Wednesday, July 9, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: February 2017

ComputerWorldIndependent
admin

Hard-to-detect fileless attacks target banks, other organizations

A wave of attacks that have recently affected banks and other enterprises used open-source penetration testing tools loaded directly into memory instead of traditional malware, making their detection much harder.

Researchers from antivirus vendor Kaspersky Lab started investigating these attacks after the security team from an unnamed bank found Meterpreter in the random access memory (RAM) of a server that acted as the organization’s Windows domain controller.

Meterpreter is an in-memory attack payload that can inject itself into other running processes and is used to establish persistency on a compromised system. It is part of the Metasploit penetration testing framework, a popular tool used both by internal security teams and by malicious hackers.

To read this article in full or to leave a comment, please click here

Read More
FortinetSecurity
admin

Fortinet at RSA 2017


We are proud to be a Gold Sponsor at this year’s RSA event. We are located at Booth# 3627 in the North Hall. This year we will have an in-booth theater featuring Fortinet experts presenting on such topics as enterprise FW, cloud security, FortiGuard, Advanced Threat Protection, and our Security Operations Center solution. The theater will also feature presentations from a number of our Fabric-Ready Partners showcasing the unique interoperability, scope, and flexibility of the Fortinet Security Fabric.

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: Rapid7 demystifies penetration testing

In a surprisingly detailed 20+ page report titled “UNDER THE HOODIE: Actionable Research from Penetration Testing Engagements“, Rapid7 – provider of tools such as Metasploit and Nexpose – is sharing some very interesting insights into the choices being made by companies in their penetration testing and what the testers are uncovering. Released just moments ago, this research report provides details on:

  • how much organizations budget for pen testing engagements;
  • what information organizations are most interested in protecting, despite the recent uptick in online industrial espionage;
  • what percentage of sites are free of exploitable vulnerabilities;
  • the easiest ways for attackers to execute their attacks; and
  • how often pen tests successfully identify and exploit software vulnerabilities.

The statistics provided will likely help many companies refine or initiate their own penetration testing. The findings are based on 128 penetration tests that the company conducted in Q4 of 2016. They reveal many interesting details and some surprising details on testing choices such as:

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

'Invisible' memory-based malware hit over 140 banks, telecoms and government agencies

Cybercriminals have hit more than 40 countries with hidden malware that steals passwords and financial data. The malware is not found on hard drives as it hides in the memory of compromised computers, making it almost “invisible” as criminals exfiltrate system administrators’ credentials and other sensitive data. When a targeted machine is rebooted, nearly all traces of the malware disappear.

Over 140 enterprise networks – banks, government organizations and telecommunication companies – from 40 countries have been hit, according to Kaspersky Lab. The cybercriminals are using methods and sophisticated malware previously used by nation-state attackers.

To read this article in full or to leave a comment, please click here

Read More