Monday, July 28, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: March 2017

ComputerWorldIndependent
admin

Assange: CIA had lost control of its cyberweapon documents

Credit to Author: Grant Gross| Date: Thu, 09 Mar 2017 08:53:00 -0800

Information about purported CIA cyberattacks was “passed around” among members of the U.S. intelligence community and contractors before it was published by WikiLeaks this week, Julian Assange says.

The CIA “lost control of its entire cyberweapons arsenal,” the WikiLeaks editor-in-chief said during a press conference Thursday. “This is a historic act of devastating incompetence, to have created such an arsenal and stored all in one place and not secured it.”

Assange declined to name the source who gave the information to WikiLeaks, but he seemed to suggest the 8,700-plus documents, purportedly from an isolated CIA server, came from an insider source.

To read this article in full or to leave a comment, please click here

Read More
FortinetSecurity
admin

Byline: IoT is Everywhere – Your Security Should Be Too

Credit to Author: Jonathan Nguyen-Duy| Date: Thu, 09 Mar 2017 09:30:43 -0800

IoT security challenges include weak authentication and authorization protocols, insecure software, firmware with hard-coded backdoors, poorly designed connectivity and communications, and little to no configurability. Many devices were developed around chunks of commonly available and largely untested code, compounding security vulnerabilities across thousands of devices sold through dozens of manufacturers. And to make matters worse, IoT devices are often “headless,” with limited power and processing capabilities. This not only means they can

Read More
ComputerWorldIndependent
admin

Hackers exploit Apache Struts vulnerability to compromise corporate web servers

Credit to Author: Lucian Constantin| Date: Thu, 09 Mar 2017 04:19:00 -0800

Attackers are widely exploiting a recently patched vulnerability in Apache Struts that allows them to remotely execute malicious code on web servers.

Apache Struts is an open-source web development framework for Java web applications. It’s widely used to build corporate websites in sectors including education, government, financial services, retail and media.

On Monday, the Apache Struts developers fixed a high-impact vulnerability in the framework’s Jakarta Multipart parser. Hours later, an exploit for the flaw appeared on Chinese-language websites, which was almost immediately followed by real-world attacks, according to researchers from Cisco Systems.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Why email is safer in Office 365 than on your Exchange server

Credit to Author: Mary Branscombe| Date: Thu, 09 Mar 2017 04:11:00 -0800

Running your own email servers doesn’t do anything to differentiate your business from the competition (except in a bad way, if you get hacked). But avoiding the effort of managing and monitoring your own mail server isn’t the only advantage of a cloud service. The scale of a cloud mail provider like Office 365 means that malware and phishing attacks are easier to spot — and the protections extend beyond your inbox.

To read this article in full or to leave a comment, please click here

(Insider Story)

Read More
ComputerWorldIndependent
admin

WikiLeaks looks at helping tech vendors disarm CIA hacking tools

Credit to Author: Michael Kan| Date: Thu, 09 Mar 2017 03:57:00 -0800

WikiLeaks has attracted plenty of haters over its controversial disclosures. But the site may be in a unique position to help tech vendors better secure their products.

That’s because WikiLeaks has published secret hacking tools allegedly taken from the CIA, which appear to target smartphones, smart TVs and PCs.

Companies including Apple and Cisco have been looking through the stolen documents to address any vulnerabilities the CIA may have exploited. However, WikiLeaks might be able to speed up and expand the whole process.

To read this article in full or to leave a comment, please click here

Read More
SecurityTrendMicro
admin

The Culture of Cybercrime in West Africa

Credit to Author: Ed Cabrera (Chief Cybersecurity Officer)| Date: Thu, 09 Mar 2017 11:00:52 +0000

As part of our ongoing research into the cybercriminal underground markets of the world, Trend Micro researchers today released a report detailing Cybercrime in West Africa. This report leverages our ongoing partnership with INTERPOL to provide survey data and a deeper understanding of the regions cybercriminal ecosystem. While tactics play a role in the success…

Read More
MicrosoftSecurity
admin

Uncovering cross-process injection with Windows Defender ATP

Credit to Author: msft-mmpc| Date: Thu, 09 Mar 2017 06:16:01 +0000

Windows Defender Advanced Threat Protection (Windows Defender ATP) is a post-breach solution that alerts security operations (SecOps) personnel about hostile activity. As the nature of attacks evolve, Windows Defender ATP must advance so that it continues to help SecOps personnel uncover and address the attacks. With increasing security investments from Microsoft—read how Windows 10 continues to raise…

Read More