Monday, July 28, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: March 2017

FortinetSecurity
admin

Microsoft Excel Files Increasingly Used To Spread Malware

Credit to Author: Xiaopeng Zhang| Date: Wed, 08 Mar 2017 15:27:03 -0800

Over the last few years we have received a number of emails with attached Word files that spread malware.  Now it seems that it is becoming more and more popular to spread malware using malicious Excel files. Lately, Fortinet has collected a number of email samples with Excel files attached (.xls, .xlsm) that spread malware by executing malicious VBA (Visual Basic for Applications) code. VBA is a programming language used by Microsoft Office suite. Normally, VBA is used to develop programs for Excel to perform some tasks. I’ll use…

Read More
ComputerWorldIndependent
admin

Security holes in Confide messaging app exposed user details

Credit to Author: Michael Kan| Date: Wed, 08 Mar 2017 12:51:00 -0800

Confide, a messaging app reportedly used by U.S. White House staff, apparently had several security holes that made it easier to hack.

Security consultancy IOActive found the vulnerabilities in Confide, which promotes itself as an app that offers “military-grade” end-to-end encryption.

But despite its marketing, the app contained glaring problems with securing user account information, IOActive said in a Wednesday post.

The consultancy noticed it could access records for 7,000 Confide users by exploiting vulnerabilities in the app’s account management system. Part of the problem resided with Confide’s API, which could be used to reveal data on user’s phone numbers and email addresses.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Leaked docs suggest NSA and CIA behind Equation cyberespionage group

Credit to Author: Lucian Constantin| Date: Wed, 08 Mar 2017 12:40:00 -0800

Purported CIA documents leaked Tuesday appear to confirm that the U.S. National Security Agency and one of the CIA’s own divisions were responsible for the malware tools and operations attributed to a group that security researchers have dubbed the Equation.

The Equation’s cyberespionage activities were documented in February 2015 by researchers from antivirus vendor Kaspersky Lab. It is widely considered to be the most advanced cyberespionage group in the world, based on the sophistication of its tools and the length of its operations, some possibly dating as far back as 1996.

To read this article in full or to leave a comment, please click here

Read More
IndependentKrebs
admin

WikiLeaks Dumps Docs on CIA’s Hacking Tools

Credit to Author: BrianKrebs| Date: Wed, 08 Mar 2017 18:39:11 +0000

WikiLeaks on Tuesday dropped one of its most explosive word bombs ever: A secret trove of documents apparently stolen from the U.S. Central Intelligence Agency (CIA) detailing methods of hacking everything from smart phones and TVs to compromising Internet routers and computers. KrebsOnSecurity is still digesting much of this fascinating data cache, but here are some first impressions based on what I’ve seen so far.

Read More
ComputerWorldIndependent
admin

CIA hacking tools targeting Windows

Credit to Author: Darlene Storm| Date: Wed, 08 Mar 2017 08:22:00 -0800

By releasing information about CIA hacking tools, WikiLeaks has given a new meaning to March Madness.

The CIA’s project Fine Dining is intriguing, since it outlines DLL hijacks for Sandisk Secure, Skype, Notepad++, Sophos, Kaspersky, McAfee, Chrome, Opera, Thunderbird, LibreOffice, and some games such as 2048, which the CIA writer “got a good lol out of.” Yet I was curious about what the CIA does to targeted machines running Windows since so many people use the OS.

Nearly everything dealing with the CIA hacking arsenal and Windows is labeled as “secret.” Nicholas Weaver, a computer scientist at the University of California at Berkeley, told NPR that the Vault 7 release is not all that big of a deal, not too surprising the agency hacks. Yet if “Year Zero” was obtained by a non-government hacker compromising the CIA’s system, then that would be a big deal.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: Why the Samsung TV spying hack is way overblown

Credit to Author: John Brandon| Date: Wed, 08 Mar 2017 07:25:00 -0800

Major media has some egg on their face over this one.

Drawn to the attention-grabbing idea of your Samsung TV being compromised by the CIA, and knowing a lot of people have a Samsung TV, the headlines went something like this.

WikiLeaks says CIA hacked Samsung smart TVs

Why your smart TV is the perfect way to spy on you

None of these reports bothered to explain any of the details.

As noted in Wired and in this Forbes report, the CIA cannot spy on you over wireless. To update a Samsung TV, they’d need to use a USB key to install a firmware update. Also, the televisions are older models from 2013. To record any conversations or video, the CIA would then have to copy files back onto the USB drive.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

If the CIA can sidestep encryption, what makes you think cyberthieves can’t?

Credit to Author: Evan Schuman| Date: Wed, 08 Mar 2017 06:48:00 -0800

Having just spent much of the day browsing through Wikileaks’ latest batch of documents from the intelligence community — in which government agents discussed ways to circumvent mobile encryption and to listen in on conversations near smart devices including smart TVs — it’s clear that government agents have long had the ability to grab mobile content before it’s encrypted.

Some of the tactics have names that are quite explicit about their function, such as a TV mode called “TV Fake-Off.” These docs provide a fascinating look into the government teams that are emulating cyberthieves, trying to improve on their techniques rather than thwart them.

To read this article in full or to leave a comment, please click here

Read More