Sunday, July 20, 2025
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

Month: August 2017

FortinetSecurity
admin

Deep Analysis of New Poison Ivy Variant

Credit to Author: Xiaopeng Zhang| Date: Wed, 23 Aug 2017 13:05:00 +0000

Recently, the FortiGuard Labs research team observed that a new variant of Poison Ivy was being spread through a compromised PowerPoint file. We captured a PowerPoint file named Payment_Advice.ppsx, which is in OOXML format. Once the victim opens this file using the MS PowerPoint program, the malicious code contained in the file is executed. It downloads the Poison Ivy malware onto the victim’s computer and then launches it. In this blog, I’ll show the details of how this happens, what techniques are used by this malware, as well as…

Read More
FortinetSecurity
admin

We Have Seen the Enemy, and It Is Us

Credit to Author: Derek Manky| Date: Wed, 23 Aug 2017 12:55:00 +0000

Fortinet just released its Global Threat Landscape Report for Q2. Much of the data it provides is just what you’d expect. For example, FortiGuard Labs detected 184 billion total exploit attempts in Q2 from 6,300 unique and active exploits. Not only is this is an increase of 30% over Q1, with the growth of IoT and Shadownet resources we expect these numbers to continue to rise dramatically. In addition, 7 in 10 organizations experienced high or critical exploits during the quarter. By any measure, these are alarming numbers. 

Read More
ComputerWorldIndependent
admin

The paranoid Windows traveler’s data-protection checklist

Credit to Author: Richard Hoffman| Date: Wed, 23 Aug 2017 03:11:00 -0700

It used to be that the most intrusive experience business travelers faced at airport security was a possible pat-down, or a customs check of luggage. These days, border control agents are searching passengers’ phones, tablets and laptops for … well, anything they want to see. Your complying with the request grants them access to documents, emails, passwords, contacts and social media account information. So travelers carrying confidential or privileged corporate information (in addition to the merely personal) need to take steps ahead of time to ensure that private data stays private. 

The laws around data privacy at checkpoints are murky, and border control officers in the U.S. and elsewhere have been making full use of the allowable gray areas, asking travelers to turn over email logins and social media passwords, searching devices and making forensic copies of data. If this concerns you and your company, these tips could prove useful. While legal issues vary by country, most of these suggestions will provide a measure of data security in a variety of situations.

To read this article in full or to leave a comment, please click here

Read More
IndependentSecuriteam
admin

SSD Advisory – ScrumWorks Pro Remote Code Execution

Credit to Author: SSD / Maor Schwartz| Date: Tue, 22 Aug 2017 05:22:12 +0000

Vulnerability Summary The following advisory describes a remote code execution vulnerability found in ScrumWorks Pro version 6.7.0. “CollabNet ScrumWorks Pro is an Agile Project Management for Developers, Scrum Masters, and Business”. A trial version can be downloaded from the vendor: https://www.collab.net/products/scrumworks Credit A security researcher from, Siberas, has reported this vulnerability to Beyond Security’s SecuriTeam … Continue reading SSD Advisory – ScrumWorks Pro Remote Code Execution

Read More