May 2017 – Page 35 – Computer Security Articles

Credit to Author: Maor Schwartz| Date: Wed, 03 May 2017 13:09:31 +0000

Vulnerability Summary The following advisory describe Unauthorized Password Reset vulnerability found in WordPress version 4.3.1. WordPress is web software you can use to create a beautiful website or blog. We like to say that WordPress is both free and priceless at the same time. The core software is built by hundreds of community volunteers, and … Continue reading SSD Advisory – WordPress Unauthorized Password Reset

ComputerWorld Independent

May 4, 2017 admin

Microsoft asks Windows 10 Enterprise customers to test new anti-exploit tech

Credit to Author: Gregg Keizer| Date: Thu, 04 May 2017 12:58:00 -0700

Microsoft today asked enterprise customers to test a new anti-malware, anti-exploit technology in Windows 10’s baked-in browser.

Windows 10’s latest preview, tagged as build 16188 and released Thursday, includes Windows Defender Application Guard, a virtualization-based feature that isolates the contents of a tab in Edge, the OS’s default browser, from the rest of the system.

While Application Guard was announced in September, and went through limited testing in the months since, today marked its first appearance to all Insiders running Windows 10 Enterprise. Users must manually toggle on Application Guard from a setting dialog, then open a tab within Edge by selecting “New Application Guard Window” from the browser’s menu.

To read this article in full or to leave a comment, please click here

ComputerWorld Independent

May 4, 2017 admin

Cybercrime group abuses Windows app compatibility feature

Credit to Author: Lucian Constantin| Date: Thu, 04 May 2017 12:00:00 -0700

When Microsoft made it possible for enterprises to quickly resolve incompatibilities between their applications and new Windows versions, it didn’t intend to help malware authors as well. Yet, this feature is now abused by cybercriminals for stealthy and persistent malware infections.

The Windows Application Compatibility Infrastructure allows companies and application developers to create patches, known as shims. These consist of libraries that sit between applications and the OS and rewrite API calls and other attributes so that those programs can run well on newer versions of Windows.

Shims are temporary fixes that can make older programs work even if Microsoft changes how Windows does certain things under the hood. They can be deployed to computers through Group Policy and are loaded when the target applications start.

To read this article in full or to leave a comment, please click here

Security Wired

May 4, 2017 admin

US Sanctions Didn’t Stop Russia’s Election Hacking—Or Even Slow It Down

Credit to Author: Andy Greenberg| Date: Thu, 04 May 2017 16:07:32 +0000

The Fancy Bear group’s continued attacks on electoral campaigns shows how easily the Kremlin brushed off Obama’s sanctions. The post US Sanctions Didn’t Stop Russia’s Election Hacking—Or Even Slow It Down appeared first on WIRED.

ComputerWorld Independent

May 4, 2017 admin

The BlackBerry KeyOne: A surprising phone with a hardware keyboard

The BlackBerry KeyOne packs in productivity features and is worth a look if you're in the market for a new phone. It's the first time BlackBerry's iconic keyboard has been paired with Android.

MalwareBytes Security

May 4, 2017 admin

OWASP Top Ten – Boring security that pays off

Credit to Author: William Tsing| Date: Thu, 04 May 2017 16:00:28 +0000

OWASP recently published a draft list of the top 10 security vulnerabilities of 2017. While intended for developers seeking to code more secure applications, the top 10 list is based on actual survey data of threats seen in the wild and serves as a great starting point for organizations struggling with security priorities. Let’s take a look and see how long they’ve been around prior to publication.

Categories:

Tags: enterprise OWASP Threat Intel zero day

(Read more…)

The post OWASP Top Ten – Boring security that pays off appeared first on Malwarebytes Labs.

Microsoft Security

May 4, 2017 admin

Windows Defender ATP thwarts Operation WilySupply software supply chain cyberattack

Credit to Author: msft-mmpc| Date: Thu, 04 May 2017 16:29:18 +0000

Several weeks ago, the Windows Defender Advanced Threat Protection (Windows Defender ATP) research team noticed security alerts that demonstrated an intriguing attack pattern. These early alerts uncovered a well-planned, finely orchestrated cyberattack that targeted several high-profile technology and financial organizations. An unknown attacker was taking advantage of a silent yet effective attack vector: the compromised…

Fortinet Security

May 4, 2017 admin

Video Gallery: Fortinet Employees Spotlight SIEM and Secure Access at HIMSS17

Credit to Author: Susan Biddle| Date: Thu, 04 May 2017 08:49:44 -0700

This past February, thousands of healthcare IT professionals gathered in Orlando for the 2017 HIMSS conference to get an expansive view of the current healthcare landscape. Fortinet was also in attendance, presenting as well as walking the floors of the conference to connect with other vendors and discuss how their solutions can help clinicians and IT professionals keep their organization’s network secure. During our time at HIMSS, we spoke with customers, prospects, and of course, Fortinet employees. In this video gallery we will hear…