RSS Reader for Computer Security Articles
Credit to Author: Lily Hay Newman| Date: Fri, 17 Mar 2017 11:00:21 +0000
Social networks are publicly recognizing a responsibility to restrict third-party data surveillance, but it’s a challenging role. The post Facebook’s Big ‘First Step’ to Crack Down on Surveillance appeared first on WIRED.
Read MoreCredit to Author: Dustin Childs (Zero Day Initiative Communications)| Date: Fri, 17 Mar 2017 08:42:52 +0000
The second day of competition in this year’s Pwn2Own closed out with a record 17 entries for a single day. In fact, due to the significant number of contestants registered for the 10th anniversary edition of Pwn2Own, we divided the second day into two different tracks: Track A focus on Adobe and Microsoft products while…
Read More
Credit to Author: BrianKrebs| Date: Fri, 17 Mar 2017 00:11:57 +0000
For the second time in the past nine months, Google has inadvertently but nonetheless correctly helped to identify the source of a large credit card breach — by assigning a “This site may be hacked” warning beneath the search results for the Web site of a victimized merchant.
Read More
Credit to Author: Michael Kan| Date: Thu, 16 Mar 2017 17:57:00 -0700
When governments turn to private hackers to carry out state-sponsored attacks, as the FBI alleges Russia did in the 2014 breach of Yahoo, they’re taking a big risk.
On the one hand, it gives them a bit of plausible deniability while reaping the potential spoils of each attack, but if the hackers aren’t kept on a tight leash things can turn bad.
Karim Baratov, the 22-year-old Canadian hacker who the FBI alleges Russia’s state security agency hired to carry out the Yahoo breach, didn’t care much for a low profile.
His Facebook and Instagram posts boasted of the million-dollar house he bought in a Toronto suburb and there were numerous pictures of him with expensive sports cars — the latest an Aston Martin DB9 with the license plate “MR KARIM.”
To read this article in full or to leave a comment, please click here
Credit to Author: Dustin Childs (Zero Day Initiative Communications)| Date: Fri, 17 Mar 2017 00:07:09 +0000
The third and final day of the largest Pwn2Own shapes up with four entries and the awarding of Master of Pwn. It’s a tight race with multiple teams still in the running. Here’s the schedule for Day Three: 9:00am – 360 Security (@mj011sec) targeting Microsoft Edge with a SYSTEM-level escalation and a virtual machine escape…
Read MoreCredit to Author: Brian Barrett| Date: Fri, 17 Mar 2017 00:07:22 +0000
The Trump administration keeps doubling down on a surveillance story, even though it’s in their best interests to drop it. The post Trump Can’t Quit His Wiretap Claims. That Won’t End Well appeared first on WIRED.
Read More
Credit to Author: Lucian Constantin| Date: Thu, 16 Mar 2017 13:34:00 -0700
An unpatched command injection vulnerability could allow hackers to take over enterprise networking products from Ubiquiti Networks.
The vulnerability was discovered by researchers from SEC Consult and allows authenticated users to inject arbitrary commands into the web-based administration interface of affected devices. These commands would be executed on the underlying operating system as root, the highest privileged account.
Because it requires authentication, the vulnerability’s impact is somewhat reduced, but it can still be exploited remotely through cross-site request forgery (CSRF). This is an attack technique that involves forcing a user’s browser to send unauthorized requests to specifically crafted URLs in the background when they visit attacker-controlled websites.
To read this article in full or to leave a comment, please click here
Credit to Author: Patrick Thibodeau| Date: Thu, 16 Mar 2017 13:21:00 -0700
New research is turning on its head the idea that legacy systems — such as Cobol and Fortran — are more secure because hackers are unfamiliar with the technology.
New research found that these outdated systems, which may not be encrypted or even documented, were more susceptible to threats.
By analyzing publicly available federal spending and security breach data, the researchers found that a 1% increase in the share of new IT development spending is associated with a 5% decrease in security breaches.
“In other words, federal agencies that spend more in maintenance of legacy systems experience more frequent security incidents, a result that contradicts a widespread notion that legacy systems are more secure,” the paper found. The research paper was written by Min-Seok Pang, an assistant professor of management information systems at Temple University, and Huseyin Tanriverdi, an associate professor in the Information, Risk and Operations Department at the University of Texas at Austin.
To read this article in full or to leave a comment, please click here