Tuesday, July 29, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: March 2017

ComputerWorldIndependent
admin

Apple says it has already patched ‘many’ (not all) leaked CIA exploits

Credit to Author: Jonny Evans| Date: Wed, 08 Mar 2017 03:51:00 -0800

Details concerning multiple iOS, Mac, and AirPort exploits allegedly used by the CIA were published by Wikileaks late last night.

The documents reveal an extensive quantity of exploits used against Apple devices, thought WikiLeaks has not published any of the technical details or computer code that was also leaked to prevent these hacks disseminating any further. (Though we don’t know who else got the data).

Post-privacy

The documents offer the deepest look yet into how intelligence services (including the CIA, GCHQ, and others) have worked together to undermine the security of products from multiple vendors, including Apple.

To read this article in full or to leave a comment, please click here

Read More
IndependentKrebs
admin

Payments Giant Verifone Investigating Breach

Credit to Author: BrianKrebs| Date: Tue, 07 Mar 2017 18:02:30 +0000

Credit and debit card payments giant Verifone [NYSE: PAY] is investigating a breach of its corporate computer networks that could impact companies running its point-of-sale solutions, according to multiple sources. Verifone says the extent of the breach was “limited” and that its payment services network was not impacted. San Jose, Calif.-based Verifone is the largest maker of credit card terminals used in the United States. It sells point-of-sale terminals and services to support the swiping and processing of credit and debit card payments at a variety of businesses, including retailers, taxis, and fuel stations. On Jan. 23, 2017, Verifone sent an “urgent” email to all company staff and contractors, telling them that they had 24 hours to change all company passwords.

Read More
ComputerWorldIndependent
admin

Android gets patches for critical OpenSSL, media server and kernel driver flaws

Credit to Author: Lucian Constantin| Date: Tue, 07 Mar 2017 08:37:00 -0800

A five-month-old flaw in Android’s SSL cryptographic libraries is among the 35 critical vulnerabilities Google fixed in its March security patches for the mobile OS.

The first set of patches, known as patch level 2017-03-01, is common to all patched phones and contains fixes for 36 vulnerabilities, 11 of which are rated critical and 15 high. Android vulnerabilities rated critical are those that can be exploited to execute malicious code in the context of a privileged process or the kernel, potentially leading to a full device compromise.

One of the patched vulnerabilities is located in the OpenSSL cryptographic library and also affects Google’s newer BoringSSL library, which is based on OpenSSL. What’s interesting is that the flaw, identified as CVE-2016-2182, was patched in OpenSSL back in September. It can be exploited by forcing the library to process an overly large certificate or certificate revocation list from an untrusted source.

To read this article in full or to leave a comment, please click here

Read More
MalwareBytesSecurity
admin

A multi-purpose fake online scanner

Credit to Author: Pieter Arntz| Date: Tue, 07 Mar 2017 16:00:14 +0000

Just to show you that behind some PUPs there are threat actors that are too lazy to be bothered, we offer you a fake online scanner that was used to promote the infamous MacKeeper and a Windows system optimizer called Advance-System-Care.

Categories:

Tags:

(Read more…)

The post A multi-purpose fake online scanner appeared first on Malwarebytes Labs.

Read More