Thursday, April 30, 2026
Latest:

Computer Security Articles

RSS Reader for Computer Security Articles

ComputerWorld

ComputerWorldIndependent
admin

With security awareness, money talks

Credit to Author: Evan Schuman| Date: Wed, 10 May 2017 04:00:00 -0700

According to a recent report, academics have been analyzing brainwaves of computer users to improve how they are alerted to cybersecurity dangers. I’m sorry, but getting users to pay stricter attention to security isn’t brain surgery: It’s all about money and job security. Come to think of it, job security itself is all about money, which makes money the only carrot and the only stick that IT needs.

That report, courtesy of Bloomberg BNA, said, “Many computer users automatically swat away repetitive dialogue box warnings of impending doom, especially when they are engaged in another activity. Now, engineers are using data analytics based on user tracking to discover what might help users pay attention to warnings. Software engineers are exploring promising techniques, such as changing background colors in warning notifications and switching formats to distinguish substantial security warnings from mundane messages. Tapping people’s brains helps the engineers design more effective user interfaces.”

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft fixes 55 flaws, 3 of them exploited by Russian cyberspies

Credit to Author: Lucian Constantin| Date: Tue, 09 May 2017 14:39:00 -0700

Microsoft released security patches Tuesday for 55 vulnerabilities across the company’s products, including for three flaws that are already exploited in targeted attacks by cyberespionage groups.

Fifteen of the vulnerabilities fixed in Microsoft’s patch bundle for May are rated as critical and they affect Windows, Microsoft Office, Microsoft Edge, Internet Explorer, and the malware protection engine used in most of the company’s anti-malware products.

System administrators should prioritize the Microsoft Office patches because they address two vulnerabilities that attackers have exploited in targeted attacks over the past two months. Both of these flaws, CVE-2017-0261 and CVE-2017-0262, stem from how Microsoft Office handles Encapsulated PostScript (EPS) image files and can lead to remote code execution on the underlying system.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Microsoft fixes remote hacking flaw in Windows Malware Protection Engine

Credit to Author: Lucian Constantin| Date: Tue, 09 May 2017 11:32:00 -0700

Microsoft released an update for the malware scanning engine bundled with most of its Windows security products in order to fix a highly critical vulnerability that could allow attackers to hack computers.

The vulnerability was discovered by Google Project Zero researchers Tavis Ormandy and Natalie Silvanovich on Saturday and was serious enough for Microsoft to create and release a patch by Monday. This was an unusually fast response for the company, which typically releases security updates on the second Tuesday of every month and rarely breaks out of that cycle.

Ormandy announced Saturday on Twitter that he and his colleague found a “crazy bad” vulnerability in Windows and described it as “the worst Windows remote code execution in recent memory.”

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Industrial robots are security weak link

Credit to Author: Sharon Gaudin| Date: Tue, 09 May 2017 03:00:00 -0700

Industrial robots used in factories and warehouses that are connected to the internet are not secure, leaving companies open to cyberattacks and costly damages.

That’s the word coming from a study conducted by global security software company Trend Micro and Polytechnic University of Milan, the largest technical university in Italy.

“The industrial robot – it’s not ready for the world it’s living in,” said Mark Nunnikhoven, vice president of cloud research at Trend Micro. “The reality is these things are being connected in more and more places. There are a lot of attacks that could happen in that environment.”

The study looked at Internet security vulnerabilities that could involve industrial robots used on manufacturing lines in areas such as the automobile and aerospace industries. The robots, which generally look like large mechanical arms, are used to move heavy objects, weld seams and fit pieces together. The machines also can be found moving and stacking crates in warehouses.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Local cost of a Big Mac decides ransom amount for Fatboy ransomware

Credit to Author: Darlene Storm| Date: Mon, 08 May 2017 09:33:00 -0700

Location, location, location … you’ve heard it many times before but not when it comes to a ransomware deciding a ransom amount. Fatboy, a ransomware-as-a-service, is believed to be the first ransomware that automatically adjusts the ransom amount based on a victim’s location.

Just when you think you’ve heard every conceivable ransomware demand – not just ransoms paid in bitcoins or other cryptocurrencies like Monero, or paid in iTunes or Amazon gift cards, ransomware which costs nothing for decryption as long as you infect two other people, or even ransomware that demands a high score on a shooter game before decrypting drives – now there’s a ransomware that charges victims based on the Big Mac Index.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Supply chain attack on HandBrake video converter app hits Mac users

Credit to Author: Lucian Constantin| Date: Mon, 08 May 2017 08:04:00 -0700

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

The HandBrake development team posted a security warning on the project’s website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.

The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Patch to fix Intel-based PCs with enterprise bug rolls out this week

Credit to Author: Michael Kan| Date: Mon, 08 May 2017 04:31:00 -0700

PC vendors this week will start rolling out patches that fix a severe vulnerability found in certain Intel-based business systems, including laptops, making them easier to hack.   

Intel on Friday released a new notice urging clients to take steps to secure their systems.

The chipmaker has also released a downloadable tool that can help IT administrators and users discover whether a machine they own has the vulnerability.

In addition, vendors including Fujitsu, HP and Lenovo have released lists showing which products are affected and when the patches will roll out. 

To read this article in full or to leave a comment, please click here

Read More
ComputerWorldIndependent
admin

Email, email, in the cloud

Credit to Author: Mathias Thurman| Date: Mon, 08 May 2017 03:45:00 -0700

As my company continues to move enterprise applications to the cloud, the latest development presents a security opportunity. We are giving up our on-premises Microsoft Exchange email in favor of the Microsoft Office 365 service. With the transition, we might be able to curtail the common employee practice of communicating and storing sensitive business-related data in email.

I am encouraging the IT organization to tighten security by implementing controls that were either not available in our on-premises deployment or never implemented. The first order of business is a cleanup of accounts and distribution lists. We have hundreds of email-enabled distribution lists, and too many of them are available to the world. We should be able to cut down the number of lists and set rules about who can use them.

To read this article in full or to leave a comment, please click here

Read More