Thursday, July 17, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: March 2017

ComputerWorldIndependent
admin

How to protect yourself from ATM crime

Credit to Author: Mike Elgan| Date: Sat, 25 Mar 2017 04:00:00 -0700

The ATM card is dead. Or is it?

Starting Monday, all 13,000 Wells Fargo ATMs will enable you to withdraw money without using your card, according to Jonathan Velline, head of Wells Fargo ATM and branch strategy.

It works like this: Open the Wells Fargo app on your phone. Tap a button in the app for a temporary eight-digit code. Then enter the code, followed by your PIN, to access your account.

Wells Fargo is the first major U.S. bank to offer app-based access to all of its ATMs.

Citigroup, Chase and Bank of America and others are working on similar ATM functions, with only some machines already upgraded.

wellsfargo atm code Wells Fargo

Wells Fargo will enable ATM access without a card via a temporary eight-digit code accessible in its mobile app.

To read this article in full or to leave a comment, please click here

Read More
SecurityTrendMicro
admin

Evaluating The Risk Of DoubleAgent

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Fri, 24 Mar 2017 20:35:43 +0000

Security startup Cybellum recently announced a new attack that they’re calling “DoubleAgent”. They’ve labelled this a zero day “attack for taking full control over major antiviruses and next-generation antiviruses”. There’s a lot to unpack here. When you’re assessing the risk any issue poses it’s always best to clearly define the issue. Let’s start there. The…

Read More
ComputerWorldIndependent
admin

Apple: Macs and iPhones are safe from newly revealed CIA exploits

Credit to Author: Lucian Constantin| Date: Fri, 24 Mar 2017 12:11:00 -0700

The Mac and iPhone exploits described in new documents attributed to the CIA were patched years ago, according to Apple.

WikiLeaks released a new set of files Thursday that supposedly came from the CIA. They contain details about the agency’s alleged malware and attack capabilities against iPhones and Mac computers.

The documents, dated 2012 and earlier, describe several “implants” that the CIA can install in the low-level extensible firmware interface (EFI) of Mac laptop and desktop computers. These EFI rootkits allow the agency’s macOS spying malware to persist even after the OS is reinstalled.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Google Play faces cat-and-mouse game with Android malware

Credit to Author: Michael Kan| Date: Fri, 24 Mar 2017 11:16:00 -0700

What’s the best way to avoid Android malware? Downloading all your apps from the Google Play store — where software is vetted – is perhaps the best advice.  

But that doesn’t mean Google Play is perfect.

Security researchers do find new Android malware lurking on Google’s official app store. That’s because hackers are coming up with sneaky ways to infiltrate the platform, despite the vetting processes that protect it.

“Eventually, every wall can be breached,” said Daniel Padon, a researcher at mobile security provider Check Point.

To be sure, most Android users will probably never encounter malware on the Google Play store. Last year, the amount of malicious software that reached the platform amounted to only 0.16 percent of all apps, according to a new report from Google.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

To punish Symantec, Google may distrust a third of the web's SSL certificates

Credit to Author: Lucian Constantin| Date: Fri, 24 Mar 2017 10:32:00 -0700

Google is considering a harsh punishment for repeated incidents in which Symantec or its certificate resellers improperly issued SSL certificates. A proposed plan is to force the company to replace all of its customers’ certificates and to stop recognizing the extended validation (EV) status of those that have it.

According to a Netcraft survey from 2015, Symantec is responsible for about one in every three SSL certificates used on the web, making it the largest commercial certificate issuer in the world. As a result of acquisitions over the years the company now controls the root certificates of several formerly standalone certificate authorities including VeriSign, GeoTrust, Thawte and RapidSSL.

To read this article in full or to leave a comment, please click here

Read More
IndependentKrebs
admin

Phishing 101 at the School of Hard Knocks

Credit to Author: BrianKrebs| Date: Fri, 24 Mar 2017 16:03:21 +0000

A recent, massive spike in sophisticated and successful phishing attacks is prompting many universities to speed up timetables for deploying mandatory two-factor authentication (2FA) — requiring a one-time code in addition to a password — for access to student and faculty services online. This is the story of one university that accelerated plans to require 2FA after witnessing nearly twice as many phishing victims in the first two-and-half months of this year than it saw in all of 2015.

Read More