Friday, July 4, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: February 2017

ComputerWorldIndependent
admin

Java and Python FTP attacks can punch holes through firewalls

Credit to Author: Lucian Constantin| Date: Tue, 21 Feb 2017 10:11:00 -0800

The Java and Python runtimes fail to properly validate FTP URLs, which can potentially allow attackers to punch holes through firewalls to access local networks.

On Saturday, security researcher Alexander Klink disclosed an interesting attack where exploiting an XXE (XML External Entity) vulnerability in a Java application can be used to send emails.

XXE vulnerabilities can be exploited by tricking applications to parse specially crafted XML files that would force the XML parser to disclose sensitive information such as files, directory listings, or even information about processes running on the server.

Klink showed that the same type of vulnerabilities can be used to trick the Java runtime to initiate FTP connections to remote servers by feeding it FTP URLs in the form of ftp://user:password@host:port/file.ext.

To read this article in full or to leave a comment, please click here

Read More
IndependentKrebs
admin

How to Bury a Major Breach Notification

Credit to Author: BrianKrebs| Date: Tue, 21 Feb 2017 17:44:39 +0000

Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the nation’s largest companies. Incredibly, the report did not name the affected software, and the vendor in question has apparently chosen to bury its breach disclosure. This post is an attempt to remedy that.

Read More
MalwareBytesSecurity
admin

Rogue Chrome extension pushes tech support scam

Credit to Author: Jérôme Segura| Date: Tue, 21 Feb 2017 17:22:42 +0000

Google Chrome may be one of the more secure browsers but an increasing number of malicious extensions are being forced onto users. The one we analyze can hide itself and receive commands from a remote server in order to hijack the browser with incessant offers, fraud and even tech support scams.

Categories:

Tags:

(Read more…)

Read More
FortinetSecurity
admin

FortiGuard Labs – Global Healthcare Threat Telemetry for Q4 2016

Credit to Author: Gavin Chow| Date: Tue, 21 Feb 2017 08:49:01 -0800

This Global Healthcare Threat Telemetry report examines the threat landscape of the global healthcare industry in Q4 2016. It is based on threat telemetry obtained by FortiGuard Labs’ research group from sensors located at 454 healthcare companies located in 50 countries around the globe. FortiGuard Labs, and its more than 200 researchers and analysts located around the world, logs over 400,000 hours of threat research every year by monitoring and analyzing threat telemetry gathered from over two million sensors. The resulting threat intelligence…

Read More
ComputerWorldIndependent
admin

Verizon knocks $350M from Yahoo deal after breaches

Credit to Author: Grant Gross| Date: Tue, 21 Feb 2017 07:23:00 -0800

Verizon Communications will pay $350 million less for Yahoo after two major data breaches reported by the struggling internet pioneer.

Verizon will pay about $4.48 billion for Yahoo’s operating business, and the two companies will share any potential legal and regulatory liabilities arising from two major data breaches announced in late 2016. The companies announced the amended terms of the deal Tuesday.

In October, one news report had Verizon seeking a $1 billion discount after the first breach was announced.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

True privacy online is not viable

Credit to Author: Evan Schuman| Date: Tue, 21 Feb 2017 03:00:00 -0800

Privacy-concerned consumers desperately want a magic bullet, some simple thing they can use that will protect their identities and their web activity. And although there are a plethora of offerings today that make such a claim — VPNs, privacy-focused browsers such as Tor, privacy search engines such as DuckDuckGo, quite a few services that claim to anonymize anyone’s activity — the practical realities of human behavior make such privacy claims bogus.

Let me stress that almost all of these services do indeed help a person remain anonymous from the casual, untrained observer (the typical roommate, spouse, co-worker, boss, etc.). But any consumer who thinks that these tools will thwart a law enforcement agent, motivated cyberthief or identity thief, or anyone who is willing to spend the time to track you down is in for unhappiness.

To read this article in full or to leave a comment, please click here

Read More