Thursday, April 30, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

Microsoft posts PowerShell script that spawns pseudo security bulletins

Credit to Author: Gregg Keizer| Date: Fri, 12 May 2017 11:48:00 -0700

A Microsoft manager this week offered IT administrators a way to replicate — in a fashion — the security bulletins the company discarded last month.

“If you want a report summarizing today’s #MSRC security bulletins, here’s a script that uses the MSRC Portal API,” John Lambert, general manager of the Microsoft Threat Intelligence Center, said in a Tuesday message on Twitter.

Lambert’s tweet linked to code depository GitHub, where he posted a PowerShell script that polled data using a new API (application programming interface). Microsoft made the API available in November when it first announced that it planned to axe the security bulletins it had issued since at least 1998.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Ransomware attack spreads worldwide using alleged NSA exploit

Credit to Author: Michael Kan| Date: Fri, 12 May 2017 10:27:00 -0700

A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.

The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of its network.

Spain’s computer response team, CCN-CERT, has also warned of  a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

IDG Contributor Network: May Patch Tuesday delivers fixes critical Windows 10 exploits

Credit to Author: Greg Lambert| Date: Fri, 12 May 2017 10:29:00 -0700

For this May Microsoft Patch Tuesday, we see Microsoft attempt to resolve 56 reported vulnerabilities in Microsoft Office, Windows, both Browsers and the .NET development platform.

Three of the vulnerabilities have been reported publicly and several have been actively exploited. Adding to an already serious situation, Microsoft’s anti-malware tool was compromised, resulting in the inadvertent deployment of malware through the anti-malware engine.

Microsoft responded very quickly with an out-of-band update (Security Advisory 4022344). Though there was general relief and kudos to Microsoft for their rapid response to this embarrassing episode, this bug was described as the “worst in recent memory” and as “crazy bad” by two of the lead researchers from Google’s Project Zero.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

A ransomware attack is spreading worldwide, using alleged NSA exploit

Credit to Author: Michael Kan| Date: Fri, 12 May 2017 10:27:00 -0700

A ransomware attack appears to be spreading around the world, leveraging a hacking tool that may have come from the U.S. National Security Agency.

The ransomware, called Wanna Decryptor, struck hospitals at the U.K.’s National Health Service on Friday, taking down some of its network.

Spain’s computer response team, CCN-CERT, has also warned of  a “massive attack” from the ransomware strain, amid reports that local telecommunications firm Telefonica was hit.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Trump's cybersecurity order pushes U.S. government to the cloud

Credit to Author: Michael Kan| Date: Thu, 11 May 2017 14:28:00 -0700

President Donald Trump has finally signed a long-awaited executive order on cybersecurity, and he called for the U.S. government to move more into the cloud and modernize its IT infrastructure.

The order, signed on Thursday, is designed to “centralize risk” and move the government’s agencies toward shared IT services, White House homeland security adviser Tom Bossert said in a press briefing   

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Third party antivirus programs interfere with Windows Defender critical patch

Credit to Author: Michael Horowitz| Date: Wed, 10 May 2017 15:37:00 -0700

Like others running Windows, I have been dutifully updating Window Defender the last few days with a fix for a critical bug. The update procedure is simple. Open the Control Panel, click on Windows Defender, and then check for updates.

The only thing out of the ordinary, on Windows 7, is that the update check is hidden behind a downward pointing triangle just to the right of a white question mark (this is not true in Windows 8 or 10). The “about” panel is also here. If the Engine Version is less than 1.1.13704.0 then it needs to be updated immediately.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Schools in Alabama warn parents about Blue Whale ‘suicide game’ app

Credit to Author: Darlene Storm| Date: Wed, 10 May 2017 10:44:00 -0700

A “suicide game” presented in an app sounds like an urban legend or something from a horror flick, but unfortunately the “Blue Whale Challenge” is real. In fact, police and school districts have issued warnings about the app and even Instagram serves up a warning after searching for the #bluewhalechallenge.

blue whale challenge instagram message IDG

Vulnerable young people are the targets for Blue Whale. Once the app is downloaded onto a phone, it reportedly hacks the phone and harvests the user’s information. In the Blue Whale Challenge, a group administrator – also referenced as a mentor or master – gives a young person a task to complete each day for 50 days. If a person balks at the daily task, then the personal information which was stolen is used as a form of blackmail as in do this or else your private information will be released or your family threatened. The task on the last day is to commit suicide. This is supposedly winning the game.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft finally bans SHA-1 certs in IE and Edge

Credit to Author: Lucian Constantin| Date: Wed, 10 May 2017 09:08:00 -0700

The Tuesday updates for Internet Explorer and Microsoft Edge force those browsers to flag SSL/TLS certificates signed with the aging SHA-1 hashing function as insecure. The move follows similar actions by Google Chrome and Mozilla Firefox earlier this year.

Browser vendors and certificate authorities have been engaged in a coordinated effort to phase out the use of SHA-1 certificates on the web for the past few years, because the hashing function no longer provides sufficient security against spoofing.

SHA-1 (Secure Hash Algorithm 1) dates back to 1995 and has been known to be vulnerable to theoretical attacks since 2005. The U.S. National Institute of Standards and Technology has banned the use of SHA-1 by U.S. federal agencies since 2010, and digital certificate authorities have not been allowed to issue SHA-1-signed certificates since Jan. 1, 2016, although some exemptions have been made — for example, for outdated payment terminals.

To read this article in full or to leave a comment, please click here

Read More