
企业安全宣传小短片
CyberSecurity Law Introduction 网络安全法宣传视频系列
GAME-SS PLEDGEFORAMERICA
带领团队战胜信息安全事故
移动金融服务中的信息安全问题实录

A UK council has been fined £70,000 for leaving vulnerable people’s personal information exposed online for five years.
网络安全宣传周公益教育动画APT高级持续威胁
多家大型开发者网站发现零日安全漏洞,严重的会让远程攻击者获得系统的控制权。
Nottinghamshire County Council posted the gender, addresses, postcodes and care requirements of elderly and disabled people in an online directory that was left accessible to world+dog. No usernames, passwords or any other access controls limited access to the sensitive information. Although the service users’ names were not included, a determined person would have been able to identify them.
The screw-up was only discovered when a member of the public inadvertently stumbled on the data using nothing more sophisticated than a search engine query. The person, who wasn’t required to log in, was concerned that it could be used by criminals to target vulnerable people or their homes. The breach was even more severe because it revealed whether or not elderly and vulnerable people were still in hospital.

In July 2011 the council launched its Home Care Allocation System (HCAS), an online portal allowing social care providers to confirm that they had capacity to support a particular service user. By the time the breach was reported to the Information Commissioner’s Office (ICO) in June 2016, the HCAS system contained a directory of 81 service users. Data of an estimated 3,000 people had been posted in the five years the system was online.
ICO head of enforcement Steve Eckersley said: “This was a serious and prolonged breach of the law. For no good reason, the council overlooked the need to put robust measures in place to protect people’s personal information, despite having the financial and staffing resources available.
“Given the sensitive nature of the personal data and the vulnerability of the people involved, this was totally unacceptable and inexcusable.” ®
Sponsored:
The Joy and Pain of Buying IT – Have Your Say
公司应该确保全面的追踪、分析和解决信息系统问题,并对问题记录、分类和索引。

猜您喜欢

国网东营市东营区供电公司:开展计算机技能培训 提升日常办公效率
EHS培训的实施与效果的考核
网络安全法宣传视频系列001《网络安全法》背景知识
巴西36车追尾相撞起火 致2死20伤
EPATEST CITYNETMAGAZINE
安全文化宣传之互联网搜索公司专利保护及信息安全意识

Palo Alto reports strong Q4 as it adds new customers

Palo Alto Networks reported strong fourth quarter earnings as the company saw strong demand and grew its customer base to more than 42,500.
The security company reported a net loss of $38.2 million, or 42 cents a share, on revenue of $509.1 million, up 27 percent from a year ago. Non-GAAP earnings were 92 cents a share for the fourth quarter.
信息系统安全工作应按照“积极防御、综合防范”的原则,与自身业务及信息系统同步规划、同步建设、同步运行,构建完备的信息系统安全保障体系。
Wall Street was expecting fourth quarter non-GAAP earnings of 79 cents a share on revenue of $487.3 million.
Palo Alto Networks aims to thwart credential theft |
Mark McLaughlin, CEO of Palo Alto, said it added about 3,000 new customers for a quarter. The company updated a bevy of products including a security service called GlobalProtect, a logging service and application framework.
In addition, CFO Steffan Tomlinson will retire.
安全教育培训方案
For fiscal 2017, Palo Alto reported a net loss of $216.6 million, or $2.39 a share, on revenue of $1.8 billion, up 28 percent from a year ago. Non-GAAP annual earnings were $2.71 a share.

As for the outlook, Palo Alto projected first quarter revenue between $482 million to $492 million with non-GAAP earnings of 67 cents a share to 69 cents a share. For fiscal 2018, Palo Alto projected revenue between $2.12 billion and $2.16 billion, up 21 percent to 23 percent from 2017. Non-GAAP annual earnings will be about $3.24 a share to $3.34 a share.
The guidance was roughly in line with Wall Street expectations.
公司应该根据需要对外包活动进行现场检查,采集外包活动过程中数据信息和相关资料,对于违反相关法律、法规或存在重大风险隐患的外包情形,可以要求外包公司进行整改,并视情况予以问责。

猜您喜欢

首席信息安全官必须评估风险并鉴别真实的安全预算
适用于任何行业的EHS电子教学课程
网络安全法宣传片 002 国家网络安全的现状与重要性概述
9月1日起取消国内手机长途和漫游费
IZOLACJENATRYSKOWE RENEWALBYANDERSENSW
防病毒理念并非深入人心

Astros A20 gaming headset ditches the A10s wires for more than twice the price

When Astro announced the budget-friendly A10 headset a few months ago, we hypothesized that it was only a matter of time until an A20 slotted into the remaining empty space. Sure enough, it’s here: The Astro A20, a wireless version of the A10.
The wired Astro A10 costs $60
ASTRO Gaming A10 Gaming Headset – Blue/Black
$59.99MSRP $60.00Viewon Amazon
Retailing for $150, the A20 features the same stripped-down design as the A10 but…wireless. That seems to be the only difference, though I’m judging by photos—I’ve yet to see the headset in person or test it out.
The price is a bit surprising. The A10 launched for $60, which seemed pretty damn competitive—only the discounted HyperX Cloud stands out in the same price tier, as mentioned in PCWorld’s roundup of the best gaming headsets. At $150 the A20 comes in more expensive than both the Logitech G533 and Corsair’s slate of wireless headsets (both the original Void and recently upgraded Void Pro lines).
[ Further reading: These 20 absorbing PC games will eat days of your life ] Astro
安全报告显示中小企业成为攻击目标,不幸的是,他们中有不少已经中断了IT安全的预算,并且对基本安全控制知之甚少。
The Astro A20 wireless.
网络安全法培训短片

