Monday, July 7, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: February 2017

IndependentSecuriteam
admin

SSD Advisory – Tripwire IP360 Local File Inclusion

Credit to Author: Maor Schwartz| Date: Wed, 15 Feb 2017 07:16:18 +0000

Vulnerabilities Summary The following advisory describes a Local File Inclusion (LFI) vulnerability found in Tripwire IP360 version 7.2.6. Tripwire IP360 is a enterprise-class vulnerability and risk assessment, it’s provides visibility into the enterprise network, including all networked devices and their associated operating systems and application. Credit An independent security researcher Mohammed Shameem has reported this … Continue reading SSD Advisory – Tripwire IP360 Local File Inclusion

Read More
ComputerWorldIndependent
admin

IT leaders say it's hard to keep the cloud safe

Credit to Author: Sharon Gaudin| Date: Wed, 15 Feb 2017 12:17:00 -0800

IT managers are finding it difficult to keep their applications and data safe in the cloud, and many are slowing cloud adoption because of it.

That was one of the findings of an Intel cloud security report that surveyed 2,000 IT professionals in different countries and industries last fall.

The issue isn’t with the cloud itself, since trust outnumbers distrust for public clouds by more than two to one, according to Intel’s survey.

IT professionals told Intel that shadow IT and a shortage of cybersecurity skills are causing the most problems.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Yahoo warns users of account breaches related to recent attacks

Credit to Author: Grant Gross| Date: Wed, 15 Feb 2017 11:01:00 -0800

Yahoo has begun warning individual users that their accounts with the service may have been compromised in a massive data breach it reported late last year.

The warning, in email messages sent from Yahoo CISO Bob Lord, tell users that a forged cookie may have been used to access their accounts in previous years.

The warning to Yahoo users come at the same time that news reports suggest that Verizon Communications, in negotiations to buy Yahoo, may be seeking a discount of $250 million because of the data breaches.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Hacker breached 63 universities and government agencies

Credit to Author: Darlene Storm| Date: Wed, 15 Feb 2017 09:33:00 -0800

A “Russian-speaking and notorious financially-motivated” hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.

According to the security company Recorded Future, which has been tracking the cybercriminal’s breaches, Rasputin’s most recent victims include 63 “prominent universities and federal, state, and local U.S. government agencies.” The security firm has been following Rasputin’s activity since late 2016 when the hacker reportedly breached the U.S. Electoral Assistance Commission and then sold EAC access credentials.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

JavaScript-based attack simplifies browser exploits

Credit to Author: Lucian Constantin| Date: Wed, 15 Feb 2017 10:13:00 -0800

Researchers have devised a new attack that can bypass one of the main exploit mitigations in browsers: Address space layout randomization (ASLR). The attack takes advantage of how modern processors cache memory and, because it doesn’t rely on a software bug, fixing the problem is not easy.

Researchers from the Systems and Network Security Group at Vrije Universiteit Amsterdam (VUSec) unveiled the attack, dubbed AnC, Wednesday after having coordinated its disclosure with processor, browser and OS vendors since October.

ASLR is a feature present in all major operating systems. Applications, including browsers, take advantage of it to make the exploitation of memory corruption vulnerabilities like buffer overflows more difficult.

To read this article in full or to leave a comment, please click here

Read More