Friday, July 18, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: March 2017

ComputerWorldIndependent
admin

LastPass fixes serious password leak flaws

Credit to Author: Lucian Constantin| Date: Wed, 22 Mar 2017 14:21:00 -0700

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users’ passwords or execute malicious code on their computers.

The vulnerability was discovered by Google security researcher Tavis Ormandy and was reported to LastPass on Monday. It affected the browser extensions installed by the service’s users for Google Chrome, Mozilla Firefox and Microsoft Edge.

According to a description in the Google Project Zero bug tracker, the vulnerability could have given attackers access to internal commands inside the LastPass extension. Those are the commands used by the extension to copy passwords or fill in web forms using information stored in the user’s secure vault.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

iPhone, Mac owners: How to stymie hackers extorting Apple, threatening to wipe devices

Credit to Author: Gregg Keizer| Date: Wed, 22 Mar 2017 13:23:00 -0700

Hackers claiming to have hundreds of millions of iCloud credentials have threatened to wipe date from iPhones, iPads and Macs if Apple does not fork over $150,000 within two weeks.

“This group is known for getting accounts and credentials, they have gotten credentials in the past,” said Lamar Bailey, director of security research and development at Tripwire, of the purported hackers. “But whether they have that many … who knows?”

There’s another reason for not panicking, Bailey said: People can quickly make their accounts more secure, assuming the criminals have only collected, not actually compromised the iCloud accounts by changing millions of passwords.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Google cites progress in Android security, but patching issues linger

Credit to Author: Michael Kan| Date: Wed, 22 Mar 2017 12:41:00 -0700

The chances of your encountering malware on your Android phone is incredibly small, according to Google.

By the end of last year, less than 0.71 percent of Android devices had installed a “potentially harmful application,” such as spyware, a Trojan, or other malicious software.

That figure was even lower, at 0.05 percent, for Android phones that downloaded apps exclusively from the Google Play store.

The internet giant revealed the figures in a new report detailing its efforts to making the Android OS secure. Thanks to better app review systems, the company is detecting and cracking down on more malware.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Hackers demand $150K ransom, threaten to wipe millions of Apple devices

Credit to Author: Lucian Constantin| Date: Wed, 22 Mar 2017 09:43:00 -0700

A group of hackers is threatening to wipe data from millions of Apple devices in two weeks if the company doesn’t pay them US$150,000.

The group, which calls itself Turkish Crime Family, claims to have login credentials for more than 627 million icloud.com, me.com and mac.com email addresses. These are email domains that Apple has allowed for users creating iCloud accounts over the years.

Even though the Turkish Crime Family hasn’t been in the media spotlight before, its members claim that they’ve been involved in selling stolen online databases in private circles for the past few years.

The group said via email that it has had a database of about 519 million iCloud credentials for some time, but did not attempt to sell it until now. The interest for such accounts on the black market has been low due to security measures Apple has put in place in recent years, it said.

To read this article in full or to leave a comment, please click here

Read More
FortinetSecurity
admin

Microsoft Word File Spreads Malware Targeting Both Apple Mac OS X and Microsoft Windows

Credit to Author: Xiaopeng Zhang & Chris Navarrete| Date: Wed, 22 Mar 2017 10:43:43 -0700

On March 16, FortiGuard Labs captured a new Word file that spreads malware by executing malicious VBA (Visual Basic for Applications) code. The sample targeted both Apple Mac OS X and Microsoft Windows systems. We then analyzed the sample, and in this blog we are going to explain how it works, step by step. When the Word file is opened, it shows notifies victims to enable the Macro security option, which allows the malicious VBA code to be executed. Malicious Word File is Opened Figure 1. Asks victim to enable Macro security option Once…

Read More
ComputerWorldIndependent
admin

U.S. lawmakers question police use of facial recognition tech

Credit to Author: Grant Gross| Date: Wed, 22 Mar 2017 08:33:00 -0700

Reacting to concerns about the mass collection of photographs in police databases, U.S. lawmakers plan to introduce legislation to limit the use of facial recognition technology by the FBI and other law enforcement organizations.

The FBI and police departments across the country can search a group of databases containing more than 400 million photographs, many of them from the drivers’ licenses of people who have never committed a crime. The photos of more than half of U.S adults are contained in a series of FBI and state databases, according to one study released in October.

To read this article in full or to leave a comment, please click here

Read More
IndependentKrebs
admin

eBay Asks Users to Downgrade Security

Credit to Author: BrianKrebs| Date: Wed, 22 Mar 2017 17:59:44 +0000

Last week, KrebsOnSecurity received an email from eBay. The company wanted me to switch from using a hardware key fob when logging into eBay to receiving a one-time code sent via text message. I found it remarkable that eBay, which at one time was well ahead of most e-commerce companies in providing more robust online authentication options, is now essentially trying to downgrade my login experience to a less-secure option.

Read More