I haven’t spent much time with Corsair’s offerings recently, but the G533 (and Logitech G933 for that matter) at least are both loaded with features. The A20 seems pretty stripped down by comparison, with only a flip-to-mute mic and (I assume) volume control. No chat mix or anything that would’ve made the A20 stand out from the increasingly crowded $150 wireless headset market. And the situation’s even more confusing when you remember that Logitech bought Astro, so it’s literally competing with itself at this point. I guess they’re really counting on that Astro brand to move units.
Anyway, the A20 is apparently at Astro’s booth at PAX this weekend. I’m planning to stop by and get a few photos and hopefully test it out as best I can from the ultra-noisy show floor. We’ll keep you updated.
To comment on this article and other PCWorld content, visit our Facebook page or our Twitter feed.
try{performance.mark(“mark_article_body_rendered”);}catch(e){console.log(“Error saving performance mark — this function may not be supported in this browser”);}
Related:
Gaming
Gaming Accessories
Hayden writes about games for PCWorld and doubles as the resident Zork enthusiast.
Follow
互联网也不是网络犯罪份子的避风港,保护信用卡信息,防止窃贼盗取,基本依靠安全意识提升。

猜您喜欢

2017广西玉林市食品药品安全信息与监控中心(不良反应监测中心)…
信息安全意识教育动画——我在多利宝里的钱哪儿去了?
网络安全法实施宣传
《奔跑吧兄弟》倡导公益从自身做起
VIOLENCE CCHGROUP
信息安全意识教育手段大比拼

该恶意软件攻击者从德国引渡到英国

Mathew J. Schwartz reports:
Admitted Mirai malware mastermind Daniel Kaye, 29, has been extradited from Germany to the United Kingdom, where he faces charges that he launched cyberattacks against two of Britains biggest banks.
Kaye, a British national from Surrey, England, returned to Britain Wednesday in the custody of officers of the National Crime Agency – Britains national law enforcement agency – under a European arrest warrant.
Hes been accused of using an infected network of computers known as the Mirai#14 botnet to attack and blackmail Lloyds Banking Group and Barclays banks, according to the NCA.
Read more on BankInfoSecurity.
Mathew J. Schwartz报道:
承认该恶意软件的幕后策划niel Kaye,被从德国引渡到英国,在那里他面临的指控,他发动网络攻击对两家英国最大的银行。

凯,一个英国国家从Surrey,英国,星期三回到英国在国家犯罪局羁押人员
信息安全管理者需要像营销天才一样,向员工推销您组织的信息安全政策。
适用于任何行业的EHS电子教学课程
他被指控利用被感染的计算机组成的网络称为未来# 14僵尸网络攻击和勒索莱斯银行集团和巴克莱银行,根据国家版权局。
阅读更多关nkinfosecurity。
当与我们组织相关的新闻成为媒体和公众关注的焦点时,我们也很容易成为黑客的攻击目标,所以我们的安全管理部门要做好相应的安全应急响应预案,配备足够的值班人手和提高监控的频率必不可少,必要时也可请求外部技术支援。

猜您喜欢

27:4027:40周星驰演的唐伯虎搞笑短片,ERP版
安全意识教育之节日互联网安全生存赛
网络安全法实施宣传
中国男子在泰国砸车被捕
MIX1023 TRAILLODGETEA
信息安全意识教育动画——我在多利宝里的钱哪儿去了?

该恶意软件攻击者从德国引渡到英国

Mathew J. Schwartz reports:
Mathew J. Schwartz报道:
Admitted Mirai malware mastermind Daniel Kaye, 29, has been extradited from Germany to the United Kingdom, where he faces charges that he launched cyberattacks against two of Britains biggest banks.
承认该恶意软件的幕后策划niel Kaye,被从德国引渡到英国,在那里他面临的指控,他发动网络攻击对两家英国最大的银行。
由于对计算机依赖程度日益增加的新无线技术能够使汽车更安全、能耗更低、更现代化,与此同时,汽车遭黑客攻击已开始由以前的理论转入现实世界。
Kaye, a British national from Surrey, England, returned to Britain Wednesday in the custody of officers of the National Crime Agency – Britains national law enforcement agency – under a European arrest warrant.
凯,一个英国国家从Surrey,英国,星期三回到英国在国家犯罪局羁押人员
Hes been accused of using an infected network of computers known as the Mirai#14 botnet to attack and blackmail Lloyds Banking Group and Barclays banks, according to the NCA.
航空航天行业信息安全漫谈
他被指控利用被感染的计算机组成的网络称为未来# 14僵尸网络攻击和勒索莱斯银行集团和巴克莱银行,根据国家版权局。
Read more on BankInfoSecurity.
阅读更多关nkinfosecurity。
信息化是一把“双刃剑”,好人在享用它带来的高效和便利,坏家伙们也在利用它的普及展示其娴熟的攻击技术和高明的破坏手段。保障信息化的安全,对抗攻击和破坏,主要体现在保障信息的机密性、完整性和可用性上。

猜您喜欢

国家网络安全与信息化的成败
建立健康网络环境重在提升网民的网络谣言识别能力
网络安全法视频宣传片 第二集 国家网络安全的现状与重要性概述
开学季 海洋大学一90后女研究生抱娃报到
DADDIESBOARDSHOP TEACHUNICEF
互联网金融“宝宝们”的信息安全敌手并非黑客