Friday, July 11, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: February 2017

ComputerWorldIndependent
admin

WordPress silently fixes dangerous code injection vulnerability

Developers of the widely used WordPress content management system released an update last week, but intentionally delayed announcing that the patch addressed a severe vulnerability.

WordPress version 4.7.2 was released on January 26 as a security update, but the accompanying release notes mentioned only fixes for three moderate risk vulnerabilities, one of which did not even affect the platform’s core code.

On Wednesday, a week later, the WordPress security team disclosed that a fourth vulnerability, much more serious than the others, was also patched in version 4.7.2.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

HPE acquires security startup Niara to boost its ClearPass portfolio

Hewlett Packard Enterprise has acquired Niara, a startup that uses machine learning and big data analytics on enterprise packet streams and log streams to detect and protect customers from advanced cyberattacks that have penetrated perimeter defenses.

The financial terms of the deal were not disclosed.

Operating in the User and Entity Behavior Analytics (UEBA) market, Niara’s technology starts by automatically establishing baseline characteristics for all users and devices across the enterprise and then looking for anomalous, inconsistent activities that may indicate a security threat, Keerti Melkote, senior vice president and general manager of HPE Aruba and cofounder of Aruba Networks, wrote in a blog post on Wednesday.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Hackers seek company insiders on the black market

If you’re the CEO of a company, here’s another threat you need to worry about: hackers trying to recruit your employees for insider-related crimes.

Researchers at security firms RedOwl and IntSights have noticed growing activity from online black market dealers trying to recruit company employees for insider trading and cashing out stolen credit card numbers. 

These dealers are appearing on underground forums located on the dark web, which are accessible through Tor, a browser designed for anonymous web surfing, according to the researchers, who published their findings on Tuesday. 

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: These are the threats that keep me awake at night

We have fortunately reached the date on the calendar when the myriad of articles predicting hot information security issues for 2017 have begun to wind down. I say fortunately, because I personally have never found much use for them.

In many cases, they predict things that are readily obvious — for example, ransomware will be a greater issue in 2017. I can all but guarantee that this prediction will come true, as can almost anyone in the industry. Since ransomware built momentum in the fourth quarter, it is unlikely to dissipate in 2017, despite California making it illegal

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

5 things DevOps must do to secure containers

Can’t we all get along
secure containers

Image by Pixabay

Do deepening adoption and broader deployment of container technologies (from the likes of Docker, CoreOS and others) threaten to escalate into the latest skirmish between operations, developers and information security? Certainly, the potential exists to widen the rift, but in fact there is far more common ground than would initially suggest. Containerization introduces new infrastructure that operates dynamically and is open in nature, with more potential for cross-container activity. Containerization presents an almost unprecedented opportunity to embed security into the software delivery pipeline – rather than graft on security checks, container monitoring and policy for access controls as an afterthought.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

WhatsApp reduces spam, despite end-to-end encryption

Can a spam filter work even without reading the content of your messages?

WhatsApp thinks so. Since last April, the messenger app has been successfully fighting spam abuse, even as it’s been using end-to-end encryption.

That encryption means that no one — not even WhatsApp — can read the content of your messages, except for the recipient.

More privacy, however, can raise issues about spam detection. If WhatsApp can’t scan your messages for suspicious content, say for advertisements peddling cheap Viagra, then how can it effectively filter them out?

To read this article in full or to leave a comment, please click here

Read More