Monday, January 19, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: May 2017

ComputerWorldIndependent
admin

Supply chain attack on HandBrake video converter app hits Mac users

Credit to Author: Lucian Constantin| Date: Mon, 08 May 2017 08:04:00 -0700

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

The HandBrake development team posted a security warning on the project’s website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.

The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.

To read this article in full or to leave a comment, please click here

Read More
SecurityTrendMicro
admin

The Unified Cloud

Credit to Author: Justin Foster| Date: Mon, 08 May 2017 12:00:42 +0000

Throughout the history of cloud computing, 2006 was a momentous year. In 2006 Amazon Web Services released S3, the first pay per GB storage service. By August, they released  EC2, allowing you to spin up a server and pay by the hour in the cloud. In the decade that has followed, AWS has emerged as…

Read More
ComputerWorldIndependent
admin

Patch to fix Intel-based PCs with enterprise bug rolls out this week

Credit to Author: Michael Kan| Date: Mon, 08 May 2017 04:31:00 -0700

PC vendors this week will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack.   

Intel on Friday released a new notice urging clients to take steps to secure their systems.

The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.

In addition, vendors including Fujitsu, HP and Lenovo have released lists showing which products are affected and when the patches will roll out. 

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Email, email, in the cloud

Credit to Author: Mathias Thurman| Date: Mon, 08 May 2017 03:45:00 -0700

As my company continues to move enterprise applications to the cloud, the latest development presents a security opportunity. We are giving up our on-premises Microsoft Exchange email in favor of the Microsoft Office 365 service. With the transition, we might be able to curtail the common employee practice of communicating and storing sensitive business-related data in email.

I am encouraging the IT organization to tighten security by implementing controls that were either not available in our on-premises deployment or never implemented. The first order of business is a cleanup of accounts and distribution lists. We have hundreds of email-enabled distribution lists, and too many of them are available to the world. We should be able to cut down the number of lists and set rules about who can use them.

To read this article in full or to leave a comment, please click here

Read More
IndependentSecuriteam
admin

SSD Advisory – TerraMaster Operating System (TOS) File Disclosure

Credit to Author: SSD / Maor Schwartz| Date: Sun, 07 May 2017 00:33:00 +0000

Vulnerability Summary The following advisory describes a File Disclosure vulnerability found in TerraMaster Operating System (TOS) version 3. TerraMaster Operating System, TOS is a Linux platform-based operating system developed for TerraMaster cloud storage NAS server. TOS 3 is the third generation operating system newly launched. Credit An independent security researcher has reported this vulnerability to … Continue reading SSD Advisory – TerraMaster Operating System (TOS) File Disclosure

Read More
ComputerWorldIndependent
admin

Cyberspies tap free tools to build powerful malware framework

Credit to Author: Lucian Constantin| Date: Fri, 05 May 2017 07:54:00 -0700

Over the past year, a group of attackers has managed to infect hundreds of computers belonging to government agencies with a malware framework stitched together from JavaScript code and publicly available tools.

The attack, analyzed by researchers from antivirus firm Bitdefender, shows that cyberespionage groups don’t necessarily need to invest a lot of money in developing unique and powerful malware programs to achieve their goals. In fact, the use of publicly available tools designed for system administration can increase an attack’s efficiency and makes it harder for security vendors to detect it and link it to a particular threat actor.

To read this article in full or to leave a comment, please click here

Read More