Wednesday, December 31, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: March 2017

IndependentSecuriteam
admin

SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

Credit to Author: Maor Schwartz| Date: Sun, 19 Mar 2017 08:05:05 +0000

Vulnerability Summary The following advisory describe Information Disclosure found in Oracle Knowledge Management version 8.5.1. By enabling searches across a wide variety of sources, Oracle’s InQuira knowledge management products offer simple and convenient ways for users to access knowledge that was once hidden in the myriad systems, applications, and databases used to store enterprise content. … Continue reading SSD Advisory – Oracle Knowledge Management XXE Leading to a RCE

Read More
ComputerWorldIndependent
admin

BlackBerry preps a more secure Samsung Galaxy S7

Credit to Author: Peter Sayer| Date: Sun, 19 Mar 2017 10:58:00 -0700

Secusmart, the BlackBerry subsidiary that secures the German Chancellor Angela Merkel’s smartphone, will roll out a version of its SecuSuite security software compatible with Samsung Electronics’ Knox platform later this year.

That means that organizations looking for smartphones offering government-grade security will be able to buy the Samsung Galaxy S7 or, soon, the S8 rather than the now-discontinued BlackBerry OS smartphones like the one Merkel uses.

In addition to encrypting communications and data stored on the device, the new SecuSuite also secures voice calls using the SNS standard set by Germany’s Federal Office for Information Security (BSI). Organizational app traffic is passed through an IPsec VPN, while data from personal apps can go straight to the internet. Encrypted voice calls go through a different gateway, not the VPN.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

US-CERT: Some HTTPS inspection tools could weaken security

Credit to Author: Lucian Constantin| Date: Fri, 17 Mar 2017 15:14:00 -0700

Companies that use security products to inspect HTTPS traffic might inadvertently make their users’ encrypted connections less secure and expose them to man-in-the-middle attacks, the U.S. Computer Emergency Readiness Team warns.

US-CERT, a division of the Department of Homeland Security, published an advisory after a recent survey showed that HTTPS inspection products don’t mirror the security attributes of the original connections between clients and servers.

HTTPS inspection checks the encrypted traffic coming from an HTTPS site to make sure it doesn’t contain threats or malware. It’s performed by intercepting a client’s connection to an HTTPS server, establishing the connection on the client’s behalf and then re-encrypting the traffic sent to the client with a different, locally generated certificate. Products that do this essentially act as man-in-the-middle proxies.

To read this article in full or to leave a comment, please click here

Read More
SecurityTrendMicro
admin

The Results – Pwn2Own Day Three

Credit to Author: Dustin Childs (Zero Day Initiative Communications)| Date: Sat, 18 Mar 2017 02:59:00 +0000

Our final day of Pwn2Own 2017 came to a close with some amazing research. The contest had never previously required a 3rd day of competition, but with our largest ever number of registrations, coinciding with our 10th anniversary, extending to include the extra entries proved more than worthwhile. Just today, we awarded $250,000 and 54…

Read More
SecurityTrendMicro
admin

3 Steps To Take For Social Media Account Security

Credit to Author: Mark Nunnikhoven (Vice President, Cloud Research)| Date: Sat, 18 Mar 2017 00:57:57 +0000

Social media is a tough place for companies. That’s understandable. The idea of connecting people to each other breaks down when one of those people is a major multi-national brand. But there is a place on social for companies and when it’s handled well, it’s amazing. Unfortunately, as much as positive examples show personality and…

Read More